release 6.14.3

debian/bin/genpatch-pfkernel

@@ -7,7 +7,7 @@ w=$(git rev-parse --path-format=absolute --show-toplevel) ; : "${w:?}" ; cd "$w"
 
 dst='debian/patches/pf-tmp'
 src='../linux-extras'
-branches='amd-pstate btrfs cpuidle crypto exfat fixes fuse kbuild nfs smb zstd'
+branches='amd-pstate cpuidle crypto fixes fuse kbuild smb zstd'
 
 if [ -d "${dst}" ] ; then rm -rf "${dst}" ; fi
 mkdir -p "${dst}"

debian/changelog

@@ -1,3 +1,10 @@
+linux (6.14.3-1) sid; urgency=medium
+
+  * New upstream stable update:
+    https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.3
+
+ -- Konstantin Demin <rockdrilla@gmail.com>  Mon, 21 Apr 2025 01:31:34 +0300
+
 linux (6.14.2-1) sid; urgency=medium
 
   * New upstream stable update:

debian/config/amd64/config.mobile

@@ -1394,6 +1394,7 @@ CONFIG_HID_THRUSTMASTER=m
 CONFIG_THRUSTMASTER_FF=y
 CONFIG_HID_UDRAW_PS3=m
 CONFIG_HID_U2FZERO=m
+CONFIG_HID_UNIVERSAL_PIDFF=m
 CONFIG_HID_WACOM=m
 CONFIG_HID_WIIMOTE=m
 CONFIG_HID_WINWING=m

debian/config/amd64/config.vm

@@ -808,6 +808,7 @@ CONFIG_HID_HYPERV_MOUSE=m
 # CONFIG_HID_TOPRE is not set
 # CONFIG_HID_THRUSTMASTER is not set
 # CONFIG_HID_UDRAW_PS3 is not set
+# CONFIG_HID_UNIVERSAL_PIDFF is not set
 # CONFIG_HID_WACOM is not set
 # CONFIG_HID_XINMO is not set
 # CONFIG_HID_ZEROPLUS is not set

debian/config/config

@@ -2080,11 +2080,11 @@ CONFIG_INITRAMFS_PRESERVE_MTIME=y
 CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE_O3=y
 # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
 ## end choice
+# CONFIG_SYSFS_SYSCALL is not set
 CONFIG_EXPERT=y
 # CONFIG_UID16 is not set
 CONFIG_MULTIUSER=y
 # CONFIG_SGETMASK_SYSCALL is not set
-# CONFIG_SYSFS_SYSCALL is not set
 CONFIG_FHANDLE=y
 CONFIG_POSIX_TIMERS=y
 CONFIG_PRINTK=y
@@ -3819,7 +3819,7 @@ CONFIG_HAVE_KVM_DIRTY_RING=y
 CONFIG_HAVE_KVM_DIRTY_RING_ACQ_REL=y
 CONFIG_HAVE_KVM_DIRTY_RING_TSO=y
 CONFIG_HAVE_KVM_IRQCHIP=y
-CONFIG_HAVE_KVM_IRQ_BYPASS=y
+CONFIG_HAVE_KVM_IRQ_BYPASS=m
 CONFIG_HAVE_KVM_IRQ_ROUTING=y
 CONFIG_HAVE_KVM_MSI=y
 CONFIG_HAVE_KVM_NO_POLL=y
@@ -3920,7 +3920,7 @@ CONFIG_IPVLAN_L3S=y
 CONFIG_IP_DCCP_TFRC_LIB=y
 CONFIG_IP_MROUTE_COMMON=y
 CONFIG_IP_ROUTE_CLASSID=y
-CONFIG_IRQ_BYPASS_MANAGER=y
+CONFIG_IRQ_BYPASS_MANAGER=m
 CONFIG_IRQ_DOMAIN=y
 CONFIG_IRQ_DOMAIN_HIERARCHY=y
 CONFIG_IRQ_FORCED_THREADING=y

debian/libcpupower1.symbols

@@ -6,6 +6,7 @@ libcpupower.so.1 libcpupower1 #MINVER#
  cpufreq_get_available_governors@Base 4.7~rc2-1~exp1
  cpufreq_get_boost_frequencies@Base 5.5.8-1~exp1
  cpufreq_get_driver@Base 4.7~rc2-1~exp1
+ cpufreq_get_energy_performance_preference@Base 6.14~
  cpufreq_get_freq_hardware@Base 4.7~rc2-1~exp1
  cpufreq_get_freq_kernel@Base 4.7~rc2-1~exp1
  cpufreq_get_hardware_limits@Base 4.7~rc2-1~exp1
@@ -23,6 +24,7 @@ libcpupower.so.1 libcpupower1 #MINVER#
  cpufreq_put_available_governors@Base 4.7~rc2-1~exp1
  cpufreq_put_boost_frequencies@Base 5.5.8-1~exp1
  cpufreq_put_driver@Base 4.7~rc2-1~exp1
+ cpufreq_put_energy_performance_preference@Base 6.14~
  cpufreq_put_policy@Base 4.7~rc2-1~exp1
  cpufreq_put_related_cpus@Base 4.7~rc2-1~exp1
  cpufreq_put_stats@Base 4.7~rc2-1~exp1

debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch

@@ -29,7 +29,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  MODULE_SOFTDEP("pre: blake2b-256");
 --- a/fs/jbd2/journal.c
 +++ b/fs/jbd2/journal.c
-@@ -3159,6 +3159,7 @@ static void __exit journal_exit(void)
+@@ -3158,6 +3158,7 @@ static void __exit journal_exit(void)
  
  MODULE_DESCRIPTION("Generic filesystem journal-writing module");
  MODULE_LICENSE("GPL");

debian/patches/bugfix/all/hfs-hfsplus-fix-slab-out-of-bounds-in-hfs_bnode_read.patch

@@ -0,0 +1,84 @@
+From: Vasiliy Kovalev <kovalev@altlinux.org>
+Date: Sat, 19 Oct 2024 22:13:03 +0300
+Subject: hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
+Origin: https://git.kernel.org/linus/bb5e07cb927724e0b47be371fa081141cfb14414
+
+Syzbot reported an issue in hfs subsystem:
+
+BUG: KASAN: slab-out-of-bounds in memcpy_from_page include/linux/highmem.h:423 [inline]
+BUG: KASAN: slab-out-of-bounds in hfs_bnode_read fs/hfs/bnode.c:35 [inline]
+BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70
+Write of size 94 at addr ffff8880123cd100 by task syz-executor237/5102
+
+Call Trace:
+ <TASK>
+ __dump_stack lib/dump_stack.c:94 [inline]
+ dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
+ print_address_description mm/kasan/report.c:377 [inline]
+ print_report+0x169/0x550 mm/kasan/report.c:488
+ kasan_report+0x143/0x180 mm/kasan/report.c:601
+ kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
+ __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106
+ memcpy_from_page include/linux/highmem.h:423 [inline]
+ hfs_bnode_read fs/hfs/bnode.c:35 [inline]
+ hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70
+ hfs_brec_insert+0x7f3/0xbd0 fs/hfs/brec.c:159
+ hfs_cat_create+0x41d/0xa50 fs/hfs/catalog.c:118
+ hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232
+ vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257
+ do_mkdirat+0x264/0x3a0 fs/namei.c:4280
+ __do_sys_mkdir fs/namei.c:4300 [inline]
+ __se_sys_mkdir fs/namei.c:4298 [inline]
+ __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+RIP: 0033:0x7fbdd6057a99
+
+Add a check for key length in hfs_bnode_read_key to prevent
+out-of-bounds memory access. If the key length is invalid, the
+key buffer is cleared, improving stability and reliability.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Reported-by: syzbot+5f3a973ed3dfb85a6683@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=5f3a973ed3dfb85a6683
+Cc: stable@vger.kernel.org
+Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
+Link: https://lore.kernel.org/20241019191303.24048-1-kovalev@altlinux.org
+Reviewed-by: Cengiz Can <cengiz.can@canonical.com>
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+---
+ fs/hfs/bnode.c     | 6 ++++++
+ fs/hfsplus/bnode.c | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+--- a/fs/hfs/bnode.c
++++ b/fs/hfs/bnode.c
+@@ -67,6 +67,12 @@ void hfs_bnode_read_key(struct hfs_bnode
+ 	else
+ 		key_len = tree->max_key_len + 1;
+ 
++	if (key_len > sizeof(hfs_btree_key) || key_len < 1) {
++		memset(key, 0, sizeof(hfs_btree_key));
++		pr_err("hfs: Invalid key length: %d\n", key_len);
++		return;
++	}
++
+ 	hfs_bnode_read(node, key, off, key_len);
+ }
+ 
+--- a/fs/hfsplus/bnode.c
++++ b/fs/hfsplus/bnode.c
+@@ -67,6 +67,12 @@ void hfs_bnode_read_key(struct hfs_bnode
+ 	else
+ 		key_len = tree->max_key_len + 2;
+ 
++	if (key_len > sizeof(hfsplus_btree_key) || key_len < 1) {
++		memset(key, 0, sizeof(hfsplus_btree_key));
++		pr_err("hfsplus: Invalid key length: %d\n", key_len);
++		return;
++	}
++
+ 	hfs_bnode_read(node, key, off, key_len);
+ }
+ 

debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch

@@ -60,3 +60,31 @@ Consequently, the ashmem part of this patch has been removed.
  		   uint, 0644);
  
  #define binder_alloc_debug(mask, x...) \
+--- a/mm/list_lru.c
++++ b/mm/list_lru.c
+@@ -175,6 +175,7 @@ bool list_lru_add(struct list_lru *lru,
+ 	unlock_list_lru(l, false);
+ 	return false;
+ }
++EXPORT_SYMBOL_GPL(list_lru_add);
+ 
+ bool list_lru_add_obj(struct list_lru *lru, struct list_head *item)
+ {
+@@ -212,6 +213,7 @@ bool list_lru_del(struct list_lru *lru,
+ 	unlock_list_lru(l, false);
+ 	return false;
+ }
++EXPORT_SYMBOL_GPL(list_lru_del);
+ 
+ bool list_lru_del_obj(struct list_lru *lru, struct list_head *item)
+ {
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@ -6392,6 +6392,7 @@ inval:
+ 	count_vm_vma_lock_event(VMA_LOCK_ABORT);
+ 	return NULL;
+ }
++EXPORT_SYMBOL_GPL(lock_vma_under_rcu);
+ #endif /* CONFIG_PER_VMA_LOCK */
+ 
+ #ifndef __PAGETABLE_P4D_FOLDED

debian/patches/debian/export-symbols-needed-by-android-drivers.patch

@@ -22,7 +22,7 @@ Export the currently un-exported symbols it depends on.
 
 --- a/fs/file.c
 +++ b/fs/file.c
-@@ -837,6 +837,7 @@ struct file *file_close_fd(unsigned int
+@@ -845,6 +845,7 @@ struct file *file_close_fd(unsigned int
  
  	return file;
  }

debian/patches/debian/makefile-make-compiler-version-comparison-optional.patch

@@ -20,7 +20,7 @@ is non-empty.
 ---
 --- a/Makefile
 +++ b/Makefile
-@@ -1873,7 +1873,7 @@ PHONY += prepare
+@@ -1876,7 +1876,7 @@ PHONY += prepare
  # now expand this into a simple variable to reduce the cost of shell evaluations
  prepare: CC_VERSION_TEXT := $(CC_VERSION_TEXT)
  prepare:

debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch

@@ -0,0 +1,153 @@
+From: Linn Crosetto <linn@hpe.com>
+Date: Tue, 30 Aug 2016 11:54:38 -0600
+Subject: arm64: add kernel config option to lock down when in Secure Boot mode
+Bug-Debian: https://bugs.debian.org/831827
+Forwarded: no
+
+Add a kernel configuration option to lock down the kernel, to restrict
+userspace's ability to modify the running kernel when UEFI Secure Boot is
+enabled. Based on the x86 patch by Matthew Garrett.
+
+Determine the state of Secure Boot in the EFI stub and pass this to the
+kernel using the FDT.
+
+Signed-off-by: Linn Crosetto <linn@hpe.com>
+[bwh: Forward-ported to 4.10: adjust context]
+[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream]
+[bwh: Forward-ported to 4.15 and lockdown patch set:
+ - Pass result of efi_get_secureboot() in stub through to
+   efi_set_secure_boot() in main kernel
+ - Use lockdown API and naming]
+[bwh: Forward-ported to 4.19.3: adjust context in update_fdt()]
+[dannf: Moved init_lockdown() call after uefi_init(), fixing SB detection]
+[bwh: Drop call to init_lockdown(), as efi_set_secure_boot() now calls this]
+[bwh: Forward-ported to 5.6: efi_get_secureboot() no longer takes a
+ sys_table parameter]
+[bwh: Forward-ported to 5.7: EFI initialisation from FDT was rewritten, so:
+ - Add Secure Boot mode to the parameter enumeration in fdtparams.c
+ - Add a parameter to efi_get_fdt_params() to return the Secure Boot mode
+ - Since Xen does not have a property name defined for Secure Boot mode,
+   change efi_get_fdt_prop() to handle a missing property name by clearing
+   the output variable]
+[Salvatore Bonaccorso: Forward-ported to 5.10: f30f242fb131 ("efi: Rename
+arm-init to efi-init common for all arch") renamed arm-init.c to efi-init.c]
+---
+ drivers/firmware/efi/efi-init.c    |    5 ++++-
+ drivers/firmware/efi/fdtparams.c   |   12 +++++++++++-
+ drivers/firmware/efi/libstub/fdt.c |    6 ++++++
+ include/linux/efi.h                |    3 ++-
+ 4 files changed, 23 insertions(+), 3 deletions(-)
+
+--- a/drivers/firmware/efi/efi-init.c
++++ b/drivers/firmware/efi/efi-init.c
+@@ -213,9 +213,10 @@ void __init efi_init(void)
+ {
+ 	struct efi_memory_map_data data;
+ 	u64 efi_system_table;
++	u32 secure_boot;
+ 
+ 	/* Grab UEFI information placed in FDT by stub */
+-	efi_system_table = efi_get_fdt_params(&data);
++	efi_system_table = efi_get_fdt_params(&data, &secure_boot);
+ 	if (!efi_system_table)
+ 		return;
+ 
+@@ -237,6 +238,8 @@ void __init efi_init(void)
+ 		return;
+ 	}
+ 
++	efi_set_secure_boot(secure_boot);
++
+ 	reserve_regions();
+ 	/*
+ 	 * For memblock manipulation, the cap should come after the memblock_add().
+--- a/drivers/firmware/efi/fdtparams.c
++++ b/drivers/firmware/efi/fdtparams.c
+@@ -16,6 +16,7 @@ enum {
+ 	MMSIZE,
+ 	DCSIZE,
+ 	DCVERS,
++	SBMODE,
+ 
+ 	PARAMCOUNT
+ };
+@@ -26,6 +27,7 @@ static __initconst const char name[][22]
+ 	[MMSIZE] = "MemMap Size          ",
+ 	[DCSIZE] = "MemMap Desc. Size    ",
+ 	[DCVERS] = "MemMap Desc. Version ",
++	[SBMODE] = "Secure Boot Enabled  ",
+ };
+ 
+ static __initconst const struct {
+@@ -43,6 +45,7 @@ static __initconst const struct {
+ 			[MMSIZE] = "xen,uefi-mmap-size",
+ 			[DCSIZE] = "xen,uefi-mmap-desc-size",
+ 			[DCVERS] = "xen,uefi-mmap-desc-ver",
++			[SBMODE] = "",
+ 		}
+ 	}, {
+ #endif
+@@ -53,6 +56,7 @@ static __initconst const struct {
+ 			[MMSIZE] = "linux,uefi-mmap-size",
+ 			[DCSIZE] = "linux,uefi-mmap-desc-size",
+ 			[DCVERS] = "linux,uefi-mmap-desc-ver",
++			[SBMODE] = "linux,uefi-secure-boot",
+ 		}
+ 	}
+ };
+@@ -64,6 +68,11 @@ static int __init efi_get_fdt_prop(const
+ 	int len;
+ 	u64 val;
+ 
++	if (!pname[0]) {
++		memset(var, 0, size);
++		return 0;
++	}
++
+ 	prop = fdt_getprop(fdt, node, pname, &len);
+ 	if (!prop)
+ 		return 1;
+@@ -81,7 +90,7 @@ static int __init efi_get_fdt_prop(const
+ 	return 0;
+ }
+ 
+-u64 __init efi_get_fdt_params(struct efi_memory_map_data *mm)
++u64 __init efi_get_fdt_params(struct efi_memory_map_data *mm, u32 *secure_boot)
+ {
+ 	const void *fdt = initial_boot_params;
+ 	unsigned long systab;
+@@ -95,6 +104,7 @@ u64 __init efi_get_fdt_params(struct efi
+ 		[MMSIZE] = { &mm->size,		sizeof(mm->size) },
+ 		[DCSIZE] = { &mm->desc_size,	sizeof(mm->desc_size) },
+ 		[DCVERS] = { &mm->desc_version,	sizeof(mm->desc_version) },
++		[SBMODE] = { secure_boot,       sizeof(*secure_boot) },
+ 	};
+ 
+ 	BUILD_BUG_ON(ARRAY_SIZE(target) != ARRAY_SIZE(name));
+--- a/drivers/firmware/efi/libstub/fdt.c
++++ b/drivers/firmware/efi/libstub/fdt.c
+@@ -132,6 +132,12 @@ static efi_status_t update_fdt(void *ori
+ 		}
+ 	}
+ 
++	fdt_val32 = cpu_to_fdt32(efi_get_secureboot());
++	status = fdt_setprop(fdt, node, "linux,uefi-secure-boot",
++			     &fdt_val32, sizeof(fdt_val32));
++	if (status)
++		goto fdt_set_fail;
++
+ 	/* Shrink the FDT back to its minimum size: */
+ 	fdt_pack(fdt);
+ 
+--- a/include/linux/efi.h
++++ b/include/linux/efi.h
+@@ -753,7 +753,8 @@ extern int efi_mem_desc_lookup(u64 phys_
+ extern int __efi_mem_desc_lookup(u64 phys_addr, efi_memory_desc_t *out_md);
+ extern void efi_mem_reserve(phys_addr_t addr, u64 size);
+ extern int efi_mem_reserve_persistent(phys_addr_t addr, u64 size);
+-extern u64 efi_get_fdt_params(struct efi_memory_map_data *data);
++extern u64 efi_get_fdt_params(struct efi_memory_map_data *data,
++			      u32 *secure_boot);
+ extern struct kobject *efi_kobj;
+ 
+ extern int efi_reboot_quirk_mode;

debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch

@@ -0,0 +1,153 @@
+From: David Howells <dhowells@redhat.com>
+Date: Mon, 18 Feb 2019 12:45:03 +0000
+Subject: [28/30] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a5d70c55c603233c192b375f72116a395909da28
+
+UEFI machines can be booted in Secure Boot mode.  Add an EFI_SECURE_BOOT
+flag that can be passed to efi_enabled() to find out whether secure boot is
+enabled.
+
+Move the switch-statement in x86's setup_arch() that inteprets the
+secure_boot boot parameter to generic code and set the bit there.
+
+Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+cc: linux-efi@vger.kernel.org
+[rperier: Forward-ported to 5.5:
+ - Use pr_warn()
+ - Adjust context]
+[bwh: Forward-ported to 5.6: adjust context]
+[bwh: Forward-ported to 5.7:
+ - Use the next available bit in efi.flags
+ - Adjust context]
+---
+ arch/x86/kernel/setup.c           | 14 +----------
+ drivers/firmware/efi/Makefile     |  1 +
+ drivers/firmware/efi/secureboot.c | 39 +++++++++++++++++++++++++++++++
+ include/linux/efi.h               | 16 ++++++++-----
+ 4 files changed, 51 insertions(+), 19 deletions(-)
+ create mode 100644 drivers/firmware/efi/secureboot.c
+
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -1073,19 +1073,7 @@ void __init setup_arch(char **cmdline_p)
+ 	/* Allocate bigger log buffer */
+ 	setup_log_buf(1);
+ 
+-	if (efi_enabled(EFI_BOOT)) {
+-		switch (boot_params.secure_boot) {
+-		case efi_secureboot_mode_disabled:
+-			pr_info("Secure boot disabled\n");
+-			break;
+-		case efi_secureboot_mode_enabled:
+-			pr_info("Secure boot enabled\n");
+-			break;
+-		default:
+-			pr_info("Secure boot could not be determined\n");
+-			break;
+-		}
+-	}
++	efi_set_secure_boot(boot_params.secure_boot);
+ 
+ 	reserve_initrd();
+ 
+--- a/drivers/firmware/efi/Makefile
++++ b/drivers/firmware/efi/Makefile
+@@ -25,6 +25,7 @@ subdir-$(CONFIG_EFI_STUB)		+= libstub
+ obj-$(CONFIG_EFI_BOOTLOADER_CONTROL)	+= efibc.o
+ obj-$(CONFIG_EFI_TEST)			+= test/
+ obj-$(CONFIG_EFI_DEV_PATH_PARSER)	+= dev-path-parser.o
++obj-$(CONFIG_EFI)			+= secureboot.o
+ obj-$(CONFIG_APPLE_PROPERTIES)		+= apple-properties.o
+ obj-$(CONFIG_EFI_RCI2_TABLE)		+= rci2-table.o
+ obj-$(CONFIG_EFI_EMBEDDED_FIRMWARE)	+= embedded-firmware.o
+--- /dev/null
++++ b/drivers/firmware/efi/secureboot.c
+@@ -0,0 +1,39 @@
++
++/* Core kernel secure boot support.
++ *
++ * Copyright (C) 2017 Red Hat, Inc. All Rights Reserved.
++ * Written by David Howells (dhowells@redhat.com)
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public Licence
++ * as published by the Free Software Foundation; either version
++ * 2 of the Licence, or (at your option) any later version.
++ */
++
++#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
++
++#include <linux/efi.h>
++#include <linux/kernel.h>
++#include <linux/printk.h>
++
++/*
++ * Decide what to do when UEFI secure boot mode is enabled.
++ */
++void __init efi_set_secure_boot(enum efi_secureboot_mode mode)
++{
++	if (efi_enabled(EFI_BOOT)) {
++		switch (mode) {
++		case efi_secureboot_mode_disabled:
++			pr_info("Secure boot disabled\n");
++			break;
++		case efi_secureboot_mode_enabled:
++			set_bit(EFI_SECURE_BOOT, &efi.flags);
++			pr_info("Secure boot enabled\n");
++			break;
++		default:
++			pr_warn("Secure boot could not be determined (mode %u)\n",
++				mode);
++			break;
++		}
++	}
++}
+--- a/include/linux/efi.h
++++ b/include/linux/efi.h
+@@ -863,6 +863,14 @@ static inline int efi_range_is_wc(unsign
+ #define EFI_MEM_ATTR		9	/* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */
+ #define EFI_MEM_NO_SOFT_RESERVE	10	/* Is the kernel configured to ignore soft reservations? */
+ #define EFI_PRESERVE_BS_REGIONS	11	/* Are EFI boot-services memory segments available? */
++#define EFI_SECURE_BOOT		12	/* Are we in Secure Boot mode? */
++
++enum efi_secureboot_mode {
++	efi_secureboot_mode_unset,
++	efi_secureboot_mode_unknown,
++	efi_secureboot_mode_disabled,
++	efi_secureboot_mode_enabled,
++};
+ 
+ #ifdef CONFIG_EFI
+ /*
+@@ -887,6 +895,7 @@ static inline bool efi_rt_services_suppo
+ 	return (efi.runtime_supported_mask & mask) == mask;
+ }
+ extern void efi_find_mirror(void);
++extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode);
+ #else
+ static inline bool efi_enabled(int feature)
+ {
+@@ -906,6 +915,7 @@ static inline bool efi_rt_services_suppo
+ }
+ 
+ static inline void efi_find_mirror(void) {}
++static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {}
+ #endif
+ 
+ extern int efi_status_to_err(efi_status_t status);
+@@ -1124,13 +1134,6 @@ static inline bool efi_runtime_disabled(
+ extern void efi_call_virt_check_flags(unsigned long flags, const void *caller);
+ extern unsigned long efi_call_virt_save_flags(void);
+ 
+-enum efi_secureboot_mode {
+-	efi_secureboot_mode_unset,
+-	efi_secureboot_mode_unknown,
+-	efi_secureboot_mode_disabled,
+-	efi_secureboot_mode_enabled,
+-};
+-
+ static inline
+ enum efi_secureboot_mode efi_get_secureboot_mode(efi_get_variable_t *get_var)
+ {

debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch

@@ -0,0 +1,121 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 10 Sep 2019 11:54:28 +0100
+Subject: efi: Lock down the kernel if booted in secure boot mode
+
+Based on an earlier patch by David Howells, who wrote the following
+description:
+
+> UEFI Secure Boot provides a mechanism for ensuring that the firmware will
+> only load signed bootloaders and kernels.  Certain use cases may also
+> require that all kernel modules also be signed.  Add a configuration option
+> that to lock down the kernel - which includes requiring validly signed
+> modules - if the kernel is secure-booted.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+[Salvatore Bonaccorso: After fixing https://bugs.debian.org/956197 the
+help text for LOCK_DOWN_IN_EFI_SECURE_BOOT was adjusted to mention that
+lockdown is triggered in integrity mode (https://bugs.debian.org/1025417)]
+Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
+---
+ arch/x86/kernel/setup.c           |    4 ++--
+ drivers/firmware/efi/secureboot.c |    3 +++
+ include/linux/security.h          |    6 ++++++
+ security/lockdown/Kconfig         |   15 +++++++++++++++
+ security/lockdown/lockdown.c      |    2 +-
+ 5 files changed, 27 insertions(+), 3 deletions(-)
+
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -907,6 +907,8 @@ void __init setup_arch(char **cmdline_p)
+ 	if (efi_enabled(EFI_BOOT))
+ 		efi_init();
+ 
++	efi_set_secure_boot(boot_params.secure_boot);
++
+ 	reserve_ibft_region();
+ 	x86_init.resources.dmi_setup();
+ 
+@@ -1073,8 +1075,6 @@ void __init setup_arch(char **cmdline_p)
+ 	/* Allocate bigger log buffer */
+ 	setup_log_buf(1);
+ 
+-	efi_set_secure_boot(boot_params.secure_boot);
+-
+ 	reserve_initrd();
+ 
+ 	acpi_table_upgrade();
+--- a/drivers/firmware/efi/secureboot.c
++++ b/drivers/firmware/efi/secureboot.c
+@@ -15,6 +15,7 @@
+ #include <linux/efi.h>
+ #include <linux/kernel.h>
+ #include <linux/printk.h>
++#include <linux/security.h>
+ 
+ /*
+  * Decide what to do when UEFI secure boot mode is enabled.
+@@ -28,6 +29,10 @@ void __init efi_set_secure_boot(enum efi
+ 			break;
+ 		case efi_secureboot_mode_enabled:
+ 			set_bit(EFI_SECURE_BOOT, &efi.flags);
++#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
++			lock_kernel_down("EFI Secure Boot",
++					 LOCKDOWN_INTEGRITY_MAX);
++#endif
+ 			pr_info("Secure boot enabled\n");
+ 			break;
+ 		default:
+--- a/include/linux/security.h
++++ b/include/linux/security.h
+@@ -574,6 +574,7 @@ int security_inode_notifysecctx(struct i
+ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
+ int security_inode_getsecctx(struct inode *inode, struct lsm_context *cp);
+ int security_locked_down(enum lockdown_reason what);
++int lock_kernel_down(const char *where, enum lockdown_reason level);
+ int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
+ 		      void *val, size_t val_len, u64 id, u64 flags);
+ int security_bdev_alloc(struct block_device *bdev);
+@@ -1580,6 +1581,11 @@ static inline int security_locked_down(e
+ {
+ 	return 0;
+ }
++static inline int
++lock_kernel_down(const char *where, enum lockdown_reason level)
++{
++	return -EOPNOTSUPP;
++}
+ static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx,
+ 				    u32 *uctx_len, void *val, size_t val_len,
+ 				    u64 id, u64 flags)
+--- a/security/lockdown/Kconfig
++++ b/security/lockdown/Kconfig
+@@ -45,3 +45,18 @@ config LOCK_DOWN_KERNEL_FORCE_CONFIDENTI
+ 	 disabled.
+ 
+ endchoice
++
++config LOCK_DOWN_IN_EFI_SECURE_BOOT
++	bool "Lock down the kernel in EFI Secure Boot mode"
++	default n
++	depends on SECURITY_LOCKDOWN_LSM
++	depends on EFI
++	select SECURITY_LOCKDOWN_LSM_EARLY
++	help
++	  UEFI Secure Boot provides a mechanism for ensuring that the firmware
++	  will only load signed bootloaders and kernels.  Secure boot mode may
++	  be determined from EFI variables provided by the system firmware if
++	  not indicated by the boot parameters.
++
++	  Enabling this option results in kernel lockdown being
++	  triggered in integrity mode if EFI Secure Boot is set.
+--- a/security/lockdown/lockdown.c
++++ b/security/lockdown/lockdown.c
+@@ -24,7 +24,7 @@ static const enum lockdown_reason lockdo
+ /*
+  * Put the kernel into lock-down mode.
+  */
+-static int lock_kernel_down(const char *where, enum lockdown_reason level)
++int lock_kernel_down(const char *where, enum lockdown_reason level)
+ {
+ 	if (kernel_locked_down >= level)
+ 		return -EPERM;

debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch

@@ -0,0 +1,75 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Fri, 30 Aug 2019 15:54:24 +0100
+Subject: mtd: phram,slram: Disable when the kernel is locked down
+Forwarded: https://lore.kernel.org/linux-security-module/20190830154720.eekfjt6c4jzvlbfz@decadent.org.uk/
+
+These drivers allow mapping arbitrary memory ranges as MTD devices.
+This should be disabled to preserve the kernel's integrity when it is
+locked down.
+
+* Add the HWPARAM flag to the module parameters
+* When slram is built-in, it uses __setup() to read kernel parameters,
+  so add an explicit check security_locked_down() check
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Cc: Matthew Garrett <mjg59@google.com>
+Cc: David Howells <dhowells@redhat.com>
+Cc: Joern Engel <joern@lazybastard.org>
+Cc: linux-mtd@lists.infradead.org
+---
+ drivers/mtd/devices/phram.c | 6 +++++-
+ drivers/mtd/devices/slram.c | 9 ++++++++-
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+--- a/drivers/mtd/devices/phram.c
++++ b/drivers/mtd/devices/phram.c
+@@ -365,7 +365,11 @@ static int phram_param_call(const char *
+ #endif
+ }
+ 
+-module_param_call(phram, phram_param_call, NULL, NULL, 0200);
++static const struct kernel_param_ops phram_param_ops = {
++	.set = phram_param_call
++};
++__module_param_call(MODULE_PARAM_PREFIX, phram, &phram_param_ops, NULL,
++		    0200, -1, KERNEL_PARAM_FL_HWPARAM | hwparam_iomem);
+ MODULE_PARM_DESC(phram, "Memory region to map. \"phram=<name>,<start>,<length>[,<erasesize>]\"");
+ 
+ #ifdef CONFIG_OF
+--- a/drivers/mtd/devices/slram.c
++++ b/drivers/mtd/devices/slram.c
+@@ -43,6 +43,7 @@
+ #include <linux/ioctl.h>
+ #include <linux/init.h>
+ #include <linux/io.h>
++#include <linux/security.h>
+ 
+ #include <linux/mtd/mtd.h>
+ 
+@@ -65,7 +66,7 @@ typedef struct slram_mtd_list {
+ #ifdef MODULE
+ static char *map[SLRAM_MAX_DEVICES_PARAMS];
+ 
+-module_param_array(map, charp, NULL, 0);
++module_param_hw_array(map, charp, iomem, NULL, 0);
+ MODULE_PARM_DESC(map, "List of memory regions to map. \"map=<name>, <start>, <length / end>\"");
+ #else
+ static char *map;
+@@ -281,11 +282,17 @@ static int __init init_slram(void)
+ #ifndef MODULE
+ 	char *devstart;
+ 	char *devlength;
++	int ret;
+ 
+ 	if (!map) {
+ 		E("slram: not enough parameters.\n");
+ 		return(-EINVAL);
+ 	}
++
++	ret = security_locked_down(LOCKDOWN_MODULE_PARAMETERS);
++	if (ret)
++		return ret;
++
+ 	while (map) {
+ 		devname = devstart = devlength = NULL;
+ 

debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch

@@ -22,7 +22,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 
 --- a/include/linux/perf_event.h
 +++ b/include/linux/perf_event.h
-@@ -1694,6 +1694,11 @@ int perf_cpu_time_max_percent_handler(co
+@@ -1695,6 +1695,11 @@ int perf_cpu_time_max_percent_handler(co
  int perf_event_max_stack_handler(const struct ctl_table *table, int write,
  		void *buffer, size_t *lenp, loff_t *ppos);
  
@@ -50,7 +50,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  
  /* Minimum for 512 kiB + 1 user control page */
  int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
-@@ -12828,6 +12833,9 @@ SYSCALL_DEFINE5(perf_event_open,
+@@ -12803,6 +12808,9 @@ SYSCALL_DEFINE5(perf_event_open,
  	if (err)
  		return err;
  

debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch

@@ -29,7 +29,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
 
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -6982,6 +6982,10 @@
+@@ -6984,6 +6984,10 @@
  			later by a loaded module cannot be set this way.
  			Example: sysctl.vm.swappiness=40
  
@@ -42,7 +42,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  			Ignore sysrq setting - this boot parameter will
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
-@@ -3187,6 +3187,14 @@ config COMPAT_32
+@@ -3189,6 +3189,14 @@ config COMPAT_32
  	select HAVE_UID16
  	select OLD_SIGSUSPEND3
  

debian/patches/krd/0001-Revert-objtool-dont-fail-the-kernel-build-on-fatal-errors.patch

@@ -30,7 +30,7 @@ this reverts following commit:
 
 --- a/tools/objtool/check.c
 +++ b/tools/objtool/check.c
-@@ -4745,10 +4745,14 @@ int check(struct objtool_file *file)
+@@ -4750,10 +4750,14 @@ int check(struct objtool_file *file)
  	}
  
  out:

debian/patches/patchset-pf/amd-pstate/0001-cpufreq-amd-pstate-Remove-the-redundant-des_perf-cla.patch

@@ -1,4 +1,4 @@
-From 769d2f0a23fcf67207d5e931610eab2ced40548a Mon Sep 17 00:00:00 2001
+From cb40e98d75a75567cbd10f9fc69c2ec12c87a445 Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Wed, 5 Feb 2025 11:25:15 +0000
 Subject: cpufreq/amd-pstate: Remove the redundant des_perf clamping in

debian/patches/patchset-pf/amd-pstate/0002-cpufreq-amd-pstate-Modularize-perf-freq-conversion.patch

@@ -1,4 +1,4 @@
-From c2642290e7fbce1a301cd30fa3f78ef37defd52e Mon Sep 17 00:00:00 2001
+From f58e440e56a6c8a2c04894e5d169d1a98a8ce74f Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Wed, 5 Feb 2025 11:25:18 +0000
 Subject: cpufreq/amd-pstate: Modularize perf<->freq conversion

debian/patches/patchset-pf/amd-pstate/0003-cpufreq-amd-pstate-Remove-the-unnecessary-cpufreq_up.patch

@@ -1,4 +1,4 @@
-From 9560891ef76a2badb9f2e9cb2778938086ac9a04 Mon Sep 17 00:00:00 2001
+From 0a12d4a3ca1a996c1073d60c6775424972e8b7b9 Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Wed, 5 Feb 2025 11:25:19 +0000
 Subject: cpufreq/amd-pstate: Remove the unnecessary cpufreq_update_policy call

debian/patches/patchset-pf/amd-pstate/0004-cpufreq-amd-pstate-Use-scope-based-cleanup-for-cpufr.patch

@@ -1,4 +1,4 @@
-From 47e014be8e6a12cdfa6502bd9c93df9f83ba2b40 Mon Sep 17 00:00:00 2001
+From ab0520499c83ff44d468f1b2b604c85e2f78d694 Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Wed, 5 Feb 2025 11:25:22 +0000
 Subject: cpufreq/amd-pstate: Use scope based cleanup for cpufreq_policy refs

debian/patches/patchset-pf/amd-pstate/0005-cpufreq-amd-pstate-Remove-the-unncecessary-driver_lo.patch

@@ -1,4 +1,4 @@
-From ca860ed821a42d909190ca3f33d9c8b2cae6fe52 Mon Sep 17 00:00:00 2001
+From 658a4b7a41583e3b73477c0fbbee07aa6d6f7e0e Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Wed, 5 Feb 2025 11:25:23 +0000
 Subject: cpufreq/amd-pstate: Remove the unncecessary driver_lock in

debian/patches/patchset-pf/amd-pstate/0006-cpufreq-amd-pstate-Fix-the-clamping-of-perf-values.patch

@@ -1,4 +1,4 @@
-From cfa4817d112187bb3e2c16dfc0a70da23dff02fb Mon Sep 17 00:00:00 2001
+From 20f8507de83bc844c6ff2329e61ffc37734364e9 Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Sat, 22 Feb 2025 03:32:22 +0000
 Subject: cpufreq/amd-pstate: Fix the clamping of perf values

debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Invalidate-cppc_req_cached-during.patch

@@ -1,42 +0,0 @@
-From 7f2dd53f1064ad9118a7346c154eb6b07535ccc1 Mon Sep 17 00:00:00 2001
-From: Mario Limonciello <mario.limonciello@amd.com>
-Date: Wed, 26 Feb 2025 01:49:16 -0600
-Subject: cpufreq/amd-pstate: Invalidate cppc_req_cached during suspend
-
-During resume it's possible the firmware didn't restore the CPPC request
-MSR but the kernel thinks the values line up. This leads to incorrect
-performance after resume from suspend.
-
-To fix the issue invalidate the cached value at suspend. During resume use
-the saved values programmed as cached limits.
-
-Reviewed-by: Gautham R. Shenoy <gautham.shenoy@amd.com>
-Reviewed-by: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
-Reported-by: Miroslav Pavleski <miroslav@pavleski.net>
-Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217931
-Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
----
- drivers/cpufreq/amd-pstate.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
---- a/drivers/cpufreq/amd-pstate.c
-+++ b/drivers/cpufreq/amd-pstate.c
-@@ -1605,7 +1605,7 @@ static int amd_pstate_epp_reenable(struc
- 					  max_perf, policy->boost_enabled);
- 	}
- 
--	return amd_pstate_update_perf(cpudata, 0, 0, max_perf, cpudata->epp_cached, false);
-+	return amd_pstate_epp_update_limit(policy);
- }
- 
- static int amd_pstate_epp_cpu_online(struct cpufreq_policy *policy)
-@@ -1654,6 +1654,9 @@ static int amd_pstate_epp_suspend(struct
- 	if (cppc_state != AMD_PSTATE_ACTIVE)
- 		return 0;
- 
-+	/* invalidate to ensure it's rewritten during resume */
-+	cpudata->cppc_req_cached = 0;
-+
- 	/* set this flag to avoid setting core offline*/
- 	cpudata->suspended = true;
- 

debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch

@@ -1,4 +1,4 @@
-From c37ee0cb65bd828d36ebe05bd3fea883685f8da3 Mon Sep 17 00:00:00 2001
+From 240a074b7f92278755df715be1ea5ea5d3d2f5ac Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:17 -0600
 Subject: cpufreq/amd-pstate: Show a warning when a CPU fails to setup

debian/patches/patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch

@@ -1,4 +1,4 @@
-From b4e1ebe4f5e836d9395383acc71f130846f925fb Mon Sep 17 00:00:00 2001
+From 82520910e91d62f19c944ff17ba8f966553e79d6 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:18 -0600
 Subject: cpufreq/amd-pstate: Drop min and max cached frequencies

debian/patches/patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch

@@ -1,4 +1,4 @@
-From 719a773ca04ac885a29b292ef5b64dd4c25f39fe Mon Sep 17 00:00:00 2001
+From 21109b42429e0d9f0ee1bfadddae38fb5b0b23c3 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:19 -0600
 Subject: cpufreq/amd-pstate: Move perf values into a union

debian/patches/patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Overhaul-locking.patch

@@ -1,4 +1,4 @@
-From 79ecccde4094c468608328a349c5fd16fbf2f43e Mon Sep 17 00:00:00 2001
+From 0daee82069cfe4a322bed954a4a5f19226e49e95 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:20 -0600
 Subject: cpufreq/amd-pstate: Overhaul locking

debian/patches/patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch

@@ -1,4 +1,4 @@
-From 2b570ed010d10b0c2531642a7e0eba7b942ac6d4 Mon Sep 17 00:00:00 2001
+From 7c820a91ffd02aa7e426e8801893575f218a7a80 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:21 -0600
 Subject: cpufreq/amd-pstate: Drop `cppc_cap1_cached`

debian/patches/patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch

@@ -1,4 +1,4 @@
-From 47fac320cc620c0df7597d28394279d87f94e9a4 Mon Sep 17 00:00:00 2001
+From 5d0c340db98de378a11abfbaf587b6e601e7291c Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:22 -0600
 Subject: cpufreq/amd-pstate-ut: Use _free macro to free put policy

debian/patches/patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch

@@ -1,4 +1,4 @@
-From 70f7a9af7ff80b58393e62168523c0a27f12da22 Mon Sep 17 00:00:00 2001
+From 8937b7068ca30072c4c4cf4c22000112afbd6839 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:23 -0600
 Subject: cpufreq/amd-pstate-ut: Allow lowest nonlinear and lowest to be the

debian/patches/patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch

@@ -1,4 +1,4 @@
-From fc2391caced7c17d7228faf7fdff83fe01240888 Mon Sep 17 00:00:00 2001
+From 8cb701e059fa08dcb9ab74e3c84abc224ff72714 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:24 -0600
 Subject: cpufreq/amd-pstate-ut: Drop SUCCESS and FAIL enums

debian/patches/patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch

@@ -1,4 +1,4 @@
-From c4b9333baaa421f7930f2c9f776dac1ba71999d0 Mon Sep 17 00:00:00 2001
+From c553e0165997349a3f831fa04bdd7f61913a3442 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:25 -0600
 Subject: cpufreq/amd-pstate-ut: Run on all of the correct CPUs

debian/patches/patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch

@@ -1,4 +1,4 @@
-From 84e96fb98ef86f82afc0ab00c17bf263163ea5df Mon Sep 17 00:00:00 2001
+From c4197fd693cb98a8a71557187a7cf592d6b68b3c Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:26 -0600
 Subject: cpufreq/amd-pstate-ut: Adjust variable scope

debian/patches/patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch

@@ -1,4 +1,4 @@
-From 0b5b3c1580120d99ab30a883086961138037a310 Mon Sep 17 00:00:00 2001
+From 19c375251767f49b62894d3b4782f0b8b01313b8 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:27 -0600
 Subject: cpufreq/amd-pstate: Replace all AMD_CPPC_* macros with masks

debian/patches/patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch

@@ -1,4 +1,4 @@
-From 47cc0c90ca4166b134bf13b959ba85a74dd62e6f Mon Sep 17 00:00:00 2001
+From bb7fadf4a86e19b52cbe850c9274bfa643d3ce52 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:28 -0600
 Subject: cpufreq/amd-pstate: Cache CPPC request in shared mem case too

debian/patches/patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch

@@ -1,4 +1,4 @@
-From f1030cf846b41bb466ca139da33d5cc743a8dca6 Mon Sep 17 00:00:00 2001
+From e02f8a14d44223160d348d5841cc3dd916a14401 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:29 -0600
 Subject: cpufreq/amd-pstate: Move all EPP tracing into *_update_perf and

debian/patches/patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch

@@ -1,4 +1,4 @@
-From 0355adaaef43590373457b0a33195fa458cfecbc Mon Sep 17 00:00:00 2001
+From 5f0b3bf5497422293576a0783e47d203c52ed863 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:30 -0600
 Subject: cpufreq/amd-pstate: Update cppc_req_cached for shared mem EPP writes

debian/patches/patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch

@@ -1,4 +1,4 @@
-From 65fa376d4387463f1b06248ef590898c1ad35b46 Mon Sep 17 00:00:00 2001
+From 6c2201fe880d7d35fbde67d74ec1989f053cc0bd Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:31 -0600
 Subject: cpufreq/amd-pstate: Drop debug statements for policy setting

debian/patches/patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Rework-CPPC-enabling.patch

@@ -1,4 +1,4 @@
-From 394034d8e0bde7bd8bd482d4924f8883ff6f4cbe Mon Sep 17 00:00:00 2001
+From 3c5030a27361deff20bec5d43339109901f3198c Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:32 -0600
 Subject: cpufreq/amd-pstate: Rework CPPC enabling

debian/patches/patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Stop-caching-EPP.patch

@@ -1,4 +1,4 @@
-From 50fccd9d8304b992bbea9088abe4ee33786d9805 Mon Sep 17 00:00:00 2001
+From c06cca99a6d74e7a6d6f020dbf982b0b9bf704e6 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:33 -0600
 Subject: cpufreq/amd-pstate: Stop caching EPP

debian/patches/patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch

@@ -1,4 +1,4 @@
-From c940323e2d0e3f449f6a1c343c9d94f2e57c3eda Mon Sep 17 00:00:00 2001
+From a82e4f4eb6e5e9806c66285cb3cefde644b8ea6b Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <mario.limonciello@amd.com>
 Date: Wed, 26 Feb 2025 01:49:34 -0600
 Subject: cpufreq/amd-pstate: Drop actions in amd_pstate_epp_cpu_offline()

debian/patches/patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch

@@ -1,4 +1,4 @@
-From 401a66269205902153f18f78963e53cb14f99b83 Mon Sep 17 00:00:00 2001
+From de3dd387423b30565e846e0ff4424e2c99164030 Mon Sep 17 00:00:00 2001
 From: Mario Limonciello <superm1@kernel.org>
 Date: Thu, 27 Feb 2025 14:09:08 -0600
 Subject: cpufreq/amd-pstate: fix warning noticed by kernel test robot

debian/patches/patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch

@@ -1,4 +1,4 @@
-From 6b89403370ff0c33e2491dd700b601c438c7f9b2 Mon Sep 17 00:00:00 2001
+From 7e68278a4a90d52966b923404a2d280e3a83b66f Mon Sep 17 00:00:00 2001
 From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
 Date: Mon, 7 Apr 2025 08:19:26 +0000
 Subject: cpufreq/amd-pstate: Fix min_limit perf and freq updation for

debian/patches/patchset-pf/btrfs/0001-btrfs-fix-non-empty-delayed-iputs-list-on-unmount-du.patch

@@ -1,76 +0,0 @@
-From 361b73ca6606d8bace6fe78b63d508d747c6689a Mon Sep 17 00:00:00 2001
-From: Filipe Manana <fdmanana@suse.com>
-Date: Wed, 5 Mar 2025 16:52:26 +0000
-Subject: btrfs: fix non-empty delayed iputs list on unmount due to compressed
- write workers
-
-At close_ctree() after we have ran delayed iputs either through explicitly
-calling btrfs_run_delayed_iputs() or later during the call to
-btrfs_commit_super() or btrfs_error_commit_super(), we assert that the
-delayed iputs list is empty.
-
-When we have compressed writes this assertion may fail because delayed
-iputs may have been added to the list after we last ran delayed iputs.
-This happens like this:
-
-1) We have a compressed write bio executing;
-
-2) We enter close_ctree() and flush the fs_info->endio_write_workers
-   queue which is the queue used for running ordered extent completion;
-
-3) The compressed write bio finishes and enters
-   btrfs_finish_compressed_write_work(), where it calls
-   btrfs_finish_ordered_extent() which in turn calls
-   btrfs_queue_ordered_fn(), which queues a work item in the
-   fs_info->endio_write_workers queue that we have flushed before;
-
-4) At close_ctree() we proceed, run all existing delayed iputs and
-   call btrfs_commit_super() (which also runs delayed iputs), but before
-   we run the following assertion below:
-
-      ASSERT(list_empty(&fs_info->delayed_iputs))
-
-   A delayed iput is added by the step below...
-
-5) The ordered extent completion job queued in step 3 runs and results in
-   creating a delayed iput when dropping the last reference of the ordered
-   extent (a call to btrfs_put_ordered_extent() made from
-   btrfs_finish_one_ordered());
-
-6) At this point the delayed iputs list is not empty, so the assertion at
-   close_ctree() fails.
-
-Fix this by flushing the fs_info->compressed_write_workers queue at
-close_ctree() before flushing the fs_info->endio_write_workers queue,
-respecting the queue dependency as the later is responsible for the
-execution of ordered extent completion.
-
-CC: stable@vger.kernel.org # 5.15+
-Reviewed-by: Qu Wenruo <wqu@suse.com>
-Signed-off-by: Filipe Manana <fdmanana@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
----
- fs/btrfs/disk-io.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
---- a/fs/btrfs/disk-io.c
-+++ b/fs/btrfs/disk-io.c
-@@ -4349,6 +4349,18 @@ void __cold close_ctree(struct btrfs_fs_
- 	btrfs_flush_workqueue(fs_info->delalloc_workers);
- 
- 	/*
-+	 * When finishing a compressed write bio we schedule a work queue item
-+	 * to finish an ordered extent - btrfs_finish_compressed_write_work()
-+	 * calls btrfs_finish_ordered_extent() which in turns does a call to
-+	 * btrfs_queue_ordered_fn(), and that queues the ordered extent
-+	 * completion either in the endio_write_workers work queue or in the
-+	 * fs_info->endio_freespace_worker work queue. We flush those queues
-+	 * below, so before we flush them we must flush this queue for the
-+	 * workers of compressed writes.
-+	 */
-+	flush_workqueue(fs_info->compressed_write_workers);
-+
-+	/*
- 	 * After we parked the cleaner kthread, ordered extents may have
- 	 * completed and created new delayed iputs. If one of the async reclaim
- 	 * tasks is running and in the RUN_DELAYED_IPUTS flush state, then we

debian/patches/patchset-pf/btrfs/0002-btrfs-tests-fix-chunk-map-leak-after-failure-to-add-.patch

@@ -1,30 +0,0 @@
-From 9ac804f2001675a05f01a2f74af0c85861801e59 Mon Sep 17 00:00:00 2001
-From: Filipe Manana <fdmanana@suse.com>
-Date: Tue, 11 Mar 2025 15:50:50 +0000
-Subject: btrfs: tests: fix chunk map leak after failure to add it to the tree
-
-If we fail to add the chunk map to the fs mapping tree we exit
-test_rmap_block() without freeing the chunk map. Fix this by adding a
-call to btrfs_free_chunk_map() before exiting the test function if the
-call to btrfs_add_chunk_map() failed.
-
-Fixes: 7dc66abb5a47 ("btrfs: use a dedicated data structure for chunk maps")
-CC: stable@vger.kernel.org # 6.12+
-Reviewed-by: Boris Burkov <boris@bur.io>
-Signed-off-by: Filipe Manana <fdmanana@suse.com>
-Reviewed-by: David Sterba <dsterba@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
----
- fs/btrfs/tests/extent-map-tests.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/fs/btrfs/tests/extent-map-tests.c
-+++ b/fs/btrfs/tests/extent-map-tests.c
-@@ -1045,6 +1045,7 @@ static int test_rmap_block(struct btrfs_
- 	ret = btrfs_add_chunk_map(fs_info, map);
- 	if (ret) {
- 		test_err("error adding chunk map to mapping tree");
-+		btrfs_free_chunk_map(map);
- 		goto out_free;
- 	}
- 

debian/patches/patchset-pf/btrfs/0003-btrfs-zoned-fix-zone-activation-with-missing-devices.patch

@@ -1,36 +0,0 @@
-From 2d168cd506ec0b7a7619433aa0299b0be05ce655 Mon Sep 17 00:00:00 2001
-From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
-Date: Mon, 17 Mar 2025 12:24:58 +0100
-Subject: btrfs: zoned: fix zone activation with missing devices
-
-If btrfs_zone_activate() is called with a filesystem that has missing
-devices (e.g. a RAID file system mounted in degraded mode) it is accessing
-the btrfs_device::zone_info pointer, which will not be set if the device in
-question is missing.
-
-Check if the device is present (by checking if it has a valid block
-device pointer associated) and if not, skip zone activation for it.
-
-Fixes: f9a912a3c45f ("btrfs: zoned: make zone activation multi stripe capable")
-CC: stable@vger.kernel.org # 6.1+
-Reviewed-by: Naohiro Aota <naohiro.aota@wdc.com>
-Reviewed-by: Anand Jain <anand.jain@oracle.com>
-Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
-Reviewed-by: David Sterba <dsterba@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
----
- fs/btrfs/zoned.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/fs/btrfs/zoned.c
-+++ b/fs/btrfs/zoned.c
-@@ -2111,6 +2111,9 @@ bool btrfs_zone_activate(struct btrfs_bl
- 		physical = map->stripes[i].physical;
- 		zinfo = device->zone_info;
- 
-+		if (!device->bdev)
-+			continue;
-+
- 		if (zinfo->max_active_zones == 0)
- 			continue;
- 

debian/patches/patchset-pf/btrfs/0004-btrfs-zoned-fix-zone-finishing-with-missing-devices.patch

@@ -1,36 +0,0 @@
-From 5d05bf549f00ac4b04476b749847a7fcb019a73f Mon Sep 17 00:00:00 2001
-From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
-Date: Mon, 17 Mar 2025 12:24:59 +0100
-Subject: btrfs: zoned: fix zone finishing with missing devices
-
-If do_zone_finish() is called with a filesystem that has missing devices
-(e.g. a RAID file system mounted in degraded mode) it is accessing the
-btrfs_device::zone_info pointer, which will not be set if the device
-in question is missing.
-
-Check if the device is present (by checking if it has a valid block device
-pointer associated) and if not, skip zone finishing for it.
-
-Fixes: 4dcbb8ab31c1 ("btrfs: zoned: make zone finishing multi stripe capable")
-CC: stable@vger.kernel.org # 6.1+
-Reviewed-by: Naohiro Aota <naohiro.aota@wdc.com>
-Reviewed-by: Anand Jain <anand.jain@oracle.com>
-Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
-Reviewed-by: David Sterba <dsterba@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
----
- fs/btrfs/zoned.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/fs/btrfs/zoned.c
-+++ b/fs/btrfs/zoned.c
-@@ -2275,6 +2275,9 @@ static int do_zone_finish(struct btrfs_b
- 		struct btrfs_zoned_device_info *zinfo = device->zone_info;
- 		unsigned int nofs_flags;
- 
-+		if (!device->bdev)
-+			continue;
-+
- 		if (zinfo->max_active_zones == 0)
- 			continue;
- 

debian/patches/patchset-pf/fixes/0001-Kunit-to-check-the-longest-symbol-length.patch

@@ -1,4 +1,4 @@
-From 065753c4084d8ea0b55b8a5abbba3291eeaf5979 Mon Sep 17 00:00:00 2001
+From a1eb9a3160dc9e3cee6abdeab8e41c2265a2d7a1 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Sergio=20Gonz=C3=A1lez=20Collado?=
  <sergio.collado@gmail.com>
 Date: Sun, 2 Mar 2025 23:15:18 +0100
@@ -80,7 +80,7 @@ Cherry-picked-for: https://gitlab.archlinux.org/archlinux/packaging/packages/lin
  	depends on HAVE_HW_BREAKPOINT
 --- a/lib/Makefile
 +++ b/lib/Makefile
-@@ -393,6 +393,8 @@ obj-$(CONFIG_FORTIFY_KUNIT_TEST) += fort
+@@ -398,6 +398,8 @@ obj-$(CONFIG_FORTIFY_KUNIT_TEST) += fort
  obj-$(CONFIG_CRC_KUNIT_TEST) += crc_kunit.o
  obj-$(CONFIG_SIPHASH_KUNIT_TEST) += siphash_kunit.o
  obj-$(CONFIG_USERCOPY_KUNIT_TEST) += usercopy_kunit.o

debian/patches/patchset-pf/fixes/0001-tpm-do-not-start-chip-while-suspended.patch

@@ -1,94 +0,0 @@
-From 04eeb2f53dc530f0f724687b9ed2efdb86c59aed Mon Sep 17 00:00:00 2001
-From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
-Date: Fri, 7 Feb 2025 15:07:46 -0300
-Subject: tpm: do not start chip while suspended
-
-Checking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can
-lead to a spurious tpm_chip_start() call:
-
-[35985.503771] i2c i2c-1: Transfer while suspended
-[35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810
-[35985.503802] Modules linked in:
-[35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G        W          6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f
-[35985.503814] Tainted: [W]=WARN
-[35985.503817] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023
-[35985.503819] RIP: 0010:__i2c_transfer+0xbe/0x810
-[35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe <0f> 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5
-[35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246
-[35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000
-[35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001
-[35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
-[35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820
-[35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120
-[35985.503846] FS:  0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000
-[35985.503849] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-[35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0
-[35985.503855] Call Trace:
-[35985.503859]  <TASK>
-[35985.503863]  ? __warn+0xd4/0x260
-[35985.503868]  ? __i2c_transfer+0xbe/0x810
-[35985.503874]  ? report_bug+0xf3/0x210
-[35985.503882]  ? handle_bug+0x63/0xb0
-[35985.503887]  ? exc_invalid_op+0x16/0x50
-[35985.503892]  ? asm_exc_invalid_op+0x16/0x20
-[35985.503904]  ? __i2c_transfer+0xbe/0x810
-[35985.503913]  tpm_cr50_i2c_transfer_message+0x24/0xf0
-[35985.503920]  tpm_cr50_i2c_read+0x8e/0x120
-[35985.503928]  tpm_cr50_request_locality+0x75/0x170
-[35985.503935]  tpm_chip_start+0x116/0x160
-[35985.503942]  tpm_try_get_ops+0x57/0x90
-[35985.503948]  tpm_find_get_ops+0x26/0xd0
-[35985.503955]  tpm_get_random+0x2d/0x80
-
-Don't move forward with tpm_chip_start() inside tpm_try_get_ops(), unless
-TPM_CHIP_FLAG_SUSPENDED is not set. tpm_find_get_ops() will return NULL in
-such a failure case.
-
-Fixes: 9265fed6db60 ("tpm: Lock TPM chip in tpm_pm_suspend() first")
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
-Cc: stable@vger.kernel.org
-Cc: Jerry Snitselaar <jsnitsel@redhat.com>
-Cc: Mike Seo <mikeseohyungjin@gmail.com>
-Cc: Jarkko Sakkinen <jarkko@kernel.org>
-Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
-Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
----
- drivers/char/tpm/tpm-chip.c      | 5 +++++
- drivers/char/tpm/tpm-interface.c | 7 -------
- 2 files changed, 5 insertions(+), 7 deletions(-)
-
---- a/drivers/char/tpm/tpm-chip.c
-+++ b/drivers/char/tpm/tpm-chip.c
-@@ -168,6 +168,11 @@ int tpm_try_get_ops(struct tpm_chip *chi
- 		goto out_ops;
- 
- 	mutex_lock(&chip->tpm_mutex);
-+
-+	/* tmp_chip_start may issue IO that is denied while suspended */
-+	if (chip->flags & TPM_CHIP_FLAG_SUSPENDED)
-+		goto out_lock;
-+
- 	rc = tpm_chip_start(chip);
- 	if (rc)
- 		goto out_lock;
---- a/drivers/char/tpm/tpm-interface.c
-+++ b/drivers/char/tpm/tpm-interface.c
-@@ -445,18 +445,11 @@ int tpm_get_random(struct tpm_chip *chip
- 	if (!chip)
- 		return -ENODEV;
- 
--	/* Give back zero bytes, as TPM chip has not yet fully resumed: */
--	if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) {
--		rc = 0;
--		goto out;
--	}
--
- 	if (chip->flags & TPM_CHIP_FLAG_TPM2)
- 		rc = tpm2_get_random(chip, out, max);
- 	else
- 		rc = tpm1_get_random(chip, out, max);
- 
--out:
- 	tpm_put_ops(chip);
- 	return rc;
- }

debian/patches/patchset-pf/fixes/0002-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch

@@ -1,4 +1,4 @@
-From 7f3eaa6a64048a0259d2daae8a91e64fbd749641 Mon Sep 17 00:00:00 2001
+From 1ff7499aaa4cec11be79e97c118978fd781073a6 Mon Sep 17 00:00:00 2001
 From: Nathan Chancellor <nathan@kernel.org>
 Date: Tue, 18 Mar 2025 15:32:30 -0700
 Subject: x86/tools: Drop duplicate unlikely() definition in

debian/patches/patchset-pf/fixes/0003-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch

@@ -1,4 +1,4 @@
-From 3cfeab379362feb285fdb631ebc65539c1559034 Mon Sep 17 00:00:00 2001
+From 72096487bfe8ebc52731c264536418c51854d999 Mon Sep 17 00:00:00 2001
 From: Alex Deucher <alexander.deucher@amd.com>
 Date: Thu, 27 Mar 2025 17:33:49 -0400
 Subject: drm/amdgpu/mes11: optimize MES pipe FW version fetching

debian/patches/patchset-pf/fixes/0004-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch

@@ -1,4 +1,4 @@
-From 1ad7c482a722a7c918609390e479c9dd4f717539 Mon Sep 17 00:00:00 2001
+From a1dfb99dca82ff97b00ce76f8f987ade471875d1 Mon Sep 17 00:00:00 2001
 From: Jarkko Sakkinen <jarkko@kernel.org>
 Date: Mon, 7 Apr 2025 15:28:05 +0300
 Subject: tpm: Mask TPM RC in tpm2_start_auth_session()

debian/patches/patchset-pf/fixes/0004-tpm-tpm_tis-Fix-timeout-handling-when-waiting-for-TP.patch

@@ -1,44 +0,0 @@
-From cda754004cc36746f5197ed203d013dccf2f5146 Mon Sep 17 00:00:00 2001
-From: Jonathan McDowell <noodles@meta.com>
-Date: Wed, 12 Mar 2025 07:31:57 +0200
-Subject: tpm, tpm_tis: Fix timeout handling when waiting for TPM status
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The change to only use interrupts to handle supported status changes
-introduced an issue when it is necessary to poll for the status. Rather
-than checking for the status after sleeping the code now sleeps after
-the check. This means a correct, but slower, status change on the part
-of the TPM can be missed, resulting in a spurious timeout error,
-especially on a more loaded system. Switch back to sleeping *then*
-checking. An up front check of the status has been done at the start of
-the function, so this does not cause an additional delay when the status
-is already what we're looking for.
-
-Cc: stable@vger.kernel.org # v6.4+
-Fixes: e87fcf0dc2b4 ("tpm, tpm_tis: Only handle supported interrupts")
-Signed-off-by: Jonathan McDowell <noodles@meta.com>
-Reviewed-by: Michal Suchánek <msuchanek@suse.de>
-Reviewed-by: Lino Sanfilippo <l.sanfilippo@kunbus.com>
-Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
-Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
----
- drivers/char/tpm/tpm_tis_core.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
---- a/drivers/char/tpm/tpm_tis_core.c
-+++ b/drivers/char/tpm/tpm_tis_core.c
-@@ -114,11 +114,10 @@ again:
- 		return 0;
- 	/* process status changes without irq support */
- 	do {
-+		usleep_range(priv->timeout_min, priv->timeout_max);
- 		status = chip->ops->status(chip);
- 		if ((status & mask) == mask)
- 			return 0;
--		usleep_range(priv->timeout_min,
--			     priv->timeout_max);
- 	} while (time_before(jiffies, stop));
- 	return -ETIME;
- }

debian/patches/patchset-pf/fixes/0005-block-make-sure-nr_integrity_segments-is-cloned-in-b.patch

@@ -1,32 +0,0 @@
-From 32df198f302abc95f532b55c7612c156d3febcd9 Mon Sep 17 00:00:00 2001
-From: Ming Lei <ming.lei@redhat.com>
-Date: Mon, 10 Mar 2025 19:54:53 +0800
-Subject: block: make sure ->nr_integrity_segments is cloned in
- blk_rq_prep_clone
-
-Make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone(),
-otherwise requests cloned by device-mapper multipath will not have the
-proper nr_integrity_segments values set, then BUG() is hit from
-sg_alloc_table_chained().
-
-Fixes: b0fd271d5fba ("block: add request clone interface (v2)")
-Cc: stable@vger.kernel.org
-Cc: Christoph Hellwig <hch@infradead.org>
-Signed-off-by: Ming Lei <ming.lei@redhat.com>
-Reviewed-by: Christoph Hellwig <hch@lst.de>
-Link: https://lore.kernel.org/r/20250310115453.2271109-1-ming.lei@redhat.com
-Signed-off-by: Jens Axboe <axboe@kernel.dk>
----
- block/blk-mq.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/block/blk-mq.c
-+++ b/block/blk-mq.c
-@@ -3314,6 +3314,7 @@ int blk_rq_prep_clone(struct request *rq
- 		rq->special_vec = rq_src->special_vec;
- 	}
- 	rq->nr_phys_segments = rq_src->nr_phys_segments;
-+	rq->nr_integrity_segments = rq_src->nr_integrity_segments;
- 
- 	if (rq->bio && blk_crypto_rq_bio_prep(rq, rq->bio, gfp_mask) < 0)
- 		goto free_and_out;

debian/patches/patchset-pf/fixes/0005-ice-mark-ice_write_prof_mask_reg-as-noinline.patch

@@ -1,4 +1,4 @@
-From d3d3441d32966234778ab2e4a127ccccbc6ab092 Mon Sep 17 00:00:00 2001
+From 7b594a3c7b41db58884da466607417ca27c08a1d Mon Sep 17 00:00:00 2001
 From: Oleksandr Natalenko <oleksandr@natalenko.name>
 Date: Tue, 8 Apr 2025 12:02:36 +0200
 Subject: ice: mark ice_write_prof_mask_reg() as noinline

debian/patches/patchset-pf/fixes/0006-PCI-Fix-wrong-length-of-devres-array.patch

@@ -1,40 +0,0 @@
-From 0c116e263170e1e5b7325af51659074c977b8a91 Mon Sep 17 00:00:00 2001
-From: Philipp Stanner <phasta@kernel.org>
-Date: Wed, 12 Mar 2025 09:06:34 +0100
-Subject: PCI: Fix wrong length of devres array
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The array for the iomapping cookie addresses has a length of
-PCI_STD_NUM_BARS. This constant, however, only describes standard BARs;
-while PCI can allow for additional, special BARs.
-
-The total number of PCI resources is described by constant
-PCI_NUM_RESOURCES, which is also used in, e.g., pci_select_bars().
-
-Thus, the devres array has so far been too small.
-
-Change the length of the devres array to PCI_NUM_RESOURCES.
-
-Link: https://lore.kernel.org/r/20250312080634.13731-3-phasta@kernel.org
-Fixes: bbaff68bf4a4 ("PCI: Add managed partial-BAR request and map infrastructure")
-Signed-off-by: Philipp Stanner <phasta@kernel.org>
-Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
-Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
-Cc: stable@vger.kernel.org	# v6.11+
----
- drivers/pci/devres.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/pci/devres.c
-+++ b/drivers/pci/devres.c
-@@ -40,7 +40,7 @@
-  * Legacy struct storing addresses to whole mapped BARs.
-  */
- struct pcim_iomap_devres {
--	void __iomem *table[PCI_STD_NUM_BARS];
-+	void __iomem *table[PCI_NUM_RESOURCES];
- };
- 
- /* Used to restore the old INTx state on driver detach. */

debian/patches/patchset-pf/fixes/0006-fixes-6.14-update-tpm2_start_auth_session-fix.patch

@@ -1,4 +1,4 @@
-From d8c360e932feed8798adf37ffad5d93e47ab032f Mon Sep 17 00:00:00 2001
+From 42a4f494db975d62916c73f5d637aef9be343d70 Mon Sep 17 00:00:00 2001
 From: Oleksandr Natalenko <oleksandr@natalenko.name>
 Date: Tue, 8 Apr 2025 19:51:44 +0200
 Subject: fixes-6.14: update tpm2_start_auth_session() fix
@@ -49,7 +49,7 @@ Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
  enum tpm2_command_codes {
  	TPM2_CC_FIRST		        = 0x011F,
  	TPM2_CC_HIERARCHY_CONTROL       = 0x0121,
-@@ -457,6 +437,24 @@ static inline u32 tpm2_rc_value(u32 rc)
+@@ -458,6 +438,24 @@ static inline u32 tpm2_rc_value(u32 rc)
  	return (rc & BIT(7)) ? rc & 0xbf : rc;
  }
  

debian/patches/patchset-pf/fixes/0007-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch

@@ -1,4 +1,4 @@
-From feadcb68955511723dbc2cad800e0524625d62c5 Mon Sep 17 00:00:00 2001
+From f1e8e30bef3757904d9e963f02ef297cd0c33240 Mon Sep 17 00:00:00 2001
 From: Alex Deucher <alexander.deucher@amd.com>
 Date: Fri, 28 Mar 2025 09:08:57 -0400
 Subject: drm/amdgpu/mes12: optimize MES pipe FW version fetching

debian/patches/patchset-pf/fixes/0008-wifi-iwlwifi-pcie-set-state-to-no-FW-before-reset-ha.patch

@@ -0,0 +1,50 @@
+From 81c23adad48324b73fe0993f332407c5be050bb5 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Thu, 3 Apr 2025 11:04:37 +0000
+Subject: wifi: iwlwifi: pcie: set state to no-FW before reset handshake
+
+The reset handshake attempts to kill the firmware, and it'll go
+into a pretty much dead state once we do that. However, if it
+times out, then we'll attempt to dump the firmware to be able
+to see why it didn't respond. During this dump, we cannot treat
+it as if it was still running, since we just tried to kill it,
+otherwise dumping will attempt to send a DBGC stop command. As
+this command will time out, we'll go into a reset loop.
+
+For now, fix this by setting the trans->state to say firmware
+isn't running before doing the reset handshake. In the longer
+term, we should clean up the way this state is handled.
+
+It's not entirely clear but it seems likely that this issue was
+introduced by my rework of the error handling, prior to that it
+would've been synchronous at that point and (I think) not have
+attempted to reset since it was already doing down.
+
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219967
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219968
+Closes: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/128
+Fixes: 7391b2a4f7db ("wifi: iwlwifi: rework firmware error handling")
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
+---
+ drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c
++++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c
+@@ -147,8 +147,14 @@ static void _iwl_trans_pcie_gen2_stop_de
+ 		return;
+ 
+ 	if (trans->state >= IWL_TRANS_FW_STARTED &&
+-	    trans_pcie->fw_reset_handshake)
++	    trans_pcie->fw_reset_handshake) {
++		/*
++		 * Reset handshake can dump firmware on timeout, but that
++		 * should assume that the firmware is already dead.
++		 */
++		trans->state = IWL_TRANS_NO_FW;
+ 		iwl_trans_pcie_fw_reset_handshake(trans);
++	}
+ 
+ 	trans_pcie->is_down = true;
+ 

debian/patches/patchset-pf/fixes/0009-wifi-ath12k-Abort-scan-before-removing-link-interfac.patch

@@ -0,0 +1,40 @@
+From d3140c22ed2bc3c98dcf251659d78572e154a993 Mon Sep 17 00:00:00 2001
+From: Lingbo Kong <quic_lingbok@quicinc.com>
+Date: Wed, 26 Feb 2025 19:31:18 +0800
+Subject: wifi: ath12k: Abort scan before removing link interface to prevent
+ duplicate deletion
+
+Currently, when ath12k performs the remove link interface operation, if
+there is an ongoing scan operation on the arvif, ath12k may execute the
+remove link interface operation multiple times on the same arvif. This
+occurs because, during the remove link operation, if a scan operation is
+present on the arvif, ath12k may receive a WMI_SCAN_EVENT_COMPLETED event
+from the firmware. Upon receiving this event, ath12k will continue to
+execute the ath12k_scan_vdev_clean_work() function, performing the remove
+link interface operation on the same arvif again.
+
+To address this issue, before executing the remove link interface
+operation, ath12k needs to check if there is an ongoing scan operation on
+the current arvif. If such an operation exists, it should be aborted.
+
+Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
+
+Signed-off-by: Lingbo Kong <quic_lingbok@quicinc.com>
+---
+ drivers/net/wireless/ath/ath12k/mac.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/net/wireless/ath/ath12k/mac.c
++++ b/drivers/net/wireless/ath/ath12k/mac.c
+@@ -9330,6 +9330,11 @@ ath12k_mac_op_unassign_vif_chanctx(struc
+ 	    ar->num_started_vdevs == 1 && ar->monitor_vdev_created)
+ 		ath12k_mac_monitor_stop(ar);
+ 
++	if (ar->scan.arvif == arvif && ar->scan.state == ATH12K_SCAN_RUNNING) {
++		ath12k_scan_abort(ar);
++		ar->scan.arvif = NULL;
++	}
++
+ 	ath12k_mac_remove_link_interface(hw, arvif);
+ 	ath12k_mac_unassign_link_vif(arvif);
+ }

debian/patches/patchset-pf/fixes/0010-Kconfig-switch-CONFIG_SYSFS_SYCALL-default-to-n.patch

@@ -0,0 +1,49 @@
+From fa165a32074fba27286cc9d2464a647642ad6bc7 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <brauner@kernel.org>
+Date: Tue, 15 Apr 2025 10:22:04 +0200
+Subject: Kconfig: switch CONFIG_SYSFS_SYCALL default to n
+
+This odd system call will be removed in the future. Let's decouple it
+from CONFIG_EXPERT and switch the default to n as a first step.
+
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+---
+ init/Kconfig | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -1600,6 +1600,16 @@ config SYSCTL_ARCH_UNALIGN_ALLOW
+ 	  the unaligned access emulation.
+ 	  see arch/parisc/kernel/unaligned.c for reference
+ 
++config SYSFS_SYSCALL
++	bool "Sysfs syscall support"
++	default n
++	help
++	  sys_sysfs is an obsolete system call no longer supported in libc.
++	  Note that disabling this option is more secure but might break
++	  compatibility with some systems.
++
++	  If unsure say N here.
++
+ config HAVE_PCSPKR_PLATFORM
+ 	bool
+ 
+@@ -1644,16 +1654,6 @@ config SGETMASK_SYSCALL
+ 
+ 	  If unsure, leave the default option here.
+ 
+-config SYSFS_SYSCALL
+-	bool "Sysfs syscall support" if EXPERT
+-	default y
+-	help
+-	  sys_sysfs is an obsolete system call no longer supported in libc.
+-	  Note that disabling this option is more secure but might break
+-	  compatibility with some systems.
+-
+-	  If unsure say Y here.
+-
+ config FHANDLE
+ 	bool "open by fhandle syscalls" if EXPERT
+ 	select EXPORTFS

debian/patches/patchset-pf/fuse/0001-fuse-io-uring-Fix-a-possible-req-cancellation-race.patch

@@ -1,207 +0,0 @@
-From 6e7ac63c4c4a8fe7c66f856f4091d9b20899f167 Mon Sep 17 00:00:00 2001
-From: Bernd Schubert <bschubert@ddn.com>
-Date: Tue, 25 Mar 2025 18:29:31 +0100
-Subject: fuse: {io-uring} Fix a possible req cancellation race
-
-task-A (application) might be in request_wait_answer and
-try to remove the request when it has FR_PENDING set.
-
-task-B (a fuse-server io-uring task) might handle this
-request with FUSE_IO_URING_CMD_COMMIT_AND_FETCH, when
-fetching the next request and accessed the req from
-the pending list in fuse_uring_ent_assign_req().
-That code path was not protected by fiq->lock and so
-might race with task-A.
-
-For scaling reasons we better don't use fiq->lock, but
-add a handler to remove canceled requests from the queue.
-
-This also removes usage of fiq->lock from
-fuse_uring_add_req_to_ring_ent() altogether, as it was
-there just to protect against this race and incomplete.
-
-Also added is a comment why FR_PENDING is not cleared.
-
-Fixes: c090c8abae4b ("fuse: Add io-uring sqe commit and fetch support")
-Cc: <stable@vger.kernel.org> # v6.14
-Reported-by: Joanne Koong <joannelkoong@gmail.com>
-Closes: https://lore.kernel.org/all/CAJnrk1ZgHNb78dz-yfNTpxmW7wtT88A=m-zF0ZoLXKLUHRjNTw@mail.gmail.com/
-Signed-off-by: Bernd Schubert <bschubert@ddn.com>
-Reviewed-by: Joanne Koong <joannelkoong@gmail.com>
-Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
----
- fs/fuse/dev.c         | 34 +++++++++++++++++++++++++---------
- fs/fuse/dev_uring.c   | 15 +++++++++++----
- fs/fuse/dev_uring_i.h |  6 ++++++
- fs/fuse/fuse_dev_i.h  |  1 +
- fs/fuse/fuse_i.h      |  3 +++
- 5 files changed, 46 insertions(+), 13 deletions(-)
-
---- a/fs/fuse/dev.c
-+++ b/fs/fuse/dev.c
-@@ -407,6 +407,24 @@ static int queue_interrupt(struct fuse_r
- 	return 0;
- }
- 
-+bool fuse_remove_pending_req(struct fuse_req *req, spinlock_t *lock)
-+{
-+	spin_lock(lock);
-+	if (test_bit(FR_PENDING, &req->flags)) {
-+		/*
-+		 * FR_PENDING does not get cleared as the request will end
-+		 * up in destruction anyway.
-+		 */
-+		list_del(&req->list);
-+		spin_unlock(lock);
-+		__fuse_put_request(req);
-+		req->out.h.error = -EINTR;
-+		return true;
-+	}
-+	spin_unlock(lock);
-+	return false;
-+}
-+
- static void request_wait_answer(struct fuse_req *req)
- {
- 	struct fuse_conn *fc = req->fm->fc;
-@@ -428,22 +446,20 @@ static void request_wait_answer(struct f
- 	}
- 
- 	if (!test_bit(FR_FORCE, &req->flags)) {
-+		bool removed;
-+
- 		/* Only fatal signals may interrupt this */
- 		err = wait_event_killable(req->waitq,
- 					test_bit(FR_FINISHED, &req->flags));
- 		if (!err)
- 			return;
- 
--		spin_lock(&fiq->lock);
--		/* Request is not yet in userspace, bail out */
--		if (test_bit(FR_PENDING, &req->flags)) {
--			list_del(&req->list);
--			spin_unlock(&fiq->lock);
--			__fuse_put_request(req);
--			req->out.h.error = -EINTR;
-+		if (test_bit(FR_URING, &req->flags))
-+			removed = fuse_uring_remove_pending_req(req);
-+		else
-+			removed = fuse_remove_pending_req(req, &fiq->lock);
-+		if (removed)
- 			return;
--		}
--		spin_unlock(&fiq->lock);
- 	}
- 
- 	/*
---- a/fs/fuse/dev_uring.c
-+++ b/fs/fuse/dev_uring.c
-@@ -726,8 +726,6 @@ static void fuse_uring_add_req_to_ring_e
- 					   struct fuse_req *req)
- {
- 	struct fuse_ring_queue *queue = ent->queue;
--	struct fuse_conn *fc = req->fm->fc;
--	struct fuse_iqueue *fiq = &fc->iq;
- 
- 	lockdep_assert_held(&queue->lock);
- 
-@@ -737,9 +735,7 @@ static void fuse_uring_add_req_to_ring_e
- 			ent->state);
- 	}
- 
--	spin_lock(&fiq->lock);
- 	clear_bit(FR_PENDING, &req->flags);
--	spin_unlock(&fiq->lock);
- 	ent->fuse_req = req;
- 	ent->state = FRRS_FUSE_REQ;
- 	list_move(&ent->list, &queue->ent_w_req_queue);
-@@ -1238,6 +1234,8 @@ void fuse_uring_queue_fuse_req(struct fu
- 	if (unlikely(queue->stopped))
- 		goto err_unlock;
- 
-+	set_bit(FR_URING, &req->flags);
-+	req->ring_queue = queue;
- 	ent = list_first_entry_or_null(&queue->ent_avail_queue,
- 				       struct fuse_ring_ent, list);
- 	if (ent)
-@@ -1276,6 +1274,8 @@ bool fuse_uring_queue_bq_req(struct fuse
- 		return false;
- 	}
- 
-+	set_bit(FR_URING, &req->flags);
-+	req->ring_queue = queue;
- 	list_add_tail(&req->list, &queue->fuse_req_bg_queue);
- 
- 	ent = list_first_entry_or_null(&queue->ent_avail_queue,
-@@ -1306,6 +1306,13 @@ bool fuse_uring_queue_bq_req(struct fuse
- 	return true;
- }
- 
-+bool fuse_uring_remove_pending_req(struct fuse_req *req)
-+{
-+	struct fuse_ring_queue *queue = req->ring_queue;
-+
-+	return fuse_remove_pending_req(req, &queue->lock);
-+}
-+
- static const struct fuse_iqueue_ops fuse_io_uring_ops = {
- 	/* should be send over io-uring as enhancement */
- 	.send_forget = fuse_dev_queue_forget,
---- a/fs/fuse/dev_uring_i.h
-+++ b/fs/fuse/dev_uring_i.h
-@@ -142,6 +142,7 @@ void fuse_uring_abort_end_requests(struc
- int fuse_uring_cmd(struct io_uring_cmd *cmd, unsigned int issue_flags);
- void fuse_uring_queue_fuse_req(struct fuse_iqueue *fiq, struct fuse_req *req);
- bool fuse_uring_queue_bq_req(struct fuse_req *req);
-+bool fuse_uring_remove_pending_req(struct fuse_req *req);
- 
- static inline void fuse_uring_abort(struct fuse_conn *fc)
- {
-@@ -199,6 +200,11 @@ static inline bool fuse_uring_ready(stru
- {
- 	return false;
- }
-+
-+static inline bool fuse_uring_remove_pending_req(struct fuse_req *req)
-+{
-+	return false;
-+}
- 
- #endif /* CONFIG_FUSE_IO_URING */
- 
---- a/fs/fuse/fuse_dev_i.h
-+++ b/fs/fuse/fuse_dev_i.h
-@@ -61,6 +61,7 @@ int fuse_copy_out_args(struct fuse_copy_
- void fuse_dev_queue_forget(struct fuse_iqueue *fiq,
- 			   struct fuse_forget_link *forget);
- void fuse_dev_queue_interrupt(struct fuse_iqueue *fiq, struct fuse_req *req);
-+bool fuse_remove_pending_req(struct fuse_req *req, spinlock_t *lock);
- 
- #endif
- 
---- a/fs/fuse/fuse_i.h
-+++ b/fs/fuse/fuse_i.h
-@@ -378,6 +378,7 @@ struct fuse_io_priv {
-  * FR_FINISHED:		request is finished
-  * FR_PRIVATE:		request is on private list
-  * FR_ASYNC:		request is asynchronous
-+ * FR_URING:		request is handled through fuse-io-uring
-  */
- enum fuse_req_flag {
- 	FR_ISREPLY,
-@@ -392,6 +393,7 @@ enum fuse_req_flag {
- 	FR_FINISHED,
- 	FR_PRIVATE,
- 	FR_ASYNC,
-+	FR_URING,
- };
- 
- /**
-@@ -441,6 +443,7 @@ struct fuse_req {
- 
- #ifdef CONFIG_FUSE_IO_URING
- 	void *ring_entry;
-+	void *ring_queue;
- #endif
- };
- 

debian/patches/patchset-pf/fuse/0001-virtiofs-add-filesystem-context-source-name-check.patch

@@ -0,0 +1,30 @@
+From bd6633c0e527dbcf6b52d3b34b49a980b125c866 Mon Sep 17 00:00:00 2001
+From: Xiangsheng Hou <xiangsheng.hou@mediatek.com>
+Date: Mon, 7 Apr 2025 19:50:49 +0800
+Subject: virtiofs: add filesystem context source name check
+
+In certain scenarios, for example, during fuzz testing, the source
+name may be NULL, which could lead to a kernel panic. Therefore, an
+extra check for the source name should be added.
+
+Fixes: a62a8ef9d97d ("virtio-fs: add virtiofs filesystem")
+Cc: <stable@vger.kernel.org> # all LTS kernels
+Signed-off-by: Xiangsheng Hou <xiangsheng.hou@mediatek.com>
+Link: https://lore.kernel.org/20250407115111.25535-1-xiangsheng.hou@mediatek.com
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+---
+ fs/fuse/virtio_fs.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/fs/fuse/virtio_fs.c
++++ b/fs/fuse/virtio_fs.c
+@@ -1670,6 +1670,9 @@ static int virtio_fs_get_tree(struct fs_
+ 	unsigned int virtqueue_size;
+ 	int err = -EIO;
+ 
++	if (!fsc->source)
++		return invalf(fsc, "No source specified");
++
+ 	/* This gets a reference on virtio_fs object. This ptr gets installed
+ 	 * in fc->iq->priv. Once fuse_conn is going away, it calls ->put()
+ 	 * to drop the reference to this object.

debian/patches/patchset-pf/smb/0001-cifs-avoid-NULL-pointer-dereference-in-dbg-call.patch

@@ -1,37 +0,0 @@
-From c78ab32399be35eed11e986293804eab75bfbe21 Mon Sep 17 00:00:00 2001
-From: Alexandra Diupina <adiupina@astralinux.ru>
-Date: Wed, 19 Mar 2025 17:28:58 +0300
-Subject: cifs: avoid NULL pointer dereference in dbg call
-
-cifs_server_dbg() implies server to be non-NULL so
-move call under condition to avoid NULL pointer dereference.
-
-Found by Linux Verification Center (linuxtesting.org) with SVACE.
-
-Fixes: e79b0332ae06 ("cifs: ignore cached share root handle closing errors")
-Cc: stable@vger.kernel.org
-Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/client/smb2misc.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
---- a/fs/smb/client/smb2misc.c
-+++ b/fs/smb/client/smb2misc.c
-@@ -816,11 +816,12 @@ smb2_handle_cancelled_close(struct cifs_
- 		WARN_ONCE(tcon->tc_count < 0, "tcon refcount is negative");
- 		spin_unlock(&cifs_tcp_ses_lock);
- 
--		if (tcon->ses)
-+		if (tcon->ses) {
- 			server = tcon->ses->server;
--
--		cifs_server_dbg(FYI, "tid=0x%x: tcon is closing, skipping async close retry of fid %llu %llu\n",
--				tcon->tid, persistent_fid, volatile_fid);
-+			cifs_server_dbg(FYI,
-+					"tid=0x%x: tcon is closing, skipping async close retry of fid %llu %llu\n",
-+					tcon->tid, persistent_fid, volatile_fid);
-+		}
- 
- 		return 0;
- 	}

debian/patches/patchset-pf/smb/0001-ksmbd-Fix-dangling-pointer-in-krb_authenticate.patch

@@ -0,0 +1,33 @@
+From c3eedd3e0d50a748c6c520ba00377aba8150c713 Mon Sep 17 00:00:00 2001
+From: Sean Heelan <seanheelan@gmail.com>
+Date: Mon, 7 Apr 2025 11:26:50 +0000
+Subject: ksmbd: Fix dangling pointer in krb_authenticate
+
+krb_authenticate frees sess->user and does not set the pointer
+to NULL. It calls ksmbd_krb5_authenticate to reinitialise
+sess->user but that function may return without doing so. If
+that happens then smb2_sess_setup, which calls krb_authenticate,
+will be accessing free'd memory when it later uses sess->user.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Sean Heelan <seanheelan@gmail.com>
+Acked-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+---
+ fs/smb/server/smb2pdu.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/smb/server/smb2pdu.c
++++ b/fs/smb/server/smb2pdu.c
+@@ -1602,8 +1602,10 @@ static int krb5_authenticate(struct ksmb
+ 	if (prev_sess_id && prev_sess_id != sess->id)
+ 		destroy_previous_session(conn, sess->user, prev_sess_id);
+ 
+-	if (sess->state == SMB2_SESSION_VALID)
++	if (sess->state == SMB2_SESSION_VALID) {
+ 		ksmbd_free_user(sess->user);
++		sess->user = NULL;
++	}
+ 
+ 	retval = ksmbd_krb5_authenticate(sess, in_blob, in_len,
+ 					 out_blob, &out_len);

debian/patches/patchset-pf/smb/0002-CIFS-Propagate-min-offload-along-with-other-paramete.patch

@@ -1,59 +0,0 @@
-From 53f2beb3fafc1395f502390f04ad876a0dd2102d Mon Sep 17 00:00:00 2001
-From: Aman <aman1@microsoft.com>
-Date: Thu, 6 Mar 2025 17:46:43 +0000
-Subject: CIFS: Propagate min offload along with other parameters from primary
- to secondary channels.
-
-In a multichannel setup, it was observed that a few fields were not being
-copied over to the secondary channels, which impacted performance in cases
-where these options were relevant but not properly synchronized. To address
-this, this patch introduces copying the following parameters from the
-primary channel to the secondary channels:
-
-- min_offload
-- compression.requested
-- dfs_conn
-- ignore_signature
-- leaf_fullpath
-- noblockcnt
-- retrans
-- sign
-
-By copying these parameters, we ensure consistency across channels and
-prevent performance degradation due to missing or outdated settings.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Aman <aman1@microsoft.com>
-Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/client/connect.c | 1 +
- fs/smb/client/sess.c    | 7 +++++++
- 2 files changed, 8 insertions(+)
-
---- a/fs/smb/client/connect.c
-+++ b/fs/smb/client/connect.c
-@@ -1677,6 +1677,7 @@ cifs_get_tcp_session(struct smb3_fs_cont
- 	/* Grab netns reference for this server. */
- 	cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));
- 
-+	tcp_ses->sign = ctx->sign;
- 	tcp_ses->conn_id = atomic_inc_return(&tcpSesNextId);
- 	tcp_ses->noblockcnt = ctx->rootfs;
- 	tcp_ses->noblocksnd = ctx->noblocksnd || ctx->rootfs;
---- a/fs/smb/client/sess.c
-+++ b/fs/smb/client/sess.c
-@@ -522,6 +522,13 @@ cifs_ses_add_channel(struct cifs_ses *se
- 	ctx->sockopt_tcp_nodelay = ses->server->tcp_nodelay;
- 	ctx->echo_interval = ses->server->echo_interval / HZ;
- 	ctx->max_credits = ses->server->max_credits;
-+	ctx->min_offload = ses->server->min_offload;
-+	ctx->compress = ses->server->compression.requested;
-+	ctx->dfs_conn = ses->server->dfs_conn;
-+	ctx->ignore_signature = ses->server->ignore_signature;
-+	ctx->leaf_fullpath = ses->server->leaf_fullpath;
-+	ctx->rootfs = ses->server->noblockcnt;
-+	ctx->retrans = ses->server->retrans;
- 
- 	/*
- 	 * This will be used for encoding/decoding user/domain/pw

debian/patches/patchset-pf/smb/0002-ksmbd-fix-use-after-free-in-__smb2_lease_break_noti.patch

@@ -0,0 +1,76 @@
+From 1932e1bb8624ec520da5f61e3f5bbdd16b9f320d Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Fri, 11 Apr 2025 15:19:46 +0900
+Subject: ksmbd: fix use-after-free in __smb2_lease_break_noti()
+
+Move tcp_transport free to ksmbd_conn_free. If ksmbd connection is
+referenced when ksmbd server thread terminates, It will not be freed,
+but conn->tcp_transport is freed. __smb2_lease_break_noti can be performed
+asynchronously when the connection is disconnected. __smb2_lease_break_noti
+calls ksmbd_conn_write, which can cause use-after-free
+when conn->ksmbd_transport is already freed.
+
+Cc: stable@vger.kernel.org
+Reported-by: Norbert Szetei <norbert@doyensec.com>
+Tested-by: Norbert Szetei <norbert@doyensec.com>
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+---
+ fs/smb/server/connection.c    |  4 +++-
+ fs/smb/server/transport_tcp.c | 14 +++++++++-----
+ fs/smb/server/transport_tcp.h |  1 +
+ 3 files changed, 13 insertions(+), 6 deletions(-)
+
+--- a/fs/smb/server/connection.c
++++ b/fs/smb/server/connection.c
+@@ -39,8 +39,10 @@ void ksmbd_conn_free(struct ksmbd_conn *
+ 	xa_destroy(&conn->sessions);
+ 	kvfree(conn->request_buf);
+ 	kfree(conn->preauth_info);
+-	if (atomic_dec_and_test(&conn->refcnt))
++	if (atomic_dec_and_test(&conn->refcnt)) {
++		ksmbd_free_transport(conn->transport);
+ 		kfree(conn);
++	}
+ }
+ 
+ /**
+--- a/fs/smb/server/transport_tcp.c
++++ b/fs/smb/server/transport_tcp.c
+@@ -93,17 +93,21 @@ static struct tcp_transport *alloc_trans
+ 	return t;
+ }
+ 
+-static void free_transport(struct tcp_transport *t)
++void ksmbd_free_transport(struct ksmbd_transport *kt)
+ {
+-	kernel_sock_shutdown(t->sock, SHUT_RDWR);
+-	sock_release(t->sock);
+-	t->sock = NULL;
++	struct tcp_transport *t = TCP_TRANS(kt);
+ 
+-	ksmbd_conn_free(KSMBD_TRANS(t)->conn);
++	sock_release(t->sock);
+ 	kfree(t->iov);
+ 	kfree(t);
+ }
+ 
++static void free_transport(struct tcp_transport *t)
++{
++	kernel_sock_shutdown(t->sock, SHUT_RDWR);
++	ksmbd_conn_free(KSMBD_TRANS(t)->conn);
++}
++
+ /**
+  * kvec_array_init() - initialize a IO vector segment
+  * @new:	IO vector to be initialized
+--- a/fs/smb/server/transport_tcp.h
++++ b/fs/smb/server/transport_tcp.h
+@@ -8,6 +8,7 @@
+ 
+ int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz);
+ struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name);
++void ksmbd_free_transport(struct ksmbd_transport *kt);
+ int ksmbd_tcp_init(void);
+ void ksmbd_tcp_destroy(void);
+ 

debian/patches/patchset-pf/smb/0003-cifs-fix-integer-overflow-in-match_server.patch

@@ -1,36 +0,0 @@
-From 6b8b436fbb92dff7d6bc8d6c977b01814a541ec0 Mon Sep 17 00:00:00 2001
-From: Roman Smirnov <r.smirnov@omp.ru>
-Date: Mon, 31 Mar 2025 11:22:49 +0300
-Subject: cifs: fix integer overflow in match_server()
-
-The echo_interval is not limited in any way during mounting,
-which makes it possible to write a large number to it. This can
-cause an overflow when multiplying ctx->echo_interval by HZ in
-match_server().
-
-Add constraints for echo_interval to smb3_fs_context_parse_param().
-
-Found by Linux Verification Center (linuxtesting.org) with Svace.
-
-Fixes: adfeb3e00e8e1 ("cifs: Make echo interval tunable")
-Cc: stable@vger.kernel.org
-Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/client/fs_context.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/fs/smb/client/fs_context.c
-+++ b/fs/smb/client/fs_context.c
-@@ -1377,6 +1377,11 @@ static int smb3_fs_context_parse_param(s
- 		ctx->closetimeo = HZ * result.uint_32;
- 		break;
- 	case Opt_echo_interval:
-+		if (result.uint_32 < SMB_ECHO_INTERVAL_MIN ||
-+		    result.uint_32 > SMB_ECHO_INTERVAL_MAX) {
-+			cifs_errorf(fc, "echo interval is out of bounds\n");
-+			goto cifs_parse_mount_err;
-+		}
- 		ctx->echo_interval = result.uint_32;
- 		break;
- 	case Opt_snapshot:

debian/patches/patchset-pf/smb/0003-ksmbd-fix-use-after-free-in-smb_break_all_levII_oplo.patch

@@ -0,0 +1,124 @@
+From 67437a4c66847a82ab538705b932144d4af28f4b Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Tue, 15 Apr 2025 09:30:21 +0900
+Subject: ksmbd: fix use-after-free in smb_break_all_levII_oplock()
+
+There is a room in smb_break_all_levII_oplock that can cause racy issues
+when unlocking in the middle of the loop. This patch use read lock
+to protect whole loop.
+
+Cc: stable@vger.kernel.org
+Reported-by: Norbert Szetei <norbert@doyensec.com>
+Tested-by: Norbert Szetei <norbert@doyensec.com>
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+---
+ fs/smb/server/oplock.c | 29 +++++++++--------------------
+ fs/smb/server/oplock.h |  1 -
+ 2 files changed, 9 insertions(+), 21 deletions(-)
+
+--- a/fs/smb/server/oplock.c
++++ b/fs/smb/server/oplock.c
+@@ -129,14 +129,6 @@ static void free_opinfo(struct oplock_in
+ 	kfree(opinfo);
+ }
+ 
+-static inline void opinfo_free_rcu(struct rcu_head *rcu_head)
+-{
+-	struct oplock_info *opinfo;
+-
+-	opinfo = container_of(rcu_head, struct oplock_info, rcu_head);
+-	free_opinfo(opinfo);
+-}
+-
+ struct oplock_info *opinfo_get(struct ksmbd_file *fp)
+ {
+ 	struct oplock_info *opinfo;
+@@ -157,8 +149,8 @@ static struct oplock_info *opinfo_get_li
+ 	if (list_empty(&ci->m_op_list))
+ 		return NULL;
+ 
+-	rcu_read_lock();
+-	opinfo = list_first_or_null_rcu(&ci->m_op_list, struct oplock_info,
++	down_read(&ci->m_lock);
++	opinfo = list_first_entry(&ci->m_op_list, struct oplock_info,
+ 					op_entry);
+ 	if (opinfo) {
+ 		if (opinfo->conn == NULL ||
+@@ -171,8 +163,7 @@ static struct oplock_info *opinfo_get_li
+ 			}
+ 		}
+ 	}
+-
+-	rcu_read_unlock();
++	up_read(&ci->m_lock);
+ 
+ 	return opinfo;
+ }
+@@ -185,7 +176,7 @@ void opinfo_put(struct oplock_info *opin
+ 	if (!atomic_dec_and_test(&opinfo->refcount))
+ 		return;
+ 
+-	call_rcu(&opinfo->rcu_head, opinfo_free_rcu);
++	free_opinfo(opinfo);
+ }
+ 
+ static void opinfo_add(struct oplock_info *opinfo)
+@@ -193,7 +184,7 @@ static void opinfo_add(struct oplock_inf
+ 	struct ksmbd_inode *ci = opinfo->o_fp->f_ci;
+ 
+ 	down_write(&ci->m_lock);
+-	list_add_rcu(&opinfo->op_entry, &ci->m_op_list);
++	list_add(&opinfo->op_entry, &ci->m_op_list);
+ 	up_write(&ci->m_lock);
+ }
+ 
+@@ -207,7 +198,7 @@ static void opinfo_del(struct oplock_inf
+ 		write_unlock(&lease_list_lock);
+ 	}
+ 	down_write(&ci->m_lock);
+-	list_del_rcu(&opinfo->op_entry);
++	list_del(&opinfo->op_entry);
+ 	up_write(&ci->m_lock);
+ }
+ 
+@@ -1347,8 +1338,8 @@ void smb_break_all_levII_oplock(struct k
+ 	ci = fp->f_ci;
+ 	op = opinfo_get(fp);
+ 
+-	rcu_read_lock();
+-	list_for_each_entry_rcu(brk_op, &ci->m_op_list, op_entry) {
++	down_read(&ci->m_lock);
++	list_for_each_entry(brk_op, &ci->m_op_list, op_entry) {
+ 		if (brk_op->conn == NULL)
+ 			continue;
+ 
+@@ -1358,7 +1349,6 @@ void smb_break_all_levII_oplock(struct k
+ 		if (ksmbd_conn_releasing(brk_op->conn))
+ 			continue;
+ 
+-		rcu_read_unlock();
+ 		if (brk_op->is_lease && (brk_op->o_lease->state &
+ 		    (~(SMB2_LEASE_READ_CACHING_LE |
+ 				SMB2_LEASE_HANDLE_CACHING_LE)))) {
+@@ -1388,9 +1378,8 @@ void smb_break_all_levII_oplock(struct k
+ 		oplock_break(brk_op, SMB2_OPLOCK_LEVEL_NONE, NULL);
+ next:
+ 		opinfo_put(brk_op);
+-		rcu_read_lock();
+ 	}
+-	rcu_read_unlock();
++	up_read(&ci->m_lock);
+ 
+ 	if (op)
+ 		opinfo_put(op);
+--- a/fs/smb/server/oplock.h
++++ b/fs/smb/server/oplock.h
+@@ -71,7 +71,6 @@ struct oplock_info {
+ 	struct list_head        lease_entry;
+ 	wait_queue_head_t oplock_q; /* Other server threads */
+ 	wait_queue_head_t oplock_brk; /* oplock breaking wait */
+-	struct rcu_head		rcu_head;
+ };
+ 
+ struct lease_break_info {

debian/patches/patchset-pf/smb/0004-ksmbd-fix-the-warning-from-__kernel_write_iter.patch

@@ -0,0 +1,31 @@
+From d9f3fc321672406f959334509a88296187994c5a Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Tue, 15 Apr 2025 09:31:08 +0900
+Subject: ksmbd: fix the warning from __kernel_write_iter
+
+[ 2110.972290] ------------[ cut here ]------------
+[ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280
+
+This patch doesn't allow writing to directory.
+
+Cc: stable@vger.kernel.org
+Reported-by: Norbert Szetei <norbert@doyensec.com>
+Tested-by: Norbert Szetei <norbert@doyensec.com>
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+---
+ fs/smb/server/vfs.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/smb/server/vfs.c
++++ b/fs/smb/server/vfs.c
+@@ -496,7 +496,8 @@ int ksmbd_vfs_write(struct ksmbd_work *w
+ 	int err = 0;
+ 
+ 	if (work->conn->connection_type) {
+-		if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE))) {
++		if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE)) ||
++		    S_ISDIR(file_inode(fp->filp)->i_mode)) {
+ 			pr_err("no right to write(%pD)\n", fp->filp);
+ 			err = -EACCES;
+ 			goto out;

debian/patches/patchset-pf/smb/0005-ksmbd-Prevent-integer-overflow-in-calculation-of-dea.patch

@@ -0,0 +1,43 @@
+From adbf65091f5ac103ae5339bd49549b147906a0c0 Mon Sep 17 00:00:00 2001
+From: Denis Arefev <arefev@swemel.ru>
+Date: Wed, 9 Apr 2025 12:04:49 +0300
+Subject: ksmbd: Prevent integer overflow in calculation of deadtime
+
+The user can set any value for 'deadtime'. This affects the arithmetic
+expression 'req->deadtime * SMB_ECHO_INTERVAL', which is subject to
+overflow. The added check makes the server behavior more predictable.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers")
+Cc: stable@vger.kernel.org
+Signed-off-by: Denis Arefev <arefev@swemel.ru>
+Acked-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+---
+ fs/smb/server/transport_ipc.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/fs/smb/server/transport_ipc.c
++++ b/fs/smb/server/transport_ipc.c
+@@ -310,7 +310,11 @@ static int ipc_server_config_on_startup(
+ 	server_conf.signing = req->signing;
+ 	server_conf.tcp_port = req->tcp_port;
+ 	server_conf.ipc_timeout = req->ipc_timeout * HZ;
+-	server_conf.deadtime = req->deadtime * SMB_ECHO_INTERVAL;
++	if (check_mul_overflow(req->deadtime, SMB_ECHO_INTERVAL,
++					&server_conf.deadtime)) {
++		ret = -EINVAL;
++		goto out;
++	}
+ 	server_conf.share_fake_fscaps = req->share_fake_fscaps;
+ 	ksmbd_init_domain(req->sub_auth);
+ 
+@@ -337,6 +341,7 @@ static int ipc_server_config_on_startup(
+ 	server_conf.bind_interfaces_only = req->bind_interfaces_only;
+ 	ret |= ksmbd_tcp_set_interfaces(KSMBD_STARTUP_CONFIG_INTERFACES(req),
+ 					req->ifc_list_sz);
++out:
+ 	if (ret) {
+ 		pr_err("Server configuration error: %s %s %s\n",
+ 		       req->netbios_name, req->server_string,

debian/patches/patchset-pf/zstd/0001-zstd-import-upstream-v1.5.7.patch

@@ -4262,7 +4262,7 @@ Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
 -  #if ((defined(__clang__) && __has_attribute(__target__)) \
 +#  if ((defined(__clang__) && __has_attribute(__target__)) \
        || (defined(__GNUC__) \
-           && (__GNUC__ >= 5 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 8)))) \
+           && (__GNUC__ >= 11))) \
 -      && (defined(__x86_64__) || defined(_M_X64)) \
 +      && (defined(__i386__) || defined(__x86_64__) || defined(_M_IX86) || defined(_M_X64)) \
        && !defined(__BMI2__)

debian/patches/patchset-xanmod/binder/0002-binder-turn-into-module-list_lru_add-list_lru_del.patch

@@ -1,29 +0,0 @@
-From 0156792aef65a27c5938dc821630f5546dc6a3c9 Mon Sep 17 00:00:00 2001
-From: Paolo Pisati <paolo.pisati@canonical.com>
-Date: Thu, 6 Feb 2025 15:38:05 +0100
-Subject: binder: turn into module - list_lru_add()/list_lru_del()
-
-Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
-Signed-off-by: Alexandre Frade <kernel@xanmod.org>
----
- mm/list_lru.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/mm/list_lru.c
-+++ b/mm/list_lru.c
-@@ -175,6 +175,7 @@ bool list_lru_add(struct list_lru *lru,
- 	unlock_list_lru(l, false);
- 	return false;
- }
-+EXPORT_SYMBOL_GPL(list_lru_add);
- 
- bool list_lru_add_obj(struct list_lru *lru, struct list_head *item)
- {
-@@ -212,6 +213,7 @@ bool list_lru_del(struct list_lru *lru,
- 	unlock_list_lru(l, false);
- 	return false;
- }
-+EXPORT_SYMBOL_GPL(list_lru_del);
- 
- bool list_lru_del_obj(struct list_lru *lru, struct list_head *item)
- {

debian/patches/patchset-xanmod/binder/0003-binder-turn-into-module-lock_vma_under_rcu.patch

@@ -1,21 +0,0 @@
-From 51d6dcc335e157df9ce5b9605841b879db64894a Mon Sep 17 00:00:00 2001
-From: Paolo Pisati <paolo.pisati@canonical.com>
-Date: Thu, 6 Feb 2025 15:40:09 +0100
-Subject: binder: turn into module - lock_vma_under_rcu()
-
-Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
-Signed-off-by: Alexandre Frade <kernel@xanmod.org>
----
- mm/memory.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/mm/memory.c
-+++ b/mm/memory.c
-@@ -6392,6 +6392,7 @@ inval:
- 	count_vm_vma_lock_event(VMA_LOCK_ABORT);
- 	return NULL;
- }
-+EXPORT_SYMBOL_GPL(lock_vma_under_rcu);
- #endif /* CONFIG_PER_VMA_LOCK */
- 
- #ifndef __PAGETABLE_P4D_FOLDED

debian/patches/patchset-xanmod/pci_acso/0001-PCI-Enable-overrides-for-missing-ACS-capabilities.patch

@@ -55,7 +55,7 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
 
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4644,6 +4644,15 @@
+@@ -4646,6 +4646,15 @@
  		nomsi		[MSI] If the PCI_MSI kernel config parameter is
  				enabled, this kernel boot option can be used to
  				disable the use of MSI interrupts system-wide.

debian/patches/patchset-xanmod/xanmod/0013-XANMOD-sched-autogroup-Add-kernel-parameter-and-conf.patch

@@ -24,7 +24,7 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
  	bau=		[X86_UV] Enable the BAU on SGI UV.  The default
  			behavior is to disable the BAU (i.e. bau=0).
  			Format: { "0" | "1" }
-@@ -4039,8 +4043,6 @@
+@@ -4041,8 +4045,6 @@
  
  	noapictimer	[APIC,X86] Don't set up the APIC timer
  

debian/patches/patchset-zen/invlpgb/0004-x86-mm-Add-INVLPGB-feature-and-Kconfig-entry.patch

@@ -90,7 +90,7 @@ Link: https://lore.kernel.org/r/20250226030129.530345-3-riel@surriel.com
  static inline int rdmsrl_amd_safe(unsigned msr, unsigned long long *p)
  {
  	u32 gprs[8] = { 0 };
-@@ -1139,6 +1141,10 @@ static void cpu_detect_tlb_amd(struct cp
+@@ -1140,6 +1142,10 @@ static void cpu_detect_tlb_amd(struct cp
  		tlb_lli_2m[ENTRIES] = eax & mask;
  
  	tlb_lli_4m[ENTRIES] = tlb_lli_2m[ENTRIES] >> 1;

debian/patches/patchset-zen/invlpgb/0012-x86-mm-Enable-AMD-translation-cache-extensions.patch

@@ -52,7 +52,7 @@ Link: https://lore.kernel.org/r/20250226030129.530345-13-riel@surriel.com
  /*
 --- a/arch/x86/kernel/cpu/amd.c
 +++ b/arch/x86/kernel/cpu/amd.c
-@@ -1075,6 +1075,10 @@ static void init_amd(struct cpuinfo_x86
+@@ -1076,6 +1076,10 @@ static void init_amd(struct cpuinfo_x86
  
  	/* AMD CPUs don't need fencing after x2APIC/TSC_DEADLINE MSR writes. */
  	clear_cpu_cap(c, X86_FEATURE_APIC_MSRS_FENCE);

debian/patches/patchset-zen/sauce/0003-ZEN-PCI-Add-Intel-remapped-NVMe-device-support.patch

@@ -94,7 +94,7 @@ Contains:
 -#endif
 --- a/drivers/ata/ahci.c
 +++ b/drivers/ata/ahci.c
-@@ -1618,7 +1618,7 @@ static irqreturn_t ahci_thunderx_irq_han
+@@ -1629,7 +1629,7 @@ static irqreturn_t ahci_thunderx_irq_han
  }
  #endif
  
@@ -103,7 +103,7 @@ Contains:
  		struct ahci_host_priv *hpriv)
  {
  	int i;
-@@ -1631,7 +1631,7 @@ static void ahci_remap_check(struct pci_
+@@ -1642,7 +1642,7 @@ static void ahci_remap_check(struct pci_
  	    pci_resource_len(pdev, bar) < SZ_512K ||
  	    bar != AHCI_PCI_BAR_STANDARD ||
  	    !(readl(hpriv->mmio + AHCI_VSCAP) & 1))
@@ -112,7 +112,7 @@ Contains:
  
  	cap = readq(hpriv->mmio + AHCI_REMAP_CAP);
  	for (i = 0; i < AHCI_MAX_REMAP; i++) {
-@@ -1646,18 +1646,11 @@ static void ahci_remap_check(struct pci_
+@@ -1657,18 +1657,11 @@ static void ahci_remap_check(struct pci_
  	}
  
  	if (!hpriv->remapped_nvme)
@@ -135,7 +135,7 @@ Contains:
  }
  
  static int ahci_get_irq_vector(struct ata_host *host, int port)
-@@ -1898,7 +1891,9 @@ static int ahci_init_one(struct pci_dev
+@@ -1909,7 +1902,9 @@ static int ahci_init_one(struct pci_dev
  		return -ENOMEM;
  
  	/* detect remapped nvme devices */

debian/patches/patchset-zen/sauce/0004-ZEN-Disable-stack-conservation-for-GCC.patch

@@ -24,6 +24,6 @@ Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
 -KBUILD_CFLAGS   += -fconserve-stack
 -endif
 -
- # change __FILE__ to the relative path to the source directory
- ifdef building_out_of_srctree
- KBUILD_CPPFLAGS += $(call cc-option,-fmacro-prefix-map=$(srcroot)/=)
+ # Ensure compilers do not transform certain loops into calls to wcslen()
+ KBUILD_CFLAGS += -fno-builtin-wcslen
+ 

debian/patches/series

@@ -69,10 +69,15 @@ features/x86/x86-make-x32-syscall-support-conditional.patch
 bugfix/all/disable-some-marvell-phys.patch
 bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
 bugfix/all/documentation-use-relative-source-paths-in-abi-documentation.patch
+bugfix/all/hfs-hfsplus-fix-slab-out-of-bounds-in-hfs_bnode_read.patch
 
 # Miscellaneous features
 
 # Lockdown missing pieces
+features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
+features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
+features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
+features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
 
 # Improve integrity platform keyring for kernel modules verification
 features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch
@@ -125,50 +130,44 @@ patchset-pf/amd-pstate/0003-cpufreq-amd-pstate-Remove-the-unnecessary-cpufreq_up
 patchset-pf/amd-pstate/0004-cpufreq-amd-pstate-Use-scope-based-cleanup-for-cpufr.patch
 patchset-pf/amd-pstate/0005-cpufreq-amd-pstate-Remove-the-unncecessary-driver_lo.patch
 patchset-pf/amd-pstate/0006-cpufreq-amd-pstate-Fix-the-clamping-of-perf-values.patch
-patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Invalidate-cppc_req_cached-during.patch
-patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch
-patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch
-patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch
-patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Overhaul-locking.patch
-patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch
-patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch
-patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch
-patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch
-patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch
-patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch
-patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch
-patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch
-patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch
-patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch
-patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch
-patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Rework-CPPC-enabling.patch
-patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Stop-caching-EPP.patch
-patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch
-patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch
-patchset-pf/amd-pstate/0027-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch
-
-patchset-pf/btrfs/0001-btrfs-fix-non-empty-delayed-iputs-list-on-unmount-du.patch
-patchset-pf/btrfs/0002-btrfs-tests-fix-chunk-map-leak-after-failure-to-add-.patch
-patchset-pf/btrfs/0003-btrfs-zoned-fix-zone-activation-with-missing-devices.patch
-patchset-pf/btrfs/0004-btrfs-zoned-fix-zone-finishing-with-missing-devices.patch
+patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch
+patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch
+patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch
+patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Overhaul-locking.patch
+patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch
+patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch
+patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch
+patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch
+patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch
+patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch
+patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch
+patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch
+patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch
+patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch
+patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch
+patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Rework-CPPC-enabling.patch
+patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Stop-caching-EPP.patch
+patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch
+patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch
+patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch
 
 patchset-pf/cpuidle/0001-cpuidle-Prefer-teo-over-menu-governor.patch
 
 patchset-pf/crypto/0001-crypto-x86-aes-xts-make-the-fast-path-64-bit-specifi.patch
 patchset-pf/crypto/0002-crypto-x86-aes-ctr-rewrite-AESNI-AVX-optimized-CTR-a.patch
 
-patchset-pf/fuse/0001-fuse-io-uring-Fix-a-possible-req-cancellation-race.patch
+patchset-pf/fuse/0001-virtiofs-add-filesystem-context-source-name-check.patch
 
-patchset-pf/smb/0001-cifs-avoid-NULL-pointer-dereference-in-dbg-call.patch
-patchset-pf/smb/0002-CIFS-Propagate-min-offload-along-with-other-paramete.patch
-patchset-pf/smb/0003-cifs-fix-integer-overflow-in-match_server.patch
+patchset-pf/smb/0001-ksmbd-Fix-dangling-pointer-in-krb_authenticate.patch
+patchset-pf/smb/0002-ksmbd-fix-use-after-free-in-__smb2_lease_break_noti.patch
+patchset-pf/smb/0003-ksmbd-fix-use-after-free-in-smb_break_all_levII_oplo.patch
+patchset-pf/smb/0004-ksmbd-fix-the-warning-from-__kernel_write_iter.patch
+patchset-pf/smb/0005-ksmbd-Prevent-integer-overflow-in-calculation-of-dea.patch
 
 patchset-pf/zstd/0001-zstd-import-upstream-v1.5.7.patch
 patchset-pf/zstd/0002-lib-zstd-Refactor-intentional-wrap-around-test.patch
 
 patchset-xanmod/binder/0001-binder-turn-into-module.patch
-patchset-xanmod/binder/0002-binder-turn-into-module-list_lru_add-list_lru_del.patch
-patchset-xanmod/binder/0003-binder-turn-into-module-lock_vma_under_rcu.patch
 
 patchset-xanmod/clearlinux/0001-sched-wait-Do-accept-in-LIFO-order-for-cache-efficie.patch
 patchset-xanmod/clearlinux/0002-firmware-Enable-stateless-firmware-loading.patch
@@ -267,17 +266,16 @@ patchset-zen/sauce/0021-ZEN-INTERACTIVE-dm-crypt-Disable-workqueues-for-cryp.pat
 patchset-zen/sauce/0022-ZEN-INTERACTIVE-mm-swap-Disable-swap-in-readahead.patch
 patchset-zen/sauce/0023-ZEN-INTERACTIVE-Document-PDS-BMQ-configuration.patch
 
-patchset-pf/fixes/0001-tpm-do-not-start-chip-while-suspended.patch
-patchset-pf/fixes/0002-Kunit-to-check-the-longest-symbol-length.patch
-patchset-pf/fixes/0003-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch
-patchset-pf/fixes/0004-tpm-tpm_tis-Fix-timeout-handling-when-waiting-for-TP.patch
-patchset-pf/fixes/0005-block-make-sure-nr_integrity_segments-is-cloned-in-b.patch
-patchset-pf/fixes/0006-PCI-Fix-wrong-length-of-devres-array.patch
-patchset-pf/fixes/0007-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch
-patchset-pf/fixes/0008-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch
-patchset-pf/fixes/0009-ice-mark-ice_write_prof_mask_reg-as-noinline.patch
-patchset-pf/fixes/0010-fixes-6.14-update-tpm2_start_auth_session-fix.patch
-patchset-pf/fixes/0011-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch
+patchset-pf/fixes/0001-Kunit-to-check-the-longest-symbol-length.patch
+patchset-pf/fixes/0002-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch
+patchset-pf/fixes/0003-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch
+patchset-pf/fixes/0004-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch
+patchset-pf/fixes/0005-ice-mark-ice_write_prof_mask_reg-as-noinline.patch
+patchset-pf/fixes/0006-fixes-6.14-update-tpm2_start_auth_session-fix.patch
+patchset-pf/fixes/0007-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch
+patchset-pf/fixes/0008-wifi-iwlwifi-pcie-set-state-to-no-FW-before-reset-ha.patch
+patchset-pf/fixes/0009-wifi-ath12k-Abort-scan-before-removing-link-interfac.patch
+patchset-pf/fixes/0010-Kconfig-switch-CONFIG_SYSFS_SYCALL-default-to-n.patch
 
 patchset-zen/fixes/0001-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch
 patchset-zen/fixes/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch