[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] vTPM Manager VM launch failure: operation not permitted


  • To: xen-devel@xxxxxxxxxxxxx
  • From: Ronny Ko <hrko@xxxxxxxxxxxxx>
  • Date: Sun, 10 Sep 2017 15:07:04 -0400
  • Delivery-date: Sun, 10 Sep 2017 19:07:30 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi,

I'm a PhD student from Harvard University having a trouble in running
vTPM manager.

I cannot successfully launch vTPM manager in Xen, because when I
command "sudo xl create vtpm-manager.cfg" to launch a virtual TPM VM,
I get the following error:

libxl: error: libxl_create.c:1295:domcreate_launch_dm: Domain
10:failed give domain access to iomeim range fed44-fed44: Operation
not permitted

In Xen, virtual TPM is a standalone VM that communicates with DOMu.
"vtpm-manager.cfg" is Xen's configuration file for virtual TPM manager
VM, whose contents are as follows:

============ vtpm-manager.cfg ================
kernel="/usr/local/lib/xen/boot/vtpmmgr-stubdom.gz"   # vTPM manager code image
memory=16   # 16M RAM size
disk=["file:/home/skyer/Desktop/xen/vtpmmgr-stubdom.img,hda,w"]   # disk storage
name="vtpmmgr"   # Just a nick name
iomem=["fed44,1"]   # This means, map physical memory from
0xfed44000-0xfed44fff for I/O, which is to be used by virtual TPM
manager to communicate with the physical TPM device.
===========================================

My kernel is compiled with CONFIG_IO_STRICT_DEVMEM flag disabled, so
iomem shouldn't be blocked by the kernel. I tried to map not only
0xfed44000, but also any other random addresses for testing, but all
of them give the same error message as above.

I'm launching the vTPM manager VM not from inside a DOMu Linux VM, but
from inside the Linux kernel directly loaded by Xen-4.9.0 (which I
suppose to be DOM0 Linux VM), and I believe this is the correct way to
launch vTPM manager.

In particular, I get the iomem() "operation not allowed" error at the
source code line;
ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall);

In ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall),
- "fd" is the special privileged Command device
- "IOCTL_PRIVCMD_HYPERCALL" denotes that this is a privileged hypercall command
- "hypercall" is an object containing the information of: {
hypercall_command_index, target_DOM_id, iomem_start_page,
iomem_page_count, allow_or_deny_access}.

When I launch the vTPM manager, target_DOM_id = the ID of vTPM
manager, iomem_start_page = 0xfed40, iomem_page_count = 5, and
allow_or_deny_access = 1, and this ioctl() gives an
"operation-not-allowed" error. But if I hard-code DOM_id = 0 just for
a test, this error goes away, but then I get a 0xfed0 memory mapping
failure error later on.

To summarize, I cannot find the reason why the vTPM manager VM crashes
with "Operation not permitted". If anyone has a clue, please give me
some help. Thanks very much.

Ronny

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.