cadence: 2026-05-04 weekly upstream watch

[github-actions]

linux-xr Weekly Cadence Report

• Generated: 2026-05-04T13:51:04Z
• Base ref: HEAD (61793367219e)

Carry Set

Order	Patch
1	0007-vesa-dsc-bpp.patch
2	bigscreen-beyond-edid.patch

Upstream Summary

• Upstream ref: refs/remotes/upstream/master (6d35786de281)
• Latest upstream tag: v7.1-rc1
• Merge base: 1f318b96cc84
• Upstream-only commits since merge base: 16627
• Fork-only commits since merge base: 107

Recent Upstream Commits

• 7fd2df204f34 Linux 7.1-rc2
• 0cb2af2ea66a KVM: x86: Fix shadow paging use-after-free due to unexpected GFN
• 0aec99f9bf02 KVM: x86: Fix misleading variable names and add more comments for PIR=>IRR flow
• 33fd0ccd2590 KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty
• 464af6fc2b1d KVM: x86: check for nEPT/nNPT in slow flush hypercalls
• b0aa5e4b087b sh: Fix fallout from ZERO_PAGE consolidation
• ee9dce44362b futex: Drop CLONE_THREAD requirement for private default hash alloc
• 030e8a40fff6 arm64: signal: Preserve POR_EL0 if poe_context is missing
• 4d8e74ad4585 arm64: Reserve an extra page for early kernel mapping
• bb7235e22688 kselftest/arm64: Include <asm/ptrace.h> for user_gcs definition

Recent Fork Commits

• 2b52931c966a Fix installable linux-xr release selection
• 5ff6720afd20 Expand CVE-2026-31431 affected range gate
• 94b818b7a615 ci: keep determinate from publishing kernel tree
• d39c53a322ca ci: generate release checksums
• af492e0da061 docs: add linux-xr source sync runbook
• 136fa17b031f docs: clarify linux-xr build source boundary
• f7e1239fad0c ci: honor manual rt patch selection
• 5a4f9f707231 document CVE and carry rebase checks
• 8daca1353b90 gate selinux security config
• 2502707598b1 ci: keep rpm build repos on baseurl

Security Watch

Item	Status
CVE-2026-31431 default base kernel 6.19.5	vulnerable
CVE-2026-31431 repo backport cve-2026-31431-algif-aead.patch	present
CVE-2026-31431 default build route	repo-backport-applied-by-build
CVE-2026-31431 upstream/mainline fix a664bf3d603d in upstream ref	yes
CVE-2026-31431 6.19.y fix ce42ee423e58 in stable ref	yes

Known fixed floors for this gate include: 5.10.254+, 5.15.204+, 6.1.170+, 6.6.137+, 6.12.85+, 6.18.22+, 6.19.12+, and 7.0+.
For vulnerable 6.19.x bases, build-rpm.sh applies the repo backport when present.

Carry Apply Triage

Target	Ref	Status	Detail
base	HEAD	clean	2/2 patches apply in series order
upstream	refs/remotes/upstream/master	conflict	0007-vesa-dsc-bpp.patch: error: patch failed: drivers/gpu/drm/drm_edid.c:6795
stable	refs/remotes/stable/linux-6.19.y	clean	2/2 patches apply in series order

Stable Summary

• Stable ref: refs/remotes/stable/linux-6.19.y (b9dbb4576bc8)
• Latest stable tag: v6.19.14

Next Actions

1. Resolve any vulnerable, backport-missing, or unknown default build route before release work.
2. Inspect the upstream-only commit list for merge candidates or conflicts.
3. Check whether every patch in xr/patches/series still applies cleanly.
4. Build both generic and RT variants if the carry set is unchanged.
5. Promote only after named-host validation on honey and yoga.