Linux/linux dd3210cdrivers/regulator core.c mt6316-regulator.c

Merge tag 'regulator-fix-v7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator

Pull regulator fixes from Mark Brown:
 "A couple of straightforward fixes for device loading, plus a fix for
  the core support for keeping multiple regulators with voltages close
  to each other that was sadly introduced due to one of the more
  beautiful corners of our API design"

* tag 'regulator-fix-v7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
  regulator: core: regulator_lock_two() should test for EDEADLK not EDEADLOCK
  regulator: mt6363: add missing MODULE_DEVICE_TABLE()
  regulator: mt6316: add missing MODULE_DEVICE_TABLE()
DeltaFile
+2-2drivers/regulator/core.c
+1-0drivers/regulator/mt6316-regulator.c
+1-0drivers/regulator/mt6363-regulator.c
+4-23 files

Linux/linux bf124bakernel audit.c

Merge tag 'audit-pr-20260710' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit fixes from Paul Moore:
 "Two relatively small audit patches to fix potential data races with
  the main audit backlog queue as well as possible integer overflows
  when logging data as hex strings"

* tag 'audit-pr-20260710' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: fix potential integer overflow in audit_log_n_hex()
  audit: Fix data races of skb_queue_len() readers on audit_queue
DeltaFile
+14-7kernel/audit.c
+14-71 files

Linux/linux ccce5f6security/selinux hooks.c

Merge tag 'selinux-pr-20260710' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux fixes from Paul Moore:
 "Two small SELinux patches to fix a missing permission check for TCP
  Fast Open operations and fix a socket lookup issue with SCTP ASCONF
  operations"

* tag 'selinux-pr-20260710' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: avoid sk_socket dereference in selinux_sctp_bind_connect()
  selinux: check connect-related permissions on TCP Fast Open
DeltaFile
+28-10security/selinux/hooks.c
+28-101 files

Linux/linux 61c03dffs/ntfs namei.c attrib.c

Merge tag 'ntfs-for-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs

Pull ntfs fixes from Namjae Jeon:

 - fix stale runlist element dereferences in MFT writeback and fallocate

 - fix mrec_lock ABBA deadlock in rename

 - prevent userspace modification of NTFS system files

 - avoid inode eviction/writeback self-deadlocks

 - reject malformed resident attributes in non-resident runlist mapping

 - avoid post_write_mst_fixup() on invalid index blocks

 - fix a hole runlist leak in insert-range error handling

 - sanitize directory lookup MFT references from disk

    [15 lines not shown]
DeltaFile
+31-31fs/ntfs/namei.c
+24-12fs/ntfs/attrib.c
+16-1fs/ntfs/aops.c
+11-4fs/ntfs/dir.c
+9-0fs/ntfs/inode.c
+9-0fs/ntfs/attrlist.c
+100-482 files not shown
+110-518 files

Linux/linux 58d9f84fs/nfs write.c internal.h, net/sunrpc clnt.c xprtsock.c

Merge tag 'nfs-for-7.2-2' of git://git.linux-nfs.org/projects/anna/linux-nfs

Pull NFS client fixes from Anna Schumaker:

 - SUNRPC:
    - Release lower rpc_clnt if killed waiting for XPRT_LOCKED
    - Pin upper rpc_clnt across the TLS connect_worker

 - NFS:
    - Include MAY_WRITE in open permission mask for O_TRUNC
    - Charge unstable writes by request size, not folio size

* tag 'nfs-for-7.2-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
  NFS: Charge unstable writes by request size, not folio size
  NFSv4: include MAY_WRITE in open permission mask for O_TRUNC
  SUNRPC: pin upper rpc_clnt across the TLS connect_worker
  SUNRPC: release lower rpc_clnt if killed waiting for XPRT_LOCKED
DeltaFile
+17-2net/sunrpc/clnt.c
+14-2net/sunrpc/xprtsock.c
+8-6fs/nfs/write.c
+7-5fs/nfs/internal.h
+1-1fs/nfs/pnfs_nfs.c
+2-0fs/nfs/dir.c
+49-161 files not shown
+50-167 files

Linux/linux 8eae393fs/smb/client cifssmb.c smb2misc.c

Merge tag 'v7.2-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6

Pull smb client fixes from Steve French:
 - DFS cache allocation fix
 - DFS referral bounds check fix
 - Fix absolute symlinks when mounting with POSIX extensions
 - Fixes for incorrect nlink returned by fstat
 - Fix atime in read completion
 - Fix busy dentry on umount
 - ioctl_query_info buffer overflow fix
 - Two fixes for creating special files with SFU
 - Fix mode mask in parse_dacl
 - SMB1 is_path_accessible wildcard fix and minor SMB1 cleanup
 - smb2_check_message fix
 - Debug message improvement
 - Minor cleanup

* tag 'v7.2-rc2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: Remove CIFSSMBSetPathInfoFB() fallback function

    [17 lines not shown]
DeltaFile
+0-36fs/smb/client/cifssmb.c
+26-6fs/smb/client/smb2misc.c
+17-11fs/smb/client/smb1ops.c
+14-12fs/smb/client/smb2pdu.c
+8-11fs/smb/client/smb2ops.c
+8-11fs/smb/client/smb2file.c
+73-8714 files not shown
+146-12120 files

Linux/linux d96fcfeDocumentation/arch/arm64 cpu-hotplug.rst, arch/arm64/include/asm tlbflush.h

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:

 - Fix crash when using SMT hotplug on ACPI systems in conjunction with
   maxcpus=

 - Fix 30% kswapd performance regression introduced by C1-Pro SME
   erratum workaround

 - Fix TLB over-invalidation regression during memory hotplug

 - Fix incorrect encoding of FEAT_BWE2 value in ID_AA64DFR2_EL1.BWE

 - Typo fixes in the arm64 selftests

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  selftests/arm64: fix spelling errors in comments
  arm64/sysreg: Fix BWE field encoding in ID_AA64DFR2_EL1

    [4 lines not shown]
DeltaFile
+8-41arch/arm64/include/asm/tlbflush.h
+0-35arch/arm64/kernel/process.c
+14-14arch/arm64/kernel/smp.c
+16-12Documentation/arch/arm64/cpu-hotplug.rst
+9-2arch/arm64/mm/mmu.c
+7-3arch/arm64/kernel/fpsimd.c
+54-1075 files not shown
+61-11811 files

Linux/linux 1f0fe32drivers/platform/x86 asus-armoury.h bitland-mifs-wmi.c, drivers/platform/x86/amd/pmc pmc.c

Merge tag 'platform-drivers-x86-v7.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86

Pull x86 platform driver fixes from Ilpo Järvinen:

 - amd/pmc:
    - Use correct IP block table for AMD 1Ah M80H SoC
    - Avoid logging "(null)" for missing DMI values

 - asus-armoury: update power limits for G614PR

 - bitland-mifs-wmi: Fix NULL pointer dereference during suspend/resume

* tag 'platform-drivers-x86-v7.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
  platform/x86: amd-pmc: Use correct IP block table for AMD 1Ah M80H SoC
  platform/x86: asus-armoury: update power limits for G614PR
  platform/x86: bitland-mifs-wmi: Fix NULL pointer dereference during suspend/resume
  platform/x86/amd/pmc: Avoid logging "(null)" for DMI values
DeltaFile
+29-7drivers/platform/x86/amd/pmc/pmc.c
+5-5drivers/platform/x86/asus-armoury.h
+8-0drivers/platform/x86/bitland-mifs-wmi.c
+42-123 files

Linux/linux f827c27drivers/gpio gpio-dwapb.c gpio-shared-proxy.c, tools/testing/selftests/gpio .gitignore

Merge tag 'gpio-fixes-for-v7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux

Pull gpio fixes from Bartosz Golaszewski:

 - provide the missing .get_direction() callback in gpio-palmas

 - fix interrupt handling in gpio-dwapb

 - add a GPIO self-test program binary to .gitignore

 - fix a resource leak in gpio-mvebu

 - make the GPIO sharing heuristic more adaptable

* tag 'gpio-fixes-for-v7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
  gpio: mvebu: free generic chips on unbind
  selftests: gpio: add gpio-cdev-uaf to .gitignore
  gpio: dwapb: Mask interrupts at hardware initialization
  gpio: dwapb: Defer clock gating until noirq

    [2 lines not shown]
DeltaFile
+86-14drivers/gpio/gpio-dwapb.c
+32-34drivers/gpio/gpio-shared-proxy.c
+19-0drivers/gpio/gpio-palmas.c
+2-1drivers/gpio/gpiolib-shared.h
+1-0tools/testing/selftests/gpio/.gitignore
+1-0drivers/gpio/gpio-mvebu.c
+141-496 files

Linux/linux 8f964d9drivers/ata libata-core.c

Merge tag 'ata-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux

Pull ata fixes from Damien Le Moal:

 - Fix handling of security locked drive revalidation. This prevents
   such drives from being dropped when locked on resume (Terrence)

* tag 'ata-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux:
  ata: libata-core: Allow capacity transition to zero for locked drives
  ata: libata-core: Skip HPA resize for locked drives
DeltaFile
+2-2drivers/ata/libata-core.c
+2-21 files

Linux/linux ba0b7c6drivers/accel/amdxdna amdxdna_ctx.c amdxdna_gem.c, drivers/gpu buddy.c

Merge tag 'drm-fixes-2026-07-10' of https://gitlab.freedesktop.org/drm/kernel

Pull drm fixes from Dave Airlie:
 "Weekly fixes pull for drm, amdgpu, amdxdna, xe leading the way, some
  small core fixes and a nouveau stability fix along with some minor
  changes in other drivers.

  Seems to be a bit quiter than last week at least.

  fb-helper:
   - Sync on first active crtc in fb_dirty, rather than first crtc

  drm_exec:
   - Use direct label in drm_exec

  buddy:
   - Rework try_harder in the buddy allocator

  i915:

    [65 lines not shown]
DeltaFile
+91-1drivers/gpu/drm/drm_fb_helper.c
+46-21drivers/gpu/buddy.c
+43-13drivers/accel/amdxdna/amdxdna_ctx.c
+36-14drivers/accel/amdxdna/amdxdna_gem.c
+22-15drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c
+18-16include/drm/drm_exec.h
+256-8036 files not shown
+486-20442 files

Linux/linux 6763a0adrivers/gpu/drm/nouveau/nvkm/subdev/mmu vmm.c

nouveau/vmm: fix another SPT/LPT race

We've had an unknown Turing issue for a while with page faults since
large pages and compression.

I've got a patch series that syncs all our L2 handling with ogkm and it
made this fault happen more.

After writing a bunch of debugging patches, I spotted an invalid LPT
entry where there should have been a valid one.

A 64K MAP succeeds on a range, but a subsequent SPT put drops SPT refs
across multiple ranges,

We shouldn't assume all ranges where SPTEs go away will have the same
sparse/invalid/valid state, just iterate over each instead and do the
right thing.

Cc: stable at vger.kernel.org

    [7 lines not shown]
DeltaFile
+14-17drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.c
+14-171 files

Linux/linux 695255cdrivers/gpu/drm/xe xe_exec.c xe_pt.c, drivers/gpu/drm/xe/tests xe_pci.c

Merge tag 'drm-xe-fixes-2026-07-09' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes

Driver Changes:
- Fix PTE index in xe_vm_populate_pgtable for chunked binds (Matt Brost)
- Wait on external BO kernel fences in exec IOCTL (Matt Brost)
- Remove duplicate include (Anas Khan)
- Free madvise VMA array on L2 flush failure (Guangshuo Li)
- Stub notifier_lock helpers when DRM_GPUSVM=n (Shuicheng Lin)

Signed-off-by: Dave Airlie <airlied at redhat.com>

From: Thomas Hellstrom <thomas.hellstrom at linux.intel.com>
Link: https://patch.msgid.link/alASIbW318Rl-HTv@fedora
DeltaFile
+16-6drivers/gpu/drm/xe/xe_exec.c
+17-2drivers/gpu/drm/xe/xe_pt.c
+1-1drivers/gpu/drm/xe/xe_vm_madvise.c
+0-1drivers/gpu/drm/xe/tests/xe_pci.c
+34-104 files

Linux/linux ff17ec8drivers/gpu/drm/amd/amdgpu amdgpu_vm.c amdgpu_userq.c, drivers/gpu/drm/amd/amdkfd kfd_process_queue_manager.c kfd_device_queue_manager.c

Merge tag 'amd-drm-fixes-7.2-2026-07-09' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes

amd-drm-fixes-7.2-2026-07-09:

amdgpu:
- PSP 15.0.9 update
- SMU 15.0.9 update
- VCN 5.3 fix
- VI ASPM fix
- Userq fix
- lifetime fix for amdgpu_vm_get_task_info_pasid()
- Gfx10 fix
- SMU 14 fix

amdkfd:
- CRIU bounds checking fixes
- secondary context id fix
- Event bounds checking fix


    [4 lines not shown]
DeltaFile
+22-15drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c
+16-12drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c
+10-15drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c
+9-0drivers/gpu/drm/amd/amdgpu/amdgpu_userq.c
+9-0drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
+6-0drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c
+72-4211 files not shown
+94-5017 files

Linux/linux 7978a34drivers/accel/amdxdna amdxdna_ctx.c amdxdna_gem.c, drivers/gpu buddy.c

Merge tag 'drm-misc-fixes-2026-07-09' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-fixes

drm-misc-fixes for v7.2-rc3:
- Fix uaf in amdxdna mmap failure path.
- A lot of deadlocks, access races and return value fixes in amdxdna.
- Fix analogix_dp bitshifts during link training.
- Use direct label in drm_exec.
- Fix absent indirect bo handling in v3d.
- Sync on first active crtc in fb_dirty, rather than first crtc.
- Rework try_harder in the buddy allocator.
- Make imagination function static to solve compiler warning.
- Fix imagination error checking.

Signed-off-by: Dave Airlie <airlied at redhat.com>
From: Maarten Lankhorst <maarten.lankhorst at linux.intel.com>
Link: https://patch.msgid.link/71e5b48b-307f-47f5-8fd5-b60ea43e4196@linux.intel.com
DeltaFile
+91-1drivers/gpu/drm/drm_fb_helper.c
+46-21drivers/gpu/buddy.c
+43-13drivers/accel/amdxdna/amdxdna_ctx.c
+36-14drivers/accel/amdxdna/amdxdna_gem.c
+18-16include/drm/drm_exec.h
+18-10drivers/gpu/drm/tests/drm_exec_test.c
+252-7510 files not shown
+311-10016 files

Linux/linux 58570efdrivers/gpu/drm/i915/display intel_dp.c intel_lt_phy.c, drivers/gpu/drm/i915/gem i915_gem_context.c

Merge tag 'drm-intel-fixes-2026-07-09' of https://gitlab.freedesktop.org/drm/i915/kernel into drm-fixes

Fix underrun regressions on Panther Lake by reverting the recent
SCL=0 enablement for always-on VRR timing. It also includes a fix
display LT PHY SSC programming and a small set of i915 fixes
addressing NULL pointer dereferences, memory leaks and bound checks.

Signed-off-by: Dave Airlie <airlied at redhat.com>

From: Rodrigo Vivi <rodrigo.vivi at intel.com>
Link: https://patch.msgid.link/ak-xZPqluaXVJGtP@intel.com
DeltaFile
+15-9drivers/gpu/drm/i915/gem/i915_gem_context.c
+10-9drivers/gpu/drm/i915/gt/intel_execlists_submission.c
+7-1drivers/gpu/drm/i915/display/intel_dp.c
+1-5drivers/gpu/drm/i915/display/intel_lt_phy.c
+0-3drivers/gpu/drm/i915/display/intel_psr.c
+33-275 files

Linux/linux a635d67fs/smb/server smb2pdu.c auth.c, fs/smb/server/mgmt user_session.c

Merge tag 'v7.2-rc2-smb3-server-fixes' of git://git.samba.org/ksmbd

Pull smb server fixes from Steve French:
 "This contains a set of SMB server fixes mostly around session setup,
  multichannel/session binding, and protocol-compatible error reporting:

   - Fix SID-to-id mapping so only SIDs with a valid local Unix
     representation are translated, while preserving other Windows
     SIDs in NT ACL xattrs

   - Fix SMB3 multichannel binding across multi-round authentication,
     keep the derived channel key separate from the established session
     key, and enforce the 32-channel session limit

   - Match Windows-compatible close timestamp behavior by coalescing
     automatic write time updates smaller than 15ms

   - Return STATUS_DISK_FULL for SET_INFO allocation failures caused
     by ENOSPC or EFBIG

    [22 lines not shown]
DeltaFile
+151-54fs/smb/server/smb2pdu.c
+28-21fs/smb/server/auth.c
+17-4fs/smb/server/smbacl.c
+14-2fs/smb/server/server.c
+4-3fs/smb/server/auth.h
+2-2fs/smb/server/mgmt/user_session.c
+216-862 files not shown
+218-868 files

Linux/linux d2c46c9fs/smb/client cifssmb.c

cifs: Remove CIFSSMBSetPathInfoFB() fallback function

This fallback function CIFSSMBSetPathInfoFB() is called only from
CIFSSMBSetPathInfo() function. CIFSSMBSetPathInfo() is used in
smb_set_file_info() which contains all required fallback code, including
fallback via filehandle, since commit f122121796f9 ("cifs: Fix changing
times and read-only attr over SMB1 smb_set_file_info() function") and
commit 92210ccd877b ("cifs: Add fallback code path for cifs_mkdir_setinfo()").

So the CIFSSMBSetPathInfoFB() is just code duplication, which is not needed
anymore. Therefore remove it.

Signed-off-by: Pali Rohár <pali at kernel.org>
Signed-off-by: Steve French <stfrench at microsoft.com>
DeltaFile
+0-36fs/smb/client/cifssmb.c
+0-361 files

Linux/linux 90dd141fs/smb/client smb1ops.c

cifs: Fix and improve cifs_is_path_accessible() function

Do not call SMBQueryInformation() command for path with SMB wildcard
characters on non-UNICODE connection because server expands wildcards.
Function cifs_is_path_accessible() needs to check if the real path exists
and must not expand wildcard characters.

Do not dynamically allocate memory for small FILE_ALL_INFO structure and
instead allocate it on the stack. This structure is allocated on stack by
all other functions.

When CAP_NT_SMBS was not negotiated then do not issue CIFSSMBQPathInfo()
command. This command returns failure by non-NT Win9x SMB servers, so there
is no need try it. The purpose of cifs_is_path_accessible() function is
just to check if the path is accessible, so SMBQueryInformation() for old
servers is enough.

Signed-off-by: Pali Rohár <pali at kernel.org>
Signed-off-by: Steve French <stfrench at microsoft.com>
DeltaFile
+16-10fs/smb/client/smb1ops.c
+16-101 files

Linux/linux e3d9c71fs/smb/client cifsacl.c

smb: client: mask server-provided mode to 07777 in modefromsid

When modefromsid is active, parse_dacl() applies the server-provided
sub_auth[2] value from the NFS mode SID to cf_mode without masking to
07777. Apply the correct masking, same as in the read path.

Fixes: e2f8fbfb8d09c ("cifs: get mode bits from special sid on stat")
Signed-off-by: Norbert Manthey <nmanthey at amazon.de>
Assisted-by: Kiro:claude-opus-4.6
Cc: stable at vger.kernel.org
Signed-off-by: Steve French <stfrench at microsoft.com>
DeltaFile
+1-1fs/smb/client/cifsacl.c
+1-11 files

Linux/linux 2c7c88adrivers/bluetooth btintel_pcie.c, net/bluetooth l2cap_core.c hci_sync.c

Merge tag 'net-7.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Pull networking fixes from Paolo Abeni:
 "Including fixes from netfilter, Bluetooth and batman-adv.

  Current release - regressions:

   - bluetooth: fix using chan->conn as indication to no remote netdev

  Current release - new code bugs:

   - netfilter: cap to maximum number of expectation per master on
     updates

  Previous releases - regressions:

   - bluetooth:
      - fix UAF of hci_conn_params in add_device_complete
      - fix null ptr deref in hci_abort_conn()

    [53 lines not shown]
DeltaFile
+109-31net/bluetooth/l2cap_core.c
+121-16net/bluetooth/hci_sync.c
+51-56net/bluetooth/l2cap_sock.c
+52-50drivers/bluetooth/btintel_pcie.c
+56-29net/netfilter/ipset/ip_set_hash_gen.h
+23-61net/bluetooth/6lowpan.c
+412-243106 files not shown
+1,407-745112 files

Linux/linux cf385cfdrivers/gpu/drm/imagination pvr_context.c

drm/imagination: fix error checking of pvr_vm_context_lookup()

Since pvr_vm_context_lookup() returns either NULL or a pointer, then stop
using IS_ERR() for checking the return value.

Using IS_ERR() leads to the kernel oops reported below. It can be
reproduced by passing an invalid VM context handle from userspace to the
DRM_IOCTL_PVR_CREATE_CONTEXT ioctl.

[   92.733119] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000148
[   92.742042] Mem abort info:
[   92.744890]   ESR = 0x0000000096000004
[   92.748686]   EC = 0x25: DABT (current EL), IL = 32 bits
[   92.754020]   SET = 0, FnV = 0
[   92.757154]   EA = 0, S1PTW = 0
[   92.760337]   FSC = 0x04: level 0 translation fault
[   92.765243] Data abort info:
[   92.768129]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[   92.773626]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0

    [43 lines not shown]
DeltaFile
+2-2drivers/gpu/drm/imagination/pvr_context.c
+2-21 files

Linux/linux c804aaddrivers/gpu/drm/imagination pvr_fw_trace.c

drm/imagination: make pvr_fw_trace_init_mask_ops static

The pvr_fw_trace_init_mask_ops is not used outside pvr_fw_trace.c
so make it static to avoid the following sparse warning:

drivers/gpu/drm/imagination/pvr_fw_trace.c:74:31: warning: symbol 'pvr_fw_trace_init_mask_ops' was not declared. Should it be static?

Fixes: c6978643ea1c ("drm/imagination: Validate fw trace group_mask")
Reviewed-by: Alessio Belle <alessio.belle at imgtec.com>
Signed-off-by: Ben Dooks <ben.dooks at codethink.co.uk>
Link: https://patch.msgid.link/20260703162338.2848039-1-ben.dooks@codethink.co.uk
Signed-off-by: Alessio Belle <alessio.belle at imgtec.com>
DeltaFile
+1-1drivers/gpu/drm/imagination/pvr_fw_trace.c
+1-11 files

Linux/linux 56bc638drivers/gpu buddy.c

gpu/buddy: bail out of try_harder when alignment cannot be honoured

The try_harder contiguous fallback could return a range whose start
offset did not match the caller's min_block_size. When a candidate's
start is misaligned, realign it: free the misaligned run and reallocate
exactly @size at the next lower min_block_size boundary. This keeps the
returned size unchanged with no surplus to trim, and rejects the request
only when no aligned candidate fits.

v2: align misaligned candidates down to min_block_size instead of
    bailing out, for both the RHS and LHS paths (Matthew).

Fixes: 0a1844bf0b53 ("drm/buddy: Improve contiguous memory allocation")
Suggested-by: Christian König <christian.koenig at amd.com>
Cc: Matthew Auld <matthew.auld at intel.com>
Cc: Christian König <christian.koenig at amd.com>
Cc: Timur Kristóf <timur.kristof at gmail.com>
Cc: stable at vger.kernel.org
Reviewed-by: Matthew Auld <matthew.auld at intel.com>

    [3 lines not shown]
DeltaFile
+46-21drivers/gpu/buddy.c
+46-211 files

Linux/linux 179e3eefs/smb/client inode.c misc.c

cifs: Show reason why autodisabling serverino support

Extend cifs_autodisable_serverino() function to print also text message why
the function was called.

The text message is printed just once for mount then autodisabling
serverino support. Once the serverino support is disabled for mount it will
not be re-enabled. So those text messages do not cause flooding logs.

This change allows to debug issues why cifs.ko decide to turn off server
inode number support and hence disable support for detection of hardlinks.

Signed-off-by: Pali Rohár <pali at kernel.org>
Signed-off-by: Steve French <stfrench at microsoft.com>
DeltaFile
+4-3fs/smb/client/inode.c
+5-1fs/smb/client/misc.c
+2-2fs/smb/client/readdir.c
+1-1fs/smb/client/dfs_cache.c
+1-1fs/smb/client/connect.c
+1-1fs/smb/client/cifsproto.h
+14-96 files

Linux/linux 9dd1964fs/smb/client inode.c cifsglob.h

smb/client: fix incorrect nlink returned by fstat()

Reproducer:

  1. mount -t cifs //${server_ip}/export /mnt
  2. touch /mnt/file1; ln /mnt/file1 /mnt/file2; ln /mnt/file1 /mnt/file3
  3. C program: int fd = open("/mnt/file1", O_RDONLY);
  4. C program: struct stat stbuf; fstat(fd, &stbuf);
                stbuf.st_nlink is always 1, should be 3

Setting `unknown_nlink` to true in `SMB2_open()` triggers the
`CIFS_FATTR_UNKNOWN_NLINK` flag in `cifs_open_info_to_fattr()`,
which safely preserves the existing i_nlink in
`cifs_nlink_fattr_to_inode()`.

See the detailed procedure below:

  path_openat
    open_last_lookups

    [39 lines not shown]
DeltaFile
+2-0fs/smb/client/inode.c
+1-0fs/smb/client/cifsglob.h
+1-0fs/smb/client/smb2pdu.c
+4-03 files

Linux/linux 1f551e4fs/smb/client smb2pdu.c smb2file.c

smb/client: pass cifs_open_info_data to SMB2_open()

Let SMB2_open() fill the smb2_file_all_info embedded in cifs_open_info_data
directly. This removes the temporary smb2_file_all_info copy in
smb2_open_file().

Signed-off-by: ChenXiaoSong <chenxiaosong at kylinos.cn>
Signed-off-by: Steve French <stfrench at microsoft.com>
DeltaFile
+13-12fs/smb/client/smb2pdu.c
+8-11fs/smb/client/smb2file.c
+3-3fs/smb/client/link.c
+1-1fs/smb/client/smb2proto.h
+25-274 files

Linux/linux fc8789bfs/smb/client link.c

smb/client: use stack-allocated smb2_file_all_info in smb3_query_mf_symlink()

SMB2_open() only fills the fixed fields, so a stack-allocated
smb2_file_all_info is sufficient here.

Signed-off-by: ChenXiaoSong <chenxiaosong at kylinos.cn>
Signed-off-by: Steve French <stfrench at microsoft.com>
DeltaFile
+3-12fs/smb/client/link.c
+3-121 files

Linux/linux 8fce4cffs/smb/client link.c smb1ops.c

smb/client: zero-initialize stack-allocated cifs_open_info_data

Stack-allocated cifs_open_info_data may contain random data.
This can make some fields have wrong value if they are not set later.

Signed-off-by: ChenXiaoSong <chenxiaosong at kylinos.cn>
Signed-off-by: Steve French <stfrench at microsoft.com>
DeltaFile
+1-1fs/smb/client/link.c
+1-1fs/smb/client/smb1ops.c
+1-1fs/smb/client/smb2ops.c
+3-33 files

Linux/linux a4f27adfs/smb/client smb2ops.c

smb: client: fix overflow in passthrough ioctl bounds check

smb2_ioctl_query_info() validates the PASSTHRU_FSCTL response payload
before copying it to userspace.

The payload offset and length both come from 32-bit fields. The bounds
check currently adds OutputOffset and qi.input_buffer_length directly, so
the addition can wrap in 32-bit arithmetic before the result is compared
against the response buffer length.

A malicious server can use a large OutputOffset and a small OutputCount
to make the wrapped sum pass the bounds check. The later copy_to_user()
then reads from io_rsp + OutputOffset, outside the response buffer.

Use size_add() for the offset plus length check so overflow is treated as
out of bounds.

Fixes: 2b1116bbe898 ("CIFS: Use common error handling code in smb2_ioctl_query_info()")
Signed-off-by: Guangshuo Li <lgs201920130244 at gmail.com>
Signed-off-by: Steve French <stfrench at microsoft.com>
DeltaFile
+2-2fs/smb/client/smb2ops.c
+2-21 files