Xen devel - Nov 2004 - Newbie question: privileged vs. unprivileged domains

Hello, I''m new to XEN and I''m trying to run three specialized
linux servers
under one hardware platform. I have compiled my own xen kernels that boot ok.

My configuration should look as follows: 

The dom0 dommain shoud have access to most of the hardware including one of 
two ethernet card. 

The dom1 must have exclusive access to the second ethernet card. This domain
will be used as a firewall connected through this interface to the internet. 
The connection to the intranet will be based on a brided virtual ethernet. 

The dom2 must have exclusive access to the soundcard, and a specialized PCI 
card. 

I compiled a 2.4.27-xen0 with support for all the devices as modules, and a
2.4.27-xenU with the default configuration (I tryed to add support to some 
pci cards but always return compiling errors). 

All boot OK. One problem is that for dom1 and dom2 recognize their exclusive 
pci cards I have to run the xen0. I loaded the respective modules only in 
the respective domains. When I do that almost all is Ok, I can play some mp3 
files. But when I run a server that depends on the soundcard I recive an error 
like:

Soundcard recieved SG Error, sound disabled

Another problem is that I have a USB keyboard (no ps2 or serial connectors on
motherboard) and when rebooting dom1 or dom2 the server freezes. I tryed to
connect with ssh from my laptop with no response.

Some comments please

Thanks,

Tomas



-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

> All boot OK. One problem is that for dom1 and dom2 recognize their
exclusive
> pci cards I have to run the xen0. I loaded the respective modules only in 
> the respective domains. 
You should add pci_dom0_hide=xxxx to the xen command line so that
dom0 can''t see the 2nd ethernet card or the sound card. See the
user manual.
> When I do that almost all is Ok, I can play some mp3 
> files. But when I run a server that depends on the soundcard I recive an
error
> like:
> 
> Soundcard recieved SG Error, sound disabled
SG error sounds like it might mean ''scatter gather'' error.
This
probably means the driver is taking liberties as regards mapping
memory regions, and needs to be fixed. 

If you can find the path through the sound system that triggers
this its probably easily fixed, and a patch can be sent upstream
to the maintainer.
> Another problem is that I have a USB keyboard (no ps2 or serial connectors
on
> motherboard) and when rebooting dom1 or dom2 the server freezes. I tryed to
> connect with ssh from my laptop with no response.
Not sure I understand. Are you saying the freeze only happens
when the USB keyboard is connected? This is totally weird. 

Ian


-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

Hi,

That''s a cool configuration you''re working on ;-)
> I compiled a 2.4.27-xen0 with support for all the devices as modules, and a
> 2.4.27-xenU with the default configuration (I tryed to add support to some
> pci cards but always return compiling errors).
The xenU configuration specifically doesn''t support any real physical 
hardware.  If you want a domain to drive real devices you should boot it with 
a xen0 kernel (and modules).
> Another problem is that I have a USB keyboard (no ps2 or serial connectors
> on motherboard) and when rebooting dom1 or dom2 the server freezes. I tryed
> to connect with ssh from my laptop with no response.
Please clarify: are you saying that dom0 has a USB keyboard?  and that when 
you reboot dom1 or dom2 the server freezes?  what makes you think this hasgot 
to do with the keyboard?  Does Dom0 not even respond to pings on the ethernet 
interfaces *it* controls?

Cheers,
Mark


-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

Hello Ian and thanks for your answers. 
> > All boot OK. One problem is that for dom1 and dom2 recognize their
> > exclusive pci cards I have to run the xen0. I loaded the respective
> > modules only in the respective domains.
>
> You should add pci_dom0_hide=xxxx to the xen command line so that
> dom0 can''t see the 2nd ethernet card or the sound card. See the
> user manual.
I tryed it in many ways:

   pci_dom0_hide=(00.11.5)(00.0f.0)  -> as in the manual
   pci_dom0_hide=(00:11.5)(00:0f.0)
   pci_dom0_hide=(00:11:5)(00:0f:0) ....

but nether of that hide the hardware to dom0. I checked the xen code and find 
there was references to this:

   pcidev_dom0_hidden
   physdev_dom0_hide

I tryed both, but the only one that worked (and I''m using now) is the
last
one, so my grub looks like this:

   root(hd1,1)
   kernel /boot/xen.gz dom0_mem=65536 physdev_dom0_hide=(00:0f.0)(00:11.5)
   module /boot/vmlinuz-2.4.27-xen0 root=/dev/hdb2 console=tty0

It works now Ok. I thought there was a change in the term used that was yet 
not updated in the documentation, but now that you mention the pci_dom0_hide, 
I have corncerns if I did something wrong.

> > When I do that almost all is Ok, I can play some mp3
> > files. But when I run a server that depends on the soundcard I recive
an
> > error like:
> >
> > Soundcard recieved SG Error, sound disabled
>
> SG error sounds like it might mean ''scatter gather''
error. This
> probably means the driver is taking liberties as regards mapping
> memory regions, and needs to be fixed.
>
The problem was resolved, it was a mistake I made in a config and was not 
related to xen.
> > Another problem is that I have a USB keyboard (no ps2 or serial
> > connectors on motherboard) and when rebooting dom1 or dom2 the server
> > freezes. I tryed to connect with ssh from my laptop with no response.
>
> Not sure I understand. Are you saying the freeze only happens
> when the USB keyboard is connected? This is totally weird.
This problem persist. I don''t know where is the problem. When I
shutdown dom1
(which runs also a priviledged domain) all the system crashes. I dont know if 
being another priviledged domain, disconnecting form all its resources 
affects also dom0. I''m running the same kernel (vmlinuz-2.4.27-xen0) in
both
dom0 and dom1, but using different filesystems (dom0 on disk and dom1 loaded 
from a file as a loop device) . Is this a wrong thing ? Does Xen manage the 
resources passed to both domains denying on dom1 what is recognized by dom0. 
I have this point not so clear. 
When I do ''cat /proc/pci'' in dom1 I only see the cards hidden
from dom0, but
not other pci''s (like USB controllers, Video card, etc) that are
reported in
dom0. However, in dom1 the usb related modules are loaded as in dom0, what 
makes me think that maybe this may contribute to the crash.

Thanks,

Tomas



-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

Hi Mark,
>> Another problem is that I have a USB keyboard (no ps2 or serial
connectors
>> on motherboard) and when rebooting dom1 or dom2 the server freezes. I
tryed
>> to connect with ssh from my laptop with no response.
> Please clarify: are you saying that dom0 has a USB keyboard?  and that when
> you reboot dom1 or dom2 the server freezes?  what makes you think this
hasgot
> to do with the keyboard?  Does Dom0 not even respond to pings on the
ethernet
> interfaces *it* controls?
No, dom0 has not an USB keybord, the whole system I''m working on has it
(it has
no  ports for PS2/serial/Paralel/other...

dom1 and dom2 run the same kernel and they load the usb driver''s
modules. When
booting any of them the system freezes, and I can''t not connect with
ssh (no
response to ping also). Both systems are based on debian sarge.

I just tryed booting with another kernel  I compiled for other distribution
(priviledged, based on RedHat8), and the problem is not present. I thing it may
be related to the USB stuff, as those modules are not loaded on that distro.

I will continue checking...

Thanks,

Tomas




-------------------------------------------------------
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multidimensional database that combines
robust object and relational technologies, making it a perfect match
for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel