On Tue, 2011-08-09 at 15:29 +0100, Konrad Rzeszutek Wilk wrote:
> Tim, George,
>
> Any ideas who at might know more about the ACM flask?
Didn't Keir remove ACM support back in 23097:2aeebd5cbbad? Probably post
Xen 4.1 but on that basis I wouldn't recommend enabling it on any recent
release which happened to include it -- it was removed because it was
unmaintained.
Ian.
>
> On Sat, Aug 06, 2011 at 04:28:37PM +0800, Windows Live wrote:
> >
> > ------- Comment
> >
> > #15 From
> > Konrad Rzeszutek Wilk
> > 2011-08-05 19:11
> >
> > [reply]
> > -------
> >
> >
> >
> >
> > Just copy-n-paste the bug and post it on xen-devel mailing list.
> >
> >
> > http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1775
> >
> > a reduced summary;
> >
> >
> > This fault renders xen unworkable, only in the packaged install of distro
> > gentoo/
> >
> > gentoo64 grub # eix xen
> > [I] app-emulation/xen
> > Available versions: 3.4.2-r1!t (~)4.1.0!t **9999!t {acm custom-cflags
> > debug flask pae xsm}
> > Installed versions: 4.1.0!t(00:13:36 07/30/11)(acm debug flask pae xsm
> > -custom-cflags)
> > Homepage: http://xen.org/
> > Description: The Xen virtual machine monitor
> >
> > This make /boot/xen-4.1.0.gz. On booting into this installed hypervisor, I
> > can
> > bring up virt-manager which happily lists the vms.
> >
> > On attempting to boot a v the moment the xen equipped kernel attempts to
> > boot
> > the vm, the system is crashed.
> >
> > That is, it seems to trigger reboot because that is what happens,
> > Just reboot.
> > I haven't bothered with any logs because this instantaneous crash should
> > fail
> > to write any events to logs, correct me if I'm wrong
> >
> > ------- Comment
> >
> > #1 From
> > IAN DELANEY
> > 2011-07-30 02:36
> >
> > [reply]
> > -------
> >
> >
> >
> >
> > should have mentioned.
> >
> > idella@gentoo64 ~/bin $ ls /boot/
> > ...........
> > xen-4.1.0-rc7-pre.gz
> > xen-4.1.0.gz
> > ........
> >
> > The xen-4.1.0-rc7-pre.gz is fine
> > The xen-4.1.0.gz hypervisor is broken.
> >
> > idella@gentoo64 ~/bin $ emerge xen -pv
> >
> > These are the packages that would be merged, in order:
> >
> > Calculating dependencies... done!
> > [ebuild R ] app-emulation/xen-4.1.0 USE="acm custom-cflags* debug
> > flask
> > pae xsm" 0 kB
> >
> > shows the compiled in features. What can trigger this type of system crash?
> >
> >
> >
> >
> > ------- Comment
> >
> > #3 From
> > IAN DELANEY
> > 2011-07-30 07:31
> >
> > [reply]
> > -------
> >
> >
> >
> >
> > It seems the cause of this is in gentoo terms the use of the use flags acm
> > and
> > xsm. See https://bugs.gentoo.org/show_bug.cgi?id=361345.
> > It seems disabling these flags allows the hypervisor to boot vms.
> > What I need to know is where this flaw comes from. There is a gentoo
> > package
> > xsm, but not asm.
> > asm is a security portion of the source.
> > Is the flaw in the gentoo package xsm, is it the xensource code, and can you
> > list the step or steps to sensure xsm and acm directly in the xensource
> > code so
> > I can replicate it; suspect they are options manually put after make on the
> > command line.
> >
> > ------- Comment #5 From IAN DELANEY 2011-07-30 08:01 [reply] -------
> >
> >
> >
> >
> > Aha
> >
> > from Config.mk
> >
> > # Enable XSM security module. Enabling XSM requires selection of an
> > # XSM security module (FLASK_ENABLE or ACM_SECURITY).
> > XSM_ENABLE ?= n
> > FLASK_ENABLE ?= n
> > ACM_SECURITY ?= n
> >
> > These are the default settings, so it seems the hypervisor I am using does
> > in
> > fact not have these set.
> > So why are they turned off, and do they have an unresolved issue?
> >
> >
> >
> >
> >
> >
> > ------- Comment
> >
> > #6 From
> > Konrad Rzeszutek Wilk
> > 2011-07-30 08:26
> >
> > [reply]
> > -------
> >
> >
> >
> >
> > (In reply to comment #5)
> > > Aha
> > >
> > > from Config.mk
> > >
> > > # Enable XSM security module. Enabling XSM requires selection of an
> > > # XSM security module (FLASK_ENABLE or ACM_SECURITY).
> > > XSM_ENABLE ?= n
> > > FLASK_ENABLE ?= n
> > > ACM_SECURITY ?= n
> > >
> > > These are the default settings, so it seems the hypervisor I am using
> > > does in
> > > fact not have these set.
> > > So why are they turned off, and do they have an unresolved issue?
> >
> > B/c the maintainer for them is .. gone? I suspect the code is bit-rotten.
> > You
> > might want to open a Gentoo bug to turn those off until somebody fixes
> > whatever
> > the issue you have with ACM.
> >
> > >
> >
> >
> >
> >
> >
> >
> > ------- Comment
> >
> > #7 From
> > IAN DELANEY
> > 2011-07-30 08:40
> >
> > [reply]
> > -------
> >
> >
> >
> >
> > Konrad;
> >
> >
> > I can get the use flags withdrawn, but the task at hand is to get them to
> > work.
> > I can say that change to setting
> > FLASK_ENABLE ?= y
> > cause the emerge or build to fail in my gentoo
> >
> >
> >
> >
> > ------- Comment
> >
> > #8 From
> > IAN DELANEY
> > 2011-07-30 10:04
> >
> > [reply]
> > -------
> >
> >
> >
> >
> > ok I'm picking up the threads.
> >
> > # make clean
> > # nano Config.mk
> > # emerge install-xen
> >
> > for each alteration.
> >
> > the build fails only for setting ACM_SECURITY ?= y.
> >
> >
> >
> >
> >
> >
> > ------- Comment
> >
> > #9 From
> > Konrad Rzeszutek Wilk
> > 2011-07-31 08:14
> >
> > [reply]
> > -------
> >
> >
> >
> >
> > (In reply to comment #7)
> > > Konrad;
> > >
> > > thanks. When you say maintainer, do you mean a gentoo maintainer?
> >
> > Cool. So in regards to disable ACM/FLask - that was to you. In regards to
> > actually figuring why ACM/Flask does not seem to work - that was meant for
> > the
> > maintainer of that code in Xen - who seemed to have moved on to other
> > things.
> >
> >
> > > I can get the use flags withdrawn, but the task at hand is to get them to
> > > work.
> >
> > Ah, then you will need to figure out why FLASK does not work - I have no
> > knowledge of that code so won't be much help. You might have better luck
> > digging up the authors of said code and emailing them.
> >
> > > I can say that change to setting
> > > FLASK_ENABLE ?= y
> > > cause the emerge or build to fail in my gentoo
> > >
> > > Thanks for your important help.
> > >
> >
> >
> >
> >
> >
> >
> > ------- Comment
> >
> > #10 From
> > IAN DELANEY
> > 2011-07-31 08:49
> >
> > [reply]
> > -------
> >
> >
> >
> >
> > ok; to correct last entries.
> >
> > It seems that flask is fine. On repeating it a number of times, for
> > whatever
> > reason, on compiling the xensource package xen-4.1-testing.hg, it appears
> > that
> > entries flask and acm will in fact compile fine. It seems that setting
> > flask on
> > its own will fail, it depends upon xsm being set. Setting xsm om its own or
> > with flask works.
> >
> > In fact, setting all 3, the package builds. But like the gentoo emerge, the
> > hypervisor breaks the system if ACM_SECURITY is set. Setting use=ACM
> > presumably leads to setting ACM_SECURITY ?= n in the Config.mk. simple. So
> > the
> > flaw isn't in gentoo, it' in the source.
> >
>
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-devel
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home