Skip to content

[rocky10_0] History Rebuild to kernel-6.12.0-55.39.1.el10_0 #624

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 38 commits into from
Oct 15, 2025
Merged

[rocky10_0] History Rebuild to kernel-6.12.0-55.39.1.el10_0 #624

merged 38 commits into from
Oct 15, 2025

Conversation

@PlaidCat
Copy link
Collaborator

@PlaidCat PlaidCat commented Oct 14, 2025

  • Download all unprocessed src.rpm
  • for each src,pm
    • Find all commits in changelog up to last known tag ... in this case 6.12.0-55
    • Re-play commits in reverse order (oldest in change log to newest) with git cherry-pick
    • After replay replace ENTIRE code in branch with rpmbuild -bp from corresponding src.rpm.
    • Tag Rebuild branch
  • Use New Local Build with prodman and test (note test results will be different than usual)

Checking Rebuild Commits for potentially missing commits:

kernel-6.12.0-55.38.1.el10_0

[jmaple@devbox kernel-src-tree]$ cat ciq/ciq_backports/kernel-6.12.0-55.38.1.el10_0/rebuild.details.txt
Rebuild_History BUILDABLE
Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50%
Number of commits in upstream range v6.12~1..kernel-mainline: 66177
Number of commits in rpm: 31
Number of commits matched with upstream: 28 (90.32%)
Number of commits in upstream but not in rpm: 66149
Number of commits NOT found in upstream: 3 (9.68%)

Rebuilding Kernel on Branch rocky10_0_rebuild_kernel-6.12.0-55.38.1.el10_0 for kernel-6.12.0-55.38.1.el10_0
Clean Cherry Picks: 24 (85.71%)
Empty Cherry Picks: 4 (14.29%)
_______________________________

__EMPTY COMMITS__________________________
a8445cfec101c42e9d64cdb2dac13973b22c205c net: mana: Change the function signature of mana_get_primary_netdev_rcu
bee35b7161aaaed9831e2f14876c374b9c566952 RDMA/mana_ib: Handle net event for pointing to the current netdev
ca8ac489ca33c986ff02ee14c3e1c10b86355428 net: mana: Handle unsupported HWC commands
fbe346ce9d626680a4dd0f079e17c7b5dd32ffad net: mana: Handle Reset Request from MANA NIC

__CHANGES NOT IN UPSTREAM________________
Porting to Rocky Linux 10, debranding and Rocky Linux branding'
Add partial riscv64 support for build root'
Provide basic VisionFive 2 support'

kernel-6.12.0-55.39.1.el10_0

[jmaple@devbox kernel-src-tree]$ cat ciq/ciq_backports/kernel-6.12.0-55.39.1.el10_0/rebuild.details.txt
Rebuild_History BUILDABLE
Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50%
Number of commits in upstream range v6.12~1..kernel-mainline: 66177
Number of commits in rpm: 11
Number of commits matched with upstream: 8 (72.73%)
Number of commits in upstream but not in rpm: 66169
Number of commits NOT found in upstream: 3 (27.27%)

Rebuilding Kernel on Branch rocky10_0_rebuild_kernel-6.12.0-55.39.1.el10_0 for kernel-6.12.0-55.39.1.el10_0
Clean Cherry Picks: 7 (87.50%)
Empty Cherry Picks: 1 (12.50%)
_______________________________

__EMPTY COMMITS__________________________
ce32b0c9c522e5a69ef9c62a56d6ca08fb036d67 cxl: core/region - ignore interleave granularity when ways=1

__CHANGES NOT IN UPSTREAM________________
Porting to Rocky Linux 10, debranding and Rocky Linux branding'
Add partial riscv64 support for build root'
Provide basic VisionFive 2 support'

BUILD

[jmaple@devbox code]$ egrep -B 5 -A 5 "\[TIMER\]|^Starting Build" $(ls -t kbuild* | head -n1)
/mnt/code/kernel-src-tree-build
Running make mrproper...
  CLEAN   scripts/basic
  CLEAN   scripts/kconfig
  CLEAN   include/config include/generated
[TIMER]{MRPROPER}: 7s
x86_64 architecture detected, copying config
'configs/kernel-x86_64-rhel.config' -> '.config'
Setting Local Version for build
CONFIG_LOCALVERSION="-rocky10_0_rebuild-64262157f189"
Making olddefconfig
--
  HOSTCC  scripts/kconfig/util.o
  HOSTLD  scripts/kconfig/conf
#
# configuration written to .config
#
Starting Build
  GEN     arch/x86/include/generated/asm/orc_hash.h
  WRAP    arch/x86/include/generated/uapi/asm/bpf_perf_event.h
  WRAP    arch/x86/include/generated/uapi/asm/errno.h
  WRAP    arch/x86/include/generated/uapi/asm/fcntl.h
  WRAP    arch/x86/include/generated/uapi/asm/ioctl.h
--
  LD [M]  net/qrtr/qrtr.ko
  LD [M]  net/qrtr/qrtr-mhi.ko
  BTF [M] net/qrtr/qrtr.ko
  BTF [M] net/hsr/hsr.ko
  BTF [M] net/qrtr/qrtr-mhi.ko
[TIMER]{BUILD}: 2005s
Making Modules
  SYMLINK /lib/modules/6.12.0-rocky10_0_rebuild-64262157f189+/build
  INSTALL /lib/modules/6.12.0-rocky10_0_rebuild-64262157f189+/modules.order
  INSTALL /lib/modules/6.12.0-rocky10_0_rebuild-64262157f189+/modules.builtin
  INSTALL /lib/modules/6.12.0-rocky10_0_rebuild-64262157f189+/modules.builtin.modinfo
--
  STRIP   /lib/modules/6.12.0-rocky10_0_rebuild-64262157f189+/kernel/net/qrtr/qrtr-mhi.ko
  SIGN    /lib/modules/6.12.0-rocky10_0_rebuild-64262157f189+/kernel/net/hsr/hsr.ko
  SIGN    /lib/modules/6.12.0-rocky10_0_rebuild-64262157f189+/kernel/net/qrtr/qrtr.ko
  SIGN    /lib/modules/6.12.0-rocky10_0_rebuild-64262157f189+/kernel/net/qrtr/qrtr-mhi.ko
  DEPMOD  /lib/modules/6.12.0-rocky10_0_rebuild-64262157f189+
[TIMER]{MODULES}: 8s
Making Install
  INSTALL /boot
[TIMER]{INSTALL}: 18s
Checking kABI
kABI check passed
Setting Default Kernel to /boot/vmlinuz-6.12.0-rocky10_0_rebuild-64262157f189+ and Index to 0
Hopefully Grub2.0 took everything ... rebooting after time metrices
[TIMER]{MRPROPER}: 7s
[TIMER]{BUILD}: 2005s
[TIMER]{MODULES}: 8s
[TIMER]{INSTALL}: 18s
[TIMER]{TOTAL} 2043s
Rebooting in 10 seconds

KSelfTest

[jmaple@devbox code]$ ./get_kselftest_diff.sh
kselftest.6.12.0-rocky10_0_rebuild-919393e21315+.log
528
kselftest.6.12.0-rocky10_0_rebuild-67dbae5e01fe+.log
506
kselftest.6.12.0-rocky10_0_rebuild-352fd0c92964+.log
506
kselftest.6.12.0-rocky10_0_rebuild-64262157f189+.log
506
Before: kselftest.6.12.0-rocky10_0_rebuild-352fd0c92964+.log
After: kselftest.6.12.0-rocky10_0_rebuild-64262157f189+.log
Diff:
No differences found.

PlaidCat added 30 commits October 11, 2025 03:01
@PlaidCat
RDMA/cxgb4: Notify rdma stack for IB_EVENT_QP_LAST_WQE_REACHED event
52e6882 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Anumula Murali Mohan Reddy <anumula@chelsio.com>
commit 42e6ddd

This patch sends IB_EVENT_QP_LAST_WQE_REACHED event on a QP that is in
error state and associated with an SRQ. This behaviour is incorporated
in flush_qp() which is called when QP transitions to error state.
Supports SRQ drain functionality added by commit 844bc12 ("IB/core:
add support for draining Shared receive queues")

Fixes: 844bc12 ("IB/core: add support for draining Shared receive queues")
	Signed-off-by: Anumula Murali Mohan Reddy <anumula@chelsio.com>
	Signed-off-by: Potnuri Bharat Teja <bharat@chelsio.com>
Link: https://patch.msgid.link/20250107095053.81007-1-anumula@chelsio.com
	Signed-off-by: Leon Romanovsky <leon@kernel.org>
(cherry picked from commit 42e6ddd)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
smb: client: allow parsing zero-length AV pairs
7697699 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Paulo Alcantara <pc@manguebit.org>
commit be77ab6

Zero-length AV pairs should be considered as valid target infos.
Don't skip the next AV pairs that follow them.

	Cc: linux-cifs@vger.kernel.org
	Cc: David Howells <dhowells@redhat.com>
Fixes: 0e8ae9b ("smb: client: parse av pair type 4 in CHALLENGE_MESSAGE")
	Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
	Signed-off-by: Steve French <stfrench@microsoft.com>
(cherry picked from commit be77ab6)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
smb: client: fix session setup against servers that require SPN
54c4fce 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Paulo Alcantara <pc@manguebit.org>
commit 33cfdd7

Some servers might enforce the SPN to be set in the target info
blob (AV pairs) when sending NTLMSSP_AUTH message.  In Windows Server,
this could be enforced with SmbServerNameHardeningLevel set to 2.

Fix this by always appending SPN (cifs/<hostname>) to the existing
list of target infos when setting up NTLMv2 response blob.

	Cc: linux-cifs@vger.kernel.org
	Cc: David Howells <dhowells@redhat.com>
	Reported-by: Pierguido Lambri <plambri@redhat.com>
	Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
	Signed-off-by: Steve French <stfrench@microsoft.com>
(cherry picked from commit 33cfdd7)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
nfsd: don't ignore the return code of svc_proc_register()
8b03690 
jira LE-4365
cve CVE-2025-22026
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Jeff Layton <jlayton@kernel.org>
commit 930b64c

Currently, nfsd_proc_stat_init() ignores the return value of
svc_proc_register(). If the procfile creation fails, then the kernel
will WARN when it tries to remove the entry later.

Fix nfsd_proc_stat_init() to return the same type of pointer as
svc_proc_register(), and fix up nfsd_net_init() to check that and fail
the nfsd_net construction if it occurs.

svc_proc_register() can fail if the dentry can't be allocated, or if an
identical dentry already exists. The second case is pretty unlikely in
the nfsd_net construction codepath, so if this happens, return -ENOMEM.

	Reported-by: syzbot+e34ad04f27991521104c@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-nfs/67a47501.050a0220.19061f.05f9.GAE@google.com/
	Cc: stable@vger.kernel.org # v6.9
	Signed-off-by: Jeff Layton <jlayton@kernel.org>
	Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
(cherry picked from commit 930b64c)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
sctp: linearize cloned gso packets in sctp_rcv
b5f21fa 
jira LE-4365
cve CVE-2025-38718
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Xin Long <lucien.xin@gmail.com>
commit fd60d8a

A cloned head skb still shares these frag skbs in fraglist with the
original head skb. It's not safe to access these frag skbs.

syzbot reported two use-of-uninitialized-memory bugs caused by this:

  BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211
   sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211
   sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998
   sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88
   sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331
   sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122
   __release_sock+0x1da/0x330 net/core/sock.c:3106
   release_sock+0x6b/0x250 net/core/sock.c:3660
   sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360
   sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885
   sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031
   inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851
   sock_sendmsg_nosec net/socket.c:718 [inline]

and

  BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987
   sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987
   sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88
   sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331
   sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148
   __release_sock+0x1d3/0x330 net/core/sock.c:3213
   release_sock+0x6b/0x270 net/core/sock.c:3767
   sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367
   sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886
   sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032
   inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851
   sock_sendmsg_nosec net/socket.c:712 [inline]

This patch fixes it by linearizing cloned gso packets in sctp_rcv().

Fixes: 90017ac ("sctp: Add GSO support")
	Reported-by: syzbot+773e51afe420baaf0e2b@syzkaller.appspotmail.com
	Reported-by: syzbot+70a42f45e76bede082be@syzkaller.appspotmail.com
	Signed-off-by: Xin Long <lucien.xin@gmail.com>
	Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Link: https://patch.msgid.link/dd7dc337b99876d4132d0961f776913719f7d225.1754595611.git.lucien.xin@gmail.com
	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit fd60d8a)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
hv_netvsc: Link queues to NAPIs
d5400ef 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Joe Damato <jdamato@fastly.com>
commit 8b641b5

Use netif_queue_set_napi to link queues to NAPI instances so that they
can be queried with netlink.

Shradha Gupta tested the patch and reported that the results are
as expected:

$ ./tools/net/ynl/cli.py --spec Documentation/netlink/specs/netdev.yaml \
                           --dump queue-get --json='{"ifindex": 2}'

 [{'id': 0, 'ifindex': 2, 'napi-id': 8193, 'type': 'rx'},
  {'id': 1, 'ifindex': 2, 'napi-id': 8194, 'type': 'rx'},
  {'id': 2, 'ifindex': 2, 'napi-id': 8195, 'type': 'rx'},
  {'id': 3, 'ifindex': 2, 'napi-id': 8196, 'type': 'rx'},
  {'id': 4, 'ifindex': 2, 'napi-id': 8197, 'type': 'rx'},
  {'id': 5, 'ifindex': 2, 'napi-id': 8198, 'type': 'rx'},
  {'id': 6, 'ifindex': 2, 'napi-id': 8199, 'type': 'rx'},
  {'id': 7, 'ifindex': 2, 'napi-id': 8200, 'type': 'rx'},
  {'id': 0, 'ifindex': 2, 'napi-id': 8193, 'type': 'tx'},
  {'id': 1, 'ifindex': 2, 'napi-id': 8194, 'type': 'tx'},
  {'id': 2, 'ifindex': 2, 'napi-id': 8195, 'type': 'tx'},
  {'id': 3, 'ifindex': 2, 'napi-id': 8196, 'type': 'tx'},
  {'id': 4, 'ifindex': 2, 'napi-id': 8197, 'type': 'tx'},
  {'id': 5, 'ifindex': 2, 'napi-id': 8198, 'type': 'tx'},
  {'id': 6, 'ifindex': 2, 'napi-id': 8199, 'type': 'tx'},
  {'id': 7, 'ifindex': 2, 'napi-id': 8200, 'type': 'tx'}]

	Signed-off-by: Joe Damato <jdamato@fastly.com>
	Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
	Tested-by: Shradha Gupta <shradhagupta@linux.microsoft.com>
	Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 8b641b5)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
RDMA/mana_ib: Allocate PAGE aligned doorbell index
2631692 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Konstantin Taranov <kotaranov@microsoft.com>
commit 29b7bb9

Allocate a PAGE aligned doorbell index to ensure each process gets a
separate PAGE sized doorbell area space remapped to it in mana_ib_mmap

Fixes: 0266a17 ("RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter")
	Signed-off-by: Shiraz Saleem <shirazsaleem@microsoft.com>
	Signed-off-by: Konstantin Taranov <kotaranov@microsoft.com>
Link: https://patch.msgid.link/1738751405-15041-1-git-send-email-kotaranov@linux.microsoft.com
	Reviewed-by: Long Li <longli@microsoft.com>
	Signed-off-by: Leon Romanovsky <leon@kernel.org>
(cherry picked from commit 29b7bb9)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
net: mana: Support holes in device list reply msg
d185128 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Haiyang Zhang <haiyangz@microsoft.com>
commit 2fc8a34

According to GDMA protocol, holes (zeros) are allowed at the beginning
or middle of the gdma_list_devices_resp message. The existing code
cannot properly handle this, and may miss some devices in the list.

To fix, scan the entire list until the num_of_devs are found, or until
the end of the list.

	Cc: stable@vger.kernel.org
Fixes: ca9c54d ("net: mana: Add a driver for Microsoft Azure Network Adapter (MANA)")
	Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
	Reviewed-by: Long Li <longli@microsoft.com>
	Reviewed-by: Shradha Gupta <shradhagupta@microsoft.com>
	Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Link: https://patch.msgid.link/1741723974-1534-1-git-send-email-haiyangz@microsoft.com
	Signed-off-by: Paolo Abeni <pabeni@redhat.com>

(cherry picked from commit 2fc8a34)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
RDMA/mana_ib: Query feature_flags bitmask from FW
e52c63f 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Shiraz Saleem <shirazsaleem@microsoft.com>
commit bad4480

Extend the mana_ib_gd_query_adapter_caps function to retrieve and store
the feature_flags from the firmware response.

	Signed-off-by: Shiraz Saleem <shirazsaleem@microsoft.com>
	Signed-off-by: Konstantin Taranov <kotaranov@microsoft.com>
Link: https://patch.msgid.link/1738751713-16169-2-git-send-email-kotaranov@linux.microsoft.com
	Signed-off-by: Leon Romanovsky <leon@kernel.org>
(cherry picked from commit bad4480)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
RDMA/mana_ib: request error CQEs when supported
4e09c90 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Konstantin Taranov <kotaranov@microsoft.com>
commit cd3c5dd

Request an adapter with error CQEs when it is supported.

	Signed-off-by: Konstantin Taranov <kotaranov@microsoft.com>
Link: https://patch.msgid.link/1738751713-16169-3-git-send-email-kotaranov@linux.microsoft.com
	Signed-off-by: Leon Romanovsky <leon@kernel.org>
(cherry picked from commit cd3c5dd)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE
12f3773 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Shradha Gupta <shradhagupta@linux.microsoft.com>
commit 2731583

Allow the max aggregated pkt size to go up-to GSO_MAX_SIZE for MANA NIC.
This patch only increases the max allowable gso/gro pkt size for MANA
devices and does not change the defaults.
Following are the perf benefits by increasing the pkt aggregate size from
legacy gso_max_size value(64K) to newer one(up-to 511K

IPv4 tests
for i in {1..10}; do netperf -t TCP_RR  -H 10.0.0.5 -p50000 -- -r80000,80000
-O MIN_LATENCY,P90_LATENCY,P99_LATENCY,THROUGHPUT|tail -1; done

min	p90	p99	Throughput		gso_max_size
93	171	194	6594.25
97	154	180	7183.74
95	165	189	6927.86
96	165	188	6976.04
93	154	185	7338.05			64K
93	168	189	6938.03
94	169	189	6784.93
92	166	189	7117.56
94	179	191	6678.44
95	157	183	7277.81

min	p90	p99	Throughput
93	134	146	8448.75
95	134	140	8396.54
94	137	148	8204.12
94	137	148	8244.41
94	128	139	8666.52			80K
94	141	153	8116.86
94	138	149	8163.92
92	135	142	8362.72
92	134	142	8497.57
93	136	148	8393.23

IPv6 Tests
for i in {1..10}; do netperf -t TCP_RR  -H fd00:9013:cadd::4 -p50000 --
-r80000,80000 -O MIN_LATENCY,P90_LATENCY,P99_LATENCY,THROUGHPUT|tail -1; done

min	p90	p99	Throughput		gso_max_size
108	165	170	6673.2
101	169	189	6451.69
101	165	169	6737.65
102	167	175	6614.64
101	178	189	6247.13			64K
107	163	169	6678.63
106	176	187	6350.86
100	164	169	6617.36
102	163	170	6849.21
102	168	175	6605.7

min	p90	p99	Throughput
108	155	166	7183
110	154	163	7268.87
109	152	159	7434.35
107	145	157	7569.15
107	149	164	7496.17			80K
110	154	159	7245.85
108	156	162	7266.24
109	145	158	7526.66
106	145	151	7785.75
111	148	157	7246.65

Tested on azure env with Accelerated Networking enabled and disabled.

	Signed-off-by: Shradha Gupta <shradhagupta@linux.microsoft.com>
	Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
	Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 2731583)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
hv_netvsc: Use VF's tso_max_size value when data path is VF
43ca2a0 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Shradha Gupta <shradhagupta@linux.microsoft.com>
commit 6859209

On Azure, increasing VF's gso/gro packet size to up-to GSO_MAX_SIZE
is not possible without allowing the same for netvsc NIC
(as the NICs are bonded together). For bonded NICs, the min of the max
aggregated pkt size of the members is propagated in the stack.

Therefore, we use netif_set_tso_max_size() to set max aggregated pkt size
to VF's packet size for netvsc too, when the data path is switched over
to the VF
Tested on azure env with Accelerated Networking enabled and disabled.

	Signed-off-by: Shradha Gupta <shradhagupta@linux.microsoft.com>
	Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
	Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 6859209)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
net: mana: Add debug logs in MANA network driver
17ef201 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Erni Sri Satya Vennela <ernis@linux.microsoft.com>
commit 47dfd7a

Add more logs to assist in debugging and monitoring
driver behaviour, making it easier to identify potential
issues  during development and testing.

	Signed-off-by: Erni Sri Satya Vennela <ernis@linux.microsoft.com>
	Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Link: https://patch.msgid.link/1739842455-23899-1-git-send-email-ernis@linux.microsoft.com
	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit 47dfd7a)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
RDMA/mana_ib: Ensure variable err is initialized
6253867 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Kees Bakker <kees@ijzerbout.nl>
commit be35a31

In the function mana_ib_gd_create_dma_region if there are no dma blocks
to process the variable `err` remains uninitialized.

Fixes: 0266a17 ("RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter")
	Signed-off-by: Kees Bakker <kees@ijzerbout.nl>
Link: https://patch.msgid.link/20250221195833.7516C16290A@bout3.ijzerbout.nl
	Reviewed-by: Long Li <longli@microsoft.com>
	Signed-off-by: Leon Romanovsky <leon@kernel.org>
(cherry picked from commit be35a31)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
net: mana: Change the function signature of mana_get_primary_netdev_rcu
8f0db56 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Long Li <longli@microsoft.com>
commit a8445cf
Empty-Commit: Cherry-Pick Conflicts during history rebuild.
Will be included in final tarball splat. Ref for failed cherry-pick at:
ciq/ciq_backports/kernel-6.12.0-55.38.1.el10_0/a8445cfe.failed

Change mana_get_primary_netdev_rcu() to mana_get_primary_netdev(), and
return the ndev with refcount held. The caller is responsible for dropping
the refcount.

Also drop the check for IFF_SLAVE as it is not necessary if the upper
device is present.

	Signed-off-by: Long Li <longli@microsoft.com>
Link: https://patch.msgid.link/1741821332-9392-1-git-send-email-longli@linuxonhyperv.com
	Signed-off-by: Leon Romanovsky <leon@kernel.org>
(cherry picked from commit a8445cf)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>

# Conflicts:
#	drivers/infiniband/hw/mana/mana_ib.h
#	drivers/net/ethernet/microsoft/mana/mana_en.c
@PlaidCat
RDMA/mana_ib: Handle net event for pointing to the current netdev
f96450e 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Long Li <longli@microsoft.com>
commit bee35b7
Empty-Commit: Cherry-Pick Conflicts during history rebuild.
Will be included in final tarball splat. Ref for failed cherry-pick at:
ciq/ciq_backports/kernel-6.12.0-55.38.1.el10_0/bee35b71.failed

When running under Hyper-V, the master device to the RDMA device is always
bonded to this RDMA device. This is not user-configurable.

The master device can be unbind/bind from the kernel. During those events,
the RDMA device should set to the current netdev to reflect the change of
master device from those events.

	Signed-off-by: Long Li <longli@microsoft.com>
Link: https://patch.msgid.link/1741821332-9392-2-git-send-email-longli@linuxonhyperv.com
	Signed-off-by: Leon Romanovsky <leon@kernel.org>
(cherry picked from commit bee35b7)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>

# Conflicts:
#	drivers/infiniband/hw/mana/device.c
#	drivers/infiniband/hw/mana/mana_ib.h
@PlaidCat
net: mana: Add metadata support for xdp mode
885a5df 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Lorenzo Bianconi <lorenzo@kernel.org>
commit c313d35

Set metadata size building the skb from xdp_buff in mana driver.
mana driver sets xdp headroom to XDP_PACKET_HEADROOM so the headroom is
large enough to contain xdp_frame and xdp metadata.
Please note this patch is just compiled tested.

	Reviewed-by: Michal Kubiak <michal.kubiak@intel.com>
	Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Link: https://patch.msgid.link/20250318-mvneta-xdp-meta-v2-6-b6075778f61f@kernel.org
	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit c313d35)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
net: mana: Switch to page pool for jumbo frames
ea2247f 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Haiyang Zhang <haiyangz@microsoft.com>
commit fa37a88

Frag allocators, such as netdev_alloc_frag(), were not designed to
work for fragsz > PAGE_SIZE.

So, switch to page pool for jumbo frames instead of using page frag
allocators. This driver is using page pool for smaller MTUs already.

	Cc: stable@vger.kernel.org
Fixes: 80f6215 ("net: mana: Add support for jumbo frame")
	Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
	Reviewed-by: Long Li <longli@microsoft.com>
	Reviewed-by: Shradha Gupta <shradhagupta@linux.microsoft.com>
Link: https://patch.msgid.link/1742920357-27263-1-git-send-email-haiyangz@microsoft.com
	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit fa37a88)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
net: mana: Add support for Multi Vports on Bare metal
4be1465 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Haiyang Zhang <haiyangz@microsoft.com>
commit 290e5d3

To support Multi Vports on Bare metal, increase the device config response
version. And, skip the register HW vport, and register filter steps, when
the Bare metal hostmode is set.

	Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Link: https://patch.msgid.link/1747671636-5810-1-git-send-email-haiyangz@microsoft.com
	Signed-off-by: Paolo Abeni <pabeni@redhat.com>

(cherry picked from commit 290e5d3)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
net: mana: Record doorbell physical address in PF mode
c80ad53 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Long Li <longli@microsoft.com>
commit e0fca6f

MANA supports RDMA in PF mode. The driver should record the doorbell
physical address when in PF mode.

The doorbell physical address is used by the RDMA driver to map
doorbell pages of the device to user-mode applications through RDMA
verbs interface. In the past, they have been mapped to user-mode while
the device is in VF mode. With the support for PF mode implemented,
also expose those pages in PF mode.

Support for PF mode is implemented in
290e5d3 ("net: mana: Add support for Multi Vports on Bare metal")

	Signed-off-by: Long Li <longli@microsoft.com>
	Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/1750210606-12167-1-git-send-email-longli@linuxonhyperv.com
	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit e0fca6f)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to preven…
69a343b 
…t IPv6 addrconf

jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Li Tian <litian@redhat.com>
commit d7501e0

Set an additional flag IFF_NO_ADDRCONF to prevent ipv6 addrconf.

Commit under Fixes added a new flag change that was not made
to hv_netvsc resulting in the VF being assinged an IPv6.

Fixes: 8a321cf ("net: add IFF_NO_ADDRCONF and use it in bonding to prevent ipv6 addrconf")
	Suggested-by: Cathy Avery <cavery@redhat.com>
	Signed-off-by: Li Tian <litian@redhat.com>
	Reviewed-by: Xin Long <lucien.xin@gmail.com>
Link: https://patch.msgid.link/20250716002607.4927-1-litian@redhat.com
	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit d7501e0)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
net: mana: Expose additional hardware counters for drop and TC via et…
bc28fd4 
…htool.

jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Dipayaan Roy <dipayanroy@linux.microsoft.com>
commit c09ef59

Add support for reporting additional hardware counters for drop and
TC using the ethtool -S interface.

These counters include:

- Aggregate Rx/Tx drop counters
- Per-TC Rx/Tx packet counters
- Per-TC Rx/Tx byte counters
- Per-TC Rx/Tx pause frame counters

The counters are exposed using ethtool_ops->get_ethtool_stats and
ethtool_ops->get_strings. This feature/counters are not available
to all versions of hardware.

	Signed-off-by: Dipayaan Roy <dipayanroy@linux.microsoft.com>
	Reviewed-by: Subbaraya Sundeep <sbhatta@marvell.com>
	Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Link: https://patch.msgid.link/20250609100103.GA7102@linuxonhyperv3.guj3yctzbm1etfxqx2vob5hsef.xx.internal.cloudapp.net
	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit c09ef59)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
net: mana: Add handler for hardware servicing events
193ac9c 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Haiyang Zhang <haiyangz@microsoft.com>
commit 7768c5f

To collaborate with hardware servicing events, upon receiving the special
EQE notification from the HW channel, remove the devices on this bus.
Then, after a waiting period based on the device specs, rescan the parent
bus to recover the devices.

	Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
	Reviewed-by: Shradha Gupta <shradhagupta@linux.microsoft.com>
	Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/1749834034-18498-1-git-send-email-haiyangz@linux.microsoft.com
	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit 7768c5f)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
net: mana: Handle unsupported HWC commands
ac3647b 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Erni Sri Satya Vennela <ernis@linux.microsoft.com>
commit ca8ac48
Empty-Commit: Cherry-Pick Conflicts during history rebuild.
Will be included in final tarball splat. Ref for failed cherry-pick at:
ciq/ciq_backports/kernel-6.12.0-55.38.1.el10_0/ca8ac489.failed

If any of the HWC commands are not recognized by the
underlying hardware, the hardware returns the response
header status of -1. Log the information using
netdev_info_once to avoid multiple error logs in dmesg.

	Signed-off-by: Erni Sri Satya Vennela <ernis@linux.microsoft.com>
	Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
	Reviewed-by: Shradha Gupta <shradhagupta@linux.microsoft.com>
	Reviewed-by: Saurabh Singh Sengar <ssengar@linux.microsoft.com>
	Reviewed-by: Dipayaan Roy <dipayanroy@linux.microsoft.com>
Link: https://patch.msgid.link/1750144656-2021-5-git-send-email-ernis@linux.microsoft.com
	Signed-off-by: Paolo Abeni <pabeni@redhat.com>

(cherry picked from commit ca8ac48)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>

# Conflicts:
#	drivers/net/ethernet/microsoft/mana/mana_en.c
@PlaidCat
net: mana: Set tx_packets to post gso processing packet count
10dec71 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Shradha Gupta <shradhagupta@linux.microsoft.com>
commit 7399ef9

Allow tx_packets and tx_bytes counter in the driver to represent
the packets transmitted post GSO processing.

Currently they are populated as bigger pre-GSO packets and bytes

	Signed-off-by: Shradha Gupta <shradhagupta@linux.microsoft.com>
	Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
	Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 7399ef9)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
net: mana: Handle Reset Request from MANA NIC
8285c64 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Haiyang Zhang <haiyangz@microsoft.com>
commit fbe346c
Empty-Commit: Cherry-Pick Conflicts during history rebuild.
Will be included in final tarball splat. Ref for failed cherry-pick at:
ciq/ciq_backports/kernel-6.12.0-55.38.1.el10_0/fbe346ce.failed

Upon receiving the Reset Request, pause the connection and clean up
queues, wait for the specified period, then resume the NIC.
In the cleanup phase, the HWC is no longer responding, so set hwc_timeout
to zero to skip waiting on the response.

	Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Link: https://patch.msgid.link/1751055983-29760-1-git-send-email-haiyangz@linux.microsoft.com
	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit fbe346c)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>

# Conflicts:
#	drivers/net/ethernet/microsoft/mana/mana_en.c
#	include/net/mana/gdma.h
@PlaidCat
RDMA/mana_ib: Fix DSCP value in modify QP
f8adaac 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Shiraz Saleem <shirazsaleem@microsoft.com>
commit 62de0e6

Convert the traffic_class in GRH to a DSCP value as required by the HW.

Fixes: e095405 ("RDMA/mana_ib: Modify QP state")
	Signed-off-by: Shiraz Saleem <shirazsaleem@microsoft.com>
	Signed-off-by: Konstantin Taranov <kotaranov@microsoft.com>
Link: https://patch.msgid.link/1752143085-4169-1-git-send-email-kotaranov@linux.microsoft.com
	Reviewed-by: Long Li <longli@microsoft.com>
	Signed-off-by: Leon Romanovsky <leon@kernel.org>
(cherry picked from commit 62de0e6)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
hv_netvsc: Fix panic during namespace deletion with VF
cb66817 
jira LE-4365
Rebuild_History Non-Buildable kernel-6.12.0-55.38.1.el10_0
commit-author Haiyang Zhang <haiyangz@microsoft.com>
commit 33caa20

The existing code move the VF NIC to new namespace when NETDEV_REGISTER is
received on netvsc NIC. During deletion of the namespace,
default_device_exit_batch() >> default_device_exit_net() is called. When
netvsc NIC is moved back and registered to the default namespace, it
automatically brings VF NIC back to the default namespace. This will cause
the default_device_exit_net() >> for_each_netdev_safe loop unable to detect
the list end, and hit NULL ptr:

[  231.449420] mana 7870:00:00.0 enP30832s1: Moved VF to namespace with: eth0
[  231.449656] BUG: kernel NULL pointer dereference, address: 0000000000000010
[  231.450246] #PF: supervisor read access in kernel mode
[  231.450579] #PF: error_code(0x0000) - not-present page
[  231.450916] PGD 17b8a8067 P4D 0
[  231.451163] Oops: Oops: 0000 [#1] SMP NOPTI
[  231.451450] CPU: 82 UID: 0 PID: 1394 Comm: kworker/u768:1 Not tainted 6.16.0-rc4+ #3 VOLUNTARY
[  231.452042] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024
[  231.452692] Workqueue: netns cleanup_net
[  231.452947] RIP: 0010:default_device_exit_batch+0x16c/0x3f0
[  231.453326] Code: c0 0c f5 b3 e8 d5 db fe ff 48 85 c0 74 15 48 c7 c2 f8 fd ca b2 be 10 00 00 00 48 8d 7d c0 e8 7b 77 25 00 49 8b 86 28 01 00 00 <48> 8b 50 10 4c 8b 2a 4c 8d 62 f0 49 83 ed 10 4c 39 e0 0f 84 d6 00
[  231.454294] RSP: 0018:ff75fc7c9bf9fd00 EFLAGS: 00010246
[  231.454610] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 61c8864680b583eb
[  231.455094] RDX: ff1fa9f71462d800 RSI: ff75fc7c9bf9fd38 RDI: 0000000030766564
[  231.455686] RBP: ff75fc7c9bf9fd78 R08: 0000000000000000 R09: 0000000000000000
[  231.456126] R10: 0000000000000001 R11: 0000000000000004 R12: ff1fa9f70088e340
[  231.456621] R13: ff1fa9f70088e340 R14: ffffffffb3f50c20 R15: ff1fa9f7103e6340
[  231.457161] FS:  0000000000000000(0000) GS:ff1faa6783a08000(0000) knlGS:0000000000000000
[  231.457707] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  231.458031] CR2: 0000000000000010 CR3: 0000000179ab2006 CR4: 0000000000b73ef0
[  231.458434] Call Trace:
[  231.458600]  <TASK>
[  231.458777]  ops_undo_list+0x100/0x220
[  231.459015]  cleanup_net+0x1b8/0x300
[  231.459285]  process_one_work+0x184/0x340

To fix it, move the ns change to a workqueue, and take rtnl_lock to avoid
changing the netdev list when default_device_exit_net() is using it.

	Cc: stable@vger.kernel.org
Fixes: 4c26280 ("hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event")
	Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
Link: https://patch.msgid.link/1754511711-11188-1-git-send-email-haiyangz@linux.microsoft.com
	Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit 33caa20)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
Rebuild rocky10_0 with kernel-6.12.0-55.38.1.el10_0
352fd0c 
Rebuild_History BUILDABLE
Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50%
Number of commits in upstream range v6.12~1..kernel-mainline: 66177
Number of commits in rpm: 31
Number of commits matched with upstream: 28 (90.32%)
Number of commits in upstream but not in rpm: 66149
Number of commits NOT found in upstream: 3 (9.68%)

Rebuilding Kernel on Branch rocky10_0_rebuild_kernel-6.12.0-55.38.1.el10_0 for kernel-6.12.0-55.38.1.el10_0
Clean Cherry Picks: 24 (85.71%)
Empty Cherry Picks: 4 (14.29%)
_______________________________

Full Details Located here:
ciq/ciq_backports/kernel-6.12.0-55.38.1.el10_0/rebuild.details.txt

Includes:
* git commit header above
* Empty Commits with upstream SHA
* RPM ChangeLog Entries that could not be matched

Individual Empty Commit failures contained in the same containing directory.
The git message for empty commits will have the path for the failed commit.
File names are the first 8 characters of the upstream SHA
@PlaidCat
cxl: core/region - ignore interleave granularity when ways=1
877959e 
jira LE-4395
Rebuild_History Non-Buildable kernel-6.12.0-55.39.1.el10_0
commit-author Gregory Price <gourry@gourry.net>
commit ce32b0c
Empty-Commit: Cherry-Pick Conflicts during history rebuild.
Will be included in final tarball splat. Ref for failed cherry-pick at:
ciq/ciq_backports/kernel-6.12.0-55.39.1.el10_0/ce32b0c9.failed

When validating decoder IW/IG when setting up regions, the granularity
is irrelevant when iw=1 - all accesses will always route to the only
target anyway - so all ig values are "correct". Loosen the requirement
that `ig = (parent_iw * parent_ig)` when iw=1.

On some Zen5 platforms, the platform BIOS specifies a 256-byte
interleave granularity window for host bridges when there is only
one target downstream.  This leads to Linux rejecting the configuration
of a region with a x2 root with two x1 hostbridges.

Decoder Programming:
   root - iw:2 ig:256
   hb1  - iw:1 ig:256  (Linux expects 512)
   hb2  - iw:1 ig:256  (Linux expects 512)
   ep1  - iw:2 ig:256
   ep2  - iw:2 ig:256

This change allows all decoders downstream of a passthrough decoder to
also be configured as passthrough (iw:1 ig:X), but still disallows
downstream decoders from applying subsequent interleaves.

e.g. in the above example if there was another decoder south of hb1
attempting to interleave 2 endpoints - Linux would enforce hb1.ig=512
because the southern decoder would have iw:2 and require ig=pig*piw.

[DJ: Fixed up against 6.15-rc1]

	Signed-off-by: Gregory Price <gourry@gourry.net>
	Reviewed-by: Dave Jiang <dave.jiang@intel.com>
	Tested-by: Li Zhijian <lizhijian@fujitsu.com>
	Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
	Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
	Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Link: https://patch.msgid.link/20250402232552.999634-1-gourry@gourry.net
	Signed-off-by: Dave Jiang <dave.jiang@intel.com>
(cherry picked from commit ce32b0c)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>

# Conflicts:
#	drivers/cxl/core/region.c
@PlaidCat
HID: simplify snto32()
5b4fd69 
jira LE-4395
cve CVE-2025-38556
Rebuild_History Non-Buildable kernel-6.12.0-55.39.1.el10_0
commit-author Dmitry Torokhov <dmitry.torokhov@gmail.com>
commit ae9b956

snto32() does exactly what sign_extend32() does, but handles
potentially malformed data coming from the device. Keep the checks,
but then call sign_extend32() to perform the actual conversion.

	Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Link: https://patch.msgid.link/20241003144656.3786064-1-dmitry.torokhov@gmail.com
	Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
(cherry picked from commit ae9b956)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
HID: stop exporting hid_snto32()
bdd853b 
jira LE-4395
cve CVE-2025-38556
Rebuild_History Non-Buildable kernel-6.12.0-55.39.1.el10_0
commit-author Dmitry Torokhov <dmitry.torokhov@gmail.com>
commit c653ffc

The only user of hid_snto32() is Logitech HID++ driver, which always
calls hid_snto32() with valid size (constant, either 12 or 8) and
therefore can simply use sign_extend32().

Make the switch and remove hid_snto32(). Move snto32() and s32ton() to
avoid introducing forward declaration.

	Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Link: https://patch.msgid.link/20241003144656.3786064-2-dmitry.torokhov@gmail.com
[bentiss: fix checkpatch warning]
	Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
(cherry picked from commit c653ffc)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
HID: core: Harden s32ton() against conversion to 0 bits
e7ebfbb 
jira LE-4395
cve CVE-2025-38556
Rebuild_History Non-Buildable kernel-6.12.0-55.39.1.el10_0
commit-author Alan Stern <stern@rowland.harvard.edu>
commit a6b87bf

Testing by the syzbot fuzzer showed that the HID core gets a
shift-out-of-bounds exception when it tries to convert a 32-bit
quantity to a 0-bit quantity.  Ideally this should never occur, but
there are buggy devices and some might have a report field with size
set to zero; we shouldn't reject the report or the device just because
of that.

Instead, harden the s32ton() routine so that it returns a reasonable
result instead of crashing when it is called with the number of bits
set to 0 -- the same as what snto32() does.

	Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
	Reported-by: syzbot+b63d677d63bcac06cf90@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/linux-usb/68753a08.050a0220.33d347.0008.GAE@google.com/
	Tested-by: syzbot+b63d677d63bcac06cf90@syzkaller.appspotmail.com
Fixes: dde5845 ("[PATCH] Generic HID layer - code split")
	Cc: stable@vger.kernel.org
Link: https://patch.msgid.link/613a66cd-4309-4bce-a4f7-2905f9bce0c9@rowland.harvard.edu
	Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
(cherry picked from commit a6b87bf)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
e5e168e 
jira LE-4395
cve CVE-2025-39757
Rebuild_History Non-Buildable kernel-6.12.0-55.39.1.el10_0
commit-author Takashi Iwai <tiwai@suse.de>
commit ecfd411

UAC3 class segment descriptors need to be verified whether their sizes
match with the declared lengths and whether they fit with the
allocated buffer sizes, too.  Otherwise malicious firmware may lead to
the unexpected OOB accesses.

Fixes: 11785ef ("ALSA: usb-audio: Initial Power Domain support")
Reported-and-tested-by: Youngjun Lee <yjjuny.lee@samsung.com>
	Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20250814081245.8902-2-tiwai@suse.de
	Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit ecfd411)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
ALSA: usb-audio: Fix size validation in convert_chmap_v3()
61b035f 
jira LE-4395
Rebuild_History Non-Buildable kernel-6.12.0-55.39.1.el10_0
commit-author Dan Carpenter <dan.carpenter@linaro.org>
commit 89f0add

The "p" pointer is void so sizeof(*p) is 1.  The intent was to check
sizeof(*cs_desc), which is 3, instead.

Fixes: ecfd411 ("ALSA: usb-audio: Validate UAC3 cluster segment descriptors")
	Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://patch.msgid.link/aKL5kftC1qGt6lpv@stanley.mountain
	Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit 89f0add)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
1e3ceda 
jira LE-4395
cve CVE-2025-38729
Rebuild_History Non-Buildable kernel-6.12.0-55.39.1.el10_0
commit-author Takashi Iwai <tiwai@suse.de>
commit d832ccb

UAC3 power domain descriptors need to be verified with its variable
bLength for avoiding the unexpected OOB accesses by malicious
firmware, too.

Fixes: 9a2fe9b ("ALSA: usb: initial USB Audio Device Class 3.0 support")
Reported-and-tested-by: Youngjun Lee <yjjuny.lee@samsung.com>
	Cc: <stable@vger.kernel.org>
Link: https://patch.msgid.link/20250814081245.8902-1-tiwai@suse.de
	Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit d832ccb)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
wifi: ath12k: Decrement TID on RX peer frag setup error handling
793eed6 
jira LE-4395
cve CVE-2025-39761
Rebuild_History Non-Buildable kernel-6.12.0-55.39.1.el10_0
commit-author Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
commit 7c0884f

Currently, TID is not decremented before peer cleanup, during error
handling path of ath12k_dp_rx_peer_frag_setup(). This could lead to
out-of-bounds access in peer->rx_tid[].

Hence, add a decrement operation for TID, before peer cleanup to
ensures proper cleanup and prevents out-of-bounds access issues when
the RX peer frag setup fails.

Found during code review. Compile tested only.

	Signed-off-by: Karthikeyan Kathirvel <quic_kathirve@quicinc.com>
	Signed-off-by: Sarika Sharma <quic_sarishar@quicinc.com>
	Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com>
Link: https://patch.msgid.link/20250526034713.712592-1-quic_sarishar@quicinc.com
	Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
(cherry picked from commit 7c0884f)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
@PlaidCat
Rebuild rocky10_0 with kernel-6.12.0-55.39.1.el10_0
6426215 
Rebuild_History BUILDABLE
Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50%
Number of commits in upstream range v6.12~1..kernel-mainline: 66177
Number of commits in rpm: 11
Number of commits matched with upstream: 8 (72.73%)
Number of commits in upstream but not in rpm: 66169
Number of commits NOT found in upstream: 3 (27.27%)

Rebuilding Kernel on Branch rocky10_0_rebuild_kernel-6.12.0-55.39.1.el10_0 for kernel-6.12.0-55.39.1.el10_0
Clean Cherry Picks: 7 (87.50%)
Empty Cherry Picks: 1 (12.50%)
_______________________________

Full Details Located here:
ciq/ciq_backports/kernel-6.12.0-55.39.1.el10_0/rebuild.details.txt

Includes:
* git commit header above
* Empty Commits with upstream SHA
* RPM ChangeLog Entries that could not be matched

Individual Empty Commit failures contained in the same containing directory.
The git message for empty commits will have the path for the failed commit.
File names are the first 8 characters of the upstream SHA
@PlaidCat PlaidCat requested a review from a team October 14, 2025 21:17
@PlaidCat PlaidCat self-assigned this Oct 14, 2025
@PlaidCat PlaidCat merged commit 6426215 into rocky10_0 Oct 15, 2025
4 checks passed
@PlaidCat PlaidCat deleted the rocky10_0_rebuild branch October 15, 2025 14:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jdieter jdieter jdieter approved these changes

@shreeya-patel98 shreeya-patel98 shreeya-patel98 approved these changes

Assignees

@PlaidCat PlaidCat

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@PlaidCat @jdieter @shreeya-patel98