dgit.raspbian.org Git - linux.git/log

cpupower: Fix checks for CPU existence

Forwarded: https://lore.kernel.org/all/20170418023118.GD4152@decadent.org.uk/

Calls to cpufreq_cpu_exists(cpu) were converted to
cpupower_is_cpu_online(cpu) when libcpupower was introduced and the
former function was deleted. However, cpupower_is_cpu_online() does
not distinguish physically absent and offline CPUs, and does not set
errno.

cpufreq-set has already been fixed (commit c25badc9ceb6).

In cpufreq-bench, which prints an error message for offline CPUs,
properly distinguish and report the zero and negative cases.

Fixes: ac5a181d065d ("cpupower: Add cpuidle parts into library")
Fixes: 53d1cd6b125f ("cpupowerutils: bench - Fix cpu online check")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[carnil: Update/Refresh patch for 4.14.17: The issue with the
incorrect check has been fixed with upstream commit 53d1cd6b125f.
Keep in the patch the distinction and report for the zero and
negative cases.]

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name cpupower-fix-checks-for-cpu-existence.patch

tools/build: Remove bpf() run-time check at build time

Forwarded: no

It is not correct to test that a syscall works on the build system's
kernel. We might be building on an earlier kernel version or with
security restrictions that block bpf().

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-build-remove-bpf-run-time-check-at-build-time.patch

Revert "perf build: Fix libunwind feature detection on 32-bit x86"

Forwarded: no

This reverts commit 05b41775e2edd69a83f592e3534930c934d4038e.
It broke feature detection that was working just fine for us.

Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name revert-perf-build-fix-libunwind-feature-detection-on.patch

tools/perf: Remove shebang lines from perf scripts

Forwarded: no

perf scripts need to be invoked through perf, not directly through
perl (or other language interpreter). So including shebang lines in
them is useless and possibly misleading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-perf-remove-shebangs.patch

perf tools: Use $KBUILD_BUILD_TIMESTAMP as man page date

Forwarded: https://lore.kernel.org/all/20160517132809.GE7555@decadent.org.uk/

This allows man pages to be built reproducibly.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name tools-perf-man-date.patch

kbuild: Fix recordmcount dependency for OOT modules

Forwarded: no

We never rebuild anything in-tree when building an out-of-tree
modules, so external modules should not depend on the recordmcount
sources.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name kbuild-fix-recordmcount-dependency.patch

usbip: Document TCP wrappers

Forwarded: no

Add references to TCP wrappers configuration in the manual page.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name usbip-document-tcp-wrappers.patch

module: Disable matching missing version CRC

Forwarded: not-needed

This partly reverts commit cd3caefb4663e3811d37cc2afad3cce642d60061.
We want to fail closed if a symbol version CRC is missing, as the
alternative may allow subverting module signing.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name module-disable-matching-missing-version-crc.patch

[i386/686-pae] PCI: Set pci=nobios by default

Forwarded: not-needed

CONFIG_PCI_GOBIOS results in physical addresses 640KB-1MB being mapped
W+X, which is undesirable for security reasons and will result in a
warning at boot now that we enable CONFIG_DEBUG_WX.

This can be overridden using the kernel parameter "pci=nobios", but we
want to disable W+X by default. Disable PCI BIOS probing by default;
it can still be enabled using "pci=bios".

Gbp-Pq: Topic debian
Gbp-Pq: Name i386-686-pae-pci-set-pci-nobios-by-default.patch

[PATCH] trust machine keyring (MoK) by default

From 585cbcb982bffc4a8cee2f3d8d099fc64f9a74b9 Mon Sep 17 00:00:00 2001
Forwarded: not-needed

Debian always trusted keys in MoK by default. Upstream made it
conditional on a new EFI variable being set.
To keep backward compatibility skip this check.

Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name trust-machine-keyring-by-default.patch

[PATCH] KEYS: Make use of platform keyring for module signature verify

Bug-Debian: https://bugs.debian.org/935945
Bug-Debian: https://bugs.debian.org/1030200
Origin: https://src.fedoraproject.org/rpms/kernel/raw/master/f/KEYS-Make-use-of-platform-keyring-for-module-signature.patch
Forwarded: https://lore.kernel.org/linux-modules/qvgp2il2co4iyxkzxvcs4p2bpyilqsbfgcprtpfrsajwae2etc@3z2s2o52i3xg/t/#u

This allows a cert in DB to be used to sign modules,
in addition to certs in the MoK and built-in keyrings.

Signed-off-by: Robert Holmes <robeholmes@gmail.com>
Signed-off-by: Jeremy Cline <jcline@redhat.com>
[bwh: Forward-ported to 5.19: adjust filename]
[наб: reinstate for 6.1, re-write description]

Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name KEYS-Make-use-of-platform-keyring-for-module-signature.patch

[PATCH 3/4] MODSIGN: checking the blacklisted hash before loading a kernel module

Origin: https://lore.kernel.org/patchwork/patch/933175/

This patch adds the logic for checking the kernel module's hash
base on blacklist. The hash must be generated by sha256 and enrolled
to dbx/mokx.

For example:
sha256sum sample.ko
mokutil --mokx --import-hash $HASH_RESULT

Whether the signature on ko file is stripped or not, the hash can be
compared by kernel.

Cc: David Howells <dhowells@redhat.com>
Cc: Josh Boyer <jwboyer@fedoraproject.org>
Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: "Lee, Chun-Yi" <jlee@suse.com>
[Rebased by Luca Boccassi]
[bwh: Forward-ported to 5.19:
- The type parameter to is_hash_blacklisted() is now an enumeration
rather than a string
- Adjust filename, context]

Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name 0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch

arm64: add kernel config option to lock down when in Secure Boot mode

Bug-Debian: https://bugs.debian.org/831827
Forwarded: no

Add a kernel configuration option to lock down the kernel, to restrict
userspace's ability to modify the running kernel when UEFI Secure Boot is
enabled. Based on the x86 patch by Matthew Garrett.

Determine the state of Secure Boot in the EFI stub and pass this to the
kernel using the FDT.

Signed-off-by: Linn Crosetto <linn@hpe.com>
[bwh: Forward-ported to 4.10: adjust context]
[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream]
[bwh: Forward-ported to 4.15 and lockdown patch set:
- Pass result of efi_get_secureboot() in stub through to
   efi_set_secure_boot() in main kernel
- Use lockdown API and naming]
[bwh: Forward-ported to 4.19.3: adjust context in update_fdt()]
[dannf: Moved init_lockdown() call after uefi_init(), fixing SB detection]
[bwh: Drop call to init_lockdown(), as efi_set_secure_boot() now calls this]
[bwh: Forward-ported to 5.6: efi_get_secureboot() no longer takes a
sys_table parameter]
[bwh: Forward-ported to 5.7: EFI initialisation from FDT was rewritten, so:
- Add Secure Boot mode to the parameter enumeration in fdtparams.c
- Add a parameter to efi_get_fdt_params() to return the Secure Boot mode
- Since Xen does not have a property name defined for Secure Boot mode,
   change efi_get_fdt_prop() to handle a missing property name by clearing
   the output variable]
[Salvatore Bonaccorso: Forward-ported to 5.10: f30f242fb131 ("efi: Rename
arm-init to efi-init common for all arch") renamed arm-init.c to efi-init.c]

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name arm64-add-kernel-config-option-to-lock-down-when.patch

mtd: phram,slram: Disable when the kernel is locked down

Forwarded: https://lore.kernel.org/linux-security-module/20190830154720.eekfjt6c4jzvlbfz@decadent.org.uk/

These drivers allow mapping arbitrary memory ranges as MTD devices.
This should be disabled to preserve the kernel's integrity when it is
locked down.

* Add the HWPARAM flag to the module parameters
* When slram is built-in, it uses __setup() to read kernel parameters,
so add an explicit check security_locked_down() check

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Cc: Matthew Garrett <mjg59@google.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Joern Engel <joern@lazybastard.org>
Cc: linux-mtd@lists.infradead.org
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name mtd-disable-slram-and-phram-when-locked-down.patch

efi: Lock down the kernel if booted in secure boot mode

Based on an earlier patch by David Howells, who wrote the following
description:

> UEFI Secure Boot provides a mechanism for ensuring that the firmware will
> only load signed bootloaders and kernels. Certain use cases may also
> require that all kernel modules also be signed. Add a configuration option
> that to lock down the kernel - which includes requiring validly signed
> modules - if the kernel is secure-booted.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[Salvatore Bonaccorso: After fixing https://bugs.debian.org/956197 the
help text for LOCK_DOWN_IN_EFI_SECURE_BOOT was adjusted to mention that
lockdown is triggered in integrity mode (https://bugs.debian.org/1025417)]
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch

[28/30] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode

Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a5d70c55c603233c192b375f72116a395909da28

UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT
flag that can be passed to efi_enabled() to find out whether secure boot is
enabled.

Move the switch-statement in x86's setup_arch() that inteprets the
secure_boot boot parameter to generic code and set the bit there.

Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
cc: linux-efi@vger.kernel.org
[rperier: Forward-ported to 5.5:
- Use pr_warn()
- Adjust context]
[bwh: Forward-ported to 5.6: adjust context]
[bwh: Forward-ported to 5.7:
- Use the next available bit in efi.flags
- Adjust context]

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch

fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers

Bug-Debian: https://bugs.debian.org/819725
Forwarded: https://lore.kernel.org/all/20160517133631.GF7555@decadent.org.uk/

This helps initramfs builders and other tools to find the full
dependencies of a module.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream]

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name fs-add-module_softdep-declarations-for-hard-coded-cr.patch

phy/marvell: disable 4-port phys

Bug-Debian: https://bugs.debian.org/723177
Forwarded: https://lore.kernel.org/netdev/1386932764.20787.85.camel@dagon.hellion.org.uk/

The Marvell PHY was originally disabled because it can cause networking
failures on some systems. According to Lennert Buytenhek this is because some
of the variants added did not share the same register layout. Since the known
cases are all 4-ports disable those variants (indicated by a 4 in the
penultimate position of the model name) until they can be audited for
correctness.

[bwh: Also #if-out the init functions for these PHYs to avoid
compiler warnings]

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name disable-some-marvell-phys.patch

x86: Make x32 syscall support conditional on a kernel parameter

Bug-Debian: https://bugs.debian.org/708070
Forwarded: https://lore.kernel.org/lkml/1415245982.3398.53.camel@decadent.org.uk/T/#u

Enabling x32 in the standard amd64 kernel would increase its attack
surface while provide no benefit to the vast majority of its users.
No-one seems interested in regularly checking for vulnerabilities
specific to x32 (at least no-one with a white hat).

Still, adding another flavour just to turn on x32 seems wasteful. And
the only differences on syscall entry are a few instructions that mask
out the x32 flag and compare the syscall number.

Use a static key to control whether x32 syscalls are really enabled, a
Kconfig parameter to set its default value and a kernel parameter
"syscall.x32" to change it at boot time.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name x86-make-x32-syscall-support-conditional.patch

x86: memtest: WARN if bad RAM found

Bug-Debian: https://bugs.debian.org/613321
Forwarded: https://lore.kernel.org/all/20120402150522.GA4980@burratino/

Since this is not a particularly thorough test, if we find any bad
bits of RAM then there is a fair chance that there are other bad bits
we fail to detect.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name x86-memtest-WARN-if-bad-RAM-found.patch

arm64/acpi: Add fixup for HPE m400 quirks

Forwarded: https://lore.kernel.org/all/51d3d738-cdf5-2992-bba5-c3e1f34096c2@infradead.org/

Adds a new ACPI init routine acpi_fixup_m400_quirks that adds
a work-around for HPE ProLiant m400 APEI firmware problems.

The work-around disables APEI when CONFIG_ACPI_APEI is set and
m400 firmware is detected.  Without this fixup m400 systems
experience errors like these on startup:

  [Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 2
  [Hardware Error]: event severity: fatal
  [Hardware Error]:  Error 0, type: fatal
  [Hardware Error]:   section_type: memory error
  [Hardware Error]:   error_status: 0x0000000000001300
  [Hardware Error]:   error_type: 10, invalid address
  Kernel panic - not syncing: Fatal hardware error!

Signed-off-by: Geoff Levand <geoff@infradead.org>
[bwh: Adjust context and indentation to apply to Linux 6.10]

Gbp-Pq: Topic bugfix/arm64
Gbp-Pq: Name arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch

powerpc/boot: Fix missing crc32poly.h when building with KERNEL_XZ

Origin: https://patchwork.ozlabs.org/patch/963258/

After commit faa16bc404d7 ("lib: Use existing define with
polynomial") the lib/xz/xz_crc32.c includes a header from include/linux
directory thus any other user of this code should define proper include
path.

This fixes the build error on powerpc with CONFIG_KERNEL_XZ:

    In file included from ../arch/powerpc/boot/../../../lib/decompress_unxz.c:233:0,
                     from ../arch/powerpc/boot/decompress.c:42:
    ../arch/powerpc/boot/../../../lib/xz/xz_crc32.c:18:29: fatal error: linux/crc32poly.h: No such file or directory

Reported-by: Michal Kubecek <mkubecek@suse.cz>
Fixes: faa16bc404d7 ("lib: Use existing define with polynomial")
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Meelis Roos <mroos@linux.ee>
Tested-by: Michal Kubecek <mkubecek@suse.cz>
Gbp-Pq: Topic bugfix/powerpc
Gbp-Pq: Name powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch

ARM: mm: Export __sync_icache_dcache() for xen-privcmd

Forwarded: https://lore.kernel.org/all/20180711225013.GF14131@decadent.org.uk/

The xen-privcmd driver, which can be modular, calls set_pte_at()
which in turn may call __sync_icache_dcache().

The call to __sync_icache_dcache() may be optimised out because it is
conditional on !pte_special(), and xen-privcmd calls pte_mkspecial().
However, in a non-LPAE configuration there is no "special" bit and the
call is really unconditional.

Fixes: 3ad0876554ca ("xen/privcmd: add IOCTL_PRIVCMD_MMAP_RESOURCE")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/arm
Gbp-Pq: Name arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch

sh: Do not use hyphen in exported variable names

arch/sh/Makefile defines and exports ld-bfd to be used by
arch/sh/boot/Makefile and arch/sh/boot/compressed/Makefile. However
some shells, including dash, will not pass through environment
variables whose name includes a hyphen. Usually GNU make does not use
a shell to recurse, but if e.g. $(srctree) contains '~' it will use a
shell here.

Rename the variable to ld_bfd.

(Another instance of this problem was fixed upstream by commit
82977af93a0d "sh: rename suffix-y to suffix_y".)

References: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=sh4&ver=4.13%7Erc5-1%7Eexp1&stamp=1502943967&raw=0
Fixes: ef9b542fce00 ("sh: bzip2/lzma uImage support.")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/sh
Gbp-Pq: Name sh-boot-do-not-use-hyphen-in-exported-variable-name.patch

perf tools: Fix unwind build on i386

Forwarded: no

EINVAL may not be defined when building unwind-libunwind.c with
REMOTE_UNWIND_LIBUNWIND, resulting in a compiler error in
LIBUNWIND__ARCH_REG_ID(). Its only caller, access_reg(), only checks
for a negative return value and doesn't care what it is. So change
-EINVAL to -1.

Fixes: 52ffe0ff02fc ("Support x86(32-bit) cross platform callchain unwind.")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name perf-tools-fix-unwind-build-on-i386.patch

ARM: dts: kirkwood: Fix SATA pinmux-ing for TS419

Forwarded: https://lore.kernel.org/all/20170218003251.GC4152@decadent.org.uk/
Bug-Debian: https://bugs.debian.org/855017

The old board code for the TS419 assigns MPP pins 15 and 16 as SATA
activity signals (and none as SATA presence signals). Currently the
device tree assigns the SoC's default pinmux groups for SATA, which
conflict with the second Ethernet port.

Reported-by: gmbh@gazeta.pl
Tested-by: gmbh@gazeta.pl
References: https://bugs.debian.org/855017
Cc: stable@vger.kernel.org # 3.15+
Fixes: 934b524b3f49 ("ARM: Kirkwood: Add DT description of QNAP 419")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/arm
Gbp-Pq: Name arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch

btrfs: warn about RAID5/6 being experimental at mount time

Bug-Debian: https://bugs.debian.org/863290
Origin: https://bugs.debian.org/863290#5
Forwarded: https://lore.kernel.org/linux-btrfs/4105665.mVaztBssJx@bagend/

Too many people come complaining about losing their data -- and indeed,
there's no warning outside a wiki and the mailing list tribal knowledge.
Message severity chosen for consistency with XFS -- "alert" makes dmesg
produce nice red background which should get the point across.

Signed-off-by: Adam Borowski <kilobyte@angband.pl>
[bwh: Also add_taint() so this is flagged in bug reports]
[2023-01-10: still accurate according to btrfs-progs own manpage:
https://git.kernel.org/pub/scm/linux/kernel/git/kdave/btrfs-progs.git/commit/?id=922797e15590b836e377d6dc47b828356cafc2a9]
[2024-03-17: still accurate; manpage is now in Documentation/btrfs-man5.rst
implementation went from disk-io.c to super.c; forwarded the issue]

Gbp-Pq: Topic debian
Gbp-Pq: Name btrfs-warn-about-raid5-6-being-experimental-at-mount.patch

fanotify: Taint on use of FANOTIFY_ACCESS_PERMISSIONS

Forwarded: not-needed

Various free and proprietary AV products use this feature and users
apparently want it. But punting access checks to userland seems like
an easy way to deadlock the system, and there will be nothing we can
do about that. So warn and taint the kernel if this feature is
actually used.

Gbp-Pq: Topic debian
Gbp-Pq: Name fanotify-taint-on-use-of-fanotify_access_permissions.patch

fjes: Disable auto-loading

Bug-Debian: https://bugs.debian.org/853976
Forwarded: no

fjes matches a generic ACPI device ID, and relies on its probe
function to distinguish whether that really corresponds to a supported
device. Very few system will need the driver and it wastes memory on
all the other systems where the same device ID appears, so disable
auto-loading.

Gbp-Pq: Topic debian
Gbp-Pq: Name fjes-disable-autoload.patch

viafb: Autoload on OLPC XO 1.5 only

Bug-Debian: https://bugs.debian.org/705788
Forwarded: no

It appears that viafb won't work automatically on all the boards for
which it has a PCI device ID match. Currently, it is blacklisted by
udev along with most other framebuffer drivers, so this doesn't matter
much.

However, this driver is required for console support on the XO 1.5.
We need to allow it to be autoloaded on this model only, and then
un-blacklist it in udev.

Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name viafb-autoload-on-olpc-xo1.5-only.patch

snd-pcsp: Disable autoload

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/697709

There are two drivers claiming the platform:pcspkr device:
- pcspkr creates an input(!) device that can only beep
- snd-pcsp creates an equivalent input device plus a PCM device that can
  play barely recognisable renditions of sampled sound

snd-pcsp is blacklisted by the alsa-base package, but not everyone
installs that.  On PCs where no sound is wanted at all, both drivers
will still be loaded and one or other will complain that it couldn't
claim the relevant I/O range.

In case anyone finds snd-pcsp useful, we continue to build it.  But
remove the alias, to ensure it's not loaded where it's not wanted.

Gbp-Pq: Topic debian
Gbp-Pq: Name snd-pcsp-disable-autoload.patch

cdc_ncm,cdc_mbim: Use NCM by default

Forwarded: not-needed

Devices that support both NCM and MBIM modes should be kept in NCM
mode unless there is userland support for MBIM.

Set the default value of cdc_ncm.prefer_mbim to false and leave it to
userland (modem-manager) to override this with a modprobe.conf file
once it's ready to speak MBIM.

Gbp-Pq: Topic debian
Gbp-Pq: Name cdc_ncm-cdc_mbim-use-ncm-by-default.patch

intel-iommu: Add Kconfig option to exclude iGPU by default

Bug-Debian: https://bugs.debian.org/935270
Bug-Kali: https://bugs.kali.org/view.php?id=5644

There is still laptop firmware that touches the integrated GPU behind
the operating system's back, and doesn't say so in the RMRR table.
Enabling the IOMMU for all devices causes breakage.

Replace CONFIG_INTEL_IOMMU_DEFAULT_ON with a 3-way choice
corresponding to "on", "off", and "on,intgpu_off".

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch

intel-iommu: Add option to exclude integrated GPU only

Bug-Debian: https://bugs.debian.org/935270
Bug-Kali: https://bugs.kali.org/view.php?id=5644

There is still laptop firmware that touches the integrated GPU behind
the operating system's back, and doesn't say so in the RMRR table.
Enabling the IOMMU for all devices causes breakage, but turning it off
for all graphics devices seems like a major weakness.

Add an option, intel_iommu=intgpu_off, to exclude only integrated GPUs
from remapping. This is a narrower exclusion than igfx_off: it only
affects Intel devices on the root bus. Devices attached through an
external port (Thunderbolt or ExpressCard) won't be on the root bus.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name intel-iommu-add-option-to-exclude-integrated-gpu-only.patch

security,perf: Allow further restriction of perf_event_open

Forwarded: https://lore.kernel.org/all/20160111152355.GS28542@decadent.org.uk/

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name security-perf-allow-further-restriction-of-perf_event_open.patch

add sysctl to disallow unprivileged CLONE_NEWUSER by default

Origin: http://kernel.ubuntu.com/git?p=serge%2Fubuntu-saucy.git;a=commit;h=5c847404dcb2e3195ad0057877e1422ae90892b8

add sysctl to disallow unprivileged CLONE_NEWUSER by default

This is a short-term patch. Unprivileged use of CLONE_NEWUSER
is certainly an intended feature of user namespaces. However
for at least saucy we want to make sure that, if any security
issues are found, we have a fail-safe.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]
[bwh: Keep this sysctl, but change the default to enabled]

Gbp-Pq: Topic debian
Gbp-Pq: Name add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch

yama: Disable by default

Bug-Debian: https://bugs.debian.org/712740
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name yama-disable-by-default.patch

fs: Enable link security restrictions by default

Bug-Debian: https://bugs.debian.org/609455
Forwarded: not-needed

This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
('VFS: don't do protected {sym,hard}links by default').

Gbp-Pq: Topic debian
Gbp-Pq: Name fs-enable-link-security-restrictions-by-default.patch

hamradio: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'ham' radio protocols (ax25, netrom, rose) are not actively
maintained or widely used. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch

dccp: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'dccp' protocol is not actively maintained or widely used.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch

[PATCH 1/3] rds: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'rds' protocol is one such protocol that has been found to be
vulnerable, and which was not present in the 'lenny' kernel.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name rds-Disable-auto-loading-as-mitigation-against-local.patch

[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch

radeon, amdgpu: Firmware is required for DRM and KMS on R600 onward

Bug-Debian: https://bugs.debian.org/607194
Bug-Debian: https://bugs.debian.org/607471
Bug-Debian: https://bugs.debian.org/610851
Bug-Debian: https://bugs.debian.org/627497
Bug-Debian: https://bugs.debian.org/632212
Bug-Debian: https://bugs.debian.org/637943
Bug-Debian: https://bugs.debian.org/649448
Bug-Debian: https://bugs.debian.org/697229
Bug-Debian: https://bugs.debian.org/1053764
Forwarded: no
Last-Update: 2023-11-08

radeon requires firmware/microcode for the GPU in all chips, but for
newer chips (apparently R600 'Evergreen' onward) it also expects
firmware for the memory controller and other sub-blocks.

radeon attempts to gracefully fall back and disable some features if
the firmware is not available, but becomes unstable - the framebuffer
and/or system memory may be corrupted, or the display may stay black.

Therefore, perform a basic check for the existence of
/lib/firmware/radeon when a device is probed, and abort if it
is missing, except for the pre-R600 case.

Update 2023-11-08:
In bug 1053764 Mario Limonciello <mario.limonciello@amd.com> states
that the patch isn't needed anymore for amdgpu, so remove that part
of the patch

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch

firmware_loader: Log direct loading failures as info for d-i

Forwarded: not-needed

On an installed Debian system, firmware packages will normally be
installed automatically based on a mapping of device IDs to firmware.
Within the Debian installer this has not yet happened and we need a
way to detect missing firmware.

Although many/most drivers log firmware loading failures, they do so
using many different formats. This adds a single log message to the
firmware loader, which the installer's hw-detect package will look
for. The log level is set to "info" because some failures are
expected and we do not want to confuse users with bogus error messages
(like in bug #966218).

NOTE: The log message format must not be changed without coordinating
this with the check-missing-firmware.sh in hw-detect.

Gbp-Pq: Topic debian
Gbp-Pq: Name firmware_loader-log-direct-loading-failures-as-info-for-d-i.path

iwlwifi: Do not request unreleased firmware for IWL6000

Bug-Debian: https://bugs.debian.org/689416
Forwarded: not-needed

The iwlwifi driver currently supports firmware API versions 4-6 for
these devices.  It will request the file for the latest supported
version and then fall back to earlier versions.  However, the latest
version that has actually been released is 4, so we expect the
requests for versions 6 and then 5 to fail.

The installer appears to report any failed request, and it is probably
not easy to detect that this particular failure is harmless.  So stop
requesting the unreleased firmware.

Gbp-Pq: Topic debian
Gbp-Pq: Name iwlwifi-do-not-request-unreleased-firmware.patch

af9005: Use request_firmware() to load register init script

Forwarded: no

Read the register init script from the Windows driver. This is sick
but should avoid the potential copyright infringement in distributing
a version of the script which is directly derived from the driver.

Gbp-Pq: Topic features/all
Gbp-Pq: Name drivers-media-dvb-usb-af9005-request_firmware.patch

[PATCH] tools/rtla: Restore option to set VERSION var to VERSION file's contents

From 6640548d40a85053cf065f4c66f298bb5253557f Mon Sep 17 00:00:00 2001
Forwarded: not-needed

In upstream commit 01474dc706ca ("tools/rtla: Use tools/build makefiles
to build rtla") the ``Makefile`` was completely restructered to make
use of the ``tools/build`` infrastructure.

For some reason, the restructuring also caused the ``cat VERSION`` part
to detect the kernel version to be dropped and only runs the
``kernelversion`` (toplevel) Makefile target.
Previously that was used as fallback when ``VERSION`` didn't exist.
Re-add the ``cat VERSION`` part as that is used in the Debian build
system.

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-rtla-Restore-option-to-set-VERSION-var-to-VERS.patch

fixdep: Allow overriding HOSTCC and HOSTLD

Forwarded: not-needed

objtool always uses HOSTCC, HOSTLD, and HOSTAR, so we need to override
these on the command line for cross-builds of linux-kbuild. But it
also builds fixdep which still needs to be native in a cross-build.
Add support for REALHOSTCC and REALHOSTLD variables which, if set,
override HOSTCC and HOSTLD for fixdep only.

Gbp-Pq: Topic debian
Gbp-Pq: Name fixdep-allow-overriding-hostcc-and-hostld.patch

Makefile: Make compiler version comparison optional

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/1019749

The top-level Makefile warns if the compiler version string changes at
all between the kernel build and an out-of-tree module build.

We expect that major compiler version changes could introduce ABI
changes, and override the CC variable in out-of-tree module builds to
ensure that the same major compiler version is used. But minor
version changes should not make a difference, so this exact version
comparison produces false warnings.

Since custom kernel packages don't have that, don't remove the version
comparison. Instead, skip it if $(DEBIAN_KERNEL_NO_CC_VERSION_CHECK)
is non-empty.

Gbp-Pq: Topic debian
Gbp-Pq: Name makefile-make-compiler-version-comparison-optional.patch

module: Avoid ABI changes when debug info is disabled

Forwarded: not-needed

CI builds are done with debug info disabled, but this removes some
members from struct module. This causes builds to fail if there is an
ABI reference for the current ABI.

Define these members unconditionally, so that there is no ABI change.

Gbp-Pq: Topic debian
Gbp-Pq: Name module-avoid-abi-changes-when-debug-info-is-disabled.patch

kbuild: Abort build if SUBDIRS used

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/987575

DKMS and module-assistant both build OOT modules as root. If they
build an old OOT module that still use SUBDIRS this causes Kbuild
to try building a full kernel, which obviously fails but not before
deleting files from the installed headers package.

To avoid such mishaps, detect this situation and abort the build.

The error message is based on that used in commit 0126be38d988
"kbuild: announce removal of SUBDIRS if used".

Gbp-Pq: Topic debian
Gbp-Pq: Name kbuild-abort-build-if-subdirs-used.patch

kbuild: Look for module.lds under arch directory too

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/975571

The module.lds linker script is now built under the scripts directory,
where previously it was under arch/$(SRCARCH).

However, we package the scripts directory as linux-kbuild, which is
meant to be able to do support native and cross-builds. That means it
shouldn't contain files for a specific target architecture without a
wrapper to select between them, and it doesn't appear that linker
scripts are powerful enough to implement such a wrapper.

Building module.lds in a different location would require relatively
large changes. Moving it in the package build rules can work, but we
need to support custom kernel builds from the same source so we can't
assume it's moved.

Therefore, we move module.lds under the arch build directory in
rules.real and change Makefile.modfinal to look for it in both places.

Gbp-Pq: Topic debian
Gbp-Pq: Name kbuild-look-for-module.lds-under-arch-directory-too.patch

[PATCH 2/2] perf/traceevent: Support asciidoctor for documentation

From cd02fc78859ef9aefd7c92406f9523622da0b472 Mon Sep 17 00:00:00 2001
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name perf-traceevent-support-asciidoctor-for-documentatio.patch

[PATCH 1/2] Documentation: Drop sphinx version check

From 252aa79fdbd4ac2da09d9b98f81bf11f5e3e1870 Mon Sep 17 00:00:00 2001
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name documentation-drop-sphinx-version-check.patch

android: Enable building ashmem and binder as modules

Bug-Debian: https://bugs.debian.org/901492

We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.

- Add a MODULE_LICENSE declaration to ashmem
- Change the Makefiles to build each driver as an object with the
"_linux" suffix (which is what Anbox expects)
- Change config symbol types to tristate

Update:
In upstream commit 721412ed3d titled "staging: remove ashmem" the ashmem
driver was removed entirely. Secondary commit message:
"The mainline replacement for ashmem is memfd, so remove the legacy
code from drivers/staging/"
Consequently, the ashmem part of this patch has been removed.

Gbp-Pq: Topic debian
Gbp-Pq: Name android-enable-building-ashmem-and-binder-as-modules.patch

Export symbols needed by Android drivers

Bug-Debian: https://bugs.debian.org/901492

We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.

Export the currently un-exported symbols they depend on.

Gbp-Pq: Topic debian
Gbp-Pq: Name export-symbols-needed-by-android-drivers.patch

wireless: Add Debian wireless-regdb certificates

Forwarded: not-needed

This hex dump is generated using:

{
    for cert in debian/certs/wireless-regdb-*.pem; do
        openssl x509 -in $cert -outform der;
    done
} | hexdump -v -e '1/1 "0x%.2x," "\n"' > net/wireless/certs/debian.hex

Gbp-Pq: Topic debian
Gbp-Pq: Name wireless-add-debian-wireless-regdb-certificates.patch

tools: install perf python bindings

Bug-Debian: http://bugs.debian.org/860957
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-install-python-bindings.patch

linux-tools: Install perf-read-vdso{,x}32 in directory under /usr/lib

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-perf-read-vdso-in-libexec.patch

[sh4] Fix uImage build

Bug-Debian: https://bugs.debian.org/569034
Forwarded: not-needed

[bwh: This was added without a description, but I think it is done
only to avoid a build-dependency on u-boot-tools.]

Gbp-Pq: Topic debian
Gbp-Pq: Name arch-sh4-fix-uimage-build.patch

Enable R2 to R6 emulator by default

Forwarded: not-needed

In upstream code, 'mipsr2emu' kernel option is needed
to enable R2 to R6 emulator. Since we need r6 kernel
for our r2 port, let's always enable it.

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-enable-r2-to-r6-emu-by-default.patch

Use RELAXED ieee754 mode for Loongson-3 as 3A 4000 is 2008-only

Forwarded: not-needed

There are 2 mode of value of IEEE NaN hardcoded by CPU.
Currently, our mipsel/mips64el port is in so-called lagacy mode.
Loongson 3A 4000 is set as the so-called 2008 mode.

To make Debian workable on Loongson 3A 4000, we need set the kerenl in
RELAXED mode.

https://web.archive.org/web/20180830093617/https://dmz-portal.mips.com/wiki/MIPS_ABI_-_NaN_Interlinking

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-ieee754-relaxed.patch

Disable uImage generation for mips generic

Forwarded: not-needed

MIPS generic trys to generate uImage when build, which then ask for
u-boot-tools.

[bwh: Updated for 5.17:
- zload-y is no longer assigned here and appears to default to empty
- Adjust context]

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-boston-disable-its.patch

kbuild: Make the toolchain variables easily overwritable

Forwarded: not-needed

Allow make variables to be overridden for each flavour by a file in
the build tree, .kernelvariables.

We currently use this for ARCH, KERNELRELEASE, CC, and in some cases
also CROSS_COMPILE, KCFLAGS.

This file can only be read after we establish the build tree, and all
use of $(ARCH) needs to be moved after this.

[bwh: Updated for 5.3: include .kernelvariables from current directory
rather than using undefined $(obj).]

Gbp-Pq: Topic debian
Gbp-Pq: Name kernelvariables.patch

Make mkcompile_h accept an alternate timestamp string

Forwarded: not-needed

We want to include the Debian version in the utsname::version string
instead of a full timestamp string. However, we still need to provide
a standard timestamp string for gen_initramfs_list.sh to make the
kernel image reproducible.

Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
$KBUILD_BUILD_TIMESTAMP.

Gbp-Pq: Topic debian
Gbp-Pq: Name uname-version-timestamp.patch

Include package version along with kernel release in stack traces

Forwarded: not-needed

For distribution binary packages we assume
$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION
are set.

Gbp-Pq: Topic debian
Gbp-Pq: Name version.patch

Documentation: Fix broken link to CIPSO draft

Forwarded: not-needed

We exclude the CIPSO draft text as its licence is not DFSG compliant.
Link to the IETF's online version instead.

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name documentation-fix-broken-link-to-cipso-draft.patch

video: Remove nvidiafb and rivafb

Bug-Debian: https://bugs.debian.org/383481
Forwarded: no

These drivers contain register programming code provided by the
hardware vendor that appears to have been deliberately obfuscated.
This is arguably not the preferred form for modification.

These drivers are also largely redundant with nouveau. The RIVA 128
(NV3) is not supported by nouveau but is about 15 years old and
probably discontinued 10 years ago.

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name video-remove-nvidiafb-and-rivafb.patch

dvb-usb-af9005: mark as broken

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name drivers-media-dvb-dvb-usb-af9005-disable.patch

Remove microcode patches for mgsuvd (not enabled in Debian configs)

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name arch-powerpc-platforms-8xx-ucode-disable.patch

Tweak gitignore for Debian pkg-kernel using git

Forwarded: not-needed

[bwh: Tweak further for pure git]

Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch

linux (6.10.11-1) unstable; urgency=medium

  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.10
    - libfs: fix get_stashed_dentry()
    - sch/netem: fix use after free in netem_dequeue
    - xfs: xfs_finobt_count_blocks() walks the wrong btree
    - net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX
    - net: microchip: vcap: Fix use-after-free error in kunit test
    - net: ethernet: ti: am65-cpsw: fix XDP_DROP, XDP_TX and XDP_REDIRECT
    - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
    - [x86] KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
    - [x86] KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and
      MSR_GS_BASE
    - [x86] KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM support is
      missing
    - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius
      devices
    - ALSA: hda/realtek: add patch for internal mic in Lenovo V145
    - ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx
    - ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15
      X1504VAP
    - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx
    - [powerpc*] qspinlock: Fix deadlock in MCS queue
    - smb: client: fix double put of @cfile in smb2_set_path_size()
    - ksmbd: unset the binding mark of a reused connection
    - ksmbd: Unlock on in ksmbd_tcp_set_interfaces()
    - ata: libata: Fix memory leak for error path in ata_host_alloc()
    - [x86] tdx: Fix data leak in mmio_read()
    - [x86] perf/x86/intel: Limit the period on Haswell
    - [arm64,armhf] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init()
    - [riscv64] irqchip/sifive-plic: Probe plic driver early for Allwinner D1
      platform
    - [x86] kaslr: Expose and use the end of the physical memory address space
    - rtmutex: Drop rt_mutex::wait_lock before scheduling
    - irqchip/riscv-aplic: Fix an IS_ERR() vs NULL bug in probe()
    - nvme-pci: Add sleep quirk for Samsung 990 Evo
    - Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over
      BREDR/LE"
    - Bluetooth: MGMT: Ignore keys being loaded with invalid type
    - mmc: core: apply SD quirks earlier during probe
    - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K
    - mmc: sdhci-of-aspeed: fix module autoloading
    - mmc: cqhci: Fix checking of CQHCI_HALT state
    - fuse: update stats for pages in dropped aux writeback list
    - fuse: disable the combination of passthrough and writeback cache
    - fuse: check aborted connection before adding requests to pending list for
      resending
    - fuse: use unsigned type for getxattr/listxattr size truncation
    - fuse: fix memory leak in fuse_create_open
    - fuse: clear PG_uptodate when using a stolen page
    - [x86] ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder
    - [riscv64] misaligned: Restrict user access to kernel memory
    - [riscv64] clk: starfive: jh7110-sys: Add notifier for PLL0 clock
    - [arm64] clk: qcom: clk-alpha-pll: Fix the pll post div mask
    - [arm64] clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API
    - [arm64] pinctrl: qcom: x1e80100: Bypass PDC wakeup parent for now
    - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
    - mm: vmalloc: optimize vmap_lazy_nr arithmetic when purging each vmap_area
    - alloc_tag: fix allocation tag reporting when CONFIG_MODULES=n
    - codetag: debug: mark codetags for poisoned page as empty
    - maple_tree: remove rcu_read_lock() from mt_validate()
    - kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y
    - mm: vmalloc: ensure vmap_block is initialised before adding to queue
    - mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook
    - Revert "mm: skip CMA pages when they are not available"
    - spi: rockchip: Resolve unbalanced runtime PM / system PM handling
    - tracing/osnoise: Use a cpumask to know what threads are kthreads
    - tracing/timerlat: Only clear timer if a kthread exists
    - tracing: Avoid possible softlockup in tracing_iter_reset()
    - tracing/timerlat: Add interface_lock around clearing of kthread in
      stop_kthread()
    - userfaultfd: don't BUG_ON() if khugepaged yanks our page table
    - userfaultfd: fix checks for huge PMDs
    - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF
    - eventfs: Use list_del_rcu() for SRCU protected list variable
    - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
    - net: mctp-serial: Fix missing escapes on transmit
    - [x86] fpu: Avoid writing LBR bit to IA32_XSS unless supported
    - [x86] apic: Make x2apic_disable() work correctly
    - Revert "drm/amdgpu: align pp_power_profile_mode with kernel docs"
    - Revert "wifi: ath11k: restore country code during resume"
    - Revert "wifi: ath11k: support hibernation"
    - tcp_bpf: fix return value of tcp_bpf_sendmsg()
    - ila: call nf_unregister_net_hooks() sooner
    - sched: sch_cake: fix bulk flow accounting logic for host fairness
    - nilfs2: fix missing cleanup on rollforward recovery error
    - nilfs2: protect references to superblock parameters exposed in sysfs
    - nilfs2: fix state management in error path of log writing function
    - btrfs: qgroup: don't use extent changeset when not needed
    - btrfs: zoned: handle broken write pointer on zones
    - drm/amdgpu: always allocate cleared VRAM for GEM allocations
    - [x86] drm/i915: Do not attempt to load the GSC multiple times
    - drm/amd/display: Lock DC and exit IPS when changing backlight
    - ALSA: hda/realtek: extend quirks for Clevo V5[46]0
    - ALSA: control: Apply sanity check of input values for user elements
    - ALSA: hda: Add input value sanity checks to HDMI channel map controls
    - wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he()
    - wifi: ath12k: fix firmware crash due to invalid peer nss
    - smack: unix sockets: fix accept()ed socket label
    - drm/amd/display: Check UnboundedRequestEnabled's value
    - cgroup/cpuset: Delay setting of CS_CPU_EXCLUSIVE until valid partition
    - virt: sev-guest: Mark driver struct with __refdata to prevent section
      mismatch
    - bpf, verifier: Correct tail_call_reachable for bpf prog
    - ELF: fix kernel.randomize_va_space double read
    - [arm64] irqchip/renesas-rzg2l: Reorder function calls in
      rzg2l_irqc_irq_disable()
    - [armhf] irqchip/armada-370-xp: Do not allow mapping IRQ 0 and 1
    - media: b2c2: flexcop-usb: fix flexcop_usb_memory_req
    - af_unix: Remove put_pid()/put_cred() in copy_peercred().
    - [riscv64] iommu: sun50i: clear bypass register
    - netfilter: nf_conncount: fix wrong variable type
    - gve: Add adminq mutex lock
    - wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check
    - udf: Avoid excessive partition lengths
    - [riscv64] kprobes: Use patch_text_nosync() for insn slots
    - media: vivid: fix wrong sizeimage value for mplane
    - leds: spi-byte: Call of_node_put() on error path
    - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3
    - wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware
    - usb: uas: set host status byte on data completion error
    - usb: gadget: aspeed_udc: validate endpoint index for ast udc
    - drm/amdgpu: Fix register access violation
    - drm/amd/display: Run DC_LOG_DC after checking link->link_enc
    - drm/amd/display: Check HDCP returned status
    - drm/amd/display: Validate function returns
    - drm/amdgpu: add missing error handling in function
      amdgpu_gmc_flush_gpu_tlb_pasid
    - drm/amdgpu: Fix smatch static checker warning
    - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts
    - [x86] crypto: qat - initialize user_input.lock for rate_limiting
    - media: vivid: don't set HDMI TX controls if there are no HDMI outputs
    - vfio/spapr: Always clear TCEs before unsetting the window
    - fs: don't copy to userspace under namespace semaphore
    - fs: relax permissions for statmount()
    - [powerpc*] rtas: Prevent Spectre v1 gadget construction in sys_rtas()
    - seccomp: release task filters when the task exits
    - ice: Check all ice_vsi_rebuild() errors in function
    - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
    - Input: ili210x - use kvmalloc() to allocate buffer for firmware update
    - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse
    - pcmcia: Use resource_size function on resource object
    - drm/amd/display: Check denominator pbn_div before used
    - drm/amd/display: Check denominator crb_pipes before used
    - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6
    - drm/amdgpu: Correct register used to clear fault status
    - drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported
    - can: bcm: Remove proc entry when dev is unregistered.
    - [arm64] can: m_can: Release irq on error in m_can_open
    - [arm64] can: m_can: Reset coalescing during suspend/resume
    - [arm64] can: m_can: Remove coalesing disable in isr during suspend
    - [arm64] can: m_can: Remove m_can_rx_peripheral indirection
    - [arm64] can: m_can: Do not cancel timer from within timer
    - [arm64] can: m_can: disable_all_interrupts, not clear active_interrupts
    - [arm64] can: m_can: Reset cached active_interrupts on start
    - can: mcp251xfd: fix ring configuration when switching from CAN-CC to
      CAN-FD mode
    - cifs: Fix lack of credit renegotiation on read retry
    - netfs, cifs: Fix handling of short DIO read
    - cifs: Fix copy offload to flush destination region
    - cifs: Fix FALLOC_FL_ZERO_RANGE to preflush buffered part of target region
    - igb: Fix not clearing TimeSync interrupts for 82580
    - ice: Add netif_device_attach/detach into PF reset flow
    - [x86] platform/x86: dell-smbios: Fix error path in dell_smbios_init()
    - spi: intel: Add check devm_kasprintf() returned value
    - regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR
    - Bluetooth: qca: If memdump doesn't work, re-enable IBS
    - Bluetooth: hci_sync: Introduce hci_cmd_sync_run/hci_cmd_sync_run_once
    - Bluetooth: MGMT: Fix not generating command complete for
      MGMT_OP_DISCONNECT
    - hwmon: ltc2991: fix register bits defines
    - scripts: fix gfp-translate after ___GFP_*_BITS conversion to an enum
    - igc: Unlock on error in igc_io_resume()
    - [x86] hwmon: (hp-wmi-sensors) Check if WMI event data exists
    - perf lock contention: Fix spinlock and rwlock accounting
    - net: ethernet: ti: am65-cpsw: Fix RX statistics for XDP_TX and
      XDP_REDIRECT
    - net: phy: Fix missing of_node_put() for leds
    - ptp: ocp: convert serial ports to array
    - ptp: ocp: adjust sysfs entries to expose tty information
    - ice: move netif_queue_set_napi to rtnl-protected sections
    - ice: protect XDP configuration with a mutex
    - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset
    - ice: remove ICE_CFG_BUSY locking from AF_XDP code
    - ice: do not bring the VSI up, if it was down before the XDP setup
    - usbnet: modern method to get random MAC
    - net: dqs: Do not use extern for unused dql_group
    - bpf, net: Fix a potential race in do_sock_getsockopt()
    - bpf: add check for invalid name in btf_name_valid_section()
    - bareudp: Fix device stats updates.
    - fou: Fix null-ptr-deref in GRO.
    - r8152: fix the firmware doesn't work
    - net: bridge: br_fdb_external_learn_add(): always set EXT_LEARN
    - xen: privcmd: Fix possible access to a freed kirqfd instance
    - firmware: cs_dsp: Don't allow writes to read-only controls
    - [arm64] phy: zynqmp: Take the phy mutex in xlate
    - ASoC: topology: Properly initialize soc_enum values
    - dm init: Handle minors larger than 255
    - cxl/region: Fix a race condition in memory hotplug notifier
    - [amd64] iommu/vt-d: Handle volatile descriptor status read
    - [amd64] iommu/vt-d: Remove control over Execute-Requested requests
    - block: don't call bio_uninit from bio_endio
    - cgroup: Protect css->cgroup write under css_set_lock
    - devres: Initialize an uninitialized struct member
    - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
    - virtio_ring: fix KMSAN error for premapped mode
    - wifi: rtw88: usb: schedule rx work after everything is set up
    - scsi: ufs: core: Remove SCSI host only if added
    - scsi: pm80xx: Set phy->enable_completion only when we wait for it
    - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
    - [x86] crypto: qat - fix unintentional re-enabling of error interrupts
    - tracing/kprobes: Add symbol counting check when module loads
    - hwmon: (adc128d818) Fix underflows seen when writing limit attributes
    - hwmon: (lm95234) Fix underflows seen when writing limit attributes
    - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
    - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
    - ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for
      potentially broken alignment
    - libbpf: Add NULL checks to bpf_object__{prev_map,next_map}
    - drm/amdgpu: Set no_hw_access when VF request full GPU fails
    - ext4: fix possible tid_t sequence overflows
    - jbd2: avoid mount failed when commit block is partial submitted
    - dma-mapping: benchmark: Don't starve others when doing the test
    - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
    - [x86] perf/x86/intel: Hide Topdown metrics events if the feature is not
      enumerated
    - [arm64] PCI: qcom: Override NO_SNOOP attribute for SA8775P RC
    - staging: vchiq_core: Bubble up wait_event_interruptible() return value
    - iommufd: Require drivers to supply the cache_invalidate_user ops
    - bpf: Remove tst_run from lwt_seg6local_prog_ops.
    - watchdog: imx7ulp_wdt: keep already running watchdog enabled
    - drm/amdgpu: reject gang submit on reserved VMIDs
    - smp: Add missing destroy_work_on_stack() call in smp_call_on_cpu()
    - btrfs: slightly loosen the requirement for qgroup removal
    - btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in
      walk_down_proc()
    - btrfs: replace BUG_ON with ASSERT in walk_down_proc()
    - btrfs: clean up our handling of refs == 0 in snapshot delete
    - btrfs: handle errors from btrfs_dec_ref() properly
    - btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
    - btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
    - ethtool: fail closed if we can't get max channel used in indirection
      tables
    - cxl/region: Verify target positions using the ordered target list
    - [riscv64] set trap vector earlier
    - PCI: Add missing bridge lock to pci_bus_lock()
    - tcp: Don't drop SYN+ACK for simultaneous connect().
    - Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()
    - net: dpaa: avoid on-stack arrays of NR_CPUS elements
    - drm/amdgpu: add mutex to protect ras shared memory
    - regmap: maple: work around gcc-14.1 false-positive warning
    - [s390x] boot: Do not assume the decompressor range is reserved
    - cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT
    - vfs: Fix potential circular locking through setxattr() and removexattr()
    - i3c: master: svc: resend target address when get NACK
    - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup
    - spi: hisi-kunpeng: Add verification for the max_frequency provided by the
      firmware
    - btrfs: initialize location to fix -Wmaybe-uninitialized in
      btrfs_lookup_dentry()
    - [s390x] vmlinux.lds.S: Move ro_after_init section behind rodata section
    - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
    - [amd64] HID: amd_sfh: free driver_data after destroying hid device
    - Input: uinput - reject requests with unreasonable number of slots
    - usbnet: ipheth: race between ipheth_close and error handling
    - Squashfs: sanity check symbolic link size
    - of/irq: Prevent device address out-of-bounds read in interrupt map walk
    - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
    - [arm64] net: hns3: void array out of bound when loop tnl_num
    - kunit/overflow: Fix UB in overflow_allocation_test
    - [mips64el] cevt-r4k: Don't call get_c0_compare_int if timer irq is
      installed
    - spi: spi-fsl-lpspi: limit PRESCALE bit in TCR register
    - ata: pata_macio: Use WARN instead of BUG
    - smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
    - NFSv4: Add missing rescheduling points in
      nfs_client_return_marked_delegations
    - drm/amdgpu: Fix two reset triggered in a row
    - drm/amdgpu: Add reset_context flag for host FLR
    - drm/amdgpu: Fix amdgpu_device_reset_sriov retry logic
    - fs: only copy to userspace on success in listmount()
    - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
    - usb: dwc3: core: update LC timer as per USB Spec V3.2
    - usb: cdns2: Fix controller reset issue
    - usb: dwc3: Avoid waking up gadget during startxfer
    - usb: typec: ucsi: Fix the partner PD revision
    - misc: fastrpc: Fix double free of 'buf' in error path
    - [arm*] binder: fix UAF caused by offsets overwrite
    - dt-bindings: nvmem: Use soc-nvmem node name instead of nvmem
    - nvmem: u-boot-env: error if NVMEM device is too small
    - nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
    - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
    - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
    - VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
    - clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX
    - clocksource/drivers/imx-tpm: Fix next event not taking effect sometime
    - clocksource/drivers/timer-of: Remove percpu irq related code
    - uprobes: Use kzalloc to allocate xol area
    - perf/aux: Fix AUX buffer serialization
    - mm: zswap: rename is_zswap_enabled() to zswap_is_enabled()
    - mm/memcontrol: respect zswap.writeback setting from parent cg too
    - workqueue: wq_watchdog_touch is always called with valid CPU
    - workqueue: Improve scalability of workqueue watchdog touch
    - path: add cleanup helper
    - fs: simplify error handling
    - fs: relax permissions for listmount()
    - ACPI: processor: Return an error if acpi_processor_get_info() fails in
      processor_add()
    - ACPI: processor: Fix memory leaks in error paths of processor_add()
    - [arm64] acpi: Move get_cpu_for_acpi_id() to a header
    - [arm64] acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
    - can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate
      function
    - can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index
      erratum
    - can: mcp251xfd: clarify the meaning of timestamp
    - can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd
    - drm/amd: Add gfx12 swizzle mode defs
    - drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes
    - ata: libata-scsi: Remove redundant sense_buffer memsets
    - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf
    - hid: bpf: add BPF_JIT dependency
    - net/mlx5e: SHAMPO, Use KSMs instead of KLMs
    - net/mlx5e: SHAMPO, Fix page leak
    - [arm64] clk: qcom: gcc-x1e80100: Fix USB 0 and 1 PHY GDSC pwrsts flags
    - [arm64] clk: qcom: ipq9574: Update the alpha PLL type for GPLLs
    - [powerpc*] 64e: remove unused IBM HTW code
    - [powerpc*] 64e: split out nohash Book3E 64-bit code
    - [powerpc*] 64e: Define mmu_pte_psize static
    - [powerpc*] vdso: Don't discard rela sections
    - nvmet-tcp: fix kernel crash if commands allocation fails
    - nvme-pci: allocate tagset on reset if necessary
    - [arm64] clk: qcom: gcc-x1e80100: Don't use parking clk_ops for QUPs
    - [x86,arm64] ASoc: SOF: topology: Clear SOF link platform name upon unload
    - [riscv64] mm: Do not restrict mmap address based on hint
    - [arm64,armhf] ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode
    - [arm64] clk: qcom: gcc-sm8550: Don't use parking clk_ops for QUPs
    - [arm64] clk: qcom: gcc-sm8550: Don't park the USB RCG at registration time
    - nouveau: fix the fwsec sb verification register.
    - [x86] drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused
    - [x86] drm/i915/fence: Mark debug_fence_free() with __maybe_unused
    - [arm64,armhf] gpio: rockchip: fix OF node leak in probe()
    - [arm64] gpio: modepin: Enable module autoloading
    - smb: client: fix double put of @cfile in smb2_rename_path()
    - [riscv64] Fix toolchain vector detection
    - [riscv64] Do not restrict memory size because of linear mapping on nommu
    - [riscv64] Add tracepoints for SBI calls and returns
    - [riscv64] Improve sbi_ecall() code generation by reordering arguments
    - [riscv64] Fix RISCV_ALTERNATIVE_EARLY
    - cifs: Fix zero_point init on inode initialisation
    - cifs: Fix SMB1 readv/writev callback in the same way as SMB2/3
    - nvme: rename nvme_sc_to_pr_err to nvme_status_to_pr_err
    - nvme: fix status magic numbers
    - nvme: rename CDR/MORE/DNR to NVME_STATUS_*
    - nvmet: Identify-Active Namespace ID List command should reject invalid
      nsid
    - ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()
    - [x86] mm: Fix PTI for i386 some more
    - [x86] drm/i915/display: Add mechanism to use sink model when applying
      quirk
    - [x86] drm/i915/display: Increase Fast Wake Sync length as a quirk
    - btrfs: fix race between direct IO write and fsync when using same fd
    https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.11
    - usb: typec: ucsi: Always set number of alternate modes
    - usb: typec: ucsi: Fix cable registration
    - drm/mediatek: Set sensible cursor width/height values to fix crash
    - ksmbd: override fsids for share path check
    - ksmbd: override fsids for smb2_query_info()
    - usbnet: ipheth: remove extraneous rx URB length check
    - usbnet: ipheth: drop RX URBs with no payload
    - usbnet: ipheth: do not stop RX on failing RX callback
    - usbnet: ipheth: fix carrier detection in modes 1 and 4
    - net: ethernet: use ip_hdrlen() instead of bit shift
    - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero
    - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max
    - net: phy: vitesse: repair vsc73xx autonegotiation
    - [powerpc*] mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
    - wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
    - drm/amdgpu: Update kmd_fw_shared for VCN5
    - [arm64] net: hns3: use correct release function during uninitialization
    - btrfs: update target inode's ctime on unlink
    - Input: ads7846 - ratelimit the spi_sync error message
    - Input: synaptics - enable SMBus for HP Elitebook 840 G2
    - hid-asus: add ROG Ally X prod ID to quirk list
    - HID: multitouch: Add support for GT7868Q
    - Input: edt-ft5x06 - add support for FocalTech FT8201
    - cgroup/cpuset: Eliminate unncessary sched domains rebuilds in hotplug
    - scripts: kconfig: merge_config: config files: add a trailing newline
    - [x86] platform/x86: asus-wmi: Add quirk for ROG Ally X
    - [x86] platform/surface: aggregator_registry: Add Support for Surface Pro
      10
    - [x86] platform/surface: aggregator_registry: Add support for Surface
      Laptop Go 3
    - [x86] platform/surface: aggregator_registry: Add support for Surface
      Laptop Studio 2
    - [x86] platform/surface: aggregator_registry: Add fan and thermal sensor
      support for Surface Laptop 5
    - [x86] platform/surface: aggregator_registry: Add support for Surface
      Laptop 6
    - spi: zynqmp-gqspi: Scale timeout by data size
    - drm/msm/adreno: Fix error return if missing firmware-name
    - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
    - [s390x] mm: Pin identity mapping base to zero
    - smb/server: fix return value of smb2_open()
    - NFSv4: Fix clearing of layout segments in layoutreturn
    - NFS: Avoid unnecessary rescanning of the per-server delegation list
    - [x86] platform/x86: panasonic-laptop: Fix SINF array out of bounds
      accesses
    - [x86] platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf
      array
    - mptcp: pm: Fix uaf in __timer_delete_sync
    - [arm64] dts: rockchip: fix eMMC/SPI corruption when audio has been used on
      RK3399 Puma
    - [arm64] dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399
      Puma
    - minmax: reduce min/max macro expansion in atomisp driver
    - net: tighten bad gso csum offset check in virtio_net_hdr
    - net: libwx: fix number of Rx and Tx descriptors
    - dm-integrity: fix a race condition when accessing recalc_sector
    - clocksource: hyper-v: Use lapic timer in a TDX VM without paravisor
    - [x86] hyperv: fix kexec crash due to VP assist page corruption
    - mm: avoid leaving partial pfn mappings around in error case
    - bcachefs: Fix bch2_extents_match() false positive
    - bcachefs: Revert lockless buffered IO path
    - bcachefs: Don't delete open files in online fsck
    - [arm64] dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E
    - [arm64] firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()
    - [riscv64] dts: starfive: jh7110-common: Fix lower rate of CPUfreq by
      setting PLL0 rate to 1.5GHz
    - drm/amd/display: Disable error correction if it's not supported
    - drm/amd/display: Fix FEC_READY write on DP LT
    - eeprom: digsy_mtc: Fix 93xx46 driver probe failure
    - clk/sophgo: Using BUG() instead of unreachable() in mmux_get_parent_id()
    - cxl/core: Fix incorrect vendor debug UUID define
    - cxl: Restore XOR'd position bits during address translation
    - net: hsr: Send supervisory frames to HSR network with ProxyNodeTable data
    - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >=
      1.2
    - ice: Fix lldp packets dropping after changing the number of channels
    - ice: fix accounting for filters shared by multiple VSIs
    - ice: fix VSI lists confusion when adding VLANs
    - igb: Always call igb_xdp_ring_update_tail() under Tx lock
    - net/mlx5: Update the list of the PCI supported devices
    - net/mlx5e: Add missing link modes to ptys2ethtool_map
    - net/mlx5e: Add missing link mode to ptys2ext_ethtool_map
    - net/mlx5: Explicitly set scheduling element and TSAR type
    - net/mlx5: Add missing masks and QoS bit masks for scheduling elements
    - net/mlx5: Correct TASR typo into TSAR
    - net/mlx5: Verify support for scheduling element and TSAR type
    - net/mlx5: Fix bridge mode operations when there are no VFs
    - fou: fix initialization of grc
    - net: ftgmac100: Enable TX interrupt to avoid TX timeout
    - net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices
    - drivers: perf: Fix smp_processor_id() use in preemptible code
    - [riscv64] Disable preemption while handling PR_RISCV_CTX_SW_FENCEI_OFF
    - netfilter: nft_socket: fix sk refcount leaks
    - net: hsr: prevent NULL pointer dereference in hsr_proxy_announce()
    - net: dsa: felix: ignore pending status of TAS module when it's disabled
    - net: dpaa: Pad packets to ETH_ZLEN
    - netlink: specs: mptcp: fix port endianness
    - tracing/osnoise: Fix build when timerlat is not enabled
    - spi: nxp-fspi: fix the KASAN report out-of-bounds bug
    - soundwire: stream: Revert "soundwire: stream: fix programming slave ports
      for non-continous port maps"
    - drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl
    - dma-buf: heaps: Fix off-by-one in CMA heap fault handler
    - drm/nouveau/fb: restore init() for ramgp102
    - drm/amdgpu/atomfirmware: Silence UBSAN warning
    - drm/amd/display: Avoid race between dcn10_set_drr() and
      dc_state_destruct()
    - drm/amd/display: Avoid race between dcn35_set_drr() and
      dc_state_destruct()
    - drm/amd/amdgpu: apply command submission parser for JPEG v1
    - drm/amd/amdgpu: apply command submission parser for JPEG v2+
    - tracing/kprobes: Fix build error when find_module() is not available
    - [x86] ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item
    - [x86] ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item
    - spi: geni-qcom: Undo runtime PM changes at driver exit time
    - spi: geni-qcom: Fix incorrect free_irq() sequence
    - [x86] drm/i915/guc: prevent a possible int overflow in wq offsets
    - ASoC: codecs: avoid possible garbage value in peb2466_reg_read()
    - cifs: Fix signature miscalculation
    - pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID
    - ASoC: meson: axg-card: fix 'use-after-free'
    - usb: typec: ucsi: Only set number of plug altmodes after registration

[dgit import unpatched linux 6.10.11-1]

Import linux_6.10.11.orig.tar.xz

[dgit import orig linux_6.10.11.orig.tar.xz]

Import linux_6.10.11-1.debian.tar.xz

[dgit import tarball linux 6.10.11-1 linux_6.10.11-1.debian.tar.xz]