[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] how to build vTPM with xen 4.3?

hi,

        I am  an engineer of Intel , on cloud and virtalization. thanks for you great updates of vTPM.Could you share your experience on how to build vTPM

with xen 4.3?  I failed to boot up  2.6.18.8 kernel which is from 

             # make linux-2.6-xen-build

             # make linux-2.6-xen-install

         

        I want to integerate  vTPM to OpenAttestation.OpenAttestation project is to provide SDK, Software Development Kit, to add cloud management tools with

capability of establishing hosts integrity information by remotely retrieving and verifying Hosts' integrity with TPM quote.

you can download OpenAttestation from github:https://github.com/OpenAttestation/OpenAttestation


Thanks 

Quan

 

 

[Xen-devel] [PATCH v5 00/12] vTPM updates for 4.3

This series contains a bit of reworking from v4: command cancellation is
now supported in the protocol, although not yet exposed through the API.
Since the TPM emulator used by Xen doesn't support cancellation anyway,
this is not currently an important requirement.

The xenbus name for the interface has been changed back to "vtpm" -
renaming it to vtpm2 requires changing libxl to only support the new
device name with mismatches between the use of vtpm in the API it
exposes and vtpm2 in the values used internally. Using feature nodes to
denote the protocol change allows also libxl to wire up both the old
interface and the new interface.

Automatic vTPM shutdown is removed by patch #9; however, since patch #8
makes it safe to destroy the vTPM at any point, the cleanup of a vTPM
upon guest shutdown can be relocated to the layer that starts the vTPM.
This is necessary even without these patches because vTPMs have never
automatically shut down if a guest encoutners an error in early boot or
simply does not load (or have) the frontend driver.

Locality-5 PCRs have been dropped since v4: this patch is not really
suited for upstreaming until there is a domain using the extra PCRs.

Mini-os driver patches:
    [PATCH 01/12] mini-os/tpm{back,front}: Change shared page ABI
    [PATCH 02/12] mini-os/tpm{back,front}: Allow device repoens
    [PATCH 03/12] mini-os/tpmback: set up callbacks before enumeration
    [PATCH 04/12] mini-os/tpmback: Replace UUID field with opaque pointer
    [PATCH 05/12] mini-os/tpmback: add tpmback_get_peercontext

Linux driver patch:
    [PATCH] drivers/tpm-xen: Change vTPM shared page ABI

vTPM stub-domain updates:
    [PATCH 06/12] stubdom/vtpm: correct the buffer size returned by
    [PATCH 07/12] stubdom/vtpm: Support locality field
    [PATCH 08/12] stubdom/vtpm: make state save operation atomic
    [PATCH 09/12] stubdom/vtpm: support multiple backends
    [PATCH 10/12] stubdom/vtpm: constrain locality by XSM label

Other stub domain updates:
    [PATCH 11/12] stubdom/grub: send kernel measurements to vTPM
    [PATCH 12/12] stubdom/Makefile: Fix gmp extract rule

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel



------------------------------------------------------------------
Sender:xen-users-request@xxxxxxxxxxxxx
Time:2013-5-21 19:54
To:xen-users@xxxxxxxxxxxxx;
Subject:Xen-users Digest, Vol 99, Issue 46
Send Xen-users mailing list submissions to
xen-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-users
or, via email, send a message with subject or body 'help' to
xen-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
xen-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Xen-users digest..."


Today's Topics:

1. Re: Security in Virtual Machine (Alexandre Kouznetsov)
2. Re: Security in Virtual Machine (Peter Viskup)
3. win 2012 can't find drivers (James Harper)
4. Re: win 2012 can't find drivers (James Harper)
5. Re: Suspicious URL:Re: Xen related networking issue
(James Harper)
6. Problem with PCI Pass-through address space collision
(Jon Skilling)
7. Xen stops booting at "SATA Link down (SStatus 0 SControl
300)" (John Sherwood)
8. Stable and Secure Distribution Supporting Xen (Richard Johnson)
9. Re: Problem with PCI Pass-through address space collision
(Gordan Bobic)
10. Re: gplpv: re-enabling the nic adapter removes it (Micky)
11. Re: CAP and performance problem (Massimo Canonico)
12. Re: gplpv: re-enabling the nic adapter removes it (James Harper)
13. Re: [Votes] Xen Project Governance v2 , Mailing List
Conventions v1, 2014 Event Locations (open to all) (Lars Kurth)
14. Re: [alpine-devel] Stable and Secure Distribution Supporting
Xen (Richard Johnson)
15. Re: gplpv: re-enabling the nic adapter removes it (Micky)
16. help (Jaya Dhanesh)
17. Re: XCP don't see Network Interfaces on sunfire x2270
(Alexey Makarov)
18. Re: [alpine-devel] Stable and Secure Distribution Supporting
Xen (Natanael Copa)


----------------------------------------------------------------------

Message: 1
Date: Mon, 20 May 2013 17:23:20 -0500
From: Alexandre Kouznetsov <alk@xxxxxxxxxx>
To: xen-users@xxxxxxxxxxxxx
Subject: Re: [Xen-users] Security in Virtual Machine
Message-ID: <519AA258.2000401@xxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Hello.

El 20/05/13 16:51, Alberto escribi?:
> I have a HOST (*/Server Fisico/*) connected to internet. It have 2
> network cards, the first one (*/eth0/*) connected to the router, another
> (/*eth1*/) is connected to LAN.
> /*eth1*/ is bridged to virtual machines network, and one of them
> (*/virtual1/*) have an HTTP Server. Everything is running correctly.
I will assume that your HOST server is running running Xen Dom0.
Probably, it is also acting as a router between 192.168.1.X and
192.168.2.X, that makes DNAT and firewall to run within the same Dom0.


> I have IPTABLES Firewall running on the HOST with DNAT forwarding HTTP
> traffic to /*Virtual1*/. I have IPTABLES Rules in HOST, for block some
> IPs that give me problems, but these rules not protect to /*Virtual1*/.
> All HTTP traffic is forwarded to /*Virtual1*/, even the source IP is
> blocked for IPTABLES rules.
Vrtual1 is probably a DomU running on the same HOST.

What happens here, is that there might be a iptables rule, matching the
unwelcome incoming connection, that is evaluated before the rules that
intend to block that connection. Once it is matched, the decision ACCEPT
is made and no other rule is evaluated. To make sure, a careful
inspection of "iptables -L -v" is needed.

Please note that Xen Dom0's firewall need to be quite permissive in
order to make network communication to work. A fine configuration is
possible, but fairly tricky to set up, and even more tricky to maintain.

> I had an attack, and I couldn't block the HTTP traffic about
> /*Virtual1*/, the IPTABLES rules not affect it.
>
> What can I do for give security to Virtual machines?
The first recommendation is to give security to your Dom0 machine, do
not expose it directly to your DMZ network. Your advantage here is that
you have 2 network cards, so you can make a good separation. Second,
avoid using the dom0 as router/firewall, Xen's own iptables rules make
things very confusing, it's easer to leave Xen's to Xen and do the
firewalling on a dedicated VM, even within the same physical box.

I would suggest to reconsider the network topology.
1. Let's say your "Servidor Fisico" had a bridge xenbr0 containing eth0,
and xenbr1 containing eth1. Make it not to have any IP on xenbr0
(exposed), only on xenbr1 (internal).
2. Set up a virtual machine to act as router, make it have one interface
within xenbr0 and another in xenbr1.
3. Make this virtual machine to route and NAT traffic between Internet
and internal network, the same machine may act as DHCP server and DNS
for your internal network. Your Virtual1 would be treated just as
another host in your internal network.

This is a fairly simple but yet flexible setup, it will allow you keep
things clear and separated one from another.

Greeting.


--
Alexandre Kouznetsov




------------------------------

Message: 2
Date: Tue, 21 May 2013 00:25:55 +0200
From: Peter Viskup <skupko.sk@xxxxxxxxx>
To: Alberto <alberto@xxxxxxxxxxx>
Cc: xen-users@xxxxxxxxxxxxx
Subject: Re: [Xen-users] Security in Virtual Machine
Message-ID: <519AA2F3.6070604@xxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"

On 05/20/2013 11:51 PM, Alberto wrote:
> What can I do for give security to Virtual machines?
>
> Thanks a lot
> Alberto
Hi Alberto,
once doing the SNAT/DNAT you can filter the connections in FORWARD table.

Just did some quick search on the net and find this nice iptables tutorial:
http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#TRAVERSINGOFTABLES
read the "Chapter 6. Traversing of tables and chains" section General
with nice picture of all chains and their order.
Wish you nice reading and successful learning of iptables. ;-)

Best regards,
--
Peter Viskup
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xen.org/archives/html/xen-users/attachments/20130521/e85df5f4/attachment.html>

------------------------------

Message: 3
Date: Mon, 20 May 2013 23:56:02 +0000
From: James Harper <james.harper@xxxxxxxxxxxxxxxx>
To: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>
Subject: [Xen-users] win 2012 can't find drivers
Message-ID:
<6035A0D088A63A46850C3988ED045A4B57C9C1C6@xxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"

When installing windows 2012 I am getting an error about "a media driver your computer needs is missing", even though if I shift-F10 to open a command prompt and run diskpart I can see the harddisk.

Has anyone seen this before?

Xen is 4.1.4 (Debian package)

Thanks

James



------------------------------

Message: 4
Date: Tue, 21 May 2013 00:16:07 +0000
From: James Harper <james.harper@xxxxxxxxxxxxxxxx>
To: James Harper <james.harper@xxxxxxxxxxxxxxxx>,
"xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>
Subject: Re: [Xen-users] win 2012 can't find drivers
Message-ID:
<6035A0D088A63A46850C3988ED045A4B57C9C2F4@xxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"

Ignore this - my install iso appears to be corrupt. Sorry for the noise.

James

>
> When installing windows 2012 I am getting an error about "a media driver
> your computer needs is missing", even though if I shift-F10 to open a
> command prompt and run diskpart I can see the harddisk.
>
> Has anyone seen this before?
>
> Xen is 4.1.4 (Debian package)
>
> Thanks
>
> James
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxx
> http://lists.xen.org/xen-users



------------------------------

Message: 5
Date: Tue, 21 May 2013 00:19:36 +0000
From: James Harper <james.harper@xxxxxxxxxxxxxxxx>
To: Adam Goryachev <mailinglists@xxxxxxxxxxxxxxxxxxxxxx>
Cc: "xen-users@xxxxxxxxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] Suspicious URL:Re: Xen related networking
issue
Message-ID:
<6035A0D088A63A46850C3988ED045A4B57C9C326@xxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"

>
> I tried to install 402 onto one of the machines, it seemed to install
> fine (no errors) but on reboot it just sat at the Windows logo screen
> with the bar moving across the bottom. I had to reboot and revert to
> previous hardware config to get the system working again.
>
> Is there any other install method that is more likely to work, or
> anything I can provide to show what might have gone wrong?
>

I haven't seen this before. The /var/log/xen/qemu-dm-<domu name>.log file would be useful, if you installed the debug version.

James



------------------------------

Message: 6
Date: Mon, 20 May 2013 18:04:19 +0100
From: Jon Skilling <jon_skilling@xxxxxxxxxxx>
To: <xen-users@xxxxxxxxxxxxx>
Subject: [Xen-users] Problem with PCI Pass-through address space
collision
Message-ID: <BAY178-DS187AF909DD8D3D609090CAEAA80@xxxxxxx>
Content-Type: text/plain; charset="utf-8"

Hi,



I?ve been trying to configure Xeon on my HP ML350 G4 server for the past two weeks and despite reading just about every word of the Xen wiki and numerous other posts and mails, I can?t find a solution to my problem. Any help on this would be much appreciated!



Setup:



HP ML350 G4, Dual xeon, 6Gb Ram, 6 disk scsi raid array, Digium TDM410P analogue PBX card on PCI. Hardware virtualization (Vt-d) is not an option with this machine.



I followed these instructions (more or less) to set up Dom0 and DomU:



http://www.howtoforge.com/virtualization-with-xen-on-centos-6.3-x86_64-paravirtualization-and-hardware-virtualization



with the following changes:



Host Dom0 (Centos 6.4):

xen-4.2.2-4.el6.x86_64

kernel-xen-3.9.2-1.el6xen.x86_64

libvirt 1.0.3-1 (python-virtinstall causes libvirt to be upgraded to 1.0.3. From checking the source, the Xen patch appears to be there already, so no recompile needed ? the Xen patch doesn?t work with this source anyway.

XEND has been disabled from boot up because it causes problems with XL tools although the same address space collision occurs if I use the XM tool set.

I have tried xen-pciback.hide(06:01.0) on the kernel module definitions in boot.conf but this doesn?t seem to do anything. Adding records to modprobe.conf and rc.local work better.

The device I?m trying to passthrough is defined:



06:01.0 Ethernet controller: Digium, Inc. Wildcard TDM410 4-port analog card (rev 11)

Subsystem: Digium, Inc. Wildcard TDM410 4-port analog card

Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-

Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-

Interrupt: pin A routed to IRQ 16

Region 0: I/O ports at 5000 [disabled] [size=256]

Region 1: Memory at fdef0000 (32-bit, non-prefetchable) [disabled] [size=1K]

[virtual] Expansion ROM at f0000000 [disabled] [size=128K]

Capabilities: [c0] Power Management version 2

Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=100mA PME(D0+,D1+,D2+,D3hot+,D3cold+)

Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-

Kernel driver in use: pciback



Guest DomU (Centos 6.4):

kernel-xen-3.9.2-1.el6xen.x86_64

Created using virt-install onto a 20G LVM with 1024Mb ram

XML for DomU dumped and converted to native then the domain destroyed and undefined and recreated using XL create with the new cfg file. This is to allow inclusion of pci [?06:01.0?] parameter in config.





Using the static setup, I can get Dom0 to hide the PCI device. I can also achieve the same effect with the dynamic set up using pci-assignable-attach and pci-attach. Here is the dmesg relating to the device. Reg 30 is highlighted because this seems to be where the problem is.



pci 0000:06:01.0: [d161:8005] type 00 class 0x020000

pci 0000:06:01.0: reg 10: [io 0x5000-0x50ff]

pci 0000:06:01.0: reg 14: [mem 0xfdef0000-0xfdef03ff]

pci 0000:06:01.0: reg 30: [mem 0x00000000-0x0001ffff pref]

pci 0000:06:01.0: supports D1 D2

pci 0000:06:01.0: PME# supported from D0 D1 D2 D3hot D3cold

pci 0000:06:01.0: BAR 6: assigned [mem 0xf0000000-0xf001ffff pref]

pciback 0000:06:01.0: seizing device

pciback 0000:06:01.0: PCI IRQ 48 -> rerouted to legacy IRQ 16

pciback 0000:06:01.0: PCI IRQ 48 -> rerouted to legacy IRQ 16

xen-pciback: vpci: 0000:06:01.0: assign to virtual slot 0



In the Dom0 I can define the device statically in the config file or dynamically as described above. Both scenarios result in the same error being displayed.



pcifront pci-0: Installing PCI frontend

pcifront pci-0: Creating PCI Frontend Bus 0000:00

pcifront pci-0: PCI host bridge to bus 0000:00

pci_bus 0000:00: root bus resource [io 0x0000-0xffff]

pci_bus 0000:00: root bus resource [mem 0x00000000-0xfffffffff]

pci_bus 0000:00: root bus resource [bus 00-ff]

pci 0000:00:00.0: [d161:8005] type 00 class 0x020000

pci 0000:00:00.0: reg 10: [io 0x5000-0x50ff]

pci 0000:00:00.0: reg 14: [mem 0xfdef0000-0xfdef03ff]

pci 0000:00:00.0: reg 30: [mem 0xf0000000-0xffffffff pref]

pci 0000:00:00.0: supports D1 D2

pcifront pci-0: claiming resource 0000:00:00.0/0

pcifront pci-0: claiming resource 0000:00:00.0/1

pcifront pci-0: claiming resource 0000:00:00.0/6

pci 0000:00:00.0: address space collision: [mem 0xf0000000-0xffffffff pref] conflicts with 0000:00:00.0 [mem 0xfdef0000-0xfdef03ff]

pcifront pci-0: Could not claim resource 0000:00:00.0/6! Device offline. Try using e820_host=1 in the guest config.



This appears to show that the PCI device is conflicting with itself (reg 14 with reg 30) because the address space for reg 30 is different in pciback to pcifront.



I have tried setting up the domain with both XM and XL with the same result

Adding passthrough and permissive settings with no change

Adding iommu=soft to guest kernel command line.

I?ve tried adding the e820_host flag to the config file but this doesn?t seem to solve anything.

Different Xen enabled kernels.

Wiping the server and rebuilding the whole thing from scratch (more than once)

The Digium PCI card works fine on a normal Centos 6.3 setup with no Xen.



I?m out of ideas now on how to solve this, so if anyone has made this card work by doing something different, I?d be grateful for any suggestions. I?ve looked at the source for pcifont.c and come to the conclusion that my c coding skills are not going to be good enough to debug/change this program.

I can provide more dmesg outputs or other documentation if needed.



Thanks in advance for any help



Jon



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xen.org/archives/html/xen-users/attachments/20130520/2541524c/attachment.html>

------------------------------

Message: 7
Date: Mon, 20 May 2013 20:28:48 -0700
From: John Sherwood <jrs@xxxxxx>
To: xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-users] Xen stops booting at "SATA Link down (SStatus 0
SControl 300)"
Message-ID:
<CAH5ygH0K6ywRS+GeW5ij+3uv0HXh=xP4u-c9qrcn9tgVYnhWWQ@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

I'm trying to set up Xen 4.1 on Ubuntu 12.04 server (x64) and when booting
the dom0 it fails while apparently attempting to initialize the SATA
devices. It does find one device (ata3) but then just halts and hangs
apparently forever. Any suggestions as to what could be causing this, or
whether upgrading to 13.04/Xen 4.2 might fix the issue?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xen.org/archives/html/xen-users/attachments/20130520/f0ef5125/attachment.html>

------------------------------

Message: 8
Date: Tue, 21 May 2013 10:08:39 +0430
From: Richard Johnson <johnson9884@xxxxxx>
To: xen-users@xxxxxxxxxxxxx, alpine-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] Stable and Secure Distribution Supporting Xen
Message-ID: <519B085F.60707@xxxxxx>
Content-Type: text/plain; charset="us-ascii"

An HTML attachment was scrubbed...
URL: <http://lists.xen.org/archives/html/xen-users/attachments/20130521/aff8c1ab/attachment.html>

------------------------------

Message: 9
Date: Tue, 21 May 2013 07:35:52 +0100
From: Gordan Bobic <gordan@xxxxxxxxxx>
To: Jon Skilling <jon_skilling@xxxxxxxxxxx>
Cc: xen-users@xxxxxxxxxxxxx
Subject: Re: [Xen-users] Problem with PCI Pass-through address space
collision
Message-ID: <519B15C8.9030605@xxxxxxxxxx>
Content-Type: text/plain; charset=windows-1252; format=flowed

I'm pretty sure I seem to recall that PCI passthrough will not work
without VT-d, but by all means, feel free to try.

Even if you did have working VT-d, though, you have to detach the device
from dom0 before you can add it to domU, using something like:

virsh nodedev-detach pci_0000_06_01_0

Given the EL6 CRC Xen packages you are using, they use pciback built as
a module, so kernel boot parameters won't help. What you need to do is
add this to /etc/modprobe.d/:

# cat xen-pciback.conf
options xen-pciback permissive=1 hide=(06:01.0)

Run depmod -a once you have done that.

Then:

# modprobe xen-pciback
virsh nodedev-detach pci_0000_06_01_0

Also add the driver for the card to /etc/modprobe.d/blacklist.conf.

After that you should be able to boot the domU with the device.

You may also want to upgrade to the latest testing packages (4.2.2-5)
since they include a PCI passthrough fix from a couple of days ago,
although it doesn't look like you are falling foul of it.

Also, how much RAM are you passing to domU? Try giving it <= 2GB. There
is a PCI memory map bug that can cause a nasty memory stomp that kept me
chasing my tail for days. For most people it manifests at > 4GB, but on
my system it manifested at > 2GB.

HTH.

Gordan

On 05/20/2013 06:04 PM, Jon Skilling wrote:
> Hi,
>
> I?ve been trying to configure Xeon on my HP ML350 G4 server for the past
> two weeks and despite reading just about every word of the Xen wiki and
> numerous other posts and mails, I can?t find a solution to my problem.
> Any help on this would be much appreciated!
>
> Setup:
>
> HP ML350 G4, Dual xeon, 6Gb Ram, 6 disk scsi raid array, Digium TDM410P
> analogue PBX card on PCI. Hardware virtualization (Vt-d) is not an
> option with this machine.
>
> I followed these instructions (more or less) to set up Dom0 and DomU:
>
> http://www.howtoforge.com/virtualization-with-xen-on-centos-6.3-x86_64-paravirtualization-and-hardware-virtualization
>
> with the following changes:
>
> Host Dom0 (Centos 6.4):
>
> xen-4.2.2-4.el6.x86_64
>
> kernel-xen-3.9.2-1.el6xen.x86_64
>
> libvirt 1.0.3-1 (python-virtinstall causes libvirt to be upgraded to
> 1.0.3. From checking the source, the Xen patch appears to be there
> already, so no recompile needed ? the Xen patch doesn?t work with this
> source anyway.
>
> XEND has been disabled from boot up because it causes problems with XL
> tools although the same address space collision occurs if I use the XM
> tool set.
>
> I have tried xen-pciback.hide(06:01.0) on the kernel module definitions
> in boot.conf but this doesn?t seem to do anything. Adding records to
> modprobe.conf and rc.local work better.
>
> The device I?m trying to passthrough is defined:
>
> 06:01.0 Ethernet controller: Digium, Inc. Wildcard TDM410 4-port analog
> card (rev 11)
>
> Subsystem: Digium, Inc. Wildcard TDM410 4-port analog card
>
> Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop-
> ParErr- Stepping- SERR- FastB2B- DisINTx-
>
> Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium
> >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
>
> Interrupt: pin A routed to IRQ 16
>
> Region 0: I/O ports at 5000 [disabled] [size=256]
>
> Region 1: Memory at fdef0000 (32-bit, non-prefetchable)
> [disabled] [size=1K]
>
> [virtual] Expansion ROM at f0000000 [disabled] [size=128K]
>
> Capabilities: [c0] Power Management version 2
>
> Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=100mA
> PME(D0+,D1+,D2+,D3hot+,D3cold+)
>
> Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
>
> Kernel driver in use: pciback
>
> Guest DomU (Centos 6.4):
>
> kernel-xen-3.9.2-1.el6xen.x86_64
>
> Created using virt-install onto a 20G LVM with 1024Mb ram
>
> XML for DomU dumped and converted to native then the domain destroyed
> and undefined and recreated using XL create with the new cfg file. This
> is to allow inclusion of pci [?06:01.0?] parameter in config.
>
> Using the static setup, I can get Dom0 to hide the PCI device. I can
> also achieve the same effect with the dynamic set up using
> pci-assignable-attach and pci-attach. Here is the dmesg relating to the
> device. Reg 30 is highlighted because this seems to be where the problem is.
>
> pci 0000:06:01.0: [d161:8005] type 00 class 0x020000
>
> pci 0000:06:01.0: reg 10: [io 0x5000-0x50ff]
>
> pci 0000:06:01.0: reg 14: [mem 0xfdef0000-0xfdef03ff]
>
> pci 0000:06:01.0: *reg 30: [mem 0x00000000-0x0001ffff pref]*
>
> pci 0000:06:01.0: supports D1 D2
>
> pci 0000:06:01.0: PME# supported from D0 D1 D2 D3hot D3cold
>
> pci 0000:06:01.0: BAR 6: assigned [mem 0xf0000000-0xf001ffff pref]
>
> pciback 0000:06:01.0: seizing device
>
> pciback 0000:06:01.0: PCI IRQ 48 -> rerouted to legacy IRQ 16
>
> pciback 0000:06:01.0: PCI IRQ 48 -> rerouted to legacy IRQ 16
>
> xen-pciback: vpci: 0000:06:01.0: assign to virtual slot 0
>
> In the Dom0 I can define the device statically in the config file or
> dynamically as described above. Both scenarios result in the same error
> being displayed.
>
> pcifront pci-0: Installing PCI frontend
>
> pcifront pci-0: Creating PCI Frontend Bus 0000:00
>
> pcifront pci-0: PCI host bridge to bus 0000:00
>
> pci_bus 0000:00: root bus resource [io 0x0000-0xffff]
>
> pci_bus 0000:00: root bus resource [mem 0x00000000-0xfffffffff]
>
> pci_bus 0000:00: root bus resource [bus 00-ff]
>
> pci 0000:00:00.0: [d161:8005] type 00 class 0x020000
>
> pci 0000:00:00.0: reg 10: [io 0x5000-0x50ff]
>
> pci 0000:00:00.0: reg 14: [mem 0xfdef0000-0xfdef03ff]
>
> pci 0000:00:00.0: *reg 30: [mem 0xf0000000-0xffffffff pref]*
>
> pci 0000:00:00.0: supports D1 D2
>
> pcifront pci-0: claiming resource 0000:00:00.0/0
>
> pcifront pci-0: claiming resource 0000:00:00.0/1
>
> pcifront pci-0: claiming resource 0000:00:00.0/6
>
> pci 0000:00:00.0: address space collision: [mem 0xf0000000-0xffffffff
> pref] conflicts with 0000:00:00.0 [mem 0xfdef0000-0xfdef03ff]
>
> pcifront pci-0: Could not claim resource 0000:00:00.0/6! Device offline.
> Try using e820_host=1 in the guest config.
>
> This appears to show that the PCI device is conflicting with itself (reg
> 14 with reg 30) because the address space for reg 30 is different in
> pciback to pcifront.
>
> I have tried setting up the domain with both XM and XL with the same result
>
> Adding passthrough and permissive settings with no change
>
> Adding iommu=soft to guest kernel command line.
>
> I?ve tried adding the e820_host flag to the config file but this doesn?t
> seem to solve anything.
>
> Different Xen enabled kernels.
>
> Wiping the server and rebuilding the whole thing from scratch (more than
> once)
>
> The Digium PCI card works fine on a normal Centos 6.3 setup with no Xen.
>
> I?m out of ideas now on how to solve this, so if anyone has made this
> card work by doing something different, I?d be grateful for any
> suggestions. I?ve looked at the source for pcifont.c and come to the
> conclusion that my c coding skills are not going to be good enough to
> debug/change this program.
>
> I can provide more dmesg outputs or other documentation if needed.
>
> Thanks in advance for any help
>
> Jon
>
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxx
> http://lists.xen.org/xen-users
>




------------------------------

Message: 10
Date: Tue, 21 May 2013 12:42:56 +0500
From: Micky <mickylmartin@xxxxxxxxx>
To: James Harper <james.harper@xxxxxxxxxxxxxxxx>
Cc: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>
Subject: Re: [Xen-users] gplpv: re-enabling the nic adapter removes it
Message-ID:
<CAKAA-nmwAdFL157Y87LidLYKAFZLJoyeZhG-ogg=1vy9khbsDg@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

>
> My test machine is Debian 3.8.5 which should be close enough although it's possible there is a patch that changes the state transition in a subtle way.
>

That is quite interesting. I do think this would be the case since we
have tried everything else. Someday I may be able to try this on
Debian dom0.

> Can you try disabling both adapters so the driver unloads then enable them both again (even if it gets stuck when the first one loads)?

I guess that was the first apparent thing that I did when an adapter
disappeared while re-enabling, yea as funny as it sounds, LOL. But I
did just try again; both adapters disappear and driver crashes with
same error. Reboot brings them back.



------------------------------

Message: 11
Date: Tue, 21 May 2013 10:05:17 +0200
From: Massimo Canonico <mex@xxxxxxxxxxxx>
To: "Grinberg, Vitaly" <Vitaly.Grinberg@xxxxxxxxxxxx>
Cc: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>
Subject: Re: [Xen-users] CAP and performance problem
Message-ID: <519B2ABD.2090304@xxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Thanks, but this good question is still waiting for a good answer. Anyone?

Cheers,
Massimo

On 05/15/2013 04:42 PM, Grinberg, Vitaly wrote:
> This is a good question.
>
> Vitaly.
>
>
>
> -----Original Message-----
> From: xen-users-bounces@xxxxxxxxxxxxx [mailto:xen-users-bounces@xxxxxxxxxxxxx] On Behalf Of Massimo Canonico
> Sent: Thursday, December 25, 2008 7:35 PM
> To: xen-users@xxxxxxxxxxxxx
> Subject: [Xen-users] CAP and performance problem
>
> Hi,
> my application is written in std C++ and it makes a matrix
> multiplication: so it uses only CPU and memory (no i/o, no network).
>
> I'm quite surprise that with CAP = 100% I got my results in about 600
> seconds and with CAP = 50% I got my results in about 1800 seconds
> (around 3 times longer).
>
> For this kind of application I was expecting to get results in about
> 1200 seconds (2 times longer) for the second scenario with respect to
> the first one.
>
> Of course, the HW and SW are exactly the same for the 2 experiments.
>
> Am I wrong or the CAP mechanism is not working well?
>
> Thanks,
> Massimo
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxx
> http://lists.xen.org/xen-users




------------------------------

Message: 12
Date: Tue, 21 May 2013 08:27:55 +0000
From: James Harper <james.harper@xxxxxxxxxxxxxxxx>
To: Micky <mickylmartin@xxxxxxxxx>
Cc: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>
Subject: Re: [Xen-users] gplpv: re-enabling the nic adapter removes it
Message-ID:
<6035A0D088A63A46850C3988ED045A4B57C9EFCE@xxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"

>
> >
> > My test machine is Debian 3.8.5 which should be close enough although it's
> possible there is a patch that changes the state transition in a subtle way.
> >
>
> That is quite interesting. I do think this would be the case since we
> have tried everything else. Someday I may be able to try this on
> Debian dom0.
>
> > Can you try disabling both adapters so the driver unloads then enable them
> both again (even if it gets stuck when the first one loads)?
>
> I guess that was the first apparent thing that I did when an adapter
> disappeared while re-enabling, yea as funny as it sounds, LOL. But I
> did just try again; both adapters disappear and driver crashes with
> same error. Reboot brings them back.

I just uploaded a version 404 to testing which has some timeouts implemented (and a PAE/x64 fix for vbd). That won't fix the problem but might tell me more about the error if you can send me the debug log.

When you say crash is that a BSoD? I can't remember if I've asked you that before.

James




------------------------------

Message: 13
Date: Tue, 21 May 2013 10:06:49 +0100
From: Lars Kurth <lars.kurth@xxxxxxx>
To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Cc: "xen-arm@xxxxxxxxxxxxx" <xen-arm@xxxxxxxxxxxxx>,
"xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>,
"xen-api@xxxxxxxxxxxxx" <xen-api@xxxxxxxxxxxxx>,
"xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Subject: Re: [Xen-users] [Votes] Xen Project Governance v2 , Mailing
List Conventions v1, 2014 Event Locations (open to all)
Message-ID: <519B3929.3080104@xxxxxxx>
Content-Type: text/plain; charset=UTF-8; format=flowed

> perhaps we could continue to vote using the old "+1" in an email
mechanism?
The reason for creating a form was to
a) Ensure formal votes are private (i.e. there is a space to raise
issues that may be difficult to raise in public)
b) Make sure that the vote is recorded and can be easily gone back to
(something which is a little hard on a list)
c) Comply with the process
Maybe a) does not apply at all or maybe only in limited circumstances.
This point may be valid when it comes for votes related to
incubating/graduating or archiving sub-projects though (because it may
reflect on an individuals or companies leadership of a sub-project) and
it may be harder to air an issue publicly.

To be honest, the turn-out on these last two votes was really poor. We
had only 4 votes (and only one from Citrix). Now this of course may be
because the proposed changes were rather uncontroversial.

On the other hand, you often use the argument that "if somebody can't be
bothered following up on their bugs/patches/etc. then bugs/patches/etc.
are obviously not important enough". I am inclined to use that same
argument for voring on process and policy changes.

Regards
Lars

On 20/05/2013 10:17, Ian Campbell wrote:
> On Mon, 2013-05-13 at 11:30 +0100, Lars Kurth wrote:
>> Rather than creating a voting form, I decided to use the voting
>> feature
>> on the newxenproject.org website. To vote, you need to create an
>> account. If you have difficulties, let me know. The poll isat
>> http://www.xenproject.org/help/questions-and-answers/vote-on-2014-event-locations.html.
>> The vote will stay open until the middle of June.
> I've voted using this now but in the future perhaps we could continue to
> vote using the old "+1" in an email mechanism?
>
> There aren't so many maintainers and committers that this would be
> unwieldy IMHO.
>




------------------------------

Message: 14
Date: Tue, 21 May 2013 13:43:32 +0430
From: Richard Johnson <johnson9884@xxxxxx>
To: xen-users@xxxxxxxxxxxxx, alpine-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] [alpine-devel] Stable and Secure Distribution
Supporting Xen
Message-ID: <519B3ABC.6090307@xxxxxx>
Content-Type: text/plain; charset="us-ascii"

An HTML attachment was scrubbed...
URL: <http://lists.xen.org/archives/html/xen-users/attachments/20130521/19092d43/attachment.html>

------------------------------

Message: 15
Date: Tue, 21 May 2013 15:42:26 +0500
From: Micky <mickylmartin@xxxxxxxxx>
To: James Harper <james.harper@xxxxxxxxxxxxxxxx>
Cc: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>
Subject: Re: [Xen-users] gplpv: re-enabling the nic adapter removes it
Message-ID:
<CAKAA-nkE8ZCZEikPcPVQ1ENtYR-P6dL-KHSCd0ZWS_heaHgNmA@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

> I just uploaded a version 404 to testing which has some timeouts implemented (and a PAE/x64 fix for vbd). That won't fix the problem but might tell me more about the error if you can send me the debug log.

Thanks. I'll take a peek soon.

> When you say crash is that a BSoD? I can't remember if I've asked you that before.

Not a BSOD but a driver crash with "device cannot start (error 10)" in
device manager.



------------------------------

Message: 16
Date: Tue, 21 May 2013 16:41:35 +0530
From: Jaya Dhanesh <jaya.dhanesh@xxxxxxxxxxxx>
To: xen-users@xxxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] help
Message-ID: <519B5667.80900@xxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"

Hi,

I am using Xen and trying to achieve some functionalities that was
working with Virtual Box.
In VB, there is a command, "VBoxManage -q modifyvm $app_name --uartmode1
server $VMDKCONS";
which will allow me to write code using pipes and sockets to achieve
console connection. This is not through the regular com port. What is
the xen equivalent command to do this?

Thanks,
Dhanesh.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xen.org/archives/html/xen-users/attachments/20130521/5352943f/attachment.html>

------------------------------

Message: 17
Date: Tue, 21 May 2013 12:04:41 +0400
From: Alexey Makarov <makarovalexey@xxxxxxxxx>
To: Alexandre Kouznetsov <alk@xxxxxxxxxx>
Cc: xen-users@xxxxxxxxxxxxx
Subject: Re: [Xen-users] XCP don't see Network Interfaces on sunfire
x2270
Message-ID:
<CAFH7_D9q1wrpmO1TZtxrQEZ9BpNwzLknL3v=aX=UGUTwGfqBQA@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"

Yes, xsconsole.

xe pif-list shows nothing. (No any interfaces)
xe network-list shows defaults XCP networks

ifconfig -a shows that eth0, eth1 - BROADCAST MULTICAST

2013/5/20 Alexandre Kouznetsov <alk@xxxxxxxxxx>

> Hello.
>
> El 20/05/13 09:54, Alexey Makarov escribi?:
>
> On a fresh installation of XCP 1.6 there is no interface in XCP Network
>> Management.
>>
> What is "XCP Network Management", xsconsole?
>
> By default, XCP 1.6 creates a "network" for each physical interface, as a
> bridge. So, there is no ethX directly usable, the bridges are used as
> network interface instead.
>
> Check "xe network-list" and "xe pif-list" output to inspect that.
>
>
> While in comman line ifconfig -a shows me both physical interfaces.
>>
> Does they have the "UP" flag or not?
>
> Greetings.
>
> --
> Alexandre Kouznetsov
>
>
> ______________________________**_________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxx
> http://lists.xen.org/xen-users
>



--
Best regards, Makarov Alexey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xen.org/archives/html/xen-users/attachments/20130521/951f1935/attachment.html>

------------------------------

Message: 18
Date: Tue, 21 May 2013 11:30:22 +0200
From: Natanael Copa <ncopa@xxxxxxxxxxxxxxx>
To: Richard Johnson <johnson9884@xxxxxx>
Cc: xen-users@xxxxxxxxxxxxx, alpine-devel@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] [alpine-devel] Stable and Secure Distribution
Supporting Xen
Message-ID: <20130521113022.6ade937f@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII

On Tue, 21 May 2013 10:08:39 +0430
Richard Johnson <johnson9884@xxxxxx> wrote:

> I'm choosing between Unix-based operating systems that support Xen. My criteria are the following:
>
> - Compatibility: I want to use this OS on a various set of commonly used hardware. I have restricted the CPU instruction set scope to x86_64, but there are a vast range of graphics cards out there.

You will only be able to run open source drivers with Alpine Linux.

Anything in mainline linux kernel should work though.

> - Stability: The packages and kernel used must be stable versions. Many main distributions such as Debian and RedHat follow his strategy.

We just released alpine v2.6. It uses kernel 3.9.y + grsecurity
patches. Upstream claims its "stable". I think Debian and RedHat thinks
otherwise.

You will have to find the balance between new features (incl new
hardware) and stability.

> - Xen Stability: Stable Xen support is necessary

Alpine v2.6 comes with Xen 4.2.1.

> - Security
>
> With these criteria in mind I have reached to the following distributions: NetBSD, Alpine Linux, FreeBSD, Debian and CentOS. I am currently using Alpine Linux which claims that it is designed with security in mind, however my recent Experience with it showed many bugs.

Alpine Linux's security strategy is to use Grsecurity patches and a
hardened gcc toolchain (similar to gentoo hardened). The idea is to
make it hard to exploit (unknown) security bugs, even in kernel.

Since we are a relatively small distro and are fairly early to adopt
new "stable" upstream releases and try stay closer to upstream, we
might hit the bugs earlier than others.

The number of new bugs seems to increase with every kernel release :-/

It would be nice if you could report the bugs you have found so we have
a chance to fix them.
https://bugs.alpinelinux.org


Thanks!

-nc



------------------------------

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users


End of Xen-users Digest, Vol 99, Issue 46
*****************************************
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.