diff --git a/.edk2.metadata b/.edk2.metadata index c4a8dfc..de66e51 100644 --- a/.edk2.metadata +++ b/.edk2.metadata @@ -1,2 +1,2 @@ 3a531b4e8864ee52b1e128ac9742b3e9dcec49bf SOURCES/edk2-ca407c7246bf.tar.xz -cb385fc348395c187db3737e532de787ca2a17c9 SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz +627633682f69c2c899fe6018d675faaf45e5bb33 SOURCES/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz diff --git a/.gitignore b/.gitignore index 75c78a2..e8df3bf 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ SOURCES/edk2-ca407c7246bf.tar.xz -SOURCES/openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz +SOURCES/openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz diff --git a/SOURCES/edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch b/SOURCES/edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch new file mode 100644 index 0000000..7280197 --- /dev/null +++ b/SOURCES/edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch @@ -0,0 +1,386 @@ +From e81751a1c303f5cd4bcae0ed1a38c60c38a0cf38 Mon Sep 17 00:00:00 2001 +From: Guomin Jiang +Date: Fri, 10 Jul 2020 09:47:31 +0800 +Subject: [PATCH 4/5] CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1g + +RH-Author: Laszlo Ersek (lersek) +RH-MergeRequest: 2: [RHEL-8.4.0] bump OpenSSL dist-git submodule to 1.1.1g +RH-Commit: [1/2] 36d4bc34a3b5c421819e94c58ff84fd779a93bae (lersek/edk2) +RH-Bugzilla: 1893806 + +--v-- RHEL8 notes --v-- + +- The "CryptoPkg/Library/OpensslLib/openssl" hunk, advancing upstream + edk2's OpenSSL submodule reference, has been stripped from this + backport. (Refer to downstream commit c5d729df70f8 ("remove upstream + edk2's openssl submodule (RH only)", 2020-06-05), as basis.) The + corresponding RHEL8 OpenSSL dist-git bump is implemented in a subsequent + patch in this series. + + This cherry-pick and the RHEL8 OpenSSL dist-git submodule bump are kept + separate for easing the next rebase, even at the cost of introducing a + brief interval in the git history where the downstream exploded tree + does not build. + +- Contextual difference in "OpensslLib.inf" due to downstream commit + 56c4bb81b311 ("CryptoPkg/OpensslLib: list RHEL8-specific OpenSSL files + in the INFs (RH)", 2020-06-05); automatically resolved by + git-cherry-pick. + +--^-- RHEL8 notes --^-- + +Upgrade openssl to 1.1.1g. the directory have been reorganized, +openssl moved crypto/include/internal to include/crypto folder. +So we change directory to match the re-organization. + +The dso_conf.h and opensslconf.h will generated in UNIX format, +change process_files.pl to covent the EOL automatically. + +Cc: Jian J Wang +Cc: Xiaoyu Lu +Signed-off-by: Guomin Jiang +Reviewed-by: Laszlo Ersek +Tested-by: Laszlo Ersek +Reviewed-by: Jian J Wang +(cherry picked from commit 8c30327debb28c0b6cfa2106b736774e0b20daac) +Signed-off-by: Laszlo Ersek +--- + CryptoPkg/CryptoPkg.dec | 1 - + .../Library/BaseCryptLib/Hash/CryptSm3.c | 2 +- + .../BaseCryptLib/Pk/CryptPkcs7VerifyEku.c | 4 +- + .../Include/{internal => crypto}/dso_conf.h | 32 +++++----- + .../Library/Include/openssl/opensslconf.h | 3 - + CryptoPkg/Library/OpensslLib/OpensslLib.inf | 58 +++++++++---------- + .../Library/OpensslLib/OpensslLibCrypto.inf | 50 ++++++++-------- + CryptoPkg/Library/OpensslLib/process_files.pl | 25 +++++--- + CryptoPkg/Library/OpensslLib/rand_pool.c | 2 +- + 9 files changed, 90 insertions(+), 87 deletions(-) + rename CryptoPkg/Library/Include/{internal => crypto}/dso_conf.h (76%) + +diff --git a/CryptoPkg/CryptoPkg.dec b/CryptoPkg/CryptoPkg.dec +index 4d1a1368a8..5888941bab 100644 +--- a/CryptoPkg/CryptoPkg.dec ++++ b/CryptoPkg/CryptoPkg.dec +@@ -23,7 +23,6 @@ + Private + Library/Include + Library/OpensslLib/openssl/include +- Library/OpensslLib/openssl/crypto/include + + [LibraryClasses] + ## @libraryclass Provides basic library functions for cryptographic primitives. +diff --git a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c +index eacf4826c4..235331c2a0 100644 +--- a/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c ++++ b/CryptoPkg/Library/BaseCryptLib/Hash/CryptSm3.c +@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + **/ + + #include "InternalCryptLib.h" +-#include "internal/sm3.h" ++#include "crypto/sm3.h" + + /** + Retrieves the size, in bytes, of the context buffer required for SM3 hash operations. +diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c +index 229c244b26..c9fdb65b99 100644 +--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c ++++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptPkcs7VerifyEku.c +@@ -15,13 +15,13 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include + #include + #include +-#include ++#include + + /** + This function will return the leaf signer certificate in a chain. This is +diff --git a/CryptoPkg/Library/Include/internal/dso_conf.h b/CryptoPkg/Library/Include/crypto/dso_conf.h +similarity index 76% +rename from CryptoPkg/Library/Include/internal/dso_conf.h +rename to CryptoPkg/Library/Include/crypto/dso_conf.h +index 43c891588b..95f4db2b15 100644 +--- a/CryptoPkg/Library/Include/internal/dso_conf.h ++++ b/CryptoPkg/Library/Include/crypto/dso_conf.h +@@ -1,16 +1,16 @@ +-/* WARNING: do not edit! */ +-/* Generated from crypto/include/internal/dso_conf.h.in */ +-/* +- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_DSO_CONF_H +-# define HEADER_DSO_CONF_H +-# define DSO_NONE +-# define DSO_EXTENSION ".so" +-#endif ++/* WARNING: do not edit! */ ++/* Generated from include/crypto/dso_conf.h.in */ ++/* ++ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the OpenSSL license (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#ifndef OSSL_CRYPTO_DSO_CONF_H ++# define OSSL_CRYPTO_DSO_CONF_H ++# define DSO_NONE ++# define DSO_EXTENSION ".so" ++#endif +diff --git a/CryptoPkg/Library/Include/openssl/opensslconf.h b/CryptoPkg/Library/Include/openssl/opensslconf.h +index 62c2736cb0..3a2544ea5c 100644 +--- a/CryptoPkg/Library/Include/openssl/opensslconf.h ++++ b/CryptoPkg/Library/Include/openssl/opensslconf.h +@@ -247,9 +247,6 @@ extern "C" { + #ifndef OPENSSL_NO_DYNAMIC_ENGINE + # define OPENSSL_NO_DYNAMIC_ENGINE + #endif +-#ifndef OPENSSL_NO_AFALGENG +-# define OPENSSL_NO_AFALGENG +-#endif + + + /* +diff --git a/CryptoPkg/Library/OpensslLib/OpensslLib.inf b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +index 24e790b538..4c21b11d0a 100644 +--- a/CryptoPkg/Library/OpensslLib/OpensslLib.inf ++++ b/CryptoPkg/Library/OpensslLib/OpensslLib.inf +@@ -477,45 +477,45 @@ + $(OPENSSL_PATH)/crypto/s390x_arch.h + $(OPENSSL_PATH)/crypto/sparc_arch.h + $(OPENSSL_PATH)/crypto/vms_rms.h +- $(OPENSSL_PATH)/crypto/aes/aes_locl.h ++ $(OPENSSL_PATH)/crypto/aes/aes_local.h + $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h +- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h ++ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h + $(OPENSSL_PATH)/crypto/asn1/charmap.h + $(OPENSSL_PATH)/crypto/asn1/standard_methods.h + $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h +- $(OPENSSL_PATH)/crypto/async/async_locl.h ++ $(OPENSSL_PATH)/crypto/async/async_local.h + $(OPENSSL_PATH)/crypto/async/arch/async_null.h + $(OPENSSL_PATH)/crypto/async/arch/async_posix.h + $(OPENSSL_PATH)/crypto/async/arch/async_win.h +- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h +- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h ++ $(OPENSSL_PATH)/crypto/bio/bio_local.h ++ $(OPENSSL_PATH)/crypto/bn/bn_local.h + $(OPENSSL_PATH)/crypto/bn/bn_prime.h + $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h +- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h ++ $(OPENSSL_PATH)/crypto/comp/comp_local.h + $(OPENSSL_PATH)/crypto/conf/conf_def.h +- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h +- $(OPENSSL_PATH)/crypto/dh/dh_locl.h +- $(OPENSSL_PATH)/crypto/dso/dso_locl.h +- $(OPENSSL_PATH)/crypto/evp/evp_locl.h +- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h +- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h +- $(OPENSSL_PATH)/crypto/md5/md5_locl.h +- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h ++ $(OPENSSL_PATH)/crypto/conf/conf_local.h ++ $(OPENSSL_PATH)/crypto/dh/dh_local.h ++ $(OPENSSL_PATH)/crypto/dso/dso_local.h ++ $(OPENSSL_PATH)/crypto/evp/evp_local.h ++ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h ++ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h ++ $(OPENSSL_PATH)/crypto/md5/md5_local.h ++ $(OPENSSL_PATH)/crypto/modes/modes_local.h + $(OPENSSL_PATH)/crypto/objects/obj_dat.h +- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h ++ $(OPENSSL_PATH)/crypto/objects/obj_local.h + $(OPENSSL_PATH)/crypto/objects/obj_xref.h +- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h +- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h +- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h +- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h +- $(OPENSSL_PATH)/crypto/sha/sha_locl.h ++ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h ++ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h ++ $(OPENSSL_PATH)/crypto/rand/rand_local.h ++ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h ++ $(OPENSSL_PATH)/crypto/sha/sha_local.h + $(OPENSSL_PATH)/crypto/siphash/siphash_local.h +- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h +- $(OPENSSL_PATH)/crypto/store/store_locl.h +- $(OPENSSL_PATH)/crypto/ui/ui_locl.h +- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h ++ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h ++ $(OPENSSL_PATH)/crypto/store/store_local.h ++ $(OPENSSL_PATH)/crypto/ui/ui_local.h ++ $(OPENSSL_PATH)/crypto/x509/x509_local.h + $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h +- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h ++ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h + $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h + $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h + $(OPENSSL_PATH)/ssl/bio_ssl.c +@@ -562,13 +562,13 @@ + $(OPENSSL_PATH)/ssl/t1_trce.c + $(OPENSSL_PATH)/ssl/tls13_enc.c + $(OPENSSL_PATH)/ssl/tls_srp.c +- $(OPENSSL_PATH)/ssl/packet_locl.h ++ $(OPENSSL_PATH)/ssl/packet_local.h + $(OPENSSL_PATH)/ssl/ssl_cert_table.h +- $(OPENSSL_PATH)/ssl/ssl_locl.h ++ $(OPENSSL_PATH)/ssl/ssl_local.h + $(OPENSSL_PATH)/ssl/record/record.h +- $(OPENSSL_PATH)/ssl/record/record_locl.h ++ $(OPENSSL_PATH)/ssl/record/record_local.h + $(OPENSSL_PATH)/ssl/statem/statem.h +- $(OPENSSL_PATH)/ssl/statem/statem_locl.h ++ $(OPENSSL_PATH)/ssl/statem/statem_local.h + # Autogenerated files list ends here + # RHEL8-specific OpenSSL file list starts here + $(OPENSSL_PATH)/crypto/evp/kdf_lib.c +diff --git a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +index 52e70a2d03..0c3b210d6a 100644 +--- a/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf ++++ b/CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf +@@ -477,45 +477,45 @@ + $(OPENSSL_PATH)/crypto/s390x_arch.h + $(OPENSSL_PATH)/crypto/sparc_arch.h + $(OPENSSL_PATH)/crypto/vms_rms.h +- $(OPENSSL_PATH)/crypto/aes/aes_locl.h ++ $(OPENSSL_PATH)/crypto/aes/aes_local.h + $(OPENSSL_PATH)/crypto/asn1/asn1_item_list.h +- $(OPENSSL_PATH)/crypto/asn1/asn1_locl.h ++ $(OPENSSL_PATH)/crypto/asn1/asn1_local.h + $(OPENSSL_PATH)/crypto/asn1/charmap.h + $(OPENSSL_PATH)/crypto/asn1/standard_methods.h + $(OPENSSL_PATH)/crypto/asn1/tbl_standard.h +- $(OPENSSL_PATH)/crypto/async/async_locl.h ++ $(OPENSSL_PATH)/crypto/async/async_local.h + $(OPENSSL_PATH)/crypto/async/arch/async_null.h + $(OPENSSL_PATH)/crypto/async/arch/async_posix.h + $(OPENSSL_PATH)/crypto/async/arch/async_win.h +- $(OPENSSL_PATH)/crypto/bio/bio_lcl.h +- $(OPENSSL_PATH)/crypto/bn/bn_lcl.h ++ $(OPENSSL_PATH)/crypto/bio/bio_local.h ++ $(OPENSSL_PATH)/crypto/bn/bn_local.h + $(OPENSSL_PATH)/crypto/bn/bn_prime.h + $(OPENSSL_PATH)/crypto/bn/rsaz_exp.h +- $(OPENSSL_PATH)/crypto/comp/comp_lcl.h ++ $(OPENSSL_PATH)/crypto/comp/comp_local.h + $(OPENSSL_PATH)/crypto/conf/conf_def.h +- $(OPENSSL_PATH)/crypto/conf/conf_lcl.h +- $(OPENSSL_PATH)/crypto/dh/dh_locl.h +- $(OPENSSL_PATH)/crypto/dso/dso_locl.h +- $(OPENSSL_PATH)/crypto/evp/evp_locl.h +- $(OPENSSL_PATH)/crypto/hmac/hmac_lcl.h +- $(OPENSSL_PATH)/crypto/lhash/lhash_lcl.h +- $(OPENSSL_PATH)/crypto/md5/md5_locl.h +- $(OPENSSL_PATH)/crypto/modes/modes_lcl.h ++ $(OPENSSL_PATH)/crypto/conf/conf_local.h ++ $(OPENSSL_PATH)/crypto/dh/dh_local.h ++ $(OPENSSL_PATH)/crypto/dso/dso_local.h ++ $(OPENSSL_PATH)/crypto/evp/evp_local.h ++ $(OPENSSL_PATH)/crypto/hmac/hmac_local.h ++ $(OPENSSL_PATH)/crypto/lhash/lhash_local.h ++ $(OPENSSL_PATH)/crypto/md5/md5_local.h ++ $(OPENSSL_PATH)/crypto/modes/modes_local.h + $(OPENSSL_PATH)/crypto/objects/obj_dat.h +- $(OPENSSL_PATH)/crypto/objects/obj_lcl.h ++ $(OPENSSL_PATH)/crypto/objects/obj_local.h + $(OPENSSL_PATH)/crypto/objects/obj_xref.h +- $(OPENSSL_PATH)/crypto/ocsp/ocsp_lcl.h +- $(OPENSSL_PATH)/crypto/pkcs12/p12_lcl.h +- $(OPENSSL_PATH)/crypto/rand/rand_lcl.h +- $(OPENSSL_PATH)/crypto/rsa/rsa_locl.h +- $(OPENSSL_PATH)/crypto/sha/sha_locl.h ++ $(OPENSSL_PATH)/crypto/ocsp/ocsp_local.h ++ $(OPENSSL_PATH)/crypto/pkcs12/p12_local.h ++ $(OPENSSL_PATH)/crypto/rand/rand_local.h ++ $(OPENSSL_PATH)/crypto/rsa/rsa_local.h ++ $(OPENSSL_PATH)/crypto/sha/sha_local.h + $(OPENSSL_PATH)/crypto/siphash/siphash_local.h +- $(OPENSSL_PATH)/crypto/sm3/sm3_locl.h +- $(OPENSSL_PATH)/crypto/store/store_locl.h +- $(OPENSSL_PATH)/crypto/ui/ui_locl.h +- $(OPENSSL_PATH)/crypto/x509/x509_lcl.h ++ $(OPENSSL_PATH)/crypto/sm3/sm3_local.h ++ $(OPENSSL_PATH)/crypto/store/store_local.h ++ $(OPENSSL_PATH)/crypto/ui/ui_local.h ++ $(OPENSSL_PATH)/crypto/x509/x509_local.h + $(OPENSSL_PATH)/crypto/x509v3/ext_dat.h +- $(OPENSSL_PATH)/crypto/x509v3/pcy_int.h ++ $(OPENSSL_PATH)/crypto/x509v3/pcy_local.h + $(OPENSSL_PATH)/crypto/x509v3/standard_exts.h + $(OPENSSL_PATH)/crypto/x509v3/v3_admis.h + # Autogenerated files list ends here +diff --git a/CryptoPkg/Library/OpensslLib/process_files.pl b/CryptoPkg/Library/OpensslLib/process_files.pl +index 65d07a2aed..57ce195394 100755 +--- a/CryptoPkg/Library/OpensslLib/process_files.pl ++++ b/CryptoPkg/Library/OpensslLib/process_files.pl +@@ -111,8 +111,8 @@ BEGIN { + # Generate dso_conf.h per config data + system( + "perl -I. -Mconfigdata util/dofile.pl " . +- "crypto/include/internal/dso_conf.h.in " . +- "> include/internal/dso_conf.h" ++ "include/crypto/dso_conf.h.in " . ++ "> include/crypto/dso_conf.h" + ) == 0 || + die "Failed to generate dso_conf.h!\n"; + +@@ -263,14 +263,21 @@ print "Done!"; + # Copy opensslconf.h and dso_conf.h generated from OpenSSL Configuration + # + print "\n--> Duplicating opensslconf.h into Include/openssl ... "; +-copy($OPENSSL_PATH . "/include/openssl/opensslconf.h", +- $OPENSSL_PATH . "/../../Include/openssl/") || +- die "Cannot copy opensslconf.h!"; ++system( ++ "perl -pe 's/\\n/\\r\\n/' " . ++ "< " . $OPENSSL_PATH . "/include/openssl/opensslconf.h " . ++ "> " . $OPENSSL_PATH . "/../../Include/openssl/opensslconf.h" ++ ) == 0 || ++ die "Cannot copy opensslconf.h!"; + print "Done!"; +-print "\n--> Duplicating dso_conf.h into Include/internal ... "; +-copy($OPENSSL_PATH . "/include/internal/dso_conf.h", +- $OPENSSL_PATH . "/../../Include/internal/") || +- die "Cannot copy dso_conf.h!"; ++ ++print "\n--> Duplicating dso_conf.h into Include/crypto ... "; ++system( ++ "perl -pe 's/\\n/\\r\\n/' " . ++ "< " . $OPENSSL_PATH . "/include/crypto/dso_conf.h" . ++ "> " . $OPENSSL_PATH . "/../../Include/crypto/dso_conf.h" ++ ) == 0 || ++ die "Cannot copy dso_conf.h!"; + print "Done!\n"; + + print "\nProcessing Files Done!\n"; +diff --git a/CryptoPkg/Library/OpensslLib/rand_pool.c b/CryptoPkg/Library/OpensslLib/rand_pool.c +index 9f3983f7c3..9e0179b034 100644 +--- a/CryptoPkg/Library/OpensslLib/rand_pool.c ++++ b/CryptoPkg/Library/OpensslLib/rand_pool.c +@@ -7,7 +7,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent + + **/ + +-#include "internal/rand_int.h" ++#include "crypto/rand.h" + #include + + #include +-- +2.27.0 + diff --git a/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch b/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch new file mode 100644 index 0000000..761077b --- /dev/null +++ b/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch @@ -0,0 +1,120 @@ +From 08a95c3541cbe2b3a1c671fa683bd6214ad996f0 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Thu, 27 Aug 2020 00:21:29 +0200 +Subject: [PATCH 3/5] OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just after + SMI broadcast +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek (lersek) +RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature +RH-Commit: [3/3] 40521ea89725b8b0ff8ca3f0a610ff45431e610e (lersek/edk2) +RH-Bugzilla: 1849177 + +The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick +succession -- it means a series of "device_add" QEMU monitor commands, +back-to-back. + +If a "device_add" occurs *just after* ACPI raises the broadcast SMI, then: + +- the CPU_FOREACH() loop in QEMU's ich9_apm_ctrl_changed() cannot make the + SMI pending for the new CPU -- at that time, the new CPU doesn't even + exist yet, + +- OVMF will find the new CPU however (in the CPU hotplug register block), + in QemuCpuhpCollectApicIds(). + +As a result, when the firmware sends an INIT-SIPI-SIPI to the new CPU in +SmbaseRelocate(), expecting it to boot into SMM (due to the pending SMI), +the new CPU instead boots straight into the post-RSM (normal mode) "pen", +skipping its initial SMI handler. + +The CPU halts nicely in the pen, but its SMBASE is never relocated, and +the SMRAM message exchange with the BSP falls apart -- the BSP gets stuck +in the following loop: + + // + // Wait until the hot-added CPU is just about to execute RSM. + // + while (Context->AboutToLeaveSmm == 0) { + CpuPause (); + } + +because the new CPU's initial SMI handler never sets the flag to nonzero. + +Fix this by sending a directed SMI to the new CPU just before sending it +the INIT-SIPI-SIPI. The various scenarios are documented in the code -- +the cases affected by the patch are documented under point (2). + +Note that this is not considered a security patch, as for a malicious +guest OS, the issue is not exploitable -- the symptom is a hang on the +BSP, in the above-noted loop in SmbaseRelocate(). Instead, the patch fixes +behavior for a benign guest OS. + +Cc: Ard Biesheuvel +Cc: Igor Mammedov +Cc: Jordan Justen +Cc: Philippe Mathieu-Daudé +Fixes: 51a6fb41181529e4b50ea13377425bda6bb69ba6 +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929 +Signed-off-by: Laszlo Ersek +Message-Id: <20200826222129.25798-3-lersek@redhat.com> +Reviewed-by: Ard Biesheuvel +(cherry picked from commit cbccf995920a28071f5403b847f29ebf8b732fa9) +Signed-off-by: Laszlo Ersek +--- + OvmfPkg/CpuHotplugSmm/Smbase.c | 35 ++++++++++++++++++++++++++++------ + 1 file changed, 29 insertions(+), 6 deletions(-) + +diff --git a/OvmfPkg/CpuHotplugSmm/Smbase.c b/OvmfPkg/CpuHotplugSmm/Smbase.c +index 170571221d..d8f45c4313 100644 +--- a/OvmfPkg/CpuHotplugSmm/Smbase.c ++++ b/OvmfPkg/CpuHotplugSmm/Smbase.c +@@ -220,14 +220,37 @@ SmbaseRelocate ( + // + // Boot the hot-added CPU. + // +- // If the OS is benign, and so the hot-added CPU is still in RESET state, +- // then the broadcast SMI is still pending for it; it will now launch +- // directly into SMM. ++ // There are 2*2 cases to consider: + // +- // If the OS is malicious, the hot-added CPU has been booted already, and so +- // it is already spinning on the APIC ID gate. In that case, the +- // INIT-SIPI-SIPI below will be ignored. ++ // (1) The CPU was hot-added before the SMI was broadcast. + // ++ // (1.1) The OS is benign. ++ // ++ // The hot-added CPU is in RESET state, with the broadcast SMI pending ++ // for it. The directed SMI below will be ignored (it's idempotent), ++ // and the INIT-SIPI-SIPI will launch the CPU directly into SMM. ++ // ++ // (1.2) The OS is malicious. ++ // ++ // The hot-added CPU has been booted, by the OS. Thus, the hot-added ++ // CPU is spinning on the APIC ID gate. In that case, both the SMI and ++ // the INIT-SIPI-SIPI below will be ignored. ++ // ++ // (2) The CPU was hot-added after the SMI was broadcast. ++ // ++ // (2.1) The OS is benign. ++ // ++ // The hot-added CPU is in RESET state, with no SMI pending for it. The ++ // directed SMI will latch the SMI for the CPU. Then the INIT-SIPI-SIPI ++ // will launch the CPU into SMM. ++ // ++ // (2.2) The OS is malicious. ++ // ++ // The hot-added CPU is executing OS code. The directed SMI will pull ++ // the hot-added CPU into SMM, where it will start spinning on the APIC ++ // ID gate. The INIT-SIPI-SIPI will be ignored. ++ // ++ SendSmiIpi (ApicId); + SendInitSipiSipi (ApicId, PenAddress); + + // +-- +2.27.0 + diff --git a/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch b/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch new file mode 100644 index 0000000..c35df49 --- /dev/null +++ b/SOURCES/edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch @@ -0,0 +1,91 @@ +From 4e5edfcdf5986d9e0801a976a3aa558b5f370099 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Thu, 27 Aug 2020 00:21:28 +0200 +Subject: [PATCH 2/5] OvmfPkg/CpuHotplugSmm: fix CPU hotplug race just before + SMI broadcast +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek (lersek) +RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature +RH-Commit: [2/3] ea3ff703dfb7bd4f77b6807f06c89e754cc9d980 (lersek/edk2) +RH-Bugzilla: 1849177 + +The "virsh setvcpus" (plural) command may hot-plug several VCPUs in quick +succession -- it means a series of "device_add" QEMU monitor commands, +back-to-back. + +If a "device_add" occurs *just before* ACPI raises the broadcast SMI, +then: + +- OVMF processes the hot-added CPU well. + +- However, QEMU's post-SMI ACPI loop -- which clears the pending events + for the hot-added CPUs that were collected before raising the SMI -- is + unaware of the stray CPU. Thus, the pending event is not cleared for it. + +As a result of the stuck event, at the next hot-plug, OVMF tries to re-add +(relocate for the 2nd time) the already-known CPU. At that time, the AP is +already in the normal edk2 SMM busy-wait however, so it doesn't respond to +the exchange that the BSP intends to do in SmbaseRelocate(). Thus the VM +gets stuck in SMM. + +(Because of the above symptom, this is not considered a security patch; it +doesn't seem exploitable by a malicious guest OS.) + +In CpuHotplugMmi(), skip the supposedly hot-added CPU if it's already +known. The post-SMI ACPI loop will clear the pending event for it this +time. + +Cc: Ard Biesheuvel +Cc: Igor Mammedov +Cc: Jordan Justen +Cc: Philippe Mathieu-Daudé +Fixes: bc498ac4ca7590479cfd91ad1bb8a36286b0dc21 +Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2929 +Signed-off-by: Laszlo Ersek +Message-Id: <20200826222129.25798-2-lersek@redhat.com> +Reviewed-by: Ard Biesheuvel +(cherry picked from commit 020bb4b46d6f6708bb3358e1c738109b7908f0de) +Signed-off-by: Laszlo Ersek +--- + OvmfPkg/CpuHotplugSmm/CpuHotplug.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c +index 20e6bec04f..cfe698ed2b 100644 +--- a/OvmfPkg/CpuHotplugSmm/CpuHotplug.c ++++ b/OvmfPkg/CpuHotplugSmm/CpuHotplug.c +@@ -193,9 +193,28 @@ CpuHotplugMmi ( + NewSlot = 0; + while (PluggedIdx < PluggedCount) { + APIC_ID NewApicId; ++ UINT32 CheckSlot; + UINTN NewProcessorNumberByProtocol; + + NewApicId = mPluggedApicIds[PluggedIdx]; ++ ++ // ++ // Check if the supposedly hot-added CPU is already known to us. ++ // ++ for (CheckSlot = 0; ++ CheckSlot < mCpuHotPlugData->ArrayLength; ++ CheckSlot++) { ++ if (mCpuHotPlugData->ApicId[CheckSlot] == NewApicId) { ++ break; ++ } ++ } ++ if (CheckSlot < mCpuHotPlugData->ArrayLength) { ++ DEBUG ((DEBUG_VERBOSE, "%a: APIC ID " FMT_APIC_ID " was hot-plugged " ++ "before; ignoring it\n", __FUNCTION__, NewApicId)); ++ PluggedIdx++; ++ continue; ++ } ++ + // + // Find the first empty slot in CPU_HOT_PLUG_DATA. + // +-- +2.27.0 + diff --git a/SOURCES/edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch b/SOURCES/edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch new file mode 100644 index 0000000..73d05b4 --- /dev/null +++ b/SOURCES/edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch @@ -0,0 +1,140 @@ +From a5efebddb858c739d4a67865a4f8d836ba989d30 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Tue, 14 Jul 2020 20:43:05 +0200 +Subject: [PATCH 1/5] OvmfPkg/SmmControl2Dxe: negotiate + ICH9_LPC_SMI_F_CPU_HOTPLUG +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +RH-Author: Laszlo Ersek (lersek) +RH-MergeRequest: 1: [RHEL-8.4.0] complete the "VCPU hotplug with SMI" OVMF feature +RH-Commit: [1/3] 33d820d43a1be2ece09044b0cf105275f3fcc9ce (lersek/edk2) +RH-Bugzilla: 1849177 + +The ICH9_LPC_SMI_F_BROADCAST and ICH9_LPC_SMI_F_CPU_HOTPLUG feature flags +cause QEMU to behave as follows: + + BROADCAST CPU_HOTPLUG use case / behavior + --------- ----------- ------------------------------------------------ + clear clear OVMF built without SMM_REQUIRE; or very old OVMF + (from before commit a316d7ac91d3 / 2017-02-07). + QEMU permits CPU hotplug operations, and does + not cause the OS to inject an SMI upon hotplug. + Firmware is not expected to be aware of hotplug + events. + + clear set Invalid feature set; QEMU rejects the feature + negotiation. + + set clear OVMF after a316d7ac91d3 / 2017-02-07, built with + SMM_REQUIRE, but no support for CPU hotplug. + QEMU gracefully refuses hotplug operations. + + set set OVMF after a316d7ac91d3 / 2017-02-07, built with + SMM_REQUIRE, and supporting CPU hotplug. QEMU + permits CPU hotplug operations, and causes the + OS to inject an SMI upon hotplug. Firmware is + expected to deal with hotplug events. + +Negotiate ICH9_LPC_SMI_F_CPU_HOTPLUG -- but only if SEV is disabled, as +OvmfPkg/CpuHotplugSmm can't deal with SEV yet. + +Cc: Ard Biesheuvel +Cc: Boris Ostrovsky +Cc: Igor Mammedov +Cc: Jordan Justen +Cc: Liran Alon +Cc: Philippe Mathieu-Daudé +Signed-off-by: Laszlo Ersek +Message-Id: <20200714184305.9814-1-lersek@redhat.com> +Acked-by: Ard Biesheuvel +Reviewed-by: Philippe Mathieu-Daudé +(cherry picked from commit 5ba203b54e5953572e279e5505cd65e4cc360e34) +Signed-off-by: Laszlo Ersek +--- + OvmfPkg/SmmControl2Dxe/SmiFeatures.c | 26 +++++++++++++++++++++-- + OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf | 1 + + 2 files changed, 25 insertions(+), 2 deletions(-) + +diff --git a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c +index 6210b7515e..c9d8755432 100644 +--- a/OvmfPkg/SmmControl2Dxe/SmiFeatures.c ++++ b/OvmfPkg/SmmControl2Dxe/SmiFeatures.c +@@ -9,6 +9,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -21,6 +22,12 @@ + // "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files. + // + #define ICH9_LPC_SMI_F_BROADCAST BIT0 ++// ++// The following bit value stands for "enable CPU hotplug, and inject an SMI ++// with control value ICH9_APM_CNT_CPU_HOTPLUG upon hotplug", in the ++// "etc/smi/supported-features" and "etc/smi/requested-features" fw_cfg files. ++// ++#define ICH9_LPC_SMI_F_CPU_HOTPLUG BIT1 + + // + // Provides a scratch buffer (allocated in EfiReservedMemoryType type memory) +@@ -67,6 +74,7 @@ NegotiateSmiFeatures ( + UINTN SupportedFeaturesSize; + UINTN RequestedFeaturesSize; + UINTN FeaturesOkSize; ++ UINT64 RequestedFeaturesMask; + + // + // Look up the fw_cfg files used for feature negotiation. The selector keys +@@ -104,9 +112,16 @@ NegotiateSmiFeatures ( + QemuFwCfgReadBytes (sizeof mSmiFeatures, &mSmiFeatures); + + // +- // We want broadcast SMI and nothing else. ++ // We want broadcast SMI, SMI on CPU hotplug, and nothing else. + // +- mSmiFeatures &= ICH9_LPC_SMI_F_BROADCAST; ++ RequestedFeaturesMask = ICH9_LPC_SMI_F_BROADCAST; ++ if (!MemEncryptSevIsEnabled ()) { ++ // ++ // For now, we only support hotplug with SEV disabled. ++ // ++ RequestedFeaturesMask |= ICH9_LPC_SMI_F_CPU_HOTPLUG; ++ } ++ mSmiFeatures &= RequestedFeaturesMask; + QemuFwCfgSelectItem (mRequestedFeaturesItem); + QemuFwCfgWriteBytes (sizeof mSmiFeatures, &mSmiFeatures); + +@@ -144,6 +159,13 @@ NegotiateSmiFeatures ( + DEBUG ((DEBUG_INFO, "%a: using SMI broadcast\n", __FUNCTION__)); + } + ++ if ((mSmiFeatures & ICH9_LPC_SMI_F_CPU_HOTPLUG) == 0) { ++ DEBUG ((DEBUG_INFO, "%a: CPU hotplug not negotiated\n", __FUNCTION__)); ++ } else { ++ DEBUG ((DEBUG_INFO, "%a: CPU hotplug with SMI negotiated\n", ++ __FUNCTION__)); ++ } ++ + // + // Negotiation successful (although we may not have gotten the optimal + // feature set). +diff --git a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf +index 3abed141e6..b8fdea8deb 100644 +--- a/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf ++++ b/OvmfPkg/SmmControl2Dxe/SmmControl2Dxe.inf +@@ -46,6 +46,7 @@ + BaseLib + DebugLib + IoLib ++ MemEncryptSevLib + MemoryAllocationLib + PcdLib + PciLib +-- +2.27.0 + diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec index b64298f..3231b35 100644 --- a/SPECS/edk2.spec +++ b/SPECS/edk2.spec @@ -3,11 +3,11 @@ ExclusiveArch: x86_64 aarch64 %define GITDATE 20200602 %define GITCOMMIT ca407c7246bf %define TOOLCHAIN GCC5 -%define OPENSSL_VER 1.1.1c +%define OPENSSL_VER 1.1.1g Name: edk2 Version: %{GITDATE}git%{GITCOMMIT} -Release: 3%{?dist} +Release: 4%{?dist} Summary: UEFI firmware for 64-bit virtual machines Group: Applications/Emulators License: BSD-2-Clause-Patent and OpenSSL and MIT @@ -19,7 +19,7 @@ URL: http://www.tianocore.org # | xz -9ev >/tmp/edk2-$COMMIT.tar.xz Source0: http://batcave.lab.eng.brq.redhat.com/www/edk2-%{GITCOMMIT}.tar.xz Source1: ovmf-whitepaper-c770f8c.txt -Source2: openssl-rhel-d6c0e6e28ddc793474a3f9234eed50018f6c94ba.tar.xz +Source2: openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz Source3: ovmf-vars-generator Source4: LICENSE.qosb Source5: RedHatSecureBootPkKek1.pem @@ -58,6 +58,14 @@ Patch29: edk2-OvmfPkg-GenericQemuLoadImageLib-log-Not-Found-at-INF.patch Patch30: edk2-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch # For bz#1861718 - Very slow boot when overcommitting CPU Patch31: edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch +# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU +Patch32: edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch +# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU +Patch33: edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch +# For bz#1849177 - OVMF: negotiate "SMI on VCPU hotplug" with QEMU +Patch34: edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch +# For bz#1893806 - attempt advancing RHEL8 edk2's OpenSSL submodule to RHEL8 OpenSSL 1.1.1g (or later) +Patch35: edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch # python3-devel and libuuid-devel are required for building tools. @@ -507,6 +515,17 @@ true %endif %changelog +* Mon Nov 23 2020 Miroslav Rezanina - 20200602gitca407c7246bf-4.el8 +- edk2-OvmfPkg-SmmControl2Dxe-negotiate-ICH9_LPC_SMI_F_CPU_.patch [bz#1849177] +- edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-befo.patch [bz#1849177] +- edk2-OvmfPkg-CpuHotplugSmm-fix-CPU-hotplug-race-just-afte.patch [bz#1849177] +- edk2-CryptoPkg-OpensslLib-Upgrade-OpenSSL-to-1.1.1g.patch [bz#1893806] +- edk2-redhat-bump-OpenSSL-dist-git-submodule-to-1.1.1g-RHE.patch [bz#1893806] +- Resolves: bz#1849177 + (OVMF: negotiate "SMI on VCPU hotplug" with QEMU) +- Resolves: bz#1893806 + (attempt advancing RHEL8 edk2's OpenSSL submodule to RHEL8 OpenSSL 1.1.1g (or later)) + * Mon Aug 10 2020 Miroslav Rezanina - 20200602gitca407c7246bf-3.el8 - edk2-UefiCpuPkg-PiSmmCpuDxeSmm-pause-in-WaitForSemaphore-.patch [bz#1861718] - Resolves: bz#1861718