]> git.ipfire.org Git - thirdparty/kernel/linux.git/log
thirdparty/kernel/linux.git
8 weeks agospi: ch341: correct company name in MODULE_DESCRIPTION
Jiawei Liu [Wed, 6 May 2026 06:24:12 +0000 (14:24 +0800)] 
spi: ch341: correct company name in MODULE_DESCRIPTION

The company name "QiHeng Electronics" is incorrect.
The correct legal name is "Nanjing Qinheng Microelectronics Co., Ltd.".

Update the module description accordingly.

Signed-off-by: Jiawei Liu <ljw@wch.cn>
Link: https://patch.msgid.link/20260506062412.371034-1-ljw@wch.cn
Signed-off-by: Mark Brown <broonie@kernel.org>
8 weeks agotreewide: Explicitly include the x86 CPUID headers
Ahmed S. Darwish [Fri, 27 Mar 2026 02:15:18 +0000 (03:15 +0100)] 
treewide: Explicitly include the x86 CPUID headers

Modify all CPUID call sites which implicitly include any of the CPUID
headers to explicitly include them instead.

For KVM's reverse_cpuid.h, just include <asm/cpuid/types.h> since it
references the CPUID_EAX..EDX symbols without using the CPUID APIs.

Note, this allows removing the inclusion of <asm/cpuid/api.h> from within
<asm/processor.h> next.  That allows the CPUID API headers to include
<asm/processor.h> without introducing a circular dependency.

Signed-off-by: Ahmed S. Darwish <darwi@linutronix.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/20260327021645.555257-1-darwi@linutronix.de
8 weeks agoregulator: qcom-rpmh: Fix index for pmh0101 ldo16
Fenglin Wu [Wed, 6 May 2026 09:28:51 +0000 (02:28 -0700)] 
regulator: qcom-rpmh: Fix index for pmh0101 ldo16

The wrong index is assigned to pmh0101 ldo16, which results incorrect
rpmh resource being used when the regulator device is voted. Fix it.

Fixes: 65efe5404d15 ("regulator: rpmh-regulator: Add RPMH regulator support for Glymur")
Signed-off-by: Fenglin Wu <fenglin.wu@oss.qualcomm.com>
Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com>
Link: https://patch.msgid.link/20260506-fix_pmh0101_ldo16_index-v1-1-cdc8708b01f4@oss.qualcomm.com
Signed-off-by: Mark Brown <broonie@kernel.org>
8 weeks agoASoC: cs35l56: Fixes for driver cleanup
Mark Brown [Wed, 6 May 2026 12:22:53 +0000 (21:22 +0900)] 
ASoC: cs35l56: Fixes for driver cleanup

Richard Fitzgerald <rf@opensource.cirrus.com> says:

Two patches to fix cleanup during driver remove() and the error path
of probe().

The main purpose is to fix cleanup of the workqueue.

8 weeks agoASoC: cs35l56: Destroy workqueue in probe error path
Richard Fitzgerald [Tue, 5 May 2026 16:11:24 +0000 (17:11 +0100)] 
ASoC: cs35l56: Destroy workqueue in probe error path

The error path in cs35l56_common_probe() should call destroy_workqueue()
on the workqueue that was created by cs35l56_dsp_init().

Fixes: e49611252900 ("ASoC: cs35l56: Add driver for Cirrus Logic CS35L56")
Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Link: https://patch.msgid.link/20260505161124.3621000-3-rf@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
8 weeks agoASoC: cs35l56: Don't use devres to unregister component
Richard Fitzgerald [Tue, 5 May 2026 16:11:23 +0000 (17:11 +0100)] 
ASoC: cs35l56: Don't use devres to unregister component

Manually call snd_soc_unregister_component() from cs35l56_remove()
instead of using devres cleanup. This ensures that the component is
destroyed before cs35l56_remove() starts cleanup of anything the
component code could be using.

Devres cleanup happens after the driver remove() callback, so if
snd_soc_register_component() is used, it will not be destroyed until
after cs35l56_remove() has returned. But there is some cleanup that
must be done in cs35l56_remove(), or wrapped in a custom devres
cleanup handler to ensure correct ordering. The simplest option is
to call snd_soc_unregister_component() at the start of cs35l56_remove().

Fixes: e49611252900 ("ASoC: cs35l56: Add driver for Cirrus Logic CS35L56")
Closes: https://sashiko.dev/#/patchset/20260501103002.2843735-1-rf%40opensource.cirrus.com
Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Link: https://patch.msgid.link/20260505161124.3621000-2-rf@opensource.cirrus.com
Signed-off-by: Mark Brown <broonie@kernel.org>
8 weeks agoASoC: tegra: Add per-stream Mixer Fade controls
Sheetal [Wed, 6 May 2026 10:20:32 +0000 (10:20 +0000)] 
ASoC: tegra: Add per-stream Mixer Fade controls

Add per-stream fade controls for the Tegra mixer to allow
independently configuring target gain and fade duration for each of
the 10 input streams (RX1 through RX10).

The following controls are added per stream:
  "RXn Fade Duration" - fade duration in samples (N3 parameter)
  "RXn Fade Gain"     - target gain level for fade

A strobe control commits all pending fade configurations:
  "Fade Switch"       - 1 = apply staged gain/duration and start fades
                        0 = disable sample count for all fading streams

A read-only status control reports per-stream fade state:
  "Fade Status"       - per-stream state for all 10 RX inputs
                        0 = idle, 1 = active

Usage example (fade 2 streams simultaneously):
  amixer -c <card> cset name="RX1 Fade Duration" 1024
  amixer -c <card> cset name="RX1 Fade Gain" 12000
  amixer -c <card> cset name="RX2 Fade Duration" 2048
  amixer -c <card> cset name="RX2 Fade Gain" 15000
  amixer -c <card> cset name="Fade Switch" 1

Signed-off-by: Sheetal <sheetal@nvidia.com>
Link: https://patch.msgid.link/20260506102032.1644851-1-sheetal@nvidia.com
Signed-off-by: Mark Brown <broonie@kernel.org>
8 weeks agoselftests: livepatch: Check if stack_order sysfs attribute exists
Marcos Paulo de Souza [Mon, 4 May 2026 18:34:47 +0000 (15:34 -0300)] 
selftests: livepatch: Check if stack_order sysfs attribute exists

The commit 3dae09de4061 ("livepatch: Add stack_order sysfs attribute"),
merged in v6.14, introduced a new sysfs attribute.

In order to run the selftests on older kernels, check if given kernel
has support for the attribute. If the attribute is not supported, skip
the checks.

Signed-off-by: Marcos Paulo de Souza <mpdesouza@suse.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Joe Lawrence <joe.lawrence@redhat.com>
Link: https://patch.msgid.link/20260504-lp-tests-old-fixes-v5-6-0be26d94ab9a@suse.com
Signed-off-by: Petr Mladek <pmladek@suse.com>
8 weeks agoselftests: livepatch: Check if replace sysfs attribute exists
Marcos Paulo de Souza [Mon, 4 May 2026 18:34:46 +0000 (15:34 -0300)] 
selftests: livepatch: Check if replace sysfs attribute exists

The commit adb68ed26a3e ("livepatch: Add "replace" sysfs attribute"),
merged in v6.11, introduced a new sysfs attribute.

In order to run the selftests on older kernels, check if given kernel
has support for the attribute. If the attribute is not supported, skip
the checks.

While at it, create a local variable to hold the module name to be
tested, instead of overwriting MOD_LIVEPATCH.

Signed-off-by: Marcos Paulo de Souza <mpdesouza@suse.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Joe Lawrence <joe.lawrence@redhat.com>
Link: https://patch.msgid.link/20260504-lp-tests-old-fixes-v5-5-0be26d94ab9a@suse.com
Signed-off-by: Petr Mladek <pmladek@suse.com>
8 weeks agoselftests: livepatch: Check if patched sysfs attribute exists
Marcos Paulo de Souza [Mon, 4 May 2026 18:34:45 +0000 (15:34 -0300)] 
selftests: livepatch: Check if patched sysfs attribute exists

The commit bb26cfd9e77e
("livepatch: add sysfs entry "patched" for each klp_object") was merged
in v6.1, introducing a new sysfs attribute.

In order to run the selftests on older kernels, check if given kernel
has support for the attribute. If the attribute is not supported, skip
the checks.

Along with this change, use MOD_LIVEPATCH2 variable instead of
reassigning a new value to MOD_LIVEPATCH, and also use the variable
names in the check_result, to avoid using the module names.

Signed-off-by: Marcos Paulo de Souza <mpdesouza@suse.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Joe Lawrence <joe.lawrence@redhat.com>
Link: https://patch.msgid.link/20260504-lp-tests-old-fixes-v5-4-0be26d94ab9a@suse.com
Signed-off-by: Petr Mladek <pmladek@suse.com>
8 weeks agoselftests: livepatch: Introduce does_sysfs_exist function
Marcos Paulo de Souza [Mon, 4 May 2026 18:34:44 +0000 (15:34 -0300)] 
selftests: livepatch: Introduce does_sysfs_exist function

Returns true if the livepatch sysfs attribute exists, and false otherwise.
This new function will be used in the next patches.

Signed-off-by: Marcos Paulo de Souza <mpdesouza@suse.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Joe Lawrence <joe.lawrence@redhat.com>
Link: https://patch.msgid.link/20260504-lp-tests-old-fixes-v5-3-0be26d94ab9a@suse.com
Signed-off-by: Petr Mladek <pmladek@suse.com>
8 weeks agoselftests: livepatch: Replace true/false module parameter by y/n
Marcos Paulo de Souza [Mon, 4 May 2026 18:34:43 +0000 (15:34 -0300)] 
selftests: livepatch: Replace true/false module parameter by y/n

Older kernels don't support true/false for boolean module parameters
because they lack commit 0d6ea3ac94ca
("lib/kstrtox.c: add "false"/"true" support to kstrtobool()"). Replace
true/false by y/n so the test module can be loaded on older kernels.

No functional changes.

Signed-off-by: Marcos Paulo de Souza <mpdesouza@suse.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Joe Lawrence <joe.lawrence@redhat.com>
Link: https://patch.msgid.link/20260504-lp-tests-old-fixes-v5-2-0be26d94ab9a@suse.com
Signed-off-by: Petr Mladek <pmladek@suse.com>
8 weeks agoselftests: livepatch: Check for ARCH_HAS_SYSCALL_WRAPPER config
Marcos Paulo de Souza [Mon, 4 May 2026 18:34:42 +0000 (15:34 -0300)] 
selftests: livepatch: Check for ARCH_HAS_SYSCALL_WRAPPER config

Older kernels that lack CONFIG_ARCH_HAS_SYSCALL_WRAPPER config don't
have any prefixes for their syscalls. The same applies to current
powerpc and loongarch, covering all currently supported architectures
that support livepatch.

The other supported architectures have specific prefixes, so error out
when a new architecture adds livepatch support with wrappers but didn't
update the test to include it.

Signed-off-by: Marcos Paulo de Souza <mpdesouza@suse.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Joe Lawrence <joe.lawrence@redhat.com>
Link: https://patch.msgid.link/20260504-lp-tests-old-fixes-v5-1-0be26d94ab9a@suse.com
Signed-off-by: Petr Mladek <pmladek@suse.com>
8 weeks agoarm64: dts: socfpga: agilex5: update data-width for dmac
Adrian Ng Ho Yin [Wed, 6 May 2026 06:21:49 +0000 (14:21 +0800)] 
arm64: dts: socfpga: agilex5: update data-width for dmac

Update data-width property for dmac to 3 which is 64 bits to match value
configured in the hardware register.

Signed-off-by: Adrian Ng Ho Yin <adrian.ho.yin.ng@altera.com>
Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
8 weeks agos390/sclp: Allow user-space to provide PCI reports for NVMe SMART data
Niklas Schnelle [Tue, 28 Apr 2026 13:38:30 +0000 (15:38 +0200)] 
s390/sclp: Allow user-space to provide PCI reports for NVMe SMART data

The new SCLP action qualifier 4 is used by user-space code to provide
NVMe SMART log data to the platform.

Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
8 weeks agoarm64/fpsimd: ptrace: zero target's fpsimd_state, not the tracer's
Breno Leitao [Tue, 5 May 2026 16:02:13 +0000 (09:02 -0700)] 
arm64/fpsimd: ptrace: zero target's fpsimd_state, not the tracer's

sve_set_common() is the backend for PTRACE_SETREGSET(NT_ARM_SVE) and
PTRACE_SETREGSET(NT_ARM_SSVE). Every write in the function operates on
the tracee (target) - except a single memset that uses current instead,
zeroing the tracer's saved V0-V31 / FPSR / FPCR shadow on every ptrace
SETREGSET call.

The memset is meant to give the tracee a defined zero register image
before the user-supplied payload is copied in (for partial writes,
header-only writes, and FPSIMD<->SVE format switches). Aiming it at
current both denies the tracee that clean slate and silently corrupts
the tracer.

The corruption of the tracer's saved FPSIMD state is not always
observable. Where the tracer's state is live on a CPU, this may be
reused without loading the corrupted state from memory, and will
eventually be written back over the corrupted state. Where the tracer's
state is saved in SVE_PT_REGS_SVE format, only the FPSR and FPCR are
clobbered, and the effective copy of the vectors is in the task's
sve_state.

Reproducible on an arm64 kernel with SVE: a single-threaded tracer that
loads a known pattern into V0-V31, issues PTRACE_SETREGSET(NT_ARM_SVE)
on a child, and reads V0-V31 back observes them all zeroed within tens
of thousands of iterations when a sibling thread keeps stealing the
FPSIMD CPU binding.

Fixes: 316283f276eb ("arm64/fpsimd: ptrace: Consistently handle partial writes to NT_ARM_(S)SVE")
Cc: <stable@vger.kernel.org>
Signed-off-by: Breno Leitao <leitao@debian.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
8 weeks agoclocksource/drivers/sun5i: Add D1 hstimer support
Michal Piekos [Tue, 28 Apr 2026 16:26:59 +0000 (18:26 +0200)] 
clocksource/drivers/sun5i: Add D1 hstimer support

D1 high speed timer differs from existing timer-sun5i by register base
offset.

Add sunxi quirks to handle D1 specific offset.
Add D1 compatible string to OF match table.

Signed-off-by: Michal Piekos <michal.piekos@mmpsystems.pl>
Signed-off-by: Daniel Lezcano <daniel.lezcano@kernel.org>
Reviewed-by: Chen-Yu Tsai <wens@kernel.org>
Link: https://patch.msgid.link/20260428-h616-t113s-hstimer-v3-2-7e02178a93ee@mmpsystems.pl
8 weeks agodt-bindings: timer: allwinner,sun5i-a13-hstimer: add H616 and D1
Michal Piekos [Tue, 28 Apr 2026 16:26:58 +0000 (18:26 +0200)] 
dt-bindings: timer: allwinner,sun5i-a13-hstimer: add H616 and D1

D1 is similar to existing sun5i, but with different register offsets.
H616 uses same offsets as D1.

Add allwinner,sun20i-d1-hstimer
Add allwinner,sun50i-h616-hstimer with fallback to
allwinner,sun20i-d1-hstimer
Extend schema condition for interrupts to cover D1 compatible variant.

Signed-off-by: Michal Piekos <michal.piekos@mmpsystems.pl>
Signed-off-by: Daniel Lezcano <daniel.lezcano@kernel.org>
Acked-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://patch.msgid.link/20260428-h616-t113s-hstimer-v3-1-7e02178a93ee@mmpsystems.pl
8 weeks agoio_uring/wait: honour caller's time namespace for IORING_ENTER_ABS_TIMER
Maoyi Xie [Mon, 4 May 2026 15:37:55 +0000 (23:37 +0800)] 
io_uring/wait: honour caller's time namespace for IORING_ENTER_ABS_TIMER

io_uring_enter() with IORING_ENTER_ABS_TIMER takes an absolute
timespec from the caller via ext_arg->ts. It arms an ABS mode
hrtimer in __io_cqring_wait_schedule(). The conversion path in
io_uring/wait.c parses ext_arg->ts inline rather than going
through io_parse_user_time(). It therefore does not pick up the
time namespace conversion added by the previous patch.

Apply timens_ktime_to_host() to the parsed time on the
IORING_ENTER_ABS_TIMER branch. This mirrors the IORING_TIMEOUT_ABS
fix in io_parse_user_time(). Use ctx->clockid as the clock id.
ctx->clockid is set either at ring creation or via
IORING_REGISTER_CLOCK.

timens_ktime_to_host() is a no-op for clocks not affected by time
namespaces. It is also a no-op for callers in the initial time
namespace. The fast path is unchanged.

Reproducer: in unshare --user --time, with a -10s monotonic
offset, call io_uring_enter with min_complete=1,
IORING_ENTER_ABS_TIMER, and ts = now + 1s. The call returns
-ETIME after <1ms instead of after the expected ~1s.

Suggested-by: Pavel Begunkov <asml.silence@gmail.com>
Suggested-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Maoyi Xie <maoyi.xie@ntu.edu.sg>
Link: https://patch.msgid.link/20260504153755.1293932-3-maoyi.xie@ntu.edu.sg
Signed-off-by: Jens Axboe <axboe@kernel.dk>
8 weeks agoio_uring/timeout: honour caller's time namespace for IORING_TIMEOUT_ABS
Maoyi Xie [Mon, 4 May 2026 15:37:54 +0000 (23:37 +0800)] 
io_uring/timeout: honour caller's time namespace for IORING_TIMEOUT_ABS

io_uring's IORING_OP_TIMEOUT and IORING_OP_LINK_TIMEOUT accept a
timespec from the caller via io_parse_user_time(). With
IORING_TIMEOUT_ABS, the timestamp is an absolute deadline on the
selected clock. The clock is CLOCK_MONOTONIC by default.
CLOCK_BOOTTIME and CLOCK_REALTIME are also selectable.

A submitter inside a CLONE_NEWTIME time namespace observes
CLOCK_MONOTONIC and CLOCK_BOOTTIME shifted by the namespace's
offsets relative to the host. Every other ABS timer interface in
the kernel converts the caller's absolute time to host view via
timens_ktime_to_host() before arming an hrtimer:

  kernel/time/posix-timers.c    -- timer_settime(TIMER_ABSTIME)
  kernel/time/posix-stubs.c     -- clock_nanosleep(TIMER_ABSTIME)
  kernel/time/alarmtimer.c      -- alarm_timer_nsleep(TIMER_ABSTIME)
  fs/timerfd.c                  -- timerfd_settime(TFD_TIMER_ABSTIME)

io_parse_user_time() does not. As a result, an absolute timeout
submitted from within a time namespace is interpreted in host
view. That is generally a different point in time. It may already
be in the past, causing the timer to fire immediately, or far in
the future, causing the timer not to fire when expected.

Reproducer: in unshare --user --time, with a -10s monotonic
offset, submit IORING_OP_TIMEOUT with IORING_TIMEOUT_ABS and
deadline = now + 1s. The CQE is delivered after <1ms instead of
the expected ~1s.

Apply timens_ktime_to_host() to the parsed time when
IORING_TIMEOUT_ABS is set. Split the existing clock id resolver
in io_timeout_get_clock() into a flags only helper
io_flags_to_clock(), so io_parse_user_time() can resolve the
clock without a struct io_timeout_data.

timens_ktime_to_host() is a no-op for clocks not affected by time
namespaces, e.g. CLOCK_REALTIME. It is also a no-op for callers
in the initial time namespace. The fast path is unchanged.

SQPOLL is also covered. The SQPOLL kernel thread is created via
create_io_thread() with CLONE_THREAD and no CLONE_NEW* flag.
copy_namespaces() therefore shares the submitter's nsproxy by
reference. Inside the SQPOLL kthread, current->nsproxy->time_ns
is the submitter's time_ns. timens_ktime_to_host() resolves
correctly.

Suggested-by: Pavel Begunkov <asml.silence@gmail.com>
Suggested-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Maoyi Xie <maoyi.xie@ntu.edu.sg>
Link: https://patch.msgid.link/20260504153755.1293932-2-maoyi.xie@ntu.edu.sg
Signed-off-by: Jens Axboe <axboe@kernel.dk>
8 weeks agoDocumentation: add documentation of AMD isp 4 driver
Bin Du [Wed, 6 May 2026 09:32:49 +0000 (17:32 +0800)] 
Documentation: add documentation of AMD isp 4 driver

Add documentation for AMD ISP 4 and describe the main components

Co-developed-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Bin Du <Bin.Du@amd.com>
Reviewed-by: Mario Limonciello (AMD) <superm1@kernel.org>
Reviewed-by: Sultan Alsawaf <sultan@kerneltoast.com>
Tested-by: Alexey Zagorodnikov <xglooom@gmail.com>
Tested-by: Kate Hsuan <hpa@redhat.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
8 weeks agomedia: platform: amd: isp4 debug fs logging and more descriptive errors
Bin Du [Wed, 6 May 2026 09:32:48 +0000 (17:32 +0800)] 
media: platform: amd: isp4 debug fs logging and more descriptive errors

Add debug fs for isp4 driver and add more detailed descriptive error info
to some of the log message

Co-developed-by: Sultan Alsawaf <sultan@kerneltoast.com>
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
Co-developed-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Bin Du <Bin.Du@amd.com>
Reviewed-by: Sultan Alsawaf <sultan@kerneltoast.com>
Tested-by: Alexey Zagorodnikov <xglooom@gmail.com>
Tested-by: Kate Hsuan <hpa@redhat.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
8 weeks agomedia: platform: amd: isp4 video node and buffers handling added
Bin Du [Wed, 6 May 2026 09:32:47 +0000 (17:32 +0800)] 
media: platform: amd: isp4 video node and buffers handling added

Isp video implements v4l2 video interface and supports NV12 and YUYV. It
manages buffers, pipeline power and state. Cherry-picked Sultan's DMA
buffer related fix from branch v6.16-drm-tip-isp4-for-amd on
https://github.com/kerneltoast/kernel_x86_laptop.git

Co-developed-by: Sultan Alsawaf <sultan@kerneltoast.com>
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
Co-developed-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Bin Du <Bin.Du@amd.com>
Reviewed-by: Sultan Alsawaf <sultan@kerneltoast.com>
Tested-by: Alexey Zagorodnikov <xglooom@gmail.com>
Tested-by: Kate Hsuan <hpa@redhat.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
8 weeks agomedia: platform: amd: isp4 subdev and firmware loading handling added
Bin Du [Wed, 6 May 2026 09:32:46 +0000 (17:32 +0800)] 
media: platform: amd: isp4 subdev and firmware loading handling added

Isp4 sub-device is implementing v4l2 sub-device interface. It has one
capture video node, and supports only preview stream. It manages firmware
states, stream configuration. Add interrupt handling and notification for
isp firmware to isp-subdevice.

Co-developed-by: Sultan Alsawaf <sultan@kerneltoast.com>
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
Co-developed-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Bin Du <Bin.Du@amd.com>
Reviewed-by: Sultan Alsawaf <sultan@kerneltoast.com>
Tested-by: Alexey Zagorodnikov <xglooom@gmail.com>
Tested-by: Kate Hsuan <hpa@redhat.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
8 weeks agomedia: platform: amd: Add isp4 fw and hw interface
Bin Du [Wed, 6 May 2026 09:32:45 +0000 (17:32 +0800)] 
media: platform: amd: Add isp4 fw and hw interface

ISP firmware controls ISP HW pipeline using dedicated embedded processor
called ccpu. The communication between ISP FW and driver is using commands
and response messages sent through the ring buffer. Command buffers support
either global setting that is not specific to the stream and support stream
specific parameters. Response buffers contain ISP FW notification
information such as frame buffer done and command done. IRQ is used for
receiving response buffer from ISP firmware, which is handled in the main
isp4 media device. ISP ccpu is booted up through the firmware loading
helper function prior to stream start. Memory used for command buffer and
response buffer needs to be allocated from amdgpu buffer manager because
isp4 is a child device of amdgpu.

Co-developed-by: Sultan Alsawaf <sultan@kerneltoast.com>
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
Co-developed-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Bin Du <Bin.Du@amd.com>
Reviewed-by: Sultan Alsawaf <sultan@kerneltoast.com>
Tested-by: Alexey Zagorodnikov <xglooom@gmail.com>
Tested-by: Kate Hsuan <hpa@redhat.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
8 weeks agomedia: platform: amd: low level support for isp4 firmware
Bin Du [Wed, 6 May 2026 09:32:44 +0000 (17:32 +0800)] 
media: platform: amd: low level support for isp4 firmware

Low level functions for accessing the registers and mapping to their
ranges. This change also includes register definitions for ring buffer
used to communicate with ISP Firmware. Ring buffer is the communication
interface between driver and ISP Firmware. Command and responses are
exchanged through the ring buffer.

Co-developed-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Bin Du <Bin.Du@amd.com>
Reviewed-by: Sultan Alsawaf <sultan@kerneltoast.com>
Tested-by: Alexey Zagorodnikov <xglooom@gmail.com>
Tested-by: Kate Hsuan <hpa@redhat.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
8 weeks agomedia: platform: amd: Introduce amd isp4 capture driver
Bin Du [Wed, 6 May 2026 09:32:43 +0000 (17:32 +0800)] 
media: platform: amd: Introduce amd isp4 capture driver

AMD isp4 capture is a v4l2 media device which implements media controller
interface. It has one sub-device (AMD ISP4 sub-device) endpoint which can
be connected to a remote CSI2 TX endpoint. It supports only one physical
interface for now. Also add ISP4 driver related entry info into the
MAINTAINERS file

Co-developed-by: Sultan Alsawaf <sultan@kerneltoast.com>
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
Co-developed-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Svetoslav Stoilov <Svetoslav.Stoilov@amd.com>
Signed-off-by: Bin Du <Bin.Du@amd.com>
Reviewed-by: Mario Limonciello (AMD) <superm1@kernel.org>
Reviewed-by: Sultan Alsawaf <sultan@kerneltoast.com>
Tested-by: Alexey Zagorodnikov <xglooom@gmail.com>
Tested-by: Kate Hsuan <hpa@redhat.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
8 weeks agoublk: validate physical_bs_shift, io_min_shift and io_opt_shift
Ming Lei [Wed, 6 May 2026 08:22:38 +0000 (16:22 +0800)] 
ublk: validate physical_bs_shift, io_min_shift and io_opt_shift

ublk_validate_params() checks logical_bs_shift is within
[9, PAGE_SHIFT] but has no upper bound for physical_bs_shift,
io_min_shift, or io_opt_shift. A malicious userspace can set any
of these to a large value (e.g., 44), causing undefined behavior
from `1 << shift` in ublk_ctrl_start_dev() since the result is
stored in 32-bit unsigned int.

Cap all three at ilog2(SZ_256M) (28). 256M is big enough to cover
all practical block sizes, and originates from the maximum physical
block size possible in NVMe (lba_size * (1 + npwg), where npwg is
16-bit).

Also zero out ub->params with memset() when copy_from_user() fails
or ublk_validate_params() returns error, so that no stale or partial
params survive for a subsequent START_DEV to consume.

Fixes: 71f28f3136af ("ublk_drv: add io_uring based userspace block driver")
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Link: https://patch.msgid.link/20260506082238.22363-1-tom.leiming@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
8 weeks agoplatform/x86/intel-uncore-freq: Expose instance ID in the sysfs
Maciej Wieczor-Retman [Wed, 8 Apr 2026 16:27:51 +0000 (16:27 +0000)] 
platform/x86/intel-uncore-freq: Expose instance ID in the sysfs

Insufficient data is exported to allow direct access to TPMI registers
through MMIO. On non-partitioned systems domain_id can be used both for
mapping CPUs to their compute die IDs and for mapping die indices to
their MMIO memory blocks presented to userspace via TPMI debugfs.
However on partitioned systems the debugfs association doesn't work
anymore. This is due to how TPMI partitioning influences domain_id
calculation. The previous association is lost on partitioned systems in
order to keep using domain_id for mapping CPUs to compute dies.

Expose the instance ID in sysfs that's unique in the scope of one TPMI
partition (and hence one TPMI device). It's a physical index into mapped
MMIO blocks and can be used by userspace to figure out how to directly
access TPMI registers.

Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Link: https://patch.msgid.link/b9ae8d5f1ab86bcdb1a8636fa48865a9e49e2e21.1775665057.git.m.wieczorretman@pm.me
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
8 weeks agoplatform/x86/intel-uncore-freq: Rename instance_id
Maciej Wieczor-Retman [Wed, 8 Apr 2026 16:27:47 +0000 (16:27 +0000)] 
platform/x86/intel-uncore-freq: Rename instance_id

The "instance" word has a specific meaning in TPMI. It is a physical
index related to compute dies and IO dies present on a single TPMI
partition (which is also a single TPMI device). It's used for mapping
MMIO blocks for direct TPMI register access.

The currently used "instance_id" uncore_data struct field is a
sequentially generated value that's used for appending to uncore
directories inside the /sys/devices/system/cpu/intel_uncore_frequency
directory. It has no relation to the physical TPMI elements.

Signed-off-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com>
Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Link: https://patch.msgid.link/4d983157199cf0e163597df254e2dc629878b818.1775665057.git.m.wieczorretman@pm.me
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
8 weeks agodrm/xe/cri: Add new PCI IDs
Balasubramani Vivekanandan [Tue, 5 May 2026 07:48:56 +0000 (13:18 +0530)] 
drm/xe/cri: Add new PCI IDs

Add support for new CRI PCI IDs.

Bspec: 77979
Reviewed-by: Gustavo Sousa <gustavo.sousa@intel.com>
Link: https://patch.msgid.link/20260505074855.3813063-2-balasubramani.vivekanandan@intel.com
Signed-off-by: Balasubramani Vivekanandan <balasubramani.vivekanandan@intel.com>
8 weeks agowifi: mac80211: explicitly disable FTM responder on AP stop
Johannes Berg [Tue, 5 May 2026 13:12:16 +0000 (15:12 +0200)] 
wifi: mac80211: explicitly disable FTM responder on AP stop

When stopping the AP, explicitly disable FTM responder while
disabling beaconing.

Link: https://patch.msgid.link/20260505151241.f213196d7d6a.I95d65c030e986c5f7d63ecbd79596da890b9fc84@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: iwlwifi: don't blindly start the responder upon BSS_CHANGED_FTM_RESPONDER
Emmanuel Grumbach [Tue, 5 May 2026 13:12:15 +0000 (15:12 +0200)] 
wifi: iwlwifi: don't blindly start the responder upon BSS_CHANGED_FTM_RESPONDER

mac80211 may just want to stop it, so check the ftm_responder boolean
before starting the responder.

Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260505151241.285da8fbf7f4.I1b6922ca8d06d592356d7a5d190e6118fec1d5b5@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agodrm/bridge: microchip-lvds: fix bus format mismatch with VESA displays
Dharma Balasubiramani [Wed, 25 Jun 2025 08:41:55 +0000 (14:11 +0530)] 
drm/bridge: microchip-lvds: fix bus format mismatch with VESA displays

The LVDS controller was hardcoded to JEIDA mapping, which leads to
distorted output on panels expecting VESA mapping.

Update the driver to dynamically select the appropriate mapping and
pixel size based on the panel's advertised media bus format. This
ensures compatibility with both JEIDA and VESA displays.

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
Signed-off-by: Dharma Balasubiramani <dharma.b@microchip.com>
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Link: https://patch.msgid.link/20250625-microchip-lvds-v6-3-7ce91f89d35a@microchip.com
Signed-off-by: Manikandan Muralidharan <manikandan.m@microchip.com>
8 weeks agodrm/bridge: microchip-lvds: migrate to atomic bridge ops
Dharma Balasubiramani [Wed, 25 Jun 2025 08:41:54 +0000 (14:11 +0530)] 
drm/bridge: microchip-lvds: migrate to atomic bridge ops

Replace legacy .enable and .disable callbacks with their atomic
counterparts .atomic_enable and .atomic_disable.

Signed-off-by: Dharma Balasubiramani <dharma.b@microchip.com>
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Link: https://patch.msgid.link/20250625-microchip-lvds-v6-2-7ce91f89d35a@microchip.com
Signed-off-by: Manikandan Muralidharan <manikandan.m@microchip.com>
8 weeks agodrm/bridge: microchip-lvds: Remove unused drm_panel and redundant port node lookup
Dharma Balasubiramani [Wed, 25 Jun 2025 08:41:53 +0000 (14:11 +0530)] 
drm/bridge: microchip-lvds: Remove unused drm_panel and redundant port node lookup

Drop the unused drm_panel field from the mchp_lvds structure, and remove
the unnecessary port device node lookup, as devm_drm_of_get_bridge()
already performs the required checks internally.

Signed-off-by: Dharma Balasubiramani <dharma.b@microchip.com>
Reviewed-by: Maxime Ripard <mripard@kernel.org>
Link: https://patch.msgid.link/20250625-microchip-lvds-v6-1-7ce91f89d35a@microchip.com
Signed-off-by: Manikandan Muralidharan <manikandan.m@microchip.com>
8 weeks agowifi: mac80211_hwsim: claim HT STBC capability
Johannes Berg [Wed, 6 May 2026 09:32:32 +0000 (11:32 +0200)] 
wifi: mac80211_hwsim: claim HT STBC capability

This is already claimed for VHT and HE, so it doesn't really
make sense to not claim it for HT, and this causes sigma-dut
failures since it assumes VHT support implies HT support.

Link: https://patch.msgid.link/20260506093231.155762-2-johannes@sipsolutions.net
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: enable NAN_DATA interface simulation support
Daniel Gabay [Wed, 6 May 2026 03:44:31 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: enable NAN_DATA interface simulation support

Enable NAN_DATA interface simulation support by adding it to the
supported interface types. This completes the NAN Data Path
simulation introduced in the previous patches.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.d4bd95959bfa.I450087714bd55189242ab6a72ce6650be36edbcb@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: Support Tx of multicast data on NAN
Ilan Peer [Wed, 6 May 2026 03:44:33 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: Support Tx of multicast data on NAN

Add support for transmitting multicast data frames. These
frames can be transmitted when all the peer NDI stations
on the interface are available at the current slot.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.0af7e24f0df3.I3c2de3e456ae092c939e6bfd3d30960fbf2fbeaa@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: Do not declare support for NDPE
Ilan Peer [Wed, 6 May 2026 03:44:32 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: Do not declare support for NDPE

Do not declare support for NAN Data Path Extension attribute
as this is handled by user space and should be set by it.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.711c61538c8a.I9796410c0376f50a07259cc611428d76c51f180a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: Declare support for secure NAN
Daniel Gabay [Wed, 6 May 2026 03:44:30 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: Declare support for secure NAN

Advertise NL80211_EXT_FEATURE_SECURE_NAN to indicate support for
NAN Pairing, enabling peer authentication and secure data path
establishment.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Reviewed-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.d3bcc26b4525.I6993cc70c43579694ffd429f1afb971a73db2ae4@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: add NAN data path TX/RX support
Daniel Gabay [Wed, 6 May 2026 03:44:29 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: add NAN data path TX/RX support

Implement TX and RX path handling for NAN Data Path (NDP) frames,
enabling data communication between NAN peers during scheduled
availability windows.

TX path:
- Select TX channel based on current time slot: use DW channel
  during Discovery Windows, or FAW channel from local
  schedule during Further Availability Windows.
- Verify peer availability before transmission by checking committed
  DW schedule or FAW of the peer schedule.

RX path:
- Extend NAN receive filtering to handle NAN_DATA interface frames.
- Accept incoming frames during FAW slots when channel matches local
  schedule.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.155252ebc72b.Ic210f6c095c6ff372941bc8c77ee9c8c37d0356c@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: set HAS_RATE_CONTROL when using NAN
Daniel Gabay [Wed, 6 May 2026 03:44:28 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: set HAS_RATE_CONTROL when using NAN

- NAN switches between bands/channels per its schedule, so mac80211
  rate control can't work, set HAS_RATE_CONTROL instead.
- Skip rate control checks for NAN interfaces in
  mac80211_hwsim_sta_rc_update() as it's not relevant.
- Move set_rts_threshold stub to HWSIM_COMMON_OPS and return 0 instead
  of -EOPNOTSUPP to prevent failures in non-MLO tests that set RTS
  threshold (hwsim ignores the use_rts instruction from mac80211
  anyway).

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.216e68be61ac.If9ef94a12cec8dfc55416afaf745d6e5025a5ec9@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: implement NAN schedule callbacks
Daniel Gabay [Wed, 6 May 2026 03:44:27 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: implement NAN schedule callbacks

Implement mac80211 schedule callbacks for NAN Data Path support:

- Track local schedule via BSS_CHANGED_NAN_LOCAL_SCHED, caching
  the channel for each 16TU time slot.
- Copy peer schedule to driver-private storage in
  nan_peer_sched_changed callback for use in TX availability
  decisions.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.f3ad9e3dc9d4.I75cf3555b7506d5b8bb30e70a0f3721ab73477cb@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: add NAN PHY capabilities
Daniel Gabay [Wed, 6 May 2026 03:44:26 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: add NAN PHY capabilities

Add static HT, VHT and HE PHY capabilities to the NAN capabilities
structure. These are based on the existing band capability structures
and initialization in mac80211_hwsim.

The NAN PHY capabilities are used by mac80211 and nl80211 to
advertise device capabilities for NAN data interfaces.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.2c94c156f05d.I539fab4adf2eb43bfec27006f7529b926e5208ea@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: add NAN_DATA interface limits
Daniel Gabay [Wed, 6 May 2026 03:44:25 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: add NAN_DATA interface limits

Increase interface limits for NAN_DATA interface.

Signed-off-by: Daniel Gabay <daniel.gabay@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.587955b23089.I261b782e5c198726b9465815d59ce037f094784d@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: implement NAN synchronization
Benjamin Berg [Wed, 6 May 2026 03:44:24 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: implement NAN synchronization

Add all the handling to do NAN synchronization on 2.4 GHz including
sending out beacons. With this, the mac80211_hwsim NAN device also works
when used in conjunction with an external medium simulation.

Note that the TSF sync is not ideal in case of an external medium
simulation. This is because the mactime for received frames needs to be
estimated and the simulation may not update the timestamp of beacons
to the actual time that the frame was transmitted.

The implementation has an initial short phase where it scans for
clusters. This facilitates cluster joining and avoids creating a new
cluster immediately, which would result in two cluster join
notifications. It does not scan otherwise and will only see another
cluster appearing if a discovery beacon happens to be sent during the
2.4 GHz discovery window (DW).

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.7d21c3cdc565.I98b6c15eadefd6d123658294ef1a0cd3c2ce3054@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: protect tsf_offset using a spinlock
Benjamin Berg [Wed, 6 May 2026 03:44:23 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: protect tsf_offset using a spinlock

To implement NAN synchronization in hwsim, the TSF needs to be adjusted
regularly from the RX path. Add a spinlock so that this can be done in a
safe manner.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.18f36f264eb9.I0da5477220b896e2177bd521f7d9a8f2595631e6@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: only RX on NAN when active on a slot
Benjamin Berg [Wed, 6 May 2026 03:44:22 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: only RX on NAN when active on a slot

This moves the NAN receive into the main code and changes it so that
frame RX only happens when the device is active on the channel. This
limits RX to the DW slots as there is currently no datapath.

With this the globally stored channel is obsolete, remove it.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.8cf4a67d3436.Ife07cf4ae8a2d59766356398163f7ee8d734bd6a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: select NAN TX channel based on current TSF
Benjamin Berg [Wed, 6 May 2026 03:44:21 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: select NAN TX channel based on current TSF

Move the TX channel selection into the NAN specific file and select the
channel based on the current slot.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.c235b5a78b98.I5ec4076a8a9445233dc414c6ecaa39f32f1e9595@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211_hwsim: limit TX of frames to the NAN DW
Benjamin Berg [Wed, 6 May 2026 03:44:20 +0000 (06:44 +0300)] 
wifi: mac80211_hwsim: limit TX of frames to the NAN DW

Frames submitted on the NAN device interface should only be transmitted
during one of the discovery windows (DWs). It is assumed that software
submits frames from the DW end notifications for the next DW period.

Simulate this behaviour by checking that we are currently in a DW before
transmitting from ieee80211_hwsim_wake_tx_queue. As frames will be
queued up at the start of a DW, wake the management TX queue every time
a DW is started. Do so with a randomized offset just to avoid every
client transmitting at the same time.

Signed-off-by: Benjamin Berg <benjamin.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260506064301.f3456f159655.Id6780e2f7f7cab03264299b7d696ba5b1269e451@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: cfg80211: don't allow NAN DATA on multi radio devices
Miri Korenblit [Tue, 5 May 2026 16:46:13 +0000 (19:46 +0300)] 
wifi: cfg80211: don't allow NAN DATA on multi radio devices

The support for NAN DATA was added for single radio devices only. For
example, checking the interface combinations is done for a single radio.
Prevent registration with NAN DATA interface type for multi radio
devices.

Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260505194607.ff87e6fcff56.If201aa58119d2a6b08223ecb63bc2869f63ff5a1@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agomedia: Documentation: Use right function to test device power state
Sakari Ailus [Thu, 26 Mar 2026 10:42:49 +0000 (12:42 +0200)] 
media: Documentation: Use right function to test device power state

Tell driver authors to use pm_runtime_get_if_active() instead of
pm_runtime_get_if_in_use() to check the device's power state in the s_ctrl
callback. pm_runtime_get_if_active() is the right function to use here
since it returns non-zero if the device is powered on rather than its
PM runtime usage_count is non-zero.

Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
8 weeks agoRevert "drm/edid: add CTA Video Format Data Block support"
Maarten Lankhorst [Mon, 4 May 2026 17:06:11 +0000 (19:06 +0200)] 
Revert "drm/edid: add CTA Video Format Data Block support"

This reverts commit e3953ff665742c15c002af9e176bd24d5cd9ec61.

Seems to have been accidentally pushed without mandatory review.

Signed-off-by: Maarten Lankhorst <dev@lankhorst.se>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de> #irc
Acked-by: Maxime Ripard <mripard@kernel.org> #irc
8 weeks agowifi: nl80211: re-check wiphy netns in nl80211_prepare_wdev_dump() continuation
Maoyi Xie [Wed, 6 May 2026 06:48:54 +0000 (14:48 +0800)] 
wifi: nl80211: re-check wiphy netns in nl80211_prepare_wdev_dump() continuation

NL80211_CMD_GET_SCAN is implemented as a multi-call dumpit. The first
invocation of nl80211_prepare_wdev_dump() validates the requested wdev
against the caller's netns via __cfg80211_wdev_from_attrs(). Subsequent
invocations look up the same wiphy by its global index and do not check
that the wiphy is still in the caller's netns.

Add the same filter to the continuation path. If the wiphy's netns no
longer matches the caller's, return -ENODEV and the netlink dump
machinery terminates the walk cleanly.

Signed-off-by: Maoyi Xie <maoyi.xie@ntu.edu.sg>
Link: https://patch.msgid.link/20260506064854.2207105-3-maoyixie.tju@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: nl80211: require CAP_NET_ADMIN over the target netns in SET_WIPHY_NETNS
Maoyi Xie [Wed, 6 May 2026 06:48:53 +0000 (14:48 +0800)] 
wifi: nl80211: require CAP_NET_ADMIN over the target netns in SET_WIPHY_NETNS

NL80211_CMD_SET_WIPHY_NETNS dispatches with GENL_UNS_ADMIN_PERM, which
verifies that the caller has CAP_NET_ADMIN for the source netns. It
doesn't verify that the caller has CAP_NET_ADMIN over the target netns
selected by NL80211_ATTR_NETNS_FD or NL80211_ATTR_PID.

This diverges from the convention enforced in
net/core/rtnetlink.c::rtnl_get_net_ns_capable():

    /* For now, the caller is required to have CAP_NET_ADMIN in
     * the user namespace owning the target net ns.
     */
    if (!sk_ns_capable(sk, net->user_ns, CAP_NET_ADMIN))
        return ERR_PTR(-EACCES);

A user with CAP_NET_ADMIN in their own user namespace can therefore
push a wiphy into an arbitrary netns (including init_net) over which
they have no privilege.

Mirror the rtnetlink convention by requiring CAP_NET_ADMIN in the
target netns before calling cfg80211_switch_netns().

Signed-off-by: Maoyi Xie <maoyi.xie@ntu.edu.sg>
Link: https://patch.msgid.link/20260506064854.2207105-2-maoyixie.tju@gmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: nl80211: fix NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST usage
Johannes Berg [Tue, 5 May 2026 11:38:37 +0000 (13:38 +0200)] 
wifi: nl80211: fix NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST usage

This is documented as a u8 and has a policy of NLA_U8, but uses
nla_get_u32() which means it's completely broken on big-endian.
Fix it to use nla_get_u8().

Fixes: 9bb7e0f24e7e ("cfg80211: add peer measurement with FTM initiator API")
Link: https://patch.msgid.link/20260505113837.260159-2-johannes@sipsolutions.net
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agowifi: mac80211: remove station if connection prep fails
Johannes Berg [Tue, 5 May 2026 13:15:34 +0000 (15:15 +0200)] 
wifi: mac80211: remove station if connection prep fails

If connection preparation fails for MLO connections, then the
interface is completely reset to non-MLD. In this case, we must
not keep the station since it's related to the link of the vif
being removed. Delete an existing station. Any "new_sta" is
already being removed, so that doesn't need changes.

This fixes a use-after-free/double-free in debugfs if that's
enabled, because a vif going from MLD (and to MLD, but that's
not relevant here) recreates its entire debugfs.

Cc: stable@vger.kernel.org
Fixes: 81151ce462e5 ("wifi: mac80211: support MLO authentication/association with one link")
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://patch.msgid.link/20260505151533.c4e52deb06ad.Iafe56cec7de8512626169496b134bce3a6c17010@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
8 weeks agocoresight: cti: Fix DT filter signals silently ignored
Yingchao Deng [Sun, 26 Apr 2026 09:59:34 +0000 (17:59 +0800)] 
coresight: cti: Fix DT filter signals silently ignored

In cti_plat_process_filter_sigs(), after allocating a temporary
cti_trig_grp struct via kzalloc_obj(), the code never assigns tg->nr_sigs
= nr_filter_sigs. Since kzalloc zero-initialises the struct, tg->nr_sigs
remains 0. cti_plat_read_trig_group() guards with:
    if (!tgrp->nr_sigs)
        return 0;

so it returns immediately without reading any signal indices from DT.

Fix by assigning tg->nr_sigs before calling cti_plat_read_trig_group().

Fixes: a5614770ab97 ("coresight: cti: Add device tree support for custom CTI")
Signed-off-by: Yingchao Deng <yingchao.deng@oss.qualcomm.com>
Reviewed-by: Leo Yan <leo.yan@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Link: https://lore.kernel.org/r/20260426-nr_sigs-v1-1-3b9df99dab97@oss.qualcomm.com
8 weeks agowifi: rtw89: debug: add BB diagnose
Kuan-Chung Chen [Wed, 29 Apr 2026 13:26:25 +0000 (21:26 +0800)] 
wifi: rtw89: debug: add BB diagnose

Add BB diagnostic to track potential abnormal conditions. Currently,
five diagnostic metrics are monitored: 1) Hang detection monitors
consecutive absence of TX and RX activity. 2) PD maximum triggers
when PD stays at its maximum threshold for a period. 3) No RX
occurs when no CCA activity is detected over multiple consecutive
cycles. 4) High FA indicates a high false alarm ratio, reflecting
severe environmental interference. 5) EDCCA alerts when high EDCCA
ratio, signaling a potential TX hang.

These metrics are exposed via debugfs diag_bb.

Output:

  [PHY 0]
  Diag bitmap = 0x0
  Event{Hang, PD MAX, No RX, High FA, High EDCCA Ratio} = {0, 0, 0, 0, 0}
  consecutive_no_tx_cnt=0, consecutive_no_rx_cnt=0

Signed-off-by: Kuan-Chung Chen <damon.chen@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20260429132625.1659182-8-pkshih@realtek.com
8 weeks agowifi: rtw89: debug: add RX statistics in bb_info
Kuan-Chung Chen [Wed, 29 Apr 2026 13:26:24 +0000 (21:26 +0800)] 
wifi: rtw89: debug: add RX statistics in bb_info

Expand RX packet statistics including coding type, spatial
diversity, and beamforming. These statistics are accumulated
per PHY and displayed in bb_info debugfs.

RX statistics output:

  == RX General
  LDPC: 190, BCC: 0, STBC: 0, SU_NON_BF: 0, SU_BF: 190, MU: 0

Signed-off-by: Kuan-Chung Chen <damon.chen@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20260429132625.1659182-7-pkshih@realtek.com
8 weeks agoALSA: sparc/dbri: add missing fallthrough
Rosen Penev [Wed, 6 May 2026 03:18:54 +0000 (20:18 -0700)] 
ALSA: sparc/dbri: add missing fallthrough

Fixes compiler error with probably newer compilers:

sound/sparc/dbri.c:595:2: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough]
  595 |         case 1:
      |         ^
sound/sparc/dbri.c:595:2: note: insert 'break;' to avoid fall-through
  595 |         case 1:
      |         ^
      |         break;

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://patch.msgid.link/20260506031854.780411-1-rosenp@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
8 weeks agowifi: rtw89: debug: extend bb_info with TX status and PER
Kuan-Chung Chen [Wed, 29 Apr 2026 13:26:23 +0000 (21:26 +0800)] 
wifi: rtw89: debug: extend bb_info with TX status and PER

Enhance bb_info debugfs by adding TX status information to aid
debugging and performance analysis.

A snapshot of TX-related registers, including PPDU type and subtype,
bandwidth, TX power, STBC, etc. The information is collected per
PHY during track_work and displayed via bb_info debugfs.

TX status output:

  == TX General
  EHT_MU_SU DATA
  BW: 160, TX_SC: 0, TX_PATH_EN: 3, PATH_MAP: 0xe4
  TXPWR TMAC: 11, P0: 11, P1: 11 dBm
  MCS: 9, STBC: 0
  Info: [0x0000000b, 0xc1702c30, 0x0ff1e430, 0xc0000000, 0x99000009, 0x40000000]
  Common ctrl: [0x00000150, 0x40190140]

In addition, include the retry ratio from RA reports and display it
as PER (packet error rate) in station debug information.

PER output:

  TX rate [0, 0]: HE 2SS MCS-4 GI:0.8 BW:20 (hw_rate=0x324) PER:23

Signed-off-by: Kuan-Chung Chen <damon.chen@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20260429132625.1659182-6-pkshih@realtek.com
8 weeks agogpio: 74x164: support lines-initial-states for boot-time output state
Chanhong Jung [Wed, 29 Apr 2026 03:51:34 +0000 (12:51 +0900)] 
gpio: 74x164: support lines-initial-states for boot-time output state

74HC595 and 74LVC594 chains retain their output state from the first
serial write onwards. Today the driver always kicks that first write
from a zero-initialised buffer, so every output comes up low until user
space issues a write. Boards that rely on the chain to drive signals
whose power-on state matters (active-low indicators, reset lines, etc.)
have no way to express the desired initial pattern via DT.

Read the optional lines-initial-states bitmask, recently documented for
this binding, into chip->buffer before the first
__gen_74x164_write_config() so the chain comes up in a known state on
the very first SPI transaction. Bit N maps to GPIO line N (matching the
nxp,pcf8575 convention); on this output-only device, bit=0 drives the
line low and bit=1 drives it high. Property absence keeps the existing
zeroing behaviour intact.

Suggested-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Chanhong Jung <happycpu@gmail.com>
Reviewed-by: Linus Walleij <linusw@kernel.org>
Link: https://patch.msgid.link/20260429035134.1023330-3-happycpu@gmail.com
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
8 weeks agodt-bindings: gpio: fairchild,74hc595: add lines-initial-states property
Chanhong Jung [Wed, 29 Apr 2026 03:51:33 +0000 (12:51 +0900)] 
dt-bindings: gpio: fairchild,74hc595: add lines-initial-states property

The 74HC595 and 74LVC594 shift registers latch their outputs until the
first serial write, so boards that depend on a specific power-on pattern
(for example active-low indicators, reset lines, or other signals that
must come up non-zero) have no way to express that today: the Linux
driver always writes zeros from its zero-initialised buffer during
probe.

Document support for the existing lines-initial-states bitmask, already
defined for nxp,pcf8575, so the same convention covers this output-only
device. Bit N corresponds to GPIO line N. Because the 74HC595/74LVC594
family is push-pull output only (no input mode, no high-impedance state
under software control), bit=0 drives the line low and bit=1 drives it
high; this differs from nxp,pcf8575, where the 0/1 polarity reflects the
quasi-bidirectional nature of that part.

The bitmask covers up to 32 lines, which fits the typical 1-4 chip
cascades that appear in tree. Should longer chains require seeding in
the future, the property can be extended to a uint32-array without
breaking the bit-N-equals-line-N convention.

Suggested-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Chanhong Jung <happycpu@gmail.com>
Reviewed-by: Rob Herring (Arm) <robh@kernel.org>
Reviewed-by: Linus Walleij <linusw@kernel.org>
Link: https://patch.msgid.link/20260429035134.1023330-2-happycpu@gmail.com
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com>
8 weeks agodrm/gma500: Drop unused include of <drm/drm_pciids.h>
Uwe Kleine-König (The Capable Hub) [Thu, 30 Apr 2026 10:45:14 +0000 (12:45 +0200)] 
drm/gma500: Drop unused include of <drm/drm_pciids.h>

The <drm/drm_pciids.h> header only defines radeon_PCI_IDS which isn't
used in the gma500 driver. So drop the useless include statement.

Signed-off-by: Uwe Kleine-König (The Capable Hub) <u.kleine-koenig@baylibre.com>
Signed-off-by: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
Link: https://patch.msgid.link/981b4edf04d7fce3bd750f1136ac4ad78628d114.1777545446.git.u.kleine-koenig@baylibre.com
8 weeks agoALSA: core: Serialize deferred fasync state checks
Cássio Gabriel [Wed, 6 May 2026 03:34:47 +0000 (00:34 -0300)] 
ALSA: core: Serialize deferred fasync state checks

snd_fasync_helper() updates fasync->on under snd_fasync_lock, and
snd_fasync_work_fn() now also evaluates fasync->on under the same
lock. snd_kill_fasync() still tests the flag before taking the lock,
leaving an unsynchronized read against FASYNC enable/disable updates.

Move the enabled-state check into the locked section.

Also clear fasync->on under snd_fasync_lock in snd_fasync_free()
before unlinking the pending entry. Together with the locked sender-side
check, this publishes teardown before flushing the deferred work and
prevents a racing sender from requeueing the entry after free has
started.

Fixes: ef34a0ae7a26 ("ALSA: core: Add async signal helpers")
Fixes: 8146cd333d23 ("ALSA: core: Fix potential data race at fasync handling")
Cc: stable@vger.kernel.org
Signed-off-by: Cássio Gabriel <cassiogabrielcontato@gmail.com>
Link: https://patch.msgid.link/20260506-alsa-core-fasync-on-lock-v1-1-ea48c77d6ca4@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
8 weeks agowifi: rtw89: debug: add PMAC counter in bb_info
Kuan-Chung Chen [Wed, 29 Apr 2026 13:26:22 +0000 (21:26 +0800)] 
wifi: rtw89: debug: add PMAC counter in bb_info

PMAC (Pseudo MAC) is a circuit within the baseband that can report
various packet-related counters through registers, such as TX ON,
TX EN, CCA, FA, CRC, etc. The driver periodically collects per
PHY PMAC counters in track_work and exposes them through the
bb_info debugfs for easier debugging.

The output of PMAC counter:

  == PMAC
  TX [CCK_TXEN, CCK_TXON, OFDM_TXEN, OFDM_TXON]: [0, 0, 17, 17]
  CRC  [CCK, OFDM, HT, VHT, HE, EHT, ALL, MPDU]
   ok: [0, 301, 0, 0, 5, 0, 306, 5]
  err: [0, 4, 0, 0, 0, 0, 4, 0]
  CCA [CCK, OFDM]: [0, 353]
  FA  [CCK, OFDM]: [0, 39]
  CCA spoofing [CCK, OFDM]: [0, 0]
  CCK SFD: 0, SIG_GG: 0
  OFDM Parity: 4, Rate: 2, LSIG_BRK_S: 0, LSIG_BRK_L: 7, SBD: 5
  AMPDU miss: 0

Signed-off-by: Kuan-Chung Chen <damon.chen@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20260429132625.1659182-5-pkshih@realtek.com
8 weeks agowifi: rtw89: debug: bb_info entry including TX rate count for WiFi 7 chips
Kuan-Chung Chen [Wed, 29 Apr 2026 13:26:21 +0000 (21:26 +0800)] 
wifi: rtw89: debug: bb_info entry including TX rate count for WiFi 7 chips

Enhance TX performance visibility for WiFi 7 chips by introducing TX
rate count tracking. This is critical for debugging and validation.
Additionally, introduce a new debugfs bb_info to enable and provide
baseband status.

Usage of bb_info debugfs:
  $ echo enable 1 > bb_info  // Start logging BB statistics information
  $ echo mac_id 0 > bb_info  // Specify mac_id for TX rate count tracking

The output of bb_info:

  TP TX: 0 [0] Mbps, RX: 0 [0] Mbps
  Avg packet length: TX=118, RX=136
  TF: 0
  TX count [0]:
     Legacy: [0, 0, 0, 0]
       OFDM: [0, 0, 0, 0, 0, 0, 0, 0]
    MCS 1SS: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
    MCS 2SS: [183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

  [PHY 0]
  == RSSI/RX Rate
  Beacon: 19 (-41 dBm)
  RX count:
     Legacy: [0, 0, 0, 0]
       OFDM: [0, 0, 0, 0, 0, 0, 0, 0]
       HT 0: [0, 0, 0, 0, 0, 0, 0, 0]
       HT 1: [0, 0, 0, 0, 0, 0, 0, 0]
    VHT 1SS: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0][0, 0]
    VHT 2SS: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0][0, 0]
     HE 1SS: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
     HE 2SS: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]
    EHT 1SS: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0][0, 0]
    EHT 2SS: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185]

  TX rate [0, 2]: EHT 2SS MCS-0 GI:0.8 FB_G BW:160 (hw_rate=0x420) ==> agg_wait=-1 (1)
  RX rate [0, 2]: EHT 2SS MCS-13 GI:0.8 BW:160 (hw_rate=0x42d)
  RSSI: -43 dBm (raw=134, prev=135) [-43, -44]
  EVM: [38.75, (41.50, 43.00)]    SNR: 39

Signed-off-by: Kuan-Chung Chen <damon.chen@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20260429132625.1659182-4-pkshih@realtek.com
8 weeks agowifi: rtw89: phy: support per PHY RX statistics
Kuan-Chung Chen [Wed, 29 Apr 2026 13:26:20 +0000 (21:26 +0800)] 
wifi: rtw89: phy: support per PHY RX statistics

Previously, RX statistics such as beacon RSSI and packet
counters were shared across all PHYs. To support MLO,
extend the statistics to be maintained per PHY.

Update the debugfs output for phy_info and beacon_info
to include a "[PHY X]" label for better clarity.

The output of phy_info:

  TP TX: 0 [0] Mbps (lv: 0), RX: 0 [0] Mbps (lv: 0)
  Avg packet length: TX=0, RX=120
  TF: 0

  [PHY 0]
  Beacon: 19 (-45 dBm)
  RX count:
     Legacy: [0, 0, 0, 0]
      ...
    EHT 2SS: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]

The output of beacon_info:

  [PHY 0]
  Beacon: 20
  raw rssi: 131
  hw rate: 4
  length: 437

  [Beacon info]
  interval: 100
  dtim: 1

Signed-off-by: Kuan-Chung Chen <damon.chen@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20260429132625.1659182-3-pkshih@realtek.com
8 weeks agowifi: rtw89: mlo: rearrange MLSR link decision flow
Kuan-Chung Chen [Wed, 29 Apr 2026 13:26:19 +0000 (21:26 +0800)] 
wifi: rtw89: mlo: rearrange MLSR link decision flow

The original MLSR link decision refers to RSSI, but it should be
based on the premise of an existing link. Otherwise, make a link
decision to select a new link from any available band.

Signed-off-by: Kuan-Chung Chen <damon.chen@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20260429132625.1659182-2-pkshih@realtek.com
8 weeks agodrm/bridge: cdns-dsi: Replace deprecated UNIVERSAL_DEV_PM_OPS()
Vitor Soares [Tue, 5 May 2026 13:47:05 +0000 (14:47 +0100)] 
drm/bridge: cdns-dsi: Replace deprecated UNIVERSAL_DEV_PM_OPS()

The deprecated UNIVERSAL_DEV_PM_OPS() macro uses the provided callbacks
for both runtime PM and system sleep. This causes the DSI clocks to be
disabled twice: once during runtime suspend and again during system
suspend, resulting in a WARN message from the clock framework when
attempting to disable already-disabled clocks.

[   84.384540] clk:231:5 already disabled
[   84.388314] WARNING: CPU: 2 PID: 531 at /drivers/clk/clk.c:1181 clk_core_disable+0xa4/0xac
...
[   84.579183] Call trace:
[   84.581624]  clk_core_disable+0xa4/0xac
[   84.585457]  clk_disable+0x30/0x4c
[   84.588857]  cdns_dsi_suspend+0x20/0x58 [cdns_dsi]
[   84.593651]  pm_generic_suspend+0x2c/0x44
[   84.597661]  ti_sci_pd_suspend+0xbc/0x15c
[   84.601670]  dpm_run_callback+0x8c/0x14c
[   84.605588]  __device_suspend+0x1a0/0x56c
[   84.609594]  dpm_suspend+0x17c/0x21c
[   84.613165]  dpm_suspend_start+0xa0/0xa8
[   84.617083]  suspend_devices_and_enter+0x12c/0x634
[   84.621872]  pm_suspend+0x1fc/0x368

To address this issue, replace UNIVERSAL_DEV_PM_OPS() with
RUNTIME_PM_OPS(). Bridge and panel drivers should only deal with runtime
PM, as the DRM framework manages system-wide power transitions through
the bridge enable() and disable() hooks.

Link: https://lore.kernel.org/all/fbde0659-78f3-46e4-98cf-d832f765a18b@ideasonboard.com/
Cc: stable@vger.kernel.org # 6.1.x
Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver")
Reviewed-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Signed-off-by: Vitor Soares <vitor.soares@toradex.com>
Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Link: https://patch.msgid.link/20260505134705.188661-2-ivitro@gmail.com
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
8 weeks agodrm/xlnx/zynqmp-dpsub: Fix dependencies for COMPILE_TEST
Chen-Yu Tsai [Tue, 5 May 2026 09:47:15 +0000 (17:47 +0800)] 
drm/xlnx/zynqmp-dpsub: Fix dependencies for COMPILE_TEST

The zynqmp-dpsub driver does not have build time dependencies on the PHY
or DMA drivers. These are runtime hardware restrictions.

Make the two dependencies optional if COMPILE_TEST.

Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Link: https://patch.msgid.link/20260505094716.1784225-1-wenst@chromium.org
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
8 weeks agoALSA: hda/realtek: Add mute LED fixup for HP Pavilion 15-cs1xxx
Rodrigo Faria [Tue, 5 May 2026 18:55:18 +0000 (19:55 +0100)] 
ALSA: hda/realtek: Add mute LED fixup for HP Pavilion 15-cs1xxx

Add a new fixup for the mute LED on the HP Pavilion 15-cs1xxx series
using the VREF on NID 0x1b.

The BIOS on these models (tested up to F.32) incorrectly reports
the mute LED on NID 0x18 via DMI OEM strings, which lacks VREF
capabilities. This fixup overrides the LED pin to the correct
NID 0x1b.

Signed-off-by: Rodrigo Faria <rodrigofilipefaria@gmail.com>
Link: https://patch.msgid.link/20260505185518.23625-1-rodrigofilipefaria@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
8 weeks agoALSA: seq: Fix UMP group 16 filtering
Cássio Gabriel [Wed, 6 May 2026 03:15:48 +0000 (00:15 -0300)] 
ALSA: seq: Fix UMP group 16 filtering

The sequencer UAPI defines group_filter as an unsigned int bitmap.
Bit 0 filters groupless messages and bits 1-16 filter UMP groups 1-16.

The internal snd_seq_client storage is only unsigned short, so bit 16
is truncated when userspace sets the filter. The same truncation affects
the automatic UMP client filter used to avoid delivery to inactive
groups, so events for group 16 cannot be filtered.

Store the internal bitmap as unsigned int and keep both userspace-provided
and automatically generated values limited to the defined UAPI bits.

Fixes: d2b706077792 ("ALSA: seq: Add UMP group filter")
Cc: stable@vger.kernel.org
Signed-off-by: Cássio Gabriel <cassiogabrielcontato@gmail.com>
Link: https://patch.msgid.link/20260506-alsa-seq-ump-group16-filter-v1-1-b75160bf6993@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
8 weeks agowifi: rtl8xxxu: Detect the maximum supported channel width
Bitterblue Smith [Wed, 29 Apr 2026 12:02:48 +0000 (15:02 +0300)] 
wifi: rtl8xxxu: Detect the maximum supported channel width

Some devices malfunction when connected to a network with 40 MHz channel
width, because they don't support that.

RTL8188FU, RTL8192FU, and RTL8710BU (RTL8188GU) have a way to signal
this (and some other capabilities) to the driver. Get this information
from the hardware and advertise 40 MHz support only when the hardware
can handle it. We assume the other chips can always handle it.

RTL8710BU needs a different way to retrieve this information, which will
be implemented some other time.

Fixes: dbf9b7bb0edf ("wifi: rtl8xxxu: Enable 40 MHz width by default")
Cc: stable@vger.kernel.org
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=221394
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Reviewed-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/c57de68e-5d57-4c26-898f-8a284bb25381@gmail.com
8 weeks agomedia: v4l2-common: Always register clock with device-specific name
Paul Cercueil [Tue, 31 Mar 2026 08:43:40 +0000 (10:43 +0200)] 
media: v4l2-common: Always register clock with device-specific name

If we need to register a dummy fixed-frequency clock, always register it
using a device-specific name.

This supports the use case where a system has two of the same sensor,
meaning two instances of the same driver, which previously both tried
(and failed) to create a clock with the same name.

Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Reviewed-by: Mehdi Djait <mehdi.djait@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
8 weeks agomedia: v4l2-ctrls-request: add NULL check in v4l2_ctrl_request_complete()
Sergey Shtylyov [Fri, 1 May 2026 20:28:31 +0000 (23:28 +0300)] 
media: v4l2-ctrls-request: add NULL check in v4l2_ctrl_request_complete()

If CONFIG_MEDIA_CONTROLLER is undefined, media_request_object_find() will
always return NULL, so its 2nd call in v4l2_ctrl_request_complete() would
fail as well as the 1st one and thus cause hdl to have a wrong value (at
the top of memory) and list_for_each_entry() to iterate over the garbage
data located there. Add NULL check for the 2nd call and place the error
cleanup at the end of v4l2_ctrl_request_complete()...

Found by Linux Verification Center (linuxtesting.org) with the Svace static
analysis tool.

Fixes: c3bf5129f339 ("media: v4l2-ctrls: always copy the controls on completion")
Cc: stable@vger.kernel.org
Signed-off-by: Sergey Shtylyov <s.shtylyov@auroraos.dev>
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
8 weeks agoirqchip/starfive: Fix error check for devm_platform_ioremap_resource()
Chen Ni [Wed, 6 May 2026 04:14:13 +0000 (12:14 +0800)] 
irqchip/starfive: Fix error check for devm_platform_ioremap_resource()

devm_platform_ioremap_resource() returns an error pointer on failure, not
NULL.

Fix the check to use IS_ERR() and return PTR_ERR() to correctly handle
allocation failures.

Fixes: 2f59ca185497 ("irqchip/starfive: Use devm_ interfaces to simplify resource release")
Signed-off-by: Chen Ni <nichen@iscas.ac.cn>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Reviewed-by: Changhuang Liang <changhuang.liang@starfivetech.com>
Link: https://patch.msgid.link/20260506041413.1670799-1-nichen@iscas.ac.cn
8 weeks agomedia: tegra-vde: Add HAS_IOMEM dependency to match SRAM select
Sasha Levin [Sun, 26 Apr 2026 00:03:16 +0000 (20:03 -0400)] 
media: tegra-vde: Add HAS_IOMEM dependency to match SRAM select

kconfiglint reports:

  K002: config VIDEO_TEGRA_VDE selects visible symbol SRAM which has
        dependencies

VIDEO_TEGRA_VDE selects SRAM, which is defined in drivers/misc/Kconfig as:

  config SRAM
      bool "Generic on-chip SRAM driver"
      depends on HAS_IOMEM

The NVIDIA Tegra video decoder driver was originally introduced in
commit cd6c56feb591 ("media: staging: media: Introduce NVIDIA Tegra video
decoder driver") as a staging driver with
`depends on ARCH_TEGRA || COMPILE_TEST` and
`select SRAM`. Since all Tegra SoCs have HAS_IOMEM, the SRAM dependency was
implicitly satisfied for real hardware configurations.

The driver was later de-staged in commit 8bd4aaf438e3 ("media: staging:
tegra-vde: De-stage driver") and relocated to
drivers/media/platform/nvidia/tegra-vde/ in commit 9b18ef7c9ff4 ("media:
platform: rename tegra/vde/ to nvidia/tegra-vde/"). Throughout these moves,
the `select SRAM` remained without a corresponding HAS_IOMEM dependency.

Under COMPILE_TEST on a hypothetical architecture without HAS_IOMEM (such
as UML in some configurations), the select would force SRAM on without its
HAS_IOMEM dependency being met. Add an explicit `depends on HAS_IOMEM` to
make the dependency chain complete and prevent this misconfiguration under
COMPILE_TEST.

Assisted-by: Claude:claude-opus-4-6 kconfiglint
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
8 weeks agomedia: rtl2832: fix use-after-free in rtl2832_remove()
Deepanshu Kartikey [Wed, 22 Apr 2026 14:47:34 +0000 (20:17 +0530)] 
media: rtl2832: fix use-after-free in rtl2832_remove()

cancel_delayed_work_sync() is called before i2c_mux_del_adapters()
in rtl2832_remove(). While the cancel waits for any running instance
of i2c_gate_work to finish, it does not prevent the timer from being
rescheduled by a concurrent thread.

During probe, the r820t_attach() call attempts I2C transfers through
the mux adapter. These transfers go through i2c_mux_master_xfer(),
which calls rtl2832_deselect() after the transfer completes,
rescheduling i2c_gate_work via schedule_delayed_work(). If this
transfer is still in flight when rtl2832_remove() runs,
rtl2832_deselect() can reschedule i2c_gate_work after it has been
cancelled, causing a use-after-free when kfree(dev) is called.

Fix this by calling i2c_mux_del_adapters() before
cancel_delayed_work_sync(). Once the mux adapter is unregistered, no
new I2C transfers can go through it, so rtl2832_deselect() can no
longer reschedule i2c_gate_work. The subsequent
cancel_delayed_work_sync() is then guaranteed to be final.

Fixes: cddcc40b1b15 ("[media] rtl2832: convert to use an explicit i2c mux core")
Cc: stable@vger.kernel.org
Reported-by: syzbot+019ced393ab913002b75@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=019ced393ab913002b75
Signed-off-by: Deepanshu Kartikey <kartikey406@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
8 weeks agomedia: em28xx-video: fix missing res_free() on init_usb_xfer failure
Haoxiang Li [Tue, 14 Apr 2026 08:32:39 +0000 (16:32 +0800)] 
media: em28xx-video: fix missing res_free() on init_usb_xfer failure

res_get() is called before em28xx_init_usb_xfer(), but the error
path of em28xx_init_usb_xfer() does not release the resource,
leading to a persistent busy state.

Signed-off-by: Haoxiang Li <lihaoxiang@isrc.iscas.ac.cn>
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
8 weeks agomedia: tegra-video: tegra210: remove redundant NULL check in dequeue_buf_done
Hungyu Lin [Sun, 12 Apr 2026 17:24:16 +0000 (17:24 +0000)] 
media: tegra-video: tegra210: remove redundant NULL check in dequeue_buf_done

list_first_entry() does not returns NULL when the list is known to be
non-empty. The NULL check before list_del_init() is therefore
redundant.

Remove the unnecessary check.

Signed-off-by: Hungyu Lin <dennylin0707@gmail.com>
Reviewed-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
8 weeks agomedia: saa7134: Fix a possible memory leak in saa7134_video_init1
Ma Ke [Thu, 2 Apr 2026 07:35:29 +0000 (15:35 +0800)] 
media: saa7134: Fix a possible memory leak in saa7134_video_init1

In saa7134_video_init1(), the return value of the first
saa7134_pgtable_alloc() is not checked. If it fails, the function
continues as if successful, leaving the driver with an invalid page
table. Additionally, if vb2_queue_init() for the VBI queue fails after
the video queue page table has been allocated, the allocated memory is
not freed before returning. The second saa7134_pgtable_alloc() also
lacks a return value check. Errors occur during device probing before
the device is fully registered, the normal cleanup path in
saa7134_finidev() is not executed, leading to memory leaks and
potential use of uninitialized DMA resources.

Check the return value of both saa7134_pgtable_alloc() calls and
propagate errors. On failure of any later step, free allocated page
tables to avoid memory leaks. Ensure control handlers are also
released on error to prevent further resource leakage.

Found by code review.

Signed-off-by: Ma Ke <make24@iscas.ac.cn>
Cc: stable@vger.kernel.org
Fixes: a00e68888d5d ("[media] saa7134: move saa7134_pgtable to saa7134_dmaqueue")
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
8 weeks agomedia: cx231xx: fix devres lifetime
Johan Hovold [Mon, 30 Mar 2026 09:37:27 +0000 (11:37 +0200)] 
media: cx231xx: fix devres lifetime

USB drivers bind to USB interfaces and any device managed resources
should have their lifetime tied to the interface rather than parent USB
device. This avoids issues like memory leaks when drivers are unbound
without their devices being physically disconnected (e.g. on probe
deferral or configuration changes).

Fix the driver state lifetime so that it is released on driver unbind.

Fixes: 184a82784d50 ("[media] cx231xx: use devm_ functions to allocate memory")
Cc: stable@vger.kernel.org # 3.17
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
8 weeks agomedia: cx23885: add ioremap return check and cleanup
Wang Jun [Fri, 20 Mar 2026 07:04:53 +0000 (15:04 +0800)] 
media: cx23885: add ioremap return check and cleanup

Add a check for the return value of pci_ioremap_bar()
in cx23885_dev_setup().
If ioremap for BAR0 fails, release the already allocated
PCI memory region,
decrement the device count, and return -ENODEV.

This prevents a potential null pointer dereference and
ensures proper cleanup
on memory mapping failure.

Fixes: d19770e5178a ("V4L/DVB (6150): Add CX23885/CX23887 PCIe bridge driver")
Cc: stable@vger.kernel.org
Signed-off-by: Wang Jun <1742789905@qq.com>
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
8 weeks agomedia: vb2: use ssize_t for vb2_read/vb2_write
Zile Xiong [Fri, 20 Mar 2026 06:54:45 +0000 (14:54 +0800)] 
media: vb2: use ssize_t for vb2_read/vb2_write

vb2_read() and vb2_write() return size_t, but propagate
negative errno values from __vb2_perform_fileio().

This relies on implicit signed/unsigned conversions in callers
(e.g. vb2_fop_read()) to recover error codes:

    __vb2_perform_fileio() -> -EINVAL
    vb2_read()             -> (size_t)-EINVAL
    vb2_fop_read()         -> -EINVAL

This relies on implicit conversions that are not obvious.

These helpers are exported (EXPORT_SYMBOL_GPL) and part of the
vb2 API, so changing their return type may affect existing users.

However, they conceptually follow read/write semantics, where
ssize_t is typically used to return either a byte count or a
negative error code.

Switch vb2_read() and vb2_write() to ssize_t, and update
__vb2_perform_fileio() accordingly.

Signed-off-by: Zile Xiong <xiongzile99@gmail.com>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Fixes: b25748fe6126 ("[media] v4l: videobuf2: add read() and write() emulator")
Cc: stable@vger.kernel.org
Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
8 weeks agohrtimer: Return ktime_t from hrtimer_get_next_event()/hrtimer_next_event_without()
Thomas Weißschuh [Mon, 4 May 2026 06:56:10 +0000 (08:56 +0200)] 
hrtimer: Return ktime_t from hrtimer_get_next_event()/hrtimer_next_event_without()

These functions really work in terms of ktime_t and not u64.

Change their return types and adapt the callers.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Link: https://patch.msgid.link/20260504-hrtimer-next_event-v2-1-7a5d0550b42f@linutronix.de
8 weeks agoclocksource: Clean up clocksource_update_freq() functions
Thomas Weißschuh [Mon, 4 May 2026 06:54:27 +0000 (08:54 +0200)] 
clocksource: Clean up clocksource_update_freq() functions

Remove the unused functions __clocksource_update_freq_hz() and
__clocksource_update_freq_khz().

Then make __clocksource_update_freq_scale() static as it is not used
from external callers anymore. Also clean up the comment accordingly.

Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Acked-by: John Stultz <jstultz@google.com>
Link: https://patch.msgid.link/20260504-clocksource-update_freq-v2-1-3e696fb01776@linutronix.de
8 weeks agoalarmtimer: Remove stale return description from alarm_handle_timer()
Zhan Xusheng [Wed, 29 Apr 2026 08:06:35 +0000 (16:06 +0800)] 
alarmtimer: Remove stale return description from alarm_handle_timer()

alarm_handle_timer() was converted from returning enum alarmtimer_restart
to void, but the kernel-doc "Return:" line was not removed. Remove the
stale description.

Fixes: 2634303f8773 ("alarmtimers: Remove return value from alarm functions")
Signed-off-by: Zhan Xusheng <zhanxusheng@xiaomi.com>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Link: https://patch.msgid.link/20260429080635.166790-1-zhanxusheng@xiaomi.com
8 weeks agoselftests/posix_timers: Use CLOCK_THREAD_CPUTIME_ID for ITIMER_PROF measurements
John Stultz [Tue, 28 Apr 2026 17:39:46 +0000 (17:39 +0000)] 
selftests/posix_timers: Use CLOCK_THREAD_CPUTIME_ID for ITIMER_PROF measurements

It was reported that the posix_timers test was at times seeing failures
with ITIMER_PROF timers, specifically in cases where the RCU_SOFTIRQ was
taking up significant amounts of time.

Analysis showed that as the time in softirq isn't included in the task
stime + utime accounting used to trigger the SIGPROF so delays from softirq
work could cause it to appear that the signal was incorrectly delayed.

Contributing to this is that the test uses gettimeofday() to measure
itimers, which also means any scheduling delay can also cause failures (as
the task may not be running the entire time).

To fix this, convert all the itimer measurements to use clock_gettime(),
tweaking the logic to use nsecs instead of usecs. Then for ITIMER_PROF
timers, utilize the CLOCK_THREAD_CPUTIME_ID clockid so that it is similarly
measuring the time the task was running.

Signed-off-by: John Stultz <jstultz@google.com>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Link: https://patch.msgid.link/20260428173957.1394265-1-jstultz@google.com
8 weeks agoscripts/timers: Add timer_migration_tree.py
Frederic Weisbecker [Thu, 23 Apr 2026 16:53:54 +0000 (18:53 +0200)] 
scripts/timers: Add timer_migration_tree.py

Introduce a script that provides a simple ascii representation of the
timer migration tree on top of boot trace events.

First boot with:

    trace_event==tmigr_connect_cpu_parent,tmigr_connect_child_parent

Then parse the result with:

scripts/timer_migration_tree.py < /sys/kernel/tracing/trace

On a system with 8 CPUs, this produces the following output:

    Tree for capacity 1024

                                      /-0, node 0, lvl:-1
                                     |
                                     |--1, node 0, lvl:-1
                                     |
                                     |--2, node 0, lvl:-1
                                     |
                                     |--3, node 0, lvl:-1
    -- /00000000dcebac8b, node 0, lvl:0
                                     |--4, node 0, lvl:-1
                                     |
                                     |--5, node 0, lvl:-1
                                     |
                                     |--6, node 0, lvl:-1
                                     |
                                      \-7, node 0, lvl:-1

Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Link: https://patch.msgid.link/20260423165354.95152-7-frederic@kernel.org
8 weeks agotimers/migration: Handle capacity in connect tracepoints
Frederic Weisbecker [Thu, 23 Apr 2026 16:53:53 +0000 (18:53 +0200)] 
timers/migration: Handle capacity in connect tracepoints

This let tracers know to which hierarchy a CPU belongs to.

Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Link: https://patch.msgid.link/20260423165354.95152-6-frederic@kernel.org
8 weeks agotimers/migration: Split per-capacity hierarchies
Frederic Weisbecker [Thu, 23 Apr 2026 16:53:52 +0000 (18:53 +0200)] 
timers/migration: Split per-capacity hierarchies

Systems with heterogeneous CPU capacities, such as big.LITTLE, have
reported power issues since the introduction of the new timer migration
code.

Timers migrate from small capacity CPUs to big ones, degrading their
target residency and thus overall power consumption.

Solve this with splitting hierarchies per CPU capacity. For example in
a big.LITTLE machine, split a single hierarchy in two: one for big
capacity CPUs and another one for small capacity CPUs. This way global
timers only migrate across CPUs of the same capacity.

For simplicity purpose, split hierarchies keep the same number of
possible levels as if there were a single hierarchy, even though the
CPUs are distributed between multiple hierarchies. This could be a
problem on NUMA systems with heterogeneous CPU capacities (provided that
ever exists yet) where useless intermediate nodes may be created.
Solving this properly will imply on boot to know in advance how many
capacities are available and the number of CPUs for each of them.

Reported-by: Sehee Jeong <sehee1.jeong@samsung.com>
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Link: https://patch.msgid.link/20260423165354.95152-5-frederic@kernel.org
8 weeks agotimers/migration: Track CPUs in a hierarchy
Frederic Weisbecker [Thu, 23 Apr 2026 16:53:51 +0000 (18:53 +0200)] 
timers/migration: Track CPUs in a hierarchy

When a new root is created, the old root is connected to it and
propagates up its own assumed to be active state, since the hotplug
control CPU is itself active and part of the old root.

However with per-capacity hierarchies, this assumption won't be true
anymore because the hotplug control CPU calling the timer migration
prepare callback may not belong to the same hierarchy as the booting
CPU.

To solve this, track the available CPUs per hierarchies so that the
root connection can be offlined to safe CPUs.

Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Link: https://patch.msgid.link/20260423165354.95152-4-frederic@kernel.org
8 weeks agotimers/migration: Abstract out hierarchy to prepare for CPU capacity awareness
Frederic Weisbecker [Thu, 23 Apr 2026 16:53:50 +0000 (18:53 +0200)] 
timers/migration: Abstract out hierarchy to prepare for CPU capacity awareness

In order to prepare for separating out CPUs from different capacities in
distinct hierarchies, create a hierarchy structure that group setup
must rely upon.

Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Link: https://patch.msgid.link/20260423165354.95152-3-frederic@kernel.org
8 weeks agodrm: renesas: rz-du: mipi_dsi: Fix return path on error
Chris Brandt [Fri, 1 May 2026 13:21:35 +0000 (09:21 -0400)] 
drm: renesas: rz-du: mipi_dsi: Fix return path on error

In case of error, we should unwind correctly.
Switching to using dmam_ instead of dma_ and moving the code earlier
fixes the issue.

Fixes: 6f392f371650 ("drm: renesas: rz-du: Implement MIPI DSI host transfers")
Suggested-by: Pavel Machek <pavel@nabladev.com>
Signed-off-by: Chris Brandt <chris.brandt@renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Link: https://patch.msgid.link/20260501132135.196701-1-chris.brandt@renesas.com
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
8 weeks agoMerge branch 'timers/urgent' into timers/core
Thomas Gleixner [Wed, 6 May 2026 06:21:45 +0000 (08:21 +0200)] 
Merge branch 'timers/urgent' into timers/core

Pull in the timer migration fix so further changes can be applied.

8 weeks agotimers/migration: Fix another hotplug activation race
Frederic Weisbecker [Thu, 23 Apr 2026 16:53:49 +0000 (18:53 +0200)] 
timers/migration: Fix another hotplug activation race

The hotplug control CPU is assumed to be active in the hierarchy but
that doesn't imply that the root is active. If the current CPU is not
the one that activated the current hierarchy, and the CPU performing
this duty is still halfway through the tree, the root may still be
observed inactive. And this can break the activation of a new root as in
the following scenario:

1) Initially, the whole system has 64 CPUs and only CPU 63 is awake.

                   [GRP1:0]
                    active
                  /    |    \
                 /     |     \
         [GRP0:0]    [...]    [GRP0:7]
           idle      idle      active
         /   |   \               |
     CPU 0  CPU 1  ...         CPU 63
     idle   idle               active

2) CPU 63 goes idle _but_ due to a #VMEXIT it hasn't yet reached the
   [GRP1:0]->parent dereference (that would be NULL and stop the walk)
   in __walk_groups_from().

                   [GRP1:0]
                     idle
                  /    |    \
                 /     |     \
         [GRP0:0]    [...]    [GRP0:7]
           idle      idle       idle
         /   |   \                |
     CPU 0  CPU 1  ...         CPU 63
     idle   idle                idle

3) CPU 1 wakes up, activates GRP0:0 but didn't yet manage to propagate
   up to GRP1:0 due to yet another #VMEXIT.

                   [GRP1:0]
                     idle
                  /    |    \
                 /     |     \
         [GRP0:0]    [...]    [GRP0:7]
         active      idle       idle
         /   |   \                |
     CPU 0  CPU 1  ...         CPU 63
     idle  active               idle

3) CPU 0 wakes up and doesn't need to walk above GRP0:0 as it's CPU 1
   role.

                   [GRP1:0]
                     idle
                  /    |    \
                 /     |     \
         [GRP0:0]    [...]    [GRP0:7]
         active      idle       idle
         /   |   \                |
     CPU 0  CPU 1  ...         CPU 63
    active  active              idle

4) CPU 0 boots CPU 64. It creates a new root for it.

                             [GRP2:0]
                               idle
                           /          \
                          /            \
                   [GRP1:0]           [GRP1:1]
                   idle                 idle
                  /    |    \                \
                 /     |     \                \
         [GRP0:0]    [...]    [GRP0:7]      [GRP0:8]
         active      idle       idle          idle
         /   |   \                |            |
     CPU 0  CPU 1  ...         CPU 63        CPU 64
    active  active              idle         offline

5) CPU 0 activates the new root, but note that GRP1:0 is still idle,
   waiting for CPU 1 to resume from #VMEXIT and activate it.

                             [GRP2:0]
                              active
                           /          \
                          /            \
                   [GRP1:0]           [GRP1:1]
                   idle                 idle
                  /    |    \                \
                 /     |     \                \
         [GRP0:0]    [...]    [GRP0:7]      [GRP0:8]
         active      idle       idle          idle
         /   |   \                |            |
     CPU 0  CPU 1  ...         CPU 63        CPU 64
    active  active              idle         offline

6) CPU 63 resumes after #VMEXIT and sees the new GRP1:0 parent.
   Therefore it propagates the stale inactive state of GRP1:0 up to
   GRP2:0.

                             [GRP2:0]
                              idle
                           /          \
                          /            \
                   [GRP1:0]           [GRP1:1]
                   idle                 idle
                  /    |    \                \
                 /     |     \                \
         [GRP0:0]    [...]    [GRP0:7]      [GRP0:8]
         active      idle       idle          idle
         /   |   \                |            |
     CPU 0  CPU 1  ...         CPU 63        CPU 64
    active  active              idle         offline

7) CPU 1 resumes after #VMEXIT and finally activates GRP1:0. But it
   doesn't observe its parent link because no ordering enforced that.
   Therefore GRP2:0 is spuriously left idle.

                             [GRP2:0]
                              idle
                           /          \
                          /            \
                   [GRP1:0]           [GRP1:1]
                   active                 idle
                  /    |    \                \
                 /     |     \                \
         [GRP0:0]    [...]    [GRP0:7]      [GRP0:8]
         active      idle       idle          idle
         /   |   \                |            |
     CPU 0  CPU 1  ...         CPU 63        CPU 64
    active  active              idle         offline

Such races are highly theoretical and the problem would solve itself
once the old root ever becomes idle again. But it still leaves a taste
of discomfort.

Fix it with enforcing a fully ordered atomic read of the old root state
before propagating the activate state up to the new root. It has a two
directions ordering effect:

* Acquire + release of the latest old root state: If the hotplug control
  CPU is not the one that woke up the old root, make sure to acquire its
  active state and propagate it upwards through the ordered chain of
  activation (the acquire pairs with the cmpxchg() in tmigr_active_up()
  and subsequent releases will pair with atomic_read_acquire() and
  smp_mb__after_atomic() in tmigr_inactive_up()).

* Release: If the hotplug control CPU is not the one that must wake up
  the old root, but the CPU covering that is lagging behind its duty,
  publish the links from the old root to the new parents. This way the
  lagging CPU will propagate the active state itself.

Fixes: 7ee988770326 ("timers: Implement the hierarchical pull model")
Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@kernel.org>
Link: https://patch.msgid.link/20260423165354.95152-2-frederic@kernel.org
8 weeks agodrm/bridge: ite-it6263: Drop unnecessary blank line
Biju Das [Mon, 4 May 2026 14:59:04 +0000 (15:59 +0100)] 
drm/bridge: ite-it6263: Drop unnecessary blank line

Drop unnecessary blank line in it6263_hdmi_write_hdmi_infoframe().

Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Reviewed-by: Liu Ying <victor.liu@nxp.com>
Link: https://patch.msgid.link/20260504145906.155198-1-biju.das.jz@bp.renesas.com
Signed-off-by: Liu Ying <victor.liu@nxp.com>