[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] (4.5-rc1) Problems using xl migrate

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Mon, 24 Nov 2014 14:28:08 -0500
Cc: xen-devel@xxxxxxxxxxxxx, Wei Liu <wei.liu2@xxxxxxxxxx>, M A Young <m.a.young@xxxxxxxxxxxx>
Delivery-date: Mon, 24 Nov 2014 19:32:45 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 11/24/2014 09:55 AM, Ian Campbell wrote:

On Mon, 2014-11-24 at 14:43 +0000, Andrew Cooper wrote:

On 24/11/14 14:32, M A Young wrote:

On Mon, 24 Nov 2014, Andrew Cooper wrote:

Is XSM in use?  I can't think of any other reason why that hypercall
would fail with EPERM.


XSM is built in (I wanted to allow the option of people using it) but
I didn't think it was active.


I don't believe there is any concept of "available but not active",


I think there is, the "dummy" policy which is loaded when there is no
explicit policy given should behave as if xsm were disabled. AIUI all
the XSM_* and xsm_default_action stuff is supposed to semi automatically
ensure this is the case at compile time. CC-ing Daniel to confirm/deny.


Yes.  The case where XSM is enabled at compile time but using the dummy
module is supposed to produce identical behavior to disabling XSM at
compile time.

The hypervisor parameter flask_enabled controls this run-time switching.

which probably means that the default policy is missing an entry for
this hypercall.


That said domctl is XSM_OTHER, which basically means "special one off
handling" I think. But it basically turns into XSM_DM_PRIV for a small
handful of subops and XSM_PRIV for the rest. Since this is a migration
the relevant domain is certainly PRIV I think.

Ian.

Can you check the hypervisor console around this failure and see whether
a flask error concerning domctl 72 is reported?

~Andrew


If you get any mention of AVC messages, then FLASK is active and the dummy
policy is not being used.  The FLASK security server can be active without
loading a policy: this is intended to allow dom0 to load the XSM policy in
cases where it is not possible to have the bootloader do it (which is the
preferred method).

If FLASK is active, then any domctl not in the list of handled domctls (see
the large switch statement in xsm/flask/hooks.c) will return -EPERM and
will print an error to the hypervisor console, as Andrew pointed out.

--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] Problems using xl migrate
  - From: M A Young
- Re: [Xen-devel] Problems using xl migrate
  - From: Wei Liu
- Re: [Xen-devel] Problems using xl migrate
  - From: Andrew Cooper
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: M A Young
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: Andrew Cooper
- Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
  - From: Ian Campbell

Prev by Date: Re: [Xen-devel] virtio leaks cpu mappings, was: qemu crash with virtio on Xen domUs (backtrace included)
Next by Date: [Xen-devel] [PATCH for-xen-4.5] x86/pvh/vpmu: Disable VPMU for PVH guests
Previous by thread: Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
Next by thread: Re: [Xen-devel] (4.5-rc1) Problems using xl migrate
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.