diff --git a/SOURCES/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch b/SOURCES/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch new file mode 100644 index 0000000..876eeaa --- /dev/null +++ b/SOURCES/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch @@ -0,0 +1,47 @@ +From 4a770a9b67b67e1254f42ca00c077f9263be7f4c Mon Sep 17 00:00:00 2001 +From: Oliver Steffen +Date: Mon, 4 Nov 2024 19:00:11 +0100 +Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng + +RH-Author: Oliver Steffen +RH-MergeRequest: 83: OvmfPkg: Rerun dispatcher after initializing virtio-rng +RH-Jira: RHEL-64642 +RH-Acked-by: Gerd Hoffmann +RH-Commit: [1/1] 90757b4268b841637cbd08ac94f0febe9cfdffa5 (osteffen/edk2) + +Upstream PR: https://github.com/tianocore/edk2/pull/6403 + +Since the pixiefail CVE fix the network stack requires a hardware +random number generator. This can currently be a modern CPU supporting +the RDRAND instruction or a virtio-rng device. +The latter is initialized during the BDS phase. +To ensure all depending (network) modules are also started, we need to +run the dispatcher once more after the device was initialized. +Without this, network boot is not available under certain hardware +configurations. + +Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237") + +Analysed-by: Stefano Garzarella +Suggested-by: Gerd Hoffmann +Signed-off-by: Oliver Steffen +--- + OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +index 87d1ac3142..1f1298eb0b 100644 +--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c ++++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +@@ -675,6 +675,8 @@ ConnectVirtioPciRng ( + if (EFI_ERROR (Status)) { + goto Error; + } ++ ++ gDS->Dispatch (); + } + + return EFI_SUCCESS; +-- +2.39.3 + diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec index 5b92d27..079e6c4 100644 --- a/SPECS/edk2.spec +++ b/SPECS/edk2.spec @@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64 Name: edk2 Version: %{GITDATE} -Release: 11%{?dist} +Release: 12%{?dist} Summary: UEFI firmware for 64-bit virtual machines License: BSD-2-Clause-Patent and Apache-2.0 and MIT URL: http://www.tianocore.org @@ -111,6 +111,8 @@ Patch47: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch Patch48: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch # For RHEL-66234 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-10] Patch49: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch +# For RHEL-64642 - [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-10] +Patch50: edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch # python3-devel and libuuid-devel are required for building tools. # python3-devel is also needed for varstore template generation and @@ -445,6 +447,11 @@ install -m 0644 \ %changelog +* Tue Nov 26 2024 Miroslav Rezanina - 20240524-12 +- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-64642] +- Resolves: RHEL-64642 + ([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-10]) + * Mon Nov 11 2024 Miroslav Rezanina - 20240524-11 - edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66234] - edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66234]