Blob Blame History Raw
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Al Stone <ahs3@redhat.com>
Date: Tue, 27 Feb 2018 00:21:23 -0500
Subject: [PATCH 01/34] ACPI: APEI: arm64: Ignore broken HPE moonshot APEI
 support

Message-id: <20180227002123.21608-1-ahs3@redhat.com>
Patchwork-id: 206052
O-Subject: [RHEL8 BZ1518076 PATCH] ACPI: APEI: arm64: Ignore broken HPE moonshot APEI support
Bugzilla: 1518076
RH-Acked-by: Mark Salter <msalter@redhat.com>
RH-Acked-by: Jeremy McNicoll <jmcnicol@redhat.com>

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1518076
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=15417197
Tested: compile-only; several other patches are required for full booting
        QE has tested limited boot (see comment#12 of BZ)

This is a re-post of a RHEL-ALT-7.5 patch specific to aarch64 moonshots
that we use in beaker.  It is required for these machines to boot.

    commit 8a663a264863efedf8bb4a9d76ac603920fdd739
    Author: Robert Richter <rrichter@redhat.com>
    Date:   Wed Aug 16 19:49:30 2017 -0400

    [acpi] APEI: arm64: Ignore broken HPE moonshot APEI support

    From: Mark Salter <msalter@redhat.com>
    Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1344237
    Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=13768971
    Tested: Booted on moonshot with patched 4.11.0-20 kernel
    Upstream: RHEL-only

    The aarch64 HP moonshot platforms we have in beaker and elsewhere have
    a firmware bug which causes a spurious fatal memory error via APEI at
    boot time. This platform is no longer supported and no further firmware
    updates are expected. This is a downstream-only hack to avoid the problem
    by bailing out of HEST table probing if we detect a moonshot HEST table.

    Signed-off-by: Mark Salter <msalter@redhat.com>
    Signed-off-by: Robert Richter <rrichter@redhat.com>
    Signed-off-by: Herton R. Krzesinski <herton@redhat.com>

Upstream Status: RHEL only
Signed-off-by: Al Stone <ahs3@redhat.com>
Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
---
 drivers/acpi/apei/hest.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/acpi/apei/hest.c b/drivers/acpi/apei/hest.c
index 6aef1ee5e1bd..8f146b1b4972 100644
--- a/drivers/acpi/apei/hest.c
+++ b/drivers/acpi/apei/hest.c
@@ -96,6 +96,14 @@ static int apei_hest_parse(apei_hest_func_t func, void *data)
 	if (hest_disable || !hest_tab)
 		return -EINVAL;
 
+#ifdef CONFIG_ARM64
+	/* Ignore broken firmware */
+	if (!strncmp(hest_tab->header.oem_id, "HPE   ", 6) &&
+	    !strncmp(hest_tab->header.oem_table_id, "ProLiant", 8) &&
+	    MIDR_IMPLEMENTOR(read_cpuid_id()) == ARM_CPU_IMP_APM)
+		return -EINVAL;
+#endif
+
 	hest_hdr = (struct acpi_hest_header *)(hest_tab + 1);
 	for (i = 0; i < hest_tab->error_source_count; i++) {
 		len = hest_esrc_len(hest_hdr);
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Mark Salter <msalter@redhat.com>
Date: Thu, 10 May 2018 17:38:43 -0400
Subject: [PATCH 02/34] ACPI / irq: Workaround firmware issue on X-Gene based
 m400

Message-id: <20180510173844.29580-3-msalter@redhat.com>
Patchwork-id: 214383
O-Subject: [RHEL-8 BZ1519554 2/3] ACPI / irq: Workaround firmware issue on X-Gene based m400
Bugzilla: 1519554
RH-Acked-by: Al Stone <astone@redhat.com>
RH-Acked-by: Tony Camuso <tcamuso@redhat.com>

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519554
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=16144520

The ACPI firmware on the xgene-based m400 platorms erroneously
describes its UART interrupt as ACPI_PRODUCER rather than
ACPI_CONSUMER. This leads to the UART driver being unable to
find its interrupt and the kernel unable find a console.
Work around this by avoiding the producer/consumer check
for X-Gene UARTs.

Upstream Status: RHEL only
Signed-off-by: Mark Salter <msalter@redhat.com>
Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
---
 drivers/acpi/irq.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/drivers/acpi/irq.c b/drivers/acpi/irq.c
index c2c786eb95ab..377cddba06dc 100644
--- a/drivers/acpi/irq.c
+++ b/drivers/acpi/irq.c
@@ -138,6 +138,7 @@ struct acpi_irq_parse_one_ctx {
 	unsigned int index;
 	unsigned long *res_flags;
 	struct irq_fwspec *fwspec;
+	bool skip_producer_check;
 };
 
 /**
@@ -211,7 +212,8 @@ static acpi_status acpi_irq_parse_one_cb(struct acpi_resource *ares,
 		return AE_CTRL_TERMINATE;
 	case ACPI_RESOURCE_TYPE_EXTENDED_IRQ:
 		eirq = &ares->data.extended_irq;
-		if (eirq->producer_consumer == ACPI_PRODUCER)
+		if (!ctx->skip_producer_check &&
+		    eirq->producer_consumer == ACPI_PRODUCER)
 			return AE_OK;
 		if (ctx->index >= eirq->interrupt_count) {
 			ctx->index -= eirq->interrupt_count;
@@ -247,8 +249,19 @@ static acpi_status acpi_irq_parse_one_cb(struct acpi_resource *ares,
 static int acpi_irq_parse_one(acpi_handle handle, unsigned int index,
 			      struct irq_fwspec *fwspec, unsigned long *flags)
 {
-	struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec };
+	struct acpi_irq_parse_one_ctx ctx = { -EINVAL, index, flags, fwspec, false };
 
+	/*
+	 * Firmware on arm64-based HPE m400 platform incorrectly marks
+	 * its UART interrupt as ACPI_PRODUCER rather than ACPI_CONSUMER.
+	 * Don't do the producer/consumer check for that device.
+	 */
+	if (IS_ENABLED(CONFIG_ARM64)) {
+		struct acpi_device *adev = acpi_bus_get_acpi_device(handle);
+
+		if (adev && !strcmp(acpi_device_hid(adev), "APMC0D08"))
+			ctx.skip_producer_check = true;
+	}
 	acpi_walk_resources(handle, METHOD_NAME__CRS, acpi_irq_parse_one_cb, &ctx);
 	return ctx.rc;
 }
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Mark Salter <msalter@redhat.com>
Date: Thu, 10 May 2018 17:38:44 -0400
Subject: [PATCH 03/34] aarch64: acpi scan: Fix regression related to X-Gene
 UARTs

Message-id: <20180510173844.29580-4-msalter@redhat.com>
Patchwork-id: 214381
O-Subject: [RHEL-8 BZ1519554 3/3] aarch64: acpi scan: Fix regression related to X-Gene UARTs
Bugzilla: 1519554
RH-Acked-by: Al Stone <astone@redhat.com>
RH-Acked-by: Tony Camuso <tcamuso@redhat.com>

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519554
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=16144520

Commit e361d1f85855 ("ACPI / scan: Fix enumeration for special UART
devices") caused a regression with some X-Gene based platforms (Mustang
and M400) with invalid DSDT. The DSDT makes it appear that the UART
device is also a slave device attached to itself. With the above commit
the UART won't be enumerated by ACPI scan (slave serial devices shouldn't
be). So check for X-Gene UART device and skip slace device check on it.

Upstream Status: RHEL only
Signed-off-by: Mark Salter <msalter@redhat.com>
Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
---
 drivers/acpi/scan.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c
index dbfa58e799e2..69654a728e07 100644
--- a/drivers/acpi/scan.c
+++ b/drivers/acpi/scan.c
@@ -1746,6 +1746,15 @@ static bool acpi_device_enumeration_by_parent(struct acpi_device *device)
 	if (!acpi_match_device_ids(device, ignore_serial_bus_ids))
 		return false;
 
+	/*
+	 * Firmware on some arm64 X-Gene platforms will make the UART
+	 * device appear as both a UART and a slave of that UART. Just
+	 * bail out here for X-Gene UARTs.
+	 */
+	if (IS_ENABLED(CONFIG_ARM64) &&
+	    !strcmp(acpi_device_hid(device), "APMC0D08"))
+		return false;
+
 	INIT_LIST_HEAD(&resource_list);
 	acpi_dev_get_resources(device, &resource_list,
 			       acpi_check_serial_bus_slave,
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robert Richter <rrichter@redhat.com>
Date: Thu, 7 Jun 2018 22:59:32 -0400
Subject: [PATCH 04/34] Vulcan: AHCI PCI bar fix for Broadcom Vulcan early
 silicon

Message-id: <1528412373-19128-2-git-send-email-rrichter@redhat.com>
Patchwork-id: 220950
O-Subject: [RHEL-8.0 BZ 1563590 v2 1/2] PCI: Vulcan: AHCI PCI bar fix for Broadcom Vulcan early silicon
Bugzilla: 1563590
RH-Acked-by: Dean Nelson <dnelson@redhat.com>
RH-Acked-by: Mark Langsdorf <mlangsdo@redhat.com>
RH-Acked-by: Mark Salter <msalter@redhat.com>

From: Ashok Kumar Sekar <asekar@redhat.com>

PCI BAR 5 is not setup correctly for the on-board AHCI
controller on Broadcom's Vulcan processor. Added a quirk to fix BAR 5
by using BAR 4's resources which are populated correctly but NOT used
by the AHCI controller actually.

RHEL-only:

Both patches are in RHEL-7.6 also. Inclusion of the patches into RHEL-8
was discussed. Since there are partners with Ax system configurations it
was decided to carry them in RHEL8 too. See:

 https://bugzilla.redhat.com/show_bug.cgi?id=1563590#c1

Upstream Status: RHEL only
Signed-off-by: Ashok Kumar Sekar <asekar@redhat.com>
Signed-off-by: Jayachandran C <jchandra@broadcom.com>
Signed-off-by: Robert Richter <rrichter@redhat.com>
Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
---
 drivers/pci/quirks.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 494fa46f5767..27bc8dd45ad8 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -4296,6 +4296,30 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9000,
 DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9084,
 				quirk_bridge_cavm_thrx2_pcie_root);
 
+/*
+ * PCI BAR 5 is not setup correctly for the on-board AHCI controller
+ * on Broadcom's Vulcan processor. Added a quirk to fix BAR 5 by
+ * using BAR 4's resources which are populated correctly and NOT
+ * actually used by the AHCI controller.
+ */
+static void quirk_fix_vulcan_ahci_bars(struct pci_dev *dev)
+{
+	struct resource *r =  &dev->resource[4];
+
+	if (!(r->flags & IORESOURCE_MEM) || (r->start == 0))
+		return;
+
+	/* Set BAR5 resource to BAR4 */
+	dev->resource[5] = *r;
+
+	/* Update BAR5 in pci config space */
+	pci_write_config_dword(dev, PCI_BASE_ADDRESS_5, r->start);
+
+	/* Clear BAR4's resource */
+	memset(r, 0, sizeof(*r));
+}
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_BROADCOM, 0x9027, quirk_fix_vulcan_ahci_bars);
+
 /*
  * Intersil/Techwell TW686[4589]-based video capture cards have an empty (zero)
  * class code.  Fix it.
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robert Richter <rrichter@redhat.com>
Date: Thu, 7 Jun 2018 22:59:33 -0400
Subject: [PATCH 05/34] ahci: thunderx2: Fix for errata that affects stop
 engine

Message-id: <1528412373-19128-3-git-send-email-rrichter@redhat.com>
Patchwork-id: 220952
O-Subject: [RHEL-8.0 BZ 1563590 v2 2/2] ahci: thunderx2: Fix for errata that affects stop engine
Bugzilla: 1563590
RH-Acked-by: Dean Nelson <dnelson@redhat.com>
RH-Acked-by: Mark Langsdorf <mlangsdo@redhat.com>
RH-Acked-by: Mark Salter <msalter@redhat.com>

From: Jayachandran C <jnair@caviumnetworks.com>

Apply workaround for this errata:
  Synopsis: Resetting PxCMD.ST may hang the SATA device

  Description: An internal ping-pong buffer state is not reset
  correctly for an PxCMD.ST=0 command for a SATA channel. This
  may cause the SATA interface to hang when a PxCMD.ST=0 command
  is received.

  Workaround: A SATA_BIU_CORE_ENABLE.sw_init_bsi must be asserted
  by the driver whenever the PxCMD.ST needs to be de-asserted. This
  will reset both the ports. So, it may not always work in a 2
  channel SATA system.

  Resolution: Fix in B0.

Add the code to ahci_stop_engine() to do this. It is not easy to
stop the other "port" since it is associated with a different AHCI
interface. Please note that with this fix, SATA reset does not
hang any more, but it can cause failures on the other interface
if that is in active use.

Unfortunately, we have nothing other the the CPU ID to check if the
SATA block has this issue.

RHEL-only:

Both patches are in RHEL-7.6 also. Inclusion of the patches into RHEL-8
was discussed. Since there are partners with Ax system configurations it
was decided to carry them in RHEL8 too. See:

 https://bugzilla.redhat.com/show_bug.cgi?id=1563590#c1

[v3 with new delays]
Signed-off-by: Jayachandran C <jnair@caviumnetworks.com>

Upstream Status: RHEL only
Signed-off-by: Robert Richter <rrichter@redhat.com>
Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
---
 drivers/ata/libahci.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c
index 954386a2b500..8f49d54e838e 100644
--- a/drivers/ata/libahci.c
+++ b/drivers/ata/libahci.c
@@ -727,6 +727,24 @@ int ahci_stop_engine(struct ata_port *ap)
 	tmp &= ~PORT_CMD_START;
 	writel(tmp, port_mmio + PORT_CMD);
 
+#ifdef CONFIG_ARM64
+	/* Rev Ax of Cavium CN99XX needs a hack for port stop */
+	if (dev_is_pci(ap->host->dev) &&
+	    to_pci_dev(ap->host->dev)->vendor == 0x14e4 &&
+	    to_pci_dev(ap->host->dev)->device == 0x9027 &&
+	    midr_is_cpu_model_range(read_cpuid_id(),
+			MIDR_CPU_MODEL(ARM_CPU_IMP_BRCM, BRCM_CPU_PART_VULCAN),
+			MIDR_CPU_VAR_REV(0, 0),
+			MIDR_CPU_VAR_REV(0, MIDR_REVISION_MASK))) {
+		tmp = readl(hpriv->mmio + 0x8000);
+		udelay(100);
+		writel(tmp | (1 << 26), hpriv->mmio + 0x8000);
+		udelay(100);
+		writel(tmp & ~(1 << 26), hpriv->mmio + 0x8000);
+		dev_warn(ap->host->dev, "CN99XX SATA reset workaround applied\n");
+	}
+#endif
+
 	/* wait for engine to stop. This could be as long as 500 msec */
 	tmp = ata_wait_register(ap, port_mmio + PORT_CMD,
 				PORT_CMD_LIST_ON, PORT_CMD_LIST_ON, 1, 500);
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Laura Abbott <labbott@redhat.com>
Date: Sun, 10 Feb 2019 01:27:54 +0000
Subject: [PATCH 06/34] ipmi: do not configure ipmi for HPE m400

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1670017
Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=20147017

Commit 913a89f009d9 ("ipmi: Don't initialize anything in the core until
something uses it") added new locking which broke context.

    Message-id: <20180713142210.15700-1-tcamuso@redhat.com>
    Patchwork-id: 224899
    O-Subject: [RHEL8 BZ 1583537 1/1] ipmi: do not configure ipmi for HPE m400
    Bugzilla: 1583537
    RH-Acked-by: Dean Nelson <dnelson@redhat.com>
    RH-Acked-by: Al Stone <ahs3@redhat.com>
    RH-Acked-by: Mark Salter <msalter@redhat.com>

    bugzilla:https://bugzilla.redhat.com/show_bug.cgi?id=1583537
    brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=17150528

    RHEL-only

    The ARM-based HPE m400 reports host-side ipmi as residing in intel
    port-io space, which does not exist in ARM processors. Therefore, when
    running on an m400, host-side ipmi configuration code must simply return
    zero without trying to configure the host-side ipmi.

    This patch prevents panic on boot by averting attempts to configure
    host-side ipmi on this platform.

    Though HPE m400 is not certified with RHEL, and HPE has relegated it to
    EOL status, the platform is still used extensively in ARM development
    and test for RHEL.

    Testing:
    Boot without blacklisting ipmi and check to see that no ipmi modules
    are loaded.

    Signed-off-by: Tony Camuso <tcamuso@redhat.com>

    cc: Prarit Bhargava <prarit@redhat.com>
    cc: Brendan Conoboy <blc@redhat.com>
    cc: Jeff Bastian <jbastian@redhat.com>
    cc: Scott Herold <sherold@redhat.com>
    Signed-off-by: Herton R. Krzesinski <herton@redhat.com>

Upstream Status: RHEL only
Signed-off-by: Laura Abbott <labbott@redhat.com>
Acked-by: Tony Camuso <tcamuso@redhat.com>
Acked-by: Dean Nelson <dnelson@redhat.com>
Acked-by: Jarod Wilson <jarod@redhat.com>
Acked-by: Mark Salter <msalter@redhat.com>
---
 drivers/char/ipmi/ipmi_dmi.c        | 15 +++++++++++++++
 drivers/char/ipmi/ipmi_msghandler.c | 16 +++++++++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/drivers/char/ipmi/ipmi_dmi.c b/drivers/char/ipmi/ipmi_dmi.c
index bbf7029e224b..cf7faa970dd6 100644
--- a/drivers/char/ipmi/ipmi_dmi.c
+++ b/drivers/char/ipmi/ipmi_dmi.c
@@ -215,6 +215,21 @@ static int __init scan_for_dmi_ipmi(void)
 {
 	const struct dmi_device *dev = NULL;
 
+#ifdef CONFIG_ARM64
+	/* RHEL-only
+	 * If this is ARM-based HPE m400, return now, because that platform
+	 * reports the host-side ipmi address as intel port-io space, which
+	 * does not exist in the ARM architecture.
+	 */
+	const char *dmistr = dmi_get_system_info(DMI_PRODUCT_NAME);
+
+	if (dmistr && (strcmp("ProLiant m400 Server", dmistr) == 0)) {
+		pr_debug("%s does not support host ipmi\n", dmistr);
+		return 0;
+	}
+	/* END RHEL-only */
+#endif
+
 	while ((dev = dmi_find_device(DMI_DEV_TYPE_IPMI, NULL, dev)))
 		dmi_decode_ipmi((const struct dmi_header *) dev->device_data);
 
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
index 5d403fb5bd92..385747b5361f 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
+++ b/drivers/char/ipmi/ipmi_msghandler.c
@@ -35,6 +35,7 @@
 #include <linux/uuid.h>
 #include <linux/nospec.h>
 #include <linux/vmalloc.h>
+#include <linux/dmi.h>
 #include <linux/delay.h>
 
 #define IPMI_DRIVER_VERSION "39.2"
@@ -5516,8 +5517,21 @@ static int __init ipmi_init_msghandler_mod(void)
 {
 	int rv;
 
-	pr_info("version " IPMI_DRIVER_VERSION "\n");
+#ifdef CONFIG_ARM64
+	/* RHEL-only
+	 * If this is ARM-based HPE m400, return now, because that platform
+	 * reports the host-side ipmi address as intel port-io space, which
+	 * does not exist in the ARM architecture.
+	 */
+	const char *dmistr = dmi_get_system_info(DMI_PRODUCT_NAME);
 
+	if (dmistr && (strcmp("ProLiant m400 Server", dmistr) == 0)) {
+		pr_debug("%s does not support host ipmi\n", dmistr);
+		return -ENOSYS;
+	}
+	/* END RHEL-only */
+#endif
+	pr_info("version " IPMI_DRIVER_VERSION "\n");
 	mutex_lock(&ipmi_interfaces_mutex);
 	rv = ipmi_register_driver();
 	mutex_unlock(&ipmi_interfaces_mutex);
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Laura Abbott <labbott@redhat.com>
Date: Mon, 20 May 2019 22:21:02 -0400
Subject: [PATCH 07/34] iommu/arm-smmu: workaround DMA mode issues

Message-id: <20190520222102.19488-1-labbott@redhat.com>
Patchwork-id: 259215
O-Subject: [ARK INTERNAL PATCH] iommu/arm-smmu: workaround DMA mode issues
Bugzilla:
RH-Acked-by: Mark Langsdorf <mlangsdo@redhat.com>
RH-Acked-by: Mark Salter <msalter@redhat.com>

From: Mark Salter <msalter@redhat.com>

Rebased for v5.2-rc1

	Bugzilla: 1652259
	Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=19244562
	Upstream status: RHEL only.

	rhel8 commit 65feb1ed0ec9a088a63a90d46c0f7563ac96ad0f
	Author: Mark Salter <msalter@redhat.com>
	Date:   Wed Nov 21 17:15:59 2018 +0100

	    [iommu] iommu/arm-smmu: workaround DMA mode issues

	    Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1624077
	    Brew: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=18112820
	    Testing: Verified iommu.passthrough=1 no longer needed on gigabyte platforms.
	    Upstream Status: RHEL-only

	    In RHEL_ALT 7.5 we carried a RHEL-only patch which forced the arm smmuv2
	    into bypass mode due to performance issues on CN88xx. This was intended
	    to be a temporary hack until the issues were resolved. Another vendor
	    had issues with the iommu in bypass mode so we reverted the RHEL-only
	    patch so that iommu is in DMA mode by default (upstream default).

	    It turns on that there are remaining SMMU DMA mode issues on Gigabyte
	    platformws with CN88xx cpus. The problem manifests itself by pcie
	    card drivers failing to initialize the cards when SMMU is in DMA mode.
	    The root cause has not been determined yet, but looks likely to be
	    a hw or firmware issue. This patch forces bypass mode for Gigabyte
	    platforms. CN88xx isn't officially supported in RHEL but we have a
	    lot of them being used internally for testing, so I think we want
	    this to support that use case in RHEL8.

	    Signed-off-by: Mark Salter <msalter@redhat.com>
	    Signed-off-by: Herton R. Krzesinski <herton@redhat.com>

	Acked-by: Mark Salter <msalter@redhat.com>
	Acked-by: Donald Dutile <ddutile@redhat.com>

Upstream Status: RHEL only
Signed-off-by: Laura Abbott <labbott@redhat.com>
---
 drivers/iommu/iommu.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
index bfb2f163c691..3e02f19e8975 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
@@ -8,6 +8,7 @@
 
 #include <linux/amba/bus.h>
 #include <linux/device.h>
+#include <linux/dmi.h>
 #include <linux/kernel.h>
 #include <linux/bits.h>
 #include <linux/bug.h>
@@ -2852,6 +2853,27 @@ u32 iommu_sva_get_pasid(struct iommu_sva *handle)
 }
 EXPORT_SYMBOL_GPL(iommu_sva_get_pasid);
 
+#ifdef CONFIG_ARM64
+static int __init iommu_quirks(void)
+{
+	const char *vendor, *name;
+
+	vendor = dmi_get_system_info(DMI_SYS_VENDOR);
+	name = dmi_get_system_info(DMI_PRODUCT_NAME);
+
+	if (vendor &&
+	    (strncmp(vendor, "GIGABYTE", 8) == 0 && name &&
+	     (strncmp(name, "R120", 4) == 0 ||
+	      strncmp(name, "R270", 4) == 0))) {
+		pr_warn("Gigabyte %s detected, force iommu passthrough mode", name);
+		iommu_def_domain_type = IOMMU_DOMAIN_IDENTITY;
+	}
+
+	return 0;
+}
+arch_initcall(iommu_quirks);
+#endif
+
 /*
  * Changes the default domain of an iommu group that has *only* one device
  *
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jcline@redhat.com>
Date: Tue, 1 Oct 2019 15:51:23 +0000
Subject: [PATCH 08/34] arm: aarch64: Drop the EXPERT setting from
 ARM64_FORCE_52BIT

Message-id: <20191001181256.22935-1-jcline@redhat.com>
Patchwork-id: 275498
O-Subject: [ARK INTERNAL PATCH] [ARK INTERNAL PATCH] [redhat] Add patch
    to drop the EXPERT setting from ARM64_FORCE_52BIT
Bugzilla:
RH-Acked-by: Laura Abbott <labbott@redhat.com>

We don't turn on EXPERT as there are few settings we actually want to
mess with. Remove the dependency for ARM64_FORCE_52BIT as we do want
that on in debug builds to help find 52-bit bugs.

Upstream Status: RHEL only
Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
 arch/arm64/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 43ff7c7a3ac9..efb74e176dec 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1211,7 +1211,7 @@ endchoice
 
 config ARM64_FORCE_52BIT
 	bool "Force 52-bit virtual addresses for userspace"
-	depends on ARM64_VA_BITS_52 && EXPERT
+	depends on ARM64_VA_BITS_52
 	help
 	  For systems with 52-bit userspace VAs enabled, the kernel will attempt
 	  to maintain compatibility with older software by providing 48-bit VAs
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 2 Oct 2017 18:22:13 -0400
Subject: [PATCH 09/34] Add efi_status_to_str() and rework efi_status_to_err().

This adds efi_status_to_str() for use when printing efi_status_t
messages, and reworks efi_status_to_err() so that the two use a common
list of errors.

Upstream Status: RHEL only
Signed-off-by: Peter Jones <pjones@redhat.com>
---
 drivers/firmware/efi/efi.c | 124 +++++++++++++++++++++++++++----------
 include/linux/efi.h        |   3 +
 2 files changed, 96 insertions(+), 31 deletions(-)

diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index b43e5e6ddaf6..3179641e9855 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -32,6 +32,7 @@
 #include <linux/ucs2_string.h>
 #include <linux/memblock.h>
 #include <linux/security.h>
+#include <linux/bsearch.h>
 
 #include <asm/early_ioremap.h>
 
@@ -884,40 +885,101 @@ int efi_mem_type(unsigned long phys_addr)
 }
 #endif
 
+struct efi_error_code {
+	efi_status_t status;
+	int errno;
+	const char *description;
+};
+
+static const struct efi_error_code efi_error_codes[] = {
+	{ EFI_SUCCESS, 0, "Success"},
+#if 0
+	{ EFI_LOAD_ERROR, -EPICK_AN_ERRNO, "Load Error"},
+#endif
+	{ EFI_INVALID_PARAMETER, -EINVAL, "Invalid Parameter"},
+	{ EFI_UNSUPPORTED, -ENOSYS, "Unsupported"},
+	{ EFI_BAD_BUFFER_SIZE, -ENOSPC, "Bad Buffer Size"},
+	{ EFI_BUFFER_TOO_SMALL, -ENOSPC, "Buffer Too Small"},
+	{ EFI_NOT_READY, -EAGAIN, "Not Ready"},
+	{ EFI_DEVICE_ERROR, -EIO, "Device Error"},
+	{ EFI_WRITE_PROTECTED, -EROFS, "Write Protected"},
+	{ EFI_OUT_OF_RESOURCES, -ENOMEM, "Out of Resources"},
+#if 0
+	{ EFI_VOLUME_CORRUPTED, -EPICK_AN_ERRNO, "Volume Corrupt"},
+	{ EFI_VOLUME_FULL, -EPICK_AN_ERRNO, "Volume Full"},
+	{ EFI_NO_MEDIA, -EPICK_AN_ERRNO, "No Media"},
+	{ EFI_MEDIA_CHANGED, -EPICK_AN_ERRNO, "Media changed"},
+#endif
+	{ EFI_NOT_FOUND, -ENOENT, "Not Found"},
+#if 0
+	{ EFI_ACCESS_DENIED, -EPICK_AN_ERRNO, "Access Denied"},
+	{ EFI_NO_RESPONSE, -EPICK_AN_ERRNO, "No Response"},
+	{ EFI_NO_MAPPING, -EPICK_AN_ERRNO, "No mapping"},
+	{ EFI_TIMEOUT, -EPICK_AN_ERRNO, "Time out"},
+	{ EFI_NOT_STARTED, -EPICK_AN_ERRNO, "Not started"},
+	{ EFI_ALREADY_STARTED, -EPICK_AN_ERRNO, "Already started"},
+#endif
+	{ EFI_ABORTED, -EINTR, "Aborted"},
+#if 0
+	{ EFI_ICMP_ERROR, -EPICK_AN_ERRNO, "ICMP Error"},
+	{ EFI_TFTP_ERROR, -EPICK_AN_ERRNO, "TFTP Error"},
+	{ EFI_PROTOCOL_ERROR, -EPICK_AN_ERRNO, "Protocol Error"},
+	{ EFI_INCOMPATIBLE_VERSION, -EPICK_AN_ERRNO, "Incompatible Version"},
+#endif
+	{ EFI_SECURITY_VIOLATION, -EACCES, "Security Policy Violation"},
+#if 0
+	{ EFI_CRC_ERROR, -EPICK_AN_ERRNO, "CRC Error"},
+	{ EFI_END_OF_MEDIA, -EPICK_AN_ERRNO, "End of Media"},
+	{ EFI_END_OF_FILE, -EPICK_AN_ERRNO, "End of File"},
+	{ EFI_INVALID_LANGUAGE, -EPICK_AN_ERRNO, "Invalid Languages"},
+	{ EFI_COMPROMISED_DATA, -EPICK_AN_ERRNO, "Compromised Data"},
+
+	// warnings
+	{ EFI_WARN_UNKOWN_GLYPH, -EPICK_AN_ERRNO, "Warning Unknown Glyph"},
+	{ EFI_WARN_DELETE_FAILURE, -EPICK_AN_ERRNO, "Warning Delete Failure"},
+	{ EFI_WARN_WRITE_FAILURE, -EPICK_AN_ERRNO, "Warning Write Failure"},
+	{ EFI_WARN_BUFFER_TOO_SMALL, -EPICK_AN_ERRNO, "Warning Buffer Too Small"},
+#endif
+};
+
+static int
+efi_status_cmp_bsearch(const void *key, const void *item)
+{
+	u64 status = (u64)(uintptr_t)key;
+	struct efi_error_code *code = (struct efi_error_code *)item;
+
+	if (status < code->status)
+		return -1;
+	if (status > code->status)
+		return 1;
+	return 0;
+}
+
 int efi_status_to_err(efi_status_t status)
 {
-	int err;
-
-	switch (status) {
-	case EFI_SUCCESS:
-		err = 0;
-		break;
-	case EFI_INVALID_PARAMETER:
-		err = -EINVAL;
-		break;
-	case EFI_OUT_OF_RESOURCES:
-		err = -ENOSPC;
-		break;
-	case EFI_DEVICE_ERROR:
-		err = -EIO;
-		break;
-	case EFI_WRITE_PROTECTED:
-		err = -EROFS;
-		break;
-	case EFI_SECURITY_VIOLATION:
-		err = -EACCES;
-		break;
-	case EFI_NOT_FOUND:
-		err = -ENOENT;
-		break;
-	case EFI_ABORTED:
-		err = -EINTR;
-		break;
-	default:
-		err = -EINVAL;
-	}
+	struct efi_error_code *found;
+	size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code);
 
-	return err;
+	found = bsearch((void *)(uintptr_t)status, efi_error_codes,
+			sizeof(struct efi_error_code), num,
+			efi_status_cmp_bsearch);
+	if (!found)
+		return -EINVAL;
+	return found->errno;
+}
+
+const char *
+efi_status_to_str(efi_status_t status)
+{
+	struct efi_error_code *found;
+	size_t num = sizeof(efi_error_codes) / sizeof(struct efi_error_code);
+
+	found = bsearch((void *)(uintptr_t)status, efi_error_codes,
+			sizeof(struct efi_error_code), num,
+			efi_status_cmp_bsearch);
+	if (!found)
+		return "Unknown error code";
+	return found->description;
 }
 EXPORT_SYMBOL_GPL(efi_status_to_err);
 
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 4e1bfee9675d..69a3074a9fbc 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -43,6 +43,8 @@
 #define EFI_ABORTED		(21 | (1UL << (BITS_PER_LONG-1)))
 #define EFI_SECURITY_VIOLATION	(26 | (1UL << (BITS_PER_LONG-1)))
 
+#define EFI_IS_ERROR(x)		((x) & (1UL << (BITS_PER_LONG-1)))
+
 typedef unsigned long efi_status_t;
 typedef u8 efi_bool_t;
 typedef u16 efi_char16_t;		/* UNICODE character */
@@ -911,6 +913,7 @@ static inline void efi_find_mirror(void) {}
 #endif
 
 extern int efi_status_to_err(efi_status_t status);
+extern const char *efi_status_to_str(efi_status_t status);
 
 /*
  * Variable Attributes
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 2 Oct 2017 18:18:30 -0400
Subject: [PATCH 10/34] Make get_cert_list() use efi_status_to_str() to print
 error messages.

Upstream Status: RHEL only
Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
 security/integrity/platform_certs/load_uefi.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c
index d1fdd113450a..182e8090cfe8 100644
--- a/security/integrity/platform_certs/load_uefi.c
+++ b/security/integrity/platform_certs/load_uefi.c
@@ -74,7 +74,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
 		return NULL;
 
 	if (*status != EFI_BUFFER_TOO_SMALL) {
-		pr_err("Couldn't get size: 0x%lx\n", *status);
+		pr_err("Couldn't get size: %s (0x%lx)\n",
+		       efi_status_to_str(*status), *status);
 		return NULL;
 	}
 
@@ -85,7 +86,8 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid,
 	*status = efi.get_variable(name, guid, NULL, &lsize, db);
 	if (*status != EFI_SUCCESS) {
 		kfree(db);
-		pr_err("Error reading db var: 0x%lx\n", *status);
+		pr_err("Error reading db var: %s (0x%lx)\n",
+		       efi_status_to_str(*status), *status);
 		return NULL;
 	}
 
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jcline@redhat.com>
Date: Mon, 30 Sep 2019 21:22:47 +0000
Subject: [PATCH 11/34] security: lockdown: expose a hook to lock the kernel
 down

In order to automatically lock down kernels running on UEFI machines
booted in Secure Boot mode, expose the lock_kernel_down() hook.

Upstream Status: RHEL only
Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
 include/linux/lsm_hook_defs.h | 2 ++
 include/linux/lsm_hooks.h     | 6 ++++++
 include/linux/security.h      | 5 +++++
 security/lockdown/lockdown.c  | 1 +
 security/security.c           | 6 ++++++
 5 files changed, 20 insertions(+)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index ec119da1d89b..3c27eb4fd460 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -396,6 +396,8 @@ LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free_security, struct bpf_prog_aux *aux)
 #endif /* CONFIG_BPF_SYSCALL */
 
 LSM_HOOK(int, 0, locked_down, enum lockdown_reason what)
+LSM_HOOK(int, 0, lock_kernel_down, const char *where, enum lockdown_reason level)
+
 
 #ifdef CONFIG_PERF_EVENTS
 LSM_HOOK(int, 0, perf_event_open, struct perf_event_attr *attr, int type)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 4ec80b96c22e..93495ac301f2 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1561,6 +1561,12 @@
  *
  *     @what: kernel feature being accessed
  *
+ * @lock_kernel_down
+ * 	Put the kernel into lock-down mode.
+ *
+ * 	@where: Where the lock-down is originating from (e.g. command line option)
+ * 	@level: The lock-down level (can only increase)
+ *
  * Security hooks for perf events
  *
  * @perf_event_open:
diff --git a/include/linux/security.h b/include/linux/security.h
index ca1b7109c0db..b947cfbf04c2 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -478,6 +478,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
 int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
 int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
 int security_locked_down(enum lockdown_reason what);
+int security_lock_kernel_down(const char *where, enum lockdown_reason level);
 #else /* CONFIG_SECURITY */
 
 static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
@@ -1366,6 +1367,10 @@ static inline int security_locked_down(enum lockdown_reason what)
 {
 	return 0;
 }
+static inline int security_lock_kernel_down(const char *where, enum lockdown_reason level)
+{
+	return 0;
+}
 #endif	/* CONFIG_SECURITY */
 
 #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index a79b985e917e..772a69bf43ec 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -73,6 +73,7 @@ static int lockdown_is_locked_down(enum lockdown_reason what)
 
 static struct security_hook_list lockdown_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(locked_down, lockdown_is_locked_down),
+	LSM_HOOK_INIT(lock_kernel_down, lock_kernel_down),
 };
 
 static int __init lockdown_lsm_init(void)
diff --git a/security/security.c b/security/security.c
index 75dc0947ee0c..e5be2f687c15 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2631,6 +2631,12 @@ int security_locked_down(enum lockdown_reason what)
 }
 EXPORT_SYMBOL(security_locked_down);
 
+int security_lock_kernel_down(const char *where, enum lockdown_reason level)
+{
+	return call_int_hook(lock_kernel_down, 0, where, level);
+}
+EXPORT_SYMBOL(security_lock_kernel_down);
+
 #ifdef CONFIG_PERF_EVENTS
 int security_perf_event_open(struct perf_event_attr *attr, int type)
 {
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 27 Feb 2018 10:04:55 +0000
Subject: [PATCH 12/34] efi: Add an EFI_SECURE_BOOT flag to indicate secure
 boot mode

UEFI machines can be booted in Secure Boot mode.  Add an EFI_SECURE_BOOT
flag that can be passed to efi_enabled() to find out whether secure boot is
enabled.

Move the switch-statement in x86's setup_arch() that inteprets the
secure_boot boot parameter to generic code and set the bit there.

Upstream Status: RHEL only
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
cc: linux-efi@vger.kernel.org
[Rebased for context; efi_is_table_address was moved to arch/x86]
Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
 arch/x86/kernel/setup.c           | 14 +-----------
 drivers/firmware/efi/Makefile     |  1 +
 drivers/firmware/efi/secureboot.c | 38 +++++++++++++++++++++++++++++++
 include/linux/efi.h               | 19 ++++++++++------
 4 files changed, 52 insertions(+), 20 deletions(-)
 create mode 100644 drivers/firmware/efi/secureboot.c

diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 892609cde4a2..50c2ab2156c7 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -1205,19 +1205,7 @@ void __init setup_arch(char **cmdline_p)
 	/* Allocate bigger log buffer */
 	setup_log_buf(1);
 
-	if (efi_enabled(EFI_BOOT)) {
-		switch (boot_params.secure_boot) {
-		case efi_secureboot_mode_disabled:
-			pr_info("Secure boot disabled\n");
-			break;
-		case efi_secureboot_mode_enabled:
-			pr_info("Secure boot enabled\n");
-			break;
-		default:
-			pr_info("Secure boot could not be determined\n");
-			break;
-		}
-	}
+	efi_set_secure_boot(boot_params.secure_boot);
 
 	reserve_initrd();
 
diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
index 8d151e332584..bd29fe4ddbf3 100644
--- a/drivers/firmware/efi/Makefile
+++ b/drivers/firmware/efi/Makefile
@@ -27,6 +27,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP)		+= fake_map.o
 obj-$(CONFIG_EFI_BOOTLOADER_CONTROL)	+= efibc.o
 obj-$(CONFIG_EFI_TEST)			+= test/
 obj-$(CONFIG_EFI_DEV_PATH_PARSER)	+= dev-path-parser.o
+obj-$(CONFIG_EFI)			+= secureboot.o
 obj-$(CONFIG_APPLE_PROPERTIES)		+= apple-properties.o
 obj-$(CONFIG_EFI_RCI2_TABLE)		+= rci2-table.o
 obj-$(CONFIG_EFI_EMBEDDED_FIRMWARE)	+= embedded-firmware.o
diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c
new file mode 100644
index 000000000000..de0a3714a5d4
--- /dev/null
+++ b/drivers/firmware/efi/secureboot.c
@@ -0,0 +1,38 @@
+/* Core kernel secure boot support.
+ *
+ * Copyright (C) 2017 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+
+#include <linux/efi.h>
+#include <linux/kernel.h>
+#include <linux/printk.h>
+
+/*
+ * Decide what to do when UEFI secure boot mode is enabled.
+ */
+void __init efi_set_secure_boot(enum efi_secureboot_mode mode)
+{
+	if (efi_enabled(EFI_BOOT)) {
+		switch (mode) {
+		case efi_secureboot_mode_disabled:
+			pr_info("Secure boot disabled\n");
+			break;
+		case efi_secureboot_mode_enabled:
+			set_bit(EFI_SECURE_BOOT, &efi.flags);
+			pr_info("Secure boot enabled\n");
+			break;
+		default:
+			pr_warn("Secure boot could not be determined (mode %u)\n",
+				   mode);
+			break;
+		}
+	}
+}
diff --git a/include/linux/efi.h b/include/linux/efi.h
index 69a3074a9fbc..c9d330ff3614 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -867,6 +867,14 @@ extern int __init efi_setup_pcdp_console(char *);
 #define EFI_MEM_ATTR		10	/* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */
 #define EFI_MEM_NO_SOFT_RESERVE	11	/* Is the kernel configured to ignore soft reservations? */
 #define EFI_PRESERVE_BS_REGIONS	12	/* Are EFI boot-services memory segments available? */
+#define EFI_SECURE_BOOT		13	/* Are we in Secure Boot mode? */
+
+enum efi_secureboot_mode {
+	efi_secureboot_mode_unset,
+	efi_secureboot_mode_unknown,
+	efi_secureboot_mode_disabled,
+	efi_secureboot_mode_enabled,
+};
 
 #ifdef CONFIG_EFI
 /*
@@ -878,6 +886,8 @@ static inline bool efi_enabled(int feature)
 }
 extern void efi_reboot(enum reboot_mode reboot_mode, const char *__unused);
 
+extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode);
+
 bool __pure __efi_soft_reserve_enabled(void);
 
 static inline bool __pure efi_soft_reserve_enabled(void)
@@ -899,6 +909,8 @@ static inline bool efi_enabled(int feature)
 static inline void
 efi_reboot(enum reboot_mode reboot_mode, const char *__unused) {}
 
+static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {}
+
 static inline bool efi_soft_reserve_enabled(void)
 {
 	return false;
@@ -1139,13 +1151,6 @@ static inline bool efi_runtime_disabled(void) { return true; }
 extern void efi_call_virt_check_flags(unsigned long flags, const char *call);
 extern unsigned long efi_call_virt_save_flags(void);
 
-enum efi_secureboot_mode {
-	efi_secureboot_mode_unset,
-	efi_secureboot_mode_unknown,
-	efi_secureboot_mode_disabled,
-	efi_secureboot_mode_enabled,
-};
-
 static inline
 enum efi_secureboot_mode efi_get_secureboot_mode(efi_get_variable_t *get_var)
 {
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Mon, 30 Sep 2019 21:28:16 +0000
Subject: [PATCH 13/34] efi: Lock down the kernel if booted in secure boot mode

UEFI Secure Boot provides a mechanism for ensuring that the firmware
will only load signed bootloaders and kernels.  Certain use cases may
also require that all kernel modules also be signed.  Add a
configuration option that to lock down the kernel - which includes
requiring validly signed modules - if the kernel is secure-booted.

Upstream Status: RHEL only
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
 arch/x86/kernel/setup.c   |  8 ++++++++
 security/lockdown/Kconfig | 13 +++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 50c2ab2156c7..ad9aa11ba3a0 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -21,6 +21,7 @@
 #include <linux/root_dev.h>
 #include <linux/hugetlb.h>
 #include <linux/tboot.h>
+#include <linux/security.h>
 #include <linux/usb/xhci-dbgp.h>
 #include <linux/static_call.h>
 #include <linux/swiotlb.h>
@@ -1036,6 +1037,13 @@ void __init setup_arch(char **cmdline_p)
 	if (efi_enabled(EFI_BOOT))
 		efi_init();
 
+	efi_set_secure_boot(boot_params.secure_boot);
+
+#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
+	if (efi_enabled(EFI_SECURE_BOOT))
+		security_lock_kernel_down("EFI Secure Boot mode", LOCKDOWN_INTEGRITY_MAX);
+#endif
+
 	dmi_setup();
 
 	/*
diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig
index e84ddf484010..d0501353a4b9 100644
--- a/security/lockdown/Kconfig
+++ b/security/lockdown/Kconfig
@@ -16,6 +16,19 @@ config SECURITY_LOCKDOWN_LSM_EARLY
 	  subsystem is fully initialised. If enabled, lockdown will
 	  unconditionally be called before any other LSMs.
 
+config LOCK_DOWN_IN_EFI_SECURE_BOOT
+	bool "Lock down the kernel in EFI Secure Boot mode"
+	default n
+	depends on EFI && SECURITY_LOCKDOWN_LSM_EARLY
+	help
+	  UEFI Secure Boot provides a mechanism for ensuring that the firmware
+	  will only load signed bootloaders and kernels.  Secure boot mode may
+	  be determined from EFI variables provided by the system firmware if
+	  not indicated by the boot parameters.
+
+	  Enabling this option results in kernel lockdown being triggered if
+	  EFI Secure Boot is set.
+
 choice
 	prompt "Kernel default lockdown mode"
 	default LOCK_DOWN_KERNEL_FORCE_NONE
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jcline@redhat.com>
Date: Wed, 30 Oct 2019 14:37:49 +0000
Subject: [PATCH 14/34] s390: Lock down the kernel when the IPL secure flag is
 set

Automatically lock down the kernel to LOCKDOWN_CONFIDENTIALITY_MAX if
the IPL secure flag is set.

Upstream Status: RHEL only
Suggested-by: Philipp Rudo <prudo@redhat.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
 arch/s390/include/asm/ipl.h | 1 +
 arch/s390/kernel/ipl.c      | 5 +++++
 arch/s390/kernel/setup.c    | 4 ++++
 3 files changed, 10 insertions(+)

diff --git a/arch/s390/include/asm/ipl.h b/arch/s390/include/asm/ipl.h
index a405b6bb89fb..50827b341fd7 100644
--- a/arch/s390/include/asm/ipl.h
+++ b/arch/s390/include/asm/ipl.h
@@ -128,6 +128,7 @@ int ipl_report_add_component(struct ipl_report *report, struct kexec_buf *kbuf,
 			     unsigned char flags, unsigned short cert);
 int ipl_report_add_certificate(struct ipl_report *report, void *key,
 			       unsigned long addr, unsigned long len);
+bool ipl_get_secureboot(void);
 
 /*
  * DIAG 308 support
diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c
index 325cbf69ebbd..1801af7a6ec4 100644
--- a/arch/s390/kernel/ipl.c
+++ b/arch/s390/kernel/ipl.c
@@ -2221,3 +2221,8 @@ int ipl_report_free(struct ipl_report *report)
 }
 
 #endif
+
+bool ipl_get_secureboot(void)
+{
+	return !!ipl_secure_flag;
+}
diff --git a/arch/s390/kernel/setup.c b/arch/s390/kernel/setup.c
index 2ec5f1e0312f..e67ca614e4a4 100644
--- a/arch/s390/kernel/setup.c
+++ b/arch/s390/kernel/setup.c
@@ -49,6 +49,7 @@
 #include <linux/memory.h>
 #include <linux/compat.h>
 #include <linux/start_kernel.h>
+#include <linux/security.h>
 #include <linux/hugetlb.h>
 #include <linux/kmemleak.h>
 
@@ -979,6 +980,9 @@ void __init setup_arch(char **cmdline_p)
 
 	log_component_list();
 
+	if (ipl_get_secureboot())
+		security_lock_kernel_down("Secure IPL mode", LOCKDOWN_INTEGRITY_MAX);
+
 	/* Have one command line that is parsed and saved in /proc/cmdline */
 	/* boot_command_line has been already set up in early.c */
 	*cmdline_p = boot_command_line;
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Wed, 26 Feb 2020 13:38:40 -0500
Subject: [PATCH 15/34] Add option of 13 for FORCE_MAX_ZONEORDER

This is a hack, but it's what the other distros currently use
for aarch64 with 4K pages so we'll do the same while upstream
decides what the best outcome is (which isn't this).

Upstream Status: RHEL only
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
[Add a dependency on RHEL_DIFFERENCES]
Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
 arch/arm64/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index efb74e176dec..1412a53688e9 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1450,6 +1450,7 @@ config XEN
 config ARCH_FORCE_MAX_ORDER
 	int
 	default "14" if ARM64_64K_PAGES
+	default "13" if (ARCH_THUNDER && !ARM64_64K_PAGES && !RHEL_DIFFERENCES)
 	default "12" if ARM64_16K_PAGES
 	default "11"
 	help
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jon Masters <jcm@redhat.com>
Date: Thu, 18 Jul 2019 15:47:26 -0400
Subject: [PATCH 16/34] arm: make CONFIG_HIGHPTE optional without CONFIG_EXPERT

We will use this to force CONFIG_HIGHPTE off on LPAE for now

Signed-off-by: Jon Masters <jcm@redhat.com>
---
 arch/arm/Kconfig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index a08c9d092a33..1d82f6e9ecbd 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1315,9 +1315,9 @@ config HIGHMEM
 	  If unsure, say n.
 
 config HIGHPTE
-	bool "Allocate 2nd-level pagetables from highmem" if EXPERT
+	bool "Allocate 2nd-level pagetables from highmem"
 	depends on HIGHMEM
-	default y
+	default n
 	help
 	  The VM uses one page of physical memory for each page table.
 	  For systems with a lot of processes, this can use a lot of
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Thu, 3 May 2012 20:27:11 +0100
Subject: [PATCH 17/34] ARM: tegra: usb no reset

Patch for disconnect issues with storage attached to a
 tegra-ehci controller
---
 drivers/usb/core/hub.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index 1abe43ddb75f..041f8bc643d8 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -5678,6 +5678,13 @@ static void hub_event(struct work_struct *work)
 			(u16) hub->change_bits[0],
 			(u16) hub->event_bits[0]);
 
+	/* Don't disconnect USB-SATA on TrimSlice */
+	if (strcmp(dev_name(hdev->bus->controller), "tegra-ehci.0") == 0) {
+		if ((hdev->state == 7) && (hub->change_bits[0] == 0) &&
+				(hub->event_bits[0] == 0x2))
+			hub->event_bits[0] = 0;
+	}
+
 	/* Lock the device, then check to see if we were
 	 * disconnected while waiting for the lock to succeed. */
 	usb_lock_device(hdev);
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Date: Mon, 3 Apr 2017 18:18:21 +0200
Subject: [PATCH 18/34] Input: rmi4 - remove the need for artificial IRQ in
 case of HID

The IRQ from rmi4 may interfere with the one we currently use on i2c-hid.
Given that there is already a need for an external API from rmi4 to
forward the attention data, we can, in this particular case rely on a
separate workqueue to prevent cursor jumps.

Reported-by: Cameron Gutman <aicommander@gmail.com>
Reported-by: Thorsten Leemhuis <linux@leemhuis.info>
Reported-by: Jason Ekstrand <jason@jlekstrand.net>
Tested-by: Andrew Duggan <aduggan@synaptics.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Lyude <lyude@redhat.com>
---
 drivers/hid/hid-rmi.c           |  66 -----------------
 drivers/input/rmi4/rmi_driver.c | 124 +++++++++++++++++++-------------
 include/linux/rmi.h             |   1 +
 3 files changed, 75 insertions(+), 116 deletions(-)

diff --git a/drivers/hid/hid-rmi.c b/drivers/hid/hid-rmi.c
index 84e7ba5314d3..efc96776f761 100644
--- a/drivers/hid/hid-rmi.c
+++ b/drivers/hid/hid-rmi.c
@@ -321,21 +321,12 @@ static int rmi_input_event(struct hid_device *hdev, u8 *data, int size)
 {
 	struct rmi_data *hdata = hid_get_drvdata(hdev);
 	struct rmi_device *rmi_dev = hdata->xport.rmi_dev;
-	unsigned long flags;
 
 	if (!(test_bit(RMI_STARTED, &hdata->flags)))
 		return 0;
 
-	pm_wakeup_event(hdev->dev.parent, 0);
-
-	local_irq_save(flags);
-
 	rmi_set_attn_data(rmi_dev, data[1], &data[2], size - 2);
 
-	generic_handle_irq(hdata->rmi_irq);
-
-	local_irq_restore(flags);
-
 	return 1;
 }
 
@@ -591,56 +582,6 @@ static const struct rmi_transport_ops hid_rmi_ops = {
 	.reset		= rmi_hid_reset,
 };
 
-static void rmi_irq_teardown(void *data)
-{
-	struct rmi_data *hdata = data;
-	struct irq_domain *domain = hdata->domain;
-
-	if (!domain)
-		return;
-
-	irq_dispose_mapping(irq_find_mapping(domain, 0));
-
-	irq_domain_remove(domain);
-	hdata->domain = NULL;
-	hdata->rmi_irq = 0;
-}
-
-static int rmi_irq_map(struct irq_domain *h, unsigned int virq,
-		       irq_hw_number_t hw_irq_num)
-{
-	irq_set_chip_and_handler(virq, &dummy_irq_chip, handle_simple_irq);
-
-	return 0;
-}
-
-static const struct irq_domain_ops rmi_irq_ops = {
-	.map = rmi_irq_map,
-};
-
-static int rmi_setup_irq_domain(struct hid_device *hdev)
-{
-	struct rmi_data *hdata = hid_get_drvdata(hdev);
-	int ret;
-
-	hdata->domain = irq_domain_create_linear(hdev->dev.fwnode, 1,
-						 &rmi_irq_ops, hdata);
-	if (!hdata->domain)
-		return -ENOMEM;
-
-	ret = devm_add_action_or_reset(&hdev->dev, &rmi_irq_teardown, hdata);
-	if (ret)
-		return ret;
-
-	hdata->rmi_irq = irq_create_mapping(hdata->domain, 0);
-	if (hdata->rmi_irq <= 0) {
-		hid_err(hdev, "Can't allocate an IRQ\n");
-		return hdata->rmi_irq < 0 ? hdata->rmi_irq : -ENXIO;
-	}
-
-	return 0;
-}
-
 static int rmi_probe(struct hid_device *hdev, const struct hid_device_id *id)
 {
 	struct rmi_data *data = NULL;
@@ -713,18 +654,11 @@ static int rmi_probe(struct hid_device *hdev, const struct hid_device_id *id)
 
 	mutex_init(&data->page_mutex);
 
-	ret = rmi_setup_irq_domain(hdev);
-	if (ret) {
-		hid_err(hdev, "failed to allocate IRQ domain\n");
-		return ret;
-	}
-
 	if (data->device_flags & RMI_DEVICE_HAS_PHYS_BUTTONS)
 		rmi_hid_pdata.gpio_data.disable = true;
 
 	data->xport.dev = hdev->dev.parent;
 	data->xport.pdata = rmi_hid_pdata;
-	data->xport.pdata.irq = data->rmi_irq;
 	data->xport.proto_name = "hid";
 	data->xport.ops = &hid_rmi_ops;
 
diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c
index 258d5fe3d395..f7298e3dc8f3 100644
--- a/drivers/input/rmi4/rmi_driver.c
+++ b/drivers/input/rmi4/rmi_driver.c
@@ -182,34 +182,47 @@ void rmi_set_attn_data(struct rmi_device *rmi_dev, unsigned long irq_status,
 	attn_data.data = fifo_data;
 
 	kfifo_put(&drvdata->attn_fifo, attn_data);
+
+	schedule_work(&drvdata->attn_work);
 }
 EXPORT_SYMBOL_GPL(rmi_set_attn_data);
 
-static irqreturn_t rmi_irq_fn(int irq, void *dev_id)
+static void attn_callback(struct work_struct *work)
 {
-	struct rmi_device *rmi_dev = dev_id;
-	struct rmi_driver_data *drvdata = dev_get_drvdata(&rmi_dev->dev);
+	struct rmi_driver_data *drvdata = container_of(work,
+							struct rmi_driver_data,
+							attn_work);
 	struct rmi4_attn_data attn_data = {0};
 	int ret, count;
 
 	count = kfifo_get(&drvdata->attn_fifo, &attn_data);
-	if (count) {
-		*(drvdata->irq_status) = attn_data.irq_status;
-		drvdata->attn_data = attn_data;
-	}
+	if (!count)
+		return;
 
-	ret = rmi_process_interrupt_requests(rmi_dev);
+	*(drvdata->irq_status) = attn_data.irq_status;
+	drvdata->attn_data = attn_data;
+
+	ret = rmi_process_interrupt_requests(drvdata->rmi_dev);
 	if (ret)
-		rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev,
+		rmi_dbg(RMI_DEBUG_CORE, &drvdata->rmi_dev->dev,
 			"Failed to process interrupt request: %d\n", ret);
 
-	if (count) {
-		kfree(attn_data.data);
-		drvdata->attn_data.data = NULL;
-	}
+	kfree(attn_data.data);
+	drvdata->attn_data.data = NULL;
 
 	if (!kfifo_is_empty(&drvdata->attn_fifo))
-		return rmi_irq_fn(irq, dev_id);
+		schedule_work(&drvdata->attn_work);
+}
+
+static irqreturn_t rmi_irq_fn(int irq, void *dev_id)
+{
+	struct rmi_device *rmi_dev = dev_id;
+	int ret;
+
+	ret = rmi_process_interrupt_requests(rmi_dev);
+	if (ret)
+		rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev,
+			"Failed to process interrupt request: %d\n", ret);
 
 	return IRQ_HANDLED;
 }
@@ -217,7 +230,6 @@ static irqreturn_t rmi_irq_fn(int irq, void *dev_id)
 static int rmi_irq_init(struct rmi_device *rmi_dev)
 {
 	struct rmi_device_platform_data *pdata = rmi_get_platform_data(rmi_dev);
-	struct rmi_driver_data *data = dev_get_drvdata(&rmi_dev->dev);
 	int irq_flags = irq_get_trigger_type(pdata->irq);
 	int ret;
 
@@ -235,8 +247,6 @@ static int rmi_irq_init(struct rmi_device *rmi_dev)
 		return ret;
 	}
 
-	data->enabled = true;
-
 	return 0;
 }
 
@@ -886,23 +896,27 @@ void rmi_enable_irq(struct rmi_device *rmi_dev, bool clear_wake)
 	if (data->enabled)
 		goto out;
 
-	enable_irq(irq);
-	data->enabled = true;
-	if (clear_wake && device_may_wakeup(rmi_dev->xport->dev)) {
-		retval = disable_irq_wake(irq);
-		if (retval)
-			dev_warn(&rmi_dev->dev,
-				 "Failed to disable irq for wake: %d\n",
-				 retval);
-	}
+	if (irq) {
+		enable_irq(irq);
+		data->enabled = true;
+		if (clear_wake && device_may_wakeup(rmi_dev->xport->dev)) {
+			retval = disable_irq_wake(irq);
+			if (retval)
+				dev_warn(&rmi_dev->dev,
+					 "Failed to disable irq for wake: %d\n",
+					 retval);
+		}
 
-	/*
-	 * Call rmi_process_interrupt_requests() after enabling irq,
-	 * otherwise we may lose interrupt on edge-triggered systems.
-	 */
-	irq_flags = irq_get_trigger_type(pdata->irq);
-	if (irq_flags & IRQ_TYPE_EDGE_BOTH)
-		rmi_process_interrupt_requests(rmi_dev);
+		/*
+		 * Call rmi_process_interrupt_requests() after enabling irq,
+		 * otherwise we may lose interrupt on edge-triggered systems.
+		 */
+		irq_flags = irq_get_trigger_type(pdata->irq);
+		if (irq_flags & IRQ_TYPE_EDGE_BOTH)
+			rmi_process_interrupt_requests(rmi_dev);
+	} else {
+		data->enabled = true;
+	}
 
 out:
 	mutex_unlock(&data->enabled_mutex);
@@ -922,20 +936,22 @@ void rmi_disable_irq(struct rmi_device *rmi_dev, bool enable_wake)
 		goto out;
 
 	data->enabled = false;
-	disable_irq(irq);
-	if (enable_wake && device_may_wakeup(rmi_dev->xport->dev)) {
-		retval = enable_irq_wake(irq);
-		if (retval)
-			dev_warn(&rmi_dev->dev,
-				 "Failed to enable irq for wake: %d\n",
-				 retval);
-	}
-
-	/* make sure the fifo is clean */
-	while (!kfifo_is_empty(&data->attn_fifo)) {
-		count = kfifo_get(&data->attn_fifo, &attn_data);
-		if (count)
-			kfree(attn_data.data);
+	if (irq) {
+		disable_irq(irq);
+		if (enable_wake && device_may_wakeup(rmi_dev->xport->dev)) {
+			retval = enable_irq_wake(irq);
+			if (retval)
+				dev_warn(&rmi_dev->dev,
+					 "Failed to enable irq for wake: %d\n",
+					 retval);
+		}
+	} else {
+		/* make sure the fifo is clean */
+		while (!kfifo_is_empty(&data->attn_fifo)) {
+			count = kfifo_get(&data->attn_fifo, &attn_data);
+			if (count)
+				kfree(attn_data.data);
+		}
 	}
 
 out:
@@ -981,6 +997,8 @@ static int rmi_driver_remove(struct device *dev)
 	irq_domain_remove(data->irqdomain);
 	data->irqdomain = NULL;
 
+	cancel_work_sync(&data->attn_work);
+
 	rmi_f34_remove_sysfs(rmi_dev);
 	rmi_free_function_list(rmi_dev);
 
@@ -1219,9 +1237,15 @@ static int rmi_driver_probe(struct device *dev)
 		}
 	}
 
-	retval = rmi_irq_init(rmi_dev);
-	if (retval < 0)
-		goto err_destroy_functions;
+	if (pdata->irq) {
+		retval = rmi_irq_init(rmi_dev);
+		if (retval < 0)
+			goto err_destroy_functions;
+	}
+
+	data->enabled = true;
+
+	INIT_WORK(&data->attn_work, attn_callback);
 
 	if (data->f01_container->dev.driver) {
 		/* Driver already bound, so enable ATTN now. */
diff --git a/include/linux/rmi.h b/include/linux/rmi.h
index ab7eea01ab42..fff7c5f737fc 100644
--- a/include/linux/rmi.h
+++ b/include/linux/rmi.h
@@ -364,6 +364,7 @@ struct rmi_driver_data {
 
 	struct rmi4_attn_data attn_data;
 	DECLARE_KFIFO(attn_fifo, struct rmi4_attn_data, 16);
+	struct work_struct attn_work;
 };
 
 int rmi_register_transport_device(struct rmi_transport_dev *xport);
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robert Holmes <robeholmes@gmail.com>
Date: Tue, 23 Apr 2019 07:39:29 +0000
Subject: [PATCH 19/34] KEYS: Make use of platform keyring for module signature
 verify

This patch completes commit 278311e417be ("kexec, KEYS: Make use of
platform keyring for signature verify") which, while adding the
platform keyring for bzImage verification, neglected to also add
this keyring for module verification.

As such, kernel modules signed with keys from the MokList variable
were not successfully verified.

Signed-off-by: Robert Holmes <robeholmes@gmail.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
 kernel/module/signing.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/kernel/module/signing.c b/kernel/module/signing.c
index a2ff4242e623..f0d2be1ee4f1 100644
--- a/kernel/module/signing.c
+++ b/kernel/module/signing.c
@@ -61,10 +61,17 @@ int mod_verify_sig(const void *mod, struct load_info *info)
 	modlen -= sig_len + sizeof(ms);
 	info->len = modlen;
 
-	return verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
+	ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
 				      VERIFY_USE_SECONDARY_KEYRING,
 				      VERIFYING_MODULE_SIGNATURE,
 				      NULL, NULL);
+	if (ret == -ENOKEY && IS_ENABLED(CONFIG_INTEGRITY_PLATFORM_KEYRING)) {
+		ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
+				VERIFY_USE_PLATFORM_KEYRING,
+				VERIFYING_MODULE_SIGNATURE,
+				NULL, NULL);
+	}
+	return ret;
 }
 
 int module_sig_check(struct load_info *info, int flags)
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jeremy Linton <jeremy.linton@arm.com>
Date: Thu, 11 Mar 2021 22:15:13 -0600
Subject: [PATCH 20/34] REDHAT: coresight: etm4x: Disable coresight on HPE
 Apollo 70

bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1918888

The coresight tables on the latest Apollo 70, appear to be
damaged sufficiently to throw a few hundred lines of back-traces
during boot, lets disable it until we can get a firmware fix.

Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
cc: Peter Robinson <pbrobinson@redhat.com>
cc: Justin M. Forbes <jforbes@fedoraproject.org>
cc: Al Stone <ahs3@redhat.com>
---
 .../coresight/coresight-etm4x-core.c          | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/drivers/hwtracing/coresight/coresight-etm4x-core.c b/drivers/hwtracing/coresight/coresight-etm4x-core.c
index c7a65d1524fc..f4851d6996e9 100644
--- a/drivers/hwtracing/coresight/coresight-etm4x-core.c
+++ b/drivers/hwtracing/coresight/coresight-etm4x-core.c
@@ -9,6 +9,7 @@
 #include <linux/init.h>
 #include <linux/types.h>
 #include <linux/device.h>
+#include <linux/dmi.h>
 #include <linux/io.h>
 #include <linux/err.h>
 #include <linux/fs.h>
@@ -2143,6 +2144,16 @@ static const struct amba_id etm4_ids[] = {
 	{},
 };
 
+static const struct dmi_system_id broken_coresight[] = {
+	{
+		.matches = {
+			DMI_MATCH(DMI_SYS_VENDOR, "HPE"),
+			DMI_MATCH(DMI_PRODUCT_NAME, "Apollo 70"),
+		},
+	},
+	{ }	/* terminating entry */
+};
+
 MODULE_DEVICE_TABLE(amba, etm4_ids);
 
 static struct amba_driver etm4x_amba_driver = {
@@ -2176,6 +2187,11 @@ static int __init etm4x_init(void)
 {
 	int ret;
 
+	if (dmi_check_system(broken_coresight)) {
+		pr_info("ETM4 disabled due to firmware bug\n");
+		return 0;
+	}
+
 	ret = etm4_pm_setup();
 
 	/* etm4_pm_setup() does its own cleanup - exit on error */
@@ -2202,6 +2218,9 @@ static int __init etm4x_init(void)
 
 static void __exit etm4x_exit(void)
 {
+	if (dmi_check_system(broken_coresight))
+		return;
+
 	amba_driver_unregister(&etm4x_amba_driver);
 	platform_driver_unregister(&etm4_platform_driver);
 	etm4_pm_clear();
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Justin M. Forbes" <jforbes@fedoraproject.org>
Date: Thu, 6 Oct 2022 15:34:27 -0500
Subject: [PATCH 21/34] Change acpi_bus_get_acpi_device to acpi_get_acpi_dev

Upstream commit 45e9aa1fdbb2e renamed acpi_bus_get_acpi_device to
acpi_get_acpi_dev. As we are carrying an out of tree patch [1] which calls
acpi_bus_get_acpi_device, we need to make the corresponding change
ourselves for things to continue to work.

[1]: c92805df87ae9 ACPI / irq: Workaround firmware issue on X-Gene based m400

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
---
 drivers/acpi/irq.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/acpi/irq.c b/drivers/acpi/irq.c
index 377cddba06dc..4e3aa80cd5cf 100644
--- a/drivers/acpi/irq.c
+++ b/drivers/acpi/irq.c
@@ -257,7 +257,7 @@ static int acpi_irq_parse_one(acpi_handle handle, unsigned int index,
 	 * Don't do the producer/consumer check for that device.
 	 */
 	if (IS_ENABLED(CONFIG_ARM64)) {
-		struct acpi_device *adev = acpi_bus_get_acpi_device(handle);
+		struct acpi_device *adev = acpi_get_acpi_dev(handle);
 
 		if (adev && !strcmp(acpi_device_hid(adev), "APMC0D08"))
 			ctx.skip_producer_check = true;
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jiri Olsa <olsajiri@gmail.com>
Date: Sun, 30 Oct 2022 15:29:54 +0100
Subject: [PATCH 22/34] disable enum64 BTF in fedora rawhide

hi,
I'm trying to update libbpf to 1.0, but it will take some time,
because there are many dependencies, meanwhile the new kernel
BTF seems to break other apps:
  https://bugzilla.redhat.com/show_bug.cgi?id=2138510

would it be possible to merge in workaround for that below?

I wanted to make MR in gitlab, but it won't let me push any
change for some reason..

thanks,
jirka
---
 scripts/pahole-flags.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/pahole-flags.sh b/scripts/pahole-flags.sh
index 0d99ef17e4a5..81c8e082ec57 100755
--- a/scripts/pahole-flags.sh
+++ b/scripts/pahole-flags.sh
@@ -20,4 +20,7 @@ if [ "${pahole_ver}" -ge "122" ]; then
 	extra_paholeopt="${extra_paholeopt} -j"
 fi
 
+# temporary workaround to disable enum64
+extra_paholeopt="${extra_paholeopt} --skip_encoding_btf_enum64"
+
 echo ${extra_paholeopt}
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Thu, 19 May 2022 14:40:07 +0200
Subject: [PATCH 23/34] drivers/firmware: skip simpledrm if
 nvidia-drm.modeset=1 is set

The Nvidia proprietary driver has some bugs that leads to issues if used
with the simpledrm driver. The most noticeable is that does not register
an emulated fbdev device.

It just relies on a fbdev to be registered by another driver, that could
be that could be attached to the framebuffer console. On UEFI machines,
this is the efifb driver.

This means that disabling the efifb driver will cause virtual consoles to
not be present in the system when using the Nvidia driver. Legacy BIOS is
not affected just because fbcon is not used there, but instead vgacon.

Unless a VGA mode is specified using the vga= kernel command line option,
in that case the vesafb driver is used instead and its fbdev attached to
the fbcon.

This is a problem because with CONFIG_SYSFB_SIMPLEFB=y, the sysfb platform
code attempts to register a "simple-framebuffer" platform device (that is
matched against simpledrm) and only registers either an "efi-framebuffer"
or "vesa-framebuffer" if this fails to be registered due the video modes
not being compatible.

The Nvidia driver relying on another driver to register the fbdev is quite
fragile, since it can't really assume those will stick around. For example
there are patches posted to remove the EFI and VESA platform devices once
a real DRM or fbdev driver probes.

But in any case, moving to a simpledrm + emulated fbdev only breaks this
assumption and causes users to not have VT if the Nvidia driver is used.

So to prevent this, let's add a workaround and make the sysfb to skip the
"simple-framebuffer" registration when nvidia-drm.modeset=1 option is set.

This is quite horrible, but honestly I can't think of any other approach.

For this to work, the CONFIG_FB_EFI and CONFIG_FB_VESA config options must
be enabled besides CONFIG_DRM_SIMPLEDRM.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
 drivers/firmware/sysfb.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/drivers/firmware/sysfb.c b/drivers/firmware/sysfb.c
index 3fd3563d962b..75d67e6dde2a 100644
--- a/drivers/firmware/sysfb.c
+++ b/drivers/firmware/sysfb.c
@@ -34,6 +34,22 @@
 #include <linux/screen_info.h>
 #include <linux/sysfb.h>
 
+static int skip_simpledrm;
+
+static int __init simpledrm_disable(char *opt)
+{
+	if (!opt)
+                return -EINVAL;
+
+	get_option(&opt, &skip_simpledrm);
+
+	if (skip_simpledrm)
+		pr_info("The simpledrm driver will not be probed\n");
+
+	return 0;
+}
+early_param("nvidia-drm.modeset", simpledrm_disable);
+
 static struct platform_device *pd;
 static DEFINE_MUTEX(disable_lock);
 static bool disabled;
@@ -83,7 +99,7 @@ static __init int sysfb_init(void)
 
 	/* try to create a simple-framebuffer device */
 	compatible = sysfb_parse_mode(si, &mode);
-	if (compatible) {
+	if (compatible && !skip_simpledrm) {
 		pd = sysfb_create_simplefb(si, &mode);
 		if (!IS_ERR(pd))
 			goto unlock_mutex;
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Zijlstra <peterz@infradead.org>
Date: Thu, 27 Oct 2022 14:54:41 -0700
Subject: [PATCH 24/34] x86/mm: Randomize per-cpu entry area

Seth found that the CPU-entry-area; the piece of per-cpu data that is
mapped into the userspace page-tables for kPTI is not subject to any
randomization -- irrespective of kASLR settings.

On x86_64 a whole P4D (512 GB) of virtual address space is reserved for
this structure, which is plenty large enough to randomize things a
little.

As such, use a straight forward randomization scheme that avoids
duplicates to spread the existing CPUs over the available space.

  [ bp: Fix le build. ]

Reported-by: Seth Jenkins <sethjenkins@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
---
 arch/x86/include/asm/cpu_entry_area.h |  4 ---
 arch/x86/include/asm/pgtable_areas.h  |  8 ++++-
 arch/x86/kernel/hw_breakpoint.c       |  2 +-
 arch/x86/mm/cpu_entry_area.c          | 46 ++++++++++++++++++++++++---
 4 files changed, 50 insertions(+), 10 deletions(-)

diff --git a/arch/x86/include/asm/cpu_entry_area.h b/arch/x86/include/asm/cpu_entry_area.h
index 75efc4c6f076..462fc34f1317 100644
--- a/arch/x86/include/asm/cpu_entry_area.h
+++ b/arch/x86/include/asm/cpu_entry_area.h
@@ -130,10 +130,6 @@ struct cpu_entry_area {
 };
 
 #define CPU_ENTRY_AREA_SIZE		(sizeof(struct cpu_entry_area))
-#define CPU_ENTRY_AREA_ARRAY_SIZE	(CPU_ENTRY_AREA_SIZE * NR_CPUS)
-
-/* Total size includes the readonly IDT mapping page as well: */
-#define CPU_ENTRY_AREA_TOTAL_SIZE	(CPU_ENTRY_AREA_ARRAY_SIZE + PAGE_SIZE)
 
 DECLARE_PER_CPU(struct cpu_entry_area *, cpu_entry_area);
 DECLARE_PER_CPU(struct cea_exception_stacks *, cea_exception_stacks);
diff --git a/arch/x86/include/asm/pgtable_areas.h b/arch/x86/include/asm/pgtable_areas.h
index d34cce1b995c..4f056fb88174 100644
--- a/arch/x86/include/asm/pgtable_areas.h
+++ b/arch/x86/include/asm/pgtable_areas.h
@@ -11,6 +11,12 @@
 
 #define CPU_ENTRY_AREA_RO_IDT_VADDR	((void *)CPU_ENTRY_AREA_RO_IDT)
 
-#define CPU_ENTRY_AREA_MAP_SIZE		(CPU_ENTRY_AREA_PER_CPU + CPU_ENTRY_AREA_ARRAY_SIZE - CPU_ENTRY_AREA_BASE)
+#ifdef CONFIG_X86_32
+#define CPU_ENTRY_AREA_MAP_SIZE		(CPU_ENTRY_AREA_PER_CPU +		\
+					 (CPU_ENTRY_AREA_SIZE * NR_CPUS) -	\
+					 CPU_ENTRY_AREA_BASE)
+#else
+#define CPU_ENTRY_AREA_MAP_SIZE		P4D_SIZE
+#endif
 
 #endif /* _ASM_X86_PGTABLE_AREAS_H */
diff --git a/arch/x86/kernel/hw_breakpoint.c b/arch/x86/kernel/hw_breakpoint.c
index 668a4a6533d9..bbb0f737aab1 100644
--- a/arch/x86/kernel/hw_breakpoint.c
+++ b/arch/x86/kernel/hw_breakpoint.c
@@ -266,7 +266,7 @@ static inline bool within_cpu_entry(unsigned long addr, unsigned long end)
 
 	/* CPU entry erea is always used for CPU entry */
 	if (within_area(addr, end, CPU_ENTRY_AREA_BASE,
-			CPU_ENTRY_AREA_TOTAL_SIZE))
+			CPU_ENTRY_AREA_MAP_SIZE))
 		return true;
 
 	/*
diff --git a/arch/x86/mm/cpu_entry_area.c b/arch/x86/mm/cpu_entry_area.c
index 6c2f1b76a0b6..20844cf141fb 100644
--- a/arch/x86/mm/cpu_entry_area.c
+++ b/arch/x86/mm/cpu_entry_area.c
@@ -15,16 +15,53 @@ static DEFINE_PER_CPU_PAGE_ALIGNED(struct entry_stack_page, entry_stack_storage)
 #ifdef CONFIG_X86_64
 static DEFINE_PER_CPU_PAGE_ALIGNED(struct exception_stacks, exception_stacks);
 DEFINE_PER_CPU(struct cea_exception_stacks*, cea_exception_stacks);
-#endif
 
-#ifdef CONFIG_X86_32
+static DEFINE_PER_CPU_READ_MOSTLY(unsigned long, _cea_offset);
+
+static __always_inline unsigned int cea_offset(unsigned int cpu)
+{
+	return per_cpu(_cea_offset, cpu);
+}
+
+static __init void init_cea_offsets(void)
+{
+	unsigned int max_cea;
+	unsigned int i, j;
+
+	max_cea = (CPU_ENTRY_AREA_MAP_SIZE - PAGE_SIZE) / CPU_ENTRY_AREA_SIZE;
+
+	/* O(sodding terrible) */
+	for_each_possible_cpu(i) {
+		unsigned int cea;
+
+again:
+		cea = prandom_u32_max(max_cea);
+
+		for_each_possible_cpu(j) {
+			if (cea_offset(j) == cea)
+				goto again;
+
+			if (i == j)
+				break;
+		}
+
+		per_cpu(_cea_offset, i) = cea;
+	}
+}
+#else /* !X86_64 */
 DECLARE_PER_CPU_PAGE_ALIGNED(struct doublefault_stack, doublefault_stack);
+
+static __always_inline unsigned int cea_offset(unsigned int cpu)
+{
+	return cpu;
+}
+static inline void init_cea_offsets(void) { }
 #endif
 
 /* Is called from entry code, so must be noinstr */
 noinstr struct cpu_entry_area *get_cpu_entry_area(int cpu)
 {
-	unsigned long va = CPU_ENTRY_AREA_PER_CPU + cpu * CPU_ENTRY_AREA_SIZE;
+	unsigned long va = CPU_ENTRY_AREA_PER_CPU + cea_offset(cpu) * CPU_ENTRY_AREA_SIZE;
 	BUILD_BUG_ON(sizeof(struct cpu_entry_area) % PAGE_SIZE != 0);
 
 	return (struct cpu_entry_area *) va;
@@ -205,7 +242,6 @@ static __init void setup_cpu_entry_area_ptes(void)
 
 	/* The +1 is for the readonly IDT: */
 	BUILD_BUG_ON((CPU_ENTRY_AREA_PAGES+1)*PAGE_SIZE != CPU_ENTRY_AREA_MAP_SIZE);
-	BUILD_BUG_ON(CPU_ENTRY_AREA_TOTAL_SIZE != CPU_ENTRY_AREA_MAP_SIZE);
 	BUG_ON(CPU_ENTRY_AREA_BASE & ~PMD_MASK);
 
 	start = CPU_ENTRY_AREA_BASE;
@@ -221,6 +257,8 @@ void __init setup_cpu_entry_areas(void)
 {
 	unsigned int cpu;
 
+	init_cea_offsets();
+
 	setup_cpu_entry_area_ptes();
 
 	for_each_possible_cpu(cpu)
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Justin M. Forbes" <jforbes@fedoraproject.org>
Date: Sat, 11 Mar 2023 08:53:53 -0600
Subject: [PATCH 25/34] Revert "wifi: cfg80211: Fix use after free for wext"

This reverts commit 015b8cc5e7c4d7bb671f1984d7b7338c310b185b.
---
 net/wireless/sme.c | 31 +++++--------------------------
 1 file changed, 5 insertions(+), 26 deletions(-)

diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 89fc5683ed26..11a05fa2261a 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -285,15 +285,6 @@ void cfg80211_conn_work(struct work_struct *work)
 	wiphy_unlock(&rdev->wiphy);
 }
 
-static void cfg80211_step_auth_next(struct cfg80211_conn *conn,
-				    struct cfg80211_bss *bss)
-{
-	memcpy(conn->bssid, bss->bssid, ETH_ALEN);
-	conn->params.bssid = conn->bssid;
-	conn->params.channel = bss->channel;
-	conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
-}
-
 /* Returned bss is reference counted and must be cleaned up appropriately. */
 static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev)
 {
@@ -311,7 +302,10 @@ static struct cfg80211_bss *cfg80211_get_conn_bss(struct wireless_dev *wdev)
 	if (!bss)
 		return NULL;
 
-	cfg80211_step_auth_next(wdev->conn, bss);
+	memcpy(wdev->conn->bssid, bss->bssid, ETH_ALEN);
+	wdev->conn->params.bssid = wdev->conn->bssid;
+	wdev->conn->params.channel = bss->channel;
+	wdev->conn->state = CFG80211_CONN_AUTHENTICATE_NEXT;
 	schedule_work(&rdev->conn_work);
 
 	return bss;
@@ -603,12 +597,7 @@ static int cfg80211_sme_connect(struct wireless_dev *wdev,
 	wdev->conn->params.ssid_len = wdev->u.client.ssid_len;
 
 	/* see if we have the bss already */
-	bss = cfg80211_get_bss(wdev->wiphy, wdev->conn->params.channel,
-			       wdev->conn->params.bssid,
-			       wdev->conn->params.ssid,
-			       wdev->conn->params.ssid_len,
-			       wdev->conn_bss_type,
-			       IEEE80211_PRIVACY(wdev->conn->params.privacy));
+	bss = cfg80211_get_conn_bss(wdev);
 
 	if (prev_bssid) {
 		memcpy(wdev->conn->prev_bssid, prev_bssid, ETH_ALEN);
@@ -619,7 +608,6 @@ static int cfg80211_sme_connect(struct wireless_dev *wdev,
 	if (bss) {
 		enum nl80211_timeout_reason treason;
 
-		cfg80211_step_auth_next(wdev->conn, bss);
 		err = cfg80211_conn_do_work(wdev, &treason);
 		cfg80211_put_bss(wdev->wiphy, bss);
 	} else {
@@ -1479,15 +1467,6 @@ int cfg80211_connect(struct cfg80211_registered_device *rdev,
 	} else {
 		if (WARN_ON(connkeys))
 			return -EINVAL;
-
-		/* connect can point to wdev->wext.connect which
-		 * can hold key data from a previous connection
-		 */
-		connect->key = NULL;
-		connect->key_len = 0;
-		connect->key_idx = 0;
-		connect->crypto.cipher_group = 0;
-		connect->crypto.n_ciphers_pairwise = 0;
 	}
 
 	wdev->connect_keys = connkeys;
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Laura Abbott <labbott@redhat.com>
Date: Wed, 23 Jan 2019 14:36:37 +0100
Subject: [PATCH 26/34] Drop that for now

---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index a825361f7162..b83f1adf1574 100644
--- a/Makefile
+++ b/Makefile
@@ -570,6 +570,7 @@ KBUILD_CFLAGS   := -Wall -Wundef -Werror=strict-prototypes -Wno-trigraphs \
 		   -fno-strict-aliasing -fno-common -fshort-wchar -fno-PIE \
 		   -Werror=implicit-function-declaration -Werror=implicit-int \
 		   -Werror=return-type -Wno-format-security \
+		   -Wno-address-of-packed-member \
 		   -std=gnu11
 KBUILD_CPPFLAGS := -D__KERNEL__
 KBUILD_RUSTFLAGS := $(rust_common_flags) \
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Don Brace <dbrace@redhat.com>
Date: Mon, 16 Jul 2018 19:20:41 -0400
Subject: [PATCH 27/34] scsi: smartpqi: add inspur advantech ids

Message-id: <1531768843-2544-4-git-send-email-dbrace@redhat.com>
Patchwork-id: 224988
O-Subject: [RHEL 8.0 e-stor V2 PATCH 3/5] scsi: smartpqi: add inspur advantech ids
Bugzilla: 1503736
RH-Acked-by: Ewan Milne <emilne@redhat.com>
RH-Acked-by: Tomas Henzl <thenzl@redhat.com>

From: Kevin Barnett <kevin.barnett@microsemi.com>

Add support for these new device IDs:

  Advantech MIC-8312BridgeB
  INSPUR PM8204-2GB
  INSPUR PM8204-4GB
  INSPUR PM8222-SHBA

Upstream Status: RHEL only
Reviewed-by: Scott Benesh <scott.benesh@microsemi.com>
Signed-off-by: Kevin Barnett <kevin.barnett@microsemi.com>
Signed-off-by: Don Brace <don.brace@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
(cherry picked from commit 9f8d05fa98442de78d1ab30235b0cc656ed7aff0)
Signed-off-by: Don Brace <dbrace@redhat.com>
Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
---
 drivers/scsi/smartpqi/smartpqi_init.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
index 9f0f69c1ed66..96909da91e03 100644
--- a/drivers/scsi/smartpqi/smartpqi_init.c
+++ b/drivers/scsi/smartpqi/smartpqi_init.c
@@ -9461,6 +9461,18 @@ static const struct pci_device_id pqi_pci_id_table[] = {
 		PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f,
 			       0x19e5, 0xd22c)
 	},
+	{
+		PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f,
+			       0x1bd4, 0x004a)
+	},
+	{
+		PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f,
+			       0x1bd4, 0x004b)
+	},
+	{
+		PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f,
+			       0x1bd4, 0x004c)
+	},
 	{
 		PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f,
 			       PCI_VENDOR_ID_ADAPTEC2, 0x0110)
@@ -9769,6 +9781,10 @@ static const struct pci_device_id pqi_pci_id_table[] = {
 		PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f,
 			       PCI_VENDOR_ID_ADVANTECH, 0x8312)
 	},
+	{
+		PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f,
+			       PCI_VENDOR_ID_ADVANTECH, 0x8312)
+	},
 	{
 		PCI_DEVICE_SUB(PCI_VENDOR_ID_ADAPTEC2, 0x028f,
 			       PCI_VENDOR_ID_DELL, 0x1fe0)
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Murphy Zhou <jencce.kernel@gmail.com>
Date: Sun, 29 Sep 2019 17:56:59 +0800
Subject: [PATCH 28/34] mm/kmemleak: skip late_init if not skip disable

Now if DEFAULT_OFF set to y, kmemleak_init will start the cleanup_work
workqueue. Then late_init call will set kmemleak_initialized to 1, the
cleaup workqueue will try to do cleanup, triggering:

[24.738773] ==================================================================
[24.742784] BUG: KASAN: global-out-of-bounds in __kmemleak_do_cleanup+0x166/0x180
[24.744144] Key type ._fscrypt registered
[24.745680] Read of size 8 at addr ffffffff88746c90 by task kworker/3:1/171
[24.745687]
[24.745697] CPU: 3 PID: 171 Comm: kworker/3:1 Not tainted 5.3.0-v5.3-12475-gcbafe18 #1
[24.745701] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[24.745710] Workqueue: events kmemleak_do_cleanup
[24.745717] Call Trace:
[24.745736]  dump_stack+0x7c/0xc0
[24.745755]  print_address_description.constprop.4+0x1f/0x300
[24.751562] Key type .fscrypt registered
[24.754370]  __kasan_report.cold.8+0x76/0xb2
[24.754388]  ? __kmemleak_do_cleanup+0x166/0x180
[24.754407]  kasan_report+0xe/0x20
[24.778543]  __kmemleak_do_cleanup+0x166/0x180
[24.780795]  process_one_work+0x919/0x17d0
[24.782929]  ? pwq_dec_nr_in_flight+0x320/0x320
[24.785092]  worker_thread+0x87/0xb40
[24.786948]  ? __kthread_parkme+0xc3/0x190
[24.789217]  ? process_one_work+0x17d0/0x17d0
[24.791414]  kthread+0x333/0x3f0
[24.793031]  ? kthread_create_worker_on_cpu+0xc0/0xc0
[24.795473]  ret_from_fork+0x3a/0x50
[24.797303]
[24.798091] The buggy address belongs to the variable:
[24.800634]  mem_pool_free_count+0x10/0x40
[24.802656]
[24.803434] Memory state around the buggy address:
[24.805793]  ffffffff88746b80: 04 fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
[24.809177]  ffffffff88746c00: 00 fa fa fa fa fa fa fa 00 00 fa fa fa fa fa fa
[24.812407] >ffffffff88746c80: 04 fa fa fa fa fa fa fa 00 00 fa fa fa fa fa fa
[24.815638]                          ^
[24.817372]  ffffffff88746d00: 00 00 fa fa fa fa fa fa 00 00 00 00 00 00 00 00
[24.820740]  ffffffff88746d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[24.824021] ==================================================================

Fixes: c5665868183f ("mm: kmemleak: use the memory pool for early allocations")
Signed-off-by: Murphy Zhou <jencce.kernel@gmail.com>
---
 mm/kmemleak.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index 646e2979641f..6143e5a0d4ae 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -2107,6 +2107,11 @@ void __init kmemleak_init(void)
  */
 static int __init kmemleak_late_init(void)
 {
+	if (!kmemleak_skip_disable) {
+		kmemleak_disable();
+		return 0;
+	}
+
 	kmemleak_initialized = 1;
 
 	debugfs_create_file("kmemleak", 0644, NULL, NULL, &kmemleak_fops);
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Icenowy Zheng <icenowy@aosc.io>
Date: Mon, 16 Mar 2020 21:35:00 +0800
Subject: [PATCH 29/34] dt-bindings: panel: add binding for Xingbangda XBD599
 panel

Xingbangda XBD599 is a 5.99" 720x1440 MIPI-DSI LCD panel.

Add its device tree binding.

Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
---
 .../display/panel/xingbangda,xbd599.yaml      | 50 +++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 Documentation/devicetree/bindings/display/panel/xingbangda,xbd599.yaml

diff --git a/Documentation/devicetree/bindings/display/panel/xingbangda,xbd599.yaml b/Documentation/devicetree/bindings/display/panel/xingbangda,xbd599.yaml
new file mode 100644
index 000000000000..b27bcf11198f
--- /dev/null
+++ b/Documentation/devicetree/bindings/display/panel/xingbangda,xbd599.yaml
@@ -0,0 +1,50 @@
+# SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)
+%YAML 1.2
+---
+$id: http://devicetree.org/schemas/display/panel/xingbangda,xbd599.yaml#
+$schema: http://devicetree.org/meta-schemas/core.yaml#
+
+title: Xingbangda XBD599 5.99in MIPI-DSI LCD panel
+
+maintainers:
+  - Icenowy Zheng <icenowy@aosc.io>
+
+allOf:
+  - $ref: panel-common.yaml#
+
+properties:
+  compatible:
+    const: xingbangda,xbd599
+  reg: true
+  backlight: true
+  reset-gpios: true
+  vcc-supply:
+    description: regulator that supplies the VCC voltage
+  iovcc-supply:
+    description: regulator that supplies the IOVCC voltage
+
+required:
+  - compatible
+  - reg
+  - backlight
+  - vcc-supply
+  - iovcc-supply
+
+additionalProperties: false
+
+examples:
+  - |
+    dsi {
+        #address-cells = <1>;
+        #size-cells = <0>;
+
+        panel@0 {
+            compatible = "xingbangda,xbd599";
+            reg = <0>;
+            backlight = <&backlight>;
+            iovcc-supply = <&reg_dldo2>;
+            vcc-supply = <&reg_ldo_io0>;
+        };
+    };
+
+...
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Icenowy Zheng <icenowy@aosc.io>
Date: Mon, 16 Mar 2020 21:35:02 +0800
Subject: [PATCH 30/34] drm/sun4i: sun6i_mipi_dsi: fix horizontal timing
 calculation

The max() function call in horizontal timing calculation shouldn't pad a
length already subtracted with overhead to overhead, instead it should
only prevent the set timing to underflow.

Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
---
 drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c b/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c
index 34234a144e87..408e48d87757 100644
--- a/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c
+++ b/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c
@@ -556,7 +556,7 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi,
 		 */
 #define HSA_PACKET_OVERHEAD	10
 		hsa = max(HSA_PACKET_OVERHEAD,
-			  (mode->hsync_end - mode->hsync_start) * Bpp - HSA_PACKET_OVERHEAD);
+			  (mode->hsync_end - mode->hsync_start) * Bpp) - HSA_PACKET_OVERHEAD;
 
 		/*
 		 * The backporch is set using a blanking packet (4
@@ -565,7 +565,7 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi,
 		 */
 #define HBP_PACKET_OVERHEAD	6
 		hbp = max(HBP_PACKET_OVERHEAD,
-			  (mode->htotal - mode->hsync_end) * Bpp - HBP_PACKET_OVERHEAD);
+			  (mode->htotal - mode->hsync_end) * Bpp) - HBP_PACKET_OVERHEAD;
 
 		/*
 		 * The frontporch is set using a sync event (4 bytes)
@@ -575,7 +575,7 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi,
 		 */
 #define HFP_PACKET_OVERHEAD	16
 		hfp = max(HFP_PACKET_OVERHEAD,
-			  (mode->hsync_start - mode->hdisplay) * Bpp - HFP_PACKET_OVERHEAD);
+			  (mode->hsync_start - mode->hdisplay) * Bpp) - HFP_PACKET_OVERHEAD;
 
 		/*
 		 * The blanking is set using a sync event (4 bytes)
@@ -584,8 +584,8 @@ static void sun6i_dsi_setup_timings(struct sun6i_dsi *dsi,
 		 */
 #define HBLK_PACKET_OVERHEAD	10
 		hblk = max(HBLK_PACKET_OVERHEAD,
-			   (mode->htotal - (mode->hsync_end - mode->hsync_start)) * Bpp -
-			   HBLK_PACKET_OVERHEAD);
+			   (mode->htotal - (mode->hsync_end - mode->hsync_start)) * Bpp) -
+			   HBLK_PACKET_OVERHEAD;
 
 		/*
 		 * And I'm not entirely sure what vblk is about. The driver in
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: "Justin M. Forbes" <jforbes@fedoraproject.org>
Date: Thu, 30 Jul 2020 10:26:11 -0500
Subject: [PATCH 31/34] Work around for gcc bug
 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96377

Signed-off-by: Justin M. Forbes <jforbes@fedoraproject.org>
---
 crypto/aegis128-neon-inner.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/aegis128-neon-inner.c b/crypto/aegis128-neon-inner.c
index 7de485907d81..2ccaf0a81c4c 100644
--- a/crypto/aegis128-neon-inner.c
+++ b/crypto/aegis128-neon-inner.c
@@ -147,8 +147,8 @@ void crypto_aegis128_init_neon(void *state, const void *key, const void *iv)
 		kiv,
 		vld1q_u8(const1),
 		vld1q_u8(const0),
-		k ^ vld1q_u8(const0),
-		k ^ vld1q_u8(const1),
+		(uint8x16_t) (k ^ vld1q_u8(const0)),
+		(uint8x16_t) (k ^ vld1q_u8(const1)),
 	}};
 	int i;
 
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Mon, 26 Oct 2020 17:01:57 +0000
Subject: [PATCH 32/34] update phy on pine64 a64 devices

---
 arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts b/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts
index 2accb5ddf783..aa0d0959b906 100644
--- a/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts
+++ b/arch/arm64/boot/dts/allwinner/sun50i-a64-pine64.dts
@@ -81,7 +81,7 @@ &ehci1 {
 &emac {
 	pinctrl-names = "default";
 	pinctrl-0 = <&rmii_pins>;
-	phy-mode = "rmii";
+	phy-mode = "rmii-txid";
 	phy-handle = <&ext_rmii_phy1>;
 	phy-supply = <&reg_dc1sw>;
 	status = "okay";
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Robinson <pbrobinson@gmail.com>
Date: Tue, 12 Jan 2021 23:14:09 +0000
Subject: [PATCH 33/34] brcm: rpi4: fix usb numeration

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
---
 drivers/pci/controller/pcie-brcmstb.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/pci/controller/pcie-brcmstb.c b/drivers/pci/controller/pcie-brcmstb.c
index 521acd632f1a..02cf1b637c1c 100644
--- a/drivers/pci/controller/pcie-brcmstb.c
+++ b/drivers/pci/controller/pcie-brcmstb.c
@@ -875,6 +875,7 @@ static int brcm_pcie_setup(struct brcm_pcie *pcie)
 
 	/* Reset the bridge */
 	pcie->bridge_sw_init_set(pcie, 1);
+	pcie->perst_set(pcie, 1);
 	usleep_range(100, 200);
 
 	/* Take the bridge out of reset */
-- 
2.39.1


From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Pablo Greco <pgreco@centosproject.org>
Date: Tue, 22 Feb 2022 23:12:06 +0000
Subject: [PATCH 34/34] Fix build on i686

---
 arch/x86/kernel/resource.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/x86/kernel/resource.c b/arch/x86/kernel/resource.c
index bba1abd05bfe..6e79835d1430 100644
--- a/arch/x86/kernel/resource.c
+++ b/arch/x86/kernel/resource.c
@@ -2,7 +2,9 @@
 #include <linux/ioport.h>
 #include <linux/printk.h>
 #include <asm/e820/api.h>
+#ifdef CONFIG_X86_64
 #include <asm/pci_x86.h>
+#endif
 
 static void resource_clip(struct resource *res, resource_size_t start,
 			  resource_size_t end)
@@ -32,8 +34,10 @@ static void remove_e820_regions(struct resource *avail)
 	u64 e820_start, e820_end;
 	struct resource orig = *avail;
 
+#ifdef CONFIG_X86_64
 	if (!pci_use_e820)
 		return;
+#endif
 
 	for (i = 0; i < e820_table->nr_entries; i++) {
 		entry = &e820_table->entries[i];
-- 
2.39.1