Upgrade ASK kernel base to Linux 6.18.30

Move the custom ASK/NXP kernel build from lf-6.18.2-1.0.0 toward
the upstream stable 6.18.y baseline, currently 6.18.30.

This pulls in upstream stable fixes, including the BPF verifier fix needed
by Cilium. The previous 6.18.2-based kernel triggered:

  verifier bug: REG INVARIANTS VIOLATION (false_reg1)
  reg_bounds_sanity_check()
  bpf_prog_load()
  cilium-agent

The issue is no longer reproduced on 6.18.30 after fresh boot:
Cilium 1.19.2 reports healthy, BPF datapath is active, all controllers are
healthy, cluster health is reachable, and dmesg no longer shows the verifier
warning.

Refresh affected ASK upstream patch splits:
- add bridge br_input patch
- refresh xfrm policy/state patches
- update package/kernel build inputs for 6.18.30

patches/ask/upstream/kernel/0099-net__bridge__br_input.c.patch

@@ -0,0 +1,36 @@
+diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
+--- a/net/bridge/br_input.c
++++ b/net/bridge/br_input.c
+@@ -65,6 +65,10 @@ static int br_pass_frame_up(struct sk_buff *skb, bool promisc)
+ 	br_multicast_count(br, NULL, skb, br_multicast_igmp_type(skb),
+ 			   BR_MCAST_DIR_TX);
+ 
++#if defined(CONFIG_CPE_FAST_PATH)
++	skb->underlying_iif = indev->ifindex;
++#endif
++
+ 	BR_INPUT_SKB_CB(skb)->promisc = promisc;
+ 
+ 	return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN,
+@@ -166,6 +170,10 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb
+ 	BR_INPUT_SKB_CB(skb)->brdev = br->dev;
+ 	BR_INPUT_SKB_CB(skb)->src_port_isolated = !!(p->flags & BR_ISOLATED);
+ 
++#if defined(CONFIG_CPE_FAST_PATH)
++	skb->abm_ff = 0;
++#endif
++
+ 	if (IS_ENABLED(CONFIG_INET) &&
+ 	    (skb->protocol == htons(ETH_P_ARP) ||
+ 	     skb->protocol == htons(ETH_P_RARP))) {
+@@ -223,6 +231,10 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb
+ 
+ 		if (now != READ_ONCE(dst->used))
+ 			WRITE_ONCE(dst->used, now);
++#if defined(CONFIG_CPE_FAST_PATH)
++		/* Used by ABM module */
++		skb->abm_ff = 1;
++#endif
+ 		br_forward(dst->dst, skb, local_rcv, false);
+ 	} else {
+ 		if (!mcast_hit)

patches/ask/upstream/kernel/0136-net__xfrm__xfrm_policy.c.patch

@@ -1,5 +1,5 @@
 diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
-index 62486f8..3cbe4f8 100644
+index 29c94ee..f9c222f 100644
 --- a/net/xfrm/xfrm_policy.c
 +++ b/net/xfrm/xfrm_policy.c
 @@ -48,6 +48,11 @@
@@ -86,7 +86,7 @@ index 62486f8..3cbe4f8 100644
  ok:
  	xfrm_pols_put(pols, drop_pols);
  	if (dst->xfrm &&
-@@ -3853,6 +3909,34 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
+@@ -3859,6 +3915,34 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
  			goto reject;
  		}
  
@@ -118,10 +118,10 @@ index 62486f8..3cbe4f8 100644
 +#endif
 +#endif
 +
+ out:
  		xfrm_pols_put(pols, npols);
  		sp->verified_cnt = k;
- 
-@@ -4328,6 +4412,14 @@ static int __net_init xfrm_net_init(struct net *net)
+@@ -4339,6 +4423,14 @@ static int __net_init xfrm_net_init(struct net *net)
  	if (rv < 0)
  		goto out_sysctl;
  
@@ -136,7 +136,7 @@ index 62486f8..3cbe4f8 100644
  	rv = xfrm_nat_keepalive_net_init(net);
  	if (rv < 0)
  		goto out_nat_keepalive;
-@@ -4335,6 +4427,12 @@ static int __net_init xfrm_net_init(struct net *net)
+@@ -4346,6 +4438,12 @@ static int __net_init xfrm_net_init(struct net *net)
  	return 0;
  
  out_nat_keepalive:
@@ -149,7 +149,7 @@ index 62486f8..3cbe4f8 100644
  	xfrm_sysctl_fini(net);
  out_sysctl:
  	xfrm_policy_fini(net);
-@@ -4349,6 +4447,11 @@ out_statistics:
+@@ -4360,6 +4458,11 @@ out_statistics:
  static void __net_exit xfrm_net_exit(struct net *net)
  {
  	xfrm_nat_keepalive_net_fini(net);

patches/ask/upstream/kernel/0137-net__xfrm__xfrm_state.c.patch

@@ -126,13 +126,13 @@ index 9e14e45..d685ed7 100644
  		x->pcpu_num = UINT_MAX;
  		spin_lock_init(&x->lock);
  		x->mode_data = NULL;
-@@ -829,6 +878,12 @@ int __xfrm_state_delete(struct xfrm_state *x)
+@@ -850,6 +899,12 @@ int __xfrm_state_delete(struct xfrm_state *x)
  
- 		if (x->id.spi)
- 			hlist_del_rcu(&x->byspi);
+ 		if (!hlist_unhashed(&x->byspi))
+ 			hlist_del_init_rcu(&x->byspi);
 +#if defined(CONFIG_INET_IPSEC_OFFLOAD) || defined(CONFIG_INET6_IPSEC_OFFLOAD)
 +		if (x->handle && x->in_byh_hash) {
-+			hlist_del_rcu(&x->byh);
++			hlist_del_init_rcu(&x->byh);
 +			x->in_byh_hash = 0;
 +		}
 +#endif