[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] vTPM Manager VM launch failure: operation not permitted



Hi Quan,

My phsyical TPM is v2.0. I alrady tried 'iomem=["fed40,1"]' but didn't work..

Actually, my DOM's TPM driver has been loaded.
Meanwhile, I thought xen-devel was too busy with other real issues, so I asked this question to Daniel after that and he sent me a patch. I am trying out his patch on xen-unstable, and if the patch works Daniel will submit it upstream.

I will let you guys know about the result soon.

Ronny

On Wed, Sep 13, 2017 at 8:27 AM, Quan Xu <quan.xu0@xxxxxxxxx> wrote:


on 2017/9/13 18:42, Wei Liu wrote:
Cc VTPM maintainers

On Sun, Sep 10, 2017 at 03:07:04PM -0400, Ronny Ko wrote:
Hi,

I'm a PhD student from Harvard University having a trouble in running
vTPM manager.

I cannot successfully launch vTPM manager in Xen, because when I
command "sudo xl create vtpm-manager.cfg" to launch a virtual TPM VM,
I get the following error:

libxl: error: libxl_create.c:1295:domcreate_launch_dm: Domain
10:failed give domain access to iomeim range fed44-fed44: Operation
not permitted

In Xen, virtual TPM is a standalone VM that communicates with DOMu.
"vtpm-manager.cfg" is Xen's configuration file for virtual TPM manager
VM, whose contents are as follows:

============ vtpm-manager.cfg ================
kernel="/usr/local/lib/xen/boot/vtpmmgr-stubdom.gz"   # vTPM manager code image
memory=16   # 16M RAM size
disk=["file:/home/skyer/Desktop/xen/vtpmmgr-stubdom.img,hda,w"]   # disk storage
name="vtpmmgr"   # Just a nick name
iomem=["fed44,1"]   # This means, map physical memory from
0xfed44000-0xfed44fff for I/O, which is to be used by virtual TPM
manager to communicate with the physical TPM device.
===========================================

Ronny,
is your physical TPM device v1.2 or v2.0?

for tpm1.2.. , commands that are sent to the TPM through the register set at address FED4.0000 are implicitly associated with locality 0.
try 'iomem=["fed40,1"]'


and make sure Dom0 's TPM driver is _not_ loaded...

Quan

My kernel is compiled with CONFIG_IO_STRICT_DEVMEM flag disabled, so
iomem shouldn't be blocked by the kernel. I tried to map not only
0xfed44000, but also any other random addresses for testing, but all
of them give the same error message as above.

I'm launching the vTPM manager VM not from inside a DOMu Linux VM, but
from inside the Linux kernel directly loaded by Xen-4.9.0 (which I
suppose to be DOM0 Linux VM), and I believe this is the correct way to
launch vTPM manager.

In particular, I get the iomem() "operation not allowed" error at the
source code line;
ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall);

In ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall),
- "fd" is the special privileged Command device
- "IOCTL_PRIVCMD_HYPERCALL" denotes that this is a privileged hypercall command
- "hypercall" is an object containing the information of: {
hypercall_command_index, target_DOM_id, iomem_start_page,
iomem_page_count, allow_or_deny_access}.

When I launch the vTPM manager, target_DOM_id = the ID of vTPM
manager, iomem_start_page = 0xfed40, iomem_page_count = 5, and
allow_or_deny_access = 1, and this ioctl() gives an
"operation-not-allowed" error. But if I hard-code DOM_id = 0 just for
a test, this error goes away, but then I get a 0xfed0 memory mapping
failure error later on.

To summarize, I cannot find the reason why the vTPM manager VM crashes
with "Operation not permitted". If anyone has a clue, please give me
some help. Thanks very much.

Ronny

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.