raid1: fix nr_pending leak in REQ_ATOMIC bad-block error path
In raid1_write_request(), each per-mirror loop iteration begins by
incrementing rdev->nr_pending. If a REQ_ATOMIC write encounters a
badblock within the requested range, the code jumps to err_handle
without dropping the reference taken for the current mirror.
err_handle's cleanup loop will only decrements for k < i and
r1_bio->bios[k] is non-NULL. The current slot is therefore skipped,
leaving its nr_pending reference leaked permanently. The reference
prevents the rdev from ever being removed, since raid1_remove_conf()
refuses to remove an rdev with nr_pending > 0.
Fix this by calling rdev_dec_pending() before jumping to err_handle.
md/raid1,raid10: fix bio accounting for split md cloned bios
Use md_cloned_bio() to control bio accounting instead of relying
on r1bio_existed in raid1 or the io_accounting flag in raid10.
The previous logic does not reliably reflect whether a bio is an
md cloned bio. When a failed bio is split and resubmitted via
bio_submit_split_bioset() on the error path, this can lead to either
double accounting for md cloned bios, or missing accounting for bios
returned from bio_submit_split_bioset()
Fix this by using md_cloned_bio() to detect md cloned bios and
skip accounting accordingly.
Fixes: bb2a9acefaf9 ("md/raid1: switch to use md_account_bio() for io accounting") Fixes: 820455238366 ("md/raid10: switch to use md_account_bio() for io accounting") Signed-off-by: Abd-Alrhman Masalkhi <abd.masalkhi@gmail.com> Reviewed-by: Xiao Ni <xiao@kernel.org> Link: https://patch.msgid.link/20260501114652.590037-4-abd.masalkhi@gmail.com Signed-off-by: Yu Kuai <yukuai@fygo.io>
md/raid1,raid10: fix error-path detection with md_cloned_bio()
Detect the error path using md_cloned_bio() instead of relying
on r1_bio in raid1 or r10_bio->read_slot in raid10, which may be
NULL or -1 after splitting and resubmitting a failed bio.
As a result, the error path may not be recognized and memory
allocations can incorrectly use GFP_NOIO instead of
(GFP_NOIO | __GFP_HIGH), which can lead to a deadlock under
memory pressure.
md/raid1,raid10: fix deadlock in read error recovery path
raid1d and raid10d may resubmit a split md cloned bio while handling
a read error. In this case, resubmitting the bio can lead to a deadlock
if the array is suspended before md_handle_request() acquires an
active_io reference via percpu_ref_tryget_live().
Since the cloned bio already holds an active_io reference,
trying to acquire another reference via percpu_ref_tryget_live()
can lead to a deadlock while the array is suspended.
Fix this by using percpu_ref_get() for md cloned bios.
Fixes: bb2a9acefaf9 ("md/raid1: switch to use md_account_bio() for io accounting") Fixes: 820455238366 ("md/raid10: switch to use md_account_bio() for io accounting") Signed-off-by: Abd-Alrhman Masalkhi <abd.masalkhi@gmail.com> Reviewed-by: Xiao Ni <xiao@kernel.org> Reviewed-by: Yu Kuai <yukuai@fygo.io> Link: https://patch.msgid.link/20260501114652.590037-2-abd.masalkhi@gmail.com Signed-off-by: Yu Kuai <yukuai@fygo.io>
Chen Cheng [Fri, 15 May 2026 09:30:19 +0000 (17:30 +0800)]
md/raid10: reset read_slot when reusing r10bio for discard
put_all_bios() always drops devs[i].bio, but it only drops
devs[i].repl_bio when r10_bio->read_slot < 0. If discard reuses an
r10bio that was previously used for a read, read_slot can still be
non-negative, and discard cleanup can skip bio_put() on repl_bio.
Reset read_slot to -1 when preparing an r10bio for discard so the
replacement bio is always released correctly.
md: skip redundant raid_disks update when value is unchanged
Calling update_raid_disks() with the same value as the current one
can trigger unnecessary work. For example, RAID1 will reallocate
resources such as the mempool for r1bio.
Returning DM_MAPIO_REQUEUE from the target map() function only requeues
the bio during noflush suspends. During regular operations or during
flushing suspends, it fails the bio. Failing the bio during flushing
suspends is the correct behavior here. The bio cannot be handled, and
dm-raid cannot suspend while it is outstanding. But during normal
operations, dm-raid should not push the bio back to dm. Instead, wait
for the reshape to be resumed.
Enable audio on the RZ/G3L SMARC EVK by linking SSI0 with the DA7212
audio CODEC. The SSI0 signals are multiplexed with SD2 and are selected
by switch SW_SD2_EN#. Add regulator nodes regulator-{1p8v,3p3v} to the
SoM DTSI for reuse by eMMC.
The RZ/G3L SMARC SoM has a Versa 5P35023B clock generator to generate
the following clocks:
- ref: Not connected,
- se1: AUDIO_MCK (11.2896 or 12.2880 MHz),
- se2: RZ_AUDIO_CLK_B (11.2896 MHz),
- se3: RZ_AUDIO_CLK_C (12.2880 MHz),
- diff{1,1B}: ET{0,1}_PHY_CLK (25 MHz),
- diff2{2,2B}: Not connected.
Enable the Vversa 5P35023B clock generator on the RZ/G3L SoM DTSI.
RZ/G3L SMARC EVK has 3 user buttons called USER_SW1, USER_SW2 and
USER_SW3. Instantiate the gpio-keys driver for these buttons by
removing place holders and replacing proper pins for the buttons.
USER_SW{1,2,3} are configured as wakeup-sources, so they can wake up the
system during s2idle.
Enable the xSPI0 and xSPI1 controllers on the RZ/T2H N2H EVK board.
Configure the xSPI0 controller interface to 1-bit (x1) mode, even though
the connected MX25LW51245 octal flash device supports octal mode. Add a
corresponding inline hardware comment detailing this restriction;
operating in octal mode causes the BootROM to fail loading the
first-stage bootloader following a Watchdog Timer (WDT) reset.
Configure the xSPI1 controller interface connected to the AT25SF128A
flash device for 4-bit (x4) mode to utilize all available data lines.
Sort the pinmux entries for both GMAC ctrl nodes in port order (A/B/C and
D/E/F respectively) and remove the extra blank line before the second
pinmux assignment.
Nguyen Tran [Fri, 22 May 2026 17:19:57 +0000 (19:19 +0200)]
arm64: dts: renesas: r8a779md: Add support for R-Car M3Le R8A779MD Geist
Add support for the Geist board based on the Renesas R-Car R8A779MD (M3Le)
SoC, a register-compatible variant of the R8A77965 (M3-N) with reduced set
of peripherals.
Biju Das [Wed, 20 May 2026 11:51:41 +0000 (12:51 +0100)]
arm64: dts: renesas: r9a07g054: Add max-frequency to SDHI nodes
Add the max-frequency property set to 133333333 Hz (133.33 MHz) to both
SDHI0 and SDHI1 MMC controller nodes in the RZ/V2L (r9a07g054) device
tree, increasing performance by ca. 33%.
Biju Das [Wed, 20 May 2026 11:51:40 +0000 (12:51 +0100)]
arm64: dts: renesas: r9a07g044: Add max-frequency to SDHI nodes
Add the max-frequency property set to 133333333 Hz (133.33 MHz) to both
SDHI0 and SDHI1 MMC controller nodes in the RZ/{G2L,G2LC} (r9a07g044)
device tree, increasing performance by ca. 33%.
Biju Das [Wed, 20 May 2026 11:51:39 +0000 (12:51 +0100)]
arm64: dts: renesas: r9a07g043: Add max-frequency to SDHI nodes
Add the max-frequency property set to 133333333 Hz (133.33 MHz) to both
SDHI0 and SDHI1 MMC controller nodes in the RZ/{G2UL,Five} (r9a07g043)
device tree, increasing performance by ca. 33%.
arm64: dts: renesas: r8a78000: Add MFIS, MFIS-SCP, and transport nodes
Describe the MFIS and MFIS SCP instances which are used for various
tasks including inter-processor communication. Remove the PRR node
because it is part of MFIS on R-Car X5H and should be handled using the
MFIS compatible. Also, describe the S-TCM transport area used for shared
memory mailboxing.
Marek Vasut [Sun, 17 May 2026 16:31:25 +0000 (18:31 +0200)]
arm64: dts: renesas: ironhide: Describe all reserved memory
Fully describe all available DRAM in the DT, and describe regions which
are not accessible because they are used by firmware in reserved-memory
nodes.
Replace the first memory bank memory@60600000 with memory@40000000 and a
518 MiB long reserved-memory no-map subnode. This memory region is used
by other cores in the system.
Reserve 32 kiB of memory at 0x8c100000 for parameters shared by IPL,
SCP, TFA BL31 and TEE.
Reserve 512 kiB of memory at 0x8c200000 for TFA BL31. The upcoming
upstream TFA 2.15 BL31 uses memory from 0x8c200000..0x8c242fff; rounding
up to 512 kiB is slight future-proofing.
Reserve 32 MiB of memory at 0x8c400000 for OPTEE-OS, which is the entire
OPTEE-OS TZ protected DRAM area.
Neither TFA BL31 nor OPTEE-OS modify the DT passed to Linux in any way
with any new reserved-memory {} nodes to reserve memory areas used by
the TFA BL31 or OPTEE-OS to prevent the next stage from using those
areas, which lets Linux use all of the available DRAM as it is described
in the DT that was passed in by U-Boot, including the areas that are
newly utilized by TFA BL31 or OPTEE-OS.
In case of high DRAM utilization, unless the memory used by TFA BL31 or
OPTEE-OS is properly reserved, Linux may use and corrupt the memory used
by TFA BL31 or OPTEE-OS, which would lead to the system becoming
unresponsive.
The HW user manual for the Renesas RZ/T2H and the RZ/N2H states that for
SDR104, SDR50, and HS200 to work properly the eMMC/SDHI interface pins
have to be configured as specified below:
- SDn_CLK pin - drive strength: Ultra High, slew rate: Fast,
- Other SDn_* pins: drive strength: High, slew rate: Fast,
Schmitt trigger: disabled (not applicable to SDn_RST pins).
HS DDR and DDR50 are currently not supported, and for every other bus
mode the eMMC/SDHI interface pins should be configured as specified
below:
- SDn_CLK pin - drive strength: High, slew rate: Fast,
- Other SDn_* pins: drive strength: Middle, slew rate: Fast,
Schmitt trigger: disabled (not applicable to SDn_RST pins).
The Renesas R-Car X5H (R8A78000) SoC contains Arm CoreLink GIC-720AE
Generic Interrupt Controller with Multi View capability. Firmware has
access to configuration View 0, Linux kernel has access to View 1.
The Arm CoreLink GIC-720AE Generic Interrupt Controller Technical
Reference Manual, currently latest r2p1 [1], chapter "5. Programmers
model for GIC-720AE", subchapter "5.4 Redistributor registers
for control and physical LPIs summary", part "5.4.3 GICR_TYPER,
Redistributor Type Register", "Table 5-50: GICR_TYPER bit descriptions"
on page 200, clarifies register "GICR_TYPER" bit 4 "Last" behavior
in Multi View setup as follows:
Last
Last Redistributor:
0 ... This Redistributor is not the last Redistributor on the chip.
1 ... This Redistributor is the last Redistributor on the chip.
When GICD_CFGID.VIEW == 1, for views 1, 2, or 3 this bit
always returns 1.
On this SoC, GICD_CFGID.VIEW is 1 and the Linux kernel has access to
View 1, therefore Linux kernel GICv3 driver will interpret register
"GICR_TYPER" bit 4 "Last" = 1 in the first Redistributor in continuous
Redistributor page as that first Redistributor being the one and only
Redistributor and will stop processing the continuous Redistributor
page further. This will prevent the other Redistributors from being
recognized by the system and used for other PEs.
Because the hardware indicates that the continuous Redistributor page
is not continuous for View 1, 2, or 3, describe every Redistributor
separately in the DT. This makes all Redistributors for all cores
accessible in Linux.
Add audio_clk1 and audio_clk2 fixed-clock nodes to the RZ/G3L (r9a08g046)
SoC DTSI. These clocks are external to the SoC and their frequencies are
board-dependent, so they are defined with clock-frequency = <0> as
placeholders that must be overridden in board-level DTS files.
Add i2c{0..3} device nodes to RZ/G3L ("R9A08G046") SoC DTSI.
As the place holders for i2c0 is removed, add the pincontrol
device nodes to make it functional on the board DTS.
We need to properly map camss WM index to our internal WM client
instance. Today we only support RDI interfaces with the RDI_WM
macro, introduce a __wm_to_client helper to support any interface.
Add PIX path support to the CSID-340 driver. The hardware exposes a
dedicated PIX interface in addition to the existing RDI paths, but
the driver only supported RDI stream configuration so far.
The PIX path is configured similarly to RDI but requires decode-format
to be specified.
The PIX pipeline can subsequently perform further processing,
including scaling, cropping, and statistics.
The CSID-340 block uses different register offsets for the PIX and RDI
interfaces, but the driver previously indexed these registers directly
with the camss port number. This happened to work for RDI because the
port index matches the RDI register layout, but this assumption breaks
with upcoming PIX interface support
Introduce an explicit port-to-interface mapping and use the mapped iface
index when programming CSID_CFG0 and CSID_CTRL. This replaces the
standalone __csid_ctrl_rdi() helper and simplifies the RDI stream setup
path.
Also correct the CSID_CFG0/CTRL base offsets and clean up the code in
preparation for full PIX path support.
Like RDI, PIX outputs Bayer frames but can also achieve some image
processing such as scaling, cropping and generating statitics (e.g.
histogram), it also offer more flexebility in term of image alignment
and stride. All of that can then later be leveraged to improve
software or hardware frames post-processing.
media: qcom: camss: csid-340: Switch to generic CSID_CFG/CTRL registers
The former RDI-specific register definitions (CSID_RDI_CFG0/CTRL) are
renamed to unified CSID_CFG0/CSID_CTRL variants, as their layout is
interface agnostic. This refactoring provides the foundation for
extending csid-340 with missing PIX interface/path support.
The KSZ9031RNX reference manual [1] DS00002117K page 62 FIGURE 7-5:
POWER-UP/POWER-DOWN/RESET TIMING Note 2 states, that after the
de-assertion of reset, wait a minimum of 100 us before starting
programming on the MIIM (MDC/MDIO) interface. Set DT property
reset-deassert-us to three times that, 300 us, to provide ample
time between reset deassertion and MDIO access.
The KSZ9031RNX reference manual [1] DS00002117K page 62 TABLE 7-4:
POWER-UP/POWER-DOWN/RESET TIMING PARAMETERS row tSR Stable supply
voltages to de-assertion of reset is at minimum 10 ms. Set DT
property reset-assert-us to 10ms because the KSZ9031RNX RM does
not explicitly spell out how long the reset has to be asserted,
but this at least covers the worst case scenario.
The KSZ9031RNX reference manual [1] DS00002117K page 62 FIGURE 7-5:
POWER-UP/POWER-DOWN/RESET TIMING Note 2 states, that after the
de-assertion of reset, wait a minimum of 100 us before starting
programming on the MIIM (MDC/MDIO) interface. Set DT property
reset-deassert-us to three times that, 300 us, to provide ample
time between reset deassertion and MDIO access.
The KSZ9031RNX reference manual [1] DS00002117K page 62 TABLE 7-4:
POWER-UP/POWER-DOWN/RESET TIMING PARAMETERS row tSR Stable supply
voltages to de-assertion of reset is at minimum 10 ms. Set DT
property reset-assert-us to 10ms because the KSZ9031RNX RM does
not explicitly spell out how long the reset has to be asserted,
but this at least covers the worst case scenario.
The KSZ9031RNX reference manual [1] DS00002117K page 62 FIGURE 7-5:
POWER-UP/POWER-DOWN/RESET TIMING Note 2 states, that after the
de-assertion of reset, wait a minimum of 100 us before starting
programming on the MIIM (MDC/MDIO) interface. Set DT property
reset-deassert-us to three times that, 300 us, to provide ample
time between reset deassertion and MDIO access.
The KSZ9031RNX reference manual [1] DS00002117K page 62 TABLE 7-4:
POWER-UP/POWER-DOWN/RESET TIMING PARAMETERS row tSR Stable supply
voltages to de-assertion of reset is at minimum 10 ms. Set DT
property reset-assert-us to 10ms because the KSZ9031RNX RM does
not explicitly spell out how long the reset has to be asserted,
but this at least covers the worst case scenario.
The KSZ9031RNX reference manual [1] DS00002117K page 62 FIGURE 7-5:
POWER-UP/POWER-DOWN/RESET TIMING Note 2 states, that after the
de-assertion of reset, wait a minimum of 100 us before starting
programming on the MIIM (MDC/MDIO) interface. Set DT property
reset-deassert-us to three times that, 300 us, to provide ample
time between reset deassertion and MDIO access.
The KSZ9031RNX reference manual [1] DS00002117K page 62 TABLE 7-4:
POWER-UP/POWER-DOWN/RESET TIMING PARAMETERS row tSR Stable supply
voltages to de-assertion of reset is at minimum 10 ms. Set DT
property reset-assert-us to 10ms because the KSZ9031RNX RM does
not explicitly spell out how long the reset has to be asserted,
but this at least covers the worst case scenario.
The KSZ9031RNX reference manual [1] DS00002117K page 62 FIGURE 7-5:
POWER-UP/POWER-DOWN/RESET TIMING Note 2 states, that after the
de-assertion of reset, wait a minimum of 100 us before starting
programming on the MIIM (MDC/MDIO) interface. Set DT property
reset-deassert-us to three times that, 300 us, to provide ample
time between reset deassertion and MDIO access.
The KSZ9031RNX reference manual [1] DS00002117K page 62 TABLE 7-4:
POWER-UP/POWER-DOWN/RESET TIMING PARAMETERS row tSR Stable supply
voltages to de-assertion of reset is at minimum 10 ms. Set DT
property reset-assert-us to 10ms because the KSZ9031RNX RM does
not explicitly spell out how long the reset has to be asserted,
but this at least covers the worst case scenario.
The KSZ9031RNX reference manual [1] DS00002117K page 62 FIGURE 7-5:
POWER-UP/POWER-DOWN/RESET TIMING Note 2 states, that after the
de-assertion of reset, wait a minimum of 100 us before starting
programming on the MIIM (MDC/MDIO) interface. Set DT property
reset-deassert-us to three times that, 300 us, to provide ample
time between reset deassertion and MDIO access.
The KSZ9031RNX reference manual [1] DS00002117K page 62 TABLE 7-4:
POWER-UP/POWER-DOWN/RESET TIMING PARAMETERS row tSR Stable supply
voltages to de-assertion of reset is at minimum 10 ms. Set DT
property reset-assert-us to 10ms because the KSZ9031RNX RM does
not explicitly spell out how long the reset has to be asserted,
but this at least covers the worst case scenario.
The KSZ9031RNX reference manual [1] DS00002117K page 62 FIGURE 7-5:
POWER-UP/POWER-DOWN/RESET TIMING Note 2 states, that after the
de-assertion of reset, wait a minimum of 100 us before starting
programming on the MIIM (MDC/MDIO) interface. Set DT property
reset-deassert-us to three times that, 300 us, to provide ample
time between reset deassertion and MDIO access.
The KSZ9031RNX reference manual [1] DS00002117K page 62 TABLE 7-4:
POWER-UP/POWER-DOWN/RESET TIMING PARAMETERS row tSR Stable supply
voltages to de-assertion of reset is at minimum 10 ms. Set DT
property reset-assert-us to 10ms because the KSZ9031RNX RM does
not explicitly spell out how long the reset has to be asserted,
but this at least covers the worst case scenario.
The KSZ9031RNX reference manual [1] DS00002117K page 62 FIGURE 7-5:
POWER-UP/POWER-DOWN/RESET TIMING Note 2 states, that after the
de-assertion of reset, wait a minimum of 100 us before starting
programming on the MIIM (MDC/MDIO) interface. Set DT property
reset-deassert-us to three times that, 300 us, to provide ample
time between reset deassertion and MDIO access.
The KSZ9031RNX reference manual [1] DS00002117K page 62 TABLE 7-4:
POWER-UP/POWER-DOWN/RESET TIMING PARAMETERS row tSR Stable supply
voltages to de-assertion of reset is at minimum 10 ms. Set DT
property reset-assert-us to 10ms because the KSZ9031RNX RM does
not explicitly spell out how long the reset has to be asserted,
but this at least covers the worst case scenario.
The KSZ9031RNX reference manual [1] DS00002117K page 62 FIGURE 7-5:
POWER-UP/POWER-DOWN/RESET TIMING Note 2 states, that after the
de-assertion of reset, wait a minimum of 100 us before starting
programming on the MIIM (MDC/MDIO) interface. Set DT property
reset-deassert-us to three times that, 300 us, to provide ample
time between reset deassertion and MDIO access.
The KSZ9031RNX reference manual [1] DS00002117K page 62 TABLE 7-4:
POWER-UP/POWER-DOWN/RESET TIMING PARAMETERS row tSR Stable supply
voltages to de-assertion of reset is at minimum 10 ms. Set DT
property reset-assert-us to 10ms because the KSZ9031RNX RM does
not explicitly spell out how long the reset has to be asserted,
but this at least covers the worst case scenario.
The KSZ9031RNX reference manual [1] DS00002117K page 62 FIGURE 7-5:
POWER-UP/POWER-DOWN/RESET TIMING Note 2 states, that after the
de-assertion of reset, wait a minimum of 100 us before starting
programming on the MIIM (MDC/MDIO) interface. Set DT property
reset-deassert-us to three times that, 300 us, to provide ample
time between reset deassertion and MDIO access.
The KSZ9031RNX reference manual [1] DS00002117K page 62 TABLE 7-4:
POWER-UP/POWER-DOWN/RESET TIMING PARAMETERS row tSR Stable supply
voltages to de-assertion of reset is at minimum 10 ms. Set DT
property reset-assert-us to 10ms because the KSZ9031RNX RM does
not explicitly spell out how long the reset has to be asserted,
but this at least covers the worst case scenario.
The KSZ9031RNX reference manual [1] DS00002117K page 62 FIGURE 7-5:
POWER-UP/POWER-DOWN/RESET TIMING Note 2 states, that after the
de-assertion of reset, wait a minimum of 100 us before starting
programming on the MIIM (MDC/MDIO) interface. Set DT property
reset-deassert-us to three times that, 300 us, to provide ample
time between reset deassertion and MDIO access.
The KSZ9031RNX reference manual [1] DS00002117K page 62 TABLE 7-4:
POWER-UP/POWER-DOWN/RESET TIMING PARAMETERS row tSR Stable supply
voltages to de-assertion of reset is at minimum 10 ms. Set DT
property reset-assert-us to 10ms because the KSZ9031RNX RM does
not explicitly spell out how long the reset has to be asserted,
but this at least covers the worst case scenario.
Add support for the Renesas R-Car M3Le (R8A779MD) SoC, a variant of the
R-Car M3-N (R8A77965) SoC. The Renesas M3Le SoC is a register-compatible
variant of the R8A77965 (M3-N) with reduced set of peripherals.
Document the compatible value for the Renesas R-Car M3Le (R8A779MD)
SoC and the Renesas Geist development board. The Renesas M3Le SoC is
a register-compatible variant of the R8A77965 (M3-N) with reduced set
of peripherals. The Geist board is derived from Renesas Salvator-X/XS
boards, with adjustment for the R8A779MD SoC.
Move all differences into panel-aa104xd12.dtsi, rename OF_GRAPH links to
generic lvds_panel_out and lvds_panel_in names, and parametrize the LVDS
output in use using RENESAS_LVDS_OUTPUT macro. No functional change.
Enable the PCIE1 slot available on the RZ/V2N EVK.
Note, the PCIE_REFCLK comes from 5L35023B versa clock generator, once the
support for this clock generator is added, the fixed clock node can be
removed and can be replaced with a reference to the clock generator.
arm64: dts: renesas: rz-smarc-du-adv7513: Simplify DU port configuration
The SoC dtsi already defines the du node with its ports hierarchy,
including the du_out_rgb endpoint node under port@0. There is no need
to redefine the entire ports/port@0 structure in the board-level dtsi.
arm64: dts: renesas: r9a07g0{43,44,54}: Remove TCIU8 interrupt from MTU3
The TCIU8 interrupt used to be documented in earlier revisions of the
user manuals, but has since been removed. The corresponding entry is
now marked as reserved in the interrupt mapping tables of all supported
SoCs.
- Page 486, Table 8.2 Interrupt mapping (7/13) in the Renesas RZ/G2UL
Rev.1.40 User Manual
- Page 363, Table 8.2 Interrupt Mapping (6/13) in the Renesas RZ/Five
Rev.1.30 User Manual
- Page 528, Table 8.2 Interrupt mapping (7/13) in the Renesas RZ/G2L
and RZ/G2LC Rev.1.50 User Manual
- Page 540, Table 8.2 Interrupt mapping (7/13) in the Renesas RZ/V2L
Rev.1.50 User Manual
Remove the TCIU8 interrupt. This does not cause any breakage as the
driver does not make use of the interrupts.
Jon Hunter [Fri, 29 May 2026 17:33:37 +0000 (18:33 +0100)]
firmware: tegra: bpmp: Add support for multi-socket platforms
On multi-socket platforms each socket has its own BPMP that is
registered with the kernel, so the existing single fixed "bpmp"
debugfs directory name cannot accommodate more than one instance.
Group the per-socket BPMP debugfs entries under a shared top-level
/sys/kernel/debug/bpmp/ directory, with each socket's BPMP device
under a "<numa-node-id>-bpmp" subdirectory:
For a multi-socket platform, the root debugfs bpmp/ directory is created
by the first BPMP device that is populated. For single-socket platforms,
the existing directory structure is preserved.
Signed-off-by: Jon Hunter <jonathanh@nvidia.com> Signed-off-by: Thierry Reding <treding@nvidia.com>
Jon Hunter [Fri, 29 May 2026 17:33:36 +0000 (18:33 +0100)]
firmware: tegra: bpmp: Propagate debugfs errors
The Tegra BPMP debugfs code returns -ENOMEM for most cases where calls
to debugfs_create_dir() or debugfs_create_file() fail. These debugfs
functions return an ERR_PTR with the actual error code on failure.
Therefore, update the Tegra BPMP debugfs code to propagate the actual
error code on failure.
Signed-off-by: Jon Hunter <jonathanh@nvidia.com> Signed-off-by: Thierry Reding <treding@nvidia.com>
Diogo Ivo [Thu, 21 May 2026 13:48:48 +0000 (15:48 +0200)]
soc/tegra: pmc: Restrict power-off handler to Nexus 7
The Tegra PMC power-off handler exists solely to reboot the Nexus 7 into
a special bootloader mode when a USB cable is connected, so that the
bootloader can display battery status instead of powering off. There is
no reason to register it on any other Tegra board.
Guard the registration behind of_machine_is_compatible("asus,grouper")
and rename the handler to tegra_pmc_grouper_power_off_handler to make
its scope explicit. The of_machine_is_compatible() check inside the
handler itself is now redundant and is removed.
This also avoids occupying SYS_OFF_PRIO_FIRMWARE on boards that have
other handlers at that priority level.
Assisted-by: Claude:claude-sonnet-4-6 Signed-off-by: Diogo Ivo <diogo.ivo@tecnico.ulisboa.pt> Signed-off-by: Thierry Reding <treding@nvidia.com>
Jon Hunter [Fri, 22 May 2026 15:58:24 +0000 (16:58 +0100)]
soc/tegra: pmc: Populate powergate debugfs only when needed
The 'powergate' debugfs node is used to show the state of the powergates
but for some devices the 'num_powergates' is 0 and so it displays
nothing. Therefore, only populate this debugfs entry for devices where
num_powergates is greater than 0.
Signed-off-by: Jon Hunter <jonathanh@nvidia.com> Signed-off-by: Thierry Reding <treding@nvidia.com>
None of this legacy code is needed on 64-bit ARM devices, so it can be
moved behind a corresponding preprocessor guard. This more cleanly
separates out the legacy code from code needed on current platforms.
Acked-by: Jon Hunter <jonathanh@nvidia.com> Signed-off-by: Thierry Reding <treding@nvidia.com>
Thierry Reding [Mon, 3 Feb 2025 17:12:58 +0000 (18:12 +0100)]
soc/tegra: pmc: Create PMC context dynamically
For legacy purposes, an early PMC context is needed to support certain
drivers and functionalities. However, when the PMC driver is probed in
the later boot stages, the early context is no longer needed. Allocate
the PMC context dynamically at probe time so that it can be used going
forward.
While at it, rename the early PMC context to more accurately reflect
what it is used for. It's technically not only for early boot stages,
but also to support some code that doesn't have a way of obtaining the
correct context otherwise (e.g. no access to device tree).
Acked-by: Jon Hunter <jonathanh@nvidia.com> Signed-off-by: Thierry Reding <treding@nvidia.com>
Linus Torvalds [Sun, 31 May 2026 00:05:58 +0000 (17:05 -0700)]
Merge tag 'v7.1-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull smb client fixes from Steve French:
- fix uninitialized variable in smb2_writev_callback()
- detect short folioq copy in cifs_copy_folioq_to_iter()
* tag 'v7.1-rc6-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
smb: client: fix uninitialized variable in smb2_writev_callback
smb: client: detect short folioq copy in cifs_copy_folioq_to_iter()
Linus Torvalds [Sat, 30 May 2026 22:39:47 +0000 (15:39 -0700)]
Merge tag 'liveupdate-fixes-2026-05-30' of git://git.kernel.org/pub/scm/linux/kernel/git/liveupdate/linux
Pull liveupdate fixes from Mike Rapoport:
"Two kexec handover regression fixes:
- fix order calculation for kho_unpreserve_pages() to make sure sure
that the order calculation in kho_unpreserve_pages() mathes the
order calculation in kho_preserve_pages().
- fix math in calculation of KHO_TREE_MAX_DEPTH to make it work with
16KB pages"
* tag 'liveupdate-fixes-2026-05-30' of git://git.kernel.org/pub/scm/linux/kernel/git/liveupdate/linux:
kho: fix order calculation for kho_unpreserve_pages()
kho: fix KHO_TREE_MAX_DEPTH for non-4KB page sizes
Linus Torvalds [Sat, 30 May 2026 22:37:05 +0000 (15:37 -0700)]
Merge tag 'fixes-2026-05-30' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock
Pull memblock fix from Mike Rapoport:
"Fix regression from memblock_free_late() refactoring
After refactoring of memblock_free_late() and free_init_pages() it
became possible to call memblock_free() after memblock init data was
discarded.
Make sure memblock_free() does not touch memblock.reserved unless it
is called early enough or when ARCH_KEEP_MEMBLOCK is enabled"
* tag 'fixes-2026-05-30' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock:
memblock: don't touch memblock arrays when memblock_free() is called late
Johan Hovold [Mon, 11 May 2026 14:37:13 +0000 (16:37 +0200)]
i2c: core: fix adapter deregistration race
Adapters can be looked up by their id using i2c_get_adapter() which
takes a reference to the embedded struct device.
Remove the adapter from the IDR before tearing it down during
deregistration (and on registration failure) to make sure its resources
are not accessed after having been freed (e.g. the device name).
Fixes: 35fc37f81881 ("i2c: Limit core locking to the necessary sections") Cc: stable@vger.kernel.org # 2.6.31 Cc: Jean Delvare <khali@linux-fr.org> Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Johan Hovold [Mon, 11 May 2026 14:37:12 +0000 (16:37 +0200)]
i2c: core: fix adapter registration race
Adapters can be looked up based on their id using i2c_get_adapter()
which takes a reference to the embedded struct device.
Make sure that the adapter (including its struct device) has been
initialised before adding it to the IDR to avoid accessing uninitialised
data which could, for example, lead to NULL-pointer dereferences or
use-after-free.
Note that the i2c-dev chardev, which is registered from a bus notifier,
currently uses i2c_get_adapter() so the adapter needs to be added to the
IDR before registration.
Fixes: 6e13e6418418 ("i2c: Add i2c_add_numbered_adapter()") Cc: stable@vger.kernel.org # 2.6.22 Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Johan Hovold [Mon, 11 May 2026 14:37:11 +0000 (16:37 +0200)]
i2c: core: disable runtime PM on adapter registration failure
Runtime PM is disabled by driver core when deregistering a device (and
on registration failure) but add an explicit disable to balance the
enable call when adapter registration fails for symmetry.
Fixes: 23a698fe65ec ("i2c: core: treat EPROBE_DEFER when acquiring SCL/SDA GPIOs") Cc: Codrin Ciubotariu <codrin.ciubotariu@microchip.com> Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Johan Hovold [Mon, 11 May 2026 14:37:10 +0000 (16:37 +0200)]
i2c: core: fix adapter debugfs creation
Clients can be registered from bus notifier callbacks so the debugfs
directory needs to be created before registering the adapter as clients
use that directory as their debugfs parent.
Move debugfs creation before adapter registration to avoid having
clients create their debugfs directories in the debugfs root (which is
also more likely to fail due to name collisions).
Note that failure to allocate the adapter name must now be handled
explicitly as debugfs_create_dir() cannot handle a NULL name (unlike
device_add() which returns an error).
Fixes: 73febd775bdb ("i2c: create debugfs entry per adapter") Cc: stable@vger.kernel.org # 6.8 Cc: Wolfram Sang <wsa+renesas@sang-engineering.com> Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Johan Hovold [Mon, 11 May 2026 14:37:09 +0000 (16:37 +0200)]
i2c: core: fix adapter probe deferral loop
Drivers must not probe defer after having registered devices as that
will trigger a probe loop if the devices bind to a driver (cf. commit fbc35b45f9f6 ("Add documentation on meaning of -EPROBE_DEFER")).
Move the recovery initialisation, where the GPIO lookup may fail, before
registering the adapter to prevent this.
Johan Hovold [Mon, 11 May 2026 14:37:07 +0000 (16:37 +0200)]
i2c: core: fix hang on adapter registration failure
Clients may be registered from bus notifier callbacks when the adapter
is registered. On a subsequent error during registration, the adapter
references taken by such clients prevent the wait for the references to
be released from ever completing.
Fix this by refactoring client deregistration and deregistering also on
late adapter registration failures.
Fixes: f8756c67b3de ("i2c: core: call of_i2c_setup_smbus_alert in i2c_register_adapter") Cc: stable@vger.kernel.org # 4.15 Cc: Phil Reid <preid@electromag.com.au> Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Johan Hovold [Mon, 11 May 2026 14:37:06 +0000 (16:37 +0200)]
i2c: core: fix irq domain leak on adapter registration failure
Make sure to tear down the host notify irq domain on adapter
registration failure to avoid leaking it.
This issue was flagged by Sashiko when reviewing another adapter
registration fix.
Fixes: 4d5538f5882a ("i2c: use an IRQ to report Host Notify events, not alert") Cc: stable@vger.kernel.org # 4.10 Cc: Benjamin Tissoires <bentiss@kernel.org> Signed-off-by: Johan Hovold <johan@kernel.org> Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
wifi: iwlwifi: mld: send tx power constraints before link activation
TX power constraints must be sent to the firmware before link
activation. If not, the firmware will use default power values.
Fix this by moving the iwl_mld_send_ap_tx_power_constraint_cmd()
call from iwl_mld_start_ap_ibss() to iwl_mld_assign_vif_chanctx(),
before iwl_mld_activate_link() for AP interfaces. Also update
the guard in the function to allow it to run before link activation
for AP interfaces.
All buses have been converted from driver_set_override() to the generic
driver_override infrastructure introduced in commit cb3d1049f4ea
("driver core: generalize driver_override in struct device").
Buses now either opt into the generic sysfs callbacks via the
bus_type::driver_override flag, or use device_set_driver_override() /
__device_set_driver_override() directly.
Thus, remove the now-unused driver_set_override() helper.
When a driver is probed through __driver_attach(), the bus' match()
callback is called without the device lock held, thus accessing the
driver_override field without a lock, which can cause a UAF.
Fix this by using the driver-core driver_override infrastructure taking
care of proper locking internally.
Note that calling match() from __driver_attach() without the device lock
held is intentional. [1]
Drivers: hv: vmbus: use generic driver_override infrastructure
When a driver is probed through __driver_attach(), the bus' match()
callback is called without the device lock held, thus accessing the
driver_override field without a lock, which can cause a UAF.
Fix this by using the driver-core driver_override infrastructure taking
care of proper locking internally.
Note that calling match() from __driver_attach() without the device lock
held is intentional. [1]
When a driver is probed through __driver_attach(), the bus' match()
callback is called without the device lock held, thus accessing the
driver_override field without a lock, which can cause a UAF.
Fix this by using the driver-core driver_override infrastructure taking
care of proper locking internally.
Note that calling match() from __driver_attach() without the device lock
held is intentional. [1]
projects / thirdparty / kernel / stable.git / log
