Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-63093

[Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater [rhel-9.4]

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.4.z
    • edk2
    • Yes
    • Important
    • CustomerScenariosInitiative
    • sst_virtualization
    • ssg_virtualization
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      OVMF Issue with Netboot, VirtioRng, and both COM1/COM2 configured

       

      What is the impact of this issue to you?

      High - Can no longer deploy VMs using HTTP Boot

      Please provide the package NVR for which the bug is seen:

      edk2-ovmf-20240524-7.el9.noarch

      How reproducible is this bug?:

      5/5

      Steps to reproduce

      1. boot a vm from http or pxe, set the cpu to old cpu model which doesn't support rdrand, added rng device and added isa-serial devices in qemu command lines.
       /usr/libexec/qemu-kvm \
     -name 'avocado-vt-vm1'  \
     -sandbox on,elevateprivileges=deny,obsolete=deny,resourcecontrol=deny,spawn=allow \
     -blockdev '{"node-name": "file_ovmf_code", "driver": "file", "filename": "/usr/share/OVMF/OVMF_CODE.secboot.fd", "auto-read-only": true, "discard": "unmap"}' \
     -blockdev '{"node-name": "drive_ovmf_code", "driver": "raw", "read-only": true, "file": "file_ovmf_code"}' \
     -blockdev '{"node-name": "file_ovmf_vars", "driver": "file", "filename": "/home/edk2_pxe_boot/OVMF_VARS.fd", "auto-read-only": true, "discard": "unmap"}' \
     -blockdev '{"node-name": "drive_ovmf_vars", "driver": "raw", "read-only": false, "file": "file_ovmf_vars"}' \
     -machine q35,pflash0=drive_ovmf_code,pflash1=drive_ovmf_vars,memory-backend=mem-machine_mem,acpi=on \
     -device '{"id": "pcie-root-port-0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x1", "chassis": 1}' \
     -device '{"id": "pcie-pci-bridge-0", "driver": "pcie-pci-bridge", "addr": "0x0", "bus": "pcie-root-port-0"}'  \
     -nodefaults \
     -no-user-config \
     -vga none \
     -m 2048 \
     -object '{"size": 2147483648, "id": "mem-machine_mem", "qom-type": "memory-backend-ram"}'  \
     -cpu core2duo  \
     -device '{"ioport": 1285, "driver": "pvpanic", "id": "idfWQucb"}' \
     -chardev socket,path=/var/tmp/avocado_yda74u21/serial-serial0-20241008-072244-XF8HTFZP,server=on,id=chardev_serial0,wait=off \
     -device '{"id": "serial0", "driver": "isa-serial", "chardev": "chardev_serial0"}' \
     -object '{"qom-type": "rng-random", "filename": "/dev/urandom", "id": "passthrough-FDon2uS3"}' \
     -device '{"id": "pcie-root-port-1", "port": 1, "driver": "pcie-root-port", "addr": "0x1.0x1", "bus": "pcie.0", "chassis": 2}' \
     -device '{"driver": "virtio-rng-pci", "id": "virtio-rng-rVfm7mjD", "rng": "passthrough-FDon2uS3", "bus": "pcie-root-port-1", "addr": "0x0"}'  \
     -device '{"id": "pcie-root-port-2", "port": 2, "driver": "pcie-root-port", "addr": "0x1.0x2", "bus": "pcie.0", "chassis": 3}' \
     -device '{"driver": "qemu-xhci", "id": "usb1", "bus": "pcie-root-port-2", "addr": "0x0"}' \
     -device '{"driver": "usb-tablet", "id": "usb-tablet1", "bus": "usb1.0", "port": "1"}' \
     -device '{"id": "pcie-root-port-3", "port": 3, "driver": "pcie-root-port", "addr": "0x1.0x3", "bus": "pcie.0", "chassis": 4}' \
     -device '{"id": "virtio_scsi_pci0", "driver": "virtio-scsi-pci", "bus": "pcie-root-port-3", "addr": "0x0"}' \
     -blockdev '{"node-name": "file_image1", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/edk2_pxe_boot/IPXE-client-02.
qcow2", "cache": {"direct": true, "no-flush": false}}' \
     -blockdev '{"node-name": "drive_image1", "driver": "qcow2", "read-only": false, "cache": {"direct": true, "no-flush": false}, "file": "file_image1"}' \
     -device '{"driver": "scsi-hd", "id": "image1", "drive": "drive_image1", "write-cache": "on"}' \
     -blockdev '{"node-name": "drive_uefishell", "driver": "file", "read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/UefiS
hell.iso", "cache": {"direct": true, "no-flush": false}}' \
     -device '{"driver": "scsi-cd", "id": "uefishell", "drive": "drive_uefishell", "write-cache": "on", "bootindex": 1}'  \
     -device '{"id": "pcie-root-port-4", "port": 4, "driver": "pcie-root-port", "addr": "0x1.0x4", "bus": "pcie.0", "chassis": 5}' \
     -device '{"driver": "virtio-net-pci", "mac": "9a:d3:94:96:4a:88", "id": "id6B2jbF", "netdev": "idf57oZn", "bus": "pcie-root-port-4", "addr": "0x0", "bootindex": 2}' \
     -netdev  '{"id": "idf57oZn", "type": "tap", "vhost": true, "script": "/etc/qemu-ifup-private", "downscript": "/etc/qemu-ifdown-private"}'  \
     -rtc base=utc,clock=host,driftfix=slew  \
     -nographic  \
     -enable-kvm \
     -serial stdio \

       

      Expected results

      PXE/HTTP boot work well, getting the netboot options.

      UEFI Interactive Shell v2.2
EDK II
UEFI v2.70 (EDK II, 0x00010000)
Mapping table
      FS0: Alias(s):CD0b0a:;BLK1:
          PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)/CDROM(0x0)
     BLK0: Alias(s):
          PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)
Press ESC in 5 seconds to skip startup.nsh or any other key to continue.
Shell> 
Shell> bcfg boot dump
Option: 00. Variable: Boot0001   
  Desc    - UEFI QEMU QEMU CD-ROM 
  DevPath - PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)
  Optional- Y
Option: 01. Variable: Boot0002   
  Desc    - UEFI PXEv4 (MAC:9AD394964A88)
  DevPath - PciRoot(0x0)/Pci(0x1,0x4)/Pci(0x0,0x0)/MAC(9AD394964A88,0x1)/IPv4(0.0.0.0)
  Optional- Y
Option: 02. Variable: Boot0003   
  Desc    - UEFI PXEv6 (MAC:9AD394964A88)
  DevPath - PciRoot(0x0)/Pci(0x1,0x4)/Pci(0x0,0x0)/MAC(9AD394964A88,0x1)/IPv6(0000:00)
  Optional- Y
Option: 03. Variable: Boot0004   
  Desc    - UEFI HTTPv4 (MAC:9AD394964A88)
  DevPath - PciRoot(0x0)/Pci(0x1,0x4)/Pci(0x0,0x0)/MAC(9AD394964A88,0x1)/IPv4(0.0.0.0)
  Optional- Y
Option: 04. Variable: Boot0005   
  Desc    - UEFI HTTPv6 (MAC:9AD394964A88)
  DevPath - PciRoot(0x0)/Pci(0x1,0x4)/Pci(0x0,0x0)/MAC(9AD394964A88,0x1)/IPv6(0000:00)
  Optional- Y
Option: 05. Variable: Boot0000   
  Desc    - UiApp
  DevPath - Fv(7CB8BDC9-F8EB-4F34-AAEA-3EE4AF6516A1)/FvFile(462CAA21-7614-4503-836E-8)
  Optional- N

      Actual results

      HTTP boot fails, can not get the netboot options

      UEFI Interactive Shell v2.2
EDK II
UEFI v2.70 (EDK II, 0x00010000)
Mapping table
      FS0: Alias(s):CD0b0a:;BLK1:
          PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)/CDROM(0x0)
     BLK0: Alias(s):
          PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)
Press ESC in 4 seconds to skip startup.nsh or any other key to continue.
Shell> bcfg boot dump
Option: 00. Variable: Boot0001   
  Desc    - UEFI QEMU QEMU CD-ROM 
  DevPath - PciRoot(0x0)/Pci(0x1,0x3)/Pci(0x0,0x0)/Scsi(0x1,0x0)
  Optional- Y
Option: 01. Variable: Boot0000   
  Desc    - UiApp
  DevPath - Fv(7CB8BDC9-F8EB-4F34-AAEA-3EE4AF6516A1)/FvFile(462CAA21-7614-4503-836E-8)
  Optional- N

      Additional information:

      Since the PixieFail CVE fixes, a strong random number generator is
      required to use network functionality, such as booting via PXE or
      HTTP.
      On modern x86_64 CPUs this is not a problem because these support the
      RDRAND instruction.
      On older models one needs to add a virtio-rng device otherwise network
      initialization fails.

      In this bug, boot the vm without rdrand, VirtioRng, and both COM1/COM2 configured. If removed the isa-serial device, http boot works well. The detailed information, please refer to RHEL-58631 [Regression] HTTP Boot fails to work with edk2-ovmf-20231122-6.el9_4.2 and greater.

            virt-maint virt-maint
            jetwei Xueqiang Wei
            virt-maint virt-maint
            Xueqiang Wei Xueqiang Wei
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated: