diff --git a/cvm-bug-fix-for-disable-DTB-randomness-for-confident.patch b/cvm-bug-fix-for-disable-DTB-randomness-for-confident.patch new file mode 100644 index 0000000000000000000000000000000000000000..9273085ad689da2f378d351e776f169d042507e5 --- /dev/null +++ b/cvm-bug-fix-for-disable-DTB-randomness-for-confident.patch @@ -0,0 +1,40 @@ +From 892657386e36e72395c23cec61457dfa0e1bb8f4 Mon Sep 17 00:00:00 2001 +From: liupingwei +Date: Wed, 19 Jun 2024 17:43:35 +0800 +Subject: [PATCH] cvm: bug-fix for disable DTB randomness for confidential VMs + +The previous condition relied on virtcca_cvm_enabled,which was not +initialized in time. +Now,we directly check the KVM type and disable DTB randomness if the +type is "cvm". + +Fixes:2830db7bec600915e88bb22847a66d99b047a308("hw/arm/virt:Disable DTB +randomness for confidential VMs") + +Signed-off-by: liupingwei +--- + hw/arm/virt.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/hw/arm/virt.c b/hw/arm/virt.c +index e0de08e2c1..dc119732f0 100644 +--- a/hw/arm/virt.c ++++ b/hw/arm/virt.c +@@ -261,7 +261,13 @@ static void create_fdt(VirtMachineState *vms) + + /* /chosen must exist for load_dtb to fill in necessary properties later */ + qemu_fdt_add_subnode(fdt, "/chosen"); +- if (!virtcca_cvm_enabled()) { ++ ++ g_autofree char *kvm_type = NULL; ++ if (object_property_find(OBJECT(current_machine), "kvm-type")) { ++ kvm_type = object_property_get_str(OBJECT(current_machine), ++ "kvm-type", &error_abort); ++ } ++ if (!(kvm_type && !strcmp(kvm_type, "cvm"))) { + create_kaslr_seed(ms, "/chosen"); + } + +-- +2.31.1.windows.1 + diff --git a/qemu.spec b/qemu.spec index e7ec5243a7c0471384e5b430cd6ff2d13f83c83a..2aae97a58796a68b7958206f2709a1d1cb391e8e 100644 --- a/qemu.spec +++ b/qemu.spec @@ -3,7 +3,7 @@ Name: qemu Version: 6.2.0 -Release: 94 +Release: 95 Epoch: 10 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 @@ -969,6 +969,7 @@ Patch0954: hw-ide-reset-cancel-async-DMA-operation-before-reset.patch Patch0955: tests-qtest-ahci-test-add-test-exposing-reset-issue-.patch Patch0956: cvm-bug-fix-for-macro-isolation.patch Patch0957: hw-arm-virt-Disable-DTB-randomness-for-confidential-.patch +Patch0958: cvm-bug-fix-for-disable-DTB-randomness-for-confident.patch BuildRequires: flex BuildRequires: gcc @@ -1567,6 +1568,9 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Fri Jun 21 2024 - 10:6.2.0-95 +- cvm: bug-fix for disable DTB randomness for confidential VMs + * Tue Jun 18 2024 - 10:6.2.0-94 - hw/arm/virt: Disable DTB randomness for confidential VMs