linux.git/fs, branch v6.18-rc2 Linux kernel source tree Merge tag 'exfat-for-6.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat 2025-10-18T17:23:59+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-10-18T17:23:59+00:00 847f242f7a44fba5aab474534fc498033e48fd72 Pull exfat fixes from Namjae Jeon: - Fix out-of-bounds in FS_IOC_SETFSLABEL - Add validation for stream entry size to prevent infinite loop * tag 'exfat-for-6.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat: exfat: fix out-of-bounds in exfat_nls_to_ucs2() exfat: fix improper check of dentry.stream.valid_size 
Pull exfat fixes from Namjae Jeon:

 - Fix out-of-bounds in FS_IOC_SETFSLABEL

 - Add validation for stream entry size to prevent infinite loop

* tag 'exfat-for-6.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/linkinjeon/exfat:
  exfat: fix out-of-bounds in exfat_nls_to_ucs2()
  exfat: fix improper check of dentry.stream.valid_size
Merge tag 'nfs-for-6.18-2' of git://git.linux-nfs.org/projects/anna/linux-nfs 2025-10-18T17:18:48+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-10-18T17:18:48+00:00 2d07c6c2098805054f84ce642587093bb8feaf8c Pull NFS client fixes from Anna Schumaker: - Fix for FlexFiles mirror->dss allocation - Apply delay_retrans to async operations - Check if suid/sgid is cleared after a write when needed - Fix setting the state renewal timer for early mounts after a reboot * tag 'nfs-for-6.18-2' of git://git.linux-nfs.org/projects/anna/linux-nfs: NFS4: Fix state renewals missing after boot NFS: check if suid/sgid was cleared after a write as needed NFS4: Apply delay_retrans to async operations NFSv4/flexfiles: fix to allocate mirror->dss before use 
Pull NFS client fixes from Anna Schumaker:

 - Fix for FlexFiles mirror->dss allocation

 - Apply delay_retrans to async operations

 - Check if suid/sgid is cleared after a write when needed

 - Fix setting the state renewal timer for early mounts after a reboot

* tag 'nfs-for-6.18-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
  NFS4: Fix state renewals missing after boot
  NFS: check if suid/sgid was cleared after a write as needed
  NFS4: Apply delay_retrans to async operations
  NFSv4/flexfiles: fix to allocate mirror->dss before use
Merge tag '6.18-rc1-smb-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 2025-10-18T17:11:32+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-10-18T17:11:32+00:00 4ccb3a800028759b2ba39857cb180589575d7445 Pull smb client fixes from Steve French: "smb client fixes, security and smbdirect improvements, and some minor cleanup: - Important OOB DFS fix - Fix various potential tcon refcount leaks - smbdirect (RDMA) fixes (following up from test event a few weeks ago): - Fixes to improve and simplify handling of memory lifetime of smbdirect_mr_io structures, when a connection gets disconnected - Make sure we really wait to reach SMBDIRECT_SOCKET_DISCONNECTED before destroying resources - Make sure the send/recv submission/completion queues are large enough to avoid ib_post_send() from failing under pressure - convert cifs.ko to use the recommended crypto libraries (instead of crypto_shash), this also can improve performance - Three small cleanup patches" * tag '6.18-rc1-smb-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: (24 commits) smb: client: Consolidate cmac(aes) shash allocation smb: client: Remove obsolete crypto_shash allocations smb: client: Use HMAC-MD5 library for NTLMv2 smb: client: Use MD5 library for SMB1 signature calculation smb: client: Use MD5 library for M-F symlink hashing smb: client: Use HMAC-SHA256 library for SMB2 signature calculation smb: client: Use HMAC-SHA256 library for key generation smb: client: Use SHA-512 library for SMB3.1.1 preauth hash cifs: parse_dfs_referrals: prevent oob on malformed input smb: client: Fix refcount leak for cifs_sb_tlink smb: client: let smbd_destroy() wait for SMBDIRECT_SOCKET_DISCONNECTED smb: move some duplicate definitions to common/cifsglob.h smb: client: let destroy_mr_list() keep smbdirect_mr_io memory if registered smb: client: let destroy_mr_list() call ib_dereg_mr() before ib_dma_unmap_sg() smb: client: call ib_dma_unmap_sg if mr->sgt.nents is not 0 smb: client: improve logic in smbd_deregister_mr() smb: client: improve logic in smbd_register_mr() smb: client: improve logic in allocate_mr_list() smb: client: let destroy_mr_list() remove locked from the list smb: client: let destroy_mr_list() call list_del(&mr->list) ... 
Pull smb client fixes from Steve French:
 "smb client fixes, security and smbdirect improvements, and some minor cleanup:

   - Important OOB DFS fix

   - Fix various potential tcon refcount leaks

   - smbdirect (RDMA) fixes (following up from test event a few weeks
     ago):

      - Fixes to improve and simplify handling of memory lifetime of
        smbdirect_mr_io structures, when a connection gets disconnected

      - Make sure we really wait to reach SMBDIRECT_SOCKET_DISCONNECTED
        before destroying resources

      - Make sure the send/recv submission/completion queues are large
        enough to avoid ib_post_send() from failing under pressure

   - convert cifs.ko to use the recommended crypto libraries (instead of
     crypto_shash), this also can improve performance

   - Three small cleanup patches"

* tag '6.18-rc1-smb-client-fixes' of git://git.samba.org/sfrench/cifs-2.6: (24 commits)
  smb: client: Consolidate cmac(aes) shash allocation
  smb: client: Remove obsolete crypto_shash allocations
  smb: client: Use HMAC-MD5 library for NTLMv2
  smb: client: Use MD5 library for SMB1 signature calculation
  smb: client: Use MD5 library for M-F symlink hashing
  smb: client: Use HMAC-SHA256 library for SMB2 signature calculation
  smb: client: Use HMAC-SHA256 library for key generation
  smb: client: Use SHA-512 library for SMB3.1.1 preauth hash
  cifs: parse_dfs_referrals: prevent oob on malformed input
  smb: client: Fix refcount leak for cifs_sb_tlink
  smb: client: let smbd_destroy() wait for SMBDIRECT_SOCKET_DISCONNECTED
  smb: move some duplicate definitions to common/cifsglob.h
  smb: client: let destroy_mr_list() keep smbdirect_mr_io memory if registered
  smb: client: let destroy_mr_list() call ib_dereg_mr() before ib_dma_unmap_sg()
  smb: client: call ib_dma_unmap_sg if mr->sgt.nents is not 0
  smb: client: improve logic in smbd_deregister_mr()
  smb: client: improve logic in smbd_register_mr()
  smb: client: improve logic in allocate_mr_list()
  smb: client: let destroy_mr_list() remove locked from the list
  smb: client: let destroy_mr_list() call list_del(&mr->list)
  ...
Merge tag 'f2fs-fix-6.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs 2025-10-16T17:58:49+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-10-16T17:58:49+00:00 98ac9cc4b4452ed7e714eddc8c90ac4ae5da1a09 Pull f2fs fixes from Jaegeuk Kim: - fix soft lockupg caused by iput() added in bc986b1d756482a ("fs: stop accessing ->i_count directly in f2fs and gfs2") - fix a wrong block address map on multiple devices Link: https://lore.kernel.org/oe-lkp/202509301450.138b448f-lkp@intel.com [1] * tag 'f2fs-fix-6.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: f2fs: fix wrong block mapping for multi-devices f2fs: don't call iput() from f2fs_drop_inode() 
Pull f2fs fixes from Jaegeuk Kim:

 - fix soft lockupg caused by iput() added in bc986b1d756482a ("fs: stop
   accessing ->i_count directly in f2fs and gfs2")

 - fix a wrong block address map on multiple devices

Link: https://lore.kernel.org/oe-lkp/202509301450.138b448f-lkp@intel.com [1]

* tag 'f2fs-fix-6.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs:
  f2fs: fix wrong block mapping for multi-devices
  f2fs: don't call iput() from f2fs_drop_inode()
Merge tag 'for-6.18-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux 2025-10-16T17:22:38+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-10-16T17:22:38+00:00 9f388a653c8a481cbdbdedca081a1f9f3ba204a2 Pull btrfs fixes from David Sterba: - in tree-checker fix extref bounds check - reorder send context structure to avoid -Wflex-array-member-not-at-end warning - fix extent readahead length for compressed extents - fix memory leaks on error paths (qgroup assign ioctl, zone loading with raid stripe tree enabled) - fix how device specific mount options are applied, in particular the 'ssd' option will be set unexpectedly - fix tracking of relocation state when tasks are running and cancellation is attempted - adjust assertion condition for folios allocated for scrub - remove incorrect assertion checking for block group when populating free space tree * tag 'for-6.18-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: btrfs: send: fix -Wflex-array-member-not-at-end warning in struct send_ctx btrfs: tree-checker: fix bounds check in check_inode_extref() btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST btrfs: fix incorrect readahead expansion length btrfs: do not assert we found block group item when creating free space tree btrfs: do not use folio_test_partial_kmap() in ASSERT()s btrfs: only set the device specific options after devices are opened btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running 
Pull btrfs fixes from David Sterba:

 - in tree-checker fix extref bounds check

 - reorder send context structure to avoid
   -Wflex-array-member-not-at-end warning

 - fix extent readahead length for compressed extents

 - fix memory leaks on error paths (qgroup assign ioctl, zone loading
   with raid stripe tree enabled)

 - fix how device specific mount options are applied, in particular the
   'ssd' option will be set unexpectedly

 - fix tracking of relocation state when tasks are running and
   cancellation is attempted

 - adjust assertion condition for folios allocated for scrub

 - remove incorrect assertion checking for block group when populating
   free space tree

* tag 'for-6.18-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: send: fix -Wflex-array-member-not-at-end warning in struct send_ctx
  btrfs: tree-checker: fix bounds check in check_inode_extref()
  btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST
  btrfs: fix incorrect readahead expansion length
  btrfs: do not assert we found block group item when creating free space tree
  btrfs: do not use folio_test_partial_kmap() in ASSERT()s
  btrfs: only set the device specific options after devices are opened
  btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl
  btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running
Merge tag 'v6.18-rc1-smb-server-fixes' of git://git.samba.org/ksmbd 2025-10-16T17:16:41+00:00 Linus Torvalds torvalds@linux-foundation.org 2025-10-16T17:16:41+00:00 05de41f3e26237bc34822268f958be1820bf968b Pull smb server fixes from Steve French: - Fix RPC hang due to locking bug - Fix for memory leak in read and refcount leak (in session setup) - Minor cleanup * tag 'v6.18-rc1-smb-server-fixes' of git://git.samba.org/ksmbd: ksmbd: fix recursive locking in RPC handle list access smb/server: fix possible refcount leak in smb2_sess_setup() smb/server: fix possible memory leak in smb2_read() smb: server: Use common error handling code in smb_direct_rdma_xmit() 
Pull smb server fixes from Steve French:

 - Fix RPC hang due to locking bug

 - Fix for memory leak in read and refcount leak (in session setup)

 - Minor cleanup

* tag 'v6.18-rc1-smb-server-fixes' of git://git.samba.org/ksmbd:
  ksmbd: fix recursive locking in RPC handle list access
  smb/server: fix possible refcount leak in smb2_sess_setup()
  smb/server: fix possible memory leak in smb2_read()
  smb: server: Use common error handling code in smb_direct_rdma_xmit()
smb: client: Consolidate cmac(aes) shash allocation 2025-10-16T03:10:28+00:00 Eric Biggers ebiggers@kernel.org 2025-10-12T01:57:38+00:00 3c15a6df61bab034b087f00181408b1537a535bb Now that smb3_crypto_shash_allocate() and smb311_crypto_shash_allocate() are identical and only allocate "cmac(aes)", delete the latter and replace the call to it with the former. Reviewed-by: Stefan Metzmacher <metze@samba.org> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> 
Now that smb3_crypto_shash_allocate() and smb311_crypto_shash_allocate()
are identical and only allocate "cmac(aes)", delete the latter and
replace the call to it with the former.

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
smb: client: Remove obsolete crypto_shash allocations 2025-10-16T03:10:28+00:00 Eric Biggers ebiggers@kernel.org 2025-10-12T01:57:37+00:00 2c09630d09c64b6b46e3d59a0031bc1807f742c4 Now that the SMB client accesses MD5, HMAC-MD5, HMAC-SHA256, and SHA-512 only via the library API and not via crypto_shash, allocating crypto_shash objects for these algorithms is no longer necessary. Remove all these allocations, their corresponding kconfig selections, and their corresponding module soft dependencies. Reviewed-by: Stefan Metzmacher <metze@samba.org> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> 
Now that the SMB client accesses MD5, HMAC-MD5, HMAC-SHA256, and SHA-512
only via the library API and not via crypto_shash, allocating
crypto_shash objects for these algorithms is no longer necessary.
Remove all these allocations, their corresponding kconfig selections,
and their corresponding module soft dependencies.

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
smb: client: Use HMAC-MD5 library for NTLMv2 2025-10-16T03:10:28+00:00 Eric Biggers ebiggers@kernel.org 2025-10-12T01:57:36+00:00 395a77b030a878a353465386e8618b5272a480ca For the HMAC-MD5 computations in NTLMv2, use the HMAC-MD5 library instead of a "hmac(md5)" crypto_shash. This is simpler and faster. With the library there's no need to allocate memory, no need to handle errors, and the HMAC-MD5 code is accessed directly without inefficient indirect calls and other unnecessary API overhead. To preserve the existing behavior of NTLMv2 support being disabled when the kernel is booted with "fips=1", make setup_ntlmv2_rsp() check fips_enabled itself. Previously it relied on the error from cifs_alloc_hash("hmac(md5)", &hmacmd5). Reviewed-by: Stefan Metzmacher <metze@samba.org> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> 
For the HMAC-MD5 computations in NTLMv2, use the HMAC-MD5 library
instead of a "hmac(md5)" crypto_shash.  This is simpler and faster.
With the library there's no need to allocate memory, no need to handle
errors, and the HMAC-MD5 code is accessed directly without inefficient
indirect calls and other unnecessary API overhead.

To preserve the existing behavior of NTLMv2 support being disabled when
the kernel is booted with "fips=1", make setup_ntlmv2_rsp() check
fips_enabled itself.  Previously it relied on the error from
cifs_alloc_hash("hmac(md5)", &hmacmd5).

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
smb: client: Use MD5 library for SMB1 signature calculation 2025-10-16T03:10:28+00:00 Eric Biggers ebiggers@kernel.org 2025-10-12T01:57:35+00:00 c04e55b257b42f5eb5a2c5e92ebd043fd75fe3ab Convert cifs_calc_signature() to use the MD5 library instead of a "md5" crypto_shash. This is simpler and faster. With the library there's no need to allocate memory, no need to handle errors, and the MD5 code is accessed directly without inefficient indirect calls and other unnecessary API overhead. To preserve the existing behavior of MD5 signature support being disabled when the kernel is booted with "fips=1", make cifs_calc_signature() check fips_enabled itself. Previously it relied on the error from cifs_alloc_hash("md5", &server->secmech.md5). Reviewed-by: Stefan Metzmacher <metze@samba.org> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Steve French <stfrench@microsoft.com> 
Convert cifs_calc_signature() to use the MD5 library instead of a "md5"
crypto_shash.  This is simpler and faster.  With the library there's no
need to allocate memory, no need to handle errors, and the MD5 code is
accessed directly without inefficient indirect calls and other
unnecessary API overhead.

To preserve the existing behavior of MD5 signature support being
disabled when the kernel is booted with "fips=1", make
cifs_calc_signature() check fips_enabled itself.  Previously it relied
on the error from cifs_alloc_hash("md5", &server->secmech.md5).

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>