[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] vTPM Manager VM launch failure: operation not permitted

Cc VTPM maintainers

On Sun, Sep 10, 2017 at 03:07:04PM -0400, Ronny Ko wrote:
> Hi,
> I'm a PhD student from Harvard University having a trouble in running
> vTPM manager.
> I cannot successfully launch vTPM manager in Xen, because when I
> command "sudo xl create vtpm-manager.cfg" to launch a virtual TPM VM,
> I get the following error:
> libxl: error: libxl_create.c:1295:domcreate_launch_dm: Domain
> 10:failed give domain access to iomeim range fed44-fed44: Operation
> not permitted
> In Xen, virtual TPM is a standalone VM that communicates with DOMu.
> "vtpm-manager.cfg" is Xen's configuration file for virtual TPM manager
> VM, whose contents are as follows:
> ============ vtpm-manager.cfg ================
> kernel="/usr/local/lib/xen/boot/vtpmmgr-stubdom.gz"   # vTPM manager code 
> image
> memory=16   # 16M RAM size
> disk=["file:/home/skyer/Desktop/xen/vtpmmgr-stubdom.img,hda,w"]   # disk 
> storage
> name="vtpmmgr"   # Just a nick name
> iomem=["fed44,1"]   # This means, map physical memory from
> 0xfed44000-0xfed44fff for I/O, which is to be used by virtual TPM
> manager to communicate with the physical TPM device.
> ===========================================
> My kernel is compiled with CONFIG_IO_STRICT_DEVMEM flag disabled, so
> iomem shouldn't be blocked by the kernel. I tried to map not only
> 0xfed44000, but also any other random addresses for testing, but all
> of them give the same error message as above.
> I'm launching the vTPM manager VM not from inside a DOMu Linux VM, but
> from inside the Linux kernel directly loaded by Xen-4.9.0 (which I
> suppose to be DOM0 Linux VM), and I believe this is the correct way to
> launch vTPM manager.
> In particular, I get the iomem() "operation not allowed" error at the
> source code line;
> ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall);
> In ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall),
> - "fd" is the special privileged Command device
> - "IOCTL_PRIVCMD_HYPERCALL" denotes that this is a privileged hypercall 
> command
> - "hypercall" is an object containing the information of: {
> hypercall_command_index, target_DOM_id, iomem_start_page,
> iomem_page_count, allow_or_deny_access}.
> When I launch the vTPM manager, target_DOM_id = the ID of vTPM
> manager, iomem_start_page = 0xfed40, iomem_page_count = 5, and
> allow_or_deny_access = 1, and this ioctl() gives an
> "operation-not-allowed" error. But if I hard-code DOM_id = 0 just for
> a test, this error goes away, but then I get a 0xfed0 memory mapping
> failure error later on.
> To summarize, I cannot find the reason why the vTPM manager VM crashes
> with "Operation not permitted". If anyone has a clue, please give me
> some help. Thanks very much.
> Ronny
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> https://lists.xen.org/xen-devel

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.