<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/arch/x86, branch master</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>Merge tag 'for-linus-7.2a-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip</title>
<updated>2026-07-03T15:40:58+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-07-03T15:40:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4dbc94bcc2df0c3bba40318c0751a8f487486783'/>
<id>4dbc94bcc2df0c3bba40318c0751a8f487486783</id>
<content type='text'>
Pull xen fixes from Juergen Gross:

 - rename function parameters and a comment related to
   xen_exchange_memory() (Jan Beulich)

 - replace __ASSEMBLY__ with __ASSEMBLER__ (Thomas Huth)

 - add some sanity checking to the Xen pvcalls frontend driver (Michael
   Bommarito)

 - fix error handling in the Xen gntdev driver (Wentao Liang)

 - fix several minor bugs in Xen related drivers (Yousef Alhouseen)

* tag 'for-linus-7.2a-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  x86/Xen: correct commentary and parameter naming of xen_exchange_memory()
  xenbus: reject unterminated directory replies
  xen/gntalloc: validate grant count before allocation
  xen/gntalloc: make grant counters unsigned
  xen/front-pgdir-shbuf: free grant reference head on errors
  xen/gntdev: fix error handling in ioctl
  xen: Replace __ASSEMBLY__ with __ASSEMBLER__ in header files
  xen/pvcalls: bound backend response req_id before indexing rsp[]
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull xen fixes from Juergen Gross:

 - rename function parameters and a comment related to
   xen_exchange_memory() (Jan Beulich)

 - replace __ASSEMBLY__ with __ASSEMBLER__ (Thomas Huth)

 - add some sanity checking to the Xen pvcalls frontend driver (Michael
   Bommarito)

 - fix error handling in the Xen gntdev driver (Wentao Liang)

 - fix several minor bugs in Xen related drivers (Yousef Alhouseen)

* tag 'for-linus-7.2a-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  x86/Xen: correct commentary and parameter naming of xen_exchange_memory()
  xenbus: reject unterminated directory replies
  xen/gntalloc: validate grant count before allocation
  xen/gntalloc: make grant counters unsigned
  xen/front-pgdir-shbuf: free grant reference head on errors
  xen/gntdev: fix error handling in ioctl
  xen: Replace __ASSEMBLY__ with __ASSEMBLER__ in header files
  xen/pvcalls: bound backend response req_id before indexing rsp[]
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'device-id-rework' of git://git.kernel.org/pub/scm/linux/kernel/git/ukleinek/linux</title>
<updated>2026-07-03T06:54:26+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-07-03T06:54:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=d2c9a99135da931377240942d44f3dea104cedb8'/>
<id>d2c9a99135da931377240942d44f3dea104cedb8</id>
<content type='text'>
Pull mod_devicetable.h header split from Uwe Kleine-König:
 "Split &lt;linux/mod_devicetable.h&gt; in per subsystem headers

  &lt;linux/mod_devicetable.h&gt; is included transitively in nearly every
  driver in an x86_64 allmodconfig build of v7.1:

      $ find drivers -name \*.o -not -name \*.mod.o | wc -l
      21330
      $ find drivers -name \*.o.cmd -not -name \*.mod.o.cmd | xargs grep -l mod_devicetable.h | wc -l
      17038

  The result of this mixture of different and unrelated subsystem
  details is that even when touching an obscure device id struct most of
  the kernel needs to be recompiled. Given that each driver typically
  only needs one or two of these structures, splitting into per
  subsystem headers and only including what is really needed reduces the
  amount of needed recompilation.

  This split is implemented in the first commit and then after some
  preparatory work in the following commits, the last two replace
  includes of &lt;linux/mod_devicetable.h&gt; by the actually needed more
  specific headers.

  There are still a few instances left, but the ones with high impact
  (that is in headers that are used a lot) and the easy ones (.c files)
  are handled. These remaining includes will be addressed during the
  next merge window"

* tag 'device-id-rework' of git://git.kernel.org/pub/scm/linux/kernel/git/ukleinek/linux:
  Replace &lt;linux/mod_devicetable.h&gt; by more specific &lt;linux/device-id/*.h&gt; (c files)
  Replace &lt;linux/mod_devicetable.h&gt; by more specific &lt;linux/device-id/*.h&gt; (headers)
  parisc: #include &lt;linux/compiler.h&gt; for unlikely() in &lt;asm/ptrace.h&gt;
  media: em28xx: Add include for struct usb_device_id
  LoongArch: KVM: Add include defining struct cpu_feature
  ALSA: hda/core: Add include defining struct hda_device_id
  usb: dwc2: Add include defining struct pci_device_id
  platform/x86: int3472: Add include defining struct dmi_system_id
  platform/x86: x86-android-tablets: Add include defining struct dmi_system_id
  i2c: Let i2c-core.h include &lt;linux/i2c.h&gt;
  of: Explicitly include &lt;linux/types.h&gt; and &lt;linux/err.h&gt;
  platform/x86: msi-ec: Ensure dmi_system_id is defined
  usb: serial: Include &lt;linux/usb.h&gt; in &lt;linux/usb/serial.h&gt;
  driver core: platform: Include header for struct platform_device_id
  driver: core: Include headers for acpi_device_id and of_device_id for struct device_driver
  media: ti: vpe: #include &lt;linux/platform_device.h&gt; explicitly
  mod_devicetable.h: Split into per subsystem headers
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull mod_devicetable.h header split from Uwe Kleine-König:
 "Split &lt;linux/mod_devicetable.h&gt; in per subsystem headers

  &lt;linux/mod_devicetable.h&gt; is included transitively in nearly every
  driver in an x86_64 allmodconfig build of v7.1:

      $ find drivers -name \*.o -not -name \*.mod.o | wc -l
      21330
      $ find drivers -name \*.o.cmd -not -name \*.mod.o.cmd | xargs grep -l mod_devicetable.h | wc -l
      17038

  The result of this mixture of different and unrelated subsystem
  details is that even when touching an obscure device id struct most of
  the kernel needs to be recompiled. Given that each driver typically
  only needs one or two of these structures, splitting into per
  subsystem headers and only including what is really needed reduces the
  amount of needed recompilation.

  This split is implemented in the first commit and then after some
  preparatory work in the following commits, the last two replace
  includes of &lt;linux/mod_devicetable.h&gt; by the actually needed more
  specific headers.

  There are still a few instances left, but the ones with high impact
  (that is in headers that are used a lot) and the easy ones (.c files)
  are handled. These remaining includes will be addressed during the
  next merge window"

* tag 'device-id-rework' of git://git.kernel.org/pub/scm/linux/kernel/git/ukleinek/linux:
  Replace &lt;linux/mod_devicetable.h&gt; by more specific &lt;linux/device-id/*.h&gt; (c files)
  Replace &lt;linux/mod_devicetable.h&gt; by more specific &lt;linux/device-id/*.h&gt; (headers)
  parisc: #include &lt;linux/compiler.h&gt; for unlikely() in &lt;asm/ptrace.h&gt;
  media: em28xx: Add include for struct usb_device_id
  LoongArch: KVM: Add include defining struct cpu_feature
  ALSA: hda/core: Add include defining struct hda_device_id
  usb: dwc2: Add include defining struct pci_device_id
  platform/x86: int3472: Add include defining struct dmi_system_id
  platform/x86: x86-android-tablets: Add include defining struct dmi_system_id
  i2c: Let i2c-core.h include &lt;linux/i2c.h&gt;
  of: Explicitly include &lt;linux/types.h&gt; and &lt;linux/err.h&gt;
  platform/x86: msi-ec: Ensure dmi_system_id is defined
  usb: serial: Include &lt;linux/usb.h&gt; in &lt;linux/usb/serial.h&gt;
  driver core: platform: Include header for struct platform_device_id
  driver: core: Include headers for acpi_device_id and of_device_id for struct device_driver
  media: ti: vpe: #include &lt;linux/platform_device.h&gt; explicitly
  mod_devicetable.h: Split into per subsystem headers
</pre>
</div>
</content>
</entry>
<entry>
<title>Replace &lt;linux/mod_devicetable.h&gt; by more specific &lt;linux/device-id/*.h&gt; (c files)</title>
<updated>2026-07-03T05:38:17+00:00</updated>
<author>
<name>Uwe Kleine-König (The Capable Hub)</name>
<email>u.kleine-koenig@baylibre.com</email>
</author>
<published>2026-06-30T09:24:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=995832b2cebe6969d1b42635db698803ee31294d'/>
<id>995832b2cebe6969d1b42635db698803ee31294d</id>
<content type='text'>
Replace the #include of &lt;linux/mod_devicetable.h&gt; by the more specific
&lt;linux/device-id/*.h&gt; where applicable. For most cases the include
can be dropped completely, only a few drivers need one or two headers
added.

Acked-by: Danilo Krummrich &lt;dakr@kernel.org&gt;
Acked-by: Takashi Sakamoto &lt;o-takashi@sakamocchi.jp&gt;
Acked-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Link: https://patch.msgid.link/1a3f2007c5c5dcf555c09a4035ce3ae8ef1b6c49.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) &lt;u.kleine-koenig@baylibre.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Replace the #include of &lt;linux/mod_devicetable.h&gt; by the more specific
&lt;linux/device-id/*.h&gt; where applicable. For most cases the include
can be dropped completely, only a few drivers need one or two headers
added.

Acked-by: Danilo Krummrich &lt;dakr@kernel.org&gt;
Acked-by: Takashi Sakamoto &lt;o-takashi@sakamocchi.jp&gt;
Acked-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Link: https://patch.msgid.link/1a3f2007c5c5dcf555c09a4035ce3ae8ef1b6c49.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) &lt;u.kleine-koenig@baylibre.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Replace &lt;linux/mod_devicetable.h&gt; by more specific &lt;linux/device-id/*.h&gt; (headers)</title>
<updated>2026-07-03T05:38:16+00:00</updated>
<author>
<name>Uwe Kleine-König (The Capable Hub)</name>
<email>u.kleine-koenig@baylibre.com</email>
</author>
<published>2026-06-30T09:24:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ecca1d63c1eadbbb38ceab82de0f7adfbc2b465d'/>
<id>ecca1d63c1eadbbb38ceab82de0f7adfbc2b465d</id>
<content type='text'>
&lt;linux/mod_devicetable.h&gt; is included in a many files:

	$ git grep '&lt;linux/mod_devicetable.h&gt;' ef0c9f75a195 | wc -l
	1598

; some of them are widely used headers. To stop mixing up different and
unrelated driver( type)s let the subsystem headers only use the subset
of the recently split &lt;linux/mod_devicetable.h&gt; that are relevant for
them.

The fallout (I hope) is addressed in the previous commits that handle
sources relying on e.g. &lt;linux/i2c.h&gt; pulling in the full legacy header
and thus providing pci_device_id.

Acked-by: Danilo Krummrich &lt;dakr@kernel.org&gt;
Acked-by: Takashi Sakamoto &lt;o-takashi@sakamocchi.jp&gt;
Link: https://patch.msgid.link/199fe46b624ba07fb9bd3e0cd6ff13757932cb5f.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) &lt;u.kleine-koenig@baylibre.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
&lt;linux/mod_devicetable.h&gt; is included in a many files:

	$ git grep '&lt;linux/mod_devicetable.h&gt;' ef0c9f75a195 | wc -l
	1598

; some of them are widely used headers. To stop mixing up different and
unrelated driver( type)s let the subsystem headers only use the subset
of the recently split &lt;linux/mod_devicetable.h&gt; that are relevant for
them.

The fallout (I hope) is addressed in the previous commits that handle
sources relying on e.g. &lt;linux/i2c.h&gt; pulling in the full legacy header
and thus providing pci_device_id.

Acked-by: Danilo Krummrich &lt;dakr@kernel.org&gt;
Acked-by: Takashi Sakamoto &lt;o-takashi@sakamocchi.jp&gt;
Link: https://patch.msgid.link/199fe46b624ba07fb9bd3e0cd6ff13757932cb5f.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) &lt;u.kleine-koenig@baylibre.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/Xen: correct commentary and parameter naming of xen_exchange_memory()</title>
<updated>2026-07-02T06:14:47+00:00</updated>
<author>
<name>Jan Beulich</name>
<email>jbeulich@suse.com</email>
</author>
<published>2026-07-02T06:11:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=fcd245ea7528d50fddffc0fd1308941a9180f5b3'/>
<id>fcd245ea7528d50fddffc0fd1308941a9180f5b3</id>
<content type='text'>
As documented in comments in struct xen_memory_exchange, the input to the
hypercall is a set of MFNs which are to be removed from the domain, plus a
set of PFNs where the newly allocated MFNs are to appear. Present comment
and parameter naming don't correctly reflect that.

Signed-off-by: Jan Beulich &lt;jbeulich@suse.com&gt;
Reviewed-by: Juergen Gross &lt;jgross@suse.com&gt;
Signed-off-by: Juergen Gross &lt;jgross@suse.com&gt;
Message-ID: &lt;7e0c8795-cc60-4b78-8601-6a999739467a@suse.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
As documented in comments in struct xen_memory_exchange, the input to the
hypercall is a set of MFNs which are to be removed from the domain, plus a
set of PFNs where the newly allocated MFNs are to appear. Present comment
and parameter naming don't correctly reflect that.

Signed-off-by: Jan Beulich &lt;jbeulich@suse.com&gt;
Reviewed-by: Juergen Gross &lt;jgross@suse.com&gt;
Signed-off-by: Juergen Gross &lt;jgross@suse.com&gt;
Message-ID: &lt;7e0c8795-cc60-4b78-8601-6a999739467a@suse.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>bpf: Restrict JIT predictor flush to cBPF</title>
<updated>2026-07-01T08:33:38+00:00</updated>
<author>
<name>Pawan Gupta</name>
<email>pawan.kumar.gupta@linux.intel.com</email>
</author>
<published>2026-06-30T05:38:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0bb99f2cfaae6822d734d69722de30af823efdf3'/>
<id>0bb99f2cfaae6822d734d69722de30af823efdf3</id>
<content type='text'>
Currently predictor flush on memory reuse is done for all BPF JIT
allocations, but only cBPF programs can be loaded by an unprivileged user.
eBPF is privileged by default, and flushing predictors for all CPUs on
every eBPF reuse penalizes the common case for no security benefit.

eBPF allocations can be frequent on busy systems, only flush predictors
for cBPF programs. Trampoline and dispatcher allocations also skip the
flush as they are eBPF-only.

Signed-off-by: Pawan Gupta &lt;pawan.kumar.gupta@linux.intel.com&gt;
Acked-by: Daniel Borkmann &lt;daniel@iogearbox.net&gt;
Signed-off-by: Daniel Borkmann &lt;daniel@iogearbox.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Currently predictor flush on memory reuse is done for all BPF JIT
allocations, but only cBPF programs can be loaded by an unprivileged user.
eBPF is privileged by default, and flushing predictors for all CPUs on
every eBPF reuse penalizes the common case for no security benefit.

eBPF allocations can be frequent on busy systems, only flush predictors
for cBPF programs. Trampoline and dispatcher allocations also skip the
flush as they are eBPF-only.

Signed-off-by: Pawan Gupta &lt;pawan.kumar.gupta@linux.intel.com&gt;
Acked-by: Daniel Borkmann &lt;daniel@iogearbox.net&gt;
Signed-off-by: Daniel Borkmann &lt;daniel@iogearbox.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/bugs: Enable IBPB flush on BPF JIT allocation</title>
<updated>2026-07-01T08:33:38+00:00</updated>
<author>
<name>Pawan Gupta</name>
<email>pawan.kumar.gupta@linux.intel.com</email>
</author>
<published>2026-06-30T05:38:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a3af84b0fa00ead01fcd0e28b5d773ff25990a0d'/>
<id>a3af84b0fa00ead01fcd0e28b5d773ff25990a0d</id>
<content type='text'>
Enable hardening against JIT spraying when Spectre-v2 mitigations are in
use. Specifically, issue an IBPB flush on BPF JIT memory reuse. Skip
enabling the IBPB flush if the BPF dispatcher is already using a retpoline
sequence.

This hardening applies only when BPF-JIT is in use. Guard the enabling
under CONFIG_BPF_JIT so that bugs.c still builds with CONFIG_BPF_JIT=n.

Signed-off-by: Pawan Gupta &lt;pawan.kumar.gupta@linux.intel.com&gt;
Acked-by: Daniel Borkmann &lt;daniel@iogearbox.net&gt;
Acked-by: Dave Hansen &lt;dave.hansen@linux.intel.com&gt;
Signed-off-by: Daniel Borkmann &lt;daniel@iogearbox.net&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Enable hardening against JIT spraying when Spectre-v2 mitigations are in
use. Specifically, issue an IBPB flush on BPF JIT memory reuse. Skip
enabling the IBPB flush if the BPF dispatcher is already using a retpoline
sequence.

This hardening applies only when BPF-JIT is in use. Guard the enabling
under CONFIG_BPF_JIT so that bugs.c still builds with CONFIG_BPF_JIT=n.

Signed-off-by: Pawan Gupta &lt;pawan.kumar.gupta@linux.intel.com&gt;
Acked-by: Daniel Borkmann &lt;daniel@iogearbox.net&gt;
Acked-by: Dave Hansen &lt;dave.hansen@linux.intel.com&gt;
Signed-off-by: Daniel Borkmann &lt;daniel@iogearbox.net&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm</title>
<updated>2026-06-25T17:21:13+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-06-25T17:21:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=c75597caada080effbfbc0a7fb10dc2a3bb543ad'/>
<id>c75597caada080effbfbc0a7fb10dc2a3bb543ad</id>
<content type='text'>
Pull kvm fixes from Paolo Bonzini:
 "s390:

   - Fix S390_USER_OPEREXEC so it can now be enabled regardless of other
     unrelated capabilities

   - Fix handling of the _PAGE_UNUSED pte bit that could lead to guest
     memory corruption in some scenarios

   - A bunch of misc gmap fixes (locking, behaviour under memory
     pressure)

   - Fix CMMA dirty tracking

  x86:

   - Tidy up some WARN_ON() and BUG_ON(), replacing them with
     WARN_ON_ONCE() or KVM_BUG_ON(). All of these have obviously never
     triggered, or somebody would have been annoyed earlier, but still...

   - Fix missing interrupt due to stale CR8 intercept

   - Add a statistic that can come in handy to debug leaks as well as
     the vulnerability to a class of recently-discovered issues

   - Do not ask arch/x86/kernel to export
     default_cpu_present_to_apicid() just for KVM"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (22 commits)
  x86/apic: KVM: Use cpu_physical_id() to get APIC ID of running vCPU for AVIC
  KVM: x86/mmu: Expose number of shadow MMU shadow pages as a stat
  KVM: x86: Unconditionally recompute CR8 intercept on PPR update
  KVM: VMX: Grab vmcs12 on CR8 interception update iff vCPU is in guest mode
  KVM: x86: WARN (once) if RTC pending EOI tracking goes off the rails
  KVM: x86: WARN and fail kvm_set_irq() if a PIC or I/O APIC vector is invalid
  KVM: x86: Bug the VM, not the kernel, if the ISR count {under,over}flows
  KVM: x86/mmu: Bug the VM, not the host kernel, if KVM write-protects upper SPTEs
  KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation
  KVM: Replace guest-triggerable BUG_ON() in ioeventfd datamatch with get_unaligned()
  KVM: s390: Return failure in case of failure in kvm_s390_set_cmma_bits()
  KVM: s390: selftests: Fix cmma selftest
  KVM: s390: Fix cmma dirty tracking
  KVM: s390: Fix locking in kvm_s390_set_mem_control()
  KVM: s390: Fix handle_{sske,pfmf} under memory pressure
  KVM: s390: Fix code typo in gmap_protect_asce_top_level()
  KVM: s390: Do not set special large pages dirty
  KVM: s390: Fix dat_peek_cmma() overflow
  s390/mm: Fix handling of _PAGE_UNUSED pte bit
  KVM: s390: Fix typo in UCONTROL documentation
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull kvm fixes from Paolo Bonzini:
 "s390:

   - Fix S390_USER_OPEREXEC so it can now be enabled regardless of other
     unrelated capabilities

   - Fix handling of the _PAGE_UNUSED pte bit that could lead to guest
     memory corruption in some scenarios

   - A bunch of misc gmap fixes (locking, behaviour under memory
     pressure)

   - Fix CMMA dirty tracking

  x86:

   - Tidy up some WARN_ON() and BUG_ON(), replacing them with
     WARN_ON_ONCE() or KVM_BUG_ON(). All of these have obviously never
     triggered, or somebody would have been annoyed earlier, but still...

   - Fix missing interrupt due to stale CR8 intercept

   - Add a statistic that can come in handy to debug leaks as well as
     the vulnerability to a class of recently-discovered issues

   - Do not ask arch/x86/kernel to export
     default_cpu_present_to_apicid() just for KVM"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (22 commits)
  x86/apic: KVM: Use cpu_physical_id() to get APIC ID of running vCPU for AVIC
  KVM: x86/mmu: Expose number of shadow MMU shadow pages as a stat
  KVM: x86: Unconditionally recompute CR8 intercept on PPR update
  KVM: VMX: Grab vmcs12 on CR8 interception update iff vCPU is in guest mode
  KVM: x86: WARN (once) if RTC pending EOI tracking goes off the rails
  KVM: x86: WARN and fail kvm_set_irq() if a PIC or I/O APIC vector is invalid
  KVM: x86: Bug the VM, not the kernel, if the ISR count {under,over}flows
  KVM: x86/mmu: Bug the VM, not the host kernel, if KVM write-protects upper SPTEs
  KVM: x86: Replace BUG_ON() with WARN_ON_ONCE() on "bad" nested GPA translation
  KVM: Replace guest-triggerable BUG_ON() in ioeventfd datamatch with get_unaligned()
  KVM: s390: Return failure in case of failure in kvm_s390_set_cmma_bits()
  KVM: s390: selftests: Fix cmma selftest
  KVM: s390: Fix cmma dirty tracking
  KVM: s390: Fix locking in kvm_s390_set_mem_control()
  KVM: s390: Fix handle_{sske,pfmf} under memory pressure
  KVM: s390: Fix code typo in gmap_protect_asce_top_level()
  KVM: s390: Do not set special large pages dirty
  KVM: s390: Fix dat_peek_cmma() overflow
  s390/mm: Fix handling of _PAGE_UNUSED pte bit
  KVM: s390: Fix typo in UCONTROL documentation
  ...
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'gpio-fixes-for-v7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux</title>
<updated>2026-06-25T16:33:23+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2026-06-25T16:33:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=962528fef90253aeded29cee20a9b6ff3595fed4'/>
<id>962528fef90253aeded29cee20a9b6ff3595fed4</id>
<content type='text'>
Pull gpio fixes from Bartosz Golaszewski:

 - fix locking context with shared GPIOs in gpio-tegra

 - fix IRQ domain leak in error path in gpio-davinci

 - fix returning a potentially uninitialized integer in
   gpiochip_set_multiple()

 - use raw spinlock in gpio-eic-sprd and gpio-sch to address locking
   context issues

 - bail out of probe() if registering the GPIO chip fails in gpio-mlxbf3

 - fix varible type for storing the "ngpios" property in gpio-pisosr

 - fix out-of-bounds pin access in GPIO ACPI

 - make GPIO ACPI core only trigger interrupts on boot that are marked
   as ActiveBoth

 - fix kerneldoc in gpio-tb10x

 - reference the real software node of the cs5535 GPIO controller in
   Geode board file

* tag 'gpio-fixes-for-v7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
  gpio: davinci: fix IRQ domain leak on devm_kzalloc failure
  gpio: tegra: do not call pinctrl for GPIO direction
  gpio: tb10x: fix struct tb10x_gpio kernel-doc
  gpiolib: initialize return value in gpiochip_set_multiple()
  x86/platform/geode: reference the real node of the cs5535 GPIO controller
  gpio: eic-sprd: use raw_spinlock_t in the irq startup path
  gpio: sch: use raw_spinlock_t in the irq startup path
  gpiolib: acpi: Prevent out-of-bounds pin access in OperationRegion handler
  gpiolib: acpi: Add robust bounds-checking for GPIO pin resources
  gpio: mlxbf3: fail probe if gpiochip registration fails
  gpio: pisosr: Read "ngpios" as u32
  gpiolib: acpi: Only trigger ActiveBoth interrupts on boot
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull gpio fixes from Bartosz Golaszewski:

 - fix locking context with shared GPIOs in gpio-tegra

 - fix IRQ domain leak in error path in gpio-davinci

 - fix returning a potentially uninitialized integer in
   gpiochip_set_multiple()

 - use raw spinlock in gpio-eic-sprd and gpio-sch to address locking
   context issues

 - bail out of probe() if registering the GPIO chip fails in gpio-mlxbf3

 - fix varible type for storing the "ngpios" property in gpio-pisosr

 - fix out-of-bounds pin access in GPIO ACPI

 - make GPIO ACPI core only trigger interrupts on boot that are marked
   as ActiveBoth

 - fix kerneldoc in gpio-tb10x

 - reference the real software node of the cs5535 GPIO controller in
   Geode board file

* tag 'gpio-fixes-for-v7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
  gpio: davinci: fix IRQ domain leak on devm_kzalloc failure
  gpio: tegra: do not call pinctrl for GPIO direction
  gpio: tb10x: fix struct tb10x_gpio kernel-doc
  gpiolib: initialize return value in gpiochip_set_multiple()
  x86/platform/geode: reference the real node of the cs5535 GPIO controller
  gpio: eic-sprd: use raw_spinlock_t in the irq startup path
  gpio: sch: use raw_spinlock_t in the irq startup path
  gpiolib: acpi: Prevent out-of-bounds pin access in OperationRegion handler
  gpiolib: acpi: Add robust bounds-checking for GPIO pin resources
  gpio: mlxbf3: fail probe if gpiochip registration fails
  gpio: pisosr: Read "ngpios" as u32
  gpiolib: acpi: Only trigger ActiveBoth interrupts on boot
</pre>
</div>
</content>
</entry>
<entry>
<title>x86/apic: KVM: Use cpu_physical_id() to get APIC ID of running vCPU for AVIC</title>
<updated>2026-06-24T11:52:24+00:00</updated>
<author>
<name>Sean Christopherson</name>
<email>seanjc@google.com</email>
</author>
<published>2026-06-12T18:54:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=098e32cba334da0f3fa8cfd4e022ae7c72341400'/>
<id>098e32cba334da0f3fa8cfd4e022ae7c72341400</id>
<content type='text'>
Use cpu_physical_id() instead of default_cpu_present_to_apicid() when
getting the APIC ID of the pCPU on which a vCPU is running/loaded, as the
kernel has gone way off the rails if a vCPU is loaded on a pCPU that has
been physically removed from the system.  Even if the impossible were to
happen, the absolutely worst case scenario is that hardware will ring the
AIVC doorbell on the wrong pCPU, i.e. a severely broken system will
experience mild performance issues.

Kill off KVM's superfluous kvm_cpu_get_apicid() wrapper along with the
for-KVM export of default_cpu_present_to_apicid(), as they existed purely
for the wonky AVIC usage.

Cc: Kai Huang &lt;kai.huang@intel.com&gt;
Cc: Yosry Ahmed &lt;yosry@kernel.org&gt;
Signed-off-by: Sean Christopherson &lt;seanjc@google.com&gt;
Acked-by: Naveen N Rao (AMD) &lt;naveen@kernel.org&gt;
Reviewed-by: Kai Huang &lt;kai.huang@intel.com&gt;
Reviewed-by: Yosry Ahmed &lt;yosry@kernel.org&gt;
Message-ID: &lt;20260612185459.591892-1-seanjc@google.com&gt;
Signed-off-by: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Use cpu_physical_id() instead of default_cpu_present_to_apicid() when
getting the APIC ID of the pCPU on which a vCPU is running/loaded, as the
kernel has gone way off the rails if a vCPU is loaded on a pCPU that has
been physically removed from the system.  Even if the impossible were to
happen, the absolutely worst case scenario is that hardware will ring the
AIVC doorbell on the wrong pCPU, i.e. a severely broken system will
experience mild performance issues.

Kill off KVM's superfluous kvm_cpu_get_apicid() wrapper along with the
for-KVM export of default_cpu_present_to_apicid(), as they existed purely
for the wonky AVIC usage.

Cc: Kai Huang &lt;kai.huang@intel.com&gt;
Cc: Yosry Ahmed &lt;yosry@kernel.org&gt;
Signed-off-by: Sean Christopherson &lt;seanjc@google.com&gt;
Acked-by: Naveen N Rao (AMD) &lt;naveen@kernel.org&gt;
Reviewed-by: Kai Huang &lt;kai.huang@intel.com&gt;
Reviewed-by: Yosry Ahmed &lt;yosry@kernel.org&gt;
Message-ID: &lt;20260612185459.591892-1-seanjc@google.com&gt;
Signed-off-by: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
