search

wbenny / hvpp

hvpp is a lightweight Intel x64/VT-x hypervisor written in C++ focused primarily on virtualization of already running operating system
MIT License
1.12k stars 221 forks source link

bugcheck on sc stop #34

Closed mechanicalkangaroo closed 5 years ago

mechanicalkangaroo commented 5 years ago

sc start and hvppctrl.exe work but sc stop explodes. Even if I just start and immediately stop afterwards.

Seems this assert fails:

void vcpu_t::entry_host() noexcept
{
  hvpp_assert(state_ == state::running); <<<---

Any ideas?

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_SECURITY_CHECK_FAILURE (139)
A kernel component has corrupted a critical data structure.  The corruption
could potentially allow a malicious user to gain control of this machine.
Arguments:
Arg1: 0000000000000004, The thread's stack pointer was outside the legal stack
    extents for the thread.
Arg2: ffffd28f4a7470d0, Address of the trap frame for the exception that caused the bugcheck
Arg3: ffffd28f4a747028, Address of the exception record for the exception that caused the bugcheck
Arg4: 0000000000000000, Reserved

Debugging Details:
------------------

KEY_VALUES_STRING: 1

STACKHASH_ANALYSIS: 1

TIMELINE_ANALYSIS: 1

DUMP_CLASS: 1

DUMP_QUALIFIER: 401

BUILD_VERSION_STRING:  17763.1.amd64fre.rs5_release.180914-1434

DUMP_TYPE:  1

BUGCHECK_P1: 4

BUGCHECK_P2: ffffd28f4a7470d0

BUGCHECK_P3: ffffd28f4a747028

BUGCHECK_P4: 0

TRAP_FRAME:  cccccccccccccccc -- (.trap 0xcccccccccccccccc)
Unable to read trap frame at cccccccc`cccccccc

EXCEPTION_RECORD:  cccccccccccccccc -- (.exr 0xcccccccccccccccc)
Cannot read Exception record @ cccccccccccccccc

CPU_COUNT: 8

CPU_MHZ: fa0

CPU_VENDOR:  GenuineIntel

CPU_FAMILY: 6

CPU_MODEL: 3c

CPU_STEPPING: 3

CPU_MICROCODE: 6,3c,3,0 (F,M,S,R)  SIG: 24'00000000 (cache) 24'00000000 (init)

BLACKBOXBSD: 1 (!blackboxbsd)

BUGCHECK_STR:  0x139

PROCESS_NAME:  System

CURRENT_IRQL:  e

DEFAULT_BUCKET_ID:  FAIL_FAST_INCORRECT_STACK

WATSON_BKT_EVENT:  BEX

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000004

ANALYSIS_SESSION_HOST:  MACHINE

ANALYSIS_SESSION_TIME:  04-14-2019 02:48:27.0458

ANALYSIS_VERSION: 10.0.17763.132 amd64fre

BAD_STACK_POINTER:  ffffd28f4a746da8

LAST_CONTROL_TRANSFER:  from fffff80737c6de69 to fffff80737c5c730

STACK_TEXT:  
ffffd28f`4a746da8 fffff807`37c6de69 : 00000000`00000139 00000000`00000004 ffffd28f`4a7470d0 ffffd28f`4a747028 : nt!KeBugCheckEx
ffffd28f`4a746db0 fffff807`37c6e210 : cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc : nt!KiBugCheckDispatch+0x69
ffffd28f`4a746ef0 fffff807`37c6c608 : cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc : nt!KiFastFailDispatch+0xd0
ffffd28f`4a7470d0 fffff807`37cd27df : 00000000`00000000 ffffd28f`4a747510 cccccccc`cccccccc cccccccc`cccccccc : nt!KiRaiseSecurityCheckFailure+0x308
ffffd28f`4a747260 fffff807`37bbde7b : cccccccc`cccccccc cccccccc`cccccccc cccccccc`00000003 cccccccc`cccccccc : nt!RtlpGetStackLimits+0x147c7f
ffffd28f`4a747290 fffff807`37acbac4 : ffffd28f`4a747cc8 ffffd28f`4a747a10 ffffd28f`4a747cc8 ffff8201`692f1bc8 : nt!RtlDispatchException+0x6b
ffffd28f`4a7474e0 fffff807`37c6df42 : cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc : nt!KiDispatchException+0x144
ffffd28f`4a747b90 fffff807`37c67c7b : cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc : nt!KiExceptionDispatch+0xc2
ffffd28f`4a747d70 fffff802`81311883 : fffff802`813115f9 cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc : nt!KiBreakpointTrap+0x2fb
ffffd28f`4a747f00 fffff802`813115f9 : cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc : hvppdrv!ia32_asm_int3+0x3 [c:\dev\gits\hvpp\src\hvpp\hvpp\ia32\win32\asm.h @ 15] 
ffffd28f`4a747f08 fffff802`8132322f : cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc : hvppdrv!debugger::breakpoint+0x9 [c:\dev\gits\hvpp\src\hvpp\hvpp\lib\debugger.h @ 12] 
ffffd28f`4a747f38 fffff802`81327672 : ffffd28f`4a740000 cccccccc`cccccccc cccccccc`cccccccc cccccccc`cccccccc : hvppdrv!hvpp::vcpu_t::entry_host+0x1f [c:\dev\gits\hvpp\src\hvpp\hvpp\vcpu.cpp @ 690] 
ffffd28f`4a747fb8 00000000`00000005 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : hvppdrv!hvpp::vcpu_t::entry_host_+0x35 [C:\dev\gits\hvpp\src\hvpp\hvpp\vcpu.asm @ 220] 
00000000`00000002 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x5

THREAD_SHA1_HASH_MOD_FUNC:  ce6782b2a839ccb27881c377e3e13f8067ec0b59

THREAD_SHA1_HASH_MOD_FUNC_OFFSET:  f5608505d956203b03081191b4ab1c878e79ec10

THREAD_SHA1_HASH_MOD:  8e2b9f3283621d081c9906e4f551d738704c1b34

FOLLOWUP_IP: 
hvppdrv!ia32_asm_int3+3 [c:\dev\gits\hvpp\src\hvpp\hvpp\ia32\win32\asm.h @ 15]
fffff802`81311883 c3              ret

FAULT_INSTR_CODE:  ccccccc3

FAULTING_SOURCE_LINE:  c:\dev\gits\hvpp\src\hvpp\hvpp\ia32\win32\asm.h

FAULTING_SOURCE_FILE:  c:\dev\gits\hvpp\src\hvpp\hvpp\ia32\win32\asm.h

FAULTING_SOURCE_LINE_NUMBER:  15

FAULTING_SOURCE_CODE:  
    11: 
    12: inline void ia32_asm_int3() noexcept
    13: {
    14:   __debugbreak();
>   15: }
    16: 
    17: //
    18: // CPUID.
    19: //
    20: 

SYMBOL_STACK_INDEX:  9

SYMBOL_NAME:  hvppdrv!ia32_asm_int3+3

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: hvppdrv

IMAGE_NAME:  hvppdrv.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  5cb281ef

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  3

FAILURE_BUCKET_ID:  0x139_MISSING_GSFRAME_STACKPTR_ERROR_hvppdrv!ia32_asm_int3

BUCKET_ID:  0x139_MISSING_GSFRAME_STACKPTR_ERROR_hvppdrv!ia32_asm_int3

PRIMARY_PROBLEM_CLASS:  0x139_MISSING_GSFRAME_STACKPTR_ERROR_hvppdrv!ia32_asm_int3

TARGET_TIME:  2019-04-14T00:44:28.000Z

OSBUILD:  17763

OSSERVICEPACK:  0

SERVICEPACK_NUMBER: 0

OS_REVISION: 0

SUITE_MASK:  272

PRODUCT_TYPE:  1

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

OSEDITION:  Windows 10 WinNt TerminalServer SingleUserTS

OS_LOCALE:  

USER_LCID:  0

OSBUILD_TIMESTAMP:  2005-12-02 08:58:59

BUILDDATESTAMP_STR:  180914-1434

BUILDLAB_STR:  rs5_release

BUILDOSVER_STR:  10.0.17763.1.amd64fre.rs5_release.180914-1434

ANALYSIS_SESSION_ELAPSED_TIME:  f39

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:0x139_missing_gsframe_stackptr_error_hvppdrv!ia32_asm_int3

FAILURE_ID_HASH:  {999c9d6e-1a59-f6d4-bbb1-8a741040c989}

Followup:     MachineOwner
wbenny commented 5 years ago

Thank you, I know about this. The fix is on the way. As a temporary workaround you can remove the assert.