Issues implementing EPT - c
I'm having an issue implementing EPT in a hypervisor I'm developing.
I'm receiving error no. 48 (EPT violation. An attempt to access memory with a guest-physical address was disallowed by the configuration of the EPT paging structures) with an EXIT_QUALIFICATION of 0x81 upon doing a VMLAUNCH.
I've checked the page allocation logic and made sure GUEST_CR3 = HOST_CR3. I'm not sure why is this happening. I'm running on VMWare on a Linux host.
This is the allocation logic:
EPTP alloc_ept(int initial_pages_count){
int i;
EPTP eptp;
EPT_PML4E *ept_pml4;
EPT_PDPTE *ept_pdpt;
EPT_PDE *ept_pd;
EPT_PTE *ept_pt;
eptp.value = 0;
ept_pml4 = kzalloc(4096, GFP_KERNEL | GFP_NOWAIT);
if(!ept_pml4)
goto pml4err;
ept_pdpt = kzalloc(4096, GFP_KERNEL | GFP_NOWAIT);
if(!ept_pdpt)
goto pdpterr;
ept_pd = kzalloc(4096, GFP_KERNEL | GFP_NOWAIT);
if(!ept_pd)
goto pderr;
ept_pt = kzalloc(4096, GFP_KERNEL | GFP_NOWAIT);
if(!ept_pt)
goto pterr;
for(i = 0; i < initial_pages_count; i++){
ept_pt[i].fields.phys_addr = virt_to_phys(kzalloc(4096, GFP_KERNEL | GFP_NOWAIT)) >> 12;
ept_pt[i].fields.read_access = 1;
ept_pt[i].fields.write_access = 1;
ept_pt[i].fields.execute_access = 1;
// Read CR0.bit30(CD) to determine cache disable and check if memtype=6 is supported:
ept_pt[i].fields.ept_memtype = 0;
}
ept_pd[0].fields.phys_addr = virt_to_phys(ept_pt) >> 12;
ept_pd[0].fields.read_access = 1;
ept_pd[0].fields.write_access = 1;
ept_pd[0].fields.execute_access = 1;
ept_pdpt[0].fields.phys_addr = virt_to_phys(ept_pd) >> 12;
ept_pdpt[0].fields.read_access = 1;
ept_pdpt[0].fields.write_access = 1;
ept_pdpt[0].fields.execute_access = 1;
ept_pml4[0].fields.phys_addr = virt_to_phys(ept_pdpt) >> 12;
ept_pml4[0].fields.read_access = 1;
ept_pml4[0].fields.write_access = 1;
ept_pml4[0].fields.execute_access = 1;
eptp.fields.pml4_phys_addr = virt_to_phys(ept_pml4) >> 12;
// Read CR0.bit30(CD) to determine cache disable and check if memtype=6 is supported:
eptp.fields.memtype = 0;
eptp.fields.page_walk = 3;
// TODO: Read IA32_VMX_EPT_VPID_CAP - bit 21 if this is supported:
eptp.fields.accessed_and_dirty_flags_enabled = 0;
printk("EPTP PML4 PHYS ADDR: %08llx", eptp.fields.pml4_phys_addr);
return eptp;
pterr:
kfree(ept_pd);
pderr:
kfree(ept_pdpt);
pdpterr:
kfree(ept_pml4);
pml4err:
panic("EPT ALLOC ERROR!");
}
static inline void VMLAUNCH(void){
uint8_t err;
__asm__ __volatile__(
"vmlaunch; setna %[err]"
: [err]"=rm"(err)
: : "cc", "memory"
);
dump_vmcs();
printk(KERN_ERR "VMLAUNCH failure (err %lx)", vmcs_read(VM_INSTRUCTION_ERROR));
BUG_ON(err);
}
static void setup_vm_code(vmstate *vms){
int i;
EPT_PML4E *pml = phys_to_virt(vms->eptp.fields.pml4_phys_addr << 12);
EPT_PDPTE *pdpt = phys_to_virt(pml->fields.phys_addr << 12);
EPT_PDE *pd = phys_to_virt(pdpt->fields.phys_addr << 12);
EPT_PTE *pt = phys_to_virt(pd->fields.phys_addr << 12);
vms->initial_rip = (unsigned long)phys_to_virt(pt[0].fields.phys_addr << 12);
for(i = 0; i < 4096; i++){
// hlt
*(char*)(vms->initial_rip+i) = 0xf4;
}
printk(KERN_INFO "INITIAL_RIP: %016lx", vms->initial_rip);
printk(KERN_INFO "INITIAL_RIP_PHYS: %016llx", virt_to_phys((unsigned long*)vms->initial_rip));
// Stack grows down
vms->initial_rsp = (unsigned long)phys_to_virt(pt[9].fields.phys_addr << 12) + 4095;
}
static void prepare_vmx_cpu(void){
uint32_t vmcs_revid = 0;
uint32_t hi = 0;
vmstate *vms = per_cpu(cpu_vms, smp_processor_id());
// Populate VMCS revision id in vmxon region
rdmsr_safe(MSR_IA32_VMX_BASIC, &vmcs_revid, &hi);
memcpy(vms->vmxon_region, &vmcs_revid, 4);
memcpy(vms->vmcs_region, &vmcs_revid, 4);
vms->eptp = alloc_ept(10);
setup_vm_code(vms);
vmx_enable();
}
static void handle_vmexit(void){
int exit_reason = vmcs_read32(VM_EXIT_REASON);
int basic_exit_code = exit_reason & 0xffff;
int exit_qualification = vmcs_read32(EXIT_QUALIFICATION);
int vm_entry_failure = exit_reason & 0x80000000;
dump_vmcs();
panic("VMEXIT WITH CODE %d, VM ENTRY FAILURE: %s, QUAL: %d", basic_exit_code, vm_entry_failure ? "true" : "false", exit_qualification);
VMRESUME();
//TODO: switch error reasons
}
static void vmx_setup_vm_controls(void){
// VM Execution Controls
vmcs_write(PIN_BASED_VM_EXEC_CONTROL, adjust_msr_control(MSR_IA32_VMX_PINBASED_CTLS, 0));
vmcs_write(CPU_BASED_VM_EXEC_CONTROL, adjust_msr_control(
MSR_IA32_VMX_PROCBASED_CTLS, CPU_BASED_HLT_EXITING | CPU_BASED_ACTIVATE_SECONDARY_CONTROLS));
vmcs_write(SECONDARY_VM_EXEC_CONTROL, adjust_msr_control(
MSR_IA32_VMX_PROCBASED_CTLS2, CPU_BASED_CTL2_RDTSCP | CPU_BASED_CTL2_ENABLE_INVPCID | CPU_BASED_CTL2_ENABLE_VPID | CPU_BASED_CTL2_ENABLE_XSAVE_XRSTORS | CPU_BASED_CTL2_ENABLE_EPT
));
//vmcs_write64(TSC_OFFSET, 0);
vmcs_write(CR0_READ_SHADOW, read_cr0());
vmcs_write(CR4_READ_SHADOW, __read_cr4());
vmcs_write(CR0_GUEST_HOST_MASK, ~0ul);
vmcs_write(CR4_GUEST_HOST_MASK, ~0ul);
// How many CR3_TARGET_VALUEs are considered without VM exit when MOV CR3, VAL
vmcs_write(CR3_TARGET_COUNT, 0);
// VM Entry & Exit Controls
vmcs_write(VM_EXIT_CONTROLS, adjust_msr_control(MSR_IA32_VMX_EXIT_CTLS, VM_EXIT_IA32E_MODE | VM_EXIT_LOAD_IA32_EFER | VM_EXIT_HOST_ADDR_SPACE_SIZE));
vmcs_write(VM_ENTRY_CONTROLS, adjust_msr_control(MSR_IA32_VMX_ENTRY_CTLS, VM_ENTRY_IA32E_MODE | VM_ENTRY_LOAD_IA32_EFER));
}
static void vmx_setup_initial_host_state(vmstate *vms){
struct desc_ptr gdtptr, idt;
vmcs_write(HOST_CR0, read_cr0());
vmcs_write(HOST_CR3, __read_cr3());
vmcs_write(HOST_CR4, __read_cr4());
vmcs_write(HOST_RSP, (unsigned long)vms->vmm_handle_stack + vms->vmm_handle_stack_size - 1);
vmcs_write(HOST_RIP, (unsigned long)handle_vmexit);
/* An explanation of segment selectors: https://medium.com/hungys-blog/linux-kernel-memory-addressing-a0d304283af3 */
// Segment Selectors
vmcs_write(HOST_CS_SELECTOR, __KERNEL_CS);
vmcs_write(HOST_DS_SELECTOR, __KERNEL_DS);
vmcs_write(HOST_ES_SELECTOR, __KERNEL_DS);
vmcs_write(HOST_SS_SELECTOR, __KERNEL_DS);
vmcs_write(HOST_FS_SELECTOR, 0);
vmcs_write(HOST_GS_SELECTOR, 0);
vmcs_write(HOST_TR_SELECTOR, GDT_ENTRY_TSS*8);
// Segment Base Adresses
vmcs_write(HOST_FS_BASE, native_read_msr(MSR_FS_BASE));
vmcs_write(HOST_GS_BASE, native_read_msr(MSR_GS_BASE));
vmcs_write(HOST_TR_BASE, read_tr_base());
native_store_gdt(&gdtptr);
vmcs_write(HOST_GDTR_BASE, gdtptr.address);
store_idt(&idt);
vmcs_write(HOST_IDTR_BASE, idt.address);
// MSRs
vmcs_write(HOST_IA32_SYSENTER_CS, native_read_msr(MSR_IA32_SYSENTER_CS));
vmcs_write(HOST_IA32_SYSENTER_ESP, native_read_msr(MSR_IA32_SYSENTER_ESP));
vmcs_write(HOST_IA32_SYSENTER_EIP, native_read_msr(MSR_IA32_SYSENTER_EIP));
vmcs_write64(HOST_IA32_EFER, native_read_msr(MSR_EFER));
}
static void RIPTEST(void) __attribute__((used));
static void RIPTEST(void){
__asm__ __volatile__("hlt; hlt; hlt; hlt; hlt; hlt");
}
static void vmx_setup_initial_guest_state(vmstate *vms){
vmcs_write(GUEST_CR0, read_cr0());
vmcs_write(GUEST_CR3, __read_cr3());
vmcs_write(GUEST_CR4, __read_cr4());
vmcs_write(GUEST_DR7, 0);
vmcs_write(GUEST_RIP, vms->initial_rip);
//vmcs_write(GUEST_RIP, (unsigned long)RIPTEST);
vmcs_write(GUEST_RSP, vms->initial_rsp);
vmcs_write(GUEST_RFLAGS, 0x2); // Reserved flag
// Setup selectors
vmcs_write(GUEST_CS_SELECTOR, 0);
vmcs_write(GUEST_SS_SELECTOR, 0);
vmcs_write(GUEST_DS_SELECTOR, 0);
vmcs_write(GUEST_ES_SELECTOR, 0);
vmcs_write(GUEST_FS_SELECTOR, 0);
vmcs_write(GUEST_GS_SELECTOR, 0);
vmcs_write(GUEST_LDTR_SELECTOR, 0);
vmcs_write(GUEST_TR_SELECTOR, 0);
// Setup base addresses
vmcs_write(GUEST_CS_BASE, 0);
vmcs_write(GUEST_SS_BASE, 0);
vmcs_write(GUEST_DS_BASE, 0);
vmcs_write(GUEST_ES_BASE, 0);
vmcs_write(GUEST_FS_BASE, native_read_msr(MSR_FS_BASE));
vmcs_write(GUEST_GS_BASE, native_read_msr(MSR_GS_BASE));
vmcs_write(GUEST_LDTR_BASE, 0);
vmcs_write(GUEST_TR_BASE, 0);
// Setup guest segment limits
vmcs_write(GUEST_CS_LIMIT, 0xFFFFFFFF);
vmcs_write(GUEST_SS_LIMIT, 0xFFFFFFFF);
vmcs_write(GUEST_DS_LIMIT, 0xFFFFFFFF);
vmcs_write(GUEST_ES_LIMIT, 0xFFFFFFFF);
vmcs_write(GUEST_FS_LIMIT, 0xFFFFFFFF);
vmcs_write(GUEST_GS_LIMIT, 0xFFFFFFFF);
vmcs_write(GUEST_LDTR_LIMIT, 0);
vmcs_write(GUEST_TR_LIMIT, 0xFF);
// Setup guest segment access rights
// https://www.amd.com/system/files/TechDocs/24593.pdf#G10.910849
vmcs_write(GUEST_CS_AR_BYTES, 0xA09B);
vmcs_write(GUEST_SS_AR_BYTES, 0xA093);
vmcs_write(GUEST_DS_AR_BYTES, 0xA093);
vmcs_write(GUEST_ES_AR_BYTES, 0xA093);
vmcs_write(GUEST_FS_AR_BYTES, 0xA093);
vmcs_write(GUEST_GS_AR_BYTES, 0xA093);
vmcs_write(GUEST_LDTR_AR_BYTES, 0x0082);
vmcs_write(GUEST_TR_AR_BYTES, 0x008B);
// Setup GDTR & IDTR
vmcs_write(GUEST_GDTR_BASE, 0);
vmcs_write(GUEST_IDTR_BASE, 0);
vmcs_write(GUEST_GDTR_LIMIT, 0);
vmcs_write(GUEST_IDTR_LIMIT, 0);
vmcs_write(GUEST_IA32_EFER, native_read_msr(MSR_EFER));
vmcs_write64(GUEST_IA32_DEBUGCTL, 0);
// Setup sysenter primitives
vmcs_write(GUEST_SYSENTER_CS, 0);
vmcs_write(GUEST_SYSENTER_ESP, 0);
vmcs_write(GUEST_SYSENTER_EIP, 0);
}
static void init_vmcs(vmstate *vms){
VMPTRLD(vms->vmcs_physical);
vmx_setup_vm_controls();
vmx_setup_initial_guest_state(vms);
vmx_setup_initial_host_state(vms);
vmcs_write64(VMCS_LINK_POINTER, -1ull);
//vmcs_write(EXCEPTION_BITMAP, 8192);
vmcs_write64(EPT_POINTER, vms->eptp.value);
//vmcs_write(VIRTUAL_PROCESSOR_ID, vms->vpid);
}
int vmx_launch(void){
int cpu = smp_processor_id();
vmstate *vms = per_cpu(cpu_vms, smp_processor_id());
printk(KERN_INFO "Launching VM on CPU %d\n", cpu);
init_vmcs(vms);
VMLAUNCH();
put_cpu();
return 0;
}
int vmx_setup(void){
int i = smp_processor_id();
vmstate* vms;
printk(KERN_INFO "NUM CPUS: %d\n", num_online_cpus());
vms = create_vmstate();
vms->vmxon_region = kmalloc(4096, GFP_KERNEL);
vms->vmxon_physical = virt_to_phys(vms->vmxon_region);
vms->vmcs_region = kzalloc(4096, GFP_KERNEL);
vms->vmcs_physical = virt_to_phys(vms->vmcs_region);
vms->vmm_handle_stack_size = 4096;
vms->vmm_handle_stack = kmalloc(vms->vmm_handle_stack_size, GFP_KERNEL);
vms->vpid = get_free_vpid();
per_cpu(cpu_vms, i) = vms;
prepare_vmx_cpu();
printk(KERN_INFO "CPUS prepared!");
vms = per_cpu(cpu_vms, i);
if(vms->vmx_enabled == false) {
printk(KERN_ALERT "Tearing down after VMXON failed!");
vmx_teardown();
return -1;
}
return 0;
}
static int __init hyper_init(void) {
int err;
get_cpu();
printk(KERN_INFO "Hyper1 Init!\n");
if(check_vmx_support()){
device_cleanup();
return -1;
}
if((err = setup_chrdev())){
device_cleanup();
return err;
}
if((err = vmx_setup())){
device_cleanup();
return err;
}
printk(KERN_INFO "Assigned major number %d\n", MAJOR(devt));
vmx_launch();
put_cpu();
return 0;
}
VM log:
[ 323.188232] Hyper1 Init!
[ 323.189311] NUM CPUS: 2
[ 323.192490] EPTP PML4 PHYS ADDR: 0007261e
[ 323.192500] INITIAL_RIP: 18446615530478686208
[ 323.194087] CPUS prepared!
[ 323.195778] Assigned major number 240
[ 323.198310] Launching VM on CPU 1
[ 323.199330] vmwrite log: reg 4000 value 16
[ 323.200639] vmwrite log: reg 4002 value ffffffff8401e1f2
[ 323.202297] vmwrite log: reg 401e value a
[ 323.203499] vmwrite log: reg 6004 value 80050033
[ 323.204836] vmwrite log: reg 6006 value 626e0
[ 323.206041] vmwrite log: reg 6000 value ffffffffffffffff
[ 323.207529] vmwrite log: reg 6002 value ffffffffffffffff
[ 323.209033] vmwrite log: reg 400a value 0
[ 323.210121] vmwrite log: reg 400c value 236fff
[ 323.211322] vmwrite log: reg 4012 value 93ff
[ 323.212541] vmwrite log: reg 6800 value 80050033
[ 323.213900] vmwrite log: reg 6802 value 7776e004
[ 323.215150] vmwrite log: reg 6804 value 626e0
[ 323.216457] vmwrite log: reg 681a value 0
[ 323.217565] vmwrite log: reg 681e value ffff8b173262d000
[ 323.219124] vmwrite log: reg 681c value ffff8b173260cfff
[ 323.220656] vmwrite log: reg 6820 value 2
[ 323.221746] vmwrite log: reg 802 value 0
[ 323.222811] vmwrite log: reg 804 value 0
[ 323.223938] vmwrite log: reg 806 value 0
[ 323.225008] vmwrite log: reg 800 value 0
[ 323.226082] vmwrite log: reg 808 value 0
[ 323.227246] vmwrite log: reg 80a value 0
[ 323.228437] vmwrite log: reg 80c value 0
[ 323.229551] vmwrite log: reg 80e value 0
[ 323.230626] vmwrite log: reg 6808 value 0
[ 323.231753] vmwrite log: reg 680a value 0
[ 323.232841] vmwrite log: reg 680c value 0
[ 323.233925] vmwrite log: reg 6806 value 0
[ 323.235037] vmwrite log: reg 680e value 7f624c519540
[ 323.236473] vmwrite log: reg 6810 value ffff8b173bc40000
[ 323.237903] vmwrite log: reg 6812 value 0
[ 323.238988] vmwrite log: reg 6814 value 0
[ 323.240129] vmwrite log: reg 4802 value ffffffff
[ 323.241375] vmwrite log: reg 4804 value ffffffff
[ 323.242619] vmwrite log: reg 4806 value ffffffff
[ 323.243905] vmwrite log: reg 4800 value ffffffff
[ 323.245150] vmwrite log: reg 4808 value ffffffff
[ 323.246417] vmwrite log: reg 480a value ffffffff
[ 323.247697] vmwrite log: reg 480c value 0
[ 323.248784] vmwrite log: reg 480e value ff
[ 323.249901] vmwrite log: reg 4816 value a09b
[ 323.251053] vmwrite log: reg 4818 value a093
[ 323.252243] vmwrite log: reg 481a value a093
[ 323.253439] vmwrite log: reg 4814 value a093
[ 323.254594] vmwrite log: reg 481c value a093
[ 323.255822] vmwrite log: reg 481e value a093
[ 323.256978] vmwrite log: reg 4820 value 82
[ 323.258142] vmwrite log: reg 4822 value 8b
[ 323.259238] vmwrite log: reg 6816 value 0
[ 323.260350] vmwrite log: reg 6818 value 0
[ 323.261421] vmwrite log: reg 4810 value 0
[ 323.262489] vmwrite log: reg 4812 value 0
[ 323.263762] vmwrite log: reg 2806 value d01
[ 323.264960] vmwrite log: reg 2802 value 0
[ 323.266068] vmwrite log: reg 482a value 0
[ 323.267136] vmwrite log: reg 6824 value 0
[ 323.268257] vmwrite log: reg 6826 value 0
[ 323.269379] vmwrite log: reg 6c00 value 80050033
[ 323.270601] vmwrite log: reg 6c02 value 7776e004
[ 323.271879] vmwrite log: reg 6c04 value 626e0
[ 323.273037] vmwrite log: reg 6c14 value ffff8b1732619fff
[ 323.274435] vmwrite log: reg 6c16 value ffffffffc07154f0
[ 323.275870] vmwrite log: reg c02 value 10
[ 323.277134] vmwrite log: reg c06 value 18
[ 323.278262] vmwrite log: reg c00 value 18
[ 323.279443] vmwrite log: reg c04 value 18
[ 323.280625] vmwrite log: reg c08 value 0
[ 323.282006] vmwrite log: reg c0a value 0
[ 323.283281] vmwrite log: reg c0c value 40
[ 323.284409] vmwrite log: reg 6c06 value 7f624c519540
[ 323.285794] vmwrite log: reg 6c08 value ffff8b173bc40000
[ 323.287244] vmwrite log: reg 6c0a value 0
[ 323.288367] vmwrite log: reg 6c0c value fffffe000002c000
[ 323.289770] vmwrite log: reg 6c0e value fffffe0000000000
[ 323.291169] vmwrite log: reg 4c00 value 10
[ 323.292295] vmwrite log: reg 6c10 value fffffe000002d200
[ 323.293696] vmwrite log: reg 6c12 value ffffffff860015f0
[ 323.295124] vmwrite log: reg 2c02 value d01
[ 323.296309] vmwrite log: reg 2800 value ffffffffffffffff
[ 323.297711] vmwrite log: reg 201a value 7261e018
[ 323.299105] *** Guest State ***
[ 323.300022] CR0: actual=0x0000000080050033, shadow=0x0000000080050033, gh_mask=ffffffffffffffff
[ 323.302373] CR4: actual=0x00000000000626e0, shadow=0x00000000000626e0, gh_mask=ffffffffffffffff
[ 323.304697] CR3 = 0x000000007776e004
[ 323.305687] PDPTR0 = 0x0000000000000000 PDPTR1 = 0x0000000000000000
[ 323.307411] PDPTR2 = 0x0000000000000000 PDPTR3 = 0x0000000000000000
[ 323.309117] RSP = 0xffff8b173260cfff RIP = 0xffff8b173262d000
[ 323.310683] RFLAGS=0x00010002 DR7 = 0x0000000000000400
[ 323.312270] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[ 323.314044] CS: sel=0x0000, attr=0x0a09b, limit=0xffffffff, base=0x0000000000000000
[ 323.316257] DS: sel=0x0000, attr=0x0a093, limit=0xffffffff, base=0x0000000000000000
[ 323.318371] SS: sel=0x0000, attr=0x0a093, limit=0xffffffff, base=0x0000000000000000
[ 323.320506] ES: sel=0x0000, attr=0x0a093, limit=0xffffffff, base=0x0000000000000000
[ 323.322580] FS: sel=0x0000, attr=0x0a093, limit=0xffffffff, base=0x00007f624c519540
[ 323.324678] GS: sel=0x0000, attr=0x0a093, limit=0xffffffff, base=0xffff8b173bc40000
[ 323.326774] GDTR: limit=0x00000000, base=0x0000000000000000
[ 323.328880] LDTR: sel=0x0000, attr=0x00082, limit=0x00000000, base=0x0000000000000000
[ 323.330982] IDTR: limit=0x00000000, base=0x0000000000000000
[ 323.333073] TR: sel=0x0000, attr=0x0008b, limit=0x000000ff, base=0x0000000000000000
[ 323.335153] EFER = 0x0000000000000d01 PAT = 0x0000000000000000
[ 323.337001] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000
[ 323.338947] PerfGlobCtl = 0x0000000000000000
[ 323.340114] vmread err: reg 2812 value 0
[ 323.341171] BndCfgS = 0x0000000000000000
[ 323.342235] Interruptibility = 00000000 ActivityState = 00000000
[ 323.343874] vmread err: reg 810 value 0
[ 323.344910] InterruptStatus = 0000
[ 323.345840] *** Host State ***
[ 323.346699] RIP = 0xffffffffc07154f0 RSP = 0xffff8b1732619fff
[ 323.348287] CS=0010 SS=0018 DS=0018 ES=0018 FS=0000 GS=0000 TR=0040
[ 323.349965] FSBase=00007f624c519540 GSBase=ffff8b173bc40000 TRBase=0000000000000000
[ 323.352014] GDTBase=fffffe000002c000 IDTBase=fffffe0000000000
[ 323.353586] CR0=0000000080050033 CR3=000000007776e004 CR4=00000000000626e0
[ 323.355468] Sysenter RSP=fffffe000002d200 CS:RIP=0010:ffffffff860015f0
[ 323.357231] EFER = 0x0000000000000d01 PAT = 0x0000000000000000
[ 323.358815] PerfGlobCtl = 0x0000000000000000
[ 323.359976] *** Control State ***
[ 323.360877] PinBased=00000016 CPUBased=8401e1f2 SecondaryExec=0000000a
[ 323.362632] EntryControls=000093ff ExitControls=00236fff
[ 323.364073] ExceptionBitmap=00000000 PFECmask=00000000 PFECmatch=00000000
[ 323.366003] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000
[ 323.367768] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
[ 323.369521] reason=00000030 qualification=0000000000000081
[ 323.371177] IDTVectoring: info=00000000 errcode=00000000
[ 323.372614] TSC Offset = 0x0000000000000000
[ 323.373742] vmread err: reg 810 value 810
[ 323.374822] SVI|RVI = 08|10 TPR Threshold = 0x00
[ 323.376079] vmread err: reg 2014 value 0
[ 323.377276] APIC-access addr = 0x0000000000000000 virt-APIC addr = 0x0000000000000000
[ 323.379498] vmread err: reg 2 value 0
[ 323.380501] PostedIntrVec = 0x00
[ 323.381383] EPT pointer = 0x000000007261e018
[ 323.382534] Virtual processor ID = 0x0000
[ 323.383629] Kernel panic - not syncing: VMEXIT WITH CODE 48, VM ENTRY FAILURE: false, QUAL: 129
Any help would be appreciated, thanks!
It looks like it is only mapping 10 pages (40 KB) in the EPT, but GUEST CR3 is 7776e0000, which is not mapped.
If you want to only map a small amount of memory into the guest, then all the guest structures need to be located within that guest physical address range.
Related
initialization variable changed in each iteration in a for clause
A passed parameter was changed in the middle of the code without changing or manipulating the variable
I launched a C program with this command:
anonymous DELAI_ANONYME=O sanspm=O
The main function code is below:
int main(int argc, char *argv[])
{
EXEC SQL BEGIN DECLARE SECTION;
SQL100 qstrRefIndiv = {0};
int qiCheckIndiv = 0;
SQL20 qstrTrigStatus = {0};
EXEC SQL END DECLARE SECTION;
char strLogName[100] = {0};
char strRef[100] = {0};
int iNoCommit = 0;
int i = 0;
int iDelCase=0;
char strDelai[1];
char strSanspm[1];
strcpy(strDelai, "N");
strcpy(strSanspm, "N");
char selectcof[1000]= {0};
initscr();
bkg_init();
for(i=1; i<argc; i++)
{
refresh();
db_log_message (LL_INFO, "Iter Nbr= [%d]\n", i);
if(strcmp(argv[i],"NOCOMMIT")==0)
{
iNoCommit = 1;
}
if(strncmp(argv[i], "ref=", 4)==0)
{
strcpy(strRef,&argv[i][4]);
strcpy (qstrRefIndiv, strRef);
db_log_message (LL_INFO, "ref param= [%s]\n", qstrRefIndiv);
}
if(strncmp(argv[i], "DELAI_ANONYME=", 14)==0)
{
strcpy(strDelai,&argv[i][14]);
db_log_message (LL_INFO, "ref Delai= [%s]\n", strDelai);
}
if(strncmp(argv[i], "delcase=", 8)==0)
{
iDelCase=atoi(&argv[i][8]);
db_log_message (LL_INFO, "ref iDelCase= [%s]\n", iDelCase);
}
if(strncmp(argv[i], "sanspm=", 7)==0)
{
db_log_message (LL_INFO, "[sanspm] before ref Delai= [%s]\n", strDelai);
strcpy(strSanspm,&argv[i][7]);
db_log_message (LL_INFO, "ref strSanspm= [%s]\n", strSanspm);
db_log_message (LL_INFO, "[sanspm] after ref Delai= [%s]\n", strDelai);
}
}
db_log_message (LL_INFO, "ref Delai 1= [%s]\n", strDelai);
db_log_message (LL_INFO, "ref strSanspm 1= [%s]\n", strSanspm);
...
endwin();
return(0);
}
After checking the log file I see that the DELAI_ANONYME variable was changed in the middel of the for clause as shown in the logs after launching the program
Log:
[INFO ] [ 0.017] Iter Nbr= [1]
[INFO ] [ 0.000] ref Delai= [O]
[INFO ] [ 0.000] Iter Nbr= [2]
[INFO ] [ 0.000] [sanspm] before ref Delai= [O]
[INFO ] [ 0.000] ref strSanspm= [O]
[INFO ] [ 0.000] [sanspm] after ref Delai= []
[INFO ] [ 0.000] ref Delai 1= []
[INFO ] [ 0.000] ref strSanspm 1= [O]
When I changed the order of the parameters I got the below behavior with this command:
anonymous sanspm=O DELAI_ANONYME=O
I see the DELAI_ANONYME variable is OK but at the same time strSanspm variable is taking another character that is not initialized at the beginning 'OO'
Log:
[INFO ] [ 0.001] Iter Nbr= [1]
[INFO ] [ 0.000] [sanspm] before ref Delai= []
[INFO ] [ 0.000] ref strSanspm= [O]
[INFO ] [ 0.000] [sanspm] after ref Delai= []
[INFO ] [ 0.000] Iter Nbr= [2]
[INFO ] [ 0.000] ref Delai= [O]
[INFO ] [ 0.000] ref Delai 1= [O]
[INFO ] [ 0.000] ref strSanspm 1= [OO]
Deciphering traceback from ARM CPU on Evaluation Board
I am using a petalinux / yocto on a evaluation board with a MpSoc and a FPGA. I am new to this whole Embedded Linux and gereeted with this error message when I try to run a precompiled example. Any pointers on what's going wrong is appreciated. [ 91.171070] rcu: INFO: rcu_sched self-detected stall on CPU [ 91.176642] rcu: 0-....: (5249 ticks this GP) idle=66a/1/0x4000000000000002 softirq=1286/1286 fqs=2625 [ 91.186107] (t=5252 jiffies g=1737 q=5) [ 91.190013] Task dump for CPU 0: [ 91.193225] resnet50 R running task 0 740 608 0x00000002 [ 91.200265] Call trace: [ 91.202701] dump_backtrace+0x0/0x140 [ 91.206352] show_stack+0x14/0x20 [ 91.209652] sched_show_task+0xf4/0x120 [ 91.213479] dump_cpu_task+0x40/0x50 [ 91.217038] rcu_dump_cpu_stacks+0xa0/0xe0 [ 91.221118] rcu_sched_clock_irq+0x52c/0x780 [ 91.225372] update_process_times+0x2c/0x68 [ 91.229539] tick_sched_handle.isra.0+0x30/0x50 [ 91.234052] tick_sched_timer+0x48/0x98 [ 91.237872] __hrtimer_run_queues+0xec/0x1e8 [ 91.242125] hrtimer_interrupt+0x110/0x2c0 [ 91.246207] arch_timer_handler_phys+0x30/0x40 [ 91.250633] handle_percpu_devid_irq+0x80/0x140 [ 91.255147] generic_handle_irq+0x24/0x38 [ 91.259140] __handle_domain_irq+0x60/0xb8 [ 91.263220] gic_handle_irq+0x5c/0xb8 [ 91.266866] el1_irq+0xb8/0x140 [ 91.269992] misc_open+0x50/0x1a0 [ 91.273291] chrdev_open+0xc4/0x200 [ 91.276763] do_dentry_open+0x104/0x398 [ 91.280581] vfs_open+0x28/0x30 [ 91.283708] path_openat+0x4a0/0x1248 [ 91.287353] do_filp_open+0x74/0xf8 [ 91.290825] do_sys_open+0x168/0x218 [ 91.294384] __arm64_sys_openat+0x20/0x28 [ 91.298381] el0_svc_common.constprop.0+0x68/0x160 [ 91.303161] el0_svc_handler+0x6c/0x88 [ 91.306893] el0_svc+0x8/0xc
Convert Arrays to Object in Angular
I am creating a Line Chart with d3 in Angular 8.
I following some example with TEMPERATURES. But my API is getting following format.
Data from API
{
"status": 200,
"data": {
"dashboard_data": [
[
2014-04-01,
2920.0,
239.44000000000003
],
[
2014-04-02,
2260.0,
185.32000000000002
],
[
2014-04-03,
156.0,
12.792
],
[
2014-04-04,
980.0,
80.36
],
[
2014-04-05,
1515.0,
124.22999999999999
],
],
}
}
Need data in this format
TEMPERATURES = [
{
'values': [
{'date': new Date('2012-09-05'), 'temperature': 77.7},
{'date': new Date('2012-09-06'), 'temperature': 74.2},
{'date': new Date('2012-09-07'), 'temperature': 76.0},
]
},
];
I am looking for solution, how I convert dashboard_data with values?
TIA
Try like this:
TEMPERATURES = [];
constructor() {
let obj = {};
obj["values"] = this.input.data.dashboard_data.map(item => ({
date: new Date(item[0]),
temperature : item[2]
}))
this.TEMPERATURES.push(obj)
}
Working Demo
It is not clear how to convert temperature. However, you can try the following approach:
let temperatures = [];
const result = obj.data.dashboard_data
.map(([d, h, t]) => ({date: new Date(d), temperature: t}));
temperatures.push({values: result});
An example:
let obj = {
"status": 200,
"data":
{
"dashboard_data": [
[
2014 - 04 - 01,
2920.0,
239.44000000000003
],
[
2014 - 04 - 02,
2260.0,
185.32000000000002
],
[
2014 - 04 - 03,
156.0,
12.792
],
[
2014 - 04 - 04,
980.0,
80.36
],
[
2014 - 04 - 05,
1515.0,
124.22999999999999
],
]
}
};
let temperatures = [];
const result = obj.data.dashboard_data
.map(([d, h, t]) => ({date: new Date(d), temperature: t}));
temperatures.push({values: result});
console.log(temperatures);
You have to iterate over each item in dashboard_data array and then pick date and temperature from it and push it to TEMPERATURE array:
dashboard_data.forEach((item)=>{
TEMPERATURES.push({'date': new Date(item[0]), 'temperature': item[2]});
}
)
let dashboard_data = [
[
'2014-04-01',
2920.0,
239.44000000000003
],
[
'2014-04-02',
2260.0,
185.32000000000002
],
[
'2014-04-03',
156.0,
12.792
],
[
'2014-04-04',
980.0,
80.36
],
[
'2014-04-05',
1515.0,
124.22999999999999
],
]
let TEMPERATURES = [];
dashboard_data.forEach((item)=>{
TEMPERATURES.push({'date': new Date(item[0]), 'temperature': item[2]});
}
)
console.log(TEMPERATURES);
Vmwrite error when updating vmcs from kvm_vm_ioctl
i'm implementing an application on top of KVM in which I need to trap writes to CR3. When I do this when handling a VM EXIT using: vmcs_set_bits(CPU_BASED_VM_EXEC_CONTROL, CPU_BASED_CR3_LOAD_EXITING), it works correctly and I can see the traps in my log file. Now when I do the same thing after receiving a command from Qemu (command is handled in kvm_vm_ioctl by calling a function I added to kvm_x86_ops vmx_x86_ops) I get a vmwrite error. Here after the error log: [ 290.559474] start_vmi [ 290.559477] vmi: vmx.c: vmx_vmi_start_cr3_store_trapping: vmcs_read32(CPU_BASED_VM_EXEC_CONTROL) & CPU_BASED_CR3_LOAD_EXITING = 0 [ 290.559480] vmwrite error: reg 4002 value c002 (err 16386) [ 290.559485] CPU: 0 PID: 3376 Comm: qemu-system-i38 Tainted: GF O 3.13.0-32-generic #57~precise1-Ubuntu [ 290.559513] Call Trace: [ 290.559525] [<c1680147>] dump_stack+0x41/0x52 [ 290.559533] [<f89f289a>] vmwrite_error+0x35/0x3b [kvm_intel] [ 290.559538] [<f89e6b95>] vmcs_writel+0x25/0x30 [kvm_intel] [ 290.559542] [<f89e6c27>] vmcs_set_bits+0x27/0x40 [kvm_intel] [ 290.559547] [<f89e6c83>] vmx_vmi_start_cr3_store_trapping+0x43/0x50 [kvm_intel] [ 290.559564] [<fbf861a5>] kvm_vm_ioctl+0x3b5/0x740 [kvm] [ 290.559570] [<c1150747>] ? __handle_mm_fault+0x127/0x280 [ 290.559574] [<c115093a>] ? handle_mm_fault+0x9a/0x150 [ 290.559580] [<c168ec77>] ? __do_page_fault+0x287/0x520 [ 290.559593] [<fbf85df0>] ? kvm_vm_release+0x20/0x20 [kvm] [ 290.559600] [<c1194ae2>] do_vfs_ioctl+0x72/0x2e0 [ 290.559604] [<c1194de7>] SyS_ioctl+0x97/0xa0 [ 290.559609] [<c1692b4d>] sysenter_do_call+0x12/0x28 [ 290.559614] [<c1680000>] ? cfq_arm_slice_timer+0x14e/0x254 Does anyone has an idea why what's the problem ? I would be very grateful if there is any answer
Extracting errored line from the debug output of a Linux Kernel
I have implemented a mechanism to migrate TCP socket between different severs in Linux OS. The migration mechanism works perfectly, except when the importing server needs to close the server the whole machine freezes. I was able to dump the log file of the machine using serial connection as explained in this article Debugging Linux Kernel. From the reading of the log file, I saw that NULL pointer dereference problem is occurring in the tcp_time_wait function. So my current problem now I need to know how to figure out which data member or macro inside the tcp_time_wait is causing the problem? Should I recompile the Kernel with some printk to detect the exact source of error? Linux Kernel Dump: [ 225.717049] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 [ 225.720544] IP: [<ffffffff8162056c>] __inet_twsk_hashdance+0x8c/0x160 [ 225.720544] PGD 7bbf9067 PUD 7b7fc067 PMD 0 [ 225.720544] Oops: 0000 [#1] SMP [ 225.720544] Modules linked in: sockmi(OF) nf_conntrack(F) vesafb(F) vboxsf(OF) snd_int) [ 225.720544] CPU 0 [ 225.720544] Pid: 0, comm: swapper/0 Tainted: GF W O 3.8.0-29-generic #42~precisx [ 225.720544] RIP: 0010:[<ffffffff8162056c>] [<ffffffff8162056c>] __inet_twsk_hashdance0 [ 225.720544] RSP: 0018:ffff88007fc039d0 EFLAGS: 00010282 [ 225.720544] RAX: 0000000000000000 RBX: ffff88005cbd5000 RCX: ffffffff81e304c0 [ 225.720544] RDX: 0000000000001c37 RSI: 0000000000000082 RDI: 0000000000000009 [ 225.720544] RBP: ffff88007fc03a00 R08: 000000000000000a R09: 0000000000000000 [ 225.720544] R10: 000000000000021a R11: 0000000000000219 R12: ffff88007ba4b800 [ 225.720544] R13: ffffc9000035a7d0 R14: ffffc90000322500 R15: ffff88007c1e3d40 [ 225.720544] FS: 0000000000000000(0000) GS:ffff88007fc00000(0000) knlGS:000000000000000 [ 225.720544] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 225.720544] CR2: 0000000000000020 CR3: 000000007965f000 CR4: 00000000000006f0 [ 225.720544] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 225.720544] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 225.720544] Process swapper/0 (pid: 0, threadinfo ffffffff81c00000, task ffffffff81c15) [ 225.720544] Stack: [ 225.720544] ffff88007ba4b800 ffff88007ba4b800 ffff88005cbd5000 0000000000000000 [ 225.720544] 000000000000001f 0000000000000000 ffff88007fc03a50 ffffffff8163de3c [ 225.720544] ffff8800000000d9 000000065cb8b300 ffff88003652e262 ffff88007ba4b800 [ 225.720544] Call Trace: [ 225.720544] <IRQ> [ 225.720544] [<ffffffff8163de3c>] tcp_time_wait+0x1bc/0x290 [ 225.720544] [<ffffffff8162d4fe>] tcp_fin+0x10e/0x1c0 [ 225.720544] [<ffffffff8162e078>] tcp_data_queue+0x3e8/0x580 [ 225.720544] [<ffffffff81631bb5>] tcp_rcv_state_process+0x2b5/0x6b0 [ 225.720544] [<ffffffff8163abc7>] tcp_v4_do_rcv+0xc7/0x220 [ 225.720544] [<ffffffff8163c829>] tcp_v4_rcv+0x569/0x830 [ 225.720544] [<ffffffff81616366>] ip_local_deliver_finish+0xe6/0x280 [ 225.720544] [<ffffffff8161668a>] ip_local_deliver+0x4a/0x90 [ 225.720544] [<ffffffff81616039>] ip_rcv_finish+0x119/0x360 [ 225.720544] [<ffffffff816168ed>] ip_rcv+0x21d/0x300 [ 225.720544] [<ffffffff815e355a>] __netif_receive_skb+0x5fa/0x760 [ 225.720544] [<ffffffff8163cbae>] ? tcp4_gro_receive+0x9e/0x110 [ 225.720544] [<ffffffff815e36e3>] netif_receive_skb+0x23/0x90 [ 225.720544] [<ffffffff815e3e28>] napi_gro_receive+0xe8/0x140 [ 225.906423] [<ffffffffa0002f98>] e1000_clean_rx_irq+0x2b8/0x520 [e1000] [ 225.906423] [<ffffffff8144df56>] ? credit_entropy_bits.part.7+0x176/0x1d0 [ 225.906423] [<ffffffffa0004801>] e1000_clean+0x51/0xc0 [e1000] [ 225.906423] [<ffffffff815e4cd4>] net_rx_action+0x134/0x260 [ 225.906423] [<ffffffff81045136>] ? native_safe_halt+0x6/0x10 [ 225.906423] [<ffffffff81062620>] __do_softirq+0xc0/0x240 [ 225.906423] [<ffffffff8103cca2>] ? ack_apic_level+0x72/0x130 [ 225.906423] [<ffffffff816fdd5c>] call_softirq+0x1c/0x30 [ 225.906423] [<ffffffff81016775>] do_softirq+0x65/0xa0 [ 225.906423] [<ffffffff810628fe>] irq_exit+0x8e/0xb0 [ 225.906423] [<ffffffff816fe5f3>] do_IRQ+0x63/0xe0 [ 225.906423] [<ffffffff816f406d>] common_interrupt+0x6d/0x6d [ 225.906423] <EOI> [ 225.906423] [<ffffffff81084008>] ? hrtimer_start+0x18/0x20 [ 225.906423] [<ffffffff81045136>] ? native_safe_halt+0x6/0x10 [ 225.906423] [<ffffffff8101cc33>] default_idle+0x53/0x1f0 [ 225.906423] [<ffffffff8101dad9>] cpu_idle+0xd9/0x120 [ 225.906423] [<ffffffff816c6db2>] rest_init+0x72/0x80 [ 225.906423] [<ffffffff81d05c4f>] start_kernel+0x3d1/0x3de [ 225.906423] [<ffffffff81d057ff>] ? pass_bootoption.constprop.2+0xd3/0xd3 [ 225.906423] [<ffffffff81d05397>] x86_64_start_reservations+0x131/0x135 [ 225.906423] [<ffffffff81d05120>] ? early_idt_handlers+0x120/0x120 [ 225.906423] [<ffffffff81d05468>] x86_64_start_kernel+0xcd/0xdc [ 225.906423] Code: 49 c1 e5 04 4c 03 6a 18 4c 89 ef e8 2f 35 0d 00 49 8b 84 24 60 03 00 [ 225.906423] RIP [<ffffffff8162056c>] __inet_twsk_hashdance+0x8c/0x160 [ 225.906423] RSP <ffff88007fc039d0> [ 225.906423] CR2: 0000000000000020 [ 226.111238] ---[ end trace 18ecfe1006daa681 ]--- [ 226.111817] Kernel panic - not syncing: Fatal exception in interrupt