Commit bd1886d6e4ca for kernel

commit bd1886d6e4ca6b84041d17ba6e11d0f85f7ee1a4
Merge: d0ed69f3e380 1249c01aa421
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Thu Apr 23 17:04:18 2026 -0700

    Merge tag 'v7.1-rc-part2-ksmbd-fixes' of git://git.samba.org/ksmbd

    Pull more smb server updates from Steve French:

     - move fs/smb/common/smbdirect to fs/smb/smbdirect

     - change signature calc to use AES-CMAC library, simpler and faster

     - invalid signature fix

     - multichannel fix

     - open create options fix

     - fix durable handle leak

     - cap maximum lock count to avoid potential denial of service

     - four connection fixes: connection free and session destroy IDA fixes,
       refcount fix, connection leak fix, max_connections off by one fix

     - IPC validation fix

     - fix out of bounds write in getting xattrs

     - fix use after free in durable handle reconnect

     - three ACL fixes: fix potential ACL overflow, harden num_aces check,
       and fix minimum ACE size check

    * tag 'v7.1-rc-part2-ksmbd-fixes' of git://git.samba.org/ksmbd:
      smb: smbdirect: move fs/smb/common/smbdirect/ to fs/smb/smbdirect/
      smb: server: stop sending fake security descriptors
      ksmbd: scope conn->binding slowpath to bound sessions only
      ksmbd: fix CreateOptions sanitization clobbering the whole field
      ksmbd: fix durable fd leak on ClientGUID mismatch in durable v2 open
      ksmbd: fix O(N^2) DoS in smb2_lock via unbounded LockCount
      ksmbd: destroy async_ida in ksmbd_conn_free()
      ksmbd: destroy tree_conn_ida in ksmbd_session_destroy()
      ksmbd: Use AES-CMAC library for SMB3 signature calculation
      ksmbd: reset rcount per connection in ksmbd_conn_wait_idle_sess_id()
      ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment
      ksmbd: use check_add_overflow() to prevent u16 DACL size overflow
      ksmbd: fix use-after-free in smb2_open during durable reconnect
      ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()
      smb: server: fix max_connections off-by-one in tcp accept path
      ksmbd: require minimum ACE size in smb_check_perm_dacl()
      ksmbd: validate response sizes in ipc_validate_msg()
      smb: server: fix active_num_conn leak on transport allocation failure