add 3rd party/custom patches

3rd patchs (in alphabetical order):
- bbr3
- ntsync5
- openwrt
- pf-kernel
- xanmod
- zen

no configuration changes for now

debian/patches/patchset-pf/fixes/0001-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch

@@ -0,0 +1,31 @@
+From cda0e050fec85635986e9cfe991e26339bf305dc Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
+Date: Sat, 13 Jan 2024 15:29:25 +0100
+Subject: arch/Kconfig: Default to maximum amount of ASLR bits
+
+To mitigate https://zolutal.github.io/aslrnt/; do this with a patch to
+avoid having to enable `CONFIG_EXPERT`.
+---
+ arch/Kconfig | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/Kconfig
++++ b/arch/Kconfig
+@@ -1050,7 +1050,7 @@ config ARCH_MMAP_RND_BITS
+ 	int "Number of bits to use for ASLR of mmap base address" if EXPERT
+ 	range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
+ 	default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT
+-	default ARCH_MMAP_RND_BITS_MIN
++	default ARCH_MMAP_RND_BITS_MAX
+ 	depends on HAVE_ARCH_MMAP_RND_BITS
+ 	help
+ 	  This value can be used to select the number of bits to use to
+@@ -1084,7 +1084,7 @@ config ARCH_MMAP_RND_COMPAT_BITS
+ 	int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT
+ 	range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX
+ 	default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
+-	default ARCH_MMAP_RND_COMPAT_BITS_MIN
++	default ARCH_MMAP_RND_COMPAT_BITS_MAX
+ 	depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS
+ 	help
+ 	  This value can be used to select the number of bits to use to

debian/patches/patchset-pf/fixes/0002-cpufreq-Remove-LATENCY_MULTIPLIER.patch

@@ -0,0 +1,112 @@
+From b7d96c1f19ef15ea431a8d5d7ab2cad22c35edba Mon Sep 17 00:00:00 2001
+From: Qais Yousef <qyousef@layalina.io>
+Date: Sun, 28 Jul 2024 20:26:59 +0100
+Subject: cpufreq: Remove LATENCY_MULTIPLIER
+
+The current LATENCY_MULTIPLIER which has been around for nearly 20 years
+causes rate_limit_us to be always in ms range.
+
+On M1 mac mini I get 50 and 56us transition latency, but due to the 1000
+multiplier we end up setting rate_limit_us to 50 and 56ms, which gets
+capped into 2ms and was 10ms before e13aa799c2a6 ("cpufreq: Change
+default transition delay to 2ms")
+
+On Intel I5 system transition latency is 20us but due to the multiplier
+we end up with 20ms that again is capped to 2ms.
+
+Given how good modern hardware and how modern workloads require systems
+to be more responsive to cater for sudden changes in workload (tasks
+sleeping/wakeup/migrating, uclamp causing a sudden boost or cap) and
+that 2ms is quarter of the time of 120Hz refresh rate system, drop the
+old logic in favour of providing 50% headroom.
+
+	rate_limit_us = 1.5 * latency.
+
+I considered not adding any headroom which could mean that we can end up
+with infinite back-to-back requests.
+
+I also considered providing a constant headroom (e.g: 100us) assuming
+that any h/w or f/w dealing with the request shouldn't require a large
+headroom when transition_latency is actually high.
+
+But for both cases I wasn't sure if h/w or f/w can end up being
+overwhelmed dealing with the freq requests in a potentially busy system.
+So I opted for providing 50% breathing room.
+
+This is expected to impact schedutil only as the other user,
+dbs_governor, takes the max(2*tick, transition_delay_us) and the former
+was at least 2ms on 1ms TICK, which is equivalent to the max_delay_us
+before applying this patch. For systems with TICK of 4ms, this value
+would have almost always ended up with 8ms sampling rate.
+
+For systems that report 0 transition latency, we still default to
+returning 1ms as transition delay.
+
+This helps in eliminating a source of latency for applying requests as
+mentioned in [1]. For example if we have a 1ms tick, most systems will
+miss sending an update at tick when updating the util_avg for a task/CPU
+(rate_limit_us will be 2ms for most systems).
+
+Link: https://lore.kernel.org/lkml/20240724212255.mfr2ybiv2j2uqek7@airbuntu/ # [1]
+Link: https://lore.kernel.org/lkml/20240205022500.2232124-1-qyousef@layalina.io/
+Signed-off-by: Qais Yousef <qyousef@layalina.io>
+Link: https://patch.msgid.link/20240728192659.58115-1-qyousef@layalina.io
+[ rjw: Subject edits ]
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+---
+ drivers/cpufreq/cpufreq.c | 27 ++++-----------------------
+ include/linux/cpufreq.h   |  6 ------
+ 2 files changed, 4 insertions(+), 29 deletions(-)
+
+--- a/drivers/cpufreq/cpufreq.c
++++ b/drivers/cpufreq/cpufreq.c
+@@ -575,30 +575,11 @@ unsigned int cpufreq_policy_transition_d
+ 		return policy->transition_delay_us;
+ 
+ 	latency = policy->cpuinfo.transition_latency / NSEC_PER_USEC;
+-	if (latency) {
+-		unsigned int max_delay_us = 2 * MSEC_PER_SEC;
++	if (latency)
++		/* Give a 50% breathing room between updates */
++		return latency + (latency >> 1);
+ 
+-		/*
+-		 * If the platform already has high transition_latency, use it
+-		 * as-is.
+-		 */
+-		if (latency > max_delay_us)
+-			return latency;
+-
+-		/*
+-		 * For platforms that can change the frequency very fast (< 2
+-		 * us), the above formula gives a decent transition delay. But
+-		 * for platforms where transition_latency is in milliseconds, it
+-		 * ends up giving unrealistic values.
+-		 *
+-		 * Cap the default transition delay to 2 ms, which seems to be
+-		 * a reasonable amount of time after which we should reevaluate
+-		 * the frequency.
+-		 */
+-		return min(latency * LATENCY_MULTIPLIER, max_delay_us);
+-	}
+-
+-	return LATENCY_MULTIPLIER;
++	return USEC_PER_MSEC;
+ }
+ EXPORT_SYMBOL_GPL(cpufreq_policy_transition_delay_us);
+ 
+--- a/include/linux/cpufreq.h
++++ b/include/linux/cpufreq.h
+@@ -577,12 +577,6 @@ static inline unsigned long cpufreq_scal
+ #define CPUFREQ_POLICY_POWERSAVE	(1)
+ #define CPUFREQ_POLICY_PERFORMANCE	(2)
+ 
+-/*
+- * The polling frequency depends on the capability of the processor. Default
+- * polling frequency is 1000 times the transition latency of the processor.
+- */
+-#define LATENCY_MULTIPLIER		(1000)
+-
+ struct cpufreq_governor {
+ 	char	name[CPUFREQ_NAME_LEN];
+ 	int	(*init)(struct cpufreq_policy *policy);

debian/patches/patchset-pf/fixes/0003-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch

@@ -0,0 +1,83 @@
+From 218e958524c673d6e68737e7f82d80ba2b6ef59a Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Thu, 19 May 2022 14:40:07 +0200
+Subject: drivers/firmware: skip simpledrm if nvidia-drm.modeset=1 is set
+
+The Nvidia proprietary driver has some bugs that leads to issues if used
+with the simpledrm driver. The most noticeable is that does not register
+an emulated fbdev device.
+
+It just relies on a fbdev to be registered by another driver, that could
+be that could be attached to the framebuffer console. On UEFI machines,
+this is the efifb driver.
+
+This means that disabling the efifb driver will cause virtual consoles to
+not be present in the system when using the Nvidia driver. Legacy BIOS is
+not affected just because fbcon is not used there, but instead vgacon.
+
+Unless a VGA mode is specified using the vga= kernel command line option,
+in that case the vesafb driver is used instead and its fbdev attached to
+the fbcon.
+
+This is a problem because with CONFIG_SYSFB_SIMPLEFB=y, the sysfb platform
+code attempts to register a "simple-framebuffer" platform device (that is
+matched against simpledrm) and only registers either an "efi-framebuffer"
+or "vesa-framebuffer" if this fails to be registered due the video modes
+not being compatible.
+
+The Nvidia driver relying on another driver to register the fbdev is quite
+fragile, since it can't really assume those will stick around. For example
+there are patches posted to remove the EFI and VESA platform devices once
+a real DRM or fbdev driver probes.
+
+But in any case, moving to a simpledrm + emulated fbdev only breaks this
+assumption and causes users to not have VT if the Nvidia driver is used.
+
+So to prevent this, let's add a workaround and make the sysfb to skip the
+"simple-framebuffer" registration when nvidia-drm.modeset=1 option is set.
+
+This is quite horrible, but honestly I can't think of any other approach.
+
+For this to work, the CONFIG_FB_EFI and CONFIG_FB_VESA config options must
+be enabled besides CONFIG_DRM_SIMPLEDRM.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Cherry-picked-for: https://bugs.archlinux.org/task/73720
+---
+ drivers/firmware/sysfb.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+--- a/drivers/firmware/sysfb.c
++++ b/drivers/firmware/sysfb.c
+@@ -35,6 +35,22 @@
+ #include <linux/screen_info.h>
+ #include <linux/sysfb.h>
+ 
++static int skip_simpledrm;
++
++static int __init simpledrm_disable(char *opt)
++{
++	if (!opt)
++                return -EINVAL;
++
++	get_option(&opt, &skip_simpledrm);
++
++	if (skip_simpledrm)
++		pr_info("The simpledrm driver will not be probed\n");
++
++	return 0;
++}
++early_param("nvidia-drm.modeset", simpledrm_disable);
++
+ static struct platform_device *pd;
+ static DEFINE_MUTEX(disable_lock);
+ static bool disabled;
+@@ -145,7 +161,7 @@ static __init int sysfb_init(void)
+ 
+ 	/* try to create a simple-framebuffer device */
+ 	compatible = sysfb_parse_mode(si, &mode);
+-	if (compatible) {
++	if (compatible && !skip_simpledrm) {
+ 		pd = sysfb_create_simplefb(si, &mode, parent);
+ 		if (!IS_ERR(pd))
+ 			goto put_device;

debian/patches/patchset-pf/fixes/0004-nfsd-add-more-info-to-WARN_ON_ONCE-on-failed-callbac.patch

@@ -0,0 +1,26 @@
+From b97d21a0aa65a6f7a7bb17bbc696b136688c96ed Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton@kernel.org>
+Date: Mon, 26 Aug 2024 08:50:11 -0400
+Subject: nfsd: add more info to WARN_ON_ONCE on failed callbacks
+
+Currently, you get the warning and stack trace, but nothing is printed
+about the relevant error codes. Add that in.
+
+Signed-off-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+---
+ fs/nfsd/nfs4callback.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs4callback.c
++++ b/fs/nfsd/nfs4callback.c
+@@ -1333,7 +1333,8 @@ static void nfsd4_cb_done(struct rpc_tas
+ 		return;
+ 
+ 	if (cb->cb_status) {
+-		WARN_ON_ONCE(task->tk_status);
++		WARN_ONCE(task->tk_status, "cb_status=%d tk_status=%d",
++			  cb->cb_status, task->tk_status);
+ 		task->tk_status = cb->cb_status;
+ 	}
+ 

debian/patches/patchset-pf/fixes/0005-e1000e-Remove-Meteor-Lake-SMBUS-workarounds.patch

@@ -0,0 +1,57 @@
+From 1d120544580708eae6bd5981b308ca17735edaac Mon Sep 17 00:00:00 2001
+From: Vitaly Lifshits <vitaly.lifshits@intel.com>
+Date: Tue, 1 Oct 2024 20:08:48 +0300
+Subject: e1000e: Remove Meteor Lake SMBUS workarounds
+
+This is a partial revert to commit 76a0a3f9cc2f ("e1000e: fix force smbus
+during suspend flow"). That commit fixed a sporadic PHY access issue but
+introduced a regression in runtime suspend flows.
+The original issue on Meteor Lake systems was rare in terms of the
+reproduction rate and the number of the systems affected.
+
+After the integration of commit 0a6ad4d9e169 ("e1000e: avoid failing the
+system during pm_suspend"), PHY access loss can no longer cause a
+system-level suspend failure. As it only occurs when the LAN cable is
+disconnected, and is recovered during system resume flow. Therefore, its
+functional impact is low, and the priority is given to stabilizing
+runtime suspend.
+
+Fixes: 76a0a3f9cc2f ("e1000e: fix force smbus during suspend flow")
+Signed-off-by: Vitaly Lifshits <vitaly.lifshits@intel.com>
+---
+ drivers/net/ethernet/intel/e1000e/ich8lan.c | 17 ++++-------------
+ 1 file changed, 4 insertions(+), 13 deletions(-)
+
+--- a/drivers/net/ethernet/intel/e1000e/ich8lan.c
++++ b/drivers/net/ethernet/intel/e1000e/ich8lan.c
+@@ -1205,12 +1205,10 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000
+ 	if (ret_val)
+ 		goto out;
+ 
+-	if (hw->mac.type != e1000_pch_mtp) {
+-		ret_val = e1000e_force_smbus(hw);
+-		if (ret_val) {
+-			e_dbg("Failed to force SMBUS: %d\n", ret_val);
+-			goto release;
+-		}
++	ret_val = e1000e_force_smbus(hw);
++	if (ret_val) {
++		e_dbg("Failed to force SMBUS: %d\n", ret_val);
++		goto release;
+ 	}
+ 
+ 	/* Si workaround for ULP entry flow on i127/rev6 h/w.  Enable
+@@ -1273,13 +1271,6 @@ s32 e1000_enable_ulp_lpt_lp(struct e1000
+ 	}
+ 
+ release:
+-	if (hw->mac.type == e1000_pch_mtp) {
+-		ret_val = e1000e_force_smbus(hw);
+-		if (ret_val)
+-			e_dbg("Failed to force SMBUS over MTL system: %d\n",
+-			      ret_val);
+-	}
+-
+ 	hw->phy.ops.release(hw);
+ out:
+ 	if (ret_val)

debian/patches/patchset-pf/fixes/0006-btrfs-zoned-fix-zone-unusable-accounting-for-freed-r.patch

@@ -0,0 +1,46 @@
+From 4086c1a804741c9c8f418d6088e8c531f2a481f3 Mon Sep 17 00:00:00 2001
+From: Naohiro Aota <naohiro.aota@wdc.com>
+Date: Tue, 1 Oct 2024 17:03:32 +0900
+Subject: btrfs: zoned: fix zone unusable accounting for freed reserved extent
+
+When btrfs reserves an extent and does not use it (e.g, by an error), it
+calls btrfs_free_reserved_extent() to free the reserved extent. In the
+process, it calls btrfs_add_free_space() and then it accounts the region
+bytes as block_group->zone_unusable.
+
+However, it leaves the space_info->bytes_zone_unusable side not updated. As
+a result, ENOSPC can happen while a space_info reservation succeeded. The
+reservation is fine because the freed region is not added in
+space_info->bytes_zone_unusable, leaving that space as "free". OTOH,
+corresponding block group counts it as zone_unusable and its allocation
+pointer is not rewound, we cannot allocate an extent from that block group.
+That will also negate space_info's async/sync reclaim process, and cause an
+ENOSPC error from the extent allocation process.
+
+Fix that by returning the space to space_info->bytes_zone_unusable.
+Ideally, since a bio is not submitted for this reserved region, we should
+return the space to free space and rewind the allocation pointer. But, it
+needs rework on extent allocation handling, so let it work in this way for
+now.
+
+Fixes: 169e0da91a21 ("btrfs: zoned: track unusable bytes for zones")
+CC: stable@vger.kernel.org # 5.15+
+Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ fs/btrfs/block-group.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/btrfs/block-group.c
++++ b/fs/btrfs/block-group.c
+@@ -3819,6 +3819,8 @@ void btrfs_free_reserved_bytes(struct bt
+ 	spin_lock(&cache->lock);
+ 	if (cache->ro)
+ 		space_info->bytes_readonly += num_bytes;
++	else if (btrfs_is_zoned(cache->fs_info))
++		space_info->bytes_zone_unusable += num_bytes;
+ 	cache->reserved -= num_bytes;
+ 	space_info->bytes_reserved -= num_bytes;
+ 	space_info->max_extent_size = 0;

debian/patches/patchset-pf/fixes/0007-btrfs-clear-force-compress-on-remount-when-compress-.patch

@@ -0,0 +1,64 @@
+From aa8155f0ba032729ec4f28c5cb9669fb14f6947b Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Mon, 14 Oct 2024 16:14:18 +0100
+Subject: btrfs: clear force-compress on remount when compress mount option is
+ given
+
+After the migration to use fs context for processing mount options we had
+a slight change in the semantics for remounting a filesystem that was
+mounted with compress-force. Before we could clear compress-force by
+passing only "-o compress[=algo]" during a remount, but after that change
+that does not work anymore, force-compress is still present and one needs
+to pass "-o compress-force=no,compress[=algo]" to the mount command.
+
+Example, when running on a kernel 6.8+:
+
+  $ mount -o compress-force=zlib:9 /dev/sdi /mnt/sdi
+  $ mount | grep sdi
+  /dev/sdi on /mnt/sdi type btrfs (rw,relatime,compress-force=zlib:9,discard=async,space_cache=v2,subvolid=5,subvol=/)
+
+  $ mount -o remount,compress=zlib:5 /mnt/sdi
+  $ mount | grep sdi
+  /dev/sdi on /mnt/sdi type btrfs (rw,relatime,compress-force=zlib:5,discard=async,space_cache=v2,subvolid=5,subvol=/)
+
+On a 6.7 kernel (or older):
+
+  $ mount -o compress-force=zlib:9 /dev/sdi /mnt/sdi
+  $ mount | grep sdi
+  /dev/sdi on /mnt/sdi type btrfs (rw,relatime,compress-force=zlib:9,discard=async,space_cache=v2,subvolid=5,subvol=/)
+
+  $ mount -o remount,compress=zlib:5 /mnt/sdi
+  $ mount | grep sdi
+  /dev/sdi on /mnt/sdi type btrfs (rw,relatime,compress=zlib:5,discard=async,space_cache=v2,subvolid=5,subvol=/)
+
+So update btrfs_parse_param() to clear "compress-force" when "compress" is
+given, providing the same semantics as kernel 6.7 and older.
+
+Reported-by: Roman Mamedov <rm@romanrm.net>
+Link: https://lore.kernel.org/linux-btrfs/20241014182416.13d0f8b0@nvm/
+CC: stable@vger.kernel.org # 6.8+
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ fs/btrfs/super.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/fs/btrfs/super.c
++++ b/fs/btrfs/super.c
+@@ -340,6 +340,15 @@ static int btrfs_parse_param(struct fs_c
+ 		fallthrough;
+ 	case Opt_compress:
+ 	case Opt_compress_type:
++		/*
++		 * Provide the same semantics as older kernels that don't use fs
++		 * context, specifying the "compress" option clears
++		 * "force-compress" without the need to pass
++		 * "compress-force=[no|none]" before specifying "compress".
++		 */
++		if (opt != Opt_compress_force && opt != Opt_compress_force_type)
++			btrfs_clear_opt(ctx->mount_opt, FORCE_COMPRESS);
++
+ 		if (opt == Opt_compress || opt == Opt_compress_force) {
+ 			ctx->compress_type = BTRFS_COMPRESS_ZLIB;
+ 			ctx->compress_level = BTRFS_ZLIB_DEFAULT_LEVEL;

debian/patches/patchset-pf/fixes/0008-btrfs-qgroup-set-a-more-sane-default-value-for-subtr.patch

@@ -0,0 +1,68 @@
+From 81baeb2a67d8245ac5b61299e54dd65defd4ac72 Mon Sep 17 00:00:00 2001
+From: Qu Wenruo <wqu@suse.com>
+Date: Tue, 10 Sep 2024 15:21:04 +0930
+Subject: btrfs: qgroup: set a more sane default value for subtree drop
+ threshold
+
+Since commit 011b46c30476 ("btrfs: skip subtree scan if it's too high to
+avoid low stall in btrfs_commit_transaction()"), btrfs qgroup can
+automatically skip large subtree scan at the cost of marking qgroup
+inconsistent.
+
+It's designed to address the final performance problem of snapshot drop
+with qgroup enabled, but to be safe the default value is
+BTRFS_MAX_LEVEL, requiring a user space daemon to set a different value
+to make it work.
+
+I'd say it's not a good idea to rely on user space tool to set this
+default value, especially when some operations (snapshot dropping) can
+be triggered immediately after mount, leaving a very small window to
+that that sysfs interface.
+
+So instead of disabling this new feature by default, enable it with a
+low threshold (3), so that large subvolume tree drop at mount time won't
+cause huge qgroup workload.
+
+CC: stable@vger.kernel.org # 6.1
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ fs/btrfs/disk-io.c | 2 +-
+ fs/btrfs/qgroup.c  | 2 +-
+ fs/btrfs/qgroup.h  | 2 ++
+ 3 files changed, 4 insertions(+), 2 deletions(-)
+
+--- a/fs/btrfs/disk-io.c
++++ b/fs/btrfs/disk-io.c
+@@ -1960,7 +1960,7 @@ static void btrfs_init_qgroup(struct btr
+ 	fs_info->qgroup_seq = 1;
+ 	fs_info->qgroup_ulist = NULL;
+ 	fs_info->qgroup_rescan_running = false;
+-	fs_info->qgroup_drop_subtree_thres = BTRFS_MAX_LEVEL;
++	fs_info->qgroup_drop_subtree_thres = BTRFS_QGROUP_DROP_SUBTREE_THRES_DEFAULT;
+ 	mutex_init(&fs_info->qgroup_rescan_lock);
+ }
+ 
+--- a/fs/btrfs/qgroup.c
++++ b/fs/btrfs/qgroup.c
+@@ -1407,7 +1407,7 @@ int btrfs_quota_disable(struct btrfs_fs_
+ 	fs_info->quota_root = NULL;
+ 	fs_info->qgroup_flags &= ~BTRFS_QGROUP_STATUS_FLAG_ON;
+ 	fs_info->qgroup_flags &= ~BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE;
+-	fs_info->qgroup_drop_subtree_thres = BTRFS_MAX_LEVEL;
++	fs_info->qgroup_drop_subtree_thres = BTRFS_QGROUP_DROP_SUBTREE_THRES_DEFAULT;
+ 	spin_unlock(&fs_info->qgroup_lock);
+ 
+ 	btrfs_free_qgroup_config(fs_info);
+--- a/fs/btrfs/qgroup.h
++++ b/fs/btrfs/qgroup.h
+@@ -121,6 +121,8 @@ struct btrfs_inode;
+ #define BTRFS_QGROUP_RUNTIME_FLAG_CANCEL_RESCAN		(1ULL << 63)
+ #define BTRFS_QGROUP_RUNTIME_FLAG_NO_ACCOUNTING		(1ULL << 62)
+ 
++#define BTRFS_QGROUP_DROP_SUBTREE_THRES_DEFAULT		(3)
++
+ /*
+  * Record a dirty extent, and info qgroup to update quota on it
+  */

debian/patches/patchset-pf/fixes/0009-btrfs-also-add-stripe-entries-for-NOCOW-writes.patch

@@ -0,0 +1,32 @@
+From 8ea93b01558ea7a752e478ad25862e7441d6053a Mon Sep 17 00:00:00 2001
+From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Date: Thu, 19 Sep 2024 12:16:38 +0200
+Subject: btrfs: also add stripe entries for NOCOW writes
+
+NOCOW writes do not generate stripe_extent entries in the RAID stripe
+tree, as the RAID stripe-tree feature initially was designed with a
+zoned filesystem in mind and on a zoned filesystem, we do not allow NOCOW
+writes. But the RAID stripe-tree feature is independent from the zoned
+feature, so we must also do NOCOW writes for RAID stripe-tree filesystems.
+
+Reviewed-by: Naohiro Aota <naohiro.aota@wdc.com>
+Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ fs/btrfs/inode.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/fs/btrfs/inode.c
++++ b/fs/btrfs/inode.c
+@@ -3087,6 +3087,11 @@ int btrfs_finish_one_ordered(struct btrf
+ 		ret = btrfs_update_inode_fallback(trans, inode);
+ 		if (ret) /* -ENOMEM or corruption */
+ 			btrfs_abort_transaction(trans, ret);
++
++		ret = btrfs_insert_raid_extent(trans, ordered_extent);
++		if (ret)
++			btrfs_abort_transaction(trans, ret);
++
+ 		goto out;
+ 	}
+ 

debian/patches/patchset-pf/fixes/0010-btrfs-fix-read-corruption-due-to-race-with-extent-ma.patch

@@ -0,0 +1,107 @@
+From f6f5cd12972307324de5decd7fa41b0b3c98639c Mon Sep 17 00:00:00 2001
+From: Boris Burkov <boris@bur.io>
+Date: Fri, 18 Oct 2024 15:44:34 -0700
+Subject: btrfs: fix read corruption due to race with extent map merging
+
+In debugging some corrupt squashfs files, we observed symptoms of
+corrupt page cache pages but correct on-disk contents. Further
+investigation revealed that the exact symptom was a correct page
+followed by an incorrect, duplicate, page. This got us thinking about
+extent maps.
+
+commit ac05ca913e9f ("Btrfs: fix race between using extent maps and merging them")
+enforces a reference count on the primary `em` extent_map being merged,
+as that one gets modified.
+
+However, since,
+commit 3d2ac9922465 ("btrfs: introduce new members for extent_map")
+both 'em' and 'merge' get modified, which started modifying 'merge'
+and thus introduced the same race.
+
+We were able to reproduce this by looping the affected squashfs workload
+in parallel on a bunch of separate btrfs-es while also dropping caches.
+We are still working on a simple enough reproducer to make into an fstest.
+
+The simplest fix is to stop modifying 'merge', which is not essential,
+as it is dropped immediately after the merge. This behavior is simply
+a consequence of the order of the two extent maps being important in
+computing the new values. Modify merge_ondisk_extents to take prev and
+next by const* and also take a third merged parameter that it puts the
+results in. Note that this introduces the rather odd behavior of passing
+'em' to merge_ondisk_extents as a const * and as a regular ptr.
+
+Fixes: 3d2ac9922465 ("btrfs: introduce new members for extent_map")
+CC: stable@vger.kernel.org # 6.11+
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Reviewed-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: Omar Sandoval <osandov@fb.com>
+Signed-off-by: Boris Burkov <boris@bur.io>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ fs/btrfs/extent_map.c | 31 ++++++++++++++++---------------
+ 1 file changed, 16 insertions(+), 15 deletions(-)
+
+--- a/fs/btrfs/extent_map.c
++++ b/fs/btrfs/extent_map.c
+@@ -240,13 +240,19 @@ static bool mergeable_maps(const struct
+ /*
+  * Handle the on-disk data extents merge for @prev and @next.
+  *
++ * @prev:    left extent to merge
++ * @next:    right extent to merge
++ * @merged:  the extent we will not discard after the merge; updated with new values
++ *
++ * After this, one of the two extents is the new merged extent and the other is
++ * removed from the tree and likely freed. Note that @merged is one of @prev/@next
++ * so there is const/non-const aliasing occurring here.
++ *
+  * Only touches disk_bytenr/disk_num_bytes/offset/ram_bytes.
+  * For now only uncompressed regular extent can be merged.
+- *
+- * @prev and @next will be both updated to point to the new merged range.
+- * Thus one of them should be removed by the caller.
+  */
+-static void merge_ondisk_extents(struct extent_map *prev, struct extent_map *next)
++static void merge_ondisk_extents(const struct extent_map *prev, const struct extent_map *next,
++				 struct extent_map *merged)
+ {
+ 	u64 new_disk_bytenr;
+ 	u64 new_disk_num_bytes;
+@@ -281,15 +287,10 @@ static void merge_ondisk_extents(struct
+ 			     new_disk_bytenr;
+ 	new_offset = prev->disk_bytenr + prev->offset - new_disk_bytenr;
+ 
+-	prev->disk_bytenr = new_disk_bytenr;
+-	prev->disk_num_bytes = new_disk_num_bytes;
+-	prev->ram_bytes = new_disk_num_bytes;
+-	prev->offset = new_offset;
+-
+-	next->disk_bytenr = new_disk_bytenr;
+-	next->disk_num_bytes = new_disk_num_bytes;
+-	next->ram_bytes = new_disk_num_bytes;
+-	next->offset = new_offset;
++	merged->disk_bytenr = new_disk_bytenr;
++	merged->disk_num_bytes = new_disk_num_bytes;
++	merged->ram_bytes = new_disk_num_bytes;
++	merged->offset = new_offset;
+ }
+ 
+ static void dump_extent_map(struct btrfs_fs_info *fs_info, const char *prefix,
+@@ -358,7 +359,7 @@ static void try_merge_map(struct btrfs_i
+ 			em->generation = max(em->generation, merge->generation);
+ 
+ 			if (em->disk_bytenr < EXTENT_MAP_LAST_BYTE)
+-				merge_ondisk_extents(merge, em);
++				merge_ondisk_extents(merge, em, em);
+ 			em->flags |= EXTENT_FLAG_MERGED;
+ 
+ 			validate_extent_map(fs_info, em);
+@@ -375,7 +376,7 @@ static void try_merge_map(struct btrfs_i
+ 	if (rb && can_merge_extent_map(merge) && mergeable_maps(em, merge)) {
+ 		em->len += merge->len;
+ 		if (em->disk_bytenr < EXTENT_MAP_LAST_BYTE)
+-			merge_ondisk_extents(em, merge);
++			merge_ondisk_extents(em, merge, em);
+ 		validate_extent_map(fs_info, em);
+ 		rb_erase(&merge->rb_node, &tree->root);
+ 		RB_CLEAR_NODE(&merge->rb_node);

debian/patches/patchset-pf/fixes/0011-btrfs-reject-ro-rw-reconfiguration-if-there-are-hard.patch

@@ -0,0 +1,101 @@
+From 7f83049bda761f340991af8dce79a4e98c62b378 Mon Sep 17 00:00:00 2001
+From: Qu Wenruo <wqu@suse.com>
+Date: Thu, 19 Sep 2024 20:18:11 +0930
+Subject: btrfs: reject ro->rw reconfiguration if there are hard ro
+ requirements
+
+[BUG]
+Syzbot reports the following crash:
+
+  BTRFS info (device loop0 state MCS): disabling free space tree
+  BTRFS info (device loop0 state MCS): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
+  BTRFS info (device loop0 state MCS): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
+  Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI
+  KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
+  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
+  RIP: 0010:backup_super_roots fs/btrfs/disk-io.c:1691 [inline]
+  RIP: 0010:write_all_supers+0x97a/0x40f0 fs/btrfs/disk-io.c:4041
+  Call Trace:
+   <TASK>
+   btrfs_commit_transaction+0x1eae/0x3740 fs/btrfs/transaction.c:2530
+   btrfs_delete_free_space_tree+0x383/0x730 fs/btrfs/free-space-tree.c:1312
+   btrfs_start_pre_rw_mount+0xf28/0x1300 fs/btrfs/disk-io.c:3012
+   btrfs_remount_rw fs/btrfs/super.c:1309 [inline]
+   btrfs_reconfigure+0xae6/0x2d40 fs/btrfs/super.c:1534
+   btrfs_reconfigure_for_mount fs/btrfs/super.c:2020 [inline]
+   btrfs_get_tree_subvol fs/btrfs/super.c:2079 [inline]
+   btrfs_get_tree+0x918/0x1920 fs/btrfs/super.c:2115
+   vfs_get_tree+0x90/0x2b0 fs/super.c:1800
+   do_new_mount+0x2be/0xb40 fs/namespace.c:3472
+   do_mount fs/namespace.c:3812 [inline]
+   __do_sys_mount fs/namespace.c:4020 [inline]
+   __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3997
+   do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+   do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
+   entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+[CAUSE]
+To support mounting different subvolume with different RO/RW flags for
+the new mount APIs, btrfs introduced two workaround to support this feature:
+
+- Skip mount option/feature checks if we are mounting a different
+  subvolume
+
+- Reconfigure the fs to RW if the initial mount is RO
+
+Combining these two, we can have the following sequence:
+
+- Mount the fs ro,rescue=all,clear_cache,space_cache=v1
+  rescue=all will mark the fs as hard read-only, so no v2 cache clearing
+  will happen.
+
+- Mount a subvolume rw of the same fs.
+  We go into btrfs_get_tree_subvol(), but fc_mount() returns EBUSY
+  because our new fc is RW, different from the original fs.
+
+  Now we enter btrfs_reconfigure_for_mount(), which switches the RO flag
+  first so that we can grab the existing fs_info.
+  Then we reconfigure the fs to RW.
+
+- During reconfiguration, option/features check is skipped
+  This means we will restart the v2 cache clearing, and convert back to
+  v1 cache.
+  This will trigger fs writes, and since the original fs has "rescue=all"
+  option, it skips the csum tree read.
+
+  And eventually causing NULL pointer dereference in super block
+  writeback.
+
+[FIX]
+For reconfiguration caused by different subvolume RO/RW flags, ensure we
+always run btrfs_check_options() to ensure we have proper hard RO
+requirements met.
+
+In fact the function btrfs_check_options() doesn't really do many
+complex checks, but hard RO requirement and some feature dependency
+checks, thus there is no special reason not to do the check for mount
+reconfiguration.
+
+Reported-by: syzbot+56360f93efa90ff15870@syzkaller.appspotmail.com
+Link: https://lore.kernel.org/linux-btrfs/0000000000008c5d090621cb2770@google.com/
+Fixes: f044b318675f ("btrfs: handle the ro->rw transition for mounting different subvolumes")
+CC: stable@vger.kernel.org # 6.8+
+Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ fs/btrfs/super.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/fs/btrfs/super.c
++++ b/fs/btrfs/super.c
+@@ -1519,8 +1519,7 @@ static int btrfs_reconfigure(struct fs_c
+ 	sync_filesystem(sb);
+ 	set_bit(BTRFS_FS_STATE_REMOUNTING, &fs_info->fs_state);
+ 
+-	if (!mount_reconfigure &&
+-	    !btrfs_check_options(fs_info, &ctx->mount_opt, fc->sb_flags))
++	if (!btrfs_check_options(fs_info, &ctx->mount_opt, fc->sb_flags))
+ 		return -EINVAL;
+ 
+ 	ret = btrfs_check_features(fs_info, !(fc->sb_flags & SB_RDONLY));

debian/patches/patchset-pf/fixes/0012-btrfs-fix-passing-0-to-ERR_PTR-in-btrfs_search_dir_i.patch

@@ -0,0 +1,54 @@
+From ed73b9279db9536a9672cba6506950c26cedb140 Mon Sep 17 00:00:00 2001
+From: Yue Haibing <yuehaibing@huawei.com>
+Date: Tue, 22 Oct 2024 17:52:08 +0800
+Subject: btrfs: fix passing 0 to ERR_PTR in btrfs_search_dir_index_item()
+
+The ret may be zero in btrfs_search_dir_index_item() and should not
+passed to ERR_PTR(). Now btrfs_unlink_subvol() is the only caller to
+this, reconstructed it to check ERR_PTR(-ENOENT) while ret >= 0.
+
+This fixes smatch warnings:
+
+fs/btrfs/dir-item.c:353
+  btrfs_search_dir_index_item() warn: passing zero to 'ERR_PTR'
+
+Fixes: 9dcbe16fccbb ("btrfs: use btrfs_for_each_slot in btrfs_search_dir_index_item")
+CC: stable@vger.kernel.org # 6.1+
+Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Signed-off-by: Yue Haibing <yuehaibing@huawei.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+---
+ fs/btrfs/dir-item.c | 4 ++--
+ fs/btrfs/inode.c    | 7 ++-----
+ 2 files changed, 4 insertions(+), 7 deletions(-)
+
+--- a/fs/btrfs/dir-item.c
++++ b/fs/btrfs/dir-item.c
+@@ -347,8 +347,8 @@ btrfs_search_dir_index_item(struct btrfs
+ 			return di;
+ 	}
+ 	/* Adjust return code if the key was not found in the next leaf. */
+-	if (ret > 0)
+-		ret = 0;
++	if (ret >= 0)
++		ret = -ENOENT;
+ 
+ 	return ERR_PTR(ret);
+ }
+--- a/fs/btrfs/inode.c
++++ b/fs/btrfs/inode.c
+@@ -4344,11 +4344,8 @@ static int btrfs_unlink_subvol(struct bt
+ 	 */
+ 	if (btrfs_ino(inode) == BTRFS_EMPTY_SUBVOL_DIR_OBJECTID) {
+ 		di = btrfs_search_dir_index_item(root, path, dir_ino, &fname.disk_name);
+-		if (IS_ERR_OR_NULL(di)) {
+-			if (!di)
+-				ret = -ENOENT;
+-			else
+-				ret = PTR_ERR(di);
++		if (IS_ERR(di)) {
++			ret = PTR_ERR(di);
+ 			btrfs_abort_transaction(trans, ret);
+ 			goto out;
+ 		}