Xen project Mailing List

Re: [Xen-users] Problem launching VM

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>

From: Jonathan Gowar <jon@xxxxxxxxxxxxxxxx>

Date: Wed, 24 Apr 2013 12:06:16 +0100

Cc: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>

Delivery-date: Wed, 24 Apr 2013 11:07:15 +0000

List-id: Xen user discussion <xen-users.lists.xen.org>

On Wed, 2013-04-24 at 11:13 +0100, Ian Campbell wrote: > On Wed, 2013-04-24 at 11:04 +0100, Jonathan Gowar wrote: > > On Wed, 2013-04-24 at 10:22 +0100, Jonathan Gowar wrote: > > > Hi, > > > > > > I have a Debian Wheezy Linux server running Xen 4.1. I have used Xen > > > for a couple of years now, but not on these versions, and I am having a > > > problem launching a VM. Here is a pastie entry of xend.log > > > http://pastie.org/pastes/7707677/text > > > > > > Many thanks, > > > > > > Jon > > > > > > > > > > > > > > > > > > _______________________________________________ > > > Xen-users mailing list > > > Xen-users@xxxxxxxxxxxxx > > > http://lists.xen.org/xen-users > > > > Additionally, this is in xm dmesg > > > > (XEN) Xen does not allow DomU creation on this CPU for security reasons. > > This sounds like it is related to XSA-9: > http://wiki.xen.org/wiki/Security_Announcements#XSA-9_PV_guest_host_Denial_of_Service_.28AMD_erratum_.23121.29 > > If you are confident that the attack scenarios do not apply to you then > you can add "allow_unsafe" to your hypervisor command line. > > Ian. > Vadim, thank you for your quick response. Firstly, here: # xl getenforce ERROR: A different toolstack (xm) have been selected! Is xl 'better' than xm? Secondly, please let me know the preferred thread, and I'll post there :) Ian, thank you too. That certain seems to be the problem, but I can't work the solution. I added allow_unsafe to default/grub and updated: # cat /proc/cmdline placeholder root=UUID=3ecb462b-f87c-49a6-9a56-1af61990c40a ro allow_unsafe Still the same error though. Here are some parts from xm dmesg: (XEN) *** Xen will not allow creation of DomU-s on this CPU for security reasons. *** (XEN) *** Pass "allow_unsafe" if you\047re trusting all your (PV) guest kernels. *** (XEN) AMD-Vi: IOMMU not found! (XEN) I/O virtualisation disabled ... (XEN) Xen does not allow DomU creation on this CPU for security reasons. Am I implementing the allow_unsafe parameter correctly? Here is cpuinfo (for one core): # cat /proc/cpuinfo processor : 0 vendor_id : AuthenticAMD cpu family : 15 model : 37 model name : AMD Opteron(tm) Processor 246 stepping : 1 cpu MHz : 1992.143 cache size : 1024 KB fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu de tsc msr pae cx8 apic cmov pat clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt lm 3dnowext 3dnow rep_good nopl extd_apicid pni hypervisor lahf_lm bogomips : 3984.28 TLB size : 1024 4K pages clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: ts fid vid ttp _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.