From 9e7dd610725091bc360371f3128164248d79f5b7 Mon Sep 17 00:00:00 2001
From: Kernel Build Daemon <kbuild@suse.de>
Date: Sep 05 2020 05:30:20 +0000
Subject: Merge branch 'SLE12-SP5' into SLE12-SP5-AZURE


---

diff --git a/blacklist.conf b/blacklist.conf
index 74efea9..05933bb 100644
--- a/blacklist.conf
+++ b/blacklist.conf
@@ -1615,3 +1615,4 @@ c4b4c2a78a9fc0c532c58504e8cb5441224ff1d9 # Breaks KABI for wb_reason and the dan
 41040cf7c5f0f26c368bc5d3016fed3a9ca6dba4 # No big-endian platform supported
 d071fd294f2474118629f4021a6a3dedef28e09f # Cosmetic
 2f0af8600e82e9f950fc32908386b9c639f88d48 # Applied in perf package
+2accfa69050c2a0d6fc6106f609208b3e9622b26 # just a missing prototype fix
diff --git a/patches.suse/ibmvnic-fix-NULL-tx_pools-and-rx_tools-issue-at-do_r.patch b/patches.suse/ibmvnic-fix-NULL-tx_pools-and-rx_tools-issue-at-do_r.patch
index b392254..5468f62 100644
--- a/patches.suse/ibmvnic-fix-NULL-tx_pools-and-rx_tools-issue-at-do_r.patch
+++ b/patches.suse/ibmvnic-fix-NULL-tx_pools-and-rx_tools-issue-at-do_r.patch
@@ -4,8 +4,7 @@ Date: Tue, 25 Aug 2020 13:26:41 -0400
 Subject: [PATCH] ibmvnic fix NULL tx_pools and rx_tools issue at do_reset
 
 References: bsc#1175873 ltc#187922
-Patch-mainline: queued
-Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git
+Patch-mainline: v5.9-rc4
 Git-commit: 9f13457377907fa253aef560e1a37e1ca4197f9b
 
 At the time of do_rest, ibmvnic tries to re-initalize the tx_pools
diff --git a/patches.suse/net-packet-fix-overflow-in-tpacket_rcv.patch b/patches.suse/net-packet-fix-overflow-in-tpacket_rcv.patch
new file mode 100644
index 0000000..2d441be
--- /dev/null
+++ b/patches.suse/net-packet-fix-overflow-in-tpacket_rcv.patch
@@ -0,0 +1,46 @@
+From: Or Cohen <orcohen@paloaltonetworks.com>
+Subject: net/packet: fix overflow in tpacket_rcv
+Patch-mainline: Submitted - 2020-09-04 - 20200904040528.3635711-1-edumazet@google.com
+References: CVE-2020-14386 bsc#1176069
+
+Using tp_reserve to calculate netoff can overflow as
+tp_reserve is unsigned int and netoff is unsigned short.
+
+This may lead to macoff receving a smaller value then
+sizeof(struct virtio_net_hdr), and if po->has_vnet_hdr
+is set, an out-of-bounds write will occur when
+calling virtio_net_hdr_from_skb.
+
+The bug is fixed by converting netoff to unsigned int
+and checking if it exceeds USHRT_MAX.
+
+Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
+Signed-off-by: Or Cohen <orcohen@paloaltonetworks.com>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+---
+ net/packet/af_packet.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/net/packet/af_packet.c
++++ b/net/packet/af_packet.c
+@@ -2198,7 +2198,8 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
+ 	int skb_len = skb->len;
+ 	unsigned int snaplen, res;
+ 	unsigned long status = TP_STATUS_USER;
+-	unsigned short macoff, netoff, hdrlen;
++	unsigned short macoff, hdrlen;
++	unsigned int netoff;
+ 	struct sk_buff *copy_skb = NULL;
+ 	struct timespec ts;
+ 	__u32 ts_status;
+@@ -2260,6 +2261,10 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev,
+ 		}
+ 		macoff = netoff - maclen;
+ 	}
++	if (netoff > USHRT_MAX) {
++		po->stats.stats1.tp_drops++;
++		goto drop_n_restore;
++	}
+ 	if (po->tp_version <= TPACKET_V2) {
+ 		if (macoff + snaplen > po->rx_ring.frame_size) {
+ 			if (po->copy_thresh &&
diff --git a/patches.suse/sched-deadline-initialize-dl_boosted.patch b/patches.suse/sched-deadline-initialize-dl_boosted.patch
new file mode 100644
index 0000000..366b8d7
--- /dev/null
+++ b/patches.suse/sched-deadline-initialize-dl_boosted.patch
@@ -0,0 +1,42 @@
+From: Juri Lelli <juri.lelli@redhat.com>
+Date: Wed, 17 Jun 2020 09:29:19 +0200
+Subject: sched/deadline: Initialize ->dl_boosted
+Git-commit: ce9bc3b27f2a21a7969b41ffb04df8cf61bd1592
+Patch-mainline: v5.8-rc3
+References: bsc#1112178
+
+syzbot reported the following warning triggered via SYSC_sched_setattr():
+
+  WARNING: CPU: 0 PID: 6973 at kernel/sched/deadline.c:593 setup_new_dl_entity /kernel/sched/deadline.c:594 [inline]
+  WARNING: CPU: 0 PID: 6973 at kernel/sched/deadline.c:593 enqueue_dl_entity /kernel/sched/deadline.c:1370 [inline]
+  WARNING: CPU: 0 PID: 6973 at kernel/sched/deadline.c:593 enqueue_task_dl+0x1c17/0x2ba0 /kernel/sched/deadline.c:1441
+
+This happens because the ->dl_boosted flag is currently not initialized by
+__dl_clear_params() (unlike the other flags) and setup_new_dl_entity()
+rightfully complains about it.
+
+Initialize dl_boosted to 0.
+
+Fixes: 2d3d891d3344 ("sched/deadline: Add SCHED_DEADLINE inheritance logic")
+Reported-by: syzbot+5ac8bac25f95e8b221e7@syzkaller.appspotmail.com
+Signed-off-by: Juri Lelli <juri.lelli@redhat.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Tested-by: Daniel Wagner <dwagner@suse.de>
+Link: https://lkml.kernel.org/r/20200617072919.818409-1-juri.lelli@redhat.com
+
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ kernel/sched/core.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -2212,6 +2212,7 @@ void __dl_clear_params(struct task_struc
+ 	dl_se->flags = 0;
+ 	dl_se->dl_bw = 0;
+ 
++	dl_se->dl_boosted = 0;
+ 	dl_se->dl_throttled = 0;
+ 	dl_se->dl_yielded = 0;
+ }
diff --git a/patches.suse/x86-mce-inject-fix-a-wrong-assignment-of-i_mce-status.patch b/patches.suse/x86-mce-inject-fix-a-wrong-assignment-of-i_mce-status.patch
new file mode 100644
index 0000000..1e48012
--- /dev/null
+++ b/patches.suse/x86-mce-inject-fix-a-wrong-assignment-of-i_mce-status.patch
@@ -0,0 +1,33 @@
+From: Zhenzhong Duan <zhenzhong.duan@gmail.com>
+Date: Thu, 11 Jun 2020 10:32:38 +0800
+Subject: x86/mce/inject: Fix a wrong assignment of i_mce.status
+Git-commit: 5d7f7d1d5e01c22894dee7c9c9266500478dca99
+Patch-mainline: v5.9-rc1
+References: bsc#1112178
+
+The original code is a nop as i_mce.status is or'ed with part of itself,
+fix it.
+
+Fixes: a1300e505297 ("x86/ras/mce_amd_inj: Trigger deferred and thresholding errors interrupts")
+Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Acked-by: Yazen Ghannam <yazen.ghannam@amd.com>
+Link: https://lkml.kernel.org/r/20200611023238.3830-1-zhenzhong.duan@gmail.com
+---
+ arch/x86/ras/mce_amd_inj.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/x86/ras/mce_amd_inj.c b/arch/x86/ras/mce_amd_inj.c
+index 0593b192eb8f..7843ab3fde09 100644
+--- a/arch/x86/ras/mce_amd_inj.c
++++ b/arch/x86/ras/mce_amd_inj.c
+@@ -511,7 +511,7 @@ static void do_inject(void)
+ 	 */
+ 	if (inj_type == DFR_INT_INJ) {
+ 		i_mce.status |= MCI_STATUS_DEFERRED;
+-		i_mce.status |= (i_mce.status & ~MCI_STATUS_UC);
++		i_mce.status &= ~MCI_STATUS_UC;
+ 	}
+ 
+ 	/*
+
diff --git a/series.conf b/series.conf
index 7ed4db3..9dfd1cd 100644
--- a/series.conf
+++ b/series.conf
@@ -55132,6 +55132,7 @@
 	patches.suse/scsi-qla2xxx-Set-NVMe-status-code-for-failed-NVMe-FC.patch
 	patches.suse/scsi-qla2xxx-Keep-initiator-ports-after-RSCN.patch
 	patches.suse/scsi-lpfc-Avoid-another-null-dereference-in-lpfc_sli.patch
+	patches.suse/sched-deadline-initialize-dl_boosted.patch
 	patches.suse/msft-hv-2106-Drivers-hv-Change-flag-to-write-log-level-in-panic-m.patch
 	patches.suse/nfsd-apply-umask-on-fs-without-ACL-support.patch
 	patches.suse/tpm_tis-extra-chip-ops-check-on-error-path-in-tpm_ti.patch
@@ -55286,6 +55287,7 @@
 	patches.suse/crypto-ccp-Fix-use-of-merged-scatterlists.patch
 	patches.suse/crypto-qat-fix-double-free-in-qat_uclo_create_batch_.patch
 	patches.suse/0001-block-improve-discard-bio-alignment-in-__blkdev_issu.patch
+	patches.suse/x86-mce-inject-fix-a-wrong-assignment-of-i_mce-status.patch
 	patches.suse/platform-x86-intel-hid-Fix-return-value-check-in-che.patch
 	patches.suse/platform-x86-intel-vbtn-Fix-return-value-check-in-ch.patch
 	patches.suse/regulator-gpio-Honor-regulator-boot-on-property.patch
@@ -55607,8 +55609,6 @@
 	patches.suse/usb-gadget-f_tcm-Fix-some-resource-leaks-in-some-err.patch
 	patches.suse/usb-host-ohci-exynos-Fix-error-handling-in-exynos_oh.patch
 	patches.suse/USB-Ignore-UAS-for-JMicron-JMS567-ATA-ATAPI-Bridge.patch
-
-	# davem/net
 	patches.suse/ibmvnic-fix-NULL-tx_pools-and-rx_tools-issue-at-do_r.patch
 
 	# jejb/scsi for-next
@@ -55627,10 +55627,6 @@
 	patches.suse/0005-MODSIGN-Allow-the-db-UEFI-variable-to-be-suppressed.patch
 	patches.suse/0006-modsign-Use-secondary-trust-keyring-for-module-signi.patch
 
-	########################################################
-	# end of sorted patches
-	########################################################
-
 	# out-of-tree patches
 	patches.suse/net-mvpp2-fix-condition-for-setting-up-link-interrup.patch
 	patches.suse/cifs-handle-netapp-error-codes.patch
@@ -55647,6 +55643,7 @@
 	patches.suse/nvdimm-Avoid-race-between-probe-and-reading-device-a.patch
 	patches.suse/ibmveth-Fix-use-of-ibmveth-in-a-bridge.patch
 	patches.suse/char-virtio-Select-VIRTIO-from-VIRTIO_CONSOLE.patch
+	patches.suse/net-packet-fix-overflow-in-tpacket_rcv.patch
 
 	########################################################
 	# end of sorted patches