linux.git/fs, branch master Linux kernel source tree Merge tag 'v7.1-rc4-ksmbd-server-fixes' of git://git.samba.org/ksmbd 2026-05-19T16:49:32+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-19T16:49:32+00:00 1a2ab0feaa23147e347b4d4cb79cb3fc392118eb Pull smb server fixes from Steve French: - Fix two null pointer dereferences and a memory leak * tag 'v7.1-rc4-ksmbd-server-fixes' of git://git.samba.org/ksmbd: ksmbd: fix null pointer dereference in compare_guid_key() ksmbd: fix null pointer dereference in proc_show_files() ksmbd: fix SID memory leak in set_posix_acl_entries_dacl() on overflow 
Pull smb server fixes from Steve French:

 - Fix two null pointer dereferences and a memory leak

* tag 'v7.1-rc4-ksmbd-server-fixes' of git://git.samba.org/ksmbd:
  ksmbd: fix null pointer dereference in compare_guid_key()
  ksmbd: fix null pointer dereference in proc_show_files()
  ksmbd: fix SID memory leak in set_posix_acl_entries_dacl() on overflow
Merge tag 'ntfs-for-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs 2026-05-19T16:47:23+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-19T16:47:23+00:00 0c0b282d502b1fc5a67740ea1d88b90c042d5727 Pull ntfs fixes from Namjae Jeon: - Check the index depth limit via ntfs_icx_parent_inc(), avoiding context corruption from excessively deep child chains - Switch security descriptor allocation to kzalloc() to avoid leaking uninitialized memory - Prevent an inconsistent state where vol->volume_label becomes NULL on allocation failure - Validate MFT records by verifying that attrs_offset sits within bytes_in_use - Fix an off-by-one boundary comparison, correctly catching the out-of-range MFT record number - Validate the attribute name offset and length bounds prior to AT_UNUSED enumeration - Check for a valid left neighbor before runlist merges to prevent an 8byte out-of-bounds write on crafted volumes - Add the missing record comparison against $MFTMirr during mount - Fix wrong inode lookup when writing extent MFT records - Redirty folio on memory allocation failure in ntfs_write_mft_block() - Capture and propagate $MFTMirr sync errors during writeback - Ensure MFT mirror and synchronous writes wait for I/O completion - Fix buffer overflow/heap over-read in ntfs_bdev_write() when cluster size is smaller than PAGE_SIZE - Fix use-after-free in ntfs_inode_sync_filename() when parent index inode is evicted while still holding its mrec_lock - Update resident attribute length validation to match $AttrDef - Fix refcount underflow and UAF of the global upcase table - Fix two smatch warnings * tag 'ntfs-for-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs: ntfs: restore $MFT mirror contents check ntfs: fix empty_buf and ra lifetime bugs in ntfs_empty_logfile() ntfs: validate attribute name bounds before returning it ntfs: fix MFT bitmap scan 2^32 boundary check ntfs: validate MFT attrs_offset against bytes_in_use ntfs: fix missing kstrdup() error check in ntfs_write_volume_label() ntfs: avoid leaking uninitialised bytes in new security descriptors ntfs: fix out-of-bounds write in ntfs_index_walk_down() ntfs: fix out-of-bounds write in ntfs_rl_collapse_range() merge path ntfs: fix variable dereferenced before check ni in ntfs_attr_open() ntfs: fix default_upcase refcount underflow and UAF on fs_context teardown ntfs: match ntfs_resident_attr_min_value_length with $AttrDef ntfs: avoid use-after-free of index inode in ntfs_inode_sync_filename() ntfs: fix copy length in ntfs_bdev_write() for non-page-aligned start ntfs: wait for sync mft writes to complete ntfs: capture mft mirror sync errors in ntfs_write_mft_block() ntfs: redirty folio when ntfs_write_mft_block() runs out of memory ntfs: use base mft_no when looking up base inode for extent record ntfs: fix variable dereferenced before check ni and attr in ntfs_attrlist_entry_add() 
Pull ntfs fixes from Namjae Jeon:

 - Check the index depth limit via ntfs_icx_parent_inc(), avoiding
   context corruption from excessively deep child chains

 - Switch security descriptor allocation to kzalloc() to avoid leaking
   uninitialized memory

 - Prevent an inconsistent state where vol->volume_label becomes NULL on
   allocation failure

 - Validate MFT records by verifying that attrs_offset sits within
   bytes_in_use

 - Fix an off-by-one boundary comparison, correctly catching the
   out-of-range MFT record number

 - Validate the attribute name offset and length bounds prior to
   AT_UNUSED enumeration

 - Check for a valid left neighbor before runlist merges to prevent an
   8byte out-of-bounds write on crafted volumes

 - Add the missing record comparison against $MFTMirr during mount

 - Fix wrong inode lookup when writing extent MFT records

 - Redirty folio on memory allocation failure in ntfs_write_mft_block()

 - Capture and propagate $MFTMirr sync errors during writeback

 - Ensure MFT mirror and synchronous writes wait for I/O completion

 - Fix buffer overflow/heap over-read in ntfs_bdev_write() when cluster
   size is smaller than PAGE_SIZE

 - Fix use-after-free in ntfs_inode_sync_filename() when parent index
   inode is evicted while still holding its mrec_lock

 - Update resident attribute length validation to match $AttrDef

 - Fix refcount underflow and UAF of the global upcase table

 - Fix two smatch warnings

* tag 'ntfs-for-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/ntfs:
  ntfs: restore $MFT mirror contents check
  ntfs: fix empty_buf and ra lifetime bugs in ntfs_empty_logfile()
  ntfs: validate attribute name bounds before returning it
  ntfs: fix MFT bitmap scan 2^32 boundary check
  ntfs: validate MFT attrs_offset against bytes_in_use
  ntfs: fix missing kstrdup() error check in ntfs_write_volume_label()
  ntfs: avoid leaking uninitialised bytes in new security descriptors
  ntfs: fix out-of-bounds write in ntfs_index_walk_down()
  ntfs: fix out-of-bounds write in ntfs_rl_collapse_range() merge path
  ntfs: fix variable dereferenced before check ni in ntfs_attr_open()
  ntfs: fix default_upcase refcount underflow and UAF on fs_context teardown
  ntfs: match ntfs_resident_attr_min_value_length with $AttrDef
  ntfs: avoid use-after-free of index inode in ntfs_inode_sync_filename()
  ntfs: fix copy length in ntfs_bdev_write() for non-page-aligned start
  ntfs: wait for sync mft writes to complete
  ntfs: capture mft mirror sync errors in ntfs_write_mft_block()
  ntfs: redirty folio when ntfs_write_mft_block() runs out of memory
  ntfs: use base mft_no when looking up base inode for extent record
  ntfs: fix variable dereferenced before check ni and attr in ntfs_attrlist_entry_add()
cifs: Fix undefined variables 2026-05-19T00:50:06+00:00 David Howells dhowells@redhat.com 2026-05-18T21:13:09+00:00 8cf8b5ae8e093132b0dce0a932af10c9ef077936 Fix a couple of undefined variables introduced by the patch to fix tearing on ->remote_i_size and ->zero_point. For some reason, make W=1 with gcc doesn't give undefined variable warnings (but clang does). Fixes: 2c8f4742bb76 ("netfs: Fix potential for tearing in ->remote_i_size and ->zero_point") Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202605031459.eX5UbO3K-lkp@intel.com/ Closes: https://lore.kernel.org/oe-kbuild-all/202605021450.ca5QGqLH-lkp@intel.com/ cc: Steve French <sfrench@samba.org> cc: Paulo Alcantara <pc@manguebit.org> cc: Matthew Wilcox <willy@infradead.org> cc: Christian Brauner <brauner@kernel.org> cc: linux-cifs@vger.kernel.org cc: netfs@lists.linux.dev cc: linux-fsdevel@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Fix a couple of undefined variables introduced by the patch to fix tearing
on ->remote_i_size and ->zero_point.  For some reason, make W=1 with gcc
doesn't give undefined variable warnings (but clang does).

Fixes: 2c8f4742bb76 ("netfs: Fix potential for tearing in ->remote_i_size and ->zero_point")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202605031459.eX5UbO3K-lkp@intel.com/
Closes: https://lore.kernel.org/oe-kbuild-all/202605021450.ca5QGqLH-lkp@intel.com/
cc: Steve French <sfrench@samba.org>
cc: Paulo Alcantara <pc@manguebit.org>
cc: Matthew Wilcox <willy@infradead.org>
cc: Christian Brauner <brauner@kernel.org>
cc: linux-cifs@vger.kernel.org
cc: netfs@lists.linux.dev
cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Merge tag 'vfs-7.1-rc5.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs 2026-05-18T14:30:31+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-18T14:30:31+00:00 5dfa01ef37a8b944773aef8dee747cd76dec4234 Pull vfs fixes from Christian Brauner: "This contains a fixes for the current development cycle. Note that AI related review sometimes delays fixes a bit because we find more fixes for the fixes. I might try and send smaller but more fixes PRs if this trend keeps up. - Fix various netfslib bugs - Fix an out-of-bounds write when listing idmappings - Fix the return values in jfs_mkdir() and orangefs_mkdir() - Fix a writeback writeback array overflow in fuse - Fix a forced iversion increment on lazytime timestamp updates - Reject a negative timeval component in kern_select() - Fix error return when vfs_mkdir() fails in the cachefiles code - Fix wrong error code returned for pidns ioctls" * tag 'vfs-7.1-rc5.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (31 commits) cachefiles: Fix error return when vfs_mkdir() fails afs: Fix the locking used by afs_get_link() netfs, afs: Fix write skipping in dir/link writepages netfs: Fix netfs_read_folio() to wait on writeback netfs: Fix folio->private handling in netfs_perform_write() netfs: Fix partial invalidation of streaming-write folio netfs: Fix potential UAF in netfs_unlock_abandoned_read_pages() netfs: Fix leak of request in netfs_write_begin() error handling netfs: Fix early put of sink folio in netfs_read_gaps() netfs: Fix write streaming disablement if fd open O_RDWR netfs: Fix read-gaps to remove netfs_folio from filled folio netfs: Fix potential deadlock in write-through mode netfs: Fix streaming write being overwritten netfs: Defer the emission of trace_netfs_folio() netfs: Fix netfs_invalidate_folio() to clear dirty bit if all changes gone netfs: Fix overrun check in netfs_extract_user_iter() netfs: fix error handling in netfs_extract_user_iter() netfs: Fix potential uninitialised var in netfs_extract_user_iter() netfs: fix VM_BUG_ON_FOLIO() issue in netfs_write_begin() call netfs: Fix zeropoint update where i_size > remote_i_size ... 
Pull vfs fixes from Christian Brauner:
 "This contains a fixes for the current development cycle. Note that AI
  related review sometimes delays fixes a bit because we find more fixes
  for the fixes. I might try and send smaller but more fixes PRs if this
  trend keeps up.

   - Fix various netfslib bugs

   - Fix an out-of-bounds write when listing idmappings

   - Fix the return values in jfs_mkdir() and orangefs_mkdir()

   - Fix a writeback writeback array overflow in fuse

   - Fix a forced iversion increment on lazytime timestamp updates

   - Reject a negative timeval component in kern_select()

   - Fix error return when vfs_mkdir() fails in the cachefiles code

   - Fix wrong error code returned for pidns ioctls"

* tag 'vfs-7.1-rc5.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (31 commits)
  cachefiles: Fix error return when vfs_mkdir() fails
  afs: Fix the locking used by afs_get_link()
  netfs, afs: Fix write skipping in dir/link writepages
  netfs: Fix netfs_read_folio() to wait on writeback
  netfs: Fix folio->private handling in netfs_perform_write()
  netfs: Fix partial invalidation of streaming-write folio
  netfs: Fix potential UAF in netfs_unlock_abandoned_read_pages()
  netfs: Fix leak of request in netfs_write_begin() error handling
  netfs: Fix early put of sink folio in netfs_read_gaps()
  netfs: Fix write streaming disablement if fd open O_RDWR
  netfs: Fix read-gaps to remove netfs_folio from filled folio
  netfs: Fix potential deadlock in write-through mode
  netfs: Fix streaming write being overwritten
  netfs: Defer the emission of trace_netfs_folio()
  netfs: Fix netfs_invalidate_folio() to clear dirty bit if all changes gone
  netfs: Fix overrun check in netfs_extract_user_iter()
  netfs: fix error handling in netfs_extract_user_iter()
  netfs: Fix potential uninitialised var in netfs_extract_user_iter()
  netfs: fix VM_BUG_ON_FOLIO() issue in netfs_write_begin() call
  netfs: Fix zeropoint update where i_size > remote_i_size
  ...
Merge tag 'v7.1-rc4-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 2026-05-15T21:52:17+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-15T21:52:17+00:00 b0662be9131d87d8858d34d6134500e109dff958 Pull smb client fixes from Steve French: - Fix integer overflow in read - Fix smbdirect error cleanup - Multichannel reconnect fix - Add some missing defines and correct some references to protocol spec - Fix oob symlink read * tag 'v7.1-rc4-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: smbdirect: Fix error cleanup in smbdirect_map_sges_from_iter() smb: client: avoid integer overflow in SMB2 READ length check cifs: client: stage smb3_reconfigure() updates and restore ctx on failure smb/client: fix possible infinite loop and oob read in symlink_data() SMB3.1.1: add missing QUERY_DIR info levels 
Pull smb client fixes from Steve French:

 - Fix integer overflow in read

 - Fix smbdirect error cleanup

 - Multichannel reconnect fix

 - Add some missing defines and correct some references to protocol spec

 - Fix oob symlink read

* tag 'v7.1-rc4-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
  smbdirect: Fix error cleanup in smbdirect_map_sges_from_iter()
  smb: client: avoid integer overflow in SMB2 READ length check
  cifs: client: stage smb3_reconfigure() updates and restore ctx on failure
  smb/client: fix possible infinite loop and oob read in symlink_data()
  SMB3.1.1: add missing QUERY_DIR info levels
Merge tag 'ceph-for-7.1-rc4' of https://github.com/ceph/ceph-client 2026-05-15T21:48:09+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-15T21:48:09+00:00 fcbf68d32ff732b78122690e862d260b000e19e2 Pull ceph fixes from Ilya Dryomov: "An important patch from Hristo that squashes a folio reference leak that could lead to OOM kills in CephFS and a number of miscellaneous fixes from Raphael and Slava. All but two are marked for stable" * tag 'ceph-for-7.1-rc4' of https://github.com/ceph/ceph-client: libceph: Fix potential null-ptr-deref in decode_choose_args() libceph: handle rbtree insertion error in decode_choose_args() libceph: Fix potential out-of-bounds access in osdmap_decode() ceph: put folios not suitable for writeback ceph: add ceph_has_realms_with_quotas() check to ceph_quota_update_statfs() libceph: Fix potential out-of-bounds access in __ceph_x_decrypt() ceph: fix BUG_ON in __ceph_build_xattrs_blob() due to stale blob size ceph: fix a buffer leak in __ceph_setxattr() libceph: Fix unnecessarily high ceph_decode_need() for uniform bucket libceph: Fix potential out-of-bounds access in crush_decode() 
Pull ceph fixes from Ilya Dryomov:
 "An important patch from Hristo that squashes a folio reference leak
  that could lead to OOM kills in CephFS and a number of miscellaneous
  fixes from Raphael and Slava.

  All but two are marked for stable"

* tag 'ceph-for-7.1-rc4' of https://github.com/ceph/ceph-client:
  libceph: Fix potential null-ptr-deref in decode_choose_args()
  libceph: handle rbtree insertion error in decode_choose_args()
  libceph: Fix potential out-of-bounds access in osdmap_decode()
  ceph: put folios not suitable for writeback
  ceph: add ceph_has_realms_with_quotas() check to ceph_quota_update_statfs()
  libceph: Fix potential out-of-bounds access in __ceph_x_decrypt()
  ceph: fix BUG_ON in __ceph_build_xattrs_blob() due to stale blob size
  ceph: fix a buffer leak in __ceph_setxattr()
  libceph: Fix unnecessarily high ceph_decode_need() for uniform bucket
  libceph: Fix potential out-of-bounds access in crush_decode()
Merge tag 'for-7.1-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux 2026-05-15T20:22:07+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-15T20:22:07+00:00 a8b0b72255d09bb12ada5620cd6ced91adde5ac8 Pull btrfs fixes from David Sterba: - fixup warning when allocating memory for readahead, __GFP_NOWARN was accidentally dropped when setting mapping constraints - in tracepoint of file sync, fix sleeping in atomic context when handling dentries - harden initial loading of block group on crafted/fuzzed images, iterate all chunk mapping entries unconditionally - fix freeing pages of submitted io after checking for errors - fix incorrect inode size after remount when using fallocate KEEP_SIZE mode (also requires disabled 'no-holes' feature) * tag 'for-7.1-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: fix incorrect i_size after remount caused by KEEP_SIZE prealloc gap btrfs: only release the dirty pages io tree after successful writes btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file() btrfs: always pass __GFP_NOWARN from add_ra_bio_pages() btrfs: fix check_chunk_block_group_mappings() to iterate all chunk maps 
Pull btrfs fixes from David Sterba:

 - fixup warning when allocating memory for readahead, __GFP_NOWARN was
   accidentally dropped when setting mapping constraints

 - in tracepoint of file sync, fix sleeping in atomic context when
   handling dentries

 - harden initial loading of block group on crafted/fuzzed images,
   iterate all chunk mapping entries unconditionally

 - fix freeing pages of submitted io after checking for errors

 - fix incorrect inode size after remount when using fallocate KEEP_SIZE
   mode (also requires disabled 'no-holes' feature)

* tag 'for-7.1-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: fix incorrect i_size after remount caused by KEEP_SIZE prealloc gap
  btrfs: only release the dirty pages io tree after successful writes
  btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file()
  btrfs: always pass __GFP_NOWARN from add_ra_bio_pages()
  btrfs: fix check_chunk_block_group_mappings() to iterate all chunk maps
Merge tag 'xfs-fixes-7.1-rc4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux 2026-05-15T20:17:46+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-15T20:17:46+00:00 663ea69540c8d7ba332c9a3129d7f3cf5de50d9b Pull xfs fixes from Carlos Maiolino: "A few bug fixes, nothing really special stands out" * tag 'xfs-fixes-7.1-rc4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: Fix typo in comment xfs: fix the "limiting open zones" message xfs: flush delalloc blocks on ENOSPC in xfs_trans_alloc_icreate xfs: check da node block pad field during scrub xfs: fix memory leak for data allocated by xfs_zone_gc_data_alloc() xfs: fix memory leak on error in xfs_alloc_zone_info() xfs: check directory data block header padding in scrub xfs: zero directory data block padding on write verification xfs: zero entire directory data block header region at init xfs: remove the meaningless XFS_ALLOC_FLAG_FREEING 
Pull xfs fixes from Carlos Maiolino:
 "A few bug fixes, nothing really special stands out"

* tag 'xfs-fixes-7.1-rc4' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  xfs: Fix typo in comment
  xfs: fix the "limiting open zones" message
  xfs: flush delalloc blocks on ENOSPC in xfs_trans_alloc_icreate
  xfs: check da node block pad field during scrub
  xfs: fix memory leak for data allocated by xfs_zone_gc_data_alloc()
  xfs: fix memory leak on error in xfs_alloc_zone_info()
  xfs: check directory data block header padding in scrub
  xfs: zero directory data block padding on write verification
  xfs: zero entire directory data block header region at init
  xfs: remove the meaningless XFS_ALLOC_FLAG_FREEING
Merge tag 'nfsd-7.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux 2026-05-15T20:11:41+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-15T20:11:41+00:00 56ec2b646de6349c8c8c05c8df17b4d8998c467a Pull nfsd fixes from Chuck Lever: "Fixes for this release: - Correctness fix for the new sunrpc cache netlink protocol Marked for stable: - Correctness fixes for delegated attributes - Prevent an infinite loop when revoking layouts" * tag 'nfsd-7.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux: NFSD: Fix infinite loop in layout state revocation sunrpc: start cache request seqno at 1 to fix netlink GET_REQS nfsd: update mtime/ctime on COPY in presence of delegated attributes nfsd: update mtime/ctime on CLONE in presense of delegated attributes nfsd: fix file change detection in CB_GETATTR nfsd: fix GET_DIR_DELEGATION when VFS leases are disabled 
Pull nfsd fixes from Chuck Lever:
 "Fixes for this release:
   - Correctness fix for the new sunrpc cache netlink protocol

  Marked for stable:
   - Correctness fixes for delegated attributes
   - Prevent an infinite loop when revoking layouts"

* tag 'nfsd-7.1-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
  NFSD: Fix infinite loop in layout state revocation
  sunrpc: start cache request seqno at 1 to fix netlink GET_REQS
  nfsd: update mtime/ctime on COPY in presence of delegated attributes
  nfsd: update mtime/ctime on CLONE in presense of delegated attributes
  nfsd: fix file change detection in CB_GETATTR
  nfsd: fix GET_DIR_DELEGATION when VFS leases are disabled
Merge tag 'block-7.1-20260515' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux 2026-05-15T19:47:00+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-15T19:47:00+00:00 d458a240344c4369bf6f3da203f2779515177738 Pull block fixes from Jens Axboe: - NVMe merge request via Keith: - Fix memory leak on a passthrough integrity mapping failure (Keith) - Hide secrets behind debug option (Hannes) - Fix pci use-after-free for host memory buffer (Chia-Lin Kao) - Fix tcp taregt use-after-free for data digest (Sagi) - Revert a mistaken quirk (Alan Cui) - Fix uevent and controller state race condition (Maurizio) - Fix apple submission queue re-initialization (Nick Chan) - Three fixes for blk-integrity, fixing an issue with the user data mapping and two problems with recomputing number of segments - Two fixes for the iov_iter bounce buffering - Fix for the handling of dead zoned write plugs - ublk max_sectors validation fix, with associated selftest addition * tag 'block-7.1-20260515' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux: nvme-apple: Reset q->sq_tail during queue init block: align down bounces bios block: pass a minsize argument to bio_iov_iter_bounce selftests: ublk: cap nthreads to kernel's actual nr_hw_queues block: fix handling of dead zone write plugs block: bio-integrity: Fix null-ptr-deref in bio_integrity_map_user() block: recompute nr_integrity_segments in blk_insert_cloned_request block: don't overwrite bip_vcnt in bio_integrity_copy_user() nvme: fix race condition between connected uevent and STARTED_ONCE flag Revert "nvme: add quirk NVME_QUIRK_IGNORE_DEV_SUBNQN for 144d:a808" nvmet-tcp: Fix potential UAF when ddgst mismatch nvme-pci: fix use-after-free in nvme_free_host_mem() nvmet-auth: Do not print DH-HMAC-CHAP secrets nvme: fix bio leak on mapping failure nvme: make prp passthrough usage less scary ublk: reject max_sectors smaller than PAGE_SECTORS in parameter validation 
Pull block fixes from Jens Axboe:

 - NVMe merge request via Keith:
     - Fix memory leak on a passthrough integrity mapping failure (Keith)
     - Hide secrets behind debug option (Hannes)
     - Fix pci use-after-free for host memory buffer (Chia-Lin Kao)
     - Fix tcp taregt use-after-free for data digest (Sagi)
     - Revert a mistaken quirk (Alan Cui)
     - Fix uevent and controller state race condition (Maurizio)
     - Fix apple submission queue re-initialization (Nick Chan)

 - Three fixes for blk-integrity, fixing an issue with the user data
   mapping and two problems with recomputing number of segments

 - Two fixes for the iov_iter bounce buffering

 - Fix for the handling of dead zoned write plugs

 - ublk max_sectors validation fix, with associated selftest addition

* tag 'block-7.1-20260515' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux:
  nvme-apple: Reset q->sq_tail during queue init
  block: align down bounces bios
  block: pass a minsize argument to bio_iov_iter_bounce
  selftests: ublk: cap nthreads to kernel's actual nr_hw_queues
  block: fix handling of dead zone write plugs
  block: bio-integrity: Fix null-ptr-deref in bio_integrity_map_user()
  block: recompute nr_integrity_segments in blk_insert_cloned_request
  block: don't overwrite bip_vcnt in bio_integrity_copy_user()
  nvme: fix race condition between connected uevent and STARTED_ONCE flag
  Revert "nvme: add quirk NVME_QUIRK_IGNORE_DEV_SUBNQN for 144d:a808"
  nvmet-tcp: Fix potential UAF when ddgst mismatch
  nvme-pci: fix use-after-free in nvme_free_host_mem()
  nvmet-auth: Do not print DH-HMAC-CHAP secrets
  nvme: fix bio leak on mapping failure
  nvme: make prp passthrough usage less scary
  ublk: reject max_sectors smaller than PAGE_SECTORS in parameter validation