- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have a system running Core i7 920 with VT enabled in the BIOS. I am trying to write
a simple hypervisor which sets up a context for a guest in Virtual 8086 mode. However,
when I set the VM bit (for Virtual 8086 mode) in the VMCS RFLAGS register and launch
the guest ( value of RFLAGS I am using is 0x0000000000020002) , the system seems to
be frozen (probably a VMX abort?). I dont have access
to a hardware debugger and hence cannot be sure whether it is a VMX abort or what
the abort code is.
However, I have success in launching a 32-bit protected mode guest with paging and
am even able to communicate with the hypervisor using VMCALLs from the 32-bit guest.
So, I am inclined to think that it is not failing due to a VMX abort when launching the
V86 guest.
I have even tried to launch a 32-bit guest and within that have setup a
V86 stack frame and tried to do a IRET to that with EFLAGS VM set. That also has
the same effect in the system being frozen when IRET executes. I am not sure
what I am missing in setting up a V86 guest. Any help will be greatly appreciated.
Thanks in advance!
I have a system running Core i7 920 with VT enabled in the BIOS. I am trying to write
a simple hypervisor which sets up a context for a guest in Virtual 8086 mode. However,
when I set the VM bit (for Virtual 8086 mode) in the VMCS RFLAGS register and launch
the guest ( value of RFLAGS I am using is 0x0000000000020002) , the system seems to
be frozen (probably a VMX abort?). I dont have access
to a hardware debugger and hence cannot be sure whether it is a VMX abort or what
the abort code is.
However, I have success in launching a 32-bit protected mode guest with paging and
am even able to communicate with the hypervisor using VMCALLs from the 32-bit guest.
So, I am inclined to think that it is not failing due to a VMX abort when launching the
V86 guest.
I have even tried to launch a 32-bit guest and within that have setup a
V86 stack frame and tried to do a IRET to that with EFLAGS VM set. That also has
the same effect in the system being frozen when IRET executes. I am not sure
what I am missing in setting up a V86 guest. Any help will be greatly appreciated.
Thanks in advance!
Link Copied
2 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Just to add to my previous question. The V86 mode code I am trying to execute
basically writes the character 'A' to the video frame buffer at 0xB800:0000 and
ends with a HLT instruction. I am trying to run this test code with interrupts
disabled and hoping to get a General Protection Fault (GPF) when the HLT instruction
executes in V86 mode. However, the letter 'A' doesnt get printed and nor do I
receive a GPF (I have the IDT handlers setup and have verified that they work correctly
when the guest is in 32-bit mode).
I also tried a simple VMCALL instruction as a test code within the V86 guest. However,
that doesnt produce a VMEXIT. So I am pretty sure that the V86 mode is not established
by the processor as it doesnt seem to execute any instruction. Further, there are no
VMEXITs and the CPU simply appears frozen. That is one of the reasons I thought it
might be a VMX abort. But what is more confusing is thatI have verified the hypervisor
with a 32-bit guest and it doesnt generate a VMX abort at any time and as per the
intel docs thereis no V86 guest mode specific VMX abort. So I am not sure what is
happening here!
Just to add to my previous question. The V86 mode code I am trying to execute
basically writes the character 'A' to the video frame buffer at 0xB800:0000 and
ends with a HLT instruction. I am trying to run this test code with interrupts
disabled and hoping to get a General Protection Fault (GPF) when the HLT instruction
executes in V86 mode. However, the letter 'A' doesnt get printed and nor do I
receive a GPF (I have the IDT handlers setup and have verified that they work correctly
when the guest is in 32-bit mode).
I also tried a simple VMCALL instruction as a test code within the V86 guest. However,
that doesnt produce a VMEXIT. So I am pretty sure that the V86 mode is not established
by the processor as it doesnt seem to execute any instruction. Further, there are no
VMEXITs and the CPU simply appears frozen. That is one of the reasons I thought it
might be a VMX abort. But what is more confusing is thatI have verified the hypervisor
with a 32-bit guest and it doesnt generate a VMX abort at any time and as per the
intel docs thereis no V86 guest mode specific VMX abort. So I am not sure what is
happening here!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should ensure requirements for virtual-8086 guest state are satisfied. These requirements are described in software developer manual, 3b, chapter "CHECKING AND LOADING GUEST STATE".
VM entry failure can be determined by exit reason with bit 31 set.
The best way to determine what happens inside the guest is writing such code:
void vmexit_handler()
{
if (0x80000000 & vmread(EXIT_REASON)) /* check for VM entry failure */
{
printk("VM entry failuren");
validate_vmcs();
}
...
}
/* Check VMCS for requirements for host and guest state from SDM 3B */
void validate_vmcs()
{
...
if (vmread(GUEST_RFLAGS) & RFLAGS_VM)
{
/* Conditions for virtual 8086 from SDM 3B
* Access-rights fields. CS, SS, DS, ES, FS, GS.
* If the guest will be virtual-8086, the field must be 000000F3H. */
ASSERT(vmread(GUEST_CS_ACCESS_RIGHTS) == 0xf3);
ASSERT(vmread(GUEST_DS_ACCESS_RIGHTS) == 0xf3);
...
/* Base-address fields. CS, SS, DS, ES, FS, GS.
* If the guest will be virtual-8086, the address must be
* the selector field shifted left 4 bits (multiplied by 16). */
ASSERT(vmread(GUEST_CS_BASE) == vmread(GUEST_CS_SEL) << 4);
ASSERT(vmread(GUEST_DS_BASE) == vmread(GUEST_DS_SEL) << 4);
...
/* And so on. All conditions must be met. */
}
...
}
Hope this will help.
VM entry failure can be determined by exit reason with bit 31 set.
The best way to determine what happens inside the guest is writing such code:
void vmexit_handler()
{
if (0x80000000 & vmread(EXIT_REASON)) /* check for VM entry failure */
{
printk("VM entry failuren");
validate_vmcs();
}
...
}
/* Check VMCS for requirements for host and guest state from SDM 3B */
void validate_vmcs()
{
...
if (vmread(GUEST_RFLAGS) & RFLAGS_VM)
{
/* Conditions for virtual 8086 from SDM 3B
* Access-rights fields. CS, SS, DS, ES, FS, GS.
* If the guest will be virtual-8086, the field must be 000000F3H. */
ASSERT(vmread(GUEST_CS_ACCESS_RIGHTS) == 0xf3);
ASSERT(vmread(GUEST_DS_ACCESS_RIGHTS) == 0xf3);
...
/* Base-address fields. CS, SS, DS, ES, FS, GS.
* If the guest will be virtual-8086, the address must be
* the selector field shifted left 4 bits (multiplied by 16). */
ASSERT(vmread(GUEST_CS_BASE) == vmread(GUEST_CS_SEL) << 4);
ASSERT(vmread(GUEST_DS_BASE) == vmread(GUEST_DS_SEL) << 4);
...
/* And so on. All conditions must be met. */
}
...
}
Hope this will help.
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page