diff options
Diffstat (limited to 'patch-5.7.0-redhat.patch')
-rw-r--r-- | patch-5.7.0-redhat.patch | 328 |
1 files changed, 164 insertions, 164 deletions
diff --git a/patch-5.7.0-redhat.patch b/patch-5.7.0-redhat.patch index 099aa5ca5..bda3b0012 100644 --- a/patch-5.7.0-redhat.patch +++ b/patch-5.7.0-redhat.patch @@ -113,7 +113,7 @@ index ac7e131d2935..3b3bf30e537d 100644 @@ -285,6 +285,17 @@ This would mean: 2) if the RAM size is between 512M and 2G (exclusive), then reserve 64M 3) if the RAM size is larger than 2G, then reserve 128M - + +Or you can use crashkernel=auto if you have enough memory. The threshold +is 2G on x86_64, arm64, ppc64 and ppc64le. The threshold is 4G for s390x. +If your system memory is less than the threshold crashkernel=auto will not @@ -125,8 +125,8 @@ index ac7e131d2935..3b3bf30e537d 100644 + s390x: 4G-64G:160M,64G-1T:256M,1T-:512M + arm64: 2G-:512M + ppc64: 2G-4G:384M,4G-16G:512M,16G-64G:1G,64G-128G:2G,128G-:4G - - + + Boot into System Kernel diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index f2a93c8679e8..9af891d5b8eb 100644 @@ -135,7 +135,7 @@ index f2a93c8679e8..9af891d5b8eb 100644 @@ -5162,6 +5162,14 @@ unknown_nmi_panic [X86] Cause panic on unknown NMI. - + + unprivileged_bpf_disabled= + Format: { "0" | "1" } + Sets the initial value of @@ -154,7 +154,7 @@ index 715586dea9bb..fff0439c6b78 100644 @@ -420,6 +420,11 @@ properties: - const: pine64,rockpro64 - const: rockchip,rk3399 - + + - description: Pine64 PinebookPro + items: + - const: pine64,pinebook-pro @@ -225,7 +225,7 @@ index e10b3ee084d4..01c0df787518 100644 +++ b/Kconfig @@ -32,3 +32,5 @@ source "lib/Kconfig" source "lib/Kconfig.debug" - + source "Documentation/Kconfig" + +source "Kconfig.redhat" @@ -259,7 +259,7 @@ index 49b2709ff44e..e6e36dcbebfb 100644 @@ -15,6 +15,10 @@ NAME = Kleptomaniac Octopus PHONY := _all _all: - + +# Set RHEL variables +# Use this spot to avoid future merge conflicts +include Makefile.rhelver @@ -289,7 +289,7 @@ index 49b2709ff44e..e6e36dcbebfb 100644 + $(shell expr $(RHEL_MAJOR) \* 256 + $(RHEL_MINOR))'; \ + echo '#define RHEL_RELEASE "$(RHEL_RELEASE)"' endef - + $(version_h): FORCE diff --git a/Makefile.rhelver b/Makefile.rhelver new file mode 100644 @@ -348,7 +348,7 @@ index 66a04f6f4775..7b63103f088c 100644 +++ b/arch/arm/Kconfig @@ -1542,9 +1542,9 @@ config HIGHMEM If unsure, say n. - + config HIGHPTE - bool "Allocate 2nd-level pagetables from highmem" if EXPERT + bool "Allocate 2nd-level pagetables from highmem" @@ -387,14 +387,14 @@ index 98c6b91be4a8..60055827dddc 100644 + uaccess_restore(__ua_flags); \ + __err; \ }) - + #define get_user(x, p) \ diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 40fb05d96c60..f57bee916600 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -857,7 +857,7 @@ endchoice - + config ARM64_FORCE_52BIT bool "Force 52-bit virtual addresses for userspace" - depends on ARM64_VA_BITS_52 && EXPERT @@ -417,7 +417,7 @@ index cefda145c3c9..96d9150423e0 100644 @@ -16,6 +16,15 @@ aliases { serial0 = &uart0; }; - + + backlight: backlight { + compatible = "pwm-backlight"; + pwms = <&r_pwm 0 50000 PWM_POLARITY_INVERTED>; @@ -433,7 +433,7 @@ index cefda145c3c9..96d9150423e0 100644 @@ -84,6 +93,30 @@ &dai { status = "okay"; }; - + +&de { + status = "okay"; +}; @@ -464,26 +464,26 @@ index cefda145c3c9..96d9150423e0 100644 @@ -188,6 +221,10 @@ &r_pio { */ }; - + +&r_pwm { + status = "okay"; +}; + &r_rsb { status = "okay"; - + diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c index a100483b47c4..29f693734edb 100644 --- a/arch/arm64/kernel/acpi.c +++ b/arch/arm64/kernel/acpi.c @@ -39,7 +39,7 @@ int acpi_pci_disabled = 1; /* skip ACPI PCI scan and IRQ initialization */ EXPORT_SYMBOL(acpi_pci_disabled); - + static bool param_acpi_off __initdata; -static bool param_acpi_on __initdata; +static bool param_acpi_on __initdata = true; static bool param_acpi_force __initdata; - + static int __init parse_acpi(char *arg) diff --git a/arch/s390/include/asm/ipl.h b/arch/s390/include/asm/ipl.h index b63bd66404b8..3482d9602e68 100644 @@ -494,7 +494,7 @@ index b63bd66404b8..3482d9602e68 100644 int ipl_report_add_certificate(struct ipl_report *report, void *key, unsigned long addr, unsigned long len); +bool ipl_get_secureboot(void); - + /* * DIAG 308 support diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c @@ -503,7 +503,7 @@ index 4a71061974fd..9baf0b570c3d 100644 +++ b/arch/s390/kernel/ipl.c @@ -1901,3 +1901,8 @@ int ipl_report_free(struct ipl_report *report) } - + #endif + +bool ipl_get_secureboot(void) @@ -519,13 +519,13 @@ index 36445dd40fdb..b338a050c5aa 100644 #include <linux/compat.h> #include <linux/start_kernel.h> +#include <linux/security.h> - + #include <asm/boot_data.h> #include <asm/ipl.h> @@ -1093,6 +1094,9 @@ void __init setup_arch(char **cmdline_p) - + log_component_list(); - + + if (ipl_get_secureboot()) + security_lock_kernel_down("Secure IPL mode", LOCKDOWN_INTEGRITY_MAX); + @@ -543,7 +543,7 @@ index bed0cb83fe24..a15622e0d79f 100644 + get_model_name(c); /* RHEL: get model name for unsupported check */ get_cpu_address_sizes(c); setup_force_cpu_cap(X86_FEATURE_CPUID); - + diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 4b3fa6cd3106..0fd824c4162d 100644 --- a/arch/x86/kernel/setup.c @@ -554,14 +554,14 @@ index 4b3fa6cd3106..0fd824c4162d 100644 #include <linux/tboot.h> +#include <linux/security.h> #include <linux/usb/xhci-dbgp.h> - + #include <uapi/linux/mount.h> @@ -44,6 +45,7 @@ #include <asm/unwind.h> #include <asm/vsyscall.h> #include <linux/vmalloc.h> +#include <asm/intel-family.h> - + /* * max_low_pfn_mapped: highest directly mapped pfn < 4 GB @@ -747,7 +749,132 @@ static void __init trim_low_memory_range(void) @@ -701,7 +701,7 @@ index 4b3fa6cd3106..0fd824c4162d 100644 @@ -973,6 +1100,13 @@ void __init setup_arch(char **cmdline_p) if (efi_enabled(EFI_BOOT)) efi_init(); - + + efi_set_secure_boot(boot_params.secure_boot); + +#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT @@ -710,12 +710,12 @@ index 4b3fa6cd3106..0fd824c4162d 100644 +#endif + dmi_setup(); - + /* @@ -1124,19 +1258,7 @@ void __init setup_arch(char **cmdline_p) /* Allocate bigger log buffer */ setup_log_buf(1); - + - if (efi_enabled(EFI_BOOT)) { - switch (boot_params.secure_boot) { - case efi_secureboot_mode_disabled: @@ -730,20 +730,20 @@ index 4b3fa6cd3106..0fd824c4162d 100644 - } - } + efi_set_secure_boot(boot_params.secure_boot); - + reserve_initrd(); - + @@ -1244,6 +1366,10 @@ void __init setup_arch(char **cmdline_p) efi_apply_memmap_quirks(); #endif - + +#ifdef CONFIG_RHEL_DIFFERENCES + rh_check_supported(); +#endif + unwind_init(); } - + diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c index 822402480f7d..3f87d8602560 100644 --- a/drivers/acpi/apei/hest.c @@ -751,7 +751,7 @@ index 822402480f7d..3f87d8602560 100644 @@ -88,6 +88,14 @@ int apei_hest_parse(apei_hest_func_t func, void *data) if (hest_disable || !hest_tab) return -EINVAL; - + +#ifdef CONFIG_ARM64 + /* Ignore broken firmware */ + if (!strncmp(hest_tab->header.oem_id, "HPE ", 6) && @@ -773,7 +773,7 @@ index e209081d644b..7484bcf59a1b 100644 struct irq_fwspec *fwspec; + bool skip_producer_check; }; - + /** @@ -197,7 +198,8 @@ static acpi_status acpi_irq_parse_one_cb(struct acpi_resource *ares, return AE_CTRL_TERMINATE; @@ -791,7 +791,7 @@ index e209081d644b..7484bcf59a1b 100644 { - struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec }; + struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec, false }; - + + /* + * Firmware on arm64-based HPE m400 platform incorrectly marks + * its UART interrupt as ACPI_PRODUCER rather than ACPI_CONSUMER. @@ -813,7 +813,7 @@ index 6d3448895382..221255007dc8 100644 @@ -1563,6 +1563,15 @@ static bool acpi_device_enumeration_by_parent(struct acpi_device *device) if (!acpi_match_device_ids(device, i2c_multi_instantiate_ids)) return false; - + + /* + * Firmware on some arm64 X-Gene platforms will make the UART + * device appear as both a UART and a slave of that UART. Just @@ -833,7 +833,7 @@ index ea5bf5f4cbed..71c55cae27ac 100644 @@ -666,6 +666,24 @@ int ahci_stop_engine(struct ata_port *ap) tmp &= ~PORT_CMD_START; writel(tmp, port_mmio + PORT_CMD); - + +#ifdef CONFIG_ARM64 + /* Rev Ax of Cavium CN99XX needs a hack for port stop */ + if (dev_is_pci(ap->host->dev) && @@ -862,7 +862,7 @@ index bbf7029e224b..cf7faa970dd6 100644 @@ -215,6 +215,21 @@ static int __init scan_for_dmi_ipmi(void) { const struct dmi_device *dev = NULL; - + +#ifdef CONFIG_ARM64 + /* RHEL-only + * If this is ARM-based HPE m400, return now, because that platform @@ -880,7 +880,7 @@ index bbf7029e224b..cf7faa970dd6 100644 + while ((dev = dmi_find_device(DMI_DEV_TYPE_IPMI, NULL, dev))) dmi_decode_ipmi((const struct dmi_header *) dev->device_data); - + diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c index c48d8f086382..0fc980a87ed0 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c @@ -890,13 +890,13 @@ index c48d8f086382..0fc980a87ed0 100644 #include <linux/uuid.h> #include <linux/nospec.h> +#include <linux/dmi.h> - + #define IPMI_DRIVER_VERSION "39.2" - + @@ -5154,8 +5155,21 @@ static int __init ipmi_init_msghandler_mod(void) { int rv; - + - pr_info("version " IPMI_DRIVER_VERSION "\n"); +#ifdef CONFIG_ARM64 + /* RHEL-only @@ -905,7 +905,7 @@ index c48d8f086382..0fc980a87ed0 100644 + * does not exist in the ARM architecture. + */ + const char *dmistr = dmi_get_system_info(DMI_PRODUCT_NAME); - + + if (dmistr && (strcmp("ProLiant m400 Server", dmistr) == 0)) { + pr_debug("%s does not support host ipmi\n", dmistr); + return -ENOSYS; @@ -949,13 +949,13 @@ index 911a2bd0f6b7..3696e87f19ee 100644 #include <linux/memblock.h> #include <linux/security.h> +#include <linux/bsearch.h> - + #include <asm/early_ioremap.h> - + @@ -831,40 +832,101 @@ int efi_mem_type(unsigned long phys_addr) } #endif - + +struct efi_error_code { + efi_status_t status; + int errno; @@ -1060,7 +1060,7 @@ index 911a2bd0f6b7..3696e87f19ee 100644 - } + struct efi_error_code *found; + size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code); - + - return err; + found = bsearch((void *)(uintptr_t)status, efi_error_codes, + sizeof(struct efi_error_code), num, @@ -1083,7 +1083,7 @@ index 911a2bd0f6b7..3696e87f19ee 100644 + return "Unknown error code"; + return found->description; } - + static DEFINE_SPINLOCK(efi_mem_reserve_persistent_lock); diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c new file mode 100644 @@ -1139,12 +1139,12 @@ index da26a584dca0..cbb495aff6a0 100644 #include <linux/slab.h> +#include <linux/pci.h> #include <soc/bcm2835/raspberrypi-firmware.h> - + #define MBOX_MSG(chan, data28) (((data28) & ~0xf) | ((chan) & 0xf)) @@ -286,6 +287,43 @@ struct rpi_firmware *rpi_firmware_get(struct device_node *firmware_node) } EXPORT_SYMBOL_GPL(rpi_firmware_get); - + +/* + * On the Raspberry Pi 4, after a PCI reset, VL805's firmware may either be + * loaded directly from an EEPROM or, if not present, by the SoC's VideCore. @@ -1192,7 +1192,7 @@ index a1723c1b5fbf..cf0c59015a44 100644 @@ -433,6 +433,15 @@ config DRM_PANEL_TRULY_NT35597_WQXGA Say Y here if you want to enable support for Truly NT35597 WQXGA Dual DSI Video Mode panel - + +config DRM_PANEL_XINGBANGDA_XBD599 + tristate "Xingbangda XBD599 panel" + depends on OF @@ -1597,7 +1597,7 @@ index 059939789730..5f2313c40328 100644 hsa = max((unsigned int)HSA_PACKET_OVERHEAD, - (mode->hsync_end - mode->hsync_start) * Bpp - HSA_PACKET_OVERHEAD); + (mode->hsync_end - mode->hsync_start) * Bpp) - HSA_PACKET_OVERHEAD; - + /* * The backporch is set using a blanking packet (4 @@ -564,7 +564,7 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi, @@ -1606,7 +1606,7 @@ index 059939789730..5f2313c40328 100644 hbp = max((unsigned int)HBP_PACKET_OVERHEAD, - (mode->htotal - mode->hsync_end) * Bpp - HBP_PACKET_OVERHEAD); + (mode->htotal - mode->hsync_end) * Bpp) - HBP_PACKET_OVERHEAD; - + /* * The frontporch is set using a sync event (4 bytes) @@ -574,7 +574,7 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi, @@ -1615,7 +1615,7 @@ index 059939789730..5f2313c40328 100644 hfp = max((unsigned int)HFP_PACKET_OVERHEAD, - (mode->hsync_start - mode->hdisplay) * Bpp - HFP_PACKET_OVERHEAD); + (mode->hsync_start - mode->hdisplay) * Bpp) - HFP_PACKET_OVERHEAD; - + /* * The blanking is set using a sync event (4 bytes) @@ -583,8 +583,8 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi, @@ -1626,7 +1626,7 @@ index 059939789730..5f2313c40328 100644 - HBLK_PACKET_OVERHEAD); + (mode->htotal - (mode->hsync_end - mode->hsync_start)) * Bpp) - + HBLK_PACKET_OVERHEAD; - + /* * And I'm not entirely sure what vblk is about. The driver in diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c @@ -1638,25 +1638,25 @@ index 8cffa84c9650..6c4e3675601a 100644 struct rmi_data *hdata = hid_get_drvdata(hdev); struct rmi_device *rmi_dev = hdata->xport.rmi_dev; - unsigned long flags; - + if (!(test_bit(RMI_STARTED, &hdata->flags))) return 0; - + - local_irq_save(flags); - rmi_set_attn_data(rmi_dev, data[1], &data[2], size - 2); - + - generic_handle_irq(hdata->rmi_irq); - - local_irq_restore(flags); - return 1; } - + @@ -592,56 +585,6 @@ static const struct rmi_transport_ops hid_rmi_ops = { .reset = rmi_hid_reset, }; - + -static void rmi_irq_teardown(void *data) -{ - struct rmi_data *hdata = data; @@ -1711,9 +1711,9 @@ index 8cffa84c9650..6c4e3675601a 100644 { struct rmi_data *data = NULL; @@ -714,18 +657,11 @@ static int rmi_probe(struct hid_device *hdev, const struct hid_device_id *id) - + mutex_init(&data->page_mutex); - + - ret = rmi_setup_irq_domain(hdev); - if (ret) { - hid_err(hdev, "failed to allocate IRQ domain\n"); @@ -1722,13 +1722,13 @@ index 8cffa84c9650..6c4e3675601a 100644 - if (data->device_flags & RMI_DEVICE_HAS_PHYS_BUTTONS) rmi_hid_pdata.f30_data.disable = true; - + data->xport.dev = hdev->dev.parent; data->xport.pdata = rmi_hid_pdata; - data->xport.pdata.irq = data->rmi_irq; data->xport.proto_name = "hid"; data->xport.ops = &hid_rmi_ops; - + diff --git a/drivers/infiniband/sw/rxe/rxe.c b/drivers/infiniband/sw/rxe/rxe.c index 4afdd2e20883..05e637aa0e3d 100644 --- a/drivers/infiniband/sw/rxe/rxe.c @@ -1736,7 +1736,7 @@ index 4afdd2e20883..05e637aa0e3d 100644 @@ -335,6 +335,8 @@ static int __init rxe_module_init(void) { int err; - + + mark_tech_preview("Soft-RoCE Transport Driver", THIS_MODULE); + /* initialize slab caches for managed objects */ @@ -1748,13 +1748,13 @@ index 190b9974526b..27a65991de0e 100644 +++ b/drivers/input/rmi4/rmi_driver.c @@ -182,34 +182,47 @@ void rmi_set_attn_data(struct rmi_device *rmi_dev, unsigned long irq_status, attn_data.data = fifo_data; - + kfifo_put(&drvdata->attn_fifo, attn_data); + + schedule_work(&drvdata->attn_work); } EXPORT_SYMBOL_GPL(rmi_set_attn_data); - + -static irqreturn_t rmi_irq_fn(int irq, void *dev_id) +static void attn_callback(struct work_struct *work) { @@ -1765,7 +1765,7 @@ index 190b9974526b..27a65991de0e 100644 + attn_work); struct rmi4_attn_data attn_data = {0}; int ret, count; - + count = kfifo_get(&drvdata->attn_fifo, &attn_data); - if (count) { - *(drvdata->irq_status) = attn_data.irq_status; @@ -1773,7 +1773,7 @@ index 190b9974526b..27a65991de0e 100644 - } + if (!count) + return; - + - ret = rmi_process_interrupt_requests(rmi_dev); + *(drvdata->irq_status) = attn_data.irq_status; + drvdata->attn_data = attn_data; @@ -1783,14 +1783,14 @@ index 190b9974526b..27a65991de0e 100644 - rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev, + rmi_dbg(RMI_DEBUG_CORE, &drvdata->rmi_dev->dev, "Failed to process interrupt request: %d\n", ret); - + - if (count) { - kfree(attn_data.data); - attn_data.data = NULL; - } + kfree(attn_data.data); + attn_data.data = NULL; - + if (!kfifo_is_empty(&drvdata->attn_fifo)) - return rmi_irq_fn(irq, dev_id); + schedule_work(&drvdata->attn_work); @@ -1805,7 +1805,7 @@ index 190b9974526b..27a65991de0e 100644 + if (ret) + rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev, + "Failed to process interrupt request: %d\n", ret); - + return IRQ_HANDLED; } @@ -217,7 +230,6 @@ static irqreturn_t rmi_irq_fn(int irq, void *dev_id) @@ -1815,20 +1815,20 @@ index 190b9974526b..27a65991de0e 100644 - struct rmi_driver_data *data = dev_get_drvdata(&rmi_dev->dev); int irq_flags = irq_get_trigger_type(pdata->irq); int ret; - + @@ -235,8 +247,6 @@ static int rmi_irq_init(struct rmi_device *rmi_dev) return ret; } - + - data->enabled = true; - return 0; } - + @@ -886,23 +896,27 @@ void rmi_enable_irq(struct rmi_device *rmi_dev, bool clear_wake) if (data->enabled) goto out; - + - enable_irq(irq); - data->enabled = true; - if (clear_wake && device_may_wakeup(rmi_dev->xport->dev)) { @@ -1848,7 +1848,7 @@ index 190b9974526b..27a65991de0e 100644 + "Failed to disable irq for wake: %d\n", + retval); + } - + - /* - * Call rmi_process_interrupt_requests() after enabling irq, - * otherwise we may lose interrupt on edge-triggered systems. @@ -1866,12 +1866,12 @@ index 190b9974526b..27a65991de0e 100644 + } else { + data->enabled = true; + } - + out: mutex_unlock(&data->enabled_mutex); @@ -922,20 +936,22 @@ void rmi_disable_irq(struct rmi_device *rmi_dev, bool enable_wake) goto out; - + data->enabled = false; - disable_irq(irq); - if (enable_wake && device_may_wakeup(rmi_dev->xport->dev)) { @@ -1904,21 +1904,21 @@ index 190b9974526b..27a65991de0e 100644 + kfree(attn_data.data); + } } - + out: @@ -981,6 +997,8 @@ static int rmi_driver_remove(struct device *dev) irq_domain_remove(data->irqdomain); data->irqdomain = NULL; - + + cancel_work_sync(&data->attn_work); + rmi_f34_remove_sysfs(rmi_dev); rmi_free_function_list(rmi_dev); - + @@ -1218,9 +1236,15 @@ static int rmi_driver_probe(struct device *dev) } } - + - retval = rmi_irq_init(rmi_dev); - if (retval < 0) - goto err_destroy_functions; @@ -1931,7 +1931,7 @@ index 190b9974526b..27a65991de0e 100644 + data->enabled = true; + + INIT_WORK(&data->attn_work, attn_callback); - + if (data->f01_container->dev.driver) { /* Driver already bound, so enable ATTN now. */ diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c @@ -1940,7 +1940,7 @@ index 2b471419e26c..83c8d9845aed 100644 +++ b/drivers/iommu/iommu.c @@ -7,6 +7,7 @@ #define pr_fmt(fmt) "iommu: " fmt - + #include <linux/device.h> +#include <linux/dmi.h> #include <linux/kernel.h> @@ -1978,7 +1978,7 @@ index 6a79cd0ebe2b..ca44a35ec411 100644 @@ -5290,6 +5290,11 @@ mptsas_probe(struct pci_dev *pdev, const struct pci_device_id *id) ioc, MPI_SAS_OP_CLEAR_ALL_PERSISTENT); } - + +#ifdef CONFIG_RHEL_DIFFERENCES + add_taint(TAINT_SUPPORT_REMOVED, LOCKDEP_STILL_OK); + pr_warn("MPTSAS MODULE IS NOT SUPPORTED\n"); @@ -1989,7 +1989,7 @@ index 6a79cd0ebe2b..ca44a35ec411 100644 dprintk(ioc, printk(MYIOC_s_ERR_FMT @@ -5353,6 +5358,10 @@ static void mptsas_remove(struct pci_dev *pdev) } - + static struct pci_device_id mptsas_pci_table[] = { +#ifdef CONFIG_RHEL_DIFFERENCES + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1068, @@ -2012,7 +2012,7 @@ index eabc4de5816c..1f458e35effb 100644 +++ b/drivers/message/fusion/mptspi.c @@ -1238,12 +1238,17 @@ static struct spi_function_template mptspi_transport_functions = { */ - + static struct pci_device_id mptspi_pci_table[] = { +#ifdef CONFIG_RHEL_DIFFERENCES + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_53C1030, @@ -2030,7 +2030,7 @@ index eabc4de5816c..1f458e35effb 100644 MODULE_DEVICE_TABLE(pci, mptspi_pci_table); @@ -1534,6 +1539,12 @@ mptspi_probe(struct pci_dev *pdev, const struct pci_device_id *id) 0, 0, 0, 0, 5); - + scsi_scan_host(sh); + +#ifdef CONFIG_RHEL_DIFFERENCES @@ -2039,7 +2039,7 @@ index eabc4de5816c..1f458e35effb 100644 +#endif + return 0; - + out_mptspi_probe: diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c index 735bf25952fc..15f6c0a4dc63 100644 @@ -2048,7 +2048,7 @@ index 735bf25952fc..15f6c0a4dc63 100644 @@ -1243,9 +1243,9 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force) ew32(H2ME, mac_reg); } - + - /* Poll up to 300msec for ME to clear ULP_CFG_DONE. */ + /* Poll up to 2.5sec for ME to clear ULP_CFG_DONE. */ while (er32(FWSM) & E1000_FWSM_ULP_CFG_DONE) { @@ -2062,11 +2062,11 @@ index 5b190c257124..d88fa9c54b16 100644 --- a/drivers/net/ethernet/intel/ice/ice_main.c +++ b/drivers/net/ethernet/intel/ice/ice_main.c @@ -3638,6 +3638,7 @@ static int __init ice_module_init(void) - + pr_info("%s - version %s\n", ice_driver_string, ice_drv_ver); pr_info("%s\n", ice_copyright); + mark_tech_preview(DRV_SUMMARY, THIS_MODULE); - + ice_wq = alloc_workqueue("%s", WQ_MEM_RECLAIM, 0, KBUILD_MODNAME); if (!ice_wq) { diff --git a/drivers/pci/controller/pcie-brcmstb.c b/drivers/pci/controller/pcie-brcmstb.c @@ -2076,11 +2076,11 @@ index 6d79d14527a6..aee84679a997 100644 @@ -28,6 +28,8 @@ #include <linux/string.h> #include <linux/types.h> - + +#include <soc/bcm2835/raspberrypi-firmware.h> + #include "../pci.h" - + /* BRCM_PCIE_CAP_REGS - Offset for the mandatory capability config regs */ @@ -917,11 +919,24 @@ static int brcm_pcie_probe(struct platform_device *pdev) { @@ -2091,7 +2091,7 @@ index 6d79d14527a6..aee84679a997 100644 struct pci_bus *child; struct resource *res; int ret; - + + /* + * We have to wait for the Raspberry Pi's firmware interface to be up + * as some PCI fixups depend on it. @@ -2118,11 +2118,11 @@ index 0454ca0e4e3f..5cc490b821be 100644 +#include <linux/kernel.h> #include "pci.h" #include "pcie/portdrv.h" - + @@ -278,6 +279,34 @@ static const struct pci_device_id *pci_match_device(struct pci_driver *drv, return found_id; } - + +/** + * pci_hw_vendor_status - Tell if a PCI device is supported by the HW vendor + * @ids: array of PCI device id structures to search in @@ -2161,7 +2161,7 @@ index 28c9a2409c50..ab4cae542b04 100644 @@ -4183,6 +4183,30 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9000, DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9084, quirk_bridge_cavm_thrx2_pcie_root); - + +/* + * PCI BAR 5 is not setup correctly for the on-board AHCI controller + * on Broadcom's Vulcan processor. Added a quirk to fix BAR 5 by @@ -2214,7 +2214,7 @@ index 9b81cfbbc5c5..1ca08297939c 100644 --- a/drivers/scsi/be2iscsi/be_main.c +++ b/drivers/scsi/be2iscsi/be_main.c @@ -370,11 +370,13 @@ static int beiscsi_eh_device_reset(struct scsi_cmnd *sc) - + /*------------------- PCI Driver operations and data ----------------- */ static const struct pci_device_id beiscsi_pci_id_table[] = { +#ifndef CONFIG_RHEL_DIFFERENCES @@ -2238,7 +2238,7 @@ index 1e9302e99d05..b903580d626f 100644 +#ifndef CONFIG_RHEL_DIFFERENCES MODULE_ALIAS("cciss"); +#endif - + static int hpsa_simple_mode; module_param(hpsa_simple_mode, int, S_IRUGO|S_IWUSR); @@ -144,10 +146,12 @@ static const struct pci_device_id hpsa_pci_device_id[] = { @@ -2253,14 +2253,14 @@ index 1e9302e99d05..b903580d626f 100644 +#endif {0,} }; - + diff --git a/drivers/scsi/lpfc/lpfc_ids.h b/drivers/scsi/lpfc/lpfc_ids.h index d48414e295a0..ba0e384412c9 100644 --- a/drivers/scsi/lpfc/lpfc_ids.h +++ b/drivers/scsi/lpfc/lpfc_ids.h @@ -24,6 +24,7 @@ #include <linux/pci.h> - + const struct pci_device_id lpfc_id_table[] = { +#ifndef CONFIG_RHEL_DIFFERENCES {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_VIPER, @@ -2341,7 +2341,7 @@ index babe85d7b537..9b4df28defd2 100644 @@ -133,6 +133,7 @@ static void megasas_get_pd_info(struct megasas_instance *instance, */ static struct pci_device_id megasas_pci_table[] = { - + +#ifndef CONFIG_RHEL_DIFFERENCES {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_SAS1064R)}, /* xscale IOP */ @@ -2392,7 +2392,7 @@ index d190db5ea7d9..e0e3d300f3be 100644 +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -7759,6 +7759,7 @@ static const struct pci_error_handlers qla2xxx_err_handler = { }; - + static struct pci_device_id qla2xxx_pci_tbl[] = { +#ifndef CONFIG_RHEL_DIFFERENCES { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2100) }, @@ -2480,7 +2480,7 @@ index 5e0d0813da55..a0760bcd7a97 100644 return sysrq_enabled; } +EXPORT_SYMBOL_GPL(sysrq_mask); - + /* * A value of 1 means 'all', other nonzero values are an op mask: diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c @@ -2490,7 +2490,7 @@ index 54cd8ef795ec..4afeea51b2c9 100644 @@ -5504,6 +5504,13 @@ static void hub_event(struct work_struct *work) (u16) hub->change_bits[0], (u16) hub->event_bits[0]); - + + /* Don't disconnect USB-SATA on TrimSlice */ + if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) { + if ((hdev->state == 7) && (hub->change_bits[0] == 0) && @@ -2514,9 +2514,9 @@ index beb2efa71341..0dc34668bb2a 100644 + #include "pci-quirks.h" #include "xhci-ext-caps.h" - + @@ -1243,11 +1246,24 @@ static void quirk_usb_handoff_xhci(struct pci_dev *pdev) - + static void quirk_usb_early_handoff(struct pci_dev *pdev) { + int ret; @@ -2551,7 +2551,7 @@ index f68920131a4a..e94932c69f54 100644 - return ret; + goto disable_supply; } - + /* @@ -471,24 +471,34 @@ static int lp855x_probe(struct i2c_client *cl, const struct i2c_device_id *id) ret = lp855x_configure(lp); @@ -2560,7 +2560,7 @@ index f68920131a4a..e94932c69f54 100644 - return ret; + goto disable_vddio; } - + ret = lp855x_backlight_register(lp); if (ret) { dev_err(lp->dev, @@ -2568,14 +2568,14 @@ index f68920131a4a..e94932c69f54 100644 - return ret; + goto disable_vddio; } - + ret = sysfs_create_group(&lp->dev->kobj, &lp855x_attr_group); if (ret) { dev_err(lp->dev, "failed to register sysfs. err: %d\n", ret); - return ret; + goto disable_vddio; } - + backlight_update_status(lp->bl); + return 0; @@ -2589,10 +2589,10 @@ index f68920131a4a..e94932c69f54 100644 + + return ret; } - + static int lp855x_remove(struct i2c_client *cl) @@ -497,6 +507,8 @@ static int lp855x_remove(struct i2c_client *cl) - + lp->bl->props.brightness = 0; backlight_update_status(lp->bl); + if (lp->enable) @@ -2607,7 +2607,7 @@ index 251f1f783cdf..a9a9e7e976e7 100644 @@ -42,6 +42,8 @@ #define EFI_ABORTED (21 | (1UL << (BITS_PER_LONG-1))) #define EFI_SECURITY_VIOLATION (26 | (1UL << (BITS_PER_LONG-1))) - + +#define EFI_IS_ERROR(x) ((x) & (1UL << (BITS_PER_LONG-1))) + typedef unsigned long efi_status_t; @@ -2625,22 +2625,22 @@ index 251f1f783cdf..a9a9e7e976e7 100644 + efi_secureboot_mode_disabled, + efi_secureboot_mode_enabled, +}; - + #ifdef CONFIG_EFI /* @@ -787,6 +797,8 @@ static inline bool efi_enabled(int feature) } extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused); - + +extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode); + bool __pure __efi_soft_reserve_enabled(void); - + static inline bool __pure efi_soft_reserve_enabled(void) @@ -813,6 +825,8 @@ efi_capsule_pending(int *reset_type) return false; } - + +static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {} + static inline bool efi_soft_reserve_enabled(void) @@ -2648,16 +2648,16 @@ index 251f1f783cdf..a9a9e7e976e7 100644 return false; @@ -825,6 +839,7 @@ static inline bool efi_rt_services_supported(unsigned int mask) #endif - + extern int efi_status_to_err(efi_status_t status); +extern const char *efi_status_to_str(efi_status_t status); - + /* * Variable Attributes @@ -1083,12 +1098,6 @@ static inline bool efi_runtime_disabled(void) { return true; } extern void efi_call_virt_check_flags(unsigned long flags, const char *call); extern unsigned long efi_call_virt_save_flags(void); - + -enum efi_secureboot_mode { - efi_secureboot_mode_unset, - efi_secureboot_mode_unknown, @@ -2665,7 +2665,7 @@ index 251f1f783cdf..a9a9e7e976e7 100644 - efi_secureboot_mode_enabled, -}; enum efi_secureboot_mode efi_get_secureboot(void); - + #ifdef CONFIG_RESET_ATTACK_MITIGATION diff --git a/include/linux/kernel.h b/include/linux/kernel.h index 9b7a8d74a9d6..8c1ace147540 100644 @@ -2694,7 +2694,7 @@ index 9b7a8d74a9d6..8c1ace147540 100644 +#define TAINT_UNPRIVILEGED_BPF 31 +/* End of Red Hat-specific taint flags */ +#define TAINT_FLAGS_COUNT 32 - + struct taint_flag { char c_true; /* character printed when tainted */ @@ -1029,4 +1046,19 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { } @@ -2723,11 +2723,11 @@ index 9cd4455528e5..dfa09696a0e5 100644 +++ b/include/linux/lsm_hook_defs.h @@ -371,6 +371,8 @@ LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux) #endif /* CONFIG_BPF_SYSCALL */ - + LSM_HOOK(int, 0, locked_down, enum lockdown_reason what) +LSM_HOOK(int, 0, lock_kernel_down, const char *where, enum lockdown_reason level) + - + #ifdef CONFIG_PERF_EVENTS LSM_HOOK(int, 0, perf_event_open, struct perf_event_attr *attr, int type) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h @@ -2757,7 +2757,7 @@ index 1ad393e62bef..3fb19abee033 100644 const char *srcversion; + const char *rhelversion; struct kobject *holders_dir; - + /* Exported symbols */ diff --git a/include/linux/pci.h b/include/linux/pci.h index 83ce1cdf5676..88397dd562d9 100644 @@ -2773,7 +2773,7 @@ index 83ce1cdf5676..88397dd562d9 100644 + struct pci_dev *dev); int pci_scan_bridge(struct pci_bus *bus, struct pci_dev *dev, int max, int pass); - + diff --git a/include/linux/rh_kabi.h b/include/linux/rh_kabi.h new file mode 100644 index 000000000000..ea9c136bf884 @@ -3082,12 +3082,12 @@ index 7b22366d0065..307a651b2755 100644 --- a/include/linux/rmi.h +++ b/include/linux/rmi.h @@ -363,6 +363,7 @@ struct rmi_driver_data { - + struct rmi4_attn_data attn_data; DECLARE_KFIFO(attn_fifo, struct rmi4_attn_data, 16); + struct work_struct attn_work; }; - + int rmi_register_transport_device(struct rmi_transport_dev *xport); diff --git a/include/linux/security.h b/include/linux/security.h index a8d9310472df..381305889d89 100644 @@ -3099,7 +3099,7 @@ index a8d9310472df..381305889d89 100644 int security_locked_down(enum lockdown_reason what); +int security_lock_kernel_down(const char *where, enum lockdown_reason level); #else /* CONFIG_SECURITY */ - + static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1273,6 +1274,10 @@ static inline int security_locked_down(enum lockdown_reason what) { @@ -3110,7 +3110,7 @@ index a8d9310472df..381305889d89 100644 + return 0; +} #endif /* CONFIG_SECURITY */ - + #ifdef CONFIG_SECURITY_NETWORK diff --git a/include/soc/bcm2835/raspberrypi-firmware.h b/include/soc/bcm2835/raspberrypi-firmware.h index 7800e12ee042..3025aca3c358 100644 @@ -3118,10 +3118,10 @@ index 7800e12ee042..3025aca3c358 100644 +++ b/include/soc/bcm2835/raspberrypi-firmware.h @@ -10,6 +10,7 @@ #include <linux/of_device.h> - + struct rpi_firmware; +struct pci_dev; - + enum rpi_firmware_property_status { RPI_FIRMWARE_STATUS_REQUEST = 0, @@ -90,7 +91,7 @@ enum rpi_firmware_property_tag { @@ -3130,7 +3130,7 @@ index 7800e12ee042..3025aca3c358 100644 RPI_FIRMWARE_SET_POE_HAT_VAL = 0x00030050, - + RPI_FIRMWARE_NOTIFY_XHCI_RESET = 0x00030058, - + /* Dispmanx TAGS */ RPI_FIRMWARE_FRAMEBUFFER_ALLOCATE = 0x00040001, @@ -141,6 +142,7 @@ int rpi_firmware_property(struct rpi_firmware *fw, @@ -3151,7 +3151,7 @@ index 7800e12ee042..3025aca3c358 100644 + return 0; +} #endif - + #endif /* __SOC_RASPBERRY_FIRMWARE_H__ */ diff --git a/kernel/Makefile b/kernel/Makefile index 4cb4130ced32..b1010f42dd18 100644 @@ -3160,12 +3160,12 @@ index 4cb4130ced32..b1010f42dd18 100644 @@ -12,6 +12,8 @@ obj-y = fork.o exec_domain.o panic.o \ notifier.o ksysfs.o cred.o reboot.o \ async.o range.o smpboot.o ucount.o - + +obj-$(CONFIG_RHEL_DIFFERENCES) += rh_taint.o + obj-$(CONFIG_MODULES) += kmod.o obj-$(CONFIG_MULTIUSER) += groups.o - + diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index d85f37239540..28ed55c3dd18 100644 --- a/kernel/bpf/syscall.c @@ -3177,11 +3177,11 @@ index d85f37239540..28ed55c3dd18 100644 +#include <linux/init.h> #include <uapi/linux/btf.h> #include <linux/bpf_lsm.h> - + @@ -43,7 +44,25 @@ static DEFINE_SPINLOCK(prog_idr_lock); static DEFINE_IDR(map_idr); static DEFINE_SPINLOCK(map_idr_lock); - + -int sysctl_unprivileged_bpf_disabled __read_mostly; +/* RHEL-only: default to 1 */ +int sysctl_unprivileged_bpf_disabled __read_mostly = 1; @@ -3202,7 +3202,7 @@ index d85f37239540..28ed55c3dd18 100644 + return 1; +} +__setup("unprivileged_bpf_disabled=", unprivileged_bpf_setup); - + static const struct bpf_map_ops * const bpf_map_types[] = { #define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type) @@ -3659,11 +3678,17 @@ static int link_update(union bpf_attr *attr) @@ -3211,10 +3211,10 @@ index d85f37239540..28ed55c3dd18 100644 union bpf_attr attr; + static int marked; int err; - + if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN)) return -EPERM; - + + if (!marked) { + mark_tech_preview("eBPF syscall", NULL); + marked = true; @@ -3232,7 +3232,7 @@ index 9f1557b98468..df551fc9034c 100644 #include <linux/utsname.h> #include <linux/vmalloc.h> +#include <linux/sizes.h> - + #include <asm/page.h> #include <asm/sections.h> @@ -39,6 +40,15 @@ static int __init parse_crashkernel_mem(char *cmdline, @@ -3248,7 +3248,7 @@ index 9f1557b98468..df551fc9034c 100644 + * enough for most test cases. + */ + total_mem = roundup(total_mem, SZ_128M); - + /* for each entry of the comma-separated list */ do { @@ -83,13 +93,13 @@ static int __init parse_crashkernel_mem(char *cmdline, @@ -3260,7 +3260,7 @@ index 9f1557b98468..df551fc9034c 100644 pr_warn("crashkernel: invalid size\n"); return -EINVAL; } - + /* match ? */ - if (system_ram >= start && system_ram < end) { + if (total_mem >= start && total_mem < end) { @@ -3293,13 +3293,13 @@ index 646f1e2330d2..aed5b1fcadf8 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -799,6 +799,7 @@ static struct module_attribute modinfo_##field = { \ - + MODINFO_ATTR(version); MODINFO_ATTR(srcversion); +MODINFO_ATTR(rhelversion); - + static char last_unloaded_module[MODULE_NAME_LEN+1]; - + @@ -1263,6 +1264,7 @@ static struct module_attribute *modinfo_attrs[] = { &module_uevent, &modinfo_version, @@ -3315,7 +3315,7 @@ index 9d9fc678c91d..84ad75a53c83 100644 @@ -38,8 +38,15 @@ int mod_verify_sig(const void *mod, struct load_info *info) modlen -= sig_len + sizeof(ms); info->len = modlen; - + - return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, + ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, VERIFY_USE_SECONDARY_KEYRING, @@ -3352,7 +3352,7 @@ index b69ee9e76cb2..4f08e4f4a6b0 100644 + [ TAINT_RESERVED30 ] = { '?', '-', false }, + [ TAINT_UNPRIVILEGED_BPF ] = { 'u', ' ', false }, }; - + /** diff --git a/kernel/rh_taint.c b/kernel/rh_taint.c new file mode 100644 @@ -3467,7 +3467,7 @@ index e362dc3d2028..0c3dfb8eef67 100644 + } + kmemleak_initialized = 1; - + debugfs_create_file("kmemleak", 0644, NULL, NULL, &kmemleak_fops); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index 5c3c50c5ec52..188eb460cede 100644 @@ -3478,13 +3478,13 @@ index 5c3c50c5ec52..188eb460cede 100644 #include "modpost.h" #include "../../include/linux/license.h" +#include "../../include/generated/uapi/linux/version.h" - + /* Are we using CONFIG_MODVERSIONS? */ static int modversions = 0; @@ -2381,6 +2382,12 @@ static void add_srcversion(struct buffer *b, struct module *mod) } } - + +static void add_rhelversion(struct buffer *b, struct module *mod) +{ + buf_printf(b, "MODULE_INFO(rhelversion, \"%d.%d\");\n", RHEL_MAJOR, @@ -3499,7 +3499,7 @@ index 5c3c50c5ec52..188eb460cede 100644 add_moddevtable(&buf, mod); add_srcversion(&buf, mod); + add_rhelversion(&buf, mod); - + sprintf(fname, "%s.mod.c", mod->name); write_if_changed(&buf, fname); diff --git a/scripts/tags.sh b/scripts/tags.sh @@ -3512,7 +3512,7 @@ index 4e18ae5282a6..805341c0aaf3 100755 ignore="$ignore ( -name *.mod.c ) -prune -o" +# RHEL tags and cscope should also ignore redhat/rpm +ignore="$ignore ( -path redhat/rpm ) -prune -o" - + # Use make KBUILD_ABS_SRCTREE=1 {tags|cscope} # to force full paths for a non-O= build diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c @@ -3521,14 +3521,14 @@ index 253fb9a7fc98..8c95b68d86d4 100644 +++ b/security/integrity/platform_certs/load_uefi.c @@ -46,7 +46,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, return NULL; - + if (*status != EFI_BUFFER_TOO_SMALL) { - pr_err("Couldn't get size: 0x%lx\n", *status); + pr_err("Couldn't get size: %s (0x%lx)\n", + efi_status_to_str(*status), *status); return NULL; } - + @@ -57,7 +58,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, *status = efi.get_variable(name, guid, NULL, &lsize, db); if (*status != EFI_SUCCESS) { @@ -3538,7 +3538,7 @@ index 253fb9a7fc98..8c95b68d86d4 100644 + efi_status_to_str(*status), *status); return NULL; } - + diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig index e84ddf484010..d0501353a4b9 100644 --- a/security/lockdown/Kconfig @@ -3546,7 +3546,7 @@ index e84ddf484010..d0501353a4b9 100644 @@ -16,6 +16,19 @@ config SECURITY_LOCKDOWN_LSM_EARLY subsystem is fully initialised. If enabled, lockdown will unconditionally be called before any other LSMs. - + +config LOCK_DOWN_IN_EFI_SECURE_BOOT + bool "Lock down the kernel in EFI Secure Boot mode" + default n @@ -3568,12 +3568,12 @@ index 5a952617a0eb..61cc3cdc4d25 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -73,6 +73,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what) - + static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), + LSM_HOOK_INIT(lock_kernel_down, lock_kernel_down), }; - + static int __init lockdown_lsm_init(void) diff --git a/security/security.c b/security/security.c index 7fed24b9d57e..37fab5c5d974 100644 @@ -3582,7 +3582,7 @@ index 7fed24b9d57e..37fab5c5d974 100644 @@ -2456,6 +2456,12 @@ int security_locked_down(enum lockdown_reason what) } EXPORT_SYMBOL(security_locked_down); - + +int security_lock_kernel_down(const char *where, enum lockdown_reason level) +{ + return call_int_hook(lock_kernel_down, 0, where, level); |