From 3c76f160839f42d8aa80006c710c162233b4b77e Mon Sep 17 00:00:00 2001 From: Jon Maloy Date: Fri, 29 Nov 2024 17:01:10 -0500 Subject: [PATCH] * Fri Nov 29 2024 Jon Maloy - 20220126gitbb1bba3d77-13.el8.6 - edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-66188] - Resolves: RHEL-66188 ([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-8.10]) --- ...spatcher-after-initializing-virtio-r.patch | 45 +++++++++++++++++++ edk2.spec | 9 +++- 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch diff --git a/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch b/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch new file mode 100644 index 0000000..37e62ae --- /dev/null +++ b/edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch @@ -0,0 +1,45 @@ +From a56ec52966412cd44dd2427ba569d1e7b89a6c6d Mon Sep 17 00:00:00 2001 +From: Oliver Steffen +Date: Mon, 4 Nov 2024 19:00:11 +0100 +Subject: [PATCH] OvmfPkg: Rerun dispatcher after initializing virtio-rng + +RH-Author: Oliver Steffen +RH-MergeRequest: 106: OvmfPkg: Rerun dispatcher after initializing virtio-rng +RH-Jira: RHEL-66188 +RH-Acked-by: Gerd Hoffmann +RH-Commit: [1/1] a62e445ae8e45d656aaa2ea5f1875541e658f1d8 + +Since the pixiefail CVE fix the network stack requires a hardware +random number generator. This can currently be a modern CPU supporting +the RDRAND instruction or a virtio-rng device. +The latter is initialized during the BDS phase. +To ensure all depending (network) modules are also started, we need to +run the dispatcher once more after the device was initialized. +Without this, network boot is not available under certain hardware +configurations. + +Fixes: 4c4ceb2ceb ("NetworkPkg: SECURITY PATCH CVE-2023-45237") + +Analysed-by: Stefano Garzarella +Suggested-by: Gerd Hoffmann +Signed-off-by: Oliver Steffen +--- + OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +index 70d648c7e3..eb97d67b62 100644 +--- a/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c ++++ b/OvmfPkg/Library/PlatformBootManagerLib/BdsPlatform.c +@@ -558,6 +558,8 @@ ConnectVirtioPciRng ( + if (EFI_ERROR (Status)) { + goto Error; + } ++ ++ gDS->Dispatch (); + } + return EFI_SUCCESS; + +-- +2.45.2 + diff --git a/edk2.spec b/edk2.spec index 7269935..d1262b2 100644 --- a/edk2.spec +++ b/edk2.spec @@ -7,7 +7,7 @@ ExclusiveArch: x86_64 aarch64 Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 13%{?dist}.5 +Release: 13%{?dist}.6 Summary: UEFI firmware for 64-bit virtual machines Group: Applications/Emulators License: BSD-2-Clause-Patent and OpenSSL and MIT @@ -392,6 +392,8 @@ Patch117: edk2-MdePkg-Fix-overflow-issue-in-BasePeCoffLib.patch Patch118: edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch # For RHEL-66236 - [Regression] HTTP Boot not working on old vCPU without virtio-rng device present [rhel-8.10] Patch119: edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch +# For RHEL-66188 - [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-8.10] +Patch120: edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch # python3-devel and libuuid-devel are required for building tools. @@ -838,6 +840,11 @@ true %endif %changelog +* Fri Nov 29 2024 Jon Maloy - 20220126gitbb1bba3d77-13.el8.6 +- edk2-OvmfPkg-Rerun-dispatcher-after-initializing-virtio-r.patch [RHEL-66188] +- Resolves: RHEL-66188 + ([Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-8.10]) + * Thu Nov 14 2024 Jon Maloy - 20220126gitbb1bba3d77-13.el8.5 - edk2-OvmfPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66236] - edk2-OvmfPkg-ArmVirtPkg-Add-a-Fallback-RNG-RH-only.patch [RHEL-66236]