The Linux kernel
e299ce43fd
* Sat Jan 17 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-662.el9]
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (CKI Backport Bot) [RHEL-139463] {CVE-2025-68305}
- Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 (Guillaume Nault) [RHEL-138491]
- net: ethtool: update set_rxfh_indir to use ethtool_get_rx_ring_count helper (Ivan Vecera) [RHEL-132646]
- net: ethtool: update set_rxfh to use ethtool_get_rx_ring_count helper (Ivan Vecera) [RHEL-132646]
- net: ethtool: add get_rx_ring_count callback to optimize RX ring queries (Ivan Vecera) [RHEL-132646]
- net: ethtool: remove the duplicated handling from ethtool_get_rxrings (Ivan Vecera) [RHEL-132646]
- net: ethtool: add support for ETHTOOL_GRXRINGS ioctl (Ivan Vecera) [RHEL-132646]
- net: ethtool: pass the num of RX rings directly to ethtool_copy_validate_indir (Ivan Vecera) [RHEL-132646]
- net: openvswitch: Avoid needlessly taking the RTNL on vport destroy (Adrian Moreno) [RHEL-137482]
- powercap: intel_rapl: Add support for Wildcat Lake platform (CKI Backport Bot) [RHEL-95625]
- Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (CKI Backport Bot) [RHEL-136967] {CVE-2025-40294}
- net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CKI Backport Bot) [RHEL-136823] {CVE-2025-38568}
- net/handshake: Fix memory leak in tls_handshake_accept() (Olga Kornievskaia) [RHEL-134735]
- NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() (Olga Kornievskaia) [RHEL-134735]
- NFS: sysfs: fix leak when nfs_client kobject add fails (Olga Kornievskaia) [RHEL-134735]
- pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS (Olga Kornievskaia) [RHEL-134735]
- pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() (Olga Kornievskaia) [RHEL-134735]
- NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (Olga Kornievskaia) [RHEL-134735]
- NFSD: Skip close replay processing if XDR encoding fails (Olga Kornievskaia) [RHEL-134735]
- NFSD: Encode COMPOUND operation status on page boundaries (Olga Kornievskaia) [RHEL-134735]
- NFSD: free copynotify stateid in nfs4_free_ol_stateid() (Olga Kornievskaia) [RHEL-134735]
- NFSD: Fix crash in nfsd4_read_release() (Olga Kornievskaia) [RHEL-134735]
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Olga Kornievskaia) [RHEL-134735]
- NFSv4.1: fix backchannel max_resp_sz verification check (Olga Kornievskaia) [RHEL-134735]
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (Olga Kornievskaia) [RHEL-134735]
- sunrpc: fix null pointer dereference on zero-length checksum (Olga Kornievskaia) [RHEL-134735]
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CKI Backport Bot) [RHEL-136257] {CVE-2025-40318}
- net: vlan: sync VLAN features with lower device (CKI Backport Bot) [RHEL-80409]
- mptcp: fix race condition in mptcp_schedule_work() (CKI Backport Bot) [RHEL-134449] {CVE-2025-40258}
- sctp: avoid NULL dereference when chunk data buffer is missing (CKI Backport Bot) [RHEL-134005] {CVE-2025-40240}
- inetpeer: do not get a refcount in inet_getpeer() (Guillaume Nault) [RHEL-116117]
- inetpeer: update inetpeer timestamp in inet_getpeer() (Guillaume Nault) [RHEL-116117]
- inetpeer: remove create argument of inet_getpeer() (Guillaume Nault) [RHEL-116117]
- inetpeer: remove create argument of inet_getpeer_v[46]() (Guillaume Nault) [RHEL-116117]
- ipv4/route: avoid unused-but-set-variable warning (Guillaume Nault) [RHEL-116117]
- net: vxlan: prevent NULL deref in vxlan_xmit_one (Antoine Tenart) [RHEL-133365]
- openvswitch: Stricter validation for the userspace action (Paolo Valerio) [RHEL-115648]
- openvswitch: Fix unsafe attribute parsing in output_userspace() (Paolo Valerio) [RHEL-115648]
- net: openvswitch: fix nested key length validation in the set() action (Paolo Valerio) [RHEL-115648]
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (Paolo Valerio) [RHEL-115648]
- openvswitch: fix lockup on tx to unregistering netdev with carrier (Paolo Valerio) [RHEL-115648]
- ethtool: Don't check for RXFH fields conflict when no input_xfrm is requested (Ivan Vecera) [RHEL-127561]
- net: ethtool: don't mux RXFH via rxnfc callbacks (Ivan Vecera) [RHEL-127561]
- eth: hns3: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: hinic: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: nfp: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: mlx5: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: qede: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: benet: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: sfc: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: sfc: siena: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: sfc: falcon: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: sxgbe: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: dpaa2: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: dpaa: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: niu: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: otx2: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: thunder: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: ena: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: bnxt: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: bnx2x: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: iavf: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: ice: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: i40e: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: fm10k: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: ixgbe: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: igc: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: igb: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: e1000e: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: lan743x: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: cxgb4: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: cisco: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: gianfar: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- net: drv: hyperv: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- net: drv: virtio: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- net: drv: vmxnet3: migrate to new RXFH callbacks (Ivan Vecera) [RHEL-127561]
- eth: remove empty RXFH handling from drivers (Ivan Vecera) [RHEL-127561]
- net: ethtool: add dedicated callbacks for getting and setting rxfh fields (Ivan Vecera) [RHEL-127561]
- net: ethtool: require drivers to opt into the per-RSS ctx RXFH (Ivan Vecera) [RHEL-127561]
- net: ethtool: remove the duplicated handling from rxfh and rxnfc (Ivan Vecera) [RHEL-127561]
- net: ethtool: copy the rxfh flow handling (Ivan Vecera) [RHEL-127561]
- net: ethtool: mm: reset verification status when link is down (Ivan Vecera) [RHEL-127569]
- net: ethtool: mm: extract stmmac verification logic into common library (Ivan Vecera) [RHEL-127569]
- net: use dst_dev_rcu() in sk_setup_caps() (Hangbin Liu) [RHEL-129085] {CVE-2025-40170}
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (Hangbin Liu) [RHEL-129085]
- net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (Hangbin Liu) [RHEL-129085]
- ipv6: use RCU in ip6_xmit() (Hangbin Liu) [RHEL-129022] {CVE-2025-40135}
- ipv6: use RCU in ip6_output() (Hangbin Liu) [RHEL-128985] {CVE-2025-40158}
- net: dst: introduce dst->dev_rcu (Hangbin Liu) [RHEL-128985]
- ipv4: use RCU protection in __ip_rt_update_pmtu() (Hangbin Liu) [RHEL-128985]
- net: Add locking to protect skb->dev access in ip_output (Hangbin Liu) [RHEL-128985]
- net: dst: add four helpers to annotate data-races around dst->dev (Hangbin Liu) [RHEL-128985]
- bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (Hangbin Liu) [RHEL-128985]
- vrf: Fix lockdep splat in output path (Hangbin Liu) [RHEL-128985]
- ipv6: remove nexthop_fib6_nh_bh() (Hangbin Liu) [RHEL-128985]
- net: remove rcu_dereference_bh_rtnl() (Hangbin Liu) [RHEL-128985]
- neighbour: switch to standard rcu, instead of rcu_bh (Hangbin Liu) [RHEL-128985]
- ipv6: flowlabel: do not disable BH where not needed (Hangbin Liu) [RHEL-128985]
- ipv6: remove one read_lock()/read_unlock() pair in rt6_check_neigh() (Hangbin Liu) [RHEL-128985]
- neigh: introduce neigh_confirm() helper function (Hangbin Liu) [RHEL-128985]
- net: Prevent use after free in netif_napi_set_irq_locked() (Petr Oros) [RHEL-83023]
- net: move aRFS rmap management and CPU affinity to core (Petr Oros) [RHEL-83023]
- xfrm: Check inner packet family directly from skb_dst (Hangbin Liu) [RHEL-95005]
- xfrm: fix offloading of cross-family tunnels (Hangbin Liu) [RHEL-95005]
- udp: also consider secpath when evaluating ipsec use for checksumming (Hangbin Liu) [RHEL-95005]
- xfrm: restore GSO for SW crypto (Hangbin Liu) [RHEL-95005]
- xfrm: always initialize offload path (Hangbin Liu) [RHEL-95005]
- xfrm: check for PMTU in tunnel mode for packet offload (Hangbin Liu) [RHEL-95005]
- xfrm: provide common xdo_dev_offload_ok callback implementation (Hangbin Liu) [RHEL-95005]
- xfrm: rely on XFRM offload (Hangbin Liu) [RHEL-95005]
- xfrm: simplify SA initialization routine (Hangbin Liu) [RHEL-95005]
- xfrm: delay initialization of offload path till its actually requested (Hangbin Liu) [RHEL-95005]
Resolves: RHEL-115648, RHEL-116117, RHEL-127561, RHEL-127569, RHEL-128985, RHEL-129022, RHEL-129085, RHEL-132646, RHEL-133365, RHEL-134005, RHEL-134449, RHEL-134735, RHEL-136257, RHEL-136823, RHEL-136967, RHEL-137482, RHEL-138491, RHEL-139463, RHEL-80409, RHEL-83023, RHEL-95005, RHEL-95625
Signed-off-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>
|
||
|---|---|---|
| .gitignore | ||
| check-kabi | ||
| cpupower.config | ||
| cpupower.service | ||
| dracut-virt.conf | ||
| filter-aarch64.sh.rhel | ||
| filter-armv7hl.sh.rhel | ||
| filter-modules.sh.rhel | ||
| filter-ppc64le.sh.rhel | ||
| filter-s390x.sh.rhel | ||
| filter-x86_64.sh.rhel | ||
| gating.yaml | ||
| generate_all_configs.sh | ||
| kernel-aarch64-64k-debug-rhel.config | ||
| kernel-aarch64-64k-rhel.config | ||
| kernel-aarch64-debug-rhel.config | ||
| kernel-aarch64-rhel.config | ||
| kernel-aarch64-rt-64k-debug-rhel.config | ||
| kernel-aarch64-rt-64k-rhel.config | ||
| kernel-aarch64-rt-debug-rhel.config | ||
| kernel-aarch64-rt-rhel.config | ||
| kernel-local | ||
| kernel-ppc64le-debug-rhel.config | ||
| kernel-ppc64le-rhel.config | ||
| kernel-s390x-debug-rhel.config | ||
| kernel-s390x-rhel.config | ||
| kernel-s390x-zfcpdump-rhel.config | ||
| kernel-x86_64-debug-rhel.config | ||
| kernel-x86_64-rhel.config | ||
| kernel-x86_64-rt-debug-rhel.config | ||
| kernel-x86_64-rt-rhel.config | ||
| kernel.changelog | ||
| kernel.sbat.template | ||
| kernel.spec | ||
| kvm_stat.logrotate | ||
| linux-kernel-test.patch | ||
| Makefile.rhelver | ||
| merge.pl | ||
| mod-denylist.sh | ||
| mod-extra.list.rhel | ||
| mod-internal.list | ||
| mod-partner.list | ||
| mod-sign.sh | ||
| Module.kabi_aarch64 | ||
| Module.kabi_dup_aarch64 | ||
| Module.kabi_dup_ppc64le | ||
| Module.kabi_dup_s390x | ||
| Module.kabi_dup_x86_64 | ||
| Module.kabi_ppc64le | ||
| Module.kabi_s390x | ||
| Module.kabi_x86_64 | ||
| nvidiagpuoot001.x509 | ||
| parallel_xz.sh | ||
| partial-kgcov-snip.config | ||
| patch-5.14-redhat.patch | ||
| process_configs.sh | ||
| README.rst | ||
| redhatsecureboot504.cer | ||
| rheldup3.x509 | ||
| rhelima_centos.x509 | ||
| rhelima.x509 | ||
| rhelimaca1.x509 | ||
| rhelkpatch1.x509 | ||
| rpminspect.yaml | ||
| sources | ||
| uki_addons.json | ||
| uki_create_addons.py | ||
| update_scripts.sh | ||
| x509.genkey.centos | ||
| x509.genkey.rhel | ||
=================== The Kernel dist-git =================== The kernel is maintained in a `source tree`_ rather than directly in dist-git. The specfile is maintained as a `template`_ in the source tree along with a set of build scripts to generate configurations, (S)RPMs, and to populate the dist-git repository. The `documentation`_ for the source tree covers how to contribute and maintain the tree. If you're looking for the downstream patch set it's available in the source tree with "git log master..ark-patches" or `online`_. Each release in dist-git is tagged in the source repository so you can easily check out the source tree for a build. The tags are in the format name-version-release, but note release doesn't contain the dist tag since the source can be built in different build roots (Fedora, CentOS, etc.) .. _source tree: https://gitlab.com/cki-project/kernel-ark.git .. _template: https://gitlab.com/cki-project/kernel-ark/-/blob/os-build/redhat/kernel.spec.template .. _documentation: https://gitlab.com/cki-project/kernel-ark/-/wikis/home .. _online: https://gitlab.com/cki-project/kernel-ark/-/commits/ark-patches