From ce642cc10d128b8f425c58b2a512344e340f365e Mon Sep 17 00:00:00 2001
From: Eduard Abdullin <eabdullin@almalinux.org>
Date: Wed, 4 Feb 2026 08:25:10 +0000
Subject: [PATCH] Debrand for AlmaLinux OS

Use AlmaLinux OS secure boot cert

Enable Btrfs support for all kernel variants

hpsa: bring back deprecated PCI ids #CFHack #CFHack2024

mptsas: bring back deprecated PCI ids #CFHack #CFHack2024

megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024

qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024

qla4xxx: bring back deprecated PCI ids

lpfc: bring back deprecated PCI ids

be2iscsi: bring back deprecated PCI ids

kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained
---
 .gitignore         |  6 ++---
 Makefile.rhelver   |  2 +-
 Module.kabi_x86_64 |  1 +
 kernel.changelog   | 46 ++++++++++++++++++++++++++++++++++++
 kernel.spec        | 58 ++++++++++++++++++++++++++++++++++++++++------
 sources            |  6 ++---
 6 files changed, 105 insertions(+), 14 deletions(-)

diff --git a/.gitignore b/.gitignore
index c22721ac2..8d28bc1da 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,7 @@
 fedoraimaca.x509
-kernel-abi-stablelists-6.12.0-124.29.1.el10_1.tar.xz
-kernel-kabi-dw-6.12.0-124.29.1.el10_1.tar.xz
-linux-6.12.0-124.29.1.el10_1.tar.xz
+kernel-abi-stablelists-6.12.0-124.31.1.el10_1.tar.xz
+kernel-kabi-dw-6.12.0-124.31.1.el10_1.tar.xz
+linux-6.12.0-124.31.1.el10_1.tar.xz
 nvidiagpuoot001.x509
 olima1.x509
 olimaca1.x509
diff --git a/Makefile.rhelver b/Makefile.rhelver
index add841228..e4427791a 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 1
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 124.29.1
+RHEL_RELEASE = 124.31.1
 
 #
 # RHEL_REBASE_NUM
diff --git a/Module.kabi_x86_64 b/Module.kabi_x86_64
index 8fdf5a45a..8f0cef58a 100644
--- a/Module.kabi_x86_64
+++ b/Module.kabi_x86_64
@@ -64,6 +64,7 @@
 0x07bdb893	__ip_dev_find	vmlinux	EXPORT_SYMBOL	
 0x0d542439	__ipv6_addr_type	vmlinux	EXPORT_SYMBOL	
 0x199c4833	__irq_apply_affinity_hint	vmlinux	EXPORT_SYMBOL_GPL	
+0xe08433f8	__kabi__alt_instr	vmlinux	EXPORT_SYMBOL_GPL	
 0xb47efcb0	__kmalloc_cache_node_noprof	vmlinux	EXPORT_SYMBOL	
 0xb34f2269	__kmalloc_cache_noprof	vmlinux	EXPORT_SYMBOL	
 0xa67f04f8	__kmalloc_large_node_noprof	vmlinux	EXPORT_SYMBOL	
diff --git a/kernel.changelog b/kernel.changelog
index f26634d49..96d77eee9 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,49 @@
+* Thu Jan 22 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.31.1.el10_1]
+- i40e: support generic devlink param "max_mac_per_vf" (Mohammad Heib) [RHEL-121647]
+- devlink: Add new "max_mac_per_vf" generic device param (Mohammad Heib) [RHEL-121647]
+- i40e: improve VF MAC filters accounting (Mohammad Heib) [RHEL-121647]
+- KVM: arm64: Hide ID_AA64MMFR2_EL1.NV from guest and userspace (Donald Dutile) [RHEL-134763]
+- scsi: st: Skip buffer flush for information ioctls (Ewan D. Milne) [RHEL-136289]
+- scsi: st: Separate st-unique ioctl handling from SCSI common ioctl handling (Ewan D. Milne) [RHEL-136289]
+- scsi: st: Don't set pos_unknown just after device recognition (Ewan D. Milne) [RHEL-136289]
+- scsi: st: New session only when Unit Attention for new tape (Ewan D. Milne) [RHEL-136289]
+- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (Ewan D. Milne) [RHEL-136289]
+- scsi: st: Don't modify unknown block number in MTIOCGET (Ewan D. Milne) [RHEL-136289]
+- xfs: rework datasync tracking and execution (CKI Backport Bot) [RHEL-126599]
+- xfs: rearrange code in xfs_inode_item_precommit (CKI Backport Bot) [RHEL-126599]
+- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (Luiz Capitulino) [RHEL-133336]
+- s390: mm: add stub for hugetlb_optimize_vmemmap_key (Luiz Capitulino) [RHEL-133336]
+- x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (Ricardo Robaina) [RHEL-129452]
+- x86/kaslr: Reduce KASLR entropy on most x86 systems (Ricardo Robaina) [RHEL-129452]
+- x86/boot/compressed: Remove unused header includes from kaslr.c (Ricardo Robaina) [RHEL-129452]
+- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (CKI Backport Bot) [RHEL-134363] {CVE-2025-38022}
+- uprobes: Fix race in uprobe_free_utask (Jay Shin) [RHEL-133456]
+- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (CKI Backport Bot) [RHEL-129115] {CVE-2025-40154}
+Resolves: RHEL-121647, RHEL-122759, RHEL-126599, RHEL-129115, RHEL-129452, RHEL-133336, RHEL-133456, RHEL-134363, RHEL-134763, RHEL-136289
+
+* Wed Jan 21 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.30.1.el10_1]
+- io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (Jeff Moyer) [RHEL-129623] {CVE-2025-38453}
+- net: atlantic: fix fragment overflow handling in RX path (CKI Backport Bot) [RHEL-139490] {CVE-2025-68301}
+- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (CKI Backport Bot) [RHEL-139465] {CVE-2025-68305}
+- vsock: Ignore signal/timeout on connect() if already established (CKI Backport Bot) [RHEL-139287] {CVE-2025-40248}
+- net: use dst_dev_rcu() in sk_setup_caps() (Hangbin Liu) [RHEL-129087] {CVE-2025-40170}
+- ipv6: use RCU in ip6_xmit() (Hangbin Liu) [RHEL-129026] {CVE-2025-40135}
+- ipv6: use RCU in ip6_output() (Hangbin Liu) [RHEL-128991] {CVE-2025-40158}
+- net: dst: introduce dst->dev_rcu (Hangbin Liu) [RHEL-129026]
+- net: Add locking to protect skb->dev access in ip_output (Hangbin Liu) [RHEL-129026]
+- net: dst: add four helpers to annotate data-races around dst->dev (Hangbin Liu) [RHEL-129026]
+- eventpoll: don't decrement ep refcount while still holding the ep mutex (CKI Backport Bot) [RHEL-138041] {CVE-2025-38349}
+- fs/proc: fix uaf in proc_readdir_de() (CKI Backport Bot) [RHEL-137101] {CVE-2025-40271}
+- Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (CKI Backport Bot) [RHEL-136972] {CVE-2025-40294}
+- Bluetooth: hci_event: validate skb length for unknown CC opcode (CKI Backport Bot) [RHEL-136951] {CVE-2025-40301}
+- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CKI Backport Bot) [RHEL-136836] {CVE-2025-38568}
+- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CKI Backport Bot) [RHEL-136259] {CVE-2025-40318}
+- devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CKI Backport Bot) [RHEL-134926] {CVE-2025-40251}
+- mptcp: fix race condition in mptcp_schedule_work() (CKI Backport Bot) [RHEL-134451] {CVE-2025-40258}
+- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (CKI Backport Bot) [RHEL-131989] {CVE-2025-37819}
+- drm/xe: Fix vm_bind_ioctl double free bug (Anusha Srivatsa) [RHEL-122312] {CVE-2025-38731}
+Resolves: RHEL-122312, RHEL-128991, RHEL-129026, RHEL-129087, RHEL-129623, RHEL-131989, RHEL-134451, RHEL-134926, RHEL-136259, RHEL-136836, RHEL-136951, RHEL-136972, RHEL-137101, RHEL-138041, RHEL-139287, RHEL-139465, RHEL-139490
+
 * Sat Jan 10 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.29.1.el10_1]
 - gitlab-ci: use rhel10.1 builder image (Michael Hofmann)
 - mm/vmalloc: fix data race in show_numa_info() (Waiman Long) [RHEL-137997] {CVE-2025-38383}
diff --git a/kernel.spec b/kernel.spec
index fd6654639..96221ff30 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -176,15 +176,15 @@ Summary: The Linux kernel
 %define specrpmversion 6.12.0
 %define specversion 6.12.0
 %define patchversion 6.12
-%define pkgrelease 124.29.1
+%define pkgrelease 124.31.1
 %define kversion 6
-%define tarfile_release 6.12.0-124.29.1.el10_1
+%define tarfile_release 6.12.0-124.31.1.el10_1
 # This is needed to do merge window version magic
 %define patchlevel 12
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 124.29.1%{?buildid}%{?dist}
+%define specrelease 124.31.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 6.12.0-124.29.1.el10_1
+%define kabiversion 6.12.0-124.31.1.el10_1
 
 # If this variable is set to 1, a bpf selftests build failure will cause a
 # fatal kernel package build error
@@ -4389,14 +4389,14 @@ fi\
 #
 #
 %changelog
-* Tue Jan 27 2026 Eduard Abdullin <eabdullin@almalinux.org> - 6.12.0-124.29.1
+* Wed Feb 04 2026 Eduard Abdullin <eabdullin@almalinux.org> - 6.12.0-124.31.1
 - Debrand for AlmaLinux OS
 - Use AlmaLinux OS secure boot cert
 
-* Tue Jan 27 2026 Neal Gompa <ngompa@almalinux.org> - 6.12.0-124.29.1
+* Wed Feb 04 2026 Neal Gompa <ngompa@almalinux.org> - 6.12.0-124.31.1
 - Enable Btrfs support for all kernel variants
 
-* Tue Jan 27 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 6.12.0-124.29.1
+* Wed Feb 04 2026 Andrew Lukoshko <alukoshko@almalinux.org> - 6.12.0-124.31.1
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@@ -4407,6 +4407,50 @@ fi\
 - kernel/rh_messages.h: enable all disabled pci devices by moving to
   unmaintained
 
+* Thu Jan 22 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.31.1.el10_1]
+- i40e: support generic devlink param "max_mac_per_vf" (Mohammad Heib) [RHEL-121647]
+- devlink: Add new "max_mac_per_vf" generic device param (Mohammad Heib) [RHEL-121647]
+- i40e: improve VF MAC filters accounting (Mohammad Heib) [RHEL-121647]
+- KVM: arm64: Hide ID_AA64MMFR2_EL1.NV from guest and userspace (Donald Dutile) [RHEL-134763]
+- scsi: st: Skip buffer flush for information ioctls (Ewan D. Milne) [RHEL-136289]
+- scsi: st: Separate st-unique ioctl handling from SCSI common ioctl handling (Ewan D. Milne) [RHEL-136289]
+- scsi: st: Don't set pos_unknown just after device recognition (Ewan D. Milne) [RHEL-136289]
+- scsi: st: New session only when Unit Attention for new tape (Ewan D. Milne) [RHEL-136289]
+- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (Ewan D. Milne) [RHEL-136289]
+- scsi: st: Don't modify unknown block number in MTIOCGET (Ewan D. Milne) [RHEL-136289]
+- xfs: rework datasync tracking and execution (CKI Backport Bot) [RHEL-126599]
+- xfs: rearrange code in xfs_inode_item_precommit (CKI Backport Bot) [RHEL-126599]
+- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (Luiz Capitulino) [RHEL-133336]
+- s390: mm: add stub for hugetlb_optimize_vmemmap_key (Luiz Capitulino) [RHEL-133336]
+- x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (Ricardo Robaina) [RHEL-129452]
+- x86/kaslr: Reduce KASLR entropy on most x86 systems (Ricardo Robaina) [RHEL-129452]
+- x86/boot/compressed: Remove unused header includes from kaslr.c (Ricardo Robaina) [RHEL-129452]
+- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (CKI Backport Bot) [RHEL-134363] {CVE-2025-38022}
+- uprobes: Fix race in uprobe_free_utask (Jay Shin) [RHEL-133456]
+- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (CKI Backport Bot) [RHEL-129115] {CVE-2025-40154}
+
+* Wed Jan 21 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.30.1.el10_1]
+- io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (Jeff Moyer) [RHEL-129623] {CVE-2025-38453}
+- net: atlantic: fix fragment overflow handling in RX path (CKI Backport Bot) [RHEL-139490] {CVE-2025-68301}
+- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (CKI Backport Bot) [RHEL-139465] {CVE-2025-68305}
+- vsock: Ignore signal/timeout on connect() if already established (CKI Backport Bot) [RHEL-139287] {CVE-2025-40248}
+- net: use dst_dev_rcu() in sk_setup_caps() (Hangbin Liu) [RHEL-129087] {CVE-2025-40170}
+- ipv6: use RCU in ip6_xmit() (Hangbin Liu) [RHEL-129026] {CVE-2025-40135}
+- ipv6: use RCU in ip6_output() (Hangbin Liu) [RHEL-128991] {CVE-2025-40158}
+- net: dst: introduce dst->dev_rcu (Hangbin Liu) [RHEL-129026]
+- net: Add locking to protect skb->dev access in ip_output (Hangbin Liu) [RHEL-129026]
+- net: dst: add four helpers to annotate data-races around dst->dev (Hangbin Liu) [RHEL-129026]
+- eventpoll: don't decrement ep refcount while still holding the ep mutex (CKI Backport Bot) [RHEL-138041] {CVE-2025-38349}
+- fs/proc: fix uaf in proc_readdir_de() (CKI Backport Bot) [RHEL-137101] {CVE-2025-40271}
+- Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (CKI Backport Bot) [RHEL-136972] {CVE-2025-40294}
+- Bluetooth: hci_event: validate skb length for unknown CC opcode (CKI Backport Bot) [RHEL-136951] {CVE-2025-40301}
+- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CKI Backport Bot) [RHEL-136836] {CVE-2025-38568}
+- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CKI Backport Bot) [RHEL-136259] {CVE-2025-40318}
+- devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CKI Backport Bot) [RHEL-134926] {CVE-2025-40251}
+- mptcp: fix race condition in mptcp_schedule_work() (CKI Backport Bot) [RHEL-134451] {CVE-2025-40258}
+- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (CKI Backport Bot) [RHEL-131989] {CVE-2025-37819}
+- drm/xe: Fix vm_bind_ioctl double free bug (Anusha Srivatsa) [RHEL-122312] {CVE-2025-38731}
+
 * Sat Jan 10 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [6.12.0-124.29.1.el10_1]
 - gitlab-ci: use rhel10.1 builder image (Michael Hofmann)
 - mm/vmalloc: fix data race in show_numa_info() (Waiman Long) [RHEL-137997] {CVE-2025-38383}
diff --git a/sources b/sources
index e6eb5eb6f..ad70b2286 100644
--- a/sources
+++ b/sources
@@ -1,7 +1,7 @@
 SHA512 (fedoraimaca.x509) = e04809394f4472c17e86d7024dee34f03fb68e82a85502fd5b00535202c72e57626a8376b2cf991b7e1e46404aa5ab8d189ebf320e0dd37d49e7efbc925c7a2e
-SHA512 (kernel-abi-stablelists-6.12.0-124.29.1.el10_1.tar.xz) = db03f45c3acae59b0cc924009531060924932f40c8f92f627eaf6b232675c6dd1387ede3d7f50987a6273aa8327838edf28b901a4da2a3211c0a83eaa67e5935
-SHA512 (kernel-kabi-dw-6.12.0-124.29.1.el10_1.tar.xz) = 7636876256549362bb5ca726bbd9e0c4e2e9ec70ef0fe7519765b0574db09465fe5fc9f1c803f37ff0bcc773cb7ffadef7ffc2503f31d8553e0c5337dd87dd51
-SHA512 (linux-6.12.0-124.29.1.el10_1.tar.xz) = abfa7d6df4a8fd1226eb20219f7faf34612a11a03f20127e907946f4725a55db391776a7bcc6dfae2b9243f00fc5dfd6c4af46edd4bd15351e472f91ca6a483a
+SHA512 (kernel-abi-stablelists-6.12.0-124.31.1.el10_1.tar.xz) = 241ce1af312f92483229c9f877ea207112021e701d3588f2ef9c5149f2c0e374127086eefd61bba5930d40d398dafff855d3c0ab85872b511ddbb684462a7773
+SHA512 (kernel-kabi-dw-6.12.0-124.31.1.el10_1.tar.xz) = ce66addfb8b13d117a19e3b00562b1bf242d5090874eca52ee55e7b3e7f0c315bc86dfc1c0bd94e361e7eee1b10f8a27641677506f40253dc01dc5eb258a6b60
+SHA512 (linux-6.12.0-124.31.1.el10_1.tar.xz) = 07211ca6d44a44e91f72afe5e08c432792343fa8dc084dc67bb2600521ae08c52e1d42bbf693bf316aaf4c759dabe5a0223dd1ecbf0cb2eed3f485534a954875
 SHA512 (nvidiagpuoot001.x509) = b42f836e1cfa07890cb6ca13de9c3950e306c9ec7686c4c09f050bb68869f5d82962b2cd5f3aa0eb7a0f3a3ae54e9c480eafbac5df53aa92c295ff511a8c59fe
 SHA512 (olima1.x509) = 123c26c1d698cc8523845c6e1103b9c72abf855acd225d37baf1f3388a47f912166d6d786fb367fe46de39e011b586ad7f3963aa2e8923da30a6ea9ae0d76ad3
 SHA512 (olimaca1.x509) = 3a779415fad29d6f7250ec97ab1f0a5eb62c351b724feee06b22e17f065bf74a558f32cc524d3222c4485635ae5b9cd5287855c94010fe743b51a4d954340c4c