diff options
author | Justin M. Forbes <jforbes@fedoraproject.org> | 2021-04-28 12:17:28 -0500 |
---|---|---|
committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2021-04-28 12:17:28 -0500 |
commit | 4a22859470b3bfabc493470deed4e0fa8a40db08 (patch) | |
tree | 4cdfa9f6efdabdb7b9d1b781e1e970e475809dfa /patch-5.13.0-redhat.patch | |
parent | a442226220170c596044cae16af0f4ca133d6d84 (diff) | |
download | kernel-4a22859470b3bfabc493470deed4e0fa8a40db08.tar.gz kernel-4a22859470b3bfabc493470deed4e0fa8a40db08.tar.xz kernel-4a22859470b3bfabc493470deed4e0fa8a40db08.zip |
kernel-5.13.0-0.rc0.20210428gitacd3d2859453.2
* Wed Apr 28 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.13.0-0.rc0.20210428gitacd3d2859453.2]
- Reset the counter as we start the 5.13 merge window (Justin M. Forbes)
- Create ark-latest branch last for CI scripts (Don Zickus)
- Replace /usr/libexec/platform-python with /usr/bin/python3 (David Ward)
- Turn off ADI_AXI_ADC and AD9467 which now require CONFIG_OF (Justin M. Forbes)
- Export ark infrastructure files (Don Zickus)
- docs: Update docs to reflect newer workflow. (Don Zickus)
- Use upstream/master for merge-base with fallback to master (Don Zickus)
- Fedora: Turn off the SND_INTEL_BYT_PREFER_SOF option (Hans de Goede)
- filter-modules.sh.fedora: clean up "netprots" (Paul Bolle)
- filter-modules.sh.fedora: clean up "scsidrvs" (Paul Bolle)
- filter-*.sh.fedora: clean up "ethdrvs" (Paul Bolle)
- filter-*.sh.fedora: clean up "driverdirs" (Paul Bolle)
- filter-*.sh.fedora: remove incorrect entries (Paul Bolle)
- filter-*.sh.fedora: clean up "singlemods" (Paul Bolle)
- filter-modules.sh.fedora: drop unused list "iiodrvs" (Paul Bolle)
- Update mod-internal to fix depmod issue (Nico Pache)
- Turn on CONFIG_VDPA_SIM_NET (rhbz 1942343) (Justin M. Forbes)
- New configs in drivers/power (Fedora Kernel Team)
- Turn on CONFIG_NOUVEAU_DEBUG_PUSH for debug configs (Justin M. Forbes)
- Turn off KFENCE sampling by default for Fedora (Justin M. Forbes)
- Fedora config updates round 2 (Justin M. Forbes)
- New configs in drivers/soc (Jeremy Cline)
- filter-modules.sh: Fix copy/paste error 'input' (Paul Bolle)
- Update module filtering for 5.12 kernels (Justin M. Forbes)
- Fix genlog.py to ensure that comments retain "%%" characters. (Mark Mielke)
- New configs in drivers/leds (Fedora Kernel Team)
- Limit CONFIG_USB_CDNS_SUPPORT to x86_64 and arm in Fedora (David Ward)
- Fedora: Enable CHARGER_GPIO on aarch64 too (Peter Robinson)
- Fedora config updates (Justin M. Forbes)
- wireguard: mark as Tech Preview (Hangbin Liu) [1613522]
- configs: enable CONFIG_WIREGUARD in ARK (Hangbin Liu) [1613522]
- Remove duplicate configs acroos fedora, ark and common (Don Zickus)
- Combine duplicate configs across ark and fedora into common (Don Zickus)
- common/ark: cleanup and unify the parport configs (Peter Robinson)
- iommu/vt-d: enable INTEL_IDXD_SVM for both fedora and rhel (Jerry Snitselaar)
- REDHAT: coresight: etm4x: Disable coresight on HPE Apollo 70 (Jeremy Linton)
- configs/common/generic: disable CONFIG_SLAB_MERGE_DEFAULT (Rafael Aquini)
- Remove _legacy_common_support (Justin M. Forbes)
- redhat/mod-blacklist.sh: Fix floppy blacklisting (Hans de Goede)
- New configs in fs/pstore (CKI@GitLab)
- New configs in arch/powerpc (Fedora Kernel Team)
- configs: enable BPF LSM on Fedora and ARK (Ondrej Mosnacek)
- configs: clean up LSM configs (Ondrej Mosnacek)
- New configs in drivers/platform (CKI@GitLab)
- New configs in drivers/firmware (CKI@GitLab)
- New configs in drivers/mailbox (Fedora Kernel Team)
- New configs in drivers/net/phy (Justin M. Forbes)
- Update CONFIG_DM_MULTIPATH_IOA (Augusto Caringi)
- New configs in mm/Kconfig (CKI@GitLab)
- New configs in arch/powerpc (Jeremy Cline)
- New configs in arch/powerpc (Jeremy Cline)
- New configs in drivers/input (Fedora Kernel Team)
- New configs in net/bluetooth (Justin M. Forbes)
- New configs in drivers/clk (Fedora Kernel Team)
- New configs in init/Kconfig (Jeremy Cline)
- redhat: allow running fedora-configs and rh-configs targets outside of redhat/ (Herton R. Krzesinski)
- all: unify the disable of goldfish (android emulation platform) (Peter Robinson)
- common: minor cleanup/de-dupe of dma/dmabuf debug configs (Peter Robinson)
- common/ark: these drivers/arches were removed in 5.12 (Peter Robinson)
- common: unset serial mouse for general config (Peter Robinson)
- Correct kernel-devel make prepare build for 5.12. (Paulo E. Castro)
- redhat: add initial support for centos stream dist-git sync on Makefiles (Herton R. Krzesinski)
- redhat/configs: Enable CONFIG_SCHED_STACK_END_CHECK for Fedora and ARK (Josh Poimboeuf) [1856174]
- CONFIG_VFIO now selects IOMMU_API instead of depending on it, causing several config mismatches for the zfcpdump kernel (Justin M. Forbes)
- Turn off weak-modules for Fedora (Justin M. Forbes)
- redhat: enable CONFIG_FW_LOADER_COMPRESS for ARK (Herton R. Krzesinski) [1939095]
- Fedora: filters: update to move dfl-emif to modules (Peter Robinson)
- drop duplicate DEVFREQ_GOV_SIMPLE_ONDEMAND config (Peter Robinson)
- efi: The EFI_VARS is legacy and now x86 only (Peter Robinson)
- common: enable RTC_SYSTOHC to supplement update_persistent_clock64 (Peter Robinson)
- generic: arm: enable SCMI for all options (Peter Robinson)
- fedora: the PCH_CAN driver is x86-32 only (Peter Robinson)
- common: disable legacy CAN device support (Peter Robinson)
- common: Enable Microchip MCP251x/MCP251xFD CAN controllers (Peter Robinson)
- common: Bosch MCAN support for Intel Elkhart Lake (Peter Robinson)
- common: enable CAN_PEAK_PCIEFD PCI-E driver (Peter Robinson)
- common: disable CAN_PEAK_PCIEC PCAN-ExpressCard (Peter Robinson)
- common: enable common CAN layer 2 protocols (Peter Robinson)
- ark: disable CAN_LEDS option (Peter Robinson)
- Fedora: Turn on SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC option (Hans de Goede)
- Fedora: enable modules for surface devices (Dave Olsthoorn)
- Turn on SND_SOC_INTEL_SOUNDWIRE_SOF_MACH for Fedora again (Justin M. Forbes)
- common: fix WM8804 codec dependencies (Peter Robinson)
- Build SERIO_SERPORT as a module (Peter Robinson)
- input: touchscreen: move ELO and Wacom serial touchscreens to x86 (Peter Robinson)
- Sync serio touchscreens for non x86 architectures to the same as ARK (Peter Robinson)
- Only enable SERIO_LIBPS2 on x86 (Peter Robinson)
- Only enable PC keyboard controller and associated keyboard on x86 (Peter Robinson)
- Generic: Mouse: Tweak generic serial mouse options (Peter Robinson)
- Only enable PS2 Mouse options on x86 (Peter Robinson)
- Disable bluetooth highspeed by default (Peter Robinson)
- Fedora: A few more general updates for 5.12 window (Peter Robinson)
- Fedora: Updates for 5.12 merge window (Peter Robinson)
- Fedora: remove dead options that were removed upstream (Peter Robinson)
- Revert "mm/kmemleak: skip late_init if not skip disable" (Herton R. Krzesinski)
- Revert "ARM: fix __get_user_check() in case uaccess_* calls are not inlined" (Herton R. Krzesinski)
- Revert "dt-bindings: panel: add binding for Xingbangda XBD599 panel" (Herton R. Krzesinski)
- redhat: remove CONFIG_DRM_PANEL_XINGBANGDA_XBD599 (Herton R. Krzesinski)
- Revert "drm: panel: add Xingbangda XBD599 panel" (Herton R. Krzesinski)
- Revert "drm/sun4i: sun6i_mipi_dsi: fix horizontal timing calculation" (Herton R. Krzesinski)
- New configs in arch/powerpc (Fedora Kernel Team)
- Fix merge issue (Justin M. Forbes)
- Revert pending so that MR works (Justin M. Forbes)
- Change the pending config for CONFIG_PPC_QUEUED_SPINLOCKS as it is now default upstream for 64-bit server CPUs (Justin M. Forbes)
- Turn on CONFIG_PPC_QUEUED_SPINLOCKS as it is default upstream now (Justin M. Forbes)
- Update pending-common configs to address new upstream config deps (Justin M. Forbes)
- rpmspec: ship gpio-watch.debug in the proper debuginfo package (Herton R. Krzesinski)
- Removed description text as a comment confuses the config generation (Justin M. Forbes)
- New configs in drivers/dma-buf (Jeremy Cline)
- Fedora: ARMv7: build for 16 CPUs. (Peter Robinson)
- Fedora: only enable DEBUG_HIGHMEM on debug kernels (Peter Robinson)
- process_configs.sh: fix find/xargs data flow (Ondrej Mosnacek)
- Fedora config update (Justin M. Forbes)
- fedora: minor arm sound config updates (Peter Robinson)
- Fix trailing white space in redhat/configs/fedora/generic/CONFIG_SND_INTEL_BYT_PREFER_SOF (Justin M. Forbes)
- Add a redhat/rebase-notes.txt file (Hans de Goede)
- Turn on SND_INTEL_BYT_PREFER_SOF for Fedora (Hans de Goede)
- ALSA: hda: intel-dsp-config: Add SND_INTEL_BYT_PREFER_SOF Kconfig option (Hans de Goede) [1924101]
- CI: Drop MR ID from the name variable (Veronika Kabatova)
- redhat: add DUP and kpatch certificates to system trusted keys for RHEL build (Herton R. Krzesinski)
- The comments in CONFIG_USB_RTL8153_ECM actually turn off CONFIG_USB_RTL8152 (Justin M. Forbes)
- Update CKI pipeline project (Veronika Kabatova)
- Turn off additional KASAN options for Fedora (Justin M. Forbes)
- Rename the master branch to rawhide for Fedora (Justin M. Forbes)
- Makefile targets for packit integration (Ben Crocker)
- Turn off KASAN for rawhide debug builds (Justin M. Forbes)
- New configs in arch/arm64 (Justin Forbes)
- Remove deprecated Intel MIC config options (Peter Robinson)
- redhat: replace inline awk script with genlog.py call (Herton R. Krzesinski)
- redhat: add genlog.py script (Herton R. Krzesinski)
- kernel.spec.template - fix use_vdso usage (Ben Crocker)
- redhat: remove remaining references of CONFIG_RH_DISABLE_DEPRECATED (Herton R. Krzesinski)
- .gitignore: fix previous mismerge with "HEAD line" (Herton R. Krzesinski)
- Turn off vdso_install for ppc (Justin M. Forbes)
- Remove bpf-helpers.7 from bpftool package (Jiri Olsa)
- New configs in lib/Kconfig.debug (Fedora Kernel Team)
- Turn off CONFIG_VIRTIO_CONSOLE for s390x zfcpdump (Justin M. Forbes)
- New configs in drivers/clk (Justin M. Forbes)
- Keep VIRTIO_CONSOLE on s390x available. (Jakub Čajka)
- New configs in lib/Kconfig.debug (Jeremy Cline)
- Fedora 5.11 config updates part 4 (Justin M. Forbes)
- Fedora 5.11 config updates part 3 (Justin M. Forbes)
- Fedora 5.11 config updates part 2 (Justin M. Forbes)
- Update internal (test) module list from RHEL-8 (Joe Lawrence) [1915073]
- Fix USB_XHCI_PCI regression (Justin M. Forbes)
- fedora: fixes for ARMv7 build issue by disabling HIGHPTE (Peter Robinson)
- all: s390x: Increase CONFIG_PCI_NR_FUNCTIONS to 512 (#1888735) (Dan Horák)
- Fedora 5.11 configs pt 1 (Justin M. Forbes)
- redhat: avoid conflict with mod-blacklist.sh and released_kernel defined (Herton R. Krzesinski)
- redhat: handle certificate files conditionally as done for src.rpm (Herton R. Krzesinski)
- specfile: add %%{?_smp_mflags} to "make headers_install" in tools/testing/selftests (Denys Vlasenko)
- specfile: add %%{?_smp_mflags} to "make samples/bpf/" (Denys Vlasenko)
- Run MR testing in CKI pipeline (Veronika Kabatova)
- Reword comment (Nicolas Chauvet)
- Add with_cross_arm conditional (Nicolas Chauvet)
- Redefines __strip if with_cross (Nicolas Chauvet)
- fedora: only enable ACPI_CONFIGFS, ACPI_CUSTOM_METHOD in debug kernels (Peter Robinson)
- fedora: User the same EFI_CUSTOM_SSDT_OVERLAYS as ARK (Peter Robinson)
- all: all arches/kernels enable the same DMI options (Peter Robinson)
- all: move SENSORS_ACPI_POWER to common/generic (Peter Robinson)
- fedora: PCIE_HISI_ERR is already in common (Peter Robinson)
- all: all ACPI platforms enable ATA_ACPI so move it to common (Peter Robinson)
- all: x86: move shared x86 acpi config options to generic (Peter Robinson)
- All: x86: Move ACPI_VIDEO to common/x86 (Peter Robinson)
- All: x86: Enable ACPI_DPTF (Intel DPTF) (Peter Robinson)
- All: enable ACPI_BGRT for all ACPI platforms. (Peter Robinson)
- All: Only build ACPI_EC_DEBUGFS for debug kernels (Peter Robinson)
- All: Disable Intel Classmate PC ACPI_CMPC option (Peter Robinson)
- cleanup: ACPI_PROCFS_POWER was removed upstream (Peter Robinson)
- All: ACPI: De-dupe the ACPI options that are the same across ark/fedora on x86/arm (Peter Robinson)
- Enable the vkms module in Fedora (Jeremy Cline)
- Revert "Merge branch 'revert-29a48502' into 'os-build'" (Justin Forbes)
- Fedora: arm updates for 5.11 and general cross Fedora cleanups (Peter Robinson)
- Add gcc-c++ to BuildRequires (Justin M. Forbes)
- gcc-plugins: fix gcc 11 indigestion with plugins... (Valdis Klētnieks)
- Update CONFIG_KASAN_HW_TAGS (Justin M. Forbes)
- fedora: arm: move generic power off/reset to all arm (Peter Robinson)
- fedora: ARMv7: build in DEVFREQ_GOV_SIMPLE_ONDEMAND until I work out why it's changed (Peter Robinson)
- fedora: cleanup joystick_adc (Peter Robinson)
- fedora: update some display options (Peter Robinson)
- fedora: arm: enable TI PRU options (Peter Robinson)
- fedora: arm: minor exynos plaform updates (Peter Robinson)
- arm: SoC: disable Toshiba Visconti SoC (Peter Robinson)
- common: disable ARCH_BCM4908 (NFC) (Peter Robinson)
- fedora: minor arm config updates (Peter Robinson)
- fedora: enable Tegra 234 SoC (Peter Robinson)
- fedora: arm: enable new Hikey 3xx options (Peter Robinson)
- Fedora: USB updates (Peter Robinson)
- fedora: enable the GNSS receiver subsystem (Peter Robinson)
- Remove POWER_AVS as no longer upstream (Peter Robinson)
- Cleanup RESET_RASPBERRYPI (Peter Robinson)
- Cleanup GPIO_CDEV_V1 options. (Peter Robinson)
- fedora: arm crypto updates (Peter Robinson)
- Revert "Merge branch 'ark-enable-structleak' into 'os-build'" (Justin Forbes)
- CONFIG_KASAN_HW_TAGS for aarch64 (Justin M. Forbes)
- Fix up bad merge with efi: generalize efi_get_secureboot (Justin M. Forbes)
- Fedora: cleanup PCMCIA configs, move to x86 (Peter Robinson)
- New configs in drivers/rtc (Fedora Kernel Team)
- redhat/configs: Enable CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL (Josh Poimboeuf) [1856176]
- redhat/configs: Enable CONFIG_GCC_PLUGIN_STRUCTLEAK (Josh Poimboeuf) [1856176]
- redhat/configs: Enable CONFIG_GCC_PLUGINS on ARK (Josh Poimboeuf) [1856176]
- redhat/configs: Enable CONFIG_KASAN on Fedora (Josh Poimboeuf) [1856176]
- New configs in init/Kconfig (Fedora Kernel Team)
- build_configs.sh: Fix syntax flagged by shellcheck (Ben Crocker)
- genspec.sh: Fix syntax flagged by shellcheck (Ben Crocker)
- mod-blacklist.sh: Fix syntax flagged by shellcheck (Ben Crocker)
- Enable Speakup accessibility driver (Justin M. Forbes)
- New configs in init/Kconfig (Fedora Kernel Team)
- Fix fedora config mismatch due to dep changes (Justin M. Forbes)
- New configs in drivers/crypto (Jeremy Cline)
- Remove duplicate ENERGY_MODEL configs (Peter Robinson)
- This is selected by PCIE_QCOM so must match (Justin M. Forbes)
- drop unused BACKLIGHT_GENERIC (Peter Robinson)
- Remove cp instruction already handled in instruction below. (Paulo E. Castro)
- Add all the dependencies gleaned from running `make prepare` on a bloated devel kernel. (Paulo E. Castro)
- Add tools to path mangling script. (Paulo E. Castro)
- Remove duplicate cp statement which is also not specific to x86. (Paulo E. Castro)
- Correct orc_types failure whilst running `make prepare` https://bugzilla.redhat.com/show_bug.cgi?id=1882854 (Paulo E. Castro)
- redhat: ark: enable CONFIG_IKHEADERS (Jiri Olsa)
- Add missing '$' sign to (GIT) in redhat/Makefile (Augusto Caringi)
- Remove filterdiff and use native git instead (Don Zickus)
- New configs in net/sched (Justin M. Forbes)
- New configs in drivers/mfd (CKI@GitLab)
- New configs in drivers/mfd (Fedora Kernel Team)
- New configs in drivers/firmware (Fedora Kernel Team)
- Temporarily backout parallel xz script (Justin M. Forbes)
- redhat: explicitly disable CONFIG_IMA_APPRAISE_SIGNED_INIT (Bruno Meneguele)
- redhat: enable CONFIG_EVM_LOAD_X509 on ARK (Bruno Meneguele)
- redhat: enable CONFIG_EVM_ATTR_FSUUID on ARK (Bruno Meneguele)
- redhat: enable CONFIG_EVM in all arches and flavors (Bruno Meneguele)
- redhat: enable CONFIG_IMA_LOAD_X509 on ARK (Bruno Meneguele)
- redhat: set CONFIG_IMA_DEFAULT_HASH to SHA256 (Bruno Meneguele)
- redhat: enable CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT (Bruno Meneguele)
- redhat: enable CONFIG_IMA_READ_POLICY on ARK (Bruno Meneguele)
- redhat: set default IMA template for all ARK arches (Bruno Meneguele)
- redhat: enable CONFIG_IMA_DEFAULT_HASH_SHA256 for all flavors (Bruno Meneguele)
- redhat: disable CONFIG_IMA_DEFAULT_HASH_SHA1 (Bruno Meneguele)
- redhat: enable CONFIG_IMA_ARCH_POLICY for ppc and x86 (Bruno Meneguele)
- redhat: enable CONFIG_IMA_APPRAISE_MODSIG (Bruno Meneguele)
- redhat: enable CONFIG_IMA_APPRAISE_BOOTPARAM (Bruno Meneguele)
- redhat: enable CONFIG_IMA_APPRAISE (Bruno Meneguele)
- redhat: enable CONFIG_INTEGRITY for aarch64 (Bruno Meneguele)
- kernel: Update some missing KASAN/KCSAN options (Jeremy Linton)
- kernel: Enable coresight on aarch64 (Jeremy Linton)
- Update CONFIG_INET6_ESPINTCP (Justin Forbes)
- New configs in net/ipv6 (Justin M. Forbes)
- fedora: move CONFIG_RTC_NVMEM options from ark to common (Peter Robinson)
- configs: Enable CONFIG_DEBUG_INFO_BTF (Don Zickus)
- fedora: some minor arm audio config tweaks (Peter Robinson)
- Ship xpad with default modules on Fedora and RHEL (Bastien Nocera)
- Fedora: Only enable legacy serial/game port joysticks on x86 (Peter Robinson)
- Fedora: Enable the options required for the Librem 5 Phone (Peter Robinson)
- Fedora config update (Justin M. Forbes)
- Fedora config change because CONFIG_FSL_DPAA2_ETH now selects CONFIG_FSL_XGMAC_MDIO (Justin M. Forbes)
- redhat: generic enable CONFIG_INET_MPTCP_DIAG (Davide Caratti)
- Fedora config update (Justin M. Forbes)
- Enable NANDSIM for Fedora (Justin M. Forbes)
- Re-enable CONFIG_ACPI_TABLE_UPGRADE for Fedora since upstream disables this if secureboot is active (Justin M. Forbes)
- Ath11k related config updates (Justin M. Forbes)
- Fedora config updates for ath11k (Justin M. Forbes)
- Turn on ATH11K for Fedora (Justin M. Forbes)
- redhat: enable CONFIG_INTEL_IOMMU_SVM (Jerry Snitselaar)
- More Fedora config fixes (Justin M. Forbes)
- Fedora 5.10 config updates (Justin M. Forbes)
- Fedora 5.10 configs round 1 (Justin M. Forbes)
- Fedora config updates (Justin M. Forbes)
- Allow kernel-tools to build without selftests (Don Zickus)
- Allow building of kernel-tools standalone (Don Zickus)
- redhat: ark: disable CONFIG_NET_ACT_CTINFO (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_TEQL (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_SFB (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_QFQ (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_PLUG (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_PIE (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_MULTIQ (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_HHF (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_DSMARK (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_DRR (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_CODEL (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_CHOKE (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_CBQ (Davide Caratti)
- redhat: ark: disable CONFIG_NET_SCH_ATM (Davide Caratti)
- redhat: ark: disable CONFIG_NET_EMATCH and sub-targets (Davide Caratti)
- redhat: ark: disable CONFIG_NET_CLS_TCINDEX (Davide Caratti)
- redhat: ark: disable CONFIG_NET_CLS_RSVP6 (Davide Caratti)
- redhat: ark: disable CONFIG_NET_CLS_RSVP (Davide Caratti)
- redhat: ark: disable CONFIG_NET_CLS_ROUTE4 (Davide Caratti)
- redhat: ark: disable CONFIG_NET_CLS_BASIC (Davide Caratti)
- redhat: ark: disable CONFIG_NET_ACT_SKBMOD (Davide Caratti)
- redhat: ark: disable CONFIG_NET_ACT_SIMP (Davide Caratti)
- redhat: ark: disable CONFIG_NET_ACT_NAT (Davide Caratti)
- arm64/defconfig: Enable CONFIG_KEXEC_FILE (Bhupesh Sharma) [1821565]
- redhat/configs: Cleanup CONFIG_CRYPTO_SHA512 (Prarit Bhargava)
- New configs in drivers/mfd (Fedora Kernel Team)
- Fix LTO issues with kernel-tools (Don Zickus)
- Point pathfix to the new location for gen_compile_commands.py (Justin M. Forbes)
- Filter out LTO build options from the perl ccopts (Justin M. Forbes)
- configs: Disable CONFIG_SECURITY_SELINUX_DISABLE (Ondrej Mosnacek)
- Fix up a merge issue with rxe.c (Justin M. Forbes)
- [Automatic] Handle config dependency changes (Don Zickus)
- configs/iommu: Add config comment to empty CONFIG_SUN50I_IOMMU file (Jerry Snitselaar)
- New configs in kernel/trace (Fedora Kernel Team)
- Fix Fedora config locations (Justin M. Forbes)
- Fedora config updates (Justin M. Forbes)
- configs: enable CONFIG_CRYPTO_CTS=y so cts(cbc(aes)) is available in FIPS mode (Vladis Dronov) [1855161]
- Partial revert: Add master merge check (Don Zickus)
- Update Maintainers doc to reflect workflow changes (Don Zickus)
- WIP: redhat/docs: Update documentation for single branch workflow (Prarit Bhargava)
- Add CONFIG_ARM64_MTE which is not picked up by the config scripts for some reason (Justin M. Forbes)
- Disable Speakup synth DECEXT (Justin M. Forbes)
- Enable Speakup for Fedora since it is out of staging (Justin M. Forbes)
- Modify patchlist changelog output (Don Zickus)
- process_configs.sh: Fix syntax flagged by shellcheck (Ben Crocker)
- generate_all_configs.sh: Fix syntax flagged by shellcheck (Ben Crocker)
- redhat/self-test: Initial commit (Ben Crocker)
- Updated changelog for the release based on 7575fdda569b (Fedora Kernel Team)
- Fixes "acpi: prefer booting with ACPI over DTS" to be RHEL only (Peter Robinson)
- arch/x86: Remove vendor specific CPU ID checks (Prarit Bhargava)
- redhat: Replace hardware.redhat.com link in Unsupported message (Prarit Bhargava) [1810301]
- x86: Fix compile issues with rh_check_supported() (Don Zickus)
- e1000e: bump up timeout to wait when ME un-configure ULP mode (Aaron Ma)
- drm/sun4i: sun6i_mipi_dsi: fix horizontal timing calculation (Icenowy Zheng)
- drm: panel: add Xingbangda XBD599 panel (Icenowy Zheng)
- dt-bindings: panel: add binding for Xingbangda XBD599 panel (Icenowy Zheng)
- ARM: fix __get_user_check() in case uaccess_* calls are not inlined (Masahiro Yamada)
- mm/kmemleak: skip late_init if not skip disable (Murphy Zhou)
- KEYS: Make use of platform keyring for module signature verify (Robert Holmes)
- Drop that for now (Laura Abbott)
- Input: rmi4 - remove the need for artificial IRQ in case of HID (Benjamin Tissoires)
- ARM: tegra: usb no reset (Peter Robinson)
- arm: make CONFIG_HIGHPTE optional without CONFIG_EXPERT (Jon Masters)
- redhat: rh_kabi: deduplication friendly structs (Jiri Benc)
- redhat: rh_kabi add a comment with warning about RH_KABI_EXCLUDE usage (Jiri Benc)
- redhat: rh_kabi: introduce RH_KABI_EXTEND_WITH_SIZE (Jiri Benc)
- redhat: rh_kabi: Indirect EXTEND macros so nesting of other macros will resolve. (Don Dutile)
- redhat: rh_kabi: Fix RH_KABI_SET_SIZE to use dereference operator (Tony Camuso)
- redhat: rh_kabi: Add macros to size and extend structs (Prarit Bhargava)
- Removing Obsolete hba pci-ids from rhel8 (Dick Kennedy)
- mptsas: pci-id table changes (Laura Abbott)
- mptsas: Taint kernel if mptsas is loaded (Laura Abbott)
- mptspi: pci-id table changes (Laura Abbott)
- qla2xxx: Remove PCI IDs of deprecated adapter (Jeremy Cline)
- be2iscsi: remove unsupported device IDs (Chris Leech)
- mptspi: Taint kernel if mptspi is loaded (Laura Abbott)
- hpsa: remove old cciss-based smartarray pci ids (Joseph Szczypek)
- qla4xxx: Remove deprecated PCI IDs from RHEL 8 (Chad Dupuis)
- aacraid: Remove depreciated device and vendor PCI id's (Raghava Aditya Renukunta)
- megaraid_sas: remove deprecated pci-ids (Tomas Henzl)
- mpt*: remove certain deprecated pci-ids (Jeremy Cline)
- kernel: add SUPPORT_REMOVED kernel taint (Tomas Henzl)
- Rename RH_DISABLE_DEPRECATED to RHEL_DIFFERENCES (Don Zickus)
- Add option of 13 for FORCE_MAX_ZONEORDER (Peter Robinson)
- s390: Lock down the kernel when the IPL secure flag is set (Jeremy Cline)
- efi: Lock down the kernel if booted in secure boot mode (David Howells)
- efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode (David Howells)
- security: lockdown: expose a hook to lock the kernel down (Jeremy Cline)
- Make get_cert_list() use efi_status_to_str() to print error messages. (Peter Jones)
- Add efi_status_to_str() and rework efi_status_to_err(). (Peter Jones)
- Add support for deprecating processors (Laura Abbott) [1565717 1595918 1609604 1610493]
- arm: aarch64: Drop the EXPERT setting from ARM64_FORCE_52BIT (Jeremy Cline)
- iommu/arm-smmu: workaround DMA mode issues (Laura Abbott)
- rh_kabi: introduce RH_KABI_EXCLUDE (Jakub Racek)
- ipmi: do not configure ipmi for HPE m400 (Laura Abbott) [1670017]
- IB/rxe: Mark Soft-RoCE Transport driver as tech-preview (Don Dutile) [1605216]
- scsi: smartpqi: add inspur advantech ids (Don Brace)
- ice: mark driver as tech-preview (Jonathan Toppins)
- kABI: Add generic kABI macros to use for kABI workarounds (Myron Stowe) [1546831]
- add pci_hw_vendor_status() (Maurizio Lombardi)
- ahci: thunderx2: Fix for errata that affects stop engine (Robert Richter)
- Vulcan: AHCI PCI bar fix for Broadcom Vulcan early silicon (Robert Richter)
- bpf: Add tech preview taint for syscall (Eugene Syromiatnikov) [1559877]
- bpf: set unprivileged_bpf_disabled to 1 by default, add a boot parameter (Eugene Syromiatnikov) [1561171]
- add Red Hat-specific taint flags (Eugene Syromiatnikov) [1559877]
- kdump: fix a grammar issue in a kernel message (Dave Young) [1507353]
- tags.sh: Ignore redhat/rpm (Jeremy Cline)
- put RHEL info into generated headers (Laura Abbott) [1663728]
- kdump: add support for crashkernel=auto (Jeremy Cline)
- kdump: round up the total memory size to 128M for crashkernel reservation (Dave Young) [1507353]
- acpi: prefer booting with ACPI over DTS (Mark Salter) [1576869]
- aarch64: acpi scan: Fix regression related to X-Gene UARTs (Mark Salter) [1519554]
- ACPI / irq: Workaround firmware issue on X-Gene based m400 (Mark Salter) [1519554]
- modules: add rhelversion MODULE_INFO tag (Laura Abbott)
- ACPI: APEI: arm64: Ignore broken HPE moonshot APEI support (Al Stone) [1518076]
- Add Red Hat tainting (Laura Abbott) [1565704]
- Introduce CONFIG_RH_DISABLE_DEPRECATED (Laura Abbott)
- Stop merging ark-patches for release (Don Zickus)
- Fix path location for ark-update-configs.sh (Don Zickus)
- Combine Red Hat patches into single patch (Don Zickus)
- Updated changelog for the release based on 7575fdda569b (Fedora Kernel Team)
- Updated changelog for the release based on 7575fdda569b (Fedora Kernel Team)
- New configs in drivers/misc (Jeremy Cline)
- New configs in drivers/net/wireless (Justin M. Forbes)
- New configs in drivers/phy (Fedora Kernel Team)
- New configs in drivers/tty (Fedora Kernel Team)
- Updated changelog for the release based on v5.9-rc8 (Fedora Kernel Team)
- Updated changelog for the release based on v5.9-rc8 (Fedora Kernel Team)
- Updated changelog for the release based on 22fbc037cd32 (Fedora Kernel Team)
- Updated changelog for the release based on d3d45f8220d6 (Fedora Kernel Team)
- Updated changelog for the release based on 472e5b056f00 (Fedora Kernel Team)
- Set SquashFS decompression options for all flavors to match RHEL (Bohdan Khomutskyi)
- Updated changelog for the release based on 60e720931556 (Fedora Kernel Team)
- configs: Enable CONFIG_ENERGY_MODEL (Phil Auld)
- New configs in drivers/pinctrl (Fedora Kernel Team)
- Update CONFIG_THERMAL_NETLINK (Justin Forbes)
- Updated changelog for the release based on 02de58b24d2e (Fedora Kernel Team)
- Updated changelog for the release based on fb0155a09b02 (Fedora Kernel Team)
- Updated changelog for the release based on v5.9-rc7 (Fedora Kernel Team)
- Separate merge-upstream and release stages (Don Zickus)
- Re-enable CONFIG_IR_SERIAL on Fedora (Prarit Bhargava)
- Updated changelog for the release based on v5.9-rc7 (Fedora Kernel Team)
- Updated changelog for the release based on a1bffa48745a (Fedora Kernel Team)
- Create Patchlist.changelog file (Don Zickus)
- Updated changelog for the release based on 7c7ec3226f5f (Fedora Kernel Team)
- Filter out upstream commits from changelog (Don Zickus)
- Merge Upstream script fixes (Don Zickus)
- Updated changelog for the release based on 171d4ff79f96 (Fedora Kernel Team)
- Updated changelog for the release based on c9c9e6a49f89 (Fedora Kernel Team)
- Updated changelog for the release based on 805c6d3c1921 (Fedora Kernel Team)
- Updated changelog for the release based on 98477740630f (Fedora Kernel Team)
- Updated changelog for the release based on v5.9-rc6 (Fedora Kernel Team)
- kernel.spec: Remove kernel-keys directory on rpm erase (Prarit Bhargava)
- Add mlx5_vdpa to module filter for Fedora (Justin M. Forbes)
- Add python3-sphinx_rtd_theme buildreq for docs (Justin M. Forbes)
- redhat/configs/process_configs.sh: Remove *.config.orig files (Prarit Bhargava)
- redhat/configs/process_configs.sh: Add process_configs_known_broken flag (Prarit Bhargava)
- redhat/Makefile: Fix '*-configs' targets (Prarit Bhargava)
- Updated changelog for the release based on fc4f28bb3daf (Fedora Kernel Team)
- Updated changelog for the release based on v5.9-rc5 (Fedora Kernel Team)
- Updated changelog for the release based on ef2e9a563b0c (Fedora Kernel Team)
- Updated changelog for the release based on 729e3d091984 (Fedora Kernel Team)
- dist-merge-upstream: Checkout known branch for ci scripts (Don Zickus)
- Updated changelog for the release based on 581cb3a26baf (Fedora Kernel Team)
- kernel.spec: don't override upstream compiler flags for ppc64le (Dan Horák)
- Fedora config updates (Justin M. Forbes)
- Updated changelog for the release based on v5.9-rc4 (Fedora Kernel Team)
- Updated changelog for the release based on dd9fb9bb3340 (Fedora Kernel Team)
- Updated changelog for the release based on c70672d8d316 (Fedora Kernel Team)
- Fedora confi gupdate (Justin M. Forbes)
- Updated changelog for the release based on 59126901f200 (Fedora Kernel Team)
- mod-sign.sh: Fix syntax flagged by shellcheck (Ben Crocker)
- Swap how ark-latest is built (Don Zickus)
- Add extra version bump to os-build branch (Don Zickus)
- dist-release: Avoid needless version bump. (Don Zickus)
- Add dist-fedora-release target (Don Zickus)
- Remove redundant code in dist-release (Don Zickus)
- Makefile.common rename TAG to _TAG (Don Zickus)
- Updated changelog for the release based on fc3abb53250a (Fedora Kernel Team)
- Fedora config change (Justin M. Forbes)
- Updated changelog for the release based on 9c7d619be5a0 (Fedora Kernel Team)
- Updated changelog for the release based on b51594df17d0 (Fedora Kernel Team)
- Fedora filter update (Justin M. Forbes)
- Config update for Fedora (Justin M. Forbes)
- Updated changelog for the release based on v5.9-rc3 (Fedora Kernel Team)
- Updated changelog for the release based on 1127b219ce94 (Fedora Kernel Team)
- Updated changelog for the release based on 4d41ead6ead9 (Fedora Kernel Team)
- Updated changelog for the release based on 15bc20c6af4c (Fedora Kernel Team)
- Updated changelog for the release based on 2ac69819ba9e (Fedora Kernel Team)
- Updated changelog for the release based on 6a9dc5fd6170 (Fedora Kernel Team)
- Updated changelog for the release based on v5.9-rc2 (Fedora Kernel Team)
- Updated changelog for the release based on c3d8f220d012 (Fedora Kernel Team)
- Updated changelog for the release based on f873db9acd3c (Fedora Kernel Team)
- Updated changelog for the release based on da2968ff879b (Fedora Kernel Team)
- enable PROTECTED_VIRTUALIZATION_GUEST for all s390x kernels (Dan Horák)
- Updated changelog for the release based on 18445bf405cb (Fedora Kernel Team)
- redhat: ark: enable CONFIG_NET_SCH_TAPRIO (Davide Caratti)
- redhat: ark: enable CONFIG_NET_SCH_ETF (Davide Caratti)
- More Fedora config updates (Justin M. Forbes)
- New config deps (Justin M. Forbes)
- Fedora config updates (Justin M. Forbes)
- Updated changelog for the release based on 06a4ec1d9dc6 (Fedora Kernel Team)
- First half of config updates for Fedora (Justin M. Forbes)
- Updates for Fedora arm architectures for the 5.9 window (Peter Robinson)
- Add config options that only show up when we prep on arm (Justin M. Forbes)
- Config updates for Fedora (Justin M. Forbes)
- fedora: enable enery model (Peter Robinson)
- Use the configs/generic config for SND_HDA_INTEL everywhere (Peter Robinson)
- Enable ZSTD compression algorithm on all kernels (Peter Robinson)
- Enable ARM_SMCCC_SOC_ID on all aarch64 kernels (Peter Robinson)
- iio: enable LTR-559 light and proximity sensor (Peter Robinson)
- iio: chemical: enable some popular chemical and partical sensors (Peter Robinson)
- More mismatches (Justin M. Forbes)
- Fedora config change due to deps (Justin M. Forbes)
- CONFIG_SND_SOC_MAX98390 is now selected by SND_SOC_INTEL_DA7219_MAX98357A_GENERIC (Justin M. Forbes)
- Config change required for build part 2 (Justin M. Forbes)
- Config change required for build (Justin M. Forbes)
- Revert "Merge branch 'make_configs_fix' into 'os-build'" (Justin Forbes)
- Fedora config update (Justin M. Forbes)
- Add ability to sync upstream through Makefile (Don Zickus)
- Add master merge check (Don Zickus)
- Replace hardcoded values 'os-build' and project id with variables (Don Zickus)
- redhat/Makefile.common: Fix MARKER (Prarit Bhargava)
- gitattributes: Remove unnecesary export restrictions (Prarit Bhargava)
- redhat/configs/process_configs.sh: Remove *.config.orig files (Prarit Bhargava)
- redhat/configs/process_configs.sh: Add process_configs_known_broken flag (Prarit Bhargava)
- redhat/Makefile: Fix '*-configs' targets (Prarit Bhargava)
- Updated changelog for the release based on v5.8 (Fedora Kernel Team)
- Updated changelog for the release based on ac3a0c847296 (Fedora Kernel Team)
- Updated changelog for the release based on 7dc6fd0f3b84 (Fedora Kernel Team)
- Updated changelog for the release based on 417385c47ef7 (Fedora Kernel Team)
- Add new certs for dual signing with boothole (Justin M. Forbes)
- Update secureboot signing for dual keys (Justin M. Forbes)
- Updated changelog for the release based on d3590ebf6f91 (Fedora Kernel Team)
- Updated changelog for the release based on 6ba1b005ffc3 (Fedora Kernel Team)
- fedora: enable LEDS_SGM3140 for arm configs (Peter Robinson)
- Updated changelog for the release based on v5.8-rc7 (Fedora Kernel Team)
- Updated changelog for the release based on 04300d66f0a0 (Fedora Kernel Team)
- Updated changelog for the release based on 23ee3e4e5bd2 (Fedora Kernel Team)
- Enable CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG (Justin M. Forbes)
- Updated changelog for the release based on f37e99aca03f (Fedora Kernel Team)
- redhat/configs: Fix common CONFIGs (Prarit Bhargava)
- redhat/configs: General CONFIG cleanups (Prarit Bhargava)
- redhat/configs: Update & generalize evaluate_configs (Prarit Bhargava)
- Updated changelog for the release based on d15be546031c (Fedora Kernel Team)
- fedora: arm: Update some meson config options (Peter Robinson)
- Updated changelog for the release based on 4fa640dc5230 (Fedora Kernel Team)
- redhat/docs: Add Fedora RPM tagging date (Prarit Bhargava)
- Updated changelog for the release based on 5714ee50bb43 (Fedora Kernel Team)
- Updated changelog for the release based on f932d58abc38 (Fedora Kernel Team)
- Updated changelog for the release based on 6a70f89cc58f (Fedora Kernel Team)
- Updated changelog for the release based on 07a56bb875af (Fedora Kernel Team)
- Updated changelog for the release based on e9919e11e219 (Fedora Kernel Team)
- Update config for renamed panel driver. (Peter Robinson)
- Enable SERIAL_SC16IS7XX for SPI interfaces (Peter Robinson)
- Updated changelog for the release based on dcde237b9b0e (Fedora Kernel Team)
- Updated changelog for the release based on v5.8-rc4 (Fedora Kernel Team)
- s390x-zfcpdump: Handle missing Module.symvers file (Don Zickus)
- Updated changelog for the release based on cd77006e01b3 (Fedora Kernel Team)
- Fedora config updates (Justin M. Forbes)
- Updated changelog for the release based on v5.8-rc3 (Fedora Kernel Team)
- Updated changelog for the release based on 8be3a53e18e0 (Fedora Kernel Team)
- redhat/configs: Add .tmp files to .gitignore (Prarit Bhargava)
- disable uncommon TCP congestion control algorithms (Davide Caratti)
- Updated changelog for the release based on dd0d718152e4 (Fedora Kernel Team)
- Add new bpf man pages (Justin M. Forbes)
- Add default option for CONFIG_ARM64_BTI_KERNEL to pending-common so that eln kernels build (Justin M. Forbes)
- redhat/Makefile: Add fedora-configs and rh-configs make targets (Prarit Bhargava)
- Updated changelog for the release based on 625d3449788f (Fedora Kernel Team)
- Updated changelog for the release based on 1b5044021070 (Fedora Kernel Team)
- redhat/configs: Use SHA512 for module signing (Prarit Bhargava)
- genspec.sh: 'touch' empty Patchlist file for single tarball (Don Zickus)
- Updated changelog for the release based on 69119673bd50 (Fedora Kernel Team)
- Updated changelog for the release based on a5dc8300df75 (Fedora Kernel Team)
- Fedora config update for rc1 (Justin M. Forbes)
- Updated changelog for the release based on v5.8-rc1 (Fedora Kernel Team)
- Fedora config updates (Justin M. Forbes)
- Updated changelog for the release based on df2fbf5bfa0e (Fedora Kernel Team)
- Fedora config updates (Justin M. Forbes)
- Updated changelog for the release based on b791d1bdf921 (Fedora Kernel Team)
- redhat/Makefile.common: fix RPMKSUBLEVEL condition (Ondrej Mosnacek)
- redhat/Makefile: silence KABI tar output (Ondrej Mosnacek)
- One more Fedora config update (Justin M. Forbes)
- Fedora config updates (Justin M. Forbes)
- Fix PATCHLEVEL for merge window (Justin M. Forbes)
- Change ark CONFIG_COMMON_CLK to yes, it is selected already by other options (Justin M. Forbes)
- Fedora config updates (Justin M. Forbes)
- Fedora config updates (Justin M. Forbes)
- Fedora config updates (Justin M. Forbes)
- More module filtering for Fedora (Justin M. Forbes)
- Update filters for rnbd in Fedora (Justin M. Forbes)
- Fedora config updates (Justin M. Forbes)
- Fix up module filtering for 5.8 (Justin M. Forbes)
- Fedora config updates (Justin M. Forbes)
- More Fedora config work (Justin M. Forbes)
- RTW88BE and CE have been extracted to their own modules (Justin M. Forbes)
- Set CONFIG_BLK_INLINE_ENCRYPTION_FALLBACK for Fedora (Justin M. Forbes)
- Fedora config updates (Justin M. Forbes)
- Arm64 Use Branch Target Identification for kernel (Justin M. Forbes)
- Change value of CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE (Justin M. Forbes)
- Fedora config updates (Justin M. Forbes)
- Fix configs for Fedora (Justin M. Forbes)
- Add zero-commit to format-patch options (Justin M. Forbes)
- Copy Makefile.rhelver as a source file rather than a patch (Jeremy Cline)
- Move the sed to clear the patch templating outside of conditionals (Justin M. Forbes)
- Match template format in kernel.spec.template (Justin M. Forbes)
- Break out the Patches into individual files for dist-git (Justin M. Forbes)
- Break the Red Hat patch into individual commits (Jeremy Cline)
- Fix update_scripts.sh unselective pattern sub (David Howells)
- Add cec to the filter overrides (Justin M. Forbes)
- Add overrides to filter-modules.sh (Justin M. Forbes)
- redhat/configs: Enable CONFIG_SMC91X and disable CONFIG_SMC911X (Prarit Bhargava) [1722136]
- Include bpftool-struct_ops man page in the bpftool package (Jeremy Cline)
- Add sharedbuffer_configuration.py to the pathfix.py script (Jeremy Cline)
- Use __make macro instead of make (Tom Stellard)
- Sign off generated configuration patches (Jeremy Cline)
- Drop the static path configuration for the Sphinx docs (Jeremy Cline)
- Updated changelog for the release based on b0c3ba31be3e (CKI@GitLab)
- Updated changelog for the release based on 444fc5cde643 (CKI@GitLab)
- redhat: Add dummy-module kernel module (Prarit Bhargava)
- redhat: enable CONFIG_LWTUNNEL_BPF (Jiri Benc)
- Remove typoed config file aarch64CONFIG_SM_GCC_8150 (Justin M. Forbes)
- Updated changelog for the release based on v5.7-rc7 (CKI@GitLab)
- Updated changelog for the release based on caffb99b6929 (CKI@GitLab)
- Updated changelog for the release based on 444565650a5f (CKI@GitLab)
- Add Documentation back to kernel-devel as it has Kconfig now (Justin M. Forbes)
- Copy distro files rather than moving them (Jeremy Cline)
- kernel.spec: fix 'make scripts' for kernel-devel package (Brian Masney)
- Makefile: correct help text for dist-cross-<arch>-rpms (Brian Masney)
- redhat/Makefile: Fix RHEL8 python warning (Prarit Bhargava)
- redhat: Change Makefile target names to dist- (Prarit Bhargava)
- configs: Disable Serial IR driver (Prarit Bhargava)
- Updated changelog for the release based on 642b151f45dd (CKI@GitLab)
- Updated changelog for the release based on v5.7-rc6 (CKI@GitLab)
- Updated changelog for the release based on 3d1c1e5931ce (CKI@GitLab)
- Updated changelog for the release based on 12bf0b632ed0 (CKI@GitLab)
- Updated changelog for the release based on 1ae7efb38854 (CKI@GitLab)
- Updated changelog for the release based on 24085f70a6e1 (CKI@GitLab)
- Updated changelog for the release based on 152036d1379f (CKI@GitLab)
- Fix "multiple %%files for package kernel-tools" (Pablo Greco)
- Updated changelog for the release based on v5.7-rc5 (CKI@GitLab)
- Updated changelog for the release based on e99332e7b4cd (CKI@GitLab)
- Updated changelog for the release based on d5eeab8d7e26 (CKI@GitLab)
- Introduce a Sphinx documentation project (Jeremy Cline)
- Updated changelog for the release based on 79dede78c057 (CKI@GitLab)
- Build ARK against ELN (Don Zickus)
- Updated changelog for the release based on a811c1fa0a02 (CKI@GitLab)
- Updated changelog for the release based on dc56c5acd850 (CKI@GitLab)
- Updated changelog for the release based on 47cf1b422e60 (CKI@GitLab)
- Updated changelog for the release based on v5.7-rc4 (CKI@GitLab)
- Updated changelog for the release based on f66ed1ebbfde (CKI@GitLab)
- Updated changelog for the release based on 690e2aba7beb (CKI@GitLab)
- Drop the requirement to have a remote called linus (Jeremy Cline)
- Rename 'internal' branch to 'os-build' (Don Zickus)
- Updated changelog for the release based on c45e8bccecaf (CKI@GitLab)
- Updated changelog for the release based on 1d2cc5ac6f66 (CKI@GitLab)
- Only include open merge requests with "Include in Releases" label (Jeremy Cline)
- Package gpio-watch in kernel-tools (Jeremy Cline)
- Exit non-zero if the tag already exists for a release (Jeremy Cline)
- Adjust the changelog update script to not push anything (Jeremy Cline)
- Drop --target noarch from the rh-rpms make target (Jeremy Cline)
- Updated changelog (CKI@GitLab)
- Updated changelog (CKI@GitLab)
- Add a script to generate release tags and branches (Jeremy Cline)
- Set CONFIG_VDPA for fedora (Justin M. Forbes)
- Add a README to the dist-git repository (Jeremy Cline)
- Provide defaults in ark-rebase-patches.sh (Jeremy Cline)
- Default ark-rebase-patches.sh to not report issues (Jeremy Cline)
- Updated changelog (CKI@GitLab)
- Updated changelog (CKI@GitLab)
- Drop DIST from release commits and tags (Jeremy Cline)
- Place the buildid before the dist in the release (Jeremy Cline)
- Sync up with Fedora arm configuration prior to merging (Jeremy Cline)
- Disable CONFIG_PROTECTED_VIRTUALIZATION_GUEST for zfcpdump (Jeremy Cline)
- Updated changelog (CKI@GitLab)
- Add RHMAINTAINERS file and supporting conf (Don Zickus)
- Add a script to test if all commits are signed off (Jeremy Cline)
- Fix make rh-configs-arch (Don Zickus)
- Drop RH_FEDORA in favor of the now-merged RHEL_DIFFERENCES (Jeremy Cline)
- Sync up Fedora configs from the first week of the merge window (Jeremy Cline)
- Migrate blacklisting floppy.ko to mod-blacklist.sh (Don Zickus)
- kernel packaging: Combine mod-blacklist.sh and mod-extra-blacklist.sh (Don Zickus)
- kernel packaging: Fix extra namespace collision (Don Zickus)
- mod-extra.sh: Rename to mod-blacklist.sh (Don Zickus)
- mod-extra.sh: Make file generic (Don Zickus)
- Fix a painfully obvious YAML syntax error in .gitlab-ci.yml (Jeremy Cline)
- Add in armv7hl kernel header support (Don Zickus)
- Disable all BuildKernel commands when only building headers (Don Zickus)
- Updated changelog (CKI@GitLab)
- Drop any gitlab-ci patches from ark-patches (Jeremy Cline)
- Build the srpm for internal branch CI using the vanilla tree (Jeremy Cline)
- Pull in the latest ARM configurations for Fedora (Jeremy Cline)
- Fix xz memory usage issue (Neil Horman)
- Use ark-latest instead of master for update script (Jeremy Cline)
- Move the CI jobs back into the ARK repository (Jeremy Cline)
- Revert "[redhat] Apply a second patch set in Fedora build roots" (Jeremy Cline)
- Sync up ARK's Fedora config with the dist-git repository (Jeremy Cline)
- Updated changelog (CKI@GitLab)
- Pull in the latest configuration changes from Fedora (Jeremy Cline)
- configs: enable CONFIG_NET_SCH_CBS (Marcelo Ricardo Leitner)
- Updated changelog (CKI@GitLab)
- Drop configuration options in fedora/ that no longer exist (Jeremy Cline)
- Set RH_FEDORA for ARK and Fedora (Jeremy Cline)
- redhat/kernel.spec: Include the release in the kernel COPYING file (Jeremy Cline)
- Updated changelog (CKI@GitLab)
- redhat/kernel.spec: add scripts/jobserver-exec to py3_shbang_opts list (Jeremy Cline)
- redhat/kernel.spec: package bpftool-gen man page (Jeremy Cline)
- Updated changelog (CKI@GitLab)
- distgit-changelog: handle multiple y-stream BZ numbers (Bruno Meneguele)
- redhat/kernel.spec: remove all inline comments (Bruno Meneguele)
- redhat/genspec: awk unknown whitespace regex pattern (Bruno Meneguele)
- Improve the readability of gen_config_patches.sh (Jeremy Cline)
- Fix some awkward edge cases in gen_config_patches.sh (Jeremy Cline)
- Updated changelog (Jeremy Cline)
- Update the CI environment to use Fedora 31 (Jeremy Cline)
- Revert "Turn off CONFIG_AX25" (Laura Abbott)
- Updated changelog (CKI@GitLab)
- Updated changelog (CKI@GitLab)
- redhat: drop whitespace from with_gcov macro (Jan Stancek)
- configs: Enable CONFIG_KEY_DH_OPERATIONS on ARK (Ondrej Mosnacek)
- Updated changelog (CKI@GitLab)
- Updated changelog (CKI@GitLab)
- Updated changelog (CKI@GitLab)
- configs: Adjust CONFIG_MPLS_ROUTING and CONFIG_MPLS_IPTUNNEL (Laura Abbott)
- New configs in lib/crypto (Jeremy Cline)
- New configs in drivers/char (Jeremy Cline)
- Updated changelog (CKI@GitLab)
- Turn on BLAKE2B for Fedora (Jeremy Cline)
- kernel.spec.template: Clean up stray *.h.s files (Laura Abbott)
- Build the SRPM in the CI job (Jeremy Cline)
- New configs in net/tls (Jeremy Cline)
- New configs in net/tipc (Jeremy Cline)
- New configs in lib/kunit (Jeremy Cline)
- Fix up released_kernel case (Laura Abbott)
- New configs in lib/Kconfig.debug (Jeremy Cline)
- New configs in drivers/ptp (Jeremy Cline)
- New configs in drivers/nvme (Jeremy Cline)
- New configs in drivers/net/phy (Jeremy Cline)
- New configs in arch/arm64 (Jeremy Cline)
- New configs in drivers/crypto (Jeremy Cline)
- New configs in crypto/Kconfig (Jeremy Cline)
- Updated changelog (CKI@GitLab)
- Add label so the Gitlab to email bridge ignores the changelog (Jeremy Cline)
- Temporarily switch TUNE_DEFAULT to y (Jeremy Cline)
- Run config test for merge requests and internal (Jeremy Cline)
- Turn off CONFIG_AX25 (Laura Abbott)
- Add missing licensedir line (Laura Abbott)
- Updated changelog (CKI@GitLab)
- redhat/scripts: Remove redhat/scripts/rh_get_maintainer.pl (Prarit Bhargava)
- configs: Take CONFIG_DEFAULT_MMAP_MIN_ADDR from Fedra (Laura Abbott)
- configs: Turn off ISDN (Laura Abbott)
- Add a script to generate configuration patches (Laura Abbott)
- Introduce rh-configs-commit (Laura Abbott)
- kernel-packaging: Remove kernel files from kernel-modules-extra package (Prarit Bhargava)
- Updated changelog (CKI@GitLab)
- configs: Enable CONFIG_DEBUG_WX (Laura Abbott)
- configs: Disable wireless USB (Laura Abbott)
- Clean up some temporary config files (Laura Abbott)
- configs: New config in drivers/gpu for v5.4-rc1 (Jeremy Cline)
- configs: New config in arch/powerpc for v5.4-rc1 (Jeremy Cline)
- configs: New config in crypto for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/usb for v5.4-rc1 (Jeremy Cline)
- AUTOMATIC: New configs (Jeremy Cline)
- Skip ksamples for bpf, they are broken (Jeremy Cline)
- Updated changelog (CKI@GitLab)
- configs: New config in fs/erofs for v5.4-rc1 (Jeremy Cline)
- configs: New config in mm for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/md for v5.4-rc1 (Jeremy Cline)
- configs: New config in init for v5.4-rc1 (Jeremy Cline)
- Updated changelog (CKI@GitLab)
- configs: New config in fs/fuse for v5.4-rc1 (Jeremy Cline)
- merge.pl: Avoid comments but do not skip them (Don Zickus)
- configs: New config in drivers/net/ethernet/pensando for v5.4-rc1 (Jeremy Cline)
- Update a comment about what released kernel means (Laura Abbott)
- Provide both Fedora and RHEL files in the SRPM (Laura Abbott)
- kernel.spec.template: Trim EXTRAVERSION in the Makefile (Laura Abbott)
- kernel.spec.template: Add macros for building with nopatches (Laura Abbott)
- kernel.spec.template: Add some macros for Fedora differences (Laura Abbott)
- kernel.spec.template: Consolodate the options (Laura Abbott)
- configs: Add pending direcory to Fedora (Laura Abbott)
- kernel.spec.template: Don't run hardlink if rpm-ostree is in use (Laura Abbott)
- configs: New config in net/can for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/net/phy for v5.4-rc1 (Jeremy Cline)
- Updated changelog (CKI@GitLab)
- configs: Increase x86_64 NR_UARTS to 64 (Prarit Bhargava) [1730649]
- configs: turn on ARM64_FORCE_52BIT for debug builds (Jeremy Cline)
- kernel.spec.template: Tweak the python3 mangling (Laura Abbott)
- kernel.spec.template: Add --with verbose option (Laura Abbott)
- kernel.spec.template: Switch to using %%install instead of %%__install (Laura Abbott)
- kernel.spec.template: Make the kernel.org URL https (Laura Abbott)
- kernel.spec.template: Update message about secure boot signing (Laura Abbott)
- kernel.spec.template: Move some with flags definitions up (Laura Abbott)
- kernel.spec.template: Update some BuildRequires (Laura Abbott)
- kernel.spec.template: Get rid of %%clean (Laura Abbott)
- configs: New config in drivers/char for v5.4-rc1 (Jeremy Cline)
- configs: New config in net/sched for v5.4-rc1 (Jeremy Cline)
- configs: New config in lib for v5.4-rc1 (Jeremy Cline)
- configs: New config in fs/verity for v5.4-rc1 (Jeremy Cline)
- configs: New config in arch/aarch64 for v5.4-rc4 (Jeremy Cline)
- configs: New config in arch/arm64 for v5.4-rc1 (Jeremy Cline)
- Flip off CONFIG_ARM64_VA_BITS_52 so the bundle that turns it on applies (Jeremy Cline)
- Update changelog (Laura Abbott)
- New configuration options for v5.4-rc4 (Jeremy Cline)
- Correctly name tarball for single tarball builds (Laura Abbott)
- configs: New config in drivers/pci for v5.4-rc1 (Jeremy Cline)
- Allow overriding the dist tag on the command line (Laura Abbott)
- Allow scratch branch target to be overridden (Laura Abbott)
- Remove long dead BUILD_DEFAULT_TARGET (Laura Abbott)
- Amend the changelog when rebasing (Laura Abbott)
- configs: New config in drivers/platform for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/pinctrl for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/net/wireless for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/net/ethernet/mellanox for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/net/can for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/hid for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/dma-buf for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/crypto for v5.4-rc1 (Jeremy Cline)
- configs: New config in arch/s390 for v5.4-rc1 (Jeremy Cline)
- configs: New config in block for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/cpuidle for v5.4-rc1 (Jeremy Cline)
- redhat: configs: Split CONFIG_CRYPTO_SHA512 (Laura Abbott)
- redhat: Set Fedora options (Laura Abbott)
- Set CRYPTO_SHA3_*_S390 to builtin on zfcpdump (Jeremy Cline)
- configs: New config in drivers/edac for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/firmware for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/hwmon for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/iio for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/mmc for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/tty for v5.4-rc1 (Jeremy Cline)
- configs: New config in arch/s390 for v5.4-rc1 (Jeremy Cline)
- configs: New config in drivers/bus for v5.4-rc1 (Jeremy Cline)
- Add option to allow mismatched configs on the command line (Laura Abbott)
- configs: New config in drivers/crypto for v5.4-rc1 (Jeremy Cline)
- configs: New config in sound/pci for v5.4-rc1 (Jeremy Cline)
- configs: New config in sound/soc for v5.4-rc1 (Jeremy Cline)
- gitlab: Add CI job for packaging scripts (Major Hayden)
- Speed up CI with CKI image (Major Hayden)
- Disable e1000 driver in ARK (Neil Horman)
- configs: Fix the pending default for CONFIG_ARM64_VA_BITS_52 (Jeremy Cline)
- configs: Turn on OPTIMIZE_INLINING for everything (Jeremy Cline)
- configs: Set valid pending defaults for CRYPTO_ESSIV (Jeremy Cline)
- Add an initial CI configuration for the internal branch (Jeremy Cline)
- New drop of configuration options for v5.4-rc1 (Jeremy Cline)
- New drop of configuration options for v5.4-rc1 (Jeremy Cline)
- Pull the RHEL version defines out of the Makefile (Jeremy Cline)
- Sync up the ARK build scripts (Jeremy Cline)
- Sync up the Fedora Rawhide configs (Jeremy Cline)
- Sync up the ARK config files (Jeremy Cline)
- configs: Adjust CONFIG_FORCE_MAX_ZONEORDER for Fedora (Laura Abbott)
- configs: Add README for some other arches (Laura Abbott)
- configs: Sync up Fedora configs (Laura Abbott)
- [initial commit] Add structure for building with git (Laura Abbott)
- [initial commit] Add Red Hat variables in the top level makefile (Laura Abbott)
- [initial commit] Red Hat gitignore and attributes (Laura Abbott)
- [initial commit] Add changelog (Laura Abbott)
- [initial commit] Add makefile (Laura Abbott)
- [initial commit] Add files for generating the kernel.spec (Laura Abbott)
- [initial commit] Add rpm directory (Laura Abbott)
- [initial commit] Add files for packaging (Laura Abbott)
- [initial commit] Add kabi files (Laura Abbott)
- [initial commit] Add scripts (Laura Abbott)
- [initial commit] Add configs (Laura Abbott)
- [initial commit] Add Makefiles (Laura Abbott)
Resolves: rhbz#1507353, rhbz#1518076, rhbz#1519554, rhbz#1546831, rhbz#1559877, rhbz#1561171, rhbz#1565704, rhbz#1565717, rhbz#1576869, rhbz#1595918, rhbz#1605216, rhbz#1609604, rhbz#1610493, rhbz#1613522, rhbz#1663728, rhbz#1670017, rhbz#1722136, rhbz#1730649, rhbz#1810301, rhbz#1821565, rhbz#1855161, rhbz#1856174, rhbz#1856176, rhbz#1915073, rhbz#1924101, rhbz#1939095
Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
Diffstat (limited to 'patch-5.13.0-redhat.patch')
-rw-r--r-- | patch-5.13.0-redhat.patch | 2586 |
1 files changed, 2586 insertions, 0 deletions
diff --git a/patch-5.13.0-redhat.patch b/patch-5.13.0-redhat.patch new file mode 100644 index 000000000..0258697fc --- /dev/null +++ b/patch-5.13.0-redhat.patch @@ -0,0 +1,2586 @@ + Documentation/admin-guide/kdump/kdump.rst | 11 + + Documentation/admin-guide/kernel-parameters.txt | 8 + + Kconfig | 2 + + Kconfig.redhat | 17 ++ + Makefile | 13 +- + arch/arm/Kconfig | 4 +- + arch/arm64/Kconfig | 3 +- + arch/arm64/kernel/acpi.c | 4 + + arch/s390/include/asm/ipl.h | 1 + + arch/s390/kernel/ipl.c | 5 + + arch/s390/kernel/setup.c | 4 + + arch/x86/kernel/cpu/common.c | 1 + + arch/x86/kernel/setup.c | 69 ++++- + drivers/acpi/apei/hest.c | 8 + + drivers/acpi/irq.c | 17 +- + drivers/acpi/scan.c | 9 + + drivers/ata/libahci.c | 18 ++ + drivers/char/ipmi/ipmi_dmi.c | 15 ++ + drivers/char/ipmi/ipmi_msghandler.c | 16 +- + drivers/firmware/efi/Makefile | 1 + + drivers/firmware/efi/efi.c | 124 ++++++--- + drivers/firmware/efi/secureboot.c | 38 +++ + drivers/hid/hid-rmi.c | 64 ----- + drivers/hwtracing/coresight/coresight-etm4x-core.c | 19 ++ + drivers/infiniband/sw/rxe/rxe.c | 2 + + drivers/input/rmi4/rmi_driver.c | 124 +++++---- + drivers/iommu/iommu.c | 22 ++ + drivers/message/fusion/mptsas.c | 10 + + drivers/message/fusion/mptspi.c | 11 + + drivers/net/ethernet/intel/ice/ice_main.c | 1 + + drivers/net/wireguard/main.c | 1 + + drivers/pci/pci-driver.c | 29 ++ + drivers/pci/quirks.c | 24 ++ + drivers/scsi/aacraid/linit.c | 2 + + drivers/scsi/be2iscsi/be_main.c | 2 + + drivers/scsi/hpsa.c | 4 + + drivers/scsi/lpfc/lpfc_ids.h | 14 + + drivers/scsi/megaraid/megaraid_sas_base.c | 2 + + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 4 + + drivers/scsi/qla2xxx/qla_os.c | 6 + + drivers/scsi/qla4xxx/ql4_os.c | 2 + + drivers/scsi/smartpqi/smartpqi_init.c | 16 ++ + drivers/usb/core/hub.c | 7 + + include/linux/efi.h | 22 +- + include/linux/kernel.h | 34 ++- + include/linux/lsm_hook_defs.h | 2 + + include/linux/lsm_hooks.h | 6 + + include/linux/module.h | 1 + + include/linux/pci.h | 4 + + include/linux/rh_kabi.h | 297 +++++++++++++++++++++ + include/linux/rmi.h | 1 + + include/linux/security.h | 5 + + kernel/Makefile | 1 + + kernel/bpf/syscall.c | 27 +- + kernel/crash_core.c | 28 +- + kernel/module.c | 2 + + kernel/module_signing.c | 9 +- + kernel/panic.c | 14 + + kernel/rh_taint.c | 93 +++++++ + scripts/mod/modpost.c | 8 + + scripts/tags.sh | 2 + + security/integrity/platform_certs/load_uefi.c | 6 +- + security/lockdown/Kconfig | 13 + + security/lockdown/lockdown.c | 1 + + security/security.c | 6 + + 65 files changed, 1157 insertions(+), 179 deletions(-) + +diff --git a/Documentation/admin-guide/kdump/kdump.rst b/Documentation/admin-guide/kdump/kdump.rst +index 75a9dd98e76e..3ff3291551f9 100644 +--- a/Documentation/admin-guide/kdump/kdump.rst ++++ b/Documentation/admin-guide/kdump/kdump.rst +@@ -285,6 +285,17 @@ This would mean: + 2) if the RAM size is between 512M and 2G (exclusive), then reserve 64M + 3) if the RAM size is larger than 2G, then reserve 128M + ++Or you can use crashkernel=auto if you have enough memory. The threshold ++is 2G on x86_64, arm64, ppc64 and ppc64le. The threshold is 4G for s390x. ++If your system memory is less than the threshold crashkernel=auto will not ++reserve memory. ++ ++The automatically reserved memory size varies based on architecture. ++The size changes according to system memory size like below: ++ x86_64: 1G-64G:160M,64G-1T:256M,1T-:512M ++ s390x: 4G-64G:160M,64G-1T:256M,1T-:512M ++ arm64: 2G-:512M ++ ppc64: 2G-4G:384M,4G-16G:512M,16G-64G:1G,64G-128G:2G,128G-:4G + + + Boot into System Kernel +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 70a30f65bfca..c5e4fd092c4c 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -5613,6 +5613,14 @@ + unknown_nmi_panic + [X86] Cause panic on unknown NMI. + ++ unprivileged_bpf_disabled= ++ Format: { "0" | "1" } ++ Sets the initial value of ++ kernel.unprivileged_bpf_disabled sysctl knob. ++ 0 - unprivileged bpf() syscall access is enabled. ++ 1 - unprivileged bpf() syscall access is disabled. ++ Default value is 1. ++ + usbcore.authorized_default= + [USB] Default USB device authorization: + (default -1 = authorized except for wireless USB, +diff --git a/Kconfig b/Kconfig +index 745bc773f567..f57ff40109d7 100644 +--- a/Kconfig ++++ b/Kconfig +@@ -30,3 +30,5 @@ source "lib/Kconfig" + source "lib/Kconfig.debug" + + source "Documentation/Kconfig" ++ ++source "Kconfig.redhat" +diff --git a/Kconfig.redhat b/Kconfig.redhat +new file mode 100644 +index 000000000000..effb81d04bfd +--- /dev/null ++++ b/Kconfig.redhat +@@ -0,0 +1,17 @@ ++# SPDX-License-Identifier: GPL-2.0-only ++# ++# Red Hat specific options ++# ++ ++menu "Red Hat options" ++ ++config RHEL_DIFFERENCES ++ bool "Remove support for deprecated features" ++ help ++ Red Hat may choose to deprecate certain features in its kernels. ++ Enable this option to remove support for hardware that is no ++ longer supported. ++ ++ Unless you want a restricted kernel, say N here. ++ ++endmenu +diff --git a/Makefile b/Makefile +index f03888cdba4e..714d25b05551 100644 +--- a/Makefile ++++ b/Makefile +@@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ + PHONY := __all + __all: + ++# Set RHEL variables ++# Use this spot to avoid future merge conflicts ++include Makefile.rhelver ++ + # We are using a recursive build, so we need to do a little thinking + # to get the ordering right. + # +@@ -495,6 +499,7 @@ KBUILD_AFLAGS := -D__ASSEMBLY__ -fno-PIE + KBUILD_CFLAGS := -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs \ + -fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE \ + -Werror=implicit-function-declaration -Werror=implicit-int \ ++ -Wno-address-of-packed-member \ + -Werror=return-type -Wno-format-security \ + -std=gnu89 + KBUILD_CPPFLAGS := -D__KERNEL__ +@@ -1316,7 +1321,13 @@ define filechk_version.h + ((c) > 255 ? 255 : (c)))'; \ + echo \#define LINUX_VERSION_MAJOR $(VERSION); \ + echo \#define LINUX_VERSION_PATCHLEVEL $(PATCHLEVEL); \ +- echo \#define LINUX_VERSION_SUBLEVEL $(SUBLEVEL) ++ echo \#define LINUX_VERSION_SUBLEVEL $(SUBLEVEL); \ ++ echo '#define RHEL_MAJOR $(RHEL_MAJOR)'; \ ++ echo '#define RHEL_MINOR $(RHEL_MINOR)'; \ ++ echo '#define RHEL_RELEASE_VERSION(a,b) (((a) << 8) + (b))'; \ ++ echo '#define RHEL_RELEASE_CODE \ ++ $(shell expr $(RHEL_MAJOR) \* 256 + $(RHEL_MINOR))'; \ ++ echo '#define RHEL_RELEASE "$(RHEL_RELEASE)"' + endef + + $(version_h): PATCHLEVEL := $(if $(PATCHLEVEL), $(PATCHLEVEL), 0) +diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig +index e6e08d8a45fc..93e524d41fdb 100644 +--- a/arch/arm/Kconfig ++++ b/arch/arm/Kconfig +@@ -1481,9 +1481,9 @@ config HIGHMEM + If unsure, say n. + + config HIGHPTE +- bool "Allocate 2nd-level pagetables from highmem" if EXPERT ++ bool "Allocate 2nd-level pagetables from highmem" + depends on HIGHMEM +- default y ++ default n + help + The VM uses one page of physical memory for each page table. + For systems with a lot of processes, this can use a lot of +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index ef5c7ffa7f55..097eaa854c13 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -913,7 +913,7 @@ endchoice + + config ARM64_FORCE_52BIT + bool "Force 52-bit virtual addresses for userspace" +- depends on ARM64_VA_BITS_52 && EXPERT ++ depends on ARM64_VA_BITS_52 + help + For systems with 52-bit userspace VAs enabled, the kernel will attempt + to maintain compatibility with older software by providing 48-bit VAs +@@ -1173,6 +1173,7 @@ config XEN + config FORCE_MAX_ZONEORDER + int + default "14" if ARM64_64K_PAGES ++ default "13" if (ARCH_THUNDER && !ARM64_64K_PAGES && !RHEL_DIFFERENCES) + default "12" if ARM64_16K_PAGES + default "11" + help +diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c +index cada0b816c8a..77b30bf451aa 100644 +--- a/arch/arm64/kernel/acpi.c ++++ b/arch/arm64/kernel/acpi.c +@@ -40,7 +40,11 @@ int acpi_pci_disabled = 1; /* skip ACPI PCI scan and IRQ initialization */ + EXPORT_SYMBOL(acpi_pci_disabled); + + static bool param_acpi_off __initdata; ++#ifdef CONFIG_RHEL_DIFFERENCES ++static bool param_acpi_on __initdata = true; ++#else + static bool param_acpi_on __initdata; ++#endif + static bool param_acpi_force __initdata; + + static int __init parse_acpi(char *arg) +diff --git a/arch/s390/include/asm/ipl.h b/arch/s390/include/asm/ipl.h +index a9e2c7295b35..6ff11f3a2d47 100644 +--- a/arch/s390/include/asm/ipl.h ++++ b/arch/s390/include/asm/ipl.h +@@ -127,6 +127,7 @@ int ipl_report_add_component(struct ipl_report *report, struct kexec_buf *kbuf, + unsigned char flags, unsigned short cert); + int ipl_report_add_certificate(struct ipl_report *report, void *key, + unsigned long addr, unsigned long len); ++bool ipl_get_secureboot(void); + + /* + * DIAG 308 support +diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c +index dba04fbc37a2..f809ab6441fd 100644 +--- a/arch/s390/kernel/ipl.c ++++ b/arch/s390/kernel/ipl.c +@@ -2215,3 +2215,8 @@ int ipl_report_free(struct ipl_report *report) + } + + #endif ++ ++bool ipl_get_secureboot(void) ++{ ++ return !!ipl_secure_flag; ++} +diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c +index 72134f9f6ff5..95970f299ef5 100644 +--- a/arch/s390/kernel/setup.c ++++ b/arch/s390/kernel/setup.c +@@ -49,6 +49,7 @@ + #include <linux/memory.h> + #include <linux/compat.h> + #include <linux/start_kernel.h> ++#include <linux/security.h> + #include <linux/hugetlb.h> + + #include <asm/boot_data.h> +@@ -1113,6 +1114,9 @@ void __init setup_arch(char **cmdline_p) + + log_component_list(); + ++ if (ipl_get_secureboot()) ++ security_lock_kernel_down("Secure IPL mode", LOCKDOWN_INTEGRITY_MAX); ++ + /* Have one command line that is parsed and saved in /proc/cmdline */ + /* boot_command_line has been already set up in early.c */ + *cmdline_p = boot_command_line; +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 6bdb69a9a7dc..1001dd85a984 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1308,6 +1308,7 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) + cpu_detect(c); + get_cpu_vendor(c); + get_cpu_cap(c); ++ get_model_name(c); /* RHEL: get model name for unsupported check */ + get_cpu_address_sizes(c); + setup_force_cpu_cap(X86_FEATURE_CPUID); + cpu_parse_early_param(); +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index 72920af0b3c0..d1f74c05cf24 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -18,6 +18,7 @@ + #include <linux/root_dev.h> + #include <linux/hugetlb.h> + #include <linux/tboot.h> ++#include <linux/security.h> + #include <linux/usb/xhci-dbgp.h> + #include <linux/static_call.h> + #include <linux/swiotlb.h> +@@ -47,6 +48,7 @@ + #include <asm/unwind.h> + #include <asm/vsyscall.h> + #include <linux/vmalloc.h> ++#include <asm/intel-family.h> + + /* + * max_low_pfn_mapped: highest directly mapped pfn < 4 GB +@@ -753,6 +755,50 @@ static void __init early_reserve_memory(void) + reserve_bios_regions(); + } + ++#ifdef CONFIG_RHEL_DIFFERENCES ++ ++static void rh_check_supported(void) ++{ ++ bool guest; ++ ++ guest = (x86_hyper_type != X86_HYPER_NATIVE || boot_cpu_has(X86_FEATURE_HYPERVISOR)); ++ ++ /* RHEL supports single cpu on guests only */ ++ if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && ++ !guest && is_kdump_kernel()) { ++ pr_crit("Detected single cpu native boot.\n"); ++ pr_crit("Important: In this kernel, single threaded, single CPU 64-bit physical systems are unsupported."); ++ } ++ ++ /* ++ * If the RHEL kernel does not support this hardware, the kernel will ++ * attempt to boot, but no support is provided for this hardware ++ */ ++ switch (boot_cpu_data.x86_vendor) { ++ case X86_VENDOR_AMD: ++ case X86_VENDOR_INTEL: ++ break; ++ default: ++ pr_crit("Detected processor %s %s\n", ++ boot_cpu_data.x86_vendor_id, ++ boot_cpu_data.x86_model_id); ++ mark_hardware_unsupported("Processor"); ++ break; ++ } ++ ++ /* ++ * Due to the complexity of x86 lapic & ioapic enumeration, and PCI IRQ ++ * routing, ACPI is required for x86. acpi=off is a valid debug kernel ++ * parameter, so just print out a loud warning in case something ++ * goes wrong (which is most of the time). ++ */ ++ if (acpi_disabled && !guest) ++ pr_crit("ACPI has been disabled or is not available on this hardware. This may result in a single cpu boot, incorrect PCI IRQ routing, or boot failure.\n"); ++} ++#else ++#define rh_check_supported() ++#endif ++ + /* + * Dump out kernel offset information on panic. + */ +@@ -960,6 +1006,13 @@ void __init setup_arch(char **cmdline_p) + if (efi_enabled(EFI_BOOT)) + efi_init(); + ++ efi_set_secure_boot(boot_params.secure_boot); ++ ++#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT ++ if (efi_enabled(EFI_SECURE_BOOT)) ++ security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_INTEGRITY_MAX); ++#endif ++ + dmi_setup(); + + /* +@@ -1118,19 +1171,7 @@ void __init setup_arch(char **cmdline_p) + /* Allocate bigger log buffer */ + setup_log_buf(1); + +- if (efi_enabled(EFI_BOOT)) { +- switch (boot_params.secure_boot) { +- case efi_secureboot_mode_disabled: +- pr_info("Secure boot disabled\n"); +- break; +- case efi_secureboot_mode_enabled: +- pr_info("Secure boot enabled\n"); +- break; +- default: +- pr_info("Secure boot could not be determined\n"); +- break; +- } +- } ++ efi_set_secure_boot(boot_params.secure_boot); + + reserve_initrd(); + +@@ -1235,6 +1276,8 @@ void __init setup_arch(char **cmdline_p) + efi_apply_memmap_quirks(); + #endif + ++ rh_check_supported(); ++ + unwind_init(); + } + +diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c +index 277f00b288d1..adbce15c273d 100644 +--- a/drivers/acpi/apei/hest.c ++++ b/drivers/acpi/apei/hest.c +@@ -94,6 +94,14 @@ int apei_hest_parse(apei_hest_func_t func, void *data) + if (hest_disable || !hest_tab) + return -EINVAL; + ++#ifdef CONFIG_ARM64 ++ /* Ignore broken firmware */ ++ if (!strncmp(hest_tab->header.oem_id, "HPE ", 6) && ++ !strncmp(hest_tab->header.oem_table_id, "ProLiant", 8) && ++ MIDR_IMPLEMENTOR(read_cpuid_id()) == ARM_CPU_IMP_APM) ++ return -EINVAL; ++#endif ++ + hest_hdr = (struct acpi_hest_header *)(hest_tab + 1); + for (i = 0; i < hest_tab->error_source_count; i++) { + len = hest_esrc_len(hest_hdr); +diff --git a/drivers/acpi/irq.c b/drivers/acpi/irq.c +index e209081d644b..7484bcf59a1b 100644 +--- a/drivers/acpi/irq.c ++++ b/drivers/acpi/irq.c +@@ -126,6 +126,7 @@ struct acpi_irq_parse_one_ctx { + unsigned int index; + unsigned long *res_flags; + struct irq_fwspec *fwspec; ++ bool skip_producer_check; + }; + + /** +@@ -197,7 +198,8 @@ static acpi_status acpi_irq_parse_one_cb(struct acpi_resource *ares, + return AE_CTRL_TERMINATE; + case ACPI_RESOURCE_TYPE_EXTENDED_IRQ: + eirq = &ares->data.extended_irq; +- if (eirq->producer_consumer == ACPI_PRODUCER) ++ if (!ctx->skip_producer_check && ++ eirq->producer_consumer == ACPI_PRODUCER) + return AE_OK; + if (ctx->index >= eirq->interrupt_count) { + ctx->index -= eirq->interrupt_count; +@@ -232,8 +234,19 @@ static acpi_status acpi_irq_parse_one_cb(struct acpi_resource *ares, + static int acpi_irq_parse_one(acpi_handle handle, unsigned int index, + struct irq_fwspec *fwspec, unsigned long *flags) + { +- struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec }; ++ struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec, false }; + ++ /* ++ * Firmware on arm64-based HPE m400 platform incorrectly marks ++ * its UART interrupt as ACPI_PRODUCER rather than ACPI_CONSUMER. ++ * Don't do the producer/consumer check for that device. ++ */ ++ if (IS_ENABLED(CONFIG_ARM64)) { ++ struct acpi_device *adev = acpi_bus_get_acpi_device(handle); ++ ++ if (adev && !strcmp(acpi_device_hid(adev), "APMC0D08")) ++ ctx.skip_producer_check = true; ++ } + acpi_walk_resources(handle, METHOD_NAME__CRS, acpi_irq_parse_one_cb, &ctx); + return ctx.rc; + } +diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c +index bc973fbd70b2..15b3b8a03785 100644 +--- a/drivers/acpi/scan.c ++++ b/drivers/acpi/scan.c +@@ -1640,6 +1640,15 @@ static bool acpi_device_enumeration_by_parent(struct acpi_device *device) + if (!acpi_match_device_ids(device, i2c_multi_instantiate_ids)) + return false; + ++ /* ++ * Firmware on some arm64 X-Gene platforms will make the UART ++ * device appear as both a UART and a slave of that UART. Just ++ * bail out here for X-Gene UARTs. ++ */ ++ if (IS_ENABLED(CONFIG_ARM64) && ++ !strcmp(acpi_device_hid(device), "APMC0D08")) ++ return false; ++ + INIT_LIST_HEAD(&resource_list); + acpi_dev_get_resources(device, &resource_list, + acpi_check_serial_bus_slave, +diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c +index ea5bf5f4cbed..71c55cae27ac 100644 +--- a/drivers/ata/libahci.c ++++ b/drivers/ata/libahci.c +@@ -666,6 +666,24 @@ int ahci_stop_engine(struct ata_port *ap) + tmp &= ~PORT_CMD_START; + writel(tmp, port_mmio + PORT_CMD); + ++#ifdef CONFIG_ARM64 ++ /* Rev Ax of Cavium CN99XX needs a hack for port stop */ ++ if (dev_is_pci(ap->host->dev) && ++ to_pci_dev(ap->host->dev)->vendor == 0x14e4 && ++ to_pci_dev(ap->host->dev)->device == 0x9027 && ++ midr_is_cpu_model_range(read_cpuid_id(), ++ MIDR_CPU_MODEL(ARM_CPU_IMP_BRCM, BRCM_CPU_PART_VULCAN), ++ MIDR_CPU_VAR_REV(0, 0), ++ MIDR_CPU_VAR_REV(0, MIDR_REVISION_MASK))) { ++ tmp = readl(hpriv->mmio + 0x8000); ++ udelay(100); ++ writel(tmp | (1 << 26), hpriv->mmio + 0x8000); ++ udelay(100); ++ writel(tmp & ~(1 << 26), hpriv->mmio + 0x8000); ++ dev_warn(ap->host->dev, "CN99XX SATA reset workaround applied\n"); ++ } ++#endif ++ + /* wait for engine to stop. This could be as long as 500 msec */ + tmp = ata_wait_register(ap, port_mmio + PORT_CMD, + PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500); +diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c +index bbf7029e224b..cf7faa970dd6 100644 +--- a/drivers/char/ipmi/ipmi_dmi.c ++++ b/drivers/char/ipmi/ipmi_dmi.c +@@ -215,6 +215,21 @@ static int __init scan_for_dmi_ipmi(void) + { + const struct dmi_device *dev = NULL; + ++#ifdef CONFIG_ARM64 ++ /* RHEL-only ++ * If this is ARM-based HPE m400, return now, because that platform ++ * reports the host-side ipmi address as intel port-io space, which ++ * does not exist in the ARM architecture. ++ */ ++ const char *dmistr = dmi_get_system_info(DMI_PRODUCT_NAME); ++ ++ if (dmistr && (strcmp("ProLiant m400 Server", dmistr) == 0)) { ++ pr_debug("%s does not support host ipmi\n", dmistr); ++ return 0; ++ } ++ /* END RHEL-only */ ++#endif ++ + while ((dev = dmi_find_device(DMI_DEV_TYPE_IPMI, NULL, dev))) + dmi_decode_ipmi((const struct dmi_header *) dev->device_data); + +diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c +index c44ad18464f1..3ec1db4cbbc3 100644 +--- a/drivers/char/ipmi/ipmi_msghandler.c ++++ b/drivers/char/ipmi/ipmi_msghandler.c +@@ -34,6 +34,7 @@ + #include <linux/uuid.h> + #include <linux/nospec.h> + #include <linux/vmalloc.h> ++#include <linux/dmi.h> + #include <linux/delay.h> + + #define IPMI_DRIVER_VERSION "39.2" +@@ -5174,8 +5175,21 @@ static int __init ipmi_init_msghandler_mod(void) + { + int rv; + +- pr_info("version " IPMI_DRIVER_VERSION "\n"); ++#ifdef CONFIG_ARM64 ++ /* RHEL-only ++ * If this is ARM-based HPE m400, return now, because that platform ++ * reports the host-side ipmi address as intel port-io space, which ++ * does not exist in the ARM architecture. ++ */ ++ const char *dmistr = dmi_get_system_info(DMI_PRODUCT_NAME); + ++ if (dmistr && (strcmp("ProLiant m400 Server", dmistr) == 0)) { ++ pr_debug("%s does not support host ipmi\n", dmistr); ++ return -ENOSYS; ++ } ++ /* END RHEL-only */ ++#endif ++ pr_info("version " IPMI_DRIVER_VERSION "\n"); + mutex_lock(&ipmi_interfaces_mutex); + rv = ipmi_register_driver(); + mutex_unlock(&ipmi_interfaces_mutex); +diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile +index 467e94259679..9b6f5b8e5397 100644 +--- a/drivers/firmware/efi/Makefile ++++ b/drivers/firmware/efi/Makefile +@@ -28,6 +28,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_map.o + obj-$(CONFIG_EFI_BOOTLOADER_CONTROL) += efibc.o + obj-$(CONFIG_EFI_TEST) += test/ + obj-$(CONFIG_EFI_DEV_PATH_PARSER) += dev-path-parser.o ++obj-$(CONFIG_EFI) += secureboot.o + obj-$(CONFIG_APPLE_PROPERTIES) += apple-properties.o + obj-$(CONFIG_EFI_RCI2_TABLE) += rci2-table.o + obj-$(CONFIG_EFI_EMBEDDED_FIRMWARE) += embedded-firmware.o +diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c +index 4b7ee3fa9224..64b31d852d20 100644 +--- a/drivers/firmware/efi/efi.c ++++ b/drivers/firmware/efi/efi.c +@@ -31,6 +31,7 @@ + #include <linux/ucs2_string.h> + #include <linux/memblock.h> + #include <linux/security.h> ++#include <linux/bsearch.h> + + #include <asm/early_ioremap.h> + +@@ -841,40 +842,101 @@ int efi_mem_type(unsigned long phys_addr) + } + #endif + ++struct efi_error_code { ++ efi_status_t status; ++ int errno; ++ const char *description; ++}; ++ ++static const struct efi_error_code efi_error_codes[] = { ++ { EFI_SUCCESS, 0, "Success"}, ++#if 0 ++ { EFI_LOAD_ERROR, -EPICK_AN_ERRNO, "Load Error"}, ++#endif ++ { EFI_INVALID_PARAMETER, -EINVAL, "Invalid Parameter"}, ++ { EFI_UNSUPPORTED, -ENOSYS, "Unsupported"}, ++ { EFI_BAD_BUFFER_SIZE, -ENOSPC, "Bad Buffer Size"}, ++ { EFI_BUFFER_TOO_SMALL, -ENOSPC, "Buffer Too Small"}, ++ { EFI_NOT_READY, -EAGAIN, "Not Ready"}, ++ { EFI_DEVICE_ERROR, -EIO, "Device Error"}, ++ { EFI_WRITE_PROTECTED, -EROFS, "Write Protected"}, ++ { EFI_OUT_OF_RESOURCES, -ENOMEM, "Out of Resources"}, ++#if 0 ++ { EFI_VOLUME_CORRUPTED, -EPICK_AN_ERRNO, "Volume Corrupt"}, ++ { EFI_VOLUME_FULL, -EPICK_AN_ERRNO, "Volume Full"}, ++ { EFI_NO_MEDIA, -EPICK_AN_ERRNO, "No Media"}, ++ { EFI_MEDIA_CHANGED, -EPICK_AN_ERRNO, "Media changed"}, ++#endif ++ { EFI_NOT_FOUND, -ENOENT, "Not Found"}, ++#if 0 ++ { EFI_ACCESS_DENIED, -EPICK_AN_ERRNO, "Access Denied"}, ++ { EFI_NO_RESPONSE, -EPICK_AN_ERRNO, "No Response"}, ++ { EFI_NO_MAPPING, -EPICK_AN_ERRNO, "No mapping"}, ++ { EFI_TIMEOUT, -EPICK_AN_ERRNO, "Time out"}, ++ { EFI_NOT_STARTED, -EPICK_AN_ERRNO, "Not started"}, ++ { EFI_ALREADY_STARTED, -EPICK_AN_ERRNO, "Already started"}, ++#endif ++ { EFI_ABORTED, -EINTR, "Aborted"}, ++#if 0 ++ { EFI_ICMP_ERROR, -EPICK_AN_ERRNO, "ICMP Error"}, ++ { EFI_TFTP_ERROR, -EPICK_AN_ERRNO, "TFTP Error"}, ++ { EFI_PROTOCOL_ERROR, -EPICK_AN_ERRNO, "Protocol Error"}, ++ { EFI_INCOMPATIBLE_VERSION, -EPICK_AN_ERRNO, "Incompatible Version"}, ++#endif ++ { EFI_SECURITY_VIOLATION, -EACCES, "Security Policy Violation"}, ++#if 0 ++ { EFI_CRC_ERROR, -EPICK_AN_ERRNO, "CRC Error"}, ++ { EFI_END_OF_MEDIA, -EPICK_AN_ERRNO, "End of Media"}, ++ { EFI_END_OF_FILE, -EPICK_AN_ERRNO, "End of File"}, ++ { EFI_INVALID_LANGUAGE, -EPICK_AN_ERRNO, "Invalid Languages"}, ++ { EFI_COMPROMISED_DATA, -EPICK_AN_ERRNO, "Compromised Data"}, ++ ++ // warnings ++ { EFI_WARN_UNKOWN_GLYPH, -EPICK_AN_ERRNO, "Warning Unknown Glyph"}, ++ { EFI_WARN_DELETE_FAILURE, -EPICK_AN_ERRNO, "Warning Delete Failure"}, ++ { EFI_WARN_WRITE_FAILURE, -EPICK_AN_ERRNO, "Warning Write Failure"}, ++ { EFI_WARN_BUFFER_TOO_SMALL, -EPICK_AN_ERRNO, "Warning Buffer Too Small"}, ++#endif ++}; ++ ++static int ++efi_status_cmp_bsearch(const void *key, const void *item) ++{ ++ u64 status = (u64)(uintptr_t)key; ++ struct efi_error_code *code = (struct efi_error_code *)item; ++ ++ if (status < code->status) ++ return -1; ++ if (status > code->status) ++ return 1; ++ return 0; ++} ++ + int efi_status_to_err(efi_status_t status) + { +- int err; +- +- switch (status) { +- case EFI_SUCCESS: +- err = 0; +- break; +- case EFI_INVALID_PARAMETER: +- err = -EINVAL; +- break; +- case EFI_OUT_OF_RESOURCES: +- err = -ENOSPC; +- break; +- case EFI_DEVICE_ERROR: +- err = -EIO; +- break; +- case EFI_WRITE_PROTECTED: +- err = -EROFS; +- break; +- case EFI_SECURITY_VIOLATION: +- err = -EACCES; +- break; +- case EFI_NOT_FOUND: +- err = -ENOENT; +- break; +- case EFI_ABORTED: +- err = -EINTR; +- break; +- default: +- err = -EINVAL; +- } ++ struct efi_error_code *found; ++ size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code); + +- return err; ++ found = bsearch((void *)(uintptr_t)status, efi_error_codes, ++ sizeof(struct efi_error_code), num, ++ efi_status_cmp_bsearch); ++ if (!found) ++ return -EINVAL; ++ return found->errno; ++} ++ ++const char * ++efi_status_to_str(efi_status_t status) ++{ ++ struct efi_error_code *found; ++ size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code); ++ ++ found = bsearch((void *)(uintptr_t)status, efi_error_codes, ++ sizeof(struct efi_error_code), num, ++ efi_status_cmp_bsearch); ++ if (!found) ++ return "Unknown error code"; ++ return found->description; + } + + static DEFINE_SPINLOCK(efi_mem_reserve_persistent_lock); +diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c +new file mode 100644 +index 000000000000..de0a3714a5d4 +--- /dev/null ++++ b/drivers/firmware/efi/secureboot.c +@@ -0,0 +1,38 @@ ++/* Core kernel secure boot support. ++ * ++ * Copyright (C) 2017 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt ++ ++#include <linux/efi.h> ++#include <linux/kernel.h> ++#include <linux/printk.h> ++ ++/* ++ * Decide what to do when UEFI secure boot mode is enabled. ++ */ ++void __init efi_set_secure_boot(enum efi_secureboot_mode mode) ++{ ++ if (efi_enabled(EFI_BOOT)) { ++ switch (mode) { ++ case efi_secureboot_mode_disabled: ++ pr_info("Secure boot disabled\n"); ++ break; ++ case efi_secureboot_mode_enabled: ++ set_bit(EFI_SECURE_BOOT, &efi.flags); ++ pr_info("Secure boot enabled\n"); ++ break; ++ default: ++ pr_warn("Secure boot could not be determined (mode %u)\n", ++ mode); ++ break; ++ } ++ } ++} +diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c +index 311eee599ce9..2460c6bd46f8 100644 +--- a/drivers/hid/hid-rmi.c ++++ b/drivers/hid/hid-rmi.c +@@ -322,19 +322,12 @@ static int rmi_input_event(struct hid_device *hdev, u8 *data, int size) + { + struct rmi_data *hdata = hid_get_drvdata(hdev); + struct rmi_device *rmi_dev = hdata->xport.rmi_dev; +- unsigned long flags; + + if (!(test_bit(RMI_STARTED, &hdata->flags))) + return 0; + +- local_irq_save(flags); +- + rmi_set_attn_data(rmi_dev, data[1], &data[2], size - 2); + +- generic_handle_irq(hdata->rmi_irq); +- +- local_irq_restore(flags); +- + return 1; + } + +@@ -591,56 +584,6 @@ static const struct rmi_transport_ops hid_rmi_ops = { + .reset = rmi_hid_reset, + }; + +-static void rmi_irq_teardown(void *data) +-{ +- struct rmi_data *hdata = data; +- struct irq_domain *domain = hdata->domain; +- +- if (!domain) +- return; +- +- irq_dispose_mapping(irq_find_mapping(domain, 0)); +- +- irq_domain_remove(domain); +- hdata->domain = NULL; +- hdata->rmi_irq = 0; +-} +- +-static int rmi_irq_map(struct irq_domain *h, unsigned int virq, +- irq_hw_number_t hw_irq_num) +-{ +- irq_set_chip_and_handler(virq, &dummy_irq_chip, handle_simple_irq); +- +- return 0; +-} +- +-static const struct irq_domain_ops rmi_irq_ops = { +- .map = rmi_irq_map, +-}; +- +-static int rmi_setup_irq_domain(struct hid_device *hdev) +-{ +- struct rmi_data *hdata = hid_get_drvdata(hdev); +- int ret; +- +- hdata->domain = irq_domain_create_linear(hdev->dev.fwnode, 1, +- &rmi_irq_ops, hdata); +- if (!hdata->domain) +- return -ENOMEM; +- +- ret = devm_add_action_or_reset(&hdev->dev, &rmi_irq_teardown, hdata); +- if (ret) +- return ret; +- +- hdata->rmi_irq = irq_create_mapping(hdata->domain, 0); +- if (hdata->rmi_irq <= 0) { +- hid_err(hdev, "Can't allocate an IRQ\n"); +- return hdata->rmi_irq < 0 ? hdata->rmi_irq : -ENXIO; +- } +- +- return 0; +-} +- + static int rmi_probe(struct hid_device *hdev, const struct hid_device_id *id) + { + struct rmi_data *data = NULL; +@@ -713,18 +656,11 @@ static int rmi_probe(struct hid_device *hdev, const struct hid_device_id *id) + + mutex_init(&data->page_mutex); + +- ret = rmi_setup_irq_domain(hdev); +- if (ret) { +- hid_err(hdev, "failed to allocate IRQ domain\n"); +- return ret; +- } +- + if (data->device_flags & RMI_DEVICE_HAS_PHYS_BUTTONS) + rmi_hid_pdata.gpio_data.disable = true; + + data->xport.dev = hdev->dev.parent; + data->xport.pdata = rmi_hid_pdata; +- data->xport.pdata.irq = data->rmi_irq; + data->xport.proto_name = "hid"; + data->xport.ops = &hid_rmi_ops; + +diff --git a/drivers/hwtracing/coresight/coresight-etm4x-core.c b/drivers/hwtracing/coresight/coresight-etm4x-core.c +index a5b13a7779c3..4abd356f6435 100644 +--- a/drivers/hwtracing/coresight/coresight-etm4x-core.c ++++ b/drivers/hwtracing/coresight/coresight-etm4x-core.c +@@ -9,6 +9,7 @@ + #include <linux/init.h> + #include <linux/types.h> + #include <linux/device.h> ++#include <linux/dmi.h> + #include <linux/io.h> + #include <linux/err.h> + #include <linux/fs.h> +@@ -1964,6 +1965,16 @@ static const struct amba_id etm4_ids[] = { + {}, + }; + ++static const struct dmi_system_id broken_coresight[] = { ++ { ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "HPE"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Apollo 70"), ++ }, ++ }, ++ { } /* terminating entry */ ++}; ++ + MODULE_DEVICE_TABLE(amba, etm4_ids); + + static struct amba_driver etm4x_amba_driver = { +@@ -1996,6 +2007,11 @@ static int __init etm4x_init(void) + { + int ret; + ++ if (dmi_check_system(broken_coresight)) { ++ pr_info("ETM4 disabled due to firmware bug\n"); ++ return 0; ++ } ++ + ret = etm4_pm_setup(); + + /* etm4_pm_setup() does its own cleanup - exit on error */ +@@ -2022,6 +2038,9 @@ static int __init etm4x_init(void) + + static void __exit etm4x_exit(void) + { ++ if (dmi_check_system(broken_coresight)) ++ return; ++ + amba_driver_unregister(&etm4x_amba_driver); + platform_driver_unregister(&etm4_platform_driver); + etm4_pm_clear(); +diff --git a/drivers/infiniband/sw/rxe/rxe.c b/drivers/infiniband/sw/rxe/rxe.c +index 95f0de0c8b49..faa8a6cadef1 100644 +--- a/drivers/infiniband/sw/rxe/rxe.c ++++ b/drivers/infiniband/sw/rxe/rxe.c +@@ -284,6 +284,8 @@ static int __init rxe_module_init(void) + { + int err; + ++ mark_tech_preview("Soft-RoCE Transport Driver", THIS_MODULE); ++ + err = rxe_net_init(); + if (err) + return err; +diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c +index 258d5fe3d395..f7298e3dc8f3 100644 +--- a/drivers/input/rmi4/rmi_driver.c ++++ b/drivers/input/rmi4/rmi_driver.c +@@ -182,34 +182,47 @@ void rmi_set_attn_data(struct rmi_device *rmi_dev, unsigned long irq_status, + attn_data.data = fifo_data; + + kfifo_put(&drvdata->attn_fifo, attn_data); ++ ++ schedule_work(&drvdata->attn_work); + } + EXPORT_SYMBOL_GPL(rmi_set_attn_data); + +-static irqreturn_t rmi_irq_fn(int irq, void *dev_id) ++static void attn_callback(struct work_struct *work) + { +- struct rmi_device *rmi_dev = dev_id; +- struct rmi_driver_data *drvdata = dev_get_drvdata(&rmi_dev->dev); ++ struct rmi_driver_data *drvdata = container_of(work, ++ struct rmi_driver_data, ++ attn_work); + struct rmi4_attn_data attn_data = {0}; + int ret, count; + + count = kfifo_get(&drvdata->attn_fifo, &attn_data); +- if (count) { +- *(drvdata->irq_status) = attn_data.irq_status; +- drvdata->attn_data = attn_data; +- } ++ if (!count) ++ return; + +- ret = rmi_process_interrupt_requests(rmi_dev); ++ *(drvdata->irq_status) = attn_data.irq_status; ++ drvdata->attn_data = attn_data; ++ ++ ret = rmi_process_interrupt_requests(drvdata->rmi_dev); + if (ret) +- rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev, ++ rmi_dbg(RMI_DEBUG_CORE, &drvdata->rmi_dev->dev, + "Failed to process interrupt request: %d\n", ret); + +- if (count) { +- kfree(attn_data.data); +- drvdata->attn_data.data = NULL; +- } ++ kfree(attn_data.data); ++ drvdata->attn_data.data = NULL; + + if (!kfifo_is_empty(&drvdata->attn_fifo)) +- return rmi_irq_fn(irq, dev_id); ++ schedule_work(&drvdata->attn_work); ++} ++ ++static irqreturn_t rmi_irq_fn(int irq, void *dev_id) ++{ ++ struct rmi_device *rmi_dev = dev_id; ++ int ret; ++ ++ ret = rmi_process_interrupt_requests(rmi_dev); ++ if (ret) ++ rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev, ++ "Failed to process interrupt request: %d\n", ret); + + return IRQ_HANDLED; + } +@@ -217,7 +230,6 @@ static irqreturn_t rmi_irq_fn(int irq, void *dev_id) + static int rmi_irq_init(struct rmi_device *rmi_dev) + { + struct rmi_device_platform_data *pdata = rmi_get_platform_data(rmi_dev); +- struct rmi_driver_data *data = dev_get_drvdata(&rmi_dev->dev); + int irq_flags = irq_get_trigger_type(pdata->irq); + int ret; + +@@ -235,8 +247,6 @@ static int rmi_irq_init(struct rmi_device *rmi_dev) + return ret; + } + +- data->enabled = true; +- + return 0; + } + +@@ -886,23 +896,27 @@ void rmi_enable_irq(struct rmi_device *rmi_dev, bool clear_wake) + if (data->enabled) + goto out; + +- enable_irq(irq); +- data->enabled = true; +- if (clear_wake && device_may_wakeup(rmi_dev->xport->dev)) { +- retval = disable_irq_wake(irq); +- if (retval) +- dev_warn(&rmi_dev->dev, +- "Failed to disable irq for wake: %d\n", +- retval); +- } ++ if (irq) { ++ enable_irq(irq); ++ data->enabled = true; ++ if (clear_wake && device_may_wakeup(rmi_dev->xport->dev)) { ++ retval = disable_irq_wake(irq); ++ if (retval) ++ dev_warn(&rmi_dev->dev, ++ "Failed to disable irq for wake: %d\n", ++ retval); ++ } + +- /* +- * Call rmi_process_interrupt_requests() after enabling irq, +- * otherwise we may lose interrupt on edge-triggered systems. +- */ +- irq_flags = irq_get_trigger_type(pdata->irq); +- if (irq_flags & IRQ_TYPE_EDGE_BOTH) +- rmi_process_interrupt_requests(rmi_dev); ++ /* ++ * Call rmi_process_interrupt_requests() after enabling irq, ++ * otherwise we may lose interrupt on edge-triggered systems. ++ */ ++ irq_flags = irq_get_trigger_type(pdata->irq); ++ if (irq_flags & IRQ_TYPE_EDGE_BOTH) ++ rmi_process_interrupt_requests(rmi_dev); ++ } else { ++ data->enabled = true; ++ } + + out: + mutex_unlock(&data->enabled_mutex); +@@ -922,20 +936,22 @@ void rmi_disable_irq(struct rmi_device *rmi_dev, bool enable_wake) + goto out; + + data->enabled = false; +- disable_irq(irq); +- if (enable_wake && device_may_wakeup(rmi_dev->xport->dev)) { +- retval = enable_irq_wake(irq); +- if (retval) +- dev_warn(&rmi_dev->dev, +- "Failed to enable irq for wake: %d\n", +- retval); +- } +- +- /* make sure the fifo is clean */ +- while (!kfifo_is_empty(&data->attn_fifo)) { +- count = kfifo_get(&data->attn_fifo, &attn_data); +- if (count) +- kfree(attn_data.data); ++ if (irq) { ++ disable_irq(irq); ++ if (enable_wake && device_may_wakeup(rmi_dev->xport->dev)) { ++ retval = enable_irq_wake(irq); ++ if (retval) ++ dev_warn(&rmi_dev->dev, ++ "Failed to enable irq for wake: %d\n", ++ retval); ++ } ++ } else { ++ /* make sure the fifo is clean */ ++ while (!kfifo_is_empty(&data->attn_fifo)) { ++ count = kfifo_get(&data->attn_fifo, &attn_data); ++ if (count) ++ kfree(attn_data.data); ++ } + } + + out: +@@ -981,6 +997,8 @@ static int rmi_driver_remove(struct device *dev) + irq_domain_remove(data->irqdomain); + data->irqdomain = NULL; + ++ cancel_work_sync(&data->attn_work); ++ + rmi_f34_remove_sysfs(rmi_dev); + rmi_free_function_list(rmi_dev); + +@@ -1219,9 +1237,15 @@ static int rmi_driver_probe(struct device *dev) + } + } + +- retval = rmi_irq_init(rmi_dev); +- if (retval < 0) +- goto err_destroy_functions; ++ if (pdata->irq) { ++ retval = rmi_irq_init(rmi_dev); ++ if (retval < 0) ++ goto err_destroy_functions; ++ } ++ ++ data->enabled = true; ++ ++ INIT_WORK(&data->attn_work, attn_callback); + + if (data->f01_container->dev.driver) { + /* Driver already bound, so enable ATTN now. */ +diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c +index d0b0a15dba84..005984e8ef5e 100644 +--- a/drivers/iommu/iommu.c ++++ b/drivers/iommu/iommu.c +@@ -7,6 +7,7 @@ + #define pr_fmt(fmt) "iommu: " fmt + + #include <linux/device.h> ++#include <linux/dmi.h> + #include <linux/kernel.h> + #include <linux/bug.h> + #include <linux/types.h> +@@ -3049,6 +3050,27 @@ u32 iommu_sva_get_pasid(struct iommu_sva *handle) + } + EXPORT_SYMBOL_GPL(iommu_sva_get_pasid); + ++#ifdef CONFIG_ARM64 ++static int __init iommu_quirks(void) ++{ ++ const char *vendor, *name; ++ ++ vendor = dmi_get_system_info(DMI_SYS_VENDOR); ++ name = dmi_get_system_info(DMI_PRODUCT_NAME); ++ ++ if (vendor && ++ (strncmp(vendor, "GIGABYTE", 8) == 0 && name && ++ (strncmp(name, "R120", 4) == 0 || ++ strncmp(name, "R270", 4) == 0))) { ++ pr_warn("Gigabyte %s detected, force iommu passthrough mode", name); ++ iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY; ++ } ++ ++ return 0; ++} ++arch_initcall(iommu_quirks); ++#endif ++ + /* + * Changes the default domain of an iommu group that has *only* one device + * +diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c +index 5eb0b3361e4e..1d071bfec4bd 100644 +--- a/drivers/message/fusion/mptsas.c ++++ b/drivers/message/fusion/mptsas.c +@@ -5315,6 +5315,11 @@ mptsas_probe(struct pci_dev *pdev, const struct pci_device_id *id) + ioc, MPI_SAS_OP_CLEAR_ALL_PERSISTENT); + } + ++#ifdef CONFIG_RHEL_DIFFERENCES ++ add_taint(TAINT_SUPPORT_REMOVED, LOCKDEP_STILL_OK); ++ pr_warn("MPTSAS MODULE IS NOT SUPPORTED\n"); ++#endif ++ + error = scsi_add_host(sh, &ioc->pcidev->dev); + if (error) { + dprintk(ioc, printk(MYIOC_s_ERR_FMT +@@ -5378,6 +5383,10 @@ static void mptsas_remove(struct pci_dev *pdev) + } + + static struct pci_device_id mptsas_pci_table[] = { ++#ifdef CONFIG_RHEL_DIFFERENCES ++ { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1068, ++ PCI_VENDOR_ID_VMWARE, PCI_ANY_ID }, ++#else + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1064, + PCI_ANY_ID, PCI_ANY_ID }, + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1068, +@@ -5390,6 +5399,7 @@ static struct pci_device_id mptsas_pci_table[] = { + PCI_ANY_ID, PCI_ANY_ID }, + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1068_820XELP, + PCI_ANY_ID, PCI_ANY_ID }, ++#endif + {0} /* Terminating entry */ + }; + MODULE_DEVICE_TABLE(pci, mptsas_pci_table); +diff --git a/drivers/message/fusion/mptspi.c b/drivers/message/fusion/mptspi.c +index af0ce5611e4a..1c226920c12d 100644 +--- a/drivers/message/fusion/mptspi.c ++++ b/drivers/message/fusion/mptspi.c +@@ -1238,12 +1238,17 @@ static struct spi_function_template mptspi_transport_functions = { + */ + + static struct pci_device_id mptspi_pci_table[] = { ++#ifdef CONFIG_RHEL_DIFFERENCES ++ { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_53C1030, ++ PCI_VENDOR_ID_VMWARE, PCI_ANY_ID }, ++#else + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_53C1030, + PCI_ANY_ID, PCI_ANY_ID }, + { PCI_VENDOR_ID_ATTO, MPI_MANUFACTPAGE_DEVID_53C1030, + PCI_ANY_ID, PCI_ANY_ID }, + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_53C1035, + PCI_ANY_ID, PCI_ANY_ID }, ++#endif + {0} /* Terminating entry */ + }; + MODULE_DEVICE_TABLE(pci, mptspi_pci_table); +@@ -1534,6 +1539,12 @@ mptspi_probe(struct pci_dev *pdev, const struct pci_device_id *id) + 0, 0, 0, 0, 5); + + scsi_scan_host(sh); ++ ++#ifdef CONFIG_RHEL_DIFFERENCES ++ add_taint(TAINT_SUPPORT_REMOVED, LOCKDEP_STILL_OK); ++ pr_warn("MPTSPI MODULE IS NOT SUPPORTED\n"); ++#endif ++ + return 0; + + out_mptspi_probe: +diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c +index d821c687f239..e5c371eab4fb 100644 +--- a/drivers/net/ethernet/intel/ice/ice_main.c ++++ b/drivers/net/ethernet/intel/ice/ice_main.c +@@ -4832,6 +4832,7 @@ static int __init ice_module_init(void) + + pr_info("%s\n", ice_driver_string); + pr_info("%s\n", ice_copyright); ++ mark_tech_preview(DRV_SUMMARY, THIS_MODULE); + + ice_wq = alloc_workqueue("%s", WQ_MEM_RECLAIM, 0, KBUILD_MODNAME); + if (!ice_wq) { +diff --git a/drivers/net/wireguard/main.c b/drivers/net/wireguard/main.c +index 7a7d5f1a80fc..7df985e31113 100644 +--- a/drivers/net/wireguard/main.c ++++ b/drivers/net/wireguard/main.c +@@ -39,6 +39,7 @@ static int __init mod_init(void) + pr_info("WireGuard " WIREGUARD_VERSION " loaded. See www.wireguard.com for information.\n"); + pr_info("Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.\n"); + ++ mark_tech_preview("WireGuard", THIS_MODULE); + return 0; + + err_netlink: +diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c +index ec44a79e951a..5025827ef396 100644 +--- a/drivers/pci/pci-driver.c ++++ b/drivers/pci/pci-driver.c +@@ -19,6 +19,7 @@ + #include <linux/kexec.h> + #include <linux/of_device.h> + #include <linux/acpi.h> ++#include <linux/kernel.h> + #include <linux/dma-map-ops.h> + #include "pci.h" + #include "pcie/portdrv.h" +@@ -281,6 +282,34 @@ static struct attribute *pci_drv_attrs[] = { + }; + ATTRIBUTE_GROUPS(pci_drv); + ++/** ++ * pci_hw_vendor_status - Tell if a PCI device is supported by the HW vendor ++ * @ids: array of PCI device id structures to search in ++ * @dev: the PCI device structure to match against ++ * ++ * Used by a driver to check whether this device is in its list of unsupported ++ * devices. Returns the matching pci_device_id structure or %NULL if there is ++ * no match. ++ * ++ * Reserved for Internal Red Hat use only. ++ */ ++const struct pci_device_id *pci_hw_vendor_status( ++ const struct pci_device_id *ids, ++ struct pci_dev *dev) ++{ ++ char devinfo[64]; ++ const struct pci_device_id *ret = pci_match_id(ids, dev); ++ ++ if (ret) { ++ snprintf(devinfo, sizeof(devinfo), "%s %s", ++ dev_driver_string(&dev->dev), dev_name(&dev->dev)); ++ mark_hardware_deprecated(devinfo); ++ } ++ ++ return ret; ++} ++EXPORT_SYMBOL(pci_hw_vendor_status); ++ + struct drv_dev_and_id { + struct pci_driver *drv; + struct pci_dev *dev; +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c +index 653660e3ba9e..98851d00dc4d 100644 +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -4143,6 +4143,30 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9000, + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9084, + quirk_bridge_cavm_thrx2_pcie_root); + ++/* ++ * PCI BAR 5 is not setup correctly for the on-board AHCI controller ++ * on Broadcom's Vulcan processor. Added a quirk to fix BAR 5 by ++ * using BAR 4's resources which are populated correctly and NOT ++ * actually used by the AHCI controller. ++ */ ++static void quirk_fix_vulcan_ahci_bars(struct pci_dev *dev) ++{ ++ struct resource *r = &dev->resource[4]; ++ ++ if (!(r->flags & IORESOURCE_MEM) || (r->start == 0)) ++ return; ++ ++ /* Set BAR5 resource to BAR4 */ ++ dev->resource[5] = *r; ++ ++ /* Update BAR5 in pci config space */ ++ pci_write_config_dword(dev, PCI_BASE_ADDRESS_5, r->start); ++ ++ /* Clear BAR4's resource */ ++ memset(r, 0, sizeof(*r)); ++} ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9027, quirk_fix_vulcan_ahci_bars); ++ + /* + * Intersil/Techwell TW686[4589]-based video capture cards have an empty (zero) + * class code. Fix it. +diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c +index 3168915adaa7..71b48e29b708 100644 +--- a/drivers/scsi/aacraid/linit.c ++++ b/drivers/scsi/aacraid/linit.c +@@ -78,6 +78,7 @@ char aac_driver_version[] = AAC_DRIVER_FULL_VERSION; + * Note: The last field is used to index into aac_drivers below. + */ + static const struct pci_device_id aac_pci_tbl[] = { ++#ifndef CONFIG_RHEL_DIFFERENCES + { 0x1028, 0x0001, 0x1028, 0x0001, 0, 0, 0 }, /* PERC 2/Si (Iguana/PERC2Si) */ + { 0x1028, 0x0002, 0x1028, 0x0002, 0, 0, 1 }, /* PERC 3/Di (Opal/PERC3Di) */ + { 0x1028, 0x0003, 0x1028, 0x0003, 0, 0, 2 }, /* PERC 3/Si (SlimFast/PERC3Si */ +@@ -145,6 +146,7 @@ static const struct pci_device_id aac_pci_tbl[] = { + { 0x9005, 0x0285, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 59 }, /* Adaptec Catch All */ + { 0x9005, 0x0286, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 60 }, /* Adaptec Rocket Catch All */ + { 0x9005, 0x0288, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 61 }, /* Adaptec NEMER/ARK Catch All */ ++#endif + { 0x9005, 0x028b, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 62 }, /* Adaptec PMC Series 6 (Tupelo) */ + { 0x9005, 0x028c, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 63 }, /* Adaptec PMC Series 7 (Denali) */ + { 0x9005, 0x028d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 64 }, /* Adaptec PMC Series 8 */ +diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c +index 90fcddb76f46..f22d7b2608ce 100644 +--- a/drivers/scsi/be2iscsi/be_main.c ++++ b/drivers/scsi/be2iscsi/be_main.c +@@ -370,11 +370,13 @@ static int beiscsi_eh_device_reset(struct scsi_cmnd *sc) + + /*------------------- PCI Driver operations and data ----------------- */ + static const struct pci_device_id beiscsi_pci_id_table[] = { ++#ifndef CONFIG_RHEL_DIFFERENCES + { PCI_DEVICE(BE_VENDOR_ID, BE_DEVICE_ID1) }, + { PCI_DEVICE(BE_VENDOR_ID, BE_DEVICE_ID2) }, + { PCI_DEVICE(BE_VENDOR_ID, OC_DEVICE_ID1) }, + { PCI_DEVICE(BE_VENDOR_ID, OC_DEVICE_ID2) }, + { PCI_DEVICE(BE_VENDOR_ID, OC_DEVICE_ID3) }, ++#endif + { PCI_DEVICE(ELX_VENDOR_ID, OC_SKH_ID1) }, + { 0 } + }; +diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c +index f135a10f582b..99b17b05cab1 100644 +--- a/drivers/scsi/hpsa.c ++++ b/drivers/scsi/hpsa.c +@@ -82,7 +82,9 @@ MODULE_DESCRIPTION("Driver for HP Smart Array Controller version " \ + HPSA_DRIVER_VERSION); + MODULE_VERSION(HPSA_DRIVER_VERSION); + MODULE_LICENSE("GPL"); ++#ifndef CONFIG_RHEL_DIFFERENCES + MODULE_ALIAS("cciss"); ++#endif + + static int hpsa_simple_mode; + module_param(hpsa_simple_mode, int, S_IRUGO|S_IWUSR); +@@ -144,10 +146,12 @@ static const struct pci_device_id hpsa_pci_device_id[] = { + {PCI_VENDOR_ID_HP_3PAR, 0x0075, 0x1590, 0x007D}, + {PCI_VENDOR_ID_HP_3PAR, 0x0075, 0x1590, 0x0088}, + {PCI_VENDOR_ID_HP, 0x333f, 0x103c, 0x333f}, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_HP, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, + PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0}, + {PCI_VENDOR_ID_COMPAQ, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, + PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0}, ++#endif + {0,} + }; + +diff --git a/drivers/scsi/lpfc/lpfc_ids.h b/drivers/scsi/lpfc/lpfc_ids.h +index d48414e295a0..ba0e384412c9 100644 +--- a/drivers/scsi/lpfc/lpfc_ids.h ++++ b/drivers/scsi/lpfc/lpfc_ids.h +@@ -24,6 +24,7 @@ + #include <linux/pci.h> + + const struct pci_device_id lpfc_id_table[] = { ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_VIPER, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_FIREFLY, +@@ -54,14 +55,19 @@ const struct pci_device_id lpfc_id_table[] = { + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_HELIOS_DCSP, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_BMID, + PCI_ANY_ID, PCI_ANY_ID, }, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_BSMB, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZEPHYR, + PCI_ANY_ID, PCI_ANY_ID, }, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_HORNET, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZEPHYR_SCSP, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZEPHYR_DCSP, +@@ -70,6 +76,7 @@ const struct pci_device_id lpfc_id_table[] = { + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZSMB, + PCI_ANY_ID, PCI_ANY_ID, }, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_TFLY, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LP101, +@@ -80,6 +87,7 @@ const struct pci_device_id lpfc_id_table[] = { + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LPE11000S, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_SAT, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_SAT_MID, +@@ -92,6 +100,7 @@ const struct pci_device_id lpfc_id_table[] = { + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_SAT_S, + PCI_ANY_ID, PCI_ANY_ID, }, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_PROTEUS_VF, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_PROTEUS_PF, +@@ -102,18 +111,23 @@ const struct pci_device_id lpfc_id_table[] = { + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_SERVERENGINE, PCI_DEVICE_ID_TOMCAT, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_FALCON, + PCI_ANY_ID, PCI_ANY_ID, }, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_BALIUS, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_FC, + PCI_ANY_ID, PCI_ANY_ID, }, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_FCOE, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_FC_VF, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_FCOE_VF, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_G6_FC, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_G7_FC, +diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c +index 63a4f48bdc75..786af4c41caf 100644 +--- a/drivers/scsi/megaraid/megaraid_sas_base.c ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c +@@ -138,6 +138,7 @@ static void megasas_get_pd_info(struct megasas_instance *instance, + */ + static struct pci_device_id megasas_pci_table[] = { + ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_SAS1064R)}, + /* xscale IOP */ + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_SAS1078R)}, +@@ -156,6 +157,7 @@ static struct pci_device_id megasas_pci_table[] = { + /* xscale IOP, vega */ + {PCI_DEVICE(PCI_VENDOR_ID_DELL, PCI_DEVICE_ID_DELL_PERC5)}, + /* xscale IOP */ ++#endif + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_FUSION)}, + /* Fusion */ + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_PLASMA)}, +diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c +index 6aa6de729187..10d2ea521280 100644 +--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c ++++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c +@@ -12309,6 +12309,7 @@ bool scsih_ncq_prio_supp(struct scsi_device *sdev) + * The pci device ids are defined in mpi/mpi2_cnfg.h. + */ + static const struct pci_device_id mpt3sas_pci_table[] = { ++#ifndef CONFIG_RHEL_DIFFERENCES + /* Spitfire ~ 2004 */ + { MPI2_MFGPAGE_VENDORID_LSI, MPI2_MFGPAGE_DEVID_SAS2004, + PCI_ANY_ID, PCI_ANY_ID }, +@@ -12327,6 +12328,7 @@ static const struct pci_device_id mpt3sas_pci_table[] = { + PCI_ANY_ID, PCI_ANY_ID }, + { MPI2_MFGPAGE_VENDORID_LSI, MPI2_MFGPAGE_DEVID_SAS2116_2, + PCI_ANY_ID, PCI_ANY_ID }, ++#endif + /* Thunderbolt ~ 2208 */ + { MPI2_MFGPAGE_VENDORID_LSI, MPI2_MFGPAGE_DEVID_SAS2208_1, + PCI_ANY_ID, PCI_ANY_ID }, +@@ -12351,9 +12353,11 @@ static const struct pci_device_id mpt3sas_pci_table[] = { + PCI_ANY_ID, PCI_ANY_ID }, + { MPI2_MFGPAGE_VENDORID_LSI, MPI2_MFGPAGE_DEVID_SWITCH_MPI_EP_1, + PCI_ANY_ID, PCI_ANY_ID }, ++#ifndef CONFIG_RHEL_DIFFERENCES + /* SSS6200 */ + { MPI2_MFGPAGE_VENDORID_LSI, MPI2_MFGPAGE_DEVID_SSS6200, + PCI_ANY_ID, PCI_ANY_ID }, ++#endif + /* Fury ~ 3004 and 3008 */ + { MPI2_MFGPAGE_VENDORID_LSI, MPI25_MFGPAGE_DEVID_SAS3004, + PCI_ANY_ID, PCI_ANY_ID }, +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index 074392560f3d..261facf2638a 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -7723,6 +7723,7 @@ static const struct pci_error_handlers qla2xxx_err_handler = { + }; + + static struct pci_device_id qla2xxx_pci_tbl[] = { ++#ifndef CONFIG_RHEL_DIFFERENCES + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2100) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2200) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2300) }, +@@ -7735,13 +7736,18 @@ static struct pci_device_id qla2xxx_pci_tbl[] = { + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8432) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP5422) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP5432) }, ++#endif + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2532) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2031) }, ++#ifndef CONFIG_RHEL_DIFFERENCES + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8001) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8021) }, ++#endif + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8031) }, ++#ifndef CONFIG_RHEL_DIFFERENCES + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISPF001) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8044) }, ++#endif + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2071) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2271) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2261) }, +diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c +index 7bd9a4a04ad5..124a65ba4c40 100644 +--- a/drivers/scsi/qla4xxx/ql4_os.c ++++ b/drivers/scsi/qla4xxx/ql4_os.c +@@ -9864,6 +9864,7 @@ static struct pci_device_id qla4xxx_pci_tbl[] = { + .subvendor = PCI_ANY_ID, + .subdevice = PCI_ANY_ID, + }, ++#ifndef CONFIG_RHEL_DIFFERENCES + { + .vendor = PCI_VENDOR_ID_QLOGIC, + .device = PCI_DEVICE_ID_QLOGIC_ISP8022, +@@ -9882,6 +9883,7 @@ static struct pci_device_id qla4xxx_pci_tbl[] = { + .subvendor = PCI_ANY_ID, + .subdevice = PCI_ANY_ID, + }, ++#endif + {0, 0}, + }; + MODULE_DEVICE_TABLE(pci, qla4xxx_pci_tbl); +diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c +index a1dacb6e993e..2d751d13a3eb 100644 +--- a/drivers/scsi/smartpqi/smartpqi_init.c ++++ b/drivers/scsi/smartpqi/smartpqi_init.c +@@ -8312,6 +8312,18 @@ static const struct pci_device_id pqi_pci_id_table[] = { + PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f, + 0x19e5, 0xd22c) + }, ++ { ++ PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f, ++ 0x1bd4, 0x004a) ++ }, ++ { ++ PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f, ++ 0x1bd4, 0x004b) ++ }, ++ { ++ PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f, ++ 0x1bd4, 0x004c) ++ }, + { + PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f, + PCI_VENDOR_ID_ADAPTEC2, 0x0110) +@@ -8452,6 +8464,10 @@ static const struct pci_device_id pqi_pci_id_table[] = { + PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f, + PCI_VENDOR_ID_ADVANTECH, 0x8312) + }, ++ { ++ PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f, ++ PCI_VENDOR_ID_ADVANTECH, 0x8312) ++ }, + { + PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f, + PCI_VENDOR_ID_DELL, 0x1fe0) +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index b2bc4b7c4289..0da634c8abcd 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -5585,6 +5585,13 @@ static void hub_event(struct work_struct *work) + (u16) hub->change_bits[0], + (u16) hub->event_bits[0]); + ++ /* Don't disconnect USB-SATA on TrimSlice */ ++ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) { ++ if ((hdev->state == 7) && (hub->change_bits[0] == 0) && ++ (hub->event_bits[0] == 0x2)) ++ hub->event_bits[0] = 0; ++ } ++ + /* Lock the device, then check to see if we were + * disconnected while waiting for the lock to succeed. */ + usb_lock_device(hdev); +diff --git a/include/linux/efi.h b/include/linux/efi.h +index 6b5d36babfcc..fd4a5d66a9d0 100644 +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -43,6 +43,8 @@ + #define EFI_ABORTED (21 | (1UL << (BITS_PER_LONG-1))) + #define EFI_SECURITY_VIOLATION (26 | (1UL << (BITS_PER_LONG-1))) + ++#define EFI_IS_ERROR(x) ((x) & (1UL << (BITS_PER_LONG-1))) ++ + typedef unsigned long efi_status_t; + typedef u8 efi_bool_t; + typedef u16 efi_char16_t; /* UNICODE character */ +@@ -782,6 +784,14 @@ extern int __init efi_setup_pcdp_console(char *); + #define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */ + #define EFI_MEM_NO_SOFT_RESERVE 11 /* Is the kernel configured to ignore soft reservations? */ + #define EFI_PRESERVE_BS_REGIONS 12 /* Are EFI boot-services memory segments available? */ ++#define EFI_SECURE_BOOT 13 /* Are we in Secure Boot mode? */ ++ ++enum efi_secureboot_mode { ++ efi_secureboot_mode_unset, ++ efi_secureboot_mode_unknown, ++ efi_secureboot_mode_disabled, ++ efi_secureboot_mode_enabled, ++}; + + #ifdef CONFIG_EFI + /* +@@ -793,6 +803,8 @@ static inline bool efi_enabled(int feature) + } + extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused); + ++extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode); ++ + bool __pure __efi_soft_reserve_enabled(void); + + static inline bool __pure efi_soft_reserve_enabled(void) +@@ -813,6 +825,8 @@ static inline bool efi_enabled(int feature) + static inline void + efi_reboot(enum reboot_mode reboot_mode, const char *__unused) {} + ++static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {} ++ + static inline bool efi_soft_reserve_enabled(void) + { + return false; +@@ -825,6 +839,7 @@ static inline bool efi_rt_services_supported(unsigned int mask) + #endif + + extern int efi_status_to_err(efi_status_t status); ++extern const char *efi_status_to_str(efi_status_t status); + + /* + * Variable Attributes +@@ -1077,13 +1092,6 @@ static inline bool efi_runtime_disabled(void) { return true; } + extern void efi_call_virt_check_flags(unsigned long flags, const char *call); + extern unsigned long efi_call_virt_save_flags(void); + +-enum efi_secureboot_mode { +- efi_secureboot_mode_unset, +- efi_secureboot_mode_unknown, +- efi_secureboot_mode_disabled, +- efi_secureboot_mode_enabled, +-}; +- + static inline + enum efi_secureboot_mode efi_get_secureboot_mode(efi_get_variable_t *get_var) + { +diff --git a/include/linux/kernel.h b/include/linux/kernel.h +index 5b7ed6dc99ac..17703b5a7091 100644 +--- a/include/linux/kernel.h ++++ b/include/linux/kernel.h +@@ -458,7 +458,24 @@ extern enum system_states { + #define TAINT_LIVEPATCH 15 + #define TAINT_AUX 16 + #define TAINT_RANDSTRUCT 17 +-#define TAINT_FLAGS_COUNT 18 ++/* Start of Red Hat-specific taint flags */ ++#define TAINT_18 18 ++#define TAINT_19 19 ++#define TAINT_20 20 ++#define TAINT_21 21 ++#define TAINT_22 22 ++#define TAINT_23 23 ++#define TAINT_24 24 ++#define TAINT_25 25 ++#define TAINT_26 26 ++#define TAINT_SUPPORT_REMOVED 27 ++/* Bits 28 - 31 are reserved for Red Hat use only */ ++#define TAINT_RESERVED28 28 ++#define TAINT_RESERVED29 29 ++#define TAINT_RESERVED30 30 ++#define TAINT_UNPRIVILEGED_BPF 31 ++/* End of Red Hat-specific taint flags */ ++#define TAINT_FLAGS_COUNT 32 + #define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1) + + struct taint_flag { +@@ -744,4 +761,19 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { } + /* OTHER_WRITABLE? Generally considered a bad idea. */ \ + BUILD_BUG_ON_ZERO((perms) & 2) + \ + (perms)) ++ ++struct module; ++ ++#ifdef CONFIG_RHEL_DIFFERENCES ++void mark_hardware_unsupported(const char *msg); ++void mark_hardware_deprecated(const char *msg); ++void mark_tech_preview(const char *msg, struct module *mod); ++void mark_driver_unsupported(const char *name); ++#else ++static inline void mark_hardware_unsupported(const char *msg) { } ++static inline void mark_hardware_deprecated(const char *msg) { } ++static inline void mark_tech_preview(const char *msg, struct module *mod) { } ++static inline void mark_driver_unsupported(const char *name) { } ++#endif ++ + #endif +diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h +index 61f04f7dc1a4..8d8d2c112784 100644 +--- a/include/linux/lsm_hook_defs.h ++++ b/include/linux/lsm_hook_defs.h +@@ -394,6 +394,8 @@ LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux) + #endif /* CONFIG_BPF_SYSCALL */ + + LSM_HOOK(int, 0, locked_down, enum lockdown_reason what) ++LSM_HOOK(int, 0, lock_kernel_down, const char *where, enum lockdown_reason level) ++ + + #ifdef CONFIG_PERF_EVENTS + LSM_HOOK(int, 0, perf_event_open, struct perf_event_attr *attr, int type) +diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h +index ba2ccd950833..f3a024f3cf5d 100644 +--- a/include/linux/lsm_hooks.h ++++ b/include/linux/lsm_hooks.h +@@ -1542,6 +1542,12 @@ + * + * @what: kernel feature being accessed + * ++ * @lock_kernel_down ++ * Put the kernel into lock-down mode. ++ * ++ * @where: Where the lock-down is originating from (e.g. command line option) ++ * @level: The lock-down level (can only increase) ++ * + * Security hooks for perf events + * + * @perf_event_open: +diff --git a/include/linux/module.h b/include/linux/module.h +index 8100bb477d86..f758f2869c02 100644 +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -374,6 +374,7 @@ struct module { + struct module_attribute *modinfo_attrs; + const char *version; + const char *srcversion; ++ const char *rhelversion; + struct kobject *holders_dir; + + /* Exported symbols */ +diff --git a/include/linux/pci.h b/include/linux/pci.h +index 39684b72db91..96f3c123e36a 100644 +--- a/include/linux/pci.h ++++ b/include/linux/pci.h +@@ -1423,6 +1423,10 @@ int pci_add_dynid(struct pci_driver *drv, + unsigned long driver_data); + const struct pci_device_id *pci_match_id(const struct pci_device_id *ids, + struct pci_dev *dev); ++/* Reserved for Internal Red Hat use only */ ++const struct pci_device_id *pci_hw_vendor_status( ++ const struct pci_device_id *ids, ++ struct pci_dev *dev); + int pci_scan_bridge(struct pci_bus *bus, struct pci_dev *dev, int max, + int pass); + +diff --git a/include/linux/rh_kabi.h b/include/linux/rh_kabi.h +new file mode 100644 +index 000000000000..ea9c136bf884 +--- /dev/null ++++ b/include/linux/rh_kabi.h +@@ -0,0 +1,297 @@ ++/* ++ * rh_kabi.h - Red Hat kABI abstraction header ++ * ++ * Copyright (c) 2014 Don Zickus ++ * Copyright (c) 2015-2018 Jiri Benc ++ * Copyright (c) 2015 Sabrina Dubroca, Hannes Frederic Sowa ++ * Copyright (c) 2016-2018 Prarit Bhargava ++ * Copyright (c) 2017 Paolo Abeni, Larry Woodman ++ * ++ * This file is released under the GPLv2. ++ * See the file COPYING for more details. ++ * ++ * These kabi macros hide the changes from the kabi checker and from the ++ * process that computes the exported symbols' checksums. ++ * They have 2 variants: one (defined under __GENKSYMS__) used when ++ * generating the checksums, and the other used when building the kernel's ++ * binaries. ++ * ++ * The use of these macros does not guarantee that the usage and modification ++ * of code is correct. As with all Red Hat only changes, an engineer must ++ * explain why the use of the macro is valid in the patch containing the ++ * changes. ++ * ++ */ ++ ++#ifndef _LINUX_RH_KABI_H ++#define _LINUX_RH_KABI_H ++ ++#include <linux/compiler.h> ++#include <linux/stringify.h> ++ ++/* ++ * RH_KABI_CONST ++ * Adds a new const modifier to a function parameter preserving the old ++ * checksum. ++ * ++ * RH_KABI_DEPRECATE ++ * Mark the element as deprecated and make it unusable by modules while ++ * preserving kABI checksums. ++ * ++ * RH_KABI_DEPRECATE_FN ++ * Mark the function pointer as deprecated and make it unusable by modules ++ * while preserving kABI checksums. ++ * ++ * RH_KABI_EXTEND ++ * Simple macro for adding a new element to a struct. ++ * ++ * RH_KABI_EXTEND_WITH_SIZE ++ * Adds a new element (usually a struct) to a struct and reserves extra ++ * space for the new element. The provided 'size' is the total space to ++ * be added in longs (i.e. it's 8 * 'size' bytes), including the size of ++ * the added element. It is automatically checked that the new element ++ * does not overflow the reserved space, now nor in the future. However, ++ * no attempt is done to check the content of the added element (struct) ++ * for kABI conformance - kABI checking inside the added element is ++ * effectively switched off. ++ * For any struct being added by RH_KABI_EXTEND_WITH_SIZE, it is ++ * recommended its content to be documented as not covered by kABI ++ * guarantee. ++ * ++ * RH_KABI_FILL_HOLE ++ * Simple macro for filling a hole in a struct. ++ * ++ * Warning: only use if a hole exists for _all_ arches. Use pahole to verify. ++ * ++ * RH_KABI_RENAME ++ * Simple macro for renaming an element without changing its type. This ++ * macro can be used in bitfields, for example. ++ * ++ * NOTE: does not include the final ';' ++ * ++ * RH_KABI_REPLACE ++ * Simple replacement of _orig with a union of _orig and _new. ++ * ++ * The RH_KABI_REPLACE* macros attempt to add the ability to use the '_new' ++ * element while preserving size alignment with the '_orig' element. ++ * ++ * The #ifdef __GENKSYMS__ preserves the kABI agreement, while the anonymous ++ * union structure preserves the size alignment (assuming the '_new' element ++ * is not bigger than the '_orig' element). ++ * ++ * RH_KABI_REPLACE_UNSAFE ++ * Unsafe version of RH_KABI_REPLACE. Only use for typedefs. ++ * ++ * RH_KABI_FORCE_CHANGE ++ * Force change of the symbol checksum. The argument of the macro is a ++ * version for cases we need to do this more than once. ++ * ++ * This macro does the opposite: it changes the symbol checksum without ++ * actually changing anything about the exported symbol. It is useful for ++ * symbols that are not whitelisted, we're changing them in an ++ * incompatible way and want to prevent 3rd party modules to silently ++ * corrupt memory. Instead, by changing the symbol checksum, such modules ++ * won't be loaded by the kernel. This macro should only be used as a ++ * last resort when all other KABI workarounds have failed. ++ * ++ * RH_KABI_EXCLUDE ++ * !!! WARNING: DANGEROUS, DO NOT USE unless you are aware of all the !!! ++ * !!! implications. This should be used ONLY EXCEPTIONALLY and only !!! ++ * !!! under specific circumstances. Very likely, this macro does not !!! ++ * !!! do what you expect it to do. Note that any usage of this macro !!! ++ * !!! MUST be paired with a RH_KABI_FORCE_CHANGE annotation of !!! ++ * !!! a suitable symbol (or an equivalent safeguard) and the commit !!! ++ * !!! log MUST explain why the chosen solution is appropriate. !!! ++ * ++ * Exclude the element from checksum generation. Any such element is ++ * considered not to be part of the kABI whitelist and may be changed at ++ * will. Note however that it's the responsibility of the developer ++ * changing the element to ensure 3rd party drivers using this element ++ * won't panic, for example by not allowing them to be loaded. That can ++ * be achieved by changing another, non-whitelisted symbol they use, ++ * either by nature of the change or by using RH_KABI_FORCE_CHANGE. ++ * ++ * Also note that any change to the element must preserve its size. Change ++ * of the size is not allowed and would constitute a silent kABI breakage. ++ * Beware that the RH_KABI_EXCLUDE macro does not do any size checks. ++ * ++ * NOTE ++ * Don't use ';' after these macros as it messes up the kABI checker by ++ * changing what the resulting token string looks like. Instead let this ++ * macro add the ';' so it can be properly hidden from the kABI checker ++ * (mainly for RH_KABI_EXTEND, but applied to all macros for uniformity). ++ * ++ */ ++#ifdef __GENKSYMS__ ++ ++# define RH_KABI_CONST ++# define RH_KABI_EXTEND(_new) ++# define RH_KABI_FILL_HOLE(_new) ++# define RH_KABI_FORCE_CHANGE(ver) __attribute__((rh_kabi_change ## ver)) ++# define RH_KABI_RENAME(_orig, _new) _orig ++ ++# define _RH_KABI_DEPRECATE(_type, _orig) _type _orig ++# define _RH_KABI_DEPRECATE_FN(_type, _orig, _args...) _type (*_orig)(_args) ++# define _RH_KABI_REPLACE(_orig, _new) _orig ++# define _RH_KABI_REPLACE_UNSAFE(_orig, _new) _orig ++# define _RH_KABI_EXCLUDE(_elem) ++ ++#else ++ ++# define RH_KABI_ALIGN_WARNING ". Disable CONFIG_RH_KABI_SIZE_ALIGN_CHECKS if debugging." ++ ++# define RH_KABI_CONST const ++# define RH_KABI_EXTEND(_new) _new; ++# define RH_KABI_FILL_HOLE(_new) _new; ++# define RH_KABI_FORCE_CHANGE(ver) ++# define RH_KABI_RENAME(_orig, _new) _new ++ ++ ++#if IS_BUILTIN(CONFIG_RH_KABI_SIZE_ALIGN_CHECKS) ++# define __RH_KABI_CHECK_SIZE_ALIGN(_orig, _new) \ ++ union { \ ++ _Static_assert(sizeof(struct{_new;}) <= sizeof(struct{_orig;}), \ ++ __FILE__ ":" __stringify(__LINE__) ": " __stringify(_new) " is larger than " __stringify(_orig) RH_KABI_ALIGN_WARNING); \ ++ _Static_assert(__alignof__(struct{_new;}) <= __alignof__(struct{_orig;}), \ ++ __FILE__ ":" __stringify(__LINE__) ": " __stringify(_orig) " is not aligned the same as " __stringify(_new) RH_KABI_ALIGN_WARNING); \ ++ } ++# define __RH_KABI_CHECK_SIZE(_item, _size) \ ++ _Static_assert(sizeof(struct{_item;}) <= _size, \ ++ __FILE__ ":" __stringify(__LINE__) ": " __stringify(_item) " is larger than the reserved size (" __stringify(_size) " bytes)" RH_KABI_ALIGN_WARNING) ++#else ++# define __RH_KABI_CHECK_SIZE_ALIGN(_orig, _new) ++# define __RH_KABI_CHECK_SIZE(_item, _size) ++#endif ++ ++#define RH_KABI_UNIQUE_ID __PASTE(rh_kabi_hidden_, __LINE__) ++ ++# define _RH_KABI_DEPRECATE(_type, _orig) _type rh_reserved_##_orig ++# define _RH_KABI_DEPRECATE_FN(_type, _orig, _args...) \ ++ _type (* rh_reserved_##_orig)(_args) ++# define _RH_KABI_REPLACE(_orig, _new) \ ++ union { \ ++ _new; \ ++ struct { \ ++ _orig; \ ++ } RH_KABI_UNIQUE_ID; \ ++ __RH_KABI_CHECK_SIZE_ALIGN(_orig, _new); \ ++ } ++# define _RH_KABI_REPLACE_UNSAFE(_orig, _new) _new ++ ++# define _RH_KABI_EXCLUDE(_elem) _elem ++ ++#endif /* __GENKSYMS__ */ ++ ++/* semicolon added wrappers for the RH_KABI_REPLACE macros */ ++# define RH_KABI_DEPRECATE(_type, _orig) _RH_KABI_DEPRECATE(_type, _orig); ++# define RH_KABI_DEPRECATE_FN(_type, _orig, _args...) \ ++ _RH_KABI_DEPRECATE_FN(_type, _orig, _args); ++# define RH_KABI_REPLACE(_orig, _new) _RH_KABI_REPLACE(_orig, _new); ++# define RH_KABI_REPLACE_UNSAFE(_orig, _new) _RH_KABI_REPLACE_UNSAFE(_orig, _new); ++/* ++ * Macro for breaking up a random element into two smaller chunks using an ++ * anonymous struct inside an anonymous union. ++ */ ++# define RH_KABI_REPLACE2(orig, _new1, _new2) RH_KABI_REPLACE(orig, struct{ _new1; _new2;}) ++ ++# define RH_KABI_RESERVE(n) _RH_KABI_RESERVE(n); ++/* ++ * Simple wrappers to replace standard Red Hat reserved elements. ++ */ ++# define RH_KABI_USE(n, _new) RH_KABI_REPLACE(_RH_KABI_RESERVE(n), _new) ++/* ++ * Macros for breaking up a reserved element into two smaller chunks using ++ * an anonymous struct inside an anonymous union. ++ */ ++# define RH_KABI_USE2(n, _new1, _new2) RH_KABI_REPLACE(_RH_KABI_RESERVE(n), struct{ _new1; _new2; }) ++ ++/* ++ * We tried to standardize on Red Hat reserved names. These wrappers ++ * leverage those common names making it easier to read and find in the ++ * code. ++ */ ++# define _RH_KABI_RESERVE(n) unsigned long rh_reserved##n ++ ++#define RH_KABI_EXCLUDE(_elem) _RH_KABI_EXCLUDE(_elem); ++ ++/* ++ * Extending a struct while reserving extra space. ++ */ ++#define RH_KABI_EXTEND_WITH_SIZE(_new, _size) \ ++ RH_KABI_EXTEND(union { \ ++ _new; \ ++ unsigned long RH_KABI_UNIQUE_ID[_size]; \ ++ __RH_KABI_CHECK_SIZE(_new, 8 * (_size)); \ ++ }) ++ ++/* ++ * RHEL macros to extend structs. ++ * ++ * base struct: The struct being extended. For example, pci_dev. ++ * extended struct: The Red Hat struct being added to the base struct. ++ * For example, pci_dev_rh. ++ * ++ * These macros should be used to extend structs before KABI freeze. ++ * They can be used post-KABI freeze in the limited case of the base ++ * struct not being embedded in another struct. ++ * ++ * Extended structs cannot be shrunk in size as changes will break ++ * the size & offset comparison. ++ * ++ * Extended struct elements are not guaranteed for access by modules unless ++ * explicitly commented as such in the declaration of the extended struct or ++ * the element in the extended struct. ++ */ ++ ++/* ++ * RH_KABI_SIZE_AND_EXTEND|_PTR() extends a struct by embedding or adding ++ * a pointer in a base struct. The name of the new struct is the name ++ * of the base struct appended with _rh. ++ */ ++#define _RH_KABI_SIZE_AND_EXTEND_PTR(_struct) \ ++ size_t _struct##_size_rh; \ ++ RH_KABI_EXCLUDE(struct _struct##_rh *_struct##_rh) ++#define RH_KABI_SIZE_AND_EXTEND_PTR(_struct) \ ++ _RH_KABI_SIZE_AND_EXTEND_PTR(_struct) ++ ++#define _RH_KABI_SIZE_AND_EXTEND(_struct) \ ++ size_t _struct##_size_rh; \ ++ RH_KABI_EXCLUDE(struct _struct##_rh _struct##_rh) ++#define RH_KABI_SIZE_AND_EXTEND(_struct) \ ++ _RH_KABI_SIZE_AND_EXTEND(_struct) ++ ++/* ++ * RH_KABI_SET_SIZE calculates and sets the size of the extended struct and ++ * stores it in the size_rh field for structs that are dynamically allocated. ++ * This macro MUST be called when expanding a base struct with ++ * RH_KABI_SIZE_AND_EXTEND, and it MUST be called from the allocation site ++ * regardless of being allocated in the kernel or a module. ++ * Note: since this macro is intended to be invoked outside of a struct, ++ * a semicolon is necessary at the end of the line where it is invoked. ++ */ ++#define RH_KABI_SET_SIZE(_name, _struct) ({ \ ++ _name->_struct##_size_rh = sizeof(struct _struct##_rh); \ ++}) ++ ++/* ++ * RH_KABI_INIT_SIZE calculates and sets the size of the extended struct and ++ * stores it in the size_rh field for structs that are statically allocated. ++ * This macro MUST be called when expanding a base struct with ++ * RH_KABI_SIZE_AND_EXTEND, and it MUST be called from the declaration site ++ * regardless of being allocated in the kernel or a module. ++ */ ++#define RH_KABI_INIT_SIZE(_struct) \ ++ ._struct##_size_rh = sizeof(struct _struct##_rh), ++ ++/* ++ * RH_KABI_CHECK_EXT verifies allocated memory exists. This MUST be called to ++ * verify that memory in the _rh struct is valid, and can be called ++ * regardless if RH_KABI_SIZE_AND_EXTEND or RH_KABI_SIZE_AND_EXTEND_PTR is ++ * used. ++ */ ++#define RH_KABI_CHECK_EXT(_ptr, _struct, _field) ({ \ ++ size_t __off = offsetof(struct _struct##_rh, _field); \ ++ _ptr->_struct##_size_rh > __off ? true : false; \ ++}) ++ ++#endif /* _LINUX_RH_KABI_H */ +diff --git a/include/linux/rmi.h b/include/linux/rmi.h +index ab7eea01ab42..fff7c5f737fc 100644 +--- a/include/linux/rmi.h ++++ b/include/linux/rmi.h +@@ -364,6 +364,7 @@ struct rmi_driver_data { + + struct rmi4_attn_data attn_data; + DECLARE_KFIFO(attn_fifo, struct rmi4_attn_data, 16); ++ struct work_struct attn_work; + }; + + int rmi_register_transport_device(struct rmi_transport_dev *xport); +diff --git a/include/linux/security.h b/include/linux/security.h +index 9aeda3f9e838..de544db8b73b 100644 +--- a/include/linux/security.h ++++ b/include/linux/security.h +@@ -470,6 +470,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); + int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); + int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); + int security_locked_down(enum lockdown_reason what); ++int security_lock_kernel_down(const char *where, enum lockdown_reason level); + #else /* CONFIG_SECURITY */ + + static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) +@@ -1343,6 +1344,10 @@ static inline int security_locked_down(enum lockdown_reason what) + { + return 0; + } ++static inline int security_lock_kernel_down(const char *where, enum lockdown_reason level) ++{ ++ return 0; ++} + #endif /* CONFIG_SECURITY */ + + #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) +diff --git a/kernel/Makefile b/kernel/Makefile +index e8a6715f38dc..f92f94ce57aa 100644 +--- a/kernel/Makefile ++++ b/kernel/Makefile +@@ -12,6 +12,7 @@ obj-y = fork.o exec_domain.o panic.o \ + notifier.o ksysfs.o cred.o reboot.o \ + async.o range.o smpboot.o ucount.o regset.o + ++obj-$(CONFIG_RHEL_DIFFERENCES) += rh_taint.o + obj-$(CONFIG_USERMODE_DRIVER) += usermode_driver.o + obj-$(CONFIG_MODULES) += kmod.o + obj-$(CONFIG_MULTIUSER) += groups.o +diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c +index 250503482cda..dde01992df7e 100644 +--- a/kernel/bpf/syscall.c ++++ b/kernel/bpf/syscall.c +@@ -24,6 +24,7 @@ + #include <linux/ctype.h> + #include <linux/nospec.h> + #include <linux/audit.h> ++#include <linux/init.h> + #include <uapi/linux/btf.h> + #include <linux/pgtable.h> + #include <linux/bpf_lsm.h> +@@ -50,7 +51,25 @@ static DEFINE_SPINLOCK(map_idr_lock); + static DEFINE_IDR(link_idr); + static DEFINE_SPINLOCK(link_idr_lock); + +-int sysctl_unprivileged_bpf_disabled __read_mostly; ++/* RHEL-only: default to 1 */ ++int sysctl_unprivileged_bpf_disabled __read_mostly = 1; ++ ++static int __init unprivileged_bpf_setup(char *str) ++{ ++ unsigned long disabled; ++ if (!kstrtoul(str, 0, &disabled)) ++ sysctl_unprivileged_bpf_disabled = !!disabled; ++ ++ if (!sysctl_unprivileged_bpf_disabled) { ++ pr_warn("Unprivileged BPF has been enabled " ++ "(unprivileged_bpf_disabled=0 has been supplied " ++ "in boot parameters), tainting the kernel"); ++ add_taint(TAINT_UNPRIVILEGED_BPF, LOCKDEP_STILL_OK); ++ } ++ ++ return 1; ++} ++__setup("unprivileged_bpf_disabled=", unprivileged_bpf_setup); + + static const struct bpf_map_ops * const bpf_map_types[] = { + #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) +@@ -4351,11 +4370,17 @@ static int bpf_prog_bind_map(union bpf_attr *attr) + SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, size) + { + union bpf_attr attr; ++ static int marked; + int err; + + if (sysctl_unprivileged_bpf_disabled && !bpf_capable()) + return -EPERM; + ++ if (!marked) { ++ mark_tech_preview("eBPF syscall", NULL); ++ marked = true; ++ } ++ + err = bpf_check_uarg_tail_zero(uattr, sizeof(attr), size); + if (err) + return err; +diff --git a/kernel/crash_core.c b/kernel/crash_core.c +index 825284baaf46..0b2b3f510b16 100644 +--- a/kernel/crash_core.c ++++ b/kernel/crash_core.c +@@ -7,6 +7,7 @@ + #include <linux/crash_core.h> + #include <linux/utsname.h> + #include <linux/vmalloc.h> ++#include <linux/sizes.h> + + #include <asm/page.h> + #include <asm/sections.h> +@@ -41,6 +42,15 @@ static int __init parse_crashkernel_mem(char *cmdline, + unsigned long long *crash_base) + { + char *cur = cmdline, *tmp; ++ unsigned long long total_mem = system_ram; ++ ++ /* ++ * Firmware sometimes reserves some memory regions for it's own use. ++ * so we get less than actual system memory size. ++ * Workaround this by round up the total size to 128M which is ++ * enough for most test cases. ++ */ ++ total_mem = roundup(total_mem, SZ_128M); + + /* for each entry of the comma-separated list */ + do { +@@ -85,13 +95,13 @@ static int __init parse_crashkernel_mem(char *cmdline, + return -EINVAL; + } + cur = tmp; +- if (size >= system_ram) { ++ if (size >= total_mem) { + pr_warn("crashkernel: invalid size\n"); + return -EINVAL; + } + + /* match ? */ +- if (system_ram >= start && system_ram < end) { ++ if (total_mem >= start && total_mem < end) { + *crash_size = size; + break; + } +@@ -250,6 +260,20 @@ static int __init __parse_crashkernel(char *cmdline, + if (suffix) + return parse_crashkernel_suffix(ck_cmdline, crash_size, + suffix); ++ ++ if (strncmp(ck_cmdline, "auto", 4) == 0) { ++#ifdef CONFIG_X86_64 ++ ck_cmdline = "1G-64G:160M,64G-1T:256M,1T-:512M"; ++#elif defined(CONFIG_S390) ++ ck_cmdline = "4G-64G:160M,64G-1T:256M,1T-:512M"; ++#elif defined(CONFIG_ARM64) ++ ck_cmdline = "2G-:512M"; ++#elif defined(CONFIG_PPC64) ++ ck_cmdline = "2G-4G:384M,4G-16G:512M,16G-64G:1G,64G-128G:2G,128G-:4G"; ++#endif ++ pr_info("Using crashkernel=auto, the size chosen is a best effort estimation.\n"); ++ } ++ + /* + * if the commandline contains a ':', then that's the extended + * syntax -- if not, it must be the classic syntax +diff --git a/kernel/module.c b/kernel/module.c +index 20fb004e7d8d..d5397912b174 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -738,6 +738,7 @@ static struct module_attribute modinfo_##field = { \ + + MODINFO_ATTR(version); + MODINFO_ATTR(srcversion); ++MODINFO_ATTR(rhelversion); + + static char last_unloaded_module[MODULE_NAME_LEN+1]; + +@@ -1202,6 +1203,7 @@ static struct module_attribute *modinfo_attrs[] = { + &module_uevent, + &modinfo_version, + &modinfo_srcversion, ++ &modinfo_rhelversion, + &modinfo_initstate, + &modinfo_coresize, + &modinfo_initsize, +diff --git a/kernel/module_signing.c b/kernel/module_signing.c +index 8723ae70ea1f..fb2d773498c2 100644 +--- a/kernel/module_signing.c ++++ b/kernel/module_signing.c +@@ -38,8 +38,15 @@ int mod_verify_sig(const void *mod, struct load_info *info) + modlen -= sig_len + sizeof(ms); + info->len = modlen; + +- return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, ++ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, + VERIFY_USE_SECONDARY_KEYRING, + VERIFYING_MODULE_SIGNATURE, + NULL, NULL); ++ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { ++ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, ++ VERIFY_USE_PLATFORM_KEYRING, ++ VERIFYING_MODULE_SIGNATURE, ++ NULL, NULL); ++ } ++ return ret; + } +diff --git a/kernel/panic.c b/kernel/panic.c +index 332736a72a58..1c81aa14f488 100644 +--- a/kernel/panic.c ++++ b/kernel/panic.c +@@ -386,6 +386,20 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { + [ TAINT_LIVEPATCH ] = { 'K', ' ', true }, + [ TAINT_AUX ] = { 'X', ' ', true }, + [ TAINT_RANDSTRUCT ] = { 'T', ' ', true }, ++ [ TAINT_18 ] = { '?', '-', false }, ++ [ TAINT_19 ] = { '?', '-', false }, ++ [ TAINT_20 ] = { '?', '-', false }, ++ [ TAINT_21 ] = { '?', '-', false }, ++ [ TAINT_22 ] = { '?', '-', false }, ++ [ TAINT_23 ] = { '?', '-', false }, ++ [ TAINT_24 ] = { '?', '-', false }, ++ [ TAINT_25 ] = { '?', '-', false }, ++ [ TAINT_26 ] = { '?', '-', false }, ++ [ TAINT_SUPPORT_REMOVED ] = { 'h', ' ', false }, ++ [ TAINT_RESERVED28 ] = { '?', '-', false }, ++ [ TAINT_RESERVED29 ] = { '?', '-', false }, ++ [ TAINT_RESERVED30 ] = { '?', '-', false }, ++ [ TAINT_UNPRIVILEGED_BPF ] = { 'u', ' ', false }, + }; + + /** +diff --git a/kernel/rh_taint.c b/kernel/rh_taint.c +new file mode 100644 +index 000000000000..4050b6dead75 +--- /dev/null ++++ b/kernel/rh_taint.c +@@ -0,0 +1,93 @@ ++#include <linux/kernel.h> ++#include <linux/module.h> ++ ++/* ++ * The following functions are used by Red Hat to indicate to users that ++ * hardware and drivers are unsupported, or have limited support in RHEL major ++ * and minor releases. These functions output loud warning messages to the end ++ * user and should be USED WITH CAUTION. ++ * ++ * Any use of these functions _MUST_ be documented in the RHEL Release Notes, ++ * and have approval of management. ++ */ ++ ++/** ++ * mark_hardware_unsupported() - Mark hardware, class, or type as unsupported. ++ * @msg: Hardware name, class, or type ++ * ++ * Called to mark a device, class of devices, or types of devices as not having ++ * support in any RHEL minor release. This does not TAINT the kernel. Red Hat ++ * will not fix bugs against this hardware in this minor release. Red Hat may ++ * declare support in a future major or minor update release. This cannot be ++ * used to mark drivers unsupported. ++ */ ++void mark_hardware_unsupported(const char *msg) ++{ ++ /* Print one single message */ ++ pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://catalog.redhat.com for certified hardware.\n", msg); ++} ++EXPORT_SYMBOL(mark_hardware_unsupported); ++ ++/** ++ * mark_hardware_deprecated() - Mark hardware, class, or type as deprecated. ++ * @msg: Hardware name, class, or type ++ * ++ * Called to minimize the support status of a previously supported device in ++ * a minor release. This does not TAINT the kernel. Marking hardware ++ * deprecated is usually done in conjunction with the hardware vendor. Future ++ * RHEL major releases may not include this driver. Driver updates and fixes ++ * for this device will be limited to critical issues in future minor releases. ++ */ ++void mark_hardware_deprecated(const char *msg) ++{ ++ pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this RHEL release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact Red Hat Support or your device's hardware vendor for additional information.\n", msg); ++} ++EXPORT_SYMBOL(mark_hardware_deprecated); ++ ++/** ++ * mark_tech_preview() - Mark driver or kernel subsystem as 'Tech Preview' ++ * @msg: Driver or kernel subsystem name ++ * ++ * Called to minimize the support status of a new driver. This does TAINT the ++ * kernel. Calling this function indicates that the driver or subsystem has ++ * had limited testing and is not marked for full support within this RHEL ++ * minor release. The next RHEL minor release may contain full support for ++ * this driver. Red Hat does not guarantee that bugs reported against this ++ * driver or subsystem will be resolved. ++ */ ++void mark_tech_preview(const char *msg, struct module *mod) ++{ ++ const char *str = NULL; ++ ++ if (msg) ++ str = msg; ++#ifdef CONFIG_MODULES ++ else if (mod && mod->name) ++ str = mod->name; ++#endif ++ ++ pr_warn("TECH PREVIEW: %s may not be fully supported.\n" ++ "Please review provided documentation for limitations.\n", ++ (str ? str : "kernel")); ++ add_taint(TAINT_AUX, LOCKDEP_STILL_OK); ++#ifdef CONFIG_MODULES ++ if (mod) ++ mod->taints |= (1U << TAINT_AUX); ++#endif ++} ++EXPORT_SYMBOL(mark_tech_preview); ++ ++/** ++ * mark_driver_unsupported - drivers that we know we don't want to support ++ * @name: the name of the driver ++ * ++ * In some cases Red Hat has chosen to build a driver for internal QE ++ * use. Use this function to mark those drivers as unsupported for ++ * customers. ++ */ ++void mark_driver_unsupported(const char *name) ++{ ++ pr_crit("Warning: %s - This driver has not undergone sufficient testing by Red Hat for this release and therefore cannot be used in production systems.\n", ++ name ? name : "kernel"); ++} ++EXPORT_SYMBOL(mark_driver_unsupported); +diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c +index 24725e50c7b4..cdefcf29dbfc 100644 +--- a/scripts/mod/modpost.c ++++ b/scripts/mod/modpost.c +@@ -20,6 +20,7 @@ + #include <errno.h> + #include "modpost.h" + #include "../../include/linux/license.h" ++#include "../../include/generated/uapi/linux/version.h" + + /* Are we using CONFIG_MODVERSIONS? */ + static int modversions = 0; +@@ -2335,6 +2336,12 @@ static void write_buf(struct buffer *b, const char *fname) + } + } + ++static void add_rhelversion(struct buffer *b, struct module *mod) ++{ ++ buf_printf(b, "MODULE_INFO(rhelversion, \"%d.%d\");\n", RHEL_MAJOR, ++ RHEL_MINOR); ++} ++ + static void write_if_changed(struct buffer *b, const char *fname) + { + char *tmp; +@@ -2584,6 +2591,7 @@ int main(int argc, char **argv) + add_depends(&buf, mod); + add_moddevtable(&buf, mod); + add_srcversion(&buf, mod); ++ add_rhelversion(&buf, mod); + + sprintf(fname, "%s.mod.c", mod->name); + write_if_changed(&buf, fname); +diff --git a/scripts/tags.sh b/scripts/tags.sh +index fd96734deff1..5b540f3dcff1 100755 +--- a/scripts/tags.sh ++++ b/scripts/tags.sh +@@ -16,6 +16,8 @@ fi + ignore="$(echo "$RCS_FIND_IGNORE" | sed 's|\\||g' )" + # tags and cscope files should also ignore MODVERSION *.mod.c files + ignore="$ignore ( -name *.mod.c ) -prune -o" ++# RHEL tags and cscope should also ignore redhat/rpm ++ignore="$ignore ( -path redhat/rpm ) -prune -o" + + # Use make KBUILD_ABS_SRCTREE=1 {tags|cscope} + # to force full paths for a non-O= build +diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c +index f290f78c3f30..d3e7ae04f5be 100644 +--- a/security/integrity/platform_certs/load_uefi.c ++++ b/security/integrity/platform_certs/load_uefi.c +@@ -46,7 +46,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, + return NULL; + + if (*status != EFI_BUFFER_TOO_SMALL) { +- pr_err("Couldn't get size: 0x%lx\n", *status); ++ pr_err("Couldn't get size: %s (0x%lx)\n", ++ efi_status_to_str(*status), *status); + return NULL; + } + +@@ -57,7 +58,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, + *status = efi.get_variable(name, guid, NULL, &lsize, db); + if (*status != EFI_SUCCESS) { + kfree(db); +- pr_err("Error reading db var: 0x%lx\n", *status); ++ pr_err("Error reading db var: %s (0x%lx)\n", ++ efi_status_to_str(*status), *status); + return NULL; + } + +diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig +index e84ddf484010..d0501353a4b9 100644 +--- a/security/lockdown/Kconfig ++++ b/security/lockdown/Kconfig +@@ -16,6 +16,19 @@ config SECURITY_LOCKDOWN_LSM_EARLY + subsystem is fully initialised. If enabled, lockdown will + unconditionally be called before any other LSMs. + ++config LOCK_DOWN_IN_EFI_SECURE_BOOT ++ bool "Lock down the kernel in EFI Secure Boot mode" ++ default n ++ depends on EFI && SECURITY_LOCKDOWN_LSM_EARLY ++ help ++ UEFI Secure Boot provides a mechanism for ensuring that the firmware ++ will only load signed bootloaders and kernels. Secure boot mode may ++ be determined from EFI variables provided by the system firmware if ++ not indicated by the boot parameters. ++ ++ Enabling this option results in kernel lockdown being triggered if ++ EFI Secure Boot is set. ++ + choice + prompt "Kernel default lockdown mode" + default LOCK_DOWN_KERNEL_FORCE_NONE +diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c +index 87cbdc64d272..18555cf18da7 100644 +--- a/security/lockdown/lockdown.c ++++ b/security/lockdown/lockdown.c +@@ -73,6 +73,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what) + + static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { + LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), ++ LSM_HOOK_INIT(lock_kernel_down, lock_kernel_down), + }; + + static int __init lockdown_lsm_init(void) +diff --git a/security/security.c b/security/security.c +index 94383f83ba42..7adc15e72694 100644 +--- a/security/security.c ++++ b/security/security.c +@@ -2561,6 +2561,12 @@ int security_locked_down(enum lockdown_reason what) + } + EXPORT_SYMBOL(security_locked_down); + ++int security_lock_kernel_down(const char *where, enum lockdown_reason level) ++{ ++ return call_int_hook(lock_kernel_down, 0, where, level); ++} ++EXPORT_SYMBOL(security_lock_kernel_down); ++ + #ifdef CONFIG_PERF_EVENTS + int security_perf_event_open(struct perf_event_attr *attr, int type) + { |