VirtualBox

Ticket #9537 (new defect)

Opened 4 years ago

Last modified 4 months ago

AES-NI (AES New Instructions) from SandyBridge CPUs are not forwarded to Guest

Reported by: USBProb Owned by:
Priority: major Component: other
Version: VirtualBox 4.1.2 Keywords: AES-NI AES New Instructions
Cc: Guest type: Windows
Host type: Windows

Description (last modified by frank) (diff)

Problem is there  http://forums.virtualbox.org/viewtopic.php?f=7&t=42951 documentated. Host (Intel i5 2500K) shows in CPU-Z AES support, in Guest there is now AES-NI support. I think that can be solved with a (V-BOX)BIOS-Update, had a notebook with the same problem, BIOS update and then AES-NI worked. Perphaps these links help  http://communities.intel.com/thread/23583 and  http://forum.notebookreview.com/windows-os-software/582628-aes-ni-support-truecrypt-sandy-bridge-problem.html

Change History

comment:1 Changed 2 years ago by hnapel

This problem still exists on Virtualbox 4.2.8 , I'm using a guest OS that supports AES-NI (OEL5) but it's not passed to the guest, the following C program will tell you if AES instructions work:

$ cat aes.c
#include <stdio.h>
#define cpuid(level, a, b, c, d)                        \
        asm("xchg{l}\t{%%}ebx, %1\n\t"                  \
            "cpuid\n\t"                                 \
            "xchg{l}\t{%%}ebx, %1\n\t"                  \
            : "=a" (a), "=r" (b), "=c" (c), "=d" (d)    \
            : "0" (level))


int main (int argc, char **argv)
{
        unsigned int eax, ebx, ecx, edx;
        cpuid(1, eax, ebx, ecx, edx);
        if (ecx & (1<<25))
                printf("aes\n");
        else
                printf("no aes\n");
        return 0;
}

$ ls
aes.c
[oracle@oel5vmware c]$ make aes
cc     aes.c   -o aes
[oracle@oel5vmware c]$ ./aes
aes

This is on vmware 9 where it works, however on vbox it doesn't:

[oracle@oel64 ~]$ vi aes.c
[oracle@oel64 ~]$ make aes
cc     aes.c   -o aes
[oracle@oel64 ~]$ ./aes
no aes
[oracle@oel64 ~]$ uname -a
Linux oel64.fritz.box 2.6.32-300.32.1.el5uek #1 SMP Fri Jul 20 00:51:02 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux
[oracle@oel64 ~]$ 
Last edited 4 months ago by frank (previous) (diff)

comment:2 Changed 21 months ago by TrevorPH

Issue exists on linux hosts with 4.2.12 (have not tried 4.2.14 yet but nothing is listed in the Changelog).

Has anyone from Innotek/Sun/Oracle/Virtualbox even opened this bug?

comment:3 Changed 21 months ago by frank

  • Description modified (diff)

The bug is already open, so no need to open it again. In short term there will be no support for AES-NI instructions in VirtualBox. That might be different in medium term.

comment:4 Changed 4 months ago by Dekker

The functionality is still not present in 4.3.20 (with extensions).

My Host OS is Win7 Pro, my Guest is Ubuntu 14.10.

My CPU is i5 2520M ( http://ark.intel.com/products/52229/Intel-Core-i5-2520M-Processor-3M-Cache-up-to-3_20-GHz)

CPU flags in host show longer list than what is shown in the guest. I could not find any documentation on the VirtualBox website dealing with CPU capabilities.

comment:5 Changed 4 months ago by Dekker

From the Vbox.log. Note the bolded line. The host exhibits the capability, but the guestCPU does not see that capability:

00:00:08.804016 ************************* CPUID dump ************************
00:00:08.804023          RAW Standard CPUIDs
00:00:08.804023      Function  eax      ebx      ecx      edx
00:00:08.804024 Gst: 00000000  00000005 756e6547 6c65746e 49656e69
00:00:08.804025 Hst:           0000000d 756e6547 6c65746e 49656e69
00:00:08.804027 Gst: 00000001  000206a7 00020800 00000201 178bfbff
00:00:08.804028 Hst:           000206a7 02100800 1fbae3ff bfebfbff
00:00:08.804029 Gst: 00000002  76035a01 00f0b2ff 00000000 00ca0000
00:00:08.804031 Hst:           76035a01 00f0b2ff 00000000 00ca0000
00:00:08.804032 Gst: 00000003  00000000 00000000 00000000 00000000
00:00:08.804032 Hst:           00000000 00000000 00000000 00000000
00:00:08.804033 Gst: 00000004  04000000 00000000 00000000 00000000
00:00:08.804034 Hst:           1c004121 01c0003f 0000003f 00000000
00:00:08.804035 Gst: 00000005  00000000 00000000 00000000 00000000
00:00:08.804036 Hst:           00000040 00000040 00000003 00021120
00:00:08.804037 Hst: 00000006  00000077 00000002 00000009 00000000
00:00:08.804038 Hst: 00000007  00000000 00000000 00000000 00000000
00:00:08.804039 Hst: 00000008  00000000 00000000 00000000 00000000
00:00:08.804040 Hst: 00000009  00000000 00000000 00000000 00000000
00:00:08.804041 Hst: 0000000a  07300403 00000000 00000000 00000603
00:00:08.804042 Hst: 0000000b  00000001 00000002 00000100 00000002
00:00:08.804042 Hst: 0000000c  00000000 00000000 00000000 00000000
00:00:08.804043 Hst: 0000000d  00000007 00000340 00000340 00000000
00:00:08.804044 Name:                            GenuineIntel
00:00:08.804045 Supports:                        0-5
00:00:08.804046 Family:                          6  	Extended: 0 	Effective: 6
00:00:08.804047 Model:                           10  	Extended: 2 	Effective: 42
00:00:08.804047 Stepping:                        7
00:00:08.804048 Type:                            0 (primary)
00:00:08.804048 APIC ID:                         0x00
00:00:08.804049 Logical CPUs:                    2
00:00:08.804049 CLFLUSH Size:                    8
00:00:08.804050 Brand ID:                        0x00
00:00:08.804051 Mnemonic - Description                 = guest (host)
00:00:08.804051 FPU - x87 FPU on Chip                  = 1 (1)
00:00:08.804052 VME - Virtual 8086 Mode Enhancements   = 1 (1)
00:00:08.804052 DE - Debugging extensions              = 1 (1)
00:00:08.804053 PSE - Page Size Extension              = 1 (1)
00:00:08.804053 TSC - Time Stamp Counter               = 1 (1)
00:00:08.804054 MSR - Model Specific Registers         = 1 (1)
00:00:08.804054 PAE - Physical Address Extension       = 1 (1)
00:00:08.804055 MCE - Machine Check Exception          = 1 (1)
00:00:08.804055 CX8 - CMPXCHG8B instruction            = 1 (1)
00:00:08.804056 APIC - APIC On-Chip                    = 1 (1)
00:00:08.804057 10 - Reserved                          = 0 (0)
00:00:08.804057 SEP - SYSENTER and SYSEXIT             = 1 (1)
00:00:08.804058 MTRR - Memory Type Range Registers     = 1 (1)
00:00:08.804058 PGE - PTE Global Bit                   = 1 (1)
00:00:08.804060 MCA - Machine Check Architecture       = 1 (1)
00:00:08.804060 CMOV - Conditional Move Instructions   = 1 (1)
00:00:08.804061 PAT - Page Attribute Table             = 1 (1)
00:00:08.804061 PSE-36 - 36-bit Page Size Extention    = 1 (1)
00:00:08.804062 PSN - Processor Serial Number          = 0 (0)
00:00:08.804062 CLFSH - CLFLUSH Instruction.           = 1 (1)
00:00:08.804063 20 - Reserved                          = 0 (0)
00:00:08.804063 DS - Debug Store                       = 0 (1)
00:00:08.804064 ACPI - Thermal Mon. & Soft. Clock Ctrl.= 0 (1)
00:00:08.804064 MMX - Intel MMX Technology             = 1 (1)
00:00:08.804065 FXSR - FXSAVE and FXRSTOR Instructions = 1 (1)
00:00:08.804065 SSE - SSE Support                      = 1 (1)
00:00:08.804066 SSE2 - SSE2 Support                    = 1 (1)
00:00:08.804066 SS - Self Snoop                        = 0 (1)
00:00:08.804067 HTT - Hyper-Threading Technology       = 1 (1)
00:00:08.804067 TM - Thermal Monitor                   = 0 (1)
00:00:08.804068 30 - Reserved                          = 0 (0)
00:00:08.804069 PBE - Pending Break Enable             = 0 (1)
00:00:08.804069 Supports SSE3                          = 1 (1)
00:00:08.804070 PCLMULQDQ                              = 0 (1)
00:00:08.804070 DS Area 64-bit layout                  = 0 (1)
00:00:08.804071 Supports MONITOR/MWAIT                 = 0 (1)
00:00:08.804071 CPL-DS - CPL Qualified Debug Store     = 0 (1)
00:00:08.804072 VMX - Virtual Machine Technology       = 0 (1)
00:00:08.804072 SMX - Safer Mode Extensions            = 0 (1)
00:00:08.804073 Enhanced SpeedStep Technology          = 0 (1)
00:00:08.804073 Terminal Monitor 2                     = 0 (1)
00:00:08.804074 Supplemental SSE3 instructions         = 1 (1)
00:00:08.804074 L1 Context ID                          = 0 (0)
00:00:08.804075 11 - Reserved                          = 0 (0)
00:00:08.804075 FMA extensions using YMM state         = 0 (0)
00:00:08.804076 CMPXCHG16B instruction                 = 0 (1)
00:00:08.804076 xTPR Update Control                    = 0 (1)
00:00:08.804077 Perf/Debug Capability MSR              = 0 (1)
00:00:08.804077 16 - Reserved                          = 0 (0)
00:00:08.804078 PCID - Process-context identifiers     = 0 (1)
00:00:08.804078 DCA - Direct Cache Access              = 0 (0)
00:00:08.804079 SSE4.1 instruction extensions          = 0 (1)
00:00:08.804079 SSE4.2 instruction extensions          = 0 (1)
00:00:08.804081 Supports the x2APIC extensions         = 0 (1)
00:00:08.804082 MOVBE instruction                      = 0 (0)
00:00:08.804082 POPCNT instruction                     = 0 (1)
00:00:08.804083 TSC-Deadline LAPIC timer mode          = 0 (1)

00:00:08.804083 AESNI instruction extensions = 0 (1)

00:00:08.804084 XSAVE/XRSTOR extended state feature    = 0 (1)
00:00:08.804084 Supports OSXSAVE                       = 0 (1)
00:00:08.804085 AVX instruction extensions             = 0 (1)
00:00:08.804085 29/30 - Reserved                       = 0x0 (0x0)
00:00:08.804086 Hypervisor Present (we're a guest)     = 0 (0)

comment:6 Changed 4 months ago by frank

It's not just enabling the CPUID feature bit for the guest. The effort for supporting the new instruction set is much higher. Nevertheless work is already going on, but no ETA when this will be available, sorry.

comment:7 Changed 4 months ago by Dekker

Thx for the confirmation. I had looked, and found no reference to that or other instruction extensions in the VirtualBox documentation (other than a few SSE ones). Nice to get confirmation that it is a known challenge and not just an oversight. It'd be nice if the technical docs included instruction extensions and a yes/no to indicate confirmed, experimental, or no support.

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use