[OE-core][scarthgap 00/30] Patch review

[OE-core][scarthgap 00/30] Patch review

[Yoann Congal]

Please review this set of changes for scarthgap and have comments back by
end of day Thursday, June 18.

Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/4014

The following changes since commit dd74c1388d5bfefd2adcdb6abd622297138e2eb1:

  meta/lib/oe/package.py: fix path to kernel sources in save_debugsources_info (2026-06-15 11:54:08 +0200)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/scarthgap-review
  https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/scarthgap-review

for you to fetch changes up to 7d74e588802d87a07b14c1541651ad5ce8860a8f:

  lttng-modules: Fix trace_hrtimer_start build failure (2026-06-17 01:28:31 +0200)

----------------------------------------------------------------

Benjamin Robin (Schneider Electric) (2):
  avahi: Remove a reference to the rejected CVE-2021-36217
  meta: fix generation of kernel CONFIG_ in SPDX3

Bruce Ashfield (12):
  oeqa/runtime/parselogs: update pci BAR ignore for kernel 6.10
  linux-yocto/6.6: update to v6.6.129
  linux-yocto/6.6: update to v6.6.130
  linux-yocto/6.6: update to v6.6.132
  linux-yocto/6.6: update to v6.6.134
  linux-yocto/6.6: update to v6.6.135
  linux-yocto/6.6: update to v6.6.136
  linux-yocto/6.6: update to v6.6.137
  linux-yocto/6.6: update to v6.6.138
  linux-yocto/6.6: update to v6.6.140
  linux-yocto/6.6: update to v6.6.141
  linux-yocto/6.6: update to v6.6.142

He Zhe (1):
  lttng-modules: Fix trace_hrtimer_start build failure

Hitendra Prajapati (6):
  go 1.22.12: fix CVE-2026-27140
  go 1.22.12: fix CVE-2026-27143, CVE-2026-27144
  qemu: fix for CVE-2025-11234
  libxml-parser-perl: fix for CVE-2006-10003
  python3: fix for CVE-2026-1502
  python3: fix CVE-2026-6100

Prabhudasu Vatala (1):
  conf/machine: fix typos in ARM and x86 README files

Ross Burton (3):
  setuptools3_legacy: ensure ${B} is clean
  setuptools3: clean the build directory in configure
  python_setuptools_build_meta: clean the build directory in configure

Vijay Anusuri (5):
  xserver-xorg: Fix CVE-2026-33999
  xserver-xorg: Fix CVE-2026-34000
  xserver-xorg: Fix CVE-2026-34001
  xserver-xorg: Fix CVE-2026-34002
  xserver-xorg: Fix CVE-2026-34003

 meta/classes-recipe/kernel.bbclass            |  27 ++-
 .../python_setuptools_build_meta.bbclass      |   4 +
 meta/classes-recipe/setuptools3.bbclass       |   3 +
 .../classes-recipe/setuptools3_legacy.bbclass |   1 +
 meta/conf/machine/include/arm/README          |   6 +-
 meta/conf/machine/include/x86/README          |   4 +-
 .../cases/parselogs-ignores-qemuall.txt       |   8 +
 meta/lib/oeqa/selftest/cases/spdx.py          |   2 +-
 .../avahi/files/local-ping.patch              |   1 -
 meta/recipes-devtools/go/go-1.22.12.inc       |   3 +
 .../go/go/CVE-2026-27140.patch                |  58 +++++
 .../go/go/CVE-2026-27143.patch                | 165 +++++++++++++
 .../go/go/CVE-2026-27144.patch                | 125 ++++++++++
 .../libxml-parser-perl/CVE-2006-10003.patch   |  73 ++++++
 .../perl/libxml-parser-perl_2.47.bb           |   1 +
 .../python/python3/CVE-2026-1502.patch        | 113 +++++++++
 .../python/python3/CVE-2026-6100.patch        |  75 ++++++
 .../python/python3_3.12.13.bb                 |   2 +
 meta/recipes-devtools/qemu/qemu.inc           |   2 +
 .../qemu/qemu/CVE-2025-11234-01.patch         |  72 ++++++
 .../qemu/qemu/CVE-2025-11234-02.patch         | 174 ++++++++++++++
 .../xserver-xorg/CVE-2026-33999.patch         |  49 ++++
 .../xserver-xorg/CVE-2026-34000.patch         |  72 ++++++
 .../xserver-xorg/CVE-2026-34001.patch         | 104 ++++++++
 .../xserver-xorg/CVE-2026-34002.patch         |  93 ++++++++
 .../xserver-xorg/CVE-2026-34003-1.patch       | 113 +++++++++
 .../xserver-xorg/CVE-2026-34003-2.patch       | 223 ++++++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.18.bb      |   6 +
 .../linux/linux-yocto-rt_6.6.bb               |   6 +-
 .../linux/linux-yocto-tiny_6.6.bb             |   6 +-
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  |  28 +--
 ...ce-trace-noise-in-hrtimer_start-v7.1.patch | 103 ++++++++
 .../lttng/lttng-modules_2.13.12.bb            |   6 +-
 33 files changed, 1687 insertions(+), 41 deletions(-)
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27140.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27143.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27144.patch
 create mode 100644 meta/recipes-devtools/perl/libxml-parser-perl/CVE-2006-10003.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-1502.patch
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-6100.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-11234-01.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-11234-02.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-33999.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34000.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34001.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34002.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34003-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34003-2.patch
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch

[OE-core][scarthgap 01/30] conf/machine: fix typos in ARM and x86 README files

[Yoann Congal]

From: Prabhudasu Vatala <prabhudasuvatala@gmail.com>

Correct spelling errors in the machine include README documentation
for both ARM and x86 architectures to improve clarity.

ARM changes:
- Fix TUNE_PKGACH -> TUNE_PKGARCH.
- Fix "definiton" -> "definition".
- Fix "Curently" -> "Currently".
- Fix "specificed" -> "specified".

x86 changes:
- Fix "define" -> "defined".
- Fix "to to" duplication.

Signed-off-by: Prabhudasu Vatala <prabhudasuvatala@gmail.com>
(cherry picked from commit a77dd221c31e44a17784c15f5402ef785fb9c1b7)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/conf/machine/include/arm/README | 6 +++---
 meta/conf/machine/include/x86/README | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/meta/conf/machine/include/arm/README b/meta/conf/machine/include/arm/README
index c5637798e6f..bccbb1bdee9 100644
--- a/meta/conf/machine/include/arm/README
+++ b/meta/conf/machine/include/arm/README
@@ -10,7 +10,7 @@ of the existence of the "bigendian" feature in a given tune.
 
 A small set of ARM specific variables have been defined to allow 
 TUNE_PKGARCH to be automatically defined.  Optimized tunings must NOT 
-change the definiton of TUNE_PKGARCH.  TUNE_PKGACH:tune-<tune> will be 
+change the definition of TUNE_PKGARCH.  TUNE_PKGARCH:tune-<tune> will be 
 ignored.  The format of the package arch is enforced by the TUNE_PKGARCH
 default.  The format must be of the form:
 <armversion>[t][e][hf][b][-vfp][-neon]
@@ -22,14 +22,14 @@ ARMPKGARCH - This is the core package arch component specified by each
 tuning.  This is the primary identifier of a tuning.  Usual values are:
 arm, armv4, armv5, armv6, armv7a, etc.
 
-ARMPKGSFX_THUMB - This is the thumb specific suffix.  Curently it is 
+ARMPKGSFX_THUMB - This is the thumb specific suffix.  Currently it is 
 defined in feature-arm-thumb.inc.
 
 ARMPKGSFX_DSP - This is the DSP specific suffix.  Currently this is set 
 to 'e' when on armv5 and the dsp feature is enabled.
 
 ARMPKGSFX_EABI - This is the eabi specific suffix.  There are currently 
-two defined ABIs specificed, standard EABI and Hard Float (VFP) EABI.  
+two defined ABIs specified, standard EABI and Hard Float (VFP) EABI.  
 When the callconvention-hard is enabled, "hf" is specified, otherwise it 
 is blank.
 
diff --git a/meta/conf/machine/include/x86/README b/meta/conf/machine/include/x86/README
index 05aee533a71..f0a1882d818 100644
--- a/meta/conf/machine/include/x86/README
+++ b/meta/conf/machine/include/x86/README
@@ -4,7 +4,7 @@
 Most of the items for the X86 architectures are defined in the single
 arch-x86 file.
 
-Three ABIs are define, m32, mx32 and m64.
+Three ABIs are defined, m32, mx32 and m64.
 
 The following is the list of X86 specific variables:
 
@@ -17,7 +17,7 @@ The TUNE_PKGARCH is defined as follows:
 TUNE_PKGARCH = ${TUNE_PKGARCH:tune-${DEFAULTTUNE}}
 
 The package architecture for 32-bit targets is historical and generally
-set to to match the core compatible processor type, i.e. i386.
+set to match the core compatible processor type, i.e. i386.
 
 For 64-bit architectures, the architecture is expected to end in '_64'.
 

[OE-core][scarthgap 02/30] go 1.22.12: fix CVE-2026-27140

[Yoann Congal]

From: Hitendra Prajapati <hprajapati@mvista.com>

Pick patch from [1] also mentioned at Debian report in [2]

[1] https://github.com/golang/go/commit/abaa0cbb259e059ee60c33a7507eddc1fe7d20fa
[2] https://security-tracker.debian.org/tracker/CVE-2026-27140
[3] https://nvd.nist.gov/vuln/detail/CVE-2026-27140

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-devtools/go/go-1.22.12.inc       |  1 +
 .../go/go/CVE-2026-27140.patch                | 58 +++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27140.patch

diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc
index f67da3e0788..46d75d13b21 100644
--- a/meta/recipes-devtools/go/go-1.22.12.inc
+++ b/meta/recipes-devtools/go/go-1.22.12.inc
@@ -41,6 +41,7 @@ SRC_URI += "\
     file://CVE-2025-68121_p1.patch \
     file://CVE-2025-68121_p2.patch \
     file://CVE-2025-68121_p3.patch \
+    file://CVE-2026-27140.patch \
     file://CVE-2026-27142.patch \
     file://CVE-2026-32280.patch \
     file://CVE-2026-32283.patch \
diff --git a/meta/recipes-devtools/go/go/CVE-2026-27140.patch b/meta/recipes-devtools/go/go/CVE-2026-27140.patch
new file mode 100644
index 00000000000..5c9fb31c23d
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2026-27140.patch
@@ -0,0 +1,58 @@
+From abaa0cbb259e059ee60c33a7507eddc1fe7d20fa Mon Sep 17 00:00:00 2001
+From: Neal Patel <nealpatel@google.com>
+Date: Tue, 24 Feb 2026 23:05:34 +0000
+Subject: [PATCH] [release-branch.go1.25] cmd/go: disallow cgo trust boundary
+ bypass
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The cgo compiler implicitly trusts generated files
+with 'cgo' prefixes; thus, SWIG files containing 'cgo'
+in their names will cause bypass of the trust boundary,
+leading to code smuggling or arbitrary code execution.
+
+The cgo compiler will now produce an error if it
+encounters any SWIG files containing this prefix.
+
+Thanks to Juho Forsén of Mattermost for reporting this issue.
+
+Fixes #78335
+Fixes CVE-2026-27140
+
+Change-Id: I44185a84e07739b3b347efdb86be7d8fa560b030
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3520
+Reviewed-by: Nicholas Husin <husin@google.com>
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3989
+Reviewed-on: https://go-review.googlesource.com/c/go/+/763556
+Reviewed-by: David Chase <drchase@google.com>
+TryBot-Bypass: Gopher Robot <gobot@golang.org>
+Reviewed-by: Junyang Shao <shaojunyang@google.com>
+Auto-Submit: Gopher Robot <gobot@golang.org>
+
+CVE: CVE-2026-27140
+Upstream-Status: Backport [https://github.com/golang/go/commit/abaa0cbb259e059ee60c33a7507eddc1fe7d20fa]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/cmd/go/internal/work/exec.go | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go
+index 815942a..520c478 100644
+--- a/src/cmd/go/internal/work/exec.go
++++ b/src/cmd/go/internal/work/exec.go
+@@ -3347,6 +3347,10 @@ func (b *Builder) swigIntSize(objdir string) (intsize string, err error) {
+ 
+ // Run SWIG on one SWIG input file.
+ func (b *Builder) swigOne(a *Action, file, objdir string, pcCFLAGS []string, cxx bool, intgosize string) (outGo, outC string, err error) {
++	if strings.HasPrefix(file, "cgo") {
++		return "", "", errors.New("SWIG file must not use prefix 'cgo'")
++	}
++
+ 	p := a.Package
+ 	sh := b.Shell(a)
+ 
+-- 
+2.50.1
+

[OE-core][scarthgap 03/30] go 1.22.12: fix CVE-2026-27143, CVE-2026-27144

[Yoann Congal]

From: Hitendra Prajapati <hprajapati@mvista.com>

Pick patch from [1] & [2] also mentioned at Debian report in [3] & [4]

[1] https://github.com/golang/go/commit/7d2dd3488cdfbddda14c18c455d3263df75a46fc
[2] https://github.com/golang/go/commit/72cc33629a3b26e68f6e6e5564618a1d763896f3
[3] https://security-tracker.debian.org/tracker/CVE-2026-27143
[4] https://security-tracker.debian.org/tracker/CVE-2026-27144

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-devtools/go/go-1.22.12.inc       |   2 +
 .../go/go/CVE-2026-27143.patch                | 165 ++++++++++++++++++
 .../go/go/CVE-2026-27144.patch                | 125 +++++++++++++
 3 files changed, 292 insertions(+)
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27143.patch
 create mode 100644 meta/recipes-devtools/go/go/CVE-2026-27144.patch

diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc
index 46d75d13b21..7016acd0616 100644
--- a/meta/recipes-devtools/go/go-1.22.12.inc
+++ b/meta/recipes-devtools/go/go-1.22.12.inc
@@ -43,6 +43,8 @@ SRC_URI += "\
     file://CVE-2025-68121_p3.patch \
     file://CVE-2026-27140.patch \
     file://CVE-2026-27142.patch \
+    file://CVE-2026-27143.patch \
+    file://CVE-2026-27144.patch \
     file://CVE-2026-32280.patch \
     file://CVE-2026-32283.patch \
     file://CVE-2026-32289.patch \
diff --git a/meta/recipes-devtools/go/go/CVE-2026-27143.patch b/meta/recipes-devtools/go/go/CVE-2026-27143.patch
new file mode 100644
index 00000000000..99e7f7639ec
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2026-27143.patch
@@ -0,0 +1,165 @@
+From 7d2dd3488cdfbddda14c18c455d3263df75a46fc Mon Sep 17 00:00:00 2001
+From: Junyang Shao <shaojunyang@google.com>
+Date: Fri, 6 Mar 2026 00:03:45 +0000
+Subject: [PATCH] [release-branch.go1.25] cmd/compile: fix loopbce overflow
+ check logic
+
+addWillOverflow and subWillOverflow has an implicit assumption that y is
+positive, using it outside of addU and subU is really incorrect. This CL
+fixes those incorrect usage to use the correct logic in place.
+
+Thanks to Jakub Ciolek for reporting this issue.
+
+Fixes #78333
+Fixes CVE-2026-27143
+
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3700
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-by: Neal Patel <nealpatel@google.com>
+Change-Id: I263e8e7ac227e2a68109eb7bbd45f66569ed22ec
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3987
+Commit-Queue: Damien Neil <dneil@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/go/+/763553
+Reviewed-by: David Chase <drchase@google.com>
+Auto-Submit: Gopher Robot <gobot@golang.org>
+TryBot-Bypass: Gopher Robot <gobot@golang.org>
+Reviewed-by: Junyang Shao <shaojunyang@google.com>
+
+CVE: CVE-2026-27143
+Upstream-Status: Backport [https://github.com/golang/go/commit/7d2dd3488cdfbddda14c18c455d3263df75a46fc]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/cmd/compile/internal/ssa/loopbce.go | 36 +++++++++++++++++--------
+ test/loopbce.go                         | 28 +++++++++++++++++++
+ 2 files changed, 53 insertions(+), 11 deletions(-)
+
+diff --git a/src/cmd/compile/internal/ssa/loopbce.go b/src/cmd/compile/internal/ssa/loopbce.go
+index dd1f39d..1b3e567 100644
+--- a/src/cmd/compile/internal/ssa/loopbce.go
++++ b/src/cmd/compile/internal/ssa/loopbce.go
+@@ -204,9 +204,11 @@ func findIndVar(f *Func) []indVar {
+ 						if init.AuxInt > v {
+ 							return false
+ 						}
++						// TODO(1.27): investigate passing a smaller-magnitude overflow limit to addU
++						// for addWillOverflow.
+ 						v = addU(init.AuxInt, diff(v, init.AuxInt)/uint64(step)*uint64(step))
+ 					}
+-					if addWillOverflow(v, step) {
++					if addWillOverflow(v, step, maxSignedValue(ind.Type)) {
+ 						return false
+ 					}
+ 					if inclusive && v != limit.AuxInt || !inclusive && v+1 != limit.AuxInt {
+@@ -235,7 +237,7 @@ func findIndVar(f *Func) []indVar {
+ 				// ind < knn - k cannot overflow if step is at most k+1
+ 				return step <= k+1 && k != maxSignedValue(limit.Type)
+ 			} else { // step < 0
+-				if limit.Op == OpConst64 {
++				if limit.isGenericIntConst() {
+ 					// Figure out the actual smallest value.
+ 					v := limit.AuxInt
+ 					if !inclusive {
+@@ -249,9 +251,11 @@ func findIndVar(f *Func) []indVar {
+ 						if init.AuxInt < v {
+ 							return false
+ 						}
++						// TODO(1.27): investigate passing a smaller-magnitude underflow limit to subU
++						// for subWillUnderflow.
+ 						v = subU(init.AuxInt, diff(init.AuxInt, v)/uint64(-step)*uint64(-step))
+ 					}
+-					if subWillUnderflow(v, -step) {
++					if subWillUnderflow(v, -step, minSignedValue(ind.Type)) {
+ 						return false
+ 					}
+ 					if inclusive && v != limit.AuxInt || !inclusive && v-1 != limit.AuxInt {
+@@ -313,14 +317,22 @@ func findIndVar(f *Func) []indVar {
+ 	return iv
+ }
+ 
+-// addWillOverflow reports whether x+y would result in a value more than maxint.
+-func addWillOverflow(x, y int64) bool {
+-	return x+y < x
++// subWillUnderflow checks if x - y underflows the min value.
++// y must be positive.
++func subWillUnderflow(x, y int64, min int64) bool {
++	if y < 0 {
++		base.Fatalf("expecting positive value")
++	}
++	return x < min+y
+ }
+ 
+-// subWillUnderflow reports whether x-y would result in a value less than minint.
+-func subWillUnderflow(x, y int64) bool {
+-	return x-y > x
++// addWillOverflow checks if x + y overflows the max value.
++// y must be positive.
++func addWillOverflow(x, y int64, max int64) bool {
++	if y < 0 {
++		base.Fatalf("expecting positive value")
++	}
++	return x > max-y
+ }
+ 
+ // diff returns x-y as a uint64. Requires x>=y.
+@@ -341,7 +353,8 @@ func addU(x int64, y uint64) int64 {
+ 		x += 1
+ 		y -= 1 << 63
+ 	}
+-	if addWillOverflow(x, int64(y)) {
++	// TODO(1.27): investigate passing a smaller-magnitude overflow limit in here.
++	if addWillOverflow(x, int64(y), maxSignedValue(types.Types[types.TINT64])) {
+ 		base.Fatalf("addU overflowed %d + %d", x, y)
+ 	}
+ 	return x + int64(y)
+@@ -357,7 +370,8 @@ func subU(x int64, y uint64) int64 {
+ 		x -= 1
+ 		y -= 1 << 63
+ 	}
+-	if subWillUnderflow(x, int64(y)) {
++	// TODO(1.27): investigate passing a smaller-magnitude underflow limit in here.
++	if subWillUnderflow(x, int64(y), minSignedValue(types.Types[types.TINT64])) {
+ 		base.Fatalf("subU underflowed %d - %d", x, y)
+ 	}
+ 	return x - int64(y)
+diff --git a/test/loopbce.go b/test/loopbce.go
+index 04c186b..a4b101b 100644
+--- a/test/loopbce.go
++++ b/test/loopbce.go
+@@ -466,6 +466,34 @@ func stride2(x *[7]int) int {
+ 	return s
+ }
+ 
++// This loop should not be proved anything.
++func smallIntUp(arr *[128]int) {
++	for i := int8(0); i <= int8(120); i += int8(10) {
++		arr[i] = int(i)
++	}
++}
++
++// This loop should not be proved anything.
++func smallIntDown(arr *[128]int) {
++	for i := int8(0); i >= int8(-120); i -= int8(10) {
++		arr[127+i] = int(i)
++	}
++}
++
++// This loop should not be proved anything.
++func smallUintUp(arr *[128]int) {
++	for i := uint8(0); i <= uint8(250); i += uint8(10) {
++		arr[i] = int(i)
++	}
++}
++
++// This loop should not be proved anything.
++func smallUintDown(arr *[128]int) {
++	for i := uint8(255); i >= uint8(0); i -= uint8(10) {
++		arr[127+i] = int(i)
++	}
++}
++
+ //go:noinline
+ func useString(a string) {
+ }
+-- 
+2.50.1
+
diff --git a/meta/recipes-devtools/go/go/CVE-2026-27144.patch b/meta/recipes-devtools/go/go/CVE-2026-27144.patch
new file mode 100644
index 00000000000..3f791ea4918
--- /dev/null
+++ b/meta/recipes-devtools/go/go/CVE-2026-27144.patch
@@ -0,0 +1,125 @@
+From 72cc33629a3b26e68f6e6e5564618a1d763896f3 Mon Sep 17 00:00:00 2001
+From: Junyang Shao <shaojunyang@google.com>
+Date: Thu, 12 Mar 2026 21:36:33 +0000
+Subject: [PATCH] [release-branch.go1.25] cmd/compile: fix mem access overlap
+ detection
+
+When a no-op interface conversion is wrapped around the rhs of an
+assignment, the memory overlap detection logic in the compiler failed to
+peel down conversion to see the actual pointer, causing an incorrect
+no-overlapping determination.
+
+Thanks to Jakub Ciolek for reporting this issue.
+
+
+Fixes #78371
+Fixes CVE-2026-27144
+
+Change-Id: I55ff0806b099e1447bdbfba7fde6c6597db5d65c
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3780
+Reviewed-by: Damien Neil <dneil@google.com>
+Reviewed-by: Neal Patel <nealpatel@google.com>
+Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/4002
+Reviewed-on: https://go-review.googlesource.com/c/go/+/763552
+Auto-Submit: Gopher Robot <gobot@golang.org>
+TryBot-Bypass: Gopher Robot <gobot@golang.org>
+Reviewed-by: Junyang Shao <shaojunyang@google.com>
+Reviewed-by: David Chase <drchase@google.com>
+
+CVE: CVE-2026-27144
+Upstream-Status: Backport [https://github.com/golang/go/commit/72cc33629a3b26e68f6e6e5564618a1d763896f3]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ src/cmd/compile/internal/ssagen/ssa.go        | 20 ++++++---
+ .../compile/internal/test/memoverlap_test.go  | 41 +++++++++++++++++++
+ 2 files changed, 55 insertions(+), 6 deletions(-)
+ create mode 100644 src/cmd/compile/internal/test/memoverlap_test.go
+
+diff --git a/src/cmd/compile/internal/ssagen/ssa.go b/src/cmd/compile/internal/ssagen/ssa.go
+index c794d6f..0214621 100644
+--- a/src/cmd/compile/internal/ssagen/ssa.go
++++ b/src/cmd/compile/internal/ssagen/ssa.go
+@@ -1427,6 +1427,16 @@ func (s *state) stmtList(l ir.Nodes) {
+ 	}
+ }
+ 
++func peelConvNop(n ir.Node) ir.Node {
++	if n == nil {
++		return n
++	}
++	for n.Op() == ir.OCONVNOP {
++		n = n.(*ir.ConvExpr).X
++	}
++	return n
++}
++
+ // stmt converts the statement n to SSA and adds it to s.
+ func (s *state) stmt(n ir.Node) {
+ 	s.pushLine(n.Pos())
+@@ -1598,12 +1608,10 @@ func (s *state) stmt(n ir.Node) {
+ 		// arrays referenced are strictly smaller parts of the same base array.
+ 		// If one side of the assignment is a full array, then partial overlap
+ 		// can't happen. (The arrays are either disjoint or identical.)
+-		mayOverlap := n.X.Op() == ir.ODEREF && (n.Y != nil && n.Y.Op() == ir.ODEREF)
+-		if n.Y != nil && n.Y.Op() == ir.ODEREF {
+-			p := n.Y.(*ir.StarExpr).X
+-			for p.Op() == ir.OCONVNOP {
+-				p = p.(*ir.ConvExpr).X
+-			}
++		ny := peelConvNop(n.Y)
++		mayOverlap := n.X.Op() == ir.ODEREF && (n.Y != nil && ny.Op() == ir.ODEREF)
++		if ny != nil && ny.Op() == ir.ODEREF {
++			p := peelConvNop(ny.(*ir.StarExpr).X)
+ 			if p.Op() == ir.OSPTR && p.(*ir.UnaryExpr).X.Type().IsString() {
+ 				// Pointer fields of strings point to unmodifiable memory.
+ 				// That memory can't overlap with the memory being written.
+diff --git a/src/cmd/compile/internal/test/memoverlap_test.go b/src/cmd/compile/internal/test/memoverlap_test.go
+new file mode 100644
+index 0000000..c53288e
+--- /dev/null
++++ b/src/cmd/compile/internal/test/memoverlap_test.go
+@@ -0,0 +1,41 @@
++// Copyright 2026 The Go Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++package test
++
++import "testing"
++
++const arrFooSize = 96
++
++type arrFoo [arrFooSize]int
++
++//go:noinline
++func badCopy(dst, src []int) {
++	p := (*[arrFooSize]int)(dst[:arrFooSize])
++	q := (*[arrFooSize]int)(src[:arrFooSize])
++	*p = arrFoo(*q)
++}
++
++//go:noinline
++func goodCopy(dst, src []int) {
++	p := (*[arrFooSize]int)(dst[:arrFooSize])
++	q := (*[arrFooSize]int)(src[:arrFooSize])
++	*p = *q
++}
++
++func TestOverlapedMoveWithNoopIConv(t *testing.T) {
++	h1 := make([]int, arrFooSize+1)
++	h2 := make([]int, arrFooSize+1)
++	for i := range arrFooSize + 1 {
++		h1[i] = i
++		h2[i] = i
++	}
++	badCopy(h1[1:], h1[:arrFooSize])
++	goodCopy(h2[1:], h2[:arrFooSize])
++	for i := range arrFooSize + 1 {
++		if h1[i] != h2[i] {
++			t.Errorf("h1 and h2 differ at index %d, expect them to be the same", i)
++		}
++	}
++}
+-- 
+2.50.1
+

[OE-core][scarthgap 04/30] avahi: Remove a reference to the rejected CVE-2021-36217

[Yoann Congal]

From: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>

CVE-2021-36217 is rejected, and should no longer be referenced.
CVE-2021-36217 is a duplicate of CVE-2021-3502 which is already
referenced in the local-ping.patch.

The CVE database indicates the following reason:
  ConsultIDs: CVE-2021-3502. Reason: This candidate is a duplicate of
  CVE-2021-3502. Notes: All CVE users should reference CVE-2021-3502
  instead of this candidate. All references and descriptions in this
  candidate have been removed to prevent accidental usage.

(cherry picked from commit bf41240132e2efa6b46aab46290eed9c53e312e9)

Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-connectivity/avahi/files/local-ping.patch | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta/recipes-connectivity/avahi/files/local-ping.patch b/meta/recipes-connectivity/avahi/files/local-ping.patch
index 29c192d296e..8f102815df0 100644
--- a/meta/recipes-connectivity/avahi/files/local-ping.patch
+++ b/meta/recipes-connectivity/avahi/files/local-ping.patch
@@ -1,4 +1,3 @@
-CVE: CVE-2021-36217
 CVE: CVE-2021-3502
 Upstream-Status: Backport
 Signed-off-by: Ross Burton <ross.burton@arm.com>

[OE-core][scarthgap 05/30] meta: fix generation of kernel CONFIG_ in SPDX3

[Yoann Congal]

From: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>

With the current solution, using a separate task
(do_create_kernel_config_spdx) there is a dependency issue. Sometimes
the final rootfs SBOM does not contain the CONFIG_ values.

do_create_kernel_config_spdx is executed after do_create_spdx which
deploys the SPDX file. do_create_kernel_config_spdx calls
oe.sbom30.find_root_obj_in_jsonld to read from the deploy directory,
which is OK, but the do_create_kernel_config_spdx ends up writing to
this deployed file (updating it).

do_create_rootfs_spdx has an explicit dependency to all do_create_spdx
tasks, but there is nothing that prevents executing
do_create_kernel_config_spdx after do_create_rootfs_spdx.

To fix it, instead, now read from the workdir, and write to the
workdir, and do the processing from the do_create_spdx task:
we append to the do_create_spdx task.
Furthermore, update oeqa selftest to execute do_create_spdx instead
of removed function.

Also only execute this task if create-spdx-3.0 was inherited,
previously this code could be executed if create-spdx-2.2 is
inherited.

(cherry picked from commit 8417f4a186e78a9d309541f5d0e711178bb80488)

Fixes: 1fff29a04287 ("kernel.bbclass: Add task to export kernel configuration to SPDX")
Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
Reviewed-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/classes-recipe/kernel.bbclass   | 27 +++++++++++++++------------
 meta/lib/oeqa/selftest/cases/spdx.py |  2 +-
 2 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/meta/classes-recipe/kernel.bbclass b/meta/classes-recipe/kernel.bbclass
index 39e198864e4..618324f75ff 100644
--- a/meta/classes-recipe/kernel.bbclass
+++ b/meta/classes-recipe/kernel.bbclass
@@ -870,14 +870,13 @@ addtask deploy after do_populate_sysroot do_packagedata
 
 EXPORT_FUNCTIONS do_deploy
 
-python __anonymous() {
-    inherits = (d.getVar("INHERIT") or "")
-    if "create-spdx" in inherits:
-        bb.build.addtask('do_create_kernel_config_spdx', 'do_populate_lic do_deploy', 'do_create_spdx', d)
-}
+do_create_spdx:append() {
+    def create_kernel_config_spdx(d):
+        if not bb.data.inherits_class("create-spdx-3.0", d):
+            return
+        if d.getVar("SPDX_INCLUDE_KERNEL_CONFIG", True) != "1":
+            return
 
-python do_create_kernel_config_spdx() {
-    if d.getVar("SPDX_INCLUDE_KERNEL_CONFIG", True) == "1":
         import oe.spdx30
         import oe.spdx30_tasks
         from pathlib import Path
@@ -909,9 +908,11 @@ python do_create_kernel_config_spdx() {
         except Exception as e:
             bb.error(f"Failed to parse kernel config file: {e}")
 
-        build, build_objset = oe.sbom30.find_root_obj_in_jsonld(
-            d, "recipes", f"recipe-{pn}", oe.spdx30.build_Build
-        )
+        path = oe.sbom30.jsonld_arch_path(d, pkg_arch, "recipes", f"recipe-{pn}", deploydir=deploydir)
+        build_objset = oe.sbom30.load_jsonld(d, path, required=True)
+        build = build_objset.find_root(oe.spdx30.build_Build)
+        if not build:
+            bb.fatal("No root %s found in %s" % (oe.spdx30.build_Build.__name__, path))
 
         kernel_build = build_objset.add_root(
             oe.spdx30.build_Build(
@@ -930,9 +931,11 @@ python do_create_kernel_config_spdx() {
             [kernel_build]
         )
 
-        oe.sbom30.write_jsonld_doc(d, build_objset, deploydir / pkg_arch / "recipes" / f"recipe-{pn}.spdx.json")
+        oe.sbom30.write_jsonld_doc(d, build_objset, path)
+
+    create_kernel_config_spdx(d)
 }
-do_create_kernel_config_spdx[depends] = "virtual/kernel:do_configure"
+do_create_spdx[depends] += "virtual/kernel:do_configure"
 
 # Add using Device Tree support
 inherit kernel-devicetree
diff --git a/meta/lib/oeqa/selftest/cases/spdx.py b/meta/lib/oeqa/selftest/cases/spdx.py
index 035f3fe3363..3373988ca40 100644
--- a/meta/lib/oeqa/selftest/cases/spdx.py
+++ b/meta/lib/oeqa/selftest/cases/spdx.py
@@ -298,7 +298,7 @@ class SPDX30Check(SPDX3CheckBase, OESelftestTestCase):
         objset = self.check_recipe_spdx(
             kernel_recipe,
             spdx_path,
-            task="do_create_kernel_config_spdx",
+            task="do_create_spdx",
             extraconf="""\
                 INHERIT += "create-spdx"
                 SPDX_INCLUDE_KERNEL_CONFIG = "1"

[OE-core][scarthgap 06/30] qemu: fix for CVE-2025-11234

[Yoann Congal]

From: Hitendra Prajapati <hprajapati@mvista.com>

This patch fix use after free in websocket handshake code.

Backport patch from debian refer :
https://security-tracker.debian.org/tracker/CVE-2025-11234

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-devtools/qemu/qemu.inc           |   2 +
 .../qemu/qemu/CVE-2025-11234-01.patch         |  72 ++++++++
 .../qemu/qemu/CVE-2025-11234-02.patch         | 174 ++++++++++++++++++
 3 files changed, 248 insertions(+)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-11234-01.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-11234-02.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index 54644dd9241..b688c2bd125 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -45,6 +45,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
            file://CVE-2025-12464.patch \
            file://0001-python-backport-Remove-deprecated-get_event_loop-cal.patch \
            file://0002-python-backport-avoid-creating-additional-event-loop.patch \
+           file://CVE-2025-11234-01.patch \
+           file://CVE-2025-11234-02.patch \
            "
 UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
 
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2025-11234-01.patch b/meta/recipes-devtools/qemu/qemu/CVE-2025-11234-01.patch
new file mode 100644
index 00000000000..c3797bc66f6
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2025-11234-01.patch
@@ -0,0 +1,72 @@
+From 911c814c8cc5f836286bd96694843036db83e99f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 30 Sep 2025 11:58:35 +0100
+Subject: [PATCH] io: move websock resource release to close method
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The QIOChannelWebsock object releases all its resources in the
+finalize callback. This is later than desired, as callers expect
+to be able to call qio_channel_close() to fully close a channel
+and release resources related to I/O.
+
+The logic in the finalize method is at most a failsafe to handle
+cases where a consumer forgets to call qio_channel_close.
+
+This adds equivalent logic to the close method to release the
+resources, using g_clear_handle_id/g_clear_pointer to be robust
+against repeated invocations. The finalize method is tweaked
+so that the GSource is removed before releasing the underlying
+channel.
+
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 322c3c4f3abee616a18b3bfe563ec29dd67eae63)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+CVE: CVE-2025-11234
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/911c814c8cc5f836286bd96694843036db83e99f]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ io/channel-websock.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/io/channel-websock.c b/io/channel-websock.c
+index de39f0d18..1aac3c88a 100644
+--- a/io/channel-websock.c
++++ b/io/channel-websock.c
+@@ -922,13 +922,13 @@ static void qio_channel_websock_finalize(Object *obj)
+     buffer_free(&ioc->encinput);
+     buffer_free(&ioc->encoutput);
+     buffer_free(&ioc->rawinput);
+-    object_unref(OBJECT(ioc->master));
+     if (ioc->io_tag) {
+         g_source_remove(ioc->io_tag);
+     }
+     if (ioc->io_err) {
+         error_free(ioc->io_err);
+     }
++    object_unref(OBJECT(ioc->master));
+ }
+ 
+ 
+@@ -1219,6 +1219,15 @@ static int qio_channel_websock_close(QIOChannel *ioc,
+     QIOChannelWebsock *wioc = QIO_CHANNEL_WEBSOCK(ioc);
+ 
+     trace_qio_channel_websock_close(ioc);
++    buffer_free(&wioc->encinput);
++    buffer_free(&wioc->encoutput);
++    buffer_free(&wioc->rawinput);
++    if (wioc->io_tag) {
++        g_clear_handle_id(&wioc->io_tag, g_source_remove);
++    }
++    if (wioc->io_err) {
++        g_clear_pointer(&wioc->io_err, error_free);
++    }
+     return qio_channel_close(wioc->master, errp);
+ }
+ 
+-- 
+2.50.1
+
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2025-11234-02.patch b/meta/recipes-devtools/qemu/qemu/CVE-2025-11234-02.patch
new file mode 100644
index 00000000000..364d19457da
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2025-11234-02.patch
@@ -0,0 +1,174 @@
+From cebdbd038e44af56e74272924dc2bf595a51fd8f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 30 Sep 2025 12:03:15 +0100
+Subject: [PATCH] io: fix use after free in websocket handshake code
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the QIOChannelWebsock object is freed while it is waiting to
+complete a handshake, a GSource is leaked. This can lead to the
+callback firing later on and triggering a use-after-free in the
+use of the channel. This was observed in the VNC server with the
+following trace from valgrind:
+
+==2523108== Invalid read of size 4
+==2523108==    at 0x4054A24: vnc_disconnect_start (vnc.c:1296)
+==2523108==    by 0x4054A24: vnc_client_error (vnc.c:1392)
+==2523108==    by 0x4068A09: vncws_handshake_done (vnc-ws.c:105)
+==2523108==    by 0x44863B4: qio_task_complete (task.c:197)
+==2523108==    by 0x448343D: qio_channel_websock_handshake_io (channel-websock.c:588)
+==2523108==    by 0x6EDB862: UnknownInlinedFun (gmain.c:3398)
+==2523108==    by 0x6EDB862: g_main_context_dispatch_unlocked.lto_priv.0 (gmain.c:4249)
+==2523108==    by 0x6EDBAE4: g_main_context_dispatch (gmain.c:4237)
+==2523108==    by 0x45EC79F: glib_pollfds_poll (main-loop.c:287)
+==2523108==    by 0x45EC79F: os_host_main_loop_wait (main-loop.c:310)
+==2523108==    by 0x45EC79F: main_loop_wait (main-loop.c:589)
+==2523108==    by 0x423A56D: qemu_main_loop (runstate.c:835)
+==2523108==    by 0x454F300: qemu_default_main (main.c:37)
+==2523108==    by 0x73D6574: (below main) (libc_start_call_main.h:58)
+==2523108==  Address 0x57a6e0dc is 28 bytes inside a block of size 103,608 free'd
+==2523108==    at 0x5F2FE43: free (vg_replace_malloc.c:989)
+==2523108==    by 0x6EDC444: g_free (gmem.c:208)
+==2523108==    by 0x4053F23: vnc_update_client (vnc.c:1153)
+==2523108==    by 0x4053F23: vnc_refresh (vnc.c:3225)
+==2523108==    by 0x4042881: dpy_refresh (console.c:880)
+==2523108==    by 0x4042881: gui_update (console.c:90)
+==2523108==    by 0x45EFA1B: timerlist_run_timers.part.0 (qemu-timer.c:562)
+=2523108==    by 0x45EC765: main_loop_wait (main-loop.c:600)
+==2523108==    by 0x423A56D: qemu_main_loop (runstate.c:835)
+==2523108==    by 0x454F300: qemu_default_main (main.c:37)
+==2523108==    by 0x73D6574: (below main) (libc_start_call_main.h:58)
+==2523108==  Block was alloc'd at
+==2523108==    at 0x5F343F3: calloc (vg_replace_malloc.c:1675)
+==2523108==    by 0x6EE2F81: g_malloc0 (gmem.c:133)
+==2523108==    by 0x4057DA3: vnc_connect (vnc.c:3245)
+==2523108==    by 0x448591B: qio_net_listener_channel_func (net-listener.c:54)
+==2523108==    by 0x6EDB862: UnknownInlinedFun (gmain.c:3398)
+==2523108==    by 0x6EDB862: g_main_context_dispatch_unlocked.lto_priv.0 (gmain.c:4249)
+==2523108==    by 0x6EDBAE4: g_main_context_dispatch (gmain.c:4237)
+==2523108==    by 0x45EC79F: glib_pollfds_poll (main-loop.c:287)
+==2523108==    by 0x45EC79F: os_host_main_loop_wait (main-loop.c:310)
+==2523108==    by 0x45EC79F: main_loop_wait (main-loop.c:589)
+==2523108==    by 0x423A56D: qemu_main_loop (runstate.c:835)
+==2523108==    by 0x454F300: qemu_default_main (main.c:37)
+==2523108==    by 0x73D6574: (below main) (libc_start_call_main.h:58)
+==2523108==
+
+The above can be reproduced by launching QEMU with
+
+  $ qemu-system-x86_64 -vnc localhost:0,websocket=5700
+
+and then repeatedly running:
+
+  for i in {1..100}; do
+     (echo -n "GET / HTTP/1.1" && sleep 0.05) | nc -w 1 localhost 5700 &
+  done
+
+CVE-2025-11234
+Reported-by: Grant Millar | Cylo <rid@cylo.io>
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit b7a1f2ca45c7865b9e98e02ae605a65fc9458ae9)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+CVE: CVE-2025-11234
+Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/cebdbd038e44af56e74272924dc2bf595a51fd8f]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ include/io/channel-websock.h |  3 ++-
+ io/channel-websock.c         | 22 ++++++++++++++++------
+ 2 files changed, 18 insertions(+), 7 deletions(-)
+
+diff --git a/include/io/channel-websock.h b/include/io/channel-websock.h
+index e180827c5..6700cf894 100644
+--- a/include/io/channel-websock.h
++++ b/include/io/channel-websock.h
+@@ -61,7 +61,8 @@ struct QIOChannelWebsock {
+     size_t payload_remain;
+     size_t pong_remain;
+     QIOChannelWebsockMask mask;
+-    guint io_tag;
++    guint hs_io_tag; /* tracking handshake task */
++    guint io_tag; /* tracking watch task */
+     Error *io_err;
+     gboolean io_eof;
+     uint8_t opcode;
+diff --git a/io/channel-websock.c b/io/channel-websock.c
+index 1aac3c88a..583ea8618 100644
+--- a/io/channel-websock.c
++++ b/io/channel-websock.c
+@@ -545,6 +545,7 @@ static gboolean qio_channel_websock_handshake_send(QIOChannel *ioc,
+         trace_qio_channel_websock_handshake_fail(ioc, error_get_pretty(err));
+         qio_task_set_error(task, err);
+         qio_task_complete(task);
++        wioc->hs_io_tag = 0;
+         return FALSE;
+     }
+ 
+@@ -560,6 +561,7 @@ static gboolean qio_channel_websock_handshake_send(QIOChannel *ioc,
+             trace_qio_channel_websock_handshake_complete(ioc);
+             qio_task_complete(task);
+         }
++        wioc->hs_io_tag = 0;
+         return FALSE;
+     }
+     trace_qio_channel_websock_handshake_pending(ioc, G_IO_OUT);
+@@ -586,6 +588,7 @@ static gboolean qio_channel_websock_handshake_io(QIOChannel *ioc,
+         trace_qio_channel_websock_handshake_fail(ioc, error_get_pretty(err));
+         qio_task_set_error(task, err);
+         qio_task_complete(task);
++        wioc->hs_io_tag = 0;
+         return FALSE;
+     }
+     if (ret == 0) {
+@@ -597,7 +600,7 @@ static gboolean qio_channel_websock_handshake_io(QIOChannel *ioc,
+     error_propagate(&wioc->io_err, err);
+ 
+     trace_qio_channel_websock_handshake_reply(ioc);
+-    qio_channel_add_watch(
++    wioc->hs_io_tag = qio_channel_add_watch(
+         wioc->master,
+         G_IO_OUT,
+         qio_channel_websock_handshake_send,
+@@ -907,11 +910,12 @@ void qio_channel_websock_handshake(QIOChannelWebsock *ioc,
+ 
+     trace_qio_channel_websock_handshake_start(ioc);
+     trace_qio_channel_websock_handshake_pending(ioc, G_IO_IN);
+-    qio_channel_add_watch(ioc->master,
+-                          G_IO_IN,
+-                          qio_channel_websock_handshake_io,
+-                          task,
+-                          NULL);
++    ioc->hs_io_tag = qio_channel_add_watch(
++        ioc->master,
++        G_IO_IN,
++        qio_channel_websock_handshake_io,
++        task,
++        NULL);
+ }
+ 
+ 
+@@ -922,6 +926,9 @@ static void qio_channel_websock_finalize(Object *obj)
+     buffer_free(&ioc->encinput);
+     buffer_free(&ioc->encoutput);
+     buffer_free(&ioc->rawinput);
++    if (ioc->hs_io_tag) {
++        g_source_remove(ioc->hs_io_tag);
++    }
+     if (ioc->io_tag) {
+         g_source_remove(ioc->io_tag);
+     }
+@@ -1222,6 +1229,9 @@ static int qio_channel_websock_close(QIOChannel *ioc,
+     buffer_free(&wioc->encinput);
+     buffer_free(&wioc->encoutput);
+     buffer_free(&wioc->rawinput);
++    if (wioc->hs_io_tag) {
++        g_clear_handle_id(&wioc->hs_io_tag, g_source_remove);
++    }
+     if (wioc->io_tag) {
+         g_clear_handle_id(&wioc->io_tag, g_source_remove);
+     }
+-- 
+2.50.1
+

[OE-core][scarthgap 07/30] libxml-parser-perl: fix for CVE-2006-10003

[Yoann Congal]

From: Hitendra Prajapati <hprajapati@mvista.com>

Pick patch from [1].

[1] https://security-tracker.debian.org/tracker/CVE-2006-10003

More details :
https://nvd.nist.gov/vuln/detail/CVE-2006-10003

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../libxml-parser-perl/CVE-2006-10003.patch   | 73 +++++++++++++++++++
 .../perl/libxml-parser-perl_2.47.bb           |  1 +
 2 files changed, 74 insertions(+)
 create mode 100644 meta/recipes-devtools/perl/libxml-parser-perl/CVE-2006-10003.patch

diff --git a/meta/recipes-devtools/perl/libxml-parser-perl/CVE-2006-10003.patch b/meta/recipes-devtools/perl/libxml-parser-perl/CVE-2006-10003.patch
new file mode 100644
index 00000000000..e9a4b692d2d
--- /dev/null
+++ b/meta/recipes-devtools/perl/libxml-parser-perl/CVE-2006-10003.patch
@@ -0,0 +1,73 @@
+From 08dd37c35ec5e64e26aacb8514437f54708f7fd1 Mon Sep 17 00:00:00 2001
+From: Toddr Bot <toddbot@rinaldo.us>
+Date: Mon, 16 Mar 2026 22:16:11 +0000
+Subject: [PATCH] fix: off-by-one heap buffer overflow in st_serial_stack
+ growth check
+
+When st_serial_stackptr == st_serial_stacksize - 1, the old check
+(stackptr >= stacksize) would not trigger reallocation. The subsequent
+++stackptr then writes at index stacksize, one element past the
+allocated buffer.
+
+Fix by checking stackptr + 1 >= stacksize so the buffer is grown
+before the pre-increment write.
+
+Add a deep nesting test (600 levels) to exercise this code path.
+
+Fixes #39
+
+Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
+
+CVE: CVE-2006-10003
+Upstream-Status: Backport [https://github.com/cpan-authors/XML-Parser/commit/08dd37c35ec5e64e26aacb8514437f54708f7fd1]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ Expat/Expat.xs   |  2 +-
+ t/deep_nesting.t | 22 ++++++++++++++++++++++
+ 2 files changed, 23 insertions(+), 1 deletion(-)
+ create mode 100644 t/deep_nesting.t
+
+diff --git a/Expat/Expat.xs b/Expat/Expat.xs
+index dbad380..f04a0cf 100644
+--- a/Expat/Expat.xs
++++ b/Expat/Expat.xs
+@@ -499,7 +499,7 @@ startElement(void *userData, const char *name, const char **atts)
+     }
+   }
+ 
+-  if (cbv->st_serial_stackptr >= cbv->st_serial_stacksize) {
++  if (cbv->st_serial_stackptr + 1 >= cbv->st_serial_stacksize) {
+     unsigned int newsize = cbv->st_serial_stacksize + 512;
+ 
+     Renew(cbv->st_serial_stack, newsize, unsigned int);
+diff --git a/t/deep_nesting.t b/t/deep_nesting.t
+new file mode 100644
+index 0000000..8237b5f
+--- /dev/null
++++ b/t/deep_nesting.t
+@@ -0,0 +1,22 @@
++BEGIN { print "1..1\n"; }
++
++# Test for deeply nested elements to exercise st_serial_stack reallocation.
++# This catches off-by-one errors in the stack growth check (GH #39).
++
++use XML::Parser;
++
++my $depth = 600;
++
++my $xml = '';
++for my $i (1 .. $depth) {
++    $xml .= "<e$i>";
++}
++for my $i (reverse 1 .. $depth) {
++    $xml .= "</e$i>";
++}
++
++my $p = XML::Parser->new;
++eval { $p->parse($xml) };
++
++print "not " if $@;
++print "ok 1\n";
+-- 
+2.50.1
+
diff --git a/meta/recipes-devtools/perl/libxml-parser-perl_2.47.bb b/meta/recipes-devtools/perl/libxml-parser-perl_2.47.bb
index 803164f713d..6a36b763a83 100644
--- a/meta/recipes-devtools/perl/libxml-parser-perl_2.47.bb
+++ b/meta/recipes-devtools/perl/libxml-parser-perl_2.47.bb
@@ -8,6 +8,7 @@ DEPENDS += "expat"
 
 SRC_URI = "${CPAN_MIRROR}/authors/id/T/TO/TODDR/XML-Parser-${PV}.tar.gz \
            file://0001-Makefile.PL-make-check_lib-cross-friendly.patch \
+           file://CVE-2006-10003.patch \
            "
 
 SRC_URI[sha256sum] = "ad4aae643ec784f489b956abe952432871a622d4e2b5c619e8855accbfc4d1d8"

[OE-core][scarthgap 08/30] python3: fix for CVE-2026-1502

[Yoann Congal]

From: Hitendra Prajapati <hprajapati@mvista.com>

Pick patch from [1] also mentioned at NVD report in [2]

[1] https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-1502
[3] https://security-tracker.debian.org/tracker/CVE-2026-1502

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../python/python3/CVE-2026-1502.patch        | 113 ++++++++++++++++++
 .../python/python3_3.12.13.bb                 |   1 +
 2 files changed, 114 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-1502.patch

diff --git a/meta/recipes-devtools/python/python3/CVE-2026-1502.patch b/meta/recipes-devtools/python/python3/CVE-2026-1502.patch
new file mode 100644
index 00000000000..be6a8379a85
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2026-1502.patch
@@ -0,0 +1,113 @@
+From 05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69 Mon Sep 17 00:00:00 2001
+From: Seth Larson <seth@python.org>
+Date: Fri, 10 Apr 2026 10:21:42 -0500
+Subject: [PATCH] gh-146211: Reject CR/LF in HTTP tunnel request headers
+ (#146212)
+
+Co-authored-by: Illia Volochii <illia.volochii@gmail.com>
+
+CVE: CVE-2026-1502
+Upstream-Status: Backport [https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ Lib/http/client.py                            | 11 ++++-
+ Lib/test/test_httplib.py                      | 45 +++++++++++++++++++
+ ...-03-20-09-29-42.gh-issue-146211.PQVbs7.rst |  2 +
+ 3 files changed, 57 insertions(+), 1 deletion(-)
+ create mode 100644 Misc/NEWS.d/next/Security/2026-03-20-09-29-42.gh-issue-146211.PQVbs7.rst
+
+diff --git a/Lib/http/client.py b/Lib/http/client.py
+index 70451d6..7db4807 100644
+--- a/Lib/http/client.py
++++ b/Lib/http/client.py
+@@ -972,13 +972,22 @@ class HTTPConnection:
+         return ip
+ 
+     def _tunnel(self):
++        if _contains_disallowed_url_pchar_re.search(self._tunnel_host):
++            raise ValueError('Tunnel host can\'t contain control characters %r'
++                             % (self._tunnel_host,))
+         connect = b"CONNECT %s:%d %s\r\n" % (
+             self._wrap_ipv6(self._tunnel_host.encode("idna")),
+             self._tunnel_port,
+             self._http_vsn_str.encode("ascii"))
+         headers = [connect]
+         for header, value in self._tunnel_headers.items():
+-            headers.append(f"{header}: {value}\r\n".encode("latin-1"))
++            header_bytes = header.encode("latin-1")
++            value_bytes = value.encode("latin-1")
++            if not _is_legal_header_name(header_bytes):
++                raise ValueError('Invalid header name %r' % (header_bytes,))
++            if _is_illegal_header_value(value_bytes):
++                raise ValueError('Invalid header value %r' % (value_bytes,))
++            headers.append(b"%s: %s\r\n" % (header_bytes, value_bytes))
+         headers.append(b"\r\n")
+         # Making a single send() call instead of one per line encourages
+         # the host OS to use a more optimal packet size instead of
+diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
+index e46dac0..e027d93 100644
+--- a/Lib/test/test_httplib.py
++++ b/Lib/test/test_httplib.py
+@@ -369,6 +369,51 @@ class HeaderTests(TestCase):
+                 with self.assertRaisesRegex(ValueError, 'Invalid header'):
+                     conn.putheader(name, value)
+ 
++    def test_invalid_tunnel_headers(self):
++        cases = (
++            ('Invalid\r\nName', 'ValidValue'),
++            ('Invalid\rName', 'ValidValue'),
++            ('Invalid\nName', 'ValidValue'),
++            ('\r\nInvalidName', 'ValidValue'),
++            ('\rInvalidName', 'ValidValue'),
++            ('\nInvalidName', 'ValidValue'),
++            (' InvalidName', 'ValidValue'),
++            ('\tInvalidName', 'ValidValue'),
++            ('Invalid:Name', 'ValidValue'),
++            (':InvalidName', 'ValidValue'),
++            ('ValidName', 'Invalid\r\nValue'),
++            ('ValidName', 'Invalid\rValue'),
++            ('ValidName', 'Invalid\nValue'),
++            ('ValidName', 'InvalidValue\r\n'),
++            ('ValidName', 'InvalidValue\r'),
++            ('ValidName', 'InvalidValue\n'),
++        )
++        for name, value in cases:
++            with self.subTest((name, value)):
++                conn = client.HTTPConnection('example.com')
++                conn.set_tunnel('tunnel', headers={
++                    name: value
++                })
++                conn.sock = FakeSocket('')
++                with self.assertRaisesRegex(ValueError, 'Invalid header'):
++                    conn._tunnel()  # Called in .connect()
++
++    def test_invalid_tunnel_host(self):
++        cases = (
++            'invalid\r.host',
++            '\ninvalid.host',
++            'invalid.host\r\n',
++            'invalid.host\x00',
++            'invalid host',
++        )
++        for tunnel_host in cases:
++            with self.subTest(tunnel_host):
++                conn = client.HTTPConnection('example.com')
++                conn.set_tunnel(tunnel_host)
++                conn.sock = FakeSocket('')
++                with self.assertRaisesRegex(ValueError, 'Tunnel host can\'t contain control characters'):
++                    conn._tunnel()  # Called in .connect()
++
+     def test_headers_debuglevel(self):
+         body = (
+             b'HTTP/1.1 200 OK\r\n'
+diff --git a/Misc/NEWS.d/next/Security/2026-03-20-09-29-42.gh-issue-146211.PQVbs7.rst b/Misc/NEWS.d/next/Security/2026-03-20-09-29-42.gh-issue-146211.PQVbs7.rst
+new file mode 100644
+index 0000000..4993633
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2026-03-20-09-29-42.gh-issue-146211.PQVbs7.rst
+@@ -0,0 +1,2 @@
++Reject CR/LF characters in tunnel request headers for the
++HTTPConnection.set_tunnel() method.
+-- 
+2.50.1
+
diff --git a/meta/recipes-devtools/python/python3_3.12.13.bb b/meta/recipes-devtools/python/python3_3.12.13.bb
index 5fa25235fe8..da7e3c604e0 100644
--- a/meta/recipes-devtools/python/python3_3.12.13.bb
+++ b/meta/recipes-devtools/python/python3_3.12.13.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
 	   file://0001-test_deadlock-skip-problematic-test.patch \
 	   file://0001-test_active_children-skip-problematic-test.patch \
            file://0001-test_readline-skip-limited-history-test.patch \
+           file://CVE-2026-1502.patch \
            "
 
 SRC_URI:append:class-native = " \

[OE-core][scarthgap 09/30] python3: fix CVE-2026-6100

[Yoann Congal]

From: Hitendra Prajapati <hprajapati@mvista.com>

Pick patch from [1] also mentioned at NVD report in [2]

[1] https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-6100
[3] https://security-tracker.debian.org/tracker/CVE-2026-6100

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../python/python3/CVE-2026-6100.patch        | 75 +++++++++++++++++++
 .../python/python3_3.12.13.bb                 |  1 +
 2 files changed, 76 insertions(+)
 create mode 100644 meta/recipes-devtools/python/python3/CVE-2026-6100.patch

diff --git a/meta/recipes-devtools/python/python3/CVE-2026-6100.patch b/meta/recipes-devtools/python/python3/CVE-2026-6100.patch
new file mode 100644
index 00000000000..9084101434b
--- /dev/null
+++ b/meta/recipes-devtools/python/python3/CVE-2026-6100.patch
@@ -0,0 +1,75 @@
+From c3cf71c3366fe49acb776a639405c0eea6169c20 Mon Sep 17 00:00:00 2001
+From: "Miss Islington (bot)"
+ <31488909+miss-islington@users.noreply.github.com>
+Date: Mon, 13 Apr 2026 03:35:24 +0200
+Subject: [PATCH] [3.13] gh-148395: Fix a possible UAF in
+ `{LZMA,BZ2,_Zlib}Decompressor` (GH-148396) (#148479)
+
+gh-148395: Fix a possible UAF in `{LZMA,BZ2,_Zlib}Decompressor` (GH-148396)
+
+Fix dangling input pointer after `MemoryError` in _lzma/_bz2/_ZlibDecompressor.decompress
+(cherry picked from commit 8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2)
+
+Co-authored-by: Stan Ulbrych <stan@python.org>
+
+CVE: CVE-2026-6100
+Upstream-Status: Backport [https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ .../Security/2026-04-10-16-28-21.gh-issue-148395.kfzm0G.rst  | 5 +++++
+ Modules/_bz2module.c                                         | 1 +
+ Modules/_lzmamodule.c                                        | 1 +
+ Modules/zlibmodule.c                                         | 1 +
+ 4 files changed, 8 insertions(+)
+ create mode 100644 Misc/NEWS.d/next/Security/2026-04-10-16-28-21.gh-issue-148395.kfzm0G.rst
+
+diff --git a/Misc/NEWS.d/next/Security/2026-04-10-16-28-21.gh-issue-148395.kfzm0G.rst b/Misc/NEWS.d/next/Security/2026-04-10-16-28-21.gh-issue-148395.kfzm0G.rst
+new file mode 100644
+index 0000000..9502189
+--- /dev/null
++++ b/Misc/NEWS.d/next/Security/2026-04-10-16-28-21.gh-issue-148395.kfzm0G.rst
+@@ -0,0 +1,5 @@
++Fix a dangling input pointer in :class:`lzma.LZMADecompressor`,
++:class:`bz2.BZ2Decompressor`, and internal :class:`!zlib._ZlibDecompressor`
++when memory allocation fails with :exc:`MemoryError`, which could let a
++subsequent :meth:`!decompress` call read or write through a stale pointer to
++the already-released caller buffer.
+diff --git a/Modules/_bz2module.c b/Modules/_bz2module.c
+index 97bd44b..a732e89 100644
+--- a/Modules/_bz2module.c
++++ b/Modules/_bz2module.c
+@@ -587,6 +587,7 @@ decompress(BZ2Decompressor *d, char *data, size_t len, Py_ssize_t max_length)
+     return result;
+ 
+ error:
++    bzs->next_in = NULL;
+     Py_XDECREF(result);
+     return NULL;
+ }
+diff --git a/Modules/_lzmamodule.c b/Modules/_lzmamodule.c
+index 7bbd656..103a6ef 100644
+--- a/Modules/_lzmamodule.c
++++ b/Modules/_lzmamodule.c
+@@ -1114,6 +1114,7 @@ decompress(Decompressor *d, uint8_t *data, size_t len, Py_ssize_t max_length)
+     return result;
+ 
+ error:
++    lzs->next_in = NULL;
+     Py_XDECREF(result);
+     return NULL;
+ }
+diff --git a/Modules/zlibmodule.c b/Modules/zlibmodule.c
+index f94c57e..9759593 100644
+--- a/Modules/zlibmodule.c
++++ b/Modules/zlibmodule.c
+@@ -1645,6 +1645,7 @@ decompress(ZlibDecompressor *self, uint8_t *data,
+     return result;
+ 
+ error:
++    self->zst.next_in = NULL;
+     Py_XDECREF(result);
+     return NULL;
+ }
+-- 
+2.50.1
+
diff --git a/meta/recipes-devtools/python/python3_3.12.13.bb b/meta/recipes-devtools/python/python3_3.12.13.bb
index da7e3c604e0..4865178572c 100644
--- a/meta/recipes-devtools/python/python3_3.12.13.bb
+++ b/meta/recipes-devtools/python/python3_3.12.13.bb
@@ -35,6 +35,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \
 	   file://0001-test_active_children-skip-problematic-test.patch \
            file://0001-test_readline-skip-limited-history-test.patch \
            file://CVE-2026-1502.patch \
+           file://CVE-2026-6100.patch \
            "
 
 SRC_URI:append:class-native = " \

[OE-core][scarthgap 10/30] xserver-xorg: Fix CVE-2026-33999

[Yoann Congal]

From: Vijay Anusuri <vanusuri@mvista.com>

Pick patch according to [1]

[1] https://lists.x.org/archives/xorg-announce/2026-April/003677.html
[2] https://security-tracker.debian.org/tracker/CVE-2026-33999

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../xserver-xorg/CVE-2026-33999.patch         | 49 +++++++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.18.bb      |  1 +
 2 files changed, 50 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-33999.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-33999.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-33999.patch
new file mode 100644
index 00000000000..cd3bf47397d
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-33999.patch
@@ -0,0 +1,49 @@
+From b024ae1749ee58c6fbf863b9a1f5dc440fee2e1b Mon Sep 17 00:00:00 2001
+From: Peter Harris <pharris2@rocketsoftware.com>
+Date: Thu, 15 Jan 2026 15:54:09 -0500
+Subject: [PATCH] xkb: fix buffer re-use in _XkbSetCompatMap
+
+If the "compat" buffer has previously been truncated, there will be
+unused space in the buffer. The code uses this space, but does not
+update the number of valid entries in the buffer.
+
+In the best case, this leads to the new compat entries being ignored. In the
+worst case, if there are any "skipped" compat entries, the number of
+valid entries will be corrupted, potentially leading to a buffer read
+overrun when processing a future request.
+
+Set the number of used "compat" entries when re-using previously
+allocated space in the buffer.
+
+CVE-2026-33999, ZDI-CAN-28593
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with TrendAI Zero Day Initiative
+
+Signed-off-by: Peter Harris <pharris2@rocketsoftware.com>
+Acked-by: Olivier Fourdan <ofourdan@redhat.com>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2176>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b024ae1749ee58c6fbf863b9a1f5dc440fee2e1b]
+CVE: CVE-2026-33999
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/xkb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 137d70d..2b9004a 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -3004,7 +3004,7 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev,
+                 return BadAlloc;
+             }
+         }
+-        else if (req->truncateSI) {
++        else if (req->truncateSI || req->firstSI + req->nSI > compat->num_si) {
+             compat->num_si = req->firstSI + req->nSI;
+         }
+         sym = &compat->sym_interpret[req->firstSI];
+-- 
+2.43.0
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
index 7f6197a0b41..ef7f5c5bdb9 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
@@ -5,6 +5,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
             file://0002-xkb-Make-the-RT_XKBCLIENT-resource-private.patch \
             file://0003-xkb-Free-the-XKB-resource-when-freeing-XkbInterest.patch \
             file://0004-xkb-Prevent-overflow-in-XkbSetCompatMap.patch \
+            file://CVE-2026-33999.patch \
             "
 SRC_URI[sha256sum] = "c878d1930d87725d4a5bf498c24f4be8130d5b2646a9fd0f2994deff90116352"
 

[OE-core][scarthgap 11/30] xserver-xorg: Fix CVE-2026-34000

[Yoann Congal]

From: Vijay Anusuri <vanusuri@mvista.com>

Pick patch according to [1]

[1] https://lists.x.org/archives/xorg-announce/2026-April/003677.html
[2] https://security-tracker.debian.org/tracker/CVE-2026-34000

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../xserver-xorg/CVE-2026-34000.patch         | 72 +++++++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.18.bb      |  1 +
 2 files changed, 73 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34000.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34000.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34000.patch
new file mode 100644
index 00000000000..7ce7cfa80c0
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34000.patch
@@ -0,0 +1,72 @@
+From 81b6a34f90b28c32ad499a78a4f391b7c06daea2 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 18 Feb 2026 16:03:11 +0100
+Subject: [PATCH] xkb: Fix bounds check in _CheckSetGeom()
+
+As reported by valgrind:
+
+  == Conditional jump or move depends on uninitialised value(s)
+  ==    at 0x5CBE66: SrvXkbAddGeomKeyAlias (XKBGAlloc.c:585)
+  ==    by 0x5AC7D5: _CheckSetGeom (xkb.c:5607)
+  ==    by 0x5AC952: _XkbSetGeometry (xkb.c:5643)
+  ==    by 0x5ACB58: ProcXkbSetGeometry (xkb.c:5684)
+  ==    by 0x5B0DAC: ProcXkbDispatch (xkb.c:7070)
+  ==    by 0x4A28C5: Dispatch (dispatch.c:553)
+  ==    by 0x4B0B24: dix_main (main.c:274)
+  ==    by 0x42915E: main (stubmain.c:34)
+  ==  Uninitialised value was created by a heap allocation
+  ==    at 0x4840B26: malloc (vg_replace_malloc.c:447)
+  ==    by 0x5E13B0: AllocateInputBuffer (io.c:981)
+  ==    by 0x5E05CD: InsertFakeRequest (io.c:516)
+  ==    by 0x4AA860: NextAvailableClient (dispatch.c:3629)
+  ==    by 0x5DE0D7: AllocNewConnection (connection.c:628)
+  ==    by 0x5DE2C6: EstablishNewConnections (connection.c:692)
+  ==    by 0x5DE600: HandleNotifyFd (connection.c:809)
+  ==    by 0x5E2598: ospoll_wait (ospoll.c:660)
+  ==    by 0x5DA00C: WaitForSomething (WaitFor.c:208)
+  ==    by 0x4A26E5: Dispatch (dispatch.c:493)
+  ==    by 0x4B0B24: dix_main (main.c:274)
+  ==    by 0x42915E: main (stubmain.c:34)
+
+Each key alias entry contains two key names (the alias and the real key
+name), each of size XkbKeyNameLength.
+
+The current bounds check only validates the first name, allowing
+XkbAddGeomKeyAlias to potentially read uninitialized memory when
+accessing the second name at &wire[XkbKeyNameLength].
+
+To fix this, change the value to check to use 2 * XkbKeyNameLength to
+validate the bounds.
+
+CVE-2026-34000, ZDI-CAN-28679
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with TrendAI Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2176>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/81b6a34f90b28c32ad499a78a4f391b7c06daea2]
+CVE: CVE-2026-34000
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/xkb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 2b9004a..1ba638b 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -5603,7 +5603,7 @@ _CheckSetGeom(XkbGeometryPtr geom, xkbSetGeometryReq * req, ClientPtr client)
+     }
+ 
+     for (i = 0; i < req->nKeyAliases; i++) {
+-        if (!_XkbCheckRequestBounds(client, req, wire, wire + XkbKeyNameLength))
++        if (!_XkbCheckRequestBounds(client, req, wire, wire + 2 * XkbKeyNameLength))
+                 return BadLength;
+ 
+         if (XkbAddGeomKeyAlias(geom, &wire[XkbKeyNameLength], wire) == NULL)
+-- 
+2.43.0
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
index ef7f5c5bdb9..658a608b5ea 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
@@ -6,6 +6,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
             file://0003-xkb-Free-the-XKB-resource-when-freeing-XkbInterest.patch \
             file://0004-xkb-Prevent-overflow-in-XkbSetCompatMap.patch \
             file://CVE-2026-33999.patch \
+            file://CVE-2026-34000.patch \
             "
 SRC_URI[sha256sum] = "c878d1930d87725d4a5bf498c24f4be8130d5b2646a9fd0f2994deff90116352"
 

[OE-core][scarthgap 12/30] xserver-xorg: Fix CVE-2026-34001

[Yoann Congal]

From: Vijay Anusuri <vanusuri@mvista.com>

Pick patch according to [1]

[1] https://lists.x.org/archives/xorg-announce/2026-April/003677.html
[2] https://security-tracker.debian.org/tracker/CVE-2026-34001

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../xserver-xorg/CVE-2026-34001.patch         | 104 ++++++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.18.bb      |   1 +
 2 files changed, 105 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34001.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34001.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34001.patch
new file mode 100644
index 00000000000..a438f5ffcdd
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34001.patch
@@ -0,0 +1,104 @@
+From f19ab94ba9c891d801231654267556dc7f32b5e0 Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 18 Feb 2026 16:23:23 +0100
+Subject: [PATCH] miext/sync: Fix use-after-free in miSyncTriggerFence()
+
+As reported by valgrind:
+
+  == Invalid read of size 8
+  ==    at 0x568C14: miSyncTriggerFence (misync.c:140)
+  ==    by 0x540688: ProcSyncTriggerFence (sync.c:1957)
+  ==    by 0x540CCC: ProcSyncDispatch (sync.c:2152)
+  ==    by 0x4A28C5: Dispatch (dispatch.c:553)
+  ==    by 0x4B0B24: dix_main (main.c:274)
+  ==    by 0x42915E: main (stubmain.c:34)
+  ==  Address 0x17e35488 is 8 bytes inside a block of size 16 free'd
+  ==    at 0x4843E43: free (vg_replace_malloc.c:990)
+  ==    by 0x53D683: SyncDeleteTriggerFromSyncObject (sync.c:169)
+  ==    by 0x53F14D: FreeAwait (sync.c:1208)
+  ==    by 0x4DFB06: doFreeResource (resource.c:888)
+  ==    by 0x4DFC59: FreeResource (resource.c:918)
+  ==    by 0x53E349: SyncAwaitTriggerFired (sync.c:701)
+  ==    by 0x568C52: miSyncTriggerFence (misync.c:142)
+  ==    by 0x540688: ProcSyncTriggerFence (sync.c:1957)
+  ==    by 0x540CCC: ProcSyncDispatch (sync.c:2152)
+  ==    by 0x4A28C5: Dispatch (dispatch.c:553)
+  ==    by 0x4B0B24: dix_main (main.c:274)
+  ==    by 0x42915E: main (stubmain.c:34)
+  ==  Block was alloc'd at
+  ==    at 0x4840B26: malloc (vg_replace_malloc.c:447)
+  ==    by 0x5E50E1: XNFalloc (utils.c:1129)
+  ==    by 0x53D772: SyncAddTriggerToSyncObject (sync.c:206)
+  ==    by 0x53DCA8: SyncInitTrigger (sync.c:414)
+  ==    by 0x5409C7: ProcSyncAwaitFence (sync.c:2089)
+  ==    by 0x540D04: ProcSyncDispatch (sync.c:2160)
+  ==    by 0x4A28C5: Dispatch (dispatch.c:553)
+  ==    by 0x4B0B24: dix_main (main.c:274)
+  ==    by 0x42915E: main (stubmain.c:34)
+
+When walking the list of fences to trigger, miSyncTriggerFence() may
+call TriggerFence() for the current trigger, which end up calling the
+function SyncAwaitTriggerFired().
+
+SyncAwaitTriggerFired() frees the entire await resource, which removes
+all triggers from that await - including pNext which may be another
+trigger from the same await attached to the same fence.
+
+On the next iteration, ptl = pNext points to freed memory...
+
+To avoid the issue, we need to restart the iteration from the beginning
+of the list each time a trigger fires, since the callback can modify the
+list.
+
+CVE-2026-34001, ZDI-CAN-28706
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with TrendAI Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2176>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/f19ab94ba9c891d801231654267556dc7f32b5e0]
+CVE: CVE-2026-34001
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ miext/sync/misync.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/miext/sync/misync.c b/miext/sync/misync.c
+index 0931803..e11eba2 100644
+--- a/miext/sync/misync.c
++++ b/miext/sync/misync.c
+@@ -131,16 +131,22 @@ miSyncDestroyFence(SyncFence * pFence)
+ void
+ miSyncTriggerFence(SyncFence * pFence)
+ {
+-    SyncTriggerList *ptl, *pNext;
++    SyncTriggerList *ptl;
++    Bool triggered;
+ 
+     pFence->funcs.SetTriggered(pFence);
+ 
+     /* run through triggers to see if any fired */
+-    for (ptl = pFence->sync.pTriglist; ptl; ptl = pNext) {
+-        pNext = ptl->next;
+-        if ((*ptl->pTrigger->CheckTrigger) (ptl->pTrigger, 0))
+-            (*ptl->pTrigger->TriggerFired) (ptl->pTrigger);
+-    }
++    do {
++	triggered = FALSE;
++	for (ptl = pFence->sync.pTriglist; ptl; ptl = ptl->next) {
++	    if ((*ptl->pTrigger->CheckTrigger) (ptl->pTrigger, 0)) {
++                (*ptl->pTrigger->TriggerFired) (ptl->pTrigger);
++		triggered = TRUE;
++		break;
++	    }
++        }
++    } while (triggered);
+ }
+ 
+ SyncScreenFuncsPtr
+-- 
+2.43.0
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
index 658a608b5ea..dfed2c2437c 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
@@ -7,6 +7,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
             file://0004-xkb-Prevent-overflow-in-XkbSetCompatMap.patch \
             file://CVE-2026-33999.patch \
             file://CVE-2026-34000.patch \
+            file://CVE-2026-34001.patch \
             "
 SRC_URI[sha256sum] = "c878d1930d87725d4a5bf498c24f4be8130d5b2646a9fd0f2994deff90116352"
 

[OE-core][scarthgap 13/30] xserver-xorg: Fix CVE-2026-34002

[Yoann Congal]

From: Vijay Anusuri <vanusuri@mvista.com>

Pick patch according to [1]

[1] https://lists.x.org/archives/xorg-announce/2026-April/003677.html
[2] https://security-tracker.debian.org/tracker/CVE-2026-34002

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../xserver-xorg/CVE-2026-34002.patch         | 93 +++++++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.18.bb      |  1 +
 2 files changed, 94 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34002.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34002.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34002.patch
new file mode 100644
index 00000000000..131caefcd5e
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34002.patch
@@ -0,0 +1,93 @@
+From f056ce1cc96ed9261052c31524162c78e458f98c Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Wed, 18 Feb 2026 17:02:09 +0100
+Subject: [PATCH] xkb: Fix out-of-bounds read in CheckModifierMap()
+
+As reported by valgrind:
+
+  == Conditional jump or move depends on uninitialised value(s)
+  ==    at 0x547E5B: CheckModifierMap (xkb.c:1972)
+  ==    by 0x54A086: _XkbSetMapChecks (xkb.c:2574)
+  ==    by 0x54A845: ProcXkbSetMap (xkb.c:2741)
+  ==    by 0x556EF4: ProcXkbDispatch (xkb.c:7048)
+  ==    by 0x454A8C: Dispatch (dispatch.c:553)
+  ==    by 0x462CEB: dix_main (main.c:274)
+  ==    by 0x405EA7: main (stubmain.c:34)
+  ==  Uninitialised value was created by a heap allocation
+  ==    at 0x4840B26: malloc (vg_replace_malloc.c:447)
+  ==    by 0x592D5A: AllocateInputBuffer (io.c:981)
+  ==    by 0x591F77: InsertFakeRequest (io.c:516)
+  ==    by 0x45CA27: NextAvailableClient (dispatch.c:3629)
+  ==    by 0x58FA81: AllocNewConnection (connection.c:628)
+  ==    by 0x58FC70: EstablishNewConnections (connection.c:692)
+  ==    by 0x58FFAA: HandleNotifyFd (connection.c:809)
+  ==    by 0x593F42: ospoll_wait (ospoll.c:660)
+  ==    by 0x58B9B6: WaitForSomething (WaitFor.c:208)
+  ==    by 0x4548AC: Dispatch (dispatch.c:493)
+  ==    by 0x462CEB: dix_main (main.c:274)
+  ==    by 0x405EA7: main (stubmain.c:34)
+
+The issue is that the loop in CheckModifierMap() reads from wire without
+verifying that the data is within the request bounds.
+
+The req->totalModMapKeys value could exceed the actual data provided,
+causing reads of uninitialized memory.
+
+To fix that issue, we add a bounds check using _XkbCheckRequestBounds,
+but for that, we need to also pass a ClientPtr parameter, which is not
+a problem since CheckModifierMap() is a private, static function.
+
+CVE-2026-34002, ZDI-CAN-28737
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2176>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/f056ce1cc96ed9261052c31524162c78e458f98c]
+CVE: CVE-2026-34002
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/xkb.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 1ba638b..3fcc6c4 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -1940,8 +1940,8 @@ CheckKeyExplicit(XkbDescPtr xkb,
+ }
+ 
+ static int
+-CheckModifierMap(XkbDescPtr xkb, xkbSetMapReq * req, CARD8 **wireRtrn,
+-                 int *errRtrn)
++CheckModifierMap(ClientPtr client, XkbDescPtr xkb, xkbSetMapReq * req,
++                 CARD8 **wireRtrn, int *errRtrn)
+ {
+     register CARD8 *wire = *wireRtrn;
+     CARD8 *start;
+@@ -1965,6 +1965,10 @@ CheckModifierMap(XkbDescPtr xkb, xkbSetMapReq * req, CARD8 **wireRtrn,
+     }
+     start = wire;
+     for (i = 0; i < req->totalModMapKeys; i++, wire += 2) {
++	if (!_XkbCheckRequestBounds(client, req, wire, wire + 2)) {
++	    *errRtrn = _XkbErrCode3(0x64, req->totalModMapKeys, i);
++	    return 0;
++	}
+         if ((wire[0] < first) || (wire[0] > last)) {
+             *errRtrn = _XkbErrCode4(0x63, first, last, wire[0]);
+             return 0;
+@@ -2568,7 +2572,7 @@ _XkbSetMapChecks(ClientPtr client, DeviceIntPtr dev, xkbSetMapReq * req,
+         return BadValue;
+     }
+     if ((req->present & XkbModifierMapMask) &&
+-        (!CheckModifierMap(xkb, req, (CARD8 **) &values, &error))) {
++        (!CheckModifierMap(client, xkb, req, (CARD8 **) &values, &error))) {
+         client->errorValue = error;
+         return BadValue;
+     }
+-- 
+2.43.0
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
index dfed2c2437c..2f7edd16a19 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
             file://CVE-2026-33999.patch \
             file://CVE-2026-34000.patch \
             file://CVE-2026-34001.patch \
+            file://CVE-2026-34002.patch \
             "
 SRC_URI[sha256sum] = "c878d1930d87725d4a5bf498c24f4be8130d5b2646a9fd0f2994deff90116352"
 

[OE-core][scarthgap 14/30] xserver-xorg: Fix CVE-2026-34003

[Yoann Congal]

From: Vijay Anusuri <vanusuri@mvista.com>

Pick patch according to [1]

[1] https://lists.x.org/archives/xorg-announce/2026-April/003677.html
[2] https://security-tracker.debian.org/tracker/CVE-2026-34003

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../xserver-xorg/CVE-2026-34003-1.patch       | 113 +++++++++
 .../xserver-xorg/CVE-2026-34003-2.patch       | 223 ++++++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.18.bb      |   2 +
 3 files changed, 338 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34003-1.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34003-2.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34003-1.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34003-1.patch
new file mode 100644
index 00000000000..3a1a9db8cb3
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34003-1.patch
@@ -0,0 +1,113 @@
+From b85b00dd7b9eee05e3c12e7ad1fce4fc6671507b Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 23 Feb 2026 15:52:49 +0100
+Subject: [PATCH] xkb: Add additional bound checking in CheckKeyTypes()
+
+The function CheckKeyTypes() will loop over the client's request but
+won't perform any additional bound checking to ensure that the data
+read remains within the request bounds.
+
+As a result, a specifically crafted request may cause CheckKeyTypes() to
+read past the request data, as reported by valgrind:
+
+  == Invalid read of size 2
+  ==    at 0x5A3D1D: CheckKeyTypes (xkb.c:1694)
+  ==    by 0x5A6A9C: _XkbSetMapChecks (xkb.c:2515)
+  ==    by 0x5A759E: ProcXkbSetMap (xkb.c:2736)
+  ==    by 0x5BF832: SProcXkbSetMap (xkbSwap.c:245)
+  ==    by 0x5C05ED: SProcXkbDispatch (xkbSwap.c:501)
+  ==    by 0x4A20DF: Dispatch (dispatch.c:551)
+  ==    by 0x4B03B4: dix_main (main.c:277)
+  ==    by 0x428941: main (stubmain.c:34)
+  ==  Address is 30 bytes after a block of size 28,672 in arena "client"
+  ==
+  == Invalid read of size 2
+  ==    at 0x5A3AB6: CheckKeyTypes (xkb.c:1669)
+  ==    by 0x5A6A9C: _XkbSetMapChecks (xkb.c:2515)
+  ==    by 0x5A759E: ProcXkbSetMap (xkb.c:2736)
+  ==    by 0x5BF832: SProcXkbSetMap (xkbSwap.c:245)
+  ==    by 0x5C05ED: SProcXkbDispatch (xkbSwap.c:501)
+  ==    by 0x4A20DF: Dispatch (dispatch.c:551)
+  ==    by 0x4B03B4: dix_main (main.c:277)
+  ==    by 0x428941: main (stubmain.c:34)
+  ==  Address is 2 bytes after a block of size 28,672 alloc'd
+  ==    at 0x4848897: realloc (vg_replace_malloc.c:1804)
+  ==    by 0x5E357A: ReadRequestFromClient (io.c:336)
+  ==    by 0x4A1FAB: Dispatch (dispatch.c:519)
+  ==    by 0x4B03B4: dix_main (main.c:277)
+  ==    by 0x428941: main (stubmain.c:34)
+  ==
+  == Invalid write of size 2
+  ==    at 0x5A3AD7: CheckKeyTypes (xkb.c:1669)
+  ==    by 0x5A6A9C: _XkbSetMapChecks (xkb.c:2515)
+  ==    by 0x5A759E: ProcXkbSetMap (xkb.c:2736)
+  ==    by 0x5BF832: SProcXkbSetMap (xkbSwap.c:245)
+  ==    by 0x5C05ED: SProcXkbDispatch (xkbSwap.c:501)
+  ==    by 0x4A20DF: Dispatch (dispatch.c:551)
+  ==    by 0x4B03B4: dix_main (main.c:277)
+  ==    by 0x428941: main (stubmain.c:34)
+  ==  Address is 2 bytes after a block of size 28,672 alloc'd
+  ==    at 0x4848897: realloc (vg_replace_malloc.c:1804)
+  ==    by 0x5E357A: ReadRequestFromClient (io.c:336)
+  ==    by 0x4A1FAB: Dispatch (dispatch.c:519)
+  ==    by 0x4B03B4: dix_main (main.c:277)
+  ==    by 0x428941: main (stubmain.c:34)
+  ==
+
+To avoid that issue, add additional bounds checking within the loops by
+calling _XkbCheckRequestBounds() and report an error if we are to read
+past the client's request.
+
+CVE-2026-34003, ZDI-CAN-28736
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with TrendAI Zero Day Initiative
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2176>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/b85b00dd7b9eee05e3c12e7ad1fce4fc6671507b]
+CVE: CVE-2026-34003
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/xkb.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 3fcc6c4..0ef634b 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -1639,6 +1639,10 @@ CheckKeyTypes(ClientPtr client,
+     for (i = 0; i < req->nTypes; i++) {
+         unsigned width;
+ 
++	if (!_XkbCheckRequestBounds(client, req, wire, wire + 1)) {
++	    *nMapsRtrn = _XkbErrCode3(0x0b, req->nTypes, i);
++	    return 0;
++	}
+         if (client->swapped && doswap) {
+             swaps(&wire->virtualMods);
+         }
+@@ -1664,7 +1668,18 @@ CheckKeyTypes(ClientPtr client,
+             xkbModsWireDesc *preWire;
+ 
+             mapWire = (xkbKTSetMapEntryWireDesc *) &wire[1];
++	    if (!_XkbCheckRequestBounds(client, req, mapWire,
++				        &mapWire[wire->nMapEntries])) {
++		*nMapsRtrn = _XkbErrCode3(0x0c, i, wire->nMapEntries);
++		return 0;
++	    }
+             preWire = (xkbModsWireDesc *) &mapWire[wire->nMapEntries];
++	    if (wire->preserve &&
++		!_XkbCheckRequestBounds(client, req, preWire,
++			                &preWire[wire->nMapEntries])) {
++		*nMapsRtrn = _XkbErrCode3(0x0d, i, wire->nMapEntries);
++		return 0;
++	    }
+             for (n = 0; n < wire->nMapEntries; n++) {
+                 if (client->swapped && doswap) {
+                     swaps(&mapWire[n].virtualMods);
+-- 
+2.43.0
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34003-2.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34003-2.patch
new file mode 100644
index 00000000000..15b2b946d50
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2026-34003-2.patch
@@ -0,0 +1,223 @@
+From d38c563fab5c4a554e0939da39e4d1dadef7cbae Mon Sep 17 00:00:00 2001
+From: Olivier Fourdan <ofourdan@redhat.com>
+Date: Mon, 2 Mar 2026 14:09:57 +0100
+Subject: [PATCH] xkb: Add more _XkbCheckRequestBounds()
+
+Similar to the recent fixes, add more _XkbCheckRequestBounds() to the
+functions that loop over the request data, i.e.:
+
+ * CheckKeySyms()
+ * CheckKeyActions()
+ * CheckKeyBehaviors()
+ * CheckVirtualMods()
+ * CheckKeyExplicit()
+ * CheckVirtualModMap()
+ * _XkbSetMapChecks()
+
+All these are static functions so we can add the client to the parameters
+without breaking any API.
+
+See also:
+CVE-2026-34003, ZDI-CAN-28736, CVE-2026-34002, ZDI-CAN-28737
+
+v2: Check for "nSyms != 0" in CheckKeySyms() to avoid false positives.
+
+Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
+Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
+Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/2176>
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/d38c563fab5c4a554e0939da39e4d1dadef7cbae]
+CVE: CVE-2026-34003
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ xkb/xkb.c | 69 ++++++++++++++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 55 insertions(+), 14 deletions(-)
+
+diff --git a/xkb/xkb.c b/xkb/xkb.c
+index 0ef634b..6320914 100644
+--- a/xkb/xkb.c
++++ b/xkb/xkb.c
+@@ -1752,6 +1752,11 @@ CheckKeySyms(ClientPtr client,
+         KeySym *pSyms;
+         register unsigned nG;
+ 
++        /* Check we received enough data to read the next xkbSymMapWireDesc */
++        if (!_XkbCheckRequestBounds(client, req, wire, wire + 1)) {
++            *errorRtrn = _XkbErrCode3(0x18, i + req->firstKeySym, i);
++            return 0;
++        }
+         if (client->swapped && doswap) {
+             swaps(&wire->nSyms);
+         }
+@@ -1790,6 +1795,12 @@ CheckKeySyms(ClientPtr client,
+             return 0;
+         }
+         pSyms = (KeySym *) &wire[1];
++        if (wire->nSyms != 0) {
++            if (!_XkbCheckRequestBounds(client, req, pSyms, &pSyms[wire->nSyms])) {
++                *errorRtrn = _XkbErrCode3(0x19, i + req->firstKeySym, wire->nSyms);
++                return 0;
++            }
++        }
+         wire = (xkbSymMapWireDesc *) &pSyms[wire->nSyms];
+     }
+ 
+@@ -1813,11 +1824,12 @@ CheckKeySyms(ClientPtr client,
+ }
+ 
+ static int
+-CheckKeyActions(XkbDescPtr xkb,
+-                xkbSetMapReq * req,
+-                int nTypes,
+-                CARD8 *mapWidths,
+-                CARD16 *symsPerKey, CARD8 **wireRtrn, int *nActsRtrn)
++CheckKeyActions(ClientPtr client,
++               XkbDescPtr xkb,
++               xkbSetMapReq * req,
++               int nTypes,
++               CARD8 *mapWidths,
++               CARD16 *symsPerKey, CARD8 **wireRtrn, int *nActsRtrn)
+ {
+     int nActs;
+     CARD8 *wire = *wireRtrn;
+@@ -1828,6 +1840,11 @@ CheckKeyActions(XkbDescPtr xkb,
+     CHK_REQ_KEY_RANGE2(0x21, req->firstKeyAct, req->nKeyActs, req, (*nActsRtrn),
+                        0);
+     for (nActs = i = 0; i < req->nKeyActs; i++) {
++        /* Check we received enough data to read the next byte on the wire */
++        if (!_XkbCheckRequestBounds(client, req, wire, wire + 1)) {
++            *nActsRtrn = _XkbErrCode3(0x24, i + req->firstKeyAct, i);
++            return 0;
++        }
+         if (wire[0] != 0) {
+             if (wire[0] == symsPerKey[i + req->firstKeyAct])
+                 nActs += wire[0];
+@@ -1846,7 +1863,8 @@ CheckKeyActions(XkbDescPtr xkb,
+ }
+ 
+ static int
+-CheckKeyBehaviors(XkbDescPtr xkb,
++CheckKeyBehaviors(ClientPtr client,
++                  XkbDescPtr xkb,
+                   xkbSetMapReq * req,
+                   xkbBehaviorWireDesc ** wireRtrn, int *errorRtrn)
+ {
+@@ -1872,6 +1890,11 @@ CheckKeyBehaviors(XkbDescPtr xkb,
+     }
+ 
+     for (i = 0; i < req->totalKeyBehaviors; i++, wire++) {
++        /* Check we received enough data to read the next behavior */
++        if (!_XkbCheckRequestBounds(client, req, wire, wire + 1)) {
++            *errorRtrn = _XkbErrCode3(0x36, first, i);
++            return 0;
++        }
+         if ((wire->key < first) || (wire->key > last)) {
+             *errorRtrn = _XkbErrCode4(0x33, first, last, wire->key);
+             return 0;
+@@ -1897,7 +1920,8 @@ CheckKeyBehaviors(XkbDescPtr xkb,
+ }
+ 
+ static int
+-CheckVirtualMods(XkbDescRec * xkb,
++CheckVirtualMods(ClientPtr client,
++                 XkbDescRec * xkb,
+                  xkbSetMapReq * req, CARD8 **wireRtrn, int *errorRtrn)
+ {
+     register CARD8 *wire = *wireRtrn;
+@@ -1909,12 +1933,18 @@ CheckVirtualMods(XkbDescRec * xkb,
+         if (req->virtualMods & bit)
+             nMods++;
+     }
++    /* Check we received enough data for the number of virtual mods expected */
++    if (!_XkbCheckRequestBounds(client, req, wire, wire + XkbPaddedSize(nMods))) {
++        *errorRtrn = _XkbErrCode3(0x37, nMods, i);
++        return 0;
++    }
+     *wireRtrn = (wire + XkbPaddedSize(nMods));
+     return 1;
+ }
+ 
+ static int
+-CheckKeyExplicit(XkbDescPtr xkb,
++CheckKeyExplicit(ClientPtr client,
++                 XkbDescPtr xkb,
+                  xkbSetMapReq * req, CARD8 **wireRtrn, int *errorRtrn)
+ {
+     register CARD8 *wire = *wireRtrn;
+@@ -1940,6 +1970,11 @@ CheckKeyExplicit(XkbDescPtr xkb,
+     }
+     start = wire;
+     for (i = 0; i < req->totalKeyExplicit; i++, wire += 2) {
++        /* Check we received enough data to read the next two bytes */
++        if (!_XkbCheckRequestBounds(client, req, wire, wire + 2)) {
++            *errorRtrn = _XkbErrCode4(0x54, first, last, i);
++            return 0;
++        }
+         if ((wire[0] < first) || (wire[0] > last)) {
+             *errorRtrn = _XkbErrCode4(0x53, first, last, wire[0]);
+             return 0;
+@@ -1995,7 +2030,8 @@ CheckModifierMap(ClientPtr client, XkbDescPtr xkb, xkbSetMapReq * req,
+ }
+ 
+ static int
+-CheckVirtualModMap(XkbDescPtr xkb,
++CheckVirtualModMap(ClientPtr client,
++                   XkbDescPtr xkb,
+                    xkbSetMapReq * req,
+                    xkbVModMapWireDesc ** wireRtrn, int *errRtrn)
+ {
+@@ -2019,6 +2055,11 @@ CheckVirtualModMap(XkbDescPtr xkb,
+         return 0;
+     }
+     for (i = 0; i < req->totalVModMapKeys; i++, wire++) {
++        /* Check we received enough data to read the next virtual mod map key */
++        if (!_XkbCheckRequestBounds(client, req, wire, wire + 1)) {
++            *errRtrn = _XkbErrCode3(0x74, first, i);
++            return 0;
++        }
+         if ((wire->key < first) || (wire->key > last)) {
+             *errRtrn = _XkbErrCode4(0x73, first, last, wire->key);
+             return 0;
+@@ -2563,7 +2604,7 @@ _XkbSetMapChecks(ClientPtr client, DeviceIntPtr dev, xkbSetMapReq * req,
+     }
+ 
+     if ((req->present & XkbKeyActionsMask) &&
+-        (!CheckKeyActions(xkb, req, nTypes, mapWidths, symsPerKey,
++        (!CheckKeyActions(client, xkb, req, nTypes, mapWidths, symsPerKey,
+                           (CARD8 **) &values, &nActions))) {
+         client->errorValue = nActions;
+         return BadValue;
+@@ -2571,18 +2612,18 @@ _XkbSetMapChecks(ClientPtr client, DeviceIntPtr dev, xkbSetMapReq * req,
+ 
+     if ((req->present & XkbKeyBehaviorsMask) &&
+         (!CheckKeyBehaviors
+-         (xkb, req, (xkbBehaviorWireDesc **) &values, &error))) {
++         (client, xkb, req, (xkbBehaviorWireDesc **) &values, &error))) {
+         client->errorValue = error;
+         return BadValue;
+     }
+ 
+     if ((req->present & XkbVirtualModsMask) &&
+-        (!CheckVirtualMods(xkb, req, (CARD8 **) &values, &error))) {
++        (!CheckVirtualMods(client, xkb, req, (CARD8 **) &values, &error))) {
+         client->errorValue = error;
+         return BadValue;
+     }
+     if ((req->present & XkbExplicitComponentsMask) &&
+-        (!CheckKeyExplicit(xkb, req, (CARD8 **) &values, &error))) {
++        (!CheckKeyExplicit(client, xkb, req, (CARD8 **) &values, &error))) {
+         client->errorValue = error;
+         return BadValue;
+     }
+@@ -2593,7 +2634,7 @@ _XkbSetMapChecks(ClientPtr client, DeviceIntPtr dev, xkbSetMapReq * req,
+     }
+     if ((req->present & XkbVirtualModMapMask) &&
+         (!CheckVirtualModMap
+-         (xkb, req, (xkbVModMapWireDesc **) &values, &error))) {
++         (client, xkb, req, (xkbVModMapWireDesc **) &values, &error))) {
+         client->errorValue = error;
+         return BadValue;
+     }
+-- 
+2.43.0
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
index 2f7edd16a19..110b3bbbdf0 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.18.bb
@@ -9,6 +9,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
             file://CVE-2026-34000.patch \
             file://CVE-2026-34001.patch \
             file://CVE-2026-34002.patch \
+            file://CVE-2026-34003-1.patch \
+            file://CVE-2026-34003-2.patch \
             "
 SRC_URI[sha256sum] = "c878d1930d87725d4a5bf498c24f4be8130d5b2646a9fd0f2994deff90116352"
 

[OE-core][scarthgap 15/30] setuptools3_legacy: ensure ${B} is clean

[Yoann Congal]

From: Ross Burton <ross.burton@arm.com>

We do builds in a separate directory in this class, so add it to cleandirs
to ensure that it is empty.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2575adeceedae72f6359c0a35ec5c5325a4ec363)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/classes-recipe/setuptools3_legacy.bbclass | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/classes-recipe/setuptools3_legacy.bbclass b/meta/classes-recipe/setuptools3_legacy.bbclass
index 264b1f5cfb1..45f567391db 100644
--- a/meta/classes-recipe/setuptools3_legacy.bbclass
+++ b/meta/classes-recipe/setuptools3_legacy.bbclass
@@ -17,6 +17,7 @@
 inherit setuptools3-base
 
 B = "${WORKDIR}/build"
+do_configure[cleandirs] = "${B}"
 
 SETUPTOOLS_BUILD_ARGS ?= ""
 SETUPTOOLS_INSTALL_ARGS ?= "--root=${D} \

[OE-core][scarthgap 16/30] setuptools3: clean the build directory in configure

[Yoann Congal]

From: Ross Burton <ross.burton@arm.com>

It's not currently possible to set the build tree to be somewhere we
control, but we know it will always be in the build directory alongside
the setup.py so we can [cleandirs] that.

MJ: helps with build/lib directory being added when a recipe is rebuilt
in the same WORKDIR multiple times, e.g.:

Just rebuilding python3-tqdm in the same TMPDIR after cherry-picking this:

$ buildhistory-diff -p buildhistory build-minus-1 | grep PKGSIZE
python3-google-auth/python3-google-auth: PKGSIZE changed from 11752510 to 1315694 (-89%)
python3-googleapis-common-protos/python3-googleapis-common-protos: PKGSIZE changed from 7108856 to 794024 (-89%)

$ wc -l python3-google-auth/2.29.0*/image/usr/lib/python3.12/site-packages/google_auth-2.29.0.dist-info/RECORD
  554 python3-google-auth/2.29.0-old/image/usr/lib/python3.12/site-packages/google_auth-2.29.0.dist-info/RECORD
   66 python3-google-auth/2.29.0/image/usr/lib/python3.12/site-packages/google_auth-2.29.0.dist-info/RECORD

$ wc -l python3-googleapis-common-protos/1.63.0*/image/usr/lib/python3.12/site-packages/googleapis_common_protos-1.63.0.dist-info/RECORD
  1166 python3-googleapis-common-protos/1.63.0-old/image/usr/lib/python3.12/site-packages/googleapis_common_protos-1.63.0.dist-info/RECORD
   134 python3-googleapis-common-protos/1.63.0/image/usr/lib/python3.12/site-packages/googleapis_common_protos-1.63.0.dist-info/RECORD

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
(cherry picked from commit f3854f4f60801e3b6788bee3a0a1850fc498d536)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/classes-recipe/setuptools3.bbclass | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/classes-recipe/setuptools3.bbclass b/meta/classes-recipe/setuptools3.bbclass
index d71a0895398..c4fd30020aa 100644
--- a/meta/classes-recipe/setuptools3.bbclass
+++ b/meta/classes-recipe/setuptools3.bbclass
@@ -15,6 +15,9 @@ SETUPTOOLS_SETUP_PATH ?= "${S}"
 setuptools3_do_configure() {
     :
 }
+# This isn't nice, but is the best solutions to ensure clean builds for now.
+# https://github.com/pypa/setuptools/issues/4732
+do_configure[cleandirs] = "${SETUPTOOLS_SETUP_PATH}/build"
 
 setuptools3_do_compile() {
         cd ${SETUPTOOLS_SETUP_PATH}

[OE-core][scarthgap 17/30] python_setuptools_build_meta: clean the build directory in configure

[Yoann Congal]

From: Ross Burton <ross.burton@arm.com>

It's not currently possible to set the build tree to be somewhere we
control, but we know it will always be in the build directory alongside
the pyproject.toml so we can [cleandirs] that.

MJ: this was later reverted in a532cb50151d773c1c351ffccf4d47a37f26f8aa:
  This is not needed: setuptools.build_meta does the build under a new
  temporary directory.

but the builds in scarthgap aren't using new temporary directory yet,
so this is still useful there:

Just rebuilding python3-tqdm in the same TMPDIR after cherry-picking this:

$ buildhistory-diff -p buildhistory build-minus-1 | grep PKGSIZE
python3-tqdm/python3-tqdm: PKGSIZE changed from 3309408 to 426880 (-87%)

$ wc -l python3-tqdm/4.66.3*/image/usr/lib/python3.12/site-packages/tqdm-4.66.3.dist-info/RECORD
  297 python3-tqdm/4.66.3-old/image/usr/lib/python3.12/site-packages/tqdm-4.66.3.dist-info/RECORD
   41 python3-tqdm/4.66.3/image/usr/lib/python3.12/site-packages/tqdm-4.66.3.dist-info/RECORD

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
(cherry picked from commit 383862cfe4c5acf04124080827c8bc6d00b2e86d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/classes-recipe/python_setuptools_build_meta.bbclass | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/classes-recipe/python_setuptools_build_meta.bbclass b/meta/classes-recipe/python_setuptools_build_meta.bbclass
index 4c84d1e8d0b..046b4ffb74f 100644
--- a/meta/classes-recipe/python_setuptools_build_meta.bbclass
+++ b/meta/classes-recipe/python_setuptools_build_meta.bbclass
@@ -7,3 +7,7 @@
 inherit setuptools3-base python_pep517
 
 DEPENDS += "python3-setuptools-native python3-wheel-native"
+
+# This isn't nice, but is the best solutions to ensure clean builds for now.
+# https://github.com/pypa/setuptools/issues/4732
+do_configure[cleandirs] = "${PEP517_SOURCE_PATH}/build"

[OE-core][scarthgap 18/30] oeqa/runtime/parselogs: update pci BAR ignore for kernel 6.10

[Yoann Congal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

The format of the pci BAR warnings we get on qemu boots has
changed in 6.10+ via the following kernel commit:

    commit dc4e6f21c3f844ebc1c52b6920b8ec5dfc73f4e8
    Author: Puranjay Mohan <puranjay@kernel.org>
    Date:   Sat Nov 6 16:56:06 2021 +0530

        PCI: Use resource names in PCI log messages

        Use the pci_resource_name() to get the name of the resource and use it
        while printing log messages.

        [bhelgaas: rename to match struct resource * names, also use names in other BAR messages]
        Link: https://lore.kernel.org/r/20211106112606.192563-3-puranjay12@gmail.com
        Signed-off-by: Puranjay Mohan <puranjay12@gmail.com>
        Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>

Since it doesn't appear that we can do regex's in parselogs
and the bar number is now in the middle of the message, we
go with a slightly wider format of the message to ignore.

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0a7126604b6536868600d43aff000a426384995c)
[YC: In scarthgap, the breaking backported commit is in >=6.6.130:
fffdb0fece19 ("PCI: Use resource names in PCI log messages")]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/lib/oeqa/runtime/cases/parselogs-ignores-qemuall.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/meta/lib/oeqa/runtime/cases/parselogs-ignores-qemuall.txt b/meta/lib/oeqa/runtime/cases/parselogs-ignores-qemuall.txt
index b0c0fc9ddf4..143db40d63b 100644
--- a/meta/lib/oeqa/runtime/cases/parselogs-ignores-qemuall.txt
+++ b/meta/lib/oeqa/runtime/cases/parselogs-ignores-qemuall.txt
@@ -13,6 +13,14 @@ FBIOPUT_VSCREENINFO failed, double buffering disabled
 # pci 0000:00:00.0: [Firmware Bug]: reg 0x20: invalid BAR (can't size)
 # pci 0000:00:00.0: [Firmware Bug]: reg 0x24: invalid BAR (can't size)
 invalid BAR (can't size)
+# 6.10+ the invalid BAR warnings are of this format:
+# pci 0000:00:00.0: [Firmware Bug]: BAR 0: invalid; can't size
+# pci 0000:00:00.0: [Firmware Bug]: BAR 1: invalid; can't size
+# pci 0000:00:00.0: [Firmware Bug]: BAR 2: invalid; can't size
+# pci 0000:00:00.0: [Firmware Bug]: BAR 3: invalid; can't size
+# pci 0000:00:00.0: [Firmware Bug]: BAR 4: invalid; can't size
+# pci 0000:00:00.0: [Firmware Bug]: BAR 5: invalid; can't size
+invalid; can't size
 
 # These should be reviewed to see if they are still needed
 wrong ELF class

[OE-core][scarthgap 19/30] linux-yocto/6.6: update to v6.6.129

[Yoann Congal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:

    4fc00fe35d46 Linux 6.6.129
    acf7c8972775 Revert "x86/kexec: add a sanity check on previous kernel's ima kexec buffer"
    682d8e2f892b Linux 6.6.128
    0ac0e02183c5 arm64: Fix sampling the "stable" virtual counter in preemptible section
    18845fb30921 drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros
    fe418ef21efd NTB: ntb_transport: Fix too small buffer for debugfs_name
    1cdff5d564fe tracing: Wake up poll waiters for hist files when removing an event
    e4e5026252b4 tracing: Fix checking of freed trace_event_file for hist files
    ad058a4317db net: nfc: nci: Fix parameter validation for packet data
    dc99b25ed4f7 arm64: Force the use of CNTVCT_EL0 in __delay()
    ad3640895956 x86/kexec: Copy ACPI root pointer address from config table
    9c735a7d98c9 net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash()
    1e300c33ef3c net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle
    6ccfcad1b582 ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR
    c854ab481ece cifs: some missing initializations on replay
    6a3ce8c8ad80 fbcon: Remove struct fbcon_display.inverse
    b6de6d481cc2 fbdev: ffb: fix corrupted video output on Sun FFB1
    3ed019654234 fbdev: of: display_timing: fix refcount leak in of_get_display_timings()
    e8c5d5f6cd66 fbdev: vt8500lcdfb: fix missing dma_free_coherent()
    a785c4e2a999 fbcon: check return value of con2fb_acquire_newinfo()
    632d233cf2e6 ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()
    e075ec9b08f8 atm: fore200e: fix use-after-free in tasklets during device removal
    9f8ad199844c net: intel: fix PCI device ID conflict between i40e and ipw2200
    6eb571a37631 io_uring/filetable: clamp alloc_hint to the configured alloc range
    0f4dcba31bf4 tracing: Fix to set write permission to per-cpu buffer_size_kb
    ec4445ae9e58 net: macb: Fix tx/rx malfunction after phy link down and up
    013ac469596a octeontx2-af: CGX: fix bitmap leaks
    0f85a9655445 net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean()
    63afc078bba6 net: ethernet: marvell: skge: remove incorrect conflicting PCI ID
    710657d3d31f LoongArch: Disable instrumentation for setup_ptwalker()
    6868bd64dc90 LoongArch: Guard percpu handler under !CONFIG_PREEMPT_RT
    a50371c6ad99 LoongArch: Prefer top-down allocation after arch_mem_init()
    bb1a54f7f011 LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE
    9efa154609cd ceph: supply snapshot context in ceph_zero_partial_object()
    103e9d1d43e6 MIPS: rb532: Fix MMIO UART resource registration
    953953abb66e cifs: Fix locking usage for tcon fields
    cc3f83b6fb37 staging: rtl8723bs: fix null dereference in find_network
    369d369ed08f parisc: kernel: replace kfree() with put_device() in create_tree_node()
    a19b61fdb958 PCI: Fix pci_slot_trylock() error handling
    65e794574069 net: cpsw_new: Fix unnecessary netdev unregistration in cpsw_probe() error path
    4857c37c7ba9 drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
    7a4fd19c567f tipc: fix RCU dereference race in tipc_aead_users_dec()
    8e875cf8851b mtd: rawnand: pl353: Fix software ECC support
    f5da4c24aa6d usb: dwc2: fix resume failure if dr_mode is host
    76c1123ffccf usb: dwc3: gadget: Move vbus draw to workqueue context
    aa8d68d97c7f scsi: ufs: core: Flush exception handling work when RPM level is zero
    d3e837e11ee9 perf/arm-cmn: Reject unsupported hardware configurations
    9bd98d088f47 remoteproc: imx_rproc: Fix invalid loaded resource table detection
    d99a08c2b4d5 btrfs: continue trimming remaining devices on failure
    41a09925ec68 arm64: Fix non-atomic __READ_ONCE() with CONFIG_LTO=y
    1047ca2d8169 PCI/IOV: Fix race between SR-IOV enable/disable and hotplug
    639265296fe6 Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV"
    cfccd3b8c51b kexec: derive purgatory entry from symbol
    bb273b68c171 ocfs2: fix reflink preserve cleanup issue
    649c2e853608 rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net()
    81c44a4bc168 mm/highmem: fix __kmap_to_page() build error
    1eabfd2c437b iio: gyro: itg3200: Fix unchecked return value in read_raw
    9d0ca11258e7 powerpc/smp: Add check for kcalloc() failure in parse_thread_groups()
    442f5db91317 tools: Fix bitfield dependency failure
    e4709950acd4 dm mpath: make pg_init_delay_msecs settable
    542dd6da35eb bus: fsl-mc: fix an error handling in fsl_mc_device_add()
    65f5a17b6d56 usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN
    22e460b6333a x86/kexec: add a sanity check on previous kernel's ima kexec buffer
    57c4fd0f4b02 nvmem: Drop OF node reference on nvmem_add_one_cell() failure
    13c1f31f777c nfsd: fix return error code for nfsd_map_name_to_[ug]id
    d92b8fac294b md/bitmap: fix GPF in write_page caused by resize race
    142b1bba3299 PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions
    708e20c66b27 KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2()
    a6f660d62bc1 xfs: fix remote xattr valuelblk check
    38613c01f69e xfs: fix freemap adjustments when adding xattrs to leaf blocks
    ffaf5c99d0f8 xfs: delete attr leaf freemap entries when empty
    e2e7c275f557 mfd: core: Add locking around 'mfd_of_node_list'
    01aed2f1d7cb iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode
    a5b1ddbe31f4 media: verisilicon: AV1: Fix tile info buffer size
    8be53110395e xfs: mark data structures corrupt on EIO and ENODATA
    297bb8b1db60 selftests/mm/charge_reserved_hugetlb: drop mount size for hugetlbfs
    aa5f25d55cda mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations
    8dcff1979381 drm: of: drm_of_panel_bridge_remove(): fix device_node leak
    52920a853381 media: venus: vdec: restrict EOS addr quirk to IRIS2 only
    225f2221b422 media: venus: vdec: fix error state assignment for zero bytesused
    272d44fa7bce arm64: dts: rockchip: Do not enable hdmi_sound node on Pinebook Pro
    ed36f6ae0039 dm-unstripe: fix mapping bug when there are multiple targets in a table
    fb49f209995f dm-integrity: fix recalculation in bitmap mode
    de7934627cc4 s390/pci: Handle futile config accesses of disabled devices directly
    1c7c87cf18da clk: tegra: tegra124-emc: Fix potential memory leak in tegra124_clk_register_emc()
    0f0809bfe4fa media: i2c: ov01a10: Fix digital gain range
    85cc6574f21b clk: clk-apple-nco: Add "apple,t8103-nco" compatible
    3880e331b0b3 KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation
    e113339cc7d2 soc: ti: pruss: Fix double free in pruss_clk_mux_setup()
    d451bf970a0c soc: ti: k3-socinfo: Fix regmap leak on probe failure
    7daf279c674d dm: clear cloned request bio pointer when last clone bio completes
    2d10a3dad8d6 dm-integrity: fix a typo in the code for write/discard race
    d03a29cb36d6 media: i2c: ov5647: use our own mutex for the ctrl lock
    089625cccd7e media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode
    c146483bad46 media: i2c: ov5647: Sensor should report RAW color space
    e5f4aad2627d media: i2c: ov5647: Correct minimum VBLANK value
    1f413dac763a media: i2c: ov5647: Correct pixel array offset
    cabd025182cf media: i2c: ov5647: Initialize subdev before controls
    c9af1818387f media: ccs: Avoid possible division by zero
    0c074e80921f media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()
    8de39720e7a3 media: i2c: ov01a10: Fix test-pattern disabling
    a14a3cef8017 media: i2c: ov01a10: Add missing v4l2_subdev_cleanup() calls
    567a03fe8d08 media: i2c: ov01a10: Fix analogue gain range
    e2f6d78dc3a8 media: i2c: ov01a10: Fix reported pixel-rate value
    bb2b049f75f1 media: i2c: ov01a10: Fix the horizontal flip control
    ccb92def042a media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
    9cb9eca33d20 media: i2c/tw9903: Fix potential memory leak in tw9903_probe()
    046c5db6bbba media: cx25821: Add missing unmap in snd_cx25821_hw_params()
    544215cc37d0 media: cx23885: Add missing unmap in snd_cx23885_hw_params()
    10ab64f8efc2 media: cx88: Add missing unmap in snd_cx88_hw_params()
    27c508f61963 media: radio-keene: fix memory leak in error path
    dd8508820246 media: verisilicon: AV1: Set IDR flag for intra_only frame type
    8305902ac038 arm64: dts: apple: t8112-j473: Keep the HDMI port powered on
    b74bf7d0d01f HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()
    3f1b21cc67a1 HID: prodikeys: Check presence of pm->input_ep82
    243e1165eb03 HID: magicmouse: Do not crash on missing msc->input
    449004434e1f HID: hid-pl: handle probe errors
    cad7442ff23b arm64: Disable branch profiling for all arm64 code
    deb8f6dfd31d KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding
    275e15fd1cf7 ARM: omap2: Fix reference count leaks in omap_control_init()
    b44eb959159f media: verisilicon: AV1: Fix tx mode bit setting
    8ad7e6ea46a9 media: verisilicon: AV1: Fix enable cdef computation
    564fd3a63efc media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
    12cafc15d246 media: mtk-mdp: Fix error handling in probe function
    637510cb5bed media: mediatek: encoder: Fix uninitialized scalar variable issue
    031f2adc1499 dm-verity: correctly handle dm_bufio_client_create() failure
    a9ddc035050a fpga: dfl: use subsys_initcall to allow built-in drivers to be added
    d6f5aed42760 ASoC: SOF: ipc4-control: Keep the payload size up to date
    e1dd7092fa8f ASoC: SOF: ipc4-control: Use the correct size for scontrol->ipc_control_data
    59fe643f21b9 ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls
    3a5a4b066329 ASoC: SOF: ipc4-control: If there is no data do not send bytes update
    955e2d6e5e0a clk: renesas: rzg2l: Select correct div round macro
    a4be3b90ba9d clk: renesas: rzg2l: Fix intin variable size
    90c8353f4718 rpmsg: core: fix race in driver_override_show() and use core helper
    7ef82863d422 netfilter: nf_conntrack_h323: fix OOB read in decode_choice()
    b690635d4719 dpaa2-switch: validate num_ifs to prevent out-of-bounds write
    9ac6aebef4b4 net: consume xmit errors of GSO frames
    175881094756 net/mlx5: Fix missing devlink lock in SRIOV enable error path
    54fb0577ebe7 net/mlx5: DR, Fix circular locking dependency in dump
    b324327ff6f4 RDMA/umem: Fix double dma_buf_unpin in failure path
    35854ed5c40b net: usb: pegasus: enable basic endpoint checking
    df001db47708 RDMA/efa: Fix typo in efa_alloc_mr()
    337d7b4112a4 net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets
    52d469319ced RDMA/core: Fix stale RoCE GIDs during netdev events at registration
    0b7d596da5de tipc: fix duplicate publication key in tipc_service_insert_publ()
    481ea39b342c Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ
    efcdb4da480c Bluetooth: L2CAP: Fix not checking output MTU is acceptable on L2CAP_ECRED_CONN_REQ
    1a138921ce56 Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ
    1d93a369b5aa Bluetooth: hci_qca: Cleanup on all setup failures
    7247f340f824 Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ
    2983b39f8c0d Remove WARN_ALL_UNSEEDED_RANDOM kernel config option
    1f40fde29349 wifi: cfg80211: wext: fix IGTK key ID off-by-one
    322437972f0a net: ethernet: xscale: Check for PTP support properly
    854f5997df49 net: ixp4xx_eth: convert to ndo_hwtstamp_get() and ndo_hwtstamp_set()
    19f359963ae8 net: usb: lan78xx: scan all MDIO addresses on LAN7801
    ef9b10a02050 net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode
    166801e49a5b xfrm: always flush state and policy upon NETDEV_UNREGISTER event
    56d5c0557e53 ipmi: ipmb: initialise event handler read bytes
    f13e4fe961a7 xfrm: skip templates check for packet offload tunnel mode
    719918fc88df xfrm6: fix uninitialized saddr in xfrm6_get_saddr()
    d0559d07afab ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut
    85c9daa1f831 ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access
    a4557dc20df4 rtc: zynqmp: correct frequency value
    61bd8787c605 drm/amd/display: Remove conditional for shaper 3DLUT power-on
    0b284a7ce311 btrfs: replace BUG() with error handling in __btrfs_balance()
    8995fc0e00b3 ALSA: usb-audio: Add sanity check for OOB writes at silencing
    6a997eb80644 drm/radeon: Add HAINAN clock adjustment
    5b9af0342402 drm/amdgpu: Add HAINAN clock adjustment
    c26bde6301f2 ALSA: usb-audio: Update the number of packets properly at receiving
    d2e92247b24a drm/amdgpu: Adjust usleep_range in fence wait
    068dee782c8c drm/amd/display: Avoid updating surface with the same surface under MPO
    1a7f1116c7f8 ARM: 9467/1: mm: Don't use %pK through printk
    44373b1e9c12 include: uapi: netfilter_bridge.h: Cover for musl libc
    9f33e83c8393 thermal: int340x: Fix sysfs group leak on DLVR registration failure
    e1dc45d97975 libceph: define and enforce CEPH_MAX_KEY_LEN
    a87a445ac1d9 ceph: supply snapshot context in ceph_uninline_data()
    2f5c626ea792 fs/ntfs3: avoid calling run_get_entry() when run == NULL in ntfs_read_run_nb_ra()
    ad0d779cdc26 fs/ntfs3: drop preallocated clusters for sparse and compressed files
    8d8c70b57dbe fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST
    af839013c70a fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata
    68e32694be23 fs: ntfs3: check return value of indx_find to avoid infinite loop
    6dedf0369f2a MIPS: Loongson: Make cpumask_of_node() robust against NUMA_NO_NODE
    da08099d5f7a iio: magnetometer: Remove IRQF_ONESHOT
    53f2152b48d5 iio: Use IRQF_NO_THREAD
    be5465701341 Revert "mfd: da9052-spi: Change read-mask to write-mask"
    dc3bc979814b phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature
    afb941338c8e phy: mvebu-cp110-utmi: fix dr_mode property read from dts
    d476130e53d3 watchdog: imx7ulp_wdt: handle the nowayout option
    0883ddd583ed binder: don't use %pK through printk
    1d7120244b54 fix it87_wdt early reboot by reporting running timer
    4ff5ab3e7141 serial: 8250: 8250_omap.c: Clear DMA RX running status only after DMA termination is done
    8311bb40698b staging: rtl8723bs: fix memory leak on failure path
    03a2f7f9864c misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66
    ece3722169ba misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read()
    c219c20cc357 dmaengine: stm32-mdma: initialize m2m_hw_period and ccr to fix warnings
    f89324e2e09d dmaengine: sun6i: Choose appropriate burst length under maxburst
    f9305dda5015 fpga: of-fpga-region: Fail if any bridge is missing
    b2bbcaa36c1a usb: typec: ucsi: psy: Fix voltage and current max for non-Fixed PDOs
    32ccda4895ba serial: 8250_dw: handle clock enable errors in runtime_resume
    52b42c24750a staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure
    cd496527efa8 soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded of NUC15)
    3be7beef4a05 m68k: nommu: fix memmove() with differently aligned src and dest for 68000
    6ce681cf8082 clk: microchip: core: correct return value on *_get_parent()
    e2809ad08252 mailbox: sprd: clear delivery flag before handling TX done
    4c4679b31b9d remoteproc: mediatek: Break lock dependency to `prepare_lock`
    332fb842181e mailbox: sprd: mask interrupts that are not handled
    17ee46882b3e mailbox: imx: Skip the suspend flag for i.MX7ULP
    51edcbd17c8d mailbox: pcc: Remove spurious IRQF_ONESHOT usage
    f720e653aa1a remoteproc: imx_dsp_rproc: Skip RP_MBOX_SUSPEND_SYSTEM when mailbox TX channel is uninitialized
    cb6c4aa73491 tracing: Fix false sharing in hwlat get_sample()
    9566c87101b2 vhost: fix caching attributes of MMIO regions by setting them explicitly
    f1bf5ebd5fda scsi: buslogic: Reduce stack usage
    d16337560750 hisi_acc_vfio_pci: update status after RAS error
    559e227b1df7 ata: libata: avoid long timeouts on hot-unplugged SATA DAS
    55de264a4d32 RDMA/rtrs-clt: For conn rejection use actual err number
    3819890d6ab2 nfc: nxp-nci: remove interrupt trigger type
    392e3d44841d myri10ge: avoid uninitialized variable use
    6e2a6100ac5b PCI: Mark Nvidia GB10 to avoid bus reset
    846b226065fe PCI: Add ACS quirk for Qualcomm Hamoa & Glymur
    ec494c0260bf PCI: Enable ACS after configuring IOMMU for OF platforms
    a2376e912723 PCI: Fix pci_slot_lock () device locking
    f5ea62163a78 PCI: Mark ASM1164 SATA controller to avoid bus reset
    391200c274e9 net/rds: Clear reconnect pending bit
    f713dcd2ce83 vmw_vsock: bypass false-positive Wnonnull warning with gcc-16
    7a8acafd45a9 net: usb: sr9700: remove code to drive nonexistent multicast filter
    87465580215c wifi: ath10k: fix lock protection in ath10k_wmi_event_peer_sta_ps_state_chg()
    b015d4c70c9a wifi: rtw89: pci: restore LDO setting after device resume
    d9b549b6951b octeontx2-af: Workaround SQM/PSE stalls by disabling sticky
    37f4e6804d98 Bluetooth: btusb: Add device ID for Realtek RTL8761BU
    c051ef2f61f4 Bluetooth: btusb: Add new VID/PID for RTL8852CE
    07960da05c0d Bluetooth: hci_conn: use mod_delayed_work for active mode timeout
    c06dbfd954c9 Bluetooth: hci_conn: Set link_policy on incoming ACL connections
    9eaeba5600e5 ipv4: fib: Annotate access to struct fib_alias.fa_state.
    31d4bb68f436 wifi: iwlegacy: add missing mutex protection in il3945_store_measurement()
    941e3066441c wifi: iwlegacy: add missing mutex protection in il4965_store_tx_power()
    2ace7ac88cb0 net: hns3: extend HCLGE_FD_AD_QID to 11 bits
    d5cd3bb7794e ipv4: igmp: annotate data-races around idev->mr_maxdelay
    ab2848d3783a gro: change the BUG_ON() in gro_pull_from_frag0()
    f0f729bdffb0 net/rds: No shortcut out of RDS_CONN_ERROR
    db62e9f44838 wifi: iwlwifi: mvm: check the validity of noa_len
    116bc0980e91 net: usb: r8152: fix transmit queue timeout
    f4bf64072c36 openrisc: define arch-specific version of nop()
    07a9b32eaae7 netfilter: xt_tcpmss: check remaining length before reading optlen
    89f50775d883 netfilter: nf_conntrack: Add allow_clash to generic protocol handler
    99c75e53cec0 ext4: mark group extend fast-commit ineligible
    0d5fcb063cda ext4: move ext4_percpu_param_init() before ext4_mb_init()
    83b074b69022 ext4: mark group add fast-commit ineligible
    46ed4e9c8d30 ipv6: exthdrs: annotate data-race over multiple sysctl
    55170230de66 ipv6: annotate data-races in ip6_multipath_hash_{policy,fields}()
    f73528f140f1 wifi: ath12k: fix preferred hardware mode calculation
    c5547727bd1c wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1
    ddfe47664cc6 PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port
    d880c9b73890 wifi: rtw89: wow: add reason codes for disassociation in WoWLAN mode
    f2f65b28d802 iommu/amd: move wait_on_sem() out of spinlock
    5bfb25495e39 wifi: libertas: fix WARNING in usb_tx_block
    9ff4843e6ea3 iommu/arm-smmu-v3: Improve CMDQ lock fairness and efficiency
    4f9e7ca933a9 dm: remove fake timeout to avoid leak request
    df379f57c2cd dm: replace -EEXIST with -EBUSY
    dd181178c245 wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H
    a96d161cfdb1 wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()
    9fdce77e38c1 wifi: rtw88: fix DTIM period handling when conf->dtim_period is zero
    f70fcbc2ac7c jfs: nlink overflow in jfs_rename
    68f7fc769243 jfs: Add missing set_freezable() for freezable kthread
    34506cb119bb ALSA: usb-audio: Add iface reset and delay quirk for AB13X USB Audio
    8fb5c4c979ae modpost: Amend ppc64 save/restfpr symnames for -Os build
    fecfe41f7ed0 ASoC: es8328: Add error unwind in resume
    18c67fb3750b hwmon: (f71882fg) Add F81968 support
    f8ddbe303419 hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE
    2d48f60307e6 ASoC: codecs: max98390: Check return value of devm_gpiod_get_optional() in max98390_i2c_probe()
    3383271464b7 spi: spi-mem: Protect dirmap_create() with spi_mem_access_start/end
    19513daa8d13 ASoC: sunxi: sun50i-dmic: Add missing check for devm_regmap_init_mmio
    d1b6536ac20d gpio: aspeed-sgpio: Change the macro to support deferred probe
    98c0e07dc7d6 ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie 15X Pro
    49afc2e5bfae HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK
    4df1e6252d07 HID: multitouch: add eGalaxTouch EXC3188 support
    876bb1eabdb1 media: rkisp1: Fix filter mode register configuration
    ac2d898da509 drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release
    80b8b0df370f drm/atmel-hlcdc: don't reject the commit if the src rect has fractional parts
    ec40702029b0 drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback
    af67b50311e7 virt: vbox: uapi: Mark inner unions in packed structs as packed
    34eae7e0ab61 hyper-v: Mark inner union in hv_kvp_exchg_msg_value as packed
    bbfaa5761f58 drm: Account property blob allocations to memcg
    e97de3e924b3 drm/amdkfd: Fix GART PTE for non-4K pagesize in svm_migrate_gart_map()
    30aaed311f97 media: v4l2-async: Fix error handling on steps after finding a match
    4010e596d23c media: cx25821: Fix a resource leak in cx25821_dev_setup()
    33af366211ee media: solo6x10: Check for out of bounds chip_id
    4ba5c7a1aade media: pvrusb2: fix URB leak in pvr2_send_request_ex
    45d9a0cd1b88 media: adv7180: fix frame interval in progressive mode
    f5a5a824f0ac media: amphion: Clear last_buffer_dequeued flag for DEC_CMD_START
    81bc7d5e7897 spi: spi-mem: Limit octal DTR constraints to octal DTR situations
    822530fb85d8 ASoC: wm8962: Don't report a microphone if it's shorted to ground on plug
    21f6e02a1910 ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask
    04184bcb50f5 HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple keyboards
    55462d16cb9c drm/amdgpu: avoid a warning in timedout job handler
    40e0b938db37 drm/amdgpu: add support for HDP IP version 6.1.1
    b0d35bc9c159 media: mediatek: vcodec: Don't try to decode 422/444 VP9
    38ef3e1e1e9b media: omap3isp: set initial format
    d490523d2374 media: omap3isp: isppreview: always clamp in preview_try_format()
    a9d1d7d27151 media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes
    2663ef70c612 drm/v3d: Set DMA segment size to avoid debug warnings
    50e8aac244e7 spi: stm32: fix Overrun issue at < 8bpw
    8b971c21603a media: dvb-core: dmxdevfilter must always flush bufs
    b2a97f2259f6 spi-geni-qcom: use xfer->bits_per_word for can_dma()
    5d0814ad6654 spi-geni-qcom: initialize mode related registers to 0
    ac9a7c329a56 drm/display/dp_mst: Add protection against 0 vcpi
    afa0bfe1437d parisc: Prevent interrupts during reboot
    12535a5d5d64 arm64: tegra: smaug: Add usb-role-switch support
    1da904e84de6 pstore: ram_core: fix incorrect success return when vmap() fails
    a4345acbe390 char: tpm: cr50: Remove IRQF_ONESHOT
    3e656f767407 mailbox: bcm-ferxrm-mailbox: Use default primary handler
    7b9394e49720 crypto: hisilicon/qm - move the barrier before writing to the mailbox register
    5f007c6acaa7 PCI/MSI: Unmap MSI-X region on error
    f557c206c32e clocksource/drivers/timer-integrator-ap: Add missing Kconfig dependency on OF
    6f113ab549b8 clocksource/drivers/sh_tmu: Always leave device running after probe
    c8a34bceefbc bpf: verifier improvement in 32bit shift sign extension pattern
    47bbd0cb7db3 sparc: don't reference obsolete termio struct for TC* constants
    6aa04820dbfe sparc: Synchronize user stack on fork and clone
    648aa7ce0bd8 blk-mq-debugfs: add missing debugfs_mutex in blk_mq_debugfs_register_hctxs()
    9150176cbf71 xenbus: Use .freeze/.thaw to handle xenbus devices
    2050a5cff32c perf/cxlpmu: Replace IRQF_ONESHOT with IRQF_NO_THREAD
    84a17b7b292d s390/perf: Disable register readout on sampling events
    bafd4aa1908a cpufreq: dt-platdev: Block the driver from probing on more QC platforms
    a61c1bc84c4a md-cluster: fix NULL pointer dereference in process_metadata_update
    b4a0b646cc28 ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP
    01e8751b37a3 ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4()
    64eb63f573f4 EFI/CPER: don't go past the ARM processor CPER record buffer
    e0ec99115e13 APEI/GHES: ensure that won't go past CPER allocated record
    5a9b1dda8481 EFI/CPER: don't dump the entire memory region
    6ea4b7bc2e7b x86/xen/pvh: Enable PAE mode for 32-bit guest only when CONFIG_X86_PAE is set
    30868a6a5238 rnbd-srv: Zero the rsp buffer before using it
    fd7e360845d3 arm64: Add support for TSV110 Spectre-BHB mitigation
    94ab05af1d96 perf/arm-cmn: Support CMN-600AE
    61cd0b287fb9 s390/purgatory: Add -Wno-default-const-init-unsafe to KBUILD_CFLAGS
    7823e09a68b5 tools/power cpupower: Reset errno before strtoull()
    93e8e3ee165a smb: client: prevent races in ->query_interfaces()
    e428670cfb29 gfs2: fiemap page fault fix
    048b58edc57d smb: client: add proper locking around ses->iface_last_update
    8b5dcfa97bf3 btrfs: handle user interrupt properly in btrfs_trim_fs()
    2bb588cede1c minix: Add required sanity checking to minix_check_superblock()
    43ccadb866de i3c: master: svc: Initialize 'dev' to NULL in svc_i3c_master_ibi_isr()
    de9affb698d5 hfsplus: pretend special inodes as regular files
    f5d27ad99fca audit: add missing syscalls to read class
    c1b6227555c5 fs/buffer: add alert in try_to_free_buffers() for folios without buffers
    bccd4ebbdac3 hfsplus: fix volume corruption issue for generic/498
    91e27bc79c3b audit: add fchmodat2() to change attributes class
    4bde6678bc54 rtc: interface: Alarm race handling should not discard preceding error
    4927e2d29b74 libperf build: Always place libperf includes first
    5cf6e76e4f4f libperf: Don't remove -g when EXTRA_CFLAGS are used
    66e9b70c64df libsubcmd: Fix null intersection case in exclude_cmds()
    56042755b72f perf callchain: Fix srcline printing with inlines
    eddddf4ed7f6 perf unwind-libdw: Fix invalid reference counts
    985d844a5997 perf test stat tests: Fix for virtualized machines
    fa99e8717a68 perf test stat: Update test expectations and events
    8f36abf181c2 ASoC: dt-bindings: asahi-kasei,ak5558: Fix the supply names
    f939f666ec02 ASoC: dt-bindings: asahi-kasei,ak4458: Fix the supply names
    ce18fa88b154 ASoC: dt-bindings: asahi-kasei,ak4458: set unevaluatedProperties:false
    655c9ba9915f SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path
    df10f23defff SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths
    97503a852d3b ata: libata-scsi: refactor ata_scsi_translate()
    51680e9a1680 ata: pata_ftide010: Fix some DMA timings
    f18f70123962 ext4: use optimized mballoc scanning regardless of inode format
    4a79fde8db7e ext4: fix memory leak in ext4_ext_shift_extents()
    93b2ebbbcb2e ext4: don't cache extent during splitting extent
    c0155dee51b9 MIPS: Work around LLVM bug when gp is used as global register variable
    c941c268ad00 drm/amd/display: Use same max plane scaling limits for all 64 bpp formats
    da0959402742 ASoC: rockchip: i2s-tdm: Use param rate if not provided by set_sysclk
    5fed5f6c6a02 x86/hyperv: Fix error pointer dereference
    1ee1d006c9fe btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found
    b7bc182ec184 efi: Fix reservation of unaccepted memory table
    3222c8020aeb s390/kexec: Make KEXEC_SIG available when CONFIG_MODULES=n
    9e5cb7e67fbd spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe()
    a98d73dcc339 spi: wpcm-fiu: Simplify with dev_err_probe()
    978137e940de spi: wpcm-fiu: Fix uninitialized res
    87e463136302 spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname()
    971bf8e61e9b drm/amdkfd: Fix watch_id bounds checking in debug address watch v2
    17e94789c216 drm/amdkfd: fix debug watchpoints for logical devices
    e975148b2c29 ASoC: codecs: aw88261: Fix erroneous bitmask logic in Awinic init
    3a2f5a21285b drm/i915/acpi: free _DSM package when no connectors
    29b2fbe3498d ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()
    f8a5426652bd drm/amdgpu: Fix memory leak in amdgpu_ras_init()
    e87c73a80a12 drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()
    8dc6beca70f0 apparmor: fix aa_label to return state from compount and component match
    b25298e89a29 apparmor: fix invalid deref of rawdata when export_binary is unset
    dbbe0a2e3e4b apparmor: make label_match return a consistent value
    0563743d3f70 apparmor: remove apply_modes_to_perms from label_match
    32928c1749e8 apparmor: refcount the pdb
    f89b657e1785 apparmor: provide separate audit messages for file and policy checks
    e78e00cf9eba apparmor: use passed in gfp flags in aa_alloc_null()
    1f736dfe27c8 apparmor: fix rlimit for posix cpu timers
    24bb7d11dc30 apparmor: return -ENOMEM in unpack_perms_table upon alloc failure
    0dc19bca2260 apparmor: fix NULL sock in aa_sock_file_perm
    a4ff9e4f4ad4 net/mlx5: Fix multiport device check over light SFs
    f94a0de7b9f3 bonding: alb: fix UAF in rlb_arp_recv during bond up/down
    8bc48c4fb636 octeontx2-af: Fix default entries mcam entry action
    3f483a90634d inet: move icmp_global_{credit,stamp} to a separate cache line
    c9141a794fdc cache: add __cacheline_group_{begin, end}_aligned() (+ couple more)
    8dacf34eb427 netns-ipv4: reorganize netns_ipv4 fast path variables
    1402ebe132a9 cache: enforce cache groups
    4ec8a98b3dc3 tcp: Set pingpong threshold via sysctl
    b4d5e97679bc tcp: defer regular ACK while processing socket backlog
    22023ffad74c icmp: prevent possible overflow in icmp_global_allow()
    b0da61015db2 icmp: icmp_msgs_per_sec and icmp_msgs_burst sysctls become per netns
    e0987b6c3b34 icmp: move icmp_global.credit and icmp_global.stamp to per netns storage
    19c7d8ac5198 macvlan: observe an RCU grace period in macvlan_common_newlink() error path
    b5c84070333a ping: annotate data-races in ping_lookup()
    6b6b2fbd66d8 bpftool: Fix truncated netlink dumps
    db4636748c22 ipv6: fix a race in ip6_sock_set_v6only()
    7017745068a9 netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
    9464ca7a6e56 net: remove WARN_ON_ONCE when accessing forward path array
    60e921703943 netfilter: nf_conntrack_h323: don't pass uninitialised l3num value
    f199874c199b selftests: forwarding: vxlan_bridge_1d_ipv6: fix test failure with br_netfilter enabled
    3c2b767a8ae2 selftests: forwarding: vxlan_bridge_1d: fix test failure with br_netfilter enabled
    d0fdad1bdd21 net: bridge: mcast: always update mdb_n_entries for vlan contexts
    779a9ae0ef22 net/rds: rds_sendmsg should not discard payload_len
    88b0fced1bbb xen-netback: reject zero-queue configuration from guest
    163d04897e57 net: usb: catc: enable basic endpoint checking
    b067e6c7973b net: sparx5/lan969x: fix PTP clock max_adj value
    bcc60ad129ae ipv6: Fix out-of-bound access in fib6_add_rt2node().
    cc1b179f778f net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj()
    357a3544a385 net: mscc: ocelot: split xmit into FDMA and register injection paths
    487fac2388ad net: mscc: ocelot: extract ocelot_xmit_timestamp() helper
    d6f03772d9c0 net: sparx5/lan969x: fix DWRR cost max to match hardware register width
    9eefda7a03ef selftests: mlxsw: tc_restrictions: Fix test failure with new iproute2
    5c577ac939bc cpuidle: Skip governor when only one idle state is available
    7bb9178df6f0 ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO
    d389943443c5 selftests/memfd: use IPC semaphore instead of SIGSTOP/SIGCONT
    2efc98314a61 selftests/memfd: delete unused declarations
    d809ee17c0d1 kbuild: Add objtool to top-level clean target
    e156a104ba26 powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version check
    727992102836 ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online CPUs
    a584b9d1059b fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot
    71c8b966ec56 fs/ntfs3: prevent infinite loops caused by the next valid being the same
    fb2d7c30d030 io_uring/cancel: de-unionize file and user_data in struct io_cancel_data
    533d495f15e4 dmaengine: fsl-edma: don't explicitly disable clocks in .remove()
    592833ea0051 dmaengine: fsl-edma-main: Convert to platform remove callback returning void
    a489f1fd52bc backlight: qcom-wled: Change PM8950 WLED configurations
    82f2eaab2f94 backlight: qcom-wled: Support ovp values for PMI8994
    97790c9b255d leds: qcom-lpg: Check the return value of regmap_bulk_write()
    99cc7352156c pinctrl: single: fix refcount leak in pcs_add_gpio_func()
    eccf17c0a801 pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition
    e8e960c3d23f iio: sca3000: Fix a resource leak in sca3000_probe()
    43b6f69e1806 ovl: Fix uninit-value in ovl_fill_real
    d26685b2d9ad pinctrl: equilibrium: Fix device node reference leak in pinbank_init()
    4f531b1a5468 usb: bdc: fix sleep during atomic
    c5bde5357e10 drivers: iio: mpu3050: use dev_err_probe for regulator request
    29040d42d641 mfd: simple-mfd-i2c: Add Delta TN48M CPLD support
    fd1a3a0b98a9 mfd: simple-mfd-i2c: Keep compatible strings in alphabetical order
    d9e5d3e1924a mfd: simple-mfd-i2c: Add SpacemiT P1 support
    07fb61ff35fd mfd: simple-mfd-i2c: Add compatible strings for Layerscape QIXIS FPGA
    b07aa526d053 mfd: simple-mfd-i2c: Add MAX77705 support
    3ea01691738b mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure
    9c858ef369bb Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms"
    b359ca27c589 coresight: etm3x: Fix cpulocked warning on cpuhp
    2fad88d7760c watchdog: starfive-wdt: Fix PM reference leak in probe error path
    7281a0c907cc iio: pressure: mprls0025pa: fix scan_type struct
    6dd1e95cc554 mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms
    24ec8015beca serial: SH_SCI: improve "DMA support" prompt
    c233e1e81873 serial: imx: change SERIAL_IMX_CONSOLE to bool
    65f2c608096d staging: greybus: lights: avoid NULL deref
    e230aee60444 dma: dma-axi-dmac: fix SW cyclic transfers
    6be32baf6541 dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX
    06c8ed283635 clk: mediatek: Fix error handling in runtime PM setup
    547ae2f17349 clk: qcom: gfx3d: add parent to parent request map
    bb5de8aca640 clk: qcom: dispcc-sdm845: Enable parents for pixel clocks
    ae56e2c27f6d clk: Move clk_{save,restore}_context() to COMMON_CLK section
    d81b51c8a7ed clk: qcom: gcc-ipq5018: flag sleep clock as critical
    048fbee3e431 clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc
    df1c437bfca4 clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc
    915e7579855e clk: qcom: gcc-qdu1000: Update the SDCC RCGs to use shared_floor_ops
    d31b1b143819 clk: qcom: gcc-sdx75: Update the SDCC RCGs to use shared_floor_ops
    45a013dabc5f clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops
    ac003c1a80d9 clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs
    1e1664eb6f24 clk: qcom: rcg2: compute 2d using duty fraction directly
    8cb92d27454e clk: qcom: gcc-sm8550: Use floor ops for SDCC RCGs
    3e5349e54113 fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()
    68dae7b64c31 fbdev: of_display_timing: Fix device node reference leak in of_get_display_timings()
    ca81f7811dfe tracing: Remove duplicate ENABLE_EVENT_STR and DISABLE_EVENT_STR macros
    7e6556e9329b tracing: Properly process error handling in event_hist_trigger_parse()
    aa6e847e2795 fs/nfs: Fix readdir slow-start regression
    c1f244f7868c nvdimm: virtio_pmem: serialize flush requests
    25d623f0d77c scsi: csiostor: Fix dereference of null pointer rn
    94a6c85a68bc scsi: ufs: host: mediatek: Require CONFIG_PM
    fdf1188cfa80 scsi: smartpqi: Fix memory leak in pqi_report_phys_luns()
    8e3d91135417 pNFS: fix a missing wake up while waiting on NFS_LAYOUT_DRAIN
    34276d267742 RDMA/uverbs: Add __GFP_NOWARN to ib_uverbs_unmarshall_recv() kmalloc
    685163733ed1 power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer
    d2a6ca4c0748 mtd: spinand: Fix kernel doc
    9fbbd62436ce mtd: parsers: ofpart: fix OF node refcount leak in parse_fixed_partitions()
    5f1a84bb4a95 cxl: Fix premature commit_end increment on decoder commit failure
    db830aea65e4 RDMA/core: add rdma_rw_max_sge() helper for SQ sizing
    6faf28106ea1 svcrdma: Reduce the number of rdma_rw contexts per-QP
    63a45e2a1264 svcrdma: Increase the per-transport rw_ctx count
    46ccddede7be svcrdma: Clean up comment in svc_rdma_accept()
    4965711d22a0 svcrdma: Remove queue-shortening warnings
    91cb7ff68604 RDMA/core: Fix a couple of obvious typos in comments
    756c93d6df7c RDMA/rxe: Fix race condition in QP timer handlers
    bf1feed1a788 RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send
    0f5e62ea5c43 mtd: parsers: Fix memory leak in mtd_parser_tplink_safeloader_parse()
    1733d168099e crypto: ccp - Send PSP_CMD_TEE_RING_DESTROY when PSP_CMD_TEE_RING_INIT fails
    2abf05a122cf crypto: ccp - Factor out ring destroy handling to a helper
    b2e7e269aba9 crypto: ccp - Move direct access to some PSP registers out of TEE
    54541017ac6a crypto: ccp - Add an S4 restore flow
    21f422a86ded mtd: rawnand: cadence: Fix return type of CDMA send-and-wait helper
    bc779d426ef1 tools/power/x86/intel-speed-select: Fix file descriptor leak in isolate_cpus()
    26793db60925 RDMA/rxe: Fix double free in rxe_srq_from_init
    9a0323f5e54e RDMA/rtrs-srv: fix SG mapping
    86183153c299 power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed()
    3af85f239648 power: supply: bq27xxx: fix wrong errno when bus ops are unsupported
    7ac6501b587c power: reset: nvmem-reboot-mode: respect cell size for nvmem_cell_write
    2078830c32d1 power: supply: sbs-battery: Fix use-after-free in power_supply_changed()
    af261f218a76 power: supply: rt9455: Fix use-after-free in power_supply_changed()
    77ea437faa4c power: supply: goldfish: Fix use-after-free in power_supply_changed()
    cbb9b07f88a9 power: supply: cpcap-battery: Fix use-after-free in power_supply_changed()
    0de95d29d847 power: supply: bq25980: Fix use-after-free in power_supply_changed()
    cb5c743936ed power: supply: bq256xx: Fix use-after-free in power_supply_changed()
    697bb5dc0cb4 power: supply: act8945a: Fix use-after-free in power_supply_changed()
    f50433f2603d power: supply: ab8500: Fix use-after-free in power_supply_changed()
    2ad50784c9eb RDMA/hns: Notify ULP of remaining soft-WCs during reset
    70a5eb757ace RDMA/hns: Fix WQ_MEM_RECLAIM warning
    2fb573fa9d71 IB/cache: update gid cache on client reregister event
    04b41f1d0e33 RDMA/rtrs: server: remove dead code
    d858a1d814d3 octeontx2-pf: Unregister devlink on probe failure
    320b54651a59 ionic: Rate limit unknown xcvr type messages
    69042a930eae octeon_ep: ensure dbell BADDR updation
    664355e6f130 octeon_ep: set backpressure watermark for RX queues
    dc4d11c5f316 octeon_ep: disable per ring interrupts
    2c33c53a9c8c octeon_ep: support Octeon CN10K devices
    a40e276b9696 octeon_ep: restructured interrupt handlers
    77c641b3bd4e octeon_ep: support to fetch firmware info
    331e2b705163 serial: caif: fix use-after-free in caif_serial ldisc_close()
    2c1f59005da9 xfrm: fix ip_rt_bug race in icmp_route_lookup reverse path
    d621dd67a72d net: Switch to skb_dstref_steal/skb_dstref_restore for ip_route_input callers
    31ca4fbf56d1 net: Add skb_dstref_steal and skb_dstref_restore
    dea1465394ff net: sunhme: Fix sbus regression
    e3f80666c273 net: atm: fix crash due to unvalidated vcc pointer in sigd_send()
    e131aac543cd smb: client: correct value for smbd_max_fragmented_recv_size
    0e64bd46a04a procfs: fix missing RCU protection when reading real_parent in do_task_stat()
    6dc10494cfe2 net: hns3: fix double free issue for tx spare buffer
    44b2256b17f1 PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404]
    f1535d56fc3f netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets
    f7eb1903c6e0 netfilter: nft_counter: fix reset of counters on 32bit archs
    cfe35cb86256 netfilter: nft_set_hash: fix get operation on big endian
    77eef9f2eef0 nfc: hci: shdlc: Stop timers and work before freeing context
    db76b75ede38 inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP
    43f4661e9b2c bonding: only set speed/duplex to unknown, if getting speed failed
    8b5ed7c5417b octeontx2-af: Fix PF driver crash with kexec kernel booting
    cf5967514735 mptcp: fix receive space timestamp initialization
    2622f355e621 of: unittest: fix possible null-pointer dereferences in of_unittest_property_copy()
    e7c1e60802d8 ucount: check for CAP_SYS_RESOURCE using ns_capable_noaudit()
    7dc4778ee848 ipc: don't audit capability check in ipc_permissions()
    2c80b0974047 PCI/ACPI: Restrict program_hpx_type2() to AER bits
    89db6475c0b4 PCI: Add defines for bridge window indexing
    82bd7f9d08ce PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros
    1f5438cb5d78 PCI: Log bridge info when first enumerating bridge
    f49c44723a70 PCI: Log bridge windows conditionally
    988b8b98103c PCI: Supply bridge device, not secondary bus, to read window details
    7fd6672a1bb0 PCI: Move pci_read_bridge_windows() below individual window accessors
    a79a3d1fd32c PCI: Initialize RCB from pci_configure_device()
    a7c08278f2d0 wifi: ath10k: sdio: add missing lock protection in ath10k_sdio_fw_crashed_dump()
    62c2290dc976 tcp: tcp_tx_timestamp() must look at the rtx queue
    d3b7ffa90f61 fat: avoid parent link count underflow in rmdir
    243f71ed873f nfsd: never defer requests during idmap lookup
    0114244ec49a dm: use bio_clone_blkg_association
    c93f23375d8c iommu/vt-d: Flush cache for PASID table before using it
    bff7ac6b98fa PCI: Mark 3ware-9650SA Root Port Extended Tags as broken
    af0f0d30fd02 kallsyms/ftrace: set module buildid in ftrace_mod_address_lookup()
    ecb0af907733 module: add helper function for reading module_buildid()
    767f1a8c8483 netfilter: nf_conncount: fix tracking of connections from localhost
    abaa1508d5db netfilter: nft_compat: add more restrictions on netlink attributes
    0792ad077d77 netfilter: nf_conncount: increase the connection clean up limit to 64
    d12e9e90632c netfilter: nf_conncount: make nf_conncount_gc_list() to disable BH
    5802782366ba netfilter: nf_tables: reset table validation state on abort
    4d7a05da767e wifi: cfg80211: stop NAN and P2P in cfg80211_leave
    11f832532440 mctp i2c: initialise event handler read bytes
    f03666259d22 net: mctp-i2c: fix duplicate reception of old data
    37ccd48cf35f quota: fix livelock between quotactl and freeze_super
    96ac80ce22bc PCI/portdrv: Fix potential resource leak
    cf7e6dbb51a7 PCI: Do not attempt to set ExtTag for VFs
    a4176432d41e Documentation: tracing: Add PCI tracepoint documentation
    60b896647d88 Documentation: trace: Refactor toctree
    b2f972293451 docs: fix WARNING document not included in any toctree
    bd43a6e85779 Documentation: tracing: Add ring-buffer mapping
    baa42b756d18 PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails
    d8e7624e2113 PCI/PM: Avoid redundant delays on D3hot->D3cold
    63d3556c9a8e Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors
    24c190a5a24e PCI: mediatek: Fix IRQ domain leak when MSI allocation fails
    f448acd86835 Revert "hwmon: (ibmpex) fix use-after-free in high/low store"
    1ae5fd122398 spi: tools: Add include folder to .gitignore
    169ae51f31b0 platform/chrome: cros_ec_lightbar: Fix response size initialization
    e3311645c7c1 media: uvcvideo: Fix allocation for small frame sizes
    01fe5a26ccc6 platform/chrome: cros_typec_switch: Don't touch struct fwnode_handle::dev
    0347548ccf07 drm/msm/a2xx: fix pixel shader start on A225
    661152ffb0f2 media: ccs: Accommodate C-PHY into the calculation
    e7815709bc97 drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x
    33acf9a4d6eb HID: playstation: Add missing check for input_ff_create_memless
    f0a6e4b27bad regulator: core: move supply check earlier in set_machine_constraints()
    2d5b17e8364b drm/msm/disp/dpu: add merge3d support for sc7280
    83d3d9ec347a drm/amdgpu: Use explicit VCN instance 0 in SR-IOV init
    f721f873d3e1 ASoC: nau8821: Fixup nau8821_enable_jack_detect()
    88a6bed89eb8 ASoC: nau8821: Avoid unnecessary blocking in IRQ handler
    e19f5b5d1059 ASoC: nau8821: Consistently clear interrupts before unmasking
    1c7ee23dfcd1 smack: /smack/doi: accept previously used values
    661d87242dd6 smack: /smack/doi must be > 0
    34bacb3cc343 workqueue: Process rescuer work items one-by-one using a cursor
    c906c9d81fdf workqueue: Only assign rescuer work when really needed
    c17f947a6fca workqueue: Factor out assign_rescuer_work()
    e3b15841172e arm64: dts: qcom: sm6115: Add CX_MEM/DBGC GPU regions
    4ffe98b89c9c arm64: dts: qcom: sdm845-db845c: specify power for WiFi CH1
    c77d1b2f5e51 arm64: dts: qcom: sdm845-db845c: drop CS from SPIO0
    1895ad99349e arm64: dts: amlogic: g12: assign the MMC A signal clock
    44cd81bbb21b arm64: dts: amlogic: g12: assign the MMC B and C signal clocks
    6a47c69a8bba arm64: dts: amlogic: gx: assign the MMC signal clocks
    59f3138d11cc arm64: dts: amlogic: axg: assign the MMC signal clocks
    716c8ebe0409 arm: dts: lpc32xx: add clocks property to Motor Control PWM device tree node
    8461f646f68a ARM: dts: lpc32xx: Set motor PWM #pwm-cells property value to 3 cells
    87a1f93986aa powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling
    06195456c4e4 soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()
    993d41578772 soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in cmd_db_dev_probe
    c43e0a0353e5 powerpc/uaccess: Move barrier_nospec() out of allow_read_{from/write}_user()
    ac2c85d2a2f6 ARM: dts: allwinner: sun5i-a13-utoo-p66: delete "power-gpios" property
    dc62cf0814fa arm64: dts: qcom: sdm845-oneplus: Mark l14a regulator as boot-on
    1aeb4ed95c3f arm64: dts: qcom: sdm845-oneplus: Don't mark ts supply boot-on
    93aaa53ecf20 arm64: dts: qcom: sdm630: fix gpu_speed_bin size
    e15f1e18cdf4 clk: qcom: Return correct error code in qcom_cc_probe_by_index()
    458f7417fae0 arm64: dts: tqma8mpql-mba8mpxl: Fix HDMI CEC pad control settings
    063898a3f9ac EDAC/i5400: Fix snprintf() limit calculation in calculate_dimm_size()
    e37f5e05b5bc EDAC/i5000: Fix snprintf() size calculation in calculate_dimm_size()
    8afa17757873 soc: qcom: smem: handle ENOMEM error during probe
    cff0ef043e16 pstore/ram: fix buffer overflow in persistent_ram_save_old()
    8ad5577b2d4a sched/rt: Skip currently executing CPU in rto_next_cpu()
    322154c3981e mfd: wm8350-core: Use IRQF_ONESHOT
    3db9471b23f5 EDAC/altera: Remove IRQF_ONESHOT
    adb69cc223d7 scsi: efct: Use IRQF_ONESHOT and default primary handler
    ddc34a1b8550 bpf: Fix bpf_xdp_store_bytes proto for read-only arg
    74081d6c1da1 crypto: hisilicon/trng - support tfms sharing the device
    260a9e382996 crypto: hisilicon/trng - modifying the order of header files
    9681044e45c9 bpf, sockmap: Fix FIONREAD for sockmap
    acaf1ea47bbf bpf, sockmap: Fix incorrect copied_seq calculation
    7111701a09cc hrtimer: Fix trace oddity
    33a30bf9e0d4 crypto: hisilicon/sec2 - support skcipher/aead fallback for hardware queue unavailable
    6eae58af0c31 crypto: hisilicon/zip - adjust the way to obtain the req in the callback function
    ab8b2eaf7add crypto: hisilicon/zip - remove zlib and gzip
    70b2f4fc1ede crypto: hisilicon/zip - support deflate algorithm
    0aa430f4661d crypto: octeontx - fix dma_free_coherent() size
    53e97a309cc3 crypto: cavium - fix dma_free_coherent() size
    2b757fea9f4f ARM: VDSO: Patch out __vdso_clock_getres() if unavailable
    e1767524765e libbpf: Fix OOB read in btf_dump_get_bitfield_value
    542bf32cf757 selftests/bpf: veristat: fix printing order in output_stats()
    6e6abc72accf crypto: qat - fix warning on adf_pfvf_pf_proto.c
    abb6e07f46a7 s390/cio: Fix device lifecycle handling in css_alloc_subchannel()
    27d7a35b8052 PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races
    70e8af620210 perf: arm_spe: Properly set hw.state on failures
    3deb7b6a2e31 PM: wakeup: Handle empty list in wakeup_sources_walk_start()
    d6749d0b8ddc Partial revert "x86/xen: fix balloon target initialization for PVH dom0"
    ef3b74d20f5e x86/xen: make some functions static
    31cac6acf77e ublk: Validate SQE128 flag before accessing the cmd
    8f3d79abdec0 iomap: fix submission side handling of completion side errors
    597ec9e7f5cc md/raid10: fix any_working flag handling in raid10_sync_request
    72b2db83705b cpuidle: governors: menu: Always check timers with tick stopped
    0add3e6f91aa cpuidle: menu: Cleanup after loadavg removal
    ca762fa01f64 io_uring/sync: validate passed in offset
    f2cf475d23b8 ACPICA: Fix NULL pointer dereference in acpi_ev_address_space_dispatch()
    9cc9efa703f0 xen/virtio: Don't use grant-dma-ops when running as Dom0
    7425453ea16d smb: client: fix potential UAF and double free in smb2_open_file()
    e3d1fd084319 btrfs: fix block_group_tree dirty_list corruption
    46fb7ee9f852 btrfs: qgroup: return correct error when deleting qgroup relation item
    a51cff9be046 tpm: st33zp24: Fix missing cleanup on get_burstcount() error
    948966e546f2 tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure
    20ac431e02dc i3c: dw: Initialize spinlock to avoid upsetting lockdep
    d87268326b27 gfs2: Fix use-after-free in iomap inline data write path
    4991b13cc9f1 gfs2: Add metapath_dibh helper
    7e3b7a47867a gfs2: Retries missing in gfs2_{rename,exchange}
    b68be2b8b564 i3c: master: Update hot-join flag only on success
    5560116126da fs: add <linux/init_task.h> for 'init_fs'
    4b2a0a4e9428 i3c: Move device name assignment after i3c_bus_init
    e2647d540bea audit: move the compat_xxx_class[] extern declarations to audit_arch.h
    979c708e6c9d rcu: Fix rcu_read_unlock() deadloop due to softirq
    dffd52d0d14e rcu: Remove local_irq_save/restore() in rcu_preempt_deferred_qs_handler()
    3ccd035ef99d rcu: Refactor expedited handling check in rcu_read_unlock_special()
    6cc7a424a39a rcu/exp: Move expedited kthread worker creation functions above rcutree_prepare_cpu()
    cb9eaff659dd rcu: s/boost_kthread_mutex/kthread_mutex
    7b57ada854b3 hfsplus: return error when node already exists in hfs_bnode_create
    2e000d8a5306 auxdisplay: arm-charlcd: fix release_mem_region() size
    a6a3e4af1099 RDMA/umad: Reject negative data_len in ib_umad_write
    ffba40b67663 RDMA/siw: Fix potential NULL pointer dereference in header processing

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../linux/linux-yocto-rt_6.6.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.6.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 8685e5cbf6d..8250679ed0f 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "c45743dc8dc2ddfbe7bd165997e1f7cf887fa6b7"
-SRCREV_meta ?= "45f69741c733e066ed1a12b6025e347e5cd6063e"
+SRCREV_machine ?= "8751b899ea5af349e8570e8985365290efa5e7d6"
+SRCREV_meta ?= "fdd48963e673d657f0df21b4b1fb6b18dbaa96bc"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.127"
+LINUX_VERSION ?= "6.6.129"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index d6a9afdf17e..bd4a10b5640 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.127"
+LINUX_VERSION ?= "6.6.129"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "8247922ff493e4fef938ce36562cac9c0cce86aa"
-SRCREV_meta ?= "45f69741c733e066ed1a12b6025e347e5cd6063e"
+SRCREV_machine ?= "d82c6cc64c037058c6bfd630f2d2604a38684c7d"
+SRCREV_meta ?= "fdd48963e673d657f0df21b4b1fb6b18dbaa96bc"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 92ad6afa3a5..58a72979c53 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "aa66687c1abe2afe2ee6c00c36bfaaf3d5d9636c"
-SRCREV_machine:qemuarm64 ?= "cf88783fdb92901d9d228afb7d700c6575742f1b"
-SRCREV_machine:qemuloongarch64 ?= "70af2998be31b72a111de67966b7816b3d54d472"
-SRCREV_machine:qemumips ?= "cbd6f9a670486dcd83ef0f8b90a75b2b7b44b447"
-SRCREV_machine:qemuppc ?= "bce75aa765505d7db3bb1bfefb5d3f524a1a5b64"
-SRCREV_machine:qemuriscv64 ?= "70af2998be31b72a111de67966b7816b3d54d472"
-SRCREV_machine:qemuriscv32 ?= "70af2998be31b72a111de67966b7816b3d54d472"
-SRCREV_machine:qemux86 ?= "70af2998be31b72a111de67966b7816b3d54d472"
-SRCREV_machine:qemux86-64 ?= "70af2998be31b72a111de67966b7816b3d54d472"
-SRCREV_machine:qemumips64 ?= "4cc6d51a6f63436a37c3ba4ea2da93c7fd3240b4"
-SRCREV_machine ?= "70af2998be31b72a111de67966b7816b3d54d472"
-SRCREV_meta ?= "45f69741c733e066ed1a12b6025e347e5cd6063e"
+SRCREV_machine:qemuarm ?= "539bf858552c12417a449646d0cad5e53e038aa0"
+SRCREV_machine:qemuarm64 ?= "e4153b3c5bff6c503990c35826d84a034d2d7a33"
+SRCREV_machine:qemuloongarch64 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
+SRCREV_machine:qemumips ?= "d5da07b097555f20280b2484da875c93f1494d48"
+SRCREV_machine:qemuppc ?= "9434ddc68ebc90e9336d4cc6f642aa82c0da023c"
+SRCREV_machine:qemuriscv64 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
+SRCREV_machine:qemuriscv32 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
+SRCREV_machine:qemux86 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
+SRCREV_machine:qemux86-64 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
+SRCREV_machine:qemumips64 ?= "e6f498c7aa6909c17b90b50267d1577ddc19c0d6"
+SRCREV_machine ?= "3dbf485808fc7be82368f70f385fead9735b5904"
+SRCREV_meta ?= "fdd48963e673d657f0df21b4b1fb6b18dbaa96bc"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "7a137e9bfa0e1919555d60f9dc0c05a7a5ba75d0"
+SRCREV_machine:class-devupstream ?= "4fc00fe35d46b4fc8dac2eb543a0e3d44bb15f47"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.127"
+LINUX_VERSION ?= "6.6.129"
 
 PV = "${LINUX_VERSION}+git"
 

[OE-core][scarthgap 20/30] linux-yocto/6.6: update to v6.6.130

[Yoann Congal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:

    c09fbcd31ae6 Linux 6.6.130
    1dacf6b3718a xen/privcmd: add boot control for restricted usage in domU
    1879319d790f xen/privcmd: restrict usage in unprivileged domU
    2cf5eff223fc tools/bootconfig: fix fd leak in load_xbc_file() on fstat failure
    c1bfc25d62d8 lib/bootconfig: check xbc_init_node() return in override path
    df1f4a7d9cf6 drm/i915/gt: Check set_default_submission() before deferencing
    b0158d9d6f4e ksmbd: fix use-after-free in durable v2 replay of active file handles
    806f13752652 ksmbd: fix use-after-free of share_conf in compound request
    87158a633e9a drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr()
    6ec8f8ebd023 mtd: rawnand: brcmnand: skip DMA during panic write
    a80291e577b4 mtd: rawnand: serialize lock/unlock against other NAND operations
    69aece634a7e i2c: cp2615: fix serial string NULL-deref at probe
    2aeb380c731f i2c: cp2615: replace deprecated strncpy with strscpy
    7864c667aed0 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase
    c51957601d32 x86/platform/uv: Handle deconfigured sockets
    197fc4dda1c0 i2c: pxa: defer reset on Armada 3700 when recovery is used
    c40387488be0 i2c: fsi: Fix a potential leak in fsi_i2c_probe()
    994b301a217f USB: serial: f81232: fix incomplete serial port generation
    2124d82fd25e Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
    eec4d5758f33 drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug
    5b0578a9a9ec hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit()
    5fcef2e370f3 hwmon: (pmbus/mp2975) Add error check for pmbus_read_word_data() return value
    b61529c357f1 icmp: fix NULL pointer dereference in icmp_tag_validation()
    1a0c3c7b5b14 net: dsa: bcm_sf2: fix missing clk_disable_unprepare() in error paths
    ff0c54f088f7 net: mvpp2: guard flow control update with global_tx_fc in buffer switching
    224f4678812e nfnetlink_osf: validate individual option lengths in fingerprints
    adee3436ccd2 netfilter: nf_tables: release flowtable after rcu grace period on error
    d016c216bc75 netfilter: bpf: defer hook memory release until rcu readers are done
    0a3f8cd3f370 net: bonding: fix NULL deref in bond_debug_rlb_hash_show
    a05a2149386f udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n
    3dffc083292e net/mlx5e: Fix race condition during IPSec ESN update
    99aaee927800 net/mlx5e: Prevent concurrent access to IPSec ASO context
    7712b5ff6967 net/mlx5: qos: Restrict RTNL area to avoid a lock cycle
    5da8009be419 net: macb: fix uninitialized rx_fs_lock
    edf4c2aaee08 ACPI: processor: Fix previous acpi_processor_errata_piix4() fix
    a6dc74209462 wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom
    0a4da176ae4b wifi: mac80211: fix NULL deref in mesh_matches_local()
    58f74dc73d1b iavf: fix VLAN filter lost on add/delete race
    fb602ed4b19e igc: fix missing update of skb->tail in igc_xmit_frame()
    4de6a43e8ecf net: usb: aqc111: Do not perform PM inside suspend callback
    a73d95b57bf9 clsact: Fix use-after-free in init/destroy rollback asymmetry
    125f932a76a9 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
    f1c7701d3ac9 net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check
    21c89a0a8de7 net/sched: teql: Fix double-free in teql_master_xmit
    f00fc26c8a06 net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()
    39f2d86f2ddd PM: runtime: Fix a race condition related to device removal
    fd8278ffba49 sched: idle: Consolidate the handling of two special cases
    249e90557158 net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown
    fcdf56bbdade net: bcmgenet: increase WoL poll timeout
    f5e4f4e4cdb7 netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()
    262beb78e95e netfilter: xt_time: use unsigned int for monthday bit shift
    63b8097cea19 netfilter: xt_CT: drop pending enqueued packets on template removal
    e68a8db3a054 netfilter: nft_ct: drop pending enqueued packets on removal
    b477ef7fa612 netfilter: nft_ct: add seqadj extension for natted connections
    52235bf88159 netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case
    528b4509c9df netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp()
    f04cc86d5990 netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct()
    9e5021a90653 netfilter: ctnetlink: remove refcounting in expectation dumpers
    a75d3be96d70 mpls: add missing unregister_netdevice_notifier to mpls_init
    0c9fb70a206a net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect
    e160b869b0a8 Bluetooth: qca: fix ROM version reading on WCN3998 chips
    11a87dd5df42 Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user
    45ebe5b90020 Bluetooth: HIDP: Fix possible UAF
    f35209cf4826 Bluetooth: hci_sync: Fix hci_le_create_conn_sync
    2d3deaa162a7 Bluetooth: ISO: Fix defer tests being unstable
    e7899dc538f3 Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy
    c02860835673 Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU
    b5c20c899246 Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU
    d30acb4ecbe2 firmware: arm_scpi: Fix device_node reference leak in probe path
    37e776e2e0a5 wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down
    256f7d4c1123 wifi: mac80211: Fix static_branch_dec() underflow for aql_disable.
    d21923a8059f soc: fsl: qbman: fix race condition in qman_destroy_fq
    d0a466caf4ac cache: ax45mp: Fix device node reference leak in ax45mp_cache_init()
    ccb2262681d6 btrfs: tree-checker: fix misleading root drop_level error message
    56e72c8b02d9 btrfs: log new dentries when logging parent dir of a conflicting inode
    df656e45774f drm/amd/display: Wrap dcn32_override_min_req_memclk() in DC_FP_{START, END}
    9085ad02eff0 drm/amdgpu: apply state adjust rules to some additional HAINAN vairants
    41b0edc1be8d drm/radeon: apply state adjust rules to some additional HAINAN vairants
    2a28ad57d12e drm/amdgpu/mmhub3.0: add bounds checking for cid
    46411902afd1 drm/amdgpu/mmhub3.0.2: add bounds checking for cid
    0fabdcd12c29 drm/amdgpu/mmhub3.0.1: add bounds checking for cid
    6b257be5d3ad drm/amdgpu/mmhub2.3: add bounds checking for cid
    aa3c80150b0e drm/amdgpu/mmhub2.0: add bounds checking for cid
    9f41b9f82ecf drm/amdgpu/gmc9.0: add bounds checking for cid
    447f2c6ef11c serial: uartlite: fix PM runtime usage count underflow on probe
    59e13f1c9a8c serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY
    d2719a0a9c34 serial: 8250: Fix TX deadlock when using DMA
    092cb022a454 serial: 8250_pci: add support for the AX99100
    85654456e394 iommu/vt-d: Fix intel iommu iotlb sync hardlockup and retry
    d8570211a2b1 mtd: Avoid boot crash in RedBoot partition table parser
    2a79fd98b961 mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init()
    d55ff6f213be mtd: rawnand: pl353: make sure optimal timings are applied
    f13100b1f5f1 spi: fix statistics allocation
    6bbd385b30c7 spi: fix use-after-free on controller registration failure
    9443202d9138 pmdomain: bcm: bcm2835-power: Increase ASB control timeout
    4ada013fd7da mmc: sdhci: fix timing selection for 1-bit bus width
    451816d430b3 mmc: sdhci-pci-gli: fix GL9750 DMA write corruption
    0c5026178856 net: macb: Reinitialize tx/rx queue pointer registers and rx ring during resume
    fbbd4c07a537 net: macb: Introduce gem_init_rx_ring()
    2fd0bdd49e57 net: macb: queue tie-off or disable during WOL suspend
    8afb437ea1f7 nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
    1ada20331f2d batman-adv: avoid OGM aggregation when skb tailroom is insufficient
    fc77e0a5600e iio: light: bh1780: fix PM runtime leak on error path
    64ad49597d14 btrfs: fix transaction abort on file creation due to name hash collision
    b19c0465e4da btrfs: fix transaction abort on set received ioctl due to item overflow
    6bce705b699c btrfs: fix transaction abort when snapshotting received subvolumes
    3f04f871a1d4 kprobes: Remove unneeded warnings from __arm_kprobe_ftrace()
    61cfa81f19b9 kprobes: Remove unneeded goto
    6ebef4a220a1 ksmbd: unset conn->binding on failed binding request
    9229709ec8bf smb: client: fix krb5 mount with username option
    807bd1258453 Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access
    dd3b221e2107 Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp()
    935c716be860 parisc: Flush correct cache in cacheflush() syscall
    5653af416a48 net: macb: fix use-after-free access to PTP clock
    70662874f646 NFC: nxp-nci: allow GPIOs to sleep
    67f2796354bf LoongArch: Give more information if kmem access failed
    e48bf8f1d2b1 nvdimm/bus: Fix potential use after free in asynchronous initialization
    41f6ba6c98a6 sunrpc: fix cache_request leak in cache_release
    d1a19217995d NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd
    439a6728ec46 io_uring/kbuf: check if target buffer list is still legacy on recycle
    d77401968c78 mm/mempolicy: fix wrong mmap_read_unlock() in migrate_to_node()
    8e7715193e5a s390/zcrypt: Enable AUTOSEL_DOM for CCA serialnr sysfs attribute
    2c5c0f4dc8cc s390/stackleak: Fix __stackleak_poison() inline assembly constraint
    3e0619a2a61b s390/xor: Fix xor_xc_2() inline assembly constraints
    1b3ff4d88b50 mptcp: pm: in-kernel: always set ID as avail when rm endp
    268fd5502281 net: stmmac: remove support for lpi_intr_o
    fbab8c08e1a6 binfmt_misc: restore write access before closing files opened by open_exec()
    8c1befea57db sched/fair: Fix pelt clock sync when entering idle
    d1365d2abfaf f2fs: zone: fix to avoid inconsistence in between SIT and SSA
    3da45ec1e485 rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access
    8af210df4f71 platform/x86/amd/pmc: Add support for Van Gogh SoC
    9c05cd8f4232 x86/uprobes: Fix XOL allocation failure for 32-bit tasks
    1b24d3e8792b drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free
    2e147aa3169b drm/exynos: vidi: fix to avoid directly dereferencing user pointer
    21ca24ba51a2 drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()
    e1903358b215 drm/amdgpu: Add basic validation for RAS header
    ce63943f9bce l2tp: do not use sock_hold() in pppol2tp_session_get_sock()
    da249eb3206c drm/amd/pm: Use pm_display_cfg in legacy DPM (v2)
    b3367ee3e557 drm/amd/display: Add pixel_clock to amd_pp_display_configuration
    ec2b34acb189 net: dsa: properly keep track of conduit reference
    0643aa246819 bpf: Forget ranges when refining tnum after JSET
    2cbef9ea5a0a net: fix segmentation of forwarding fraglist GRO
    e19201b0c67d net: gso: fix tcp fraglist segmentation after pull from frag_list
    1f2b859225eb net: add support for segmenting TCP fraglist GSO packets
    9b03768037d9 tracing: Add recursion protection in kernel stack trace recording
    eba0c75670c0 dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()
    33743ec6679a riscv: Sanitize syscall table indexing under speculation
    4357e02cafab btrfs: do not strictly require dirty metadata threshold for metadata writepages
    bfc717be833f iomap: allocate s_dio_done_wq for async reads as well
    a426f29ac3fa rxrpc: Fix data-race warning and potential load/store tearing
    fc3454a20bef x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler
    03c29d6d3719 x86/sev: Harden #VC instruction emulation somewhat
    f69fec628756 ipv6: use RCU in ip6_xmit()
    897d9006e75f dm-verity: disable recursive forward error correction
    0464bf75590d rxrpc: Fix recvmsg() unconditional requeue
    1b0edd6022a3 ext4: always allocate blocks only from groups inode can use
    90336fc3d6f5 eth: bnxt: always recalculate features after XDP clearing, fix null-deref
    1e3769aa0946 usb: typec: ucsi: Move unregister out of atomic section
    c57387d447a2 pNFS: Fix a deadlock when returning a delegation during open()
    a4810f8beb01 NFS: Fix a deadlock involving nfs_release_folio()
    1562138b9cab nfs: pass explicit offset/count to trace events
    815db2363e51 dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()
    64d8abd8c530 btrfs: fix NULL dereference on root when tracing inode eviction
    54322d95309d arm64: mm: Don't remap pgtables for allocate vs populate
    6a36c8e88af7 arm64: mm: Batch dsb and isb when populating pgtables
    37413d064396 arm64: mm: Don't remap pgtables per-cont(pte|pmd) block
    7d115eb231a6 net: stmmac: dwmac-loongson: Set clk_csr_i to 100-150MHz
    9dcd86cb22e1 btrfs: always fallback to buffered write if the inode requires checksum
    dbc4e10619ed ext4: fix dirtyclusters double decrement on fs shutdown
    db489778e6f2 f2fs: fix to avoid migrating empty section
    5d305a95130a net/tcp-md5: Fix MAC comparison to be constant-time
    307afccb751f ksmbd: Compare MACs in constant time
    946054b773ed smb: client: Compare MACs in constant time
    26a29582980b xfs: ensure dquot item is deleted from AIL only after log shutdown
    50c0e03072fc xfs: fix integer overflow in bmap intent sort comparator
    2bfc83cee05f crypto: atmel-sha204a - Fix OOM ->tfm_count leak
    0629a1a187e4 cifs: open files should not hold ref on superblock
    0a47c3889fcd net: macb: Shuffle the tx ring before enabling tx
    0bc70491e466 drm/bridge: ti-sn65dsi83: halve horizontal syncs for dual LVDS output
    920467466d2d drm/msm: Fix dma_free_attrs() buffer size
    fec5c70b82af ksmbd: Don't log keys in SMB3 signing and encryption key generation
    d1cdf0c63947 iomap: reject delalloc mappings during writeback
    0ba544dacec2 mm/kfence: fix KASAN hardware tag faults during late enablement
    816fa1dfae45 KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated
    5d1e72015b90 KVM: SVM: Add a helper to look up the max physical ID for AVIC
    32ca7117e153 KVM: SVM: Limit AVIC physical max index based on configured max_vcpu_ids
    d146f2775804 usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling
    c24c06ed1849 can: gs_usb: gs_can_open(): always configure bitrates before starting device
    dfc314d7c767 net/sched: act_gate: snapshot parameters with RCU on replace
    0be8c9627556 kbuild: Leave objtool binary around with 'make clean'
    2d53b863b401 selftests: mptcp: join: check RM_ADDR not sent over same subflow
    1ec68e2096ef selftests: mptcp: add a check for 'add_addr_accepted'
    05799c2f1ca5 mptcp: pm: in-kernel: always mark signal+subflow endp as used
    a29641dc1267 mptcp: pm: avoid sending RM_ADDR over same subflow
    7f3b7dc8c6ca drm/amd/display: Use GFP_ATOMIC in dc_create_stream_for_sink
    c33523b8fd2d net: phy: register phy led_triggers during probe to avoid AB-BA deadlock
    71511dae56a7 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL
    f9f1660b7ffc x86/sev: Allow IBPB-on-Entry feature for SNP guests
    c8ddb2d30d03 platform/x86: hp-bioscfg: Support allocations of larger data
    3c5c818c78b0 wifi: libertas: fix use-after-free in lbs_free_adapter()
    cf29329a13df ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths
    ca049ef5c8c7 gve: defer interrupt enabling until NAPI registration
    212b9632718c drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD
    3161ae587816 i3c: mipi-i3c-hci: Add missing TID field to no-op command descriptor
    0911fd8e400e i3c: mipi-i3c-hci: Restart DMA ring correctly after dequeue abort
    dcd66a0c0388 i3c: mipi-i3c-hci: Use ETIMEDOUT instead of ETIME for timeout errors
    5c485bc32551 iio: imu: inv_icm42600: fix odr switch to the same value
    27c324ef1638 iio: gyro: mpu3050-i2c: fix pm_runtime error handling
    2a86a396aa00 iio: gyro: mpu3050-core: fix pm_runtime error handling
    10ea2df061f3 iio: buffer: Fix wait_queue not being removed
    dd7b7093bb77 iio: chemical: bme680: Fix measurement wait duration calculation
    342e5f67fb99 iio: potentiometer: mcp4131: fix double application of wiper shift
    dcdf1e92674e iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas()
    5a3952ba82f8 iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas()
    fa87bb35b917 iio: frequency: adf4377: Fix duplicated soft reset mask
    8f9fca12f2f3 iio: dac: ds4424: reject -128 RAW value
    fa6fd9aec721 btrfs: abort transaction on failure to update root in the received subvol ioctl
    40f7c69eb00d smb: client: fix iface port assignment in parse_server_interfaces
    438e77435aee smb: client: fix in-place encryption corruption in SMB2_write()
    dcd1f1321034 smb: client: fix atomic open with O_DIRECT & O_SYNC
    2ca6bdf449b1 lib/bootconfig: check bounds before writing in __xbc_open_brace()
    bbdb80f29ee9 lib/bootconfig: fix snprintf truncation check in xbc_node_compose_key_after()
    f59193807211 x86/apic: Disable x2apic on resume if the kernel expects so
    35e3ec8e589b scsi: core: Fix error handling for scsi_alloc_sdev()
    cc7d44c59ea5 lib/bootconfig: fix off-by-one in xbc_verify_tree() unclosed brace error
    b373ff56ed2d s390/dasd: Copy detected format information to secondary device
    3a67baa8eec4 s390/dasd: Move quiesce state with pprc swap
    41e91dff2d39 xfs: fix undersized l_iclog_roundoff values
    eaaaa3abbb20 cifs: make default value of retrans as zero
    e9311e199ac6 tracing: Fix trace_buf_size= cmdline parameter with sizes >= 2G
    aeb7255531ba drm/i915: Fix potential overflow of shmem scatterlist length
    624f991cac21 drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding
    2550d63cc350 drm/amd: Set num IP blocks to 0 if discovery fails
    c658c1c85ec2 drm/amdgpu: Fix use-after-free race in VM acquire
    3704ac6a0d9a net: dsa: microchip: Fix error path in PTP IRQ setup
    81431da77792 net: ethernet: arc: emac: quiesce interrupts before requesting IRQ
    599625881978 net: ncsi: fix skb leak in error paths
    302fef75512b ksmbd: fix use-after-free by using call_rcu() for oplock_info
    b720c84087cb smb: server: fix use-after-free in smb2_open()
    bf4d66d72e4a ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()
    d156b1c24f72 pmdomain: bcm: bcm2835-power: Fix broken reset status read
    57e35502faa9 parisc: Check kernel mapping earlier at bootup
    344fde7a3dc0 parisc: Fix initial page table creation for boot
    52db5ef163c9 hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read
    7003352d4327 arm64: mm: Add PTE_DIRTY back to PAGE_KERNEL* to fix kexec/hibernation
    fad178ae8949 nouveau/dpcd: return EBUSY for aux xfer if the device is asleep
    5699359529c6 parisc: Increase initial mapping to 64 MB with KALLSYMS
    f3ca45673dab batman-adv: Avoid double-rtnl_lock ELP metric worker
    422b4524320c tracing: Fix syscall events activation by ensuring refcount hits zero
    9298b0806923 ice: fix retry for AQ command 0x06EE
    5138cd978bab net: mana: Ring doorbell at 4 CQ wraparounds
    1a6da3dbb998 media: dvb-net: fix OOB access in ULE extension header tables
    768f25613a9f staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie
    740bca8bbdb7 staging: rtl8723bs: properly validate the data in rtw_get_ie_ex()
    627cf4d1f0ea ixgbevf: fix link setup issue
    aac3ac27e6da ice: reintroduce retry mechanism for indirect AQ
    1fc8c3a0d249 irqchip/gic-v3-its: Limit number of per-device MSIs to the range the ITS supports
    3cfdf8d27b66 device property: Allow secondary lookup in fwnode_get_next_child_node()
    54f2f0591216 drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used
    98310fe3a2a7 drm/bridge: samsung-dsim: Fix memory leak in error path
    f3333543326c Revert "tcpm: allow looking for role_sw device in the main node"
    70c78429ef38 scsi: hisi_sas: Fix NULL pointer exception during user_scan()
    8be15087d037 scsi: hisi_sas: Use macro instead of magic number
    228c626df8d5 scsi: hisi_sas: Add time interval between two H2D FIS following soft reset spec
    a6a894413b04 scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend
    069307ae8cb9 i3c: dw-i3c-master: Set SIR_REJECT in DAT on device attach and reattach
    7d86de3847c5 time/jiffies: Mark jiffies_64_to_clock_t() notrace
    657dc653b06a ceph: fix memory leaks in ceph_mdsc_build_path()
    b3f5513141ec ceph: fix i_nlink underrun during async unlink
    59c7bf668c20 libceph: admit message frames only in CEPH_CON_S_OPEN state
    5f2806684b05 libceph: Use u32 for non-negative values in ceph_monmap_decode()
    50156622eb08 libceph: prevent potential out-of-bounds reads in process_message_header()
    3e2e36e9b9f3 libceph: reject preamble if control segment is empty
    8bb87547e92d libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()
    8b6767e4141b kprobes: avoid crash when rmmod/insmod after ftrace killed
    a360d3815aae tipc: fix divide-by-zero in tipc_sk_filter_connect()
    a8e9cab16771 ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start
    270277c2ab63 mmc: core: Avoid bitfield RMW for claim/retune flags
    d8f20b282418 mm/kfence: disable KFENCE upon KASAN HW tags enablement
    f36ab071abd0 mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index()
    b88ce81232bb mm/tracing: rss_stat: ensure curr is false from kthread context
    155f471e38aa usb: image: mdc800: kill download URB on timeout
    e7b3d154eb08 usb: mdc800: handle signal and read racing
    9c6159d5b72d usb: renesas_usbhs: fix use-after-free in ISR during device removal
    4ee3062bf2c9 usb: class: cdc-wdm: fix reordering issue in read code path
    659c0c7d50a4 USB: core: Limit the length of unkillable synchronous timeouts
    39bd4097292f USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts
    fc26e98b6cb8 USB: usbcore: Introduce usb_bulk_msg_killable()
    2872b67951fe usb: roles: get usb role switch from parent only for usb-b-connector
    52950203880b usb: cdc-acm: Restore CAP_BRK functionnality to CH343
    24aa4caf7f95 usb: core: don't power off roothub PHYs if phy_set_mode() fails
    19ef3da0a82d usb: misc: uss720: properly clean up reference in uss720_probe()
    f1c8b8183abc usb: dwc3: pci: add support for the Intel Nova Lake -H
    939e3d17b843 usb: yurex: fix race in probe
    b2dd9abf8c06 usb: xhci: Prevent interrupt storm on host controller error (HCE)
    2e2baa8fb5aa usb: xhci: Fix memory leak in xhci_disable_slot()
    2f2418efd495 USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed
    9105f4d74762 usb/core/quirks: Add Huawei ME906S-device to wakeup quirk
    551f82df759c USB: add QUIRK_NO_BOS for video capture several devices
    ad4394f269dc KVM: SVM: Initialize AVIC VMCB fields if AVIC is enabled with in-kernel APIC
    22bd6fea06bc ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA
    af834b026bfc net: usb: lan78xx: skip LTM configuration for LAN7850
    2aaf0a7be0b8 net: usb: lan78xx: fix TX byte statistics for small packets
    e94d81319259 net: usb: lan78xx: fix silent drop of packets with checksum errors
    c5c5a6c53cf3 ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces
    629cf09464cf ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain()
    3dfd1328c052 cgroup: fix race between task migration and iteration
    343d4b4a21a5 Revert "arm64: dts: qcom: sdm845-oneplus: Mark l14a regulator as boot-on"
    ce0caaed5940 usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks()
    3e2f1628faa3 octeontx2-af: devlink: fix NIX RAS reporter to use RAS interrupt status
    e4a4ca0b69c5 octeontx2-af: devlink health: use retained error fmsg API
    fa3183e7c748 octeontx2-af: devlink: fix NIX RAS reporter recovery condition
    cf6099ef493b net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled
    764039ff6515 ASoC: detect empty DMI strings
    35c7624d30cb ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition
    e15b56da10b5 ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address()
    0a1fc25deaba e1000/e1000e: Fix leak in DMA error cleanup
    e611b36efca1 i40e: fix src IP mask checks and memcpy argument names in cloud filter
    628773eba024 nvme-pci: Fix race bug in nvme_poll_irqdisable()
    83e6edd63583 nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set
    f691272c3e8c sched: idle: Make skipping governor callbacks more consistent
    ac8f2dfcecbd regulator: pca9450: Correct interrupt type
    28986d1c093f regulator: pca9450: Make IRQ optional
    540803559993 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
    4a1f6ee69267 netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table()
    47b1c5d1b094 netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path
    9b94f0e42ed2 netfilter: x_tables: guard option walkers against 1-byte tail reads
    0a55d62cdb62 netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop()
    61243ff7e757 amd-xgbe: prevent CRC errors during RX adaptation with AN disabled
    df65ae0f1330 amd-xgbe: fix link status handling in xgbe_rx_adaptation
    86f5334fcb48 mctp: route: hold key->lock in mctp_flow_prepare_output()
    a3a1ea5d1f8d can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value
    d7900a43b0a3 mctp: i2c: fix skb memory leak in receive path
    8460187b4852 serial: caif: hold tty->link reference in ldisc_open and ser_release
    bba6c0806a8c net: sfp: improve Huawei MA5671a fixup
    17f69ee2ed08 net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick
    2369830617a5 net: sfp: improve Nokia GPON sfp fixup
    783025a3babb net: sfp: re-implement ignoring the hardware TX_FAULT signal
    d9744892b8ed ASoC: simple-card-utils: fix graph_util_is_ports0() for DT overlays
    e03f8d141911 ASoC: simple-card-utils: use __free(device_node) for device node
    317a9298c54b ASoC: soc-core: flush delayed work before removing DAIs and widgets
    8b76136bd446 ASoC: soc-core: drop delayed_work_pending() check before flush
    59b06d8b9bdb net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit
    383b37c04a48 net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery
    957d2a58f7f8 net/mlx5: Fix deadlock between devlink lock and esw->wq
    87db2efa8327 net/mlx5: Query to see if host PF is disabled
    0e4dd5078b0c net/mlx5: IFC updates for disabled host PF
    11762a893ffc bonding: handle BOND_LINK_FAIL, BOND_LINK_BACK as valid link states
    43723dff1a59 drm/msm/dsi: fix pclk rate calculation for bonded dsi
    7c370f2cb7fc drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations
    c58dcaac49b6 net: dsa: realtek: rtl8365mb: remove ifOutDiscards from rx_packets
    74c39a47856b xprtrdma: Decrement re_receiving on the early exit paths
    2f91ef68d0ed smb/server: Fix another refcount leak in smb2_open()
    fd4ff8c64639 powerpc: 83xx: km83xx: Fix keymile vendor prefix
    a971ce3a39e5 remoteproc: mediatek: Unprepare SCP clock during system suspend
    f3394234b849 remoteproc: sysmon: Correct subsys_name_len type in QMI request
    80bc3c57dd32 powerpc/uaccess: Fix inline assembly for clang build on PPC32
    9e5df7e19c44 ALSA: usb-audio: Check max frame size for implicit feedback mode, too
    8d66e46ff0f4 ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0
    32af15506450 scsi: ufs: core: Fix shift out of bounds when MAXQ=32
    0614f5618c24 scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace()
    7b640a732689 ASoC: cs42l43: Report insert for exotic peripherals
    f43a420065f0 ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table
    80e35a0a8ab5 scsi: ses: Fix devices attaching to different hosts
    486519660bd9 ACPI: OSI: Add DMI quirk for Acer Aspire One D255
    b006c61a5d97 wifi: mac80211: set default WMM parameters on all links
    d7963d6997fe unshare: fix unshare_fs() handling
    7da755e0d02e scsi: mpi3mr: Add NULL checks when resetting request and reply queues
    5bb47c03024e ACPI: PM: Save NVS memory on Lenovo G70-35
    e7919a293f9b scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT
    ae10787d955f apparmor: fix race between freeing data and fs accessing it
    6ef1f2926c41 apparmor: fix race on rawdata dereference
    f90e3ecd9e1e apparmor: fix differential encoding verification
    17debf558602 apparmor: fix unprivileged local user can do privileged policy management
    55ef2af7490a apparmor: Fix double free of ns_name in aa_replace_profiles()
    7c7cf05e0606 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
    5a184f7cbdea apparmor: fix side-effect bug in match_char() macro usage
    3f8699b3ee0c apparmor: fix: limit the number of levels of policy namespaces
    33959a491e9f apparmor: replace recursive profile removal with iterative approach
    663ce34786e7 apparmor: fix memory leak in verify_header
    07cf6320f40e apparmor: validate DFA start states are in bounds in unpack_pdb
    7f4d6a5d3429 net: tcp: accept old ack during closing
    5a110ddcc99b net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks
    59c15b9cc453 tracing: Add NULL pointer check to trigger_data_free()
    c7919c1c1d80 selftest/arm64: Fix sve2p1_sigill() to hwcap test
    a0fb59f527d0 xdp: produce a warning when calculated tailroom is negative
    d5f7daed130c i40e: use xdp.frame_sz as XDP RxQ info frag_size
    7b9c0ee7fed9 i40e: fix registering XDP RxQ info
    183f940bdf90 xsk: introduce helper to determine rxq->frag_size
    8701504563fa xdp: use modulo operation to calculate XDP frag tailroom
    5b1449301ca0 net/sched: act_ife: Fix metalist update behavior
    b299121e7453 net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop
    5f93e6b4d12b net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled
    a12cdaa3375f net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
    29629dd7d373 net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup()
    3cdb52d6eba0 net: stmmac: Fix error handling in VLAN add and delete paths
    722a28b635ec nfc: rawsock: cancel tx_work before socket teardown
    edc188322caa nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback
    dcbcccfc5195 nfc: nci: free skb on nci_transceive early error paths
    f7d8b5d649dd net: nfc: nci: Fix zero-length proprietary notifications
    dbd58b0730aa net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs
    e42ff5abbd14 nvme: fix memory allocation in nvme_pr_read_keys()
    be3b61ebcafe nvme: reject invalid pr_read_keys() num_keys values
    5d53fe502ef4 drm/sched: Fix kernel-doc warning for drm_sched_job_done()
    0c3dce09e8ef amd-xgbe: fix sleep while atomic on suspend/resume
    581800298313 ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()
    db93ff008d2e smb/client: fix buffer size for smb311_posix_qinfo in SMB311_posix_query_info()
    99acd1ea3499 smb/client: fix buffer size for smb311_posix_qinfo in smb2_compound_op()
    9b02c5c4147f bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim
    4bb55e430d82 bpf: export bpf_link_inc_not_zero.
    39959a7d3efe xen/acpi-processor: fix _CST detection using undersized evaluation buffer
    8babb2714033 net/rds: Fix circular locking dependency in rds_tcp_tune
    11fc15378e87 indirect_call_wrapper: do not reevaluate function pointer
    7ae7b093b7db wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()
    a6605f619131 wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
    aca4c9e4901b wifi: wlcore: Fix a locking bug
    78bb63bbabb3 wifi: cw1200: Fix locking in error paths
    3bf4ee25f051 octeon_ep: avoid compiler and IQ/OQ reordering
    4818b80d20de octeon_ep: Relocate counter updates before NAPI
    5c262bd0e393 bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded
    f8db044a0a47 net: dsa: realtek: rtl8365mb: fix rtl8365mb_phy_ocp_write return value
    14cecde3eb07 kunit: tool: copy caller args in run_kernel to prevent mutation
    eb5632fae6a3 rust: kunit: fix warning when !CONFIG_PRINTK
    b73832292cd9 can: mcp251x: fix deadlock in error path of mcp251x_open
    70e951afad4c can: bcm: fix locking for bcm_op runtime updates
    b4d1e6d27f93 amd-xgbe: fix MAC_TCR_SS register width for 2.5G and 10M speeds
    622062f24644 atm: lec: fix null-ptr-deref in lec_arp_clear_vccs
    c7becfe3e604 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
    420bc92cc966 dpaa2-switch: do not clear any interrupts automatically
    fb64be8e20dc xsk: Fix zero-copy AF_XDP fragment drop
    5172adf9efb8 xsk: Fix fragment node deletion to prevent buffer leak
    eb66c67b0847 xsk: s/free_list_node/list_node/
    560c974b7ccd xsk: Get rid of xdp_buff_xsk::xskb_list_node
    4e58b99c3c33 net: ethernet: ti: am65-cpsw-nuss/cpsw-ale: Fix multicast entry handling in ALE table
    391396b5052d drm/solomon: Fix page start when updating rectangle in page addressing mode
    352d940bcdbd drm/ssd130x: Replace .page_height field in device info with a constant
    3327bb9d474d drm/ssd130x: Store the HW buffer in the driver-private CRTC state
    be3079b7a328 drm/ssd130x: Use bool for ssd130x_deviceinfo flags
    9328cc4e511c e1000e: clear DPG_EN after reset to avoid autonomous power-gating
    337ecf555a4b hwmon: (it87) Check the it87_lock() return value
    95b14ecc5688 pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe()
    cc06e3f73390 platform/x86: thinkpad_acpi: Fix errors reading battery thresholds
    896449ad9053 pinctrl: equilibrium: fix warning trace on load
    27fad3a507d6 pinctrl: equilibrium: rename irq_chip function callbacks
    70cde1f24ffb hwmon: (aht10) Fix initialization commands for AHT20
    166678027ad4 hwmon: (aht10) Add support for dht20
    cc7f6f0a2666 ARM: clean up the memset64() C wrapper
    ec312cb9bd97 selftests: mptcp: join: check removing signal+subflow endp
    047de213219d selftests: mptcp: more stable simult_flows tests
    7c01b680beaf scsi: core: Fix refcount leak for tagset_refcnt
    3990f352bb0a smb: client: Don't log plaintext credentials in cifs_set_cifscreds
    f65c92e81cb4 smb: client: fix broken multichannel with krb5+signing
    874c47503e0f smb: client: fix cifs_pick_channel when channels are equally loaded
    6f1d1614f841 drbd: fix null-pointer dereference on local read error
    e91d8d6565b7 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()
    6b847d65f5b0 Squashfs: check metadata block offset is within range
    e8ef82cb6443 scsi: target: Fix recursive locking in __configfs_open_file()
    7dbffffd5761 net/sched: ets: fix divide by zero in the offload path
    1b1fac4c7a3a RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
    d0148965dbca IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
    22a9adea7e26 wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame()
    650981e718e6 wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration
    fa18639deab4 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
    129c8bb320a7 wifi: radiotap: reject radiotap with unknown bits
    a0c6ae2ea845 ALSA: usb-audio: Use correct version for UAC3 header validation
    cf48c2d1db3a platform/x86: dell-wmi: Add audio/mic mute key codes
    411ba3cd837f platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data
    6a25e2527928 x86/efi: defer freeing of boot services memory
    6e330889e6c8 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them
    888f164453f2 can: usb: f81604: handle bulk write errors properly
    9b740ff5bc64 can: usb: f81604: handle short interrupt urb messages properly
    f6e90c113c92 can: usb: etas_es58x: correctly anchor the urb in the read bulk callback
    13b646eec3ba can: ucan: Fix infinite loop from zero-length messages
    54ee74307165 can: usb: f81604: correctly anchor the urb in the read bulk callback
    1818974e1b5e can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message
    7f8505c7ce3f net: usb: pegasus: validate USB endpoints
    12c0243de0ae net: usb: kalmia: validate USB endpoints
    72f90f481c6a net: usb: kaweth: validate USB endpoints
    d1f6d20b3c26 nfc: pn533: properly drop the usb interface reference on disconnect
    af050ab44fa1 media: dvb-core: fix wrong reinitialization of ringbuffer on reopen
    5f8463e43720 eventpoll: Fix integer overflow in ep_loop_check_proc()
    1b3ae721257e drm/amdgpu: keep vga memory on MacBooks with switchable graphics
    aa7f9ef72eae drm/amd: Drop special case for yellow carp without discovery
    4b4eee6d0c00 net: arcnet: com20020-pci: fix support for 2.5Mbit cards
    efc159492b5c ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314
    f3cb23e1fcf3 hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race
    020bfaac6cb4 ALSA: hda/conexant: Add quirk for HP ZBook Studio G4
    c676ab65519c drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected()
    d637f6ec149f usb: cdns3: fix role switching during resume
    3de5fd27af5b usb: cdns3: call cdns_power_is_lost() only once in cdns_resume()
    3097fb95e244 usb: cdns3: remove redundant if branch
    7b900a94d716 clk: tegra: tegra124-emc: fix device leak on set_rate()
    8acf534d5a58 arm64: dts: rockchip: Fix rk356x PCIe range mappings
    3469112edc5c mfd: omap-usb-host: Fix OF populate on driver rebind
    1d4ea57730bf mfd: omap-usb-host: Convert to platform remove callback returning void
    59b76ae68764 mfd: qcom-pm8xxx: Fix OF populate on driver rebind
    a97ff3b70ff5 mfd: qcom-pm8xxx: Convert to platform remove callback returning void
    57e83bfbe1e4 ext4: fix e4b bitmap inconsistency reports
    e33256b2f927 ext4: convert bd_buddy_page to bd_buddy_folio
    ccab2af6c19f ext4: convert bd_bitmap_page to bd_bitmap_folio
    ceee57fd7207 ext4: delete redundant calculations in ext4_mb_get_buddy_page_lock()
    31c4c67dec33 mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate()
    c42ffd816c0f mailbox: Allow controller specific mapping using fwnode
    cfdb216691ec mailbox: Use guard/scoped_guard for con_mutex
    bef5ecf09d70 mailbox: Use dev_err when there is error
    5e99cbdfcd15 mailbox: remove unused header files
    235359afbe0a mailbox: sort headers alphabetically
    97b60acdca6f mailbox: don't protect of_parse_phandle_with_args with con_mutex
    49ada773c180 mailbox: Use of_property_match_string() instead of open-coding
    dc7c9b9d03a5 ext4: drop extent cache when splitting extent fails
    f0931a5c1700 ext4: drop extent cache after doing PARTIAL_VALID1 zeroout
    67cdb7bd7442 ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O
    11406eb96a19 ext4: correct the comments place for EXT4_EXT_MAY_ZEROOUT
    ed0096fc86b2 ext4: get rid of ppath in ext4_ext_handle_unwritten_extents()
    d7b04ea31c6e ext4: get rid of ppath in ext4_ext_convert_to_initialized()
    c24ce099bea9 ext4: get rid of ppath in ext4_convert_unwritten_extents_endio()
    147a6a2725b1 ext4: get rid of ppath in ext4_split_convert_extents()
    cda8a34348d7 ext4: get rid of ppath in ext4_split_extent()
    58ddae5d77b1 ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1
    e766534911b3 ext4: subdivide EXT4_EXT_DATA_VALID1
    ffb68fc57207 ext4: get rid of ppath in ext4_split_extent_at()
    fb138df7d886 ext4: get rid of ppath in ext4_ext_insert_extent()
    8f6e910852d8 ext4: get rid of ppath in ext4_ext_create_new_leaf()
    cafb151eb180 ext4: get rid of ppath in ext4_find_extent()
    a4a7024448ab bus: omap-ocp2scp: fix OF populate on driver rebind
    e4be2bd01a76 bus: omap-ocp2scp: Convert to platform remove callback returning void
    43bb0a265b26 drm/tegra: dsi: fix device leak on probe
    ec3be7dc9391 KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block()
    5e8bf325ed12 KVM: x86: WARN if a vCPU gets a valid wakeup that KVM can't yet inject
    ca921be7a117 media: tegra-video: Fix memory leak in __tegra_channel_try_format()
    7a9c901edcaf media: tegra-video: Use accessors for pad config 'try_*' fields
    32a1889f7bb0 KVM: x86: Return "unsupported" instead of "invalid" on access to unsupported PV MSR
    469a8a038d8b KVM: x86: Rename KVM_MSR_RET_INVALID to KVM_MSR_RET_UNSUPPORTED
    626ccc6daa7a KVM: x86: Fix KVM_GET_MSRS stack info leak
    fa0e278a1230 PCI: Use resource_set_range() that correctly sets ->end
    ffe8617e2e5b resource: Add resource set range and size helpers
    fffdb0fece19 PCI: Use resource names in PCI log messages
    bc440d87e655 PCI: Update BAR # and window messages
    b9eccd59697f memory: mtk-smi: fix device leak on larb probe
    b16599fedf49 memory: mtk-smi: fix device leaks on common probe
    646ac65db6c1 memory: mtk-smi: Convert to platform remove callback returning void
    5f5997339cf0 PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value
    8a95fb9df110 bpf: Fix stack-out-of-bounds write in devmap
    dfe079bb6ab3 btrfs: fix compat mask in error messages in btrfs_check_features()
    a1b82706c233 btrfs: fix warning in scrub_verify_one_metadata()
    6eac621b2deb btrfs: fix objectid value in error message in check_extent_data_ref()
    ad567ccfd90c btrfs: fix incorrect key offset in error message in check_dev_extent_item()
    ab69bf6f8970 btrfs: add support for inserting raid stripe extents
    cbca08a23773 btrfs: read raid stripe tree from disk
    fff272a83847 btrfs: add raid stripe tree definitions
    9895ddc5efec btrfs: move btrfs_extref_hash into inode-item.h
    d928f8aec88d btrfs: remove btrfs_crc32c wrapper
    971658d3932b btrfs: move btrfs_crc32c_final into free-space-cache.c
    37fc52528383 ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put()
    996d43a72d11 ALSA: pci: hda: use snd_kcontrol_chip()
    4f8d58123378 perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
    949e15a8dbde ALSA: usb-audio: Use inclusive terms
    6ec99e9c90f4 ALSA: usb-audio: Cap the packet size pre-calculations
    133c3f3dde72 scsi: ufs: core: Move link recovery for hibern8 exit failure to wl_resume
    0990188985f5 rseq: Clarify rseq registration rseq_size bound check comment
    7b2c39f7bada ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices
    8b00427317ba scsi: pm8001: Fix use-after-free in pm8001_queue_command()
    be4c63507aca scsi: lpfc: Properly set WC for DPP mapping
    2edbd1733091 irqchip/sifive-plic: Fix frozen interrupt due to affinity setting
    0bd326dffd9e drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()
    7e55d0788b36 drm/vmwgfx: Return the correct value in vmw_translate_ptr functions
    2106a0153b5d drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../linux/linux-yocto-rt_6.6.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.6.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 8250679ed0f..ae78c91f64c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "8751b899ea5af349e8570e8985365290efa5e7d6"
-SRCREV_meta ?= "fdd48963e673d657f0df21b4b1fb6b18dbaa96bc"
+SRCREV_machine ?= "aa09ac001c2f96bd4ba32ba47e84e02db0f6ceed"
+SRCREV_meta ?= "a5d680f4986edab4c2c4636c0dc80ca559fc70ef"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.129"
+LINUX_VERSION ?= "6.6.130"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index bd4a10b5640..0bc45ffd642 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.129"
+LINUX_VERSION ?= "6.6.130"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "d82c6cc64c037058c6bfd630f2d2604a38684c7d"
-SRCREV_meta ?= "fdd48963e673d657f0df21b4b1fb6b18dbaa96bc"
+SRCREV_machine ?= "2bf97eeefd96e27a2195cb4757c13110e92afcc6"
+SRCREV_meta ?= "a5d680f4986edab4c2c4636c0dc80ca559fc70ef"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 58a72979c53..ce599405446 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "539bf858552c12417a449646d0cad5e53e038aa0"
-SRCREV_machine:qemuarm64 ?= "e4153b3c5bff6c503990c35826d84a034d2d7a33"
-SRCREV_machine:qemuloongarch64 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
-SRCREV_machine:qemumips ?= "d5da07b097555f20280b2484da875c93f1494d48"
-SRCREV_machine:qemuppc ?= "9434ddc68ebc90e9336d4cc6f642aa82c0da023c"
-SRCREV_machine:qemuriscv64 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
-SRCREV_machine:qemuriscv32 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
-SRCREV_machine:qemux86 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
-SRCREV_machine:qemux86-64 ?= "3dbf485808fc7be82368f70f385fead9735b5904"
-SRCREV_machine:qemumips64 ?= "e6f498c7aa6909c17b90b50267d1577ddc19c0d6"
-SRCREV_machine ?= "3dbf485808fc7be82368f70f385fead9735b5904"
-SRCREV_meta ?= "fdd48963e673d657f0df21b4b1fb6b18dbaa96bc"
+SRCREV_machine:qemuarm ?= "b4e8a23613e117b5803dae49e8d4d562c37bd8a3"
+SRCREV_machine:qemuarm64 ?= "236dabe34ed663918803f17cbda90a1d6ac39922"
+SRCREV_machine:qemuloongarch64 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
+SRCREV_machine:qemumips ?= "8022cb3ada420a7a3508dcd0a00e7367a0b08e52"
+SRCREV_machine:qemuppc ?= "77817988bcc71ba230e44d14e2d1c66837543dc9"
+SRCREV_machine:qemuriscv64 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
+SRCREV_machine:qemuriscv32 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
+SRCREV_machine:qemux86 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
+SRCREV_machine:qemux86-64 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
+SRCREV_machine:qemumips64 ?= "7ffb3cfb496703be3c0951bf54eb6ce69fdd1a1e"
+SRCREV_machine ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
+SRCREV_meta ?= "a5d680f4986edab4c2c4636c0dc80ca559fc70ef"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "4fc00fe35d46b4fc8dac2eb543a0e3d44bb15f47"
+SRCREV_machine:class-devupstream ?= "c09fbcd31ae6d71e7c69545839bec92d8e15c13b"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.129"
+LINUX_VERSION ?= "6.6.130"
 
 PV = "${LINUX_VERSION}+git"
 

[OE-core][scarthgap 21/30] linux-yocto/6.6: update to v6.6.132

[Yoann Congal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:

    08667c1437c07 Linux 6.6.132
    866c39b567bde Revert "rust: pin-init: add references to previously initialized fields"
    e7ccb57fe7164 Revert "rust: pin-init: internal: init: document load-bearing fact of field accessors"
    29242a6238213 Linux 6.6.131
    e10af36ac3f7b tcp: Fix bind() regression for v6-only wildcard and v4-mapped-v6 non-wildcard addresses.
    de7c0c04ad868 futex: Clear stale exiting pointer in futex_lock_pi() retry path
    37cf97e37498a dmaengine: idxd: Fix freeing the allocated ida too late
    509ff03a3f188 dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API
    e3387416ad6b2 btrfs: fix lost error when running device stats on multiple devices fs
    94054ffd311a1 btrfs: fix leak of kobject name for sub-group space_info
    1ddab07bf2ed5 btrfs: fix super block offset in error message in btrfs_validate_super()
    5a0538380d29e dmaengine: xilinx_dma: Fix reset related timeout with two-channel AXIDMA
    ab4a8624b999a dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction
    26271695302c8 dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA
    a3142cc1581a5 dmaengine: xilinx: xilinx_dma: Fix dma_device directions
    4b6e1da50b22e dmaengine: xilinx: xdma: Fix regmap init error handling
    afc39537cddcb dmaengine: dw-edma: Fix multiple times setting of the CYCLE_STATE and CYCLE_BIT bits for HDMA.
    5893ae3b4591b phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types()
    54d77cc0c40ca dmaengine: idxd: Fix memory leak when a wq is reset
    2bb9e9e93adff dmaengine: idxd: Fix not releasing workqueue on .release()
    cfadf46a67b68 erofs: fix "BUG: Bad page state in z_erofs_do_read_page"
    75669e987137f xfs: save ailp before dropping the AIL lock in push callbacks
    7121b22b0bac8 xfs: avoid dereferencing log items after push callbacks
    aba546061341b mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]
    2efbc838a26d3 nvme: fix admin queue leak on controller reset
    5a1e865e51063 xattr: switch to CLASS(fd)
    bb42e9627aa92 libbpf: Fix -Wdiscarded-qualifiers under C23
    4913592a3358f gfs2: Fix unlikely race in gdlm_put_lock
    8c93e73af8563 mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode
    8cdc84415a4d2 mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode
    0890fba6129dc rust: pin-init: internal: init: document load-bearing fact of field accessors
    c28fc9b0dbc7a rust: pin-init: add references to previously initialized fields
    ef41a85a55022 tracing: Fix potential deadlock in cpu hotplug with osnoise
    5a9f33294cc04 tracing: Switch trace_osnoise.c code over to use guard() and __free()
    c9b95ef6f5039 ksmbd: fix memory leaks and NULL deref in smb2_lock()
    9e785f004cbc5 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()
    d3c4458707e70 powerpc64/bpf: do not increment tailcall count when prog is NULL
    d419788a834f7 arm64: dts: imx8mn-tqma8mqnl: fix LDO5 power off
    1c82f863f090a ext4: always drain queued discard work in ext4_mb_release()
    ca99cbcc316cd ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths
    c84c0272e0b66 ext4: fix the might_sleep() warnings in kvfree()
    9449f99ba04f5 ext4: fix use-after-free in update_super_work when racing with umount
    b77de3fceafbb ext4: reject mount if bigalloc with s_first_data_block != 0
    2d31a5073f86a ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()
    ecc50bfca9b5c ext4: avoid infinite loops caused by residual data
    65c6c30ce6362 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio
    df3cecfc5036f ext4: make recently_deleted() properly work with lazy itable initialization
    2b7bf66a09873 ext4: fix fsync(2) for nojournal mode
    850e68a1d3b06 ext4: fix stale xarray tags after writeback
    699bac4d4c951 ext4: convert inline data to extents when truncate exceeds inline size
    17c21b951e87c ext4: fix journal credit check when setting fscrypt context
    813f372a3b8aa xfs: fix ri_total validation in xlog_recover_attri_commit_pass2
    d38135af04a3a xfs: stop reclaim before pushing AIL during unmount
    f458dceaa6a35 LoongArch: Workaround LS2K/LS7A GPU DMA hang bug
    ebf6860ef7093 dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock
    79c4796b2711e dmaengine: sh: rz-dmac: Protect the driver specific lists
    75552b2c17124 irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment
    d536a00f1b451 jbd2: gracefully abort on checkpointing state corruptions
    fd28c56186991 KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE
    78c8b090a3d5c net: macb: Use dev_consume_skb_any() to free TX SKBs
    d20d3eedbd04e scsi: ses: Handle positive SCSI error from ses_recv_diag()
    4ed727e35b0ab scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()
    c9e137c26cd45 alarmtimer: Fix argument order in alarm_timer_forward()
    5c8ecdcfbfb0b erofs: add GFP_NOIO in the bio completion if needed
    a58d298a83a3a s390/entry: Scrub r12 register on kernel entry
    fedd2e1630cac virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false
    1a0d9083c24fb media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex
    ebdd28353b958 hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible()
    7c0666a26b290 hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature
    844a18493173f hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes
    d4f4364974460 KVM: arm64: Discard PC update state on vcpu reset
    501559fbe2097 platform/x86: ISST: Correct locked bit width
    2e2c7a6b2958e cpufreq: conservative: Reset requested_freq on limits change
    cb3d6efa78460 can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
    54ecdf76a55e7 can: gw: fix OOB heap access in cgw_csum_crc8_rel()
    9e7f353710f85 ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload
    a2842de6856a7 ALSA: firewire-lib: fix uninitialized local variable
    6fafc4c4238e5 ksmbd: do not expire session on binding failure
    358cdaa1f7fbf ksmbd: fix potencial OOB in get_file_all_info() for compound requests
    c3a89e3ec1ccf ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()
    a11911d94c032 s390/barrier: Make array_index_mask_nospec() __always_inline
    7a5260fbc6e79 s390/syscalls: Add spectre boundary for syscall dispatch table
    adb25339b6611 spi: spi-fsl-lpspi: fix teardown order issue (UAF)
    ffd860907d0cb ASoC: adau1372: Fix clock leak on PLL lock failure
    94577b2e936f0 ASoC: adau1372: Fix unchecked clk_prepare_enable() return value
    227b7e14ae408 sysctl: fix uninitialized variable in proc_do_large_bitmap
    6ec394998c42a hwmon: (adm1177) fix sysfs ABI violation and current unit conversion
    e23602eb07797 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
    9c886e63b6965 ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()
    d997deaa7de36 ASoC: Intel: catpt: Fix the device initialization
    9014a30df4365 spi: sn-f-ospi: Fix resource leak in f_ospi_probe()
    b5f87d8493f54 PM: hibernate: Drain trailing zero pages on userspace restore
    8dda015822771 PM: hibernate: Don't ignore return from set_memory_ro()
    6a492d10c2f88 drm/i915/gmbus: fix spurious timeout on 512-byte burst reads
    daf1396e8f42a x86/efi: efi_unmap_boot_services: fix calculation of ranges_to_free size
    8212295549e47 scsi: scsi_transport_sas: Fix the maximum channel scanning issue
    ad5085d7ef1c5 RDMA/irdma: Return EINVAL for invalid arp index error
    acb060bc2609c RDMA/irdma: Fix deadlock during netdev reset with active connections
    45897c22a93ec RDMA/irdma: Remove reset check from irdma_modify_qp_to_err()
    2175c64d27e27 RDMA/irdma: Clean up unnecessary dereference of event->cm_node
    18386d84d2ad3 RDMA/irdma: Remove a NOP wait_event() in irdma_modify_qp_roce()
    d783393d2122b RDMA/irdma: Update ibqp state to error if QP is already in error state
    af310407f79d5 RDMA/irdma: Initialize free_qp completion before using it
    e82f2775b50cc RDMA/rw: Fall back to direct SGE on MR pool exhaustion
    96c60fb6896e6 regmap: Synchronize cache for the page selector
    9524634194516 net: macb: use the current queue number for stats
    fcec5ce2d73a4 netfilter: ctnetlink: use netlink policy range checks
    fe463e76c9b4b netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp
    168145c874446 netfilter: nf_conntrack_expect: skip expectations in other netns via proc
    c6a503a9f4deb netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()
    a8365d1064ded netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD
    2dcf324855c34 tls: Purge async_hold in tls_decrypt_async_wait()
    6fba3c3d48c92 Bluetooth: btusb: clamp SCO altsetting table indices
    52667c859fe33 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
    5f84e845648df Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
    8d83194e8a880 Bluetooth: hci_sync: Remove remaining dependencies of hci_request
    0ee469ba7c58c Bluetooth: Remove 3 repeated macro definitions
    50c1e5fc7c444 Bluetooth: L2CAP: Fix send LE flow credits in ACL link
    acfb29f82223e dma-mapping: add missing `inline` for `dma_free_attrs`
    47d5f290fab3c net: enetc: fix the output issue of 'ethtool --show-ring'
    2297e38114316 udp: Fix wildcard bind conflict check when using hash2
    5b5af243e566b tcp: optimize inet_use_bhash2_on_bind()
    79a5c9344eaaf tcp: Rearrange tests in inet_csk_bind_conflict().
    34f5fe33e43bc tcp: Use bhash2 for v4-mapped-v6 non-wildcard address.
    654386baef228 net: fix fanout UAF in packet_release() via NETDEV_UP race
    a8ec35bb7b503 ipv6: Don't remove permanent routes with exceptions from tb6_gc_hlist.
    9241d441feb40 ipv6: Remove permanent routes from tb6_gc_hlist when all exceptions expire.
    6ae421f59bf80 ice: use ice_update_eth_stats() for representor stats
    0677d6bf6e853 platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen
    b04420f5b9315 rtnetlink: count IFLA_INFO_SLAVE_KIND in if_nlmsg_size
    81acbd345d405 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
    c1f97152df8df openvswitch: validate MPLS set/set_masked payload length
    42f0d3d812096 openvswitch: defer tunnel netdev_put to RCU release
    4c3e25a7b711a net: openvswitch: Avoid releasing netdev before teardown completes
    eb435d150ca74 nfc: nci: fix circular locking dependency in nci_close_device
    cfd863d4a3f2e ionic: fix persistent MAC address override on PF
    a4fd36bb000db pinctrl: mediatek: common: Fix probe failure for devices without EINT
    a04a760c06bb5 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
    28904375d54b4 Bluetooth: hci_ll: Fix firmware leak on error path
    45aaca995e4a7 Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold
    477ad49760720 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()
    a4bda464c0deb can: statistics: add missing atomic access in hot path
    d6923498e972b dma: swiotlb: add KMSAN annotations to swiotlb_bounce()
    d3225e6b9bd51 af_key: validate families in pfkey_send_migrate()
    6a3ec6efbc4f9 esp: fix skb leak with espintcp and async crypto
    e17b0106447ed xfrm: Fix the usage of skb->sk
    86f130cf52504 xfrm: call xdo_dev_state_delete during state update
    7aac2b997e614 spi: intel-pci: Add support for Nova Lake mobile SPI flash
    56bc8de780720 usb: core: new quirk to handle devices with zero configurations
    1eed0199dbf41 objtool: Handle Clang RSP musical chairs
    006ce15577e76 ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390
    f264d4e3a9261 ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk
    c57276ced3c32 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
    2635d0c715f3f HID: apple: avoid memory leak in apple_report_fixup()
    d9365789a6fd7 dma-buf: Include ioctl.h in UAPI header
    9d43a897a9122 ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits()
    cb4954fc2520d ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg()
    082f15d288732 module: Fix kernel panic when a symbol st_shndx is out of bounds
    f18c38cb24c9c HID: asus: add xg mobile 2023 external hardware support
    4d36b7ad2c18b HID: mcp2221: cancel last I2C command on read error
    952e41b0f9238 net: usb: r8152: add TRENDnet TUC-ET2G
    7edfe4346b052 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
    eac08882569bc HID: magicmouse: fix battery reporting for Apple Magic Trackpad 2
    6f12734c4b619 nvme-pci: ensure we're polling a polled queue
    50063c576c6ed platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10
    0ab508ace30c7 platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1
    94cfabcf28209 nvme-fabrics: use kfree_sensitive() for DHCHAP secrets
    c69b5dd587f6f nvme-pci: cap queue creation to used queues
    79dc4ced3bb62 platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list
    f20f17cffbe34 HID: asus: avoid memory leak in asus_report_fixup()
    694ea55f1b1c7 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
    d47bba0cfdd4c bpf: Release module BTF IDR before module unload
    0f46fd10de29e sh: platform_early: remove pdev->driver_override check
    0af982240b8f4 hwmon: axi-fan: don't use driver_override as IRQ name
    e73121faf530e hwmon: (axi-fan-control) Make use of dev_err_probe()
    50fe5fbf98290 hwmon: (axi-fan-control) Use device firmware agnostic API
    bd738f986f6a0 cxl/hdm: Avoid incorrect DVSEC fallback when HDM decoders are enabled
    656f35b463995 perf: Make sure to use pmu_ctx->pmu for groups
    79cda13757901 perf: Extract a few helpers

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../linux/linux-yocto-rt_6.6.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.6.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index ae78c91f64c..c58279873e6 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "aa09ac001c2f96bd4ba32ba47e84e02db0f6ceed"
-SRCREV_meta ?= "a5d680f4986edab4c2c4636c0dc80ca559fc70ef"
+SRCREV_machine ?= "a6a88382093932d5f963f38334035221c0b8344e"
+SRCREV_meta ?= "8cfac9f000ccc138d1a11ed500406c4394d803d6"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.130"
+LINUX_VERSION ?= "6.6.132"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 0bc45ffd642..58fd5a57b84 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.130"
+LINUX_VERSION ?= "6.6.132"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "2bf97eeefd96e27a2195cb4757c13110e92afcc6"
-SRCREV_meta ?= "a5d680f4986edab4c2c4636c0dc80ca559fc70ef"
+SRCREV_machine ?= "ff381816e34f3ed488248a69843227160f7ede06"
+SRCREV_meta ?= "8cfac9f000ccc138d1a11ed500406c4394d803d6"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index ce599405446..633abb36ddb 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "b4e8a23613e117b5803dae49e8d4d562c37bd8a3"
-SRCREV_machine:qemuarm64 ?= "236dabe34ed663918803f17cbda90a1d6ac39922"
-SRCREV_machine:qemuloongarch64 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
-SRCREV_machine:qemumips ?= "8022cb3ada420a7a3508dcd0a00e7367a0b08e52"
-SRCREV_machine:qemuppc ?= "77817988bcc71ba230e44d14e2d1c66837543dc9"
-SRCREV_machine:qemuriscv64 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
-SRCREV_machine:qemuriscv32 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
-SRCREV_machine:qemux86 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
-SRCREV_machine:qemux86-64 ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
-SRCREV_machine:qemumips64 ?= "7ffb3cfb496703be3c0951bf54eb6ce69fdd1a1e"
-SRCREV_machine ?= "cc107ef0945033f98a169bf1294dad3b574bfc60"
-SRCREV_meta ?= "a5d680f4986edab4c2c4636c0dc80ca559fc70ef"
+SRCREV_machine:qemuarm ?= "ecff059b6885829e70f8a0fa96956e330b3dc8a4"
+SRCREV_machine:qemuarm64 ?= "a2808cd3d14323f1be06f83c084f7ccc19346305"
+SRCREV_machine:qemuloongarch64 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
+SRCREV_machine:qemumips ?= "e785bf4e3c24d0f6a02c1c12c4b636eaaa539f19"
+SRCREV_machine:qemuppc ?= "f1e47cb079d5fa8a5f22f795bd4130dc001babab"
+SRCREV_machine:qemuriscv64 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
+SRCREV_machine:qemuriscv32 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
+SRCREV_machine:qemux86 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
+SRCREV_machine:qemux86-64 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
+SRCREV_machine:qemumips64 ?= "6357451678385be03d1f7d60d0f8868aa7514418"
+SRCREV_machine ?= "81aa29cd11159e96623449efb43a609e1a814c87"
+SRCREV_meta ?= "8cfac9f000ccc138d1a11ed500406c4394d803d6"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "c09fbcd31ae6d71e7c69545839bec92d8e15c13b"
+SRCREV_machine:class-devupstream ?= "08667c1437c07ce2e5d323165031ae152d6f061a"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.130"
+LINUX_VERSION ?= "6.6.132"
 
 PV = "${LINUX_VERSION}+git"
 

[OE-core][scarthgap 22/30] linux-yocto/6.6: update to v6.6.134

[Yoann Congal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:

    8cee53b8eaeb5 Linux 6.6.134
    6b63a54a790a6 net: sfp: Fix Ubiquiti U-Fiber Instant SFP module on mvneta
    79bc854d44f9f MPTCP: fix lock class name family in pm_nl_create_listen_socket
    83170a05908b6 ext4: handle wraparound when searching for blocks for indirect mapped blocks
    a070d5a872ffe ext4: publish jinode after initialization
    e2316c5d759d3 dmaengine: fsl-edma: fix channel parameter config for fixed channel requests
    72c0f5de91098 dmaengine: fsl-edma: change to guard(mutex) within fsl_edma3_xlate()
    892ba47ef7140 x86/cpu: Enable FSGSBASE early in cpu_init_exception_handling()
    7ddcf4a245c1c mm/huge_memory: fix folio isn't locked in softleaf_to_folio()
    15f5241d5a523 scsi: target: tcm_loop: Drain commands in target_reset handler
    d88541ffd56d6 net: mana: fix use-after-free in add_adev() error path
    ed71cf465c75f net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback
    a2d3c892115e1 net: macb: Move devm_{free,request}_irq() out of spin lock area
    9e7d5b7581ce1 iio: imu: inv_icm42600: fix odr switch when turning buffer off
    d1e3aa80e6e04 wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free
    c6da4fed7537a usb: gadget: f_uac1_legacy: validate control request size
    cb5316b37288a usb: gadget: f_rndis: Protect RNDIS options with mutex
    75776a055b656 usb: gadget: f_subset: Fix unbalanced refcnt in geth_free
    c78e463ee134b usb: gadget: uvc: fix NULL pointer dereference during unbind race
    f6813c2b2ae78 usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop
    3db70e16fccb4 LoongArch: vDSO: Emit GNU_EH_FRAME correctly
    cddea0c721106 gfs2: Validate i_depth for exhash directories
    514784b8951e7 gfs2: Improve gfs2_consist_inode() usage
    3a9fd45afadec btrfs: do not free data reservation in fallback from inline due to -ENOSPC
    681377e4e229d btrfs: fix the qgroup data free range for inline data extents
    f5b469a84400a usb: gadget: dummy_hcd: fix premature URB completion when ZLP follows partial transfer
    5aa776c8615be USB: dummy-hcd: Fix interrupt synchronization error
    791966f85b439 USB: dummy-hcd: Fix locking/synchronization error
    2516336e825fc thunderbolt: Fix property read in nhi_wake_supported()
    4b8e527aca357 misc: fastrpc: possible double-free of cctx->remote_heap
    9e796001af97a thermal: core: Fix thermal zone device registration error path
    e208c45c63258 gpio: mxc: map Both Edge pad wakeup to Rising Edge
    da39ee627fd82 cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path
    8a71911fc7eee net: ftgmac100: fix ring allocation unwind on open failure
    602596c69a70e vxlan: validate ND option lengths in vxlan_na_create
    28a371be901ef counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member
    885aa739a07ab counter: rz-mtu3-cnt: prevent counter from being toggled multiple times
    6cea34d7ec682 netfilter: ipset: drop logically empty buckets in mtype_del
    aca0938d0bb44 nvmem: imx: assign nvmem_cell_info::raw_len
    eeb496e82b916 dt-bindings: connector: add pd-disable dependency
    1603dd471f477 comedi: me4000: Fix potential overrun of firmware buffer
    c16ac4e173a05 comedi: me_daq: Fix potential overrun of firmware buffer
    f517646e008fe comedi: ni_atmio16d: Fix invalid clean-up after failed attach
    c01bcc67a9a69 comedi: Reinit dev->spinlock between attachments to low-level drivers
    d5d9df8b08d68 comedi: dt2815: add hardware detection to prevent crash
    787c21d2cc13b cdc-acm: new quirk for EPSON HMD
    e0bfd6d4dc77a bridge: br_nd_send: validate ND option lengths
    2e5cbab8ccbfc fork: defer linking file vma until vma is fully initialized
    13e8e5bd99849 vfio/pci: Insert full vma on mmap'd MMIO fault
    1a0a115843ec4 vfio/pci: Use unmap_mapping_range()
    764438b5c5d15 vfio: Create vfio_fs_type with inode per device
    cfca84f5986af usb: cdns3: gadget: fix state inconsistency on gadget init failure
    9ab9b0e5fcdac usb: cdns3: gadget: fix NULL pointer dereference in ep_queue
    beab10429439e usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop()
    af1e68c43ed88 usb: ehci-brcm: fix sleep during atomic
    95e09b07e5029 usb: usbtmc: Flush anchored URBs in usbtmc_release
    aaeae6533d77e usb: ulpi: fix double free in ulpi_register_interface() error path
    a6f374ba81dde usb: quirks: add DELAY_INIT quirk for another Silicon Motion flash drive
    1f83e4f8509aa iio: gyro: mpu3050: Fix out-of-sequence free_irq()
    2a4537653d200 iio: gyro: mpu3050: Move iio_device_register() to correct location
    8f237c408f300 iio: gyro: mpu3050: Fix irq resource leak
    a09171d3f23e1 iio: gyro: mpu3050: Fix incorrect free_irq() variable
    4cda5db84e917 iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only
    11aaba2824a14 iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin()
    dae6048cb63fe iio: light: vcnl4035: fix scan buffer on big-endian
    13f4f2d046661 iio: dac: ad5770r: fix error return in ad5770r_read_raw()
    97d908087e85c iio: accel: fix ADXL355 temperature signature value
    81b90c03dd65f Input: xpad - add support for Razer Wolverine V3 Pro
    6260b66c005fa Input: xpad - add support for BETOP BTP-KP50B/C controller's wireless mode
    92b1a92857002 Input: i8042 - add TUXEDO InfinityBook Max 16 Gen10 AMD to i8042 quirk table
    a6d5d972460ca Input: synaptics-rmi4 - fix a locking bug in an error path
    fa64aab25aba4 iio: adc: ti-adc161s626: use DMA-safe memory for spi_read()
    624e292e74769 USB: core: add NO_LPM quirk for Razer Kiyo Pro webcam
    619d8d1cc4688 USB: serial: option: add support for Rolling Wireless RW135R-GL
    d3f78e9cd0bbe USB: serial: io_edgeport: add support for Blackbox IC135A
    beadc871ccf86 drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP
    32ac48642e71e drm/ast: dp501: Fix initialization of SCU2C
    7759f105e9c89 iio: adc: ti-adc161s626: fix buffer read on big-endian
    43fa022b56dcd mips: mm: Allocate tlb_vpn array atomically
    37ae8fadc74ed hwmon: (occ) Fix division by zero in occ_show_power_1()
    4c10f326f628e MIPS: Fix the GCC version check for `__multi3' workaround
    91649c02c1baa Bluetooth: SMP: force responder MITM requirements before building the pairing response
    b1c6a8e554a39 Bluetooth: SMP: derive legacy responder STK authentication from MITM state
    c8859675f1cf9 ALSA: ctxfi: Fix missing SPDIFI1 index handling
    a82c1bce2d129 ALSA: caiaq: fix stack out-of-bounds read in init_card
    2de70a6149e03 USB: serial: option: add MeiG Smart SRM825WN
    ffbed27ba15ef wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler()
    9907ac9b9a18b wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation
    489f2ef2b9088 drm/ioc32: stop speculation on the drm_compat_ioctl path
    0320474d92c69 riscv: kgdb: fix several debug register assignment bugs
    e01779a5c0283 mips: ralink: update CPU clock index
    649ceac79c831 hwmon: (occ) Fix missing newline in occ_show_extended()
    164a1b397da0c hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify()
    cb048be568a85 dt-bindings: gpio: fix microchip #interrupt-cells
    220f29e819244 hwmon: (pxe1610) Check return value of page-select write in probe
    2dd67966f39a2 accel/qaic: Handle DBC deactivation if the owner went away
    690509a2eea89 iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one
    8755066f7bd0f bpf: reject direct access to nullable PTR_TO_BUF pointers
    5e4ee5dbea134 ipv6: avoid overflows in ip6_datagram_send_ctl()
    36a5d17d7ddad net: hsr: fix VLAN add unwind on slave errors
    4a09f72007201 net/sched: cls_flow: fix NULL pointer dereference on shared blocks
    18328eff2f97d net/sched: cls_fw: fix NULL pointer dereference on shared blocks
    1734bd85c5e0a net/x25: Fix overflow when accumulating packets
    143d4fa68ae9e net/x25: Fix potential double free of skb
    1fc7fbac8b98f net/mlx5: Avoid "No data available" when FW version queries fail
    7129632cab3e4 net/mlx5: lag: Check for LAG device before creating debugfs
    e1f6f47d6e60d net: macb: properly unregister fixed rate clocks
    b3f799cdf830d net: macb: fix clk handling on PCI glue driver removal
    a14b568633486 net/sched: sch_netem: fix out-of-bounds access in packet corruption
    8d597e3e74027 bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready().
    6b0a8de67ac0c rds: ib: reject FRMR registration before IB connection is established
    244b639e6a3a8 Bluetooth: MGMT: validate mesh send advertising payload length
    5fb69e1eeea9d Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt
    f71695e81f4cb Bluetooth: MGMT: validate LTK enc_size on load
    adb90cd0f9f7a Bluetooth: SCO: fix race conditions in sco_sock_connect()
    2504ce3fc39ed Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate
    4b12a3cc3f075 netfilter: nf_tables: reject immediate NF_QUEUE verdict
    f00ac65c90ea4 netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP
    2ea0f35f235f7 netfilter: ctnetlink: ignore explicit helper on new expectations
    a76157a1eee5f netfilter: nf_conntrack_expect: store netns and zone in expectation
    e7ccaa0a62a8f netfilter: nf_conntrack_expect: use expect->helper
    d81c3205085b5 netfilter: nf_conntrack_expect: honor expectation helper field
    2898080c054ea netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent
    2cf2737c85a2b netfilter: nf_conntrack_helper: pass helper to expect cleanup
    1b842ade214b9 netfilter: ipset: use nla_strcmp for IPSET_ATTR_NAME attr
    c2d4a3abb15ca netfilter: x_tables: ensure names are nul-terminated
    607245c4dbb86 netfilter: nfnetlink_log: account for netlink header size
    5382bb03e9c33 netfilter: flowtable: strictly check for maximum number of actions
    6c7fbdb8ffde6 net: ipv6: flowlabel: defer exclusive option free until RCU teardown
    b99d82706bd15 bpf: Fix regsafe() for pointers to packet
    236b564165b49 net: xilinx: axienet: Correct BD length masks to match AXIDMA IP spec
    2c1fadd221b21 NFC: pn533: bound the UART receive buffer
    e35f5195cd44f net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak
    7d9f2f4aabd11 ipv6: prevent possible UaF in addrconf_permanent_addr()
    584d8648f859f ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure
    c56f78614e778 net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()
    658261898130d bridge: br_nd_send: linearize skb before parsing ND options
    a0c4ce9900a10 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
    3d5127d998de6 ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()
    c64dc67d70da6 tg3: Fix race for querying speed/duplex
    d1b041080086e net/ipv6: ioam6: prevent schema length wraparound in trace fill
    7f56d87e527bb net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak
    0fda873092b54 net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak
    3e52e1b121c28 net: fec: fix the PTP periodic output sysfs interface
    7cdf2c6381b21 crypto: af-alg - fix NULL pointer dereference in scatterwalk
    31022cfde5235 crypto: caam - fix overflow on long hmac keys
    a7ecf06d3ee06 crypto: caam - fix DMA corruption on long hmac keys
    4073217be3df0 wifi: ath11k: Pass the correct value of each TID during a stop AMPDU session
    18e28353074a3 wifi: ath11k: Use dma_alloc_noncoherent for rx_tid buffer allocation
    12322d8654cf9 wifi: ath11k: skip status ring entry processing
    90afe0af4452b dt-bindings: auxdisplay: ht16k33: Use unevaluatedProperties to fix common property warning
    ea553dfb630e1 spi: geni-qcom: Check DMA interrupts early in ISR
    295f8075d0044 btrfs: reject root items with drop_progress and zero drop_level
    b404e6b9863ea i2c: tegra: Don't mark devices with pins as IRQ safe
    c7a27bb4d0f65 HID: multitouch: Check to ensure report responses match the request
    e9126544fd779 objtool: Fix Clang jump table detection
    960159a9f8468 tg3: replace placeholder MAC address with device property
    c9fc98beeedf0 btrfs: don't take device_list_mutex when querying zone info
    b256d055da472 atm: lec: fix use-after-free in sock_def_readable()
    8bd690ac12423 HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq
    7b56b67776520 arm64/scs: Fix handling of advance_loc4
    80de0a9581338 Linux 6.6.133
    9a3a2ae5efbbc xattr: switch to CLASS(fd)
    16d41d32b7c76 Revert "xattr: switch to CLASS(fd)"

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../linux/linux-yocto-rt_6.6.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.6.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index c58279873e6..6440d0babbe 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "a6a88382093932d5f963f38334035221c0b8344e"
-SRCREV_meta ?= "8cfac9f000ccc138d1a11ed500406c4394d803d6"
+SRCREV_machine ?= "fda570bd42ccafdd93a2bc4eae0ab36a4084031e"
+SRCREV_meta ?= "888e60b42c251c492d6f41f154bb8c4eef5f8875"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.132"
+LINUX_VERSION ?= "6.6.134"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 58fd5a57b84..deb59431454 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.132"
+LINUX_VERSION ?= "6.6.134"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "ff381816e34f3ed488248a69843227160f7ede06"
-SRCREV_meta ?= "8cfac9f000ccc138d1a11ed500406c4394d803d6"
+SRCREV_machine ?= "990b12e4095890d00a1c42ee5643443f1491dc0e"
+SRCREV_meta ?= "888e60b42c251c492d6f41f154bb8c4eef5f8875"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 633abb36ddb..11efb351e97 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "ecff059b6885829e70f8a0fa96956e330b3dc8a4"
-SRCREV_machine:qemuarm64 ?= "a2808cd3d14323f1be06f83c084f7ccc19346305"
-SRCREV_machine:qemuloongarch64 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
-SRCREV_machine:qemumips ?= "e785bf4e3c24d0f6a02c1c12c4b636eaaa539f19"
-SRCREV_machine:qemuppc ?= "f1e47cb079d5fa8a5f22f795bd4130dc001babab"
-SRCREV_machine:qemuriscv64 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
-SRCREV_machine:qemuriscv32 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
-SRCREV_machine:qemux86 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
-SRCREV_machine:qemux86-64 ?= "81aa29cd11159e96623449efb43a609e1a814c87"
-SRCREV_machine:qemumips64 ?= "6357451678385be03d1f7d60d0f8868aa7514418"
-SRCREV_machine ?= "81aa29cd11159e96623449efb43a609e1a814c87"
-SRCREV_meta ?= "8cfac9f000ccc138d1a11ed500406c4394d803d6"
+SRCREV_machine:qemuarm ?= "55c82e0b84e8892add226263bb00dfaef810f487"
+SRCREV_machine:qemuarm64 ?= "c3b5dcdca64f2d9d5dfd9808b2ec4d1363ddc5c2"
+SRCREV_machine:qemuloongarch64 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
+SRCREV_machine:qemumips ?= "065d9d6fa1db8f762b740b0fac999e8d68b3afcf"
+SRCREV_machine:qemuppc ?= "dd0d7b2a25b1fc953887f6d32247c58b19f23e73"
+SRCREV_machine:qemuriscv64 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
+SRCREV_machine:qemuriscv32 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
+SRCREV_machine:qemux86 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
+SRCREV_machine:qemux86-64 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
+SRCREV_machine:qemumips64 ?= "5546a26cb003a61697b9c748e80c964188dbde1b"
+SRCREV_machine ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
+SRCREV_meta ?= "888e60b42c251c492d6f41f154bb8c4eef5f8875"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "08667c1437c07ce2e5d323165031ae152d6f061a"
+SRCREV_machine:class-devupstream ?= "8cee53b8eaeb5d1f7c97b7f2381653ed00ffc26b"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.132"
+LINUX_VERSION ?= "6.6.134"
 
 PV = "${LINUX_VERSION}+git"
 

[OE-core][scarthgap 23/30] linux-yocto/6.6: update to v6.6.135

[Yoann Congal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:

    9760bf04666d Linux 6.6.135
    53b86879e92b Revert "PCI: Enable ACS after configuring IOMMU for OF platforms"
    9853917f9edf rxrpc: Fix missing error checks for rxkad encryption/decryption failure
    1355eb244aa5 rxrpc: Fix key/keyring checks in setsockopt(RXRPC_SECURITY_KEY/KEYRING)
    9ce36d28f67c rxrpc: fix reference count leak in rxrpc_server_keyring()
    47073aab8a3a rxrpc: reject undecryptable rxkad response tickets
    b8f66447448d rxrpc: Only put the call ref if one was acquired
    f1a7a3ab0f35 rxrpc: Fix key reference count leak from call->key
    93fc15be44a3 rxrpc: Fix call removal to use RCU safe deletion
    e63265f188ea net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()
    88591194df73 mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()
    b7b8012193fd net: stmmac: fix integer underflow in chain mode
    9a56735581d5 net: qualcomm: qca_uart: report the consumed byte on RX skb allocation failure
    6468cab1173f mmc: vub300: fix NULL-deref on disconnect
    80fd0de89805 pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled
    0985b18c95eb net/mlx5: Update the list of the PCI supported devices
    ca3f48c3567d drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat
    2f55b58b5a0b batman-adv: hold claim backbone gateways by reference
    2eb9d67704ca net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()
    0e43e0a3c940 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
    d3de72e2a2b9 EDAC/mc: Fix error path ordering in edac_mc_alloc()
    672b526def1f X.509: Fix out-of-bounds access when parsing extensions
    69d61639bc7e batman-adv: reject oversized global TT response buffers
    07cb6c72e66b nfc: pn533: allocate rx skb before consuming bytes
    0f36273a4b24 arm64: dts: hisilicon: hi3798cv200: Add missing dma-ranges
    e3d84395a16d arm64: dts: hisilicon: poplar: Correct PCIe reset GPIO polarity
    e85ee7bd042c arm64: dts: imx8mq-librem5: Bump BUCK1 suspend voltage up to 0.85V
    03c00ef6d6df Revert "arm64: dts: imx8mq-librem5: Set the DVS voltages lower"
    4bf41c2731a0 wifi: brcmsmac: Fix dma_free_coherent() size
    3bcf7aca63f0 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
    c221ed63a276 xfrm: clear trailing padding in build_polexpire()
    070abdf1b043 netfilter: nft_ct: fix use-after-free in timeout object destroy
    533e0a0454d0 Revert "drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug"
    32bad10de347 netfilter: nft_set_pipapo: do not rely on ZERO_SIZE_PTR
    84d458018b14 seg6: separate dst_cache for input and output paths in seg6 lwtunnel
    3e9bf8c3ba89 Revert "mptcp: add needs_id for netlink appending addr"
    8ec6a58586f1 usb: gadget: f_hid: move list and spinlock inits from bind to alloc
    e8984f068e90 virtio_net: clamp rss_max_key_size to NETDEV_RSS_KEY_LEN
    0dc539b888fb scsi: ufs: core: Fix use-after free in init error and remove paths
    146e25625378 ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai()
    811b3dccfb0a MIPS: mm: Rewrite TLB uniquification for the hidden bit feature
    591f030449ad MIPS: mm: Suppress TLB uniquification on EHINV hardware
    8a4de6bcaf01 MIPS: Always record SEGBITS in cpu_data.vmbits
    00a4b91f8fac Input: uinput - take event lock when submitting FF request "event"
    546c18a14924 Input: uinput - fix circular locking dependency with ff-core
    3fd6547f5b8a mptcp: fix slab-use-after-free in __inet_lookup_established
    673d2a3eef6e net: rfkill: prevent unlimited numbers of rfkill events from being created
    e0c8542c3d09 xfrm_user: fix info leak in build_report()
    1de5c76bf40e wifi: rt2x00usb: fix devres lifetime
    066c760acead lib/crypto: chacha: Zeroize permuted_state before it leaves scope
    91f02726b220 x86/CPU: Fix FPDSS on Zen1

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../linux/linux-yocto-rt_6.6.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.6.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 6440d0babbe..fab90bcc14d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "fda570bd42ccafdd93a2bc4eae0ab36a4084031e"
-SRCREV_meta ?= "888e60b42c251c492d6f41f154bb8c4eef5f8875"
+SRCREV_machine ?= "796ebf5cd0bb25e473fead08d0e3c8c1b68f0676"
+SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.134"
+LINUX_VERSION ?= "6.6.135"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index deb59431454..80234909a32 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.134"
+LINUX_VERSION ?= "6.6.135"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "990b12e4095890d00a1c42ee5643443f1491dc0e"
-SRCREV_meta ?= "888e60b42c251c492d6f41f154bb8c4eef5f8875"
+SRCREV_machine ?= "8c3e42c1177c1cf7f4b028ffe1ddacf5a7e8b018"
+SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 11efb351e97..43d0ad9c8ee 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "55c82e0b84e8892add226263bb00dfaef810f487"
-SRCREV_machine:qemuarm64 ?= "c3b5dcdca64f2d9d5dfd9808b2ec4d1363ddc5c2"
-SRCREV_machine:qemuloongarch64 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
-SRCREV_machine:qemumips ?= "065d9d6fa1db8f762b740b0fac999e8d68b3afcf"
-SRCREV_machine:qemuppc ?= "dd0d7b2a25b1fc953887f6d32247c58b19f23e73"
-SRCREV_machine:qemuriscv64 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
-SRCREV_machine:qemuriscv32 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
-SRCREV_machine:qemux86 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
-SRCREV_machine:qemux86-64 ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
-SRCREV_machine:qemumips64 ?= "5546a26cb003a61697b9c748e80c964188dbde1b"
-SRCREV_machine ?= "3db526a0348edbb162b13d91e788eb270bcbb934"
-SRCREV_meta ?= "888e60b42c251c492d6f41f154bb8c4eef5f8875"
+SRCREV_machine:qemuarm ?= "e3d837b99e32b26f86c7e0c956787aa7ac11cbc8"
+SRCREV_machine:qemuarm64 ?= "440d78702ecd1f42162acba37434033a5ca903cb"
+SRCREV_machine:qemuloongarch64 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_machine:qemumips ?= "8692ec9071ca8f4432c2c3409bf79240f34a7af5"
+SRCREV_machine:qemuppc ?= "d49f40c6896b5d1ac37a84564ed7ab5b7a839519"
+SRCREV_machine:qemuriscv64 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_machine:qemuriscv32 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_machine:qemux86 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_machine:qemux86-64 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_machine:qemumips64 ?= "91b8fff701cdc434e211a58915886224eb6e0d1a"
+SRCREV_machine ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "8cee53b8eaeb5d1f7c97b7f2381653ed00ffc26b"
+SRCREV_machine:class-devupstream ?= "9760bf04666dfe154161d49b6207c3486685bf29"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.134"
+LINUX_VERSION ?= "6.6.135"
 
 PV = "${LINUX_VERSION}+git"
 

[OE-core][scarthgap 24/30] linux-yocto/6.6: update to v6.6.136

[Yoann Congal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:

    142cd8382222 Linux 6.6.136
    deeaba4c54ae md/raid1: fix data lost for writemostly rdev
    1fa36cf495b0 rxrpc: Fix missing validation of ticket length in non-XDR key preparsing
    09427bcb1715 crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed
    b5c14bd4da1f crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed
    607ba280f2ad crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed
    c89c768734f3 crypto: testmgr - Hide ENOENT errors better
    695cac6ed284 crypto: testmgr - Hide ENOENT errors
    74e2db36fe50 net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()
    f6634af5de72 ALSA: caiaq: take a reference on the USB device in create_card()
    86fc28191418 ALSA: usb-audio: apply quirk for MOONDROP JU Jiu
    ef57cd3329b4 f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()
    8d5729350b23 ksmbd: use check_add_overflow() to prevent u16 DACL size overflow
    ffbce350c6fd ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment
    a34d456934fe smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path
    b53b8e98c233 smb: client: require a full NFS mode SID before reading mode bits
    0521a67e4b0f smb: server: fix max_connections off-by-one in tcp accept path
    97f8d2648ef4 smb: server: fix active_num_conn leak on transport allocation failure
    b3e0e7dd53f1 fuse: quiet down complaints in fuse_conn_limit_write
    f1441a1ecace fuse: Check for large folio with SPLICE_F_MOVE
    d23ad78bfd20 fuse: reject oversized dirents in page cache
    a76c1cad4e80 f2fs: fix to avoid memory leak in f2fs_rename()
    f90b8a1798b7 fs/ntfs3: validate rec->used in journal-replay file record check
    a6bcf8010af0 rxrpc: only handle RESPONSE during service challenge
    d6a76b3600e1 rxrpc: Fix anonymous key handling
    6669cf805940 scripts/dtc: Remove unused dts_version in dtc-lexer.l
    cf044df0901f Revert "wifi: cfg80211: stop NAN and P2P in cfg80211_leave"
    e2c9dc6b6e96 ocfs2: fix out-of-bounds write in ocfs2_write_end_inline
    37f074e65f24 ocfs2: validate inline data i_size during inode read
    4bf8cd09f427 ocfs2: add inline inode consistency check to ocfs2_validate_inode_block()
    c98b6fa86b33 rxrpc: Fix key quota calculation for multitoken keys
    e297bb2c2568 KVM: x86: Use __DECLARE_FLEX_ARRAY() for UAPI structures with VLAs
    f363c496e203 scripts: generate_rust_analyzer.py: define scripts
    ceb73484e720 PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup
    7ad01905831c net: annotate data-races around sk->sk_{data_ready,write_space}
    fa5d5baf67f6 i40e: Fix preempt count leak in napi poll tracepoint
    71ca90c26eef net: ethernet: mtk_eth_soc: initialize PPE per-tag-layer MTU registers
    f77b51bcee7b wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
    10f4ff4baeb6 md/raid1,raid10: don't ignore IO flags
    50352fc10392 ipv6: add NULL checks for idev in SRv6 paths
    e238ab12556b PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown
    ebc8815a917f Revert "perf unwind-libdw: Fix invalid reference counts"
    45cbaf5c7cdc media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
    e3957eb26a3d media: vidtv: fix pass-by-value structs causing MSAN warnings
    7318e3549518 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map
    cb8092038e95 media: as102: fix to not free memory after the device is registered in as102_usb_probe()
    47fa09fe7f3e bcache: fix cached_dev.sb_bio use-after-free and crash
    e88354b381e2 ALSA: 6fire: fix use-after-free on disconnect
    b5d141ea15f1 media: em28xx: fix use-after-free in em28xx_v4l2_open()
    9a9bdaf9dc42 media: mediatek: vcodec: fix use-after-free in encoder release path
    17cb7957c979 media: vidtv: fix nfeeds state corruption on start_streaming failure
    115a5266749d mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
    cec74b2ab7df mm/kasan: fix double free for kasan pXds
    887632163b54 ASoC: qcom: q6apm: move component registration to unmanaged version
    dc6a6c3db3a4 KVM: x86: Use scratch field in MMIO fragment to hold small write values
    24b1e0d5d254 checkpatch: add support for Assisted-by tag
    e0c211a0c261 ice: Fix memory leak in ice_set_ringparam()
    e6661add2d9c nf_tables: nft_dynset: fix possible stateful expression memleak in error path
    aaba6ee63ba6 blktrace: fix __this_cpu_read/write in preemptible context
    9df613ef6e8e nfc: nci: complete pending data exchange on device close
    4604b7b4eee6 net: sched: fix TCF_LAYER_TRANSPORT handling in tcf_get_base_ptr()
    5afb9356a2e5 KVM: nVMX: Fold requested virtual interrupt check into has_nested_events()
    002a73470b56 net: add proper RCU protection to /proc/net/ptype
    f9d4b618f1b9 iio: common: st_sensors: Fix use of uninitialize device structs
    36f127b971c0 btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io()
    128b03ccb258 net: skb: fix cross-cache free of KFENCE-allocated skb head
    b670833749ff KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION
    6575f9fbf084 ocfs2: handle invalid dinode in ocfs2_group_extend
    6f072daefcab ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
    4b80b5a838a3 ocfs2: fix possible deadlock between unlink and dio_end_io_write
    b7efb4c94797 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
    426ef05e82ee dcache: Limit the minimal number of bucket to two
    452894005b4a ALSA: ctxfi: Limit PTP to a single page
    6718df49e5a7 Docs/admin-guide/mm/damon/reclaim: warn commit_inputs vs param updates race
    554391e7da68 USB: serial: option: add Telit Cinterion FN990A MBIM composition
    779412e0e391 staging: sm750fb: fix division by zero in ps_to_hz()
    f632987306bc wifi: rtw88: fix device leak on probe failure
    e2f8c5d134f7 scripts: generate_rust_analyzer.py: avoid FD leak
    cce24f70090e fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
    301857c5ac27 usb: port: add delay after usb_hub_set_port_power()
    8fb82e3555a7 USB: cdc-acm: Add quirks for Yoga Book 9 14IAH10 INGENIC touchscreen
    9dec3276d122 usb: storage: Expand range of matched versions for VL817 quirks entry
    885c8591784d usbip: validate number_of_packets in usbip_pack_ret_submit()
    745a535461bb ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc
    b5b5d5936a50 ksmbd: require 3 sub-authorities before reading sub_auth[2]
    4b73376feecb ksmbd: validate EaNameLength in smb2_get_ea()
    bfbc74df8bbe smb: client: fix off-by-8 bounds check in check_wsl_eas()
    1b2bfedccc4f usb: gadget: renesas_usb3: validate endpoint index in standard request handlers
    9ceff1251904 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
    0f156bb5334e usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
    859a239d58a8 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
    f856f4b6efd5 ALSA: fireworks: bound device-supplied status before string array lookup
    63c11b19cdc1 drm/vc4: platform_get_irq_byname() returns an int
    2819f34e08bd NFC: digital: Bounds check NFC-A cascade depth in SDD response handler
    d4e1946bea8d net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()
    932ae5309e53 HID: core: clamp report_size in s32ton() to avoid undefined shift
    c8cc765253ad HID: alps: fix NULL pointer dereference in alps_raw_event()
    c65ee4d3be5d staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
    fa00738ab30b i2c: s3c24xx: check the size of the SMBUS message before using it
    5e9cfffad898 can: raw: fix ro->uniq use-after-free in raw_rcv()
    0eb1263a3b8c nfc: llcp: add missing return after LLCP_CLOSED checks
    e2e0e7884314 drm/i915/psr: Do not use pipe_src as borders for SU area
    7ab1832fe163 objtool: Remove max symbol name length limitation
    29d39948ce52 ALSA: usb-audio: Improve Focusrite sample rate filtering
    c5e918390002 netfilter: conntrack: add missing netlink policy validations
    e86ab1e56613 crypto: algif_aead - Fix minimum RX size check for decryption
    cfab2c817d2e perf/x86/intel/uncore: Skip discovery table for offline dies
    1981e469558b gpio: tegra: fix irq_release_resources calling enable instead of disable
    9ccce02d5013 l2tp: Drop large packets with UDP encap
    ae8343a19ccb net: ipa: fix event ring index not programmed for IPA v5.0+
    a7d326dfb13b net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+
    b9232421a77a af_unix: read UNIX_DIAG_VFS data under unix_state_lock
    00e1d650fa4b net: txgbe: leave space for null terminators on property_entry
    288138418bef netfilter: ip6t_eui64: reject invalid MAC header for all packets
    36bf0d98e180 netfilter: xt_multiport: validate range encoding in checkentry
    368c22aea490 netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator
    730663352c91 ipvs: fix NULL deref in ip_vs_add_service error path
    c4d93470aff0 selftests: net: bridge_vlan_mcast: wait for h1 before querier check
    d3125c541a96 xfrm_user: fix info leak in build_mapping()
    b66920a3348c xfrm: Wait for RCU readers during policy netns exit
    a55793e5a97d xsk: validate MTU against usable frame size on bind
    81ab60836b27 xsk: fix XDP_UMEM_SG_FLAG issues
    cfcc8a82ad03 xsk: respect tailroom for ZC setups
    a03975beb9f6 xsk: tighten UMEM headroom validation to account for tailroom and min frame
    c9eef0760db4 e1000: check return value of e1000_read_eeprom
    d8a747057a17 ixgbevf: add missing negotiate_features op to Hyper-V ops table
    feba4907c302 tracing/probe: reject non-closed empty immediate strings
    7a01c81120f5 dt-bindings: net: Fix Tegra234 MGBE PTP clock
    366f890831ff net: stmmac: Fix PTP ref clock for Tegra234
    d8c2aa3c4a1e nfc: s3fwrn5: allocate rx skb before consuming bytes
    47a8bf52156a ipv4: icmp: fix null-ptr-deref in icmp_build_probe()
    363a38044b8c net: lapbether: handle NETDEV_PRE_TYPE_CHANGE
    eb3765b90eb8 net: sched: act_csum: validate nested VLAN headers
    a6566cd33f6f eventpoll: defer struct eventpoll free to RCU grace period
    34160cca50ec drm/vc4: Protect madv read in vc4_gem_object_mmap() with madv_lock
    dd5c49787a32 drm/vc4: Fix a memory leak in hang state error path
    a812008fe3a0 drm/vc4: Fix memory leak of BO array in hang state
    5befb65dca90 drm/vc4: Release runtime PM reference after binding V3D
    96f71e3a7f9b PCI: hv: Set default NUMA node to 0 for devices without affinity info
    6948caaff66d arm64: dts: imx8mq: Set the correct gpu_ahb clock frequency
    d4d11b70a30f soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching
    f0288da67320 ASoC: stm32_sai: fix incorrect BCLK polarity for DSP_A/B, LEFT_J
    3ec7437e9d11 wifi: brcmfmac: validate bsscfg indices in IF events
    cf50a1178dfc ata: ahci: force 32-bit DMA for JMicron JMB582/JMB585
    e6a445513fbc HID: roccat: fix use-after-free in roccat_report_event
    40f40229baa7 ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14IAH10
    e73692e0e271 HID: quirks: add HID_QUIRK_ALWAYS_POLL for 8BitDo Pro 3
    a9098b43562f platform/x86/amd: pmc: Add Thinkpad L14 Gen3 to quirk_s2idle_bug
    36af81124ca8 pinctrl: intel: Fix the revision for new features (1kOhm PD, HW debouncer)
    b17dcf3c9cb4 ASoC: amd: yc: Add DMI entry for HP Laptop 15-fc0xxx
    5d4fe469fe7d fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath
    7b73bea718fe ALSA: usb-audio: Fix quirk flags for NeuralDSP Quad Cortex
    e51cd8954919 ASoC: soc-core: call missing INIT_LIST_HEAD() for card_aux_list
    b6ba1eacf276 wifi: wl1251: validate packet IDs before indexing tx_frames
    d7b59c2e6109 ALSA: hda/realtek: add quirk for Framework F111:000F
    fa4f1f52528c netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry
    b345586c9fe8 ALSA: hda/realtek: Add mute LED quirk for HP Pavilion 15-eg0xxx
    c09a7446aab5 btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file()
    aa77bd6d08f0 can: mcp251x: add error handling for power enable in open and resume
    5c37bd025068 ASoC: SOF: topology: reject invalid vendor array size in token parser
    64e4ced7dd47 ASoC: amd: yc: Add DMI quirk for Thin A15 B7VF
    719df67c2003 ALSA: asihpi: avoid write overflow check warning
    384c3f844f53 media: rkvdec: reduce stack usage in rkvdec_init_v4l2_vp9_count_tbl()
    e0c656cbb2a7 ALSA: hda/realtek: Add quirk for ASUS ROG Flow Z13-KJP GZ302EAC
    1e1015643535 ALSA: hda/realtek: Add HP ENVY Laptop 13-ba0xxx quirk
    2cd86c2cd771 ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK BM1403CDA
    62298a48f8b8 RDMA/irdma: Fix double free related to rereg_user_mr

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../linux/linux-yocto-rt_6.6.bb               |  4 +--
 .../linux/linux-yocto-tiny_6.6.bb             |  4 +--
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 26 +++++++++----------
 3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index fab90bcc14d..22af5c2a99e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "796ebf5cd0bb25e473fead08d0e3c8c1b68f0676"
+SRCREV_machine ?= "99c037f00af27169304f268e388fa3fc65688633"
 SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.135"
+LINUX_VERSION ?= "6.6.136"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 80234909a32..1153249b8d8 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.135"
+LINUX_VERSION ?= "6.6.136"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,7 +17,7 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "8c3e42c1177c1cf7f4b028ffe1ddacf5a7e8b018"
+SRCREV_machine ?= "4aa4f6df28cc4541355f39ce0c40237408690c14"
 SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
 
 PV = "${LINUX_VERSION}+git"
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 43d0ad9c8ee..f2307dd6e05 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,17 +18,17 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "e3d837b99e32b26f86c7e0c956787aa7ac11cbc8"
-SRCREV_machine:qemuarm64 ?= "440d78702ecd1f42162acba37434033a5ca903cb"
-SRCREV_machine:qemuloongarch64 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
-SRCREV_machine:qemumips ?= "8692ec9071ca8f4432c2c3409bf79240f34a7af5"
-SRCREV_machine:qemuppc ?= "d49f40c6896b5d1ac37a84564ed7ab5b7a839519"
-SRCREV_machine:qemuriscv64 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
-SRCREV_machine:qemuriscv32 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
-SRCREV_machine:qemux86 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
-SRCREV_machine:qemux86-64 ?= "97fc5acdc890a23017140ff16705091544b0ab09"
-SRCREV_machine:qemumips64 ?= "91b8fff701cdc434e211a58915886224eb6e0d1a"
-SRCREV_machine ?= "97fc5acdc890a23017140ff16705091544b0ab09"
+SRCREV_machine:qemuarm ?= "9d8556efa4dbd3ee1cfac4af6426a8476637fcef"
+SRCREV_machine:qemuarm64 ?= "aaa7c5002cfdf0f46dcf9239f3074aee1e29741d"
+SRCREV_machine:qemuloongarch64 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
+SRCREV_machine:qemumips ?= "d9adf59334edff1b09b883ea5717895e9735aa13"
+SRCREV_machine:qemuppc ?= "52b968d255a67240a548e64e784d3f5269ca3894"
+SRCREV_machine:qemuriscv64 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
+SRCREV_machine:qemuriscv32 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
+SRCREV_machine:qemux86 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
+SRCREV_machine:qemux86-64 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
+SRCREV_machine:qemumips64 ?= "746738b15a00d5d36105d09ea0f259f44be48ad5"
+SRCREV_machine ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
 SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
@@ -36,7 +36,7 @@ SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "9760bf04666dfe154161d49b6207c3486685bf29"
+SRCREV_machine:class-devupstream ?= "142cd8382222d9b135e0029da6830e5e30444d34"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.135"
+LINUX_VERSION ?= "6.6.136"
 
 PV = "${LINUX_VERSION}+git"
 

[OE-core][scarthgap 25/30] linux-yocto/6.6: update to v6.6.137

[Yoann Congal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:

    258cf62a6dfde Linux 6.6.137
    4b4defd2fce3f Buffer overflow in drivers/xen/sys-hypervisor.c
    402d84ad9e89b xen/privcmd: fix double free via VMA splitting
    710a4ce5d7afd crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
    3ef530ef5585f crypto: authencesn - Fix src offset when decrypting in-place
    d0c4ff6812386 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
    60c798725c966 crypto: authenc - use memcpy_sglist() instead of null skcipher
    c2138c9bd02af crypto: algif_aead - snapshot IV for async AEAD requests
    3115af9644c34 crypto: algif_aead - Revert to operating out-of-place
    dbea57c08acfc crypto: algif_aead - use memcpy_sglist() instead of null skcipher
    9ec26b5d193c9 crypto: scatterwalk - Backport memcpy_sglist()

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../linux/linux-yocto-rt_6.6.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.6.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 22af5c2a99e..bbcf3122ea1 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "99c037f00af27169304f268e388fa3fc65688633"
-SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
+SRCREV_machine ?= "da5f16c9d10d53af703c809e864c09df336edfb7"
+SRCREV_meta ?= "7d4cafa710da4e27a86cb015e50d91cf458af06f"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.136"
+LINUX_VERSION ?= "6.6.137"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 1153249b8d8..c5c6f88781c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.136"
+LINUX_VERSION ?= "6.6.137"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "4aa4f6df28cc4541355f39ce0c40237408690c14"
-SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
+SRCREV_machine ?= "cd2288c19d6b729b3c7b2b620eb9c311116c72f1"
+SRCREV_meta ?= "7d4cafa710da4e27a86cb015e50d91cf458af06f"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index f2307dd6e05..358b6a7760b 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "9d8556efa4dbd3ee1cfac4af6426a8476637fcef"
-SRCREV_machine:qemuarm64 ?= "aaa7c5002cfdf0f46dcf9239f3074aee1e29741d"
-SRCREV_machine:qemuloongarch64 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
-SRCREV_machine:qemumips ?= "d9adf59334edff1b09b883ea5717895e9735aa13"
-SRCREV_machine:qemuppc ?= "52b968d255a67240a548e64e784d3f5269ca3894"
-SRCREV_machine:qemuriscv64 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
-SRCREV_machine:qemuriscv32 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
-SRCREV_machine:qemux86 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
-SRCREV_machine:qemux86-64 ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
-SRCREV_machine:qemumips64 ?= "746738b15a00d5d36105d09ea0f259f44be48ad5"
-SRCREV_machine ?= "59f5af18d31e596ec928a48848bd837d53e06c26"
-SRCREV_meta ?= "b162eec5fa39c4658181073e741efe3a9d498454"
+SRCREV_machine:qemuarm ?= "eb708bdc972fc5dc22cdcbf3d3dbdb81e1450fd9"
+SRCREV_machine:qemuarm64 ?= "eafa49201e224e87ad20cf849dead88aec204e68"
+SRCREV_machine:qemuloongarch64 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
+SRCREV_machine:qemumips ?= "b75949027e1e8c8c90998ee144c6b97aa2fbf561"
+SRCREV_machine:qemuppc ?= "1b302e1b1463e28dd8d446754cc3140e935ceec6"
+SRCREV_machine:qemuriscv64 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
+SRCREV_machine:qemuriscv32 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
+SRCREV_machine:qemux86 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
+SRCREV_machine:qemux86-64 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
+SRCREV_machine:qemumips64 ?= "620abbeb29fcd44655d2de94ae7a7fff7656ed01"
+SRCREV_machine ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
+SRCREV_meta ?= "7d4cafa710da4e27a86cb015e50d91cf458af06f"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "142cd8382222d9b135e0029da6830e5e30444d34"
+SRCREV_machine:class-devupstream ?= "258cf62a6dfde3c6a39d120a56a298f2ed6a8901"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.136"
+LINUX_VERSION ?= "6.6.137"
 
 PV = "${LINUX_VERSION}+git"
 

[OE-core][scarthgap 26/30] linux-yocto/6.6: update to v6.6.138

[Yoann Congal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:

    3b9f64db04968 Linux 6.6.138
    50ed1e7873100 xfrm: esp: avoid in-place decrypt on shared skb frags

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../linux/linux-yocto-rt_6.6.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.6.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index bbcf3122ea1..68c3c07ef63 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "da5f16c9d10d53af703c809e864c09df336edfb7"
-SRCREV_meta ?= "7d4cafa710da4e27a86cb015e50d91cf458af06f"
+SRCREV_machine ?= "9708fab99d7eb8962dda82d642c468a32b6682fa"
+SRCREV_meta ?= "0a6ad7549c97f8703f1f742f73ee65d29d121958"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.137"
+LINUX_VERSION ?= "6.6.138"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index c5c6f88781c..52d89c713df 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.137"
+LINUX_VERSION ?= "6.6.138"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "cd2288c19d6b729b3c7b2b620eb9c311116c72f1"
-SRCREV_meta ?= "7d4cafa710da4e27a86cb015e50d91cf458af06f"
+SRCREV_machine ?= "72c2c9b6014dd199bb70e07e19931b8691fa08e1"
+SRCREV_meta ?= "0a6ad7549c97f8703f1f742f73ee65d29d121958"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index 358b6a7760b..e077808f288 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "eb708bdc972fc5dc22cdcbf3d3dbdb81e1450fd9"
-SRCREV_machine:qemuarm64 ?= "eafa49201e224e87ad20cf849dead88aec204e68"
-SRCREV_machine:qemuloongarch64 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
-SRCREV_machine:qemumips ?= "b75949027e1e8c8c90998ee144c6b97aa2fbf561"
-SRCREV_machine:qemuppc ?= "1b302e1b1463e28dd8d446754cc3140e935ceec6"
-SRCREV_machine:qemuriscv64 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
-SRCREV_machine:qemuriscv32 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
-SRCREV_machine:qemux86 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
-SRCREV_machine:qemux86-64 ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
-SRCREV_machine:qemumips64 ?= "620abbeb29fcd44655d2de94ae7a7fff7656ed01"
-SRCREV_machine ?= "f14907570fc0bb7285c62bc9d5146180bafffbae"
-SRCREV_meta ?= "7d4cafa710da4e27a86cb015e50d91cf458af06f"
+SRCREV_machine:qemuarm ?= "9d8edc5598e5c5f17ce696ce032e8dc654858450"
+SRCREV_machine:qemuarm64 ?= "c6600bc98dbafed4fcbd6f1204da6b41ef5feec2"
+SRCREV_machine:qemuloongarch64 ?= "ad053e3390f755311a4d87911c13039387767122"
+SRCREV_machine:qemumips ?= "97c272b944970f93ef93eb87f54899ccb26671f1"
+SRCREV_machine:qemuppc ?= "8dfba699cafc5b5d5f50cb8f270db9b8ae112571"
+SRCREV_machine:qemuriscv64 ?= "ad053e3390f755311a4d87911c13039387767122"
+SRCREV_machine:qemuriscv32 ?= "ad053e3390f755311a4d87911c13039387767122"
+SRCREV_machine:qemux86 ?= "ad053e3390f755311a4d87911c13039387767122"
+SRCREV_machine:qemux86-64 ?= "ad053e3390f755311a4d87911c13039387767122"
+SRCREV_machine:qemumips64 ?= "2744d8ab5ccca406c0acc17c414ff4c8e186708f"
+SRCREV_machine ?= "ad053e3390f755311a4d87911c13039387767122"
+SRCREV_meta ?= "0a6ad7549c97f8703f1f742f73ee65d29d121958"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "258cf62a6dfde3c6a39d120a56a298f2ed6a8901"
+SRCREV_machine:class-devupstream ?= "3b9f64db049687c0d38b4b3ef2f297f0642179af"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.137"
+LINUX_VERSION ?= "6.6.138"
 
 PV = "${LINUX_VERSION}+git"
 

[OE-core][scarthgap 27/30] linux-yocto/6.6: update to v6.6.140

[Yoann Congal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:

    eac8889a3a1c Linux 6.6.140
    4c3ed344a970 smb: client: use kzalloc to zero-initialize security descriptor buffer
    2074dfffad76 Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete
    b94588f5a697 crypto: nx - fix context leak in nx842_crypto_free_ctx
    d7e42dc47beb Bluetooth: MGMT: Fix memory leak in set_ssp_complete
    f7c14993dc2f mtd: spi-nor: sst: Fix SST write failure
    5bb5faff4837 drm/amdgpu/vcn4: Avoid overflow on msg bound check
    1936310f68c5 drm/amdgpu/vcn3: Avoid overflow on msg bound check
    9b2c795bb2c6 vsock/virtio: fix length and offset in tap skb for split packets
    65c484726e74 vsock/virtio: fix accept queue count leak on transport mismatch
    a998a7e250bf vsock: fix buffer size clamping order
    944d76f749dd KVM: arm64: Wake-up from WFI when iqrchip is in userspace
    83ce43a21bb7 ceph: only d_add() negative dentries when they are unhashed
    09a69a3d8f97 usb: dwc3: Move GUID programming after PHY initialization
    033c80d80fd1 tracing/probes: Limit size of event probe to 3K
    f5ee467b5676 btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak
    6b57d6e4c302 batman-adv: tp_meter: fix tp_num leak on kmalloc failure
    79bc0eaeef2c batman-adv: stop tp_meter sessions during mesh teardown
    c2287250ba69 pwm: imx-tpm: Count the number of enabled channels in probe
    3666c037fbde mtd: spi-nor: sst: Fix write enable before AAI sequence
    b7cd63d13fae mtd: spi-nor: sst: Factor out common write operation to `sst_nor_write_data()`
    0000a7780e0e ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger
    b32f4cd81ef5 mm/damon/reclaim: detect and use fresh enabled and kdamond_pid values
    8e7317598d72 usb: typec: tcpm: reset internal port states on soft reset AMS
    2b26b1ec4c1d mm/damon/lru_sort: detect and use fresh enabled and kdamond_pid values
    0dd8917f35da mm/damon/core: implement damon_kdamond_pid()
    7c504ffab3ef rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
    cfa4267b5075 mm/damon/core: disallow time-quota setting zero esz
    172dcb67dd35 bonding: fix use-after-free due to enslave fail after slave array update
    cf1fd517f892 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()
    c0428a22daf6 rxrpc: Fix conn-level packet handling to unshare RESPONSE packets
    594973a2e549 fbcon: Avoid OOB font access if console rotation fails
    f4b177f96955 spi: microchip-core-qspi: fix controller deregistration
    091499f90e09 spi: microchip-core-qspi: Use helper function devm_clk_get_enabled()
    420d6f5e3fb4 mm/hugetlb_cma: round up per_node before logging it
    fa7aaaed583a spi: uniphier: fix controller deregistration
    3e272e6be1a2 spi: uniphier: Simplify clock handling with devm_clk_get_enabled()
    c9577d966503 spi: uniphier: switch to use modern name
    664b60985a77 spi: tegra20-sflash: fix controller deregistration
    4541a6cbec27 spi: tegra114: fix controller deregistration
    df771f250402 spi: sun6i: fix controller deregistration
    9da85b209f26 spi: sun6i: switch to use modern name
    7fd0c4fd2185 spi: zynq-qspi: fix controller deregistration
    dc2044ef3647 spi: zynq-qspi: Simplify clock handling with devm_clk_get_enabled()
    ae6ee9f16538 spi: zynq-qspi: switch to use modern name
    db96551920e2 spi: ti-qspi: fix controller deregistration
    25ba53c43f30 spi: spi-ti-qspi: switch to use modern name
    3b6cededf65a spi: spi-ti-qspi: Convert to platform remove callback returning void
    1cdba535877d spi: sun4i: fix controller deregistration
    79a38ff2bd3d spi: sun4i: switch to use modern name
    904ff4e79961 spi: syncuacer: fix controller deregistration
    5bbe69946620 spi: synquacer: switch to use modern name
    6823f730bf19 Bluetooth: hci_conn: fix potential UAF in create_big_sync
    b4a53add2fa8 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete
    0555d4f52623 xfrm: ah: account for ESN high bits in async callbacks
    9d3968c48367 net: ipv6: stop checking crypto_ahash_alignmask
    0841fc6a36c3 net: ipv4: stop checking crypto_ahash_alignmask
    7e78a5bcbd65 ALSA: seq: Fix UMP group 16 filtering
    dbacde3d4755 ALSA: seq: Notify client and port info changes
    3915715273cd ALSA: core: Serialize deferred fasync state checks
    fe337552143f ALSA: misc: Use guard() for spin locks
    409fb34c1860 ALSA: hda: cs35l56: Propagate ASP TX source control errors
    247ed8a969f9 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()
    e1c50b273298 net: stmmac: Prevent NULL deref when RX memory exhausted
    8a2c91de61ff net: stmmac: rename STMMAC_GET_ENTRY() -> STMMAC_NEXT_ENTRY()
    6a74af77eba5 net: stmmac: avoid shadowing global buf_sz
    2adbfca7452e crypto: caam - guard HMAC key hex dumps in hash_digest_key
    f3a3e2dac5ec printk: add print_hex_dump_devel()
    43a878639b90 erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()
    6923cde8dc1d crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
    268ae55a4c4f crypto: nx - Migrate to scomp API
    c5fa7465794c crypto: nx - Avoid -Wflex-array-member-not-at-end warning
    bf96052d617b ksmbd: reset rcount per connection in ksmbd_conn_wait_idle_sess_id()
    e1c24ce7573d wifi: rtl8xxxu: fix potential use of uninitialized value
    3ca80e3012c8 hfsplus: fix held lock freed on hfsplus_fill_super()
    61a790974ff7 hfsplus: fix uninit-value by validating catalog record size
    82fb9da6477d xfs: fix a resource leak in xfs_alloc_buftarg()
    b58baa1d50aa mmc: core: Optimize time for secure erase/trim for some Kingston eMMCs
    058b451b1039 udf: fix partition descriptor append bookkeeping
    401a49b7f26e firmware: google: framebuffer: Do not unregister platform device
    2a40f8bc9bb7 fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info
    a2c817c62943 spi: fix resource leaks on device setup failure
    4c4641366143 net: qrtr: ns: Limit the total number of nodes
    0dbec101a707 net: qrtr: ns: Limit the maximum number of lookups
    e6f6cd501fb5 net: qrtr: ns: Limit the maximum server registration per node
    0b9e4bbfb7c9 net: bridge: use a stable FDB dst snapshot in RCU readers
    218b772e4815 net: mctp: fix don't require received header reserved bits to be zero
    6a2d6273b6c3 RDMA/mana_ib: Disable RX steering on RSS QP destroy
    8d4edc89bf71 sched: Use u64 for bandwidth ratio calculations
    ede9eca9701d block: relax pgmap check in bio_add_page for compatible zone device pages
    18d6a7c9e4e6 media: rc: igorplugusb: heed coherency rules
    69b3a50dee62 ALSA: aoa: Skip devices with no codecs in i2sbus_resume()
    32fbdb6d6718 media: rc: ttusbir: respect DMA coherency rules
    35bcafc82254 ALSA: aoa: i2sbus: clear stale prepared state
    a045146109ea ALSA: aoa: Use guard() for mutex locks
    07f9bff69da8 ipmi:ssif: Clean up kthread on errors
    1f5e011fc8c8 ipmi:ssif: Fix a shutdown race
    37a430a2d4e6 thermal: core: Fix thermal zone governor cleanup issues
    78509c488c5d PCI: epf-mhi: Return 0, not remaining timeout, when eDMA ops complete
    801000afc9c9 wifi: mt76: mt792x: fix mt7925u USB WFSYS reset handling
    b3303d6e92f6 wifi: mt76: mt792x: describe USB WFSYS reset with a descriptor
    b968db3b8b4f wifi: mt76: connac: introduce helper for mt7925 chipset
    8dc5b98c20aa arm64/mm: Enable batched TLB flush in unmap_hotplug_range()
    bf477abd448c lib: test_hmm: evict device pages on file close to avoid use-after-free
    11869ce402d9 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()
    7edd983e42ee f2fs: fix to do sanity check on dcc->discard_cmd_cnt conditionally
    35baa66a8cd7 ksmbd: replace connection list with hash table
    b0b3d62d7230 ksmbd: use msleep instaed of schedule_timeout_interruptible()
    1171f329cf1c f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()
    8e47d297e7cf smb: client: validate the whole DACL before rewriting it in cifsacl
    325d4ac11f52 ksmbd: require minimum ACE size in smb_check_perm_dacl()
    1593ddb37bd1 smb: common: change the data type of num_aces to le16
    795dddb10687 smb: move some duplicate definitions to common/smbacl.h
    65419eb4259a batman-adv: bla: put backbone reference on failed claim hash insert
    7b8fbcee3184 batman-adv: bla: only purge non-released claims
    368449e467d5 batman-adv: bla: prevent use-after-free when deleting claims
    aafcbaf1159e batman-adv: stop caching unowned originator pointers in BAT IV
    e4a3c4a4c8f6 batman-adv: reject new tp_meter sessions during teardown
    f61499359fa5 batman-adv: fix integer overflow on buff_pos
    1bfb06ecb00f sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL
    ee4c7a919761 drm/amdgpu/pm: align Hawaii mclk workaround with radeon
    a103f1192dc7 drm/amdgpu/pm: add missing revision check for CI
    4f7ca00fa91d drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
    b5de35bafcd3 drm/amdgpu/gfx9: drop unnecessary 64-bit fence flag check in KIQ
    91fbb5e635c8 drm/amdgpu: zero-initialize GART table on allocation
    b8cbc52c73fa drm/radeon: add missing revision check for CI
    91c6dc5a4169 drm/amdkfd: validate SVM ioctl nattr against buffer size
    6b992591e04f drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
    638d3e0b9eb7 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg
    c72a8b4dc6d5 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
    944db9cfa537 drm/amdgpu/vce: Prevent partial address patches
    1dc005775fb5 drm/amdgpu/vcn4: Prevent OOB reads when parsing IB
    0fb5cb556b24 drm/amdgpu: Add bounds checking to ib_{get,set}_value
    4a8093c7def1 drm/amdkfd: Add upper bound check for num_of_nodes
    1db431380879 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure
    01eea4d12fb6 spi: cadence: fix unclocked access on unbind
    31e7dd252bf7 spi: cadence: fix controller deregistration
    bb6b50f709c5 spi: mpc52xx: fix use-after-free on unbind
    59abb878f5a6 spi: orion: fix clock imbalance on registration failure
    678a461af304 spi: orion: fix runtime pm leak on unbind
    1f120e1a3e1e spi: imx: fix runtime pm leak on probe deferral
    17aa64b8fe3e spi: img-spfi: fix controller deregistration
    77defd64b405 spi: rspi: fix controller deregistration
    c6f82bd90a71 spi: sprd: fix controller deregistration
    6dd37ce42ac7 spi: coldfire-qspi: fix controller deregistration
    3ad32a7140eb spi: bcmbca-hsspi: fix controller deregistration
    562d954a1449 spi: fsl: fix controller deregistration
    59da4cdd0c7b spi: sh-hspi: fix controller deregistration
    863edec24c1d spi: mtk-nor: fix controller deregistration
    4ea9a1ad663c spi: omap2-mcspi: fix controller deregistration
    89c0a7762104 spi: fsl-espi: fix controller deregistration
    2be39222d6ca spi: s3c64xx: fix controller deregistration
    b9d4b9c3457c spi: dln2: fix controller deregistration
    951694f9fab9 media: omap3isp: drop the use count of v4l2 pipeline
    e85f1e23168f media: i2c: ov08d10: fix image vertical start setting
    0b49f5dabc3a media: staging: imx: request mbus_config in csi_start
    2dde85b42abd media: i2c: imx412: Assert reset GPIO during probe
    97dbf8e69f3a media: dib8000: avoid division by 0 in dib8000_set_dds()
    492c5292540f media: pci: zoran: fix potential memory leak in zoran_probe()
    f3290d970bbe platform/x86: hp-wmi: Ignore backlight and FnLock events
    3ce8f3057c51 media: saa7164: add ioremap return checks and cleanups
    55be73783f11 spi: at91-usart: fix controller deregistration
    70c2ee9cab5c spi: qup: fix controller deregistration
    5a531cbb3bce spi: lantiq-ssc: fix controller deregistration
    38321b03b8c2 regulator: bd9571mwv: fix OF node reference imbalance
    0da216314247 regulator: act8945a: fix OF node reference imbalance
    feb17524aa4e media: videobuf2: Set vma_flags in vb2_dma_sg_mmap
    da769e8f8e34 regulator: rk808: fix OF node reference imbalance
    5b7471dce523 media: rc: streamzap: Error handling in probe
    0cc9251833bf media: rc: xbox_remote: heed DMA restrictions
    cd8f1633c3e8 regulator: max77650: fix OF node reference imbalance
    e46b3b0c9c44 regulator: mt6357: fix OF node reference imbalance
    8c7a281a9922 staging: media: atomisp: Disallow all private IOCTLs
    f367ddf1299e spi: atmel: fix controller deregistration
    725b90ce70a7 spi: bcm63xx: fix controller deregistration
    fd10fb4c33bd media: i2c: ov8856: free control handler on error in ov8856_init_controls()
    6467d656e689 media: uvcvideo: Enable VB2_DMABUF for metadata stream
    0bc4cf1a6ba0 HID: playstation: Clamp num_touch_reports
    df870e104571 exit: Sleep at TASK_IDLE when waiting for application core dump
    0b8167e83647 LoongArch: Use per-root-bridge PCIH flag to skip mem resource fixup
    07d190e4ec68 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()
    db7f65df10bd KVM: arm64: Fix initialisation order in __pkvm_init_finalise()
    70d12291805a KVM: arm64: vgic: Fix IIDR revision field extracted from wrong value
    42dd1c91f993 f2fs: fix node_cnt race between extent node destroy and writeback
    88b98e3cfb92 f2fs: fix incorrect multidevice info in trace_f2fs_map_blocks()
    72ec0749a1ba f2fs: fix fiemap boundary handling when read extent cache is incomplete
    a2bcf16cdf79 f2fs: add READ_ONCE() for i_blocks in f2fs_update_inode()
    ebeb70e29e37 mptcp: fix scheduling with atomic in timestamp sockopt
    a79bafdd4b63 mptcp: sockopt: set timestamp flags on subflow socket, not msk
    bd36fb4f9446 mptcp: use MPTCP_RST_EMPTCP for ACK HMAC validation failure
    23e881c7fedb mptcp: use MPJoinSynAckHMacFailure for SynAck HMAC failure
    114b4a6d4ede mptcp: fastclose msk when linger time is 0
    ecc36a82ecfc RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path
    e3dc3a2fb05f RDMA/rxe: Reject unknown opcodes before ICRC processing
    539cabb7b2d8 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads
    e01a957561f6 RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()
    a13c2ac4d480 RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()
    c5dc30da9900 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()
    92582c6978d9 power: supply: max17042: avoid overflow when determining health
    27f7c024ede4 PCI/AER: Stop ruling out unbound devices as error source
    3937fa851992 PCI/AER: Clear only error bits in PCIe Device Status
    b1e9f2d58707 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock
    971f17f5d910 KVM: x86: check for nEPT/nNPT in slow flush hypercalls
    ba7f71b6161c smb: client: validate dacloffset before building DACL pointers
    ef6495d4df6e smb/client: fix out-of-bounds read in symlink_data()
    dffb44b2e06a smb/client: fix out-of-bounds read in smb2_compound_op()
    e5c93847bf03 s390/debug: Reject zero-length input in debug_input_flush_fn()
    fb4ae739811d RDMA/hns: Fix unlocked call to hns_roce_qp_remove()
    c741433f6c8d openvswitch: vport: fix self-deadlock on release of tunnel ports
    9a4d7222c095 nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free
    d525ecf92228 nvme-apple: drop invalid put of admin queue reference count
    4af2e558e6fd md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
    2ae0afd98432 libceph: Fix slab-out-of-bounds access in auth message processing
    470822125b62 lib/scatterlist: fix temp buffer in extract_user_to_sg()
    3f17500e86d7 lib/scatterlist: fix length calculations in extract_kvec_to_sg
    2aa77a18dc7f lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()
    bb0988ed4f2e isofs: validate block number from NFS file handle in isofs_export_iget
    c9b37c8b73f6 isofs: validate Rock Ridge CE continuation extent against volume size
    5489c98bc681 dm-verity-fec: correctly reject too-small hash devices
    2e28bb9cc39f dm-verity-fec: correctly reject too-small FEC devices
    ae9cd0b46b18 eventfs: Hold eventfs_mutex and SRCU when remount walks events
    f0b0b09d9840 dm: fix a buffer overflow in ioctl processing
    16fc9f57b5d7 dm: don't report warning when doing deferred remove
    12161e03d33a dm-thin: fix metadata refcount underflow
    c2670ec4aa49 btrfs: fix double free in create_space_info() error path
    f7126b0b2455 ASoC: qcom: q6apm: remove child devices when apm is removed
    3141d8b00cad ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens
    cb25b46a8dbe ASoC: qcom: q6apm-dai: reset queue ptr on trigger stop
    ef1b78a68675 ASoC: Intel: bytcr_wm5102: Fix MCLK leak on platform_clock_control error
    a06bd365a587 ASoC: fsl_easrc: fix comment typo
    d91e616474c6 ASoC: amd: yc: Add HP OMEN Gaming Laptop 16-ap0xxx product line in quirk table
    88f32a6806c8 cpuidle: powerpc: avoid double clear when breaking snooze
    47bc7a03449c clk: microchip: mpfs-ccc: fix out of bounds access during output registration
    be8af24ff376 clk: imx: imx8-acm: fix flags for acm clocks
    d79e92161b65 spi: topcliff-pch: fix use-after-free on unbind
    5f08cbdce0f3 thermal/drivers/sprd: Fix raw temperature clamping in sprd_thm_rawdata_to_temp
    c040f6c5402c thermal/drivers/sprd: Fix temperature clamping in sprd_thm_temp_to_rawdata
    50dfaf4a0277 udf: reject descriptors with oversized CRC length
    82bc89fbb82d ibmveth: Disable GSO for packets with small MSS
    9415a3fbf677 hv_sock: fix ARM64 support
    a0ea2ee6ec05 gpio: of: clear OF_POPULATED on hog nodes in remove path
    476254a6c87c extcon: ptn5150: handle pending IRQ events during system resume
    2a5ed5055d1e cifs: change_conf needs to be called for session setup
    ff519f87c36b cifs: abort open_cached_dir if we don't request leases
    3d2ecbd444b0 block: add pgmap check to biovec_phys_mergeable
    0d7e7235bc54 af_unix: Reject SIOCATMARK on non-stream sockets
    d6c7f32094d6 hwmon: (corsair-psu) Close HID device on probe errors
    39f0604bf1ae clk: rk808: fix OF node reference imbalance
    0fc5303fa33d hwmon: (ltc2992) Fix u32 overflow in power read path
    66daaf79de20 hwmon: (ltc2992) Clamp threshold writes to hardware range
    c9a3b2fb4003 parisc: Fix IRQ leak in LASI driver
    f94450ce5053 net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler
    21d70744e6d3 net/rds: handle zerocopy send cleanup before the message is queued
    eca62bb0569d ip6_gre: Use cached t->net in ip6erspan_changelink().
    d3bd80404979 net: libwx: fix VF illegal register access
    6162e8212e88 sound: ua101: fix division by zero at probe
    0653c0516234 net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo
    9a80c458320e mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()
    895ebbedf883 fanotify: fix false positive on permission events
    f39501ea776f staging: vme_user: fix root device leak on init failure
    1108b8722b9f spi: s3c64xx: fix NULL-deref on driver unbind
    487f65651549 spi: zynqmp-gqspi: fix controller deregistration
    5105f3e6b2df Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()
    ab77c8bc3026 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()
    6cb7f67bc28d Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt
    1e1e509b6fd2 Bluetooth: virtio_bt: validate rx pkt_type header length
    ed41c81d30b2 Bluetooth: virtio_bt: clamp rx length before skb_put
    4aec732807c5 selinux: prune /sys/fs/selinux/disable
    01231051fa45 selinux: shrink critical section in sel_write_load()
    ebd425067290 selinux: don't reserve xattr slot when we won't fill it
    c2efc4956981 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()
    3bf4e93ed085 xfrm: provide message size for XFRM_MSG_MAPPING
    0f39c2626617 powerpc/kdump: fix KASAN sanitization flag for core_$(BITS).o
    cdbd10975b96 ALSA: firewire-tascam: Do not drop unread control events
    b0c0d44adb55 usb: ulpi: fix memory leak on ulpi_register() error paths
    20284bf5cc84 USB: serial: option: add Telit Cinterion LE910Cx compositions
    9b92535cb729 USB: omap_udc: DMA: Don't enable burst 4 mode
    91c3634bc6ac ALSA: usb-audio: Fix UAC3 cluster descriptor size check
    e0e3dcf48189 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()
    a3c42466f45c ALSA: usb-audio: midi2: Restart output URBs on resume
    d06d937b0a4c usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
    6e29c32a2721 usb: usblp: fix heap leak in IEEE 1284 device ID via short response
    ed4168d1a50f wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
    c3d7b90dc950 wifi: b43: enforce bounds check on firmware key index in b43_rx()
    fe75fa1ac9a9 wifi: mac80211: remove station if connection prep fails
    83226c71af53 wifi: ath5k: do not access array OOB
    95fcb436586d wifi: rsi: fix kthread lifetime race between self-exit and external-stop
    03584528bfff wifi: mac80211: drop stray 'static' from fast-RX rx_result
    1baaeb6adecb wifi: b43legacy: enforce bounds check on firmware key index in RX path
    d04bc2355392 wifi: mt76: mt7921: fix ROC abort flow interruption in mt7921_roc_work
    e451c325b000 wifi: mt76: mt7921: fix a potential clc buffer length underflow
    640b4c00fb0e exit: prevent preemption of oopsing TASK_DEAD task
    e4bbd3521db0 bpf: Don't mark STACK_INVALID as STACK_MISC in mark_stack_slot_misc
    aa71ab2cc929 selftests/bpf: validate fake register spill/fill precision backtracking logic
    2fcd619caecb bpf: handle fake register spill to stack with BPF_ST_MEM instruction
    f013c1dafe93 selftests/bpf: validate precision logic in partial_stack_load_preserves_zeros
    c05c8db19cd3 bpf: track aligned STACK_ZERO cases as imprecise spilled registers
    9d2cf5a4a378 selftests/bpf: validate zero preservation for sub-slot loads
    d3b398ee3404 bpf: preserve constant zero when doing partial register restore
    6d40191708e1 selftests/bpf: validate STACK_ZERO is preserved on subreg spill
    57f41f1eac13 bpf: preserve STACK_ZERO slots on partial reg spills
    c994886689fe selftests/bpf: add stack access precision test
    e4da60feca4d bpf: support non-r10 register spill/fill to/from stack in precision tracking
    36aa34f42cb6 net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked
    898a1751b620 KVM: SVM: check validity of VMCB controls when returning from SMM
    695b491dc3f2 dmaengine: idxd: Fix leaking event log memory
    5ba95b119aa7 dmaengine: idxd: Fix crash when the event log is disabled
    0305e7118451 net: txgbe: fix RTNL assertion warning when remove module
    db104b0d8a78 flow_dissector: do not dissect PPPoE PFC frames
    da54b3039d43 net: Fix icmp host relookup triggering ip_rt_bug
    d51bf43193b1 iommu/amd: serialize sequence allocation under concurrent TLB invalidations
    c28c87d9a389 iommu/amd: Use atomic64_inc_return() in iommu.c
    488e386484ec KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
    4772032a2c62 rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets
    4d08401aa13f ext4: validate p_idx bounds in ext4_ext_correct_indexes
    e3bf143b1e98 rxrpc: Fix potential UAF after skb_unshare() failure
    0d645c6d13fa spi: meson-spicc: Fix double-put in remove path
    e2c2b044458c x86/shstk: Prevent deadlock during shstk sigreturn
    21159d8b335a drm/amd/display: Do not skip unrelated mode changes in DSC validation
    c79cf4232160 x86: shadow stacks: proper error handling for mmap lock
    4a0bb8f9f71b spi: rockchip: fix controller deregistration
    327a64241f30 ASoC: SOF: Don't allow pointer operations on unconfigured streams
    cf3eb7c8e705 iommufd: Fix a race with concurrent allocation and unmap
    3bb92bac4e27 ACPI: video: force native backlight on HP OMEN 16 (8A44)
    95242430c136 ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug
    419d6c640da7 ACPI: scan: Use acpi_dev_put() in object add error paths
    4f312c30f036 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free
    ce905b65e649 ipmi:si: Return state to normal if message allocation fails
    2418e4b21fb1 ipmi: Check event message buffer response for bad data
    67c44e0deba9 ipmi: Add limits to event and receive message requests
    1f678d13e939 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()
    bffef0acec9c netfilter: reject zero shift in nft_bitwise
    6bd17925bd68 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels
    50c6a1f05973 ALSA: caiaq: fix usb_dev refcount leak on probe failure
    be0376affcaf drm/amdgpu: fix zero-size GDS range init on RDNA4
    8e8be63465a5 ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
    e4389fb74cec ALSA: caiaq: Don't abort when no input device is available
    be62c8bb03b6 ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path
    68532b09cbfc driver core: Add kernel-doc for DEV_FLAG_COUNT enum value
    b69933e97efe crypto: authencesn - reject short ahash digests during instance creation
    e3cebcde0114 seg6: fix seg6 lwtunnel output redirect for L2 reduced encap mode
    262152ec3710 scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails
    8a1fc8d698ac rtmutex: Use waiter::task instead of current in remove_waiter()
    a954061b334e ntfs3: fix integer overflow in run_unpack() volume boundary check
    bf7ac4a1d3bf ntfs3: add buffer boundary checks to run_unpack()
    98f4ba3480b9 ktest: Fix the month in the name of the failure directory
    9d8fd84aab19 IB/core: Fix zero dmac race in neighbor resolution
    35f6b3281efd dm mirror: fix integer overflow in create_dirty_log()
    c5a45d14234b crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path
    5281e6e23023 crypto: atmel-tdes - fix DMA sync direction
    3061c9bfb3f5 crypto: ccree - fix a memory leak in cc_mac_digest()
    5b71db0780f1 crypto: hisilicon - Fix dma_unmap_single() direction
    3f92c1de3bf1 crypto: atmel-ecc - Release client on allocation failure
    b63f1e2f0e31 crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
    d78ee361b365 crypto: arm64/aes - Fix 32-bit aes_mac_update() arg treated as 64-bit
    4b7d07747400 can: ucan: fix devres lifetime
    204028af77a2 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers
    6cbf21775ee6 taskstats: set version in TGID exit notifications
    ab5fdcd53564 tcp: call sk_data_ready() after listener migration
    8bcc1cd237ab inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails
    33698bd1b2db md/raid5: validate payload size before accessing journal metadata
    09880592f5a9 md/raid5: fix soft lockup in retry_aligned_read()
    1bc1107a3a40 ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()
    ab6da97bc310 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access
    8bbed28f6b42 io_uring/poll: fix multishot recv missing EOF on wakeup race
    d26f8c361f75 mtd: docg3: fix use-after-free in docg3_release()
    980d6ba22747 mtd: docg3: Convert to platform remove callback returning void
    ddb188b88d55 KVM: nSVM: Add missing consistency check for nCR3 validity
    23ccf4affa6c KVM: nSVM: Add missing consistency check for EFER, CR0, CR4, and CS
    de6d8562a9cf KVM: nSVM: Clear tracking of L1->L2 NMI and soft IRQ on nested #VMEXIT
    c0095cef7303 KVM: nSVM: Clear EVENTINJ fields in vmcb12 on nested #VMEXIT
    83754e459c4b KVM: nSVM: Clear GIF on nested #VMEXIT(INVALID)
    ddc242a7bb44 KVM: nSVM: Always inject a #GP if mapping VMCB12 fails on nested VMRUN
    d218a0e8a63c KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested #VMEXIT
    263640149d81 KVM: nSVM: Ensure AVIC is inhibited when restoring a vCPU to guest mode
    36f36a6e4e74 KVM: SVM: Explicitly mark vmcb01 dirty after modifying VMCB intercepts
    3ac9d4241d20 KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0
    1709418535a8 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2
    702ce67817de KVM: nSVM: Sync NextRIP to cached vmcb12 after VMRUN of L2
    15003179c74d KVM: nSVM: Mark all of vmcb02 dirty when restoring nested state
    35053cdec119 KVM: x86: Defer non-architectural deliver of exception payload to userspace read
    f3deabe0f5ac userfaultfd: allow registration of ranges below mmap_min_addr
    14c643ecdc42 mm/damon/core: use time_in_range_open() for damos quota window start
    d975c077fbdc rtc: ntxec: fix OF node reference imbalance
    f92cc1d2c0b4 tpm: tpm_tis: stop transmit if retries are exhausted
    2e0fd1cb4de4 tpm: tpm_tis: add error logging for data transfer
    a866e2b1c65e crypto: talitos - rename first/last to first_desc/last_desc
    00463d5f864a crypto: talitos - fix SEC1 32k ahash request limitation
    a72815210182 arm64: dts: ti: am62-verdin: Enable pullup for eMMC data pins
    00b1d0f4e7bb mmc: sdhci-of-dwcmshc: Disable clock before DLL configuration
    0aaa43198645 mmc: block: use single block write in retry
    fdabbc881930 randomize_kstack: Maintain kstack_offset per task
    c03556448d47 power: supply: axp288_charger: Do not cancel work before initializing it
    703fb43600c2 LoongArch: Show CPU vulnerabilites correctly
    41aec1d85b88 tpm: avoid -Wunused-but-set-variable
    64282a745897 extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE'
    4b2738b93eda libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()
    92e7c209036d ipv4: icmp: validate reply type before using icmp_pointers
    2fd4f8b74930 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv
    3e75d06cf3e4 drm/arcpgu: fix device node leak
    fa0c4283efef net: ks8851: Avoid excess softirq scheduling
    640a7631d31d net: ks8851: Reinstate disabling of BHs around IRQ handler
    f0858e1d5624 net/smc: avoid early lgr access in smc_clc_wait_msg
    e98bd8888e3f net: txgbe: fix firmware version check
    8fdbb6262a4a net: rds: fix MR cleanup on copy error
    ff78ed177a66 net: qrtr: ns: Free the node during ctrl_cmd_bye()
    4069329eeba0 tools/accounting: handle truncated taskstats netlink messages
    d61482be4aae rxrpc: Fix re-decryption of RESPONSE packets
    f1c6bd0cc786 rxrpc: Fix rxkad crypto unalignment handling
    c4b8f32e73ea rxrpc: Fix memory leaks in rxkad_verify_response()
    97a97090872f iio: adc: ad7768-1: fix one-shot mode data acquisition
    528763fd6bb8 ALSA: pcmtest: Fix resource leaks in module init error paths
    c21ef73713eb ALSA: pcmtest: fix reference leak on failed device registration
    99c8060c3b33 ALSA: 6fire: Fix input volume change detection
    f537e3ad6960 ALSA: caiaq: Handle probe errors properly
    f4dfbdc1be34 ALSA: caiaq: Fix control_put() result and cache rollback
    e794e1763e80 ALSA: core: Fix potential data race at fasync handling
    fafab8b3cd57 io_uring/poll: ensure EPOLL_ONESHOT is propagated for EPOLL_URING_WAKE
    cf522703d4f1 io_uring/poll: fix signed comparison in io_poll_get_ownership()
    89ca27d6d3b2 iio: adc: ti-ads7950: use iio_push_to_buffers_with_ts_unaligned()
    44100ed1bdce io_uring/timeout: check unused sqe fields
    2f4809a879f0 rbd: fix null-ptr-deref when device_add_disk() fails
    1627d6060b45 selftests/mqueue: Fix incorrectly named file
    5d1451cb2cf6 remoteproc: xlnx: Only access buffer information if IPI is buffered
    c9d2f7b9c38c parisc: _llseek syscall is only available for 32-bit userspace
    1b4039d8f4f6 nvme: respect NVME_QUIRK_DISABLE_WRITE_ZEROES when wzsl is set
    86bffea0b9f2 nvme-pci: add NVME_QUIRK_DISABLE_WRITE_ZEROES for Kingston OM3SGP4
    ec7f47706269 mfd: stpmic1: Attempt system shutdown twice in case PMIC is confused
    965d6162dd88 md/raid10: fix deadlock with check operation and nowait requests
    222055e6b406 erofs: fix the out-of-bounds nameoff handling for trailing dirents
    8555d6990432 ALSA: seq_oss: return full count for successful SEQ_FULLSIZE writes
    25ded535ee26 ALSA: ctxfi: Add fallback to default RSR for S/PDIF
    831074ec21b4 ALSA: aoa: i2sbus: fix OF node lifetime handling
    32e0b9255726 ext2: reject inodes with zero i_nlink and valid mode in ext2_iget()
    0f313eb6a8f6 net: qrtr: ns: Fix use-after-free in driver remove()
    3a5023627ab9 media: i2c: imx219: Check return value of devm_gpiod_get_optional() in imx219_probe()
    4a34fd6b04f9 lib/ts_kmp: fix integer overflow in pattern length calculation
    a34d96381bf8 Revert "ALSA: usb: Increase volume range that triggers a warning"
    72099f015d3c PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
    2209fdae5c2f media: mtk-jpeg: fix use-after-free in release path due to uncancelled work
    e9ae00490d47 net: strparser: fix skb_head leak in strp_abort_strp()
    914c6456fcfc net: caif: clear client service pointer on teardown
    1fbe46d2b727 ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()
    42dc622776f3 media: amphion: Fix race between m2m job_abort and device_run
    0ba03e06f037 of: unittest: fix use-after-free in testdrv_probe()
    9f1cbca178c0 crypto: pcrypt - Fix handling of MAY_BACKLOG requests
    9337ed5e777e f2fs: fix to detect potential corrupted nid in free_nid_list
    f99165ef0677 spi: imx: fix use-after-free on unbind
    8c43ed08643a um: drivers: call kernel_strrchr() explicitly in cow_user.c
    cc9b6303e7ea wifi: rtw88: check for PCI upstream bridge existence
    2d1f18efccdb zram: do not forget to endio for partial discard requests
    108f2cd13577 LoongArch: Add spectre boundry for syscall dispatch table
    29166a0e732f driver core: Don't let a device probe until it's ready
    886f97fa59d0 ocfs2: split transactions in dio completion to avoid credit exhaustion
    17b399cbb9fa device property: Make modifications of fwnode "flags" thread safe
    abc6bdcbc045 regset: use kvzalloc() for regset_get_alloc()
    e620378aab78 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
    be7c5dcfd3c7 drm/amdgpu: Use vmemdup_array_user in amdgpu_bo_create_list_entry_array
    c7f4dad62813 padata: Remove comment for reorder_work
    a11a12a9880a padata: Fix pd UAF once and for all
    0b60eb04b852 Bluetooth: MGMT: Fix possible UAFs
    d0b27c41aa09 firmware: google: framebuffer: Do not mark framebuffer as busy
    fd19eb1c7504 ibmasm: fix heap over-read in ibmasm_send_i2o_message()
    a672682d39dd ibmasm: fix OOB reads in command_file_write due to missing size checks
    fc7e9a74e322 misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()
    28a2e047d037 leds: qcom-lpg: Check for array overflow when selecting the high resolution
    fa297e919d16 drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
    8775fa6e2914 ALSA: usb-audio: Evaluate packsize caps at the right place
    e3a0ebd80ae6 usb: chipidea: core: allow ci_irq_handler() handle both ID and VBUS change
    82d050713073 usb: chipidea: otg: not wait vbus drop if use role_switch
    8429841d12ca usb: xhci: Make usb_host_endpoint.hcpriv survive endpoint_disable()
    d1905dbbb7c0 ALSA: usb-audio: Fix Audio Advantage Micro II SPDIF switch
    610ba605a4f7 ALSA: usb-audio: Avoid false E-MU sample-rate notifications
    ab5ba9fd1387 ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES
    4d922539ad7d Linux 6.6.139
    ff6fc65b3bf7 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache
    8f907d345bae ptrace: slightly saner 'get_dumpable()' logic

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../linux/linux-yocto-rt_6.6.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.6.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 68c3c07ef63..d8d3d69f197 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "9708fab99d7eb8962dda82d642c468a32b6682fa"
-SRCREV_meta ?= "0a6ad7549c97f8703f1f742f73ee65d29d121958"
+SRCREV_machine ?= "742fd3c3537c966272314e48f67397f0e1d622d7"
+SRCREV_meta ?= "b043ea37245d4c669239b28a30c78c390bdafdcc"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.138"
+LINUX_VERSION ?= "6.6.140"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 52d89c713df..0fd9c36bd80 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.138"
+LINUX_VERSION ?= "6.6.140"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "72c2c9b6014dd199bb70e07e19931b8691fa08e1"
-SRCREV_meta ?= "0a6ad7549c97f8703f1f742f73ee65d29d121958"
+SRCREV_machine ?= "cd0d6d62e0e4ff344241d89f37cd6d305e1afb85"
+SRCREV_meta ?= "b043ea37245d4c669239b28a30c78c390bdafdcc"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index e077808f288..dc978f240e6 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "9d8edc5598e5c5f17ce696ce032e8dc654858450"
-SRCREV_machine:qemuarm64 ?= "c6600bc98dbafed4fcbd6f1204da6b41ef5feec2"
-SRCREV_machine:qemuloongarch64 ?= "ad053e3390f755311a4d87911c13039387767122"
-SRCREV_machine:qemumips ?= "97c272b944970f93ef93eb87f54899ccb26671f1"
-SRCREV_machine:qemuppc ?= "8dfba699cafc5b5d5f50cb8f270db9b8ae112571"
-SRCREV_machine:qemuriscv64 ?= "ad053e3390f755311a4d87911c13039387767122"
-SRCREV_machine:qemuriscv32 ?= "ad053e3390f755311a4d87911c13039387767122"
-SRCREV_machine:qemux86 ?= "ad053e3390f755311a4d87911c13039387767122"
-SRCREV_machine:qemux86-64 ?= "ad053e3390f755311a4d87911c13039387767122"
-SRCREV_machine:qemumips64 ?= "2744d8ab5ccca406c0acc17c414ff4c8e186708f"
-SRCREV_machine ?= "ad053e3390f755311a4d87911c13039387767122"
-SRCREV_meta ?= "0a6ad7549c97f8703f1f742f73ee65d29d121958"
+SRCREV_machine:qemuarm ?= "0aa210fedb89bfb9577bc20b56cc674437f85843"
+SRCREV_machine:qemuarm64 ?= "655d3dc028f830d71d9565ec8302a0e339a2de2f"
+SRCREV_machine:qemuloongarch64 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
+SRCREV_machine:qemumips ?= "b547c71f2db45462626f69a4e4bffad43ffaeddc"
+SRCREV_machine:qemuppc ?= "c1de905a03cfd9cf9de51657e7fd20ec6fb7d078"
+SRCREV_machine:qemuriscv64 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
+SRCREV_machine:qemuriscv32 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
+SRCREV_machine:qemux86 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
+SRCREV_machine:qemux86-64 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
+SRCREV_machine:qemumips64 ?= "6f0fadc3449cfed9ceac3cce845dfb9b70f9affd"
+SRCREV_machine ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
+SRCREV_meta ?= "b043ea37245d4c669239b28a30c78c390bdafdcc"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "3b9f64db049687c0d38b4b3ef2f297f0642179af"
+SRCREV_machine:class-devupstream ?= "eac8889a3a1c81d7113cc4656b9420e84c379cf5"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.138"
+LINUX_VERSION ?= "6.6.140"
 
 PV = "${LINUX_VERSION}+git"
 

[OE-core][scarthgap 28/30] linux-yocto/6.6: update to v6.6.141

[Yoann Congal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:

    0a40c6fbd105 Linux 6.6.141
    f9957ea12103 netfs: Fix potential uninitialised var in netfs_extract_user_iter()
    989214c66884 net: skbuff: propagate shared-frag marker through frag-transfer helpers
    78bf6b6bb195 net: skbuff: preserve shared-frag marker during coalescing
    9115669faedc net/rds: reset op_nents when zerocopy page pin fails
    864889ea15f0 mptcp: pm: ADD_ADDR rtx: resched blocked ADD_ADDR quicker
    013dcdc19615 mptcp: pm: ADD_ADDR rtx: fix potential data-race
    b21823f637e0 spi: sifive: fix controller deregistration
    524202b00b91 spi: sifive: Simplify clock handling with devm_clk_get_enabled()
    bf76b4a58c1a media: nxp: imx8-isi: Reduce minimum queued buffers from 2 to 0
    9c7c941d2242 spi: st-ssc4: fix controller deregistration
    d8cd9fb5e655 spi: st-ssc4: switch to use modern name
    a7fb771314fb ksmbd: validate inherited ACE SID length
    190e570cc0fc RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()
    8358a142f2a1 f2fs: fix false alarm of lockdep on cp_global_sem lock
    6b050c4cfade f2fs: fix incorrect file address mapping when inline inode is unwritten
    f63201f674ee mptcp: pm: kernel: correctly retransmit ADD_ADDR ID 0
    93a9014029e4 mptcp: pm: prio: skip closed subflows
    0750c7935feb mptcp: fix rx timestamp corruption on fastopen
    11fdbd033e4c mptcp: drop __mptcp_fastopen_gen_msk_ackseq()
    7d7c9f0fcd19 RDMA/mana: Validate rx_hash_key_len
    cc3c0a0f9657 btrfs: fix missing last_unlink_trans update when removing a directory
    397418a9456c btrfs: use btrfs inodes in btrfs_rmdir() to avoid so much usage of BTRFS_I()
    546ca2e3e55a btrfs: use inode already stored in local variable at btrfs_rmdir()
    39aba0e6d5aa smb: client: Use FullSessionKey for AES-256 encryption key derivation
    cea7d2688ded drm/v3d: Reject empty multisync extension to prevent infinite loop
    958e032618c8 eventfs: Use list_add_tail_rcu() for SRCU-protected children list
    d2a675f2e238 btrfs: fix double free in create_space_info_sub_group() error path
    1ce1ec384486 btrfs: remove fs_info argument from btrfs_sysfs_add_space_info_type()
    707cb5df3eab pmdomain: core: Fix detach procedure for virtual devices in genpd
    c7d1eb27cf37 drm/gma500/oaktrail_lvds: fix i2c adapter leaks on init
    4e04b564c005 drm/gma500/oaktrail_lvds: fix hang on init failure
    63a2b5906e15 drm/gma500/oaktrail_hdmi: fix i2c adapter leak on setup
    4eb9d07b219f drm/panfrost: Fix wait_bo ioctl leaking positive return from dma_resv_wait_timeout()
    e5eb0a29a8aa drm/i915: skip __i915_request_skip() for already signaled requests
    2776f9016f1b iommu/vt-d: Disable DMAR for Intel Q35 IGFX
    534ebc08df97 libceph: handle rbtree insertion error in decode_choose_args()
    ea0d42137f0c libceph: Fix potential out-of-bounds access in crush_decode()
    d7a65a34d245 libceph: Fix potential null-ptr-deref in decode_choose_args()
    0d2dd7e6bb74 libceph: Fix potential out-of-bounds access in osdmap_decode()
    bcbbdae1b88f netfs: fix error handling in netfs_extract_user_iter()
    cad72955f8fb powerpc/warp: Fix error handling in pika_dtm_thread
    d6bda9df0c0a io-wq: check that the predecessor is hashed in io_wq_remove_pending()
    4bfdcefdaa60 ceph: fix a buffer leak in __ceph_setxattr()
    3d3b2b01a3e7 ALSA: usb-audio: Bound MIDI endpoint descriptor scans
    fafc97bd01e4 ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans
    7eaa514be4c0 drm/i915/dp: Fix VSC dynamic range signaling for RGB formats
    b41598bf54b3 smb/client: fix possible infinite loop and oob read in symlink_data()
    a1d4f3d3c0dc ASoC: SOF: Intel: hda: Fix NULL pointer dereference
    0f9ac21618c0 ASoC: SOF: Intel: hda-dai: add support for dspless mode beyond HDAudio
    1eda406a9432 ASoC: SOF: Intel: hda-dai: remove dspless special case
    e3ccb11fc824 netfilter: nf_tables: unconditionally bump set->nelems before insertion
    dde6eca9afae KVM: x86: Fix Xen hypercall tracepoint argument assignment
    a99a25db131e KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic
    01b71b930f15 KVM: Reject wrapped offset in kvm_reset_dirty_gfn()
    5b6da42fd804 audit: enforce AUDIT_LOCKED for AUDIT_TRIM and AUDIT_MAKE_EQUIV
    810d382802a5 net: atlantic: preserve PCI wake-from-D3 on shutdown when WOL enabled
    ecca618e1e33 netfilter: nft_ct: fix missing expect put in obj eval
    151ee470edc3 audit: fix incorrect inheritable capability in CAPSET records
    b92e124ef30a netfilter: nf_conntrack_sip: get helper before allocating expectation
    0088b3328a6f workqueue: Fix wq->cpu_pwq leak in alloc_and_link_pwqs() WQ_UNBOUND path
    a5712dc25d14 i40e: Cleanup PTP pins on probe failure
    e4c4a5074532 crypto: af_alg - Cap AEAD AD length to 0x80000000
    fa6794c968d4 bonding: fix NULL pointer dereference in actor_port_prio setting
    044dcbcb19c3 netconsole: avoid out-of-bounds access on empty string in trim_newline()
    feb754bde3ef net/sched: sch_pie: annotate more data-races in pie_dump_stats()
    bf3962084183 ksmbd: validate response sizes in ipc_validate_msg()
    52b9f8099369 net: bcmgenet: fix leaking free_bds
    dda1a2e898ad net: bcmgenet: Initialize u64 stats seq counter
    f17a4850d1ce crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
    d65a64755a3d smb: client: fix OOB reads parsing symlink error response
    ba302d3abb82 smb: client: correctly handle ErrorContextData as a flexible array
    2c7d07892ef8 Revert "crypto: nx - Migrate to scomp API"
    6c9970847516 Revert "crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx"
    cb4634cb537b Revert "crypto: nx - fix context leak in nx842_crypto_free_ctx"
    02ecc0978c45 ntfs: ->d_compare() must not block
    9ccd0c1686c3 net/sched: cls_flower: revert unintended changes
    131e50acfeed sfc: fix error code in efx_devlink_info_running_versions()
    688f12aa4451 net: tls: fix strparser anchor skb leak on offload RX setup failure
    3ad2471e61e9 ice: fix NULL pointer dereference in ice_reset_all_vfs()
    bee6158b8a36 iavf: add VIRTCHNL_OP_ADD_VLAN to success completion handler
    b90697dd4b45 iavf: wait for PF confirmation before removing VLAN filters
    5936b7f29a38 iavf: stop removing VLAN filters from PF on interface down
    ee587b3b97b7 iavf: rename IAVF_VLAN_IS_NEW to IAVF_VLAN_ADDING
    3b7265b3a82f bonding: 3ad: implement proper RCU rules for port->aggregator
    2353f43d7ee7 bonding: print churn state via netlink
    fcf04d6f6943 bonding: add support for per-port LACP actor priority
    60fcd5af8279 net: bonding: add broadcast_neighbor option for 802.3ad
    ee2217012b3a bonding: 802.3ad replace MAC_ADDRESS_EQUAL with __agg_has_partner
    71d591d33dc4 drm/amd/display: Read EDID from VBIOS embedded panel info
    3dce88cf11d7 drm/amd/display: Allow DCE link encoder without AUX registers
    e3f95b1ba242 futex: Prevent lockup in requeue-PI during signal/ timeout wakeup
    d68f753d89f4 ALSA: hda/conexant: Fix missing error check for jack detection
    539604dcbf41 ALSA: hda/conexant: Renaming the codec with device ID 0x1f86 and 0x1f87
    35b7210e15a6 ALSA: hda/conexant: fix some typos
    3eaf81c3553e netconsole: propagate device name truncation in dev_name_store()
    3bc2c51a9ba1 net: netconsole: move newline trimming to function
    003b52afba79 net/sched: sch_cake: annotate data-races in cake_dump_stats() (V)
    a0f4e4e8e0f5 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()
    0928f17e86a5 ipv6: rename and move ip6_dst_lookup_tunnel()
    3bab544ae1e1 ipv4: add new arguments to udp_tunnel_dst_lookup()
    f933e5a43732 ipv4: remove "proto" argument from udp_tunnel_dst_lookup()
    0379c21610f0 ipv4: rename and move ip_route_output_tunnel()
    5cb1dd7093d3 sctp: discard stale INIT after handshake completion
    043e4b649b4b netfilter: skip recording stale or retransmitted INIT
    e3610ad82ebd ASoC: codecs: ab8500: Fix casting of private data
    b884ff67d62e drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0.3 ring
    d4e0172a1b61 drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0 ring
    ee035a9d3eed drm/amdgpu/jpeg: set no_user_fence for JPEG v3.0 ring
    63691e396105 drm/amdgpu/jpeg: set no_user_fence for JPEG v2.5 ring
    f675801889b2 drm/amdgpu/jpeg: set no_user_fence for JPEG v2.0 ring
    c12a5d35033c drm/amdgpu/vcn: set no_user_fence for VCN v4.0.3 enc ring
    e74fc9c72c1b drm/amdgpu/vcn: set no_user_fence for VCN v3.0 enc/dec rings
    2c6fb056567e drm/amdgpu/vcn: set no_user_fence for VCN v2.5 enc/dec rings
    f264019be80d drm/amdgpu/vcn: set no_user_fence for VCN v2.0 enc/dec rings
    b233ba52fd2e net: phy: dp83869: fix setting CLK_O_SEL field.
    47d017fe3159 net: mctp i2c: check length before marking flow active
    924b961d293c ALSA: usb-audio: Fix potential leak of pd at parsing UAC3 streams
    9247d59ca15b neigh: let neigh_xmit take skb ownership
    dbe42409bfeb neighbour: add RCU protection to neigh_tables[]
    ec2501e361b0 net/sched: taprio: fix NULL pointer dereference in class dump
    0d0dd383ac4d NFC: trf7970a: Ignore antenna noise when checking for RF field
    17e23e815008 net: usb: rtl8150: free skb on usb_submit_urb() failure in xmit
    5db090ca07b2 net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()
    3db8d078f7f6 vrf: Fix a potential NPD when removing a port from a VRF
    d4f8505517ff net/sched: sch_fq_pie: annotate data-races in fq_pie_dump_stats()
    229ad4b2dd86 net/sched: sch_choke: annotate data-races in choke_dump_stats()
    bd426bda5741 net/sched: netem: check for negative latency and jitter
    5c4fe716511d net/sched: netem: fix slot delay calculation overflow
    3a3698b96688 net/sched: netem: validate slot configuration
    116f10027e61 net/sched: netem: only reseed PRNG when seed is explicitly provided
    39a66e83ea41 net/sched: netem: fix queue limit check to include reordered packets
    d2a74e0ea346 net/sched: netem: fix probability gaps in 4-state loss model
    818f7673ed7f netdevsim: zero initialize struct iphdr in dummy sk_buff
    47421f8401fc cdrom, scsi: sr: propagate read-only status to block layer via set_disk_ro()
    ea6e650b079e arm64/scs: Fix potential sign extension issue of advance_loc4
    b933de804c84 drm/sysfb: ofdrm: fix PCI device reference leaks
    8524b1c04adc spi: rockchip: Read ISR, not IMR, to detect cs-inactive IRQ
    ea2ecd29b8f4 netfilter: nf_conntrack_sip: don't use simple_strtoul
    82664d0f1ba2 netfilter: xt_policy: fix strict mode inbound policy matching
    f60bc289c555 drm/amdgpu/gfx6: Support harvested SI chips with disabled TCCs (v2)
    da602e831334 drm/amdgpu/uvd3.1: Don't validate the firmware when already validated
    03011db69f5e drm/amdgpu: fix spelling typos
    8c4254c8f583 drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG
    1b8595d126ea nvme-pci: fix missed admin queue sq doorbell write
    ad9973df8e0e netfilter: arp_tables: fix IEEE1394 ARP payload parsing
    d7c8f95f599b nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers
    cbf460bf9492 tracing: branch: Fix inverted check on stat tracer registration
    f8f643d5ebef btrfs: fix double-decrement of bytes_may_use in submit_one_async_extent()
    03d3739a830e mailbox: mailbox-test: make data_ready a per-instance variable
    75a365c69bb7 mailbox: mailbox-test: initialize struct earlier
    3afca89fae50 mailbox: mailbox-test: don't free the reused channel
    14aed0d4e583 mailbox: add sanity check for channel array
    0a0ac6cd2e46 cgroup/rdma: fix integer overflow in rdmacg_try_charge()
    81c9e7e4030e mailbox: mailbox-test: free channels on probe error
    0d2edd20b61b fbdev: offb: fix PCI device reference leak on probe failure
    86094f62ba21 rtc: abx80x: Disable alarm feature if no interrupt attached
    a11372a8b1ce fs/adfs: validate nzones in adfs_validate_bblk()
    0897ccf6e930 vhost_net: fix sleeping with preempt-disabled in vhost_net_busy_poll()
    0274f24485fc tipc: fix double-free in tipc_buf_append()
    0ace0ce02911 nfp: fix swapped arguments in nfp_encode_basic_qdr() calls
    6bedc3ff4ba4 net: dsa: realtek: rtl8365mb: fix mode mask calculation
    d394093ed06e net/sched: sch_sfb: annotate data-races in sfb_dump_stats()
    86a6243d8654 net/sched: sch_red: annotate data-races in red_dump_stats()
    717bec018ce1 net/sched: sch_fq_codel: remove data-races from fq_codel_dump_stats()
    7bdb2b038c35 net/sched: sch_pie: annotate data-races in pie_dump_stats()
    046b2d8c9606 net_sched: sch_hhf: annotate data-races in hhf_dump_stats()
    b6ba93a7b71e net/rds: zero per-item info buffer before handing it to visitors
    1ff46c9915c1 ksmbd: scope conn->binding slowpath to bound sessions only
    407b6e699ba8 ksmbd: fix durable fd leak on ClientGUID mismatch in durable v2 open
    27fca12b9c2c ksmbd: destroy async_ida in ksmbd_conn_free()
    8a3cd890fd2a ksmbd: add support for supplementary groups
    234681c54581 ksmbd: Use struct_size() to improve smb_direct_rdma_xmit()
    1f3235364037 ksmbd: destroy tree_conn_ida in ksmbd_session_destroy()
    8db8727ea8d1 arm64: dts: meson-gxl-p230: fix ethernet PHY interrupt number
    37537e42e6df slip: bound decode() reads against the compressed packet length
    c6980e8b1a86 slip: reject VJ receive packets on instances with no rstate array
    5d05de2f0928 netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check
    32e50f92c7cf netfilter: nfnetlink_osf: fix out-of-bounds read on option matching
    5241a3ab2c77 ipvs: fix MTU check for GSO packets in tunnel mode
    cbeb259f3138 netfilter: xtables: restrict several matches to inet family
    1c9fb8aeed06 netfilter: conntrack: remove sprintf usage
    8def8fbd23f4 netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO
    554cc061ca13 netfilter: nft_osf: restrict it to ipv4
    f9ef3db77a38 openvswitch: cap upcall PID array size and pre-size vport replies
    8a5e840babc5 pppoe: drop PFC frames
    d67fbc6dea5d sctp: fix OOB write to userspace in sctp_getsockopt_peer_auth_chunks
    0069813e6ca9 ipv6: fix possible UAF in icmpv6_rcv()
    733a1b310297 e1000e: Unroll PTP in probe error handling
    8a254c6db3ee i40e: don't advertise IFF_SUPP_NOFCS
    ca6f9d9aee54 ice: fix double-free of tx_buf skb
    a753619ffecf ice: Remove jumbo_remove step from TX path
    982a56c888d3 tcp: annotate data-races around tp->plb_rehash
    993847e92765 tcp: annotate data-races around (tp->write_seq - tp->snd_nxt)
    a445beb84c83 tcp: annotate data-races around tp->dsack_dups
    60db862ea01e tcp: annotate data-races around tp->bytes_retrans
    3e1b40e4f186 tcp: annotate data-races around tp->bytes_sent
    409a02760834 tcp: add data-race annotations around tp->data_segs_out and tp->total_retrans
    eee072fe16c6 net/sched: taprio: fix use-after-free in advance_sched() on schedule switch
    aaac3bed0342 nexthop: fix IPv6 route referencing IPv4 nexthop
    616db97e3aff net/sched: sch_cake: fix NAT destination port not being updated in cake_update_flowkeys
    497925275838 macvlan: fix macvlan_get_size() not reserving space for IFLA_MACVLAN_BC_CUTOFF
    f250c3772dd7 arm64: dts: imx8mm-tqma8mqml: Correct PAD settings for PMIC_nINT
    0fa0bcdebeb0 arm64: dts: imx8mn-tqma8mqnl: Correct PAD settings for PMIC_nINT
    3098c905af2f arm64: dts: imx8mm-emtop-som: Correct PAD settings for PMIC_nINT
    6d9f35fe4638 PCMCIA: Fix garbled log messages for KERN_CONT
    ca962d175543 arm64: dts: imx8mp-data-modul-edm-sbc: Correct PAD settings for PMIC_nINT
    7adb32513191 arm64: dts: imx8mp-dhcom-som: Correct PAD settings for PMIC_nINT
    640aea541eba arm64: dts: imx8mp-icore-mx8mp: Correct PAD settings for PMIC_nINT
    1f285713fb8d arm64: dts: imx8mp-debix-som-a: Correct PAD settings for PMIC_nINT
    827ccceff758 arm64: dts: imx8mp-debix-model-a: Correct PAD settings for PMIC_nINT
    eecee15e263c crypto: ccp - copy IV using skcipher ivsize
    f19a744d5271 crypto: sa2ul - Fix AEAD fallback algorithm names
    424df78c8a64 drm/i915/wm: Verify the correct plane DDB entry
    ed5ca5d5b97c drm/i915: Loop over all active pipes in intel_mbus_dbox_update
    c2577b18c6e2 drm/i915: Extract intel_dbuf_mdclk_cdclk_ratio_update()
    c5de9ff7939b drm/i915: Simplify watermark state checker calling convention
    73abb7c1fffd drm/i915: Constify watermark state checker
    cea15f66b7b6 f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()
    756d1a3954fe f2fs: Use sysfs_emit_at() to simplify code
    21fe517179f3 clk: visconti: pll: initialize clk_init_data to zero
    caa74d80d749 lib/hexdump: print_hex_dump_bytes() calls print_hex_dump_debug()
    db62a24a07b3 clk: qcom: dispcc-sc7180: Add missing MDSS resets
    5db0537ddef4 dt-bindings: clock: qcom,dispcc-sc7180: Define MDSS resets
    166db4ebae34 clk: xgene: Fix mapping leak in xgene_pllclk_init()
    bf94322387ab clk: qoriq: avoid format string warning
    4ba394f83b3c clk: imx8mq: Correct the CSI PHY sels
    a778bbd3ab28 clk: imx: imx6q: Fix device node reference leak in of_assigned_ldb_sels()
    0d2ba7e2e4c6 clk: imx: imx6q: Fix device node reference leak in pll6_bypassed()
    235c36a86cb7 clk: qcom: dispcc-sm8250: Enable parents for pixel clocks
    081d334fe42d clk: qcom: dispcc-sm8250: Use shared ops on the mdss vsync clk
    d18b05a09142 clk: qcom: gcc-sc8180x: Use retention for PCIe power domains
    9b54ebbe5d2f clk: qcom: gcc-sc8180x: Use retention for USB power domains
    a4cee425ae6b clk: qcom: gcc-sc8180x: Add missing GDSCs
    9109efceb709 dt-bindings: clock: qcom,gcc-sc8180x: Add missing GDSCs
    d7aef29573c7 scsi: target: core: Fix integer overflow in UNMAP bounds check
    b6007cfea4ed clk: qcom: dispcc-sc8280xp: remove CLK_SET_RATE_PARENT from byte_div_clk_src dividers
    c5f4a211e82d scsi: sg: Resolve soft lockup issue when opening /dev/sgX
    d85a906b4e51 scsi: sg: Fix sysctl sg-big-buff register during sg_init()
    f9c921fd5264 scsi: sg: Make sg_sysfs_class constant
    fa4e1c583c9d clk: qcom: dispcc-sm8450: use RCG2 ops for DPTX1 AUX clock source
    137b5918931d RDMA/core: Prefer NLA_NUL_STRING
    ba0843c19558 platform/x86: dell-wmi-sysman: bound enumeration string aggregation
    622754397ac5 platform/x86: dell_rbu: avoid uninit value usage in packet_size_write()
    0b11fcbe80a5 fs/ntfs3: terminate the cached volume label after UTF-8 conversion
    a7fd0d0cb43f nfs/blocklayout: Fix compilation error (`make W=1`) in bl_write_pagelist()
    ccfa51ea8a40 mfd: mc13xxx-core: Fix memory leak in mc13xxx_add_subdevice_pdata()
    3d0e610c43cb platform/x86: panasonic-laptop: Fix OPTD notifier registration and cleanup
    fed8b8f33a46 tty: hvc_iucv: fix off-by-one in number of supported devices
    61599d438e2d leds: lgm-sso: Remove duplicate assignments for priv->mmap
    bc7998e70fa7 platform/surface: surfacepro3_button: Drop wakeup source on remove
    e87c4c0095ac backlight: sky81452-backlight: Check return value of devm_gpiod_get_optional() in sky81452_bl_parse_dt()
    c5be52529ad8 dev_printk: add new dev_err_probe() helpers
    10bb319b0b18 i3c: mipi-i3c-hci: fix IBI payload length calculation for final status
    54dc499e5cb3 perf util: Kill die() prototype, dead for a long time
    2f3548314715 ipmi: ssif_bmc: change log level to dbg in irq callback
    bffedb7a72e6 ipmi: ssif_bmc: fix message desynchronization after truncated response
    7d2a487c275c ipmi: ssif_bmc: fix missing check for copy_to_user() partial failure
    128845823138 perf expr: Return -EINVAL for syntax error in expr__find_ids()
    ea0078135c6a perf lock: Fix option value type in parse_max_stack
    9bab7d2a2850 pinctrl: abx500: Fix type of 'argument' variable
    92170bd2eadd perf: tools: cs-etm: Fix print issue for Coresight debug in ETE/TRBE trace
    aceabce300c3 perf branch: Avoid incrementing NULL
    8fe5240c7bd8 pinctrl: cy8c95x0: Avoid returning positive values to user space
    03e71cc07cba pinctrl: cy8c95x0: Unify messages with help of dev_err_probe()
    091709439f88 pinctrl: cy8c95x0: remove duplicate error message
    a79fdd593c84 pinctrl: pinctrl-pic32: Fix resource leak
    d216b34a9f69 bpf, arm32: Reject BPF-to-BPF calls and callbacks in the JIT
    699e16e65962 bpf: allow UTF-8 literals in bpf_bprintf_prepare()
    520454e83971 bpf: Fix NULL deref in map_kptr_match_type for scalar regs
    2f954f8a04b7 bpf: Fix precedence bug in convert_bpf_ld_abs alignment check
    d0d124dbcef9 bpf, sockmap: Take state lock for af_unix iter
    a94d3dd78ee8 bpf, sockmap: Fix af_unix null-ptr-deref in proto update
    3cef33b9813b bpf, sockmap: Fix af_unix iter deadlock
    7fd3b41260c6 bpf, arm64: Fix off-by-one in check_imm signed range check
    ad4505d2ab3a HID: usbhid: fix deadlock in hid_post_reset()
    5897c1dd1bfe mtd: rawnand: sunxi: fix sunxi_nfc_hw_ecc_read_extra_oob
    295757c3b9de mtd: parsers: ofpart: call of_node_get() for dedicated subpartitions
    560c0456e613 mtd: parsers: ofpart: call of_node_put() only in ofpart_fail path
    cca2c083cfcb mtd: spi-nor: swp: check SR_TB flag when getting tb_mask
    b194ae62e9e7 mtd: spi-nor: update spi_nor_fixups::post_sfdp() documentation
    301e85ff299b mtd: spi-nor: sfdp: introduce smpt_map_id fixup hook
    2e472d2bdc14 mtd: spi-nor: sfdp: introduce smpt_read_dummy fixup hook
    036a794e7d7f mtd: spi-nor: core: correct the op.dummy.nbytes when check read operations
    fab6b870dfe6 dt-bindings: interrupt-controller: arm,gic-v3: Fix EPPI range
    ba91de4f0f98 mtd: physmap_of_gemini: Fix disabled pinctrl state check
    033939479b10 HID: asus: do not abort probe when not necessary
    08c4fa3f5a9b HID: asus: make asus_resume adhere to linux kernel coding standards
    5dcb51558e78 ima: check return value of crypto_shash_final() in boot aggregate
    9399a9298935 tracing: Rebuild full_name on each hist_field_name() call
    c258fbf57113 soundwire: cadence: Clear message complete before signaling waiting thread
    0b73d5dfa3fe dmaengine: mxs-dma: Fix missing return value from of_dma_controller_register()
    5acbbb205a1c soundwire: bus: demote UNATTACHED state warnings to dev_dbg()
    faa66f358d30 dmaengine: dw-axi-dmac: Remove unnecessary return statement from void function
    b9ae3942deec ocfs2: validate group add input before caching
    bb3c54d1e715 ocfs2: validate bg_bits during freefrag scan
    d919b905939e ocfs2: fix listxattr handling when the buffer is full
    f1e38ba97b1a ARM: dts: imx27-eukrea: replace interrupts with interrupts-extended
    064494145a70 arm64/xor: fix conflicting attributes for xor_block_template
    08c073e8f8d5 ARM: OMAP1: Fix DEBUG_LL and earlyprintk on OMAP16XX
    96a30f7cb8e0 arm64: dts: qcom: sm8250: Add missing CPU7 3.09GHz OPP
    ccff9145cd52 soc: qcom: aoss: compare against normalized cooling state
    d672c7623306 soc: qcom: llcc: fix v1 SB syndrome register offset
    819d8ebad320 ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison
    f37de46149db ocfs2/dlm: validate qr_numregions in dlm_match_regions()
    813a47b03090 unshare: fix nsproxy leak in ksys_unshare() on set_cred_ucounts() failure
    39a8c0df2d5a soc/tegra: cbb: Set ERD on resume for err interrupt
    b87992ddf49a arm64: dts: imx8qxp-mek: switch Type-C connector power-role to dual
    7d6481cf2987 arm64: dts: qcom: sdm845-xiaomi-beryllium: Mark l1a regulator as powered during boot
    03d523e50662 arm64: dts: qcom: sm7225-fairphone-fp4: Fix conflicting bias pinctrl
    a37e61cde05a arm64: dts: qcom: sm8550: Enable UHS-I SDR50 and SDR104 SD card modes
    7ce6aa2eca26 arm64: dts: qcom: sm8450: Enable UHS-I SDR50 and SDR104 SD card modes
    1563a05cf920 arm64: dts: qcom: sm8550: Fix xo clock supply of platform SD host controller
    4322d8c7af96 arm64: dts: qcom: sm8550: Fix GIC_ITS range length
    97bacd872319 arm64: dts: qcom: sm8450: Fix GIC_ITS range length
    1e014285a3cd soc: qcom: ocmem: return -EPROBE_DEFER is ocmem is not available
    9f54516bce15 soc: qcom: ocmem: register reasons for probe deferrals
    d45c46c0e84f soc: qcom: ocmem: use scoped device node handling to simplify error paths
    1637ce361b1d soc: qcom: ocmem: make the core clock optional
    2ecad03d6c5d arm64: dts: qcom: msm8953-xiaomi-daisy: fix backlight
    5a0dcba6178f arm64: dts: qcom: msm8953-xiaomi-vince: correct wled ovp value
    5b94fe0879bc arm64: dts: mediatek: mt7986a: Fix gpio-ranges pin count
    167e5fa8feee arm64: dts: mediatek: mt6795: Fix gpio-ranges pin count
    fe1d1423c524 iommufd: vfio compatibility extension check for noiommu mode
    700e54a2beba arm64: dts: imx8mp-evk: Enable pull select bit for PCIe regulator GPIO (M.2 W_DISABLE1)
    036f599234e4 arm64: dts: imx8-apalis: Fix LEDs name collision
    cecc17692ebf memory: tegra30-emc: Fix dll_change check
    7e19e72f3064 memory: tegra124-emc: Fix dll_change check
    c13c938a8058 ARM: dts: mediatek: mt7623: fix efuse fallback compatible
    8fcefe840fa8 ksmbd: fix use-after-free from async crypto on Qualcomm crypto engine
    8be69e9245f8 efi/capsule-loader: fix incorrect sizeof in phys array reallocation
    233a0945a4b1 gfs2: prevent NULL pointer dereference during unmount
    bf5fcd9c37c2 gfs2: add some missing log locking
    6678dde26570 quota: Fix race of dquot_scan_active() with quota deactivation
    f57b68b36571 ktest: Run POST_KTEST hooks on failure and cancellation
    aa6b9e38086c ktest: Honor empty per-test option overrides
    5bddd0d3a926 ktest: Avoid undef warning when WARNINGS_FILE is unset
    232d67974a61 gfs2: Call unlock_new_inode before d_instantiate
    18216b8ab690 crypto: jitterentropy - replace long-held spinlock with mutex
    f57498d2bf16 dm cache: fix missing return in invalidate_committed's error path
    3a77b05ff2c4 ALSA: sc6000: Keep the programmed board state in card-private data
    dcbc2e2b2434 ALSA: sc6000: Use standard print API
    3e79a563377a spi: mtk-snfi: unregister ECC engine on probe failure and remove() callback
    fa7881f3b627 PCI: dwc: Apply ECRC workaround to DesignWare 5.00a as well
    bf98711d2f33 PCI: tegra194: Use DWC IP core version
    5d9c9dfef907 PCI: tegra194: Allow system suspend when the Endpoint link is not up
    2c87f49f2082 PCI: tegra194: Disable direct speed change for Endpoint mode
    272e9c4bcae8 PCI: tegra194: Use devm_gpiod_get_optional() to parse "nvidia,refclk-select"
    997122b96544 PCI: tegra194: Disable PERST# IRQ only in Endpoint mode
    39564f51567e PCI: tegra194: Don't force the device into the D0 state before L2
    e81f33968542 PCI: tegra194: Rename 'root_bus' to 'root_port_bus' in tegra_pcie_downstream_dev_to_D0()
    fdb9c5a3a627 PCI: tegra194: Disable LTSSM after transition to Detect on surprise link down
    8aa59b1e53a7 PCI: tegra194: Increase LTSSM poll time on surprise link down
    8f26b92dc606 PCI: tegra194: Fix polling delay for L2 state
    9e225563c5a9 ASoC: SOF: compress: return the configured codec from get_params
    2721d23db2e9 ALSA: scarlett2: Add missing sentinel initializer field
    7e805fdb16dc selftest: memcg: skip memcg_sock test if address family not supported
    05a3fd57cdfa Documentation: fix a hugetlbfs reservation statement
    11a810989a4d selftests/mm: skip migration tests if NUMA is unavailable
    07a5ecb94768 PCI: mediatek-gen3: Prevent leaking IRQ domains when IRQ not found
    0afb2eca25be PCI: Enable AtomicOps only if Root Port supports them
    9f1daac27ca2 ASoC: rsnd: Fix potential out-of-bounds access of component_dais[]
    5f1035ba3ed9 crypto: qat - use swab32 macro
    1ac96689ce29 ASoC: qcom: qdsp6: topology: check widget type before accessing data
    d39e8c3724a6 ASoC: fsl_easrc: Change the type for iec958 channel status controls
    4d427d3f507a ASoC: fsl_easrc: Fix value type in fsl_easrc_iec958_get_bits()
    a2e9527bc88e ASoC: fsl_easrc: Check the variable range in fsl_easrc_iec958_put_bits()
    4428887805ef ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_mode_put()
    0dddb5642d64 ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_arc_mode_put()
    ceb388682ea1 ASoC: fsl_micfil: Fix event generation in micfil_quality_set()
    4605327fd688 ASoC: fsl_micfil: Fix event generation in micfil_put_dc_remover_state()
    a6bc5432055b ASoC: fsl_micfil: Fix event generation in hwvad_put_init_mode()
    62c4ab11840d ASoC: fsl_micfil: Fix event generation in hwvad_put_enable()
    6adc82ff2f20 ASoC: fsl_micfil: Add access property for "VAD Detected"
    4ba05463862c pmdomain: imx: scu-pd: Fix device_node reference leak during ->probe()
    3a73abb39037 pmdomain: ti: omap_prm: Fix a reference leak on device node
    bad87bdd52f5 drm/msm/a6xx: Use barriers while updating HFI Q headers
    98fce340ec48 drm/msm/shrinker: Fix can_block() logic
    679a533d2235 drm/msm/a6xx: Fix HLSQ register dumping
    f101e4ebf1fc ASoC: SOF: Intel: hda: Place check before dereference
    2958b391d9c5 ALSA: hda/realtek: fix code style (ERROR: else should follow close brace '}')
    ad08dd4476eb drm/amd/pm/smu7: Add SCLK cap for quirky Hawaii board
    ef1c7aaa1319 drm/amd/pm/ci: Fill DW8 fields from SMC
    9e6d83f651ac drm/amd/pm/ci: Clear EnabledForActivity field for memory levels
    4cf77e3298e4 drm/amd/pm/ci: Fix powertune defaults for Hawaii 0x67B0
    37f93b3159fa drm/amd/pm/smu7: Fix SMU7 voltage dependency on display clock
    cc88a98c873b drm/amd/pm/ci: Disable MCLK DPM on problematic CI ASICs
    33da7d5b6a50 drm/amd/pm/ci: Use highest MCLK on CI when MCLK DPM is disabled
    9a7f12105f0e ALSA: core: Validate compress device numbers without dynamic minors
    0558d1b0b5f0 drm/panel: simple: Correct G190EAN01 prepare timing
    c4fc7ed73a0a drm/panel: sharp-ls043t1le01: make use of prepare_prev_first
    97d360a0112e drm/msm/dsi: rename MSM8998 DSI version from V2_2_0 to V2_0_0
    af6825d3e446 drm/msm/dsi: add the missing parameter description
    9830999c9e06 drm/msm/dpu: fix mismatch between power and frequency
    94d99e853617 spi: hisi-kunpeng: prevent infinite while() loop in hisi_spi_flush_fifo
    8ebaa3deb04f drm/amdgpu/gfx10: look at the right prop for gfx queue priority
    a6d44f477000 padata: Put CPU offline callback in ONLINE section to allow failure
    0e664e99abb4 padata: Remove cpu online check from cpu add and removal
    39024f54f098 crypto: atmel-aes - guard unregister on error in atmel_aes_register_algs
    59fce560694d crypto: atmel - Use unregister_{aeads,ahashes,skciphers}
    60c571a7d8d0 crypto: atmel - Remove cfb and ofb
    3cd5cae11afa fbdev: matroxfb: Mark variable with __maybe_unused to avoid W=1 build break
    6f866e941a7e dm init: ensure device probing has finished in dm-mod.waitfor=
    5af3d8f2acb6 drm/amdgpu: Add default case in DVI mode validation
    ef0d045ebbaf drm/sun4i: Fix resource leaks
    6040b24095a8 spi: fsl-qspi: Use reinit_completion() for repeated operations
    dc97ec849559 drm/bridge: cadence: cdns-mhdp8546-core: Handle HDCP state in bridge atomic check
    b01a582c8c6f drm/bridge: cadence: cdns-mhdp8546-core: Add mode_valid hook to drm_bridge_funcs
    5302015daf26 drm/bridge: cadence: cdns-mhdp8546-core: Set the mhdp connector earlier in atomic_enable()
    d4ac87567f86 dm log: fix out-of-bounds write due to region_count overflow
    15c30997dca6 dm cache metadata: fix memory leak on metadata abort retry
    2ebe1ab83292 platform/chrome: chromeos_tbmc: Drop wakeup source on remove
    12105c7f1837 dm cache: fix dirty mapping checking in passthrough mode switching
    89e04987574a dm cache: support shrinking the origin device
    d90accff225f dm cache: fix concurrent write failure in passthrough mode
    ac5ee9944389 dm cache policy smq: fix missing locks in invalidating cache blocks
    ecb10c193cbe dm cache: fix write hang in passthrough mode
    ceff6df26691 dm cache: fix write path cache coherency in passthrough mode
    0aa745fea1f8 dm cache: fix null-deref with concurrent writes in passthrough mode
    002a5f925d42 ASoC: sti: use managed regmap_field allocations
    686a6b305ec8 ASoC: sti: Return errors from regmap_field_alloc()
    cf615b90a11a drm/sun4i: backend: fix error pointer dereference
    d8a541906860 drm/komeda: fix integer overflow in AFBC framebuffer size check
    866d3d9b8775 net, bpf: fix null-ptr-deref in xdp_master_redirect() for down master
    1943e71a0d6a sctp: fix missing encap_port propagation for GSO fragments
    cc4dead22ede net: phy: qcom: at803x: Use the correct bit to disable extended next page
    22f22f1346b4 net: phy: move at803x PHY driver to dedicated directory
    e30356c3cf2f net: phy: add Rust Asix PHY driver
    014860036d1f net: phy: aquantia: move to separate directory
    77a853aec710 Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp
    6b4d226d01ab Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER
    a673cf6c4ac7 Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error
    315acf971d75 Bluetooth: L2CAP: Fix printing wrong information if SDU length exceeds MTU
    0a04db240eff bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb
    61a9b216ca5b net/mlx5e: IPsec, fix ASO poll timeout with read_poll_timeout_atomic()
    02c1256f1990 net/mlx5e: Fix features not applied during netdev registration
    4f1ca61e5311 dt-bindings: net: dsa: nxp,sja1105: make spi-cpol optional for sja1110
    b3682e7ad450 net: ipa: Fix decoding EV_PER_EE for IPA v5.0+
    f7361841d0ce net: ipa: Fix programming of QTIME_TIMESTAMP_CFG
    954745d0223e ppp: require CAP_NET_ADMIN in target netns for unattached ioctls
    e19c5ed9f192 bpf: Fix OOB in pcpu_init_value
    07035306bf72 net/rds: Restrict use of RDS/IB to the initial network namespace
    2c7883d606aa net/rds: Optimize rds_ib_laddr_check
    f23424a0ddad net/sched: act_ct: Only release RCU read lock after ct_ft
    e9cf4018d742 net: hamradio: 6pack: fix uninit-value in sixpack_receive_buf
    f4ed5d750b4a 6pack: propagage new tty types
    b1f7158a86f3 bpf: Fix RCU stall in bpf_fd_array_map_clear()
    8849b50e81a2 netfilter: nft_fwd_netdev: check ttl/hl before forwarding
    9ca570236cc0 netfilter: xt_socket: enable defrag after all other checks
    e8206538cbaf net: bcmgenet: fix racing timeout handler
    1b0865a6efce net: bcmgenet: switch to use 64bit statistics
    991cd78f95f2 net: bcmgenet: support reclaiming unsent Tx packets
    355b61569e84 net: bcmgenet: move DESC_INDEX flow to ring 0
    df3a1bb0ae1a net: bcmgenet: add bcmgenet_has_* helpers
    d650d12d58ef net: bcmgenet: Remove custom ndo_poll_controller()
    2a7459017042 net: bcmgenet: fix off-by-one in bcmgenet_put_txcb
    03d97b558d80 arm64: kexec: Remove duplicate allocation for trans_pgd
    0e72fd7f05ae ACPI: AGDI: fix missing newline in error message
    3ff85ae79e1a bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()
    26b380a3ca0b bpf: Drop task_to_inode and inet_conn_established from lsm sleepable hooks
    d3f280be48f1 wifi: brcmfmac: Fix error pointer dereference
    a713b72ff88c bpf: Fix stale offload->prog pointer after constant blinding
    b4b5a20bed82 bpf: fix end-of-list detection in cgroup_storage_get_next_key()
    1aa61a6f42ad macvlan: annotate data-races around port->bc_queue_len_used
    0adec27bde44 selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15
    81bc3a2ccc37 selftests/powerpc: Re-order *FLAGS to follow lib.mk
    7ca35863213c powerpc/crash: fix backup region offset update to elfcorehdr
    6e474972b85e r8152: fix incorrect register write to USB_UPHY_XTAL
    ea04b9881534 wifi: rtw89: phy: fix uninitialized variable access in rtw89_phy_cfo_set_crystal_cap()
    571a05ea1baa bpf: Use RCU-safe iteration in dev_map_redirect_multi() SKB path
    eefe0c2ea2c3 bpf, devmap: Remove unnecessary if check in for loop
    6d5202409467 wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work()
    66f2a0becd35 wifi: mt76: mt7996: fix struct mt7996_mcu_uni_event
    6cf44608d5e6 arm64: cpufeature: Make PMUVer and PerfMon unsigned
    63fe66f10283 wifi: mt76: mt7996: fix FCS error flag check in RX descriptor
    4dd75a78cdfb wifi: mt76: mt7915: fix use_cts_prot support
    382cbdf6e484 wifi: mt76: mt7615: fix use_cts_prot support
    c8e46d0664c4 wifi: mt76: mt7921: Reset ampdu_state state in case of failure in mt76_connac2_tx_check_aggr()
    231b895daa02 module: Fix freeing of charp module parameters when CONFIG_SYSFS=n
    e6962cb18a89 params: Replace __modinit with __init_or_module
    edc90a12073b s390/bpf: Zero-extend bpf prog return values and kfunc arguments
    e70b9c2292cc dpaa2: compile dpaa2 even CONFIG_FSL_DPAA2_ETH=n
    6e8d309bc69b dpaa2: add independent dependencies for FSL_DPAA2_SWITCH
    c7ad31fb948f bpf: test_run: Fix the null pointer dereference issue in bpf_lwt_xmit_push_encap
    5d81743ee3cc bpf: Add CHECKSUM_COMPLETE to bpf test progs
    008c456b76e9 wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet
    255cc1d30f32 wifi: mwifiex: Fix memory leak in mwifiex_11n_aggregate_pkt()
    a5af71c6181e firmware: dmi: Correct an indexing error in dmi.h
    240f832a9c20 locking: Fix rwlock support in <linux/spinlock_up.h>
    ca2d280b9b38 hrtimer: Reduce trace noise in hrtimer_start()
    ece8be21d8c9 hrtimer: Avoid pointless reprogramming in __hrtimer_start_range_ns()
    16774f7333fc hrtimers: Update the return type of enqueue_hrtimer()
    b54f14e1460c irqchip/irq-pic32-evic: Address warning related to wrong printf() formatter
    c4295487124f s390/cio: use generic driver_override infrastructure
    9d606425a752 s390/cio: convert sprintf()/snprintf() to sysfs_emit()
    3d0cfecf4ff7 s390/cio: make sch->lock spinlock pointer a member
    6325eea40a95 debugfs: fix placement of EXPORT_SYMBOL_GPL for debugfs_create_str()
    f9c489418b8e debugfs: check for NULL pointer in debugfs_create_str()
    fc6ecb4b8ef9 thermal/drivers/spear: Fix error condition for reading st,thermal-flags
    f75ea8cdca54 devres: fix missing node debug info in devm_krealloc()
    d172f1c8a8b3 ACPI: x86: cmos_rtc: Improve coordination with ACPI TAD driver
    9a6f4d85a016 ACPI: x86: cmos_rtc: Clean up address space handler driver
    da8255040938 pstore/ram: fix resource leak when ioremap() fails
    4048ed98860d blk-cgroup: fix disk reference leak in blkcg_maybe_throttle_current()
    b88f905d4449 nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()
    5dd9d864eb96 loop: fix partition scan race between udev and loop_reread_partitions()
    282e06e6d494 drbd: Balance RCU calls in drbd_adm_dump_devices()
    131ea3e57fc2 fs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_START
    467289e0d0f2 blk-cgroup: wait for blkcg cleanup before initializing new disk

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../linux/linux-yocto-rt_6.6.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.6.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index d8d3d69f197..5fcf0f81d7c 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "742fd3c3537c966272314e48f67397f0e1d622d7"
-SRCREV_meta ?= "b043ea37245d4c669239b28a30c78c390bdafdcc"
+SRCREV_machine ?= "7bb6512fc5dc7b1191867beadc83b3ce216a2037"
+SRCREV_meta ?= "020f8355dc905686f3c125ec87ce4d21a5966750"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.140"
+LINUX_VERSION ?= "6.6.141"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 0fd9c36bd80..0bd1ae9ad2d 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.140"
+LINUX_VERSION ?= "6.6.141"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "cd0d6d62e0e4ff344241d89f37cd6d305e1afb85"
-SRCREV_meta ?= "b043ea37245d4c669239b28a30c78c390bdafdcc"
+SRCREV_machine ?= "90e2be4f80d73789176eab3679ef12ec164d594f"
+SRCREV_meta ?= "020f8355dc905686f3c125ec87ce4d21a5966750"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index dc978f240e6..f684fac7242 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "0aa210fedb89bfb9577bc20b56cc674437f85843"
-SRCREV_machine:qemuarm64 ?= "655d3dc028f830d71d9565ec8302a0e339a2de2f"
-SRCREV_machine:qemuloongarch64 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
-SRCREV_machine:qemumips ?= "b547c71f2db45462626f69a4e4bffad43ffaeddc"
-SRCREV_machine:qemuppc ?= "c1de905a03cfd9cf9de51657e7fd20ec6fb7d078"
-SRCREV_machine:qemuriscv64 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
-SRCREV_machine:qemuriscv32 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
-SRCREV_machine:qemux86 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
-SRCREV_machine:qemux86-64 ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
-SRCREV_machine:qemumips64 ?= "6f0fadc3449cfed9ceac3cce845dfb9b70f9affd"
-SRCREV_machine ?= "c46ce4bd9d6b7fc0c1d6ca2a519ee3d07fa753a9"
-SRCREV_meta ?= "b043ea37245d4c669239b28a30c78c390bdafdcc"
+SRCREV_machine:qemuarm ?= "b3697b53304c9f2c0e7e46a22549ed9d64a110ca"
+SRCREV_machine:qemuarm64 ?= "302113f65bb9cbd9afdb476222cc1fa596e36855"
+SRCREV_machine:qemuloongarch64 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
+SRCREV_machine:qemumips ?= "a6b8c8416a2074c8e14eeeeb36a0e5bd0f2add92"
+SRCREV_machine:qemuppc ?= "413e2245480aec98a737ab657322180581a496f5"
+SRCREV_machine:qemuriscv64 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
+SRCREV_machine:qemuriscv32 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
+SRCREV_machine:qemux86 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
+SRCREV_machine:qemux86-64 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
+SRCREV_machine:qemumips64 ?= "257558ce69f7bdbc571cb1b2d9eb35890747fd02"
+SRCREV_machine ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
+SRCREV_meta ?= "020f8355dc905686f3c125ec87ce4d21a5966750"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "eac8889a3a1c81d7113cc4656b9420e84c379cf5"
+SRCREV_machine:class-devupstream ?= "0a40c6fbd105802fbbcaadca249e0948fbf8095a"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.140"
+LINUX_VERSION ?= "6.6.141"
 
 PV = "${LINUX_VERSION}+git"
 

[OE-core][scarthgap 29/30] linux-yocto/6.6: update to v6.6.142

[Yoann Congal]

From: Bruce Ashfield <bruce.ashfield@gmail.com>

Updating linux-yocto/6.6 to the latest korg -stable release that comprises
the following commits:

    924b4a879cbb Linux 6.6.142
    cefa4265b111 security/keys: fix missed RCU read section on lookup
    105c6a594b3f LoongArch: kprobes: Fix handling of fatal unrecoverable recursions
    1f9c82855641 net: gro: don't merge zcopy skbs
    f504118252af pds_core: ensure null-termination for firmware version strings
    d3f3d6fa0cad pds_core: add an error code check in pdsc_dl_info_get
    01f7f893d5e1 net: mana: validate rx_req_idx to prevent out-of-bounds array access
    3dee2fe0c818 ASoC: cs35l56: Fix flushing of IRQ work in cs35l56_sdw_remove()
    d798b25c24f4 gpio: cdev: check if uAPI v2 config attributes are correctly zeroed
    0f1fd5e83f0b gpiolib: cdev: use !mem_is_zero() instead of memchr_inv(s, 0, n)
    cd87492b79d1 string: add mem_is_zero() helper to check if memory area is all zeros
    c9ea01768903 bpf, skmsg: fix verdict sk_data_ready racing with ktls rx
    40fc66218ad1 net: ag71xx: check error for platform_get_irq
    2a1905730e0c Bluetooth: btmtk: fix urb->setup_packet leak in error paths
    f04578422154 Bluetooth: btmtk: move btusb_mtk_hci_wmt_sync to btmtk.c
    73377cf3056a Bluetooth: btmtk: rename btmediatek_data
    aa58d8366269 Bluetooth: btusb: mediatek: refactor the function btusb_mtk_reset
    b748250d778e Bluetooth: btmtk: add the function to get the fw name
    e91687643c44 tracing: Avoid NULL return from hist_field_name() on truncation
    8ba1c4ddbb1c ALSA: seq: Serialize UMP output teardown with event_input
    e5604a480487 ALSA: seq: ump: Use guard() for locking
    b6d3d3816c67 ptrace: Convert ptrace_attach() to use lock guards
    60ef1675b652 pds_core: fix debugfs_lookup dentry leak and error handling
    3231aff8ab26 pds_core: fix error handling in pdsc_devcmd_wait
    1900ca8acb92 bridge: mcast: Fix a possible use-after-free when removing a bridge port
    6e79715b7b8a net: bridge: Flush multicast groups when snooping is disabled
    00904a73272b RDMA/rtrs: Fix use-after-free in path file creation cleanup
    a7685f4d90c1 platform/x86: intel-vbtn: Check ACPI_HANDLE() against NULL
    527a7990e663 platform/x86: intel-hid: Check ACPI_HANDLE() against NULL
    6ea1690b24e9 platform/x86: hp_accel: Check ACPI_COMPANION() against NULL
    32ba2ce2b15f platform/x86: adv_swbutton: Check ACPI_HANDLE() against NULL
    566f42fb67a7 net: mana: Fix TOCTOU double-fetch of hwc_msg_id from DMA buffer
    314a94c47d28 net: dsa: mt7530: preserve VLAN tags on trapped link-local frames
    1bddf306212a net: dsa: mt7530: rename mt753x_bpdu_port_fw enum to mt753x_to_cpu_fw
    d2be607d042d net: dsa: mt7530: fix FDB entries not aging out with short timeout
    69a0885079c9 wifi: ath11k: fix peer resolution on rx path when peer_id=0
    070e40acc59e drm/msm/snapshot: fix dumping of the unaligned regions
    dd844b31f4ea spi: mtk-snfi: Fix resource leak in mtk_snand_read_page_cache()
    5c54c482934b net/mlx5: Do not restore destination-less TC rules
    d65b279a1898 tls: Preserve sk_err across recvmsg() when data has been copied
    1822997aa8c2 x86/xen: Fix xen_e820_swap_entry_with_ram()
    06cc5ad2c112 net: phy: DP83TC811: add reading of abilities
    d04494596b5e net: phy: c45: add genphy_c45_pma_read_ext_abilities() function
    acdc12b71c9a net: tls: prevent chain-after-chain in plain text SG
    131ef12057d9 net: tls: fix off-by-one in sg_chain entry count for wrapped sk_msg ring
    d38ba387244e net/smc: reject CHID-0 ACCEPT that matches an empty ism_dev slot
    a09d07ac45e2 powerpc/time: Remove redundant preempt_disable|enable() calls from arch_irq_work_raise()
    7256e54583ae drm/msm: Fix iommu_map_sgtable() return value check and avoid WARN
    567b5e976e2e drm/msm/dsi: don't dump registers past the mapped region
    b40e10c72df5 ethtool: fix ethnl_bitmap32_not_zero() bit interval semantics
    720c76b930c5 net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint
    9baafc2fea09 accel/qaic: Add overflow check to remap_pfn_range during mmap
    f775be13d342 HID: quirks: really enable the intended work around for appledisplay
    a5db6a7c062f wifi: ath11k: fix error path leak in ath11k_tm_cmd_wmi_ftm()
    3d675896ea03 wifi: ath11k: fix error path leaks in some WMI WOW calls
    b77be98447c4 net: ethernet: cs89x0: remove stale CONFIG_MACH_MX31ADS reference
    78cf08b3be47 net: ethernet: cortina: Carry over frag counter
    68c9c3ac9ce5 net: ethernet: cortina: Drop half-assembled SKB
    3b249988d774 net: ethernet: cortina: Make RX SKB per-port
    00efe58bbdcc netfs: Fix overrun check in netfs_extract_user_iter()
    0df68fd72b2a zonefs: handle integer overflow in zonefs_fname_to_fno
    eef4f71b46a9 irq_work: Fix use-after-free in irq_work_single() on PREEMPT_RT
    6760af11a26e irqchip/ath79-cpu: Remove unused function
    6af5fd2ffda1 phy: marvell: mvebu-a3700-utmi: fix incorrect USB2_PHY_CTRL register access
    b0cc58e8f749 net: lan966x: avoid unregistering netdev on register failure
    9e1c9b957344 ice: fix locking in ice_dcb_rebuild()
    07d77d774f71 tcp: Fix imbalanced icsk_accept_queue count.
    08d355936fcf test_kprobes: clear kprobes between test runs
    8a5f01446021 kprobes: skip non-symbol addresses in kprobe_add_ksym_blacklist()
    99948d73a8c7 netfilter: x_tables: unregister the templates first
    26b2290baaf6 btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file()
    542b49d2cf12 ALSA: hda: cs35l56: Put ACPI device after setting companion
    508b1193d63b ARM: integrator: Fix early initialization
    fb3ff02dd444 pinctrl: qcom: Fix wakeirq map by removing disconnected irqs for sm8150
    7d694570281a kunit: config: KUNIT_DEBUGFS should depend on DEBUG_FS
    0df3f3031517 kunit: config: Enable KUNIT_DEBUGFS by default
    8b0f4e3b7ad6 firmware: arm_ffa: Skip free_pages on RX buffer alloc failure
    adfff93d08a2 firmware: arm_ffa: Check for NULL FF-A ID table while driver registration
    58ab91af4124 HID: uclogic: Fix regression of input name assignment
    a2d1c819348b hwmon: (pmbus/adm1266) reject short block-read responses in the GPIO accessors
    20d626463e3f hwmon: (pmbus/adm1266) register the nvmem device after pmbus_do_probe()
    cba4f1122dfb hwmon: (pmbus/adm1266) register the gpio_chip after pmbus_do_probe()
    6b5573b63e30 hwmon: (pmbus/adm1266) don't clobber GPIO bits before PDIO read in get_multiple
    4d1da9a6be5a hwmon: (pmbus/adm1266) cap PDIO scan in get_multiple at ADM1266_PDIO_NR
    60c4b9fe1a3d hwmon: (pmbus/adm1266) bounce blackbox records through a protocol-sized buffer
    d94ceb16e55b hwmon: (pmbus/adm1266) include PEC byte in pmbus_block_xfer read buffer
    f85c81e93dbd hwmon: (pmbus/adm1266) reject implausible blackbox record_count
    025cfc7a09c5 hwmon: (pmbus/adm1266) seed timestamp from the real-time clock
    32edd2a28e11 batman-adv: tt: fix negative tt_buff_len
    22d59c72f4a4 batman-adv: tt: fix negative last_changeset_len
    c2c88736022c batman-adv: tp_meter: fix race condition in send error reporting
    0b1bedf114ea batman-adv: tp_meter: fix tp_vars reference leak in receiver shutdown
    53f931e0146a batman-adv: tp_meter: avoid use of uninit sender vars
    48663158222b batman-adv: bla: fix report_work leak on backbone_gw purge
    b54e459cf869 batman-adv: frag: disallow unicast fragment in fragment
    c1bac194733a batman-adv: fix tp_meter counter underflow during shutdown
    f653b040dad1 batman-adv: fix fragment reassembly length accounting
    866ac1d57040 batman-adv: dat: handle forward allocation error
    6de089b545db batman-adv: clear current gateway during teardown
    70bcb678561f batman-adv: mcast: fix use-after-free in orig_node RCU release
    90c398e822ca drm/amd/display: Validate payload length and link_index in dc_process_dmub_aux_transfer_async
    fb30a3890d62 drm/amd/display: Validate GPIO pin LUT table size before iterating
    266b21b57fbb drm/amd/display: Fix integer overflow in bios_get_image()
    e4d3d33ab7bd drm/bridge: megachips: remove bridge when irq request fails
    25473edcdaef drm/bridge: it66121: acquire reset GPIO in probe
    21ab64c77a30 drm/virtio: use uninterruptible resv lock for plane updates
    371f53925a67 device property: set fwnode->secondary to NULL in fwnode_init()
    fb3539b367f5 LoongArch: Remove unused code to avoid build warning
    14553be882d9 RDMA/siw: Reject MPA FPDU length underflow before signed receive math
    f2dc841d7dc9 spi: ti-qspi: fix use-after-free after DMA setup failure
    450c319dd04d spi: sprd: fix error pointer deref after DMA setup failure
    309c6058622d scsi: isci: Fix use-after-free in device removal path
    9d5ae6b8d9ec phy: tegra: xusb: Fix per-pad high-speed termination calibration
    45760b72e84c spi: qup: fix error pointer deref after DMA setup failure
    3c83a6912c24 drm/bridge: chipone-icn6211: use devm_drm_bridge_add in i2c probe
    dab9f93251b2 KVM: arm64: vgic-its: Reject restored DTE with out-of-range num_eventid_bits
    e0790046f6be arm64: probes: Handle probes on hinted conditional branch instructions
    f383cff9fb38 tracing: Do not call map->ops->elt_free() if elt_alloc() fails
    bdc349a87f1f cifs: Fix busy dentry used after unmounting
    1ced0f5a851f wifi: cfg80211: advance loop vars in cfg80211_merge_profile()
    a3a4366731a5 ice: fix setting promisc mode while adding VID filter
    add70e2682c0 ixgbevf: fix use-after-free in VEPA multicast source pruning
    3c5411fa4944 ipv4: raw: reject IP_HDRINCL packets with ihl < 5
    f50c3ff97c83 wifi: ath11k: clear shared SRNG pointer state on restart
    ce29d3bf79a2 vsock/virtio: reset connection on receiving queue overflow
    cc27e989a5df vsock/vmci: fix UAF when peer resets connection during handshake
    273a1481c556 ring-buffer: Fix reporting of missed events in iterator
    3904b993cc17 qed: fix double free in qed_cxt_tables_alloc()
    c161ad9157f5 netfilter: nft_inner: Fix IPv6 inner_thoff desync
    c281e018af98 netfilter: ipset: stop hash:* range iteration at end
    1e5e20031c5e netfilter: nf_queue: hold bridge skb->dev while queued
    41ec2e242f17 netfilter: ip6t_hbh: reject oversized option lists
    16bd798cb6d8 net: ifb: report ethtool stats over num_tx_queues
    289499907399 net: bcmgenet: keep RBUF EEE/PM disabled
    8420aa490041 phonet/pep: disable BH around forwarded sk_receive_skb()
    be43e6b40431 Bluetooth: serialize accept_q access
    a143ce77a529 Bluetooth: MGMT: validate Add Extended Advertising Data length
    9d20d48be2c4 Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
    fe69f634b076 Bluetooth: bnep: Fix UAF read of dev->name
    3af41ee7ebec Bluetooth: ISO: drop ISO_END frames received without prior ISO_START
    5d86d2f1b4d9 Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del()
    6f63a60580eb net: wwan: iosm: fix potential memory leaks in ipc_imem_init()
    686b4283f82c drivers/base/memory: fix memory block reference leak in poison accounting
    29cd94e678fc efi: Allocate runtime workqueue before ACPI init
    7b6f8c8eb93f ALSA: asihpi: Fix potential OOB array access at reading cache
    41a766c64729 ALSA: pcm: Don't setup bogus iov_iter for silencing
    dade81458966 ALSA: ua101: Reject too-short USB descriptors
    0dbf64c50244 hwmon: (pmbus/adm1266) widen blackbox-info buffer to I2C_SMBUS_BLOCK_MAX
    adcfb16ae402 smb/server: promote S_DEL_ON_CLS to S_DEL_PENDING when close
    7df1df6f40c0 smb: client: protect tc_count increment in smb2_find_smb_sess_tcon_unlocked()
    9d378e17c864 ksmbd: fix SID memory leak in set_posix_acl_entries_dacl() on overflow
    e43cb36d4d78 ksmbd: fix null pointer dereference in compare_guid_key()
    082351f9d400 mm/damon/sysfs-schemes: call missing mem_cgroup_iter_break()
    31527d80234c sysfs: don't remove existing directory on update failure
    ad7520628c74 Revert "af_unix: Reject SIOCATMARK on non-stream sockets"
    f624070c322d Revert "s390/cio: Update purge function to unregister the unused subchannels"
    7963b6141b4c Revert "ice: Remove jumbo_remove step from TX path"
    6331b0f7b71e Revert "ice: fix double-free of tx_buf skb"
    2035acfb1722 smb: client: reject userspace cifs.spnego descriptions
    3106f326f67c af_unix: Give up GC if MSG_PEEK intervened.
    3a436932eb39 ksmbd: close durable scavenger races against m_fp_list lookups
    712cdf917e77 ksmbd: validate owner of durable handle on reconnect
    7f0cb478703c ksmbd: add durable scavenger timer
    50a23fa28e76 ksmbd: avoid reclaiming expired durable opens by the client
    2682bf9a804b Revert "x86/vdso: Fix output operand size of RDPID"
    ba5b43db126a wifi: mac80211: check tdls flag in ieee80211_tdls_oper
    a052c2d8399a s390/debug: Reject zero-length input before trimming a newline
    492349e5e4a3 driver core: platform: use generic driver_override infrastructure
    64a3ee535bd7 driver core: generalize driver_override in struct device
    fabfed1afe27 spi: spidev: fix lock inversion between spi_lock and buf_lock
    6a3af482188f mptcp: pm: ADD_ADDR rtx: free sk if last
    9426265e157d mptcp: pm: ADD_ADDR rtx: always decrease sk refcount
    19a3ec9ef176 mptcp: pm: ADD_ADDR rtx: allow ID 0
    b386aa38b81d mptcp: sync the msk->sndbuf at accept() time

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../linux/linux-yocto-rt_6.6.bb               |  6 ++--
 .../linux/linux-yocto-tiny_6.6.bb             |  6 ++--
 meta/recipes-kernel/linux/linux-yocto_6.6.bb  | 28 +++++++++----------
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
index 5fcf0f81d7c..c7f8b73fa94 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.6.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "7bb6512fc5dc7b1191867beadc83b3ce216a2037"
-SRCREV_meta ?= "020f8355dc905686f3c125ec87ce4d21a5966750"
+SRCREV_machine ?= "422bdbd919836dc6565f5bbeb5b662b9c52dc038"
+SRCREV_meta ?= "113d5637ef24d6ca9e43d64dec47efa3f7548c89"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.6.141"
+LINUX_VERSION ?= "6.6.142"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
index 0bd1ae9ad2d..151d63c8a20 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.6.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.6.inc
 
-LINUX_VERSION ?= "6.6.141"
+LINUX_VERSION ?= "6.6.142"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "90e2be4f80d73789176eab3679ef12ec164d594f"
-SRCREV_meta ?= "020f8355dc905686f3c125ec87ce4d21a5966750"
+SRCREV_machine ?= "597d6818e83dc368f871fccf981a2a54a93196d0"
+SRCREV_meta ?= "113d5637ef24d6ca9e43d64dec47efa3f7548c89"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.6.bb b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
index f684fac7242..4288688afed 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.6.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.6.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86-64 ?= "v6.6/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.6/standard/base"
 KBRANCH:qemumips64 ?= "v6.6/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "b3697b53304c9f2c0e7e46a22549ed9d64a110ca"
-SRCREV_machine:qemuarm64 ?= "302113f65bb9cbd9afdb476222cc1fa596e36855"
-SRCREV_machine:qemuloongarch64 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
-SRCREV_machine:qemumips ?= "a6b8c8416a2074c8e14eeeeb36a0e5bd0f2add92"
-SRCREV_machine:qemuppc ?= "413e2245480aec98a737ab657322180581a496f5"
-SRCREV_machine:qemuriscv64 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
-SRCREV_machine:qemuriscv32 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
-SRCREV_machine:qemux86 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
-SRCREV_machine:qemux86-64 ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
-SRCREV_machine:qemumips64 ?= "257558ce69f7bdbc571cb1b2d9eb35890747fd02"
-SRCREV_machine ?= "2c57d38b7d1560691a786d2daf5be0e25d200dfb"
-SRCREV_meta ?= "020f8355dc905686f3c125ec87ce4d21a5966750"
+SRCREV_machine:qemuarm ?= "860f859f5e469702d108e6ce9d3affaca072cfa3"
+SRCREV_machine:qemuarm64 ?= "60caa07a883ec933fad7aadaa2eb67a16c207906"
+SRCREV_machine:qemuloongarch64 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_machine:qemumips ?= "6895489ba64aa274deea1687100068d4afddaec4"
+SRCREV_machine:qemuppc ?= "5a29f898aaae6bd0e12bdaeed596f40ab6fec468"
+SRCREV_machine:qemuriscv64 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_machine:qemuriscv32 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_machine:qemux86 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_machine:qemux86-64 ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_machine:qemumips64 ?= "44180b7d240f83de490ab570bc092afe5d123207"
+SRCREV_machine ?= "a9288bf8eb270b824e3f92ee54df9dcd72a6052f"
+SRCREV_meta ?= "113d5637ef24d6ca9e43d64dec47efa3f7548c89"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "0a40c6fbd105802fbbcaadca249e0948fbf8095a"
+SRCREV_machine:class-devupstream ?= "924b4a879cbb75aef37c160b955b92f6894b11a4"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.6/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.6;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.6.141"
+LINUX_VERSION ?= "6.6.142"
 
 PV = "${LINUX_VERSION}+git"
 

[OE-core][scarthgap 30/30] lttng-modules: Fix trace_hrtimer_start build failure

[Yoann Congal]

From: He Zhe <zhe.he@windriver.com>

Fix the following build failure

probes/../../include/lttng/tracepoint-event-impl.h:133:6: error: conflicting
types for 'trace_hrtimer_start'; have 'void(struct hrtimer *, enum hrtimer_mode)'
  133 | void trace_##_name(_proto);
      |      ^~~~~~

Signed-off-by: He Zhe <zhe.he@windriver.com>
[YC: backported from wrynose commit e32cbc177dae ("lttng-modules: Fix
trace_hrtimer_start build failure").
This is a partial backport of commit 7dae5f40e394 ("lttng-modules:
fix build against kernel 7.1+")]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 ...ce-trace-noise-in-hrtimer_start-v7.1.patch | 103 ++++++++++++++++++
 .../lttng/lttng-modules_2.13.12.bb            |   6 +-
 2 files changed, 107 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch

diff --git a/meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch
new file mode 100644
index 00000000000..e9124b4f87a
--- /dev/null
+++ b/meta/recipes-kernel/lttng/lttng-modules/0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch
@@ -0,0 +1,103 @@
+From c370026b0a077ba9491b07c559b343fde6353074 Mon Sep 17 00:00:00 2001
+From: Michael Jeanson <mjeanson@efficios.com>
+Date: Mon, 25 May 2026 10:38:18 -0400
+Subject: [PATCH] fix: hrtimer: Reduce trace noise in hrtimer_start() (v7.1)
+
+
+See upstream commit:
+
+  commit f2e388a019e4cf83a15883a3d1f1384298e9a6aa
+  Author: Thomas Gleixner <tglx@kernel.org>
+  Date:   Tue Feb 24 17:36:59 2026 +0100
+
+    hrtimer: Reduce trace noise in hrtimer_start()
+
+    hrtimer_start() when invoked with an already armed timer traces like:
+
+     <comm>-..   [032] d.h2. 5.002263: hrtimer_cancel: hrtimer= ....
+     <comm>-..   [032] d.h1. 5.002263: hrtimer_start: hrtimer= ....
+
+    Which is incorrect as the timer doesn't get canceled. Just the expiry time
+    changes. The internal dequeue operation which is required for that is not
+    really interesting for trace analysis. But it makes it tedious to keep real
+    cancellations and the above case apart.
+
+    Remove the cancel tracing in hrtimer_start() and add a 'was_armed'
+    indicator to the hrtimer start tracepoint, which clearly indicates what the
+    state of the hrtimer is when hrtimer_start() is invoked:
+
+    <comm>-..   [032] d.h1. 6.200103: hrtimer_start: hrtimer= .... was_armed=0
+     <comm>-..   [032] d.h1. 6.200558: hrtimer_start: hrtimer= .... was_armed=1
+
+Change-Id: I37ee0ae0af665a51fd4f92adffb6b1dcb2ecd9d2
+Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Upstream-Status: Backport [https://github.com/lttng/lttng-modules/commit/b77f94c7a7109e70a97bf936b72d66d611187d61]
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+[YC: Backport: revert usage of non-defined-yet ctf_enum]
+Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
+---
+ include/instrumentation/events/timer.h | 39 ++++++++++++++++++++++++--
+ 1 file changed, 37 insertions(+), 2 deletions(-)
+
+diff --git a/include/instrumentation/events/timer.h b/include/instrumentation/events/timer.h
+index bd21c03..9d4476a 100644
+--- a/include/instrumentation/events/timer.h
++++ b/include/instrumentation/events/timer.h
+@@ -203,12 +203,43 @@ LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_init,
+ 	)
+ )
+ 
++#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(7,1,0) || \
++	LTTNG_KERNEL_RANGE(7,0,10, 7,1,0) || \
++	LTTNG_KERNEL_RANGE(6,18,33, 6,19,0) || \
++	LTTNG_KERNEL_RANGE(6,12,91, 6,13,0) || \
++	LTTNG_KERNEL_RANGE(6,6,141, 6,7,0))
+ /**
+  * hrtimer_start - called when the hrtimer is started
+- * @timer: pointer to struct hrtimer
++ * @hrtimer:	pointer to struct hrtimer
++ * @mode:	the hrtimers mode
++ * @was_armed:	Was armed when hrtimer_start*() was invoked
+  */
+-#if (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,16,0) || \
++LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_start,
++
++	timer_hrtimer_start,
++
++	TP_PROTO(struct hrtimer *hrtimer, enum hrtimer_mode mode, bool was_armed),
++
++	TP_ARGS(hrtimer, mode, was_armed),
++
++	TP_FIELDS(
++		ctf_integer_hex(void *, hrtimer, hrtimer)
++		ctf_integer_hex(void *, function, hrtimer->function)
++		ctf_integer(s64, expires,
++			lttng_ktime_get_tv64(hrtimer_get_expires(hrtimer)))
++		ctf_integer(s64, softexpires,
++			lttng_ktime_get_tv64(hrtimer_get_softexpires(hrtimer)))
++		ctf_integer(enum hrtimer_mode, mode, mode)
++		ctf_integer(bool, was_armed, was_armed)
++	)
++)
++#elif (LTTNG_LINUX_VERSION_CODE >= LTTNG_KERNEL_VERSION(4,16,0) || \
+ 	LTTNG_RT_KERNEL_RANGE(4,14,0,0, 4,15,0,0))
++/**
++ * hrtimer_start - called when the hrtimer is started
++ * @hrtimer:	pointer to struct hrtimer
++ * @mode:	the hrtimers mode
++ */
+ LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_start,
+ 
+ 	timer_hrtimer_start,
+@@ -228,6 +259,10 @@ LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_start,
+ 	)
+ )
+ #else
++/**
++ * hrtimer_start - called when the hrtimer is started
++ * @hrtimer: pointer to struct hrtimer
++ */
+ LTTNG_TRACEPOINT_EVENT_MAP(hrtimer_start,
+ 
+ 	timer_hrtimer_start,
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb b/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb
index 34aff1ba8df..b29d73aa89e 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.13.12.bb
@@ -15,10 +15,12 @@ SRC_URI = "https://lttng.org/files/${BPN}/${BPN}-${PV}.tar.bz2 \
            file://0003-Fix-mm_compaction_migratepages-changed-in-linux-6.9-.patch \
            file://0004-Fix-dev_base_lock-removed-in-linux-6.9-rc1.patch \
            file://0001-Fix-sched_stat_runtime-changed-in-Linux-6.6.66.patch \
-        "
+           "
 
 # Use :append here so that the patch is applied also when using devupstream
-SRC_URI:append = " file://0001-src-Kbuild-change-missing-CONFIG_TRACEPOINTS-to-warn.patch"
+SRC_URI:append = " file://0001-src-Kbuild-change-missing-CONFIG_TRACEPOINTS-to-warn.patch \
+                   file://0001-fix-hrtimer-Reduce-trace-noise-in-hrtimer_start-v7.1.patch \
+                 "
 
 SRC_URI[sha256sum] = "d85fcb66c7bd31003ab8735e8c77700e5e4f417b4c22fe1f20112cf435abad79"
 

Re: [OE-core][scarthgap 05/30] meta: fix generation of kernel CONFIG_ in SPDX3

[Paul Barker]

[-- Attachment #1: Type: text/plain, Size: 5219 bytes --]

On Wed, 2026-06-17 at 09:44 +0200, Yoann Congal via
lists.openembedded.org wrote:
> From: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
> 
> With the current solution, using a separate task
> (do_create_kernel_config_spdx) there is a dependency issue. Sometimes
> the final rootfs SBOM does not contain the CONFIG_ values.
> 
> do_create_kernel_config_spdx is executed after do_create_spdx which
> deploys the SPDX file. do_create_kernel_config_spdx calls
> oe.sbom30.find_root_obj_in_jsonld to read from the deploy directory,
> which is OK, but the do_create_kernel_config_spdx ends up writing to
> this deployed file (updating it).
> 
> do_create_rootfs_spdx has an explicit dependency to all do_create_spdx
> tasks, but there is nothing that prevents executing
> do_create_kernel_config_spdx after do_create_rootfs_spdx.
> 
> To fix it, instead, now read from the workdir, and write to the
> workdir, and do the processing from the do_create_spdx task:
> we append to the do_create_spdx task.
> Furthermore, update oeqa selftest to execute do_create_spdx instead
> of removed function.
> 
> Also only execute this task if create-spdx-3.0 was inherited,
> previously this code could be executed if create-spdx-2.2 is
> inherited.
> 
> (cherry picked from commit 8417f4a186e78a9d309541f5d0e711178bb80488)
> 
> Fixes: 1fff29a04287 ("kernel.bbclass: Add task to export kernel configuration to SPDX")
> Signed-off-by: Benjamin Robin (Schneider Electric) <benjamin.robin@bootlin.com>
> Reviewed-by: Joshua Watt <JPEWhacker@gmail.com>
> Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
> ---
>  meta/classes-recipe/kernel.bbclass   | 27 +++++++++++++++------------
>  meta/lib/oeqa/selftest/cases/spdx.py |  2 +-
>  2 files changed, 16 insertions(+), 13 deletions(-)
> 
> diff --git a/meta/classes-recipe/kernel.bbclass b/meta/classes-recipe/kernel.bbclass
> index 39e198864e4..618324f75ff 100644
> --- a/meta/classes-recipe/kernel.bbclass
> +++ b/meta/classes-recipe/kernel.bbclass
> @@ -870,14 +870,13 @@ addtask deploy after do_populate_sysroot do_packagedata
>  
>  EXPORT_FUNCTIONS do_deploy
>  
> -python __anonymous() {
> -    inherits = (d.getVar("INHERIT") or "")
> -    if "create-spdx" in inherits:
> -        bb.build.addtask('do_create_kernel_config_spdx', 'do_populate_lic do_deploy', 'do_create_spdx', d)
> -}
> +do_create_spdx:append() {
> +    def create_kernel_config_spdx(d):
> +        if not bb.data.inherits_class("create-spdx-3.0", d):
> +            return
> +        if d.getVar("SPDX_INCLUDE_KERNEL_CONFIG", True) != "1":
> +            return
>  
> -python do_create_kernel_config_spdx() {
> -    if d.getVar("SPDX_INCLUDE_KERNEL_CONFIG", True) == "1":
>          import oe.spdx30
>          import oe.spdx30_tasks
>          from pathlib import Path
> @@ -909,9 +908,11 @@ python do_create_kernel_config_spdx() {
>          except Exception as e:
>              bb.error(f"Failed to parse kernel config file: {e}")
>  
> -        build, build_objset = oe.sbom30.find_root_obj_in_jsonld(
> -            d, "recipes", f"recipe-{pn}", oe.spdx30.build_Build
> -        )
> +        path = oe.sbom30.jsonld_arch_path(d, pkg_arch, "recipes", f"recipe-{pn}", deploydir=deploydir)
> +        build_objset = oe.sbom30.load_jsonld(d, path, required=True)
> +        build = build_objset.find_root(oe.spdx30.build_Build)
> +        if not build:
> +            bb.fatal("No root %s found in %s" % (oe.spdx30.build_Build.__name__, path))
>  
>          kernel_build = build_objset.add_root(
>              oe.spdx30.build_Build(
> @@ -930,9 +931,11 @@ python do_create_kernel_config_spdx() {
>              [kernel_build]
>          )
>  
> -        oe.sbom30.write_jsonld_doc(d, build_objset, deploydir / pkg_arch / "recipes" / f"recipe-{pn}.spdx.json")
> +        oe.sbom30.write_jsonld_doc(d, build_objset, path)
> +
> +    create_kernel_config_spdx(d)
>  }
> -do_create_kernel_config_spdx[depends] = "virtual/kernel:do_configure"
> +do_create_spdx[depends] += "virtual/kernel:do_configure"
>  
>  # Add using Device Tree support
>  inherit kernel-devicetree
> diff --git a/meta/lib/oeqa/selftest/cases/spdx.py b/meta/lib/oeqa/selftest/cases/spdx.py
> index 035f3fe3363..3373988ca40 100644
> --- a/meta/lib/oeqa/selftest/cases/spdx.py
> +++ b/meta/lib/oeqa/selftest/cases/spdx.py
> @@ -298,7 +298,7 @@ class SPDX30Check(SPDX3CheckBase, OESelftestTestCase):
>          objset = self.check_recipe_spdx(
>              kernel_recipe,
>              spdx_path,
> -            task="do_create_kernel_config_spdx",
> +            task="do_create_spdx",
>              extraconf="""\
>                  INHERIT += "create-spdx"
>                  SPDX_INCLUDE_KERNEL_CONFIG = "1"

I agree this is worth backporting as it fixes omissions in generated
SPDX data. But it removes a task (do_create_kernel_config_spdx) so we
need to be careful.

In this case I doubt anyone is calling do_create_kernel_config_spdx
directly, so we should be able to handle this by highlighting the
removal in the release notes for the next scarthgap release.

Best regards,

-- 
Paul Barker


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 252 bytes --]