Debian Patches

Status for linux/6.1.94-1~bpo11+1

Patch Description Author Forwarded Bugs Origin Last update
debian/gitignore.patch Tweak gitignore for Debian pkg-kernel using git svn.
[bwh: Tweak further for pure git]

===================================================================
Ian Campbell <ijc@hellion.org.uk> not-needed 2013-01-17
debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch Remove microcode patches for mgsuvd (not enabled in Debian configs)
diff --git a/arch/powerpc/platforms/8xx/Kconfig b/arch/powerpc/platforms/8xx/Kconfig
index 48a920a..81570b6 100644
Ben Hutchings <ben@decadent.org.uk> not-needed 2009-04-13
debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch dvb-usb-af9005: mark as broken Ben Hutchings <ben@decadent.org.uk> not-needed 2009-08-17
debian/dfsg/vs6624-disable.patch vs6624: mark as broken Ben Hutchings <ben@decadent.org.uk> not-needed 2012-05-27
debian/dfsg/drivers-net-appletalk-cops.patch Add removal patches for: 3c359, smctr, keyspan, cops Frederik Schüler <fs@debian.org> not-needed 2007-01-05
debian/dfsg/video-remove-nvidiafb-and-rivafb.patch video: Remove nvidiafb and rivafb
These drivers contain register programming code provided by the
hardware vendor that appears to have been deliberately obfuscated.
This is arguably not the preferred form for modification.

These drivers are also largely redundant with nouveau. The RIVA 128
(NV3) is not supported by nouveau but is about 15 years old and
probably discontinued 10 years ago.
Ben Hutchings <ben@decadent.org.uk> no debian 2012-06-02
debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch Documentation: Fix broken link to CIPSO draft
We exclude the CIPSO draft text as its licence is not DFSG compliant.
Link to the IETF's online version instead.
Ben Hutchings <ben@decadent.org.uk> not-needed 2019-08-24
debian/version.patch Include package version along with kernel release in stack traces
For distribution binary packages we assume
$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION
are set.
Ben Hutchings <ben@decadent.org.uk> not-needed 2012-07-24
debian/uname-version-timestamp.patch Make mkcompile_h accept an alternate timestamp string
We want to include the Debian version in the utsname::version string
instead of a full timestamp string. However, we still need to provide
a standard timestamp string for gen_initramfs_list.sh to make the
kernel image reproducible.

Make mkcompile_h use $KBUILD_BUILD_VERSION_TIMESTAMP in preference to
$KBUILD_BUILD_TIMESTAMP.

===================================================================
Ben Hutchings <ben@decadent.org.uk> not-needed 2015-05-12
debian/kernelvariables.patch kbuild: Make the toolchain variables easily overwritable
Allow make variables to be overridden for each flavour by a file in
the build tree, .kernelvariables.

We currently use this for ARCH, KERNELRELEASE, CC, and in some cases
also CROSS_COMPILE, KCFLAGS.

This file can only be read after we establish the build tree, and all
use of $(ARCH) needs to be moved after this.

[bwh: Updated for 5.3: include .kernelvariables from current directory
rather than using undefined $(obj).]
Bastian Blank <waldi@debian.org> not-needed 2009-02-22
debian/ia64-hardcode-arch-script-output.patch Hardcode arch script output
Here's a patch that simply uses hardcoded definitions instead of
doing the dynamic tests that require architecture-specific scripts.

I don't particularly like this approach because it restricts
portability and diverts from upstream. But, it is simpler, and this
really needs to be fixed somehow before etch (along with a rebuild of
linux-modules-extra-2.6), so I'm willing to live with it if my other
patch is deemed unacceptable.

My primary concern is that, in the future, the output of these scripts
will change and we (or our successors) will either not notice or
forget to update the hardcoded values.

Including the scripts in linux-kbuild will avoid this manual step
altogether, and allow for the possibility of other archs to provide
their own scripts in the future.
dann frazier <dannf@debian.org> not-needed debian 2007-03-26
debian/mips-disable-werror.patch [PATCH] Partially revert "MIPS: Add -Werror to arch/mips/Kbuild"
This reverts commits 66f9ba101f54bda63ab1db97f9e9e94763d0651b and
5373633cc9253ba82547473e899cab141c54133e.

We really don't want to add -Werror anywhere.
Ben Hutchings <ben@decadent.org.uk> not-needed 2010-09-13
debian/mips-boston-disable-its.patch Disable uImage generation for mips generic
MIPS generic trys to generate uImage when build, which then ask for
u-boot-tools.

[bwh: Updated for 5.17:
- zload-y is no longer assigned here and appears to default to empty
- Adjust context]
YunQiang Su <syq@debian.org> not-needed 2018-05-14
debian/mips-ieee754-relaxed.patch Use RELAXED ieee754 mode for Loongson-3 as 3A 4000 is 2008-only
There are 2 mode of value of IEEE NaN hardcoded by CPU.
Currently, our mipsel/mips64el port is in so-called lagacy mode.
Loongson 3A 4000 is set as the so-called 2008 mode.

To make Debian workable on Loongson 3A 4000, we need set the kerenl in
RELAXED mode.

https://web.archive.org/web/20180830093617/https://dmz-portal.mips.com/wiki/MIPS_ABI_-_NaN_Interlinking

diff --git a/arch/mips/kernel/fpu-probe.c b/arch/mips/kernel/fpu-probe.c
index e689d6a83..667226f94 100644
YunQiang Su <syq@debian.org> not-needed 2020-11-16
debian/arch-sh4-fix-uimage-build.patch [sh4] Fix uImage build
[bwh: This was added without a description, but I think it is done
only to avoid a build-dependency on u-boot-tools.]
Nobuhiro Iwamatsu <iwamatsu@nigauri.org> not-needed debian
debian/tools-perf-perf-read-vdso-in-libexec.patch linux-tools: Install perf-read-vdso{,x}32 in directory under /usr/lib Ben Hutchings <benh@debian.org> no 2015-05-11
debian/tools-perf-install-python-bindings.patch tools: install perf python bindings Adriaan Schmidt <adriaan.schmidt@siemens.com> not-needed debian 2022-04-04
debian/wireless-add-debian-wireless-regdb-certificates.patch wireless: Add Debian wireless-regdb certificates
This hex dump is generated using:

{
for cert in debian/certs/wireless-regdb-*.pem; do
openssl x509 -in $cert -outform der;
done
} | hexdump -v -e '1/1 "0x%.2x," "\n"' > net/wireless/certs/debian.hex
Ben Hutchings <ben@decadent.org.uk> not-needed 2018-04-13
debian/export-symbols-needed-by-android-drivers.patch Export symbols needed by Android drivers
We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.

Export the currently un-exported symbols they depend on.
Ben Hutchings <ben@decadent.org.uk> no debian 2020-09-07
debian/android-enable-building-ashmem-and-binder-as-modules.patch android: Enable building ashmem and binder as modules
We want to enable use of the Android ashmem and binder drivers to
support Anbox, but they should not be built-in as that would waste
resources and increase security attack surface on systems that don't
need them.

- Add a MODULE_LICENSE declaration to ashmem
- Change the Makefiles to build each driver as an object with the
"_linux" suffix (which is what Anbox expects)
- Change config symbol types to tristate

Update:
In upstream commit 721412ed3d titled "staging: remove ashmem" the ashmem
driver was removed entirely. Secondary commit message:
"The mainline replacement for ashmem is memfd, so remove the legacy
code from drivers/staging/"
Consequently, the ashmem part of this patch has been removed.
Ben Hutchings <ben@decadent.org.uk> no debian 2018-06-22
debian/documentation-drop-sphinx-version-check.patch [PATCH 1/2] Documentation: Drop sphinx version check Bastian Blank <waldi@debian.org> not-needed 2020-08-04
debian/perf-traceevent-support-asciidoctor-for-documentatio.patch [PATCH 2/2] perf/traceevent: Support asciidoctor for documentation Bastian Blank <waldi@debian.org> not-needed 2020-08-04
debian/kbuild-look-for-module.lds-under-arch-directory-too.patch kbuild: Look for module.lds under arch directory too
The module.lds linker script is now built under the scripts directory,
where previously it was under arch/$(SRCARCH).

However, we package the scripts directory as linux-kbuild, which is
meant to be able to do support native and cross-builds. That means it
shouldn't contain files for a specific target architecture without a
wrapper to select between them, and it doesn't appear that linker
scripts are powerful enough to implement such a wrapper.

Building module.lds in a different location would require relatively
large changes. Moving it in the package build rules can work, but we
need to support custom kernel builds from the same source so we can't
assume it's moved.

Therefore, we move module.lds under the arch build directory in
rules.real and change Makefile.modfinal to look for it in both places.
Ben Hutchings <benh@debian.org> not-needed debian 2020-12-10
debian/kbuild-abort-build-if-subdirs-used.patch kbuild: Abort build if SUBDIRS used
DKMS and module-assistant both build OOT modules as root. If they
build an old OOT module that still use SUBDIRS this causes Kbuild
to try building a full kernel, which obviously fails but not before
deleting files from the installed headers package.

To avoid such mishaps, detect this situation and abort the build.

The error message is based on that used in commit 0126be38d988
"kbuild: announce removal of SUBDIRS if used".
Ben Hutchings <benh@debian.org> not-needed debian 2021-04-26
debian/module-avoid-abi-changes-when-debug-info-is-disabled.patch module: Avoid ABI changes when debug info is disabled
CI builds are done with debug info disabled, but this removes some
members from struct module. This causes builds to fail if there is an
ABI reference for the current ABI.

Define these members unconditionally, so that there is no ABI change.
Ben Hutchings <benh@debian.org> not-needed 2022-05-13
debian/makefile-make-compiler-version-comparison-optional.patch Makefile: Make compiler version comparison optional
The top-level Makefile warns if the compiler version string changes at
all between the kernel build and an out-of-tree module build.

We expect that major compiler version changes could introduce ABI
changes, and override the CC variable in out-of-tree module builds to
ensure that the same major compiler version is used. But minor
version changes should not make a difference, so this exact version
comparison produces false warnings.

Since custom kernel packages don't have that, don't remove the version
comparison. Instead, skip it if $(DEBIAN_KERNEL_NO_CC_VERSION_CHECK)
is non-empty.
Ben Hutchings <benh@debian.org> not-needed debian 2022-09-15
features/all/drivers-media-dvb-usb-af9005-request_firmware.patch af9005: Use request_firmware() to load register init script
Read the register init script from the Windows driver. This is sick
but should avoid the potential copyright infringement in distributing
a version of the script which is directly derived from the driver.
Ben Hutchings <ben@decadent.org.uk> no 2009-08-24
debian/iwlwifi-do-not-request-unreleased-firmware.patch iwlwifi: Do not request unreleased firmware for IWL6000
The iwlwifi driver currently supports firmware API versions 4-6 for
these devices. It will request the file for the latest supported
version and then fall back to earlier versions. However, the latest
version that has actually been released is 4, so we expect the
requests for versions 6 and then 5 to fail.

The installer appears to report any failed request, and it is probably
not easy to detect that this particular failure is harmless. So stop
requesting the unreleased firmware.
Ben Hutchings <ben@decadent.org.uk> not-needed debian
bugfix/all/firmware_class-log-every-success-and-failure.patch firmware_class: Log every success and failure against given device
The hundreds of users of request_firmware() have nearly as many
different log formats for reporting failures. They also have only the
vaguest hint as to what went wrong; only firmware_class really knows
that. Therefore, add specific log messages for the failure modes that
aren't currently logged.

In case of a driver that tries multiple names, this may result in the
impression that it failed to initialise. Therefore, also log successes.

This makes many error messages in drivers redundant, which will be
removed in later patches.

This does not cover the case where we fall back to a user-mode helper
(which is no longer enabled in Debian).

format to detect missing firmware.
Ben Hutchings <ben@decadent.org.uk> no 2012-12-09
bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch firmware: Remove redundant log messages from drivers
Now that firmware_class logs every success and failure consistently,
many other log messages can be removed from drivers.

This will probably need to be split up into multiple patches prior to
upstream submission.

===================================================================
Ben Hutchings <ben@decadent.org.uk> no 2012-12-09
bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch radeon, amdgpu: Firmware is required for DRM and KMS on R600 onward
radeon requires firmware/microcode for the GPU in all chips, but for
newer chips (apparently R600 'Evergreen' onward) it also expects
firmware for the memory controller and other sub-blocks.

radeon attempts to gracefully fall back and disable some features if
the firmware is not available, but becomes unstable - the framebuffer
and/or system memory may be corrupted, or the display may stay black.

Therefore, perform a basic check for the existence of
/lib/firmware/{radeon,amdgpu} when a device is probed, and abort if it
is missing, except for the pre-R600 case.
Ben Hutchings <ben@decadent.org.uk> no debian 2013-01-08
debian/firmware_class-refer-to-debian-wiki-firmware-page.patch firmware_class: Refer to Debian wiki page when logging missing firmware
If firmware loading fails due to a missing file, log a second error
message referring to our wiki page about firmware. This will explain
why some firmware is in non-free, or can't be packaged at all. Only
do this once per boot.

Do something similar in the radeon and amdgpu drivers, where we have
an early check to avoid failing at a point where we cannot display
anything.
Ben Hutchings <ben@decadent.org.uk> not-needed debian 2018-03-12
bugfix/all/wifi-mt76-do-not-run-mt76_unregister_device-on-unregistered-hw.patch wifi: mt76: do not run mt76_unregister_device() on unregistered hw
Trying to probe a mt7921e pci card without firmware results in a
successful probe where ieee80211_register_hw hasn't been called. When
removing the driver, ieee802111_unregister_hw is called unconditionally
leading to a kernel NULL pointer dereference.
Fix the issue running mt76_unregister_device routine just for registered
hw.


Currently queued for review for the v6.3 release cycle, backported in
advance to prevent users from getting stuck in the installer.
Lorenzo Bianconi <lorenzo@kernel.org> no debian https://patchwork.kernel.org/project/linux-wireless/patch/be3457d82f4e44bb71a22b2b5db27b644a37b1e1.1677107277.git.lorenzo@kernel.org/ 2023-02-23
features/arm/arm-dts-bcm-Enable-device-tree-overlay-support-for-R.patch [PATCH] arm: dts: bcm: Enable device-tree overlay support for RPi devices
Add the '-@' DTC option for the Raspberry Pi devices. This option
populates the '__symbols__' node that contains all the necessary symbols
for supporting device-tree overlays (for instance from the firmware or
the bootloader) on these devices.

The Rasbperry Pi devices are well known for their GPIO header, that
allow various "HATs" or other modules do be connected and this enables
users to create out-of-tree device-tree overlays for these modules.

Please note that this change does increase the size of the resulting DTB
by ~40%. For example, with v6.4-rc1 increase in size is as follows:

bcm2711-rpi-400.dtb 27556 -> 38141 bytes
bcm2711-rpi-4-b.dtb 27484 -> 38069 bytes
bcm2711-rpi-cm4-io.dtb 27373 -> 38076 bytes
bcm2835-rpi-a.dtb 12879 -> 18235 bytes
bcm2835-rpi-a-plus.dtb 13015 -> 18371 bytes
bcm2835-rpi-b.dtb 12997 -> 18377 bytes
bcm2835-rpi-b-plus.dtb 13237 -> 18666 bytes
bcm2835-rpi-b-rev2.dtb 13085 -> 18514 bytes
bcm2835-rpi-cm1-io1.dtb 13109 -> 18528 bytes
bcm2835-rpi-zero.dtb 12923 -> 18311 bytes
bcm2835-rpi-zero-w.dtb 13449 -> 18889 bytes
bcm2836-rpi-2-b.dtb 14500 -> 20252 bytes
bcm2837-rpi-3-a-plus.dtb 14930 -> 20713 bytes
bcm2837-rpi-3-b.dtb 15107 -> 20979 bytes
bcm2837-rpi-3-b-plus.dtb 15463 -> 21443 bytes
bcm2837-rpi-cm3-io3.dtb 14429 -> 20098 bytes
bcm2837-rpi-zero-2-w.dtb 14781 -> 20524 bytes

[ukleinek: rebased to v6.4-rc1]
Aurelien Jarno <aurelien@aurel32.net> no https://git.kernel.org/linus/e925743edc0d86fb846d952190d005bac8a6e373 2023-05-30
debian/af_802154-Disable-auto-loading-as-mitigation-against.patch [PATCH 2/3] af_802154: Disable auto-loading as mitigation against local exploits
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'af_802154' (IEEE 802.15.4) protocol is not widely used, was
not present in the 'lenny' kernel, and seems to receive only sporadic
maintenance. Therefore disable auto-loading.
Ben Hutchings <ben@decadent.org.uk> not-needed 2010-11-19
debian/rds-Disable-auto-loading-as-mitigation-against-local.patch [PATCH 1/3] rds: Disable auto-loading as mitigation against local exploits
Recent review has revealed several bugs in obscure protocol
implementations that can be exploited by local users for denial of
service or privilege escalation. We can mitigate the effect of any
remaining vulnerabilities in such protocols by preventing unprivileged
users from loading the modules, so that they are only exploitable on
systems where the administrator has chosen to load the protocol.

The 'rds' protocol is one such protocol that has been found to be
vulnerable, and which was not present in the 'lenny' kernel.
Therefore disable auto-loading.
Ben Hutchings <ben@decadent.org.uk> not-needed 2010-11-19
debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch dccp: Disable auto-loading as mitigation against local exploits
We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'dccp' protocol is not actively maintained or widely used.
Therefore disable auto-loading.
Ben Hutchings <ben@decadent.org.uk> not-needed 2017-02-16
debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch hamradio: Disable auto-loading as mitigation against local exploits
We can mitigate the effect of vulnerabilities in obscure protocols by
preventing unprivileged users from loading the modules, so that they
are only exploitable on systems where the administrator has chosen to
load the protocol.

The 'ham' radio protocols (ax25, netrom, rose) are not actively
maintained or widely used. Therefore disable auto-loading.
Ben Hutchings <ben@decadent.org.uk> not-needed 2019-08-05
debian/fs-enable-link-security-restrictions-by-default.patch fs: Enable link security restrictions by default
This reverts commit 561ec64ae67ef25cac8d72bb9c4bfc955edfd415
('VFS: don't do protected {sym,hard}links by default').
Ben Hutchings <ben@decadent.org.uk> not-needed debian 2012-11-02
debian/sched-autogroup-disabled.patch sched: Do not enable autogrouping by default
We want to provide the option of autogrouping but without enabling
it by default yet.
Ben Hutchings <ben@decadent.org.uk> not-needed 2011-03-16
debian/yama-disable-by-default.patch yama: Disable by default Ben Hutchings <ben@decadent.org.uk> not-needed debian 2013-06-19
debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch add sysctl to disallow unprivileged CLONE_NEWUSER by default
add sysctl to disallow unprivileged CLONE_NEWUSER by default

This is a short-term patch. Unprivileged use of CLONE_NEWUSER
is certainly an intended feature of user namespaces. However
for at least saucy we want to make sure that, if any security
issues are found, we have a fail-safe.

[bwh: Remove unneeded binary sysctl bits]
[bwh: Keep this sysctl, but change the default to enabled]
Serge Hallyn <serge.hallyn@canonical.com> no http://kernel.ubuntu.com/git?p=serge%2Fubuntu-saucy.git;a=commit;h=5c847404dcb2e3195ad0057877e1422ae90892b8 2013-05-31
features/all/security-perf-allow-further-restriction-of-perf_event_open.patch security,perf: Allow further restriction of perf_event_open
When kernel.perf_event_open is set to 3 (or greater), disallow all
access to performance events by users without CAP_SYS_ADMIN.
Add a Kconfig symbol CONFIG_SECURITY_PERF_EVENTS_RESTRICT that
makes this value the default.

This is based on a similar feature in grsecurity
(CONFIG_GRKERNSEC_PERF_HARDEN). This version doesn't include making
the variable read-only. It also allows enabling further restriction
at run-time regardless of whether the default is changed.
Ben Hutchings <ben@decadent.org.uk> yes 2016-01-11
features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch intel-iommu: Add option to exclude integrated GPU only
There is still laptop firmware that touches the integrated GPU behind
the operating system's back, and doesn't say so in the RMRR table.
Enabling the IOMMU for all devices causes breakage, but turning it off
for all graphics devices seems like a major weakness.

Add an option, intel_iommu=intgpu_off, to exclude only integrated GPUs
from remapping. This is a narrower exclusion than igfx_off: it only
affects Intel devices on the root bus. Devices attached through an
external port (Thunderbolt or ExpressCard) won't be on the root bus.
Ben Hutchings <ben@decadent.org.uk> no debian 2019-08-21
features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch intel-iommu: Add Kconfig option to exclude iGPU by default
There is still laptop firmware that touches the integrated GPU behind
the operating system's back, and doesn't say so in the RMRR table.
Enabling the IOMMU for all devices causes breakage.

Replace CONFIG_INTEL_IOMMU_DEFAULT_ON with a 3-way choice
corresponding to "on", "off", and "on,intgpu_off".
Ben Hutchings <ben@decadent.org.uk> no debian 2019-08-21
debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch cdc_ncm,cdc_mbim: Use NCM by default
Devices that support both NCM and MBIM modes should be kept in NCM
mode unless there is userland support for MBIM.

Set the default value of cdc_ncm.prefer_mbim to false and leave it to
userland (modem-manager) to override this with a modprobe.conf file
once it's ready to speak MBIM.
Ben Hutchings <ben@decadent.org.uk> not-needed 2013-03-31
debian/snd-pcsp-disable-autoload.patch snd-pcsp: Disable autoload
There are two drivers claiming the platform:pcspkr device:
- pcspkr creates an input(!) device that can only beep
- snd-pcsp creates an equivalent input device plus a PCM device that can
play barely recognisable renditions of sampled sound

snd-pcsp is blacklisted by the alsa-base package, but not everyone
installs that. On PCs where no sound is wanted at all, both drivers
will still be loaded and one or other will complain that it couldn't
claim the relevant I/O range.

In case anyone finds snd-pcsp useful, we continue to build it. But
remove the alias, to ensure it's not loaded where it's not wanted.
Ben Hutchings <ben@decadent.org.uk> not-needed debian 2014-02-05
bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch viafb: Autoload on OLPC XO 1.5 only
It appears that viafb won't work automatically on all the boards for
which it has a PCI device ID match. Currently, it is blacklisted by
udev along with most other framebuffer drivers, so this doesn't matter
much.

However, this driver is required for console support on the XO 1.5.
We need to allow it to be autoloaded on this model only, and then
un-blacklist it in udev.
Ben Hutchings <ben@decadent.org.uk> no debian 2013-04-20
debian/fjes-disable-autoload.patch fjes: Disable auto-loading
fjes matches a generic ACPI device ID, and relies on its probe
function to distinguish whether that really corresponds to a supported
device. Very few system will need the driver and it wastes memory on
all the other systems where the same device ID appears, so disable
auto-loading.
Ben Hutchings <ben@decadent.org.uk> no debian 2017-03-18
debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch fanotify: Taint on use of FANOTIFY_ACCESS_PERMISSIONS
Various free and proprietary AV products use this feature and users
apparently want it. But punting access checks to userland seems like
an easy way to deadlock the system, and there will be nothing we can
do about that. So warn and taint the kernel if this feature is
actually used.
Ben Hutchings <ben@decadent.org.uk> not-needed 2016-07-13
debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch btrfs: warn about RAID5/6 being experimental at mount time
Too many people come complaining about losing their data -- and indeed,
there's no warning outside a wiki and the mailing list tribal knowledge.
Message severity chosen for consistency with XFS -- "alert" makes dmesg
produce nice red background which should get the point across.

[bwh: Also add_taint() so this is flagged in bug reports]
Adam Borowski <kilobyte@angband.pl> no debian https://bugs.debian.org/863290#5 2017-03-28
bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch ARM: dts: kirkwood: Fix SATA pinmux-ing for TS419
The old board code for the TS419 assigns MPP pins 15 and 16 as SATA
activity signals (and none as SATA presence signals). Currently the
device tree assigns the SoC's default pinmux groups for SATA, which
conflict with the second Ethernet port.
Ben Hutchings <ben@decadent.org.uk> yes debian 2017-02-17
bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch perf tools: Fix unwind build on i386
EINVAL may not be defined when building unwind-libunwind.c with
REMOTE_UNWIND_LIBUNWIND, resulting in a compiler error in
LIBUNWIND__ARCH_REG_ID(). Its only caller, access_reg(), only checks
for a negative return value and doesn't care what it is. So change
-EINVAL to -1.
Ben Hutchings <ben@decadent.org.uk> no 2017-07-22
bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch sh: Do not use hyphen in exported variable names
arch/sh/Makefile defines and exports ld-bfd to be used by
arch/sh/boot/Makefile and arch/sh/boot/compressed/Makefile. However
some shells, including dash, will not pass through environment
variables whose name includes a hyphen. Usually GNU make does not use
a shell to recurse, but if e.g. $(srctree) contains '~' it will use a
shell here.

Rename the variable to ld_bfd.

(Another instance of this problem was fixed upstream by commit
82977af93a0d "sh: rename suffix-y to suffix_y".)
Ben Hutchings <ben@decadent.org.uk> no 2022-02-07
bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch ARM: mm: Export __sync_icache_dcache() for xen-privcmd
The xen-privcmd driver, which can be modular, calls set_pte_at()
which in turn may call __sync_icache_dcache().

The call to __sync_icache_dcache() may be optimised out because it is
conditional on !pte_special(), and xen-privcmd calls pte_mkspecial().
However, in a non-LPAE configuration there is no "special" bit and the
call is really unconditional.
Ben Hutchings <ben@decadent.org.uk> yes 2018-07-11
bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch powerpc/boot: Fix missing crc32poly.h when building with KERNEL_XZ
After commit faa16bc404d7 ("lib: Use existing define with
polynomial") the lib/xz/xz_crc32.c includes a header from include/linux
directory thus any other user of this code should define proper include
path.

This fixes the build error on powerpc with CONFIG_KERNEL_XZ:

In file included from ../arch/powerpc/boot/../../../lib/decompress_unxz.c:233:0,
from ../arch/powerpc/boot/decompress.c:42:
../arch/powerpc/boot/../../../lib/xz/xz_crc32.c:18:29: fatal error: linux/crc32poly.h: No such file or directory
Krzysztof Kozlowski <krzk@kernel.org> no https://patchwork.ozlabs.org/patch/963258/ 2018-08-29
bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch arm64/acpi: Add fixup for HPE m400 quirks
Adds a new ACPI init routine acpi_fixup_m400_quirks that adds
a work-around for HPE ProLiant m400 APEI firmware problems.

The work-around disables APEI when CONFIG_ACPI_APEI is set and
m400 firmware is detected. Without this fixup m400 systems
experience errors like these on startup:

[Hardware Error]: Hardware error from APEI Generic Hardware Error Source: 2
[Hardware Error]: event severity: fatal
[Hardware Error]: Error 0, type: fatal
[Hardware Error]: section_type: memory error
[Hardware Error]: error_status: 0x0000000000001300
[Hardware Error]: error_type: 10, invalid address
Kernel panic - not syncing: Fatal hardware error!

[bwh: Adjust context to apply to Linux 4.19]
Geoff Levand <geoff@infradead.org> yes 2018-06-13
bugfix/alpha/alpha-fix-missing-symbol-versions-for-str-n-cat-cpy.patch alpha: Fix missing symbol versions for str{,n}{cat,cpy}
Now that modpost extracts symbol versions from *.cmd files, it can't
find the versions for these 4 symbols. This is due to the way we link
their objects together ahead of the full vmlinux link. genksyms puts
their symbol CRCs in .str{,n}{cat,cpy}.o.cmd, but modpost only reads
the .sty{,n}cpy.o.cmd files.

Add assembly sources that bring the appropriate routines together with
include directives instead of using the linker for this.
Ben Hutchings <ben@decadent.org.uk> no https://marc.info/?l=linux-alpha&m=167364720725291&w=2 2023-01-05
features/arm64/dt-bindings-rockchip-Add-Hardkernel-ODROID-M1-board.patch [01/13] dt-bindings: rockchip: Add Hardkernel ODROID-M1 board
Add device tree binding for Hardkernel ODROID-M1 board based on RK3568
SoC.
Dongjin Kim <tobetter@gmail.com> no https://git.kernel.org/linus/19cc53eb2ce63c0e5adc2fd89494fb16f383ac10 2022-09-30
features/arm64/arm64-dts-rockchip-Add-Hardkernel-ODROID-M1-board.patch [02/13] arm64: dts: rockchip: Add Hardkernel ODROID-M1 board
This patch is to add a device tree for new board Hardkernel ODROID-M1
based on Rockchip RK3568, includes basic peripherals -
uart/eMMC/uSD/i2c and on-board ethernet.

[aurelien@aurel32.net: addressed issues from initial review]
Dongjin Kim <tobetter@gmail.com> no https://git.kernel.org/linus/fd35832677032980df230f02509d6c016664cc89 2022-09-30
features/arm64/arm64-dts-rockchip-add-thermal-support-to-ODROID-M1.patch [03/13] arm64: dts: rockchip: add thermal support to ODROID-M1
Add the thermal nodes for the ODROID-M1.
Aurelien Jarno <aurelien@aurel32.net> no https://git.kernel.org/linus/f5511bd8498da222b6455038a0cf3e7d2b2dfc7e 2022-09-30
features/arm64/arm64-dts-rockchip-Add-NOR-flash-to-ODROID-M1.patch [04/13] arm64: dts: rockchip: Add NOR flash to ODROID-M1
Enable the Rockchip Serial Flash Controller for the ODROID-M1 and add
the corresponding SPI NOR flash entry. The SFC is used in dual I/O mode
and not quad I/O mode, as the FSPI_D2 pin is shared with the EMMC_RSTn
pin.

The partitions addresses and sizes are taken from the ODROID-M1
Partition Table page on the ODROID wiki.
Aurelien Jarno <aurelien@aurel32.net> no https://git.kernel.org/linus/9f96204b7dcf94d03cad41194447c665d10675b7 2022-09-30
features/arm64/arm64-dts-rockchip-Add-analog-audio-on-ODROID-M1.patch [05/13] arm64: dts: rockchip: Add analog audio on ODROID-M1
On the ODROID-M1, the I2S1 TDM controller is connected to the rk809
codec in I2S mode. It is used to provide a stereo headphones output and
a mono speaker output. A GPIO with an external pullup is used as an
headphone detection input.
Aurelien Jarno <aurelien@aurel32.net> no https://git.kernel.org/linus/78f858447cb78cac7259093d095fb783328b835c 2022-09-30
features/arm64/arm64-dts-rockchip-Enable-vop2-and-hdmi-tx-on-ODROID.patch [06/13] arm64: dts: rockchip: Enable vop2 and hdmi tx on ODROID-M1
Enable the RK356x Video Output Processor (VOP) 2 on ODROID M1.
Aurelien Jarno <aurelien@aurel32.net> no https://git.kernel.org/linus/913404aa2e60610f9cae375069dae97e11d726ed 2022-09-30
features/arm64/arm64-dts-rockchip-Enable-HDMI-audio-on-ODROID-M1.patch [07/13] arm64: dts: rockchip: Enable HDMI audio on ODROID-M1.
This enables the i2s0 controller and the hdmi-sound node on the
ODROID-M1.
Aurelien Jarno <aurelien@aurel32.net> no https://git.kernel.org/linus/1ca7ddddf36494f0f6afd4f35d37827323271f39 2022-09-30
features/arm64/arm64-dts-rockchip-Enable-the-GPU-on-ODROID-M1.patch [08/13] arm64: dts: rockchip: Enable the GPU on ODROID-M1
Enable the GPU core on the Rockchip RK3568 ODROID-M1.
Aurelien Jarno <aurelien@aurel32.net> no https://git.kernel.org/linus/cb80b3455c7cadc4c1157879930e919f607d557c 2022-09-30
features/arm64/arm64-dts-rockchip-Enable-the-USB-2.0-ports-on-ODROI.patch [09/13] arm64: dts: rockchip: Enable the USB 2.0 ports on ODROID-M1
The Rockchip RK3568 has two USB OHCI/EHCI controllers connected to a PHY
providing one host-only port and one OTG port. On the ODROID-M1, they
are both used in host mode. The USB ports are powered by a DC/DC
converter providing 5V and named VCC5V0_SYS on the schematics, followed
by a power switch.
Aurelien Jarno <aurelien@aurel32.net> no https://git.kernel.org/linus/4685d7b68aaac199ab0d950d2047405bf551f964 2022-09-30
features/arm64/arm64-dts-rockchip-Enable-the-USB-3.0-ports-on-ODROI.patch [10/13] arm64: dts: rockchip: Enable the USB 3.0 ports on ODROID-M1
The Rockchip RK3568 has two USB XHCI controllers. The USB 2.0 signals
are connected to a PHY providing one host-only port and one OTG port.
The USB 3.0 signals are connected to two USB3.0/PCIE/SATA combo PHY.

The ODROID M1 has 2 type A USB 3.0 connectors, with the USB 3.0 signals
connected to the two combo PHYs. For the USB 2.0 signals, one connector
is connected to the host-only PHY and uses the same power switch as the
USB 2.0 ports. The other connector has its own power switch and is
connected to the OTG PHY, which is also connected to a device only
micro-USB connector. The purpose of this micro-USB connector is for
firmware update using the Rockusb vendor specific USB class. Therefore
it does not make sense to enable this port on Linux, and the PHY is
forced to host mode.
Aurelien Jarno <aurelien@aurel32.net> no https://git.kernel.org/linus/9984ef562653c8d0beb51021fc286706b6ec4802 2022-09-30
features/arm64/arm64-dts-rockchip-Add-SATA-support-to-ODROID-M1.patch [11/13] arm64: dts: rockchip: Add SATA support to ODROID-M1
Enable the Combo PHY and SATA nodes in ODROID-M1.
Aurelien Jarno <aurelien@aurel32.net> no https://git.kernel.org/linus/6a5a04d52ccc42e0e59ff69fca9c1db7e08ba44b 2022-09-30
features/arm64/arm64-dts-rockchip-Add-PCIEe-v3-nodes-to-ODROID-M1.patch [12/13] arm64: dts: rockchip: Add PCIEe v3 nodes to ODROID-M1
Add nodes to ODROID-M1 to support PCIe v3 on the M2 slot.
Aurelien Jarno <aurelien@aurel32.net> no https://git.kernel.org/linus/35b28582aa3dfd7b6861b7ebc72798b0ff50ed41 2022-09-30
features/arm64/arm64-dts-rockchip-Add-IR-receiver-node-to-ODROID-M1.patch [13/13] arm64: dts: rockchip: Add IR receiver node to ODROID-M1
Add the infrared receiver and its associated pinctrl entry. Note that
there is an external pullup to VCC3V3_SYS.
Aurelien Jarno <aurelien@aurel32.net> no https://git.kernel.org/linus/d6882992fe8182e3122be34af3f491948a8b9069 2022-09-30
features/x86/x86-memtest-WARN-if-bad-RAM-found.patch x86: memtest: WARN if bad RAM found
Since this is not a particularly thorough test, if we find any bad
bits of RAM then there is a fair chance that there are other bad bits
we fail to detect.
Ben Hutchings <ben@decadent.org.uk> yes debian 2011-12-05
features/x86/x86-make-x32-syscall-support-conditional.patch x86: Make x32 syscall support conditional on a kernel parameter
Enabling x32 in the standard amd64 kernel would increase its attack
surface while provide no benefit to the vast majority of its users.
No-one seems interested in regularly checking for vulnerabilities
specific to x32 (at least no-one with a white hat).

Still, adding another flavour just to turn on x32 seems wasteful. And
the only differences on syscall entry are a few instructions that mask
out the x32 flag and compare the syscall number.

Use a static key to control whether x32 syscalls are really enabled, a
Kconfig parameter to set its default value and a kernel parameter
"syscall.x32" to change it at boot time.
Ben Hutchings <ben@decadent.org.uk> yes debian 2018-02-12
bugfix/arm64/arm64-dts-rockchip-fix-spdif-fe460000-ordering-on-rk.patch arm64: dts: rockchip: fix spdif@fe460000 ordering on rk356x
Move the node to its correct position, based on its
mmio-address.
Heiko Stuebner <heiko@sntech.de> no https://git.kernel.org/linus/d4eade428d22f2ac5f32b12ec183fdff84dc07a6 2022-10-30
features/arm64/quartz64/arm64-dts-rockchip-RK356x-Add-I2S2-device-node.patch arm64: dts: rockchip: RK356x: Add I2S2 device node
This patch adds I2S2 device tree node for RK3566/RK3568.
Shengyu Qu <wiagn233@outlook.com> no https://git.kernel.org/linus/755f37010f3eac0bdfa41bdf2308e8380a93f10c 2022-10-30
features/arm64/quartz64/arm64-dts-rockchip-Enable-video-output-and-HDMI-on-S.patch arm64: dts: rockchip: Enable video output and HDMI on SOQuartz
This patch adds and enables the necessary device tree nodes to
enable video output and HDMI functionality on the SOQuartz module.
Nicolas Frattaroli <frattaroli.nicolas@gmail.com> no https://git.kernel.org/linus/36d7a605706d9648526a0574b8e7b0e02fa70c2a 2022-11-12
features/arm64/quartz64/arm64-dts-rockchip-Enable-HDMI-sound-on-SOQuartz.patch arm64: dts: rockchip: Enable HDMI sound on SOQuartz
This patch enables the i2s0 node on SOQuartz, which is responsible
for hdmi audio, and adds an hdmi-sound node to enable said audio.
Nicolas Frattaroli <frattaroli.nicolas@gmail.com> no https://git.kernel.org/linus/70b620c4ba919a87c607b8d98b08478b213877bd 2022-11-12
features/arm64/quartz64/arm64-dts-rockchip-Enable-PCIe-2-on-SOQuartz-CM4IO.patch arm64: dts: rockchip: Enable PCIe 2 on SOQuartz CM4IO
This patch enables the PCIe2 on the CM4IO board when paired with
a SOQuartz CM4 System-on-Module board. combphy2 also needs to be
enabled in this case to make the PHY work for this.
Nicolas Frattaroli <frattaroli.nicolas@gmail.com> no https://git.kernel.org/linus/3736aa7ecc4cd9b4abce30052bad00aba4f0362f 2022-11-12
features/arm64/quartz64/dt-bindings-arm-rockchip-Add-SOQuartz-Blade.patch [1/4] dt-bindings: arm: rockchip: Add SOQuartz Blade
Add a compatible for the SOQuartz Blade base board to the rockchip
platforms binding.

The SOQuartz Blade is a PoE-capable carrier board for the CM4 SoM
form factor, designed around the SOQuartz CM4 System-on-Module.

The board features the usual connectivity (GPIO, USB, HDMI,
Ethernet) and an M.2 slot for SSDs. It may also be powered from
a 5V barrel jack input, and has a 3.5mm jack for UART debug
output.
Nicolas Frattaroli <frattaroli.nicolas@gmail.com> no https://git.kernel.org/linus/8c84c2e51f3ee39b40e8078ebe3ad9c01fb17aff 2022-11-16
features/arm64/quartz64/arm64-dts-rockchip-Add-SOQuartz-blade-board.patch [2/4] arm64: dts: rockchip: Add SOQuartz blade board
This adds a device tree for the PINE64 SOQuartz blade baseboard,
a 1U rack mountable baseboard for the CM4 form factor with PoE
support designed for the SOQuartz CM4 System-on-Module.

The board takes power from either PoE or a 5V DC input, and allows
for mounting an M.2 SSD.

The board also features one USB 2.0 host port, one HDMI output,
a 3.5mm jack for UART, and the aforementioned gigabit networking
port.

[rebase, squash, reword, misc fixes]
Andrew Powers-Holmes <aholmes@omnom.net> no https://git.kernel.org/linus/a5c826ecde5222f755e7d8a0c8d795189c5c1228 2022-11-16
features/arm64/quartz64/dt-bindings-arm-rockchip-Add-SOQuartz-Model-A.patch [3/4] dt-bindings: arm: rockchip: Add SOQuartz Model A
The SOQuartz Model A base board is a carrier board for the CM4
form factor, designed around the PINE64 SOQuartz CM4 SoM.

The board sports "Model A" dimensions like the Quartz64 Model A,
but is not to be confused with that.

As for I/O, it features USB 2 ports, Gigabit Ethernet, a PCIe 2
x1 slot, HDMI, a 40-pin GPIO header, CSI/DSI connectors, an eDP
flat-flex cable connector, a 12V DC barrel jack for power input
and power/reset buttons as well as a microSD card slot.
Nicolas Frattaroli <frattaroli.nicolas@gmail.com> no https://git.kernel.org/linus/7441d8c437883581dddfb616a087b399338244f0 2022-11-16
features/arm64/quartz64/arm64-dts-rockchip-Add-SOQuartz-Model-A-baseboard.patch [4/4] arm64: dts: rockchip: Add SOQuartz Model A baseboard
This patch adds the device tree for the "Model A" baseboard for
the SOQuartz CM4 SoM, which is not to be confused with the
Quartz64 Model A, which is the same form factor and SoC, but is
not a CM4 carrier board.

The board features a PCIe 2 x1 slot, USB 2 host ports, CSI/DSI
connectors, an eDP FFC connector, gigabit ethernet, HDMI, and a
12V DC barrel jack. Also present is a microSD card slot, 40-pin
GPIO, and a power and reset button.

[rebase, misc fixes, reword]
Andrew Powers-Holmes <aholmes@omnom.net> no https://git.kernel.org/linus/afbaed737fb45bcae91e4606025fb31da71b9dfe 2022-11-16
bugfix/all/disable-some-marvell-phys.patch phy/marvell: disable 4-port phys
The Marvell PHY was originally disabled because it can cause networking
failures on some systems. According to Lennert Buytenhek this is because some
of the variants added did not share the same register layout. Since the known
cases are all 4-ports disable those variants (indicated by a 4 in the
penultimate position of the model name) until they can be audited for
correctness.

[bwh: Also #if-out the init functions for these PHYs to avoid
compiler warnings]
Ian Campbell <ijc@hellion.org.uk> yes debian 2013-11-20
bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch fs: Add MODULE_SOFTDEP declarations for hard-coded crypto drivers
This helps initramfs builders and other tools to find the full
dependencies of a module.

[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream]
Ben Hutchings <ben@decadent.org.uk> yes debian 2016-04-13
bugfix/all/media-cx18-avoid-strlen-call-that-triggers-ice-in-gc.patch media: cx18: Avoid strlen() call that triggers ICE in gcc 10
Commit e9a40e1585d7 "fortify: Do not cast to "unsigned char"",
included in 6.2 and backported into 6.1.2, triggers an ICE in
bullseye's gcc 10 when compiling cx18-i2c.c. This change specifically
affects use of the strlen() function.

The compiler has been fixed in sid but not yet in bullseye. Until
that happens, we need a workaround here.

init_cx18_i2c() initialises i2c_adapter instances from a template and
then appends to their names by calling sprintf(...name +
strlen(...name), ...). Avoid using strlen() here by rewriting the
entire name field instead of appending.
Ben Hutchings <benh@debian.org> no debian 2023-03-05
features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch [28/30] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT
flag that can be passed to efi_enabled() to find out whether secure boot is
enabled.

Move the switch-statement in x86's setup_arch() that inteprets the
secure_boot boot parameter to generic code and set the bit there.

[rperier: Forward-ported to 5.5:
- Use pr_warn()
- Adjust context]
[bwh: Forward-ported to 5.6: adjust context]
[bwh: Forward-ported to 5.7:
- Use the next available bit in efi.flags
- Adjust context]
David Howells <dhowells@redhat.com> no https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a5d70c55c603233c192b375f72116a395909da28 2019-02-18
features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch efi: Lock down the kernel if booted in secure boot mode
Based on an earlier patch by David Howells, who wrote the following
description:

> UEFI Secure Boot provides a mechanism for ensuring that the firmware will
> only load signed bootloaders and kernels. Certain use cases may also
> require that all kernel modules also be signed. Add a configuration option
> that to lock down the kernel - which includes requiring validly signed
> modules - if the kernel is secure-booted.

[Salvatore Bonaccorso: After fixing https://bugs.debian.org/956197 the
help text for LOCK_DOWN_IN_EFI_SECURE_BOOT needs to be adjusted to
mention that lockdown is triggered in integrity mode]
Ben Hutchings <ben@decadent.org.uk> no 2019-09-10
features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch mtd: phram,slram: Disable when the kernel is locked down
These drivers allow mapping arbitrary memory ranges as MTD devices.
This should be disabled to preserve the kernel's integrity when it is
locked down.

* Add the HWPARAM flag to the module parameters
* When slram is built-in, it uses __setup() to read kernel parameters,
so add an explicit check security_locked_down() check
Ben Hutchings <ben@decadent.org.uk> yes 2019-08-30
features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch arm64: add kernel config option to lock down when in Secure Boot mode
Add a kernel configuration option to lock down the kernel, to restrict
userspace's ability to modify the running kernel when UEFI Secure Boot is
enabled. Based on the x86 patch by Matthew Garrett.

Determine the state of Secure Boot in the EFI stub and pass this to the
kernel using the FDT.

[bwh: Forward-ported to 4.10: adjust context]
[Lukas Wunner: Forward-ported to 4.11: drop parts applied upstream]
[bwh: Forward-ported to 4.15 and lockdown patch set:
- Pass result of efi_get_secureboot() in stub through to
efi_set_secure_boot() in main kernel
- Use lockdown API and naming]
[bwh: Forward-ported to 4.19.3: adjust context in update_fdt()]
[dannf: Moved init_lockdown() call after uefi_init(), fixing SB detection]
[bwh: Drop call to init_lockdown(), as efi_set_secure_boot() now calls this]
[bwh: Forward-ported to 5.6: efi_get_secureboot() no longer takes a
sys_table parameter]
[bwh: Forward-ported to 5.7: EFI initialisation from FDT was rewritten, so:
- Add Secure Boot mode to the parameter enumeration in fdtparams.c
- Add a parameter to efi_get_fdt_params() to return the Secure Boot mode
- Since Xen does not have a property name defined for Secure Boot mode,
change efi_get_fdt_prop() to handle a missing property name by clearing
the output variable]
[Salvatore Bonaccorso: Forward-ported to 5.10: f30f242fb131 ("efi: Rename
arm-init to efi-init common for all arch") renamed arm-init.c to efi-init.c]
Linn Crosetto <linn@hpe.com> no debian 2016-08-30
features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch [PATCH 3/4] MODSIGN: checking the blacklisted hash before loading a kernel module

This patch adds the logic for checking the kernel module's hash
base on blacklist. The hash must be generated by sha256 and enrolled
to dbx/mokx.

For example:
sha256sum sample.ko
mokutil --mokx --import-hash $HASH_RESULT

Whether the signature on ko file is stripped or not, the hash can be
compared by kernel.

[Rebased by Luca Boccassi]
[bwh: Forward-ported to 5.19:
- The type parameter to is_hash_blacklisted() is now an enumeration
rather than a string
- Adjust filename, context]
"Lee, Chun-Yi" <joeyli.kernel@gmail.com> no https://lore.kernel.org/patchwork/patch/933175/ 2018-03-13
features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch [PATCH] KEYS: Make use of platform keyring for module signature verify

This allows a cert in DB to be used to sign modules,
in addition to certs in the MoK and built-in keyrings.

[bwh: Forward-ported to 5.19: adjust filename]
[наб: reinstate for 6.1, re-write description]
Robert Holmes <robeholmes@gmail.com> yes debian https://src.fedoraproject.org/rpms/kernel/raw/master/f/KEYS-Make-use-of-platform-keyring-for-module-signature.patch 2019-04-23
features/all/db-mok-keyring/trust-machine-keyring-by-default.patch trust machine keyring (MoK) by default Debian always trusted keys in MoK by default. Upstream made it conditional on
a new EFI variable being set. To keep backward compatibility skip this check.
Luca Boccassi <bluca@debian.org> no
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch [i386/686-pae] PCI: Set pci=nobios by default
CONFIG_PCI_GOBIOS results in physical addresses 640KB-1MB being mapped
W+X, which is undesirable for security reasons and will result in a
warning at boot now that we enable CONFIG_DEBUG_WX.

This can be overridden using the kernel parameter "pci=nobios", but we
want to disable W+X by default. Disable PCI BIOS probing by default;
it can still be enabled using "pci=bios".
Ben Hutchings <ben@decadent.org.uk> not-needed 2016-02-16
debian/ntfs-mark-it-as-broken.patch ntfs: mark it as broken
NTFS has unfixed issues CVE-2018-12929, CVE-2018-12930, and
CVE-2018-12931. ntfs-3g is a better supported alternative.

Make sure it can't be enabled even in custom kernels.
Ben Hutchings <ben@decadent.org.uk> no 2019-04-25
bugfix/all/net-sched-taprio-always-validate-TCA_TAPRIO_ATTR_PRI.patch net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP
[ Upstream commit f921a58ae20852d188f70842431ce6519c4fdc36 ]

If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided,
taprio_parse_mqprio_opt() must validate it, or userspace
can inject arbitrary data to the kernel, the second time
taprio_change() is called.

First call (with valid attributes) sets dev->num_tc
to a non zero value.

Second call (with arbitrary mqprio attributes)
returns early from taprio_parse_mqprio_opt()
and bad things can happen.
Eric Dumazet <edumazet@google.com> no https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git/commit?id=3e102bb4e13ae49c014096f149ed0c8430e3c1f0 2024-06-04
bugfix/all/module-disable-matching-missing-version-crc.patch module: Disable matching missing version CRC
This partly reverts commit cd3caefb4663e3811d37cc2afad3cce642d60061.
We want to fail closed if a symbol version CRC is missing, as the
alternative may allow subverting module signing.
Ben Hutchings <ben@decadent.org.uk> not-needed 2016-12-02
bugfix/all/usbip-document-tcp-wrappers.patch usbip: Document TCP wrappers
Add references to TCP wrappers configuration in the manual page.
Ben Hutchings <ben@decadent.org.uk> no 2012-06-24
bugfix/all/kbuild-fix-recordmcount-dependency.patch kbuild: Fix recordmcount dependency for OOT modules
We never rebuild anything in-tree when building an out-of-tree
modules, so external modules should not depend on the recordmcount
sources.
Ben Hutchings <ben@decadent.org.uk> no 2014-09-08
bugfix/all/tools-perf-man-date.patch perf tools: Use $KBUILD_BUILD_TIMESTAMP as man page date
This allows man pages to be built reproducibly.
Ben Hutchings <ben@decadent.org.uk> yes 2015-07-13
bugfix/all/tools-perf-remove-shebangs.patch tools/perf: Remove shebang lines from perf scripts
perf scripts need to be invoked through perf, not directly through
perl (or other language interpreter). So including shebang lines in
them is useless and possibly misleading.
Ben Hutchings <ben@decadent.org.uk> no 2015-09-25
bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch Revert "perf build: Fix libunwind feature detection on 32-bit x86"
This reverts commit 05b41775e2edd69a83f592e3534930c934d4038e.
It broke feature detection that was working just fine for us.
Ben Hutchings <ben@decadent.org.uk> no 2015-09-25
bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch tools/build: Remove bpf() run-time check at build time
It is not correct to test that a syscall works on the build system's
kernel. We might be building on an earlier kernel version or with
security restrictions that block bpf().
Ben Hutchings <ben@decadent.org.uk> no 2016-02-21
bugfix/all/cpupower-bump-soname-version.patch cpupower: Bump soname version
Several functions in the libcpupower API are renamed or removed in
Linux 4.7. This is an backward-incompatible ABI change, so the
library soname should change from libcpupower.so.0 to
libcpupower.so.1.
Ben Hutchings <ben@decadent.org.uk> yes 2016-06-09
bugfix/all/cpupower-fix-checks-for-cpu-existence.patch cpupower: Fix checks for CPU existence
Calls to cpufreq_cpu_exists(cpu) were converted to
cpupower_is_cpu_online(cpu) when libcpupower was introduced and the
former function was deleted. However, cpupower_is_cpu_online() does
not distinguish physically absent and offline CPUs, and does not set
errno.

cpufreq-set has already been fixed (commit c25badc9ceb6).

In cpufreq-bench, which prints an error message for offline CPUs,
properly distinguish and report the zero and negative cases.

[carnil: Update/Refresh patch for 4.14.17: The issue with the
incorrect check has been fixed with upstream commit 53d1cd6b125f.
Keep in the patch the distinction and report for the zero and
negative cases.]
Ben Hutchings <ben@decadent.org.uk> yes 2016-11-03
bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch tools/perf: pmu-events: Fix reproducibility
jevents.py enumerates files and outputs the corresponding C structs in
the order they are found. This makes it sensitive to directory
ordering, so that the perf executable is not reproducible.

To avoid this, sort the entries returned by os.scandir() before
processing them.
Ben Hutchings <ben@decadent.org.uk> yes 2019-08-25
bugfix/all/libapi-define-_fortify_source-as-2-not-empty.patch libapi: Define _FORTIFY_SOURCE as 2, not empty Ben Hutchings <benh@debian.org> no 2022-01-15
bugfix/all/tools-perf-fix-missing-ldflags-for-some-programs.patch tools/perf: Fix missing LDFLAGS for some programs Ben Hutchings <benh@debian.org> no 2022-01-15
bugfix/powerpc/fbdev-offb-Update-expected-device-name.patch fbdev/offb: Update expected device name
Since commit 241d2fb56a18 ("of: Make OF framebuffer device names unique"),
as spotted by Frédéric Bonnard, the historical "of-display" device is
"of-display.N" as required.

This means that offb no longer finds the expected device, which prevents
the Debian Installer from setting up its interface, at least on ppc64el.

It might be better to iterate on all possible nodes, but updating the
hardcoded device from "of-display" to "of-display.0" is confirmed to fix
the Debian Installer at the very least.
Cyril Brulebois <cyril@debamax.com> no https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit?id=27c74ea74be805ccba1bc1a0a03cc79c51dca6ea 2023-04-12
features/all/ethernet-microsoft/0001-net-Remove-the-obsolte-u64_stats_fetch_-_irq-users-d.patch [PATCH 01/23] net: Remove the obsolte u64_stats_fetch_*_irq() users (drivers).

Now that the 32bit UP oddity is gone and 32bit uses always a sequence
count, there is no need for the fetch_irq() variants anymore.

Convert to the regular interface.

(cherry picked from commit 068c38ad88ccb09e5e966d4db5cedab0e02b3b95)
Bastian Blank <waldi@debian.org> no 2023-07-12
features/all/ethernet-microsoft/0002-net-mana-Assign-interrupts-to-CPUs-based-on-NUMA-nod.patch [PATCH 02/23] net: mana: Assign interrupts to CPUs based on NUMA nodes

In large VMs with multiple NUMA nodes, network performance is usually
best if network interrupts are all assigned to the same virtual NUMA
node. This patch assigns online CPU according to a numa aware policy,
local cpus are returned first, followed by non-local ones, then it wraps
around.

(cherry picked from commit 71fa6887eeca7b631528f9c7a39815498de8028c)
Saurabh Sengar <ssengar@linux.microsoft.com> no 2022-10-31
features/all/ethernet-microsoft/0003-net-mana-Add-support-for-auxiliary-device.patch [PATCH 03/23] net: mana: Add support for auxiliary device
In preparation for supporting MANA RDMA driver, add support for auxiliary
device in the Ethernet driver. The RDMA device is modeled as an auxiliary
device to the Ethernet device.

(cherry picked from commit a69839d4327d053b18d8e1b0e7ddeee78db78f4f)
Long Li <longli@microsoft.com> no 2022-11-03
features/all/ethernet-microsoft/0004-net-mana-Record-the-physical-address-for-doorbell-pa.patch [PATCH 04/23] net: mana: Record the physical address for doorbell page region

For supporting RDMA device with multiple user contexts with their
individual doorbell pages, record the start address of doorbell page
region for use by the RDMA driver to allocate user context doorbell IDs.

(cherry picked from commit f3dc096246091048677c45cfc0e24ad512927b52)
Long Li <longli@microsoft.com> no 2022-11-03
features/all/ethernet-microsoft/0005-net-mana-Handle-vport-sharing-between-devices.patch [PATCH 05/23] net: mana: Handle vport sharing between devices
For outgoing packets, the PF requires the VF to configure the vport with
corresponding protection domain and doorbell ID for the kernel or user
context. The vport can't be shared between different contexts.

Implement the logic to exclusively take over the vport by either the
Ethernet device or RDMA device.

(cherry picked from commit b5c1c9855be3b5b978fde975a63df3cabc273faa)
Long Li <longli@microsoft.com> no 2022-11-03
features/all/ethernet-microsoft/0006-net-mana-Set-the-DMA-device-max-segment-size.patch [PATCH 06/23] net: mana: Set the DMA device max segment size
MANA hardware doesn't have any restrictions on the DMA segment size, set it
to the max allowed value.

(cherry picked from commit 6fe254160bd033a1e62dbad9b734183b31144678)
Ajay Sharma <sharmaajay@microsoft.com> no 2022-11-03
features/all/ethernet-microsoft/0007-net-mana-Export-Work-Queue-functions-for-use-by-RDMA.patch [PATCH 07/23] net: mana: Export Work Queue functions for use by RDMA driver

RDMA device may need to create Ethernet device queues for use by Queue
Pair type RAW. This allows a user-mode context accesses Ethernet hardware
queues. Export the supporting functions for use by the RDMA driver.

(cherry picked from commit 4c0ff7a106e16ab63e0b597557255c012f179578)
Long Li <longli@microsoft.com> no 2022-11-03
features/all/ethernet-microsoft/0008-net-mana-Record-port-number-in-netdev.patch [PATCH 08/23] net: mana: Record port number in netdev
The port number is useful for user-mode application to identify this
net device based on port index. Set to the correct value in ndev.

(cherry picked from commit d44089e555ffe63a49cc6e94d0c03d933e413059)
Long Li <longli@microsoft.com> no 2022-11-03
features/all/ethernet-microsoft/0009-net-mana-Move-header-files-to-a-common-location.patch [PATCH 09/23] net: mana: Move header files to a common location
In preparation to add MANA RDMA driver, move all the required header files
to a common location for use by both Ethernet and RDMA drivers.

(cherry picked from commit fd325cd648f15eb9a8b32a68de3bafc72bcfe753)
Long Li <longli@microsoft.com> no 2022-11-03
features/all/ethernet-microsoft/0010-net-mana-Define-max-values-for-SGL-entries.patch [PATCH 10/23] net: mana: Define max values for SGL entries
The number of maximum SGl entries should be computed from the maximum
WQE size for the intended queue type and the corresponding OOB data
size. This guarantees the hardware queue can successfully queue requests
up to the queue depth exposed to the upper layer.

(cherry picked from commit aa56549792fb348892fbbae67f6f0c71bb750b65)
Long Li <longli@microsoft.com> no 2022-11-03
features/all/ethernet-microsoft/0011-net-mana-Define-and-process-GDMA-response-code-GDMA_.patch [PATCH 11/23] net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES

When doing memory registration, the PF may respond with
GDMA_STATUS_MORE_ENTRIES to indicate a follow request is needed. This is
not an error and should be processed as expected.

(cherry picked from commit de372f2a9ca7ada2698ecac7df8f02407cd98fa0)
Ajay Sharma <sharmaajay@microsoft.com> no 2022-11-03
features/all/ethernet-microsoft/0012-net-mana-Define-data-structures-for-protection-domai.patch [PATCH 12/23] net: mana: Define data structures for protection domain and memory registration

The MANA hardware support protection domain and memory registration for use
in RDMA environment. Add those definitions and expose them for use by the
RDMA driver.

(cherry picked from commit 28c66cfa45388af1126985d1114e0ed762eb2abd)
Ajay Sharma <sharmaajay@microsoft.com> no 2022-11-03
features/all/ethernet-microsoft/0013-net-mana-Fix-return-type-of-mana_start_xmit.patch [PATCH 13/23] net: mana: Fix return type of mana_start_xmit()
The ndo_start_xmit field in net_device_ops is expected to be of type
netdev_tx_t (*ndo_start_xmit)(struct sk_buff *skb, struct net_device *dev).

The mismatched return type breaks forward edge kCFI since the underlying
function definition does not match the function hook definition. A new
warning in clang will catch this at compile time:

drivers/net/ethernet/microsoft/mana/mana_en.c:382:21: error: incompatible function pointer types initializing 'netdev_tx_t (*)(struct sk_buff *, struct net_device *)' (aka 'enum netdev_tx (*)(struct sk_buff *, struct net_device *)') with an expression of type 'int (struct sk_buff *, struct net_device *)' [-Werror,-Wincompatible-function-pointer-types-strict]
.ndo_start_xmit = mana_start_xmit,
^~~~~~~~~~~~~~~
1 error generated.

The return type of mana_start_xmit should be changed from int to
netdev_tx_t.

[nathan: Rebase on net-next and resolve conflicts
Add note about new clang warning]
(cherry picked from commit 0c9ef08a4d0fd6c5e6000597b506235d71a85a61)
Nathan Huckleberry <nhuck@google.com> no 2022-11-08
features/all/ethernet-microsoft/0014-net-mana-Fix-accessing-freed-irq-affinity_hint.patch [PATCH 14/23] net: mana: Fix accessing freed irq affinity_hint
After calling irq_set_affinity_and_hint(), the cpumask pointer is
saved in desc->affinity_hint, and will be used later when reading
/proc/irq/<num>/affinity_hint. So the cpumask variable needs to be
persistent. Otherwise, we are accessing freed memory when reading
the affinity_hint file.

Also, need to clear affinity_hint before free_irq(), otherwise there
is a one-time warning and stack trace during module unloading:

[ 243.948687] WARNING: CPU: 10 PID: 1589 at kernel/irq/manage.c:1913 free_irq+0x318/0x360
...
[ 243.948753] Call Trace:
[ 243.948754] <TASK>
[ 243.948760] mana_gd_remove_irqs+0x78/0xc0 [mana]
[ 243.948767] mana_gd_remove+0x3e/0x80 [mana]
[ 243.948773] pci_device_remove+0x3d/0xb0
[ 243.948778] device_remove+0x46/0x70
[ 243.948782] device_release_driver_internal+0x1fe/0x280
[ 243.948785] driver_detach+0x4e/0xa0
[ 243.948787] bus_remove_driver+0x70/0xf0
[ 243.948789] driver_unregister+0x35/0x60
[ 243.948792] pci_unregister_driver+0x44/0x90
[ 243.948794] mana_driver_exit+0x14/0x3fe [mana]
[ 243.948800] __do_sys_delete_module.constprop.0+0x185/0x2f0

To fix the bug, use the persistent mask, cpumask_of(cpu#), and set
affinity_hint to NULL before freeing the IRQ, as required by free_irq().

(cherry picked from commit 18a048370b06a3a521219e9e5b10bdc2178ef19c)
Haiyang Zhang <haiyangz@microsoft.com> no 2023-02-06
features/all/ethernet-microsoft/0015-net-mana-Add-new-MANA-VF-performance-counters-for-ea.patch [PATCH 15/23] net: mana: Add new MANA VF performance counters for easier troubleshooting

Extended performance counter stats in 'ethtool -S <interface>' output
for MANA VF to facilitate troubleshooting.

(cherry picked from commit bd7fc6e1957c2102866f9e464c1f2302e891b7e9)
Shradha Gupta <shradhagupta@linux.microsoft.com> no 2023-03-15
features/all/ethernet-microsoft/0016-net-mana-Remove-redundant-pci_clear_master.patch [PATCH 16/23] net: mana: Remove redundant pci_clear_master
Remove pci_clear_master to simplify the code,
the bus-mastering is also cleared in do_pci_disable_device,
like this:
./drivers/pci/pci.c:2197
static void do_pci_disable_device(struct pci_dev *dev)
{
u16 pci_command;

pci_read_config_word(dev, PCI_COMMAND, &pci_command);
if (pci_command & PCI_COMMAND_MASTER) {
pci_command &= ~PCI_COMMAND_MASTER;
pci_write_config_word(dev, PCI_COMMAND, pci_command);
}

pcibios_disable_device(dev);
}.
And dev->is_busmaster is set to 0 in pci_disable_device.

(cherry picked from commit 2d59af8307526f2829fdec9c5c5898a857d55180)
Cai Huoqing <cai.huoqing@linux.dev> no 2023-03-23
features/all/ethernet-microsoft/0017-net-mana-Use-napi_build_skb-in-RX-path.patch [PATCH 17/23] net: mana: Use napi_build_skb in RX path
Use napi_build_skb() instead of build_skb() to take advantage of the
NAPI percpu caches to obtain skbuff_head.

(cherry picked from commit ce518bc3e9ca342309995c9270c3ec4892963695)
Haiyang Zhang <haiyangz@microsoft.com> no 2023-04-12
features/all/ethernet-microsoft/0018-net-mana-Refactor-RX-buffer-allocation-code-to-prepa.patch [PATCH 18/23] net: mana: Refactor RX buffer allocation code to prepare for various MTU

Move out common buffer allocation code from mana_process_rx_cqe() and
mana_alloc_rx_wqe() to helper functions.
Refactor related variables so they can be changed in one place, and buffer
sizes are in sync.

(cherry picked from commit a2917b23497e4205db32271e4e06e142a9f8a6aa)
Haiyang Zhang <haiyangz@microsoft.com> no 2023-04-12
features/all/ethernet-microsoft/0019-net-mana-Enable-RX-path-to-handle-various-MTU-sizes.patch [PATCH 19/23] net: mana: Enable RX path to handle various MTU sizes
Update RX data path to allocate and use RX queue DMA buffers with
proper size based on potentially various MTU sizes.

(cherry picked from commit 2fbbd712baf1c60996554326728bbdbef5616e12)
Haiyang Zhang <haiyangz@microsoft.com> no 2023-04-12
features/all/ethernet-microsoft/0020-net-mana-Add-support-for-jumbo-frame.patch [PATCH 20/23] net: mana: Add support for jumbo frame
During probe, get the hardware-allowed max MTU by querying the device
configuration. Users can select MTU up to the device limit.
When XDP is in use, limit MTU settings so the buffer size is within
one page. And, when MTU is set to a too large value, XDP is not allowed
to run.
Also, to prevent changing MTU fails, and leaves the NIC in a bad state,
pre-allocate all buffers before starting the change. So in low memory
condition, it will return error, without affecting the NIC.

(cherry picked from commit 80f6215b450eb8e92d8b1f117abf5ecf867f963e)
Haiyang Zhang <haiyangz@microsoft.com> no 2023-04-12
features/all/ethernet-microsoft/0021-net-mana-Check-if-netdev-napi_alloc_frag-returns-sin.patch [PATCH 21/23] net: mana: Check if netdev/napi_alloc_frag returns single page

netdev/napi_alloc_frag() may fall back to single page which is smaller
than the requested size.
Add error checking to avoid memory overwritten.

(cherry picked from commit df18f2da302f169e1a29098c6ca3b474f1b0269e)
Haiyang Zhang <haiyangz@microsoft.com> no 2023-04-21
features/all/ethernet-microsoft/0022-net-mana-Fix-perf-regression-remove-rx_cqes-tx_cqes-.patch [PATCH 22/23] net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters

The apc->eth_stats.rx_cqes is one per NIC (vport), and it's on the
frequent and parallel code path of all queues. So, r/w into this
single shared variable by many threads on different CPUs creates a
lot caching and memory overhead, hence perf regression. And, it's
not accurate due to the high volume concurrent r/w.

For example, a workload is iperf with 128 threads, and with RPS
enabled. We saw perf regression of 25% with the previous patch
adding the counters. And this patch eliminates the regression.

Since the error path of mana_poll_rx_cq() already has warnings, so
keeping the counter and convert it to a per-queue variable is not
necessary. So, just remove this counter from this high frequency
code path.

Also, remove the tx_cqes counter for the same reason. We have
warnings & other counters for errors on that path, and don't need
to count every normal cqe processing.

(cherry picked from commit 1919b39fc6eabb9a6f9a51706ff6d03865f5df29)
Haiyang Zhang <haiyangz@microsoft.com> no 2023-05-26
features/all/ethernet-microsoft/0023-net-mana-Add-support-for-vlan-tagging.patch [PATCH 23/23] net: mana: Add support for vlan tagging
To support vlan, use MANA_LONG_PKT_FMT if vlan tag is present in TX
skb. Then extract the vlan tag from the skb struct, and save it to
tx_oob for the NIC to transmit. For vlan tags on the payload, they
are accepted by the NIC too.

For RX, extract the vlan tag from CQE and put it into skb.

(cherry picked from commit b803d1fded4085d268507a432dac8077ead68971)
Haiyang Zhang <haiyangz@microsoft.com> no 2023-06-09
features/all/ethernet-microsoft/0024-RDMA-mana_ib-Use-v2-version-of-cfg_rx_steer_req-to-e.patch [PATCH 24/30] RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing

With RX coalescing, one CQE entry can be used to indicate multiple packets
on the receive queue. This saves processing time and PCI bandwidth over
the CQ.

The MANA Ethernet driver also uses the v2 version of the protocol. It
doesn't use RX coalescing and its behavior is not changed.

(cherry picked from commit 2145328515c8fa9b8a9f7889250bc6c032f2a0e6)
Long Li <longli@microsoft.com> no 2023-05-13
features/all/ethernet-microsoft/0025-net-mana-use-vmalloc_array-and-vcalloc.patch [PATCH 25/30] net: mana: use vmalloc_array and vcalloc
Use vmalloc_array and vcalloc to protect against
multiplication overflows.

The changes were done using the following Coccinelle
semantic patch:

// <smpl>
@initialize:ocaml@
@@

let rename alloc =
match alloc with
"vmalloc" -> "vmalloc_array"
| "vzalloc" -> "vcalloc"
| _ -> failwith "unknown"

@@
size_t e1,e2;
constant C1, C2;
expression E1, E2, COUNT, x1, x2, x3;
typedef u8;
typedef __u8;
type t = {u8,__u8,char,unsigned char};
identifier alloc = {vmalloc,vzalloc};
fresh identifier realloc = script:ocaml(alloc) { rename alloc };
@@

(
alloc(x1*x2*x3)
|
alloc(C1 * C2)
|
alloc((sizeof(t)) * (COUNT), ...)
|
- alloc((e1) * (e2))
+ realloc(e1, e2)
|
- alloc((e1) * (COUNT))
+ realloc(COUNT, e1)
|
- alloc((E1) * (E2))
+ realloc(E1, E2)
)
// </smpl>

(cherry picked from commit e9c74f8b8a31f77f8e9d7bbed5fc9f2eacbf32a5)
Julia Lawall <Julia.Lawall@inria.fr> no 2023-06-27
features/all/ethernet-microsoft/0026-net-mana-Batch-ringing-RX-queue-doorbell-on-receivin.patch [PATCH 26/30] net: mana: Batch ringing RX queue doorbell on receiving packets

It's inefficient to ring the doorbell page every time a WQE is posted to
the received queue. Excessive MMIO writes result in CPU spending more
time waiting on LOCK instructions (atomic operations), resulting in
poor scaling performance.

Move the code for ringing doorbell page to where after we have posted all
WQEs to the receive queue during a callback from napi_poll().

With this change, tests showed an improvement from 120G/s to 160G/s on a
200G physical link, with 16 or 32 hardware queues.

Tests showed no regression in network latency benchmarks on single
connection.

(cherry picked from commit da4e8648079eb6f26f3a88d8c34270a057e2bfe6)
Long Li <longli@microsoft.com> no 2023-07-17
features/all/ethernet-microsoft/0027-net-mana-Use-the-correct-WQE-count-for-ringing-RQ-do.patch [PATCH 27/30] net: mana: Use the correct WQE count for ringing RQ doorbell

The hardware specification specifies that WQE_COUNT should set to 0 for
the Receive Queue. Although currently the hardware doesn't enforce the
check, in the future releases it may check on this value.

(cherry picked from commit f5e39b57124fd4715d7f0e2f841b8609b38f3e40)
Long Li <longli@microsoft.com> no 2023-07-17
features/all/ethernet-microsoft/0028-net-mana-Configure-hwc-timeout-from-hardware.patch [PATCH 28/30] net: mana: Configure hwc timeout from hardware
At present hwc timeout value is a fixed value. This patch sets the hwc
timeout from the hardware. It now uses a new hardware capability
GDMA_DRV_CAP_FLAG_1_HWC_TIMEOUT_RECONFIG to query and set the value
in hwc_timeout.

(cherry picked from commit 62c1bff593b7e30041d0273b835af9fd6f5ee737)
Souradeep Chakrabarti <schakrabarti@linux.microsoft.com> no 2023-08-02
features/all/ethernet-microsoft/0029-net-mana-Rename-mana_refill_rxoob-and-remove-some-em.patch [PATCH 29/30] net: mana: Rename mana_refill_rxoob and remove some empty lines

Rename mana_refill_rxoob for naming consistency.
And remove some empty lines between function call and error
checking.

(cherry picked from commit 5c74064f43c291d9add2b436a2d70205b71a7cc7)
Haiyang Zhang <haiyangz@microsoft.com> no 2023-04-21
features/all/ethernet-microsoft/0030-net-mana-Add-gdma-stats-to-ethtool-output-for-mana.patch [PATCH 30/30] net: mana: Add gdma stats to ethtool output for mana
Extended performance counter stats in 'ethtool -S <interface>'
for MANA VF to include GDMA tx LSO packets and bytes count.

Testcases:
1. LISA testcase:
PERF-NETWORK-TCP-THROUGHPUT-MULTICONNECTION-NTTTCP-Synthetic
2. LISA testcase:
PERF-NETWORK-TCP-THROUGHPUT-MULTICONNECTION-NTTTCP-SRIOV
3. Validated the GDMA stat packets and byte counters
(cherry picked from commit ac3899c6229649737b9d5cb86e417c98243883dc)
Shradha Gupta <shradhagupta@linux.microsoft.com> no 2023-08-09

All known versions for source package 'linux'

Links