Hi,
I'm a PhD student from Harvard University having a trouble in running
vTPM manager.
I cannot successfully launch vTPM manager in Xen, because when I
command "sudo xl create vtpm-manager.cfg" to launch a virtual TPM VM,
I get the following error:
libxl: error: libxl_create.c:1295:domcreate_launch_dm: Domain
10:failed give domain access to iomeim range fed44-fed44: Operation
not permitted
In Xen, virtual TPM is a standalone VM that communicates with DOMu.
"vtpm-manager.cfg" is Xen's configuration file for virtual TPM manager
VM, whose contents are as follows:
============ vtpm-manager.cfg ================
kernel="/usr/local/lib/xen/boot/vtpmmgr-stubdom.gz" # vTPM manager code image
memory=16 # 16M RAM size
disk=["file:/home/skyer/Desktop/xen/vtpmmgr-stubdom.img,hda,w"] # disk storage
name="vtpmmgr" # Just a nick name
iomem=["fed44,1"] # This means, map physical memory from
0xfed44000-0xfed44fff for I/O, which is to be used by virtual TPM
manager to communicate with the physical TPM device.
===========================================
My kernel is compiled with CONFIG_IO_STRICT_DEVMEM flag disabled, so
iomem shouldn't be blocked by the kernel. I tried to map not only
0xfed44000, but also any other random addresses for testing, but all
of them give the same error message as above.
I'm launching the vTPM manager VM not from inside a DOMu Linux VM, but
from inside the Linux kernel directly loaded by Xen-4.9.0 (which I
suppose to be DOM0 Linux VM), and I believe this is the correct way to
launch vTPM manager.
In particular, I get the iomem() "operation not allowed" error at the
source code line;
ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall);
In ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall),
- "fd" is the special privileged Command device
- "IOCTL_PRIVCMD_HYPERCALL" denotes that this is a privileged hypercall command
- "hypercall" is an object containing the information of: {
hypercall_command_index, target_DOM_id, iomem_start_page,
iomem_page_count, allow_or_deny_access}.
When I launch the vTPM manager, target_DOM_id = the ID of vTPM
manager, iomem_start_page = 0xfed40, iomem_page_count = 5, and
allow_or_deny_access = 1, and this ioctl() gives an
"operation-not-allowed" error. But if I hard-code DOM_id = 0 just for
a test, this error goes away, but then I get a 0xfed0 memory mapping
failure error later on.
To summarize, I cannot find the reason why the vTPM manager VM crashes
with "Operation not permitted". If anyone has a clue, please give me
some help. Thanks very much.
Ronny
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
