[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] help please - running a guest from an iSCSI disk ? getting more diagnostics than "cannot make domain: -3" ? how to make domain0 "privileged" ?

I'm beginning to conclude that Xen is not of sufficient code quality
to be useful.

Firstly,  my 'xl create' command returns a 0 exit status, meaning
success, but yet no domain
is created or can be attached to or listed with 'xl list' :

# xl create my_domain.cfg
Parsing config from my_domain.cfg
Daemon running with PID 1436
# echo $?
0
# xl list
Name                                        ID   Mem VCPUs      State   Time(s)
Domain-0                                     0  1024     2     r-----      35.5

This appears to be due to this error message in 'xl dmesg' output :

(XEN) Dom5 may compromise security on this CPU.
(XEN) traps.c:2584:d5 Domain attempted WRMSR 00000000c0010004 from
0x0000000000000000 to 0x000000000000abcd.

>From reading the source, the traps.c message appears to indicate an
error condition, but you would not know this from the log message.

Anyone know how to avoid this unhandled WRMSR ?

Code that silently ignores and does not report error conditions does
not get my vote of confidence.

Can anyone convince me that Xen is of sufficient quality to be used ?

Regards,
Jason



On Thu, Feb 21, 2013 at 6:53 PM, Jason Vas Dias
<jason.vas.dias@xxxxxxxxx> wrote:
> Aha! Finally I discovered 'xl dmesg' and saw
>      'Xen does not allow DomU creation on this CPU for security reasons.'
>
>    o why not give an option to make Xen write to the standard kernel
> log, so I could have found this message with 'dmesg' ?
>       It is far from obvious from the documentation that this the only
> way of seeing Xen log messages .
>
> It appears the dom0 CPU has AMD Errata 121 - see:
>    http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html
>
> But since both my dom0 kernel (3.7.9-1-ARCH) and my domU kernel
> (2.6.39-300.26.1.el6uek) apparently have the fix for this
> errata ,  I added 'allow_unsafe' to the Xen dom0 boot command line,
> and I'm now able to progress beyond the EPERM issue .
> It would have been nice if Xen or xl could have emitted some log
> message other than 'cannot make domain: -3', particularly
> when it was Xen itself that was refusing to allow the domain creation
> to proceed .
> It would also have been nice if Xen could have recognized that it was
> running kernels with the fix for this issue, and NOT silently
> disabled domain creation.
>
> Regards,
> Jason
>
> On Thu, Feb 21, 2013 at 5:29 PM, Jason Vas Dias
> <jason.vas.dias@xxxxxxxxx> wrote:
>> Good day -
>>
>> This is my first post to this list , and I'm new to Xen - any help on
>> this issue would be much appreciated .
>>
>> I downloaded, built and installed xen-4.2.1 (hypervisor and tools) on
>> an x86_64 ArchLinux box
>> updated to latest software as of today.
>>
>> I am trying to bring up a Linux guest from a remote iSCSI disk.
>>
>> The iSCSI-initiator (open-iscsi)  logs in to the remote target OK and
>> makes it available as /dev/sde ,
>> on which is a bootable linux distribution . containing /boot/vmlinuz* etc.
>> I can mount this iSCSI disk rw OK on the domain_0 host - so presumably
>> I should be able to
>> boot up a guest domain from it ?
>>
>> I modified the domain_0 host's boot arguments to boot Xen OK :
>>
>>         multiboot /boot/xen.gz dom0_mem=1024M loglvl=all guest_loglvl=all
>>         module  /boot/vmlinuz-linux root=/dev/sda2 ro  debug
>>         module  /boot/initramfs-linux.img
>>
>> and made an /etc/xen/${domain}.cfg file:
>> #
>> # xl.cfg(1) file for booting the iSCSI share:
>> #
>> name="$domain"
>> #vcpus=1
>> #uuid="ceb083a2-feaa-45b0-afe2-3bd44eb4d8c3"
>> memory=1024
>> on_poweroff="destroy"
>> on_reboot="destroy"
>> disk=["/dev/sde,raw,hda,rw"]
>> vif=["mac=00:09:3d:13:0d:57,model=tg3,bridge=xenbr0"]
>> kernel="/boot/vmlinuz-2.6.39-300.26.1.el6uek.x86_64"
>> ramdisk="/boot/initramfs-2.6.39-300.26.1.el6uek.x86_64.img"
>>
>> Is the disk line OK ?  Anything else wrong with this file ?
>>
>> But attempting to create the domain , as root, fails:
>> # xl -vvv create -c /etc/xen/${domain}.cfg
>> Parsing config from ${domain}.cfg
>> libxl: debug: libxl_create.c:1174:do_domain_create: ao 0x119c890:
>> create: how=(nil) callback=(nil) poller=0x119c920
>> libxl: error: libxl_create.c:420:libxl__domain_make: domain creation fail
>> libxl: error: libxl_create.c:646:initiate_domain_create: cannot make domain: 
>> -3
>> libxl: error: libxl.c:1394:libxl__destroy_domid: non-existant domain -1
>> libxl: error: libxl.c:1358:domain_destroy_callback: unable to destroy
>> guest with domid 4294967295
>> libxl: error: libxl_create.c:1153:domcreate_destruction_cb: unable to
>> destroy domain 4294967295 following failed creation
>> libxl: debug: libxl_event.c:1499:libxl__ao_complete: ao 0x119c890:
>> complete, rc=-3
>> libxl: debug: libxl_create.c:1187:do_domain_create: ao 0x119c890:
>> inprogress: poller=0x119c920, flags=ic
>> libxl: debug: libxl_event.c:1471:libxl__ao__destroy: ao 0x119c890: destroy
>> xc: debug: hypercall buffer: total allocations:5 total releases:5
>> xc: debug: hypercall buffer: current allocations:0 maximum allocations:2
>> xc: debug: hypercall buffer: cache current size:2
>> xc: debug: hypercall buffer: cache hits:3 misses:2 toobig:0
>>
>> Even though I've enabled all possible log messages in Xen with '
>> loglvl=all guest_loglvl=all' (or have I?)
>> I don't see any log messages about this failed attempt to create a
>> domain at all , in dmesg output or
>> in the system log.
>>
>> Tracing this command in gdb shows the hypervisor command is returning
>> -1, with errno set to 1 (EPERM) :
>>
>> libxl: debug: libxl_create.c:1174:do_domain_create: ao 0x622890:
>> create: how=(nil) callback=(nil) poller=0x622920
>>
>> Breakpoint 2, xc_domain_create (xch=0x622240, ssidref=0,
>> handle=handle@entry=0x7fffffffe1b0
>> "\316\260\203\242\376\252E\260\257\342;\324N\264\330\303\031",
>>     flags=flags@entry=0, pdomid=pdomid@entry=0x7fffffffe28c) at 
>> xc_domain.c:33
>> 33      {
>> (gdb) n
>> 37          domctl.cmd = XEN_DOMCTL_createdomain;
>> (gdb)
>> 38          domctl.domain = (domid_t)*pdomid;
>> (gdb)
>> 39          domctl.u.createdomain.ssidref = ssidref;
>> (gdb)
>> 40          domctl.u.createdomain.flags   = flags;
>> (gdb)
>> 41          memcpy(domctl.u.createdomain.handle, handle,
>> sizeof(xen_domain_handle_t));
>> (gdb)
>> 42          if ( (err = do_domctl(xch, &domctl)) != 0 )
>> (gdb) s
>> do_domctl (domctl=0x7fffffffe0a0, xch=0x622240) at xc_private.h:239
>> 239         DECLARE_HYPERCALL_BOUNCE(domctl, sizeof(*domctl),
>> XC_HYPERCALL_BUFFER_BOUNCE_BOTH);
>> (gdb) n
>> 241         domctl->interface_version = XEN_DOMCTL_INTERFACE_VERSION;
>> (gdb)
>> 243         if ( xc_hypercall_bounce_pre(xch, domctl) )
>> (gdb)
>> 249         hypercall.op     = __HYPERVISOR_domctl;
>> (gdb)
>> 250         hypercall.arg[0] = HYPERCALL_BUFFER_AS_ARG(domctl);
>> (gdb)
>> 252         if ( (ret = do_xen_hypercall(xch, &hypercall)) < 0 )
>> (gdb) s
>> do_xen_hypercall (xch=xch@entry=0x622240,
>> hypercall=hypercall@entry=0x7fffffffe070) at xc_private.c:246
>> 246         return xch->ops->u.privcmd.hypercall(xch, xch->ops_handle,
>> hypercall);
>> (gdb) s
>> linux_privcmd_hypercall (xch=<optimized out>, h=9,
>> hypercall=0x7fffffffe070) at xc_linux_osdep.c:116
>> 116         return ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall);
>> (gdb) fin
>> Run till exit from #0  linux_privcmd_hypercall (xch=<optimized out>,
>> h=9, hypercall=0x7fffffffe070) at xc_linux_osdep.c:116
>> do_xen_hypercall (xch=xch@entry=0x622240,
>> hypercall=hypercall@entry=0x7fffffffe070) at xc_private.c:247
>> 247     }
>> Value returned is $3 = -1
>> (gdb) fin
>> Run till exit from #0  do_xen_hypercall (xch=xch@entry=0x622240,
>> hypercall=hypercall@entry=0x7fffffffe070) at xc_private.c:247
>> 0x00007ffff775b340 in do_domctl (domctl=0x7fffffffe0a0, xch=0x622240)
>> at xc_private.h:252
>> 252         if ( (ret = do_xen_hypercall(xch, &hypercall)) < 0 )
>> Value returned is $4 = -1
>> (gdb) p errno
>> $5 = 1
>>
>> Any ideas how to get this working,  or on where I could get better
>> diagnostics ?
>>
>> I'm guessing this is caused by this code in  arch/x86/platform_hypercall.c :
>>
>> ret_t do_platform_op(XEN_GUEST_HANDLE(xen_platform_op_t) u_xenpf_op)
>> {
>>     ret_t ret = 0;
>>     struct xen_platform_op curop, *op = &curop;
>>
>>     if ( !IS_PRIV(current->domain) )
>>         return -EPERM;
>>
>> So how do I make the IS_PRIV macro return non-zero for my domain_0 ,
>> ie. set d->is_privileged /
>> make my domain0 into a "privileged" domain ? What is meant by
>> "privileged" in this context ?
>>
>> There seems to be no documentation on this issue in any manual page
>> installed by xen's 'make install' ,
>> or anywhere else I could find.
>>
>> Thanks in advance for any replies,
>> Regards, Jason

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.