Ramaxel inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4ZR0O
CVE: NA

----------------------------------

There are some issues of the driver that cannot be fixed now.
The driver is not good enough for the LTS quality requirements
of openEuler，so remove it.
Signed-off-by: NYanling Song <songyl@ramaxel.com>
Reviewed-by: NYang Gan <yanggan@ramaxel.com>
Acked-by: NXie Xiuqi <xiexiuqi@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

Ramaxel inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4ZR0O
CVE: NA

------------------------------------

There are some issues of the driver that cannot be fixed now.
The driver is not good enough for the LTS quality requirements of
openEuler，so remove it.
Signed-off-by: NYun Xu <xuyun@ramaxel.com>
Signed-off-by: NYanling Song <songyl@ramaxel.com>
Reviewed-by: NYun Xu <xuyun@ramaxel.com>
Acked-by: NXie Xiuqi <xiexiuqi@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

virt inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4VZPC
CVE: NA

--------------------------------

Commit 63042c58 ("KVM: arm64: Add interface to support vCPU
preempted check") introduced paravirt spinlock operations, as pv_lock_ops
was exported via EXPORT_SYMBOL(), while the pv_ops structure containing
the pv lock operations is exported via EXPORT_SYMBOL_GPL().

Change that by using EXPORT_SYMBOL(pv_ops) for arm/arm64, as with the x86
architecture changes, the following:
https://lore.kernel.org/all/20181029150116.25372-1-jgross@suse.com/T/#u

Fixes: 63042c58 ("KVM: arm64: Add interface to support vCPU preempted
check")
Signed-off-by: Nyezengruan <yezengruan@huawei.com>
Reviewed-by: NKeqian Zhu <zhukeqian1@huawei.com>
Acked-by: NXie Xiuqi <xiexiuqi@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4PM10
CVE: NA

--------------------------------
Signed-off-by: NTong Tiangen <tongtiangen@huawei.com>
Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com>
Reviewed-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4PM10
CVE: NA

--------------------------------

During kernel copy_from_user processing, the kernel triggers a RAS
exception when reading pages. In this solution, we identify this
scenario in the kernel do_sea processing process, send SIGBUS signals
to the process that triggers copy_from_user and isolate memory pages,
preventing kernel panic.

At the same time, we use cmdline(uce_kernel_recovery) or proc
(/proc/sys/kernel/uce_kernel_recovery) to control this feature on/off.

Usage:
1. Each bit controls whether this feature is turned on in a scene,
    1 means turned on and 0 means turned off.
2. Bit2 represents copy_from_user scene, other bits are currently
    reserved.

eg: make copy_from_user scene open this feature:
1. echo 4 > /proc/sys/kernel/uce_kernel_recovery.
or
2. uce_kernel_recovery=4 add to cmdline.
Signed-off-by: NTong Tiangen <tongtiangen@huawei.com>
Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com>
Reviewed-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4SK3S
CVE: NA

----------------------------------------------

Commit cc3d801f ("efi: Make efi_find_mirror() public") add
efi_find_mirror() defination into linux/efi.h, but forget to
drop this in arch/x86/include/asm/efi.h, kill it.

Fixes: cc3d801f ("efi: Make efi_find_mirror() public")
Signed-off-by: NMa Wupeng <mawupeng1@huawei.com>
Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I47W8L
CVE: NA

---------------------------

We detect a performance deterioration when using Unixbench, we use the dichotomy to
locate the patch 7e66740a ("MPAM / ACPI: Refactoring MPAM init process and set
MPAM ACPI as entrance"), In comparing two commit df5defd9 ("KVM: X86: MMU: Use
the correct inherited permissions to get shadow page") and ac4dbb75 ("ACPI 6.x:
Add definitions for MPAM table") we get following testing result:

CMD: ./Run -c xx context1
RESULT:
+-------------UnixBench context1-----------+
+---------+--------------+-----------------+
+         + ac4dbb75 +  df5defd9   +
+---------+--------------+---------+-------+
+  Cores  +    Score     +      Score      +
+---------+--------------+-----------------+
+    1    +    522.8     +      535.7      +
+---------+--------------+-----------------+
+   24    +   11231.5    +     12111.2     +
+---------+--------------+-----------------+
+   48    +   8535.1     +     8745.1      +
+---------+--------------+-----------------+
+   72    +   10821.9    +     10343.8     +
+---------+--------------+-----------------+
+   96    +   15238.5    +     42947.8     +
+---------+--------------+-----------------+

We found a irrefutable difference in latency sampling when using the perf tool:

HEAD:ac4dbb75                                   HEAD:df5defd9

45.18% [kernel] [k] ktime_get_coarse_real_ts64  ->  1.78% [kernel] [k] ktime_get_coarse_real_ts64
                                                                               ...
                                                                       65.87 │ dmb ishld //smp_rmb()

Through ftrace we get the calltrace and and detected the number of visits of
ktime_get_coarse_real_ts64, which frequently visits tk_core->seq and
tk_core->timekeeper->tkr_mono:

-   48.86%  [kernel]                 [k] ktime_get_coarse_real_ts64
   - 5.76% ktime_get_coarse_real_ts64   #about 111437657 times per 10 seconds
      - 14.70% __audit_syscall_entry
           syscall_trace_enter
           el0_svc_common
           el0_svc_handler
         + el0_svc
      - 2.85% current_time

So this may be performance degradation caused by interference when happened different
fields access, We compare .bss and .data section of this two version:

    HEAD:ac4dbb75
`->
    ffff00000962e680 l     O .bss   0000000000000110 tk_core
    ffff000009355680 l     O .data  0000000000000078 tk_fast_mono
    ffff0000093557a0 l     O .data  0000000000000090 dummy_clock
    ffff000009355700 l     O .data  0000000000000078 tk_fast_raw
    ffff000009355778 l     O .data  0000000000000028 timekeeping_syscore_ops
    ffff00000962e640 l     O .bss   0000000000000008 cycles_at_suspend

    HEAD:df5defd9
`->
    ffff00000957dbc0 l     O .bss   0000000000000110 tk_core
    ffff0000092b4e80 l     O .data  0000000000000078 tk_fast_mono
    ffff0000092b4fa0 l     O .data  0000000000000090 dummy_clock
    ffff0000092b4f00 l     O .data  0000000000000078 tk_fast_raw
    ffff0000092b4f78 l     O .data  0000000000000028 timekeeping_syscore_ops
    ffff00000957db80 l     O .bss   0000000000000008 cycles_at_suspend

By comparing this two version tk_core's address: ffff00000962e680 is 128Byte aligned
but latter df5defd9 is 64Byte aligned, the memory storage layout of tk_core has
undergone subtle changes:

    HEAD:ac4dbb75
`->                     |<--------formmer 64Bytes---------->|<------------latter 64Byte------------->|
    0xffff00000957dbc0_>|<-seq 8Bytes->|<-tkr_mono 56Bytes->|<-thr_raw 56Bytes->|<-xtime_sec 8Bytes->|
    0xffff00000957dc00_>...

    HEAD:df5defd9
`->                     |<------formmer 64Bytes---->|<------------latter 64Byte-------->|
    0xffff00000962e680_>|<-Other variables 64Bytes->|<-seq 8Bytes->|<-tkr_mono 56Bytes->|
    0xffff00000962e6c0_>..

We testified thr_raw,xtime_sec fields interfere strongly with seq,tkr_mono field because of
frequent load/store operation, this will cause as known false sharing.

We add a 64Bytes padding field in tk_core for reservation of any after usefull usage and
keep tk_core 128Byte aligned, this can avoid changes in the way tk_core's layout is stored,
In this solution, layout of tk_core always like this:

crash>  struct -o tk_core_t
struct tk_core_t {
    [0] u64 padding[8];
   [64] seqcount_t seq;
   [72] struct timekeeper timekeeper;
}
SIZE: 336
crash> struct -o timekeeper
struct timekeeper {
    [0] struct tk_read_base tkr_mono;
   [56] struct tk_read_base tkr_raw;
  [112] u64 xtime_sec;
  [120] unsigned long ktime_sec;
  ...
}
SIZE: 264

After appling our own solution:

+---------+--------------+
+         + Our solution +
+---------+--------------+
+  Cores  +    Score     +
+---------+--------------+
+    1    +    548.9     +
+---------+--------------+
+   24    +   11018.3    +
+---------+--------------+
+   48    +   8938.2     +
+---------+--------------+
+   72    +   14610.7    +
+---------+--------------+
+   96    +   40811.7    +
+---------+--------------+
Signed-off-by: NWang ShaoBo <bobo.shaobowang@huawei.com>
Reviewed-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4V6F8
CVE: NA

-------------------------------------------------------------------------

No one currently uses IPL32, close it to simplify the code logic of
TASK_SIZE_MAX, thereby improving benchmark performance. For example,
all test items of libMicro can be improved by 4.89% on average.
Signed-off-by: NZhen Lei <thunder.leizhen@huawei.com>
Reviewed-by: NCheng Jian <cj.chengjian@huawei.com>
Reviewed-by: Nliuchao (CR) <liuchao173@huawei.com>
Reviewed-by: Liu Chao (CR) < liuchao173@huawei.com >
Reviewed-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4V6F8
CVE: NA

-------------------------------------------------------------------------

access_ok() is used to preliminarily check 'uaddr' to avoid unnecessary
page fault caused by invalid input. The page fault will do the accurate
address verification based on task's mm. It's also used to do a check on
the get_fs(), see the comments of __access_ok().

But now the support for get_fs() on arm64 has been deleted by commit
edf84200 ("arm64: uaccess: remove set_fs()"). So access_ok()
does not need to perform such strict checks for compat tasks.

Remove the is_compact_task() check can improve the performance of
syscalls. For example, all test items of libMicro can be improved by
4.89% on average.

The next patch will avoid calling is_ilp32_compat_task() by default by
close its build option, because ILP32 has specific requirements.
Signed-off-by: NZhen Lei <thunder.leizhen@huawei.com>
Reviewed-by: NCheng Jian <cj.chengjian@huawei.com>
Reviewed-by: Nliuchao (CR) <liuchao173@huawei.com>
Reviewed-by: Liu Chao (CR) < liuchao173@huawei.com >
Reviewed-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

euler inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4VPIB
CVE: NA

-------------------------------------------------

If this config is enabled, block mapping is not used. The linear address page
table is mapped to 4 KB. As a result, the TLB miss rate is high, affecting
performance.

For examples, tested by libMicro benchmark:
		enable		disable		Improve
memsetP2_10m	3540.37760	2129.715200	66.2%
memset_4k	0.38400		0.204800	87.5%
mprot_twz8k	7.16800		3.072000	133.3%
unmap_ra8k	7.93600		4.096000	93.8%
unmap_wa128k	68.86400	33.024000	108.5%

This additional enhancement can be turned on with rodata=full if this option
is set to 'n'.
Signed-off-by: NChao Liu <liuchao173@huawei.com>
Reviewed-by: NKai Liu <kai.liu@suse.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4VZJT
CVE: NA

--------------------------------
Signed-off-by: NZhang Qiao <zhangqiao22@huawei.com>
Reviewed-by: NCheng Jian <cj.chengjian@huawei.com>
Reviewed-by: NChen Hui <judy.chenhui@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4VPL5
CVE: NA

-------------------------------------------------

Enable configs to support 9P.
Signed-off-by: NChao Liu <liuchao173@huawei.com>
Reviewed-by: NKai Liu <kai.liu@suse.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4UV43
CVE: NA

---------------------------

Allow vendor modules to attach bonding driver hooks. This
patch introduce vendor_bond_check_dev_link hook.

Usage:

  static void vendor_foo(void *data, const struct bonding *bond,
  		       const struct slave *slave, int *state)
  {
          pr_info("%s\n", __func__);
  }

  static int __init vendor_bond_init(void)
  {
  	return register_trace_vendor_bond_check_dev_link(&vendor_foo, NULL);
  }

  static void __exit vendor_bond_exit(void)
  {
  	unregister_trace_vendor_bond_check_dev_link(&vendor_foo, NULL);
  }

  module_init(vendor_bond_init);
  module_exit(vendor_bond_exit);
Signed-off-by: NWei Yongjun <weiyongjun1@huawei.com>
Reviewed-by: NXie XiuQi <xiexiuqi@huawei.com>
Reviewed-by: NZhang Jialin <zhangjialin11@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

euler inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4URME
CVE: NA

--------------------------------

Enable CONFIG_INTEL_IDXD in openeuler_defconfig for x86.
Support Intel Data Accelerators on Xeon hardware.
Signed-off-by: Nfuyufan <fuyufan@huawei.com>
Reviewed-by: NKai Liu <kai.liu@suse.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4PM01
CVE: NA

--------------------------------

Enable CONFIG_EFI_FAKE_MEMMAP & CONFIG_MEMORY_RELIABLE for arm64.
Signed-off-by: NMa Wupeng <mawupeng1@huawei.com>
Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4PM01
CVE: NA

--------------------------------

Mirrored memory could be used on HiSilion's arm64 SoC. So efi_find_mirror()
is added in efi_init() so that systems can get memblock about any mirrored
ranges.
Co-developed-by: NJing Xiangfeng <jingxiangfeng@huawei.com>
Signed-off-by: NMa Wupeng <mawupeng1@huawei.com>
Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4PM01
CVE: NA

--------------------------------

Commit b05b9f5f ("x86, mirror: x86 enabling - find mirrored memory
ranges") introduce the efi_find_mirror function on x86. In order to reuse
the API we make it public in preparation for arm64 to support mirrord
memory.
Co-developed-by: NJing Xiangfeng <jingxiangfeng@huawei.com>
Signed-off-by: NMa Wupeng <mawupeng1@huawei.com>
Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4PM01
CVE: NA

--------------------------------

Fake memory map is used for faking memory's attribute values.
Commit 0f96a99d ("efi: Add "efi_fake_mem" boot option") introduce the
efi_fake_mem function. Now it can support arm64 with this patch.
For example you can mark 0-6G memory as EFI_MEMORY_MORE_RELIABLE by adding
efi_fake_mem=6G@0:0x10000 in the bootarg. You find more info about
fake memmap in kernel-parameters.txt.

Variable memstart_addr is only confirmed after arm64_memblock_init(). So
efi_fake_memmap() is needed to add after arm64_memblock_init().

Otherwise:

efi_memmap_alloc
   memblock_phys_alloc
     kmemleak_alloc_phys
        kmemleak_alloc(__va(phys), size, min_count, gfp);

this __va() will convert phys to a fault va and lead to a kmemleak error.
Signed-off-by: NMa Wupeng <mawupeng1@huawei.com>
Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4PM01
CVE: NA

--------------------------------

Make efi_print_memmap() public in preparation for adding fake memory
support for architecture with efi support, eg, arm64.
Co-developed-by: NJing Xiangfeng <jingxiangfeng@huawei.com>
Signed-off-by: NMa Wupeng <mawupeng1@huawei.com>
Reviewed-by: NKefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

driver inclusion
ategory: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4UA33

-----------------------------------------

Enable configs for ultrasoc driver.
Signed-off-by: NQi Liu <liuqi115@huawei.com>
Reviewed-by: NJay Fang <f.fangjian@huawei.com>
Reviewed-by: NKai Liu <kai.liu@suse.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

euler inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4UP2Q
CVE: NA

--------------------------------

Enable CONFIG_NTB_INTEL in openeuler_defconfig for x86.
Support Intel NTB on capable Xeon and Atom hardware.
Signed-off-by: NChao Liu <liuchao173@huawei.com>
Reviewed-by: NKai Liu <kai.liu@suse.com>
Reviewed-by: NLiu Sirui <liusirui@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4U2S3
CVE: NA

-------------------------------------------------

The following KASAN warning was reported in our kernel.

  BUG: KASAN: stack-out-of-bounds in get_wchan+0x188/0x250
  Read of size 4 at addr d216f958 by task ps/14437

  CPU: 3 PID: 14437 Comm: ps Tainted: G           O      5.10.0 #1
  Call Trace:
  [daa63858] [c0654348] dump_stack+0x9c/0xe4 (unreliable)
  [daa63888] [c035cf0c] print_address_description.constprop.3+0x8c/0x570
  [daa63908] [c035d6bc] kasan_report+0x1ac/0x218
  [daa63948] [c00496e8] get_wchan+0x188/0x250
  [daa63978] [c0461ec8] do_task_stat+0xce8/0xe60
  [daa63b98] [c0455ac8] proc_single_show+0x98/0x170
  [daa63bc8] [c03cab8c] seq_read_iter+0x1ec/0x900
  [daa63c38] [c03cb47c] seq_read+0x1dc/0x290
  [daa63d68] [c037fc94] vfs_read+0x164/0x510
  [daa63ea8] [c03808e4] ksys_read+0x144/0x1d0
  [daa63f38] [c005b1dc] ret_from_syscall+0x0/0x38
  --- interrupt: c00 at 0x8fa8f4
      LR = 0x8fa8cc

  The buggy address belongs to the page:
  page:98ebcdd2 refcount:0 mapcount:0 mapping:00000000 index:0x2 pfn:0x1216f
  flags: 0x0()
  raw: 00000000 00000000 01010122 00000000 00000002 00000000 ffffffff 00000000
  raw: 00000000
  page dumped because: kasan: bad access detected

  Memory state around the buggy address:
   d216f800: 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00
   d216f880: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  >d216f900: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
                                            ^
   d216f980: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00
   d216fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

After looking into this issue, I find the buggy address belongs
to the task stack region. It seems KASAN has something wrong.
I look into the code of __get_wchan in x86 architecture and
find the same issue has been resolved by the commit
f7d27c35 ("x86/mm, kasan: Silence KASAN warnings in get_wchan()").
The solution could be applied to powerpc architecture too.

As Andrey Ryabinin said, get_wchan() is racy by design, it may
access volatile stack of running task, thus it may access
redzone in a stack frame and cause KASAN to warn about this.

Use READ_ONCE_NOCHECK() to silence these warnings.
Reported-by: NWanming Hu <huwanming@huaweil.com>
Signed-off-by: NHe Ying <heying24@huawei.com>
Signed-off-by: NChen Jingwen <chenjingwen6@huawei.com>
Reviewed-by: NLiao Chang <liaochang1@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

zhaoxin inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I40QDN
CVE: NA

----------------------------------------------------------------

When resume from S4 on Zhaoxin 2 packages platform that support X86_FEATURE_TSC_ADJUST,
the following warning messages appear:

[  327.445302] [Firmware Bug]: TSC ADJUST differs: CPU15 45960750 --> 78394770. Restoring
[  329.209120] [Firmware Bug]: TSC ADJUST differs: CPU14 45960750 --> 78394770. Restoring
[  329.209128] [Firmware Bug]: TSC ADJUST differs: CPU13 45960750 --> 78394770. Restoring
[  329.209138] [Firmware Bug]: TSC ADJUST differs: CPU12 45960750 --> 78394770. Restoring
[  329.209151] [Firmware Bug]: TSC ADJUST differs: CPU11 45960750 --> 78394770. Restoring
[  329.209160] [Firmware Bug]: TSC ADJUST differs: CPU10 45960750 --> 78394770. Restoring
[  329.209169] [Firmware Bug]: TSC ADJUST differs: CPU9 45960750 --> 78394770. Restoring

The reason is:

Step 1: Bring up.
	TSC is sync after bring up with following settings:
				MSR 0x3b	cur->adjusted
	Package#0 CPU 0-7	  0		  0
	Package#1 first CPU	  value1	  value1
	Package#1 non-first CPU	  value1	  value1

Step 2: Suspend to S4.
	Settings in Step 1 are not changed in this Step.

Step 3: Bring up caused by S4 wake up event.
	TSC is sync when bring up with following settings:
				MSR 0x3b	cur->adjusted
	Package#0 CPU 0-7	  0		  0
	Package#1 first CPU	  value2	  value2
	Package#1 non-first CPU	  value2	  value2

Step 4: Resume from S4.
	When resuming from S4, Current TSC synchronous mechanism
	cause following settings:
				MSR 0x3b	cur->adjusted
	Package#0 CPU 0-7	  0		  0
	Package#1 first CPU	  value2	  value2
	Package#1 non-first CPU	  value2	  value1

In these Steps, value1 != 0 and value2 != value1.

In Step4, as function tsc_store_and_check_tsc_adjust() do, when the value
of MSR 0x3b on the non-first online CPU in package#1 is equal to the value
of cur->adjusted on the first online CPU in the same package,
the cur->adjusted value on this non-first online CPU will hold the old value1.
This cause function tsc_verify_tsc_adjust() set the value of MSR 0x3b on the
non-first online CPUs in the package#1 to the old value1 and print the
beginning warning messages.

Fix it by setting cur->adjusted value on the non-first online CPU in a package
to the value of MSR 0x3b on the same CPU when they are not equal.
Signed-off-by: NLeoLiu-oc <LeoLiu-oc@zhaoxin.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
Reviewed-by: NJackie Liu <liuyun01@kylinos.cn>
Reviewed-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>

phytium inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I41AUQ

--------------------------------------

On phytium S2500 multi-socket server, for example 2-socket(2P), there are
socekt0 and socket1 on the server:
If storage device(like SAS controller and disks to save vmcore into) is
installed on socket1 and second kernel brings up 2 CPUs both on socket0 with
nr_cpus=2, then vmcore will fail to be saved into the disk as interrupts like
SPI and LPI(except SGI) can't communicate across cpu sockets in this server
platform.

To avoid this issue, Bypass other non-cpu0 to ensure that each cpu0 on each
socket can boot up and handle interrupt when booting the second kernel.
Signed-off-by: NMao HongBo <maohongbo@phytium.com.cn>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
Reviewed-by: NHanjun Guo <guohanjun@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

phytium inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I41AUQ

----------------------------------------------

To fix iommu issue of device access in virtualization scenario
for ft2000plus and S2500.

Convert to new cputype macros naming of phytium.
Signed-off-by: NMao HongBo <maohongbo@phytium.com.cn>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
Reviewed-by: NHanjun Guo <guohanjun@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

Sunway inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4SPZD
CVE: NA

-------------------------------

This patch contains basic architecture support, including boot code,
devicetree support, memory management and DMA support, process and
signal management, time management, interrupt handling, syscalls,
clocks, loadable module support, ptrace support, headers and library
code.

Now, it works on SW3231 and SW831.

Signed-off-by: Gu Zitao <guzitao@wxiat.com> #openEuler_contributor
Signed-off-by: NLaibin Qiu <qiulaibin@huawei.com>
Reviewed-by: NHanjun Guo <guohanjun@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4UAQ1

--------------------------------

Refer to following codes, 'strncpy' would stop copying if Null character
encountered. For example, when 'code' is "53 be 00 0a 05", 'old_code' would
be "53 be 00 00 00".
  > 396 static void *klp_old_code(unsigned char *code)
  > 397 {
  > 398         static unsigned char old_code[JMP_E9_INSN_SIZE];
  > 399
  > 400         strncpy(old_code, code, JMP_E9_INSN_SIZE);
  > 401         return old_code;
  > 402 }

As a result, the instructions cannot be restored completely, and the
system becomes abnormal.

Fixes: f5a67467 ("livepatch/x86: support livepatch without ftrace")
Suggested-by: NXu Kuohai <xukuohai@huawei.com>
Signed-off-by: NZheng Yejian <zhengyejian1@huawei.com>
Reviewed-by: NKuohai Xu <xukuohai@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4UAQ1

--------------------------------

There are several issues in klp_mem_{prepare,recycle}:
  1. Memory leak when save old codes fail:
    __klp_enable_patch
        klp_mem_prepare
            klp_for_each_func(patch)
                func->func_node = kzalloc(...)    <-- 1. Alloc memory
        stop_machine(klp_try_enable_patch, ...)
            enable_patch
                arch_klp_patch_func
                    INIT_LIST_HEAD(&func_node->func_stack); <-- 2. func_stack list inited as empty
                    copy_from_kernel_nofault    <-- 3. When save codes fail
        klp_mem_recycle
            klp_for_each_func(patch)
                <-- 4. Here func_stack list is empty but not singular, 'func_node' not be freed!!!
                if (func_node && list_is_singular(&func_node->func_stack))
                    kfree(func_node);

  2. Memory leak in following scene:
     Suppose P1/P2 want to patch same old func, then enable P1 --> enable P2 --> disable P2 --> disable P1
  3. UAF(use-after-free) happened in following scene:
     Suppose P1/P2 want to patch same old func, then enable P1 --> enable P2 --> disable P1 --> disable P2

Above problems are introduced in commit ec7ce700674f ("[Huawei] livepatch:
put memory alloc and free out stop machine"):
  before it: 'func_node' is only keep in 'klp_func_list';
  after it: 'func_node' is keep both in 'klp_func_list' and 'struct klp_func', and
            conditions to free memory of 'func_node' somewhat wrong.

To resolve it, we add check and do func_node init when klp_mem_prepare.

Fixes: ("000c0197 livepatch: put memory alloc and free out stop machine")
Signed-off-by: NZheng Yejian <zhengyejian1@huawei.com>
Reviewed-by: NKuohai Xu <xukuohai@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4UAQ1

--------------------------------

Introduce 'arch_klp_save_old_code' preparing for moving func_node
initializing codes out of stop_machine.
Signed-off-by: NZheng Yejian <zhengyejian1@huawei.com>
Reviewed-by: NKuohai Xu <xukuohai@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4UAQ1

--------------------------------

Introduce __weak arch_klp_mem_{alloc, free}, then reduce duplicated
arch_klp_mem_{prepare,recycle}
Signed-off-by: NZheng Yejian <zhengyejian1@huawei.com>
Reviewed-by: NKuohai Xu <xukuohai@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4UAQ1

--------------------------------

Move 'struct klp_func_node' into include/linux/livepatch.h,
then introduce klp_{add,del}_func_node and Move 'klp_func_list'
related codes out of 'arch' in order to reduce duplicated codes.

Preparatory only, no functional change.
Signed-off-by: NZheng Yejian <zhengyejian1@huawei.com>
Reviewed-by: NKuohai Xu <xukuohai@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4UAQ1

--------------------------------

Introduce 'struct arch_klp_data' to encapsulate arch related data.

Preparatory for moving 'struct klp_func_node' out of 'arch' and
reducing duplicated codes.
Signed-off-by: NZheng Yejian <zhengyejian1@huawei.com>
Reviewed-by: NKuohai Xu <xukuohai@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4UAQ1

--------------------------------

'struct klp_func_node' is used to save codes of a function which is then
be live-patched. Currently this structure is respectively defined in
x86/arm32/arm64/ppc32/ppc64.

The definitions of field which save old function address are different:
  In x86/arm32/ppc32/ppc64: void *old_func;
  In arm64: unsigned long old_addr;

Minority subordinates to majority, uniform them as 'void *old_func'.

Preparatory only, no functional change.
Signed-off-by: NZheng Yejian <zhengyejian1@huawei.com>
Reviewed-by: NKuohai Xu <xukuohai@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

openEuler inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4SIGI
CVE: NA

--------------------------------

Enable configs to full support to intel ice-lake.
Signed-off-by: NLaibin Qiu <qiulaibin@huawei.com>
Reviewed-by: NBamvor Zhang <bamvor.zhang@suse.com>
Reviewed-by: NWang Weiyang <wangweiyang2@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit 8ca52cc3
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4SIGI
CVE: NA

--------------------------------

Expose SGX architectural structures, as KVM will use many of the
architectural constants and structs to virtualize SGX.

Name the new header file as asm/sgx.h, rather than asm/sgx_arch.h, to
have single header to provide SGX facilities to share with other kernel
componments. Also update MAINTAINERS to include asm/sgx.h.

Intel-SIG: commit 8ca52cc3 x86/sgx: Expose SGX architectural definitions to the kernel
Backport for SGX Foundations support
Signed-off-by: NSean Christopherson <sean.j.christopherson@intel.com>
Co-developed-by: NKai Huang <kai.huang@intel.com>
Signed-off-by: NKai Huang <kai.huang@intel.com>
Signed-off-by: NBorislav Petkov <bp@suse.de>
Acked-by: NJarkko Sakkinen <jarkko@kernel.org>
Acked-by: NDave Hansen <dave.hansen@intel.com>
Link: https://lkml.kernel.org/r/6bf47acd91ab4d709e66ad1692c7803e4c9063a0.1616136308.git.kai.huang@intel.com
Signed-off-by: Fan Du <fan.du@intel.com> #openEuler_contributor
Signed-off-by: NLaibin Qiu <qiulaibin@huawei.com>
Reviewed-by: NBamvor Zhang <bamvor.zhang@suse.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit 633b0616
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4SIGI
CVE: NA

--------------------------------

kmap() is inefficient and is being replaced by kmap_local_page(), if
possible. There is no readily apparent reason why initp_page needs to be
allocated and kmap'ed() except that 'sigstruct' needs to be page-aligned
and 'token' 512 byte-aligned.

Rather than change it to kmap_local_page(), use kmalloc() instead
because kmalloc() can give this alignment when allocating PAGE_SIZE
bytes.

Remove the alloc_page()/kmap() and replace with kmalloc(PAGE_SIZE, ...)
to get a page aligned kernel address.

In addition, add a comment to document the alignment requirements so that
others don't attempt to 'fix' this again.

 [ bp: Massage commit message. ]

Intel-SIG: commit 633b0616 x86/sgx: Remove unnecessary kmap() from sgx_ioc_enclave_init()
Backport for SGX Foundations support
Signed-off-by: NIra Weiny <ira.weiny@intel.com>
Signed-off-by: NBorislav Petkov <bp@suse.de>
Link: https://lkml.kernel.org/r/20210324182246.2484875-1-ira.weiny@intel.com
Signed-off-by: Fan Du <fan.du@intel.com> #openEuler_contributor
Signed-off-by: NLaibin Qiu <qiulaibin@huawei.com>
Reviewed-by: NBamvor Zhang <bamvor.zhang@suse.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit 901ddbb9
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4SIGI
CVE: NA

--------------------------------

Background
Reviewed-by: NBamvor Zhang <bamvor.zhang@suse.com>

==========

SGX enclave memory is enumerated by the processor in contiguous physical
ranges called Enclave Page Cache (EPC) sections.  Currently, there is a
free list per section, but allocations simply target the lowest-numbered
sections.  This is functional, but has no NUMA awareness.

Fortunately, EPC sections are covered by entries in the ACPI SRAT table.
These entries allow each EPC section to be associated with a NUMA node,
just like normal RAM.

Solution
========

Implement a NUMA-aware enclave page allocator.  Mirror the buddy allocator
and maintain a list of enclave pages for each NUMA node.  Attempt to
allocate enclave memory first from local nodes, then fall back to other
nodes.

Note that the fallback is not as sophisticated as the buddy allocator
and is itself not aware of NUMA distances.  When a node's free list is
empty, it searches for the next-highest node with enclave pages (and
will wrap if necessary).  This could be improved in the future.

Other
=====

NUMA_KEEP_MEMINFO dependency is required for phys_to_target_node().

 [ Kai Huang: Do not return NULL from __sgx_alloc_epc_page() because
   callers do not expect that and that leads to a NULL ptr deref. ]

 [ dhansen: Fix an uninitialized 'nid' variable in
   __sgx_alloc_epc_page() as
Reported-by: Nkernel test robot <lkp@intel.com>

   to avoid any potential allocations from the wrong NUMA node or even
   premature allocation failures. ]

Intel-SIG: commit 901ddbb9 x86/sgx: Add a basic NUMA allocation scheme to sgx_alloc_epc_page()
Backport for SGX Foundations support
Signed-off-by: NJarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: NKai Huang <kai.huang@intel.com>
Signed-off-by: NDave Hansen <dave.hansen@intel.com>
Signed-off-by: NBorislav Petkov <bp@suse.de>
Acked-by: NDave Hansen <dave.hansen@linux.intel.com>
Link: https://lore.kernel.org/lkml/158188326978.894464.217282995221175417.stgit@dwillia2-desk3.amr.corp.intel.com/
Link: https://lkml.kernel.org/r/20210319040602.178558-1-kai.huang@intel.com
Link: https://lkml.kernel.org/r/20210318214933.29341-1-dave.hansen@intel.com
Link: https://lkml.kernel.org/r/20210317235332.362001-2-jarkko.sakkinen@intel.com
Signed-off-by: Fan Du <fan.du@intel.com> #openEuler_contributor
Signed-off-by: NLaibin Qiu <qiulaibin@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit 51ab30eb
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4SIGI
CVE: NA

--------------------------------

During normal runtime, the "ksgxd" daemon behaves like a version of
kswapd just for SGX. But, before it starts acting like kswapd, its first
job is to initialize enclave memory.

Currently, the SGX boot code places each enclave page on a
epc_section->init_laundry_list. Once it starts up, the ksgxd code walks
over that list and populates the actual SGX page allocator.

However, the per-section structures are going away to make way for the
SGX NUMA allocator. There's also little need to have a per-section
structure; the enclave pages are all treated identically, and they can
be placed on the correct allocator list from metadata stored in the
enclave page (struct sgx_epc_page) itself.

Modify sgx_sanitize_section() to take a single page list instead of
taking a section and deriving the list from there.

Intel-SIG: commit 51ab30eb x86/sgx: Replace section->init_laundry_list with sgx_dirty_page_list
Backport for SGX Foundations support
Signed-off-by: NJarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: NBorislav Petkov <bp@suse.de>
Acked-by: NDave Hansen <dave.hansen@linux.intel.com>
Link: https://lkml.kernel.org/r/20210317235332.362001-1-jarkko.sakkinen@intel.com
Signed-off-by: Fan Du <fan.du@intel.com> #openEuler_contributor
Signed-off-by: NLaibin Qiu <qiulaibin@huawei.com>
Reviewed-by: NBamvor Zhang <bamvor.zhang@suse.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

mainline inclusion
from mainline-v5.11
commit 2ade0d60
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4SIGI
CVE: NA

--------------------------------

This has been shown in tests:

[  +0.000008] WARNING: CPU: 3 PID: 7620 at kernel/rcu/srcutree.c:374 cleanup_srcu_struct+0xed/0x100

This is essentially a use-after free, although SRCU notices it as
an SRCU cleanup in an invalid context.

== Background ==

SGX has a data structure (struct sgx_encl_mm) which keeps per-mm SGX
metadata.  This is separate from struct sgx_encl because, in theory,
an enclave can be mapped from more than one mm.  sgx_encl_mm includes
a pointer back to the sgx_encl.

This means that sgx_encl must have a longer lifetime than all of the
sgx_encl_mm's that point to it.  That's usually the case: sgx_encl_mm
is freed only after the mmu_notifier is unregistered in sgx_release().

However, there's a race.  If the process is exiting,
sgx_mmu_notifier_release() can be called in parallel with sgx_release()
instead of being called *by* it.  The mmu_notifier path keeps encl_mm
alive past when sgx_encl can be freed.  This inverts the lifetime rules
and means that sgx_mmu_notifier_release() can access a freed sgx_encl.

== Fix ==

Increase encl->refcount when encl_mm->encl is established. Release
this reference when encl_mm is freed. This ensures that encl outlives
encl_mm.

 [ bp: Massage commit message. ]

Intel-SIG: commit 2ade0d60 x86/sgx: Maintain encl->refcount for each encl->mm_list entry
Backport for SGX Foundations support

Fixes: 1728ab54 ("x86/sgx: Add a page reclaimer")
Reported-by: NHaitao Huang <haitao.huang@linux.intel.com>
Signed-off-by: NJarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: NBorislav Petkov <bp@suse.de>
Acked-by: NDave Hansen <dave.hansen@linux.intel.com>
Link: https://lkml.kernel.org/r/20210207221401.29933-1-jarkko@kernel.org
Signed-off-by: Fan Du <fan.du@intel.com> #openEuler_contributor
Signed-off-by: NLaibin Qiu <qiulaibin@huawei.com>
Reviewed-by: NBamvor Zhang <bamvor.zhang@suse.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

mainline inclusion
from mainline-v5.12-rc1-dontuse
commit dc9b7be5
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I4SIGI
CVE: NA

--------------------------------

PTE insertion is fundamentally racy, and this check doesn't do anything
useful. Quoting Sean:

  "Yeah, it can be whacked. The original, never-upstreamed code asserted
  that the resolved PFN matched the PFN being installed by the fault
  handler as a sanity check on the SGX driver's EPC management. The
  WARN assertion got dropped for whatever reason, leaving that useless
  chunk."

Jason stumbled over this as a new user of follow_pfn(), and I'm trying
to get rid of unsafe callers of that function so it can be locked down
further.

This is independent prep work for the referenced patch series:

  https://lore.kernel.org/dri-devel/20201127164131.2244124-1-daniel.vetter@ffwll.ch/

Intel-SIG: commit dc9b7be5 x86/sgx: Drop racy follow_pfn() check
Backport for SGX Foundations support

Fixes: 947c6e11 ("x86/sgx: Add ptrace() support for the SGX driver")
Reported-by: NJason Gunthorpe <jgg@ziepe.ca>
Signed-off-by: NDaniel Vetter <daniel.vetter@intel.com>
Signed-off-by: NBorislav Petkov <bp@suse.de>
Reviewed-by: NJarkko Sakkinen <jarkko@kernel.org>
Link: https://lkml.kernel.org/r/20210204184519.2809313-1-daniel.vetter@ffwll.ch
Signed-off-by: Fan Du <fan.du@intel.com> #openEuler_contributor
Signed-off-by: NLaibin Qiu <qiulaibin@huawei.com>
Reviewed-by: NBamvor Zhang <bamvor.zhang@suse.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>