Sending a non-maskable interrupt to a virtual machine

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

Sending a non-maskable interrupt to a virtual machine

Postby Dipti » Fri Jan 06, 2017 4:44 pm

I'm using a virtual machine to do kernel debugging on Mac OS X.

Unfortunately, contrary to the Windows equivalent, it's not possible to use the debugger to stop the kernel. To stop it, you have to send the machine a non-maskable interrupt. On a physical machine, you can do that with the correct debug flags at boot, and then holding both ⌘ keys while pressing the power button. However, this key combination can't quite be realized on a virtual machine.

Is it possible to send a non-maskable interrupt to a virtual machine with VMware Fusion?
Dipti
 
Posts: 16
Joined: Wed Jul 20, 2016 10:32 am

Re: Sending a non-maskable interrupt to a virtual machine

Postby scknight » Mon Jan 09, 2017 1:11 pm

This article is getting a bit dated but I still find it super helpful for getting things set up in VMware Fusion

http://ddeville.me/2015/08/kernel-debug ... are-fusion

If you've got DB_NMI set in your boot-args then Command-Option-Control-Shift-Escape should actually work in the VM to trigger the debugger.
scknight
 
Posts: 27
Joined: Thu Nov 10, 2016 1:01 pm

Re: Sending a non-maskable interrupt to a virtual machine

Postby scknight » Wed Jan 25, 2017 2:31 pm

I just upgraded my host machine to Sierra and now it seems like Vmware Fusion 8.5.3 doesn't seem to respond to Command-Option-Control-Shift-Escape anymore. Has anyone else who upgraded to Sierra been experiencing this issue? What is it that actually listens for the key combinations one of the kernel extensions?
scknight
 
Posts: 27
Joined: Thu Nov 10, 2016 1:01 pm

Re: Sending a non-maskable interrupt to a virtual machine

Postby zchee » Mon Jan 30, 2017 12:58 am

Hi, I have same issue, but solved this OSS kext code.
https://github.com/shiro-t/PseudoNMI

Let's reads this source. maybe you can understand what behaviors.
But, usage is just kextloat that compiled .kext.
I think it's not a best solution, but can get a same result of Command-Option-Control-Shift-Escape
- zchee
zchee
 
Posts: 5
Joined: Tue Dec 15, 2015 3:39 am

Re: Sending a non-maskable interrupt to a virtual machine

Postby scknight » Mon Jan 30, 2017 7:31 pm

I actually ended up doing the same thing. Just making a kext that calls PE_enter_debugger. I also opened a ticket with vmware since it seems like this only happened to me after my host machine was updated to Sierra. When my host was el capitan and the virtual machine was sierra the command-option-control-shift-esc seemed to work just fine.
scknight
 
Posts: 27
Joined: Thu Nov 10, 2016 1:01 pm

Re: Sending a non-maskable interrupt to a virtual machine

Postby zchee » Tue Jan 31, 2017 12:30 pm

@scknight:
Interesting. I also tested only Sierra host.
If this problem caused by VMWare's bug, I think you made a good report. Thanks.

BTW, I feel still annoying need the send command-option-control-shift-esc signal for lldb debugging, some vm settings on GUI and first setup.
So I was started to write a tool that automatic setup debug environment and support kernel debugging for macOS.
Similar Vagrant, but the scope is only macOS. Wrapping of vmrun & ptrctl and adding more useful thing for kernel debugging, such as easy take a snapshot, auto-disabling SIP, etc. Of course, support auto loading the "DB_NMI" kext also.
like

Code: Select all
wtftoolname -image "Install macOS Sierra.app" -cpu 4 -mem 1024 -boot-args "..." -debug-option DB_NMI ...


So I am interested that kext code(even if it is the same mechanism as I posted OSS's code). Can I refer to it?
I'm glad if you publish that code on somewhere.

Thanks.
- zchee
zchee
 
Posts: 5
Joined: Tue Dec 15, 2015 3:39 am

Re: Sending a non-maskable interrupt to a virtual machine

Postby scknight » Tue Jan 31, 2017 2:01 pm

https://github.com/knightsc/EnterDebugger

I ended up using an IOKit kext simply because I had been playing around with them recently. I have a user space client that I bind to a key combo using an Automator service. I think your approach looks a lot easier. It'd be even easier still if the key combinations simply worked. I did initially try to look into what listens to the original keystrokes in the first place and tracked it down to here:

https://opensource.apple.com/source/IOH ... .auto.html line 1416

That's what led me to believe that it must be something VMware isn't doing the same as before.

I love the idea of a tool to help make kernel debugging easier. Definitely post more if you get something working.
scknight
 
Posts: 27
Joined: Thu Nov 10, 2016 1:01 pm

Re: Sending a non-maskable interrupt to a virtual machine

Postby zchee » Tue Jan 31, 2017 5:14 pm

@scknight:
Wow, quickly : D
I'll watch your committed code later, Thanks!!

And yeah. It was not written by me, but I found what the Japanese developer wrote a while ago (5 years ago lol).
Just kextload and change the sysctl configuration.
Code: Select all
kextload /path/to/PseudoNMI.kext
sysctl -w debug.pseudo_nmi=1

It's useful at least for me.

I love the idea of a tool to help make kernel debugging easier. Definitely post more if you get something working.


Sure!! I’d love to : )
actually, I didn't know which is good method and tool to use for kernel debugging because I'm newbie. But I saw some hackers' blog, and they seemed to be using VMWare.

Vagrant is almost good design(but I love Docker : P). but detailed first setup of macOS is difficult.
IIRC Currently the best solution is https://github.com/boxcutter/macos, but VMWare provider "plugin" is a paid product (wtf), and Vagrant and Packer are a bit buggy and setting is troublesome. So I gave it up.

I think that it probably will be a useful tool for the "J" newosxbook.com community(I hope). I will post as [ANN] after the finish it.
Also, I'm planned to develop tiny wrapper tool that for download any versions "xnu" tarballs and easily compile xnu kernel.
I hope you'll be looking forward to it. My GitHub username is https://github.com/zchee and _zchee_ on tw.

Thanks.
- zchee
zchee
 
Posts: 5
Joined: Tue Dec 15, 2015 3:39 am

Re: Sending a non-maskable interrupt to a virtual machine

Postby b3ntx » Wed Feb 08, 2017 12:26 pm

I ran in to this exact issue. Simply enough, I reinstalled Fusion after upgrading to Sierra from ElCap. Then in each VM I reinstalled VMware tools. That is, uninstall, reboot, install, reboot.

Hopefully it's that simple for anyone else.

*Edit. I'm using Fusion 8.5.2 on Sierra 10.12.3 host with 10.12.3 guest.
b3ntx
 
Posts: 10
Joined: Wed Dec 16, 2015 1:26 pm

Re: Sending a non-maskable interrupt to a virtual machine

Postby scknight » Tue Feb 14, 2017 7:17 pm

Tried uninstalling Fusion 8.5.3 on 10.12.3 host and reinstalling then uninstalling/reinstalling vmware tools on the 10.12.2 virtual machine but no dice. It still doesn't respond to the NMI.
scknight
 
Posts: 27
Joined: Thu Nov 10, 2016 1:01 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 2 guests