dgit.raspbian.org Git - linux.git/log

powerpc/boot: Fix missing crc32poly.h when building with KERNEL_XZ

Origin: https://patchwork.ozlabs.org/patch/963258/

After commit faa16bc404d7 ("lib: Use existing define with
polynomial") the lib/xz/xz_crc32.c includes a header from include/linux
directory thus any other user of this code should define proper include
path.

This fixes the build error on powerpc with CONFIG_KERNEL_XZ:

    In file included from ../arch/powerpc/boot/../../../lib/decompress_unxz.c:233:0,
                     from ../arch/powerpc/boot/decompress.c:42:
    ../arch/powerpc/boot/../../../lib/xz/xz_crc32.c:18:29: fatal error: linux/crc32poly.h: No such file or directory

Reported-by: Michal Kubecek <mkubecek@suse.cz>
Fixes: faa16bc404d7 ("lib: Use existing define with polynomial")
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Meelis Roos <mroos@linux.ee>
Tested-by: Michal Kubecek <mkubecek@suse.cz>
Gbp-Pq: Topic bugfix/powerpc
Gbp-Pq: Name powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch

ARM: mm: Export __sync_icache_dcache() for xen-privcmd

Forwarded: https://marc.info/?l=linux-arm-kernel&m=153134944429241

The xen-privcmd driver, which can be modular, calls set_pte_at()
which in turn may call __sync_icache_dcache().

The call to __sync_icache_dcache() may be optimised out because it is
conditional on !pte_special(), and xen-privcmd calls pte_mkspecial().
However, in a non-LPAE configuration there is no "special" bit and the
call is really unconditional.

Fixes: 3ad0876554ca ("xen/privcmd: add IOCTL_PRIVCMD_MMAP_RESOURCE")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/arm
Gbp-Pq: Name arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch

sh: Do not use hyphen in exported variable names

Forwarded: https://marc.info/?l=linux-sh&m=150317827322995&w=2

arch/sh/Makefile defines and exports ld-bfd to be used by
arch/sh/boot/Makefile and arch/sh/boot/compressed/Makefile.  Similarly
arch/sh/boot/Makefile defines and exports suffix-y to be used by
arch/sh/boot/compressed/Makefile.  However some shells, including
dash, will not pass through environment variables whose name includes
a hyphen.  Usually GNU make does not use a shell to recurse, but if
e.g. $(srctree) contains '~' it will use a shell here.

Rename these variables to ld_bfd and suffix_y.

References: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=sh4&ver=4.13%7Erc5-1%7Eexp1&stamp=1502943967&raw=0
Fixes: ef9b542fce00 ("sh: bzip2/lzma uImage support.")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/sh
Gbp-Pq: Name sh-boot-do-not-use-hyphen-in-exported-variable-name.patch

perf tools: Fix unwind build on i386

Forwarded: no

EINVAL may not be defined when building unwind-libunwind.c with
REMOTE_UNWIND_LIBUNWIND, resulting in a compiler error in
LIBUNWIND__ARCH_REG_ID(). Its only caller, access_reg(), only checks
for a negative return value and doesn't care what it is. So change
-EINVAL to -1.

Fixes: 52ffe0ff02fc ("Support x86(32-bit) cross platform callchain unwind.")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name perf-tools-fix-unwind-build-on-i386.patch

arm64: dts: rockchip: correct voltage selector on Firefly-RK3399

Bug-Debian: https://bugs.debian.org/900799
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip.git/patch/?id=710e8c4a54be82ee8a97324e7b4330bf191e08bf

Without this patch the Firefly-RK3399 board boot process hangs after these
lines:

   fan53555-regulator 0-0040: FAN53555 Option[8] Rev[1] Detected!
   fan53555-reg: supplied by vcc_sys
   vcc1v8_s3: supplied by vcc_1v8

Blacklisting driver fan53555 allows booting.

The device tree uses a value of fcs,suspend-voltage-selector different to
any other board.

Changing this setting to the usual value is sufficient to enable booting
and also matches the value used in the vendor kernel.

Fixes: 171582e00db1 ("arm64: dts: rockchip: add support for firefly-rk3399 board")
Cc: stable@vger.kernel.org
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Gbp-Pq: Topic bugfix/arm64
Gbp-Pq: Name dts-rockchip-correct-voltage-selector-firefly-RK3399.patch

ARM: dts: kirkwood: Fix SATA pinmux-ing for TS419

Forwarded: https://www.spinics.net/lists/arm-kernel/msg563610.html
Bug-Debian: https://bugs.debian.org/855017

The old board code for the TS419 assigns MPP pins 15 and 16 as SATA
activity signals (and none as SATA presence signals). Currently the
device tree assigns the SoC's default pinmux groups for SATA, which
conflict with the second Ethernet port.

Reported-by: gmbh@gazeta.pl
Tested-by: gmbh@gazeta.pl
References: https://bugs.debian.org/855017
Cc: stable@vger.kernel.org # 3.15+
Fixes: 934b524b3f49 ("ARM: Kirkwood: Add DT description of QNAP 419")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic bugfix/arm
Gbp-Pq: Name arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch

btrfs: warn about RAID5/6 being experimental at mount time

Bug-Debian: https://bugs.debian.org/863290
Origin: https://bugs.debian.org/863290#5

Too many people come complaining about losing their data -- and indeed,
there's no warning outside a wiki and the mailing list tribal knowledge.
Message severity chosen for consistency with XFS -- "alert" makes dmesg
produce nice red background which should get the point across.

Signed-off-by: Adam Borowski <kilobyte@angband.pl>
[bwh: Also add_taint() so this is flagged in bug reports]

Gbp-Pq: Topic debian
Gbp-Pq: Name btrfs-warn-about-raid5-6-being-experimental-at-mount.patch

fanotify: Taint on use of FANOTIFY_ACCESS_PERMISSIONS

Forwarded: not-needed

Various free and proprietary AV products use this feature and users
apparently want it. But punting access checks to userland seems like
an easy way to deadlock the system, and there will be nothing we can
do about that. So warn and taint the kernel if this feature is
actually used.

Gbp-Pq: Topic debian
Gbp-Pq: Name fanotify-taint-on-use-of-fanotify_access_permissions.patch

fjes: Disable auto-loading

Bug-Debian: https://bugs.debian.org/853976
Forwarded: no

fjes matches a generic ACPI device ID, and relies on its probe
function to distinguish whether that really corresponds to a supported
device. Very few system will need the driver and it wastes memory on
all the other systems where the same device ID appears, so disable
auto-loading.

Gbp-Pq: Topic debian
Gbp-Pq: Name fjes-disable-autoload.patch

viafb: Autoload on OLPC XO 1.5 only

Bug-Debian: https://bugs.debian.org/705788
Forwarded: no

It appears that viafb won't work automatically on all the boards for
which it has a PCI device ID match. Currently, it is blacklisted by
udev along with most other framebuffer drivers, so this doesn't matter
much.

However, this driver is required for console support on the XO 1.5.
We need to allow it to be autoloaded on this model only, and then
un-blacklist it in udev.

Gbp-Pq: Topic bugfix/x86
Gbp-Pq: Name viafb-autoload-on-olpc-xo1.5-only.patch

snd-pcsp: Disable autoload

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/697709

There are two drivers claiming the platform:pcspkr device:
- pcspkr creates an input(!) device that can only beep
- snd-pcsp creates an equivalent input device plus a PCM device that can
  play barely recognisable renditions of sampled sound

snd-pcsp is blacklisted by the alsa-base package, but not everyone
installs that.  On PCs where no sound is wanted at all, both drivers
will still be loaded and one or other will complain that it couldn't
claim the relevant I/O range.

In case anyone finds snd-pcsp useful, we continue to build it.  But
remove the alias, to ensure it's not loaded where it's not wanted.

Gbp-Pq: Topic debian
Gbp-Pq: Name snd-pcsp-disable-autoload.patch

cdc_ncm,cdc_mbim: Use NCM by default

Forwarded: not-needed

Devices that support both NCM and MBIM modes should be kept in NCM
mode unless there is userland support for MBIM.

Set the default value of cdc_ncm.prefer_mbim to false and leave it to
userland (modem-manager) to override this with a modprobe.conf file
once it's ready to speak MBIM.

Gbp-Pq: Topic debian
Gbp-Pq: Name cdc_ncm-cdc_mbim-use-ncm-by-default.patch

intel-iommu: Add Kconfig option to exclude iGPU by default

Bug-Debian: https://bugs.debian.org/935270
Bug-Kali: https://bugs.kali.org/view.php?id=5644

There is still laptop firmware that touches the integrated GPU behind
the operating system's back, and doesn't say so in the RMRR table.
Enabling the IOMMU for all devices causes breakage.

Replace CONFIG_INTEL_IOMMU_DEFAULT_ON with a 3-way choice
corresponding to "on", "off", and "on,intgpu_off".

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch

intel-iommu: Add option to exclude integrated GPU only

Bug-Debian: https://bugs.debian.org/935270
Bug-Kali: https://bugs.kali.org/view.php?id=5644

There is still laptop firmware that touches the integrated GPU behind
the operating system's back, and doesn't say so in the RMRR table.
Enabling the IOMMU for all devices causes breakage, but turning it off
for all graphics devices seems like a major weakness.

Add an option, intel_iommu=igpu_off, to exclude only integrated GPUs
from remapping. This is a narrower exclusion than igfx_off: it only
affects Intel devices on the root bus. Devices attached through an
external port (Thunderbolt or ExpressCard) won't be on the root bus.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/x86
Gbp-Pq: Name intel-iommu-add-option-to-exclude-integrated-gpu-only.patch

security,perf: Allow further restriction of perf_event_open

Forwarded: https://lkml.org/lkml/2016/1/11/587

When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic features/all
Gbp-Pq: Name security-perf-allow-further-restriction-of-perf_event_open.patch

add sysctl to disallow unprivileged CLONE_NEWUSER by default

Origin: http://kernel.ubuntu.com/git?p=serge%2Fubuntu-saucy.git;a=commit;h=5c847404dcb2e3195ad0057877e1422ae90892b8

add sysctl to disallow unprivileged CLONE_NEWUSER by default

This is a short-term patch. Unprivileged use of CLONE_NEWUSER
is certainly an intended feature of user namespaces. However
for at least saucy we want to make sure that, if any security
issues are found, we have a fail-safe.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]
[bwh: Keep this sysctl, but change the default to enabled]

Gbp-Pq: Topic debian
Gbp-Pq: Name add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch

yama: Disable by default

Bug-Debian: https://bugs.debian.org/712740
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name yama-disable-by-default.patch

sched: Do not enable autogrouping by default

Forwarded: not-needed

We want to provide the option of autogrouping but without enabling
it by default yet.

Gbp-Pq: Topic debian
Gbp-Pq: Name sched-autogroup-disabled.patch

fs: Enable link security restrictions by default

Bug-Debian: https://bugs.debian.org/609455
Forwarded: not-needed

This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
('VFS: don't do protected {sym,hard}links by default').

Gbp-Pq: Topic debian
Gbp-Pq: Name fs-enable-link-security-restrictions-by-default.patch

hamradio: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'ham' radio protocols (ax25, netrom, rose) are not actively
maintained or widely used. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch

dccp: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'dccp' protocol is not actively maintained or widely used.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch

[PATCH] decnet: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'decnet' protocol is unmaintained and of mostly historical
interest, and the user-space support package 'dnet-common' loads the
module explicitly. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name decnet-Disable-auto-loading-as-mitigation-against-lo.patch

[PATCH 1/3] rds: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'rds' protocol is one such protocol that has been found to be
vulnerable, and which was not present in the 'lenny' kernel.
Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name rds-Disable-auto-loading-as-mitigation-against-local.patch

[PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits

Forwarded: not-needed

Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Gbp-Pq: Topic debian
Gbp-Pq: Name af_802154-Disable-auto-loading-as-mitigation-against.patch

firmware_class: Refer to Debian wiki page when logging missing firmware

Bug-Debian: https://bugs.debian.org/888405
Forwarded: not-needed

If firmware loading fails due to a missing file, log a second error
message referring to our wiki page about firmware. This will explain
why some firmware is in non-free, or can't be packaged at all. Only
do this once per boot.

Do something similar in the radeon and amdgpu drivers, where we have
an early check to avoid failing at a point where we cannot display
anything.

Gbp-Pq: Topic debian
Gbp-Pq: Name firmware_class-refer-to-debian-wiki-firmware-page.patch

radeon, amdgpu: Firmware is required for DRM and KMS on R600 onward

Bug-Debian: https://bugs.debian.org/607194
Bug-Debian: https://bugs.debian.org/607471
Bug-Debian: https://bugs.debian.org/610851
Bug-Debian: https://bugs.debian.org/627497
Bug-Debian: https://bugs.debian.org/632212
Bug-Debian: https://bugs.debian.org/637943
Bug-Debian: https://bugs.debian.org/649448
Bug-Debian: https://bugs.debian.org/697229
Forwarded: no

radeon requires firmware/microcode for the GPU in all chips, but for
newer chips (apparently R600 'Evergreen' onward) it also expects
firmware for the memory controller and other sub-blocks.

radeon attempts to gracefully fall back and disable some features if
the firmware is not available, but becomes unstable - the framebuffer
and/or system memory may be corrupted, or the display may stay black.

Therefore, perform a basic check for the existence of
/lib/firmware/{radeon,amdgpu} when a device is probed, and abort if it
is missing, except for the pre-R600 case.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch

firmware: Remove redundant log messages from drivers

Forwarded: no

Now that firmware_class logs every success and failure consistently,
many other log messages can be removed from drivers.

This will probably need to be split up into multiple patches prior to
upstream submission.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name firmware-remove-redundant-log-messages-from-drivers.patch

firmware_class: Log every success and failure against given device

Forwarded: no

The hundreds of users of request_firmware() have nearly as many
different log formats for reporting failures.  They also have only the
vaguest hint as to what went wrong; only firmware_class really knows
that.  Therefore, add specific log messages for the failure modes that
aren't currently logged.

In case of a driver that tries multiple names, this may result in the
impression that it failed to initialise.  Therefore, also log successes.

This makes many error messages in drivers redundant, which will be
removed in later patches.

This does not cover the case where we fall back to a user-mode helper
(which is no longer enabled in Debian).

NOTE: hw-detect will depend on the "firmware: failed to load %s (%d)\n"
format to detect missing firmware.

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name firmware_class-log-every-success-and-failure.patch

iwlwifi: Do not request unreleased firmware for IWL6000

Bug-Debian: https://bugs.debian.org/689416
Forwarded: not-needed

The iwlwifi driver currently supports firmware API versions 4-6 for
these devices.  It will request the file for the latest supported
version and then fall back to earlier versions.  However, the latest
version that has actually been released is 4, so we expect the
requests for versions 6 and then 5 to fail.

The installer appears to report any failed request, and it is probably
not easy to detect that this particular failure is harmless.  So stop
requesting the unreleased firmware.

Gbp-Pq: Topic debian
Gbp-Pq: Name iwlwifi-do-not-request-unreleased-firmware.patch

af9005: Use request_firmware() to load register init script

Forwarded: no

Read the register init script from the Windows driver. This is sick
but should avoid the potential copyright infringement in distributing
a version of the script which is directly derived from the driver.

Gbp-Pq: Topic features/all
Gbp-Pq: Name drivers-media-dvb-usb-af9005-request_firmware.patch

kbuild: Look for module.lds under arch directory too

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/975571

The module.lds linker script is now built under the scripts directory,
where previously it was under arch/$(SRCARCH).

However, we package the scripts directory as linux-kbuild, which is
meant to be able to do support native and cross-builds. That means it
shouldn't contain files for a specific target architecture without a
wrapper to select between them, and it doesn't appear that linker
scripts are powerful enough to implement such a wrapper.

Building module.lds in a different location would require relatively
large changes. Moving it in the package build rules can work, but we
need to support custom kernel builds from the same source so we can't
assume it's moved.

Therefore, we move module.lds under the arch build directory in
rules.real and change Makefile.modfinal to look for it in both places.

Gbp-Pq: Topic debian
Gbp-Pq: Name kbuild-look-for-module.lds-under-arch-directory-too.patch

[PATCH 2/2] perf/traceevent: Support asciidoctor for documentation

From cd02fc78859ef9aefd7c92406f9523622da0b472 Mon Sep 17 00:00:00 2001
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name perf-traceevent-support-asciidoctor-for-documentatio.patch

[PATCH 1/2] Documentation: Drop sphinx version check

From 252aa79fdbd4ac2da09d9b98f81bf11f5e3e1870 Mon Sep 17 00:00:00 2001
Forwarded: not-needed

Gbp-Pq: Topic debian
Gbp-Pq: Name documentation-drop-sphinx-version-check.patch

android: Enable building ashmem and binder as modules

Bug-Debian: https://bugs.debian.org/901492

We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.

- Add a MODULE_LICENSE declaration to ashmem
- Change the Makefiles to build each driver as an object with the
"_linux" suffix (which is what Anbox expects)
- Change config symbol types to tristate

Gbp-Pq: Topic debian
Gbp-Pq: Name android-enable-building-ashmem-and-binder-as-modules.patch

Export symbols needed by Android drivers

Bug-Debian: https://bugs.debian.org/901492

We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.

Export the currently un-exported symbols they depend on.

Gbp-Pq: Topic debian
Gbp-Pq: Name export-symbols-needed-by-android-drivers.patch

wireless: Add Debian wireless-regdb certificates

Forwarded: not-needed

This hex dump is generated using:

{
    for cert in debian/certs/wireless-regdb-*.pem; do
        openssl x509 -in $cert -outform der;
    done
} | hexdump -v -e '1/1 "0x%.2x," "\n"' > net/wireless/certs/debian.hex

Gbp-Pq: Topic debian
Gbp-Pq: Name wireless-add-debian-wireless-regdb-certificates.patch

Install perf scripts non-executable

Forwarded: no

[bwh: Forward-ported to 4.13]

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-install.patch

Create manpages and binaries including the version

Forwarded: no

[bwh: Fix version insertion in perf man page cross-references and perf
man page title. Install bash_completion script for perf with a
version-dependent name. And do the same for trace.]

Gbp-Pq: Topic debian
Gbp-Pq: Name tools-perf-version.patch

[sh4] Fix uImage build

Bug-Debian: https://bugs.debian.org/569034
Forwarded: not-needed

[bwh: This was added without a description, but I think it is done
only to avoid a build-dependency on u-boot-tools.]

Gbp-Pq: Topic debian
Gbp-Pq: Name arch-sh4-fix-uimage-build.patch

Use RELAXED ieee754 mode for Loongson-3 as 3A 4000 is 2008-only

Forwarded: not-needed

There are 2 mode of value of IEEE NaN hardcoded by CPU.
Currently, our mipsel/mips64el port is in so-called lagacy mode.
Loongson 3A 4000 is set as the so-called 2008 mode.

To make Debian workable on Loongson 3A 4000, we need set the kerenl in
RELAXED mode.

https://web.archive.org/web/20180830093617/https://dmz-portal.mips.com/wiki/MIPS_ABI_-_NaN_Interlinking

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-ieee754-relaxed.patch

Disable uImage generation for mips generic

Forwarded: not-needed

MIPS generic trys to generate uImage when build, which then ask for
u-boot-tools.

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-boston-disable-its.patch

[PATCH] Partially revert "MIPS: Add -Werror to arch/mips/Kbuild"

Forwarded: not-needed

This reverts commits 66f9ba101f54bda63ab1db97f9e9e94763d0651b and
5373633cc9253ba82547473e899cab141c54133e.

We really don't want to add -Werror anywhere.

Gbp-Pq: Topic debian
Gbp-Pq: Name mips-disable-werror.patch

Hardcode arch script output

Bug-Debian: https://bugs.debian.org/392592
Forwarded: not-needed

Here's a patch that simply uses hardcoded definitions instead of
doing the dynamic tests that require architecture-specific scripts.

I don't particularly like this approach because it restricts
portability and diverts from upstream. But, it is simpler, and this
really needs to be fixed somehow before etch (along with a rebuild of
linux-modules-extra-2.6), so I'm willing to live with it if my other
patch is deemed unacceptable.

My primary concern is that, in the future, the output of these scripts
will change and we (or our successors) will either not notice or
forget to update the hardcoded values.

Including the scripts in linux-kbuild will avoid this manual step
altogether, and allow for the possibility of other archs to provide
their own scripts in the future.

Gbp-Pq: Topic debian
Gbp-Pq: Name ia64-hardcode-arch-script-output.patch

kbuild: Make the toolchain variables easily overwritable

Forwarded: not-needed

Allow make variables to be overridden for each flavour by a file in
the build tree, .kernelvariables.

We currently use this for ARCH, KERNELRELEASE, CC, and in some cases
also CROSS_COMPILE, KCFLAGS.

This file can only be read after we establish the build tree, and all
use of $(ARCH) needs to be moved after this.

[bwh: Updated for 5.3: include .kernelvariables from current directory
rather than using undefined $(obj).]

Gbp-Pq: Topic debian
Gbp-Pq: Name kernelvariables.patch

Make mkcompile_h accept an alternate timestamp string

Forwarded: not-needed

We want to include the Debian version in the utsname::version string
instead of a full timestamp string. However, we still need to provide
a standard timestamp string for gen_initramfs_list.sh to make the
kernel image reproducible.

Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
$KBUILD_BUILD_TIMESTAMP.

Gbp-Pq: Topic debian
Gbp-Pq: Name uname-version-timestamp.patch

Include package version along with kernel release in stack traces

Forwarded: not-needed

For distribution binary packages we assume
$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION
are set.

Gbp-Pq: Topic debian
Gbp-Pq: Name version.patch

Documentation: Fix broken link to CIPSO draft

Forwarded: not-needed

We exclude the CIPSO draft text as its licence is not DFSG compliant.
Link to the IETF's online version instead.

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name documentation-fix-broken-link-to-cipso-draft.patch

video: Remove nvidiafb and rivafb

Bug-Debian: https://bugs.debian.org/383481
Forwarded: no

These drivers contain register programming code provided by the
hardware vendor that appears to have been deliberately obfuscated.
This is arguably not the preferred form for modification.

These drivers are also largely redundant with nouveau. The RIVA 128
(NV3) is not supported by nouveau but is about 15 years old and
probably discontinued 10 years ago.

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name video-remove-nvidiafb-and-rivafb.patch

Add removal patches for: 3c359, smctr, keyspan, cops

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name drivers-net-appletalk-cops.patch

vs6624: mark as broken

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name vs6624-disable.patch

dvb-usb-af9005: mark as broken

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name drivers-media-dvb-dvb-usb-af9005-disable.patch

Remove microcode patches for mgsuvd (not enabled in Debian configs)

Forwarded: not-needed

Gbp-Pq: Topic debian/dfsg
Gbp-Pq: Name arch-powerpc-platforms-8xx-ucode-disable.patch

Tweak gitignore for Debian pkg-kernel using git svn.

Forwarded: not-needed

[bwh: Tweak further for pure git]

Gbp-Pq: Topic debian
Gbp-Pq: Name gitignore.patch

linux (5.10.28-1) unstable; urgency=medium

  * New upstream stable update:
    https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.27
    - mm/memcg: rename mem_cgroup_split_huge_fixup to split_page_memcg and add
      nr_pages argument
    - mm/memcg: set memcg when splitting page
    - mt76: fix tx skb error handling in mt76_dma_tx_queue_skb
    - net: stmmac: fix dma physical address of descriptor when display ring
    - [arm64,armhf] net: fec: ptp: avoid register access when ipg clock is
      disabled
    - [powerpc*] 4xx: Fix build errors from mfdcr()
    - atm: eni: dont release is never initialized
    - atm: lanai: dont run lanai_dev_close if not open
    - Revert "r8152: adjust the settings about MAC clock speed down for RTL8153"
    - [x86] ALSA: hda: ignore invalid NHLT table
    - ixgbe: Fix memleak in ixgbe_configure_clsu32
    - blk-cgroup: Fix the recursive blkg rwstat
    - net: tehuti: fix error return code in bdx_probe()
    - net: intel: iavf: fix error return code of iavf_init_get_resources()
    - sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count
    - gianfar: fix jumbo packets+napi+rx overrun crash (CVE-2021-29264)
    - cifs: ask for more credit on async read/write code paths
    - gfs2: fix use-after-free in trans_drain
    - [arm64,armhf] cpufreq: blacklist Arm Vexpress platforms in
      cpufreq-dt-platdev
    - gpiolib: acpi: Add missing IRQF_ONESHOT
    - nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default
    - NFS: Correct size calculation for create reply length
    - [arm64] net: hisilicon: hns: fix error return code of
      hns_nic_clear_all_rx_fetch()
    - [arm64] net: enetc: set MAC RX FIFO to recommended value
    - atm: uPD98402: fix incorrect allocation
    - atm: idt77252: fix null-ptr-dereference
    - cifs: change noisy error message to FYI
    - kbuild: add image_name to no-sync-config-targets
    - umem: fix error return code in mm_pci_probe()
    - [sparc64] Fix opcode filtering in handling of no fault loads
    - u64_stats,lockdep: Fix u64_stats_init() vs lockdep
    - block: Fix REQ_OP_ZONE_RESET_ALL handling
    - drm/amdgpu: fb BO should be ttm_bo_type_device
    - drm/radeon: fix AGP dependency
    - nvme: simplify error logic in nvme_validate_ns()
    - nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request()
    - nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange()
    - nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted
    - nvme-core: check ctrl css before setting up zns
    - nvme-rdma: Fix a use after free in nvmet_rdma_write_data_done
    - nvme-pci: add the DISABLE_WRITE_ZEROES quirk for a Samsung PM1725a
    - nfs: we don't support removing system.nfs4_acl
    - block: Suppress uevent for hidden device when removed
    - mm/fork: clear PASID for new mm
    - [ia64] fix ia64_syscall_get_set_arguments() for break-based syscalls
    - [ia64] fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign
    - static_call: Pull some static_call declarations to the type headers
    - [x86] static_call: Allow module use without exposing static_call_key
    - [x86] static_call: Fix the module key fixup
    - [x86] static_call: Fix static_call_set_init()
    - [x86] KVM: Protect userspace MSR filter with SRCU, and set atomically-ish
    - btrfs: fix sleep while in non-sleep context during qgroup removal
    - selinux: don't log MAC_POLICY_LOAD record on failed policy load
    - selinux: fix variable scope issue in live sidtab conversion
    - [arm64] netsec: restore phy power state after controller reset
    - [x86] platform/x86: intel-vbtn: Stop reporting SW_DOCK events
    - psample: Fix user API breakage
    - z3fold: prevent reclaim/free race for headless pages
    - squashfs: fix inode lookup sanity checks
    - squashfs: fix xattr id and id lookup sanity checks
    - hugetlb_cgroup: fix imbalanced css_get and css_put pair for shared
      mappings
    - [x86] ACPI: video: Add missing callback back for Sony VPCEH3U1E
    - ACPICA: Always create namespace nodes using acpi_ns_create_node()
    - [arm64] stacktrace: don't trace arch_stack_walk()
    - integrity: double check iint_cache was initialized
    - [armhf] drm/etnaviv: Use FOLL_FORCE for userptr
    - drm/amdgpu: Add additional Sienna Cichlid PCI ID
    - [x86] drm/i915: Fix the GT fence revocation runtime PM logic
    - dm verity: fix DM_VERITY_OPTS_MAX value
    - dm ioctl: fix out of bounds array access when no devices
    - [armhf] bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD
    - [armhf] OMAP2+: Fix smartreflex init regression after dropping legacy data
    - [armhf] soc: ti: omap-prm: Fix occasional abort on reset deassert for dra7
      iva
    - veth: Store queue_mapping independently of XDP prog presence
    - bpf: Change inode_storage's lookup_elem return value from NULL to -EBADF
    - net/mlx5e: RX, Mind the MPWQE gaps when calculating offsets
    - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs
    - net/mlx5e: Don't match on Geneve options in case option masks are all zero
    - ipv6: fix suspecious RCU usage warning
    - drop_monitor: Perform cleanup upon probe registration failure
    - macvlan: macvlan_count_rx() needs to be aware of preemption
    - net: sched: validate stab values
    - [armhf] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
    - igc: reinit_locked() should be called with rtnl_lock
    - igc: Fix Pause Frame Advertising
    - igc: Fix Supported Pause Frame Link Setting
    - igc: Fix igc_ptp_rx_pktstamp()
    - e1000e: add rtnl_lock() to e1000_reset_task
    - e1000e: Fix error handling in e1000_set_d0_lplu_state_82571
    - net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
    - net: phy: broadcom: Add power down exit reset state delay
    - [armhf] ftgmac100: Restart MAC HW once
    - net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() (CVE-2021-29647)
    - flow_dissector: fix byteorder of dissected ICMP ID
    - netfilter: ctnetlink: fix dump of the expect mask attribute
    - net: phylink: Fix phylink_err() function name error in
      phylink_major_config
    - tipc: better validate user input in tipc_nl_retrieve_key()
      (CVE-2021-29646)
    - tcp: relookup sock for RST+ACK packets handled by obsolete req sock
    - can: isotp: isotp_setsockopt(): only allow to set low level TX flags for
      CAN-FD
    - can: isotp: TX-path: ensure that CAN frame flags are initialized
    - can: peak_usb: add forgotten supported devices
    - [arm64,armhf] can: flexcan: flexcan_chip_freeze(): fix chip freeze for
      missing bitrate
    - can: c_can_pci: c_can_pci_remove(): fix use-after-free
    - [armhf] can: c_can: move runtime PM enable/disable to c_can_platform
    - mac80211: fix rate mask reset
    - mac80211: Allow HE operation to be longer than expected.
    - nfp: flower: fix unsupported pre_tunnel flows
    - nfp: flower: add ipv6 bit to pre_tunnel control message
    - nfp: flower: fix pre_tun mask id allocation
    - ftrace: Fix modify_ftrace_direct.
    - [arm64] drm/msm/dsi: fix check-before-set in the 7nm dsi_pll code
    - net/sched: cls_flower: fix only mask bit check in the validate_ct_state
    - netfilter: nftables: report EOPNOTSUPP on unsupported flowtable flags
    - netfilter: nftables: allow to update flowtable flags
    - netfilter: flowtable: Make sure GC works periodically in idle system
    - [armhf] dts: imx6ull: fix ubi filesystem mount failed
    - ipv6: weaken the v4mapped source check
    - net: check all name nodes in __dev_alloc_name
    - net: cdc-phonet: fix data-interface release on probe failure
    - igb: check timestamp validity
    - r8152: limit the RX buffer size of RTL8153A for USB 2.0
    - [arm64,armhf] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
    - selinux: vsock: Set SID for socket returned by accept()
    - bpf: Fix umd memory leak in copy_process() (CVE-2021-29649)
    - can: isotp: tx-path: zero initialize outgoing CAN frames
    - [arm64] drm/msm: fix shutdown hook in case GPU components failed to bind
    - [arm64] drm/msm: Fix suspend/resume on i.MX5
    - [arm64] kdump: update ppos when reading elfcorehdr
    - PM: runtime: Defer suspending suppliers
    - net/mlx5: Add back multicast stats for uplink representor
    - net/mlx5e: Allow to match on MPLS parameters only for MPLS over UDP
    - net/mlx5e: Offload tuple rewrite for non-CT flows
    - net/mlx5e: Fix error path for ethtool set-priv-flag
    - PM: EM: postpone creating the debugfs dir till fs_initcall
    - net: bridge: don't notify switchdev for local FDB addresses
    - [amd64] xen/x86: make XEN_BALLOON_MEMORY_HOTPLUG_LIMIT depend on
      MEMORY_HOTPLUG
    - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening
      server
    - bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs
    - net: Consolidate common blackhole dst ops
    - net, bpf: Fix ip6ip6 crash with collect_md populated skbs
    - igb: avoid premature Rx buffer reuse
    - net: phy: introduce phydev->port
    - net: phy: broadcom: Avoid forward for bcm54xx_config_clock_delay()
    - net: phy: broadcom: Set proper 1000BaseX/SGMII interface mode for
      BCM54616S
    - net: phy: broadcom: Fix RGMII delays for BCM50160 and BCM50610M
    - Revert "netfilter: x_tables: Switch synchronization to RCU"
    - netfilter: x_tables: Use correct memory barriers. (CVE-2021-29650)
    - dm table: Fix zoned model check and zone sectors check
    - mm/mmu_notifiers: ensure range_end() is paired with range_start()
    - Revert "netfilter: x_tables: Update remaining dereference to RCU"
    - ACPI: scan: Rearrange memory allocation in acpi_device_add()
    - ACPI: scan: Use unique number for instance_no
    - io_uring: fix provide_buffers sign extension
    - block: recalculate segment count for multi-segment discards correctly
    - scsi: Revert "qla2xxx: Make sure that aborted commands are freed"
    - scsi: qedi: Fix error return code of qedi_alloc_global_queues()
    - scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
    - smb3: fix cached file size problems in duplicate extents (reflink)
    - cifs: Adjust key sizes and key generation routines for AES256 encryption
    - locking/mutex: Fix non debug version of mutex_lock_io_nested()
    - mm/memcg: fix 5.10 backport of splitting page memcg
    - fs/cachefiles: Remove wait_bit_key layout dependency
    - can: dev: Move device back to init netns on owning netns delete
    - r8169: fix DMA being used after buffer free if WoL is enabled
    - [armhf] net: dsa: b53: VLAN filtering is global to all users
    - mac80211: fix double free in ibss_leave
    - ext4: add reclaim checks to xattr code
    - fs/ext4: fix integer overflow in s_log_groups_per_flex
    - [amd64] Revert "xen: fix p2m size in dom0 for disabled memory hotplug
      case"
    - Revert "net: bonding: fix error return code of bond_neigh_init()"
    - nvme: fix the nsid value to print in nvme_validate_or_alloc_ns
    - can: peak_usb: Revert "can: peak_usb: add forgotten supported devices"
    - xen-blkback: don't leak persistent grants from xen_blkbk_map()
      (CVE-2021-28688)
    https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.28
    - [arm64] mm: correct the inside linear map range during hotplug check
    - bpf: Fix fexit trampoline.
    - virtiofs: Fail dax mount if device does not support it
    - ext4: shrink race window in ext4_should_retry_alloc()
    - ext4: fix bh ref count on error paths
    - rpc: fix NULL dereference on kmalloc failure
    - iomap: Fix negative assignment to unsigned sis->pages in
      iomap_swapfile_activate
    - [x86] ASoC: rt1015: fix i2c communication error
    - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10
    - [x86] ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor
      of 10
    - [armhf] ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value
      on probe
    - [x86] ASoC: es8316: Simplify adc_pga_gain_tlv table
    - ASoC: soc-core: Prevent warning if no DMI table is present
    - NFSD: fix error handling in NFSv4.0 callbacks
    - kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for freezing
    - vhost: Fix vhost_vq_reset()
    - io_uring: fix ->flags races by linked timeouts
    - scsi: st: Fix a use after free in st_open()
    - scsi: qla2xxx: Fix broken #endif placement
    - [x86] staging: comedi: cb_pcidas: fix request_irq() warn
    - [x86] staging: comedi: cb_pcidas64: fix request_irq() warn
    - ASoC: rt711: add snd_soc_component remove callback
    - thermal/core: Add NULL pointer check before using cooling device stats
    - locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling
    - locking/ww_mutex: Fix acquire/release imbalance in
      ww_acquire_init()/ww_acquire_fini()
    - nvmet-tcp: fix kmap leak when data digest in use
    - io_uring: imply MSG_NOSIGNAL for send[msg]()/recv[msg]() calls
    - [x86] static_call: Align static_call_is_init() patching condition
    - ext4: do not iput inode under running transaction in ext4_rename()
    - io_uring: call req_set_fail_links() on short send[msg]()/recv[msg]() with
      MSG_WAITALL
    - [arm64,armhf] net: mvpp2: fix interrupt mask/unmask skip condition
    - flow_dissector: fix TTL and TOS dissection on IPv4 fragments
    - net: introduce CAN specific pointer in the struct net_device
    - brcmfmac: clear EAP/association status bits on linkdown events
    - ath11k: add ieee80211_unregister_hw to avoid kernel crash caused by NULL
      pointer
    - rtw88: coex: 8821c: correct antenna switch function
    - iwlwifi: pcie: don't disable interrupts for reg_lock
    - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr()
    - [amd64,arm64] net: ethernet: aquantia: Handle error cleanup of start on
      open
    - appletalk: Fix skb allocation size in loopback case
    - net: wan/lmc: unregister device when no matching device is found
    - net: 9p: advance iov on empty read
    - bpf: Remove MTU check in __bpf_skb_max_len
    - ACPI: tables: x86: Reserve memory occupied by ACPI tables
    - ACPI: processor: Fix CPU0 wakeup in acpi_idle_play_dead()
    - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect
    - ALSA: hda: Re-add dropped snd_poewr_change_state() calls
    - ALSA: hda: Add missing sanity checks in PM prepare/complete callbacks
    - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO
    - ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook
    - ALSA: hda/realtek: fix mute/micmute LEDs for HP 640 G8
    - [x86] KVM: SVM: load control fields from VMCB12 before checking them
      (CVE-2021-29657)
    - [x86] KVM: SVM: ensure that EFER.SVME is set when running nested guest or
      on nested vmexit
    - PM: runtime: Fix race getting/putting suppliers at probe
    - PM: runtime: Fix ordering in pm_runtime_get_suppliers()
    - tracing: Fix stack trace event size
    - [s390x] vdso: copy tod_steering_delta value to vdso_data page
    - [s390x] vdso: fix tod_steering_delta type
    - mm: fix race by making init_zero_pfn() early_initcall
    - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()
    - drm/amdgpu: check alignment on CPU page for bo map
    - reiserfs: update reiserfs_xattrs_initialized() condition
    - [armhf] drm/imx: fix memory leak when fails to init
    - [arm64,armhf] drm/tegra: dc: Restore coupling of display controllers
    - [arm64,armhf] drm/tegra: sor: Grab runtime PM reference across reset
    - [arm64,armhf] pinctrl: rockchip: fix restore error in resume
    - extcon: Add stubs for extcon_register_notifier_all() functions
    - extcon: Fix error handling in extcon_dev_register
    - firmware: stratix10-svc: reset COMMAND_RECONFIG_FLAG_PARTIAL to 0
    - [arm64] usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield
    - [x86] video: hyperv_fb: Fix a double free in hvfb_probe
    - firewire: nosy: Fix a use-after-free bug in nosy_ioctl() (CVE-2021-3483)
    - usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()
    - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
    - [arm64,armhf] usb: musb: Fix suspend with devices connected for a64
    - cdc-acm: fix BREAK rx code path adding necessary calls
    - USB: cdc-acm: untangle a circular dependency between callback and softint
    - USB: cdc-acm: downgrade message to debug
    - USB: cdc-acm: fix double free on probe failure
    - USB: cdc-acm: fix use-after-free after probe failure
    - [i386] usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference
    - [arm*] usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board.
    - [arm*] usb: dwc2: Prevent core suspend when port connection flag is 0
    - [arm64] usb: dwc3: qcom: skip interconnect init for ACPI probe
    - [arm64,armhf] usb: dwc3: gadget: Clear DEP flags after stop transfers in
      ep disable
    - soc: qcom-geni-se: Cleanup the code to remove proxy votes
    - [x86] staging: rtl8192e: Fix incorrect source in memcpy()
    - [x86] staging: rtl8192e: Change state information from u16 to u8
    - driver core: clear deferred probe reason on probe retry
    - drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
    - [riscv64] evaluate put_user() arg before enabling user access
    - Revert "kernel: freezer should treat PF_IO_WORKER like PF_KTHREAD for
      freezing"
    - [amd64] bpf: Use NOP_ATOMIC5 instead of emit_nops(&prog, 5) for
      BPF_TRAMP_F_CALL_ORIG

  [ Salvatore Bonaccorso ]
  * [rt] Refresh "u64_stats: Disable preemption on 32bit-UP/SMP with RT
    during updates"
  * Bump ABI to 6
  * [rt] Refresh "tracing: Merge irqflags + preempt counter."
  * bpf, x86: Validate computation of branch displacements for x86-64
    (CVE-2021-29154)
  * bpf, x86: Validate computation of branch displacements for x86-32
    (CVE-2021-29154)

[dgit import unpatched linux 5.10.28-1]

Import linux_5.10.28.orig.tar.xz

[dgit import orig linux_5.10.28.orig.tar.xz]

Import linux_5.10.28-1.debian.tar.xz

[dgit import tarball linux 5.10.28-1 linux_5.10.28-1.debian.tar.xz]