hi,
I am an engineer of Intel , on cloud and virtalization. thanks for you
great updates of vTPM.Could you share your experience on how to build vTPM
with xen 4.3? I failed to boot up 2.6.18.8 kernel which is from
# make linux-2.6-xen-build
# make linux-2.6-xen-install
I want to integerate vTPM to OpenAttestation.OpenAttestation project is
to provide SDK, Software Development Kit, to add cloud management tools with
capability of establishing hosts integrity information by remotely retrieving
and verifying Hosts'' integrity with TPM quote.
you can download OpenAttestation from
github:https://github.com/OpenAttestation/OpenAttestation
Thanks
Quan
[Xen-devel] [PATCH v5 00/12] vTPM updates for 4.3
To: Matthew.Fioravante@xxxxxxxxxx
From: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
Date: Thu, 21 Mar 2013 16:11:17 -0400
Cc: dgdegra@xxxxxxxxxxxxx, Ian.Campbell@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxx
Delivery-date: Thu, 21 Mar 2013 20:12:01 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
This series contains a bit of reworking from v4: command cancellation is
now supported in the protocol, although not yet exposed through the API.
Since the TPM emulator used by Xen doesn''t support cancellation anyway,
this is not currently an important requirement.
The xenbus name for the interface has been changed back to "vtpm" -
renaming it to vtpm2 requires changing libxl to only support the new
device name with mismatches between the use of vtpm in the API it
exposes and vtpm2 in the values used internally. Using feature nodes to
denote the protocol change allows also libxl to wire up both the old
interface and the new interface.
Automatic vTPM shutdown is removed by patch #9; however, since patch #8
makes it safe to destroy the vTPM at any point, the cleanup of a vTPM
upon guest shutdown can be relocated to the layer that starts the vTPM.
This is necessary even without these patches because vTPMs have never
automatically shut down if a guest encoutners an error in early boot or
simply does not load (or have) the frontend driver.
Locality-5 PCRs have been dropped since v4: this patch is not really
suited for upstreaming until there is a domain using the extra PCRs.
Mini-os driver patches:
[PATCH 01/12] mini-os/tpm{back,front}: Change shared page ABI
[PATCH 02/12] mini-os/tpm{back,front}: Allow device repoens
[PATCH 03/12] mini-os/tpmback: set up callbacks before enumeration
[PATCH 04/12] mini-os/tpmback: Replace UUID field with opaque pointer
[PATCH 05/12] mini-os/tpmback: add tpmback_get_peercontext
Linux driver patch:
[PATCH] drivers/tpm-xen: Change vTPM shared page ABI
vTPM stub-domain updates:
[PATCH 06/12] stubdom/vtpm: correct the buffer size returned by
[PATCH 07/12] stubdom/vtpm: Support locality field
[PATCH 08/12] stubdom/vtpm: make state save operation atomic
[PATCH 09/12] stubdom/vtpm: support multiple backends
[PATCH 10/12] stubdom/vtpm: constrain locality by XSM label
Other stub domain updates:
[PATCH 11/12] stubdom/grub: send kernel measurements to vTPM
[PATCH 12/12] stubdom/Makefile: Fix gmp extract rule
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
Follow-Ups:
[Xen-devel] [PATCH] drivers/tpm-xen: Change vTPM shared page ABI
From: Daniel De Graaf
[Xen-devel] [PATCH 02/12] mini-os/tpm{back, front}: Allow device repoens
From: Daniel De Graaf
[Xen-devel] [PATCH 08/12] stubdom/vtpm: make state save operation atomic
From: Daniel De Graaf
[Xen-devel] [PATCH 09/12] stubdom/vtpm: support multiple backends
From: Daniel De Graaf
[Xen-devel] [PATCH 12/12] stubdom/Makefile: Fix gmp extract rule
From: Daniel De Graaf
[Xen-devel] [PATCH 03/12] mini-os/tpmback: set up callbacks before enumeration
From: Daniel De Graaf
[Xen-devel] [PATCH 07/12] stubdom/vtpm: Support locality field
From: Daniel De Graaf
[Xen-devel] [PATCH 04/12] mini-os/tpmback: Replace UUID field with opaque
pointer
From: Daniel De Graaf
[Xen-devel] [PATCH 05/12] mini-os/tpmback: add tpmback_get_peercontext
From: Daniel De Graaf
[Xen-devel] [PATCH 10/12] stubdom/vtpm: constrain locality by XSM label
From: Daniel De Graaf
[Xen-devel] [PATCH 06/12] stubdom/vtpm: correct the buffer size returned by
TPM_CAP_PROP_INPUT_BUFFER
From: Daniel De Graaf
Prev by Date: [Xen-devel] [PATCH 10/12] stubdom/vtpm: constrain locality by XSM
label
Next by Date: [Xen-devel] [PATCH 05/12] mini-os/tpmback: add
tpmback_get_peercontext
Previous by thread: [Xen-devel] xen/arm: move to mach-virt and support SMP
Next by thread: [Xen-devel] [PATCH 06/12] stubdom/vtpm: correct the buffer size
returned by TPM_CAP_PROP_INPUT_BUFFER
Index(es):
Date
Thread
------------------------------------------------------------------Sender:xen-users-request@lists.xen.orgTime:2013-5-21
19:54To:xen-users@lists.xen.org;Subject:Xen-users Digest, Vol 99, Issue 46 Send
Xen-users mailing list submissions to xen-users@lists.xen.orgTo subscribe or
unsubscribe via the World Wide Web, visit
http://lists.xen.org/cgi-bin/mailman/listinfo/xen-usersor, via email, send a
message with subject or body ''help'' to
xen-users-request@lists.xen.orgYou can reach the person managing the list at
xen-users-owner@lists.xen.orgWhen replying, please edit your Subject line so it
is more specificthan "Re: Contents of Xen-users
digest..."Today''s Topics: 1. Re: Security in Virtual Machine
(Alexandre Kouznetsov) 2. Re: Security in Virtual Machine (Peter Viskup) 3. win
2012 can''t find drivers (James Harper) 4. Re: win 2012 can''t
find drivers (James Harper) 5. Re: Suspicious URL:Re: Xen related networking
issue (James Harper) 6. Problem with PCI Pass-through address space collision
(Jon Skilling) 7. Xen stops booting at "SATA Link down (SStatus 0 SControl
300)" (John Sherwood) 8. Stable and Secure Distribution Supporting Xen
(Richard Johnson) 9. Re: Problem with PCI Pass-through address space collision
(Gordan Bobic) 10. Re: gplpv: re-enabling the nic adapter removes it (Micky) 11.
Re: CAP and performance problem (Massimo Canonico) 12. Re: gplpv: re-enabling
the nic adapter removes it (James Harper) 13. Re: [Votes] Xen Project Governance
v2 , Mailing List Conventions v1, 2014 Event Locations (open to all) (Lars
Kurth) 14. Re: [alpine-devel] Stable and Secure Distribution Supporting Xen
(Richard Johnson) 15. Re: gplpv: re-enabling the nic adapter removes it (Micky)
16. help (Jaya Dhanesh) 17. Re: XCP don''t see Network Interfaces on
sunfire x2270 (Alexey Makarov) 18. Re: [alpine-devel] Stable and Secure
Distribution Supporting Xen (Natanael
Copa)----------------------------------------------------------------------Message:
1Date: Mon, 20 May 2013 17:23:20 -0500From: Alexandre Kouznetsov
<alk@ondore.com>To: xen-users@lists.xen.orgSubject: Re: [Xen-users]
Security in Virtual MachineMessage-ID:
<519AA258.2000401@ondore.com>Content-Type: text/plain; charset=ISO-8859-1;
format=flowedHello.El 20/05/13 16:51, Alberto escribi?:> I have a HOST
(*/Server Fisico/*) connected to internet. It have 2> network cards, the
first one (*/eth0/*) connected to the router, another> (/*eth1*/) is
connected to LAN.> /*eth1*/ is bridged to virtual machines network, and one
of them> (*/virtual1/*) have an HTTP Server. Everything is running
correctly.I will assume that your HOST server is running running Xen
Dom0.Probably, it is also acting as a router between 192.168.1.X and
192.168.2.X, that makes DNAT and firewall to run within the same Dom0.> I
have IPTABLES Firewall running on the HOST with DNAT forwarding HTTP> traffic
to /*Virtual1*/. I have IPTABLES Rules in HOST, for block some> IPs that give
me problems, but these rules not protect to /*Virtual1*/.> All HTTP traffic
is forwarded to /*Virtual1*/, even the source IP is> blocked for IPTABLES
rules.Vrtual1 is probably a DomU running on the same HOST.What happens here, is
that there might be a iptables rule, matching the unwelcome incoming connection,
that is evaluated before the rules that intend to block that connection. Once it
is matched, the decision ACCEPT is made and no other rule is evaluated. To make
sure, a careful inspection of "iptables -L -v" is needed.Please note
that Xen Dom0''s firewall need to be quite permissive in order to make
network communication to work. A fine configuration is possible, but fairly
tricky to set up, and even more tricky to maintain.> I had an attack, and I
couldn''t block the HTTP traffic about> /*Virtual1*/, the IPTABLES
rules not affect it.>> What can I do for give security to Virtual
machines?The first recommendation is to give security to your Dom0 machine, do
not expose it directly to your DMZ network. Your advantage here is that you have
2 network cards, so you can make a good separation. Second, avoid using the dom0
as router/firewall, Xen''s own iptables rules make things very
confusing, it''s easer to leave Xen''s to Xen and do the
firewalling on a dedicated VM, even within the same physical box.I would suggest
to reconsider the network topology.1. Let''s say your "Servidor
Fisico" had a bridge xenbr0 containing eth0, and xenbr1 containing eth1.
Make it not to have any IP on xenbr0 (exposed), only on xenbr1 (internal).2. Set
up a virtual machine to act as router, make it have one interface within xenbr0
and another in xenbr1.3. Make this virtual machine to route and NAT traffic
between Internet and internal network, the same machine may act as DHCP server
and DNS for your internal network. Your Virtual1 would be treated just as
another host in your internal network.This is a fairly simple but yet flexible
setup, it will allow you keep things clear and separated one from
another.Greeting.-- Alexandre Kouznetsov------------------------------Message:
2Date: Tue, 21 May 2013 00:25:55 +0200From: Peter Viskup
<skupko.sk@gmail.com>To: Alberto <alberto@bersol.info>Cc:
xen-users@lists.xen.orgSubject: Re: [Xen-users] Security in Virtual
MachineMessage-ID: <519AA2F3.6070604@gmail.com>Content-Type: text/plain;
charset="iso-8859-1"; Format="flowed"On 05/20/2013 11:51 PM,
Alberto wrote:> What can I do for give security to Virtual machines?>>
Thanks a lot> AlbertoHi Alberto,once doing the SNAT/DNAT you can filter the
connections in FORWARD table.Just did some quick search on the net and find this
nice iptables
tutorial:http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#TRAVERSINGOFTABLESread
the "Chapter 6. Traversing of tables and chains" section General with
nice picture of all chains and their order.Wish you nice reading and successful
learning of iptables. ;-)Best regards,-- Peter Viskup-------------- next part
--------------An HTML attachment was scrubbed...URL:
<http://lists.xen.org/archives/html/xen-users/attachments/20130521/e85df5f4/attachment.html>------------------------------Message:
3Date: Mon, 20 May 2013 23:56:02 +0000From: James Harper
<james.harper@bendigoit.com.au>To: "xen-users@lists.xen.org"
<xen-users@lists.xen.org>Subject: [Xen-users] win 2012 can''t find
driversMessage-ID:
<6035A0D088A63A46850C3988ED045A4B57C9C1C6@BITCOM1.int.sbss.com.au>Content-Type:
text/plain; charset="us-ascii"When installing windows 2012 I am
getting an error about "a media driver your computer needs is
missing", even though if I shift-F10 to open a command prompt and run
diskpart I can see the harddisk.Has anyone seen this before?Xen is 4.1.4 (Debian
package)ThanksJames------------------------------Message: 4Date: Tue, 21 May
2013 00:16:07 +0000From: James Harper <james.harper@bendigoit.com.au>To:
James Harper <james.harper@bendigoit.com.au>,
"xen-users@lists.xen.org" <xen-users@lists.xen.org>Subject: Re:
[Xen-users] win 2012 can''t find driversMessage-ID:
<6035A0D088A63A46850C3988ED045A4B57C9C2F4@BITCOM1.int.sbss.com.au>Content-Type:
text/plain; charset="us-ascii"Ignore this - my install iso appears to
be corrupt. Sorry for the noise.James> > When installing windows 2012 I am
getting an error about "a media driver> your computer needs is
missing", even though if I shift-F10 to open a> command prompt and run
diskpart I can see the harddisk.> > Has anyone seen this before?> >
Xen is 4.1.4 (Debian package)> > Thanks> > James> >
_______________________________________________> Xen-users mailing list>
Xen-users@lists.xen.org>
http://lists.xen.org/xen-users------------------------------Message: 5Date: Tue,
21 May 2013 00:19:36 +0000From: James Harper
<james.harper@bendigoit.com.au>To: Adam Goryachev
<mailinglists@websitemanagers.com.au>Cc:
"xen-users@lists.xensource.com"
<xen-users@lists.xensource.com>Subject: Re: [Xen-users] Suspicious URL:Re:
Xen related networking issueMessage-ID:
<6035A0D088A63A46850C3988ED045A4B57C9C326@BITCOM1.int.sbss.com.au>Content-Type:
text/plain; charset="us-ascii"> > I tried to install 402 onto
one of the machines, it seemed to install> fine (no errors) but on reboot it
just sat at the Windows logo screen> with the bar moving across the bottom. I
had to reboot and revert to> previous hardware config to get the system
working again.> > Is there any other install method that is more likely to
work, or> anything I can provide to show what might have gone wrong?> I
haven''t seen this before. The /var/log/xen/qemu-dm-<domu
name>.log file would be useful, if you installed the debug
version.James------------------------------Message: 6Date: Mon, 20 May 2013
18:04:19 +0100From: Jon Skilling <jon_skilling@hotmail.com>To:
<xen-users@lists.xen.org>Subject: [Xen-users] Problem with PCI
Pass-through address space collisionMessage-ID:
<BAY178-DS187AF909DD8D3D609090CAEAA80@phx.gbl>Content-Type: text/plain;
charset="utf-8"Hi, I?ve been trying to configure Xeon on my HP ML350
G4 server for the past two weeks and despite reading just about every word of
the Xen wiki and numerous other posts and mails, I can?t find a solution to my
problem. Any help on this would be much appreciated! Setup: HP ML350 G4, Dual
xeon, 6Gb Ram, 6 disk scsi raid array, Digium TDM410P analogue PBX card on PCI.
Hardware virtualization (Vt-d) is not an option with this machine. I followed
these instructions (more or less) to set up Dom0 and DomU:
http://www.howtoforge.com/virtualization-with-xen-on-centos-6.3-x86_64-paravirtualization-and-hardware-virtualization
with the following changes: Host Dom0 (Centos
6.4):xen-4.2.2-4.el6.x86_64kernel-xen-3.9.2-1.el6xen.x86_64libvirt 1.0.3-1
(python-virtinstall causes libvirt to be upgraded to 1.0.3. From checking the
source, the Xen patch appears to be there already, so no recompile needed ? the
Xen patch doesn?t work with this source anyway.XEND has been disabled from boot
up because it causes problems with XL tools although the same address space
collision occurs if I use the XM tool set.I have tried xen-pciback.hide(06:01.0)
on the kernel module definitions in boot.conf but this doesn?t seem to do
anything. Adding records to modprobe.conf and rc.local work better.The device
I?m trying to passthrough is defined: 06:01.0 Ethernet controller: Digium, Inc.
Wildcard TDM410 4-port analog card (rev 11) Subsystem: Digium, Inc. Wildcard
TDM410 4-port analog card Control: I/O- Mem- BusMaster- SpecCycle- MemWINV-
VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF-
FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR-
<PERR- INTx- Interrupt: pin A routed to IRQ 16 Region 0: I/O ports at 5000
[disabled] [size=256] Region 1: Memory at fdef0000 (32-bit, non-prefetchable)
[disabled] [size=1K] [virtual] Expansion ROM at f0000000 [disabled] [size=128K]
Capabilities: [c0] Power Management version 2 Flags: PMEClk- DSI- D1+ D2+
AuxCurrent=100mA PME(D0+,D1+,D2+,D3hot+,D3cold+) Status: D0 NoSoftRst-
PME-Enable- DSel=0 DScale=0 PME- Kernel driver in use: pciback Guest DomU
(Centos 6.4):kernel-xen-3.9.2-1.el6xen.x86_64Created using virt-install onto a
20G LVM with 1024Mb ramXML for DomU dumped and converted to native then the
domain destroyed and undefined and recreated using XL create with the new cfg
file. This is to allow inclusion of pci [?06:01.0?] parameter in config. Using
the static setup, I can get Dom0 to hide the PCI device. I can also achieve the
same effect with the dynamic set up using pci-assignable-attach and pci-attach.
Here is the dmesg relating to the device. Reg 30 is highlighted because this
seems to be where the problem is. pci 0000:06:01.0: [d161:8005] type 00 class
0x020000pci 0000:06:01.0: reg 10: [io 0x5000-0x50ff]pci 0000:06:01.0: reg 14:
[mem 0xfdef0000-0xfdef03ff]pci 0000:06:01.0: reg 30: [mem 0x00000000-0x0001ffff
pref]pci 0000:06:01.0: supports D1 D2pci 0000:06:01.0: PME# supported from D0 D1
D2 D3hot D3coldpci 0000:06:01.0: BAR 6: assigned [mem 0xf0000000-0xf001ffff
pref]pciback 0000:06:01.0: seizing devicepciback 0000:06:01.0: PCI IRQ 48 ->
rerouted to legacy IRQ 16pciback 0000:06:01.0: PCI IRQ 48 -> rerouted to
legacy IRQ 16xen-pciback: vpci: 0000:06:01.0: assign to virtual slot 0 In the
Dom0 I can define the device statically in the config file or dynamically as
described above. Both scenarios result in the same error being displayed.
pcifront pci-0: Installing PCI frontendpcifront pci-0: Creating PCI Frontend Bus
0000:00pcifront pci-0: PCI host bridge to bus 0000:00pci_bus 0000:00: root bus
resource [io 0x0000-0xffff]pci_bus 0000:00: root bus resource [mem
0x00000000-0xfffffffff]pci_bus 0000:00: root bus resource [bus 00-ff]pci
0000:00:00.0: [d161:8005] type 00 class 0x020000pci 0000:00:00.0: reg 10: [io
0x5000-0x50ff]pci 0000:00:00.0: reg 14: [mem 0xfdef0000-0xfdef03ff]pci
0000:00:00.0: reg 30: [mem 0xf0000000-0xffffffff pref]pci 0000:00:00.0: supports
D1 D2pcifront pci-0: claiming resource 0000:00:00.0/0pcifront pci-0: claiming
resource 0000:00:00.0/1pcifront pci-0: claiming resource 0000:00:00.0/6pci
0000:00:00.0: address space collision: [mem 0xf0000000-0xffffffff pref]
conflicts with 0000:00:00.0 [mem 0xfdef0000-0xfdef03ff]pcifront pci-0: Could not
claim resource 0000:00:00.0/6! Device offline. Try using e820_host=1 in the
guest config. This appears to show that the PCI device is conflicting with
itself (reg 14 with reg 30) because the address space for reg 30 is different in
pciback to pcifront. I have tried setting up the domain with both XM and XL with
the same resultAdding passthrough and permissive settings with no changeAdding
iommu=soft to guest kernel command line.I?ve tried adding the e820_host flag to
the config file but this doesn?t seem to solve anything.Different Xen enabled
kernels.Wiping the server and rebuilding the whole thing from scratch (more than
once)The Digium PCI card works fine on a normal Centos 6.3 setup with no Xen.
I?m out of ideas now on how to solve this, so if anyone has made this card work
by doing something different, I?d be grateful for any suggestions. I?ve looked
at the source for pcifont.c and come to the conclusion that my c coding skills
are not going to be good enough to debug/change this program.I can provide more
dmesg outputs or other documentation if needed. Thanks in advance for any help
Jon -------------- next part --------------An HTML attachment was
scrubbed...URL:
<http://lists.xen.org/archives/html/xen-users/attachments/20130520/2541524c/attachment.html>------------------------------Message:
7Date: Mon, 20 May 2013 20:28:48 -0700From: John Sherwood <jrs@vt.edu>To:
xen-users <xen-users@lists.xensource.com>Subject: [Xen-users] Xen stops
booting at "SATA Link down (SStatus 0 SControl 300)"Message-ID:
<CAH5ygH0K6ywRS+GeW5ij+3uv0HXh=xP4u-c9qrcn9tgVYnhWWQ@mail.gmail.com>Content-Type:
text/plain; charset="iso-8859-1"I''m trying to set up Xen 4.1
on Ubuntu 12.04 server (x64) and when bootingthe dom0 it fails while apparently
attempting to initialize the SATAdevices. It does find one device (ata3) but
then just halts and hangsapparently forever. Any suggestions as to what could be
causing this, orwhether upgrading to 13.04/Xen 4.2 might fix the
issue?-------------- next part --------------An HTML attachment was
scrubbed...URL:
<http://lists.xen.org/archives/html/xen-users/attachments/20130520/f0ef5125/attachment.html>------------------------------Message:
8Date: Tue, 21 May 2013 10:08:39 +0430From: Richard Johnson
<johnson9884@qq.com>To: xen-users@lists.xen.org,
alpine-devel@lists.alpinelinux.orgSubject: [Xen-users] Stable and Secure
Distribution Supporting XenMessage-ID:
<519B085F.60707@qq.com>Content-Type: text/plain;
charset="us-ascii"An HTML attachment was scrubbed...URL:
<http://lists.xen.org/archives/html/xen-users/attachments/20130521/aff8c1ab/attachment.html>------------------------------Message:
9Date: Tue, 21 May 2013 07:35:52 +0100From: Gordan Bobic
<gordan@bobich.net>To: Jon Skilling <jon_skilling@hotmail.com>Cc:
xen-users@lists.xen.orgSubject: Re: [Xen-users] Problem with PCI Pass-through
address space collisionMessage-ID:
<519B15C8.9030605@bobich.net>Content-Type: text/plain;
charset=windows-1252; format=flowedI''m pretty sure I seem to recall
that PCI passthrough will not work without VT-d, but by all means, feel free to
try.Even if you did have working VT-d, though, you have to detach the device
from dom0 before you can add it to domU, using something like:virsh
nodedev-detach pci_0000_06_01_0Given the EL6 CRC Xen packages you are using,
they use pciback built as a module, so kernel boot parameters won''t
help. What you need to do is add this to /etc/modprobe.d/:# cat
xen-pciback.confoptions xen-pciback permissive=1 hide=(06:01.0)Run depmod -a
once you have done that.Then:# modprobe xen-pcibackvirsh nodedev-detach
pci_0000_06_01_0Also add the driver for the card to
/etc/modprobe.d/blacklist.conf.After that you should be able to boot the domU
with the device.You may also want to upgrade to the latest testing packages
(4.2.2-5) since they include a PCI passthrough fix from a couple of days ago,
although it doesn''t look like you are falling foul of it.Also, how much
RAM are you passing to domU? Try giving it <= 2GB. There is a PCI memory map
bug that can cause a nasty memory stomp that kept me chasing my tail for days.
For most people it manifests at > 4GB, but on my system it manifested at >
2GB.HTH.GordanOn 05/20/2013 06:04 PM, Jon Skilling wrote:> Hi,>> I?ve
been trying to configure Xeon on my HP ML350 G4 server for the past> two
weeks and despite reading just about every word of the Xen wiki and> numerous
other posts and mails, I can?t find a solution to my problem.> Any help on
this would be much appreciated!>> Setup:>> HP ML350 G4, Dual xeon,
6Gb Ram, 6 disk scsi raid array, Digium TDM410P> analogue PBX card on PCI.
Hardware virtualization (Vt-d) is not an> option with this machine.>> I
followed these instructions (more or less) to set up Dom0 and DomU:>>
http://www.howtoforge.com/virtualization-with-xen-on-centos-6.3-x86_64-paravirtualization-and-hardware-virtualization>>
with the following changes:>> Host Dom0 (Centos 6.4):>>
xen-4.2.2-4.el6.x86_64>> kernel-xen-3.9.2-1.el6xen.x86_64>> libvirt
1.0.3-1 (python-virtinstall causes libvirt to be upgraded to> 1.0.3. From
checking the source, the Xen patch appears to be there> already, so no
recompile needed ? the Xen patch doesn?t work with this> source
anyway.>> XEND has been disabled from boot up because it causes problems
with XL> tools although the same address space collision occurs if I use the
XM> tool set.>> I have tried xen-pciback.hide(06:01.0) on the kernel
module definitions> in boot.conf but this doesn?t seem to do anything. Adding
records to> modprobe.conf and rc.local work better.>> The device I?m
trying to passthrough is defined:>> 06:01.0 Ethernet controller: Digium,
Inc. Wildcard TDM410 4-port analog> card (rev 11)>> Subsystem: Digium,
Inc. Wildcard TDM410 4-port analog card>> Control: I/O- Mem- BusMaster-
SpecCycle- MemWINV- VGASnoop-> ParErr- Stepping- SERR- FastB2B-
DisINTx->> Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium>
>TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx->> Interrupt:
pin A routed to IRQ 16>> Region 0: I/O ports at 5000 [disabled]
[size=256]>> Region 1: Memory at fdef0000 (32-bit, non-prefetchable)>
[disabled] [size=1K]>> [virtual] Expansion ROM at f0000000 [disabled]
[size=128K]>> Capabilities: [c0] Power Management version 2>> Flags:
PMEClk- DSI- D1+ D2+ AuxCurrent=100mA>
PME(D0+,D1+,D2+,D3hot+,D3cold+)>> Status: D0 NoSoftRst- PME-Enable- DSel=0
DScale=0 PME->> Kernel driver in use: pciback>> Guest DomU (Centos
6.4):>> kernel-xen-3.9.2-1.el6xen.x86_64>> Created using
virt-install onto a 20G LVM with 1024Mb ram>> XML for DomU dumped and
converted to native then the domain destroyed> and undefined and recreated
using XL create with the new cfg file. This> is to allow inclusion of pci
[?06:01.0?] parameter in config.>> Using the static setup, I can get Dom0
to hide the PCI device. I can> also achieve the same effect with the dynamic
set up using> pci-assignable-attach and pci-attach. Here is the dmesg
relating to the> device. Reg 30 is highlighted because this seems to be where
the problem is.>> pci 0000:06:01.0: [d161:8005] type 00 class
0x020000>> pci 0000:06:01.0: reg 10: [io 0x5000-0x50ff]>> pci
0000:06:01.0: reg 14: [mem 0xfdef0000-0xfdef03ff]>> pci 0000:06:01.0: *reg
30: [mem 0x00000000-0x0001ffff pref]*>> pci 0000:06:01.0: supports D1
D2>> pci 0000:06:01.0: PME# supported from D0 D1 D2 D3hot D3cold>>
pci 0000:06:01.0: BAR 6: assigned [mem 0xf0000000-0xf001ffff pref]>>
pciback 0000:06:01.0: seizing device>> pciback 0000:06:01.0: PCI IRQ 48
-> rerouted to legacy IRQ 16>> pciback 0000:06:01.0: PCI IRQ 48 ->
rerouted to legacy IRQ 16>> xen-pciback: vpci: 0000:06:01.0: assign to
virtual slot 0>> In the Dom0 I can define the device statically in the
config file or> dynamically as described above. Both scenarios result in the
same error> being displayed.>> pcifront pci-0: Installing PCI
frontend>> pcifront pci-0: Creating PCI Frontend Bus 0000:00>>
pcifront pci-0: PCI host bridge to bus 0000:00>> pci_bus 0000:00: root bus
resource [io 0x0000-0xffff]>> pci_bus 0000:00: root bus resource [mem
0x00000000-0xfffffffff]>> pci_bus 0000:00: root bus resource [bus
00-ff]>> pci 0000:00:00.0: [d161:8005] type 00 class 0x020000>> pci
0000:00:00.0: reg 10: [io 0x5000-0x50ff]>> pci 0000:00:00.0: reg 14: [mem
0xfdef0000-0xfdef03ff]>> pci 0000:00:00.0: *reg 30: [mem
0xf0000000-0xffffffff pref]*>> pci 0000:00:00.0: supports D1 D2>>
pcifront pci-0: claiming resource 0000:00:00.0/0>> pcifront pci-0:
claiming resource 0000:00:00.0/1>> pcifront pci-0: claiming resource
0000:00:00.0/6>> pci 0000:00:00.0: address space collision: [mem
0xf0000000-0xffffffff> pref] conflicts with 0000:00:00.0 [mem
0xfdef0000-0xfdef03ff]>> pcifront pci-0: Could not claim resource
0000:00:00.0/6! Device offline.> Try using e820_host=1 in the guest
config.>> This appears to show that the PCI device is conflicting with
itself (reg> 14 with reg 30) because the address space for reg 30 is
different in> pciback to pcifront.>> I have tried setting up the domain
with both XM and XL with the same result>> Adding passthrough and
permissive settings with no change>> Adding iommu=soft to guest kernel
command line.>> I?ve tried adding the e820_host flag to the config file
but this doesn?t> seem to solve anything.>> Different Xen enabled
kernels.>> Wiping the server and rebuilding the whole thing from scratch
(more than> once)>> The Digium PCI card works fine on a normal Centos
6.3 setup with no Xen.>> I?m out of ideas now on how to solve this, so if
anyone has made this> card work by doing something different, I?d be grateful
for any> suggestions. I?ve looked at the source for pcifont.c and come to
the> conclusion that my c coding skills are not going to be good enough
to> debug/change this program.>> I can provide more dmesg outputs or
other documentation if needed.>> Thanks in advance for any help>>
Jon>>>> _______________________________________________>
Xen-users mailing list> Xen-users@lists.xen.org>
http://lists.xen.org/xen-users>------------------------------Message: 10Date:
Tue, 21 May 2013 12:42:56 +0500From: Micky <mickylmartin@gmail.com>To:
James Harper <james.harper@bendigoit.com.au>Cc:
"xen-users@lists.xen.org" <xen-users@lists.xen.org>Subject: Re:
[Xen-users] gplpv: re-enabling the nic adapter removes itMessage-ID:
<CAKAA-nmwAdFL157Y87LidLYKAFZLJoyeZhG-ogg=1vy9khbsDg@mail.gmail.com>Content-Type:
text/plain; charset=ISO-8859-1>> My test machine is Debian 3.8.5 which
should be close enough although it''s possible there is a patch that
changes the state transition in a subtle way.>That is quite interesting. I do
think this would be the case since wehave tried everything else. Someday I may
be able to try this onDebian dom0.> Can you try disabling both adapters so
the driver unloads then enable them both again (even if it gets stuck when the
first one loads)?I guess that was the first apparent thing that I did when an
adapterdisappeared while re-enabling, yea as funny as it sounds, LOL. But Idid
just try again; both adapters disappear and driver crashes withsame error.
Reboot brings them back.------------------------------Message: 11Date: Tue, 21
May 2013 10:05:17 +0200From: Massimo Canonico <mex@di.unipmn.it>To:
"Grinberg, Vitaly" <Vitaly.Grinberg@marriott.com>Cc:
"xen-users@lists.xen.org" <xen-users@lists.xen.org>Subject: Re:
[Xen-users] CAP and performance problemMessage-ID:
<519B2ABD.2090304@di.unipmn.it>Content-Type: text/plain;
charset=ISO-8859-1; format=flowedThanks, but this good question is still waiting
for a good answer. Anyone?Cheers, MassimoOn 05/15/2013 04:42 PM, Grinberg,
Vitaly wrote:> This is a good question.>> Vitaly.>> >>
-----Original Message-----> From: xen-users-bounces@lists.xen.org
[mailto:xen-users-bounces@lists.xen.org] On Behalf Of Massimo Canonico> Sent:
Thursday, December 25, 2008 7:35 PM> To: xen-users@lists.xen.org> Subject:
[Xen-users] CAP and performance problem>> Hi,> my application is
written in std C++ and it makes a matrix> multiplication: so it uses only CPU
and memory (no i/o, no network).>> I''m quite surprise that with
CAP = 100% I got my results in about 600> seconds and with CAP = 50% I got my
results in about 1800 seconds> (around 3 times longer).>> For this kind
of application I was expecting to get results in about> 1200 seconds (2 times
longer) for the second scenario with respect to> the first one.>> Of
course, the HW and SW are exactly the same for the 2 experiments.>> Am I
wrong or the CAP mechanism is not working well?>> Thanks,>
Massimo>> _______________________________________________> Xen-users
mailing list> Xen-users@lists.xen.org>
http://lists.xen.org/xen-users------------------------------Message: 12Date:
Tue, 21 May 2013 08:27:55 +0000From: James Harper
<james.harper@bendigoit.com.au>To: Micky <mickylmartin@gmail.com>Cc:
"xen-users@lists.xen.org" <xen-users@lists.xen.org>Subject: Re:
[Xen-users] gplpv: re-enabling the nic adapter removes itMessage-ID:
<6035A0D088A63A46850C3988ED045A4B57C9EFCE@BITCOM1.int.sbss.com.au>Content-Type:
text/plain; charset="us-ascii"> > >> > My test machine
is Debian 3.8.5 which should be close enough although it''s> possible
there is a patch that changes the state transition in a subtle way.> >>
> That is quite interesting. I do think this would be the case since we>
have tried everything else. Someday I may be able to try this on> Debian
dom0.> > > Can you try disabling both adapters so the driver unloads
then enable them> both again (even if it gets stuck when the first one
loads)?> > I guess that was the first apparent thing that I did when an
adapter> disappeared while re-enabling, yea as funny as it sounds, LOL. But
I> did just try again; both adapters disappear and driver crashes with>
same error. Reboot brings them back.I just uploaded a version 404 to testing
which has some timeouts implemented (and a PAE/x64 fix for vbd). That
won''t fix the problem but might tell me more about the error if you can
send me the debug log.When you say crash is that a BSoD? I can''t
remember if I''ve asked you that
before.James------------------------------Message: 13Date: Tue, 21 May 2013
10:06:49 +0100From: Lars Kurth <lars.kurth@xen.org>To: Ian Campbell
<Ian.Campbell@citrix.com>Cc: "xen-arm@lists.xen.org"
<xen-arm@lists.xen.org>, "xen-users@lists.xen.org"
<xen-users@lists.xen.org>, "xen-api@lists.xen.org"
<xen-api@lists.xen.org>, "xen-devel@lists.xen.org"
<xen-devel@lists.xen.org>Subject: Re: [Xen-users] [Votes] Xen Project
Governance v2 , Mailing List Conventions v1, 2014 Event Locations (open to
all)Message-ID: <519B3929.3080104@xen.org>Content-Type: text/plain;
charset=UTF-8; format=flowed > perhaps we could continue to vote using the
old "+1" in an email mechanism?The reason for creating a form was toa)
Ensure formal votes are private (i.e. there is a space to raise issues that may
be difficult to raise in public)b) Make sure that the vote is recorded and can
be easily gone back to (something which is a little hard on a list)c) Comply
with the processMaybe a) does not apply at all or maybe only in limited
circumstances. This point may be valid when it comes for votes related to
incubating/graduating or archiving sub-projects though (because it may reflect
on an individuals or companies leadership of a sub-project) and it may be harder
to air an issue publicly.To be honest, the turn-out on these last two votes was
really poor. We had only 4 votes (and only one from Citrix). Now this of course
may be because the proposed changes were rather uncontroversial.On the other
hand, you often use the argument that "if somebody can''t be
bothered following up on their bugs/patches/etc. then bugs/patches/etc. are
obviously not important enough". I am inclined to use that same argument
for voring on process and policy changes.RegardsLarsOn 20/05/2013 10:17, Ian
Campbell wrote:> On Mon, 2013-05-13 at 11:30 +0100, Lars Kurth wrote:>>
Rather than creating a voting form, I decided to use the voting>>
feature>> on the newxenproject.org website. To vote, you need to create
an>> account. If you have difficulties, let me know. The poll isat>>
http://www.xenproject.org/help/questions-and-answers/vote-on-2014-event-locations.html.>>
The vote will stay open until the middle of June.> I''ve voted using
this now but in the future perhaps we could continue to> vote using the old
"+1" in an email mechanism?>> There aren''t so many
maintainers and committers that this would be> unwieldy
IMHO.>------------------------------Message: 14Date: Tue, 21 May 2013
13:43:32 +0430From: Richard Johnson <johnson9884@qq.com>To:
xen-users@lists.xen.org, alpine-devel@lists.alpinelinux.orgSubject: Re:
[Xen-users] [alpine-devel] Stable and Secure Distribution Supporting
XenMessage-ID: <519B3ABC.6090307@qq.com>Content-Type: text/plain;
charset="us-ascii"An HTML attachment was scrubbed...URL:
<http://lists.xen.org/archives/html/xen-users/attachments/20130521/19092d43/attachment.html>------------------------------Message:
15Date: Tue, 21 May 2013 15:42:26 +0500From: Micky
<mickylmartin@gmail.com>To: James Harper
<james.harper@bendigoit.com.au>Cc: "xen-users@lists.xen.org"
<xen-users@lists.xen.org>Subject: Re: [Xen-users] gplpv: re-enabling the
nic adapter removes itMessage-ID:
<CAKAA-nkE8ZCZEikPcPVQ1ENtYR-P6dL-KHSCd0ZWS_heaHgNmA@mail.gmail.com>Content-Type:
text/plain; charset=ISO-8859-1> I just uploaded a version 404 to testing
which has some timeouts implemented (and a PAE/x64 fix for vbd). That
won''t fix the problem but might tell me more about the error if you can
send me the debug log.Thanks. I''ll take a peek soon.> When you say
crash is that a BSoD? I can''t remember if I''ve asked you that
before.Not a BSOD but a driver crash with "device cannot start (error
10)" indevice manager.------------------------------Message: 16Date: Tue,
21 May 2013 16:41:35 +0530From: Jaya Dhanesh
<jaya.dhanesh@ericsson.com>To: xen-users@lists.xenproject.orgSubject:
[Xen-users] helpMessage-ID: <519B5667.80900@ericsson.com>Content-Type:
text/plain; charset="iso-8859-1"; Format="flowed"Hi,I am
using Xen and trying to achieve some functionalities that was working with
Virtual Box.In VB, there is a command, "VBoxManage -q modifyvm $app_name
--uartmode1 server $VMDKCONS";which will allow me to write code using pipes
and sockets to achieve console connection. This is not through the regular com
port. What is the xen equivalent command to do
this?Thanks,Dhanesh.-------------- next part --------------An HTML attachment
was scrubbed...URL:
<http://lists.xen.org/archives/html/xen-users/attachments/20130521/5352943f/attachment.html>------------------------------Message:
17Date: Tue, 21 May 2013 12:04:41 +0400From: Alexey Makarov
<makarovalexey@gmail.com>To: Alexandre Kouznetsov
<alk@ondore.com>Cc: xen-users@lists.xen.orgSubject: Re: [Xen-users] XCP
don''t see Network Interfaces on sunfire x2270Message-ID:
<CAFH7_D9q1wrpmO1TZtxrQEZ9BpNwzLknL3v=aX=UGUTwGfqBQA@mail.gmail.com>Content-Type:
text/plain; charset="utf-8"Yes, xsconsole.xe pif-list shows nothing.
(No any interfaces)xe network-list shows defaults XCP networksifconfig -a shows
that eth0, eth1 - BROADCAST MULTICAST2013/5/20 Alexandre Kouznetsov
<alk@ondore.com>> Hello.>> El 20/05/13 09:54, Alexey Makarov
escribi?:>> On a fresh installation of XCP 1.6 there is no interface in
XCP Network>> Management.>>> What is "XCP Network
Management", xsconsole?>> By default, XCP 1.6 creates a
"network" for each physical interface, as a> bridge. So, there is
no ethX directly usable, the bridges are used as> network interface
instead.>> Check "xe network-list" and "xe pif-list"
output to inspect that.>>> While in comman line ifconfig -a shows me
both physical interfaces.>>> Does they have the "UP" flag or
not?>> Greetings.>> --> Alexandre Kouznetsov>>>
______________________________**_________________> Xen-users mailing list>
Xen-users@lists.xen.org> http://lists.xen.org/xen-users>-- Best regards,
Makarov Alexey-------------- next part --------------An HTML attachment was
scrubbed...URL:
<http://lists.xen.org/archives/html/xen-users/attachments/20130521/951f1935/attachment.html>------------------------------Message:
18Date: Tue, 21 May 2013 11:30:22 +0200From: Natanael Copa
<ncopa@alpinelinux.org>To: Richard Johnson <johnson9884@qq.com>Cc:
xen-users@lists.xen.org, alpine-devel@lists.alpinelinux.orgSubject: Re:
[Xen-users] [alpine-devel] Stable and Secure Distribution Supporting
XenMessage-ID:
<20130521113022.6ade937f@ncopa-desktop.alpinelinux.org>Content-Type:
text/plain; charset=US-ASCIIOn Tue, 21 May 2013 10:08:39 +0430Richard Johnson
<johnson9884@qq.com> wrote:> I''m choosing between Unix-based
operating systems that support Xen. My criteria are the following:> > -
Compatibility: I want to use this OS on a various set of commonly used hardware.
I have restricted the CPU instruction set scope to x86_64, but there are a vast
range of graphics cards out there.You will only be able to run open source
drivers with Alpine Linux.Anything in mainline linux kernel should work
though.> - Stability: The packages and kernel used must be stable versions.
Many main distributions such as Debian and RedHat follow his strategy.We just
released alpine v2.6. It uses kernel 3.9.y + grsecuritypatches. Upstream claims
its "stable". I think Debian and RedHat thinksotherwise.You will have
to find the balance between new features (incl newhardware) and stability.> -
Xen Stability: Stable Xen support is necessaryAlpine v2.6 comes with Xen
4.2.1.> - Security> > With these criteria in mind I have reached to the
following distributions: NetBSD, Alpine Linux, FreeBSD, Debian and CentOS. I am
currently using Alpine Linux which claims that it is designed with security in
mind, however my recent Experience with it showed many bugs.Alpine
Linux''s security strategy is to use Grsecurity patches and ahardened
gcc toolchain (similar to gentoo hardened). The idea is tomake it hard to
exploit (unknown) security bugs, even in kernel.Since we are a relatively small
distro and are fairly early to adoptnew "stable" upstream releases and
try stay closer to upstream, wemight hit the bugs earlier than others.The number
of new bugs seems to increase with every kernel release :-/It would be nice if
you could report the bugs you have found so we havea chance to fix
them.https://bugs.alpinelinux.orgThanks!-nc------------------------------_______________________________________________Xen-users
mailing listXen-users@lists.xen.orghttp://lists.xen.org/xen-usersEnd of
Xen-users Digest, Vol 99, Issue 46*****************************************
_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users