rpms/edk2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

* Fri Sep 13 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-6

Browse Source 
- edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch [RHEL-56974]
- edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55336]
- Resolves: RHEL-56974
  (qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-9])
- Resolves: RHEL-55336
  (CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-9.5])
This commit is contained in:
Miroslav Rezanina 2024-09-13 02:27:52 -04:00
parent 413cc0f1fe
commit feee90bea6
3 changed files with 59 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch Normal file
View File

@ -0,0 +1,46 @@
From 33ebaa6f0d476008ca6ba264657ac37faf63b723 Mon Sep 17 00:00:00 2001
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 29 Aug 2024 09:20:29 +0200
Subject: [PATCH 1/2] OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Author: Gerd Hoffmann <None>
RH-MergeRequest: 74: OvmfPkg/CpuHotplugSmm: delay SMM exit
RH-Jira: RHEL-56974
RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
RH-Commit: [1/1] e1fb3f4db68457ec9f59ca5db47606bf4c34e6c5 (kraxel.rh/centos-src-edk2)
Let APs wait until the BSP has completed the register updates to remove
the CPU. This makes sure all APs stay in SMM mode until the CPU
hot-unplug operation is complete, which in turn makes sure the ACPI lock
is released only after the CPU hot-unplug operation is complete.
Some background: The CPU hotplug SMI is triggered from an ACPI function
which is protected by an ACPI lock. The ACPI function is in the ACPI
tables generated by qemu.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
upstream: submitted (https://github.com/tianocore/edk2/pull/6138)
---
OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
index d504163026..5af78211d3 100644
--- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
+++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c
@@ -355,6 +355,11 @@ EjectCpu (
//
QemuSelector = mCpuHotEjectData->QemuSelectorMap[ProcessorNum];
if (QemuSelector == CPU_EJECT_QEMU_SELECTOR_INVALID) {
+ /* wait until BSP is done */
+ while (mCpuHotEjectData->Handler != NULL) {
+ CpuPause ();
+ }
+
return;
}
--
2.39.3

14
edk2.spec
View File

@ -6,7 +6,7 @@ ExclusiveArch: x86_64 aarch64
%define TOOLCHAIN GCC %define TOOLCHAIN GCC
%define OPENSSL_VER 3.0.7 %define OPENSSL_VER 3.0.7
%define OPENSSL_HASH 8e5beb77088bfec064d60506b1e76ddb0ac417fe %define OPENSSL_HASH 0205b589887203b065154ddc8e8107c4ac8625a1
%define DBXDATE 20230509 %define DBXDATE 20230509
@ -21,7 +21,7 @@ ExclusiveArch: x86_64 aarch64
Name: edk2 Name: edk2
Version: %{GITDATE} Version: %{GITDATE}
Release: 5%{?dist} Release: 6%{?dist}
Summary: UEFI firmware for 64-bit virtual machines Summary: UEFI firmware for 64-bit virtual machines
License: BSD-2-Clause-Patent and Apache-2.0 and MIT License: BSD-2-Clause-Patent and Apache-2.0 and MIT
URL: http://www.tianocore.org URL: http://www.tianocore.org
@ -99,6 +99,8 @@ Patch41: edk2-NetworkPkg-DxeNetLib-Reword-PseudoRandom-error-loggi.patch
Patch42: edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch Patch42: edk2-AmdSevDxe-Fix-the-shim-fallback-reboot-workaround-fo.patch
# For RHEL-45847 - [RHEL9.5] Hotplug vcpu to a guest cause guest kernel panic # For RHEL-45847 - [RHEL9.5] Hotplug vcpu to a guest cause guest kernel panic
Patch43: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch Patch43: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch
# For RHEL-56974 - qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-9]
Patch44: edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch
# python3-devel and libuuid-devel are required for building tools. # python3-devel and libuuid-devel are required for building tools.
# python3-devel is also needed for varstore template generation and # python3-devel is also needed for varstore template generation and
@ -433,6 +435,14 @@ install -m 0644 \
%changelog %changelog
* Fri Sep 13 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-6
- edk2-OvmfPkg-CpuHotplugSmm-delay-SMM-exit.patch [RHEL-56974]
- edk2-Bumped-openssl-submodule-version-to-0205b5898872.patch [RHEL-55336]
- Resolves: RHEL-56974
(qemu-kvm: warning: Blocked re-entrant IO on MemoryRegion: acpi-cpu-hotplug at addr: 0x0 [rhel-9])
- Resolves: RHEL-55336
(CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks [rhel-9.5])
* Mon Sep 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-5 * Mon Sep 09 2024 Miroslav Rezanina <mrezanin@redhat.com> - 20240524-5
- edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch [RHEL-45847] - edk2-UefiCpuPkg-PiSmmCpuDxeSmm-skip-PatchInstructionX86-c.patch [RHEL-45847]
- Resolves: RHEL-45847 - Resolves: RHEL-45847

2
sources
View File

@ -1,3 +1,3 @@
SHA512 (DBXUpdate-20230509.x64.bin) = 71fb6e8cd6918126b3acd78b95651913336df372e13fdfdfdd20d5d23f0e509050c6c88c8a2c43f8ac44f987df86bd45174bb3065d5a7a8c7e3b8772fd06d624 SHA512 (DBXUpdate-20230509.x64.bin) = 71fb6e8cd6918126b3acd78b95651913336df372e13fdfdfdd20d5d23f0e509050c6c88c8a2c43f8ac44f987df86bd45174bb3065d5a7a8c7e3b8772fd06d624
SHA512 (edk2-3e722403cd.tar.xz) = 55afa1275a579c3c620c10fe78758f952e5f6c73425c56034e28f05ad6ae2d8b9480d6f0133e2320fb6d3bc3f016daf6e0cb1fbdb737176b9cfa51fce076207d SHA512 (edk2-3e722403cd.tar.xz) = 55afa1275a579c3c620c10fe78758f952e5f6c73425c56034e28f05ad6ae2d8b9480d6f0133e2320fb6d3bc3f016daf6e0cb1fbdb737176b9cfa51fce076207d
SHA512 (openssl-rhel-8e5beb77088bfec064d60506b1e76ddb0ac417fe.tar.xz) = 5b4281ed4307611620803b7fa880cc734dc6ebf08ae7b4ae4249123ec3fa17652d678d80c5b3e6f6ea7d71c6c7916f188545a628ee78db2fc68094cc09bc09d8 SHA512 (openssl-rhel-0205b589887203b065154ddc8e8107c4ac8625a1.tar.xz) = 07db9535df29873a3884a411e6ab5c3ea6783b9773cd0923f5b2be1273c0e3e984a2f3a80bd1a637995eda018fa6372b6d1eb41000be07cdf5972938c74f51e9