Hello all,

I've been working on enabling passthrough for newer Nvidia cards and drivers (GTX 980 specifically) on Xen and I'd like to document my findings up to now and ask for assistance. I apologize if this is not the correct mailing list, but I thought xen-devel is more suitable since we are talking about code changes in Xen anyway.

Problem with Nvidia GPUs has been (for two years now) that drivers detect it being running inside a VM and refuse to work (Code 43 error) if the card is not a Quadro or other high-end non-consumer grade GPU (though few other things could cause Code 43 or BSOD also). Now, since KVM has supported Nvidia GPU passthrough for quite a while (and I've personally succeeded in passing through GTX 980 using KVM on both Win 7 and Win 8.1 VM's), I decided to port those few patches from KVM to Xen.

------------------


#### Patch #1: Spoof Xen and Hypervisor signatures:

KVM has for a while supported hiding both the "KVMKVMKVMKVM" signature (with "-cpu kvm=off" flag) as well as the Viridian hypervisor signature ("-cpu hv_vendor_id="..." flag). Currently there's no such functionality in Xen, so I patched it in quite similar way to what Alex Willimson did for KVM.

Attached is a patch for Xen 4.6.1 that spoofs Xen signature ("XenVMMXenVMM" to "ZenZenZenZen") and Viridian signature ("Microsoft Hv" to "Wetware Labs") when "spoof_xen=1" and "spoof_viridian=1" are added to VM configuration file.

The signatures are currently hard-coded, and currently there's no way to modify them (beyond re-compiling Xen), since HVMLoader also uses a hard-coded string to detect Xen and there's no API (understandably) to change that signature in real-time.

This works with qemu-xen-traditional without any additional changes, but qemu-xen requires that SeaBIOS is patched as well: https://github.com/WetwareLabs/seabios/commit/ec102d72fc1d7b2e6c8e9607266dc9bd4a42bce0

With spoofing on, it was possible to use official binary drivers from NVidia (tested version 367.27) on Arch Linux VM (without spoofing the driver would fail with a error message such as "The NVIDIA GPU at PCI:0:5:0 is not supported by the 367.27 NVIDIA driver". However this was not enough on Windows VM's, as the Code 43 would occur regardless of spoofing.


#### Patch #2: Disable NoSnoop.

Background information and the related patch for KVM is here: https://patchwork.kernel.org/patch/3019371/

The fix was quite simple for Xen: Just modify the initial PCIe DEVCTL capabilities to disable NoSnoop, and make the capability read-only. Double-checking with Linux VM, I can see that NoSnoop is disabled for all devices (with lspci -vvv), but this would not prevent Code 43 on Windows VM.

##### Patch #3: Set CPUID to Core2duo

There have been few reports where forcing CPUID to Core2duo on KVM (-cpu core2duo) would help alleviate Code 43 problems (and also increase compatibility with Windows 10 VMs), so I copied all CPUID registers from proven-to-be-working KVM configuration using libcpuid (https://github.com/anrieff/libcpuid) and applied them to Xen VM. LibXL is also patched (attached file) to allow hexadecimal input of CPUID (to make it easier to convert CPUID output from libcpuid).

cpuid = [
         '0:eax=0000000a,ebx=756e6547,ecx=6c65746e,edx=49656e69',
         '1:eax=000006fb,ebx=00000800,ecx=80202201,edx=0f8bfbff',
         '2:eax=00000001,ebx=00000000,ecx=00000000,edx=002c307d',
         '3:eax=00000000,ebx=00000000,ecx=00000000,edx=00000000',
         '4,0:eax=00000121,ebx=01c0003f,ecx=0000003f,edx=00000001',
         '4,1:eax=00000122,ebx=01c0003f,ecx=0000003f,edx=00000001',
         '4,2:eax=00000000,ebx=00000000,ecx=00000000,edx=00000000',
         '4,3:eax=00000000,ebx=00000000,ecx=00000000,edx=00000000',
         '5:eax=00000000,ebx=00000000,ecx=00000000,edx=00000000',
         '6:eax=00000000,ebx=00000000,ecx=00000000,edx=00000000',
       '7,0:eax=00000000,ebx=00000000,ecx=00000000,edx=00000000',
'0x80000000:eax=80000008,ebx=756e6547,ecx=6c65746e,edx=49656e69', '0x80000001:eax=000006fb,ebx=00000000,ecx=00000001,edx=20100800', '0x80000002:eax=65746e49,ebx=2952286c,ecx=726f4320,edx=4d542865', '0x80000003:eax=44203229,ebx=43206f75,ecx=20205550,edx=54202020', '0x80000004:eax=30303737,ebx=20402020,ecx=30342e32,edx=007a4847', '0x80000005:eax=01ff01ff,ebx=01ff01ff,ecx=40020140,edx=40020140', '0x80000006:eax=00000000,ebx=42004200,ecx=02008140,edx=00000000', '0x80000007:eax=00000000,ebx=00000000,ecx=00000000,edx=00000000',
        '0x80000008:eax=00003028,ebx=00000000,ecx=00000000,edx=00000000'
        ]

This makes the /proc/cpuinfo almost identical between KVM and Xen VMs running Linux. Only exceptions are flags "rep_good" (which is missing under Xen) and "eager_fpu" and "xsaveopt" (not seen under KVM), but as these are not explicitly set by CPUID but are Linux-specific flags, they shouldn't (?) matter on Windows VMs.

------------------

Anyway, even applying all of these patches would not alleviate Code 43. To be more specific, all NVidia drivers up to 364.72 would BSOD on boot (SYSTEM_SERVICE_EXCEPTION), and newer drivers (368.22+) would cause Code 43. This happens on both Windows 7 Pro and 8.1 VMs. Result on qemu-xen and -traditional is identical. Dom0 is Qubes 3.1 (Linux 4.1.24), Xen 4.6.1. Hardware: Intel i7-5820K, Asrock X99 WS motherboard, 32GB Corsair mem, EVGA GTX980.

I would love if some of you could try these patches with both newer and older NVidia cards. Also any suggestions, ideas and further patches would be greatly appreciated! :)

Thanks!

Best regards,
Marcus



diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/tools/libxl/libxl_cpuid.c xen-4.6.1-new/tools/libxl/libxl_cpuid.c
--- xen-4.6.1/tools/libxl/libxl_cpuid.c	2016-02-09 16:44:19.000000000 +0200
+++ xen-4.6.1-new/tools/libxl/libxl_cpuid.c	2016-07-10 12:09:36.092000000 +0300
@@ -318,12 +318,31 @@
         if (endptr == NULL) {
             endptr = strchr(str, 0);
         }
-        if (endptr - str != 32) {
-            return 5;
-        }
+
         entry->policy[value] = calloc(32 + 1, 1);
-        strncpy(entry->policy[value], str, 32);
+        switch (endptr - str) {
+        	case 32: {
+                strncpy(entry->policy[value], str, 32);
+        		}
+        	break;
+        	case 8: {
+        		uint32_t cpuid_hex = strtoul(str,&endptr,16);
+        		if ( str +8 != endptr )
+        			return 6;
+        		for (int i=0;i<32;i++) {
+        			if ( cpuid_hex & (1<<i) )
+        				entry->policy[value][31-i]='1';
+        			else
+        				entry->policy[value][31-i]='0';
+        		}
+				entry->policy[value][32]=0;
+        		}
+        	break;
+        	default:
+        		return 5;
+        }
         entry->policy[value][32] = 0;
+
         if (*endptr == 0) {
             break;
         }
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/tools/libxl/xl_cmdimpl.c xen-4.6.1-new/tools/libxl/xl_cmdimpl.c
--- xen-4.6.1/tools/libxl/xl_cmdimpl.c	2016-07-11 23:45:45.046000000 +0300
+++ xen-4.6.1-new/tools/libxl/xl_cmdimpl.c	2016-07-10 12:07:55.564000000 +0300
@@ -2095,7 +2095,10 @@
                     errstr = "invalid register name (must be e[abcd]x)";
                     break;
                 case 5:
-                    errstr = "policy string must be exactly 32 characters long";
+                    errstr = "policy string must be exactly 32 (binary) or 8 (hex) characters long";
+                    break;
+                case 6:
+                    errstr = "error decoding policy string";
                     break;
                 default:
                     errstr = "unknown error";

diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/tools/firmware/hvmloader/hvmloader.c xen-4.6.1-new/tools/firmware/hvmloader/hvmloader.c
--- xen-4.6.1/tools/firmware/hvmloader/hvmloader.c	2016-02-09 16:44:19.000000000 +0200
+++ xen-4.6.1-new/tools/firmware/hvmloader/hvmloader.c	2016-07-04 23:31:32.815000000 +0300
@@ -127,9 +127,11 @@
 
         if ( !strcmp("XenVMMXenVMM", signature) )
             break;
+        if ( !strcmp("ZenZenZenZen", signature) )
+            break;
     }
 
-    BUG_ON(strcmp("XenVMMXenVMM", signature) || ((eax - base) < 2));
+    BUG_ON( (strcmp("XenVMMXenVMM", signature) && strcmp("ZenZenZenZen", signature) ) || ((eax - base) < 2));
 
     /* Fill in hypercall transfer pages. */
     cpuid(base + 2, &eax, &ebx, &ecx, &edx);
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/tools/libxl/libxl_create.c xen-4.6.1-new/tools/libxl/libxl_create.c
--- xen-4.6.1/tools/libxl/libxl_create.c	2016-07-09 16:47:05.181000000 +0300
+++ xen-4.6.1-new/tools/libxl/libxl_create.c	2016-07-04 23:49:54.802000000 +0300
@@ -284,6 +284,8 @@
         libxl_defbool_setdefault(&b_info->u.hvm.acpi_s4,            true);
         libxl_defbool_setdefault(&b_info->u.hvm.nx,                 true);
         libxl_defbool_setdefault(&b_info->u.hvm.viridian,           false);
+        libxl_defbool_setdefault(&b_info->u.hvm.spoof_viridian,     false);
+        libxl_defbool_setdefault(&b_info->u.hvm.spoof_xen,          false);
         libxl_defbool_setdefault(&b_info->u.hvm.hpet,               true);
         libxl_defbool_setdefault(&b_info->u.hvm.vpt_align,          true);
         libxl_defbool_setdefault(&b_info->u.hvm.nested_hvm,         false);
@@ -1263,6 +1265,11 @@
         libxl__device_console_add(gc, domid, &console, state, &device);
         libxl__device_console_dispose(&console);
 
+        LOG(DEBUG, "Checking spoofing for guest (domid %d): xen %d, vir %d", domid,
+    					 libxl_defbool_val(d_config->b_info.u.hvm.spoof_xen),
+    					 libxl_defbool_val(d_config->b_info.u.hvm.spoof_viridian)
+                         );
+
         dcs->dmss.dm.guest_domid = domid;
         if (libxl_defbool_val(d_config->b_info.device_model_stubdomain))
             libxl__spawn_stub_dm(egc, &dcs->dmss);
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/tools/libxl/libxl_dom.c xen-4.6.1-new/tools/libxl/libxl_dom.c
--- xen-4.6.1/tools/libxl/libxl_dom.c	2016-07-09 16:47:05.212000000 +0300
+++ xen-4.6.1-new/tools/libxl/libxl_dom.c	2016-07-04 23:31:32.819000000 +0300
@@ -287,6 +287,10 @@
                     libxl_defbool_val(info->u.hvm.nested_hvm));
     xc_hvm_param_set(handle, domid, HVM_PARAM_ALTP2M,
                     libxl_defbool_val(info->u.hvm.altp2m));
+    xc_hvm_param_set(handle, domid, HVM_PARAM_SPOOF_XEN,
+                    libxl_defbool_val(info->u.hvm.spoof_xen));
+    xc_hvm_param_set(handle, domid, HVM_PARAM_SPOOF_VIRIDIAN,
+                    libxl_defbool_val(info->u.hvm.spoof_viridian));
 }
 
 int libxl__build_pre(libxl__gc *gc, uint32_t domid,
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/tools/libxl/libxl_types.idl xen-4.6.1-new/tools/libxl/libxl_types.idl
--- xen-4.6.1/tools/libxl/libxl_types.idl	2016-02-09 16:44:19.000000000 +0200
+++ xen-4.6.1-new/tools/libxl/libxl_types.idl	2016-07-09 16:31:16.181000000 +0300
@@ -468,6 +468,8 @@
                                        ("viridian",         libxl_defbool),
                                        ("viridian_enable",  libxl_bitmap),
                                        ("viridian_disable", libxl_bitmap),
+                                       ("spoof_viridian",   libxl_defbool),
+                                       ("spoof_xen",        libxl_defbool),
                                        ("timeoffset",       string),
                                        ("hpet",             libxl_defbool),
                                        ("vpt_align",        libxl_defbool),
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/tools/libxl/xl_cmdimpl.c xen-4.6.1-new/tools/libxl/xl_cmdimpl.c
--- xen-4.6.1/tools/libxl/xl_cmdimpl.c	2016-07-09 16:47:05.027000000 +0300
+++ xen-4.6.1-new/tools/libxl/xl_cmdimpl.c	2016-07-04 23:32:38.046000000 +0300
@@ -1507,6 +1507,10 @@
         xlu_cfg_get_defbool(config, "hpet", &b_info->u.hvm.hpet, 0);
         xlu_cfg_get_defbool(config, "vpt_align", &b_info->u.hvm.vpt_align, 0);
 
+        xlu_cfg_get_defbool(config, "spoof_xen", &b_info->u.hvm.spoof_xen, 0);
+        xlu_cfg_get_defbool(config, "spoof_viridian", &b_info->u.hvm.spoof_viridian, 0);
+
+
         switch (xlu_cfg_get_list(config, "viridian",
                                  &viridian, &num_viridian, 1))
         {
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/tools/misc/xen-detect.c xen-4.6.1-new/tools/misc/xen-detect.c
--- xen-4.6.1/tools/misc/xen-detect.c	2016-02-09 16:44:19.000000000 +0200
+++ xen-4.6.1-new/tools/misc/xen-detect.c	2016-07-04 23:31:32.809000000 +0300
@@ -69,6 +69,8 @@
 
         if ( !strcmp("XenVMMXenVMM", signature) && (regs[0] >= (base + 2)) )
             goto found;
+        if ( !strcmp("ZenZenZenZen", signature) && (regs[0] >= (base + 2)) )
+            goto found;
     }
 
     return 0;
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/xen/arch/x86/hvm/hvm.c xen-4.6.1-new/xen/arch/x86/hvm/hvm.c
--- xen-4.6.1/xen/arch/x86/hvm/hvm.c	2016-02-09 16:44:19.000000000 +0200
+++ xen-4.6.1-new/xen/arch/x86/hvm/hvm.c	2016-07-09 16:33:35.429000000 +0300
@@ -6047,6 +6050,14 @@
     case HVM_PARAM_IOREQ_SERVER_PFN:
         d->arch.hvm_domain.ioreq_gmfn.base = a.value;
         break;
+    case HVM_PARAM_SPOOF_XEN:
+        printk("spoof_xen %" PRId64 " - curr dom %d, dom %d\n", a.value, curr_d->domain_id, d->domain_id);
+        d->arch.hvm_domain.spoof_xen = a.value;
+        break;
+    case HVM_PARAM_SPOOF_VIRIDIAN:
+        printk("spoof_vir %" PRId64 " - curr dom %d, dom %d\n", a.value, curr_d->domain_id, d->domain_id);
+        d->arch.hvm_domain.spoof_viridian = a.value;
+        break;
     case HVM_PARAM_NR_IOREQ_SERVER_PAGES:
     {
         unsigned int i;
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/xen/arch/x86/hvm/viridian.c xen-4.6.1-new/xen/arch/x86/hvm/viridian.c
--- xen-4.6.1/xen/arch/x86/hvm/viridian.c	2016-02-09 16:44:19.000000000 +0200
+++ xen-4.6.1-new/xen/arch/x86/hvm/viridian.c	2016-07-09 16:39:34.327000000 +0300
@@ -72,9 +72,16 @@
     {
     case 0:
         *eax = 0x40000006; /* Maximum leaf */
-        *ebx = 0x7263694d; /* Magic numbers  */
-        *ecx = 0x666F736F;
-        *edx = 0x76482074;
+        if (!d->arch.hvm_domain.spoof_viridian) {  // "Microsoft Hv"
+        	*ebx = 0x7263694d; // rciM
+        	*ecx = 0x666F736F; // foso
+        	*edx = 0x76482074; // vH t
+        } else {
+            printk("wetware cpuid_viridian_leaves spoof_vir\n"); // "Wetware Labs"
+        	*ebx = 0x77746557; // wteW
+        	*ecx = 0x20657261; //  era
+        	*edx = 0x7362614C; // sbaL
+        }
         break;
     case 1:
         *eax = 0x31237648; /* Version number */
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/xen/arch/x86/traps.c xen-4.6.1-new/xen/arch/x86/traps.c
--- xen-4.6.1/xen/arch/x86/traps.c	2016-02-09 16:44:19.000000000 +0200
+++ xen-4.6.1-new/xen/arch/x86/traps.c	2016-07-04 23:31:32.653000000 +0300
@@ -779,9 +781,18 @@
     {
     case 0:
         *eax = base + limit; /* Largest leaf */
-        *ebx = XEN_CPUID_SIGNATURE_EBX;
-        *ecx = XEN_CPUID_SIGNATURE_ECX;
-        *edx = XEN_CPUID_SIGNATURE_EDX;
+        if (!currd->arch.hvm_domain.spoof_xen ) {
+            printk("cpuid_hypervisor_leaves - real id. domid %d\n",currd->domain_id);
+        	*ebx = XEN_CPUID_SIGNATURE_EBX;
+        	*ecx = XEN_CPUID_SIGNATURE_ECX;
+        	*edx = XEN_CPUID_SIGNATURE_EDX;
+        } else
+        {
+            printk("cpuid_hypervisor_leaves - spoofed id. domid %d\n",currd->domain_id);
+        	*ebx = ZEN_CPUID_SIGNATURE_EBX;
+        	*ecx = ZEN_CPUID_SIGNATURE_ECX;
+        	*edx = ZEN_CPUID_SIGNATURE_EDX;
+        }
         break;
 
     case 1:
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/xen/include/asm-x86/hvm/domain.h xen-4.6.1-new/xen/include/asm-x86/hvm/domain.h
--- xen-4.6.1/xen/include/asm-x86/hvm/domain.h	2016-02-09 16:44:19.000000000 +0200
+++ xen-4.6.1-new/xen/include/asm-x86/hvm/domain.h	2016-07-04 23:31:32.667000000 +0300
@@ -130,6 +130,9 @@
     struct list_head       msixtbl_list;
     spinlock_t             msixtbl_list_lock;
 
+    bool_t                 spoof_xen;
+    bool_t                 spoof_viridian;
+
     struct viridian_domain viridian;
 
     bool_t                 hap_enabled;
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/xen/include/public/arch-x86/cpuid.h xen-4.6.1-new/xen/include/public/arch-x86/cpuid.h
--- xen-4.6.1/xen/include/public/arch-x86/cpuid.h	2016-02-09 16:44:19.000000000 +0200
+++ xen-4.6.1-new/xen/include/public/arch-x86/cpuid.h	2016-07-09 16:45:16.126000000 +0300
@@ -53,6 +53,10 @@
 #define XEN_CPUID_SIGNATURE_ECX 0x65584d4d /* "MMXe" */
 #define XEN_CPUID_SIGNATURE_EDX 0x4d4d566e /* "nVMM" */
 
+#define ZEN_CPUID_SIGNATURE_EBX 0x5A6e655A /* "ZenZ" */
+#define ZEN_CPUID_SIGNATURE_ECX 0x655A6e65 /* "enZe" */
+#define ZEN_CPUID_SIGNATURE_EDX 0x6e655A6e /* "nZen" */
+
 /*
  * Leaf 2 (0x40000x01)
  * EAX[31:16]: Xen major version.
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/xen/include/public/hvm/params.h xen-4.6.1-new/xen/include/public/hvm/params.h
--- xen-4.6.1/xen/include/public/hvm/params.h	2016-02-09 16:44:19.000000000 +0200
+++ xen-4.6.1-new/xen/include/public/hvm/params.h	2016-07-04 23:31:32.672000000 +0300
@@ -192,6 +192,11 @@
 /* Boolean: Enable altp2m */
 #define HVM_PARAM_ALTP2M       35
 
-#define HVM_NR_PARAMS          36
+#define HVM_PARAM_SPOOF_XEN    36
+
+#define HVM_PARAM_SPOOF_VIRIDIAN    37
+
+#define HVM_NR_PARAMS          38
+
 
 #endif /* __XEN_PUBLIC_HVM_PARAMS_H__ */

diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/tools/qemu-xen/hw/xen/xen_pt_config_init.c xen-4.6.1-new/tools/qemu-xen/hw/xen/xen_pt_config_init.c
--- xen-4.6.1/tools/qemu-xen/hw/xen/xen_pt_config_init.c	2016-01-06 18:42:43.000000000 +0200
+++ xen-4.6.1-new/tools/qemu-xen/hw/xen/xen_pt_config_init.c	2016-07-12 21:22:40.331000000 +0300
@@ -896,8 +896,8 @@
     {
         .offset     = PCI_EXP_DEVCTL,
         .size       = 2,
-        .init_val   = 0x2810,
-        .ro_mask    = 0x8400,
+        .init_val   = 0x2010,
+        .ro_mask    = 0x8C00,
         .emu_mask   = 0xFFFF,
         .init       = xen_pt_common_reg_init,
         .u.w.read   = xen_pt_word_reg_read,
diff -ur -x .cproject -x .project -x '*.swp' xen-4.6.1/tools/qemu-xen-traditional/hw/pass-through.c xen-4.6.1-new/tools/qemu-xen-traditional/hw/pass-through.c
--- xen-4.6.1/tools/qemu-xen-traditional/hw/pass-through.c	2016-01-04 17:35:42.000000000 +0200
+++ xen-4.6.1-new/tools/qemu-xen-traditional/hw/pass-through.c	2016-07-11 23:45:34.317000000 +0300
@@ -601,8 +601,8 @@
     {
         .offset     = PCI_EXP_DEVCTL,
         .size       = 2,
-        .init_val   = 0x2810,
-        .ro_mask    = 0x8400,
+        .init_val   = 0x2010,
+        .ro_mask    = 0x8C00,
         .emu_mask   = 0xFFFF,
         .init       = pt_common_reg_init,
         .u.w.read   = pt_word_reg_read,
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Reply via email to