diff --git a/kernel/kernel-rt/centos/build_srpm.data b/kernel/kernel-rt/centos/build_srpm.data index c06f85d68..dab446664 100644 --- a/kernel/kernel-rt/centos/build_srpm.data +++ b/kernel/kernel-rt/centos/build_srpm.data @@ -1,4 +1,4 @@ COPY_LIST="files/*" -TIS_PATCH_VER=1 +TIS_PATCH_VER=2 BUILD_IS_BIG=11 BUILD_IS_SLOW=12 diff --git a/kernel/kernel-rt/centos/meta_patches/Compile-issues.patch b/kernel/kernel-rt/centos/meta_patches/Compile-issues.patch index e0ef4222a..0b34b1659 100644 --- a/kernel/kernel-rt/centos/meta_patches/Compile-issues.patch +++ b/kernel/kernel-rt/centos/meta_patches/Compile-issues.patch @@ -1,33 +1,37 @@ -From d83caf51542ff89ffc70377d8a04d697d8fe09e3 Mon Sep 17 00:00:00 2001 +From d85ae09a0e333ba2c0b2630a1d4768655cacf481 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: <5d869ea9407975726a95d046391cd640b726ca93.1566591106.git.Jim.Somerville@windriver.com> +References: <5d869ea9407975726a95d046391cd640b726ca93.1566591106.git.Jim.Somerville@windriver.com> From: Bin Yang Date: Wed, 31 Jul 2019 14:23:20 +0800 -Subject: [PATCH 3/3] Compile issues +Subject: [PATCH 2/2] Compile issues Signed-off-by: Bin Yang +Signed-off-by: Jim Somerville --- SPECS/kernel-rt.spec | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec -index e94ec2f..e6e71e4 100644 +index f7aad95..29d3878 100644 --- a/SPECS/kernel-rt.spec +++ b/SPECS/kernel-rt.spec -@@ -420,6 +420,11 @@ Patch1028: turn-off-write-same-in-smartqpi-driver.patch - Patch1029: restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch - Patch1030: robustify-CFS-bandwidth-timer-locking.patch - Patch1031: epoll-fix-use-after-free-in-eventpoll_release_file.patch -+Patch1032: fix-compilation-issues.patch +@@ -424,6 +424,11 @@ Patch1031: epoll-fix-use-after-free-in-eventpoll_release_file.patch + Patch1032: ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch + Patch1033: rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch + Patch1034: rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch ++Patch1035: fix-compilation-issues.patch +# Fix CentOS 7.6 upgrade compile error -+Patch1033: fix-CentOS-7.6-upgrade-compile-error.patch ++Patch1036: fix-CentOS-7.6-upgrade-compile-error.patch +# Compile fix for disabling CONFIG_MEMCG_KMEM -+Patch1034: compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch ++Patch1037: compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root -@@ -784,6 +789,9 @@ ApplyPatch turn-off-write-same-in-smartqpi-driver.patch - ApplyPatch restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch - ApplyPatch robustify-CFS-bandwidth-timer-locking.patch - ApplyPatch epoll-fix-use-after-free-in-eventpoll_release_file.patch +@@ -791,6 +796,9 @@ ApplyPatch epoll-fix-use-after-free-in-eventpoll_release_file.patch + ApplyPatch ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch + ApplyPatch rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch + ApplyPatch rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch +ApplyPatch fix-compilation-issues.patch +ApplyPatch fix-CentOS-7.6-upgrade-compile-error.patch +ApplyPatch compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch @@ -35,5 +39,5 @@ index e94ec2f..e6e71e4 100644 # move off upstream version mechanism if [ -e localversion-rt ]; then -- -2.7.4 +1.8.3.1 diff --git a/kernel/kernel-rt/centos/meta_patches/Kernel-source-patches-for-TiC.patch b/kernel/kernel-rt/centos/meta_patches/Kernel-source-patches-for-TiC.patch index 18ff5cdd2..49d0757ea 100644 --- a/kernel/kernel-rt/centos/meta_patches/Kernel-source-patches-for-TiC.patch +++ b/kernel/kernel-rt/centos/meta_patches/Kernel-source-patches-for-TiC.patch @@ -1,18 +1,20 @@ -From 2c23df3f032c68046a309e5b9f1d321438905e85 Mon Sep 17 00:00:00 2001 +From 5d869ea9407975726a95d046391cd640b726ca93 Mon Sep 17 00:00:00 2001 +Message-Id: <5d869ea9407975726a95d046391cd640b726ca93.1566591106.git.Jim.Somerville@windriver.com> From: Bin Yang Date: Mon, 29 Jul 2019 11:48:49 -0400 -Subject: [PATCH 2/3] Kernel source patches for TiC +Subject: [PATCH 1/2] Kernel source patches for TiC Signed-off-by: Bin Yang +Signed-off-by: Jim Somerville --- - SPECS/kernel-rt.spec | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 66 insertions(+) + SPECS/kernel-rt.spec | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 73 insertions(+) diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec -index efc89cd..e94ec2f 100644 +index adffde2..f7aad95 100644 --- a/SPECS/kernel-rt.spec +++ b/SPECS/kernel-rt.spec -@@ -386,6 +386,40 @@ Source1000: modprobe-dccp-blacklist.conf +@@ -386,6 +386,44 @@ Source1000: modprobe-dccp-blacklist.conf # Empty final patch file to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch @@ -50,10 +52,14 @@ index efc89cd..e94ec2f 100644 +Patch1029: restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch +Patch1030: robustify-CFS-bandwidth-timer-locking.patch +Patch1031: epoll-fix-use-after-free-in-eventpoll_release_file.patch ++# Fix three potential kernel memory leaks ++Patch1032: ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch ++Patch1033: rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch ++Patch1034: rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root -@@ -718,6 +752,38 @@ cp %{SOURCE38} . +@@ -718,6 +756,41 @@ cp %{SOURCE38} . ## Apply Patches here ApplyPatch linux-kernel-test.patch @@ -89,9 +95,12 @@ index efc89cd..e94ec2f 100644 +ApplyPatch restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch +ApplyPatch robustify-CFS-bandwidth-timer-locking.patch +ApplyPatch epoll-fix-use-after-free-in-eventpoll_release_file.patch ++ApplyPatch ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch ++ApplyPatch rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch ++ApplyPatch rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch # move off upstream version mechanism if [ -e localversion-rt ]; then -- -2.7.4 +1.8.3.1 diff --git a/kernel/kernel-rt/centos/patches/ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch b/kernel/kernel-rt/centos/patches/ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch new file mode 100644 index 000000000..63d1c4854 --- /dev/null +++ b/kernel/kernel-rt/centos/patches/ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch @@ -0,0 +1,57 @@ +From fdb837fb87ff4907436dfab16709b64d6c3488fd Mon Sep 17 00:00:00 2001 +Message-Id: +From: Tommi Rantala +Date: Thu, 7 May 2015 15:12:21 +0300 +Subject: [PATCH 1/3] ipvs: fix memory leak in ip_vs_ctl.c + +[ commit f30bf2a5cac6c60ab366c4bc6db913597bf4d6ab in Linus' repo ] + +Fix memory leak introduced in commit a0840e2e165a ("IPVS: netns, +ip_vs_ctl local vars moved to ipvs struct."): + +unreferenced object 0xffff88005785b800 (size 2048): + comm "(-localed)", pid 1434, jiffies 4294755650 (age 1421.089s) + hex dump (first 32 bytes): + bb 89 0b 83 ff ff ff ff b0 78 f0 4e 00 88 ff ff .........x.N.... + 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ + backtrace: + [] kmemleak_alloc+0x4e/0xb0 + [] __kmalloc_track_caller+0x244/0x430 + [] kmemdup+0x20/0x50 + [] ip_vs_control_net_init+0x1f7/0x510 + [] __ip_vs_init+0x100/0x250 + [] ops_init+0x41/0x190 + [] setup_net+0x93/0x150 + [] copy_net_ns+0x82/0x140 + [] create_new_namespaces+0xfd/0x190 + [] unshare_nsproxy_namespaces+0x5a/0xc0 + [] SyS_unshare+0x173/0x310 + [] system_call_fastpath+0x12/0x6f + [] 0xffffffffffffffff + +Fixes: a0840e2e165a ("IPVS: netns, ip_vs_ctl local vars moved to ipvs struct.") +Signed-off-by: Tommi Rantala +Acked-by: Julian Anastasov +Signed-off-by: Simon Horman +Signed-off-by: Jim Somerville +--- + net/netfilter/ipvs/ip_vs_ctl.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c +index 02409f3..3738b84 100644 +--- a/net/netfilter/ipvs/ip_vs_ctl.c ++++ b/net/netfilter/ipvs/ip_vs_ctl.c +@@ -3843,6 +3843,9 @@ static void __net_exit ip_vs_control_net_cleanup_sysctl(struct net *net) + cancel_delayed_work_sync(&ipvs->defense_work); + cancel_work_sync(&ipvs->defense_work.work); + unregister_net_sysctl_table(ipvs->sysctl_hdr); ++ ++ if (!net_eq(net, &init_net)) ++ kfree(ipvs->sysctl_tbl); + } + + #else +-- +1.8.3.1 + diff --git a/kernel/kernel-rt/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch b/kernel/kernel-rt/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch new file mode 100644 index 000000000..812fe67b5 --- /dev/null +++ b/kernel/kernel-rt/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch @@ -0,0 +1,67 @@ +From a16765613c5cb9b6cb86bc92d21030be124b2dde Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: +References: +From: Stanislav Kinsburskiy +Date: Fri, 9 Feb 2018 11:52:14 +0300 +Subject: [PATCH 2/3] rh/ext4: release leaked posix acl in ext4_acl_chmod + +[ commit b85d6be0b743a1768b8456d36b52960858fbaa67 in OpenVZ's vzkernel repo ] + +Note: only rh7-3.10.0-693.17.1.el7-based kernels are affected. +I.e. starting from rh7-3.10.0-693.17.1.vz7.43.1. + +Posix acl is used to convert of an extended attribute, provided by user to ext4 +attributes. In particular to i_mode in case of ACL_TYPE_ACCESS request. +IOW, this object is allocated, used for convertion, not stored anywhere and +must be freed. + +However posix_acl_update_mode() can zerofy the pointer to support +ext4_set_acl() logic, but then the object is leaked. So, fix it by releasing +new temporary pointer with the same value instead of acl pointer. + +In scope of https://jira.sw.ru/browse/PSBM-81384 + +RHEL bug URL: https://bugzilla.redhat.com/show_bug.cgi?id=1543020 + +Signed-off-by: Stanislav Kinsburskiy +Acked-by: Dmitry Monakhov +Signed-off-by: Jim Somerville +--- + fs/ext4/acl.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c +index 917e819..fce029f 100644 +--- a/fs/ext4/acl.c ++++ b/fs/ext4/acl.c +@@ -297,7 +297,7 @@ cleanup: + int + ext4_acl_chmod(struct inode *inode) + { +- struct posix_acl *acl; ++ struct posix_acl *acl, *real_acl; + handle_t *handle; + int retries = 0; + int error; +@@ -315,6 +315,8 @@ ext4_acl_chmod(struct inode *inode) + error = posix_acl_chmod(&acl, GFP_KERNEL, inode->i_mode); + if (error) + return error; ++ ++ real_acl = acl; + retry: + handle = ext4_journal_start(inode, EXT4_HT_XATTR, + ext4_jbd2_credits_xattr(inode)); +@@ -341,7 +343,7 @@ out_stop: + ext4_should_retry_alloc(inode->i_sb, &retries)) + goto retry; + out: +- posix_acl_release(acl); ++ posix_acl_release(real_acl); + return error; + } + +-- +1.8.3.1 + diff --git a/kernel/kernel-rt/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch b/kernel/kernel-rt/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch new file mode 100644 index 000000000..40a28df1e --- /dev/null +++ b/kernel/kernel-rt/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch @@ -0,0 +1,79 @@ +From 916c45d11310d03a4a76bd80a40f0c6a767ba39e Mon Sep 17 00:00:00 2001 +Message-Id: <916c45d11310d03a4a76bd80a40f0c6a767ba39e.1566590430.git.Jim.Somerville@windriver.com> +In-Reply-To: +References: +From: Stanislav Kinsburskiy +Date: Fri, 9 Feb 2018 11:52:15 +0300 +Subject: [PATCH 3/3] rh/ext4: release leaked posix acl in ext4_xattr_set_acl + +[ commit b762d904ada70f239f1c2d2d70c4a64cd04c8ade in OpenVZ's vzkernel repo ] + +Note: only rh7-3.10.0-693.17.1.el7-based kernels are affcted. +I.e. starting from rh7-3.10.0-693.17.1.vz7.43.1. + +Posix acl is used to convert of an extended attribute, provided by user to ext4 +attributes. In particular to i_mode in case of ACL_TYPE_ACCESS request. + +IOW, this object is allocated, used for convertion, not stored anywhere and +must be freed. + +However posix_acl_update_mode() can zerofy the pointer to support +ext4_set_acl() logic, but then the object is leaked. So, fix it by releasing +new temporary pointer with the same value instead of acl pointer. + +https://jira.sw.ru/browse/PSBM-81384 + +RHEL bug URL: https://bugzilla.redhat.com/show_bug.cgi?id=1543020 + +v2: Added affected kernel version + RHEL bug URL + +Signed-off-by: Stanislav Kinsburskiy +Acked-by: Dmitry Monakhov +Signed-off-by: Jim Somerville +--- + fs/ext4/acl.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c +index fce029f..046b338 100644 +--- a/fs/ext4/acl.c ++++ b/fs/ext4/acl.c +@@ -405,7 +405,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value, + { + struct inode *inode = dentry->d_inode; + handle_t *handle; +- struct posix_acl *acl; ++ struct posix_acl *acl, *real_acl; + int error, retries = 0; + int update_mode = 0; + umode_t mode = inode->i_mode; +@@ -418,7 +418,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value, + return -EPERM; + + if (value) { +- acl = posix_acl_from_xattr(&init_user_ns, value, size); ++ acl = real_acl = posix_acl_from_xattr(&init_user_ns, value, size); + if (IS_ERR(acl)) + return PTR_ERR(acl); + else if (acl) { +@@ -427,7 +427,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value, + goto release_and_out; + } + } else +- acl = NULL; ++ acl = real_acl = NULL; + + retry: + handle = ext4_journal_start(inode, EXT4_HT_XATTR, +@@ -454,7 +454,7 @@ out_stop: + goto retry; + + release_and_out: +- posix_acl_release(acl); ++ posix_acl_release(real_acl); + return error; + } + +-- +1.8.3.1 + diff --git a/kernel/kernel-std/centos/build_srpm.data b/kernel/kernel-std/centos/build_srpm.data index c06f85d68..dab446664 100644 --- a/kernel/kernel-std/centos/build_srpm.data +++ b/kernel/kernel-std/centos/build_srpm.data @@ -1,4 +1,4 @@ COPY_LIST="files/*" -TIS_PATCH_VER=1 +TIS_PATCH_VER=2 BUILD_IS_BIG=11 BUILD_IS_SLOW=12 diff --git a/kernel/kernel-std/centos/meta_patches/Compile-issues.patch b/kernel/kernel-std/centos/meta_patches/Compile-issues.patch index 68d89242f..9be5d8310 100644 --- a/kernel/kernel-std/centos/meta_patches/Compile-issues.patch +++ b/kernel/kernel-std/centos/meta_patches/Compile-issues.patch @@ -1,34 +1,38 @@ -From a38da63c3677f78c33b3896699788bd5eb77116e Mon Sep 17 00:00:00 2001 +From f9a5a49c9daac827d94cd562c0c6f100388fd798 Mon Sep 17 00:00:00 2001 +Message-Id: +In-Reply-To: +References: From: "zhao.shuai" Date: Tue, 6 Aug 2019 16:18:04 +0800 -Subject: [PATCH 3/3] Compile issues +Subject: [PATCH 2/2] Compile issues Signed-off-by: zhao.shuai +Signed-off-by: Jim Somerville --- SPECS/kernel.spec | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec -index 418cdd0..a5de0aa 100644 +index d5df4a4..1d765ed 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec -@@ -491,6 +491,12 @@ Patch40025: dpt_i2o-fix-build-warning.patch - Patch40026: turn-off-write-same-in-smartqpi-driver.patch - # Fix use-after-free in eventpoll_release_file - Patch40027: epoll-fix-use-after-free-in-eventpoll_release_file.patch +@@ -495,6 +495,12 @@ Patch40027: epoll-fix-use-after-free-in-eventpoll_release_file.patch + Patch40028: ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch + Patch40029: rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch + Patch40030: rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch +# Fix assorted compilation issues -+Patch40028: fix-compilation-issues.patch ++Patch40031: fix-compilation-issues.patch +# Fix CentOS 7.6 upgrade compile error -+Patch40029: fix-CentOS-7.6-upgrade-compile-error.patch ++Patch40032: fix-CentOS-7.6-upgrade-compile-error.patch +# Compile fix for disabling CONFIG_MEMCG_KMEM -+Patch40030: compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch ++Patch40033: compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch BuildRoot: %{_tmppath}/kernel-%{KVRA}-root -@@ -862,6 +868,9 @@ ApplyOptionalPatch aic94xx-Skip-reading-user-settings-if-flash-is-not-f.patch - ApplyOptionalPatch dpt_i2o-fix-build-warning.patch - ApplyOptionalPatch turn-off-write-same-in-smartqpi-driver.patch - ApplyOptionalPatch epoll-fix-use-after-free-in-eventpoll_release_file.patch +@@ -869,6 +875,9 @@ ApplyOptionalPatch epoll-fix-use-after-free-in-eventpoll_release_file.patch + ApplyOptionalPatch ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch + ApplyOptionalPatch rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch + ApplyOptionalPatch rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch +ApplyOptionalPatch fix-compilation-issues.patch +ApplyOptionalPatch fix-CentOS-7.6-upgrade-compile-error.patch +ApplyOptionalPatch compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch diff --git a/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch b/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch index 77681ffef..9a4bb4b5a 100644 --- a/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch +++ b/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch @@ -1,18 +1,20 @@ -From e9f7eeea6002b26912b6434c324ac19c2987afe8 Mon Sep 17 00:00:00 2001 +From ac67546ccbecd3ee18145be31d87d7253048adda Mon Sep 17 00:00:00 2001 +Message-Id: From: "zhao.shuai" Date: Mon, 5 Aug 2019 17:55:01 +0800 -Subject: [PATCH 2/3] Kernel-source-patches-for-TiC +Subject: [PATCH 1/2] Kernel-source-patches-for-TiC Signed-off-by: zhao.shuai +Signed-off-by: Jim Somerville --- - SPECS/kernel.spec | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 61 insertions(+) + SPECS/kernel.spec | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 68 insertions(+) diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec -index e42177e..418cdd0 100644 +index e42177e..d5df4a4 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec -@@ -460,6 +460,38 @@ Patch1002: debrand-rh-i686-cpu.patch +@@ -460,6 +460,42 @@ Patch1002: debrand-rh-i686-cpu.patch Source30000: kernel-3.10.0-x86_64.config.tis_extra Source30001: ima_signing_key.pub @@ -47,11 +49,15 @@ index e42177e..418cdd0 100644 +Patch40026: turn-off-write-same-in-smartqpi-driver.patch +# Fix use-after-free in eventpoll_release_file +Patch40027: epoll-fix-use-after-free-in-eventpoll_release_file.patch ++# Fix three potential kernel memory leaks ++Patch40028: ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch ++Patch40029: rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch ++Patch40030: rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch + BuildRoot: %{_tmppath}/kernel-%{KVRA}-root %description -@@ -802,6 +834,35 @@ ApplyOptionalPatch debrand-single-cpu.patch +@@ -802,6 +838,38 @@ ApplyOptionalPatch debrand-single-cpu.patch ApplyOptionalPatch debrand-rh_taint.patch ApplyOptionalPatch debrand-rh-i686-cpu.patch @@ -83,6 +89,9 @@ index e42177e..418cdd0 100644 +ApplyOptionalPatch dpt_i2o-fix-build-warning.patch +ApplyOptionalPatch turn-off-write-same-in-smartqpi-driver.patch +ApplyOptionalPatch epoll-fix-use-after-free-in-eventpoll_release_file.patch ++ApplyOptionalPatch ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch ++ApplyOptionalPatch rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch ++ApplyOptionalPatch rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch + # Any further pre-build tree manipulations happen here. diff --git a/kernel/kernel-std/centos/patches/ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch b/kernel/kernel-std/centos/patches/ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch new file mode 100644 index 000000000..a309355f8 --- /dev/null +++ b/kernel/kernel-std/centos/patches/ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch @@ -0,0 +1,57 @@ +From e3887b1e84e274be02f992e034e0dba1f53925b6 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Tommi Rantala +Date: Thu, 7 May 2015 15:12:21 +0300 +Subject: [PATCH 1/3] ipvs: fix memory leak in ip_vs_ctl.c + +[ commit f30bf2a5cac6c60ab366c4bc6db913597bf4d6ab in Linus' repo ] + +Fix memory leak introduced in commit a0840e2e165a ("IPVS: netns, +ip_vs_ctl local vars moved to ipvs struct."): + +unreferenced object 0xffff88005785b800 (size 2048): + comm "(-localed)", pid 1434, jiffies 4294755650 (age 1421.089s) + hex dump (first 32 bytes): + bb 89 0b 83 ff ff ff ff b0 78 f0 4e 00 88 ff ff .........x.N.... + 04 00 00 00 a4 01 00 00 00 00 00 00 00 00 00 00 ................ + backtrace: + [] kmemleak_alloc+0x4e/0xb0 + [] __kmalloc_track_caller+0x244/0x430 + [] kmemdup+0x20/0x50 + [] ip_vs_control_net_init+0x1f7/0x510 + [] __ip_vs_init+0x100/0x250 + [] ops_init+0x41/0x190 + [] setup_net+0x93/0x150 + [] copy_net_ns+0x82/0x140 + [] create_new_namespaces+0xfd/0x190 + [] unshare_nsproxy_namespaces+0x5a/0xc0 + [] SyS_unshare+0x173/0x310 + [] system_call_fastpath+0x12/0x6f + [] 0xffffffffffffffff + +Fixes: a0840e2e165a ("IPVS: netns, ip_vs_ctl local vars moved to ipvs struct.") +Signed-off-by: Tommi Rantala +Acked-by: Julian Anastasov +Signed-off-by: Simon Horman +Signed-off-by: Jim Somerville +--- + net/netfilter/ipvs/ip_vs_ctl.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c +index 02409f3..3738b84 100644 +--- a/net/netfilter/ipvs/ip_vs_ctl.c ++++ b/net/netfilter/ipvs/ip_vs_ctl.c +@@ -3843,6 +3843,9 @@ static void __net_exit ip_vs_control_net_cleanup_sysctl(struct net *net) + cancel_delayed_work_sync(&ipvs->defense_work); + cancel_work_sync(&ipvs->defense_work.work); + unregister_net_sysctl_table(ipvs->sysctl_hdr); ++ ++ if (!net_eq(net, &init_net)) ++ kfree(ipvs->sysctl_tbl); + } + + #else +-- +1.8.3.1 + diff --git a/kernel/kernel-std/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch b/kernel/kernel-std/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch new file mode 100644 index 000000000..e8a5e3a0c --- /dev/null +++ b/kernel/kernel-std/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch @@ -0,0 +1,67 @@ +From 598c88638d4f46a38bf3d0669bc042c1ea1e4605 Mon Sep 17 00:00:00 2001 +Message-Id: <598c88638d4f46a38bf3d0669bc042c1ea1e4605.1566585829.git.Jim.Somerville@windriver.com> +In-Reply-To: +References: +From: Stanislav Kinsburskiy +Date: Fri, 9 Feb 2018 11:52:14 +0300 +Subject: [PATCH 2/3] rh/ext4: release leaked posix acl in ext4_acl_chmod + +[ commit b85d6be0b743a1768b8456d36b52960858fbaa67 in OpenVZ's vzkernel repo ] + +Note: only rh7-3.10.0-693.17.1.el7-based kernels are affected. +I.e. starting from rh7-3.10.0-693.17.1.vz7.43.1. + +Posix acl is used to convert of an extended attribute, provided by user to ext4 +attributes. In particular to i_mode in case of ACL_TYPE_ACCESS request. +IOW, this object is allocated, used for convertion, not stored anywhere and +must be freed. + +However posix_acl_update_mode() can zerofy the pointer to support +ext4_set_acl() logic, but then the object is leaked. So, fix it by releasing +new temporary pointer with the same value instead of acl pointer. + +In scope of https://jira.sw.ru/browse/PSBM-81384 + +RHEL bug URL: https://bugzilla.redhat.com/show_bug.cgi?id=1543020 + +Signed-off-by: Stanislav Kinsburskiy +Acked-by: Dmitry Monakhov +Signed-off-by: Jim Somerville +--- + fs/ext4/acl.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c +index 917e819..fce029f 100644 +--- a/fs/ext4/acl.c ++++ b/fs/ext4/acl.c +@@ -297,7 +297,7 @@ cleanup: + int + ext4_acl_chmod(struct inode *inode) + { +- struct posix_acl *acl; ++ struct posix_acl *acl, *real_acl; + handle_t *handle; + int retries = 0; + int error; +@@ -315,6 +315,8 @@ ext4_acl_chmod(struct inode *inode) + error = posix_acl_chmod(&acl, GFP_KERNEL, inode->i_mode); + if (error) + return error; ++ ++ real_acl = acl; + retry: + handle = ext4_journal_start(inode, EXT4_HT_XATTR, + ext4_jbd2_credits_xattr(inode)); +@@ -341,7 +343,7 @@ out_stop: + ext4_should_retry_alloc(inode->i_sb, &retries)) + goto retry; + out: +- posix_acl_release(acl); ++ posix_acl_release(real_acl); + return error; + } + +-- +1.8.3.1 + diff --git a/kernel/kernel-std/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch b/kernel/kernel-std/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch new file mode 100644 index 000000000..0e880f5ba --- /dev/null +++ b/kernel/kernel-std/centos/patches/rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch @@ -0,0 +1,79 @@ +From 190fe153e1def764a02d7cb3438f5bc7c0402e48 Mon Sep 17 00:00:00 2001 +Message-Id: <190fe153e1def764a02d7cb3438f5bc7c0402e48.1566585829.git.Jim.Somerville@windriver.com> +In-Reply-To: +References: +From: Stanislav Kinsburskiy +Date: Fri, 9 Feb 2018 11:52:15 +0300 +Subject: [PATCH 3/3] rh/ext4: release leaked posix acl in ext4_xattr_set_acl + +[ commit b762d904ada70f239f1c2d2d70c4a64cd04c8ade in OpenVZ's vzkernel repo ] + +Note: only rh7-3.10.0-693.17.1.el7-based kernels are affcted. +I.e. starting from rh7-3.10.0-693.17.1.vz7.43.1. + +Posix acl is used to convert of an extended attribute, provided by user to ext4 +attributes. In particular to i_mode in case of ACL_TYPE_ACCESS request. + +IOW, this object is allocated, used for convertion, not stored anywhere and +must be freed. + +However posix_acl_update_mode() can zerofy the pointer to support +ext4_set_acl() logic, but then the object is leaked. So, fix it by releasing +new temporary pointer with the same value instead of acl pointer. + +https://jira.sw.ru/browse/PSBM-81384 + +RHEL bug URL: https://bugzilla.redhat.com/show_bug.cgi?id=1543020 + +v2: Added affected kernel version + RHEL bug URL + +Signed-off-by: Stanislav Kinsburskiy +Acked-by: Dmitry Monakhov +Signed-off-by: Jim Somerville +--- + fs/ext4/acl.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c +index fce029f..046b338 100644 +--- a/fs/ext4/acl.c ++++ b/fs/ext4/acl.c +@@ -405,7 +405,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value, + { + struct inode *inode = dentry->d_inode; + handle_t *handle; +- struct posix_acl *acl; ++ struct posix_acl *acl, *real_acl; + int error, retries = 0; + int update_mode = 0; + umode_t mode = inode->i_mode; +@@ -418,7 +418,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value, + return -EPERM; + + if (value) { +- acl = posix_acl_from_xattr(&init_user_ns, value, size); ++ acl = real_acl = posix_acl_from_xattr(&init_user_ns, value, size); + if (IS_ERR(acl)) + return PTR_ERR(acl); + else if (acl) { +@@ -427,7 +427,7 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value, + goto release_and_out; + } + } else +- acl = NULL; ++ acl = real_acl = NULL; + + retry: + handle = ext4_journal_start(inode, EXT4_HT_XATTR, +@@ -454,7 +454,7 @@ out_stop: + goto retry; + + release_and_out: +- posix_acl_release(acl); ++ posix_acl_release(real_acl); + return error; + } + +-- +1.8.3.1 +