From owner-freebsd-current@freebsd.org Fri Mar 17 20:31:00 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8E3E5D106DC for ; Fri, 17 Mar 2017 20:31:00 +0000 (UTC) (envelope-from pkelsey@gmail.com) Received: from mail-pg0-x22d.google.com (mail-pg0-x22d.google.com [IPv6:2607:f8b0:400e:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5CB6C16EB for ; Fri, 17 Mar 2017 20:31:00 +0000 (UTC) (envelope-from pkelsey@gmail.com) Received: by mail-pg0-x22d.google.com with SMTP id n190so48523696pga.0 for ; Fri, 17 Mar 2017 13:31:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=MjY6+z85bxCwosfxn08sTnUpqXGpv1aMByVKeNXREkQ=; b=I/2URZQzKPVlmsHT7ups2+kk/KugO7m3S5JEsWVpMhMFcn/wnOsI7Hi5FL063UP8f7 +dSNev/3HjMVs6SfNZFqMHGzCLjZDvbuBg/v9DxaaDolPGHRGCWcBJijSxUKom9zJeb9 tPgCD7vo/hT0h330qXZ1UQZW6Z0aTUR9MODoABMmTTXWI+P4KeHWuLsKAHFZbpDUTlR1 RhqHHH3c16xsfVy1X4kI3H+F7C2XzYdhCo4lc4r6Oq463iQey2csaIYtjogWx2UtzccY VCWCstbYQ+PA91Eb+5xPhlhXpH2rgYqAFNWSf40//66CqzQekd5UYoYw7ZwLBXk+lLNv wPsA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=MjY6+z85bxCwosfxn08sTnUpqXGpv1aMByVKeNXREkQ=; b=h9nzmfLbNd/C7zjT6x2pG5T6tZtTPQ888MZ6nmDXo32s+Std2TiZl66482As39M/Dd +khNxq08UG6OE2G2h+P2EqwTR8yLALFLjPAVW3AQ4zhebrEBEx1v/5Unia6wXCmgJl7j Y8fw3myVMZXdG12FSRrSAJlrQG1WVLn9MEDjOBeshP0yicdlS54pGidECF/dxfpF7zU3 2ruhJ76GGG5ampy+Mia4I/vJ+DhRKWtqLMmHtZVfKs30MRG5Sd4nHIq+15j1J7Ce1Yac IXIAN62dVTvpHXW5xxsrFS/z4iMTJL/V1534iexL22orb0PhhqI6VGZ972XuMcK/y/hG QIeA== X-Gm-Message-State: AFeK/H2QTuGcp6q9lcnID8XQFDGFzAfLDhvMxUI6UbEl6bZMjDyPt5KUojveGnl5tBwmSmKIV14r+kAX+kwR2A== X-Received: by 10.99.185.91 with SMTP id v27mr7620060pgo.65.1489782659818; Fri, 17 Mar 2017 13:30:59 -0700 (PDT) MIME-Version: 1.0 Sender: pkelsey@gmail.com Received: by 10.100.166.166 with HTTP; Fri, 17 Mar 2017 13:30:59 -0700 (PDT) In-Reply-To: <20170317183111.3a80f358@thor.intern.walstatt.dynvpn.de> References: <20170317123625.60f1a508@freyja.zeit4.iv.bundesimmobilien.de> <20170317120429.GX15630@zxy.spb.ru> <20170317175324.27f1d59d@thor.intern.walstatt.dynvpn.de> <20170317170735.GO70430@zxy.spb.ru> <20170317183111.3a80f358@thor.intern.walstatt.dynvpn.de> From: Patrick Kelsey Date: Fri, 17 Mar 2017 16:30:59 -0400 X-Google-Sender-Auth: xDv-mb6Du0LCoXWdjuqO5lCZb8M Message-ID: Subject: Re: CURRENT: FreeBSD not reporting AES-NI on Intel(R) Xeon(R) CPU E5-1650 v3 To: "O. Hartmann" Cc: Slawa Olhovchenkov , freebsd-current Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Mar 2017 20:31:00 -0000 On Fri, Mar 17, 2017 at 1:31 PM, O. Hartmann wrote: > Am Fri, 17 Mar 2017 20:07:35 +0300 > Slawa Olhovchenkov schrieb: > > > On Fri, Mar 17, 2017 at 05:53:24PM +0100, O. Hartmann wrote: > > > > > Am Fri, 17 Mar 2017 15:04:29 +0300 > > > Slawa Olhovchenkov schrieb: > > > > > > > On Fri, Mar 17, 2017 at 12:36:25PM +0100, O. Hartmann wrote: > > > > > > > > > Running recent CURRENT on a Fujitsu Celsius M740 equipted with an > Intel(R) > > > > > Xeon(R) CPU E5-1650 v3 @ 3.50GHz CPU makes me some trouble. > > > > > > > > > > FreeBSD does not report the existence or availability of AES-NI > feature, which > > > > > is supposed to be a feature of this type of CPU: > > > > > > > > What reassons to detect AES-NI by FreeBSD? > > > > > > What do you mean? I do not understand! FreeBSD is supposed to read the > CPUID and > > > therefore the capabilities as every other OS, too. But there may some > circumstances > > > why FBSD won't. I do not know, that is the reason why I'm asking here. > > > > This sample can have disabled AES-NI by vendor, in BIOS, for example. > > As I show by links this is posible. > > > > CPUID in you example don't show AES-NI capabilities, for example > > 1650v4 w/ AES-NI > > > > CPU: Intel(R) Xeon(R) CPU E5-1650 v4 @ 3.60GHz (3600.07-MHz K8-class CPU) > > Origin="GenuineIntel" Id=0x406f1 Family=0x6 Model=0x4f Stepping=1 > > Features=0xbfebfbff APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI, > MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> > > Features2=0x7ffefbff VMX,SMX,EST,TM2,SSSE3,SDBG,FMA,CX16,xTPR,PDCM,PCID,DCA, > SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE, > OSXSAVE,AVX,F16C,RDRAND> > > > > ^^^^^^ > > AMD Features=0x2c100800 > > AMD Features2=0x121 > > Structured Extended > > Features=0x21cbfbb BMI2,ERMS,INVPCID,RTM,PQM,NFPUSG,PQE,RDSEED,ADX,SMAP,PROCTRACE> > > XSAVE Features=0x1 VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID, > VID,PostIntr > > TSC: P-state invariant, performance statistics > > > > In you sample: "TSCDLT,XSAVE" > > > > May be AES-NI disabled by vendor and FreeBSD correct show this. Or some > bug in FreeBSD, > > AES-NI work and other OS show AES-NI capabilities. > > > > _______________________________________________ > > freebsd-current@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-current > > To unsubscribe, send any mail to "freebsd-current-unsubscribe@ > freebsd.org" > > We have some LGA1151 XEON based 19 inch rack server, also equipted with > Haswell > E3-12XX-v3 XEONs and FreeBSD, also CURRENT, does show AES-NI. > > You're right, the vendor could have disabled AES-NI by intention - but > they offered this > box especially with AES-NI capabilities. > > See here: > > http://freebsd.1045724.x6.nabble.com/r285947-broken- > AESNI-support-No-aesni0-on-Intel-XEON-E5-1650-v3-on-Fujitsu-Celsius-M740- > td6028895.html > > I feel a bit pissed off right now due to Fujitsu, because we started > testing some > encrypting features and I'd like to use AES-NI and I run into this issue > again. > > I need to know that FreeBSD is not the issue with this specific CPU type. > I'm still > frustrated by that stupid comment "UNIX is not supoorted" I got that time > then when I > reported 2015 the issue to Fujitsu. > > > It's pretty straightforward to gain confidence that FreeBSD is not the issue here. The 'Features2=' line is printed by printcpuinfo() in sys/x86/x86/identcpu.c based on the bits set in a variable called cpu_feature2 (the printf is currently at line 802). The value of cpu_feature2 is set in identify_cpu() identcpu.c (for amd64, currently at line 1401) based on the result of the cpuid instruction that is executed by a call to do_cpuid(), which itself resides in sys/amd64/include/cpufunc.h. In other words, a single asm instruction is executed and the set bits from the result are printed. Based on some poking around in open source bits (tianocore, coreboot), it appears that AES-NI is something the BIOS can irreversibly disable-until-next-reset by twiddling bits in the appropriate MSR register. There is no code that does this in FreeBSD on purpose, so there would have to be a bug introduced in -CURRENT that somehow clobbers those MSR bits early on - a bug that was also not merged to 11-STABLE (since Slawa shows AESNI enabled on the same processor under 11-STABLE). I will also say that I have dealt with a manufacturer of Xeon hardware in Europe who will not provide a stock BIOS that allows you to enable AES-NI, out of concerns over violating export/import rules governing encryption technology. With that vendor, you have to pass an end-user verification and then they will make you a custom BIOS that gives you the option to enable AES-NI. It took quite some time working through the outer layers of their support organization to even determine that this was the underlying (bureaucratic) issue. Here is another data point: 11.0-RELEASE-p1 running on E5-1650 v3 with AESNI recognized as enabled. You could install that stock FreeBSD release and if it does not show AESNI as enabled on your system, you will clearly know it is not a FreeBSD problem without any question as to whether there is a bug in CURRENT or having to build and install the exact rev of 11-STABLE that Slawa is using. uname: FreeBSD ttest2 11.0-RELEASE-p1 FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu Sep 29 01:43:23 UTC 2016 root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 dmesg: CPU: Intel(R) Xeon(R) CPU E5-1650 v3 @ 3.50GHz (3500.08-MHz K8-class CPU) Origin="GenuineIntel" Id=0x306f2 Family=0x6 Model=0x3f Stepping=2 Features=0xbfebfbff Features2=0x7ffefbff -Patrick