From d67a07b8f09ff005ce45c3970199796b8888ca6b Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Mon, 9 Sep 2024 15:54:57 +0000
Subject: [PATCH 1/9] kernel: upgrade from 6.6 to 6.12.20

---
 ....6.89.ebuild => hv-daemons-6.12.20.ebuild} |  0
 ...89.ebuild => coreos-kernel-6.12.20.ebuild} |  0
 ...9.ebuild => coreos-modules-6.12.20.ebuild} |  0
 ...d64_defconfig-6.6 => amd64_defconfig-6.12} |  0
 ...m64_defconfig-6.6 => arm64_defconfig-6.12} |  0
 .../{commonconfig-6.6 => commonconfig-6.12}   |  0
 .../sys-kernel/coreos-sources/Manifest        |  4 +--
 ...9.ebuild => coreos-sources-6.12.20.ebuild} |  1 +
 ...elative-path-for-srctree-from-CURDIR.patch |  0
 .../z0002-revert-pahole-flags.patch           |  0
 ...6-boot-Remove-the-bugger-off-message.patch |  0
 ...ECURE_BOOT-flag-to-indicate-secure-b.patch |  0
 ...e-kernel-if-booted-in-secure-boot-mo.patch |  0
 ...Disable-when-the-kernel-is-locked-do.patch |  0
 ...-config-option-to-lock-down-when-in-.patch |  0
 ...s-hv-fix-cross-compilation-for-ARM64.patch | 35 +++++++++++++++++++
 16 files changed, 38 insertions(+), 2 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/{hv-daemons-6.6.89.ebuild => hv-daemons-6.12.20.ebuild} (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-6.6.89.ebuild => coreos-kernel-6.12.20.ebuild} (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/{coreos-modules-6.6.89.ebuild => coreos-modules-6.12.20.ebuild} (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{amd64_defconfig-6.6 => amd64_defconfig-6.12} (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{arm64_defconfig-6.6 => arm64_defconfig-6.12} (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{commonconfig-6.6 => commonconfig-6.12} (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/{coreos-sources-6.6.89.ebuild => coreos-sources-6.12.20.ebuild} (95%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.12}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.12}/z0002-revert-pahole-flags.patch (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.12}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.12}/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.12}/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.12}/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch (100%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.12}/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch (100%)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch

diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.6.89.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.12.20.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.6.89.ebuild
rename to sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.12.20.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.89.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.20.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.89.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.20.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.6.89.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.12.20.ebuild
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.6.89.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.12.20.ebuild
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.6 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.12
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.6
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.12
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.6 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.12
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.6
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.12
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
index 739af2840e..58fd07c1be 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest
@@ -1,2 +1,2 @@
-DIST linux-6.6.tar.xz 140064536 BLAKE2B 5f02fd8696d42f7ec8c5fbadec8e7270bdcfcb1f9844a6c4db3e1fd461c93ce1ccda650ca72dceb4890ebcbbf768ba8fba0bce91efc49fbd2c307b04e95665f2 SHA512 458b2c34d46206f9b4ccbac54cc57aeca1eaecaf831bc441e59701bac6eadffc17f6ce24af6eadd0454964e843186539ac0d63295ad2cc32d112b60360c39a35
-DIST patch-6.6.89.xz 4243548 BLAKE2B a4cf3341e453548a9369ed19fbe07deca183bd5786790161e68bb28340925b351d9046bd8db6fe85836ddff5b82facc85c4fc4fab0e73d2e5837c35672b982f7 SHA512 0642eb456df63bd4f3ab501ca93792e80e6807eef5e8b4dae8bd8a75c3e58397104828c8320994244ab03a62b7f46fa3c476ca8ac42ed7d8f6c8290b5ec6c560
+DIST linux-6.12.tar.xz 147906904 BLAKE2B b2ec2fc69218cacabbbe49f78384a5d259ca581b717617c12b000b16f4a4c59ee348ea886b37147f5f70fb9a7a01c1e2c8f19021078f6b23f5bc62d1c48d5e5e SHA512 a37b1823df7b4f72542f689b65882634740ba0401a42fdcf6601d9efd2e132e5a7650e70450ba76f6cd1f13ca31180f2ccee9d54fe4df89bc0000ade4380a548
+DIST patch-6.12.20.xz 1432116 BLAKE2B cc42fce6584baa82dcf513e62433a61b8d90562648f64d7795e58ec3de0c5449b3685e05a0cb0f9c46b08faa7edf6d6b7edd3520fbc1fabbbb5b8fba2d528299 SHA512 a1568d4233d900f95fa4394147acdc37498582b050fd6a111506f680636b50b6725bf99d76f4f3613d5af5e50d3e46929d718dae3a59f2174ff53477bef83825
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.6.89.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild
similarity index 95%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.6.89.ebuild
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild
index 68ef261b9d..279da7a93d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.6.89.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild
@@ -42,4 +42,5 @@ UNIPATCH_LIST="
 	${PATCH_DIR}/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch \
 	${PATCH_DIR}/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch \
 	${PATCH_DIR}/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch \
+	${PATCH_DIR}/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch \
 "
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0002-revert-pahole-flags.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-revert-pahole-flags.patch
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0002-revert-pahole-flags.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-revert-pahole-flags.patch
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch
similarity index 100%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch
new file mode 100644
index 0000000000..b06e656475
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch
@@ -0,0 +1,35 @@
+From 0890eb69da82aec12518a5c2998afea467a0e9d7 Mon Sep 17 00:00:00 2001
+From: Adrian Vladu <avladu@cloudbasesolutions.com>
+Date: Thu, 19 Sep 2024 07:59:59 +0000
+Subject: [PATCH] tools: hv: fix cross-compilation for ARM64
+
+---
+ tools/hv/Makefile | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tools/hv/Makefile b/tools/hv/Makefile
+index 2e60e2c212cd..d72554cedbf6 100644
+--- a/tools/hv/Makefile
++++ b/tools/hv/Makefile
+@@ -2,7 +2,9 @@
+ # Makefile for Hyper-V tools
+ include ../scripts/Makefile.include
+ 
++ifeq ($(ARCH),)
+ ARCH := $(shell uname -m 2>/dev/null)
++endif
+ sbindir ?= /usr/sbin
+ libexecdir ?= /usr/libexec
+ sharedstatedir ?= /var/lib
+@@ -20,7 +22,7 @@ override CFLAGS += -O2 -Wall -g -D_GNU_SOURCE -I$(OUTPUT)include
+ override CFLAGS += -Wno-address-of-packed-member
+ 
+ ALL_TARGETS := hv_kvp_daemon hv_vss_daemon
+-ifneq ($(ARCH), aarch64)
++ifeq ($(filter $(ARCH),aarch64 arm64),)
+ ALL_TARGETS += hv_fcopy_uio_daemon
+ endif
+ ALL_PROGRAMS := $(patsubst %,$(OUTPUT)%,$(ALL_TARGETS))
+-- 
+2.34.1
+

From 38cd59cab3adab672169edcd18b33db388a84ff5 Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Wed, 18 Sep 2024 10:12:40 +0000
Subject: [PATCH 2/9] kernel: use new patches for secure boot

From: https://sources.debian.org/data/main/l/linux/6.12~rc6-1~exp1/debian/patches/features/all/lockdown/
---
 .../coreos-sources-6.12.20.ebuild             |  9 ++--
 ...cure_boot-flag-to-indicate-secure-b.patch} | 33 ++++--------
 ...-kernel-if-booted-in-secure-boot-mo.patch} | 54 +++++++------------
 ...le-slram-and-phram-when-locked-down.patch} | 13 ++---
 ...nel-config-option-to-lock-down-when.patch} | 45 ++++++----------
 5 files changed, 54 insertions(+), 100 deletions(-)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/{z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch => z0004-efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch} (79%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/{z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch => z0005-efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch} (64%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/{z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch => z0006-mtd-disable-slram-and-phram-when-locked-down.patch} (81%)
 rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/{z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch => z0007-arm64-add-kernel-config-option-to-lock-down-when.patch} (73%)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild
index 279da7a93d..536282e371 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild
@@ -38,9 +38,8 @@ UNIPATCH_LIST="
 	${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch \
 	${PATCH_DIR}/z0002-revert-pahole-flags.patch \
 	${PATCH_DIR}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch \
-	${PATCH_DIR}/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch \
-	${PATCH_DIR}/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch \
-	${PATCH_DIR}/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch \
-	${PATCH_DIR}/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch \
-	${PATCH_DIR}/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch \
+	${PATCH_DIR}/z0004-efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch \
+	${PATCH_DIR}/z0005-efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch \
+	${PATCH_DIR}/z0006-mtd-disable-slram-and-phram-when-locked-down.patch \
+	${PATCH_DIR}/z0007-arm64-add-kernel-config-option-to-lock-down-when.patch \
 "
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
similarity index 79%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
index 8876e43904..822beab21c 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
@@ -1,8 +1,7 @@
-From 1e2ffbec195c89d887bc088691ebb19c9173ecad Mon Sep 17 00:00:00 2001
 From: David Howells <dhowells@redhat.com>
 Date: Mon, 18 Feb 2019 12:45:03 +0000
-Subject: [PATCH 1/4] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot
- mode
+Subject: [28/30] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a5d70c55c603233c192b375f72116a395909da28
 
 UEFI machines can be booted in Secure Boot mode.  Add an EFI_SECURE_BOOT
 flag that can be passed to efi_enabled() to find out whether secure boot is
@@ -26,15 +25,13 @@ cc: linux-efi@vger.kernel.org
  arch/x86/kernel/setup.c           | 14 +----------
  drivers/firmware/efi/Makefile     |  1 +
  drivers/firmware/efi/secureboot.c | 39 +++++++++++++++++++++++++++++++
- include/linux/efi.h               | 17 ++++++++------
- 4 files changed, 51 insertions(+), 20 deletions(-)
+ include/linux/efi.h               | 16 ++++++++-----
+ 4 files changed, 51 insertions(+), 19 deletions(-)
  create mode 100644 drivers/firmware/efi/secureboot.c
 
-diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index eb129277dcdd..7c4a6697e39d 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1190,19 +1190,7 @@ void __init setup_arch(char **cmdline_p)
+@@ -1193,19 +1193,7 @@ void __init setup_arch(char **cmdline_p)
  	/* Allocate bigger log buffer */
  	setup_log_buf(1);
  
@@ -55,11 +52,9 @@ index eb129277dcdd..7c4a6697e39d 100644
  
  	reserve_initrd();
  
-diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile
-index e489fefd23da..f2dfae764fb5 100644
 --- a/drivers/firmware/efi/Makefile
 +++ b/drivers/firmware/efi/Makefile
-@@ -25,6 +25,7 @@ subdir-$(CONFIG_EFI_STUB)		+= libstub
+@@ -25,6 +25,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP)		+= fake_m
  obj-$(CONFIG_EFI_BOOTLOADER_CONTROL)	+= efibc.o
  obj-$(CONFIG_EFI_TEST)			+= test/
  obj-$(CONFIG_EFI_DEV_PATH_PARSER)	+= dev-path-parser.o
@@ -67,9 +62,6 @@ index e489fefd23da..f2dfae764fb5 100644
  obj-$(CONFIG_APPLE_PROPERTIES)		+= apple-properties.o
  obj-$(CONFIG_EFI_RCI2_TABLE)		+= rci2-table.o
  obj-$(CONFIG_EFI_EMBEDDED_FIRMWARE)	+= embedded-firmware.o
-diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c
-new file mode 100644
-index 000000000000..b6620669e32b
 --- /dev/null
 +++ b/drivers/firmware/efi/secureboot.c
 @@ -0,0 +1,39 @@
@@ -112,11 +104,9 @@ index 000000000000..b6620669e32b
 +		}
 +	}
 +}
-diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 80b21d1c6eaf..d267ddba8369 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -871,6 +871,14 @@ extern int __init efi_setup_pcdp_console(char *);
+@@ -871,6 +871,14 @@ extern int __init efi_setup_pcdp_console
  #define EFI_MEM_ATTR		10	/* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */
  #define EFI_MEM_NO_SOFT_RESERVE	11	/* Is the kernel configured to ignore soft reservations? */
  #define EFI_PRESERVE_BS_REGIONS	12	/* Are EFI boot-services memory segments available? */
@@ -131,7 +121,7 @@ index 80b21d1c6eaf..d267ddba8369 100644
  
  #ifdef CONFIG_EFI
  /*
-@@ -895,6 +903,7 @@ static inline bool efi_rt_services_supported(unsigned int mask)
+@@ -895,6 +903,7 @@ static inline bool efi_rt_services_suppo
  	return (efi.runtime_supported_mask & mask) == mask;
  }
  extern void efi_find_mirror(void);
@@ -139,7 +129,7 @@ index 80b21d1c6eaf..d267ddba8369 100644
  #else
  static inline bool efi_enabled(int feature)
  {
-@@ -914,6 +923,7 @@ static inline bool efi_rt_services_supported(unsigned int mask)
+@@ -914,6 +923,7 @@ static inline bool efi_rt_services_suppo
  }
  
  static inline void efi_find_mirror(void) {}
@@ -147,7 +137,7 @@ index 80b21d1c6eaf..d267ddba8369 100644
  #endif
  
  extern int efi_status_to_err(efi_status_t status);
-@@ -1133,13 +1143,6 @@ static inline bool efi_runtime_disabled(void) { return true; }
+@@ -1133,13 +1143,6 @@ static inline bool efi_runtime_disabled(
  extern void efi_call_virt_check_flags(unsigned long flags, const void *caller);
  extern unsigned long efi_call_virt_save_flags(void);
  
@@ -161,6 +151,3 @@ index 80b21d1c6eaf..d267ddba8369 100644
  static inline
  enum efi_secureboot_mode efi_get_secureboot_mode(efi_get_variable_t *get_var)
  {
--- 
-2.39.2
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
similarity index 64%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
index 36df399411..6fff3f8967 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
@@ -1,7 +1,6 @@
-From fa96a2ef86466da0a43756ee39ce3b1cb555a55a Mon Sep 17 00:00:00 2001
 From: Ben Hutchings <ben@decadent.org.uk>
 Date: Tue, 10 Sep 2019 11:54:28 +0100
-Subject: [PATCH 2/4] efi: Lock down the kernel if booted in secure boot mode
+Subject: efi: Lock down the kernel if booted in secure boot mode
 
 Based on an earlier patch by David Howells, who wrote the following
 description:
@@ -18,18 +17,16 @@ help text for LOCK_DOWN_IN_EFI_SECURE_BOOT was adjusted to mention that
 lockdown is triggered in integrity mode (https://bugs.debian.org/1025417)]
 Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
 ---
- arch/x86/kernel/setup.c           |  4 ++--
- drivers/firmware/efi/secureboot.c |  5 +++++
- include/linux/security.h          |  6 ++++++
- security/lockdown/Kconfig         | 15 +++++++++++++++
- security/lockdown/lockdown.c      |  2 +-
- 5 files changed, 29 insertions(+), 3 deletions(-)
+ arch/x86/kernel/setup.c           |    4 ++--
+ drivers/firmware/efi/secureboot.c |    3 +++
+ include/linux/security.h          |    6 ++++++
+ security/lockdown/Kconfig         |   15 +++++++++++++++
+ security/lockdown/lockdown.c      |    2 +-
+ 5 files changed, 27 insertions(+), 3 deletions(-)
 
-diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index 7c4a6697e39d..04e73973098e 100644
 --- a/arch/x86/kernel/setup.c
 +++ b/arch/x86/kernel/setup.c
-@@ -1028,6 +1028,8 @@ void __init setup_arch(char **cmdline_p)
+@@ -904,6 +904,8 @@ void __init setup_arch(char **cmdline_p)
  	if (efi_enabled(EFI_BOOT))
  		efi_init();
  
@@ -38,7 +35,7 @@ index 7c4a6697e39d..04e73973098e 100644
  	reserve_ibft_region();
  	x86_init.resources.dmi_setup();
  
-@@ -1190,8 +1192,6 @@ void __init setup_arch(char **cmdline_p)
+@@ -1070,8 +1072,6 @@ void __init setup_arch(char **cmdline_p)
  	/* Allocate bigger log buffer */
  	setup_log_buf(1);
  
@@ -47,8 +44,6 @@ index 7c4a6697e39d..04e73973098e 100644
  	reserve_initrd();
  
  	acpi_table_upgrade();
-diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c
-index b6620669e32b..8f2554291fb1 100644
 --- a/drivers/firmware/efi/secureboot.c
 +++ b/drivers/firmware/efi/secureboot.c
 @@ -15,6 +15,7 @@
@@ -59,7 +54,7 @@ index b6620669e32b..8f2554291fb1 100644
  
  /*
   * Decide what to do when UEFI secure boot mode is enabled.
-@@ -28,6 +29,10 @@ void __init efi_set_secure_boot(enum efi_secureboot_mode mode)
+@@ -28,6 +29,10 @@ void __init efi_set_secure_boot(enum efi
  			break;
  		case efi_secureboot_mode_enabled:
  			set_bit(EFI_SECURE_BOOT, &efi.flags);
@@ -70,19 +65,17 @@ index b6620669e32b..8f2554291fb1 100644
  			pr_info("Secure boot enabled\n");
  			break;
  		default:
-diff --git a/include/linux/security.h b/include/linux/security.h
-index 4bd0f6fc553e..08258ecbb5f9 100644
 --- a/include/linux/security.h
 +++ b/include/linux/security.h
-@@ -486,6 +486,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen);
+@@ -522,6 +522,7 @@ int security_inode_notifysecctx(struct i
  int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen);
  int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen);
  int security_locked_down(enum lockdown_reason what);
 +int lock_kernel_down(const char *where, enum lockdown_reason level);
- #else /* CONFIG_SECURITY */
- 
- static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data)
-@@ -1404,6 +1405,11 @@ static inline int security_locked_down(enum lockdown_reason what)
+ int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len,
+ 		      void *val, size_t val_len, u64 id, u64 flags);
+ int security_bdev_alloc(struct block_device *bdev);
+@@ -1504,6 +1505,11 @@ static inline int security_locked_down(e
  {
  	return 0;
  }
@@ -91,14 +84,12 @@ index 4bd0f6fc553e..08258ecbb5f9 100644
 +{
 +	return -EOPNOTSUPP;
 +}
- #endif	/* CONFIG_SECURITY */
- 
- #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE)
-diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig
-index e84ddf484010..4175b50b1e6e 100644
+ static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx,
+ 				    u32 *uctx_len, void *val, size_t val_len,
+ 				    u64 id, u64 flags)
 --- a/security/lockdown/Kconfig
 +++ b/security/lockdown/Kconfig
-@@ -45,3 +45,18 @@ config LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY
+@@ -45,3 +45,18 @@ config LOCK_DOWN_KERNEL_FORCE_CONFIDENTI
  	 disabled.
  
  endchoice
@@ -117,11 +108,9 @@ index e84ddf484010..4175b50b1e6e 100644
 +
 +	  Enabling this option results in kernel lockdown being
 +	  triggered in integrity mode if EFI Secure Boot is set.
-diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
-index 68d19632aeb7..67cc9839952f 100644
 --- a/security/lockdown/lockdown.c
 +++ b/security/lockdown/lockdown.c
-@@ -23,7 +23,7 @@ static const enum lockdown_reason lockdown_levels[] = {LOCKDOWN_NONE,
+@@ -24,7 +24,7 @@ static const enum lockdown_reason lockdo
  /*
   * Put the kernel into lock-down mode.
   */
@@ -130,6 +119,3 @@ index 68d19632aeb7..67cc9839952f 100644
  {
  	if (kernel_locked_down >= level)
  		return -EPERM;
--- 
-2.39.2
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-disable-slram-and-phram-when-locked-down.patch
similarity index 81%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-disable-slram-and-phram-when-locked-down.patch
index 7346036e80..c718e7e2f0 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-disable-slram-and-phram-when-locked-down.patch
@@ -1,7 +1,7 @@
-From bb8912cf807feab56cf8e924d33229d800ae71a6 Mon Sep 17 00:00:00 2001
 From: Ben Hutchings <ben@decadent.org.uk>
 Date: Fri, 30 Aug 2019 15:54:24 +0100
-Subject: [PATCH 3/4] mtd: phram,slram: Disable when the kernel is locked down
+Subject: mtd: phram,slram: Disable when the kernel is locked down
+Forwarded: https://lore.kernel.org/linux-security-module/20190830154720.eekfjt6c4jzvlbfz@decadent.org.uk/
 
 These drivers allow mapping arbitrary memory ranges as MTD devices.
 This should be disabled to preserve the kernel's integrity when it is
@@ -21,11 +21,9 @@ Cc: linux-mtd@lists.infradead.org
  drivers/mtd/devices/slram.c | 9 ++++++++-
  2 files changed, 13 insertions(+), 2 deletions(-)
 
-diff --git a/drivers/mtd/devices/phram.c b/drivers/mtd/devices/phram.c
-index 208bd4d871f4..30f84a91692d 100644
 --- a/drivers/mtd/devices/phram.c
 +++ b/drivers/mtd/devices/phram.c
-@@ -364,7 +364,11 @@ static int phram_param_call(const char *val, const struct kernel_param *kp)
+@@ -364,7 +364,11 @@ static int phram_param_call(const char *
  #endif
  }
  
@@ -38,8 +36,6 @@ index 208bd4d871f4..30f84a91692d 100644
  MODULE_PARM_DESC(phram, "Memory region to map. \"phram=<name>,<start>,<length>[,<erasesize>]\"");
  
  #ifdef CONFIG_OF
-diff --git a/drivers/mtd/devices/slram.c b/drivers/mtd/devices/slram.c
-index 28131a127d06..d92a2461e2ce 100644
 --- a/drivers/mtd/devices/slram.c
 +++ b/drivers/mtd/devices/slram.c
 @@ -43,6 +43,7 @@
@@ -77,6 +73,3 @@ index 28131a127d06..d92a2461e2ce 100644
  	while (map) {
  		devname = devstart = devlength = NULL;
  
--- 
-2.39.2
-
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when.patch
similarity index 73%
rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch
rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when.patch
index 7661674404..61b7040971 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when.patch
@@ -1,8 +1,8 @@
-From 8598238a38a333fed5ec0c8287f99813578370ab Mon Sep 17 00:00:00 2001
 From: Linn Crosetto <linn@hpe.com>
 Date: Tue, 30 Aug 2016 11:54:38 -0600
-Subject: [PATCH 4/4] arm64: add kernel config option to lock down when in
- Secure Boot mode
+Subject: arm64: add kernel config option to lock down when in Secure Boot mode
+Bug-Debian: https://bugs.debian.org/831827
+Forwarded: no
 
 Add a kernel configuration option to lock down the kernel, to restrict
 userspace's ability to modify the running kernel when UEFI Secure Boot is
@@ -32,17 +32,15 @@ Signed-off-by: Linn Crosetto <linn@hpe.com>
 [Salvatore Bonaccorso: Forward-ported to 5.10: f30f242fb131 ("efi: Rename
 arm-init to efi-init common for all arch") renamed arm-init.c to efi-init.c]
 ---
- drivers/firmware/efi/efi-init.c    |  5 ++++-
- drivers/firmware/efi/fdtparams.c   | 12 +++++++++++-
- drivers/firmware/efi/libstub/fdt.c |  6 ++++++
- include/linux/efi.h                |  3 ++-
+ drivers/firmware/efi/efi-init.c    |    5 ++++-
+ drivers/firmware/efi/fdtparams.c   |   12 +++++++++++-
+ drivers/firmware/efi/libstub/fdt.c |    6 ++++++
+ include/linux/efi.h                |    3 ++-
  4 files changed, 23 insertions(+), 3 deletions(-)
 
-diff --git a/drivers/firmware/efi/efi-init.c b/drivers/firmware/efi/efi-init.c
-index 59b0d7197b68..e63f8a82d9f4 100644
 --- a/drivers/firmware/efi/efi-init.c
 +++ b/drivers/firmware/efi/efi-init.c
-@@ -204,9 +204,10 @@ void __init efi_init(void)
+@@ -213,9 +213,10 @@ void __init efi_init(void)
  {
  	struct efi_memory_map_data data;
  	u64 efi_system_table;
@@ -54,7 +52,7 @@ index 59b0d7197b68..e63f8a82d9f4 100644
  	if (!efi_system_table)
  		return;
  
-@@ -228,6 +229,8 @@ void __init efi_init(void)
+@@ -237,6 +238,8 @@ void __init efi_init(void)
  		return;
  	}
  
@@ -63,8 +61,6 @@ index 59b0d7197b68..e63f8a82d9f4 100644
  	reserve_regions();
  	/*
  	 * For memblock manipulation, the cap should come after the memblock_add().
-diff --git a/drivers/firmware/efi/fdtparams.c b/drivers/firmware/efi/fdtparams.c
-index 0ec83ba58097..81a0ac408cf5 100644
 --- a/drivers/firmware/efi/fdtparams.c
 +++ b/drivers/firmware/efi/fdtparams.c
 @@ -16,6 +16,7 @@ enum {
@@ -75,7 +71,7 @@ index 0ec83ba58097..81a0ac408cf5 100644
  
  	PARAMCOUNT
  };
-@@ -26,6 +27,7 @@ static __initconst const char name[][22] = {
+@@ -26,6 +27,7 @@ static __initconst const char name[][22]
  	[MMSIZE] = "MemMap Size          ",
  	[DCSIZE] = "MemMap Desc. Size    ",
  	[DCVERS] = "MemMap Desc. Version ",
@@ -99,7 +95,7 @@ index 0ec83ba58097..81a0ac408cf5 100644
  		}
  	}
  };
-@@ -64,6 +68,11 @@ static int __init efi_get_fdt_prop(const void *fdt, int node, const char *pname,
+@@ -64,6 +68,11 @@ static int __init efi_get_fdt_prop(const
  	int len;
  	u64 val;
  
@@ -111,7 +107,7 @@ index 0ec83ba58097..81a0ac408cf5 100644
  	prop = fdt_getprop(fdt, node, pname, &len);
  	if (!prop)
  		return 1;
-@@ -81,7 +90,7 @@ static int __init efi_get_fdt_prop(const void *fdt, int node, const char *pname,
+@@ -81,7 +90,7 @@ static int __init efi_get_fdt_prop(const
  	return 0;
  }
  
@@ -120,7 +116,7 @@ index 0ec83ba58097..81a0ac408cf5 100644
  {
  	const void *fdt = initial_boot_params;
  	unsigned long systab;
-@@ -95,6 +104,7 @@ u64 __init efi_get_fdt_params(struct efi_memory_map_data *mm)
+@@ -95,6 +104,7 @@ u64 __init efi_get_fdt_params(struct efi
  		[MMSIZE] = { &mm->size,		sizeof(mm->size) },
  		[DCSIZE] = { &mm->desc_size,	sizeof(mm->desc_size) },
  		[DCVERS] = { &mm->desc_version,	sizeof(mm->desc_version) },
@@ -128,11 +124,9 @@ index 0ec83ba58097..81a0ac408cf5 100644
  	};
  
  	BUILD_BUG_ON(ARRAY_SIZE(target) != ARRAY_SIZE(name));
-diff --git a/drivers/firmware/efi/libstub/fdt.c b/drivers/firmware/efi/libstub/fdt.c
-index 6a337f1f8787..6c679da644dd 100644
 --- a/drivers/firmware/efi/libstub/fdt.c
 +++ b/drivers/firmware/efi/libstub/fdt.c
-@@ -132,6 +132,12 @@ static efi_status_t update_fdt(void *orig_fdt, unsigned long orig_fdt_size,
+@@ -132,6 +132,12 @@ static efi_status_t update_fdt(void *ori
  		}
  	}
  
@@ -145,20 +139,15 @@ index 6a337f1f8787..6c679da644dd 100644
  	/* Shrink the FDT back to its minimum size: */
  	fdt_pack(fdt);
  
-diff --git a/include/linux/efi.h b/include/linux/efi.h
-index d267ddba8369..fbce526768d3 100644
 --- a/include/linux/efi.h
 +++ b/include/linux/efi.h
-@@ -756,7 +756,8 @@ extern void efi_mem_reserve(phys_addr_t addr, u64 size);
+@@ -764,7 +764,8 @@ extern int efi_mem_desc_lookup(u64 phys_
+ extern int __efi_mem_desc_lookup(u64 phys_addr, efi_memory_desc_t *out_md);
+ extern void efi_mem_reserve(phys_addr_t addr, u64 size);
  extern int efi_mem_reserve_persistent(phys_addr_t addr, u64 size);
- extern void efi_initialize_iomem_resources(struct resource *code_resource,
- 		struct resource *data_resource, struct resource *bss_resource);
 -extern u64 efi_get_fdt_params(struct efi_memory_map_data *data);
 +extern u64 efi_get_fdt_params(struct efi_memory_map_data *data,
 +			      u32 *secure_boot);
  extern struct kobject *efi_kobj;
  
  extern int efi_reboot_quirk_mode;
--- 
-2.39.2
-

From 1fa0474efab22acae3520302f9d98fd0cbc1297c Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Tue, 10 Sep 2024 07:42:06 +0000
Subject: [PATCH 3/9] linux: pahole flags moved to scripts/Makefile.btf

pahole: added a revamped patch to remove the parallel implementation
kernel: use pahole 1.27 feature of reproducible builds
---
 .../coreos-sources-6.12.20.ebuild             |  2 +-
 ...2-pahole-support-reproducible-builds.patch | 26 +++++++++
 .../6.12/z0002-revert-pahole-flags.patch      | 53 -------------------
 3 files changed, 27 insertions(+), 54 deletions(-)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-pahole-support-reproducible-builds.patch
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-revert-pahole-flags.patch

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild
index 536282e371..a5813f4c46 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild
@@ -36,7 +36,7 @@ IUSE=""
 # local patches overlap with the upstream patch.
 UNIPATCH_LIST="
 	${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch \
-	${PATCH_DIR}/z0002-revert-pahole-flags.patch \
+	${PATCH_DIR}/z0002-pahole-support-reproducible-builds.patch \
 	${PATCH_DIR}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch \
 	${PATCH_DIR}/z0004-efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch \
 	${PATCH_DIR}/z0005-efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch \
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-pahole-support-reproducible-builds.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-pahole-support-reproducible-builds.patch
new file mode 100644
index 0000000000..dbce2286a3
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-pahole-support-reproducible-builds.patch
@@ -0,0 +1,26 @@
+From 9faff3734e6456e7927c0914829a4764ec9f1b44 Mon Sep 17 00:00:00 2001
+From: Adrian Vladu <avladu@cloudbasesolutions.com>
+Date: Tue, 17 Sep 2024 13:44:14 +0000
+Subject: [PATCH] pahole: support reproducible builds
+
+---
+ scripts/Makefile.btf | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/scripts/Makefile.btf b/scripts/Makefile.btf
+index 2d6e5ed9081e..b2f88b0fcf37 100644
+--- a/scripts/Makefile.btf
++++ b/scripts/Makefile.btf
+@@ -23,6 +23,9 @@ else
+ # Switch to using --btf_features for v1.26 and later.
+ pahole-flags-$(call test-ge, $(pahole-ver), 126)  = -j --btf_features=encode_force,var,float,enum64,decl_tag,type_tag,optimized_func,consistent_func
+ 
++# Support reproducible builds.
++pahole-flags-$(call test-ge, $(pahole-ver), 127)  = -j --btf_features=encode_force,var,float,enum64,decl_tag,type_tag,optimized_func,consistent_func,reproducible_build
++
+ endif
+ 
+ pahole-flags-$(CONFIG_PAHOLE_HAS_LANG_EXCLUDE)		+= --lang_exclude=rust
+-- 
+2.34.1
+
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-revert-pahole-flags.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-revert-pahole-flags.patch
deleted file mode 100644
index f6648c3401..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-revert-pahole-flags.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-diff --git a/init/Kconfig b/init/Kconfig
-index e173364abd6c..cdc35682e03b 100644
---- a/init/Kconfig
-+++ b/init/Kconfig
-@@ -1899,7 +1899,7 @@ config RUST
- 	depends on !GCC_PLUGINS
- 	depends on !RANDSTRUCT
- 	depends on !SHADOW_CALL_STACK
--	depends on !DEBUG_INFO_BTF || (PAHOLE_HAS_LANG_EXCLUDE && !LTO)
-+	depends on !DEBUG_INFO_BTF
- 	help
- 	  Enables Rust support in the kernel.
- 
-diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
-index da5513cfc125..f2b3aab6d4a1 100644
---- a/lib/Kconfig.debug
-+++ b/lib/Kconfig.debug
-@@ -394,15 +394,6 @@ config PAHOLE_HAS_BTF_TAG
- 	  btf_decl_tag) or not. Currently only clang compiler implements
- 	  these attributes, so make the config depend on CC_IS_CLANG.
- 
--config PAHOLE_HAS_LANG_EXCLUDE
--	def_bool PAHOLE_VERSION >= 124
--	help
--	  Support for the --lang_exclude flag which makes pahole exclude
--	  compilation units from the supplied language. Used in Kbuild to
--	  omit Rust CUs which are not supported in version 1.24 of pahole,
--	  otherwise it would emit malformed kernel and module binaries when
--	  using DEBUG_INFO_BTF_MODULES.
--
- config DEBUG_INFO_BTF_MODULES
- 	bool "Generate BTF type information for kernel modules"
- 	default y
-diff --git a/scripts/pahole-flags.sh b/scripts/pahole-flags.sh
-index 728d55190d97..c293941612e7 100755
---- a/scripts/pahole-flags.sh
-+++ b/scripts/pahole-flags.sh
-@@ -16,15 +16,5 @@ fi
- if [ "${pahole_ver}" -ge "121" ]; then
- 	extra_paholeopt="${extra_paholeopt} --btf_gen_floats"
- fi
--if [ "${pahole_ver}" -ge "122" ]; then
--	extra_paholeopt="${extra_paholeopt} -j"
--fi
--if [ "${pahole_ver}" -ge "124" ]; then
--	# see PAHOLE_HAS_LANG_EXCLUDE
--	extra_paholeopt="${extra_paholeopt} --lang_exclude=rust"
--fi
--if [ "${pahole_ver}" -ge "125" ]; then
--	extra_paholeopt="${extra_paholeopt} --skip_encoding_btf_inconsistent_proto --btf_gen_optimized"
--fi
- 
- echo ${extra_paholeopt}

From da743a4b46e9367954620bab9c7b0ce8b32183f2 Mon Sep 17 00:00:00 2001
From: Jeremi Piotrowski <jpiotrowski@microsoft.com>
Date: Tue, 25 Mar 2025 12:31:43 +0100
Subject: [PATCH 4/9] coreos-modules: Disable DRM_FBDEV_EMULATION

The out-of-tree nvidia driver requires symbols that are behind DRM_TTM_HELPER
if DRM_FBDEV_EMULATION is enabled, but DRM_TTM_HELPER can't be selected unless
we build more drm drivers (which is undesirable). To get out of this, disable
DRM_FBDEV_EMULATION.

Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
---
 .../sys-kernel/coreos-modules/files/commonconfig-6.12            | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12
index f16f1fdd31..31adf3c73f 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12
@@ -171,6 +171,7 @@ CONFIG_DNS_RESOLVER=y
 CONFIG_DRM=m
 CONFIG_DRM_VIRTIO_GPU=m
 CONFIG_DST_CACHE=y
+# CONFIG_DRM_FBDEV_EMULATION is not set
 CONFIG_DUMMY=m
 CONFIG_DYNAMIC_DEBUG=y
 CONFIG_E100=m

From e9dcdfb12baf279cdf539a9b43b10f8d37538be4 Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Tue, 17 Sep 2024 13:19:22 +0000
Subject: [PATCH 5/9] app-emulation/hv_daemons: update the hv_fcopy to
 hv_fcopy_uio, add hv_fcopy_uio_daemon

See: https://github.com/torvalds/linux/commit/82b0945ce2c2d636d5e893ad50210875c929f257wq

Also fix hv tools build for arm64.
---
 .../files/hv_fcopy_uio_daemon.service         |  9 ++++++++
 .../hv-daemons/hv-daemons-9999.ebuild         | 23 +++++++++----------
 .../coreos-sources-6.12.20.ebuild             |  1 +
 3 files changed, 21 insertions(+), 12 deletions(-)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/files/hv_fcopy_uio_daemon.service

diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/files/hv_fcopy_uio_daemon.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/files/hv_fcopy_uio_daemon.service
new file mode 100644
index 0000000000..f12c7ea1bd
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/files/hv_fcopy_uio_daemon.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Hyper-V FCOPY UIO daemon
+ConditionPathExists=/sys/bus/vmbus/devices/eb765408-105f-49b6-b4aa-c123b64d17d4/uio
+
+[Service]
+ExecStart=/usr/bin/hv_fcopy_uio_daemon --no-daemon
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-9999.ebuild
index 9b6b44dba9..30efe5edc9 100644
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-9999.ebuild
@@ -13,20 +13,19 @@ if [[ "${PV}" == 9999 ]]; then
 fi
 
 src_compile() {
-    # Build hv_vss_daemon, hv_kvp_daemon, hv_fcopy_daemon 
+    # Build hv_vss_daemon, hv_kvp_daemon, hv_fcopy_daemon
     kmake tools/hv
 }
 
 src_install() {
-    dobin "${S}/build/tools/hv/hv_fcopy_daemon"
-    dobin "${S}/build/tools/hv/hv_kvp_daemon"
-    dobin "${S}/build/tools/hv/hv_vss_daemon"
-
-    systemd_dounit "${FILESDIR}/hv_fcopy_daemon.service"
-    systemd_dounit "${FILESDIR}/hv_kvp_daemon.service"
-    systemd_dounit "${FILESDIR}/hv_vss_daemon.service"
-
-    systemd_enable_service "multi-user.target" "hv_fcopy_daemon.service"
-    systemd_enable_service "multi-user.target" "hv_kvp_daemon.service"
-    systemd_enable_service "multi-user.target" "hv_vss_daemon.service"
+    local -a HV_DAEMONS=(hv_vss_daemon hv_kvp_daemon hv_fcopy_daemon hv_fcopy_uio_daemon)
+    local HV_DAEMON
+    for HV_DAEMON in "$HV_DAEMONS[@]"
+    do
+        if [ -f "${S}/build/tools/hv/${HV_DAEMON}" ]; then
+            dobin "${S}/build/tools/hv/${HV_DAEMON}"
+            systemd_dounit "${FILESDIR}/${HV_DAEMON}.service"
+            systemd_enable_service "multi-user.target" "${HV_DAEMON}.service"
+        fi
+    done
 }
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild
index a5813f4c46..5e33b6ee4d 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.20.ebuild
@@ -42,4 +42,5 @@ UNIPATCH_LIST="
 	${PATCH_DIR}/z0005-efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch \
 	${PATCH_DIR}/z0006-mtd-disable-slram-and-phram-when-locked-down.patch \
 	${PATCH_DIR}/z0007-arm64-add-kernel-config-option-to-lock-down-when.patch \
+	${PATCH_DIR}/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch \
 "

From 4da91059482ecb625f4c39248d8f63042d0ea2f0 Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Fri, 11 Apr 2025 11:47:38 +0000
Subject: [PATCH 6/9] linux: config: add and remove required build configs

Remove CONFIG_AMD_IOMMU_V2, CONFIG_FB_ARMCLCD, CONFIG_MD_LINEAR, CONFIG_NET_ACT_IPT.

Add CONFIG_MODULE_COMPRESS.

See: https://github.com/torvalds/linux/commit/5a0b11a180a9b82b4437a4be1cf73530053f139b

linux: remove CONFIG_MD_LINEAR

See: https://github.com/torvalds/linux/commit/849d18e27be9a1253f2318cb4549cc857219d991

linux: remove CONFIG_NET_ACT_IPT

See: https://github.com/torvalds/linux/commit/86fe596b588fc9ec23bf93a5c8f86fc16225dd3a

linux: add required CONFIG_MODULE_COMPRESS=y

See: https://github.com/torvalds/linux/commit/c7ff693fa2094ba0a9d0a20feb4ab1658eff9c33

linux: remove CONFIG_FB_ARMCLCD

See: https://github.com/torvalds/linux/commit/dee56ccb468a832074397fdbf22bbd9bf6d710aa
---
 .../sys-kernel/coreos-modules/files/amd64_defconfig-6.12       | 1 -
 .../sys-kernel/coreos-modules/files/arm64_defconfig-6.12       | 1 -
 .../sys-kernel/coreos-modules/files/commonconfig-6.12          | 3 +--
 3 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.12 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.12
index af07e1a4fe..c1f0251631 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.12
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.12
@@ -12,7 +12,6 @@ CONFIG_ACPI_IPMI=m
 CONFIG_ACPI_PCI_SLOT=y
 CONFIG_ACPI_PROCESSOR_AGGREGATOR=y
 CONFIG_AMD_IOMMU=y
-CONFIG_AMD_IOMMU_V2=m
 CONFIG_AQTION=m
 CONFIG_ARCH_MEMORY_PROBE=y
 CONFIG_AUTOFS_FS=y
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.12 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.12
index 0ca2fb3897..e83ace56d3 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.12
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.12
@@ -32,7 +32,6 @@ CONFIG_CRYPTO_SHA1_ARM64_CE=y
 CONFIG_CRYPTO_SHA2_ARM64_CE=y
 # CONFIG_DEBUG_PREEMPT is not set
 CONFIG_DM_DEBUG=y
-CONFIG_FB_ARMCLCD=y
 CONFIG_GPIO_PL061=y
 CONFIG_GPIO_XGENE=y
 CONFIG_GPIO_XGENE_SB=y
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12
index 31adf3c73f..90ada1fa62 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12
@@ -454,7 +454,6 @@ CONFIG_MAGIC_SYSRQ=y
 CONFIG_MARVELL_PHY=m
 CONFIG_MAX_RAW_DEVS=8192
 CONFIG_MD=y
-CONFIG_MD_LINEAR=m
 CONFIG_MD_RAID0=m
 CONFIG_MEGARAID_MAILBOX=m
 CONFIG_MEGARAID_MM=m
@@ -497,6 +496,7 @@ CONFIG_MMC_BLOCK_MINORS=16
 CONFIG_MMC_SDHCI=m
 CONFIG_MMC_SDHCI_PCI=m
 CONFIG_MODULES=y
+CONFIG_MODULE_COMPRESS=y
 CONFIG_MODULE_COMPRESS_XZ=y
 CONFIG_MODULE_SIG=y
 CONFIG_MODULE_SIG_KEY="${MODULE_SIGNING_KEY_DIR}/certs/modules.pem"
@@ -601,7 +601,6 @@ CONFIG_NET_ACT_CTINFO=m
 CONFIG_NET_ACT_GACT=m
 CONFIG_NET_ACT_GATE=m
 CONFIG_NET_ACT_IFE=m
-CONFIG_NET_ACT_IPT=m
 CONFIG_NET_ACT_MIRRED=m
 CONFIG_NET_ACT_MPLS=m
 CONFIG_NET_ACT_NAT=m

From 82015b771d889007577db7a639e26353dadd25b4 Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Fri, 25 Apr 2025 10:56:37 +0000
Subject: [PATCH 7/9] linux: add changelog for Linux kernel 6.12 upgrade

---
 changelog/updates/2025-04-25-kernel-6.12.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog/updates/2025-04-25-kernel-6.12.md

diff --git a/changelog/updates/2025-04-25-kernel-6.12.md b/changelog/updates/2025-04-25-kernel-6.12.md
new file mode 100644
index 0000000000..a104c045d3
--- /dev/null
+++ b/changelog/updates/2025-04-25-kernel-6.12.md
@@ -0,0 +1 @@
+- Linux ([6.12](https://lore.kernel.org/all/CAHk-=wgtGkHshfvaAe_O2ntnFBH3EprNk1juieLmjcF2HBwBgQ@mail.gmail.com/) (includes [6.12](https://kernelnewbies.org/Linux_6.12)))

From 951883e793e837a1d57d22134124d4858948f83f Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Mon, 12 May 2025 10:26:57 +0000
Subject: [PATCH 8/9] linux: re-add CONFIG_MD_LINEAR=m

See: https://github.com/torvalds/linux/commit/127186cfb184eaccdfe948e6da66940cfa03efc5
---
 .../sys-kernel/coreos-modules/files/commonconfig-6.12            | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12
index 90ada1fa62..9274b4df7e 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12
@@ -454,6 +454,7 @@ CONFIG_MAGIC_SYSRQ=y
 CONFIG_MARVELL_PHY=m
 CONFIG_MAX_RAW_DEVS=8192
 CONFIG_MD=y
+CONFIG_MD_LINEAR=m
 CONFIG_MD_RAID0=m
 CONFIG_MEGARAID_MAILBOX=m
 CONFIG_MEGARAID_MM=m

From 87e5a37edf42276fd44247bc42e5eee44c91787a Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Tue, 13 May 2025 08:45:00 +0300
Subject: [PATCH 9/9] Update changelog/updates/2025-04-25-kernel-6.12.md

Co-authored-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
 changelog/updates/2025-04-25-kernel-6.12.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/changelog/updates/2025-04-25-kernel-6.12.md b/changelog/updates/2025-04-25-kernel-6.12.md
index a104c045d3..0f01c957d9 100644
--- a/changelog/updates/2025-04-25-kernel-6.12.md
+++ b/changelog/updates/2025-04-25-kernel-6.12.md
@@ -1 +1 @@
-- Linux ([6.12](https://lore.kernel.org/all/CAHk-=wgtGkHshfvaAe_O2ntnFBH3EprNk1juieLmjcF2HBwBgQ@mail.gmail.com/) (includes [6.12](https://kernelnewbies.org/Linux_6.12)))
+- Linux [6.12.20](https://lwn.net/Articles/1015185/) (includes [6.12.19](https://lwn.net/Articles/1014045/), [6.12.18](https://lwn.net/Articles/1013397/), [6.12.17](https://lwn.net/Articles/1012191/), [6.12.16](https://lwn.net/Articles/1011265/), [6.12.15](https://lwn.net/Articles/1010623/), [6.12.14](https://lwn.net/Articles/1010356/), [6.12.13](https://lwn.net/Articles/1008643/), [6.12.12](https://lwn.net/Articles/1007440/), [6.12.11](https://lwn.net/Articles/1006009/), [6.12.10](https://lwn.net/Articles/1005382/), [6.12.9](https://lwn.net/Articles/1004549/), [6.12.8](https://lwn.net/Articles/1003985/), [6.12.7](https://lwn.net/Articles/1003608/), [6.12.6](https://lwn.net/Articles/1002918/), [6.12.5](https://lwn.net/Articles/1002176/), [6.12.4](https://lwn.net/Articles/1001437/), [6.12.3](https://lwn.net/Articles/1001203/), [6.12.2](https://lwn.net/Articles/1000872/), [6.12.1](https://lwn.net/Articles/999108/), [6.12](https://lwn.net/Articles/998490/))