LoongArch inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6BWFP

--------------------------------
Signed-off-by: NJianmin Lv <lvjianmin@loongson.cn>
Change-Id: Ie2c78cc46aa7bde00395906f7e6ab6a09e09a190

LoongArch inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6BWFP

--------------------------------

Fix some pcie card not scanning properly when
bus number is inconsistent during firmware and
kernel scan phases.
Signed-off-by: Nliuyun <liuyun@loongson.cn>
Signed-off-by: NTianli Xiong <xiongtianli@loongson.cn>
Change-Id: Iac9c07463569ca08da93ab0fa279b1880206e816

LoongArch inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6BWFP

--------------------------------

fix kabi error caused by pm_suspend_target_state,used only
by loongson devices.
Signed-off-by: NHongchen Zhang <zhanghongchen@loongson.cn>

LoongArch inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6BWFP

--------------------------------

Don't limit mmrs during resume, so that saved value can be
restored.

Fix patch "PCI: loongson: Improve the MRRS quirk for LS7A"
Signed-off-by: NJianmin Lv <lvjianmin@loongson.cn>
Change-Id: I63c49e5c1d7e2a0a6eb3de9faa13cef1f94a4462

LoongArch inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6BWFP

--------------------------------

Fix patch "PCI: loongson: Use generic 8/16/32-bit
config ops on LS2K/LS7A"
Signed-off-by: NTianli Xiong <xiongtianli@loongson.cn>
Change-Id: I59f2de29370d5d9085254d8c4337f4bbcae99de0

LoongArch inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6BWFP

--------------------------------

Fix patch "LoongArch: Add PCI controller support"
Signed-off-by: NTianli Xiong <xiongtianli@loongson.cn>
Change-Id: I796b1224d8990fed952643adac491228d6541696

Merge Pull Request from: @Hongchen_Zhang 
 
add architecture related perf support for loongarch 
 
Link:https://gitee.com/openeuler/kernel/pulls/447 

Reviewed-by: Guo Dongtai <guodongtai@kylinos.cn> 
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> 
Acked-by: Zheng Zengkai <zhengzengkai@huawei.com> 

Merge Pull Request from: @Hongchen_Zhang 
 
Added simulation of csr devices, interrupt controller devices, mmu, 
timers, etc. in kvm under loongarch structure.
kvm-based acceleration for qemu applications on 5000 servers or 5000 
desktops with loongarch cpu

Characteristic Details: 
1) cpu 
  - Support up to 64 vcpu, support vcpu hot-plug
2) memory
  - Back-end memory supports normal huge pages and transparent huge pages
  - Support balloon 
  - Support memory hot-swap
3) Peripherals
  - Support standard interfaces PCI, SATA, SCSI, USB, virtio devices
  - Support multiple NICs, multiple disks
  - Supports hot-plug of devices
4) boot
  - Support UEFI bios boot
  - Support boot order
  - Direct kernel boot support
  - Support tpm
5) Migration
  - Support for virtual machine snapshots
  - Support for virtual machine saving and recovery
  - Support for shared storage migration
  - Support for incremental migration
  - Supports full copy migration of storage

Test passed with below step:
1、Install virt-manager
2、Install libvirt
3、Install qemu
4、Download loongarch's qcow2 file
5、Create a virtual machine on virtu-manager using the qcow2 file
6、Start the virtual machine and find that the virtual machine can run normally 
 
Link:https://gitee.com/openeuler/kernel/pulls/449 

Reviewed-by: Guo Dongtai <guodongtai@kylinos.cn> 
Reviewed-by: Kevin Zhu <zhukeqian1@huawei.com> 
Reviewed-by: Zheng Zengkai <zhengzengkai@huawei.com> 
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> 

LoongArch inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6BWFP

--------------------------------

KVM adapts to 5.10 kernel based on 4.19 kernel KVM code.
Signed-off-by: NXiangLai Li <lixianglai@loongson.cn>
Signed-off-by: NBibo Mao <maobibo@loongson.cn>

Change-Id: Iea4333d8e0905ab5c04c725defd0e4c421bfe916

mainline inclusion
from mainline-v6.1
commit 143d64bd
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6BWFP
CVE: NA

--------------------------------

From upstream commit 143d64bd

Function smp_send_reschedule() is standard kernel API, which is defined
in header file include/linux/smp.h. However, on LoongArch it is defined
as an inline function, this is confusing and kernel modules can not use
this function.

Now we define smp_send_reschedule() as a general function, and add a
EXPORT_SYMBOL_GPL on this function, so that kernel modules can use it.
Signed-off-by: NBibo Mao <maobibo@loongson.cn>
Signed-off-by: NHuacai Chen <chenhuacai@loongson.cn>
Change-Id: Iafc643ec9282b60ad211f86d66804f30f9932304

LoongArch inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6BWFP

--------------------------------

add initial kvm support.
Signed-off-by: Nqemudev <qemudev@loongson.cn>
Change-Id: I1f6d361dd54299d97748a360686171e2c34a203c

Merge Pull Request from: @Hongchen_Zhang 
 
1. when compile for arm platform using make allmodconfig,compile error occurred at drivers/gpu/drm/loongson/lsdc_i2c.o.
So we add the required io.h to make it fine.
2. fix drivers/vfio/pci/vfio_pci_rdwr.c compile error on LoongArch by change the 
  definition of iounmap. 
 
Link:https://gitee.com/openeuler/kernel/pulls/466 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com> 

LoongArch inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I6LL93

----------------------------------------
1. when compiling at arm32 using make allmodconfig,error occurred
  caused by no including the required header file, so force to
  include the required file.
2. fix drivers/vfio/pci/vfio_pci_rdwr.c compile error on LoongArch
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
Signed-off-by: NHongchen Zhang <zhanghongchen@loongson.cn>

Merge Pull Request from: @sanglipeng 
 
Pull new CVEs:
CVE-2023-23000

driver bugfix from Sang Lipeng 
 
Link:https://gitee.com/openeuler/kernel/pulls/458 

Reviewed-by: Yue Haibing <yuehaibing@huawei.com> 
Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com> 

Merge Pull Request from: @zhangjialin11 
 
Revert "scsi: fix iscsi rescan fails to create block"
This commit has a soft lock problem. 
 
Link:https://gitee.com/openeuler/kernel/pulls/465 

Reviewed-by: Zheng Zengkai <zhengzengkai@huawei.com> 
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> 

hulk inclusion
category: bugfix
bugzilla: 188150, https://gitee.com/openeuler/kernel/issues/I643OL

----------------------------------------

This reverts commit 3b649a02.

This commit has a soft lock problem:

watchdog: BUG: soft lockup - CPU#22 stuck for 67s! [iscsid:16369]
 Call Trace:
  scsi_remove_target+0x548/0x7b0
  ? sdev_store_delete+0x90/0x90
  ? __mutex_lock_slowpath+0x10/0x10
  ? device_remove_class_symlinks+0x1b0/0x1b0
  __iscsi_unbind_session+0x16b/0x250 [scsi_transport_iscsi]
  iscsi_remove_session+0x1d3/0x2f0 [scsi_transport_iscsi]
  iscsi_session_remove+0x5c/0x80 [libiscsi]
  iscsi_sw_tcp_session_destroy+0xd3/0x160 [iscsi_tcp]
  iscsi_if_rx+0x2369/0x5060 [scsi_transport_iscsi]

The reason is that if other threads hold the reference count of the
kobject while waiting for the device to be released, it will keep
waiting in a loop.

Fixes: 3b649a02 ("scsi: fix iscsi rescan fails to create block")
Signed-off-by: NZhong Jinghua <zhongjinghua@huawei.com>
Reviewed-by: NHou Tao <houtao1@huawei.com>
Signed-off-by: NJialin Zhang <zhangjialin11@huawei.com>

Merge Pull Request from: @stinft 
 
Feature information:
1.RDMA/hns: Support hns HW stats
Support query hns HW stats to help debugging several issues.
2.RDMA/hns: Add dfx cnt stats
Add more dfx cnt to help diagnosis. And this stats could be got by
sysfs or rdmatool.
bugzilla：https://gitee.com/openeuler/kernel/issues/I6GSZL 
 
Link:https://gitee.com/openeuler/kernel/pulls/427 

Reviewed-by: Yue Haibing <yuehaibing@huawei.com> 
Reviewed-by: Zheng Zengkai <zhengzengkai@huawei.com> 
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> 

Merge Pull Request from: @yiyangyang 
 
Landlock: unprivileged access control
The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. Because Landlock is a stackable LSM, it makes possible to create safe security sandboxes as new security layers in addition to the existing system-wide access-controls. This kind of sandbox is expected to help mitigate the security impact of bugs or unexpected/malicious behaviors in user space applications. Landlock empowers any process, including unprivileged ones, to securely restrict themselves.

This feature involves 14 patches. Related links are as follows:
1. landlock: Add object management
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90945448e9830aa1b39d7acaa4e0724a001e2ff8
2. landlock: Add ruleset and domain management
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ae271c1b14de343b888e77f74f640e3dcbdeb4c9
3. landlock: Set up the security framework and manage credentials
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=385975dca53eb41031d0cbd1de318eb1bc5d6bb9
4. landlock: Add ptrace restrictions
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=afe81f754117dd96853677c5cb815f49abef0ba0
5. LSM: Infrastructure management of the superblock
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1aea7808372eee4ad01f98e064c88c57f1e94855
6. fs,security: Add sb_delete hook
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83e804f0bfee2247b1c0aa64845c81a38562da7a
7. landlock: Support filesystem access-control
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb2c7d1a1776057c9a1f48ed1250d85e94d4850d
8. landlock: Add syscall implementations
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=265885daf3e5082eb9f6e2a23bdbf9ba4456a21b
9. arch: Wire up Landlock syscalls
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a49f4f81cb48925e8d7cbd9e59068f516e984144
10. selftests/landlock: Add user space tests
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e1199815b47be83346c03e20a3de76f934e4bb34
11. samples/landlock: Add a sandbox manager example
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ba84b0bf5a164f0f523656c1e37568c30f3f3303
12. landlock: Add user and kernel documentation
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5526b450834331d9196cae26acef0bfd5afd9fc4
13. landlock: Enable user space to infer supported features
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3532b0b4352ce79400b0aa68414f1a0fc422b920
14. landlock: Use square brackets around "landlock-ruleset"
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aea0b9f2486da8497f35c7114b764bf55e17c7ea 
 
Link:https://gitee.com/openeuler/kernel/pulls/388 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com> 
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com> 

Merge Pull Request from: @guzitao 
 
These patches generally cover the following tasks:

1.optimize kernel cores, remove unused codes, fix compile errors
2.fixes for perf, iommu
3.add support, add CONFIG_THREAD_INFO_IN_TASK support, support SIMD IO access in guest, add DVFS support 
 
Link:https://gitee.com/openeuler/kernel/pulls/425 

Reviewed-by: Zheng Zengkai <zhengzengkai@huawei.com> 
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> 

Merge Pull Request from: @Hongchen_Zhang 
 
- add cpufreq support
- add gpio support
- add i2c support
- add spi support
- add rtc support
- add gpio support
- add s3/s4 support
- add LS7A modesetting drivers upport
- add LSX/LASX support
- fix ltp prctl test error
- fix compile error when CONFIG_DEBUG_INFO_BTF enabled
 
 
Link:https://gitee.com/openeuler/kernel/pulls/444 

Reviewed-by: Zheng Zengkai <zhengzengkai@huawei.com> 
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> 

driver inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6GSZL

---------------------------------------------------------------

Add more dfx cnt to help diagnosis. And this stats could be got by
sysfs or rdmatool.
Signed-off-by: NChengchang Tang <tangchengchang@huawei.com>
Reviewed-by: NYangyang Li <liyangyang20@huawei.com>

Merge Pull Request from: @zhangjialin11 
 
Pull new CVEs:
CVE-2023-1118
CVE-2023-1073
CVE-2022-27672
CVE-2023-0461
CVE-2023-1075
CVE-2023-22995
CVE-2023-26607
CVE-2023-1078
CVE-2023-1076

net bugfix from Zhang Changzhong
md bugfixes from Yu Kuai
blk-mq bugfix from Yu Kuai
fs bugfixes from Baokun Li and Zhihao Cheng
ring-buffer bugfix from Zheng Yejian 
 
Link:https://gitee.com/openeuler/kernel/pulls/456 

Reviewed-by: Zheng Zengkai <zhengzengkai@huawei.com> 
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> 

mainline inclusion
from mainline-v5.18-rc1
commit aea0b9f2
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aea0b9f2486da8497f35c7114b764bf55e17c7ea

--------------------------------

Make the name of the anon inode fd "[landlock-ruleset]" instead of
"landlock-ruleset". This is minor but most anon inode fds already
carry square brackets around their name:

    [eventfd]
    [eventpoll]
    [fanotify]
    [fscontext]
    [io_uring]
    [pidfd]
    [signalfd]
    [timerfd]
    [userfaultfd]

For the sake of consistency lets do the same for the landlock-ruleset anon
inode fd that comes with landlock. We did the same in
1cdc415f ("uapi, fsopen: use square brackets around "fscontext" [ver #2]")
for the new mount api.

Cc: linux-security-module@vger.kernel.org
Signed-off-by: NChristian Brauner <christian.brauner@ubuntu.com>
Link: https://lore.kernel.org/r/20211011133704.1704369-1-brauner@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit 3532b0b4
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3532b0b4352ce79400b0aa68414f1a0fc422b920

--------------------------------

Add a new flag LANDLOCK_CREATE_RULESET_VERSION to
landlock_create_ruleset(2).  This enables to retreive a Landlock ABI
version that is useful to efficiently follow a best-effort security
approach.  Indeed, it would be a missed opportunity to abort the whole
sandbox building, because some features are unavailable, instead of
protecting users as much as possible with the subset of features
provided by the running kernel.

This new flag enables user space to identify the minimum set of Landlock
features supported by the running kernel without relying on a filesystem
interface (e.g. /proc/version, which might be inaccessible) nor testing
multiple syscall argument combinations (i.e. syscall bisection).  New
Landlock features will be documented and tied to a minimum version
number (greater than 1).  The current version will be incremented for
each new kernel release supporting new Landlock features.  User space
libraries can leverage this information to seamlessly restrict processes
as much as possible while being compatible with newer APIs.

This is a much more lighter approach than the previous
landlock_get_features(2): the complexity is pushed to user space
libraries.  This flag meets similar needs as securityfs versions:
selinux/policyvers, apparmor/features/*/version* and tomoyo/version.

Supporting this flag now will be convenient for backward compatibility.

Cc: Arnd Bergmann <arnd@arndb.de>
Cc: James Morris <jmorris@namei.org>
Cc: Jann Horn <jannh@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Link: https://lore.kernel.org/r/20210422154123.13086-14-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit 5526b450
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5526b450834331d9196cae26acef0bfd5afd9fc4

--------------------------------

Add a first document describing userspace API: how to define and enforce
a Landlock security policy.  This is explained with a simple example.
The Landlock system calls are described with their expected behavior and
current limitations.

Another document is dedicated to kernel developers, describing guiding
principles and some important kernel structures.

This documentation can be built with the Sphinx framework.

Cc: James Morris <jmorris@namei.org>
Cc: Jann Horn <jannh@google.com>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: NVincent Dagonneau <vincent.dagonneau@ssi.gouv.fr>
Reviewed-by: NKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422154123.13086-13-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit ba84b0bf
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ba84b0bf5a164f0f523656c1e37568c30f3f3303

--------------------------------

Add a basic sandbox tool to launch a command which can only access a
list of file hierarchies in a read-only or read-write way.

Cc: James Morris <jmorris@namei.org>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: NJann Horn <jannh@google.com>
Reviewed-by: NKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422154123.13086-12-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit e1199815
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e1199815b47be83346c03e20a3de76f934e4bb34

--------------------------------

Test all Landlock system calls, ptrace hooks semantic and filesystem
access-control with multiple layouts.

Test coverage for security/landlock/ is 93.6% of lines.  The code not
covered only deals with internal kernel errors (e.g. memory allocation)
and race conditions.

Cc: James Morris <jmorris@namei.org>
Cc: Jann Horn <jannh@google.com>
Cc: Serge E. Hallyn <serge@hallyn.com>
Cc: Shuah Khan <shuah@kernel.org>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: NVincent Dagonneau <vincent.dagonneau@ssi.gouv.fr>
Reviewed-by: NKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422154123.13086-11-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit a49f4f81
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a49f4f81cb48925e8d7cbd9e59068f516e984144

--------------------------------

Wire up the following system calls for all architectures:
* landlock_create_ruleset(2)
* landlock_add_rule(2)
* landlock_restrict_self(2)

Cc: Arnd Bergmann <arnd@arndb.de>
Cc: James Morris <jmorris@namei.org>
Cc: Jann Horn <jannh@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Link: https://lore.kernel.org/r/20210422154123.13086-10-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>

conflicts:
	arch/alpha/kernel/syscalls/syscall.tbl
	arch/arm/tools/syscall.tbl
	arch/arm64/include/asm/unistd32.h
	arch/ia64/kernel/syscalls/syscall.tbl
	arch/m68k/kernel/syscalls/syscall.tbl
	arch/microblaze/kernel/syscalls/syscall.tbl
	arch/mips/kernel/syscalls/syscall_n32.tbl
	arch/mips/kernel/syscalls/syscall_n64.tbl
	arch/mips/kernel/syscalls/syscall_o32.tbl
	arch/parisc/kernel/syscalls/syscall.tbl
	arch/powerpc/kernel/syscalls/syscall.tbl
	arch/s390/kernel/syscalls/syscall.tbl
	arch/sh/kernel/syscalls/syscall.tbl
	arch/sparc/kernel/syscalls/syscall.tbl
	arch/x86/entry/syscalls/syscall_32.tbl
	arch/x86/entry/syscalls/syscall_64.tbl
	arch/xtensa/kernel/syscalls/syscall.tbl
	include/uapi/asm-generic/unistd.h
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit 265885da
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=265885daf3e5082eb9f6e2a23bdbf9ba4456a21b

--------------------------------

These 3 system calls are designed to be used by unprivileged processes
to sandbox themselves:
* landlock_create_ruleset(2): Creates a ruleset and returns its file
  descriptor.
* landlock_add_rule(2): Adds a rule (e.g. file hierarchy access) to a
  ruleset, identified by the dedicated file descriptor.
* landlock_restrict_self(2): Enforces a ruleset on the calling thread
  and its future children (similar to seccomp).  This syscall has the
  same usage restrictions as seccomp(2): the caller must have the
  no_new_privs attribute set or have CAP_SYS_ADMIN in the current user
  namespace.

All these syscalls have a "flags" argument (not currently used) to
enable extensibility.

Here are the motivations for these new syscalls:
* A sandboxed process may not have access to file systems, including
  /dev, /sys or /proc, but it should still be able to add more
  restrictions to itself.
* Neither prctl(2) nor seccomp(2) (which was used in a previous version)
  fit well with the current definition of a Landlock security policy.

All passed structs (attributes) are checked at build time to ensure that
they don't contain holes and that they are aligned the same way for each
architecture.

See the user and kernel documentation for more details (provided by a
following commit):
* Documentation/userspace-api/landlock.rst
* Documentation/security/landlock.rst

Cc: Arnd Bergmann <arnd@arndb.de>
Cc: James Morris <jmorris@namei.org>
Cc: Jann Horn <jannh@google.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Acked-by: NSerge Hallyn <serge@hallyn.com>
Link: https://lore.kernel.org/r/20210422154123.13086-9-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>

conflicts:
	include/linux/syscalls.h
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit cb2c7d1a
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb2c7d1a1776057c9a1f48ed1250d85e94d4850d

--------------------------------

Using Landlock objects and ruleset, it is possible to tag inodes
according to a process's domain.  To enable an unprivileged process to
express a file hierarchy, it first needs to open a directory (or a file)
and pass this file descriptor to the kernel through
landlock_add_rule(2).  When checking if a file access request is
allowed, we walk from the requested dentry to the real root, following
the different mount layers.  The access to each "tagged" inodes are
collected according to their rule layer level, and ANDed to create
access to the requested file hierarchy.  This makes possible to identify
a lot of files without tagging every inodes nor modifying the
filesystem, while still following the view and understanding the user
has from the filesystem.

Add a new ARCH_EPHEMERAL_INODES for UML because it currently does not
keep the same struct inodes for the same inodes whereas these inodes are
in use.

This commit adds a minimal set of supported filesystem access-control
which doesn't enable to restrict all file-related actions.  This is the
result of multiple discussions to minimize the code of Landlock to ease
review.  Thanks to the Landlock design, extending this access-control
without breaking user space will not be a problem.  Moreover, seccomp
filters can be used to restrict the use of syscall families which may
not be currently handled by Landlock.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Cc: James Morris <jmorris@namei.org>
Cc: Jann Horn <jannh@google.com>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Richard Weinberger <richard@nod.at>
Cc: Serge E. Hallyn <serge@hallyn.com>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Link: https://lore.kernel.org/r/20210422154123.13086-8-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit 83e804f0
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=83e804f0bfee2247b1c0aa64845c81a38562da7a

--------------------------------

The sb_delete security hook is called when shutting down a superblock,
which may be useful to release kernel objects tied to the superblock's
lifetime (e.g. inodes).

This new hook is needed by Landlock to release (ephemerally) tagged
struct inodes.  This comes from the unprivileged nature of Landlock
described in the next commit.

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: NJann Horn <jannh@google.com>
Acked-by: NSerge Hallyn <serge@hallyn.com>
Reviewed-by: NKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422154123.13086-7-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit 1aea7808
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1aea7808372eee4ad01f98e064c88c57f1e94855

--------------------------------

Move management of the superblock->sb_security blob out of the
individual security modules and into the security infrastructure.
Instead of allocating the blobs from within the modules, the modules
tell the infrastructure how much space is required, and the space is
allocated there.

Cc: John Johansen <john.johansen@canonical.com>
Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: NStephen Smalley <stephen.smalley.work@gmail.com>
Acked-by: NSerge Hallyn <serge@hallyn.com>
Reviewed-by: NKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422154123.13086-6-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>

conflicts:
	security/selinux/hooks.c
	security/selinux/ss/services.c
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit afe81f75
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=afe81f754117dd96853677c5cb815f49abef0ba0

--------------------------------

Using ptrace(2) and related debug features on a target process can lead
to a privilege escalation.  Indeed, ptrace(2) can be used by an attacker
to impersonate another task and to remain undetected while performing
malicious activities.  Thanks to  ptrace_may_access(), various part of
the kernel can check if a tracer is more privileged than a tracee.

A landlocked process has fewer privileges than a non-landlocked process
and must then be subject to additional restrictions when manipulating
processes. To be allowed to use ptrace(2) and related syscalls on a
target process, a landlocked process must have a subset of the target
process's rules (i.e. the tracee must be in a sub-domain of the tracer).

Cc: James Morris <jmorris@namei.org>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: NJann Horn <jannh@google.com>
Acked-by: NSerge Hallyn <serge@hallyn.com>
Reviewed-by: NKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422154123.13086-5-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit 385975dc
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=385975dca53eb41031d0cbd1de318eb1bc5d6bb9

--------------------------------

Process's credentials point to a Landlock domain, which is underneath
implemented with a ruleset.  In the following commits, this domain is
used to check and enforce the ptrace and filesystem security policies.
A domain is inherited from a parent to its child the same way a thread
inherits a seccomp policy.

Cc: James Morris <jmorris@namei.org>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: NJann Horn <jannh@google.com>
Acked-by: NSerge Hallyn <serge@hallyn.com>
Reviewed-by: NKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422154123.13086-4-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit ae271c1b
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ae271c1b14de343b888e77f74f640e3dcbdeb4c9

--------------------------------

A Landlock ruleset is mainly a red-black tree with Landlock rules as
nodes.  This enables quick update and lookup to match a requested
access, e.g. to a file.  A ruleset is usable through a dedicated file
descriptor (cf. following commit implementing syscalls) which enables a
process to create and populate a ruleset with new rules.

A domain is a ruleset tied to a set of processes.  This group of rules
defines the security policy enforced on these processes and their future
children.  A domain can transition to a new domain which is the
intersection of all its constraints and those of a ruleset provided by
the current process.  This modification only impact the current process.
This means that a process can only gain more constraints (i.e. lose
accesses) over time.

Cc: James Morris <jmorris@namei.org>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Acked-by: NSerge Hallyn <serge@hallyn.com>
Reviewed-by: NKees Cook <keescook@chromium.org>
Reviewed-by: NJann Horn <jannh@google.com>
Link: https://lore.kernel.org/r/20210422154123.13086-3-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: NYi Yang <yiyang13@huawei.com>

mainline inclusion
from mainline-v5.13-rc1
commit 90945448
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I6DJU0
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90945448e9830aa1b39d7acaa4e0724a001e2ff8

--------------------------------

A Landlock object enables to identify a kernel object (e.g. an inode).
A Landlock rule is a set of access rights allowed on an object.  Rules
are grouped in rulesets that may be tied to a set of processes (i.e.
subjects) to enforce a scoped access-control (i.e. a domain).

Because Landlock's goal is to empower any process (especially
unprivileged ones) to sandbox themselves, we cannot rely on a
system-wide object identification such as file extended attributes.
Indeed, we need innocuous, composable and modular access-controls.

The main challenge with these constraints is to identify kernel objects
while this identification is useful (i.e. when a security policy makes
use of this object).  But this identification data should be freed once
no policy is using it.  This ephemeral tagging should not and may not be
written in the filesystem.  We then need to manage the lifetime of a
rule according to the lifetime of its objects.  To avoid a global lock,
this implementation make use of RCU and counters to safely reference
objects.

A following commit uses this generic object management for inodes.

Cc: James Morris <jmorris@namei.org>
Signed-off-by: NMickaël Salaün <mic@linux.microsoft.com>
Reviewed-by: NJann Horn <jannh@google.com>
Acked-by: NSerge Hallyn <serge@hallyn.com>
Reviewed-by: NKees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20210422154123.13086-2-mic@digikod.netSigned-off-by: NJames Morris <jamorris@linux.microsoft.com>
Signed-off-by: NYi Yang <yiyang13@huawei.com>

stable inclusion
from stable-v5.10.169
commit 045a31b9
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6IXQP
CVE: CVE-2023-23000

Reference: https://github.com/torvalds/linux/commit/045a31b95509c8f25f5f04ec5e0dec5cd09f2c5f

--------------------------------

commit 045a31b9 upstream.

callers of tegra_xusb_find_port_node() function only do NULL checking for
the return value. return NULL instead of ERR_PTR(-ENOMEM) to keep
consistent.
Signed-off-by: NMiaoqian Lin <linmq006@gmail.com>
Acked-by: NThierry Reding <treding@nvidia.com>
Link: https://lore.kernel.org/r/20211213020507.1458-1-linmq006@gmail.comSigned-off-by: NVinod Koul <vkoul@kernel.org>
Signed-off-by: Nsanglipeng <sanglipeng1@jd.com>

Merge Pull Request from: @steven-song3 
 
Introduce map_queue in sssraid module for performance enhancement.

Quality reinforcement content:

1. use bsg_remove_queue replace sssraid_remove_bsg to
address insufficient resource release.
2. set pdev private data to NULL when probe process
failed to prevent accessing null pointers in next
possible exit process.
3. modifications for code review recommendations. 
 
Link:https://gitee.com/openeuler/kernel/pulls/426 

Reviewed-by: Zheng Zengkai <zhengzengkai@huawei.com> 
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> 

mainline inclusion
from mainline-v6.3-rc1
commit 29b0589a
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6IW01
CVE: CVE-2023-1118

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.3-rc1&id=29b0589a865b6f66d141d79b2dd1373e4e50fe17

--------------------------------

When the ene device is detaching, function ene_remove() will
be called. But there is no function to cancel tx_sim_timer
in ene_remove(), the timer handler ene_tx_irqsim() could race
with ene_remove(). As a result, the UAF bugs could happen,
the process is shown below.

    (cleanup routine)          |        (timer routine)
                               | mod_timer(&dev->tx_sim_timer, ..)
ene_remove()                   | (wait a time)
                               | ene_tx_irqsim()
                               |   dev->hw_lock //USE
                               |   ene_tx_sample(dev) //USE

Fix by adding del_timer_sync(&dev->tx_sim_timer) in ene_remove(),
The tx_sim_timer could stop before ene device is deallocated.

What's more, The rc_unregister_device() and del_timer_sync()
should be called first in ene_remove() and the deallocated
functions such as free_irq(), release_region() and so on
should be called behind them. Because the rc_unregister_device()
is well synchronized. Otherwise, race conditions may happen. The
situations that may lead to race conditions are shown below.

Firstly, the rx receiver is disabled with ene_rx_disable()
before rc_unregister_device() in ene_remove(), which means it
can be enabled again if a process opens /dev/lirc0 between
ene_rx_disable() and rc_unregister_device().

Secondly, the irqaction descriptor is freed by free_irq()
before the rc device is unregistered, which means irqaction
descriptor may be accessed again after it is deallocated.

Thirdly, the timer can call ene_tx_sample() that can write
to the io ports, which means the io ports could be accessed
again after they are deallocated by release_region().

Therefore, the rc_unregister_device() and del_timer_sync()
should be called first in ene_remove().

Suggested by: Sean Young <sean@mess.org>

Fixes: 9ea53b74 ("V4L/DVB: STAGING: remove lirc_ene0100 driver")
Signed-off-by: NDuoming Zhou <duoming@zju.edu.cn>
Signed-off-by: NSean Young <sean@mess.org>
Signed-off-by: NMauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: NRen Zhijie <renzhijie2@huawei.com>
Reviewed-by: Nsongping yu <yusongping@huawei.com>
Reviewed-by: NZhang Qiao <zhangqiao22@huawei.com>
Reviewed-by: Nchenhui <judy.chenhui@huawei.com>
Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: NJialin Zhang <zhangjialin11@huawei.com>

stable inclusion
from stable-v5.10.166
commit 20fd4598762e2d717deb64ef028e6f5f587ac2a6
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6KCIO
CVE: CVE-2023-1073

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=20fd4598762e2d717deb64ef028e6f5f587ac2a6

--------------------------------

Add a check for empty report_list in bigben_probe().
The missing check causes a type confusion when issuing a list_entry()
on an empty report_list.
The problem is caused by the assumption that the device must
have valid report_list. While this will be true for all normal HID
devices, a suitably malicious device can violate the assumption.

Fixes: 256a90ed ("HID: hid-bigbenff: driver for BigBen Interactive PS3OFMINIPAD gamepad")
Signed-off-by: NPietro Borrello <borrello@diag.uniroma1.it>
Signed-off-by: NJiri Kosina <jkosina@suse.cz>
Signed-off-by: NLin Yujun <linyujun809@huawei.com>
Reviewed-by: NLiao Chang <liaochang1@huawei.com>
Reviewed-by: NZhang Jianhua <chris.zjh@huawei.com>
Signed-off-by: NJialin Zhang <zhangjialin11@huawei.com>