Linux/linux eed108e. MAINTAINERS, arch/nios2/include/asm linkage.h

Merge tag 'nios2_updates_for_v7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/dinguyen/linux

Pull nios2 fixes from Dinh Nguyen:

 - Implement _THIS_IP_ for inline asm

 - Add Simon Schuster as a maintainer and mark the NIOS2 as Supported

* tag 'nios2_updates_for_v7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/dinguyen/linux:
  nios2: Implement _THIS_IP_ using inline asm
  MAINTAINERS: arch/nios2: Add Simon Schuster as co-maintainer
DeltaFile
+2-1MAINTAINERS
+2-0arch/nios2/include/asm/linkage.h
+4-12 files

Linux/linux 95e6d3barch/loongarch/include/asm paravirt.h qspinlock.h, arch/loongarch/kernel relocate.c kprobes.c

Merge tag 'loongarch-fixes-7.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson

Pull LoongArch fixes from Huacai Chen:
 "Rework KASLR to avoid initrd overlap, remove some unused code to avoid
  a build warning, fix some bugs in kprobes and KVM"

* tag 'loongarch-fixes-7.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson:
  LoongArch: KVM: Move some variable declarations to paravirt.h
  LoongArch: kprobes: Fix handling of fatal unrecoverable recursions
  LoongArch: kprobes: Use larch_insn_text_copy() to patch instructions
  LoongArch: Remove unused code to avoid build warning
  LoongArch: Avoid initrd overlap during kernel relocation
  LoongArch: Skip relocation-time KASLR if already applied
  efi/loongarch: Randomize kernel preferred address for KASLR
DeltaFile
+50-0arch/loongarch/kernel/relocate.c
+16-0drivers/firmware/efi/libstub/loongarch.c
+8-6arch/loongarch/kernel/kprobes.c
+6-0arch/loongarch/include/asm/paravirt.h
+1-4arch/loongarch/include/asm/qspinlock.h
+0-4arch/loongarch/mm/init.c
+81-142 files not shown
+88-158 files

Linux/linux c8561c7drivers/base platform.c, fs/sysfs group.c

Merge tag 'driver-core-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/driver-core/driver-core

Pull driver core fixes from Danilo Krummrich:

 - Remove the software node on platform device release(); without this,
   the software node remains registered after the device is gone and a
   subsequent platform_device_register_full() reusing the same node
   fails with -EBUSY

 - In sysfs_update_group(), do not remove a pre-existing directory when
   create_files() fails; the previous code would silently destroy a
   sysfs group that the caller did not create

 - Set fwnode->secondary to NULL in fwnode_init() to avoid dereferencing
   uninitialized memory (e.g. in dev_to_swnode()) when the firmware node
   is allocated on the stack or via a non-zeroing allocator

* tag 'driver-core-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/driver-core/driver-core:
  device property: set fwnode->secondary to NULL in fwnode_init()

    [2 lines not shown]
DeltaFile
+15-1drivers/base/platform.c
+1-1fs/sysfs/group.c
+1-0include/linux/fwnode.h
+17-23 files

Linux/linux 3f26465drivers/i2c i2c-core-smbus.c, drivers/i2c/busses i2c-tegra.c

Merge tag 'i2c-for-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux

Pull i2c fixes from Wolfram Sang:
 "Core:
   - smbus: fix a potential uninitialization bug

  Tegra:
   - drop runtime PM reference when exiting on mutex_lock failure
   - preserve transfer errors when releasing the mutex"

* tag 'i2c-for-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: smbus: fix a potential uninitialization bug
  i2c: tegra: make tegra_i2c_mutex_unlock() return void
  i2c: tegra: fix pm_runtime leak on mutex_lock failure
DeltaFile
+9-10drivers/i2c/busses/i2c-tegra.c
+1-0drivers/i2c/i2c-core-smbus.c
+10-102 files

Linux/linux ab868c1drivers/infiniband/core uverbs_ioctl.c ib_core_uverbs.c, drivers/infiniband/sw/siw siw_qp_rx.c

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

Pull rdma fixes from Jason Gunthorpe:

 - syzbot triggred crash in rxe due to concurrent plug/unplug

 - Possible non-zero'd memory exposed to userspace in bnxt_re

 - Malicous 'magic packet' with SIW causes a buffer overflow

 - Tighten the new uAPI validation code to not crash in debugging prints
   and have the right module dependencies in drivers

 - mana was missing the max_msg_sz report to userspace

 - UAF in rtrs on an error path

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
  RDMA/rtrs: Fix use-after-free in path file creation cleanup

    [7 lines not shown]
DeltaFile
+14-134drivers/infiniband/core/uverbs_ioctl.c
+87-0drivers/infiniband/core/ib_core_uverbs.c
+34-0drivers/infiniband/core/uverbs.h
+15-0drivers/infiniband/sw/siw/siw_qp_rx.c
+7-0tools/testing/selftests/rdma/rxe_rping_between_netns.sh
+4-2tools/testing/selftests/rdma/rxe_ipv6.sh
+161-1367 files not shown
+178-14013 files

Linux/linux f53a244drivers/fwctl/pds main.c

Merge tag 'for-linus-fwctl' of git://git.kernel.org/pub/scm/linux/kernel/git/fwctl/fwctl

Pull fwctl fix from Jason Gunthorpe:

 - Buffer overflow due to missing input validation in pds

* tag 'for-linus-fwctl' of git://git.kernel.org/pub/scm/linux/kernel/git/fwctl/fwctl:
  fwctl: pds: Validate RPC input size before parsing
DeltaFile
+3-0drivers/fwctl/pds/main.c
+3-01 files

Linux/linux 79bd2ddkernel/sched ext.c

Merge tag 'sched_ext-for-7.1-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext

Pull sched_ext fixes from Tejun Heo:

 - Spurious WARN in ops_dequeue() racing with concurrent dispatch

 - Self-deadlock between scheduler disable and a concurrent sub-sched
   enable

* tag 'sched_ext-for-7.1-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/sched_ext:
  sched_ext: Fix spurious WARN on stale ops_state in ops_dequeue()
  sched_ext: Fix deadlock between scx_root_disable() and concurrent forks
DeltaFile
+36-3kernel/sched/ext.c
+36-31 files

Linux/linux de37e50block blk-cgroup.c, include/linux cgroup.h

Merge tag 'cgroup-for-7.1-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup

Pull cgroup fixes from Tejun Heo:
 "Two rstat fixes:

   - Out-of-bounds access in the css_rstat_updated() BPF kfunc when
     called with an unchecked user-supplied cpu

   - Over-strict NMI guard after the recent switch to try_cmpxchg left
     sparc and ppc64 unable to queue rstat updates from NMI"

* tag 'cgroup-for-7.1-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
  cgroup: rstat: relax NMI guard after switch to try_cmpxchg
  cgroup/rstat: validate cpu before css_rstat_cpu() access
DeltaFile
+23-14kernel/cgroup/rstat.c
+3-3mm/memcontrol.c
+1-1block/blk-cgroup.c
+1-0include/linux/cgroup.h
+28-184 files

Linux/linux 4a5860edrivers/accel/amdxdna amdxdna_ubuf.c, drivers/gpu/drm/amd/amdgpu amdgpu_userq.c vce_v1_0.c

Merge tag 'drm-fixes-2026-05-23' of https://gitlab.freedesktop.org/drm/kernel

Pull drm fixes from Dave Airlie:
 "Regular fixes pull, amdgpu/xe being the usual, with bonus msm content
  to bulk things out, otherwise it has the usual scattered changes, with
  amdxdna dropping a badly thought out userspace api.

  gem:
   - clean up LRU locking

  msm:
   - Core:
     - Fixed bindings for SM8650, SM8750 and Eliza
     - Don't use UTS_RELEASE directly
     - Fix typo in clock-names property
   - DPU:
      - Fixed CWB description on Kaanapali
      - Fixed scanline strides for YUV UBWC formats
      - Stopped DSI register dumping to access past the end of region

    [76 lines not shown]
DeltaFile
+131-134drivers/gpu/drm/amd/amdgpu/amdgpu_userq.c
+39-25drivers/gpu/drm/amd/amdgpu/vce_v1_0.c
+27-30drivers/gpu/drm/amd/amdgpu/amdgpu_userq_fence.c
+0-50drivers/accel/amdxdna/amdxdna_ubuf.c
+39-5drivers/gpu/drm/i915/display/intel_psr.c
+18-26drivers/gpu/drm/msm/msm_gem_shrinker.c
+254-27079 files not shown
+739-48485 files

Linux/linux 0e6582adrivers/scsi sd.c, drivers/scsi/isci host.c

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Small fixes, two in drivers and the remaining a sign conversion probem
  in sd with no user visible consequences (non-zero is error)"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: target: tcm_loop: Fix NULL ptr dereference
  scsi: isci: Fix use-after-free in device removal path
  scsi: sd: Fix return code handling in sd_spinup_disk()
DeltaFile
+10-2drivers/target/loopback/tcm_loop.c
+1-2drivers/scsi/sd.c
+3-0drivers/scsi/isci/host.c
+14-43 files

Linux/linux 59825bcdrivers/platform/x86 asus-armoury.h asus-armoury.c, drivers/platform/x86/intel vsec.c

Merge tag 'platform-drivers-x86-v7.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86

Pull x86 platform driver fixes from

 - Add ACPI_HANDLE()/ACPI_COMPANION() NULL checks (many drivers) to
   handle match overrides gracefully

 - asus-armoury:
    - Fix mini-LED mode get/set
    - Add support for FA401EA, FX607VU, G614FR, and GU605CP

 - bitland-mifs-wmi:
    - Add CONFIG_LEDS_CLASS dependency

 - hp-wmi:
    - Add thermal support for Omen 16-c0xxx (board 8902)

 - intel/vsec:
    - Fix enable_cnt imbalance due to PCIe error recovery

    [36 lines not shown]
DeltaFile
+113-0drivers/platform/x86/asus-armoury.h
+30-24drivers/platform/x86/intel/vsec.c
+42-5drivers/platform/x86/uniwill/uniwill-acpi.c
+12-4drivers/platform/x86/asus-armoury.c
+10-2drivers/platform/x86/fujitsu-laptop.c
+10-2drivers/platform/x86/sony-laptop.c
+217-3724 files not shown
+338-6330 files

Linux/linux 84335a9drivers/gpu/drm/xe xe_memirq.c xe_gt_sriov_vf.c

Merge tag 'drm-xe-fixes-2026-05-21' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes

- SRIOV related fixes (Wajdeczko, Mohanram)
- Fix leak and double-free (Lin)
- Multi-cast register fixes (Gustavo)
- Multi-queue fix (Niranjana)

Signed-off-by: Dave Airlie <airlied at redhat.com>

From: Rodrigo Vivi <rodrigo.vivi at intel.com>
Link: https://patch.msgid.link/ag9rR5VwCdkA0lzI@intel.com
DeltaFile
+22-4drivers/gpu/drm/xe/xe_memirq.c
+18-6drivers/gpu/drm/xe/xe_gt_sriov_vf.c
+8-8drivers/gpu/drm/xe/xe_guc_submit.c
+3-3drivers/gpu/drm/xe/xe_wa.c
+5-1drivers/gpu/drm/xe/xe_gt_sriov_pf_monitor.c
+4-2drivers/gpu/drm/xe/xe_oa.c
+60-245 files not shown
+69-3411 files

Linux/linux cca9543drivers/phy/apple atc.c, drivers/phy/eswin phy-eic7700-sata.c

Merge tag 'phy-fixes-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy

Pull phy fixes from Vinod Koul:

 - Big pile of Qualcomm DP/eDP config fixes and kaanapali PHY PLL
   lock failure fix

 - Apple typec switch/mux leak fix

 - Marvell incoorect register fix for mvebu utmi phy

 - Tegra per-pad calibration fix

* tag 'phy-fixes-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy:
  phy: qcom: qmp-usbc: Fix out-of-bounds array access in dp swing config
  phy: apple: atc: Fix typec switch/mux leak on unbind
  phy: spacemit: Remove incorrect clk_disable() in spacemit_usb2phy_init()
  phy: eswin: Fix incorrect error check in probe()
  phy: qcom-qmp-ufs: Fix kaanapali PHY PLL lock failure after SM8650 G4 fix

    [8 lines not shown]
DeltaFile
+181-43drivers/phy/qualcomm/phy-qcom-edp.c
+26-7drivers/phy/tegra/xusb-tegra186.c
+22-5drivers/phy/apple/atc.c
+4-3drivers/phy/samsung/phy-exynos5-usbdrd.c
+2-3drivers/phy/marvell/phy-mvebu-a3700-utmi.c
+2-2drivers/phy/eswin/phy-eic7700-sata.c
+237-634 files not shown
+240-6510 files

Linux/linux e216d85Documentation/devicetree/bindings/spi fsl,spi-fsl-qspi.yaml, drivers/spi spi-sprd.c spi-qup.c

Merge tag 'spi-fix-v7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi

Pull spi fixes from Mark Brown:
 "Another batch of driver fixes from Johan fixing error handling paths,
  plus another from Felix. We also have a new device ID added in the DT
  bindings for SpacemiT K3"

* tag 'spi-fix-v7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
  spi: dt-bindings: fsl-qspi: support SpacemiT K3
  spi: ti-qspi: fix use-after-free after DMA setup failure
  spi: sprd: fix error pointer deref after DMA setup failure
  spi: qup: fix error pointer deref after DMA setup failure
  spi: mtk-snfi: Fix resource leak in mtk_snand_read_page_cache()
  spi: ep93xx: fix error pointer deref after DMA setup failure
DeltaFile
+3-0Documentation/devicetree/bindings/spi/fsl,spi-fsl-qspi.yaml
+2-1drivers/spi/spi-sprd.c
+3-0drivers/spi/spi-qup.c
+1-1drivers/spi/spi-mtk-snfi.c
+2-0drivers/spi/spi-ep93xx.c
+1-0drivers/spi/spi-ti-qspi.c
+12-26 files

Linux/linux ddae104drivers/regulator tps65219-regulator.c Kconfig

Merge tag 'regulator-fix-v7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator

Pull regulator fixes from Mark Brown:
 "A couple of fixes here, one very minor Kconfig fix and a fix for a
  nasty issue with error reporting in the tps65219 driver"

* tag 'regulator-fix-v7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
  regulator: tps65219: fix irq_data.rdev not being assigned
  regulator: Kconfig: fix a typo in help
DeltaFile
+95-40drivers/regulator/tps65219-regulator.c
+1-1drivers/regulator/Kconfig
+96-412 files

Linux/linux 003759ddrivers/pinctrl pinctrl-amd.c, drivers/pinctrl/freescale pinctrl-imx1-core.c

Merge tag 'pinctrl-v7.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pin control fixes from Linus Walleij:

 - Implement the GPIO .get_direction() callback in the Mediatek driver
   to rid dmesg warnings

 - Mark the Qualcomm IPQ4019 pins used as GPIO as using the GPIO pin
   function, so there is no conflict with orthogonal muxing

 - Fix incorrect settings of the "PUPD" (pull-up-pull-down) register
   during suspend/resume in the Renesas RZG2L

 - Fix the SMT register cache to be per-bank in the Renesas RZG2L

 - Fix the QDSS track clock and control pin group names in the Qualcomm
   Eliza driver

 - Fix a deadlock in the Amlogic driver, caused by playing around in

    [21 lines not shown]
DeltaFile
+41-7drivers/pinctrl/freescale/pinctrl-imx1-core.c
+35-0drivers/pinctrl/pinctrl-amd.c
+15-8drivers/pinctrl/renesas/pinctrl-rzg2l.c
+18-0drivers/pinctrl/mediatek/pinctrl-moore.c
+4-4drivers/pinctrl/qcom/pinctrl-sm8150.c
+4-4drivers/pinctrl/qcom/pinctrl-eliza.c
+117-234 files not shown
+129-3010 files

Linux/linux 99e08dedrivers/gpio gpio-aggregator.c gpiolib-cdev.c

Merge tag 'gpio-fixes-for-v7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux

Pull gpio fixes from Bartosz Golaszewski:

 - propagate the error code from regulator_enable() in resume path in
   gpio-pca953x

 - take the device lock when calling device_is_bound() in virtual GPIO
   drivers

 - fix software node leak in remove path in gpio-aggregator

 - fix a potential use-after-free in gpio-aggregator

 - harden the GPIO character device uAPI: check that line config
   attributes are correctly zeroed

* tag 'gpio-fixes-for-v7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
  gpio: virtuser: lock device when calling device_is_bound()

    [6 lines not shown]
DeltaFile
+11-4drivers/gpio/gpio-aggregator.c
+13-0drivers/gpio/gpiolib-cdev.c
+7-4drivers/gpio/gpio-sim.c
+6-3drivers/gpio/gpio-virtuser.c
+1-1drivers/gpio/gpio-pca953x.c
+38-125 files

Linux/linux c224072sound/core/seq seq_ump_client.c, sound/hda/common controller.c

Merge tag 'sound-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "As expected, we still continue receiving lots of small fixes.

  One major change is about HD-audio pending IRQ handling, but this
  would influence only on odd machines or slow VMs. There are a few
  other fixes for the core part, but most of them are not-too-serious
  UAF fixes, while the rest are mostly device-specific fixes and quirks.

  ALSA Core:
   - Fix for PCM silencing with bogus iov_iter
   - Fixes for past-the-end iterators in timer and seq
   - Serialization of UMP output teardown
   - Rate-limit ELD parsing errors

  HD-audio:
   - Fixes for IRQ work handling and SSID matching
   - Various Realtek quirks for HP and ASUS laptops, including LED fixes

    [38 lines not shown]
DeltaFile
+19-115sound/soc/intel/common/soc-acpi-intel-ptl-match.c
+75-31sound/hda/controllers/intel.c
+56-15sound/soc/intel/common/soc-acpi-intel-arl-match.c
+36-7sound/soc/fsl/fsl_sai.c
+7-21sound/hda/common/controller.c
+18-4sound/core/seq/seq_ump_client.c
+211-19331 files not shown
+384-25937 files

Linux/linux 3997e3bblock blk-mq.c blk-zoned.c, drivers/nvme/host pci.c

Merge tag 'block-7.1-20260522' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux

Pull block fixes from Jens Axboe:

 - NVMe pull request via Keith:
      - Fix memory leak for peer-to-peer addresses
      - Fix dma map leaks on resource errors

 - Another bio integrity fix, fixing a recent regression

 - Fix for an issue with the request pre-allocation and caching when IO
   is queued, where if a bio split occurred and ended up blocking, the
   list could be corrupted

* tag 'block-7.1-20260522' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux:
  block: avoid use-after-free in disk_free_zone_resources()
  blk-mq: pop cached request if it is usable
  nvme-pci: fix dma mapping leak on data setup error
  nvme-pci: fix dma_vecs leak on p2p memory
  bio-integrity-fs: pass data iter to bio_integrity_verify()
DeltaFile
+30-4drivers/nvme/host/pci.c
+9-25block/blk-mq.c
+3-4block/blk-zoned.c
+5-1block/bio-integrity-fs.c
+47-344 files

Linux/linux dbae42cio_uring net.c io_uring.c

Merge tag 'io_uring-7.1-20260522' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux

Pull io_uring fixes from Jens Axboe:

 - Fix for an issue with IORING_OP_NOP and using injection results

 - Fix for an issue in IORING_OP_WAITID, where the info state was
   assumed cleared by the lower level syscall handler, but for some
   cases it is not. Just clear the data upfront, so that non-initialized
   data isn't copied back to userspace

 - Fix for a lockdep reported issue, where IORING_OP_BIND enters file
   create and hence hits mnt_want_write(), which creates a three part
   lockdep cycle between the super lock, io_uring's uring_lock, and the
   cred mutex

 - Fix a regression introduced in this cycle with how linked timeouts
   are deleted


    [9 lines not shown]
DeltaFile
+25-1io_uring/net.c
+4-5io_uring/io_uring.c
+2-2io_uring/nop.c
+3-1io_uring/timeout.c
+1-0io_uring/waitid.c
+35-95 files

Linux/linux 558c3ecfs/smb/client cifs_spnego.c netlink.c, fs/smb/smbdirect debug.c

Merge tag 'v7.1-rc5-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fixes from Steve French:
 - Fix missing lock
 - Fix dentry in use after unmounting
 - cifs.upcall security fix
 - require CAP_NET_ADMIN for swn netlink
 - change allocation in DUP_CTX_STR to GFP_KERNEL
 - minor smbdirect debug fix
 - handle_read_data() folio fix

* tag 'v7.1-rc5-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  smb: client: change allocation requirements in DUP_CTX_STR macro
  smb: client: require net admin for CIFS SWN netlink
  smb: smbdirect: divide, not multiply, milliseconds by 1000
  cifs: Fix busy dentry used after unmounting
  smb: client: use data_len for SMB2 READ encrypted folioq copy
  smb: client: reject userspace cifs.spnego descriptions
  smb: client: protect tc_count increment in smb2_find_smb_sess_tcon_unlocked()
DeltaFile
+16-0fs/smb/client/cifs_spnego.c
+5-1fs/smb/client/netlink.c
+2-2fs/smb/client/smb2ops.c
+1-1fs/smb/smbdirect/debug.c
+2-0fs/smb/client/cifsfs.c
+1-1fs/smb/client/fs_context.c
+27-51 files not shown
+29-57 files

Linux/linux 632360efs/zonefs super.c

Merge tag 'zonefs-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs

Pull zonefs fix from Damien Le Moal:

 - Avoid potential overflow when converting a zonefs file number string
   to an inode number (from Johannes)

* tag 'zonefs-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs:
  zonefs: handle integer overflow in zonefs_fname_to_fno
DeltaFile
+5-1fs/zonefs/super.c
+5-11 files

Linux/linux 45255eaDocumentation/admin-guide/pm amd-pstate.rst intel_pstate.rst, drivers/cpufreq amd-pstate-ut.c amd-pstate.c

Merge tag 'pm-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull power management fixes from Rafael Wysocki:
 "These fix maximum frequency computation in the intel_pstate driver for
  two processor models, update its documentation and fix issues related
  to the dynamic EPP support (added during the current development
  cycle) in the amd-pstate driver:

   - Fix maximum frequency computation in the intel_pstate driver for
     Raptor Lake-E and Bartlett Lake that are SMP platforms derived from
     hybrid ones (Rafael Wysocki, Henry Tseng)

   - Fix the description of asymmetric packing with SMT in the
     intel_pstate driver documentation (Ricardo Neri)

   - Fix multiple amd-pstate driver issues related to dynamic EPP
     support added recently, including making it opt-in only (K Prateek
     Nayak, Mario Limonciello)"


    [11 lines not shown]
DeltaFile
+29-7drivers/cpufreq/amd-pstate-ut.c
+18-9drivers/cpufreq/amd-pstate.c
+0-12drivers/cpufreq/Kconfig.x86
+5-6Documentation/admin-guide/pm/amd-pstate.rst
+6-5Documentation/admin-guide/pm/intel_pstate.rst
+2-1drivers/cpufreq/intel_pstate.c
+60-406 files

Linux/linux 28222dcdrivers/acpi battery.c

Merge tag 'acpi-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI support fix from Rafael Wysocki:
 "Unbreak system wakeup on critical battery status in the ACPI battery
  driver inadvertently broken during the 7.0 development cycle"

* tag 'acpi-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI: battery: Fix system wakeup on critical battery status
DeltaFile
+3-1drivers/acpi/battery.c
+3-11 files

Linux/linux f698276block blk-zoned.c

block: avoid use-after-free in disk_free_zone_resources()

The function disk_update_zone_resources() may call
disk_free_zone_resources() in case of error, and following this,
blk_revalidate_disk_zones() will again calls disk_free_zone_resources() if
disk_update_zone_resources() failed. If a zone worker thread is being used
(which is the default for a rotational media zoned device),
disk_free_zone_resources() will try to stop the zone worker thread twice
because disk->zone_wplugs_worker is not reset to NULL when the worker
thread is stopped the first time.

In disk_free_zone_resources(), fix this by correctly clearing
disk->zone_wplugs_worker to NULL when the worker thread is stopped.

And while at it, since disk_free_zone_resources() is always called after a
failed call to disk_update_zone_resources(), remove the unnecessary call
to disk_free_zone_resources() in disk_update_zone_resources().

Fixes: 1365b6904fd0 ("block: allow submitting all zone writes from a single context")

    [4 lines not shown]
DeltaFile
+3-4block/blk-zoned.c
+3-41 files

Linux/linux ef7f594arch/arm64/include/asm tlb.h insn.h

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Catalin Marinas:

 - Handle probe on hinted conditional branch instructions.

   BC.cond instructions can be simulated in the same way as B.cond
   instructions, so extend the decode mask for B.cond to cover BC.cond

 - Flush the walk cache when unsharing PMD tables. Recent changes to
   huge_pmd_unshare() introduced mmu_gather::unshared_tables but the
   arm64 code was still treating the TLB flushing as only targeting leaf
   entries (TLBI VALE1IS).

   Fix it by using non-leaf-only instructions (TLBI VAE1IS) when
   tlb->unshared_tables is set

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: tlb: Flush walk cache when unsharing PMD tables
  arm64: probes: Handle probes on hinted conditional branch instructions
DeltaFile
+2-1arch/arm64/include/asm/tlb.h
+1-1arch/arm64/include/asm/insn.h
+3-22 files

Linux/linux cbadb98arch/s390/kernel perf_pai.c topology.c, drivers/s390/cio chsc_sch.c chsc.c

Merge tag 's390-7.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Alexander Gordeev:

 - Fix PAI NNPA mismatch between counting and recording, where sampling
   reports twice the value

 - Fix loss of PAI counter increments during recording on systems with
   many CPUs under heavy load, while counting is not affected

 - On some supported machines, CHSC cannot access memory outside the DMA
   zone, causing CHSC command failures. Restore GFP_DMA flag when
   allocating memory for CHSC control blocks

 - Align the numbering scheme for higher-level topology structures like
   socket, book, drawer with other hardware identifiers e.g. in sysfs,
   procfs and tools like lscpu

* tag 's390-7.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:

    [4 lines not shown]
DeltaFile
+21-10arch/s390/kernel/perf_pai.c
+10-10drivers/s390/cio/chsc_sch.c
+7-3arch/s390/kernel/topology.c
+2-2drivers/s390/cio/chsc.c
+1-1drivers/s390/cio/scm.c
+41-265 files

Linux/linux 46de408mm slab_common.c slub.c

Merge tag 'slab-for-7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab

Pull slab fix from Vlastimil Babka:

 - Stable fix for a missing cpus_read_lock in one of the cpu sheaves
   flushing paths (Qing Wang)

* tag 'slab-for-7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab:
  mm/slub: hold cpus_read_lock around flush_rcu_sheaves_on_cache()
DeltaFile
+2-0mm/slab_common.c
+1-0mm/slub.c
+3-02 files

Linux/linux 1c04dcdkernel/dma debug.c direct.c

Merge tag 'dma-mapping-7.1-2026-05-22' of git://git.kernel.org/pub/scm/linux/kernel/git/mszyprowski/linux

Pull dma-mapping fixes from Marek Szyprowski:
 "Two minor updates for the DMA-mapping code, mainly fixing some rare
  corner cases (Petr Tesarik, Jianpeng Chang)"

* tag 'dma-mapping-7.1-2026-05-22' of git://git.kernel.org/pub/scm/linux/kernel/git/mszyprowski/linux:
  dma-mapping: move dma_map_resource() sanity check into debug code
  dma-direct: fix use of max_pfn
DeltaFile
+8-1kernel/dma/debug.c
+2-2kernel/dma/direct.c
+0-4kernel/dma/mapping.c
+10-73 files

Linux/linux 2388400kernel/trace tracing_map.c trace_events_hist.c

Merge tag 'trace-v7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull tracing fixes from Steven Rostedt:

 - Avoid NULL return from hist_field_name()

   The function hist_field_name() is directly passed to a strcat() which
   does not handle "NULL" characters. Return a zero length string when
   size is greater than the limit.

   This is used only to output already created histograms and no field
   currently is greater than the limit. But it should still not return
   NULL.

 - Do not call map->ops->elt_free() on allocation failure

   When elt_alloc() fails, it should not call the map->ops->elt_free()
   function if it exists, as that function may not be able to handle the
   free on allocation failures. The ->elt_free() should only be called

    [5 lines not shown]
DeltaFile
+13-4kernel/trace/tracing_map.c
+2-4kernel/trace/trace_events_hist.c
+15-82 files