NetBSD Problem Report #55596
From www@netbsd.org Sat Aug 22 01:52:34 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 2AF531A923D
for <gnats-bugs@gnats.NetBSD.org>; Sat, 22 Aug 2020 01:52:34 +0000 (UTC)
Message-Id: <20200822015232.CB52C1A9249@mollari.NetBSD.org>
Date: Sat, 22 Aug 2020 01:52:32 +0000 (UTC)
From: billc@warped.com
Reply-To: billc@warped.com
To: gnats-bugs@NetBSD.org
Subject: nvmm BIOS lock may not be granular enough
X-Send-Pr-Version: www-1.0
>Number: 55596
>Category: port-amd64
>Synopsis: nvmm BIOS lock may not be granular enough
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: port-amd64-maintainer
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Aug 22 01:55:00 +0000 2020
>Closed-Date: Sat Sep 05 07:52:41 +0000 2020
>Last-Modified: Sat Sep 05 07:52:41 +0000 2020
>Originator: William Coldwell
>Release: netbsd-9
>Organization:
The NetBSD Foundation
>Environment:
NetBSD agamemnon.local 9.0_STABLE NetBSD 9.0_STABLE (GENERIC) #0: Thu Aug 13 01:40:53 UTC 2020 root@agamemnon.local:/tmp/netbsd-9/build/objdir/sys/arch/amd64/compile/GENERIC amd64
>Description:
modload nvmm
[ 638963.560892] NVMM: VMX disabled in BIOS
[ 638963.560892] autoconfiguration error: nvmm: cpu not supported
[ 638963.560892] WARNING: module error: modcmd(CMD_INIT) failed for `nvmm', error 86
cpuctl identify 0
cpu0: features1 0x7ffefbff<SSE3,PCLMULQDQ,DTES64,MONITOR,DS-CPL,VMX,SMX,EST>
So the cpu is advertising this, but nvmm says no because of:
msr = rdmsr(MSR_IA32_FEATURE_CONTROL);
if ((msr & IA32_FEATURE_CONTROL_LOCK) == 0) {
printf("NVMM: VMX disabled in BIOS\n");
return false;
}
if ((msr & IA32_FEATURE_CONTROL_OUT_SMX) == 0) {
printf("NVMM: VMX disabled in BIOS\n");
return false;
}
However, I can run VMs/KVM on Linux with this machine, and it, too, is reporting those cpu flags.
Bigger question: Should cpu flags not report flags that are unavailable to the system/VM like we do with MDS/TAA, etc?
>How-To-Repeat:
Have a bios from a manufacturer that wants to sell their little BMC manager adapter, otherwise locks the bios apparently.
modload nvmm
get rejected.
>Fix:
Questionably ignore bios locking, because vendors don't necessarily know best?
Find out why Linux (possibly FreeBSD Bhyve too) works and we don't with native hypervisor.
>Release-Note:
>Audit-Trail:
From: "Maxime Villard" <maxv@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/55596 CVS commit: src/sys/dev/nvmm/x86
Date: Sat, 22 Aug 2020 11:01:10 +0000
Module Name: src
Committed By: maxv
Date: Sat Aug 22 11:01:10 UTC 2020
Modified Files:
src/sys/dev/nvmm/x86: nvmm_x86_vmx.c
Log Message:
nvmm-x86-vmx: fix detection of the BIOS lock
If it's locked, ensure it's locked with VMX enabled. If it's not locked,
then lock it ourselves with VMX enabled.
Should fix NetBSD PR/55596.
To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 src/sys/dev/nvmm/x86/nvmm_x86_vmx.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->feedback
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Sat, 22 Aug 2020 11:07:55 +0000
State-Changed-Why:
should be fixed please test
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/55596 CVS commit: [netbsd-9] src/sys
Date: Fri, 4 Sep 2020 18:53:43 +0000
Module Name: src
Committed By: martin
Date: Fri Sep 4 18:53:43 UTC 2020
Modified Files:
src/sys/arch/x86/include [netbsd-9]: specialreg.h
src/sys/dev/nvmm/x86 [netbsd-9]: nvmm_x86_svm.c nvmm_x86_vmx.c
Log Message:
Pull up following revision(s) (requested by maxv in ticket #1076):
sys/dev/nvmm/x86/nvmm_x86_svm.c: revision 1.75
sys/arch/x86/include/specialreg.h: revision 1.172
sys/dev/nvmm/x86/nvmm_x86_vmx.c: revision 1.72
nvmm-x86-vmx: fix detection of the BIOS lock
If it's locked, ensure it's locked with VMX enabled. If it's not locked,
then lock it ourselves with VMX enabled.
Should fix NetBSD PR/55596.
-
Add a few more CPUID flags.
-
nvmm-x86-svm: check the SVM revision
Only revision 1 exists, but check it, for future-proofness.
To generate a diff of this commit:
cvs rdiff -u -r1.150.2.7 -r1.150.2.8 src/sys/arch/x86/include/specialreg.h
cvs rdiff -u -r1.46.4.10 -r1.46.4.11 src/sys/dev/nvmm/x86/nvmm_x86_svm.c
cvs rdiff -u -r1.36.2.12 -r1.36.2.13 src/sys/dev/nvmm/x86/nvmm_x86_vmx.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: feedback->closed
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Sat, 05 Sep 2020 07:52:41 +0000
State-Changed-Why:
fixed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.