arch/arm/boot/dts/marvell/kirkwood-ts419.dtsi | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 arm: dts: kirkwood: fix sata pinmux-ing for ts419

tools/perf/arch/x86/util/unwind-libunwind.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 perf tools: fix unwind build on i386

arch/sh/Makefile | 10 5 + 5 - 0 !
arch/sh/boot/compressed/Makefile | 4 2 + 2 - 0 !
arch/sh/boot/romimage/Makefile | 4 2 + 2 - 0 !
3 files changed, 9 insertions(+), 9 deletions(-)

 sh: do not use hyphen in exported variable names

arch/sh/Makefile defines and exports ld-bfd to be used by
arch/sh/boot/Makefile and arch/sh/boot/compressed/Makefile.  However
some shells, including dash, will not pass through environment
variables whose name includes a hyphen.  Usually GNU make does not use
a shell to recurse, but if e.g. $(srctree) contains '~' it will use a
shell here.

Rename the variable to ld_bfd.

(Another instance of this problem was fixed upstream by commit
82977af93a0d "sh: rename suffix-y to suffix_y".)

References: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=sh4&ver=4.13%7Erc5-1%7Eexp1&stamp=1502943967&raw=0
Fixes: ef9b542fce00 ("sh: bzip2/lzma uImage support.")
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

arch/arm/mm/flush.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 arm: mm: export __sync_icache_dcache() for xen-privcmd

arch/powerpc/boot/Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 powerpc/boot: fix missing crc32poly.h when building with kernel_xz

arch/arm64/kernel/acpi.c | 31 31 + 0 - 0 !
1 file changed, 31 insertions(+)

 arm64/acpi: add fixup for hpe m400 quirks

kernel/cgroup/cgroup-v1.c | 5 1 + 4 - 0 !
1 file changed, 1 insertion(+), 4 deletions(-)

 revert "cgroup: do not report unavailable v1 controllers in
 /proc/cgroups"
Bug-Debian: https://bugs.debian.org/1108294

This reverts commit af000ce85293b8e608f696f0c6c280bc3a75887f.

Starting in version 11, OpenJDK supports both cgroups v1 and v2 APIs,
but relies on /proc/groups (part of the v1 API) to detect which
controllers are enabled.  The VM detects and adjusts its behaviour for
cgroups cpuset and memory limits.  The GC will be configured to
collect before hitting the memory limit.  I think the cpuset limit is
used to decide how many threads to create in some places.

If it does not detect such limits, it may defer GC so long that it
triggers OOM despite not needing all the allocated memory, or may
create too many threads that use the available CPU resources
inefficiently.

The upstream change restricts /proc/cgroups to only show controllers
that support the v1 API.  We have disabled CONFIG_CPUSETS_V1 and
CONFIG_MEMCG_V1 per upstream default, so these controllers do not
support the v1 API and OpenJDK fails to detect them entirely. This
easily results in triggering OOM when running in a container.

OpenJDK 25 (at least the HotSpot VM) has been fixed to detect the
cgroups v2 API without depending on /proc/cgroups, but we also ship
older versions in trixie and bookworm, and this primarily affects
containers which may include OpenJDK from an older release or non-
Debian source.

Revert the upstream change for compatibility with older versions of
OpenJDK.

mm/memtest.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 x86: memtest: warn if bad ram found
Bug-Debian: https://bugs.debian.org/613321

Documentation/admin-guide/kernel-parameters.txt | 4 4 + 0 - 0 !
arch/x86/Kconfig | 8 8 + 0 - 0 !
arch/x86/entry/common.c | 2 1 + 1 - 0 !
arch/x86/entry/syscall_x32.c | 46 46 + 0 - 0 !
arch/x86/include/asm/elf.h | 6 5 + 1 - 0 !
arch/x86/include/asm/syscall.h | 13 13 + 0 - 0 !
6 files changed, 77 insertions(+), 2 deletions(-)

 x86: make x32 syscall support conditional on a kernel parameter
Bug-Debian: https://bugs.debian.org/708070

drivers/net/phy/marvell.c | 16 13 + 3 - 0 !
1 file changed, 13 insertions(+), 3 deletions(-)

 phy/marvell: disable 4-port phys
Date: Wed, 20 Nov 2013 08:30:14 +0000
Bug-Debian: https://bugs.debian.org/723177

fs/btrfs/super.c | 2 1 + 1 - 0 !
fs/ext4/super.c | 2 1 + 1 - 0 !
fs/jbd2/journal.c | 1 1 + 0 - 0 !
fs/nfsd/nfsctl.c | 3 3 + 0 - 0 !
4 files changed, 6 insertions(+), 2 deletions(-)

 fs: add module_softdep declarations for hard-coded crypto drivers
Bug-Debian: https://bugs.debian.org/819725

Documentation/sphinx/kernel_abi.py | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 documentation: use relative source filenames in abi documentation

Currently the ABI documentation files contain absolute source
filenames, which makes them unreproducible if the build directory can
vary.

Remove the source base directory ($srctree) from the source filenames
shown in the documentation.

Signed-off-by: Ben Hutchings <benh@debian.org>

arch/x86/kernel/setup.c | 14 1 + 13 - 0 !
drivers/firmware/efi/Makefile | 1 1 + 0 - 0 !
drivers/firmware/efi/secureboot.c | 39 39 + 0 - 0 !
include/linux/efi.h | 17 10 + 7 - 0 !
4 files changed, 51 insertions(+), 20 deletions(-)

 [28/30] efi: add an efi_secure_boot flag to indicate secure boot mode

arch/x86/kernel/setup.c | 4 2 + 2 - 0 !
drivers/firmware/efi/secureboot.c | 5 5 + 0 - 0 !
include/linux/security.h | 6 6 + 0 - 0 !
security/lockdown/Kconfig | 15 15 + 0 - 0 !
security/lockdown/lockdown.c | 2 1 + 1 - 0 !
5 files changed, 29 insertions(+), 3 deletions(-)

> UEFI Secure Boot provides a mechanism for ensuring that the firmware will
> only load signed bootloaders and kernels.  Certain use cases may also
> require that all kernel modules also be signed.  Add a configuration option
> that to lock down the kernel - which includes requiring validly signed
> modules - if the kernel is secure-booted.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[Salvatore Bonaccorso: After fixing https://bugs.debian.org/956197 the
help text for LOCK_DOWN_IN_EFI_SECURE_BOOT was adjusted to mention that
lockdown is triggered in integrity mode (https://bugs.debian.org/1025417)]
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>

drivers/mtd/devices/phram.c | 6 5 + 1 - 0 !
drivers/mtd/devices/slram.c | 9 8 + 1 - 0 !
2 files changed, 13 insertions(+), 2 deletions(-)

 mtd: phram,slram: disable when the kernel is locked down

drivers/firmware/efi/efi-init.c | 5 4 + 1 - 0 !
drivers/firmware/efi/fdtparams.c | 12 11 + 1 - 0 !
drivers/firmware/efi/libstub/fdt.c | 6 6 + 0 - 0 !
include/linux/efi.h | 3 2 + 1 - 0 !
4 files changed, 23 insertions(+), 3 deletions(-)

 arm64: add kernel config option to lock down when in secure boot mode
Bug-Debian: https://bugs.debian.org/831827

kernel/module/signing.c | 61 59 + 2 - 0 !
1 file changed, 59 insertions(+), 2 deletions(-)

 [patch 3/4] modsign: checking the blacklisted hash before loading a
 kernel module

kernel/module/signing.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 [patch] keys: make use of platform keyring for module signature
 verify
Bug-Debian: https://bugs.debian.org/935945
Bug-Debian: https://bugs.debian.org/1030200

security/integrity/platform_certs/machine_keyring.c | 5 1 + 4 - 0 !
1 file changed, 1 insertion(+), 4 deletions(-)

 [patch] trust machine keyring (mok) by default

kernel/module/version.c | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 module: disable matching missing version crc

tools/usb/usbip/doc/usbipd.8 | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 usbip: document tcp wrappers

scripts/Makefile.build | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 kbuild: fix recordmcount dependency for oot modules
Date: Mon, 08 Sep 2014 18:31:24 +0100

tools/perf/scripts/perl/rw-by-file.pl | 1 0 + 1 - 0 !
tools/perf/scripts/perl/rw-by-pid.pl | 1 0 + 1 - 0 !
tools/perf/scripts/perl/rwtop.pl | 1 0 + 1 - 0 !
tools/perf/scripts/perl/wakeup-latency.pl | 1 0 + 1 - 0 !
4 files changed, 4 deletions(-)

 tools/perf: remove shebang lines from perf scripts

tools/perf/Makefile.config | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 revert "perf build: fix libunwind feature detection on 32-bit x86"

tools/build/feature/test-bpf.c | 8 5 + 3 - 0 !
1 file changed, 5 insertions(+), 3 deletions(-)

 tools/build: remove bpf() run-time check at build time

tools/power/cpupower/bench/system.c | 13 10 + 3 - 0 !
1 file changed, 10 insertions(+), 3 deletions(-)

 cpupower: fix checks for cpu existence

tools/lib/api/Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 libapi: define _fortify_source as 2, not empty

tools/perf/Makefile.perf | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 tools/perf: fix missing ldflags for some programs

Signed-off-by: Ben Hutchings <benh@debian.org>

tools/lib/symbol/Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 tools lib symbol: use -d_fortify_source=2 for non-debug builds
Date: Mon, 24 Apr 2023 12:28:27 +0200

tools/perf/Makefile.config | 1 1 + 0 - 0 !
tools/perf/Makefile.perf | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 1 deletion(-)

 perf tools: support extra_cxxflags

Add support for an EXTRA_CXXFLAGS variable, used similarly to
EXTRA_CFLAGS.

Signed-off-by: Ben Hutchings <benh@debian.org>

tools/perf/Makefile.perf | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 perf tools: pass extra_cflags through to libbpf build again

When perf was statically linked to libbpf, any definition of
EXTRA_CFLAGS passed to Makefile.perf propagated to the sub-make of
libbpf.  Since commit 9dabf4003423 ("perf python: Switch module to
linking libraries from building source"), EXTRA_CFLAGS is overridden
to "-fPIC" for the sub-make.

Change to include any user-provided EXTRA_CFLAGS before the "-fPIC"
option.

Fixes: 9dabf4003423 ("perf python: Switch module to linking libraries ...")
Signed-off-by: Ben Hutchings <benh@debian.org>

scripts/Makefile.btf | 14 12 + 2 - 0 !
1 file changed, 12 insertions(+), 2 deletions(-)

 kbuild, bpf: fix btf reproducibility

pahole 1.22 introduced the -j option for parallel processing, and
kbuild uses it, but this makes its output unreproducible.

pahole 1.27 introduced --btf_features=+reproducible_build which makes
the output reproducible even when -j is used.

Assume that if KBUILD_BUILD_TIMESTAMP is set then a reproducible build
is required, and use both options if available or neither if not.

Signed-off-by: Ben Hutchings <benh@debian.org>

tools/perf/Documentation/perf-check.txt | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch] perf docs: fix perf-check manual page built with asciidoctor

tools/lib/bpf/Makefile | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 libbpf: use the standard fixdep build rule

libbpf's all target depends on the fixdep target defined in
tools/scripts/Makefile.include.  However the $(BPF_IN_SHARED) and
$(BPF_IN_STATIC) targets don't use it, but instead rebuild fixdep in