[Deepin-Kernel-SIG] [linux 6.18-y] [Upstream] Update kernel base to 6.18.23

[opsiff]

Update kernel base to 6.18.23.

git log --oneline v6.18.22..v6.18.23 | wc
85 740 6003

Summary by Sourcery

Rebase the Deepin linux-6.18.y kernel to v6.18.23 and integrate the associated upstream fixes across MM, networking, filesystems, drivers, and architecture code.

Bug Fixes:

• Improve MIPS TLB uniquification and virtual address bit probing to avoid clashes with wired/global entries and handle 32/64-bit CPUs correctly.
• Harden AF_UNIX garbage collection against races with MSG_PEEK and cyclic graph detection, preventing premature frees and missed cycles.
• Fix various rxrpc and rxgk security handling issues including proper crypto error propagation, bounds checks, key/ticket parsing, and connection state updates.
• Correct RXRPC key parsing and quota accounting for RxKAD/RxGK tokens, including length validation and safe allocations.
• Handle async and error paths correctly in TLS, XFRM, RXRPC, and crypto code to avoid leaks, double-frees, and incorrect device reference management.
• Prevent rfkill event list growth by bounding per-source in-flight events and tracking event counts.
• Fix uinput and vub300 lifetime and state races by introducing proper locking and host freeing order.
• Resolve multiple network driver issues in lan966x, idpf, altera_tse, stmmac, qca_uart, brcmsmac, rt2x00usb, mlx5, and others, covering DMA failures, MTU reload, page-pool handling, and new PCI IDs.
• Tighten Btrfs extent reference handling and tree block freeing logic to return early on mismatches and errors instead of falling through.
• Ensure DAMON sysfs/stat control paths properly recreate/destroy contexts and handle failed asynchronous calls.
• Correct EDAC mc allocation ordering to avoid use of uninitialized device structures.
• Fix X.509 and TPMI parser edge cases, including length and type checks, zeroing of structures, and autonomous UFS capability detection.
• Address mm and filemap races around memory hotplug node states and truncation vs. page mapping, and clean up small utility bugs in dma, modpost, and others.

Enhancements:

• Split Segment Routing IPv6 lwtunnel input/output route caches to avoid dst reference loops and improve caching accuracy.
• Extend rxrpc proc and trace stats (e.g. jumbo window ACK reasons) and adjust call teardown diagnostics.
• Refine Intel PSR2 selective fetch damage tracking to operate on the full display area instead of pipe source size.
• Add mitigation for AMD Zen1 FPDSS bug via a new FP configuration MSR bit and export the corresponding MSR definition.
• Improve workqueue plug handling by restoring pending workqueue queue state when unplugging and kicking the pool.
• Tighten TIPC group ACK handling to ignore stale acknowledgements and only progress on increasing sequence numbers.

Tests:

• No explicit test changes are included in this diff; behavior is validated implicitly by upstream coverage for the 6.18.23 release.

[sourcery-ai]

Reviewer's Guide

Rebase to upstream v6.18.23 and pull in the corresponding stable fixes. The diff updates MIPS TLB uniquification and vmbits probing, tightens UNIX domain GC with MSG_PEEK interaction, hardens rxrpc/rxgk and rxkad crypto/error handling, adjusts several networking and driver subsystems (MPTCP, xfrm, seg6, rfkill, uinput, DMA/drivers) for correctness and robustness, fixes memory hotplug/DAMON and proc/stat accounting, and bumps the kernel version to 6.18.23.

Sequence diagram for UNIX domain GC interaction with MSG_PEEK

sequenceDiagram
    actor App
    participant Sender as unix_sender
    participant Receiver as unix_receiver
    participant GC as unix_gc_worker

    App->>Receiver: recv(MSG_PEEK)
    note right of Receiver: unix_peek_fds()
    Receiver->>Receiver: scm_fp_dup()
    Receiver->>GC: unix_peek_fpl(fpl)
    GC->>GC: READ_ONCE(gc_in_progress)
    alt GC not running
        GC-->>Receiver: return
    else GC running
        GC->>GC: spin_lock(unix_peek_lock)
        GC->>GC: raw_write_seqcount_barrier(unix_peek_seq)
        GC->>GC: spin_unlock(unix_peek_lock)
    end

    note over GC: later, GC run
    GC->>GC: __unix_gc()
    GC->>GC: gc_in_progress = true
    GC->>GC: unix_walk_scc()/unix_walk_scc_fast()

    loop per_SCC
        GC->>GC: unix_scc_dead(scc, fast)
        GC->>GC: seq = read_seqcount_begin(unix_peek_seq)
        GC->>GC: iterate vertices
        GC->>GC: scc_dead = unix_vertex_dead(vertex)
        GC->>GC: if !fast set vertex->index = unix_vertex_grouped_index
        GC->>GC: list_move_tail(vertex, unix_visited_vertices)
        GC->>GC: read_seqcount_retry(unix_peek_seq, seq)?
        alt MSG_PEEK intervened
            GC-->>GC: return false (defer SCC)
        else no_intervention
            alt scc_dead
                GC->>GC: unix_collect_skb(scc, hitlist)
            else not_dead
                GC->>GC: unix_scc_cyclic()
            end
        end
    end

    GC->>GC: gc_in_progress = false
    GC-->>Receiver: GC completes

Loading

Class diagram for MIPS R4K TLB uniquification pipeline

classDiagram
    class cpuinfo_mips {
        int vmbits
    }

    class tlbent {
        <<struct>>
        unsigned long long wired
        unsigned long long global
        unsigned long long asid
        unsigned long long vpn
        unsigned long long pagesz
        unsigned long long index
    }

    class tlb_r4k_helpers {
        +VPN2_SHIFT : int
        +read_c0_entryhi_native() unsigned long long
        +write_c0_entryhi_native(v unsigned long long) void
        +r4k_entry_cmp(a void*, b void*) int
        +r4k_tlb_uniquify_read(tlb_vpns tlbent*, tlbsize int) void
        +r4k_tlb_uniquify_write(tlb_vpns tlbent*, tlbsize int) void
        +r4k_tlb_uniquify() void
    }

    class mmu_hw_regs {
        +read_c0_entryhi() unsigned long
        +write_c0_entryhi(val unsigned long) void
        +read_c0_entryhi_64() unsigned long long
        +write_c0_entryhi_64(val unsigned long long) void
        +read_c0_pagemask() unsigned long long
        +write_c0_pagemask(val unsigned long long) void
        +write_c0_index(val unsigned int) void
        +read_c0_entrylo0() unsigned long long
    }

    class tlb_ops {
        +tlb_read() void
        +tlb_write_indexed() void
        +local_flush_tlb_all() void
        +dump_tlb_all() void
    }

    class cpu_has_flags {
        +cpu_has_64bits : bool
        +cpu_has_tlbinv : bool
    }

    class r4k_tlb_configure {
        +r4k_tlb_configure() void
    }

    cpuinfo_mips --> tlb_r4k_helpers : uses vmbits
    tlb_r4k_helpers --> tlbent : fills
    tlb_r4k_helpers --> mmu_hw_regs : reads_writes
    tlb_r4k_helpers --> tlb_ops : uses
    tlb_r4k_helpers --> cpu_has_flags : checks
    r4k_tlb_configure --> tlb_r4k_helpers : calls r4k_tlb_uniquify()
    r4k_tlb_configure --> cpu_has_flags : if !cpu_has_tlbinv

Loading

Class diagram for IPv6 Segment Routing lwtstate input/output caches

classDiagram
    class seg6_lwt {
        <<struct>>
        dst_cache cache_input
        dst_cache cache_output
        seg6_iptunnel_encap tuninfo[]
    }

    class dst_cache {
        <<struct>>
        +dst_cache_init(cache dst_cache*, gfp gfp_t) int
        +dst_cache_destroy(cache dst_cache*) void
        +dst_cache_get(cache dst_cache*) dst_entry*
        +dst_cache_set_ip6(cache dst_cache*, dst dst_entry*, addr in6_addr*) void
    }

    class seg6_input_core_fn {
        +seg6_input_core(net net*, sk sock*, skb sk_buff*, lwtst lwtunnel_state*) int
    }

    class seg6_output_core_fn {
        +seg6_output_core(net net*, sk sock*, skb sk_buff*) int
    }

    class seg6_build_state_fn {
        +seg6_build_state(net net*, nla nlattr*, ts lwtunnel_state**, cfg lwtunnel_encap_cfg*, extack netlink_ext_ack*) int
    }

    class seg6_destroy_state_fn {
        +seg6_destroy_state(lwt lwtunnel_state*) void
    }

    seg6_input_core_fn --> seg6_lwt : seg6_lwt_lwtunnel(lwtst)
    seg6_output_core_fn --> seg6_lwt : seg6_lwt_lwtunnel(orig_dst->lwtstate)
    seg6_build_state_fn --> seg6_lwt : alloc_embedded
    seg6_destroy_state_fn --> seg6_lwt : seg6_lwt_lwtunnel(lwt)

    seg6_input_core_fn --> dst_cache : cache_input.get,set_ip6
    seg6_output_core_fn --> dst_cache : cache_output.get,set_ip6

    seg6_build_state_fn --> dst_cache : init(cache_input)
    seg6_build_state_fn --> dst_cache : init(cache_output)
    seg6_destroy_state_fn --> dst_cache : destroy(cache_input)
    seg6_destroy_state_fn --> dst_cache : destroy(cache_output)

Loading

File-Level Changes

Change	Details	Files
Rework MIPS R4k TLB uniquification and virtual memory bit probing for correctness across 32/64-bit and CPU features	Introduce native 64-bit EntryHi read/write helpers and a VPN2_SHIFT constant Replace simple VPN array with a structured tlbent table, split uniquification into read/sort/write phases, and sort entries by wired/global/VPN/ASID/page size Mask VPNs with per-entry page masks, ignore 1KiB extension, and generate clash‑free 4KiB mappings while skipping wired and global entries Skip uniquification when CPU supports TLB invalidation (cpu_has_tlbinv) and include new tlbdebug header Generalize cpuinfo_mips.vmbits to be present on all builds and probe vmbits using 64-bit EntryHi when available, defaulting to 31 bits on non‑64‑bit and R3k	arch/mips/mm/tlb-r4k.c arch/mips/kernel/cpu-probe.c arch/mips/kernel/cpu-r3k-probe.c arch/mips/include/asm/cpu-info.h arch/mips/include/asm/mipsregs.h arch/mips/include/asm/cpu-features.h
Tighten UNIX domain socket garbage collection and graph handling, especially around MSG_PEEK and SCC detection	Replace boolean unix_graph_maybe_cyclic/unix_graph_grouped flags with a tri‑state UNIX_GRAPH_* state and track number of cyclic SCCs Add a seqcount and unix_peek_fpl() so MSG_PEEK on SCM fd lists can invalidate GC’s final refcount check and cause SCCs to be deferred Factor SCC liveness checking into unix_scc_dead(), use unix_visited_vertices consistently, and propagate a cyclic_scc count from DFS and fast walk paths Make unix GC choose between full and fast SCC walk based on unix_graph_state, and only run GC when the graph is maybe cyclic or cyclic Hook unix_peek_fpl() from unix_peek_fds() so peeking participates in GC coordination	net/unix/garbage.c net/unix/af_unix.c net/unix/af_unix.h
Harden rxrpc/rxkad/rxgk security, key handling, and diagnostic output	Make all rxkad skcipher encrypt/decrypt paths check and propagate crypto errors instead of ignoring return values, aborting connections appropriately on failure Ensure rxkad_secure_packet initializes variables, bails out early on crypto failure, and rxkad_decrypt_ticket aborts connection when decryption fails Change rxkad response decryption to return errors instead of BUGing on setkey failure, and plumb those errors into response verification Fix rxrpc key and call lifetime: track quotalen incrementally in parsers, allocate rxgk key storage using struct_size_t and cap key/ticket lengths with sanity checks Ensure rxrpc calls are removed from connection list with list_del_rcu, drop call key references in destroy path, and relax setsockopt security-key rejection while keeping server keyring validation Correct rxrpc connection response handling (state checks, choosing freshest response, freeing old responses) and ensure service‑challenging state transitions are serialized Adjust rxgk authenticator and response verification to validate lengths carefully, use correct units, and release rxgk contexts via rxgk_put() Extend rxrpc proc output buffer sizes, switch sprintf to scnprintf, and add a new reason counter (rxrpc_reqack_jumbo_win) with updated stats output and selection logic Avoid double dev_put in xfrm input async paths and ensure device references are dropped on async completion or error; fix xfrm4/xfrm6 transport_finish to dev_put() when async Improve tracing enums and rack timer logging to use correct mode and add a new skb_put_old_response tracepoint	net/rxrpc/rxkad.c net/rxrpc/rxgk.c net/rxrpc/key.c net/rxrpc/proc.c net/rxrpc/call_object.c net/rxrpc/conn_event.c net/rxrpc/io_thread.c net/rxrpc/output.c net/rxrpc/sendmsg.c net/rxrpc/af_rxrpc.c net/rxrpc/server_key.c include/trace/events/rxrpc.h net/rxrpc/ar-internal.h net/xfrm/xfrm_input.c net/ipv4/xfrm4_input.c net/ipv6/xfrm6_input.c
Refine networking core and protocol behavior (MPTCP, SEG6, rfkill, nf_conntrack, TLS, TIPC, nft_ct, sockbuf)	Split seg6 lightweight tunnel dst_cache into separate input and output caches with proper init/destroy and use each in the corresponding path to avoid dst loops Adjust MPTCP subflow initialization to split IPv4 and IPv6 setup (mptcp_subflow_init vs mptcp_subflow_v6_init) and ensure v6 subflow init is called from mptcp_proto_v6_init Change MPTCP PM address management: always allocate an ID when missing, drop the needs_id parameter and helper, and enforce single rx->key vs rx->securities in rxrpc_request_key Cap per‑fd rfkill event queue length with MAX_RFKILL_EVENT and track event_count under mutex, dropping events when overflowing and decrementing on read Make nft_ct_timeout object destruction use kfree_rcu on the underlying timeout to avoid UAF under RCU Fix nf_ct timeout object struct to embed an rcu_head for safe RCU freeing Ensure TLS async encryption error paths don’t double‑decrement encrypt_pending and correctly remove failed records from the pending list Update TIPC group ACK handling to ignore stale acks by checking bc_acked monotonicity Change skb head freeing to always use kfree() instead of a small-head cache, simplifying skbuff head deallocation	net/ipv6/seg6_iptunnel.c net/mptcp/subflow.c net/mptcp/protocol.c net/rfkill/core.c net/netfilter/nft_ct.c include/net/netfilter/nf_conntrack_timeout.h net/tls/tls_sw.c net/tipc/group.c net/core/skbuff.c
Improve driver robustness and resource management across multiple subsystems (uinput, LAN966x, vub300, wireless, Ethernet, mlx5, NFC, I2C, EDAC, TPMI helpers)	In uinput, introduce a spinlock to protect device state, assert input_dev event_lock in event path, move state transitions under the spinlock, and ensure completions are initialized before potential completion paths In lan966x FDMA, check page_pool_create() failure, destroy page pools on allocation errors, rework MTU reload to preserve and later free old pages, and ensure page_pool is destroyed on init failures Fix vub300 MMC host lifetime: switch from devm_mmc_alloc_host to mmc_alloc_host, call mmc_free_host in delete paths and on probe errors, and adjust disconnect order Correct DMA and page pool usage in various drivers: free DMA with proper size in brcmsmac, handle DMA mapping failures and free SKBs in altera_tse, destroy rx page pool on tx alloc failure in lan966x, and fix i2c-imx DMA slave config initialization Fix resource allocation bugs: use usb_interface dev for rt2x00 anchor devm_kmalloc, increment RX error count and return full byte count in qca_uart, allocate recv_skb lazily and reset to NULL in pn533 UART, and ensure vub300 error unwinds free the mmc host Add ConnectX-10 NVLink-C2C PCI ID to mlx5, remove an incorrect ALC897 pin fixup, and reconfigure HDMI block control clocking for HDCP on i.MX8MP Ensure TPMI-based uncore-frequency and Intel SST TurboFreq helpers initialize and zero data structures correctly, gate elc_supported on autonomous UFS enablement, and clear bucket_core_counts In EDAC, initialize device struct before allocating private data to avoid mci use before initialization	drivers/input/misc/uinput.c drivers/net/ethernet/microchip/lan966x/lan966x_fdma.c drivers/mmc/host/vub300.c drivers/net/wireless/broadcom/brcm80211/brcmsmac/dma.c drivers/net/wireless/ralink/rt2x00/rt2x00usb.c drivers/net/ethernet/altera/altera_tse_main.c drivers/net/ethernet/mellanox/mlx5/core/main.c drivers/nfc/pn533/uart.c drivers/i2c/busses/i2c-imx.c drivers/edac/edac_mc.c drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c sound/hda/codecs/realtek/alc662.c drivers/pmdomain/imx/imx8mp-blk-ctrl.c drivers/firmware/thead,th1520-aon.c
Tighten memory management, DAMON, and Btrfs extent reference handling	In online_pages/offline_pages, maintain N_NORMAL_MEMORY node state consistently when adding or removing the last normal zone memory from a node, counting present_pages across zones when offlining In DAMON stat/sysfs, rebuild or destroy stat context safely on enabling/disabling, avoid starting an already-running context, null out the global pointer on stop, and free repeat_call_control when damon_call fails Fix Btrfs extent ref modification paths by simplifying error handling: return -ENOENT when extent data ref key not found, and return early on mod_ref failures instead of using a goto fail; bail out of free_tree_block early based on generation and pin state Adjust filemap_map_pages to recompute end_pgoff from file size before walking page cache to avoid mapping beyond EOF under concurrent truncation	mm/memory_hotplug.c mm/damon/stat.c mm/damon/sysfs.c fs/btrfs/extent-tree.c mm/filemap.c
Refine ARM/x86 platform- and CPU-specific behavior (Zen1 FPDSS mitigation, TPMI, DTS)	Add AMD MSR_AMD64_FP_CFG and program its ZEN1_DENORM_FIX bit in init_amd_zen1(), printing a one-time notice about enabling the FPDSS bug mitigation Update TPMI-based Intel uncore-frequency and SST code as noted above, including masking autonomous UFS disable and correctly setting elc_supported Include DTS updates for several ARM64 boards (Librem5, HiSilicon hi3798cv200, Renesas r8a779g3 Sparrow Hawk, RK3399 Pinebook Pro) to align with upstream v6.18.23, though the functional diff is not shown here	arch/x86/include/asm/msr-index.h arch/x86/kernel/cpu/amd.c drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c arch/arm64/boot/dts/freescale/imx8mq-librem5*.dts arch/arm64/boot/dts/hisilicon/hi3798cv200*.dts arch/arm64/boot/dts/renesas/r8a779g3-sparrow-hawk.dts arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts
Adjust misc core and build plumbing (Makefile version, X.509 parsing, X.509, modpost)	Bump kernel SUBLEVEL from 22 to 23 in the top-level Makefile Harden X.509 keyUsage and basicConstraints extension parsing by checking vlen before verifying tag bytes and ensuring lengths are consistent Drop an unused extra_warn modpost global (mark it attribute((unused))) to silence compiler warnings Simplify Thead TH1520 AON firmware message layout by replacing custom RPC_SET_* byte macros with cpu_to_be16() fields in the struct	Makefile crypto/asymmetric_keys/x509_cert_parser.c scripts/mod/modpost.c include/linux/firmware/thead/thead,th1520-aon.h drivers/firmware/thead,th1520-aon.c

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[Copilot]

Pull request overview

Updates the Deepin 6.18.y kernel tree to upstream v6.18.23, pulling in a broad set of upstream fixes and cleanups across networking, MM, filesystems, drivers, and multiple architectures.

Changes:

• Bump kernel sublevel to 6.18.23 and integrate upstream fixes across core subsystems.
• Apply multiple networking hardening/fixups (AF_UNIX GC, XFRM/TLS/RXRPC/TIPC/MPTCP, netdrivers).
• Apply assorted MM/FS/driver/arch stability fixes (hotplug, DAMON, Btrfs, device drivers, MIPS/x86 changes, DTS updates).

Reviewed changes

Copilot reviewed 81 out of 81 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
sound/hda/codecs/realtek/alc662.c	Drop one board-specific ALC897 quirk
scripts/mod/modpost.c	Silence unused variable warning
net/xfrm/xfrm_user.c	Zero padding / init netlink structs
net/xfrm/xfrm_input.c	Fix async device ref handling
net/unix/garbage.c	AF_UNIX GC race/cycle handling updates
net/unix/af_unix.h	Export unix_peek_fpl() prototype
net/unix/af_unix.c	Call unix_peek_fpl() on MSG_PEEK
net/tls/tls_sw.c	Fix async encryption error cleanup path
net/tipc/group.c	Ignore stale group ACKs
net/rxrpc/server_key.c	Reject keyring set when already configured
net/rxrpc/sendmsg.c	Use resolved key for client call params
net/rxrpc/rxkad.c	Propagate crypto errors; tighten handling
net/rxrpc/rxgk.c	Bounds checks and length validation fixes
net/rxrpc/proc.c	Safer address formatting + stat extension
net/rxrpc/output.c	Add jumbo-window reqack reason
net/rxrpc/key.c	Harden token parsing/quotas; overflow-safe alloc
net/rxrpc/io_thread.c	Guard rxrpc_put_call() on NULL
net/rxrpc/input_rack.c	Fix warning to log correct mode
net/rxrpc/conn_event.c	Fix response handling + skb lifetime
net/rxrpc/call_object.c	RCU-safe call list removal; key_put on destroy
net/rxrpc/ar-internal.h	Extend stat_why_req_ack array size
net/rxrpc/af_rxrpc.c	Adjust setsockopt key/keyring checks
net/rfkill/core.c	Bound in-flight rfkill events per reader
net/netfilter/nft_ct.c	Free timeout object with kfree_rcu()
net/mptcp/subflow.c	Split IPv6 init; register ULP earlier
net/mptcp/protocol.h	Add mptcp_subflow_v6_init() declaration
net/mptcp/protocol.c	Call new IPv6 subflow init hook
net/mptcp/pm_kernel.c	Simplify endpoint ID assignment logic
net/ipv6/xfrm6_input.c	Fix async dev ref put in transport finish
net/ipv6/seg6_iptunnel.c	Split input/output dst caches; fix cleanup
net/ipv4/xfrm4_input.c	Fix async dev ref put in transport finish
net/core/skbuff.c	Simplify skb head free path
net/batman-adv/translation-table.c	Add length overflow checks
net/batman-adv/bridge_loop_avoidance.c	Fix backbone gw ref handling
mm/memory_hotplug.c	Track N_NORMAL_MEMORY state transitions
mm/filemap.c	Avoid truncation race during map_pages
mm/damon/sysfs.c	Free repeat control on damon_call failure
mm/damon/stat.c	Correct context lifecycle + reset pointer
kernel/workqueue.c	Restore pending state when unplugging pwq
include/trace/events/rxrpc.h	Add new trace enums / reqack reason
include/net/netfilter/nf_conntrack_timeout.h	Add rcu_head to nf_ct_timeout
include/linux/firmware/thead/thead,th1520-aon.h	Remove ad-hoc endian RPC macros
fs/btrfs/extent-tree.c	Return early on ref mismatch/errors
drivers/usb/typec/ucsi/ucsi.c	Handle zero connector count defensively
drivers/pmdomain/imx/imx8mp-blk-ctrl.c	HDMI clock bit handling adjustment
drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c	Respect autonomous UFS disable flag
drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c	Zero-init turbo bucket array
drivers/nfc/pn533/uart.c	Fix recv skb allocation/lifetime handling
drivers/net/wireless/ralink/rt2x00/rt2x00usb.c	Fix devm allocation device pointer
drivers/net/wireless/broadcom/brcm80211/brcmsmac/dma.c	Fix DMA free size parameter
drivers/net/ethernet/stmicro/stmmac/chain_mode.c	Correct jumbo buffer mapping length
drivers/net/ethernet/qualcomm/qca_uart.c	Return correct consumed byte count
drivers/net/ethernet/microchip/lan966x/lan966x_fdma.c	Fix page_pool/MTU reload error paths
drivers/net/ethernet/mellanox/mlx5/core/main.c	Add new PCI ID
drivers/net/ethernet/intel/igb/igb_main.c	Adjust NAPI disable ordering
drivers/net/ethernet/intel/idpf/idpf_virtchnl.h	Add transaction lock field
drivers/net/ethernet/intel/idpf/idpf_virtchnl.c	Use dedicated spinlock; async reply size
drivers/net/ethernet/altera/altera_tse_main.c	Free skb on DMA mapping error
drivers/mmc/host/vub300.c	Fix host lifetime + disconnect ordering
drivers/input/misc/uinput.c	Fix request lifetime/state locking
drivers/i2c/busses/i2c-imx.c	Zero-init dma_slave_config
drivers/gpu/drm/i915/gt/intel_engine_heartbeat.c	Fix systole request lifetime races
drivers/gpu/drm/i915/display/intel_psr.c	Use full display area for damage tracking
drivers/firmware/thead,th1520-aon.c	Use cpu_to_be16 for RPC fields
drivers/edac/edac_mc.c	Initialize device before pvt alloc
crypto/asymmetric_keys/x509_cert_parser.c	Fix extension length/type checks order
arch/x86/kernel/cpu/amd.c	Add Zen1 FPDSS mitigation enablement
arch/x86/include/asm/msr-index.h	Define MSR_AMD64_FP_CFG + bit
arch/mips/mm/tlb-r4k.c	Rework TLB uniquification logic
arch/mips/kernel/cpu-r3k-probe.c	Set vmbits for R3K
arch/mips/kernel/cpu-probe.c	Probe vmbits safely for 64-bit CPUs
arch/mips/include/asm/mipsregs.h	Add 64-bit EntryHi accessors
arch/mips/include/asm/cpu-info.h	Make vmbits available on 32-bit too
arch/mips/include/asm/cpu-features.h	Remove legacy vmbits probe define
arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts	Remove WiFi node/pinctrl block
arch/arm64/boot/dts/renesas/r8a779g3-sparrow-hawk.dts	Add reserved-memory TFA region
arch/arm64/boot/dts/hisilicon/hi3798cv200.dtsi	Add dma-ranges
arch/arm64/boot/dts/hisilicon/hi3798cv200-poplar.dts	Fix PCIe reset GPIO polarity
arch/arm64/boot/dts/freescale/imx8mq-librem5.dtsi	Adjust PMIC voltages; drop OPP override
arch/arm64/boot/dts/freescale/imx8mq-librem5-r3.dts	Update OPP microvolt
Makefile	Bump sublevel to 6.18.23

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The MAX_RFKILL_EVENT bound check is off by one: using if (data->event_count++ > MAX_RFKILL_EVENT) allows event_count to reach MAX_RFKILL_EVENT + 1 (e.g., when it was exactly MAX_RFKILL_EVENT before the increment). If the intent is to cap in-flight events at 1000, use a >= check (or increment only after passing the check) so the maximum is enforced correctly.

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from opsiff. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment