6 changed files with 1 additions and 344 deletions
--- a/SOURCES/tuned-2.21.1-CVE-2024-52337.patch
+++ b/SOURCES/tuned-2.21.1-CVE-2024-52337.patch
@ -1,118 +0,0 @@
-diff --git a/tuned/consts.py b/tuned/consts.py
-index 3749363..3b41ed9 100644
--- a/tuned/consts.py
-+++ b/tuned/consts.py
-@@ -1,4 +1,8 @@
- import logging
-+import string
-+
-+NAMES_ALLOWED_CHARS = string.ascii_letters + string.digits + " !@'+-.,/:;_$&*()%<=>?#[]{|}^~" + '"'
-+NAMES_MAX_LENGTH = 4096
- 
- GLOBAL_CONFIG_FILE = "/etc/tuned/tuned-main.conf"
- ACTIVE_PROFILE_FILE = "/etc/tuned/active_profile"
-diff --git a/tuned/daemon/controller.py b/tuned/daemon/controller.py
-index 6a59a1d..94e9022 100644
--- a/tuned/daemon/controller.py
-+++ b/tuned/daemon/controller.py
-@@ -182,6 +182,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 	def switch_profile(self, profile_name, caller = None):
- 		if caller == "":
- 			return (False, "Unauthorized")
-+		if not self._cmd.is_valid_name(profile_name):
-+			return (False, "Invalid profile_name")
- 		return self._switch_profile(profile_name, True)
- 
- 	@exports.export("", "(bs)")
-@@ -255,8 +257,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 
- 	@exports.export("s", "(bsss)")
- 	def profile_info(self, profile_name, caller = None):
-		if caller == "":
-			return tuple(False, "", "", "")
-+		if caller == "" or not self._cmd.is_valid_name(profile_name):
-+			return (False, "", "", "")
- 		if profile_name is None or profile_name == "":
- 			profile_name = self.active_profile()
- 		return tuple(self._daemon.profile_loader.profile_locator.get_profile_attrs(profile_name, [consts.PROFILE_ATTR_SUMMARY, consts.PROFILE_ATTR_DESCRIPTION], [""]))
-@@ -287,7 +289,7 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 		dictionary -- {plugin_name: {parameter_name: default_value}}
- 		"""
- 		if caller == "":
-			return False
-+			return {}
- 		plugins = {}
- 		for plugin_class in self._daemon.get_all_plugins():
- 			plugin_name = plugin_class.__module__.split(".")[-1].split("_", 1)[1]
-@@ -300,8 +302,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 	@exports.export("s","s")
- 	def get_plugin_documentation(self, plugin_name, caller = None):
- 		"""Return docstring of plugin's class"""
-		if caller == "":
-			return False
-+		if caller == "" or not self._cmd.is_valid_name(plugin_name):
-+			return ""
- 		return self._daemon.get_plugin_documentation(str(plugin_name))
- 
- 	@exports.export("s","a{ss}")
-@@ -314,8 +316,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 		Return:
- 		dictionary -- {parameter_name: hint}
- 		"""
-		if caller == "":
-			return False
-+		if caller == "" or not self._cmd.is_valid_name(plugin_name):
-+			return {}
- 		return self._daemon.get_plugin_hints(str(plugin_name))
- 
- 	@exports.export("s", "b")
-@@ -328,7 +330,7 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 		Return:
- 		bool -- True on success
- 		"""
-		if caller == "":
-+		if caller == "" or not self._cmd.is_valid_name(path):
- 			return False
- 		if self._daemon._application and self._daemon._application._unix_socket_exporter:
- 			self._daemon._application._unix_socket_exporter.register_signal_path(path)
-@@ -342,6 +344,10 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 	def instance_acquire_devices(self, devices, instance_name, caller = None):
- 		if caller == "":
- 			return (False, "Unauthorized")
-+		if not self._cmd.is_valid_name(devices):
-+			return (False, "Invalid devices")
-+		if not self._cmd.is_valid_name(instance_name):
-+			return (False, "Invalid instance_name")
- 		found = False
- 		for instance_target in self._daemon._unit_manager.instances:
- 			if instance_target.name == instance_name:
-@@ -388,6 +394,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 		"""
- 		if caller == "":
- 			return (False, "Unauthorized", [])
-+		if not self._cmd.is_valid_name(plugin_name):
-+			return (False, "Invalid plugin_name", [])
- 		if plugin_name != "" and plugin_name not in self.get_all_plugins().keys():
- 			rets = "Plugin '%s' does not exist" % plugin_name
- 			log.error(rets)
-@@ -411,6 +419,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 		"""
- 		if caller == "":
- 			return (False, "Unauthorized", [])
-+		if not self._cmd.is_valid_name(instance_name):
-+			return (False, "Invalid instance_name", [])
- 		for instance in self._daemon._unit_manager.instances:
- 			if instance.name == instance_name:
- 				return (True, "OK", sorted(list(instance.processed_devices)))
-diff --git a/tuned/utils/commands.py b/tuned/utils/commands.py
-index ce51fc0..38d95ef 100644
--- a/tuned/utils/commands.py
-+++ b/tuned/utils/commands.py
-@@ -544,3 +544,7 @@ class commands:
- 			import string
- 			trans = string.maketrans(source_chars, dest_chars)
- 		return text.translate(trans)
-+
-+	# Checks if name contains only valid characters and has valid length or is empty string or None
-+	def is_valid_name(self, name):
-+		return not name or (all(c in consts.NAMES_ALLOWED_CHARS for c in name) and len(name) <= consts.NAMES_MAX_LENGTH)
--- a/SOURCES/tuned-2.22.1-postgresql-disable-amd-instance.patch
+++ b/SOURCES/tuned-2.22.1-postgresql-disable-amd-instance.patch
@ -1,11 +0,0 @@
-diff --git a/profiles/postgresql/tuned.conf b/profiles/postgresql/tuned.conf
-index 88da8e4..4fd3810 100644
--- a/profiles/postgresql/tuned.conf
-+++ b/profiles/postgresql/tuned.conf
-@@ -55,3 +55,6 @@ sched_min_granularity_ns = 10000000
- # "cache hot" and thus less likely to be re-migrated
- # (system default is 500000, i.e. 0.5 ms)
- sched_migration_cost_ns = 50000000
-+
-+[scheduler.amd]
-+enabled=false
--- a/SOURCES/tuned-2.22.1-profile-epyc-eda.patch
+++ b/SOURCES/tuned-2.22.1-profile-epyc-eda.patch
@ -1,54 +0,0 @@
-From 7557cf975282326cdbfe55b7b803d8075ff37cba Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
-Date: Tue, 12 Mar 2024 20:25:43 +0100
-Subject: [PATCH] epyc-eda: added new profile for EDA compute workloads on AMD
- EPYC CPUs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
---
- man/tuned-profiles.7         |  4 ++++
- profiles/epyc-eda/tuned.conf | 14 ++++++++++++++
- 2 files changed, 18 insertions(+)
- create mode 100644 profiles/epyc-eda/tuned.conf
-
-diff --git a/man/tuned-profiles.7 b/man/tuned-profiles.7
-index 10cad7b..600e8bb 100644
--- a/man/tuned-profiles.7
-+++ b/man/tuned-profiles.7
-@@ -141,6 +141,10 @@ profiles (e.g. throughput\-performance profile), example:
- Profile optimized for AWS EC2 instances. It is based on the
- throughput\-performance profile.
- 
-+.TP
-+.BI "epyc-eda"
-+Profile optimized for EDA compute workloads on AMD EPYC CPUs.
-+
- .SH "FILES"
- .nf
- .I /etc/tuned/*
-diff --git a/profiles/epyc-eda/tuned.conf b/profiles/epyc-eda/tuned.conf
-new file mode 100644
-index 0000000..482d404
--- /dev/null
-+++ b/profiles/epyc-eda/tuned.conf
-@@ -0,0 +1,14 @@
-+#
-+# tuned configuration
-+#
-+
-+[main]
-+summary=Optimize for EDA compute workloads on AMD EPYC CPUs
-+description=Configures virtual memory, CPU governors, and network settings for EDA compute workloads.
-+include=throughput-performance
-+
-+# AMD
-+[scheduler.amd]
-+type=scheduler
-+#Allow processes to rapidly move between cores to avoid idle time and maximize CPU usage
-+sched_migration_cost_ns=10000
-- 
-2.44.0
-
--- a/SOURCES/tuned-2.22.1-sap-vm-max-map-count.patch
+++ b/SOURCES/tuned-2.22.1-sap-vm-max-map-count.patch
@ -1,28 +0,0 @@
-From 04ead944fdf640ed986331179e533542efc934c7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
-Date: Mon, 8 Apr 2024 11:03:47 +0200
-Subject: [PATCH] sap-netweaver: increased vm.max_map_count
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Resolves: RHEL-31757
-
-Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
---
- profiles/sap-netweaver/tuned.conf | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/profiles/sap-netweaver/tuned.conf b/profiles/sap-netweaver/tuned.conf
-index a1cfd17..81c4d44 100644
--- a/profiles/sap-netweaver/tuned.conf
-+++ b/profiles/sap-netweaver/tuned.conf
-@@ -10,4 +10,4 @@ include=throughput-performance
- kernel.sem = 32000 1024000000 500 32000
- kernel.shmall = 18446744073692774399
- kernel.shmmax = 18446744073692774399
-vm.max_map_count = 2000000
-+vm.max_map_count = 2147483647
-- 
-2.44.0
-
--- a/SOURCES/tuned-2.22.1-use-hdparm-lazily.patch
+++ b/SOURCES/tuned-2.22.1-use-hdparm-lazily.patch
@ -1,97 +0,0 @@
-diff --git a/tuned/plugins/plugin_disk.py b/tuned/plugins/plugin_disk.py
-index 1438e35..d6feb06 100644
--- a/tuned/plugins/plugin_disk.py
-+++ b/tuned/plugins/plugin_disk.py
-@@ -100,19 +100,20 @@ class DiskPlugin(hotplug.Plugin):
- 		self._devices_supported = True
- 		self._use_hdparm = True
- 		self._free_devices = set()
-		self._hdparm_apm_devices = set()
-+		self._hdparm_apm_device_support = dict()
- 		for device in self._hardware_inventory.get_devices("block"):
- 			if self._device_is_supported(device):
- 				self._free_devices.add(device.sys_name)
-				if self._use_hdparm and self._is_hdparm_apm_supported(device.sys_name):
-					self._hdparm_apm_devices.add(device.sys_name)
-
- 		self._assigned_devices = set()
- 
- 	def _get_device_objects(self, devices):
- 		return [self._hardware_inventory.get_device("block", x) for x in devices]
- 
- 	def _is_hdparm_apm_supported(self, device):
-+		if not self._use_hdparm:
-+			return False
-+		if device in self._hdparm_apm_device_support:
-+			return self._hdparm_apm_device_support[device]
- 		(rc, out, err_msg) = self._cmd.execute(["hdparm", "-C", "/dev/%s" % device], \
- 				no_errors = [errno.ENOENT], return_err=True)
- 		if rc == -errno.ENOENT:
-@@ -122,10 +123,13 @@ class DiskPlugin(hotplug.Plugin):
- 		elif rc:
- 			log.info("Device '%s' not supported by hdparm" % device)
- 			log.debug("(rc: %s, msg: '%s')" % (rc, err_msg))
-+			self._hdparm_apm_device_support[device] = False
- 			return False
- 		elif "unknown" in out:
- 			log.info("Driver for device '%s' does not support apm command" % device)
-+			self._hdparm_apm_device_support[device] = False
- 			return False
-+		self._hdparm_apm_device_support[device] = True
- 		return True
- 
- 	@classmethod
-@@ -232,7 +236,7 @@ class DiskPlugin(hotplug.Plugin):
- 		return not "standby" in out and not "sleeping" in out
- 
- 	def _instance_update_dynamic(self, instance, device):
-		if not device in self._hdparm_apm_devices:
-+		if not self._is_hdparm_apm_supported(device):
- 			return
- 		load = instance._load_monitor.get_device_load(device)
- 		if load is None:
-@@ -315,7 +319,7 @@ class DiskPlugin(hotplug.Plugin):
- 		# At the moment we support dynamic tuning just for devices compatible with hdparm apm commands
- 		# If in future will be added new functionality not connected to this command,
- 		# it is needed to change it here
-		if device not in self._hdparm_apm_devices:
-+		if not self._is_hdparm_apm_supported(device):
- 			log.info("There is no dynamic tuning available for device '%s' at time" % device)
- 		else:
- 			super(DiskPlugin, self)._instance_apply_dynamic(instance, device)
-@@ -350,7 +354,7 @@ class DiskPlugin(hotplug.Plugin):
- 
- 	@command_set("apm", per_device=True)
- 	def _set_apm(self, value, device, sim, remove):
-		if device not in self._hdparm_apm_devices:
-+		if not self._is_hdparm_apm_supported(device):
- 			if not sim:
- 				log.info("apm option is not supported for device '%s'" % device)
- 				return None
-@@ -366,7 +370,7 @@ class DiskPlugin(hotplug.Plugin):
- 
- 	@command_get("apm")
- 	def _get_apm(self, device, ignore_missing=False):
-		if device not in self._hdparm_apm_devices:
-+		if not self._is_hdparm_apm_supported(device):
- 			if not ignore_missing:
- 				log.info("apm option is not supported for device '%s'" % device)
- 			return None
-@@ -390,7 +394,7 @@ class DiskPlugin(hotplug.Plugin):
- 
- 	@command_set("spindown", per_device=True)
- 	def _set_spindown(self, value, device, sim, remove):
-		if device not in self._hdparm_apm_devices:
-+		if not self._is_hdparm_apm_supported(device):
- 			if not sim:
- 				log.info("spindown option is not supported for device '%s'" % device)
- 				return None
-@@ -406,7 +410,7 @@ class DiskPlugin(hotplug.Plugin):
- 
- 	@command_get("spindown")
- 	def _get_spindown(self, device, ignore_missing=False):
-		if device not in self._hdparm_apm_devices:
-+		if not self._is_hdparm_apm_supported(device):
- 			if not ignore_missing:
- 				log.info("spindown option is not supported for device '%s'" % device)
- 			return None
--- a/SPECS/tuned.spec
+++ b/SPECS/tuned.spec
@ -35,7 +35,7 @@
 Summary: A dynamic adaptive system tuning daemon
 Name: tuned
 Version: 2.22.1
-Release: 6%{?prerel1}%{?dist}
+Release: 1%{?prerel1}%{?dist}
 License: GPLv2+
 Source0: https://github.com/redhat-performance/%{name}/archive/v%{version}%{?prerel2}/%{name}-%{version}%{?prerel2}.tar.gz
 # RHEL-8 specific recommend.conf:
@ -97,15 +97,6 @@ Requires: python3-syspurpose
 Patch0: tuned-2.22.0-rhel-8-profiles.patch
 # Revert no balancing cores to use SD_LOAD_BALANCE (see rhbz#1874596 for details)
 Patch1: tuned-2.21.0-sd-load-balance.patch
-# epyc-eda TuneD profile only for RHEL-8 (see RHEL-27528 for details)
-Patch2: tuned-2.22.1-profile-epyc-eda.patch
-# Update vm.max_map_count in the sap-netweaver profile (see RHEL-32124 for details)
-Patch3: tuned-2.22.1-sap-vm-max-map-count.patch
-Patch4: tuned-2.21.1-CVE-2024-52337.patch
-# Make hdparm device checks lazy (see RHEL-71457 for details)
-Patch5: tuned-2.22.1-use-hdparm-lazily.patch
-# Disable the amd.scheduler plug-in instance in the postgresql profile (see RHEL-70470 for details)
-Patch6: tuned-2.22.1-postgresql-disable-amd-instance.patch

 %description
 The tuned package contains a daemon that tunes system settings dynamically.
@ -578,32 +569,6 @@ fi
 %config(noreplace) %{_sysconfdir}/tuned/ppd.conf

 %changelog
-* Mon Jan 06 2025 Pavol Žáčik <pzacik@redhat.com> - 2.22.1-6
- Make hdparm device checks lazy
-  Resolves: RHEL-71457
- Disable the amd.scheduler plug-in instance in the postgresql profile
-  Resolves: RHEL-70470
-
-* Mon Nov 18 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.22.1-5
- Added sanity checks for API methods parameters, (CVE-2024-52337)
-  Resolves: RHEL-66614
-
-* Fri May  3 2024 Pavol Žáčik <pzacik@redhat.com> - 2.22.1-4.1
- sap-netweaver: increase vm.max_map_count
-  resolves: RHEL-32124
-
-* Wed Mar 13 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.22.1-4
- release bump due to broken c8s
-  related: RHEL-27528
-
-* Wed Mar 13 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.22.1-3
- release bump
-  related: RHEL-27528
-
-* Tue Mar 12 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.22.1-2
- profiles: added epyc-eda profile
-  resolves: RHEL-27528
-
 * Thu Feb 22 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.22.1-1
 - new release
  - rebased tuned to latest upstream