NOVA : Intel IO ports and Guest Unrestricted mode.

avinash singh avi2003itbhu at ...9...
Fri Nov 8 08:00:10 CET 2013

Hi Udo,

Thanks for your response.

Please find my response below under your reply starting with Avinash.

On Fri, Nov 8, 2013 at 3:11 AM, Udo Steinberg <udo at ...121...> wrote:
> On Thu, 7 Nov 2013 20:35:18 +0530 avinash singh (AS) wrote:
> Hi Avinash,
> AS> I want to discuss two problem.
> AS>
> AS> Problem -1:
> AS> This test program runs (guest mode code) cpuid instruction but
> AS> instruction never runs in guest mode. I see that for outb instruction
> AS> gives IO portal invoked again and again. First, I
> AS> delegate IO ports from Kernel in root pd. My vcpu execution context
> AS> is created in root pd. I believe that IO ports should be accessible
> AS> from guest mode after delegating IO ports from kernel to guest.
> AS> Secondly, same code for AMD runs if I set proper AMD vcpu registers in
> AS> startup handler.
> NOVA distinguishes between I/O ports being accessible in host mode or
> mode. If you delegate an I/O CRD into a PD, the ports will be accessible
> host mode only, unless you also set the G-bit in the typed item. Only if
> set the G-bit during the delegation will the I/O ports be directly
> accessible in guest mode without causing a VM exit. See spec.

Avinash: ->>
 I do understand that without setting G bit in typed item resource wont be
available for guest to access.

In My code, I am launching vcPU in protected mode with paging disabled with
'nonpt' command line option.
I guest IO_ACCESS_PORTAL invoked  for outb instruction as expected. In vcpu
IO access portal handler, I delegate IO ports to guest. Please see below
code in file line number:293

270 static void
271 vcpu_ioaccess_handler(void)
272 {
273     Utcb *utcb = reinterpret_cast<Utcb *>(ECHO_THREAD_UTCB);
275     out()->text("IOACCES invoked  \n");
277     out()->text("IP ");
278     out()->hex(utcb->ip);
279     out()->text("\n");
281     out()->text("dx ");
282     out()->hex(utcb->dx);
283     out()->text("\n");
285     static mword_t prev_dx = ~0;
286     if (prev_dx == utcb->dx) {
287         out()->text("IOACCESS: Duplicate Request...\n");
288         HALT();
289     }
290     prev_dx = utcb->dx;
292     utcb->set_msg_word(0);
293    * if (! utcb->append_item(Io_crd(0, 16), 0, true, true)) {*
294     }
296     reply(reinterpret_cast<void *>(event_ec_stack_top()));
297 }

However, I also modified my test program to delegate IO ports upfront
before launching vcpu.  But I still get vcpu_ioaccess_handler invoked.
Please see below,

  enum {  ORDER_64k  = 16,
341                 MAP_FROM_KERNEL = 1,
342                 HOTSPOT = 0,
343         };
344     utcb_echo->crd_rcv = Io_crd(0, ORDER_64k);
345         utcb_main->set_msg_word(0);
347         bool success = utcb_main->append_item(Io_crd(0, ORDER_64k),
348         if(!success)
349                 *(unsigned long *) (~0UL  -6) = 0;

I am not sure what is wrong here. Because same logic works for AMD process.
Please could you just see if something is I am doing wrong there.
Goal is to run cpuid ad oubt instruction in guest mode with paging disabled
and protected mode bit on.

> AS> Problem -2
> AS> As Intel process supports unrestricted guest mode; Advantage of that,
> AS> I can run real mode instruction in vCPU context with paging disable
> AS> without doing any instruction interpretations.
> AS>
> AS> I set Unrestricted guest mode control bit in VMCS control registers,
> AS> though intel vCPU never runs guest in unrestricted mode. But When I
> AS> experiments this with KVM it works.
> A user-level VMM should never have to deal with the unrestricted guest
> control bit. In fact, that bit is under the control of the hypervisor and
> will be forced to 0 or 1, depending on HW support, irrespective of what
> user-level VMM wants.

Avinash>> You are right this feature depends on processor .

> AS> My question is, does NOVA kernel supports to run intel cpu in
> AS> unrestricted guest mode? or is there any trick to do that so. Please
> AS> help me if I am missing something.
> NOVA automatically enables unrestricted guest if the CPU supports it. The
> feature is supported on processors based on the Westmere or newer
> microarchitectures. Unrestricted guest will be disabled, if the user
> vTLB using the command line.

Avinash>>  I was trying to run same test program with paging disabled and
in real mode on Core i7 processor in qemu-kvm environment.
does this combination works in running guest in unrestricted mode on top of

> AS> Any help regarding these two issues would be very helpful.
> Can you enable TRACE_VMX in include/stdio.h (move it out of the #ifdef)
> post the output of the microhypervisor, in particular the line that talks
> about VMCS, EPT, URG, VPID, etc.?

Avinash>> I will be sending trac_VMX ouput below,

NOVA Microhypervisor v6-d5b54fa (x86_32): Nov  7 2013 22:59:09 [gcc 4.7.3]

[ 0] Warning IA32_FEATURE_CONTROL not set which ok only with qemu/kvm.
[ 0] VMCS:0x017ef000 REV:0x11e57ed0 EPT:0 URG:0 VNMI:1 VPID:0
[ 0] CORE:0:0:0 6:f:b:0 [1] Intel(R) Core(TM)2 Duo CPU     T7700  @ 2.40GHz
 Hello world
All Portal created!
runcpuid addr 0x02001000
eip is initialized
cs 0x02000000
npt fault handler ..
 host_adddr 0x01001000
got cpuid intercept!
IOACCES invoked
IP 0x00001007
dx 0x000003f8
IOACCES invoked
IP 0x00001007
dx 0x000003f8
IOACCESS: Duplicate Request...
[ 0] Killed EC:0xc0010300 SC:0xc0011180 V:0xd CS:0x1b EIP:0x1001717 CR2:0x0
ERR:0x0 (PT not found)
[ 0] Killed EC:0xc0010400 SC:0xc0011180 V:0x1e CR0:0x10021 CR3:0x0 CR4:0x0
(IPC Abort)

> Cheers,
> Udo

Avinash Singh
Gurgaon, Mob: 7838884449
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list