Update MODSIGN fixes with dhowell's first round of feedback.

Related: rhbz#1497559

Signed-off-by: Peter Jones <pjones@redhat.com>

0001-Input-gpio_keys-Allow-suppression-of-input-events-fo.patch

@@ -0,0 +1,163 @@
+From 25bb14c1e78e641049fd1ee0c404a9ccd2755e44 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Sat, 22 Jul 2017 13:00:05 +0200
+Subject: [PATCH 1/2] Input: gpio_keys - Allow suppression of input events for
+ wakeup button presses
+
+In some cases it is undesirable for a wakeup button to send input events
+to userspace if pressed to wakeup the system (if pressed during suspend).
+
+A typical example of this is the power-button on laptops / tablets,
+sending a KEY_POWER event to userspace when woken up with the power-button
+will cause userspace to immediately suspend the system again which is
+undesirable.
+
+For power-buttons attached to a PMIC, or handled by e.g. ACPI, not sending
+an input event in this case is take care of by the PMIC / ACPI hardware /
+code. But in the case of a GPIO button we need to explicitly suppress the
+sending of the input event.
+
+This commit adds support for this by adding a no_wakeup_events bool to
+struct gpio_keys_button, which platform code can set to suppress the
+input events for presses of wakeup keys during suspend.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+Changes in v2:
+-This is a rewrite if my "Input: gpio_keys - Do not report wake button
+ presses as evdev events" patch.
+-Instead of unconditionally ignoring presses of all wake-up buttons during
+ suspend, this rewrite makes this configurable per button
+-This version uses a timer to delay clearing the suspended flag for software
+ debouncing, rather then jiffy compare magic
+---
+ drivers/input/keyboard/gpio_keys.c | 33 +++++++++++++++++++++++++++++++--
+ include/linux/gpio_keys.h          |  3 +++
+ 2 files changed, 34 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/input/keyboard/gpio_keys.c b/drivers/input/keyboard/gpio_keys.c
+index a047b9af8369..fa3a58620407 100644
+--- a/drivers/input/keyboard/gpio_keys.c
++++ b/drivers/input/keyboard/gpio_keys.c
+@@ -38,6 +38,7 @@ struct gpio_button_data {
+ 
+ 	unsigned short *code;
+ 
++	struct timer_list unsuspend_timer;
+ 	struct timer_list release_timer;
+ 	unsigned int release_delay;	/* in msecs, for IRQ-only buttons */
+ 
+@@ -371,6 +372,9 @@ static void gpio_keys_gpio_report_event(struct gpio_button_data *bdata)
+ 		return;
+ 	}
+ 
++	if (state && bdata->button->no_wakeup_events && bdata->suspended)
++		return;
++
+ 	if (type == EV_ABS) {
+ 		if (state)
+ 			input_event(input, type, button->code, button->value);
+@@ -400,6 +404,9 @@ static irqreturn_t gpio_keys_gpio_isr(int irq, void *dev_id)
+ 	if (bdata->button->wakeup) {
+ 		const struct gpio_keys_button *button = bdata->button;
+ 
++		if (bdata->button->no_wakeup_events && bdata->suspended)
++			return IRQ_HANDLED;
++
+ 		pm_stay_awake(bdata->input->dev.parent);
+ 		if (bdata->suspended  &&
+ 		    (button->type == 0 || button->type == EV_KEY)) {
+@@ -445,9 +452,13 @@ static irqreturn_t gpio_keys_irq_isr(int irq, void *dev_id)
+ 	spin_lock_irqsave(&bdata->lock, flags);
+ 
+ 	if (!bdata->key_pressed) {
+-		if (bdata->button->wakeup)
++		if (bdata->button->wakeup) {
+ 			pm_wakeup_event(bdata->input->dev.parent, 0);
+ 
++			if (bdata->button->no_wakeup_events && bdata->suspended)
++				goto out;
++		}
++
+ 		input_event(input, EV_KEY, *bdata->code, 1);
+ 		input_sync(input);
+ 
+@@ -468,6 +479,13 @@ static irqreturn_t gpio_keys_irq_isr(int irq, void *dev_id)
+ 	return IRQ_HANDLED;
+ }
+ 
++static void gpio_keys_unsuspend_timer(unsigned long _data)
++{
++	struct gpio_button_data *bdata = (struct gpio_button_data *)_data;
++
++	bdata->suspended = false;
++}
++
+ static void gpio_keys_quiesce_key(void *data)
+ {
+ 	struct gpio_button_data *bdata = data;
+@@ -476,6 +494,8 @@ static void gpio_keys_quiesce_key(void *data)
+ 		cancel_delayed_work_sync(&bdata->work);
+ 	else
+ 		del_timer_sync(&bdata->release_timer);
++
++	del_timer_sync(&bdata->unsuspend_timer);
+ }
+ 
+ static int gpio_keys_setup_key(struct platform_device *pdev,
+@@ -496,6 +516,8 @@ static int gpio_keys_setup_key(struct platform_device *pdev,
+ 	bdata->input = input;
+ 	bdata->button = button;
+ 	spin_lock_init(&bdata->lock);
++	setup_timer(&bdata->unsuspend_timer, gpio_keys_unsuspend_timer,
++		    (unsigned long)bdata);
+ 
+ 	if (child) {
+ 		bdata->gpiod = devm_fwnode_get_gpiod_from_child(dev, NULL,
+@@ -868,6 +890,7 @@ static int __maybe_unused gpio_keys_suspend(struct device *dev)
+ 			struct gpio_button_data *bdata = &ddata->data[i];
+ 			if (bdata->button->wakeup)
+ 				enable_irq_wake(bdata->irq);
++			del_timer_sync(&bdata->unsuspend_timer);
+ 			bdata->suspended = true;
+ 		}
+ 	} else {
+@@ -892,7 +915,13 @@ static int __maybe_unused gpio_keys_resume(struct device *dev)
+ 			struct gpio_button_data *bdata = &ddata->data[i];
+ 			if (bdata->button->wakeup)
+ 				disable_irq_wake(bdata->irq);
+-			bdata->suspended = false;
++			if (bdata->button->no_wakeup_events) {
++				mod_timer(&bdata->unsuspend_timer, jiffies +
++					  msecs_to_jiffies(
++						    bdata->software_debounce));
++			} else {
++				bdata->suspended = false;
++			}
+ 		}
+ 	} else {
+ 		mutex_lock(&input->mutex);
+diff --git a/include/linux/gpio_keys.h b/include/linux/gpio_keys.h
+index 0b71024c082c..d8a85e52b6bb 100644
+--- a/include/linux/gpio_keys.h
++++ b/include/linux/gpio_keys.h
+@@ -15,6 +15,8 @@ struct device;
+  * @debounce_interval:	debounce ticks interval in msecs
+  * @can_disable:	%true indicates that userspace is allowed to
+  *			disable button via sysfs
++ * @no_wakeup_events:	For wake-up source buttons only, if %true then no input
++ *			events will be generated if pressed while suspended
+  * @value:		axis value for %EV_ABS
+  * @irq:		Irq number in case of interrupt keys
+  */
+@@ -27,6 +29,7 @@ struct gpio_keys_button {
+ 	int wakeup;
+ 	int debounce_interval;
+ 	bool can_disable;
++	bool no_wakeup_events;
+ 	int value;
+ 	unsigned int irq;
+ };
+-- 
+2.13.4
+

0001-Make-get_cert_list-not-complain-about-cert-lists-tha.patch

@@ -0,0 +1,109 @@
+From 3ce5852ec6add45a28fe1706e9163351940e905c Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 2 Oct 2017 18:25:29 -0400
+Subject: [PATCH 1/3] Make get_cert_list() not complain about cert lists that
+ aren't present.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ certs/load_uefi.c | 37 ++++++++++++++++++++++---------------
+ 1 file changed, 22 insertions(+), 15 deletions(-)
+
+diff --git a/certs/load_uefi.c b/certs/load_uefi.c
+index 3d884598601..9ef34c44fd1 100644
+--- a/certs/load_uefi.c
++++ b/certs/load_uefi.c
+@@ -35,8 +35,8 @@ static __init bool uefi_check_ignore_db(void)
+ /*
+  * Get a certificate list blob from the named EFI variable.
+  */
+-static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+-				  unsigned long *size)
++static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
++				unsigned long *size, void **cert_list)
+ {
+ 	efi_status_t status;
+ 	unsigned long lsize = 4;
+@@ -44,26 +44,33 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+ 	void *db;
+ 
+ 	status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
++	if (status == EFI_NOT_FOUND) {
++		*size = 0;
++		*cert_list = NULL;
++		return 0;
++	}
++
+ 	if (status != EFI_BUFFER_TOO_SMALL) {
+ 		pr_err("Couldn't get size: 0x%lx\n", status);
+-		return NULL;
++		return efi_status_to_err(status);
+ 	}
+ 
+ 	db = kmalloc(lsize, GFP_KERNEL);
+ 	if (!db) {
+ 		pr_err("Couldn't allocate memory for uefi cert list\n");
+-		return NULL;
++		return -ENOMEM;
+ 	}
+ 
+ 	status = efi.get_variable(name, guid, NULL, &lsize, db);
+ 	if (status != EFI_SUCCESS) {
+ 		kfree(db);
+ 		pr_err("Error reading db var: 0x%lx\n", status);
+-		return NULL;
++		return efi_status_to_err(status);
+ 	}
+ 
+ 	*size = lsize;
+-	return db;
++	*cert_list = db;
++	return 0;
+ }
+ 
+ /*
+@@ -152,10 +159,10 @@ static int __init load_uefi_certs(void)
+ 	 * an error if we can't get them.
+ 	 */
+ 	if (!uefi_check_ignore_db()) {
+-		db = get_cert_list(L"db", &secure_var, &dbsize);
+-		if (!db) {
++		rc = get_cert_list(L"db", &secure_var, &dbsize, &db);
++		if (rc < 0) {
+ 			pr_err("MODSIGN: Couldn't get UEFI db list\n");
+-		} else {
++		} else if (dbsize != 0) {
+ 			rc = parse_efi_signature_list("UEFI:db",
+ 						      db, dbsize, get_handler_for_db);
+ 			if (rc)
+@@ -164,10 +171,10 @@ static int __init load_uefi_certs(void)
+ 		}
+ 	}
+ 
+-	mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
+-	if (!mok) {
++	rc = get_cert_list(L"MokListRT", &mok_var, &moksize, &mok);
++	if (rc < 0) {
+ 		pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
+-	} else {
++	} else if (moksize != 0) {
+ 		rc = parse_efi_signature_list("UEFI:MokListRT",
+ 					      mok, moksize, get_handler_for_db);
+ 		if (rc)
+@@ -175,10 +182,10 @@ static int __init load_uefi_certs(void)
+ 		kfree(mok);
+ 	}
+ 
+-	dbx = get_cert_list(L"dbx", &secure_var, &dbxsize);
+-	if (!dbx) {
++	rc = get_cert_list(L"dbx", &secure_var, &dbxsize, &dbx);
++	if (rc < 0) {
+ 		pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
+-	} else {
++	} else if (dbxsize != 0) {
+ 		rc = parse_efi_signature_list("UEFI:dbx",
+ 					      dbx, dbxsize,
+ 					      get_handler_for_dbx);
+-- 
+2.15.0
+

0001-platform-x86-dell-laptop-Filter-out-spurious-keyboar.patch

@@ -0,0 +1,99 @@
+From 714fe15daa07e7691c9731c88de71aa57f84b6c2 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Wed, 3 Jan 2018 11:13:54 +0100
+Subject: [PATCH] platform/x86: dell-laptop: Filter out spurious keyboard
+ backlight change events
+
+On some Dell XPS models WMI events of type 0x0000 reporting a keycode of
+0xe00c get reported when the brightness of the LCD panel changes.
+
+This leads to us reporting false-positive kbd_led change events to
+userspace which in turn leads to the kbd backlight OSD showing when it
+should not.
+
+We already read the current keyboard backlight brightness value when
+reporting events because the led_classdev_notify_brightness_hw_changed
+API requires this. Compare this value to the last known value and filter
+out duplicate events, fixing this.
+
+Note the fixed issue is esp. a problem on XPS models with an ambient light
+sensor and automatic brightness adjustments turned on, this causes the kbd
+backlight OSD to show all the time there.
+
+BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1514969
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ drivers/platform/x86/dell-laptop.c | 24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/platform/x86/dell-laptop.c b/drivers/platform/x86/dell-laptop.c
+index cd4725e7e0b5..2ef3297a9efc 100644
+--- a/drivers/platform/x86/dell-laptop.c
++++ b/drivers/platform/x86/dell-laptop.c
+@@ -1133,6 +1133,7 @@ static u8 kbd_previous_mode_bit;
+ 
+ static bool kbd_led_present;
+ static DEFINE_MUTEX(kbd_led_mutex);
++static enum led_brightness kbd_led_level;
+ 
+ /*
+  * NOTE: there are three ways to set the keyboard backlight level.
+@@ -1947,6 +1948,7 @@ static enum led_brightness kbd_led_level_get(struct led_classdev *led_cdev)
+ static int kbd_led_level_set(struct led_classdev *led_cdev,
+ 			     enum led_brightness value)
+ {
++	enum led_brightness new_value = value;
+ 	struct kbd_state state;
+ 	struct kbd_state new_state;
+ 	u16 num;
+@@ -1976,6 +1978,9 @@ static int kbd_led_level_set(struct led_classdev *led_cdev,
+ 	}
+ 
+ out:
++	if (ret == 0)
++		kbd_led_level = new_value;
++
+ 	mutex_unlock(&kbd_led_mutex);
+ 	return ret;
+ }
+@@ -2003,6 +2008,9 @@ static int __init kbd_led_init(struct device *dev)
+ 		if (kbd_led.max_brightness)
+ 			kbd_led.max_brightness--;
+ 	}
++
++	kbd_led_level = kbd_led_level_get(NULL);
++
+ 	ret = led_classdev_register(dev, &kbd_led);
+ 	if (ret)
+ 		kbd_led_present = false;
+@@ -2027,13 +2035,25 @@ static void kbd_led_exit(void)
+ static int dell_laptop_notifier_call(struct notifier_block *nb,
+ 				     unsigned long action, void *data)
+ {
++	bool changed = false;
++	enum led_brightness new_kbd_led_level;
++
+ 	switch (action) {
+ 	case DELL_LAPTOP_KBD_BACKLIGHT_BRIGHTNESS_CHANGED:
+ 		if (!kbd_led_present)
+ 			break;
+ 
+-		led_classdev_notify_brightness_hw_changed(&kbd_led,
+-						kbd_led_level_get(&kbd_led));
++		mutex_lock(&kbd_led_mutex);
++		new_kbd_led_level = kbd_led_level_get(&kbd_led);
++		if (kbd_led_level != new_kbd_led_level) {
++			kbd_led_level = new_kbd_led_level;
++			changed = true;
++		}
++		mutex_unlock(&kbd_led_mutex);
++
++		if (changed)
++			led_classdev_notify_brightness_hw_changed(&kbd_led,
++								kbd_led_level);
+ 		break;
+ 	}
+ 
+-- 
+2.14.3
+

0001-usb-usbtest-fix-NULL-pointer-dereference.patch

@@ -0,0 +1,41 @@
+From 7c80f9e4a588f1925b07134bb2e3689335f6c6d8 Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Fri, 29 Sep 2017 10:54:24 -0400
+Subject: [PATCH] usb: usbtest: fix NULL pointer dereference
+
+If the usbtest driver encounters a device with an IN bulk endpoint but
+no OUT bulk endpoint, it will try to dereference a NULL pointer
+(out->desc.bEndpointAddress).  The problem can be solved by adding a
+missing test.
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Reported-by: Andrey Konovalov <andreyknvl@google.com>
+Tested-by: Andrey Konovalov <andreyknvl@google.com>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+---
+ drivers/usb/misc/usbtest.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
+index 113e38bfe0ef..b3fc602b2e24 100644
+--- a/drivers/usb/misc/usbtest.c
++++ b/drivers/usb/misc/usbtest.c
+@@ -202,12 +202,13 @@ get_endpoints(struct usbtest_dev *dev, struct usb_interface *intf)
+ 			return tmp;
+ 	}
+
+-	if (in) {
++	if (in)
+ 		dev->in_pipe = usb_rcvbulkpipe(udev,
+ 			in->desc.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
++	if (out)
+ 		dev->out_pipe = usb_sndbulkpipe(udev,
+ 			out->desc.bEndpointAddress & USB_ENDPOINT_NUMBER_MASK);
+-	}
++
+ 	if (iso_in) {
+ 		dev->iso_in = &iso_in->desc;
+ 		dev->in_iso_pipe = usb_rcvisocpipe(udev,
+-- 
+2.13.6
+

0002-Add-efi_status_to_str-and-rework-efi_status_to_err.patch

@@ -0,0 +1,183 @@
+From c8218e9b3c38fcd36a2d06eec09952a0c6cee9e0 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 2 Oct 2017 18:22:13 -0400
+Subject: [PATCH 2/3] Add efi_status_to_str() and rework efi_status_to_err().
+
+This adds efi_status_to_str() for use when printing efi_status_t
+messages, and reworks efi_status_to_err() so that the two use a common
+list of errors.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ include/linux/efi.h        |   3 ++
+ drivers/firmware/efi/efi.c | 122 ++++++++++++++++++++++++++++++++++-----------
+ 2 files changed, 95 insertions(+), 30 deletions(-)
+
+diff --git a/include/linux/efi.h b/include/linux/efi.h
+index 18b16bf5ce1..436b3c93c3d 100644
+--- a/include/linux/efi.h
++++ b/include/linux/efi.h
+@@ -42,6 +42,8 @@
+ #define EFI_ABORTED		(21 | (1UL << (BITS_PER_LONG-1)))
+ #define EFI_SECURITY_VIOLATION	(26 | (1UL << (BITS_PER_LONG-1)))
+ 
++#define EFI_IS_ERROR(x)		((x) & (1UL << (BITS_PER_LONG-1)))
++
+ typedef unsigned long efi_status_t;
+ typedef u8 efi_bool_t;
+ typedef u16 efi_char16_t;		/* UNICODE character */
+@@ -1183,6 +1185,7 @@ static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {}
+ #endif
+ 
+ extern int efi_status_to_err(efi_status_t status);
++extern const char *efi_status_to_str(efi_status_t status);
+ 
+ /*
+  * Variable Attributes
+diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
+index 557a47829d0..e8f9c7d84e9 100644
+--- a/drivers/firmware/efi/efi.c
++++ b/drivers/firmware/efi/efi.c
+@@ -31,6 +31,7 @@
+ #include <linux/acpi.h>
+ #include <linux/ucs2_string.h>
+ #include <linux/memblock.h>
++#include <linux/bsearch.h>
+ 
+ #include <asm/early_ioremap.h>
+ 
+@@ -865,40 +866,101 @@ int efi_mem_type(unsigned long phys_addr)
+ }
+ #endif
+ 
++struct efi_error_code {
++	efi_status_t status;
++	int errno;
++	const char *description;
++};
++
++static const struct efi_error_code efi_error_codes[] = {
++	{ EFI_SUCCESS, 0, "Success"},
++#if 0
++	{ EFI_LOAD_ERROR, -EPICK_AN_ERRNO, "Load Error"},
++#endif
++	{ EFI_INVALID_PARAMETER, -EINVAL, "Invalid Parameter"},
++	{ EFI_UNSUPPORTED, -ENOSYS, "Unsupported"},
++	{ EFI_BAD_BUFFER_SIZE, -ENOSPC, "Bad Buffer Size"},
++	{ EFI_BUFFER_TOO_SMALL, -ENOSPC, "Buffer Too Small"},
++	{ EFI_NOT_READY, -EAGAIN, "Not Ready"},
++	{ EFI_DEVICE_ERROR, -EIO, "Device Error"},
++	{ EFI_WRITE_PROTECTED, -EROFS, "Write Protected"},
++	{ EFI_OUT_OF_RESOURCES, -ENOMEM, "Out of Resources"},
++#if 0
++	{ EFI_VOLUME_CORRUPTED, -EPICK_AN_ERRNO, "Volume Corrupt"},
++	{ EFI_VOLUME_FULL, -EPICK_AN_ERRNO, "Volume Full"},
++	{ EFI_NO_MEDIA, -EPICK_AN_ERRNO, "No Media"},
++	{ EFI_MEDIA_CHANGED, -EPICK_AN_ERRNO, "Media changed"},
++#endif
++	{ EFI_NOT_FOUND, -ENOENT, "Not Found"},
++#if 0
++	{ EFI_ACCESS_DENIED, -EPICK_AN_ERRNO, "Access Denied"},
++	{ EFI_NO_RESPONSE, -EPICK_AN_ERRNO, "No Response"},
++	{ EFI_NO_MAPPING, -EPICK_AN_ERRNO, "No mapping"},
++	{ EFI_TIMEOUT, -EPICK_AN_ERRNO, "Time out"},
++	{ EFI_NOT_STARTED, -EPICK_AN_ERRNO, "Not started"},
++	{ EFI_ALREADY_STARTED, -EPICK_AN_ERRNO, "Already started"},
++#endif
++	{ EFI_ABORTED, -EINTR, "Aborted"},
++#if 0
++	{ EFI_ICMP_ERROR, -EPICK_AN_ERRNO, "ICMP Error"},
++	{ EFI_TFTP_ERROR, -EPICK_AN_ERRNO, "TFTP Error"},
++	{ EFI_PROTOCOL_ERROR, -EPICK_AN_ERRNO, "Protocol Error"},
++	{ EFI_INCOMPATIBLE_VERSION, -EPICK_AN_ERRNO, "Incompatible Version"},
++#endif
++	{ EFI_SECURITY_VIOLATION, -EACCES, "Security Policy Violation"},
++#if 0
++	{ EFI_CRC_ERROR, -EPICK_AN_ERRNO, "CRC Error"},
++	{ EFI_END_OF_MEDIA, -EPICK_AN_ERRNO, "End of Media"},
++	{ EFI_END_OF_FILE, -EPICK_AN_ERRNO, "End of File"},
++	{ EFI_INVALID_LANGUAGE, -EPICK_AN_ERRNO, "Invalid Languages"},
++	{ EFI_COMPROMISED_DATA, -EPICK_AN_ERRNO, "Compromised Data"},
++
++	// warnings
++	{ EFI_WARN_UNKOWN_GLYPH, -EPICK_AN_ERRNO, "Warning Unknown Glyph"},
++	{ EFI_WARN_DELETE_FAILURE, -EPICK_AN_ERRNO, "Warning Delete Failure"},
++	{ EFI_WARN_WRITE_FAILURE, -EPICK_AN_ERRNO, "Warning Write Failure"},
++	{ EFI_WARN_BUFFER_TOO_SMALL, -EPICK_AN_ERRNO, "Warning Buffer Too Small"},
++#endif
++};
++
++static int
++efi_status_cmp_bsearch(const void *key, const void *item)
++{
++	u64 status = (u64)(uintptr_t)key;
++	struct efi_error_code *code = (struct efi_error_code *)item;
++
++	if (status < code->status)
++		return -1;
++	if (status > code->status)
++		return 1;
++	return 0;
++}
++
+ int efi_status_to_err(efi_status_t status)
+ {
+-	int err;
++	struct efi_error_code *found;
++	size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code);
+ 
+-	switch (status) {
+-	case EFI_SUCCESS:
+-		err = 0;
+-		break;
+-	case EFI_INVALID_PARAMETER:
+-		err = -EINVAL;
+-		break;
+-	case EFI_OUT_OF_RESOURCES:
+-		err = -ENOSPC;
+-		break;
+-	case EFI_DEVICE_ERROR:
+-		err = -EIO;
+-		break;
+-	case EFI_WRITE_PROTECTED:
+-		err = -EROFS;
+-		break;
+-	case EFI_SECURITY_VIOLATION:
+-		err = -EACCES;
+-		break;
+-	case EFI_NOT_FOUND:
+-		err = -ENOENT;
+-		break;
+-	case EFI_ABORTED:
+-		err = -EINTR;
+-		break;
+-	default:
+-		err = -EINVAL;
+-	}
++	found = bsearch((void *)(uintptr_t)status, efi_error_codes,
++			sizeof(struct efi_error_code), num,
++			efi_status_cmp_bsearch);
++	if (!found)
++		return -EINVAL;
++	return found->errno;
++}
+ 
+-	return err;
++const char *
++efi_status_to_str(efi_status_t status)
++{
++	struct efi_error_code *found;
++	size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code);
++
++	found = bsearch((void *)(uintptr_t)status, efi_error_codes,
++			sizeof(struct efi_error_code), num,
++			efi_status_cmp_bsearch);
++	if (!found)
++		return "Unknown error code";
++	return found->description;
+ }
+ 
+ bool efi_is_table_address(unsigned long phys_addr)
+-- 
+2.15.0
+

0002-Input-soc_button_array-Suppress-power-button-presses.patch

@@ -0,0 +1,62 @@
+From d561f0543506bc12e7b3355efddb0bfd7ca83c74 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Sat, 22 Jul 2017 13:17:36 +0200
+Subject: [PATCH 2/2] Input: soc_button_array - Suppress power button presses
+ during suspend
+
+If the power-button is pressed to wakeup the laptop/tablet from suspend
+and we report a KEY_POWER event to userspace when woken up this will cause
+userspace to immediately suspend the system again which is undesirable.
+
+This commit sets the new no_wakeup_events flag in the gpio_keys_button
+struct for the power-button suppressing the undesirable KEY_POWER input
+events on wake-up.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+Changes in v2:
+-New patch in v2 of this patch-set
+---
+ drivers/input/misc/soc_button_array.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/input/misc/soc_button_array.c b/drivers/input/misc/soc_button_array.c
+index f600f3a7a3c6..27b99831cb97 100644
+--- a/drivers/input/misc/soc_button_array.c
++++ b/drivers/input/misc/soc_button_array.c
+@@ -27,6 +27,7 @@ struct soc_button_info {
+ 	unsigned int event_code;
+ 	bool autorepeat;
+ 	bool wakeup;
++	bool no_wakeup_events;
+ };
+ 
+ /*
+@@ -100,6 +101,7 @@ soc_button_device_create(struct platform_device *pdev,
+ 		gpio_keys[n_buttons].active_low = 1;
+ 		gpio_keys[n_buttons].desc = info->name;
+ 		gpio_keys[n_buttons].wakeup = info->wakeup;
++		gpio_keys[n_buttons].no_wakeup_events = info->no_wakeup_events;
+ 		/* These devices often use cheap buttons, use 50 ms debounce */
+ 		gpio_keys[n_buttons].debounce_interval = 50;
+ 		n_buttons++;
+@@ -185,6 +187,7 @@ static int soc_button_parse_btn_desc(struct device *dev,
+ 		info->name = "power";
+ 		info->event_code = KEY_POWER;
+ 		info->wakeup = true;
++		info->no_wakeup_events = true;
+ 	} else if (upage == 0x07 && usage == 0xe3) {
+ 		info->name = "home";
+ 		info->event_code = KEY_LEFTMETA;
+@@ -369,7 +372,7 @@ static int soc_button_probe(struct platform_device *pdev)
+  * Platforms"
+  */
+ static struct soc_button_info soc_button_PNP0C40[] = {
+-	{ "power", 0, EV_KEY, KEY_POWER, false, true },
++	{ "power", 0, EV_KEY, KEY_POWER, false, true, true },
+ 	{ "home", 1, EV_KEY, KEY_LEFTMETA, false, true },
+ 	{ "volume_up", 2, EV_KEY, KEY_VOLUMEUP, true, false },
+ 	{ "volume_down", 3, EV_KEY, KEY_VOLUMEDOWN, true, false },
+-- 
+2.13.4
+

0003-Make-get_cert_list-use-efi_status_to_str-to-print-er.patch

@@ -0,0 +1,38 @@
+From 520e902d864930e2d4f329983d9ae9781a24231f Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Mon, 2 Oct 2017 18:18:30 -0400
+Subject: [PATCH 3/3] Make get_cert_list() use efi_status_to_str() to print
+ error messages.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ certs/load_uefi.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/certs/load_uefi.c b/certs/load_uefi.c
+index 9ef34c44fd1..13a2826715d 100644
+--- a/certs/load_uefi.c
++++ b/certs/load_uefi.c
+@@ -51,7 +51,8 @@ static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+ 	}
+ 
+ 	if (status != EFI_BUFFER_TOO_SMALL) {
+-		pr_err("Couldn't get size: 0x%lx\n", status);
++		pr_err("Couldn't get size: %s (0x%lx)\n",
++		       efi_status_to_str(status), status);
+ 		return efi_status_to_err(status);
+ 	}
+ 
+@@ -64,7 +65,8 @@ static __init int get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+ 	status = efi.get_variable(name, guid, NULL, &lsize, db);
+ 	if (status != EFI_SUCCESS) {
+ 		kfree(db);
+-		pr_err("Error reading db var: 0x%lx\n", status);
++		pr_err("Error reading db var: %s (0x%lx)\n",
++		       efi_status_to_str(status), status);
+ 		return efi_status_to_err(status);
+ 	}
+ 
+-- 
+2.15.0
+

0010-Input-silead-Add-support-for-capactive-home-button-f.patch

@@ -0,0 +1,114 @@
+From 33fc16fd8aa3684e19b1d1f0a712593e2e570ab1 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Sun, 11 Jun 2017 21:24:50 +0200
+Subject: [PATCH 10/16] Input: silead: Add support for capactive home button
+ found on some x86 tablets
+
+On some x86 tablets with a silead touchscreen the windows logo on the
+front is a capacitive home button. Touching this button results in a touch
+with bits 12-15 of the Y coordinates set, while normally only the lower 12
+are used.
+
+Detect this and report a KEY_LEFTMETA press when this happens. Note for
+now we only respond to the Y coordinate bits 12-15 containing 0x01, on some
+tablets *without* a capacative button I've noticed these bits containing
+0x04 when crossing the edges of the screen.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+---
+ drivers/input/touchscreen/silead.c | 45 ++++++++++++++++++++++++++++----------
+ 1 file changed, 34 insertions(+), 11 deletions(-)
+
+diff --git a/drivers/input/touchscreen/silead.c b/drivers/input/touchscreen/silead.c
+index 0dbcf105f7db..c0ba40c09699 100644
+--- a/drivers/input/touchscreen/silead.c
++++ b/drivers/input/touchscreen/silead.c
+@@ -56,7 +56,7 @@
+ #define SILEAD_POINT_Y_MSB_OFF	0x01
+ #define SILEAD_POINT_X_OFF	0x02
+ #define SILEAD_POINT_X_MSB_OFF	0x03
+-#define SILEAD_TOUCH_ID_MASK	0xF0
++#define SILEAD_EXTRA_DATA_MASK	0xF0
+ 
+ #define SILEAD_CMD_SLEEP_MIN	10000
+ #define SILEAD_CMD_SLEEP_MAX	20000
+@@ -109,6 +109,8 @@ static int silead_ts_request_input_dev(struct silead_ts_data *data)
+ 			    INPUT_MT_DIRECT | INPUT_MT_DROP_UNUSED |
+ 			    INPUT_MT_TRACK);
+ 
++	input_set_capability(data->input, EV_KEY, KEY_LEFTMETA);
++
+ 	data->input->name = SILEAD_TS_NAME;
+ 	data->input->phys = "input/ts";
+ 	data->input->id.bustype = BUS_I2C;
+@@ -139,7 +141,8 @@ static void silead_ts_read_data(struct i2c_client *client)
+ 	struct input_dev *input = data->input;
+ 	struct device *dev = &client->dev;
+ 	u8 *bufp, buf[SILEAD_TS_DATA_LEN];
+-	int touch_nr, error, i;
++	int touch_nr, softbutton, error, i;
++	bool softbutton_pressed = false;
+ 
+ 	error = i2c_smbus_read_i2c_block_data(client, SILEAD_REG_DATA,
+ 					      SILEAD_TS_DATA_LEN, buf);
+@@ -148,21 +151,40 @@ static void silead_ts_read_data(struct i2c_client *client)
+ 		return;
+ 	}
+ 
+-	touch_nr = buf[0];
+-	if (touch_nr > data->max_fingers) {
++	if (buf[0] > data->max_fingers) {
+ 		dev_warn(dev, "More touches reported then supported %d > %d\n",
+-			 touch_nr, data->max_fingers);
+-		touch_nr = data->max_fingers;
++			 buf[0], data->max_fingers);
++		buf[0] = data->max_fingers;
+ 	}
+ 
++	touch_nr = 0;
+ 	bufp = buf + SILEAD_POINT_DATA_LEN;
+-	for (i = 0; i < touch_nr; i++, bufp += SILEAD_POINT_DATA_LEN) {
+-		/* Bits 4-7 are the touch id */
+-		data->id[i] = (bufp[SILEAD_POINT_X_MSB_OFF] &
+-			       SILEAD_TOUCH_ID_MASK) >> 4;
+-		touchscreen_set_mt_pos(&data->pos[i], &data->prop,
++	for (i = 0; i < buf[0]; i++, bufp += SILEAD_POINT_DATA_LEN) {
++		softbutton = (bufp[SILEAD_POINT_Y_MSB_OFF] &
++			      SILEAD_EXTRA_DATA_MASK) >> 4;
++
++		if (softbutton) {
++			/*
++			 * For now only respond to softbutton == 0x01, some
++			 * tablets *without* a capacative button send 0x04
++			 * when crossing the edges of the screen.
++			 */
++			if (softbutton == 0x01)
++				softbutton_pressed = true;
++
++			continue;
++		}
++
++		/*
++		 * Bits 4-7 are the touch id, note not all models have
++		 * hardware touch ids so atm we don't use these.
++		 */
++		data->id[touch_nr] = (bufp[SILEAD_POINT_X_MSB_OFF] &
++				      SILEAD_EXTRA_DATA_MASK) >> 4;
++		touchscreen_set_mt_pos(&data->pos[touch_nr], &data->prop,
+ 			get_unaligned_le16(&bufp[SILEAD_POINT_X_OFF]) & 0xfff,
+ 			get_unaligned_le16(&bufp[SILEAD_POINT_Y_OFF]) & 0xfff);
++		touch_nr++;
+ 	}
+ 
+ 	input_mt_assign_slots(input, data->slots, data->pos, touch_nr, 0);
+@@ -178,6 +200,7 @@ static void silead_ts_read_data(struct i2c_client *client)
+ 	}
+ 
+ 	input_mt_sync_frame(input);
++	input_report_key(input, KEY_LEFTMETA, softbutton_pressed);
+ 	input_sync(input);
+ }
+ 
+-- 
+2.13.0
+

Add-EFI-signature-data-types.patch

@@ -1,37 +1,36 @@
-From ba3f737b8521314b62edaa7d4cc4bdc9aeefe394 Mon Sep 17 00:00:00 2001
+From 0451d4e795929a69a0fda6d960aa4b077c5bd179 Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
-Date: Tue, 23 Oct 2012 09:30:54 -0400
-Subject: [PATCH 15/20] Add EFI signature data types
+Date: Fri, 5 May 2017 08:21:58 +0100
+Subject: [PATCH 1/4] efi: Add EFI signature data types
 
-Add the data types that are used for containing hashes, keys and certificates
-for cryptographic verification.
-
-Bugzilla: N/A
-Upstream-status: Fedora mustard for now
+Add the data types that are used for containing hashes, keys and
+certificates for cryptographic verification along with their corresponding
+type GUIDs.
 
 Signed-off-by: David Howells <dhowells@redhat.com>
 ---
- include/linux/efi.h | 17 +++++++++++++++++
- 1 file changed, 17 insertions(+)
+ include/linux/efi.h | 25 +++++++++++++++++++++++++
+ 1 file changed, 25 insertions(+)
 
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 5af91b58afae..190858d62fe3 100644
+index ec36f42..3259ad6 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -603,6 +603,9 @@ void efi_native_runtime_setup(void);
- #define LINUX_EFI_LOADER_ENTRY_GUID		EFI_GUID(0x4a67b082, 0x0a4c, 0x41cf,  0xb6, 0xc7, 0x44, 0x0b, 0x29, 0xbb, 0x8c, 0x4f)
- #define LINUX_EFI_RANDOM_SEED_TABLE_GUID	EFI_GUID(0x1ce1e5bc, 0x7ceb, 0x42f2,  0x81, 0xe5, 0x8a, 0xad, 0xf1, 0x80, 0xf5, 0x7b)
- 
-+#define EFI_CERT_SHA256_GUID			EFI_GUID(0xc1c41626, 0x504c, 0x4092,  0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28)
-+#define EFI_CERT_X509_GUID			EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7,  0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72)
+@@ -614,6 +614,10 @@ void efi_native_runtime_setup(void);
+ #define EFI_IMAGE_SECURITY_DATABASE_GUID	EFI_GUID(0xd719b2cb, 0x3d3a, 0x4596,  0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f)
+ #define EFI_SHIM_LOCK_GUID			EFI_GUID(0x605dab50, 0xe046, 0x4300,  0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23)
+
++#define EFI_CERT_SHA256_GUID			EFI_GUID(0xc1c41626, 0x504c, 0x4092, 0xac, 0xa9, 0x41, 0xf9, 0x36, 0x93, 0x43, 0x28)
++#define EFI_CERT_X509_GUID			EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72)
++#define EFI_CERT_X509_SHA256_GUID		EFI_GUID(0x3bd2a492, 0x96c0, 0x4079, 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed)
 +
- typedef struct {
- 	efi_guid_t guid;
- 	u64 table;
-@@ -853,6 +856,20 @@ typedef struct {
+ /*
+  * This GUID is used to pass to the kernel proper the struct screen_info
+  * structure that was populated by the stub based on the GOP protocol instance
+@@ -873,6 +877,27 @@ typedef struct {
  	efi_memory_desc_t entry[0];
  } efi_memory_attributes_table_t;
- 
+
 +typedef struct  {
 +	efi_guid_t signature_owner;
 +	u8 signature_data[];
@@ -45,6 +44,13 @@ index 5af91b58afae..190858d62fe3 100644
 +	u8 signature_header[];
 +	/* efi_signature_data_t signatures[][] */
 +} efi_signature_list_t;
++
++typedef u8 efi_sha256_hash_t[32];
++
++typedef struct {
++	efi_sha256_hash_t to_be_signed_hash;
++	efi_time_t time_of_revocation;
++} efi_cert_x509_sha256_t;
 +
  /*
   * All runtime access to EFI goes through this structure:

Add-an-EFI-signature-blob-parser-and-key-loader.patch

@@ -1,29 +1,38 @@
-From 822b4b3eb76ca451a416a51f0a7bfedfa5c5ea39 Mon Sep 17 00:00:00 2001
+From e4c62c12635a371e43bd17e8d33a936668264491 Mon Sep 17 00:00:00 2001
 From: Dave Howells <dhowells@redhat.com>
-Date: Tue, 23 Oct 2012 09:36:28 -0400
-Subject: [PATCH 16/20] Add an EFI signature blob parser and key loader.
+Date: Fri, 5 May 2017 08:21:58 +0100
+Subject: [PATCH 2/4] efi: Add an EFI signature blob parser
 
-X.509 certificates are loaded into the specified keyring as asymmetric type
-keys.
+Add a function to parse an EFI signature blob looking for elements of
+interest.  A list is made up of a series of sublists, where all the
+elements in a sublist are of the same type, but sublists can be of
+different types.
+
+For each sublist encountered, the function pointed to by the
+get_handler_for_guid argument is called with the type specifier GUID and
+returns either a pointer to a function to handle elements of that type or
+NULL if the type is not of interest.
+
+If the sublist is of interest, each element is passed to the handler
+function in turn.
 
-[labbott@fedoraproject.org: Drop KEY_ALLOC_TRUSTED]
 Signed-off-by: David Howells <dhowells@redhat.com>
 ---
- crypto/asymmetric_keys/Kconfig      |   8 +++
- crypto/asymmetric_keys/Makefile     |   1 +
- crypto/asymmetric_keys/efi_parser.c | 108 ++++++++++++++++++++++++++++++++++++
- include/linux/efi.h                 |   4 ++
- 4 files changed, 121 insertions(+)
- create mode 100644 crypto/asymmetric_keys/efi_parser.c
+ certs/Kconfig       |   8 ++++
+ certs/Makefile      |   1 +
+ certs/efi_parser.c  | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ include/linux/efi.h |   9 +++++
+ 4 files changed, 130 insertions(+)
+ create mode 100644 certs/efi_parser.c
+
+diff --git a/certs/Kconfig b/certs/Kconfig
+index 6ce51ed..630ae09 100644
+--- a/certs/Kconfig
++++ b/certs/Kconfig
+@@ -82,4 +82,12 @@ config SYSTEM_BLACKLIST_HASH_LIST
+ 	  wrapper to incorporate the list into the kernel.  Each <hash> should
+ 	  be a string of hex digits.
 
-diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
-index 331f6baf2df8..5f9002d3192e 100644
---- a/crypto/asymmetric_keys/Kconfig
-+++ b/crypto/asymmetric_keys/Kconfig
-@@ -61,4 +61,12 @@ config SIGNED_PE_FILE_VERIFICATION
- 	  This option provides support for verifying the signature(s) on a
- 	  signed PE binary.
- 
 +config EFI_SIGNATURE_LIST_PARSER
 +	bool "EFI signature list parser"
 +	depends on EFI
@@ -32,28 +41,28 @@ index 331f6baf2df8..5f9002d3192e 100644
 +	  This option provides support for parsing EFI signature lists for
 +	  X.509 certificates and turning them into keys.
 +
- endif # ASYMMETRIC_KEY_TYPE
-diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
-index 6516855bec18..c099fe15ed6d 100644
---- a/crypto/asymmetric_keys/Makefile
-+++ b/crypto/asymmetric_keys/Makefile
-@@ -10,6 +10,7 @@ asymmetric_keys-y := \
- 	signature.o
- 
- obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
+ endmenu
+diff --git a/certs/Makefile b/certs/Makefile
+index 4119bb3..738151a 100644
+--- a/certs/Makefile
++++ b/certs/Makefile
+@@ -9,6 +9,7 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o
+ else
+ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
+ endif
 +obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
- 
- #
- # X.509 Certificate handling
-diff --git a/crypto/asymmetric_keys/efi_parser.c b/crypto/asymmetric_keys/efi_parser.c
+
+ ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
+
+diff --git a/certs/efi_parser.c b/certs/efi_parser.c
 new file mode 100644
-index 000000000000..636feb18b733
+index 0000000..4e396f9
 --- /dev/null
-+++ b/crypto/asymmetric_keys/efi_parser.c
-@@ -0,0 +1,108 @@
++++ b/certs/efi_parser.c
+@@ -0,0 +1,112 @@
 +/* EFI signature/key/certificate list parser
 + *
-+ * Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
++ * Copyright (C) 2012, 2016 Red Hat, Inc. All Rights Reserved.
 + * Written by David Howells (dhowells@redhat.com)
 + *
 + * This program is free software; you can redistribute it and/or
@@ -67,27 +76,44 @@ index 000000000000..636feb18b733
 +#include <linux/printk.h>
 +#include <linux/err.h>
 +#include <linux/efi.h>
-+#include <keys/asymmetric-type.h>
-+
-+static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
 +
 +/**
 + * parse_efi_signature_list - Parse an EFI signature list for certificates
++ * @source: The source of the key
 + * @data: The data blob to parse
 + * @size: The size of the data blob
-+ * @keyring: The keyring to add extracted keys to
++ * @get_handler_for_guid: Get the handler func for the sig type (or NULL)
++ *
++ * Parse an EFI signature list looking for elements of interest.  A list is
++ * made up of a series of sublists, where all the elements in a sublist are of
++ * the same type, but sublists can be of different types.
++ *
++ * For each sublist encountered, the @get_handler_for_guid function is called
++ * with the type specifier GUID and returns either a pointer to a function to
++ * handle elements of that type or NULL if the type is not of interest.
++ *
++ * If the sublist is of interest, each element is passed to the handler
++ * function in turn.
++ *
++ * Error EBADMSG is returned if the list doesn't parse correctly and 0 is
++ * returned if the list was parsed correctly.  No error can be returned from
++ * the @get_handler_for_guid function or the element handler function it
++ * returns.
 + */
-+int __init parse_efi_signature_list(const void *data, size_t size, struct key *keyring)
++int __init parse_efi_signature_list(
++	const char *source,
++	const void *data, size_t size,
++	efi_element_handler_t (*get_handler_for_guid)(const efi_guid_t *))
 +{
++	efi_element_handler_t handler;
 +	unsigned offs = 0;
-+	size_t lsize, esize, hsize, elsize;
 +
 +	pr_devel("-->%s(,%zu)\n", __func__, size);
 +
 +	while (size > 0) {
-+		efi_signature_list_t list;
 +		const efi_signature_data_t *elem;
-+		key_ref_t key;
++		efi_signature_list_t list;
++		size_t lsize, esize, hsize, elsize;
 +
 +		if (size < sizeof(list))
 +			return -EBADMSG;
@@ -108,6 +134,7 @@ index 000000000000..636feb18b733
 +				 __func__, offs);
 +			return -EBADMSG;
 +		}
++
 +		if (lsize < sizeof(list) ||
 +		    lsize - sizeof(list) < hsize ||
 +		    esize < sizeof(*elem) ||
@@ -117,7 +144,8 @@ index 000000000000..636feb18b733
 +			return -EBADMSG;
 +		}
 +
-+		if (efi_guidcmp(list.signature_type, efi_cert_x509_guid) != 0) {
++		handler = get_handler_for_guid(&list.signature_type);
++		if (!handler) {
 +			data += lsize;
 +			size -= lsize;
 +			offs += lsize;
@@ -132,24 +160,9 @@ index 000000000000..636feb18b733
 +			elem = data;
 +
 +			pr_devel("ELEM[%04x]\n", offs);
-+
-+			key = key_create_or_update(
-+				make_key_ref(keyring, 1),
-+				"asymmetric",
-+				NULL,
++			handler(source,
 +				&elem->signature_data,
-+				esize - sizeof(*elem),
-+				(KEY_POS_ALL & ~KEY_POS_SETATTR) |
-+				KEY_USR_VIEW,
-+				KEY_ALLOC_NOT_IN_QUOTA);
-+
-+			if (IS_ERR(key))
-+				pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
-+				       PTR_ERR(key));
-+			else
-+				pr_notice("Loaded cert '%s' linked to '%s'\n",
-+					  key_ref_to_ptr(key)->description,
-+					  keyring->description);
++				esize - sizeof(*elem));
 +
 +			data += esize;
 +			size -= esize;
@@ -160,16 +173,21 @@ index 000000000000..636feb18b733
 +	return 0;
 +}
 diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 190858d62fe3..668aa1244885 100644
+index 3259ad6..08024c6 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -1025,6 +1025,10 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
+@@ -1055,6 +1055,15 @@ extern int efi_memattr_apply_permissions(struct mm_struct *mm,
  char * __init efi_md_typeattr_format(char *buf, size_t size,
  				     const efi_memory_desc_t *md);
- 
-+struct key;
-+extern int __init parse_efi_signature_list(const void *data, size_t size,
-+					   struct key *keyring);
+
++
++typedef void (*efi_element_handler_t)(const char *source,
++				      const void *element_data,
++				      size_t element_size);
++extern int __init parse_efi_signature_list(
++	const char *source,
++	const void *data, size_t size,
++	efi_element_handler_t (*get_handler_for_guid)(const efi_guid_t *));
 +
  /**
   * efi_range_is_wc - check the WC bit on an address range

CVE-2017-7477.patch

@@ -1,73 +0,0 @@
-From 4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Fri, 21 Apr 2017 23:14:48 +0200
-Subject: macsec: avoid heap overflow in skb_to_sgvec
-
-While this may appear as a humdrum one line change, it's actually quite
-important. An sk_buff stores data in three places:
-
-1. A linear chunk of allocated memory in skb->data. This is the easiest
-   one to work with, but it precludes using scatterdata since the memory
-   must be linear.
-2. The array skb_shinfo(skb)->frags, which is of maximum length
-   MAX_SKB_FRAGS. This is nice for scattergather, since these fragments
-   can point to different pages.
-3. skb_shinfo(skb)->frag_list, which is a pointer to another sk_buff,
-   which in turn can have data in either (1) or (2).
-
-The first two are rather easy to deal with, since they're of a fixed
-maximum length, while the third one is not, since there can be
-potentially limitless chains of fragments. Fortunately dealing with
-frag_list is opt-in for drivers, so drivers don't actually have to deal
-with this mess. For whatever reason, macsec decided it wanted pain, and
-so it explicitly specified NETIF_F_FRAGLIST.
-
-Because dealing with (1), (2), and (3) is insane, most users of sk_buff
-doing any sort of crypto or paging operation calls a convenient function
-called skb_to_sgvec (which happens to be recursive if (3) is in use!).
-This takes a sk_buff as input, and writes into its output pointer an
-array of scattergather list items. Sometimes people like to declare a
-fixed size scattergather list on the stack; othertimes people like to
-allocate a fixed size scattergather list on the heap. However, if you're
-doing it in a fixed-size fashion, you really shouldn't be using
-NETIF_F_FRAGLIST too (unless you're also ensuring the sk_buff and its
-frag_list children arent't shared and then you check the number of
-fragments in total required.)
-
-Macsec specifically does this:
-
-        size += sizeof(struct scatterlist) * (MAX_SKB_FRAGS + 1);
-        tmp = kmalloc(size, GFP_ATOMIC);
-        *sg = (struct scatterlist *)(tmp + sg_offset);
-	...
-        sg_init_table(sg, MAX_SKB_FRAGS + 1);
-        skb_to_sgvec(skb, sg, 0, skb->len);
-
-Specifying MAX_SKB_FRAGS + 1 is the right answer usually, but not if you're
-using NETIF_F_FRAGLIST, in which case the call to skb_to_sgvec will
-overflow the heap, and disaster ensues.
-
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-Cc: stable@vger.kernel.org
-Cc: security@kernel.org
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
- drivers/net/macsec.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
-index ff0a5ed..dbab05a 100644
---- a/drivers/net/macsec.c
-+++ b/drivers/net/macsec.c
-@@ -2716,7 +2716,7 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb,
- }
- 
- #define MACSEC_FEATURES \
--	(NETIF_F_SG | NETIF_F_HIGHDMA | NETIF_F_FRAGLIST)
-+	(NETIF_F_SG | NETIF_F_HIGHDMA)
- static struct lock_class_key macsec_netdev_addr_lock_key;
- 
- static int macsec_dev_init(struct net_device *dev)
--- 
-cgit v1.1
-

Fix-for-module-sig-verification.patch

@@ -0,0 +1,24 @@
+From ea6e7d9d0fe3e448aef19b3943d4897ae0bef128 Mon Sep 17 00:00:00 2001
+From: Fedora Kernel Team <kernel-team@fedoraproject.org>
+Date: Thu, 3 Aug 2017 13:46:51 -0500
+Subject: [PATCH] Fix for module sig verification
+
+---
+ kernel/module_signing.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel/module_signing.c b/kernel/module_signing.c
+index 937c844..d3d6f95 100644
+--- a/kernel/module_signing.c
++++ b/kernel/module_signing.c
+@@ -81,6 +81,6 @@ int mod_verify_sig(const void *mod, unsigned long *_modlen)
+ 	}
+
+ 	return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
+-				      NULL, VERIFYING_MODULE_SIGNATURE,
++				      (void *)1UL, VERIFYING_MODULE_SIGNATURE,
+ 				      NULL, NULL);
+ }
+-- 
+2.13.3
+

HID-rmi-Check-that-a-device-is-a-RMI-device-before-c.patch

@@ -0,0 +1,54 @@
+From ef14a4bf0910d06c7e202552914028d4956809cb Mon Sep 17 00:00:00 2001
+From: Andrew Duggan <aduggan@synaptics.com>
+Date: Tue, 17 Oct 2017 18:37:36 -0700
+Subject: [PATCH] HID: rmi: Check that a device is a RMI device before calling
+ RMI functions
+
+The hid-rmi driver may handle non rmi devices on composite USB devices.
+Callbacks need to make sure that the current device is a RMI device before
+calling RMI specific functions. Most callbacks already have this check, but
+this patch adds checks to the remaining callbacks.
+
+Reported-by: Hendrik Langer <hendrik.langer@gmx.de>
+Tested-by: Hendrik Langer <hendrik.langer@gmx.de>
+Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Signed-off-by: Andrew Duggan <aduggan@synaptics.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+---
+ drivers/hid/hid-rmi.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c
+index ef241d66562e..0f43c4292685 100644
+--- a/drivers/hid/hid-rmi.c
++++ b/drivers/hid/hid-rmi.c
+@@ -368,6 +368,11 @@ static int rmi_check_sanity(struct hid_device *hdev, u8 *data, int size)
+ static int rmi_raw_event(struct hid_device *hdev,
+ 		struct hid_report *report, u8 *data, int size)
+ {
++	struct rmi_data *hdata = hid_get_drvdata(hdev);
++
++	if (!(hdata->device_flags & RMI_DEVICE))
++		return 0;
++
+ 	size = rmi_check_sanity(hdev, data, size);
+ 	if (size < 2)
+ 		return 0;
+@@ -713,9 +718,11 @@ static void rmi_remove(struct hid_device *hdev)
+ {
+ 	struct rmi_data *hdata = hid_get_drvdata(hdev);
+ 
+-	clear_bit(RMI_STARTED, &hdata->flags);
+-	cancel_work_sync(&hdata->reset_work);
+-	rmi_unregister_transport_device(&hdata->xport);
++	if (hdata->device_flags & RMI_DEVICE) {
++		clear_bit(RMI_STARTED, &hdata->flags);
++		cancel_work_sync(&hdata->reset_work);
++		rmi_unregister_transport_device(&hdata->xport);
++	}
+ 
+ 	hid_hw_stop(hdev);
+ }
+-- 
+2.14.3
+

KEYS-Add-a-system-blacklist-keyring.patch

@@ -1,102 +0,0 @@
-From 2a54526850121cd0d7cf649a321488b4dab5731d Mon Sep 17 00:00:00 2001
-From: Josh Boyer <jwboyer@fedoraproject.org>
-Date: Fri, 26 Oct 2012 12:36:24 -0400
-Subject: [PATCH 17/20] KEYS: Add a system blacklist keyring
-
-This adds an additional keyring that is used to store certificates that
-are blacklisted.  This keyring is searched first when loading signed modules
-and if the module's certificate is found, it will refuse to load.  This is
-useful in cases where third party certificates are used for module signing.
-
-Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
----
- certs/system_keyring.c        | 22 ++++++++++++++++++++++
- include/keys/system_keyring.h |  4 ++++
- init/Kconfig                  |  9 +++++++++
- 3 files changed, 35 insertions(+)
-
-diff --git a/certs/system_keyring.c b/certs/system_keyring.c
-index 50979d6dcecd..787eeead2f57 100644
---- a/certs/system_keyring.c
-+++ b/certs/system_keyring.c
-@@ -22,6 +22,9 @@ static struct key *builtin_trusted_keys;
- #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
- static struct key *secondary_trusted_keys;
- #endif
-+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
-+struct key *system_blacklist_keyring;
-+#endif
- 
- extern __initconst const u8 system_certificate_list[];
- extern __initconst const unsigned long system_certificate_list_size;
-@@ -99,6 +102,16 @@ static __init int system_trusted_keyring_init(void)
- 	if (key_link(secondary_trusted_keys, builtin_trusted_keys) < 0)
- 		panic("Can't link trusted keyrings\n");
- #endif
-+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
-+	system_blacklist_keyring = keyring_alloc(".system_blacklist_keyring",
-+			KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
-+			((KEY_POS_ALL & ~KEY_POS_SETATTR) |
-+			 KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
-+			KEY_ALLOC_NOT_IN_QUOTA,
-+			NULL, NULL);
-+	if (IS_ERR(system_blacklist_keyring))
-+		panic("Can't allocate system blacklist keyring\n");
-+#endif
- 
- 	return 0;
- }
-@@ -214,6 +227,15 @@ int verify_pkcs7_signature(const void *data, size_t len,
- 		trusted_keys = builtin_trusted_keys;
- #endif
- 	}
-+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
-+	ret = pkcs7_validate_trust(pkcs7, system_blacklist_keyring);
-+	if (!ret) {
-+		/* module is signed with a cert in the blacklist.  reject */
-+		pr_err("Module key is in the blacklist\n");
-+		ret = -EKEYREJECTED;
-+		goto error;
-+	}
-+#endif
- 	ret = pkcs7_validate_trust(pkcs7, trusted_keys);
- 	if (ret < 0) {
- 		if (ret == -ENOKEY)
-diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
-index fbd4647767e9..5bc291a3d261 100644
---- a/include/keys/system_keyring.h
-+++ b/include/keys/system_keyring.h
-@@ -33,6 +33,10 @@ extern int restrict_link_by_builtin_and_secondary_trusted(
- #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted
- #endif
- 
-+#ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
-+extern struct key *system_blacklist_keyring;
-+#endif
-+
- #ifdef CONFIG_IMA_BLACKLIST_KEYRING
- extern struct key *ima_blacklist_keyring;
- 
-diff --git a/init/Kconfig b/init/Kconfig
-index 34407f15e6d3..461ad575a608 100644
---- a/init/Kconfig
-+++ b/init/Kconfig
-@@ -1859,6 +1859,15 @@ config SYSTEM_DATA_VERIFICATION
- 	  module verification, kexec image verification and firmware blob
- 	  verification.
- 
-+config SYSTEM_BLACKLIST_KEYRING
-+	bool "Provide system-wide ring of blacklisted keys"
-+	depends on KEYS
-+	help
-+	  Provide a system keyring to which blacklisted keys can be added.
-+	  Keys in the keyring are considered entirely untrusted.  Keys in this
-+	  keyring are used by the module signature checking to reject loading
-+	  of modules signed with a blacklisted key.
-+
- config PROFILING
- 	bool "Profiling support"
- 	help
--- 
-2.9.3
-

KEYS-Allow-unrestricted-boot-time-addition-of-keys-t.patch

@@ -0,0 +1,95 @@
+From fb2ac204a70da565de9ef9a9d6d69a40c2d59727 Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Fri, 5 May 2017 08:21:56 +0100
+Subject: [PATCH] KEYS: Allow unrestricted boot-time addition of keys to
+ secondary keyring
+
+Allow keys to be added to the system secondary certificates keyring during
+kernel initialisation in an unrestricted fashion.  Such keys are implicitly
+trusted and don't have their trust chains checked on link.
+
+This allows keys in the UEFI database to be added in secure boot mode for
+the purposes of module signing.
+
+Signed-off-by: David Howells <dhowells@redhat.com>
+---
+ certs/internal.h       | 18 ++++++++++++++++++
+ certs/system_keyring.c | 33 +++++++++++++++++++++++++++++++++
+ 2 files changed, 51 insertions(+)
+ create mode 100644 certs/internal.h
+
+diff --git a/certs/internal.h b/certs/internal.h
+new file mode 100644
+index 0000000..5dcbefb
+--- /dev/null
++++ b/certs/internal.h
+@@ -0,0 +1,18 @@
++/* Internal definitions
++ *
++ * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
++ * Written by David Howells (dhowells@redhat.com)
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public Licence
++ * as published by the Free Software Foundation; either version
++ * 2 of the Licence, or (at your option) any later version.
++ */
++
++/*
++ * system_keyring.c
++ */
++#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
++extern void __init add_trusted_secondary_key(const char *source,
++					     const void *data, size_t len);
++#endif
+diff --git a/certs/system_keyring.c b/certs/system_keyring.c
+index 6251d1b..5ac8ba6 100644
+--- a/certs/system_keyring.c
++++ b/certs/system_keyring.c
+@@ -18,6 +18,7 @@
+ #include <keys/asymmetric-type.h>
+ #include <keys/system_keyring.h>
+ #include <crypto/pkcs7.h>
++#include "internal.h"
+
+ static struct key *builtin_trusted_keys;
+ #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
+@@ -265,3 +266,35 @@ int verify_pkcs7_signature(const void *data, size_t len,
+ EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
+
+ #endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
++
++#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
++/**
++ * add_trusted_secondary_key - Add to secondary keyring with no validation
++ * @source: Source of key
++ * @data: The blob holding the key
++ * @len: The length of the data blob
++ *
++ * Add a key to the secondary keyring without checking its trust chain.  This
++ * is available only during kernel initialisation.
++ */
++void __init add_trusted_secondary_key(const char *source,
++				      const void *data, size_t len)
++{
++	key_ref_t key;
++
++	key = key_create_or_update(make_key_ref(secondary_trusted_keys, 1),
++				   "asymmetric",
++				   NULL, data, len,
++				   (KEY_POS_ALL & ~KEY_POS_SETATTR) |
++				   KEY_USR_VIEW,
++				   KEY_ALLOC_NOT_IN_QUOTA |
++				   KEY_ALLOC_BYPASS_RESTRICTION);
++
++	if (IS_ERR(key))
++		pr_err("Problem loading %s X.509 certificate (%ld)\n",
++		       source, PTR_ERR(key));
++	else
++		pr_notice("Loaded %s cert '%s' linked to secondary sys keyring\n",
++			  source, key_ref_to_ptr(key)->description);
++}
++#endif /* CONFIG_SECONDARY_TRUSTED_KEYRING */
+-- 
+2.9.3
+

MODSIGN-Don-t-try-secure-boot-if-EFI-runtime-is-disa.patch

@@ -1,32 +0,0 @@
-From 71db1b222ecdf6cb4356f6f1e2bd45cd2f0e85e1 Mon Sep 17 00:00:00 2001
-From: Laura Abbott <labbott@redhat.com>
-Date: Tue, 18 Oct 2016 13:58:44 -0700
-Subject: [PATCH] MODSIGN: Don't try secure boot if EFI runtime is disabled
-
-Secure boot depends on having EFI runtime variable access. The code
-does not handle a lack of runtime variables gracefully. Add a check
-to just bail out of EFI runtime is disabled.
-
-Signed-off-by: Laura Abbott <labbott@redhat.com>
----
- kernel/modsign_uefi.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
-index a41da14..2bdaf76 100644
---- a/kernel/modsign_uefi.c
-+++ b/kernel/modsign_uefi.c
-@@ -71,6 +71,10 @@ static int __init load_uefi_certs(void)
- 	if (!efi_enabled(EFI_SECURE_BOOT))
- 		return 0;
- 
-+	/* Things blow up if efi runtime is disabled */
-+	if (efi_runtime_disabled())
-+		return 0;
-+
- 	keyring = get_system_keyring();
- 	if (!keyring) {
- 		pr_err("MODSIGN: Couldn't get system keyring\n");
--- 
-2.7.4
-

MODSIGN-Import-certificates-from-UEFI-Secure-Boot.patch

@@ -1,7 +1,7 @@
-From 8a4535bcfe24d317be675e53cdc8c61d22fdc7f3 Mon Sep 17 00:00:00 2001
+From 90dc66270b02981b19a085c6a9184e3452b7b3e8 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
-Date: Fri, 26 Oct 2012 12:42:16 -0400
-Subject: [PATCH 18/20] MODSIGN: Import certificates from UEFI Secure Boot
+Date: Fri, 5 May 2017 08:21:59 +0100
+Subject: [PATCH 3/4] MODSIGN: Import certificates from UEFI Secure Boot
 
 Secure Boot stores a list of allowed certificates in the 'db' variable.
 This imports those certificates into the system trusted keyring.  This
@@ -11,104 +11,68 @@ variable, a user can allow a module signed with that certificate to
 load.  The shim UEFI bootloader has a similar certificate list stored
 in the 'MokListRT' variable.  We import those as well.
 
-In the opposite case, Secure Boot maintains a list of disallowed
-certificates in the 'dbx' variable.  We load those certificates into
-the newly introduced system blacklist keyring and forbid any module
-signed with those from loading.
+Secure Boot also maintains a list of disallowed certificates in the 'dbx'
+variable.  We load those certificates into the newly introduced system
+blacklist keyring and forbid any module signed with those from loading and
+forbid the use within the kernel of any key with a matching hash.
+
+This facility is enabled by setting CONFIG_LOAD_UEFI_KEYS.
 
 Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
+Signed-off-by: David Howells <dhowells@redhat.com>
 ---
- certs/system_keyring.c        | 13 ++++++
- include/keys/system_keyring.h |  1 +
- init/Kconfig                  |  9 ++++
- kernel/Makefile               |  3 ++
- kernel/modsign_uefi.c         | 99 +++++++++++++++++++++++++++++++++++++++++++
- 5 files changed, 125 insertions(+)
- create mode 100644 kernel/modsign_uefi.c
+ certs/Kconfig     |  16 ++++++
+ certs/Makefile    |   4 ++
+ certs/load_uefi.c | 168 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 188 insertions(+)
+ create mode 100644 certs/load_uefi.c
 
-diff --git a/certs/system_keyring.c b/certs/system_keyring.c
-index 787eeead2f57..4d9123ed5c07 100644
---- a/certs/system_keyring.c
-+++ b/certs/system_keyring.c
-@@ -30,6 +30,19 @@ extern __initconst const u8 system_certificate_list[];
- extern __initconst const unsigned long system_certificate_list_size;
- 
- /**
-+ * get_system_keyring - Return a pointer to the system keyring
-+ *
-+ */
-+struct key *get_system_keyring(void)
-+{
-+	struct key *system_keyring = NULL;
-+
-+	system_keyring = builtin_trusted_keys;
-+	return system_keyring;
-+}
-+EXPORT_SYMBOL_GPL(get_system_keyring);
-+
-+/**
-  * restrict_link_to_builtin_trusted - Restrict keyring addition by built in CA
-  *
-  * Restrict the addition of keys into a keyring based on the key-to-be-added
-diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
-index 5bc291a3d261..56ff5715ab67 100644
---- a/include/keys/system_keyring.h
-+++ b/include/keys/system_keyring.h
-@@ -36,6 +36,7 @@ extern int restrict_link_by_builtin_and_secondary_trusted(
- #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING
- extern struct key *system_blacklist_keyring;
- #endif
-+extern struct key *get_system_keyring(void);
- 
- #ifdef CONFIG_IMA_BLACKLIST_KEYRING
- extern struct key *ima_blacklist_keyring;
-diff --git a/init/Kconfig b/init/Kconfig
-index 461ad575a608..93646fd7b1c8 100644
---- a/init/Kconfig
-+++ b/init/Kconfig
-@@ -2009,6 +2009,15 @@ config MODULE_SIG_ALL
- comment "Do not forget to sign required modules with scripts/sign-file"
- 	depends on MODULE_SIG_FORCE && !MODULE_SIG_ALL
- 
-+config MODULE_SIG_UEFI
-+	bool "Allow modules signed with certs stored in UEFI"
-+	depends on MODULE_SIG && SYSTEM_BLACKLIST_KEYRING && EFI
-+	select EFI_SIGNATURE_LIST_PARSER
+diff --git a/certs/Kconfig b/certs/Kconfig
+index 630ae09..edf9f75 100644
+--- a/certs/Kconfig
++++ b/certs/Kconfig
+@@ -90,4 +90,20 @@ config EFI_SIGNATURE_LIST_PARSER
+ 	  This option provides support for parsing EFI signature lists for
+ 	  X.509 certificates and turning them into keys.
+
++config LOAD_UEFI_KEYS
++	bool "Load certs and blacklist from UEFI db for module checking"
++	depends on SYSTEM_BLACKLIST_KEYRING
++	depends on SECONDARY_TRUSTED_KEYRING
++	depends on EFI
++	depends on EFI_SIGNATURE_LIST_PARSER
 +	help
-+	  This will import certificates stored in UEFI and allow modules
-+	  signed with those to be loaded.  It will also disallow loading
-+	  of modules stored in the UEFI dbx variable.
++	  If the kernel is booted in secure boot mode, this option will cause
++	  the kernel to load the certificates from the UEFI db and MokListRT
++	  into the secondary trusted keyring.  It will also load any X.509
++	  SHA256 hashes in the dbx list into the blacklist.
 +
- choice
- 	prompt "Which hash algorithm should modules be signed with?"
- 	depends on MODULE_SIG
-diff --git a/kernel/Makefile b/kernel/Makefile
-index eb26e12c6c2a..e0c2268cb97e 100644
---- a/kernel/Makefile
-+++ b/kernel/Makefile
-@@ -57,6 +57,7 @@ endif
- obj-$(CONFIG_UID16) += uid16.o
- obj-$(CONFIG_MODULES) += module.o
- obj-$(CONFIG_MODULE_SIG) += module_signing.o
-+obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o
- obj-$(CONFIG_KALLSYMS) += kallsyms.o
- obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
- obj-$(CONFIG_KEXEC_CORE) += kexec_core.o
-@@ -113,6 +114,8 @@ obj-$(CONFIG_MEMBARRIER) += membarrier.o
- 
- obj-$(CONFIG_HAS_IOMEM) += memremap.o
- 
-+$(obj)/modsign_uefi.o: KBUILD_CFLAGS += -fshort-wchar
++	  The effect of this is that, if the kernel is booted in secure boot
++	  mode, modules signed with UEFI-stored keys will be permitted to be
++	  loaded and keys that match the blacklist will be rejected.
 +
- $(obj)/configs.o: $(obj)/config_data.h
- 
- targets += config_data.gz
-diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
+ endmenu
+diff --git a/certs/Makefile b/certs/Makefile
+index 738151a..a5e057a 100644
+--- a/certs/Makefile
++++ b/certs/Makefile
+@@ -11,6 +11,10 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o
+ endif
+ obj-$(CONFIG_EFI_SIGNATURE_LIST_PARSER) += efi_parser.o
+
++obj-$(CONFIG_LOAD_UEFI_KEYS) += load_uefi.o
++$(obj)/load_uefi.o: KBUILD_CFLAGS += -fshort-wchar
++
++
+ ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y)
+
+ $(eval $(call config_filename,SYSTEM_TRUSTED_KEYS))
+diff --git a/certs/load_uefi.c b/certs/load_uefi.c
 new file mode 100644
-index 000000000000..fe4a6f2bf10a
+index 0000000..b44e464
 --- /dev/null
-+++ b/kernel/modsign_uefi.c
-@@ -0,0 +1,99 @@
++++ b/certs/load_uefi.c
+@@ -0,0 +1,168 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/cred.h>
@@ -117,14 +81,22 @@ index 000000000000..fe4a6f2bf10a
 +#include <linux/slab.h>
 +#include <keys/asymmetric-type.h>
 +#include <keys/system_keyring.h>
-+#include "module-internal.h"
++#include "internal.h"
 +
-+static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
++static __initdata efi_guid_t efi_cert_x509_guid = EFI_CERT_X509_GUID;
++static __initdata efi_guid_t efi_cert_x509_sha256_guid = EFI_CERT_X509_SHA256_GUID;
++static __initdata efi_guid_t efi_cert_sha256_guid = EFI_CERT_SHA256_GUID;
++
++/*
++ * Get a certificate list blob from the named EFI variable.
++ */
++static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
++				  unsigned long *size)
 +{
 +	efi_status_t status;
 +	unsigned long lsize = 4;
 +	unsigned long tmpdb[4];
-+	void *db = NULL;
++	void *db;
 +
 +	status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb);
 +	if (status != EFI_BUFFER_TOO_SMALL) {
@@ -135,23 +107,89 @@ index 000000000000..fe4a6f2bf10a
 +	db = kmalloc(lsize, GFP_KERNEL);
 +	if (!db) {
 +		pr_err("Couldn't allocate memory for uefi cert list\n");
-+		goto out;
++		return NULL;
 +	}
 +
 +	status = efi.get_variable(name, guid, NULL, &lsize, db);
 +	if (status != EFI_SUCCESS) {
 +		kfree(db);
-+		db = NULL;
 +		pr_err("Error reading db var: 0x%lx\n", status);
++		return NULL;
 +	}
-+out:
++
 +	*size = lsize;
 +	return db;
 +}
 +
 +/*
-+ *  * Load the certs contained in the UEFI databases
-+ *   */
++ * Blacklist an X509 TBS hash.
++ */
++static __init void uefi_blacklist_x509_tbs(const char *source,
++					   const void *data, size_t len)
++{
++	char *hash, *p;
++
++	hash = kmalloc(4 + len * 2 + 1, GFP_KERNEL);
++	if (!hash)
++		return;
++	p = memcpy(hash, "tbs:", 4);
++	p += 4;
++	bin2hex(p, data, len);
++	p += len * 2;
++	*p = 0;
++
++	mark_hash_blacklisted(hash);
++	kfree(hash);
++}
++
++/*
++ * Blacklist the hash of an executable.
++ */
++static __init void uefi_blacklist_binary(const char *source,
++					 const void *data, size_t len)
++{
++	char *hash, *p;
++
++	hash = kmalloc(4 + len * 2 + 1, GFP_KERNEL);
++	if (!hash)
++		return;
++	p = memcpy(hash, "bin:", 4);
++	p += 4;
++	bin2hex(p, data, len);
++	p += len * 2;
++	*p = 0;
++
++	mark_hash_blacklisted(hash);
++	kfree(hash);
++}
++
++/*
++ * Return the appropriate handler for particular signature list types found in
++ * the UEFI db and MokListRT tables.
++ */
++static __init efi_element_handler_t get_handler_for_db(const efi_guid_t *sig_type)
++{
++	if (efi_guidcmp(*sig_type, efi_cert_x509_guid) == 0)
++		return add_trusted_secondary_key;
++	return 0;
++}
++
++/*
++ * Return the appropriate handler for particular signature list types found in
++ * the UEFI dbx and MokListXRT tables.
++ */
++static __init efi_element_handler_t get_handler_for_dbx(const efi_guid_t *sig_type)
++{
++	if (efi_guidcmp(*sig_type, efi_cert_x509_sha256_guid) == 0)
++		return uefi_blacklist_x509_tbs;
++	if (efi_guidcmp(*sig_type, efi_cert_sha256_guid) == 0)
++		return uefi_blacklist_binary;
++	return 0;
++}
++
++/*
++ * Load the certs contained in the UEFI databases
++ */
 +static int __init load_uefi_certs(void)
 +{
 +	efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID;
@@ -159,17 +197,9 @@ index 000000000000..fe4a6f2bf10a
 +	void *db = NULL, *dbx = NULL, *mok = NULL;
 +	unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
 +	int rc = 0;
-+	struct key *keyring = NULL;
 +
-+	/* Check if SB is enabled and just return if not */
-+	if (!efi_enabled(EFI_SECURE_BOOT))
-+		return 0;
-+
-+	keyring = get_system_keyring();
-+	if (!keyring) {
-+		pr_err("MODSIGN: Couldn't get system keyring\n");
-+		return -EINVAL;
-+	}
++	if (!efi.get_variable)
++		return false;
 +
 +	/* Get db, MokListRT, and dbx.  They might not exist, so it isn't
 +	 * an error if we can't get them.
@@ -178,7 +208,8 @@ index 000000000000..fe4a6f2bf10a
 +	if (!db) {
 +		pr_err("MODSIGN: Couldn't get UEFI db list\n");
 +	} else {
-+		rc = parse_efi_signature_list(db, dbsize, keyring);
++		rc = parse_efi_signature_list("UEFI:db",
++					      db, dbsize, get_handler_for_db);
 +		if (rc)
 +			pr_err("Couldn't parse db signatures: %d\n", rc);
 +		kfree(db);
@@ -188,7 +219,8 @@ index 000000000000..fe4a6f2bf10a
 +	if (!mok) {
 +		pr_info("MODSIGN: Couldn't get UEFI MokListRT\n");
 +	} else {
-+		rc = parse_efi_signature_list(mok, moksize, keyring);
++		rc = parse_efi_signature_list("UEFI:MokListRT",
++					      mok, moksize, get_handler_for_db);
 +		if (rc)
 +			pr_err("Couldn't parse MokListRT signatures: %d\n", rc);
 +		kfree(mok);
@@ -198,8 +230,9 @@ index 000000000000..fe4a6f2bf10a
 +	if (!dbx) {
 +		pr_info("MODSIGN: Couldn't get UEFI dbx list\n");
 +	} else {
-+		rc = parse_efi_signature_list(dbx, dbxsize,
-+			system_blacklist_keyring);
++		rc = parse_efi_signature_list("UEFI:dbx",
++					      dbx, dbxsize,
++					      get_handler_for_dbx);
 +		if (rc)
 +			pr_err("Couldn't parse dbx signatures: %d\n", rc);
 +		kfree(dbx);

MODSIGN-Support-not-importing-certs-from-db.patch

@@ -1,62 +1,62 @@
-From 9d2e5c61d5adcf7911f67ed44a1b0ff881f175bb Mon Sep 17 00:00:00 2001
+From 9f1958a0cc911e1f79b2733ee5029dbd819ff328 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@fedoraproject.org>
-Date: Thu, 3 Oct 2013 10:14:23 -0400
-Subject: [PATCH 19/20] MODSIGN: Support not importing certs from db
+Date: Fri, 5 May 2017 08:21:59 +0100
+Subject: [PATCH 4/4] MODSIGN: Allow the "db" UEFI variable to be suppressed
 
 If a user tells shim to not use the certs/hashes in the UEFI db variable
-for verification purposes, shim will set a UEFI variable called MokIgnoreDB.
-Have the uefi import code look for this and not import things from the db
-variable.
+for verification purposes, shim will set a UEFI variable called
+MokIgnoreDB.  Have the uefi import code look for this and ignore the db
+variable if it is found.
 
 Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
+Signed-off-by: David Howells <dhowells@redhat.com>
 ---
- kernel/modsign_uefi.c | 40 +++++++++++++++++++++++++++++++---------
- 1 file changed, 31 insertions(+), 9 deletions(-)
+ certs/load_uefi.c | 44 ++++++++++++++++++++++++++++++++++----------
+ 1 file changed, 34 insertions(+), 10 deletions(-)
 
-diff --git a/kernel/modsign_uefi.c b/kernel/modsign_uefi.c
-index fe4a6f2bf10a..a41da14b1ffd 100644
---- a/kernel/modsign_uefi.c
-+++ b/kernel/modsign_uefi.c
-@@ -8,6 +8,23 @@
- #include <keys/system_keyring.h>
- #include "module-internal.h"
- 
-+static __init int check_ignore_db(void)
+diff --git a/certs/load_uefi.c b/certs/load_uefi.c
+index b44e464..3d88459 100644
+--- a/certs/load_uefi.c
++++ b/certs/load_uefi.c
+@@ -13,6 +13,26 @@ static __initdata efi_guid_t efi_cert_x509_sha256_guid = EFI_CERT_X509_SHA256_GU
+ static __initdata efi_guid_t efi_cert_sha256_guid = EFI_CERT_SHA256_GUID;
+
+ /*
++ * Look to see if a UEFI variable called MokIgnoreDB exists and return true if
++ * it does.
++ *
++ * This UEFI variable is set by the shim if a user tells the shim to not use
++ * the certs/hashes in the UEFI db variable for verification purposes.  If it
++ * is set, we should ignore the db variable also and the true return indicates
++ * this.
++ */
++static __init bool uefi_check_ignore_db(void)
 +{
 +	efi_status_t status;
 +	unsigned int db = 0;
 +	unsigned long size = sizeof(db);
 +	efi_guid_t guid = EFI_SHIM_LOCK_GUID;
 +
-+	/* Check and see if the MokIgnoreDB variable exists.  If that fails
-+	 * then we don't ignore DB.  If it succeeds, we do.
-+	 */
 +	status = efi.get_variable(L"MokIgnoreDB", &guid, NULL, &size, &db);
-+	if (status != EFI_SUCCESS)
-+		return 0;
-+
-+	return 1;
++	return status == EFI_SUCCESS;
 +}
 +
- static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, unsigned long *size)
++/*
+  * Get a certificate list blob from the named EFI variable.
+  */
+ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
+@@ -113,7 +133,9 @@ static __init efi_element_handler_t get_handler_for_dbx(const efi_guid_t *sig_ty
+ }
+
+ /*
+- * Load the certs contained in the UEFI databases
++ * Load the certs contained in the UEFI databases into the secondary trusted
++ * keyring and the UEFI blacklisted X.509 cert SHA256 hashes into the blacklist
++ * keyring.
+  */
+ static int __init load_uefi_certs(void)
  {
- 	efi_status_t status;
-@@ -47,7 +64,7 @@ static int __init load_uefi_certs(void)
- 	efi_guid_t mok_var = EFI_SHIM_LOCK_GUID;
- 	void *db = NULL, *dbx = NULL, *mok = NULL;
- 	unsigned long dbsize = 0, dbxsize = 0, moksize = 0;
--	int rc = 0;
-+	int ignore_db, rc = 0;
- 	struct key *keyring = NULL;
- 
- 	/* Check if SB is enabled and just return if not */
-@@ -60,17 +77,22 @@ static int __init load_uefi_certs(void)
- 		return -EINVAL;
- 	}
- 
-+	/* See if the user has setup Ignore DB mode */
-+	ignore_db = check_ignore_db();
-+
+@@ -129,15 +151,17 @@ static int __init load_uefi_certs(void)
  	/* Get db, MokListRT, and dbx.  They might not exist, so it isn't
  	 * an error if we can't get them.
  	 */
@@ -64,22 +64,24 @@ index fe4a6f2bf10a..a41da14b1ffd 100644
 -	if (!db) {
 -		pr_err("MODSIGN: Couldn't get UEFI db list\n");
 -	} else {
--		rc = parse_efi_signature_list(db, dbsize, keyring);
+-		rc = parse_efi_signature_list("UEFI:db",
+-					      db, dbsize, get_handler_for_db);
 -		if (rc)
 -			pr_err("Couldn't parse db signatures: %d\n", rc);
 -		kfree(db);
-+	if (!ignore_db) {
++	if (!uefi_check_ignore_db()) {
 +		db = get_cert_list(L"db", &secure_var, &dbsize);
 +		if (!db) {
 +			pr_err("MODSIGN: Couldn't get UEFI db list\n");
 +		} else {
-+			rc = parse_efi_signature_list(db, dbsize, keyring);
++			rc = parse_efi_signature_list("UEFI:db",
++						      db, dbsize, get_handler_for_db);
 +			if (rc)
 +				pr_err("Couldn't parse db signatures: %d\n", rc);
 +			kfree(db);
 +		}
  	}
- 
+
  	mok = get_cert_list(L"MokListRT", &mok_var, &moksize);
 -- 
 2.9.3

PCI-aspm-deal-with-missing-root-ports-in-link-state-handling.patch

@@ -0,0 +1,55 @@
+From patchwork Mon Oct  2 14:08:40 2017
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: PCI: aspm: deal with missing root ports in link state handling
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+X-Patchwork-Id: 9980861
+Message-Id: <20171002140840.7767-1-ard.biesheuvel@linaro.org>
+To: linux-pci@vger.kernel.org, bhelgaas@google.com
+Cc: graeme.gregory@linaro.org, leif.lindholm@linaro.org,
+ daniel.thompson@Linaro.org, Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Mon,  2 Oct 2017 15:08:40 +0100
+
+Even though it is unconventional, some PCIe host implementations omit
+the root ports entirely, and simply consist of a host bridge (which
+is not modeled as a device in the PCI hierarchy) and a link.
+
+When the downstream device is an endpoint, our current code does not
+seem to mind this unusual configuration. However, when PCIe switches
+are involved, the ASPM code assumes that any downstream switch port
+has a parent, and blindly derefences the bus->parent->self field of
+the pci_dev struct to chain the downstream link state to the link
+state of the root port. Given that the root port is missing, the link
+is not modeled at all, and nor is the link state, and attempting to
+access it results in a NULL pointer dereference and a crash.
+
+So let's avoid this by allowing the link state chain to terminate at
+the downstream port if no root port exists.
+
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+---
+ drivers/pci/pcie/aspm.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
+index 1dfa10cc566b..0bea8498b5a5 100644
+--- a/drivers/pci/pcie/aspm.c
++++ b/drivers/pci/pcie/aspm.c
+@@ -802,10 +802,14 @@ static struct pcie_link_state *alloc_pcie_link_state(struct pci_dev *pdev)
+ 
+ 	/*
+ 	 * Root Ports and PCI/PCI-X to PCIe Bridges are roots of PCIe
+-	 * hierarchies.
++	 * hierarchies.  Note that some PCIe host implementations omit
++	 * the root ports entirely, in which case a downstream port on
++	 * a switch may become the root of the link state chain for all
++	 * its subordinate endpoints.
+ 	 */
+ 	if (pci_pcie_type(pdev) == PCI_EXP_TYPE_ROOT_PORT ||
+-	    pci_pcie_type(pdev) == PCI_EXP_TYPE_PCIE_BRIDGE) {
++	    pci_pcie_type(pdev) == PCI_EXP_TYPE_PCIE_BRIDGE ||
++	    !pdev->bus->parent->self) {
+ 		link->root = link;
+ 	} else {
+ 		struct pcie_link_state *parent;

README.txt

@@ -31,29 +31,30 @@ by make verrel
 config heirarchy.
 -----------------
 Instead of having to maintain a config file for every arch variant we build on,
-the kernel spec uses a nested system of configs. Each option CONFIG_FOO is
-represented by a single file named CONFIG_FOO which contains the state (=y, =m,
-=n). These options are collected in the folder baseconfig. Architecture specifi
-options are set in nested folders. An option set in a nested folder will
-override the same option set in one of the higher levels.
+the kernel spec uses a nested system of configs.  At the top level, is
+config-generic. Add options here that should be present in every possible
+config on all architectures.
 
-The individual CONFIG_FOO files only exist in the pkg-git repository. The RPM
-contains kernel-foo.config files which are the result of combining all the
-CONFIG_FOO files. The files are combined by running build_configs.sh. This
-script _must_ be run each time one of the options is changed.
+Beneath this are per-arch overrides. For example config-x86-generic add
+additional x86 specific options, and also _override_ any options that were
+set in config-generic.
 
-Example flow:
+The heirarchy looks like this..
 
-# Enable the option CONFIG_ABC123 as a module for all arches
-echo "CONFIG_ABC123=m" > baseconfig/CONFIG_ABC1234
-# enable the option CONFIG_XYZ321 for only x86
-echo "# CONFIG_XYZ321 is not set" > baseconfig/CONFIG_XYZ321
-echo "CONFIG_XYZ321=m" > baseconfig/x86/CONFIG_XYZ321
-# regenerate the combined config files
-./build_configs.sh
+                           config-generic
+                                 |
+                         config-x86-generic
+                         |                |
+             config-x86-32-generic   config-x86-64-generic
+
+An option set in a lower level will override the same option set in one
+of the higher levels.
+
+
+There exist two additional overrides, config-debug, and config-nodebug,
+which override -generic, and the per-arch overrides. It is documented
+further below.
 
-The file config_generation gives a listing of what folders go into each
-config file generated.
 
 debug options.
 --------------
@@ -68,11 +69,14 @@ typically been run already, which sets up the following..
 If we are building for rawhide, 'make debug' has been run, which changes
 the status quo to:
 - We only build one kernel 'kernel'
-- The debug options are always turned on.
+- The debug options from 'config-debug' are always turned on.
 This is done to increase coverage testing, as not many people actually
 run kernel-debug.
 
-The debug options are managed in a separate heierarchy under debugconfig. This
-works in a similar manner to baseconfig. More deeply nested folders, again,
-override options. The file config_generation gives a listing of what folders
-go into each config file generated.
+To add new debug options, add an option to _both_ config-debug and config-nodebug,
+and also new stanzas to the Makefile 'debug' and 'release' targets.
+
+Sometimes debug options get added to config-generic, or per-arch overrides
+instead of config-[no]debug. In this instance, the options should have no
+discernable performance impact, otherwise they belong in the debug files.
+

arm-exynos-fix-usb3.patch

@@ -0,0 +1,411 @@
+From patchwork Mon Oct  9 12:00:50 2017
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: [PATCHv4,1/2] drivers: phy: add calibrate method
+From: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
+X-Patchwork-Id: 9992829
+Message-Id: <1507550451-21324-2-git-send-email-andrzej.p@samsung.com>
+To: linux-samsung-soc@vger.kernel.org, linux-usb@vger.kernel.org,
+ linux-arm-kernel@lists.infradead.org, devicetree@vger.kernel.org
+Cc: Mark Rutland <mark.rutland@arm.com>, Felipe Balbi <balbi@kernel.org>,
+ Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>,
+ Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
+ Russell King <linux@armlinux.org.uk>,
+ Krzysztof Kozlowski <krzk@kernel.org>, 
+ Kishon Vijay Abraham I <kishon@ti.com>,
+ Rob Herring <robh+dt@kernel.org>, Kukjin Kim <kgene@kernel.org>,
+ Andrzej Pietrasiewicz <andrzej.p@samsung.com>, 
+ Marek Szyprowski <m.szyprowski@samsung.com>
+Date: Mon, 09 Oct 2017 14:00:50 +0200
+
+Some quirky UDCs (like dwc3 on Exynos) need to have their phys calibrated e.g.
+for using super speed. This patch adds a new phy_calibrate() method.
+When the calibration should be used is dependent on actual chip.
+
+In case of dwc3 on Exynos the calibration must happen after usb_add_hcd()
+(while in host mode), because certain phy parameters like Tx LOS levels
+and boost levels need to be calibrated further post initialization of xHCI
+controller, to get SuperSpeed operations working. But an hcd must be
+prepared first in order to pass it to usb_add_hcd(), so, in particular, dwc3
+registers must be available first, and in order for the latter to happen
+the phys must be initialized. This poses a chicken and egg problem if
+the calibration were to be performed in phy_init(). To break the circular
+dependency a separate method is added which can be called at a desired
+moment after phy intialization.
+
+Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
+---
+ drivers/phy/phy-core.c  | 15 +++++++++++++++
+ include/linux/phy/phy.h | 10 ++++++++++
+ 2 files changed, 25 insertions(+)
+
+diff --git a/drivers/phy/phy-core.c b/drivers/phy/phy-core.c
+index a268f4d..b4964b0 100644
+--- a/drivers/phy/phy-core.c
++++ b/drivers/phy/phy-core.c
+@@ -372,6 +372,21 @@ int phy_reset(struct phy *phy)
+ }
+ EXPORT_SYMBOL_GPL(phy_reset);
+ 
++int phy_calibrate(struct phy *phy)
++{
++	int ret;
++
++	if (!phy || !phy->ops->calibrate)
++		return 0;
++
++	mutex_lock(&phy->mutex);
++	ret = phy->ops->calibrate(phy);
++	mutex_unlock(&phy->mutex);
++
++	return ret;
++}
++EXPORT_SYMBOL_GPL(phy_calibrate);
++
+ /**
+  * _of_phy_get() - lookup and obtain a reference to a phy by phandle
+  * @np: device_node for which to get the phy
+diff --git a/include/linux/phy/phy.h b/include/linux/phy/phy.h
+index e694d40..87580c8 100644
+--- a/include/linux/phy/phy.h
++++ b/include/linux/phy/phy.h
+@@ -39,6 +39,7 @@ enum phy_mode {
+  * @power_off: powering off the phy
+  * @set_mode: set the mode of the phy
+  * @reset: resetting the phy
++ * @calibrate: calibrate the phy
+  * @owner: the module owner containing the ops
+  */
+ struct phy_ops {
+@@ -48,6 +49,7 @@ struct phy_ops {
+ 	int	(*power_off)(struct phy *phy);
+ 	int	(*set_mode)(struct phy *phy, enum phy_mode mode);
+ 	int	(*reset)(struct phy *phy);
++	int	(*calibrate)(struct phy *phy);
+ 	struct module *owner;
+ };
+ 
+@@ -141,6 +143,7 @@ static inline void *phy_get_drvdata(struct phy *phy)
+ int phy_power_off(struct phy *phy);
+ int phy_set_mode(struct phy *phy, enum phy_mode mode);
+ int phy_reset(struct phy *phy);
++int phy_calibrate(struct phy *phy);
+ static inline int phy_get_bus_width(struct phy *phy)
+ {
+ 	return phy->attrs.bus_width;
+@@ -262,6 +265,13 @@ static inline int phy_reset(struct phy *phy)
+ 	return -ENOSYS;
+ }
+ 
++static inline int phy_calibrate(struct phy *phy)
++{
++	if (!phy)
++		return 0;
++	return -ENOSYS;
++}
++
+ static inline int phy_get_bus_width(struct phy *phy)
+ {
+ 	return -ENOSYS;
+From patchwork Mon Oct  9 12:00:51 2017
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: [PATCHv4,
+ 2/2] phy: exynos5-usbdrd: Calibrate LOS levels for exynos5420/5800
+From: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
+X-Patchwork-Id: 9992809
+Message-Id: <1507550451-21324-3-git-send-email-andrzej.p@samsung.com>
+To: linux-samsung-soc@vger.kernel.org, linux-usb@vger.kernel.org,
+ linux-arm-kernel@lists.infradead.org, devicetree@vger.kernel.org
+Cc: Mark Rutland <mark.rutland@arm.com>, Felipe Balbi <balbi@kernel.org>,
+ Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>,
+ Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
+ Russell King <linux@armlinux.org.uk>,
+ Krzysztof Kozlowski <krzk@kernel.org>, 
+ Kishon Vijay Abraham I <kishon@ti.com>,
+ Rob Herring <robh+dt@kernel.org>, Kukjin Kim <kgene@kernel.org>,
+ Andrzej Pietrasiewicz <andrzej.p@samsung.com>, 
+ Marek Szyprowski <m.szyprowski@samsung.com>
+Date: Mon, 09 Oct 2017 14:00:51 +0200
+
+From: Vivek Gautam <gautam.vivek@samsung.com>
+
+Adding phy calibration sequence for USB 3.0 DRD PHY present on
+Exynos5420/5800 systems.
+This calibration facilitates setting certain PHY parameters viz.
+the Loss-of-Signal (LOS) Detector Threshold Level, as well as
+Tx-Vboost-Level for Super-Speed operations.
+Additionally we also set proper time to wait for RxDetect measurement,
+for desired PHY reference clock, so as to solve issue with enumeration
+of few USB 3.0 devices, like Samsung SUM-TSB16S 3.0 USB drive
+on the controller.
+
+We are using CR_port for this purpose to send required data
+to override the LOS values.
+
+On testing with USB 3.0 devices on USB 3.0 port present on
+SMDK5420, and peach-pit boards should see following message:
+usb 2-1: new SuperSpeed USB device number 2 using xhci-hcd
+
+and without this patch, should see below shown message:
+usb 1-1: new high-speed USB device number 2 using xhci-hcd
+
+[Also removed unnecessary extra lines in the register macro definitions]
+
+Signed-off-by: Vivek Gautam <gautam.vivek@samsung.com>
+[adapted to use phy_calibrate as entry point]
+Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
+---
+ drivers/phy/samsung/phy-exynos5-usbdrd.c | 183 +++++++++++++++++++++++++++++++
+ drivers/usb/dwc3/core.c                  |   7 +-
+ 2 files changed, 188 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/phy/samsung/phy-exynos5-usbdrd.c b/drivers/phy/samsung/phy-exynos5-usbdrd.c
+index 22c68f5..9e83c15 100644
+--- a/drivers/phy/samsung/phy-exynos5-usbdrd.c
++++ b/drivers/phy/samsung/phy-exynos5-usbdrd.c
+@@ -90,7 +90,17 @@
+ #define PHYCLKRST_COMMONONN			BIT(0)
+ 
+ #define EXYNOS5_DRD_PHYREG0			0x14
++#define PHYREG0_SSC_REF_CLK_SEL			BIT(21)
++#define PHYREG0_SSC_RANGE			BIT(20)
++#define PHYREG0_CR_WRITE			BIT(19)
++#define PHYREG0_CR_READ				BIT(18)
++#define PHYREG0_CR_DATA_IN(_x)			((_x) << 2)
++#define PHYREG0_CR_CAP_DATA			BIT(1)
++#define PHYREG0_CR_CAP_ADDR			BIT(0)
++
+ #define EXYNOS5_DRD_PHYREG1			0x18
++#define PHYREG1_CR_DATA_OUT(_x)			((_x) << 1)
++#define PHYREG1_CR_ACK				BIT(0)
+ 
+ #define EXYNOS5_DRD_PHYPARAM0			0x1c
+ 
+@@ -119,6 +129,25 @@
+ #define EXYNOS5_DRD_PHYRESUME			0x34
+ #define EXYNOS5_DRD_LINKPORT			0x44
+ 
++/* USB 3.0 DRD PHY SS Function Control Reg; accessed by CR_PORT */
++#define EXYNOS5_DRD_PHYSS_LOSLEVEL_OVRD_IN		(0x15)
++#define LOSLEVEL_OVRD_IN_LOS_BIAS_5420			(0x5 << 13)
++#define LOSLEVEL_OVRD_IN_LOS_BIAS_DEFAULT		(0x0 << 13)
++#define LOSLEVEL_OVRD_IN_EN				(0x1 << 10)
++#define LOSLEVEL_OVRD_IN_LOS_LEVEL_DEFAULT		(0x9 << 0)
++
++#define EXYNOS5_DRD_PHYSS_TX_VBOOSTLEVEL_OVRD_IN	(0x12)
++#define TX_VBOOSTLEVEL_OVRD_IN_VBOOST_5420		(0x5 << 13)
++#define TX_VBOOSTLEVEL_OVRD_IN_VBOOST_DEFAULT		(0x4 << 13)
++
++#define EXYNOS5_DRD_PHYSS_LANE0_TX_DEBUG		(0x1010)
++#define LANE0_TX_DEBUG_RXDET_MEAS_TIME_19M2_20M		(0x4 << 4)
++#define LANE0_TX_DEBUG_RXDET_MEAS_TIME_24M		(0x8 << 4)
++#define LANE0_TX_DEBUG_RXDET_MEAS_TIME_25M_26M		(0x8 << 4)
++#define LANE0_TX_DEBUG_RXDET_MEAS_TIME_48M_50M_52M	(0x20 << 4)
++#define LANE0_TX_DEBUG_RXDET_MEAS_TIME_62M5		(0x20 << 4)
++#define LANE0_TX_DEBUG_RXDET_MEAS_TIME_96M_100M		(0x40 << 4)
++
+ #define KHZ	1000
+ #define MHZ	(KHZ * KHZ)
+ 
+@@ -527,6 +556,151 @@ static int exynos5_usbdrd_phy_power_off(struct phy *phy)
+ 	return 0;
+ }
+ 
++static int crport_handshake(struct exynos5_usbdrd_phy *phy_drd,
++						u32 val, u32 cmd)
++{
++	u32 usec = 100;
++	unsigned int result;
++
++	writel(val | cmd, phy_drd->reg_phy + EXYNOS5_DRD_PHYREG0);
++
++	do {
++		result = readl(phy_drd->reg_phy + EXYNOS5_DRD_PHYREG1);
++		if (result & PHYREG1_CR_ACK)
++			break;
++
++		udelay(1);
++	} while (usec-- > 0);
++
++	if (!usec) {
++		dev_err(phy_drd->dev,
++			"CRPORT handshake timeout1 (0x%08x)\n", val);
++		return -ETIME;
++	}
++
++	usec = 100;
++
++	writel(val, phy_drd->reg_phy + EXYNOS5_DRD_PHYREG0);
++
++	do {
++		result = readl(phy_drd->reg_phy + EXYNOS5_DRD_PHYREG1);
++		if (!(result & PHYREG1_CR_ACK))
++			break;
++
++		udelay(1);
++	} while (usec-- > 0);
++
++	if (!usec) {
++		dev_err(phy_drd->dev,
++			"CRPORT handshake timeout2 (0x%08x)\n", val);
++		return -ETIME;
++	}
++
++	return 0;
++}
++
++static int crport_ctrl_write(struct exynos5_usbdrd_phy *phy_drd,
++						u32 addr, u32 data)
++{
++	int ret;
++
++	/* Write Address */
++	writel(PHYREG0_CR_DATA_IN(addr),
++		phy_drd->reg_phy + EXYNOS5_DRD_PHYREG0);
++	ret = crport_handshake(phy_drd, PHYREG0_CR_DATA_IN(addr),
++				PHYREG0_CR_CAP_ADDR);
++	if (ret)
++		return ret;
++
++	/* Write Data */
++	writel(PHYREG0_CR_DATA_IN(data),
++		phy_drd->reg_phy + EXYNOS5_DRD_PHYREG0);
++	ret = crport_handshake(phy_drd, PHYREG0_CR_DATA_IN(data),
++				PHYREG0_CR_CAP_DATA);
++	if (ret)
++		return ret;
++
++	ret = crport_handshake(phy_drd, PHYREG0_CR_DATA_IN(data),
++				PHYREG0_CR_WRITE);
++
++	return ret;
++}
++
++/*
++ * Calibrate few PHY parameters using CR_PORT register to meet
++ * SuperSpeed requirements on Exynos5420 and Exynos5800 systems,
++ * which have 28nm USB 3.0 DRD PHY.
++ */
++static int exynos5420_usbdrd_phy_calibrate(struct exynos5_usbdrd_phy *phy_drd)
++{
++	unsigned int temp;
++	int ret = 0;
++
++	/*
++	 * Change los_bias to (0x5) for 28nm PHY from a
++	 * default value (0x0); los_level is set as default
++	 * (0x9) as also reflected in los_level[30:26] bits
++	 * of PHYPARAM0 register.
++	 */
++	temp = LOSLEVEL_OVRD_IN_LOS_BIAS_5420 |
++		LOSLEVEL_OVRD_IN_EN |
++		LOSLEVEL_OVRD_IN_LOS_LEVEL_DEFAULT;
++	ret = crport_ctrl_write(phy_drd,
++				EXYNOS5_DRD_PHYSS_LOSLEVEL_OVRD_IN,
++				temp);
++	if (ret) {
++		dev_err(phy_drd->dev,
++		 "Failed setting Loss-of-Signal level for SuperSpeed\n");
++		return ret;
++	}
++
++	/*
++	 * Set tx_vboost_lvl to (0x5) for 28nm PHY Tuning,
++	 * to raise Tx signal level from its default value of (0x4)
++	 */
++	temp = TX_VBOOSTLEVEL_OVRD_IN_VBOOST_5420;
++	ret = crport_ctrl_write(phy_drd,
++				EXYNOS5_DRD_PHYSS_TX_VBOOSTLEVEL_OVRD_IN,
++				temp);
++	if (ret) {
++		dev_err(phy_drd->dev,
++		 "Failed setting Tx-Vboost-Level for SuperSpeed\n");
++		return ret;
++	}
++
++	/*
++	 * Set proper time to wait for RxDetect measurement, for
++	 * desired reference clock of PHY, by tuning the CR_PORT
++	 * register LANE0.TX_DEBUG which is internal to PHY.
++	 * This fixes issue with few USB 3.0 devices, which are
++	 * not detected (not even generate interrupts on the bus
++	 * on insertion) without this change.
++	 * e.g. Samsung SUM-TSB16S 3.0 USB drive.
++	 */
++	switch (phy_drd->extrefclk) {
++	case EXYNOS5_FSEL_50MHZ:
++		temp = LANE0_TX_DEBUG_RXDET_MEAS_TIME_48M_50M_52M;
++		break;
++	case EXYNOS5_FSEL_20MHZ:
++	case EXYNOS5_FSEL_19MHZ2:
++		temp = LANE0_TX_DEBUG_RXDET_MEAS_TIME_19M2_20M;
++		break;
++	case EXYNOS5_FSEL_24MHZ:
++	default:
++		temp = LANE0_TX_DEBUG_RXDET_MEAS_TIME_24M;
++		break;
++	}
++
++	ret = crport_ctrl_write(phy_drd,
++				EXYNOS5_DRD_PHYSS_LANE0_TX_DEBUG,
++				temp);
++	if (ret)
++		dev_err(phy_drd->dev,
++		 "Failed setting RxDetect measurement time for SuperSpeed\n");
++
++	return ret;
++}
++
+ static struct phy *exynos5_usbdrd_phy_xlate(struct device *dev,
+ 					struct of_phandle_args *args)
+ {
+@@ -538,11 +712,20 @@ static struct phy *exynos5_usbdrd_phy_xlate(struct device *dev,
+ 	return phy_drd->phys[args->args[0]].phy;
+ }
+ 
++static int exynos5_usbdrd_phy_calibrate(struct phy *phy)
++{
++	struct phy_usb_instance *inst = phy_get_drvdata(phy);
++	struct exynos5_usbdrd_phy *phy_drd = to_usbdrd_phy(inst);
++
++	return exynos5420_usbdrd_phy_calibrate(phy_drd);
++}
++
+ static const struct phy_ops exynos5_usbdrd_phy_ops = {
+ 	.init		= exynos5_usbdrd_phy_init,
+ 	.exit		= exynos5_usbdrd_phy_exit,
+ 	.power_on	= exynos5_usbdrd_phy_power_on,
+ 	.power_off	= exynos5_usbdrd_phy_power_off,
++	.calibrate	= exynos5_usbdrd_phy_calibrate,
+ 	.owner		= THIS_MODULE,
+ };
+ 
+diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
+index 03474d3..224e0dd 100644
+--- a/drivers/usb/dwc3/core.c
++++ b/drivers/usb/dwc3/core.c
+@@ -156,9 +156,10 @@ static void __dwc3_set_mode(struct work_struct *work)
+ 		} else {
+ 			if (dwc->usb2_phy)
+ 				otg_set_vbus(dwc->usb2_phy->otg, true);
+-			if (dwc->usb2_generic_phy)
++			if (dwc->usb2_generic_phy) {
+ 				phy_set_mode(dwc->usb2_generic_phy, PHY_MODE_USB_HOST);
+-
++				phy_calibrate(dwc->usb2_generic_phy);
++			}
+ 		}
+ 		break;
+ 	case DWC3_GCTL_PRTCAP_DEVICE:
+@@ -955,6 +956,8 @@ static int dwc3_core_init_mode(struct dwc3 *dwc)
+ 				dev_err(dev, "failed to initialize host\n");
+ 			return ret;
+ 		}
++		if (dwc->usb2_generic_phy)
++			phy_calibrate(dwc->usb2_generic_phy);
+ 		break;
+ 	case USB_DR_MODE_OTG:
+ 		INIT_WORK(&dwc->drd_work, __dwc3_set_mode);

arm-imx6-hummingboard2.patch

@@ -26,21 +26,21 @@ index 011808490fed..ccdff6650541 100644
 --- a/arch/arm/boot/dts/Makefile
 +++ b/arch/arm/boot/dts/Makefile
 @@ -353,6 +353,7 @@ dtb-$(CONFIG_SOC_IMX6Q) += \
- 	imx6dl-gw552x.dtb \
- 	imx6dl-gw553x.dtb \
+ 	imx6dl-gw5903.dtb \
+ 	imx6dl-gw5904.dtb \
  	imx6dl-hummingboard.dtb \
 +	imx6dl-hummingboard2.dtb \
  	imx6dl-icore.dtb \
  	imx6dl-icore-rqs.dtb \
  	imx6dl-nit6xlite.dtb \
 @@ -397,6 +398,7 @@ dtb-$(CONFIG_SOC_IMX6Q) += \
- 	imx6q-gw553x.dtb \
+ 	imx6q-gw5904.dtb \
  	imx6q-h100.dtb \
  	imx6q-hummingboard.dtb \
 +	imx6q-hummingboard2.dtb \
  	imx6q-icore.dtb \
- 	imx6q-icore-rqs.dtb \
- 	imx6q-marsboard.dtb \
+ 	imx6q-icore-ofcap10.dtb \
+ 	imx6q-icore-ofcap12.dtb \
 diff --git a/arch/arm/boot/dts/imx6dl-hummingboard2.dts b/arch/arm/boot/dts/imx6dl-hummingboard2.dts
 new file mode 100644
 index 000000000000..990b5050de5b

arm-rk3288-tinker.patch

@@ -1,573 +0,0 @@
-From 223599514133293bb9afe7b82937140c3b275877 Mon Sep 17 00:00:00 2001
-From: Eddie Cai <eddie.cai.linux@gmail.com>
-Date: Tue, 14 Feb 2017 18:07:31 +0800
-Subject: ARM: dts: rockchip: add dts for RK3288-Tinker board
-
-This patch add basic support for RK3288-Tinker board. We can boot in to rootfs
-with this patch.
-
-Signed-off-by: Eddie Cai <eddie.cai.linux@gmail.com>
-Signed-off-by: Heiko Stuebner <heiko@sntech.de>
----
- arch/arm/boot/dts/Makefile          |   1 +
- arch/arm/boot/dts/rk3288-tinker.dts | 536 ++++++++++++++++++++++++++++++++++++
- 2 files changed, 537 insertions(+)
- create mode 100644 arch/arm/boot/dts/rk3288-tinker.dts
-
-diff --git a/arch/arm/boot/dts/Makefile b/arch/arm/boot/dts/Makefile
-index 0118084..fb46849 100644
---- a/arch/arm/boot/dts/Makefile
-+++ b/arch/arm/boot/dts/Makefile
-@@ -695,6 +695,7 @@ dtb-$(CONFIG_ARCH_ROCKCHIP) += \
- 	rk3288-popmetal.dtb \
- 	rk3288-r89.dtb \
- 	rk3288-rock2-square.dtb \
-+	rk3288-tinker.dtb \
- 	rk3288-veyron-brain.dtb \
- 	rk3288-veyron-jaq.dtb \
- 	rk3288-veyron-jerry.dtb \
-diff --git a/arch/arm/boot/dts/rk3288-tinker.dts b/arch/arm/boot/dts/rk3288-tinker.dts
-new file mode 100644
-index 0000000..f601c78
---- /dev/null
-+++ b/arch/arm/boot/dts/rk3288-tinker.dts
-@@ -0,0 +1,536 @@
-+/*
-+ * Copyright (c) 2017 Fuzhou Rockchip Electronics Co., Ltd.
-+ *
-+ * This file is dual-licensed: you can use it either under the terms
-+ * of the GPL or the X11 license, at your option. Note that this dual
-+ * licensing only applies to this file, and not this project as a
-+ * whole.
-+ *
-+ *  a) This file is free software; you can redistribute it and/or
-+ *     modify it under the terms of the GNU General Public License as
-+ *     published by the Free Software Foundation; either version 2 of the
-+ *     License, or (at your option) any later version.
-+ *
-+ *     This file is distributed in the hope that it will be useful,
-+ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+ *     GNU General Public License for more details.
-+ *
-+ * Or, alternatively,
-+ *
-+ *  b) Permission is hereby granted, free of charge, to any person
-+ *     obtaining a copy of this software and associated documentation
-+ *     files (the "Software"), to deal in the Software without
-+ *     restriction, including without limitation the rights to use,
-+ *     copy, modify, merge, publish, distribute, sublicense, and/or
-+ *     sell copies of the Software, and to permit persons to whom the
-+ *     Software is furnished to do so, subject to the following
-+ *     conditions:
-+ *
-+ *     The above copyright notice and this permission notice shall be
-+ *     included in all copies or substantial portions of the Software.
-+ *
-+ *     THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-+ *     EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
-+ *     OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-+ *     NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
-+ *     HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-+ *     WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-+ *     FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-+ *     OTHER DEALINGS IN THE SOFTWARE.
-+ */
-+
-+/dts-v1/;
-+
-+#include "rk3288.dtsi"
-+#include <dt-bindings/input/input.h>
-+
-+/ {
-+	model = "Rockchip RK3288 Tinker Board";
-+	compatible = "asus,rk3288-tinker", "rockchip,rk3288";
-+
-+	memory {
-+		reg = <0x0 0x80000000>;
-+		device_type = "memory";
-+	};
-+
-+	ext_gmac: external-gmac-clock {
-+		compatible = "fixed-clock";
-+		#clock-cells = <0>;
-+		clock-frequency = <125000000>;
-+		clock-output-names = "ext_gmac";
-+	};
-+
-+	gpio-keys {
-+		compatible = "gpio-keys";
-+		#address-cells = <1>;
-+		#size-cells = <0>;
-+		autorepeat;
-+
-+		pinctrl-names = "default";
-+		pinctrl-0 = <&pwrbtn>;
-+
-+		button@0 {
-+			gpios = <&gpio0 RK_PA5 GPIO_ACTIVE_LOW>;
-+			linux,code = <KEY_POWER>;
-+			label = "GPIO Key Power";
-+			linux,input-type = <1>;
-+			wakeup-source;
-+			debounce-interval = <100>;
-+		};
-+	};
-+
-+	gpio-leds {
-+		compatible = "gpio-leds";
-+
-+		act-led {
-+			gpios=<&gpio1 RK_PD0 GPIO_ACTIVE_HIGH>;
-+			linux,default-trigger="mmc0";
-+		};
-+
-+		heartbeat-led {
-+			gpios=<&gpio1 RK_PD1 GPIO_ACTIVE_HIGH>;
-+			linux,default-trigger="heartbeat";
-+		};
-+
-+		pwr-led {
-+			gpios = <&gpio0 RK_PA3 GPIO_ACTIVE_HIGH>;
-+			linux,default-trigger = "default-on";
-+		};
-+	};
-+
-+	sound {
-+		compatible = "simple-audio-card";
-+		simple-audio-card,format = "i2s";
-+		simple-audio-card,name = "rockchip,tinker-codec";
-+		simple-audio-card,mclk-fs = <512>;
-+
-+		simple-audio-card,codec {
-+			sound-dai = <&hdmi>;
-+		};
-+
-+		simple-audio-card,cpu {
-+			sound-dai = <&i2s>;
-+		};
-+	};
-+
-+	vcc_sys: vsys-regulator {
-+		compatible = "regulator-fixed";
-+		regulator-name = "vcc_sys";
-+		regulator-min-microvolt = <5000000>;
-+		regulator-max-microvolt = <5000000>;
-+		regulator-always-on;
-+		regulator-boot-on;
-+	};
-+
-+	vcc_sd: sdmmc-regulator {
-+		compatible = "regulator-fixed";
-+		gpio = <&gpio7 11 GPIO_ACTIVE_LOW>;
-+		pinctrl-names = "default";
-+		pinctrl-0 = <&sdmmc_pwr>;
-+		regulator-name = "vcc_sd";
-+		regulator-min-microvolt = <3300000>;
-+		regulator-max-microvolt = <3300000>;
-+		startup-delay-us = <100000>;
-+		vin-supply = <&vcc_io>;
-+	};
-+};
-+
-+&cpu0 {
-+	cpu0-supply = <&vdd_cpu>;
-+};
-+
-+&gmac {
-+	assigned-clocks = <&cru SCLK_MAC>;
-+	assigned-clock-parents = <&ext_gmac>;
-+	clock_in_out = "input";
-+	phy-mode = "rgmii";
-+	phy-supply = <&vcc33_lan>;
-+	pinctrl-names = "default";
-+	pinctrl-0 = <&rgmii_pins>;
-+	snps,reset-gpio = <&gpio4 7 0>;
-+	snps,reset-active-low;
-+	snps,reset-delays-us = <0 10000 1000000>;
-+	tx_delay = <0x30>;
-+	rx_delay = <0x10>;
-+	status = "ok";
-+};
-+
-+&hdmi {
-+	ddc-i2c-bus = <&i2c5>;
-+	status = "okay";
-+};
-+
-+&i2c0 {
-+	clock-frequency = <400000>;
-+	status = "okay";
-+
-+	rk808: pmic@1b {
-+		compatible = "rockchip,rk808";
-+		reg = <0x1b>;
-+		interrupt-parent = <&gpio0>;
-+		interrupts = <4 IRQ_TYPE_LEVEL_LOW>;
-+		#clock-cells = <1>;
-+		clock-output-names = "xin32k", "rk808-clkout2";
-+		dvs-gpios = <&gpio0 11 GPIO_ACTIVE_HIGH>,
-+				<&gpio0 12 GPIO_ACTIVE_HIGH>;
-+		pinctrl-names = "default";
-+		pinctrl-0 = <&pmic_int &global_pwroff &dvs_1 &dvs_2>;
-+		rockchip,system-power-controller;
-+		wakeup-source;
-+
-+		vcc1-supply = <&vcc_sys>;
-+		vcc2-supply = <&vcc_sys>;
-+		vcc3-supply = <&vcc_sys>;
-+		vcc4-supply = <&vcc_sys>;
-+		vcc6-supply = <&vcc_sys>;
-+		vcc7-supply = <&vcc_sys>;
-+		vcc8-supply = <&vcc_io>;
-+		vcc9-supply = <&vcc_io>;
-+		vcc10-supply = <&vcc_io>;
-+		vcc11-supply = <&vcc_sys>;
-+		vcc12-supply = <&vcc_io>;
-+		vddio-supply = <&vcc_io>;
-+
-+		regulators {
-+			vdd_cpu: DCDC_REG1 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <750000>;
-+				regulator-max-microvolt = <1350000>;
-+				regulator-name = "vdd_arm";
-+				regulator-ramp-delay = <6000>;
-+				regulator-state-mem {
-+					regulator-off-in-suspend;
-+				};
-+			};
-+
-+			vdd_gpu: DCDC_REG2 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <850000>;
-+				regulator-max-microvolt = <1250000>;
-+				regulator-name = "vdd_gpu";
-+				regulator-ramp-delay = <6000>;
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1000000>;
-+				};
-+			};
-+
-+			vcc_ddr: DCDC_REG3 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-name = "vcc_ddr";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+				};
-+			};
-+
-+			vcc_io: DCDC_REG4 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <3300000>;
-+				regulator-max-microvolt = <3300000>;
-+				regulator-name = "vcc_io";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <3300000>;
-+				};
-+			};
-+
-+			vcc18_ldo1: LDO_REG1 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <1800000>;
-+				regulator-max-microvolt = <1800000>;
-+				regulator-name = "vcc18_ldo1";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1800000>;
-+				};
-+			};
-+
-+			vcc33_mipi: LDO_REG2 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <3300000>;
-+				regulator-max-microvolt = <3300000>;
-+				regulator-name = "vcc33_mipi";
-+				regulator-state-mem {
-+					regulator-off-in-suspend;
-+				};
-+			};
-+
-+			vdd_10: LDO_REG3 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <1000000>;
-+				regulator-max-microvolt = <1000000>;
-+				regulator-name = "vdd_10";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1000000>;
-+				};
-+			};
-+
-+			vcc18_codec: LDO_REG4 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <1800000>;
-+				regulator-max-microvolt = <1800000>;
-+				regulator-name = "vcc18_codec";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1800000>;
-+				};
-+			};
-+
-+			vccio_sd: LDO_REG5 {
-+				regulator-min-microvolt = <1800000>;
-+				regulator-max-microvolt = <3300000>;
-+				regulator-name = "vccio_sd";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <3300000>;
-+				};
-+			};
-+
-+			vdd10_lcd: LDO_REG6 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <1000000>;
-+				regulator-max-microvolt = <1000000>;
-+				regulator-name = "vdd10_lcd";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1000000>;
-+				};
-+			};
-+
-+			vcc_18: LDO_REG7 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <1800000>;
-+				regulator-max-microvolt = <1800000>;
-+				regulator-name = "vcc_18";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1800000>;
-+				};
-+			};
-+
-+			vcc18_lcd: LDO_REG8 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-min-microvolt = <1800000>;
-+				regulator-max-microvolt = <1800000>;
-+				regulator-name = "vcc18_lcd";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+					regulator-suspend-microvolt = <1800000>;
-+				};
-+			};
-+
-+			vcc33_sd: SWITCH_REG1 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-name = "vcc33_sd";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+				};
-+			};
-+
-+			vcc33_lan: SWITCH_REG2 {
-+				regulator-always-on;
-+				regulator-boot-on;
-+				regulator-name = "vcc33_lan";
-+				regulator-state-mem {
-+					regulator-on-in-suspend;
-+				};
-+			};
-+		};
-+	};
-+};
-+
-+&i2c2 {
-+	status = "okay";
-+};
-+
-+&i2c5 {
-+	status = "okay";
-+};
-+
-+&i2s {
-+	#sound-dai-cells = <0>;
-+	status = "okay";
-+};
-+
-+&io_domains {
-+	status = "okay";
-+
-+	sdcard-supply = <&vccio_sd>;
-+};
-+
-+&pinctrl {
-+	pcfg_pull_none_drv_8ma: pcfg-pull-none-drv-8ma {
-+		drive-strength = <8>;
-+	};
-+
-+	pcfg_pull_up_drv_8ma: pcfg-pull-up-drv-8ma {
-+		bias-pull-up;
-+		drive-strength = <8>;
-+	};
-+
-+	backlight {
-+		bl_en: bl-en {
-+			rockchip,pins = <7 2 RK_FUNC_GPIO &pcfg_pull_none>;
-+		};
-+	};
-+
-+	buttons {
-+		pwrbtn: pwrbtn {
-+			rockchip,pins = <0 5 RK_FUNC_GPIO &pcfg_pull_up>;
-+		};
-+	};
-+
-+	eth_phy {
-+		eth_phy_pwr: eth-phy-pwr {
-+			rockchip,pins = <0 6 RK_FUNC_GPIO &pcfg_pull_none>;
-+		};
-+	};
-+
-+	pmic {
-+		pmic_int: pmic-int {
-+			rockchip,pins = <RK_GPIO0 4 RK_FUNC_GPIO \
-+					&pcfg_pull_up>;
-+		};
-+
-+		dvs_1: dvs-1 {
-+			rockchip,pins = <RK_GPIO0 11 RK_FUNC_GPIO \
-+					&pcfg_pull_down>;
-+		};
-+
-+		dvs_2: dvs-2 {
-+			rockchip,pins = <RK_GPIO0 12 RK_FUNC_GPIO \
-+					&pcfg_pull_down>;
-+		};
-+	};
-+
-+	sdmmc {
-+		sdmmc_bus4: sdmmc-bus4 {
-+			rockchip,pins = <6 16 RK_FUNC_1 &pcfg_pull_up_drv_8ma>,
-+					<6 17 RK_FUNC_1 &pcfg_pull_up_drv_8ma>,
-+					<6 18 RK_FUNC_1 &pcfg_pull_up_drv_8ma>,
-+					<6 19 RK_FUNC_1 &pcfg_pull_up_drv_8ma>;
-+		};
-+
-+		sdmmc_clk: sdmmc-clk {
-+			rockchip,pins = <6 20 RK_FUNC_1 \
-+					&pcfg_pull_none_drv_8ma>;
-+		};
-+
-+		sdmmc_cmd: sdmmc-cmd {
-+			rockchip,pins = <6 21 RK_FUNC_1 &pcfg_pull_up_drv_8ma>;
-+		};
-+
-+		sdmmc_pwr: sdmmc-pwr {
-+			rockchip,pins = <7 11 RK_FUNC_GPIO &pcfg_pull_none>;
-+		};
-+	};
-+
-+	usb {
-+		host_vbus_drv: host-vbus-drv {
-+			rockchip,pins = <0 14 RK_FUNC_GPIO &pcfg_pull_none>;
-+		};
-+
-+		pwr_3g: pwr-3g {
-+			rockchip,pins = <7 8 RK_FUNC_GPIO &pcfg_pull_none>;
-+		};
-+	};
-+};
-+
-+&pwm0 {
-+	status = "okay";
-+};
-+
-+&saradc {
-+	vref-supply = <&vcc18_ldo1>;
-+	status ="okay";
-+};
-+
-+&sdmmc {
-+	bus-width = <4>;
-+	cap-mmc-highspeed;
-+	cap-sd-highspeed;
-+	card-detect-delay = <200>;
-+	disable-wp;			/* wp not hooked up */
-+	num-slots = <1>;
-+	pinctrl-names = "default";
-+	pinctrl-0 = <&sdmmc_clk &sdmmc_cmd &sdmmc_cd &sdmmc_bus4>;
-+	status = "okay";
-+	vmmc-supply = <&vcc33_sd>;
-+	vqmmc-supply = <&vccio_sd>;
-+};
-+
-+&tsadc {
-+	rockchip,hw-tshut-mode = <1>; /* tshut mode 0:CRU 1:GPIO */
-+	rockchip,hw-tshut-polarity = <1>; /* tshut polarity 0:LOW 1:HIGH */
-+	status = "okay";
-+};
-+
-+&uart0 {
-+	status = "okay";
-+};
-+
-+&uart1 {
-+	status = "okay";
-+};
-+
-+&uart2 {
-+	status = "okay";
-+};
-+
-+&uart3 {
-+	status = "okay";
-+};
-+
-+&uart4 {
-+	status = "okay";
-+};
-+
-+&usbphy {
-+	status = "okay";
-+};
-+
-+&usb_host0_ehci {
-+	status = "okay";
-+};
-+
-+&usb_host1 {
-+	status = "okay";
-+};
-+
-+&usb_otg {
-+	status= "okay";
-+};
-+
-+&vopb {
-+	status = "okay";
-+};
-+
-+&vopb_mmu {
-+	status = "okay";
-+};
-+
-+&vopl {
-+	status = "okay";
-+};
-+
-+&vopl_mmu {
-+	status = "okay";
-+};
-+
-+&wdt {
-+	status = "okay";
-+};
--- 
-cgit v1.1
-

arm64-Revert-allwinner-a64-pine64-Use-dcdc1-regulato.patch

@@ -0,0 +1,41 @@
+From 90e388ca5d8bbee022f9ed5fc24137b31579fa6e Mon Sep 17 00:00:00 2001
+From: Peter Robinson <pbrobinson@gmail.com>
+Date: Wed, 22 Nov 2017 15:52:36 +0000
+Subject: [PATCH] Revert "arm64: allwinner: a64: pine64: Use dcdc1 regulator
+ for mmc0"
+
+This reverts commit 3f241bfa60bdc9c4fde63fa6664a8ce00fd668c6.
+---
+ arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts b/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts
+index d06e34b5d192..caf8b6fbe5e3 100644
+--- a/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts
++++ b/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts
+@@ -61,6 +61,13 @@
+ 	chosen {
+ 		stdout-path = "serial0:115200n8";
+ 	};
++
++	reg_vcc3v3: vcc3v3 {
++		compatible = "regulator-fixed";
++		regulator-name = "vcc3v3";
++		regulator-min-microvolt = <3300000>;
++		regulator-max-microvolt = <3300000>;
++	};
+ };
+ 
+ &ehci0 {
+@@ -84,7 +91,7 @@
+ &mmc0 {
+ 	pinctrl-names = "default";
+ 	pinctrl-0 = <&mmc0_pins>;
+-	vmmc-supply = <&reg_dcdc1>;
++	vmmc-supply = <&reg_vcc3v3>;
+ 	cd-gpios = <&pio 5 6 GPIO_ACTIVE_HIGH>;
+ 	cd-inverted;
+ 	disable-wp;
+-- 
+2.14.3
+

arm64-hikey-fixes.patch

@@ -1,77 +0,0 @@
-From patchwork Sat Apr  8 07:18:40 2017
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: reset: hi6220: Set module license so that it can be loaded
-From: Jeremy Linton <lintonrjeremy@gmail.com>
-X-Patchwork-Id: 9670985
-Message-Id: <20170408071840.29380-1-lintonrjeremy@gmail.com>
-To: linux-kernel@vger.kernel.org
-Cc: p.zabel@pengutronix.de, saberlily.xia@hisilicon.com,
- puck.chen@hisilicon.com, xinliang.liu@linaro.org,
- Jeremy Linton <lintonrjeremy@gmail.com>
-Date: Sat,  8 Apr 2017 02:18:40 -0500
-
-The hi6220_reset driver can be built as a standalone module
-yet it cannot be loaded because it depends on GPL exported symbols.
-
-Lets set the module license so that the module loads, and things like
-the on-board kirin drm starts working.
-
-Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
-reviewed-by: Xinliang Liu <xinliang.liu@linaro.org>
----
- drivers/reset/hisilicon/hi6220_reset.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/drivers/reset/hisilicon/hi6220_reset.c b/drivers/reset/hisilicon/hi6220_reset.c
-index 35ce53e..d5e5229 100644
---- a/drivers/reset/hisilicon/hi6220_reset.c
-+++ b/drivers/reset/hisilicon/hi6220_reset.c
-@@ -155,3 +155,5 @@ static int __init hi6220_reset_init(void)
- }
- 
- postcore_initcall(hi6220_reset_init);
-+
-+MODULE_LICENSE("GPL v2");
-From patchwork Mon Apr  3 05:28:42 2017
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: [v2,1/2] regulator: hi655x: Describe consumed platform device
-From: Jeremy Linton <lintonrjeremy@gmail.com>
-X-Patchwork-Id: 9658793
-Message-Id: <20170403052843.12711-2-lintonrjeremy@gmail.com>
-To: linux-kernel@vger.kernel.org
-Cc: broonie@kernel.org, lgirdwood@gmail.com, puck.chen@hisilicon.com,
- lee.jones@linaro.org, Jeremy Linton <lintonrjeremy@gmail.com>
-Date: Mon,  3 Apr 2017 00:28:42 -0500
-
-The hi655x-regulator driver consumes a similarly named platform device.
-Adding that to the module device table, allows modprobe to locate this
-driver once the device is created.
-
-Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
----
- drivers/regulator/hi655x-regulator.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/drivers/regulator/hi655x-regulator.c b/drivers/regulator/hi655x-regulator.c
-index 065c100..36ae54b 100644
---- a/drivers/regulator/hi655x-regulator.c
-+++ b/drivers/regulator/hi655x-regulator.c
-@@ -214,7 +214,14 @@ static int hi655x_regulator_probe(struct platform_device *pdev)
- 	return 0;
- }
- 
-+static const struct platform_device_id hi655x_regulator_table[] = {
-+	{ .name = "hi655x-regulator" },
-+	{},
-+};
-+MODULE_DEVICE_TABLE(platform, hi655x_regulator_table);
-+
- static struct platform_driver hi655x_regulator_driver = {
-+	.id_table = hi655x_regulator_table,
- 	.driver = {
- 		.name	= "hi655x-regulator",
- 	},

arm64-mm-Fix-memmap-to-be-initialized-for-the-entire-section.patch

@@ -1,93 +0,0 @@
-From patchwork Thu Oct  6 09:52:07 2016
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: arm64: mm: Fix memmap to be initialized for the entire section
-From: Robert Richter <rrichter@cavium.com>
-X-Patchwork-Id: 9364537
-Message-Id: <1475747527-32387-1-git-send-email-rrichter@cavium.com>
-To: Catalin Marinas <catalin.marinas@arm.com>, Will Deacon
- <will.deacon@arm.com>
-Cc: Mark Rutland <mark.rutland@arm.com>, linux-efi@vger.kernel.org,
- David Daney <david.daney@cavium.com>,
- Ard Biesheuvel <ard.biesheuvel@linaro.org>,
- linux-kernel@vger.kernel.org, Robert Richter <rrichter@cavium.com>,
- Hanjun Guo <hanjun.guo@linaro.org>, linux-arm-kernel@lists.infradead.org
-Date: Thu, 6 Oct 2016 11:52:07 +0200
-
-There is a memory setup problem on ThunderX systems with certain
-memory configurations. The symptom is
-
- kernel BUG at mm/page_alloc.c:1848!
-
-This happens for some configs with 64k page size enabled. The bug
-triggers for page zones with some pages in the zone not assigned to
-this particular zone. In my case some pages that are marked as nomap
-were not reassigned to the new zone of node 1, so those are still
-assigned to node 0.
-
-The reason for the mis-configuration is a change in pfn_valid() which
-reports pages marked nomap as invalid:
-
- 68709f45385a arm64: only consider memblocks with NOMAP cleared for linear mapping
-
-This causes pages marked as nomap being no long reassigned to the new
-zone in memmap_init_zone() by calling __init_single_pfn().
-
-Fixing this by restoring the old behavior of pfn_valid() to use
-memblock_is_memory(). Also changing users of pfn_valid() in arm64 code
-to use memblock_is_map_memory() where necessary. This only affects
-code in ioremap.c. The code in mmu.c still can use the new version of
-pfn_valid().
-
-Should be marked stable v4.5..
-
-Signed-off-by: Robert Richter <rrichter@cavium.com>
----
- arch/arm64/mm/init.c    | 2 +-
- arch/arm64/mm/ioremap.c | 5 +++--
- 2 files changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
-index bbb7ee76e319..25b8659c2a9f 100644
---- a/arch/arm64/mm/init.c
-+++ b/arch/arm64/mm/init.c
-@@ -147,7 +147,7 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max)
- #ifdef CONFIG_HAVE_ARCH_PFN_VALID
- int pfn_valid(unsigned long pfn)
- {
--	return memblock_is_map_memory(pfn << PAGE_SHIFT);
-+	return memblock_is_memory(pfn << PAGE_SHIFT);
- }
- EXPORT_SYMBOL(pfn_valid);
- #endif
-diff --git a/arch/arm64/mm/ioremap.c b/arch/arm64/mm/ioremap.c
-index 01e88c8bcab0..c17c220b0c48 100644
---- a/arch/arm64/mm/ioremap.c
-+++ b/arch/arm64/mm/ioremap.c
-@@ -21,6 +21,7 @@
-  */
- 
- #include <linux/export.h>
-+#include <linux/memblock.h>
- #include <linux/mm.h>
- #include <linux/vmalloc.h>
- #include <linux/io.h>
-@@ -55,7 +56,7 @@ static void __iomem *__ioremap_caller(phys_addr_t phys_addr, size_t size,
- 	/*
- 	 * Don't allow RAM to be mapped.
- 	 */
--	if (WARN_ON(pfn_valid(__phys_to_pfn(phys_addr))))
-+	if (WARN_ON(memblock_is_map_memory(phys_addr)))
- 		return NULL;
- 
- 	area = get_vm_area_caller(size, VM_IOREMAP, caller);
-@@ -96,7 +97,7 @@ EXPORT_SYMBOL(__iounmap);
- void __iomem *ioremap_cache(phys_addr_t phys_addr, size_t size)
- {
- 	/* For normal memory we already have a cacheable mapping. */
--	if (pfn_valid(__phys_to_pfn(phys_addr)))
-+	if (memblock_is_map_memory(phys_addr))
- 		return (void __iomem *)__phys_to_virt(phys_addr);
- 
- 	return __ioremap_caller(phys_addr, size, __pgprot(PROT_NORMAL),

baseconfig/CONFIG_ADXL345_I2C

@@ -0,0 +1 @@
+# CONFIG_ADXL345_I2C is not set

baseconfig/CONFIG_ADXL345_SPI

@@ -0,0 +1 @@
+# CONFIG_ADXL345_SPI is not set

baseconfig/CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ

@@ -0,0 +1 @@
+CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ=y

baseconfig/CONFIG_ALTERA_MSGDMA

@@ -0,0 +1 @@
+CONFIG_ALTERA_MSGDMA=m

baseconfig/CONFIG_ARM64_ERRATUM_858921

@@ -0,0 +1 @@
+CONFIG_ARM64_ERRATUM_858921=y

baseconfig/CONFIG_ATH10K_SDIO

@@ -0,0 +1 @@
+CONFIG_ATH10K_SDIO=m

baseconfig/CONFIG_ATH10K_USB

@@ -0,0 +1 @@
+CONFIG_ATH10K_USB=m

baseconfig/CONFIG_B43LEGACY_DEBUG

@@ -1 +1 @@
-CONFIG_B43LEGACY_DEBUG=y
+# CONFIG_B43LEGACY_DEBUG is not set

baseconfig/CONFIG_B43_DEBUG

@@ -1 +1 @@
-CONFIG_B43_DEBUG=y
+# CONFIG_B43_DEBUG is not set

baseconfig/CONFIG_BACKLIGHT_ARCXCNN

@@ -0,0 +1 @@
+CONFIG_BACKLIGHT_ARCXCNN=m

baseconfig/CONFIG_BATTERY_LEGO_EV3

@@ -0,0 +1 @@
+# CONFIG_BATTERY_LEGO_EV3 is not set

baseconfig/CONFIG_BATTERY_MAX1721X

@@ -0,0 +1 @@
+# CONFIG_BATTERY_MAX1721X is not set

baseconfig/CONFIG_BCM_FLEXRM_MBOX

@@ -0,0 +1 @@
+# CONFIG_BCM_FLEXRM_MBOX is not set

baseconfig/CONFIG_BFQ_GROUP_IOSCHED

@@ -0,0 +1 @@
+CONFIG_BFQ_GROUP_IOSCHED=y

baseconfig/CONFIG_BLK_CPQ_CISS_DA

@@ -1 +0,0 @@
-CONFIG_BLK_CPQ_CISS_DA=m

baseconfig/CONFIG_BLK_DEV_HD

@@ -1 +0,0 @@
-# CONFIG_BLK_DEV_HD is not set

baseconfig/CONFIG_BLK_DEV_THROTTLING_LOW

@@ -0,0 +1 @@
+# CONFIG_BLK_DEV_THROTTLING_LOW is not set

baseconfig/CONFIG_BLK_DEV_UB

@@ -1 +0,0 @@
-# CONFIG_BLK_DEV_UB is not set

baseconfig/CONFIG_BNXT_FLOWER_OFFLOAD

@@ -0,0 +1 @@
+CONFIG_BNXT_FLOWER_OFFLOAD=y

baseconfig/CONFIG_BPF_STREAM_PARSER

@@ -0,0 +1 @@
+CONFIG_BPF_STREAM_PARSER=y

baseconfig/CONFIG_BRCMSTB_GISB_ARB

@@ -0,0 +1 @@
+# CONFIG_BRCMSTB_GISB_ARB is not set

baseconfig/CONFIG_BT_HCIUART_SERDEV

@@ -0,0 +1 @@
+CONFIG_BT_HCIUART_SERDEV=y

baseconfig/CONFIG_BT_QCOMSMD

@@ -1 +0,0 @@
-# CONFIG_BT_QCOMSMD is not set

baseconfig/CONFIG_BT_SCO

@@ -1 +0,0 @@
-CONFIG_BT_SCO=y

baseconfig/CONFIG_CAN_HI311X

@@ -0,0 +1 @@
+CONFIG_CAN_HI311X=m

baseconfig/CONFIG_CAN_MCBA_USB

@@ -0,0 +1 @@
+CONFIG_CAN_MCBA_USB=m

baseconfig/CONFIG_CAN_PEAK_PCIEFD

@@ -0,0 +1 @@
+CONFIG_CAN_PEAK_PCIEFD=m

baseconfig/CONFIG_CAN_VXCAN

@@ -0,0 +1 @@
+CONFIG_CAN_VXCAN=m

baseconfig/CONFIG_CCS811

@@ -0,0 +1 @@
+# CONFIG_CCS811 is not set

baseconfig/CONFIG_CEC_PIN

@@ -0,0 +1 @@
+CONFIG_CEC_PIN=y

baseconfig/CONFIG_CEC_PLATFORM_DRIVERS

@@ -0,0 +1 @@
+CONFIG_CEC_PLATFORM_DRIVERS=y

baseconfig/CONFIG_CHARGER_LTC3651

@@ -0,0 +1 @@
+# CONFIG_CHARGER_LTC3651 is not set

baseconfig/CONFIG_CHARGER_QCOM_SMBB

@@ -1 +0,0 @@
-# CONFIG_CHARGER_QCOM_SMBB is not set

baseconfig/CONFIG_CIFS_DEBUG_DUMP_KEYS

@@ -0,0 +1 @@
+# CONFIG_CIFS_DEBUG_DUMP_KEYS is not set

baseconfig/CONFIG_CISS_SCSI_TAPE

@@ -1 +0,0 @@
-CONFIG_CISS_SCSI_TAPE=y

baseconfig/CONFIG_CLK_HSDK

@@ -0,0 +1 @@
+# CONFIG_CLK_HSDK is not set

baseconfig/CONFIG_CLOCK_THERMAL

@@ -0,0 +1 @@
+# CONFIG_CLOCK_THERMAL is not set

baseconfig/CONFIG_CORTINA_PHY

@@ -0,0 +1 @@
+CONFIG_CORTINA_PHY=m

baseconfig/CONFIG_CRC4

@@ -0,0 +1 @@
+CONFIG_CRC4=m

baseconfig/CONFIG_CROS_KBD_LED_BACKLIGHT

@@ -1 +1 @@
-# CONFIG_CROS_KBD_LED_BACKLIGHT is not set
+CONFIG_CROS_KBD_LED_BACKLIGHT=m

baseconfig/CONFIG_CRYPTO_DEV_CCREE

@@ -0,0 +1 @@
+# CONFIG_CRYPTO_DEV_CCREE is not set

baseconfig/CONFIG_CRYPTO_DEV_NITROX_CNN55XX

@@ -0,0 +1 @@
+CONFIG_CRYPTO_DEV_NITROX_CNN55XX=m

baseconfig/CONFIG_CRYPTO_DEV_SP_CCP

@@ -0,0 +1 @@
+# CONFIG_CRYPTO_DEV_SP_CCP is not set

baseconfig/CONFIG_CRYPTO_DH

@@ -1 +1 @@
-CONFIG_CRYPTO_DH=m
+CONFIG_CRYPTO_DH=y

baseconfig/CONFIG_CRYPTO_GCM

@@ -1 +1 @@
-CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_GCM=y

baseconfig/CONFIG_CRYPTO_GHASH

@@ -1 +1 @@
-CONFIG_CRYPTO_GHASH=m
+CONFIG_CRYPTO_GHASH=y

baseconfig/CONFIG_DEVFREQ_THERMAL

@@ -0,0 +1 @@
+# CONFIG_DEVFREQ_THERMAL is not set

baseconfig/CONFIG_DEVPORT

@@ -1 +1 @@
-# CONFIG_DEVPORT is not set
+CONFIG_DEVPORT=y

baseconfig/CONFIG_DM_INTEGRITY

@@ -0,0 +1 @@
+CONFIG_DM_INTEGRITY=m

baseconfig/CONFIG_DM_ZONED

@@ -0,0 +1 @@
+CONFIG_DM_ZONED=m

baseconfig/CONFIG_DRM_AMDGPU_CIK

@@ -1 +1 @@
-# CONFIG_DRM_AMDGPU_CIK is not set
+CONFIG_DRM_AMDGPU_CIK=y

baseconfig/CONFIG_DRM_DW_HDMI_AHB_AUDIO

@@ -0,0 +1 @@
+# CONFIG_DRM_DW_HDMI_AHB_AUDIO is not set

baseconfig/CONFIG_DRM_DW_HDMI_I2S_AUDIO

@@ -1 +1 @@
-CONFIG_DRM_DW_HDMI_I2S_AUDIO=m
+# CONFIG_DRM_DW_HDMI_I2S_AUDIO is not set

baseconfig/CONFIG_DRM_FBDEV_OVERALLOC

@@ -0,0 +1 @@
+CONFIG_DRM_FBDEV_OVERALLOC=100

baseconfig/CONFIG_DRM_LVDS_ENCODER

@@ -0,0 +1 @@
+# CONFIG_DRM_LVDS_ENCODER is not set

baseconfig/CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW

@@ -0,0 +1 @@
+# CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW is not set

baseconfig/CONFIG_DRM_MXSFB

@@ -1 +1 @@
-CONFIG_DRM_MXSFB=m
+# CONFIG_DRM_MXSFB is not set

baseconfig/CONFIG_DRM_PANEL_INNOLUX_P079ZCA

@@ -0,0 +1 @@
+# CONFIG_DRM_PANEL_INNOLUX_P079ZCA is not set

baseconfig/CONFIG_DRM_PANEL_LVDS

@@ -0,0 +1 @@
+# CONFIG_DRM_PANEL_LVDS is not set

baseconfig/CONFIG_DRM_PANEL_SAMSUNG_S6E3HA2

@@ -0,0 +1 @@
+# CONFIG_DRM_PANEL_SAMSUNG_S6E3HA2 is not set

baseconfig/CONFIG_DRM_PANEL_SITRONIX_ST7789V

@@ -0,0 +1 @@
+# CONFIG_DRM_PANEL_SITRONIX_ST7789V is not set

baseconfig/CONFIG_DRM_RCAR_DW_HDMI

@@ -0,0 +1 @@
+# CONFIG_DRM_RCAR_DW_HDMI is not set

baseconfig/CONFIG_DRM_VBOXVIDEO

@@ -0,0 +1 @@
+# CONFIG_DRM_VBOXVIDEO is not set

baseconfig/CONFIG_DVB_DDBRIDGE_MSIENABLE

@@ -0,0 +1 @@
+# CONFIG_DVB_DDBRIDGE_MSIENABLE is not set