From 4b271d4f91fcedfa6bf5e7b0d8df48f9cf3e734c Mon Sep 17 00:00:00 2001
From: Andy Lau <liuyang01@kylinos.cn>
Date: Tue, 3 Dec 2024 13:29:00 +0800
Subject: [PATCH] backport patches from upstream community

---
 ...rt-Make-numa_available-respect-EPERM.patch | 31 +++++++++++
 ...sk-allocation-size-for-get_mempolicy.patch | 54 +++++++++++++++++++
 numactl.spec                                  |  9 +++-
 3 files changed, 93 insertions(+), 1 deletion(-)
 create mode 100644 0014-backport-Make-numa_available-respect-EPERM.patch
 create mode 100644 0015-backport-fix-nodemask-allocation-size-for-get_mempolicy.patch

diff --git a/0014-backport-Make-numa_available-respect-EPERM.patch b/0014-backport-Make-numa_available-respect-EPERM.patch
new file mode 100644
index 0000000..0fc5dd1
--- /dev/null
+++ b/0014-backport-Make-numa_available-respect-EPERM.patch
@@ -0,0 +1,31 @@
+From 0efea0eb1980964c3264c901ec4e8934c4c05541 Mon Sep 17 00:00:00 2001
+From: filimonov <1549571+filimonov@users.noreply.github.com>
+Date: Mon, 21 Oct 2024 18:45:02 +0200
+Subject: [PATCH] Make numa_available respect EPERM
+
+Make numa_available respect EPERM
+
+In the Docker environment, usage of `get_mempolicy` is restricted by seccomp security profiles:
+https://docs.docker.com/engine/security/seccomp/ (unless `CAP_SYS_NICE` is set).
+
+But `numa_available` used to ignore EPERM and return 'true', i.e., available. This led to further code attempting other API calls, which resulted in "operation not permitted" errors printed to stderr.
+
+See details in:
+https://github.com/ClickHouse/ClickHouse/issues/68747#issuecomment-2426210768
+---
+ libnuma.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libnuma.c b/libnuma.c
+index f10d127..0989943 100644
+--- a/libnuma.c
++++ b/libnuma.c
+@@ -871,7 +871,7 @@ long numa_node_size(int node, long *freep)
+ 
+ int numa_available(void)
+ {
+-	if (get_mempolicy(NULL, NULL, 0, 0, 0) < 0 && errno == ENOSYS)
++	if (get_mempolicy(NULL, NULL, 0, 0, 0) < 0 && (errno == ENOSYS || errno == EPERM))
+ 		return -1;
+ 	return 0;
+ }
diff --git a/0015-backport-fix-nodemask-allocation-size-for-get_mempolicy.patch b/0015-backport-fix-nodemask-allocation-size-for-get_mempolicy.patch
new file mode 100644
index 0000000..421692e
--- /dev/null
+++ b/0015-backport-fix-nodemask-allocation-size-for-get_mempolicy.patch
@@ -0,0 +1,54 @@
+From a7651aa406a370fdcf431a215485040ba84c2d01 Mon Sep 17 00:00:00 2001
+From: q66 <q66@chimera-linux.org>
+Date: Thu, 22 Aug 2024 08:51:23 +0200
+Subject: [PATCH] libnuma: fix nodemask allocation size for get_mempolicy
+
+This prevents buffer corrpution which manifests as firefox
+failing to play videos with mimalloc in hardened mode (as the
+get_mempolicy will corrupt the metadata).
+
+The documentation for get_mempolicy specifies the following:
+
+```
+unsigned long nodemask[(.maxnode + ULONG_WIDTH - 1)
+                       / ULONG_WIDTH]
+```
+
+where maxnode is the following argument. Since we are calling
+get_mempolicy with `nodemask_sz + 1`, that means the size
+will be `(nodemask_sz + 1 + ULONG_WIDTH - 1) / ULONG_WIDTH)`
+i.e. `(nodemask_sz + ULONG_WIDTH) / ULONG_WIDTH` or
+`nodemask_sz / ULONG_WIDTH + 1`.
+
+Since `ULONG_WIDTH` is `sizeof ulong * 8`, and the
+nodemask is an array of ulong, that means the allocation
+size should be:
+
+```
+sizeof ulong * (nodemask_sz / (sizeof ulong * 8) + 1)
+```
+
+which is equal to:
+
+```
+sizeof ulong + nodemask_size / 8
+```
+
+That means we need an extra ulong in the buffer.
+---
+ libnuma.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libnuma.c b/libnuma.c
+index 89a17e0..5d99e81 100644
+--- a/libnuma.c
++++ b/libnuma.c
+@@ -427,7 +427,7 @@ set_nodemask_size(void)
+ 		nodemask_sz = 16;
+ 		do {
+ 			nodemask_sz <<= 1;
+-			mask = realloc(mask, nodemask_sz / 8);
++			mask = realloc(mask, nodemask_sz / 8 + sizeof(unsigned long));
+ 			if (!mask)
+ 				return;
+ 		} while (get_mempolicy(&pol, mask, nodemask_sz + 1, 0, 0) < 0 && errno == EINVAL &&
diff --git a/numactl.spec b/numactl.spec
index a71690a..1e65dd2 100644
--- a/numactl.spec
+++ b/numactl.spec
@@ -1,6 +1,6 @@
 Name: numactl
 Version: 2.0.16
-Release: 11
+Release: 12
 Summary: Library for tuning for Non Uniform Memory Access machines
 License: GPLv2
 URL: https://github.com/numactl/numactl
@@ -20,6 +20,8 @@ Patch0010: 0010-fix-fix-memory-leaks-when-run-with-H.patch
 Patch0011: 0011-libnuma-Fix-unexpected-output.patch
 Patch0012: 0012-libnuma-Fix-incorrect-print-and-exit-of-numa_preferr.patch
 Patch0013: 0013-fix-the-using-of-the-uninitialized-value.patch
+Patch0014: 0014-backport-Make-numa_available-respect-EPERM.patch
+Patch0015: 0015-backport-fix-nodemask-allocation-size-for-get_mempolicy.patch
 
 %description
 Simple NUMA policy support. It consists of a numactl program to run other
@@ -88,6 +90,11 @@ LD_LIBRARY_PATH=$(pwd)/.libs make check
 %{_mandir}/man3/*.3*
 
 %changelog
+* Tue Dec 3 2024 andy <liuyang01@kylinos.cn> - 2.0.16-12
+- backport patches from upstream
+- libnuma: Make numa_available respect EPERM
+- libnuma: fix nodemask allocation size for get_mempolicy
+
 * Tue Jul 2 2024 zhangyaqi <zhangyaqi@kylinos.cn> - 2.0.16-11
 - numademo: Fix the using of the uninitialized value
 
-- 
Gitee