From 0656fa94dcb9a32a52d2d7757f1b138b88ba9a43 Mon Sep 17 00:00:00 2001 From: Robin Lu Date: Thu, 21 Nov 2019 15:13:50 +0800 Subject: [PATCH] Update kernel-rt patches for kernel upgrade to version 1062.1.2 This upgrade fixes the CVEs listed below. We refresh the patches against the new rt-kernel source. rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch is deleted because upstream has fixed this bug, and it is no longer needed. CVE bug: CVE-2019-11810:kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS CVE bug: CVE-2019-11811: kernel: use-after-free in IPMI Edit CVE bug: CVE-2019-14835: kernel: vhost-net: guest to host kernel escape during migration Closes-Bug: 1849206 Closes-Bug: 1849209 Closes-Bug: 1847817 Change-Id: Iaf5eae5d64b621f44f8faad51d22f9439431911f Depends-On: https://review.opendev.org/#/c/695355/ Signed-off-by: Robin Lu --- centos_srpms_centos3rdparties.lst | 2 +- .../Build-logic-and-sources-for-TiC.patch | 76 ++++++++++--------- .../centos/meta_patches/Compile-issues.patch | 4 +- .../Kernel-source-patches-for-TiC.patch | 11 ++- ...orting-Cacheinfo-from-Kernel-4.10.17.patch | 4 +- ...01216-IMA-support-in-Titanium-kernel.patch | 19 ++--- ...-fix-for-disabling-CONFIG_MEMCG_KMEM.patch | 10 +-- .../centos/patches/debrand-single-cpu.patch | 4 +- ...fix-CentOS-7.6-upgrade-compile-error.patch | 17 ++--- ...-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch | 47 ------------ ...obustify-CFS-bandwidth-timer-locking.patch | 23 +++--- kernel/kernel-rt/centos/srpm_path | 2 +- 12 files changed, 87 insertions(+), 132 deletions(-) delete mode 100644 kernel/kernel-rt/centos/patches/rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch diff --git a/centos_srpms_centos3rdparties.lst b/centos_srpms_centos3rdparties.lst index 390629a4a..595a90878 100644 --- a/centos_srpms_centos3rdparties.lst +++ b/centos_srpms_centos3rdparties.lst @@ -1 +1 @@ -kernel-rt-3.10.0-957.21.3.rt56.935.el7.src.rpm +kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm diff --git a/kernel/kernel-rt/centos/meta_patches/Build-logic-and-sources-for-TiC.patch b/kernel/kernel-rt/centos/meta_patches/Build-logic-and-sources-for-TiC.patch index 9c350e1b0..e7a091088 100644 --- a/kernel/kernel-rt/centos/meta_patches/Build-logic-and-sources-for-TiC.patch +++ b/kernel/kernel-rt/centos/meta_patches/Build-logic-and-sources-for-TiC.patch @@ -4,9 +4,10 @@ Date: Mon, 23 Apr 2018 15:18:45 -0400 Subject: [PATCH] Build logic and sources for TiC Signed-off-by: Jim Somerville +Signed-off-by: Robin Lu --- - SPECS/kernel-rt.spec | 279 +++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 272 insertions(+), 7 deletions(-) + SPECS/kernel-rt.spec | 279 ++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 273 insertions(+), 6 deletions(-) diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec index a922773..adffde2 100644 @@ -86,7 +87,7 @@ index a922773..adffde2 100644 %if %{with_sparse} BuildRequires: sparse >= 0.4.1 %endif -@@ -340,12 +359,26 @@ Source25: merge.pl +@@ -340,6 +359,13 @@ Source25: merge.pl Source27: sanity_check.py Source29: extrakeys.pub @@ -100,8 +101,9 @@ index a922773..adffde2 100644 ### Configuration files Source50: kernel-%{version}-x86_64-rt.config - Source51: kernel-%{version}-x86_64-rt-trace.config - Source52: kernel-%{version}-x86_64-rt-debug.config +@@ -352,6 +378,14 @@ Source81: find-debuginfo.sh + # Sources for kernel modprobe config files + Source1000: modprobe-dccp-blacklist.conf +# Sources for kernel-rt-tools +Source2000: cpupower.service @@ -110,10 +112,11 @@ index a922773..adffde2 100644 +Source30000: kernel-3.10.0-x86_64-rt.config.tis_extra +Source30001: kernel-3.10.0-x86_64-rt-debug.config.tis_extra +Source30002: kernel-3.10.0-x86_64-rt-trace.config.tis_extra - ### Started using a unified SRPM ++ + # Empty final patch file to facilitate testing of kernel patches + Patch999999: linux-kernel-test.patch - # Sources for kernel modprobe config files -@@ -373,6 +406,7 @@ This kernel has been compiled with the RT patch applied and is intended +@@ -374,6 +408,7 @@ This kernel has been compiled with the RT patch applied and is intended for use in deterministic response-time situations @@ -121,23 +124,23 @@ index a922773..adffde2 100644 %package doc Summary: Various documentation bits found in the kernel source Group: Documentation -@@ -384,13 +418,14 @@ device drivers shipped with it are documented in these files. - +@@ -386,6 +421,7 @@ device drivers shipped with it are documented in these files. You will want to install this package if you need a reference to the options that can be passed to Linux kernel modules at load time. -- + +%endif %package headers Summary: Header files for the Linux kernel for use by glibc - Group: Development/System +@@ -393,6 +429,7 @@ Group: Development/System Obsoletes: glibc-kernheaders < 3.0-46 Provides: glibc-kernheaders = 3.0-46 + Provides: kernel-rt-extras = %{version}-%{release} +Provides: kernel-headers %description headers Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The -@@ -438,6 +473,7 @@ AutoReq: no\ +@@ -442,6 +479,7 @@ AutoReq: no\ This package provides KVM modules for package %{name}%{?1:-%{1}}.\ %{nil} @@ -145,7 +148,7 @@ index a922773..adffde2 100644 # # This macro creates a kernel-rt--kvm-debuginfo package. # %%kernel_kvm_debuginfo_package -@@ -453,7 +489,9 @@ This package provides debug information for package %{name}%{?1:-%{1}}.\ +@@ -458,7 +496,9 @@ This package provides debug information for package %{name}%{?1:-%{1}}.\ This is required to use SystemTap with %{name}%{?1:-%{1}}-%{KVERREL}.\ %{expand:%%global debuginfo_args %{?debuginfo_args} -p '/.*/%%{KVERREL}%{?1:\.%{1}}/.*|/.*%%{KVERREL}%{?1:\.%{1}}(\.debug)?' -o debuginfo%{?1}-kvm.list}\ %{nil} @@ -155,7 +158,7 @@ index a922773..adffde2 100644 # # This macro creates a kernel--debuginfo package. # %%kernel_debuginfo_package -@@ -470,6 +508,7 @@ This package provides debug information for package %{name}%{?1:-%{1}}.\ +@@ -476,6 +516,7 @@ This package provides debug information for package %{name}%{?1:-%{1}}.\ This is required to use SystemTap with %{name}%{?1:-%{1}}-%{KVERREL}.\ %{expand:%%global debuginfo_args %{?debuginfo_args} -p '/.*/%%{KVERREL}%{?1:\.%{1}}/.*|/.*%%{KVERREL}%{?1:\.%{1}}(\.debug)?' -o debuginfo%{?1}.list}\ %{nil} @@ -163,7 +166,7 @@ index a922773..adffde2 100644 # # This macro creates a kernel--devel package. -@@ -483,6 +522,7 @@ Provides: installonlypkg(kernel-rt-devel) = %{version}-%{release}%{?1:.%{1}}\ +@@ -490,6 +531,7 @@ Provides: kernel-rt-devel = %{version}-%{release}%{?1:.%{1}}\ Provides: kernel-rt%{?1:-%{1}}-devel-%{_target_cpu} = %{version}-%{release}\ Provides: kernel-rt-devel-%{_target_cpu} = %{version}-%{release}%{?1:.%{1}}\ Provides: kernel-rt-devel-uname-r = %{KVERREL}%{?1:.%{1}}\ @@ -171,7 +174,7 @@ index a922773..adffde2 100644 AutoReqProv: no\ Requires(pre): /usr/bin/find\ %description -n kernel-rt%{?variant}%{?1:-%{1}}-devel\ -@@ -495,6 +535,7 @@ against the %{?2:%{2} }kernel package.\ +@@ -502,6 +544,7 @@ against the %{?2:%{2} }kernel package.\ # %%define variant_summary The Linux kernel compiled for # %%kernel_variant_package [-n ] # @@ -179,7 +182,7 @@ index a922773..adffde2 100644 %define kernel_variant_package(n:) \ %package %1\ Summary: %{variant_summary}\ -@@ -505,15 +546,29 @@ Group: System Environment/Kernel\ +@@ -512,15 +555,29 @@ Group: System Environment/Kernel\ %{expand:%%kernel_kvm_package %1}\ %{expand:%%kernel_kvm_debuginfo_package %1}\ %{nil} @@ -209,7 +212,7 @@ index a922773..adffde2 100644 # Now, each variant package. -@@ -563,6 +618,54 @@ It should only be installed when trying to gather additional information +@@ -570,6 +627,54 @@ It should only be installed when trying to gather additional information on kernel bugs. %endif @@ -264,7 +267,7 @@ index a922773..adffde2 100644 %prep ## ApplyPatch routine patch_command='patch -p1 -F1 -s' -@@ -607,6 +710,12 @@ cp -rl vanilla-%{kversion} linux-%{kversion}.%{_target_cpu} +@@ -614,6 +719,12 @@ cp -rl vanilla-%{kversion} linux-%{kversion}.%{_target_cpu} cd linux-%{kversion}.%{_target_cpu} @@ -277,7 +280,7 @@ index a922773..adffde2 100644 ## Apply Patches here ApplyPatch linux-kernel-test.patch -@@ -630,6 +739,15 @@ for i in *.config +@@ -637,6 +748,15 @@ for i in *.config do mv $i .config Arch=`head -1 .config | cut -b 3-` @@ -293,7 +296,7 @@ index a922773..adffde2 100644 make %{?cross_opts} ARCH=$Arch listnewconfig | grep -E '^CONFIG_' >.newoptions || true %if %{listnewconfig_fail} if [ -s .newoptions ]; then -@@ -764,10 +882,14 @@ BuildKernel() { +@@ -771,9 +891,13 @@ BuildKernel() { cp arch/$Arch/boot/zImage.stub $RPM_BUILD_ROOT/%{image_install_path}/zImage.stub-$KernelVer || : fi # EFI SecureBoot signing, x86_64-only @@ -304,12 +307,11 @@ index a922773..adffde2 100644 - %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE14} -n %{pesign_name} + %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE37} -c %{SOURCE37} -n %{pesign_name} mv $KernelImage.signed $KernelImage - %endif +%endif + %endif $CopyKernel $KernelImage $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer chmod 755 $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer - -@@ -910,6 +1032,12 @@ BuildKernel() { +@@ -919,6 +1043,12 @@ BuildKernel() { cp signing_key.priv signing_key.priv.sign${Flavour:+.${Flavour}} cp signing_key.x509 signing_key.x509.sign${Flavour:+.${Flavour}} @@ -322,7 +324,7 @@ index a922773..adffde2 100644 # remove files that will be auto generated by depmod at rpm -i time for i in alias alias.bin builtin.bin ccwmap dep dep.bin ieee1394map inputmap isapnpmap ofmap pcimap seriomap symbols symbols.bin usbmap softdep devname do -@@ -925,6 +1053,15 @@ BuildKernel() { +@@ -934,6 +1064,15 @@ BuildKernel() { install -Dm644 %{SOURCE1000} $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d/dccp-blacklist.conf @@ -338,7 +340,7 @@ index a922773..adffde2 100644 # prune junk from kernel-devel find $RPM_BUILD_ROOT/usr/src/kernels -name ".*.cmd" -exec rm -f {} \; } -@@ -972,6 +1109,31 @@ BuildKernel %make_target %kernel_image vanilla +@@ -981,6 +1120,31 @@ BuildKernel %make_target %kernel_image vanilla BuildKernel %make_target %kernel_image %endif @@ -370,7 +372,7 @@ index a922773..adffde2 100644 %if %{builddoc} # Make the HTML and man pages. make -j1 htmldocs mandocs || %{doc_build_fail} -@@ -1004,6 +1166,7 @@ popd +@@ -1013,6 +1177,7 @@ popd # if it isn't. %ifnarch noarch @@ -378,7 +380,7 @@ index a922773..adffde2 100644 %define __modsign_install_post \ if [ "%{with_rt}" -ne "0" ]; then \ Arch=`head -1 configs/kernel-%{version}-%{_target_cpu}-rt.config | cut -b 3-` \ -@@ -1022,6 +1185,24 @@ popd +@@ -1031,6 +1196,24 @@ popd %{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.${AAA} || exit 1 \ done \ %{nil} @@ -403,7 +405,7 @@ index a922773..adffde2 100644 %endif ### -@@ -1111,6 +1292,39 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/perf +@@ -1120,6 +1303,39 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/perf %endif # buildperf %endif @@ -443,7 +445,7 @@ index a922773..adffde2 100644 %if %{buildheaders} # Install kernel headers make ARCH=%{hdrarch} INSTALL_HDR_PATH=$RPM_BUILD_ROOT/usr headers_install -@@ -1165,6 +1379,14 @@ rm -rf $RPM_BUILD_ROOT +@@ -1174,6 +1390,14 @@ rm -rf $RPM_BUILD_ROOT ### scripts ### @@ -458,7 +460,7 @@ index a922773..adffde2 100644 # # This macro defines a %%post script for a kernel*-devel package. # %%kernel_devel_post [] -@@ -1328,6 +1550,43 @@ fi +@@ -1337,6 +1561,43 @@ fi %endif %endif @@ -502,15 +504,15 @@ index a922773..adffde2 100644 # This is %{image_install_path} on an arch where that includes ELF files, # or empty otherwise. %global elf_image_install_path %{?kernel_image_elf:%{image_install_path}} -@@ -1344,6 +1603,7 @@ fi +@@ -1353,6 +1614,7 @@ fi /%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?2:.%{2}}\ /%{image_install_path}/.vmlinuz-%{KVERREL}%{?2:.%{2}}.hmac\ /boot/System.map-%{KVERREL}%{?2:.%{2}}\ +/boot/symvers-%{KVERREL}%{?2:.%{2}}.gz\ /boot/config-%{KVERREL}%{?2:.%{2}}\ + /boot/symvers*\ %exclude /lib/modules/%{KVERREL}%{?2:.%{2}}/kernel/arch/x86/kvm\ - %exclude /lib/modules/%{KVERREL}%{?2:.%{2}}/kernel/drivers/gpu/drm/i915/gvt\ -@@ -1422,6 +1682,11 @@ fi +@@ -1432,6 +1694,11 @@ fi %kernel_variant_files %{buildvanilla} vanilla %endif @@ -520,8 +522,8 @@ index a922773..adffde2 100644 +%endif # do_sign + %changelog - * Fri Jun 14 2019 Luis Claudio R. Goncalves [3.10.0-957.21.3.rt56.935.el7] - - [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619] + * Mon Sep 16 2019 Luis Claudio R. Goncalves [3.10.0-1062.1.2.rt56.1025.el7] + - [rt] Update source tree to match RHEL rhel-7.7.z tree [1740918 1708718] -- 1.8.3.1 diff --git a/kernel/kernel-rt/centos/meta_patches/Compile-issues.patch b/kernel/kernel-rt/centos/meta_patches/Compile-issues.patch index 0b34b1659..ea9896594 100644 --- a/kernel/kernel-rt/centos/meta_patches/Compile-issues.patch +++ b/kernel/kernel-rt/centos/meta_patches/Compile-issues.patch @@ -16,7 +16,7 @@ diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec index f7aad95..29d3878 100644 --- a/SPECS/kernel-rt.spec +++ b/SPECS/kernel-rt.spec -@@ -424,6 +424,11 @@ Patch1031: epoll-fix-use-after-free-in-eventpoll_release_file.patch +@@ -425,6 +425,11 @@ Patch1031: epoll-fix-use-after-free-in-eventpoll_release_file.patch Patch1032: ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch Patch1033: rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch Patch1034: rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch @@ -28,7 +28,7 @@ index f7aad95..29d3878 100644 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root -@@ -791,6 +796,9 @@ ApplyPatch epoll-fix-use-after-free-in-eventpoll_release_file.patch +@@ -798,6 +803,9 @@ ApplyPatch epoll-fix-use-after-free-in-eventpoll_release_file.patch ApplyPatch ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch ApplyPatch rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch ApplyPatch rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch diff --git a/kernel/kernel-rt/centos/meta_patches/Kernel-source-patches-for-TiC.patch b/kernel/kernel-rt/centos/meta_patches/Kernel-source-patches-for-TiC.patch index 49d0757ea..830af1e10 100644 --- a/kernel/kernel-rt/centos/meta_patches/Kernel-source-patches-for-TiC.patch +++ b/kernel/kernel-rt/centos/meta_patches/Kernel-source-patches-for-TiC.patch @@ -6,15 +6,16 @@ Subject: [PATCH 1/2] Kernel source patches for TiC Signed-off-by: Bin Yang Signed-off-by: Jim Somerville +Signed-off-by: Robin Lu --- - SPECS/kernel-rt.spec | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 73 insertions(+) + SPECS/kernel-rt.spec | 71 ++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 71 insertions(+) diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec index adffde2..f7aad95 100644 --- a/SPECS/kernel-rt.spec +++ b/SPECS/kernel-rt.spec -@@ -386,6 +386,44 @@ Source1000: modprobe-dccp-blacklist.conf +@@ -388,6 +388,43 @@ Source30002: kernel-3.10.0-x86_64-rt-trace.config.tis_extra # Empty final patch file to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch @@ -35,7 +36,6 @@ index adffde2..f7aad95 100644 +Patch1014: Enable-building-mpt2sas-and-mpt3sas-as-builtin-for-C.patch +Patch1015: Enable-building-kernel-with-CONFIG_BLK_DEV_NBD.patch +Patch1016: x86-make-dma_alloc_coherent-return-zeroed-memory-if-.patch -+Patch1017: rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch +Patch1018: Porting-Cacheinfo-from-Kernel-4.10.17.patch +Patch1019: Fix-cacheinfo-compilation-issues-for-3.10.patch +Patch1020: cpuidle-menu-stop-seeking-deeper-idle-if-current-sta.patch @@ -59,7 +59,7 @@ index adffde2..f7aad95 100644 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root -@@ -718,6 +756,41 @@ cp %{SOURCE38} . +@@ -727,6 +764,40 @@ cp %{SOURCE38} . ## Apply Patches here ApplyPatch linux-kernel-test.patch @@ -80,7 +80,6 @@ index adffde2..f7aad95 100644 +ApplyPatch Enable-building-mpt2sas-and-mpt3sas-as-builtin-for-C.patch +ApplyPatch Enable-building-kernel-with-CONFIG_BLK_DEV_NBD.patch +ApplyPatch x86-make-dma_alloc_coherent-return-zeroed-memory-if-.patch -+ApplyPatch rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch +ApplyPatch Porting-Cacheinfo-from-Kernel-4.10.17.patch +ApplyPatch Fix-cacheinfo-compilation-issues-for-3.10.patch +ApplyPatch cpuidle-menu-stop-seeking-deeper-idle-if-current-sta.patch diff --git a/kernel/kernel-rt/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch b/kernel/kernel-rt/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch index 4b8dfda82..9eb8c135c 100644 --- a/kernel/kernel-rt/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch +++ b/kernel/kernel-rt/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch @@ -1258,8 +1258,8 @@ index 53c3fe1..527d291 100644 driver.o class.o platform.o \ cpu.o firmware.o init.o map.o devres.o \ attribute_container.o transport_class.o \ -- topology.o container.o property.o -+ topology.o container.o property.o cacheinfo.o +- topology.o container.o property.o devcon.o ++ topology.o container.o property.o devcon.o cacheinfo.o obj-$(CONFIG_DEVTMPFS) += devtmpfs.o obj-$(CONFIG_DMA_CMA) += dma-contiguous.o obj-y += power/ diff --git a/kernel/kernel-rt/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch b/kernel/kernel-rt/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch index 0cbe8807c..d7e3692b8 100644 --- a/kernel/kernel-rt/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch +++ b/kernel/kernel-rt/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch @@ -17,6 +17,7 @@ definitions on module deinit - modification to ima_file_check to pass in file OPEN status Signed-off-by: Jim Somerville +Signed-off-by: Robin Lu --- fs/namei.c | 2 +- fs/nfsd/vfs.c | 2 +- @@ -31,7 +32,7 @@ diff --git a/fs/namei.c b/fs/namei.c index 9f90b63..bf91ea0 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -3225,7 +3225,7 @@ opened: +@@ -3243,7 +3243,7 @@ opened: error = open_check_o_direct(file); if (error) goto exit_fput; @@ -57,7 +58,7 @@ diff --git a/fs/xattr.c b/fs/xattr.c index e540aca..cc307ec 100644 --- a/fs/xattr.c +++ b/fs/xattr.c -@@ -207,6 +207,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, +@@ -208,6 +208,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, *xattr_value = value; return error; } @@ -69,18 +70,18 @@ diff --git a/include/linux/fs.h b/include/linux/fs.h index eb6f994..2dbaf80 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -677,9 +677,8 @@ struct inode { +@@ -681,9 +681,8 @@ struct inode { struct fsnotify_mark_connector __rcu *i_fsnotify_marks) #endif --#ifdef CONFIG_IMA +-#if defined(CONFIG_IMA) && defined(CONFIG_X86_64) atomic_t i_readcount; /* struct files open RO */ -#endif + void *i_private; /* fs or device private pointer */ }; -@@ -2830,7 +2829,6 @@ static inline bool inode_is_open_for_write(const struct inode *inode) +@@ -2852,7 +2851,6 @@ static inline bool inode_is_open_for_write(const struct inode *inode) return atomic_read(&inode->i_writecount) > 0; } @@ -88,7 +89,7 @@ index eb6f994..2dbaf80 100644 static inline void i_readcount_dec(struct inode *inode) { BUG_ON(!atomic_read(&inode->i_readcount)); -@@ -2840,16 +2838,7 @@ static inline void i_readcount_inc(struct inode *inode) +@@ -2862,16 +2860,7 @@ static inline void i_readcount_inc(struct inode *inode) { atomic_inc(&inode->i_readcount); } @@ -340,7 +341,7 @@ index f069482..646a0e3 100644 int security_ptrace_access_check(struct task_struct *child, unsigned int mode) { #ifdef CONFIG_SECURITY_YAMA_STACKED -@@ -720,8 +824,11 @@ EXPORT_SYMBOL(security_inode_listsecurity); +@@ -718,8 +822,11 @@ EXPORT_SYMBOL(security_inode_listsecurity); void security_inode_getsecid(struct inode *inode, u32 *secid) { @@ -353,7 +354,7 @@ index f069482..646a0e3 100644 int security_inode_copy_up(struct dentry *src, struct cred **new) { -@@ -1530,6 +1637,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +@@ -1528,6 +1635,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) { return security_ops->audit_rule_init(field, op, rulestr, lsmrule); } @@ -361,7 +362,7 @@ index f069482..646a0e3 100644 int security_audit_rule_known(struct audit_krule *krule) { -@@ -1546,6 +1654,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, +@@ -1544,6 +1652,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, { return security_ops->audit_rule_match(secid, field, op, lsmrule, actx); } diff --git a/kernel/kernel-rt/centos/patches/compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch b/kernel/kernel-rt/centos/patches/compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch index d05a08141..ea9a32932 100644 --- a/kernel/kernel-rt/centos/patches/compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch +++ b/kernel/kernel-rt/centos/patches/compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch @@ -12,17 +12,17 @@ diff --git a/mm/memcontrol.c b/mm/memcontrol.c index da97e2c..68fd46b 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c -@@ -3010,6 +3010,8 @@ static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg, +@@ -2998,6 +2998,8 @@ static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg, memcg_check_events(memcg, page); } +static DEFINE_MUTEX(memcg_limit_mutex); + #ifdef CONFIG_MEMCG_KMEM - static inline bool memcg_can_account_kmem(struct mem_cgroup *memcg) - { -@@ -3510,8 +3512,6 @@ out: - return new_cachep; + /* + * The memcg_slab_mutex is held whenever a per memcg kmem cache is created or +@@ -3378,8 +3380,6 @@ static inline void memcg_resume_kmem_account(void) + current->memcg_kmem_skip_account--; } -static DEFINE_MUTEX(memcg_limit_mutex); diff --git a/kernel/kernel-rt/centos/patches/debrand-single-cpu.patch b/kernel/kernel-rt/centos/patches/debrand-single-cpu.patch index 80ebf8946..80c7d71fd 100644 --- a/kernel/kernel-rt/centos/patches/debrand-single-cpu.patch +++ b/kernel/kernel-rt/centos/patches/debrand-single-cpu.patch @@ -13,9 +13,9 @@ diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index f27ca00..9eca4ac 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -931,7 +931,7 @@ static void rh_check_supported(void) +@@ -964,7 +964,7 @@ static void rh_check_supported(void) if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && - !x86_hyper && !cpu_has_hypervisor && !is_kdump_kernel()) { + !guest && !is_kdump_kernel()) { pr_crit("Detected single cpu native boot.\n"); - pr_crit("Important: In Red Hat Enterprise Linux 7, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems."); + pr_crit("Important: In CentOS 7, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information"); diff --git a/kernel/kernel-rt/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch b/kernel/kernel-rt/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch index c8069c82f..e940109cb 100644 --- a/kernel/kernel-rt/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch +++ b/kernel/kernel-rt/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch @@ -14,8 +14,8 @@ defined Signed-off-by: Martin, Chen --- drivers/block/drbd/drbd_req.c | 8 ++++---- - include/linux/filter.h | 4 ++++ - 2 files changed, 8 insertions(+), 4 deletions(-) + include/linux/filter.h | 3 +++ + 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c index a6f13f7..cbd0a49 100644 @@ -51,17 +51,16 @@ diff --git a/include/linux/filter.h b/include/linux/filter.h index cddbb31..15ce55f 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h -@@ -665,6 +665,10 @@ static inline bool bpf_jit_blinding_enabled(struct bpf_prog *prog) - return true; - } - #else +@@ -763,6 +763,9 @@ void bpf_prog_kallsyms_add(struct bpf_prog *fp); + void bpf_prog_kallsyms_del(struct bpf_prog *fp); + + #else /* CONFIG_BPF_JIT */ +struct bpf_prog * __weak trace_bpf_int_jit_compile(struct bpf_prog *prog); +void __weak trace_bpf_jit_compile(struct bpf_prog *prog); +void __weak trace_bpf_jit_free(struct bpf_prog *fp); -+ - static inline bool ebpf_jit_enabled(void) + + static inline bool bpf_prog_ebpf_jited(const struct bpf_prog *fp) { - return false; -- 1.8.3.1 diff --git a/kernel/kernel-rt/centos/patches/rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch b/kernel/kernel-rt/centos/patches/rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch deleted file mode 100644 index 9e3a00cb2..000000000 --- a/kernel/kernel-rt/centos/patches/rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch +++ /dev/null @@ -1,47 +0,0 @@ -From b48c1062db1a4529f9ebecbffb5a80542da9f4f5 Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: -References: -From: "Paul E. McKenney" -Date: Thu, 15 Dec 2016 15:37:47 -0800 -Subject: [PATCH 18/32] rcu: Don't wake rcuc/X kthreads on NOCB CPUs - -[ upstream 630c7ed9ca0608912fa7c8591d05dfc8742dc9e6 in tip repo ] - -Chris Friesen notice that rcuc/X kthreads were consuming CPU even on -NOCB CPUs. This makes no sense because the only purpose or these -kthreads is to invoke normal (non-offloaded) callbacks, of which there -will never be any on NOCB CPUs. This problem was due to a bug in -cpu_has_callbacks_ready_to_invoke(), which should have been checking -->nxttail[RCU_NEXT_TAIL] for NULL, but which was instead (incorrectly) -checking ->nxttail[RCU_DONE_TAIL]. Because ->nxttail[RCU_DONE_TAIL] is -never NULL, the only effect is to cause the rcuc/X kthread to execute -when it should not do so. - -This commit therefore checks ->nxttail[RCU_NEXT_TAIL], which is NULL -for NOCB CPUs. - -Reported-by: Chris Friesen -Signed-off-by: Paul E. McKenney -Reviewed-by: Josh Triplett -Signed-off-by: Jim Somerville ---- - kernel/rcutree.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/kernel/rcutree.c b/kernel/rcutree.c -index 9648918..fb7b2a8 100644 ---- a/kernel/rcutree.c -+++ b/kernel/rcutree.c -@@ -367,7 +367,7 @@ static int - cpu_has_callbacks_ready_to_invoke(struct rcu_data *rdp) - { - return &rdp->nxtlist != rdp->nxttail[RCU_DONE_TAIL] && -- rdp->nxttail[RCU_DONE_TAIL] != NULL; -+ rdp->nxttail[RCU_NEXT_TAIL] != NULL; - } - - /* --- -1.8.3.1 - diff --git a/kernel/kernel-rt/centos/patches/robustify-CFS-bandwidth-timer-locking.patch b/kernel/kernel-rt/centos/patches/robustify-CFS-bandwidth-timer-locking.patch index 80e117d76..0c475c0fd 100644 --- a/kernel/kernel-rt/centos/patches/robustify-CFS-bandwidth-timer-locking.patch +++ b/kernel/kernel-rt/centos/patches/robustify-CFS-bandwidth-timer-locking.patch @@ -35,7 +35,7 @@ diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index d3d746b..e9a8d95 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c -@@ -3488,13 +3488,14 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b, +@@ -3490,13 +3490,14 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b, struct cfs_rq *cfs_rq; u64 runtime; u64 starting_runtime = remaining; @@ -51,7 +51,7 @@ index d3d746b..e9a8d95 100644 if (!cfs_rq_throttled(cfs_rq)) goto next; -@@ -3511,7 +3512,7 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b, +@@ -3513,7 +3514,7 @@ static u64 distribute_cfs_runtime(struct cfs_bandwidth *cfs_b, unthrottle_cfs_rq(cfs_rq); next: @@ -60,7 +60,7 @@ index d3d746b..e9a8d95 100644 if (!remaining) break; -@@ -3527,7 +3528,7 @@ next: +@@ -3529,7 +3530,7 @@ next: * period the timer is deactivated until scheduling resumes; cfs_b->idle is * used to track this state. */ @@ -69,7 +69,7 @@ index d3d746b..e9a8d95 100644 { u64 runtime, runtime_expires; int throttled; -@@ -3576,11 +3577,11 @@ static int do_sched_cfs_period_timer(struct cfs_bandwidth *cfs_b, int overrun) +@@ -3578,11 +3579,11 @@ static int do_sched_cfs_period_timer(struct cfs_bandwidth *cfs_b, int overrun) while (throttled && cfs_b->runtime > 0 && !cfs_b->distribute_running) { runtime = cfs_b->runtime; cfs_b->distribute_running = 1; @@ -83,7 +83,7 @@ index d3d746b..e9a8d95 100644 cfs_b->distribute_running = 0; throttled = !list_empty(&cfs_b->throttled_cfs_rq); -@@ -3689,17 +3690,18 @@ static __always_inline void return_cfs_rq_runtime(struct cfs_rq *cfs_rq) +@@ -3691,17 +3692,18 @@ static __always_inline void return_cfs_rq_runtime(struct cfs_rq *cfs_rq) static void do_sched_cfs_slack_timer(struct cfs_bandwidth *cfs_b) { u64 runtime = 0, slice = sched_cfs_bandwidth_slice(); @@ -105,7 +105,7 @@ index d3d746b..e9a8d95 100644 return; } -@@ -3710,18 +3712,18 @@ static void do_sched_cfs_slack_timer(struct cfs_bandwidth *cfs_b) +@@ -3712,18 +3714,18 @@ static void do_sched_cfs_slack_timer(struct cfs_bandwidth *cfs_b) if (runtime) cfs_b->distribute_running = 1; @@ -127,7 +127,7 @@ index d3d746b..e9a8d95 100644 } /* -@@ -3785,7 +3787,7 @@ static void check_cfs_rq_runtime(struct cfs_rq *cfs_rq) +@@ -3787,7 +3789,7 @@ static void check_cfs_rq_runtime(struct cfs_rq *cfs_rq) } static inline u64 default_cfs_period(void); @@ -136,22 +136,23 @@ index d3d746b..e9a8d95 100644 static void do_sched_cfs_slack_timer(struct cfs_bandwidth *cfs_b); static enum hrtimer_restart sched_cfs_slack_timer(struct hrtimer *timer) -@@ -3802,10 +3804,11 @@ static enum hrtimer_restart sched_cfs_period_timer(struct hrtimer *timer) +@@ -3806,11 +3808,12 @@ static enum hrtimer_restart sched_cfs_period_timer(struct hrtimer *timer) struct cfs_bandwidth *cfs_b = container_of(timer, struct cfs_bandwidth, period_timer); ktime_t now; + unsigned long flags; int overrun; int idle = 0; + int count = 0; - raw_spin_lock(&cfs_b->lock); + raw_spin_lock_irqsave(&cfs_b->lock, flags); for (;;) { now = hrtimer_cb_get_time(timer); overrun = hrtimer_forward(timer, now, cfs_b->period); -@@ -3813,9 +3816,9 @@ static enum hrtimer_restart sched_cfs_period_timer(struct hrtimer *timer) - if (!overrun) - break; +@@ -3840,9 +3843,9 @@ static enum hrtimer_restart sched_cfs_period_timer(struct hrtimer *timer) + count = 0; + } - idle = do_sched_cfs_period_timer(cfs_b, overrun); + idle = do_sched_cfs_period_timer(cfs_b, overrun, flags); diff --git a/kernel/kernel-rt/centos/srpm_path b/kernel/kernel-rt/centos/srpm_path index b4fa5dea5..a65085bc0 100644 --- a/kernel/kernel-rt/centos/srpm_path +++ b/kernel/kernel-rt/centos/srpm_path @@ -1 +1 @@ -mirror:Source/kernel-rt-3.10.0-957.21.3.rt56.935.el7.src.rpm +mirror:Source/kernel-rt-3.10.0-1062.1.2.rt56.1025.el7.src.rpm