From nobody Fri Sep 06 16:30:07 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X0hXd4DjPz5VSNj for ; Fri, 06 Sep 2024 16:30:09 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-io1-xd42.google.com (mail-io1-xd42.google.com [IPv6:2607:f8b0:4864:20::d42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X0hXd2XG9z3wsS for ; Fri, 6 Sep 2024 16:30:09 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; none Received: by mail-io1-xd42.google.com with SMTP id ca18e2360f4ac-82521c46feaso92529539f.2 for ; Fri, 06 Sep 2024 09:30:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1725640208; x=1726245008; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=BWBtd0RahNgfAz/bSoLOjQwlQejn87nqo7fg107rpGU=; b=IjbG0li671CQbCfoC9yGQJWgx2KzhwzeWVzfxqg3v1ka0cN5HYl9q23Bl/GJP6HAiA y9efSds/0M9vrT5uWk7orgEl/hclgzVH8jOe7mmZ16l6plCMyaQ3r3YHNf0Vnd9PQetO jkMqUcu1RlXLCGl2U9UDGDGeL0j1/5aNXJJ+zkPxRQTSepU8rWW8l35jUSskSWUc8svl wErDN5bCarkafgJYc7hB5hO0cSwGTwbCGHeWwEd64vu12q9iV1s7Vl0TAI1CZ6aYNLrR BB1e9rwXVWTVG1ExIs5qpWElkyMKYM4OkIqTLXKeWamZX/5fdJomXTtHCgjq5BtVYLbR PgdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725640208; x=1726245008; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=BWBtd0RahNgfAz/bSoLOjQwlQejn87nqo7fg107rpGU=; b=OPb+zRBNwSnRSASJxhubqcN8fXyuPcZsCnaz6iscts1csjCnovR5i+hUJQTIeBjVMj zELMQ/f+GNjOjGy+7ZdtJgbQ5MuT6/amGYodK+bZuClN6PuKAd6XIXRMN8ZQhOqyIUgq HRcm4IMSQiz5uoZIztXi76PLGC/t7LMUe+sPGKrowVkpm9PeTGVg4+fEyISVnjwmO93B cMA7FPShRNCyh5Y6ArwxtFp6r2Q4ZxQhMr1tRbrBdEyakO2Li11PVZN2Xqnvvgyp2nsu aqgE1/4ir+xNAP904NrTR8rf/MHwAm5Cw0LKUjbDCq9DJi5Buu5klclCp06M5/sewgEd D3aw== X-Forwarded-Encrypted: i=1; AJvYcCVJ5AcBMcMF31ocSeO/yOoCtt0btwIz46Qd6QkNiRNY1ZiXUfHngRPW9teos7XRRO5VYDbyvjZFxR5WTA+XQ6dmGRvn@freebsd.org X-Gm-Message-State: AOJu0YzalfyHxzOunauR0qUY1EvENrGGfSnPBMxRUzBKDwPxYiLkMaF8 JRPEW5bQYZvJ7LTiyVWDllffZ1jyXiHFahSyd1yPaT+e9UxB+Ng0yddJ+NCWQLk= X-Google-Smtp-Source: AGHT+IFezbs3C/3jwdpOIhp6k7q/zqx9s7ighlaunKm6QGmCgiZS2LLaHZhkPlpMZBRoeVqAf5xk9w== X-Received: by 2002:a05:6e02:1aaa:b0:376:40b7:b6f3 with SMTP id e9e14a558f8ab-3a04f069b27mr42344065ab.2.1725640208272; Fri, 06 Sep 2024 09:30:08 -0700 (PDT) Received: from mutt-hbsd (174-24-73-190.clsp.qwest.net. [174.24.73.190]) by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-4d08060c2e9sm601194173.22.2024.09.06.09.30.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Sep 2024 09:30:07 -0700 (PDT) Date: Fri, 6 Sep 2024 16:30:07 +0000 From: Shawn Webb To: John Baldwin Cc: Mark Johnston , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: e962b37bf0ff - main - bhyve: Do not enable PCI BAR decoding if a boot ROM is present Message-ID: X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <202408191359.47JDxAbK026029@gitrepo.freebsd.org> <7213e551-6be2-44b1-a8b6-55645c593c12@FreeBSD.org> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="356w62jdouopvffy" Content-Disposition: inline In-Reply-To: <7213e551-6be2-44b1-a8b6-55645c593c12@FreeBSD.org> X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Queue-Id: 4X0hXd2XG9z3wsS --356w62jdouopvffy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 06, 2024 at 09:37:45AM UTC, John Baldwin wrote: > On 9/5/24 22:10, Shawn Webb wrote: > > Hey Mark, > >=20 > > This commit seems to force me to now pass "-o pci.enable_bars=3Dtrue" to > > all my VMs on amd64. I wonder if that might be a POLA violation. I > > didn't realize that I needed to set that until I bisected the src > > tree, looking for the commit that broke bhyve for me. > >=20 > > Is changing the default here really worth it for amd64? If so, I'm > > thinking this should be in both RELNOTES and UPDATING. I now have to > > propigate re-enabling this across my entire infrastructure. > >=20 > > Thanks, >=20 > That should only be true if you are using an older UEFI firmware that did > not program BARs. Are you seeing this on stock FreeBSD, and which version > of the UEFI ROM are you using? Ah, thanks for the hint, John! My UEFI edk2 bhyve package is years out of date. I guess I need to pay more attention to what `pkg upgrade` does NOT upgrade: hbsd-laptop-02[shawn]:/home/shawn $ pkg info | grep bhyve uefi-edk2-bhyve-g20210226_1,2 UEFI EDK2 firmware for bhyve uefi-edk2-bhyve-devel-g20190424_1 UEFI-EDK2 firmware for bhyve hbsd-laptop-02[shawn]:/home/shawn $ pkg search bhyve edk2-bhyve-g202308_5 EDK2 Firmware for bhyve I'm building some packages on my laptop right now. Once that finishes, I'll go ahead and upgrade to the new package, retest, and report. If this is indeed the problem (I suspect it is), I apologize for the noise. Thanks, though, for the hint and the help. :-) --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --356w62jdouopvffy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmbbLggACgkQ/y5nonf4 4foWixAApQ9bRIsO7C4qJN+yNDVB+abdJBefIB32wQezNwydBHM7/rw1157gnNg2 grXWYfv6SivyXhQw9ldGkWV+EKtV7XbIyxWOevxfZXTOBds15umE/wL0i+7ixq22 hJzA7V+U8eMsA4YGWUE5ZjOsZ7hPaMX5no7Zz5vm+kB2M487MPCLjrPvElynov+w IHJ93L6diqtzSixRynSHJkfLPH45l+kklfAG9ovVrPtfjkHMJrg/7bki5b58LPU5 JudSO/MJM2/0MDwwc74QbkkOzWFuGaB2i/RcZe/VKBsXMs5t+nkmU4taxhpF+Yxz VoIx8yc8m1p1ZKrfDONtA5SpPHhqf7iSEwd/RvoOZAD1TKYp02BBLg1tPK9mSCBq /9OI9Oa1ZYRFRB+Ln1pfut4vRUm+s+SynoZ4pb4o8eEn+TbGJq4dF/sOCbi2lwwZ edxFajIm/i1xcdHjFL2VqRqcALZFNzGdYBP8y+c1JQyYgFs+r3RNVStgd6XcqhOW 3KkazuDvxkuD/lfcAW7UVVdoqy5MEoTRCicF8LgRxCtT87QOx4yC9cS3dBue9Boq LDqJkeKx6Y9gVRLtwwAKzcdNzS0fk9VAWjilqZBYn0hqHBK+92+mNL3T/S3NX2AZ S+cgY4dljZ8i4Ake8YWXbpl9A6FdNLNY5xySObvz7V0r/CWgeMA= =llO/ -----END PGP SIGNATURE----- --356w62jdouopvffy--