diff --git a/patch-6.6-redhat.patch b/patch-6.6-redhat.patch index d109afe42..c01d72787 100644 --- a/patch-6.6-redhat.patch +++ b/patch-6.6-redhat.patch @@ -73,7 +73,7 @@ index 0a1731a0f0ef..7015d8d057a0 100644 @@ -6711,6 +6711,15 @@ unknown_nmi_panic [X86] Cause panic on unknown NMI. - + + unprivileged_bpf_disabled= + Format: { "0" | "1" | "2" } + Sets the initial value of @@ -92,7 +92,7 @@ index 745bc773f567..f57ff40109d7 100644 +++ b/Kconfig @@ -30,3 +30,5 @@ source "lib/Kconfig" source "lib/Kconfig.debug" - + source "Documentation/Kconfig" + +source "Kconfig.redhat" @@ -126,7 +126,7 @@ index ceb23eed4dce..88bf786d292e 100644 @@ -22,6 +22,18 @@ $(if $(filter __%, $(MAKECMDGOALS)), \ PHONY := __all __all: - + +# Set RHEL variables +# Note that this ifdef'ery is required to handle when building with +# the O= mechanism (relocate the object file results) due to upstream @@ -155,7 +155,7 @@ index ceb23eed4dce..88bf786d292e 100644 + $(shell expr $(RHEL_MAJOR) \* 256 + $(RHEL_MINOR))'; \ + echo '#define RHEL_RELEASE "$(RHEL_RELEASE)"' endef - + $(version_h): PATCHLEVEL := $(or $(PATCHLEVEL), 0) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 9557808e8937..fafcbf82c9f2 100644 @@ -163,7 +163,7 @@ index 9557808e8937..fafcbf82c9f2 100644 +++ b/arch/arm/Kconfig @@ -1307,9 +1307,9 @@ config HIGHMEM If unsure, say n. - + config HIGHPTE - bool "Allocate 2nd-level pagetables from highmem" if EXPERT + bool "Allocate 2nd-level pagetables from highmem" @@ -178,7 +178,7 @@ index b10515c0200b..6e1ed0068863 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1295,7 +1295,7 @@ endchoice - + config ARM64_FORCE_52BIT bool "Force 52-bit virtual addresses for userspace" - depends on ARM64_VA_BITS_52 && EXPERT @@ -195,7 +195,7 @@ index b0d00032479d..afb9544fb007 100644 int ipl_report_add_certificate(struct ipl_report *report, void *key, unsigned long addr, unsigned long len); +bool ipl_get_secureboot(void); - + /* * DIAG 308 support diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c @@ -204,7 +204,7 @@ index 05e51666db03..454a33b77878 100644 +++ b/arch/s390/kernel/ipl.c @@ -2519,3 +2519,8 @@ int ipl_report_free(struct ipl_report *report) } - + #endif + +bool ipl_get_secureboot(void) @@ -222,11 +222,11 @@ index de6ad0fb2328..5cc2758be027 100644 +#include #include #include - + @@ -914,6 +915,9 @@ void __init setup_arch(char **cmdline_p) - + log_component_list(); - + + if (ipl_get_secureboot()) + security_lock_kernel_down("Secure IPL mode", LOCKDOWN_INTEGRITY_MAX); + @@ -262,13 +262,13 @@ index b9145a63da77..0fee4777b66f 100644 #include #include +#include - + /* * max_low_pfn_mapped: highest directly mapped pfn < 4 GB @@ -799,6 +801,49 @@ static void __init early_reserve_memory(void) trim_snb_memory(); } - + +#ifdef CONFIG_RHEL_DIFFERENCES + +static void rh_check_supported(void) @@ -318,7 +318,7 @@ index b9145a63da77..0fee4777b66f 100644 @@ -1032,6 +1077,13 @@ void __init setup_arch(char **cmdline_p) if (efi_enabled(EFI_BOOT)) efi_init(); - + + efi_set_secure_boot(boot_params.secure_boot); + +#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT @@ -328,11 +328,11 @@ index b9145a63da77..0fee4777b66f 100644 + reserve_ibft_region(); dmi_setup(); - + @@ -1193,19 +1245,7 @@ void __init setup_arch(char **cmdline_p) /* Allocate bigger log buffer */ setup_log_buf(1); - + - if (efi_enabled(EFI_BOOT)) { - switch (boot_params.secure_boot) { - case efi_secureboot_mode_disabled: @@ -347,18 +347,18 @@ index b9145a63da77..0fee4777b66f 100644 - } - } + efi_set_secure_boot(boot_params.secure_boot); - + reserve_initrd(); - + @@ -1318,6 +1358,8 @@ void __init setup_arch(char **cmdline_p) efi_apply_memmap_quirks(); #endif - + + rh_check_supported(); + unwind_init(); } - + diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c index 6aef1ee5e1bd..8f146b1b4972 100644 --- a/drivers/acpi/apei/hest.c @@ -366,7 +366,7 @@ index 6aef1ee5e1bd..8f146b1b4972 100644 @@ -96,6 +96,14 @@ static int apei_hest_parse(apei_hest_func_t func, void *data) if (hest_disable || !hest_tab) return -EINVAL; - + +#ifdef CONFIG_ARM64 + /* Ignore broken firmware */ + if (!strncmp(hest_tab->header.oem_id, "HPE ", 6) && @@ -388,7 +388,7 @@ index c2c786eb95ab..4e3aa80cd5cf 100644 struct irq_fwspec *fwspec; + bool skip_producer_check; }; - + /** @@ -211,7 +212,8 @@ static acpi_status acpi_irq_parse_one_cb(struct acpi_resource *ares, return AE_CTRL_TERMINATE; @@ -406,7 +406,7 @@ index c2c786eb95ab..4e3aa80cd5cf 100644 { - struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec }; + struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec, false }; - + + /* + * Firmware on arm64-based HPE m400 platform incorrectly marks + * its UART interrupt as ACPI_PRODUCER rather than ACPI_CONSUMER. @@ -428,7 +428,7 @@ index 691d4b7686ee..433ff7d8a844 100644 @@ -1752,6 +1752,15 @@ static bool acpi_device_enumeration_by_parent(struct acpi_device *device) if (!acpi_match_device_ids(device, ignore_serial_bus_ids)) return false; - + + /* + * Firmware on some arm64 X-Gene platforms will make the UART + * device appear as both a UART and a slave of that UART. Just @@ -448,7 +448,7 @@ index e2bacedf28ef..b55ea894d874 100644 @@ -729,6 +729,24 @@ int ahci_stop_engine(struct ata_port *ap) tmp &= ~PORT_CMD_START; writel(tmp, port_mmio + PORT_CMD); - + +#ifdef CONFIG_ARM64 + /* Rev Ax of Cavium CN99XX needs a hack for port stop */ + if (dev_is_pci(ap->host->dev) && @@ -477,7 +477,7 @@ index bbf7029e224b..cf7faa970dd6 100644 @@ -215,6 +215,21 @@ static int __init scan_for_dmi_ipmi(void) { const struct dmi_device *dev = NULL; - + +#ifdef CONFIG_ARM64 + /* RHEL-only + * If this is ARM-based HPE m400, return now, because that platform @@ -495,7 +495,7 @@ index bbf7029e224b..cf7faa970dd6 100644 + while ((dev = dmi_find_device(DMI_DEV_TYPE_IPMI, NULL, dev))) dmi_decode_ipmi((const struct dmi_header *) dev->device_data); - + diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c index 186f1fee7534..93e3a76596ff 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c @@ -506,12 +506,12 @@ index 186f1fee7534..93e3a76596ff 100644 #include +#include #include - + #define IPMI_DRIVER_VERSION "39.2" @@ -5516,8 +5517,21 @@ static int __init ipmi_init_msghandler_mod(void) { int rv; - + - pr_info("version " IPMI_DRIVER_VERSION "\n"); +#ifdef CONFIG_ARM64 + /* RHEL-only @@ -520,7 +520,7 @@ index 186f1fee7534..93e3a76596ff 100644 + * does not exist in the ARM architecture. + */ + const char *dmistr = dmi_get_system_info(DMI_PRODUCT_NAME); - + + if (dmistr && (strcmp("ProLiant m400 Server", dmistr) == 0)) { + pr_debug("%s does not support host ipmi\n", dmistr); + return -ENOSYS; @@ -552,13 +552,13 @@ index 1599f1176842..a1fc17f1e0cc 100644 #include #include +#include - + #include - + @@ -953,40 +954,101 @@ int efi_mem_type(unsigned long phys_addr) } #endif - + +struct efi_error_code { + efi_status_t status; + int errno; @@ -663,7 +663,7 @@ index 1599f1176842..a1fc17f1e0cc 100644 - } + struct efi_error_code *found; + size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code); - + - return err; + found = bsearch((void *)(uintptr_t)status, efi_error_codes, + sizeof(struct efi_error_code), num, @@ -687,7 +687,7 @@ index 1599f1176842..a1fc17f1e0cc 100644 + return found->description; } EXPORT_SYMBOL_GPL(efi_status_to_err); - + diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c new file mode 100644 index 000000000000..de0a3714a5d4 @@ -741,27 +741,27 @@ index 84e7ba5314d3..efc96776f761 100644 struct rmi_data *hdata = hid_get_drvdata(hdev); struct rmi_device *rmi_dev = hdata->xport.rmi_dev; - unsigned long flags; - + if (!(test_bit(RMI_STARTED, &hdata->flags))) return 0; - + - pm_wakeup_event(hdev->dev.parent, 0); - - local_irq_save(flags); - rmi_set_attn_data(rmi_dev, data[1], &data[2], size - 2); - + - generic_handle_irq(hdata->rmi_irq); - - local_irq_restore(flags); - return 1; } - + @@ -591,56 +582,6 @@ static const struct rmi_transport_ops hid_rmi_ops = { .reset = rmi_hid_reset, }; - + -static void rmi_irq_teardown(void *data) -{ - struct rmi_data *hdata = data; @@ -816,9 +816,9 @@ index 84e7ba5314d3..efc96776f761 100644 { struct rmi_data *data = NULL; @@ -713,18 +654,11 @@ static int rmi_probe(struct hid_device *hdev, const struct hid_device_id *id) - + mutex_init(&data->page_mutex); - + - ret = rmi_setup_irq_domain(hdev); - if (ret) { - hid_err(hdev, "failed to allocate IRQ domain\n"); @@ -827,13 +827,13 @@ index 84e7ba5314d3..efc96776f761 100644 - if (data->device_flags & RMI_DEVICE_HAS_PHYS_BUTTONS) rmi_hid_pdata.gpio_data.disable = true; - + data->xport.dev = hdev->dev.parent; data->xport.pdata = rmi_hid_pdata; - data->xport.pdata.irq = data->rmi_irq; data->xport.proto_name = "hid"; data->xport.ops = &hid_rmi_ops; - + diff --git a/drivers/hwtracing/coresight/coresight-etm4x-core.c b/drivers/hwtracing/coresight/coresight-etm4x-core.c index 77b0271ce6eb..96f60c139c4a 100644 --- a/drivers/hwtracing/coresight/coresight-etm4x-core.c @@ -849,7 +849,7 @@ index 77b0271ce6eb..96f60c139c4a 100644 @@ -2303,6 +2304,16 @@ static const struct amba_id etm4_ids[] = { {}, }; - + +static const struct dmi_system_id broken_coresight[] = { + { + .matches = { @@ -861,22 +861,22 @@ index 77b0271ce6eb..96f60c139c4a 100644 +}; + MODULE_DEVICE_TABLE(amba, etm4_ids); - + static struct amba_driver etm4x_amba_driver = { @@ -2372,6 +2383,11 @@ static int __init etm4x_init(void) { int ret; - + + if (dmi_check_system(broken_coresight)) { + pr_info("ETM4 disabled due to firmware bug\n"); + return 0; + } + ret = etm4_pm_setup(); - + /* etm4_pm_setup() does its own cleanup - exit on error */ @@ -2398,6 +2414,9 @@ static int __init etm4x_init(void) - + static void __exit etm4x_exit(void) { + if (dmi_check_system(broken_coresight)) @@ -891,13 +891,13 @@ index 258d5fe3d395..f7298e3dc8f3 100644 +++ b/drivers/input/rmi4/rmi_driver.c @@ -182,34 +182,47 @@ void rmi_set_attn_data(struct rmi_device *rmi_dev, unsigned long irq_status, attn_data.data = fifo_data; - + kfifo_put(&drvdata->attn_fifo, attn_data); + + schedule_work(&drvdata->attn_work); } EXPORT_SYMBOL_GPL(rmi_set_attn_data); - + -static irqreturn_t rmi_irq_fn(int irq, void *dev_id) +static void attn_callback(struct work_struct *work) { @@ -908,7 +908,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644 + attn_work); struct rmi4_attn_data attn_data = {0}; int ret, count; - + count = kfifo_get(&drvdata->attn_fifo, &attn_data); - if (count) { - *(drvdata->irq_status) = attn_data.irq_status; @@ -916,7 +916,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644 - } + if (!count) + return; - + - ret = rmi_process_interrupt_requests(rmi_dev); + *(drvdata->irq_status) = attn_data.irq_status; + drvdata->attn_data = attn_data; @@ -926,14 +926,14 @@ index 258d5fe3d395..f7298e3dc8f3 100644 - rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev, + rmi_dbg(RMI_DEBUG_CORE, &drvdata->rmi_dev->dev, "Failed to process interrupt request: %d\n", ret); - + - if (count) { - kfree(attn_data.data); - drvdata->attn_data.data = NULL; - } + kfree(attn_data.data); + drvdata->attn_data.data = NULL; - + if (!kfifo_is_empty(&drvdata->attn_fifo)) - return rmi_irq_fn(irq, dev_id); + schedule_work(&drvdata->attn_work); @@ -948,7 +948,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644 + if (ret) + rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev, + "Failed to process interrupt request: %d\n", ret); - + return IRQ_HANDLED; } @@ -217,7 +230,6 @@ static irqreturn_t rmi_irq_fn(int irq, void *dev_id) @@ -958,20 +958,20 @@ index 258d5fe3d395..f7298e3dc8f3 100644 - struct rmi_driver_data *data = dev_get_drvdata(&rmi_dev->dev); int irq_flags = irq_get_trigger_type(pdata->irq); int ret; - + @@ -235,8 +247,6 @@ static int rmi_irq_init(struct rmi_device *rmi_dev) return ret; } - + - data->enabled = true; - return 0; } - + @@ -886,23 +896,27 @@ void rmi_enable_irq(struct rmi_device *rmi_dev, bool clear_wake) if (data->enabled) goto out; - + - enable_irq(irq); - data->enabled = true; - if (clear_wake && device_may_wakeup(rmi_dev->xport->dev)) { @@ -991,7 +991,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644 + "Failed to disable irq for wake: %d\n", + retval); + } - + - /* - * Call rmi_process_interrupt_requests() after enabling irq, - * otherwise we may lose interrupt on edge-triggered systems. @@ -1009,12 +1009,12 @@ index 258d5fe3d395..f7298e3dc8f3 100644 + } else { + data->enabled = true; + } - + out: mutex_unlock(&data->enabled_mutex); @@ -922,20 +936,22 @@ void rmi_disable_irq(struct rmi_device *rmi_dev, bool enable_wake) goto out; - + data->enabled = false; - disable_irq(irq); - if (enable_wake && device_may_wakeup(rmi_dev->xport->dev)) { @@ -1047,21 +1047,21 @@ index 258d5fe3d395..f7298e3dc8f3 100644 + kfree(attn_data.data); + } } - + out: @@ -981,6 +997,8 @@ static int rmi_driver_remove(struct device *dev) irq_domain_remove(data->irqdomain); data->irqdomain = NULL; - + + cancel_work_sync(&data->attn_work); + rmi_f34_remove_sysfs(rmi_dev); rmi_free_function_list(rmi_dev); - + @@ -1219,9 +1237,15 @@ static int rmi_driver_probe(struct device *dev) } } - + - retval = rmi_irq_init(rmi_dev); - if (retval < 0) - goto err_destroy_functions; @@ -1074,7 +1074,7 @@ index 258d5fe3d395..f7298e3dc8f3 100644 + data->enabled = true; + + INIT_WORK(&data->attn_work, attn_callback); - + if (data->f01_container->dev.driver) { /* Driver already bound, so enable ATTN now. */ diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c @@ -1082,7 +1082,7 @@ index 3bfc56df4f78..9671f1bda4ed 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -8,6 +8,7 @@ - + #include #include +#include @@ -1092,7 +1092,7 @@ index 3bfc56df4f78..9671f1bda4ed 100644 @@ -2930,6 +2931,27 @@ int iommu_dev_disable_feature(struct device *dev, enum iommu_dev_features feat) } EXPORT_SYMBOL_GPL(iommu_dev_disable_feature); - + +#ifdef CONFIG_ARM64 +static int __init iommu_quirks(void) +{ @@ -1123,7 +1123,7 @@ index 86f16f3ea478..499dc34a5e66 100644 +++ b/drivers/message/fusion/mptsas.c @@ -5383,6 +5383,10 @@ static void mptsas_remove(struct pci_dev *pdev) } - + static struct pci_device_id mptsas_pci_table[] = { +#ifdef CONFIG_RHEL_DIFFERENCES + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_SAS1068, @@ -1146,7 +1146,7 @@ index 6c5920db1e9d..dfbc97b68e6a 100644 +++ b/drivers/message/fusion/mptspi.c @@ -1238,12 +1238,17 @@ static struct spi_function_template mptspi_transport_functions = { */ - + static struct pci_device_id mptspi_pci_table[] = { +#ifdef CONFIG_RHEL_DIFFERENCES + { PCI_VENDOR_ID_LSI_LOGIC, MPI_MANUFACTPAGE_DEVID_53C1030, @@ -1164,20 +1164,20 @@ index 6c5920db1e9d..dfbc97b68e6a 100644 MODULE_DEVICE_TABLE(pci, mptspi_pci_table); @@ -1534,6 +1539,7 @@ mptspi_probe(struct pci_dev *pdev, const struct pci_device_id *id) 0, 0, 0, 0, 5); - + scsi_scan_host(sh); + return 0; - + out_mptspi_probe: diff --git a/drivers/net/wireguard/main.c b/drivers/net/wireguard/main.c index ee4da9ab8013..d395d11eadc4 100644 --- a/drivers/net/wireguard/main.c +++ b/drivers/net/wireguard/main.c @@ -12,6 +12,7 @@ - + #include - + +#include #include #include @@ -1185,7 +1185,7 @@ index ee4da9ab8013..d395d11eadc4 100644 @@ -21,6 +22,11 @@ static int __init wg_mod_init(void) { int ret; - + +#ifdef CONFIG_RHEL_DIFFERENCES + if (fips_enabled) + return -EOPNOTSUPP; @@ -1199,7 +1199,7 @@ index f3a01b79148c..9a1a74d183ce 100644 --- a/drivers/nvme/host/core.c +++ b/drivers/nvme/host/core.c @@ -251,6 +251,9 @@ void nvme_delete_ctrl_sync(struct nvme_ctrl *ctrl) - + static blk_status_t nvme_error_status(u16 status) { + if (unlikely(status & NVME_SC_DNR)) @@ -1215,17 +1215,17 @@ index f3a01b79148c..9a1a74d183ce 100644 + FAILUP, AUTHENTICATE, }; - + @@ -352,15 +356,16 @@ static inline enum nvme_disposition nvme_decide_disposition(struct request *req) if ((nvme_req(req)->status & 0x7ff) == NVME_SC_AUTH_REQUIRED) return AUTHENTICATE; - + - if (blk_noretry_request(req) || + if ((req->cmd_flags & (REQ_FAILFAST_DEV | REQ_FAILFAST_DRIVER)) || (nvme_req(req)->status & NVME_SC_DNR) || nvme_req(req)->retries >= nvme_max_retries) return COMPLETE; - + - if (req->cmd_flags & REQ_NVME_MPATH) { + if (req->cmd_flags & (REQ_NVME_MPATH | REQ_FAILFAST_TRANSPORT)) { if (nvme_is_path_error(nvme_req(req)->status) || @@ -1239,7 +1239,7 @@ index f3a01b79148c..9a1a74d183ce 100644 @@ -390,6 +395,14 @@ static inline void nvme_end_req(struct request *req) blk_mq_end_request(req, status); } - + +static inline void nvme_failup_req(struct request *req) +{ + nvme_update_ana(req); @@ -1268,7 +1268,7 @@ index 0a88d7bdc5e3..967bb3a85889 100644 @@ -80,14 +80,10 @@ void nvme_mpath_start_freeze(struct nvme_subsystem *subsys) blk_freeze_queue_start(h->disk->queue); } - + -void nvme_failover_req(struct request *req) +void nvme_update_ana(struct request *req) { @@ -1278,7 +1278,7 @@ index 0a88d7bdc5e3..967bb3a85889 100644 - struct bio *bio; - - nvme_mpath_clear_current_path(ns); - + /* * If we got back an ANA error, we know the controller is alive but not @@ -98,6 +94,16 @@ void nvme_failover_req(struct request *req) @@ -1295,18 +1295,18 @@ index 0a88d7bdc5e3..967bb3a85889 100644 + + nvme_mpath_clear_current_path(ns); + nvme_update_ana(req); - + spin_lock_irqsave(&ns->head->requeue_lock, flags); for (bio = req->bio; bio; bio = bio->bi_next) { @@ -912,8 +918,7 @@ int nvme_mpath_init_identify(struct nvme_ctrl *ctrl, struct nvme_id_ctrl *id) int error = 0; - + /* check if multipath is enabled and we have the capability */ - if (!multipath || !ctrl->subsys || - !(ctrl->subsys->cmic & NVME_CTRL_CMIC_ANA)) + if (!ctrl->subsys || !(ctrl->subsys->cmic & NVME_CTRL_CMIC_ANA)) return 0; - + if (!ctrl->max_namespaces || diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h index f35647c470af..e57357f23306 100644 @@ -1362,7 +1362,7 @@ index eeec1d6f9023..22b85cc6ed39 100644 @@ -4408,6 +4408,30 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9000, DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9084, quirk_bridge_cavm_thrx2_pcie_root); - + +/* + * PCI BAR 5 is not setup correctly for the on-board AHCI controller + * on Broadcom's Vulcan processor. Added a quirk to fix BAR 5 by @@ -1415,7 +1415,7 @@ index e48f14ad6dfd..bd4de6bbf639 100644 --- a/drivers/scsi/be2iscsi/be_main.c +++ b/drivers/scsi/be2iscsi/be_main.c @@ -387,11 +387,13 @@ static int beiscsi_eh_device_reset(struct scsi_cmnd *sc) - + /*------------------- PCI Driver operations and data ----------------- */ static const struct pci_device_id beiscsi_pci_id_table[] = { +#ifndef CONFIG_RHEL_DIFFERENCES @@ -1439,7 +1439,7 @@ index af18d20f3079..0cebae77fd00 100644 +#ifndef CONFIG_RHEL_DIFFERENCES MODULE_ALIAS("cciss"); +#endif - + static int hpsa_simple_mode; module_param(hpsa_simple_mode, int, S_IRUGO|S_IWUSR); @@ -144,10 +146,12 @@ static const struct pci_device_id hpsa_pci_device_id[] = { @@ -1454,14 +1454,14 @@ index af18d20f3079..0cebae77fd00 100644 +#endif {0,} }; - + diff --git a/drivers/scsi/lpfc/lpfc_ids.h b/drivers/scsi/lpfc/lpfc_ids.h index 0b1616e93cf4..85fc52038a82 100644 --- a/drivers/scsi/lpfc/lpfc_ids.h +++ b/drivers/scsi/lpfc/lpfc_ids.h @@ -24,6 +24,7 @@ #include - + const struct pci_device_id lpfc_id_table[] = { +#ifndef CONFIG_RHEL_DIFFERENCES {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_VIPER, @@ -1536,7 +1536,7 @@ index b9d46dcb5210..bd012e44b02a 100644 @@ -149,6 +149,7 @@ megasas_set_ld_removed_by_fw(struct megasas_instance *instance); */ static struct pci_device_id megasas_pci_table[] = { - + +#ifndef CONFIG_RHEL_DIFFERENCES {PCI_DEVICE(PCI_VENDOR_ID_LSI_LOGIC, PCI_DEVICE_ID_LSI_SAS1064R)}, /* xscale IOP */ @@ -1599,7 +1599,7 @@ index 50db08265c51..5ece5ffc3944 100644 +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -8113,6 +8113,7 @@ static const struct pci_error_handlers qla2xxx_err_handler = { }; - + static struct pci_device_id qla2xxx_pci_tbl[] = { +#ifndef CONFIG_RHEL_DIFFERENCES { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2100) }, @@ -1651,7 +1651,7 @@ index c92a317ba547..8fa8c1d9c9a5 100644 @@ -118,6 +118,14 @@ static const char *sd_cache_types[] = { "write back, no read (daft)" }; - + +static const char *sd_probe_types[] = { "async", "sync" }; + +static char sd_probe_type[6] = "async"; @@ -1666,7 +1666,7 @@ index c92a317ba547..8fa8c1d9c9a5 100644 @@ -3949,6 +3957,8 @@ static int __init init_sd(void) goto err_out_class; } - + + if (!strcmp(sd_probe_type, "sync")) + sd_template.gendrv.probe_type = PROBE_FORCE_SYNCHRONOUS; err = scsi_register_driver(&sd_template.gendrv); @@ -1679,7 +1679,7 @@ index 3c54b218301c..3a52d7e751ce 100644 @@ -5763,6 +5763,13 @@ static void hub_event(struct work_struct *work) (u16) hub->change_bits[0], (u16) hub->event_bits[0]); - + + /* Don't disconnect USB-SATA on TrimSlice */ + if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) { + if ((hdev->state == 7) && (hub->change_bits[0] == 0) && @@ -1697,12 +1697,12 @@ index eae288c8d40a..8b8bf447cedc 100644 @@ -201,6 +201,9 @@ static int __init afs_init(void) goto error_proc; } - + +#ifdef CONFIG_RHEL_DIFFERENCES + mark_partner_supported(KBUILD_MODNAME, THIS_MODULE); +#endif return ret; - + error_proc: diff --git a/include/linux/efi.h b/include/linux/efi.h index 80b21d1c6eaf..b66c0683f2fc 100644 @@ -1711,7 +1711,7 @@ index 80b21d1c6eaf..b66c0683f2fc 100644 @@ -44,6 +44,8 @@ struct screen_info; #define EFI_ABORTED (21 | (1UL << (BITS_PER_LONG-1))) #define EFI_SECURITY_VIOLATION (26 | (1UL << (BITS_PER_LONG-1))) - + +#define EFI_IS_ERROR(x) ((x) & (1UL << (BITS_PER_LONG-1))) + typedef unsigned long efi_status_t; @@ -1729,22 +1729,22 @@ index 80b21d1c6eaf..b66c0683f2fc 100644 + efi_secureboot_mode_disabled, + efi_secureboot_mode_enabled, +}; - + #ifdef CONFIG_EFI /* @@ -882,6 +892,8 @@ static inline bool efi_enabled(int feature) } extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused); - + +extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode); + bool __pure __efi_soft_reserve_enabled(void); - + static inline bool __pure efi_soft_reserve_enabled(void) @@ -903,6 +915,8 @@ static inline bool efi_enabled(int feature) static inline void efi_reboot(enum reboot_mode reboot_mode, const char *__unused) {} - + +static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {} + static inline bool efi_soft_reserve_enabled(void) @@ -1752,16 +1752,16 @@ index 80b21d1c6eaf..b66c0683f2fc 100644 return false; @@ -917,6 +931,7 @@ static inline void efi_find_mirror(void) {} #endif - + extern int efi_status_to_err(efi_status_t status); +extern const char *efi_status_to_str(efi_status_t status); - + /* * Variable Attributes @@ -1133,13 +1148,6 @@ static inline bool efi_runtime_disabled(void) { return true; } extern void efi_call_virt_check_flags(unsigned long flags, const void *caller); extern unsigned long efi_call_virt_save_flags(void); - + -enum efi_secureboot_mode { - efi_secureboot_mode_unset, - efi_secureboot_mode_unknown, @@ -1801,11 +1801,11 @@ index ac962c4cb44b..d0cedef6859c 100644 +++ b/include/linux/lsm_hook_defs.h @@ -405,6 +405,8 @@ LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux) #endif /* CONFIG_BPF_SYSCALL */ - + LSM_HOOK(int, 0, locked_down, enum lockdown_reason what) +LSM_HOOK(int, 0, lock_kernel_down, const char *where, enum lockdown_reason level) + - + #ifdef CONFIG_PERF_EVENTS LSM_HOOK(int, 0, perf_event_open, struct perf_event_attr *attr, int type) diff --git a/include/linux/module.h b/include/linux/module.h @@ -1818,12 +1818,12 @@ index a98e188cf37b..059c2f633ef6 100644 const char *srcversion; + const char *rhelversion; struct kobject *holders_dir; - + /* Exported symbols */ @@ -988,4 +989,8 @@ static inline unsigned long find_kallsyms_symbol_value(struct module *mod, - + #endif /* CONFIG_MODULES && CONFIG_KALLSYMS */ - + +#ifdef CONFIG_RHEL_DIFFERENCES +void module_rh_check_status(const char * module_name); +#endif @@ -1856,7 +1856,7 @@ index 6717b15e798c..8e1d3eae1686 100644 +/* End of Red Hat-specific taint flags */ +#define TAINT_FLAGS_COUNT 32 #define TAINT_FLAGS_MAX ((1UL << TAINT_FLAGS_COUNT) - 1) - + struct taint_flag { diff --git a/include/linux/pci.h b/include/linux/pci.h index 8c7c2c3c6c65..ee66c86fc538 100644 @@ -1869,11 +1869,11 @@ index 8c7c2c3c6c65..ee66c86fc538 100644 + int pci_scan_bridge(struct pci_bus *bus, struct pci_dev *dev, int max, int pass); - + @@ -2612,6 +2613,10 @@ static inline bool pci_is_thunderbolt_attached(struct pci_dev *pdev) return false; } - + +#ifdef CONFIG_RHEL_DIFFERENCES +bool pci_rh_check_status(struct pci_dev *pci_dev); +#endif @@ -2407,12 +2407,12 @@ index ab7eea01ab42..fff7c5f737fc 100644 --- a/include/linux/rmi.h +++ b/include/linux/rmi.h @@ -364,6 +364,7 @@ struct rmi_driver_data { - + struct rmi4_attn_data attn_data; DECLARE_KFIFO(attn_fifo, struct rmi4_attn_data, 16); + struct work_struct attn_work; }; - + int rmi_register_transport_device(struct rmi_transport_dev *xport); diff --git a/include/linux/security.h b/include/linux/security.h index 5f16eecde00b..974be25cfa70 100644 @@ -2424,7 +2424,7 @@ index 5f16eecde00b..974be25cfa70 100644 int security_locked_down(enum lockdown_reason what); +int security_lock_kernel_down(const char *where, enum lockdown_reason level); #else /* CONFIG_SECURITY */ - + static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1395,6 +1396,10 @@ static inline int security_locked_down(enum lockdown_reason what) { @@ -2435,7 +2435,7 @@ index 5f16eecde00b..974be25cfa70 100644 + return 0; +} #endif /* CONFIG_SECURITY */ - + #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/init/main.c b/init/main.c index 436d73261810..bc0ce06105e6 100644 @@ -2444,7 +2444,7 @@ index 436d73261810..bc0ce06105e6 100644 @@ -1147,6 +1147,9 @@ static bool __init_or_module initcall_blacklisted(initcall_t fn) */ strreplace(fn_name, ' ', '\0'); - + +#ifdef CONFIG_RHEL_DIFFERENCES + init_rh_check_status(fn_name); +#endif @@ -2458,7 +2458,7 @@ index 3947122d618b..5b9462a450a1 100644 @@ -12,6 +12,7 @@ obj-y = fork.o exec_domain.o panic.o \ notifier.o ksysfs.o cred.o reboot.o \ async.o range.o smpboot.o ucount.o regset.o ksyms_common.o - + +obj-$(CONFIG_RHEL_DIFFERENCES) += rh_messages.o obj-$(CONFIG_USERMODE_DRIVER) += usermode_driver.o obj-$(CONFIG_MULTIUSER) += groups.o @@ -2478,7 +2478,7 @@ index eb01c31ed591..8a85897c7ea0 100644 @@ -57,6 +58,23 @@ static DEFINE_SPINLOCK(map_idr_lock); static DEFINE_IDR(link_idr); static DEFINE_SPINLOCK(link_idr_lock); - + +static int __init unprivileged_bpf_setup(char *str) +{ + unsigned long disabled; @@ -2498,7 +2498,7 @@ index eb01c31ed591..8a85897c7ea0 100644 + int sysctl_unprivileged_bpf_disabled __read_mostly = IS_BUILTIN(CONFIG_BPF_UNPRIV_DEFAULT_OFF) ? 2 : 0; - + @@ -5654,6 +5672,11 @@ static int bpf_unpriv_handler(struct ctl_table *table, int write, if (write && !ret) { if (locked_state && unpriv_enable != 1) @@ -2510,17 +2510,17 @@ index eb01c31ed591..8a85897c7ea0 100644 + } *(int *)table->data = unpriv_enable; } - + diff --git a/kernel/module/main.c b/kernel/module/main.c index 98fedfdb8db5..e3b1a8220944 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -528,6 +528,7 @@ static struct module_attribute modinfo_##field = { \ - + MODINFO_ATTR(version); MODINFO_ATTR(srcversion); +MODINFO_ATTR(rhelversion); - + static struct { char name[MODULE_NAME_LEN + 1]; @@ -980,6 +981,7 @@ struct module_attribute *modinfo_attrs[] = { @@ -2534,7 +2534,7 @@ index 98fedfdb8db5..e3b1a8220944 100644 @@ -2802,6 +2804,11 @@ static int early_mod_check(struct load_info *info, int flags) return -EPERM; } - + +#ifdef CONFIG_RHEL_DIFFERENCES + if (get_modinfo(info, "intree")) + module_rh_check_status(info->name); @@ -2550,7 +2550,7 @@ index a2ff4242e623..f0d2be1ee4f1 100644 @@ -61,10 +61,17 @@ int mod_verify_sig(const void *mod, struct load_info *info) modlen -= sig_len + sizeof(ms); info->len = modlen; - + - return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, + ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len, VERIFY_USE_SECONDARY_KEYRING, @@ -2564,7 +2564,7 @@ index a2ff4242e623..f0d2be1ee4f1 100644 + } + return ret; } - + int module_sig_check(struct load_info *info, int flags) diff --git a/kernel/panic.c b/kernel/panic.c index 07239d4ad81e..066ff701f4bb 100644 @@ -2588,7 +2588,7 @@ index 07239d4ad81e..066ff701f4bb 100644 + [ TAINT_RESERVED30 ] = { '?', '-', false }, + [ TAINT_UNPRIVILEGED_BPF ] = { 'u', ' ', false }, }; - + /** diff --git a/kernel/rh_messages.c b/kernel/rh_messages.c new file mode 100644 @@ -3134,13 +3134,13 @@ index 34a5386d444a..6d8ea13fc608 100644 #include "../../include/linux/license.h" #include "../../include/linux/module_symbol.h" +#include "../../include/generated/uapi/linux/version.h" - + static bool module_enabled; /* Are we using CONFIG_MODVERSIONS? */ @@ -2068,6 +2069,12 @@ static void write_buf(struct buffer *b, const char *fname) } } - + +static void add_rhelversion(struct buffer *b, struct module *mod) +{ + buf_printf(b, "MODULE_INFO(rhelversion, \"%d.%d\");\n", RHEL_MAJOR, @@ -3155,7 +3155,7 @@ index 34a5386d444a..6d8ea13fc608 100644 add_moddevtable(&buf, mod); add_srcversion(&buf, mod); + add_rhelversion(&buf, mod); - + ret = snprintf(fname, sizeof(fname), "%s.mod.c", mod->name); if (ret >= sizeof(fname)) { diff --git a/scripts/tags.sh b/scripts/tags.sh @@ -3168,7 +3168,7 @@ index a70d43723146..56d06b04f752 100755 ignore="$ignore ( -name *.mod.c ) -prune -o" +# RHEL tags and cscope should also ignore redhat/rpm +ignore="$ignore ( -path redhat/rpm ) -prune -o" - + # ignore arbitrary directories if [ -n "${IGNORE_DIRS}" ]; then diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c @@ -3177,14 +3177,14 @@ index d1fdd113450a..182e8090cfe8 100644 +++ b/security/integrity/platform_certs/load_uefi.c @@ -74,7 +74,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, return NULL; - + if (*status != EFI_BUFFER_TOO_SMALL) { - pr_err("Couldn't get size: 0x%lx\n", *status); + pr_err("Couldn't get size: %s (0x%lx)\n", + efi_status_to_str(*status), *status); return NULL; } - + @@ -85,7 +86,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, *status = efi.get_variable(name, guid, NULL, &lsize, db); if (*status != EFI_SUCCESS) { @@ -3194,7 +3194,7 @@ index d1fdd113450a..182e8090cfe8 100644 + efi_status_to_str(*status), *status); return NULL; } - + diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig index e84ddf484010..d0501353a4b9 100644 --- a/security/lockdown/Kconfig @@ -3202,7 +3202,7 @@ index e84ddf484010..d0501353a4b9 100644 @@ -16,6 +16,19 @@ config SECURITY_LOCKDOWN_LSM_EARLY subsystem is fully initialised. If enabled, lockdown will unconditionally be called before any other LSMs. - + +config LOCK_DOWN_IN_EFI_SECURE_BOOT + bool "Lock down the kernel in EFI Secure Boot mode" + default n @@ -3224,12 +3224,12 @@ index 68d19632aeb7..ef348935b6ff 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -73,6 +73,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what) - + static struct security_hook_list lockdown_hooks[] __ro_after_init = { LSM_HOOK_INIT(locked_down, lockdown_is_locked_down), + LSM_HOOK_INIT(lock_kernel_down, lock_kernel_down), }; - + static int __init lockdown_lsm_init(void) diff --git a/security/security.c b/security/security.c index 23b129d482a7..55d0fe0d121b 100644 @@ -3238,7 +3238,7 @@ index 23b129d482a7..55d0fe0d121b 100644 @@ -5230,6 +5230,18 @@ int security_locked_down(enum lockdown_reason what) } EXPORT_SYMBOL(security_locked_down); - + +/** + * security_lock_kernel_down() - Put the kernel into lock-down mode. + *