From 7acd5d271094c833ab5a2c980adfb1445c62ab75 Mon Sep 17 00:00:00 2001
From: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>
Date: Fri, 26 Sep 2025 00:30:05 +0000
Subject: [PATCH] kernel-5.14.0-620.el9

* Fri Sep 26 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-620.el9]
- use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-107304] {CVE-2025-38498}
- do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-107304] {CVE-2025-38498}
- selftests: netfilter: skip br_netfilter queue tests if kernel is tainted (Waiman Long) [RHEL-107520]
- fhandle: do_handle_open() should get FD with user flags (Waiman Long) [RHEL-107520]
- Documentation/sysctl: coredump: add %%F for pidfd number (Waiman Long) [RHEL-107520]
- pidfs: never refuse ppid == 0 in PIDFD_GET_INFO (Waiman Long) [RHEL-107520]
- fs/fhandle.c: fix a race in call of has_locked_children() (Waiman Long) [RHEL-107520] {CVE-2025-38306}
- coredump: hand a pidfd to the usermode coredump helper (Waiman Long) [RHEL-107520]
- coredump: fix error handling for replace_fd() (Waiman Long) [RHEL-107520]
- pidfs: move O_RDWR into pidfs_alloc_file() (Waiman Long) [RHEL-107520]
- pidfs/selftests: ensure correct headers for ioctl handling (Waiman Long) [RHEL-107520]
- selftests/pidfd: fix header inclusion (Waiman Long) [RHEL-107520]
- pidfs: improve ioctl handling (Waiman Long) [RHEL-107520]
- selftests: remove unneeded include (Waiman Long) [RHEL-107520]
- pidfs: allow bind-mounts (Waiman Long) [RHEL-107520]
- pidfs: lookup pid through rbtree (Waiman Long) [RHEL-107520]
- pidfs: check for valid ioctl commands (Waiman Long) [RHEL-107520]
- pidfs: implement file handle support (Waiman Long) [RHEL-107520]
- exportfs: add permission method (Waiman Long) [RHEL-107520]
- fhandle: pull CAP_DAC_READ_SEARCH check into may_decode_fh() (Waiman Long) [RHEL-107520]
- exportfs: add open method (Waiman Long) [RHEL-107520]
- fhandle: simplify error handling (Waiman Long) [RHEL-107520]
- pseudofs: add support for export_ops (Waiman Long) [RHEL-107520]
- pidfs: support FS_IOC_GETVERSION (Waiman Long) [RHEL-107520]
- pidfs: remove 32bit inode number handling (Waiman Long) [RHEL-107520]
- pidfs: rework inode number allocation (Waiman Long) [RHEL-107520]
- fs: fix is_mnt_ns_file() (Waiman Long) [RHEL-107520]
- pidfd: add ioctl to retrieve pid info (Waiman Long) [RHEL-107520]
- pidfs: check for valid pid namespace (Waiman Long) [RHEL-107520]
- rbtree: provide rb_find_rcu() / rb_find_add_rcu() (Waiman Long) [RHEL-107520]
- file: add fput() cleanup helper (Waiman Long) [RHEL-107520]
- libfs: fix get_stashed_dentry() (Waiman Long) [RHEL-107520] {CVE-2024-46801}
- pidfs: add selftests for new namespace ioctls (Waiman Long) [RHEL-107520]
- pidfs: handle kernels without namespaces cleanly (Waiman Long) [RHEL-107520]
- pidfs: when time ns disabled add check for ioctl (Waiman Long) [RHEL-107520]
- pidfs: allow retrieval of namespace file descriptors (Waiman Long) [RHEL-107520]
- nsfs: add open_namespace() (Waiman Long) [RHEL-107520]
- nsproxy: add helper to go from arbitrary namespace to ns_common (Waiman Long) [RHEL-107520]
- nsproxy: add a cleanup helper for nsproxy (Waiman Long) [RHEL-107520]
- file: add take_fd() cleanup helper (Waiman Long) [RHEL-107520]
- path: add cleanup helper (Waiman Long) [RHEL-107520]
- fhandle: relax open_by_handle_at() permission checks (Waiman Long) [RHEL-107520]
- fs/pidfs: make 'lsof' happy with our inode changes (Waiman Long) [RHEL-107520]
- selftests: pidfd: ksft_exit functions do not return (Waiman Long) [RHEL-107520]
- fs: Annotate struct file_handle with __counted_by() and use struct_size() (Waiman Long) [RHEL-107520]
- selftests/pidfd: Fix wrong expectation (Waiman Long) [RHEL-107520]
- selftests/pidfd: Fix config for pidfd_setns_test (Waiman Long) [RHEL-107520]
- pidfs: remove config option (Waiman Long) [RHEL-107520]
- libfs: improve path_from_stashed() (Waiman Long) [RHEL-107520]
- libfs: add stashed_dentry_prune() (Waiman Long) [RHEL-107520]
- libfs: improve path_from_stashed() helper (Waiman Long) [RHEL-107520]
- pidfs: convert to path_from_stashed() helper (Waiman Long) [RHEL-107520]
- nsfs: convert to path_from_stashed() helper (Waiman Long) [RHEL-107520]
- libfs: add path_from_stashed() (Waiman Long) [RHEL-107520]
- pidfd: add pidfs (Waiman Long) [RHEL-107520]
- pidfd: move struct pidfd_fops (Waiman Long) [RHEL-107520]
- pidfd: allow to override signal scope in pidfd_send_signal() (Waiman Long) [RHEL-107520]
- pidfd: change pidfd_send_signal() to respect PIDFD_THREAD (Waiman Long) [RHEL-107520]
- signal: fill in si_code in prepare_kill_siginfo() (Waiman Long) [RHEL-107520]
- selftests: add ESRCH tests for pidfd_getfd() (Waiman Long) [RHEL-107520]
- pidfd: getfd should always report ESRCH if a task is exiting (Waiman Long) [RHEL-107520]
- pidfd: clone: allow CLONE_THREAD | CLONE_PIDFD together (Waiman Long) [RHEL-107520]
- pidfd: change do_notify_pidfd() to use __wake_up(poll_to_key(EPOLLIN)) (Waiman Long) [RHEL-107520]
- pid: kill the obsolete PIDTYPE_PID code in transfer_pid() (Waiman Long) [RHEL-107520]
- pidfd: kill the no longer needed do_notify_pidfd() in de_thread() (Waiman Long) [RHEL-107520]
- pidfd_poll: report POLLHUP when pid_task() == NULL (Waiman Long) [RHEL-107520]
- pidfd: implement PIDFD_THREAD flag for pidfd_open() (Waiman Long) [RHEL-107520]
- pidfd: don't do_notify_pidfd() if !thread_group_empty() (Waiman Long) [RHEL-107520]
- pidfd: cleanup the usage of __pidfd_prepare's flags (Waiman Long) [RHEL-107520]
- fork: Using clone_flags for legacy clone check (Waiman Long) [RHEL-107520]
- __kill_pgrp_info: simplify the calculation of return value (Waiman Long) [RHEL-107520]
- selftests/pidfd: Fix ksft print formats (Waiman Long) [RHEL-107520]
- fs: convert core infrastructure to new timestamp accessors (Waiman Long) [RHEL-107520]
- fs: new accessor methods for atime and mtime (Waiman Long) [RHEL-107520]
- nsproxy: Convert nsproxy.count to refcount_t (Waiman Long) [RHEL-107520]
- kernfs: convert to ctime accessor functions (Waiman Long) [RHEL-107520]
- selftest: pidfd: Omit long and repeating outputs (Waiman Long) [RHEL-107520]
- convert setns(2) to fdget()/fdput() (Waiman Long) [RHEL-107520]
- fs: consolidate duplicate dt_type helpers (Waiman Long) [RHEL-107520]
- Update relatime comments to include equality (Waiman Long) [RHEL-107520]
- fork: use pidfd_prepare() (Waiman Long) [RHEL-107520]
- pid: add pidfd_prepare() (Waiman Long) [RHEL-107520]
- fork: allow CLONE_NEWTIME in clone3 flags (Waiman Long) [RHEL-107520]
- selftests: pidfd: Fix incorrect kernel headers search path (Waiman Long) [RHEL-107520]
- core_pattern: add CPU specifier (Waiman Long) [RHEL-107520]
- selftests/pidfd_test: Remove the erroneous ',' (Waiman Long) [RHEL-107520]
- selftests: pidfd: Fix compling warnings (Waiman Long) [RHEL-107520]
- ksefltests: pidfd: Fix wait_states: Test terminated by timeout (Waiman Long) [RHEL-107520]
- fork: remove duplicate included header files (Waiman Long) [RHEL-107520]
- signal: Drop signals received after a fatal signal has been processed (Waiman Long) [RHEL-107520]
- signal: Guarantee that SIGNAL_GROUP_EXIT is set on process exit (Waiman Long) [RHEL-107520]
- signal: Ensure SIGNAL_GROUP_EXIT gets set in do_group_exit (Waiman Long) [RHEL-107520]
- dynamic_dname(): drop unused dentry argument (Waiman Long) [RHEL-107520]
- fork: Explicitly set PF_KTHREAD (Waiman Long) [RHEL-107520]
- selftests: fix an unused variable warning in pidfd selftest (Waiman Long) [RHEL-107520]
- selftests: fixup build warnings in pidfd / clone3 tests (Waiman Long) [RHEL-107520]
- pidfd: fix test failure due to stack overflow on some arches (Waiman Long) [RHEL-107520]
- kernel/fork.c: unshare(): use swap() to make code cleaner (Waiman Long) [RHEL-107520]
- kernel/fork.c: unexport get_{mm,task}_exe_file (Waiman Long) [RHEL-107520]
- kernel/pid.c: implement additional checks upon pidfd_create() parameters (Waiman Long) [RHEL-107520]
- arm64: debug: remove debug exception registration infrastructure (Luis Claudio R. Goncalves) [RHEL-65658]
- trap: cleanup trap_init() (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: debug: split bkpt32 exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: debug: split brk64 exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: debug: split hardware watchpoint exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: debug: split single stepping exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: debug: refactor reinstall_suspended_bps() (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: debug: split hardware breakpoint exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: entry: Add entry and exit functions for debug exceptions (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: debug: remove break/step handler registration infrastructure (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: debug: call step handlers statically (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: debug: call software breakpoint handlers statically (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: kretprobes: acquire the regs via a BRK exception (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: kprobes: Return DBG_HOOK_ERROR if kprobes can not handle a BRK (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: Return early when break handler is found on linked-list (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: refactor aarch32_break_handler() (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: debug: clean up single_step_handler logic (Luis Claudio R. Goncalves) [RHEL-65658]
- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (Jeremy Linton) [RHEL-108306]
- arm64: errata: Expand speculative SSBS workaround once more (Jeremy Linton) [RHEL-108306]
- arm64: errata: Expand speculative SSBS workaround (again) (Jeremy Linton) [RHEL-108306]
- tools headers arm64: Sync arm64's cputype.h with the kernel sources (Jeremy Linton) [RHEL-108306]
- arm64: cputype: Add Neoverse-N3 definitions (Jeremy Linton) [RHEL-108306]
- arm64: cputype: Add Cortex-A725 definitions (Jeremy Linton) [RHEL-108306]
- arm64: cputype: Add Cortex-X1C definitions (Jeremy Linton) [RHEL-108306]
- EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh (Joel Savitz) [RHEL-102251]
Resolves: RHEL-102251, RHEL-107304, RHEL-107520, RHEL-108306, RHEL-65658

Signed-off-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>
---
 Makefile.rhelver |   2 +-
 kernel.changelog | 128 ++++++++++++++++++++++++++++++++++++++++++++
 kernel.spec      | 135 +++++++++++++++++++++++++++++++++++++++++++++--
 sources          |   6 +--
 4 files changed, 263 insertions(+), 8 deletions(-)

diff --git a/Makefile.rhelver b/Makefile.rhelver
index 0d2fb31f7..0835726e3 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 8
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 619
+RHEL_RELEASE = 620
 
 #
 # ZSTREAM
diff --git a/kernel.changelog b/kernel.changelog
index fe8b11fc2..c9bae487b 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,131 @@
+* Fri Sep 26 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-620.el9]
+- use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-107304] {CVE-2025-38498}
+- do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-107304] {CVE-2025-38498}
+- selftests: netfilter: skip br_netfilter queue tests if kernel is tainted (Waiman Long) [RHEL-107520]
+- fhandle: do_handle_open() should get FD with user flags (Waiman Long) [RHEL-107520]
+- Documentation/sysctl: coredump: add %%F for pidfd number (Waiman Long) [RHEL-107520]
+- pidfs: never refuse ppid == 0 in PIDFD_GET_INFO (Waiman Long) [RHEL-107520]
+- fs/fhandle.c: fix a race in call of has_locked_children() (Waiman Long) [RHEL-107520] {CVE-2025-38306}
+- coredump: hand a pidfd to the usermode coredump helper (Waiman Long) [RHEL-107520]
+- coredump: fix error handling for replace_fd() (Waiman Long) [RHEL-107520]
+- pidfs: move O_RDWR into pidfs_alloc_file() (Waiman Long) [RHEL-107520]
+- pidfs/selftests: ensure correct headers for ioctl handling (Waiman Long) [RHEL-107520]
+- selftests/pidfd: fix header inclusion (Waiman Long) [RHEL-107520]
+- pidfs: improve ioctl handling (Waiman Long) [RHEL-107520]
+- selftests: remove unneeded include (Waiman Long) [RHEL-107520]
+- pidfs: allow bind-mounts (Waiman Long) [RHEL-107520]
+- pidfs: lookup pid through rbtree (Waiman Long) [RHEL-107520]
+- pidfs: check for valid ioctl commands (Waiman Long) [RHEL-107520]
+- pidfs: implement file handle support (Waiman Long) [RHEL-107520]
+- exportfs: add permission method (Waiman Long) [RHEL-107520]
+- fhandle: pull CAP_DAC_READ_SEARCH check into may_decode_fh() (Waiman Long) [RHEL-107520]
+- exportfs: add open method (Waiman Long) [RHEL-107520]
+- fhandle: simplify error handling (Waiman Long) [RHEL-107520]
+- pseudofs: add support for export_ops (Waiman Long) [RHEL-107520]
+- pidfs: support FS_IOC_GETVERSION (Waiman Long) [RHEL-107520]
+- pidfs: remove 32bit inode number handling (Waiman Long) [RHEL-107520]
+- pidfs: rework inode number allocation (Waiman Long) [RHEL-107520]
+- fs: fix is_mnt_ns_file() (Waiman Long) [RHEL-107520]
+- pidfd: add ioctl to retrieve pid info (Waiman Long) [RHEL-107520]
+- pidfs: check for valid pid namespace (Waiman Long) [RHEL-107520]
+- rbtree: provide rb_find_rcu() / rb_find_add_rcu() (Waiman Long) [RHEL-107520]
+- file: add fput() cleanup helper (Waiman Long) [RHEL-107520]
+- libfs: fix get_stashed_dentry() (Waiman Long) [RHEL-107520] {CVE-2024-46801}
+- pidfs: add selftests for new namespace ioctls (Waiman Long) [RHEL-107520]
+- pidfs: handle kernels without namespaces cleanly (Waiman Long) [RHEL-107520]
+- pidfs: when time ns disabled add check for ioctl (Waiman Long) [RHEL-107520]
+- pidfs: allow retrieval of namespace file descriptors (Waiman Long) [RHEL-107520]
+- nsfs: add open_namespace() (Waiman Long) [RHEL-107520]
+- nsproxy: add helper to go from arbitrary namespace to ns_common (Waiman Long) [RHEL-107520]
+- nsproxy: add a cleanup helper for nsproxy (Waiman Long) [RHEL-107520]
+- file: add take_fd() cleanup helper (Waiman Long) [RHEL-107520]
+- path: add cleanup helper (Waiman Long) [RHEL-107520]
+- fhandle: relax open_by_handle_at() permission checks (Waiman Long) [RHEL-107520]
+- fs/pidfs: make 'lsof' happy with our inode changes (Waiman Long) [RHEL-107520]
+- selftests: pidfd: ksft_exit functions do not return (Waiman Long) [RHEL-107520]
+- fs: Annotate struct file_handle with __counted_by() and use struct_size() (Waiman Long) [RHEL-107520]
+- selftests/pidfd: Fix wrong expectation (Waiman Long) [RHEL-107520]
+- selftests/pidfd: Fix config for pidfd_setns_test (Waiman Long) [RHEL-107520]
+- pidfs: remove config option (Waiman Long) [RHEL-107520]
+- libfs: improve path_from_stashed() (Waiman Long) [RHEL-107520]
+- libfs: add stashed_dentry_prune() (Waiman Long) [RHEL-107520]
+- libfs: improve path_from_stashed() helper (Waiman Long) [RHEL-107520]
+- pidfs: convert to path_from_stashed() helper (Waiman Long) [RHEL-107520]
+- nsfs: convert to path_from_stashed() helper (Waiman Long) [RHEL-107520]
+- libfs: add path_from_stashed() (Waiman Long) [RHEL-107520]
+- pidfd: add pidfs (Waiman Long) [RHEL-107520]
+- pidfd: move struct pidfd_fops (Waiman Long) [RHEL-107520]
+- pidfd: allow to override signal scope in pidfd_send_signal() (Waiman Long) [RHEL-107520]
+- pidfd: change pidfd_send_signal() to respect PIDFD_THREAD (Waiman Long) [RHEL-107520]
+- signal: fill in si_code in prepare_kill_siginfo() (Waiman Long) [RHEL-107520]
+- selftests: add ESRCH tests for pidfd_getfd() (Waiman Long) [RHEL-107520]
+- pidfd: getfd should always report ESRCH if a task is exiting (Waiman Long) [RHEL-107520]
+- pidfd: clone: allow CLONE_THREAD | CLONE_PIDFD together (Waiman Long) [RHEL-107520]
+- pidfd: change do_notify_pidfd() to use __wake_up(poll_to_key(EPOLLIN)) (Waiman Long) [RHEL-107520]
+- pid: kill the obsolete PIDTYPE_PID code in transfer_pid() (Waiman Long) [RHEL-107520]
+- pidfd: kill the no longer needed do_notify_pidfd() in de_thread() (Waiman Long) [RHEL-107520]
+- pidfd_poll: report POLLHUP when pid_task() == NULL (Waiman Long) [RHEL-107520]
+- pidfd: implement PIDFD_THREAD flag for pidfd_open() (Waiman Long) [RHEL-107520]
+- pidfd: don't do_notify_pidfd() if !thread_group_empty() (Waiman Long) [RHEL-107520]
+- pidfd: cleanup the usage of __pidfd_prepare's flags (Waiman Long) [RHEL-107520]
+- fork: Using clone_flags for legacy clone check (Waiman Long) [RHEL-107520]
+- __kill_pgrp_info: simplify the calculation of return value (Waiman Long) [RHEL-107520]
+- selftests/pidfd: Fix ksft print formats (Waiman Long) [RHEL-107520]
+- fs: convert core infrastructure to new timestamp accessors (Waiman Long) [RHEL-107520]
+- fs: new accessor methods for atime and mtime (Waiman Long) [RHEL-107520]
+- nsproxy: Convert nsproxy.count to refcount_t (Waiman Long) [RHEL-107520]
+- kernfs: convert to ctime accessor functions (Waiman Long) [RHEL-107520]
+- selftest: pidfd: Omit long and repeating outputs (Waiman Long) [RHEL-107520]
+- convert setns(2) to fdget()/fdput() (Waiman Long) [RHEL-107520]
+- fs: consolidate duplicate dt_type helpers (Waiman Long) [RHEL-107520]
+- Update relatime comments to include equality (Waiman Long) [RHEL-107520]
+- fork: use pidfd_prepare() (Waiman Long) [RHEL-107520]
+- pid: add pidfd_prepare() (Waiman Long) [RHEL-107520]
+- fork: allow CLONE_NEWTIME in clone3 flags (Waiman Long) [RHEL-107520]
+- selftests: pidfd: Fix incorrect kernel headers search path (Waiman Long) [RHEL-107520]
+- core_pattern: add CPU specifier (Waiman Long) [RHEL-107520]
+- selftests/pidfd_test: Remove the erroneous ',' (Waiman Long) [RHEL-107520]
+- selftests: pidfd: Fix compling warnings (Waiman Long) [RHEL-107520]
+- ksefltests: pidfd: Fix wait_states: Test terminated by timeout (Waiman Long) [RHEL-107520]
+- fork: remove duplicate included header files (Waiman Long) [RHEL-107520]
+- signal: Drop signals received after a fatal signal has been processed (Waiman Long) [RHEL-107520]
+- signal: Guarantee that SIGNAL_GROUP_EXIT is set on process exit (Waiman Long) [RHEL-107520]
+- signal: Ensure SIGNAL_GROUP_EXIT gets set in do_group_exit (Waiman Long) [RHEL-107520]
+- dynamic_dname(): drop unused dentry argument (Waiman Long) [RHEL-107520]
+- fork: Explicitly set PF_KTHREAD (Waiman Long) [RHEL-107520]
+- selftests: fix an unused variable warning in pidfd selftest (Waiman Long) [RHEL-107520]
+- selftests: fixup build warnings in pidfd / clone3 tests (Waiman Long) [RHEL-107520]
+- pidfd: fix test failure due to stack overflow on some arches (Waiman Long) [RHEL-107520]
+- kernel/fork.c: unshare(): use swap() to make code cleaner (Waiman Long) [RHEL-107520]
+- kernel/fork.c: unexport get_{mm,task}_exe_file (Waiman Long) [RHEL-107520]
+- kernel/pid.c: implement additional checks upon pidfd_create() parameters (Waiman Long) [RHEL-107520]
+- arm64: debug: remove debug exception registration infrastructure (Luis Claudio R. Goncalves) [RHEL-65658]
+- trap: cleanup trap_init() (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: split bkpt32 exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: split brk64 exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: split hardware watchpoint exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: split single stepping exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: refactor reinstall_suspended_bps() (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: split hardware breakpoint exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: entry: Add entry and exit functions for debug exceptions (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: remove break/step handler registration infrastructure (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: call step handlers statically (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: call software breakpoint handlers statically (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: kretprobes: acquire the regs via a BRK exception (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: kprobes: Return DBG_HOOK_ERROR if kprobes can not handle a BRK (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: Return early when break handler is found on linked-list (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: refactor aarch32_break_handler() (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: clean up single_step_handler logic (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (Jeremy Linton) [RHEL-108306]
+- arm64: errata: Expand speculative SSBS workaround once more (Jeremy Linton) [RHEL-108306]
+- arm64: errata: Expand speculative SSBS workaround (again) (Jeremy Linton) [RHEL-108306]
+- tools headers arm64: Sync arm64's cputype.h with the kernel sources (Jeremy Linton) [RHEL-108306]
+- arm64: cputype: Add Neoverse-N3 definitions (Jeremy Linton) [RHEL-108306]
+- arm64: cputype: Add Cortex-A725 definitions (Jeremy Linton) [RHEL-108306]
+- arm64: cputype: Add Cortex-X1C definitions (Jeremy Linton) [RHEL-108306]
+- EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh (Joel Savitz) [RHEL-102251]
+Resolves: RHEL-102251, RHEL-107304, RHEL-107520, RHEL-108306, RHEL-65658
+
 * Tue Sep 23 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-619.el9]
 - platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (David Arcari) [RHEL-110754]
 - io_uring/futex: ensure io_futex_wait() cleans up properly on failure (CKI Backport Bot) [RHEL-114337] {CVE-2025-39698}
diff --git a/kernel.spec b/kernel.spec
index d99240533..72f69cfed 100755
--- a/kernel.spec
+++ b/kernel.spec
@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 619
+%define pkgrelease 620
 %define kversion 5
-%define tarfile_release 5.14.0-619.el9
+%define tarfile_release 5.14.0-620.el9
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 619%{?buildid}%{?dist}
+%define specrelease 620%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-619.el9
+%define kabiversion 5.14.0-620.el9
 
 #
 # End of genspec.sh variables
@@ -3684,6 +3684,133 @@ fi
 #
 #
 %changelog
+* Fri Sep 26 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-620.el9]
+- use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-107304] {CVE-2025-38498}
+- do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-107304] {CVE-2025-38498}
+- selftests: netfilter: skip br_netfilter queue tests if kernel is tainted (Waiman Long) [RHEL-107520]
+- fhandle: do_handle_open() should get FD with user flags (Waiman Long) [RHEL-107520]
+- Documentation/sysctl: coredump: add %%F for pidfd number (Waiman Long) [RHEL-107520]
+- pidfs: never refuse ppid == 0 in PIDFD_GET_INFO (Waiman Long) [RHEL-107520]
+- fs/fhandle.c: fix a race in call of has_locked_children() (Waiman Long) [RHEL-107520] {CVE-2025-38306}
+- coredump: hand a pidfd to the usermode coredump helper (Waiman Long) [RHEL-107520]
+- coredump: fix error handling for replace_fd() (Waiman Long) [RHEL-107520]
+- pidfs: move O_RDWR into pidfs_alloc_file() (Waiman Long) [RHEL-107520]
+- pidfs/selftests: ensure correct headers for ioctl handling (Waiman Long) [RHEL-107520]
+- selftests/pidfd: fix header inclusion (Waiman Long) [RHEL-107520]
+- pidfs: improve ioctl handling (Waiman Long) [RHEL-107520]
+- selftests: remove unneeded include (Waiman Long) [RHEL-107520]
+- pidfs: allow bind-mounts (Waiman Long) [RHEL-107520]
+- pidfs: lookup pid through rbtree (Waiman Long) [RHEL-107520]
+- pidfs: check for valid ioctl commands (Waiman Long) [RHEL-107520]
+- pidfs: implement file handle support (Waiman Long) [RHEL-107520]
+- exportfs: add permission method (Waiman Long) [RHEL-107520]
+- fhandle: pull CAP_DAC_READ_SEARCH check into may_decode_fh() (Waiman Long) [RHEL-107520]
+- exportfs: add open method (Waiman Long) [RHEL-107520]
+- fhandle: simplify error handling (Waiman Long) [RHEL-107520]
+- pseudofs: add support for export_ops (Waiman Long) [RHEL-107520]
+- pidfs: support FS_IOC_GETVERSION (Waiman Long) [RHEL-107520]
+- pidfs: remove 32bit inode number handling (Waiman Long) [RHEL-107520]
+- pidfs: rework inode number allocation (Waiman Long) [RHEL-107520]
+- fs: fix is_mnt_ns_file() (Waiman Long) [RHEL-107520]
+- pidfd: add ioctl to retrieve pid info (Waiman Long) [RHEL-107520]
+- pidfs: check for valid pid namespace (Waiman Long) [RHEL-107520]
+- rbtree: provide rb_find_rcu() / rb_find_add_rcu() (Waiman Long) [RHEL-107520]
+- file: add fput() cleanup helper (Waiman Long) [RHEL-107520]
+- libfs: fix get_stashed_dentry() (Waiman Long) [RHEL-107520] {CVE-2024-46801}
+- pidfs: add selftests for new namespace ioctls (Waiman Long) [RHEL-107520]
+- pidfs: handle kernels without namespaces cleanly (Waiman Long) [RHEL-107520]
+- pidfs: when time ns disabled add check for ioctl (Waiman Long) [RHEL-107520]
+- pidfs: allow retrieval of namespace file descriptors (Waiman Long) [RHEL-107520]
+- nsfs: add open_namespace() (Waiman Long) [RHEL-107520]
+- nsproxy: add helper to go from arbitrary namespace to ns_common (Waiman Long) [RHEL-107520]
+- nsproxy: add a cleanup helper for nsproxy (Waiman Long) [RHEL-107520]
+- file: add take_fd() cleanup helper (Waiman Long) [RHEL-107520]
+- path: add cleanup helper (Waiman Long) [RHEL-107520]
+- fhandle: relax open_by_handle_at() permission checks (Waiman Long) [RHEL-107520]
+- fs/pidfs: make 'lsof' happy with our inode changes (Waiman Long) [RHEL-107520]
+- selftests: pidfd: ksft_exit functions do not return (Waiman Long) [RHEL-107520]
+- fs: Annotate struct file_handle with __counted_by() and use struct_size() (Waiman Long) [RHEL-107520]
+- selftests/pidfd: Fix wrong expectation (Waiman Long) [RHEL-107520]
+- selftests/pidfd: Fix config for pidfd_setns_test (Waiman Long) [RHEL-107520]
+- pidfs: remove config option (Waiman Long) [RHEL-107520]
+- libfs: improve path_from_stashed() (Waiman Long) [RHEL-107520]
+- libfs: add stashed_dentry_prune() (Waiman Long) [RHEL-107520]
+- libfs: improve path_from_stashed() helper (Waiman Long) [RHEL-107520]
+- pidfs: convert to path_from_stashed() helper (Waiman Long) [RHEL-107520]
+- nsfs: convert to path_from_stashed() helper (Waiman Long) [RHEL-107520]
+- libfs: add path_from_stashed() (Waiman Long) [RHEL-107520]
+- pidfd: add pidfs (Waiman Long) [RHEL-107520]
+- pidfd: move struct pidfd_fops (Waiman Long) [RHEL-107520]
+- pidfd: allow to override signal scope in pidfd_send_signal() (Waiman Long) [RHEL-107520]
+- pidfd: change pidfd_send_signal() to respect PIDFD_THREAD (Waiman Long) [RHEL-107520]
+- signal: fill in si_code in prepare_kill_siginfo() (Waiman Long) [RHEL-107520]
+- selftests: add ESRCH tests for pidfd_getfd() (Waiman Long) [RHEL-107520]
+- pidfd: getfd should always report ESRCH if a task is exiting (Waiman Long) [RHEL-107520]
+- pidfd: clone: allow CLONE_THREAD | CLONE_PIDFD together (Waiman Long) [RHEL-107520]
+- pidfd: change do_notify_pidfd() to use __wake_up(poll_to_key(EPOLLIN)) (Waiman Long) [RHEL-107520]
+- pid: kill the obsolete PIDTYPE_PID code in transfer_pid() (Waiman Long) [RHEL-107520]
+- pidfd: kill the no longer needed do_notify_pidfd() in de_thread() (Waiman Long) [RHEL-107520]
+- pidfd_poll: report POLLHUP when pid_task() == NULL (Waiman Long) [RHEL-107520]
+- pidfd: implement PIDFD_THREAD flag for pidfd_open() (Waiman Long) [RHEL-107520]
+- pidfd: don't do_notify_pidfd() if !thread_group_empty() (Waiman Long) [RHEL-107520]
+- pidfd: cleanup the usage of __pidfd_prepare's flags (Waiman Long) [RHEL-107520]
+- fork: Using clone_flags for legacy clone check (Waiman Long) [RHEL-107520]
+- __kill_pgrp_info: simplify the calculation of return value (Waiman Long) [RHEL-107520]
+- selftests/pidfd: Fix ksft print formats (Waiman Long) [RHEL-107520]
+- fs: convert core infrastructure to new timestamp accessors (Waiman Long) [RHEL-107520]
+- fs: new accessor methods for atime and mtime (Waiman Long) [RHEL-107520]
+- nsproxy: Convert nsproxy.count to refcount_t (Waiman Long) [RHEL-107520]
+- kernfs: convert to ctime accessor functions (Waiman Long) [RHEL-107520]
+- selftest: pidfd: Omit long and repeating outputs (Waiman Long) [RHEL-107520]
+- convert setns(2) to fdget()/fdput() (Waiman Long) [RHEL-107520]
+- fs: consolidate duplicate dt_type helpers (Waiman Long) [RHEL-107520]
+- Update relatime comments to include equality (Waiman Long) [RHEL-107520]
+- fork: use pidfd_prepare() (Waiman Long) [RHEL-107520]
+- pid: add pidfd_prepare() (Waiman Long) [RHEL-107520]
+- fork: allow CLONE_NEWTIME in clone3 flags (Waiman Long) [RHEL-107520]
+- selftests: pidfd: Fix incorrect kernel headers search path (Waiman Long) [RHEL-107520]
+- core_pattern: add CPU specifier (Waiman Long) [RHEL-107520]
+- selftests/pidfd_test: Remove the erroneous ',' (Waiman Long) [RHEL-107520]
+- selftests: pidfd: Fix compling warnings (Waiman Long) [RHEL-107520]
+- ksefltests: pidfd: Fix wait_states: Test terminated by timeout (Waiman Long) [RHEL-107520]
+- fork: remove duplicate included header files (Waiman Long) [RHEL-107520]
+- signal: Drop signals received after a fatal signal has been processed (Waiman Long) [RHEL-107520]
+- signal: Guarantee that SIGNAL_GROUP_EXIT is set on process exit (Waiman Long) [RHEL-107520]
+- signal: Ensure SIGNAL_GROUP_EXIT gets set in do_group_exit (Waiman Long) [RHEL-107520]
+- dynamic_dname(): drop unused dentry argument (Waiman Long) [RHEL-107520]
+- fork: Explicitly set PF_KTHREAD (Waiman Long) [RHEL-107520]
+- selftests: fix an unused variable warning in pidfd selftest (Waiman Long) [RHEL-107520]
+- selftests: fixup build warnings in pidfd / clone3 tests (Waiman Long) [RHEL-107520]
+- pidfd: fix test failure due to stack overflow on some arches (Waiman Long) [RHEL-107520]
+- kernel/fork.c: unshare(): use swap() to make code cleaner (Waiman Long) [RHEL-107520]
+- kernel/fork.c: unexport get_{mm,task}_exe_file (Waiman Long) [RHEL-107520]
+- kernel/pid.c: implement additional checks upon pidfd_create() parameters (Waiman Long) [RHEL-107520]
+- arm64: debug: remove debug exception registration infrastructure (Luis Claudio R. Goncalves) [RHEL-65658]
+- trap: cleanup trap_init() (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: split bkpt32 exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: split brk64 exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: split hardware watchpoint exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: split single stepping exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: refactor reinstall_suspended_bps() (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: split hardware breakpoint exception entry (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: entry: Add entry and exit functions for debug exceptions (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: remove break/step handler registration infrastructure (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: call step handlers statically (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: call software breakpoint handlers statically (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: kretprobes: acquire the regs via a BRK exception (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: kprobes: Return DBG_HOOK_ERROR if kprobes can not handle a BRK (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: Return early when break handler is found on linked-list (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: refactor aarch32_break_handler() (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: debug: clean up single_step_handler logic (Luis Claudio R. Goncalves) [RHEL-65658]
+- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (Jeremy Linton) [RHEL-108306]
+- arm64: errata: Expand speculative SSBS workaround once more (Jeremy Linton) [RHEL-108306]
+- arm64: errata: Expand speculative SSBS workaround (again) (Jeremy Linton) [RHEL-108306]
+- tools headers arm64: Sync arm64's cputype.h with the kernel sources (Jeremy Linton) [RHEL-108306]
+- arm64: cputype: Add Neoverse-N3 definitions (Jeremy Linton) [RHEL-108306]
+- arm64: cputype: Add Cortex-A725 definitions (Jeremy Linton) [RHEL-108306]
+- arm64: cputype: Add Cortex-X1C definitions (Jeremy Linton) [RHEL-108306]
+- EDAC/amd64: Correct number of UMCs for family 19h models 70h-7fh (Joel Savitz) [RHEL-102251]
+
 * Tue Sep 23 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-619.el9]
 - platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (David Arcari) [RHEL-110754]
 - io_uring/futex: ensure io_futex_wait() cleans up properly on failure (CKI Backport Bot) [RHEL-114337] {CVE-2025-39698}
diff --git a/sources b/sources
index c9e03c761..8714ada8f 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-5.14.0-619.el9.tar.xz) = ebe1805fd7047da5af7075ebd83bc7db1f2b281f8d1e296b3bbaf43b0040990b7a86cd369ff20e984da58b5153b799b30a5fa365d1b76c86a59d191ae4f6f674
-SHA512 (kernel-abi-stablelists-5.14.0-619.el9.tar.bz2) = 04bc24985d882e15350c4307a4f64671791dfea0e8d0e336d48b7c6363200b7a295f8f8f139c8b0ca0eaadae36c3185a521e839f3b41aed58a2e3778d6c9bca5
-SHA512 (kernel-kabi-dw-5.14.0-619.el9.tar.bz2) = 7737d45646bfb22e4dd198c1fb6e9a36bed3d1e1b35a3b522d6b7a4dfa7ba438f525ef51ab487fa9072a238cfa1909fa24a7783a690f564531dcaa95acf1d368
+SHA512 (linux-5.14.0-620.el9.tar.xz) = 3fbea1f27e17d7b3e311f659489fed7a92d4f49e13f65692126c5ad0ebd6e04d868c5b0c80090fe241c03b0f5f70d8503608f3e96249317d5a778467f31f5a22
+SHA512 (kernel-abi-stablelists-5.14.0-620.el9.tar.bz2) = 1dc79c8cb9fcb466a3079d6ce2e9f159153233e8ee86ce8684655151c7a4803cefa701938eccf6e486a01db77e545d2cbd0a9105b6dc61d28b6a7e7c0287ff40
+SHA512 (kernel-kabi-dw-5.14.0-620.el9.tar.bz2) = 85015615f0923bec94df9bb50c1760e4e9fa11909b3571a33dea2f134e7c76d587e71826ce714273b551ada0ff5e503b593ba3a3d4258c8698fee7d7a71cf594