setup failed when enabling remote network control #5
Comments
|
Hi thanks for your interest in ramooflax.
You can run "tools/ktrace.py" in a terminal and paste the stack trace on
stdin. Giving the vmm.bin, you will get back symbols to inspect in the code.
Do you have special interest into using the IOMMU ? It seems the error is
related to an IO page fault. Try running ramooflax by disabling the IOMMU
support. I think you can also do it in the VMWare VM config (disable IOMMU
in guest).
When using network controller, ramooflax does its best to hide it to the
guest. But windows is smart and may have several way to enable it. Use
regedit in the guest to disable net controller driver loading at boot.
I usually set up two net controller in the Guest, one for ramooflax and one
for the guest.
If you still have trouble and have no confidentiality issue, you can
provide me with your ramooflax configuration and VM so that i can reproduce
the problem locally and investigate.
It may take some time, my country (France) is in trouble so my company is
(Airbus) :(
Regards,
stephane
Le dim. 29 mars 2020 à 12:06, yuanbaopapa <[email protected]> a
écrit :
… I installed ramooflax inside a win7 x64 guest of vmware 15 .I can boot
into windows successully,but after I enabled network remote controlling,the
boot sucked. here is the message dumped from uart:
pci match b2 d1 f0 r0 = 0x100f8086
e1k CMD/STS 0x117 0x230 | CMD io 1 mm 1 dma 1
e1k BAR 0xfd5c0000
e1k irq line 10
read RAH/RAL for mac: 0x80004ba1 0xf6290c00
MAC 0:c:29:f6:a1:4b
mbi getopt "ip" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1
netmask=255.255.255.0 s3=1
mbi getopt "netmask" on /vmm.bin pool=5000 ip=192.168.0.30
gateway=192.168.0.1 netmask=255.255.255.0 s3=1
mbi getopt "gateway" on /vmm.bin pool=5000 ip=192.168.0.30
gateway=192.168.0.1 netmask=255.255.255.0 s3=1
ip addr 192.168.0.30
netmask 255.255.255.0
gateway 192.168.0.1
-
acpi init
acpi rsdp 0xf6a00
acpi xsdt 0xbfee022c (8 entries)
acpi pm1a control port 0x1004
mbi getopt "s3" on /vmm.bin pool=5000 ip=192.168.0.30
gateway=192.168.0.1 netmask=255.255.255.0 s3=1
-
gdbstub init
mbi getopt "gdb_rate" on /vmm.bin pool=5000 ip=192.168.0.30
gateway=192.168.0.1 netmask=255.255.255.0 s3=1
-
vmm cpu features
1GB pages support : yes
osxsave enabled : yes
max physical addr : 0x7ffffffffff
max linear addr : 0xffffffffffff
smap entry: base 0x0 | len 0x9f400 | type 1
smap entry: base 0x9f400 | len 0xc00 | type 2
smap entry: base 0xce000 | len 0x2000 | type 2
smap entry: base 0xdc000 | len 0x24000 | type 2
smap entry: base 0x100000 | len 0xbfde0000 | type 1
smap entry: base 0xbfee0000 | len 0x1f000 | type 3
smap entry: base 0xbfeff000 | len 0x1000 | type 4
smap entry: base 0xbff00000 | len 0x100000 | type 1
smap entry: base 0xf0000000 | len 0x8000000 | type 2
smap entry: base 0xfec00000 | len 0x10000 | type 2
smap entry: base 0xfee00000 | len 0x1000 | type 2
smap entry: base 0xfffe0000 | len 0x20000 | type 2
smap entry: base 0x100000000 | len 0x40000000 | type 1
vmm needs 1 pdp 0 pd 0 pt
vm needs 1 pdp 5 pd 2 pt
mbi getopt "pool" on /vmm.bin pool=5000 ip=192.168.0.30
gateway=192.168.0.1 netmask=255.255.255.0 s3=1
increasing pool sz by 5000*PAGE_SIZE
e1k mem size 66048
rdesc 0xbe04f000, tdesc 0xbe057100
rxbuff 0xbe04f100, txbuff 0xbe057200
set rdesc0 0xbe04f000 buffer addr = 0xbe04f100
set rdesc1 0xbe04f010 buffer addr = 0xbe04f900
set rdesc2 0xbe04f020 buffer addr = 0xbe050100
set rdesc3 0xbe04f030 buffer addr = 0xbe050900
set rdesc4 0xbe04f040 buffer addr = 0xbe051100
set rdesc5 0xbe04f050 buffer addr = 0xbe051900
set rdesc6 0xbe04f060 buffer addr = 0xbe052100
set rdesc7 0xbe04f070 buffer addr = 0xbe052900
set rdesc8 0xbe04f080 buffer addr = 0xbe053100
set rdesc9 0xbe04f090 bu= 0xbe055100
set rdesc13 0xbe04f0d0 buffer addr = 0xbe055900
set rdesc14 0xbe04f0e0 buffer addr = 0xbe056100
set rdesc15 0xbe04f0f0 buffer addr = 0xbe056900
read RDBAH/RDBAL = 0x0 0x0
read RDBAH/RDBAL = 0x0 0xbe04f000
read RDL/RDH/RDT = 0x0 0x0 0x0
read RDL/RDH/RDT = 0x100 0x0 0xf
set tdesc0 0xbe057100 buffer addr = 0xbe057200
set tdesc1 0xbe057110 buffer addr = 0xbe057a00
set tdesc2 0xbe057120 buffer addr = 0xbe058200
set tdesc3 0xbe057130 buffer addr = 0xbe058a00
set tdesc4 0xbe057140 buffer addr = 0xbe059200
set tdesc5 0xbe057150 buffer addr = 0xbe059a00
set tdesc6 0xbe057160 buffer addr = 0xbe05a200
set tdesc7 0xbe057170 buffer addr = 0xbe05aa00
set tdesc8 0xbe057180 buffer addr = 0xbe05b200
set tdesc9 0xbe057190 buffer addr = 0xbe05ba00
set tdesc10 0xbe0571a0 buffer addr = 0xbe05c200
set tdesc11 0xbe0571b0 buffer addr = 0xbe05ca00
set tdesc12 0xbe0571c0 buffer addr = 0xbe05d200
set tdesc13 0xbe0571d0 buffer addr = 0xbe05da00
set tdesc14 0xbe0571e0 buffer addr = 0xbe05e200
set tdesc15 0xbe0571f0 buffer addr = 0xbe05ea00
read TDBAH/TDBAL = 0x0 0x0
read TDBAH/TDBAL = 0x0 0xbe057100
read TDL/TDH/TDT = 0x0 0x0 0x0
read TDL/TDH/TDT = 0x100 0x0 0x0
enable receive control
--> get TX pktbuf [TDT 0]
snd ARP who_has 192.168.0.1 say 192.168.0.30
e1k CMD/STS 0x117 0x230
e1k CMD io 1 mm 1 dma 1
e1k pci bar L: io 0 type 2 raw 0xfd5c0004
e1k pci bar H: raw 0x0
--> [TDT 0] len 42
sending packet ...
packet sent
-
vmm physical memory map
area start : 0xbcc99000
area end : 0xbfee0000
area size : 52719616 B (51484 KB)
vmm stack : 0xbcc9b000
vmm pg dsc : 0xbe0d807c (1310720 pages)
vmm pool : 0xbcc9b000 (20032 KB)
vmm elf : 0xbe062298 - 0xbe0ba9f8 (362336 B)
gdt : 0xbe05f200
idt : 0xbe05f228
pml4 : 0xbe02f000
vm vmc : 0xbe032000
-
iommu init
acpi dmar 0xbfee02d4
dmar drhd @ 0xbfee0304 reg @ 0xfec10000
protect DRHD mmio space [0xfec10000 - 0xfec11000]
dmar drhd capabilities: 0xff0080f02a0462
nd 2 afl 0 rwbf 0 plmr 1 phmr 1 cm 0
sagaw 4 mgaw 42 zlr 0 fro 0xf0 sllps 0 psi 1
nfr 0 mamv 63 dwd 1 drd 1 fl1gp 0 pi 0
dmar drhd extended capabilities: 0xf0f15f
c 1 qi 1 dt 1 ir 1 eim 1 pt 1 sc 0 iro 0xf1
mhmv 15 ecs 0 mts 0 nest 0 dis 0 prs 0 ers 0
srs 0 nwfs 0 eafs 0 pss 0 pasid 0 dit 0 pds 0
dmar drhd contex table AGAW 2
updating drhd sts cmd register
enabled root table pointer
updating drhd sts cmd register
enabled DMA remapping engine
(!) dmar unhandled structure ATSR
protect e1000 mmio space [0xfd5c0000 - 0xfd5e0000]
---=oO0Oo=--- starting vm cpu (vmm base 0xbe062298) ---=oO0Oo=---
0x0:0:0xfff53:16:e1k_recv_pkt()
0x0:0:0xfff53:16:e1k status: fd 1 lu 1 fid 0 txoff 0 speed 2 tbi 0 asdv 3
pci66 1 bus64 0 pcix 0 pcispeed 3
0x0:0:0xfff53:16:e1k icr: txdw 1 txqe 0 lsc 0 rxseq 0 rxdmt0 1 rxo 0 rxt0
1 mdac 0 rxcfg 0 phyint 0 gpi 0:0 txdlow 0 srpd 0
0x0:0:0xfff53:16:e1k rx fifo: h 0x0 t 0x0 hs 0x0 ts 0x0 pc 0x0
0x0:0:0xfff53:16:<-- [RDT 0] len 182 eop 1
0 c 29 80 e8 b4 0 c 29 1b 39 5a 8 0 45 10 0 a8 b2 41 40 0 40 6 5 c3 c0 a8
0 7d c0 a8 0 6e 0 16 c0 c 90 b7 8b d2 2c 84 97 a0 50 18 1 f5 a9 b5 0 0 c8
d1 f9 fd 5b 90 f1 e6 19 1d 7d 36 c6 8c 3 99 b9 88 2 44 69 87 9e 4c 35 ab 47
27 af 57 c2 76 b7 92 c4 d5 e5 80 be 48 42 3a 63 9c 93 e6 51 fe 23 21 bd 66
f2 61 28 29 87 56 92 52 58 da ff c1 4f b1 a7 7e 21 94 b7 ed 7c 3b 36 9d bc
12 a5 cc 26 3 7c 43 31 ef 7e 1a 8b 5a 8b 9e 9c e3 2f da de 3a 19 54 f7 d2
48 94 ee 1d ea f7 9e 6f e5 7e ad 0 f1 a0 5 df 5b 12 ab 96 e9 93 b4 93 aa 8f
0x0:0:0xfff53:16:[deep check] RDT 15 RDH 15
0:1 1:1 2:1 3:1 4:1 5:1 6:1 7:1 8:1 9:1 10:1 11:1 12:1 13:1 14:1 15:0
0x0:0:0xfff53:16:rcv IP tcp src 192.168.0.125 dst 192.168.0.110 len 168 id
45633 off 0 mf 0 df 1
0x0:0:0xfff53:16:ctrl traps enable (0|0)
0x1:30:0xff2ea:16:dmar drhd fault status register: 0x3
pfo 1 ppf 1 afo 0 apf 0 iqe 0 ice 0 ite 0 pro 0 fri 0
0x1:30:0xff2ea:16:fault[0]: f 1 t 0 fr 5 sid 0x88 (0:11:0) fi 0xbe04f000
0x1:30:0xff2ea:16:dmar root entry 0xbcd9a001
0x1:30:0xff2ea:16:dmar ctx entry 0xbdfa5001
0x1:30:0xff2ea:16:dmar slt pml4e 0xbdfa4007
0x1:30:0xff2ea:16:dmar slt pdpe 0xbdba1007
0x1:30:0xff2ea:16:dmar slt pde 0xbd9b0007
0x1:30:0xff2ea:16:dmar slt pte 0x0
0x1:30:0xff2ea:16:dmar slt pte not present
------ VMM Stack Trace ------
vmm stack boundaries [0xbcc99000 - 0xbcc9b000] rsp 0xbcc9ae30
vmm relocation base 0xbe062298
adcb
23e80
27ede
27fe0
2f31c
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#5>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGL3FGQQPQXUCJ3HAQUBFTRJ4MTTANCNFSM4LV5GUMQ>
.
|
|
Thanks for your replay. b4a8 Besides, I also tried just turning off iommu of vmm and keeping network on,after that the vmm didn't complain about dmar_drhd_fault_check error,but stucked somewhere later and no panic error reported.The vmm seemed to wait for something or be trapped in a dead loop.I will upload my VM and configuration to a share place for you soon later. |
|
Hi,
Here is the link to a webpage to download the VM and configuration,the webpage is in chinese,so you may need to translate it using google's online webpage translation service.The link will expire in 7 days.Please see the README.md first after downloading.
https://v2.fangcloud.com/share/c30cf28711e3bf56ec961dec8b
This is a file drive in China, which claims tha it has several oversea CDN nodes for downloading.But I did not test this functionality.So If you can not download or suffer a slow download speed, please let me known and I can change to another file drive.
May you and your country safe during this difficult period.
Regards,
ybpapa
…------------------ 原始邮件 ------------------
发件人: "stephane duverger"<[email protected]>;
发送时间: 2020年3月30日(星期一) 下午4:31
收件人: "airbus-seclab/ramooflax"<[email protected]>;
抄送: "ybpapa"<[email protected]>;"Author"<[email protected]>;
主题: Re: [airbus-seclab/ramooflax] setup failed when enabling remote network control (#5)
Hi thanks for your interest in ramooflax.
You can run "tools/ktrace.py" in a terminal and paste the stack trace on
stdin. Giving the vmm.bin, you will get back symbols to inspect in the code.
Do you have special interest into using the IOMMU ? It seems the error is
related to an IO page fault. Try running ramooflax by disabling the IOMMU
support. I think you can also do it in the VMWare VM config (disable IOMMU
in guest).
When using network controller, ramooflax does its best to hide it to the
guest. But windows is smart and may have several way to enable it. Use
regedit in the guest to disable net controller driver loading at boot.
I usually set up two net controller in the Guest, one for ramooflax and one
for the guest.
If you still have trouble and have no confidentiality issue, you can
provide me with your ramooflax configuration and VM so that i can reproduce
the problem locally and investigate.
It may take some time, my country (France) is in trouble so my company is
(Airbus) :(
Regards,
stephane
Le dim. 29 mars 2020 à 12:06, yuanbaopapa <[email protected]> a
écrit :
> I installed ramooflax inside a win7 x64 guest of vmware 15 .I can boot
> into windows successully,but after I enabled network remote controlling,the
> boot sucked. here is the message dumped from uart:
>
> pci match b2 d1 f0 r0 = 0x100f8086
> e1k CMD/STS 0x117 0x230 | CMD io 1 mm 1 dma 1
> e1k BAR 0xfd5c0000
> e1k irq line 10
> read RAH/RAL for mac: 0x80004ba1 0xf6290c00
> MAC 0:c:29:f6:a1:4b
> mbi getopt "ip" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1
> netmask=255.255.255.0 s3=1
> mbi getopt "netmask" on /vmm.bin pool=5000 ip=192.168.0.30
> gateway=192.168.0.1 netmask=255.255.255.0 s3=1
> mbi getopt "gateway" on /vmm.bin pool=5000 ip=192.168.0.30
> gateway=192.168.0.1 netmask=255.255.255.0 s3=1
> ip addr 192.168.0.30
> netmask 255.255.255.0
> gateway 192.168.0.1
>
> -
>
> acpi init
> acpi rsdp 0xf6a00
> acpi xsdt 0xbfee022c (8 entries)
> acpi pm1a control port 0x1004
> mbi getopt "s3" on /vmm.bin pool=5000 ip=192.168.0.30
> gateway=192.168.0.1 netmask=255.255.255.0 s3=1
> -
>
> gdbstub init
> mbi getopt "gdb_rate" on /vmm.bin pool=5000 ip=192.168.0.30
> gateway=192.168.0.1 netmask=255.255.255.0 s3=1
> -
>
> vmm cpu features
> 1GB pages support : yes
> osxsave enabled : yes
> max physical addr : 0x7ffffffffff
> max linear addr : 0xffffffffffff
> smap entry: base 0x0 | len 0x9f400 | type 1
> smap entry: base 0x9f400 | len 0xc00 | type 2
> smap entry: base 0xce000 | len 0x2000 | type 2
> smap entry: base 0xdc000 | len 0x24000 | type 2
> smap entry: base 0x100000 | len 0xbfde0000 | type 1
> smap entry: base 0xbfee0000 | len 0x1f000 | type 3
> smap entry: base 0xbfeff000 | len 0x1000 | type 4
> smap entry: base 0xbff00000 | len 0x100000 | type 1
> smap entry: base 0xf0000000 | len 0x8000000 | type 2
> smap entry: base 0xfec00000 | len 0x10000 | type 2
> smap entry: base 0xfee00000 | len 0x1000 | type 2
> smap entry: base 0xfffe0000 | len 0x20000 | type 2
> smap entry: base 0x100000000 | len 0x40000000 | type 1
> vmm needs 1 pdp 0 pd 0 pt
> vm needs 1 pdp 5 pd 2 pt
> mbi getopt "pool" on /vmm.bin pool=5000 ip=192.168.0.30
> gateway=192.168.0.1 netmask=255.255.255.0 s3=1
> increasing pool sz by 5000*PAGE_SIZE
> e1k mem size 66048
> rdesc 0xbe04f000, tdesc 0xbe057100
> rxbuff 0xbe04f100, txbuff 0xbe057200
> set rdesc0 0xbe04f000 buffer addr = 0xbe04f100
> set rdesc1 0xbe04f010 buffer addr = 0xbe04f900
> set rdesc2 0xbe04f020 buffer addr = 0xbe050100
> set rdesc3 0xbe04f030 buffer addr = 0xbe050900
> set rdesc4 0xbe04f040 buffer addr = 0xbe051100
> set rdesc5 0xbe04f050 buffer addr = 0xbe051900
> set rdesc6 0xbe04f060 buffer addr = 0xbe052100
> set rdesc7 0xbe04f070 buffer addr = 0xbe052900
> set rdesc8 0xbe04f080 buffer addr = 0xbe053100
> set rdesc9 0xbe04f090 bu= 0xbe055100
> set rdesc13 0xbe04f0d0 buffer addr = 0xbe055900
> set rdesc14 0xbe04f0e0 buffer addr = 0xbe056100
> set rdesc15 0xbe04f0f0 buffer addr = 0xbe056900
> read RDBAH/RDBAL = 0x0 0x0
> read RDBAH/RDBAL = 0x0 0xbe04f000
> read RDL/RDH/RDT = 0x0 0x0 0x0
> read RDL/RDH/RDT = 0x100 0x0 0xf
> set tdesc0 0xbe057100 buffer addr = 0xbe057200
> set tdesc1 0xbe057110 buffer addr = 0xbe057a00
> set tdesc2 0xbe057120 buffer addr = 0xbe058200
> set tdesc3 0xbe057130 buffer addr = 0xbe058a00
> set tdesc4 0xbe057140 buffer addr = 0xbe059200
> set tdesc5 0xbe057150 buffer addr = 0xbe059a00
> set tdesc6 0xbe057160 buffer addr = 0xbe05a200
> set tdesc7 0xbe057170 buffer addr = 0xbe05aa00
> set tdesc8 0xbe057180 buffer addr = 0xbe05b200
> set tdesc9 0xbe057190 buffer addr = 0xbe05ba00
> set tdesc10 0xbe0571a0 buffer addr = 0xbe05c200
> set tdesc11 0xbe0571b0 buffer addr = 0xbe05ca00
> set tdesc12 0xbe0571c0 buffer addr = 0xbe05d200
> set tdesc13 0xbe0571d0 buffer addr = 0xbe05da00
> set tdesc14 0xbe0571e0 buffer addr = 0xbe05e200
> set tdesc15 0xbe0571f0 buffer addr = 0xbe05ea00
> read TDBAH/TDBAL = 0x0 0x0
> read TDBAH/TDBAL = 0x0 0xbe057100
> read TDL/TDH/TDT = 0x0 0x0 0x0
> read TDL/TDH/TDT = 0x100 0x0 0x0
> enable receive control
> --> get TX pktbuf [TDT 0]
> snd ARP who_has 192.168.0.1 say 192.168.0.30
> e1k CMD/STS 0x117 0x230
> e1k CMD io 1 mm 1 dma 1
> e1k pci bar L: io 0 type 2 raw 0xfd5c0004
> e1k pci bar H: raw 0x0
> --> [TDT 0] len 42
> sending packet ...
> packet sent
> -
>
> vmm physical memory map
> area start : 0xbcc99000
> area end : 0xbfee0000
> area size : 52719616 B (51484 KB)
> vmm stack : 0xbcc9b000
> vmm pg dsc : 0xbe0d807c (1310720 pages)
> vmm pool : 0xbcc9b000 (20032 KB)
> vmm elf : 0xbe062298 - 0xbe0ba9f8 (362336 B)
> gdt : 0xbe05f200
> idt : 0xbe05f228
> pml4 : 0xbe02f000
> vm vmc : 0xbe032000
> -
>
> iommu init
> acpi dmar 0xbfee02d4
> dmar drhd @ 0xbfee0304 reg @ 0xfec10000
> protect DRHD mmio space [0xfec10000 - 0xfec11000]
> dmar drhd capabilities: 0xff0080f02a0462
> nd 2 afl 0 rwbf 0 plmr 1 phmr 1 cm 0
> sagaw 4 mgaw 42 zlr 0 fro 0xf0 sllps 0 psi 1
> nfr 0 mamv 63 dwd 1 drd 1 fl1gp 0 pi 0
> dmar drhd extended capabilities: 0xf0f15f
> c 1 qi 1 dt 1 ir 1 eim 1 pt 1 sc 0 iro 0xf1
> mhmv 15 ecs 0 mts 0 nest 0 dis 0 prs 0 ers 0
> srs 0 nwfs 0 eafs 0 pss 0 pasid 0 dit 0 pds 0
> dmar drhd contex table AGAW 2
> updating drhd sts cmd register
> enabled root table pointer
> updating drhd sts cmd register
> enabled DMA remapping engine
> (!) dmar unhandled structure ATSR
> protect e1000 mmio space [0xfd5c0000 - 0xfd5e0000]
>
> ---=oO0Oo=--- starting vm cpu (vmm base 0xbe062298) ---=oO0Oo=---
>
> 0x0:0:0xfff53:16:e1k_recv_pkt()
> 0x0:0:0xfff53:16:e1k status: fd 1 lu 1 fid 0 txoff 0 speed 2 tbi 0 asdv 3
> pci66 1 bus64 0 pcix 0 pcispeed 3
> 0x0:0:0xfff53:16:e1k icr: txdw 1 txqe 0 lsc 0 rxseq 0 rxdmt0 1 rxo 0 rxt0
> 1 mdac 0 rxcfg 0 phyint 0 gpi 0:0 txdlow 0 srpd 0
> 0x0:0:0xfff53:16:e1k rx fifo: h 0x0 t 0x0 hs 0x0 ts 0x0 pc 0x0
> 0x0:0:0xfff53:16:<-- [RDT 0] len 182 eop 1
> 0 c 29 80 e8 b4 0 c 29 1b 39 5a 8 0 45 10 0 a8 b2 41 40 0 40 6 5 c3 c0 a8
> 0 7d c0 a8 0 6e 0 16 c0 c 90 b7 8b d2 2c 84 97 a0 50 18 1 f5 a9 b5 0 0 c8
> d1 f9 fd 5b 90 f1 e6 19 1d 7d 36 c6 8c 3 99 b9 88 2 44 69 87 9e 4c 35 ab 47
> 27 af 57 c2 76 b7 92 c4 d5 e5 80 be 48 42 3a 63 9c 93 e6 51 fe 23 21 bd 66
> f2 61 28 29 87 56 92 52 58 da ff c1 4f b1 a7 7e 21 94 b7 ed 7c 3b 36 9d bc
> 12 a5 cc 26 3 7c 43 31 ef 7e 1a 8b 5a 8b 9e 9c e3 2f da de 3a 19 54 f7 d2
> 48 94 ee 1d ea f7 9e 6f e5 7e ad 0 f1 a0 5 df 5b 12 ab 96 e9 93 b4 93 aa 8f
> 0x0:0:0xfff53:16:[deep check] RDT 15 RDH 15
> 0:1 1:1 2:1 3:1 4:1 5:1 6:1 7:1 8:1 9:1 10:1 11:1 12:1 13:1 14:1 15:0
> 0x0:0:0xfff53:16:rcv IP tcp src 192.168.0.125 dst 192.168.0.110 len 168 id
> 45633 off 0 mf 0 df 1
> 0x0:0:0xfff53:16:ctrl traps enable (0|0)
> 0x1:30:0xff2ea:16:dmar drhd fault status register: 0x3
> pfo 1 ppf 1 afo 0 apf 0 iqe 0 ice 0 ite 0 pro 0 fri 0
> 0x1:30:0xff2ea:16:fault[0]: f 1 t 0 fr 5 sid 0x88 (0:11:0) fi 0xbe04f000
> 0x1:30:0xff2ea:16:dmar root entry 0xbcd9a001
> 0x1:30:0xff2ea:16:dmar ctx entry 0xbdfa5001
> 0x1:30:0xff2ea:16:dmar slt pml4e 0xbdfa4007
> 0x1:30:0xff2ea:16:dmar slt pdpe 0xbdba1007
> 0x1:30:0xff2ea:16:dmar slt pde 0xbd9b0007
> 0x1:30:0xff2ea:16:dmar slt pte 0x0
> 0x1:30:0xff2ea:16:dmar slt pte not present
>
> ------ VMM Stack Trace ------
> vmm stack boundaries [0xbcc99000 - 0xbcc9b000] rsp 0xbcc9ae30
> vmm relocation base 0xbe062298
> adcb
> 23e80
> 27ede
> 27fe0
> 2f31c
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <#5>, or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAGL3FGQQPQXUCJ3HAQUBFTRJ4MTTANCNFSM4LV5GUMQ>
> .
>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
I have send you an email with a link to download the VM and configuration.Check it at your convenience. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I installed ramooflax inside a win7 x64 guest of vmware 15 .I can boot into windows successully,but after I enabled network remote controlling,the boot sucked. here is the message dumped from uart:
pci match b2 d1 f0 r0 = 0x100f8086
e1k CMD/STS 0x117 0x230 | CMD io 1 mm 1 dma 1
e1k BAR 0xfd5c0000
e1k irq line 10
read RAH/RAL for mac: 0x80004ba1 0xf6290c00
MAC 0:c:29:f6:a1:4b
mbi getopt "ip" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=0
mbi getopt "netmask" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=0
mbi getopt "gateway" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=0
ip addr 192.168.0.30
netmask 255.255.255.0
gateway 192.168.0.1
acpi init
acpi rsdp 0xf6a00
acpi xsdt 0xbfee022c (8 entries)
acpi pm1a control port 0x1004
mbi getopt "s3" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=0
gdbstub init
mbi getopt "gdb_rate" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=0
vmm cpu features
1GB pages support : yes
osxsave enabled : yes
max physical addr : 0x7ffffffffff
max linear addr : 0xffffffffffff
vmx basic info 0xd8100000000001
vmcs revision identifier : 1
vmxon, vmcs size : 4096
physical width 32 limit : 0
dual smm : 0
vmcs mem type (UC:0, WB:6) : 6
ins/outs insn info : 1
true f1 settings : 1
vmx misc data 0x401e0
preempt rate : 0
efer.lma in ia32e : 1
halt activity : 1
shut activity : 1
sipi activity : 1
cr3 target : 4
msr max nr in list : 512
smm mon : 0
mseg rev : 0
vmx fixed pin based ctrls (fixed_1 0x16, allow_1 0x3f)
(0,1) - vmexit on ext-int
(0,1) - vmexit on nmi
(0,1) - vnmi ctl
(0,0) - enable preempt timer
vmx fixed proc1 based features (fixed_1 0x4006172, allow_1 0xfff9fffe)
(0,1) - interrupt window exiting
(0,1) - rdtsc offset
(0,1) - hlt
(0,1) - invlpg
(0,1) - mwait
(0,1) - rdpmc
(0,1) - rdtsc
(0,1) - wr cr3
(0,1) - rd cr3
(0,1) - wr cr8
(0,1) - rd cr8
(0,1) - TPR shadow
(0,1) - nmi window
(0,1) - mov dr
(0,1) - unconditional IO
(0,1) - use IO bitmaps
(0,1) - monitor trap flag
(0,1) - use MSR bitmaps
(0,1) - monitor
(0,1) - pause
(0,1) - proc2
vmx fixed entry ctrls (fixed_1 0x11fb, allow_1 0x1f3ff)
(0,1) - load debugctl
(0,1) - ia32e mode
(0,0) - smm mode
(0,0) - smm smi treatment
(0,1) - load ia32 perf
(0,1) - load ia32 pat
(0,1) - load ia32 efer
vmx fixed exit ctrls (fixed_1 0x36dfb, allow_1 0xbfffff)
(0,1) - save debugctl
(0,1) - host lmode
(0,1) - load ia32e perf
(0,1) - ack interrupt
(0,1) - save ia32 pat
(0,1) - load ia32 pat
(0,1) - save ia32 efer
(0,1) - load ia32 efer
(0,0) - save preempt timer
vmx fixed proc2 based features (fixed_1 0x0, allow_1 0x153cfe)
(0,0) - virtualize apic accesses
(0,1) - enable EPT
(0,1) - descriptor table exiting
(0,1) - rdtscp raises #UD
(0,1) - virtualize x2apic mode
(0,1) - enable vpid
(0,1) - wbinvd
(0,1) - unrestricted guest
(0,0) - apic register virtualization
(0,0) - virtual interrupt delivery
(0,1) - pause loop exiting
(0,1) - rdrand
(0,1) - invpcid raises #UD
(0,1) - enable vm functions
(0,0) - vmread/write to shadow vmcs
(0,1) - EPT violation raises #VE
vmx extended page tables features 0xf0106314141
1 - allow execute only ept entry
1 - page walk length of 4
1 - allow UC for ept structs
1 - allow WB for ept structs
1 - allow ept pde to map 2MB pages
0 - allow ept pdpte to map 1GB pages
1 - invept insn supported
1 - access & dirty flag in ept entry
1 - single context invept
1 - all context invept
1 - invvpid insn supported
1 - individual invvpid
1 - single context invvpid
1 - all context invvpid
1 - single context retaining globals invvpid
vm cpu features
1GB pages support : no
2MB pages support : yes
max physical addr : 0x7ffffffffff
max linear addr : 0xffffffffffff
mtrr variable count : 8
smap entry: base 0x0 | len 0x9f400 | type 1
smap entry: base 0x9f400 | len 0xc00 | type 2
smap entry: base 0xce000 | len 0x2000 | type 2
smap entry: base 0xdc000 | len 0x24000 | type 2
smap entry: base 0x100000 | len 0xbfde0000 | type 1
smap entry: base 0xbfee0000 | len 0x1f000 | type 3
smap entry: base 0xbfeff000 | len 0x1000 | type 4
smap entry: base 0xbff00000 | len 0x100000 | type 1
smap entry: base 0xf0000000 | len 0x8000000 | type 2
smap entry: base 0xfec00000 | len 0x10000 | type 2
smap entry: base 0xfee00000 | len 0x1000 | type 2
smap entry: base 0xfffe0000 | len 0x20000 | type 2
smap entry: base 0x100000000 | len 0x40000000 | type 1
vmm needs 1 pdp 0 pd 0 pt
vm needs 1 pdp 5 pd 2 pt
mbi getopt "pool" on /vmm.bin pool=5000 ip=192.168.0.30 gateway=192.168.0.1 netmask=255.255.255.0 s3=0
increasing pool sz by 5000*PAGE_SIZE
e1k mem size 66048
rdesc 0xbe049000, tdesc 0xbe051100
rxbuff 0xbe049100, txbuff 0xbe051200
set rdesc0 0xbe049000 buffer addr = 0xbe049100
set rdesc1 0xbe049010 buffer addr = 0xbe049900
set rdesc2 0xbe049020 buffer addr = 0xbe04a100
set rdesc3 0xbe049030 buffer addr = 0xbe04a900
set rdesc4 0xbe049040 buffer addr = 0xbe04b100
set rdesc5 0xbe049050 buffer addr = 0xbe04b900
set rdesc6 0xbe049060 buffer addr = 0xbe04c100
set rdesc7 0xbe049070 buffer addr = 0xbe04c900
set rdesc8 0xbe049080 buffer addr = 0xbe04d100
set rdesc9 0xbe049090 buffer addr = 0xbe04d900
set rdesc10 0xbe0490a0 buffer addr = 0xbe04e100
set rdesc11 0xbe0490b0 buffer addr = 0xbe04e900
set rdesc12 0xbe0490c0 buffer addr = 0xbe04f100
set rdesc13 0xbe0490d0 buffer addr = 0xbe04f900
set rdesc14 0xbe0490e0 buffer addr = 0xbe050100
set rdesc15 0xbe0490f0 buffer addr = 0xbe050900
read RDBAH/RDBAL = 0x0 0x0
read RDBAH/RDBAL = 0x0 0xbe049000
read RDL/RDH/RDT = 0x0 0x0 0x0
read RDL/RDH/RDT = 0x100 0x0 0xf
set tdesc0 0xbe051100 buffer addr = 0xbe051200
set tdesc1 0xbe051110 buffer addr = 0xbe051a00
set tdesc2 0xbe051120 buffer addr = 0xbe052200
set tdesc3 0xbe051130 buffer addr = 0xbe052a00
set tdesc4 0xbe051140 buffer addr = 0xbe053200
set tdesc5 0xbe051150 buffer addr = 0xbe053a00
set tdesc6 0xbe051160 buffer addr = 0xbe054200
set tdesc7 0xbe051170 buffer addr = 0xbe054a00
set tdesc8 0xbe051180 buffer addr = 0xbe055200
set tdesc9 0xbe051190 buffer addr = 0xbe055a00
set tdesc10 0xbe0511a0 buffer addr = 0xbe056200
set tdesc11 0xbe0511b0 buffer addr = 0xbe056a00
set tdesc12 0xbe0511c0 buffer addr = 0xbe057200
set tdesc13 0xbe0511d0 buffer addr = 0xbe057a00
set tdesc14 0xbe0511e0 buffer addr = 0xbe058200
set tdesc15 0xbe0511f0 buffer addr = 0xbe058a00
read TDBAH/TDBAL = 0x0 0x0
read TDBAH/TDBAL = 0x0 0xbe051100
read TDL/TDH/TDT = 0x0 0x0 0x0
read TDL/TDH/TDT = 0x100 0x0 0x0
enable receive control
--> get TX pktbuf [TDT 0]
snd ARP who_has 192.168.0.1 say 192.168.0.30
e1k CMD/STS 0x117 0x230
e1k CMD io 1 mm 1 dma 1
e1k pci bar L: io 0 type 2 raw 0xfd5c0004
e1k pci bar H: raw 0x0
--> [TDT 0] len 42
sending packet ...
packet sent
vmm physical memory map
area start : 0xbcc93000
area end : 0xbfee0000
area size : 52744192 B (51508 KB)
vmm stack : 0xbcc95000
vmm pg dsc : 0xbe0d785c (1310720 pages)
vmm pool : 0xbcc95000 (20032 KB)
vmm elf : 0xbe05c298 - 0xbe0ba1d8 (384832 B)
gdt : 0xbe059200
idt : 0xbe059228
pml4 : 0xbe029000
vm vmc : 0xbe02c000
Map EPT mem with MTRR
mtrr #0 base 0x0 mask 0x7e000000000 type 6 [0x0 - 0x2000000000] (len 0x2000000000)
mtrr Compiling under gcc-4.6 #1 base 0xc0000000 mask 0x7ffc0000000 type 0 [0xc0000000 - 0x100000000] (len 0x40000000)
mtrr fixed 64K [0x250] = 0x606060606060606
mtrr fixed 16K [0x258] = 0x606060606060606
mtrr fixed 16K [0x259] = 0x0
mtrr fixed 4K [0x268] = 0x505050505050505
mtrr fixed 4K [0x269] = 0x505050505050505
mtrr fixed 4K [0x26a] = 0x0
mtrr fixed 4K [0x26b] = 0x0
mtrr fixed 4K [0x26c] = 0x0
mtrr fixed 4K [0x26d] = 0x0
mtrr fixed 4K [0x26e] = 0x505050505050505
mtrr fixed 4K [0x26f] = 0x505050505050505
iommu init
acpi dmar 0xbfee02d4
dmar drhd @ 0xbfee0304 reg @ 0xfec10000
protect DRHD mmio space [0xfec10000 - 0xfec11000]
dmar drhd capabilities: 0xff0080f02a0462
nd 2 afl 0 rwbf 0 plmr 1 phmr 1 cm 0
sagaw 4 mgaw 42 zlr 0 fro 0xf0 sllps 0 psi 1
nfr 0 mamv 63 dwd 1 drd 1 fl1gp 0 pi 0
dmar drhd extended capabilities: 0xf0f15f
c 1 qi 1 dt 1 ir 1 eim 1 pt 1 sc 0 iro 0xf1
mhmv 15 ecs 0 mts 0 nest 0 dis 0 prs 0 ers 0
srs 0 nwfs 0 eafs 0 pss 0 pasid 0 dit 0 pds 0
dmar drhd contex table AGAW 2
updating drhd sts cmd register
enabled root table pointer
updating drhd sts cmd register
enabled DMA remapping engine
(!) dmar unhandled structure ATSR
protect e1000 mmio space [0xfd5c0000 - 0xfd5e0000]
---=oO0Oo=--- starting vm cpu (vmm base 0xbe05c298) ---=oO0Oo=---
vmread(0x4402) = 0x0
vmread(0x6820) = 0x10206
vmread(0x6800) = 0x30
vmread(0x6802) = 0x0
vmread(0x6004) = 0x0
vmread(0x6808) = 0xf0000
vmread(0x802) = 0xf000
vmread(0x4816) = 0x809f
vmread(0x681e) = 0xf2e5
vmread(0x680a) = 0x80000
vmread(0x681c) = 0xfff2
vmread(0x4404) = 0x8000030d
vmread(0x4406) = 0x0
vmread(0x6400) = 0x0
vmread(0x4408) = 0x8000041c
0x0:0:0xff2e5:16:@ 0xff2e5: "int $0x1c"
0x0:0:0xff2e5:16:int 0x1c (ax 0x0)
0x0:0:0xff2e5:16:far call saved frame 0xf000:0xf2e7
0x0:0:0xfff53:16:far jump to 0xf000:0xff53
vmread(0x4824) = 0x0
vmread(0x6822) = 0x0
0x0:0:0xfff53:16:e1k_recv_pkt()
0x0:0:0xfff53:16:e1k status: fd 1 lu 1 fid 0 txoff 0 speed 2 tbi 0 asdv 3 pci66 1 bus64 0 pcix 0 pcispeed 3
0x0:0:0xfff53:16:e1k icr: txdw 1 txqe 0 lsc 0 rxseq 0 rxdmt0 1 rxo 0 rxt0 1 mdac 0 rxcfg 0 phyint 0 gpi 0:0 txdlow 0 srpd 0
0x0:0:0xfff53:16:e1k rx fifo: h 0x0 t 0x0 hs 0x0 ts 0x0 pc 0x0
0x0:0:0xfff53:16:<-- [RDT 0] len 182 eop 1
0 c 29 80 e8 b4 0 c 29 1b 39 5a 8 0 45 10 0 a8 d4 2c 40 0 40 6 e3 d7 c0 a8 0 7d c0 a8 0 6e 0 16 c0 15 dd 84 71 4d fd 98 95 78 50 18 1 f5 c9 a3 0 0 e6 41 de b7 e6 de c7 af 8b 78 58 3f 8a 64 db ba 9c d1 72 57 6d 88 8f c3 1b 2c 3d b6 d0 54 1e 5e 4b 49 3 a1 e5 a9 9a ef 9b 16 a6 b9 ff dc c3 f8 c6 ff 82 da 94 29 b 0 cb 6f 99 25 63 f f8 4c c6 61 64 53 e1 e4 b e7 5d e1 76 2 dc f9 6d 14 a4 91 ff 37 40 64 88 7 6 35 b4 11 4 30 d4 da 31 49 f4 a8 4b be 14 89 a5 b1 60 f 5c b3 b1 26 ca ed bc c1 1a 2b f8 98 97 bd 5d c5 52 8 7e 11
0x0:0:0xfff53:16:[deep check] RDT 15 RDH 15
0:1 1:1 2:1 3:1 4:1 5:1 6:1 7:1 8:1 9:1 10:1 11:1 12:1 13:1 14:1 15:0
0x0:0:0xfff53:16:rcv IP tcp src 192.168.0.125 dst 192.168.0.110 len 168 id 54316 off 0 mf 0 df 1
0x0:0:0xfff53:16:ctrl traps enable (0|0)
vmread(0x4826) = 0x0
vmwrite(0x802) = 0x802f000
vmwrite(0x4004) = 0x400400042000
vmwrite(0x4824) = 0x482400000000
vmwrite(0x6808) = 0xf0000
vmwrite(0x681a) = 0x0
vmwrite(0x681c) = 0xffec
vmwrite(0x681e) = 0xff53
vmwrite(0x6820) = 0x6
vmread(0x4402) = 0x1e
vmread(0x6820) = 0x6
vmread(0x6800) = 0x30
vmread(0x6802) = 0x0
vmread(0x6004) = 0x0
vmread(0x6808) = 0xf0000
vmread(0x802) = 0xf000
vmread(0x4816) = 0x809f
vmread(0x681e) = 0xf2ea
vmread(0x680a) = 0x80000
vmread(0x681c) = 0xfff2
0x1:30:0xff2ea:16:dmar drhd fault status register: 0x3
pfo 1 ppf 1 afo 0 apf 0 iqe 0 ice 0 ite 0 pro 0 fri 0
0x1:30:0xff2ea:16:fault[0]: f 1 t 0 fr 5 sid 0x88 (0:11:0) fi 0xbe049000
0x1:30:0xff2ea:16:dmar root entry 0xbcd94001
0x1:30:0xff2ea:16:dmar ctx entry 0xbdf9f001
0x1:30:0xff2ea:16:dmar slt pml4e 0xbdf9e007
0x1:30:0xff2ea:16:dmar slt pdpe 0xbdb9b007
0x1:30:0xff2ea:16:dmar slt pde 0xbd9aa007
0x1:30:0xff2ea:16:dmar slt pte 0x0
0x1:30:0xff2ea:16:dmar slt pte not present
------ VMM Stack Trace ------
vmm stack boundaries [0xbcc93000 - 0xbcc95000] rsp 0xbcc94e30
vmm relocation base 0xbe05c298
d041
26d76
2add4
2aed6
33571
:: EVIL :: dmar_drhd_fault_check() :: dmar drhd iommu fault
The text was updated successfully, but these errors were encountered: