Rafal Ostrowski [Mon, 23 Feb 2026 05:13:32 +0000 (06:13 +0100)]
drm/amd/display: Move FPU Guards From DML To DC - Part 3
[Why]
FPU guards (DC_FP_START/DC_FP_END) are required to wrap around code that
can manipulates floats. To do this properly, the FPU guards must be used
in a file that is not compiled as a FPU unit. If the guards are used in
a file that is a FPU unit, other sections in the file that aren't guarded
may be end up being compiled to use FPU operations.
[How]
Added DC_FP_START and DC_FP_END to DC functions that call DML functions
using FPU.
Reviewed-by: Dillon Varone <dillon.varone@amd.com> Signed-off-by: Rafal Ostrowski <rafal.ostrowski@amd.com> Signed-off-by: Alex Hung <alex.hung@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cássio Gabriel [Fri, 27 Mar 2026 17:16:27 +0000 (14:16 -0300)]
ASoC: generic: keep fallback dai_name stable across rebind
simple_parse_dai() and graph_util_parse_dai() first try to identify a
DAI via dai_args. When that works the card can rebind without relying on
dlc->dai_name.
The fallback path still calls snd_soc_get_dlc(), which returns a
borrowed dai_name pointer. If the CPU or codec component is unbound
while the sound card stays registered, the generic card keeps that
pointer and the next rebind may compare stale memory while matching the
DAI.
Stage the fallback result in a temporary dai_link_component and move
only a card-owned copy of dai_name into the live link component. Use
devm_kstrdup_const() so static names are reused and dynamic ones remain
valid for the lifetime of the card device.
Rafal Ostrowski [Wed, 18 Feb 2026 15:19:47 +0000 (16:19 +0100)]
drm/amd/display: Move FPU Guards From DML To DC - Part 2
[Why]
FPU guards (DC_FP_START/DC_FP_END) are required to wrap around code that
can manipulates floats. To do this properly, the FPU guards must be used
in a file that is not compiled as a FPU unit. If the guards are used in
a file that is a FPU unit, other sections in the file that aren't guarded
may be end up being compiled to use FPU operations.
[How]
Removed DC_FP_START and DC_FP_END.
Reviewed-by: Dillon Varone <dillon.varone@amd.com> Signed-off-by: Rafal Ostrowski <rafal.ostrowski@amd.com> Signed-off-by: Alex Hung <alex.hung@amd.com> Signed-off-by: Chuanyu Tseng <Chuanyu.Tseng@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Rafal Ostrowski [Tue, 24 Feb 2026 14:36:09 +0000 (15:36 +0100)]
drm/amd/display: Move FPU Guards From DML To DC - Part 1
[Why]
FPU guards (DC_FP_START/DC_FP_END) are required to wrap around code that
can manipulates floats. To do this properly, the FPU guards must be used
in a file that is not compiled as a FPU unit. If the guards are used in
a file that is a FPU unit, other sections in the file that aren't guarded
may be end up being compiled to use FPU operations.
[How]
Added DC_FP_START and DC_FP_END to DC functions that call DML functions
using FPU.
Reviewed-by: Dillon Varone <dillon.varone@amd.com> Signed-off-by: Rafal Ostrowski <rafal.ostrowski@amd.com> Signed-off-by: Alex Hung <alex.hung@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Gangliang Xie [Wed, 18 Mar 2026 08:09:39 +0000 (16:09 +0800)]
drm/amdgpu: add support to query vram info from firmware
add support to query vram info from firmware
v2: change APU vram type, add multi-aid check
v3: seperate vram info query function into 3 parts and
call them in a helper func when requirements
are met.
v4: calculate vram_width for v9.x
Tejun Heo [Mon, 30 Mar 2026 18:52:33 +0000 (08:52 -1000)]
Merge branch 'for-7.0-fixes' into for-7.1
Conflict in kernel/sched/ext.c init_sched_ext_class() between:
415cb193bb97 ("sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait
to balance callback")
which adds cpus_to_sync cpumask allocation, and:
84b1a0ea0b7c ("sched_ext: Implement scx_bpf_dsq_reenq() for user DSQs") 8c1b9453fde6 ("sched_ext: Convert deferred_reenq_locals from llist to
regular list")
which add deferred_reenq init code at the same location. Both are
independent additions. Include both.
DCN4.x hardware does not have DPSTREAMCLK_GATE_DISABLE and
DPSTREAMCLK_ROOT_GATE_DISABLE fields in DCCG_GATE_DISABLE_CNTL3.
These global fields only exist in DCN3.1.x hardware.
[How]
Remove the call that tries to update non-existent fields in CNTL3.
DCN4.x uses per-instance fields in CNTL5 instead,
which are already correctly programmed in the switch cases above.
Reviewed-by: Dillon Varone <dillon.varone@amd.com> Signed-off-by: Roman Li <Roman.Li@amd.com> Signed-off-by: Chuanyu Tseng <chuanyu.tseng@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Mohit Bawa [Wed, 5 Nov 2025 18:58:35 +0000 (13:58 -0500)]
drm/amd/display: enable eDP DSC seamless boot support
[Why]
VBIOS supports DSC for seamless boot on newer hardware.
Reading hardware state allows proper DSC validation without breaking
existing boot display.
[What]
Remove DSC block for boot timing validation and implement hardware state
reading to populate DSC configuration from VBIOS-configured state.
Enhance dsc_read_state function in DCN401 to read additional
DSC parameters.
Lincheng Ku [Tue, 17 Mar 2026 19:58:35 +0000 (03:58 +0800)]
drm/amd/dc: Add link output control for DPIA
[Why]
To support specific sequencing requirements for DPIA link output
[How]
Implement the dpia_link_hwss structure and define the necessary
control function pointers. The initialization order is
aligned with the core link_hwss definition to ensure consistency
Reviewed-by: Wenjing Liu <wenjing.liu@amd.com> Signed-off-by: Lincheng Ku <LinCheng.Ku@amd.com> Signed-off-by: Chuanyu Tseng <chuanyu.tseng@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
drm/amd/display: Fix Silence signed/unsighed mismatch warning in dc
[Why]
Implicit signed-to-unsigned conversions caused compiler
warnings in DC paths.
[How]
Added explicit (unsigned int)/(uint32_t) casts for sentinel -1
assignments and IRQ ~MASK initializers, with small cast alignment
in logging/DPCD code.
Functionality and behavior is unchanged; only type intent is explicit.
[Why]
Clock manager contained significant duplicate code between
variants with identical logic for functions using only SMU
calls or shared registers. This increases maintenance overhead
and potential for bugs.
[How]
Expose clock constants and internal functions in header for
sharing. Remove duplicate implementations and update function
pointers to use shared functions. Refactor remaining
variant-specific functions to use shared constants and helper
functions. Add compatibility comments for hardware differences.
Reviewed-by: Dmytro Laktyushkin <dmytro.laktyushkin@amd.com> Signed-off-by: Gabe Teeger <gabe.teeger@amd.com> Signed-off-by: Chuanyu Tseng <chuanyu.tseng@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
drm/amd/display: Fix Silence Conversion Warnings in Dmub
Fix Conversion that might result in a loss of data warnings in dmub/src/:
- dmub_dcn20/31/32/35/42/60/401.c: Add ASSERT(value <= 0xFF) and
explicit (uint8_t) cast when storing REG_GET results into uint8_t
debug struct fields. Add != 0 for bool assignments from uint32_t
bitfield reads.
- dmub_reg.c: Cast va_arg shift value to uint8_t with ASSERT guard
before passing to set_reg_field_value_masks().
- dmub_srv.c: Widen num_pending to uint64_t to match uint64_t
arithmetic; use != 0 for bool assignments from unsigned expressions.
Harry Wentland [Fri, 16 Jan 2026 16:47:50 +0000 (11:47 -0500)]
drm/amd/display: Don't set 4to1MPC config dynamically
We were previously modifying the global dc->config.enable_4to1MPC
dynamically. These variables are meant as global configs, not to
by dynamically modified. Modifying them dynamically prevents us
from enabling/disabling functionality for debug purposes and can
easily lead to bad things since we're not operating on the current
state but on DC-wide variables.
Instead we should look at the existing split4mpc decision in
dcn20_validate_apply_split_flags and make the decision there,
if the global config.enable_4to1MPC is set to true for the
DCN version we're running.
This fixes corruption that is observed when running a new IGT
kms_colorop test for color-space-conversion that uses a
YUV plane and outputs to a writeback connector.
Co-developed by Claude Sonnet 4.5.
Assisted-by: Claude:claude-sonnet-4.5 Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com> Signed-off-by: Harry Wentland <harry.wentland@amd.com> Signed-off-by: Chuanyu Tseng <chuanyu.tseng@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
does not guarantee this, as the freq_changed branch can evaluate to true
independently of the callback pointer.
This can result in calling update_bw_bounding_box() when it is NULL.
Fix this by separating the update condition from the pointer checks and
ensuring the callback, dc->clk_mgr, and bw_params are validated before
use.
Fixes the below:
../dc/hwss/dcn401/dcn401_hwseq.c:367 dcn401_init_hw() error: we previously assumed 'dc->res_pool->funcs->update_bw_bounding_box' could be null (see line 362)
Fixes: ca0fb243c3bb ("drm/amd/display: Underflow Seen on DCN401 eGPU") Cc: Daniel Sa <Daniel.Sa@amd.com> Cc: Alvin Lee <alvin.lee2@amd.com> Cc: Roman Li <roman.li@amd.com> Cc: Alex Hung <alex.hung@amd.com> Cc: Tom Chung <chiahsuan.chung@amd.com> Cc: Dan Carpenter <dan.carpenter@linaro.org> Cc: Aurabindo Pillai <aurabindo.pillai@amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com> Reviewed-by: Alex Hung <alex.hung@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Hans de Goede [Sat, 14 Mar 2026 08:49:16 +0000 (09:49 +0100)]
driver core: Make deferred_probe_timeout default a Kconfig option
Code using driver_deferred_probe_check_state() differs from most
EPROBE_DEFER handling in the kernel. Where other EPROBE_DEFER handling
(e.g. clks, gpios and regulators) waits indefinitely for suppliers to
show up, code using driver_deferred_probe_check_state() will fail
after the deferred_probe_timeout.
This is a problem for generic distro kernels which want to support many
boards using a single kernel build. These kernels want as much drivers to
be modular as possible. The initrd also should be as small as possible,
so the initrd will *not* have drivers not needing to get the rootfs.
Combine this with waiting for a full-disk encryption password in
the initrd and it is pretty much guaranteed that the default 10s timeout
will be hit, causing probe() failures when drivers on the rootfs happen
to get modprobe-d before other rootfs modules providing their suppliers.
Make the default timeout configurable from Kconfig to allow distro kernel
configs where many of the supplier drivers are modules to set the default
through Kconfig.
Reviewed-by: Saravana Kannan <saravanak@kernel.org> Signed-off-by: Hans de Goede <johannes.goede@oss.qualcomm.com> Link: https://patch.msgid.link/20260314084916.10868-1-johannes.goede@oss.qualcomm.com
[ Drop deferred_probe_timeout documentation change in
kernel-parameters.txt. - Danilo ] Signed-off-by: Danilo Krummrich <dakr@kernel.org>
Harry Wentland [Fri, 16 Jan 2026 16:48:11 +0000 (11:48 -0500)]
drm/amd/display: Merge pipes for validate
Validation expects to operate on non-split pipes. This is
seen in dcn20_fast_validate_bw, which merges pipes for
validation. We weren't doing that in the non-fast path
which lead to validation failures when operating with
4-to-1 MPC and a writeback connector.
Co-developed by Claude Sonnet 4.5
Assisted-by: Claude:claude-sonnet-4.5 Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com> Signed-off-by: Harry Wentland <harry.wentland@amd.com> Signed-off-by: Chuanyu Tseng <chuanyu.tseng@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
drm/amd/display: Add NULL check for integrated_info in clk_mgr_construct
clk_mgr_construct() initializes display clock and memory bandwidth
settings during driver bring-up.
As part of this, the driver selects a watermark table based on the
memory type (DDR4, LPDDR4, LPDDR5) from ctx->dc_bios->integrated_info.
The display pipeline continuously reads pixel data from memory,
processes it (such as scaling, color conversion, and blending), and
sends it to the screen. To keep this pipeline running smoothly, the
driver must ensure there is enough memory bandwidth and that clocks are
increased when needed.
Watermark tables define when the GPU should increase clocks to ensure
there is enough bandwidth to feed pixel data without underflow.
However, ctx->dc_bios->integrated_info is dereferenced without checking
for NULL in multiple clk_mgr_construct() implementations. On some
platforms, BIOS may not provide this information, and accessing it
directly can cause a NULL pointer dereference during initialization.
Fix this by adding a NULL check before accessing integrated_info.
If integrated_info is not available, the driver safely falls back to
default watermark tables.
Fixes:
../dcn21/rn_clk_mgr.c:775 rn_clk_mgr_construct() warn: variable dereferenced before check 'ctx->dc_bios->integrated_info' (see line 743)
../dcn301/vg_clk_mgr.c:750 vg_clk_mgr_construct() warn: variable dereferenced before check 'ctx->dc_bios->integrated_info' (see line 736)
../dcn31/dcn31_clk_mgr.c:789 dcn31_clk_mgr_construct() warn: variable dereferenced before check 'ctx->dc_bios->integrated_info' (see line 728)
../dcn314/dcn314_clk_mgr.c:906 dcn314_clk_mgr_construct() warn: variable dereferenced before check 'ctx->dc_bios->integrated_info' (see line 845)
../dcn315/dcn315_clk_mgr.c:716 dcn315_clk_mgr_construct() warn: variable dereferenced before check 'ctx->dc_bios->integrated_info' (see line 655)
../dcn316/dcn316_clk_mgr.c:660 dcn316_clk_mgr_construct() warn: variable dereferenced before check 'ctx->dc_bios->integrated_info' (see line 639)
../dcn35/dcn35_clk_mgr.c:1540 dcn35_clk_mgr_construct() warn: variable dereferenced before check 'ctx->dc_bios->integrated_info' (see line 1467)
Fixes: 25879d7b4986 ("drm/amd/display: Clean FPGA code in dc") Cc: Roman Li <roman.li@amd.com> Cc: Alex Hung <alex.hung@amd.com> Cc: Tom Chung <chiahsuan.chung@amd.com> Cc: Dan Carpenter <dan.carpenter@linaro.org> Cc: Aurabindo Pillai <aurabindo.pillai@amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com> Reviewed-by: Alex Hung <alex.hung@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Mark Brown [Mon, 30 Mar 2026 18:40:31 +0000 (19:40 +0100)]
ASoC: jz47xx: Convert to devm_clk_get_enabled()
Jihed Chaibi <jihed.chaibi.dev@gmail.com> says:
The jz4725b, jz4760 and jz4770 Ingenic codec drivers all share the same
clock management pattern: the clock is obtained with devm_clk_get() in
the platform probe, then manually enabled in the component probe and
disabled in the component remove. The clk_prepare_enable() call in the
component probe is unchecked, meaning clock enable failures are silently
ignored and can lead to register access on unpowered hardware.
This series converts all three drivers to devm_clk_get_enabled(), which
combines the get, prepare and enable steps and ties the clock lifetime to
the device via devres. The now-redundant component remove callbacks and
the struct clk pointers in the private structs are removed.
Jihed Chaibi [Mon, 23 Mar 2026 16:15:51 +0000 (17:15 +0100)]
ASoC: jz4770: Convert to devm_clk_get_enabled()
The clock is obtained with devm_clk_get() in the platform probe, then
manually enabled in the component probe and disabled in the component
remove without checking the return value of clk_prepare_enable().
Use devm_clk_get_enabled() instead, which combines the get, prepare and
enable operations into one call whose lifetime is tied to the device.
This removes the need for explicit enable/disable in the component
probe/remove callbacks, and ensures that clock enable failures are
propagated as errors rather than silently ignored.
Remove the now-unused struct clk pointer from struct jz_codec and drop
the empty component remove callback.
Jihed Chaibi [Mon, 23 Mar 2026 16:15:50 +0000 (17:15 +0100)]
ASoC: jz4760: Convert to devm_clk_get_enabled()
The clock is obtained with devm_clk_get() in the platform probe, then
manually enabled in the component probe and disabled in the component
remove without checking the return value of clk_prepare_enable().
Use devm_clk_get_enabled() instead, which combines the get, prepare and
enable operations into one call whose lifetime is tied to the device.
This removes the need for explicit enable/disable in the component
probe/remove callbacks, and ensures that clock enable failures are
propagated as errors rather than silently ignored.
Remove the now-unused struct clk pointer from struct jz_codec and drop
the empty component remove callback.
Jihed Chaibi [Mon, 23 Mar 2026 16:15:49 +0000 (17:15 +0100)]
ASoC: jz4725b: Convert to devm_clk_get_enabled()
The clock is obtained with devm_clk_get() in the platform probe, then
manually enabled in the component probe and disabled in the component
remove without checking the return value of clk_prepare_enable().
Use devm_clk_get_enabled() instead, which combines the get, prepare and
enable operations into one call whose lifetime is tied to the device.
This removes the need for explicit enable/disable in the component
probe/remove callbacks, and ensures that clock enable failures are
propagated as errors rather than silently ignored.
Remove the now-unused struct clk pointer from struct jz_icdc and drop
the empty component remove callback.
drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths
In dc_dmub_srv_log_diagnostic_data() and
dc_dmub_srv_enable_dpia_trace().
Both functions check:
if (!dc_dmub_srv || !dc_dmub_srv->dmub)
and then call DC_LOG_ERROR() inside that block.
DC_LOG_ERROR() uses dc_dmub_srv->ctx internally. So if
dc_dmub_srv is NULL, the logging itself can dereference a
NULL pointer and cause a crash.
Fix this by splitting the checks.
First check if dc_dmub_srv is NULL and return immediately.
Then check dc_dmub_srv->dmub and log the error only when
dc_dmub_srv is valid.
Fixes the below:
../display/dc/dc_dmub_srv.c:962 dc_dmub_srv_log_diagnostic_data() error: we previously assumed 'dc_dmub_srv' could be null (see line 961)
../display/dc/dc_dmub_srv.c:1167 dc_dmub_srv_enable_dpia_trace() error: we previously assumed 'dc_dmub_srv' could be null (see line 1166)
Fixes: 2631ac1ac328 ("drm/amd/display: add DMUB registers to crash dump diagnostic data.") Fixes: 71ba6b577a35 ("drm/amd/display: Add interface to enable DPIA trace") Cc: Roman Li <roman.li@amd.com> Cc: Alex Hung <alex.hung@amd.com> Cc: Tom Chung <chiahsuan.chung@amd.com> Cc: Dan Carpenter <dan.carpenter@linaro.org> Cc: Aurabindo Pillai <aurabindo.pillai@amd.com> Signed-off-by: Srinivasan Shanmugam <srinivasan.shanmugam@amd.com> Reviewed-by: Alex Hung <alex.hung@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Gabe Teeger [Mon, 16 Mar 2026 14:41:27 +0000 (10:41 -0400)]
drm/amd/display: Fix bounds checking in dml2_0 clock table array
[Why]
Multiple locations in dml2_0 used num_clk_values-1 as array index
without checking if num_clk_values > 0. When num_clk_values is 0,
this results in accessing array index -1, which wraps to 255 for
unsigned types, causing out-of-bounds memory access and potential
crashes.
[How]
Add proper bounds checking using ternary operators to guard all
num_clk_values-1 array accesses. When num_clk_values is 0, return 0
as fallback value instead of accessing invalid memory. This prevents
buffer overflows while maintaining backward compatibility and provides
sensible default behavior for empty clock tables.
Reviewed-by: Dillon Varone <dillon.varone@amd.com> Signed-off-by: Gabe Teeger <gabe.teeger@amd.com> Signed-off-by: Chuanyu Tseng <chuanyu.tseng@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
drm/amd/display: Avoid turning off the PHY when OTG is running for DVI
[Why]
The OTG's virtual pixel clock source for DVI comes from the PHY.
If the signal type is DVI then the OTG can become stuck on pre DCN401
ASIC when DPMS off occurs because the OTG remains running but the
PHY transmitter is disabled.
[How]
There exists logic to keep track of the OTG running refcount on the
link to determine if the link needs to go to PLL_EN instead of TX_EN
but the logic only checks for HDMI TMDS on older ASIC.
DVI is still a TMDS signal type so the constraint should also apply.
Replace the checks for dc_is_hdmi_tmds_signal with dc_is_tmds_signal to
cover both HDMI and DVI for the symclk refcount workaround.
Reviewed-by: Dillon Varone <dillon.varone@amd.com> Reviewed-by: Charlene Liu <charlene.liu@amd.com> Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com> Signed-off-by: Chuanyu Tseng <chuanyu.tseng@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Wayne Lin [Thu, 5 Feb 2026 07:36:18 +0000 (15:36 +0800)]
drm/amd/display: Should support p-state under dcn21
[Why]
Under DCN21, observe flip_done timeout issue while
running 3D benchmark under MPO case. Timeout is caused
by driver fails validate_bandwidth() during
atomic_commit_tail but passes atomic_check.
Under further analysis, indicates the delta of
atomic_check and atomic_commit_tail are
dc->current_state->bw_ctx.dml.soc.sr_exit_time_us and
dc->current_state->bw_ctx.dml.soc.sr_enter_plus_exit_time_us.
We set validate_mode as DC_VALIDATE_MODE_ONLY while calling
dc_validate_global_state() at atomic_check, but set mode as
DC_VALIDATE_MODE_AND_PROGRAMMING during atomic_commit_tail.
If dc_validate_mode set as DC_VALIDATE_MODE_ONLY,
validate_bandwidth() will skip the wm and dlg calculation.
During commit_tail, validate_bandwidth() is called with
dc_validate_mode set as DC_VALIDATE_MODE_AND_PROGRAMMING and
dc_state->bw_ctx.dml.soc.sr_exit_time_us might get modified
after the wm_calculation and stored into dc->current_state.
Which means dc->current_state->bw_ctx.dml.soc.sr_exit_time_us
might not aligned with the one stored in dm_state->context.
That causes duplicated dm_state->context not aligned with
dc->current_state, and might have bandwidth validation pass
in atomic_check and fail in commit_tail later.
[How]
When the issue occurs, it fails dml_get_voltage_level() with
the condition dm_allow_self_refresh_and_mclk_switch but pass
with the condition dm_allow_self_refresh. However, we should
support p-state. So we should not pass validate_bandwidth by
allowing self refresh only. Change the policy under DCN21.
Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com> Signed-off-by: Wayne Lin <Wayne.Lin@amd.com> Signed-off-by: Chuanyu Tseng <chuanyu.tseng@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Roman Li [Fri, 20 Mar 2026 21:02:33 +0000 (17:02 -0400)]
drm/amd/display: Enable Replay support for dcn42
Add DCN4.2 to the list that supports
Panel Replay feature.
Reviewed-by: Alex Hung <Alex.Hung@amd.com> Signed-off-by: Roman Li <Roman.Li@amd.com> Signed-off-by: Chuanyu Tseng <Chuanyu.Tseng@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Gabe Teeger [Wed, 31 Dec 2025 20:19:22 +0000 (15:19 -0500)]
drm/amd/display: Remove check for DC_DMCUB_ENABLE on DCN42
[why]
DCN without DMCUB is not a supported configuration on DCN42.
[how]
Remove the DC_DMCUB_ENABLE fuse register check and remove the
corresponding entries in the DCN42 DMUB register list.
Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com> Signed-off-by: Gabe Teeger <gabe.teeger@amd.com> Signed-off-by: Matthew Stewart <Matthew.Stewart2@amd.com> Signed-off-by: Roman Li <roman.li@amd.com> Signed-off-by: Chuanyu Tseng <chuanyu.tseng@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Pengpeng Hou [Tue, 24 Mar 2026 08:51:30 +0000 (16:51 +0800)]
drm/amd/display: bios_parser: fix GPIO I2C line off-by-one
get_gpio_i2c_info() computes the number of GPIO I2C assignment records
present in the BIOS table and then uses bfI2C_LineMux as an array index
into header->asGPIO_Info[]. The current check only rejects values
strictly larger than the record count, so an index equal to count still
falls through and reaches the fixed table one element past the end.
Reject indices at or above the number of available records before using
them as an array index.
Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Jihed Chaibi [Tue, 24 Mar 2026 21:09:09 +0000 (22:09 +0100)]
ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure
ep93xx_i2s_enable() calls clk_prepare_enable() on three clocks in
sequence (mclk, sclk, lrclk) without checking the return value of any
of them. If an intermediate enable fails, the clocks that were already
enabled are never rolled back, leaking them until the next disable cycle
— which may never come if the stream never started cleanly.
Change ep93xx_i2s_enable() from void to int. Add error checking after
each clk_prepare_enable() call and unwind already-enabled clocks on
failure. Propagate the error through ep93xx_i2s_startup() and
ep93xx_i2s_resume(), both of which already return int.
Donet Tom [Thu, 26 Mar 2026 12:21:28 +0000 (17:51 +0530)]
drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB
Currently, AMDGPU_VA_RESERVED_TRAP_SIZE is hardcoded to 8KB, while
KFD_CWSR_TBA_TMA_SIZE is defined as 2 * PAGE_SIZE. On systems with
4K pages, both values match (8KB), so allocation and reserved space
are consistent.
However, on 64K page-size systems, KFD_CWSR_TBA_TMA_SIZE becomes 128KB,
while the reserved trap area remains 8KB. This mismatch causes the
kernel to crash when running rocminfo or rccl unit tests.
This patch changes AMDGPU_VA_RESERVED_TRAP_SIZE to 64 KB and
KFD_CWSR_TBA_TMA_SIZE to the AMD GPU page size. This means we reserve
64 KB for the trap in the address space, but only allocate 8 KB within
it. With this approach, the allocation size never exceeds the reserved
area.
Fixes: 34a1de0f7935 ("drm/amdkfd: Relocate TBA/TMA to opposite side of VM hole") Reviewed-by: Christian König <christian.koenig@amd.com> Suggested-by: Felix Kuehling <felix.kuehling@amd.com> Suggested-by: Christian König <christian.koenig@amd.com> Signed-off-by: Donet Tom <donettom@linux.ibm.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Sunil Khatri [Thu, 26 Mar 2026 08:09:05 +0000 (13:39 +0530)]
drm/amdgpu/userq: Fix the code alignment for readability
Fix the code alignment for if condition and also provide
a line space between multiline if condition and next
statement.
Signed-off-by: Sunil Khatri <sunil.khatri@amd.com> Acked-by: Christian König <christian.koenig@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Tejun Heo [Sun, 29 Mar 2026 00:18:56 +0000 (14:18 -1000)]
selftests/sched_ext: Add cyclic SCX_KICK_WAIT stress test
Add a test that creates a 3-CPU kick_wait cycle (A->B->C->A). A BPF
scheduler kicks the next CPU in the ring with SCX_KICK_WAIT on every
enqueue while userspace workers generate continuous scheduling churn via
sched_yield(). Without the preceding fix, this hangs the machine within seconds.
Signed-off-by: Tejun Heo <tj@kernel.org> Reviewed-by: Christian Loehle <christian.loehle@arm.com> Tested-by: Christian Loehle <christian.loehle@arm.com>
Tejun Heo [Sun, 29 Mar 2026 00:18:55 +0000 (14:18 -1000)]
sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback
SCX_KICK_WAIT busy-waits in kick_cpus_irq_workfn() using
smp_cond_load_acquire() until the target CPU's kick_sync advances. Because
the irq_work runs in hardirq context, the waiting CPU cannot reschedule and
its own kick_sync never advances. If multiple CPUs form a wait cycle, all
CPUs deadlock.
Replace the busy-wait in kick_cpus_irq_workfn() with resched_curr() to
force the CPU through do_pick_task_scx(), which queues a balance callback
to perform the wait. The balance callback drops the rq lock and enables
IRQs following the sched_core_balance() pattern, so the CPU can process
IPIs while waiting. The local CPU's kick_sync is advanced on entry to
do_pick_task_scx() and continuously during the wait, ensuring any CPU that
starts waiting for us sees the advancement and cannot form cyclic
dependencies.
Jihed Chaibi [Tue, 24 Mar 2026 22:39:07 +0000 (23:39 +0100)]
ASoC: samsung: spdif: Convert to devm_ioremap_resource()
Replace the open-coded request_mem_region() + ioremap() sequence with
devm_ioremap_resource(), which handles both the region claim and mapping
under devres lifetime management.
This eliminates the manual iounmap() and release_mem_region() calls in
the error path (err3/err4 labels) and in spdif_remove(), simplifying
the probe error handling.
Junrui Luo [Sat, 14 Mar 2026 15:33:53 +0000 (23:33 +0800)]
drm/amdgpu/userq: fix memory leak in MQD creation error paths
In mes_userq_mqd_create(), the memdup_user() allocations for
IP-specific MQD structs are not freed when subsequent VA validation
fails. The goto free_mqd label only cleans up the MQD BO object and
userq_props.
Fix by adding kfree() before each goto free_mqd on VA validation
failure in the COMPUTE, GFX, and SDMA branches.
Fixes: 9e46b8bb0539 ("drm/amdgpu: validate userq buffer virtual address and size") Reported-by: Yuhao Jiang <danisjiang@gmail.com> Signed-off-by: Junrui Luo <moonafterrain@outlook.com> Reviewed-by: Prike Liang <Prike.Liang@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Donet Tom [Mon, 23 Mar 2026 04:28:38 +0000 (09:58 +0530)]
drm/amd: Fix MQD and control stack alignment for non-4K
For gfxV9, due to a hardware bug ("based on the comments in the code
here [1]"), the control stack of a user-mode compute queue must be
allocated immediately after the page boundary of its regular MQD buffer.
To handle this, we allocate an enlarged MQD buffer where the first page
is used as the MQD and the remaining pages store the control stack.
Although these regions share the same BO, they require different memory
types: the MQD must be UC (uncached), while the control stack must be
NC (non-coherent), matching the behavior when the control stack is
allocated in user space.
This logic works correctly on systems where the CPU page size matches
the GPU page size (4K). However, the current implementation aligns both
the MQD and the control stack to the CPU PAGE_SIZE. On systems with a
larger CPU page size, the entire first CPU page is marked UC—even though
that page may contain multiple GPU pages. The GPU treats the second 4K
GPU page inside that CPU page as part of the control stack, but it is
incorrectly mapped as UC.
This patch fixes the issue by aligning both the MQD and control stack
sizes to the GPU page size (4K). The first 4K page is correctly marked
as UC for the MQD, and the remaining GPU pages are marked NC for the
control stack. This ensures proper memory type assignment on systems
with larger CPU page sizes.
Acked-by: Felix Kuehling <felix.kuehling@amd.com> Signed-off-by: Donet Tom <donettom@linux.ibm.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Donet Tom [Mon, 23 Mar 2026 04:28:35 +0000 (09:58 +0530)]
drm/amdkfd: Align expected_queue_size to PAGE_SIZE
The AQL queue size can be 4K, but the minimum buffer object (BO)
allocation size is PAGE_SIZE. On systems with a page size larger
than 4K, the expected queue size does not match the allocated BO
size, causing queue creation to fail.
Align the expected queue size to PAGE_SIZE so that it matches the
allocated BO size and allows queue creation to succeed.
Reviewed-by: Felix Kuehling <felix.kuehling@amd.com> Signed-off-by: Donet Tom <donettom@linux.ibm.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Asad Kamal [Wed, 25 Mar 2026 09:20:41 +0000 (17:20 +0800)]
drm/amd/pm: Use str_enabled_disabled in amdgpu_pm sysfs
Coccinelle flags hand-rolled "enabled"/"disabled" strings; use the shared
str_enabled_disabled() helper from string_choices.h for npm_status and
thermal throttling logging sysfs text.
Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202603251434.zIN2QYWn-lkp@intel.com/ Signed-off-by: Asad Kamal <asad.kamal@amd.com> Reviewed-by: Lijo Lazar <lijo.lazar@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Jesse Zhang [Tue, 24 Mar 2026 09:31:43 +0000 (17:31 +0800)]
drm/amdgpu: flush coredump work before HW teardown
In amdgpu_device_fini_hw(), deferred coredump formatting work may still
be pending when hardware and IP components are being torn down. Since
the work may access device registers and memory that will be freed or
powered off, it must be completed before proceeding.
Add a flush_work() call for adev->coredump_work, guarded by
CONFIG_DEV_COREDUMP, to ensure any pending coredump work finishes
before the device enters the early IP fini stage.
This avoids potential use-after-free or accessing hardware resources
that are no longer available.
Jesse Zhang [Tue, 24 Mar 2026 07:28:59 +0000 (15:28 +0800)]
drm/amdgpu: guard atom_context in devcoredump VBIOS dump
During GPU reset coredump generation, amdgpu_devcoredump_fw_info() unconditionally
dereferences adev->mode_info.atom_context to print VBIOS fields. On reset/teardown
paths this pointer can be NULL, causing a kernel page fault from the deferred
coredump workqueue.
Fix by checking ctx before printing VBIOS fields:
if ctx is valid, print full VBIOS information as before;
This prevents NULL-dereference crashes while preserving coredump output.
Sunil Khatri [Tue, 24 Mar 2026 14:58:54 +0000 (20:28 +0530)]
drm/amdgpu/userq: amdgpu_userq_vm_validate does not need userq mutex
amdgpu_userq_vm_validate function does not need userq_mutex and exec
lock is good enough to locking all bos and updating the eviction fence.
Also since we only need userq_mutex for amdgpu_userq_restore_all
so move the locks in the function itself.
Signed-off-by: Sunil Khatri <sunil.khatri@amd.com> Reviewed-by: Christian König <christian.koenig@amd.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Junrui Luo [Tue, 24 Mar 2026 09:39:02 +0000 (17:39 +0800)]
drm/amdgpu: validate doorbell_offset in user queue creation
amdgpu_userq_get_doorbell_index() passes the user-provided
doorbell_offset to amdgpu_doorbell_index_on_bar() without bounds
checking. An arbitrarily large doorbell_offset can cause the
calculated doorbell index to fall outside the allocated doorbell BO,
potentially corrupting kernel doorbell space.
Validate that doorbell_offset falls within the doorbell BO before
computing the BAR index, using u64 arithmetic to prevent overflow.
Fixes: f09c1e6077ab ("drm/amdgpu: generate doorbell index for userqueue") Reported-by: Yuhao Jiang <danisjiang@gmail.com> Signed-off-by: Junrui Luo <moonafterrain@outlook.com> Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Felix Gu [Sun, 22 Mar 2026 14:28:45 +0000 (22:28 +0800)]
spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback
aml_sfc_probe() registers the on-host NAND ECC engine, but teardown was
missing from both probe unwind and remove-time cleanup. Add a devm cleanup
action after successful registration so
nand_ecc_unregister_on_host_hw_engine() runs automatically on probe
failures and during device removal.
Sanman Pradhan [Mon, 30 Mar 2026 15:56:40 +0000 (15:56 +0000)]
hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify()
tps53676_identify() uses strncmp() to compare the device ID buffer
against a byte sequence containing embedded non-printable bytes
(\x53\x67\x60). strncmp() is semantically wrong for binary data
comparison; use memcmp() instead.
Additionally, the buffer from i2c_smbus_read_block_data() is not
NUL-terminated, so printing it with "%s" in the error path is
undefined behavior and may read past the buffer. Use "%*ph" to
hex-dump the actual bytes returned.
Per the datasheet, the expected device ID is the 6-byte sequence
54 49 53 67 60 00 ("TI\x53\x67\x60\x00"), so compare all 6 bytes
including the trailing NUL.
Dmitry Baryshkov [Sun, 25 Jan 2026 11:30:04 +0000 (13:30 +0200)]
soc: qcom: ubwc: add helpers to get programmable values
Currently the database stores macrotile_mode in the data. However it
can be derived from the rest of the data: it should be used for UBWC
encoding >= 3.0 except for several corner cases (SM8150 and SC8180X).
The ubwc_bank_spread field seems to be based on the impreside data we
had for the MDSS and DPU programming. In some cases UBWC engine inside
the display controller doesn't need to program it, although bank spread
is to be enabled.
Bank swizzle is also currently stored as is, but it is almost standard
(banks 1-3 for UBWC 1.0 and 2-3 for other versions), the only exception
being Lemans (it uses only bank 3).
Add helpers returning values from the config for now. They will be
rewritten later, in a separate series, but having the helper now
simplifies refacroring the code later.
Dmitry Baryshkov [Sun, 25 Jan 2026 11:30:03 +0000 (13:30 +0200)]
soc: qcom: ubwc: add helper to get min_acc length
MDSS and GPU drivers use different approaches to get min_acc length.
Add helper function that can be used by all the drivers.
The helper reflects our current best guess, it blindly copies the
approach adopted by the MDSS drivers and it matches current values
selected by the GPU driver.
Commit 2e5449f4f21a ("profiling: Remove create_prof_cpu_mask().") said that
no one would create /proc/irq/prof_cpu_mask since commit 1f44a225777e
("s390: convert interrupt handling to use generic hardirq", 2013). Remove
the outdated description.
Mark Brown [Mon, 30 Mar 2026 16:59:52 +0000 (17:59 +0100)]
ASoC: Merge up fixes
Merge branch 'for-7.0' of
https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into
asoc-7.1 for both ASoC and general bug fixes to support testing.
Akira Yokosawa [Thu, 26 Mar 2026 11:46:37 +0000 (20:46 +0900)]
docs/ja_JP: submitting-patches: Amend "Describe your changes"
To make the translation of "Describe your changes" (into
"変更内容を記述する") easier to follow, do some rewording and
rephrasing, as well as fixing a couple of mistranslations.
Signed-off-by: Akira Yokosawa <akiyks@gmail.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Message-ID: <20260326114637.144601-1-akiyks@gmail.com>
Tomas Glozar [Mon, 30 Mar 2026 09:12:07 +0000 (11:12 +0200)]
rtla: Fix build without libbpf header
rtla supports building without libbpf. However, BPF actions
patchset [1] adds an include of bpf/libbpf.h into timerlat_bpf.h,
which breaks build on systems that don't have libbpf headers
installed.
This is a leftover from a draft version of the patchset where
timerlat_bpf_set_action() (which takes a struct bpf_program * argument)
was defined in the header. timerlat_bpf.c already includes bpf/libbpf.h
via timerlat.skel.h when libbpf is present.
Remove the redundant include to fix build on systems without libbpf
headers.
Manuel Ebner [Wed, 25 Mar 2026 19:48:12 +0000 (20:48 +0100)]
docs: changes.rst and ver_linux: sort the lists
Sort the lists of tools in both scripts/ver_linux and
Documentation/process/changes.rst into alphabetical order, facilitating
comparison between the two.
Signed-off-by: Manuel Ebner <manuelebner@mailbox.org>
[jc: rewrote changelog] Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Message-ID: <20260325194811.78509-2-manuelebner@mailbox.org>
Manuel Ebner [Wed, 25 Mar 2026 19:46:17 +0000 (20:46 +0100)]
docs: changes/ver_linux: fix entries and add several tools
Some of the entries in both Documentation/process/changes.rst and
script/ver_linux were obsolete; update them to reflect the current way of
getting version information.
Many were missing altogether; add the relevant information for:
Leonard Lausen [Fri, 27 Mar 2026 22:25:15 +0000 (22:25 +0000)]
ALSA: hda: cs35l41: Fix boost type for HP Dragonfly 13.5 inch G4
The HP Dragonfly 13.5 inch G4 (SSID 103C8B63) has _DSD properties in
ACPI firmware with valid reset-gpios and cs-gpios for the four CS35L41
amplifiers on SPI.
However, the _DSD specifies cirrus,boost-type as Internal (0), while
the hardware requires External Boost. With Internal Boost configured,
the amplifiers trigger "Amp short error" when audio is played at
moderate-to-high volume, eventually shutting down entirely.
Add a configuration table entry to override the boost type to
External, similar to the existing workaround for 103C89C6. All GPIO
indices are set to -1 since the _DSD provides valid reset-gpios and
cs-gpios.
Confirmed on BIOS V90 01.11.00 (January 2026), the latest available.
Takashi Iwai [Mon, 30 Mar 2026 16:22:20 +0000 (18:22 +0200)]
ALSA: hda/realtek: Add quirk for Samsung Book2 Pro 360 (NP950QED)
There is another Book2 Pro model (NP950QED) that seems equipped with
the same speaker module as the non-360 model, which requires
ALC298_FIXUP_SAMSUNG_AMP_V2_2_AMPS quirk.
Florian Fainelli [Thu, 26 Mar 2026 23:32:24 +0000 (16:32 -0700)]
Documentation: Provide hints on how to debug Python GDB scripts
By default GDB does not print a full stack of its integrated Python
interpreter, thus making the debugging of GDB scripts more painful than
it has to be.
Suggested-by: Radu Rendec <radu@rendec.net> Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com> Reviewed-by: Radu Rendec <radu@rendec.net> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Message-ID: <20260326233226.2248817-1-florian.fainelli@broadcom.com>
Harry Wentland [Fri, 27 Mar 2026 15:41:57 +0000 (11:41 -0400)]
scripts/checkpatch: add Assisted-by: tag validation
The coding-assistants.rst documentation defines the Assisted-by: tag
format for AI-assisted contributions as:
Assisted-by: AGENT_NAME:MODEL_VERSION [TOOL1] [TOOL2]
This format does not use an email address, so checkpatch currently
reports a false positive about an invalid email when encountering this
tag.
Add Assisted-by: to the recognized signature tags and standard signature
list. When an Assisted-by: tag is found, validate it instead of checking
for an email address.
Examples of passing tags:
- Claude:claude-3-opus coccinelle sparse
- FOO:BAR.baz
- Copilot Github:claude-3-opus
- GitHub Copilot:Claude Opus 4.6
- My Cool Agent:v1.2.3 coccinelle sparse
Examples of tags triggering the new warning:
- Claude coccinelle sparse
- JustAName
- :missing-agent
Cc: Jani Nikula <jani.nikula@linux.intel.com> Assisted-by: Claude:claude-opus-4.6 Co-developed-by: Alex Hung <alex.hung@amd.com> Signed-off-by: Alex Hung <alex.hung@amd.com> Signed-off-by: Harry Wentland <harry.wentland@amd.com> Cc: stable@vger.kernel.org Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Message-ID: <20260327154157.162962-1-harry.wentland@amd.com>
Will Deacon [Mon, 30 Mar 2026 14:48:39 +0000 (15:48 +0100)]
drivers/virt: pkvm: Add Kconfig dependency on DMA_RESTRICTED_POOL
pKVM guests practically rely on CONFIG_DMA_RESTRICTED_POOL=y in order
to establish shared memory regions with the host for virtio buffers.
Make CONFIG_ARM_PKVM_GUEST depend on CONFIG_DMA_RESTRICTED_POOL to avoid
the inevitable segmentation faults experience if you have the former but
not the latter.
Will Deacon [Mon, 30 Mar 2026 14:48:38 +0000 (15:48 +0100)]
KVM: arm64: Rename PKVM_PAGE_STATE_MASK
Rename PKVM_PAGE_STATE_MASK to PKVM_PAGE_STATE_VMEMMAP_MASK to make it
clear that the mask applies to the page state recorded in the entries
of the 'hyp_vmemmap', rather than page states stored elsewhere (e.g. in
the ptes).
Suggested-by: Alexandru Elisei <alexandru.elisei@arm.com> Reviewed-by: Fuad Tabba <tabba@google.com> Tested-by: Fuad Tabba <tabba@google.com> Tested-by: Mostafa Saleh <smostafa@google.com> Signed-off-by: Will Deacon <will@kernel.org> Link: https://patch.msgid.link/20260330144841.26181-38-will@kernel.org Signed-off-by: Marc Zyngier <maz@kernel.org>
Now that the guest can share and unshare memory with the host using
hypercalls, extend the pKVM page ownership selftest to exercise these
new transitions.
Will Deacon [Mon, 30 Mar 2026 14:48:35 +0000 (15:48 +0100)]
KVM: arm64: Register 'selftest_vm' in the VM table
In preparation for extending the pKVM page ownership selftests to cover
forceful reclaim of donated pages, rework the creation of the
'selftest_vm' so that it is registered in the VM table while the tests
are running.
Will Deacon [Mon, 30 Mar 2026 14:48:33 +0000 (15:48 +0100)]
KVM: arm64: Add some initial documentation for pKVM
Add some initial documentation for pKVM to help people understand what
is supported, the limitations of protected VMs when compared to
non-protected VMs and also what is left to do.
Will Deacon [Mon, 30 Mar 2026 14:48:31 +0000 (15:48 +0100)]
KVM: arm64: Implement the MEM_UNSHARE hypercall for protected VMs
Implement the ARM_SMCCC_KVM_FUNC_MEM_UNSHARE hypercall to allow
protected VMs to unshare memory that was previously shared with the host
using the ARM_SMCCC_KVM_FUNC_MEM_SHARE hypercall.
Reviewed-by: Vincent Donnefort <vdonnefort@google.com> Tested-by: Fuad Tabba <tabba@google.com> Tested-by: Mostafa Saleh <smostafa@google.com> Signed-off-by: Will Deacon <will@kernel.org> Link: https://patch.msgid.link/20260330144841.26181-31-will@kernel.org Signed-off-by: Marc Zyngier <maz@kernel.org>
Will Deacon [Mon, 30 Mar 2026 14:48:29 +0000 (15:48 +0100)]
KVM: arm64: Add hvc handler at EL2 for hypercalls from protected VMs
Add a hypercall handler at EL2 for hypercalls originating from protected
VMs. For now, this implements only the FEATURES and MEMINFO calls, but
subsequent patches will implement the SHARE and UNSHARE functions
necessary for virtio.
Unhandled hypercalls (including PSCI) are passed back to the host.
Reviewed-by: Vincent Donnefort <vdonnefort@google.com> Tested-by: Fuad Tabba <tabba@google.com> Tested-by: Mostafa Saleh <smostafa@google.com> Signed-off-by: Will Deacon <will@kernel.org> Link: https://patch.msgid.link/20260330144841.26181-29-will@kernel.org Signed-off-by: Marc Zyngier <maz@kernel.org>
Will Deacon [Mon, 30 Mar 2026 14:48:28 +0000 (15:48 +0100)]
KVM: arm64: Return -EFAULT from VCPU_RUN on access to a poisoned pte
If a protected vCPU faults on an IPA which appears to be mapped, query
the hypervisor to determine whether or not the faulting pte has been
poisoned by a forceful reclaim. If the pte has been poisoned, return
-EFAULT back to userspace rather than retrying the instruction forever.
Will Deacon [Mon, 30 Mar 2026 14:48:27 +0000 (15:48 +0100)]
KVM: arm64: Reclaim faulting page from pKVM in spurious fault handler
Host kernel accesses to pages that are inaccessible at stage-2 result in
the injection of a translation fault, which is fatal unless an exception
table fixup is registered for the faulting PC (e.g. for user access
routines). This is undesirable, since a get_user_pages() call could be
used to obtain a reference to a donated page and then a subsequent
access via a kernel mapping would lead to a panic().
Rework the spurious fault handler so that stage-2 faults injected back
into the host result in the target page being forcefully reclaimed when
no exception table fixup handler is registered.
Will Deacon [Mon, 30 Mar 2026 14:48:26 +0000 (15:48 +0100)]
KVM: arm64: Introduce hypercall to force reclaim of a protected page
Introduce a new hypercall, __pkvm_force_reclaim_guest_page(), to allow
the host to forcefully reclaim a physical page that was previous donated
to a protected guest. This results in the page being zeroed and the
previous guest mapping being poisoned so that new pages cannot be
subsequently donated at the same IPA.
Will Deacon [Mon, 30 Mar 2026 14:48:25 +0000 (15:48 +0100)]
KVM: arm64: Annotate guest donations with handle and gfn in host stage-2
Handling host kernel faults arising from accesses to donated guest
memory will require an rmap-like mechanism to identify the guest mapping
of the faulting page.
Extend the page donation logic to encode the guest handle and gfn
alongside the owner information in the host stage-2 pte.
Will Deacon [Mon, 30 Mar 2026 14:48:24 +0000 (15:48 +0100)]
KVM: arm64: Change 'pkvm_handle_t' to u16
'pkvm_handle_t' doesn't need to be a 32-bit type and subsequent patches
will rely on it being no more than 16 bits so that it can be encoded
into a pte annotation.
Change 'pkvm_handle_t' to a u16 and add a compile-type check that the
maximum handle fits into the reduced type.
Rework host_stage2_set_owner_locked() to add a new helper function,
host_stage2_set_owner_metadata_locked(), which will allow us to store
additional metadata alongside a 3-bit owner ID for invalid host stage-2
entries.
kvm_pgtable_stage2_set_owner() can be generalised into a way to store
up to 59 bits in the page tables alongside a 4-bit 'type' identifier
specific to the format of the 59-bit payload.
Introduce kvm_pgtable_stage2_annotate() and move the existing invalid
ptes (for locked ptes and donated pages) over to the new scheme.
Will Deacon [Mon, 30 Mar 2026 14:48:21 +0000 (15:48 +0100)]
KVM: arm64: Avoid pointless annotation when mapping host-owned pages
When a page is transitioned to host ownership, we can eagerly map it
into the host stage-2 page-table rather than going via the convoluted
step of a faulting annotation to trigger the mapping.
Call host_stage2_idmap_locked() directly when transitioning a page to
be owned by the host.
Quentin Perret [Mon, 30 Mar 2026 14:48:20 +0000 (15:48 +0100)]
KVM: arm64: Inject SIGSEGV on illegal accesses
The pKVM hypervisor will currently panic if the host tries to access
memory that it doesn't own (e.g. protected guest memory). Sadly, as
guest memory can still be mapped into the VMM's address space, userspace
can trivially crash the kernel/hypervisor by poking into guest memory.
To prevent this, inject the abort back in the host with S1PTW set in the
ESR, hence allowing the host to differentiate this abort from normal
userspace faults and inject a SIGSEGV cleanly.
Will Deacon [Mon, 30 Mar 2026 14:48:19 +0000 (15:48 +0100)]
KVM: arm64: Support translation faults in inject_host_exception()
Extend inject_host_exception() to support the injection of translation
faults on both the data and instruction side to 32-bit and 64-bit EL0
as well as 64-bit EL1. This will be used in a subsequent patch when
resolving an unhandled host stage-2 abort.
projects / thirdparty / kernel / stable.git / log
