From 5245d1d672fcf9c1db8572177aa44329642688e2 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Tue, 11 Jan 2022 14:04:16 -0600 Subject: kernel-5.17-0.rc0.20220111gitfe8152b38d3a.61 * Tue Jan 11 2022 Justin M. Forbes [5.17-0.rc0.20220111gitfe8152b38d3a.61] - lib/crypto: add prompts back to crypto libraries (Justin M. Forbes) Resolves: rhbz# Signed-off-by: Justin M. Forbes --- patch-5.17-redhat.patch | 3220 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 3220 insertions(+) create mode 100644 patch-5.17-redhat.patch (limited to 'patch-5.17-redhat.patch') diff --git a/patch-5.17-redhat.patch b/patch-5.17-redhat.patch new file mode 100644 index 000000000..e5ec4a276 --- /dev/null +++ b/patch-5.17-redhat.patch @@ -0,0 +1,3220 @@ + Documentation/admin-guide/kernel-parameters.txt | 9 + + Kconfig | 2 + + Kconfig.redhat | 17 ++ + Makefile | 12 +- + arch/arm/Kconfig | 4 +- + arch/arm64/Kconfig | 3 +- + arch/arm64/kernel/acpi.c | 4 + + arch/s390/include/asm/ipl.h | 1 + + arch/s390/kernel/ipl.c | 5 + + arch/s390/kernel/setup.c | 4 + + arch/x86/kernel/cpu/common.c | 1 + + arch/x86/kernel/setup.c | 70 ++++- + crypto/rng.c | 73 ++++- + drivers/acpi/apei/hest.c | 8 + + drivers/acpi/irq.c | 17 +- + drivers/acpi/scan.c | 9 + + drivers/ata/libahci.c | 18 ++ + drivers/char/ipmi/ipmi_dmi.c | 15 ++ + drivers/char/ipmi/ipmi_msghandler.c | 16 +- + drivers/char/random.c | 115 ++++++++ + drivers/firmware/efi/Makefile | 1 + + drivers/firmware/efi/efi.c | 124 ++++++--- + drivers/firmware/efi/secureboot.c | 38 +++ + drivers/hid/hid-rmi.c | 64 ----- + drivers/hwtracing/coresight/coresight-etm4x-core.c | 19 ++ + drivers/input/rmi4/rmi_driver.c | 124 +++++---- + drivers/iommu/iommu.c | 22 ++ + drivers/message/fusion/mptsas.c | 10 + + drivers/message/fusion/mptspi.c | 11 + + drivers/net/ethernet/intel/e1000/e1000_main.c | 2 + + drivers/net/team/team.c | 2 + + drivers/net/wireguard/main.c | 7 + + drivers/nvme/host/core.c | 22 +- + drivers/nvme/host/multipath.c | 19 +- + drivers/nvme/host/nvme.h | 4 + + drivers/pci/pci-driver.c | 78 ++++++ + drivers/pci/quirks.c | 24 ++ + drivers/scsi/aacraid/linit.c | 2 + + drivers/scsi/be2iscsi/be_main.c | 2 + + drivers/scsi/hpsa.c | 4 + + drivers/scsi/lpfc/lpfc_ids.h | 14 + + drivers/scsi/megaraid/megaraid_sas_base.c | 4 + + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 4 + + drivers/scsi/qla2xxx/qla_os.c | 6 + + drivers/scsi/qla4xxx/ql4_os.c | 2 + + drivers/usb/core/hub.c | 7 + + fs/ext4/super.c | 5 + + fs/xfs/xfs_super.c | 5 + + include/linux/efi.h | 22 +- + include/linux/kernel.h | 19 ++ + include/linux/lsm_hook_defs.h | 2 + + include/linux/lsm_hooks.h | 6 + + include/linux/module.h | 1 + + include/linux/panic.h | 19 +- + include/linux/pci.h | 16 ++ + include/linux/random.h | 7 + + include/linux/rh_kabi.h | 297 +++++++++++++++++++++ + include/linux/rmi.h | 1 + + include/linux/security.h | 5 + + init/Kconfig | 2 +- + kernel/Makefile | 1 + + kernel/bpf/syscall.c | 18 ++ + kernel/module.c | 2 + + kernel/module_signing.c | 9 +- + kernel/panic.c | 14 + + kernel/rh_messages.c | 179 +++++++++++++ + kernel/sysctl.c | 5 + + lib/crypto/Kconfig | 8 +- + mm/cma.c | 10 + + scripts/mod/modpost.c | 8 + + scripts/tags.sh | 2 + + security/integrity/platform_certs/load_uefi.c | 6 +- + security/lockdown/Kconfig | 13 + + security/lockdown/lockdown.c | 1 + + security/security.c | 6 + + 75 files changed, 1516 insertions(+), 192 deletions(-) + +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 49f495c9a7f8..aa7c84429250 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -5958,6 +5958,15 @@ + unknown_nmi_panic + [X86] Cause panic on unknown NMI. + ++ unprivileged_bpf_disabled= ++ Format: { "0" | "1" | "2" } ++ Sets the initial value of ++ kernel.unprivileged_bpf_disabled sysctl knob. ++ 0 - unprivileged bpf() syscall access is enabled. ++ 1 - unprivileged bpf() syscall access is disabled permanently. ++ 2 - unprivileged bpf() syscall access is disabled. ++ Default value is 2. ++ + usbcore.authorized_default= + [USB] Default USB device authorization: + (default -1 = authorized except for wireless USB, +diff --git a/Kconfig b/Kconfig +index 745bc773f567..f57ff40109d7 100644 +--- a/Kconfig ++++ b/Kconfig +@@ -30,3 +30,5 @@ source "lib/Kconfig" + source "lib/Kconfig.debug" + + source "Documentation/Kconfig" ++ ++source "Kconfig.redhat" +diff --git a/Kconfig.redhat b/Kconfig.redhat +new file mode 100644 +index 000000000000..effb81d04bfd +--- /dev/null ++++ b/Kconfig.redhat +@@ -0,0 +1,17 @@ ++# SPDX-License-Identifier: GPL-2.0-only ++# ++# Red Hat specific options ++# ++ ++menu "Red Hat options" ++ ++config RHEL_DIFFERENCES ++ bool "Remove support for deprecated features" ++ help ++ Red Hat may choose to deprecate certain features in its kernels. ++ Enable this option to remove support for hardware that is no ++ longer supported. ++ ++ Unless you want a restricted kernel, say N here. ++ ++endmenu +diff --git a/Makefile b/Makefile +index 08510230b42f..6b4160ecf0bd 100644 +--- a/Makefile ++++ b/Makefile +@@ -18,6 +18,10 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ + PHONY := __all + __all: + ++# Set RHEL variables ++# Use this spot to avoid future merge conflicts ++include Makefile.rhelver ++ + # We are using a recursive build, so we need to do a little thinking + # to get the ordering right. + # +@@ -1241,7 +1245,13 @@ define filechk_version.h + ((c) > 255 ? 255 : (c)))'; \ + echo \#define LINUX_VERSION_MAJOR $(VERSION); \ + echo \#define LINUX_VERSION_PATCHLEVEL $(PATCHLEVEL); \ +- echo \#define LINUX_VERSION_SUBLEVEL $(SUBLEVEL) ++ echo \#define LINUX_VERSION_SUBLEVEL $(SUBLEVEL); \ ++ echo '#define RHEL_MAJOR $(RHEL_MAJOR)'; \ ++ echo '#define RHEL_MINOR $(RHEL_MINOR)'; \ ++ echo '#define RHEL_RELEASE_VERSION(a,b) (((a) << 8) + (b))'; \ ++ echo '#define RHEL_RELEASE_CODE \ ++ $(shell expr $(RHEL_MAJOR) \* 256 + $(RHEL_MINOR))'; \ ++ echo '#define RHEL_RELEASE "$(RHEL_RELEASE)"' + endef + + $(version_h): PATCHLEVEL := $(if $(PATCHLEVEL), $(PATCHLEVEL), 0) +diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig +index 796fc8017f5d..427312380687 100644 +--- a/arch/arm/Kconfig ++++ b/arch/arm/Kconfig +@@ -1478,9 +1478,9 @@ config HIGHMEM + If unsure, say n. + + config HIGHPTE +- bool "Allocate 2nd-level pagetables from highmem" if EXPERT ++ bool "Allocate 2nd-level pagetables from highmem" + depends on HIGHMEM +- default y ++ default n + help + The VM uses one page of physical memory for each page table. + For systems with a lot of processes, this can use a lot of +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index ef3b5cb40d16..c3f0f2fbb9f9 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -1025,7 +1025,7 @@ endchoice + + config ARM64_FORCE_52BIT + bool "Force 52-bit virtual addresses for userspace" +- depends on ARM64_VA_BITS_52 && EXPERT ++ depends on ARM64_VA_BITS_52 + help + For systems with 52-bit userspace VAs enabled, the kernel will attempt + to maintain compatibility with older software by providing 48-bit VAs +@@ -1279,6 +1279,7 @@ config XEN + config FORCE_MAX_ZONEORDER + int + default "14" if ARM64_64K_PAGES ++ default "13" if (ARCH_THUNDER && !ARM64_64K_PAGES) + default "12" if ARM64_16K_PAGES + default "11" + help +diff --git a/arch/arm64/kernel/acpi.c b/arch/arm64/kernel/acpi.c +index e4dea8db6924..3f17c7b5bd78 100644 +--- a/arch/arm64/kernel/acpi.c ++++ b/arch/arm64/kernel/acpi.c +@@ -41,7 +41,11 @@ int acpi_pci_disabled = 1; /* skip ACPI PCI scan and IRQ initialization */ + EXPORT_SYMBOL(acpi_pci_disabled); + + static bool param_acpi_off __initdata; ++#ifdef CONFIG_RHEL_DIFFERENCES ++static bool param_acpi_on __initdata = true; ++#else + static bool param_acpi_on __initdata; ++#endif + static bool param_acpi_force __initdata; + + static int __init parse_acpi(char *arg) +diff --git a/arch/s390/include/asm/ipl.h b/arch/s390/include/asm/ipl.h +index 3f8ee257f9aa..3ab92feb6241 100644 +--- a/arch/s390/include/asm/ipl.h ++++ b/arch/s390/include/asm/ipl.h +@@ -128,6 +128,7 @@ int ipl_report_add_component(struct ipl_report *report, struct kexec_buf *kbuf, + unsigned char flags, unsigned short cert); + int ipl_report_add_certificate(struct ipl_report *report, void *key, + unsigned long addr, unsigned long len); ++bool ipl_get_secureboot(void); + + /* + * DIAG 308 support +diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c +index 5ad1dde23dc5..b6192d58eed3 100644 +--- a/arch/s390/kernel/ipl.c ++++ b/arch/s390/kernel/ipl.c +@@ -2216,3 +2216,8 @@ int ipl_report_free(struct ipl_report *report) + } + + #endif ++ ++bool ipl_get_secureboot(void) ++{ ++ return !!ipl_secure_flag; ++} +diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c +index f2c25d113e7b..059fe82e020a 100644 +--- a/arch/s390/kernel/setup.c ++++ b/arch/s390/kernel/setup.c +@@ -49,6 +49,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -963,6 +964,9 @@ void __init setup_arch(char **cmdline_p) + + log_component_list(); + ++ if (ipl_get_secureboot()) ++ security_lock_kernel_down("Secure IPL mode", LOCKDOWN_INTEGRITY_MAX); ++ + /* Have one command line that is parsed and saved in /proc/cmdline */ + /* boot_command_line has been already set up in early.c */ + *cmdline_p = boot_command_line; +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 7b8382c11788..4aa07bcf45cf 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1316,6 +1316,7 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) + cpu_detect(c); + get_cpu_vendor(c); + get_cpu_cap(c); ++ get_model_name(c); /* RHEL: get model name for unsupported check */ + get_cpu_address_sizes(c); + setup_force_cpu_cap(X86_FEATURE_CPUID); + cpu_parse_early_param(); +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index f7a132eb794d..2305f8353e49 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -51,6 +52,7 @@ + #include + #include + #include ++#include + + /* + * max_low_pfn_mapped: highest directly mapped pfn < 4 GB +@@ -721,6 +723,51 @@ static void __init early_reserve_memory(void) + trim_snb_memory(); + } + ++#ifdef CONFIG_RHEL_DIFFERENCES ++ ++static void rh_check_supported(void) ++{ ++ bool guest; ++ ++ guest = (x86_hyper_type != X86_HYPER_NATIVE || boot_cpu_has(X86_FEATURE_HYPERVISOR)); ++ ++ /* RHEL supports single cpu on guests only */ ++ if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && ++ !guest && is_kdump_kernel()) { ++ pr_crit("Detected single cpu native boot.\n"); ++ pr_crit("Important: In this kernel, single threaded, single CPU 64-bit physical systems are unsupported."); ++ } ++ ++ /* ++ * If the RHEL kernel does not support this hardware, the kernel will ++ * attempt to boot, but no support is provided for this hardware ++ */ ++ switch (boot_cpu_data.x86_vendor) { ++ case X86_VENDOR_AMD: ++ case X86_VENDOR_INTEL: ++ break; ++ default: ++ pr_crit("Detected processor %s %s\n", ++ boot_cpu_data.x86_vendor_id, ++ boot_cpu_data.x86_model_id); ++ mark_hardware_unmaintained("x86 processor", "%s %s", boot_cpu_data.x86_vendor_id, ++ boot_cpu_data.x86_model_id); ++ break; ++ } ++ ++ /* ++ * Due to the complexity of x86 lapic & ioapic enumeration, and PCI IRQ ++ * routing, ACPI is required for x86. acpi=off is a valid debug kernel ++ * parameter, so just print out a loud warning in case something ++ * goes wrong (which is most of the time). ++ */ ++ if (acpi_disabled && !guest) ++ pr_crit("ACPI has been disabled or is not available on this hardware. This may result in a single cpu boot, incorrect PCI IRQ routing, or boot failure.\n"); ++} ++#else ++#define rh_check_supported() ++#endif ++ + /* + * Dump out kernel offset information on panic. + */ +@@ -930,6 +977,13 @@ void __init setup_arch(char **cmdline_p) + if (efi_enabled(EFI_BOOT)) + efi_init(); + ++ efi_set_secure_boot(boot_params.secure_boot); ++ ++#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT ++ if (efi_enabled(EFI_SECURE_BOOT)) ++ security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_INTEGRITY_MAX); ++#endif ++ + dmi_setup(); + + /* +@@ -1099,19 +1153,7 @@ void __init setup_arch(char **cmdline_p) + /* Allocate bigger log buffer */ + setup_log_buf(1); + +- if (efi_enabled(EFI_BOOT)) { +- switch (boot_params.secure_boot) { +- case efi_secureboot_mode_disabled: +- pr_info("Secure boot disabled\n"); +- break; +- case efi_secureboot_mode_enabled: +- pr_info("Secure boot enabled\n"); +- break; +- default: +- pr_info("Secure boot could not be determined\n"); +- break; +- } +- } ++ efi_set_secure_boot(boot_params.secure_boot); + + reserve_initrd(); + +@@ -1224,6 +1266,8 @@ void __init setup_arch(char **cmdline_p) + efi_apply_memmap_quirks(); + #endif + ++ rh_check_supported(); ++ + unwind_init(); + } + +diff --git a/crypto/rng.c b/crypto/rng.c +index fea082b25fe4..50a9d040bed1 100644 +--- a/crypto/rng.c ++++ b/crypto/rng.c +@@ -11,14 +11,17 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include + #include ++#include ++#include + #include + #include + #include +-#include + #include + + #include "internal.h" +@@ -224,5 +227,73 @@ void crypto_unregister_rngs(struct rng_alg *algs, int count) + } + EXPORT_SYMBOL_GPL(crypto_unregister_rngs); + ++static ssize_t crypto_devrandom_read(void __user *buf, size_t buflen) ++{ ++ u8 tmp[256]; ++ ssize_t ret; ++ ++ if (!buflen) ++ return 0; ++ ++ ret = crypto_get_default_rng(); ++ if (ret) ++ return ret; ++ ++ for (;;) { ++ int err; ++ int i; ++ ++ i = min_t(int, buflen, sizeof(tmp)); ++ err = crypto_rng_get_bytes(crypto_default_rng, tmp, i); ++ if (err) { ++ ret = err; ++ break; ++ } ++ ++ if (copy_to_user(buf, tmp, i)) { ++ ret = -EFAULT; ++ break; ++ } ++ ++ buflen -= i; ++ buf += i; ++ ret += i; ++ ++ if (!buflen) ++ break; ++ ++ if (need_resched()) { ++ if (signal_pending(current)) ++ break; ++ schedule(); ++ } ++ } ++ ++ crypto_put_default_rng(); ++ memzero_explicit(tmp, sizeof(tmp)); ++ ++ return ret; ++} ++ ++static const struct random_extrng crypto_devrandom_rng = { ++ .extrng_read = crypto_devrandom_read, ++ .owner = THIS_MODULE, ++}; ++ ++static int __init crypto_rng_init(void) ++{ ++ if (fips_enabled) ++ random_register_extrng(&crypto_devrandom_rng); ++ return 0; ++} ++ ++static void __exit crypto_rng_exit(void) ++{ ++ random_unregister_extrng(); ++} ++ ++late_initcall(crypto_rng_init); ++module_exit(crypto_rng_exit); ++ + MODULE_LICENSE("GPL"); + MODULE_DESCRIPTION("Random Number Generator"); +diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c +index 0edc1ed47673..782e2f399af2 100644 +--- a/drivers/acpi/apei/hest.c ++++ b/drivers/acpi/apei/hest.c +@@ -96,6 +96,14 @@ static int apei_hest_parse(apei_hest_func_t func, void *data) + if (hest_disable || !hest_tab) + return -EINVAL; + ++#ifdef CONFIG_ARM64 ++ /* Ignore broken firmware */ ++ if (!strncmp(hest_tab->header.oem_id, "HPE ", 6) && ++ !strncmp(hest_tab->header.oem_table_id, "ProLiant", 8) && ++ MIDR_IMPLEMENTOR(read_cpuid_id()) == ARM_CPU_IMP_APM) ++ return -EINVAL; ++#endif ++ + hest_hdr = (struct acpi_hest_header *)(hest_tab + 1); + for (i = 0; i < hest_tab->error_source_count; i++) { + len = hest_esrc_len(hest_hdr); +diff --git a/drivers/acpi/irq.c b/drivers/acpi/irq.c +index c68e694fca26..146cba5ae5bc 100644 +--- a/drivers/acpi/irq.c ++++ b/drivers/acpi/irq.c +@@ -130,6 +130,7 @@ struct acpi_irq_parse_one_ctx { + unsigned int index; + unsigned long *res_flags; + struct irq_fwspec *fwspec; ++ bool skip_producer_check; + }; + + /** +@@ -201,7 +202,8 @@ static acpi_status acpi_irq_parse_one_cb(struct acpi_resource *ares, + return AE_CTRL_TERMINATE; + case ACPI_RESOURCE_TYPE_EXTENDED_IRQ: + eirq = &ares->data.extended_irq; +- if (eirq->producer_consumer == ACPI_PRODUCER) ++ if (!ctx->skip_producer_check && ++ eirq->producer_consumer == ACPI_PRODUCER) + return AE_OK; + if (ctx->index >= eirq->interrupt_count) { + ctx->index -= eirq->interrupt_count; +@@ -236,8 +238,19 @@ static acpi_status acpi_irq_parse_one_cb(struct acpi_resource *ares, + static int acpi_irq_parse_one(acpi_handle handle, unsigned int index, + struct irq_fwspec *fwspec, unsigned long *flags) + { +- struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec }; ++ struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec, false }; + ++ /* ++ * Firmware on arm64-based HPE m400 platform incorrectly marks ++ * its UART interrupt as ACPI_PRODUCER rather than ACPI_CONSUMER. ++ * Don't do the producer/consumer check for that device. ++ */ ++ if (IS_ENABLED(CONFIG_ARM64)) { ++ struct acpi_device *adev = acpi_bus_get_acpi_device(handle); ++ ++ if (adev && !strcmp(acpi_device_hid(adev), "APMC0D08")) ++ ctx.skip_producer_check = true; ++ } + acpi_walk_resources(handle, METHOD_NAME__CRS, acpi_irq_parse_one_cb, &ctx); + return ctx.rc; + } +diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c +index 1185ecea59d1..f913b21a0be5 100644 +--- a/drivers/acpi/scan.c ++++ b/drivers/acpi/scan.c +@@ -1753,6 +1753,15 @@ static bool acpi_device_enumeration_by_parent(struct acpi_device *device) + if (!acpi_match_device_ids(device, ignore_serial_bus_ids)) + return false; + ++ /* ++ * Firmware on some arm64 X-Gene platforms will make the UART ++ * device appear as both a UART and a slave of that UART. Just ++ * bail out here for X-Gene UARTs. ++ */ ++ if (IS_ENABLED(CONFIG_ARM64) && ++ !strcmp(acpi_device_hid(device), "APMC0D08")) ++ return false; ++ + INIT_LIST_HEAD(&resource_list); + acpi_dev_get_resources(device, &resource_list, + acpi_check_serial_bus_slave, +diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c +index f76b8418e6fb..350e52fccc30 100644 +--- a/drivers/ata/libahci.c ++++ b/drivers/ata/libahci.c +@@ -690,6 +690,24 @@ int ahci_stop_engine(struct ata_port *ap) + tmp &= ~PORT_CMD_START; + writel(tmp, port_mmio + PORT_CMD); + ++#ifdef CONFIG_ARM64 ++ /* Rev Ax of Cavium CN99XX needs a hack for port stop */ ++ if (dev_is_pci(ap->host->dev) && ++ to_pci_dev(ap->host->dev)->vendor == 0x14e4 && ++ to_pci_dev(ap->host->dev)->device == 0x9027 && ++ midr_is_cpu_model_range(read_cpuid_id(), ++ MIDR_CPU_MODEL(ARM_CPU_IMP_BRCM, BRCM_CPU_PART_VULCAN), ++ MIDR_CPU_VAR_REV(0, 0), ++ MIDR_CPU_VAR_REV(0, MIDR_REVISION_MASK))) { ++ tmp = readl(hpriv->mmio + 0x8000); ++ udelay(100); ++ writel(tmp | (1 << 26), hpriv->mmio + 0x8000); ++ udelay(100); ++ writel(tmp & ~(1 << 26), hpriv->mmio + 0x8000); ++ dev_warn(ap->host->dev, "CN99XX SATA reset workaround applied\n"); ++ } ++#endif ++ + /* wait for engine to stop. This could be as long as 500 msec */ + tmp = ata_wait_register(ap, port_mmio + PORT_CMD, + PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500); +diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c +index bbf7029e224b..cf7faa970dd6 100644 +--- a/drivers/char/ipmi/ipmi_dmi.c ++++ b/drivers/char/ipmi/ipmi_dmi.c +@@ -215,6 +215,21 @@ static int __init scan_for_dmi_ipmi(void) + { + const struct dmi_device *dev = NULL; + ++#ifdef CONFIG_ARM64 ++ /* RHEL-only ++ * If this is ARM-based HPE m400, return now, because that platform ++ * reports the host-side ipmi address as intel port-io space, which ++ * does not exist in the ARM architecture. ++ */ ++ const char *dmistr = dmi_get_system_info(DMI_PRODUCT_NAME); ++ ++ if (dmistr && (strcmp("ProLiant m400 Server", dmistr) == 0)) { ++ pr_debug("%s does not support host ipmi\n", dmistr); ++ return 0; ++ } ++ /* END RHEL-only */ ++#endif ++ + while ((dev = dmi_find_device(DMI_DEV_TYPE_IPMI, NULL, dev))) + dmi_decode_ipmi((const struct dmi_header *) dev->device_data); + +diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c +index c59265146e9c..caa8458edde2 100644 +--- a/drivers/char/ipmi/ipmi_msghandler.c ++++ b/drivers/char/ipmi/ipmi_msghandler.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + #include + + #define IPMI_DRIVER_VERSION "39.2" +@@ -5422,8 +5423,21 @@ static int __init ipmi_init_msghandler_mod(void) + { + int rv; + +- pr_info("version " IPMI_DRIVER_VERSION "\n"); ++#ifdef CONFIG_ARM64 ++ /* RHEL-only ++ * If this is ARM-based HPE m400, return now, because that platform ++ * reports the host-side ipmi address as intel port-io space, which ++ * does not exist in the ARM architecture. ++ */ ++ const char *dmistr = dmi_get_system_info(DMI_PRODUCT_NAME); + ++ if (dmistr && (strcmp("ProLiant m400 Server", dmistr) == 0)) { ++ pr_debug("%s does not support host ipmi\n", dmistr); ++ return -ENOSYS; ++ } ++ /* END RHEL-only */ ++#endif ++ pr_info("version " IPMI_DRIVER_VERSION "\n"); + mutex_lock(&ipmi_interfaces_mutex); + rv = ipmi_register_driver(); + mutex_unlock(&ipmi_interfaces_mutex); +diff --git a/drivers/char/random.c b/drivers/char/random.c +index 227fb7802738..2836c089d2f3 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -345,6 +345,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -359,6 +360,11 @@ + + /* #define ADD_INTERRUPT_BENCH */ + ++/* ++ * Hook for external RNG. ++ */ ++static const struct random_extrng __rcu *extrng; ++ + /* + * Configuration information + */ +@@ -493,6 +499,9 @@ static int ratelimit_disable __read_mostly; + module_param_named(ratelimit_disable, ratelimit_disable, int, 0644); + MODULE_PARM_DESC(ratelimit_disable, "Disable random ratelimit suppression"); + ++static const struct file_operations extrng_random_fops; ++static const struct file_operations extrng_urandom_fops; ++ + /********************************************************************** + * + * OS independent entropy store. Here are the functions which handle +@@ -1869,6 +1878,13 @@ random_poll(struct file *file, poll_table * wait) + return mask; + } + ++static __poll_t ++extrng_poll(struct file *file, poll_table * wait) ++{ ++ /* extrng pool is always full, always read, no writes */ ++ return EPOLLIN | EPOLLRDNORM; ++} ++ + static int + write_pool(struct entropy_store *r, const char __user *buffer, size_t count) + { +@@ -1972,7 +1988,58 @@ static int random_fasync(int fd, struct file *filp, int on) + return fasync_helper(fd, filp, on, &fasync); + } + ++static int random_open(struct inode *inode, struct file *filp) ++{ ++ const struct random_extrng *rng; ++ ++ rcu_read_lock(); ++ rng = rcu_dereference(extrng); ++ if (rng && !try_module_get(rng->owner)) ++ rng = NULL; ++ rcu_read_unlock(); ++ ++ if (!rng) ++ return 0; ++ ++ filp->f_op = &extrng_random_fops; ++ filp->private_data = rng->owner; ++ ++ return 0; ++} ++ ++static int urandom_open(struct inode *inode, struct file *filp) ++{ ++ const struct random_extrng *rng; ++ ++ rcu_read_lock(); ++ rng = rcu_dereference(extrng); ++ if (rng && !try_module_get(rng->owner)) ++ rng = NULL; ++ rcu_read_unlock(); ++ ++ if (!rng) ++ return 0; ++ ++ filp->f_op = &extrng_urandom_fops; ++ filp->private_data = rng->owner; ++ ++ return 0; ++} ++ ++static int extrng_release(struct inode *inode, struct file *filp) ++{ ++ module_put(filp->private_data); ++ return 0; ++} ++ ++static ssize_t ++extrng_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) ++{ ++ return rcu_dereference_raw(extrng)->extrng_read(buf, nbytes); ++} ++ + const struct file_operations random_fops = { ++ .open = random_open, + .read = random_read, + .write = random_write, + .poll = random_poll, +@@ -1983,6 +2050,7 @@ const struct file_operations random_fops = { + }; + + const struct file_operations urandom_fops = { ++ .open = urandom_open, + .read = urandom_read, + .write = random_write, + .unlocked_ioctl = random_ioctl, +@@ -1991,9 +2059,31 @@ const struct file_operations urandom_fops = { + .llseek = noop_llseek, + }; + ++static const struct file_operations extrng_random_fops = { ++ .open = random_open, ++ .read = extrng_read, ++ .write = random_write, ++ .poll = extrng_poll, ++ .unlocked_ioctl = random_ioctl, ++ .fasync = random_fasync, ++ .llseek = noop_llseek, ++ .release = extrng_release, ++}; ++ ++static const struct file_operations extrng_urandom_fops = { ++ .open = urandom_open, ++ .read = extrng_read, ++ .write = random_write, ++ .unlocked_ioctl = random_ioctl, ++ .fasync = random_fasync, ++ .llseek = noop_llseek, ++ .release = extrng_release, ++}; ++ + SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, + unsigned int, flags) + { ++ const struct random_extrng *rng; + int ret; + + if (flags & ~(GRND_NONBLOCK|GRND_RANDOM|GRND_INSECURE)) +@@ -2009,6 +2099,18 @@ SYSCALL_DEFINE3(getrandom, char __user *, buf, size_t, count, + if (count > INT_MAX) + count = INT_MAX; + ++ rcu_read_lock(); ++ rng = rcu_dereference(extrng); ++ if (rng && !try_module_get(rng->owner)) ++ rng = NULL; ++ rcu_read_unlock(); ++ ++ if (rng) { ++ ret = rng->extrng_read(buf, count); ++ module_put(rng->owner); ++ return ret; ++ } ++ + if (!(flags & GRND_INSECURE) && !crng_ready()) { + if (flags & GRND_NONBLOCK) + return -EAGAIN; +@@ -2319,3 +2421,16 @@ void add_bootloader_randomness(const void *buf, unsigned int size) + add_device_randomness(buf, size); + } + EXPORT_SYMBOL_GPL(add_bootloader_randomness); ++ ++void random_register_extrng(const struct random_extrng *rng) ++{ ++ rcu_assign_pointer(extrng, rng); ++} ++EXPORT_SYMBOL_GPL(random_register_extrng); ++ ++void random_unregister_extrng(void) ++{ ++ RCU_INIT_POINTER(extrng, NULL); ++ synchronize_rcu(); ++} ++EXPORT_SYMBOL_GPL(random_unregister_extrng); +diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile +index c02ff25dd477..d860f8eb9a81 100644 +--- a/drivers/firmware/efi/Makefile ++++ b/drivers/firmware/efi/Makefile +@@ -28,6 +28,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_map.o + obj-$(CONFIG_EFI_BOOTLOADER_CONTROL) += efibc.o + obj-$(CONFIG_EFI_TEST) += test/ + obj-$(CONFIG_EFI_DEV_PATH_PARSER) += dev-path-parser.o ++obj-$(CONFIG_EFI) += secureboot.o + obj-$(CONFIG_APPLE_PROPERTIES) += apple-properties.o + obj-$(CONFIG_EFI_RCI2_TABLE) += rci2-table.o + obj-$(CONFIG_EFI_EMBEDDED_FIRMWARE) += embedded-firmware.o +diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c +index ae79c3300129..e9205ea7aeb3 100644 +--- a/drivers/firmware/efi/efi.c ++++ b/drivers/firmware/efi/efi.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + #include + +@@ -844,40 +845,101 @@ int efi_mem_type(unsigned long phys_addr) + } + #endif + ++struct efi_error_code { ++ efi_status_t status; ++ int errno; ++ const char *description; ++}; ++ ++static const struct efi_error_code efi_error_codes[] = { ++ { EFI_SUCCESS, 0, "Success"}, ++#if 0 ++ { EFI_LOAD_ERROR, -EPICK_AN_ERRNO, "Load Error"}, ++#endif ++ { EFI_INVALID_PARAMETER, -EINVAL, "Invalid Parameter"}, ++ { EFI_UNSUPPORTED, -ENOSYS, "Unsupported"}, ++ { EFI_BAD_BUFFER_SIZE, -ENOSPC, "Bad Buffer Size"}, ++ { EFI_BUFFER_TOO_SMALL, -ENOSPC, "Buffer Too Small"}, ++ { EFI_NOT_READY, -EAGAIN, "Not Ready"}, ++ { EFI_DEVICE_ERROR, -EIO, "Device Error"}, ++ { EFI_WRITE_PROTECTED, -EROFS, "Write Protected"}, ++ { EFI_OUT_OF_RESOURCES, -ENOMEM, "Out of Resources"}, ++#if 0 ++ { EFI_VOLUME_CORRUPTED, -EPICK_AN_ERRNO, "Volume Corrupt"}, ++ { EFI_VOLUME_FULL, -EPICK_AN_ERRNO, "Volume Full"}, ++ { EFI_NO_MEDIA, -EPICK_AN_ERRNO, "No Media"}, ++ { EFI_MEDIA_CHANGED, -EPICK_AN_ERRNO, "Media changed"}, ++#endif ++ { EFI_NOT_FOUND, -ENOENT, "Not Found"}, ++#if 0 ++ { EFI_ACCESS_DENIED, -EPICK_AN_ERRNO, "Access Denied"}, ++ { EFI_NO_RESPONSE, -EPICK_AN_ERRNO, "No Response"}, ++ { EFI_NO_MAPPING, -EPICK_AN_ERRNO, "No mapping"}, ++ { EFI_TIMEOUT, -EPICK_AN_ERRNO, "Time out"}, ++ { EFI_NOT_STARTED, -EPICK_AN_ERRNO, "Not started"}, ++ { EFI_ALREADY_STARTED, -EPICK_AN_ERRNO, "Already started"}, ++#endif ++ { EFI_ABORTED, -EINTR, "Aborted"}, ++#if 0 ++ { EFI_ICMP_ERROR, -EPICK_AN_ERRNO, "ICMP Error"}, ++ { EFI_TFTP_ERROR, -EPICK_AN_ERRNO, "TFTP Error"}, ++ { EFI_PROTOCOL_ERROR, -EPICK_AN_ERRNO, "Protocol Error"}, ++ { EFI_INCOMPATIBLE_VERSION, -EPICK_AN_ERRNO, "Incompatible Version"}, ++#endif ++ { EFI_SECURITY_VIOLATION, -EACCES, "Security Policy Violation"}, ++#if 0 ++ { EFI_CRC_ERROR, -EPICK_AN_ERRNO, "CRC Error"}, ++ { EFI_END_OF_MEDIA, -EPICK_AN_ERRNO, "End of Media"}, ++ { EFI_END_OF_FILE, -EPICK_AN_ERRNO, "End of File"}, ++ { EFI_INVALID_LANGUAGE, -EPICK_AN_ERRNO, "Invalid Languages"}, ++ { EFI_COMPROMISED_DATA, -EPICK_AN_ERRNO, "Compromised Data"}, ++ ++ // warnings ++ { EFI_WARN_UNKOWN_GLYPH, -EPICK_AN_ERRNO, "Warning Unknown Glyph"}, ++ { EFI_WARN_DELETE_FAILURE, -EPICK_AN_ERRNO, "Warning Delete Failure"}, ++ { EFI_WARN_WRITE_FAILURE, -EPICK_AN_ERRNO, "Warning Write Failure"}, ++ { EFI_WARN_BUFFER_TOO_SMALL, -EPICK_AN_ERRNO, "Warning Buffer Too Small"}, ++#endif ++}; ++ ++static int ++efi_status_cmp_bsearch(const void *key, const void *item) ++{ ++ u64 status = (u64)(uintptr_t)key; ++ struct efi_error_code *code = (struct efi_error_code *)item; ++ ++ if (status < code->status) ++ return -1; ++ if (status > code->status) ++ return 1; ++ return 0; ++} ++ + int efi_status_to_err(efi_status_t status) + { +- int err; +- +- switch (status) { +- case EFI_SUCCESS: +- err = 0; +- break; +- case EFI_INVALID_PARAMETER: +- err = -EINVAL; +- break; +- case EFI_OUT_OF_RESOURCES: +- err = -ENOSPC; +- break; +- case EFI_DEVICE_ERROR: +- err = -EIO; +- break; +- case EFI_WRITE_PROTECTED: +- err = -EROFS; +- break; +- case EFI_SECURITY_VIOLATION: +- err = -EACCES; +- break; +- case EFI_NOT_FOUND: +- err = -ENOENT; +- break; +- case EFI_ABORTED: +- err = -EINTR; +- break; +- default: +- err = -EINVAL; +- } ++ struct efi_error_code *found; ++ size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code); + +- return err; ++ found = bsearch((void *)(uintptr_t)status, efi_error_codes, ++ sizeof(struct efi_error_code), num, ++ efi_status_cmp_bsearch); ++ if (!found) ++ return -EINVAL; ++ return found->errno; ++} ++ ++const char * ++efi_status_to_str(efi_status_t status) ++{ ++ struct efi_error_code *found; ++ size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code); ++ ++ found = bsearch((void *)(uintptr_t)status, efi_error_codes, ++ sizeof(struct efi_error_code), num, ++ efi_status_cmp_bsearch); ++ if (!found) ++ return "Unknown error code"; ++ return found->description; + } + + static DEFINE_SPINLOCK(efi_mem_reserve_persistent_lock); +diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c +new file mode 100644 +index 000000000000..de0a3714a5d4 +--- /dev/null ++++ b/drivers/firmware/efi/secureboot.c +@@ -0,0 +1,38 @@ ++/* Core kernel secure boot support. ++ * ++ * Copyright (C) 2017 Red Hat, Inc. All Rights Reserved. ++ * Written by David Howells (dhowells@redhat.com) ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public Licence ++ * as published by the Free Software Foundation; either version ++ * 2 of the Licence, or (at your option) any later version. ++ */ ++ ++#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt ++ ++#include ++#include ++#include ++ ++/* ++ * Decide what to do when UEFI secure boot mode is enabled. ++ */ ++void __init efi_set_secure_boot(enum efi_secureboot_mode mode) ++{ ++ if (efi_enabled(EFI_BOOT)) { ++ switch (mode) { ++ case efi_secureboot_mode_disabled: ++ pr_info("Secure boot disabled\n"); ++ break; ++ case efi_secureboot_mode_enabled: ++ set_bit(EFI_SECURE_BOOT, &efi.flags); ++ pr_info("Secure boot enabled\n"); ++ break; ++ default: ++ pr_warn("Secure boot could not be determined (mode %u)\n", ++ mode); ++ break; ++ } ++ } ++} +diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c +index 311eee599ce9..2460c6bd46f8 100644 +--- a/drivers/hid/hid-rmi.c ++++ b/drivers/hid/hid-rmi.c +@@ -322,19 +322,12 @@ static int rmi_input_event(struct hid_device *hdev, u8 *data, int size) + { + struct rmi_data *hdata = hid_get_drvdata(hdev); + struct rmi_device *rmi_dev = hdata->xport.rmi_dev; +- unsigned long flags; + + if (!(test_bit(RMI_STARTED, &hdata->flags))) + return 0; + +- local_irq_save(flags); +- + rmi_set_attn_data(rmi_dev, data[1], &data[2], size - 2); + +- generic_handle_irq(hdata->rmi_irq); +- +- local_irq_restore(flags); +- + return 1; + } + +@@ -591,56 +584,6 @@ static const struct rmi_transport_ops hid_rmi_ops = { + .reset = rmi_hid_reset, + }; + +-static void rmi_irq_teardown(void *data) +-{ +- struct rmi_data *hdata = data; +- struct irq_domain *domain = hdata->domain; +- +- if (!domain) +- return; +- +- irq_dispose_mapping(irq_find_mapping(domain, 0)); +- +- irq_domain_remove(domain); +- hdata->domain = NULL; +- hdata->rmi_irq = 0; +-} +- +-static int rmi_irq_map(struct irq_domain *h, unsigned int virq, +- irq_hw_number_t hw_irq_num) +-{ +- irq_set_chip_and_handler(virq, &dummy_irq_chip, handle_simple_irq); +- +- return 0; +-} +- +-static const struct irq_domain_ops rmi_irq_ops = { +- .map = rmi_irq_map, +-}; +- +-static int rmi_setup_irq_domain(struct hid_device *hdev) +-{ +- struct rmi_data *hdata = hid_get_drvdata(hdev); +- int ret; +- +- hdata->domain = irq_domain_create_linear(hdev->dev.fwnode, 1, +- &rmi_irq_ops, hdata); +- if (!hdata->domain) +- return -ENOMEM; +- +- ret = devm_add_action_or_reset(&hdev->dev, &rmi_irq_teardown, hdata); +- if (ret) +- return ret; +- +- hdata->rmi_irq = irq_create_mapping(hdata->domain, 0); +- if (hdata->rmi_irq <= 0) { +- hid_err(hdev, "Can't allocate an IRQ\n"); +- return hdata->rmi_irq < 0 ? hdata->rmi_irq : -ENXIO; +- } +- +- return 0; +-} +- + static int rmi_probe(struct hid_device *hdev, const struct hid_device_id *id) + { + struct rmi_data *data = NULL; +@@ -713,18 +656,11 @@ static int rmi_probe(struct hid_device *hdev, const struct hid_device_id *id) + + mutex_init(&data->page_mutex); + +- ret = rmi_setup_irq_domain(hdev); +- if (ret) { +- hid_err(hdev, "failed to allocate IRQ domain\n"); +- return ret; +- } +- + if (data->device_flags & RMI_DEVICE_HAS_PHYS_BUTTONS) + rmi_hid_pdata.gpio_data.disable = true; + + data->xport.dev = hdev->dev.parent; + data->xport.pdata = rmi_hid_pdata; +- data->xport.pdata.irq = data->rmi_irq; + data->xport.proto_name = "hid"; + data->xport.ops = &hid_rmi_ops; + +diff --git a/drivers/hwtracing/coresight/coresight-etm4x-core.c b/drivers/hwtracing/coresight/coresight-etm4x-core.c +index 86a313857b58..dcfc95d0e328 100644 +--- a/drivers/hwtracing/coresight/coresight-etm4x-core.c ++++ b/drivers/hwtracing/coresight/coresight-etm4x-core.c +@@ -9,6 +9,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -2156,6 +2157,16 @@ static const struct amba_id etm4_ids[] = { + {}, + }; + ++static const struct dmi_system_id broken_coresight[] = { ++ { ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "HPE"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Apollo 70"), ++ }, ++ }, ++ { } /* terminating entry */ ++}; ++ + MODULE_DEVICE_TABLE(amba, etm4_ids); + + static struct amba_driver etm4x_amba_driver = { +@@ -2189,6 +2200,11 @@ static int __init etm4x_init(void) + { + int ret; + ++ if (dmi_check_system(broken_coresight)) { ++ pr_info("ETM4 disabled due to firmware bug\n"); ++ return 0; ++ } ++ + ret = etm4_pm_setup(); + + /* etm4_pm_setup() does its own cleanup - exit on error */ +@@ -2215,6 +2231,9 @@ static int __init etm4x_init(void) + + static void __exit etm4x_exit(void) + { ++ if (dmi_check_system(broken_coresight)) ++ return; ++ + amba_driver_unregister(&etm4x_amba_driver); + platform_driver_unregister(&etm4_platform_driver); + etm4_pm_clear(); +diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c +index 258d5fe3d395..f7298e3dc8f3 100644 +--- a/drivers/input/rmi4/rmi_driver.c ++++ b/drivers/input/rmi4/rmi_driver.c +@@ -182,34 +182,47 @@ void rmi_set_attn_data(struct rmi_device *rmi_dev, unsigned long irq_status, + attn_data.data = fifo_data; + + kfifo_put(&drvdata->attn_fifo, attn_data); ++ ++ schedule_work(&drvdata->attn_work); + } + EXPORT_SYMBOL_GPL(rmi_set_attn_data); + +-static irqreturn_t rmi_irq_fn(int irq, void *dev_id) ++static void attn_callback(struct work_struct *work) + { +- struct rmi_device *rmi_dev = dev_id; +- struct rmi_driver_data *drvdata = dev_get_drvdata(&rmi_dev->dev); ++ struct rmi_driver_data *drvdata = container_of(work, ++ struct rmi_driver_data, ++ attn_work); + struct rmi4_attn_data attn_data = {0}; + int ret, count; + + count = kfifo_get(&drvdata->attn_fifo, &attn_data); +- if (count) { +- *(drvdata->irq_status) = attn_data.irq_status; +- drvdata->attn_data = attn_data; +- } ++ if (!count) ++ return; + +- ret = rmi_process_interrupt_requests(rmi_dev); ++ *(drvdata->irq_status) = attn_data.irq_status; ++ drvdata->attn_data = attn_data; ++ ++ ret = rmi_process_interrupt_requests(drvdata->rmi_dev); + if (ret) +- rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev, ++ rmi_dbg(RMI_DEBUG_CORE, &drvdata->rmi_dev->dev, + "Failed to process interrupt request: %d\n", ret); + +- if (count) { +- kfree(attn_data.data); +- drvdata->attn_data.data = NULL; +- } ++ kfree(attn_data.data); ++ drvdata->attn_data.data = NULL; + + if (!kfifo_is_empty(&drvdata->attn_fifo)) +- return rmi_irq_fn(irq, dev_id); ++ schedule_work(&drvdata->attn_work); ++} ++ ++static irqreturn_t rmi_irq_fn(int irq, void *dev_id) ++{ ++ struct rmi_device *rmi_dev = dev_id; ++ int ret; ++ ++ ret = rmi_process_interrupt_requests(rmi_dev); ++ if (ret) ++ rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev, ++ "Failed to process interrupt request: %d\n", ret); + + return IRQ_HANDLED; + } +@@ -217,7 +230,6 @@ static irqreturn_t rmi_irq_fn(int irq, void *dev_id) + static int rmi_irq_init(struct rmi_device *rmi_dev) + { + struct rmi_device_platform_data *pdata = rmi_get_platform_data(rmi_dev); +- struct rmi_driver_data *data = dev_get_drvdata(&rmi_dev->dev); + int irq_flags = irq_get_trigger_type(pdata->irq); + int ret; + +@@ -235,8 +247,6 @@ static int rmi_irq_init(struct rmi_device *rmi_dev) + return ret; + } + +- data->enabled = true; +- + return 0; + } + +@@ -886,23 +896,27 @@ void rmi_enable_irq(struct rmi_device *rmi_dev, bool clear_wake) + if (data->enabled) + goto out; + +- enable_irq(irq); +- data->enabled = true; +- if (clear_wake && device_may_wakeup(rmi_dev->xport->dev)) { +- retval = disable_irq_wake(irq); +- if (retval) +- dev_warn(&rmi_dev->dev, +- "Failed to disable irq for wake: %d\n", +- retval); +- } ++ if (irq) { ++ enable_irq(irq); ++ data->enabled = true; ++ if (clear_wake && device_may_wakeup(rmi_dev->xport->dev)) { ++ retval = disable_irq_wake(irq); ++ if (retval) ++ dev_warn(&rmi_dev->dev, ++ "Failed to disable irq for wake: %d\n", ++ retval); ++ } + +- /* +- * Call rmi_process_interrupt_requests() after enabling irq, +- * otherwise we may lose interrupt on edge-triggered systems. +- */ +- irq_flags = irq_get_trigger_type(pdata->irq); +- if (irq_flags & IRQ_TYPE_EDGE_BOTH) +- rmi_process_interrupt_requests(rmi_dev); ++ /* ++ * Call rmi_process_interrupt_requests() after enabling irq, ++ * otherwise we may lose interrupt on edge-triggered systems. ++ */ ++ irq_flags = irq_get_trigger_type(pdata->irq); ++ if (irq_flags & IRQ_TYPE_EDGE_BOTH) ++ rmi_process_interrupt_requests(rmi_dev); ++ } else { ++ data->enabled = true; ++ } + + out: + mutex_unlock(&data->enabled_mutex); +@@ -922,20 +936,22 @@ void rmi_disable_irq(struct rmi_device *rmi_dev, bool enable_wake) + goto out; + + data->enabled = false; +- disable_irq(irq); +- if (enable_wake && device_may_wakeup(rmi_dev->xport->dev)) { +- retval = enable_irq_wake(irq); +- if (retval) +- dev_warn(&rmi_dev->dev, +- "Failed to enable irq for wake: %d\n", +- retval); +- } +- +- /* make sure the fifo is clean */ +- while (!kfifo_is_empty(&data->attn_fifo)) { +- count = kfifo_get(&data->attn_fifo, &attn_data); +- if (count) +- kfree(attn_data.data); ++ if (irq) { ++ disable_irq(irq); ++ if (enable_wake && device_may_wakeup(rmi_dev->xport->dev)) { ++ retval = enable_irq_wake(irq); ++ if (retval) ++ dev_warn(&rmi_dev->dev, ++ "Failed to enable irq for wake: %d\n", ++ retval); ++ } ++ } else { ++ /* make sure the fifo is clean */ ++ while (!kfifo_is_empty(&data->attn_fifo)) { ++ count = kfifo_get(&data->attn_fifo, &attn_data); ++ if (count) ++ kfree(attn_data.data); ++ } + } + + out: +@@ -981,6 +997,8 @@ static int rmi_driver_remove(struct device *dev) + irq_domain_remove(data->irqdomain); + data->irqdomain = NULL; + ++ cancel_work_sync(&data->attn_work); ++ + rmi_f34_remove_sysfs(rmi_dev); + rmi_free_function_list(rmi_dev); + +@@ -1219,9 +1237,15 @@ static int rmi_driver_probe(struct device *dev) + } + } + +- retval = rmi_irq_init(rmi_dev); +- if (retval < 0) +- goto err_destroy_functions; ++ if (pdata->irq) { ++ retval = rmi_irq_init(rmi_dev); ++ if (retval < 0) ++ goto err_destroy_functions; ++ } ++ ++ data->enabled = true; ++ ++ INIT_WORK(&data->attn_work, attn_callback); + + if (data->f01_container->dev.driver) { + /* Driver already bound, so enable ATTN now. */ +diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c +index dd7863e453a5..6759ef17a2c3 100644 +--- a/drivers/iommu/iommu.c ++++ b/drivers/iommu/iommu.c +@@ -7,6 +7,7 @@ + #define pr_fmt(fmt) "iommu: " fmt + + #include ++#include + #include + #include + #include +@@ -3118,6 +3119,27 @@ u32 iommu_sva_get_pasid(struct iommu_sva *handle) + } + EXPORT_SYMBOL_GPL(iommu_sva_get_pasid); + ++#ifdef CONFIG_ARM64 ++static int __init iommu_quirks(void) ++{ ++ const char *vendor, *name; ++ ++ vendor = dmi_get_system_info(DMI_SYS_VENDOR); ++ name = dmi_get_system_info(DMI_PRODUCT_NAME); ++ ++ if (vendor && ++ (strncmp(vendor, "GIGABYTE", 8) == 0 && name && ++ (strncmp(name, "R120", 4) == 0 || ++ strncmp(name, "R270", 4) == 0))) { ++ pr_warn("Gigabyte %s detected, force iommu passthrough mode", name); ++ iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY; ++ } ++ ++ return 0; ++} ++arch_initcall(iommu_quirks); ++#endif ++ + /* + * Changes the default domain of an iommu group that has *only* one device + * +diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c +index 091b45024d34..4457c5c7e173 100644 +--- a/drivers/message/fusion/mptsas.c ++++ b/drivers/message/fusion/mptsas.c +@@ -5318,6 +5318,11 @@ mptsas_probe(struct pci_dev *pdev, const struct pci_device_id *id) + ioc, MPI_SAS_OP_CLEAR_ALL_PERSISTENT); + } + ++#ifdef CONFIG_RHEL_DIFFERENCES ++ add_taint(TAINT_SUPPORT_REMOVED, LOCKDEP_STILL_OK); ++ pr_warn("MPTSAS MODULE IS NOT SUPPORTED\n"); ++#endif ++ + error = scsi_add_host(sh, &ioc->pcidev->dev); + if (error) { + dprintk(ioc, printk(MYIOC_s_ERR_FMT +@@ -5381,6 +5386,10 @@ static void mptsas_remove(struct pci_dev *pdev) + } + + static struct pci_device_id mptsas_pci_table[] = { ++#ifdef CONFIG_RHEL_DIFFERENCES ++ { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1068, ++ PCI_VENDOR_ID_VMWARE, PCI_ANY_ID }, ++#else + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1064, + PCI_ANY_ID, PCI_ANY_ID }, + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1068, +@@ -5393,6 +5402,7 @@ static struct pci_device_id mptsas_pci_table[] = { + PCI_ANY_ID, PCI_ANY_ID }, + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1068_820XELP, + PCI_ANY_ID, PCI_ANY_ID }, ++#endif + {0} /* Terminating entry */ + }; + MODULE_DEVICE_TABLE(pci, mptsas_pci_table); +diff --git a/drivers/message/fusion/mptspi.c b/drivers/message/fusion/mptspi.c +index acd4805dcf83..5f814d447ab3 100644 +--- a/drivers/message/fusion/mptspi.c ++++ b/drivers/message/fusion/mptspi.c +@@ -1238,12 +1238,17 @@ static struct spi_function_template mptspi_transport_functions = { + */ + + static struct pci_device_id mptspi_pci_table[] = { ++#ifdef CONFIG_RHEL_DIFFERENCES ++ { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_53C1030, ++ PCI_VENDOR_ID_VMWARE, PCI_ANY_ID }, ++#else + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_53C1030, + PCI_ANY_ID, PCI_ANY_ID }, + { PCI_VENDOR_ID_ATTO, MPI_MANUFACTPAGE_DEVID_53C1030, + PCI_ANY_ID, PCI_ANY_ID }, + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_53C1035, + PCI_ANY_ID, PCI_ANY_ID }, ++#endif + {0} /* Terminating entry */ + }; + MODULE_DEVICE_TABLE(pci, mptspi_pci_table); +@@ -1534,6 +1539,12 @@ mptspi_probe(struct pci_dev *pdev, const struct pci_device_id *id) + 0, 0, 0, 0, 5); + + scsi_scan_host(sh); ++ ++#ifdef CONFIG_RHEL_DIFFERENCES ++ add_taint(TAINT_SUPPORT_REMOVED, LOCKDEP_STILL_OK); ++ pr_warn("MPTSPI MODULE IS NOT SUPPORTED\n"); ++#endif ++ + return 0; + + out_mptspi_probe: +diff --git a/drivers/net/ethernet/intel/e1000/e1000_main.c b/drivers/net/ethernet/intel/e1000/e1000_main.c +index 3f5feb55cfba..9d8cb34845b3 100644 +--- a/drivers/net/ethernet/intel/e1000/e1000_main.c ++++ b/drivers/net/ethernet/intel/e1000/e1000_main.c +@@ -933,6 +933,8 @@ static int e1000_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + int bars, need_ioport; + bool disable_dev = false; + ++ pci_hw_unmaintained(e1000_pci_tbl, pdev); ++ + /* do not allocate ioport bars when not needed */ + need_ioport = e1000_is_need_ioport(pdev); + if (need_ioport) { +diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c +index 8b2adc56b92a..3263b33c9b69 100644 +--- a/drivers/net/team/team.c ++++ b/drivers/net/team/team.c +@@ -3045,6 +3045,8 @@ static int __init team_module_init(void) + if (err) + goto err_nl_init; + ++ mark_driver_deprecated(DRV_NAME); ++ + return 0; + + err_nl_init: +diff --git a/drivers/net/wireguard/main.c b/drivers/net/wireguard/main.c +index ee4da9ab8013..0f217997a764 100644 +--- a/drivers/net/wireguard/main.c ++++ b/drivers/net/wireguard/main.c +@@ -12,6 +12,7 @@ + + #include + ++#include + #include + #include + #include +@@ -21,6 +22,11 @@ static int __init wg_mod_init(void) + { + int ret; + ++#ifdef CONFIG_RHEL_DIFFERENCES ++ if (fips_enabled) ++ return -EOPNOTSUPP; ++#endif ++ + ret = wg_allowedips_slab_init(); + if (ret < 0) + goto err_allowedips; +@@ -48,6 +54,7 @@ static int __init wg_mod_init(void) + pr_info("WireGuard " WIREGUARD_VERSION " loaded. See www.wireguard.com for information.\n"); + pr_info("Copyright (C) 2015-2019 Jason A. Donenfeld . All Rights Reserved.\n"); + ++ mark_tech_preview("WireGuard", THIS_MODULE); + return 0; + + err_netlink: +diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c +index 1af8a4513708..5a23e077ab86 100644 +--- a/drivers/nvme/host/core.c ++++ b/drivers/nvme/host/core.c +@@ -244,6 +244,9 @@ static void nvme_delete_ctrl_sync(struct nvme_ctrl *ctrl) + + static blk_status_t nvme_error_status(u16 status) + { ++ if (unlikely(status & NVME_SC_DNR)) ++ return BLK_STS_TARGET; ++ + switch (status & 0x7ff) { + case NVME_SC_SUCCESS: + return BLK_STS_OK; +@@ -303,6 +306,7 @@ enum nvme_disposition { + COMPLETE, + RETRY, + FAILOVER, ++ FAILUP, + }; + + static inline enum nvme_disposition nvme_decide_disposition(struct request *req) +@@ -310,15 +314,16 @@ static inline enum nvme_disposition nvme_decide_disposition(struct request *req) + if (likely(nvme_req(req)->status == 0)) + return COMPLETE; + +- if (blk_noretry_request(req) || ++ if ((req->cmd_flags & (REQ_FAILFAST_DEV | REQ_FAILFAST_DRIVER)) || + (nvme_req(req)->status & NVME_SC_DNR) || + nvme_req(req)->retries >= nvme_max_retries) + return COMPLETE; + +- if (req->cmd_flags & REQ_NVME_MPATH) { ++ if (req->cmd_flags & (REQ_NVME_MPATH | REQ_FAILFAST_TRANSPORT)) { + if (nvme_is_path_error(nvme_req(req)->status) || + blk_queue_dying(req->q)) +- return FAILOVER; ++ return (req->cmd_flags & REQ_NVME_MPATH) ? ++ FAILOVER : FAILUP; + } else { + if (blk_queue_dying(req->q)) + return COMPLETE; +@@ -344,6 +349,14 @@ static inline void nvme_end_req(struct request *req) + blk_mq_end_request(req, status); + } + ++static inline void nvme_failup_req(struct request *req) ++{ ++ nvme_update_ana(req); ++ ++ nvme_req(req)->status = NVME_SC_HOST_PATH_ERROR; ++ nvme_end_req(req); ++} ++ + void nvme_complete_rq(struct request *req) + { + trace_nvme_complete_rq(req); +@@ -362,6 +375,9 @@ void nvme_complete_rq(struct request *req) + case FAILOVER: + nvme_failover_req(req); + return; ++ case FAILUP: ++ nvme_failup_req(req); ++ return; + } + } + EXPORT_SYMBOL_GPL(nvme_complete_rq); +diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c +index 13e5d503ed07..daaeb316f624 100644 +--- a/drivers/nvme/host/multipath.c ++++ b/drivers/nvme/host/multipath.c +@@ -65,14 +65,10 @@ bool nvme_mpath_set_disk_name(struct nvme_ns *ns, char *disk_name, int *flags) + return true; + } + +-void nvme_failover_req(struct request *req) ++void nvme_update_ana(struct request *req) + { + struct nvme_ns *ns = req->q->queuedata; + u16 status = nvme_req(req)->status & 0x7ff; +- unsigned long flags; +- struct bio *bio; +- +- nvme_mpath_clear_current_path(ns); + + /* + * If we got back an ANA error, we know the controller is alive but not +@@ -83,6 +79,16 @@ void nvme_failover_req(struct request *req) + set_bit(NVME_NS_ANA_PENDING, &ns->flags); + queue_work(nvme_wq, &ns->ctrl->ana_work); + } ++} ++ ++void nvme_failover_req(struct request *req) ++{ ++ struct nvme_ns *ns = req->q->queuedata; ++ unsigned long flags; ++ struct bio *bio; ++ ++ nvme_mpath_clear_current_path(ns); ++ nvme_update_ana(req); + + spin_lock_irqsave(&ns->head->requeue_lock, flags); + for (bio = req->bio; bio; bio = bio->bi_next) { +@@ -838,8 +844,7 @@ int nvme_mpath_init_identify(struct nvme_ctrl *ctrl, struct nvme_id_ctrl *id) + int error = 0; + + /* check if multipath is enabled and we have the capability */ +- if (!multipath || !ctrl->subsys || +- !(ctrl->subsys->cmic & NVME_CTRL_CMIC_ANA)) ++ if (!ctrl->subsys || !(ctrl->subsys->cmic & NVME_CTRL_CMIC_ANA)) + return 0; + + if (!ctrl->max_namespaces || +diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h +index 9b095ee01364..bf25ef206cd2 100644 +--- a/drivers/nvme/host/nvme.h ++++ b/drivers/nvme/host/nvme.h +@@ -765,6 +765,7 @@ void nvme_mpath_wait_freeze(struct nvme_subsystem *subsys); + void nvme_mpath_start_freeze(struct nvme_subsystem *subsys); + bool nvme_mpath_set_disk_name(struct nvme_ns *ns, char *disk_name, int *flags); + void nvme_failover_req(struct request *req); ++void nvme_update_ana(struct request *req); + void nvme_kick_requeue_lists(struct nvme_ctrl *ctrl); + int nvme_mpath_alloc_disk(struct nvme_ctrl *ctrl,struct nvme_ns_head *head); + void nvme_mpath_add_disk(struct nvme_ns *ns, struct nvme_id_ns *id); +@@ -803,6 +804,9 @@ static inline bool nvme_mpath_set_disk_name(struct nvme_ns *ns, char *disk_name, + static inline void nvme_failover_req(struct request *req) + { + } ++static inline void nvme_update_ana(struct request *req) ++{ ++} + static inline void nvme_kick_requeue_lists(struct nvme_ctrl *ctrl) + { + } +diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c +index 588588cfda48..adb3a91b0ba3 100644 +--- a/drivers/pci/pci-driver.c ++++ b/drivers/pci/pci-driver.c +@@ -19,6 +19,7 @@ + #include + #include + #include ++#include + #include + #include "pci.h" + #include "pcie/portdrv.h" +@@ -295,6 +296,83 @@ static struct attribute *pci_drv_attrs[] = { + }; + ATTRIBUTE_GROUPS(pci_drv); + ++#ifdef CONFIG_RHEL_DIFFERENCES ++/** ++ * pci_hw_deprecated - Tell if a PCI device is deprecated ++ * @ids: array of PCI device id structures to search in ++ * @dev: the PCI device structure to match against ++ * ++ * Used by a driver to check whether this device is in its list of deprecated ++ * devices. Returns the matching pci_device_id structure or %NULL if there is ++ * no match. ++ * ++ * Reserved for Internal Red Hat use only. ++ */ ++const struct pci_device_id *pci_hw_deprecated(const struct pci_device_id *ids, ++ struct pci_dev *dev) ++{ ++ const struct pci_device_id *ret = pci_match_id(ids, dev); ++ ++ if (!ret) ++ return NULL; ++ ++ mark_hardware_deprecated(dev_driver_string(&dev->dev), "%04X:%04X @ %s", ++ dev->device, dev->vendor, pci_name(dev)); ++ return ret; ++} ++EXPORT_SYMBOL(pci_hw_deprecated); ++ ++/** ++ * pci_hw_unmaintained - Tell if a PCI device is unmaintained ++ * @ids: array of PCI device id structures to search in ++ * @dev: the PCI device structure to match against ++ * ++ * Used by a driver to check whether this device is in its list of unmaintained ++ * devices. Returns the matching pci_device_id structure or %NULL if there is ++ * no match. ++ * ++ * Reserved for Internal Red Hat use only. ++ */ ++const struct pci_device_id *pci_hw_unmaintained(const struct pci_device_id *ids, ++ struct pci_dev *dev) ++{ ++ const struct pci_device_id *ret = pci_match_id(ids, dev); ++ ++ if (!ret) ++ return NULL; ++ ++ mark_hardware_unmaintained(dev_driver_string(&dev->dev), "%04X:%04X @ %s", ++ dev->device, dev->vendor, pci_name(dev)); ++ return ret; ++} ++EXPORT_SYMBOL(pci_hw_unmaintained); ++ ++/** ++ * pci_hw_disabled - Tell if a PCI device is disabled ++ * @ids: array of PCI device id structures to search in ++ * @dev: the PCI device structure to match against ++ * ++ * Used by a driver to check whether this device is in its list of disabled ++ * devices. Returns the matching pci_device_id structure or %NULL if there is ++ * no match. ++ * ++ * Reserved for Internal Red Hat use only. ++ */ ++const struct pci_device_id *pci_hw_disabled(const struct pci_device_id *ids, ++ struct pci_dev *dev) ++{ ++ const struct pci_device_id *ret = pci_match_id(ids, dev); ++ ++ if (!ret) ++ return NULL; ++ ++ mark_hardware_disabled(dev_driver_string(&dev->dev), "%04X:%04X @ %s", ++ dev->device, dev->vendor, pci_name(dev)); ++ return ret; ++} ++EXPORT_SYMBOL(pci_hw_disabled); ++#endif ++ + struct drv_dev_and_id { + struct pci_driver *drv; + struct pci_dev *dev; +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c +index b4cb658cce2b..287443efe522 100644 +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -4269,6 +4269,30 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9000, + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9084, + quirk_bridge_cavm_thrx2_pcie_root); + ++/* ++ * PCI BAR 5 is not setup correctly for the on-board AHCI controller ++ * on Broadcom's Vulcan processor. Added a quirk to fix BAR 5 by ++ * using BAR 4's resources which are populated correctly and NOT ++ * actually used by the AHCI controller. ++ */ ++static void quirk_fix_vulcan_ahci_bars(struct pci_dev *dev) ++{ ++ struct resource *r = &dev->resource[4]; ++ ++ if (!(r->flags & IORESOURCE_MEM) || (r->start == 0)) ++ return; ++ ++ /* Set BAR5 resource to BAR4 */ ++ dev->resource[5] = *r; ++ ++ /* Update BAR5 in pci config space */ ++ pci_write_config_dword(dev, PCI_BASE_ADDRESS_5, r->start); ++ ++ /* Clear BAR4's resource */ ++ memset(r, 0, sizeof(*r)); ++} ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9027, quirk_fix_vulcan_ahci_bars); ++ + /* + * Intersil/Techwell TW686[4589]-based video capture cards have an empty (zero) + * class code. Fix it. +diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c +index a911252075a6..9bc69f6880f3 100644 +--- a/drivers/scsi/aacraid/linit.c ++++ b/drivers/scsi/aacraid/linit.c +@@ -78,6 +78,7 @@ char aac_driver_version[] = AAC_DRIVER_FULL_VERSION; + * Note: The last field is used to index into aac_drivers below. + */ + static const struct pci_device_id aac_pci_tbl[] = { ++#ifndef CONFIG_RHEL_DIFFERENCES + { 0x1028, 0x0001, 0x1028, 0x0001, 0, 0, 0 }, /* PERC 2/Si (Iguana/PERC2Si) */ + { 0x1028, 0x0002, 0x1028, 0x0002, 0, 0, 1 }, /* PERC 3/Di (Opal/PERC3Di) */ + { 0x1028, 0x0003, 0x1028, 0x0003, 0, 0, 2 }, /* PERC 3/Si (SlimFast/PERC3Si */ +@@ -145,6 +146,7 @@ static const struct pci_device_id aac_pci_tbl[] = { + { 0x9005, 0x0285, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 59 }, /* Adaptec Catch All */ + { 0x9005, 0x0286, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 60 }, /* Adaptec Rocket Catch All */ + { 0x9005, 0x0288, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 61 }, /* Adaptec NEMER/ARK Catch All */ ++#endif + { 0x9005, 0x028b, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 62 }, /* Adaptec PMC Series 6 (Tupelo) */ + { 0x9005, 0x028c, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 63 }, /* Adaptec PMC Series 7 (Denali) */ + { 0x9005, 0x028d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 64 }, /* Adaptec PMC Series 8 */ +diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c +index ab55681145f8..1f8b0f73597b 100644 +--- a/drivers/scsi/be2iscsi/be_main.c ++++ b/drivers/scsi/be2iscsi/be_main.c +@@ -372,11 +372,13 @@ static int beiscsi_eh_device_reset(struct scsi_cmnd *sc) + + /*------------------- PCI Driver operations and data ----------------- */ + static const struct pci_device_id beiscsi_pci_id_table[] = { ++#ifndef CONFIG_RHEL_DIFFERENCES + { PCI_DEVICE(BE_VENDOR_ID, BE_DEVICE_ID1) }, + { PCI_DEVICE(BE_VENDOR_ID, BE_DEVICE_ID2) }, + { PCI_DEVICE(BE_VENDOR_ID, OC_DEVICE_ID1) }, + { PCI_DEVICE(BE_VENDOR_ID, OC_DEVICE_ID2) }, + { PCI_DEVICE(BE_VENDOR_ID, OC_DEVICE_ID3) }, ++#endif + { PCI_DEVICE(ELX_VENDOR_ID, OC_SKH_ID1) }, + { 0 } + }; +diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c +index cdf3328cc065..6754c7ee79d7 100644 +--- a/drivers/scsi/hpsa.c ++++ b/drivers/scsi/hpsa.c +@@ -82,7 +82,9 @@ MODULE_DESCRIPTION("Driver for HP Smart Array Controller version " \ + HPSA_DRIVER_VERSION); + MODULE_VERSION(HPSA_DRIVER_VERSION); + MODULE_LICENSE("GPL"); ++#ifndef CONFIG_RHEL_DIFFERENCES + MODULE_ALIAS("cciss"); ++#endif + + static int hpsa_simple_mode; + module_param(hpsa_simple_mode, int, S_IRUGO|S_IWUSR); +@@ -144,10 +146,12 @@ static const struct pci_device_id hpsa_pci_device_id[] = { + {PCI_VENDOR_ID_HP_3PAR, 0x0075, 0x1590, 0x007D}, + {PCI_VENDOR_ID_HP_3PAR, 0x0075, 0x1590, 0x0088}, + {PCI_VENDOR_ID_HP, 0x333f, 0x103c, 0x333f}, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_HP, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, + PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0}, + {PCI_VENDOR_ID_COMPAQ, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, + PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0}, ++#endif + {0,} + }; + +diff --git a/drivers/scsi/lpfc/lpfc_ids.h b/drivers/scsi/lpfc/lpfc_ids.h +index 6a90e6e53d09..7e48c3bf701d 100644 +--- a/drivers/scsi/lpfc/lpfc_ids.h ++++ b/drivers/scsi/lpfc/lpfc_ids.h +@@ -24,6 +24,7 @@ + #include + + const struct pci_device_id lpfc_id_table[] = { ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_VIPER, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_FIREFLY, +@@ -54,14 +55,19 @@ const struct pci_device_id lpfc_id_table[] = { + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_HELIOS_DCSP, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_BMID, + PCI_ANY_ID, PCI_ANY_ID, }, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_BSMB, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZEPHYR, + PCI_ANY_ID, PCI_ANY_ID, }, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_HORNET, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZEPHYR_SCSP, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZEPHYR_DCSP, +@@ -70,6 +76,7 @@ const struct pci_device_id lpfc_id_table[] = { + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZSMB, + PCI_ANY_ID, PCI_ANY_ID, }, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_TFLY, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LP101, +@@ -80,6 +87,7 @@ const struct pci_device_id lpfc_id_table[] = { + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LPE11000S, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_SAT, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_SAT_MID, +@@ -92,6 +100,7 @@ const struct pci_device_id lpfc_id_table[] = { + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_SAT_S, + PCI_ANY_ID, PCI_ANY_ID, }, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_PROTEUS_VF, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_PROTEUS_PF, +@@ -102,18 +111,23 @@ const struct pci_device_id lpfc_id_table[] = { + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_SERVERENGINE, PCI_DEVICE_ID_TOMCAT, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_FALCON, + PCI_ANY_ID, PCI_ANY_ID, }, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_BALIUS, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_FC, + PCI_ANY_ID, PCI_ANY_ID, }, ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_FCOE, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_FC_VF, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_FCOE_VF, + PCI_ANY_ID, PCI_ANY_ID, }, ++#endif + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_G6_FC, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_LANCER_G7_FC, +diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c +index aeb95f409826..68a999b02009 100644 +--- a/drivers/scsi/megaraid/megaraid_sas_base.c ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c +@@ -149,6 +149,7 @@ megasas_set_ld_removed_by_fw(struct megasas_instance *instance); + */ + static struct pci_device_id megasas_pci_table[] = { + ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_SAS1064R)}, + /* xscale IOP */ + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_SAS1078R)}, +@@ -157,16 +158,19 @@ static struct pci_device_id megasas_pci_table[] = { + /* ppc IOP */ + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_SAS1078GEN2)}, + /* gen2*/ ++#endif + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_SAS0079GEN2)}, + /* gen2*/ + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_SAS0073SKINNY)}, + /* skinny*/ + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_SAS0071SKINNY)}, + /* skinny*/ ++#ifndef CONFIG_RHEL_DIFFERENCES + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_VERDE_ZCR)}, + /* xscale IOP, vega */ + {PCI_DEVICE(PCI_VENDOR_ID_DELL, PCI_DEVICE_ID_DELL_PERC5)}, + /* xscale IOP */ ++#endif + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_FUSION)}, + /* Fusion */ + {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_PLASMA)}, +diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c +index 00792767c620..2ee890521ed7 100644 +--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c ++++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c +@@ -12605,6 +12605,7 @@ bool scsih_ncq_prio_supp(struct scsi_device *sdev) + * The pci device ids are defined in mpi/mpi2_cnfg.h. + */ + static const struct pci_device_id mpt3sas_pci_table[] = { ++#ifndef CONFIG_RHEL_DIFFERENCES + /* Spitfire ~ 2004 */ + { MPI2_MFGPAGE_VENDORID_LSI, MPI2_MFGPAGE_DEVID_SAS2004, + PCI_ANY_ID, PCI_ANY_ID }, +@@ -12623,6 +12624,7 @@ static const struct pci_device_id mpt3sas_pci_table[] = { + PCI_ANY_ID, PCI_ANY_ID }, + { MPI2_MFGPAGE_VENDORID_LSI, MPI2_MFGPAGE_DEVID_SAS2116_2, + PCI_ANY_ID, PCI_ANY_ID }, ++#endif + /* Thunderbolt ~ 2208 */ + { MPI2_MFGPAGE_VENDORID_LSI, MPI2_MFGPAGE_DEVID_SAS2208_1, + PCI_ANY_ID, PCI_ANY_ID }, +@@ -12647,9 +12649,11 @@ static const struct pci_device_id mpt3sas_pci_table[] = { + PCI_ANY_ID, PCI_ANY_ID }, + { MPI2_MFGPAGE_VENDORID_LSI, MPI2_MFGPAGE_DEVID_SWITCH_MPI_EP_1, + PCI_ANY_ID, PCI_ANY_ID }, ++#ifndef CONFIG_RHEL_DIFFERENCES + /* SSS6200 */ + { MPI2_MFGPAGE_VENDORID_LSI, MPI2_MFGPAGE_DEVID_SSS6200, + PCI_ANY_ID, PCI_ANY_ID }, ++#endif + /* Fury ~ 3004 and 3008 */ + { MPI2_MFGPAGE_VENDORID_LSI, MPI25_MFGPAGE_DEVID_SAS3004, + PCI_ANY_ID, PCI_ANY_ID }, +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index abcd30917263..3f0b22e61350 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -7937,6 +7937,7 @@ static const struct pci_error_handlers qla2xxx_err_handler = { + }; + + static struct pci_device_id qla2xxx_pci_tbl[] = { ++#ifndef CONFIG_RHEL_DIFFERENCES + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2100) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2200) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2300) }, +@@ -7949,13 +7950,18 @@ static struct pci_device_id qla2xxx_pci_tbl[] = { + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8432) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP5422) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP5432) }, ++#endif + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2532) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2031) }, ++#ifndef CONFIG_RHEL_DIFFERENCES + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8001) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8021) }, ++#endif + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8031) }, ++#ifndef CONFIG_RHEL_DIFFERENCES + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISPF001) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP8044) }, ++#endif + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2071) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2271) }, + { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2261) }, +diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c +index 8987acc24dac..5013d52a7211 100644 +--- a/drivers/scsi/qla4xxx/ql4_os.c ++++ b/drivers/scsi/qla4xxx/ql4_os.c +@@ -9855,6 +9855,7 @@ static struct pci_device_id qla4xxx_pci_tbl[] = { + .subvendor = PCI_ANY_ID, + .subdevice = PCI_ANY_ID, + }, ++#ifndef CONFIG_RHEL_DIFFERENCES + { + .vendor = PCI_VENDOR_ID_QLOGIC, + .device = PCI_DEVICE_ID_QLOGIC_ISP8022, +@@ -9873,6 +9874,7 @@ static struct pci_device_id qla4xxx_pci_tbl[] = { + .subvendor = PCI_ANY_ID, + .subdevice = PCI_ANY_ID, + }, ++#endif + {0, 0}, + }; + MODULE_DEVICE_TABLE(pci, qla4xxx_pci_tbl); +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index 00070a8a6507..e9e0ffa990cd 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -5666,6 +5666,13 @@ static void hub_event(struct work_struct *work) + (u16) hub->change_bits[0], + (u16) hub->event_bits[0]); + ++ /* Don't disconnect USB-SATA on TrimSlice */ ++ if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) { ++ if ((hdev->state == 7) && (hub->change_bits[0] == 0) && ++ (hub->event_bits[0] == 0x2)) ++ hub->event_bits[0] = 0; ++ } ++ + /* Lock the device, then check to see if we were + * disconnected while waiting for the lock to succeed. */ + usb_lock_device(hdev); +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index 4e33b5eca694..b480ca4934de 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -4304,6 +4304,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) + set_bit(EXT4_FLAGS_BDEV_IS_DAX, &sbi->s_ext4_flags); + + if (sbi->s_mount_opt & EXT4_MOUNT_DAX_ALWAYS) { ++ static bool printed = false; + if (ext4_has_feature_inline_data(sb)) { + ext4_msg(sb, KERN_ERR, "Cannot use DAX on a filesystem" + " that may contain inline data"); +@@ -4314,6 +4315,10 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) + "DAX unsupported by block device."); + goto failed_mount; + } ++ if (!printed) { ++ mark_tech_preview("ext4 direct access (dax)", NULL); ++ printed = true; ++ } + } + + if (ext4_has_feature_encrypt(sb) && es->s_encryption_level) { +diff --git a/fs/xfs/xfs_super.c b/fs/xfs/xfs_super.c +index 778b57b1f020..2a152330076d 100644 +--- a/fs/xfs/xfs_super.c ++++ b/fs/xfs/xfs_super.c +@@ -1594,6 +1594,7 @@ xfs_fs_fill_super( + + if (xfs_has_dax_always(mp)) { + bool rtdev_is_dax = false, datadev_is_dax; ++ static bool printed = false; + + xfs_warn(mp, + "DAX enabled. Warning: EXPERIMENTAL, use at your own risk"); +@@ -1613,6 +1614,10 @@ xfs_fs_fill_super( + error = -EINVAL; + goto out_filestream_unmount; + } ++ if (!printed) { ++ mark_tech_preview("xfs direct access (dax)", NULL); ++ printed = true; ++ } + } + + if (xfs_has_discard(mp)) { +diff --git a/include/linux/efi.h b/include/linux/efi.h +index ef8dbc0a1522..836a5dfc6156 100644 +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -43,6 +43,8 @@ + #define EFI_ABORTED (21 | (1UL << (BITS_PER_LONG-1))) + #define EFI_SECURITY_VIOLATION (26 | (1UL << (BITS_PER_LONG-1))) + ++#define EFI_IS_ERROR(x) ((x) & (1UL << (BITS_PER_LONG-1))) ++ + typedef unsigned long efi_status_t; + typedef u8 efi_bool_t; + typedef u16 efi_char16_t; /* UNICODE character */ +@@ -783,6 +785,14 @@ extern int __init efi_setup_pcdp_console(char *); + #define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */ + #define EFI_MEM_NO_SOFT_RESERVE 11 /* Is the kernel configured to ignore soft reservations? */ + #define EFI_PRESERVE_BS_REGIONS 12 /* Are EFI boot-services memory segments available? */ ++#define EFI_SECURE_BOOT 13 /* Are we in Secure Boot mode? */ ++ ++enum efi_secureboot_mode { ++ efi_secureboot_mode_unset, ++ efi_secureboot_mode_unknown, ++ efi_secureboot_mode_disabled, ++ efi_secureboot_mode_enabled, ++}; + + #ifdef CONFIG_EFI + /* +@@ -794,6 +804,8 @@ static inline bool efi_enabled(int feature) + } + extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused); + ++extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode); ++ + bool __pure __efi_soft_reserve_enabled(void); + + static inline bool __pure efi_soft_reserve_enabled(void) +@@ -814,6 +826,8 @@ static inline bool efi_enabled(int feature) + static inline void + efi_reboot(enum reboot_mode reboot_mode, const char *__unused) {} + ++static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {} ++ + static inline bool efi_soft_reserve_enabled(void) + { + return false; +@@ -826,6 +840,7 @@ static inline bool efi_rt_services_supported(unsigned int mask) + #endif + + extern int efi_status_to_err(efi_status_t status); ++extern const char *efi_status_to_str(efi_status_t status); + + /* + * Variable Attributes +@@ -1078,13 +1093,6 @@ static inline bool efi_runtime_disabled(void) { return true; } + extern void efi_call_virt_check_flags(unsigned long flags, const char *call); + extern unsigned long efi_call_virt_save_flags(void); + +-enum efi_secureboot_mode { +- efi_secureboot_mode_unset, +- efi_secureboot_mode_unknown, +- efi_secureboot_mode_disabled, +- efi_secureboot_mode_enabled, +-}; +- + static inline + enum efi_secureboot_mode efi_get_secureboot_mode(efi_get_variable_t *get_var) + { +diff --git a/include/linux/kernel.h b/include/linux/kernel.h +index 77755ac3e189..e236de3f9073 100644 +--- a/include/linux/kernel.h ++++ b/include/linux/kernel.h +@@ -495,4 +495,23 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { } + /* OTHER_WRITABLE? Generally considered a bad idea. */ \ + BUILD_BUG_ON_ZERO((perms) & 2) + \ + (perms)) ++ ++struct module; ++ ++#ifdef CONFIG_RHEL_DIFFERENCES ++void mark_hardware_unmaintained(const char *driver_name, char *fmt, ...); ++void mark_driver_unmaintained(const char *driver_name); ++void mark_hardware_deprecated(const char *driver_name, char *fmt, ...); ++void mark_driver_deprecated(const char *driver_name); ++void mark_hardware_disabled(const char *driver_name, char *fmt, ...); ++void mark_tech_preview(const char *msg, struct module *mod); ++#else ++static inline void mark_hardware_unsupported(const char *driver_name, char *fmt, ...) { } ++static inline void mark_driver_unmaintained(const char *driver_name) { } ++static inline void mark_hardware_deprecated(const char *driver_name, char *fmt, ...) { } ++static inline void mark_driver_deprecated(const char *driver_name) { } ++static inline void mark_hardware_disabled(const char *driver_name, char *fmt, ...) { } ++static inline void mark_tech_preview(const char *msg, struct module *mod) { } ++#endif ++ + #endif +diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h +index df8de62f4710..f4bbbeb1623a 100644 +--- a/include/linux/lsm_hook_defs.h ++++ b/include/linux/lsm_hook_defs.h +@@ -395,6 +395,8 @@ LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux) + #endif /* CONFIG_BPF_SYSCALL */ + + LSM_HOOK(int, 0, locked_down, enum lockdown_reason what) ++LSM_HOOK(int, 0, lock_kernel_down, const char *where, enum lockdown_reason level) ++ + + #ifdef CONFIG_PERF_EVENTS + LSM_HOOK(int, 0, perf_event_open, struct perf_event_attr *attr, int type) +diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h +index d45b6f6e27fd..70622b506461 100644 +--- a/include/linux/lsm_hooks.h ++++ b/include/linux/lsm_hooks.h +@@ -1548,6 +1548,12 @@ + * + * @what: kernel feature being accessed + * ++ * @lock_kernel_down ++ * Put the kernel into lock-down mode. ++ * ++ * @where: Where the lock-down is originating from (e.g. command line option) ++ * @level: The lock-down level (can only increase) ++ * + * Security hooks for perf events + * + * @perf_event_open: +diff --git a/include/linux/module.h b/include/linux/module.h +index c9f1200b2312..8ebb51f34be4 100644 +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -380,6 +380,7 @@ struct module { + struct module_attribute *modinfo_attrs; + const char *version; + const char *srcversion; ++ const char *rhelversion; + struct kobject *holders_dir; + + /* Exported symbols */ +diff --git a/include/linux/panic.h b/include/linux/panic.h +index f5844908a089..901d51012738 100644 +--- a/include/linux/panic.h ++++ b/include/linux/panic.h +@@ -74,7 +74,24 @@ static inline void set_arch_panic_timeout(int timeout, int arch_default_timeout) + #define TAINT_LIVEPATCH 15 + #define TAINT_AUX 16 + #define TAINT_RANDSTRUCT 17 +-#define TAINT_FLAGS_COUNT 18 ++/* Start of Red Hat-specific taint flags */ ++#define TAINT_18 18 ++#define TAINT_19 19 ++#define TAINT_20 20 ++#define TAINT_21 21 ++#define TAINT_22 22 ++#define TAINT_23 23 ++#define TAINT_24 24 ++#define TAINT_25 25 ++#define TAINT_26 26 ++#define TAINT_SUPPORT_REMOVED 27 ++/* Bits 28 - 31 are reserved for Red Hat use only */ ++#define TAINT_RESERVED28 28 ++#define TAINT_RESERVED29 29 ++#define TAINT_RESERVED30 30 ++#define TAINT_UNPRIVILEGED_BPF 31 ++/* End of Red Hat-specific taint flags */ ++#define TAINT_FLAGS_COUNT 32 + #define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1) + + struct taint_flag { +diff --git a/include/linux/pci.h b/include/linux/pci.h +index 18a75c8e615c..8cc24460267e 100644 +--- a/include/linux/pci.h ++++ b/include/linux/pci.h +@@ -1478,6 +1478,22 @@ int pci_add_dynid(struct pci_driver *drv, + unsigned long driver_data); + const struct pci_device_id *pci_match_id(const struct pci_device_id *ids, + struct pci_dev *dev); ++ ++#ifdef CONFIG_RHEL_DIFFERENCES ++const struct pci_device_id *pci_hw_deprecated(const struct pci_device_id *ids, ++ struct pci_dev *dev); ++const struct pci_device_id *pci_hw_unmaintained(const struct pci_device_id *ids, ++ struct pci_dev *dev); ++const struct pci_device_id *pci_hw_disabled(const struct pci_device_id *ids, ++ struct pci_dev *dev); ++#else ++static inline const struct pci_device_id *pci_hw_deprecated(const struct pci_device_id *ids, ++ struct pci_dev *dev) { return NULL; } ++static inline const struct pci_device_id *pci_hw_unmaintained(const struct pci_device_id *ids, ++ struct pci_dev *dev) { return NULL; } ++static inline const struct pci_device_id *pci_hw_disabled(const struct pci_device_id *ids, ++ struct pci_dev *dev) {return NULL; } ++#endif + int pci_scan_bridge(struct pci_bus *bus, struct pci_dev *dev, int max, + int pass); + +diff --git a/include/linux/random.h b/include/linux/random.h +index c45b2693e51f..4edfdb3e44a9 100644 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -14,6 +14,11 @@ + + #include + ++struct random_extrng { ++ ssize_t (*extrng_read)(void __user *buf, size_t buflen); ++ struct module *owner; ++}; ++ + struct random_ready_callback { + struct list_head list; + void (*func)(struct random_ready_callback *rdy); +@@ -44,6 +49,8 @@ extern bool rng_is_initialized(void); + extern int add_random_ready_callback(struct random_ready_callback *rdy); + extern void del_random_ready_callback(struct random_ready_callback *rdy); + extern int __must_check get_random_bytes_arch(void *buf, int nbytes); ++void random_register_extrng(const struct random_extrng *rng); ++void random_unregister_extrng(void); + + #ifndef MODULE + extern const struct file_operations random_fops, urandom_fops; +diff --git a/include/linux/rh_kabi.h b/include/linux/rh_kabi.h +new file mode 100644 +index 000000000000..ea9c136bf884 +--- /dev/null ++++ b/include/linux/rh_kabi.h +@@ -0,0 +1,297 @@ ++/* ++ * rh_kabi.h - Red Hat kABI abstraction header ++ * ++ * Copyright (c) 2014 Don Zickus ++ * Copyright (c) 2015-2018 Jiri Benc ++ * Copyright (c) 2015 Sabrina Dubroca, Hannes Frederic Sowa ++ * Copyright (c) 2016-2018 Prarit Bhargava ++ * Copyright (c) 2017 Paolo Abeni, Larry Woodman ++ * ++ * This file is released under the GPLv2. ++ * See the file COPYING for more details. ++ * ++ * These kabi macros hide the changes from the kabi checker and from the ++ * process that computes the exported symbols' checksums. ++ * They have 2 variants: one (defined under __GENKSYMS__) used when ++ * generating the checksums, and the other used when building the kernel's ++ * binaries. ++ * ++ * The use of these macros does not guarantee that the usage and modification ++ * of code is correct. As with all Red Hat only changes, an engineer must ++ * explain why the use of the macro is valid in the patch containing the ++ * changes. ++ * ++ */ ++ ++#ifndef _LINUX_RH_KABI_H ++#define _LINUX_RH_KABI_H ++ ++#include ++#include ++ ++/* ++ * RH_KABI_CONST ++ * Adds a new const modifier to a function parameter preserving the old ++ * checksum. ++ * ++ * RH_KABI_DEPRECATE ++ * Mark the element as deprecated and make it unusable by modules while ++ * preserving kABI checksums. ++ * ++ * RH_KABI_DEPRECATE_FN ++ * Mark the function pointer as deprecated and make it unusable by modules ++ * while preserving kABI checksums. ++ * ++ * RH_KABI_EXTEND ++ * Simple macro for adding a new element to a struct. ++ * ++ * RH_KABI_EXTEND_WITH_SIZE ++ * Adds a new element (usually a struct) to a struct and reserves extra ++ * space for the new element. The provided 'size' is the total space to ++ * be added in longs (i.e. it's 8 * 'size' bytes), including the size of ++ * the added element. It is automatically checked that the new element ++ * does not overflow the reserved space, now nor in the future. However, ++ * no attempt is done to check the content of the added element (struct) ++ * for kABI conformance - kABI checking inside the added element is ++ * effectively switched off. ++ * For any struct being added by RH_KABI_EXTEND_WITH_SIZE, it is ++ * recommended its content to be documented as not covered by kABI ++ * guarantee. ++ * ++ * RH_KABI_FILL_HOLE ++ * Simple macro for filling a hole in a struct. ++ * ++ * Warning: only use if a hole exists for _all_ arches. Use pahole to verify. ++ * ++ * RH_KABI_RENAME ++ * Simple macro for renaming an element without changing its type. This ++ * macro can be used in bitfields, for example. ++ * ++ * NOTE: does not include the final ';' ++ * ++ * RH_KABI_REPLACE ++ * Simple replacement of _orig with a union of _orig and _new. ++ * ++ * The RH_KABI_REPLACE* macros attempt to add the ability to use the '_new' ++ * element while preserving size alignment with the '_orig' element. ++ * ++ * The #ifdef __GENKSYMS__ preserves the kABI agreement, while the anonymous ++ * union structure preserves the size alignment (assuming the '_new' element ++ * is not bigger than the '_orig' element). ++ * ++ * RH_KABI_REPLACE_UNSAFE ++ * Unsafe version of RH_KABI_REPLACE. Only use for typedefs. ++ * ++ * RH_KABI_FORCE_CHANGE ++ * Force change of the symbol checksum. The argument of the macro is a ++ * version for cases we need to do this more than once. ++ * ++ * This macro does the opposite: it changes the symbol checksum without ++ * actually changing anything about the exported symbol. It is useful for ++ * symbols that are not whitelisted, we're changing them in an ++ * incompatible way and want to prevent 3rd party modules to silently ++ * corrupt memory. Instead, by changing the symbol checksum, such modules ++ * won't be loaded by the kernel. This macro should only be used as a ++ * last resort when all other KABI workarounds have failed. ++ * ++ * RH_KABI_EXCLUDE ++ * !!! WARNING: DANGEROUS, DO NOT USE unless you are aware of all the !!! ++ * !!! implications. This should be used ONLY EXCEPTIONALLY and only !!! ++ * !!! under specific circumstances. Very likely, this macro does not !!! ++ * !!! do what you expect it to do. Note that any usage of this macro !!! ++ * !!! MUST be paired with a RH_KABI_FORCE_CHANGE annotation of !!! ++ * !!! a suitable symbol (or an equivalent safeguard) and the commit !!! ++ * !!! log MUST explain why the chosen solution is appropriate. !!! ++ * ++ * Exclude the element from checksum generation. Any such element is ++ * considered not to be part of the kABI whitelist and may be changed at ++ * will. Note however that it's the responsibility of the developer ++ * changing the element to ensure 3rd party drivers using this element ++ * won't panic, for example by not allowing them to be loaded. That can ++ * be achieved by changing another, non-whitelisted symbol they use, ++ * either by nature of the change or by using RH_KABI_FORCE_CHANGE. ++ * ++ * Also note that any change to the element must preserve its size. Change ++ * of the size is not allowed and would constitute a silent kABI breakage. ++ * Beware that the RH_KABI_EXCLUDE macro does not do any size checks. ++ * ++ * NOTE ++ * Don't use ';' after these macros as it messes up the kABI checker by ++ * changing what the resulting token string looks like. Instead let this ++ * macro add the ';' so it can be properly hidden from the kABI checker ++ * (mainly for RH_KABI_EXTEND, but applied to all macros for uniformity). ++ * ++ */ ++#ifdef __GENKSYMS__ ++ ++# define RH_KABI_CONST ++# define RH_KABI_EXTEND(_new) ++# define RH_KABI_FILL_HOLE(_new) ++# define RH_KABI_FORCE_CHANGE(ver) __attribute__((rh_kabi_change ## ver)) ++# define RH_KABI_RENAME(_orig, _new) _orig ++ ++# define _RH_KABI_DEPRECATE(_type, _orig) _type _orig ++# define _RH_KABI_DEPRECATE_FN(_type, _orig, _args...) _type (*_orig)(_args) ++# define _RH_KABI_REPLACE(_orig, _new) _orig ++# define _RH_KABI_REPLACE_UNSAFE(_orig, _new) _orig ++# define _RH_KABI_EXCLUDE(_elem) ++ ++#else ++ ++# define RH_KABI_ALIGN_WARNING ". Disable CONFIG_RH_KABI_SIZE_ALIGN_CHECKS if debugging." ++ ++# define RH_KABI_CONST const ++# define RH_KABI_EXTEND(_new) _new; ++# define RH_KABI_FILL_HOLE(_new) _new; ++# define RH_KABI_FORCE_CHANGE(ver) ++# define RH_KABI_RENAME(_orig, _new) _new ++ ++ ++#if IS_BUILTIN(CONFIG_RH_KABI_SIZE_ALIGN_CHECKS) ++# define __RH_KABI_CHECK_SIZE_ALIGN(_orig, _new) \ ++ union { \ ++ _Static_assert(sizeof(struct{_new;}) <= sizeof(struct{_orig;}), \ ++ __FILE__ ":" __stringify(__LINE__) ": " __stringify(_new) " is larger than " __stringify(_orig) RH_KABI_ALIGN_WARNING); \ ++ _Static_assert(__alignof__(struct{_new;}) <= __alignof__(struct{_orig;}), \ ++ __FILE__ ":" __stringify(__LINE__) ": " __stringify(_orig) " is not aligned the same as " __stringify(_new) RH_KABI_ALIGN_WARNING); \ ++ } ++# define __RH_KABI_CHECK_SIZE(_item, _size) \ ++ _Static_assert(sizeof(struct{_item;}) <= _size, \ ++ __FILE__ ":" __stringify(__LINE__) ": " __stringify(_item) " is larger than the reserved size (" __stringify(_size) " bytes)" RH_KABI_ALIGN_WARNING) ++#else ++# define __RH_KABI_CHECK_SIZE_ALIGN(_orig, _new) ++# define __RH_KABI_CHECK_SIZE(_item, _size) ++#endif ++ ++#define RH_KABI_UNIQUE_ID __PASTE(rh_kabi_hidden_, __LINE__) ++ ++# define _RH_KABI_DEPRECATE(_type, _orig) _type rh_reserved_##_orig ++# define _RH_KABI_DEPRECATE_FN(_type, _orig, _args...) \ ++ _type (* rh_reserved_##_orig)(_args) ++# define _RH_KABI_REPLACE(_orig, _new) \ ++ union { \ ++ _new; \ ++ struct { \ ++ _orig; \ ++ } RH_KABI_UNIQUE_ID; \ ++ __RH_KABI_CHECK_SIZE_ALIGN(_orig, _new); \ ++ } ++# define _RH_KABI_REPLACE_UNSAFE(_orig, _new) _new ++ ++# define _RH_KABI_EXCLUDE(_elem) _elem ++ ++#endif /* __GENKSYMS__ */ ++ ++/* semicolon added wrappers for the RH_KABI_REPLACE macros */ ++# define RH_KABI_DEPRECATE(_type, _orig) _RH_KABI_DEPRECATE(_type, _orig); ++# define RH_KABI_DEPRECATE_FN(_type, _orig, _args...) \ ++ _RH_KABI_DEPRECATE_FN(_type, _orig, _args); ++# define RH_KABI_REPLACE(_orig, _new) _RH_KABI_REPLACE(_orig, _new); ++# define RH_KABI_REPLACE_UNSAFE(_orig, _new) _RH_KABI_REPLACE_UNSAFE(_orig, _new); ++/* ++ * Macro for breaking up a random element into two smaller chunks using an ++ * anonymous struct inside an anonymous union. ++ */ ++# define RH_KABI_REPLACE2(orig, _new1, _new2) RH_KABI_REPLACE(orig, struct{ _new1; _new2;}) ++ ++# define RH_KABI_RESERVE(n) _RH_KABI_RESERVE(n); ++/* ++ * Simple wrappers to replace standard Red Hat reserved elements. ++ */ ++# define RH_KABI_USE(n, _new) RH_KABI_REPLACE(_RH_KABI_RESERVE(n), _new) ++/* ++ * Macros for breaking up a reserved element into two smaller chunks using ++ * an anonymous struct inside an anonymous union. ++ */ ++# define RH_KABI_USE2(n, _new1, _new2) RH_KABI_REPLACE(_RH_KABI_RESERVE(n), struct{ _new1; _new2; }) ++ ++/* ++ * We tried to standardize on Red Hat reserved names. These wrappers ++ * leverage those common names making it easier to read and find in the ++ * code. ++ */ ++# define _RH_KABI_RESERVE(n) unsigned long rh_reserved##n ++ ++#define RH_KABI_EXCLUDE(_elem) _RH_KABI_EXCLUDE(_elem); ++ ++/* ++ * Extending a struct while reserving extra space. ++ */ ++#define RH_KABI_EXTEND_WITH_SIZE(_new, _size) \ ++ RH_KABI_EXTEND(union { \ ++ _new; \ ++ unsigned long RH_KABI_UNIQUE_ID[_size]; \ ++ __RH_KABI_CHECK_SIZE(_new, 8 * (_size)); \ ++ }) ++ ++/* ++ * RHEL macros to extend structs. ++ * ++ * base struct: The struct being extended. For example, pci_dev. ++ * extended struct: The Red Hat struct being added to the base struct. ++ * For example, pci_dev_rh. ++ * ++ * These macros should be used to extend structs before KABI freeze. ++ * They can be used post-KABI freeze in the limited case of the base ++ * struct not being embedded in another struct. ++ * ++ * Extended structs cannot be shrunk in size as changes will break ++ * the size & offset comparison. ++ * ++ * Extended struct elements are not guaranteed for access by modules unless ++ * explicitly commented as such in the declaration of the extended struct or ++ * the element in the extended struct. ++ */ ++ ++/* ++ * RH_KABI_SIZE_AND_EXTEND|_PTR() extends a struct by embedding or adding ++ * a pointer in a base struct. The name of the new struct is the name ++ * of the base struct appended with _rh. ++ */ ++#define _RH_KABI_SIZE_AND_EXTEND_PTR(_struct) \ ++ size_t _struct##_size_rh; \ ++ RH_KABI_EXCLUDE(struct _struct##_rh *_struct##_rh) ++#define RH_KABI_SIZE_AND_EXTEND_PTR(_struct) \ ++ _RH_KABI_SIZE_AND_EXTEND_PTR(_struct) ++ ++#define _RH_KABI_SIZE_AND_EXTEND(_struct) \ ++ size_t _struct##_size_rh; \ ++ RH_KABI_EXCLUDE(struct _struct##_rh _struct##_rh) ++#define RH_KABI_SIZE_AND_EXTEND(_struct) \ ++ _RH_KABI_SIZE_AND_EXTEND(_struct) ++ ++/* ++ * RH_KABI_SET_SIZE calculates and sets the size of the extended struct and ++ * stores it in the size_rh field for structs that are dynamically allocated. ++ * This macro MUST be called when expanding a base struct with ++ * RH_KABI_SIZE_AND_EXTEND, and it MUST be called from the allocation site ++ * regardless of being allocated in the kernel or a module. ++ * Note: since this macro is intended to be invoked outside of a struct, ++ * a semicolon is necessary at the end of the line where it is invoked. ++ */ ++#define RH_KABI_SET_SIZE(_name, _struct) ({ \ ++ _name->_struct##_size_rh = sizeof(struct _struct##_rh); \ ++}) ++ ++/* ++ * RH_KABI_INIT_SIZE calculates and sets the size of the extended struct and ++ * stores it in the size_rh field for structs that are statically allocated. ++ * This macro MUST be called when expanding a base struct with ++ * RH_KABI_SIZE_AND_EXTEND, and it MUST be called from the declaration site ++ * regardless of being allocated in the kernel or a module. ++ */ ++#define RH_KABI_INIT_SIZE(_struct) \ ++ ._struct##_size_rh = sizeof(struct _struct##_rh), ++ ++/* ++ * RH_KABI_CHECK_EXT verifies allocated memory exists. This MUST be called to ++ * verify that memory in the _rh struct is valid, and can be called ++ * regardless if RH_KABI_SIZE_AND_EXTEND or RH_KABI_SIZE_AND_EXTEND_PTR is ++ * used. ++ */ ++#define RH_KABI_CHECK_EXT(_ptr, _struct, _field) ({ \ ++ size_t __off = offsetof(struct _struct##_rh, _field); \ ++ _ptr->_struct##_size_rh > __off ? true : false; \ ++}) ++ ++#endif /* _LINUX_RH_KABI_H */ +diff --git a/include/linux/rmi.h b/include/linux/rmi.h +index ab7eea01ab42..fff7c5f737fc 100644 +--- a/include/linux/rmi.h ++++ b/include/linux/rmi.h +@@ -364,6 +364,7 @@ struct rmi_driver_data { + + struct rmi4_attn_data attn_data; + DECLARE_KFIFO(attn_fifo, struct rmi4_attn_data, 16); ++ struct work_struct attn_work; + }; + + int rmi_register_transport_device(struct rmi_transport_dev *xport); +diff --git a/include/linux/security.h b/include/linux/security.h +index bbf44a466832..026a06b98a96 100644 +--- a/include/linux/security.h ++++ b/include/linux/security.h +@@ -473,6 +473,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); + int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); + int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); + int security_locked_down(enum lockdown_reason what); ++int security_lock_kernel_down(const char *where, enum lockdown_reason level); + #else /* CONFIG_SECURITY */ + + static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) +@@ -1355,6 +1356,10 @@ static inline int security_locked_down(enum lockdown_reason what) + { + return 0; + } ++static inline int security_lock_kernel_down(const char *where, enum lockdown_reason level) ++{ ++ return 0; ++} + #endif /* CONFIG_SECURITY */ + + #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) +diff --git a/init/Kconfig b/init/Kconfig +index ec589e5c1b8c..e39293dd68fb 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1653,7 +1653,7 @@ config AIO + this option saves about 7k. + + config IO_URING +- bool "Enable IO uring support" if EXPERT ++ bool "Enable IO uring support" + select IO_WQ + default y + help +diff --git a/kernel/Makefile b/kernel/Makefile +index 186c49582f45..aa60b06d3cf7 100644 +--- a/kernel/Makefile ++++ b/kernel/Makefile +@@ -12,6 +12,7 @@ obj-y = fork.o exec_domain.o panic.o \ + notifier.o ksysfs.o cred.o reboot.o \ + async.o range.o smpboot.o ucount.o regset.o + ++obj-$(CONFIG_RHEL_DIFFERENCES) += rh_messages.o + obj-$(CONFIG_USERMODE_DRIVER) += usermode_driver.o + obj-$(CONFIG_MODULES) += kmod.o + obj-$(CONFIG_MULTIUSER) += groups.o +diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c +index fa4505f9b611..1955a6f41b7b 100644 +--- a/kernel/bpf/syscall.c ++++ b/kernel/bpf/syscall.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -51,6 +52,23 @@ static DEFINE_SPINLOCK(map_idr_lock); + static DEFINE_IDR(link_idr); + static DEFINE_SPINLOCK(link_idr_lock); + ++static int __init unprivileged_bpf_setup(char *str) ++{ ++ unsigned long disabled; ++ if (!kstrtoul(str, 0, &disabled)) ++ sysctl_unprivileged_bpf_disabled = !!disabled; ++ ++ if (!sysctl_unprivileged_bpf_disabled) { ++ pr_warn("Unprivileged BPF has been enabled " ++ "(unprivileged_bpf_disabled=0 has been supplied " ++ "in boot parameters), tainting the kernel"); ++ add_taint(TAINT_UNPRIVILEGED_BPF, LOCKDEP_STILL_OK); ++ } ++ ++ return 1; ++} ++__setup("unprivileged_bpf_disabled=", unprivileged_bpf_setup); ++ + int sysctl_unprivileged_bpf_disabled __read_mostly = + IS_BUILTIN(CONFIG_BPF_UNPRIV_DEFAULT_OFF) ? 2 : 0; + +diff --git a/kernel/module.c b/kernel/module.c +index 84a9141a5e15..d5aabc30ba8d 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -743,6 +743,7 @@ static struct module_attribute modinfo_##field = { \ + + MODINFO_ATTR(version); + MODINFO_ATTR(srcversion); ++MODINFO_ATTR(rhelversion); + + static char last_unloaded_module[MODULE_NAME_LEN+1]; + +@@ -1206,6 +1207,7 @@ static struct module_attribute *modinfo_attrs[] = { + &module_uevent, + &modinfo_version, + &modinfo_srcversion, ++ &modinfo_rhelversion, + &modinfo_initstate, + &modinfo_coresize, + &modinfo_initsize, +diff --git a/kernel/module_signing.c b/kernel/module_signing.c +index 8723ae70ea1f..fb2d773498c2 100644 +--- a/kernel/module_signing.c ++++ b/kernel/module_signing.c +@@ -38,8 +38,15 @@ int mod_verify_sig(const void *mod, struct load_info *info) + modlen -= sig_len + sizeof(ms); + info->len = modlen; + +- return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, ++ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, + VERIFY_USE_SECONDARY_KEYRING, + VERIFYING_MODULE_SIGNATURE, + NULL, NULL); ++ if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) { ++ ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, ++ VERIFY_USE_PLATFORM_KEYRING, ++ VERIFYING_MODULE_SIGNATURE, ++ NULL, NULL); ++ } ++ return ret; + } +diff --git a/kernel/panic.c b/kernel/panic.c +index cefd7d82366f..ad43433c7013 100644 +--- a/kernel/panic.c ++++ b/kernel/panic.c +@@ -384,6 +384,20 @@ const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = { + [ TAINT_LIVEPATCH ] = { 'K', ' ', true }, + [ TAINT_AUX ] = { 'X', ' ', true }, + [ TAINT_RANDSTRUCT ] = { 'T', ' ', true }, ++ [ TAINT_18 ] = { '?', '-', false }, ++ [ TAINT_19 ] = { '?', '-', false }, ++ [ TAINT_20 ] = { '?', '-', false }, ++ [ TAINT_21 ] = { '?', '-', false }, ++ [ TAINT_22 ] = { '?', '-', false }, ++ [ TAINT_23 ] = { '?', '-', false }, ++ [ TAINT_24 ] = { '?', '-', false }, ++ [ TAINT_25 ] = { '?', '-', false }, ++ [ TAINT_26 ] = { '?', '-', false }, ++ [ TAINT_SUPPORT_REMOVED ] = { 'h', ' ', false }, ++ [ TAINT_RESERVED28 ] = { '?', '-', false }, ++ [ TAINT_RESERVED29 ] = { '?', '-', false }, ++ [ TAINT_RESERVED30 ] = { '?', '-', false }, ++ [ TAINT_UNPRIVILEGED_BPF ] = { 'u', ' ', false }, + }; + + /** +diff --git a/kernel/rh_messages.c b/kernel/rh_messages.c +new file mode 100644 +index 000000000000..345a979cd0e4 +--- /dev/null ++++ b/kernel/rh_messages.c +@@ -0,0 +1,179 @@ ++#include ++#include ++ ++#define DEV_DESC_LEN 256 ++/* ++ * The following functions are used by Red Hat to indicate to users that ++ * hardware and drivers are unsupported, or have limited support in RHEL major ++ * and minor releases. These functions output loud warning messages to the end ++ * user and should be USED WITH CAUTION. ++ * ++ * Any use of these functions _MUST_ be documented in the RHEL Release Notes, ++ * and have approval of management. ++ * ++ * Generally, the process of disabling a driver or device in RHEL requires the ++ * driver or device to be marked as 'deprecated' in all existing releases, and ++ * then either 'unmaintained' or 'disabled' in a future release. ++ * ++ * In general, deprecated and unmaintained drivers continue to receive security ++ * related fixes until they are disabled. ++ */ ++ ++/** ++ * mark_hardware_unmaintained() - Mark hardware as unmaintained. ++ * @driver_name: driver name ++ * @fmt: format for device description ++ * @...: args for device description ++ * ++ * Called to notify users that the device will no longer be tested on a routine ++ * basis and driver code associated with this device is no longer being updated. ++ * Red Hat may fix security-related and critical issues. Support for this device ++ * will be disabled in a future major release and users deploying this device ++ * should plan to replace the device in production systems. ++ * ++ * This function should be used when the driver's usage can be tied to a ++ * specific hardware device. For example, a network device driver loading on a ++ * specific device that is no longer maintained by the manufacturer. ++ */ ++void mark_hardware_unmaintained(const char *driver_name, char *fmt, ...) ++{ ++ char device_description[DEV_DESC_LEN]; ++ va_list args; ++ ++ va_start(args, fmt); ++ vsnprintf(device_description, DEV_DESC_LEN, fmt, args); ++ pr_crit("Warning: Unmaintained hardware is detected: %s:%s\n", driver_name, ++ device_description); ++ va_end(args); ++} ++EXPORT_SYMBOL(mark_hardware_unmaintained); ++ ++/** ++ * mark_driver_unmaintained() - Mark a driver as unmaintained. ++ * @driver_name: driver name ++ * ++ * Called to notify users that a driver will no longer be tested on a routine ++ * basis and the driver code is no longer being updated. Red Hat may fix ++ * security-related and critical issues. Support for this driver will be ++ * disabled in a future major release, and users should replace any affected ++ * devices in production systems. ++ * ++ * This function should be used when a driver's usage cannot be tied to a ++ * specific hardware device. For example, a network bonding driver or a higher ++ * level storage layer driver that is no longer maintained upstream. ++ */ ++void mark_driver_unmaintained(const char *driver_name) ++{ ++ pr_crit("Warning: Unmaintained driver is detected: %s\n", driver_name); ++} ++EXPORT_SYMBOL(mark_driver_unmaintained); ++ ++/** ++ * mark_hardware_deprecated() - Mark hardware as deprecated. ++ * @driver_name: driver name ++ * @fmt: format for device description ++ * @...: args for device description ++ * ++ * Called to notify users that support for the device is planned to be ++ * unmaintained in a future major release, and will eventually be disabled in a ++ * future major release. This device should not be used in new production ++ * environments and users should replace the device in production systems. ++ * ++ * This function should be used when the driver's usage can be tied to a ++ * specific hardware device. For example, a network device driver loading on a ++ * specific device that is no longer maintained by the manufacturer. ++ */ ++void mark_hardware_deprecated(const char *driver_name, char *fmt, ...) ++{ ++ char device_description[DEV_DESC_LEN]; ++ va_list args; ++ ++ va_start(args, fmt); ++ vsnprintf(device_description, DEV_DESC_LEN, fmt, args); ++ pr_crit("Warning: Deprecated Hardware is detected: %s:%s will not be maintained in a future major release and may be disabled\n", ++ driver_name, device_description); ++ va_end(args); ++} ++EXPORT_SYMBOL(mark_hardware_deprecated); ++ ++/** ++ * mark_driver_deprecated() - Mark a driver as deprecated. ++ * @driver_name: driver name ++ * ++ * Called to notify users that support for this driver is planned to be ++ * unmaintained in a future major release, and will eventually be disabled in a ++ * future major release. This driver should not be used in new production ++ * environments and users should replace any affected devices in production ++ * systems. ++ * ++ * This function should be used when a driver's usage cannot be tied to a ++ * specific hardware device. For example, a network bonding driver or a higher ++ * level storage layer driver that is no longer maintained upstream. ++ */ ++void mark_driver_deprecated(const char *driver_name) ++{ ++ pr_crit("Warning: Deprecated Driver is detected: %s will not be maintained in a future major release and may be disabled\n", ++ driver_name); ++} ++EXPORT_SYMBOL(mark_driver_deprecated); ++ ++/** ++ * mark_hardware_disabled() - Mark a driver as removed. ++ * @driver_name: driver name ++ * @fmt: format for device description ++ * @...: args for device description ++ * ++ * Called to notify users that a device's support has been completely disabled ++ * and no future support updates will occur. This device cannot be used in new ++ * production environments, and users must replace the device in production ++ * systems. ++ * ++ * This function should be used when the driver's usage can be tied to a ++ * specific hardware device. For example, a network device driver loading on a ++ * specific device that is no longer maintained by the manufacturer. ++ */ ++void mark_hardware_disabled(const char *driver_name, char *fmt, ...) ++{ ++ char device_description[DEV_DESC_LEN]; ++ va_list args; ++ ++ va_start(args, fmt); ++ vsnprintf(device_description, DEV_DESC_LEN, fmt, args); ++ pr_crit("Warning: Disabled Hardware is detected: %s:%s is no longer enabled in this release.\n", ++ driver_name, device_description); ++ va_end(args); ++} ++EXPORT_SYMBOL(mark_hardware_disabled); ++ ++/** ++ * mark_tech_preview() - Mark driver or kernel subsystem as 'Tech Preview' ++ * @msg: Driver or kernel subsystem name ++ * ++ * Called to minimize the support status of a new driver. This does TAINT the ++ * kernel. Calling this function indicates that the driver or subsystem has ++ * had limited testing and is not marked for full support within this RHEL ++ * minor release. The next RHEL minor release may contain full support for ++ * this driver. Red Hat does not guarantee that bugs reported against this ++ * driver or subsystem will be resolved. ++ */ ++void mark_tech_preview(const char *msg, struct module *mod) ++{ ++ const char *str = NULL; ++ ++ if (msg) ++ str = msg; ++#ifdef CONFIG_MODULES ++ else if (mod && mod->name) ++ str = mod->name; ++#endif ++ ++ pr_warn("TECH PREVIEW: %s may not be fully supported.\n" ++ "Please review provided documentation for limitations.\n", ++ (str ? str : "kernel")); ++ add_taint(TAINT_AUX, LOCKDEP_STILL_OK); ++#ifdef CONFIG_MODULES ++ if (mod) ++ mod->taints |= (1U << TAINT_AUX); ++#endif ++} ++EXPORT_SYMBOL(mark_tech_preview); +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index d7ed1dffa426..19a40d791c99 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -244,6 +244,11 @@ static int bpf_unpriv_handler(struct ctl_table *table, int write, + if (write && !ret) { + if (locked_state && unpriv_enable != 1) + return -EPERM; ++ if (!unpriv_enable) { ++ pr_warn("Unprivileged BPF has been enabled, " ++ "tainting the kernel"); ++ add_taint(TAINT_UNPRIVILEGED_BPF, LOCKDEP_STILL_OK); ++ } + *(int *)table->data = unpriv_enable; + } + return ret; +diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig +index 8620f38e117c..a3e41b7a8054 100644 +--- a/lib/crypto/Kconfig ++++ b/lib/crypto/Kconfig +@@ -40,7 +40,7 @@ config CRYPTO_LIB_CHACHA_GENERIC + of CRYPTO_LIB_CHACHA. + + config CRYPTO_LIB_CHACHA +- tristate ++ tristate "ChaCha library interface" + depends on CRYPTO_ARCH_HAVE_LIB_CHACHA || !CRYPTO_ARCH_HAVE_LIB_CHACHA + select CRYPTO_LIB_CHACHA_GENERIC if CRYPTO_ARCH_HAVE_LIB_CHACHA=n + help +@@ -65,7 +65,7 @@ config CRYPTO_LIB_CURVE25519_GENERIC + of CRYPTO_LIB_CURVE25519. + + config CRYPTO_LIB_CURVE25519 +- tristate ++ tristate "Curve25519 scalar multiplication library" + depends on CRYPTO_ARCH_HAVE_LIB_CURVE25519 || !CRYPTO_ARCH_HAVE_LIB_CURVE25519 + select CRYPTO_LIB_CURVE25519_GENERIC if CRYPTO_ARCH_HAVE_LIB_CURVE25519=n + help +@@ -100,7 +100,7 @@ config CRYPTO_LIB_POLY1305_GENERIC + of CRYPTO_LIB_POLY1305. + + config CRYPTO_LIB_POLY1305 +- tristate ++ tristate "Poly1305 library interface" + depends on CRYPTO_ARCH_HAVE_LIB_POLY1305 || !CRYPTO_ARCH_HAVE_LIB_POLY1305 + select CRYPTO_LIB_POLY1305_GENERIC if CRYPTO_ARCH_HAVE_LIB_POLY1305=n + help +@@ -109,7 +109,7 @@ config CRYPTO_LIB_POLY1305 + is available and enabled. + + config CRYPTO_LIB_CHACHA20POLY1305 +- tristate ++ tristate "ChaCha20-Poly1305 AEAD support (8-byte nonce library version)" + depends on CRYPTO_ARCH_HAVE_LIB_CHACHA || !CRYPTO_ARCH_HAVE_LIB_CHACHA + depends on CRYPTO_ARCH_HAVE_LIB_POLY1305 || !CRYPTO_ARCH_HAVE_LIB_POLY1305 + select CRYPTO_LIB_CHACHA +diff --git a/mm/cma.c b/mm/cma.c +index bc9ca8f3c487..9fa9a485eb3a 100644 +--- a/mm/cma.c ++++ b/mm/cma.c +@@ -125,6 +125,12 @@ static void __init cma_activate_area(struct cma *cma) + spin_lock_init(&cma->mem_head_lock); + #endif + ++#ifdef CONFIG_RHEL_DIFFERENCES ++ /* s390x and ppc64 has been using CMA already in RHEL 8 as default. */ ++ if (!IS_ENABLED(CONFIG_S390) && !IS_ENABLED(CONFIG_PPC64)) ++ mark_tech_preview("CMA", NULL); ++#endif /* CONFIG_RHEL_DIFFERENCES */ ++ + return; + + not_in_zone: +@@ -437,6 +443,10 @@ struct page *cma_alloc(struct cma *cma, unsigned long count, + if (!cma || !cma->count || !cma->bitmap) + goto out; + ++#ifdef CONFIG_RHEL_DIFFERENCES ++ pr_info_once("Initial CMA usage detected\n"); ++#endif /* CONFIG_RHEL_DIFFERENCES */ ++ + pr_debug("%s(cma %p, count %lu, align %d)\n", __func__, (void *)cma, + count, align); + +diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c +index cb8ab7d91d30..5f13183ccc23 100644 +--- a/scripts/mod/modpost.c ++++ b/scripts/mod/modpost.c +@@ -21,6 +21,7 @@ + #include + #include "modpost.h" + #include "../../include/linux/license.h" ++#include "../../include/generated/uapi/linux/version.h" + + /* Are we using CONFIG_MODVERSIONS? */ + static int modversions = 0; +@@ -2351,6 +2352,12 @@ static void write_buf(struct buffer *b, const char *fname) + } + } + ++static void add_rhelversion(struct buffer *b, struct module *mod) ++{ ++ buf_printf(b, "MODULE_INFO(rhelversion, \"%d.%d\");\n", RHEL_MAJOR, ++ RHEL_MINOR); ++} ++ + static void write_if_changed(struct buffer *b, const char *fname) + { + char *tmp; +@@ -2580,6 +2587,7 @@ int main(int argc, char **argv) + add_depends(&buf, mod); + add_moddevtable(&buf, mod); + add_srcversion(&buf, mod); ++ add_rhelversion(&buf, mod); + + sprintf(fname, "%s.mod.c", mod->name); + write_if_changed(&buf, fname); +diff --git a/scripts/tags.sh b/scripts/tags.sh +index b24bfaec6290..0418ba1d33f3 100755 +--- a/scripts/tags.sh ++++ b/scripts/tags.sh +@@ -16,6 +16,8 @@ fi + ignore="$(echo "$RCS_FIND_IGNORE" | sed 's|\\||g' )" + # tags and cscope files should also ignore MODVERSION *.mod.c files + ignore="$ignore ( -name *.mod.c ) -prune -o" ++# RHEL tags and cscope should also ignore redhat/rpm ++ignore="$ignore ( -path redhat/rpm ) -prune -o" + + # Use make KBUILD_ABS_SRCTREE=1 {tags|cscope} + # to force full paths for a non-O= build +diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c +index f290f78c3f30..d3e7ae04f5be 100644 +--- a/security/integrity/platform_certs/load_uefi.c ++++ b/security/integrity/platform_certs/load_uefi.c +@@ -46,7 +46,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, + return NULL; + + if (*status != EFI_BUFFER_TOO_SMALL) { +- pr_err("Couldn't get size: 0x%lx\n", *status); ++ pr_err("Couldn't get size: %s (0x%lx)\n", ++ efi_status_to_str(*status), *status); + return NULL; + } + +@@ -57,7 +58,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, + *status = efi.get_variable(name, guid, NULL, &lsize, db); + if (*status != EFI_SUCCESS) { + kfree(db); +- pr_err("Error reading db var: 0x%lx\n", *status); ++ pr_err("Error reading db var: %s (0x%lx)\n", ++ efi_status_to_str(*status), *status); + return NULL; + } + +diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig +index e84ddf484010..d0501353a4b9 100644 +--- a/security/lockdown/Kconfig ++++ b/security/lockdown/Kconfig +@@ -16,6 +16,19 @@ config SECURITY_LOCKDOWN_LSM_EARLY + subsystem is fully initialised. If enabled, lockdown will + unconditionally be called before any other LSMs. + ++config LOCK_DOWN_IN_EFI_SECURE_BOOT ++ bool "Lock down the kernel in EFI Secure Boot mode" ++ default n ++ depends on EFI && SECURITY_LOCKDOWN_LSM_EARLY ++ help ++ UEFI Secure Boot provides a mechanism for ensuring that the firmware ++ will only load signed bootloaders and kernels. Secure boot mode may ++ be determined from EFI variables provided by the system firmware if ++ not indicated by the boot parameters. ++ ++ Enabling this option results in kernel lockdown being triggered if ++ EFI Secure Boot is set. ++ + choice + prompt "Kernel default lockdown mode" + default LOCK_DOWN_KERNEL_FORCE_NONE +diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c +index 87cbdc64d272..18555cf18da7 100644 +--- a/security/lockdown/lockdown.c ++++ b/security/lockdown/lockdown.c +@@ -73,6 +73,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what) + + static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = { + LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), ++ LSM_HOOK_INIT(lock_kernel_down, lock_kernel_down), + }; + + static int __init lockdown_lsm_init(void) +diff --git a/security/security.c b/security/security.c +index c88167a414b4..e65a178ff9f4 100644 +--- a/security/security.c ++++ b/security/security.c +@@ -2600,6 +2600,12 @@ int security_locked_down(enum lockdown_reason what) + } + EXPORT_SYMBOL(security_locked_down); + ++int security_lock_kernel_down(const char *where, enum lockdown_reason level) ++{ ++ return call_int_hook(lock_kernel_down, 0, where, level); ++} ++EXPORT_SYMBOL(security_lock_kernel_down); ++ + #ifdef CONFIG_PERF_EVENTS + int security_perf_event_open(struct perf_event_attr *attr, int type) + { -- cgit