Merge remote-tracking branch 'origin/master' into rawhide-user-thl-vanilla-fedorakernel-5.6.0-0.rc2.git3.1.vanilla.knurd.1.fc33kernel-5.6.0-0.rc2.git3.1.vanilla.knurd.1.fc32kernel-5.6.0-0.rc2.git3.1.vanilla.knurd.1.fc31kernel-5.6.0-0.rc2.git3.1.vanilla.knurd.1.fc30

5 files changed, 159 insertions, 3 deletions

diff --git a/0001-include-uapi-Fix-invalid-use-of-BITS_PER_LONG-in-__s.patch b/0001-include-uapi-Fix-invalid-use-of-BITS_PER_LONG-in-__s.patch
new file mode 100644
index 000000000..2cb6a85ae
--- /dev/null
+++ b/0001-include-uapi-Fix-invalid-use-of-BITS_PER_LONG-in-__s.patch
@@ -0,0 +1,47 @@
+From 8eab168ae074431ddd05e6478582c4dbc0847c44 Mon Sep 17 00:00:00 2001
+From: Torsten Hilbrich <torsten.hilbrich@secunet.com>
+Date: Wed, 12 Feb 2020 08:51:06 +0100
+Subject: [PATCH] include/uapi: Fix invalid use of BITS_PER_LONG in __swab
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This caused compile problems in user-space application using that
+header. Seen with systemd:
+
+In file included from /build/client/devel/kernel/_/usr/include/linux/byteorder/little_endian.h:13,
+                 from /build/client/devel/kernel/_/usr/include/asm/byteorder.h: ,
+                 from /build/client/devel/kernel/_/usr/include/linux/icmpv6.h:6,
+                 from ../src/network/networkd-route.c:3:
+/build/client/devel/kernel/_/usr/include/linux/swab.h: In function ‘__swab’:
+/build/client/devel/kernel/_/usr/include/linux/swab.h:138:5: error: "BITS_PER_LONG" is not defined, evaluates to 0 [-Werror=undef]
+ #if BITS_PER_LONG == 64
+     ^~~~~~~~~~~~~
+cc1: some warnings being treated as errors
+[181/1207] Generating sys with a custom command.
+ninja: build stopped: subcommand failed.
+
+Signed-off-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
+---
+ include/uapi/linux/swab.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/uapi/linux/swab.h b/include/uapi/linux/swab.h
+index fa7f97da5b76..7272f85d6d6a 100644
+--- a/include/uapi/linux/swab.h
++++ b/include/uapi/linux/swab.h
+@@ -135,9 +135,9 @@ static inline __attribute_const__ __u32 __fswahb32(__u32 val)
+ 
+ static __always_inline unsigned long __swab(const unsigned long y)
+ {
+-#if BITS_PER_LONG == 64
++#if __BITS_PER_LONG == 64
+ 	return __swab64(y);
+-#else /* BITS_PER_LONG == 32 */
++#else /* __BITS_PER_LONG == 32 */
+ 	return __swab32(y);
+ #endif
+ }
+-- 
+2.24.1
+
diff --git a/0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch b/0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch
new file mode 100644
index 000000000..6f3bd3c72
--- /dev/null
+++ b/0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch
@@ -0,0 +1,95 @@
+From a34309d16f41c48ffd90e56a6f865d6a1a8c49f0 Mon Sep 17 00:00:00 2001
+From: Catalin Marinas <catalin.marinas@arm.com>
+Date: Wed, 19 Feb 2020 12:31:56 +0000
+Subject: [PATCH] mm: Avoid creating virtual address aliases in
+ brk()/mmap()/mremap()
+
+Currently the arm64 kernel ignores the top address byte passed to brk(),
+mmap() and mremap(). When the user is not aware of the 56-bit address
+limit or relies on the kernel to return an error, untagging such
+pointers has the potential to create address aliases in user-space.
+Passing a tagged address to munmap(), madvise() is permitted since the
+tagged pointer is expected to be inside an existing mapping.
+
+The current behaviour breaks the existing glibc malloc() implementation
+which relies on brk() with an address beyond 56-bit to be rejected by
+the kernel.
+
+Remove untagging in the above functions by partially reverting commit
+ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk"). In
+addition, update the arm64 tagged-address-abi.rst document accordingly.
+
+Link: https://bugzilla.redhat.com/1797052
+Fixes: ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk")
+Cc: <stable@vger.kernel.org> # 5.4.x-
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Florian Weimer <fweimer@redhat.com>
+Reported-by: Victor Stinner <vstinner@redhat.com>
+Acked-by: Will Deacon <will@kernel.org>
+Acked-by: Andrey Konovalov <andreyknvl@google.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+---
+ Documentation/arm64/tagged-address-abi.rst | 11 +++++++++--
+ mm/mmap.c                                  |  4 ----
+ mm/mremap.c                                |  1 -
+ 3 files changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/Documentation/arm64/tagged-address-abi.rst b/Documentation/arm64/tagged-address-abi.rst
+index d4a85d535bf9..f6289116893c 100644
+--- a/Documentation/arm64/tagged-address-abi.rst
++++ b/Documentation/arm64/tagged-address-abi.rst
+@@ -44,8 +44,15 @@ The AArch64 Tagged Address ABI has two stages of relaxation depending
+ how the user addresses are used by the kernel:
+ 
+ 1. User addresses not accessed by the kernel but used for address space
+-   management (e.g. ``mmap()``, ``mprotect()``, ``madvise()``). The use
+-   of valid tagged pointers in this context is always allowed.
++   management (e.g. ``mprotect()``, ``madvise()``). The use of valid
++   tagged pointers in this context is allowed with the exception of
++   ``brk()``, ``mmap()`` and the ``new_address`` argument to
++   ``mremap()`` as these have the potential of aliasing with existing
++   user addresses.
++
++   NOTE: This behaviour changed in v5.6 and so some earlier kernels may
++   incorrectly accept valid tagged pointers for the ``brk()``,
++   ``mmap()`` and ``mremap()`` system calls.
+ 
+ 2. User addresses accessed by the kernel (e.g. ``write()``). This ABI
+    relaxation is disabled by default and the application thread needs to
+diff --git a/mm/mmap.c b/mm/mmap.c
+index 4390dbea4aa5..514cc19c5916 100644
+--- a/mm/mmap.c
++++ b/mm/mmap.c
+@@ -195,8 +195,6 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
+ 	bool downgraded = false;
+ 	LIST_HEAD(uf);
+ 
+-	brk = untagged_addr(brk);
+-
+ 	if (down_write_killable(&mm->mmap_sem))
+ 		return -EINTR;
+ 
+@@ -1583,8 +1581,6 @@ unsigned long ksys_mmap_pgoff(unsigned long addr, unsigned long len,
+ 	struct file *file = NULL;
+ 	unsigned long retval;
+ 
+-	addr = untagged_addr(addr);
+-
+ 	if (!(flags & MAP_ANONYMOUS)) {
+ 		audit_mmap_fd(fd, flags);
+ 		file = fget(fd);
+diff --git a/mm/mremap.c b/mm/mremap.c
+index 1fc8a29fbe3f..1d98281f7204 100644
+--- a/mm/mremap.c
++++ b/mm/mremap.c
+@@ -607,7 +607,6 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
+ 	LIST_HEAD(uf_unmap);
+ 
+ 	addr = untagged_addr(addr);
+-	new_addr = untagged_addr(new_addr);
+ 
+ 	if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
+ 		return ret;
+-- 
+2.24.1
+
diff --git a/gitrev b/gitrev
index ae633a5c5..216f90a14 100644
--- a/gitrev
+++ b/gitrev
@@ -1 +1 @@
-b1da3acc781ce445445d959b41064d209a27bc2d
+ca7e1fd1026c5af6a533b4b5447e1d2f153e28f2
diff --git a/kernel.spec b/kernel.spec
index b316cd796..90441f786 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -115,7 +115,7 @@ Summary: The Linux kernel
 # The rc snapshot level
 %global rcrev 2
 # The git snapshot level
-%define gitrev 1
+%define gitrev 3
 # Set rpm version accordingly
 %define rpmversion 5.%{upstream_sublevel}.0
 %endif
@@ -885,6 +885,11 @@ Patch529: 0001-Include-kvm_asm.h-and-kvm_arm.h-in-kvm-arm-trace.h.patch
 
 Patch530: 0001-Replace-.ioctl-with-.compat_ioctl-in-three-appropria.patch
 
+Patch531: 0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1804330
+Patch532: 0001-include-uapi-Fix-invalid-use-of-BITS_PER_LONG-in-__s.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2917,6 +2922,15 @@ fi
 #
 #
 %changelog
+* Fri Feb 21 2020 Jeremy Cline <jcline@redhat.com> - 5.6.0-0.rc2.git3.1
+- Linux v5.6-rc2-55-gca7e1fd1026c
+
+* Wed Feb 19 2020 Jeremy Cline <jcline@redhat.com>
+- Pick up a uapi fix for qemu (rhbz 1804330)
+
+* Wed Feb 19 2020 Jeremy Cline <jcline@redhat.com> - 5.6.0-0.rc2.git2.1
+- Linux v5.6-rc2-47-g4b205766d8fc
+
 * Tue Feb 18 2020 Jeremy Cline <jcline@redhat.com> - 5.6.0-0.rc2.git1.1
 - Linux v5.6-rc2-8-gb1da3acc781c
 - Enable CONFIG_INET_ESPINTCP (rhbz 1804255)
diff --git a/sources b/sources
index 1d7a55fcf..af02a6e4e 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 SHA512 (linux-5.5.tar.xz) = fa74fdabb5e63384a39e54da05b86a9ae9ea16179524b041fbbdffc7177e80b53600ae98d76be127ba216148f9dc55fe07ab20637e22c6d6030cb4aa09eb2f86
 SHA512 (patch-5.6-rc2.xz) = b49dfa43e7dcdf90bd68e582eb676f3cac53f7212d8abde6e41e18f8bd0eecc3ae2384639f8aaef8925c8e4385e75b0b49ec54e5bcfc23dec5fe2169cbce1af2
-SHA512 (patch-5.6-rc2-git1.xz) = ead71bb0efb09750beee0d3880571673f5d9063909aec055f8ab9158142ea2764d7faf421290090bdc2f7304375d08cd98d930be7db6ebff12569d0ec73495d4
+SHA512 (patch-5.6-rc2-git3.xz) = 78d5d74a3819453bc84cec371eafdf4cc0bba2e097c686b5e8f546fb5f29917daf64a4fb61fc615f60d1c56da96d54dd2f5663046d339cf5ebddafbc831188e9