Xen project Mailing List

Re: [Xen-devel] vTPM Manager VM launch failure: operation not permitted

To: Wei Liu <wei.liu2@xxxxxxxxxx>, Ronny Ko <hrko@xxxxxxxxxxxxx>

Date: Wed, 13 Sep 2017 20:27:50 +0800

Cc: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx

Delivery-date: Wed, 13 Sep 2017 12:29:58 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

on 2017/9/13 18:42, Wei Liu wrote:

Cc VTPM maintainers

On Sun, Sep 10, 2017 at 03:07:04PM -0400, Ronny Ko wrote:

Hi,

I'm a PhD student from Harvard University having a trouble in running
vTPM manager.

I cannot successfully launch vTPM manager in Xen, because when I
command "sudo xl create vtpm-manager.cfg" to launch a virtual TPM VM,
I get the following error:

libxl: error: libxl_create.c:1295:domcreate_launch_dm: Domain
10:failed give domain access to iomeim range fed44-fed44: Operation
not permitted

In Xen, virtual TPM is a standalone VM that communicates with DOMu.
"vtpm-manager.cfg" is Xen's configuration file for virtual TPM manager
VM, whose contents are as follows:

============ vtpm-manager.cfg ================
kernel="/usr/local/lib/xen/boot/vtpmmgr-stubdom.gz"   # vTPM manager code image
memory=16   # 16M RAM size
disk=["file:/home/skyer/Desktop/xen/vtpmmgr-stubdom.img,hda,w"]   # disk storage
name="vtpmmgr"   # Just a nick name
iomem=["fed44,1"]   # This means, map physical memory from
0xfed44000-0xfed44fff for I/O, which is to be used by virtual TPM
manager to communicate with the physical TPM device.
===========================================

Ronny, is your physical TPM device v1.2 or v2.0?

for tpm1.2.. , commands that are sent to the TPM through the register

set at address FED4.0000 are implicitly associated with locality 0.

try 'iomem=["fed40,1"]' and make sure Dom0 's TPM driver is _not_ loaded... Quan

My kernel is compiled with CONFIG_IO_STRICT_DEVMEM flag disabled, so
iomem shouldn't be blocked by the kernel. I tried to map not only
0xfed44000, but also any other random addresses for testing, but all
of them give the same error message as above.

I'm launching the vTPM manager VM not from inside a DOMu Linux VM, but
from inside the Linux kernel directly loaded by Xen-4.9.0 (which I
suppose to be DOM0 Linux VM), and I believe this is the correct way to
launch vTPM manager.

In particular, I get the iomem() "operation not allowed" error at the
source code line;
ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall);

In ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall),
- "fd" is the special privileged Command device
- "IOCTL_PRIVCMD_HYPERCALL" denotes that this is a privileged hypercall command
- "hypercall" is an object containing the information of: {
hypercall_command_index, target_DOM_id, iomem_start_page,
iomem_page_count, allow_or_deny_access}.

When I launch the vTPM manager, target_DOM_id = the ID of vTPM
manager, iomem_start_page = 0xfed40, iomem_page_count = 5, and
allow_or_deny_access = 1, and this ioctl() gives an
"operation-not-allowed" error. But if I hard-code DOM_id = 0 just for
a test, this error goes away, but then I get a 0xfed0 memory mapping
failure error later on.

To summarize, I cannot find the reason why the vTPM manager VM crashes
with "Operation not permitted". If anyone has a clue, please give me
some help. Thanks very much.

Ronny

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.