Re: [Xen-devel] fail to register IRQ for virtualization exception

Or should I modify the linux kernel to add support for handling #VE exception? 2016-09-02 16:35 GMT+08:00 Big Strong : > Sorry for that. Could you give any suggestions on how to register the IRQ > handler for #VE? > > 2016-09-02 15:52 GMT+08:00 Jan Beulich : > >> >>>

Re: [Xen-devel] fail to register IRQ for virtualization exception

Sorry for that. Could you give any suggestions on how to register the IRQ handler for #VE? 2016-09-02 15:52 GMT+08:00 Jan Beulich : > >>> On 02.09.16 at 04:59, wrote: > > I'm recently trying to utilize the virtualization exception (#VE) > feature. > > As the document says, #VE is handled by gues

[Xen-devel] fail to register IRQ for virtualization exception

Hello. I'm recently trying to utilize the virtualization exception (#VE) feature. As the document says, #VE is handled by guest interrupt handler. The IRQ number of #VE is 20. However, when I tried to register an IRQ handler for #VE, it returns errno -22, which means invalid arguments. request_ir

Re: [Xen-devel] handle virtualization exception

To handle this system reserved exception, should I modify the linux kernel instead of using loadable kernel module? Is there any suggestions? 2016-06-01 11:08 GMT+08:00 Big Strong : > Virtualization exception is a fault exception caused by specific type of > EPT violations. The vector

[Xen-devel] handle virtualization exception

Virtualization exception is a fault exception caused by specific type of EPT violations. The vector is 20, which is not defined in linux kernel (traps.h), also no exception handling function is defined (traps.c). So is there any way to implement it as a LKM? As it is needed to set virtualization-ex

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

Should the VMFUNC and #VE must run in kernel mode? I.E. as a linux kernel module or windows driver? if it is, how to invoke hypercall from the domU kernel, by ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall) or directly issue 0x82 interrupt? 2016-05-17 20:05 GMT+08:00 Big Strong : > I just set

Re: [Xen-devel] unable to create domain after enabling XSM

Thanks very much, it turns out to be the problem of modules.conf. I turn the xen module off for mistake, I'm very sorry for the time you spend. ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

user space functions of libxc. Is there a libxc function to translate the virtual address of malloc() to physical address? 2016-05-16 23:05 GMT+08:00 Big Strong : > To solve that, I install xen and tools in the guest, so as to access its > domain id and vcpu info to overcome the 'domai

Re: [Xen-devel] unable to create domain after enabling XSM

I should add the xsm=policy option to the end of the xen.cfg instead of as an option. Sorry for the fault. However, another problem is that when I modified the policy and reload it using '*xl loadpolicy*', the policy seemed not working. The policy I add is *'allow domU_t security_t:security check

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

en/arch/x86/hvm/hvm.c;h=7492030a131a4212d9ca8e700621b2c8836867a9;hb=4f6aea066fe2cf3bf4929d6dac1e558071566f73#l5238>. The DOMID_SELF is always 32752 (0x7FF0), while a.domain is the domid of the guest, which induce the checking failed and exit. Any helps? 2016-05-16 17:06 GMT+08:00 Big Strong : &

Re: [Xen-devel] unable to create domain after enabling XSM

tek Wilk : > On Mon, May 16, 2016 at 10:43:49AM +0100, Andrew Cooper wrote: > > On 16/05/16 09:54, Big Strong wrote: > > > Problem solved by booting xen with grub instead of efi. The deep > > > reason is unknown. > > > > Ah - that is very useful to know,

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

a8e700621b2c8836867a9;hb=4f6aea066fe2cf3bf4929d6dac1e558071566f73#l5164>. While in dom0, this is not a problem. But dom0 is unable to call HVMOP_altp2m_vcpu_enable_notify for the guest. How can I solve this contradiction? 2016-05-12 23:17 GMT+08:00 Wei Liu : > On Thu, May 12, 2016 at 09:00:12PM +0800, Big Strong wrote: > >

Re: [Xen-devel] unable to create domain after enabling XSM

Problem solved by booting xen with grub instead of efi. The deep reason is unknown. 2016-05-16 11:08 GMT+08:00 Big Strong : > As you suggested, I used xen 4.7.0-rc2 to test it again and the problem > still exists. > > $ sudo xl create xen-config/win7 >> Parsing config fr

Re: [Xen-devel] unable to create domain after enabling XSM

02Z] A12 rm/local/domain/1 > [20160516T02:49:11.602Z] A4 w event /local/domain/1/console > dom1 > [20160516T02:49:11.603Z] A12 rm/libxl/1 > [20160516T02:49:11.603Z] A12 rm/local/domain/1/hvmloader > [20160516T02:49:11.992Z] D1

[Xen-devel] unable to create domain after enabling XSM

Hi, I've configured xen 4.6.0 with xsm enabled and use the default flask policy to boot the dom0. However, when I tried to create a domU, it will fail for following reasons: > > (XEN) avc: denied { send } for domid=0 scontext=system_u:system_r:dom0_t > tcontext=system_u:system_r:dom0_t tclass=e

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

16-05-12 0:26 GMT+08:00 Sahita, Ravi : > Hi Fangtuo, > > > > #VE can be setup to be delivered to any dom that is a HVM. > > > > Ravi > > > > *From:* Big Strong [mailto:fangtu...@gmail.com] > *Sent:* Wednesday, May 11, 2016 8:38 AM > *To:* Wei Liu &g

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

Is that a bug or does #ve info page can only exist on dom0? If this is true, why would there be a is_hvm_domain check which will stop the execution of xc_altp2m_vcpu_enable_notify? 2016-05-11 15:56 GMT+08:00 Big Strong : > From what I analyzed, can I draw a concolusion that the curr

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

>From what I analyzed, can I draw a concolusion that the current implementation of do_altp2m_op means #ve info page can only be set on dom0 memory and the dom0 must be a hvm? This seems like ridiculous as dom0 is a special pv guest. 2016-05-11 11:37 GMT+08:00 Big Strong : > Further deb

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

Further debugging shows that the domain is changed to domain 0 during the check of whether the cmd of do_altp2m_op is HVMOP_altp2m_vcpu_enable_notify, located at here

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

> > I think you need to add more printk to find out. > > Wei. > Thanks for the suggestion, after adding printk to all the routines of xc_altp2m_set_vcpu_enable_notify, it turns out that the problem is because the check of is_hvm_domain()

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

> > You need to have appropriate log level set. > > Try adding loglvl=all guest_loglvl=all to your xen command line and > reboot. > > Wei. > I've enabled all the log level just as you said, but no outputs happen at HVMOP_altp2m_vcpu_enable_notify section of do_altp2m_op function, so does that mea

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

> > You should put in some extra gdprintk's into the altp2m path of Xen to see > how far it gets when you try to enable VE. That would enable us to pinpoint > where it gets stuck exactly. > > Tamas > I've added gdprintk into HVMOP_altp2m_vcpu_enable_notify section of do_altp2m_op function, but no o

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

> > libxc functions always return -1 when it fails. You need the specific > errno to know what went wrong. Yeah, I know it means a failure. Actually, I noticed that there is a comment at the source code of xen

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

> > A bit more information on this. There is a on-going discussion on the > errno topic on xen-devel. The safe bet is that if you use errno in the > os it is probably in the os name space. If you get errno from hypercall > struct it should be in xen's name space. > > Wei. > I don't know what is th

[Xen-devel] rdmsr general protection error

I want to test if my processor support VMFUNC which is described as: > > > The IA32_VMX_VMFUNC MSR exists only on processors that support the > 1-setting of the “activate secondary controls” VM-execution control (only if* > bit 63 of the IA32_VMX_PROCBASED_CTLS MSR is 1*) and the 1-setting of the >

Re: [Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

> > Check the errno please, thats' where the information is stored. I looked up in the source code of xen 4.6, and find that errno 4 indicates "Interrupted system call

[Xen-devel] xc_altp2m_set_vcpu_enable_notify fail

I've successfully add a new physical page to guest and trying to use it as the virtualization exception (#VE) infomation page. However, the function: xc_altp2m_set_vcpu_enable_notify(xci, domid, vcpuid, gfn) failed for unknown reason (return -1). The only related info I can get is by `dmesg`: [605

Re: [Xen-devel] how to set up a #VE

> > You can always just add a new page to the domain to be used for #VE. It's there a method to directly assign physical pages to guest from dom0? Using xc_map_foreign_address just like libvmi? 2016-04-28 23:07 GMT+08:00 Tamas K Lengyel : > > > On Thu, Apr 28, 2016 at 8:36 A

[Xen-devel] how to set up a #VE

I want to set up an EPT page so as to trigger the #VE for testing purpose. However, some problems are met. As the Intel Manual said, there are many conditions to trigger a #VE: a) If an access to a guest-physical address causes an EPT violation, bit 63 (0) of exactly one of the EPT paging-st

Re: [Xen-devel] no definition of virtualization exception in exception table

Got it. Thanks for the replying. 2016-04-28 17:03 GMT+08:00 Andrew Cooper : > On 28/04/16 09:53, George Dunlap wrote: > > On Thu, Apr 28, 2016 at 3:37 AM, Big Strong wrote: > >> There is a #VE exception defined in p2086 of Intel Software Development > >> Manual

[Xen-devel] no definition of virtualization exception in exception table

There is a #VE exception defined in p2086 of Intel Software Development Manual, however, no definition of exception handler is availble in Xen 4.6.

Re: [Xen-devel] vcpu state are all paused

After update dom0 kernel to 3.19, all vcpus act normal. Thanks very much. 2015-12-07 21:02 GMT+08:00 Jan Beulich : > >>> On 07.12.15 at 13:56, wrote: > > On 07/12/15 12:39, Big Strong wrote: > >> I set the xen.efi directly boot without grub2 to be able to

[Xen-devel] vcpu state are all paused

I set the xen.efi directly boot without grub2 to be able to list all the cpu cores. However, after that all the vcpus are in paused state except one for dom0. ~$ sudo xl vcpu-list > NameID VCPU CPU State Time(s) > Affinity (Hard / Soft) > Domain-0

[Xen-devel] what is in a hypercall page?

Is hypercall page a reference (api) to hypercall functions (handlers) or a standalone hypercall function collections? Can anybody tell me what is the code in the page? ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

[Xen-devel] can I read or write the physical memory of a nested xen?

I installed a nested xen (L1) on xen (L0). Is it possible to read or write the physical memory of L1 from dom0 of L0? Is the L1 directly access the physical memory or need to translate through L0? ___ Xen-devel mailing list Xen-devel@lists.xen.org http://

Re: [Xen-devel] How to recognize which guest issues the hypercall?

Thanks for your replying and sorry for the behavior. Can I get that using libxc? Because I can't access the structure directly from dom0. 2015-11-25 18:44 GMT+08:00 George Dunlap : > On Wed, Nov 25, 2015 at 7:18 AM, Big Strong wrote: > > I write a program to intercept all hyperca

[Xen-devel] How to recognize which guest issues the hypercall?

I write a program to intercept all hypercalls happend on a xen hypervisor. How can I know which domain called the hypercall? Is it possible to obtain it from the registers? ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

[Xen-devel] What kind of page mode can Xen use?

What kind of page mode can Xen use? What's the default page size of xen or how can I get it? Is hugetable used? I'm using a x64 CPU and the xen version is 4.4.2 ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

[Xen-devel] how to boot from multiple xen version?

I've installed xen4.4 on ubuntu1404 with aptitude. Recently, in order to test the Xen4.6, I manually compiled and installed Xen4.6 without remove the Xen4.4. Now the machine cannot boot normally. I mean booting stop at a sceen shows: > > > Loading Xen Xen. > WARNING: No Console will be available to

Re: [Xen-devel] how can I find hypercall page address?

nyway, trying to intercept hypercalls need firstly locate the address of hypercalls. Could you provides any hints any that? 2015-08-11 17:21 GMT+08:00 Andrew Cooper : > On 11/08/15 03:44, big strong wrote: > > My goal is to intercept hyprcalls to detect malicious calls. So I need > first

Re: [Xen-devel] how can I find hypercall page address?

-08-10 23:04 GMT+08:00 Dario Faggioli : > On Sat, 2015-08-08 at 08:02 +0800, big strong wrote: > > I think I've stated clearly what I want to do. > > > Well... > > > > |I want to locate the hypercall page address when creating a new domU, > > so as to locate

Re: [Xen-devel] how can I find hypercall page address?

I think I've stated clearly what I want to do. |I want to locate the hypercall page address when creating a new domU, so as to locate hypercalls. Is it possible? 2015-08-07 21:06 GMT+08:00 Andrew Cooper : > On 07/08/15 02:52, big strong wrote: > > Or how can I get the address of

Re: [Xen-devel] how can I find hypercall page address?

Or how can I get the address of hypercall page belonging to a running domU? 2015-08-07 9:45 GMT+08:00 big strong : > I want to locate the hypercall page address when creating a new domU, so > as to locate hypercalls. Is it possible? > > 2015-08-06 17:49 GMT+08:00 Andrew Cooper : >

Re: [Xen-devel] how can I find hypercall page address?

I want to locate the hypercall page address when creating a new domU, so as to locate hypercalls. Is it possible? 2015-08-06 17:49 GMT+08:00 Andrew Cooper : > On 06/08/15 10:46, big strong wrote: > > The old version of Xen contains information about hypercall page like: >

[Xen-devel] how can I find hypercall page address?

The old version of Xen contains information about hypercall page like: xl dmesg .. (XEN) HVM10: Allocated Xen hypercall page at 169ff000 ... But the new edition seems to miss this information. How can I get the similar information then? ___ Xen-

Re: [Xen-devel] how to locate the hypercall address in memory?

calls table? And which file > > > contains the offset of each hypercall? > > > > Did you at least _try_ to find the answer yourself, e.g. by > > grep-ing the hypervisor source for some obvious strings? > > big strong, > > I would recommend that you

Re: [Xen-devel] how to locate the hypercall address in memory?

I've read the hypercall related code, such as entry.S hypervisor.h ,etc. But the problem is that hypercall functions are implemented in different files while linux package syscalls into glibc and windows ntoskrnl. There is a hypercall table defined in entry.S. But I havn't found any offsets related

Re: [Xen-devel] how to locate the hypercall address in memory?

All right, what is the base address of hypercalls table? And which file contains the offset of each hypercall? 2015-07-14 20:36 GMT+08:00 Jan Beulich : > >>> On 14.07.15 at 13:59, wrote: > > could you explain that in detail? As syscall tracing, we usually locate > the > > kernel module first, th

Re: [Xen-devel] how to locate the hypercall address in memory?

could you explain that in detail? As syscall tracing, we usually locate the kernel module first, then find the address of specific syscall function in that module with the help of symbol files. How could this be applied to hypercalls then? 2015-07-14 19:56 GMT+08:00 Jan Beulich : > >>> On 14.07.1

[Xen-devel] how to locate the hypercall address in memory?

As syscalls can be located with the help of symbol files, is it possible to do it to hypercalls too? ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel