The ADM1266 blackbox can be configured in two recording modes via
BLACKBOX_CONFIG[0]: cyclic, where the device overwrites the oldest
record once the 32-record buffer fills, and single, where it stops
recording until the buffer is cleared. Deployments that need to
preserve the full record history across multiple fault episodes
typically run in single mode and need a way to clear the buffer
after the records have been collected.
Expose a write-only debugfs file alongside sequencer_state. Writing
any data to it issues the documented clear-blackbox sub-command:
a 2-byte block-write to READ_BLACKBOX (0xDE) with payload
{0xFE, 0x00} (datasheet Rev. D).
The clear is taken under pmbus_lock because READ_BLACKBOX is also
used by adm1266_nvmem_read_blackbox() to walk records one at a
time; both paths run under pmbus_lock so the clear cannot
interleave mid-iteration and corrupt the read sequence.
The delayed polling work rearms itself from the work function, so use
explicit delayed-work setup and cleanup instead of
devm_delayed_work_autocancel().
Initialize the delayed work with INIT_DELAYED_WORK() and register a
devres cleanup action that calls disable_delayed_work_sync() during
teardown.
This addresses the concern raised during review about the polling work
being able to requeue itself while the driver is being removed.
soc: bcm2835: raspberrypi-firmware: Add voltage domain IDs
Add Raspberry Pi firmware voltage domain identifiers for the mailbox
property interface.
Also add the voltage request structure used with
RPI_FIRMWARE_GET_VOLTAGE so firmware clients can share the common API
definition from the firmware header.
Flaviu Nistor [Mon, 18 May 2026 07:23:37 +0000 (10:23 +0300)]
hwmon: (lm75) Add explicit header include
Since device_property_read_string() is used in the probe function add
explicit include for linux/mod_devicetable.h and linux/property.h rather
than having implicit inclusions. Header linux/of.h can be removed and
also of_match_ptr() improving non-Device Tree compatibility of the driver.
Remove __maybe_unuse because it is not needed anymore.
- Remove broken Intel wiki link; add Intel SDM download page link
- Fix description of tempX_max to clarify it is not Core2-only
- Correct tempX_label string for package temperature (changed in commit 2bc0e6d07ee5 ("hwmon: (coretemp) rearrange tjmax handing code"))
Hassan Maazu [Sat, 16 May 2026 22:09:26 +0000 (22:09 +0000)]
Documentation: hwmon: fix typo in heading for max31730
Generated heading & link to driver doc for max31730 wrongly named
max31790 under hwmon docs. This patch fixes typo so link to max31730
is easily identifiable without confusion with max31790.
The Murata D1U74T-W series are hot-pluggable 1U AC/DC front-end
power supplies in the Intel CRPS-185 / OCP M-CRPS form factor.
Each variant delivers a 12 V main output plus a 12 V standby output
from a wide AC input (90-264 Vac) or HVDC supply, and includes an
internal variable-speed cooling fan and on-board voltage, current,
power, fan-speed, and temperature telemetry.
The host-side digital interface is a PMBus 1.2 port on I2C. The
PSU's other electrical signals (status, alert, current-share) live
on the CRPS edge connector and are consumed by the chassis
controller rather than the host SoC, so there are no host-described
supplies, GPIOs, clocks, or interrupts. Add the compatible to
trivial-devices.yaml rather than carrying a standalone binding file.
Roman Bakshansky [Sat, 16 May 2026 11:42:52 +0000 (14:42 +0300)]
hwmon: (coretemp) replace hardcoded core count with dynamic value
The hardcoded maximum of 512 cores per package was first defined by commit 34cf8c657cf0 ("hwmon: (coretemp) Enlarge per package core count limit")
and later kept as a fallback with a TODO in commit 1a793caf6f69 ("hwmon:
(coretemp) Use dynamic allocated memory for core temp_data") because the
actual per-package core count was not reliably available at the time.
Now that topology_num_cores_per_package() is stable and suitable for use,
it's time to complete the TODO and allocate only the needed amount of
memory for core_data.
The adt7411 driver exposes additional standard hwmon attributes beyond
the ones currently listed in Documentation/hwmon/adt7411.rst.
Document voltage min/max/alarm attributes, temperature min/max and
min_alarm/max_alarm attributes, and the temp2_fault attribute for the
external temperature channel.
Also update the documentation to clarify that analog inputs in1 and in2
are not available when the external temperature sensor is enabled, and
remove the outdated statement claiming that external temperature support
and limit registers are unsupported.
The ADM1266 reports its firmware revision via the IC_DEVICE_REV
manufacturer-specific block-read command (0xAE, datasheet Rev. D
Table 80). The first three returned bytes are the firmware
major.minor.patch fields. This is useful when correlating field
behaviour against ADI release notes; expose it through debugfs
alongside the existing sequencer_state entry.
The standard PMBus MFR_REVISION (0x9B) register is already exposed
by pmbus_core's debugfs auto-create path and reports the
manufacturer revision, which is a separate thing from the firmware
running on the device.
Ronan Dalton [Thu, 14 May 2026 00:34:04 +0000 (12:34 +1200)]
hwmon: (nct7802) Add time step attributes for tweaking responsiveness
The nct7802 chip exposes two registers that allow setting the time
interval between successive duty increases or decreases in Smart Fan
mode. The units are intervals of 0.1 second. The default value at power
on is 10, so 1 second.
Add sysfs attributes for step_up_time and step_down_time to allow
controlling the responsiveness of the fan speed. Values are represented
as milliseconds to the user. When set, the value is clamped to the valid
range of 100 to 25500 (0.1 to 25.5 seconds), and rounded to the nearest
multiple of 100.
hwmon: Use named initializers for arrays of i2c_device_data
While being less compact, using named initializers allows to more easily
see which members of the structs are assigned which value without having
to lookup the declaration of the struct. And it's also more robust
against changes to the struct definition.
The mentioned robustness is relevant for a planned change to struct
i2c_device_id that replaces .driver_data by an anonymous union.
While touching all these arrays, unify indention and usage of commas.
This patch doesn't modify the compiled arrays, only their representation
in source form benefits. The former was confirmed with x86 and arm64
builds.
Flaviu Nistor [Sun, 10 May 2026 09:25:43 +0000 (12:25 +0300)]
hwmon: (tmp102) Use device_property_read_string API
Replace of_property_read_string() with the preferded
device_property_read_string() in the probe function to
read the device label property, improving the driver
compatibility since this method is not limited to
Device Tree only.
Also drop the now unnecessary __maybe_unused from tmp102_of_match.
Add hwmon driver for the ARCTIC Fan Controller, a USB HID device
(VID 0x3904, PID 0xF001) with 10 fan channels. Exposes fan speed in
RPM (read-only) and PWM duty cycle (0-255, read/write) via sysfs.
The device pushes IN reports at ~1 Hz containing RPM readings. PWM is
set via OUT reports; the device applies the new duty cycle and sends
back a 2-byte ACK (Report ID 0x02). The driver waits up to 1 s for
the ACK using a completion. Measured device latency: max ~563 ms over
500 iterations. PWM control is manual-only: the device never changes
duty cycle autonomously.
raw_event() may run in hardirq context, so fan_rpm[] is protected by
a spinlock with irq-save. pwm_duty[] is also protected by this spinlock
because reset_resume() clears it outside the hwmon core lock. The OUT
report buffer is built and write_pending is armed under the same lock so
that no reset_resume() can race with the pwm_duty[] snapshot. priv->buf
is exclusively accessed by write(), which the hwmon core serializes.
Add support for MAX20830 step-down DC-DC switching regulator with
PMBus interface. It allows monitoring of input/output voltage,
output current and temperature through the PMBus serial interface.
LM75 devices supported by this driver support configurable active-high
alert polarity. This is already documented in the devicetree description.
Add support for it to the driver.
Follow documentation and defensively enforce active-low if property is
not set. This avoids possible inconsistencies for future devices with
wrong parametrization. No API breakage as all current devices have
their parameters set to active-low.
The LM75 alert pin is asserted based on the value of alert polarity bit
of the configuration register. The device/driver default is 0 which means
alert pin is configured to be active-low. A value of 1 maps to inverted
(active-high).
Add an optional boolean property "ti,alert-polarity-active-high" to
override the alert pin polarity. When absent, the default active-low
polarity is kept.
hwmon: Move MODULE_DEVICE_TABLE next to the table itself
By convention MODULE_DEVICE_TABLE() immediately follows the ID table it
exports, because this is easier to read and verify. It also makes more
sense since #ifdef for ACPI or OF could hide both of them.
Most of the privers already have this correctly placed, so adjust
the missing ones. No functional impact.
Tabrez Ahmed [Sat, 2 May 2026 02:08:44 +0000 (07:38 +0530)]
hwmon: (ads7871) Use DMA-safe buffer for SPI writes
The driver currently passes a stack-allocated buffer to spi_write(),
which is incompatible with DMA on systems with CONFIG_VMAP_STACK
enabled.
Move the transfer buffer into the driver's private data structure
to ensure it is DMA-safe. Since this shared buffer now requires
serialization, this change depends on the previous commit which
migrated the driver to the hwmon 'with_info' API.
While moving the logic, also:
- Corrected the sign extension for 14-bit data by casting to s16.
- Scaled the output to millivolts (2500mV full scale
) to comply with the hwmon ABI.
Tabrez Ahmed [Sat, 2 May 2026 02:08:43 +0000 (07:38 +0530)]
hwmon: (ads7871) Convert to hwmon_device_register_with_info
Convert the ads7871 driver from the legacy hwmon_device_register() to the
modern hwmon_device_register_with_info() API. This migration simplifies
the driver by using the structured hwmon_channel_info approach and
prepares the codebase for the transition to a shared DMA-safe buffer.
While at it, fix checkpatch violations.
hwmon: emc2305: Support configurable fan PWM at shutdown
Some systems require fans to enter in a defined safe state during system
shutdown or reboot handoff.
Add support for the optional Device Tree property "fan-shutdown-percent"
to configure the shutdown PWM duty cycle per fan output.
If the property is present for a fan channel, the driver converts the
configured percentage value to the corresponding PWM duty cycle and
applies it during driver shutdown.
If the property is not present, the fan state remains unchanged.
The EMC2305 fan controller supports multiple independent PWM fan
outputs. Some systems require fans to enter a defined safe state
during system shutdown or reboot handoff, until firmware or the next
boot stage reconfigures the controller.
Add an optional "fan-shutdown-percent" property to fan child nodes
allowing the PWM duty cycle applied during shutdown to be configured
per fan output.
The fan channel index is used to access per-channel data structures.
Validate the index against the number of available channels
before use to prevent out-of-bounds access if an invalid
value is provided.
The thermal registration path currently uses a sequential child index,
which may not match the validated channel from DT. Use the DT "reg"
property when registering cooling devices to ensure consistent
channel handling
Linus Torvalds [Tue, 9 Jun 2026 15:19:48 +0000 (08:19 -0700)]
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Pull rdma fixes from Jason Gunthorpe:
"Several significant bug fixes of pre-existing issues:
- Missing validation on ucap fd types passed from userspace
- Missing validation of HW DMA space vs userpace expected sizes in
EFA queue setup
- DMA corruption when using DMA block sizes >= 4G when setting up MRs
in all drivers
- Missing validation of CPU IDs when setting up dma handles
- Missing validation of IB_MR_REREG_ACCESS when changing writability
of a MR
- Missing validation of received message/packet size in ISER and SRP"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
RDMA/srp: bound SRP_RSP sense copy by the received length
IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN
RDMA: During rereg_mr ensure that REREG_ACCESS is compatible
RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc
RDMA/umem: Fix truncation for block sizes >= 4G
RDMA/efa: Validate SQ ring size against max LLQ size
RDMA/core: Validate the passed in fops for ib_get_ucaps()
Jeff Layton [Thu, 29 Jan 2026 21:47:43 +0000 (16:47 -0500)]
vfs: add FS_USERNS_DELEGATABLE flag and set it for NFS
Commit e1c5ae59c0f2 ("fs: don't allow non-init s_user_ns for filesystems
without FS_USERNS_MOUNT") prevents the mount of any filesystem inside a
container that doesn't have FS_USERNS_MOUNT set.
This broke NFS mounts in our containerized environment. We have a daemon
somewhat like systemd-mountfsd running in the init_ns. A process does a
fsopen() inside the container and passes it to the daemon via unix
socket.
The daemon then vets that the request is for an allowed NFS server and
performs the mount. This now fails because the fc->user_ns is set to the
value in the container and NFS doesn't set FS_USERNS_MOUNT. We don't
want to add FS_USERNS_MOUNT to NFS since that would allow the container
to mount any NFS server (even malicious ones).
Add a new FS_USERNS_DELEGATABLE flag, and enable it on NFS.
Fixes: e1c5ae59c0f2 ("fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT") Signed-off-by: Jeff Layton <jlayton@kernel.org> Link: https://patch.msgid.link/20260129-twmount-v1-1-4874ed2a15c4@kernel.org Acked-by: Anna Schumaker <anna.schumaker@oracle.com> Reviewed-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@futurfusion.io> Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Christian Brauner (Amutable) <brauner@kernel.org>
Thomas Weißschuh [Thu, 21 May 2026 06:53:23 +0000 (08:53 +0200)]
MIPS: VDSO: Fold MIPS_CLOCK_VSYSCALL into MIPS_GENERIC_GETTIMEOFDAY
This configuration option exists so "that we don't provide the symbol
when there's no possibility of there being a usable clocksource".
However it only covers __vdso_gettimeofday() and none of the other vDSO
functions which should be affected by the same circumstances.slightly slightly.
Remove MIPS_CLOCK_VSYSCALL and fold its usecase into
MIPS_GENERIC_GETTIMEOFDAY, which works correctly.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de> Signed-off-by: Thomas Gleixner <tglx@kernel.org> Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Cc: Daniel Lezcano <daniel.lezcano@kernel.org> Cc: Thomas Gleixner <tglx@kernel.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: linux-mips@vger.kernel.org Link: https://patch.msgid.link/20260521-vdso-mips-kconfig-v1-9-2f79dcd6c78f@linutronix.de
Thomas Weißschuh [Thu, 21 May 2026 06:53:21 +0000 (08:53 +0200)]
MIPS: VDSO: Fold MIPS_DISABLE_VDSO into MIPS_GENERIC_GETTIMEOFDAY
The currently used MIPS_DISABLE_VDSO will disable only the userspace
bits of the time-related vDSO. The kernel part is still pointlessly
built and running.
Remove MIPS_DISABLE_VDSO and fold its usecase into
MIPS_GENERIC_GETTIMEOFDAY, which works correctly.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de> Signed-off-by: Thomas Gleixner <tglx@kernel.org> Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Cc: Daniel Lezcano <daniel.lezcano@kernel.org> Cc: Thomas Gleixner <tglx@kernel.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: linux-mips@vger.kernel.org Link: https://patch.msgid.link/20260521-vdso-mips-kconfig-v1-7-2f79dcd6c78f@linutronix.de
Arnd Bergmann [Tue, 9 Jun 2026 15:00:43 +0000 (17:00 +0200)]
Merge tag 'cache-for-v7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/conor/linux into soc/drivers
standalone cache drivers for v7.2
SiFive ccache:
Add the Starfive JH7110 to the list of devices that need the
non-standard cache ops, because the GPU appears to be DMA non-coherent
unlike other peripherals.
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
* tag 'cache-for-v7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/conor/linux:
cache: sifive_ccache: Add StarFive JH7110 SoC support
Sumit Gupta [Wed, 27 May 2026 14:01:27 +0000 (19:31 +0530)]
memory: tegra234: drop dead NULL check in tegra234_mc_icc_aggregate()
In tegra234_mc_icc_aggregate(), the 'if (mc)' check inside the
CPU-cluster branch is always true. 'mc' was already dereferenced
via 'mc->bwmgr_mrq_supported' a few lines above, so if it were NULL
the function would have faulted there. Drop the redundant check.
Reported-by: Jon Hunter <jonathanh@nvidia.com> Signed-off-by: Sumit Gupta <sumitg@nvidia.com> Reviewed-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Jon Hunter <jonathanh@nvidia.com> Link: https://patch.msgid.link/20260527140127.49172-4-sumitg@nvidia.com Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Sumit Gupta [Wed, 27 May 2026 14:01:26 +0000 (19:31 +0530)]
memory: tegra264: drop redundant tegra264_mc_icc_aggregate()
tegra264_mc_icc_aggregate() does nothing on top of icc_std_aggregate
except an early return on !mc->bwmgr_mrq_supported.
tegra264_mc_icc_set() already returns early on the same condition,
before reading any of the aggregated avg_bw / peak_bw values. This
makes the early return in aggregate() redundant. So, set
tegra264_mc_icc_ops.aggregate to icc_std_aggregate and drop the
helper.
Reported-by: Jon Hunter <jonathanh@nvidia.com> Signed-off-by: Sumit Gupta <sumitg@nvidia.com> Reviewed-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Jon Hunter <jonathanh@nvidia.com> Link: https://patch.msgid.link/20260527140127.49172-3-sumitg@nvidia.com Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Sumit Gupta [Wed, 27 May 2026 14:01:25 +0000 (19:31 +0530)]
memory: tegra186-emc: stop borrowing MC aggregate hook for EMC
tegra186_emc_interconnect_init() copies the MC's ICC aggregate hook
into the EMC provider. That hook (tegra234_mc_icc_aggregate /
tegra264_mc_icc_aggregate) uses container_of() to recover 'mc',
which is only valid when the icc_provider is embedded in struct
tegra_mc. For an EMC node the provider is embedded in struct
tegra186_emc, so 'mc' points into unrelated memory.
This stayed harmless until commit faafd6ca7e6e ("memory: tegra:
make icc_set_bw return zero if BWMGR not supported") added an
unconditional read of mc->bwmgr_mrq_supported at the top of the
hook. UBSAN catches the stray load on every EMC aggregation:
UBSAN: invalid-load in drivers/memory/tegra/tegra234.c:1104:9
load of value 112 is not a valid value for type '_Bool'
No functional impact in practice, since the hook's only other mc
dereference (mc->num_channels) sits inside a
TEGRA_ICC_MC_CPU_CLUSTER* branch that EMC nodes never enter.
Fix this by setting the EMC provider's aggregate hook to
icc_std_aggregate, instead of borrowing the MC's hook. The MC
providers continue using their own aggregate hooks, where
container_of() correctly resolves to struct tegra_mc.
Reported-by: Jon Hunter <jonathanh@nvidia.com> Fixes: 9a38cb27668e ("memory: tegra: Add interconnect support for DRAM scaling in Tegra234") Signed-off-by: Sumit Gupta <sumitg@nvidia.com> Reviewed-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Jon Hunter <jonathanh@nvidia.com> Link: https://patch.msgid.link/20260527140127.49172-2-sumitg@nvidia.com Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Paul Moses [Tue, 9 Jun 2026 10:08:54 +0000 (05:08 -0500)]
selftests/bpf: Add BTF repeated field count overflow test
Add a raw BTF test that exercises repeated special-field expansion with a
large array count. The compact element layout keeps the array byte size
representable while the repeated field count overflows the old u32 capacity
calculation in btf_repeat_fields().
Arnd Bergmann [Tue, 9 Jun 2026 14:59:20 +0000 (16:59 +0200)]
Merge tag 'ti-driver-soc-for-v7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/ti/linux into soc/drivers
TI SoC driver updates for v7.2
TI K3 TISCI:
- ti_sci: Add BOARDCFG_MANAGED mode for support system suspend/resume cycles
- ti_sci: Add support for restoring IRQ and clock contexts during resume.
- clk: keystone: sci-clk: Add clock restoration support.
SoC Drivers:
- k3-socinfo: Add support for identifying AM62P silicon variants via NVMEM,
along with corresponding dt-bindings update for nvmem-cells support
- k3-ringacc: Fix incorrect access mode for ring pop tail IO/proxy operations
Keystone Navigator (knav) Cleanup and Fixes:
- knav_qmss: Multiple code quality improvements
- knav_qmss_queue: Implement proper resource cleanup in the remove() path
General Cleanups:
- k3-ringacc: Use str_enabled_disabled() helper for consistency
- knav_qmss: Use %pe format specifier for PTR_ERR() printing
* tag 'ti-driver-soc-for-v7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/ti/linux:
firmware: ti_sci: Add support for restoring clock context during resume
clk: keystone: sci-clk: Add restore_context() operation
firmware: ti_sci: Add support for restoring IRQs during resume
firmware: ti_sci: Add BOARDCFG_MANAGED mode support
soc: ti: k3-ringacc: Use str_enabled_disabled() helper
soc: ti: knav_dma: Use IOMEM_ERR_PTR() in pktdma_get_regs()
soc: ti: knav_dma: Remove dead check on unsigned args.args[0]
soc: ti: knav_dma: Remove unused DMA_PRIO_MASK macro
soc: ti: knav_qmss_acc: Fix kernel-doc Return: tag
soc: ti: knav_qmss: Fix __iomem annotations and __be32 type
soc: ti: knav_qmss: Use %pe to print PTR_ERR()
soc: ti: knav_qmss: Fix kernel-doc Return: tags
soc: ti: knav_qmss: Inline lockdep condition in for_each_handle_rcu
soc: ti: knav_qmss: Rename global kdev to knav_qdev to fix -Wshadow
soc: ti: knav_qmss: Remove remaining redundant ENOMEM printks
soc: ti: knav_qmss_queue: Implement resource cleanup in remove()
soc: ti: k3-ringacc: Fix access mode for k3_ringacc_ring_pop_tail_io/proxy
soc: ti: knav_dma: fix all kernel-doc warnings in knav_dma.h
soc: ti: k3-socinfo: Add support for AM62P variants via NVMEM
dt-bindings: hwinfo: ti,k3-socinfo: Add nvmem-cells support
Arnd Bergmann [Tue, 9 Jun 2026 14:57:55 +0000 (16:57 +0200)]
Merge tag 'arm-soc/for-7.2/drivers' of https://github.com/Broadcom/stblinux into soc/drivers
This pull request contains Broadcom SoC drivers changes for 7.2, please
pull the following:
- Justin changes the soc_device driver to be more modern and consolidate
the initialization
- Chen-Yu updates the BCM2835 firmware Kconfig dependency and adds
COMPILE_TEST
* tag 'arm-soc/for-7.2/drivers' of https://github.com/Broadcom/stblinux:
firmware: raspberrypi: Change dependency to ARCH_BCM2835 and COMPILE_TEST
soc: brcmstb: consolidate initcall functions
Arnd Bergmann [Tue, 9 Jun 2026 14:53:10 +0000 (16:53 +0200)]
Merge tag 'memory-controller-drv-7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux-mem-ctrl into soc/drivers
Memory controller drivers for v7.2
1. Tegra MC/EMC:
- Handle system sleep, necessary to re-program registers after system
resume. A few more improvements.
- Add Tegra114 and Tegra238 Memory Controller, and Tegra114 External
MC support.
- Grow Tegra264 support.
2. Renesas XSPI: Document RZ/T2H and RZ/N2H variants, compatible with
existing devices.
* tag 'memory-controller-drv-7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux-mem-ctrl:
memory: tegra264: Add full set of MC clients
dt-bindings: memory: tegra264: Add full set of MC client IDs
memory: tegra264: Skip clients without bpmp_id or type
memory: renesas-rpc-if: Fix duplicate device name on multi-instance platforms
dt-bindings: memory: renesas,rzg3e-xspi: Add RZ/T2H and RZ/N2H support
memory: omap-gpmc: Silence W=1 kerneldoc warnings
memory: tegra114-emc: Simplify tegra114_emc_interconnect_init() error message
memory: tegra114-emc: Do not print error on icc_node_create() failure
memory: tegra: Fix possible null pointer dereference
memory: tegra: Add Tegra114 EMC driver
memory: tegra: Implement EMEM regs and ICC ops for Tegra114
dt-bindings: memory: Document Tegra114 External Memory Controller
dt-bindings: memory: Document Tegra114 Memory Controller
memory: tegra: Add Tegra238 MC support
dt-bindings: memory: tegra: Add nvidia,tegra238-mc compatible
memory: tegra: Restore MC interrupt masks on resume
memory: tegra: Wire up system sleep PM ops
memory: tegra: Make ->resume() callback return void
memory: tegra: Deduplicate rate request management code
memory: atmel-ebi: Allow deferred probing
Arnd Bergmann [Tue, 9 Jun 2026 14:51:22 +0000 (16:51 +0200)]
Merge tag 'samsung-drivers-7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux into soc/drivers
Samsung SoC drivers for v7.2
Improve Samsung Exynos (and Google GS101) ACPM (Alive Clock and Power
Manager) firmware driver:
1. Few code improvements.
2. Add support for protocol used to communicate with Thermal Management
Unit (TMU). This will allow to implement the thermal driver working
for newer Samsung Exynos and Google GS101 SoCs.
* tag 'samsung-drivers-7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux:
firmware: samsung: acpm: remove compile-testing stubs
firmware: samsung: acpm: Add devm_acpm_get_by_phandle helper
firmware: samsung: acpm: Add TMU protocol support
firmware: samsung: acpm: Make acpm_ops const and access via pointer
firmware: samsung: acpm: Drop redundant _ops suffix in acpm_ops members
firmware: samsung: acpm: Annotate rx_data->cmd with __counted_by_ptr
firmware: samsung: acpm: Consolidate transfer initialization helper
firmware: samsung: acpm: Fix infinite loop on sequence number exhaustion
firmware: samsung: acpm: Fix missing LKMM barriers in sequence allocator
firmware: samsung: acpm: Fix false timeouts and Use-After-Free in polling
firmware: samsung: acpm: Fix mailbox channel leak on probe error
firmware: samsung: acpm: Fix cross-thread RX length corruption
Arnd Bergmann [Tue, 9 Jun 2026 14:22:50 +0000 (16:22 +0200)]
Merge tag 'tegra-for-7.2-firmware' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux into soc/drivers
firmware: tegra: Changes for v7.2-rc1
This set of changes contains another attempt at resolving a Kconfig
dependency, propagates debugfs error codes and adds support for multiple
sockets to the BPMP driver.
* tag 'tegra-for-7.2-firmware' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux:
firmware: tegra: bpmp: Add support for multi-socket platforms
firmware: tegra: bpmp: Propagate debugfs errors
firmware: tegra: Make TEGRA_IVC a hidden Kconfig symbol
Arnd Bergmann [Tue, 9 Jun 2026 14:20:55 +0000 (16:20 +0200)]
Merge tag 'tegra-for-7.2-pmc' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux into soc/drivers
soc/tegra: pmc: Changes for v7.2-rc1
The bulk of these changes converts existing users to the modern variants
of the API that take a PMC instance as argument. This completes the
transition to multi-instance support, which then makes room for cleanups
and restricting the remaining legacy APIs to 32-bit platforms.
Some changes in this set also clean up powergate debugfs and restrict
the power-off handler to be installed only where appropriate. Lastly,
support for Tegra238 is added.
* tag 'tegra-for-7.2-pmc' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux:
soc/tegra: pmc: Add Tegra238 support
soc/tegra: pmc: Restrict power-off handler to Nexus 7
soc/tegra: pmc: Populate powergate debugfs only when needed
soc/tegra: pmc: Move legacy code behind CONFIG_ARM guard
soc/tegra: pmc: Remove unused legacy functions
soc/tegra: pmc: Create PMC context dynamically
usb: xhci: tegra: Explicitly specify PMC instance to use
PCI: tegra: Explicitly specify PMC instance to use
media: vde: Explicitly specify PMC instance to use
drm/tegra: Explicitly specify PMC instance to use
drm/nouveau: tegra: Explicitly specify PMC instance to use
ata: ahci_tegra: Explicitly specify PMC instance to use
Merge branch 'xfrm: XFRM_MSG_MIGRATE_STATE new netlink message'
Antony Antony says:
====================
The current XFRM_MSG_MIGRATE interface is tightly coupled to policy and
SA migration, and it lacks the information required to reliably migrate
individual SAs. This makes it unsuitable for IKEv2 deployments,
dual-stack setups (IPv4/IPv6), and scenarios where policies are managed
externally (e.g., by daemons other than the IKE daemon).
Mandatory SA selector list
The current API requires a non-empty SA selector list, which does not
reflect the IKEv2 use case.
A single Child SA may correspond to multiple policies,
and SA discovery already occurs via address and reqid matching. With
dual-stack Child SAs this leads to excessive churn: the current method
would have to be called up to six times (in/out/fwd × v4/v6) on SA,
while the new method only requires two calls.
Selectors lack SPI (and marks)
XFRM_MSG_MIGRATE cannot uniquely identify an SA when multiple SAs share
the same policies (per-CPU SAs, SELinux label-based SAs, etc.). Without
the SPI, the kernel may update the wrong SA instance.
Reqid cannot be changed
Some implementations allocate reqids based on traffic selectors. In
host-to-host or selector-changing scenarios, the reqid must change,
which the current API cannot express.
Because strongSwan and other implementations manage policies
independently of the kernel, an interface that updates only a specific
SA - with complete and unambiguous identification - is required.
SA Selector, x->sel, can't be changed, especially Transport mode.
XFRM_MSG_MIGRATE_STATE provides that interface. It supports migration
of a single SA via xfrm_usersa_id (including SPI) and we fix
encap removal in this patch set, reqid updates, address changes,
and other SA-specific parameters. It avoids the structural limitations
of XFRM_MSG_MIGRATE and provides a simpler, extensible mechanism for
precise per-SA migration without involving policies.
This method also allows migtrating SA selectors typically used with
host-to-host in Transport mode.
New migration steps: first install block policy, remove the old policy,
call XFRM_MSG_MIGRATE_STATE for each state, then re-install the
policies and remove the block policy.
If the target SA tuple (daddr, SPI, proto, family) is already
occupied, the operation returns -EEXIST. In this case the original
SA is not preserved. Userspace must handle -EEXIST by
re-establishing the SA at the IKE level and manage policies.
====================
David Laight [Mon, 8 Jun 2026 12:42:42 +0000 (13:42 +0100)]
fbdev: sm501fb: Fix buffer errors in OF binding code
The code that gets the frame buffer mode from OF has 'use after free',
'buffer overrun' and memory leaks.
info->edid_data isn't free if the probe functions fail or if
pd->def_mode is set.
If both the CRT and PANEL are enabled info->edid_data is used after
being freed and is freed twice.
The string returned by of_get_property(np, "mode", &len) is just
written over either the static "640x480-16@60" or the module parameter
string without any regard for the length (which is most likely longer).
Use kstrump() for the OF mode and free everything before freeing 'info.
Fixes: 4295f9bf74a88 ("video, sm501: add OF binding to support SM501") Signed-off-by: David Laight <david.laight.linux@gmail.com> Signed-off-by: Helge Deller <deller@gmx.de>
Helge Deller [Tue, 9 Jun 2026 07:22:09 +0000 (09:22 +0200)]
fbdev/arm: Export acorndata_8x8 font symbol for bootloader
The text display code used in the Risc PC kernel image decompression
code uses arch/arm/boot/compressed/font.c, which includes
lib/fonts/font_acorn_8x8.c, which further includes <linux/font.h>.
Since commit 97df8960240a ("lib/fonts: Provide helpers for calculating
glyph pitch and size") <linux/font.h> contains inline functions that
require __do_div64, which is not linked into the ARM kernel
decompressor. This makes Risc PC zImages fail to build.
Resolve this issue by defining the BOOTLOADER symbol and use it to avoid
a static declaration of the acorndata_8x8 symbol. That way it can be
referenced by the arm bootloader, and other static math functions and
symbols (like __do_div64) stay static and don't get unneccesary included
in the ARM kernel bootloader decompressor object file.
Fixes: 97df8960240a ("lib/fonts: Provide helpers for calculating glyph pitch and size") Reported-by: Ethan Nelson-Moore <enelsonmoore@gmail.com> Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de> Cc: linux-arm-kernel@lists.infradead.org Cc: Russell King <linux@armlinux.org.uk> Signed-off-by: Helge Deller <deller@gmx.de>
fbdev: Wrap fbcon updates from vga-switcheroo in helper
Handle console remapping in fbcon in fb_switch_output(). Vga-switcheroo
invokes this functionality before switching physical outputs to a new
graphics device. Open-coding fbcon state in vga-switcheroo exposed fbdev
implementation details.
Vga-switcheroo is used for switching physical outputs among graphics
hardware. This functionality is only supported by DRM drivers. A later
update will further move fb_switch_output() into DRM's fbdev emulation;
thus fully decoupling vga-switcheroo from fbdev.
v3:
- remove Kconfig dependency related to fbcon (Geert)
v2:
- use '#if defined' (Helge)
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de> Signed-off-by: Helge Deller <deller@gmx.de>
fbdev: Wrap user-invoked calls to fb_blank() in helper
Handle fbcon during blanking in fb_blank_from_user(). First blank the
hardware, then blank fbcon. Same for unblanking. Update all callers and
resolve the duplicated logic.
With the new helper, fbdev's sysfb code no longer maintains fbcon state
by itself.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de> Signed-off-by: Helge Deller <deller@gmx.de>
fbdev: Wrap user-invoked calls to fb_set_var() in helper
Handle fbcon during display updates in fb_set_var_from_user(). Check
with fbcon if the mode change is possible, update hardware state and
finally update fbcon. Update all callers.
Only the FBIOPUT_VSCREENINFO ioctl currently does all steps. Other
mode-changes callers in sysfs and driver code are missing fbcon-related
steps.
With the new helper, ps3fb and sh_mobile_lcdcfb no longer maintain
fbcon state themselves.
Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de> Signed-off-by: Helge Deller <deller@gmx.de>
Hongling Zeng [Tue, 2 Jun 2026 08:54:21 +0000 (16:54 +0800)]
fbdev: omap2: fix use-after-free in omapfb_mmap
omapfb_mmap() has a race condition with OMAPFB_SETUP_PLANE ioctl that
can lead to use-after-free:
The fb_mmap() entry point holds mm_lock but not lock (fb_info->lock),
while ioctl handlers like OMAPFB_SETUP_PLANE hold lock but not mm_lock.
This allows concurrent execution.
In omapfb_mmap():
1. rg = omapfb_get_mem_region(ofbi->region); // Get old region ref
2. start = omapfb_get_region_paddr(ofbi); // Read from NEW region
3. len = fix->smem_len; // Read from NEW region
4. vm_iomap_memory(vma, start, len); // Map NEW region memory
5. atomic_inc(&rg->map_count); // Increment OLD region!
Concurrently, OMAPFB_SETUP_PLANE can:
- Reassign ofbi->region = new_rg
- Update fix->smem_len
- OMAPFB_SETUP_MEM then checks NEW region's map_count (0!) and frees it
This leaves userspace with a mapping to freed physical memory.
The fix is to read all required values (start, len) from the same
region reference (rg) that will have its map_count incremented,
preventing the region from being freed while still mapped.
AlbertoArostegui [Wed, 27 May 2026 15:39:13 +0000 (15:39 +0000)]
fbdev: pxa168fb: use devm_ioremap_resource() for MMIO
pxa168fb maps the LCD controller register resource with devm_ioremap(),
which does not request the memory region. Use devm_ioremap_resource()
instead so the MMIO range is claimed before being mapped.
Eduardo Silva [Mon, 1 Jun 2026 19:46:44 +0000 (21:46 +0200)]
fbdev: grvga: Fix CLUT register address offset in comment
The comment does not match the actual address offset. According
to the GRLIB IP Library Reference Manual (p. 2119), the CLUT register
is at offset 0x28, not the value stated in the comment.
Lu Yao [Thu, 30 Apr 2026 06:01:37 +0000 (14:01 +0800)]
fbcon: don't suspend/resume when vc is graphics mode
Don't need to do suspend/resume for fbcon in graphic mode.
Doing this may cause error, eg:
At the beginning, starting the Xorg with single screen and then an
external screen was plugged in. After logging out in Xorg, fbdev
info may using screen which is connected later on for info always
using first connected connector in list in func 'drm_setup_crtcs_fb'.
Then, S3 executed, fbcon found that the information did not match
and do atomic to switch fb. However, Xorg will not re-bind the crtc
fb but continues doing ioctl. At this time, the fb is incorrect.
With some modifications by Helge Deller.
Signed-off-by: Lu Yao <yaolu@kylinos.cn> Signed-off-by: Helge Deller <deller@gmx.de>
Li RongQing [Fri, 15 May 2026 01:02:02 +0000 (21:02 -0400)]
fbdev: sm712: Fix operator precedence in big_swap macro
The big_swap(p) macro was intended to swap bytes within 16-bit halves
of a 32-bit value. However, because the bitwise shift operators (<<, >>)
have higher precedence than the bitwise AND operator (&), the original
code failed to perform any shifting on the masked bits.
For example, 'p & 0xff00ff00 >> 8' was evaluated as 'p &
(0xff00ff00 >> 8)', effectively neutralizing the intended swap.
Fix this by adding parentheses to ensure the bitwise AND is performed
before the shift, correctly implementing the byte swap logic.
Fixes: 1461d66728648 ("staging: sm7xxfb: merge sm712fb with fbdev") Cc: stable@vger.kernel.org Signed-off-by: Li RongQing <lirongqing@baidu.com> Signed-off-by: Helge Deller <deller@gmx.de>
esp: fix page frag reference leak on skb_to_sgvec failure
In esp_output_tail(), when esp->inplace is false, the old skb page frags
are replaced with a new page from the xfrm page_frag cache The source
scatterlist (sg) is built from the old frags before the replacement, and
esp_ssg_unref() is responsible for releasing the old page references
after the crypto operation completes
However, if the second skb_to_sgvec() call (which builds the destination
scatterlist from the new page) fails, the code jumps to error_free which
only calls kfree(tmp). The old page frag references captured in the
source scatterlist are never released:
1 sg[] is built from old frags via skb_to_sgvec() (no extra get_page)
2 nr_frags is set to 1 and frag[0] is replaced with the new page
3 Second skb_to_sgvec() fails -> goto error_free
Fix this by adding a bool parameter to esp_ssg_unref() that, when true,
unconditionally unrefs the source scatterlist frags. Since req->src is
not yet initialized by aead_request_set_crypt() at the point of the
error, the source scatterlist is obtained directly via esp_req_sg()
Existing callers pass false to preserve the original behavior
The same issue exists in both esp4 and esp6 as the code is identical
Wen Gong [Thu, 4 Jun 2026 09:58:31 +0000 (15:28 +0530)]
wifi: ath12k: enable IEEE80211_VHT_EXT_NSS_BW_CAPABLE when NSS ratio is reported
When firmware reports NSS ratio support, SUPPORTS_VHT_EXT_NSS_BW is enabled in
ath12k. However, IEEE80211_VHT_EXT_NSS_BW_CAPABLE must also be set to make the
advertisement valid.
According to IEEE Std 802.11-2024, Subclause 9.4.2.156.3 (Supported VHT-MCS and
NSS Set subfields), the VHT Extended NSS BW Capable bit indicates whether a STA
is capable of interpreting the Extended NSS BW Support subfield of the VHT
capabilities information field. Advertising extended NSS BW support without
setting this capability bit is therefore invalid.
Without this change, mac80211 detects the inconsistency and logs:
ieee80211 phy0: copying sband (band 1) due to VHT EXT NSS BW flag
This indicates that mac80211 implicitly aligns IEEE80211_VHT_EXT_NSS_BW_CAPABLE
during ieee80211_register_hw(). Explicitly setting the bit in ath12k avoids this
fixup and ensures capabilities are advertised correctly by the driver.
This change follows the same approach as the existing ath11k fix.
https://lore.kernel.org/all/20211013073704.15888-1-wgong@codeaurora.org/
Baochen Qiang [Tue, 9 Jun 2026 02:10:47 +0000 (10:10 +0800)]
wifi: ath12k: fix EAPOL TX failure caused by stale tcl_metadata bits
On WCN7850, after the following sequence:
1. load ath12k and connect to a non-MLO AP
2. disconnect and connect to an MLO AP
3. disconnect and reconnect to the non-MLO AP
the third connection always fails with a 4-Way handshake timeout. The
supplicant transmits message 2 of 4 four times in response to AP
retries of message 1, but the AP never sees any of them.
ath12k_dp_vdev_tx_attach() composes dp_link_vif->tcl_metadata using |=,
but dp_link_vif is embedded in struct ath12k_dp_vif and its slots are
reused across vif/peer teardown and setup. Since tcl_metadata is never
cleared on detach, vdev_id bits from a previous attach remain set when
the same link slot is reused with a different vdev_id. In this specific
issue, the same link slot is used for vdev_id 0, then vdev_id 1, then
vdev_id 0 again, the OR yields tcl_metadata == 0x9, which encodes
vdev_id 1 in the HTT_TCL_META_DATA_VDEV_ID field even though
ti.vdev_id is 0. Firmware then routes the EAPOL frame to the wrong
vdev and the AP never receives message 2.
Use plain assignment instead of |= so the field is fully recomputed
from the current arvif on every attach.
Michal Piekos [Sat, 16 May 2026 05:34:16 +0000 (07:34 +0200)]
arm64: dts: allwinner: a523: add gpadc node
Describe GPADC block on Allwinner A523.
Tested on Radxa Cubie A5E:
- 2 connected channels are showing voltages in agreement with
schematics.
BOOT-SEL-ADC ~500mV
BOM-ADC ~1800mV
- 3rd channel exposed on 40pin header is showing correct voltages when
connected to known voltage source.
MIPI CSI-2 is supported on the A83T with a dedicated controller that
covers both the protocol and D-PHY. It is connected to the only CSI
receiver with a fwnode graph link. Note that the CSI receiver supports
both this MIPI CSI-2 source and a parallel source.
An empty port with a label for the MIPI CSI-2 sensor input is also
defined for convenience.
Arnd Bergmann [Tue, 9 Jun 2026 13:27:33 +0000 (15:27 +0200)]
Merge tag 'tegra-for-7.2-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux into soc/drivers
soc/tegra: Changes for v7.2-rc1
These changes update some maintainer contact information, add a modern
way of reading the chip information and cleanup/enhance some existing
code.
* tag 'tegra-for-7.2-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux:
soc/tegra: Use ARM SMCCC to get chip ID, revision, and platform info
soc/tegra: fuse: Register nvmem lookups at probe
Documentation: ABI: Take over as contact for sysfs-driver-tegra-fuse
MAINTAINERS: Move Peter De Schrijver to CREDITS
bus: tegra-aconnect: Use dev_err_probe for probe error paths
====================
net: mctp: usb: minor fixes for MCTP over USB transport driver
This series adds a couple of fixes in the ndo_open / ndo_stop path for
the MCTP over USB transport, where we are incorrectly sequencing two
error cases.
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
====================
projects / thirdparty / linux.git / log
