Bug 1341733 - prevent SMM stack overflow in OVMF while enrolling certificates in "db"
Summary: prevent SMM stack overflow in OVMF while enrolling certificates in "db"
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ovmf
Version: 7.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Laszlo Ersek
QA Contact: aihua liang
Depends On:
Blocks: 1308678
TreeView+ depends on / blocked
Reported: 2016-06-01 15:54 UTC by Laszlo Ersek
Modified: 2016-11-04 08:41 UTC (History)
9 users (show)

Fixed In Version: ovmf-20160608-1.git988715a.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2016-11-04 08:41:04 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2608 0 normal SHIPPED_LIVE ovmf bug fix and enhancement update 2016-11-03 15:27:02 UTC

Description Laszlo Ersek 2016-06-01 15:54:34 UTC
Found in version: OVMF-20160419-2.git90bb4c5.el7.noarch

These references say it all:
- bug 1308678 comments 14 through 19,
- the thread at http://thread.gmane.org/gmane.comp.bios.edk2.devel/12864

The fix is to set PcdCpuSmmStackGuard to TRUE, and PcdCpuSmmStackSize to 0x4000. Upstream is affected too.

Comment 1 Laszlo Ersek 2016-06-01 19:04:10 UTC
Posted upstream series:

Comment 2 Laszlo Ersek 2016-06-06 09:02:49 UTC
Upstream commit range d2970bbc1d88..0d0c245dfb14.

Comment 4 aihua liang 2016-09-07 11:10:51 UTC
Has verified, SB can work normally.

Verified Version:
  kernel version:3.10.0-504.el7.x86_64
  OVMF version:OVMF-20160608-3.git988715a.el7.noarch

Comment 6 errata-xmlrpc 2016-11-04 08:41:04 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.