From 38c184f1b415dbe2eca4a062f9f464a2dca01aa9 Mon Sep 17 00:00:00 2001 From: Robin Lu Date: Thu, 21 Nov 2019 15:04:40 +0800 Subject: [PATCH] Update kernel-std patches for kernel upgrade to version 1062.1.2 This upgrade fixes the CVEs listed below. We refresh the patches against the new kernel source. The patch 15 is now included in new version, so I drop it in the new patch. CVE bug: CVE-2019-11810:kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS CVE bug: CVE-2019-11811: kernel: use-after-free in IPMI Edit CVE bug: CVE-2019-14835: kernel: vhost-net: guest to host kernel escape during migration Closes-Bug: 1849206 Closes-Bug: 1849209 Closes-Bug: 1847817 Change-Id: I217cf8684e31dacea627c33462e5e4b6e089c38f Depends-On: https://review.opendev.org/#/c/695355/ Signed-off-by: Robin Lu --- centos_srpms_centos.lst | 2 +- kernel/kernel-std/centos/build_srpm.data | 2 +- .../Build-logic-and-sources-for-TiC.patch | 47 ++++++++++--------- .../centos/meta_patches/Compile-issues.patch | 4 +- .../Kernel-source-patches-for-TiC.patch | 11 ++--- ...e-when-transparent-hugepages-are-off.patch | 45 ++++++++++++++++-- ...orting-Cacheinfo-from-Kernel-4.10.17.patch | 4 +- ...01216-IMA-support-in-Titanium-kernel.patch | 27 ++++++----- ...-fix-for-disabling-CONFIG_MEMCG_KMEM.patch | 10 ++-- ...fix-CentOS-7.6-upgrade-compile-error.patch | 17 ++++--- .../patches/fix-compilation-issues.patch | 10 ++-- kernel/kernel-std/centos/srpm_path | 2 +- 12 files changed, 110 insertions(+), 71 deletions(-) diff --git a/centos_srpms_centos.lst b/centos_srpms_centos.lst index f668d4b85..6021250d2 100644 --- a/centos_srpms_centos.lst +++ b/centos_srpms_centos.lst @@ -7,7 +7,7 @@ grub2-2.02-0.76.el7.centos.src.rpm grubby-8.28-25.el7.src.rpm haproxy-1.5.18-8.el7.src.rpm initscripts-9.49.46-1.el7.src.rpm -kernel-3.10.0-957.21.3.el7.src.rpm +kernel-3.10.0-1062.1.2.el7.src.rpm libevent-2.0.21-4.el7.src.rpm # libibverbs-41mlnx1-OFED.4.5.0.1.0.45101.src.rpm lighttpd-1.4.54-1.el7.src.rpm diff --git a/kernel/kernel-std/centos/build_srpm.data b/kernel/kernel-std/centos/build_srpm.data index dab446664..c06f85d68 100644 --- a/kernel/kernel-std/centos/build_srpm.data +++ b/kernel/kernel-std/centos/build_srpm.data @@ -1,4 +1,4 @@ COPY_LIST="files/*" -TIS_PATCH_VER=2 +TIS_PATCH_VER=1 BUILD_IS_BIG=11 BUILD_IS_SLOW=12 diff --git a/kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch b/kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch index 77556b507..4c85f284e 100644 --- a/kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch +++ b/kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch @@ -5,8 +5,9 @@ Subject: [PATCH] Build logic and sources for TiC Signed-off-by: Jim Somerville Signed-off-by: zhao.shuai +Signed-off-by: Robin Lu --- - SPECS/kernel.spec | 73 +++++++++++++++++++++++++++++++++++++++++++++---------- + SPECS/kernel.spec | 73 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 60 insertions(+), 13 deletions(-) diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec @@ -24,23 +25,23 @@ index 852fd10..e42177e 100644 # For a kernel released for public testing, released_kernel should be 1. # For internal testing builds during development, it should be 0. @@ -14,12 +15,14 @@ Summary: The Linux kernel - %global distro_build 957 + %global distro_build 1062 %define rpmversion 3.10.0 --%define pkgrelease 957.21.3.el7 -+%define _pkgrelease 957.21.3 +-%define pkgrelease 1062.1.2.el7 ++%define _pkgrelease 1062.1.2 +%define pkgrelease %{_pkgrelease}.el7 + # allow pkg_release to have configurable %%{?dist} tag - %define specrelease 957.21.3%{?dist} + %define specrelease 1062.1.2%{?dist} -%define pkg_release %{specrelease}%{?buildid} +%define pkg_release %{specrelease}%{buildid} # The kernel tarball/base version %define rheltarball %{rpmversion}-%{pkgrelease} -@@ -68,7 +71,7 @@ Summary: The Linux kernel +@@ -69,7 +72,7 @@ Summary: The Linux kernel %define with_dbgonly %{?_with_dbgonly: 1} %{?!_with_dbgonly: 0} # Control whether we perform a compat. check against published ABI. @@ -48,8 +49,8 @@ index 852fd10..e42177e 100644 +%define with_kabichk 0 # Control whether we perform a compat. check against DUP ABI. - %define with_kabidupchk 1 -@@ -91,7 +94,7 @@ Summary: The Linux kernel + %define with_kabidupchk %{?_with_kabidupchk: 1} %{?!_with_kabidupchk: 0} +@@ -92,7 +95,7 @@ Summary: The Linux kernel # Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). # See also 'make debug' and 'make release'. RHEL only ever does 1. @@ -58,7 +59,7 @@ index 852fd10..e42177e 100644 %define with_gcov %{?_with_gcov: 1} %{?!_with_gcov: 0} -@@ -385,6 +388,7 @@ BuildRequires: bison flex +@@ -386,6 +389,7 @@ BuildRequires: bison flex # required for zfcpdump BuildRequires: glibc-static %endif @@ -66,7 +67,7 @@ index 852fd10..e42177e 100644 Source0: linux-%{rpmversion}-%{pkgrelease}.tar.xz -@@ -450,6 +454,12 @@ Patch1000: debrand-single-cpu.patch +@@ -453,6 +457,12 @@ Patch1000: debrand-single-cpu.patch Patch1001: debrand-rh_taint.patch Patch1002: debrand-rh-i686-cpu.patch @@ -79,7 +80,7 @@ index 852fd10..e42177e 100644 BuildRoot: %{_tmppath}/kernel-%{KVRA}-root %description -@@ -612,6 +622,13 @@ manipulation of eBPF programs and maps. +@@ -626,6 +636,13 @@ This package provides debug information for the bpftool package. %endif # with_bpftool @@ -93,7 +94,7 @@ index 852fd10..e42177e 100644 %if %{with_gcov} %package gcov Summary: gcov graph and source files for coverage data collection. -@@ -777,6 +794,9 @@ cd linux-%{KVRA} +@@ -791,6 +808,9 @@ cd linux-%{KVRA} # Drop some necessary files from the source dir into the buildroot cp $RPM_SOURCE_DIR/kernel-%{version}-*.config . @@ -103,7 +104,7 @@ index 852fd10..e42177e 100644 ApplyOptionalPatch linux-kernel-test.patch ApplyOptionalPatch debrand-single-cpu.patch ApplyOptionalPatch debrand-rh_taint.patch -@@ -821,6 +841,15 @@ for i in *.config +@@ -835,6 +855,15 @@ for i in *.config do mv $i .config Arch=`head -1 .config | cut -b 3-` @@ -119,7 +120,7 @@ index 852fd10..e42177e 100644 make %{?cross_opts} ARCH=$Arch listnewconfig | grep -E '^CONFIG_' >.newoptions || true %if %{listnewconfig_fail} if [ -s .newoptions ]; then -@@ -894,12 +923,13 @@ BuildKernel() { +@@ -908,12 +937,13 @@ BuildKernel() { # and now to start the build process @@ -134,7 +135,7 @@ index 852fd10..e42177e 100644 cp configs/$Config .config -@@ -914,8 +944,8 @@ BuildKernel() { +@@ -928,8 +958,8 @@ BuildKernel() { fi %endif @@ -145,7 +146,7 @@ index 852fd10..e42177e 100644 if [ "$Flavour" != "kdump" ]; then make -s %{?cross_opts} ARCH=$Arch V=1 %{?_smp_mflags} KCFLAGS="%{?kcflags}" WITH_GCOV="%{?with_gcov}" modules %{?sparse_mflags} || exit 1 -@@ -939,6 +969,8 @@ BuildKernel() { +@@ -953,6 +983,8 @@ BuildKernel() { fi # EFI SecureBoot signing, x86_64-only %ifarch x86_64 @@ -154,7 +155,7 @@ index 852fd10..e42177e 100644 %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE14} -n %{pesign_name} mv $KernelImage.signed $KernelImage %endif -@@ -955,7 +987,7 @@ BuildKernel() { +@@ -969,7 +1001,7 @@ BuildKernel() { if [ "$Flavour" != "kdump" ]; then # Override $(mod-fw) because we don't want it to install any firmware # we'll get it from the linux-firmware package and we don't want conflicts @@ -163,7 +164,7 @@ index 852fd10..e42177e 100644 %if %{with_gcov} # install gcov-needed files to $BUILDROOT/$BUILD/...: # gcov_info->filename is absolute path -@@ -965,7 +997,7 @@ BuildKernel() { +@@ -979,7 +1011,7 @@ BuildKernel() { %endif fi %ifarch %{vdso_arches} @@ -172,7 +173,7 @@ index 852fd10..e42177e 100644 if [ ! -s ldconfig-kernel.conf ]; then echo > ldconfig-kernel.conf "\ # Placeholder file, no vDSO hwcap entries used in this kernel." -@@ -1174,6 +1206,12 @@ BuildKernel() { +@@ -1188,6 +1220,12 @@ BuildKernel() { cp signing_key.priv signing_key.priv.sign${Flavour:+.${Flavour}} cp signing_key.x509 signing_key.x509.sign${Flavour:+.${Flavour}} @@ -185,7 +186,7 @@ index 852fd10..e42177e 100644 # remove files that will be auto generated by depmod at rpm -i time for i in alias alias.bin builtin.bin ccwmap dep dep.bin ieee1394map inputmap isapnpmap ofmap pcimap seriomap symbols symbols.bin usbmap softdep devname do -@@ -1234,15 +1272,15 @@ make %{?cross_opts} %{?_smp_mflags} -C tools/power/cpupower CPUFREQ_BENCH=false +@@ -1248,15 +1286,15 @@ make %{?cross_opts} %{?_smp_mflags} -C tools/power/cpupower CPUFREQ_BENCH=false %endif %ifarch x86_64 pushd tools/power/x86/x86_energy_perf_policy/ @@ -204,7 +205,7 @@ index 852fd10..e42177e 100644 popd %endif -@@ -1536,6 +1574,10 @@ fi}\ +@@ -1550,6 +1588,10 @@ fi}\ %{expand:\ %{_sbindir}/new-kernel-pkg --package kernel%{?-v:-%{-v*}} --install %{KVRA}%{?-v:.%{-v*}} || exit $?\ }\ @@ -215,7 +216,7 @@ index 852fd10..e42177e 100644 %{nil} # -@@ -1756,6 +1798,11 @@ fi +@@ -1775,6 +1817,11 @@ fi %kernel_variant_files %{with_debug} debug %kernel_variant_files %{with_kdump} kdump @@ -225,7 +226,7 @@ index 852fd10..e42177e 100644 +%endif + %changelog - * Mon Jun 17 2019 CentOS Sources - 3.10.0-957.21.3.el7 + * Fri Sep 20 2019 CentOS Sources - 3.10.0-1062.1.2.el7 - Apply debranding changes -- 1.8.3.1 diff --git a/kernel/kernel-std/centos/meta_patches/Compile-issues.patch b/kernel/kernel-std/centos/meta_patches/Compile-issues.patch index 9be5d8310..0af3a1c7e 100644 --- a/kernel/kernel-std/centos/meta_patches/Compile-issues.patch +++ b/kernel/kernel-std/centos/meta_patches/Compile-issues.patch @@ -16,7 +16,7 @@ diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index d5df4a4..1d765ed 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec -@@ -495,6 +495,12 @@ Patch40027: epoll-fix-use-after-free-in-eventpoll_release_file.patch +@@ -497,6 +497,12 @@ Patch40027: epoll-fix-use-after-free-in-eventpoll_release_file.patch Patch40028: ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch Patch40029: rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch Patch40030: rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch @@ -29,7 +29,7 @@ index d5df4a4..1d765ed 100644 BuildRoot: %{_tmppath}/kernel-%{KVRA}-root -@@ -869,6 +875,9 @@ ApplyOptionalPatch epoll-fix-use-after-free-in-eventpoll_release_file.patch +@@ -881,6 +887,9 @@ ApplyOptionalPatch epoll-fix-use-after-free-in-eventpoll_release_file.patch ApplyOptionalPatch ipvs-fix-memory-leak-in-ip_vs_ctl.c.patch ApplyOptionalPatch rh-ext4-release-leaked-posix-acl-in-ext4_acl_chmod.patch ApplyOptionalPatch rh-ext4-release-leaked-posix-acl-in-ext4_xattr_set_a.patch diff --git a/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch b/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch index 9a4bb4b5a..171786f12 100644 --- a/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch +++ b/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch @@ -6,15 +6,16 @@ Subject: [PATCH 1/2] Kernel-source-patches-for-TiC Signed-off-by: zhao.shuai Signed-off-by: Jim Somerville +Signed-off-by: Robin Lu --- - SPECS/kernel.spec | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 68 insertions(+) + SPECS/kernel.spec | 66 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 66 insertions(+) diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index e42177e..d5df4a4 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec -@@ -460,6 +460,42 @@ Patch1002: debrand-rh-i686-cpu.patch +@@ -463,6 +463,41 @@ Patch1002: debrand-rh-i686-cpu.patch Source30000: kernel-3.10.0-x86_64.config.tis_extra Source30001: ima_signing_key.pub @@ -33,7 +34,6 @@ index e42177e..d5df4a4 100644 +Patch40012: Enable-building-mpt2sas-and-mpt3sas-as-builtin-for-C.patch +Patch40013: Enable-building-kernel-with-CONFIG_BLK_DEV_NBD.patch +Patch40014: x86-make-dma_alloc_coherent-return-zeroed-memory-if-.patch -+Patch40015: rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch +Patch40016: Porting-Cacheinfo-from-Kernel-4.10.17.patch +Patch40017: Fix-cacheinfo-compilation-issues-for-3.10.patch +Patch40018: cpuidle-menu-stop-seeking-deeper-idle-if-current-sta.patch @@ -57,7 +57,7 @@ index e42177e..d5df4a4 100644 BuildRoot: %{_tmppath}/kernel-%{KVRA}-root %description -@@ -802,6 +838,38 @@ ApplyOptionalPatch debrand-single-cpu.patch +@@ -816,6 +851,37 @@ ApplyOptionalPatch debrand-single-cpu.patch ApplyOptionalPatch debrand-rh_taint.patch ApplyOptionalPatch debrand-rh-i686-cpu.patch @@ -76,7 +76,6 @@ index e42177e..d5df4a4 100644 +ApplyOptionalPatch Enable-building-mpt2sas-and-mpt3sas-as-builtin-for-C.patch +ApplyOptionalPatch Enable-building-kernel-with-CONFIG_BLK_DEV_NBD.patch +ApplyOptionalPatch x86-make-dma_alloc_coherent-return-zeroed-memory-if-.patch -+ApplyOptionalPatch rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch +ApplyOptionalPatch Porting-Cacheinfo-from-Kernel-4.10.17.patch +ApplyOptionalPatch Fix-cacheinfo-compilation-issues-for-3.10.patch +ApplyOptionalPatch cpuidle-menu-stop-seeking-deeper-idle-if-current-sta.patch diff --git a/kernel/kernel-std/centos/patches/Fix-compile-issue-when-transparent-hugepages-are-off.patch b/kernel/kernel-std/centos/patches/Fix-compile-issue-when-transparent-hugepages-are-off.patch index fec105dcb..a1b5c69d2 100644 --- a/kernel/kernel-std/centos/patches/Fix-compile-issue-when-transparent-hugepages-are-off.patch +++ b/kernel/kernel-std/centos/patches/Fix-compile-issue-when-transparent-hugepages-are-off.patch @@ -5,15 +5,54 @@ Date: Thu, 15 Dec 2016 14:27:48 -0500 Subject: [PATCH 01/26] Fix compile issue when transparent hugepages are off Signed-off-by: Jim Somerville +Signed-off-by: Robin Lu --- - mm/swap.c | 2 ++ - 1 file changed, 2 insertions(+) + drivers/gpu/drm/i915/i915_gemfs.c | 4 ++-- + fs/proc/task_mmu.c | 2 ++ + mm/swap.c | 2 ++ + 3 files changed, 6 insertions(+), 2 deletions(-) +diff --git a/drivers/gpu/drm/i915/i915_gemfs.c b/drivers/gpu/drm/i915/i915_gemfs.c +index 888b7d3f..efe915c7 100644 +--- a/drivers/gpu/drm/i915/i915_gemfs.c ++++ b/drivers/gpu/drm/i915/i915_gemfs.c +@@ -49,7 +49,7 @@ int i915_gemfs_init(struct drm_i915_private *i915) + * memory pressure shmem should split any huge-pages which can be + * shrunk. + */ +- ++#ifdef CONFIG_TRANSPARENT_HUGEPAGE + if (has_transparent_hugepage()) { + struct super_block *sb = gemfs->mnt_sb; + /* FIXME: Disabled until we get W/A for read BW issue. */ +@@ -63,7 +63,7 @@ int i915_gemfs_init(struct drm_i915_private *i915) + return err; + } + } +- ++#endif + i915->mm.gemfs = gemfs; + + return 0; +diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c +index e27a1d42..e8a8ba9d 100644 +--- a/fs/proc/task_mmu.c ++++ b/fs/proc/task_mmu.c +@@ -1116,7 +1116,9 @@ static int pagemap_pmd_range(pmd_t *pmdp, unsigned long addr, unsigned long end, + { + struct vm_area_struct *vma; + struct pagemapread *pm = walk->private; ++#ifdef CONFIG_TRANSPARENT_HUGEPAGE + spinlock_t *ptl; ++#endif + pte_t *pte; + int err = 0; + diff --git a/mm/swap.c b/mm/swap.c index 0982a35..6dcf38c 100644 --- a/mm/swap.c +++ b/mm/swap.c -@@ -1040,8 +1040,10 @@ void release_pages(struct page **pages, int nr, bool cold) +@@ -1043,8 +1043,10 @@ void release_pages(struct page **pages, int nr, bool cold) if (!put_page_testzero(page)) continue; diff --git a/kernel/kernel-std/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch b/kernel/kernel-std/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch index 5bdcccb52..f0345cf2c 100644 --- a/kernel/kernel-std/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch +++ b/kernel/kernel-std/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch @@ -1258,8 +1258,8 @@ index 53c3fe1..527d291 100644 driver.o class.o platform.o \ cpu.o firmware.o init.o map.o devres.o \ attribute_container.o transport_class.o \ -- topology.o container.o property.o -+ topology.o container.o property.o cacheinfo.o +- topology.o container.o property.o devcon.o ++ topology.o container.o property.o devcon.o cacheinfo.o obj-$(CONFIG_DEVTMPFS) += devtmpfs.o obj-$(CONFIG_DMA_CMA) += dma-contiguous.o obj-y += power/ diff --git a/kernel/kernel-std/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch b/kernel/kernel-std/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch index f91c8066b..a9a9f4821 100644 --- a/kernel/kernel-std/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch +++ b/kernel/kernel-std/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch @@ -17,21 +17,22 @@ definitions on module deinit - modification to ima_file_check to pass in file OPEN status Signed-off-by: Jim Somerville +Signed-off-by: Robin Lu --- fs/namei.c | 2 +- fs/nfsd/vfs.c | 2 +- fs/xattr.c | 1 + - include/linux/fs.h | 15 +------ - include/linux/ima.h | 77 +++++++------------------------- - include/linux/integrity.h | 22 ++++----- - security/security.c | 111 +++++++++++++++++++++++++++++++++++++++++++++- + include/linux/fs.h | 15 +----- + include/linux/ima.h | 77 ++++++-------------------- + include/linux/integrity.h | 22 +++----- + security/security.c | 111 +++++++++++++++++++++++++++++++++++++- 7 files changed, 140 insertions(+), 90 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 9f90b63..bf91ea0 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -3225,7 +3225,7 @@ opened: +@@ -3243,7 +3243,7 @@ opened: error = open_check_o_direct(file); if (error) goto exit_fput; @@ -57,7 +58,7 @@ diff --git a/fs/xattr.c b/fs/xattr.c index e540aca..cc307ec 100644 --- a/fs/xattr.c +++ b/fs/xattr.c -@@ -207,6 +207,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, +@@ -208,6 +208,7 @@ vfs_getxattr_alloc(struct dentry *dentry, const char *name, char **xattr_value, *xattr_value = value; return error; } @@ -69,18 +70,18 @@ diff --git a/include/linux/fs.h b/include/linux/fs.h index eb6f994..2dbaf80 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -677,9 +677,8 @@ struct inode { +@@ -681,9 +681,8 @@ struct inode { struct fsnotify_mark_connector __rcu *i_fsnotify_marks) #endif --#ifdef CONFIG_IMA +-#if defined(CONFIG_IMA) && defined(CONFIG_X86_64) atomic_t i_readcount; /* struct files open RO */ -#endif + void *i_private; /* fs or device private pointer */ }; -@@ -2830,7 +2829,6 @@ static inline bool inode_is_open_for_write(const struct inode *inode) +@@ -2852,7 +2851,6 @@ static inline bool inode_is_open_for_write(const struct inode *inode) return atomic_read(&inode->i_writecount) > 0; } @@ -88,7 +89,7 @@ index eb6f994..2dbaf80 100644 static inline void i_readcount_dec(struct inode *inode) { BUG_ON(!atomic_read(&inode->i_readcount)); -@@ -2840,16 +2838,7 @@ static inline void i_readcount_inc(struct inode *inode) +@@ -2862,16 +2860,7 @@ static inline void i_readcount_inc(struct inode *inode) { atomic_inc(&inode->i_readcount); } @@ -340,7 +341,7 @@ index f069482..646a0e3 100644 int security_ptrace_access_check(struct task_struct *child, unsigned int mode) { #ifdef CONFIG_SECURITY_YAMA_STACKED -@@ -720,8 +824,11 @@ EXPORT_SYMBOL(security_inode_listsecurity); +@@ -718,8 +822,11 @@ EXPORT_SYMBOL(security_inode_listsecurity); void security_inode_getsecid(struct inode *inode, u32 *secid) { @@ -353,7 +354,7 @@ index f069482..646a0e3 100644 int security_inode_copy_up(struct dentry *src, struct cred **new) { -@@ -1530,6 +1637,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +@@ -1528,6 +1635,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) { return security_ops->audit_rule_init(field, op, rulestr, lsmrule); } @@ -361,7 +362,7 @@ index f069482..646a0e3 100644 int security_audit_rule_known(struct audit_krule *krule) { -@@ -1546,6 +1654,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, +@@ -1544,6 +1652,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, { return security_ops->audit_rule_match(secid, field, op, lsmrule, actx); } diff --git a/kernel/kernel-std/centos/patches/compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch b/kernel/kernel-std/centos/patches/compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch index c41abbb37..cd69c6852 100644 --- a/kernel/kernel-std/centos/patches/compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch +++ b/kernel/kernel-std/centos/patches/compile-fix-for-disabling-CONFIG_MEMCG_KMEM.patch @@ -12,17 +12,17 @@ diff --git a/mm/memcontrol.c b/mm/memcontrol.c index 175fef9..e475427 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c -@@ -3007,6 +3007,8 @@ static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg, +@@ -2995,6 +2995,8 @@ static void __mem_cgroup_commit_charge(struct mem_cgroup *memcg, memcg_check_events(memcg, page); } +static DEFINE_MUTEX(memcg_limit_mutex); + #ifdef CONFIG_MEMCG_KMEM - static inline bool memcg_can_account_kmem(struct mem_cgroup *memcg) - { -@@ -3507,8 +3509,6 @@ out: - return new_cachep; + /* + * The memcg_slab_mutex is held whenever a per memcg kmem cache is created or +@@ -3375,8 +3377,6 @@ static inline void memcg_resume_kmem_account(void) + current->memcg_kmem_skip_account--; } -static DEFINE_MUTEX(memcg_limit_mutex); diff --git a/kernel/kernel-std/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch b/kernel/kernel-std/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch index 9a29c7d0b..c66a27b37 100644 --- a/kernel/kernel-std/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch +++ b/kernel/kernel-std/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch @@ -14,8 +14,8 @@ defined Signed-off-by: Martin, Chen --- drivers/block/drbd/drbd_req.c | 8 ++++---- - include/linux/filter.h | 4 ++++ - 2 files changed, 8 insertions(+), 4 deletions(-) + include/linux/filter.h | 3 +++ + 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c index a6f13f7..cbd0a49 100644 @@ -51,17 +51,16 @@ diff --git a/include/linux/filter.h b/include/linux/filter.h index cddbb31..15ce55f 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h -@@ -665,6 +665,10 @@ static inline bool bpf_jit_blinding_enabled(struct bpf_prog *prog) - return true; - } - #else +@@ -763,6 +763,9 @@ void bpf_prog_kallsyms_add(struct bpf_prog *fp); + void bpf_prog_kallsyms_del(struct bpf_prog *fp); + + #else /* CONFIG_BPF_JIT */ +struct bpf_prog * __weak trace_bpf_int_jit_compile(struct bpf_prog *prog); +void __weak trace_bpf_jit_compile(struct bpf_prog *prog); +void __weak trace_bpf_jit_free(struct bpf_prog *fp); -+ - static inline bool ebpf_jit_enabled(void) + + static inline bool bpf_prog_ebpf_jited(const struct bpf_prog *fp) { - return false; -- 1.8.3.1 diff --git a/kernel/kernel-std/centos/patches/fix-compilation-issues.patch b/kernel/kernel-std/centos/patches/fix-compilation-issues.patch index ba3351a57..b72a77347 100644 --- a/kernel/kernel-std/centos/patches/fix-compilation-issues.patch +++ b/kernel/kernel-std/centos/patches/fix-compilation-issues.patch @@ -16,12 +16,12 @@ diff --git a/arch/x86/mm/kaiser.c b/arch/x86/mm/kaiser.c index e233c88..5564c8d 100644 --- a/arch/x86/mm/kaiser.c +++ b/arch/x86/mm/kaiser.c -@@ -620,7 +620,7 @@ static const struct file_operations fops_kaiser_enabled = { +@@ -621,7 +621,7 @@ static const struct file_operations fops_kaiser_enabled = { static int __init create_kpti_enabled(void) { -- if (!xen_pv_domain()) -+ if (!is_xen_pv_domain()) +- if (!xen_pv_domain() && !sme_active()) ++ if (!is_xen_pv_domain() && !sme_active()) debugfs_create_file("pti_enabled", S_IRUSR | S_IWUSR, arch_debugfs_dir, NULL, &fops_kaiser_enabled); return 0; @@ -29,7 +29,7 @@ diff --git a/drivers/base/dma-contiguous.c b/drivers/base/dma-contiguous.c index a7d5bda..403101d 100644 --- a/drivers/base/dma-contiguous.c +++ b/drivers/base/dma-contiguous.c -@@ -309,7 +309,7 @@ struct page *dma_alloc_from_contiguous(struct device *dev, size_t count, +@@ -287,7 +287,7 @@ struct page *dma_alloc_from_contiguous(struct device *dev, size_t count, if (align > CONFIG_CMA_ALIGNMENT) align = CONFIG_CMA_ALIGNMENT; @@ -82,7 +82,7 @@ diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h index 26ec982..45af11b 100644 --- a/include/linux/huge_mm.h +++ b/include/linux/huge_mm.h -@@ -365,7 +365,7 @@ static inline int pud_trans_huge_lock(pud_t *pud, struct vm_area_struct *vma, +@@ -362,7 +362,7 @@ static inline int pud_trans_huge_lock(pud_t *pud, struct vm_area_struct *vma, return 0; } diff --git a/kernel/kernel-std/centos/srpm_path b/kernel/kernel-std/centos/srpm_path index badd8eb66..2575ffa75 100644 --- a/kernel/kernel-std/centos/srpm_path +++ b/kernel/kernel-std/centos/srpm_path @@ -1,2 +1,2 @@ -mirror:Source/kernel-3.10.0-957.21.3.el7.src.rpm +mirror:Source/kernel-3.10.0-1062.1.2.el7.src.rpm