docs: kdoc: better handle source when producing YAML output
The current logic was storing symbols source code on a list,
not linked to the actual KdocItem. While this works fine when
kernel-doc markups are OK, on places where there is a "/**"
without a valid kernel-doc markup, it ends that the 1:1 match
between source code and KdocItem doesn't happen, causing
problems to generate the YAML output.
Fix it by storing the source code directly into the KdocItem
structure.
This shouldn't affect performance or memory footprint, except
when --yaml option is used.
While here, add a __repr__() function for KdocItem, as it
helps debugging it.
ReST simple tables use "=" instead of "-". I ended testing it with
a table modified from a complex one, using "--- --- ---", instead
of searching for a real Kernel example.
Only noticed when adding an unit test and seek for an actual
example from kernel-doc markups.
unittests: test_kdoc_parser: add command line arg to read a YAML file
The test_kdoc_parser.py already supports loading dynamic tests
when running unit tests.
Add support to read from a different file. This is useful for:
- regression tests before/afer some changes;
- preparing new unit tests;
- test a different yaml before adding its contents at
tools/unittests/kdoc-test.yaml.
It should be noticed that passing an argument to a unit test
is not too trivial, as unittest core will load itself the
runner with a separate environment. The best (only?) way to
do it is by setting the system environment. This way, when
the class is called by the unit test loader, it can pick
the var from the environment without relying on a global
variable.
The unittest_helper has already provision for it, so let's
use its support.
Roberto Ricci [Tue, 24 Mar 2026 22:39:04 +0000 (23:39 +0100)]
cpupower-info.1: describe the --perf-bias option
The cpupower-info(1) man page only mentions the short form of the
'--perf-bias' option in the synopsys, but the long form is not documented
and its effect is not explained.
Roberto Ricci [Tue, 24 Mar 2026 22:39:03 +0000 (23:39 +0100)]
cpupower-frequency-info.1: document --boost and --epp options
`cpupower frequency-info` supports the '--boost' option since the program
was first added with commit 7fe2f6399a84 ("cpupowerutils - cpufrequtils
extended with quite some features"), but the man page lacks it.
'--epp' has been added with commit 5f567afc283f ("cpupower: Add support for
showing energy performance preference") but it has never been added to the
man page.
Roberto Ricci [Tue, 24 Mar 2026 22:39:02 +0000 (23:39 +0100)]
cpupower-frequency-info.1: use the proper name of the --perf option
The cpupower-frequency-info(1) man page describes a '--perf' option.
Even though this form is accepted by the program, its proper name is
'--performance'.
Roberto Ricci [Tue, 24 Mar 2026 22:39:01 +0000 (23:39 +0100)]
cpupower-idle-info.1: fix short option names
The cpupower-idle-info(1) man page describes '-f' as the short form of the
'--silent' option and '-e' as the short form of the '--proc' option.
But they are not correct:
Pengpeng Hou [Wed, 25 Mar 2026 00:42:45 +0000 (08:42 +0800)]
Bluetooth: btusb: clamp SCO altsetting table indices
btusb_work() maps the number of active SCO links to USB alternate
settings through a three-entry lookup table when CVSD traffic uses
transparent voice settings. The lookup currently indexes alts[] with
data->sco_num - 1 without first constraining sco_num to the number of
available table entries.
While the table only defines alternate settings for up to three SCO
links, data->sco_num comes from hci_conn_num() and is used directly.
Cap the lookup to the last table entry before indexing it so the
driver keeps selecting the highest supported alternate setting without
reading past alts[].
Fixes: baac6276c0a9 ("Bluetooth: btusb: handle mSBC audio over USB Endpoints") Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Hyunwoo Kim [Fri, 20 Mar 2026 11:23:10 +0000 (20:23 +0900)]
Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop
l2cap_config_req() processes CONFIG_REQ for channels in BT_CONNECTED
state to support L2CAP reconfiguration (e.g. MTU changes). However,
since both CONF_INPUT_DONE and CONF_OUTPUT_DONE are already set from
the initial configuration, the reconfiguration path falls through to
l2cap_ertm_init(), which re-initializes tx_q, srej_q, srej_list, and
retrans_list without freeing the previous allocations and sets
chan->sdu to NULL without freeing the existing skb. This leaks all
previously allocated ERTM resources.
Additionally, l2cap_parse_conf_req() does not validate the minimum
value of remote_mps derived from the RFC max_pdu_size option. A zero
value propagates to l2cap_segment_sdu() where pdu_len becomes zero,
causing the while loop to never terminate since len is never
decremented, exhausting all available memory.
Fix the double-init by skipping l2cap_ertm_init() and
l2cap_chan_ready() when the channel is already in BT_CONNECTED state,
while still allowing the reconfiguration parameters to be updated
through l2cap_parse_conf_req(). Also add a pdu_len zero check in
l2cap_segment_sdu() as a safeguard.
Fixes: 96298f640104 ("Bluetooth: L2CAP: handle l2cap config request during open state") Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Hyunwoo Kim [Fri, 20 Mar 2026 11:01:26 +0000 (20:01 +0900)]
Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()
l2cap_conn_del() calls cancel_delayed_work_sync() for both info_timer
and id_addr_timer while holding conn->lock. However, the work functions
l2cap_info_timeout() and l2cap_conn_update_id_addr() both acquire
conn->lock, creating a potential AB-BA deadlock if the work is already
executing when l2cap_conn_del() takes the lock.
Move the work cancellations before acquiring conn->lock and use
disable_delayed_work_sync() to additionally prevent the works from
being rearmed after cancellation, consistent with the pattern used in
hci_conn_del().
Fixes: ab4eedb790ca ("Bluetooth: L2CAP: Fix corrupted list in hci_chan_del") Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Cen Zhang [Wed, 18 Mar 2026 12:54:03 +0000 (20:54 +0800)]
Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock
btintel_hw_error() issues two __hci_cmd_sync() calls (HCI_OP_RESET
and Intel exception-info retrieval) without holding
hci_req_sync_lock(). This lets it race against
hci_dev_do_close() -> btintel_shutdown_combined(), which also runs
__hci_cmd_sync() under the same lock. When both paths manipulate
hdev->req_status/req_rsp concurrently, the close path may free the
response skb first, and the still-running hw_error path hits a
slab-use-after-free in kfree_skb().
Wrap the whole recovery sequence in hci_req_sync_lock/unlock so it
is serialized with every other synchronous HCI command issuer.
Below is the data race report and the kasan report:
BUG: data-race in __hci_cmd_sync_sk / btintel_shutdown_combined
read of hdev->req_rsp at net/bluetooth/hci_sync.c:199
by task kworker/u17:1/83:
__hci_cmd_sync_sk+0x12f2/0x1c30 net/bluetooth/hci_sync.c:200
__hci_cmd_sync+0x55/0x80 net/bluetooth/hci_sync.c:223
btintel_hw_error+0x114/0x670 drivers/bluetooth/btintel.c:254
hci_error_reset+0x348/0xa30 net/bluetooth/hci_core.c:1030
write/free by task ioctl/22580:
btintel_shutdown_combined+0xd0/0x360
drivers/bluetooth/btintel.c:3648
hci_dev_close_sync+0x9ae/0x2c10 net/bluetooth/hci_sync.c:5246
hci_dev_do_close+0x232/0x460 net/bluetooth/hci_core.c:526
BUG: KASAN: slab-use-after-free in
sk_skb_reason_drop+0x43/0x380 net/core/skbuff.c:1202
Read of size 4 at addr ffff888144a738dc
by task kworker/u17:1/83:
__hci_cmd_sync_sk+0x12f2/0x1c30 net/bluetooth/hci_sync.c:200
__hci_cmd_sync+0x55/0x80 net/bluetooth/hci_sync.c:223
btintel_hw_error+0x186/0x670 drivers/bluetooth/btintel.c:260
Fixes: 973bb97e5aee ("Bluetooth: btintel: Add generic function for handling hardware errors") Signed-off-by: Cen Zhang <zzzccc427@gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Zhang Chen [Thu, 19 Mar 2026 09:32:11 +0000 (17:32 +0800)]
Bluetooth: L2CAP: Fix send LE flow credits in ACL link
When the L2CAP channel mode is L2CAP_MODE_ERTM/L2CAP_MODE_STREAMING,
l2cap_publish_rx_avail will be called and le flow credits will be sent in
l2cap_chan_rx_avail, even though the link type is ACL.
The logs in question as follows:
> ACL Data RX: Handle 129 flags 0x02 dlen 12
L2CAP: Unknown (0x16) ident 4 len 4
40 00 ed 05
< ACL Data TX: Handle 129 flags 0x00 dlen 10
L2CAP: Command Reject (0x01) ident 4 len 2
Reason: Command not understood (0x0000)
Bluetooth: Unknown BR/EDR signaling command 0x16
Bluetooth: Wrong link type (-22)
Fixes: ce60b9231b66 ("Bluetooth: compute LE flow credits based on recvbuf space") Signed-off-by: Zhang Chen <zhangchen01@kylinos.cn> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Rito Rhymes [Mon, 23 Mar 2026 15:24:27 +0000 (11:24 -0400)]
docs: allow long links to wrap per character to prevent page overflow
Some documentation pages contain long link text without natural
break points, which can force page-wide horizontal scroll overflow
on small screens.
Use overflow-wrap: anywhere for anchor text in the docs stylesheet so
links can wrap per character as a fallback when normal word boundaries
are unavailable.
Rito Rhymes [Mon, 23 Mar 2026 15:24:28 +0000 (11:24 -0400)]
docs: allow long table reference links to wrap and prevent overflow
Some documentation pages contain docutils tables with reference links
that use long unbroken strings. Those strings can expand the table
width beyond the content column and cause page-wide horizontal
overflow.
Allow reference links in docutils tables in the main document body to
wrap when needed so the table stays within the content column and does
not break page layout.
Rito Rhymes [Mon, 23 Mar 2026 15:33:42 +0000 (11:33 -0400)]
docs: contain horizontal overflow in C API descriptions
Some documentation pages contain long C API signatures that can exceed
the content width and cause page-wide horizontal scroll overflow.
Apply contained horizontal scrolling to C API description blocks and
keep their signature rows on one line. This preserves signature
formatting while preventing them from breaking page layout.
Contained horizontal scrolling is preferred over wrapping here because
code fidelity is the priority. These blocks are intended to remain
representative of the code itself. Wrapping distorts spacing and line
structure, which affects fidelity, creates misleading renderings, and
reduces readability.
Rito Rhymes [Mon, 23 Mar 2026 15:14:01 +0000 (11:14 -0400)]
docs: allow inline literals in paragraphs to wrap to prevent overflow
Some documentation pages contain long inline literals in paragraph
text that can force page-wide horizontal scroll overflow and break
layout on smaller screens.
Override the default `span.pre` white-space behavior for inline
literals and use `overflow-wrap: anywhere` so they can wrap when
needed. For code used as part of a paragraph, wrapping is appropriate
because it is stylistically part of the surrounding text. Code blocks,
by contrast, are meant to preserve formatting fidelity and are better
served by contained horizontal scrolling.
Both smp_call_function() and smp_call_function_single() use per-CPU
call_single_data_t variable to hold the infamous CSD lock. However,
while smp_call_function() acquires the destination CPU's CSD lock,
smp_call_function_single() instead uses the source CPU's CSD lock.
(These are two separate sets of CSD locks, cfd_data and csd_data,
respectively.)
This otherwise inexplicable pair of choices is explained by their
respective queueing properties. If smp_call_function() where to
use the sending CPU's CSD lock, that would serialize the destination
CPUs' IPI handlers and result in long smp_call_function() latencies,
especially on systems with large numbers of CPUs. For its part, if
smp_call_function_single() were to use the (single) destination CPU's
CSD lock, this would similarly serialize in the case where many CPUs
are sending IPIs to a single "victim" CPU. Plus it would result in
higher levels of memory contention.
Except that if there is no NMI-based stack tracing on a weakly ordered
system where remote unsynchronized stack traces are especially unreliable,
the improved debugging beats the improved queueing. This improved queueing
only matters if a bunch of CPUs are calling smp_call_function_single()
concurrently for a single "victim" CPU, which is not the common case.
Therefore, make smp_call_function_single() use the destination CPU's
csd_data instance in kernels built with CONFIG_CSD_LOCK_WAIT_DEBUG=y
where csdlock_debug_enabled is also set. Otherwise, continue to use
the source CPU's csd_data.
Randy Dunlap [Tue, 10 Mar 2026 06:17:26 +0000 (23:17 -0700)]
smp: Add missing kernel-doc comments
Add missing kernel-doc comments and rearrange the order of others to
prevent all kernel-doc warnings.
- add function Returns: sections or format existing comments as kernel-doc
- add missing function parameter comments
- use "/**" for smp_call_function_any() and on_each_cpu_cond_mask()
- correct the commented function name for on_each_cpu_cond_mask()
- use correct format for function short descriptions
- add all kernel-doc comments for smp_call_on_cpu()
- remove kernel-doc comments for raw_smp_processor_id() since there is
no prototype for it here (other than !SMP)
- in smp.h, rearrange some lines so that the kernel-doc comments for
smp_processor_id() are immediately before the macro (to prevent
kernel-doc warnings)
- remove "Returns" from smp_call_function() since it doesn't
return a value
Eric Biggers [Sat, 21 Mar 2026 07:53:38 +0000 (00:53 -0700)]
fscrypt: use AES library for v1 key derivation
Convert the implementation of the v1 (original / deprecated) fscrypt
per-file key derivation algorithm to use the AES library instead of an
"ecb(aes)" crypto_skcipher. This is much simpler.
While the AES library doesn't support AES-ECB directly yet, we can still
simply call aes_encrypt() in a loop. While that doesn't explicitly
parallelize the AES encryptions, it doesn't really matter in this case,
where a new key is used each time and only 16 to 64 bytes are encrypted.
In fact, a quick benchmark (AMD Ryzen 9 9950X) shows that this commit
actually greatly improves performance, from ~7000 cycles per key derived
to ~1500. The times don't differ much between 32 bytes and 64 bytes
either, so clearly the bottleneck is API stuff and key expansion.
Granted, performance of the v1 key derivation is no longer very
relevant: most users have moved onto v2 encryption policies. The v2 key
derivation uses HKDF-SHA512 (which is ~3500 cycles on the same CPU).
Still, it's nice that the simpler solution is much faster as well.
Chen-Yu Tsai [Tue, 24 Mar 2026 05:19:59 +0000 (13:19 +0800)]
PCI: mediatek-gen3: Integrate new pwrctrl API
With the new PCI pwrctrl API and PCI slot binding and power drivers, we now
have a way to describe and power up WiFi/BT adapters connected through a
PCIe or M.2 slot, or populated onto the mainboard itself. The latter case
has the adapter layout or design copied verbatim, replacing the slot with
direct connections.
Integrate the PCI pwrctrl API into the PCIe driver, so that power is
properly enabled before PCIe link training is done, allowing the card to
successfully be detected.
Chen-Yu Tsai [Tue, 24 Mar 2026 05:19:58 +0000 (13:19 +0800)]
PCI: mediatek-gen3: Disable device if further setup fails
If further setup fails after the device is powered on and link training
succeeds, we want to place the device back in a quiescence state to avoid
unintended activity and save power. This also helps with power state
tracking and balancing once pwrctrl API is integrated.
Power down the device in the error paths of mtk_pcie_startup_port() and
mtk_pcie_probe().
Chen-Yu Tsai [Tue, 24 Mar 2026 05:19:57 +0000 (13:19 +0800)]
PCI: mediatek-gen3: Split out device power helpers
In preparation for adding full power on/off control with the pwrctrl API,
split out the existing code that only partially deals with device power
sequencing into separate helper functions. The existing code only handles
PERST#.
This is purely moving code around, and brings no functional changes.
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
[mani: moved the 'err' variable to next commit] Signed-off-by: Manivannan Sadhasivam <mani@kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com> Reviewed-by: Manivannan Sadhasivam <mani@kernel.org> Link: https://patch.msgid.link/20260324052002.4072430-6-wenst@chromium.org
Chen-Yu Tsai [Tue, 24 Mar 2026 05:19:55 +0000 (13:19 +0800)]
PCI: mediatek-gen3: Move controller setup steps before PERST# control
Setting up the translation windows and enabling MSI involve only the
controller, not the link or any downstream device. These can be done before
the device is enabled.
Move these steps before the existing PERST# control and waiting for the
link to come up. This provides a cleaner separation of controller vs device
setup. This also allows the later commits that split out PERST# control and
add device power control to have cleaner teardown.
This change only moves code. No functional change is expected.
Chen-Yu Tsai [Tue, 24 Mar 2026 05:19:54 +0000 (13:19 +0800)]
PCI: mediatek-gen3: Move mtk_pcie_setup_irq() out of mtk_pcie_setup()
mtk_pcie_setup_irq() sets up the IRQ domains for PCI INTx and MSI, and
chains them to the controller's interrupt. It doesn't touch the PCIe
controller itself.
Move mtk_pcie_setup_irq() out of mtk_pcie_setup(), do it earlier so there's
nothing to clean up if it fails, and add an error message if it does fail.
Reorder mtk_pcie_irq_teardown() in the remove callback to follow. Also
create an error path in the probe function.
Max Zhen [Tue, 24 Mar 2026 16:31:59 +0000 (09:31 -0700)]
accel/amdxdna: Add per-process BO memory usage query support
Add support for querying per-process buffer object (BO) memory
usage through the amdxdna GET_ARRAY UAPI.
Introduce a new query type, DRM_AMDXDNA_BO_USAGE, along with
struct amdxdna_drm_bo_usage to report BO memory usage statistics,
including heap, total, and internal usage.
Track BO memory usage on a per-client basis by maintaining counters
in GEM open/close and heap allocation/free paths. This ensures the
reported statistics reflect the current memory footprint of each
process.
Wire the new query into the GET_ARRAY implementation to expose
the usage information to userspace.
Simon Richter [Sat, 7 Mar 2026 17:35:35 +0000 (02:35 +0900)]
PCI/VGA: Pass errors from pci_set_vga_state() up
pci_set_vga_state() returns an error code, which so far has been ignored by
the only caller, __vga_tryget(), so forward it to the caller. As the return
type of __vga_tryget() is a pointer, wrap the error in ERR_PTR().
Simon Richter [Sat, 7 Mar 2026 17:35:34 +0000 (02:35 +0900)]
PCI/VGA: Pass vga_get_uninterruptible() errors to userspace
If VGA routing cannot be established, vga_get_uninterruptible() returns an
error and does not increment the lock count. Return the error to the
caller.
Return before incrementing uc->io_cnt/mem_cnt so vga_arb_release() won't
call vga_put() when userspace closes the handle.
Ryan Roberts [Mon, 23 Mar 2026 16:39:16 +0000 (16:39 +0000)]
arm64: mm: __ptep_set_access_flags must hint correct TTL
It has been reported that since commit 752a0d1d483e9 ("arm64: mm:
Provide level hint for flush_tlb_page()"), the arm64
check_hugetlb_options selftest has been locking up while running "Check
child hugetlb memory with private mapping, sync error mode and mmap
memory".
This is due to hugetlb (and THP) helpers casting their PMD/PUD entries
to PTE and calling __ptep_set_access_flags(), which issues a
__flush_tlb_page(). Now that this is hinted for level 3, in this case,
the TLB entry does not get evicted and we end up in a spurious fault
loop.
Fix this by creating a __ptep_set_access_flags_anysz() function which
takes the pgsize of the entry. It can then add the appropriate hint. The
"_anysz" approach is the established pattern for problems of this class.
Reported-by: Aishwarya TCV <Aishwarya.TCV@arm.com> Fixes: 752a0d1d483e ("arm64: mm: Provide level hint for flush_tlb_page()") Signed-off-by: Ryan Roberts <ryan.roberts@arm.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Sakari Ailus [Tue, 17 Mar 2026 12:57:59 +0000 (14:57 +0200)]
platform: int3472: Drop redundant initialisation to 0 and NULL
A few fields in structs containing regulator initialisation data for Dell
laptops are initialised to 0 and NULL. Drop the explicit initialisation as
redundant.
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Reviewed-by: Hans de Goede <johannes.goede@oss.qualcomm.com> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Antti Laakso [Wed, 11 Mar 2026 13:19:10 +0000 (15:19 +0200)]
platform: int3472: Add MSI prestige board data
Define regulators and gpio for ov5675 in MSI Prestige 14 AI EVO+ laptop.
Signed-off-by: Antti Laakso <antti.laakso@linux.intel.com> Acked-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com> Reviewed-by: Hans de Goede <johannes.goede@oss.qualcomm.com>
[Sakari Ailus: Drop redundant initialisation to 0 and NULL.] Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Antti Laakso [Wed, 11 Mar 2026 13:19:09 +0000 (15:19 +0200)]
gpio: tps68470: Add i2c daisy chain support
The tps68470 daisy chain make use of gpio 1 and 2. When in use, these
gpios must be configured as inputs without pull-up.
Signed-off-by: Antti Laakso <antti.laakso@linux.intel.com> Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com> Acked-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com> Reviewed-by: Hans de Goede <johannes.goede@oss.qualcomm.com> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Antti Laakso [Wed, 11 Mar 2026 13:19:08 +0000 (15:19 +0200)]
platform: int3472: Add gpio software node
The tps68470 supports i2c daisy chain, which need to be configured by
gpio-tps68470 driver. Add daisy chain information to software node.
Signed-off-by: Antti Laakso <antti.laakso@linux.intel.com> Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com> Acked-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com> Reviewed-by: Hans de Goede <johannes.goede@oss.qualcomm.com> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Antti Laakso [Wed, 11 Mar 2026 13:19:06 +0000 (15:19 +0200)]
media: i2c: ov5675: Wait for endpoint
Defer probe if endpoint is not yet available. And do it before acquiring
clock, gpio and regulators.
Signed-off-by: Antti Laakso <antti.laakso@linux.intel.com> Reviewed-by: Daniel Scally <dan.scally@ideasonboard.com> Reviewed-by: Hans de Goede <johannes.goede@oss.qualcomm.com> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Michael Tretter [Fri, 7 Nov 2025 10:34:34 +0000 (11:34 +0100)]
media: staging: imx: configure src_mux in csi_start
After media_pipeline_start() was called, the media graph is assumed to
be validated. It won't be validated again if a second stream starts.
The imx-media-csi driver, however, changes hardware configuration in the
link_validate() callback. This can result in started streams with
misconfigured hardware.
In the concrete example, the ipu2_csi1 is driven by a parallel video
input. After the media pipeline has been started with this
configuration, a second stream is configured to use ipu1_csi0 with
MIPI-CSI input from imx6-mipi-csi2. This may require the reconfiguration
of ipu1_csi0 with ipu_set_csi_src_mux(). Since the media pipeline is
already running, link_validate won't be called, and the ipu1_csi0 won't
be reconfigured. The resulting video is broken, because the ipu1_csi0 is
misconfigured, but no error is reported.
Move ipu_set_csi_src_mux from csi_link_validate to csi_start to ensure
that input to ipu1_csi0 is configured correctly when starting the
stream. This is a local reconfiguration in ipu1_csi0 and is possible
while the media pipeline is running.
Since csi_start() is called with priv->lock already locked,
csi_set_src() must not lock priv->lock again. Thus, the mutex_lock() is
dropped.
Signed-off-by: Michael Tretter <m.tretter@pengutronix.de> Fixes: 4a34ec8e470c ("[media] media: imx: Add CSI subdev driver") Cc: stable@vger.kernel.org Reviewed-by: Frank Li <Frank.Li@nxp.com> Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de> Signed-off-by: Frank Li <Frank.Li@nxp.com> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Michael Tretter [Fri, 7 Nov 2025 10:34:33 +0000 (11:34 +0100)]
media: staging: imx: request mbus_config in csi_start
Request the upstream mbus_config in csi_start, which starts the stream,
instead of caching it in link_validate.
This allows to get rid of the mbus_cfg field in the struct csi_priv and
avoids state in the driver.
Fixes: 4a34ec8e470c ("[media] media: imx: Add CSI subdev driver") Cc: stable@vger.kernel.org Reviewed-by: Frank Li <Frank.Li@nxp.com> Signed-off-by: Michael Tretter <m.tretter@pengutronix.de> Reviewed-by: Philipp Zabel <p.zabel@pengutronix.de> Signed-off-by: Frank Li <Frank.Li@nxp.com> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Ayush Kumar [Tue, 25 Nov 2025 20:23:31 +0000 (20:23 +0000)]
media: staging: imx: Remove unnecessary braces from if statement
Adhering to Linux kernel coding style guidelines (Chapter 3: Indentation).
Signed-off-by: Ayush Kumar <ayushkr0s@gmail.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Signed-off-by: Frank Li <Frank.Li@nxp.com> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
ARM: dts: r9a06g032: Add #address-cells to the GIC node
When checking dts involving the r9a06g032.dtsi file, the following kind
of warnings are reported:
Missing property '#address-cells' in node xxx, using 0 as fallback
Indeed, #address-cells is not present in the GIC interrupt controller
node.
Fix it adding the missing property.
Value '0' is correct because:
1. GIC interrupt controller does not have children,
2. interrupt-map property in PCI node and in IRQ mux node consists of
several components and the component related to "parent unit
address", which size is defined by '#address-cells' of the node
pointed to by the interrupt-parent component, is not used (=0)
The Renesas RZ/V2N SoC (a.k.a. r9a09g056) comes with 4 CA55
cores and 1 CM33 core.
While the user manual doesn't explicitly specify which cores
should have access to particular watchdogs, it turns out that
(similarly to the Renesas RZ/V2H(P)) it only makes sense for
Linux to use WDT1.
Remove DT nodes wdt{0,2,3} from the RZ/V2N SoC specific dtsi
to make it compliant with the original design intent.
This change is harmless as there are no users for the nodes
being stripped out of this device tree.
The KSZ9131 schema does not document the "txdv-skew-psec" property,
neither does the kernel driver support this property. It does however
document and support the "txen-skew-psec" property. Fix what is likely
a copy-paste error from the matching "rxdv-skew-psec" property, use the
"txen-skew-psec" property instead of the "txdv-skew-psec" property.
Marek Vasut [Fri, 13 Mar 2026 16:39:05 +0000 (17:39 +0100)]
arm64: dts: renesas: Drop KSZ9131 PHY C22 compatible strings
The Microchip KSZ9131 PHY schema indicates that the compatible string
"ethernet-phy-id0022.1640" must not be followed by any other compatible
string. Drop trailing "ethernet-phy-ieee802.3-c22" to match the schema.
Marek Vasut [Fri, 13 Mar 2026 16:39:04 +0000 (17:39 +0100)]
arm64: dts: renesas: Drop RTL8211F PHY C22 compatible strings
The Realtek RTL8211F PHY schema indicates that the compatible string
"ethernet-phy-id001c.c916" must not be followed by any other compatible
string. Drop trailing "ethernet-phy-ieee802.3-c22" to match the schema.
Marek Vasut [Fri, 13 Mar 2026 16:39:03 +0000 (17:39 +0100)]
arm64: dts: renesas: Drop RTL8211E PHY C22 compatible strings
The Realtek RTL8211E PHY schema indicates that the compatible string
"ethernet-phy-id001c.c915" must not be followed by any other compatible
string. Drop trailing "ethernet-phy-ieee802.3-c22" to match the schema.
Long Li [Mon, 16 Mar 2026 21:07:42 +0000 (14:07 -0700)]
PCI: hv: Set default NUMA node to 0 for devices without affinity info
When hv_pci_assign_numa_node() processes a device that does not have
HV_PCI_DEVICE_FLAG_NUMA_AFFINITY set or has an out-of-range
virtual_numa_node, the device NUMA node is left unset. On x86_64,
the uninitialized default happens to be 0, but on ARM64 it is
NUMA_NO_NODE (-1).
Tests show that when no NUMA information is available from the Hyper-V
host, devices perform best when assigned to node 0. With NUMA_NO_NODE
the kernel may spread work across NUMA nodes, which degrades
performance on Hyper-V, particularly for high-throughput devices like
MANA.
Always set the device NUMA node to 0 before the conditional NUMA
affinity check, so that devices get a performant default when the host
provides no NUMA information, and behavior is consistent on both
x86_64 and ARM64.
Fixes: 999dd956d838 ("PCI: hv: Add support for protocol 1.3 and support PCI_BUS_RELATIONS2") Signed-off-by: Long Li <longli@microsoft.com> Reviewed-by: Michael Kelley <mhklinux@outlook.com> Signed-off-by: Wei Liu <wei.liu@kernel.org>
The watchdog timeout is signaled using an interrupt and, on this
interrupt, a software initiated reset is performed.
This software initiated reset performs, in the end, a hardware system
reset using SWRST_REQ of RSTCTRL register.
The watchdog itself is able to control directly the hardware system
reset without any operation done by the interrupt handler. This feature
allows the watchdog to not depend on the software to reset the system
when a watchdog timeout occurs.
Indeed, when the watchdog timeout occurs, the watchdog requests a system
reset using its own hardware dedicated line but this reset source is
disabled at the reset controller level.
To benefit of this feature and be robust against software issues, enable
watchdogs reset sources.
Suggested-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Signed-off-by: Herve Codina (Schneider Electric) <herve.codina@bootlin.com> Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Tested-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> Link: https://patch.msgid.link/20260324120435.243641-2-herve.codina@bootlin.com Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Rosen Penev [Tue, 24 Mar 2026 02:11:03 +0000 (19:11 -0700)]
clk: renesas: cpg-mssr: Use struct_size() helper
struct_size() is what is normally used when a flexible array member is
present to avoid accidental mistakes. pm_size is still needed for the
memcpy() call below.
Bradford Love [Tue, 17 Mar 2026 21:49:02 +0000 (16:49 -0500)]
media: cx23885: Module option to disable analog video
Initialized and left to themselves some boards with analog inputs,
on some modern platforms can throw critical errors which prevents
even digital from working thereafter. If analog is never used this
module parameter allows analog to be disabled on a card by card
basis.
It is already possible to disable analog audio.
For example, to disable for Hauppauge QuadHD with analog functionality:
options cx23885 disable_analog_video=56,57
can be placed insode of /etc/modprobe.d/cx23885.conf
Signed-off-by: Bradford Love <brad@nextdimension.cc> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Bradford Love [Tue, 17 Mar 2026 20:57:47 +0000 (15:57 -0500)]
media: m88ds3103: Implement 3103c chip support
Hauppauge 416e products have moved to using the 3103C satellite
demod. This demod behaves mostly like a 3103b, but has
different initialization, clocking, and lock operations.
This Linux code was reverse egineered entirely
using a Windows reference driver.
Signed-off-by: Bradford Love <brad@nextdimension.cc> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
[hverkuil: fix a few minor checkpatch issues]
[hverkuil: fixed two minor sparse issues]
Bradford Love [Tue, 24 Mar 2026 18:25:41 +0000 (13:25 -0500)]
media: em28xx: Add Hauppauge em2828X based 9x5 revisions
The Hauppauge HVR-935, HVR-955, and HVR-975 have moved
from cx231xx bridge to em2828x bridge.
The following USB device id's are new:
2040:0360 - HVR-935 ISOC transport
2040:8360 - HVR-935 Bulk transport
2040:0366 - HVR-955 ISOC transport
2040:8366 - HVR-955 Bulk transport
2040:036a - HVR-975 ISOC transport
2040:836a - HVR-975 Bulk transport
The devices all now utilize si2177 tuner. Capabilities are:
- Digital TV
- Composite video input
- S-Video input
- Analog stereo input
HVR-935 has DVB-C/T/T2 demod (si2168).
HVR-955 has ATSC/QAM demod (lgdt3306a).
HVR-975 has both ATSC/QAM and DVB-C/T/T2 demods.
Signed-off-by: Bradford Love <brad@nextdimension.cc> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
[hverkuil: a few minor checkpatch fixes]
Bradford Love [Tue, 24 Mar 2026 18:25:02 +0000 (13:25 -0500)]
media: si2157: Include support for si2177 chip
The si2177 is very closely related to si2157, with slight differences
when doing analog operations. Digital is left as is, but analog needs
to be configured specially because the signal is internally demodulated
and CVBS video is output directly from the tuner.
Verified locked and working with all supported standards.
Signed-off-by: Bradford Love <brad@nextdimension.cc> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Bradford Love [Tue, 24 Mar 2026 18:24:25 +0000 (13:24 -0500)]
media: em28xx: driver supports two frontends, but not i2c clients
Fix em28xx driver to accommodate a device with two i2c client demods.
The em28xx driver already had a multi frontend aware device struct,
with two fe, just not two i2c client demods. Since Hauppauge HVR975
has transitioned from cx231xx to em2828X, this is required for full
functionality of the devices.
Signed-off-by: Bradford Love <brad@nextdimension.cc> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Bradford Love [Tue, 17 Mar 2026 21:07:20 +0000 (16:07 -0500)]
media: au0828: Fix green screen in analog
When the driver was converted to VB2 the original function to fix
green frame detection was removed and a default vb2 dqbuf function
was used instead. This vb2 dqbuf function leads to green frames not
being detected and correupting stream captures.
The vidioc_dqbuf function checks the greenscreen flag, and, if set
resets the stream to discard the green frame and decode a real frame.
Signed-off-by: Bradford Love <brad@nextdimension.cc> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Bradford Love [Tue, 17 Mar 2026 20:46:45 +0000 (15:46 -0500)]
media: em28xx: Add Hauppauge USB Live2
New revision of Hauppauge USB Live2 switches from cx231xx usb bridge
to Empia em2828X bridge. Inputs for the USB Live2 remain the same:
- Composite video
- S-Video
- Analog stereo audio
Signed-off-by: Bradford Love <brad@nextdimension.cc> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
Bradford Love [Tue, 17 Mar 2026 20:45:54 +0000 (15:45 -0500)]
media: em28xx: Add support for Empia em2828X bridge
The empia em2828X usb bridge contains previous functionality,
but also contains an embedded video decoder. The implemented
capabilities include composite and s-video inputs, as well as
analog TV. Analog TV is expected in CVBS format, it must be
demodulated already.
Media controller decoder entity is included so pipeline
verification passes and graph is properly constructed.
Analog TV bits based off cx231xx driver.
Signed-off-by: Bradford Love <brad@nextdimension.cc> Signed-off-by: Hans Verkuil <hverkuil+cisco@kernel.org>
[hverkuil: fix a few minor checkpatch issues]
Marek Vasut [Tue, 24 Mar 2026 14:33:28 +0000 (15:33 +0100)]
arm64: dts: renesas: sparrow-hawk: Reserve first 128 MiB of DRAM
Mark the first 128 MiB of DRAM as reserved. The first 128 MiB of DRAM
may optionally be used by TFA and other firmware for its own purposes,
and in such case, Linux must not use this memory.
On this platform, U-Boot runs in EL3 and starts TFA BL31 and Linux from
a single combined fitImage. U-Boot has full access to all memory in the
0x40000000..0xbfffffff range, as well memory in the memory banks in the
64-bit address ranges, and therefore U-Boot patches this full complete
view of platform memory layout into the DT that is passed to the next
stage.
The next stage is TFA BL31 and then the Linux kernel. The TFA BL31 does
not modify the DT passed from U-Boot to TFA BL31 and then to Linux with
any new reserved-memory {} node to reserve memory areas used by the TFA
BL31 to prevent the next stage from using those areas, which lets Linux
to use all of the available DRAM as described in the DT that was passed
in by U-Boot, including the areas that are newly utilized by TFA BL31.
In case of high DRAM utilization, for example in case of four instances
of "memtester 3900M" running in parallel, unless the memory used by TFA
BL31 is properly reserved, Linux may use and corrupt the memory used by
TFA BL31, which would often lead to system becoming unresponsive.
Until TFA BL31 can properly fill its own reserved-memory node into the
DT, and to assure older versions of TFA BL31 do not cause problems, add
explicitly reserved-memory {} node which prevents Linux from using the
first 128 MiB of DRAM.
Note that TFA BL31 can be adjusted to use different memory areas, this
newly added reserved-memory {} node follows longer-term practice on the
R-Car SoCs where the first 128 MiB of DRAM is reserved for firmware use.
In case user does modify TFA BL31 to use different memory ranges, they
must either use a future version of TFA BL31 which properly patches a
reserved-memory {} node into the DT, or they must adjust the address
ranges of this reserved-memory {} node accordingly.
Marek Szyprowski [Wed, 25 Mar 2026 17:24:26 +0000 (18:24 +0100)]
Merge tag 'dma-mapping-7.0-2026-03-25' into dma-mapping-for-next
dma-mapping fixes for Linux 7.0
A set of fixes for DMA-mapping subsystem, which resolve false-positive
warnings from KMSAN and DMA-API debug (Shigeru Yoshida and Leon
Romanovsky) as well as a simple build fix (Miguel Ojeda).
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
i2c: s3c24xx: check the size of the SMBUS message before using it
The first byte of an i2c SMBUS message is the size, and it should be
verified to ensure that it is in the range of 0..I2C_SMBUS_BLOCK_MAX
before processing it.
This is the same logic that was added in commit a6e04f05ce0b ("i2c:
tegra: check msg length in SMBUS block read") to the i2c tegra driver.
Andy Shevchenko [Tue, 24 Feb 2026 11:52:10 +0000 (12:52 +0100)]
dt-bindings: i2c: dw: Remove unused bindings
As stated in the d70f60ad964d ("i2c: designware: Remove
not-going-to-be-supported code for Baikal SoC") the Baikal
platforms are not supported and the respective driver code
was removed. Remove the currently unused bindings.
Alexey Charkov [Wed, 18 Mar 2026 14:50:25 +0000 (18:50 +0400)]
ASoC: rockchip: rockchip_sai: Set slot width for non-TDM mode
Currently the slot width in non-TDM mode is always kept at the POR value
of 32 bits, regardless of the sample width, which doesn't work well for
some codecs such as NAU8822.
Set the slot width according to the sample width in non-TDM mode, which
is what other CPU DAI drivers do.
Tested on the following RK3576 configurations:
- SAI2 + NAU8822 (codec as the clock master), custom board
- SAI1 + ES8388 (codec as the clock master), RK3576 EVB1
- SAI2 + RT5616 (SAI as the clock master), FriendlyElec NanoPi M5
NAU8822 didn't work prior to this patch but works after the patch. Other
two configurations work both before and after the patch.
Fixes: cc78d1eaabad ("ASoC: rockchip: add Serial Audio Interface (SAI) driver") Signed-off-by: Alexey Charkov <alchark@flipper.net> Tested-by: Nicolas Frattaroli <nicolas.frattaroli@collabora.com> Link: https://patch.msgid.link/20260318-sai-slot-width-v1-1-1f68186f71e3@flipper.net Signed-off-by: Mark Brown <broonie@kernel.org>
pinctrl: stm32: add firewall checks before probing the HDP driver
Because the HDP peripheral both depends on debug and firewall
configuration, when CONFIG_STM32_FIREWALL is present, use the
stm32 firewall framework to be able to check these configuration against
the relevant controllers.
bus: stm32_firewall: add stm32_firewall_get_grant_all_access() API
Add the stm32_firewall_get_grant_all_access() API to be able to fetch
all firewall references in an access-controllers property and try to grant
access to all of them.
bus: stm32_firewall: allow check on different firewall controllers
Current implementation restricts the check on the firewall controller
being the bus parent. Change this by using the controller referenced
in each firewall queries.
bus: rifsc: fix RIF configuration check for peripherals
Peripheral holding CID0 cannot be accessed, remove this completely
incorrect check. While there, fix and simplify the semaphore checking
that should be performed when the CID filtering is enabled.
bus: firewall: move stm32_firewall header file in include folder
Other driver than RIFSC and ETZPC can implement firewall ops, such as
RCC.
In order for them to have access to the ops and type of this framework,
we need to get the `stm32_firewall.h` file in the include/ folder.
Signed-off-by: Clément Le Goffic <clement.legoffic@foss.st.com> Signed-off-by: Clément Le Goffic <legoffic.clement@gmail.com> Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Link: https://lore.kernel.org/r/20260210-b4-firewall-upstream-v8-1-097c1e47af82@gmail.com Signed-off-by: Alexandre Torgue <alexandre.torgue@foss.st.com>
arm64: dts: st: enable display support on stm32mp257f-dk board
Enable the following IPs on stm32mp257f-dk in order to get display:
* LTDC
* LVDS
* WSVGA LVDS panel (1024x600)
* Panel LVDS backlight as GPIO backlight
* ILI2511 i2c touchscreen
arm64: dts: st: enable display support on stm32mp235f-dk board
Enable the following IPs on stm32mp235f-dk in order to get display:
* LTDC
* LVDS
* WSVGA LVDS panel (1024x600)
* Panel LVDS backlight as GPIO backlight
* ILI2511 i2c touchscreen
Add the LTDC node for stm32mp235 SoC and handle its loopback clocks.
ck_ker_ltdc has the CLK_SET_RATE_PARENT flag. While having this flag is
semantically correct, it for now leads to an improper setting of the
clock rate. The ck_ker_ltdc parent clock is the flexgen 27, which does
not support changing rates yet. To overcome this issue, a fixed clock
can be used for the kernel clock.
The LCD-TFT Display Controller (LTDC) handles display composition,
scaling and rotation. It provides a parallel digital RGB flow to be
used by display interfaces.
projects / thirdparty / kernel / stable.git / log
