SOURCES/tuned-2.21.1-CVE-2024-52337.patch

@@ -1,118 +0,0 @@
-diff --git a/tuned/consts.py b/tuned/consts.py
-index 3749363..3b41ed9 100644
---- a/tuned/consts.py
-+++ b/tuned/consts.py
-@@ -1,4 +1,8 @@
- import logging
-+import string
-+
-+NAMES_ALLOWED_CHARS = string.ascii_letters + string.digits + " !@'+-.,/:;_$&*()%<=>?#[]{|}^~" + '"'
-+NAMES_MAX_LENGTH = 4096
- 
- GLOBAL_CONFIG_FILE = "/etc/tuned/tuned-main.conf"
- ACTIVE_PROFILE_FILE = "/etc/tuned/active_profile"
-diff --git a/tuned/daemon/controller.py b/tuned/daemon/controller.py
-index 6a59a1d..94e9022 100644
---- a/tuned/daemon/controller.py
-+++ b/tuned/daemon/controller.py
-@@ -182,6 +182,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 	def switch_profile(self, profile_name, caller = None):
- 		if caller == "":
- 			return (False, "Unauthorized")
-+		if not self._cmd.is_valid_name(profile_name):
-+			return (False, "Invalid profile_name")
- 		return self._switch_profile(profile_name, True)
- 
- 	@exports.export("", "(bs)")
-@@ -255,8 +257,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 
- 	@exports.export("s", "(bsss)")
- 	def profile_info(self, profile_name, caller = None):
--		if caller == "":
--			return tuple(False, "", "", "")
-+		if caller == "" or not self._cmd.is_valid_name(profile_name):
-+			return (False, "", "", "")
- 		if profile_name is None or profile_name == "":
- 			profile_name = self.active_profile()
- 		return tuple(self._daemon.profile_loader.profile_locator.get_profile_attrs(profile_name, [consts.PROFILE_ATTR_SUMMARY, consts.PROFILE_ATTR_DESCRIPTION], [""]))
-@@ -287,7 +289,7 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 		dictionary -- {plugin_name: {parameter_name: default_value}}
- 		"""
- 		if caller == "":
--			return False
-+			return {}
- 		plugins = {}
- 		for plugin_class in self._daemon.get_all_plugins():
- 			plugin_name = plugin_class.__module__.split(".")[-1].split("_", 1)[1]
-@@ -300,8 +302,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 	@exports.export("s","s")
- 	def get_plugin_documentation(self, plugin_name, caller = None):
- 		"""Return docstring of plugin's class"""
--		if caller == "":
--			return False
-+		if caller == "" or not self._cmd.is_valid_name(plugin_name):
-+			return ""
- 		return self._daemon.get_plugin_documentation(str(plugin_name))
- 
- 	@exports.export("s","a{ss}")
-@@ -314,8 +316,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 		Return:
- 		dictionary -- {parameter_name: hint}
- 		"""
--		if caller == "":
--			return False
-+		if caller == "" or not self._cmd.is_valid_name(plugin_name):
-+			return {}
- 		return self._daemon.get_plugin_hints(str(plugin_name))
- 
- 	@exports.export("s", "b")
-@@ -328,7 +330,7 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 		Return:
- 		bool -- True on success
- 		"""
--		if caller == "":
-+		if caller == "" or not self._cmd.is_valid_name(path):
- 			return False
- 		if self._daemon._application and self._daemon._application._unix_socket_exporter:
- 			self._daemon._application._unix_socket_exporter.register_signal_path(path)
-@@ -342,6 +344,10 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 	def instance_acquire_devices(self, devices, instance_name, caller = None):
- 		if caller == "":
- 			return (False, "Unauthorized")
-+		if not self._cmd.is_valid_name(devices):
-+			return (False, "Invalid devices")
-+		if not self._cmd.is_valid_name(instance_name):
-+			return (False, "Invalid instance_name")
- 		found = False
- 		for instance_target in self._daemon._unit_manager.instances:
- 			if instance_target.name == instance_name:
-@@ -388,6 +394,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 		"""
- 		if caller == "":
- 			return (False, "Unauthorized", [])
-+		if not self._cmd.is_valid_name(plugin_name):
-+			return (False, "Invalid plugin_name", [])
- 		if plugin_name != "" and plugin_name not in self.get_all_plugins().keys():
- 			rets = "Plugin '%s' does not exist" % plugin_name
- 			log.error(rets)
-@@ -411,6 +419,8 @@ class Controller(tuned.exports.interfaces.ExportableInterface):
- 		"""
- 		if caller == "":
- 			return (False, "Unauthorized", [])
-+		if not self._cmd.is_valid_name(instance_name):
-+			return (False, "Invalid instance_name", [])
- 		for instance in self._daemon._unit_manager.instances:
- 			if instance.name == instance_name:
- 				return (True, "OK", sorted(list(instance.processed_devices)))
-diff --git a/tuned/utils/commands.py b/tuned/utils/commands.py
-index ce51fc0..38d95ef 100644
---- a/tuned/utils/commands.py
-+++ b/tuned/utils/commands.py
-@@ -544,3 +544,7 @@ class commands:
- 			import string
- 			trans = string.maketrans(source_chars, dest_chars)
- 		return text.translate(trans)
-+
-+	# Checks if name contains only valid characters and has valid length or is empty string or None
-+	def is_valid_name(self, name):
-+		return not name or (all(c in consts.NAMES_ALLOWED_CHARS for c in name) and len(name) <= consts.NAMES_MAX_LENGTH)

SOURCES/tuned-2.22.1-profile-epyc-eda.patch

@@ -1,54 +0,0 @@
-From 7557cf975282326cdbfe55b7b803d8075ff37cba Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
-Date: Tue, 12 Mar 2024 20:25:43 +0100
-Subject: [PATCH] epyc-eda: added new profile for EDA compute workloads on AMD
- EPYC CPUs
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
----
- man/tuned-profiles.7         |  4 ++++
- profiles/epyc-eda/tuned.conf | 14 ++++++++++++++
- 2 files changed, 18 insertions(+)
- create mode 100644 profiles/epyc-eda/tuned.conf
-
-diff --git a/man/tuned-profiles.7 b/man/tuned-profiles.7
-index 10cad7b..600e8bb 100644
---- a/man/tuned-profiles.7
-+++ b/man/tuned-profiles.7
-@@ -141,6 +141,10 @@ profiles (e.g. throughput\-performance profile), example:
- Profile optimized for AWS EC2 instances. It is based on the
- throughput\-performance profile.
- 
-+.TP
-+.BI "epyc-eda"
-+Profile optimized for EDA compute workloads on AMD EPYC CPUs.
-+
- .SH "FILES"
- .nf
- .I /etc/tuned/*
-diff --git a/profiles/epyc-eda/tuned.conf b/profiles/epyc-eda/tuned.conf
-new file mode 100644
-index 0000000..482d404
---- /dev/null
-+++ b/profiles/epyc-eda/tuned.conf
-@@ -0,0 +1,14 @@
-+#
-+# tuned configuration
-+#
-+
-+[main]
-+summary=Optimize for EDA compute workloads on AMD EPYC CPUs
-+description=Configures virtual memory, CPU governors, and network settings for EDA compute workloads.
-+include=throughput-performance
-+
-+# AMD
-+[scheduler.amd]
-+type=scheduler
-+#Allow processes to rapidly move between cores to avoid idle time and maximize CPU usage
-+sched_migration_cost_ns=10000
--- 
-2.44.0
-

SOURCES/tuned-2.22.1-sap-vm-max-map-count.patch

@@ -1,28 +0,0 @@
-From 04ead944fdf640ed986331179e533542efc934c7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
-Date: Mon, 8 Apr 2024 11:03:47 +0200
-Subject: [PATCH] sap-netweaver: increased vm.max_map_count
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Resolves: RHEL-31757
-
-Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
----
- profiles/sap-netweaver/tuned.conf | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/profiles/sap-netweaver/tuned.conf b/profiles/sap-netweaver/tuned.conf
-index a1cfd17..81c4d44 100644
---- a/profiles/sap-netweaver/tuned.conf
-+++ b/profiles/sap-netweaver/tuned.conf
-@@ -10,4 +10,4 @@ include=throughput-performance
- kernel.sem = 32000 1024000000 500 32000
- kernel.shmall = 18446744073692774399
- kernel.shmmax = 18446744073692774399
--vm.max_map_count = 2000000
-+vm.max_map_count = 2147483647
--- 
-2.44.0
-

SPECS/tuned.spec

@@ -35,7 +35,7 @@
 Summary: A dynamic adaptive system tuning daemon
 Name: tuned
 Version: 2.22.1
-Release: 5%{?prerel1}%{?dist}
+Release: 1%{?prerel1}%{?dist}
 License: GPLv2+
 Source0: https://github.com/redhat-performance/%{name}/archive/v%{version}%{?prerel2}/%{name}-%{version}%{?prerel2}.tar.gz
 # RHEL-8 specific recommend.conf:
@@ -97,11 +97,6 @@ Requires: python3-syspurpose
 Patch0: tuned-2.22.0-rhel-8-profiles.patch
 # Revert no balancing cores to use SD_LOAD_BALANCE (see rhbz#1874596 for details)
 Patch1: tuned-2.21.0-sd-load-balance.patch
-# epyc-eda TuneD profile only for RHEL-8 (see RHEL-27528 for details)
-Patch2: tuned-2.22.1-profile-epyc-eda.patch
-# Update vm.max_map_count in the sap-netweaver profile (see RHEL-32124 for details)
-Patch3: tuned-2.22.1-sap-vm-max-map-count.patch
-Patch4: tuned-2.21.1-CVE-2024-52337.patch
 
 %description
 The tuned package contains a daemon that tunes system settings dynamically.
@@ -574,26 +569,6 @@ fi
 %config(noreplace) %{_sysconfdir}/tuned/ppd.conf
 
 %changelog
-* Mon Nov 18 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.22.1-5
-- Added sanity checks for API methods parameters, (CVE-2024-52337)
-  Resolves: RHEL-66614
-
-* Fri May  3 2024 Pavol Žáčik <pzacik@redhat.com> - 2.22.1-4.1
-- sap-netweaver: increase vm.max_map_count
-  resolves: RHEL-32124
-
-* Wed Mar 13 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.22.1-4
-- release bump due to broken c8s
-  related: RHEL-27528
-
-* Wed Mar 13 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.22.1-3
-- release bump
-  related: RHEL-27528
-
-* Tue Mar 12 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.22.1-2
-- profiles: added epyc-eda profile
-  resolves: RHEL-27528
-
 * Thu Feb 22 2024 Jaroslav Škarvada <jskarvad@redhat.com> - 2.22.1-1
 - new release
   - rebased tuned to latest upstream