Jean-Philippe Ouellet writes:
> 1. See if anything interesting in `systemctl status xenstored` One interesting thing in the log: TDB: tdb_open_ex: could not open file /var/lib/xenstored/tdb: No such file or directory But that file does exist, and it's being written every 2 to 3 seconds. Size is 614400 bytes, which never changes. > 2. If you are likely to be able to reproduce the behavior, enable > tracing by defining XENSTORED_TRACE to non-empty string at top of > /etc/xen/scripts/launch-xenstore and check > /var/log/xen/xenstored-trace.log when it happens again. Enabled. Will check log after next reboot. > 3. Check what your xenstored is doing: > > $ sudo qubes-dom0-update xen-debuginfo > $ sudo gdb xenstored $(pgrep xenstored) > (gdb) bt I pasted several randomly sampled backtraces below. (Yes, well...) > Warning: attaching gdb to a suspect process exposes a large attack > surface. I don't understand your warning. Since xenstored is running as root in dom0, the game's already over if xenstored is compromised. Attaching gdb can't give xenstored any access it doesn't already have. Random backtraces: (gdb) continue Continuing. ^C Program received signal SIGINT, Interrupt. 0x00007d4d36428af0 in __read_nocancel () from /lib64/libc.so.6 (gdb) bt #0 0x00007d4d36428af0 in __read_nocancel () from /lib64/libc.so.6 #1 0x000000000040a3ce in tdb_read () #2 0x000000000040aab9 in tdb_find () #3 0x000000000040ac58 in tdb_find_lock_hash () #4 0x000000000040bd38 in tdb_fetch () #5 0x0000000000403648 in read_node () #6 0x0000000000404c31 in get_node () #7 0x00000000004052de in handle_input () #8 0x0000000000402970 in main () (gdb) continue Continuing. ^C Program received signal SIGINT, Interrupt. 0x00007d4d3642cf20 in __poll_nocancel () from /lib64/libc.so.6 (gdb) bt #0 0x00007d4d3642cf20 in __poll_nocancel () from /lib64/libc.so.6 #1 0x0000000000402746 in main () (gdb) continue Continuing. ^C Program received signal SIGINT, Interrupt. 0x00007d4d36438ea7 in lseek64 () from /lib64/libc.so.6 (gdb) bt #0 0x00007d4d36438ea7 in lseek64 () from /lib64/libc.so.6 #1 0x000000000040a3ae in tdb_read () #2 0x000000000040aab9 in tdb_find () #3 0x000000000040ac58 in tdb_find_lock_hash () #4 0x000000000040bd38 in tdb_fetch () #5 0x0000000000403648 in read_node () #6 0x0000000000404c31 in get_node () #7 0x00000000004052de in handle_input () #8 0x0000000000402970 in main () (gdb) continue Continuing. ^C Program received signal SIGINT, Interrupt. 0x00007d4d363b6e90 in malloc () from /lib64/libc.so.6 (gdb) bt #0 0x00007d4d363b6e90 in malloc () from /lib64/libc.so.6 #1 0x000000000040824b in _talloc () #2 0x000000000040836e in talloc_named_const () #3 0x0000000000404e72 in handle_input () #4 0x0000000000402970 in main () (gdb) continue Continuing. (gdb) bt ^C Program received signal SIGINT, Interrupt. 0x00007d4d3642e6a7 in ioctl () from /lib64/libc.so.6 (gdb) bt #0 0x00007d4d3642e6a7 in ioctl () from /lib64/libc.so.6 #1 0x00007d4d36d2dc2c in xenevtchn_notify () from /lib64/libxenevtchn.so.1 #2 0x0000000000406115 in writechn () #3 0x00000000004043e9 in write_messages () #4 0x0000000000402946 in main () (gdb) Ergo, this conclusion is the place where I got tired of thinking. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/Vmh9SbuelsTmwwHprGflMLvBAi5cVoLiR4CcgSreNS4%40local. For more options, visit https://groups.google.com/d/optout.
