[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: xenstored: EACCESS error accessing control/feature-balloon 1

  • To: zithro <slack@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Wed, 12 Apr 2023 17:05:50 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3nmMro4PyJ8UWY3AplUrckhKfWxJt0OMYrLX6n8kRDo=; b=ATc1Au19UECefjVk+BDkfDN+pjalYbO5VMu+L0vibi0JItc3VHwNKLfvQJQjWE0O7v0m5AuHoUrjLtUPOkDNsdk0kwIDv7quW21q8JgiBTUz2YoQUNrH1PPyAsw7keQ4tHuQnhyhWX+BplcHuMvuAM2xxWpaWkmhT/Gb6NNbf/vemc/vfrpthqJOjpf+mFTG5AOzBzUWwkt8h0ziQqu5qb2Hk7lIUAfei7hDo8CEw2v4TsMMegoJqTEloZZFZi3GLkcUkE8nAeUbfNeUuvuBHLAVmR2D7Iqsj11WQBC61MkxJf1klJ8WN6Rhq8FwJMAcqLe1Ikng4qWWcrkKuKHbVA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CQVBIj64aHWA7MEPIbA8jS4FvaFS+BznGRXbhDcku+/DwzRFvHMHkzpiOobnulYiKNc8tx6W5Q9m7VhFy/5ULZlNlANZAfVdjJlZ7DASsdRtc4PRdlniAiJeGB69HS2I/FTz2GzFtr2Vd9mA8OAdzWI/Gd8KBfEKB6Okfo4ZJtsHvxn3yfrSy2D4+3tRWNLho0WX4nQW6sMjT4WNCCXat79Z/VIJ9qU6AKKFpS1Dh4DvzPezwt7MyRWe7m4KBkqHXrfgpfrOWpznA0WeOJQZwopKB1cBDZJ+d4UDbRn21vZb+hjZZzGJ20zlL4fYCW571u1dEsg/anZbd1YdD5TSuw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Juergen Gross <jgross@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Edwin Török <edwin.torok@xxxxxxxxx>
  • Delivery-date: Wed, 12 Apr 2023 16:06:26 +0000
  • Ironport-data: A9a23:KRh5CaCALf/TVhVW//7iw5YqxClBgxIJ4kV8jS/XYbTApGh00zEEz jAZXGvVP/6NY2ahL911O9i/9RsEvsTdnNJmQQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BCpC48T8nk/nOHuGmYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs t7pyyHlEAbNNwVcbyRFu8pvlDs15K6p4G9B5ARkDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw/9gpGF9J3 9YicDFKaz6HnsuTwrapRbw57igjBJGD0II3nFhFlGmcIdN4BJfJTuPN+MNS2yo2ioZWB/HCa sEFaD1pKhPdfxlIPVRRA5U79AuqriCnL3sE9xTI9exuuzK7IA9ZidABNPL8fNCQSNoTtUGfv m/cpEzyAw0ANczZwj2Amp6prraXwHqlBthDRNVU8NY7mGSdllMrKyYORFiDhP/62m20CuJmf hl8Fi0G6PJaGFaQZsL5Vha7iGSNtBQdR5xUDoUS+AyLj6bZ/QudLmwFVSJaLswrstcsQj4n3 UPPmMnmbRRtv6eSUmm17aqPoHW5Pi19BW0fYS4JSyMV7t+lp5s85jrCQsliFuipicfyGhn7x zeXoG41gLB7sCIQ/6Cy/FSCjzfyoJHMF1Yx/l+OBjjj6R5lbom4YYDu8ULc8ftLMIeeSB+Go WQAnM+dqusJCPlhiRCwfQnEJ5nxj97tDdEWqQcH80UJn9h1x0OeQA==
  • Ironport-hdrordr: A9a23:h6+ThqpjWLc3bcIlEMr7IDIaV5rveYIsimQD101hICG9Evb0qy nOpoV/6faQslwssR4b9uxoVJPvfZq+z+8W3WByB9eftWDd0QPFEGgL1+DfKlbbak7DH4BmtJ uJc8JFeafN5VoRt7eG3OFveexQvOVu88qT9JjjJ28Gd3APV0n5hT0JcjpyFCdNNW57LKt8Lr WwzOxdqQGtfHwGB/7LfUXsD4D41rv2fIuNW29+OyIa
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 12/04/2023 4:48 pm, zithro wrote:
> Hi all,
>
> this is what I have in "xenstored-access.log" in dom0 :
>
> [20230411T23:48:27.917Z]  D5         write     control/feature-balloon 1
> [20230411T23:48:27.917Z]  D5         error     EACCES
> [20230411T23:48:27.923Z]  D5         write     data/updated Wed Apr 12
> 01:48:27 CEST 2023
>
> It happens once each minute, on two different hosts, both amd64.
> (both hosts using the same config, only the hardware differs).
>
> I tried looking up for a similar bug, but didn't find one.
> I apologize in advance if this error is known, and if this is not the
> place to report this !
>
> -----------------------
> Technical infos
> -----------------------
> dom0s:
>
> Debian stable, kernel 5.10.0-21-amd64
> Xen 4.14.5
> xl.conf has : autoballoon="0"
> GRUB_CMDLINE_XEN="dom0_mem=2048M,max:2048M dom0_max_vcpus=4
> dom0_vcpus_pin loglvl=all guest_loglvl=all ucode=scan iommu=verbose"
> Running "xenstore-ls -f -p | grep balloon" returns no result
> -----------------------
> domUs (D5 in above logs):
>
> HVM TrueNAS Core, based on FreeBSD 13.1-RELEASE-p7
> (it happened also on previous FreeBSD realeases, but don't remember when
> it started, logs have been filled and rotated).
> In cfg files, using either the same value for "memory" and "maxmem" or
> only setting "memory" give the same results.
>
> What's strange is that I have xen* commands in FreeNAS :
>
> xen-detect        xenstore-control  xenstore-ls       xenstore-watch
> xenstore          xenstore-exists   xenstore-read     xenstore-write
> xenstore-chmod    xenstore-list     xenstore-rm
>
> root@truenas[~]# xenstore-ls
> xenstore-ls: xs_directory (/): Permission denied
>
> root@truenas[~]# ps aux
> root   [...]     0:36.98 [xenwatch]
> root   [...]     0:01.01 [xenstore_rcv]
> root   [...]     0:00.00 [balloon]
> root   [...]     0:01.74 /bin/sh /usr/local/sbin/xe-daemon -p
> /var/run/xe-daemon.pid
> [...]
>
> The xe-daemon looks strange also, I don't use XenServer/XCP-ng, only
> "raw" Xen.
> And this script which hand
>
> I also use PFsense domUs (based on FreeBSD), but they don't exhibit
> this behaviour (ie. no xenstore access error in dom0, no xen*
> commands in domU).
>
> So is this a problem with TrueNAS rather than with Xen ?
> If so I apologize for wasting your time.
>
> Thanks, have a nice day !
> (and as it's my first post here: thx for Xen, it rocks)

Hello,

(Leaving the full report intact so CC'd people can see it whole)

Yes, it is TrueNAS trying to re-write that file every minute.  It
appears that TrueNAS has inherited (from debian?) a rather old version
of https://github.com/xenserver/xe-guest-utilities/

https://xenbits.xen.org/docs/unstable/misc/xenstore-paths.html doesn't
list feature-balloon as a permitted feature node.

But, I suspect that it used to be the case that guests could write
arbitrary feature nodes, and I suspect we tightened the permissions in a
security fix to reduce worst-case memory usage of xenstored.

I suspect the best (/least bad) thing to do here is formally introduce
feature-ballon as a permitted node, and have the toolstack initialise it
to "" like we do with all other nodes, after which TrueNAS ought to be
able to set it successfully and not touch it a second time.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.