Rong Zhang [Thu, 26 Mar 2026 19:19:50 +0000 (03:19 +0800)]
hwmon: Add label support for 64-bit energy attributes
Since commit 0bcd01f757bc ("hwmon: Introduce 64-bit energy attribute
support"), devices can report 64-bit energy values by selecting the
sensor type "energy64". However, such sensors can't report their labels
since is_string_attr() was not updated to match it.
Add label support for 64-bit energy attributes by updating
is_string_attr() to match hwmon_energy64 in addition to hwmon_energy.
Guenter Roeck [Fri, 20 Mar 2026 14:45:55 +0000 (07:45 -0700)]
hwmon: (pmbus_core) Use guard() for mutex protection
Simplify the code by using guard() and scoped_guard() instead of
mutex_lock()/mutex_unlock() sequences.
This patch changes semantics for debugfs accesses. Previously, those
used mutex_lock_interruptible() and not mutex_lock(). This change is
intentional and should have little if any impact since locks should not
be held for a significant amount of time and debugfs accesses are less
critical than sysfs accesses (which never used interruptable locks).
Dawei Liu [Wed, 25 Mar 2026 09:02:08 +0000 (17:02 +0800)]
hwmon: (pmbus/isl68137) Add support for Renesas RAA228942 and RAA228943
Add I2C device IDs for Renesas RAA228942 and RAA228943.
At the Linux PMBus hwmon interface level currently supported by this
driver, these devices are compatible with the existing 2-rail non-TC
controllers, so devicetree will use fallback compatibles and no
dedicated OF match entries are needed.
Dawei Liu [Wed, 25 Mar 2026 09:02:07 +0000 (17:02 +0800)]
dt-bindings: hwmon: isl68137: Add compatible strings for RAA228942 and RAA228943
RAA228942 and RAA228943 are Renesas digital dual-output
16-phase (X+Y <= 16) PWM controllers with 2-rail non-TC
driver configuration. At the PMBus hwmon interface level,
they are compatible with existing 2-rail non-TC controllers
and use renesas,raa228244 as fallback compatible
Flaviu Nistor [Sun, 22 Mar 2026 16:26:16 +0000 (18:26 +0200)]
hwmon: lm75: Add support for label
Add support for label sysfs attribute similar to other hwmon devices.
This is particularly useful for systems with multiple sensors on the
same board, where identifying individual sensors is much easier since
labels can be defined via device tree.
Markus Hoffmann [Sun, 22 Mar 2026 10:33:01 +0000 (10:33 +0000)]
hwmon: (it87) Add support for IT8689E
Add support for the ITE IT8689E Super I/O chip. The IT8689E supports
newer autopwm, 12mV ADC, 16-bit fans, six fans, six PWM channels,
PWM frequency 2, six temperature inputs, AVCC3, temperature offset,
and fan on/off control.
Give it8689 its own GPIO configuration block in it87_find() rather
than sharing the it8620/it8628 block. The shared block reads
IT87_SIO_PINX2_REG and either marks IN3 as internal AVCC or skips
IN9. Because it8689 declares FEAT_AVCC3, IN9 is already marked as
always-internal before the GPIO block is reached; applying the PINX2
check would either create duplicate AVCC labels on IN3 and IN9 or
incorrectly skip IN9.
Also update Documentation/hwmon/it87.rst and drivers/hwmon/Kconfig to
document the newly supported chip.
Sanman Pradhan [Sat, 21 Mar 2026 18:12:05 +0000 (18:12 +0000)]
hwmon: (pmbus/max31785) check for partial i2c_transfer in read_long_data
i2c_transfer() returns the number of messages successfully
transferred, not only a negative errno on failure. When called with
two messages (write command byte followed by a read of the 4-byte
response), a return value of 1 means the command write succeeded but
the read did not complete. In that case, rspbuf remains uninitialized
and must not be interpreted as valid data.
Treat any return value other than ARRAY_SIZE(msg) as an error, and
return -EIO for partial completion. Also return 0 on success instead
of the message count, since the caller only needs to distinguish
success from failure.
Sanman Pradhan [Sat, 21 Mar 2026 18:11:47 +0000 (18:11 +0000)]
hwmon: (pmbus/max31785) use access_delay for PMBus-mediated accesses
The MAX31785 driver currently uses driver-local wrappers around PMBus
core accesses to enforce a 250us inter-access delay needed to work
around occasional NACKs from the device. This duplicates the PMBus
core delay mechanism already provided by pmbus_driver_info.access_delay
and adds unnecessary complexity.
Replace the PMBus wrapper approach with access_delay for normal
PMBus-mediated accesses, while keeping the minimal local delay handling
needed for raw pre-probe SMBus operations.
For the raw i2c_transfer() long-read path, use pmbus_wait() and
pmbus_update_ts() to keep the PMBus core timing state consistent with
the raw transfer.
Also:
- allow PMBUS_FAN_CONFIG_12 physical-page accesses to fall back to the
PMBus core, while remapping only virtual pages
- use pmbus_update_fan() directly for fan configuration updates
- use the delayed raw read helper for MFR_REVISION during probe
- add a final max31785_wait() before pmbus_do_probe() to bridge the
timing gap between pre-probe accesses and PMBus core registration
- rename 'virtual' to 'vpage', 'driver_data' to 'data', and drop the
unused to_max31785_data() macro
Sanman Pradhan [Sat, 21 Mar 2026 18:11:30 +0000 (18:11 +0000)]
hwmon: (pmbus) export pmbus_wait and pmbus_update_ts
Export pmbus_wait() and pmbus_update_ts() so that PMBus device
drivers which perform raw I2C transfers outside the core helpers
can keep the PMBus core delay bookkeeping in sync.
Move PMBUS_OP_WRITE and PMBUS_OP_PAGE_CHANGE from pmbus_core.c to
pmbus.h so device drivers can pass the correct operation type flags
to pmbus_update_ts().
This is needed by the max31785 driver, which performs raw
i2c_transfer() calls for its 4-byte extended fan speed reads that
cannot use the standard PMBus word read path.
Drops the remove callback as it only asserts reset and the probe already
registers a devres action (devm_add_action_or_reset()) to call
aspeed_pwm_tach_reset_assert().
Icenowy Zheng [Mon, 9 Mar 2026 16:24:56 +0000 (00:24 +0800)]
dt-bindings: hwmon: moortec,mr75203: adapt multipleOf for T-Head TH1520
The G and J coefficients provided by T-Head TH1520 manual (which calls
them A and C coefficients and calls H coefficient in the binding as B)
have 1/100 degree Celsius precision (the values are 42.74 and -0.16
respectively), however the binding currently only allows coefficients as
precise as 100 milli-Celsius (1/10 degree Celsius).
Change the multipleOf value of these two coefficients to 10 (in the unit
of milli-Celsius) to satisfy the need of TH1520.
Tabrez Ahmed [Sun, 8 Mar 2026 12:47:14 +0000 (18:17 +0530)]
hwmon: (ads7871) Propagate SPI errors in voltage_show
The voltage_show() function previously ignored negative error codes
returned by the underlying SPI read/write functions. Because negative
numbers have their most significant bits set in two's complement, a
failed SPI read returning -EIO (-5) would incorrectly evaluate to true
when masked with MUX_CNV_BM (0x80).
This would cause the driver to enter the polling loop even when the SPI bus
failed, eventually returning a misleading -ETIMEDOUT error to userspace
instead of the actual hardware error. Furthermore, the return values of
the initial SPI write and the final 16-bit SPI read were completely
ignored.
Add proper error checking after every SPI operation to ensure hardware
failures are immediately propagated back to userspace.
Sanman Pradhan [Sat, 7 Mar 2026 22:45:19 +0000 (14:45 -0800)]
hwmon: (pmbus/max31785) fix argument type for i2c_smbus_write_byte_data wrapper
The local wrapper max31785_i2c_write_byte_data() declares its data
parameter as u16 but passes it directly to i2c_smbus_write_byte_data()
which takes u8. Fix the type to match the underlying API.
No functional change; all current callers pass values that fit in u8.
Tabrez Ahmed [Sat, 7 Mar 2026 11:52:26 +0000 (17:22 +0530)]
hwmon: (ads7871) Fix incorrect error code in voltage_show
The voltage_show() function returns -1 when the A/D conversion
fails to complete within the polling loop. -1 maps to -EPERM
(operation not permitted), which does not describe the actual
failure.
Replace this -1 error code with -ETIMEDOUT to better indicate
the timeout condition to userspace.
Tabrez Ahmed [Sat, 7 Mar 2026 08:38:15 +0000 (14:08 +0530)]
hwmon: (ads7871) Replace sprintf() with sysfs_emit()
Use sysfs_emit() instead of sprintf() in the sysfs show function
voltage_show() to comply with the preferred kernel interface for
writing to sysfs buffers, which ensures PAGE_SIZE buffer limits
are respected.
Andrew Davis [Fri, 6 Mar 2026 17:16:52 +0000 (11:16 -0600)]
hwmon: (pmbus/max16601) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This can instead be done with
i2c_client_get_device_id(). For this driver functionality should
not change. Switch over to remove the last couple users of the
i2c_match_id() function from kernel.
Andrew Davis [Fri, 6 Mar 2026 17:16:51 +0000 (11:16 -0600)]
hwmon: (pmbus/ltc2978) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This can instead be done with
i2c_client_get_device_id(). For this driver functionality should
not change. Switch over to remove the last couple users of the
i2c_match_id() function from kernel.
Andrew Davis [Fri, 6 Mar 2026 17:16:50 +0000 (11:16 -0600)]
hwmon: (pmbus/fsp-3y) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This can be done instead with
i2c_client_get_device_id() which doesn't need the i2c_device_id
passed in so we do not need to have that forward declared, allowing
us to move the i2c_device_id table down to its more natural spot
with the other module info.
Andrew Davis [Fri, 6 Mar 2026 17:16:49 +0000 (11:16 -0600)]
hwmon: (pmbus/tps53679) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It also checks for device match data, which means we do not have
to manually check that first.
Andrew Davis [Fri, 6 Mar 2026 17:16:48 +0000 (11:16 -0600)]
hwmon: (pmbus/q54sj108a2) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It also checks for device match data, which means we do not have
to manually check that first.
Andrew Davis [Fri, 6 Mar 2026 17:16:47 +0000 (11:16 -0600)]
hwmon: (pmbus) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It doesn't need the i2c_device_id passed in so we do not need
to have that forward declared, allowing us to remove that.
Andrew Davis [Fri, 6 Mar 2026 17:16:46 +0000 (11:16 -0600)]
hwmon: (pmbus/max34440) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It doesn't need the i2c_device_id passed in so we do not need
to have that forward declared, allowing us to remove that.
Andrew Davis [Fri, 6 Mar 2026 17:16:45 +0000 (11:16 -0600)]
hwmon: (pmbus/max20730) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It also checks for device match data. That means we do not have
to manually check that first.
Andrew Davis [Fri, 6 Mar 2026 17:16:44 +0000 (11:16 -0600)]
hwmon: (pmbus/isl68137) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has a couple other benefits:
* It doesn't need the i2c_device_id passed in so we do not need
to have that forward declared, allowing us to remove that.
* It also checks for device match data, which allows for OF and
ACPI based probing.
Andrew Davis [Fri, 6 Mar 2026 17:16:43 +0000 (11:16 -0600)]
hwmon: (pmbus/ibm-cffps) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It also checks for device match data, which allows for OF based
probing. That means we do not have to manually check those first
and can remove that check.
As i2c_get_match_data() return NULL/0 on failure which also matches
the enum for "cffps1", switch around the enum order so cffps_unknown
is index 0 and existing behavior is preserved.
Andrew Davis [Fri, 6 Mar 2026 17:16:42 +0000 (11:16 -0600)]
hwmon: (pmbus/bel-pfe) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It doesn't need the i2c_device_id passed in so we do not need
to have that forward declared, allowing us to remove that.
hwmon: (asus_atk0110) Convert ACPI driver to a platform one
In all cases in which a struct acpi_driver is used for binding a driver
to an ACPI device object, a corresponding platform device is created by
the ACPI core and that device is regarded as a proper representation of
underlying hardware. Accordingly, a struct platform_driver should be
used by driver code to bind to that device. There are multiple reasons
why drivers should not bind directly to ACPI device objects [1].
Overall, it is better to bind drivers to platform devices than to their
ACPI companions, so convert the asus_atk0110 ACPI driver to a platform
one.
After this change, the subordinate hwmon device will be registered under
the platform device used for driver binding and messages will be printed
relative to that device instead of its ACPI companion.
While this is not expected to alter functionality, it changes sysfs
layout and so it will be visible to user space.
Nuno Sá [Wed, 4 Mar 2026 10:17:48 +0000 (10:17 +0000)]
hwmon: (ltc4282) Add default rsense value
Instead of failing probe when the "adi,rsense-nano-ohms" firmware property
is not provided, default rsense to (NANO/MILLI), or 1 milli-Ohm. This
allows the device to probe without requiring firmware properties, which
might be useful for some high level testing.
Nuno Sá [Wed, 4 Mar 2026 10:17:47 +0000 (10:17 +0000)]
docs: hwmon: ltc4282: Fix scanned addresses
The LTC4282 driver does not implement an I2C .detect() callback, meaning no
I2C address scanning is performed. Update the documentation to
reflect this by replacing the listed I2C address ranges with "-".
Jonas Rebmann [Tue, 3 Mar 2026 11:07:02 +0000 (12:07 +0100)]
hwmon: (ina2xx) Shift INA234 shunt and current registers
The INA219 has the lowest three bits of the bus voltage register
zero-reserved, the bus_voltage_shift ina2xx_config field was introduced
to accommodate for that.
The INA234 has four bits of the bus voltage, of the shunt voltage, and
of the current registers zero-reserved but the latter two were
implemented by choosing a 16x higher shunt_div instead of a separate
field specifying a bit shift.
This is possible because shunt voltage and current are divided by
shunt_div, hence a 16x higher shunt_div results in a 16x smaller LSB for
both the shunt voltage and the current register, perfectly accounting
for the missing bit shift.
For consistency and correctness, account for the reserved bits via
shunt_voltage_shift and current_shift configuration fields as already
done for voltage registers and use the conversion constants given in the
INA234 datasheet.
Jonas Rebmann [Tue, 3 Mar 2026 11:07:01 +0000 (12:07 +0100)]
hwmon: (ina2xx) clean up unused define and outdated comment
The list of supported chips in the header is incomplete and contains no
other information not readily available. Remove the list and instead
hint that the chips supported by this driver have 219/226 compatible
register layout [unlike the ones supported by e.g. ina238].
Mariano Abad [Tue, 3 Mar 2026 00:46:04 +0000 (21:46 -0300)]
hwmon: Add LattePanda Sigma EC driver
Add hardware monitoring support for the LattePanda Sigma SBC
(DFRobot, ITE IT8613E EC). The driver reads fan speed and
temperatures via direct port I/O, as the BIOS disables the
ACPI EC interface.
Signed-off-by: Mariano Abad <weimaraner@gmail.com> Signed-off-by: Guenter Roeck <linux@roeck-us.net>
hwmon: (acpi_power_meter) Convert ACPI driver to a platform one
In all cases in which a struct acpi_driver is used for binding a driver
to an ACPI device object, a corresponding platform device is created by
the ACPI core and that device is regarded as a proper representation of
underlying hardware. Accordingly, a struct platform_driver should be
used by driver code to bind to that device. There are multiple reasons
why drivers should not bind directly to ACPI device objects [1].
Overall, it is better to bind drivers to platform devices than to their
ACPI companions, so convert the hwmon ACPI power meter driver to a
platform one.
After this change, the subordinate hwmon device will be registered
under the platform device representing the ACPI power meter, sysfs
notifications will trigger on that device, and diagnostic messages
will be printed relative to it instead of its ACPI companion.
To facilitate subsequent conversion of the driver to a platform one,
make it install an ACPI notify handler directly instead of using
a .notify() callback in struct acpi_driver.
hwmon: (acpi_power_meter) Drop redundant checks from three functions
Since acpi_power_meter_notify() and acpi_power_meter_remove() are
.notify() and .remove() callback functions of an ACPI driver,
respectively, the first argument of the former and the only argument
of the latter cannot be NULL. Likewise, the acpi_power_meter_resume()
argument cannot be NULL because it is a system resume callback
function.
Moreover, since all of these functions can only run after
acpi_power_meter_add() has returned 0, the driver_data field in the
struct acpi_device object used by them cannot be NULL either.
Accordingly, drop the redundant "device" checks against NULL from
acpi_power_meter_notify() and acpi_power_meter_remove(), drop the
redundant "dev" check against NULL from acpi_power_meter_resume(),
and drop the redundant acpi_driver_data() checks against NULL from
all of these functions.
Additionally, combine the initialization of the "resource" local
variable in acpi_power_meter_notify() and acpi_power_meter_remove()
with its declaration.
Ashish Yadav [Mon, 23 Feb 2026 05:08:03 +0000 (10:38 +0530)]
hwmon: (pmbus/core) Add support for NVIDIA nvidia195mv mode
Extend the PMBus core vrm_version handling to support NVIDIA nvidia195mv
VID mode. This adds a new VRM/VID encoding type and the corresponding
voltage conversion logic so devices reporting nvidia195mv can have their
VOUT/VID values interpreted correctly by the hwmon PMBus core.
Hao Yu [Mon, 23 Feb 2026 17:38:53 +0000 (01:38 +0800)]
hwmon: (aht10) add device tree ID matching
Add of_device_id table to allow the driver to be matched via
Device Tree. This is required for supporting the AHT10/20/DHT20
sensors on platforms using DT.
Hao Yu [Mon, 23 Feb 2026 17:38:52 +0000 (01:38 +0800)]
dt-bindings: hwmon: add Aosong AHT10/AHT20/DHT20 to trivial devices
Add Aosong AHT10, AHT20 and DHT20 temperature and humidity sensors
to the trivial-devices documentation. These sensors use a standard
I2C interface and do not require complex binding definitions.
The GPD Win 5 is a new device by GPD with an AMD AI MAX 385/395 chip.
It uses the same fan control registers as the GPD Win Duo. This
information was provided by GPD.
Pengpeng Hou [Sat, 28 Mar 2026 23:43:56 +0000 (07:43 +0800)]
bnxt_en: set backing store type from query type
bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the
firmware response in ctxm->type and later uses that value to index
fixed backing-store metadata arrays such as ctx_arr[] and
bnxt_bstore_to_trace[].
ctxm->type is fixed by the current backing-store query type and matches
the array index of ctx->ctx_arr. Set ctxm->type from the current loop
variable instead of depending on resp->type.
Also update the loop to advance type from next_valid_type in the for
statement, which keeps the control flow simpler for non-valid and
unchanged entries.
Fixes: 6a4d0774f02d ("bnxt_en: Add support for new backing store query firmware API") Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn> Reviewed-by: Michael Chan <michael.chan@broadcom.com> Tested-by: Michael Chan <michael.chan@broadcom.com> Link: https://patch.msgid.link/20260328234357.43669-1-pengpeng@iscas.ac.cn Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Lorenzo Bianconi [Sun, 29 Mar 2026 10:32:27 +0000 (12:32 +0200)]
net: airoha: Delay offloading until all net_devices are fully registered
Netfilter flowtable can theoretically try to offload flower rules as soon
as a net_device is registered while all the other ones are not
registered or initialized, triggering a possible NULL pointer dereferencing
of qdma pointer in airoha_ppe_set_cpu_port routine. Moreover, if
register_netdev() fails for a particular net_device, there is a small
race if Netfilter tries to offload flowtable rules before all the
net_devices are properly unregistered in airoha_probe() error patch,
triggering a NULL pointer dereferencing in airoha_ppe_set_cpu_port
routine. In order to avoid any possible race, delay offloading until
all net_devices are registered in the networking subsystem.
Yochai Eisenrich [Sat, 28 Mar 2026 21:14:36 +0000 (00:14 +0300)]
net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak
When building netlink messages, tc_chain_fill_node() never initializes
the tcm_info field of struct tcmsg. Since the allocation is not zeroed,
kernel heap memory is leaked to userspace through this 4-byte field.
The fix simply zeroes tcm_info alongside the other fields that are
already initialized.
Fixes: 32a4f5ecd738 ("net: sched: introduce chain object to uapi") Signed-off-by: Yochai Eisenrich <echelonh@gmail.com> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Link: https://patch.msgid.link/20260328211436.1010152-1-echelonh@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
====================
net: stmmac: qcom-ethqos: more cleanups
Further cleanups to qcom-ethqos, mainly concentrating on the RGMII
code, making it clearer what the differences are for each speed, thus
making the code more readable.
I'm still not really happy with this. The speed specific configuration
remains split between ethqos_fix_mac_speed_rgmii() and
ethqos_rgmii_macro_init(), where the latter is only ever called from
the former. So, I think further work is needed here - maybe it needs
restructuring into the various componenet parts of the RGMII block?
====================
The comment for calculating the prg_rclk_dly value is incorrect as it
omits the brackets around the divisor. Add the brackets to allow the
reader to correctly evaluate the value. Validated with the values given
in the driver.
net: stmmac: qcom-ethqos: move loopback decision next to reg update
Move the loopback decision next to the register update, and make the
local variable unsigned. As a result, there is now no need for the
comment referring to the programming being later.
Rather than coding the entire register update twice with different
values, use a local variable to specify the value and have one
register update statement that uses this local variable. This results
in neater code.
net: stmmac: qcom-ethqos: finally eliminate the switch
Move the RCLK delay configuration out of the switch, which just leaves
the RGMII_CONFIG_LOOPBACK_EN setting in all three paths. This makes it
trivial to eliminate the switch.
Move RGMII_CONFIG2_RX_PROG_SWAP out of the switch. 1G speed always
sets this field. 100M and 10M sets it for has_emac_ge_3 devices,
otherwise it is cleared.
Move the speed programming for 100M and 10M out of the switch. There
is no programming done for 1G speed.
It looks like there are two fields, 7:6 which are programemd to '1'
to select a /2 divisor for 100M, and bits 16:8 which are programmed
to '19' to select a /20 divisor.
net: stmmac: qcom-ethqos: move two more RGMII_IO_MACRO_CONFIG2 out
RGMII_CONFIG2_DATA_DIVIDE_CLK_SEL is always cleared, and
RGMII_CONFIG2_TX_CLK_PHASE_SHIFT_EN is always updated with the phase
shift in each path through the switch, so these are independent of
the speed. Move them out.
net: stmmac: qcom-ethqos: move 1G vs 100M/10M RGMII settings
Move RGMII_CONFIG_BYPASS_TX_ID_EN, RGMII_CONFIG_POS_NEG_DATA_SEL and
RGMII_CONFIG_PROG_SWAP. There are two states for these: one group for
1G, and the logical inversion for 100M and 10M. Move this out of the
switch into an if-else clause.
net: stmmac: qcom-ethqos: move detection of invalid RGMII speed
Move detection of invalid RGMII speeds (which will never be triggered)
before the switch() to allow register modifications that are common to
all speeds to be moved out of the switch.
Since ethqos_fix_mac_speed() is called via a function pointer, and only
indirects via the configure_func function pointer, eliminate this
unnecessary indirection.
net: stmmac: qcom-ethqos: pass ethqos to ethqos_pcs_set_inband()
Rather than getting the stmmac_priv pointer in
ethqos_configure_sgmii(), move it into ethqos_pcs_set_inband() and pass
the struct qcom_ethqos pointer instead.
ethqos_configure() does nothing more than indirect via
ethqos->configure_func, and is only called from ethqos_fix_mac_speed()
just below. Move the indirect call into ethqos_fix_mac_speed().
Guoyu Su [Fri, 27 Mar 2026 15:35:07 +0000 (23:35 +0800)]
net: use skb_header_pointer() for TCPv4 GSO frag_off check
Syzbot reported a KMSAN uninit-value warning in gso_features_check()
called from netif_skb_features() [1].
gso_features_check() reads iph->frag_off to decide whether to clear
mangleid_features. Accessing the IPv4 header via ip_hdr()/inner_ip_hdr()
can rely on skb header offsets that are not always safe for direct
dereference on packets injected from PF_PACKET paths.
Use skb_header_pointer() for the TCPv4 frag_off check so the header read
is robust whether data is already linear or needs copying.
Lorenzo Bianconi [Fri, 27 Mar 2026 09:48:21 +0000 (10:48 +0100)]
net: airoha: Add missing cleanup bits in airoha_qdma_cleanup_rx_queue()
In order to properly cleanup hw rx QDMA queues and bring the device to
the initial state, reset rx DMA queue head/tail index. Moreover, reset
queued DMA descriptor fields.
Ng Tze Yee [Tue, 24 Feb 2026 06:01:55 +0000 (22:01 -0800)]
arm64: dts: socfpga: stratix10: Add emmc support
The Stratix10 devkit supports a separate eMMC daughter card. The eMMC
daughter card replaces the SDMMC slot that is on the default daughter card
and thus requires a separate board dts file.
Signed-off-by: Ng Tze Yee <tzeyee.ng@altera.com> Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Stratix 10 devkit support a separate eMMC daughter card. Add compatible
string for the Stratix 10 SoCDK eMMC daughter board with
"altr,socfpga-stratix10-socdk" as a fallback, since this variant is based
on the standard SoCDK board.
Acked-by: Rob Herring (Arm) <robh@kernel.org> Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@oss.qualcomm.com> Signed-off-by: Ng Tze Yee <tzeyee.ng@altera.com> Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Paolo Abeni [Fri, 27 Mar 2026 09:52:57 +0000 (10:52 +0100)]
ipv6: prevent possible UaF in addrconf_permanent_addr()
The mentioned helper try to warn the user about an exceptional
condition, but the message is delivered too late, accessing the ipv6
after its possible deletion.
Reorder the statement to avoid the possible UaF; while at it, place the
warning outside the idev->lock as it needs no protection.
Reported-by: Jakub Kicinski <kuba@kernel.org> Closes: https://sashiko.dev/#/patchset/8c8bfe2e1a324e501f0e15fef404a77443fd8caf.1774365668.git.pabeni%40redhat.com Fixes: f1705ec197e7 ("net: ipv6: Make address flushing on ifdown optional") Signed-off-by: Paolo Abeni <pabeni@redhat.com> Link: https://patch.msgid.link/ef973c3a8cb4f8f1787ed469f3e5391b9fe95aa0.1774601542.git.pabeni@redhat.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Jan Hoffmann [Sun, 29 Mar 2026 19:11:11 +0000 (21:11 +0200)]
net: sfp: add quirk for ZOERAX SFP-2.5G-T
This is a 2.5G copper module which appears to be based on a Motorcomm
YT8821 PHY. There doesn't seem to be a usable way to to access the PHY
(I2C address 0x56 provides only read-only C22 access, and Rollball is
also not working).
The module does not report the correct extended compliance code for
2.5GBase-T, and instead claims to support SONET OC-48 and Fibre Channel:
Despite this, the kernel still enables the correct 2500Base-X interface
mode. However, for the module to actually work, it is also necessary to
disable inband auto-negotiation.
Enable the existing "sfp_quirk_oem_2_5g" for this module, which handles
that and also sets the bit for 2500Base-T link mode.
Jakub Kicinski [Sun, 29 Mar 2026 18:04:28 +0000 (11:04 -0700)]
selftests/bpf: Test that dst is cleared on same-protocol encap
Verify that bpf_skb_adjust_room() clears the routing dst even when
the encap L3 protocol matches the original packet (e.g. IPIP).
The dst selected for the inner packet is not valid for the
encapsulated result; a stale dst could lead to misrouting.
Arnd Bergmann [Fri, 27 Mar 2026 16:55:08 +0000 (17:55 +0100)]
vfio: unhide vdev->debug_root
When debugfs is disabled, the hisilicon driver now fails to build:
drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c: In function 'hisi_acc_vfio_debug_init':
drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c:1671:62: error: 'struct vfio_device' has no member named 'debug_root'
1671 | vfio_dev_migration = debugfs_lookup("migration", vdev->debug_root);
| ^~
The driver otherwise relies on dead-code elimination, but this reference
fails. The single struct member is not going to make much of a difference
for memory consumption, so just keep this visible unconditionally.
Jakub Kicinski [Sun, 29 Mar 2026 18:04:27 +0000 (11:04 -0700)]
net: Clear the dst when performing encap / decap
Commit ba9db6f907ac ("net: clear the dst when changing skb protocol")
added dst clearing when a BPF program changes the skb protocol
(e.g. IPv4 to IPv6). Since that was a fix we only cleared the dst when
the L3 protocol actually changes to keep it minimal. As suggested during
the discussion (see Link) encap or decap operation which wraps or unwraps
a same-protocol header may also render the existing dst incorrect - even
if that doesn't result in a crash, just the wrong route for the now-outermost
IP dst.
Make dropping dst unconditional for bpf_skb_change_proto() and all
L3 encap / decap ops.
Julian Braha [Mon, 30 Mar 2026 21:45:49 +0000 (22:45 +0100)]
PCI: Clean up dead code in Kconfig
There is already an 'if PCI' condition wrapping several config options,
e.g., PCI_DOMAINS and VGA_ARB, making the 'depends on PCI' statement for
each of these a duplicate dependency (dead code).
Leave the outer 'if PCI...endif' and remove the individual 'depends on PCI'
statement from each option.
This dead code was found by kconfirm, a static analysis tool for Kconfig.
Linus Torvalds [Mon, 30 Mar 2026 21:52:45 +0000 (14:52 -0700)]
x86-64/arm64/powerpc: clean up and rename __copy_from_user_flushcache
This finishes the work on these odd functions that were only implemented
by a handful of architectures.
The 'flushcache' function was only used from the iterator code, and
let's make it do the same thing that the nontemporal version does:
remove the two underscores and add the user address checking.
Yes, yes, the user address checking is also done at iovec import time,
but we have long since walked away from the old double-underscore thing
where we try to avoid address checking overhead at access time, and
these functions shouldn't be so special and old-fashioned.
The arm64 version already did the address check, in fact, so there it's
just a matter of renaming it. For powerpc and x86-64 we now do the
proper user access boilerplate.
Linus Torvalds [Mon, 30 Mar 2026 20:11:07 +0000 (13:11 -0700)]
x86: rename and clean up __copy_from_user_inatomic_nocache()
Similarly to the previous commit, this renames the somewhat confusingly
named function. But in this case, it was at least less confusing: the
__copy_from_user_inatomic_nocache is indeed copying from user memory,
and it is indeed ok to be used in an atomic context, so it will not warn
about it.
But the previous commit also removed the NTB mis-use of the
__copy_from_user_inatomic_nocache() function, and as a result every
call-site is now _actually_ doing a real user copy. That means that we
can now do the proper user pointer verification too.
End result: add proper address checking, remove the double underscores,
and change the "nocache" to "nontemporal" to more accurately describe
what this x86-only function actually does. It might be worth noting
that only the target is non-temporal: the actual user accesses are
normal memory accesses.
Also worth noting is that non-x86 targets (and on older 32-bit x86 CPU's
before XMM2 in the Pentium III) we end up just falling back on a regular
user copy, so nothing can actually depend on the non-temporal semantics,
but that has always been true.
Linus Torvalds [Mon, 30 Mar 2026 17:39:09 +0000 (10:39 -0700)]
x86-64: rename misleadingly named '__copy_user_nocache()' function
This function was a masterclass in bad naming, for various historical
reasons.
It claimed to be a non-cached user copy. It is literally _neither_ of
those things. It's a specialty memory copy routine that uses
non-temporal stores for the destination (but not the source), and that
does exception handling for both source and destination accesses.
Also note that while it works for unaligned targets, any unaligned parts
(whether at beginning or end) will not use non-temporal stores, since
only words and quadwords can be non-temporal on x86.
The exception handling means that it _can_ be used for user space
accesses, but not on its own - it needs all the normal "start user space
access" logic around it.
But typically the user space access would be the source, not the
non-temporal destination. That was the original intention of this,
where the destination was some fragile persistent memory target that
needed non-temporal stores in order to catch machine check exceptions
synchronously and deal with them gracefully.
Thus that non-descriptive name: one use case was to copy from user space
into a non-cached kernel buffer. However, the existing users are a mix
of that intended use-case, and a couple of random drivers that just did
this as a performance tweak.
Some of those random drivers then actively misused the user copying
version (with STAC/CLAC and all) to do kernel copies without ever even
caring about the exception handling, _just_ for the non-temporal
destination.
Rename it as a first small step to actually make it halfway sane, and
change the prototype to be more normal: it doesn't take a user pointer
unless the caller has done the proper conversion, and the argument size
is the full size_t (it still won't actually copy more than 4GB in one
go, but there's also no reason to silently truncate the size argument in
the caller).
Finally, use this now sanely named function in the NTB code, which
mis-used a user copy version (with STAC/CLAC and all) of this interface
despite it not actually being a user copy at all.
PCI/DPC: Log AER error info for DPC/EDR uncorrectable errors
aer_print_error() skips printing if ratelimit_print[i] is not set. In the
native AER path, ratelimit_print is initialized by add_error_device()
during source device discovery, and is set to 1 for fatal errors to bypass
rate limiting since fatal errors should always be logged.
The DPC/EDR path uses the DPC-capable port as the error source and reads
its AER uncorrectable error status registers directly in
dpc_get_aer_uncorrect_severity(). Since it does not go through
add_error_device(), ratelimit_print[0] is left uninitialized and zero. As
a result, aer_print_error() silently drops all AER error messages for
DPC/EDR triggered events.
Set ratelimit_print[0] to 1 to bypass rate limiting and always print AER
logs for uncorrectable errors detected by the DPC port.
Li RongQing [Tue, 17 Mar 2026 00:28:03 +0000 (20:28 -0400)]
PCI/sysfs: Suppress FW_BUG warning when NUMA node already matches
The numa_node sysfs interface allows users to manually override a PCI
device's NUMA node assignment. Currently, every write triggers a FW_BUG
warning and taints the kernel, even when writing the same value that is
already set.
Check if the requested node is already assigned to the device. If it
matches, return success immediately without tainting the kernel or printing
a warning.
projects / thirdparty / linux.git / log
