Hi, I''m trying to write some message using xenbus_printf to xenstore from a debian HVM guest with pv-on-HVM driver. I got a permission denied error return code. How should I do if I want write the message to xenstore in kernel module? PS: the hypervisor is xen-3.4.2; the dom0 is CentOS 5.4 and the guest is Debian 6; the pv-on-HVM driver is built from Alex Bligh''s patch and it works well. -- View this message in context: http://xen.1045712.n5.nabble.com/Permission-for-xenstore-operation-on-HVM-tp4815691p4815691.html Sent from the Xen - Dev mailing list archive at Nabble.com. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Stefano Stabellini
2011-Sep-20 18:10 UTC
Re: [Xen-devel] Permission for xenstore operation on HVM
On Sun, 18 Sep 2011, duolvxendev wrote:> Hi, I''m trying to write some message using xenbus_printf to xenstore from a > debian HVM guest with pv-on-HVM driver. I got a permission denied error > return code. How should I do if I want write the message to xenstore in > kernel module? > > PS: the hypervisor is xen-3.4.2; the dom0 is CentOS 5.4 and the guest is > Debian 6; the pv-on-HVM driver is built from Alex Bligh''s patch and it works > well.Where are you trying to write to? Most locations, other than /local/domain/$DOMID and subpaths, cannot be written by unprivileged guests. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
duolvxendev
2011-Sep-21 02:22 UTC
[Xen-devel] Re: Permission for xenstore operation on HVM
I''m trying to create a directory and write some messages, i.e. to some path like /local/domain/$DOMID/my_directory/my_key. This is OK on pv domU, but denied on HVM. I can write to /local/domain/device directory by frontend driver, but I cannot create or write to some arbitrary path that doesn''t exist. It looks like that one needs special permission on HVM. -- View this message in context: http://xen.1045712.n5.nabble.com/Permission-for-xenstore-operation-on-HVM-tp4815691p4824822.html Sent from the Xen - Dev mailing list archive at Nabble.com. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
duolvxendev,
I am hitting this too and I really wish there were a trick to avoid
this...
I have two theories with regard to this.
theory 1: for HVM guests Xen gives the ownership of the xenstore variables
to dom0 instead of the domU that is running the guest. My humble guess is
that Xen assumes that HVM guests are gonna be hypervisor agnostic and not
gonna be using xenstore. Of course this assumption breaks when you have
PV-HVM guests.
theory 2: in libxenlight, @libxl_create.c:290
char *rw_paths[] = { "control/shutdown", "device",
"device/suspend/event-channel" , "data"};
should actually also include "vm-data". People who bypass libxl (maybe
by
using xm?) will not notice the issue. Unfortunately, I don''t have a
system
with xm at hand to double check this wild guess of mine...
thanks!
-alessandro-
--
View this message in context:
http://xen.1045712.n5.nabble.com/Permission-for-xenstore-operation-on-HVM-tp4815691p5031946.html
Sent from the Xen - Dev mailing list archive at Nabble.com.
[re-sending because it didn''t go through at first, and - while at that
-
editing]
duolvxendev,
I am hitting this too and I really wish there were a trick to avoid
this...
I have a theory with regard to this.
char *rw_paths[] = { "control/shutdown", "device",
"device/suspend/event-channel" , "data"};
should actually also include "vm-data". People who bypass libxl (maybe
by
using xm?) will not notice the issue. Unfortunately, I don''t have a
system
with xm at hand to double check this wild guess of mine...
thanks!
-alessandro-
--
View this message in context:
http://xen.1045712.n5.nabble.com/Permission-for-xenstore-operation-on-HVM-tp4815691p5038145.html
Sent from the Xen - Dev mailing list archive at Nabble.com.
2011/9/21 duolvxendev <duolvxendev@yahoo.cn>> I''m trying to create a directory and write some messages, i.e. to some path > like /local/domain/$DOMID/my_directory/my_key. This is OK on pv domU, but > denied on HVM. I can write to /local/domain/device directory by frontend > driver, but I cannot create or write to some arbitrary path that doesn''t > exist. It looks like that one needs special permission on HVM. > > -- >In HVM mode You allow write to /local/domain/$DOMID/data -- Vasiliy Tolstov, Clodo.ru e-mail: v.tolstov@selfip.ru jabber: vase@selfip.ru _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Wed, 2011-09-21 at 03:22 +0100, duolvxendev wrote:> I''m trying to create a directory and write some messages, i.e. to some path > like /local/domain/$DOMID/my_directory/my_key. This is OK on pv domU, but > denied on HVM.There is no deliberate difference between PV and HVM and indeed: # ./xen-detect Running in PV context on Xen v4.2. # xenstore-write my_directory/my_key "foo" xenstore-write: could not write path my_directory/my_key even if I use dom0 tools to get the domid: # xenstore-write /local/domain/413/my_directory/my_key "foo" xenstore-write: could not write path /local/domain/413/my_directory/my_key If you use one of the xs areas set aside for guest use then this works. e.g. # xenstore-write data/foo "test"> I can write to /local/domain/device directory by frontend > driver, but I cannot create or write to some arbitrary path that doesn''t > exist.Correct, the locations which a guest can write to are deliberately restricted as explained by Stefano. Ian.> It looks like that one needs special permission on HVM. > > -- > View this message in context: http://xen.1045712.n5.nabble.com/Permission-for-xenstore-operation-on-HVM-tp4815691p4824822.html > Sent from the Xen - Dev mailing list archive at Nabble.com. > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel
On Thu, Dec 1, 2011 at 01:45, Vasiliy Tolstov <v.tolstov@selfip.ru> wrote:> In HVM mode You allow write to /local/domain/$DOMID/datado you mean that in PV mode one can write to vm-data, and in HVM mode one can write to data? in fact in my first message that never went through I had two theories, and I chopped the first one because I was thinking it sounded too ridiculous of me to say :)> theory 1: for HVM guests Xen gives the ownership of the xenstore variables > to dom0 instead of the domU that is running the guest. My humble guess is > that Xen assumes that HVM guests are gonna be hypervisor agnostic and > not gonna be using xenstore. Of course this assumption breaks when you > have PV-HVM guests.of course, if that is the case, then at provisioning time one wouldn''t know an HVM guest is gonna actually become a PV-HVM... so it will still be treated as an HVM guest... sigh... now, I wonder: can one get the data directory through XAPI though? thanks! -Alessandro-
On Thu, 2011-12-01 at 10:16 +0000, Alessandro Salvatori wrote:> On Thu, Dec 1, 2011 at 01:45, Vasiliy Tolstov <v.tolstov@selfip.ru> wrote: > > In HVM mode You allow write to /local/domain/$DOMID/data > > do you mean that in PV mode one can write to vm-data, and in HVM mode > one can write to data?With the xl toolstack it is "data" in both cases. I can''t speak for other toolstacks but it would be nice if they were all consistent...> in fact in my first message that never went through I had two > theories, and I chopped the first one because I was thinking it > sounded too ridiculous of me to say :) > > > theory 1: for HVM guests Xen gives the ownership of the xenstore variables > > to dom0 instead of the domU that is running the guest. My humble guess is > > that Xen assumes that HVM guests are gonna be hypervisor agnostic and > > not gonna be using xenstore. Of course this assumption breaks when you > > have PV-HVM guests. > > of course, if that is the case, then at provisioning time one wouldn''t > know an HVM guest is gonna actually become a PV-HVM... so it will > still be treated as an HVM guest... sigh... > > now, I wonder: can one get the data directory through XAPI though?If you are running xapi then xen-api@lists.xensource.com is the correct place to ask for help. Ian.> > thanks! > -Alessandro- > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel
damn... there goes the original message sent from nabble.com... i refrained for two days before re-posting because i didn''t want to annoy people with a double post if it ever went through... sorry about that! :''( -Alessandro- Here i am, A young man, A crashing computer program, Here is a pen, write out my name... (from: The Servant - Orchestra) On Tue, Nov 29, 2011 at 02:57, sandr8 <sandr8@gmail.com> wrote:> duolvxendev, > > I am hitting this too and I really wish there were a trick to avoid > this... > > I have two theories with regard to this. > > theory 1: for HVM guests Xen gives the ownership of the xenstore variables > to dom0 instead of the domU that is running the guest. My humble guess is > that Xen assumes that HVM guests are gonna be hypervisor agnostic and not > gonna be using xenstore. Of course this assumption breaks when you have > PV-HVM guests. > > theory 2: in libxenlight, @libxl_create.c:290 > > char *rw_paths[] = { "control/shutdown", "device", > "device/suspend/event-channel" , "data"}; > > should actually also include "vm-data". People who bypass libxl (maybe by > using xm?) will not notice the issue. Unfortunately, I don''t have a system > with xm at hand to double check this wild guess of mine... > > thanks! > -alessandro- > > -- > View this message in context: http://xen.1045712.n5.nabble.com/Permission-for-xenstore-operation-on-HVM-tp4815691p5031946.html > Sent from the Xen - Dev mailing list archive at Nabble.com. > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel