diff --git a/Makefile.rhelver b/Makefile.rhelver
index ec28d50e8..8e4dd98e4 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 2
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 170
+RHEL_RELEASE = 171
 
 #
 # RHEL_REBASE_NUM
diff --git a/kernel-aarch64-64k-debug-rhel.config b/kernel-aarch64-64k-debug-rhel.config
index 31d26f680..25aabb37e 100644
--- a/kernel-aarch64-64k-debug-rhel.config
+++ b/kernel-aarch64-64k-debug-rhel.config
@@ -3429,6 +3429,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 CONFIG_KUNIT=m
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
diff --git a/kernel-aarch64-64k-rhel.config b/kernel-aarch64-64k-rhel.config
index 70ab7b955..4b30c66a1 100644
--- a/kernel-aarch64-64k-rhel.config
+++ b/kernel-aarch64-64k-rhel.config
@@ -3408,6 +3408,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 CONFIG_KUNIT=m
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
diff --git a/kernel-aarch64-debug-rhel.config b/kernel-aarch64-debug-rhel.config
index 0e67688b2..bbddeaada 100644
--- a/kernel-aarch64-debug-rhel.config
+++ b/kernel-aarch64-debug-rhel.config
@@ -3426,6 +3426,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 CONFIG_KUNIT=m
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
diff --git a/kernel-aarch64-rhel.config b/kernel-aarch64-rhel.config
index f87fce301..e1b87be1e 100644
--- a/kernel-aarch64-rhel.config
+++ b/kernel-aarch64-rhel.config
@@ -3405,6 +3405,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 CONFIG_KUNIT=m
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
diff --git a/kernel-aarch64-rt-64k-debug-rhel.config b/kernel-aarch64-rt-64k-debug-rhel.config
index 5b688f811..0d663d047 100644
--- a/kernel-aarch64-rt-64k-debug-rhel.config
+++ b/kernel-aarch64-rt-64k-debug-rhel.config
@@ -3470,6 +3470,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 CONFIG_KUNIT=m
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
diff --git a/kernel-aarch64-rt-64k-rhel.config b/kernel-aarch64-rt-64k-rhel.config
index 3285e7a3e..d30d42e63 100644
--- a/kernel-aarch64-rt-64k-rhel.config
+++ b/kernel-aarch64-rt-64k-rhel.config
@@ -3449,6 +3449,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 CONFIG_KUNIT=m
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
diff --git a/kernel-aarch64-rt-debug-rhel.config b/kernel-aarch64-rt-debug-rhel.config
index 99d50cce1..528c28166 100644
--- a/kernel-aarch64-rt-debug-rhel.config
+++ b/kernel-aarch64-rt-debug-rhel.config
@@ -3467,6 +3467,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 CONFIG_KUNIT=m
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
diff --git a/kernel-aarch64-rt-rhel.config b/kernel-aarch64-rt-rhel.config
index bd62a8538..f1f643985 100644
--- a/kernel-aarch64-rt-rhel.config
+++ b/kernel-aarch64-rt-rhel.config
@@ -3446,6 +3446,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 CONFIG_KUNIT=m
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
diff --git a/kernel-ppc64le-debug-rhel.config b/kernel-ppc64le-debug-rhel.config
index 8a6c85621..e8ef3a0a4 100644
--- a/kernel-ppc64le-debug-rhel.config
+++ b/kernel-ppc64le-debug-rhel.config
@@ -3089,6 +3089,7 @@ CONFIG_KVM_BOOK3S_HV_NESTED_PMU_WORKAROUND=y
 # CONFIG_KVM_BOOK3S_HV_P9_TIMING is not set
 CONFIG_KVM_BOOK3S_PR_POSSIBLE=y
 CONFIG_KVM_GUEST=y
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
diff --git a/kernel-ppc64le-rhel.config b/kernel-ppc64le-rhel.config
index cd7853d1a..0a822faf5 100644
--- a/kernel-ppc64le-rhel.config
+++ b/kernel-ppc64le-rhel.config
@@ -3069,6 +3069,7 @@ CONFIG_KVM_BOOK3S_HV_NESTED_PMU_WORKAROUND=y
 # CONFIG_KVM_BOOK3S_HV_P9_TIMING is not set
 CONFIG_KVM_BOOK3S_PR_POSSIBLE=y
 CONFIG_KVM_GUEST=y
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
diff --git a/kernel-riscv64-debug-rhel.config b/kernel-riscv64-debug-rhel.config
index f5ab8b977..88db87cae 100644
--- a/kernel-riscv64-debug-rhel.config
+++ b/kernel-riscv64-debug-rhel.config
@@ -3055,6 +3055,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 CONFIG_KUNIT=m
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
 CONFIG_KVM_SMM=y
diff --git a/kernel-riscv64-rhel.config b/kernel-riscv64-rhel.config
index 11526dd28..96275efbd 100644
--- a/kernel-riscv64-rhel.config
+++ b/kernel-riscv64-rhel.config
@@ -3035,6 +3035,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 CONFIG_KUNIT=m
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
 CONFIG_KVM_SMM=y
diff --git a/kernel-s390x-debug-rhel.config b/kernel-s390x-debug-rhel.config
index 38e32da70..696d2e8df 100644
--- a/kernel-s390x-debug-rhel.config
+++ b/kernel-s390x-debug-rhel.config
@@ -3065,6 +3065,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 CONFIG_KUNIT=m
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_PROVE_MMU=y
diff --git a/kernel-s390x-rhel.config b/kernel-s390x-rhel.config
index 73baa0af2..812b60db5 100644
--- a/kernel-s390x-rhel.config
+++ b/kernel-s390x-rhel.config
@@ -3045,6 +3045,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 CONFIG_KUNIT=m
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
diff --git a/kernel-s390x-zfcpdump-rhel.config b/kernel-s390x-zfcpdump-rhel.config
index dbf634317..94196cd62 100644
--- a/kernel-s390x-zfcpdump-rhel.config
+++ b/kernel-s390x-zfcpdump-rhel.config
@@ -3053,6 +3053,7 @@ CONFIG_KUNIT_EXAMPLE_TEST=m
 # CONFIG_KUNIT is not set
 CONFIG_KUNIT_TEST=m
 # CONFIG_KUNPENG_HCCS is not set
+CONFIG_KVM_IOAPIC=y
 # CONFIG_KVM is not set
 CONFIG_KVM_MAX_NR_VCPUS=4096
 # CONFIG_KVM_PROVE_MMU is not set
diff --git a/kernel-x86_64-debug-rhel.config b/kernel-x86_64-debug-rhel.config
index 873bc1222..2070483b8 100644
--- a/kernel-x86_64-debug-rhel.config
+++ b/kernel-x86_64-debug-rhel.config
@@ -3316,6 +3316,7 @@ CONFIG_KVM_GUEST=y
 CONFIG_KVM_HYPERV=y
 CONFIG_KVM_INTEL=m
 # CONFIG_KVM_INTEL_PROVE_VE is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_MMU_AUDIT=y
diff --git a/kernel-x86_64-rhel.config b/kernel-x86_64-rhel.config
index d2f0da80c..2c87adaba 100644
--- a/kernel-x86_64-rhel.config
+++ b/kernel-x86_64-rhel.config
@@ -3296,6 +3296,7 @@ CONFIG_KVM_GUEST=y
 CONFIG_KVM_HYPERV=y
 CONFIG_KVM_INTEL=m
 # CONFIG_KVM_INTEL_PROVE_VE is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_MMU_AUDIT=y
diff --git a/kernel-x86_64-rt-debug-rhel.config b/kernel-x86_64-rt-debug-rhel.config
index ef11b6405..81a8a773a 100644
--- a/kernel-x86_64-rt-debug-rhel.config
+++ b/kernel-x86_64-rt-debug-rhel.config
@@ -3357,6 +3357,7 @@ CONFIG_KVM_GUEST=y
 CONFIG_KVM_HYPERV=y
 CONFIG_KVM_INTEL=m
 # CONFIG_KVM_INTEL_PROVE_VE is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_MMU_AUDIT=y
diff --git a/kernel-x86_64-rt-rhel.config b/kernel-x86_64-rt-rhel.config
index f2c6f4f65..389ba8f6a 100644
--- a/kernel-x86_64-rt-rhel.config
+++ b/kernel-x86_64-rt-rhel.config
@@ -3337,6 +3337,7 @@ CONFIG_KVM_GUEST=y
 CONFIG_KVM_HYPERV=y
 CONFIG_KVM_INTEL=m
 # CONFIG_KVM_INTEL_PROVE_VE is not set
+CONFIG_KVM_IOAPIC=y
 CONFIG_KVM=m
 CONFIG_KVM_MAX_NR_VCPUS=4096
 CONFIG_KVM_MMU_AUDIT=y
diff --git a/kernel.changelog b/kernel.changelog
index 7ce9ed074..53afa3024 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,399 @@
+* Tue Dec 09 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-171.el10]
+- be2net: pass wrb_params in case of OS2BMC (Mohammad Heib) [RHEL-96555 RHEL-99249]
+- be2net: Use correct byte order and format string for TCP seq and ack_seq (Mohammad Heib) [RHEL-96555 RHEL-99249]
+- s390/stp: Default to enabled (Mete Durlu) [RHEL-62194]
+- s390/stp: Remove leap second support (Mete Durlu) [RHEL-62194]
+- s390/time: Remove in-kernel time steering (Mete Durlu) [RHEL-62194]
+- s390/sclp: Use monotonic clock in sclp_sync_wait() (Mete Durlu) [RHEL-62194]
+- s390/smp: Use monotonic clock in smp_emergency_stop() (Mete Durlu) [RHEL-62194]
+- s390/time: Use monotonic clock in get_cycles() (Mete Durlu) [RHEL-62194]
+- s390/stp: Remove udelay from stp_sync_clock() (Mete Durlu) [RHEL-62194]
+- ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (Michal Schmidt) [RHEL-127155]
+- iidc/ice/irdma: Update IDC to support multiple consumers (Michal Schmidt) [RHEL-127155]
+- ice: Replace ice specific DSCP mapping num with a kernel define (Michal Schmidt) [RHEL-127155]
+- iidc/ice/irdma: Break iidc.h into two headers (Michal Schmidt) [RHEL-127155]
+- iidc/ice/irdma: Rename to iidc_* convention (Michal Schmidt) [RHEL-127155]
+- iidc/ice/irdma: Rename IDC header file (Michal Schmidt) [RHEL-127155]
+- scsi: qla4xxx: Fix typos in comments (Chris Leech) [RHEL-121668]
+- scsi: qla4xxx: Prevent a potential error pointer dereference (Chris Leech) [RHEL-121668]
+- scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" (Chris Leech) [RHEL-121668]
+- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Chris Leech) [RHEL-121668]
+- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Chris Leech) [RHEL-121668]
+- scsi: iscsi: Fix incorrect error path labels for flashnode operations (Chris Leech) [RHEL-121668]
+- scsi: qla4xxx: Remove duplicate struct crb_addr_pair (Chris Leech) [RHEL-121668]
+- scsi: qedi: Remove unused qedi_get_proto_itt() (Chris Leech) [RHEL-121668]
+- scsi: qedi: Remove unused sysfs functions (Chris Leech) [RHEL-121668]
+- ata: libata-core: relax checks in ata_read_log_directory() (Tomas Henzl) [RHEL-105431]
+- ata: libata-sff: drop nth_page() usage within SG entry (Tomas Henzl) [RHEL-105431]
+- ata: ahci_xgene: Use int type for 'rc' to store error codes (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Allow ignoring the external/hotplug capability of ports (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Fix CDL control (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Fix link state check for IDE/PATA ports (Tomas Henzl) [RHEL-105431]
+- ata: pata_pdc2027x: Remove space before newline and abbreviations (Tomas Henzl) [RHEL-105431]
+- ata: pata_macio: Remove space before newline (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Remove space before newline (Tomas Henzl) [RHEL-105431]
+- ata: libata-sata: Add link_power_management_supported sysfs attribute (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Return aborted command when missing sense and result TF (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Fix ata_to_sense_error() status handling (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Simplify reset operation management (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Remove ata_do_eh() (Tomas Henzl) [RHEL-105431]
+- ata: pata_rdc: Use registered definition for the RDC vendor (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Make ata_eh_followup_srst_needed() return a bool (Tomas Henzl) [RHEL-105431]
+- ata: libata-transport: replace scnprintf with sysfs_emit for simple attributes (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: use bool for fastdrain in ata_eh_set_pending() (Tomas Henzl) [RHEL-105431]
+- ata: libata: Introduce ata_port_eh_scheduled() (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Rename ata_do_set_mode() (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Rename and make ata_set_mode() static (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Make ata_dev_cleanup_cdl_resources() static (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Cache the general purpose log directory (Tomas Henzl) [RHEL-105431]
+- ata: libata_eh: Add debug messages to ata_eh_link_set_lpm() (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Reduce the number of messages signaling broken LPM (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Disallow LPM policy control if not supported (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Disallow LPM policy control for external ports (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Disable DIPM if host lacks support (Tomas Henzl) [RHEL-105431]
+- ata: libata-sata: Disallow changing LPM state if not supported (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Avoid unnecessary resets when revalidating devices (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Advertize device support for DIPM and HIPM features (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Move device LPM quirk settings to ata_dev_config_lpm() (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Introduce ata_dev_config_lpm() (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Move and rename ata_eh_set_lpm() (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Clarify mobile_lpm_policy description (Tomas Henzl) [RHEL-105431]
+- ata: libata: Improve LPM policies description (Tomas Henzl) [RHEL-105431]
+- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Cleanup ata_scsi_offline_dev() (Tomas Henzl) [RHEL-105431]
+- ata: libata: Remove ATA_DFLAG_ZAC device flag (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Use correct DMI identifier for ASUSPRO-D840SA LPM quirk (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Disallow LPM for Asus B550-F motherboard (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Use correct BIOS build date for ThinkPad W541 quirk (Tomas Henzl) [RHEL-105431]
+- ata: pata_cs5536: fix build on 32-bit UML (Tomas Henzl) [RHEL-105431]
+- ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled (Tomas Henzl) [RHEL-105431]
+- ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Keep DIPM disabled while modifying the allowed LPM states (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Rename no_dipm variable to be more clear (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Rename hipm and dipm variables (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Add ata_eh_set_lpm() WARN_ON_ONCE (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Update DIPM comments to reflect reality (Tomas Henzl) [RHEL-105431]
+- ata: libata: Print if port is external on boot (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Do not set the INFORMATION field twice for ATA PT (Tomas Henzl) [RHEL-105431]
+- ata: sata_sx4: Fix spelling mistake "parttern" -> "pattern" (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Improve CDL control (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Fix ata_msense_control_ata_feature() (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (Tomas Henzl) [RHEL-105431]
+- ata: libata-sata: Use BIT() macro to convert tag to bit field (Tomas Henzl) [RHEL-105431]
+- ata: libata-sata: Simplify sense_valid fetching (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Simplify ata_print_version_once (Tomas Henzl) [RHEL-105431]
+- ata: libata-sata: Save all fields from sense data descriptor (Tomas Henzl) [RHEL-105431]
+- ata: libata: Remove unused macro definitions (Tomas Henzl) [RHEL-105431]
+- tools headers x86 cpufeatures: Sync with the kernel sources (Maxim Levitsky) [RHEL-120168]
+- tools headers x86 svm: Sync svm headers with the kernel sources (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Add helper to retrieve current value of user return MSR (Maxim Levitsky) [RHEL-120168]
+- KVM: SEV: Reject non-positive effective lengths during LAUNCH_UPDATE (Maxim Levitsky) [RHEL-120168]
+- selftests/kvm: remove stale TODO in xapic_state_test (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Handle Intel Atom errata that leads to PMU event overcount (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Validate more arch-events in pmu_counters_test (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Reduce number of "unavailable PMU events" combos tested (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Track unavailable_mask for PMU events as 32-bit value (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add timing_info bit support in vmx_pmu_caps_test (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Fix hypercalls docs section number order (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (Maxim Levitsky) [RHEL-120168]
+- KVM: TDX: Fix uninitialized error code for __tdx_bringup() (Maxim Levitsky) [RHEL-120168]
+- crypto: ccp - Add AMD Seamless Firmware Servicing (SFS) driver (Maxim Levitsky) [RHEL-120168]
+- crypto: ccp - Add new HV-Fixed page allocation/free API (Maxim Levitsky) [RHEL-120168]
+- x86/sev: Add new dump_rmp parameter to snp_leak_pages() API (Maxim Levitsky) [RHEL-120168]
+- Documentation: KVM: Call out that KVM strictly follows the 8254 PIT spec (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Use guard() instead of mutex_lock() to simplify code (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/pmu: Correct typo "_COUTNERS" to "_COUNTERS" (Maxim Levitsky) [RHEL-120168]
+- KVM: TDX: Reject fully in-kernel irqchip if EOIs are protected, i.e. for TDX VMs (Maxim Levitsky) [RHEL-120168]
+- x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT (Maxim Levitsky) [RHEL-120168]
+- x86/kvm: Make kvm_async_pf_task_wake() a local static helper (Maxim Levitsky) [RHEL-120168]
+- KVM: TDX: Do not retry locally when the retry is caused by invalid memslot (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Return -EAGAIN if userspace deletes/moves memslot during prefault (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move vector_hashing into lapic.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Make "lowest priority" helpers local to lapic.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move kvm_irq_delivery_to_apic() from irq.c to lapic.c (Maxim Levitsky) [RHEL-120168]
+- KVM: SEV: Save the SEV policy if and only if LAUNCH_START succeeds (Maxim Levitsky) [RHEL-120168]
+- x86/tdx: Skip clearing reclaimed pages unless X86_BUG_TDX_PW_MCE is present (Maxim Levitsky) [RHEL-120168]
+- x86/tdx: Tidy reset_pamt functions (Maxim Levitsky) [RHEL-120168]
+- x86/tdx: Eliminate duplicate code in tdx_clear_page() (Maxim Levitsky) [RHEL-120168]
+- kvm: x86: simplify kvm_vector_to_index() (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: allow CPUID 0xC000_0000 to proceed on Zhaoxin CPUs (Maxim Levitsky) [RHEL-120168]
+- arch/x86/kvm/ioapic: Remove license boilerplate with bad FSF address (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (Maxim Levitsky) [RHEL-120168]
+- KVM: TDX: Remove redundant __GFP_ZERO (Maxim Levitsky) [RHEL-120168]
+- KVM: remove redundant __GFP_NOWARN (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Fix an indentation (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Move Intel and AMD module param helpers to x86/processor.h (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Fix signedness issue with vCPU mmap size check (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (Maxim Levitsky) [RHEL-120168]
+- selftests: harness: Rename is_signed_type() to avoid collision with overflow.h (Maxim Levitsky) [RHEL-120168]
+- KVM: SEV: don't check have_run_cpus in sev_writeback_caches() (Maxim Levitsky) [RHEL-120168]
+- tools headers: Sync KVM headers with the kernel source (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: use array_index_nospec with indices that come from guest (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: fix typo "notifer" (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Reject KVM_SET_TSC_KHZ VM ioctl when vCPUs have been created (Maxim Levitsky) [RHEL-120168]
+- x86/apic: Rename 'reg_off' to 'reg' (Maxim Levitsky) [RHEL-120168]
+- x86/apic: KVM: Move apic_test)vector() to common code (Maxim Levitsky) [RHEL-120168]
+- x86/apic: KVM: Move lapic set/clear_vector() helpers to common code (Maxim Levitsky) [RHEL-120168]
+- x86/apic: KVM: Move lapic get/set helpers to common code (Maxim Levitsky) [RHEL-120168]
+- x86/apic: KVM: Move apic_find_highest_vector() to a common header (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename lapic set/clear vector helpers (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename lapic get/set_reg64() helpers (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename lapic get/set_reg() helpers (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename find_highest_vector() (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Change lapic regs base address to void pointer (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename VEC_POS/REG_POS macro usages (Maxim Levitsky) [RHEL-120168]
+- x86/apic: KVM: Deduplicate APIC vector => register+bit math (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Remove redundant parentheses around 'bitmap' (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Open code setting/clearing of bits in the ISR (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add CONFIG_EVENTFD for irqfd selftest (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Flush cache only on CPUs running SEV guest (Maxim Levitsky) [RHEL-120168]
+- x86/lib: Add WBINVD and WBNOINVD helpers to target multiple CPUs (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Use wbinvd_on_cpu() instead of an open-coded equivalent (Maxim Levitsky) [RHEL-120168]
+- KVM: SEV: Prefer WBNOINVD over WBINVD for cache maintenance efficiency (Maxim Levitsky) [RHEL-120168]
+- x86/lib: Add WBNOINVD helper functions (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Remove wbinvd in sev_vm_destroy() (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Convert arch_timer tests to common helpers to pin task (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Test behavior of KVM_X86_DISABLE_EXITS_APERFMPERF (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Expand set of APIs for pinning tasks to a single CPU (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Provide a capability to disable APERF/MPERF read intercepts (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Replace growing set of *_in_guest bools with a u64 (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Advertise support for LKGS (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Add a macro to track which DEBUGCTL bits are host-owned (Maxim Levitsky) [RHEL-120168]
+- KVM: guest_memfd: Remove redundant kvm_gmem_getattr implementation (Maxim Levitsky) [RHEL-120168]
+- VFIO: KVM: x86: Drop kvm_arch_{start,end}_assignment() (Maxim Levitsky) [RHEL-120168]
+- Revert "kvm: detect assigned device via irqbypass manager" (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Simplify MSR interception logic for IA32_XSS MSR (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Deduplicate MSR interception enabling and disabling (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Defer allocation of shadow MMU's hashed page list (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Use kvzalloc() to allocate VM struct (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Dynamically allocate shadow MMU's hashed page list (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add utilities to create eventfds and do KVM_IRQFD (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Assert that eventfd() succeeds in Xen shinfo test (Maxim Levitsky) [RHEL-120168]
+- KVM: Drop sanity check that per-VM list of irqfds is unique (Maxim Levitsky) [RHEL-120168]
+- KVM: Disallow binding multiple irqfds to an eventfd with a priority waiter (Maxim Levitsky) [RHEL-120168]
+- sched/wait: Add a waitqueue helper for fully exclusive priority waiters (Maxim Levitsky) [RHEL-120168]
+- xen: privcmd: Don't mark eventfd waiter as EXCLUSIVE (Maxim Levitsky) [RHEL-120168]
+- sched/wait: Drop WQ_FLAG_EXCLUSIVE from add_wait_queue_priority() (Maxim Levitsky) [RHEL-120168]
+- KVM: Add irqfd to eventfd's waitqueue while holding irqfds.lock (Maxim Levitsky) [RHEL-120168]
+- KVM: Add irqfd to KVM's list via the vfs_poll() callback (Maxim Levitsky) [RHEL-120168]
+- assorted variants of irqfd setup: convert to CLASS(fd) (Maxim Levitsky) [RHEL-120168]
+- KVM: Initialize irqfd waitqueue callback when adding to the queue (Maxim Levitsky) [RHEL-120168]
+- KVM: Acquire SCRU lock outside of irqfds.lock during assignment (Maxim Levitsky) [RHEL-120168]
+- KVM: Use a local struct to do the initial vfs_poll() on an irqfd (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename kvm_set_msi_irq() => kvm_msi_to_lapic_irq() (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Generate GA log IRQs only if the associated vCPUs is blocking (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Allow KVM to control need for GA log interrupts (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Consolidate IRTE update when toggling AVIC on/off (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Don't check vCPU's blocking status when toggling AVIC on/off (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Fold avic_set_pi_irte_mode() into its sole caller (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: WARN if KVM calls GA IRTE helpers without virtual APIC support (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Use vcpu_idx, not vcpu_id, for GA log tag/metadata (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: WARN if VT-d Posted IRQs aren't possible when starting IRQ bypass (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Decouple device assignment from IRQ bypass (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: WARN if ir_list is non-empty at vCPU free (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: WARN if IRQ bypass routing is updated without in-kernel local APIC (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: WARN if IRQ bypass isn't supported in kvm_pi_update_irte() (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Drop superfluous "has assigned device" check in kvm_pi_update_irte() (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: WARN if updating IRTE GA fields in IOMMU fails (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Process all IRTEs on affinity change even if one update fails (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: WARN if (de)activating guest mode in IOMMU fails (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Don't check for assigned device(s) when activating AVIC (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Don't check for assigned device(s) when updating affinity (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Add IRTE metadata to affined vCPU's list if AVIC is inhibited (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Set pCPU info in IRTE when setting vCPU affinity (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: Factor out helper for manipulating IRTE GA/CPU info (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Infer IsRun from validity of pCPU destination (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: Document which IRTE fields amd_iommu_update_ga() can modify (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Take and hold ir_list_lock across IRTE updates in IOMMU (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Revert IRTE to legacy mode if IOMMU doesn't provide IR metadata (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Don't update IRTE entries when old and new routes were !MSI (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Skip IOMMU IRTE updates if there's no old or new vCPU being targeted (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Track irq_bypass_vcpu in common x86 code (Maxim Levitsky) [RHEL-120168]
+- KVM: Fold kvm_arch_irqfd_route_changed() into kvm_arch_update_irqfd_routing() (Maxim Levitsky) [RHEL-120168]
+- KVM: Don't WARN if updating IRQ bypass route fails (Maxim Levitsky) [RHEL-120168]
+- iommu: KVM: Split "struct vcpu_data" into separate AMD vs. Intel structs (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Clean up return handling in avic_pi_update_irte() (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move posted interrupt tracepoint to common code (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Dedup AVIC vs. PI code for identifying target vCPU (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Nullify irqfd->producer after updating IRTEs (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move IRQ routing/delivery APIs from x86.c => irq.c (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Extract SVM specific code out of get_pi_vcpu_info() (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Stop walking list of routing table entries when updating IRTE (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Stop walking list of routing table entries when updating IRTE (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Pass NULL @vcpu_info to indicate "not guest mode" (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Use pi_desc_addr to derive ga_root_ptr (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add a comment to explain why avic_vcpu_blocking() ignores IRQ blocking (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Suppress PI notifications whenever the vCPU is put (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Disable (x2)AVIC IPI virtualization if CPU has erratum #1235 (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add enable_ipiv param, never set IsRunning if disabled (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Move enable_ipiv knob to common x86 (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop superfluous "cache" of AVIC Physical ID entry pointer (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Track AVIC tables as natively sized pointers, not "struct pages" (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop redundant check in AVIC code on ID during vCPU creation (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Inhibit AVIC if ID is too big instead of rejecting vCPU creation (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop vcpu_svm's pointless avic_backing_page field (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add helper to deduplicate code for getting AVIC backing page (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop pointless masking of kernel page pa's with AVIC HPA masks (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop pointless masking of default APIC base when setting V_APIC_BAR (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Delete now-unused cached/previous GA tag fields (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (Maxim Levitsky) [RHEL-120168]
+- KVM: Pass new routing entries and irqfd when updating IRTEs (Maxim Levitsky) [RHEL-120168]
+- KVM: arm64: WARN if unmapping a vLPI fails in any path (Maxim Levitsky) [RHEL-120168]
+- KVM: fix typo in kvm_vm_set_mem_attributes() comment (Maxim Levitsky) [RHEL-120168]
+- KVM: Add trace_kvm_vm_set_mem_attributes() (Maxim Levitsky) [RHEL-120168]
+- KVM: Allow CPU to reschedule while setting per-page memory attributes (Maxim Levitsky) [RHEL-120168] {CVE-2025-38506}
+- KVM: x86: Fold irq_comm.c into irq.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move IRQ mask notifier infrastructure to I/O APIC emulation (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Fall back to split IRQ chip if full in-kernel chip is unsupported (Maxim Levitsky) [RHEL-120168]
+- KVM: Squash two CONFIG_HAVE_KVM_IRQCHIP #ifdefs into one (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Add CONFIG_KVM_IOAPIC to allow disabling in-kernel I/O APIC (Maxim Levitsky) [RHEL-120168]
+- KVM: Move x86-only tracepoints to x86's trace.h (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Explicitly check for in-kernel PIC when getting ExtINT (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Don't clear PIT's IRQ line status when destroying PIT (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Hardcode the PIT IRQ source ID to '2' (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move kvm_{request,free}_irq_source_id() to i8254.c (PIT) (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move kvm_setup_default_irq_routing() into irq.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename irqchip_kernel() to irqchip_full() (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move KVM_{GET,SET}_IRQCHIP ioctl helpers to irq.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move PIT ioctl helpers to i8254.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Drop superfluous kvm_hv_set_sint() => kvm_hv_synic_set_irq() wrapper (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Drop superfluous kvm_set_ioapic_irq() => kvm_ioapic_set_irq() wrapper (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Drop superfluous kvm_set_pic_irq() => kvm_pic_set_irq() wrapper (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Trigger I/O APIC route rescan in kvm_arch_irq_routing_update() (Maxim Levitsky) [RHEL-120168]
+- KVM: Assert that slots_lock is held when resetting per-vCPU dirty rings (Maxim Levitsky) [RHEL-120168]
+- KVM: Use mask of harvested dirty ring entries to coalesce dirty ring resets (Maxim Levitsky) [RHEL-120168]
+- KVM: Check for empty mask of harvested dirty ring entries in caller (Maxim Levitsky) [RHEL-120168]
+- KVM: Conditionally reschedule when resetting the dirty ring (Maxim Levitsky) [RHEL-120168]
+- KVM: Bail from the dirty ring reset flow if a signal is pending (Maxim Levitsky) [RHEL-120168]
+- KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Print a more helpful message for EACCESS in access tracking test (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Play nice with EACCES errors in open_path_or_exit() (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add __open_path_or_exit() variant to provide extra help info (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Verify KVM is loaded when getting a KVM module param (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Fix spelling of 'occurrences' in sparsebit.c comments (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Allow SNP guest policy to specify SINGLE_SOCKET (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Allow SNP guest policy disallow running with SMT enabled (Maxim Levitsky) [RHEL-120168]
+- KVM: TDX: Move TDX hardware setup from main.c to tdx.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Exempt nested EPT page tables from !USER, CR0.WP=0 logic (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Refactor handling of SIPI_RECEIVED when setting MP_STATE (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move INIT_RECEIVED vs. INIT/SIPI blocked check to KVM_RUN (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: WARN and reject KVM_RUN if vCPU's MP_STATE is SIPI_RECEIVED (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Verify KVM disable interception (for userspace) on filter change (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Simplify userspace filter logic when disabling MSR interception (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add a helper to allocate and initialize permissions bitmaps (Maxim Levitsky) [RHEL-120168]
+- KVM: nSVM: Merge MSRPM in 64-bit chunks on 64-bit kernels (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Return -EINVAL instead of MSR_INVALID to signal out-of-range MSR (Maxim Levitsky) [RHEL-120168]
+- KVM: nSVM: Access MSRPM in 4-byte chunks only for merging L0 and L1 bitmaps (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Store MSRPM pointer as "void *" instead of "u32 *" (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Move svm_msrpm_offset() to nested.c (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop explicit check on MSRPM offset when emulating SEV-ES accesses (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Merge "after set CPUID" intercept recalc helpers (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Fold svm_vcpu_init_msrpm() into its sole caller (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Rename init_vmcb_after_set_cpuid() to make it intercepts specific (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename msr_filter_changed() => recalc_msr_intercepts() (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Manually recalc all MSR intercepts on userspace MSR filter change (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Manually recalc all MSR intercepts on userspace MSR filter change (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move definition of X2APIC_MSR() to lapic.h (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop "always" flag from list of possible passthrough MSRs (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Implement and adopt VMX style MSR intercepts APIs (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add helpers for accessing MSR bitmap that don't rely on offsets (Maxim Levitsky) [RHEL-120168]
+- KVM: nSVM: Don't initialize vmcb02 MSRPM with vmcb01's "always passthrough" (Maxim Levitsky) [RHEL-120168]
+- KVM: nSVM: Omit SEV-ES specific passthrough MSRs from L0+L1 bitmap merge (Maxim Levitsky) [RHEL-120168]
+- KVM: nSVM: Use dedicated array of MSRPM offsets to merge L0 and L1 bitmaps (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Clean up macros related to architectural MSRPM definitions (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Massage name and param of helper that merges vmcb01 and vmcb12 MSRPMs (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Use non-atomic bit ops to manipulate "shadow" MSR intercepts (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Kill the VM instead of the host if MSR interception is buggy (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Use ARRAY_SIZE() to iterate over direct_access_msrs (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Tag MSR bitmap initialization helpers with __init (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Don't BUG if setting up the MSR intercept bitmaps fails (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Allocate IOPM pages after initial setup in svm_hardware_setup() (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls (Maxim Levitsky) [RHEL-120168] {CVE-2025-38469}
+- KVM: Documentation: document how KVM is tested (Maxim Levitsky) [RHEL-120168]
+- KVM: Documentation: minimal updates to review-checklist.rst (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add back the missing check of MONITOR/MWAIT availability (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Initialize vmsa_pa in VMCB to INVALID_PAGE if VMSA page is NULL (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (Maxim Levitsky) [RHEL-120168] {CVE-2025-38455}
+- x86/traps: Initialize DR7 by writing its architectural reset value (Maxim Levitsky) [RHEL-120168]
+- x86/traps: Initialize DR6 by writing its architectural reset value (Maxim Levitsky) [RHEL-120168]
+- KVM: SEV: Disable SEV-SNP support on initialization failure (Maxim Levitsky) [RHEL-120168]
+- Documentation: virt/kvm: remove unreferenced footnote (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: access_tracking_perf_test: Use MGLRU for access tracking (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Build and link selftests/cgroup/lib into KVM selftests (Maxim Levitsky) [RHEL-120168]
+- cgroup: selftests: Add API to find root of specific controller (Maxim Levitsky) [RHEL-120168]
+- cgroup: selftests: Move cgroup_util into its own library (Maxim Levitsky) [RHEL-120168]
+- cgroup: selftests: Move memcontrol specific helpers out of common cgroup_util.c (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add test to verify KVM_CAP_X86_BUS_LOCK_EXIT (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add support for KVM_CAP_X86_BUS_LOCK_EXIT on SVM CPUs (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add architectural definitions/assets for Bus Lock Threshold (Maxim Levitsky) [RHEL-120168]
+- x86/cpufeatures: Add CPUID feature bit for the Bus Lock Threshold (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Make kvm_pio_request.linear_rip a common field for user exits (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add a test for x86's fastops emulation (Maxim Levitsky) [RHEL-120168]
+- KVM: Remove obsolete comment about locking for kvm_io_bus_read/write (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add a basic SEV-SNP smoke test (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Decouple SEV policy from VM type (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Force GUEST_MEMFD flag for SNP VM type (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add library support for interacting with SNP (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Introduce SEV VM type check (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Replace assert() with TEST_ASSERT_EQ() (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add SMT control state helper (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add vmgexit helper (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: SEV-SNP test for KVM_SEV_INIT2 (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Unify cross-vCPU IBPB (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (Maxim Levitsky) [RHEL-120168]
+- x86/sev: Remove unnecessary GFP_KERNEL_ACCOUNT for temporary variables (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Warn if PFN changes on shadow-present SPTE in shadow MMU (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/tdp_mmu: WARN if PFN changes for spurious faults (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/tdp_mmu: Merge prefetch and access checks for spurious faults (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Further check old SPTE is leaf for spurious prefetch fault (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Flush shadow VMCS on emergency reboot (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: avoid frequency indirect calls (Maxim Levitsky) [RHEL-120168]
+- KVM: SEV: Configure "ALLOWED_SEV_FEATURES" VMCB Field (Maxim Levitsky) [RHEL-120168]
+- x86/cpufeatures: Add "Allowed SEV Features" Feature (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add a mutex to dump_vmcb() to prevent concurrent output (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Include the vCPU ID when dumping a VMCB (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add the type of VM for which the VMCB/VMSA is being dumped (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Dump guest register state in dump_vmcb() (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Decrypt SEV VMSA in dump_vmcb() if debugging is enabled (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Use LEAVE in vmx_do_interrupt_irqoff() (Maxim Levitsky) [RHEL-120168]
+- KVM: nVMX: Check MSR load/store list counts during VM-Enter consistency checks (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Fix SNP AP destroy race with VMRUN (Maxim Levitsky) [RHEL-120168]
+- x86/irq: KVM: Add helper for harvesting PIR to deduplicate KVM and posted MSIs (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Use arch_xchg() when processing PIR to avoid instrumentation (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Isolate pure loads from atomic XCHG when processing PIR (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Process PIR using 64-bit accesses on 64-bit kernels (Maxim Levitsky) [RHEL-120168]
+- x86/irq: KVM: Track PIR bitmap as an "unsigned long" array (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Ensure vIRR isn't reloaded at odd times when sync'ing PIR (Maxim Levitsky) [RHEL-120168]
+- x86/irq: Track if IRQ was found in PIR during initial loop (to load PIR vals) (Maxim Levitsky) [RHEL-120168]
+- x86/irq: Ensure initial PIR loads are performed exactly once (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Add module param to control and enumerate device posted IRQs (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Don't send UNBLOCK when starting device assignment without APICv (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rescan I/O APIC routes after EOI interception for old routing (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Add a helper to deduplicate I/O APIC EOI interception logic (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Isolate edge vs. level check in userspace I/O APIC route scanning (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Advertise support for AMD's PREFETCHI (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Sort CPUID_8000_0021_EAX leaf bits properly (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: clean up a return (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Advertise support for WRMSRNS (Maxim Levitsky) [RHEL-120168]
+- x86/msr: Rename the WRMSRNS opcode macro to ASM_WRMSRNS (for KVM) (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Generalize IBRS virtualization on emulated VM-exit (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Propagate AMD's IbrsSameMode to the guest (Maxim Levitsky) [RHEL-120168]
+- x86/cpufeatures: Define X86_FEATURE_AMD_IBRS_SAME_MODE (Maxim Levitsky) [RHEL-120168]
+- x86/virt: Provide "nosnp" boot option for sev kernel command line (Maxim Levitsky) [RHEL-120168]
+Resolves: RHEL-105431, RHEL-120168, RHEL-121668, RHEL-127155, RHEL-62194, RHEL-96555, RHEL-99249
+
 * Fri Dec 05 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-170.el10]
 - blk-cgroup: fix possible deadlock while configuring policy (Ming Lei) [RHEL-129497]
 Resolves: RHEL-129497
diff --git a/kernel.spec b/kernel.spec
index 25020debf..2b4285fa0 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -176,15 +176,15 @@ Summary: The Linux kernel
 %define specrpmversion 6.12.0
 %define specversion 6.12.0
 %define patchversion 6.12
-%define pkgrelease 170
+%define pkgrelease 171
 %define kversion 6
-%define tarfile_release 6.12.0-170.el10
+%define tarfile_release 6.12.0-171.el10
 # This is needed to do merge window version magic
 %define patchlevel 12
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 170%{?buildid}%{?dist}
+%define specrelease 171%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 6.12.0-170.el10
+%define kabiversion 6.12.0-171.el10
 
 # If this variable is set to 1, a bpf selftests build failure will cause a
 # fatal kernel package build error
@@ -4473,6 +4473,401 @@ fi\
 #
 #
 %changelog
+* Tue Dec 09 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-171.el10]
+- be2net: pass wrb_params in case of OS2BMC (Mohammad Heib) [RHEL-96555 RHEL-99249]
+- be2net: Use correct byte order and format string for TCP seq and ack_seq (Mohammad Heib) [RHEL-96555 RHEL-99249]
+- s390/stp: Default to enabled (Mete Durlu) [RHEL-62194]
+- s390/stp: Remove leap second support (Mete Durlu) [RHEL-62194]
+- s390/time: Remove in-kernel time steering (Mete Durlu) [RHEL-62194]
+- s390/sclp: Use monotonic clock in sclp_sync_wait() (Mete Durlu) [RHEL-62194]
+- s390/smp: Use monotonic clock in smp_emergency_stop() (Mete Durlu) [RHEL-62194]
+- s390/time: Use monotonic clock in get_cycles() (Mete Durlu) [RHEL-62194]
+- s390/stp: Remove udelay from stp_sync_clock() (Mete Durlu) [RHEL-62194]
+- ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (Michal Schmidt) [RHEL-127155]
+- iidc/ice/irdma: Update IDC to support multiple consumers (Michal Schmidt) [RHEL-127155]
+- ice: Replace ice specific DSCP mapping num with a kernel define (Michal Schmidt) [RHEL-127155]
+- iidc/ice/irdma: Break iidc.h into two headers (Michal Schmidt) [RHEL-127155]
+- iidc/ice/irdma: Rename to iidc_* convention (Michal Schmidt) [RHEL-127155]
+- iidc/ice/irdma: Rename IDC header file (Michal Schmidt) [RHEL-127155]
+- scsi: qla4xxx: Fix typos in comments (Chris Leech) [RHEL-121668]
+- scsi: qla4xxx: Prevent a potential error pointer dereference (Chris Leech) [RHEL-121668]
+- scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" (Chris Leech) [RHEL-121668]
+- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (Chris Leech) [RHEL-121668]
+- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (Chris Leech) [RHEL-121668]
+- scsi: iscsi: Fix incorrect error path labels for flashnode operations (Chris Leech) [RHEL-121668]
+- scsi: qla4xxx: Remove duplicate struct crb_addr_pair (Chris Leech) [RHEL-121668]
+- scsi: qedi: Remove unused qedi_get_proto_itt() (Chris Leech) [RHEL-121668]
+- scsi: qedi: Remove unused sysfs functions (Chris Leech) [RHEL-121668]
+- ata: libata-core: relax checks in ata_read_log_directory() (Tomas Henzl) [RHEL-105431]
+- ata: libata-sff: drop nth_page() usage within SG entry (Tomas Henzl) [RHEL-105431]
+- ata: ahci_xgene: Use int type for 'rc' to store error codes (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Allow ignoring the external/hotplug capability of ports (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Fix CDL control (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Fix link state check for IDE/PATA ports (Tomas Henzl) [RHEL-105431]
+- ata: pata_pdc2027x: Remove space before newline and abbreviations (Tomas Henzl) [RHEL-105431]
+- ata: pata_macio: Remove space before newline (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Remove space before newline (Tomas Henzl) [RHEL-105431]
+- ata: libata-sata: Add link_power_management_supported sysfs attribute (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Return aborted command when missing sense and result TF (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Fix ata_to_sense_error() status handling (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Simplify reset operation management (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Remove ata_do_eh() (Tomas Henzl) [RHEL-105431]
+- ata: pata_rdc: Use registered definition for the RDC vendor (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Make ata_eh_followup_srst_needed() return a bool (Tomas Henzl) [RHEL-105431]
+- ata: libata-transport: replace scnprintf with sysfs_emit for simple attributes (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: use bool for fastdrain in ata_eh_set_pending() (Tomas Henzl) [RHEL-105431]
+- ata: libata: Introduce ata_port_eh_scheduled() (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Rename ata_do_set_mode() (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Rename and make ata_set_mode() static (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Make ata_dev_cleanup_cdl_resources() static (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Cache the general purpose log directory (Tomas Henzl) [RHEL-105431]
+- ata: libata_eh: Add debug messages to ata_eh_link_set_lpm() (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Reduce the number of messages signaling broken LPM (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Disallow LPM policy control if not supported (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Disallow LPM policy control for external ports (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Disable DIPM if host lacks support (Tomas Henzl) [RHEL-105431]
+- ata: libata-sata: Disallow changing LPM state if not supported (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Avoid unnecessary resets when revalidating devices (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Advertize device support for DIPM and HIPM features (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Move device LPM quirk settings to ata_dev_config_lpm() (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Introduce ata_dev_config_lpm() (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Move and rename ata_eh_set_lpm() (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Clarify mobile_lpm_policy description (Tomas Henzl) [RHEL-105431]
+- ata: libata: Improve LPM policies description (Tomas Henzl) [RHEL-105431]
+- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Cleanup ata_scsi_offline_dev() (Tomas Henzl) [RHEL-105431]
+- ata: libata: Remove ATA_DFLAG_ZAC device flag (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Use correct DMI identifier for ASUSPRO-D840SA LPM quirk (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Disallow LPM for Asus B550-F motherboard (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard (Tomas Henzl) [RHEL-105431]
+- ata: ahci: Use correct BIOS build date for ThinkPad W541 quirk (Tomas Henzl) [RHEL-105431]
+- ata: pata_cs5536: fix build on 32-bit UML (Tomas Henzl) [RHEL-105431]
+- ata: libata-acpi: Do not assume 40 wire cable if no devices are enabled (Tomas Henzl) [RHEL-105431]
+- ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Keep DIPM disabled while modifying the allowed LPM states (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Rename no_dipm variable to be more clear (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Rename hipm and dipm variables (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Add ata_eh_set_lpm() WARN_ON_ONCE (Tomas Henzl) [RHEL-105431]
+- ata: libata-eh: Update DIPM comments to reflect reality (Tomas Henzl) [RHEL-105431]
+- ata: libata: Print if port is external on boot (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Do not set the INFORMATION field twice for ATA PT (Tomas Henzl) [RHEL-105431]
+- ata: sata_sx4: Fix spelling mistake "parttern" -> "pattern" (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Improve CDL control (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Fix ata_msense_control_ata_feature() (Tomas Henzl) [RHEL-105431]
+- ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (Tomas Henzl) [RHEL-105431]
+- ata: libata-sata: Use BIT() macro to convert tag to bit field (Tomas Henzl) [RHEL-105431]
+- ata: libata-sata: Simplify sense_valid fetching (Tomas Henzl) [RHEL-105431]
+- ata: libata-core: Simplify ata_print_version_once (Tomas Henzl) [RHEL-105431]
+- ata: libata-sata: Save all fields from sense data descriptor (Tomas Henzl) [RHEL-105431]
+- ata: libata: Remove unused macro definitions (Tomas Henzl) [RHEL-105431]
+- tools headers x86 cpufeatures: Sync with the kernel sources (Maxim Levitsky) [RHEL-120168]
+- tools headers x86 svm: Sync svm headers with the kernel sources (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Add helper to retrieve current value of user return MSR (Maxim Levitsky) [RHEL-120168]
+- KVM: SEV: Reject non-positive effective lengths during LAUNCH_UPDATE (Maxim Levitsky) [RHEL-120168]
+- selftests/kvm: remove stale TODO in xapic_state_test (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Handle Intel Atom errata that leads to PMU event overcount (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Validate more arch-events in pmu_counters_test (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Reduce number of "unavailable PMU events" combos tested (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Track unavailable_mask for PMU events as 32-bit value (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add timing_info bit support in vmx_pmu_caps_test (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Fix hypercalls docs section number order (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (Maxim Levitsky) [RHEL-120168]
+- KVM: TDX: Fix uninitialized error code for __tdx_bringup() (Maxim Levitsky) [RHEL-120168]
+- crypto: ccp - Add AMD Seamless Firmware Servicing (SFS) driver (Maxim Levitsky) [RHEL-120168]
+- crypto: ccp - Add new HV-Fixed page allocation/free API (Maxim Levitsky) [RHEL-120168]
+- x86/sev: Add new dump_rmp parameter to snp_leak_pages() API (Maxim Levitsky) [RHEL-120168]
+- Documentation: KVM: Call out that KVM strictly follows the 8254 PIT spec (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Use guard() instead of mutex_lock() to simplify code (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/pmu: Correct typo "_COUTNERS" to "_COUNTERS" (Maxim Levitsky) [RHEL-120168]
+- KVM: TDX: Reject fully in-kernel irqchip if EOIs are protected, i.e. for TDX VMs (Maxim Levitsky) [RHEL-120168]
+- x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT (Maxim Levitsky) [RHEL-120168]
+- x86/kvm: Make kvm_async_pf_task_wake() a local static helper (Maxim Levitsky) [RHEL-120168]
+- KVM: TDX: Do not retry locally when the retry is caused by invalid memslot (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Return -EAGAIN if userspace deletes/moves memslot during prefault (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move vector_hashing into lapic.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Make "lowest priority" helpers local to lapic.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move kvm_irq_delivery_to_apic() from irq.c to lapic.c (Maxim Levitsky) [RHEL-120168]
+- KVM: SEV: Save the SEV policy if and only if LAUNCH_START succeeds (Maxim Levitsky) [RHEL-120168]
+- x86/tdx: Skip clearing reclaimed pages unless X86_BUG_TDX_PW_MCE is present (Maxim Levitsky) [RHEL-120168]
+- x86/tdx: Tidy reset_pamt functions (Maxim Levitsky) [RHEL-120168]
+- x86/tdx: Eliminate duplicate code in tdx_clear_page() (Maxim Levitsky) [RHEL-120168]
+- kvm: x86: simplify kvm_vector_to_index() (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: allow CPUID 0xC000_0000 to proceed on Zhaoxin CPUs (Maxim Levitsky) [RHEL-120168]
+- arch/x86/kvm/ioapic: Remove license boilerplate with bad FSF address (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (Maxim Levitsky) [RHEL-120168]
+- KVM: TDX: Remove redundant __GFP_ZERO (Maxim Levitsky) [RHEL-120168]
+- KVM: remove redundant __GFP_NOWARN (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Fix an indentation (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Move Intel and AMD module param helpers to x86/processor.h (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Fix signedness issue with vCPU mmap size check (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (Maxim Levitsky) [RHEL-120168]
+- selftests: harness: Rename is_signed_type() to avoid collision with overflow.h (Maxim Levitsky) [RHEL-120168]
+- KVM: SEV: don't check have_run_cpus in sev_writeback_caches() (Maxim Levitsky) [RHEL-120168]
+- tools headers: Sync KVM headers with the kernel source (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: use array_index_nospec with indices that come from guest (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: fix typo "notifer" (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Reject KVM_SET_TSC_KHZ VM ioctl when vCPUs have been created (Maxim Levitsky) [RHEL-120168]
+- x86/apic: Rename 'reg_off' to 'reg' (Maxim Levitsky) [RHEL-120168]
+- x86/apic: KVM: Move apic_test)vector() to common code (Maxim Levitsky) [RHEL-120168]
+- x86/apic: KVM: Move lapic set/clear_vector() helpers to common code (Maxim Levitsky) [RHEL-120168]
+- x86/apic: KVM: Move lapic get/set helpers to common code (Maxim Levitsky) [RHEL-120168]
+- x86/apic: KVM: Move apic_find_highest_vector() to a common header (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename lapic set/clear vector helpers (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename lapic get/set_reg64() helpers (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename lapic get/set_reg() helpers (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename find_highest_vector() (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Change lapic regs base address to void pointer (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename VEC_POS/REG_POS macro usages (Maxim Levitsky) [RHEL-120168]
+- x86/apic: KVM: Deduplicate APIC vector => register+bit math (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Remove redundant parentheses around 'bitmap' (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Open code setting/clearing of bits in the ISR (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add CONFIG_EVENTFD for irqfd selftest (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Flush cache only on CPUs running SEV guest (Maxim Levitsky) [RHEL-120168]
+- x86/lib: Add WBINVD and WBNOINVD helpers to target multiple CPUs (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Use wbinvd_on_cpu() instead of an open-coded equivalent (Maxim Levitsky) [RHEL-120168]
+- KVM: SEV: Prefer WBNOINVD over WBINVD for cache maintenance efficiency (Maxim Levitsky) [RHEL-120168]
+- x86/lib: Add WBNOINVD helper functions (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Remove wbinvd in sev_vm_destroy() (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Convert arch_timer tests to common helpers to pin task (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Test behavior of KVM_X86_DISABLE_EXITS_APERFMPERF (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Expand set of APIs for pinning tasks to a single CPU (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Provide a capability to disable APERF/MPERF read intercepts (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Replace growing set of *_in_guest bools with a u64 (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Advertise support for LKGS (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Add a macro to track which DEBUGCTL bits are host-owned (Maxim Levitsky) [RHEL-120168]
+- KVM: guest_memfd: Remove redundant kvm_gmem_getattr implementation (Maxim Levitsky) [RHEL-120168]
+- VFIO: KVM: x86: Drop kvm_arch_{start,end}_assignment() (Maxim Levitsky) [RHEL-120168]
+- Revert "kvm: detect assigned device via irqbypass manager" (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Simplify MSR interception logic for IA32_XSS MSR (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Deduplicate MSR interception enabling and disabling (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Defer allocation of shadow MMU's hashed page list (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Use kvzalloc() to allocate VM struct (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Dynamically allocate shadow MMU's hashed page list (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add utilities to create eventfds and do KVM_IRQFD (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Assert that eventfd() succeeds in Xen shinfo test (Maxim Levitsky) [RHEL-120168]
+- KVM: Drop sanity check that per-VM list of irqfds is unique (Maxim Levitsky) [RHEL-120168]
+- KVM: Disallow binding multiple irqfds to an eventfd with a priority waiter (Maxim Levitsky) [RHEL-120168]
+- sched/wait: Add a waitqueue helper for fully exclusive priority waiters (Maxim Levitsky) [RHEL-120168]
+- xen: privcmd: Don't mark eventfd waiter as EXCLUSIVE (Maxim Levitsky) [RHEL-120168]
+- sched/wait: Drop WQ_FLAG_EXCLUSIVE from add_wait_queue_priority() (Maxim Levitsky) [RHEL-120168]
+- KVM: Add irqfd to eventfd's waitqueue while holding irqfds.lock (Maxim Levitsky) [RHEL-120168]
+- KVM: Add irqfd to KVM's list via the vfs_poll() callback (Maxim Levitsky) [RHEL-120168]
+- assorted variants of irqfd setup: convert to CLASS(fd) (Maxim Levitsky) [RHEL-120168]
+- KVM: Initialize irqfd waitqueue callback when adding to the queue (Maxim Levitsky) [RHEL-120168]
+- KVM: Acquire SCRU lock outside of irqfds.lock during assignment (Maxim Levitsky) [RHEL-120168]
+- KVM: Use a local struct to do the initial vfs_poll() on an irqfd (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename kvm_set_msi_irq() => kvm_msi_to_lapic_irq() (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Generate GA log IRQs only if the associated vCPUs is blocking (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Allow KVM to control need for GA log interrupts (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Consolidate IRTE update when toggling AVIC on/off (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Don't check vCPU's blocking status when toggling AVIC on/off (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Fold avic_set_pi_irte_mode() into its sole caller (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: WARN if KVM calls GA IRTE helpers without virtual APIC support (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Use vcpu_idx, not vcpu_id, for GA log tag/metadata (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: WARN if VT-d Posted IRQs aren't possible when starting IRQ bypass (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Decouple device assignment from IRQ bypass (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: WARN if ir_list is non-empty at vCPU free (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: WARN if IRQ bypass routing is updated without in-kernel local APIC (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: WARN if IRQ bypass isn't supported in kvm_pi_update_irte() (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Drop superfluous "has assigned device" check in kvm_pi_update_irte() (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: WARN if updating IRTE GA fields in IOMMU fails (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Process all IRTEs on affinity change even if one update fails (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: WARN if (de)activating guest mode in IOMMU fails (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Don't check for assigned device(s) when activating AVIC (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Don't check for assigned device(s) when updating affinity (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Add IRTE metadata to affined vCPU's list if AVIC is inhibited (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Set pCPU info in IRTE when setting vCPU affinity (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: Factor out helper for manipulating IRTE GA/CPU info (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Infer IsRun from validity of pCPU destination (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: Document which IRTE fields amd_iommu_update_ga() can modify (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Take and hold ir_list_lock across IRTE updates in IOMMU (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Revert IRTE to legacy mode if IOMMU doesn't provide IR metadata (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Don't update IRTE entries when old and new routes were !MSI (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Skip IOMMU IRTE updates if there's no old or new vCPU being targeted (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Track irq_bypass_vcpu in common x86 code (Maxim Levitsky) [RHEL-120168]
+- KVM: Fold kvm_arch_irqfd_route_changed() into kvm_arch_update_irqfd_routing() (Maxim Levitsky) [RHEL-120168]
+- KVM: Don't WARN if updating IRQ bypass route fails (Maxim Levitsky) [RHEL-120168]
+- iommu: KVM: Split "struct vcpu_data" into separate AMD vs. Intel structs (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Clean up return handling in avic_pi_update_irte() (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move posted interrupt tracepoint to common code (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Dedup AVIC vs. PI code for identifying target vCPU (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Nullify irqfd->producer after updating IRTEs (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move IRQ routing/delivery APIs from x86.c => irq.c (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Extract SVM specific code out of get_pi_vcpu_info() (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Stop walking list of routing table entries when updating IRTE (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Stop walking list of routing table entries when updating IRTE (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Pass NULL @vcpu_info to indicate "not guest mode" (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Use pi_desc_addr to derive ga_root_ptr (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add a comment to explain why avic_vcpu_blocking() ignores IRQ blocking (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Suppress PI notifications whenever the vCPU is put (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Disable (x2)AVIC IPI virtualization if CPU has erratum #1235 (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add enable_ipiv param, never set IsRunning if disabled (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Move enable_ipiv knob to common x86 (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop superfluous "cache" of AVIC Physical ID entry pointer (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Track AVIC tables as natively sized pointers, not "struct pages" (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop redundant check in AVIC code on ID during vCPU creation (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Inhibit AVIC if ID is too big instead of rejecting vCPU creation (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop vcpu_svm's pointless avic_backing_page field (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add helper to deduplicate code for getting AVIC backing page (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop pointless masking of kernel page pa's with AVIC HPA masks (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop pointless masking of default APIC base when setting V_APIC_BAR (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (Maxim Levitsky) [RHEL-120168]
+- iommu/amd: KVM: SVM: Delete now-unused cached/previous GA tag fields (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (Maxim Levitsky) [RHEL-120168]
+- KVM: Pass new routing entries and irqfd when updating IRTEs (Maxim Levitsky) [RHEL-120168]
+- KVM: arm64: WARN if unmapping a vLPI fails in any path (Maxim Levitsky) [RHEL-120168]
+- KVM: fix typo in kvm_vm_set_mem_attributes() comment (Maxim Levitsky) [RHEL-120168]
+- KVM: Add trace_kvm_vm_set_mem_attributes() (Maxim Levitsky) [RHEL-120168]
+- KVM: Allow CPU to reschedule while setting per-page memory attributes (Maxim Levitsky) [RHEL-120168] {CVE-2025-38506}
+- KVM: x86: Fold irq_comm.c into irq.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move IRQ mask notifier infrastructure to I/O APIC emulation (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Fall back to split IRQ chip if full in-kernel chip is unsupported (Maxim Levitsky) [RHEL-120168]
+- KVM: Squash two CONFIG_HAVE_KVM_IRQCHIP #ifdefs into one (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Add CONFIG_KVM_IOAPIC to allow disabling in-kernel I/O APIC (Maxim Levitsky) [RHEL-120168]
+- KVM: Move x86-only tracepoints to x86's trace.h (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Explicitly check for in-kernel PIC when getting ExtINT (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Don't clear PIT's IRQ line status when destroying PIT (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Hardcode the PIT IRQ source ID to '2' (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move kvm_{request,free}_irq_source_id() to i8254.c (PIT) (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move kvm_setup_default_irq_routing() into irq.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename irqchip_kernel() to irqchip_full() (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move KVM_{GET,SET}_IRQCHIP ioctl helpers to irq.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move PIT ioctl helpers to i8254.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Drop superfluous kvm_hv_set_sint() => kvm_hv_synic_set_irq() wrapper (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Drop superfluous kvm_set_ioapic_irq() => kvm_ioapic_set_irq() wrapper (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Drop superfluous kvm_set_pic_irq() => kvm_pic_set_irq() wrapper (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Trigger I/O APIC route rescan in kvm_arch_irq_routing_update() (Maxim Levitsky) [RHEL-120168]
+- KVM: Assert that slots_lock is held when resetting per-vCPU dirty rings (Maxim Levitsky) [RHEL-120168]
+- KVM: Use mask of harvested dirty ring entries to coalesce dirty ring resets (Maxim Levitsky) [RHEL-120168]
+- KVM: Check for empty mask of harvested dirty ring entries in caller (Maxim Levitsky) [RHEL-120168]
+- KVM: Conditionally reschedule when resetting the dirty ring (Maxim Levitsky) [RHEL-120168]
+- KVM: Bail from the dirty ring reset flow if a signal is pending (Maxim Levitsky) [RHEL-120168]
+- KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Print a more helpful message for EACCESS in access tracking test (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Play nice with EACCES errors in open_path_or_exit() (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add __open_path_or_exit() variant to provide extra help info (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Verify KVM is loaded when getting a KVM module param (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Fix spelling of 'occurrences' in sparsebit.c comments (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Allow SNP guest policy to specify SINGLE_SOCKET (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Allow SNP guest policy disallow running with SMT enabled (Maxim Levitsky) [RHEL-120168]
+- KVM: TDX: Move TDX hardware setup from main.c to tdx.c (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Exempt nested EPT page tables from !USER, CR0.WP=0 logic (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Refactor handling of SIPI_RECEIVED when setting MP_STATE (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move INIT_RECEIVED vs. INIT/SIPI blocked check to KVM_RUN (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: WARN and reject KVM_RUN if vCPU's MP_STATE is SIPI_RECEIVED (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Verify KVM disable interception (for userspace) on filter change (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Simplify userspace filter logic when disabling MSR interception (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add a helper to allocate and initialize permissions bitmaps (Maxim Levitsky) [RHEL-120168]
+- KVM: nSVM: Merge MSRPM in 64-bit chunks on 64-bit kernels (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Return -EINVAL instead of MSR_INVALID to signal out-of-range MSR (Maxim Levitsky) [RHEL-120168]
+- KVM: nSVM: Access MSRPM in 4-byte chunks only for merging L0 and L1 bitmaps (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Store MSRPM pointer as "void *" instead of "u32 *" (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Move svm_msrpm_offset() to nested.c (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop explicit check on MSRPM offset when emulating SEV-ES accesses (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Merge "after set CPUID" intercept recalc helpers (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Fold svm_vcpu_init_msrpm() into its sole caller (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Rename init_vmcb_after_set_cpuid() to make it intercepts specific (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rename msr_filter_changed() => recalc_msr_intercepts() (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Manually recalc all MSR intercepts on userspace MSR filter change (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Manually recalc all MSR intercepts on userspace MSR filter change (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Move definition of X2APIC_MSR() to lapic.h (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Drop "always" flag from list of possible passthrough MSRs (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES guest (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Implement and adopt VMX style MSR intercepts APIs (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add helpers for accessing MSR bitmap that don't rely on offsets (Maxim Levitsky) [RHEL-120168]
+- KVM: nSVM: Don't initialize vmcb02 MSRPM with vmcb01's "always passthrough" (Maxim Levitsky) [RHEL-120168]
+- KVM: nSVM: Omit SEV-ES specific passthrough MSRs from L0+L1 bitmap merge (Maxim Levitsky) [RHEL-120168]
+- KVM: nSVM: Use dedicated array of MSRPM offsets to merge L0 and L1 bitmaps (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Clean up macros related to architectural MSRPM definitions (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Massage name and param of helper that merges vmcb01 and vmcb12 MSRPMs (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Use non-atomic bit ops to manipulate "shadow" MSR intercepts (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Kill the VM instead of the host if MSR interception is buggy (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Use ARRAY_SIZE() to iterate over direct_access_msrs (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Tag MSR bitmap initialization helpers with __init (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Don't BUG if setting up the MSR intercept bitmaps fails (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Allocate IOPM pages after initial setup in svm_hardware_setup() (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls (Maxim Levitsky) [RHEL-120168] {CVE-2025-38469}
+- KVM: Documentation: document how KVM is tested (Maxim Levitsky) [RHEL-120168]
+- KVM: Documentation: minimal updates to review-checklist.rst (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add back the missing check of MONITOR/MWAIT availability (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Initialize vmsa_pa in VMCB to INVALID_PAGE if VMSA page is NULL (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (Maxim Levitsky) [RHEL-120168] {CVE-2025-38455}
+- x86/traps: Initialize DR7 by writing its architectural reset value (Maxim Levitsky) [RHEL-120168]
+- x86/traps: Initialize DR6 by writing its architectural reset value (Maxim Levitsky) [RHEL-120168]
+- KVM: SEV: Disable SEV-SNP support on initialization failure (Maxim Levitsky) [RHEL-120168]
+- Documentation: virt/kvm: remove unreferenced footnote (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: access_tracking_perf_test: Use MGLRU for access tracking (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Build and link selftests/cgroup/lib into KVM selftests (Maxim Levitsky) [RHEL-120168]
+- cgroup: selftests: Add API to find root of specific controller (Maxim Levitsky) [RHEL-120168]
+- cgroup: selftests: Move cgroup_util into its own library (Maxim Levitsky) [RHEL-120168]
+- cgroup: selftests: Move memcontrol specific helpers out of common cgroup_util.c (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add test to verify KVM_CAP_X86_BUS_LOCK_EXIT (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add support for KVM_CAP_X86_BUS_LOCK_EXIT on SVM CPUs (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add architectural definitions/assets for Bus Lock Threshold (Maxim Levitsky) [RHEL-120168]
+- x86/cpufeatures: Add CPUID feature bit for the Bus Lock Threshold (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Make kvm_pio_request.linear_rip a common field for user exits (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add a test for x86's fastops emulation (Maxim Levitsky) [RHEL-120168]
+- KVM: Remove obsolete comment about locking for kvm_io_bus_read/write (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add a basic SEV-SNP smoke test (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Decouple SEV policy from VM type (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Force GUEST_MEMFD flag for SNP VM type (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add library support for interacting with SNP (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Introduce SEV VM type check (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Replace assert() with TEST_ASSERT_EQ() (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add SMT control state helper (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: Add vmgexit helper (Maxim Levitsky) [RHEL-120168]
+- KVM: selftests: SEV-SNP test for KVM_SEV_INIT2 (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Unify cross-vCPU IBPB (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (Maxim Levitsky) [RHEL-120168]
+- x86/sev: Remove unnecessary GFP_KERNEL_ACCOUNT for temporary variables (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Warn if PFN changes on shadow-present SPTE in shadow MMU (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/tdp_mmu: WARN if PFN changes for spurious faults (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/tdp_mmu: Merge prefetch and access checks for spurious faults (Maxim Levitsky) [RHEL-120168]
+- KVM: x86/mmu: Further check old SPTE is leaf for spurious prefetch fault (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Flush shadow VMCS on emergency reboot (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: avoid frequency indirect calls (Maxim Levitsky) [RHEL-120168]
+- KVM: SEV: Configure "ALLOWED_SEV_FEATURES" VMCB Field (Maxim Levitsky) [RHEL-120168]
+- x86/cpufeatures: Add "Allowed SEV Features" Feature (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add a mutex to dump_vmcb() to prevent concurrent output (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Include the vCPU ID when dumping a VMCB (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Add the type of VM for which the VMCB/VMSA is being dumped (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Dump guest register state in dump_vmcb() (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Decrypt SEV VMSA in dump_vmcb() if debugging is enabled (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Use LEAVE in vmx_do_interrupt_irqoff() (Maxim Levitsky) [RHEL-120168]
+- KVM: nVMX: Check MSR load/store list counts during VM-Enter consistency checks (Maxim Levitsky) [RHEL-120168]
+- KVM: SVM: Fix SNP AP destroy race with VMRUN (Maxim Levitsky) [RHEL-120168]
+- x86/irq: KVM: Add helper for harvesting PIR to deduplicate KVM and posted MSIs (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Use arch_xchg() when processing PIR to avoid instrumentation (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Isolate pure loads from atomic XCHG when processing PIR (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Process PIR using 64-bit accesses on 64-bit kernels (Maxim Levitsky) [RHEL-120168]
+- x86/irq: KVM: Track PIR bitmap as an "unsigned long" array (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Ensure vIRR isn't reloaded at odd times when sync'ing PIR (Maxim Levitsky) [RHEL-120168]
+- x86/irq: Track if IRQ was found in PIR during initial loop (to load PIR vals) (Maxim Levitsky) [RHEL-120168]
+- x86/irq: Ensure initial PIR loads are performed exactly once (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Add module param to control and enumerate device posted IRQs (Maxim Levitsky) [RHEL-120168]
+- KVM: VMX: Don't send UNBLOCK when starting device assignment without APICv (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Rescan I/O APIC routes after EOI interception for old routing (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Add a helper to deduplicate I/O APIC EOI interception logic (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Isolate edge vs. level check in userspace I/O APIC route scanning (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Advertise support for AMD's PREFETCHI (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Sort CPUID_8000_0021_EAX leaf bits properly (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: clean up a return (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Advertise support for WRMSRNS (Maxim Levitsky) [RHEL-120168]
+- x86/msr: Rename the WRMSRNS opcode macro to ASM_WRMSRNS (for KVM) (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Generalize IBRS virtualization on emulated VM-exit (Maxim Levitsky) [RHEL-120168]
+- KVM: x86: Propagate AMD's IbrsSameMode to the guest (Maxim Levitsky) [RHEL-120168]
+- x86/cpufeatures: Define X86_FEATURE_AMD_IBRS_SAME_MODE (Maxim Levitsky) [RHEL-120168]
+- x86/virt: Provide "nosnp" boot option for sev kernel command line (Maxim Levitsky) [RHEL-120168]
+
 * Fri Dec 05 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-170.el10]
 - blk-cgroup: fix possible deadlock while configuring policy (Ming Lei) [RHEL-129497]
 
diff --git a/sources b/sources
index 0065e2c77..916a687fb 100644
--- a/sources
+++ b/sources
@@ -1,5 +1,5 @@
 SHA512 (kernel-abi-stablelists-6.6.0.tar.bz2) = 4f917598056dee5e23814621ec96ff2e4a411c8c4ba9d56ecb01b23cb96431825bedbecfcbaac9338efbf5cb21694d85497fa0bf43e7c80d9cd10bc6dd144dbd
 SHA512 (kernel-kabi-dw-6.6.0.tar.bz2) = 19308cd976031d05e18ef7f5d093218acdb89446418bab0cd956ff12cf66369915b9e64bb66fa9f20939428a60e81884fec5be3529c6c7461738d6540d3cc5c6
-SHA512 (linux-6.12.0-170.el10.tar.xz) = 9b70fa22d2871724b2d0177a30c66e04cfbfd9ecc5863eb1ad156a6bd063d7a3b6a9eeff7edb597895b9d496829eb30968b39aa0ea03ede144b5852faa6f2c13
-SHA512 (kernel-abi-stablelists-6.12.0-170.el10.tar.xz) = 96c79721599f9e4e835858bc7b5bc4c0048bf0ebfc233d6575096e4554f2121aaec217daeda01c38eb34578e86ce1548d1bd64ad596cfb6a4e7a04edf5a4160d
-SHA512 (kernel-kabi-dw-6.12.0-170.el10.tar.xz) = 0620f7f0f5807b616330e70c8311c488b893f8fb6eafc5c84a3b142b10f586273524d6e323f03608678efefe6844d18ea8123c8f52ef566c4693c0d158aec60f
+SHA512 (linux-6.12.0-171.el10.tar.xz) = 4fadd326a99cd069a8634fde150bcc0b3b8a4f987c7555622f8a7232ef69d4564a93442fdb258e31736b9fd41e285ae1404ca26dcf1c295f618b4463a3c5898d
+SHA512 (kernel-abi-stablelists-6.12.0-171.el10.tar.xz) = 6cba930096442b7b8778b7a92c1aca7a9caf19e05c4fd287a1eb599a558c9feddfbdb6c68cd16300ce5103686e7032188b65008c22c94db47cba684d647110a7
+SHA512 (kernel-kabi-dw-6.12.0-171.el10.tar.xz) = 59c50a066149ea2870f5bf332bf288ac14a7b3b3c4234fe0e6892669266e85b2beb72bf83c5d24393c6738ce9c8d7e0565d5864174e3c85bc63d937a667c4fb4