EPT cause triple fault

Mingbo_Z_ · ‎12-23-2013

Hi all,

I am writing a simple runtime hypervisor, like hyperdbg, bluepill. At first it works fine. But when I enable EPT, the vm exits with triple fault (Exit reason 2). and the guest RIP was at the fist instruction in non-root mode after vmlaunch. There is no ept violation. I did some 1:1 direct mapping, since no ept violation, that would be no use at all.

wired thing is, the same code will run on VMware virtual machine.

My PC is Core i7, and I disabled multicore. and I use serial port with windbg.

I am confused, which instruction caused this triple fault? I change the first line of non-root mode to "mov edi, edi", still the same triple fault.

Best regards,
Mingbo

Quoc-Thai_L_Intel · ‎12-24-2013

Here are some information that I found that may help you:

- Causes a VM exit
- Hardware Assisted Virtualization (Intel(R) Virtualization Technology)
- Xen source codes
- Virtualization and Performance: Understanding VM Exits

Regards,
-Thai

Mingbo_Z_ · ‎12-25-2013

Hi Thai Le

Thanks for reply :)

I set all bits in exception bitmap, found that a page fault caused a double fault, and that caused triple fault.

the page fault occurred still at the first instruction of non-root mode, Exit Quilfacation is also point to that instruction. but that address is valid according to the pde and pte....

any suggestions?

thanks

Best regards,
Mingbo

Quoc-Thai_L_Intel · ‎12-25-2013

Hi Mingbo,

You might want to review some of these topics relating to the triple faults:
- Triple Fault: http://wiki.osdev.org/Triple_Fault, http://en.wikipedia.org/wiki/Triple_fault
- Triple Fault Advice Page from Carnegie Mellon*.

-Thai

Quoc-Thai_L_Intel · ‎03-28-2014

A new blog was created to provide resources for sw developers: Resources for Software Developers: Intel® Virtualization Technology (Intel® VT)

-Thai