hulk inclusion
category: feature
bugzilla: 5391/28338/24634
CVE: NA

-----------------------------------------------

The kpatch-build processes the __jump_table special section,
and only the jump_lable used by the changed functions will be
included in __jump_table section, and the livepatch should
process the tracepoint again after the dynamic relocation.

NOTE: adding new tracepoints definition is not supported.
Signed-off-by: NCheng Jian <cj.chengjian@huawei.com>
Reviewed-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

mainline inclusion
from v5.3-rc1
commit 40ca0ce56d4b
category: bugfix
bugzilla: 19923
CVE: NA
---------------------------

Comparing the arm-arm's  pseudocode for AArch64.PCAlignmentFault() with
AArch64.SPAlignmentFault() shows that SP faults don't copy the faulty-SP
to FAR_EL1, but this is where we read from, and the address we provide
to user-space with the BUS_ADRALN signal.

For user-space this value will be UNKNOWN due to the previous ERET to
user-space. If the last value is preserved, on systems with KASLR or KPTI
this will be the user-space link-register left in FAR_EL1 by tramp_exit().
Fix this to retrieve the original sp_el0 value, and pass this to
do_sp_pc_fault().

SP alignment faults from EL1 will cause us to take the fault again when
trying to store the pt_regs. This eventually takes us to the overflow
stack. Remove the ESR_ELx_EC_SP_ALIGN check as we will never make it
this far.

Fixes: 60ffc30d ("arm64: Exception handling")
Signed-off-by: NJames Morse <james.morse@arm.com>
[will: change label name and fleshed out comment]
Signed-off-by: NWill Deacon <will@kernel.org>
Signed-off-by: NHongbo Yao <yaohongbo@huawei.com>
Reviewed-by: NXuefeng Wang <wxf.wang@hisilicon.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

mainline inclusion
from mainline-5.2-rc1
commit 02166b88d376
category: bugfix
bugzilla: NA
CVE: NA

-------------------------------------------------

This prepares to move CONFIG_OPTIMIZE_INLINING from x86 to a common
place.  We need to eliminate potential issues beforehand.

If it is enabled for arm64, the following errors are reported:

  In file included from include/linux/compiler_types.h:68,
                   from <command-line>:
  arch/arm64/include/asm/jump_label.h: In function 'cpus_have_const_cap':
  include/linux/compiler-gcc.h:120:38: warning: asm operand 0 probably doesn't match constraints
   #define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
                                        ^~~
  arch/arm64/include/asm/jump_label.h:32:2: note: in expansion of macro 'asm_volatile_goto'
    asm_volatile_goto(
    ^~~~~~~~~~~~~~~~~
  include/linux/compiler-gcc.h:120:38: error: impossible constraint in 'asm'
   #define asm_volatile_goto(x...) do { asm goto(x); asm (""); } while (0)
                                        ^~~
  arch/arm64/include/asm/jump_label.h:32:2: note: in expansion of macro 'asm_volatile_goto'
    asm_volatile_goto(
    ^~~~~~~~~~~~~~~~~

Link: http://lkml.kernel.org/r/20190423034959.13525-3-yamada.masahiro@socionext.comSigned-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
Tested-by: NMark Rutland <mark.rutland@arm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Boris Brezillon <bbrezillon@kernel.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Brian Norris <computersforpeace@gmail.com>
Cc: Christophe Leroy <christophe.leroy@c-s.fr>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Marek Vasut <marek.vasut@gmail.com>
Cc: Mathieu Malaterre <malat@debian.org>
Cc: Miquel Raynal <miquel.raynal@bootlin.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Richard Weinberger <richard@nod.at>
Cc: Russell King <rmk+kernel@arm.linux.org.uk>
Cc: Stefan Agner <stefan@agner.ch>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: NHanjun Guo <guohanjun@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

mainline inclusion
from mainline-5.2-rc5
commit 3fd00beb14a5
category: bugfix
bugzilla: 16697
CVE: NA

-------------------------------------------------

Commit 1cf24a2cc3fd

  ("arm64/module: deal with ambiguity in PRELxx relocation ranges")

updated the overflow checking logic in the relocation handling code to
ensure that PREL16/32 relocations don't overflow signed quantities.

However, the same code path is used for absolute relocations, where the
interpretation is the opposite: the only current use case for absolute
relocations operating on non-native word size quantities is the CRC32
handling in the CONFIG_MODVERSIONS code, and these CRCs are unsigned
32-bit quantities, which are now being rejected by the module loader
if bit 31 happens to be set.

So let's use different ranges for quanties subject to absolute vs.
relative relocations:
- ABS16/32 relocations should be in the range [0, Uxx_MAX)
- PREL16/32 relocations should be in the range [Sxx_MIN, Sxx_MAX)
- otherwise, print an error since no other 16 or 32 bit wide data
  relocations are currently supported.
Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: NWill Deacon <will.deacon@arm.com>
Signed-off-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: NHanjun Guo <guohanjun@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

mainline inclusion
from mainline-5.2-rc2
commit 1cf24a2cc3fd
category: bugfix
bugzilla: 16697
CVE: NA

-------------------------------------------------

The R_AARCH64_PREL16 and R_AARCH64_PREL32 relocations are
documented as permitting a range of [-2^15 .. 2^16), resp.
[-2^31 .. 2^32). It is also documented that this means we
cannot detect overflow in some cases, which is bad.

Since we always interpret the targets of these relocations as
signed quantities (e.g., in the ksymtab handling code), let's
tighten the overflow checks so that targets that are out of
range for our signed interpretation of the relocated quantity
get flagged.
Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: NWill Deacon <will.deacon@arm.com>
Signed-off-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: NHanjun Guo <guohanjun@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

mainline inclusion
from mainline-5.6-rc1
commit dec0a81
category: bugfix
bugzilla: 30365
CVE: NA

-------------------------------------------------

Add ACPI HID HISI02A3 for Hisilicon Hip08 Lite, which has different
clock frequency from Hip08 for I2C controller.
Tested-by: NSheng Feng <fengsheng5@huawei.com>
Signed-off-by: NHanjun Guo <guohanjun@huawei.com>
Acked-by: NNikula <jarkko.nikula@linux.intel.com>
Reviewed-by: NAndy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: NHanjun Guo <guohanjun@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

mainline inclusion
from mainline-5.6-rc1
commit c01a4a1
category: bugfix
bugzilla: 30365
CVE: NA

-------------------------------------------------

I2C clock frequency of Designware ip for Hisilicon Hip08 Lite
is 125M, use a new ACPI HID to enable it.
Tested-by: NSheng Feng <fengsheng5@huawei.com>
Signed-off-by: NHanjun Guo <guohanjun@huawei.com>
Reviewed-by: NJarkko Nikula <jarkko.nikula@linux.intel.com>
Signed-off-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com>

Conflicts:
	drivers/acpi/acpi_apd.c
Signed-off-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: NHanjun Guo <guohanjun@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

In this patch, we try to change depth of qm_get_avail_sqe.
For hardware qm, 1023 sqe is full. When sqe reaches 1024, qm sqe
tail equal to head, which will be treated as empty queue, causing
packet loss.
Signed-off-by: NYu'an Wang <wangyuan46@huawei.com>
Reviewed-by: NMingqiang Ling <lingmingqiang@huawei.com>
Reviewed-by: NGuangwei Zhou <zhouguangwei5@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: 4472

-----------------------------------------------------------------------

When the VF is performing the updown operation and receiving packets at the
same time, the NIC may report the 5d0 error during the PF hot upgrade NIC
firmware.
In order to solve the problem, VF driver and PF driver must wait for the
meassage that vport is disabled by NIC firmware. Then driver can release tx
and rx resources. So we set Mbox timeout equals to 30 seconds, api cmd
timeout equals to 25 seconds and cmdq timeout equals to 5 seconds.
Signed-off-by: NShaozhengchao <shaozhengchao@huawei.com>
Reviewed-by: NLuoshaokai <luoshaokai@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

-----------------------------

This patch is used to fix the Plastic overflow error,
and remove redundant code
Signed-off-by: Nyoushengzui <youshengzui@huawei.com>
Reviewed-by: NWeiwei Deng <dengweiwei@huawei.com>
Reviewed-by: NZhaohui Zhong <zhongzhaohui@huawei.com>
Reviewed-by: NJunxin Chen <chenjunxin1@huawei.com>
Reviewed-by: NZhong Zhaohui <zhongzhaohui@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

--------------------------

This patch is used to modify the hns3 driver version to 1.9.37.4
Signed-off-by: Nyoushengzui <youshengzui@huawei.com>
Reviewed-by: NWeiwei Deng <dengweiwei@huawei.com>
Reviewed-by: NZhaohui Zhong <zhongzhaohui@huawei.com>
Reviewed-by: NJunxin Chen <chenjunxin1@huawei.com>
Reviewed-by: NZhong Zhaohui <zhongzhaohui@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

-----------------------------

This patch adds additional handling which is missing in
commmit 108d36fe5d479dd3:

And this patch need to be merged with the above commit when
upstreaming.

Fixes: 108d36fe5d479dd3
("net: hns3: fix for fraglist skb headlen not handling correctly")
Signed-off-by: NYunsheng Lin <linyunsheng@huawei.com>
Reviewed-by: NPeng Li <lipeng321@huawei.com>
Reviewed-by: NWeiwei Deng <dengweiwei@huawei.com>
Reviewed-by: NZhaohui Zhong <zhongzhaohui@huawei.com>
Reviewed-by: NJunxing Chen <chenjunxin1@huawei.com>
Reviewed-by: NZhong Zhaohui <zhongzhaohui@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

------------------------------------

when the fraglist skb headlen is larger than zero, current code
still handle the fraglist skb linear data as frag data, which may
cause tx error.

This patch adds a new DESC_TYPE_FRAGLIST_SKB type to handle the
mapping and unmapping of the fraglist skb linear data buffer.
Signed-off-by: NYunsheng Lin <linyunsheng@huawei.com>
Reviewed-by: NPeng Li <lipeng321@huawei.com>
Reviewed-by: NWeiwei Deng <dengweiwei@huawei.com>
Reviewed-by: NZhaohui Zhong <zhongzhaohui@huawei.com>
Reviewed-by: NJunxing Chen <chenjunxin1@huawei.com>
Reviewed-by: NZhong Zhaohui <zhongzhaohui@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

---------------------------------------

This patch is used to modify the hns3 driver version to 1.9.37.3
Signed-off-by: NShengzui You <youshengzui@huawei.com>
Reviewed-by: NWeiwei Deng <dengweiwei@huawei.com>
Reviewed-by: NZhaohui Zhong <zhongzhaohui@huawei.com>
Reviewed-by: NJunxing Chen <chenjunxin1@huawei.com>
Reviewed-by: NZhong Zhaohui <zhongzhaohui@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

In this patch, we try to modify sec driver to adapt dm-crypt logic.
1.To avoid dm-crypt wait for timeout, we should call complete as soon
as possible to notify crypto driver to restart new io.
2. We add send/recv/send_busy/recv_busy/err_bd/done_flag cnt dfx for
software to judge current io state.
Signed-off-by: NYu'an Wang <wangyuan46@huawei.com>
Reviewed-by: NMingqiang Ling <lingmingqiang@huawei.com>
Reviewed-by: NGuangwei Zhou <zhouguangwei5@huawei.com>
Reviewed-by: NWeili Qian <qianweili@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

In this patch, we try to reinforce reset process logic in failure
scene. When reset failure occurs, we should set hw_err flag, clear
reset flag and isolate the device directly, which can notify user
process to stop sending and recycle the failed tasks. Because the
user process recycles tasks depending on the flag bit of cqe, we
should not clear it.
Signed-off-by: NYu'an Wang <wangyuan46@huawei.com>
Reviewed-by: NCheng Hu <hucheng.hu@huawei.com>
Reviewed-by: NGuangwei Zhou <zhouguangwei5@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

1.In this patch, we try to fix problem of decompress an empty file.
When we try to decompress an empty file by gzip, the way of changed
head_size is unreasonable. So we use fixed length head_size.
2.In crypto frame, "-EBUSY" means this request is successful, but stop
sending. So we should change the return.
3.We add some dfx to collect software send/recv/send_busy/err_bd cnt.
Signed-off-by: NYu'an Wang <wangyuan46@huawei.com>
Reviewed-by: NMingqiang Ling <lingmingqiang@huawei.com>
Reviewed-by: NGuangwei Zhou <zhouguangwei5@huawei.com>
Reviewed-by: NYang shen <shenyang39@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: feature
bugzilla: NA
CVE: NA

In this patch, we try to add dfx for io operation, including send/
recv/send_fail/send_busy. We also can define overtime_threshold to
judge timeout task.
Signed-off-by: NYu'an Wang <wangyuan46@huawei.com>
Reviewed-by: NMingqiang Ling <lingmingqiang@huawei.com>
Reviewed-by: NGuangwei Zhou <zhouguangwei5@huawei.com>
Reviewed-by: NYe Kai <yekai13@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: Bugfix
bugzilla: NA

This modification is mainly to optimize mtr management
 and solve mtr addressing bug:When mtt_ba_pg_sz = 0,
hem-> start / step = 1, which eventually results in an
 additional BA_BYTE_LEN added to the offset
Signed-off-by: NTao Jihua <taojihua4@huawei.com>
Reviewed-by: NHu Chunzhi <huchunzhi@huawei.com>
Reviewed-by: NWang Lin <wanglin137@huawei.com>
Reviewed-by: NZhao Weibo <zhaoweibo3@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: Bugfix
bugzilla: NA
CVE: NA

This modification is mainly to prevent the hem pointer from being emptied
during reset when reset and QP coupling are created, but the QP creation
process is not aware, and access to the null pointer occurs.
Signed-off-by: NTao Jihua <taojihua4@huawei.com>
Reviewed-by: NHu Chunzhi <huchunzhi@huawei.com>
Reviewed-by: NWang Lin <wanglin137@huawei.com>
Reviewed-by: NZhao Weibo <zhaoweibo3@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

1. we delete sec_usr_if.h, then move the define of sec hardware structure
into sec_crypto.h and normalize two structure types.
2. In sec_main.c, we remove fusion_limit/fusion_time, because this part of
logic is not used in the end. We also optimize the logic of debugfs without
judging some return codes, because this does not affect the driver loading.
Probe flow is also be optimized, including add sec_iommu_used_check, modify
sec_probe_init, realize sec_qm_pre_init and so on.
3. In sec.h, we define structure of sec_ctx, which defines queue/cipher/
request .etc relatives.
4. In sec_crypto.c，we encapsulate independent interfaces, such as init/
uninit/map/unmap/callback/alloc resource/free resource/encrypt/decrypt/
filling hardware descriptor/set key .etc, which removes fusion logic and is
easy to expand algorithm. Meanwhile, we remove DES algorithm support,
because of its weak key.
Signed-off-by: NYu'an Wang <wangyuan46@huawei.com>
Reviewed-by: NCheng Hu <hucheng.hu@huawei.com>
Reviewed-by: NGuangwei Zhou <zhouguangwei5@huawei.com>
Reviewed-by: NYe Kai <yekai13@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

In this patch, we try to optimize the way to set the maximum number
of VF, which is designed for compation with next hardware standards.
Then we remove invalid address parameter definition and assignment.
Meanwhile, the return code judgment of debugfs related functions is
deleted, because this does not affect the main function of driver.
Signed-off-by: NYu'an Wang <wangyuan46@huawei.com>
Reviewed-by: NCheng Hu <hucheng.hu@huawei.com>
Reviewed-by: NGuangwei Zhou <zhouguangwei5@huawei.com>
Reviewed-by: NJunxian Liu <liujunxian3@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

In this patch, we try to optimize logic of hw_reset flag setting for
user. Add tx stop flag before qm_stop_started_qp and add rx stop flag
after this function seem to be more reasonable, which can help us to
stop sending immediately in case of hardware error, mark correctly and
return error IO to upper layer.
Signed-off-by: NYu'an Wang <wangyuan46@huawei.com>
Reviewed-by: NCheng Hu <hucheng.hu@huawei.com>
Reviewed-by: NGuangwei Zhou <zhouguangwei5@huawei.com>
Reviewed-by: NShukun Tan <tanshukun1@huawei.com>
Reviewed-by: NZaibo Xu <xuzaibo@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

In this patch, we try to fixup the problem of wrong judgement of
used parameter. When the accelerator driver registers to crypto,
the self-test program will send task to hardware, the used para
will decrease in interrupt thread, but exit flow of crypto will
call hisi_qm_stop_qp_nolock function to stop queue, which try to
get value of used. In the above scene, it will appear to get the
value first and then decrease, which causes null pointer. So we
should distinguish fault handling process from normal stop process.
Signed-off-by: NYu'an Wang <wangyuan46@huawei.com>
Reviewed-by: NCheng Hu <hucheng.hu@huawei.com>
Reviewed-by: NGuangwei Zhou <zhouguangwei5@huawei.com>
Reviewed-by: NJunxian Liu <liujunxian3@huawei.com>
Reviewed-by: NShukun Tan <tanshukun1@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: bugfix
bugzilla: NA
CVE: NA

In this patch, we try to move accelerator drivers into qm module
to simplify code, including RAS/FLR/SRIOV and uacce_mode/pf_q_num/
vfs_num setting.
In qm.h we add mode_set/q_num_set/vf_num_set for accelerator to
realize module parm uacce_mode/pf_q_num/vfs_num setting.
In qm.c hisi_qm_add_to_list and hisi_qm_del_from_list can be called
to manage accelerators through hisi_qm_list. We additionally realize
hisi_qm_alloc_qps_node to fix the problem that device is found but
queue request fails. Because of RAS process flow/FLR process flow/
SRIOV config flow are consistent for different accelerator drivers,
so we add Corresponding interfaces.
Meanwhile, zip/hpre/sec/rde accelerator drivers should match changes
of qm, including RAS/FLR/SRIOV processing, module parms setting, queue
allocing.
Signed-off-by: NYu'an Wang <wangyuan46@huawei.com>
Reviewed-by: NCheng Hu <hucheng.hu@huawei.com>
Reviewed-by: NWei Zhang <zhangwei375@huawei.com>
Reviewed-by: NGuangwei Zhang <zhouguangwei5@huawei.com>
Reviewed-by: NJunxian Liu <liujunxian3@huawei.com>
Reviewed-by: NShukun Tan <tanshukun1@huawei.com>
Reviewed-by: NHao Fang <fanghao11@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: cleanup
bugzilla: NA
CVE: NA

1. localbus cleancode
Signed-off-by: Nfengsheng <fengsheng5@huawei.com>
Reviewed-by: Nzhangmu <zhangmu1@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: cleanup
bugzilla: NA
CVE: NA

1. sysctl cleancode
Signed-off-by: Nfengsheng <fengsheng5@huawei.com>
Reviewed-by: Nzhangmu <zhangmu1@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

driver inclusion
category: cleanup
bugzilla: NA
CVE: NA

1. sfc cleancode
Signed-off-by: Nfengsheng <fengsheng5@huawei.com>
Reviewed-by: Nzhangmu <zhangmu1@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

hulk inclusion
category: bugfix
bugzilla: 31369
CVE: NA

---------------------------

Our system encountered a use-after-free when re-register the same
kretprobe, it access the kretprobe_instance in rp->free_instances
which has been released already.

Prevent re-registration has been implemented for kprobe before, but
it's too late for kretprobe. We must check the re-registration before
re-initializing the kretprobe, otherwise it will destroy the data and
struct of the kretprobe registered, it can lead to use-after-free,
memory leak, system crash, and even other unexpected behaviors.

Use check_kprobe_rereg() to check re-registration, also give a warning
message.

Link: https://lkml.org/lkml/2020/3/6/167Signed-off-by: NCheng Jian <cj.chengjian@huawei.com>
Acked-by: NMasami Hiramatsu <mhiramat@kernel.org>
Reviewed-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

commit 42d84c8490f9f0931786f1623191fcab397c3d64 upstream.

Doing so, we save one call to get data we already have in the struct.

Also, since there is no guarantee that getname use sockaddr_ll
parameter beyond its size, we add a little bit of security here.
It should do not do beyond MAX_ADDR_LEN, but syzbot found that
ax25_getname writes more (72 bytes, the size of full_sockaddr_ax25,
versus 20 + 32 bytes of sockaddr_ll + MAX_ADDR_LEN in syzbot repro).

Fixes: 3a4d5c94 ("vhost_net: a kernel-level virtio server")
Reported-by: syzbot+f2a62d07a5198c819c7b@syzkaller.appspotmail.com
Signed-off-by: NEugenio Pérez <eperezma@redhat.com>
Acked-by: NMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

mainline inclusion
from mainline-v5.4-rc1
commit f82d1c7ca8ae1bf89e8d78c5ecb56b6b228c1a75
category: bugfix
bugzilla: 13690
CVE: CVE-2019-19816

-------------------------------------------------

This patch introduces the ability to check extent items.

This check involves:
- key->objectid check
  Basic alignment check.

- key->type check
  Against btrfs_extent_item::type and SKINNY_METADATA feature.

- key->offset alignment check for EXTENT_ITEM

- key->offset check for METADATA_ITEM

- item size check
  Both against minimal size and stepping check.

- btrfs_extent_item check
  Checks its flags and generation.

- btrfs_extent_inline_ref checks
  Against 4 types inline ref.
  Checks bytenr alignment and tree level.

- btrfs_extent_item::refs check
  Check against total refs found in inline refs.

This check would be the most complex single item check due to its nature
of inlined items.
Signed-off-by: NQu Wenruo <wqu@suse.com>
Reviewed-by: NDavid Sterba <dsterba@suse.com>
Signed-off-by: NDavid Sterba <dsterba@suse.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: NJason Yan <yanaijie@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

hulk inclusion
category: bugfix
bugzilla: 30213
CVE: CVE-2019-19770

---------------------------

If 'kobject_name(q->kobj.parent)' is too long, 'sprintf' will trigger
memory leak.

Fix the problem by removing device name from the name of new dir, and
replace 'sprintf' with 'snprintf'.

Fixes: commit 0ebb1affa76c ("block: rename 'q->debugfs_dir' and 'q->blk_trace->dir' in blk_unregister_queue()")
Signed-off-by: Nyu kuai <yukuai3@huawei.com>
Reviewed-by: NHou Tao <houtao1@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

hulk inclusion
category: bugfix
bugzilla: 31797
CVE: NA

--------------------------------

We come across a KASAN double-free issue which seems to be related with
this patch. Let's revert this patch for now.

This reverts commit 3449c349585d560f37db2fb938347eb37e78bcae.
Signed-off-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: NZhangXiaoxu <zhangxiaoxu5@huawei.com>
Reviewed-by: NHou Tao <houtao1@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

hulk inclusion
category: bugfix
bugzilla: 31797
CVE: NA

------------------------

We come across a KASAN double-free issue which seems to be related with
this patch. Let's revert this patch for now.

This reverts commit 865258a05a1e141f8d77f347d34e056013cbf61f.
Signed-off-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: NZhangXiaoxu <zhangxiaoxu5@huawei.com>
Reviewed-by: NHou Tao <houtao1@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

hulk inclusion
category: config
bugzilla: 31791
CVE: NA

Use this feature for blkio qos control in vm.

Link: https://gitee.com/open_euler/dashboard?issue_id=I1C9O2
Cc: Hailiang Zhang <zhang.zhanghailiang@huawei.com>
Cc: Zheng Bin <zhengbin13@huawei.com>
Signed-off-by: NXie XiuQi <xiexiuqi@huawei.com>
Reviewed-by: Nzhangyi (F) <yi.zhang@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

hulk inclusion
category: config
bugzilla: 31390
CVE: NA

Accessing sysfs-efivars interface '/sys/firmware/efi/vars' may have some
problem. We can access the new efivarfs interface
'/sys/firmware/efi/efivars' instead. So disable CONFIG_EFI_VARS and keep
CONFIG_EFIVAR_FS enabled.

Link: https://gitee.com/openeuler/kernel/issues/I1BN57Signed-off-by: NXiongfeng Wang <wangxiongfeng2@huawei.com>
Reviewed-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

hulk inclusion
category: bugfix
bugzilla: 13690
CVE: CVE-2019-19039

-------------------------------------------------

Avoid print register messages when ret is -ENOTENT.
Reviewed-by: NJason Yan <yanaijie@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

mainline inclusion
from mainline-5.2-rc6
commit 0ff2b018b02f
category: bugfix
bugzilla: 16811
CVE: NA

https://gitee.com/src-openeuler/cifs-utils/issues/I1C1QY?from=project-issue
-------------------------------------------------

RH Bugzilla: 1702264

We need to protect so that the call to smb2_reconnect() in
smb2_reconnect_server() does not end up freeing the session
because it can lead to a use after free and crash.
Reviewed-by: NAurelien Aptel <aaptel@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: NRonnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: NSteve French <stfrench@microsoft.com>
Reviewed-by: NPavel Shilovsky <pshilov@microsoft.com>
Conflicts:
  fs/cifs/cifsproto.h
  fs/cifs/connect.c
[yyl: make cifs_put_smb_ses() extern]
Reviewed-by: NZhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

hulk inclusion
category: bugfix
bugzilla: 31088
CVE: NA

---------------------------

If fdblocks < mp->m_alloc_set_aside, statp->f_bfree will overflow.
When we df -h /mnt(xfs mount point), will show this:
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop0       17M  -64Z  -32K 100% /mnt

We can construct an img like this:

dd if=/dev/zero of=xfs.img bs=1M count=20
mkfs.xfs -d agcount=1 xfs.img
xfs_db -x xfs.img
sb 0
write fdblocks 0
agf 0
write freeblks 0
write longest 0
quit

Make sure statp->f_bfree does not underflow.
Signed-off-by: NZheng Bin <zhengbin13@huawei.com>
Reviewed-by: NHou Tao <houtao1@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

hulk inclusion
category: bugfix
bugzilla: 31088
CVE: NA

---------------------------

Use fuzz(hydra) to test XFS and automatically generate
tmp.img(XFS v5 format, but some metadata is wrong)

xfs_repair information(just one AG):
agf_freeblks 0, counted 3224 in ag 0
agf_longest 0, counted 3224 in ag 0
sb_fdblocks 3228, counted 3224

Test as follows:
mount tmp.img tmpdir
cp file1M tmpdir
sync

In 4.19-stable, sync will stuck, while in linux-next, sync not stuck.
The reason is same to commit d0c7feaf8767
("xfs: add agf freeblocks verify in xfs_agf_verify"), cause agf_longest
is 0, we can not block this in xfs_agf_verify.

Make sure fdblocks is always inited in mount(also init ifree, icount).

xfs_mountfs
  xfs_check_summary_counts
    xfs_initialize_perag_data
Signed-off-by: NZheng Bin <zhengbin13@huawei.com>
Reviewed-by: NHou Tao <houtao1@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>