NetBSD Problem Report #55596

From www@netbsd.org  Sat Aug 22 01:52:34 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 2AF531A923D
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 22 Aug 2020 01:52:34 +0000 (UTC)
Message-Id: <20200822015232.CB52C1A9249@mollari.NetBSD.org>
Date: Sat, 22 Aug 2020 01:52:32 +0000 (UTC)
From: billc@warped.com
Reply-To: billc@warped.com
To: gnats-bugs@NetBSD.org
Subject: nvmm BIOS lock may not be granular enough
X-Send-Pr-Version: www-1.0

>Number:         55596
>Category:       port-amd64
>Synopsis:       nvmm BIOS lock may not be granular enough
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    port-amd64-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Aug 22 01:55:00 +0000 2020
>Closed-Date:    Sat Sep 05 07:52:41 +0000 2020
>Last-Modified:  Sat Sep 05 07:52:41 +0000 2020
>Originator:     William Coldwell
>Release:        netbsd-9
>Organization:
The NetBSD Foundation
>Environment:
NetBSD agamemnon.local 9.0_STABLE NetBSD 9.0_STABLE (GENERIC) #0: Thu Aug 13 01:40:53 UTC 2020  root@agamemnon.local:/tmp/netbsd-9/build/objdir/sys/arch/amd64/compile/GENERIC amd64

>Description:
modload nvmm

[ 638963.560892] NVMM: VMX disabled in BIOS
[ 638963.560892] autoconfiguration error: nvmm: cpu not supported
[ 638963.560892] WARNING: module error: modcmd(CMD_INIT) failed for `nvmm', error 86


cpuctl identify 0

cpu0: features1 0x7ffefbff<SSE3,PCLMULQDQ,DTES64,MONITOR,DS-CPL,VMX,SMX,EST>

So the cpu is advertising this, but nvmm says no because of:


        msr = rdmsr(MSR_IA32_FEATURE_CONTROL);
        if ((msr & IA32_FEATURE_CONTROL_LOCK) == 0) {
                printf("NVMM: VMX disabled in BIOS\n");
                return false;
        }
        if ((msr & IA32_FEATURE_CONTROL_OUT_SMX) == 0) {
                printf("NVMM: VMX disabled in BIOS\n");
                return false;
        }


However, I can run VMs/KVM on Linux with this machine, and it, too, is reporting those cpu flags.

Bigger question: Should cpu flags not report flags that are unavailable to the system/VM like we do with MDS/TAA, etc?








>How-To-Repeat:
Have a bios from a manufacturer that wants to sell their little BMC manager adapter, otherwise locks the bios apparently.

modload nvmm
get rejected.

>Fix:
Questionably ignore bios locking, because vendors don't necessarily know best?

Find out why Linux (possibly FreeBSD Bhyve too) works and we don't with native hypervisor.

>Release-Note:

>Audit-Trail:
From: "Maxime Villard" <maxv@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/55596 CVS commit: src/sys/dev/nvmm/x86
Date: Sat, 22 Aug 2020 11:01:10 +0000

 Module Name:	src
 Committed By:	maxv
 Date:		Sat Aug 22 11:01:10 UTC 2020

 Modified Files:
 	src/sys/dev/nvmm/x86: nvmm_x86_vmx.c

 Log Message:
 nvmm-x86-vmx: fix detection of the BIOS lock

 If it's locked, ensure it's locked with VMX enabled. If it's not locked,
 then lock it ourselves with VMX enabled.

 Should fix NetBSD PR/55596.


 To generate a diff of this commit:
 cvs rdiff -u -r1.71 -r1.72 src/sys/dev/nvmm/x86/nvmm_x86_vmx.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Sat, 22 Aug 2020 11:07:55 +0000
State-Changed-Why:
should be fixed please test


From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/55596 CVS commit: [netbsd-9] src/sys
Date: Fri, 4 Sep 2020 18:53:43 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Fri Sep  4 18:53:43 UTC 2020

 Modified Files:
 	src/sys/arch/x86/include [netbsd-9]: specialreg.h
 	src/sys/dev/nvmm/x86 [netbsd-9]: nvmm_x86_svm.c nvmm_x86_vmx.c

 Log Message:
 Pull up following revision(s) (requested by maxv in ticket #1076):

 	sys/dev/nvmm/x86/nvmm_x86_svm.c: revision 1.75
 	sys/arch/x86/include/specialreg.h: revision 1.172
 	sys/dev/nvmm/x86/nvmm_x86_vmx.c: revision 1.72

 nvmm-x86-vmx: fix detection of the BIOS lock

 If it's locked, ensure it's locked with VMX enabled. If it's not locked,
 then lock it ourselves with VMX enabled.

 Should fix NetBSD PR/55596.

  -

 Add a few more CPUID flags.

  -

 nvmm-x86-svm: check the SVM revision
 Only revision 1 exists, but check it, for future-proofness.


 To generate a diff of this commit:
 cvs rdiff -u -r1.150.2.7 -r1.150.2.8 src/sys/arch/x86/include/specialreg.h
 cvs rdiff -u -r1.46.4.10 -r1.46.4.11 src/sys/dev/nvmm/x86/nvmm_x86_svm.c
 cvs rdiff -u -r1.36.2.12 -r1.36.2.13 src/sys/dev/nvmm/x86/nvmm_x86_vmx.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: feedback->closed
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Sat, 05 Sep 2020 07:52:41 +0000
State-Changed-Why:
fixed


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.