From 1405e0edc9f88e5d0257847b035fd772470a45d0 Mon Sep 17 00:00:00 2001 From: Tony Jones Date: May 27 2025 17:21:12 +0000 Subject: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581, CVE-2024-46713). --- diff --git a/patches.kabi/kabi-perf-aux-Fix-AUX-buffer-serialization.patch b/patches.kabi/kabi-perf-aux-Fix-AUX-buffer-serialization.patch new file mode 100644 index 0000000..b4ca13e --- /dev/null +++ b/patches.kabi/kabi-perf-aux-Fix-AUX-buffer-serialization.patch @@ -0,0 +1,48 @@ +From: Tony Jones +Subject: kabi fix for perf/aux: Fix AUX buffer serialization +Patch-mainline: Never, kabi +References: bsc#1230581, CVE-2024-46713 +Signed-off-by: Tony Jones +Acked-by: Jiri Slaby + +The 'perf_buffer' structure defines the internal perf_events ring buffer. It +is used by internal perf code only. So hide the new field from GENKSYMS. + +Notes: + +1: The standard KABI solution of moving the new element 'aux_mutex' to the +end of the 'perf_buffer' structure is not possible as 'data_pages' (containing +the dynamically mapped pages) is a "flexible array member" and so it must be +the final member. + +2: such a change is however unnecessary as no 3rd party code should be +referencing 'kernel/events/internal.h'. Further the structures required +accessor 'ring_buffer_get' is used by core code only (it is not exported). + +3: without this workaround the kabi warnings are all from functions that take +arguments that either directly or indirectly reference 'struct perf_event *'. +This then references 'struct perf_buffer *'. One example is 'perf_pmu_register' +(EXPORT_SYMBOL_GPL) which references 'struct perf event *' thru 'struct pmu *'. +It is conceivable that this function could be called by 3rd party customer +modules and so it is deemed unsafe to instead add to 'kabi/severities'. + +4: 'perf_buffer' used by libbpf/etc is an entirely different structure +unrelated to this change. + +--- + kernel/events/internal.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/kernel/events/internal.h ++++ b/kernel/events/internal.h +@@ -40,7 +40,9 @@ + struct user_struct *mmap_user; + + /* AUX area */ ++#ifndef __GENKSYMS__ + struct mutex aux_mutex; ++#endif /* __GENKSYMS__ */ + long aux_head; + unsigned int aux_nest; + long aux_wakeup; /* last aux_watermark boundary crossed by aux_head */ diff --git a/series.conf b/series.conf index 4793714..34c3812 100644 --- a/series.conf +++ b/series.conf @@ -32451,6 +32451,7 @@ patches.kabi/power-cap-kabi-workaround.patch patches.kabi/kABI-sctp-transport-fix.patch patches.kabi/ax25-rcu-protect-dev-ax25_ptr.patch + patches.kabi/kabi-perf-aux-Fix-AUX-buffer-serialization.patch ######################################################## # SLE15-SP3 OOT performance patches evaluated but left