diff --git a/kvm-hw-nvram-fw_cfg-fix-FWCfgDataGeneratorClass-get_data.patch b/kvm-hw-nvram-fw_cfg-fix-FWCfgDataGeneratorClass-get_data.patch new file mode 100644 index 0000000..e1ea970 --- /dev/null +++ b/kvm-hw-nvram-fw_cfg-fix-FWCfgDataGeneratorClass-get_data.patch @@ -0,0 +1,78 @@ +From d323d7648a64e213d099d7ee3c66edc186b97808 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= +Date: Fri, 18 Sep 2020 19:35:42 -0400 +Subject: [PATCH] hw/nvram/fw_cfg: fix FWCfgDataGeneratorClass::get_data() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Philippe Mathieu-Daudé +Message-id: <20200918193542.191031-2-philmd@redhat.com> +Patchwork-id: 98402 +O-Subject: [PATCH 1/1] hw/nvram/fw_cfg: fix FWCfgDataGeneratorClass::get_data() consumption +Bugzilla: 1688978 +RH-Acked-by: Stefano Garzarella +RH-Acked-by: Daniel P. Berrange +RH-Acked-by: Danilo de Paula + +From: Laszlo Ersek + +The documentation on g_byte_array_free() + +says: + +> Returns +> +> the element data if free_segment is FALSE, otherwise NULL. The element +> data should be freed using g_free(). + +Because we currently call g_byte_array_free() with free_segment=TRUE, we +end up passing data=NULL to fw_cfg_add_file(). + +On the plus side, fw_cfg_data_read() and fw_cfg_dma_transfer() both deal +with NULL data gracefully: QEMU does not crash when the guest reads such +an item, the guest just gets a properly sized, but zero-filled blob. + +However, the bug breaks UEFI HTTPS boot, as the IANA_TLS_CIPHER array, +generated otherwise correctly by the "tls-cipher-suites" object, is in +effect replaced with a zero blob. + +Fix the issue by passing free_segment=FALSE to g_byte_array_free(): + +- the caller (fw_cfg_add_from_generator()) temporarily assumes ownership + of the generated byte array, + +- then ownership of the byte array is transfered to fw_cfg, as + fw_cfg_add_file() links (not copies) "data" into fw_cfg. + +Cc: "Daniel P. Berrangé" +Cc: "Philippe Mathieu-Daudé" +Cc: Gerd Hoffmann +Fixes: 3203148917d035b09f71986ac2eaa19a352d6d9d +Signed-off-by: Laszlo Ersek +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Daniel P. Berrangé +Message-Id: <20200916151510.22767-1-lersek@redhat.com> +Signed-off-by: Philippe Mathieu-Daudé +(cherry picked from commit 4318432ccd3f7fb69b7169f39dcae3d4ee04f5ea) +Signed-off-by: Danilo C. L. de Paula +--- + hw/nvram/fw_cfg.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/nvram/fw_cfg.c b/hw/nvram/fw_cfg.c +index f3a4728288e..0e95d057fd5 100644 +--- a/hw/nvram/fw_cfg.c ++++ b/hw/nvram/fw_cfg.c +@@ -1056,7 +1056,7 @@ bool fw_cfg_add_from_generator(FWCfgState *s, const char *filename, + return false; + } + size = array->len; +- fw_cfg_add_file(s, filename, g_byte_array_free(array, TRUE), size); ++ fw_cfg_add_file(s, filename, g_byte_array_free(array, FALSE), size); + + return true; + } +-- +2.27.0 + diff --git a/qemu-kvm.spec b/qemu-kvm.spec index 6436e1a..5039a6b 100644 --- a/qemu-kvm.spec +++ b/qemu-kvm.spec @@ -69,7 +69,7 @@ Obsoletes: %1-rhev Summary: QEMU is a machine emulator and virtualizer Name: qemu-kvm Version: 5.1.0 -Release: 8%{?dist} +Release: 9%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 15 License: GPLv2 and GPLv2+ and CC-BY @@ -193,6 +193,8 @@ Patch61: kvm-seccomp-fix-killing-of-whole-process-instead-of-thre.patch Patch62: kvm-Revert-Drop-bogus-IPv6-messages.patch # For bz#1821528 - missing namespace attribute when access the rbd image with namespace Patch63: kvm-block-rbd-add-namespace-to-qemu_rbd_strong_runtime_o.patch +# For bz#1688978 - RFE: forward host preferences for cipher suites and CA certs to guest firmware +Patch64: kvm-hw-nvram-fw_cfg-fix-FWCfgDataGeneratorClass-get_data.patch BuildRequires: wget BuildRequires: rpm-build @@ -1158,6 +1160,11 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \ %changelog +* Mon Sep 21 2020 Danilo Cesar Lemes de Paula - 5.1.0-9.el8 +- kvm-hw-nvram-fw_cfg-fix-FWCfgDataGeneratorClass-get_data.patch [bz#1688978] +- Resolves: bz#1688978 + (RFE: forward host preferences for cipher suites and CA certs to guest firmware) + * Thu Sep 17 2020 Danilo Cesar Lemes de Paula - 5.1.0-8.el8 - kvm-redhat-link-etc-qemu-ga-fsfreeze-hook-to-etc-qemu-kv.patch [bz#1738820] - kvm-seccomp-fix-killing-of-whole-process-instead-of-thre.patch [bz#1752376]