From f2e779751af01a3eee7b287777aee753ed95c86a Mon Sep 17 00:00:00 2001
From: Konstantin Demin <rockdrilla@gmail.com>
Date: Mon, 21 Apr 2025 02:06:41 +0300
Subject: [PATCH] release 6.14.3
---
debian/bin/genpatch-pfkernel | 2 +-
debian/changelog | 7 +
debian/config/amd64/config.mobile | 1 +
debian/config/amd64/config.vm | 1 +
debian/config/config | 6 +-
debian/libcpupower1.symbols | 2 +
...ftdep-declarations-for-hard-coded-cr.patch | 2 +-
...slab-out-of-bounds-in-hfs_bnode_read.patch | 84 +++++++
...uilding-ashmem-and-binder-as-modules.patch | 28 +++
...rt-symbols-needed-by-android-drivers.patch | 2 +-
...compiler-version-comparison-optional.patch | 2 +-
...rnel-config-option-to-lock-down-when.patch | 153 +++++++++++++
...ecure_boot-flag-to-indicate-secure-b.patch | 153 +++++++++++++
...e-kernel-if-booted-in-secure-boot-mo.patch | 121 ++++++++++
...ble-slram-and-phram-when-locked-down.patch | 75 +++++++
...rther-restriction-of-perf_event_open.patch | 4 +-
...make-x32-syscall-support-conditional.patch | 4 +-
...ail-the-kernel-build-on-fatal-errors.patch | 2 +-
...te-Remove-the-redundant-des_perf-cla.patch | 2 +-
...tate-Modularize-perf-freq-conversion.patch | 2 +-
...te-Remove-the-unnecessary-cpufreq_up.patch | 2 +-
...te-Use-scope-based-cleanup-for-cpufr.patch | 2 +-
...te-Remove-the-unncecessary-driver_lo.patch | 2 +-
...tate-Fix-the-clamping-of-perf-values.patch | 2 +-
...te-Invalidate-cppc_req_cached-during.patch | 42 ----
...e-Show-a-warning-when-a-CPU-fails-t.patch} | 2 +-
...e-Drop-min-and-max-cached-frequenci.patch} | 2 +-
...state-Move-perf-values-into-a-union.patch} | 2 +-
...cpufreq-amd-pstate-Overhaul-locking.patch} | 2 +-
...eq-amd-pstate-Drop-cppc_cap1_cached.patch} | 2 +-
...e-ut-Use-_free-macro-to-free-put-po.patch} | 2 +-
...e-ut-Allow-lowest-nonlinear-and-low.patch} | 2 +-
...tate-ut-Drop-SUCCESS-and-FAIL-enums.patch} | 2 +-
...e-ut-Run-on-all-of-the-correct-CPUs.patch} | 2 +-
...amd-pstate-ut-Adjust-variable-scope.patch} | 2 +-
...e-Replace-all-AMD_CPPC_-macros-with.patch} | 2 +-
...e-Cache-CPPC-request-in-shared-mem-.patch} | 2 +-
...e-Move-all-EPP-tracing-into-_update.patch} | 2 +-
...e-Update-cppc_req_cached-for-shared.patch} | 2 +-
...e-Drop-debug-statements-for-policy-.patch} | 2 +-
...req-amd-pstate-Rework-CPPC-enabling.patch} | 2 +-
...cpufreq-amd-pstate-Stop-caching-EPP.patch} | 2 +-
...e-Drop-actions-in-amd_pstate_epp_cp.patch} | 2 +-
...e-fix-warning-noticed-by-kernel-tes.patch} | 2 +-
...e-Fix-min_limit-perf-and-freq-updat.patch} | 2 +-
...pty-delayed-iputs-list-on-unmount-du.patch | 76 -------
...chunk-map-leak-after-failure-to-add-.patch | 30 ---
...zone-activation-with-missing-devices.patch | 36 ---
...-zone-finishing-with-missing-devices.patch | 36 ---
...-to-check-the-longest-symbol-length.patch} | 4 +-
...pm-do-not-start-chip-while-suspended.patch | 94 --------
...plicate-unlikely-definition-in-insn.patch} | 2 +-
...optimize-MES-pipe-FW-version-fetchi.patch} | 2 +-
...k-TPM-RC-in-tpm2_start_auth_session.patch} | 2 +-
...timeout-handling-when-waiting-for-TP.patch | 44 ----
...nr_integrity_segments-is-cloned-in-b.patch | 32 ---
...ice_write_prof_mask_reg-as-noinline.patch} | 2 +-
...PCI-Fix-wrong-length-of-devres-array.patch | 40 ----
...-update-tpm2_start_auth_session-fix.patch} | 4 +-
...optimize-MES-pipe-FW-version-fetchi.patch} | 2 +-
...e-set-state-to-no-FW-before-reset-ha.patch | 50 +++++
...t-scan-before-removing-link-interfac.patch | 40 ++++
...tch-CONFIG_SYSFS_SYCALL-default-to-n.patch | 49 +++++
...Fix-a-possible-req-cancellation-race.patch | 207 ------------------
...filesystem-context-source-name-check.patch | 30 +++
...NULL-pointer-dereference-in-dbg-call.patch | 37 ----
...dangling-pointer-in-krb_authenticate.patch | 33 +++
...in-offload-along-with-other-paramete.patch | 59 -----
...fter-free-in-__smb2_lease_break_noti.patch | 76 +++++++
...fix-integer-overflow-in-match_server.patch | 36 ---
...ter-free-in-smb_break_all_levII_oplo.patch | 124 +++++++++++
...the-warning-from-__kernel_write_iter.patch | 31 +++
...teger-overflow-in-calculation-of-dea.patch | 43 ++++
.../0001-zstd-import-upstream-v1.5.7.patch | 2 +-
...nto-module-list_lru_add-list_lru_del.patch | 29 ---
...-turn-into-module-lock_vma_under_rcu.patch | 21 --
...errides-for-missing-ACS-capabilities.patch | 2 +-
...ogroup-Add-kernel-parameter-and-conf.patch | 2 +-
...dd-INVLPGB-feature-and-Kconfig-entry.patch | 2 +-
...ble-AMD-translation-cache-extensions.patch | 2 +-
...d-Intel-remapped-NVMe-device-support.patch | 8 +-
...N-Disable-stack-conservation-for-GCC.patch | 6 +-
debian/patches/series | 84 ++++---
83 files changed, 1201 insertions(+), 921 deletions(-)
create mode 100644 debian/patches/bugfix/all/hfs-hfsplus-fix-slab-out-of-bounds-in-hfs_bnode_read.patch
create mode 100644 debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
create mode 100644 debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
create mode 100644 debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
create mode 100644 debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
delete mode 100644 debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Invalidate-cppc_req_cached-during.patch
rename debian/patches/patchset-pf/amd-pstate/{0008-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch => 0007-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch} (94%)
rename debian/patches/patchset-pf/amd-pstate/{0009-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch => 0008-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch} (99%)
rename debian/patches/patchset-pf/amd-pstate/{0010-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch => 0009-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch} (99%)
rename debian/patches/patchset-pf/amd-pstate/{0011-cpufreq-amd-pstate-Overhaul-locking.patch => 0010-cpufreq-amd-pstate-Overhaul-locking.patch} (97%)
rename debian/patches/patchset-pf/amd-pstate/{0012-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch => 0011-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch} (96%)
rename debian/patches/patchset-pf/amd-pstate/{0013-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch => 0012-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch} (98%)
rename debian/patches/patchset-pf/amd-pstate/{0014-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch => 0013-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch} (96%)
rename debian/patches/patchset-pf/amd-pstate/{0015-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch => 0014-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch} (99%)
rename debian/patches/patchset-pf/amd-pstate/{0016-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch => 0015-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch} (96%)
rename debian/patches/patchset-pf/amd-pstate/{0017-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch => 0016-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch} (95%)
rename debian/patches/patchset-pf/amd-pstate/{0018-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch => 0017-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch} (98%)
rename debian/patches/patchset-pf/amd-pstate/{0019-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch => 0018-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch} (96%)
rename debian/patches/patchset-pf/amd-pstate/{0020-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch => 0019-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch} (99%)
rename debian/patches/patchset-pf/amd-pstate/{0021-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch => 0020-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch} (94%)
rename debian/patches/patchset-pf/amd-pstate/{0022-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch => 0021-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch} (95%)
rename debian/patches/patchset-pf/amd-pstate/{0023-cpufreq-amd-pstate-Rework-CPPC-enabling.patch => 0022-cpufreq-amd-pstate-Rework-CPPC-enabling.patch} (99%)
rename debian/patches/patchset-pf/amd-pstate/{0024-cpufreq-amd-pstate-Stop-caching-EPP.patch => 0023-cpufreq-amd-pstate-Stop-caching-EPP.patch} (98%)
rename debian/patches/patchset-pf/amd-pstate/{0025-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch => 0024-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch} (95%)
rename debian/patches/patchset-pf/amd-pstate/{0026-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch => 0025-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch} (95%)
rename debian/patches/patchset-pf/amd-pstate/{0027-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch => 0026-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch} (96%)
delete mode 100644 debian/patches/patchset-pf/btrfs/0001-btrfs-fix-non-empty-delayed-iputs-list-on-unmount-du.patch
delete mode 100644 debian/patches/patchset-pf/btrfs/0002-btrfs-tests-fix-chunk-map-leak-after-failure-to-add-.patch
delete mode 100644 debian/patches/patchset-pf/btrfs/0003-btrfs-zoned-fix-zone-activation-with-missing-devices.patch
delete mode 100644 debian/patches/patchset-pf/btrfs/0004-btrfs-zoned-fix-zone-finishing-with-missing-devices.patch
rename debian/patches/patchset-pf/fixes/{0002-Kunit-to-check-the-longest-symbol-length.patch => 0001-Kunit-to-check-the-longest-symbol-length.patch} (97%)
delete mode 100644 debian/patches/patchset-pf/fixes/0001-tpm-do-not-start-chip-while-suspended.patch
rename debian/patches/patchset-pf/fixes/{0003-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch => 0002-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch} (95%)
rename debian/patches/patchset-pf/fixes/{0007-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch => 0003-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch} (93%)
rename debian/patches/patchset-pf/fixes/{0008-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch => 0004-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch} (98%)
delete mode 100644 debian/patches/patchset-pf/fixes/0004-tpm-tpm_tis-Fix-timeout-handling-when-waiting-for-TP.patch
delete mode 100644 debian/patches/patchset-pf/fixes/0005-block-make-sure-nr_integrity_segments-is-cloned-in-b.patch
rename debian/patches/patchset-pf/fixes/{0009-ice-mark-ice_write_prof_mask_reg-as-noinline.patch => 0005-ice-mark-ice_write_prof_mask_reg-as-noinline.patch} (95%)
delete mode 100644 debian/patches/patchset-pf/fixes/0006-PCI-Fix-wrong-length-of-devres-array.patch
rename debian/patches/patchset-pf/fixes/{0010-fixes-6.14-update-tpm2_start_auth_session-fix.patch => 0006-fixes-6.14-update-tpm2_start_auth_session-fix.patch} (93%)
rename debian/patches/patchset-pf/fixes/{0011-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch => 0007-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch} (96%)
create mode 100644 debian/patches/patchset-pf/fixes/0008-wifi-iwlwifi-pcie-set-state-to-no-FW-before-reset-ha.patch
create mode 100644 debian/patches/patchset-pf/fixes/0009-wifi-ath12k-Abort-scan-before-removing-link-interfac.patch
create mode 100644 debian/patches/patchset-pf/fixes/0010-Kconfig-switch-CONFIG_SYSFS_SYCALL-default-to-n.patch
delete mode 100644 debian/patches/patchset-pf/fuse/0001-fuse-io-uring-Fix-a-possible-req-cancellation-race.patch
create mode 100644 debian/patches/patchset-pf/fuse/0001-virtiofs-add-filesystem-context-source-name-check.patch
delete mode 100644 debian/patches/patchset-pf/smb/0001-cifs-avoid-NULL-pointer-dereference-in-dbg-call.patch
create mode 100644 debian/patches/patchset-pf/smb/0001-ksmbd-Fix-dangling-pointer-in-krb_authenticate.patch
delete mode 100644 debian/patches/patchset-pf/smb/0002-CIFS-Propagate-min-offload-along-with-other-paramete.patch
create mode 100644 debian/patches/patchset-pf/smb/0002-ksmbd-fix-use-after-free-in-__smb2_lease_break_noti.patch
delete mode 100644 debian/patches/patchset-pf/smb/0003-cifs-fix-integer-overflow-in-match_server.patch
create mode 100644 debian/patches/patchset-pf/smb/0003-ksmbd-fix-use-after-free-in-smb_break_all_levII_oplo.patch
create mode 100644 debian/patches/patchset-pf/smb/0004-ksmbd-fix-the-warning-from-__kernel_write_iter.patch
create mode 100644 debian/patches/patchset-pf/smb/0005-ksmbd-Prevent-integer-overflow-in-calculation-of-dea.patch
delete mode 100644 debian/patches/patchset-xanmod/binder/0002-binder-turn-into-module-list_lru_add-list_lru_del.patch
delete mode 100644 debian/patches/patchset-xanmod/binder/0003-binder-turn-into-module-lock_vma_under_rcu.patch
diff --git a/debian/bin/genpatch-pfkernel b/debian/bin/genpatch-pfkernel
index 5613a06..183a13f 100755
--- a/debian/bin/genpatch-pfkernel
+++ b/debian/bin/genpatch-pfkernel
@@ -7,7 +7,7 @@ w=$(git rev-parse --path-format=absolute --show-toplevel) ; : "${w:?}" ; cd "$w"
dst='debian/patches/pf-tmp'
src='../linux-extras'
-branches='amd-pstate btrfs cpuidle crypto exfat fixes fuse kbuild nfs smb zstd'
+branches='amd-pstate cpuidle crypto fixes fuse kbuild smb zstd'
if [ -d "${dst}" ] ; then rm -rf "${dst}" ; fi
mkdir -p "${dst}"
diff --git a/debian/changelog b/debian/changelog
index 4866d88..e94d6bf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+linux (6.14.3-1) sid; urgency=medium
+
+ * New upstream stable update:
+ https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.3
+
+ -- Konstantin Demin <rockdrilla@gmail.com> Mon, 21 Apr 2025 01:31:34 +0300
+
linux (6.14.2-1) sid; urgency=medium
* New upstream stable update:
diff --git a/debian/config/amd64/config.mobile b/debian/config/amd64/config.mobile
index 46302ae..e743f92 100644
--- a/debian/config/amd64/config.mobile
+++ b/debian/config/amd64/config.mobile
@@ -1394,6 +1394,7 @@ CONFIG_HID_THRUSTMASTER=m
CONFIG_THRUSTMASTER_FF=y
CONFIG_HID_UDRAW_PS3=m
CONFIG_HID_U2FZERO=m
+CONFIG_HID_UNIVERSAL_PIDFF=m
CONFIG_HID_WACOM=m
CONFIG_HID_WIIMOTE=m
CONFIG_HID_WINWING=m
diff --git a/debian/config/amd64/config.vm b/debian/config/amd64/config.vm
index 5a395c6..59c3312 100644
--- a/debian/config/amd64/config.vm
+++ b/debian/config/amd64/config.vm
@@ -808,6 +808,7 @@ CONFIG_HID_HYPERV_MOUSE=m
# CONFIG_HID_TOPRE is not set
# CONFIG_HID_THRUSTMASTER is not set
# CONFIG_HID_UDRAW_PS3 is not set
+# CONFIG_HID_UNIVERSAL_PIDFF is not set
# CONFIG_HID_WACOM is not set
# CONFIG_HID_XINMO is not set
# CONFIG_HID_ZEROPLUS is not set
diff --git a/debian/config/config b/debian/config/config
index 5f24cd8..d80bba2 100644
--- a/debian/config/config
+++ b/debian/config/config
@@ -2080,11 +2080,11 @@ CONFIG_INITRAMFS_PRESERVE_MTIME=y
CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE_O3=y
# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set
## end choice
+# CONFIG_SYSFS_SYSCALL is not set
CONFIG_EXPERT=y
# CONFIG_UID16 is not set
CONFIG_MULTIUSER=y
# CONFIG_SGETMASK_SYSCALL is not set
-# CONFIG_SYSFS_SYSCALL is not set
CONFIG_FHANDLE=y
CONFIG_POSIX_TIMERS=y
CONFIG_PRINTK=y
@@ -3819,7 +3819,7 @@ CONFIG_HAVE_KVM_DIRTY_RING=y
CONFIG_HAVE_KVM_DIRTY_RING_ACQ_REL=y
CONFIG_HAVE_KVM_DIRTY_RING_TSO=y
CONFIG_HAVE_KVM_IRQCHIP=y
-CONFIG_HAVE_KVM_IRQ_BYPASS=y
+CONFIG_HAVE_KVM_IRQ_BYPASS=m
CONFIG_HAVE_KVM_IRQ_ROUTING=y
CONFIG_HAVE_KVM_MSI=y
CONFIG_HAVE_KVM_NO_POLL=y
@@ -3920,7 +3920,7 @@ CONFIG_IPVLAN_L3S=y
CONFIG_IP_DCCP_TFRC_LIB=y
CONFIG_IP_MROUTE_COMMON=y
CONFIG_IP_ROUTE_CLASSID=y
-CONFIG_IRQ_BYPASS_MANAGER=y
+CONFIG_IRQ_BYPASS_MANAGER=m
CONFIG_IRQ_DOMAIN=y
CONFIG_IRQ_DOMAIN_HIERARCHY=y
CONFIG_IRQ_FORCED_THREADING=y
diff --git a/debian/libcpupower1.symbols b/debian/libcpupower1.symbols
index 26e5e82..577aff5 100644
--- a/debian/libcpupower1.symbols
+++ b/debian/libcpupower1.symbols
@@ -6,6 +6,7 @@ libcpupower.so.1 libcpupower1 #MINVER#
cpufreq_get_available_governors@Base 4.7~rc2-1~exp1
cpufreq_get_boost_frequencies@Base 5.5.8-1~exp1
cpufreq_get_driver@Base 4.7~rc2-1~exp1
+ cpufreq_get_energy_performance_preference@Base 6.14~
cpufreq_get_freq_hardware@Base 4.7~rc2-1~exp1
cpufreq_get_freq_kernel@Base 4.7~rc2-1~exp1
cpufreq_get_hardware_limits@Base 4.7~rc2-1~exp1
@@ -23,6 +24,7 @@ libcpupower.so.1 libcpupower1 #MINVER#
cpufreq_put_available_governors@Base 4.7~rc2-1~exp1
cpufreq_put_boost_frequencies@Base 5.5.8-1~exp1
cpufreq_put_driver@Base 4.7~rc2-1~exp1
+ cpufreq_put_energy_performance_preference@Base 6.14~
cpufreq_put_policy@Base 4.7~rc2-1~exp1
cpufreq_put_related_cpus@Base 4.7~rc2-1~exp1
cpufreq_put_stats@Base 4.7~rc2-1~exp1
diff --git a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
index 0fc542b..72b1e24 100644
--- a/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
+++ b/debian/patches/bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
@@ -29,7 +29,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
MODULE_SOFTDEP("pre: blake2b-256");
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
-@@ -3159,6 +3159,7 @@ static void __exit journal_exit(void)
+@@ -3158,6 +3158,7 @@ static void __exit journal_exit(void)
MODULE_DESCRIPTION("Generic filesystem journal-writing module");
MODULE_LICENSE("GPL");
diff --git a/debian/patches/bugfix/all/hfs-hfsplus-fix-slab-out-of-bounds-in-hfs_bnode_read.patch b/debian/patches/bugfix/all/hfs-hfsplus-fix-slab-out-of-bounds-in-hfs_bnode_read.patch
new file mode 100644
index 0000000..a7b9115
--- /dev/null
+++ b/debian/patches/bugfix/all/hfs-hfsplus-fix-slab-out-of-bounds-in-hfs_bnode_read.patch
@@ -0,0 +1,84 @@
+From: Vasiliy Kovalev <kovalev@altlinux.org>
+Date: Sat, 19 Oct 2024 22:13:03 +0300
+Subject: hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
+Origin: https://git.kernel.org/linus/bb5e07cb927724e0b47be371fa081141cfb14414
+
+Syzbot reported an issue in hfs subsystem:
+
+BUG: KASAN: slab-out-of-bounds in memcpy_from_page include/linux/highmem.h:423 [inline]
+BUG: KASAN: slab-out-of-bounds in hfs_bnode_read fs/hfs/bnode.c:35 [inline]
+BUG: KASAN: slab-out-of-bounds in hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70
+Write of size 94 at addr ffff8880123cd100 by task syz-executor237/5102
+
+Call Trace:
+ <TASK>
+ __dump_stack lib/dump_stack.c:94 [inline]
+ dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
+ print_address_description mm/kasan/report.c:377 [inline]
+ print_report+0x169/0x550 mm/kasan/report.c:488
+ kasan_report+0x143/0x180 mm/kasan/report.c:601
+ kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
+ __asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106
+ memcpy_from_page include/linux/highmem.h:423 [inline]
+ hfs_bnode_read fs/hfs/bnode.c:35 [inline]
+ hfs_bnode_read_key+0x314/0x450 fs/hfs/bnode.c:70
+ hfs_brec_insert+0x7f3/0xbd0 fs/hfs/brec.c:159
+ hfs_cat_create+0x41d/0xa50 fs/hfs/catalog.c:118
+ hfs_mkdir+0x6c/0xe0 fs/hfs/dir.c:232
+ vfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257
+ do_mkdirat+0x264/0x3a0 fs/namei.c:4280
+ __do_sys_mkdir fs/namei.c:4300 [inline]
+ __se_sys_mkdir fs/namei.c:4298 [inline]
+ __x64_sys_mkdir+0x6c/0x80 fs/namei.c:4298
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+RIP: 0033:0x7fbdd6057a99
+
+Add a check for key length in hfs_bnode_read_key to prevent
+out-of-bounds memory access. If the key length is invalid, the
+key buffer is cleared, improving stability and reliability.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Reported-by: syzbot+5f3a973ed3dfb85a6683@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=5f3a973ed3dfb85a6683
+Cc: stable@vger.kernel.org
+Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
+Link: https://lore.kernel.org/20241019191303.24048-1-kovalev@altlinux.org
+Reviewed-by: Cengiz Can <cengiz.can@canonical.com>
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+---
+ fs/hfs/bnode.c | 6 ++++++
+ fs/hfsplus/bnode.c | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+--- a/fs/hfs/bnode.c
++++ b/fs/hfs/bnode.c
+@@ -67,6 +67,12 @@ void hfs_bnode_read_key(struct hfs_bnode
+ else
+ key_len = tree->max_key_len + 1;
+
++ if (key_len > sizeof(hfs_btree_key) || key_len < 1) {
++ memset(key, 0, sizeof(hfs_btree_key));
++ pr_err("hfs: Invalid key length: %d\n", key_len);
++ return;
++ }
++
+ hfs_bnode_read(node, key, off, key_len);
+ }
+
+--- a/fs/hfsplus/bnode.c
++++ b/fs/hfsplus/bnode.c
+@@ -67,6 +67,12 @@ void hfs_bnode_read_key(struct hfs_bnode
+ else
+ key_len = tree->max_key_len + 2;
+
++ if (key_len > sizeof(hfsplus_btree_key) || key_len < 1) {
++ memset(key, 0, sizeof(hfsplus_btree_key));
++ pr_err("hfsplus: Invalid key length: %d\n", key_len);
++ return;
++ }
++
+ hfs_bnode_read(node, key, off, key_len);
+ }
+
diff --git a/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch b/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch
index 8a565c6..b6af589 100644
--- a/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch
+++ b/debian/patches/debian/android-enable-building-ashmem-and-binder-as-modules.patch
@@ -60,3 +60,31 @@ Consequently, the ashmem part of this patch has been removed.
uint, 0644);
#define binder_alloc_debug(mask, x...) \
+--- a/mm/list_lru.c
++++ b/mm/list_lru.c
+@@ -175,6 +175,7 @@ bool list_lru_add(struct list_lru *lru,
+ unlock_list_lru(l, false);
+ return false;
+ }
++EXPORT_SYMBOL_GPL(list_lru_add);
+
+ bool list_lru_add_obj(struct list_lru *lru, struct list_head *item)
+ {
+@@ -212,6 +213,7 @@ bool list_lru_del(struct list_lru *lru,
+ unlock_list_lru(l, false);
+ return false;
+ }
++EXPORT_SYMBOL_GPL(list_lru_del);
+
+ bool list_lru_del_obj(struct list_lru *lru, struct list_head *item)
+ {
+--- a/mm/memory.c
++++ b/mm/memory.c
+@@ -6392,6 +6392,7 @@ inval:
+ count_vm_vma_lock_event(VMA_LOCK_ABORT);
+ return NULL;
+ }
++EXPORT_SYMBOL_GPL(lock_vma_under_rcu);
+ #endif /* CONFIG_PER_VMA_LOCK */
+
+ #ifndef __PAGETABLE_P4D_FOLDED
diff --git a/debian/patches/debian/export-symbols-needed-by-android-drivers.patch b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch
index 9b9f63e..58244a3 100644
--- a/debian/patches/debian/export-symbols-needed-by-android-drivers.patch
+++ b/debian/patches/debian/export-symbols-needed-by-android-drivers.patch
@@ -22,7 +22,7 @@ Export the currently un-exported symbols it depends on.
--- a/fs/file.c
+++ b/fs/file.c
-@@ -837,6 +837,7 @@ struct file *file_close_fd(unsigned int
+@@ -845,6 +845,7 @@ struct file *file_close_fd(unsigned int
return file;
}
diff --git a/debian/patches/debian/makefile-make-compiler-version-comparison-optional.patch b/debian/patches/debian/makefile-make-compiler-version-comparison-optional.patch
index c967e8a..5784354 100644
--- a/debian/patches/debian/makefile-make-compiler-version-comparison-optional.patch
+++ b/debian/patches/debian/makefile-make-compiler-version-comparison-optional.patch
@@ -20,7 +20,7 @@ is non-empty.
---
--- a/Makefile
+++ b/Makefile
-@@ -1873,7 +1873,7 @@ PHONY += prepare
+@@ -1876,7 +1876,7 @@ PHONY += prepare
# now expand this into a simple variable to reduce the cost of shell evaluations
prepare: CC_VERSION_TEXT := $(CC_VERSION_TEXT)
prepare:
diff --git a/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch b/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
new file mode 100644
index 0000000..3a938cd
--- /dev/null
+++ b/debian/patches/features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
@@ -0,0 +1,153 @@
+From: Linn Crosetto <linn@hpe.com>
+Date: Tue, 30 Aug 2016 11:54:38 -0600
+Subject: arm64: add kernel config option to lock down when in Secure Boot mode
+Bug-Debian: https://bugs.debian.org/831827
+Forwarded: no
+
+Add a kernel configuration option to lock down the kernel, to restrict
+userspace's ability to modify the running kernel when UEFI Secure Boot is
+enabled. Based on the x86 patch by Matthew Garrett.
+
+Determine the state of Secure Boot in the EFI stub and pass this to the
+kernel using the FDT.
+
+Signed-off-by: Linn Crosetto <linn@hpe.com>
+[bwh: Forward-ported to 4.10: adjust context]
+[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream]
+[bwh: Forward-ported to 4.15 and lockdown patch set:
+ - Pass result of efi_get_secureboot() in stub through to
+ efi_set_secure_boot() in main kernel
+ - Use lockdown API and naming]
+[bwh: Forward-ported to 4.19.3: adjust context in update_fdt()]
+[dannf: Moved init_lockdown() call after uefi_init(), fixing SB detection]
+[bwh: Drop call to init_lockdown(), as efi_set_secure_boot() now calls this]
+[bwh: Forward-ported to 5.6: efi_get_secureboot() no longer takes a
+ sys_table parameter]
+[bwh: Forward-ported to 5.7: EFI initialisation from FDT was rewritten, so:
+ - Add Secure Boot mode to the parameter enumeration in fdtparams.c
+ - Add a parameter to efi_get_fdt_params() to return the Secure Boot mode
+ - Since Xen does not have a property name defined for Secure Boot mode,
+ change efi_get_fdt_prop() to handle a missing property name by clearing
+ the output variable]
+[Salvatore Bonaccorso: Forward-ported to 5.10: f30f242fb131 ("efi: Rename
+arm-init to efi-init common for all arch") renamed arm-init.c to efi-init.c]
+---
+ drivers/firmware/efi/efi-init.c | 5 ++++-
+ drivers/firmware/efi/fdtparams.c | 12 +++++++++++-
+ drivers/firmware/efi/libstub/fdt.c | 6 ++++++
+ include/linux/efi.h | 3 ++-
+ 4 files changed, 23 insertions(+), 3 deletions(-)
+
+--- a/drivers/firmware/efi/efi-init.c
++++ b/drivers/firmware/efi/efi-init.c
+@@ -213,9 +213,10 @@ void __init efi_init(void)
+ {
+ struct efi_memory_map_data data;
+ u64 efi_system_table;
++ u32 secure_boot;
+
+ /* Grab UEFI information placed in FDT by stub */
+- efi_system_table = efi_get_fdt_params(&data);
++ efi_system_table = efi_get_fdt_params(&data, &secure_boot);
+ if (!efi_system_table)
+ return;
+
+@@ -237,6 +238,8 @@ void __init efi_init(void)
+ return;
+ }
+
++ efi_set_secure_boot(secure_boot);
++
+ reserve_regions();
+ /*
+ * For memblock manipulation, the cap should come after the memblock_add().
+--- a/drivers/firmware/efi/fdtparams.c
++++ b/drivers/firmware/efi/fdtparams.c
+@@ -16,6 +16,7 @@ enum {
+ MMSIZE,
+ DCSIZE,
+ DCVERS,
++ SBMODE,
+
+ PARAMCOUNT
+ };
+@@ -26,6 +27,7 @@ static __initconst const char name[][22]
+ [MMSIZE] = "MemMap Size ",
+ [DCSIZE] = "MemMap Desc. Size ",
+ [DCVERS] = "MemMap Desc. Version ",
++ [SBMODE] = "Secure Boot Enabled ",
+ };
+
+ static __initconst const struct {
+@@ -43,6 +45,7 @@ static __initconst const struct {
+ [MMSIZE] = "xen,uefi-mmap-size",
+ [DCSIZE] = "xen,uefi-mmap-desc-size",
+ [DCVERS] = "xen,uefi-mmap-desc-ver",
++ [SBMODE] = "",
+ }
+ }, {
+ #endif
+@@ -53,6 +56,7 @@ static __initconst const struct {
+ [MMSIZE] = "linux,uefi-mmap-size",
+ [DCSIZE] = "linux,uefi-mmap-desc-size",
+ [DCVERS] = "linux,uefi-mmap-desc-ver",
++ [SBMODE] = "linux,uefi-secure-boot",
+ }
+ }
+ };
+@@ -64,6 +68,11 @@ static int __init efi_get_fdt_prop(const
+ int len;
+ u64 val;
+
++ if (!pname[0]) {
++ memset(var, 0, size);
++ return 0;
++ }
++
+ prop = fdt_getprop(fdt, node, pname, &len);
+ if (!prop)
+ return 1;
+@@ -81,7 +90,7 @@ static int __init efi_get_fdt_prop(const
+ return 0;
+ }
+
+-u64 __init efi_get_fdt_params(struct efi_memory_map_data *mm)
++u64 __init efi_get_fdt_params(struct efi_memory_map_data *mm, u32 *secure_boot)
+ {
+ const void *fdt = initial_boot_params;
+ unsigned long systab;
+@@ -95,6 +104,7 @@ u64 __init efi_get_fdt_params(struct efi
+ [MMSIZE] = { &mm->size, sizeof(mm->size) },
+ [DCSIZE] = { &mm->desc_size, sizeof(mm->desc_size) },
+ [DCVERS] = { &mm->desc_version, sizeof(mm->desc_version) },
++ [SBMODE] = { secure_boot, sizeof(*secure_boot) },
+ };
+
+ BUILD_BUG_ON(ARRAY_SIZE(target) != ARRAY_SIZE(name));
+--- a/drivers/firmware/efi/libstub/fdt.c
++++ b/drivers/firmware/efi/libstub/fdt.c
+@@ -132,6 +132,12 @@ static efi_status_t update_fdt(void *ori
+ }
+ }
+
++ fdt_val32 = cpu_to_fdt32(efi_get_secureboot());
++ status = fdt_setprop(fdt, node, "linux,uefi-secure-boot",
++ &fdt_val32, sizeof(fdt_val32));
++ if (status)
++ goto fdt_set_fail;
++
+ /* Shrink the FDT back to its minimum size: */
+ fdt_pack(fdt);
+
+--- a/include/linux/efi.h
++++ b/include/linux/efi.h
+@@ -753,7 +753,8 @@ extern int efi_mem_desc_lookup(u64 phys_
+ extern int __efi_mem_desc_lookup(u64 phys_addr, efi_memory_desc_t *out_md);
+ extern void efi_mem_reserve(phys_addr_t addr, u64 size);
+ extern int efi_mem_reserve_persistent(phys_addr_t addr, u64 size);
+-extern u64 efi_get_fdt_params(struct efi_memory_map_data *data);
++extern u64 efi_get_fdt_params(struct efi_memory_map_data *data,
++ u32 *secure_boot);
+ extern struct kobject *efi_kobj;
+
+ extern int efi_reboot_quirk_mode;
diff --git a/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch b/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
new file mode 100644
index 0000000..71a0764
--- /dev/null
+++ b/debian/patches/features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
@@ -0,0 +1,153 @@
+From: David Howells <dhowells@redhat.com>
+Date: Mon, 18 Feb 2019 12:45:03 +0000
+Subject: [28/30] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a5d70c55c603233c192b375f72116a395909da28
+
+UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT
+flag that can be passed to efi_enabled() to find out whether secure boot is
+enabled.
+
+Move the switch-statement in x86's setup_arch() that inteprets the
+secure_boot boot parameter to generic code and set the bit there.
+
+Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+cc: linux-efi@vger.kernel.org
+[rperier: Forward-ported to 5.5:
+ - Use pr_warn()
+ - Adjust context]
+[bwh: Forward-ported to 5.6: adjust context]
+[bwh: Forward-ported to 5.7:
+ - Use the next available bit in efi.flags
+ - Adjust context]
+---
+ arch/x86/kernel/setup.c | 14 +----------
+ drivers/firmware/efi/Makefile | 1 +
+ drivers/firmware/efi/secureboot.c | 39 +++++++++++++++++++++++++++++++
+ include/linux/efi.h | 16 ++++++++-----
+ 4 files changed, 51 insertions(+), 19 deletions(-)
+ create mode 100644 drivers/firmware/efi/secureboot.c
+
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -1073,19 +1073,7 @@ void __init setup_arch(char **cmdline_p)
+ /* Allocate bigger log buffer */
+ setup_log_buf(1);
+
+- if (efi_enabled(EFI_BOOT)) {
+- switch (boot_params.secure_boot) {
+- case efi_secureboot_mode_disabled:
+- pr_info("Secure boot disabled\n");
+- break;
+- case efi_secureboot_mode_enabled:
+- pr_info("Secure boot enabled\n");
+- break;
+- default:
+- pr_info("Secure boot could not be determined\n");
+- break;
+- }
+- }
++ efi_set_secure_boot(boot_params.secure_boot);
+
+ reserve_initrd();
+
+--- a/drivers/firmware/efi/Makefile
++++ b/drivers/firmware/efi/Makefile
+@@ -25,6 +25,7 @@ subdir-$(CONFIG_EFI_STUB) += libstub
+ obj-$(CONFIG_EFI_BOOTLOADER_CONTROL) += efibc.o
+ obj-$(CONFIG_EFI_TEST) += test/
+ obj-$(CONFIG_EFI_DEV_PATH_PARSER) += dev-path-parser.o
++obj-$(CONFIG_EFI) += secureboot.o
+ obj-$(CONFIG_APPLE_PROPERTIES) += apple-properties.o
+ obj-$(CONFIG_EFI_RCI2_TABLE) += rci2-table.o
+ obj-$(CONFIG_EFI_EMBEDDED_FIRMWARE) += embedded-firmware.o
+--- /dev/null
++++ b/drivers/firmware/efi/secureboot.c
+@@ -0,0 +1,39 @@
++
++/* Core kernel secure boot support.
++ *
++ * Copyright (C) 2017 Red Hat, Inc. All Rights Reserved.
++ * Written by David Howells (dhowells@redhat.com)
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public Licence
++ * as published by the Free Software Foundation; either version
++ * 2 of the Licence, or (at your option) any later version.
++ */
++
++#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
++
++#include <linux/efi.h>
++#include <linux/kernel.h>
++#include <linux/printk.h>
++
++/*
++ * Decide what to do when UEFI secure boot mode is enabled.
++ */
++void __init efi_set_secure_boot(enum efi_secureboot_mode mode)
++{
++ if (efi_enabled(EFI_BOOT)) {
++ switch (mode) {
++ case efi_secureboot_mode_disabled:
++ pr_info("Secure boot disabled\n");
++ break;
++ case efi_secureboot_mode_enabled:
++ set_bit(EFI_SECURE_BOOT, &efi.flags);
++ pr_info("Secure boot enabled\n");
++ break;
++ default:
++ pr_warn("Secure boot could not be determined (mode %u)\n",
++ mode);
++ break;
++ }
++ }
++}
+--- a/include/linux/efi.h
++++ b/include/linux/efi.h
+@@ -863,6 +863,14 @@ static inline int efi_range_is_wc(unsign
+ #define EFI_MEM_ATTR 9 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */
+ #define EFI_MEM_NO_SOFT_RESERVE 10 /* Is the kernel configured to ignore soft reservations? */
+ #define EFI_PRESERVE_BS_REGIONS 11 /* Are EFI boot-services memory segments available? */
++#define EFI_SECURE_BOOT 12 /* Are we in Secure Boot mode? */
++
++enum efi_secureboot_mode {
++ efi_secureboot_mode_unset,
++ efi_secureboot_mode_unknown,
++ efi_secureboot_mode_disabled,
++ efi_secureboot_mode_enabled,
++};
+
+ #ifdef CONFIG_EFI
+ /*
+@@ -887,6 +895,7 @@ static inline bool efi_rt_services_suppo
+ return (efi.runtime_supported_mask & mask) == mask;
+ }
+ extern void efi_find_mirror(void);
++extern void __init efi_set_secure_boot(enum efi_secureboot_mode mode);
+ #else
+ static inline bool efi_enabled(int feature)
+ {
+@@ -906,6 +915,7 @@ static inline bool efi_rt_services_suppo
+ }
+
+ static inline void efi_find_mirror(void) {}
++static inline void efi_set_secure_boot(enum efi_secureboot_mode mode) {}
+ #endif
+
+ extern int efi_status_to_err(efi_status_t status);
+@@ -1124,13 +1134,6 @@ static inline bool efi_runtime_disabled(
+ extern void efi_call_virt_check_flags(unsigned long flags, const void *caller);
+ extern unsigned long efi_call_virt_save_flags(void);
+
+-enum efi_secureboot_mode {
+- efi_secureboot_mode_unset,
+- efi_secureboot_mode_unknown,
+- efi_secureboot_mode_disabled,
+- efi_secureboot_mode_enabled,
+-};
+-
+ static inline
+ enum efi_secureboot_mode efi_get_secureboot_mode(efi_get_variable_t *get_var)
+ {
diff --git a/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
new file mode 100644
index 0000000..867ac78
--- /dev/null
+++ b/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
@@ -0,0 +1,121 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 10 Sep 2019 11:54:28 +0100
+Subject: efi: Lock down the kernel if booted in secure boot mode
+
+Based on an earlier patch by David Howells, who wrote the following
+description:
+
+> UEFI Secure Boot provides a mechanism for ensuring that the firmware will
+> only load signed bootloaders and kernels. Certain use cases may also
+> require that all kernel modules also be signed. Add a configuration option
+> that to lock down the kernel - which includes requiring validly signed
+> modules - if the kernel is secure-booted.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+[Salvatore Bonaccorso: After fixing https://bugs.debian.org/956197 the
+help text for LOCK_DOWN_IN_EFI_SECURE_BOOT was adjusted to mention that
+lockdown is triggered in integrity mode (https://bugs.debian.org/1025417)]
+Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
+---
+ arch/x86/kernel/setup.c | 4 ++--
+ drivers/firmware/efi/secureboot.c | 3 +++
+ include/linux/security.h | 6 ++++++
+ security/lockdown/Kconfig | 15 +++++++++++++++
+ security/lockdown/lockdown.c | 2 +-
+ 5 files changed, 27 insertions(+), 3 deletions(-)
+
+--- a/arch/x86/kernel/setup.c
++++ b/arch/x86/kernel/setup.c
+@@ -907,6 +907,8 @@ void __init setup_arch(char **cmdline_p)
+ if (efi_enabled(EFI_BOOT))
+ efi_init();
+
++ efi_set_secure_boot(boot_params.secure_boot);
++
+ reserve_ibft_region();
+ x86_init.resources.dmi_setup();
+
+@@ -1073,8 +1075,6 @@ void __init setup_arch(char **cmdline_p)
+ /* Allocate bigger log buffer */
+ setup_log_buf(1);
+
+- efi_set_secure_boot(boot_params.secure_boot);
+-
+ reserve_initrd();
+
+ acpi_table_upgrade();
+--- a/drivers/firmware/efi/secureboot.c
++++ b/drivers/firmware/efi/secureboot.c
+@@ -15,6 +15,7 @@
+ #include <linux/efi.h>
+ #include <linux/kernel.h>
+ #include <linux/printk.h>
++#include <linux/security.h>
+
+ /*
+ * Decide what to do when UEFI secure boot mode is enabled.
+@@ -28,6 +29,10 @@ void __init efi_set_secure_boot(enum efi
+ break;
+ case efi_secureboot_mode_enabled:
+ set_bit(EFI_SECURE_BOOT, &efi.flags);
++#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
++ lock_kernel_down("EFI Secure Boot",
++ LOCKDOWN_INTEGRITY_MAX);
++#endif
+ pr_info("Secure boot enabled\n");
+ break;
+ default:
+--- a/include/linux/security.h
++++ b/include/linux/security.h
+@@ -574,6 +574,7 @@ int security_inode_notifysecctx(struct i
+ int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
+ int security_inode_getsecctx(struct inode *inode, struct lsm_context *cp);
+ int security_locked_down(enum lockdown_reason what);
++int lock_kernel_down(const char *where, enum lockdown_reason level);
+ int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
+ void *val, size_t val_len, u64 id, u64 flags);
+ int security_bdev_alloc(struct block_device *bdev);
+@@ -1580,6 +1581,11 @@ static inline int security_locked_down(e
+ {
+ return 0;
+ }
++static inline int
++lock_kernel_down(const char *where, enum lockdown_reason level)
++{
++ return -EOPNOTSUPP;
++}
+ static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx,
+ u32 *uctx_len, void *val, size_t val_len,
+ u64 id, u64 flags)
+--- a/security/lockdown/Kconfig
++++ b/security/lockdown/Kconfig
+@@ -45,3 +45,18 @@ config LOCK_DOWN_KERNEL_FORCE_CONFIDENTI
+ disabled.
+
+ endchoice
++
++config LOCK_DOWN_IN_EFI_SECURE_BOOT
++ bool "Lock down the kernel in EFI Secure Boot mode"
++ default n
++ depends on SECURITY_LOCKDOWN_LSM
++ depends on EFI
++ select SECURITY_LOCKDOWN_LSM_EARLY
++ help
++ UEFI Secure Boot provides a mechanism for ensuring that the firmware
++ will only load signed bootloaders and kernels. Secure boot mode may
++ be determined from EFI variables provided by the system firmware if
++ not indicated by the boot parameters.
++
++ Enabling this option results in kernel lockdown being
++ triggered in integrity mode if EFI Secure Boot is set.
+--- a/security/lockdown/lockdown.c
++++ b/security/lockdown/lockdown.c
+@@ -24,7 +24,7 @@ static const enum lockdown_reason lockdo
+ /*
+ * Put the kernel into lock-down mode.
+ */
+-static int lock_kernel_down(const char *where, enum lockdown_reason level)
++int lock_kernel_down(const char *where, enum lockdown_reason level)
+ {
+ if (kernel_locked_down >= level)
+ return -EPERM;
diff --git a/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
new file mode 100644
index 0000000..125b08b
--- /dev/null
+++ b/debian/patches/features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
@@ -0,0 +1,75 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Fri, 30 Aug 2019 15:54:24 +0100
+Subject: mtd: phram,slram: Disable when the kernel is locked down
+Forwarded: https://lore.kernel.org/linux-security-module/20190830154720.eekfjt6c4jzvlbfz@decadent.org.uk/
+
+These drivers allow mapping arbitrary memory ranges as MTD devices.
+This should be disabled to preserve the kernel's integrity when it is
+locked down.
+
+* Add the HWPARAM flag to the module parameters
+* When slram is built-in, it uses __setup() to read kernel parameters,
+ so add an explicit check security_locked_down() check
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Cc: Matthew Garrett <mjg59@google.com>
+Cc: David Howells <dhowells@redhat.com>
+Cc: Joern Engel <joern@lazybastard.org>
+Cc: linux-mtd@lists.infradead.org
+---
+ drivers/mtd/devices/phram.c | 6 +++++-
+ drivers/mtd/devices/slram.c | 9 ++++++++-
+ 2 files changed, 13 insertions(+), 2 deletions(-)
+
+--- a/drivers/mtd/devices/phram.c
++++ b/drivers/mtd/devices/phram.c
+@@ -365,7 +365,11 @@ static int phram_param_call(const char *
+ #endif
+ }
+
+-module_param_call(phram, phram_param_call, NULL, NULL, 0200);
++static const struct kernel_param_ops phram_param_ops = {
++ .set = phram_param_call
++};
++__module_param_call(MODULE_PARAM_PREFIX, phram, &phram_param_ops, NULL,
++ 0200, -1, KERNEL_PARAM_FL_HWPARAM | hwparam_iomem);
+ MODULE_PARM_DESC(phram, "Memory region to map. \"phram=<name>,<start>,<length>[,<erasesize>]\"");
+
+ #ifdef CONFIG_OF
+--- a/drivers/mtd/devices/slram.c
++++ b/drivers/mtd/devices/slram.c
+@@ -43,6 +43,7 @@
+ #include <linux/ioctl.h>
+ #include <linux/init.h>
+ #include <linux/io.h>
++#include <linux/security.h>
+
+ #include <linux/mtd/mtd.h>
+
+@@ -65,7 +66,7 @@ typedef struct slram_mtd_list {
+ #ifdef MODULE
+ static char *map[SLRAM_MAX_DEVICES_PARAMS];
+
+-module_param_array(map, charp, NULL, 0);
++module_param_hw_array(map, charp, iomem, NULL, 0);
+ MODULE_PARM_DESC(map, "List of memory regions to map. \"map=<name>, <start>, <length / end>\"");
+ #else
+ static char *map;
+@@ -281,11 +282,17 @@ static int __init init_slram(void)
+ #ifndef MODULE
+ char *devstart;
+ char *devlength;
++ int ret;
+
+ if (!map) {
+ E("slram: not enough parameters.\n");
+ return(-EINVAL);
+ }
++
++ ret = security_locked_down(LOCKDOWN_MODULE_PARAMETERS);
++ if (ret)
++ return ret;
++
+ while (map) {
+ devname = devstart = devlength = NULL;
+
diff --git a/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch b/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch
index 12db4e0..cf10a2e 100644
--- a/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch
+++ b/debian/patches/features/all/security-perf-allow-further-restriction-of-perf_event_open.patch
@@ -22,7 +22,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
-@@ -1694,6 +1694,11 @@ int perf_cpu_time_max_percent_handler(co
+@@ -1695,6 +1695,11 @@ int perf_cpu_time_max_percent_handler(co
int perf_event_max_stack_handler(const struct ctl_table *table, int write,
void *buffer, size_t *lenp, loff_t *ppos);
@@ -50,7 +50,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
/* Minimum for 512 kiB + 1 user control page */
int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
-@@ -12828,6 +12833,9 @@ SYSCALL_DEFINE5(perf_event_open,
+@@ -12803,6 +12808,9 @@ SYSCALL_DEFINE5(perf_event_open,
if (err)
return err;
diff --git a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
index 527e115..2cacc5d 100644
--- a/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
+++ b/debian/patches/features/x86/x86-make-x32-syscall-support-conditional.patch
@@ -29,7 +29,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -6982,6 +6982,10 @@
+@@ -6984,6 +6984,10 @@
later by a loaded module cannot be set this way.
Example: sysctl.vm.swappiness=40
@@ -42,7 +42,7 @@ Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Ignore sysrq setting - this boot parameter will
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -3187,6 +3187,14 @@ config COMPAT_32
+@@ -3189,6 +3189,14 @@ config COMPAT_32
select HAVE_UID16
select OLD_SIGSUSPEND3
diff --git a/debian/patches/krd/0001-Revert-objtool-dont-fail-the-kernel-build-on-fatal-errors.patch b/debian/patches/krd/0001-Revert-objtool-dont-fail-the-kernel-build-on-fatal-errors.patch
index bb811bc..47f6adc 100644
--- a/debian/patches/krd/0001-Revert-objtool-dont-fail-the-kernel-build-on-fatal-errors.patch
+++ b/debian/patches/krd/0001-Revert-objtool-dont-fail-the-kernel-build-on-fatal-errors.patch
@@ -30,7 +30,7 @@ this reverts following commit:
--- a/tools/objtool/check.c
+++ b/tools/objtool/check.c
-@@ -4745,10 +4745,14 @@ int check(struct objtool_file *file)
+@@ -4750,10 +4750,14 @@ int check(struct objtool_file *file)
}
out:
diff --git a/debian/patches/patchset-pf/amd-pstate/0001-cpufreq-amd-pstate-Remove-the-redundant-des_perf-cla.patch b/debian/patches/patchset-pf/amd-pstate/0001-cpufreq-amd-pstate-Remove-the-redundant-des_perf-cla.patch
index 078fa02..a4776ff 100644
--- a/debian/patches/patchset-pf/amd-pstate/0001-cpufreq-amd-pstate-Remove-the-redundant-des_perf-cla.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0001-cpufreq-amd-pstate-Remove-the-redundant-des_perf-cla.patch
@@ -1,4 +1,4 @@
-From 769d2f0a23fcf67207d5e931610eab2ced40548a Mon Sep 17 00:00:00 2001
+From cb40e98d75a75567cbd10f9fc69c2ec12c87a445 Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Wed, 5 Feb 2025 11:25:15 +0000
Subject: cpufreq/amd-pstate: Remove the redundant des_perf clamping in
diff --git a/debian/patches/patchset-pf/amd-pstate/0002-cpufreq-amd-pstate-Modularize-perf-freq-conversion.patch b/debian/patches/patchset-pf/amd-pstate/0002-cpufreq-amd-pstate-Modularize-perf-freq-conversion.patch
index a0cec7f..8844d42 100644
--- a/debian/patches/patchset-pf/amd-pstate/0002-cpufreq-amd-pstate-Modularize-perf-freq-conversion.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0002-cpufreq-amd-pstate-Modularize-perf-freq-conversion.patch
@@ -1,4 +1,4 @@
-From c2642290e7fbce1a301cd30fa3f78ef37defd52e Mon Sep 17 00:00:00 2001
+From f58e440e56a6c8a2c04894e5d169d1a98a8ce74f Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Wed, 5 Feb 2025 11:25:18 +0000
Subject: cpufreq/amd-pstate: Modularize perf<->freq conversion
diff --git a/debian/patches/patchset-pf/amd-pstate/0003-cpufreq-amd-pstate-Remove-the-unnecessary-cpufreq_up.patch b/debian/patches/patchset-pf/amd-pstate/0003-cpufreq-amd-pstate-Remove-the-unnecessary-cpufreq_up.patch
index fc5d586..33ce9d2 100644
--- a/debian/patches/patchset-pf/amd-pstate/0003-cpufreq-amd-pstate-Remove-the-unnecessary-cpufreq_up.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0003-cpufreq-amd-pstate-Remove-the-unnecessary-cpufreq_up.patch
@@ -1,4 +1,4 @@
-From 9560891ef76a2badb9f2e9cb2778938086ac9a04 Mon Sep 17 00:00:00 2001
+From 0a12d4a3ca1a996c1073d60c6775424972e8b7b9 Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Wed, 5 Feb 2025 11:25:19 +0000
Subject: cpufreq/amd-pstate: Remove the unnecessary cpufreq_update_policy call
diff --git a/debian/patches/patchset-pf/amd-pstate/0004-cpufreq-amd-pstate-Use-scope-based-cleanup-for-cpufr.patch b/debian/patches/patchset-pf/amd-pstate/0004-cpufreq-amd-pstate-Use-scope-based-cleanup-for-cpufr.patch
index e0b699e..e901a66 100644
--- a/debian/patches/patchset-pf/amd-pstate/0004-cpufreq-amd-pstate-Use-scope-based-cleanup-for-cpufr.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0004-cpufreq-amd-pstate-Use-scope-based-cleanup-for-cpufr.patch
@@ -1,4 +1,4 @@
-From 47e014be8e6a12cdfa6502bd9c93df9f83ba2b40 Mon Sep 17 00:00:00 2001
+From ab0520499c83ff44d468f1b2b604c85e2f78d694 Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Wed, 5 Feb 2025 11:25:22 +0000
Subject: cpufreq/amd-pstate: Use scope based cleanup for cpufreq_policy refs
diff --git a/debian/patches/patchset-pf/amd-pstate/0005-cpufreq-amd-pstate-Remove-the-unncecessary-driver_lo.patch b/debian/patches/patchset-pf/amd-pstate/0005-cpufreq-amd-pstate-Remove-the-unncecessary-driver_lo.patch
index f4b51e4..8e578d0 100644
--- a/debian/patches/patchset-pf/amd-pstate/0005-cpufreq-amd-pstate-Remove-the-unncecessary-driver_lo.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0005-cpufreq-amd-pstate-Remove-the-unncecessary-driver_lo.patch
@@ -1,4 +1,4 @@
-From ca860ed821a42d909190ca3f33d9c8b2cae6fe52 Mon Sep 17 00:00:00 2001
+From 658a4b7a41583e3b73477c0fbbee07aa6d6f7e0e Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Wed, 5 Feb 2025 11:25:23 +0000
Subject: cpufreq/amd-pstate: Remove the unncecessary driver_lock in
diff --git a/debian/patches/patchset-pf/amd-pstate/0006-cpufreq-amd-pstate-Fix-the-clamping-of-perf-values.patch b/debian/patches/patchset-pf/amd-pstate/0006-cpufreq-amd-pstate-Fix-the-clamping-of-perf-values.patch
index abb6385..7bbe65f 100644
--- a/debian/patches/patchset-pf/amd-pstate/0006-cpufreq-amd-pstate-Fix-the-clamping-of-perf-values.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0006-cpufreq-amd-pstate-Fix-the-clamping-of-perf-values.patch
@@ -1,4 +1,4 @@
-From cfa4817d112187bb3e2c16dfc0a70da23dff02fb Mon Sep 17 00:00:00 2001
+From 20f8507de83bc844c6ff2329e61ffc37734364e9 Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Sat, 22 Feb 2025 03:32:22 +0000
Subject: cpufreq/amd-pstate: Fix the clamping of perf values
diff --git a/debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Invalidate-cppc_req_cached-during.patch b/debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Invalidate-cppc_req_cached-during.patch
deleted file mode 100644
index 5b08d60..0000000
--- a/debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Invalidate-cppc_req_cached-during.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 7f2dd53f1064ad9118a7346c154eb6b07535ccc1 Mon Sep 17 00:00:00 2001
-From: Mario Limonciello <mario.limonciello@amd.com>
-Date: Wed, 26 Feb 2025 01:49:16 -0600
-Subject: cpufreq/amd-pstate: Invalidate cppc_req_cached during suspend
-
-During resume it's possible the firmware didn't restore the CPPC request
-MSR but the kernel thinks the values line up. This leads to incorrect
-performance after resume from suspend.
-
-To fix the issue invalidate the cached value at suspend. During resume use
-the saved values programmed as cached limits.
-
-Reviewed-by: Gautham R. Shenoy <gautham.shenoy@amd.com>
-Reviewed-by: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
-Reported-by: Miroslav Pavleski <miroslav@pavleski.net>
-Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217931
-Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
----
- drivers/cpufreq/amd-pstate.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
---- a/drivers/cpufreq/amd-pstate.c
-+++ b/drivers/cpufreq/amd-pstate.c
-@@ -1605,7 +1605,7 @@ static int amd_pstate_epp_reenable(struc
- max_perf, policy->boost_enabled);
- }
-
-- return amd_pstate_update_perf(cpudata, 0, 0, max_perf, cpudata->epp_cached, false);
-+ return amd_pstate_epp_update_limit(policy);
- }
-
- static int amd_pstate_epp_cpu_online(struct cpufreq_policy *policy)
-@@ -1654,6 +1654,9 @@ static int amd_pstate_epp_suspend(struct
- if (cppc_state != AMD_PSTATE_ACTIVE)
- return 0;
-
-+ /* invalidate to ensure it's rewritten during resume */
-+ cpudata->cppc_req_cached = 0;
-+
- /* set this flag to avoid setting core offline*/
- cpudata->suspended = true;
-
diff --git a/debian/patches/patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch b/debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch
similarity index 94%
rename from debian/patches/patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch
rename to debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch
index f2ca7f3..52dd90d 100644
--- a/debian/patches/patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch
@@ -1,4 +1,4 @@
-From c37ee0cb65bd828d36ebe05bd3fea883685f8da3 Mon Sep 17 00:00:00 2001
+From 240a074b7f92278755df715be1ea5ea5d3d2f5ac Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:17 -0600
Subject: cpufreq/amd-pstate: Show a warning when a CPU fails to setup
diff --git a/debian/patches/patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch b/debian/patches/patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch
similarity index 99%
rename from debian/patches/patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch
rename to debian/patches/patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch
index cc57da3..9bb0689 100644
--- a/debian/patches/patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch
@@ -1,4 +1,4 @@
-From b4e1ebe4f5e836d9395383acc71f130846f925fb Mon Sep 17 00:00:00 2001
+From 82520910e91d62f19c944ff17ba8f966553e79d6 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:18 -0600
Subject: cpufreq/amd-pstate: Drop min and max cached frequencies
diff --git a/debian/patches/patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch b/debian/patches/patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch
similarity index 99%
rename from debian/patches/patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch
rename to debian/patches/patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch
index 3c8d9f3..6b1e180 100644
--- a/debian/patches/patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch
@@ -1,4 +1,4 @@
-From 719a773ca04ac885a29b292ef5b64dd4c25f39fe Mon Sep 17 00:00:00 2001
+From 21109b42429e0d9f0ee1bfadddae38fb5b0b23c3 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:19 -0600
Subject: cpufreq/amd-pstate: Move perf values into a union
diff --git a/debian/patches/patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Overhaul-locking.patch b/debian/patches/patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Overhaul-locking.patch
similarity index 97%
rename from debian/patches/patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Overhaul-locking.patch
rename to debian/patches/patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Overhaul-locking.patch
index 775c694..bc2446a 100644
--- a/debian/patches/patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Overhaul-locking.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Overhaul-locking.patch
@@ -1,4 +1,4 @@
-From 79ecccde4094c468608328a349c5fd16fbf2f43e Mon Sep 17 00:00:00 2001
+From 0daee82069cfe4a322bed954a4a5f19226e49e95 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:20 -0600
Subject: cpufreq/amd-pstate: Overhaul locking
diff --git a/debian/patches/patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch b/debian/patches/patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch
similarity index 96%
rename from debian/patches/patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch
rename to debian/patches/patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch
index 064f301..3492d81 100644
--- a/debian/patches/patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch
@@ -1,4 +1,4 @@
-From 2b570ed010d10b0c2531642a7e0eba7b942ac6d4 Mon Sep 17 00:00:00 2001
+From 7c820a91ffd02aa7e426e8801893575f218a7a80 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:21 -0600
Subject: cpufreq/amd-pstate: Drop `cppc_cap1_cached`
diff --git a/debian/patches/patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch b/debian/patches/patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch
similarity index 98%
rename from debian/patches/patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch
rename to debian/patches/patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch
index 7beee1e..d002230 100644
--- a/debian/patches/patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch
@@ -1,4 +1,4 @@
-From 47fac320cc620c0df7597d28394279d87f94e9a4 Mon Sep 17 00:00:00 2001
+From 5d0c340db98de378a11abfbaf587b6e601e7291c Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:22 -0600
Subject: cpufreq/amd-pstate-ut: Use _free macro to free put policy
diff --git a/debian/patches/patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch b/debian/patches/patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch
similarity index 96%
rename from debian/patches/patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch
rename to debian/patches/patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch
index 788ab44..023ade7 100644
--- a/debian/patches/patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch
@@ -1,4 +1,4 @@
-From 70f7a9af7ff80b58393e62168523c0a27f12da22 Mon Sep 17 00:00:00 2001
+From 8937b7068ca30072c4c4cf4c22000112afbd6839 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:23 -0600
Subject: cpufreq/amd-pstate-ut: Allow lowest nonlinear and lowest to be the
diff --git a/debian/patches/patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch b/debian/patches/patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch
similarity index 99%
rename from debian/patches/patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch
rename to debian/patches/patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch
index a8ef51e..465ff36 100644
--- a/debian/patches/patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch
@@ -1,4 +1,4 @@
-From fc2391caced7c17d7228faf7fdff83fe01240888 Mon Sep 17 00:00:00 2001
+From 8cb701e059fa08dcb9ab74e3c84abc224ff72714 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:24 -0600
Subject: cpufreq/amd-pstate-ut: Drop SUCCESS and FAIL enums
diff --git a/debian/patches/patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch b/debian/patches/patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch
similarity index 96%
rename from debian/patches/patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch
rename to debian/patches/patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch
index 62004a5..39b033f 100644
--- a/debian/patches/patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch
@@ -1,4 +1,4 @@
-From c4b9333baaa421f7930f2c9f776dac1ba71999d0 Mon Sep 17 00:00:00 2001
+From c553e0165997349a3f831fa04bdd7f61913a3442 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:25 -0600
Subject: cpufreq/amd-pstate-ut: Run on all of the correct CPUs
diff --git a/debian/patches/patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch b/debian/patches/patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch
similarity index 95%
rename from debian/patches/patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch
rename to debian/patches/patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch
index ea2b901..214c5a1 100644
--- a/debian/patches/patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch
@@ -1,4 +1,4 @@
-From 84e96fb98ef86f82afc0ab00c17bf263163ea5df Mon Sep 17 00:00:00 2001
+From c4197fd693cb98a8a71557187a7cf592d6b68b3c Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:26 -0600
Subject: cpufreq/amd-pstate-ut: Adjust variable scope
diff --git a/debian/patches/patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch b/debian/patches/patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch
similarity index 98%
rename from debian/patches/patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch
rename to debian/patches/patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch
index 1dd933f..cea136f 100644
--- a/debian/patches/patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch
@@ -1,4 +1,4 @@
-From 0b5b3c1580120d99ab30a883086961138037a310 Mon Sep 17 00:00:00 2001
+From 19c375251767f49b62894d3b4782f0b8b01313b8 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:27 -0600
Subject: cpufreq/amd-pstate: Replace all AMD_CPPC_* macros with masks
diff --git a/debian/patches/patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch b/debian/patches/patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch
similarity index 96%
rename from debian/patches/patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch
rename to debian/patches/patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch
index 96af223..51e5c92 100644
--- a/debian/patches/patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch
@@ -1,4 +1,4 @@
-From 47cc0c90ca4166b134bf13b959ba85a74dd62e6f Mon Sep 17 00:00:00 2001
+From bb7fadf4a86e19b52cbe850c9274bfa643d3ce52 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:28 -0600
Subject: cpufreq/amd-pstate: Cache CPPC request in shared mem case too
diff --git a/debian/patches/patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch b/debian/patches/patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch
similarity index 99%
rename from debian/patches/patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch
rename to debian/patches/patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch
index ef3043c..044fcea 100644
--- a/debian/patches/patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch
@@ -1,4 +1,4 @@
-From f1030cf846b41bb466ca139da33d5cc743a8dca6 Mon Sep 17 00:00:00 2001
+From e02f8a14d44223160d348d5841cc3dd916a14401 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:29 -0600
Subject: cpufreq/amd-pstate: Move all EPP tracing into *_update_perf and
diff --git a/debian/patches/patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch b/debian/patches/patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch
similarity index 94%
rename from debian/patches/patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch
rename to debian/patches/patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch
index e254f4b..4b70863 100644
--- a/debian/patches/patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch
@@ -1,4 +1,4 @@
-From 0355adaaef43590373457b0a33195fa458cfecbc Mon Sep 17 00:00:00 2001
+From 5f0b3bf5497422293576a0783e47d203c52ed863 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:30 -0600
Subject: cpufreq/amd-pstate: Update cppc_req_cached for shared mem EPP writes
diff --git a/debian/patches/patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch b/debian/patches/patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch
similarity index 95%
rename from debian/patches/patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch
rename to debian/patches/patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch
index 1fdcbf5..fd40203 100644
--- a/debian/patches/patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch
@@ -1,4 +1,4 @@
-From 65fa376d4387463f1b06248ef590898c1ad35b46 Mon Sep 17 00:00:00 2001
+From 6c2201fe880d7d35fbde67d74ec1989f053cc0bd Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:31 -0600
Subject: cpufreq/amd-pstate: Drop debug statements for policy setting
diff --git a/debian/patches/patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Rework-CPPC-enabling.patch b/debian/patches/patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Rework-CPPC-enabling.patch
similarity index 99%
rename from debian/patches/patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Rework-CPPC-enabling.patch
rename to debian/patches/patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Rework-CPPC-enabling.patch
index 01a85ab..a816053 100644
--- a/debian/patches/patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Rework-CPPC-enabling.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Rework-CPPC-enabling.patch
@@ -1,4 +1,4 @@
-From 394034d8e0bde7bd8bd482d4924f8883ff6f4cbe Mon Sep 17 00:00:00 2001
+From 3c5030a27361deff20bec5d43339109901f3198c Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:32 -0600
Subject: cpufreq/amd-pstate: Rework CPPC enabling
diff --git a/debian/patches/patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Stop-caching-EPP.patch b/debian/patches/patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Stop-caching-EPP.patch
similarity index 98%
rename from debian/patches/patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Stop-caching-EPP.patch
rename to debian/patches/patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Stop-caching-EPP.patch
index 627dd48..4435df7 100644
--- a/debian/patches/patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Stop-caching-EPP.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Stop-caching-EPP.patch
@@ -1,4 +1,4 @@
-From 50fccd9d8304b992bbea9088abe4ee33786d9805 Mon Sep 17 00:00:00 2001
+From c06cca99a6d74e7a6d6f020dbf982b0b9bf704e6 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:33 -0600
Subject: cpufreq/amd-pstate: Stop caching EPP
diff --git a/debian/patches/patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch b/debian/patches/patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch
similarity index 95%
rename from debian/patches/patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch
rename to debian/patches/patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch
index 03682a1..463b529 100644
--- a/debian/patches/patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch
@@ -1,4 +1,4 @@
-From c940323e2d0e3f449f6a1c343c9d94f2e57c3eda Mon Sep 17 00:00:00 2001
+From a82e4f4eb6e5e9806c66285cb3cefde644b8ea6b Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello@amd.com>
Date: Wed, 26 Feb 2025 01:49:34 -0600
Subject: cpufreq/amd-pstate: Drop actions in amd_pstate_epp_cpu_offline()
diff --git a/debian/patches/patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch b/debian/patches/patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch
similarity index 95%
rename from debian/patches/patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch
rename to debian/patches/patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch
index 13a0d70..325bb6a 100644
--- a/debian/patches/patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch
@@ -1,4 +1,4 @@
-From 401a66269205902153f18f78963e53cb14f99b83 Mon Sep 17 00:00:00 2001
+From de3dd387423b30565e846e0ff4424e2c99164030 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <superm1@kernel.org>
Date: Thu, 27 Feb 2025 14:09:08 -0600
Subject: cpufreq/amd-pstate: fix warning noticed by kernel test robot
diff --git a/debian/patches/patchset-pf/amd-pstate/0027-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch b/debian/patches/patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch
similarity index 96%
rename from debian/patches/patchset-pf/amd-pstate/0027-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch
rename to debian/patches/patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch
index a04f969..99217a4 100644
--- a/debian/patches/patchset-pf/amd-pstate/0027-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch
+++ b/debian/patches/patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch
@@ -1,4 +1,4 @@
-From 6b89403370ff0c33e2491dd700b601c438c7f9b2 Mon Sep 17 00:00:00 2001
+From 7e68278a4a90d52966b923404a2d280e3a83b66f Mon Sep 17 00:00:00 2001
From: Dhananjay Ugwekar <dhananjay.ugwekar@amd.com>
Date: Mon, 7 Apr 2025 08:19:26 +0000
Subject: cpufreq/amd-pstate: Fix min_limit perf and freq updation for
diff --git a/debian/patches/patchset-pf/btrfs/0001-btrfs-fix-non-empty-delayed-iputs-list-on-unmount-du.patch b/debian/patches/patchset-pf/btrfs/0001-btrfs-fix-non-empty-delayed-iputs-list-on-unmount-du.patch
deleted file mode 100644
index 2d9b367..0000000
--- a/debian/patches/patchset-pf/btrfs/0001-btrfs-fix-non-empty-delayed-iputs-list-on-unmount-du.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 361b73ca6606d8bace6fe78b63d508d747c6689a Mon Sep 17 00:00:00 2001
-From: Filipe Manana <fdmanana@suse.com>
-Date: Wed, 5 Mar 2025 16:52:26 +0000
-Subject: btrfs: fix non-empty delayed iputs list on unmount due to compressed
- write workers
-
-At close_ctree() after we have ran delayed iputs either through explicitly
-calling btrfs_run_delayed_iputs() or later during the call to
-btrfs_commit_super() or btrfs_error_commit_super(), we assert that the
-delayed iputs list is empty.
-
-When we have compressed writes this assertion may fail because delayed
-iputs may have been added to the list after we last ran delayed iputs.
-This happens like this:
-
-1) We have a compressed write bio executing;
-
-2) We enter close_ctree() and flush the fs_info->endio_write_workers
- queue which is the queue used for running ordered extent completion;
-
-3) The compressed write bio finishes and enters
- btrfs_finish_compressed_write_work(), where it calls
- btrfs_finish_ordered_extent() which in turn calls
- btrfs_queue_ordered_fn(), which queues a work item in the
- fs_info->endio_write_workers queue that we have flushed before;
-
-4) At close_ctree() we proceed, run all existing delayed iputs and
- call btrfs_commit_super() (which also runs delayed iputs), but before
- we run the following assertion below:
-
- ASSERT(list_empty(&fs_info->delayed_iputs))
-
- A delayed iput is added by the step below...
-
-5) The ordered extent completion job queued in step 3 runs and results in
- creating a delayed iput when dropping the last reference of the ordered
- extent (a call to btrfs_put_ordered_extent() made from
- btrfs_finish_one_ordered());
-
-6) At this point the delayed iputs list is not empty, so the assertion at
- close_ctree() fails.
-
-Fix this by flushing the fs_info->compressed_write_workers queue at
-close_ctree() before flushing the fs_info->endio_write_workers queue,
-respecting the queue dependency as the later is responsible for the
-execution of ordered extent completion.
-
-CC: stable@vger.kernel.org # 5.15+
-Reviewed-by: Qu Wenruo <wqu@suse.com>
-Signed-off-by: Filipe Manana <fdmanana@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
----
- fs/btrfs/disk-io.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
---- a/fs/btrfs/disk-io.c
-+++ b/fs/btrfs/disk-io.c
-@@ -4349,6 +4349,18 @@ void __cold close_ctree(struct btrfs_fs_
- btrfs_flush_workqueue(fs_info->delalloc_workers);
-
- /*
-+ * When finishing a compressed write bio we schedule a work queue item
-+ * to finish an ordered extent - btrfs_finish_compressed_write_work()
-+ * calls btrfs_finish_ordered_extent() which in turns does a call to
-+ * btrfs_queue_ordered_fn(), and that queues the ordered extent
-+ * completion either in the endio_write_workers work queue or in the
-+ * fs_info->endio_freespace_worker work queue. We flush those queues
-+ * below, so before we flush them we must flush this queue for the
-+ * workers of compressed writes.
-+ */
-+ flush_workqueue(fs_info->compressed_write_workers);
-+
-+ /*
- * After we parked the cleaner kthread, ordered extents may have
- * completed and created new delayed iputs. If one of the async reclaim
- * tasks is running and in the RUN_DELAYED_IPUTS flush state, then we
diff --git a/debian/patches/patchset-pf/btrfs/0002-btrfs-tests-fix-chunk-map-leak-after-failure-to-add-.patch b/debian/patches/patchset-pf/btrfs/0002-btrfs-tests-fix-chunk-map-leak-after-failure-to-add-.patch
deleted file mode 100644
index d14a716..0000000
--- a/debian/patches/patchset-pf/btrfs/0002-btrfs-tests-fix-chunk-map-leak-after-failure-to-add-.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 9ac804f2001675a05f01a2f74af0c85861801e59 Mon Sep 17 00:00:00 2001
-From: Filipe Manana <fdmanana@suse.com>
-Date: Tue, 11 Mar 2025 15:50:50 +0000
-Subject: btrfs: tests: fix chunk map leak after failure to add it to the tree
-
-If we fail to add the chunk map to the fs mapping tree we exit
-test_rmap_block() without freeing the chunk map. Fix this by adding a
-call to btrfs_free_chunk_map() before exiting the test function if the
-call to btrfs_add_chunk_map() failed.
-
-Fixes: 7dc66abb5a47 ("btrfs: use a dedicated data structure for chunk maps")
-CC: stable@vger.kernel.org # 6.12+
-Reviewed-by: Boris Burkov <boris@bur.io>
-Signed-off-by: Filipe Manana <fdmanana@suse.com>
-Reviewed-by: David Sterba <dsterba@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
----
- fs/btrfs/tests/extent-map-tests.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/fs/btrfs/tests/extent-map-tests.c
-+++ b/fs/btrfs/tests/extent-map-tests.c
-@@ -1045,6 +1045,7 @@ static int test_rmap_block(struct btrfs_
- ret = btrfs_add_chunk_map(fs_info, map);
- if (ret) {
- test_err("error adding chunk map to mapping tree");
-+ btrfs_free_chunk_map(map);
- goto out_free;
- }
-
diff --git a/debian/patches/patchset-pf/btrfs/0003-btrfs-zoned-fix-zone-activation-with-missing-devices.patch b/debian/patches/patchset-pf/btrfs/0003-btrfs-zoned-fix-zone-activation-with-missing-devices.patch
deleted file mode 100644
index a41a7ac..0000000
--- a/debian/patches/patchset-pf/btrfs/0003-btrfs-zoned-fix-zone-activation-with-missing-devices.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 2d168cd506ec0b7a7619433aa0299b0be05ce655 Mon Sep 17 00:00:00 2001
-From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
-Date: Mon, 17 Mar 2025 12:24:58 +0100
-Subject: btrfs: zoned: fix zone activation with missing devices
-
-If btrfs_zone_activate() is called with a filesystem that has missing
-devices (e.g. a RAID file system mounted in degraded mode) it is accessing
-the btrfs_device::zone_info pointer, which will not be set if the device in
-question is missing.
-
-Check if the device is present (by checking if it has a valid block
-device pointer associated) and if not, skip zone activation for it.
-
-Fixes: f9a912a3c45f ("btrfs: zoned: make zone activation multi stripe capable")
-CC: stable@vger.kernel.org # 6.1+
-Reviewed-by: Naohiro Aota <naohiro.aota@wdc.com>
-Reviewed-by: Anand Jain <anand.jain@oracle.com>
-Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
-Reviewed-by: David Sterba <dsterba@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
----
- fs/btrfs/zoned.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/fs/btrfs/zoned.c
-+++ b/fs/btrfs/zoned.c
-@@ -2111,6 +2111,9 @@ bool btrfs_zone_activate(struct btrfs_bl
- physical = map->stripes[i].physical;
- zinfo = device->zone_info;
-
-+ if (!device->bdev)
-+ continue;
-+
- if (zinfo->max_active_zones == 0)
- continue;
-
diff --git a/debian/patches/patchset-pf/btrfs/0004-btrfs-zoned-fix-zone-finishing-with-missing-devices.patch b/debian/patches/patchset-pf/btrfs/0004-btrfs-zoned-fix-zone-finishing-with-missing-devices.patch
deleted file mode 100644
index 16a73ed..0000000
--- a/debian/patches/patchset-pf/btrfs/0004-btrfs-zoned-fix-zone-finishing-with-missing-devices.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 5d05bf549f00ac4b04476b749847a7fcb019a73f Mon Sep 17 00:00:00 2001
-From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
-Date: Mon, 17 Mar 2025 12:24:59 +0100
-Subject: btrfs: zoned: fix zone finishing with missing devices
-
-If do_zone_finish() is called with a filesystem that has missing devices
-(e.g. a RAID file system mounted in degraded mode) it is accessing the
-btrfs_device::zone_info pointer, which will not be set if the device
-in question is missing.
-
-Check if the device is present (by checking if it has a valid block device
-pointer associated) and if not, skip zone finishing for it.
-
-Fixes: 4dcbb8ab31c1 ("btrfs: zoned: make zone finishing multi stripe capable")
-CC: stable@vger.kernel.org # 6.1+
-Reviewed-by: Naohiro Aota <naohiro.aota@wdc.com>
-Reviewed-by: Anand Jain <anand.jain@oracle.com>
-Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
-Reviewed-by: David Sterba <dsterba@suse.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
----
- fs/btrfs/zoned.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/fs/btrfs/zoned.c
-+++ b/fs/btrfs/zoned.c
-@@ -2275,6 +2275,9 @@ static int do_zone_finish(struct btrfs_b
- struct btrfs_zoned_device_info *zinfo = device->zone_info;
- unsigned int nofs_flags;
-
-+ if (!device->bdev)
-+ continue;
-+
- if (zinfo->max_active_zones == 0)
- continue;
-
diff --git a/debian/patches/patchset-pf/fixes/0002-Kunit-to-check-the-longest-symbol-length.patch b/debian/patches/patchset-pf/fixes/0001-Kunit-to-check-the-longest-symbol-length.patch
similarity index 97%
rename from debian/patches/patchset-pf/fixes/0002-Kunit-to-check-the-longest-symbol-length.patch
rename to debian/patches/patchset-pf/fixes/0001-Kunit-to-check-the-longest-symbol-length.patch
index e6af5b4..ad6b37e 100644
--- a/debian/patches/patchset-pf/fixes/0002-Kunit-to-check-the-longest-symbol-length.patch
+++ b/debian/patches/patchset-pf/fixes/0001-Kunit-to-check-the-longest-symbol-length.patch
@@ -1,4 +1,4 @@
-From 065753c4084d8ea0b55b8a5abbba3291eeaf5979 Mon Sep 17 00:00:00 2001
+From a1eb9a3160dc9e3cee6abdeab8e41c2265a2d7a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sergio=20Gonz=C3=A1lez=20Collado?=
<sergio.collado@gmail.com>
Date: Sun, 2 Mar 2025 23:15:18 +0100
@@ -80,7 +80,7 @@ Cherry-picked-for: https://gitlab.archlinux.org/archlinux/packaging/packages/lin
depends on HAVE_HW_BREAKPOINT
--- a/lib/Makefile
+++ b/lib/Makefile
-@@ -393,6 +393,8 @@ obj-$(CONFIG_FORTIFY_KUNIT_TEST) += fort
+@@ -398,6 +398,8 @@ obj-$(CONFIG_FORTIFY_KUNIT_TEST) += fort
obj-$(CONFIG_CRC_KUNIT_TEST) += crc_kunit.o
obj-$(CONFIG_SIPHASH_KUNIT_TEST) += siphash_kunit.o
obj-$(CONFIG_USERCOPY_KUNIT_TEST) += usercopy_kunit.o
diff --git a/debian/patches/patchset-pf/fixes/0001-tpm-do-not-start-chip-while-suspended.patch b/debian/patches/patchset-pf/fixes/0001-tpm-do-not-start-chip-while-suspended.patch
deleted file mode 100644
index 3851136..0000000
--- a/debian/patches/patchset-pf/fixes/0001-tpm-do-not-start-chip-while-suspended.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From 04eeb2f53dc530f0f724687b9ed2efdb86c59aed Mon Sep 17 00:00:00 2001
-From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
-Date: Fri, 7 Feb 2025 15:07:46 -0300
-Subject: tpm: do not start chip while suspended
-
-Checking TPM_CHIP_FLAG_SUSPENDED after the call to tpm_find_get_ops() can
-lead to a spurious tpm_chip_start() call:
-
-[35985.503771] i2c i2c-1: Transfer while suspended
-[35985.503796] WARNING: CPU: 0 PID: 74 at drivers/i2c/i2c-core.h:56 __i2c_transfer+0xbe/0x810
-[35985.503802] Modules linked in:
-[35985.503808] CPU: 0 UID: 0 PID: 74 Comm: hwrng Tainted: G W 6.13.0-next-20250203-00005-gfa0cb5642941 #19 9c3d7f78192f2d38e32010ac9c90fdc71109ef6f
-[35985.503814] Tainted: [W]=WARN
-[35985.503817] Hardware name: Google Morphius/Morphius, BIOS Google_Morphius.13434.858.0 10/26/2023
-[35985.503819] RIP: 0010:__i2c_transfer+0xbe/0x810
-[35985.503825] Code: 30 01 00 00 4c 89 f7 e8 40 fe d8 ff 48 8b 93 80 01 00 00 48 85 d2 75 03 49 8b 16 48 c7 c7 0a fb 7c a7 48 89 c6 e8 32 ad b0 fe <0f> 0b b8 94 ff ff ff e9 33 04 00 00 be 02 00 00 00 83 fd 02 0f 5
-[35985.503828] RSP: 0018:ffffa106c0333d30 EFLAGS: 00010246
-[35985.503833] RAX: 074ba64aa20f7000 RBX: ffff8aa4c1167120 RCX: 0000000000000000
-[35985.503836] RDX: 0000000000000000 RSI: ffffffffa77ab0e4 RDI: 0000000000000001
-[35985.503838] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
-[35985.503841] R10: 0000000000000004 R11: 00000001000313d5 R12: ffff8aa4c10f1820
-[35985.503843] R13: ffff8aa4c0e243c0 R14: ffff8aa4c1167250 R15: ffff8aa4c1167120
-[35985.503846] FS: 0000000000000000(0000) GS:ffff8aa4eae00000(0000) knlGS:0000000000000000
-[35985.503849] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-[35985.503852] CR2: 00007fab0aaf1000 CR3: 0000000105328000 CR4: 00000000003506f0
-[35985.503855] Call Trace:
-[35985.503859] <TASK>
-[35985.503863] ? __warn+0xd4/0x260
-[35985.503868] ? __i2c_transfer+0xbe/0x810
-[35985.503874] ? report_bug+0xf3/0x210
-[35985.503882] ? handle_bug+0x63/0xb0
-[35985.503887] ? exc_invalid_op+0x16/0x50
-[35985.503892] ? asm_exc_invalid_op+0x16/0x20
-[35985.503904] ? __i2c_transfer+0xbe/0x810
-[35985.503913] tpm_cr50_i2c_transfer_message+0x24/0xf0
-[35985.503920] tpm_cr50_i2c_read+0x8e/0x120
-[35985.503928] tpm_cr50_request_locality+0x75/0x170
-[35985.503935] tpm_chip_start+0x116/0x160
-[35985.503942] tpm_try_get_ops+0x57/0x90
-[35985.503948] tpm_find_get_ops+0x26/0xd0
-[35985.503955] tpm_get_random+0x2d/0x80
-
-Don't move forward with tpm_chip_start() inside tpm_try_get_ops(), unless
-TPM_CHIP_FLAG_SUSPENDED is not set. tpm_find_get_ops() will return NULL in
-such a failure case.
-
-Fixes: 9265fed6db60 ("tpm: Lock TPM chip in tpm_pm_suspend() first")
-Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
-Cc: stable@vger.kernel.org
-Cc: Jerry Snitselaar <jsnitsel@redhat.com>
-Cc: Mike Seo <mikeseohyungjin@gmail.com>
-Cc: Jarkko Sakkinen <jarkko@kernel.org>
-Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
-Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
----
- drivers/char/tpm/tpm-chip.c | 5 +++++
- drivers/char/tpm/tpm-interface.c | 7 -------
- 2 files changed, 5 insertions(+), 7 deletions(-)
-
---- a/drivers/char/tpm/tpm-chip.c
-+++ b/drivers/char/tpm/tpm-chip.c
-@@ -168,6 +168,11 @@ int tpm_try_get_ops(struct tpm_chip *chi
- goto out_ops;
-
- mutex_lock(&chip->tpm_mutex);
-+
-+ /* tmp_chip_start may issue IO that is denied while suspended */
-+ if (chip->flags & TPM_CHIP_FLAG_SUSPENDED)
-+ goto out_lock;
-+
- rc = tpm_chip_start(chip);
- if (rc)
- goto out_lock;
---- a/drivers/char/tpm/tpm-interface.c
-+++ b/drivers/char/tpm/tpm-interface.c
-@@ -445,18 +445,11 @@ int tpm_get_random(struct tpm_chip *chip
- if (!chip)
- return -ENODEV;
-
-- /* Give back zero bytes, as TPM chip has not yet fully resumed: */
-- if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) {
-- rc = 0;
-- goto out;
-- }
--
- if (chip->flags & TPM_CHIP_FLAG_TPM2)
- rc = tpm2_get_random(chip, out, max);
- else
- rc = tpm1_get_random(chip, out, max);
-
--out:
- tpm_put_ops(chip);
- return rc;
- }
diff --git a/debian/patches/patchset-pf/fixes/0003-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch b/debian/patches/patchset-pf/fixes/0002-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch
similarity index 95%
rename from debian/patches/patchset-pf/fixes/0003-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch
rename to debian/patches/patchset-pf/fixes/0002-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch
index 5385652..3f4db94 100644
--- a/debian/patches/patchset-pf/fixes/0003-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch
+++ b/debian/patches/patchset-pf/fixes/0002-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch
@@ -1,4 +1,4 @@
-From 7f3eaa6a64048a0259d2daae8a91e64fbd749641 Mon Sep 17 00:00:00 2001
+From 1ff7499aaa4cec11be79e97c118978fd781073a6 Mon Sep 17 00:00:00 2001
From: Nathan Chancellor <nathan@kernel.org>
Date: Tue, 18 Mar 2025 15:32:30 -0700
Subject: x86/tools: Drop duplicate unlikely() definition in
diff --git a/debian/patches/patchset-pf/fixes/0007-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch b/debian/patches/patchset-pf/fixes/0003-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch
similarity index 93%
rename from debian/patches/patchset-pf/fixes/0007-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch
rename to debian/patches/patchset-pf/fixes/0003-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch
index 0b157b7..13854f7 100644
--- a/debian/patches/patchset-pf/fixes/0007-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch
+++ b/debian/patches/patchset-pf/fixes/0003-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch
@@ -1,4 +1,4 @@
-From 3cfeab379362feb285fdb631ebc65539c1559034 Mon Sep 17 00:00:00 2001
+From 72096487bfe8ebc52731c264536418c51854d999 Mon Sep 17 00:00:00 2001
From: Alex Deucher <alexander.deucher@amd.com>
Date: Thu, 27 Mar 2025 17:33:49 -0400
Subject: drm/amdgpu/mes11: optimize MES pipe FW version fetching
diff --git a/debian/patches/patchset-pf/fixes/0008-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch b/debian/patches/patchset-pf/fixes/0004-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch
similarity index 98%
rename from debian/patches/patchset-pf/fixes/0008-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch
rename to debian/patches/patchset-pf/fixes/0004-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch
index 34c1147..ad43b54 100644
--- a/debian/patches/patchset-pf/fixes/0008-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch
+++ b/debian/patches/patchset-pf/fixes/0004-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch
@@ -1,4 +1,4 @@
-From 1ad7c482a722a7c918609390e479c9dd4f717539 Mon Sep 17 00:00:00 2001
+From a1dfb99dca82ff97b00ce76f8f987ade471875d1 Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <jarkko@kernel.org>
Date: Mon, 7 Apr 2025 15:28:05 +0300
Subject: tpm: Mask TPM RC in tpm2_start_auth_session()
diff --git a/debian/patches/patchset-pf/fixes/0004-tpm-tpm_tis-Fix-timeout-handling-when-waiting-for-TP.patch b/debian/patches/patchset-pf/fixes/0004-tpm-tpm_tis-Fix-timeout-handling-when-waiting-for-TP.patch
deleted file mode 100644
index e734eea..0000000
--- a/debian/patches/patchset-pf/fixes/0004-tpm-tpm_tis-Fix-timeout-handling-when-waiting-for-TP.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From cda754004cc36746f5197ed203d013dccf2f5146 Mon Sep 17 00:00:00 2001
-From: Jonathan McDowell <noodles@meta.com>
-Date: Wed, 12 Mar 2025 07:31:57 +0200
-Subject: tpm, tpm_tis: Fix timeout handling when waiting for TPM status
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The change to only use interrupts to handle supported status changes
-introduced an issue when it is necessary to poll for the status. Rather
-than checking for the status after sleeping the code now sleeps after
-the check. This means a correct, but slower, status change on the part
-of the TPM can be missed, resulting in a spurious timeout error,
-especially on a more loaded system. Switch back to sleeping *then*
-checking. An up front check of the status has been done at the start of
-the function, so this does not cause an additional delay when the status
-is already what we're looking for.
-
-Cc: stable@vger.kernel.org # v6.4+
-Fixes: e87fcf0dc2b4 ("tpm, tpm_tis: Only handle supported interrupts")
-Signed-off-by: Jonathan McDowell <noodles@meta.com>
-Reviewed-by: Michal Suchánek <msuchanek@suse.de>
-Reviewed-by: Lino Sanfilippo <l.sanfilippo@kunbus.com>
-Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
-Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
----
- drivers/char/tpm/tpm_tis_core.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
---- a/drivers/char/tpm/tpm_tis_core.c
-+++ b/drivers/char/tpm/tpm_tis_core.c
-@@ -114,11 +114,10 @@ again:
- return 0;
- /* process status changes without irq support */
- do {
-+ usleep_range(priv->timeout_min, priv->timeout_max);
- status = chip->ops->status(chip);
- if ((status & mask) == mask)
- return 0;
-- usleep_range(priv->timeout_min,
-- priv->timeout_max);
- } while (time_before(jiffies, stop));
- return -ETIME;
- }
diff --git a/debian/patches/patchset-pf/fixes/0005-block-make-sure-nr_integrity_segments-is-cloned-in-b.patch b/debian/patches/patchset-pf/fixes/0005-block-make-sure-nr_integrity_segments-is-cloned-in-b.patch
deleted file mode 100644
index 93915fd..0000000
--- a/debian/patches/patchset-pf/fixes/0005-block-make-sure-nr_integrity_segments-is-cloned-in-b.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 32df198f302abc95f532b55c7612c156d3febcd9 Mon Sep 17 00:00:00 2001
-From: Ming Lei <ming.lei@redhat.com>
-Date: Mon, 10 Mar 2025 19:54:53 +0800
-Subject: block: make sure ->nr_integrity_segments is cloned in
- blk_rq_prep_clone
-
-Make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone(),
-otherwise requests cloned by device-mapper multipath will not have the
-proper nr_integrity_segments values set, then BUG() is hit from
-sg_alloc_table_chained().
-
-Fixes: b0fd271d5fba ("block: add request clone interface (v2)")
-Cc: stable@vger.kernel.org
-Cc: Christoph Hellwig <hch@infradead.org>
-Signed-off-by: Ming Lei <ming.lei@redhat.com>
-Reviewed-by: Christoph Hellwig <hch@lst.de>
-Link: https://lore.kernel.org/r/20250310115453.2271109-1-ming.lei@redhat.com
-Signed-off-by: Jens Axboe <axboe@kernel.dk>
----
- block/blk-mq.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/block/blk-mq.c
-+++ b/block/blk-mq.c
-@@ -3314,6 +3314,7 @@ int blk_rq_prep_clone(struct request *rq
- rq->special_vec = rq_src->special_vec;
- }
- rq->nr_phys_segments = rq_src->nr_phys_segments;
-+ rq->nr_integrity_segments = rq_src->nr_integrity_segments;
-
- if (rq->bio && blk_crypto_rq_bio_prep(rq, rq->bio, gfp_mask) < 0)
- goto free_and_out;
diff --git a/debian/patches/patchset-pf/fixes/0009-ice-mark-ice_write_prof_mask_reg-as-noinline.patch b/debian/patches/patchset-pf/fixes/0005-ice-mark-ice_write_prof_mask_reg-as-noinline.patch
similarity index 95%
rename from debian/patches/patchset-pf/fixes/0009-ice-mark-ice_write_prof_mask_reg-as-noinline.patch
rename to debian/patches/patchset-pf/fixes/0005-ice-mark-ice_write_prof_mask_reg-as-noinline.patch
index 4b8c008..c7bf539 100644
--- a/debian/patches/patchset-pf/fixes/0009-ice-mark-ice_write_prof_mask_reg-as-noinline.patch
+++ b/debian/patches/patchset-pf/fixes/0005-ice-mark-ice_write_prof_mask_reg-as-noinline.patch
@@ -1,4 +1,4 @@
-From d3d3441d32966234778ab2e4a127ccccbc6ab092 Mon Sep 17 00:00:00 2001
+From 7b594a3c7b41db58884da466607417ca27c08a1d Mon Sep 17 00:00:00 2001
From: Oleksandr Natalenko <oleksandr@natalenko.name>
Date: Tue, 8 Apr 2025 12:02:36 +0200
Subject: ice: mark ice_write_prof_mask_reg() as noinline
diff --git a/debian/patches/patchset-pf/fixes/0006-PCI-Fix-wrong-length-of-devres-array.patch b/debian/patches/patchset-pf/fixes/0006-PCI-Fix-wrong-length-of-devres-array.patch
deleted file mode 100644
index 11add87..0000000
--- a/debian/patches/patchset-pf/fixes/0006-PCI-Fix-wrong-length-of-devres-array.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0c116e263170e1e5b7325af51659074c977b8a91 Mon Sep 17 00:00:00 2001
-From: Philipp Stanner <phasta@kernel.org>
-Date: Wed, 12 Mar 2025 09:06:34 +0100
-Subject: PCI: Fix wrong length of devres array
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The array for the iomapping cookie addresses has a length of
-PCI_STD_NUM_BARS. This constant, however, only describes standard BARs;
-while PCI can allow for additional, special BARs.
-
-The total number of PCI resources is described by constant
-PCI_NUM_RESOURCES, which is also used in, e.g., pci_select_bars().
-
-Thus, the devres array has so far been too small.
-
-Change the length of the devres array to PCI_NUM_RESOURCES.
-
-Link: https://lore.kernel.org/r/20250312080634.13731-3-phasta@kernel.org
-Fixes: bbaff68bf4a4 ("PCI: Add managed partial-BAR request and map infrastructure")
-Signed-off-by: Philipp Stanner <phasta@kernel.org>
-Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
-Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
-Cc: stable@vger.kernel.org # v6.11+
----
- drivers/pci/devres.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/pci/devres.c
-+++ b/drivers/pci/devres.c
-@@ -40,7 +40,7 @@
- * Legacy struct storing addresses to whole mapped BARs.
- */
- struct pcim_iomap_devres {
-- void __iomem *table[PCI_STD_NUM_BARS];
-+ void __iomem *table[PCI_NUM_RESOURCES];
- };
-
- /* Used to restore the old INTx state on driver detach. */
diff --git a/debian/patches/patchset-pf/fixes/0010-fixes-6.14-update-tpm2_start_auth_session-fix.patch b/debian/patches/patchset-pf/fixes/0006-fixes-6.14-update-tpm2_start_auth_session-fix.patch
similarity index 93%
rename from debian/patches/patchset-pf/fixes/0010-fixes-6.14-update-tpm2_start_auth_session-fix.patch
rename to debian/patches/patchset-pf/fixes/0006-fixes-6.14-update-tpm2_start_auth_session-fix.patch
index 3a0a26d..6f06257 100644
--- a/debian/patches/patchset-pf/fixes/0010-fixes-6.14-update-tpm2_start_auth_session-fix.patch
+++ b/debian/patches/patchset-pf/fixes/0006-fixes-6.14-update-tpm2_start_auth_session-fix.patch
@@ -1,4 +1,4 @@
-From d8c360e932feed8798adf37ffad5d93e47ab032f Mon Sep 17 00:00:00 2001
+From 42a4f494db975d62916c73f5d637aef9be343d70 Mon Sep 17 00:00:00 2001
From: Oleksandr Natalenko <oleksandr@natalenko.name>
Date: Tue, 8 Apr 2025 19:51:44 +0200
Subject: fixes-6.14: update tpm2_start_auth_session() fix
@@ -49,7 +49,7 @@ Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
enum tpm2_command_codes {
TPM2_CC_FIRST = 0x011F,
TPM2_CC_HIERARCHY_CONTROL = 0x0121,
-@@ -457,6 +437,24 @@ static inline u32 tpm2_rc_value(u32 rc)
+@@ -458,6 +438,24 @@ static inline u32 tpm2_rc_value(u32 rc)
return (rc & BIT(7)) ? rc & 0xbf : rc;
}
diff --git a/debian/patches/patchset-pf/fixes/0011-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch b/debian/patches/patchset-pf/fixes/0007-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch
similarity index 96%
rename from debian/patches/patchset-pf/fixes/0011-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch
rename to debian/patches/patchset-pf/fixes/0007-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch
index 45db872..f9d7c1f 100644
--- a/debian/patches/patchset-pf/fixes/0011-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch
+++ b/debian/patches/patchset-pf/fixes/0007-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch
@@ -1,4 +1,4 @@
-From feadcb68955511723dbc2cad800e0524625d62c5 Mon Sep 17 00:00:00 2001
+From f1e8e30bef3757904d9e963f02ef297cd0c33240 Mon Sep 17 00:00:00 2001
From: Alex Deucher <alexander.deucher@amd.com>
Date: Fri, 28 Mar 2025 09:08:57 -0400
Subject: drm/amdgpu/mes12: optimize MES pipe FW version fetching
diff --git a/debian/patches/patchset-pf/fixes/0008-wifi-iwlwifi-pcie-set-state-to-no-FW-before-reset-ha.patch b/debian/patches/patchset-pf/fixes/0008-wifi-iwlwifi-pcie-set-state-to-no-FW-before-reset-ha.patch
new file mode 100644
index 0000000..86a86fa
--- /dev/null
+++ b/debian/patches/patchset-pf/fixes/0008-wifi-iwlwifi-pcie-set-state-to-no-FW-before-reset-ha.patch
@@ -0,0 +1,50 @@
+From 81c23adad48324b73fe0993f332407c5be050bb5 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Thu, 3 Apr 2025 11:04:37 +0000
+Subject: wifi: iwlwifi: pcie: set state to no-FW before reset handshake
+
+The reset handshake attempts to kill the firmware, and it'll go
+into a pretty much dead state once we do that. However, if it
+times out, then we'll attempt to dump the firmware to be able
+to see why it didn't respond. During this dump, we cannot treat
+it as if it was still running, since we just tried to kill it,
+otherwise dumping will attempt to send a DBGC stop command. As
+this command will time out, we'll go into a reset loop.
+
+For now, fix this by setting the trans->state to say firmware
+isn't running before doing the reset handshake. In the longer
+term, we should clean up the way this state is handled.
+
+It's not entirely clear but it seems likely that this issue was
+introduced by my rework of the error handling, prior to that it
+would've been synchronous at that point and (I think) not have
+attempted to reset since it was already doing down.
+
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219967
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219968
+Closes: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/128
+Fixes: 7391b2a4f7db ("wifi: iwlwifi: rework firmware error handling")
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
+---
+ drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c
++++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans-gen2.c
+@@ -147,8 +147,14 @@ static void _iwl_trans_pcie_gen2_stop_de
+ return;
+
+ if (trans->state >= IWL_TRANS_FW_STARTED &&
+- trans_pcie->fw_reset_handshake)
++ trans_pcie->fw_reset_handshake) {
++ /*
++ * Reset handshake can dump firmware on timeout, but that
++ * should assume that the firmware is already dead.
++ */
++ trans->state = IWL_TRANS_NO_FW;
+ iwl_trans_pcie_fw_reset_handshake(trans);
++ }
+
+ trans_pcie->is_down = true;
+
diff --git a/debian/patches/patchset-pf/fixes/0009-wifi-ath12k-Abort-scan-before-removing-link-interfac.patch b/debian/patches/patchset-pf/fixes/0009-wifi-ath12k-Abort-scan-before-removing-link-interfac.patch
new file mode 100644
index 0000000..6d25616
--- /dev/null
+++ b/debian/patches/patchset-pf/fixes/0009-wifi-ath12k-Abort-scan-before-removing-link-interfac.patch
@@ -0,0 +1,40 @@
+From d3140c22ed2bc3c98dcf251659d78572e154a993 Mon Sep 17 00:00:00 2001
+From: Lingbo Kong <quic_lingbok@quicinc.com>
+Date: Wed, 26 Feb 2025 19:31:18 +0800
+Subject: wifi: ath12k: Abort scan before removing link interface to prevent
+ duplicate deletion
+
+Currently, when ath12k performs the remove link interface operation, if
+there is an ongoing scan operation on the arvif, ath12k may execute the
+remove link interface operation multiple times on the same arvif. This
+occurs because, during the remove link operation, if a scan operation is
+present on the arvif, ath12k may receive a WMI_SCAN_EVENT_COMPLETED event
+from the firmware. Upon receiving this event, ath12k will continue to
+execute the ath12k_scan_vdev_clean_work() function, performing the remove
+link interface operation on the same arvif again.
+
+To address this issue, before executing the remove link interface
+operation, ath12k needs to check if there is an ongoing scan operation on
+the current arvif. If such an operation exists, it should be aborted.
+
+Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
+
+Signed-off-by: Lingbo Kong <quic_lingbok@quicinc.com>
+---
+ drivers/net/wireless/ath/ath12k/mac.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/net/wireless/ath/ath12k/mac.c
++++ b/drivers/net/wireless/ath/ath12k/mac.c
+@@ -9330,6 +9330,11 @@ ath12k_mac_op_unassign_vif_chanctx(struc
+ ar->num_started_vdevs == 1 && ar->monitor_vdev_created)
+ ath12k_mac_monitor_stop(ar);
+
++ if (ar->scan.arvif == arvif && ar->scan.state == ATH12K_SCAN_RUNNING) {
++ ath12k_scan_abort(ar);
++ ar->scan.arvif = NULL;
++ }
++
+ ath12k_mac_remove_link_interface(hw, arvif);
+ ath12k_mac_unassign_link_vif(arvif);
+ }
diff --git a/debian/patches/patchset-pf/fixes/0010-Kconfig-switch-CONFIG_SYSFS_SYCALL-default-to-n.patch b/debian/patches/patchset-pf/fixes/0010-Kconfig-switch-CONFIG_SYSFS_SYCALL-default-to-n.patch
new file mode 100644
index 0000000..d385168
--- /dev/null
+++ b/debian/patches/patchset-pf/fixes/0010-Kconfig-switch-CONFIG_SYSFS_SYCALL-default-to-n.patch
@@ -0,0 +1,49 @@
+From fa165a32074fba27286cc9d2464a647642ad6bc7 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <brauner@kernel.org>
+Date: Tue, 15 Apr 2025 10:22:04 +0200
+Subject: Kconfig: switch CONFIG_SYSFS_SYCALL default to n
+
+This odd system call will be removed in the future. Let's decouple it
+from CONFIG_EXPERT and switch the default to n as a first step.
+
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+---
+ init/Kconfig | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -1600,6 +1600,16 @@ config SYSCTL_ARCH_UNALIGN_ALLOW
+ the unaligned access emulation.
+ see arch/parisc/kernel/unaligned.c for reference
+
++config SYSFS_SYSCALL
++ bool "Sysfs syscall support"
++ default n
++ help
++ sys_sysfs is an obsolete system call no longer supported in libc.
++ Note that disabling this option is more secure but might break
++ compatibility with some systems.
++
++ If unsure say N here.
++
+ config HAVE_PCSPKR_PLATFORM
+ bool
+
+@@ -1644,16 +1654,6 @@ config SGETMASK_SYSCALL
+
+ If unsure, leave the default option here.
+
+-config SYSFS_SYSCALL
+- bool "Sysfs syscall support" if EXPERT
+- default y
+- help
+- sys_sysfs is an obsolete system call no longer supported in libc.
+- Note that disabling this option is more secure but might break
+- compatibility with some systems.
+-
+- If unsure say Y here.
+-
+ config FHANDLE
+ bool "open by fhandle syscalls" if EXPERT
+ select EXPORTFS
diff --git a/debian/patches/patchset-pf/fuse/0001-fuse-io-uring-Fix-a-possible-req-cancellation-race.patch b/debian/patches/patchset-pf/fuse/0001-fuse-io-uring-Fix-a-possible-req-cancellation-race.patch
deleted file mode 100644
index db3e513..0000000
--- a/debian/patches/patchset-pf/fuse/0001-fuse-io-uring-Fix-a-possible-req-cancellation-race.patch
+++ /dev/null
@@ -1,207 +0,0 @@
-From 6e7ac63c4c4a8fe7c66f856f4091d9b20899f167 Mon Sep 17 00:00:00 2001
-From: Bernd Schubert <bschubert@ddn.com>
-Date: Tue, 25 Mar 2025 18:29:31 +0100
-Subject: fuse: {io-uring} Fix a possible req cancellation race
-
-task-A (application) might be in request_wait_answer and
-try to remove the request when it has FR_PENDING set.
-
-task-B (a fuse-server io-uring task) might handle this
-request with FUSE_IO_URING_CMD_COMMIT_AND_FETCH, when
-fetching the next request and accessed the req from
-the pending list in fuse_uring_ent_assign_req().
-That code path was not protected by fiq->lock and so
-might race with task-A.
-
-For scaling reasons we better don't use fiq->lock, but
-add a handler to remove canceled requests from the queue.
-
-This also removes usage of fiq->lock from
-fuse_uring_add_req_to_ring_ent() altogether, as it was
-there just to protect against this race and incomplete.
-
-Also added is a comment why FR_PENDING is not cleared.
-
-Fixes: c090c8abae4b ("fuse: Add io-uring sqe commit and fetch support")
-Cc: <stable@vger.kernel.org> # v6.14
-Reported-by: Joanne Koong <joannelkoong@gmail.com>
-Closes: https://lore.kernel.org/all/CAJnrk1ZgHNb78dz-yfNTpxmW7wtT88A=m-zF0ZoLXKLUHRjNTw@mail.gmail.com/
-Signed-off-by: Bernd Schubert <bschubert@ddn.com>
-Reviewed-by: Joanne Koong <joannelkoong@gmail.com>
-Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
----
- fs/fuse/dev.c | 34 +++++++++++++++++++++++++---------
- fs/fuse/dev_uring.c | 15 +++++++++++----
- fs/fuse/dev_uring_i.h | 6 ++++++
- fs/fuse/fuse_dev_i.h | 1 +
- fs/fuse/fuse_i.h | 3 +++
- 5 files changed, 46 insertions(+), 13 deletions(-)
-
---- a/fs/fuse/dev.c
-+++ b/fs/fuse/dev.c
-@@ -407,6 +407,24 @@ static int queue_interrupt(struct fuse_r
- return 0;
- }
-
-+bool fuse_remove_pending_req(struct fuse_req *req, spinlock_t *lock)
-+{
-+ spin_lock(lock);
-+ if (test_bit(FR_PENDING, &req->flags)) {
-+ /*
-+ * FR_PENDING does not get cleared as the request will end
-+ * up in destruction anyway.
-+ */
-+ list_del(&req->list);
-+ spin_unlock(lock);
-+ __fuse_put_request(req);
-+ req->out.h.error = -EINTR;
-+ return true;
-+ }
-+ spin_unlock(lock);
-+ return false;
-+}
-+
- static void request_wait_answer(struct fuse_req *req)
- {
- struct fuse_conn *fc = req->fm->fc;
-@@ -428,22 +446,20 @@ static void request_wait_answer(struct f
- }
-
- if (!test_bit(FR_FORCE, &req->flags)) {
-+ bool removed;
-+
- /* Only fatal signals may interrupt this */
- err = wait_event_killable(req->waitq,
- test_bit(FR_FINISHED, &req->flags));
- if (!err)
- return;
-
-- spin_lock(&fiq->lock);
-- /* Request is not yet in userspace, bail out */
-- if (test_bit(FR_PENDING, &req->flags)) {
-- list_del(&req->list);
-- spin_unlock(&fiq->lock);
-- __fuse_put_request(req);
-- req->out.h.error = -EINTR;
-+ if (test_bit(FR_URING, &req->flags))
-+ removed = fuse_uring_remove_pending_req(req);
-+ else
-+ removed = fuse_remove_pending_req(req, &fiq->lock);
-+ if (removed)
- return;
-- }
-- spin_unlock(&fiq->lock);
- }
-
- /*
---- a/fs/fuse/dev_uring.c
-+++ b/fs/fuse/dev_uring.c
-@@ -726,8 +726,6 @@ static void fuse_uring_add_req_to_ring_e
- struct fuse_req *req)
- {
- struct fuse_ring_queue *queue = ent->queue;
-- struct fuse_conn *fc = req->fm->fc;
-- struct fuse_iqueue *fiq = &fc->iq;
-
- lockdep_assert_held(&queue->lock);
-
-@@ -737,9 +735,7 @@ static void fuse_uring_add_req_to_ring_e
- ent->state);
- }
-
-- spin_lock(&fiq->lock);
- clear_bit(FR_PENDING, &req->flags);
-- spin_unlock(&fiq->lock);
- ent->fuse_req = req;
- ent->state = FRRS_FUSE_REQ;
- list_move(&ent->list, &queue->ent_w_req_queue);
-@@ -1238,6 +1234,8 @@ void fuse_uring_queue_fuse_req(struct fu
- if (unlikely(queue->stopped))
- goto err_unlock;
-
-+ set_bit(FR_URING, &req->flags);
-+ req->ring_queue = queue;
- ent = list_first_entry_or_null(&queue->ent_avail_queue,
- struct fuse_ring_ent, list);
- if (ent)
-@@ -1276,6 +1274,8 @@ bool fuse_uring_queue_bq_req(struct fuse
- return false;
- }
-
-+ set_bit(FR_URING, &req->flags);
-+ req->ring_queue = queue;
- list_add_tail(&req->list, &queue->fuse_req_bg_queue);
-
- ent = list_first_entry_or_null(&queue->ent_avail_queue,
-@@ -1306,6 +1306,13 @@ bool fuse_uring_queue_bq_req(struct fuse
- return true;
- }
-
-+bool fuse_uring_remove_pending_req(struct fuse_req *req)
-+{
-+ struct fuse_ring_queue *queue = req->ring_queue;
-+
-+ return fuse_remove_pending_req(req, &queue->lock);
-+}
-+
- static const struct fuse_iqueue_ops fuse_io_uring_ops = {
- /* should be send over io-uring as enhancement */
- .send_forget = fuse_dev_queue_forget,
---- a/fs/fuse/dev_uring_i.h
-+++ b/fs/fuse/dev_uring_i.h
-@@ -142,6 +142,7 @@ void fuse_uring_abort_end_requests(struc
- int fuse_uring_cmd(struct io_uring_cmd *cmd, unsigned int issue_flags);
- void fuse_uring_queue_fuse_req(struct fuse_iqueue *fiq, struct fuse_req *req);
- bool fuse_uring_queue_bq_req(struct fuse_req *req);
-+bool fuse_uring_remove_pending_req(struct fuse_req *req);
-
- static inline void fuse_uring_abort(struct fuse_conn *fc)
- {
-@@ -199,6 +200,11 @@ static inline bool fuse_uring_ready(stru
- {
- return false;
- }
-+
-+static inline bool fuse_uring_remove_pending_req(struct fuse_req *req)
-+{
-+ return false;
-+}
-
- #endif /* CONFIG_FUSE_IO_URING */
-
---- a/fs/fuse/fuse_dev_i.h
-+++ b/fs/fuse/fuse_dev_i.h
-@@ -61,6 +61,7 @@ int fuse_copy_out_args(struct fuse_copy_
- void fuse_dev_queue_forget(struct fuse_iqueue *fiq,
- struct fuse_forget_link *forget);
- void fuse_dev_queue_interrupt(struct fuse_iqueue *fiq, struct fuse_req *req);
-+bool fuse_remove_pending_req(struct fuse_req *req, spinlock_t *lock);
-
- #endif
-
---- a/fs/fuse/fuse_i.h
-+++ b/fs/fuse/fuse_i.h
-@@ -378,6 +378,7 @@ struct fuse_io_priv {
- * FR_FINISHED: request is finished
- * FR_PRIVATE: request is on private list
- * FR_ASYNC: request is asynchronous
-+ * FR_URING: request is handled through fuse-io-uring
- */
- enum fuse_req_flag {
- FR_ISREPLY,
-@@ -392,6 +393,7 @@ enum fuse_req_flag {
- FR_FINISHED,
- FR_PRIVATE,
- FR_ASYNC,
-+ FR_URING,
- };
-
- /**
-@@ -441,6 +443,7 @@ struct fuse_req {
-
- #ifdef CONFIG_FUSE_IO_URING
- void *ring_entry;
-+ void *ring_queue;
- #endif
- };
-
diff --git a/debian/patches/patchset-pf/fuse/0001-virtiofs-add-filesystem-context-source-name-check.patch b/debian/patches/patchset-pf/fuse/0001-virtiofs-add-filesystem-context-source-name-check.patch
new file mode 100644
index 0000000..f1404f6
--- /dev/null
+++ b/debian/patches/patchset-pf/fuse/0001-virtiofs-add-filesystem-context-source-name-check.patch
@@ -0,0 +1,30 @@
+From bd6633c0e527dbcf6b52d3b34b49a980b125c866 Mon Sep 17 00:00:00 2001
+From: Xiangsheng Hou <xiangsheng.hou@mediatek.com>
+Date: Mon, 7 Apr 2025 19:50:49 +0800
+Subject: virtiofs: add filesystem context source name check
+
+In certain scenarios, for example, during fuzz testing, the source
+name may be NULL, which could lead to a kernel panic. Therefore, an
+extra check for the source name should be added.
+
+Fixes: a62a8ef9d97d ("virtio-fs: add virtiofs filesystem")
+Cc: <stable@vger.kernel.org> # all LTS kernels
+Signed-off-by: Xiangsheng Hou <xiangsheng.hou@mediatek.com>
+Link: https://lore.kernel.org/20250407115111.25535-1-xiangsheng.hou@mediatek.com
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+---
+ fs/fuse/virtio_fs.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/fs/fuse/virtio_fs.c
++++ b/fs/fuse/virtio_fs.c
+@@ -1670,6 +1670,9 @@ static int virtio_fs_get_tree(struct fs_
+ unsigned int virtqueue_size;
+ int err = -EIO;
+
++ if (!fsc->source)
++ return invalf(fsc, "No source specified");
++
+ /* This gets a reference on virtio_fs object. This ptr gets installed
+ * in fc->iq->priv. Once fuse_conn is going away, it calls ->put()
+ * to drop the reference to this object.
diff --git a/debian/patches/patchset-pf/smb/0001-cifs-avoid-NULL-pointer-dereference-in-dbg-call.patch b/debian/patches/patchset-pf/smb/0001-cifs-avoid-NULL-pointer-dereference-in-dbg-call.patch
deleted file mode 100644
index 9040046..0000000
--- a/debian/patches/patchset-pf/smb/0001-cifs-avoid-NULL-pointer-dereference-in-dbg-call.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From c78ab32399be35eed11e986293804eab75bfbe21 Mon Sep 17 00:00:00 2001
-From: Alexandra Diupina <adiupina@astralinux.ru>
-Date: Wed, 19 Mar 2025 17:28:58 +0300
-Subject: cifs: avoid NULL pointer dereference in dbg call
-
-cifs_server_dbg() implies server to be non-NULL so
-move call under condition to avoid NULL pointer dereference.
-
-Found by Linux Verification Center (linuxtesting.org) with SVACE.
-
-Fixes: e79b0332ae06 ("cifs: ignore cached share root handle closing errors")
-Cc: stable@vger.kernel.org
-Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/client/smb2misc.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
---- a/fs/smb/client/smb2misc.c
-+++ b/fs/smb/client/smb2misc.c
-@@ -816,11 +816,12 @@ smb2_handle_cancelled_close(struct cifs_
- WARN_ONCE(tcon->tc_count < 0, "tcon refcount is negative");
- spin_unlock(&cifs_tcp_ses_lock);
-
-- if (tcon->ses)
-+ if (tcon->ses) {
- server = tcon->ses->server;
--
-- cifs_server_dbg(FYI, "tid=0x%x: tcon is closing, skipping async close retry of fid %llu %llu\n",
-- tcon->tid, persistent_fid, volatile_fid);
-+ cifs_server_dbg(FYI,
-+ "tid=0x%x: tcon is closing, skipping async close retry of fid %llu %llu\n",
-+ tcon->tid, persistent_fid, volatile_fid);
-+ }
-
- return 0;
- }
diff --git a/debian/patches/patchset-pf/smb/0001-ksmbd-Fix-dangling-pointer-in-krb_authenticate.patch b/debian/patches/patchset-pf/smb/0001-ksmbd-Fix-dangling-pointer-in-krb_authenticate.patch
new file mode 100644
index 0000000..0406f97
--- /dev/null
+++ b/debian/patches/patchset-pf/smb/0001-ksmbd-Fix-dangling-pointer-in-krb_authenticate.patch
@@ -0,0 +1,33 @@
+From c3eedd3e0d50a748c6c520ba00377aba8150c713 Mon Sep 17 00:00:00 2001
+From: Sean Heelan <seanheelan@gmail.com>
+Date: Mon, 7 Apr 2025 11:26:50 +0000
+Subject: ksmbd: Fix dangling pointer in krb_authenticate
+
+krb_authenticate frees sess->user and does not set the pointer
+to NULL. It calls ksmbd_krb5_authenticate to reinitialise
+sess->user but that function may return without doing so. If
+that happens then smb2_sess_setup, which calls krb_authenticate,
+will be accessing free'd memory when it later uses sess->user.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Sean Heelan <seanheelan@gmail.com>
+Acked-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+---
+ fs/smb/server/smb2pdu.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/smb/server/smb2pdu.c
++++ b/fs/smb/server/smb2pdu.c
+@@ -1602,8 +1602,10 @@ static int krb5_authenticate(struct ksmb
+ if (prev_sess_id && prev_sess_id != sess->id)
+ destroy_previous_session(conn, sess->user, prev_sess_id);
+
+- if (sess->state == SMB2_SESSION_VALID)
++ if (sess->state == SMB2_SESSION_VALID) {
+ ksmbd_free_user(sess->user);
++ sess->user = NULL;
++ }
+
+ retval = ksmbd_krb5_authenticate(sess, in_blob, in_len,
+ out_blob, &out_len);
diff --git a/debian/patches/patchset-pf/smb/0002-CIFS-Propagate-min-offload-along-with-other-paramete.patch b/debian/patches/patchset-pf/smb/0002-CIFS-Propagate-min-offload-along-with-other-paramete.patch
deleted file mode 100644
index a88aa1b..0000000
--- a/debian/patches/patchset-pf/smb/0002-CIFS-Propagate-min-offload-along-with-other-paramete.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 53f2beb3fafc1395f502390f04ad876a0dd2102d Mon Sep 17 00:00:00 2001
-From: Aman <aman1@microsoft.com>
-Date: Thu, 6 Mar 2025 17:46:43 +0000
-Subject: CIFS: Propagate min offload along with other parameters from primary
- to secondary channels.
-
-In a multichannel setup, it was observed that a few fields were not being
-copied over to the secondary channels, which impacted performance in cases
-where these options were relevant but not properly synchronized. To address
-this, this patch introduces copying the following parameters from the
-primary channel to the secondary channels:
-
-- min_offload
-- compression.requested
-- dfs_conn
-- ignore_signature
-- leaf_fullpath
-- noblockcnt
-- retrans
-- sign
-
-By copying these parameters, we ensure consistency across channels and
-prevent performance degradation due to missing or outdated settings.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Aman <aman1@microsoft.com>
-Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/client/connect.c | 1 +
- fs/smb/client/sess.c | 7 +++++++
- 2 files changed, 8 insertions(+)
-
---- a/fs/smb/client/connect.c
-+++ b/fs/smb/client/connect.c
-@@ -1677,6 +1677,7 @@ cifs_get_tcp_session(struct smb3_fs_cont
- /* Grab netns reference for this server. */
- cifs_set_net_ns(tcp_ses, get_net(current->nsproxy->net_ns));
-
-+ tcp_ses->sign = ctx->sign;
- tcp_ses->conn_id = atomic_inc_return(&tcpSesNextId);
- tcp_ses->noblockcnt = ctx->rootfs;
- tcp_ses->noblocksnd = ctx->noblocksnd || ctx->rootfs;
---- a/fs/smb/client/sess.c
-+++ b/fs/smb/client/sess.c
-@@ -522,6 +522,13 @@ cifs_ses_add_channel(struct cifs_ses *se
- ctx->sockopt_tcp_nodelay = ses->server->tcp_nodelay;
- ctx->echo_interval = ses->server->echo_interval / HZ;
- ctx->max_credits = ses->server->max_credits;
-+ ctx->min_offload = ses->server->min_offload;
-+ ctx->compress = ses->server->compression.requested;
-+ ctx->dfs_conn = ses->server->dfs_conn;
-+ ctx->ignore_signature = ses->server->ignore_signature;
-+ ctx->leaf_fullpath = ses->server->leaf_fullpath;
-+ ctx->rootfs = ses->server->noblockcnt;
-+ ctx->retrans = ses->server->retrans;
-
- /*
- * This will be used for encoding/decoding user/domain/pw
diff --git a/debian/patches/patchset-pf/smb/0002-ksmbd-fix-use-after-free-in-__smb2_lease_break_noti.patch b/debian/patches/patchset-pf/smb/0002-ksmbd-fix-use-after-free-in-__smb2_lease_break_noti.patch
new file mode 100644
index 0000000..47917a7
--- /dev/null
+++ b/debian/patches/patchset-pf/smb/0002-ksmbd-fix-use-after-free-in-__smb2_lease_break_noti.patch
@@ -0,0 +1,76 @@
+From 1932e1bb8624ec520da5f61e3f5bbdd16b9f320d Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Fri, 11 Apr 2025 15:19:46 +0900
+Subject: ksmbd: fix use-after-free in __smb2_lease_break_noti()
+
+Move tcp_transport free to ksmbd_conn_free. If ksmbd connection is
+referenced when ksmbd server thread terminates, It will not be freed,
+but conn->tcp_transport is freed. __smb2_lease_break_noti can be performed
+asynchronously when the connection is disconnected. __smb2_lease_break_noti
+calls ksmbd_conn_write, which can cause use-after-free
+when conn->ksmbd_transport is already freed.
+
+Cc: stable@vger.kernel.org
+Reported-by: Norbert Szetei <norbert@doyensec.com>
+Tested-by: Norbert Szetei <norbert@doyensec.com>
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+---
+ fs/smb/server/connection.c | 4 +++-
+ fs/smb/server/transport_tcp.c | 14 +++++++++-----
+ fs/smb/server/transport_tcp.h | 1 +
+ 3 files changed, 13 insertions(+), 6 deletions(-)
+
+--- a/fs/smb/server/connection.c
++++ b/fs/smb/server/connection.c
+@@ -39,8 +39,10 @@ void ksmbd_conn_free(struct ksmbd_conn *
+ xa_destroy(&conn->sessions);
+ kvfree(conn->request_buf);
+ kfree(conn->preauth_info);
+- if (atomic_dec_and_test(&conn->refcnt))
++ if (atomic_dec_and_test(&conn->refcnt)) {
++ ksmbd_free_transport(conn->transport);
+ kfree(conn);
++ }
+ }
+
+ /**
+--- a/fs/smb/server/transport_tcp.c
++++ b/fs/smb/server/transport_tcp.c
+@@ -93,17 +93,21 @@ static struct tcp_transport *alloc_trans
+ return t;
+ }
+
+-static void free_transport(struct tcp_transport *t)
++void ksmbd_free_transport(struct ksmbd_transport *kt)
+ {
+- kernel_sock_shutdown(t->sock, SHUT_RDWR);
+- sock_release(t->sock);
+- t->sock = NULL;
++ struct tcp_transport *t = TCP_TRANS(kt);
+
+- ksmbd_conn_free(KSMBD_TRANS(t)->conn);
++ sock_release(t->sock);
+ kfree(t->iov);
+ kfree(t);
+ }
+
++static void free_transport(struct tcp_transport *t)
++{
++ kernel_sock_shutdown(t->sock, SHUT_RDWR);
++ ksmbd_conn_free(KSMBD_TRANS(t)->conn);
++}
++
+ /**
+ * kvec_array_init() - initialize a IO vector segment
+ * @new: IO vector to be initialized
+--- a/fs/smb/server/transport_tcp.h
++++ b/fs/smb/server/transport_tcp.h
+@@ -8,6 +8,7 @@
+
+ int ksmbd_tcp_set_interfaces(char *ifc_list, int ifc_list_sz);
+ struct interface *ksmbd_find_netdev_name_iface_list(char *netdev_name);
++void ksmbd_free_transport(struct ksmbd_transport *kt);
+ int ksmbd_tcp_init(void);
+ void ksmbd_tcp_destroy(void);
+
diff --git a/debian/patches/patchset-pf/smb/0003-cifs-fix-integer-overflow-in-match_server.patch b/debian/patches/patchset-pf/smb/0003-cifs-fix-integer-overflow-in-match_server.patch
deleted file mode 100644
index e24b5ff..0000000
--- a/debian/patches/patchset-pf/smb/0003-cifs-fix-integer-overflow-in-match_server.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 6b8b436fbb92dff7d6bc8d6c977b01814a541ec0 Mon Sep 17 00:00:00 2001
-From: Roman Smirnov <r.smirnov@omp.ru>
-Date: Mon, 31 Mar 2025 11:22:49 +0300
-Subject: cifs: fix integer overflow in match_server()
-
-The echo_interval is not limited in any way during mounting,
-which makes it possible to write a large number to it. This can
-cause an overflow when multiplying ctx->echo_interval by HZ in
-match_server().
-
-Add constraints for echo_interval to smb3_fs_context_parse_param().
-
-Found by Linux Verification Center (linuxtesting.org) with Svace.
-
-Fixes: adfeb3e00e8e1 ("cifs: Make echo interval tunable")
-Cc: stable@vger.kernel.org
-Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
-Signed-off-by: Steve French <stfrench@microsoft.com>
----
- fs/smb/client/fs_context.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/fs/smb/client/fs_context.c
-+++ b/fs/smb/client/fs_context.c
-@@ -1377,6 +1377,11 @@ static int smb3_fs_context_parse_param(s
- ctx->closetimeo = HZ * result.uint_32;
- break;
- case Opt_echo_interval:
-+ if (result.uint_32 < SMB_ECHO_INTERVAL_MIN ||
-+ result.uint_32 > SMB_ECHO_INTERVAL_MAX) {
-+ cifs_errorf(fc, "echo interval is out of bounds\n");
-+ goto cifs_parse_mount_err;
-+ }
- ctx->echo_interval = result.uint_32;
- break;
- case Opt_snapshot:
diff --git a/debian/patches/patchset-pf/smb/0003-ksmbd-fix-use-after-free-in-smb_break_all_levII_oplo.patch b/debian/patches/patchset-pf/smb/0003-ksmbd-fix-use-after-free-in-smb_break_all_levII_oplo.patch
new file mode 100644
index 0000000..48a08b8
--- /dev/null
+++ b/debian/patches/patchset-pf/smb/0003-ksmbd-fix-use-after-free-in-smb_break_all_levII_oplo.patch
@@ -0,0 +1,124 @@
+From 67437a4c66847a82ab538705b932144d4af28f4b Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Tue, 15 Apr 2025 09:30:21 +0900
+Subject: ksmbd: fix use-after-free in smb_break_all_levII_oplock()
+
+There is a room in smb_break_all_levII_oplock that can cause racy issues
+when unlocking in the middle of the loop. This patch use read lock
+to protect whole loop.
+
+Cc: stable@vger.kernel.org
+Reported-by: Norbert Szetei <norbert@doyensec.com>
+Tested-by: Norbert Szetei <norbert@doyensec.com>
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+---
+ fs/smb/server/oplock.c | 29 +++++++++--------------------
+ fs/smb/server/oplock.h | 1 -
+ 2 files changed, 9 insertions(+), 21 deletions(-)
+
+--- a/fs/smb/server/oplock.c
++++ b/fs/smb/server/oplock.c
+@@ -129,14 +129,6 @@ static void free_opinfo(struct oplock_in
+ kfree(opinfo);
+ }
+
+-static inline void opinfo_free_rcu(struct rcu_head *rcu_head)
+-{
+- struct oplock_info *opinfo;
+-
+- opinfo = container_of(rcu_head, struct oplock_info, rcu_head);
+- free_opinfo(opinfo);
+-}
+-
+ struct oplock_info *opinfo_get(struct ksmbd_file *fp)
+ {
+ struct oplock_info *opinfo;
+@@ -157,8 +149,8 @@ static struct oplock_info *opinfo_get_li
+ if (list_empty(&ci->m_op_list))
+ return NULL;
+
+- rcu_read_lock();
+- opinfo = list_first_or_null_rcu(&ci->m_op_list, struct oplock_info,
++ down_read(&ci->m_lock);
++ opinfo = list_first_entry(&ci->m_op_list, struct oplock_info,
+ op_entry);
+ if (opinfo) {
+ if (opinfo->conn == NULL ||
+@@ -171,8 +163,7 @@ static struct oplock_info *opinfo_get_li
+ }
+ }
+ }
+-
+- rcu_read_unlock();
++ up_read(&ci->m_lock);
+
+ return opinfo;
+ }
+@@ -185,7 +176,7 @@ void opinfo_put(struct oplock_info *opin
+ if (!atomic_dec_and_test(&opinfo->refcount))
+ return;
+
+- call_rcu(&opinfo->rcu_head, opinfo_free_rcu);
++ free_opinfo(opinfo);
+ }
+
+ static void opinfo_add(struct oplock_info *opinfo)
+@@ -193,7 +184,7 @@ static void opinfo_add(struct oplock_inf
+ struct ksmbd_inode *ci = opinfo->o_fp->f_ci;
+
+ down_write(&ci->m_lock);
+- list_add_rcu(&opinfo->op_entry, &ci->m_op_list);
++ list_add(&opinfo->op_entry, &ci->m_op_list);
+ up_write(&ci->m_lock);
+ }
+
+@@ -207,7 +198,7 @@ static void opinfo_del(struct oplock_inf
+ write_unlock(&lease_list_lock);
+ }
+ down_write(&ci->m_lock);
+- list_del_rcu(&opinfo->op_entry);
++ list_del(&opinfo->op_entry);
+ up_write(&ci->m_lock);
+ }
+
+@@ -1347,8 +1338,8 @@ void smb_break_all_levII_oplock(struct k
+ ci = fp->f_ci;
+ op = opinfo_get(fp);
+
+- rcu_read_lock();
+- list_for_each_entry_rcu(brk_op, &ci->m_op_list, op_entry) {
++ down_read(&ci->m_lock);
++ list_for_each_entry(brk_op, &ci->m_op_list, op_entry) {
+ if (brk_op->conn == NULL)
+ continue;
+
+@@ -1358,7 +1349,6 @@ void smb_break_all_levII_oplock(struct k
+ if (ksmbd_conn_releasing(brk_op->conn))
+ continue;
+
+- rcu_read_unlock();
+ if (brk_op->is_lease && (brk_op->o_lease->state &
+ (~(SMB2_LEASE_READ_CACHING_LE |
+ SMB2_LEASE_HANDLE_CACHING_LE)))) {
+@@ -1388,9 +1378,8 @@ void smb_break_all_levII_oplock(struct k
+ oplock_break(brk_op, SMB2_OPLOCK_LEVEL_NONE, NULL);
+ next:
+ opinfo_put(brk_op);
+- rcu_read_lock();
+ }
+- rcu_read_unlock();
++ up_read(&ci->m_lock);
+
+ if (op)
+ opinfo_put(op);
+--- a/fs/smb/server/oplock.h
++++ b/fs/smb/server/oplock.h
+@@ -71,7 +71,6 @@ struct oplock_info {
+ struct list_head lease_entry;
+ wait_queue_head_t oplock_q; /* Other server threads */
+ wait_queue_head_t oplock_brk; /* oplock breaking wait */
+- struct rcu_head rcu_head;
+ };
+
+ struct lease_break_info {
diff --git a/debian/patches/patchset-pf/smb/0004-ksmbd-fix-the-warning-from-__kernel_write_iter.patch b/debian/patches/patchset-pf/smb/0004-ksmbd-fix-the-warning-from-__kernel_write_iter.patch
new file mode 100644
index 0000000..90a77a9
--- /dev/null
+++ b/debian/patches/patchset-pf/smb/0004-ksmbd-fix-the-warning-from-__kernel_write_iter.patch
@@ -0,0 +1,31 @@
+From d9f3fc321672406f959334509a88296187994c5a Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Tue, 15 Apr 2025 09:31:08 +0900
+Subject: ksmbd: fix the warning from __kernel_write_iter
+
+[ 2110.972290] ------------[ cut here ]------------
+[ 2110.972301] WARNING: CPU: 3 PID: 735 at fs/read_write.c:599 __kernel_write_iter+0x21b/0x280
+
+This patch doesn't allow writing to directory.
+
+Cc: stable@vger.kernel.org
+Reported-by: Norbert Szetei <norbert@doyensec.com>
+Tested-by: Norbert Szetei <norbert@doyensec.com>
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+---
+ fs/smb/server/vfs.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/smb/server/vfs.c
++++ b/fs/smb/server/vfs.c
+@@ -496,7 +496,8 @@ int ksmbd_vfs_write(struct ksmbd_work *w
+ int err = 0;
+
+ if (work->conn->connection_type) {
+- if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE))) {
++ if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE)) ||
++ S_ISDIR(file_inode(fp->filp)->i_mode)) {
+ pr_err("no right to write(%pD)\n", fp->filp);
+ err = -EACCES;
+ goto out;
diff --git a/debian/patches/patchset-pf/smb/0005-ksmbd-Prevent-integer-overflow-in-calculation-of-dea.patch b/debian/patches/patchset-pf/smb/0005-ksmbd-Prevent-integer-overflow-in-calculation-of-dea.patch
new file mode 100644
index 0000000..9a81d5c
--- /dev/null
+++ b/debian/patches/patchset-pf/smb/0005-ksmbd-Prevent-integer-overflow-in-calculation-of-dea.patch
@@ -0,0 +1,43 @@
+From adbf65091f5ac103ae5339bd49549b147906a0c0 Mon Sep 17 00:00:00 2001
+From: Denis Arefev <arefev@swemel.ru>
+Date: Wed, 9 Apr 2025 12:04:49 +0300
+Subject: ksmbd: Prevent integer overflow in calculation of deadtime
+
+The user can set any value for 'deadtime'. This affects the arithmetic
+expression 'req->deadtime * SMB_ECHO_INTERVAL', which is subject to
+overflow. The added check makes the server behavior more predictable.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers")
+Cc: stable@vger.kernel.org
+Signed-off-by: Denis Arefev <arefev@swemel.ru>
+Acked-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+---
+ fs/smb/server/transport_ipc.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/fs/smb/server/transport_ipc.c
++++ b/fs/smb/server/transport_ipc.c
+@@ -310,7 +310,11 @@ static int ipc_server_config_on_startup(
+ server_conf.signing = req->signing;
+ server_conf.tcp_port = req->tcp_port;
+ server_conf.ipc_timeout = req->ipc_timeout * HZ;
+- server_conf.deadtime = req->deadtime * SMB_ECHO_INTERVAL;
++ if (check_mul_overflow(req->deadtime, SMB_ECHO_INTERVAL,
++ &server_conf.deadtime)) {
++ ret = -EINVAL;
++ goto out;
++ }
+ server_conf.share_fake_fscaps = req->share_fake_fscaps;
+ ksmbd_init_domain(req->sub_auth);
+
+@@ -337,6 +341,7 @@ static int ipc_server_config_on_startup(
+ server_conf.bind_interfaces_only = req->bind_interfaces_only;
+ ret |= ksmbd_tcp_set_interfaces(KSMBD_STARTUP_CONFIG_INTERFACES(req),
+ req->ifc_list_sz);
++out:
+ if (ret) {
+ pr_err("Server configuration error: %s %s %s\n",
+ req->netbios_name, req->server_string,
diff --git a/debian/patches/patchset-pf/zstd/0001-zstd-import-upstream-v1.5.7.patch b/debian/patches/patchset-pf/zstd/0001-zstd-import-upstream-v1.5.7.patch
index aff321f..b155007 100644
--- a/debian/patches/patchset-pf/zstd/0001-zstd-import-upstream-v1.5.7.patch
+++ b/debian/patches/patchset-pf/zstd/0001-zstd-import-upstream-v1.5.7.patch
@@ -4262,7 +4262,7 @@ Signed-off-by: Oleksandr Natalenko <oleksandr@natalenko.name>
- #if ((defined(__clang__) && __has_attribute(__target__)) \
+# if ((defined(__clang__) && __has_attribute(__target__)) \
|| (defined(__GNUC__) \
- && (__GNUC__ >= 5 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 8)))) \
+ && (__GNUC__ >= 11))) \
- && (defined(__x86_64__) || defined(_M_X64)) \
+ && (defined(__i386__) || defined(__x86_64__) || defined(_M_IX86) || defined(_M_X64)) \
&& !defined(__BMI2__)
diff --git a/debian/patches/patchset-xanmod/binder/0002-binder-turn-into-module-list_lru_add-list_lru_del.patch b/debian/patches/patchset-xanmod/binder/0002-binder-turn-into-module-list_lru_add-list_lru_del.patch
deleted file mode 100644
index 0807677..0000000
--- a/debian/patches/patchset-xanmod/binder/0002-binder-turn-into-module-list_lru_add-list_lru_del.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 0156792aef65a27c5938dc821630f5546dc6a3c9 Mon Sep 17 00:00:00 2001
-From: Paolo Pisati <paolo.pisati@canonical.com>
-Date: Thu, 6 Feb 2025 15:38:05 +0100
-Subject: binder: turn into module - list_lru_add()/list_lru_del()
-
-Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
-Signed-off-by: Alexandre Frade <kernel@xanmod.org>
----
- mm/list_lru.c | 2 ++
- 1 file changed, 2 insertions(+)
-
---- a/mm/list_lru.c
-+++ b/mm/list_lru.c
-@@ -175,6 +175,7 @@ bool list_lru_add(struct list_lru *lru,
- unlock_list_lru(l, false);
- return false;
- }
-+EXPORT_SYMBOL_GPL(list_lru_add);
-
- bool list_lru_add_obj(struct list_lru *lru, struct list_head *item)
- {
-@@ -212,6 +213,7 @@ bool list_lru_del(struct list_lru *lru,
- unlock_list_lru(l, false);
- return false;
- }
-+EXPORT_SYMBOL_GPL(list_lru_del);
-
- bool list_lru_del_obj(struct list_lru *lru, struct list_head *item)
- {
diff --git a/debian/patches/patchset-xanmod/binder/0003-binder-turn-into-module-lock_vma_under_rcu.patch b/debian/patches/patchset-xanmod/binder/0003-binder-turn-into-module-lock_vma_under_rcu.patch
deleted file mode 100644
index 1198777..0000000
--- a/debian/patches/patchset-xanmod/binder/0003-binder-turn-into-module-lock_vma_under_rcu.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-From 51d6dcc335e157df9ce5b9605841b879db64894a Mon Sep 17 00:00:00 2001
-From: Paolo Pisati <paolo.pisati@canonical.com>
-Date: Thu, 6 Feb 2025 15:40:09 +0100
-Subject: binder: turn into module - lock_vma_under_rcu()
-
-Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
-Signed-off-by: Alexandre Frade <kernel@xanmod.org>
----
- mm/memory.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/mm/memory.c
-+++ b/mm/memory.c
-@@ -6392,6 +6392,7 @@ inval:
- count_vm_vma_lock_event(VMA_LOCK_ABORT);
- return NULL;
- }
-+EXPORT_SYMBOL_GPL(lock_vma_under_rcu);
- #endif /* CONFIG_PER_VMA_LOCK */
-
- #ifndef __PAGETABLE_P4D_FOLDED
diff --git a/debian/patches/patchset-xanmod/pci_acso/0001-PCI-Enable-overrides-for-missing-ACS-capabilities.patch b/debian/patches/patchset-xanmod/pci_acso/0001-PCI-Enable-overrides-for-missing-ACS-capabilities.patch
index e80e364..dc152cf 100644
--- a/debian/patches/patchset-xanmod/pci_acso/0001-PCI-Enable-overrides-for-missing-ACS-capabilities.patch
+++ b/debian/patches/patchset-xanmod/pci_acso/0001-PCI-Enable-overrides-for-missing-ACS-capabilities.patch
@@ -55,7 +55,7 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4644,6 +4644,15 @@
+@@ -4646,6 +4646,15 @@
nomsi [MSI] If the PCI_MSI kernel config parameter is
enabled, this kernel boot option can be used to
disable the use of MSI interrupts system-wide.
diff --git a/debian/patches/patchset-xanmod/xanmod/0013-XANMOD-sched-autogroup-Add-kernel-parameter-and-conf.patch b/debian/patches/patchset-xanmod/xanmod/0013-XANMOD-sched-autogroup-Add-kernel-parameter-and-conf.patch
index 75e6c3d..9ff09bc 100644
--- a/debian/patches/patchset-xanmod/xanmod/0013-XANMOD-sched-autogroup-Add-kernel-parameter-and-conf.patch
+++ b/debian/patches/patchset-xanmod/xanmod/0013-XANMOD-sched-autogroup-Add-kernel-parameter-and-conf.patch
@@ -24,7 +24,7 @@ Signed-off-by: Alexandre Frade <kernel@xanmod.org>
bau= [X86_UV] Enable the BAU on SGI UV. The default
behavior is to disable the BAU (i.e. bau=0).
Format: { "0" | "1" }
-@@ -4039,8 +4043,6 @@
+@@ -4041,8 +4045,6 @@
noapictimer [APIC,X86] Don't set up the APIC timer
diff --git a/debian/patches/patchset-zen/invlpgb/0004-x86-mm-Add-INVLPGB-feature-and-Kconfig-entry.patch b/debian/patches/patchset-zen/invlpgb/0004-x86-mm-Add-INVLPGB-feature-and-Kconfig-entry.patch
index e717e5b..5ff0067 100644
--- a/debian/patches/patchset-zen/invlpgb/0004-x86-mm-Add-INVLPGB-feature-and-Kconfig-entry.patch
+++ b/debian/patches/patchset-zen/invlpgb/0004-x86-mm-Add-INVLPGB-feature-and-Kconfig-entry.patch
@@ -90,7 +90,7 @@ Link: https://lore.kernel.org/r/20250226030129.530345-3-riel@surriel.com
static inline int rdmsrl_amd_safe(unsigned msr, unsigned long long *p)
{
u32 gprs[8] = { 0 };
-@@ -1139,6 +1141,10 @@ static void cpu_detect_tlb_amd(struct cp
+@@ -1140,6 +1142,10 @@ static void cpu_detect_tlb_amd(struct cp
tlb_lli_2m[ENTRIES] = eax & mask;
tlb_lli_4m[ENTRIES] = tlb_lli_2m[ENTRIES] >> 1;
diff --git a/debian/patches/patchset-zen/invlpgb/0012-x86-mm-Enable-AMD-translation-cache-extensions.patch b/debian/patches/patchset-zen/invlpgb/0012-x86-mm-Enable-AMD-translation-cache-extensions.patch
index f9d3733..880cf66 100644
--- a/debian/patches/patchset-zen/invlpgb/0012-x86-mm-Enable-AMD-translation-cache-extensions.patch
+++ b/debian/patches/patchset-zen/invlpgb/0012-x86-mm-Enable-AMD-translation-cache-extensions.patch
@@ -52,7 +52,7 @@ Link: https://lore.kernel.org/r/20250226030129.530345-13-riel@surriel.com
/*
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
-@@ -1075,6 +1075,10 @@ static void init_amd(struct cpuinfo_x86
+@@ -1076,6 +1076,10 @@ static void init_amd(struct cpuinfo_x86
/* AMD CPUs don't need fencing after x2APIC/TSC_DEADLINE MSR writes. */
clear_cpu_cap(c, X86_FEATURE_APIC_MSRS_FENCE);
diff --git a/debian/patches/patchset-zen/sauce/0003-ZEN-PCI-Add-Intel-remapped-NVMe-device-support.patch b/debian/patches/patchset-zen/sauce/0003-ZEN-PCI-Add-Intel-remapped-NVMe-device-support.patch
index dd29fe3..6b8c047 100644
--- a/debian/patches/patchset-zen/sauce/0003-ZEN-PCI-Add-Intel-remapped-NVMe-device-support.patch
+++ b/debian/patches/patchset-zen/sauce/0003-ZEN-PCI-Add-Intel-remapped-NVMe-device-support.patch
@@ -94,7 +94,7 @@ Contains:
-#endif
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
-@@ -1618,7 +1618,7 @@ static irqreturn_t ahci_thunderx_irq_han
+@@ -1629,7 +1629,7 @@ static irqreturn_t ahci_thunderx_irq_han
}
#endif
@@ -103,7 +103,7 @@ Contains:
struct ahci_host_priv *hpriv)
{
int i;
-@@ -1631,7 +1631,7 @@ static void ahci_remap_check(struct pci_
+@@ -1642,7 +1642,7 @@ static void ahci_remap_check(struct pci_
pci_resource_len(pdev, bar) < SZ_512K ||
bar != AHCI_PCI_BAR_STANDARD ||
!(readl(hpriv->mmio + AHCI_VSCAP) & 1))
@@ -112,7 +112,7 @@ Contains:
cap = readq(hpriv->mmio + AHCI_REMAP_CAP);
for (i = 0; i < AHCI_MAX_REMAP; i++) {
-@@ -1646,18 +1646,11 @@ static void ahci_remap_check(struct pci_
+@@ -1657,18 +1657,11 @@ static void ahci_remap_check(struct pci_
}
if (!hpriv->remapped_nvme)
@@ -135,7 +135,7 @@ Contains:
}
static int ahci_get_irq_vector(struct ata_host *host, int port)
-@@ -1898,7 +1891,9 @@ static int ahci_init_one(struct pci_dev
+@@ -1909,7 +1902,9 @@ static int ahci_init_one(struct pci_dev
return -ENOMEM;
/* detect remapped nvme devices */
diff --git a/debian/patches/patchset-zen/sauce/0004-ZEN-Disable-stack-conservation-for-GCC.patch b/debian/patches/patchset-zen/sauce/0004-ZEN-Disable-stack-conservation-for-GCC.patch
index 4987d59..31f9886 100644
--- a/debian/patches/patchset-zen/sauce/0004-ZEN-Disable-stack-conservation-for-GCC.patch
+++ b/debian/patches/patchset-zen/sauce/0004-ZEN-Disable-stack-conservation-for-GCC.patch
@@ -24,6 +24,6 @@ Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
-KBUILD_CFLAGS += -fconserve-stack
-endif
-
- # change __FILE__ to the relative path to the source directory
- ifdef building_out_of_srctree
- KBUILD_CPPFLAGS += $(call cc-option,-fmacro-prefix-map=$(srcroot)/=)
+ # Ensure compilers do not transform certain loops into calls to wcslen()
+ KBUILD_CFLAGS += -fno-builtin-wcslen
+
diff --git a/debian/patches/series b/debian/patches/series
index be8cfe7..24f4a74 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -69,10 +69,15 @@ features/x86/x86-make-x32-syscall-support-conditional.patch
bugfix/all/disable-some-marvell-phys.patch
bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
bugfix/all/documentation-use-relative-source-paths-in-abi-documentation.patch
+bugfix/all/hfs-hfsplus-fix-slab-out-of-bounds-in-hfs_bnode_read.patch
# Miscellaneous features
# Lockdown missing pieces
+features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
+features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
+features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
+features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
# Improve integrity platform keyring for kernel modules verification
features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch
@@ -125,50 +130,44 @@ patchset-pf/amd-pstate/0003-cpufreq-amd-pstate-Remove-the-unnecessary-cpufreq_up
patchset-pf/amd-pstate/0004-cpufreq-amd-pstate-Use-scope-based-cleanup-for-cpufr.patch
patchset-pf/amd-pstate/0005-cpufreq-amd-pstate-Remove-the-unncecessary-driver_lo.patch
patchset-pf/amd-pstate/0006-cpufreq-amd-pstate-Fix-the-clamping-of-perf-values.patch
-patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Invalidate-cppc_req_cached-during.patch
-patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch
-patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch
-patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch
-patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Overhaul-locking.patch
-patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch
-patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch
-patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch
-patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch
-patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch
-patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch
-patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch
-patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch
-patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch
-patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch
-patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch
-patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Rework-CPPC-enabling.patch
-patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Stop-caching-EPP.patch
-patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch
-patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch
-patchset-pf/amd-pstate/0027-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch
-
-patchset-pf/btrfs/0001-btrfs-fix-non-empty-delayed-iputs-list-on-unmount-du.patch
-patchset-pf/btrfs/0002-btrfs-tests-fix-chunk-map-leak-after-failure-to-add-.patch
-patchset-pf/btrfs/0003-btrfs-zoned-fix-zone-activation-with-missing-devices.patch
-patchset-pf/btrfs/0004-btrfs-zoned-fix-zone-finishing-with-missing-devices.patch
+patchset-pf/amd-pstate/0007-cpufreq-amd-pstate-Show-a-warning-when-a-CPU-fails-t.patch
+patchset-pf/amd-pstate/0008-cpufreq-amd-pstate-Drop-min-and-max-cached-frequenci.patch
+patchset-pf/amd-pstate/0009-cpufreq-amd-pstate-Move-perf-values-into-a-union.patch
+patchset-pf/amd-pstate/0010-cpufreq-amd-pstate-Overhaul-locking.patch
+patchset-pf/amd-pstate/0011-cpufreq-amd-pstate-Drop-cppc_cap1_cached.patch
+patchset-pf/amd-pstate/0012-cpufreq-amd-pstate-ut-Use-_free-macro-to-free-put-po.patch
+patchset-pf/amd-pstate/0013-cpufreq-amd-pstate-ut-Allow-lowest-nonlinear-and-low.patch
+patchset-pf/amd-pstate/0014-cpufreq-amd-pstate-ut-Drop-SUCCESS-and-FAIL-enums.patch
+patchset-pf/amd-pstate/0015-cpufreq-amd-pstate-ut-Run-on-all-of-the-correct-CPUs.patch
+patchset-pf/amd-pstate/0016-cpufreq-amd-pstate-ut-Adjust-variable-scope.patch
+patchset-pf/amd-pstate/0017-cpufreq-amd-pstate-Replace-all-AMD_CPPC_-macros-with.patch
+patchset-pf/amd-pstate/0018-cpufreq-amd-pstate-Cache-CPPC-request-in-shared-mem-.patch
+patchset-pf/amd-pstate/0019-cpufreq-amd-pstate-Move-all-EPP-tracing-into-_update.patch
+patchset-pf/amd-pstate/0020-cpufreq-amd-pstate-Update-cppc_req_cached-for-shared.patch
+patchset-pf/amd-pstate/0021-cpufreq-amd-pstate-Drop-debug-statements-for-policy-.patch
+patchset-pf/amd-pstate/0022-cpufreq-amd-pstate-Rework-CPPC-enabling.patch
+patchset-pf/amd-pstate/0023-cpufreq-amd-pstate-Stop-caching-EPP.patch
+patchset-pf/amd-pstate/0024-cpufreq-amd-pstate-Drop-actions-in-amd_pstate_epp_cp.patch
+patchset-pf/amd-pstate/0025-cpufreq-amd-pstate-fix-warning-noticed-by-kernel-tes.patch
+patchset-pf/amd-pstate/0026-cpufreq-amd-pstate-Fix-min_limit-perf-and-freq-updat.patch
patchset-pf/cpuidle/0001-cpuidle-Prefer-teo-over-menu-governor.patch
patchset-pf/crypto/0001-crypto-x86-aes-xts-make-the-fast-path-64-bit-specifi.patch
patchset-pf/crypto/0002-crypto-x86-aes-ctr-rewrite-AESNI-AVX-optimized-CTR-a.patch
-patchset-pf/fuse/0001-fuse-io-uring-Fix-a-possible-req-cancellation-race.patch
+patchset-pf/fuse/0001-virtiofs-add-filesystem-context-source-name-check.patch
-patchset-pf/smb/0001-cifs-avoid-NULL-pointer-dereference-in-dbg-call.patch
-patchset-pf/smb/0002-CIFS-Propagate-min-offload-along-with-other-paramete.patch
-patchset-pf/smb/0003-cifs-fix-integer-overflow-in-match_server.patch
+patchset-pf/smb/0001-ksmbd-Fix-dangling-pointer-in-krb_authenticate.patch
+patchset-pf/smb/0002-ksmbd-fix-use-after-free-in-__smb2_lease_break_noti.patch
+patchset-pf/smb/0003-ksmbd-fix-use-after-free-in-smb_break_all_levII_oplo.patch
+patchset-pf/smb/0004-ksmbd-fix-the-warning-from-__kernel_write_iter.patch
+patchset-pf/smb/0005-ksmbd-Prevent-integer-overflow-in-calculation-of-dea.patch
patchset-pf/zstd/0001-zstd-import-upstream-v1.5.7.patch
patchset-pf/zstd/0002-lib-zstd-Refactor-intentional-wrap-around-test.patch
patchset-xanmod/binder/0001-binder-turn-into-module.patch
-patchset-xanmod/binder/0002-binder-turn-into-module-list_lru_add-list_lru_del.patch
-patchset-xanmod/binder/0003-binder-turn-into-module-lock_vma_under_rcu.patch
patchset-xanmod/clearlinux/0001-sched-wait-Do-accept-in-LIFO-order-for-cache-efficie.patch
patchset-xanmod/clearlinux/0002-firmware-Enable-stateless-firmware-loading.patch
@@ -267,17 +266,16 @@ patchset-zen/sauce/0021-ZEN-INTERACTIVE-dm-crypt-Disable-workqueues-for-cryp.pat
patchset-zen/sauce/0022-ZEN-INTERACTIVE-mm-swap-Disable-swap-in-readahead.patch
patchset-zen/sauce/0023-ZEN-INTERACTIVE-Document-PDS-BMQ-configuration.patch
-patchset-pf/fixes/0001-tpm-do-not-start-chip-while-suspended.patch
-patchset-pf/fixes/0002-Kunit-to-check-the-longest-symbol-length.patch
-patchset-pf/fixes/0003-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch
-patchset-pf/fixes/0004-tpm-tpm_tis-Fix-timeout-handling-when-waiting-for-TP.patch
-patchset-pf/fixes/0005-block-make-sure-nr_integrity_segments-is-cloned-in-b.patch
-patchset-pf/fixes/0006-PCI-Fix-wrong-length-of-devres-array.patch
-patchset-pf/fixes/0007-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch
-patchset-pf/fixes/0008-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch
-patchset-pf/fixes/0009-ice-mark-ice_write_prof_mask_reg-as-noinline.patch
-patchset-pf/fixes/0010-fixes-6.14-update-tpm2_start_auth_session-fix.patch
-patchset-pf/fixes/0011-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch
+patchset-pf/fixes/0001-Kunit-to-check-the-longest-symbol-length.patch
+patchset-pf/fixes/0002-x86-tools-Drop-duplicate-unlikely-definition-in-insn.patch
+patchset-pf/fixes/0003-drm-amdgpu-mes11-optimize-MES-pipe-FW-version-fetchi.patch
+patchset-pf/fixes/0004-tpm-Mask-TPM-RC-in-tpm2_start_auth_session.patch
+patchset-pf/fixes/0005-ice-mark-ice_write_prof_mask_reg-as-noinline.patch
+patchset-pf/fixes/0006-fixes-6.14-update-tpm2_start_auth_session-fix.patch
+patchset-pf/fixes/0007-drm-amdgpu-mes12-optimize-MES-pipe-FW-version-fetchi.patch
+patchset-pf/fixes/0008-wifi-iwlwifi-pcie-set-state-to-no-FW-before-reset-ha.patch
+patchset-pf/fixes/0009-wifi-ath12k-Abort-scan-before-removing-link-interfac.patch
+patchset-pf/fixes/0010-Kconfig-switch-CONFIG_SYSFS_SYCALL-default-to-n.patch
patchset-zen/fixes/0001-arch-Kconfig-Default-to-maximum-amount-of-ASLR-bits.patch
patchset-zen/fixes/0002-drivers-firmware-skip-simpledrm-if-nvidia-drm.modese.patch