import edk2-20200602gitca407c7246bf-4.el8
This commit is contained in:
parent
aac3168ebc
commit
61bad4b6b9
@ -1,2 +1,2 @@
|
||||
3a531b4e8864ee52b1e128ac9742b3e9dcec49bf SOURCES/edk2-ca407c7246bf.tar.xz
|
||||
cb385fc348395c187db3737e532de787ca2a17c9 SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
|
||||
627633682f69c2c899fe6018d675faaf45e5bb33 SOURCES/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
|
||||
|
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/edk2-ca407c7246bf.tar.xz
|
||||
SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
|
||||
SOURCES/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
|
||||
|
@ -0,0 +1,386 @@
|
||||
From e81751a1c303f5cd4bcae0ed1a38c60c38a0cf38 Mon Sep 17 00:00:00 2001
|
||||
From: Guomin Jiang <guomin.jiang@intel.com>
|
||||
Date: Fri, 10 Jul 2020 09:47:31 +0800
|
||||
Subject: [PATCH 4/5] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g
|
||||
|
||||
RH-Author: Laszlo Ersek (lersek)
|
||||
RH-MergeRequest: 2: [RHEL-8.4.0] bump OpenSSL dist-git submodule to 1.1.1g
|
||||
RH-Commit: [1/2] 36d4bc34a3b5c421819e94c58ff84fd779a93bae (lersek/edk2)
|
||||
RH-Bugzilla: 1893806
|
||||
|
||||
--v-- RHEL8 notes --v--
|
||||
|
||||
- The "CryptoPkg/Library/OpensslLib/openssl" hunk, advancing upstream
|
||||
edk2's OpenSSL submodule reference, has been stripped from this
|
||||
backport. (Refer to downstream commit c5d729df70f8 ("remove upstream
|
||||
edk2's openssl submodule (RH only)", 2020-06-05), as basis.) The
|
||||
corresponding RHEL8 OpenSSL dist-git bump is implemented in a subsequent
|
||||
patch in this series.
|
||||
|
||||
This cherry-pick and the RHEL8 OpenSSL dist-git submodule bump are kept
|
||||
separate for easing the next rebase, even at the cost of introducing a
|
||||
brief interval in the git history where the downstream exploded tree
|
||||
does not build.
|
||||
|
||||
- Contextual difference in "OpensslLib.inf" due to downstream commit
|
||||
56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files
|
||||
in the INFs (RH)", 2020-06-05); automatically resolved by
|
||||
git-cherry-pick.
|
||||
|
||||
--^-- RHEL8 notes --^--
|
||||
|
||||
Upgrade openssl to 1.1.1g. the directory have been reorganized,
|
||||
openssl moved crypto/include/internal to include/crypto folder.
|
||||
So we change directory to match the re-organization.
|
||||
|
||||
The dso_conf.h and opensslconf.h will generated in UNIX format,
|
||||
change process_files.pl to covent the EOL automatically.
|
||||
|
||||
Cc: Jian J Wang <jian.j.wang@intel.com>
|
||||
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
|
||||
Signed-off-by: Guomin Jiang <guomin.jiang@intel.com>
|
||||
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Tested-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Reviewed-by: Jian J Wang <jian.j.wang@intel.com>
|
||||
(cherry picked from commit 8c30327debb28c0b6cfa2106b736774e0b20daac)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
CryptoPkg/CryptoPkg.dec | 1 -
|
||||
.../Library/BaseCryptLib/Hash/CryptSm3.c | 2 +-
|
||||
.../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 +-
|
||||
.../Include/{internal => crypto}/dso_conf.h | 32 +++++-----
|
||||
.../Library/Include/openssl/opensslconf.h | 3 -
|
||||
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 58 +++++++++----------
|
||||
.../Library/OpensslLib/OpensslLibCrypto.inf | 50 ++++++++--------
|
||||
CryptoPkg/Library/OpensslLib/process_files.pl | 25 +++++---
|
||||
CryptoPkg/Library/OpensslLib/rand_pool.c | 2 +-
|
||||
9 files changed, 90 insertions(+), 87 deletions(-)
|
||||
rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%)
|
||||
|
||||
diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec
|
||||
index 4d1a1368a8..5888941bab 100644
|
||||
--- a/CryptoPkg/CryptoPkg.dec
|
||||
+++ b/CryptoPkg/CryptoPkg.dec
|
||||
@@ -23,7 +23,6 @@
|
||||
Private
|
||||
Library/Include
|
||||
Library/OpensslLib/openssl/include
|
||||
- Library/OpensslLib/openssl/crypto/include
|
||||
|
||||
[LibraryClasses]
|
||||
## @libraryclass Provides basic library functions for cryptographic primitives.
|
||||
diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
|
||||
index eacf4826c4..235331c2a0 100644
|
||||
--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
|
||||
+++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c
|
||||
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
**/
|
||||
|
||||
#include "InternalCryptLib.h"
|
||||
-#include "internal/sm3.h"
|
||||
+#include "crypto/sm3.h"
|
||||
|
||||
/**
|
||||
Retrieves the size, in bytes, of the context buffer required for SM3 hash operations.
|
||||
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
|
||||
index 229c244b26..c9fdb65b99 100644
|
||||
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
|
||||
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c
|
||||
@@ -15,13 +15,13 @@
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/bio.h>
|
||||
-#include <internal/x509_int.h>
|
||||
+#include <crypto/x509.h>
|
||||
#include <openssl/pkcs7.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/x509_vfy.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/evp.h>
|
||||
-#include <internal/asn1_int.h>
|
||||
+#include <crypto/asn1.h>
|
||||
|
||||
/**
|
||||
This function will return the leaf signer certificate in a chain. This is
|
||||
diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h
|
||||
similarity index 76%
|
||||
rename from CryptoPkg/Library/Include/internal/dso_conf.h
|
||||
rename to CryptoPkg/Library/Include/crypto/dso_conf.h
|
||||
index 43c891588b..95f4db2b15 100644
|
||||
--- a/CryptoPkg/Library/Include/internal/dso_conf.h
|
||||
+++ b/CryptoPkg/Library/Include/crypto/dso_conf.h
|
||||
@@ -1,16 +1,16 @@
|
||||
-/* WARNING: do not edit! */
|
||||
-/* Generated from crypto/include/internal/dso_conf.h.in */
|
||||
-/*
|
||||
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
- *
|
||||
- * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
- * this file except in compliance with the License. You can obtain a copy
|
||||
- * in the file LICENSE in the source distribution or at
|
||||
- * https://www.openssl.org/source/license.html
|
||||
- */
|
||||
-
|
||||
-#ifndef HEADER_DSO_CONF_H
|
||||
-# define HEADER_DSO_CONF_H
|
||||
-# define DSO_NONE
|
||||
-# define DSO_EXTENSION ".so"
|
||||
-#endif
|
||||
+/* WARNING: do not edit! */
|
||||
+/* Generated from include/crypto/dso_conf.h.in */
|
||||
+/*
|
||||
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#ifndef OSSL_CRYPTO_DSO_CONF_H
|
||||
+# define OSSL_CRYPTO_DSO_CONF_H
|
||||
+# define DSO_NONE
|
||||
+# define DSO_EXTENSION ".so"
|
||||
+#endif
|
||||
diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h
|
||||
index 62c2736cb0..3a2544ea5c 100644
|
||||
--- a/CryptoPkg/Library/Include/openssl/opensslconf.h
|
||||
+++ b/CryptoPkg/Library/Include/openssl/opensslconf.h
|
||||
@@ -247,9 +247,6 @@ extern "C" {
|
||||
#ifndef OPENSSL_NO_DYNAMIC_ENGINE
|
||||
# define OPENSSL_NO_DYNAMIC_ENGINE
|
||||
#endif
|
||||
-#ifndef OPENSSL_NO_AFALGENG
|
||||
-# define OPENSSL_NO_AFALGENG
|
||||
-#endif
|
||||
|
||||
|
||||
/*
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
index 24e790b538..4c21b11d0a 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf
|
||||
@@ -477,45 +477,45 @@
|
||||
$(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||
$(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||
$(OPENSSL_PATH)/crypto/vms_rms.h
|
||||
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/aes/aes_local.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||
- $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/async/async_local.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/bio/bio_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/bn/bn_local.h
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||
$(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/comp/comp_local.h
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/conf/conf_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/dh/dh_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/dso/dso_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/evp/evp_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/md5/md5_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/modes/modes_local.h
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/objects/obj_local.h
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/rand/rand_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/sha/sha_local.h
|
||||
$(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/store/store_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/store/store_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/ui/ui_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509/x509_local.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||
- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||
$(OPENSSL_PATH)/ssl/bio_ssl.c
|
||||
@@ -562,13 +562,13 @@
|
||||
$(OPENSSL_PATH)/ssl/t1_trce.c
|
||||
$(OPENSSL_PATH)/ssl/tls13_enc.c
|
||||
$(OPENSSL_PATH)/ssl/tls_srp.c
|
||||
- $(OPENSSL_PATH)/ssl/packet_locl.h
|
||||
+ $(OPENSSL_PATH)/ssl/packet_local.h
|
||||
$(OPENSSL_PATH)/ssl/ssl_cert_table.h
|
||||
- $(OPENSSL_PATH)/ssl/ssl_locl.h
|
||||
+ $(OPENSSL_PATH)/ssl/ssl_local.h
|
||||
$(OPENSSL_PATH)/ssl/record/record.h
|
||||
- $(OPENSSL_PATH)/ssl/record/record_locl.h
|
||||
+ $(OPENSSL_PATH)/ssl/record/record_local.h
|
||||
$(OPENSSL_PATH)/ssl/statem/statem.h
|
||||
- $(OPENSSL_PATH)/ssl/statem/statem_locl.h
|
||||
+ $(OPENSSL_PATH)/ssl/statem/statem_local.h
|
||||
# Autogenerated files list ends here
|
||||
# RHEL8-specific OpenSSL file list starts here
|
||||
$(OPENSSL_PATH)/crypto/evp/kdf_lib.c
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
index 52e70a2d03..0c3b210d6a 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
+++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
|
||||
@@ -477,45 +477,45 @@
|
||||
$(OPENSSL_PATH)/crypto/s390x_arch.h
|
||||
$(OPENSSL_PATH)/crypto/sparc_arch.h
|
||||
$(OPENSSL_PATH)/crypto/vms_rms.h
|
||||
- $(OPENSSL_PATH)/crypto/aes/aes_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/aes/aes_local.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h
|
||||
- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/charmap.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/standard_methods.h
|
||||
$(OPENSSL_PATH)/crypto/asn1/tbl_standard.h
|
||||
- $(OPENSSL_PATH)/crypto/async/async_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/async/async_local.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_null.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_posix.h
|
||||
$(OPENSSL_PATH)/crypto/async/arch/async_win.h
|
||||
- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/bio/bio_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/bn/bn_local.h
|
||||
$(OPENSSL_PATH)/crypto/bn/bn_prime.h
|
||||
$(OPENSSL_PATH)/crypto/bn/rsaz_exp.h
|
||||
- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/comp/comp_local.h
|
||||
$(OPENSSL_PATH)/crypto/conf/conf_def.h
|
||||
- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/dh/dh_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/dso/dso_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/evp/evp_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/md5/md5_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/conf/conf_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/dh/dh_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/dso/dso_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/evp/evp_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/md5/md5_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/modes/modes_local.h
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_dat.h
|
||||
- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/objects/obj_local.h
|
||||
$(OPENSSL_PATH)/crypto/objects/obj_xref.h
|
||||
- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h
|
||||
- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/sha/sha_locl.h
|
||||
+ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/rand/rand_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/sha/sha_local.h
|
||||
$(OPENSSL_PATH)/crypto/siphash/siphash_local.h
|
||||
- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/store/store_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/ui/ui_locl.h
|
||||
- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h
|
||||
+ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/store/store_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/ui/ui_local.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509/x509_local.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/ext_dat.h
|
||||
- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h
|
||||
+ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/standard_exts.h
|
||||
$(OPENSSL_PATH)/crypto/x509v3/v3_admis.h
|
||||
# Autogenerated files list ends here
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||
index 65d07a2aed..57ce195394 100755
|
||||
--- a/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||
+++ b/CryptoPkg/Library/OpensslLib/process_files.pl
|
||||
@@ -111,8 +111,8 @@ BEGIN {
|
||||
# Generate dso_conf.h per config data
|
||||
system(
|
||||
"perl -I. -Mconfigdata util/dofile.pl " .
|
||||
- "crypto/include/internal/dso_conf.h.in " .
|
||||
- "> include/internal/dso_conf.h"
|
||||
+ "include/crypto/dso_conf.h.in " .
|
||||
+ "> include/crypto/dso_conf.h"
|
||||
) == 0 ||
|
||||
die "Failed to generate dso_conf.h!\n";
|
||||
|
||||
@@ -263,14 +263,21 @@ print "Done!";
|
||||
# Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration
|
||||
#
|
||||
print "\n--> Duplicating opensslconf.h into Include/openssl ... ";
|
||||
-copy($OPENSSL_PATH . "/include/openssl/opensslconf.h",
|
||||
- $OPENSSL_PATH . "/../../Include/openssl/") ||
|
||||
- die "Cannot copy opensslconf.h!";
|
||||
+system(
|
||||
+ "perl -pe 's/\\n/\\r\\n/' " .
|
||||
+ "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " .
|
||||
+ "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h"
|
||||
+ ) == 0 ||
|
||||
+ die "Cannot copy opensslconf.h!";
|
||||
print "Done!";
|
||||
-print "\n--> Duplicating dso_conf.h into Include/internal ... ";
|
||||
-copy($OPENSSL_PATH . "/include/internal/dso_conf.h",
|
||||
- $OPENSSL_PATH . "/../../Include/internal/") ||
|
||||
- die "Cannot copy dso_conf.h!";
|
||||
+
|
||||
+print "\n--> Duplicating dso_conf.h into Include/crypto ... ";
|
||||
+system(
|
||||
+ "perl -pe 's/\\n/\\r\\n/' " .
|
||||
+ "< " . $OPENSSL_PATH . "/include/crypto/dso_conf.h" .
|
||||
+ "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h"
|
||||
+ ) == 0 ||
|
||||
+ die "Cannot copy dso_conf.h!";
|
||||
print "Done!\n";
|
||||
|
||||
print "\nProcessing Files Done!\n";
|
||||
diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c
|
||||
index 9f3983f7c3..9e0179b034 100644
|
||||
--- a/CryptoPkg/Library/OpensslLib/rand_pool.c
|
||||
+++ b/CryptoPkg/Library/OpensslLib/rand_pool.c
|
||||
@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
|
||||
|
||||
**/
|
||||
|
||||
-#include "internal/rand_int.h"
|
||||
+#include "crypto/rand.h"
|
||||
#include <openssl/aes.h>
|
||||
|
||||
#include <Uefi.h>
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,120 @@
|
||||
From 08a95c3541cbe2b3a1c671fa683bd6214ad996f0 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 27 Aug 2020 00:21:29 +0200
|
||||
Subject: [PATCH 3/5] OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just after
|
||||
SMI broadcast
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek (lersek)
|
||||
RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature
|
||||
RH-Commit: [3/3] 40521ea89725b8b0ff8ca3f0a610ff45431e610e (lersek/edk2)
|
||||
RH-Bugzilla: 1849177
|
||||
|
||||
The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick
|
||||
succession -- it means a series of "device_add" QEMU monitor commands,
|
||||
back-to-back.
|
||||
|
||||
If a "device_add" occurs *just after* ACPI raises the broadcast SMI, then:
|
||||
|
||||
- the CPU_FOREACH() loop in QEMU's ich9_apm_ctrl_changed() cannot make the
|
||||
SMI pending for the new CPU -- at that time, the new CPU doesn't even
|
||||
exist yet,
|
||||
|
||||
- OVMF will find the new CPU however (in the CPU hotplug register block),
|
||||
in QemuCpuhpCollectApicIds().
|
||||
|
||||
As a result, when the firmware sends an INIT-SIPI-SIPI to the new CPU in
|
||||
SmbaseRelocate(), expecting it to boot into SMM (due to the pending SMI),
|
||||
the new CPU instead boots straight into the post-RSM (normal mode) "pen",
|
||||
skipping its initial SMI handler.
|
||||
|
||||
The CPU halts nicely in the pen, but its SMBASE is never relocated, and
|
||||
the SMRAM message exchange with the BSP falls apart -- the BSP gets stuck
|
||||
in the following loop:
|
||||
|
||||
//
|
||||
// Wait until the hot-added CPU is just about to execute RSM.
|
||||
//
|
||||
while (Context->AboutToLeaveSmm == 0) {
|
||||
CpuPause ();
|
||||
}
|
||||
|
||||
because the new CPU's initial SMI handler never sets the flag to nonzero.
|
||||
|
||||
Fix this by sending a directed SMI to the new CPU just before sending it
|
||||
the INIT-SIPI-SIPI. The various scenarios are documented in the code --
|
||||
the cases affected by the patch are documented under point (2).
|
||||
|
||||
Note that this is not considered a security patch, as for a malicious
|
||||
guest OS, the issue is not exploitable -- the symptom is a hang on the
|
||||
BSP, in the above-noted loop in SmbaseRelocate(). Instead, the patch fixes
|
||||
behavior for a benign guest OS.
|
||||
|
||||
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
Cc: Igor Mammedov <imammedo@redhat.com>
|
||||
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Fixes: 51a6fb41181529e4b50ea13377425bda6bb69ba6
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20200826222129.25798-3-lersek@redhat.com>
|
||||
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
(cherry picked from commit cbccf995920a28071f5403b847f29ebf8b732fa9)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
OvmfPkg/CpuHotplugSmm/Smbase.c | 35 ++++++++++++++++++++++++++++------
|
||||
1 file changed, 29 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.c b/OvmfPkg/CpuHotplugSmm/Smbase.c
|
||||
index 170571221d..d8f45c4313 100644
|
||||
--- a/OvmfPkg/CpuHotplugSmm/Smbase.c
|
||||
+++ b/OvmfPkg/CpuHotplugSmm/Smbase.c
|
||||
@@ -220,14 +220,37 @@ SmbaseRelocate (
|
||||
//
|
||||
// Boot the hot-added CPU.
|
||||
//
|
||||
- // If the OS is benign, and so the hot-added CPU is still in RESET state,
|
||||
- // then the broadcast SMI is still pending for it; it will now launch
|
||||
- // directly into SMM.
|
||||
+ // There are 2*2 cases to consider:
|
||||
//
|
||||
- // If the OS is malicious, the hot-added CPU has been booted already, and so
|
||||
- // it is already spinning on the APIC ID gate. In that case, the
|
||||
- // INIT-SIPI-SIPI below will be ignored.
|
||||
+ // (1) The CPU was hot-added before the SMI was broadcast.
|
||||
//
|
||||
+ // (1.1) The OS is benign.
|
||||
+ //
|
||||
+ // The hot-added CPU is in RESET state, with the broadcast SMI pending
|
||||
+ // for it. The directed SMI below will be ignored (it's idempotent),
|
||||
+ // and the INIT-SIPI-SIPI will launch the CPU directly into SMM.
|
||||
+ //
|
||||
+ // (1.2) The OS is malicious.
|
||||
+ //
|
||||
+ // The hot-added CPU has been booted, by the OS. Thus, the hot-added
|
||||
+ // CPU is spinning on the APIC ID gate. In that case, both the SMI and
|
||||
+ // the INIT-SIPI-SIPI below will be ignored.
|
||||
+ //
|
||||
+ // (2) The CPU was hot-added after the SMI was broadcast.
|
||||
+ //
|
||||
+ // (2.1) The OS is benign.
|
||||
+ //
|
||||
+ // The hot-added CPU is in RESET state, with no SMI pending for it. The
|
||||
+ // directed SMI will latch the SMI for the CPU. Then the INIT-SIPI-SIPI
|
||||
+ // will launch the CPU into SMM.
|
||||
+ //
|
||||
+ // (2.2) The OS is malicious.
|
||||
+ //
|
||||
+ // The hot-added CPU is executing OS code. The directed SMI will pull
|
||||
+ // the hot-added CPU into SMM, where it will start spinning on the APIC
|
||||
+ // ID gate. The INIT-SIPI-SIPI will be ignored.
|
||||
+ //
|
||||
+ SendSmiIpi (ApicId);
|
||||
SendInitSipiSipi (ApicId, PenAddress);
|
||||
|
||||
//
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,91 @@
|
||||
From 4e5edfcdf5986d9e0801a976a3aa558b5f370099 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Thu, 27 Aug 2020 00:21:28 +0200
|
||||
Subject: [PATCH 2/5] OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just before
|
||||
SMI broadcast
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek (lersek)
|
||||
RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature
|
||||
RH-Commit: [2/3] ea3ff703dfb7bd4f77b6807f06c89e754cc9d980 (lersek/edk2)
|
||||
RH-Bugzilla: 1849177
|
||||
|
||||
The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick
|
||||
succession -- it means a series of "device_add" QEMU monitor commands,
|
||||
back-to-back.
|
||||
|
||||
If a "device_add" occurs *just before* ACPI raises the broadcast SMI,
|
||||
then:
|
||||
|
||||
- OVMF processes the hot-added CPU well.
|
||||
|
||||
- However, QEMU's post-SMI ACPI loop -- which clears the pending events
|
||||
for the hot-added CPUs that were collected before raising the SMI -- is
|
||||
unaware of the stray CPU. Thus, the pending event is not cleared for it.
|
||||
|
||||
As a result of the stuck event, at the next hot-plug, OVMF tries to re-add
|
||||
(relocate for the 2nd time) the already-known CPU. At that time, the AP is
|
||||
already in the normal edk2 SMM busy-wait however, so it doesn't respond to
|
||||
the exchange that the BSP intends to do in SmbaseRelocate(). Thus the VM
|
||||
gets stuck in SMM.
|
||||
|
||||
(Because of the above symptom, this is not considered a security patch; it
|
||||
doesn't seem exploitable by a malicious guest OS.)
|
||||
|
||||
In CpuHotplugMmi(), skip the supposedly hot-added CPU if it's already
|
||||
known. The post-SMI ACPI loop will clear the pending event for it this
|
||||
time.
|
||||
|
||||
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
Cc: Igor Mammedov <imammedo@redhat.com>
|
||||
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Fixes: bc498ac4ca7590479cfd91ad1bb8a36286b0dc21
|
||||
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20200826222129.25798-2-lersek@redhat.com>
|
||||
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
(cherry picked from commit 020bb4b46d6f6708bb3358e1c738109b7908f0de)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 19 +++++++++++++++++++
|
||||
1 file changed, 19 insertions(+)
|
||||
|
||||
diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
|
||||
index 20e6bec04f..cfe698ed2b 100644
|
||||
--- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
|
||||
+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
|
||||
@@ -193,9 +193,28 @@ CpuHotplugMmi (
|
||||
NewSlot = 0;
|
||||
while (PluggedIdx < PluggedCount) {
|
||||
APIC_ID NewApicId;
|
||||
+ UINT32 CheckSlot;
|
||||
UINTN NewProcessorNumberByProtocol;
|
||||
|
||||
NewApicId = mPluggedApicIds[PluggedIdx];
|
||||
+
|
||||
+ //
|
||||
+ // Check if the supposedly hot-added CPU is already known to us.
|
||||
+ //
|
||||
+ for (CheckSlot = 0;
|
||||
+ CheckSlot < mCpuHotPlugData->ArrayLength;
|
||||
+ CheckSlot++) {
|
||||
+ if (mCpuHotPlugData->ApicId[CheckSlot] == NewApicId) {
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+ if (CheckSlot < mCpuHotPlugData->ArrayLength) {
|
||||
+ DEBUG ((DEBUG_VERBOSE, "%a: APIC ID " FMT_APIC_ID " was hot-plugged "
|
||||
+ "before; ignoring it\n", __FUNCTION__, NewApicId));
|
||||
+ PluggedIdx++;
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
//
|
||||
// Find the first empty slot in CPU_HOT_PLUG_DATA.
|
||||
//
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,140 @@
|
||||
From a5efebddb858c739d4a67865a4f8d836ba989d30 Mon Sep 17 00:00:00 2001
|
||||
From: Laszlo Ersek <lersek@redhat.com>
|
||||
Date: Tue, 14 Jul 2020 20:43:05 +0200
|
||||
Subject: [PATCH 1/5] OvmfPkg/SmmControl2Dxe: negotiate
|
||||
ICH9_LPC_SMI_F_CPU_HOTPLUG
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek (lersek)
|
||||
RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature
|
||||
RH-Commit: [1/3] 33d820d43a1be2ece09044b0cf105275f3fcc9ce (lersek/edk2)
|
||||
RH-Bugzilla: 1849177
|
||||
|
||||
The ICH9_LPC_SMI_F_BROADCAST and ICH9_LPC_SMI_F_CPU_HOTPLUG feature flags
|
||||
cause QEMU to behave as follows:
|
||||
|
||||
BROADCAST CPU_HOTPLUG use case / behavior
|
||||
--------- ----------- ------------------------------------------------
|
||||
clear clear OVMF built without SMM_REQUIRE; or very old OVMF
|
||||
(from before commit a316d7ac91d3 / 2017-02-07).
|
||||
QEMU permits CPU hotplug operations, and does
|
||||
not cause the OS to inject an SMI upon hotplug.
|
||||
Firmware is not expected to be aware of hotplug
|
||||
events.
|
||||
|
||||
clear set Invalid feature set; QEMU rejects the feature
|
||||
negotiation.
|
||||
|
||||
set clear OVMF after a316d7ac91d3 / 2017-02-07, built with
|
||||
SMM_REQUIRE, but no support for CPU hotplug.
|
||||
QEMU gracefully refuses hotplug operations.
|
||||
|
||||
set set OVMF after a316d7ac91d3 / 2017-02-07, built with
|
||||
SMM_REQUIRE, and supporting CPU hotplug. QEMU
|
||||
permits CPU hotplug operations, and causes the
|
||||
OS to inject an SMI upon hotplug. Firmware is
|
||||
expected to deal with hotplug events.
|
||||
|
||||
Negotiate ICH9_LPC_SMI_F_CPU_HOTPLUG -- but only if SEV is disabled, as
|
||||
OvmfPkg/CpuHotplugSmm can't deal with SEV yet.
|
||||
|
||||
Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
|
||||
Cc: Igor Mammedov <imammedo@redhat.com>
|
||||
Cc: Jordan Justen <jordan.l.justen@intel.com>
|
||||
Cc: Liran Alon <liran.alon@oracle.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20200714184305.9814-1-lersek@redhat.com>
|
||||
Acked-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
|
||||
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
(cherry picked from commit 5ba203b54e5953572e279e5505cd65e4cc360e34)
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
---
|
||||
OvmfPkg/SmmControl2Dxe/SmiFeatures.c | 26 +++++++++++++++++++++--
|
||||
OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf | 1 +
|
||||
2 files changed, 25 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c
|
||||
index 6210b7515e..c9d8755432 100644
|
||||
--- a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c
|
||||
+++ b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c
|
||||
@@ -9,6 +9,7 @@
|
||||
|
||||
#include <Library/BaseLib.h>
|
||||
#include <Library/DebugLib.h>
|
||||
+#include <Library/MemEncryptSevLib.h>
|
||||
#include <Library/MemoryAllocationLib.h>
|
||||
#include <Library/PcdLib.h>
|
||||
#include <Library/QemuFwCfgLib.h>
|
||||
@@ -21,6 +22,12 @@
|
||||
// "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files.
|
||||
//
|
||||
#define ICH9_LPC_SMI_F_BROADCAST BIT0
|
||||
+//
|
||||
+// The following bit value stands for "enable CPU hotplug, and inject an SMI
|
||||
+// with control value ICH9_APM_CNT_CPU_HOTPLUG upon hotplug", in the
|
||||
+// "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files.
|
||||
+//
|
||||
+#define ICH9_LPC_SMI_F_CPU_HOTPLUG BIT1
|
||||
|
||||
//
|
||||
// Provides a scratch buffer (allocated in EfiReservedMemoryType type memory)
|
||||
@@ -67,6 +74,7 @@ NegotiateSmiFeatures (
|
||||
UINTN SupportedFeaturesSize;
|
||||
UINTN RequestedFeaturesSize;
|
||||
UINTN FeaturesOkSize;
|
||||
+ UINT64 RequestedFeaturesMask;
|
||||
|
||||
//
|
||||
// Look up the fw_cfg files used for feature negotiation. The selector keys
|
||||
@@ -104,9 +112,16 @@ NegotiateSmiFeatures (
|
||||
QemuFwCfgReadBytes (sizeof mSmiFeatures, &mSmiFeatures);
|
||||
|
||||
//
|
||||
- // We want broadcast SMI and nothing else.
|
||||
+ // We want broadcast SMI, SMI on CPU hotplug, and nothing else.
|
||||
//
|
||||
- mSmiFeatures &= ICH9_LPC_SMI_F_BROADCAST;
|
||||
+ RequestedFeaturesMask = ICH9_LPC_SMI_F_BROADCAST;
|
||||
+ if (!MemEncryptSevIsEnabled ()) {
|
||||
+ //
|
||||
+ // For now, we only support hotplug with SEV disabled.
|
||||
+ //
|
||||
+ RequestedFeaturesMask |= ICH9_LPC_SMI_F_CPU_HOTPLUG;
|
||||
+ }
|
||||
+ mSmiFeatures &= RequestedFeaturesMask;
|
||||
QemuFwCfgSelectItem (mRequestedFeaturesItem);
|
||||
QemuFwCfgWriteBytes (sizeof mSmiFeatures, &mSmiFeatures);
|
||||
|
||||
@@ -144,6 +159,13 @@ NegotiateSmiFeatures (
|
||||
DEBUG ((DEBUG_INFO, "%a: using SMI broadcast\n", __FUNCTION__));
|
||||
}
|
||||
|
||||
+ if ((mSmiFeatures & ICH9_LPC_SMI_F_CPU_HOTPLUG) == 0) {
|
||||
+ DEBUG ((DEBUG_INFO, "%a: CPU hotplug not negotiated\n", __FUNCTION__));
|
||||
+ } else {
|
||||
+ DEBUG ((DEBUG_INFO, "%a: CPU hotplug with SMI negotiated\n",
|
||||
+ __FUNCTION__));
|
||||
+ }
|
||||
+
|
||||
//
|
||||
// Negotiation successful (although we may not have gotten the optimal
|
||||
// feature set).
|
||||
diff --git a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf
|
||||
index 3abed141e6..b8fdea8deb 100644
|
||||
--- a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf
|
||||
+++ b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf
|
||||
@@ -46,6 +46,7 @@
|
||||
BaseLib
|
||||
DebugLib
|
||||
IoLib
|
||||
+ MemEncryptSevLib
|
||||
MemoryAllocationLib
|
||||
PcdLib
|
||||
PciLib
|
||||
--
|
||||
2.27.0
|
||||
|
@ -0,0 +1,105 @@
|
||||
From 70c9d989107c6ac964bb437c5a4ea6ffe3214e45 Mon Sep 17 00:00:00 2001
|
||||
From: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
Date: Mon, 10 Aug 2020 07:52:28 +0200
|
||||
Subject: [PATCH] UefiCpuPkg/PiSmmCpuDxeSmm: pause in WaitForSemaphore() before
|
||||
re-fetch
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
RH-Author: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-id: <20200731141037.1941-2-lersek@redhat.com>
|
||||
Patchwork-id: 98121
|
||||
O-Subject: [RHEL-8.3.0 edk2 PATCH 1/1] UefiCpuPkg/PiSmmCpuDxeSmm: pause in WaitForSemaphore() before re-fetch
|
||||
Bugzilla: 1861718
|
||||
RH-Acked-by: Vitaly Kuznetsov <vkuznets@redhat.com>
|
||||
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
|
||||
|
||||
Most busy waits (spinlocks) in "UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c"
|
||||
already call CpuPause() in their loop bodies; see SmmWaitForApArrival(),
|
||||
APHandler(), and SmiRendezvous(). However, the "main wait" within
|
||||
APHandler():
|
||||
|
||||
> //
|
||||
> // Wait for something to happen
|
||||
> //
|
||||
> WaitForSemaphore (mSmmMpSyncData->CpuData[CpuIndex].Run);
|
||||
|
||||
doesn't do so, as WaitForSemaphore() keeps trying to acquire the semaphore
|
||||
without pausing.
|
||||
|
||||
The performance impact is especially notable in QEMU/KVM + OVMF
|
||||
virtualization with CPU overcommit (that is, when the guest has
|
||||
significantly more VCPUs than the host has physical CPUs). The guest BSP
|
||||
is working heavily in:
|
||||
|
||||
BSPHandler() [MpService.c]
|
||||
PerformRemainingTasks() [PiSmmCpuDxeSmm.c]
|
||||
SetUefiMemMapAttributes() [SmmCpuMemoryManagement.c]
|
||||
|
||||
while the many guest APs are spinning in the "Wait for something to
|
||||
happen" semaphore acquisition, in APHandler(). The guest APs are
|
||||
generating useless memory traffic and saturating host CPUs, hindering the
|
||||
guest BSP's progress in SetUefiMemMapAttributes().
|
||||
|
||||
Rework the loop in WaitForSemaphore(): call CpuPause() in every iteration
|
||||
after the first check fails. Due to Pause Loop Exiting (known as Pause
|
||||
Filter on AMD), the host scheduler can favor the guest BSP over the guest
|
||||
APs.
|
||||
|
||||
Running a 16 GB RAM + 512 VCPU guest on a 448 PCPU host, this patch
|
||||
reduces OVMF boot time (counted until reaching grub) from 20-30 minutes to
|
||||
less than 4 minutes.
|
||||
|
||||
The patch should benefit physical machines as well -- according to the
|
||||
Intel SDM, PAUSE "Improves the performance of spin-wait loops". Adding
|
||||
PAUSE to the generic WaitForSemaphore() function is considered a general
|
||||
improvement.
|
||||
|
||||
Cc: Eric Dong <eric.dong@intel.com>
|
||||
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
|
||||
Cc: Rahul Kumar <rahul1.kumar@intel.com>
|
||||
Cc: Ray Ni <ray.ni@intel.com>
|
||||
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1861718
|
||||
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
||||
Message-Id: <20200729185217.10084-1-lersek@redhat.com>
|
||||
Reviewed-by: Eric Dong <eric.dong@intel.com>
|
||||
(cherry picked from commit 9001b750df64b25b14ec45a2efa1361a7b96c00a)
|
||||
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
||||
---
|
||||
UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c | 18 +++++++++++-------
|
||||
1 file changed, 11 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
|
||||
index 57e788c..4bcd217 100644
|
||||
--- a/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
|
||||
+++ b/UefiCpuPkg/PiSmmCpuDxeSmm/MpService.c
|
||||
@@ -40,14 +40,18 @@ WaitForSemaphore (
|
||||
{
|
||||
UINT32 Value;
|
||||
|
||||
- do {
|
||||
+ for (;;) {
|
||||
Value = *Sem;
|
||||
- } while (Value == 0 ||
|
||||
- InterlockedCompareExchange32 (
|
||||
- (UINT32*)Sem,
|
||||
- Value,
|
||||
- Value - 1
|
||||
- ) != Value);
|
||||
+ if (Value != 0 &&
|
||||
+ InterlockedCompareExchange32 (
|
||||
+ (UINT32*)Sem,
|
||||
+ Value,
|
||||
+ Value - 1
|
||||
+ ) == Value) {
|
||||
+ break;
|
||||
+ }
|
||||
+ CpuPause ();
|
||||
+ }
|
||||
return Value - 1;
|
||||
}
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -3,11 +3,11 @@ ExclusiveArch: x86_64 aarch64
|
||||
%define GITDATE 20200602
|
||||
%define GITCOMMIT ca407c7246bf
|
||||
%define TOOLCHAIN GCC5
|
||||
%define OPENSSL_VER 1.1.1c
|
||||
%define OPENSSL_VER 1.1.1g
|
||||
|
||||
Name: edk2
|
||||
Version: %{GITDATE}git%{GITCOMMIT}
|
||||
Release: 2%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: UEFI firmware for 64-bit virtual machines
|
||||
Group: Applications/Emulators
|
||||
License: BSD-2-Clause-Patent and OpenSSL and MIT
|
||||
@ -19,7 +19,7 @@ URL: http://www.tianocore.org
|
||||
# | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
|
||||
Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz
|
||||
Source1: ovmf-whitepaper-c770f8c.txt
|
||||
Source2: openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz
|
||||
Source2: openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
|
||||
Source3: ovmf-vars-generator
|
||||
Source4: LICENSE.qosb
|
||||
Source5: RedHatSecureBootPkKek1.pem
|
||||
@ -56,6 +56,16 @@ Patch28: edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
|
||||
Patch29: edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch
|
||||
# For bz#1844682 - silent build of edk2-aarch64 logs DEBUG_ERROR messages that don't actually report serious errors
|
||||
Patch30: edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
|
||||
# For bz#1861718 - Very slow boot when overcommitting CPU
|
||||
Patch31: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch
|
||||
# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU
|
||||
Patch32: edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch
|
||||
# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU
|
||||
Patch33: edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch
|
||||
# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU
|
||||
Patch34: edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch
|
||||
# For bz#1893806 - attempt advancing RHEL8 edk2's OpenSSL submodule to RHEL8 OpenSSL 1.1.1g (or later)
|
||||
Patch35: edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch
|
||||
|
||||
|
||||
# python3-devel and libuuid-devel are required for building tools.
|
||||
@ -505,6 +515,22 @@ true
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Nov 23 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20200602gitca407c7246bf-4.el8
|
||||
- edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch [bz#1849177]
|
||||
- edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch [bz#1849177]
|
||||
- edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch [bz#1849177]
|
||||
- edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch [bz#1893806]
|
||||
- edk2-redhat-bump-OpenSSL-dist-git-submodule-to-1.1.1g-RHE.patch [bz#1893806]
|
||||
- Resolves: bz#1849177
|
||||
(OVMF: negotiate "SMI on VCPU hotplug" with QEMU)
|
||||
- Resolves: bz#1893806
|
||||
(attempt advancing RHEL8 edk2's OpenSSL submodule to RHEL8 OpenSSL 1.1.1g (or later))
|
||||
|
||||
* Mon Aug 10 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20200602gitca407c7246bf-3.el8
|
||||
- edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch [bz#1861718]
|
||||
- Resolves: bz#1861718
|
||||
(Very slow boot when overcommitting CPU)
|
||||
|
||||
* Wed Jun 24 2020 Miroslav Rezanina <mrezanin@redhat.com> - 20200602gitca407c7246bf-2.el8
|
||||
- edk2-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch [bz#1844682]
|
||||
- edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch [bz#1844682]
|
||||
|
Loading…
Reference in New Issue
Block a user