Announcement

Collapse
No announcement yet.

Getting BSOD 0x3B when launching BurnInTest 9.0 with Device Guard Enabled

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Getting BSOD 0x3B when launching BurnInTest 9.0 with Device Guard Enabled

    Hi, I'm running BurnInTest 9.0 on AMD Ryzen 7 2700U system with latest AMD driver on Win10 1803 Enterprise 64-bit.
    When Device Guard is enabled on this system, launching BurnInTest app will cause BSOD 0x3B immediately (0x0000003B, SYSTEM_SERVICE_EXCEPTION).

    This issue is not seen with Device Guard (DG) disabled.

    I did some experiments with DG enabled and found out that 1) this issue also happens with AMD driver uninstalled, 2) issue happens with v8.1 and 9.0, and does not occur with v7.1

    Memory dump shows that the bugcheck occurred at DirectIO64.sys.

    Could you help take a look? Sorry I won't be able to upload dump file.
    FAILURE_BUCKET_ID: 0x3B_DirectIo64!unknown_function

  • #2
    It shouldn't be possible to crash the entire machine from any application.
    Device guard is meant to protect a machine from malware. But it is pretty useless protection if it just crashes the whole machine.

    Seems VMWare also crashes it,
    https://kb.vmware.com/s/article/2146361
    and so does VirtualBox
    https://superuser.com/questions/1228...is-off/1259492
    So does sysmon, bitlocker, Intel VTune, Cisco AnyConnect, etc....

    It seems Microsoft knows there are a bunch of drivers that aren't going to work. They wrote a whole page on it,
    https://blogs.msdn.microsoft.com/win...in-windows-10/

    and another page
    https://docs.microsoft.com/en-us/win...code-integrity
    Quote. "This can cause devices or software to malfunction and in rare cases may result in a Blue Screen"

    We'll investigate it as we get time, but it is a complex area and there is unlikely to be a quick fix.

    Comment


    • #3

      We had another customer report the problem and collected some additional information.

      Attempts to replicate the problem here failed. But we did it on a Intel CPU.

      So problem seems happen on new AMD CPUs only. With Windows 10 Enterprise only. Only with Device Guard turned on and only when BIOS virtualisation is ON and Secure boot is ON.

      BIOS virtualisation is called VT-D or SVM, depending on what BIOS you have.

      We are continuing to look at the problem.

      Comment


      • #4
        Another update:

        Turns out Microsoft are blocking (or never implemented) AMD's MSR instructions in their virtual machine (VM) that they use with Device Guard. If they didn't want to implement this aspect of the CPU in their VM, it would have at least made sense to fail in a graceful manner. Instead they crash the whole machine. So it is really both a bug and a deficiency in Device Guard that causes this problem. It is going to cause problems for a lot of software that does low level programming, and then further problems for people losing all their work as the system & servers blue screen.


        As background MSR = Machine specific registers.
        In a modern CPU there are heaps of these MSR instructions to control and monitor the CPU's behaviour. We use them for example to check the base and turbo clock speeds the CPU is running at. In our case it crashed on the AMD MSR 0xC0010292, [Power Management Miscellaneous] PMGT_MISC. But the problem effects other MSRs as well.

        We have heard 2nd hand that Microsoft has no intention of fixing the problem in the short term (thanks Microsoft, as we really needed the extra work to document and work around your problem).

        So we'll add some detection process for when BIOS virtualisation is on (PF_VIRT_FIRMWARE_ENABLED) and an AMD CPU is in use and Windows Enterprise is in use. At the moment there doesn't seem to be any way easily directly detect if Device Guard is running or not. This will allow us to work around the problem, but will mean we don't collect a bunch of system information in the next patch releases of BurnInTest and PerformanceTest.

        Comment


        • #5
          Final update (maybe):

          We have worked around the in the problem in these releases (24/Sept/2018 )
          BurnInTest V9.0 build 1011
          PerformanceTest V9.0 build 1027
          OSForensics V6.1 beta 3

          Some system CPU system information won't be collected, but it won't provoke Device Guard into crashing.

          Comment


          • #6
            The symptom got reintroduced in Windows 11. On AMD machine, when running PerformanceTest app, Windows 11 crashes after several seconds (the benchmark is not started yet, it is probably during initial machine check) with SYSTEM_SERVICE_EXCEPTION from DirectIo64.sys.

            Comment


            • #7
              Originally posted by RobertHaken View Post
              The symptom got reintroduced in Windows 11. On AMD machine, when running PerformanceTest app, Windows 11 crashes after several seconds (the benchmark is not started yet, it is probably during initial machine check) with SYSTEM_SERVICE_EXCEPTION from DirectIo64.sys.
              Can you provide more details how you are running this on your system?
              Is this on a VM? If so, how/what are you running this on?
              Did you have device guard enabled?

              Can you also provide the log file: https://www.passmark.com/support/per.../debug-log.php

              Comment


              • #8
                I am receiving this same BSOD with Win10 21H2 on a Panasonic ToughBook CF-33 Mark 2 without Device Guard enabled. I've attached my debug logs (I had to rename them from TXT to LOG and split them due to attachment limitations on these forums).
                Attached Files

                Comment


                • #9
                  Originally posted by RobertHaken View Post
                  The symptom got reintroduced in Windows 11. On AMD machine, when running PerformanceTest app, Windows 11 crashes after several seconds (the benchmark is not started yet, it is probably during initial machine check) with SYSTEM_SERVICE_EXCEPTION from DirectIo64.sys.
                  We have made some changes in this build that should disable the MSR reading in Windows 11 Enterprise, could you please let us know if it fixes the crash.

                  Originally posted by AgetroNairb View Post
                  I am receiving this same BSOD with Win10 21H2 on a Panasonic ToughBook CF-33 Mark 2 without Device Guard enabled. I've attached my debug logs (I had to rename them from TXT to LOG and split them due to attachment limitations on these forums).
                  This seems like a very different situation, we're looking into the log files now.

                  Comment


                  • #10
                    Originally posted by AgetroNairb View Post
                    I am receiving this same BSOD with Win10 21H2 on a Panasonic ToughBook CF-33 Mark 2 without Device Guard enabled. I've attached my debug logs (I had to rename them from TXT to LOG and split them due to attachment limitations on these forums).
                    It appears that the BSOD may be related to retrieving the memory SPD info.

                    If possible, can you run our RAMMon tool and see if the same issue occurs:
                    PassMark RAMMon - Identify RAM type, speed & memory timings

                    Comment


                    • #11
                      Yes, I get the same BSOD, SYSTEM_SERVICE_EXCEPTION caused by DirectIo64.sys.

                      Comment


                      • #12
                        Any further assistance you can provide?

                        Comment


                        • #13
                          The crash seems to be related to enumerating the PCI bus. We have rarely encountered any reports of such a case, if any.

                          We added some verbosity to our debug logging to see if it is related to a specific PCI device.

                          Can you give this RAMMon debug build a try:
                          https://www.passmark.com/temp/rammon...0017-debug.exe

                          If possible, please run with the DEBUGMODE flag which will generate the necessary debug logs.
                          Note that like the public release, this build will likely also BSOD.

                          Comment

                          Working...
                          X