From 10ed654d5e5adf3449e343e384eafdd4eb530e23 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Fri, 26 Sep 2025 10:41:23 +0000
Subject: [PATCH] import CS criu-3.19-3.el9

---
 ...45f77a34d1bc7ef146d650636afcd3cdda21.patch | 87 +++++++++++++++++++
 SOURCES/2587.patch                            | 30 +++++++
 SPECS/criu.spec                               | 11 ++-
 3 files changed, 127 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/089345f77a34d1bc7ef146d650636afcd3cdda21.patch
 create mode 100644 SOURCES/2587.patch

diff --git a/SOURCES/089345f77a34d1bc7ef146d650636afcd3cdda21.patch b/SOURCES/089345f77a34d1bc7ef146d650636afcd3cdda21.patch
new file mode 100644
index 0000000..d8aef52
--- /dev/null
+++ b/SOURCES/089345f77a34d1bc7ef146d650636afcd3cdda21.patch
@@ -0,0 +1,87 @@
+From 089345f77a34d1bc7ef146d650636afcd3cdda21 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Wed, 10 Jul 2024 18:34:50 +0200
+Subject: [PATCH] Adjust to glibc __rseq_size semantic change
+
+In commit 2e456ccf0c34a056e3ccafac4a0c7effef14d918 ("Linux: Make
+__rseq_size useful for feature detection (bug 31965)") glibc 2.40
+changed the meaning of __rseq_size slightly: it is now the size
+of the active/feature area (20 bytes initially), and not the size
+of the entire initially defined struct (32 bytes including padding).
+The reason for the change is that the size including padding does not
+allow detection of newly added features while previously unused
+padding is consumed.
+
+The prep_libc_rseq_info change in criu/cr-restore.c is not necessary
+on kernels which have full ptrace support for obtaining rseq
+information because the code is not used.  On older kernels, it is
+a correctness fix because with size 20 (the new value), rseq
+registeration would fail.
+
+The two other changes are required to make rseq unregistration work
+in tests.
+
+Signed-off-by: Florian Weimer <fweimer@redhat.com>
+---
+ criu/cr-restore.c             | 8 ++++++++
+ test/zdtm/static/rseq00.c     | 5 ++++-
+ test/zdtm/transition/rseq01.c | 5 ++++-
+ 3 files changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/criu/cr-restore.c b/criu/cr-restore.c
+index 4db2f4ecfc..b95d4f134b 100644
+--- a/criu/cr-restore.c
++++ b/criu/cr-restore.c
+@@ -2618,7 +2618,15 @@ static void prep_libc_rseq_info(struct rst_rseq_param *rseq)
+ 	if (!kdat.has_ptrace_get_rseq_conf) {
+ #if defined(__GLIBC__) && defined(RSEQ_SIG)
+ 		rseq->rseq_abi_pointer = encode_pointer(__criu_thread_pointer() + __rseq_offset);
++		/*
++		 * Current glibc reports the feature/active size in
++		 * __rseq_size, not the size passed to the kernel.
++		 * This could be 20, but older kernels expect 32 for
++		 * the size argument even if only 20 bytes are used.
++		 */
+ 		rseq->rseq_abi_size = __rseq_size;
++		if (rseq->rseq_abi_size < 32)
++			rseq->rseq_abi_size = 32;
+ 		rseq->signature = RSEQ_SIG;
+ #else
+ 		rseq->rseq_abi_pointer = 0;
+diff --git a/test/zdtm/static/rseq00.c b/test/zdtm/static/rseq00.c
+index 471ad6a43f..7add7801eb 100644
+--- a/test/zdtm/static/rseq00.c
++++ b/test/zdtm/static/rseq00.c
+@@ -46,12 +46,15 @@ static inline void *__criu_thread_pointer(void)
+ static inline void unregister_glibc_rseq(void)
+ {
+ 	struct rseq *rseq = (struct rseq *)((char *)__criu_thread_pointer() + __rseq_offset);
++	unsigned int size = __rseq_size;
+ 
+ 	/* hack: mark glibc rseq structure as failed to register */
+ 	rseq->cpu_id = RSEQ_CPU_ID_REGISTRATION_FAILED;
+ 
+ 	/* unregister rseq */
+-	syscall(__NR_rseq, (void *)rseq, __rseq_size, 1, RSEQ_SIG);
++	if (__rseq_size < 32)
++		size = 32;
++	syscall(__NR_rseq, (void *)rseq, size, 1, RSEQ_SIG);
+ }
+ #else
+ static inline void unregister_glibc_rseq(void)
+diff --git a/test/zdtm/transition/rseq01.c b/test/zdtm/transition/rseq01.c
+index 0fbcc2dca0..08a7a8e1a6 100644
+--- a/test/zdtm/transition/rseq01.c
++++ b/test/zdtm/transition/rseq01.c
+@@ -33,7 +33,10 @@ static inline void *thread_pointer(void)
+ static inline void unregister_old_rseq(void)
+ {
+ 	/* unregister rseq */
+-	syscall(__NR_rseq, (void *)((char *)thread_pointer() + __rseq_offset), __rseq_size, 1, RSEQ_SIG);
++	unsigned int size = __rseq_size;
++	if (__rseq_size < 32)
++		size = 32;
++	syscall(__NR_rseq, (void *)((char *)thread_pointer() + __rseq_offset), size, 1, RSEQ_SIG);
+ }
+ #else
+ static inline void unregister_old_rseq(void)
diff --git a/SOURCES/2587.patch b/SOURCES/2587.patch
new file mode 100644
index 0000000..7ff1ac5
--- /dev/null
+++ b/SOURCES/2587.patch
@@ -0,0 +1,30 @@
+From 432e9f78b44d15c38fcc07b509ca329b3ad627b5 Mon Sep 17 00:00:00 2001
+From: Adrian Reber <areber@redhat.com>
+Date: Thu, 6 Feb 2025 11:07:17 +0100
+Subject: [PATCH] lsm: use the user provided lsm label
+
+Currently CRIU has the possibility to specify a LSM label during
+restore. Unfortunately the information is completely ignored in the case
+of SELinux.
+
+This change selects the lsm label from the user if it is provided and
+else the label from the checkpoint image is used.
+
+Signed-off-by: Adrian Reber <areber@redhat.com>
+---
+ criu/lsm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/criu/lsm.c b/criu/lsm.c
+index d1b73cc79e..70b66d42ee 100644
+--- a/criu/lsm.c
++++ b/criu/lsm.c
+@@ -370,7 +370,7 @@ int render_lsm_profile(char *profile, char **val)
+ 	case LSMTYPE__APPARMOR:
+ 		return render_aa_profile(val, profile);
+ 	case LSMTYPE__SELINUX:
+-		if (asprintf(val, "%s", profile) < 0) {
++		if (asprintf(val, "%s", opts.lsm_supplied ? opts.lsm_profile : profile) < 0) {
+ 			*val = NULL;
+ 			return -1;
+ 		}
diff --git a/SPECS/criu.spec b/SPECS/criu.spec
index d98b94d..d69aaaa 100644
--- a/SPECS/criu.spec
+++ b/SPECS/criu.spec
@@ -7,7 +7,7 @@
 
 Name: criu
 Version: 3.19
-Release: 1%{?dist}
+Release: 3%{?dist}
 Provides: crtools = %{version}-%{release}
 Obsoletes: crtools <= 1.0-2
 Summary: Tool for Checkpoint/Restore in User-space
@@ -33,6 +33,9 @@ Recommends: tar
 
 Patch0: 0001-Fix-building-with-annobin.patch
 Patch1: criu.pc.patch
+Patch2: https://github.com/checkpoint-restore/criu/pull/2587.patch
+# Update restartable sequences to latest upstream code
+Patch3: https://github.com/checkpoint-restore/criu/commit/089345f77a34d1bc7ef146d650636afcd3cdda21.patch
 
 # user-space and kernel changes are only available for x86_64, arm,
 # ppc64le, aarch64 and s390x
@@ -80,6 +83,8 @@ their content in human-readable form.
 %setup -q
 %patch -P 0 -p1
 %patch -P 1 -p1
+%patch -P 2 -p1
+%patch -P 3 -p1
 
 %build
 # %{?_smp_mflags} does not work
@@ -133,6 +138,10 @@ rm $RPM_BUILD_ROOT%{_mandir}/man1/criu-ns.1*
 %doc %{_mandir}/man1/crit.1*
 
 %changelog
+* Thu May 08 2025 Adrian Reber <areber@redhat.com> - 3.19-3
+- Added patch to correctly handle SELinux labels in Kubernetes
+- Added latest upstream rseq patch
+
 * Fri Dec 08 2023 Radostin Stoyanov <radostin@redhat.com> - 3.19-1
 - Update to 3.19
 - Drop upstreamed patches