[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Got permission denied error when calling xenbus_printf function in the frontend driver





On Tue, Aug 4, 2015 at 7:07 AM, Jintack Lim <jintack@xxxxxxxxxxxxxxx> wrote:
Hi Ian,
thank you so much again!

On Mon, Aug 3, 2015 at 4:53 AM, Ian Campbell <ian.campbell@xxxxxxxxxx> wrote:
On Sun, 2015-08-02 at 17:12 -0400, Jintack Lim wrote:
> Hi,
>
> I was writing a simple backend/frontend driver,
> and when I ran it, I got this error in dmesg.
> "failed to write error node for device/vsimple/0 (13 writing ring-ref)"

Was this from the front or backend? I think it is the frontend.

Yes, it's the frontend.
Â

> The way I call xenbus_printf is pretty much the same as other drivers.
> I called xenbus_transaction_start before this line.
> err = xenbus_printf(xbt, dev->nodename,
>Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â "ring-ref", "%u", info->ring_ref);
>
> I'm working on Xen 4.5.0, ARM64 architecture.
> I referred this page, and used the same script at the bottom.
> http://wiki.xenproject.org/wiki/Introduction_to_Xen_3.x#Adding_new_device
> _and_triggering_the_probe.28.29_functions
> What could go wrong with permissions?
>
> This is how my device (vsimple) looks like in Xenstore
> after I ran the script above.
>
> # xenstore-ls -p /local/domain/7/device
> ...
> vsimple = "" . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7)
> 0 = "" . . . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7)
> Âbackend-id = "0" . . . . . . . . . . . . . . . . . . . . . (n0,r7)
> Âbackend = "/local/domain/0/backend/vsimple/7/0" . . . . . (n0,r7)
> Âstate = "1" . . . . . . . . . . . . . . . . . . . . . . . (n0,r7)
>
> The owner of vsimple is dom0, and domU only has the read permission.
> It's somewhat obvious that I got the permission error..
> The question is how can I fix this?
>
> I also got errors related to writing new state, and domU is only allowed
> to read it as shown above again.

The frontend domain needs to be given write permission to the frontend
device directory (or at least some subset, compare your perms against e.g.
a disk directory). Normally the toolstack would arrange for the correct
permissions as part of the creation of both the front and backend
directories.

After I added a few lines to give read/write permission of some keys to domU,
then "permission denied" error was gone, and the driver worked fine.
They look like this.

xenstore-chmod /local/domain/${2}/device/${1}/0/state b
xenstore-chmod /local/domain/${2}/device/${1}/0/ring-ref b
xenstore-chmod /local/domain/${2}/device/${1}/0/event-channel b
/* then fire up the frontend driver */

Well, even though this works, I feel like this is not the correct way to do it.
Because all other domains can access and modify the keys.

The better way would be to make a specific domU to be the owner ofÂ
/local/domain/<domid>/device/vsimple/<devid>.
Currently it is dom0.
I guess that's why you asked the next question.



What is creating /local/domain/<domid>/device/vsimple/<devid> and
/local/domain/<be>/backend/vsimple/<domid>/<devid>?
Â
They are created by the script on dom0.
As far as I know,Â
Â/local/domain/<domid>/device/vsimple/<devid> is automatically created when creating
Â/local/domain/<domid>/device/vsimple/<devid>/backend-id in the script.

I think the other one is also automatically created when creating frontend-id in the script.


I should also ask -- what is "vsimple" going to do? It may be that we have
existing things which meet your needs, either libvchan or channels[0] might
be a good fit?

vsimple is just almost empty driver doing ping-pong between dom0 and domU,
but thanks for the resources!
Â

Ian.

[0] http://xenbits.xen.org/docs/unstable/misc/channel.txt



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.