Re: [Xen-users] Got permission denied error when calling xenbus_printf function in the frontend driver

[Jintack Lim <jintack@xxxxxxxxxxxxxxx>]

On Tue, Aug 4, 2015 at 7:07 AM, Jintack Lim <jintack@xxxxxxxxxxxxxxx> wrote:

Hi Ian,

thank you so much again!

On Mon, Aug 3, 2015 at 4:53 AM, Ian Campbell <ian.campbell@xxxxxxxxxx> wrote:

On Sun, 2015-08-02 at 17:12 -0400, Jintack Lim wrote:
> Hi,
>
> I was writing a simple backend/frontend driver,
> and when I ran it, I got this error in dmesg.
> "failed to write error node for device/vsimple/0 (13 writing ring-ref)"

Was this from the front or backend? I think it is the frontend.

Yes, it's the frontend.

Â

> The way I call xenbus_printf is pretty much the same as other drivers.
> I called xenbus_transaction_start before this line.
> err = xenbus_printf(xbt, dev->nodename,
>Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â "ring-ref", "%u", info->ring_ref);
>
> I'm working on Xen 4.5.0, ARM64 architecture.
> I referred this page, and used the same script at the bottom.
> http://wiki.xenproject.org/wiki/Introduction_to_Xen_3.x#Adding_new_device
> _and_triggering_the_probe.28.29_functions
> What could go wrong with permissions?
>
> This is how my device (vsimple) looks like in Xenstore
> after I ran the script above.
>
> # xenstore-ls -p /local/domain/7/device
> ...
> vsimple = "" . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7)
> 0 = "" . . . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7)
> Âbackend-id = "0" . . . . . . . . . . . . . . . . . . . . . (n0,r7)
> Âbackend = "/local/domain/0/backend/vsimple/7/0" . . . . . (n0,r7)
> Âstate = "1" . . . . . . . . . . . . . . . . . . . . . . . (n0,r7)
>
> The owner of vsimple is dom0, and domU only has the read permission.
> It's somewhat obvious that I got the permission error..
> The question is how can I fix this?
>
> I also got errors related to writing new state, and domU is only allowed
> to read it as shown above again.

The frontend domain needs to be given write permission to the frontend
device directory (or at least some subset, compare your perms against e.g.
a disk directory). Normally the toolstack would arrange for the correct
permissions as part of the creation of both the front and backend
directories.

After I added a few lines to give read/write permission of some keys to domU,

then "permission denied" error was gone, and the driver worked fine.

They look like this.

xenstore-chmod /local/domain/${2}/device/${1}/0/state b

xenstore-chmod /local/domain/${2}/device/${1}/0/ring-ref b

xenstore-chmod /local/domain/${2}/device/${1}/0/event-channel b

/* then fire up the frontend driver */

Well, even though this works, I feel like this is not the correct way to do it.

Because all other domains can access and modify the keys.

The better way would be to make a specific domU to be the owner ofÂ

/local/domain/<domid>/device/vsimple/<devid>.

Currently it is dom0.

I guess that's why you asked the next question.

What is creating /local/domain/<domid>/device/vsimple/<devid> and
/local/domain/<be>/backend/vsimple/<domid>/<devid>?

Â

They are created by the script on dom0.

As far as I know,Â

Â/local/domain/<domid>/device/vsimple/<devid> is automatically created when creating

Â/local/domain/<domid>/device/vsimple/<devid>/backend-id in the script.

I think the other one is also automatically created when creating frontend-id in the script.

I should also ask -- what is "vsimple" going to do? It may be that we have
existing things which meet your needs, either libvchan or channels[0] might
be a good fit?

vsimple is just almost empty driver doing ping-pong between dom0 and domU,

but thanks for the resources!

Â

Ian.

[0] http://xenbits.xen.org/docs/unstable/misc/channel.txt

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users