Re: NetBSD domU and the real server

To: "Dirk H. Schulz" <dirk.schulz%kinzesberg.de@localhost>
Subject: Re: NetBSD domU and the real server
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Date: Tue, 06 Oct 2009 20:35:54 +0200

Dirk H. Schulz wrote:

Hi folks,

I have stumbled across something that is new to me with NetBSD.
I have setup domUs with NetBSD5 on two dual Pentium III servers withDebian5 dom0. When I copy them to a single Xeon 2.8 GHz machine runninga Debian5 dom0 and run them there, they dom0 kernel crashes within a fewhours; that is reliably reproducable.


What kind of crash? You got a stacktrace from either Xen or Linux?

When I setup new NetBSD5 domUs on the Xeon machine and run them, theDebian5 dom0 runs fine.
I do not have the same problem with Debian5 domUs on these servers; Ihave setup several on the Pentium III servers and run them on the Xeonmachine without such a problem.

Something is really wrong in the Debian's dom0 then. From a securitypoint of view, it is unacceptable (though, not 100% avoidable - bugs,you know) that an unprivileged domain (domU) can reliably crash the dom0.

Does the NetBSD installer configure the domU for a certain hardware?
Do I have to template domUs for every major intel architecture?

- No
- No

And if yes,does that depend only on the processor(s) or the chip sets as well?Or is it just a problem when transferring the domU from a multiprocessor to a single processor system?

No

Any hint or help is appreciated?


I am assuming you are not using PCI passthru, or HVM.

domU is completely hardware independent, except for the machine arch(x86). It is expected to be completely isolated (by design) from thehardware, and cannot access devices, chipsets, or memory. Literallyeverything has to go and get validated through dom0 and/or Xen.

dom0 is critical in regards to security, and must remain 100% reliableeven in cases where domU is crippled (security by isolation). If itcrashes because of a domU, it is clearly buggy, and makes assumption ona state or condition it should not to.


Faulty hardware may be a source of problem too.

Without further information, it is hard to tell. A good start would be astacktrace, xm dmesg, or Xen console output.


--
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost

Follow-Ups:
- Re: NetBSD domU and the real server
  - From: Dirk H. Schulz

References:
- NetBSD domU and the real server
  - From: Dirk H. Schulz

Prev by Date: Re: NetBSD domU and the real server
Next by Date: Re: hvmloader booting off sda?
Previous by Thread: Re: NetBSD domU and the real server
Next by Thread: Re: NetBSD domU and the real server
Indexes:

Home | Main Index | Thread Index | Old Index