release 6.14.2

debian/changelog

@@ -1,3 +1,10 @@
+linux (6.14.2-1) sid; urgency=medium
+
+  * New upstream stable update:
+    https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.2
+
+ -- Konstantin Demin <rockdrilla@gmail.com>  Fri, 11 Apr 2025 00:21:57 +0300
+
 linux (6.14.1-1) sid; urgency=medium
 
   * New upstream stable update:

debian/config/config

@@ -708,11 +708,6 @@ CONFIG_ASYNC_TX_DMA=y
 # CONFIG_DMABUF_HEAPS is not set
 # CONFIG_DMABUF_SYSFS_STATS is not set
 
-##
-## file: drivers/eisa/Kconfig
-##
-# CONFIG_EISA is not set
-
 ##
 ## file: drivers/firmware/Kconfig
 ##
@@ -2114,7 +2109,7 @@ CONFIG_CACHESTAT_SYSCALL=y
 # CONFIG_PC104 is not set
 CONFIG_KALLSYMS=y
 # CONFIG_KALLSYMS_SELFTEST is not set
-# CONFIG_KALLSYMS_ALL is not set
+CONFIG_KALLSYMS_ALL=y
 CONFIG_PERF_EVENTS=y
 # CONFIG_DEBUG_PERF_USE_VMALLOC is not set
 CONFIG_PROFILING=y
@@ -2172,6 +2167,11 @@ CONFIG_BPF_LSM=y
 CONFIG_SPARSE_IRQ=y
 # CONFIG_GENERIC_IRQ_DEBUGFS is not set
 
+##
+## file: kernel/livepatch/Kconfig
+##
+CONFIG_LIVEPATCH=y
+
 ##
 ## file: kernel/module/Kconfig
 ##
@@ -3780,7 +3780,6 @@ CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y
 CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
 CONFIG_HAVE_EBPF_JIT=y
 CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
-CONFIG_HAVE_EISA=y
 CONFIG_HAVE_EXIT_THREAD=y
 CONFIG_HAVE_FENTRY=y
 CONFIG_HAVE_FTRACE_GRAPH_FUNC=y
@@ -3948,6 +3947,7 @@ CONFIG_KVM_PRIVATE_MEM=y
 CONFIG_KVM_VFIO=y
 CONFIG_KVM_X86=m
 CONFIG_KVM_XFER_TO_GUEST_WORK=y
+CONFIG_LD_CAN_USE_KEEP_IN_OVERLAY=y
 CONFIG_LD_IS_BFD=y
 CONFIG_LD_ORPHAN_WARN=y
 CONFIG_LD_ORPHAN_WARN_LEVEL="warn"

debian/patches/bugfix/all/ALSA-hda-realtek-Fix-built-in-mic-on-another-ASUS-Vi.patch

@@ -1,29 +0,0 @@
-From: Takashi Iwai <tiwai@suse.de>
-Date: Wed, 2 Apr 2025 09:42:07 +0200
-Subject: ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
-Origin: https://git.kernel.org/linus/8983dc1b66c0e1928a263b8af0bb06f6cb9229c4
-Bug-Debian: https://bugs.debian.org/1100928
-
-There is another VivoBook model which built-in mic got broken recently
-by the fix of the pin sort.  Apply the correct quirk
-ALC256_FIXUP_ASUS_MIC_NO_PRESENCE to this model for addressing the
-regression, too.
-
-Fixes: 3b4309546b48 ("ALSA: hda: Fix headset detection failure due to unstable sort")
-Closes: https://lore.kernel.org/Z95s5T6OXFPjRnKf@eldamar.lan
-Link: https://patch.msgid.link/20250402074208.7347-1-tiwai@suse.de
-Signed-off-by: Takashi Iwai <tiwai@suse.de>
----
- sound/pci/hda/patch_realtek.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/sound/pci/hda/patch_realtek.c
-+++ b/sound/pci/hda/patch_realtek.c
-@@ -10772,6 +10772,7 @@ static const struct hda_quirk alc269_fix
- 	SND_PCI_QUIRK(0x1043, 0x1c43, "ASUS UX8406MA", ALC245_FIXUP_CS35L41_SPI_2),
- 	SND_PCI_QUIRK(0x1043, 0x1c62, "ASUS GU603", ALC289_FIXUP_ASUS_GA401),
- 	SND_PCI_QUIRK(0x1043, 0x1c63, "ASUS GU605M", ALC285_FIXUP_ASUS_GU605_SPI_SPEAKER2_TO_DAC1),
-+	SND_PCI_QUIRK(0x1043, 0x1c80, "ASUS VivoBook TP401", ALC256_FIXUP_ASUS_MIC_NO_PRESENCE),
- 	SND_PCI_QUIRK(0x1043, 0x1c92, "ASUS ROG Strix G15", ALC285_FIXUP_ASUS_G533Z_PINS),
- 	SND_PCI_QUIRK(0x1043, 0x1c9f, "ASUS G614JU/JV/JI", ALC285_FIXUP_ASUS_HEADSET_MIC),
- 	SND_PCI_QUIRK(0x1043, 0x1caf, "ASUS G634JY/JZ/JI/JG", ALC285_FIXUP_ASUS_SPI_REAR_SPEAKERS),

debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch

@@ -29,7 +29,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  MODULE_SOFTDEP("pre: blake2b-256");
 --- a/fs/jbd2/journal.c
 +++ b/fs/jbd2/journal.c
-@@ -3152,6 +3152,7 @@ static void __exit journal_exit(void)
+@@ -3159,6 +3159,7 @@ static void __exit journal_exit(void)
  
  MODULE_DESCRIPTION("Generic filesystem journal-writing module");
  MODULE_LICENSE("GPL");
@@ -39,7 +39,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  
 --- a/fs/nfsd/nfsctl.c
 +++ b/fs/nfsd/nfsctl.c
-@@ -2344,5 +2344,8 @@ static void __exit exit_nfsd(void)
+@@ -2349,5 +2349,8 @@ static void __exit exit_nfsd(void)
  MODULE_AUTHOR("Olaf Kirch <okir@monad.swb.de>");
  MODULE_DESCRIPTION("In-kernel NFS server");
  MODULE_LICENSE("GPL");

debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch

@@ -34,7 +34,7 @@ Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
  /*
   * Minimum number of threads to boot the kernel
   */
-@@ -2167,6 +2173,10 @@ __latent_entropy struct task_struct *cop
+@@ -2171,6 +2177,10 @@ __latent_entropy struct task_struct *cop
  	if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
  		return ERR_PTR(-EINVAL);
  
@@ -45,7 +45,7 @@ Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
  	/*
  	 * Thread groups must share signals as well, and detached threads
  	 * can only be started up within the thread group.
-@@ -3320,6 +3330,12 @@ int ksys_unshare(unsigned long unshare_f
+@@ -3324,6 +3334,12 @@ int ksys_unshare(unsigned long unshare_f
  	if (unshare_flags & CLONE_NEWNS)
  		unshare_flags |= CLONE_FS;
  

debian/patches/debian/export-symbols-needed-by-android-drivers.patch

@@ -82,7 +82,7 @@ Export the currently un-exported symbols it depends on.
   * task_work_cancel_match - cancel a pending work added by task_work_add()
 --- a/mm/memory.c
 +++ b/mm/memory.c
-@@ -2030,6 +2030,7 @@ void zap_page_range_single(struct vm_are
+@@ -2027,6 +2027,7 @@ void zap_page_range_single(struct vm_are
  	tlb_finish_mmu(&tlb);
  	hugetlb_zap_end(vma, details);
  }

debian/patches/debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch

@@ -15,7 +15,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 ---
 --- a/net/ax25/af_ax25.c
 +++ b/net/ax25/af_ax25.c
-@@ -2077,7 +2077,7 @@ module_init(ax25_init);
+@@ -2067,7 +2067,7 @@ module_init(ax25_init);
  MODULE_AUTHOR("Jonathan Naylor G4KLX <g4klx@g4klx.demon.co.uk>");
  MODULE_DESCRIPTION("The amateur radio AX.25 link layer protocol");
  MODULE_LICENSE("GPL");

debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch

@@ -22,7 +22,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 
 --- a/include/linux/perf_event.h
 +++ b/include/linux/perf_event.h
-@@ -1659,6 +1659,11 @@ int perf_cpu_time_max_percent_handler(co
+@@ -1694,6 +1694,11 @@ int perf_cpu_time_max_percent_handler(co
  int perf_event_max_stack_handler(const struct ctl_table *table, int write,
  		void *buffer, size_t *lenp, loff_t *ppos);
  
@@ -50,7 +50,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  
  /* Minimum for 512 kiB + 1 user control page */
  int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
-@@ -12821,6 +12826,9 @@ SYSCALL_DEFINE5(perf_event_open,
+@@ -12828,6 +12833,9 @@ SYSCALL_DEFINE5(perf_event_open,
  	if (err)
  		return err;
  

debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch

@@ -42,7 +42,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  			Ignore sysrq setting - this boot parameter will
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -3186,6 +3186,14 @@ config COMPAT_32
+@@ -3187,6 +3187,14 @@ config COMPAT_32
  	select HAVE_UID16
  	select OLD_SIGSUSPEND3
  

debian/patches/krd/0001-Revert-objtool-dont-fail-the-kernel-build-on-fatal-errors.patch

@@ -30,7 +30,7 @@ this reverts following commit:
 
 --- a/tools/objtool/check.c
 +++ b/tools/objtool/check.c
-@@ -4771,10 +4771,14 @@ int check(struct objtool_file *file)
+@@ -4745,10 +4745,14 @@ int check(struct objtool_file *file)
  	}
  
  out:

debian/patches/mixed-arch/0002-ZEN-Restore-CONFIG_OPTIMIZE_FOR_PERFORMANCE_O3.patch

@@ -25,7 +25,7 @@ dependency on CONFIG_ARC and adds RUSTFLAGS.
  KBUILD_RUSTFLAGS += -Copt-level=s
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1465,6 +1465,12 @@ config CC_OPTIMIZE_FOR_PERFORMANCE
+@@ -1470,6 +1470,12 @@ config CC_OPTIMIZE_FOR_PERFORMANCE
  	  with the "-O2" compiler flag for best performance and most
  	  helpful compile-time warnings.
  

debian/patches/patchset-pf/amd-pstate/0001-cpufreq-amd-pstate-Modify-the-min_perf-calculation-i.patch

@@ -1,59 +0,0 @@
-From c8c9ab8ff5cc5c0809cd958679614ade200a6ab3 Mon Sep 17 00:00:00 2001
-From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
-Date: Wed, 5 Feb 2025 11:25:14 +0000
-Subject: cpufreq/amd-pstate: Modify the min_perf calculation in adjust_perf
- callback
-
-Instead of setting a fixed floor at lowest_nonlinear_perf, use the
-min_limit_perf value, so that it gives the user the freedom to lower the
-floor further.
-
-There are two minimum frequency/perf limits that we need to consider in
-the adjust_perf callback. One provided by schedutil i.e. the sg_cpu->bw_min
-value passed in _min_perf arg, another is the effective value of
-min_freq_qos request that is updated in cpudata->min_limit_perf. Modify the
-code to use the bigger of these two values.
-
-Signed-off-by: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
-Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
----
- drivers/cpufreq/amd-pstate.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
---- a/drivers/cpufreq/amd-pstate.c
-+++ b/drivers/cpufreq/amd-pstate.c
-@@ -672,7 +672,7 @@ static void amd_pstate_adjust_perf(unsig
- 				   unsigned long capacity)
- {
- 	unsigned long max_perf, min_perf, des_perf,
--		      cap_perf, lowest_nonlinear_perf;
-+		      cap_perf, min_limit_perf;
- 	struct cpufreq_policy *policy = cpufreq_cpu_get(cpu);
- 	struct amd_cpudata *cpudata;
- 
-@@ -684,20 +684,20 @@ static void amd_pstate_adjust_perf(unsig
- 	if (policy->min != cpudata->min_limit_freq || policy->max != cpudata->max_limit_freq)
- 		amd_pstate_update_min_max_limit(policy);
- 
--
- 	cap_perf = READ_ONCE(cpudata->highest_perf);
--	lowest_nonlinear_perf = READ_ONCE(cpudata->lowest_nonlinear_perf);
-+	min_limit_perf = READ_ONCE(cpudata->min_limit_perf);
- 
- 	des_perf = cap_perf;
- 	if (target_perf < capacity)
- 		des_perf = DIV_ROUND_UP(cap_perf * target_perf, capacity);
- 
--	min_perf = READ_ONCE(cpudata->lowest_perf);
- 	if (_min_perf < capacity)
- 		min_perf = DIV_ROUND_UP(cap_perf * _min_perf, capacity);
-+	else
-+		min_perf = cap_perf;
- 
--	if (min_perf < lowest_nonlinear_perf)
--		min_perf = lowest_nonlinear_perf;
-+	if (min_perf < min_limit_perf)
-+		min_perf = min_limit_perf;
- 
- 	max_perf = cpudata->max_limit_perf;
- 	if (max_perf < min_perf)

debian/patches/patchset-pf/amd-pstate/0001-cpufreq-amd-pstate-Remove-the-redundant-des_perf-cla.patch

@@ -1,4 +1,4 @@
-From 16466d169a187b4c650771234de119279346f523 Mon Sep 17 00:00:00 2001
+From 769d2f0a23fcf67207d5e931610eab2ced40548a Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Wed, 5 Feb 2025 11:25:15 +0000
 Subject: cpufreq/amd-pstate: Remove the redundant des_perf clamping in
@@ -16,7 +16,7 @@ Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
 
 --- a/drivers/cpufreq/amd-pstate.c
 +++ b/drivers/cpufreq/amd-pstate.c
-@@ -703,8 +703,6 @@ static void amd_pstate_adjust_perf(unsig
+@@ -705,8 +705,6 @@ static void amd_pstate_adjust_perf(unsig
  	if (max_perf < min_perf)
  		max_perf = min_perf;
  

debian/patches/patchset-pf/amd-pstate/0002-cpufreq-amd-pstate-Modularize-perf-freq-conversion.patch

@@ -1,4 +1,4 @@
-From b132b889dc7aa398a789e02dd6fbd5a512b4a9e0 Mon Sep 17 00:00:00 2001
+From c2642290e7fbce1a301cd30fa3f78ef37defd52e Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Wed, 5 Feb 2025 11:25:18 +0000
 Subject: cpufreq/amd-pstate: Modularize perf<->freq conversion
@@ -35,7 +35,7 @@ Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
  static int __init dmi_matched_7k62_bios_bug(const struct dmi_system_id *dmi)
  {
  	/**
-@@ -534,14 +548,12 @@ static inline bool amd_pstate_sample(str
+@@ -534,7 +548,6 @@ static inline bool amd_pstate_sample(str
  static void amd_pstate_update(struct amd_cpudata *cpudata, u8 min_perf,
  			      u8 des_perf, u8 max_perf, bool fast_switch, int gov_flags)
  {
@@ -43,6 +43,8 @@ Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
  	struct cpufreq_policy *policy = cpufreq_cpu_get(cpudata->cpu);
  	u8 nominal_perf = READ_ONCE(cpudata->nominal_perf);
  
+@@ -543,8 +556,7 @@ static void amd_pstate_update(struct amd
+ 
  	des_perf = clamp_t(u8, des_perf, min_perf, max_perf);
  
 -	max_freq = READ_ONCE(cpudata->max_limit_freq);
@@ -51,7 +53,7 @@ Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
  
  	if ((cppc_state == AMD_PSTATE_GUIDED) && (gov_flags & CPUFREQ_GOV_DYNAMIC_SWITCHING)) {
  		min_perf = des_perf;
-@@ -591,14 +603,11 @@ static int amd_pstate_verify(struct cpuf
+@@ -594,14 +606,11 @@ static int amd_pstate_verify(struct cpuf
  
  static int amd_pstate_update_min_max_limit(struct cpufreq_policy *policy)
  {
@@ -69,7 +71,7 @@ Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
  
  	if (cpudata->policy == CPUFREQ_POLICY_PERFORMANCE)
  		min_limit_perf = min(cpudata->nominal_perf, max_limit_perf);
-@@ -616,21 +625,15 @@ static int amd_pstate_update_freq(struct
+@@ -619,21 +628,15 @@ static int amd_pstate_update_freq(struct
  {
  	struct cpufreq_freqs freqs;
  	struct amd_cpudata *cpudata = policy->driver_data;
@@ -93,7 +95,7 @@ Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
  
  	WARN_ON(fast_switch && !policy->fast_switch_enabled);
  	/*
-@@ -905,7 +908,6 @@ static int amd_pstate_init_freq(struct a
+@@ -908,7 +911,6 @@ static int amd_pstate_init_freq(struct a
  {
  	int ret;
  	u32 min_freq, max_freq;
@@ -101,7 +103,7 @@ Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
  	u32 nominal_freq, lowest_nonlinear_freq;
  	struct cppc_perf_caps cppc_perf;
  
-@@ -923,16 +925,17 @@ static int amd_pstate_init_freq(struct a
+@@ -926,16 +928,17 @@ static int amd_pstate_init_freq(struct a
  	else
  		nominal_freq = cppc_perf.nominal_freq;
  

debian/patches/patchset-pf/amd-pstate/0003-cpufreq-amd-pstate-Pass-min-max_limit_perf-as-min-ma.patch

@@ -1,51 +0,0 @@
-From 0dfebf0094ea7c512cf3db1013cf82124d4bbc3a Mon Sep 17 00:00:00 2001
-From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
-Date: Wed, 5 Feb 2025 11:25:16 +0000
-Subject: cpufreq/amd-pstate: Pass min/max_limit_perf as min/max_perf to
- amd_pstate_update
-
-Currently, amd_pstate_update_freq passes the hardware perf limits as
-min/max_perf to amd_pstate_update, which eventually gets programmed into
-the min/max_perf fields of the CPPC_REQ register.
-
-Instead pass the effective perf limits i.e. min/max_limit_perf values to
-amd_pstate_update as min/max_perf.
-
-Signed-off-by: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
-Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
----
- drivers/cpufreq/amd-pstate.c | 9 ++++-----
- 1 file changed, 4 insertions(+), 5 deletions(-)
-
---- a/drivers/cpufreq/amd-pstate.c
-+++ b/drivers/cpufreq/amd-pstate.c
-@@ -615,7 +615,7 @@ static int amd_pstate_update_freq(struct
- {
- 	struct cpufreq_freqs freqs;
- 	struct amd_cpudata *cpudata = policy->driver_data;
--	unsigned long max_perf, min_perf, des_perf, cap_perf;
-+	unsigned long des_perf, cap_perf;
- 
- 	if (!cpudata->max_freq)
- 		return -ENODEV;
-@@ -624,8 +624,6 @@ static int amd_pstate_update_freq(struct
- 		amd_pstate_update_min_max_limit(policy);
- 
- 	cap_perf = READ_ONCE(cpudata->highest_perf);
--	min_perf = READ_ONCE(cpudata->lowest_perf);
--	max_perf = cap_perf;
- 
- 	freqs.old = policy->cur;
- 	freqs.new = target_freq;
-@@ -642,8 +640,9 @@ static int amd_pstate_update_freq(struct
- 	if (!fast_switch)
- 		cpufreq_freq_transition_begin(policy, &freqs);
- 
--	amd_pstate_update(cpudata, min_perf, des_perf,
--			max_perf, fast_switch, policy->governor->flags);
-+	amd_pstate_update(cpudata, cpudata->min_limit_perf, des_perf,
-+			  cpudata->max_limit_perf, fast_switch,
-+			  policy->governor->flags);
- 
- 	if (!fast_switch)
- 		cpufreq_freq_transition_end(policy, &freqs, false);

debian/patches/patchset-pf/amd-pstate/0003-cpufreq-amd-pstate-Remove-the-unnecessary-cpufreq_up.patch

@@ -1,4 +1,4 @@
-From 6c284985cc268da10f0e38f1f3b9af62ecfc3998 Mon Sep 17 00:00:00 2001
+From 9560891ef76a2badb9f2e9cb2778938086ac9a04 Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Wed, 5 Feb 2025 11:25:19 +0000
 Subject: cpufreq/amd-pstate: Remove the unnecessary cpufreq_update_policy call
@@ -24,7 +24,7 @@ Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
 
 --- a/drivers/cpufreq/amd-pstate.c
 +++ b/drivers/cpufreq/amd-pstate.c
-@@ -853,10 +853,6 @@ static void amd_pstate_update_limits(uns
+@@ -856,10 +856,6 @@ static void amd_pstate_update_limits(uns
  			sched_set_itmt_core_prio((int)cur_high, cpu);
  	}
  	cpufreq_cpu_put(policy);

debian/patches/patchset-pf/amd-pstate/0004-cpufreq-amd-pstate-Convert-all-perf-values-to-u8.patch

@@ -1,355 +0,0 @@
-From 3daf64b383bc41feb0bf23790939b4512ba9170d Mon Sep 17 00:00:00 2001
-From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
-Date: Wed, 5 Feb 2025 11:25:17 +0000
-Subject: cpufreq/amd-pstate: Convert all perf values to u8
-
-All perf values are always within 0-255 range, hence convert their
-datatype to u8 everywhere.
-
-Signed-off-by: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
-Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
----
- drivers/cpufreq/amd-pstate-trace.h | 46 +++++++++++------------
- drivers/cpufreq/amd-pstate.c       | 60 +++++++++++++++---------------
- drivers/cpufreq/amd-pstate.h       | 18 ++++-----
- 3 files changed, 62 insertions(+), 62 deletions(-)
-
---- a/drivers/cpufreq/amd-pstate-trace.h
-+++ b/drivers/cpufreq/amd-pstate-trace.h
-@@ -24,9 +24,9 @@
- 
- TRACE_EVENT(amd_pstate_perf,
- 
--	TP_PROTO(unsigned long min_perf,
--		 unsigned long target_perf,
--		 unsigned long capacity,
-+	TP_PROTO(u8 min_perf,
-+		 u8 target_perf,
-+		 u8 capacity,
- 		 u64 freq,
- 		 u64 mperf,
- 		 u64 aperf,
-@@ -47,9 +47,9 @@ TRACE_EVENT(amd_pstate_perf,
- 		),
- 
- 	TP_STRUCT__entry(
--		__field(unsigned long, min_perf)
--		__field(unsigned long, target_perf)
--		__field(unsigned long, capacity)
-+		__field(u8, min_perf)
-+		__field(u8, target_perf)
-+		__field(u8, capacity)
- 		__field(unsigned long long, freq)
- 		__field(unsigned long long, mperf)
- 		__field(unsigned long long, aperf)
-@@ -70,10 +70,10 @@ TRACE_EVENT(amd_pstate_perf,
- 		__entry->fast_switch = fast_switch;
- 		),
- 
--	TP_printk("amd_min_perf=%lu amd_des_perf=%lu amd_max_perf=%lu freq=%llu mperf=%llu aperf=%llu tsc=%llu cpu_id=%u fast_switch=%s",
--		  (unsigned long)__entry->min_perf,
--		  (unsigned long)__entry->target_perf,
--		  (unsigned long)__entry->capacity,
-+	TP_printk("amd_min_perf=%hhu amd_des_perf=%hhu amd_max_perf=%hhu freq=%llu mperf=%llu aperf=%llu tsc=%llu cpu_id=%u fast_switch=%s",
-+		  (u8)__entry->min_perf,
-+		  (u8)__entry->target_perf,
-+		  (u8)__entry->capacity,
- 		  (unsigned long long)__entry->freq,
- 		  (unsigned long long)__entry->mperf,
- 		  (unsigned long long)__entry->aperf,
-@@ -86,10 +86,10 @@ TRACE_EVENT(amd_pstate_perf,
- TRACE_EVENT(amd_pstate_epp_perf,
- 
- 	TP_PROTO(unsigned int cpu_id,
--		 unsigned int highest_perf,
--		 unsigned int epp,
--		 unsigned int min_perf,
--		 unsigned int max_perf,
-+		 u8 highest_perf,
-+		 u8 epp,
-+		 u8 min_perf,
-+		 u8 max_perf,
- 		 bool boost
- 		 ),
- 
-@@ -102,10 +102,10 @@ TRACE_EVENT(amd_pstate_epp_perf,
- 
- 	TP_STRUCT__entry(
- 		__field(unsigned int, cpu_id)
--		__field(unsigned int, highest_perf)
--		__field(unsigned int, epp)
--		__field(unsigned int, min_perf)
--		__field(unsigned int, max_perf)
-+		__field(u8, highest_perf)
-+		__field(u8, epp)
-+		__field(u8, min_perf)
-+		__field(u8, max_perf)
- 		__field(bool, boost)
- 		),
- 
-@@ -118,12 +118,12 @@ TRACE_EVENT(amd_pstate_epp_perf,
- 		__entry->boost = boost;
- 		),
- 
--	TP_printk("cpu%u: [%u<->%u]/%u, epp=%u, boost=%u",
-+	TP_printk("cpu%u: [%hhu<->%hhu]/%hhu, epp=%hhu, boost=%u",
- 		  (unsigned int)__entry->cpu_id,
--		  (unsigned int)__entry->min_perf,
--		  (unsigned int)__entry->max_perf,
--		  (unsigned int)__entry->highest_perf,
--		  (unsigned int)__entry->epp,
-+		  (u8)__entry->min_perf,
-+		  (u8)__entry->max_perf,
-+		  (u8)__entry->highest_perf,
-+		  (u8)__entry->epp,
- 		  (bool)__entry->boost
- 		 )
- );
---- a/drivers/cpufreq/amd-pstate.c
-+++ b/drivers/cpufreq/amd-pstate.c
-@@ -186,7 +186,7 @@ static inline int get_mode_idx_from_str(
- static DEFINE_MUTEX(amd_pstate_limits_lock);
- static DEFINE_MUTEX(amd_pstate_driver_lock);
- 
--static s16 msr_get_epp(struct amd_cpudata *cpudata)
-+static u8 msr_get_epp(struct amd_cpudata *cpudata)
- {
- 	u64 value;
- 	int ret;
-@@ -207,7 +207,7 @@ static inline s16 amd_pstate_get_epp(str
- 	return static_call(amd_pstate_get_epp)(cpudata);
- }
- 
--static s16 shmem_get_epp(struct amd_cpudata *cpudata)
-+static u8 shmem_get_epp(struct amd_cpudata *cpudata)
- {
- 	u64 epp;
- 	int ret;
-@@ -218,11 +218,11 @@ static s16 shmem_get_epp(struct amd_cpud
- 		return ret;
- 	}
- 
--	return (s16)(epp & 0xff);
-+	return FIELD_GET(AMD_CPPC_EPP_PERF_MASK, epp);
- }
- 
--static int msr_update_perf(struct amd_cpudata *cpudata, u32 min_perf,
--			   u32 des_perf, u32 max_perf, u32 epp, bool fast_switch)
-+static int msr_update_perf(struct amd_cpudata *cpudata, u8 min_perf,
-+			   u8 des_perf, u8 max_perf, u8 epp, bool fast_switch)
- {
- 	u64 value, prev;
- 
-@@ -257,15 +257,15 @@ static int msr_update_perf(struct amd_cp
- DEFINE_STATIC_CALL(amd_pstate_update_perf, msr_update_perf);
- 
- static inline int amd_pstate_update_perf(struct amd_cpudata *cpudata,
--					  u32 min_perf, u32 des_perf,
--					  u32 max_perf, u32 epp,
-+					  u8 min_perf, u8 des_perf,
-+					  u8 max_perf, u8 epp,
- 					  bool fast_switch)
- {
- 	return static_call(amd_pstate_update_perf)(cpudata, min_perf, des_perf,
- 						   max_perf, epp, fast_switch);
- }
- 
--static int msr_set_epp(struct amd_cpudata *cpudata, u32 epp)
-+static int msr_set_epp(struct amd_cpudata *cpudata, u8 epp)
- {
- 	u64 value, prev;
- 	int ret;
-@@ -292,12 +292,12 @@ static int msr_set_epp(struct amd_cpudat
- 
- DEFINE_STATIC_CALL(amd_pstate_set_epp, msr_set_epp);
- 
--static inline int amd_pstate_set_epp(struct amd_cpudata *cpudata, u32 epp)
-+static inline int amd_pstate_set_epp(struct amd_cpudata *cpudata, u8 epp)
- {
- 	return static_call(amd_pstate_set_epp)(cpudata, epp);
- }
- 
--static int shmem_set_epp(struct amd_cpudata *cpudata, u32 epp)
-+static int shmem_set_epp(struct amd_cpudata *cpudata, u8 epp)
- {
- 	int ret;
- 	struct cppc_perf_ctrls perf_ctrls;
-@@ -320,7 +320,7 @@ static int amd_pstate_set_energy_pref_in
- 					    int pref_index)
- {
- 	struct amd_cpudata *cpudata = policy->driver_data;
--	int epp;
-+	u8 epp;
- 
- 	if (!pref_index)
- 		epp = cpudata->epp_default;
-@@ -479,8 +479,8 @@ static inline int amd_pstate_init_perf(s
- 	return static_call(amd_pstate_init_perf)(cpudata);
- }
- 
--static int shmem_update_perf(struct amd_cpudata *cpudata, u32 min_perf,
--			     u32 des_perf, u32 max_perf, u32 epp, bool fast_switch)
-+static int shmem_update_perf(struct amd_cpudata *cpudata, u8 min_perf,
-+			     u8 des_perf, u8 max_perf, u8 epp, bool fast_switch)
- {
- 	struct cppc_perf_ctrls perf_ctrls;
- 
-@@ -531,14 +531,14 @@ static inline bool amd_pstate_sample(str
- 	return true;
- }
- 
--static void amd_pstate_update(struct amd_cpudata *cpudata, u32 min_perf,
--			      u32 des_perf, u32 max_perf, bool fast_switch, int gov_flags)
-+static void amd_pstate_update(struct amd_cpudata *cpudata, u8 min_perf,
-+			      u8 des_perf, u8 max_perf, bool fast_switch, int gov_flags)
- {
- 	unsigned long max_freq;
- 	struct cpufreq_policy *policy = cpufreq_cpu_get(cpudata->cpu);
--	u32 nominal_perf = READ_ONCE(cpudata->nominal_perf);
-+	u8 nominal_perf = READ_ONCE(cpudata->nominal_perf);
- 
--	des_perf = clamp_t(unsigned long, des_perf, min_perf, max_perf);
-+	des_perf = clamp_t(u8, des_perf, min_perf, max_perf);
- 
- 	max_freq = READ_ONCE(cpudata->max_limit_freq);
- 	policy->cur = div_u64(des_perf * max_freq, max_perf);
-@@ -550,7 +550,7 @@ static void amd_pstate_update(struct amd
- 
- 	/* limit the max perf when core performance boost feature is disabled */
- 	if (!cpudata->boost_supported)
--		max_perf = min_t(unsigned long, nominal_perf, max_perf);
-+		max_perf = min_t(u8, nominal_perf, max_perf);
- 
- 	if (trace_amd_pstate_perf_enabled() && amd_pstate_sample(cpudata)) {
- 		trace_amd_pstate_perf(min_perf, des_perf, max_perf, cpudata->freq,
-@@ -591,7 +591,8 @@ static int amd_pstate_verify(struct cpuf
- 
- static int amd_pstate_update_min_max_limit(struct cpufreq_policy *policy)
- {
--	u32 max_limit_perf, min_limit_perf, max_perf, max_freq;
-+	u8 max_limit_perf, min_limit_perf, max_perf;
-+	u32 max_freq;
- 	struct amd_cpudata *cpudata = policy->driver_data;
- 
- 	max_perf = READ_ONCE(cpudata->highest_perf);
-@@ -615,7 +616,7 @@ static int amd_pstate_update_freq(struct
- {
- 	struct cpufreq_freqs freqs;
- 	struct amd_cpudata *cpudata = policy->driver_data;
--	unsigned long des_perf, cap_perf;
-+	u8 des_perf, cap_perf;
- 
- 	if (!cpudata->max_freq)
- 		return -ENODEV;
-@@ -670,8 +671,7 @@ static void amd_pstate_adjust_perf(unsig
- 				   unsigned long target_perf,
- 				   unsigned long capacity)
- {
--	unsigned long max_perf, min_perf, des_perf,
--		      cap_perf, min_limit_perf;
-+	u8 max_perf, min_perf, des_perf, cap_perf, min_limit_perf;
- 	struct cpufreq_policy *policy = cpufreq_cpu_get(cpu);
- 	struct amd_cpudata *cpudata;
- 
-@@ -905,8 +905,8 @@ static int amd_pstate_init_freq(struct a
- {
- 	int ret;
- 	u32 min_freq, max_freq;
--	u32 highest_perf, nominal_perf, nominal_freq;
--	u32 lowest_nonlinear_perf, lowest_nonlinear_freq;
-+	u8 highest_perf, nominal_perf, lowest_nonlinear_perf;
-+	u32 nominal_freq, lowest_nonlinear_freq;
- 	struct cppc_perf_caps cppc_perf;
- 
- 	ret = cppc_get_perf_caps(cpudata->cpu, &cppc_perf);
-@@ -1113,7 +1113,7 @@ static ssize_t show_amd_pstate_lowest_no
- static ssize_t show_amd_pstate_highest_perf(struct cpufreq_policy *policy,
- 					    char *buf)
- {
--	u32 perf;
-+	u8 perf;
- 	struct amd_cpudata *cpudata = policy->driver_data;
- 
- 	perf = READ_ONCE(cpudata->highest_perf);
-@@ -1124,7 +1124,7 @@ static ssize_t show_amd_pstate_highest_p
- static ssize_t show_amd_pstate_prefcore_ranking(struct cpufreq_policy *policy,
- 						char *buf)
- {
--	u32 perf;
-+	u8 perf;
- 	struct amd_cpudata *cpudata = policy->driver_data;
- 
- 	perf = READ_ONCE(cpudata->prefcore_ranking);
-@@ -1187,7 +1187,7 @@ static ssize_t show_energy_performance_p
- 				struct cpufreq_policy *policy, char *buf)
- {
- 	struct amd_cpudata *cpudata = policy->driver_data;
--	int preference;
-+	u8 preference;
- 
- 	switch (cpudata->epp_cached) {
- 	case AMD_CPPC_EPP_PERFORMANCE:
-@@ -1549,7 +1549,7 @@ static void amd_pstate_epp_cpu_exit(stru
- static int amd_pstate_epp_update_limit(struct cpufreq_policy *policy)
- {
- 	struct amd_cpudata *cpudata = policy->driver_data;
--	u32 epp;
-+	u8 epp;
- 
- 	amd_pstate_update_min_max_limit(policy);
- 
-@@ -1598,7 +1598,7 @@ static int amd_pstate_epp_set_policy(str
- static int amd_pstate_epp_reenable(struct cpufreq_policy *policy)
- {
- 	struct amd_cpudata *cpudata = policy->driver_data;
--	u64 max_perf;
-+	u8 max_perf;
- 	int ret;
- 
- 	ret = amd_pstate_cppc_enable(true);
-@@ -1635,7 +1635,7 @@ static int amd_pstate_epp_cpu_online(str
- static int amd_pstate_epp_cpu_offline(struct cpufreq_policy *policy)
- {
- 	struct amd_cpudata *cpudata = policy->driver_data;
--	int min_perf;
-+	u8 min_perf;
- 
- 	if (cpudata->suspended)
- 		return 0;
---- a/drivers/cpufreq/amd-pstate.h
-+++ b/drivers/cpufreq/amd-pstate.h
-@@ -70,13 +70,13 @@ struct amd_cpudata {
- 	struct	freq_qos_request req[2];
- 	u64	cppc_req_cached;
- 
--	u32	highest_perf;
--	u32	nominal_perf;
--	u32	lowest_nonlinear_perf;
--	u32	lowest_perf;
--	u32     prefcore_ranking;
--	u32     min_limit_perf;
--	u32     max_limit_perf;
-+	u8	highest_perf;
-+	u8	nominal_perf;
-+	u8	lowest_nonlinear_perf;
-+	u8	lowest_perf;
-+	u8	prefcore_ranking;
-+	u8	min_limit_perf;
-+	u8	max_limit_perf;
- 	u32     min_limit_freq;
- 	u32     max_limit_freq;
- 
-@@ -93,11 +93,11 @@ struct amd_cpudata {
- 	bool	hw_prefcore;
- 
- 	/* EPP feature related attributes*/
--	s16	epp_cached;
-+	u8	epp_cached;
- 	u32	policy;
- 	u64	cppc_cap1_cached;
- 	bool	suspended;
--	s16	epp_default;
-+	u8	epp_default;
- };
- 
- /*

debian/patches/patchset-pf/amd-pstate/0004-cpufreq-amd-pstate-Use-scope-based-cleanup-for-cpufr.patch

@@ -1,4 +1,4 @@
-From b5b334f66595052e69ecaa501b8a6ebdb0fd6eed Mon Sep 17 00:00:00 2001
+From 47e014be8e6a12cdfa6502bd9c93df9f83ba2b40 Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Wed, 5 Feb 2025 11:25:22 +0000
 Subject: cpufreq/amd-pstate: Use scope based cleanup for cpufreq_policy refs

debian/patches/patchset-pf/amd-pstate/0005-cpufreq-amd-pstate-Remove-the-unncecessary-driver_lo.patch

@@ -1,4 +1,4 @@
-From eff2c5a3f292e822968919a9792010de65b417b5 Mon Sep 17 00:00:00 2001
+From ca860ed821a42d909190ca3f33d9c8b2cae6fe52 Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Wed, 5 Feb 2025 11:25:23 +0000
 Subject: cpufreq/amd-pstate: Remove the unncecessary driver_lock in

debian/patches/patchset-pf/amd-pstate/0006-cpufreq-amd-pstate-Fix-the-clamping-of-perf-values.patch

@@ -1,4 +1,4 @@
-From e836285ca35390d656adffee520d48cd7bedd5b3 Mon Sep 17 00:00:00 2001
+From cfa4817d112187bb3e2c16dfc0a70da23dff02fb Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Sat, 22 Feb 2025 03:32:22 +0000
 Subject: cpufreq/amd-pstate: Fix the clamping of perf values

debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Add-missing-NULL-ptr-check-in-amd.patch

@@ -1,26 +0,0 @@
-From f50ac94149bc07092ecf5b68558f02920436f77c Mon Sep 17 00:00:00 2001
-From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
-Date: Wed, 5 Feb 2025 11:25:21 +0000
-Subject: cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update
-
-Check if policy is NULL before dereferencing it in amd_pstate_update.
-
-Fixes: e8f555daacd3 ("cpufreq/amd-pstate: fix setting policy current frequency value")
-Signed-off-by: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
-Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
----
- drivers/cpufreq/amd-pstate.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/drivers/cpufreq/amd-pstate.c
-+++ b/drivers/cpufreq/amd-pstate.c
-@@ -551,6 +551,9 @@ static void amd_pstate_update(struct amd
- 	struct cpufreq_policy *policy = cpufreq_cpu_get(cpudata->cpu);
- 	u8 nominal_perf = READ_ONCE(cpudata->nominal_perf);
- 
-+	if (!policy)
-+		return;
-+
- 	des_perf = clamp_t(u8, des_perf, min_perf, max_perf);
- 
- 	policy->cur = perf_to_freq(cpudata, des_perf);

debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Invalidate-cppc_req_cached-during.patch

@@ -1,4 +1,4 @@
-From 0a417434299b27aebbb444e7545a7d668c40d288 Mon Sep 17 00:00:00 2001
+From 7f2dd53f1064ad9118a7346c154eb6b07535ccc1 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:16 -0600
 Subject: cpufreq/amd-pstate: Invalidate cppc_req_cached during suspend

debian/patches/patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch

@@ -1,4 +1,4 @@
-From ea1821eae465dfff9a9ef90662c2ce79e5abfe6e Mon Sep 17 00:00:00 2001
+From c37ee0cb65bd828d36ebe05bd3fea883685f8da3 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:17 -0600
 Subject: cpufreq/amd-pstate: Show a warning when a CPU fails to setup

debian/patches/patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch

@@ -1,4 +1,4 @@
-From 72016df62985637e59f075e25233d8ca942eb391 Mon Sep 17 00:00:00 2001
+From b4e1ebe4f5e836d9395383acc71f130846f925fb Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:18 -0600
 Subject: cpufreq/amd-pstate: Drop min and max cached frequencies

debian/patches/patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch

@@ -1,4 +1,4 @@
-From 289c4432443c54497bfe75410a516ca24475504d Mon Sep 17 00:00:00 2001
+From 719a773ca04ac885a29b292ef5b64dd4c25f39fe Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:19 -0600
 Subject: cpufreq/amd-pstate: Move perf values into a union

debian/patches/patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Overhaul-locking.patch

@@ -1,4 +1,4 @@
-From 34925ac1038d19197f0a2ac8574496e77645fdf5 Mon Sep 17 00:00:00 2001
+From 79ecccde4094c468608328a349c5fd16fbf2f43e Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:20 -0600
 Subject: cpufreq/amd-pstate: Overhaul locking

debian/patches/patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch

@@ -1,4 +1,4 @@
-From 33c2b6f10f140e35f44d2be9bd8dc9eb459fb29a Mon Sep 17 00:00:00 2001
+From 2b570ed010d10b0c2531642a7e0eba7b942ac6d4 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:21 -0600
 Subject: cpufreq/amd-pstate: Drop `cppc_cap1_cached`

debian/patches/patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch

@@ -1,4 +1,4 @@
-From 22a3d411de53a42057ab0dc45bb00306fd855807 Mon Sep 17 00:00:00 2001
+From 47fac320cc620c0df7597d28394279d87f94e9a4 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:22 -0600
 Subject: cpufreq/amd-pstate-ut: Use _free macro to free put policy

debian/patches/patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch

@@ -1,4 +1,4 @@
-From e42e4d9ee2e953137488e531be82c4d2d1c10d1c Mon Sep 17 00:00:00 2001
+From 70f7a9af7ff80b58393e62168523c0a27f12da22 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:23 -0600
 Subject: cpufreq/amd-pstate-ut: Allow lowest nonlinear and lowest to be the

debian/patches/patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch

@@ -1,4 +1,4 @@
-From 141c02d0bbbca11a1fceae703a6b7dbfe6315b18 Mon Sep 17 00:00:00 2001
+From fc2391caced7c17d7228faf7fdff83fe01240888 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:24 -0600
 Subject: cpufreq/amd-pstate-ut: Drop SUCCESS and FAIL enums

debian/patches/patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch

@@ -1,4 +1,4 @@
-From 2fe00ce7f79ef57185bdd84e736d8bf47286eb8f Mon Sep 17 00:00:00 2001
+From c4b9333baaa421f7930f2c9f776dac1ba71999d0 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:25 -0600
 Subject: cpufreq/amd-pstate-ut: Run on all of the correct CPUs

debian/patches/patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch

@@ -1,4 +1,4 @@
-From 95bbcd16b467dceea295dbd97c7347e7dd15dabc Mon Sep 17 00:00:00 2001
+From 84e96fb98ef86f82afc0ab00c17bf263163ea5df Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:26 -0600
 Subject: cpufreq/amd-pstate-ut: Adjust variable scope

debian/patches/patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch

@@ -1,4 +1,4 @@
-From 98519671cd3691a45f23a7de4862ec0642b5921e Mon Sep 17 00:00:00 2001
+From 0b5b3c1580120d99ab30a883086961138037a310 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:27 -0600
 Subject: cpufreq/amd-pstate: Replace all AMD_CPPC_* macros with masks

debian/patches/patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch

@@ -1,4 +1,4 @@
-From fc5fe86b4f63ed2ff8230c48e737185451e9c3a4 Mon Sep 17 00:00:00 2001
+From 47cc0c90ca4166b134bf13b959ba85a74dd62e6f Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:28 -0600
 Subject: cpufreq/amd-pstate: Cache CPPC request in shared mem case too

debian/patches/patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch

@@ -1,4 +1,4 @@
-From e1b5c43aa7bf8d75d2043809ff38fee0b7d26259 Mon Sep 17 00:00:00 2001
+From f1030cf846b41bb466ca139da33d5cc743a8dca6 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:29 -0600
 Subject: cpufreq/amd-pstate: Move all EPP tracing into *_update_perf and

debian/patches/patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch

@@ -1,4 +1,4 @@
-From d53216c4c9f67163c9dec656862f1135d6f4af63 Mon Sep 17 00:00:00 2001
+From 0355adaaef43590373457b0a33195fa458cfecbc Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:30 -0600
 Subject: cpufreq/amd-pstate: Update cppc_req_cached for shared mem EPP writes

debian/patches/patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch

@@ -1,4 +1,4 @@
-From cecd79d237f4b5d19adac7fb9d57c59c77e40547 Mon Sep 17 00:00:00 2001
+From 65fa376d4387463f1b06248ef590898c1ad35b46 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:31 -0600
 Subject: cpufreq/amd-pstate: Drop debug statements for policy setting

debian/patches/patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Rework-CPPC-enabling.patch

@@ -1,4 +1,4 @@
-From bbb0d5ec2d1d757fc7b71086f505113845cc2aab Mon Sep 17 00:00:00 2001
+From 394034d8e0bde7bd8bd482d4924f8883ff6f4cbe Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:32 -0600
 Subject: cpufreq/amd-pstate: Rework CPPC enabling

debian/patches/patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Stop-caching-EPP.patch

@@ -1,4 +1,4 @@
-From f11b0be50d2c87af1a401397f8918015e15199c6 Mon Sep 17 00:00:00 2001
+From 50fccd9d8304b992bbea9088abe4ee33786d9805 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:33 -0600
 Subject: cpufreq/amd-pstate: Stop caching EPP

debian/patches/patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch

@@ -1,4 +1,4 @@
-From 509a6a82d6558983a84407e77aa398501b5c814a Mon Sep 17 00:00:00 2001
+From c940323e2d0e3f449f6a1c343c9d94f2e57c3eda Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:34 -0600
 Subject: cpufreq/amd-pstate: Drop actions in amd_pstate_epp_cpu_offline()

debian/patches/patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch

@@ -1,4 +1,4 @@
-From 476817b414eddbf798161c3b33ef1209098bdf50 Mon Sep 17 00:00:00 2001
+From 401a66269205902153f18f78963e53cb14f99b83 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <superm1@kernel.org>
 Date: Thu, 27 Feb 2025 14:09:08 -0600
 Subject: cpufreq/amd-pstate: fix warning noticed by kernel test robot

debian/patches/patchset-pf/amd-pstate/0027-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch

@@ -0,0 +1,42 @@
+From 6b89403370ff0c33e2491dd700b601c438c7f9b2 Mon Sep 17 00:00:00 2001
+From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
+Date: Mon, 7 Apr 2025 08:19:26 +0000
+Subject: cpufreq/amd-pstate: Fix min_limit perf and freq updation for
+ performance governor
+
+The min_limit perf and freq values can get disconnected with performance
+governor, as we only modify the perf value in the special case. Fix that
+by modifying the perf and freq values together
+
+Fixes: 009d1c29a451 ("cpufreq/amd-pstate: Move perf values into a union")
+Signed-off-by: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
+Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
+Link: https://lore.kernel.org/r/20250407081925.850473-1-dhananjay.ugwekar@amd.com
+Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
+---
+ drivers/cpufreq/amd-pstate.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/drivers/cpufreq/amd-pstate.c
++++ b/drivers/cpufreq/amd-pstate.c
+@@ -607,13 +607,16 @@ static void amd_pstate_update_min_max_li
+ 	union perf_cached perf = READ_ONCE(cpudata->perf);
+ 
+ 	perf.max_limit_perf = freq_to_perf(perf, cpudata->nominal_freq, policy->max);
+-	perf.min_limit_perf = freq_to_perf(perf, cpudata->nominal_freq, policy->min);
++	WRITE_ONCE(cpudata->max_limit_freq, policy->max);
+ 
+-	if (cpudata->policy == CPUFREQ_POLICY_PERFORMANCE)
++	if (cpudata->policy == CPUFREQ_POLICY_PERFORMANCE) {
+ 		perf.min_limit_perf = min(perf.nominal_perf, perf.max_limit_perf);
++		WRITE_ONCE(cpudata->min_limit_freq, min(cpudata->nominal_freq, cpudata->max_limit_freq));
++	} else {
++		perf.min_limit_perf = freq_to_perf(perf, cpudata->nominal_freq, policy->min);
++		WRITE_ONCE(cpudata->min_limit_freq, policy->min);
++	}
+ 
+-	WRITE_ONCE(cpudata->max_limit_freq, policy->max);
+-	WRITE_ONCE(cpudata->min_limit_freq, policy->min);
+ 	WRITE_ONCE(cpudata->perf, perf);
+ }
+ 

debian/patches/patchset-pf/btrfs/0001-btrfs-fix-non-empty-delayed-iputs-list-on-unmount-du.patch

@@ -55,7 +55,7 @@ Signed-off-by: David Sterba <dsterba@suse.com>
 
 --- a/fs/btrfs/disk-io.c
 +++ b/fs/btrfs/disk-io.c
-@@ -4346,6 +4346,18 @@ void __cold close_ctree(struct btrfs_fs_
+@@ -4349,6 +4349,18 @@ void __cold close_ctree(struct btrfs_fs_
  	btrfs_flush_workqueue(fs_info->delalloc_workers);
  
  	/*

debian/patches/patchset-pf/exfat/0001-exfat-fix-random-stack-corruption-after-get_block.patch

@@ -1,122 +0,0 @@
-From 99d63b3e3be79190d3bb4759bfb3a47fd00cfdbe Mon Sep 17 00:00:00 2001
-From: Sungjong Seo <sj1557.seo@samsung.com>
-Date: Fri, 21 Mar 2025 15:34:42 +0900
-Subject: exfat: fix random stack corruption after get_block
-
-When get_block is called with a buffer_head allocated on the stack, such
-as do_mpage_readpage, stack corruption due to buffer_head UAF may occur in
-the following race condition situation.
-
-     <CPU 0>                      <CPU 1>
-mpage_read_folio
-  <<bh on stack>>
-  do_mpage_readpage
-    exfat_get_block
-      bh_read
-        __bh_read
-	  get_bh(bh)
-          submit_bh
-          wait_on_buffer
-                              ...
-                              end_buffer_read_sync
-                                __end_buffer_read_notouch
-                                   unlock_buffer
-          <<keep going>>
-        ...
-      ...
-    ...
-  ...
-<<bh is not valid out of mpage_read_folio>>
-   .
-   .
-another_function
-  <<variable A on stack>>
-                                   put_bh(bh)
-                                     atomic_dec(bh->b_count)
-  * stack corruption here *
-
-This patch returns -EAGAIN if a folio does not have buffers when bh_read
-needs to be called. By doing this, the caller can fallback to functions
-like block_read_full_folio(), create a buffer_head in the folio, and then
-call get_block again.
-
-Let's do not call bh_read() with on-stack buffer_head.
-
-Fixes: 11a347fb6cef ("exfat: change to get file size from DataLength")
-Cc: stable@vger.kernel.org
-Tested-by: Yeongjin Gil <youngjin.gil@samsung.com>
-Signed-off-by: Sungjong Seo <sj1557.seo@samsung.com>
-Reviewed-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
-Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
----
- fs/exfat/inode.c | 39 +++++++++++++++++++++++++++++++++------
- 1 file changed, 33 insertions(+), 6 deletions(-)
-
---- a/fs/exfat/inode.c
-+++ b/fs/exfat/inode.c
-@@ -344,7 +344,8 @@ static int exfat_get_block(struct inode
- 			 * The block has been partially written,
- 			 * zero the unwritten part and map the block.
- 			 */
--			loff_t size, off, pos;
-+			loff_t size, pos;
-+			void *addr;
- 
- 			max_blocks = 1;
- 
-@@ -355,17 +356,41 @@ static int exfat_get_block(struct inode
- 			if (!bh_result->b_folio)
- 				goto done;
- 
-+			/*
-+			 * No buffer_head is allocated.
-+			 * (1) bmap: It's enough to fill bh_result without I/O.
-+			 * (2) read: The unwritten part should be filled with 0
-+			 *           If a folio does not have any buffers,
-+			 *           let's returns -EAGAIN to fallback to
-+			 *           per-bh IO like block_read_full_folio().
-+			 */
-+			if (!folio_buffers(bh_result->b_folio)) {
-+				err = -EAGAIN;
-+				goto done;
-+			}
-+
- 			pos = EXFAT_BLK_TO_B(iblock, sb);
- 			size = ei->valid_size - pos;
--			off = pos & (PAGE_SIZE - 1);
-+			addr = folio_address(bh_result->b_folio) +
-+			       offset_in_folio(bh_result->b_folio, pos);
- 
--			folio_set_bh(bh_result, bh_result->b_folio, off);
-+			/* Check if bh->b_data points to proper addr in folio */
-+			if (bh_result->b_data != addr) {
-+				exfat_fs_error_ratelimit(sb,
-+					"b_data(%p) != folio_addr(%p)",
-+					bh_result->b_data, addr);
-+				err = -EINVAL;
-+				goto done;
-+			}
-+
-+			/* Read a block */
- 			err = bh_read(bh_result, 0);
- 			if (err < 0)
--				goto unlock_ret;
-+				goto done;
- 
--			folio_zero_segment(bh_result->b_folio, off + size,
--					off + sb->s_blocksize);
-+			/* Zero unwritten part of a block */
-+			memset(bh_result->b_data + size, 0,
-+			       bh_result->b_size - size);
- 		} else {
- 			/*
- 			 * The range has not been written, clear the mapped flag
-@@ -376,6 +401,8 @@ static int exfat_get_block(struct inode
- 	}
- done:
- 	bh_result->b_size = EXFAT_BLK_TO_B(max_blocks, sb);
-+	if (err < 0)
-+		clear_buffer_mapped(bh_result);
- unlock_ret:
- 	mutex_unlock(&sbi->s_lock);
- 	return err;

debian/patches/patchset-pf/exfat/0002-exfat-fix-potential-wrong-error-return-from-get_bloc.patch

@@ -1,30 +0,0 @@
-From 8a19bb487633ff4dcf9c247cd3913ea4db26abca Mon Sep 17 00:00:00 2001
-From: Sungjong Seo <sj1557.seo@samsung.com>
-Date: Wed, 26 Mar 2025 23:48:48 +0900
-Subject: exfat: fix potential wrong error return from get_block
-
-If there is no error, get_block() should return 0. However, when bh_read()
-returns 1, get_block() also returns 1 in the same manner.
-
-Let's set err to 0, if there is no error from bh_read()
-
-Fixes: 11a347fb6cef ("exfat: change to get file size from DataLength")
-Cc: stable@vger.kernel.org
-Signed-off-by: Sungjong Seo <sj1557.seo@samsung.com>
-Reviewed-by: Yuezhang Mo <Yuezhang.Mo@sony.com>
-Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
----
- fs/exfat/inode.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/fs/exfat/inode.c
-+++ b/fs/exfat/inode.c
-@@ -391,6 +391,8 @@ static int exfat_get_block(struct inode
- 			/* Zero unwritten part of a block */
- 			memset(bh_result->b_data + size, 0,
- 			       bh_result->b_size - size);
-+
-+			err = 0;
- 		} else {
- 			/*
- 			 * The range has not been written, clear the mapped flag

debian/patches/patchset-pf/fixes/0001-tpm-do-not-start-chip-while-suspended.patch

@@ -1,4 +1,4 @@
-From 9efac88375330a6f29f091e9dd5fd6154670ba56 Mon Sep 17 00:00:00 2001
+From 04eeb2f53dc530f0f724687b9ed2efdb86c59aed Mon Sep 17 00:00:00 2001
 From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
 Date: Fri, 7 Feb 2025 15:07:46 -0300
 Subject: tpm: do not start chip while suspended

debian/patches/patchset-pf/fixes/0002-Kunit-to-check-the-longest-symbol-length.patch

@@ -0,0 +1,176 @@
+From 065753c4084d8ea0b55b8a5abbba3291eeaf5979 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Sergio=20Gonz=C3=A1lez=20Collado?=
+ <sergio.collado@gmail.com>
+Date: Sun, 2 Mar 2025 23:15:18 +0100
+Subject: Kunit to check the longest symbol length
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The longest length of a symbol (KSYM_NAME_LEN) was increased to 512
+in the reference [1]. This patch adds kunit test suite to check the longest
+symbol length. These tests verify that the longest symbol length defined
+is supported.
+
+This test can also help other efforts for longer symbol length,
+like [2].
+
+The test suite defines one symbol with the longest possible length.
+
+The first test verify that functions with names of the created
+symbol, can be called or not.
+
+The second test, verify that the symbols are created (or
+not) in the kernel symbol table.
+
+[1] https://lore.kernel.org/lkml/20220802015052.10452-6-ojeda@kernel.org/
+[2] https://lore.kernel.org/lkml/20240605032120.3179157-1-song@kernel.org/
+
+Tested-by: Martin Rodriguez Reboredo <yakoyoku@gmail.com>
+Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
+Reviewed-by: Rae Moar <rmoar@google.com>
+Signed-off-by: Sergio González Collado <sergio.collado@gmail.com>
+Link: https://github.com/Rust-for-Linux/linux/issues/504
+Source: https://lore.kernel.org/rust-for-linux/20250302221518.76874-1-sergio.collado@gmail.com/
+Cherry-picked-for: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/63
+---
+ arch/x86/tools/insn_decoder_test.c |  3 +-
+ lib/Kconfig.debug                  |  9 ++++
+ lib/Makefile                       |  2 +
+ lib/longest_symbol_kunit.c         | 82 ++++++++++++++++++++++++++++++
+ 4 files changed, 95 insertions(+), 1 deletion(-)
+ create mode 100644 lib/longest_symbol_kunit.c
+
+--- a/arch/x86/tools/insn_decoder_test.c
++++ b/arch/x86/tools/insn_decoder_test.c
+@@ -10,6 +10,7 @@
+ #include <assert.h>
+ #include <unistd.h>
+ #include <stdarg.h>
++#include <linux/kallsyms.h>
+ 
+ #define unlikely(cond) (cond)
+ 
+@@ -106,7 +107,7 @@ static void parse_args(int argc, char **
+ 	}
+ }
+ 
+-#define BUFSIZE 256
++#define BUFSIZE (256 + KSYM_NAME_LEN)
+ 
+ int main(int argc, char **argv)
+ {
+--- a/lib/Kconfig.debug
++++ b/lib/Kconfig.debug
+@@ -2838,6 +2838,15 @@ config FORTIFY_KUNIT_TEST
+ 	  by the str*() and mem*() family of functions. For testing runtime
+ 	  traps of FORTIFY_SOURCE, see LKDTM's "FORTIFY_*" tests.
+ 
++config LONGEST_SYM_KUNIT_TEST
++	tristate "Test the longest symbol possible" if !KUNIT_ALL_TESTS
++	depends on KUNIT && KPROBES
++	default KUNIT_ALL_TESTS
++	help
++	  Tests the longest symbol possible
++
++	  If unsure, say N.
++
+ config HW_BREAKPOINT_KUNIT_TEST
+ 	bool "Test hw_breakpoint constraints accounting" if !KUNIT_ALL_TESTS
+ 	depends on HAVE_HW_BREAKPOINT
+--- a/lib/Makefile
++++ b/lib/Makefile
+@@ -393,6 +393,8 @@ obj-$(CONFIG_FORTIFY_KUNIT_TEST) += fort
+ obj-$(CONFIG_CRC_KUNIT_TEST) += crc_kunit.o
+ obj-$(CONFIG_SIPHASH_KUNIT_TEST) += siphash_kunit.o
+ obj-$(CONFIG_USERCOPY_KUNIT_TEST) += usercopy_kunit.o
++obj-$(CONFIG_LONGEST_SYM_KUNIT_TEST) += longest_symbol_kunit.o
++CFLAGS_longest_symbol_kunit.o += $(call cc-disable-warning, missing-prototypes)
+ 
+ obj-$(CONFIG_GENERIC_LIB_DEVMEM_IS_ALLOWED) += devmem_is_allowed.o
+ 
+--- /dev/null
++++ b/lib/longest_symbol_kunit.c
+@@ -0,0 +1,82 @@
++// SPDX-License-Identifier: GPL-2.0
++/*
++ * Test the longest symbol length. Execute with:
++ *  ./tools/testing/kunit/kunit.py run longest-symbol
++ *  --arch=x86_64 --kconfig_add CONFIG_KPROBES=y --kconfig_add CONFIG_MODULES=y
++ *  --kconfig_add CONFIG_RETPOLINE=n --kconfig_add CONFIG_CFI_CLANG=n
++ *  --kconfig_add CONFIG_MITIGATION_RETPOLINE=n
++ */
++
++#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
++
++#include <kunit/test.h>
++#include <linux/stringify.h>
++#include <linux/kprobes.h>
++#include <linux/kallsyms.h>
++
++#define DI(name) s##name##name
++#define DDI(name) DI(n##name##name)
++#define DDDI(name) DDI(n##name##name)
++#define DDDDI(name) DDDI(n##name##name)
++#define DDDDDI(name) DDDDI(n##name##name)
++
++/*Generate a symbol whose name length is 511 */
++#define LONGEST_SYM_NAME  DDDDDI(g1h2i3j4k5l6m7n)
++
++#define RETURN_LONGEST_SYM 0xAAAAA
++
++noinline int LONGEST_SYM_NAME(void);
++noinline int LONGEST_SYM_NAME(void)
++{
++	return RETURN_LONGEST_SYM;
++}
++
++_Static_assert(sizeof(__stringify(LONGEST_SYM_NAME)) == KSYM_NAME_LEN,
++"Incorrect symbol length found. Expected KSYM_NAME_LEN: "
++__stringify(KSYM_NAME_LEN) ", but found: "
++__stringify(sizeof(LONGEST_SYM_NAME)));
++
++static void test_longest_symbol(struct kunit *test)
++{
++	KUNIT_EXPECT_EQ(test, RETURN_LONGEST_SYM, LONGEST_SYM_NAME());
++};
++
++static void test_longest_symbol_kallsyms(struct kunit *test)
++{
++	unsigned long (*kallsyms_lookup_name)(const char *name);
++	static int (*longest_sym)(void);
++
++	struct kprobe kp = {
++		.symbol_name = "kallsyms_lookup_name",
++	};
++
++	if (register_kprobe(&kp) < 0) {
++		pr_info("%s: kprobe not registered", __func__);
++		KUNIT_FAIL(test, "test_longest_symbol kallsyms: kprobe not registered\n");
++		return;
++	}
++
++	kunit_warn(test, "test_longest_symbol kallsyms: kprobe registered\n");
++	kallsyms_lookup_name = (unsigned long (*)(const char *name))kp.addr;
++	unregister_kprobe(&kp);
++
++	longest_sym =
++		(void *) kallsyms_lookup_name(__stringify(LONGEST_SYM_NAME));
++	KUNIT_EXPECT_EQ(test, RETURN_LONGEST_SYM, longest_sym());
++};
++
++static struct kunit_case longest_symbol_test_cases[] = {
++	KUNIT_CASE(test_longest_symbol),
++	KUNIT_CASE(test_longest_symbol_kallsyms),
++	{}
++};
++
++static struct kunit_suite longest_symbol_test_suite = {
++	.name = "longest-symbol",
++	.test_cases = longest_symbol_test_cases,
++};
++kunit_test_suite(longest_symbol_test_suite);
++
++MODULE_LICENSE("GPL");
++MODULE_DESCRIPTION("Test the longest symbol length");
++MODULE_AUTHOR("Sergio González Collado");

debian/patches/patchset-pf/fixes/0002-x86-insn_decoder_test-allow-longer-symbol-names.patch

@@ -1,45 +0,0 @@
-From 2c26fd36ffb4bed4d55f9c7ba8d4f22db093eba2 Mon Sep 17 00:00:00 2001
-From: David Rheinsberg <david@readahead.eu>
-Date: Tue, 24 Jan 2023 12:04:59 +0100
-Subject: x86/insn_decoder_test: allow longer symbol-names
-
-Increase the allowed line-length of the insn-decoder-test to 4k to allow
-for symbol-names longer than 256 characters.
-
-The insn-decoder-test takes objdump output as input, which may contain
-symbol-names as instruction arguments. With rust-code entering the
-kernel, those symbol-names will include mangled-symbols which might
-exceed the current line-length-limit of the tool.
-
-By bumping the line-length-limit of the tool to 4k, we get a reasonable
-buffer for all objdump outputs I have seen so far. Unfortunately, ELF
-symbol-names are not restricted in length, so technically this might
-still end up failing if we encounter longer names in the future.
-
-My compile-failure looks like this:
-
-    arch/x86/tools/insn_decoder_test: error: malformed line 1152000:
-    tBb_+0xf2>
-
-..which overflowed by 10 characters reading this line:
-
-    ffffffff81458193:   74 3d                   je     ffffffff814581d2 <_RNvXse_NtNtNtCshGpAVYOtgW1_4core4iter8adapters7flattenINtB5_13FlattenCompatINtNtB7_3map3MapNtNtNtBb_3str4iter5CharsNtB1v_17CharEscapeDefaultENtNtBb_4char13EscapeDefaultENtNtBb_3fmt5Debug3fmtBb_+0xf2>
-
-Signed-off-by: David Rheinsberg <david@readahead.eu>
-Signed-off-by: Scott Weaver <scweaver@redhat.com>
-Cherry-picked-for: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/63
----
- arch/x86/tools/insn_decoder_test.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/arch/x86/tools/insn_decoder_test.c
-+++ b/arch/x86/tools/insn_decoder_test.c
-@@ -106,7 +106,7 @@ static void parse_args(int argc, char **
- 	}
- }
- 
--#define BUFSIZE 256
-+#define BUFSIZE 4096
- 
- int main(int argc, char **argv)
- {

debian/patches/patchset-pf/fixes/0003-EDAC-igen6-Fix-the-flood-of-invalid-error-reports.patch

@@ -1,56 +0,0 @@
-From 8886788eed16c79124bc530950f09c3f2fa881a8 Mon Sep 17 00:00:00 2001
-From: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
-Date: Wed, 12 Feb 2025 16:33:54 +0800
-Subject: EDAC/igen6: Fix the flood of invalid error reports
-
-The ECC_ERROR_LOG register of certain SoCs may contain the invalid value
-~0, which results in a flood of invalid error reports in polling mode.
-
-Fix the flood of invalid error reports by skipping the invalid ECC error
-log value ~0.
-
-Fixes: e14232afa944 ("EDAC/igen6: Add polling support")
-Reported-by: Ramses <ramses@well-founded.dev>
-Closes: https://lore.kernel.org/all/OISL8Rv--F-9@well-founded.dev/
-Tested-by: Ramses <ramses@well-founded.dev>
-Reported-by: John <therealgraysky@proton.me>
-Closes: https://lore.kernel.org/all/p5YcxOE6M3Ncxpn2-Ia_wCt61EM4LwIiN3LroQvT_-G2jMrFDSOW5k2A9D8UUzD2toGpQBN1eI0sL5dSKnkO8iteZegLoQEj-DwQaMhGx4A=@proton.me/
-Tested-by: John <therealgraysky@proton.me>
-Signed-off-by: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
-Signed-off-by: Tony Luck <tony.luck@intel.com>
-Link: https://lore.kernel.org/r/20250212083354.31919-1-qiuxu.zhuo@intel.com
----
- drivers/edac/igen6_edac.c | 21 +++++++++++++++------
- 1 file changed, 15 insertions(+), 6 deletions(-)
-
---- a/drivers/edac/igen6_edac.c
-+++ b/drivers/edac/igen6_edac.c
-@@ -785,13 +785,22 @@ static u64 ecclog_read_and_clear(struct
- {
- 	u64 ecclog = readq(imc->window + ECC_ERROR_LOG_OFFSET);
- 
--	if (ecclog & (ECC_ERROR_LOG_CE | ECC_ERROR_LOG_UE)) {
--		/* Clear CE/UE bits by writing 1s */
--		writeq(ecclog, imc->window + ECC_ERROR_LOG_OFFSET);
--		return ecclog;
--	}
-+	/*
-+	 * Quirk: The ECC_ERROR_LOG register of certain SoCs may contain
-+	 *        the invalid value ~0. This will result in a flood of invalid
-+	 *        error reports in polling mode. Skip it.
-+	 */
-+	if (ecclog == ~0)
-+		return 0;
- 
--	return 0;
-+	/* Neither a CE nor a UE. Skip it.*/
-+	if (!(ecclog & (ECC_ERROR_LOG_CE | ECC_ERROR_LOG_UE)))
-+		return 0;
-+
-+	/* Clear CE/UE bits by writing 1s */
-+	writeq(ecclog, imc->window + ECC_ERROR_LOG_OFFSET);
-+
-+	return ecclog;
- }
- 
- static void errsts_clear(struct igen6_imc *imc)

debian/patches/patchset-pf/fixes/0003-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch

@@ -1,4 +1,4 @@
-From b40bdfdcffa333ad169327c5b8fe1b93542c7e0a Mon Sep 17 00:00:00 2001
+From 7f3eaa6a64048a0259d2daae8a91e64fbd749641 Mon Sep 17 00:00:00 2001
 From: Nathan Chancellor <nathan@kernel.org>
 Date: Tue, 18 Mar 2025 15:32:30 -0700
 Subject: x86/tools: Drop duplicate unlikely() definition in
@@ -25,9 +25,9 @@ Link: https://lore.kernel.org/r/20250318-x86-decoder-test-fix-unlikely-redef-v1-
 
 --- a/arch/x86/tools/insn_decoder_test.c
 +++ b/arch/x86/tools/insn_decoder_test.c
-@@ -11,8 +11,6 @@
- #include <unistd.h>
+@@ -12,8 +12,6 @@
  #include <stdarg.h>
+ #include <linux/kallsyms.h>
  
 -#define unlikely(cond) (cond)
 -

debian/patches/patchset-pf/fixes/0004-tpm-tpm_tis-Fix-timeout-handling-when-waiting-for-TP.patch

@@ -1,4 +1,4 @@
-From 073fb5ff9a001882fa884a0a8efddc88860ad791 Mon Sep 17 00:00:00 2001
+From cda754004cc36746f5197ed203d013dccf2f5146 Mon Sep 17 00:00:00 2001
 From: Jonathan McDowell <noodles@meta.com>
 Date: Wed, 12 Mar 2025 07:31:57 +0200
 Subject: tpm, tpm_tis: Fix timeout handling when waiting for TPM status

debian/patches/patchset-pf/fixes/0005-block-make-sure-nr_integrity_segments-is-cloned-in-b.patch

@@ -1,4 +1,4 @@
-From f4511f63677bd3e7831561b1407a69a71cb519bc Mon Sep 17 00:00:00 2001
+From 32df198f302abc95f532b55c7612c156d3febcd9 Mon Sep 17 00:00:00 2001
 From: Ming Lei <ming.lei@redhat.com>
 Date: Mon, 10 Mar 2025 19:54:53 +0800
 Subject: block: make sure ->nr_integrity_segments is cloned in

debian/patches/patchset-pf/fixes/0006-PCI-Fix-wrong-length-of-devres-array.patch

@@ -1,4 +1,4 @@
-From 46b8c87f1aa08a0794b45b394c5462f33bec54b0 Mon Sep 17 00:00:00 2001
+From 0c116e263170e1e5b7325af51659074c977b8a91 Mon Sep 17 00:00:00 2001
 From: Philipp Stanner <phasta@kernel.org>
 Date: Wed, 12 Mar 2025 09:06:34 +0100
 Subject: PCI: Fix wrong length of devres array

debian/patches/patchset-pf/fixes/0006-x86-mm-Fix-flush_tlb_range-when-used-for-zapping-nor.patch

@@ -1,50 +0,0 @@
-From e24882a961e2d85cc4c8319a56734a0d7c7867fc Mon Sep 17 00:00:00 2001
-From: Jann Horn <jannh@google.com>
-Date: Fri, 3 Jan 2025 19:39:38 +0100
-Subject: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
-
-On the following path, flush_tlb_range() can be used for zapping normal
-PMD entries (PMD entries that point to page tables) together with the PTE
-entries in the pointed-to page table:
-
-    collapse_pte_mapped_thp
-      pmdp_collapse_flush
-        flush_tlb_range
-
-The arm64 version of flush_tlb_range() has a comment describing that it can
-be used for page table removal, and does not use any last-level
-invalidation optimizations. Fix the X86 version by making it behave the
-same way.
-
-Currently, X86 only uses this information for the following two purposes,
-which I think means the issue doesn't have much impact:
-
- - In native_flush_tlb_multi() for checking if lazy TLB CPUs need to be
-   IPI'd to avoid issues with speculative page table walks.
- - In Hyper-V TLB paravirtualization, again for lazy TLB stuff.
-
-The patch "x86/mm: only invalidate final translations with INVLPGB" which
-is currently under review (see
-<https://lore.kernel.org/all/20241230175550.4046587-13-riel@surriel.com/>)
-would probably be making the impact of this a lot worse.
-
-Fixes: 016c4d92cd16 ("x86/mm/tlb: Add freed_tables argument to flush_tlb_mm_range")
-Signed-off-by: Jann Horn <jannh@google.com>
-Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
-Cc: stable@vger.kernel.org
-Link: https://lkml.kernel.org/r/20250103-x86-collapse-flush-fix-v1-1-3c521856cfa6@google.com
----
- arch/x86/include/asm/tlbflush.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/arch/x86/include/asm/tlbflush.h
-+++ b/arch/x86/include/asm/tlbflush.h
-@@ -311,7 +311,7 @@ static inline bool mm_in_asid_transition
- 	flush_tlb_mm_range((vma)->vm_mm, start, end,			\
- 			   ((vma)->vm_flags & VM_HUGETLB)		\
- 				? huge_page_shift(hstate_vma(vma))	\
--				: PAGE_SHIFT, false)
-+				: PAGE_SHIFT, true)
- 
- extern void flush_tlb_all(void);
- extern void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start,

debian/patches/patchset-pf/fixes/0007-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch

@@ -0,0 +1,29 @@
+From 3cfeab379362feb285fdb631ebc65539c1559034 Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Thu, 27 Mar 2025 17:33:49 -0400
+Subject: drm/amdgpu/mes11: optimize MES pipe FW version fetching
+
+Don't fetch it again if we already have it.  It seems the
+don't reliably have the proper value at resume in some
+cases.
+
+Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4083
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cherry-picked-for: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/121
+---
+ drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c
++++ b/drivers/gpu/drm/amd/amdgpu/mes_v11_0.c
+@@ -899,6 +899,10 @@ static void mes_v11_0_get_fw_version(str
+ {
+ 	int pipe;
+ 
++	/* return early if we have already fetched these */
++	if (adev->mes.sched_version && adev->mes.kiq_version)
++		return;
++
+ 	/* get MES scheduler/KIQ versions */
+ 	mutex_lock(&adev->srbm_mutex);
+ 

debian/patches/patchset-pf/fixes/0007-x86-tsc-Always-save-restore-TSC-sched_clock-on-suspe.patch

@@ -1,68 +0,0 @@
-From 7a0abf17cceb511425b7af34291243b4a270e770 Mon Sep 17 00:00:00 2001
-From: "Guilherme G. Piccoli" <gpiccoli@igalia.com>
-Date: Sat, 15 Feb 2025 17:58:16 -0300
-Subject: x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
-
-TSC could be reset in deep ACPI sleep states, even with invariant TSC.
-
-That's the reason we have sched_clock() save/restore functions, to deal
-with this situation. But what happens is that such functions are guarded
-with a check for the stability of sched_clock - if not considered stable,
-the save/restore routines aren't executed.
-
-On top of that, we have a clear comment in native_sched_clock() saying
-that *even* with TSC unstable, we continue using TSC for sched_clock due
-to its speed.
-
-In other words, if we have a situation of TSC getting detected as unstable,
-it marks the sched_clock as unstable as well, so subsequent S3 sleep cycles
-could bring bogus sched_clock values due to the lack of the save/restore
-mechanism, causing warnings like this:
-
-  [22.954918] ------------[ cut here ]------------
-  [22.954923] Delta way too big! 18446743750843854390 ts=18446744072977390405 before=322133536015 after=322133536015 write stamp=18446744072977390405
-  [22.954923] If you just came from a suspend/resume,
-  [22.954923] please switch to the trace global clock:
-  [22.954923]   echo global > /sys/kernel/tracing/trace_clock
-  [22.954923] or add trace_clock=global to the kernel command line
-  [22.954937] WARNING: CPU: 2 PID: 5728 at kernel/trace/ring_buffer.c:2890 rb_add_timestamp+0x193/0x1c0
-
-Notice that the above was reproduced even with "trace_clock=global".
-
-The fix for that is to _always_ save/restore the sched_clock on suspend
-cycle _if TSC is used_ as sched_clock - only if we fallback to jiffies
-the sched_clock_stable() check becomes relevant to save/restore the
-sched_clock.
-
-Debugged-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
-Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Cc: stable@vger.kernel.org
-Cc: Thomas Gleixner <tglx@linutronix.de>
-Cc: Peter Zijlstra <peterz@infradead.org>
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Link: https://lore.kernel.org/r/20250215210314.351480-1-gpiccoli@igalia.com
----
- arch/x86/kernel/tsc.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/arch/x86/kernel/tsc.c
-+++ b/arch/x86/kernel/tsc.c
-@@ -959,7 +959,7 @@ static unsigned long long cyc2ns_suspend
- 
- void tsc_save_sched_clock_state(void)
- {
--	if (!sched_clock_stable())
-+	if (!static_branch_likely(&__use_tsc) && !sched_clock_stable())
- 		return;
- 
- 	cyc2ns_suspend = sched_clock();
-@@ -979,7 +979,7 @@ void tsc_restore_sched_clock_state(void)
- 	unsigned long flags;
- 	int cpu;
- 
--	if (!sched_clock_stable())
-+	if (!static_branch_likely(&__use_tsc) && !sched_clock_stable())
- 		return;
- 
- 	local_irq_save(flags);

debian/patches/patchset-pf/fixes/0008-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch

@@ -0,0 +1,99 @@
+From 1ad7c482a722a7c918609390e479c9dd4f717539 Mon Sep 17 00:00:00 2001
+From: Jarkko Sakkinen <jarkko@kernel.org>
+Date: Mon, 7 Apr 2025 15:28:05 +0300
+Subject: tpm: Mask TPM RC in tpm2_start_auth_session()
+
+tpm2_start_auth_session() does not mask TPM RC correctly from the callers:
+
+[   28.766528] tpm tpm0: A TPM error (2307) occurred start auth session
+
+Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX
+error codes.
+
+Cc: stable@vger.kernel.org # v6.10+
+Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions")
+Reported-by: Herbert Xu <herbert@gondor.apana.org.au>
+Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/
+Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
+---
+ drivers/char/tpm/tpm2-sessions.c | 20 ++++++--------------
+ include/linux/tpm.h              | 21 +++++++++++++++++++++
+ 2 files changed, 27 insertions(+), 14 deletions(-)
+
+--- a/drivers/char/tpm/tpm2-sessions.c
++++ b/drivers/char/tpm/tpm2-sessions.c
+@@ -40,11 +40,6 @@
+  *
+  * These are the usage functions:
+  *
+- * tpm2_start_auth_session() which allocates the opaque auth structure
+- *	and gets a session from the TPM.  This must be called before
+- *	any of the following functions.  The session is protected by a
+- *	session_key which is derived from a random salt value
+- *	encrypted to the NULL seed.
+  * tpm2_end_auth_session() kills the session and frees the resources.
+  *	Under normal operation this function is done by
+  *	tpm_buf_check_hmac_response(), so this is only to be used on
+@@ -963,16 +958,13 @@ err:
+ }
+ 
+ /**
+- * tpm2_start_auth_session() - create a HMAC authentication session with the TPM
+- * @chip: the TPM chip structure to create the session with
++ * tpm2_start_auth_session() - Create an a HMAC authentication session
++ * @chip:	A TPM chip
+  *
+- * This function loads the NULL seed from its saved context and starts
+- * an authentication session on the null seed, fills in the
+- * @chip->auth structure to contain all the session details necessary
+- * for performing the HMAC, encrypt and decrypt operations and
+- * returns.  The NULL seed is flushed before this function returns.
++ * Loads the ephemeral key (null seed), and starts an HMAC authenticated
++ * session. The null seed is flushed before the return.
+  *
+- * Return: zero on success or actual error encountered.
++ * Returns zero on success, or a POSIX error code.
+  */
+ int tpm2_start_auth_session(struct tpm_chip *chip)
+ {
+@@ -1024,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_c
+ 	/* hash algorithm for session */
+ 	tpm_buf_append_u16(&buf, TPM_ALG_SHA256);
+ 
+-	rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session");
++	rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession"));
+ 	tpm2_flush_context(chip, null_key);
+ 
+ 	if (rc == TPM2_RC_SUCCESS)
+--- a/include/linux/tpm.h
++++ b/include/linux/tpm.h
+@@ -257,8 +257,29 @@ enum tpm2_return_codes {
+ 	TPM2_RC_TESTING		= 0x090A, /* RC_WARN */
+ 	TPM2_RC_REFERENCE_H0	= 0x0910,
+ 	TPM2_RC_RETRY		= 0x0922,
++	TPM2_RC_SESSION_MEMORY	= 0x0903,
+ };
+ 
++/*
++ * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The
++ * fallback return value is -EFAULT.
++ */
++static inline ssize_t tpm_to_ret(ssize_t ret)
++{
++	/* Already a POSIX error: */
++	if (ret < 0)
++		return ret;
++
++	switch (ret) {
++	case TPM2_RC_SUCCESS:
++		return 0;
++	case TPM2_RC_SESSION_MEMORY:
++		return -ENOMEM;
++	default:
++		return -EFAULT;
++	}
++}
++
+ enum tpm2_command_codes {
+ 	TPM2_CC_FIRST		        = 0x011F,
+ 	TPM2_CC_HIERARCHY_CONTROL       = 0x0121,

debian/patches/patchset-pf/fixes/0008-uprobes-x86-Harden-uretprobe-syscall-trampoline-chec.patch

@@ -1,87 +0,0 @@
-From bbbc88e65bb8036be1fe3386c0061d9be4c5a442 Mon Sep 17 00:00:00 2001
-From: Jiri Olsa <jolsa@kernel.org>
-Date: Wed, 12 Feb 2025 23:04:33 +0100
-Subject: uprobes/x86: Harden uretprobe syscall trampoline check
-
-Jann reported a possible issue when trampoline_check_ip returns
-address near the bottom of the address space that is allowed to
-call into the syscall if uretprobes are not set up:
-
-   https://lore.kernel.org/bpf/202502081235.5A6F352985@keescook/T/#m9d416df341b8fbc11737dacbcd29f0054413cbbf
-
-Though the mmap minimum address restrictions will typically prevent
-creating mappings there, let's make sure uretprobe syscall checks
-for that.
-
-Fixes: ff474a78cef5 ("uprobe: Add uretprobe syscall to speed up return probe")
-Reported-by: Jann Horn <jannh@google.com>
-Signed-off-by: Jiri Olsa <jolsa@kernel.org>
-Signed-off-by: Ingo Molnar <mingo@kernel.org>
-Reviewed-by: Oleg Nesterov <oleg@redhat.com>
-Reviewed-by: Kees Cook <kees@kernel.org>
-Acked-by: Andrii Nakryiko <andrii@kernel.org>
-Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
-Acked-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
-Cc: Andy Lutomirski <luto@kernel.org>
-Cc: stable@vger.kernel.org
-Link: https://lore.kernel.org/r/20250212220433.3624297-1-jolsa@kernel.org
----
- arch/x86/kernel/uprobes.c | 14 +++++++++-----
- include/linux/uprobes.h   |  2 ++
- kernel/events/uprobes.c   |  2 +-
- 3 files changed, 12 insertions(+), 6 deletions(-)
-
---- a/arch/x86/kernel/uprobes.c
-+++ b/arch/x86/kernel/uprobes.c
-@@ -357,19 +357,23 @@ void *arch_uprobe_trampoline(unsigned lo
- 	return &insn;
- }
- 
--static unsigned long trampoline_check_ip(void)
-+static unsigned long trampoline_check_ip(unsigned long tramp)
- {
--	unsigned long tramp = uprobe_get_trampoline_vaddr();
--
- 	return tramp + (uretprobe_syscall_check - uretprobe_trampoline_entry);
- }
- 
- SYSCALL_DEFINE0(uretprobe)
- {
- 	struct pt_regs *regs = task_pt_regs(current);
--	unsigned long err, ip, sp, r11_cx_ax[3];
-+	unsigned long err, ip, sp, r11_cx_ax[3], tramp;
-+
-+	/* If there's no trampoline, we are called from wrong place. */
-+	tramp = uprobe_get_trampoline_vaddr();
-+	if (unlikely(tramp == UPROBE_NO_TRAMPOLINE_VADDR))
-+		goto sigill;
- 
--	if (regs->ip != trampoline_check_ip())
-+	/* Make sure the ip matches the only allowed sys_uretprobe caller. */
-+	if (unlikely(regs->ip != trampoline_check_ip(tramp)))
- 		goto sigill;
- 
- 	err = copy_from_user(r11_cx_ax, (void __user *)regs->sp, sizeof(r11_cx_ax));
---- a/include/linux/uprobes.h
-+++ b/include/linux/uprobes.h
-@@ -39,6 +39,8 @@ struct page;
- 
- #define MAX_URETPROBE_DEPTH		64
- 
-+#define UPROBE_NO_TRAMPOLINE_VADDR	(~0UL)
-+
- struct uprobe_consumer {
- 	/*
- 	 * handler() can return UPROBE_HANDLER_REMOVE to signal the need to
---- a/kernel/events/uprobes.c
-+++ b/kernel/events/uprobes.c
-@@ -2169,8 +2169,8 @@ void uprobe_copy_process(struct task_str
-  */
- unsigned long uprobe_get_trampoline_vaddr(void)
- {
-+	unsigned long trampoline_vaddr = UPROBE_NO_TRAMPOLINE_VADDR;
- 	struct xol_area *area;
--	unsigned long trampoline_vaddr = -1;
- 
- 	/* Pairs with xol_add_vma() smp_store_release() */
- 	area = READ_ONCE(current->mm->uprobes_state.xol_area); /* ^^^ */

debian/patches/patchset-pf/fixes/0009-ice-mark-ice_write_prof_mask_reg-as-noinline.patch

@@ -0,0 +1,34 @@
+From d3d3441d32966234778ab2e4a127ccccbc6ab092 Mon Sep 17 00:00:00 2001
+From: Oleksandr Natalenko <oleksandr@natalenko.name>
+Date: Tue, 8 Apr 2025 12:02:36 +0200
+Subject: ice: mark ice_write_prof_mask_reg() as noinline
+
+The following happens during build:
+
+```
+drivers/net/ethernet/intel/ice/ice.o: error: objtool: ice_free_prof_mask.isra.0() falls through to next function ice_free_flow_profs.cold()
+drivers/net/ethernet/intel/ice/ice.o: error: objtool: ice_free_prof_mask.isra.0.cold() is missing an ELF size annotation
+```
+
+Marking ice_write_prof_mask_reg() as noinline solves this, although I'm
+not sure if this is a proper solution. Apparently, this happens with -O3
+only, the `default` case is never reachable, but the optimiser generates
+branching to a random code location.
+
+Link: https://lore.kernel.org/lkml/6nzfoyak4cewjpmdflg5yi7jh2mqqdsfqgljoolx5lvdo2p65p@rwjfl7cqkfoo/
+Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
+---
+ drivers/net/ethernet/intel/ice/ice_flex_pipe.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/intel/ice/ice_flex_pipe.c
++++ b/drivers/net/ethernet/intel/ice/ice_flex_pipe.c
+@@ -1404,7 +1404,7 @@ static int ice_prof_inc_ref(struct ice_h
+  * @idx: index of the FV which will use the mask
+  * @mask: the 16-bit mask
+  */
+-static void
++static noinline void
+ ice_write_prof_mask_reg(struct ice_hw *hw, enum ice_block blk, u16 mask_idx,
+ 			u16 idx, u16 mask)
+ {

debian/patches/patchset-pf/fixes/0010-fixes-6.14-update-tpm2_start_auth_session-fix.patch

@@ -0,0 +1,76 @@
+From d8c360e932feed8798adf37ffad5d93e47ab032f Mon Sep 17 00:00:00 2001
+From: Oleksandr Natalenko <oleksandr@natalenko.name>
+Date: Tue, 8 Apr 2025 19:51:44 +0200
+Subject: fixes-6.14: update tpm2_start_auth_session() fix
+
+Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
+---
+ drivers/char/tpm/tpm2-sessions.c |  2 +-
+ include/linux/tpm.h              | 38 +++++++++++++++-----------------
+ 2 files changed, 19 insertions(+), 21 deletions(-)
+
+--- a/drivers/char/tpm/tpm2-sessions.c
++++ b/drivers/char/tpm/tpm2-sessions.c
+@@ -1016,7 +1016,7 @@ int tpm2_start_auth_session(struct tpm_c
+ 	/* hash algorithm for session */
+ 	tpm_buf_append_u16(&buf, TPM_ALG_SHA256);
+ 
+-	rc = tpm_to_ret(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession"));
++	rc = tpm_ret_to_err(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession"));
+ 	tpm2_flush_context(chip, null_key);
+ 
+ 	if (rc == TPM2_RC_SUCCESS)
+--- a/include/linux/tpm.h
++++ b/include/linux/tpm.h
+@@ -260,26 +260,6 @@ enum tpm2_return_codes {
+ 	TPM2_RC_SESSION_MEMORY	= 0x0903,
+ };
+ 
+-/*
+- * Convert a return value from tpm_transmit_cmd() to a POSIX return value. The
+- * fallback return value is -EFAULT.
+- */
+-static inline ssize_t tpm_to_ret(ssize_t ret)
+-{
+-	/* Already a POSIX error: */
+-	if (ret < 0)
+-		return ret;
+-
+-	switch (ret) {
+-	case TPM2_RC_SUCCESS:
+-		return 0;
+-	case TPM2_RC_SESSION_MEMORY:
+-		return -ENOMEM;
+-	default:
+-		return -EFAULT;
+-	}
+-}
+-
+ enum tpm2_command_codes {
+ 	TPM2_CC_FIRST		        = 0x011F,
+ 	TPM2_CC_HIERARCHY_CONTROL       = 0x0121,
+@@ -457,6 +437,24 @@ static inline u32 tpm2_rc_value(u32 rc)
+ 	return (rc & BIT(7)) ? rc & 0xbf : rc;
+ }
+ 
++/*
++ * Convert a return value from tpm_transmit_cmd() to POSIX error code.
++ */
++static inline ssize_t tpm_ret_to_err(ssize_t ret)
++{
++	if (ret < 0)
++		return ret;
++
++	switch (tpm2_rc_value(ret)) {
++	case TPM2_RC_SUCCESS:
++		return 0;
++	case TPM2_RC_SESSION_MEMORY:
++		return -ENOMEM;
++	default:
++		return -EFAULT;
++	}
++}
++
+ #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE)
+ 
+ extern int tpm_is_tpm2(struct tpm_chip *chip);

debian/patches/patchset-pf/fixes/0011-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch

@@ -0,0 +1,47 @@
+From feadcb68955511723dbc2cad800e0524625d62c5 Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Fri, 28 Mar 2025 09:08:57 -0400
+Subject: drm/amdgpu/mes12: optimize MES pipe FW version fetching
+
+Don't fetch it again if we already have it.  It seems the
+registers don't reliably have the value at resume in some
+cases.
+
+Fixes: 785f0f9fe742 ("drm/amdgpu: Add mes v12_0 ip block support (v4)")
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+---
+ drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 21 ++++++++++++---------
+ 1 file changed, 12 insertions(+), 9 deletions(-)
+
+--- a/drivers/gpu/drm/amd/amdgpu/mes_v12_0.c
++++ b/drivers/gpu/drm/amd/amdgpu/mes_v12_0.c
+@@ -1390,17 +1390,20 @@ static int mes_v12_0_queue_init(struct a
+ 		mes_v12_0_queue_init_register(ring);
+ 	}
+ 
+-	/* get MES scheduler/KIQ versions */
+-	mutex_lock(&adev->srbm_mutex);
+-	soc21_grbm_select(adev, 3, pipe, 0, 0);
++	if (((pipe == AMDGPU_MES_SCHED_PIPE) && !adev->mes.sched_version) ||
++	    ((pipe == AMDGPU_MES_KIQ_PIPE) && !adev->mes.kiq_version)) {
++		/* get MES scheduler/KIQ versions */
++		mutex_lock(&adev->srbm_mutex);
++		soc21_grbm_select(adev, 3, pipe, 0, 0);
+ 
+-	if (pipe == AMDGPU_MES_SCHED_PIPE)
+-		adev->mes.sched_version = RREG32_SOC15(GC, 0, regCP_MES_GP3_LO);
+-	else if (pipe == AMDGPU_MES_KIQ_PIPE && adev->enable_mes_kiq)
+-		adev->mes.kiq_version = RREG32_SOC15(GC, 0, regCP_MES_GP3_LO);
++		if (pipe == AMDGPU_MES_SCHED_PIPE)
++			adev->mes.sched_version = RREG32_SOC15(GC, 0, regCP_MES_GP3_LO);
++		else if (pipe == AMDGPU_MES_KIQ_PIPE && adev->enable_mes_kiq)
++			adev->mes.kiq_version = RREG32_SOC15(GC, 0, regCP_MES_GP3_LO);
+ 
+-	soc21_grbm_select(adev, 0, 0, 0, 0);
+-	mutex_unlock(&adev->srbm_mutex);
++		soc21_grbm_select(adev, 0, 0, 0, 0);
++		mutex_unlock(&adev->srbm_mutex);
++	}
+ 
+ 	return 0;
+ }

debian/patches/patchset-pf/fixes/0011-exec-fix-the-racy-usage-of-fs_struct-in_exec.patch

@@ -1,84 +0,0 @@
-From 9741b8592433f51ed477c9dba6d304562aa7de18 Mon Sep 17 00:00:00 2001
-From: Oleg Nesterov <oleg@redhat.com>
-Date: Mon, 24 Mar 2025 17:00:03 +0100
-Subject: exec: fix the racy usage of fs_struct->in_exec
-
-check_unsafe_exec() sets fs->in_exec under cred_guard_mutex, then execve()
-paths clear fs->in_exec lockless. This is fine if exec succeeds, but if it
-fails we have the following race:
-
-	T1 sets fs->in_exec = 1, fails, drops cred_guard_mutex
-
-	T2 sets fs->in_exec = 1
-
-	T1 clears fs->in_exec
-
-	T2 continues with fs->in_exec == 0
-
-Change fs/exec.c to clear fs->in_exec with cred_guard_mutex held.
-
-Reported-by: syzbot+1c486d0b62032c82a968@syzkaller.appspotmail.com
-Closes: https://lore.kernel.org/all/67dc67f0.050a0220.25ae54.001f.GAE@google.com/
-Cc: stable@vger.kernel.org
-Signed-off-by: Oleg Nesterov <oleg@redhat.com>
-Link: https://lore.kernel.org/r/20250324160003.GA8878@redhat.com
-Signed-off-by: Christian Brauner <brauner@kernel.org>
----
- fs/exec.c | 15 +++++++++------
- 1 file changed, 9 insertions(+), 6 deletions(-)
-
---- a/fs/exec.c
-+++ b/fs/exec.c
-@@ -1229,13 +1229,12 @@ int begin_new_exec(struct linux_binprm *
- 	 */
- 	bprm->point_of_no_return = true;
- 
--	/*
--	 * Make this the only thread in the thread group.
--	 */
-+	/* Make this the only thread in the thread group */
- 	retval = de_thread(me);
- 	if (retval)
- 		goto out;
--
-+	/* see the comment in check_unsafe_exec() */
-+	current->fs->in_exec = 0;
- 	/*
- 	 * Cancel any io_uring activity across execve
- 	 */
-@@ -1497,6 +1496,8 @@ static void free_bprm(struct linux_binpr
- 	}
- 	free_arg_pages(bprm);
- 	if (bprm->cred) {
-+		/* in case exec fails before de_thread() succeeds */
-+		current->fs->in_exec = 0;
- 		mutex_unlock(&current->signal->cred_guard_mutex);
- 		abort_creds(bprm->cred);
- 	}
-@@ -1618,6 +1619,10 @@ static void check_unsafe_exec(struct lin
- 	 * suid exec because the differently privileged task
- 	 * will be able to manipulate the current directory, etc.
- 	 * It would be nice to force an unshare instead...
-+	 *
-+	 * Otherwise we set fs->in_exec = 1 to deny clone(CLONE_FS)
-+	 * from another sub-thread until de_thread() succeeds, this
-+	 * state is protected by cred_guard_mutex we hold.
- 	 */
- 	n_fs = 1;
- 	spin_lock(&p->fs->lock);
-@@ -1862,7 +1867,6 @@ static int bprm_execve(struct linux_binp
- 
- 	sched_mm_cid_after_execve(current);
- 	/* execve succeeded */
--	current->fs->in_exec = 0;
- 	current->in_execve = 0;
- 	rseq_execve(current);
- 	user_events_execve(current);
-@@ -1881,7 +1885,6 @@ out:
- 		force_fatal_sig(SIGSEGV);
- 
- 	sched_mm_cid_after_execve(current);
--	current->fs->in_exec = 0;
- 	current->in_execve = 0;
- 
- 	return retval;

debian/patches/patchset-pf/nfs/0001-nfsd-fix-management-of-listener-transports.patch

@@ -1,128 +0,0 @@
-From ae5d3e4f701948dd6241451d41d9dfa0f0f703cd Mon Sep 17 00:00:00 2001
-From: Olga Kornievskaia <okorniev@redhat.com>
-Date: Fri, 17 Jan 2025 11:32:58 -0500
-Subject: nfsd: fix management of listener transports
-
-Currently, when no active threads are running, a root user using nfsdctl
-command can try to remove a particular listener from the list of previously
-added ones, then start the server by increasing the number of threads,
-it leads to the following problem:
-
-[  158.835354] refcount_t: addition on 0; use-after-free.
-[  158.835603] WARNING: CPU: 2 PID: 9145 at lib/refcount.c:25 refcount_warn_saturate+0x160/0x1a0
-[  158.836017] Modules linked in: rpcrdma rdma_cm iw_cm ib_cm ib_core nfsd auth_rpcgss nfs_acl lockd grace overlay isofs uinput snd_seq_dummy snd_hrtimer nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill ip_set nf_tables qrtr sunrpc vfat fat uvcvideo videobuf2_vmalloc videobuf2_memops uvc videobuf2_v4l2 videodev videobuf2_common snd_hda_codec_generic mc e1000e snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm snd_timer snd soundcore sg loop dm_multipath dm_mod nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vmw_vmci vsock xfs libcrc32c crct10dif_ce ghash_ce vmwgfx sha2_ce sha256_arm64 sr_mod sha1_ce cdrom nvme drm_client_lib drm_ttm_helper ttm nvme_core drm_kms_helper nvme_auth drm fuse
-[  158.840093] CPU: 2 UID: 0 PID: 9145 Comm: nfsd Kdump: loaded Tainted: G    B   W          6.13.0-rc6+ #7
-[  158.840624] Tainted: [B]=BAD_PAGE, [W]=WARN
-[  158.840802] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS VMW201.00V.24006586.BA64.2406042154 06/04/2024
-[  158.841220] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
-[  158.841563] pc : refcount_warn_saturate+0x160/0x1a0
-[  158.841780] lr : refcount_warn_saturate+0x160/0x1a0
-[  158.842000] sp : ffff800089be7d80
-[  158.842147] x29: ffff800089be7d80 x28: ffff00008e68c148 x27: ffff00008e68c148
-[  158.842492] x26: ffff0002e3b5c000 x25: ffff600011cd1829 x24: ffff00008653c010
-[  158.842832] x23: ffff00008653c000 x22: 1fffe00011cd1829 x21: ffff00008653c028
-[  158.843175] x20: 0000000000000002 x19: ffff00008653c010 x18: 0000000000000000
-[  158.843505] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
-[  158.843836] x14: 0000000000000000 x13: 0000000000000001 x12: ffff600050a26493
-[  158.844143] x11: 1fffe00050a26492 x10: ffff600050a26492 x9 : dfff800000000000
-[  158.844475] x8 : 00009fffaf5d9b6e x7 : ffff000285132493 x6 : 0000000000000001
-[  158.844823] x5 : ffff000285132490 x4 : ffff600050a26493 x3 : ffff8000805e72bc
-[  158.845174] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000098588000
-[  158.845528] Call trace:
-[  158.845658]  refcount_warn_saturate+0x160/0x1a0 (P)
-[  158.845894]  svc_recv+0x58c/0x680 [sunrpc]
-[  158.846183]  nfsd+0x1fc/0x348 [nfsd]
-[  158.846390]  kthread+0x274/0x2f8
-[  158.846546]  ret_from_fork+0x10/0x20
-[  158.846714] ---[ end trace 0000000000000000 ]---
-
-nfsd_nl_listener_set_doit() would manipulate the list of transports of
-server's sv_permsocks and close the specified listener but the other
-list of transports (server's sp_xprts list) would not be changed leading
-to the problem above.
-
-Instead, determined if the nfsdctl is trying to remove a listener, in
-which case, delete all the existing listener transports and re-create
-all-but-the-removed ones.
-
-Fixes: 16a471177496 ("NFSD: add listener-{set,get} netlink command")
-Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
-Reviewed-by: Jeff Layton <jlayton@kernel.org>
-Cc: stable@vger.kernel.org
-Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
----
- fs/nfsd/nfsctl.c | 44 +++++++++++++++++++++-----------------------
- 1 file changed, 21 insertions(+), 23 deletions(-)
-
---- a/fs/nfsd/nfsctl.c
-+++ b/fs/nfsd/nfsctl.c
-@@ -1917,6 +1917,7 @@ int nfsd_nl_listener_set_doit(struct sk_
- 	struct svc_serv *serv;
- 	LIST_HEAD(permsocks);
- 	struct nfsd_net *nn;
-+	bool delete = false;
- 	int err, rem;
- 
- 	mutex_lock(&nfsd_mutex);
-@@ -1977,34 +1978,28 @@ int nfsd_nl_listener_set_doit(struct sk_
- 		}
- 	}
- 
--	/* For now, no removing old sockets while server is running */
--	if (serv->sv_nrthreads && !list_empty(&permsocks)) {
-+	/*
-+	 * If there are listener transports remaining on the permsocks list,
-+	 * it means we were asked to remove a listener.
-+	 */
-+	if (!list_empty(&permsocks)) {
- 		list_splice_init(&permsocks, &serv->sv_permsocks);
--		spin_unlock_bh(&serv->sv_lock);
--		err = -EBUSY;
--		goto out_unlock_mtx;
-+		delete = true;
- 	}
-+	spin_unlock_bh(&serv->sv_lock);
- 
--	/* Close the remaining sockets on the permsocks list */
--	while (!list_empty(&permsocks)) {
--		xprt = list_first_entry(&permsocks, struct svc_xprt, xpt_list);
--		list_move(&xprt->xpt_list, &serv->sv_permsocks);
--
--		/*
--		 * Newly-created sockets are born with the BUSY bit set. Clear
--		 * it if there are no threads, since nothing can pick it up
--		 * in that case.
--		 */
--		if (!serv->sv_nrthreads)
--			clear_bit(XPT_BUSY, &xprt->xpt_flags);
--
--		set_bit(XPT_CLOSE, &xprt->xpt_flags);
--		spin_unlock_bh(&serv->sv_lock);
--		svc_xprt_close(xprt);
--		spin_lock_bh(&serv->sv_lock);
-+	/* Do not remove listeners while there are active threads. */
-+	if (serv->sv_nrthreads) {
-+		err = -EBUSY;
-+		goto out_unlock_mtx;
- 	}
- 
--	spin_unlock_bh(&serv->sv_lock);
-+	/*
-+	 * Since we can't delete an arbitrary llist entry, destroy the
-+	 * remaining listeners and recreate the list.
-+	 */
-+	if (delete)
-+		svc_xprt_destroy_all(serv, net);
- 
- 	/* walk list of addrs again, open any that still don't exist */
- 	nlmsg_for_each_attr(attr, info->nlhdr, GENL_HDRLEN, rem) {
-@@ -2031,6 +2026,9 @@ int nfsd_nl_listener_set_doit(struct sk_
- 
- 		xprt = svc_find_listener(serv, xcl_name, net, sa);
- 		if (xprt) {
-+			if (delete)
-+				WARN_ONCE(1, "Transport type=%s already exists\n",
-+					  xcl_name);
- 			svc_xprt_put(xprt);
- 			continue;
- 		}

debian/patches/patchset-pf/nfs/0002-NFSD-Skip-sending-CB_RECALL_ANY-when-the-backchannel.patch

@@ -1,55 +0,0 @@
-From 71e2b1f41ebbead746c5b99384ebb9fb7c73a079 Mon Sep 17 00:00:00 2001
-From: Chuck Lever <chuck.lever@oracle.com>
-Date: Tue, 14 Jan 2025 17:09:24 -0500
-Subject: NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up
-
-NFSD sends CB_RECALL_ANY to clients when the server is low on
-memory or that client has a large number of delegations outstanding.
-
-We've seen cases where NFSD attempts to send CB_RECALL_ANY requests
-to disconnected clients, and gets confused. These calls never go
-anywhere if a backchannel transport to the target client isn't
-available. Before the server can send any backchannel operation, the
-client has to connect first and then do a BIND_CONN_TO_SESSION.
-
-This patch doesn't address the root cause of the confusion, but
-there's no need to queue up these optional operations if they can't
-go anywhere.
-
-Fixes: 44df6f439a17 ("NFSD: add delegation reaper to react to low memory condition")
-Reviewed-by: Jeff Layton <jlayton@kernel.org>
-Cc: stable@vger.kernel.org
-Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
----
- fs/nfsd/nfs4state.c | 19 ++++++++++++-------
- 1 file changed, 12 insertions(+), 7 deletions(-)
-
---- a/fs/nfsd/nfs4state.c
-+++ b/fs/nfsd/nfs4state.c
-@@ -6860,14 +6860,19 @@ deleg_reaper(struct nfsd_net *nn)
- 	spin_lock(&nn->client_lock);
- 	list_for_each_safe(pos, next, &nn->client_lru) {
- 		clp = list_entry(pos, struct nfs4_client, cl_lru);
--		if (clp->cl_state != NFSD4_ACTIVE ||
--			list_empty(&clp->cl_delegations) ||
--			atomic_read(&clp->cl_delegs_in_recall) ||
--			test_bit(NFSD4_CLIENT_CB_RECALL_ANY, &clp->cl_flags) ||
--			(ktime_get_boottime_seconds() -
--				clp->cl_ra_time < 5)) {
-+
-+		if (clp->cl_state != NFSD4_ACTIVE)
-+			continue;
-+		if (list_empty(&clp->cl_delegations))
-+			continue;
-+		if (atomic_read(&clp->cl_delegs_in_recall))
-+			continue;
-+		if (test_bit(NFSD4_CLIENT_CB_RECALL_ANY, &clp->cl_flags))
-+			continue;
-+		if (ktime_get_boottime_seconds() - clp->cl_ra_time < 5)
-+			continue;
-+		if (clp->cl_cb_state != NFSD4_CB_UP)
- 			continue;
--		}
- 		list_add(&clp->cl_ra_cblist, &cblist);
- 
- 		/* release in nfsd4_cb_recall_any_release */

debian/patches/patchset-pf/nfs/0003-NFSD-nfsd_unlink-clobbers-non-zero-status-returned-f.patch

@@ -1,35 +0,0 @@
-From e9976f5c50b6513c156c4f5a1d9fde96efb50d29 Mon Sep 17 00:00:00 2001
-From: Chuck Lever <chuck.lever@oracle.com>
-Date: Sun, 26 Jan 2025 16:50:17 -0500
-Subject: NFSD: nfsd_unlink() clobbers non-zero status returned from
- fh_fill_pre_attrs()
-
-If fh_fill_pre_attrs() returns a non-zero status, the error flow
-takes it through out_unlock, which then overwrites the returned
-status code with
-
-	err = nfserrno(host_err);
-
-Fixes: a332018a91c4 ("nfsd: handle failure to collect pre/post-op attrs more sanely")
-Reviewed-by: Jeff Layton <jlayton@kernel.org>
-Cc: stable@vger.kernel.org
-Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
----
- fs/nfsd/vfs.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
---- a/fs/nfsd/vfs.c
-+++ b/fs/nfsd/vfs.c
-@@ -2011,11 +2011,9 @@ out_nfserr:
- 		 * error status.
- 		 */
- 		err = nfserr_file_open;
--	} else {
--		err = nfserrno(host_err);
- 	}
- out:
--	return err;
-+	return err != nfs_ok ? err : nfserrno(host_err);
- out_unlock:
- 	inode_unlock(dirp);
- 	goto out_drop_write;

debian/patches/patchset-pf/nfs/0004-NFSD-Never-return-NFS4ERR_FILE_OPEN-when-removing-a-.patch

@@ -1,68 +0,0 @@
-From c6e51270335aa72d7f255051119792629ed2ad2d Mon Sep 17 00:00:00 2001
-From: Chuck Lever <chuck.lever@oracle.com>
-Date: Sun, 26 Jan 2025 16:50:18 -0500
-Subject: NFSD: Never return NFS4ERR_FILE_OPEN when removing a directory
-
-RFC 8881 Section 18.25.4 paragraph 5 tells us that the server
-should return NFS4ERR_FILE_OPEN only if the target object is an
-opened file. This suggests that returning this status when removing
-a directory will confuse NFS clients.
-
-This is a version-specific issue; nfsd_proc_remove/rmdir() and
-nfsd3_proc_remove/rmdir() already return nfserr_access as
-appropriate.
-
-Unfortunately there is no quick way for nfsd4_remove() to determine
-whether the target object is a file or not, so the check is done in
-in nfsd_unlink() for now.
-
-Reported-by: Trond Myklebust <trondmy@hammerspace.com>
-Fixes: 466e16f0920f ("nfsd: check for EBUSY from vfs_rmdir/vfs_unink.")
-Reviewed-by: Jeff Layton <jlayton@kernel.org>
-Cc: stable@vger.kernel.org
-Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
----
- fs/nfsd/vfs.c | 24 ++++++++++++++++++------
- 1 file changed, 18 insertions(+), 6 deletions(-)
-
---- a/fs/nfsd/vfs.c
-+++ b/fs/nfsd/vfs.c
-@@ -1931,9 +1931,17 @@ out:
- 	return err;
- }
- 
--/*
-- * Unlink a file or directory
-- * N.B. After this call fhp needs an fh_put
-+/**
-+ * nfsd_unlink - remove a directory entry
-+ * @rqstp: RPC transaction context
-+ * @fhp: the file handle of the parent directory to be modified
-+ * @type: enforced file type of the object to be removed
-+ * @fname: the name of directory entry to be removed
-+ * @flen: length of @fname in octets
-+ *
-+ * After this call fhp needs an fh_put.
-+ *
-+ * Returns a generic NFS status code in network byte-order.
-  */
- __be32
- nfsd_unlink(struct svc_rqst *rqstp, struct svc_fh *fhp, int type,
-@@ -2007,10 +2015,14 @@ out_drop_write:
- 	fh_drop_write(fhp);
- out_nfserr:
- 	if (host_err == -EBUSY) {
--		/* name is mounted-on. There is no perfect
--		 * error status.
-+		/*
-+		 * See RFC 8881 Section 18.25.4 para 4: NFSv4 REMOVE
-+		 * wants a status unique to the object type.
- 		 */
--		err = nfserr_file_open;
-+		if (type != S_IFDIR)
-+			err = nfserr_file_open;
-+		else
-+			err = nfserr_acces;
- 	}
- out:
- 	return err != nfs_ok ? err : nfserrno(host_err);

debian/patches/patchset-pf/nfs/0005-nfsd-don-t-ignore-the-return-code-of-svc_proc_regist.patch

@@ -1,88 +0,0 @@
-From be9eb38c29f63437120c1b4c5d1e7df98851e05e Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@kernel.org>
-Date: Thu, 6 Feb 2025 13:12:13 -0500
-Subject: nfsd: don't ignore the return code of svc_proc_register()
-
-Currently, nfsd_proc_stat_init() ignores the return value of
-svc_proc_register(). If the procfile creation fails, then the kernel
-will WARN when it tries to remove the entry later.
-
-Fix nfsd_proc_stat_init() to return the same type of pointer as
-svc_proc_register(), and fix up nfsd_net_init() to check that and fail
-the nfsd_net construction if it occurs.
-
-svc_proc_register() can fail if the dentry can't be allocated, or if an
-identical dentry already exists. The second case is pretty unlikely in
-the nfsd_net construction codepath, so if this happens, return -ENOMEM.
-
-Reported-by: syzbot+e34ad04f27991521104c@syzkaller.appspotmail.com
-Closes: https://lore.kernel.org/linux-nfs/67a47501.050a0220.19061f.05f9.GAE@google.com/
-Cc: stable@vger.kernel.org # v6.9
-Signed-off-by: Jeff Layton <jlayton@kernel.org>
-Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
----
- fs/nfsd/nfsctl.c | 9 ++++++++-
- fs/nfsd/stats.c  | 4 ++--
- fs/nfsd/stats.h  | 2 +-
- 3 files changed, 11 insertions(+), 4 deletions(-)
-
---- a/fs/nfsd/nfsctl.c
-+++ b/fs/nfsd/nfsctl.c
-@@ -2202,8 +2202,14 @@ static __net_init int nfsd_net_init(stru
- 					  NFSD_STATS_COUNTERS_NUM);
- 	if (retval)
- 		goto out_repcache_error;
-+
- 	memset(&nn->nfsd_svcstats, 0, sizeof(nn->nfsd_svcstats));
- 	nn->nfsd_svcstats.program = &nfsd_programs[0];
-+	if (!nfsd_proc_stat_init(net)) {
-+		retval = -ENOMEM;
-+		goto out_proc_error;
-+	}
-+
- 	for (i = 0; i < sizeof(nn->nfsd_versions); i++)
- 		nn->nfsd_versions[i] = nfsd_support_version(i);
- 	for (i = 0; i < sizeof(nn->nfsd4_minorversions); i++)
-@@ -2213,13 +2219,14 @@ static __net_init int nfsd_net_init(stru
- 	nfsd4_init_leases_net(nn);
- 	get_random_bytes(&nn->siphash_key, sizeof(nn->siphash_key));
- 	seqlock_init(&nn->writeverf_lock);
--	nfsd_proc_stat_init(net);
- #if IS_ENABLED(CONFIG_NFS_LOCALIO)
- 	spin_lock_init(&nn->local_clients_lock);
- 	INIT_LIST_HEAD(&nn->local_clients);
- #endif
- 	return 0;
- 
-+out_proc_error:
-+	percpu_counter_destroy_many(nn->counter, NFSD_STATS_COUNTERS_NUM);
- out_repcache_error:
- 	nfsd_idmap_shutdown(net);
- out_idmap_error:
---- a/fs/nfsd/stats.c
-+++ b/fs/nfsd/stats.c
-@@ -73,11 +73,11 @@ static int nfsd_show(struct seq_file *se
- 
- DEFINE_PROC_SHOW_ATTRIBUTE(nfsd);
- 
--void nfsd_proc_stat_init(struct net *net)
-+struct proc_dir_entry *nfsd_proc_stat_init(struct net *net)
- {
- 	struct nfsd_net *nn = net_generic(net, nfsd_net_id);
- 
--	svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops);
-+	return svc_proc_register(net, &nn->nfsd_svcstats, &nfsd_proc_ops);
- }
- 
- void nfsd_proc_stat_shutdown(struct net *net)
---- a/fs/nfsd/stats.h
-+++ b/fs/nfsd/stats.h
-@@ -10,7 +10,7 @@
- #include <uapi/linux/nfsd/stats.h>
- #include <linux/percpu_counter.h>
- 
--void nfsd_proc_stat_init(struct net *net);
-+struct proc_dir_entry *nfsd_proc_stat_init(struct net *net);
- void nfsd_proc_stat_shutdown(struct net *net);
- 
- static inline void nfsd_stats_rc_hits_inc(struct nfsd_net *nn)

debian/patches/patchset-pf/nfs/0006-nfsd-allow-SC_STATUS_FREEABLE-when-searching-via-nfs.patch

@@ -1,54 +0,0 @@
-From 8ae7239f6e86e8eaf9b2d95164b9d88b0af1c9c7 Mon Sep 17 00:00:00 2001
-From: Jeff Layton <jlayton@kernel.org>
-Date: Thu, 13 Feb 2025 09:08:29 -0500
-Subject: nfsd: allow SC_STATUS_FREEABLE when searching via
- nfs4_lookup_stateid()
-
-The pynfs DELEG8 test fails when run against nfsd. It acquires a
-delegation and then lets the lease time out. It then tries to use the
-deleg stateid and expects to see NFS4ERR_DELEG_REVOKED, but it gets
-bad NFS4ERR_BAD_STATEID instead.
-
-When a delegation is revoked, it's initially marked with
-SC_STATUS_REVOKED, or SC_STATUS_ADMIN_REVOKED and later, it's marked
-with the SC_STATUS_FREEABLE flag, which denotes that it is waiting for
-s FREE_STATEID call.
-
-nfs4_lookup_stateid() accepts a statusmask that includes the status
-flags that a found stateid is allowed to have. Currently, that mask
-never includes SC_STATUS_FREEABLE, which means that revoked delegations
-are (almost) never found.
-
-Add SC_STATUS_FREEABLE to the always-allowed status flags, and remove it
-from nfsd4_delegreturn() since it's now always implied.
-
-Fixes: 8dd91e8d31fe ("nfsd: fix race between laundromat and free_stateid")
-Cc: stable@vger.kernel.org
-Signed-off-by: Jeff Layton <jlayton@kernel.org>
-Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
----
- fs/nfsd/nfs4state.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
---- a/fs/nfsd/nfs4state.c
-+++ b/fs/nfsd/nfs4state.c
-@@ -7056,7 +7056,7 @@ nfsd4_lookup_stateid(struct nfsd4_compou
- 		 */
- 		statusmask |= SC_STATUS_REVOKED;
- 
--	statusmask |= SC_STATUS_ADMIN_REVOKED;
-+	statusmask |= SC_STATUS_ADMIN_REVOKED | SC_STATUS_FREEABLE;
- 
- 	if (ZERO_STATEID(stateid) || ONE_STATEID(stateid) ||
- 		CLOSE_STATEID(stateid))
-@@ -7711,9 +7711,7 @@ nfsd4_delegreturn(struct svc_rqst *rqstp
- 	if ((status = fh_verify(rqstp, &cstate->current_fh, S_IFREG, 0)))
- 		return status;
- 
--	status = nfsd4_lookup_stateid(cstate, stateid, SC_TYPE_DELEG,
--				      SC_STATUS_REVOKED | SC_STATUS_FREEABLE,
--				      &s, nn);
-+	status = nfsd4_lookup_stateid(cstate, stateid, SC_TYPE_DELEG, SC_STATUS_REVOKED, &s, nn);
- 	if (status)
- 		goto out;
- 	dp = delegstateid(s);

debian/patches/patchset-pf/nfs/0007-nfsd-put-dl_stid-if-fail-to-queue-dl_recall.patch

@@ -1,97 +0,0 @@
-From e5747c32073db3e624d454b80c94f5cb9b362370 Mon Sep 17 00:00:00 2001
-From: Li Lingfeng <lilingfeng3@huawei.com>
-Date: Thu, 13 Feb 2025 22:42:20 +0800
-Subject: nfsd: put dl_stid if fail to queue dl_recall
-
-Before calling nfsd4_run_cb to queue dl_recall to the callback_wq, we
-increment the reference count of dl_stid.
-We expect that after the corresponding work_struct is processed, the
-reference count of dl_stid will be decremented through the callback
-function nfsd4_cb_recall_release.
-However, if the call to nfsd4_run_cb fails, the incremented reference
-count of dl_stid will not be decremented correspondingly, leading to the
-following nfs4_stid leak:
-unreferenced object 0xffff88812067b578 (size 344):
-  comm "nfsd", pid 2761, jiffies 4295044002 (age 5541.241s)
-  hex dump (first 32 bytes):
-    01 00 00 00 6b 6b 6b 6b b8 02 c0 e2 81 88 ff ff  ....kkkk........
-    00 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 ad 4e ad de  .kkkkkkk.....N..
-  backtrace:
-    kmem_cache_alloc+0x4b9/0x700
-    nfsd4_process_open1+0x34/0x300
-    nfsd4_open+0x2d1/0x9d0
-    nfsd4_proc_compound+0x7a2/0xe30
-    nfsd_dispatch+0x241/0x3e0
-    svc_process_common+0x5d3/0xcc0
-    svc_process+0x2a3/0x320
-    nfsd+0x180/0x2e0
-    kthread+0x199/0x1d0
-    ret_from_fork+0x30/0x50
-    ret_from_fork_asm+0x1b/0x30
-unreferenced object 0xffff8881499f4d28 (size 368):
-  comm "nfsd", pid 2761, jiffies 4295044005 (age 5541.239s)
-  hex dump (first 32 bytes):
-    01 00 00 00 00 00 00 00 30 4d 9f 49 81 88 ff ff  ........0M.I....
-    30 4d 9f 49 81 88 ff ff 20 00 00 00 01 00 00 00  0M.I.... .......
-  backtrace:
-    kmem_cache_alloc+0x4b9/0x700
-    nfs4_alloc_stid+0x29/0x210
-    alloc_init_deleg+0x92/0x2e0
-    nfs4_set_delegation+0x284/0xc00
-    nfs4_open_delegation+0x216/0x3f0
-    nfsd4_process_open2+0x2b3/0xee0
-    nfsd4_open+0x770/0x9d0
-    nfsd4_proc_compound+0x7a2/0xe30
-    nfsd_dispatch+0x241/0x3e0
-    svc_process_common+0x5d3/0xcc0
-    svc_process+0x2a3/0x320
-    nfsd+0x180/0x2e0
-    kthread+0x199/0x1d0
-    ret_from_fork+0x30/0x50
-    ret_from_fork_asm+0x1b/0x30
-Fix it by checking the result of nfsd4_run_cb and call nfs4_put_stid if
-fail to queue dl_recall.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Li Lingfeng <lilingfeng3@huawei.com>
-Reviewed-by: Jeff Layton <jlayton@kernel.org>
-Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
----
- fs/nfsd/nfs4state.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
---- a/fs/nfsd/nfs4state.c
-+++ b/fs/nfsd/nfs4state.c
-@@ -1050,6 +1050,12 @@ static struct nfs4_ol_stateid * nfs4_all
- 	return openlockstateid(stid);
- }
- 
-+/*
-+ * As the sc_free callback of deleg, this may be called by nfs4_put_stid
-+ * in nfsd_break_one_deleg.
-+ * Considering nfsd_break_one_deleg is called with the flc->flc_lock held,
-+ * this function mustn't ever sleep.
-+ */
- static void nfs4_free_deleg(struct nfs4_stid *stid)
- {
- 	struct nfs4_delegation *dp = delegstateid(stid);
-@@ -5414,6 +5420,7 @@ static const struct nfsd4_callback_ops n
- 
- static void nfsd_break_one_deleg(struct nfs4_delegation *dp)
- {
-+	bool queued;
- 	/*
- 	 * We're assuming the state code never drops its reference
- 	 * without first removing the lease.  Since we're in this lease
-@@ -5422,7 +5429,10 @@ static void nfsd_break_one_deleg(struct
- 	 * we know it's safe to take a reference.
- 	 */
- 	refcount_inc(&dp->dl_stid.sc_count);
--	WARN_ON_ONCE(!nfsd4_run_cb(&dp->dl_recall));
-+	queued = nfsd4_run_cb(&dp->dl_recall);
-+	WARN_ON_ONCE(!queued);
-+	if (!queued)
-+		nfs4_put_stid(&dp->dl_stid);
- }
- 
- /* Called from break_lease() with flc_lock held. */

debian/patches/patchset-pf/nfs/0008-NFSD-Add-a-Kconfig-setting-to-enable-delegated-times.patch

@@ -1,74 +0,0 @@
-From 26d356ebfcd275f01c22349404676755dd36a4c4 Mon Sep 17 00:00:00 2001
-From: Chuck Lever <chuck.lever@oracle.com>
-Date: Tue, 11 Mar 2025 23:06:38 -0400
-Subject: NFSD: Add a Kconfig setting to enable delegated timestamps
-
-After three tries, we still see test failures with delegated
-timestamps. Disable them by default, but leave the implementation
-intact so that development can continue.
-
-Cc: stable@vger.kernel.org # v6.14
-Reviewed-by: Jeff Layton <jlayton@kernel.org>
-Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
----
- fs/nfsd/Kconfig     | 12 +++++++++++-
- fs/nfsd/nfs4state.c | 16 ++++++++++++++--
- 2 files changed, 25 insertions(+), 3 deletions(-)
-
---- a/fs/nfsd/Kconfig
-+++ b/fs/nfsd/Kconfig
-@@ -172,6 +172,16 @@ config NFSD_LEGACY_CLIENT_TRACKING
- 	  recoverydir, or spawn a process directly using a usermodehelper
- 	  upcall.
- 
--	  These legacy client tracking methods have proven to be probelmatic
-+	  These legacy client tracking methods have proven to be problematic
- 	  and will be removed in the future. Say Y here if you need support
- 	  for them in the interim.
-+
-+config NFSD_V4_DELEG_TIMESTAMPS
-+	bool "Support delegated timestamps"
-+	depends on NFSD_V4
-+	default n
-+	help
-+	  NFSD implements delegated timestamps according to
-+	  draft-ietf-nfsv4-delstid-08 "Extending the Opening of Files". This
-+	  is currently an experimental feature and is therefore left disabled
-+	  by default.
---- a/fs/nfsd/nfs4state.c
-+++ b/fs/nfsd/nfs4state.c
-@@ -5958,11 +5958,23 @@ nfsd4_verify_setuid_write(struct nfsd4_o
- 	return 0;
- }
- 
-+#ifdef CONFIG_NFSD_V4_DELEG_TIMESTAMPS
-+static bool nfsd4_want_deleg_timestamps(const struct nfsd4_open *open)
-+{
-+	return open->op_deleg_want & OPEN4_SHARE_ACCESS_WANT_DELEG_TIMESTAMPS;
-+}
-+#else /* CONFIG_NFSD_V4_DELEG_TIMESTAMPS */
-+static bool nfsd4_want_deleg_timestamps(const struct nfsd4_open *open)
-+{
-+	return false;
-+}
-+#endif /* CONFIG NFSD_V4_DELEG_TIMESTAMPS */
-+
- static struct nfs4_delegation *
- nfs4_set_delegation(struct nfsd4_open *open, struct nfs4_ol_stateid *stp,
- 		    struct svc_fh *parent)
- {
--	bool deleg_ts = open->op_deleg_want & OPEN4_SHARE_ACCESS_WANT_DELEG_TIMESTAMPS;
-+	bool deleg_ts = nfsd4_want_deleg_timestamps(open);
- 	struct nfs4_client *clp = stp->st_stid.sc_client;
- 	struct nfs4_file *fp = stp->st_stid.sc_file;
- 	struct nfs4_clnt_odstate *odstate = stp->st_clnt_odstate;
-@@ -6161,8 +6173,8 @@ static void
- nfs4_open_delegation(struct nfsd4_open *open, struct nfs4_ol_stateid *stp,
- 		     struct svc_fh *currentfh)
- {
--	bool deleg_ts = open->op_deleg_want & OPEN4_SHARE_ACCESS_WANT_DELEG_TIMESTAMPS;
- 	struct nfs4_openowner *oo = openowner(stp->st_stateowner);
-+	bool deleg_ts = nfsd4_want_deleg_timestamps(open);
- 	struct nfs4_client *clp = stp->st_stid.sc_client;
- 	struct svc_fh *parent = NULL;
- 	struct nfs4_delegation *dp;

debian/patches/patchset-pf/smb/0001-cifs-avoid-NULL-pointer-dereference-in-dbg-call.patch

@@ -1,4 +1,4 @@
-From c1a019d5fef8266e444159bc2bdaf9a5c9c7ef76 Mon Sep 17 00:00:00 2001
+From c78ab32399be35eed11e986293804eab75bfbe21 Mon Sep 17 00:00:00 2001
 From: Alexandra Diupina <adiupina@astralinux.ru>
 Date: Wed, 19 Mar 2025 17:28:58 +0300
 Subject: cifs: avoid NULL pointer dereference in dbg call

debian/patches/patchset-pf/smb/0002-CIFS-Propagate-min-offload-along-with-other-paramete.patch

@@ -1,4 +1,4 @@
-From 419b06f0ca7662c17a026ab0117ba9887dbd0477 Mon Sep 17 00:00:00 2001
+From 53f2beb3fafc1395f502390f04ad876a0dd2102d Mon Sep 17 00:00:00 2001
 From: Aman <aman1@microsoft.com>
 Date: Thu, 6 Mar 2025 17:46:43 +0000
 Subject: CIFS: Propagate min offload along with other parameters from primary
@@ -33,7 +33,7 @@ Signed-off-by: Steve French <stfrench@microsoft.com>
 
 --- a/fs/smb/client/connect.c
 +++ b/fs/smb/client/connect.c
-@@ -1676,6 +1676,7 @@ cifs_get_tcp_session(struct smb3_fs_cont
+@@ -1677,6 +1677,7 @@ cifs_get_tcp_session(struct smb3_fs_cont
  	/* Grab netns reference for this server. */
  	cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));
  

debian/patches/patchset-pf/smb/0002-ksmbd-add-bounds-check-for-durable-handle-context.patch

@@ -1,60 +0,0 @@
-From 750b72183e7f3d9dc775540cee41c0c06d2c1da4 Mon Sep 17 00:00:00 2001
-From: Namjae Jeon <linkinjeon@kernel.org>
-Date: Fri, 14 Mar 2025 18:21:47 +0900
-Subject: ksmbd: add bounds check for durable handle context
-
-Add missing bounds check for durable handle context.
-
-Cc: stable@vger.kernel.org
-Reported-by: Norbert Szetei <norbert@doyensec.com>
-Tested-by: Norbert Szetei <norbert@doyensec.com>
-Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/server/smb2pdu.c | 21 +++++++++++++++++++++
- 1 file changed, 21 insertions(+)
-
---- a/fs/smb/server/smb2pdu.c
-+++ b/fs/smb/server/smb2pdu.c
-@@ -2708,6 +2708,13 @@ static int parse_durable_handle_context(
- 				goto out;
- 			}
- 
-+			if (le16_to_cpu(context->DataOffset) +
-+				le32_to_cpu(context->DataLength) <
-+			    sizeof(struct create_durable_reconn_v2_req)) {
-+				err = -EINVAL;
-+				goto out;
-+			}
-+
- 			recon_v2 = (struct create_durable_reconn_v2_req *)context;
- 			persistent_id = recon_v2->Fid.PersistentFileId;
- 			dh_info->fp = ksmbd_lookup_durable_fd(persistent_id);
-@@ -2741,6 +2748,13 @@ static int parse_durable_handle_context(
- 				goto out;
- 			}
- 
-+			if (le16_to_cpu(context->DataOffset) +
-+				le32_to_cpu(context->DataLength) <
-+			    sizeof(struct create_durable_reconn_req)) {
-+				err = -EINVAL;
-+				goto out;
-+			}
-+
- 			recon = (struct create_durable_reconn_req *)context;
- 			persistent_id = recon->Data.Fid.PersistentFileId;
- 			dh_info->fp = ksmbd_lookup_durable_fd(persistent_id);
-@@ -2765,6 +2779,13 @@ static int parse_durable_handle_context(
- 				err = -EINVAL;
- 				goto out;
- 			}
-+
-+			if (le16_to_cpu(context->DataOffset) +
-+				le32_to_cpu(context->DataLength) <
-+			    sizeof(struct create_durable_req_v2)) {
-+				err = -EINVAL;
-+				goto out;
-+			}
- 
- 			durable_v2_blob =
- 				(struct create_durable_req_v2 *)context;

debian/patches/patchset-pf/smb/0003-cifs-fix-integer-overflow-in-match_server.patch

@@ -1,4 +1,4 @@
-From 87a17042db9d288d1c5bf3eac2a31bd3315a8cd0 Mon Sep 17 00:00:00 2001
+From 6b8b436fbb92dff7d6bc8d6c977b01814a541ec0 Mon Sep 17 00:00:00 2001
 From: Roman Smirnov <r.smirnov@omp.ru>
 Date: Mon, 31 Mar 2025 11:22:49 +0300
 Subject: cifs: fix integer overflow in match_server()

debian/patches/patchset-pf/smb/0004-ksmbd-add-bounds-check-for-create-lease-context.patch

@@ -1,41 +0,0 @@
-From df179d4868b57eb8bcd7587559164178f17f0747 Mon Sep 17 00:00:00 2001
-From: Norbert Szetei <norbert@doyensec.com>
-Date: Sat, 15 Mar 2025 12:19:28 +0900
-Subject: ksmbd: add bounds check for create lease context
-
-Add missing bounds check for create lease context.
-
-Cc: stable@vger.kernel.org
-Reported-by: Norbert Szetei <norbert@doyensec.com>
-Tested-by: Norbert Szetei <norbert@doyensec.com>
-Signed-off-by: Norbert Szetei <norbert@doyensec.com>
-Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/server/oplock.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
---- a/fs/smb/server/oplock.c
-+++ b/fs/smb/server/oplock.c
-@@ -1505,6 +1505,10 @@ struct lease_ctx_info *parse_lease_state
- 	if (sizeof(struct lease_context_v2) == le32_to_cpu(cc->DataLength)) {
- 		struct create_lease_v2 *lc = (struct create_lease_v2 *)cc;
- 
-+		if (le16_to_cpu(cc->DataOffset) + le32_to_cpu(cc->DataLength) <
-+		    sizeof(struct create_lease_v2) - 4)
-+			return NULL;
-+
- 		memcpy(lreq->lease_key, lc->lcontext.LeaseKey, SMB2_LEASE_KEY_SIZE);
- 		lreq->req_state = lc->lcontext.LeaseState;
- 		lreq->flags = lc->lcontext.LeaseFlags;
-@@ -1517,6 +1521,10 @@ struct lease_ctx_info *parse_lease_state
- 	} else {
- 		struct create_lease *lc = (struct create_lease *)cc;
- 
-+		if (le16_to_cpu(cc->DataOffset) + le32_to_cpu(cc->DataLength) <
-+		    sizeof(struct create_lease))
-+			return NULL;
-+
- 		memcpy(lreq->lease_key, lc->lcontext.LeaseKey, SMB2_LEASE_KEY_SIZE);
- 		lreq->req_state = lc->lcontext.LeaseState;
- 		lreq->flags = lc->lcontext.LeaseFlags;

debian/patches/patchset-pf/smb/0005-ksmbd-fix-use-after-free-in-ksmbd_sessions_deregiste.patch

@@ -1,31 +0,0 @@
-From d72853120541d47779616db780a15a42afe4ad9b Mon Sep 17 00:00:00 2001
-From: Namjae Jeon <linkinjeon@kernel.org>
-Date: Sat, 22 Mar 2025 09:20:19 +0900
-Subject: ksmbd: fix use-after-free in ksmbd_sessions_deregister()
-
-In multichannel mode, UAF issue can occur in session_deregister
-when the second channel sets up a session through the connection of
-the first channel. session that is freed through the global session
-table can be accessed again through ->sessions of connection.
-
-Cc: stable@vger.kernel.org
-Reported-by: Norbert Szetei <norbert@doyensec.com>
-Tested-by: Norbert Szetei <norbert@doyensec.com>
-Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/server/mgmt/user_session.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/fs/smb/server/mgmt/user_session.c
-+++ b/fs/smb/server/mgmt/user_session.c
-@@ -230,6 +230,9 @@ void ksmbd_sessions_deregister(struct ks
- 			if (!ksmbd_chann_del(conn, sess) &&
- 			    xa_empty(&sess->ksmbd_chann_list)) {
- 				hash_del(&sess->hlist);
-+				down_write(&conn->session_lock);
-+				xa_erase(&conn->sessions, sess->id);
-+				up_write(&conn->session_lock);
- 				ksmbd_session_destroy(sess);
- 			}
- 		}

debian/patches/patchset-pf/smb/0007-ksmbd-fix-session-use-after-free-in-multichannel-con.patch

@@ -1,105 +0,0 @@
-From 13cf611fba8e4bcb60b66abb0c2a2456d7863c18 Mon Sep 17 00:00:00 2001
-From: Namjae Jeon <linkinjeon@kernel.org>
-Date: Thu, 27 Mar 2025 21:22:51 +0900
-Subject: ksmbd: fix session use-after-free in multichannel connection
-
-There is a race condition between session setup and
-ksmbd_sessions_deregister. The session can be freed before the connection
-is added to channel list of session.
-This patch check reference count of session before freeing it.
-
-Cc: stable@vger.kernel.org
-Reported-by: Sean Heelan <seanheelan@gmail.com>
-Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/server/auth.c              |  4 ++--
- fs/smb/server/mgmt/user_session.c | 14 ++++++++------
- fs/smb/server/smb2pdu.c           |  7 ++++---
- 3 files changed, 14 insertions(+), 11 deletions(-)
-
---- a/fs/smb/server/auth.c
-+++ b/fs/smb/server/auth.c
-@@ -1016,9 +1016,9 @@ static int ksmbd_get_encryption_key(stru
- 
- 	ses_enc_key = enc ? sess->smb3encryptionkey :
- 		sess->smb3decryptionkey;
--	if (enc)
--		ksmbd_user_session_get(sess);
- 	memcpy(key, ses_enc_key, SMB3_ENC_DEC_KEY_SIZE);
-+	if (!enc)
-+		ksmbd_user_session_put(sess);
- 
- 	return 0;
- }
---- a/fs/smb/server/mgmt/user_session.c
-+++ b/fs/smb/server/mgmt/user_session.c
-@@ -181,7 +181,7 @@ static void ksmbd_expire_session(struct
- 	down_write(&sessions_table_lock);
- 	down_write(&conn->session_lock);
- 	xa_for_each(&conn->sessions, id, sess) {
--		if (atomic_read(&sess->refcnt) == 0 &&
-+		if (atomic_read(&sess->refcnt) <= 1 &&
- 		    (sess->state != SMB2_SESSION_VALID ||
- 		     time_after(jiffies,
- 			       sess->last_active + SMB2_SESSION_TIMEOUT))) {
-@@ -233,7 +233,8 @@ void ksmbd_sessions_deregister(struct ks
- 				down_write(&conn->session_lock);
- 				xa_erase(&conn->sessions, sess->id);
- 				up_write(&conn->session_lock);
--				ksmbd_session_destroy(sess);
-+				if (atomic_dec_and_test(&sess->refcnt))
-+					ksmbd_session_destroy(sess);
- 			}
- 		}
- 	}
-@@ -252,7 +253,8 @@ void ksmbd_sessions_deregister(struct ks
- 		if (xa_empty(&sess->ksmbd_chann_list)) {
- 			xa_erase(&conn->sessions, sess->id);
- 			hash_del(&sess->hlist);
--			ksmbd_session_destroy(sess);
-+			if (atomic_dec_and_test(&sess->refcnt))
-+				ksmbd_session_destroy(sess);
- 		}
- 	}
- 	up_write(&conn->session_lock);
-@@ -312,8 +314,8 @@ void ksmbd_user_session_put(struct ksmbd
- 
- 	if (atomic_read(&sess->refcnt) <= 0)
- 		WARN_ON(1);
--	else
--		atomic_dec(&sess->refcnt);
-+	else if (atomic_dec_and_test(&sess->refcnt))
-+		ksmbd_session_destroy(sess);
- }
- 
- struct preauth_session *ksmbd_preauth_session_alloc(struct ksmbd_conn *conn,
-@@ -420,7 +422,7 @@ static struct ksmbd_session *__session_c
- 	xa_init(&sess->rpc_handle_list);
- 	sess->sequence_number = 1;
- 	rwlock_init(&sess->tree_conns_lock);
--	atomic_set(&sess->refcnt, 1);
-+	atomic_set(&sess->refcnt, 2);
- 
- 	ret = __init_smb2_session(sess);
- 	if (ret)
---- a/fs/smb/server/smb2pdu.c
-+++ b/fs/smb/server/smb2pdu.c
-@@ -2239,13 +2239,14 @@ int smb2_session_logoff(struct ksmbd_wor
- 		return -ENOENT;
- 	}
- 
--	ksmbd_destroy_file_table(&sess->file_table);
- 	down_write(&conn->session_lock);
- 	sess->state = SMB2_SESSION_EXPIRED;
- 	up_write(&conn->session_lock);
- 
--	ksmbd_free_user(sess->user);
--	sess->user = NULL;
-+	if (sess->user) {
-+		ksmbd_free_user(sess->user);
-+		sess->user = NULL;
-+	}
- 	ksmbd_all_conn_set_status(sess_id, KSMBD_SESS_NEED_NEGOTIATE);
- 
- 	rsp->StructureSize = cpu_to_le16(4);

debian/patches/patchset-pf/smb/0008-ksmbd-fix-overflow-in-dacloffset-bounds-check.patch

@@ -1,70 +0,0 @@
-From 3fe0cc7e4d24b0a152798ec17ceed4156fe96033 Mon Sep 17 00:00:00 2001
-From: Norbert Szetei <norbert@doyensec.com>
-Date: Sat, 29 Mar 2025 06:58:15 +0000
-Subject: ksmbd: fix overflow in dacloffset bounds check
-
-The dacloffset field was originally typed as int and used in an
-unchecked addition, which could overflow and bypass the existing
-bounds check in both smb_check_perm_dacl() and smb_inherit_dacl().
-
-This could result in out-of-bounds memory access and a kernel crash
-when dereferencing the DACL pointer.
-
-This patch converts dacloffset to unsigned int and uses
-check_add_overflow() to validate access to the DACL.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Norbert Szetei <norbert@doyensec.com>
-Acked-by: Namjae Jeon <linkinjeon@kernel.org>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/server/smbacl.c | 16 ++++++++++++----
- 1 file changed, 12 insertions(+), 4 deletions(-)
-
---- a/fs/smb/server/smbacl.c
-+++ b/fs/smb/server/smbacl.c
-@@ -1026,7 +1026,9 @@ int smb_inherit_dacl(struct ksmbd_conn *
- 	struct dentry *parent = path->dentry->d_parent;
- 	struct mnt_idmap *idmap = mnt_idmap(path->mnt);
- 	int inherited_flags = 0, flags = 0, i, nt_size = 0, pdacl_size;
--	int rc = 0, dacloffset, pntsd_type, pntsd_size, acl_len, aces_size;
-+	int rc = 0, pntsd_type, pntsd_size, acl_len, aces_size;
-+	unsigned int dacloffset;
-+	size_t dacl_struct_end;
- 	u16 num_aces, ace_cnt = 0;
- 	char *aces_base;
- 	bool is_dir = S_ISDIR(d_inode(path->dentry)->i_mode);
-@@ -1035,8 +1037,11 @@ int smb_inherit_dacl(struct ksmbd_conn *
- 					    parent, &parent_pntsd);
- 	if (pntsd_size <= 0)
- 		return -ENOENT;
-+
- 	dacloffset = le32_to_cpu(parent_pntsd->dacloffset);
--	if (!dacloffset || (dacloffset + sizeof(struct smb_acl) > pntsd_size)) {
-+	if (!dacloffset ||
-+	    check_add_overflow(dacloffset, sizeof(struct smb_acl), &dacl_struct_end) ||
-+	    dacl_struct_end > (size_t)pntsd_size) {
- 		rc = -EINVAL;
- 		goto free_parent_pntsd;
- 	}
-@@ -1240,7 +1245,9 @@ int smb_check_perm_dacl(struct ksmbd_con
- 	struct smb_ntsd *pntsd = NULL;
- 	struct smb_acl *pdacl;
- 	struct posix_acl *posix_acls;
--	int rc = 0, pntsd_size, acl_size, aces_size, pdacl_size, dacl_offset;
-+	int rc = 0, pntsd_size, acl_size, aces_size, pdacl_size;
-+	unsigned int dacl_offset;
-+	size_t dacl_struct_end;
- 	struct smb_sid sid;
- 	int granted = le32_to_cpu(*pdaccess & ~FILE_MAXIMAL_ACCESS_LE);
- 	struct smb_ace *ace;
-@@ -1259,7 +1266,8 @@ int smb_check_perm_dacl(struct ksmbd_con
- 
- 	dacl_offset = le32_to_cpu(pntsd->dacloffset);
- 	if (!dacl_offset ||
--	    (dacl_offset + sizeof(struct smb_acl) > pntsd_size))
-+	    check_add_overflow(dacl_offset, sizeof(struct smb_acl), &dacl_struct_end) ||
-+	    dacl_struct_end > (size_t)pntsd_size)
- 		goto err_out;
- 
- 	pdacl = (struct smb_acl *)((char *)pntsd + le32_to_cpu(pntsd->dacloffset));

debian/patches/patchset-pf/smb/0009-ksmbd-validate-zero-num_subauth-before-sub_auth-is-a.patch

@@ -1,32 +0,0 @@
-From 0cf6aa54e0b5dbd9b1835a3b9f13a154216a7422 Mon Sep 17 00:00:00 2001
-From: Norbert Szetei <norbert@doyensec.com>
-Date: Sat, 29 Mar 2025 16:06:01 +0000
-Subject: ksmbd: validate zero num_subauth before sub_auth is accessed
-
-Access psid->sub_auth[psid->num_subauth - 1] without checking
-if num_subauth is non-zero leads to an out-of-bounds read.
-This patch adds a validation step to ensure num_subauth != 0
-before sub_auth is accessed.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Norbert Szetei <norbert@doyensec.com>
-Acked-by: Namjae Jeon <linkinjeon@kernel.org>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/server/smbacl.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/fs/smb/server/smbacl.c
-+++ b/fs/smb/server/smbacl.c
-@@ -270,6 +270,11 @@ static int sid_to_id(struct mnt_idmap *i
- 		return -EIO;
- 	}
- 
-+	if (psid->num_subauth == 0) {
-+		pr_err("%s: zero subauthorities!\n", __func__);
-+		return -EIO;
-+	}
-+
- 	if (sidtype == SIDOWNER) {
- 		kuid_t uid;
- 		uid_t id;

debian/patches/patchset-pf/smb/0010-ksmbd-fix-null-pointer-dereference-in-alloc_preauth_.patch

@@ -1,125 +0,0 @@
-From 21715f2a6462476a4196725e436c4b0d968390ce Mon Sep 17 00:00:00 2001
-From: Namjae Jeon <linkinjeon@kernel.org>
-Date: Wed, 2 Apr 2025 09:11:23 +0900
-Subject: ksmbd: fix null pointer dereference in alloc_preauth_hash()
-
-The Client send malformed smb2 negotiate request. ksmbd return error
-response. Subsequently, the client can send smb2 session setup even
-thought conn->preauth_info is not allocated.
-This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore
-session setup request if smb2 negotiate phase is not complete.
-
-Cc: stable@vger.kernel.org
-Tested-by: Steve French <stfrench@microsoft.com>
-Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-26505
-Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/server/connection.h        | 11 +++++++++++
- fs/smb/server/mgmt/user_session.c |  4 ++--
- fs/smb/server/smb2pdu.c           | 14 +++++++++++---
- 3 files changed, 24 insertions(+), 5 deletions(-)
-
---- a/fs/smb/server/connection.h
-+++ b/fs/smb/server/connection.h
-@@ -27,6 +27,7 @@ enum {
- 	KSMBD_SESS_EXITING,
- 	KSMBD_SESS_NEED_RECONNECT,
- 	KSMBD_SESS_NEED_NEGOTIATE,
-+	KSMBD_SESS_NEED_SETUP,
- 	KSMBD_SESS_RELEASING
- };
- 
-@@ -187,6 +188,11 @@ static inline bool ksmbd_conn_need_negot
- 	return READ_ONCE(conn->status) == KSMBD_SESS_NEED_NEGOTIATE;
- }
- 
-+static inline bool ksmbd_conn_need_setup(struct ksmbd_conn *conn)
-+{
-+	return READ_ONCE(conn->status) == KSMBD_SESS_NEED_SETUP;
-+}
-+
- static inline bool ksmbd_conn_need_reconnect(struct ksmbd_conn *conn)
- {
- 	return READ_ONCE(conn->status) == KSMBD_SESS_NEED_RECONNECT;
-@@ -217,6 +223,11 @@ static inline void ksmbd_conn_set_need_n
- 	WRITE_ONCE(conn->status, KSMBD_SESS_NEED_NEGOTIATE);
- }
- 
-+static inline void ksmbd_conn_set_need_setup(struct ksmbd_conn *conn)
-+{
-+	WRITE_ONCE(conn->status, KSMBD_SESS_NEED_SETUP);
-+}
-+
- static inline void ksmbd_conn_set_need_reconnect(struct ksmbd_conn *conn)
- {
- 	WRITE_ONCE(conn->status, KSMBD_SESS_NEED_RECONNECT);
---- a/fs/smb/server/mgmt/user_session.c
-+++ b/fs/smb/server/mgmt/user_session.c
-@@ -358,13 +358,13 @@ void destroy_previous_session(struct ksm
- 	ksmbd_all_conn_set_status(id, KSMBD_SESS_NEED_RECONNECT);
- 	err = ksmbd_conn_wait_idle_sess_id(conn, id);
- 	if (err) {
--		ksmbd_all_conn_set_status(id, KSMBD_SESS_NEED_NEGOTIATE);
-+		ksmbd_all_conn_set_status(id, KSMBD_SESS_NEED_SETUP);
- 		goto out;
- 	}
- 
- 	ksmbd_destroy_file_table(&prev_sess->file_table);
- 	prev_sess->state = SMB2_SESSION_EXPIRED;
--	ksmbd_all_conn_set_status(id, KSMBD_SESS_NEED_NEGOTIATE);
-+	ksmbd_all_conn_set_status(id, KSMBD_SESS_NEED_SETUP);
- 	ksmbd_launch_ksmbd_durable_scavenger();
- out:
- 	up_write(&conn->session_lock);
---- a/fs/smb/server/smb2pdu.c
-+++ b/fs/smb/server/smb2pdu.c
-@@ -1249,7 +1249,7 @@ int smb2_handle_negotiate(struct ksmbd_w
- 	}
- 
- 	conn->srv_sec_mode = le16_to_cpu(rsp->SecurityMode);
--	ksmbd_conn_set_need_negotiate(conn);
-+	ksmbd_conn_set_need_setup(conn);
- 
- err_out:
- 	ksmbd_conn_unlock(conn);
-@@ -1271,6 +1271,9 @@ static int alloc_preauth_hash(struct ksm
- 	if (sess->Preauth_HashValue)
- 		return 0;
- 
-+	if (!conn->preauth_info)
-+		return -ENOMEM;
-+
- 	sess->Preauth_HashValue = kmemdup(conn->preauth_info->Preauth_HashValue,
- 					  PREAUTH_HASHVALUE_SIZE, KSMBD_DEFAULT_GFP);
- 	if (!sess->Preauth_HashValue)
-@@ -1674,6 +1677,11 @@ int smb2_sess_setup(struct ksmbd_work *w
- 
- 	ksmbd_debug(SMB, "Received smb2 session setup request\n");
- 
-+	if (!ksmbd_conn_need_setup(conn) && !ksmbd_conn_good(conn)) {
-+		work->send_no_response = 1;
-+		return rc;
-+	}
-+
- 	WORK_BUFFERS(work, req, rsp);
- 
- 	rsp->StructureSize = cpu_to_le16(9);
-@@ -1913,7 +1921,7 @@ out_err:
- 			if (try_delay) {
- 				ksmbd_conn_set_need_reconnect(conn);
- 				ssleep(5);
--				ksmbd_conn_set_need_negotiate(conn);
-+				ksmbd_conn_set_need_setup(conn);
- 			}
- 		}
- 		smb2_set_err_rsp(work);
-@@ -2247,7 +2255,7 @@ int smb2_session_logoff(struct ksmbd_wor
- 		ksmbd_free_user(sess->user);
- 		sess->user = NULL;
- 	}
--	ksmbd_all_conn_set_status(sess_id, KSMBD_SESS_NEED_NEGOTIATE);
-+	ksmbd_all_conn_set_status(sess_id, KSMBD_SESS_NEED_SETUP);
- 
- 	rsp->StructureSize = cpu_to_le16(4);
- 	err = ksmbd_iov_pin_rsp(work, rsp, sizeof(struct smb2_logoff_rsp));

debian/patches/patchset-pf/zstd/0001-zstd-import-upstream-v1.5.7.patch

@@ -1,4 +1,4 @@
-From 7aa936e7a4feef1256c1bae5caf02db3074766af Mon Sep 17 00:00:00 2001
+From b0d4b9d688216e91afc7e48348686827bd7b2bb1 Mon Sep 17 00:00:00 2001
 From: Oleksandr Natalenko <oleksandr@natalenko.name>
 Date: Thu, 20 Feb 2025 09:03:32 +0100
 Subject: zstd: import upstream v1.5.7

debian/patches/patchset-pf/zstd/0002-lib-zstd-Refactor-intentional-wrap-around-test.patch

@@ -1,4 +1,4 @@
-From 70dad0dd41069fbb2c4a85b548e7adc79121a020 Mon Sep 17 00:00:00 2001
+From fa7962f32acca3bafd81520b3e1f8f24dbee4758 Mon Sep 17 00:00:00 2001
 From: Kees Cook <keescook@chromium.org>
 Date: Mon, 22 Jan 2024 16:27:56 -0800
 Subject: lib: zstd: Refactor intentional wrap-around test

debian/patches/patchset-xanmod/binder/0003-binder-turn-into-module-lock_vma_under_rcu.patch

@@ -11,7 +11,7 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
 
 --- a/mm/memory.c
 +++ b/mm/memory.c
-@@ -6395,6 +6395,7 @@ inval:
+@@ -6392,6 +6392,7 @@ inval:
  	count_vm_vma_lock_event(VMA_LOCK_ABORT);
  	return NULL;
  }

debian/patches/patchset-xanmod/xanmod/0013-XANMOD-sched-autogroup-Add-kernel-parameter-and-conf.patch

@@ -35,7 +35,7 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
  	no_console_suspend
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -1367,6 +1367,18 @@ config SCHED_AUTOGROUP
+@@ -1372,6 +1372,18 @@ config SCHED_AUTOGROUP
  	  desktop applications.  Task group autogeneration is currently based
  	  upon task session.
  

debian/patches/patchset-zen/invlpgb/0001-x86-mm-Make-MMU_GATHER_RCU_TABLE_FREE-unconditional.patch

@@ -76,7 +76,7 @@ Link: https://lore.kernel.org/r/20250213161423.449435-2-riel@surriel.com
  struct static_key paravirt_steal_enabled;
  struct static_key paravirt_steal_rq_enabled;
  
-@@ -195,7 +180,7 @@ struct paravirt_patch_template pv_ops =
+@@ -197,7 +182,7 @@ struct paravirt_patch_template pv_ops =
  	.mmu.flush_tlb_kernel	= native_flush_tlb_global,
  	.mmu.flush_tlb_one_user	= native_flush_tlb_one_user,
  	.mmu.flush_tlb_multi	= native_flush_tlb_multi,

debian/patches/patchset-zen/invlpgb/0002-x86-mm-Remove-pv_ops.mmu.tlb_remove_table-call.patch

@@ -48,7 +48,7 @@ Link: https://lore.kernel.org/r/20250213161423.449435-3-riel@surriel.com
  	PVOP_VCALL1(mmu.exit_mmap, mm);
 --- a/arch/x86/include/asm/paravirt_types.h
 +++ b/arch/x86/include/asm/paravirt_types.h
-@@ -134,8 +134,6 @@ struct pv_mmu_ops {
+@@ -133,8 +133,6 @@ struct pv_mmu_ops {
  	void (*flush_tlb_multi)(const struct cpumask *cpus,
  				const struct flush_tlb_info *info);
  
@@ -69,7 +69,7 @@ Link: https://lore.kernel.org/r/20250213161423.449435-3-riel@surriel.com
  
 --- a/arch/x86/kernel/paravirt.c
 +++ b/arch/x86/kernel/paravirt.c
-@@ -180,7 +180,6 @@ struct paravirt_patch_template pv_ops =
+@@ -182,7 +182,6 @@ struct paravirt_patch_template pv_ops =
  	.mmu.flush_tlb_kernel	= native_flush_tlb_global,
  	.mmu.flush_tlb_one_user	= native_flush_tlb_one_user,
  	.mmu.flush_tlb_multi	= native_flush_tlb_multi,

debian/patches/patchset-zen/sauce/0012-ZEN-INTERACTIVE-Base-config-item.patch

@@ -9,7 +9,7 @@ Subject: ZEN: INTERACTIVE: Base config item
 
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -157,6 +157,12 @@ config THREAD_INFO_IN_TASK
+@@ -162,6 +162,12 @@ config THREAD_INFO_IN_TASK
  
  menu "General setup"
  

debian/patches/patchset-zen/sauce/0013-ZEN-INTERACTIVE-Use-BFQ-as-the-elevator-for-SQ-devic.patch

@@ -24,7 +24,7 @@ Subject: ZEN: INTERACTIVE: Use BFQ as the elevator for SQ devices
  /*
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -163,6 +163,10 @@ config ZEN_INTERACTIVE
+@@ -168,6 +168,10 @@ config ZEN_INTERACTIVE
  	help
  	  Tunes the kernel for responsiveness at the cost of throughput and power usage.
  

debian/patches/patchset-zen/sauce/0014-ZEN-INTERACTIVE-Use-Kyber-as-the-elevator-for-MQ-dev.patch

@@ -26,7 +26,7 @@ Subject: ZEN: INTERACTIVE: Use Kyber as the elevator for MQ devices
  	return elevator_find_get("bfq");
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -166,6 +166,7 @@ config ZEN_INTERACTIVE
+@@ -171,6 +171,7 @@ config ZEN_INTERACTIVE
  	  --- Block Layer ----------------------------------------
  
  	    Default scheduler for SQ..: mq-deadline ->   bfq

debian/patches/patchset-zen/sauce/0015-ZEN-INTERACTIVE-Enable-background-reclaim-of-hugepag.patch

@@ -32,7 +32,7 @@ Reasoning and details in the original patch: https://lwn.net/Articles/711248/
 
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -168,6 +168,10 @@ config ZEN_INTERACTIVE
+@@ -173,6 +173,10 @@ config ZEN_INTERACTIVE
  	    Default scheduler for SQ..: mq-deadline ->   bfq
  	    Default scheduler for MQ..:        none ->   kyber
  

debian/patches/patchset-zen/sauce/0016-ZEN-INTERACTIVE-Tune-EEVDF-for-interactivity.patch

@@ -42,7 +42,7 @@ caused by rebalancing too many tasks at once.
 
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -172,6 +172,13 @@ config ZEN_INTERACTIVE
+@@ -177,6 +177,13 @@ config ZEN_INTERACTIVE
  
  	    Background-reclaim hugepages...:   no   ->   yes
  

debian/patches/patchset-zen/sauce/0017-ZEN-INTERACTIVE-Tune-ondemand-governor-for-interacti.patch

@@ -75,7 +75,7 @@ Remove MuQSS cpufreq configuration.
  
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -179,6 +179,12 @@ config ZEN_INTERACTIVE
+@@ -184,6 +184,12 @@ config ZEN_INTERACTIVE
  	    Bandwidth slice size...........:   5    ->   3    ms
  	    Task rebalancing threshold.....:  32    ->   8
  

debian/patches/patchset-zen/sauce/0018-ZEN-INTERACTIVE-mm-Disable-unevictable-compaction.patch

@@ -12,7 +12,7 @@ turn it off when CONFIG_ZEN_INTERACTIVE is set as well.
 
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -171,6 +171,7 @@ config ZEN_INTERACTIVE
+@@ -176,6 +176,7 @@ config ZEN_INTERACTIVE
  	  --- Virtual Memory Subsystem ---------------------------
  
  	    Background-reclaim hugepages...:   no   ->   yes

debian/patches/patchset-zen/sauce/0019-ZEN-INTERACTIVE-mm-Disable-watermark-boosting-by-def.patch

@@ -33,7 +33,7 @@ Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
 
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -172,6 +172,7 @@ config ZEN_INTERACTIVE
+@@ -177,6 +177,7 @@ config ZEN_INTERACTIVE
  
  	    Background-reclaim hugepages...:   no   ->   yes
  	    Compact unevictable............:   yes  ->   no

debian/patches/patchset-zen/sauce/0020-ZEN-INTERACTIVE-mm-Lower-the-non-hugetlbpage-pageblo.patch

@@ -47,7 +47,7 @@ Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
  
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -173,6 +173,7 @@ config ZEN_INTERACTIVE
+@@ -178,6 +178,7 @@ config ZEN_INTERACTIVE
  	    Background-reclaim hugepages...:   no   ->   yes
  	    Compact unevictable............:   yes  ->   no
  	    Watermark boost factor.........:   1.5  ->   0

debian/patches/patchset-zen/sauce/0021-ZEN-INTERACTIVE-dm-crypt-Disable-workqueues-for-cryp.patch

@@ -34,7 +34,7 @@ Fixes: https://github.com/zen-kernel/zen-kernel/issues/282
  		goto bad;
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -167,6 +167,7 @@ config ZEN_INTERACTIVE
+@@ -172,6 +172,7 @@ config ZEN_INTERACTIVE
  
  	    Default scheduler for SQ..: mq-deadline ->   bfq
  	    Default scheduler for MQ..:        none ->   kyber

debian/patches/patchset-zen/sauce/0022-ZEN-INTERACTIVE-mm-swap-Disable-swap-in-readahead.patch

@@ -20,7 +20,7 @@ same change so Zen Kernel users benefit.
 
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -175,6 +175,7 @@ config ZEN_INTERACTIVE
+@@ -180,6 +180,7 @@ config ZEN_INTERACTIVE
  	    Compact unevictable............:   yes  ->   no
  	    Watermark boost factor.........:   1.5  ->   0
  	    Pageblock order................:  10    ->   3

debian/patches/patchset-zen/sauce/0023-ZEN-INTERACTIVE-Document-PDS-BMQ-configuration.patch

@@ -9,7 +9,7 @@ Subject: ZEN: INTERACTIVE: Document PDS/BMQ configuration
 
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -184,6 +184,11 @@ config ZEN_INTERACTIVE
+@@ -189,6 +189,11 @@ config ZEN_INTERACTIVE
  	    Bandwidth slice size...........:   5    ->   3    ms
  	    Task rebalancing threshold.....:  32    ->   8
  

debian/patches/series

@@ -69,7 +69,6 @@ features/x86/x86-make-x32-syscall-support-conditional.patch
 bugfix/all/disable-some-marvell-phys.patch
 bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
 bugfix/all/documentation-use-relative-source-paths-in-abi-documentation.patch
-bugfix/all/ALSA-hda-realtek-Fix-built-in-mic-on-another-ASUS-Vi.patch
 
 # Miscellaneous features
 
@@ -101,7 +100,7 @@ bugfix/all/perf-docs-Fix-perf-check-manual-page-built-with-asci.patch
 
 # ABI maintenance
 
-## custom patches
+## own patches
 
 krd/0001-Revert-objtool-dont-fail-the-kernel-build-on-fatal-errors.patch
 krd/0002-established-timeout.patch
@@ -120,36 +119,33 @@ mixed-arch/0006-XANMOD-kbuild-Add-GCC-SMS-based-modulo-scheduling-fl.patch
 
 misc-openwrt/0001-mac80211-ignore-AP-power-level-when-tx-power-type-is.patch
 
-patchset-pf/amd-pstate/0001-cpufreq-amd-pstate-Modify-the-min_perf-calculation-i.patch
-patchset-pf/amd-pstate/0002-cpufreq-amd-pstate-Remove-the-redundant-des_perf-cla.patch
-patchset-pf/amd-pstate/0003-cpufreq-amd-pstate-Pass-min-max_limit_perf-as-min-ma.patch
-patchset-pf/amd-pstate/0004-cpufreq-amd-pstate-Convert-all-perf-values-to-u8.patch
-patchset-pf/amd-pstate/0005-cpufreq-amd-pstate-Modularize-perf-freq-conversion.patch
-patchset-pf/amd-pstate/0006-cpufreq-amd-pstate-Remove-the-unnecessary-cpufreq_up.patch
-patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Add-missing-NULL-ptr-check-in-amd.patch
-patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Use-scope-based-cleanup-for-cpufr.patch
-patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Remove-the-unncecessary-driver_lo.patch
-patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Fix-the-clamping-of-perf-values.patch
-patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Invalidate-cppc_req_cached-during.patch
-patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch
-patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch
-patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch
-patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-Overhaul-locking.patch
-patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch
-patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch
-patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch
-patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch
-patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch
-patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch
-patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch
-patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch
-patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch
-patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch
-patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch
-patchset-pf/amd-pstate/0027-cpufreq-amd-pstate-Rework-CPPC-enabling.patch
-patchset-pf/amd-pstate/0028-cpufreq-amd-pstate-Stop-caching-EPP.patch
-patchset-pf/amd-pstate/0029-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch
-patchset-pf/amd-pstate/0030-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch
+patchset-pf/amd-pstate/0001-cpufreq-amd-pstate-Remove-the-redundant-des_perf-cla.patch
+patchset-pf/amd-pstate/0002-cpufreq-amd-pstate-Modularize-perf-freq-conversion.patch
+patchset-pf/amd-pstate/0003-cpufreq-amd-pstate-Remove-the-unnecessary-cpufreq_up.patch
+patchset-pf/amd-pstate/0004-cpufreq-amd-pstate-Use-scope-based-cleanup-for-cpufr.patch
+patchset-pf/amd-pstate/0005-cpufreq-amd-pstate-Remove-the-unncecessary-driver_lo.patch
+patchset-pf/amd-pstate/0006-cpufreq-amd-pstate-Fix-the-clamping-of-perf-values.patch
+patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Invalidate-cppc_req_cached-during.patch
+patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch
+patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch
+patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch
+patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Overhaul-locking.patch
+patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch
+patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch
+patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch
+patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch
+patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch
+patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch
+patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch
+patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch
+patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch
+patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch
+patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch
+patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Rework-CPPC-enabling.patch
+patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Stop-caching-EPP.patch
+patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch
+patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch
+patchset-pf/amd-pstate/0027-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch
 
 patchset-pf/btrfs/0001-btrfs-fix-non-empty-delayed-iputs-list-on-unmount-du.patch
 patchset-pf/btrfs/0002-btrfs-tests-fix-chunk-map-leak-after-failure-to-add-.patch
@@ -161,30 +157,11 @@ patchset-pf/cpuidle/0001-cpuidle-Prefer-teo-over-menu-governor.patch
 patchset-pf/crypto/0001-crypto-x86-aes-xts-make-the-fast-path-64-bit-specifi.patch
 patchset-pf/crypto/0002-crypto-x86-aes-ctr-rewrite-AESNI-AVX-optimized-CTR-a.patch
 
-patchset-pf/exfat/0001-exfat-fix-random-stack-corruption-after-get_block.patch
-patchset-pf/exfat/0002-exfat-fix-potential-wrong-error-return-from-get_bloc.patch
-
 patchset-pf/fuse/0001-fuse-io-uring-Fix-a-possible-req-cancellation-race.patch
 
-patchset-pf/nfs/0001-nfsd-fix-management-of-listener-transports.patch
-patchset-pf/nfs/0002-NFSD-Skip-sending-CB_RECALL_ANY-when-the-backchannel.patch
-patchset-pf/nfs/0003-NFSD-nfsd_unlink-clobbers-non-zero-status-returned-f.patch
-patchset-pf/nfs/0004-NFSD-Never-return-NFS4ERR_FILE_OPEN-when-removing-a-.patch
-patchset-pf/nfs/0005-nfsd-don-t-ignore-the-return-code-of-svc_proc_regist.patch
-patchset-pf/nfs/0006-nfsd-allow-SC_STATUS_FREEABLE-when-searching-via-nfs.patch
-patchset-pf/nfs/0007-nfsd-put-dl_stid-if-fail-to-queue-dl_recall.patch
-patchset-pf/nfs/0008-NFSD-Add-a-Kconfig-setting-to-enable-delegated-times.patch
-
 patchset-pf/smb/0001-cifs-avoid-NULL-pointer-dereference-in-dbg-call.patch
-patchset-pf/smb/0002-ksmbd-add-bounds-check-for-durable-handle-context.patch
-patchset-pf/smb/0003-CIFS-Propagate-min-offload-along-with-other-paramete.patch
-patchset-pf/smb/0004-ksmbd-add-bounds-check-for-create-lease-context.patch
-patchset-pf/smb/0005-ksmbd-fix-use-after-free-in-ksmbd_sessions_deregiste.patch
-patchset-pf/smb/0006-cifs-fix-integer-overflow-in-match_server.patch
-patchset-pf/smb/0007-ksmbd-fix-session-use-after-free-in-multichannel-con.patch
-patchset-pf/smb/0008-ksmbd-fix-overflow-in-dacloffset-bounds-check.patch
-patchset-pf/smb/0009-ksmbd-validate-zero-num_subauth-before-sub_auth-is-a.patch
-patchset-pf/smb/0010-ksmbd-fix-null-pointer-dereference-in-alloc_preauth_.patch
+patchset-pf/smb/0002-CIFS-Propagate-min-offload-along-with-other-paramete.patch
+patchset-pf/smb/0003-cifs-fix-integer-overflow-in-match_server.patch
 
 patchset-pf/zstd/0001-zstd-import-upstream-v1.5.7.patch
 patchset-pf/zstd/0002-lib-zstd-Refactor-intentional-wrap-around-test.patch
@@ -291,16 +268,16 @@ patchset-zen/sauce/0022-ZEN-INTERACTIVE-mm-swap-Disable-swap-in-readahead.patch
 patchset-zen/sauce/0023-ZEN-INTERACTIVE-Document-PDS-BMQ-configuration.patch
 
 patchset-pf/fixes/0001-tpm-do-not-start-chip-while-suspended.patch
-patchset-pf/fixes/0002-x86-insn_decoder_test-allow-longer-symbol-names.patch
-patchset-pf/fixes/0003-EDAC-igen6-Fix-the-flood-of-invalid-error-reports.patch
-patchset-pf/fixes/0004-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch
-patchset-pf/fixes/0005-tpm-tpm_tis-Fix-timeout-handling-when-waiting-for-TP.patch
-patchset-pf/fixes/0006-x86-mm-Fix-flush_tlb_range-when-used-for-zapping-nor.patch
-patchset-pf/fixes/0007-x86-tsc-Always-save-restore-TSC-sched_clock-on-suspe.patch
-patchset-pf/fixes/0008-uprobes-x86-Harden-uretprobe-syscall-trampoline-chec.patch
-patchset-pf/fixes/0009-block-make-sure-nr_integrity_segments-is-cloned-in-b.patch
-patchset-pf/fixes/0010-PCI-Fix-wrong-length-of-devres-array.patch
-patchset-pf/fixes/0011-exec-fix-the-racy-usage-of-fs_struct-in_exec.patch
+patchset-pf/fixes/0002-Kunit-to-check-the-longest-symbol-length.patch
+patchset-pf/fixes/0003-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch
+patchset-pf/fixes/0004-tpm-tpm_tis-Fix-timeout-handling-when-waiting-for-TP.patch
+patchset-pf/fixes/0005-block-make-sure-nr_integrity_segments-is-cloned-in-b.patch
+patchset-pf/fixes/0006-PCI-Fix-wrong-length-of-devres-array.patch
+patchset-pf/fixes/0007-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch
+patchset-pf/fixes/0008-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch
+patchset-pf/fixes/0009-ice-mark-ice_write_prof_mask_reg-as-noinline.patch
+patchset-pf/fixes/0010-fixes-6.14-update-tpm2_start_auth_session-fix.patch
+patchset-pf/fixes/0011-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch
 
 patchset-zen/fixes/0001-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch
 patchset-zen/fixes/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch