summaryrefslogtreecommitdiffstats
path: root/patch-5.10.0-redhat.patch
diff options
context:
space:
mode:
authorJustin M. Forbes <jforbes@fedoraproject.org>2020-12-04 07:47:36 -0600
committerJustin M. Forbes <jforbes@fedoraproject.org>2020-12-04 07:47:36 -0600
commit00b08d5bdf7f347142ace2dc4b0d44e9f2499825 (patch)
treeaa70ede0fbd3dd8025148c04fea895182036a097 /patch-5.10.0-redhat.patch
parent56bcd81089934f3d0b034b4c71de98ba60dd2774 (diff)
downloadkernel-00b08d5bdf7f347142ace2dc4b0d44e9f2499825.tar.gz
kernel-00b08d5bdf7f347142ace2dc4b0d44e9f2499825.tar.xz
kernel-00b08d5bdf7f347142ace2dc4b0d44e9f2499825.zip
kernel-5.10.0-0.rc6.20201204git34816d20f173.92
* Fri Dec 04 2020 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.10.0-0.rc6.20201204git34816d20f173.92] - configs: Enable CONFIG_DEBUG_INFO_BTF (Don Zickus) - Temporarily backout parallel xz script ("Justin M. Forbes") - Remove cp instruction already handled in instruction below. ("Paulo E. Castro") - Add all the dependencies gleaned from running `make prepare` on a bloated devel kernel. ("Paulo E. Castro") - Add tools to path mangling script. ("Paulo E. Castro") - Remove duplicate cp statement which is also not specific to x86. ("Paulo E. Castro") - Correct orc_types failure whilst running `make prepare` https://bugzilla.redhat.com/show_bug.cgi?id=1882854 ("Paulo E. Castro") - build_configs.sh: Fix syntax flagged by shellcheck (Ben Crocker) - genspec.sh: Fix syntax flagged by shellcheck (Ben Crocker) - ark-rebase-patches.sh: Fix for shellcheck (Ben Crocker) - ark-create-release.sh: Fix syntax flagged by shellcheck (Ben Crocker) - merge-subtrees.sh: Fix syntax flagged by shellcheck (Ben Crocker) - rh-dist-git.sh: Fix syntax flagged by shellcheck (Ben Crocker) - update_scripts.sh: Fix syntax flagged by shellcheck (Ben Crocker) - x86_rngd.sh: Fix syntax flagged by shellcheck (Ben Crocker) - parallel_xz.sh: Fix syntax flagged by shellcheck (Ben Crocker) - expand_srpm.sh: Fix syntax flagged by shellcheck (Ben Crocker) - create-tarball.sh: Fix syntax flagged by shellcheck (Ben Crocker) - generate_bls_conf.sh: Fix syntax flagged by shellcheck (Ben Crocker) - clone_tree.sh: Fix syntax flagged by shellcheck (Ben Crocker) - new_release.sh: Fix syntax flagged by shellcheck (Ben Crocker) - download_cross.sh: Fix syntax flagged by shellcheck (Ben Crocker) - create_distgit_changelog.sh: Fix syntax flagged by shellcheck (Ben Crocker) - generate_cross_report.sh: Fix syntax flagged by shellcheck (Ben Crocker) - run_kabi-dw.sh: Fix syntax flagged by shellcheck (Ben Crocker) - mod-blacklist.sh: Fix syntax flagged by shellcheck (Ben Crocker) - scripts/configdiff.sh: Fix syntax flagged by shellcheck (Ben Crocker) - self-test/0001-shellcheck.bats: check for shellcheck (Ben Crocker) - self-test/1001-rpmlint.bats, 1003-rpminspect.bats (Ben Crocker) - Makefile, Makefile.common, egit.sh, 1005-dist-dump-variables.bats (Ben Crocker) - Add GIT macro to Makefile and Makefile.common: (Ben Crocker) Resolves: rhbz# Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
Diffstat (limited to 'patch-5.10.0-redhat.patch')
-rw-r--r--patch-5.10.0-redhat.patch270
1 files changed, 135 insertions, 135 deletions
diff --git a/patch-5.10.0-redhat.patch b/patch-5.10.0-redhat.patch
index 3a1bc38ff..1ef9802e7 100644
--- a/patch-5.10.0-redhat.patch
+++ b/patch-5.10.0-redhat.patch
@@ -78,7 +78,7 @@ index 75a9dd98e76e..3ff3291551f9 100644
@@ -285,6 +285,17 @@ This would mean:
2) if the RAM size is between 512M and 2G (exclusive), then reserve 64M
3) if the RAM size is larger than 2G, then reserve 128M
-
+
+Or you can use crashkernel=auto if you have enough memory. The threshold
+is 2G on x86_64, arm64, ppc64 and ppc64le. The threshold is 4G for s390x.
+If your system memory is less than the threshold crashkernel=auto will not
@@ -90,8 +90,8 @@ index 75a9dd98e76e..3ff3291551f9 100644
+ s390x: 4G-64G:160M,64G-1T:256M,1T-:512M
+ arm64: 2G-:512M
+ ppc64: 2G-4G:384M,4G-16G:512M,16G-64G:1G,64G-128G:2G,128G-:4G
-
-
+
+
Boot into System Kernel
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 44fde25bb221..063ae5999610 100644
@@ -100,7 +100,7 @@ index 44fde25bb221..063ae5999610 100644
@@ -5519,6 +5519,14 @@
unknown_nmi_panic
[X86] Cause panic on unknown NMI.
-
+
+ unprivileged_bpf_disabled=
+ Format: { "0" | "1" }
+ Sets the initial value of
@@ -174,7 +174,7 @@ index 745bc773f567..f57ff40109d7 100644
+++ b/Kconfig
@@ -30,3 +30,5 @@ source "lib/Kconfig"
source "lib/Kconfig.debug"
-
+
source "Documentation/Kconfig"
+
+source "Kconfig.redhat"
@@ -208,7 +208,7 @@ index 43ecedeb3f02..d35dda518ef1 100644
@@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \
PHONY := __all
__all:
-
+
+# Set RHEL variables
+# Use this spot to avoid future merge conflicts
+include Makefile.rhelver
@@ -237,7 +237,7 @@ index 43ecedeb3f02..d35dda518ef1 100644
+ $(shell expr $(RHEL_MAJOR) \* 256 + $(RHEL_MINOR))'; \
+ echo '#define RHEL_RELEASE "$(RHEL_RELEASE)"'
endef
-
+
$(version_h): FORCE
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index fe2f17eb2b50..5bbcac6318a9 100644
@@ -245,7 +245,7 @@ index fe2f17eb2b50..5bbcac6318a9 100644
+++ b/arch/arm/Kconfig
@@ -1513,9 +1513,9 @@ config HIGHMEM
If unsure, say n.
-
+
config HIGHPTE
- bool "Allocate 2nd-level pagetables from highmem" if EXPERT
+ bool "Allocate 2nd-level pagetables from highmem"
@@ -284,14 +284,14 @@ index a13d90206472..6a6aae01755b 100644
+ uaccess_restore(__ua_flags); \
+ __err; \
})
-
+
#define get_user(x, p) \
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 1515f6f153a0..b79d18fcd698 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -891,7 +891,7 @@ endchoice
-
+
config ARM64_FORCE_52BIT
bool "Force 52-bit virtual addresses for userspace"
- depends on ARM64_VA_BITS_52 && EXPERT
@@ -313,7 +313,7 @@ index cada0b816c8a..77b30bf451aa 100644
+++ b/arch/arm64/kernel/acpi.c
@@ -40,7 +40,11 @@ int acpi_pci_disabled = 1; /* skip ACPI PCI scan and IRQ initialization */
EXPORT_SYMBOL(acpi_pci_disabled);
-
+
static bool param_acpi_off __initdata;
+#ifdef CONFIG_RHEL_DIFFERENCES
+static bool param_acpi_on __initdata = true;
@@ -321,7 +321,7 @@ index cada0b816c8a..77b30bf451aa 100644
static bool param_acpi_on __initdata;
+#endif
static bool param_acpi_force __initdata;
-
+
static int __init parse_acpi(char *arg)
diff --git a/arch/s390/include/asm/ipl.h b/arch/s390/include/asm/ipl.h
index a9e2c7295b35..6ff11f3a2d47 100644
@@ -332,7 +332,7 @@ index a9e2c7295b35..6ff11f3a2d47 100644
int ipl_report_add_certificate(struct ipl_report *report, void *key,
unsigned long addr, unsigned long len);
+bool ipl_get_secureboot(void);
-
+
/*
* DIAG 308 support
diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c
@@ -341,7 +341,7 @@ index 98b3aca1de8e..1cace7c90d41 100644
+++ b/arch/s390/kernel/ipl.c
@@ -2215,3 +2215,8 @@ int ipl_report_free(struct ipl_report *report)
}
-
+
#endif
+
+bool ipl_get_secureboot(void)
@@ -357,13 +357,13 @@ index 4d843e64496f..4fc65aaef059 100644
#include <linux/compat.h>
#include <linux/start_kernel.h>
+#include <linux/security.h>
-
+
#include <asm/boot_data.h>
#include <asm/ipl.h>
@@ -1101,6 +1102,9 @@ void __init setup_arch(char **cmdline_p)
-
+
log_component_list();
-
+
+ if (ipl_get_secureboot())
+ security_lock_kernel_down("Secure IPL mode", LOCKDOWN_INTEGRITY_MAX);
+
@@ -399,7 +399,7 @@ index 84f581c91db4..1d510bd7c969 100644
#include <asm/vsyscall.h>
#include <linux/vmalloc.h>
+#include <asm/intel-family.h>
-
+
/*
* max_low_pfn_mapped: highest directly mapped pfn < 4 GB
@@ -735,7 +737,51 @@ static void __init trim_low_memory_range(void)
@@ -458,7 +458,7 @@ index 84f581c91db4..1d510bd7c969 100644
@@ -960,6 +1006,13 @@ void __init setup_arch(char **cmdline_p)
if (efi_enabled(EFI_BOOT))
efi_init();
-
+
+ efi_set_secure_boot(boot_params.secure_boot);
+
+#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
@@ -467,12 +467,12 @@ index 84f581c91db4..1d510bd7c969 100644
+#endif
+
dmi_setup();
-
+
/*
@@ -1112,19 +1165,7 @@ void __init setup_arch(char **cmdline_p)
/* Allocate bigger log buffer */
setup_log_buf(1);
-
+
- if (efi_enabled(EFI_BOOT)) {
- switch (boot_params.secure_boot) {
- case efi_secureboot_mode_disabled:
@@ -487,18 +487,18 @@ index 84f581c91db4..1d510bd7c969 100644
- }
- }
+ efi_set_secure_boot(boot_params.secure_boot);
-
+
reserve_initrd();
-
+
@@ -1233,6 +1274,8 @@ void __init setup_arch(char **cmdline_p)
efi_apply_memmap_quirks();
#endif
-
+
+ rh_check_supported();
+
unwind_init();
}
-
+
diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c
index 6e980fe16772..37bc003e7a83 100644
--- a/drivers/acpi/apei/hest.c
@@ -506,7 +506,7 @@ index 6e980fe16772..37bc003e7a83 100644
@@ -88,6 +88,14 @@ int apei_hest_parse(apei_hest_func_t func, void *data)
if (hest_disable || !hest_tab)
return -EINVAL;
-
+
+#ifdef CONFIG_ARM64
+ /* Ignore broken firmware */
+ if (!strncmp(hest_tab->header.oem_id, "HPE ", 6) &&
@@ -528,7 +528,7 @@ index e209081d644b..7484bcf59a1b 100644
struct irq_fwspec *fwspec;
+ bool skip_producer_check;
};
-
+
/**
@@ -197,7 +198,8 @@ static acpi_status acpi_irq_parse_one_cb(struct acpi_resource *ares,
return AE_CTRL_TERMINATE;
@@ -546,7 +546,7 @@ index e209081d644b..7484bcf59a1b 100644
{
- struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec };
+ struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec, false };
-
+
+ /*
+ * Firmware on arm64-based HPE m400 platform incorrectly marks
+ * its UART interrupt as ACPI_PRODUCER rather than ACPI_CONSUMER.
@@ -568,7 +568,7 @@ index bc6a79e33220..384d347275a0 100644
@@ -1573,6 +1573,15 @@ static bool acpi_device_enumeration_by_parent(struct acpi_device *device)
if (!acpi_match_device_ids(device, i2c_multi_instantiate_ids))
return false;
-
+
+ /*
+ * Firmware on some arm64 X-Gene platforms will make the UART
+ * device appear as both a UART and a slave of that UART. Just
@@ -588,7 +588,7 @@ index ea5bf5f4cbed..71c55cae27ac 100644
@@ -666,6 +666,24 @@ int ahci_stop_engine(struct ata_port *ap)
tmp &= ~PORT_CMD_START;
writel(tmp, port_mmio + PORT_CMD);
-
+
+#ifdef CONFIG_ARM64
+ /* Rev Ax of Cavium CN99XX needs a hack for port stop */
+ if (dev_is_pci(ap->host->dev) &&
@@ -617,7 +617,7 @@ index bbf7029e224b..cf7faa970dd6 100644
@@ -215,6 +215,21 @@ static int __init scan_for_dmi_ipmi(void)
{
const struct dmi_device *dev = NULL;
-
+
+#ifdef CONFIG_ARM64
+ /* RHEL-only
+ * If this is ARM-based HPE m400, return now, because that platform
@@ -635,7 +635,7 @@ index bbf7029e224b..cf7faa970dd6 100644
+
while ((dev = dmi_find_device(DMI_DEV_TYPE_IPMI, NULL, dev)))
dmi_decode_ipmi((const struct dmi_header *) dev->device_data);
-
+
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
index 8774a3b8ff95..8c3d67367b9c 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
@@ -646,12 +646,12 @@ index 8774a3b8ff95..8c3d67367b9c 100644
#include <linux/vmalloc.h>
+#include <linux/dmi.h>
#include <linux/delay.h>
-
+
#define IPMI_DRIVER_VERSION "39.2"
@@ -5173,8 +5174,21 @@ static int __init ipmi_init_msghandler_mod(void)
{
int rv;
-
+
- pr_info("version " IPMI_DRIVER_VERSION "\n");
+#ifdef CONFIG_ARM64
+ /* RHEL-only
@@ -660,7 +660,7 @@ index 8774a3b8ff95..8c3d67367b9c 100644
+ * does not exist in the ARM architecture.
+ */
+ const char *dmistr = dmi_get_system_info(DMI_PRODUCT_NAME);
-
+
+ if (dmistr && (strcmp("ProLiant m400 Server", dmistr) == 0)) {
+ pr_debug("%s does not support host ipmi\n", dmistr);
+ return -ENOSYS;
@@ -692,13 +692,13 @@ index 6c6eec044a97..406aff8327b6 100644
#include <linux/memblock.h>
#include <linux/security.h>
+#include <linux/bsearch.h>
-
+
#include <asm/early_ioremap.h>
-
+
@@ -840,40 +841,101 @@ int efi_mem_type(unsigned long phys_addr)
}
#endif
-
+
+struct efi_error_code {
+ efi_status_t status;
+ int errno;
@@ -803,7 +803,7 @@ index 6c6eec044a97..406aff8327b6 100644
- }
+ struct efi_error_code *found;
+ size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code);
-
+
- return err;
+ found = bsearch((void *)(uintptr_t)status, efi_error_codes,
+ sizeof(struct efi_error_code), num,
@@ -826,7 +826,7 @@ index 6c6eec044a97..406aff8327b6 100644
+ return "Unknown error code";
+ return found->description;
}
-
+
static DEFINE_SPINLOCK(efi_mem_reserve_persistent_lock);
diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c
new file mode 100644
@@ -879,7 +879,7 @@ index b9dbedf8f15e..a8801d0d69b9 100644
@@ -490,6 +490,15 @@ config DRM_PANEL_VISIONOX_RM69299
Say Y here if you want to enable support for Visionox
RM69299 DSI Video Mode panel.
-
+
+config DRM_PANEL_XINGBANGDA_XBD599
+ tristate "Xingbangda XBD599 panel"
+ depends on OF
@@ -1284,7 +1284,7 @@ index 4f5efcace68e..5af808078efd 100644
hsa = max((unsigned int)HSA_PACKET_OVERHEAD,
- (mode->hsync_end - mode->hsync_start) * Bpp - HSA_PACKET_OVERHEAD);
+ (mode->hsync_end - mode->hsync_start) * Bpp) - HSA_PACKET_OVERHEAD;
-
+
/*
* The backporch is set using a blanking packet (4
@@ -565,7 +565,7 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi,
@@ -1293,7 +1293,7 @@ index 4f5efcace68e..5af808078efd 100644
hbp = max((unsigned int)HBP_PACKET_OVERHEAD,
- (mode->htotal - mode->hsync_end) * Bpp - HBP_PACKET_OVERHEAD);
+ (mode->htotal - mode->hsync_end) * Bpp) - HBP_PACKET_OVERHEAD;
-
+
/*
* The frontporch is set using a sync event (4 bytes)
@@ -575,7 +575,7 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi,
@@ -1302,7 +1302,7 @@ index 4f5efcace68e..5af808078efd 100644
hfp = max((unsigned int)HFP_PACKET_OVERHEAD,
- (mode->hsync_start - mode->hdisplay) * Bpp - HFP_PACKET_OVERHEAD);
+ (mode->hsync_start - mode->hdisplay) * Bpp) - HFP_PACKET_OVERHEAD;
-
+
/*
* The blanking is set using a sync event (4 bytes)
@@ -584,8 +584,8 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi,
@@ -1313,7 +1313,7 @@ index 4f5efcace68e..5af808078efd 100644
- HBLK_PACKET_OVERHEAD);
+ (mode->htotal - (mode->hsync_end - mode->hsync_start)) * Bpp) -
+ HBLK_PACKET_OVERHEAD;
-
+
/*
* And I'm not entirely sure what vblk is about. The driver in
diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c
@@ -1325,25 +1325,25 @@ index 311eee599ce9..2460c6bd46f8 100644
struct rmi_data *hdata = hid_get_drvdata(hdev);
struct rmi_device *rmi_dev = hdata->xport.rmi_dev;
- unsigned long flags;
-
+
if (!(test_bit(RMI_STARTED, &hdata->flags)))
return 0;
-
+
- local_irq_save(flags);
-
rmi_set_attn_data(rmi_dev, data[1], &data[2], size - 2);
-
+
- generic_handle_irq(hdata->rmi_irq);
-
- local_irq_restore(flags);
-
return 1;
}
-
+
@@ -591,56 +584,6 @@ static const struct rmi_transport_ops hid_rmi_ops = {
.reset = rmi_hid_reset,
};
-
+
-static void rmi_irq_teardown(void *data)
-{
- struct rmi_data *hdata = data;
@@ -1398,9 +1398,9 @@ index 311eee599ce9..2460c6bd46f8 100644
{
struct rmi_data *data = NULL;
@@ -713,18 +656,11 @@ static int rmi_probe(struct hid_device *hdev, const struct hid_device_id *id)
-
+
mutex_init(&data->page_mutex);
-
+
- ret = rmi_setup_irq_domain(hdev);
- if (ret) {
- hid_err(hdev, "failed to allocate IRQ domain\n");
@@ -1409,13 +1409,13 @@ index 311eee599ce9..2460c6bd46f8 100644
-
if (data->device_flags & RMI_DEVICE_HAS_PHYS_BUTTONS)
rmi_hid_pdata.gpio_data.disable = true;
-
+
data->xport.dev = hdev->dev.parent;
data->xport.pdata = rmi_hid_pdata;
- data->xport.pdata.irq = data->rmi_irq;
data->xport.proto_name = "hid";
data->xport.ops = &hid_rmi_ops;
-
+
diff --git a/drivers/infiniband/sw/rxe/rxe.c b/drivers/infiniband/sw/rxe/rxe.c
index 95f0de0c8b49..faa8a6cadef1 100644
--- a/drivers/infiniband/sw/rxe/rxe.c
@@ -1423,7 +1423,7 @@ index 95f0de0c8b49..faa8a6cadef1 100644
@@ -284,6 +284,8 @@ static int __init rxe_module_init(void)
{
int err;
-
+
+ mark_tech_preview("Soft-RoCE Transport Driver", THIS_MODULE);
+
err = rxe_net_init();
@@ -1435,13 +1435,13 @@ index 258d5fe3d395..f7298e3dc8f3 100644
+++ b/drivers/input/rmi4/rmi_driver.c
@@ -182,34 +182,47 @@ void rmi_set_attn_data(struct rmi_device *rmi_dev, unsigned long irq_status,
attn_data.data = fifo_data;
-
+
kfifo_put(&drvdata->attn_fifo, attn_data);
+
+ schedule_work(&drvdata->attn_work);
}
EXPORT_SYMBOL_GPL(rmi_set_attn_data);
-
+
-static irqreturn_t rmi_irq_fn(int irq, void *dev_id)
+static void attn_callback(struct work_struct *work)
{
@@ -1452,7 +1452,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644
+ attn_work);
struct rmi4_attn_data attn_data = {0};
int ret, count;
-
+
count = kfifo_get(&drvdata->attn_fifo, &attn_data);
- if (count) {
- *(drvdata->irq_status) = attn_data.irq_status;
@@ -1460,7 +1460,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644
- }
+ if (!count)
+ return;
-
+
- ret = rmi_process_interrupt_requests(rmi_dev);
+ *(drvdata->irq_status) = attn_data.irq_status;
+ drvdata->attn_data = attn_data;
@@ -1470,14 +1470,14 @@ index 258d5fe3d395..f7298e3dc8f3 100644
- rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev,
+ rmi_dbg(RMI_DEBUG_CORE, &drvdata->rmi_dev->dev,
"Failed to process interrupt request: %d\n", ret);
-
+
- if (count) {
- kfree(attn_data.data);
- drvdata->attn_data.data = NULL;
- }
+ kfree(attn_data.data);
+ drvdata->attn_data.data = NULL;
-
+
if (!kfifo_is_empty(&drvdata->attn_fifo))
- return rmi_irq_fn(irq, dev_id);
+ schedule_work(&drvdata->attn_work);
@@ -1492,7 +1492,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644
+ if (ret)
+ rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev,
+ "Failed to process interrupt request: %d\n", ret);
-
+
return IRQ_HANDLED;
}
@@ -217,7 +230,6 @@ static irqreturn_t rmi_irq_fn(int irq, void *dev_id)
@@ -1502,20 +1502,20 @@ index 258d5fe3d395..f7298e3dc8f3 100644
- struct rmi_driver_data *data = dev_get_drvdata(&rmi_dev->dev);
int irq_flags = irq_get_trigger_type(pdata->irq);
int ret;
-
+
@@ -235,8 +247,6 @@ static int rmi_irq_init(struct rmi_device *rmi_dev)
return ret;
}
-
+
- data->enabled = true;
-
return 0;
}
-
+
@@ -886,23 +896,27 @@ void rmi_enable_irq(struct rmi_device *rmi_dev, bool clear_wake)
if (data->enabled)
goto out;
-
+
- enable_irq(irq);
- data->enabled = true;
- if (clear_wake && device_may_wakeup(rmi_dev->xport->dev)) {
@@ -1535,7 +1535,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644
+ "Failed to disable irq for wake: %d\n",
+ retval);
+ }
-
+
- /*
- * Call rmi_process_interrupt_requests() after enabling irq,
- * otherwise we may lose interrupt on edge-triggered systems.
@@ -1553,12 +1553,12 @@ index 258d5fe3d395..f7298e3dc8f3 100644
+ } else {
+ data->enabled = true;
+ }
-
+
out:
mutex_unlock(&data->enabled_mutex);
@@ -922,20 +936,22 @@ void rmi_disable_irq(struct rmi_device *rmi_dev, bool enable_wake)
goto out;
-
+
data->enabled = false;
- disable_irq(irq);
- if (enable_wake && device_may_wakeup(rmi_dev->xport->dev)) {
@@ -1591,21 +1591,21 @@ index 258d5fe3d395..f7298e3dc8f3 100644
+ kfree(attn_data.data);
+ }
}
-
+
out:
@@ -981,6 +997,8 @@ static int rmi_driver_remove(struct device *dev)
irq_domain_remove(data->irqdomain);
data->irqdomain = NULL;
-
+
+ cancel_work_sync(&data->attn_work);
+
rmi_f34_remove_sysfs(rmi_dev);
rmi_free_function_list(rmi_dev);
-
+
@@ -1219,9 +1237,15 @@ static int rmi_driver_probe(struct device *dev)
}
}
-
+
- retval = rmi_irq_init(rmi_dev);
- if (retval < 0)
- goto err_destroy_functions;
@@ -1618,7 +1618,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644
+ data->enabled = true;
+
+ INIT_WORK(&data->attn_work, attn_callback);
-
+
if (data->f01_container->dev.driver) {
/* Driver already bound, so enable ATTN now. */
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
@@ -1627,7 +1627,7 @@ index 0f4dc25d46c9..bd962ee8bc4b 100644
+++ b/drivers/iommu/iommu.c
@@ -7,6 +7,7 @@
#define pr_fmt(fmt) "iommu: " fmt
-
+
#include <linux/device.h>
+#include <linux/dmi.h>
#include <linux/kernel.h>
@@ -1665,7 +1665,7 @@ index 18b91ea1a353..b71f77a5799f 100644
@@ -5290,6 +5290,11 @@ mptsas_probe(struct pci_dev *pdev, const struct pci_device_id *id)
ioc, MPI_SAS_OP_CLEAR_ALL_PERSISTENT);
}
-
+
+#ifdef CONFIG_RHEL_DIFFERENCES
+ add_taint(TAINT_SUPPORT_REMOVED, LOCKDEP_STILL_OK);
+ pr_warn("MPTSAS MODULE IS NOT SUPPORTED\n");
@@ -1676,7 +1676,7 @@ index 18b91ea1a353..b71f77a5799f 100644
dprintk(ioc, printk(MYIOC_s_ERR_FMT
@@ -5353,6 +5358,10 @@ static void mptsas_remove(struct pci_dev *pdev)
}
-
+
static struct pci_device_id mptsas_pci_table[] = {
+#ifdef CONFIG_RHEL_DIFFERENCES
+ { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1068,
@@ -1699,7 +1699,7 @@ index eabc4de5816c..1f458e35effb 100644
+++ b/drivers/message/fusion/mptspi.c
@@ -1238,12 +1238,17 @@ static struct spi_function_template mptspi_transport_functions = {
*/
-
+
static struct pci_device_id mptspi_pci_table[] = {
+#ifdef CONFIG_RHEL_DIFFERENCES
+ { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_53C1030,
@@ -1717,7 +1717,7 @@ index eabc4de5816c..1f458e35effb 100644
MODULE_DEVICE_TABLE(pci, mptspi_pci_table);
@@ -1534,6 +1539,12 @@ mptspi_probe(struct pci_dev *pdev, const struct pci_device_id *id)
0, 0, 0, 0, 5);
-
+
scsi_scan_host(sh);
+
+#ifdef CONFIG_RHEL_DIFFERENCES
@@ -1726,7 +1726,7 @@ index eabc4de5816c..1f458e35effb 100644
+#endif
+
return 0;
-
+
out_mptspi_probe:
diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c
index 9aa6fad8ed47..11a9cea929a3 100644
@@ -1735,7 +1735,7 @@ index 9aa6fad8ed47..11a9cea929a3 100644
@@ -1248,9 +1248,9 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force)
ew32(H2ME, mac_reg);
}
-
+
- /* Poll up to 300msec for ME to clear ULP_CFG_DONE. */
+ /* Poll up to 2.5sec for ME to clear ULP_CFG_DONE. */
while (er32(FWSM) & E1000_FWSM_ULP_CFG_DONE) {
@@ -1749,11 +1749,11 @@ index 2dea4d0e9415..ea87438a4f7b 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -4813,6 +4813,7 @@ static int __init ice_module_init(void)
-
+
pr_info("%s\n", ice_driver_string);
pr_info("%s\n", ice_copyright);
+ mark_tech_preview(DRV_SUMMARY, THIS_MODULE);
-
+
ice_wq = alloc_workqueue("%s", WQ_MEM_RECLAIM, 0, KBUILD_MODNAME);
if (!ice_wq) {
diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c
@@ -1771,7 +1771,7 @@ index 8b587fc97f7b..afd364210381 100644
@@ -280,6 +281,34 @@ static const struct pci_device_id *pci_match_device(struct pci_driver *drv,
return found_id;
}
-
+
+/**
+ * pci_hw_vendor_status - Tell if a PCI device is supported by the HW vendor
+ * @ids: array of PCI device id structures to search in
@@ -1810,7 +1810,7 @@ index f70692ac79c5..2381cb1d2333 100644
@@ -4139,6 +4139,30 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9000,
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9084,
quirk_bridge_cavm_thrx2_pcie_root);
-
+
+/*
+ * PCI BAR 5 is not setup correctly for the on-board AHCI controller
+ * on Broadcom's Vulcan processor. Added a quirk to fix BAR 5 by
@@ -1863,7 +1863,7 @@ index 202ba925c494..094a9b551247 100644
--- a/drivers/scsi/be2iscsi/be_main.c
+++ b/drivers/scsi/be2iscsi/be_main.c
@@ -370,11 +370,13 @@ static int beiscsi_eh_device_reset(struct scsi_cmnd *sc)
-
+
/*------------------- PCI Driver operations and data ----------------- */
static const struct pci_device_id beiscsi_pci_id_table[] = {
+#ifndef CONFIG_RHEL_DIFFERENCES
@@ -1887,7 +1887,7 @@ index 8df70c92911d..754a912d30a6 100644
+#ifndef CONFIG_RHEL_DIFFERENCES
MODULE_ALIAS("cciss");
+#endif
-
+
static int hpsa_simple_mode;
module_param(hpsa_simple_mode, int, S_IRUGO|S_IWUSR);
@@ -145,10 +147,12 @@ static const struct pci_device_id hpsa_pci_device_id[] = {
@@ -1902,14 +1902,14 @@ index 8df70c92911d..754a912d30a6 100644
+#endif
{0,}
};
-
+
diff --git a/drivers/scsi/lpfc/lpfc_ids.h b/drivers/scsi/lpfc/lpfc_ids.h
index d48414e295a0..ba0e384412c9 100644
--- a/drivers/scsi/lpfc/lpfc_ids.h
+++ b/drivers/scsi/lpfc/lpfc_ids.h
@@ -24,6 +24,7 @@
#include <linux/pci.h>
-
+
const struct pci_device_id lpfc_id_table[] = {
+#ifndef CONFIG_RHEL_DIFFERENCES
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_VIPER,
@@ -1990,7 +1990,7 @@ index 41cd66fc7d81..2bc149710f3d 100644
@@ -138,6 +138,7 @@ static void megasas_get_pd_info(struct megasas_instance *instance,
*/
static struct pci_device_id megasas_pci_table[] = {
-
+
+#ifndef CONFIG_RHEL_DIFFERENCES
{PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_SAS1064R)},
/* xscale IOP */
@@ -2041,7 +2041,7 @@ index f9c8ae9d669e..b5935dce1a9d 100644
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -7703,6 +7703,7 @@ static const struct pci_error_handlers qla2xxx_err_handler = {
};
-
+
static struct pci_device_id qla2xxx_pci_tbl[] = {
+#ifndef CONFIG_RHEL_DIFFERENCES
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2100) },
@@ -2127,7 +2127,7 @@ index 17202b2ee063..033990e935dd 100644
@@ -5531,6 +5531,13 @@ static void hub_event(struct work_struct *work)
(u16) hub->change_bits[0],
(u16) hub->event_bits[0]);
-
+
+ /* Don't disconnect USB-SATA on TrimSlice */
+ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) {
+ if ((hdev->state == 7) && (hub->change_bits[0] == 0) &&
@@ -2145,7 +2145,7 @@ index d7c0e73af2b9..c2af576741d5 100644
@@ -43,6 +43,8 @@
#define EFI_ABORTED (21 | (1UL << (BITS_PER_LONG-1)))
#define EFI_SECURITY_VIOLATION (26 | (1UL << (BITS_PER_LONG-1)))
-
+
+#define EFI_IS_ERROR(x) ((x) & (1UL << (BITS_PER_LONG-1)))
+
typedef unsigned long efi_status_t;
@@ -2163,22 +2163,22 @@ index d7c0e73af2b9..c2af576741d5 100644
+ efi_secureboot_mode_disabled,
+ efi_secureboot_mode_enabled,
+};
-
+
#ifdef CONFIG_EFI
/*
@@ -797,6 +807,8 @@ static inline bool efi_enabled(int feature)
}
extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused);
-
+
+extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode);
+
bool __pure __efi_soft_reserve_enabled(void);
-
+
static inline bool __pure efi_soft_reserve_enabled(void)
@@ -823,6 +835,8 @@ efi_capsule_pending(int *reset_type)
return false;
}
-
+
+static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {}
+
static inline bool efi_soft_reserve_enabled(void)
@@ -2186,16 +2186,16 @@ index d7c0e73af2b9..c2af576741d5 100644
return false;
@@ -835,6 +849,7 @@ static inline bool efi_rt_services_supported(unsigned int mask)
#endif
-
+
extern int efi_status_to_err(efi_status_t status);
+extern const char *efi_status_to_str(efi_status_t status);
-
+
/*
* Variable Attributes
@@ -1083,12 +1098,6 @@ static inline bool efi_runtime_disabled(void) { return true; }
extern void efi_call_virt_check_flags(unsigned long flags, const char *call);
extern unsigned long efi_call_virt_save_flags(void);
-
+
-enum efi_secureboot_mode {
- efi_secureboot_mode_unset,
- efi_secureboot_mode_unknown,
@@ -2203,7 +2203,7 @@ index d7c0e73af2b9..c2af576741d5 100644
- efi_secureboot_mode_enabled,
-};
enum efi_secureboot_mode efi_get_secureboot(void);
-
+
#ifdef CONFIG_RESET_ATTACK_MITIGATION
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 2f05e9128201..fc3d6161a3b7 100644
@@ -2233,7 +2233,7 @@ index 2f05e9128201..fc3d6161a3b7 100644
+/* End of Red Hat-specific taint flags */
+#define TAINT_FLAGS_COUNT 32
#define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1)
-
+
struct taint_flag {
@@ -888,4 +905,19 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
/* OTHER_WRITABLE? Generally considered a bad idea. */ \
@@ -2261,11 +2261,11 @@ index 32a940117e7a..edb5ae9c9e09 100644
+++ b/include/linux/lsm_hook_defs.h
@@ -385,6 +385,8 @@ LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux)
#endif /* CONFIG_BPF_SYSCALL */
-
+
LSM_HOOK(int, 0, locked_down, enum lockdown_reason what)
+LSM_HOOK(int, 0, lock_kernel_down, const char *where, enum lockdown_reason level)
+
-
+
#ifdef CONFIG_PERF_EVENTS
LSM_HOOK(int, 0, perf_event_open, struct perf_event_attr *attr, int type)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
@@ -2295,7 +2295,7 @@ index 6264617bab4d..d4202ef4c598 100644
const char *srcversion;
+ const char *rhelversion;
struct kobject *holders_dir;
-
+
/* Exported symbols */
diff --git a/include/linux/pci.h b/include/linux/pci.h
index 22207a79762c..e2f9a745fbc1 100644
@@ -2311,7 +2311,7 @@ index 22207a79762c..e2f9a745fbc1 100644
+ struct pci_dev *dev);
int pci_scan_bridge(struct pci_bus *bus, struct pci_dev *dev, int max,
int pass);
-
+
diff --git a/include/linux/rh_kabi.h b/include/linux/rh_kabi.h
new file mode 100644
index 000000000000..ea9c136bf884
@@ -2620,12 +2620,12 @@ index ab7eea01ab42..fff7c5f737fc 100644
--- a/include/linux/rmi.h
+++ b/include/linux/rmi.h
@@ -364,6 +364,7 @@ struct rmi_driver_data {
-
+
struct rmi4_attn_data attn_data;
DECLARE_KFIFO(attn_fifo, struct rmi4_attn_data, 16);
+ struct work_struct attn_work;
};
-
+
int rmi_register_transport_device(struct rmi_transport_dev *xport);
diff --git a/include/linux/security.h b/include/linux/security.h
index bc2725491560..079bea163ba1 100644
@@ -2637,7 +2637,7 @@ index bc2725491560..079bea163ba1 100644
int security_locked_down(enum lockdown_reason what);
+int security_lock_kernel_down(const char *where, enum lockdown_reason level);
#else /* CONFIG_SECURITY */
-
+
static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
@@ -1304,6 +1305,10 @@ static inline int security_locked_down(enum lockdown_reason what)
{
@@ -2648,7 +2648,7 @@ index bc2725491560..079bea163ba1 100644
+ return 0;
+}
#endif /* CONFIG_SECURITY */
-
+
#if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
diff --git a/kernel/Makefile b/kernel/Makefile
index af601b9bda0e..eb29602a431b 100644
@@ -2657,7 +2657,7 @@ index af601b9bda0e..eb29602a431b 100644
@@ -12,6 +12,8 @@ obj-y = fork.o exec_domain.o panic.o \
notifier.o ksysfs.o cred.o reboot.o \
async.o range.o smpboot.o ucount.o regset.o
-
+
+obj-$(CONFIG_RH_DISABLE_DEPRECATED) += rh_taint.o
+obj-$(CONFIG_RHEL_DIFFERENCES) += rh_taint.o
obj-$(CONFIG_USERMODE_DRIVER) += usermode_driver.o
@@ -2678,7 +2678,7 @@ index 8f50c9c19f1b..0a98ae3d38a0 100644
@@ -50,7 +51,25 @@ static DEFINE_SPINLOCK(map_idr_lock);
static DEFINE_IDR(link_idr);
static DEFINE_SPINLOCK(link_idr_lock);
-
+
-int sysctl_unprivileged_bpf_disabled __read_mostly;
+/* RHEL-only: default to 1 */
+int sysctl_unprivileged_bpf_disabled __read_mostly = 1;
@@ -2699,7 +2699,7 @@ index 8f50c9c19f1b..0a98ae3d38a0 100644
+ return 1;
+}
+__setup("unprivileged_bpf_disabled=", unprivileged_bpf_setup);
-
+
static const struct bpf_map_ops * const bpf_map_types[] = {
#define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type)
@@ -4357,11 +4376,17 @@ static int bpf_prog_bind_map(union bpf_attr *attr)
@@ -2708,10 +2708,10 @@ index 8f50c9c19f1b..0a98ae3d38a0 100644
union bpf_attr attr;
+ static int marked;
int err;
-
+
if (sysctl_unprivileged_bpf_disabled && !bpf_capable())
return -EPERM;
-
+
+ if (!marked) {
+ mark_tech_preview("eBPF syscall", NULL);
+ marked = true;
@@ -2729,7 +2729,7 @@ index 106e4500fd53..09a4870fe1fb 100644
#include <linux/utsname.h>
#include <linux/vmalloc.h>
+#include <linux/sizes.h>
-
+
#include <asm/page.h>
#include <asm/sections.h>
@@ -41,6 +42,15 @@ static int __init parse_crashkernel_mem(char *cmdline,
@@ -2745,7 +2745,7 @@ index 106e4500fd53..09a4870fe1fb 100644
+ * enough for most test cases.
+ */
+ total_mem = roundup(total_mem, SZ_128M);
-
+
/* for each entry of the comma-separated list */
do {
@@ -85,13 +95,13 @@ static int __init parse_crashkernel_mem(char *cmdline,
@@ -2757,7 +2757,7 @@ index 106e4500fd53..09a4870fe1fb 100644
pr_warn("crashkernel: invalid size\n");
return -EINVAL;
}
-
+
/* match ? */
- if (system_ram >= start && system_ram < end) {
+ if (total_mem >= start && total_mem < end) {
@@ -2790,13 +2790,13 @@ index a4fa44a652a7..2cb5d45c7d1b 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -807,6 +807,7 @@ static struct module_attribute modinfo_##field = { \
-
+
MODINFO_ATTR(version);
MODINFO_ATTR(srcversion);
+MODINFO_ATTR(rhelversion);
-
+
static char last_unloaded_module[MODULE_NAME_LEN+1];
-
+
@@ -1269,6 +1270,7 @@ static struct module_attribute *modinfo_attrs[] = {
&module_uevent,
&modinfo_version,
@@ -2812,7 +2812,7 @@ index 9d9fc678c91d..84ad75a53c83 100644
@@ -38,8 +38,15 @@ int mod_verify_sig(const void *mod, struct load_info *info)
modlen -= sig_len + sizeof(ms);
info->len = modlen;
-
+
- return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
VERIFY_USE_SECONDARY_KEYRING,
@@ -2849,7 +2849,7 @@ index 332736a72a58..1c81aa14f488 100644
+ [ TAINT_RESERVED30 ] = { '?', '-', false },
+ [ TAINT_UNPRIVILEGED_BPF ] = { 'u', ' ', false },
};
-
+
/**
diff --git a/kernel/rh_taint.c b/kernel/rh_taint.c
new file mode 100644
@@ -2964,7 +2964,7 @@ index c0014d3b91c1..c00e9820412a 100644
+ }
+
kmemleak_initialized = 1;
-
+
debugfs_create_file("kmemleak", 0644, NULL, NULL, &kmemleak_fops);
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index f882ce0d9327..fafe657d640d 100644
@@ -2975,13 +2975,13 @@ index f882ce0d9327..fafe657d640d 100644
#include "modpost.h"
#include "../../include/linux/license.h"
+#include "../../include/generated/uapi/linux/version.h"
-
+
/* Are we using CONFIG_MODVERSIONS? */
static int modversions = 0;
@@ -2393,6 +2394,12 @@ static void write_buf(struct buffer *b, const char *fname)
}
}
-
+
+static void add_rhelversion(struct buffer *b, struct module *mod)
+{
+ buf_printf(b, "MODULE_INFO(rhelversion, \"%d.%d\");\n", RHEL_MAJOR,
@@ -2996,7 +2996,7 @@ index f882ce0d9327..fafe657d640d 100644
add_moddevtable(&buf, mod);
add_srcversion(&buf, mod);
+ add_rhelversion(&buf, mod);
-
+
sprintf(fname, "%s.mod.c", mod->name);
write_if_changed(&buf, fname);
diff --git a/scripts/tags.sh b/scripts/tags.sh
@@ -3009,7 +3009,7 @@ index fd96734deff1..5b540f3dcff1 100755
ignore="$ignore ( -name *.mod.c ) -prune -o"
+# RHEL tags and cscope should also ignore redhat/rpm
+ignore="$ignore ( -path redhat/rpm ) -prune -o"
-
+
# Use make KBUILD_ABS_SRCTREE=1 {tags|cscope}
# to force full paths for a non-O= build
diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
@@ -3018,14 +3018,14 @@ index ee4b4c666854..eff9ff593405 100644
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -46,7 +46,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
return NULL;
-
+
if (*status != EFI_BUFFER_TOO_SMALL) {
- pr_err("Couldn't get size: 0x%lx\n", *status);
+ pr_err("Couldn't get size: %s (0x%lx)\n",
+ efi_status_to_str(*status), *status);
return NULL;
}
-
+
@@ -57,7 +58,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
*status = efi.get_variable(name, guid, NULL, &lsize, db);
if (*status != EFI_SUCCESS) {
@@ -3035,7 +3035,7 @@ index ee4b4c666854..eff9ff593405 100644
+ efi_status_to_str(*status), *status);
return NULL;
}
-
+
diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig
index e84ddf484010..d0501353a4b9 100644
--- a/security/lockdown/Kconfig
@@ -3043,7 +3043,7 @@ index e84ddf484010..d0501353a4b9 100644
@@ -16,6 +16,19 @@ config SECURITY_LOCKDOWN_LSM_EARLY
subsystem is fully initialised. If enabled, lockdown will
unconditionally be called before any other LSMs.
-
+
+config LOCK_DOWN_IN_EFI_SECURE_BOOT
+ bool "Lock down the kernel in EFI Secure Boot mode"
+ default n
@@ -3065,12 +3065,12 @@ index 87cbdc64d272..18555cf18da7 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -73,6 +73,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what)
-
+
static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(locked_down, lockdown_is_locked_down),
+ LSM_HOOK_INIT(lock_kernel_down, lock_kernel_down),
};
-
+
static int __init lockdown_lsm_init(void)
diff --git a/security/security.c b/security/security.c
index a28045dc9e7f..36b8b9fcad48 100644
@@ -3079,7 +3079,7 @@ index a28045dc9e7f..36b8b9fcad48 100644
@@ -2532,6 +2532,12 @@ int security_locked_down(enum lockdown_reason what)
}
EXPORT_SYMBOL(security_locked_down);
-
+
+int security_lock_kernel_down(const char *where, enum lockdown_reason level)
+{
+ return call_int_hook(lock_kernel_down, 0, where, level);