Linux/linux a13c140. Makefile

Linux 7.2-rc3
DeltaFile
+1-1Makefile
+1-11 files

Linux/linux f20d61cdrivers/char/tpm tpm-dev.c tpmrm-dev.c

tpm: Make the TPM character devices non-seekable

The TPM character devices expose a sequential command/response
interface, but their open handlers leave FMODE_PREAD and FMODE_PWRITE
enabled.

After a command leaves a response pending, pread(fd, buf, 16, 0x1400)
passes 0x1400 as *off to tpm_common_read(). The transfer length is
bounded by response_length, but the offset is used unchecked when
forming data_buffer + *off. A sufficiently large offset therefore causes
an out-of-bounds heap read through copy_to_user() and, if the copy
succeeds, an out-of-bounds zero-write through the following memset().

Positional I/O does not provide coherent semantics for this interface.
An arbitrary pread offset cannot represent how much of a response has
been consumed sequentially. The write callback always stores a command
at the start of data_buffer, while pwrite() does not update file->f_pos
and can leave the sequential read cursor stale.


    [21 lines not shown]
DeltaFile
+1-1drivers/char/tpm/tpm-dev.c
+1-1drivers/char/tpm/tpmrm-dev.c
+2-22 files

Linux/linux 940d91cdrivers/staging/rtl8723bs/core rtw_wlan_util.c rtw_mlme_ext.c, drivers/staging/rtl8723bs/os_dep ioctl_cfg80211.c

Merge tag 'staging-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging driver fixes from Greg KH:
 "Here are some staging driver fixes for 7.2-rc3 for some reported bugs
  in the vme_user and rtl8723bs drivers. These include:

   - many rtl8723bs OOB fixes for when connecting to "bad" wifi hosts

   - vme_user bugfixes to correctly validate some user-provided data

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'staging-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  staging: rtl8723bs: fix OOB reads in rtw_get_sec_ie(), rtw_get_wapi_ie(), and rtw_get_wps_attr()
  staging: rtl8723bs: fix OOB reads in is_ap_in_tkip() IE loop
  staging: rtl8723bs: fix OOB read in OnAssocRsp() IE loop
  staging: rtl8723bs: fix OOB write in HT_caps_handler()
  staging: rtl8723bs: fix heap buffer overflow in rtw_cfg80211_set_wpa_ie()

    [7 lines not shown]
DeltaFile
+18-5drivers/staging/rtl8723bs/core/rtw_wlan_util.c
+22-0drivers/staging/vme_user/vme_user.c
+19-1drivers/staging/rtl8723bs/core/rtw_mlme_ext.c
+15-0drivers/staging/rtl8723bs/core/rtw_ieee80211.c
+8-0drivers/staging/vme_user/vme_fake.c
+8-0drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c
+90-62 files not shown
+102-88 files

Linux/linux bffa972drivers/android binder.c, drivers/android/binder thread.rs

Merge tag 'char-misc-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull Android/IIO fixes from Greg KH:
 "Here is a set of bugfixes for 7.2-rc3 that resolve a bunch of reported
  issues in just the binder and iio codebases. Included in here are:

   - binder driver bugfixes for both the rust and c versions for
     reported problems

   - lots and lots of iio driver bugfixes for lots of reported issues
     (including a hid sensor driver bugfix)

  Full details are in the shortlog, all of these have been in linux-next
  with no reported issues"

* tag 'char-misc-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (36 commits)
  iio: event: Fix event FIFO reset race
  iio: imu: inv_icm42600: fix timestamp clock period by using lower value
  iio: light: al3010: fix incorrect scale for the highest gain range

    [18 lines not shown]
DeltaFile
+71-6drivers/hid/hid-sensor-hub.c
+46-19drivers/android/binder/thread.rs
+38-2drivers/iio/orientation/hid-sensor-rotation.c
+22-15drivers/iio/dac/mcp47feb02.c
+24-7drivers/android/binder.c
+25-0include/linux/hid-sensor-hub.h
+226-4931 files not shown
+362-11737 files

Linux/linux 8a65af0drivers/tty/serial max310x.c msm_serial.c, drivers/tty/serial/8250 8250_mid.c 8250_port.c

Merge tag 'tty-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

Pull tty/serial fixes from Greg KH:
 "Here are some small tty/serial/vt fixes for 7.2-rc3 that resolve some
  reported problems. Included in here are:

   - vt spurious modifier issue that showed up in -rc1 (reported a
     bunch)

   - 8250 driver bugfixes

   - msm serial driver bugfix

   - max310x serial driver bugfix

  All of these have been in linux-next with no reported issues"

* tag 'tty-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  serial: 8250: Ignore flow control on suspend/resume with no_console_suspend

    [5 lines not shown]
DeltaFile
+11-2drivers/tty/serial/8250/8250_mid.c
+12-0drivers/tty/serial/max310x.c
+9-3drivers/tty/vt/keyboard.c
+8-2drivers/tty/serial/8250/8250_port.c
+2-1drivers/tty/serial/msm_serial.c
+2-1drivers/tty/serial/8250/8250_omap.c
+44-96 files

Linux/linux 534f8f0drivers/usb/dwc3 gadget.c, drivers/usb/host xhci-dbgcap.c

Merge tag 'usb-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are a number of small USB driver fixes for many reported issues.
  Included in here are:

   - usb serial driver corruption and use-after-free fixes

   - usb gadget rndis bugfixes for malicious/buggy host connections

   - typec driver fixes for a load of different tiny reported issues

   - typec mux driver revert for a broken patch in -rc1

   - usb gadget driver fixes for many different reported problems

   - new usb device quirks added

   - usbip tool fixes and some core usbip fixes as well

    [31 lines not shown]
DeltaFile
+27-34drivers/usb/misc/iowarrior.c
+58-2drivers/usb/host/xhci-dbgcap.c
+22-23drivers/usb/misc/idmouse.c
+36-7drivers/usb/dwc3/gadget.c
+33-10drivers/usb/serial/digi_acceleport.c
+18-20drivers/usb/misc/ldusb.c
+194-9647 files not shown
+463-20553 files

Linux/linux f4fb100arch/s390/kernel/diag diag310.c, arch/s390/kernel/vdso note.S

Merge tag 's390-7.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Vasily Gorbik:

 - Fix missing array_index_nospec() call in diag310 memory topology code
   to prevent speculative execution with a user controlled array index

 - Fix get_align_mask() return type to match vm_unmapped_area_info
   align_mask, avoiding possible truncation for future larger masks

 - Remove empty zcrypt CEX2 files left over after CEX2 and CEX3 driver
   removal

 - Add build salt to the vDSO so it gets a unique build id, similar to
   the kernel and modules

* tag 's390-7.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390: Add build salt to the vDSO
  s390/zcrypt: Remove the empty file

    [2 lines not shown]
DeltaFile
+4-3arch/s390/kernel/diag/diag310.c
+3-0arch/s390/kernel/vdso/note.S
+1-1arch/s390/mm/mmap.c
+0-0drivers/s390/crypto/zcrypt_cex2a.c
+0-0drivers/s390/crypto/zcrypt_cex2a.h
+0-0drivers/s390/crypto/zcrypt_cex2c.c
+8-41 files not shown
+8-47 files

Linux/linux 2f9eb0cDocumentation/arch/riscv hwprobe.rst, Documentation/devicetree/bindings/riscv extensions.yaml

Merge tag 'riscv-for-linus-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull RISC-V fixes from Paul Walmsley:
 "The most notable change involves the rseq kselftest common Makefile
  (as it is not RISC-V-specific). The basic approach in the patch
  appears similar to one used in the KVM and S390 selftests (grep for
  LINUX_TOOL_ARCH_INCLUDE and SUBARCH), and the rseq kselftests pass a
  quick build test on x86 after this.

   - Avoid a null pointer deference in machine_kexec_prepare() that the
     IMA subsystem can trigger

   - Bypass libc in part of the ptrace_v_not_enabled kselftest to avoid
     noise from child atfork handlers that libc might run

   - Include Kconfig support for UltraRISC SoCs, already referenced by
     some device drivers; and enable it in our defconfig

   - Fix the build of the rseq kselftest for RISC-V by borrowing a

    [17 lines not shown]
DeltaFile
+107-97Documentation/arch/riscv/hwprobe.rst
+92-92Documentation/devicetree/bindings/riscv/extensions.yaml
+8-7tools/testing/selftests/riscv/vector/validate_v_ptrace.c
+6-0arch/riscv/Kconfig.socs
+5-1tools/testing/selftests/rseq/Makefile
+3-0arch/riscv/kernel/machine_kexec.c
+221-1971 files not shown
+222-1977 files

Linux/linux f4bf75darch/m68k/coldfire m528x.c m523x.c

Merge tag 'm68knommu-fixes-on-top-off-7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu

Pull m68knommu fix from Greg Ungerer:
 "Fix incorrectly updated local SoC IO access function names.

  Testing didn't pick them up because there was no specific defconfig
  for these particular SoC parts. New defconfigs will be introduced in
  the next merge cycle to remedy that"

* tag 'm68knommu-fixes-on-top-off-7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
  m68k: coldfire: fix breakage of missed IO access updates
DeltaFile
+3-3arch/m68k/coldfire/m528x.c
+1-1arch/m68k/coldfire/m523x.c
+4-42 files

Linux/linux 6205562drivers/ufs/core ufs_trace.h, kernel/trace trace_events_user.c trace_remote.c

Merge tag 'trace-v7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull tracing fixes from Steven Rostedt:

 - Free field in error path of synthetic event parse

   In __create_synth_event() the field was allocated but was not freed
   in the error path

 - Fix ring_buffer_event_length() on 8 byte aligned architectures

   On architectures with CONFIG_HAVE_64BIT_ALIGNED_ACCESS set to y, the
   ring_buffer_event_length() may return the wrong size. This is because
   archs with that config set will always use the "big event meta
   header" as that is 8 bytes keeping the payload 8 bytes aligned, even
   when a 4 byte header could hold the size of the event

   But ring_buffer_event_length() doesn't take this into account and
   only subtracts 4 bytes for the meta header in the length when it

    [142 lines not shown]
DeltaFile
+34-9kernel/trace/trace_events_user.c
+27-9drivers/ufs/core/ufs_trace.h
+29-2lib/glob.c
+28-1tools/testing/selftests/user_events/abi_test.c
+23-3tools/testing/selftests/user_events/perf_test.c
+6-12kernel/trace/trace_remote.c
+147-3610 files not shown
+183-6016 files

Linux/linux 44696aadrivers/input/joystick maplecontrol.c, drivers/input/keyboard maple_keyb.c

Merge tag 'input-for-v7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input

Pull input fixes from Dmitry Torokhov:

 - fix MELFAS MMS114 touchscreen driver to reject invalid touch IDs and
   avoid multi-touch slot corruption

 - fix a crash in the Sega Dreamcast (Maple) mouse driver when opening
   the device, caused by missing driver data

 - fixes for Maple drivers (keyboard, mouse, joystick) to properly order
   setting driver data and device registration to avoid races

* tag 'input-for-v7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: mms114 - fix multi-touch slot corruption
  Input: maple_keyb - set driver data before registering input device
  Input: maplecontrol - set driver data before registering input device
  Input: maplemouse - set driver data before registering input device
  Input: maplemouse - fix NULL pointer dereference in open()
DeltaFile
+6-3drivers/input/mouse/maplemouse.c
+2-2drivers/input/keyboard/maple_keyb.c
+2-1drivers/input/joystick/maplecontrol.c
+1-1drivers/input/touchscreen/mms114.c
+11-74 files

Linux/linux 59dee6ddrivers/md dm-thin-metadata.c dm-integrity.c

Merge tag 'for-7.2/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mikulas Patocka:

 - dm-log: fix overflow on 32-bit machines

 - dm-era: fix out of bounds memory access; fix crashes on invalid args

 - dm-verity: fix buffer overflow in forward error correction

 - dm-thin: fix misbehavior on I/O failures

 - dm-pcache: fix NULL pointer dereference on invalid arguments

 - dm-inlinecrypt: fix memory leak on error handling

 - dm-integrity: fix ignoring the 'fix_hmac' option on device open

 - dm: don't store the keyring in memory for a long term

    [25 lines not shown]
DeltaFile
+21-46drivers/md/dm-thin-metadata.c
+18-8drivers/md/dm-integrity.c
+10-6drivers/md/dm-verity-target.c
+10-6drivers/md/dm-era-target.c
+10-1drivers/md/dm.c
+4-6drivers/md/dm-stats.c
+73-739 files not shown
+97-8215 files

Linux/linux cab9e33arch/x86/events/amd core.c brs.c, kernel/events core.c

Merge tag 'perf-urgent-2026-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull perf events fixes from Ingo Molnar:

 - Fix SVM #GP on AMD CPUs that LBR but not BRS (Sandipan Das)

 - Fix UAF bug in the perf AUX code (Lee Jia Jie)

 - Fix address leakage in the AMD LBR code (Sandipan Das)

 - Fix address leakage in the AMD BRS code (Sandipan Das)

* tag 'perf-urgent-2026-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/x86/amd/brs: Fix kernel address leakage
  perf/x86/amd/lbr: Fix kernel address leakage
  perf/aux: Fix page UAF in map_range()
  perf/x86/amd/core: Avoid enabling BRS from the SVM reload path
DeltaFile
+8-4arch/x86/events/amd/core.c
+5-5arch/x86/events/amd/brs.c
+2-1arch/x86/events/amd/lbr.c
+2-0kernel/events/core.c
+17-104 files

Linux/linux b37fa0darch/x86/video video-common.c, arch/x86/virt/svm sev.c

Merge tag 'x86-urgent-2026-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Ingo Molnar:

 - Fix resctrl resource leak (Tony Luck)

 - Fix resctrl umount race (Tony Luck)

 - Fix resctrl double-free (Reinette Chatre)

 - Fix x86 VGA display fallback logic during bootup on
   certain multi-GPU systems (Mario Limonciello)

 - Re-add a WBINVD call to the SNP bootstrap path to
   fix an SNP regression (Tycho Andersen)

* tag 'x86-urgent-2026-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/virt/sev: Revert "Drop WBINVD before setting MSR_AMD64_SYSCFG_SNP_EN"
  x86/video: Only fall back to vga_default_device() without screen info

    [3 lines not shown]
DeltaFile
+26-7fs/resctrl/rdtgroup.c
+14-9arch/x86/video/video-common.c
+2-0arch/x86/virt/svm/sev.c
+42-163 files

Linux/linux 767707akernel signal.c exit.c, kernel/time posix-cpu-timers.c

Merge tag 'timers-urgent-2026-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull timer fix from Ingo Molnar:

 - Fix a subtle posix-cpu-timers vs. exec() race, which
   unearthed other races in the area (Thomas Gleixner)

* tag 'timers-urgent-2026-07-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  posix-cpu-timers: Prevent UAF caused by non-leader exec() race
DeltaFile
+115-58kernel/time/posix-cpu-timers.c
+9-1kernel/signal.c
+6-1kernel/exit.c
+130-603 files

Linux/linux 64d9ca4block blk-zoned.c blk-wbt.c, drivers/block ublk_drv.c xen-blkfront.c

Merge tag 'block-7.2-20260710' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux

Pull block fixes from Jens Axboe:

 - Limit blk_hctx_poll() to one jiffy. Prevents buggy drivers from
   spinning for too long, hence triggering a stalled RCU read section
   warning

 - Avoid a potential deadlock on zone revalidation failure, which could
   otherwise trigger a lockdep circular locking splat during a SCSI disk
   rescan

 - Remove a redundant GD_NEED_PART_SCAN set in add_disk_final()

 - Make writes to queue/wbt_lat_usec honor the WBT enable state

 - ublk fix to snapshot the batch commands before preparing IO, so that
   userspace can't change an already processed tag and trip the
   WARN_ON_ONCE() in the rollback path

    [13 lines not shown]
DeltaFile
+28-14block/blk-zoned.c
+20-1block/blk-wbt.c
+12-1drivers/block/ublk_drv.c
+9-0drivers/block/xen-blkfront.c
+1-5block/genhd.c
+5-0drivers/block/drbd/drbd_receiver.c
+75-212 files not shown
+79-248 files

Linux/linux 596d603io_uring msg_ring.c tw.c

Merge tag 'io_uring-7.2-20260710' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux

Pull io_uring fixes from Jens Axboe:

 - Restore full RCU read section in io_req_local_work_add(), which was
   mistakenly dropped with the DEFER_TASKRUN rework in this merge
   window. Revert the commit that grabbed the RCU read lock in
   io_ctx_mark_taskrun(), as that's no longer required with the previous
   fix.

 - Fix a dangling iovec after a provided-buffer bundle grow failure,
   also an issue introduced in this merge window.

 - Reject IORING_CQE_F_32 flag pass-through in MSG_RING to rings that
   weren't setup with CQE32 or CQE_MIXED.

 - Return -EINVAL rather than -ENOMEM from get_unmapped_area() when mmap
   validation fails, matching io_uring_mmap().


    [7 lines not shown]
DeltaFile
+27-7io_uring/msg_ring.c
+7-4io_uring/tw.c
+3-2io_uring/kbuf.c
+2-2io_uring/uring_cmd.c
+1-1io_uring/memmap.c
+40-165 files

Linux/linux 4b22d08drivers/md dm-thin-metadata.c

dm thin metadata: fix superblock refcount leak on snapshot shadow failure

__reserve_metadata_snap() increments THIN_SUPERBLOCK_LOCATION in the
metadata space map before shadowing it. When dm_tm_shadow_block()
fails, a reference is leaked in the metadata space map.

Fix by adding the missing dm_sm_dec_block().

Signed-off-by: Genjian Zhang <zhanggenjian at kylinos.cn>
Signed-off-by: Mikulas Patocka <mpatocka at redhat.com>
Fixes: cc8394d86f04 ("dm thin: provide userspace access to pool metadata")
Cc: stable at vger.kernel.org
DeltaFile
+3-1drivers/md/dm-thin-metadata.c
+3-11 files

Linux/linux 47915e8arch/x86/events/amd brs.c

perf/x86/amd/brs: Fix kernel address leakage

A user-only branch stack can contain branches that originate from
the kernel. As a result, kernel addresses are exposed to user space
even when PERF_SAMPLE_BRANCH_USER is requested. On AMD processors
supporting X86_FEATURE_BRS (Zen 3 only), perf can still report entries
such as SYSRET/interrupt returns for which the branch-from addresses
are in the kernel.

E.g.

  $ perf record -j any,u -c 4000 -e branch-brs -o - -- \
        perf bench syscall basic --loop 1000 | \
        perf script -i - -F brstack|tr ' ' '\n'| \
        grep -E '0x[89a-f][0-9a-f]{15}'

  ...
  0xffffffff810001c4/0x72e2e32955eb/-/-/-/0//-
  0xffffffff810001c4/0x72e2d94a9821/-/-/-/0//-

    [21 lines not shown]
DeltaFile
+5-5arch/x86/events/amd/brs.c
+5-51 files

Linux/linux adea84edrivers/input/touchscreen mms114.c

Input: mms114 - fix multi-touch slot corruption

If the touchscreen controller reports a touch ID of 0, the driver
calculates the slot ID as touch->id - 1, which underflows to UINT_MAX.
This is passed to input_mt_slot() as -1.

Since the input core ignores negative slot values, the active slot remains
unchanged. The driver then reports the touch coordinates for the previously
active slot, corrupting its state.

Fix this by rejecting touch reports with ID 0.

Fixes: 07b8481d4aff ("Input: add MELFAS mms114 touchscreen driver")
Cc: stable at vger.kernel.org
Reported-by: sashiko-bot at kernel.org
Assisted-by: Antigravity:gemini-3.5-flash
Link: https://patch.msgid.link/20260704060115.353049-1-dmitry.torokhov@gmail.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov at gmail.com>
DeltaFile
+1-1drivers/input/touchscreen/mms114.c
+1-11 files

Linux/linux dd3210cdrivers/regulator core.c mt6316-regulator.c

Merge tag 'regulator-fix-v7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator

Pull regulator fixes from Mark Brown:
 "A couple of straightforward fixes for device loading, plus a fix for
  the core support for keeping multiple regulators with voltages close
  to each other that was sadly introduced due to one of the more
  beautiful corners of our API design"

* tag 'regulator-fix-v7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
  regulator: core: regulator_lock_two() should test for EDEADLK not EDEADLOCK
  regulator: mt6363: add missing MODULE_DEVICE_TABLE()
  regulator: mt6316: add missing MODULE_DEVICE_TABLE()
DeltaFile
+2-2drivers/regulator/core.c
+1-0drivers/regulator/mt6316-regulator.c
+1-0drivers/regulator/mt6363-regulator.c
+4-23 files

Linux/linux bf124bakernel audit.c

Merge tag 'audit-pr-20260710' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit fixes from Paul Moore:
 "Two relatively small audit patches to fix potential data races with
  the main audit backlog queue as well as possible integer overflows
  when logging data as hex strings"

* tag 'audit-pr-20260710' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: fix potential integer overflow in audit_log_n_hex()
  audit: Fix data races of skb_queue_len() readers on audit_queue
DeltaFile
+14-7kernel/audit.c
+14-71 files

Linux/linux ccce5f6security/selinux hooks.c

Merge tag 'selinux-pr-20260710' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux fixes from Paul Moore:
 "Two small SELinux patches to fix a missing permission check for TCP
  Fast Open operations and fix a socket lookup issue with SCTP ASCONF
  operations"

* tag 'selinux-pr-20260710' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: avoid sk_socket dereference in selinux_sctp_bind_connect()
  selinux: check connect-related permissions on TCP Fast Open
DeltaFile
+28-10security/selinux/hooks.c
+28-101 files

Linux/linux 61c03dffs/ntfs namei.c attrib.c

Merge tag 'ntfs-for-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs

Pull ntfs fixes from Namjae Jeon:

 - fix stale runlist element dereferences in MFT writeback and fallocate

 - fix mrec_lock ABBA deadlock in rename

 - prevent userspace modification of NTFS system files

 - avoid inode eviction/writeback self-deadlocks

 - reject malformed resident attributes in non-resident runlist mapping

 - avoid post_write_mst_fixup() on invalid index blocks

 - fix a hole runlist leak in insert-range error handling

 - sanitize directory lookup MFT references from disk

    [15 lines not shown]
DeltaFile
+31-31fs/ntfs/namei.c
+24-12fs/ntfs/attrib.c
+16-1fs/ntfs/aops.c
+11-4fs/ntfs/dir.c
+9-0fs/ntfs/inode.c
+9-0fs/ntfs/attrlist.c
+100-482 files not shown
+110-518 files

Linux/linux 58d9f84fs/nfs write.c internal.h, net/sunrpc clnt.c xprtsock.c

Merge tag 'nfs-for-7.2-2' of git://git.linux-nfs.org/projects/anna/linux-nfs

Pull NFS client fixes from Anna Schumaker:

 - SUNRPC:
    - Release lower rpc_clnt if killed waiting for XPRT_LOCKED
    - Pin upper rpc_clnt across the TLS connect_worker

 - NFS:
    - Include MAY_WRITE in open permission mask for O_TRUNC
    - Charge unstable writes by request size, not folio size

* tag 'nfs-for-7.2-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
  NFS: Charge unstable writes by request size, not folio size
  NFSv4: include MAY_WRITE in open permission mask for O_TRUNC
  SUNRPC: pin upper rpc_clnt across the TLS connect_worker
  SUNRPC: release lower rpc_clnt if killed waiting for XPRT_LOCKED
DeltaFile
+17-2net/sunrpc/clnt.c
+14-2net/sunrpc/xprtsock.c
+8-6fs/nfs/write.c
+7-5fs/nfs/internal.h
+1-1fs/nfs/pnfs_nfs.c
+2-0fs/nfs/dir.c
+49-161 files not shown
+50-167 files

Linux/linux 8eae393fs/smb/client cifssmb.c smb2misc.c

Merge tag 'v7.2-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fixes from Steve French:
 - DFS cache allocation fix
 - DFS referral bounds check fix
 - Fix absolute symlinks when mounting with POSIX extensions
 - Fixes for incorrect nlink returned by fstat
 - Fix atime in read completion
 - Fix busy dentry on umount
 - ioctl_query_info buffer overflow fix
 - Two fixes for creating special files with SFU
 - Fix mode mask in parse_dacl
 - SMB1 is_path_accessible wildcard fix and minor SMB1 cleanup
 - smb2_check_message fix
 - Debug message improvement
 - Minor cleanup

* tag 'v7.2-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: Remove CIFSSMBSetPathInfoFB() fallback function

    [17 lines not shown]
DeltaFile
+0-36fs/smb/client/cifssmb.c
+26-6fs/smb/client/smb2misc.c
+17-11fs/smb/client/smb1ops.c
+14-12fs/smb/client/smb2pdu.c
+8-11fs/smb/client/smb2ops.c
+8-11fs/smb/client/smb2file.c
+73-8714 files not shown
+146-12120 files

Linux/linux ec082d0kernel/trace trace_remote.c

tracing/remotes: Fix leak in trace_remote_alloc_buffer() error path

If page allocation fails in trace_remote_alloc_buffer(), desc->nr_cpus
is not yet incremented for the current CPU. As a consequence, on error,
half-allocated rb_desc will not be freed in trace_remote_free_buffer().

Increment desc->nr_cpus as soon as the first allocation for the current
CPU has succeeded.

Link: https://patch.msgid.link/20260709160017.1729517-2-vdonnefort@google.com
Fixes: 96e43537af54 ("tracing: Introduce trace remotes")
Reported-by: Sashiko <sashiko-bot at kernel.org>
Signed-off-by: Vincent Donnefort <vdonnefort at google.com>
Signed-off-by: Steven Rostedt <rostedt at goodmis.org>
DeltaFile
+2-1kernel/trace/trace_remote.c
+2-11 files

Linux/linux 601ddackernel/trace ring_buffer.c

ring-buffer: Allow sparse CPU masks in ring_buffer_desc()

No user currently relies on sparse CPU masks, but the descriptor logic already
supports them via linear fallback. Remove the arbitrary limitation.

Link: https://patch.msgid.link/20260709160017.1729517-4-vdonnefort@google.com
Fixes: 2e67fabd8b77 ("ring-buffer: Introduce ring-buffer remotes")
Reported-by: Sashiko <sashiko-bot at kernel.org>
Signed-off-by: Vincent Donnefort <vdonnefort at google.com>
Signed-off-by: Steven Rostedt <rostedt at goodmis.org>
DeltaFile
+1-4kernel/trace/ring_buffer.c
+1-41 files

Linux/linux d471d4fkernel/trace trace_remote.c

tracing/remotes: Fix struct_len in trace_remote_alloc_buffer()

Pre-calculate desc->struct_len up-front in trace_remote_alloc_buffer()
with trace_buffer_desc_size() to fix double-counting.

While at it, use the accessor __first_ring_buffer_desc().

Link: https://patch.msgid.link/20260709160017.1729517-3-vdonnefort@google.com
Fixes: 96e43537af54 ("tracing: Introduce trace remotes")
Reported-by: Sashiko <sashiko-bot at kernel.org>
Signed-off-by: Vincent Donnefort <vdonnefort at google.com>
Signed-off-by: Steven Rostedt <rostedt at goodmis.org>
DeltaFile
+4-11kernel/trace/trace_remote.c
+4-111 files

Linux/linux d96fcfeDocumentation/arch/arm64 cpu-hotplug.rst, arch/arm64/include/asm tlbflush.h tlbbatch.h

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:

 - Fix crash when using SMT hotplug on ACPI systems in conjunction with
   maxcpus=

 - Fix 30% kswapd performance regression introduced by C1-Pro SME
   erratum workaround

 - Fix TLB over-invalidation regression during memory hotplug

 - Fix incorrect encoding of FEAT_BWE2 value in ID_AA64DFR2_EL1.BWE

 - Typo fixes in the arm64 selftests

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  selftests/arm64: fix spelling errors in comments
  arm64/sysreg: Fix BWE field encoding in ID_AA64DFR2_EL1

    [4 lines not shown]
DeltaFile
+8-41arch/arm64/include/asm/tlbflush.h
+0-35arch/arm64/kernel/process.c
+14-14arch/arm64/kernel/smp.c
+16-12Documentation/arch/arm64/cpu-hotplug.rst
+9-2arch/arm64/mm/mmu.c
+2-8arch/arm64/include/asm/tlbbatch.h
+49-1125 files not shown
+61-11811 files