Or should I modify the linux kernel to add support for handling #VE
exception?
2016-09-02 16:35 GMT+08:00 Big Strong <fangtu...@gmail.com>:
> Sorry for that. Could you give any suggestions on how to register the IRQ
> handler for #VE?
>
> 2016-09-02 15:52 GMT+08:00 Jan Beulich
Sorry for that. Could you give any suggestions on how to register the IRQ
handler for #VE?
2016-09-02 15:52 GMT+08:00 Jan Beulich :
> >>> On 02.09.16 at 04:59, wrote:
> > I'm recently trying to utilize the virtualization exception (#VE)
> feature.
> > As
Hello.
I'm recently trying to utilize the virtualization exception (#VE) feature.
As the document says, #VE is handled by guest interrupt handler. The IRQ
number of #VE is 20. However, when I tried to register an IRQ handler for
#VE, it returns errno -22, which means invalid arguments.
To handle this system reserved exception, should I modify the linux kernel
instead of using loadable kernel module? Is there any suggestions?
2016-06-01 11:08 GMT+08:00 Big Strong <fangtu...@gmail.com>:
> Virtualization exception is a fault exception caused by specific type of
> EP
Virtualization exception is a fault exception caused by specific type of
EPT violations. The vector is 20, which is not defined in linux kernel
(traps.h), also no exception handling function is defined (traps.c). So is
there any way to implement it as a LKM? As it is needed to
set
Should the VMFUNC and #VE must run in kernel mode? I.E. as a linux kernel
module or windows driver? if it is, how to invoke hypercall from the domU
kernel, by ioctl(fd, IOCTL_PRIVCMD_HYPERCALL, hypercall) or directly issue
0x82 interrupt?
2016-05-17 20:05 GMT+08:00 Big Strong <fangtu...@gmail.
Thanks very much, it turns out to be the problem of modules.conf. I turn
the xen module off for mistake, I'm very sorry for the time you spend.
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
space functions of libxc. Is there a libxc function to translate the
virtual address of malloc() to physical address?
2016-05-16 23:05 GMT+08:00 Big Strong <fangtu...@gmail.com>:
> To solve that, I install xen and tools in the guest, so as to access its
> domain id and vcpu info
I should add the xsm=policy option to the end of the xen.cfg instead of as
an option. Sorry for the fault.
However, another problem is that when I modified the policy and reload it
using '*xl loadpolicy*', the policy seemed not working.
The policy I add is *'allow domU_t security_t:security
c;h=7492030a131a4212d9ca8e700621b2c8836867a9;hb=4f6aea066fe2cf3bf4929d6dac1e558071566f73#l5238>.
The DOMID_SELF is always 32752 (0x7FF0), while a.domain is the domid of the
guest, which induce the checking failed and exit. Any helps?
2016-05-16 17:06 GMT+08:00 Big Strong <fangtu...@gmail.com&
d.w...@oracle.com>:
> On Mon, May 16, 2016 at 10:43:49AM +0100, Andrew Cooper wrote:
> > On 16/05/16 09:54, Big Strong wrote:
> > > Problem solved by booting xen with grub instead of efi. The deep
> > > reason is unknown.
> >
> > Ah - that is very useful
0621b2c8836867a9;hb=4f6aea066fe2cf3bf4929d6dac1e558071566f73#l5164>.
While in dom0, this is not a problem. But dom0 is unable to
call HVMOP_altp2m_vcpu_enable_notify for the guest. How can I solve this
contradiction?
2016-05-12 23:17 GMT+08:00 Wei Liu <wei.l...@citrix.com>:
> On Thu, May 12, 2016 at 09:00:12PM +0800,
Problem solved by booting xen with grub instead of efi. The deep reason is
unknown.
2016-05-16 11:08 GMT+08:00 Big Strong <fangtu...@gmail.com>:
> As you suggested, I used xen 4.7.0-rc2 to test it again and the problem
> still exists.
>
> $ sudo xl create xen-config/win7
>
m/local/domain/1
> [20160516T02:49:11.602Z] A4 w event /local/domain/1/console
> dom1
> [20160516T02:49:11.603Z] A12 rm/libxl/1
> [20160516T02:49:11.603Z] A12 rm /local/domain/1/hvmloader
> [20160516T02:49:11.992Z] D1 endconn
>
Hi,
I've configured xen 4.6.0 with xsm enabled and use the default flask policy
to boot the dom0.
However, when I tried to create a domU, it will fail for following reasons:
>
> (XEN) avc: denied { send } for domid=0 scontext=system_u:system_r:dom0_t
> tcontext=system_u:system_r:dom0_t
-12 0:26 GMT+08:00 Sahita, Ravi <ravi.sah...@intel.com>:
> Hi Fangtuo,
>
>
>
> #VE can be setup to be delivered to any dom that is a HVM.
>
>
>
> Ravi
>
>
>
> *From:* Big Strong [mailto:fangtu...@gmail.com]
> *Sent:* Wednesday, May 11, 2016 8:38 AM
&
Is that a bug or does #ve info page can only exist on dom0? If this is
true, why would there be a is_hvm_domain check which will stop the
execution of xc_altp2m_vcpu_enable_notify?
2016-05-11 15:56 GMT+08:00 Big Strong <fangtu...@gmail.com>:
> From what I analyzed, can I draw a co
>From what I analyzed, can I draw a concolusion that the current
implementation of do_altp2m_op means #ve info page can only be set on dom0
memory and the dom0 must be a hvm? This seems like ridiculous as dom0 is a
special pv guest.
2016-05-11 11:37 GMT+08:00 Big Strong <fangtu...@gma
Further debugging shows that the domain is changed to domain 0 during the
check of whether the cmd of do_altp2m_op
is HVMOP_altp2m_vcpu_enable_notify, located at here
>
> I think you need to add more printk to find out.
>
> Wei.
>
Thanks for the suggestion, after adding printk to all the routines
of xc_altp2m_set_vcpu_enable_notify, it turns out that the problem is
because the check of is_hvm_domain()
>
> You need to have appropriate log level set.
>
> Try adding loglvl=all guest_loglvl=all to your xen command line and
> reboot.
>
> Wei.
>
I've enabled all the log level just as you said, but no outputs happen at
HVMOP_altp2m_vcpu_enable_notify section of do_altp2m_op function, so does
that
>
> You should put in some extra gdprintk's into the altp2m path of Xen to see
> how far it gets when you try to enable VE. That would enable us to pinpoint
> where it gets stuck exactly.
>
> Tamas
>
I've added gdprintk into HVMOP_altp2m_vcpu_enable_notify section of
do_altp2m_op function, but no
>
> libxc functions always return -1 when it fails. You need the specific
> errno to know what went wrong.
Yeah, I know it means a failure. Actually, I noticed that there is a
comment at the source code of xen
>
> A bit more information on this. There is a on-going discussion on the
> errno topic on xen-devel. The safe bet is that if you use errno in the
> os it is probably in the os name space. If you get errno from hypercall
> struct it should be in xen's name space.
>
> Wei.
>
I don't know what is
I want to test if my processor support VMFUNC which is described as:
>
>
> The IA32_VMX_VMFUNC MSR exists only on processors that support the
> 1-setting of the “activate secondary controls” VM-execution control (only if*
> bit 63 of the IA32_VMX_PROCBASED_CTLS MSR is 1*) and the 1-setting of the
>
> Check the errno please, thats' where the information is stored.
I looked up in the source code of xen 4.6, and find that errno 4 indicates
"Interrupted system call
I've successfully add a new physical page to guest and trying to use it as
the virtualization exception (#VE) infomation page. However, the function:
xc_altp2m_set_vcpu_enable_notify(xci, domid, vcpuid, gfn)
failed for unknown reason (return -1). The only related info I can get is
by `dmesg`:
On Thu, Apr 28, 2016 at 8:36 AM, Big Strong <fangtu...@gmail.com> wrote:
>
>> I want to set up an EPT page so as to trigger the #VE for testing
>> purpose. However, some problems are met.
>>
>> As the Intel Manual said, there are many conditions to trigger a #VE:
I want to set up an EPT page so as to trigger the #VE for testing purpose.
However, some problems are met.
As the Intel Manual said, there are many conditions to trigger a #VE:
a) If an access to a guest-physical address causes an EPT violation, bit
63 (0) of exactly one of the EPT
Got it. Thanks for the replying.
2016-04-28 17:03 GMT+08:00 Andrew Cooper <andrew.coop...@citrix.com>:
> On 28/04/16 09:53, George Dunlap wrote:
> > On Thu, Apr 28, 2016 at 3:37 AM, Big Strong <fangtu...@gmail.com> wrote:
> >> There is a #VE exception defi
There is a #VE exception defined in p2086 of Intel Software Development
Manual, however, no definition of exception handler is availble in Xen 4.6.
After update dom0 kernel to 3.19, all vcpus act normal. Thanks very much.
2015-12-07 21:02 GMT+08:00 Jan Beulich <jbeul...@suse.com>:
> >>> On 07.12.15 at 13:56, <andrew.coop...@citrix.com> wrote:
> > On 07/12/15 12:39, Big Strong wrote:
> >> I set
I set the xen.efi directly boot without grub2 to be able to list all the
cpu cores.
However, after that all the vcpus are in paused state except one for dom0.
~$ sudo xl vcpu-list
> NameID VCPU CPU State Time(s)
> Affinity (Hard / Soft)
> Domain-0
Is hypercall page a reference (api) to hypercall functions (handlers) or a
standalone hypercall function collections? Can anybody tell me what is the
code in the page?
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
I installed a nested xen (L1) on xen (L0). Is it possible to read or write
the physical memory of L1 from dom0 of L0? Is the L1 directly access the
physical memory or need to translate through L0?
___
Xen-devel mailing list
Xen-devel@lists.xen.org
Thanks for your replying and sorry for the behavior. Can I get that using
libxc? Because I can't access the structure directly from dom0.
2015-11-25 18:44 GMT+08:00 George Dunlap <dunl...@umich.edu>:
> On Wed, Nov 25, 2015 at 7:18 AM, Big Strong <fangtu...@gmail.com> wrote:
> &
I write a program to intercept all hypercalls happend on a xen hypervisor.
How can I know which domain called the hypercall? Is it possible to obtain
it from the registers?
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
What kind of page mode can Xen use? What's the default page size of xen or
how can I get it? Is hugetable used? I'm using a x64 CPU and the xen
version is 4.4.2
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
I've installed xen4.4 on ubuntu1404 with aptitude. Recently, in order to
test the Xen4.6, I manually compiled and installed Xen4.6 without remove
the Xen4.4. Now the machine cannot boot normally. I mean booting stop at a
sceen shows:
>
>
> Loading Xen Xen.
> WARNING: No Console will be available
,
trying to intercept hypercalls need firstly locate the address of
hypercalls. Could you provides any hints any that?
2015-08-11 17:21 GMT+08:00 Andrew Cooper andrew.coop...@citrix.com:
On 11/08/15 03:44, big strong wrote:
My goal is to intercept hyprcalls to detect malicious calls. So I need
-08-10 23:04 GMT+08:00 Dario Faggioli dario.faggi...@citrix.com:
On Sat, 2015-08-08 at 08:02 +0800, big strong wrote:
I think I've stated clearly what I want to do.
Well...
|I want to locate the hypercall page address when creating a new domU,
so as to locate hypercalls.
Ok. What
I think I've stated clearly what I want to do.
|I want to locate the hypercall page address when creating a new domU, so
as to locate hypercalls. Is it possible?
2015-08-07 21:06 GMT+08:00 Andrew Cooper andrew.coop...@citrix.com:
On 07/08/15 02:52, big strong wrote:
Or how can I get
Or how can I get the address of hypercall page belonging to a running domU?
2015-08-07 9:45 GMT+08:00 big strong fangtu...@gmail.com:
I want to locate the hypercall page address when creating a new domU, so
as to locate hypercalls. Is it possible?
2015-08-06 17:49 GMT+08:00 Andrew Cooper
As syscalls can be located with the help of symbol files, is it possible to
do it to hypercalls too?
___
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
could you explain that in detail? As syscall tracing, we usually locate the
kernel module first, then find the address of specific syscall function in
that module with the help of symbol files. How could this be applied to
hypercalls then?
2015-07-14 19:56 GMT+08:00 Jan Beulich jbeul...@suse.com:
All right, what is the base address of hypercalls table? And which file
contains the offset of each hypercall?
2015-07-14 20:36 GMT+08:00 Jan Beulich jbeul...@suse.com:
On 14.07.15 at 13:59, fangtu...@gmail.com wrote:
could you explain that in detail? As syscall tracing, we usually locate
I've read the hypercall related code, such as entry.S hypervisor.h ,etc.
But the problem is that hypercall functions are implemented in different
files while linux package syscalls into glibc and windows ntoskrnl. There
is a hypercall table defined in entry.S. But I havn't found any offsets
of hypercalls table? And which file
contains the offset of each hypercall?
Did you at least _try_ to find the answer yourself, e.g. by
grep-ing the hypervisor source for some obvious strings?
big strong,
I would recommend that you read
http://wiki.xen.org/wiki/Asking_Xen_Devel_Questions
Ian
48 matches
Mail list logo