[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Testing ocaml-vchan
On 16/08/13 17:35, Vincent Bernardoff wrote: ... You should observe, randomly, either the kernel crashing with EACCESS, or blocking forever. I don't see any crashes on my CentOS 6.4. I was only patient enough to run it 10 times though. Perhaps the crashes are just early EACCESS exceptions which are thrown before libxl finishes it's work? Please let me know if you have any problem following those instructions, or if the result of the experiment is different from what I have. The EACCESS is because of the default permissions of the xenstore nodes. If you do this: xl create foo.cfg -cp xl list -- look for the domain id xenstore-write /local/domain/$ID/vchan "" xenstore-chmod /local/domain/$ID/vchan n$ID,r0 xl unpause foo then it won't crash. I get: >>>> Initializing Server domid=0 xs_path=vchan Server: right_order = 13, left_order = 13 allocate_buffer_locations: gntref = 9 allocate_buffer_locations: gntref = 10 allocate_buffer_locations: gntref = 11 allocate_buffer_locations: gntref = 12 Writing config into the XenStore Inside Xs.immediate: writing to vchan domid = 7 domid = 7 domid = 7 domid = 7 domid = 7 domid = 7 domid = 7 domid = 7 domid = 7 domid = 7 domid = 7 Created directory vchan Created key vchan/ring-ref Shared page is: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 0d 00 02 01 01 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c 00 00 00 Initialization done! <<<< The default permissions are: >>>> [root@st30 ~]# xenstore-ls /local/domain/7 -p ... 7 = "" . . . . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7) ... [root@st30 ~]# xenstore-ls /local/domain/7 -p vm = "/vm/cc27def4-5e8c-4f82-bcb8-945869d7536e" . . . . . . (n0,r7) name = "vchan" . . . . . . . . . . . . . . . . . . . . . . . (n0,r7) cpu = "" . . . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7) 0 = "" . . . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7) availability = "online" . . . . . . . . . . . . . . . . . (n0,r7) memory = "" . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7) static-max = "262144" . . . . . . . . . . . . . . . . . . . (n0,r7) target = "262145" . . . . . . . . . . . . . . . . . . . . . (n0,r7) videoram = "-1" . . . . . . . . . . . . . . . . . . . . . . (n0,r7) device = "" . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7) suspend = "" . . . . . . . . . . . . . . . . . . . . . . . (n0,r7) event-channel = "" . . . . . . . . . . . . . . . . . . . . (n7) control = "" . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7) shutdown = "" . . . . . . . . . . . . . . . . . . . . . . . (n7) platform-feature-multiprocessor-suspend = "1" . . . . . . . (n0,r7) platform-feature-xs_reset_watches = "1" . . . . . . . . . . (n0,r7) data = "" . . . . . . . . . . . . . . . . . . . . . . . . . (n7) domid = "7" . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7) store = "" . . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7) port = "1" . . . . . . . . . . . . . . . . . . . . . . . . (n0,r7) ring-ref = "1167408" . . . . . . . . . . . . . . . . . . . (n0,r7) console = "" . . . . . . . . . . . . . . . . . . . . . . . . (n7,r0) backend = "/local/domain/0/backend/console/7/0" . . . . . . (n7,r0) backend-id = "0" . . . . . . . . . . . . . . . . . . . . . (n7,r0) limit = "1048576" . . . . . . . . . . . . . . . . . . . . . (n7,r0) type = "xenconsoled" . . . . . . . . . . . . . . . . . . . (n7,r0) output = "pty" . . . . . . . . . . . . . . . . . . . . . . (n7,r0) port = "2" . . . . . . . . . . . . . . . . . . . . . . . . (n7,r0) ring-ref = "1167407" . . . . . . . . . . . . . . . . . . . (n7,r0) tty = "/dev/pts/3" . . . . . . . . . . . . . . . . . . . . (n7,r0) <<<<where "nX" means "owned by domid X which has read/write access) and "rX" means "read permission for domid X". So you can't make new subdirectories and you can only write to a few miscellaneous places. The permissions have been set this way because it's normally the toolstack's job to create devices (backends and frontends) and introduce them to each other. Backend software running in privileged domains has (unfortunately) trusted the values in xenstore to have come from the toolstack -- rather than the untrusted frontend -- and this has led to some security vulnerabilities when the permissions were accidentally relaxed, and the frontend was able to change them. There's a general move towards trusting xenstore less and imposing security policies in the hypervisor via XSM. I think there are 3 options:1. architect the application such that there is a toolstack (ie dom0) component which creates the directories to introduce client to server. This is what happens with the block and net protocols but may not be appropriate for vchan? 2. propose a canonical place where "vchan" endpoints should be advertised (/local/domain/$ID/vchan or /local/domain/$ID/device/vchan), and modify the toolstack to make the directory and 'setperm' it. 3. use one of the places you can already write to. Looking at the default permissions above the only options are: >>>> ... event-channel = "" . . . . . . . . . . . . . . . . . . . . (n7) ... shutdown = "" . . . . . . . . . . . . . . . . . . . . . . . (n7) ... data = "" . . . . . . . . . . . . . . . . . . . . . . . . . (n7) console = "" . . . . . . . . . . . . . . . . . . . . . . . . (n7,r0) backend = "/local/domain/0/backend/console/7/0" . . . . . . (n7,r0) backend-id = "0" . . . . . . . . . . . . . . . . . . . . . (n7,r0) limit = "1048576" . . . . . . . . . . . . . . . . . . . . . (n7,r0) type = "xenconsoled" . . . . . . . . . . . . . . . . . . . (n7,r0) output = "pty" . . . . . . . . . . . . . . . . . . . . . . (n7,r0) port = "2" . . . . . . . . . . . . . . . . . . . . . . . . (n7,r0) ring-ref = "1167407" . . . . . . . . . . . . . . . . . . . (n7,r0) tty = "/dev/pts/3" . . . . . . . . . . . . . . . . . . . . (n7,r0) <<<<I think the only place which isn't horrifically ugly in the list above is "data". Perhaps you could use /local/domain/$ID/data/vchan by default? This patch works for me: --- a/test/node_mirage.ml +++ b/test/node_mirage.ml @@ -20,4 +20,4 @@ let main () = Xs.make () >>= fun c -> Xs.immediate c (fun h -> Xs.read h "domid") >>= fun domid -> - Node.with_vchan clisrv (Eventchn.init ()) remote_domid "vchan" echo + Node.with_vchan clisrv (Eventchn.init ()) remote_domid "data/vchan" echo Cheers, Dave
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |