import edk2-20240524-12.el10

4 weeks ago · 622e636fa3
parent e54bcccc1f
commit 622e636fa3
2 changed files with 55 additions and 1 deletions
--- a/SOURCES/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
+++ b/SOURCES/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
@ -0,0 +1,47 @@
+From 4a770a9b67b67e1254f42ca00c077f9263be7f4c Mon Sep 17 00:00:00 2001
+From: Oliver Steffen <osteffen@redhat.com>
+Date: Mon, 4 Nov 2024 19:00:11 +0100
+Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng
+
+RH-Author: Oliver Steffen <osteffen@redhat.com>
+RH-MergeRequest: 83: OvmfPkg: Rerun dispatcher after initializing virtio-rng
+RH-Jira: RHEL-64642
+RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+RH-Commit: [1/1] 90757b4268b841637cbd08ac94f0febe9cfdffa5 (osteffen/edk2)
+
+Upstream PR: https://github.com/tianocore/edk2/pull/6403
+
+Since the pixiefail CVE fix the network stack requires a hardware
+random number generator. This can currently be a modern CPU supporting
+the RDRAND instruction or a virtio-rng device.
+The latter is initialized during the BDS phase.
+To ensure all depending (network) modules are also started, we need to
+run the dispatcher once more after the device was initialized.
+Without this, network boot is not available under certain hardware
+configurations.
+
+Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
+
+Analysed-by: Stefano Garzarella <sgarzare@redhat.com>
+Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
+Signed-off-by: Oliver Steffen <osteffen@redhat.com>
+---
+ OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+index 87d1ac3142..1f1298eb0b 100644
+--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+@@ -675,6 +675,8 @@ ConnectVirtioPciRng (
+     if (EFI_ERROR (Status)) {
+       goto Error;
+     }
+
+    gDS->Dispatch ();
+   }
+ 
+   return EFI_SUCCESS;
+-- 
+2.39.3
+
--- a/SPECS/edk2.spec
+++ b/SPECS/edk2.spec
@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64

 Name:       edk2
 Version:    %{GITDATE}
-Release:    11%{?dist}
+Release:    12%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and Apache-2.0 and MIT
 URL:        http://www.tianocore.org
@ -111,6 +111,8 @@ Patch47: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
 Patch48: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
 # For RHEL-66234 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-10]
 Patch49: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
+# For RHEL-64642 - [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-10]
+Patch50: edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch

 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
@ -445,6 +447,11 @@ install -m 0644 \


 %changelog
+* Tue Nov 26 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-12
+- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-64642]
+- Resolves: RHEL-64642
+  ([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-10])
+
 * Mon Nov 11 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-11
 - edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66234]
 - edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66234]