import edk2-20200602gitca407c7246bf-4.el8
This commit is contained in:
parent
0cc2846c54
commit
4318d0801e
@ -1,2 +1,2 @@
|
|||||||
3a531b4e8864ee52b1e128ac9742b3e9dcec49bf SOURCES/edk2-ca407c7246bf.tar.xz
|
3a531b4e8864ee52b1e128ac9742b3e9dcec49bf SOURCES/edk2-ca407c7246bf.tar.xz
|
||||||
cb385fc348395c187db3737e532de787ca2a17c9 SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
|
627633682f69c2c899fe6018d675faaf45e5bb33 SOURCES/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
|
||||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/edk2-ca407c7246bf.tar.xz
|
SOURCES/edk2-ca407c7246bf.tar.xz
|
||||||
SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
|
SOURCES/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
|
||||||
|
@ -0,0 +1,386 @@
|
|||||||
|
From e81751a1c303f5cd4bcae0ed1a38c60c38a0cf38 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Guomin Jiang <guomin.jiang@intel.com>
|
||||||
|
Date: Fri, 10 Jul 2020 09:47:31 +0800
|
||||||
|
Subject: [PATCH 4/5] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek (lersek)
|
||||||
|
RH-MergeRequest: 2: [RHEL-8.4.0] bump OpenSSL dist-git submodule to 1.1.1g
|
||||||
|
RH-Commit: [1/2] 36d4bc34a3b5c421819e94c58ff84fd779a93bae (lersek/edk2)
|
||||||
|
RH-Bugzilla: 1893806
|
||||||
|
|
||||||
|
--v-- RHEL8 notes --v--
|
||||||
|
|
||||||
|
- The "CryptoPkg/Library/OpensslLib/openssl" hunk, advancing upstream
|
||||||
|
edk2's OpenSSL submodule reference, has been stripped from this
|
||||||
|
backport. (Refer to downstream commit c5d729df70f8 ("remove upstream
|
||||||
|
edk2's openssl submodule (RH only)", 2020-06-05), as basis.) The
|
||||||
|
corresponding RHEL8 OpenSSL dist-git bump is implemented in a subsequent
|
||||||
|
patch in this series.
|
||||||
|
|
||||||
|
This cherry-pick and the RHEL8 OpenSSL dist-git submodule bump are kept
|
||||||
|
separate for easing the next rebase, even at the cost of introducing a
|
||||||
|
brief interval in the git history where the downstream exploded tree
|
||||||
|
does not build.
|
||||||
|
|
||||||
|
- Contextual difference in "OpensslLib.inf" due to downstream commit
|
||||||
|
56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
|
||||||
|
in the INFs (RH)", 2020-06-05); automatically resolved by
|
||||||
|
git-cherry-pick.
|
||||||
|
|
||||||
|
--^-- RHEL8 notes --^--
|
||||||
|
|
||||||
|
Upgrade openssl to 1.1.1g. the directory have been reorganized,
|
||||||
|
openssl moved crypto/include/internal to include/crypto folder.
|
||||||
|
So we change directory to match the re-organization.
|
||||||
|
|
||||||
|
The dso_conf.h and opensslconf.h will generated in UNIX format,
|
||||||
|
change process_files.pl to covent the EOL automatically.
|
||||||
|
|
||||||
|
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||||
|
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
|
||||||
|
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Tested-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||||
|
(cherry picked from commit 8c30327debb28c0b6cfa2106b736774e0b20daac)
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
---
|
||||||
|
CryptoPkg/CryptoPkg.dec | 1 -
|
||||||
|
.../Library/BaseCryptLib/Hash/CryptSm3.c | 2 +-
|
||||||
|
.../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 +-
|
||||||
|
.../Include/{internal => crypto}/dso_conf.h | 32 +++++-----
|
||||||
|
.../Library/Include/openssl/opensslconf.h | 3 -
|
||||||
|
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 58 +++++++++----------
|
||||||
|
.../Library/OpensslLib/OpensslLibCrypto.inf | 50 ++++++++--------
|
||||||
|
CryptoPkg/Library/OpensslLib/process_files.pl | 25 +++++---
|
||||||
|
CryptoPkg/Library/OpensslLib/rand_pool.c | 2 +-
|
||||||
|
9 files changed, 90 insertions(+), 87 deletions(-)
|
||||||
|
rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%)
|
||||||
|
|
||||||
|
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
|
||||||
|
index 4d1a1368a8..5888941bab 100644
|
||||||
|
--- a/CryptoPkg/CryptoPkg.dec
|
||||||
|
+++ b/CryptoPkg/CryptoPkg.dec
|
||||||
|
@@ -23,7 +23,6 @@
|
||||||
|
Private
|
||||||
|
Library/Include
|
||||||
|
Library/OpensslLib/openssl/include
|
||||||
|
- Library/OpensslLib/openssl/crypto/include
|
||||||
|
|
||||||
|
[LibraryClasses]
|
||||||
|
## @libraryclass Provides basic library functions for cryptographic primitives.
|
||||||
|
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
|
||||||
|
index eacf4826c4..235331c2a0 100644
|
||||||
|
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
|
||||||
|
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
|
||||||
|
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
**/
|
||||||
|
|
||||||
|
#include "InternalCryptLib.h"
|
||||||
|
-#include "internal/sm3.h"
|
||||||
|
+#include "crypto/sm3.h"
|
||||||
|
|
||||||
|
/**
|
||||||
|
Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.
|
||||||
|
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
|
||||||
|
index 229c244b26..c9fdb65b99 100644
|
||||||
|
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
|
||||||
|
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
|
||||||
|
@@ -15,13 +15,13 @@
|
||||||
|
#include <openssl/asn1.h>
|
||||||
|
#include <openssl/x509.h>
|
||||||
|
#include <openssl/bio.h>
|
||||||
|
-#include <internal/x509_int.h>
|
||||||
|
+#include <crypto/x509.h>
|
||||||
|
#include <openssl/pkcs7.h>
|
||||||
|
#include <openssl/bn.h>
|
||||||
|
#include <openssl/x509_vfy.h>
|
||||||
|
#include <openssl/pem.h>
|
||||||
|
#include <openssl/evp.h>
|
||||||
|
-#include <internal/asn1_int.h>
|
||||||
|
+#include <crypto/asn1.h>
|
||||||
|
|
||||||
|
/**
|
||||||
|
This function will return the leaf signer certificate in a chain. This is
|
||||||
|
diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h
|
||||||
|
similarity index 76%
|
||||||
|
rename from CryptoPkg/Library/Include/internal/dso_conf.h
|
||||||
|
rename to CryptoPkg/Library/Include/crypto/dso_conf.h
|
||||||
|
index 43c891588b..95f4db2b15 100644
|
||||||
|
--- a/CryptoPkg/Library/Include/internal/dso_conf.h
|
||||||
|
+++ b/CryptoPkg/Library/Include/crypto/dso_conf.h
|
||||||
|
@@ -1,16 +1,16 @@
|
||||||
|
-/* WARNING: do not edit! */
|
||||||
|
-/* Generated from crypto/include/internal/dso_conf.h.in */
|
||||||
|
-/*
|
||||||
|
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
- *
|
||||||
|
- * Licensed under the OpenSSL license (the "License"). You may not use
|
||||||
|
- * this file except in compliance with the License. You can obtain a copy
|
||||||
|
- * in the file LICENSE in the source distribution or at
|
||||||
|
- * https://www.openssl.org/source/license.html
|
||||||
|
- */
|
||||||
|
-
|
||||||
|
-#ifndef HEADER_DSO_CONF_H
|
||||||
|
-# define HEADER_DSO_CONF_H
|
||||||
|
-# define DSO_NONE
|
||||||
|
-# define DSO_EXTENSION ".so"
|
||||||
|
-#endif
|
||||||
|
+/* WARNING: do not edit! */
|
||||||
|
+/* Generated from include/crypto/dso_conf.h.in */
|
||||||
|
+/*
|
||||||
|
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ *
|
||||||
|
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||||
|
+ * this file except in compliance with the License. You can obtain a copy
|
||||||
|
+ * in the file LICENSE in the source distribution or at
|
||||||
|
+ * https://www.openssl.org/source/license.html
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#ifndef OSSL_CRYPTO_DSO_CONF_H
|
||||||
|
+# define OSSL_CRYPTO_DSO_CONF_H
|
||||||
|
+# define DSO_NONE
|
||||||
|
+# define DSO_EXTENSION ".so"
|
||||||
|
+#endif
|
||||||
|
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
|
||||||
|
index 62c2736cb0..3a2544ea5c 100644
|
||||||
|
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
|
||||||
|
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
|
||||||
|
@@ -247,9 +247,6 @@ extern "C" {
|
||||||
|
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
|
||||||
|
# define OPENSSL_NO_DYNAMIC_ENGINE
|
||||||
|
#endif
|
||||||
|
-#ifndef OPENSSL_NO_AFALGENG
|
||||||
|
-# define OPENSSL_NO_AFALGENG
|
||||||
|
-#endif
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||||
|
index 24e790b538..4c21b11d0a 100644
|
||||||
|
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||||
|
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||||
|
@@ -477,45 +477,45 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||||
|
$(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||||
|
$(OPENSSL_PATH)/crypto/vms_rms.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/aes/aes_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/async/async_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||||
|
$(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||||
|
$(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/bio/bio_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/bn/bn_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/comp/comp_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/conf/conf_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/dh/dh_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/dso/dso_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/evp/evp_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/md5/md5_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/modes/modes_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/objects/obj_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/rand/rand_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/sha/sha_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/store/store_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/store/store_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/ui/ui_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/x509/x509_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||||
|
$(OPENSSL_PATH)/ssl/bio_ssl.c
|
||||||
|
@@ -562,13 +562,13 @@
|
||||||
|
$(OPENSSL_PATH)/ssl/t1_trce.c
|
||||||
|
$(OPENSSL_PATH)/ssl/tls13_enc.c
|
||||||
|
$(OPENSSL_PATH)/ssl/tls_srp.c
|
||||||
|
- $(OPENSSL_PATH)/ssl/packet_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/ssl/packet_local.h
|
||||||
|
$(OPENSSL_PATH)/ssl/ssl_cert_table.h
|
||||||
|
- $(OPENSSL_PATH)/ssl/ssl_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/ssl/ssl_local.h
|
||||||
|
$(OPENSSL_PATH)/ssl/record/record.h
|
||||||
|
- $(OPENSSL_PATH)/ssl/record/record_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/ssl/record/record_local.h
|
||||||
|
$(OPENSSL_PATH)/ssl/statem/statem.h
|
||||||
|
- $(OPENSSL_PATH)/ssl/statem/statem_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/ssl/statem/statem_local.h
|
||||||
|
# Autogenerated files list ends here
|
||||||
|
# RHEL8-specific OpenSSL file list starts here
|
||||||
|
$(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
||||||
|
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||||
|
index 52e70a2d03..0c3b210d6a 100644
|
||||||
|
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||||
|
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||||
|
@@ -477,45 +477,45 @@
|
||||||
|
$(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||||
|
$(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||||
|
$(OPENSSL_PATH)/crypto/vms_rms.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/aes/aes_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||||
|
$(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/async/async_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||||
|
$(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||||
|
$(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/bio/bio_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/bn/bn_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||||
|
$(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/comp/comp_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/conf/conf_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/dh/dh_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/dso/dso_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/evp/evp_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/md5/md5_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/modes/modes_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/objects/obj_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/rand/rand_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/sha/sha_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/store/store_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/store/store_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/ui/ui_local.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/x509/x509_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||||
|
- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
|
||||||
|
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
||||||
|
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||||
|
# Autogenerated files list ends here
|
||||||
|
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||||
|
index 65d07a2aed..57ce195394 100755
|
||||||
|
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||||
|
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||||
|
@@ -111,8 +111,8 @@ BEGIN {
|
||||||
|
# Generate dso_conf.h per config data
|
||||||
|
system(
|
||||||
|
"perl -I. -Mconfigdata util/dofile.pl " .
|
||||||
|
- "crypto/include/internal/dso_conf.h.in " .
|
||||||
|
- "> include/internal/dso_conf.h"
|
||||||
|
+ "include/crypto/dso_conf.h.in " .
|
||||||
|
+ "> include/crypto/dso_conf.h"
|
||||||
|
) == 0 ||
|
||||||
|
die "Failed to generate dso_conf.h!\n";
|
||||||
|
|
||||||
|
@@ -263,14 +263,21 @@ print "Done!";
|
||||||
|
# Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
|
||||||
|
#
|
||||||
|
print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
|
||||||
|
-copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
|
||||||
|
- $OPENSSL_PATH . "/../../Include/openssl/") ||
|
||||||
|
- die "Cannot copy opensslconf.h!";
|
||||||
|
+system(
|
||||||
|
+ "perl -pe 's/\\n/\\r\\n/' " .
|
||||||
|
+ "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " .
|
||||||
|
+ "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h"
|
||||||
|
+ ) == 0 ||
|
||||||
|
+ die "Cannot copy opensslconf.h!";
|
||||||
|
print "Done!";
|
||||||
|
-print "\n--> Duplicating dso_conf.h into Include/internal ... ";
|
||||||
|
-copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
|
||||||
|
- $OPENSSL_PATH . "/../../Include/internal/") ||
|
||||||
|
- die "Cannot copy dso_conf.h!";
|
||||||
|
+
|
||||||
|
+print "\n--> Duplicating dso_conf.h into Include/crypto ... ";
|
||||||
|
+system(
|
||||||
|
+ "perl -pe 's/\\n/\\r\\n/' " .
|
||||||
|
+ "< " . $OPENSSL_PATH . "/include/crypto/dso_conf.h" .
|
||||||
|
+ "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h"
|
||||||
|
+ ) == 0 ||
|
||||||
|
+ die "Cannot copy dso_conf.h!";
|
||||||
|
print "Done!\n";
|
||||||
|
|
||||||
|
print "\nProcessing Files Done!\n";
|
||||||
|
diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c
|
||||||
|
index 9f3983f7c3..9e0179b034 100644
|
||||||
|
--- a/CryptoPkg/Library/OpensslLib/rand_pool.c
|
||||||
|
+++ b/CryptoPkg/Library/OpensslLib/rand_pool.c
|
||||||
|
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||||
|
|
||||||
|
**/
|
||||||
|
|
||||||
|
-#include "internal/rand_int.h"
|
||||||
|
+#include "crypto/rand.h"
|
||||||
|
#include <openssl/aes.h>
|
||||||
|
|
||||||
|
#include <Uefi.h>
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,120 @@
|
|||||||
|
From 08a95c3541cbe2b3a1c671fa683bd6214ad996f0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Thu, 27 Aug 2020 00:21:29 +0200
|
||||||
|
Subject: [PATCH 3/5] OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just after
|
||||||
|
SMI broadcast
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek (lersek)
|
||||||
|
RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature
|
||||||
|
RH-Commit: [3/3] 40521ea89725b8b0ff8ca3f0a610ff45431e610e (lersek/edk2)
|
||||||
|
RH-Bugzilla: 1849177
|
||||||
|
|
||||||
|
The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick
|
||||||
|
succession -- it means a series of "device_add" QEMU monitor commands,
|
||||||
|
back-to-back.
|
||||||
|
|
||||||
|
If a "device_add" occurs *just after* ACPI raises the broadcast SMI, then:
|
||||||
|
|
||||||
|
- the CPU_FOREACH() loop in QEMU's ich9_apm_ctrl_changed() cannot make the
|
||||||
|
SMI pending for the new CPU -- at that time, the new CPU doesn't even
|
||||||
|
exist yet,
|
||||||
|
|
||||||
|
- OVMF will find the new CPU however (in the CPU hotplug register block),
|
||||||
|
in QemuCpuhpCollectApicIds().
|
||||||
|
|
||||||
|
As a result, when the firmware sends an INIT-SIPI-SIPI to the new CPU in
|
||||||
|
SmbaseRelocate(), expecting it to boot into SMM (due to the pending SMI),
|
||||||
|
the new CPU instead boots straight into the post-RSM (normal mode) "pen",
|
||||||
|
skipping its initial SMI handler.
|
||||||
|
|
||||||
|
The CPU halts nicely in the pen, but its SMBASE is never relocated, and
|
||||||
|
the SMRAM message exchange with the BSP falls apart -- the BSP gets stuck
|
||||||
|
in the following loop:
|
||||||
|
|
||||||
|
//
|
||||||
|
// Wait until the hot-added CPU is just about to execute RSM.
|
||||||
|
//
|
||||||
|
while (Context->AboutToLeaveSmm == 0) {
|
||||||
|
CpuPause ();
|
||||||
|
}
|
||||||
|
|
||||||
|
because the new CPU's initial SMI handler never sets the flag to nonzero.
|
||||||
|
|
||||||
|
Fix this by sending a directed SMI to the new CPU just before sending it
|
||||||
|
the INIT-SIPI-SIPI. The various scenarios are documented in the code --
|
||||||
|
the cases affected by the patch are documented under point (2).
|
||||||
|
|
||||||
|
Note that this is not considered a security patch, as for a malicious
|
||||||
|
guest OS, the issue is not exploitable -- the symptom is a hang on the
|
||||||
|
BSP, in the above-noted loop in SmbaseRelocate(). Instead, the patch fixes
|
||||||
|
behavior for a benign guest OS.
|
||||||
|
|
||||||
|
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||||
|
Cc: Igor Mammedov <imammedo@redhat.com>
|
||||||
|
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||||
|
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Fixes: 51a6fb41181529e4b50ea13377425bda6bb69ba6
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200826222129.25798-3-lersek@redhat.com>
|
||||||
|
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||||
|
(cherry picked from commit cbccf995920a28071f5403b847f29ebf8b732fa9)
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
---
|
||||||
|
OvmfPkg/CpuHotplugSmm/Smbase.c | 35 ++++++++++++++++++++++++++++------
|
||||||
|
1 file changed, 29 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.c b/OvmfPkg/CpuHotplugSmm/Smbase.c
|
||||||
|
index 170571221d..d8f45c4313 100644
|
||||||
|
--- a/OvmfPkg/CpuHotplugSmm/Smbase.c
|
||||||
|
+++ b/OvmfPkg/CpuHotplugSmm/Smbase.c
|
||||||
|
@@ -220,14 +220,37 @@ SmbaseRelocate (
|
||||||
|
//
|
||||||
|
// Boot the hot-added CPU.
|
||||||
|
//
|
||||||
|
- // If the OS is benign, and so the hot-added CPU is still in RESET state,
|
||||||
|
- // then the broadcast SMI is still pending for it; it will now launch
|
||||||
|
- // directly into SMM.
|
||||||
|
+ // There are 2*2 cases to consider:
|
||||||
|
//
|
||||||
|
- // If the OS is malicious, the hot-added CPU has been booted already, and so
|
||||||
|
- // it is already spinning on the APIC ID gate. In that case, the
|
||||||
|
- // INIT-SIPI-SIPI below will be ignored.
|
||||||
|
+ // (1) The CPU was hot-added before the SMI was broadcast.
|
||||||
|
//
|
||||||
|
+ // (1.1) The OS is benign.
|
||||||
|
+ //
|
||||||
|
+ // The hot-added CPU is in RESET state, with the broadcast SMI pending
|
||||||
|
+ // for it. The directed SMI below will be ignored (it's idempotent),
|
||||||
|
+ // and the INIT-SIPI-SIPI will launch the CPU directly into SMM.
|
||||||
|
+ //
|
||||||
|
+ // (1.2) The OS is malicious.
|
||||||
|
+ //
|
||||||
|
+ // The hot-added CPU has been booted, by the OS. Thus, the hot-added
|
||||||
|
+ // CPU is spinning on the APIC ID gate. In that case, both the SMI and
|
||||||
|
+ // the INIT-SIPI-SIPI below will be ignored.
|
||||||
|
+ //
|
||||||
|
+ // (2) The CPU was hot-added after the SMI was broadcast.
|
||||||
|
+ //
|
||||||
|
+ // (2.1) The OS is benign.
|
||||||
|
+ //
|
||||||
|
+ // The hot-added CPU is in RESET state, with no SMI pending for it. The
|
||||||
|
+ // directed SMI will latch the SMI for the CPU. Then the INIT-SIPI-SIPI
|
||||||
|
+ // will launch the CPU into SMM.
|
||||||
|
+ //
|
||||||
|
+ // (2.2) The OS is malicious.
|
||||||
|
+ //
|
||||||
|
+ // The hot-added CPU is executing OS code. The directed SMI will pull
|
||||||
|
+ // the hot-added CPU into SMM, where it will start spinning on the APIC
|
||||||
|
+ // ID gate. The INIT-SIPI-SIPI will be ignored.
|
||||||
|
+ //
|
||||||
|
+ SendSmiIpi (ApicId);
|
||||||
|
SendInitSipiSipi (ApicId, PenAddress);
|
||||||
|
|
||||||
|
//
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,91 @@
|
|||||||
|
From 4e5edfcdf5986d9e0801a976a3aa558b5f370099 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Thu, 27 Aug 2020 00:21:28 +0200
|
||||||
|
Subject: [PATCH 2/5] OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just before
|
||||||
|
SMI broadcast
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek (lersek)
|
||||||
|
RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature
|
||||||
|
RH-Commit: [2/3] ea3ff703dfb7bd4f77b6807f06c89e754cc9d980 (lersek/edk2)
|
||||||
|
RH-Bugzilla: 1849177
|
||||||
|
|
||||||
|
The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick
|
||||||
|
succession -- it means a series of "device_add" QEMU monitor commands,
|
||||||
|
back-to-back.
|
||||||
|
|
||||||
|
If a "device_add" occurs *just before* ACPI raises the broadcast SMI,
|
||||||
|
then:
|
||||||
|
|
||||||
|
- OVMF processes the hot-added CPU well.
|
||||||
|
|
||||||
|
- However, QEMU's post-SMI ACPI loop -- which clears the pending events
|
||||||
|
for the hot-added CPUs that were collected before raising the SMI -- is
|
||||||
|
unaware of the stray CPU. Thus, the pending event is not cleared for it.
|
||||||
|
|
||||||
|
As a result of the stuck event, at the next hot-plug, OVMF tries to re-add
|
||||||
|
(relocate for the 2nd time) the already-known CPU. At that time, the AP is
|
||||||
|
already in the normal edk2 SMM busy-wait however, so it doesn't respond to
|
||||||
|
the exchange that the BSP intends to do in SmbaseRelocate(). Thus the VM
|
||||||
|
gets stuck in SMM.
|
||||||
|
|
||||||
|
(Because of the above symptom, this is not considered a security patch; it
|
||||||
|
doesn't seem exploitable by a malicious guest OS.)
|
||||||
|
|
||||||
|
In CpuHotplugMmi(), skip the supposedly hot-added CPU if it's already
|
||||||
|
known. The post-SMI ACPI loop will clear the pending event for it this
|
||||||
|
time.
|
||||||
|
|
||||||
|
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||||
|
Cc: Igor Mammedov <imammedo@redhat.com>
|
||||||
|
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||||
|
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Fixes: bc498ac4ca7590479cfd91ad1bb8a36286b0dc21
|
||||||
|
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200826222129.25798-2-lersek@redhat.com>
|
||||||
|
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||||
|
(cherry picked from commit 020bb4b46d6f6708bb3358e1c738109b7908f0de)
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
---
|
||||||
|
OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 19 +++++++++++++++++++
|
||||||
|
1 file changed, 19 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
|
||||||
|
index 20e6bec04f..cfe698ed2b 100644
|
||||||
|
--- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
|
||||||
|
+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
|
||||||
|
@@ -193,9 +193,28 @@ CpuHotplugMmi (
|
||||||
|
NewSlot = 0;
|
||||||
|
while (PluggedIdx < PluggedCount) {
|
||||||
|
APIC_ID NewApicId;
|
||||||
|
+ UINT32 CheckSlot;
|
||||||
|
UINTN NewProcessorNumberByProtocol;
|
||||||
|
|
||||||
|
NewApicId = mPluggedApicIds[PluggedIdx];
|
||||||
|
+
|
||||||
|
+ //
|
||||||
|
+ // Check if the supposedly hot-added CPU is already known to us.
|
||||||
|
+ //
|
||||||
|
+ for (CheckSlot = 0;
|
||||||
|
+ CheckSlot < mCpuHotPlugData->ArrayLength;
|
||||||
|
+ CheckSlot++) {
|
||||||
|
+ if (mCpuHotPlugData->ApicId[CheckSlot] == NewApicId) {
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (CheckSlot < mCpuHotPlugData->ArrayLength) {
|
||||||
|
+ DEBUG ((DEBUG_VERBOSE, "%a: APIC ID " FMT_APIC_ID " was hot-plugged "
|
||||||
|
+ "before; ignoring it\n", __FUNCTION__, NewApicId));
|
||||||
|
+ PluggedIdx++;
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
//
|
||||||
|
// Find the first empty slot in CPU_HOT_PLUG_DATA.
|
||||||
|
//
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -0,0 +1,140 @@
|
|||||||
|
From a5efebddb858c739d4a67865a4f8d836ba989d30 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Date: Tue, 14 Jul 2020 20:43:05 +0200
|
||||||
|
Subject: [PATCH 1/5] OvmfPkg/SmmControl2Dxe: negotiate
|
||||||
|
ICH9_LPC_SMI_F_CPU_HOTPLUG
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
RH-Author: Laszlo Ersek (lersek)
|
||||||
|
RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature
|
||||||
|
RH-Commit: [1/3] 33d820d43a1be2ece09044b0cf105275f3fcc9ce (lersek/edk2)
|
||||||
|
RH-Bugzilla: 1849177
|
||||||
|
|
||||||
|
The ICH9_LPC_SMI_F_BROADCAST and ICH9_LPC_SMI_F_CPU_HOTPLUG feature flags
|
||||||
|
cause QEMU to behave as follows:
|
||||||
|
|
||||||
|
BROADCAST CPU_HOTPLUG use case / behavior
|
||||||
|
--------- ----------- ------------------------------------------------
|
||||||
|
clear clear OVMF built without SMM_REQUIRE; or very old OVMF
|
||||||
|
(from before commit a316d7ac91d3 / 2017-02-07).
|
||||||
|
QEMU permits CPU hotplug operations, and does
|
||||||
|
not cause the OS to inject an SMI upon hotplug.
|
||||||
|
Firmware is not expected to be aware of hotplug
|
||||||
|
events.
|
||||||
|
|
||||||
|
clear set Invalid feature set; QEMU rejects the feature
|
||||||
|
negotiation.
|
||||||
|
|
||||||
|
set clear OVMF after a316d7ac91d3 / 2017-02-07, built with
|
||||||
|
SMM_REQUIRE, but no support for CPU hotplug.
|
||||||
|
QEMU gracefully refuses hotplug operations.
|
||||||
|
|
||||||
|
set set OVMF after a316d7ac91d3 / 2017-02-07, built with
|
||||||
|
SMM_REQUIRE, and supporting CPU hotplug. QEMU
|
||||||
|
permits CPU hotplug operations, and causes the
|
||||||
|
OS to inject an SMI upon hotplug. Firmware is
|
||||||
|
expected to deal with hotplug events.
|
||||||
|
|
||||||
|
Negotiate ICH9_LPC_SMI_F_CPU_HOTPLUG -- but only if SEV is disabled, as
|
||||||
|
OvmfPkg/CpuHotplugSmm can't deal with SEV yet.
|
||||||
|
|
||||||
|
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||||
|
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
||||||
|
Cc: Igor Mammedov <imammedo@redhat.com>
|
||||||
|
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||||
|
Cc: Liran Alon <liran.alon@oracle.com>
|
||||||
|
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
Message-Id: <20200714184305.9814-1-lersek@redhat.com>
|
||||||
|
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||||
|
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||||
|
(cherry picked from commit 5ba203b54e5953572e279e5505cd65e4cc360e34)
|
||||||
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||||
|
---
|
||||||
|
OvmfPkg/SmmControl2Dxe/SmiFeatures.c | 26 +++++++++++++++++++++--
|
||||||
|
OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf | 1 +
|
||||||
|
2 files changed, 25 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c
|
||||||
|
index 6210b7515e..c9d8755432 100644
|
||||||
|
--- a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c
|
||||||
|
+++ b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c
|
||||||
|
@@ -9,6 +9,7 @@
|
||||||
|
|
||||||
|
#include <Library/BaseLib.h>
|
||||||
|
#include <Library/DebugLib.h>
|
||||||
|
+#include <Library/MemEncryptSevLib.h>
|
||||||
|
#include <Library/MemoryAllocationLib.h>
|
||||||
|
#include <Library/PcdLib.h>
|
||||||
|
#include <Library/QemuFwCfgLib.h>
|
||||||
|
@@ -21,6 +22,12 @@
|
||||||
|
// "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files.
|
||||||
|
//
|
||||||
|
#define ICH9_LPC_SMI_F_BROADCAST BIT0
|
||||||
|
+//
|
||||||
|
+// The following bit value stands for "enable CPU hotplug, and inject an SMI
|
||||||
|
+// with control value ICH9_APM_CNT_CPU_HOTPLUG upon hotplug", in the
|
||||||
|
+// "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files.
|
||||||
|
+//
|
||||||
|
+#define ICH9_LPC_SMI_F_CPU_HOTPLUG BIT1
|
||||||
|
|
||||||
|
//
|
||||||
|
// Provides a scratch buffer (allocated in EfiReservedMemoryType type memory)
|
||||||
|
@@ -67,6 +74,7 @@ NegotiateSmiFeatures (
|
||||||
|
UINTN SupportedFeaturesSize;
|
||||||
|
UINTN RequestedFeaturesSize;
|
||||||
|
UINTN FeaturesOkSize;
|
||||||
|
+ UINT64 RequestedFeaturesMask;
|
||||||
|
|
||||||
|
//
|
||||||
|
// Look up the fw_cfg files used for feature negotiation. The selector keys
|
||||||
|
@@ -104,9 +112,16 @@ NegotiateSmiFeatures (
|
||||||
|
QemuFwCfgReadBytes (sizeof mSmiFeatures, &mSmiFeatures);
|
||||||
|
|
||||||
|
//
|
||||||
|
- // We want broadcast SMI and nothing else.
|
||||||
|
+ // We want broadcast SMI, SMI on CPU hotplug, and nothing else.
|
||||||
|
//
|
||||||
|
- mSmiFeatures &= ICH9_LPC_SMI_F_BROADCAST;
|
||||||
|
+ RequestedFeaturesMask = ICH9_LPC_SMI_F_BROADCAST;
|
||||||
|
+ if (!MemEncryptSevIsEnabled ()) {
|
||||||
|
+ //
|
||||||
|
+ // For now, we only support hotplug with SEV disabled.
|
||||||
|
+ //
|
||||||
|
+ RequestedFeaturesMask |= ICH9_LPC_SMI_F_CPU_HOTPLUG;
|
||||||
|
+ }
|
||||||
|
+ mSmiFeatures &= RequestedFeaturesMask;
|
||||||
|
QemuFwCfgSelectItem (mRequestedFeaturesItem);
|
||||||
|
QemuFwCfgWriteBytes (sizeof mSmiFeatures, &mSmiFeatures);
|
||||||
|
|
||||||
|
@@ -144,6 +159,13 @@ NegotiateSmiFeatures (
|
||||||
|
DEBUG ((DEBUG_INFO, "%a: using SMI broadcast\n", __FUNCTION__));
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if ((mSmiFeatures & ICH9_LPC_SMI_F_CPU_HOTPLUG) == 0) {
|
||||||
|
+ DEBUG ((DEBUG_INFO, "%a: CPU hotplug not negotiated\n", __FUNCTION__));
|
||||||
|
+ } else {
|
||||||
|
+ DEBUG ((DEBUG_INFO, "%a: CPU hotplug with SMI negotiated\n",
|
||||||
|
+ __FUNCTION__));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
//
|
||||||
|
// Negotiation successful (although we may not have gotten the optimal
|
||||||
|
// feature set).
|
||||||
|
diff --git a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf
|
||||||
|
index 3abed141e6..b8fdea8deb 100644
|
||||||
|
--- a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf
|
||||||
|
+++ b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf
|
||||||
|
@@ -46,6 +46,7 @@
|
||||||
|
BaseLib
|
||||||
|
DebugLib
|
||||||
|
IoLib
|
||||||
|
+ MemEncryptSevLib
|
||||||
|
MemoryAllocationLib
|
||||||
|
PcdLib
|
||||||
|
PciLib
|
||||||
|
--
|
||||||
|
2.27.0
|
||||||
|
|
@ -3,11 +3,11 @@ ExclusiveArch: x86_64 aarch64
|
|||||||
%define GITDATE 20200602
|
%define GITDATE 20200602
|
||||||
%define GITCOMMIT ca407c7246bf
|
%define GITCOMMIT ca407c7246bf
|
||||||
%define TOOLCHAIN GCC5
|
%define TOOLCHAIN GCC5
|
||||||
%define OPENSSL_VER 1.1.1c
|
%define OPENSSL_VER 1.1.1g
|
||||||
|
|
||||||
Name: edk2
|
Name: edk2
|
||||||
Version: %{GITDATE}git%{GITCOMMIT}
|
Version: %{GITDATE}git%{GITCOMMIT}
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
Summary: UEFI firmware for 64-bit virtual machines
|
Summary: UEFI firmware for 64-bit virtual machines
|
||||||
Group: Applications/Emulators
|
Group: Applications/Emulators
|
||||||
License: BSD-2-Clause-Patent and OpenSSL and MIT
|
License: BSD-2-Clause-Patent and OpenSSL and MIT
|
||||||
@ -19,7 +19,7 @@ URL: http://www.tianocore.org
|
|||||||
# | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
|
# | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
|
||||||
Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz
|
Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz
|
||||||
Source1: ovmf-whitepaper-c770f8c.txt
|
Source1: ovmf-whitepaper-c770f8c.txt
|
||||||
Source2: openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
|
Source2: openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
|
||||||
Source3: ovmf-vars-generator
|
Source3: ovmf-vars-generator
|
||||||
Source4: LICENSE.qosb
|
Source4: LICENSE.qosb
|
||||||
Source5: RedHatSecureBootPkKek1.pem
|
Source5: RedHatSecureBootPkKek1.pem
|
||||||
@ -58,6 +58,14 @@ Patch29: edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch
|
|||||||
Patch30: edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
|
Patch30: edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
|
||||||
# For bz#1861718 - Very slow boot when overcommitting CPU
|
# For bz#1861718 - Very slow boot when overcommitting CPU
|
||||||
Patch31: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch
|
Patch31: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch
|
||||||
|
# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU
|
||||||
|
Patch32: edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch
|
||||||
|
# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU
|
||||||
|
Patch33: edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch
|
||||||
|
# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU
|
||||||
|
Patch34: edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch
|
||||||
|
# For bz#1893806 - attempt advancing RHEL8 edk2's OpenSSL submodule to RHEL8 OpenSSL 1.1.1g (or later)
|
||||||
|
Patch35: edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch
|
||||||
|
|
||||||
|
|
||||||
# python3-devel and libuuid-devel are required for building tools.
|
# python3-devel and libuuid-devel are required for building tools.
|
||||||
@ -507,6 +515,17 @@ true
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Nov 23 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20200602gitca407c7246bf-4.el8
|
||||||
|
- edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch [bz#1849177]
|
||||||
|
- edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch [bz#1849177]
|
||||||
|
- edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch [bz#1849177]
|
||||||
|
- edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch [bz#1893806]
|
||||||
|
- edk2-redhat-bump-OpenSSL-dist-git-submodule-to-1.1.1g-RHE.patch [bz#1893806]
|
||||||
|
- Resolves: bz#1849177
|
||||||
|
(OVMF: negotiate "SMI on VCPU hotplug" with QEMU)
|
||||||
|
- Resolves: bz#1893806
|
||||||
|
(attempt advancing RHEL8 edk2's OpenSSL submodule to RHEL8 OpenSSL 1.1.1g (or later))
|
||||||
|
|
||||||
* Mon Aug 10 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20200602gitca407c7246bf-3.el8
|
* Mon Aug 10 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20200602gitca407c7246bf-3.el8
|
||||||
- edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch [bz#1861718]
|
- edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch [bz#1861718]
|
||||||
- Resolves: bz#1861718
|
- Resolves: bz#1861718
|
||||||
|
Loading…
Reference in New Issue
Block a user