Tim, George,
Any ideas who at might know more about the ACM flask?
On Sat, Aug 06, 2011 at 04:28:37PM +0800, Windows Live wrote:
>
> ------- Comment
>
> #15 From
> Konrad Rzeszutek Wilk
> 2011-08-05 19:11
>
> [reply]
> -------
>
>
>
>
> Just copy-n-paste the bug and post it on xen-devel mailing list.
>
>
> http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1775
>
> a reduced summary;
>
>
> This fault renders xen unworkable, only in the packaged install of distro
> gentoo/
>
> gentoo64 grub # eix xen
> [I] app-emulation/xen
> Available versions: 3.4.2-r1!t (~)4.1.0!t **9999!t {acm custom-cflags
> debug flask pae xsm}
> Installed versions: 4.1.0!t(00:13:36 07/30/11)(acm debug flask pae xsm
> -custom-cflags)
> Homepage: http://xen.org/
> Description: The Xen virtual machine monitor
>
> This make /boot/xen-4.1.0.gz. On booting into this installed hypervisor, I
> can
> bring up virt-manager which happily lists the vms.
>
> On attempting to boot a v the moment the xen equipped kernel attempts to boot
> the vm, the system is crashed.
>
> That is, it seems to trigger reboot because that is what happens,
> Just reboot.
> I haven't bothered with any logs because this instantaneous crash should fail
> to write any events to logs, correct me if I'm wrong
>
> ------- Comment
>
> #1 From
> IAN DELANEY
> 2011-07-30 02:36
>
> [reply]
> -------
>
>
>
>
> should have mentioned.
>
> idella@gentoo64 ~/bin $ ls /boot/
> ...........
> xen-4.1.0-rc7-pre.gz
> xen-4.1.0.gz
> ........
>
> The xen-4.1.0-rc7-pre.gz is fine
> The xen-4.1.0.gz hypervisor is broken.
>
> idella@gentoo64 ~/bin $ emerge xen -pv
>
> These are the packages that would be merged, in order:
>
> Calculating dependencies... done!
> [ebuild R ] app-emulation/xen-4.1.0 USE="acm custom-cflags* debug flask
> pae xsm" 0 kB
>
> shows the compiled in features. What can trigger this type of system crash?
>
>
>
>
> ------- Comment
>
> #3 From
> IAN DELANEY
> 2011-07-30 07:31
>
> [reply]
> -------
>
>
>
>
> It seems the cause of this is in gentoo terms the use of the use flags acm and
> xsm. See https://bugs.gentoo.org/show_bug.cgi?id=361345.
> It seems disabling these flags allows the hypervisor to boot vms.
> What I need to know is where this flaw comes from. There is a gentoo package
> xsm, but not asm.
> asm is a security portion of the source.
> Is the flaw in the gentoo package xsm, is it the xensource code, and can you
> list the step or steps to sensure xsm and acm directly in the xensource code
> so
> I can replicate it; suspect they are options manually put after make on the
> command line.
>
> ------- Comment #5 From IAN DELANEY 2011-07-30 08:01 [reply] -------
>
>
>
>
> Aha
>
> from Config.mk
>
> # Enable XSM security module. Enabling XSM requires selection of an
> # XSM security module (FLASK_ENABLE or ACM_SECURITY).
> XSM_ENABLE ?= n
> FLASK_ENABLE ?= n
> ACM_SECURITY ?= n
>
> These are the default settings, so it seems the hypervisor I am using does in
> fact not have these set.
> So why are they turned off, and do they have an unresolved issue?
>
>
>
>
>
>
> ------- Comment
>
> #6 From
> Konrad Rzeszutek Wilk
> 2011-07-30 08:26
>
> [reply]
> -------
>
>
>
>
> (In reply to comment #5)
> > Aha
> >
> > from Config.mk
> >
> > # Enable XSM security module. Enabling XSM requires selection of an
> > # XSM security module (FLASK_ENABLE or ACM_SECURITY).
> > XSM_ENABLE ?= n
> > FLASK_ENABLE ?= n
> > ACM_SECURITY ?= n
> >
> > These are the default settings, so it seems the hypervisor I am using does
> > in
> > fact not have these set.
> > So why are they turned off, and do they have an unresolved issue?
>
> B/c the maintainer for them is .. gone? I suspect the code is bit-rotten. You
> might want to open a Gentoo bug to turn those off until somebody fixes
> whatever
> the issue you have with ACM.
>
> >
>
>
>
>
>
>
> ------- Comment
>
> #7 From
> IAN DELANEY
> 2011-07-30 08:40
>
> [reply]
> -------
>
>
>
>
> Konrad;
>
>
> I can get the use flags withdrawn, but the task at hand is to get them to
> work.
> I can say that change to setting
> FLASK_ENABLE ?= y
> cause the emerge or build to fail in my gentoo
>
>
>
>
> ------- Comment
>
> #8 From
> IAN DELANEY
> 2011-07-30 10:04
>
> [reply]
> -------
>
>
>
>
> ok I'm picking up the threads.
>
> # make clean
> # nano Config.mk
> # emerge install-xen
>
> for each alteration.
>
> the build fails only for setting ACM_SECURITY ?= y.
>
>
>
>
>
>
> ------- Comment
>
> #9 From
> Konrad Rzeszutek Wilk
> 2011-07-31 08:14
>
> [reply]
> -------
>
>
>
>
> (In reply to comment #7)
> > Konrad;
> >
> > thanks. When you say maintainer, do you mean a gentoo maintainer?
>
> Cool. So in regards to disable ACM/FLask - that was to you. In regards to
> actually figuring why ACM/Flask does not seem to work - that was meant for the
> maintainer of that code in Xen - who seemed to have moved on to other things.
>
>
> > I can get the use flags withdrawn, but the task at hand is to get them to
> > work.
>
> Ah, then you will need to figure out why FLASK does not work - I have no
> knowledge of that code so won't be much help. You might have better luck
> digging up the authors of said code and emailing them.
>
> > I can say that change to setting
> > FLASK_ENABLE ?= y
> > cause the emerge or build to fail in my gentoo
> >
> > Thanks for your important help.
> >
>
>
>
>
>
>
> ------- Comment
>
> #10 From
> IAN DELANEY
> 2011-07-31 08:49
>
> [reply]
> -------
>
>
>
>
> ok; to correct last entries.
>
> It seems that flask is fine. On repeating it a number of times, for whatever
> reason, on compiling the xensource package xen-4.1-testing.hg, it appears that
> entries flask and acm will in fact compile fine. It seems that setting flask
> on
> its own will fail, it depends upon xsm being set. Setting xsm om its own or
> with flask works.
>
> In fact, setting all 3, the package builds. But like the gentoo emerge, the
> hypervisor breaks the system if ACM_SECURITY is set. Setting use=ACM
> presumably leads to setting ACM_SECURITY ?= n in the Config.mk. simple. So
> the
> flaw isn't in gentoo, it' in the source.
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home