On Mon, 2014-11-24 at 14:43 +0000, Andrew Cooper wrote: > On 24/11/14 14:32, M A Young wrote: > > On Mon, 24 Nov 2014, Andrew Cooper wrote: > >> Is XSM in use? I can't think of any other reason why that hypercall > >> would fail with EPERM. > > > > XSM is built in (I wanted to allow the option of people using it) but > > I didn't think it was active. > > I don't believe there is any concept of "available but not active",
I think there is, the "dummy" policy which is loaded when there is no explicit policy given should behave as if xsm were disabled. AIUI all the XSM_* and xsm_default_action stuff is supposed to semi automatically ensure this is the case at compile time. CC-ing Daniel to confirm/deny. > which probably means that the default policy is missing an entry for > this hypercall. That said domctl is XSM_OTHER, which basically means "special one off handling" I think. But it basically turns into XSM_DM_PRIV for a small handful of subops and XSM_PRIV for the rest. Since this is a migration the relevant domain is certainly PRIV I think. Ian. > Can you check the hypervisor console around this failure and see whether > a flask error concerning domctl 72 is reported? > > ~Andrew > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
