- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
I just implement the EPT support in my hypervisor (Very similar to Newbluepill). My problem is how to debug VTx implementation in drivers.
Here is the story. First, I implement a driver to support partial VTx, and it works very well. Then I implement EPT to identically map gfn to mfn from 0x0 to 0xfffff. I suppose it should be OK. But the result is the Windows OS hangs (No reboot, No BSOD) when executing VMLAUNCH instruction.
And my problem is that, the windbg just shows "debuggee is running" when the debuggee Windows OS hangs, even if I insert "ud2" instruction before the next statement, #VMEXIT handler and the first instruction in non-root mode. VMLAUNCH should not make this happen according to Intel's manual 2B. Everything is OK if I set "enable ept" to be 0 or clear the "EPT pointer" field in VMCS. Can someone explain why this happens and what should I do to continue debugging?
Both the hypervisor and the Windows OS is on x86_32 platform. I use windbg to debug the target machine via serial port.
Some debug information: EPT pointer is 0x9ba801e, (pfn:0x9ba8, flag:0x1e, I have double checked this) PML4[0] = 0x00000000_09cd8007, PDPT[0] = 0x00000000_09cf3007, PD[0] = 0x00000000_09cf2007, PT[0] = 0x00000000_00000077. Other entries are of the same scheme with different values. I noticed that Xen 3.4.2 has the same flag in EPT pointer field.
The debuggee platform is on Intel i5 650, multi-core disabled.
Thanks,
Miao
I just implement the EPT support in my hypervisor (Very similar to Newbluepill). My problem is how to debug VTx implementation in drivers.
Here is the story. First, I implement a driver to support partial VTx, and it works very well. Then I implement EPT to identically map gfn to mfn from 0x0 to 0xfffff. I suppose it should be OK. But the result is the Windows OS hangs (No reboot, No BSOD) when executing VMLAUNCH instruction.
And my problem is that, the windbg just shows "debuggee is running" when the debuggee Windows OS hangs, even if I insert "ud2" instruction before the next statement, #VMEXIT handler and the first instruction in non-root mode. VMLAUNCH should not make this happen according to Intel's manual 2B. Everything is OK if I set "enable ept" to be 0 or clear the "EPT pointer" field in VMCS. Can someone explain why this happens and what should I do to continue debugging?
Both the hypervisor and the Windows OS is on x86_32 platform. I use windbg to debug the target machine via serial port.
Some debug information: EPT pointer is 0x9ba801e, (pfn:0x9ba8, flag:0x1e, I have double checked this) PML4[0] = 0x00000000_09cd8007, PDPT[0] = 0x00000000_09cf3007, PD[0] = 0x00000000_09cf2007, PT[0] = 0x00000000_00000077. Other entries are of the same scheme with different values. I noticed that Xen 3.4.2 has the same flag in EPT pointer field.
The debuggee platform is on Intel i5 650, multi-core disabled.
Thanks,
Miao
1 Solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Miao,
Looks like Haitao Shan has answered your question at
http://xen.markmail.org/search/?q=EPT#query:EPT+page:3+mid:ynakdebipkydyq2l+state:results
"One difference between EPT-backed 1:1 mapping and direct 1:1 mapping (I suppose that you don't use shadow page table) is that MTRRs are ignored when EPT is in effect. Do you set up EPT memory type correctly? Especially Windows is likely to access MMIO space below 1M."
Appears to be an issue with memory type settings in your EPT entries.
David Ott
Looks like Haitao Shan has answered your question at
http://xen.markmail.org/search/?q=EPT#query:EPT+page:3+mid:ynakdebipkydyq2l+state:results
"One difference between EPT-backed 1:1 mapping and direct 1:1 mapping (I suppose that you don't use shadow page table) is that MTRRs are ignored when EPT is in effect. Do you set up EPT memory type correctly? Especially Windows is likely to access MMIO space below 1M."
Appears to be an issue with memory type settings in your EPT entries.
David Ott
Link Copied
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Miao,
Looks like Haitao Shan has answered your question at
http://xen.markmail.org/search/?q=EPT#query:EPT+page:3+mid:ynakdebipkydyq2l+state:results
"One difference between EPT-backed 1:1 mapping and direct 1:1 mapping (I suppose that you don't use shadow page table) is that MTRRs are ignored when EPT is in effect. Do you set up EPT memory type correctly? Especially Windows is likely to access MMIO space below 1M."
Appears to be an issue with memory type settings in your EPT entries.
David Ott
Looks like Haitao Shan has answered your question at
http://xen.markmail.org/search/?q=EPT#query:EPT+page:3+mid:ynakdebipkydyq2l+state:results
"One difference between EPT-backed 1:1 mapping and direct 1:1 mapping (I suppose that you don't use shadow page table) is that MTRRs are ignored when EPT is in effect. Do you set up EPT memory type correctly? Especially Windows is likely to access MMIO space below 1M."
Appears to be an issue with memory type settings in your EPT entries.
David Ott
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry for the late reply. Yes, the root problem is I filled the entries with the wrong memory type. Now it works. Thank you all the same. :-)
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page