refresh patches

2025-03-27 01:51:30 +03:00
parent 3d597650a9
commit b65c570ac2
239 changed files with 14214 additions and 9267 deletions
--- a/debian/patches/patchset-pf/fixes/0001-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch
+++ b/debian/patches/patchset-pf/fixes/0001-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch
@@ -1,31 +0,0 @@
-From cda0e050fec85635986e9cfe991e26339bf305dc Mon Sep 17 00:00:00 2001
-From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
-Date: Sat, 13 Jan 2024 15:29:25 +0100
-Subject: arch/Kconfig: Default to maximum amount of ASLR bits
-
-To mitigate https://zolutal.github.io/aslrnt/; do this with a patch to
-avoid having to enable `CONFIG_EXPERT`.
---
- arch/Kconfig | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
--- a/arch/Kconfig
-+++ b/arch/Kconfig
-@@ -1089,7 +1089,7 @@ config ARCH_MMAP_RND_BITS
- 	int "Number of bits to use for ASLR of mmap base address" if EXPERT
- 	range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
- 	default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT
-	default ARCH_MMAP_RND_BITS_MIN
-+	default ARCH_MMAP_RND_BITS_MAX
- 	depends on HAVE_ARCH_MMAP_RND_BITS
- 	help
- 	  This value can be used to select the number of bits to use to
-@@ -1123,7 +1123,7 @@ config ARCH_MMAP_RND_COMPAT_BITS
- 	int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT
- 	range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX
- 	default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
-	default ARCH_MMAP_RND_COMPAT_BITS_MIN
-+	default ARCH_MMAP_RND_COMPAT_BITS_MAX
- 	depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS
- 	help
- 	  This value can be used to select the number of bits to use to
--- a/debian/patches/patchset-pf/fixes/0001-tpm-do-not-start-chip-while-suspended.patch
+++ b/debian/patches/patchset-pf/fixes/0001-tpm-do-not-start-chip-while-suspended.patch
@@ -0,0 +1,94 @@
+From 52af8f543922b47a31ddbb6ffb81f40ad9993309 Mon Sep 17 00:00:00 2001
+From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
+Date: Fri, 7 Feb 2025 15:07:46 -0300
+Subject: tpm: do not start chip while suspended
+
+Checking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can
+lead to a spurious tpm_chip_start() call:
+
+[35985.503771] i2c i2c-1: Transfer while suspended
+[35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810
+[35985.503802] Modules linked in:
+[35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G        W          6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f
+[35985.503814] Tainted: [W]=WARN
+[35985.503817] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023
+[35985.503819] RIP: 0010:__i2c_transfer+0xbe/0x810
+[35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe <0f> 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5
+[35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246
+[35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000
+[35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001
+[35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
+[35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820
+[35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120
+[35985.503846] FS:  0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000
+[35985.503849] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0
+[35985.503855] Call Trace:
+[35985.503859]  <TASK>
+[35985.503863]  ? __warn+0xd4/0x260
+[35985.503868]  ? __i2c_transfer+0xbe/0x810
+[35985.503874]  ? report_bug+0xf3/0x210
+[35985.503882]  ? handle_bug+0x63/0xb0
+[35985.503887]  ? exc_invalid_op+0x16/0x50
+[35985.503892]  ? asm_exc_invalid_op+0x16/0x20
+[35985.503904]  ? __i2c_transfer+0xbe/0x810
+[35985.503913]  tpm_cr50_i2c_transfer_message+0x24/0xf0
+[35985.503920]  tpm_cr50_i2c_read+0x8e/0x120
+[35985.503928]  tpm_cr50_request_locality+0x75/0x170
+[35985.503935]  tpm_chip_start+0x116/0x160
+[35985.503942]  tpm_try_get_ops+0x57/0x90
+[35985.503948]  tpm_find_get_ops+0x26/0xd0
+[35985.503955]  tpm_get_random+0x2d/0x80
+
+Don't move forward with tpm_chip_start() inside tpm_try_get_ops(), unless
+TPM_CHIP_FLAG_SUSPENDED is not set. tpm_find_get_ops() will return NULL in
+such a failure case.
+
+Fixes: 9265fed6db60 ("tpm: Lock TPM chip in tpm_pm_suspend() first")
+Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
+Cc: stable@vger.kernel.org
+Cc: Jerry Snitselaar <jsnitsel@redhat.com>
+Cc: Mike Seo <mikeseohyungjin@gmail.com>
+Cc: Jarkko Sakkinen <jarkko@kernel.org>
+Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
+Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
+---
+ drivers/char/tpm/tpm-chip.c      | 5 +++++
+ drivers/char/tpm/tpm-interface.c | 7 -------
+ 2 files changed, 5 insertions(+), 7 deletions(-)
+
+--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
+@@ -168,6 +168,11 @@ int tpm_try_get_ops(struct tpm_chip *chi
+ 		goto out_ops;
+ 
+ 	mutex_lock(&chip->tpm_mutex);
+
+	/* tmp_chip_start may issue IO that is denied while suspended */
+	if (chip->flags & TPM_CHIP_FLAG_SUSPENDED)
+		goto out_lock;
+
+ 	rc = tpm_chip_start(chip);
+ 	if (rc)
+ 		goto out_lock;
+--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
+@@ -445,18 +445,11 @@ int tpm_get_random(struct tpm_chip *chip
+ 	if (!chip)
+ 		return -ENODEV;
+ 
+-	/* Give back zero bytes, as TPM chip has not yet fully resumed: */
+-	if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) {
+-		rc = 0;
+-		goto out;
+-	}
+-
+ 	if (chip->flags & TPM_CHIP_FLAG_TPM2)
+ 		rc = tpm2_get_random(chip, out, max);
+ 	else
+ 		rc = tpm1_get_random(chip, out, max);
+ 
+-out:
+ 	tpm_put_ops(chip);
+ 	return rc;
+ }
--- a/debian/patches/patchset-pf/fixes/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch
+++ b/debian/patches/patchset-pf/fixes/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch
@@ -1,83 +0,0 @@
-From 218e958524c673d6e68737e7f82d80ba2b6ef59a Mon Sep 17 00:00:00 2001
-From: Javier Martinez Canillas <javierm@redhat.com>
-Date: Thu, 19 May 2022 14:40:07 +0200
-Subject: drivers/firmware: skip simpledrm if nvidia-drm.modeset=1 is set
-
-The Nvidia proprietary driver has some bugs that leads to issues if used
-with the simpledrm driver. The most noticeable is that does not register
-an emulated fbdev device.
-
-It just relies on a fbdev to be registered by another driver, that could
-be that could be attached to the framebuffer console. On UEFI machines,
-this is the efifb driver.
-
-This means that disabling the efifb driver will cause virtual consoles to
-not be present in the system when using the Nvidia driver. Legacy BIOS is
-not affected just because fbcon is not used there, but instead vgacon.
-
-Unless a VGA mode is specified using the vga= kernel command line option,
-in that case the vesafb driver is used instead and its fbdev attached to
-the fbcon.
-
-This is a problem because with CONFIG_SYSFB_SIMPLEFB=y, the sysfb platform
-code attempts to register a "simple-framebuffer" platform device (that is
-matched against simpledrm) and only registers either an "efi-framebuffer"
-or "vesa-framebuffer" if this fails to be registered due the video modes
-not being compatible.
-
-The Nvidia driver relying on another driver to register the fbdev is quite
-fragile, since it can't really assume those will stick around. For example
-there are patches posted to remove the EFI and VESA platform devices once
-a real DRM or fbdev driver probes.
-
-But in any case, moving to a simpledrm + emulated fbdev only breaks this
-assumption and causes users to not have VT if the Nvidia driver is used.
-
-So to prevent this, let's add a workaround and make the sysfb to skip the
-"simple-framebuffer" registration when nvidia-drm.modeset=1 option is set.
-
-This is quite horrible, but honestly I can't think of any other approach.
-
-For this to work, the CONFIG_FB_EFI and CONFIG_FB_VESA config options must
-be enabled besides CONFIG_DRM_SIMPLEDRM.
-
-Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
-Cherry-picked-for: https://bugs.archlinux.org/task/73720
---
- drivers/firmware/sysfb.c | 18 +++++++++++++++++-
- 1 file changed, 17 insertions(+), 1 deletion(-)
-
--- a/drivers/firmware/sysfb.c
-+++ b/drivers/firmware/sysfb.c
-@@ -35,6 +35,22 @@
- #include <linux/screen_info.h>
- #include <linux/sysfb.h>
- 
-+static int skip_simpledrm;
-+
-+static int __init simpledrm_disable(char *opt)
-+{
-+	if (!opt)
-+                return -EINVAL;
-+
-+	get_option(&opt, &skip_simpledrm);
-+
-+	if (skip_simpledrm)
-+		pr_info("The simpledrm driver will not be probed\n");
-+
-+	return 0;
-+}
-+early_param("nvidia-drm.modeset", simpledrm_disable);
-+
- static struct platform_device *pd;
- static DEFINE_MUTEX(disable_lock);
- static bool disabled;
-@@ -145,7 +161,7 @@ static __init int sysfb_init(void)
- 
- 	/* try to create a simple-framebuffer device */
- 	compatible = sysfb_parse_mode(si, &mode);
-	if (compatible) {
-+	if (compatible && !skip_simpledrm) {
- 		pd = sysfb_create_simplefb(si, &mode, parent);
- 		if (!IS_ERR(pd))
- 			goto put_device;
--- a/debian/patches/patchset-pf/fixes/0002-x86-insn_decoder_test-allow-longer-symbol-names.patch
+++ b/debian/patches/patchset-pf/fixes/0002-x86-insn_decoder_test-allow-longer-symbol-names.patch
@@ -0,0 +1,45 @@
+From 2c26fd36ffb4bed4d55f9c7ba8d4f22db093eba2 Mon Sep 17 00:00:00 2001
+From: David Rheinsberg <david@readahead.eu>
+Date: Tue, 24 Jan 2023 12:04:59 +0100
+Subject: x86/insn_decoder_test: allow longer symbol-names
+
+Increase the allowed line-length of the insn-decoder-test to 4k to allow
+for symbol-names longer than 256 characters.
+
+The insn-decoder-test takes objdump output as input, which may contain
+symbol-names as instruction arguments. With rust-code entering the
+kernel, those symbol-names will include mangled-symbols which might
+exceed the current line-length-limit of the tool.
+
+By bumping the line-length-limit of the tool to 4k, we get a reasonable
+buffer for all objdump outputs I have seen so far. Unfortunately, ELF
+symbol-names are not restricted in length, so technically this might
+still end up failing if we encounter longer names in the future.
+
+My compile-failure looks like this:
+
+    arch/x86/tools/insn_decoder_test: error: malformed line 1152000:
+    tBb_+0xf2>
+
+..which overflowed by 10 characters reading this line:
+
+    ffffffff81458193:   74 3d                   je     ffffffff814581d2 <_RNvXse_NtNtNtCshGpAVYOtgW1_4core4iter8adapters7flattenINtB5_13FlattenCompatINtNtB7_3map3MapNtNtNtBb_3str4iter5CharsNtB1v_17CharEscapeDefaultENtNtBb_4char13EscapeDefaultENtNtBb_3fmt5Debug3fmtBb_+0xf2>
+
+Signed-off-by: David Rheinsberg <david@readahead.eu>
+Signed-off-by: Scott Weaver <scweaver@redhat.com>
+Cherry-picked-for: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/63
+---
+ arch/x86/tools/insn_decoder_test.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/tools/insn_decoder_test.c
+++ b/arch/x86/tools/insn_decoder_test.c
+@@ -106,7 +106,7 @@ static void parse_args(int argc, char **
+ 	}
+ }
+ 
+-#define BUFSIZE 256
+#define BUFSIZE 4096
+ 
+ int main(int argc, char **argv)
+ {