!74 回合上游社区补丁

From: @wilhelmleibniz Reviewed-by: @wangbin224 Signed-off-by: @wangbin224
2024-12-05 06:22:30 +00:00 · 2024-12-05 06:22:30 +00:00 · 474296843b
commit 474296843b
parent 0f6b7ae901 4b271d4f91
3 changed files with 93 additions and 1 deletions
--- a/0014-backport-Make-numa_available-respect-EPERM.patch
+++ b/0014-backport-Make-numa_available-respect-EPERM.patch
@ -0,0 +1,31 @@
+From 0efea0eb1980964c3264c901ec4e8934c4c05541 Mon Sep 17 00:00:00 2001
+From: filimonov <1549571+filimonov@users.noreply.github.com>
+Date: Mon, 21 Oct 2024 18:45:02 +0200
+Subject: [PATCH] Make numa_available respect EPERM
+
+Make numa_available respect EPERM
+
+In the Docker environment, usage of `get_mempolicy` is restricted by seccomp security profiles:
+https://docs.docker.com/engine/security/seccomp/ (unless `CAP_SYS_NICE` is set).
+
+But `numa_available` used to ignore EPERM and return 'true', i.e., available. This led to further code attempting other API calls, which resulted in "operation not permitted" errors printed to stderr.
+
+See details in:
+https://github.com/ClickHouse/ClickHouse/issues/68747#issuecomment-2426210768
+---
+ libnuma.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libnuma.c b/libnuma.c
+index f10d127..0989943 100644
+--- a/libnuma.c
+++ b/libnuma.c
+@@ -871,7 +871,7 @@ long numa_node_size(int node, long *freep)
+ 
+ int numa_available(void)
+ {
+-	if (get_mempolicy(NULL, NULL, 0, 0, 0) < 0 && errno == ENOSYS)
+	if (get_mempolicy(NULL, NULL, 0, 0, 0) < 0 && (errno == ENOSYS || errno == EPERM))
+ 		return -1;
+ 	return 0;
+ }
--- a/0015-backport-fix-nodemask-allocation-size-for-get_mempolicy.patch
+++ b/0015-backport-fix-nodemask-allocation-size-for-get_mempolicy.patch
@ -0,0 +1,54 @@
+From a7651aa406a370fdcf431a215485040ba84c2d01 Mon Sep 17 00:00:00 2001
+From: q66 <q66@chimera-linux.org>
+Date: Thu, 22 Aug 2024 08:51:23 +0200
+Subject: [PATCH] libnuma: fix nodemask allocation size for get_mempolicy
+
+This prevents buffer corrpution which manifests as firefox
+failing to play videos with mimalloc in hardened mode (as the
+get_mempolicy will corrupt the metadata).
+
+The documentation for get_mempolicy specifies the following:
+
+```
+unsigned long nodemask[(.maxnode + ULONG_WIDTH - 1)
+                       / ULONG_WIDTH]
+```
+
+where maxnode is the following argument. Since we are calling
+get_mempolicy with `nodemask_sz + 1`, that means the size
+will be `(nodemask_sz + 1 + ULONG_WIDTH - 1) / ULONG_WIDTH)`
+i.e. `(nodemask_sz + ULONG_WIDTH) / ULONG_WIDTH` or
+`nodemask_sz / ULONG_WIDTH + 1`.
+
+Since `ULONG_WIDTH` is `sizeof ulong * 8`, and the
+nodemask is an array of ulong, that means the allocation
+size should be:
+
+```
+sizeof ulong * (nodemask_sz / (sizeof ulong * 8) + 1)
+```
+
+which is equal to:
+
+```
+sizeof ulong + nodemask_size / 8
+```
+
+That means we need an extra ulong in the buffer.
+---
+ libnuma.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libnuma.c b/libnuma.c
+index 89a17e0..5d99e81 100644
+--- a/libnuma.c
+++ b/libnuma.c
+@@ -427,7 +427,7 @@ set_nodemask_size(void)
+ 		nodemask_sz = 16;
+ 		do {
+ 			nodemask_sz <<= 1;
+-			mask = realloc(mask, nodemask_sz / 8);
+			mask = realloc(mask, nodemask_sz / 8 + sizeof(unsigned long));
+ 			if (!mask)
+ 				return;
+ 		} while (get_mempolicy(&pol, mask, nodemask_sz + 1, 0, 0) < 0 && errno == EINVAL &&
--- a/numactl.spec
+++ b/numactl.spec
@ -1,6 +1,6 @@
 Name: numactl
 Version: 2.0.16
-Release: 11
+Release: 12
 Summary: Library for tuning for Non Uniform Memory Access machines
 License: GPLv2
 URL: https://github.com/numactl/numactl
@ -20,6 +20,8 @@ Patch0010: 0010-fix-fix-memory-leaks-when-run-with-H.patch
 Patch0011: 0011-libnuma-Fix-unexpected-output.patch
 Patch0012: 0012-libnuma-Fix-incorrect-print-and-exit-of-numa_preferr.patch
 Patch0013: 0013-fix-the-using-of-the-uninitialized-value.patch
+Patch0014: 0014-backport-Make-numa_available-respect-EPERM.patch
+Patch0015: 0015-backport-fix-nodemask-allocation-size-for-get_mempolicy.patch

 %description
 Simple NUMA policy support. It consists of a numactl program to run other
@ -88,6 +90,11 @@ LD_LIBRARY_PATH=$(pwd)/.libs make check
 %{_mandir}/man3/*.3*

 %changelog
+* Tue Dec 3 2024 andy <liuyang01@kylinos.cn> - 2.0.16-12
+- backport patches from upstream
+- libnuma: Make numa_available respect EPERM
+- libnuma: fix nodemask allocation size for get_mempolicy
+
 * Tue Jul 2 2024 zhangyaqi <zhangyaqi@kylinos.cn> - 2.0.16-11
 - numademo: Fix the using of the uninitialized value