summaryrefslogtreecommitdiffstats
path: root/patch-5.7.0-redhat.patch
diff options
context:
space:
mode:
Diffstat (limited to 'patch-5.7.0-redhat.patch')
-rw-r--r--patch-5.7.0-redhat.patch328
1 files changed, 164 insertions, 164 deletions
diff --git a/patch-5.7.0-redhat.patch b/patch-5.7.0-redhat.patch
index 099aa5ca5..bda3b0012 100644
--- a/patch-5.7.0-redhat.patch
+++ b/patch-5.7.0-redhat.patch
@@ -113,7 +113,7 @@ index ac7e131d2935..3b3bf30e537d 100644
@@ -285,6 +285,17 @@ This would mean:
2) if the RAM size is between 512M and 2G (exclusive), then reserve 64M
3) if the RAM size is larger than 2G, then reserve 128M
-
+
+Or you can use crashkernel=auto if you have enough memory. The threshold
+is 2G on x86_64, arm64, ppc64 and ppc64le. The threshold is 4G for s390x.
+If your system memory is less than the threshold crashkernel=auto will not
@@ -125,8 +125,8 @@ index ac7e131d2935..3b3bf30e537d 100644
+ s390x: 4G-64G:160M,64G-1T:256M,1T-:512M
+ arm64: 2G-:512M
+ ppc64: 2G-4G:384M,4G-16G:512M,16G-64G:1G,64G-128G:2G,128G-:4G
-
-
+
+
Boot into System Kernel
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index f2a93c8679e8..9af891d5b8eb 100644
@@ -135,7 +135,7 @@ index f2a93c8679e8..9af891d5b8eb 100644
@@ -5162,6 +5162,14 @@
unknown_nmi_panic
[X86] Cause panic on unknown NMI.
-
+
+ unprivileged_bpf_disabled=
+ Format: { "0" | "1" }
+ Sets the initial value of
@@ -154,7 +154,7 @@ index 715586dea9bb..fff0439c6b78 100644
@@ -420,6 +420,11 @@ properties:
- const: pine64,rockpro64
- const: rockchip,rk3399
-
+
+ - description: Pine64 PinebookPro
+ items:
+ - const: pine64,pinebook-pro
@@ -225,7 +225,7 @@ index e10b3ee084d4..01c0df787518 100644
+++ b/Kconfig
@@ -32,3 +32,5 @@ source "lib/Kconfig"
source "lib/Kconfig.debug"
-
+
source "Documentation/Kconfig"
+
+source "Kconfig.redhat"
@@ -259,7 +259,7 @@ index 49b2709ff44e..e6e36dcbebfb 100644
@@ -15,6 +15,10 @@ NAME = Kleptomaniac Octopus
PHONY := _all
_all:
-
+
+# Set RHEL variables
+# Use this spot to avoid future merge conflicts
+include Makefile.rhelver
@@ -289,7 +289,7 @@ index 49b2709ff44e..e6e36dcbebfb 100644
+ $(shell expr $(RHEL_MAJOR) \* 256 + $(RHEL_MINOR))'; \
+ echo '#define RHEL_RELEASE "$(RHEL_RELEASE)"'
endef
-
+
$(version_h): FORCE
diff --git a/Makefile.rhelver b/Makefile.rhelver
new file mode 100644
@@ -348,7 +348,7 @@ index 66a04f6f4775..7b63103f088c 100644
+++ b/arch/arm/Kconfig
@@ -1542,9 +1542,9 @@ config HIGHMEM
If unsure, say n.
-
+
config HIGHPTE
- bool "Allocate 2nd-level pagetables from highmem" if EXPERT
+ bool "Allocate 2nd-level pagetables from highmem"
@@ -387,14 +387,14 @@ index 98c6b91be4a8..60055827dddc 100644
+ uaccess_restore(__ua_flags); \
+ __err; \
})
-
+
#define get_user(x, p) \
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 40fb05d96c60..f57bee916600 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -857,7 +857,7 @@ endchoice
-
+
config ARM64_FORCE_52BIT
bool "Force 52-bit virtual addresses for userspace"
- depends on ARM64_VA_BITS_52 && EXPERT
@@ -417,7 +417,7 @@ index cefda145c3c9..96d9150423e0 100644
@@ -16,6 +16,15 @@ aliases {
serial0 = &uart0;
};
-
+
+ backlight: backlight {
+ compatible = "pwm-backlight";
+ pwms = <&r_pwm 0 50000 PWM_POLARITY_INVERTED>;
@@ -433,7 +433,7 @@ index cefda145c3c9..96d9150423e0 100644
@@ -84,6 +93,30 @@ &dai {
status = "okay";
};
-
+
+&de {
+ status = "okay";
+};
@@ -464,26 +464,26 @@ index cefda145c3c9..96d9150423e0 100644
@@ -188,6 +221,10 @@ &r_pio {
*/
};
-
+
+&r_pwm {
+ status = "okay";
+};
+
&r_rsb {
status = "okay";
-
+
diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c
index a100483b47c4..29f693734edb 100644
--- a/arch/arm64/kernel/acpi.c
+++ b/arch/arm64/kernel/acpi.c
@@ -39,7 +39,7 @@ int acpi_pci_disabled = 1; /* skip ACPI PCI scan and IRQ initialization */
EXPORT_SYMBOL(acpi_pci_disabled);
-
+
static bool param_acpi_off __initdata;
-static bool param_acpi_on __initdata;
+static bool param_acpi_on __initdata = true;
static bool param_acpi_force __initdata;
-
+
static int __init parse_acpi(char *arg)
diff --git a/arch/s390/include/asm/ipl.h b/arch/s390/include/asm/ipl.h
index b63bd66404b8..3482d9602e68 100644
@@ -494,7 +494,7 @@ index b63bd66404b8..3482d9602e68 100644
int ipl_report_add_certificate(struct ipl_report *report, void *key,
unsigned long addr, unsigned long len);
+bool ipl_get_secureboot(void);
-
+
/*
* DIAG 308 support
diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c
@@ -503,7 +503,7 @@ index 4a71061974fd..9baf0b570c3d 100644
+++ b/arch/s390/kernel/ipl.c
@@ -1901,3 +1901,8 @@ int ipl_report_free(struct ipl_report *report)
}
-
+
#endif
+
+bool ipl_get_secureboot(void)
@@ -519,13 +519,13 @@ index 36445dd40fdb..b338a050c5aa 100644
#include <linux/compat.h>
#include <linux/start_kernel.h>
+#include <linux/security.h>
-
+
#include <asm/boot_data.h>
#include <asm/ipl.h>
@@ -1093,6 +1094,9 @@ void __init setup_arch(char **cmdline_p)
-
+
log_component_list();
-
+
+ if (ipl_get_secureboot())
+ security_lock_kernel_down("Secure IPL mode", LOCKDOWN_INTEGRITY_MAX);
+
@@ -543,7 +543,7 @@ index bed0cb83fe24..a15622e0d79f 100644
+ get_model_name(c); /* RHEL: get model name for unsupported check */
get_cpu_address_sizes(c);
setup_force_cpu_cap(X86_FEATURE_CPUID);
-
+
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 4b3fa6cd3106..0fd824c4162d 100644
--- a/arch/x86/kernel/setup.c
@@ -554,14 +554,14 @@ index 4b3fa6cd3106..0fd824c4162d 100644
#include <linux/tboot.h>
+#include <linux/security.h>
#include <linux/usb/xhci-dbgp.h>
-
+
#include <uapi/linux/mount.h>
@@ -44,6 +45,7 @@
#include <asm/unwind.h>
#include <asm/vsyscall.h>
#include <linux/vmalloc.h>
+#include <asm/intel-family.h>
-
+
/*
* max_low_pfn_mapped: highest directly mapped pfn < 4 GB
@@ -747,7 +749,132 @@ static void __init trim_low_memory_range(void)
@@ -701,7 +701,7 @@ index 4b3fa6cd3106..0fd824c4162d 100644
@@ -973,6 +1100,13 @@ void __init setup_arch(char **cmdline_p)
if (efi_enabled(EFI_BOOT))
efi_init();
-
+
+ efi_set_secure_boot(boot_params.secure_boot);
+
+#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
@@ -710,12 +710,12 @@ index 4b3fa6cd3106..0fd824c4162d 100644
+#endif
+
dmi_setup();
-
+
/*
@@ -1124,19 +1258,7 @@ void __init setup_arch(char **cmdline_p)
/* Allocate bigger log buffer */
setup_log_buf(1);
-
+
- if (efi_enabled(EFI_BOOT)) {
- switch (boot_params.secure_boot) {
- case efi_secureboot_mode_disabled:
@@ -730,20 +730,20 @@ index 4b3fa6cd3106..0fd824c4162d 100644
- }
- }
+ efi_set_secure_boot(boot_params.secure_boot);
-
+
reserve_initrd();
-
+
@@ -1244,6 +1366,10 @@ void __init setup_arch(char **cmdline_p)
efi_apply_memmap_quirks();
#endif
-
+
+#ifdef CONFIG_RHEL_DIFFERENCES
+ rh_check_supported();
+#endif
+
unwind_init();
}
-
+
diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c
index 822402480f7d..3f87d8602560 100644
--- a/drivers/acpi/apei/hest.c
@@ -751,7 +751,7 @@ index 822402480f7d..3f87d8602560 100644
@@ -88,6 +88,14 @@ int apei_hest_parse(apei_hest_func_t func, void *data)
if (hest_disable || !hest_tab)
return -EINVAL;
-
+
+#ifdef CONFIG_ARM64
+ /* Ignore broken firmware */
+ if (!strncmp(hest_tab->header.oem_id, "HPE ", 6) &&
@@ -773,7 +773,7 @@ index e209081d644b..7484bcf59a1b 100644
struct irq_fwspec *fwspec;
+ bool skip_producer_check;
};
-
+
/**
@@ -197,7 +198,8 @@ static acpi_status acpi_irq_parse_one_cb(struct acpi_resource *ares,
return AE_CTRL_TERMINATE;
@@ -791,7 +791,7 @@ index e209081d644b..7484bcf59a1b 100644
{
- struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec };
+ struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec, false };
-
+
+ /*
+ * Firmware on arm64-based HPE m400 platform incorrectly marks
+ * its UART interrupt as ACPI_PRODUCER rather than ACPI_CONSUMER.
@@ -813,7 +813,7 @@ index 6d3448895382..221255007dc8 100644
@@ -1563,6 +1563,15 @@ static bool acpi_device_enumeration_by_parent(struct acpi_device *device)
if (!acpi_match_device_ids(device, i2c_multi_instantiate_ids))
return false;
-
+
+ /*
+ * Firmware on some arm64 X-Gene platforms will make the UART
+ * device appear as both a UART and a slave of that UART. Just
@@ -833,7 +833,7 @@ index ea5bf5f4cbed..71c55cae27ac 100644
@@ -666,6 +666,24 @@ int ahci_stop_engine(struct ata_port *ap)
tmp &= ~PORT_CMD_START;
writel(tmp, port_mmio + PORT_CMD);
-
+
+#ifdef CONFIG_ARM64
+ /* Rev Ax of Cavium CN99XX needs a hack for port stop */
+ if (dev_is_pci(ap->host->dev) &&
@@ -862,7 +862,7 @@ index bbf7029e224b..cf7faa970dd6 100644
@@ -215,6 +215,21 @@ static int __init scan_for_dmi_ipmi(void)
{
const struct dmi_device *dev = NULL;
-
+
+#ifdef CONFIG_ARM64
+ /* RHEL-only
+ * If this is ARM-based HPE m400, return now, because that platform
@@ -880,7 +880,7 @@ index bbf7029e224b..cf7faa970dd6 100644
+
while ((dev = dmi_find_device(DMI_DEV_TYPE_IPMI, NULL, dev)))
dmi_decode_ipmi((const struct dmi_header *) dev->device_data);
-
+
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
index c48d8f086382..0fc980a87ed0 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
@@ -890,13 +890,13 @@ index c48d8f086382..0fc980a87ed0 100644
#include <linux/uuid.h>
#include <linux/nospec.h>
+#include <linux/dmi.h>
-
+
#define IPMI_DRIVER_VERSION "39.2"
-
+
@@ -5154,8 +5155,21 @@ static int __init ipmi_init_msghandler_mod(void)
{
int rv;
-
+
- pr_info("version " IPMI_DRIVER_VERSION "\n");
+#ifdef CONFIG_ARM64
+ /* RHEL-only
@@ -905,7 +905,7 @@ index c48d8f086382..0fc980a87ed0 100644
+ * does not exist in the ARM architecture.
+ */
+ const char *dmistr = dmi_get_system_info(DMI_PRODUCT_NAME);
-
+
+ if (dmistr && (strcmp("ProLiant m400 Server", dmistr) == 0)) {
+ pr_debug("%s does not support host ipmi\n", dmistr);
+ return -ENOSYS;
@@ -949,13 +949,13 @@ index 911a2bd0f6b7..3696e87f19ee 100644
#include <linux/memblock.h>
#include <linux/security.h>
+#include <linux/bsearch.h>
-
+
#include <asm/early_ioremap.h>
-
+
@@ -831,40 +832,101 @@ int efi_mem_type(unsigned long phys_addr)
}
#endif
-
+
+struct efi_error_code {
+ efi_status_t status;
+ int errno;
@@ -1060,7 +1060,7 @@ index 911a2bd0f6b7..3696e87f19ee 100644
- }
+ struct efi_error_code *found;
+ size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code);
-
+
- return err;
+ found = bsearch((void *)(uintptr_t)status, efi_error_codes,
+ sizeof(struct efi_error_code), num,
@@ -1083,7 +1083,7 @@ index 911a2bd0f6b7..3696e87f19ee 100644
+ return "Unknown error code";
+ return found->description;
}
-
+
static DEFINE_SPINLOCK(efi_mem_reserve_persistent_lock);
diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c
new file mode 100644
@@ -1139,12 +1139,12 @@ index da26a584dca0..cbb495aff6a0 100644
#include <linux/slab.h>
+#include <linux/pci.h>
#include <soc/bcm2835/raspberrypi-firmware.h>
-
+
#define MBOX_MSG(chan, data28) (((data28) & ~0xf) | ((chan) & 0xf))
@@ -286,6 +287,43 @@ struct rpi_firmware *rpi_firmware_get(struct device_node *firmware_node)
}
EXPORT_SYMBOL_GPL(rpi_firmware_get);
-
+
+/*
+ * On the Raspberry Pi 4, after a PCI reset, VL805's firmware may either be
+ * loaded directly from an EEPROM or, if not present, by the SoC's VideCore.
@@ -1192,7 +1192,7 @@ index a1723c1b5fbf..cf0c59015a44 100644
@@ -433,6 +433,15 @@ config DRM_PANEL_TRULY_NT35597_WQXGA
Say Y here if you want to enable support for Truly NT35597 WQXGA Dual DSI
Video Mode panel
-
+
+config DRM_PANEL_XINGBANGDA_XBD599
+ tristate "Xingbangda XBD599 panel"
+ depends on OF
@@ -1597,7 +1597,7 @@ index 059939789730..5f2313c40328 100644
hsa = max((unsigned int)HSA_PACKET_OVERHEAD,
- (mode->hsync_end - mode->hsync_start) * Bpp - HSA_PACKET_OVERHEAD);
+ (mode->hsync_end - mode->hsync_start) * Bpp) - HSA_PACKET_OVERHEAD;
-
+
/*
* The backporch is set using a blanking packet (4
@@ -564,7 +564,7 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi,
@@ -1606,7 +1606,7 @@ index 059939789730..5f2313c40328 100644
hbp = max((unsigned int)HBP_PACKET_OVERHEAD,
- (mode->htotal - mode->hsync_end) * Bpp - HBP_PACKET_OVERHEAD);
+ (mode->htotal - mode->hsync_end) * Bpp) - HBP_PACKET_OVERHEAD;
-
+
/*
* The frontporch is set using a sync event (4 bytes)
@@ -574,7 +574,7 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi,
@@ -1615,7 +1615,7 @@ index 059939789730..5f2313c40328 100644
hfp = max((unsigned int)HFP_PACKET_OVERHEAD,
- (mode->hsync_start - mode->hdisplay) * Bpp - HFP_PACKET_OVERHEAD);
+ (mode->hsync_start - mode->hdisplay) * Bpp) - HFP_PACKET_OVERHEAD;
-
+
/*
* The blanking is set using a sync event (4 bytes)
@@ -583,8 +583,8 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi,
@@ -1626,7 +1626,7 @@ index 059939789730..5f2313c40328 100644
- HBLK_PACKET_OVERHEAD);
+ (mode->htotal - (mode->hsync_end - mode->hsync_start)) * Bpp) -
+ HBLK_PACKET_OVERHEAD;
-
+
/*
* And I'm not entirely sure what vblk is about. The driver in
diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c
@@ -1638,25 +1638,25 @@ index 8cffa84c9650..6c4e3675601a 100644
struct rmi_data *hdata = hid_get_drvdata(hdev);
struct rmi_device *rmi_dev = hdata->xport.rmi_dev;
- unsigned long flags;
-
+
if (!(test_bit(RMI_STARTED, &hdata->flags)))
return 0;
-
+
- local_irq_save(flags);
-
rmi_set_attn_data(rmi_dev, data[1], &data[2], size - 2);
-
+
- generic_handle_irq(hdata->rmi_irq);
-
- local_irq_restore(flags);
-
return 1;
}
-
+
@@ -592,56 +585,6 @@ static const struct rmi_transport_ops hid_rmi_ops = {
.reset = rmi_hid_reset,
};
-
+
-static void rmi_irq_teardown(void *data)
-{
- struct rmi_data *hdata = data;
@@ -1711,9 +1711,9 @@ index 8cffa84c9650..6c4e3675601a 100644
{
struct rmi_data *data = NULL;
@@ -714,18 +657,11 @@ static int rmi_probe(struct hid_device *hdev, const struct hid_device_id *id)
-
+
mutex_init(&data->page_mutex);
-
+
- ret = rmi_setup_irq_domain(hdev);
- if (ret) {
- hid_err(hdev, "failed to allocate IRQ domain\n");
@@ -1722,13 +1722,13 @@ index 8cffa84c9650..6c4e3675601a 100644
-
if (data->device_flags & RMI_DEVICE_HAS_PHYS_BUTTONS)
rmi_hid_pdata.f30_data.disable = true;
-
+
data->xport.dev = hdev->dev.parent;
data->xport.pdata = rmi_hid_pdata;
- data->xport.pdata.irq = data->rmi_irq;
data->xport.proto_name = "hid";
data->xport.ops = &hid_rmi_ops;
-
+
diff --git a/drivers/infiniband/sw/rxe/rxe.c b/drivers/infiniband/sw/rxe/rxe.c
index 4afdd2e20883..05e637aa0e3d 100644
--- a/drivers/infiniband/sw/rxe/rxe.c
@@ -1736,7 +1736,7 @@ index 4afdd2e20883..05e637aa0e3d 100644
@@ -335,6 +335,8 @@ static int __init rxe_module_init(void)
{
int err;
-
+
+ mark_tech_preview("Soft-RoCE Transport Driver", THIS_MODULE);
+
/* initialize slab caches for managed objects */
@@ -1748,13 +1748,13 @@ index 190b9974526b..27a65991de0e 100644
+++ b/drivers/input/rmi4/rmi_driver.c
@@ -182,34 +182,47 @@ void rmi_set_attn_data(struct rmi_device *rmi_dev, unsigned long irq_status,
attn_data.data = fifo_data;
-
+
kfifo_put(&drvdata->attn_fifo, attn_data);
+
+ schedule_work(&drvdata->attn_work);
}
EXPORT_SYMBOL_GPL(rmi_set_attn_data);
-
+
-static irqreturn_t rmi_irq_fn(int irq, void *dev_id)
+static void attn_callback(struct work_struct *work)
{
@@ -1765,7 +1765,7 @@ index 190b9974526b..27a65991de0e 100644
+ attn_work);
struct rmi4_attn_data attn_data = {0};
int ret, count;
-
+
count = kfifo_get(&drvdata->attn_fifo, &attn_data);
- if (count) {
- *(drvdata->irq_status) = attn_data.irq_status;
@@ -1773,7 +1773,7 @@ index 190b9974526b..27a65991de0e 100644
- }
+ if (!count)
+ return;
-
+
- ret = rmi_process_interrupt_requests(rmi_dev);
+ *(drvdata->irq_status) = attn_data.irq_status;
+ drvdata->attn_data = attn_data;
@@ -1783,14 +1783,14 @@ index 190b9974526b..27a65991de0e 100644
- rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev,
+ rmi_dbg(RMI_DEBUG_CORE, &drvdata->rmi_dev->dev,
"Failed to process interrupt request: %d\n", ret);
-
+
- if (count) {
- kfree(attn_data.data);
- attn_data.data = NULL;
- }
+ kfree(attn_data.data);
+ attn_data.data = NULL;
-
+
if (!kfifo_is_empty(&drvdata->attn_fifo))
- return rmi_irq_fn(irq, dev_id);
+ schedule_work(&drvdata->attn_work);
@@ -1805,7 +1805,7 @@ index 190b9974526b..27a65991de0e 100644
+ if (ret)
+ rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev,
+ "Failed to process interrupt request: %d\n", ret);
-
+
return IRQ_HANDLED;
}
@@ -217,7 +230,6 @@ static irqreturn_t rmi_irq_fn(int irq, void *dev_id)
@@ -1815,20 +1815,20 @@ index 190b9974526b..27a65991de0e 100644
- struct rmi_driver_data *data = dev_get_drvdata(&rmi_dev->dev);
int irq_flags = irq_get_trigger_type(pdata->irq);
int ret;
-
+
@@ -235,8 +247,6 @@ static int rmi_irq_init(struct rmi_device *rmi_dev)
return ret;
}
-
+
- data->enabled = true;
-
return 0;
}
-
+
@@ -886,23 +896,27 @@ void rmi_enable_irq(struct rmi_device *rmi_dev, bool clear_wake)
if (data->enabled)
goto out;
-
+
- enable_irq(irq);
- data->enabled = true;
- if (clear_wake && device_may_wakeup(rmi_dev->xport->dev)) {
@@ -1848,7 +1848,7 @@ index 190b9974526b..27a65991de0e 100644
+ "Failed to disable irq for wake: %d\n",
+ retval);
+ }
-
+
- /*
- * Call rmi_process_interrupt_requests() after enabling irq,
- * otherwise we may lose interrupt on edge-triggered systems.
@@ -1866,12 +1866,12 @@ index 190b9974526b..27a65991de0e 100644
+ } else {
+ data->enabled = true;
+ }
-
+
out:
mutex_unlock(&data->enabled_mutex);
@@ -922,20 +936,22 @@ void rmi_disable_irq(struct rmi_device *rmi_dev, bool enable_wake)
goto out;
-
+
data->enabled = false;
- disable_irq(irq);
- if (enable_wake && device_may_wakeup(rmi_dev->xport->dev)) {
@@ -1904,21 +1904,21 @@ index 190b9974526b..27a65991de0e 100644
+ kfree(attn_data.data);
+ }
}
-
+
out:
@@ -981,6 +997,8 @@ static int rmi_driver_remove(struct device *dev)
irq_domain_remove(data->irqdomain);
data->irqdomain = NULL;
-
+
+ cancel_work_sync(&data->attn_work);
+
rmi_f34_remove_sysfs(rmi_dev);
rmi_free_function_list(rmi_dev);
-
+
@@ -1218,9 +1236,15 @@ static int rmi_driver_probe(struct device *dev)
}
}
-
+
- retval = rmi_irq_init(rmi_dev);
- if (retval < 0)
- goto err_destroy_functions;
@@ -1931,7 +1931,7 @@ index 190b9974526b..27a65991de0e 100644
+ data->enabled = true;
+
+ INIT_WORK(&data->attn_work, attn_callback);
-
+
if (data->f01_container->dev.driver) {
/* Driver already bound, so enable ATTN now. */
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
@@ -1940,7 +1940,7 @@ index 2b471419e26c..83c8d9845aed 100644
+++ b/drivers/iommu/iommu.c
@@ -7,6 +7,7 @@
#define pr_fmt(fmt) "iommu: " fmt
-
+
#include <linux/device.h>
+#include <linux/dmi.h>
#include <linux/kernel.h>
@@ -1978,7 +1978,7 @@ index 6a79cd0ebe2b..ca44a35ec411 100644
@@ -5290,6 +5290,11 @@ mptsas_probe(struct pci_dev *pdev, const struct pci_device_id *id)
ioc, MPI_SAS_OP_CLEAR_ALL_PERSISTENT);
}
-
+
+#ifdef CONFIG_RHEL_DIFFERENCES
+ add_taint(TAINT_SUPPORT_REMOVED, LOCKDEP_STILL_OK);
+ pr_warn("MPTSAS MODULE IS NOT SUPPORTED\n");
@@ -1989,7 +1989,7 @@ index 6a79cd0ebe2b..ca44a35ec411 100644
dprintk(ioc, printk(MYIOC_s_ERR_FMT
@@ -5353,6 +5358,10 @@ static void mptsas_remove(struct pci_dev *pdev)
}
-
+
static struct pci_device_id mptsas_pci_table[] = {
+#ifdef CONFIG_RHEL_DIFFERENCES
+ { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1068,
@@ -2012,7 +2012,7 @@ index eabc4de5816c..1f458e35effb 100644
+++ b/drivers/message/fusion/mptspi.c
@@ -1238,12 +1238,17 @@ static struct spi_function_template mptspi_transport_functions = {
*/
-
+
static struct pci_device_id mptspi_pci_table[] = {
+#ifdef CONFIG_RHEL_DIFFERENCES
+ { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_53C1030,
@@ -2030,7 +2030,7 @@ index eabc4de5816c..1f458e35effb 100644
MODULE_DEVICE_TABLE(pci, mptspi_pci_table);
@@ -1534,6 +1539,12 @@ mptspi_probe(struct pci_dev *pdev, const struct pci_device_id *id)
0, 0, 0, 0, 5);
-
+
scsi_scan_host(sh);
+
+#ifdef CONFIG_RHEL_DIFFERENCES
@@ -2039,7 +2039,7 @@ index eabc4de5816c..1f458e35effb 100644
+#endif
+
return 0;
-
+
out_mptspi_probe:
diff --git a/drivers/net/ethernet/intel/e1000e/ich8lan.c b/drivers/net/ethernet/intel/e1000e/ich8lan.c
index 735bf25952fc..15f6c0a4dc63 100644
@@ -2048,7 +2048,7 @@ index 735bf25952fc..15f6c0a4dc63 100644
@@ -1243,9 +1243,9 @@ static s32 e1000_disable_ulp_lpt_lp(struct e1000_hw *hw, bool force)
ew32(H2ME, mac_reg);
}
-
+
- /* Poll up to 300msec for ME to clear ULP_CFG_DONE. */
+ /* Poll up to 2.5sec for ME to clear ULP_CFG_DONE. */
while (er32(FWSM) & E1000_FWSM_ULP_CFG_DONE) {
@@ -2062,11 +2062,11 @@ index 5b190c257124..d88fa9c54b16 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -3638,6 +3638,7 @@ static int __init ice_module_init(void)
-
+
pr_info("%s - version %s\n", ice_driver_string, ice_drv_ver);
pr_info("%s\n", ice_copyright);
+ mark_tech_preview(DRV_SUMMARY, THIS_MODULE);
-
+
ice_wq = alloc_workqueue("%s", WQ_MEM_RECLAIM, 0, KBUILD_MODNAME);
if (!ice_wq) {
diff --git a/drivers/pci/controller/pcie-brcmstb.c b/drivers/pci/controller/pcie-brcmstb.c
@@ -2076,11 +2076,11 @@ index 6d79d14527a6..aee84679a997 100644
@@ -28,6 +28,8 @@
#include <linux/string.h>
#include <linux/types.h>
-
+
+#include <soc/bcm2835/raspberrypi-firmware.h>
+
#include "../pci.h"
-
+
/* BRCM_PCIE_CAP_REGS - Offset for the mandatory capability config regs */
@@ -917,11 +919,24 @@ static int brcm_pcie_probe(struct platform_device *pdev)
{
@@ -2091,7 +2091,7 @@ index 6d79d14527a6..aee84679a997 100644
struct pci_bus *child;
struct resource *res;
int ret;
-
+
+ /*
+ * We have to wait for the Raspberry Pi's firmware interface to be up
+ * as some PCI fixups depend on it.
@@ -2118,11 +2118,11 @@ index 0454ca0e4e3f..5cc490b821be 100644
+#include <linux/kernel.h>
#include "pci.h"
#include "pcie/portdrv.h"
-
+
@@ -278,6 +279,34 @@ static const struct pci_device_id *pci_match_device(struct pci_driver *drv,
return found_id;
}
-
+
+/**
+ * pci_hw_vendor_status - Tell if a PCI device is supported by the HW vendor
+ * @ids: array of PCI device id structures to search in
@@ -2161,7 +2161,7 @@ index 28c9a2409c50..ab4cae542b04 100644
@@ -4183,6 +4183,30 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9000,
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9084,
quirk_bridge_cavm_thrx2_pcie_root);
-
+
+/*
+ * PCI BAR 5 is not setup correctly for the on-board AHCI controller
+ * on Broadcom's Vulcan processor. Added a quirk to fix BAR 5 by
@@ -2214,7 +2214,7 @@ index 9b81cfbbc5c5..1ca08297939c 100644
--- a/drivers/scsi/be2iscsi/be_main.c
+++ b/drivers/scsi/be2iscsi/be_main.c
@@ -370,11 +370,13 @@ static int beiscsi_eh_device_reset(struct scsi_cmnd *sc)
-
+
/*------------------- PCI Driver operations and data ----------------- */
static const struct pci_device_id beiscsi_pci_id_table[] = {
+#ifndef CONFIG_RHEL_DIFFERENCES
@@ -2238,7 +2238,7 @@ index 1e9302e99d05..b903580d626f 100644
+#ifndef CONFIG_RHEL_DIFFERENCES
MODULE_ALIAS("cciss");
+#endif
-
+
static int hpsa_simple_mode;
module_param(hpsa_simple_mode, int, S_IRUGO|S_IWUSR);
@@ -144,10 +146,12 @@ static const struct pci_device_id hpsa_pci_device_id[] = {
@@ -2253,14 +2253,14 @@ index 1e9302e99d05..b903580d626f 100644
+#endif
{0,}
};
-
+
diff --git a/drivers/scsi/lpfc/lpfc_ids.h b/drivers/scsi/lpfc/lpfc_ids.h
index d48414e295a0..ba0e384412c9 100644
--- a/drivers/scsi/lpfc/lpfc_ids.h
+++ b/drivers/scsi/lpfc/lpfc_ids.h
@@ -24,6 +24,7 @@
#include <linux/pci.h>
-
+
const struct pci_device_id lpfc_id_table[] = {
+#ifndef CONFIG_RHEL_DIFFERENCES
{PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_VIPER,
@@ -2341,7 +2341,7 @@ index babe85d7b537..9b4df28defd2 100644
@@ -133,6 +133,7 @@ static void megasas_get_pd_info(struct megasas_instance *instance,
*/
static struct pci_device_id megasas_pci_table[] = {
-
+
+#ifndef CONFIG_RHEL_DIFFERENCES
{PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_SAS1064R)},
/* xscale IOP */
@@ -2392,7 +2392,7 @@ index d190db5ea7d9..e0e3d300f3be 100644
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -7759,6 +7759,7 @@ static const struct pci_error_handlers qla2xxx_err_handler = {
};
-
+
static struct pci_device_id qla2xxx_pci_tbl[] = {
+#ifndef CONFIG_RHEL_DIFFERENCES
{ PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2100) },
@@ -2480,7 +2480,7 @@ index 5e0d0813da55..a0760bcd7a97 100644
return sysrq_enabled;
}
+EXPORT_SYMBOL_GPL(sysrq_mask);
-
+
/*
* A value of 1 means 'all', other nonzero values are an op mask:
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
@@ -2490,7 +2490,7 @@ index 54cd8ef795ec..4afeea51b2c9 100644
@@ -5504,6 +5504,13 @@ static void hub_event(struct work_struct *work)
(u16) hub->change_bits[0],
(u16) hub->event_bits[0]);
-
+
+ /* Don't disconnect USB-SATA on TrimSlice */
+ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) {
+ if ((hdev->state == 7) && (hub->change_bits[0] == 0) &&
@@ -2514,9 +2514,9 @@ index beb2efa71341..0dc34668bb2a 100644
+
#include "pci-quirks.h"
#include "xhci-ext-caps.h"
-
+
@@ -1243,11 +1246,24 @@ static void quirk_usb_handoff_xhci(struct pci_dev *pdev)
-
+
static void quirk_usb_early_handoff(struct pci_dev *pdev)
{
+ int ret;
@@ -2551,7 +2551,7 @@ index f68920131a4a..e94932c69f54 100644
- return ret;
+ goto disable_supply;
}
-
+
/*
@@ -471,24 +471,34 @@ static int lp855x_probe(struct i2c_client *cl, const struct i2c_device_id *id)
ret = lp855x_configure(lp);
@@ -2560,7 +2560,7 @@ index f68920131a4a..e94932c69f54 100644
- return ret;
+ goto disable_vddio;
}
-
+
ret = lp855x_backlight_register(lp);
if (ret) {
dev_err(lp->dev,
@@ -2568,14 +2568,14 @@ index f68920131a4a..e94932c69f54 100644
- return ret;
+ goto disable_vddio;
}
-
+
ret = sysfs_create_group(&lp->dev->kobj, &lp855x_attr_group);
if (ret) {
dev_err(lp->dev, "failed to register sysfs. err: %d\n", ret);
- return ret;
+ goto disable_vddio;
}
-
+
backlight_update_status(lp->bl);
+
return 0;
@@ -2589,10 +2589,10 @@ index f68920131a4a..e94932c69f54 100644
+
+ return ret;
}
-
+
static int lp855x_remove(struct i2c_client *cl)
@@ -497,6 +507,8 @@ static int lp855x_remove(struct i2c_client *cl)
-
+
lp->bl->props.brightness = 0;
backlight_update_status(lp->bl);
+ if (lp->enable)
@@ -2607,7 +2607,7 @@ index 251f1f783cdf..a9a9e7e976e7 100644
@@ -42,6 +42,8 @@
#define EFI_ABORTED (21 | (1UL << (BITS_PER_LONG-1)))
#define EFI_SECURITY_VIOLATION (26 | (1UL << (BITS_PER_LONG-1)))
-
+
+#define EFI_IS_ERROR(x) ((x) & (1UL << (BITS_PER_LONG-1)))
+
typedef unsigned long efi_status_t;
@@ -2625,22 +2625,22 @@ index 251f1f783cdf..a9a9e7e976e7 100644
+ efi_secureboot_mode_disabled,
+ efi_secureboot_mode_enabled,
+};
-
+
#ifdef CONFIG_EFI
/*
@@ -787,6 +797,8 @@ static inline bool efi_enabled(int feature)
}
extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused);
-
+
+extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode);
+
bool __pure __efi_soft_reserve_enabled(void);
-
+
static inline bool __pure efi_soft_reserve_enabled(void)
@@ -813,6 +825,8 @@ efi_capsule_pending(int *reset_type)
return false;
}
-
+
+static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {}
+
static inline bool efi_soft_reserve_enabled(void)
@@ -2648,16 +2648,16 @@ index 251f1f783cdf..a9a9e7e976e7 100644
return false;
@@ -825,6 +839,7 @@ static inline bool efi_rt_services_supported(unsigned int mask)
#endif
-
+
extern int efi_status_to_err(efi_status_t status);
+extern const char *efi_status_to_str(efi_status_t status);
-
+
/*
* Variable Attributes
@@ -1083,12 +1098,6 @@ static inline bool efi_runtime_disabled(void) { return true; }
extern void efi_call_virt_check_flags(unsigned long flags, const char *call);
extern unsigned long efi_call_virt_save_flags(void);
-
+
-enum efi_secureboot_mode {
- efi_secureboot_mode_unset,
- efi_secureboot_mode_unknown,
@@ -2665,7 +2665,7 @@ index 251f1f783cdf..a9a9e7e976e7 100644
- efi_secureboot_mode_enabled,
-};
enum efi_secureboot_mode efi_get_secureboot(void);
-
+
#ifdef CONFIG_RESET_ATTACK_MITIGATION
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 9b7a8d74a9d6..8c1ace147540 100644
@@ -2694,7 +2694,7 @@ index 9b7a8d74a9d6..8c1ace147540 100644
+#define TAINT_UNPRIVILEGED_BPF 31
+/* End of Red Hat-specific taint flags */
+#define TAINT_FLAGS_COUNT 32
-
+
struct taint_flag {
char c_true; /* character printed when tainted */
@@ -1029,4 +1046,19 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
@@ -2723,11 +2723,11 @@ index 9cd4455528e5..dfa09696a0e5 100644
+++ b/include/linux/lsm_hook_defs.h
@@ -371,6 +371,8 @@ LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux)
#endif /* CONFIG_BPF_SYSCALL */
-
+
LSM_HOOK(int, 0, locked_down, enum lockdown_reason what)
+LSM_HOOK(int, 0, lock_kernel_down, const char *where, enum lockdown_reason level)
+
-
+
#ifdef CONFIG_PERF_EVENTS
LSM_HOOK(int, 0, perf_event_open, struct perf_event_attr *attr, int type)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
@@ -2757,7 +2757,7 @@ index 1ad393e62bef..3fb19abee033 100644
const char *srcversion;
+ const char *rhelversion;
struct kobject *holders_dir;
-
+
/* Exported symbols */
diff --git a/include/linux/pci.h b/include/linux/pci.h
index 83ce1cdf5676..88397dd562d9 100644
@@ -2773,7 +2773,7 @@ index 83ce1cdf5676..88397dd562d9 100644
+ struct pci_dev *dev);
int pci_scan_bridge(struct pci_bus *bus, struct pci_dev *dev, int max,
int pass);
-
+
diff --git a/include/linux/rh_kabi.h b/include/linux/rh_kabi.h
new file mode 100644
index 000000000000..ea9c136bf884
@@ -3082,12 +3082,12 @@ index 7b22366d0065..307a651b2755 100644
--- a/include/linux/rmi.h
+++ b/include/linux/rmi.h
@@ -363,6 +363,7 @@ struct rmi_driver_data {
-
+
struct rmi4_attn_data attn_data;
DECLARE_KFIFO(attn_fifo, struct rmi4_attn_data, 16);
+ struct work_struct attn_work;
};
-
+
int rmi_register_transport_device(struct rmi_transport_dev *xport);
diff --git a/include/linux/security.h b/include/linux/security.h
index a8d9310472df..381305889d89 100644
@@ -3099,7 +3099,7 @@ index a8d9310472df..381305889d89 100644
int security_locked_down(enum lockdown_reason what);
+int security_lock_kernel_down(const char *where, enum lockdown_reason level);
#else /* CONFIG_SECURITY */
-
+
static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
@@ -1273,6 +1274,10 @@ static inline int security_locked_down(enum lockdown_reason what)
{
@@ -3110,7 +3110,7 @@ index a8d9310472df..381305889d89 100644
+ return 0;
+}
#endif /* CONFIG_SECURITY */
-
+
#ifdef CONFIG_SECURITY_NETWORK
diff --git a/include/soc/bcm2835/raspberrypi-firmware.h b/include/soc/bcm2835/raspberrypi-firmware.h
index 7800e12ee042..3025aca3c358 100644
@@ -3118,10 +3118,10 @@ index 7800e12ee042..3025aca3c358 100644
+++ b/include/soc/bcm2835/raspberrypi-firmware.h
@@ -10,6 +10,7 @@
#include <linux/of_device.h>
-
+
struct rpi_firmware;
+struct pci_dev;
-
+
enum rpi_firmware_property_status {
RPI_FIRMWARE_STATUS_REQUEST = 0,
@@ -90,7 +91,7 @@ enum rpi_firmware_property_tag {
@@ -3130,7 +3130,7 @@ index 7800e12ee042..3025aca3c358 100644
RPI_FIRMWARE_SET_POE_HAT_VAL = 0x00030050,
-
+ RPI_FIRMWARE_NOTIFY_XHCI_RESET = 0x00030058,
-
+
/* Dispmanx TAGS */
RPI_FIRMWARE_FRAMEBUFFER_ALLOCATE = 0x00040001,
@@ -141,6 +142,7 @@ int rpi_firmware_property(struct rpi_firmware *fw,
@@ -3151,7 +3151,7 @@ index 7800e12ee042..3025aca3c358 100644
+ return 0;
+}
#endif
-
+
#endif /* __SOC_RASPBERRY_FIRMWARE_H__ */
diff --git a/kernel/Makefile b/kernel/Makefile
index 4cb4130ced32..b1010f42dd18 100644
@@ -3160,12 +3160,12 @@ index 4cb4130ced32..b1010f42dd18 100644
@@ -12,6 +12,8 @@ obj-y = fork.o exec_domain.o panic.o \
notifier.o ksysfs.o cred.o reboot.o \
async.o range.o smpboot.o ucount.o
-
+
+obj-$(CONFIG_RHEL_DIFFERENCES) += rh_taint.o
+
obj-$(CONFIG_MODULES) += kmod.o
obj-$(CONFIG_MULTIUSER) += groups.o
-
+
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index d85f37239540..28ed55c3dd18 100644
--- a/kernel/bpf/syscall.c
@@ -3177,11 +3177,11 @@ index d85f37239540..28ed55c3dd18 100644
+#include <linux/init.h>
#include <uapi/linux/btf.h>
#include <linux/bpf_lsm.h>
-
+
@@ -43,7 +44,25 @@ static DEFINE_SPINLOCK(prog_idr_lock);
static DEFINE_IDR(map_idr);
static DEFINE_SPINLOCK(map_idr_lock);
-
+
-int sysctl_unprivileged_bpf_disabled __read_mostly;
+/* RHEL-only: default to 1 */
+int sysctl_unprivileged_bpf_disabled __read_mostly = 1;
@@ -3202,7 +3202,7 @@ index d85f37239540..28ed55c3dd18 100644
+ return 1;
+}
+__setup("unprivileged_bpf_disabled=", unprivileged_bpf_setup);
-
+
static const struct bpf_map_ops * const bpf_map_types[] = {
#define BPF_PROG_TYPE(_id, _name, prog_ctx_type, kern_ctx_type)
@@ -3659,11 +3678,17 @@ static int link_update(union bpf_attr *attr)
@@ -3211,10 +3211,10 @@ index d85f37239540..28ed55c3dd18 100644
union bpf_attr attr;
+ static int marked;
int err;
-
+
if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN))
return -EPERM;
-
+
+ if (!marked) {
+ mark_tech_preview("eBPF syscall", NULL);
+ marked = true;
@@ -3232,7 +3232,7 @@ index 9f1557b98468..df551fc9034c 100644
#include <linux/utsname.h>
#include <linux/vmalloc.h>
+#include <linux/sizes.h>
-
+
#include <asm/page.h>
#include <asm/sections.h>
@@ -39,6 +40,15 @@ static int __init parse_crashkernel_mem(char *cmdline,
@@ -3248,7 +3248,7 @@ index 9f1557b98468..df551fc9034c 100644
+ * enough for most test cases.
+ */
+ total_mem = roundup(total_mem, SZ_128M);
-
+
/* for each entry of the comma-separated list */
do {
@@ -83,13 +93,13 @@ static int __init parse_crashkernel_mem(char *cmdline,
@@ -3260,7 +3260,7 @@ index 9f1557b98468..df551fc9034c 100644
pr_warn("crashkernel: invalid size\n");
return -EINVAL;
}
-
+
/* match ? */
- if (system_ram >= start && system_ram < end) {
+ if (total_mem >= start && total_mem < end) {
@@ -3293,13 +3293,13 @@ index 646f1e2330d2..aed5b1fcadf8 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -799,6 +799,7 @@ static struct module_attribute modinfo_##field = { \
-
+
MODINFO_ATTR(version);
MODINFO_ATTR(srcversion);
+MODINFO_ATTR(rhelversion);
-
+
static char last_unloaded_module[MODULE_NAME_LEN+1];
-
+
@@ -1263,6 +1264,7 @@ static struct module_attribute *modinfo_attrs[] = {
&module_uevent,
&modinfo_version,
@@ -3315,7 +3315,7 @@ index 9d9fc678c91d..84ad75a53c83 100644
@@ -38,8 +38,15 @@ int mod_verify_sig(const void *mod, struct load_info *info)
modlen -= sig_len + sizeof(ms);
info->len = modlen;
-
+
- return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
+ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
VERIFY_USE_SECONDARY_KEYRING,
@@ -3352,7 +3352,7 @@ index b69ee9e76cb2..4f08e4f4a6b0 100644
+ [ TAINT_RESERVED30 ] = { '?', '-', false },
+ [ TAINT_UNPRIVILEGED_BPF ] = { 'u', ' ', false },
};
-
+
/**
diff --git a/kernel/rh_taint.c b/kernel/rh_taint.c
new file mode 100644
@@ -3467,7 +3467,7 @@ index e362dc3d2028..0c3dfb8eef67 100644
+ }
+
kmemleak_initialized = 1;
-
+
debugfs_create_file("kmemleak", 0644, NULL, NULL, &kmemleak_fops);
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 5c3c50c5ec52..188eb460cede 100644
@@ -3478,13 +3478,13 @@ index 5c3c50c5ec52..188eb460cede 100644
#include "modpost.h"
#include "../../include/linux/license.h"
+#include "../../include/generated/uapi/linux/version.h"
-
+
/* Are we using CONFIG_MODVERSIONS? */
static int modversions = 0;
@@ -2381,6 +2382,12 @@ static void add_srcversion(struct buffer *b, struct module *mod)
}
}
-
+
+static void add_rhelversion(struct buffer *b, struct module *mod)
+{
+ buf_printf(b, "MODULE_INFO(rhelversion, \"%d.%d\");\n", RHEL_MAJOR,
@@ -3499,7 +3499,7 @@ index 5c3c50c5ec52..188eb460cede 100644
add_moddevtable(&buf, mod);
add_srcversion(&buf, mod);
+ add_rhelversion(&buf, mod);
-
+
sprintf(fname, "%s.mod.c", mod->name);
write_if_changed(&buf, fname);
diff --git a/scripts/tags.sh b/scripts/tags.sh
@@ -3512,7 +3512,7 @@ index 4e18ae5282a6..805341c0aaf3 100755
ignore="$ignore ( -name *.mod.c ) -prune -o"
+# RHEL tags and cscope should also ignore redhat/rpm
+ignore="$ignore ( -path redhat/rpm ) -prune -o"
-
+
# Use make KBUILD_ABS_SRCTREE=1 {tags|cscope}
# to force full paths for a non-O= build
diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
@@ -3521,14 +3521,14 @@ index 253fb9a7fc98..8c95b68d86d4 100644
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -46,7 +46,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
return NULL;
-
+
if (*status != EFI_BUFFER_TOO_SMALL) {
- pr_err("Couldn't get size: 0x%lx\n", *status);
+ pr_err("Couldn't get size: %s (0x%lx)\n",
+ efi_status_to_str(*status), *status);
return NULL;
}
-
+
@@ -57,7 +58,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
*status = efi.get_variable(name, guid, NULL, &lsize, db);
if (*status != EFI_SUCCESS) {
@@ -3538,7 +3538,7 @@ index 253fb9a7fc98..8c95b68d86d4 100644
+ efi_status_to_str(*status), *status);
return NULL;
}
-
+
diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig
index e84ddf484010..d0501353a4b9 100644
--- a/security/lockdown/Kconfig
@@ -3546,7 +3546,7 @@ index e84ddf484010..d0501353a4b9 100644
@@ -16,6 +16,19 @@ config SECURITY_LOCKDOWN_LSM_EARLY
subsystem is fully initialised. If enabled, lockdown will
unconditionally be called before any other LSMs.
-
+
+config LOCK_DOWN_IN_EFI_SECURE_BOOT
+ bool "Lock down the kernel in EFI Secure Boot mode"
+ default n
@@ -3568,12 +3568,12 @@ index 5a952617a0eb..61cc3cdc4d25 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -73,6 +73,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what)
-
+
static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = {
LSM_HOOK_INIT(locked_down, lockdown_is_locked_down),
+ LSM_HOOK_INIT(lock_kernel_down, lock_kernel_down),
};
-
+
static int __init lockdown_lsm_init(void)
diff --git a/security/security.c b/security/security.c
index 7fed24b9d57e..37fab5c5d974 100644
@@ -3582,7 +3582,7 @@ index 7fed24b9d57e..37fab5c5d974 100644
@@ -2456,6 +2456,12 @@ int security_locked_down(enum lockdown_reason what)
}
EXPORT_SYMBOL(security_locked_down);
-
+
+int security_lock_kernel_down(const char *where, enum lockdown_reason level)
+{
+ return call_int_hook(lock_kernel_down, 0, where, level);