dgit.raspbian.org Git - linux.git/log

intel-iommu: Add option to exclude integrated GPU only

Bug-Debian: https://bugs.debian.org/935270
Bug-Kali: https://bugs.kali.org/view.php?id=5644

There is still laptop firmware that touches the integrated GPU behind
the operating system's back, and doesn't say so in the RMRR table.
Enabling the IOMMU for all devices causes breakage, but turning it off
for all graphics devices seems like a major weakness.

Add an option, intel_iommu=intgpu_off, to exclude only integrated GPUs
from remapping. This is a narrower exclusion than igfx_off: it only
affects Intel devices on the root bus. Devices attached through an
external port (Thunderbolt or ExpressCard) won't be on the root bus.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name intel-iommu-add-option-to-exclude-integrated-gpu-only.patch

security,perf: Allow further restriction of perf_event_open

Forwarded: https://lore.kernel.org/all/20160111152355.GS28542@decadent.org.uk/

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name security-perf-allow-further-restriction-of-perf_event_open.patch

add sysctl to disallow unprivileged CLONE_NEWUSER by default

Origin: http://kernel.ubuntu.com/git?p=serge%2Fubuntu-saucy.git;a=commit;h=5c847404dcb2e3195ad0057877e1422ae90892b8

add sysctl to disallow unprivileged CLONE_NEWUSER by default

This is a short-term patch. Unprivileged use of CLONE_NEWUSER
is certainly an intended feature of user namespaces. However
for at least saucy we want to make sure that, if any security
issues are found, we have a fail-safe.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]
[bwh: Keep this sysctl, but change the default to enabled]

Gbp-Pq: Topic debian
Gbp-Pq: Name add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch

yama: Disable by default

Bug-Debian: https://bugs.debian.org/712740
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name yama-disable-by-default.patch

fs: Enable link security restrictions by default

Bug-Debian: https://bugs.debian.org/609455
Forwarded: not-needed

This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
('VFS: don't do protected {sym,hard}links by default').

Gbp-Pq: Topic debian
Gbp-Pq: Name fs-enable-link-security-restrictions-by-default.patch

hamradio: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'ham' radio protocols (ax25, netrom, rose) are not actively
maintained or widely used. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch

dccp: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'dccp' protocol is not actively maintained or widely used.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch

[PATCH 1/3] rds: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'rds' protocol is one such protocol that has been found to be
vulnerable, and which was not present in the 'lenny' kernel.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name rds-Disable-auto-loading-as-mitigation-against-local.patch

[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch

radeon, amdgpu: Firmware is required for DRM and KMS on R600 onward

Bug-Debian: https://bugs.debian.org/607194
Bug-Debian: https://bugs.debian.org/607471
Bug-Debian: https://bugs.debian.org/610851
Bug-Debian: https://bugs.debian.org/627497
Bug-Debian: https://bugs.debian.org/632212
Bug-Debian: https://bugs.debian.org/637943
Bug-Debian: https://bugs.debian.org/649448
Bug-Debian: https://bugs.debian.org/697229
Bug-Debian: https://bugs.debian.org/1053764
Forwarded: no
Last-Update: 2023-11-08

radeon requires firmware/microcode for the GPU in all chips, but for
newer chips (apparently R600 'Evergreen' onward) it also expects
firmware for the memory controller and other sub-blocks.

radeon attempts to gracefully fall back and disable some features if
the firmware is not available, but becomes unstable - the framebuffer
and/or system memory may be corrupted, or the display may stay black.

Therefore, perform a basic check for the existence of
/lib/firmware/radeon when a device is probed, and abort if it
is missing, except for the pre-R600 case.

Update 2023-11-08:
In bug 1053764 Mario Limonciello <mario.limonciello@amd.com> states
that the patch isn't needed anymore for amdgpu, so remove that part
of the patch

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch

firmware_loader: Log direct loading failures as info for d-i

Forwarded: not-needed

On an installed Debian system, firmware packages will normally be
installed automatically based on a mapping of device IDs to firmware.
Within the Debian installer this has not yet happened and we need a
way to detect missing firmware.

Although many/most drivers log firmware loading failures, they do so
using many different formats. This adds a single log message to the
firmware loader, which the installer's hw-detect package will look
for. The log level is set to "info" because some failures are
expected and we do not want to confuse users with bogus error messages
(like in bug #966218).

NOTE: The log message format must not be changed without coordinating
this with the check-missing-firmware.sh in hw-detect.

Gbp-Pq: Topic debian
Gbp-Pq: Name firmware_loader-log-direct-loading-failures-as-info-for-d-i.patch

iwlwifi: Do not request unreleased firmware for IWL6000

Bug-Debian: https://bugs.debian.org/689416
Forwarded: not-needed

The iwlwifi driver currently supports firmware API versions 4-6 for
these devices.  It will request the file for the latest supported
version and then fall back to earlier versions.  However, the latest
version that has actually been released is 4, so we expect the
requests for versions 6 and then 5 to fail.

The installer appears to report any failed request, and it is probably
not easy to detect that this particular failure is harmless.  So stop
requesting the unreleased firmware.

Gbp-Pq: Topic debian
Gbp-Pq: Name iwlwifi-do-not-request-unreleased-firmware.patch

af9005: Use request_firmware() to load register init script

Forwarded: no

Read the register init script from the Windows driver. This is sick
but should avoid the potential copyright infringement in distributing
a version of the script which is directly derived from the driver.

Gbp-Pq: Topic features/all
Gbp-Pq: Name drivers-media-dvb-usb-af9005-request_firmware.patch

linux-perf: Remove remaining source filenames from executable

When we build perf with -ffile-prefix-map, there are still 2
source directory names embedded in the executable:

1. The Documentation subdirectory, used as a fallback from the
installed location.
2. The python subdirectory, used in the Python script test.

Remove (1) since it is an unnecessary fallback. Change (2)
to the installed location.

Gbp-Pq: Topic debian
Gbp-Pq: Name linux-perf-remove-remaining-source-filenames-from-executable.patch

fixdep: Allow overriding HOSTCC and HOSTLD

Forwarded: not-needed

objtool always uses HOSTCC, HOSTLD, and HOSTAR, so we need to override
these on the command line for cross-builds of linux-kbuild. But it
also builds fixdep which still needs to be native in a cross-build.
Add support for REALHOSTCC and REALHOSTLD variables which, if set,
override HOSTCC and HOSTLD for fixdep only.

Gbp-Pq: Topic debian
Gbp-Pq: Name fixdep-allow-overriding-hostcc-and-hostld.patch

Revert "tools build: Clean CFLAGS and LDFLAGS for fixdep"

This reverts commit 5725dd8fa888b4dcdff58241f9d3d3ac42a048e2. That
was a workaround for the bug fixed by commit 6b3db6f9b970 "tools
build: Make fixdep a hostprog" and is no longer needed.

Signed-off-by: Ben Hutchings <benh@debian.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name revert-tools-build-clean-cflags-and-ldflags-for-fixdep.patch

Makefile: Make compiler version comparison optional

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/1019749

The top-level Makefile warns if the compiler version string changes at
all between the kernel build and an out-of-tree module build.

We expect that major compiler version changes could introduce ABI
changes, and override the CC variable in out-of-tree module builds to
ensure that the same major compiler version is used. But minor
version changes should not make a difference, so this exact version
comparison produces false warnings.

Since custom kernel packages don't have that, don't remove the version
comparison. Instead, skip it if $(DEBIAN_KERNEL_NO_CC_VERSION_CHECK)
is non-empty.

Gbp-Pq: Topic debian
Gbp-Pq: Name makefile-make-compiler-version-comparison-optional.patch

kbuild: Abort build if SUBDIRS used

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/987575

DKMS and module-assistant both build OOT modules as root. If they
build an old OOT module that still use SUBDIRS this causes Kbuild
to try building a full kernel, which obviously fails but not before
deleting files from the installed headers package.

To avoid such mishaps, detect this situation and abort the build.

The error message is based on that used in commit 0126be38d988
"kbuild: announce removal of SUBDIRS if used".

Gbp-Pq: Topic debian
Gbp-Pq: Name kbuild-abort-build-if-subdirs-used.patch

kbuild: Look for module.lds under arch directory too

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/975571

The module.lds linker script is now built under the scripts directory,
where previously it was under arch/$(SRCARCH).

However, we package the scripts directory as linux-kbuild, which is
meant to be able to do support native and cross-builds. That means it
shouldn't contain files for a specific target architecture without a
wrapper to select between them, and it doesn't appear that linker
scripts are powerful enough to implement such a wrapper.

Building module.lds in a different location would require relatively
large changes. Moving it in the package build rules can work, but we
need to support custom kernel builds from the same source so we can't
assume it's moved.

Therefore, we move module.lds under the arch build directory in
rules.real and change Makefile.modfinal to look for it in both places.

Gbp-Pq: Topic debian
Gbp-Pq: Name kbuild-look-for-module.lds-under-arch-directory-too.patch

[PATCH 2/2] perf/traceevent: Support asciidoctor for documentation

From cd02fc78859ef9aefd7c92406f9523622da0b472 Mon Sep 17 00:00:00 2001
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name perf-traceevent-support-asciidoctor-for-documentatio.patch

[PATCH 1/2] Documentation: Drop sphinx version check

From 252aa79fdbd4ac2da09d9b98f81bf11f5e3e1870 Mon Sep 17 00:00:00 2001
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name documentation-drop-sphinx-version-check.patch

android: Enable building ashmem and binder as modules

Bug-Debian: https://bugs.debian.org/901492

We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.

- Add a MODULE_LICENSE declaration to ashmem
- Change the Makefiles to build each driver as an object with the
"_linux" suffix (which is what Anbox expects)
- Change config symbol types to tristate

Update:
In upstream commit 721412ed3d titled "staging: remove ashmem" the ashmem
driver was removed entirely. Secondary commit message:
"The mainline replacement for ashmem is memfd, so remove the legacy
code from drivers/staging/"
Consequently, the ashmem part of this patch has been removed.

Gbp-Pq: Topic debian
Gbp-Pq: Name android-enable-building-ashmem-and-binder-as-modules.patch

Export symbols needed by binder

Bug-Debian: https://bugs.debian.org/901492

We want to enable use of the Android binder driver to support
Waydroid, but it should not be built-in as that would waste resources
and increase security attack surface on systems that don't need it.

Export the currently un-exported symbols it depends on.

Gbp-Pq: Topic debian
Gbp-Pq: Name export-symbols-needed-by-android-drivers.patch

wireless: Add Debian wireless-regdb certificates

Forwarded: not-needed

This hex dump is generated using:

{
    for cert in debian/certs/wireless-regdb-*.pem; do
        openssl x509 -in $cert -outform der;
    done
} | hexdump -v -e '1/1 "0x%.2x," "\n"' > net/wireless/certs/debian.hex

Gbp-Pq: Topic debian
Gbp-Pq: Name wireless-add-debian-wireless-regdb-certificates.patch

tools: install perf python bindings

Bug-Debian: http://bugs.debian.org/860957
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-install-python-bindings.patch

linux-tools: Install perf-read-vdso{,x}32 in directory under /usr/lib

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-perf-read-vdso-in-libexec.patch

[sh4] Fix uImage build

Bug-Debian: https://bugs.debian.org/569034
Forwarded: not-needed

[bwh: This was added without a description, but I think it is done
only to avoid a build-dependency on u-boot-tools.]

Gbp-Pq: Topic debian
Gbp-Pq: Name arch-sh4-fix-uimage-build.patch

Enable R2 to R6 emulator by default

Forwarded: not-needed

In upstream code, 'mipsr2emu' kernel option is needed
to enable R2 to R6 emulator. Since we need r6 kernel
for our r2 port, let's always enable it.

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-enable-r2-to-r6-emu-by-default.patch

Use RELAXED ieee754 mode for Loongson-3 as 3A 4000 is 2008-only

Forwarded: not-needed

There are 2 mode of value of IEEE NaN hardcoded by CPU.
Currently, our mipsel/mips64el port is in so-called lagacy mode.
Loongson 3A 4000 is set as the so-called 2008 mode.

To make Debian workable on Loongson 3A 4000, we need set the kerenl in
RELAXED mode.

https://web.archive.org/web/20180830093617/https://dmz-portal.mips.com/wiki/MIPS_ABI_-_NaN_Interlinking

[bwh: Update for addition of EMULATED mode in 6.11]

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-ieee754-relaxed.patch

Disable uImage generation for mips generic

Forwarded: not-needed

MIPS generic trys to generate uImage when build, which then ask for
u-boot-tools.

[bwh: Updated for 5.17:
- zload-y is no longer assigned here and appears to default to empty
- Adjust context]

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-boston-disable-its.patch

kbuild: Make the toolchain variables easily overwritable

Forwarded: not-needed

Allow make variables to be overridden for each flavour by a file in
the build tree, .kernelvariables.

We currently use this for ARCH, KERNELRELEASE, CC, and in some cases
also CROSS_COMPILE, KCFLAGS.

This file can only be read after we establish the build tree, and all
use of $(ARCH) needs to be moved after this.

[bwh: Updated for 5.3: include .kernelvariables from current directory
rather than using undefined $(obj).]

Gbp-Pq: Topic debian
Gbp-Pq: Name kernelvariables.patch

Make mkcompile_h accept an alternate timestamp string

Forwarded: not-needed

We want to include the Debian version in the utsname::version string
instead of a full timestamp string. However, we still need to provide
a standard timestamp string for gen_initramfs_list.sh to make the
kernel image reproducible.

Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
$KBUILD_BUILD_TIMESTAMP.

Gbp-Pq: Topic debian
Gbp-Pq: Name uname-version-timestamp.patch

Include package version along with kernel release in stack traces

Forwarded: not-needed

For distribution binary packages we assume
$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION
are set.

Gbp-Pq: Topic debian
Gbp-Pq: Name version.patch

Documentation: Fix broken link to CIPSO draft

Forwarded: not-needed

We exclude the CIPSO draft text as its licence is not DFSG compliant.
Link to the IETF's online version instead.

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name documentation-fix-broken-link-to-cipso-draft.patch

video: Remove nvidiafb and rivafb

Bug-Debian: https://bugs.debian.org/383481
Forwarded: no

These drivers contain register programming code provided by the
hardware vendor that appears to have been deliberately obfuscated.
This is arguably not the preferred form for modification.

These drivers are also largely redundant with nouveau. The RIVA 128
(NV3) is not supported by nouveau but is about 15 years old and
probably discontinued 10 years ago.

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name video-remove-nvidiafb-and-rivafb.patch

dvb-usb-af9005: mark as broken

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name drivers-media-dvb-dvb-usb-af9005-disable.patch

Remove microcode patches for mgsuvd (not enabled in Debian configs)

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name arch-powerpc-platforms-8xx-ucode-disable.patch

Tweak gitignore for Debian pkg-kernel using git

Forwarded: not-needed

[bwh: Tweak further for pure git]

Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch

linux (6.12.9-1) unstable; urgency=medium

  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.9
    - [x86] platform/x86: mlx-platform: call pci_dev_put() to balance the
      refcount
    - drm/amdgpu: fix backport of commit 73dae652dcac (Closes: #1092187)
    - [x86] platform/x86: thinkpad-acpi: Add support for hotkey 0x1401
    - [x86] platform/x86: hp-wmi: mark 8A15 board for timed OMEN thermal profile
    - selinux: ignore unknown extended permissions
    - mmc: sdhci-msm: fix crypto key eviction
    - [arm64,armhf] pmdomain: imx: gpcv2: fix an OF node reference leak in
      imx_gpcv2_probe()
    - pmdomain: core: add dummy release function to genpd device
    - tracing: Have process_string() also allow arrays
    - block: lift bio_is_zone_append to bio.h
    - btrfs: use bio_is_zone_append() in the completion handler
    - RDMA/bnxt_re: Remove always true dattr validity check
    - sched_ext: fix application of sizeof to pointer
    - RDMA/mlx5: Enforce same type port association for multiport RoCE
    - RDMA/bnxt_re: Fix max SGEs for the Work Request
    - RDMA/bnxt_re: Avoid initializing the software queue for user queues
    - RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters
    - RDMA/core: Fix ENODEV error for iWARP test over vlan
    - nvme-pci: 512 byte aligned dma pool segment quirk
    - wifi: iwlwifi: fix CRF name for Bz
    - RDMA/bnxt_re: Fix the check for 9060 condition
    - RDMA/bnxt_re: Add check for path mtu in modify_qp
    - RDMA/bnxt_re: Fix reporting hw_ver in query_device
    - RDMA/nldev: Set error code in rdma_nl_notify_event
    - RDMA/siw: Remove direct link to net_device
    - RDMA/bnxt_re: Fix max_qp_wrs reported
    - RDMA/bnxt_re: Disable use of reserved wqes
    - RDMA/bnxt_re: Add send queue size check for variable wqe
    - RDMA/bnxt_re: Fix MSN table size for variable wqe mode
    - RDMA/bnxt_re: Fix the locking while accessing the QP table
    - net: phy: micrel: Dynamically control external clock of KSZ PHY
    - [arm64] drm/bridge: adv7511_audio: Update Audio InfoFrame properly
    - netdev-genl: avoid empty messages in napi get
    - [arm64] RDMA/hns: Fix mapping error of zero-hop WQE buffer
    - [arm64] RDMA/hns: Fix accessing invalid dip_ctx during destroying QP
    - [arm64] RDMA/hns: Fix warning storm caused by invalid input in IO path
    - [arm64] RDMA/hns: Fix missing flush CQE for DWQE
    - drm/xe: Revert some changes that break a mesa debug tool
    - drm/xe/pf: Use correct function to check LMEM provisioning
    - drm/xe: Fix fault on fd close after unbind
    - net: stmmac: restructure the error path of stmmac_probe_config_dt()
    - net: fix memory leak in tcp_conn_request()
    - net: Fix netns for ip_tunnel_init_flow()
    - netrom: check buffer length before accessing it
    - net: pse-pd: tps23881: Fix power on/off issue
    - net/mlx5: DR, select MSIX vector 0 for completion queue creation
    - net/mlx5e: macsec: Maintain TX SA from encoding_sa
    - net/mlx5e: Skip restore TC rules for vport rep without loaded flag
    - net/mlx5e: Keep netdev when leave switchdev for devlink set legacy only
    - RDMA/rxe: Remove the direct link to net_device
    - [amd64] drm/i915/cx0_phy: Fix C10 pll programming sequence
    - [amd64] drm/i915/dg1: Fix power gate sequence.
    - workqueue: add printf attribute to __alloc_workqueue()
    - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
    - net: llc: reset skb->transport_header
    - nvmet: Don't overflow subsysnqn
    - ALSA: usb-audio: US16x08: Initialize array before use
    - eth: bcmsysport: fix call balance of priv->clk handling routines
    - net: mv643xx_eth: fix an OF node reference leak
    - net: wwan: t7xx: Fix FSM command timeout issue
    - RDMA/rtrs: Ensure 'ib_sge list' is accessible
    - RDMA/bnxt_re: Fix error recovery sequence
    - io_uring/net: always initialize kmsg->msg.msg_inq upfront
    - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params
    - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
    - net: restrict SO_REUSEPORT to inet sockets
    - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init()
    - af_packet: fix vlan_get_tci() vs MSG_PEEK
    - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
    - ila: serialize calls to nf_register_net_hooks()
    - net: ti: icssg-prueth: Fix firmware load sequence.
    - net: ti: icssg-prueth: Fix clearing of IEP_CMP_CFG registers during
      iep_init
    - btrfs: allow swap activation to be interruptible
    - [x86] perf/x86/intel: Add Arrow Lake U support
    - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems
    - wifi: cfg80211: clear link ID from bitmap during link delete after clean
      up
    - wifi: mac80211: wake the queues in case of failure in resume
    - drm/amdgpu: use sjt mec fw on gfx943 for sriov
    - ALSA: hda: cs35l56: Remove calls to
      cs35l56_force_sync_asp1_registers_from_cache()
    - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio
    - btrfs: handle bio_split() errors
    - btrfs: flush delalloc workers queue before stopping cleaner kthread during
      unmount
    - ALSA: hda/ca0132: Use standard HD-audio quirk matching helpers
    - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model
    - sound: usb: enable DSD output for ddHiFi TC44C
    - sound: usb: format: don't warn that raw DSD is unsupported
    - spi: spi-cadence-qspi: Disable STIG mode for Altera SoCFPGA.
    - ASoC: audio-graph-card: Call of_node_put() on correct node
    - ARC: build: disallow invalid PAE40 + 4K page config
    - ARC: build: Use __force to suppress per-CPU cmpxchg warnings
    - ARC: bpf: Correct conditional check in 'check_jmp_32'
    - bpf: fix potential error return
    - ksmbd: retry iterate_dir in smb2_query_dir
    - ksmbd: set ATTR_CTIME flags when setting mtime
    - smb: client: destroy cfid_put_wq on module exit
    - net: usb: qmi_wwan: add Telit FE910C04 compositions
    - Bluetooth: hci_core: Fix sleeping function called from invalid context
    - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base
    - bpf: refactor bpf_helper_changes_pkt_data to use helper number
    - bpf: consider that tail calls invalidate packet pointers
    - clk: thead: Fix TH1520 emmc and shdci clock rate
    - scripts/mksysmap: Fix escape chars '$'
    - modpost: fix the missed iteration for the max bit in do_input()
    - kbuild: pacman-pkg: provide versioned linux-api-headers package
    - Revert "ALSA: ump: Don't enumeration invalid groups for legacy rawmidi"
    - RDMA/mlx5: Enable multiplane mode only when it is supported
    - io_uring/kbuf: use pre-committed buffer address for non-pollable file
    - ALSA: seq: Check UMP support for midi_version change
    - ftrace: Fix function profiler's filtering functionality
    - drm/xe: Use non-interruptible wait when moving BO to system
    - drm/xe: Wait for migration job before unmapping pages
    - ALSA hda/realtek: Add quirk for Framework F111:000C
    - ALSA: seq: oss: Fix races at processing SysEx messages
    - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
    - kcov: mark in_softirq_really() as __always_inline
    - maple_tree: reload mas before the second call for mas_empty_area
    - clk: clk-imx8mp-audiomix: fix function signature
    - scripts/sorttable: fix orc_sort_cmp() to maintain symmetry and
      transitivity
    - sched_ext: Fix invalid irq restore in scx_ops_bypass()
    - RDMA/uverbs: Prevent integer overflow issue
    - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
    - workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from
      !WQ_MEM_RECLAIM worker
    - sky2: Add device ID 11ab:4373 for Marvell 88E8075
    - sched_ext: initialize kit->cursor.flags
    - net/sctp: Prevent autoclose integer overflow in sctp_association_init()
    - io_uring/rw: fix downgraded mshot read
    - drm: adv7511: Drop dsi single lane support
    - dt-bindings: display: adi,adv7533: Drop single lane support
    - drm: adv7511: Fix use-after-free in adv7533_attach_dsi()
    - wifi: iwlwifi: mvm: Fix __counted_by usage in cfg80211_wowlan_nd_*
    - fgraph: Add READ_ONCE() when accessing fgraph_array[]
    - net: ethernet: ti: am65-cpsw: default to round-robin for host port receive
    - mm/damon/core: fix ignored quota goals and filters of newly committed
      schemes
    - mm/damon/core: fix new damon_target objects leaks on
      damon_commit_targets()
    - mm: shmem: fix the update of 'shmem_falloc->nr_unswapped'
    - mm: shmem: fix incorrect index alignment for within_size policy
    - fs/proc/task_mmu: fix pagemap flags with PMD THP entries on 32bit
    - [amd64,arm64] gve: process XSK TX descriptors as part of RX NAPI
    - [amd64,arm64] gve: clean XDP queues in gve_tx_stop_ring_gqi
    - [amd64,arm64] gve: guard XSK operations on the existence of queues
    - [amd64,arm64] gve: fix XDP allocation path in edge cases
    - [amd64,arm64] gve: guard XDP xmit NDO on existence of xdp queues
    - [amd64,arm64] gve: trigger RX NAPI instead of TX NAPI in gve_xsk_wakeup
    - mm/readahead: fix large folio support in async readahead
    - mm/kmemleak: fix sleeping function called from invalid context at print
      message
    - mm: vmscan: account for free pages to prevent infinite Loop in
      throttle_direct_reclaim()
    - mm: reinstate ability to map write-sealed memfd mappings read-only
    - mm: hugetlb: independent PMD page table shared count
    - mptcp: fix TCP options overflow.
    - mptcp: fix recvbuffer adjust on sleeping rcvmsg
    - mptcp: don't always assume copied data in mptcp_cleanup_rbuf()

  [ Salvatore Bonaccorso ]
  * [mips*] Increase RELOCATION_TABLE_SIZE to 0x00201000 (fixes FTBFS)
  * [rt] Update to 6.12.8-rt8

[dgit import unpatched linux 6.12.9-1]

Import linux_6.12.9.orig.tar.xz

[dgit import orig linux_6.12.9.orig.tar.xz]

Import linux_6.12.9-1.debian.tar.xz

[dgit import tarball linux 6.12.9-1 linux_6.12.9-1.debian.tar.xz]