diff --git a/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch b/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch new file mode 100644 index 0000000..eff7e1b --- /dev/null +++ b/edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch @@ -0,0 +1,46 @@ +From 33ebaa6f0d476008ca6ba264657ac37faf63b723 Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann +Date: Thu, 29 Aug 2024 09:20:29 +0200 +Subject: [PATCH 1/2] OvmfPkg/CpuHotplugSmm: delay SMM exit + +RH-Author: Gerd Hoffmann +RH-MergeRequest: 74: OvmfPkg/CpuHotplugSmm: delay SMM exit +RH-Jira: RHEL-56974 +RH-Acked-by: Oliver Steffen +RH-Commit: [1/1] e1fb3f4db68457ec9f59ca5db47606bf4c34e6c5 (kraxel.rh/centos-src-edk2) + +Let APs wait until the BSP has completed the register updates to remove +the CPU. This makes sure all APs stay in SMM mode until the CPU +hot-unplug operation is complete, which in turn makes sure the ACPI lock +is released only after the CPU hot-unplug operation is complete. + +Some background: The CPU hotplug SMI is triggered from an ACPI function +which is protected by an ACPI lock. The ACPI function is in the ACPI +tables generated by qemu. + +Signed-off-by: Gerd Hoffmann + +upstream: submitted (https://github.com/tianocore/edk2/pull/6138) +--- + OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c +index d504163026..5af78211d3 100644 +--- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c ++++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c +@@ -355,6 +355,11 @@ EjectCpu ( + // + QemuSelector = mCpuHotEjectData->QemuSelectorMap[ProcessorNum]; + if (QemuSelector == CPU_EJECT_QEMU_SELECTOR_INVALID) { ++ /* wait until BSP is done */ ++ while (mCpuHotEjectData->Handler != NULL) { ++ CpuPause (); ++ } ++ + return; + } + +-- +2.39.3 + diff --git a/edk2.spec b/edk2.spec index b047749..0de183b 100644 --- a/edk2.spec +++ b/edk2.spec @@ -6,7 +6,7 @@ ExclusiveArch: x86_64 aarch64 %define TOOLCHAIN GCC %define OPENSSL_VER 3.0.7 -%define OPENSSL_HASH 8e5beb77088bfec064d60506b1e76ddb0ac417fe +%define OPENSSL_HASH 0205b589887203b065154ddc8e8107c4ac8625a1 %define DBXDATE 20230509 @@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64 Name: edk2 Version: %{GITDATE} -Release: 5%{?dist} +Release: 6%{?dist} Summary: UEFI firmware for 64-bit virtual machines License: BSD-2-Clause-Patent and Apache-2.0 and MIT URL: http://www.tianocore.org @@ -99,6 +99,8 @@ Patch41: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch Patch42: edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch # For RHEL-45847 - [RHEL9.5] Hotplug vcpu to a guest cause guest kernel panic Patch43: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch +# For RHEL-56974 - qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-9] +Patch44: edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch # python3-devel and libuuid-devel are required for building tools. # python3-devel is also needed for varstore template generation and @@ -433,6 +435,14 @@ install -m 0644 \ %changelog +* Fri Sep 13 2024 Miroslav Rezanina - 20240524-6 +- edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch [RHEL-56974] +- edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55336] +- Resolves: RHEL-56974 + (qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-9]) +- Resolves: RHEL-55336 + (CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-9.5]) + * Mon Sep 09 2024 Miroslav Rezanina - 20240524-5 - edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch [RHEL-45847] - Resolves: RHEL-45847 diff --git a/sources b/sources index 54697a3..3d96e18 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ SHA512 (DBXUpdate-20230509.x64.bin) = 71fb6e8cd6918126b3acd78b95651913336df372e13fdfdfdd20d5d23f0e509050c6c88c8a2c43f8ac44f987df86bd45174bb3065d5a7a8c7e3b8772fd06d624 SHA512 (edk2-3e722403cd.tar.xz) = 55afa1275a579c3c620c10fe78758f952e5f6c73425c56034e28f05ad6ae2d8b9480d6f0133e2320fb6d3bc3f016daf6e0cb1fbdb737176b9cfa51fce076207d -SHA512 (openssl-rhel-8e5beb77088bfec064d60506b1e76ddb0ac417fe.tar.xz) = 5b4281ed4307611620803b7fa880cc734dc6ebf08ae7b4ae4249123ec3fa17652d678d80c5b3e6f6ea7d71c6c7916f188545a628ee78db2fc68094cc09bc09d8 +SHA512 (openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz) = 07db9535df29873a3884a411e6ab5c3ea6783b9773cd0923f5b2be1273c0e3e984a2f3a80bd1a637995eda018fa6372b6d1eb41000be07cdf5972938c74f51e9