From nobody Sun Sep 08 19:43:36 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X20l041BSz5Vx0P for ; Sun, 08 Sep 2024 19:43:40 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X20kz2tcpz4Cr1 for ; Sun, 8 Sep 2024 19:43:39 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hardenedbsd.org header.s=google header.b=F7PXuGIp; dmarc=none; spf=pass (mx1.freebsd.org: domain of shawn.webb@hardenedbsd.org designates 2607:f8b0:4864:20::d41 as permitted sender) smtp.mailfrom=shawn.webb@hardenedbsd.org Received: by mail-io1-xd41.google.com with SMTP id ca18e2360f4ac-82aab679b7bso41744239f.0 for ; Sun, 08 Sep 2024 12:43:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; t=1725824618; x=1726429418; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=J6KwfeD0oXaojneNKnuqFwywfEpZ/gp5d+aMWVjj8IU=; b=F7PXuGIpn5OwWmZTfYw3WQceU8VYgCLfudKuMW66ueWaa5+QdcxsWioBp+z/eWyqrx 7g4S/aVaMb5x4i3mlgGy9bCnjAdtUwSfDYDyf+SukBv8chhhkN1t8GFcEpWVkDVpjEpc 8IcePvmCQWmfTOqh+CJ/80BNw4utZNVzk+4nbkPVRkoy0PtZyS3tHEqKaHZyvQcrCM6B hfAMu8dRm3qFBy3pJRL8FRYGqO1IHibXIqZdVOLhjYO6X8MdDxUPp/ru5zMr4j181qSa rVZdXyqNkfRY0ZYLdRjkhQMaCfNZheYxpTXK1wYLwRYT0sQftTcAsFARUuz04OZFfOMY wolg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725824618; x=1726429418; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=J6KwfeD0oXaojneNKnuqFwywfEpZ/gp5d+aMWVjj8IU=; b=f7ZbnvzPz8LqLUjI6lk/UaJHyRnJFMT97455MIxNr+UXf/pSS730FgnLVjW1Tq0DSI 7xLe8NhDRQq0S88afIT2wy9Nxf5dJlNZQn4MpR4UBv0nMQiDP3i0taF3PSMzTrYzwF4K CVFmUIVPUW1aRxLF4GXk5ZRhikZiq9i5vr2XnztdWP5FMNfWalW9PERPhQ58eQ+p8ZqS 2w7umeUTDIwDU7ivz+FniiRnBMEPpu47gk2B9saQzYvYyGSvDXaXAbsbfMqUedjSh1xo X7S0Sp7b45DNyu+57Ox2YQJm6eh9TcMsm2byrAHsziJHDu6zmRmH349dU8I6Y9S9s8HU tKJA== X-Forwarded-Encrypted: i=1; AJvYcCXuG39GsJwfgzbG66BCm1Eo9fRj0w4a6MBhAlA/0mjlPUMBO/gO3WaWQWvk/HZfuO63XNAsJMs1GdUzTBF5XjibGZHr@freebsd.org X-Gm-Message-State: AOJu0Yy4ME8RD/SV0nlLFehoCIoaPr+7tyh4Dhc6PFgjPfxEtL0/4VNR ZPX5HN+YiHZgti9LEQNyITmHD/JKFSizFHQUcjNU64/9FC0h4/4BbELQ5BTIxsc= X-Google-Smtp-Source: AGHT+IGSpn8o1k9NfZH7WInrlyPvcn3YcUUmDvUhdq1QtqlXUtfoRn2xWizdOzuOw91rlfRxLercDg== X-Received: by 2002:a05:6602:1607:b0:82a:309c:488f with SMTP id ca18e2360f4ac-82a962131b6mr660144439f.12.1725824617743; Sun, 08 Sep 2024 12:43:37 -0700 (PDT) Received: from mutt-hbsd (174-24-73-190.clsp.qwest.net. [174.24.73.190]) by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-4d094562512sm763555173.60.2024.09.08.12.43.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Sep 2024 12:43:37 -0700 (PDT) Date: Sun, 8 Sep 2024 19:43:36 +0000 From: Shawn Webb To: John Baldwin Cc: Mark Johnston , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: e962b37bf0ff - main - bhyve: Do not enable PCI BAR decoding if a boot ROM is present Message-ID: X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD 15.0-CURRENT-HBSD X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc References: <202408191359.47JDxAbK026029@gitrepo.freebsd.org> <7213e551-6be2-44b1-a8b6-55645c593c12@FreeBSD.org> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="d3c3vavkuh42wyjl" Content-Disposition: inline In-Reply-To: X-Spamd-Bar: ----- X-Spamd-Result: default: False [-5.08 / 15.00]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.98)[-0.977]; MID_RHS_NOT_FQDN(0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MISSING_XM_UA(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::d41:from]; TO_DN_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; DMARC_NA(0.00)[hardenedbsd.org]; MLMMJ_DEST(0.00)[dev-commits-src-all@freebsd.org]; RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_TLS_LAST(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[dev-commits-src-all@freebsd.org]; DKIM_TRACE(0.00)[hardenedbsd.org:+] X-Rspamd-Queue-Id: 4X20kz2tcpz4Cr1 --d3c3vavkuh42wyjl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 06, 2024 at 04:30:07PM UTC, Shawn Webb wrote: > On Fri, Sep 06, 2024 at 09:37:45AM UTC, John Baldwin wrote: > > On 9/5/24 22:10, Shawn Webb wrote: > > > Hey Mark, > > >=20 > > > This commit seems to force me to now pass "-o pci.enable_bars=3Dtrue"= to > > > all my VMs on amd64. I wonder if that might be a POLA violation. I > > > didn't realize that I needed to set that until I bisected the src > > > tree, looking for the commit that broke bhyve for me. > > >=20 > > > Is changing the default here really worth it for amd64? If so, I'm > > > thinking this should be in both RELNOTES and UPDATING. I now have to > > > propigate re-enabling this across my entire infrastructure. > > >=20 > > > Thanks, > >=20 > > That should only be true if you are using an older UEFI firmware that d= id > > not program BARs. Are you seeing this on stock FreeBSD, and which vers= ion > > of the UEFI ROM are you using? >=20 > Ah, thanks for the hint, John! My UEFI edk2 bhyve package is years out > of date. I guess I need to pay more attention to what `pkg upgrade` > does NOT upgrade: >=20 > hbsd-laptop-02[shawn]:/home/shawn $ pkg info | grep bhyve > uefi-edk2-bhyve-g20210226_1,2 UEFI EDK2 firmware for bhyve > uefi-edk2-bhyve-devel-g20190424_1 UEFI-EDK2 firmware for bhyve >=20 > hbsd-laptop-02[shawn]:/home/shawn $ pkg search bhyve > edk2-bhyve-g202308_5 EDK2 Firmware for bhyve >=20 > I'm building some packages on my laptop right now. Once that finishes, > I'll go ahead and upgrade to the new package, retest, and report. >=20 > If this is indeed the problem (I suspect it is), I apologize for the > noise. Thanks, though, for the hint and the help. :-) The issue was indeed the out-of-date EDK2 UEFI firmware. Sorry for the noise, but thank you very much for the hint! --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --d3c3vavkuh42wyjl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmbd/mAACgkQ/y5nonf4 4fq+Sg//eq8ePmxbzQh8ANFUeX6/XdsLYeorRytMRaoea0ZnKfey+H0X+/pRDTkz NLbfmwKDf2PmpLCVODwPpP4b8D+yhTlV87eTqFfb32xa+uptTXHeXnFkb7JTy3wm GqJHOPAcI033voDo9ch7hFVxPOpGaBIMVjUXlsJz/u+8M3JPTWWIM+LBz1+O6mQB L/jE2NcbVdwoocljz+mlAwK7mfaQPcckAWHf5Sy/eP55cMyKdH1glfhcRRW90HRS U/E0+dLD5bwbsSpHj4yArp/7nYwcMjqbB5FZX7hloTpvRq1XLxFkTxKP0SUZwWtA r0pAg9LxSVOPar3hchPpg8Wbvs+0FxE0CnaE2mVmD99VxAaUQFuKmPYhij6xvWlo WL9ifridoKKQePczhFUW+dLXG3ev56bFDzGIjIlWbeusPGjI0Z1POa5YV8LYE/q+ ltKFVwyHDIGUJFB1HJIc6QAshExp8tYoBG1jxR4n8zDUBLR2ETuFAZF6dc4fZ/LA p5G8HuiEOQJgzHzb6zKlOwE2jsc9W/yTBU42ng4OUdAgaL7+/YhfZdEUk7g/Y48P DYLAcOPWYnah53HF2QnJ8Z96jyXdjorJtdkOpUHCYpEk0mLWeL92WxBe2A+HSSJz Z/BAttQC84RGi3EBru5iiA8vs/u/kgszdRaHFJtxH8k0nnj9bPs= =sUwR -----END PGP SIGNATURE----- --d3c3vavkuh42wyjl--