Compare commits

..

No commits in common. 'c9' and 'i9c-beta' have entirely different histories.
c9 ... i9c-beta

@ -1,3 +1,2 @@
de143fc38b339d982079517b6f01bcec5246cf5e SOURCES/DBXUpdate-20230509.x64.bin
6da44cf37c27ab03f2940769c58515b07271e047 SOURCES/edk2-3e722403cd.tar.xz
0a9cfae889c6436333fab963250b069058eec6cf SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz
703fd1d0fad7fc0d2e815a6e293e5d53e4c62bf6 SOURCES/openssl-rhel-8e5beb77088bfec064d60506b1e76ddb0ac417fe.tar.xz
6da44cf37c27ab03f2940769c58515b07271e047 SOURCES/edk2-3e722403cd.tar.xz

3
.gitignore vendored

@ -1,3 +1,2 @@
SOURCES/DBXUpdate-20230509.x64.bin
SOURCES/openssl-rhel-8e5beb77088bfec064d60506b1e76ddb0ac417fe.tar.xz
SOURCES/edk2-3e722403cd.tar.xz
SOURCES/openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz

@ -1,50 +0,0 @@
From 10d25d4d502e419476c3846e0243bbf6be24d8e4 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 1 Oct 2024 18:40:41 -0400
Subject: [PATCH] MdePkg: Fix overflow issue in BasePeCoffLib
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 95: MdePkg: Fix overflow issue in BasePeCoffLib
RH-Jira: RHEL-60831
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] 2f345a9e5f277598a78edc1aab33c6acc96c6caa
JIRA: https://issues.redhat.com/browse/RHEL-60831
CVE: CVE-2024-38796
Upstream: Merged
commit c95233b8525ca6828921affd1496146cff262e65
Author: Doug Flick <dougflick@microsoft.com>
Date: Fri Sep 27 12:08:55 2024 -0700
MdePkg: Fix overflow issue in BasePeCoffLib
The RelocDir->Size is a UINT32 value, and RelocDir->VirtualAddress is
also a UINT32 value. The current code does not check for overflow when
adding RelocDir->Size to RelocDir->VirtualAddress. This patch adds a
check to ensure that the addition does not overflow.
Signed-off-by: Doug Flick <dougflick@microsoft.com>
Authored-by: sriraamx gobichettipalayam <sri..@intel.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
MdePkg/Library/BasePeCoffLib/BasePeCoff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
index 86ff2e769b..128090d98e 100644
--- a/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
+++ b/MdePkg/Library/BasePeCoffLib/BasePeCoff.c
@@ -1054,7 +1054,7 @@ PeCoffLoaderRelocateImage (
RelocDir = &Hdr.Te->DataDirectory[0];
}
- if ((RelocDir != NULL) && (RelocDir->Size > 0)) {
+ if ((RelocDir != NULL) && (RelocDir->Size > 0) && (RelocDir->Size - 1 < MAX_UINT32 - RelocDir->VirtualAddress)) {
RelocBase = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (ImageContext, RelocDir->VirtualAddress, TeStrippedOffset);
RelocBaseEnd = (EFI_IMAGE_BASE_RELOCATION *)PeCoffLoaderImageAddress (
ImageContext,
--
2.39.3

@ -1,350 +0,0 @@
From fb1162845ff2d0e5f7fc7bb890896a4a6bde2981 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Nov 2024 12:40:12 +0100
Subject: [PATCH 1/2] OvmfPkg: Add a Fallback RNG (RH only)
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 101: Add a Fallback RNG (RH only)
RH-Jira: RHEL-65735
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [1/2] d4aec962fd120ac2903b91403d87b86af944bd83
Since the pixiefail CVE fix, the network stack requires a random number
generator.
In case there is no hardware random number generator available,
have the Platform Boot Manager install a pseudo RNG to ensure
the network can be used.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
.../PlatformBootManagerLib/BdsPlatform.c | 7 +
.../PlatformBootManagerLib/FallbackRng.c | 222 ++++++++++++++++++
.../PlatformBootManagerLib/FallbackRng.h | 20 ++
.../PlatformBootManagerLib.inf | 5 +
4 files changed, 254 insertions(+)
create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
create mode 100644 OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index d9f61757cf..87d1ac3142 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -15,6 +15,8 @@
#include <Library/Tcg2PhysicalPresenceLib.h>
#include <Library/XenPlatformLib.h>
+#include "FallbackRng.h"
+
//
// Global data
//
@@ -539,6 +541,9 @@ PlatformBootManagerBeforeConsole (
ConnectVirtioPciRng,
NULL
);
+
+ FallbackRngCheckAndInstall ();
+
}
EFI_STATUS
@@ -1778,6 +1783,8 @@ PlatformBootManagerAfterConsole (
DEBUG ((DEBUG_INFO, "PlatformBootManagerAfterConsole\n"));
+ FallbackRngPrintWarning ();
+
if (PcdGetBool (PcdOvmfFlashVariablesEnable)) {
DEBUG ((
DEBUG_INFO,
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
new file mode 100644
index 0000000000..bba60e29d5
--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.c
@@ -0,0 +1,222 @@
+/** @file
+ Copyright (C) 2024, Red Hat, Inc.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiSpec.h>
+#include <Protocol/Rng.h>
+#include <Library/BaseMemoryLib.h>
+#include <Library/BaseLib.h>
+#include <Library/DebugLib.h>
+#include <Library/RngLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+#include <Library/UefiLib.h>
+#include <Library/PrintLib.h>
+#include <Library/DxeServicesTableLib.h>
+
+#include "FallbackRng.h"
+
+typedef struct {
+ EFI_RNG_PROTOCOL Rng;
+ EFI_HANDLE Handle;
+} FALLBACK_RNG_DEV;
+
+/**
+ Returns information about the random number generation implementation.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL
+ instance.
+ @param[in,out] RNGAlgorithmListSize On input, the size in bytes of
+ RNGAlgorithmList.
+ On output with a return code of
+ EFI_SUCCESS, the size in bytes of the
+ data returned in RNGAlgorithmList. On
+ output with a return code of
+ EFI_BUFFER_TOO_SMALL, the size of
+ RNGAlgorithmList required to obtain the
+ list.
+ @param[out] RNGAlgorithmList A caller-allocated memory buffer filled
+ by the driver with one EFI_RNG_ALGORITHM
+ element for each supported RNG algorithm.
+ The list must not change across multiple
+ calls to the same driver. The first
+ algorithm in the list is the default
+ algorithm for the driver.
+
+ @retval EFI_SUCCESS The RNG algorithm list was returned
+ successfully.
+ @retval EFI_UNSUPPORTED The services is not supported by this
+ driver.
+ @retval EFI_DEVICE_ERROR The list of algorithms could not be
+ retrieved due to a hardware or firmware
+ error.
+ @retval EFI_INVALID_PARAMETER One or more of the parameters are
+ incorrect.
+ @retval EFI_BUFFER_TOO_SMALL The buffer RNGAlgorithmList is too small
+ to hold the result.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+FallbackRngGetInfo (
+ IN EFI_RNG_PROTOCOL *This,
+ IN OUT UINTN *RNGAlgorithmListSize,
+ OUT EFI_RNG_ALGORITHM *RNGAlgorithmList
+ )
+{
+ if ((This == NULL) || (RNGAlgorithmListSize == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ if (*RNGAlgorithmListSize < sizeof (EFI_RNG_ALGORITHM)) {
+ *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM);
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ if (RNGAlgorithmList == NULL) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ *RNGAlgorithmListSize = sizeof (EFI_RNG_ALGORITHM);
+ CopyGuid (RNGAlgorithmList, &gEfiRngAlgorithmRaw);
+
+ return EFI_SUCCESS;
+}
+
+/**
+ Produces and returns an RNG value using either the default or specified RNG
+ algorithm.
+
+ @param[in] This A pointer to the EFI_RNG_PROTOCOL
+ instance.
+ @param[in] RNGAlgorithm A pointer to the EFI_RNG_ALGORITHM that
+ identifies the RNG algorithm to use. May
+ be NULL in which case the function will
+ use its default RNG algorithm.
+ @param[in] RNGValueLength The length in bytes of the memory buffer
+ pointed to by RNGValue. The driver shall
+ return exactly this numbers of bytes.
+ @param[out] RNGValue A caller-allocated memory buffer filled
+ by the driver with the resulting RNG
+ value.
+
+ @retval EFI_SUCCESS The RNG value was returned successfully.
+ @retval EFI_UNSUPPORTED The algorithm specified by RNGAlgorithm
+ is not supported by this driver.
+ @retval EFI_DEVICE_ERROR An RNG value could not be retrieved due
+ to a hardware or firmware error.
+ @retval EFI_NOT_READY There is not enough random data available
+ to satisfy the length requested by
+ RNGValueLength.
+ @retval EFI_INVALID_PARAMETER RNGValue is NULL or RNGValueLength is
+ zero.
+
+**/
+STATIC
+EFI_STATUS
+EFIAPI
+FallbackRngGetRNG (
+ IN EFI_RNG_PROTOCOL *This,
+ IN EFI_RNG_ALGORITHM *RNGAlgorithm OPTIONAL,
+ IN UINTN RNGValueLength,
+ OUT UINT8 *RNGValue
+ )
+{
+ UINT64 RandomData;
+ EFI_STATUS Status;
+ UINTN i;
+
+ if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) {
+ return EFI_INVALID_PARAMETER;
+ }
+
+ //
+ // We only support the raw algorithm, so reject requests for anything else
+ //
+ if ((RNGAlgorithm != NULL) &&
+ !CompareGuid (RNGAlgorithm, &gEfiRngAlgorithmRaw))
+ {
+ return EFI_UNSUPPORTED;
+ }
+
+ for (i = 0; i < RNGValueLength; ++i) {
+ if (i % 4 == 0) {
+ Status = GetRandomNumber64 (&RandomData);
+ if (EFI_ERROR (Status)) {
+ return Status;
+ }
+ }
+ }
+
+ return EFI_SUCCESS;
+}
+
+static FALLBACK_RNG_DEV Dev = {
+ .Rng.GetInfo = FallbackRngGetInfo,
+ .Rng.GetRNG = FallbackRngGetRNG,
+ .Handle = NULL,
+};
+
+EFI_STATUS
+FallbackRngCheckAndInstall (
+ )
+{
+ EFI_STATUS Status;
+ EFI_HANDLE *HandleBuffer = NULL;
+ UINTN HandleCount = 0;
+
+ if (Dev.Handle != NULL) {
+ DEBUG ((DEBUG_INFO, "Fallback RNG already installed.\n"));
+ return EFI_ALREADY_STARTED;
+ }
+
+ Status = gBS->LocateHandleBuffer (
+ ByProtocol,
+ &gEfiRngProtocolGuid,
+ NULL,
+ &HandleCount,
+ &HandleBuffer
+ );
+
+ gBS->FreePool (HandleBuffer);
+
+ if (Status == EFI_NOT_FOUND) {
+ HandleCount = 0;
+ } else if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Error locating RNG protocol instances: %r\n", Status));
+ return Status;
+ }
+
+ DEBUG ((DEBUG_INFO, "Found %u RNGs\n", HandleCount));
+
+ if (HandleCount == 0) {
+ // Install RNG
+ Status = gBS->InstallProtocolInterface (
+ &Dev.Handle,
+ &gEfiRngProtocolGuid,
+ EFI_NATIVE_INTERFACE,
+ &Dev.Rng
+ );
+ if (EFI_ERROR (Status)) {
+ DEBUG ((DEBUG_ERROR, "Failed to install fallback RNG: %r\n", Status));
+ return Status;
+ }
+
+ gDS->Dispatch ();
+ }
+
+ return EFI_SUCCESS;
+}
+
+VOID
+FallbackRngPrintWarning (
+ )
+{
+ if (Dev.Handle != NULL) {
+ Print (L"WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n");
+ DEBUG ((DEBUG_WARN, "WARNING: Pseudo Random Number Generator in use - Pixiefail CVE not mitigated!\n"));
+ gBS->Stall (2000000);
+ }
+}
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
new file mode 100644
index 0000000000..77332bc51c
--- /dev/null
+++ b/OvmfPkg/Library/PlatformBootManagerLib/FallbackRng.h
@@ -0,0 +1,20 @@
+/** @file
+ Copyright (C) 2024, Red Hat, Inc.
+ SPDX-License-Identifier: BSD-2-Clause-Patent
+**/
+
+#ifndef _FALLBACK_RNG_H_
+#define _FALLBACK_RNG_H_
+
+#include <Uefi/UefiBaseType.h>
+#include <Uefi/UefiSpec.h>
+
+EFI_STATUS
+FallbackRngCheckAndInstall (
+ );
+
+VOID
+FallbackRngPrintWarning (
+ );
+
+#endif
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
index c6ffc1ed9e..211716e30d 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLib/PlatformBootManagerLib.inf
@@ -25,6 +25,8 @@
PlatformData.c
QemuKernel.c
BdsPlatform.h
+ FallbackRng.c
+ FallbackRng.h
[Packages]
MdePkg/MdePkg.dec
@@ -56,6 +58,7 @@
PlatformBmPrintScLib
Tcg2PhysicalPresenceLib
XenPlatformLib
+ RngLib
[Pcd]
gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent
@@ -80,6 +83,7 @@
gEfiDxeSmmReadyToLockProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
gEfiLoadedImageProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
gEfiFirmwareVolume2ProtocolGuid # PROTOCOL SOMETIMES_CONSUMED
+ gEfiRngProtocolGuid # PROTOCOL SOMETIMES_PRODUCED
[Guids]
gEfiEndOfDxeEventGroupGuid
@@ -87,3 +91,4 @@
gRootBridgesConnectedEventGroupGuid
gUefiShellFileGuid
gGrubFileGuid
+ gEfiRngAlgorithmRaw
--
2.39.3

@ -1,101 +0,0 @@
From 194fa0cc8ba8c0c2b8ca4e478ce80f17e25812d9 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Thu, 7 Nov 2024 11:36:22 +0100
Subject: [PATCH 2/2] OvmfPkg/ArmVirtPkg: Add a Fallback RNG (RH only)
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 101: Add a Fallback RNG (RH only)
RH-Jira: RHEL-65735
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [2/2] 8bf84d42332ab54f6d1f768c8abe62485e7a12c9
Since the pixiefail CVE fix, the network stack requires a random number
generator.
In case there is no hardware random number generator available,
have the Platform Boot Manager install a pseudo RNG to ensure
the network can be used.
This patch adds the fallback RNG which was introduced in a
previous commit also to the ArmVirtPkg PlatformBootManagerLib.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c | 6 ++++++
.../PlatformBootManagerLibLight/PlatformBootManagerLib.inf | 5 +++++
2 files changed, 11 insertions(+)
diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
index 8e93f3cfed..8aa1e8e2df 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
+++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBm.c
@@ -30,6 +30,7 @@
#include <Guid/GlobalVariable.h>
#include <Guid/RootBridgesConnectedEventGroup.h>
#include <Guid/SerialPortLibVendor.h>
+#include "FallbackRng.h"
#include "PlatformBm.h"
@@ -1029,6 +1030,7 @@ PlatformBootManagerBeforeConsole (
//
FilterAndProcess (&gEfiGraphicsOutputProtocolGuid, NULL, AddOutput);
+
//
// Add the hardcoded short-form USB keyboard device path to ConIn.
//
@@ -1110,6 +1112,8 @@ PlatformBootManagerBeforeConsole (
//
FilterAndProcess (&gVirtioDeviceProtocolGuid, IsVirtioSerial, SetupVirtioSerial);
FilterAndProcess (&gEfiPciIoProtocolGuid, IsVirtioPciSerial, SetupVirtioSerial);
+
+ FallbackRngCheckAndInstall ();
}
/**
@@ -1175,6 +1179,8 @@ PlatformBootManagerAfterConsole (
RETURN_STATUS Status;
BOOLEAN Uninstall;
+ FallbackRngPrintWarning ();
+
//
// Show the splash screen.
//
diff --git a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
index 8e7cd5605f..4583c05ef4 100644
--- a/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
+++ b/OvmfPkg/Library/PlatformBootManagerLibLight/PlatformBootManagerLib.inf
@@ -27,6 +27,8 @@
PlatformBm.c
PlatformBm.h
QemuKernel.c
+ ../PlatformBootManagerLib/FallbackRng.h
+ ../PlatformBootManagerLib/FallbackRng.c
[Packages]
MdeModulePkg/MdeModulePkg.dec
@@ -53,6 +55,7 @@
UefiBootServicesTableLib
UefiLib
UefiRuntimeServicesTableLib
+ RngLib
[FixedPcd]
gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate
@@ -70,6 +73,7 @@
gEfiGlobalVariableGuid
gRootBridgesConnectedEventGroupGuid
gUefiShellFileGuid
+ gEfiRngAlgorithmRaw
[Protocols]
gEfiFirmwareVolume2ProtocolGuid
@@ -77,3 +81,4 @@
gEfiMemoryAttributeProtocolGuid
gEfiPciRootBridgeIoProtocolGuid
gVirtioDeviceProtocolGuid
+ gEfiRngProtocolGuid
--
2.39.3

@ -1,46 +0,0 @@
From 33ebaa6f0d476008ca6ba264657ac37faf63b723 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 29 Aug 2024 09:20:29 +0200
Subject: [PATCH 1/2] OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 74: OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Jira: RHEL-56974
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] e1fb3f4db68457ec9f59ca5db47606bf4c34e6c5 (kraxel.rh/centos-src-edk2)
Let APs wait until the BSP has completed the register updates to remove
the CPU. This makes sure all APs stay in SMM mode until the CPU
hot-unplug operation is complete, which in turn makes sure the ACPI lock
is released only after the CPU hot-unplug operation is complete.
Some background: The CPU hotplug SMI is triggered from an ACPI function
which is protected by an ACPI lock. The ACPI function is in the ACPI
tables generated by qemu.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
upstream: submitted (https://github.com/tianocore/edk2/pull/6138)
---
OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
index d504163026..5af78211d3 100644
--- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
@@ -355,6 +355,11 @@ EjectCpu (
//
QemuSelector = mCpuHotEjectData->QemuSelectorMap[ProcessorNum];
if (QemuSelector == CPU_EJECT_QEMU_SELECTOR_INVALID) {
+ /* wait until BSP is done */
+ while (mCpuHotEjectData->Handler != NULL) {
+ CpuPause ();
+ }
+
return;
}
--
2.39.3

@ -1,45 +0,0 @@
From 203d30bedd01e953a2f5962877c87da7a1d6fcc3 Mon Sep 17 00:00:00 2001
From: Oliver Steffen <osteffen@redhat.com>
Date: Mon, 4 Nov 2024 19:00:11 +0100
Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng
RH-Author: Oliver Steffen <osteffen@redhat.com>
RH-MergeRequest: 105: OvmfPkg: Rerun dispatcher after initializing virtio-rng
RH-Jira: RHEL-63094
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
RH-Commit: [1/1] 87d0a3f9392d3b7788193148ee74f6edfe719a3e
Since the pixiefail CVE fix the network stack requires a hardware
random number generator. This can currently be a modern CPU supporting
the RDRAND instruction or a virtio-rng device.
The latter is initialized during the BDS phase.
To ensure all depending (network) modules are also started, we need to
run the dispatcher once more after the device was initialized.
Without this, network boot is not available under certain hardware
configurations.
Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
Analysed-by: Stefano Garzarella <sgarzare@redhat.com>
Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
---
OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
index 87d1ac3142..1f1298eb0b 100644
--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
+++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c
@@ -675,6 +675,8 @@ ConnectVirtioPciRng (
if (EFI_ERROR (Status)) {
goto Error;
}
+
+ gDS->Dispatch ();
}
return EFI_SUCCESS;
--
2.45.1

@ -6,7 +6,7 @@ ExclusiveArch: x86_64 aarch64
%define TOOLCHAIN GCC
%define OPENSSL_VER 3.0.7
%define OPENSSL_HASH 0205b589887203b065154ddc8e8107c4ac8625a1
%define OPENSSL_HASH 8e5beb77088bfec064d60506b1e76ddb0ac417fe
%define DBXDATE 20230509
@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64
Name: edk2
Version: %{GITDATE}
Release: 6%{?dist}.3
Release: 5%{?dist}.inferit
Summary: UEFI firmware for 64-bit virtual machines
License: BSD-2-Clause-Patent and Apache-2.0 and MIT
URL: http://www.tianocore.org
@ -99,16 +99,6 @@ Patch41: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
Patch42: edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch
# For RHEL-45847 - [RHEL9.5] Hotplug vcpu to a guest cause guest kernel panic
Patch43: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch
# For RHEL-56974 - qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-9]
Patch44: edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch
# For RHEL-60831 - CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-9.5]
Patch45: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch
# For RHEL-65735 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.5.z]
Patch46: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch
# For RHEL-65735 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.5.z]
Patch47: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch
# For RHEL-63094 - [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-9.5]
Patch48: edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch
# python3-devel and libuuid-devel are required for building tools.
# python3-devel is also needed for varstore template generation and
@ -443,29 +433,8 @@ install -m 0644 \
%changelog
* Fri Nov 22 2024 Jon Maloy <jmaloy@redhat.com> - 20240524-6.el9_5.3
- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-63094]
- Resolves: RHEL-63094
([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-9.5])
* Mon Nov 11 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-6.el9_5.2
- edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-65735]
- edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-65735]
- Resolves: RHEL-65735
([Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-9.5.z])
* Wed Oct 16 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-6.el9_5.1
- edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch [RHEL-60831]
- Resolves: RHEL-60831
(CVE-2024-38796 edk2: Integer overflows in PeCoffLoaderRelocateImage [rhel-9.5])
* Fri Sep 13 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-6
- edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch [RHEL-56974]
- edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55336]
- Resolves: RHEL-56974
(qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-9])
- Resolves: RHEL-55336
(CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-9.5])
* Tue Nov 05 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 20240524-5.inferit
- Rebuilt. No changes
* Mon Sep 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-5
- edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch [RHEL-45847]
@ -669,6 +638,9 @@ install -m 0644 \
- Resolves: RHEL-377
(edk2: ship secure build variable store with latest dbx updates)
* Fri Apr 14 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 20230301gitf80f052277c8-2
- Rebuilt for MSVSphere 9.2 beta
* Wed Apr 05 2023 Miroslav Rezanina <mrezanin@redhat.com> - 20230301gitf80f052277c8-2
- edk2-build-script-update.patch [bz#2183230]
- edk2-PcdDxeNxMemoryProtectionPolicy-update.patch [bz#2183230]

Loading…
Cancel
Save