Dave Airlie [Tue, 31 Mar 2026 06:38:49 +0000 (16:38 +1000)]
Merge tag 'drm-intel-next-2026-03-30' of https://gitlab.freedesktop.org/drm/i915/kernel into drm-next
drm/i915 feature pull #2 for v7.1:
Refactoring and cleanups:
- Refactor LT PHY PLL handling to use the DPLL framework (Mika)
- Implement display register polling and waits in display code (Ville)
- Move PCH clock gating in display PCH file (Luca)
- Add shared stepping info header for i915 and display (Jani)
- Clean up GVT I2C command decoding (Jonathan)
- NV12 plane unlinking cleanups (Ville)
- Clean up NV12 DDB/watermark handling for pre-ICL platforms (Ville)
Fixes:
- An assortment of DSI fixes (Ville)
- Handle PORT_NONE in assert_port_valid() (Jonathan)
- Fix link failure without FBDEV emulation (Arnd Bergmann)
- Quirk disable panel replay on certain Dell XPS models (Jouni)
- Check if VESA DPCD AUX backlight is possible (Suraj)
Ville Syrjälä [Wed, 25 Mar 2026 13:58:45 +0000 (15:58 +0200)]
drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP
Looks like I missed the drm_dp_enhanced_frame_cap() in the ivb/hsw CPU
eDP code when I introduced crtc_state->enhanced_framing. Fix it up so
that the state we program to the hardware is guaranteed to match what
we computed earlier.
Ville Syrjälä [Wed, 25 Mar 2026 13:58:44 +0000 (15:58 +0200)]
drm/i915/cdclk: Do the full CDCLK dance for min_voltage_level changes
Apparently I forgot about the pipe min_voltage_level when I
decoupled the CDCLK calculations from modesets. Even if the
CDCLK frequency doesn't need changing we may still need to
bump the voltage level to accommodate an increase in the
port clock frequency.
Currently, even if there is a full modeset, we won't notice the
need to go through the full CDCLK calculations/programming,
unless the set of enabled/active pipes changes, or the
pipe/dbuf min CDCLK changes.
Duplicate the same logic we use the pipe's min CDCLK frequency
to also deal with its min voltage level.
Note that the 'allow_voltage_level_decrease' stuff isn't
really useful here since the min voltage level can only
change during a full modeset. But I think sticking to the
same approach in the three similar parts (pipe min cdclk,
pipe min voltage level, dbuf min cdclk) is a good idea.
Cc: stable@vger.kernel.org Tested-by: Mikhail Rudenko <mike.rudenko@gmail.com> Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/15826 Fixes: ba91b9eecb47 ("drm/i915/cdclk: Decouple cdclk from state->modeset") Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com> Link: https://patch.msgid.link/20260325135849.12603-2-ville.syrjala@linux.intel.com Reviewed-by: Michał Grzelak <michal.grzelak@intel.com>
(cherry picked from commit 0f21a14987ebae3c05ad1184ea872e7b7a7b8695) Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
robbieko [Wed, 25 Mar 2026 10:18:15 +0000 (18:18 +0800)]
btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref()
After commit 1618aa3c2e01 ("btrfs: simplify return variables in
lookup_extent_data_ref()"), the err and ret variables were merged into
a single ret variable. However, when btrfs_next_leaf() returns 0
(success), ret is overwritten from -ENOENT to 0. If the first key in
the next leaf does not match (different objectid or type), the function
returns 0 instead of -ENOENT, making the caller believe the lookup
succeeded when it did not. This can lead to operations on the wrong
extent tree item, potentially causing extent tree corruption.
Fix this by returning -ENOENT directly when the key does not match,
instead of relying on the ret variable.
Fixes: 1618aa3c2e01 ("btrfs: simplify return variables in lookup_extent_data_ref()") CC: stable@vger.kernel.org # 6.12+ Reviewed-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: robbieko <robbieko@synology.com> Signed-off-by: Filipe Manana <fdmanana@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map
The DAT inode's btree node cache (i_assoc_inode) is initialized lazily
during btree operations. However, nilfs_mdt_save_to_shadow_map()
assumes i_assoc_inode is already initialized when copying dirty pages
to the shadow map during GC.
If NILFS_IOCTL_CLEAN_SEGMENTS is called immediately after mount before
any btree operation has occurred on the DAT inode, i_assoc_inode is
NULL leading to a general protection fault.
Fix this by calling nilfs_attach_btree_node_cache() on the DAT inode
in nilfs_dat_read() at mount time, ensuring i_assoc_inode is always
initialized before any GC operation can use it.
Nobody defines struct ina2xx_platform_data. Remove platform data support
from the drivers which still have it (it's effectively dead code) and
remove the header.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko@intel.com> Acked-by: Jonathan Cameron <jonathan.cameron@huawei.com> Link: https://lore.kernel.org/r/20260326-drop-ina2xx-pdata-v1-1-c159437bb2df@oss.qualcomm.com
[groeck: Fixed continuation line alignment] Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Rong Zhang [Thu, 26 Mar 2026 19:19:50 +0000 (03:19 +0800)]
hwmon: Add label support for 64-bit energy attributes
Since commit 0bcd01f757bc ("hwmon: Introduce 64-bit energy attribute
support"), devices can report 64-bit energy values by selecting the
sensor type "energy64". However, such sensors can't report their labels
since is_string_attr() was not updated to match it.
Add label support for 64-bit energy attributes by updating
is_string_attr() to match hwmon_energy64 in addition to hwmon_energy.
Guenter Roeck [Fri, 20 Mar 2026 14:45:55 +0000 (07:45 -0700)]
hwmon: (pmbus_core) Use guard() for mutex protection
Simplify the code by using guard() and scoped_guard() instead of
mutex_lock()/mutex_unlock() sequences.
This patch changes semantics for debugfs accesses. Previously, those
used mutex_lock_interruptible() and not mutex_lock(). This change is
intentional and should have little if any impact since locks should not
be held for a significant amount of time and debugfs accesses are less
critical than sysfs accesses (which never used interruptable locks).
Dawei Liu [Wed, 25 Mar 2026 09:02:08 +0000 (17:02 +0800)]
hwmon: (pmbus/isl68137) Add support for Renesas RAA228942 and RAA228943
Add I2C device IDs for Renesas RAA228942 and RAA228943.
At the Linux PMBus hwmon interface level currently supported by this
driver, these devices are compatible with the existing 2-rail non-TC
controllers, so devicetree will use fallback compatibles and no
dedicated OF match entries are needed.
Dawei Liu [Wed, 25 Mar 2026 09:02:07 +0000 (17:02 +0800)]
dt-bindings: hwmon: isl68137: Add compatible strings for RAA228942 and RAA228943
RAA228942 and RAA228943 are Renesas digital dual-output
16-phase (X+Y <= 16) PWM controllers with 2-rail non-TC
driver configuration. At the PMBus hwmon interface level,
they are compatible with existing 2-rail non-TC controllers
and use renesas,raa228244 as fallback compatible
Flaviu Nistor [Sun, 22 Mar 2026 16:26:16 +0000 (18:26 +0200)]
hwmon: lm75: Add support for label
Add support for label sysfs attribute similar to other hwmon devices.
This is particularly useful for systems with multiple sensors on the
same board, where identifying individual sensors is much easier since
labels can be defined via device tree.
Markus Hoffmann [Sun, 22 Mar 2026 10:33:01 +0000 (10:33 +0000)]
hwmon: (it87) Add support for IT8689E
Add support for the ITE IT8689E Super I/O chip. The IT8689E supports
newer autopwm, 12mV ADC, 16-bit fans, six fans, six PWM channels,
PWM frequency 2, six temperature inputs, AVCC3, temperature offset,
and fan on/off control.
Give it8689 its own GPIO configuration block in it87_find() rather
than sharing the it8620/it8628 block. The shared block reads
IT87_SIO_PINX2_REG and either marks IN3 as internal AVCC or skips
IN9. Because it8689 declares FEAT_AVCC3, IN9 is already marked as
always-internal before the GPIO block is reached; applying the PINX2
check would either create duplicate AVCC labels on IN3 and IN9 or
incorrectly skip IN9.
Also update Documentation/hwmon/it87.rst and drivers/hwmon/Kconfig to
document the newly supported chip.
Sanman Pradhan [Sat, 21 Mar 2026 18:12:05 +0000 (18:12 +0000)]
hwmon: (pmbus/max31785) check for partial i2c_transfer in read_long_data
i2c_transfer() returns the number of messages successfully
transferred, not only a negative errno on failure. When called with
two messages (write command byte followed by a read of the 4-byte
response), a return value of 1 means the command write succeeded but
the read did not complete. In that case, rspbuf remains uninitialized
and must not be interpreted as valid data.
Treat any return value other than ARRAY_SIZE(msg) as an error, and
return -EIO for partial completion. Also return 0 on success instead
of the message count, since the caller only needs to distinguish
success from failure.
Sanman Pradhan [Sat, 21 Mar 2026 18:11:47 +0000 (18:11 +0000)]
hwmon: (pmbus/max31785) use access_delay for PMBus-mediated accesses
The MAX31785 driver currently uses driver-local wrappers around PMBus
core accesses to enforce a 250us inter-access delay needed to work
around occasional NACKs from the device. This duplicates the PMBus
core delay mechanism already provided by pmbus_driver_info.access_delay
and adds unnecessary complexity.
Replace the PMBus wrapper approach with access_delay for normal
PMBus-mediated accesses, while keeping the minimal local delay handling
needed for raw pre-probe SMBus operations.
For the raw i2c_transfer() long-read path, use pmbus_wait() and
pmbus_update_ts() to keep the PMBus core timing state consistent with
the raw transfer.
Also:
- allow PMBUS_FAN_CONFIG_12 physical-page accesses to fall back to the
PMBus core, while remapping only virtual pages
- use pmbus_update_fan() directly for fan configuration updates
- use the delayed raw read helper for MFR_REVISION during probe
- add a final max31785_wait() before pmbus_do_probe() to bridge the
timing gap between pre-probe accesses and PMBus core registration
- rename 'virtual' to 'vpage', 'driver_data' to 'data', and drop the
unused to_max31785_data() macro
Sanman Pradhan [Sat, 21 Mar 2026 18:11:30 +0000 (18:11 +0000)]
hwmon: (pmbus) export pmbus_wait and pmbus_update_ts
Export pmbus_wait() and pmbus_update_ts() so that PMBus device
drivers which perform raw I2C transfers outside the core helpers
can keep the PMBus core delay bookkeeping in sync.
Move PMBUS_OP_WRITE and PMBUS_OP_PAGE_CHANGE from pmbus_core.c to
pmbus.h so device drivers can pass the correct operation type flags
to pmbus_update_ts().
This is needed by the max31785 driver, which performs raw
i2c_transfer() calls for its 4-byte extended fan speed reads that
cannot use the standard PMBus word read path.
Drops the remove callback as it only asserts reset and the probe already
registers a devres action (devm_add_action_or_reset()) to call
aspeed_pwm_tach_reset_assert().
Icenowy Zheng [Mon, 9 Mar 2026 16:24:56 +0000 (00:24 +0800)]
dt-bindings: hwmon: moortec,mr75203: adapt multipleOf for T-Head TH1520
The G and J coefficients provided by T-Head TH1520 manual (which calls
them A and C coefficients and calls H coefficient in the binding as B)
have 1/100 degree Celsius precision (the values are 42.74 and -0.16
respectively), however the binding currently only allows coefficients as
precise as 100 milli-Celsius (1/10 degree Celsius).
Change the multipleOf value of these two coefficients to 10 (in the unit
of milli-Celsius) to satisfy the need of TH1520.
Tabrez Ahmed [Sun, 8 Mar 2026 12:47:14 +0000 (18:17 +0530)]
hwmon: (ads7871) Propagate SPI errors in voltage_show
The voltage_show() function previously ignored negative error codes
returned by the underlying SPI read/write functions. Because negative
numbers have their most significant bits set in two's complement, a
failed SPI read returning -EIO (-5) would incorrectly evaluate to true
when masked with MUX_CNV_BM (0x80).
This would cause the driver to enter the polling loop even when the SPI bus
failed, eventually returning a misleading -ETIMEDOUT error to userspace
instead of the actual hardware error. Furthermore, the return values of
the initial SPI write and the final 16-bit SPI read were completely
ignored.
Add proper error checking after every SPI operation to ensure hardware
failures are immediately propagated back to userspace.
Sanman Pradhan [Sat, 7 Mar 2026 22:45:19 +0000 (14:45 -0800)]
hwmon: (pmbus/max31785) fix argument type for i2c_smbus_write_byte_data wrapper
The local wrapper max31785_i2c_write_byte_data() declares its data
parameter as u16 but passes it directly to i2c_smbus_write_byte_data()
which takes u8. Fix the type to match the underlying API.
No functional change; all current callers pass values that fit in u8.
Tabrez Ahmed [Sat, 7 Mar 2026 11:52:26 +0000 (17:22 +0530)]
hwmon: (ads7871) Fix incorrect error code in voltage_show
The voltage_show() function returns -1 when the A/D conversion
fails to complete within the polling loop. -1 maps to -EPERM
(operation not permitted), which does not describe the actual
failure.
Replace this -1 error code with -ETIMEDOUT to better indicate
the timeout condition to userspace.
Tabrez Ahmed [Sat, 7 Mar 2026 08:38:15 +0000 (14:08 +0530)]
hwmon: (ads7871) Replace sprintf() with sysfs_emit()
Use sysfs_emit() instead of sprintf() in the sysfs show function
voltage_show() to comply with the preferred kernel interface for
writing to sysfs buffers, which ensures PAGE_SIZE buffer limits
are respected.
Andrew Davis [Fri, 6 Mar 2026 17:16:52 +0000 (11:16 -0600)]
hwmon: (pmbus/max16601) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This can instead be done with
i2c_client_get_device_id(). For this driver functionality should
not change. Switch over to remove the last couple users of the
i2c_match_id() function from kernel.
Andrew Davis [Fri, 6 Mar 2026 17:16:51 +0000 (11:16 -0600)]
hwmon: (pmbus/ltc2978) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This can instead be done with
i2c_client_get_device_id(). For this driver functionality should
not change. Switch over to remove the last couple users of the
i2c_match_id() function from kernel.
Andrew Davis [Fri, 6 Mar 2026 17:16:50 +0000 (11:16 -0600)]
hwmon: (pmbus/fsp-3y) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This can be done instead with
i2c_client_get_device_id() which doesn't need the i2c_device_id
passed in so we do not need to have that forward declared, allowing
us to move the i2c_device_id table down to its more natural spot
with the other module info.
Andrew Davis [Fri, 6 Mar 2026 17:16:49 +0000 (11:16 -0600)]
hwmon: (pmbus/tps53679) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It also checks for device match data, which means we do not have
to manually check that first.
Andrew Davis [Fri, 6 Mar 2026 17:16:48 +0000 (11:16 -0600)]
hwmon: (pmbus/q54sj108a2) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It also checks for device match data, which means we do not have
to manually check that first.
Andrew Davis [Fri, 6 Mar 2026 17:16:47 +0000 (11:16 -0600)]
hwmon: (pmbus) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It doesn't need the i2c_device_id passed in so we do not need
to have that forward declared, allowing us to remove that.
Andrew Davis [Fri, 6 Mar 2026 17:16:46 +0000 (11:16 -0600)]
hwmon: (pmbus/max34440) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It doesn't need the i2c_device_id passed in so we do not need
to have that forward declared, allowing us to remove that.
Andrew Davis [Fri, 6 Mar 2026 17:16:45 +0000 (11:16 -0600)]
hwmon: (pmbus/max20730) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It also checks for device match data. That means we do not have
to manually check that first.
Andrew Davis [Fri, 6 Mar 2026 17:16:44 +0000 (11:16 -0600)]
hwmon: (pmbus/isl68137) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has a couple other benefits:
* It doesn't need the i2c_device_id passed in so we do not need
to have that forward declared, allowing us to remove that.
* It also checks for device match data, which allows for OF and
ACPI based probing.
Andrew Davis [Fri, 6 Mar 2026 17:16:43 +0000 (11:16 -0600)]
hwmon: (pmbus/ibm-cffps) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It also checks for device match data, which allows for OF based
probing. That means we do not have to manually check those first
and can remove that check.
As i2c_get_match_data() return NULL/0 on failure which also matches
the enum for "cffps1", switch around the enum order so cffps_unknown
is index 0 and existing behavior is preserved.
Andrew Davis [Fri, 6 Mar 2026 17:16:42 +0000 (11:16 -0600)]
hwmon: (pmbus/bel-pfe) Remove use of i2c_match_id()
The function i2c_match_id() is used to fetch the matching ID from
the i2c_device_id table. This is often used to then retrieve the
matching driver_data. This can be done in one step with the helper
i2c_get_match_data().
This helper has another benefit:
* It doesn't need the i2c_device_id passed in so we do not need
to have that forward declared, allowing us to remove that.
hwmon: (asus_atk0110) Convert ACPI driver to a platform one
In all cases in which a struct acpi_driver is used for binding a driver
to an ACPI device object, a corresponding platform device is created by
the ACPI core and that device is regarded as a proper representation of
underlying hardware. Accordingly, a struct platform_driver should be
used by driver code to bind to that device. There are multiple reasons
why drivers should not bind directly to ACPI device objects [1].
Overall, it is better to bind drivers to platform devices than to their
ACPI companions, so convert the asus_atk0110 ACPI driver to a platform
one.
After this change, the subordinate hwmon device will be registered under
the platform device used for driver binding and messages will be printed
relative to that device instead of its ACPI companion.
While this is not expected to alter functionality, it changes sysfs
layout and so it will be visible to user space.
Nuno Sá [Wed, 4 Mar 2026 10:17:48 +0000 (10:17 +0000)]
hwmon: (ltc4282) Add default rsense value
Instead of failing probe when the "adi,rsense-nano-ohms" firmware property
is not provided, default rsense to (NANO/MILLI), or 1 milli-Ohm. This
allows the device to probe without requiring firmware properties, which
might be useful for some high level testing.
Nuno Sá [Wed, 4 Mar 2026 10:17:47 +0000 (10:17 +0000)]
docs: hwmon: ltc4282: Fix scanned addresses
The LTC4282 driver does not implement an I2C .detect() callback, meaning no
I2C address scanning is performed. Update the documentation to
reflect this by replacing the listed I2C address ranges with "-".
Jonas Rebmann [Tue, 3 Mar 2026 11:07:02 +0000 (12:07 +0100)]
hwmon: (ina2xx) Shift INA234 shunt and current registers
The INA219 has the lowest three bits of the bus voltage register
zero-reserved, the bus_voltage_shift ina2xx_config field was introduced
to accommodate for that.
The INA234 has four bits of the bus voltage, of the shunt voltage, and
of the current registers zero-reserved but the latter two were
implemented by choosing a 16x higher shunt_div instead of a separate
field specifying a bit shift.
This is possible because shunt voltage and current are divided by
shunt_div, hence a 16x higher shunt_div results in a 16x smaller LSB for
both the shunt voltage and the current register, perfectly accounting
for the missing bit shift.
For consistency and correctness, account for the reserved bits via
shunt_voltage_shift and current_shift configuration fields as already
done for voltage registers and use the conversion constants given in the
INA234 datasheet.
Jonas Rebmann [Tue, 3 Mar 2026 11:07:01 +0000 (12:07 +0100)]
hwmon: (ina2xx) clean up unused define and outdated comment
The list of supported chips in the header is incomplete and contains no
other information not readily available. Remove the list and instead
hint that the chips supported by this driver have 219/226 compatible
register layout [unlike the ones supported by e.g. ina238].
Mariano Abad [Tue, 3 Mar 2026 00:46:04 +0000 (21:46 -0300)]
hwmon: Add LattePanda Sigma EC driver
Add hardware monitoring support for the LattePanda Sigma SBC
(DFRobot, ITE IT8613E EC). The driver reads fan speed and
temperatures via direct port I/O, as the BIOS disables the
ACPI EC interface.
Signed-off-by: Mariano Abad <weimaraner@gmail.com> Signed-off-by: Guenter Roeck <linux@roeck-us.net>
hwmon: (acpi_power_meter) Convert ACPI driver to a platform one
In all cases in which a struct acpi_driver is used for binding a driver
to an ACPI device object, a corresponding platform device is created by
the ACPI core and that device is regarded as a proper representation of
underlying hardware. Accordingly, a struct platform_driver should be
used by driver code to bind to that device. There are multiple reasons
why drivers should not bind directly to ACPI device objects [1].
Overall, it is better to bind drivers to platform devices than to their
ACPI companions, so convert the hwmon ACPI power meter driver to a
platform one.
After this change, the subordinate hwmon device will be registered
under the platform device representing the ACPI power meter, sysfs
notifications will trigger on that device, and diagnostic messages
will be printed relative to it instead of its ACPI companion.
To facilitate subsequent conversion of the driver to a platform one,
make it install an ACPI notify handler directly instead of using
a .notify() callback in struct acpi_driver.
hwmon: (acpi_power_meter) Drop redundant checks from three functions
Since acpi_power_meter_notify() and acpi_power_meter_remove() are
.notify() and .remove() callback functions of an ACPI driver,
respectively, the first argument of the former and the only argument
of the latter cannot be NULL. Likewise, the acpi_power_meter_resume()
argument cannot be NULL because it is a system resume callback
function.
Moreover, since all of these functions can only run after
acpi_power_meter_add() has returned 0, the driver_data field in the
struct acpi_device object used by them cannot be NULL either.
Accordingly, drop the redundant "device" checks against NULL from
acpi_power_meter_notify() and acpi_power_meter_remove(), drop the
redundant "dev" check against NULL from acpi_power_meter_resume(),
and drop the redundant acpi_driver_data() checks against NULL from
all of these functions.
Additionally, combine the initialization of the "resource" local
variable in acpi_power_meter_notify() and acpi_power_meter_remove()
with its declaration.
Ashish Yadav [Mon, 23 Feb 2026 05:08:03 +0000 (10:38 +0530)]
hwmon: (pmbus/core) Add support for NVIDIA nvidia195mv mode
Extend the PMBus core vrm_version handling to support NVIDIA nvidia195mv
VID mode. This adds a new VRM/VID encoding type and the corresponding
voltage conversion logic so devices reporting nvidia195mv can have their
VOUT/VID values interpreted correctly by the hwmon PMBus core.
Hao Yu [Mon, 23 Feb 2026 17:38:53 +0000 (01:38 +0800)]
hwmon: (aht10) add device tree ID matching
Add of_device_id table to allow the driver to be matched via
Device Tree. This is required for supporting the AHT10/20/DHT20
sensors on platforms using DT.
Hao Yu [Mon, 23 Feb 2026 17:38:52 +0000 (01:38 +0800)]
dt-bindings: hwmon: add Aosong AHT10/AHT20/DHT20 to trivial devices
Add Aosong AHT10, AHT20 and DHT20 temperature and humidity sensors
to the trivial-devices documentation. These sensors use a standard
I2C interface and do not require complex binding definitions.
The GPD Win 5 is a new device by GPD with an AMD AI MAX 385/395 chip.
It uses the same fan control registers as the GPD Win Duo. This
information was provided by GPD.
Pengpeng Hou [Sat, 28 Mar 2026 23:43:56 +0000 (07:43 +0800)]
bnxt_en: set backing store type from query type
bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the
firmware response in ctxm->type and later uses that value to index
fixed backing-store metadata arrays such as ctx_arr[] and
bnxt_bstore_to_trace[].
ctxm->type is fixed by the current backing-store query type and matches
the array index of ctx->ctx_arr. Set ctxm->type from the current loop
variable instead of depending on resp->type.
Also update the loop to advance type from next_valid_type in the for
statement, which keeps the control flow simpler for non-valid and
unchanged entries.
Fixes: 6a4d0774f02d ("bnxt_en: Add support for new backing store query firmware API") Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn> Reviewed-by: Michael Chan <michael.chan@broadcom.com> Tested-by: Michael Chan <michael.chan@broadcom.com> Link: https://patch.msgid.link/20260328234357.43669-1-pengpeng@iscas.ac.cn Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Lorenzo Bianconi [Sun, 29 Mar 2026 10:32:27 +0000 (12:32 +0200)]
net: airoha: Delay offloading until all net_devices are fully registered
Netfilter flowtable can theoretically try to offload flower rules as soon
as a net_device is registered while all the other ones are not
registered or initialized, triggering a possible NULL pointer dereferencing
of qdma pointer in airoha_ppe_set_cpu_port routine. Moreover, if
register_netdev() fails for a particular net_device, there is a small
race if Netfilter tries to offload flowtable rules before all the
net_devices are properly unregistered in airoha_probe() error patch,
triggering a NULL pointer dereferencing in airoha_ppe_set_cpu_port
routine. In order to avoid any possible race, delay offloading until
all net_devices are registered in the networking subsystem.
Yochai Eisenrich [Sat, 28 Mar 2026 21:14:36 +0000 (00:14 +0300)]
net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak
When building netlink messages, tc_chain_fill_node() never initializes
the tcm_info field of struct tcmsg. Since the allocation is not zeroed,
kernel heap memory is leaked to userspace through this 4-byte field.
The fix simply zeroes tcm_info alongside the other fields that are
already initialized.
Fixes: 32a4f5ecd738 ("net: sched: introduce chain object to uapi") Signed-off-by: Yochai Eisenrich <echelonh@gmail.com> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Link: https://patch.msgid.link/20260328211436.1010152-1-echelonh@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
====================
net: stmmac: qcom-ethqos: more cleanups
Further cleanups to qcom-ethqos, mainly concentrating on the RGMII
code, making it clearer what the differences are for each speed, thus
making the code more readable.
I'm still not really happy with this. The speed specific configuration
remains split between ethqos_fix_mac_speed_rgmii() and
ethqos_rgmii_macro_init(), where the latter is only ever called from
the former. So, I think further work is needed here - maybe it needs
restructuring into the various componenet parts of the RGMII block?
====================
The comment for calculating the prg_rclk_dly value is incorrect as it
omits the brackets around the divisor. Add the brackets to allow the
reader to correctly evaluate the value. Validated with the values given
in the driver.
net: stmmac: qcom-ethqos: move loopback decision next to reg update
Move the loopback decision next to the register update, and make the
local variable unsigned. As a result, there is now no need for the
comment referring to the programming being later.
Rather than coding the entire register update twice with different
values, use a local variable to specify the value and have one
register update statement that uses this local variable. This results
in neater code.
net: stmmac: qcom-ethqos: finally eliminate the switch
Move the RCLK delay configuration out of the switch, which just leaves
the RGMII_CONFIG_LOOPBACK_EN setting in all three paths. This makes it
trivial to eliminate the switch.
Move RGMII_CONFIG2_RX_PROG_SWAP out of the switch. 1G speed always
sets this field. 100M and 10M sets it for has_emac_ge_3 devices,
otherwise it is cleared.
Move the speed programming for 100M and 10M out of the switch. There
is no programming done for 1G speed.
It looks like there are two fields, 7:6 which are programemd to '1'
to select a /2 divisor for 100M, and bits 16:8 which are programmed
to '19' to select a /20 divisor.
net: stmmac: qcom-ethqos: move two more RGMII_IO_MACRO_CONFIG2 out
RGMII_CONFIG2_DATA_DIVIDE_CLK_SEL is always cleared, and
RGMII_CONFIG2_TX_CLK_PHASE_SHIFT_EN is always updated with the phase
shift in each path through the switch, so these are independent of
the speed. Move them out.
net: stmmac: qcom-ethqos: move 1G vs 100M/10M RGMII settings
Move RGMII_CONFIG_BYPASS_TX_ID_EN, RGMII_CONFIG_POS_NEG_DATA_SEL and
RGMII_CONFIG_PROG_SWAP. There are two states for these: one group for
1G, and the logical inversion for 100M and 10M. Move this out of the
switch into an if-else clause.
net: stmmac: qcom-ethqos: move detection of invalid RGMII speed
Move detection of invalid RGMII speeds (which will never be triggered)
before the switch() to allow register modifications that are common to
all speeds to be moved out of the switch.
Since ethqos_fix_mac_speed() is called via a function pointer, and only
indirects via the configure_func function pointer, eliminate this
unnecessary indirection.
net: stmmac: qcom-ethqos: pass ethqos to ethqos_pcs_set_inband()
Rather than getting the stmmac_priv pointer in
ethqos_configure_sgmii(), move it into ethqos_pcs_set_inband() and pass
the struct qcom_ethqos pointer instead.
ethqos_configure() does nothing more than indirect via
ethqos->configure_func, and is only called from ethqos_fix_mac_speed()
just below. Move the indirect call into ethqos_fix_mac_speed().
Guoyu Su [Fri, 27 Mar 2026 15:35:07 +0000 (23:35 +0800)]
net: use skb_header_pointer() for TCPv4 GSO frag_off check
Syzbot reported a KMSAN uninit-value warning in gso_features_check()
called from netif_skb_features() [1].
gso_features_check() reads iph->frag_off to decide whether to clear
mangleid_features. Accessing the IPv4 header via ip_hdr()/inner_ip_hdr()
can rely on skb header offsets that are not always safe for direct
dereference on packets injected from PF_PACKET paths.
Use skb_header_pointer() for the TCPv4 frag_off check so the header read
is robust whether data is already linear or needs copying.
Lorenzo Bianconi [Fri, 27 Mar 2026 09:48:21 +0000 (10:48 +0100)]
net: airoha: Add missing cleanup bits in airoha_qdma_cleanup_rx_queue()
In order to properly cleanup hw rx QDMA queues and bring the device to
the initial state, reset rx DMA queue head/tail index. Moreover, reset
queued DMA descriptor fields.
Ng Tze Yee [Tue, 24 Feb 2026 06:01:55 +0000 (22:01 -0800)]
arm64: dts: socfpga: stratix10: Add emmc support
The Stratix10 devkit supports a separate eMMC daughter card. The eMMC
daughter card replaces the SDMMC slot that is on the default daughter card
and thus requires a separate board dts file.
Signed-off-by: Ng Tze Yee <tzeyee.ng@altera.com> Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Stratix 10 devkit support a separate eMMC daughter card. Add compatible
string for the Stratix 10 SoCDK eMMC daughter board with
"altr,socfpga-stratix10-socdk" as a fallback, since this variant is based
on the standard SoCDK board.
Acked-by: Rob Herring (Arm) <robh@kernel.org> Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@oss.qualcomm.com> Signed-off-by: Ng Tze Yee <tzeyee.ng@altera.com> Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
Paolo Abeni [Fri, 27 Mar 2026 09:52:57 +0000 (10:52 +0100)]
ipv6: prevent possible UaF in addrconf_permanent_addr()
The mentioned helper try to warn the user about an exceptional
condition, but the message is delivered too late, accessing the ipv6
after its possible deletion.
Reorder the statement to avoid the possible UaF; while at it, place the
warning outside the idev->lock as it needs no protection.
Reported-by: Jakub Kicinski <kuba@kernel.org> Closes: https://sashiko.dev/#/patchset/8c8bfe2e1a324e501f0e15fef404a77443fd8caf.1774365668.git.pabeni%40redhat.com Fixes: f1705ec197e7 ("net: ipv6: Make address flushing on ifdown optional") Signed-off-by: Paolo Abeni <pabeni@redhat.com> Link: https://patch.msgid.link/ef973c3a8cb4f8f1787ed469f3e5391b9fe95aa0.1774601542.git.pabeni@redhat.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Jan Hoffmann [Sun, 29 Mar 2026 19:11:11 +0000 (21:11 +0200)]
net: sfp: add quirk for ZOERAX SFP-2.5G-T
This is a 2.5G copper module which appears to be based on a Motorcomm
YT8821 PHY. There doesn't seem to be a usable way to to access the PHY
(I2C address 0x56 provides only read-only C22 access, and Rollball is
also not working).
The module does not report the correct extended compliance code for
2.5GBase-T, and instead claims to support SONET OC-48 and Fibre Channel:
Despite this, the kernel still enables the correct 2500Base-X interface
mode. However, for the module to actually work, it is also necessary to
disable inband auto-negotiation.
Enable the existing "sfp_quirk_oem_2_5g" for this module, which handles
that and also sets the bit for 2500Base-T link mode.
Jakub Kicinski [Sun, 29 Mar 2026 18:04:28 +0000 (11:04 -0700)]
selftests/bpf: Test that dst is cleared on same-protocol encap
Verify that bpf_skb_adjust_room() clears the routing dst even when
the encap L3 protocol matches the original packet (e.g. IPIP).
The dst selected for the inner packet is not valid for the
encapsulated result; a stale dst could lead to misrouting.
Arnd Bergmann [Fri, 27 Mar 2026 16:55:08 +0000 (17:55 +0100)]
vfio: unhide vdev->debug_root
When debugfs is disabled, the hisilicon driver now fails to build:
drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c: In function 'hisi_acc_vfio_debug_init':
drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c:1671:62: error: 'struct vfio_device' has no member named 'debug_root'
1671 | vfio_dev_migration = debugfs_lookup("migration", vdev->debug_root);
| ^~
The driver otherwise relies on dead-code elimination, but this reference
fails. The single struct member is not going to make much of a difference
for memory consumption, so just keep this visible unconditionally.
Jakub Kicinski [Sun, 29 Mar 2026 18:04:27 +0000 (11:04 -0700)]
net: Clear the dst when performing encap / decap
Commit ba9db6f907ac ("net: clear the dst when changing skb protocol")
added dst clearing when a BPF program changes the skb protocol
(e.g. IPv4 to IPv6). Since that was a fix we only cleared the dst when
the L3 protocol actually changes to keep it minimal. As suggested during
the discussion (see Link) encap or decap operation which wraps or unwraps
a same-protocol header may also render the existing dst incorrect - even
if that doesn't result in a crash, just the wrong route for the now-outermost
IP dst.
Make dropping dst unconditional for bpf_skb_change_proto() and all
L3 encap / decap ops.
Julian Braha [Mon, 30 Mar 2026 21:45:49 +0000 (22:45 +0100)]
PCI: Clean up dead code in Kconfig
There is already an 'if PCI' condition wrapping several config options,
e.g., PCI_DOMAINS and VGA_ARB, making the 'depends on PCI' statement for
each of these a duplicate dependency (dead code).
Leave the outer 'if PCI...endif' and remove the individual 'depends on PCI'
statement from each option.
This dead code was found by kconfirm, a static analysis tool for Kconfig.
projects / thirdparty / linux.git / log
