Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Sergey_Pisarev
Beginner
313 Views

VM-entry failure due to invalid guest state.

Hello !

I am developing driver that converts currently running OS to run under hypervisor(something like SimpleVisor). After vmlaunch cpu jumps to vm-exit dispatcher with exit reason 0x80000021 (VM-entry failure due to invalid guest state). I have checked everything in 26.3.1 Checks on the Guest State Area and fixed all the errors I have found. I am still getting this error. Below caps of my cpu and values in guest area. Maybe someone can glance over it and notice something invalid.

IA32_VMX_BASIC      (0x480) hex:0x00da0400`0000000f bin:00000000 11011010 00000100 00000000 00000000 00000000 00000000 00001111

 

IA32_VMX_CR0_FIXED0 (0x486)  hex:0x80000021 bin:10000000 00000000 00000000 00100001

IA32_VMX_CR0_FIXED1 (0x487)  hex:0xffffffff bin:11111111 11111111 11111111 11111111

guest_cr0          (0x6800)  hex:0x80050031 bin:10000000 00000101 00000000 00110001

 

IA32_VMX_CR4_FIXED0 (0x488) hex:0x2000  bin:00000000 00000000 00100000 00000000

IA32_VMX_CR4_FIXED1 (0x489) hex:0x227ff bin:00000000 00000010 00100111 11111111

guest_cr4          (0x6804) hex:0x26f8  bin:00000000 00000000 00100110 11111000

 

ia32_vmx_true_pinbased_ctls(0x48D)      hex:0x0000007f`00000016 bin:00000000 00000000 00000000 01111111 00000000 00000000 00000000 00010110

pin_based_vm_execution_controls(0x4000) hex:0x16                bin:00000000 00000000 00000000 00010110

 

ia32_vmx_true_procbased_ctls(0x48e)                   hex:0xfff9fffe`04006172 bin:11111111 11111001 11111111 11111110 00000100 00000000 01100001 01110010

primary_processor_based_vm_execution_controls(0x4002) hex:0x94006172          bin:10010100 00000000 01100001 01110010

 

ia32_vmx_procbased_ctls2(0x48b)                         hex:0x000000ff`00000000 bin:00000000 00000000 00000000 11111111 00000000 00000000 00000000 00000000

secondary_processor_based_vm_execution_controls(0x401e) hex:0xaa                bin:00000000 00000000 00000000 10101010

 

ia32_vmx_true_exit_ctls(0x48f) hex:0x007fffff`00036dfb bin:00000000 01111111 11111111 11111111 00000000 00000011 01101101 11111011

vm_exit_controls(0x400c)       hex:0x3efff             bin:00000000 00000011 11101111 11111111

 

ia32_vmx_true_entry_ctls(0x490) hex:0x0000ffff`000011fb bin:00000000 00000000 11111111 11111111 00000000 00000000 00010001 11111011

vm_entry_controls(0x4012)       hex:0x13ff              bin:00000000 00000000 00010011 11111111

 

guest_cr3(0x6802) hex:0x1aa000

 

guest_dr7    (0x681a) hex:0x400

guest_rflags (0x6820) hex:0x286 bin:00000000 00000000 00000000 00000000 00000000 00000000 00000010 10000110

 

guest_rsp(0x681c) hex:ffff8202cf325858

guest_rip(0x681e) hex:fffff80116c61058

 

guest_cs_selector(0x802)       hex:0x10 bin:00000000 00010000

guest_cs_base(0x6808)          hex:0

guest_cs_limit(0x4802)         hex:0

guest_cs_access_rights(0x4816) hex:0x209b bin:00000000 00000000 00100000 10011011

 

guest_es_selector(0x800)       hex:000000000000002b bin:00000000 00101011

guest_es_base(0x6806)          hex:0

guest_es_limit(0x4800)         hex:00000000ffffffff

guest_es_access_rights(0x4814) hex:0xcff3 bin:00000000 00000000 11001111 11110011

 

guest_ss_selector(0x804)       hex:0x18 bin:00000000 00011000

guest_ss_base(0x680a)          hex:0

guest_ss_limit(0x4804)         hex:0

guest_ss_access_rights(0x4818) hex:0x4093 bin:00000000 00000000 01000000 10010011

 

guest_ds_selector(0x806)       hex:0x2b bin:00000000 00101011

guest_ds_base(0x680c)          hex:0

guest_ds_limit(0x4806)         hex:0xffffffff

guest_ds_access_rights(0x481a) hex:0xcff3 bin:00000000 00000000 11001111 11110011

 

guest_fs_selector(0x808)       hex:0x53 bin:00000000 00000000 00000000 01010011

guest_fs_base(0x680e)          hex:0

guest_fs_limit(0x4808)         hex:0x3c00

guest_fs_access_rights(0x481c) hex:0x40f3 bin:00000000 00000000 01000000 11110011

 

guest_gs_selector(0x80a)       hex:0x2b bin:00000000 00101011

guest_gs_base(0x6810)          hex:fffff8024b822000

guest_gs_limit(0x480a)         hex:0xffffffff

guest_gs_access_rights(0x481e) hex:0xcff3 bin:00000000 00000000 11001111 11110011

 

guest_gdtr_base(0x6816)  hex:fffff8024ea53fb0

guest_gdtr_limit(0x4810) hex:0x57

 

guest_ldtr_selector(0x80c)       hex:0

guest_ldtr_limit(0x480c)         hex:0

guest_ldtr_base(0x6812)          hex:0

guest_ldtr_access_rights(0x4820) hex:0x10000 bin:00000000 00000001 00000000 00000000

 

guest_tr_selector(0x80e)       hex:0x40 bin:00000000 01000000

guest_tr_limit(0x480e)         hex:0x67

guest_tr_base(0x6814)          hex:fffff8024ea52000

guest_tr_access_rights(0x4822) hex:0x8b bin:00000000 00000000 00000000 10001011

 

guest_idtr_limit(0x4812) hex:0xfff

guest_idtr_base(0x6818)  hex:fffff8024ea51000

 

guest_ia32_debugctl(0x2802)     hex:0

guest_ia32_sysenter_cs(0x482a)  hex:0

guest_ia32_sysenter_esp(0x6824) hex:0

guest_ia32_sysenter_eip(0x6826) hex:0

 

exit_reason(0x4402) hex:0x80000021 bin:10000000 00000000 00000000 00100001

exit_qualification(0x6400) hex:0

Tags (1)
0 Kudos
3 Replies
313 Views

got some feedbacks from my peers:

The exit reason shows that there’s something wrong when checking guest area, just like the original post. I personally did another check again that (SDM 26.3.1) but I failed to see anything wrong.

But the log of guest states provided in the email didn’t contain all guest area info, for example, it didn’t have non-register state. So I think it would be good to check that area too.

Another thing is it seems both VMEXIT for external interrupt and NMI interrupt are disabled. This is probably not the typical case IMHO but maybe it is a very thin hypervisor only for special purpose."

-Thai

Sergey_Pisarev
Beginner
313 Views

Thank you ! The reason was a misconfigured access rights for some selectors (S flag to be precise)

313 Views

Thanks for comments back which would be helpful for others having the similar issue...:)

-Thai

Reply