Arnd Bergmann [Tue, 9 Jun 2026 16:14:00 +0000 (18:14 +0200)]
Merge tag 'riscv-dt-for-v7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/conor/linux into soc/dt
Microchip RISC-V devicetrees for v7.2
This time around, there's nothing other than patches for Microchip
boards. All of this is low priority fixes and cleanup, centred on the
pic64gx and beaglev-fire boards. There is no new support added.
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
* tag 'riscv-dt-for-v7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/conor/linux:
riscv: dts: microchip: remove redudant enabling of syscontroller
riscv: dts: microchip: fix pic64gx gpio interrupt-cells
riscv: dts: microchip: add gpio line names on beaglev-fire
riscv: dts: microchip: add adc interrupt on beaglev-fire
riscv: dts: microchip: clean up beaglev-fire regulator node names
riscv: dts: microchip: remove gpio hogs from beaglev-fire
riscv: dts: microchip: gpio controllers on mpfs need 2 interrupt cells
riscv: dts: microchip: sort pic64gx i2c nodes alphanumerically
riscv: dts: microchip: update pic64gx gpio interrupts to better match the SoC
riscv: dts: microchip: add tsu clock to macb on pic64gx
Increase the pm_runtime autosuspend delay to be longer than the
timeout of the firmware's own inactivity timer.
There is no point attempting to pm_runtime suspend any sooner than
the firmware idle timeout because it would only mean the driver has
to poll waiting for the firmware idle.
Tang Yizhou [Tue, 26 May 2026 02:15:55 +0000 (10:15 +0800)]
block: propagate in_flight to whole disk on partition I/O
Now when I/O is submitted to a partition, the per-CPU in_flight[]
counter is incremented only on the partition's block_device, not on the
underlying whole disk. This leads to a problem which can be shown by a
fio test:
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
mydev 252:1 0 20G 0 disk
└─mydev1 259:0 0 10G 0 part
%util is different between mydev and mydev1, which is unexpected.
This is the cumulative effect of a series of patches. The root cause is
commit e016b78201a2 ("block: return just one value from part_in_flight"),
which deleted the branch in part_in_flight() that aggregated the whole-disk
in_flight count on top of the partition's. Then the second commit is
commit 10ec5e86f9b8 ("block: merge part_{inc,dev}_in_flight into their
only callers"), which folded the whole-disk in_flight accounting into
generic_start_io_acct() and generic_end_io_acct(). Those two helpers
were then removed by commit e722fff238bb ("block: remove
generic_{start,end}_io_acct"), and from that point on the whole disk's
in_flight is no longer accounted at all.
In update_io_ticks(), if calling bdev_count_inflight() finds that the
inflight value of the whole device is 0, the accumulation of io_ticks will
be skipped, causing the reported util% value to be underestimated.
Fix it by restoring the whole-disk in_flight accounting.
Fixes: e016b78201a2 ("block: return just one value from part_in_flight") Suggested-by: Leon Hwang <leon.huangfu@shopee.com> Assisted-by: Claude:claude-opus-4-7 Signed-off-by: Tang Yizhou <yizhou.tang@shopee.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Link: https://patch.msgid.link/20260526021555.359500-1-yizhou.tang@shopee.com Signed-off-by: Jens Axboe <axboe@kernel.dk>
Arnd Bergmann [Tue, 9 Jun 2026 16:12:24 +0000 (18:12 +0200)]
Merge tag 'v7.2-rockchip-dts64-2' of https://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip into soc/dt
We've got basic camera support on RK3588!
New peripherals RK3588 vicap plus camera addition to some boards,
RK3528 USB and USB enablement on some boards, RGA3 support on RK3588.
Missing EL2 virtual timer interrupt added to RK3588.
Some more added peripherals for the Khadas Edge 2L board.
* tag 'v7.2-rockchip-dts64-2' of https://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip:
arm64: dts: rockchip: Fix vcc_sdio regulator max voltage on Pinebook Pro
arm64: dts: rockchip: Enable USB 2.0 ports on NanoPi Zero2
arm64: dts: rockchip: Enable USB 2.0 ports on ArmSoM Sige1
arm64: dts: rockchip: Enable USB ports on Radxa ROCK 2A/2F
arm64: dts: rockchip: Enable USB 2.0 ports on Radxa E20C
arm64: dts: rockchip: Add USB nodes for RK3528
arm64: dts: rockchip: enable adc button for Radxa E25
arm64: dts: rockchip: Add Bluetooth support for Khadas Edge 2L
arm64: dts: rockchip: Enable USB for Khadas Edge 2L
arm64: dts: rockchip: Disable removed devices from rk3399-nanopi-r4s
arm64: dts: rockchip: Fix EEPROM compatible on rk3399-nanopi-r4s-enterprise
arm64: dts: rockchip: add radxa camera 4k on rock 5b+ cam1
arm64: dts: rockchip: add radxa camera 4k on rock 5b+ cam0
arm64: dts: rockchip: add vicap node to rk3588
arm64: dts: rockchip: Add EL2 virtual timer interrupt
arm64: dts: rockchip: add rga3 dt nodes to rk3588
Yuho Choi [Mon, 8 Jun 2026 17:07:48 +0000 (13:07 -0400)]
PM: QoS: Fix misc device registration unwind
cpu_latency_qos_init() registers cpu_dma_latency first and, when
CONFIG_PM_QOS_CPU_SYSTEM_WAKEUP is enabled, registers cpu_wakeup_latency
afterwards. The second registration overwrites the first return value.
As a result, a failure to register cpu_dma_latency can be masked if the
second registration succeeds. Conversely, if cpu_dma_latency succeeds and
cpu_wakeup_latency fails, the function returns an error while leaving the
first misc device registered.
Return immediately on the first registration failure and deregister
cpu_dma_latency if the second registration fails.
virtio-blk: clamp zone report to the report buffer capacity
virtblk_report_zones() trusts the device-reported number of zones when
walking the report buffer:
nz = min_t(u64, virtio64_to_cpu(vblk->vdev, report->nr_zones),
nr_zones);
...
for (i = 0; i < nz && zone_idx < nr_zones; i++) {
ret = virtblk_parse_zone(vblk, &report->zones[i], ...);
The buffer is allocated by virtblk_alloc_report_buffer(), whose size is
capped by the queue's max hardware sectors and max segments and can
therefore hold fewer descriptors than nr_zones. nz is bounded only by
the device-supplied report->nr_zones and the requested nr_zones, never
by the buffer's descriptor capacity. At probe time the request count is
unbounded (blk_revalidate_disk_zones() calls report_zones() with
nr_zones == UINT_MAX), so the device-supplied report->nr_zones is the
sole gate: a device that reports more zones than fit in the buffer
drives the loop to read report->zones[i] past the end of the allocation.
A malicious or buggy virtio-blk device that reports an inflated nr_zones
triggers this during zone revalidation at probe. KASAN reports a
vmalloc-out-of-bounds read in virtblk_report_zones() against the report
buffer allocated a few lines earlier.
Clamp nz to the number of descriptors that actually fit in the report
buffer.
Fixes: 95bfec41bd3d ("virtio-blk: add support for zoned block devices") Assisted-by: Claude:claude-opus-4-8 Signed-off-by: Michael Bommarito <michael.bommarito@gmail.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Link: https://patch.msgid.link/20260607124834.3059944-1-michael.bommarito@gmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk>
Arnd Bergmann [Tue, 9 Jun 2026 16:01:42 +0000 (18:01 +0200)]
Merge tag 'hisi-arm64-dt-for-7.2' of https://github.com/hisilicon/linux-hisi into soc/dt
ARM64: DT: HiSilicon ARM64 DT updates for v7.2
- Move role-switch endpoint into connector on hi3660-hikey960
* tag 'hisi-arm64-dt-for-7.2' of https://github.com/hisilicon/linux-hisi:
arm64: dts: hisilicon: hi3660-hikey960: move role-switch endpoint into connector
Arnd Bergmann [Tue, 9 Jun 2026 16:00:12 +0000 (18:00 +0200)]
Merge tag 'imx-dt-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/frank.li/linux into soc/dt
i.MX ARM device tree changes for 7.2:
DT Binding Cleanup:
- Replaced undocumented compatible strings with proper ones:
* edt,edt-ft5x06 -> edt,edt-ft5206
* marvell,88E1510 -> ethernet-phy-ieee802.3-c22
* karo,imx6qdl-tx6-sgtl5000 -> simple-audio-card
- Fixed incorrect VAR-SOM-MX6UL references (corrected to VAR-SOM-MX6)
- Added missing required properties:
* #phy-cells for usb-nop-xceiv
* #io-channel-cells to ADC nodes
* bus-type for ov5642/ov5640 cameras
* ti,deskew = <0> for ti,tfp410
- Added missing supply properties (power-supply, vdd-supply, dvdd-supply, avdd-supply)
- Removed redundant/empty properties (bus-width for video-mux, empty clock-names)
- Fixed boolean property warnings and non-existent property references
- Converted TS-4800 watchdog to DT schema
- Renamed wdt nodes to watchdog for consistency
New Features Added:
- PCIe Root Port nodes and PERST property for imx6qdl, imx6sx, and imx7d
- OV5645 camera support for imx7d-pico-pi
- LVDS display panel support for imx6ul-var-som
- WiFi and Bluetooth support for VAR-SOM boards
- nvmem-layout support for imx7
- New bus bindings: fsl,aipi-bus and fsl,emi-bus
- New board binding: variscite,var-som-imx6ull
Code Refactoring:
- VAR-SOM-MX6UL/ULL: factored out common parts for CPU variants
- Separated audio, ethernet (ENET1/ENET2), and SD card support into reusable components
* tag 'imx-dt-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/frank.li/linux: (35 commits)
dt-bindings: soc: imx: Add fsl,aipi-bus and fsl,emi-bus
ARM: dts: freescale: add bootph-all to i.MX7ULP watchdog nodes
ARM: dts: imx7: add nvmem-layout
ARM: dts: imx7d-pico-pi: add OV5645 camera support
ARM: dts: imx6-display5: replace marvell,88E1510 with ethernet-phy-ieee802.3-c22
ARM: dts: imx: replace undocumented compatible string edt,edt-ft5x06 with edt,edt-ft5206
ARM: dts: imx6qdl-tx6: remove undocumented karo,imx6qdl-tx6-sgtl5000 and keep only simple-audio-card
ARM: dts: imx: Add bus-type for ov5642/ov5640
ARM: dts: imx: remove redundant bus-width for video-mux
ARM: dts: imx: add (power|vdd)-supply for related node
ARM: dts: imx53-ppd: add '#phy-cells' for usb-nop-xceiv
ARM: dts: imx53-qsb: add dvdd and avdd supply for panel sii,43wvf1g
ARM: dts: imx: add ti,deskew = <0> for ti,tfp410
ARM: dts: imx7d: Add Root Port node and PERST property
ARM: dts: imx6sx: Add Root Port node and PERST property
ARM: dts: imx6qdl: Add Root Port node and PERST property
ARM: dts: nxp: imx51-ts4800: Rename wdt node to watchdog
dt-bindings: watchdog: Convert TS-4800 to DT schema
ARM: dts: imx6ul: add #io-channel-cells to ADC
ARM: dts: imx25: remove empty clock-names for nand-controller@bb000000
...
Arnd Bergmann [Tue, 9 Jun 2026 15:59:29 +0000 (17:59 +0200)]
Merge tag 'apple-soc-dt-7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/sven/linux into soc/dt
Apple SoC DT update for 7.2
Add minimal device trees for all t8122 / base M3 based devices and some
required new compatibles to the dt-bindings. These are enough to boot
Linux on these devices to a simple serial console but future work is
required to make these machines useful for end users.
Signed-off-by: Sven Peter <sven@kernel.org>
* tag 'apple-soc-dt-7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/sven/linux:
arm64: dts: apple: Initial t8122 (M3) device trees
dt-bindings: arm: apple: Add M3 based devices
dt-bindings: pwm: apple,s5l-fpwm: Add t8122 compatible
dt-bindings: power: apple,pmgr-pwrstate: Add t8122 compatible
dt-bindings: arm: apple: apple,pmgr: Add t8122 compatible
Arnd Bergmann [Tue, 9 Jun 2026 15:56:58 +0000 (17:56 +0200)]
Merge tag 'ti-k3-dt-for-v7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/ti/linux into soc/dt
TI K3 device tree updates for v7.2
SoC Specific Features and Fixes:
J722S:
- Use ti,j7200-padconf compatible for pad configuration
- Add MCU and wakeup domain peripherals specific to J722S
- Use J722S-specific compatibles for WIZ, gmii-sel and CPSW3G nodes
Board Specific Features and Fixes:
AM62x (Toradex Verdin):
- Add display overlays: DSI-to-HDMI adapter, DSI-to-LVDS adapter with 10.1"
panel, capacitive touch displays in 7" DSI, 10.1" DSI and 10.1" LVDS
configurations, and Mezzanine with 10.1" LVDS display
- Add NAU8822 Bridge Tied Load audio support
- Add OV5640 CSI camera overlays
- Add Verdin Mezzanine CAN overlay
- Reserve UART_4 for Cortex-M4F use
AM625:
- Add support for TQ-Systems TQMa62xx SoM and MBa62xx carrier board,
including new dt-bindings compatible strings
AM62x (phyBOARD-Lyra):
- Add DT overlay for Lincoln LCD185-101CT OLDI panel
AM62-LP SK:
- Add system-power-controller node
AM62A7 SK:
- Add bootph-all tag to vqmmc regulator for proper boot sequencing
J721S2-som:
- Add bootph-pre-ram property to PMIC-B for proper early boot sequencing
* tag 'ti-k3-dt-for-v7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/ti/linux:
arm64: dts: ti: k3-am62-verdin: Add Mezzanine with Toradex Display 10.1" LVDS
arm64: dts: ti: k3-am62-verdin: Add Toradex Verdin Mezzanine CAN
arm64: dts: ti: k3-am62-verdin: Add Toradex OV5640 CSI Cameras
arm64: dts: ti: k3-am62-verdin: Reserve UART_4 for Cortex-M4F
arm64: dts: ti: k3-am62-verdin: Add NAU8822 Bridge Tied Load
arm64: dts: ti: k3-am62-verdin: Add Toradex Capacitive Touch Display 7" DSI
arm64: dts: ti: k3-am62-verdin: Add Toradex Capacitive Touch Display 10.1" DSI
arm64: dts: ti: k3-am62-verdin: Add Toradex Capacitive Touch Display 10.1" LVDS
arm64: dts: ti: k3-am62-verdin: Add Toradex DSI to LVDS adapter with 10.1" display
arm64: dts: ti: k3-j722s-main: use J722S compatibles for WIZ, gmii-sel and CPSW3G
arm64: dts: ti: k3-am62-verdin: Add DSI to HDMI adapter overlay
arm64: dts: ti: Add TQ-Systems TQMa62xx SoM and MBa62xx carrier board Device Trees
dt-bindings: arm: ti: Add compatible for AM625-based TQMa62xx SOM family and carrier board
arm64: dts: ti: am62-phyboard-lyra: Add DT overlay for Lincoln LCD185-101CT panel
arm64: dts: ti: k3-j721s2-som-p0: add bootph-pre-ram property to PMIC-B
arm64: dts: ti: k3-j722s: Add wakeup domain peripherals specific to J722S
arm64: dts: ti: k3-j722s: Add mcu domain peripherals specific to J722S
arm64: dts: ti: k3-j722s: Use ti,j7200-padconf compatible
arm64: dts: ti: k3-am62-lp-sk: Add system-power-controller
arm64: dts: ti: k3-am62a7-sk: Add bootph-all tag to vqmmc
Arnd Bergmann [Tue, 9 Jun 2026 15:44:42 +0000 (17:44 +0200)]
Merge tag 'tegra-for-7.2-arm64-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux into soc/dt
arm64: tegra: Changes for v7.2-rc1
This contains a fix for GPIO on Jetson AGX Thor and enables the PCIe
controllers used on this platform.
Smaug (a.k.a. Pixel C) devices can now be properly powered off via the
PMIC.
Miscellaneous improvements are made across a number of different boards,
such as SMMU enablement on Tegra194 platforms and some better bootloader
interoperation on Chromium-based devices.
Finally, various minor fixes to device tree properties round off this
set of changes.
* tag 'tegra-for-7.2-arm64-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux:
arm64: tegra: Enable SMMU on Tegra194 display controllers
Revert "arm64: tegra: Disable ISO SMMU for Tegra194"
arm64: tegra: Add #{address,size}-cells to Chromium-based /firmware
arm64: tegra: Fix aspm-l1-entry-delay-ns L1 latency cells
arm64: tegra: Mark MAX77620 as system power controller on Smaug
arm64: tegra: Enable PCIe for Jetson AGX Thor
arm64: tegra: Fix address of Tegra264 main GPIO controller
arm64: tegra: Add aspm-l1-entry-delay-ns to PCIe nodes
arm64: tegra: Fix Tegra234 MGBE PTP clock
====================
bpf: Enforce BTF pointer write checks for global args
check_mem_reg() verifies both read and write access when a caller passes
memory into a global subprogram. For PTR_TO_BTF_ID callers,
check_helper_mem_access() currently always checks the access as BPF_READ.
That lets a tracing program pass a task_struct field pointer to a global
subprogram argument typed as writable memory. The direct field store is rejected
with "only read is supported", but the callee is validated with a generic
writable PTR_TO_MEM argument and can store through it.
Forward the requested access type into the PTR_TO_BTF_ID helper-access path and
add verifier coverage for the global-subprogram argument case.
Without this series:
direct BTF field store rejected with "only read is supported";
global-subprogram candidate loaded, attached, and runtime-confirmed.
With this series applied:
direct BTF field store rejected with "only read is supported";
global-subprogram candidate rejected with "only read is supported".
Nuoqi Gui [Tue, 9 Jun 2026 14:43:51 +0000 (22:43 +0800)]
selftests/bpf: Cover writable BTF field global subprog args
Add a verifier test for passing a BTF-backed task_struct field pointer to a
global subprogram argument typed as writable memory.
The direct field store is already rejected.
The global subprogram path should be rejected too.
The callee must not lose the BTF pointer's read-only provenance.
It must not validate the argument as ordinary writable memory.
Nuoqi Gui [Tue, 9 Jun 2026 14:43:50 +0000 (22:43 +0800)]
bpf: Enforce write checks for BTF pointer helper access
check_mem_reg() verifies both read and write access for global subprogram
memory arguments. When the caller register is PTR_TO_BTF_ID,
check_helper_mem_access() currently forwards the access to
check_ptr_to_btf_access() as BPF_READ regardless of the requested access
type.
This lets a BTF-backed kernel object field pointer pass the caller-side
writable memory check for a global subprogram argument. The callee is then
validated with a generic writable PTR_TO_MEM argument and can store through
it, even though an equivalent direct BTF field store is rejected with "only
read is supported".
Forward the requested access type to check_ptr_to_btf_access().
This enforces existing BTF write restrictions for global subprogram memory
arguments as well.
Nuno Sá [Sat, 2 May 2026 09:56:54 +0000 (10:56 +0100)]
gpio: gpio-ltc4283: Add support for the LTC4283 Swap Controller
The LTC4283 device has up to 8 pins that can be configured as GPIOs.
Note that PGIO pins are not set as GPIOs by default so if they are
configured to be used as GPIOs we need to make sure to initialize them
to a sane default. They are set as inputs by default.
Nuno Sá [Sat, 2 May 2026 09:56:53 +0000 (10:56 +0100)]
hwmon: ltc4283: Add support for the LTC4283 Swap Controller
Support the LTC4283 Hot Swap Controller. The device features programmable
current limit with foldback and independently adjustable inrush current to
optimize the MOSFET safe operating area (SOA). The SOA timer limits MOSFET
temperature rise for reliable protection against overstresses.
An I2C interface and onboard ADC allow monitoring of board current,
voltage, power, energy, and fault status.
timers/migration: Temporarily disable per capacity hierarchies
Some workloads with different CPU capacities consume more power with
timer migration than before. The recently introduced per capacity
hierarchies were supposed to alleviate this problem. However it appears
to also regress other types of workloads, especially when plenty of
capacities live together in the same machine.
Disable the feature until a reasonable solution is found.
Linus Torvalds [Tue, 9 Jun 2026 15:24:25 +0000 (08:24 -0700)]
Merge tag 'mm-hotfixes-stable-2026-06-08-20-51' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull misc fixes from Andrew Morton:
"11 hotfixes. 9 are for MM. 8 are cc:stable and the remaining 3 address
post-7.1 issues or aren't considered suitable for backporting.
Thre's a two-patch series "mm/damon/{reclaim,lru_sort}: handle ctx
allocation failures" from SeongJae Park which fixes a couple of DAMON
-ENOMEM bloopers. The rest are singletons - please see the individual
changelogs for details"
* tag 'mm-hotfixes-stable-2026-06-08-20-51' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
mm/mincore: handle non-swap entries before !CONFIG_SWAP guard
arm64: mm: call pagetable dtor when freeing hot-removed page tables
mm/list_lru: drain before clearing xarray entry on reparent
mm/huge_memory: use correct flags for device private PMD entry
mm/damon/lru_sort: handle ctx allocation failure
mm/damon/reclaim: handle ctx allocation failure
zram: fix use-after-free in zram_bvec_write_partial()
MAINTAINERS: update Baoquan He's email address
tools headers UAPI: sync linux/taskstats.h for procacct.c
mm/cma_sysfs: skip inactive CMA areas in sysfs
ipc/shm: serialize orphan cleanup with shm_nattch updates
Nuno Sá [Sat, 2 May 2026 09:56:52 +0000 (10:56 +0100)]
dt-bindings: hwmon: Document the LTC4283 Swap Controller
The LTC4283 is a negative voltage hot swap controller that drives an
external N-channel MOSFET to allow a board to be safely inserted and
removed from a live backplane.
Special note for the "adi,vpower-drns-enable" property. It allows to choose
between the attenuated MOSFET drain voltage or the attenuated input
voltage at the RTNS pin (effectively choosing between input or output
power). This is a system level decision not really intended to change at
runtime and hence is being added as a Firmware property.
Fix driver issues:
- Add the missing regulator and property files in include
- Declare XDP720_DEFAULT_RIMON as unsigned constant
- Declare struct pmbus_driver_info xdp720_info as constant
Syed Arif [Mon, 1 Jun 2026 18:45:36 +0000 (18:45 +0000)]
hwmon: (pmbus/max20860a) Add driver for Analog Devices MAX20860A
Add a PMBus driver for the Analog Devices MAX20860A step-down DC-DC
switching regulator. The MAX20860A provides monitoring of input/output
voltage, output current, and temperature via the PMBus interface using
linear data format. Optional regulator support is available via
CONFIG_SENSORS_MAX20860A_REGULATOR.
hwmon: Use named initializers for platform_device_id arrays
Named initializers are better readable and more robust to changes of the
struct definition. This robustness is relevant for a planned change to
struct platform_device_id replacing .driver_data by an anonymous unit.
While touching these arrays unify usage of commas.
hwmon: (it87) Clamp negative values to zero in set_fan()
set_fan() parses user input with kstrtol() and passes the resulting
value to FAN16_TO_REG() on chips with 16-bit fan support.
Negative fan speeds are not meaningful and should be rejected before
conversion. Worst scenario, one may be able to abuse undefined
behaviour of signed overflow to possibly induce rpm * 2 == 0 in
FAN16_TO_REG(), thus causing a division by zero.
Instead, clamp val < 0 to zero and keep the conversion in its valid
input domain, avoiding unsafe arithmetic in the register conversion
path.
Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.
The board has a similar sensor configuration to the
ROG STRIX B850-I GAMING WIFI, but includes an additional
T-Sensor header. The patch was provided via GitHub [1].
Flaviu Nistor [Fri, 22 May 2026 05:23:52 +0000 (08:23 +0300)]
hwmon: (adt7475) Add explicit header include
Since device_property_read_string() and similar functions defined in
linux/property.h are used in the driver add explicit include for
linux/mod_devicetable.h and linux/property.h rather than having implicit
inclusions.
Removed of_match_ptr() improving non-Device Tree compatibility of the
driver and drop unnecessary __maybe_unused.
Header linux/of.h can't be removed yet since macro is_of_node() is used.
Jan-Henrik Bruhn [Sat, 23 May 2026 13:36:17 +0000 (15:36 +0200)]
hwmon: (lm63) expose PWM frequency and LUT hysteresis as writable
The driver caches the PWM frequency register and the CONFIG_FAN slow-clock
select bit, but never lets userspace pick a different output frequency.
Add a pwm1_freq sysfs attribute that selects the closest SCS + PFR
combination for the requested value in Hz, gated by manual mode like
set_pwm1(). PFR is clamped to 31 so that 2*PFR fits in the chip's 6-bit
PWM register (matching the existing scaling assumption in show_pwm1).
The hardware LUT hysteresis register is shared by all LUT entries, so
the per-point pwm1_auto_pointN_temp_hyst attributes can't be made RW
without N-to-1 cross-attribute side effects. Following the max31760
precedent, expose a single chip-wide pwm1_auto_point_temp_hyst attribute
holding the hysteresis amount in millidegrees; the per-point attributes
stay RO and continue to show the resulting absolute trip-down
temperature for each entry.
This was tested on a Linksys LGS328MPC switch hardware where the fan
would not spin with the default PWM Frequency, which is why this change
is required.
The driver seeds the chip's SET_RTC register once at probe with
ktime_get_real_seconds(). Over a long uptime the chip's internal
seconds counter drifts away from the host's wall-clock time, so the
timestamp embedded in each blackbox record stops being meaningful
in wall-clock terms. The datasheet recommends that the host
periodically resynchronise the counter to address this; today the
driver has no userspace-facing knob for that.
Expose SET_RTC via an rtc debugfs file alongside the other adm1266
debugfs entries:
read -- returns the chip's current SET_RTC seconds counter, so
userspace can observe how far the chip has drifted from
host wall-clock without writing anything.
write -- the kernel re-reads ktime_get_real_seconds() itself and
pushes it to the chip. The write payload is ignored;
userspace does not get to supply its own timestamp
value, so there is no way for it to push a wrong time
into the chip.
A small userspace agent (chrony hook, systemd-timesyncd dispatch
script, or a periodic cron job) can write to this file to keep the
chip's counter aligned with wall-clock across long uptimes.
Both the read and write paths take pmbus_lock to serialise against
the pmbus_core's own PAGE+register sequences and against the other
adm1266 debugfs accessors that already run under the same lock.
While at it, drop the now-redundant adm1266_set_rtc() probe-time
helper. The new adm1266_rtc_set() callback does exactly the same
byte-packing and write; probe just calls adm1266_rtc_set(client, 0)
(the ignored @val argument) after pmbus_do_probe() so the
pmbus_lock acquired by the new helper has a live mutex to take.
The ADM1266 maintains a 16-bit non-volatile POWERUP_COUNTER register
(0xE4, datasheet Rev. D, Table 93) that increments on every power
cycle and cannot be reset by the host. Each blackbox record already
embeds the counter at record time, so the standalone live value is
primarily useful for matching a captured record back to the boot it
came from when correlating logs.
Expose it as a read-only debugfs file alongside sequencer_state. The
block-read returns two payload bytes in little-endian order.
Take pmbus_lock around the block-read so the access serialises with
any pmbus_core sequence that sets PAGE on the device. Without it, a
PAGE write from another thread could interleave between a PAGE set
and a paged read elsewhere in the driver and corrupt either side's
view of the device state machine.
The ADM1266 blackbox can be configured in two recording modes via
BLACKBOX_CONFIG[0]: cyclic, where the device overwrites the oldest
record once the 32-record buffer fills, and single, where it stops
recording until the buffer is cleared. Deployments that need to
preserve the full record history across multiple fault episodes
typically run in single mode and need a way to clear the buffer
after the records have been collected.
Expose a write-only debugfs file alongside sequencer_state. Writing
any data to it issues the documented clear-blackbox sub-command:
a 2-byte block-write to READ_BLACKBOX (0xDE) with payload
{0xFE, 0x00} (datasheet Rev. D).
The clear is taken under pmbus_lock because READ_BLACKBOX is also
used by adm1266_nvmem_read_blackbox() to walk records one at a
time; both paths run under pmbus_lock so the clear cannot
interleave mid-iteration and corrupt the read sequence.
The delayed polling work rearms itself from the work function, so use
explicit delayed-work setup and cleanup instead of
devm_delayed_work_autocancel().
Initialize the delayed work with INIT_DELAYED_WORK() and register a
devres cleanup action that calls disable_delayed_work_sync() during
teardown.
This addresses the concern raised during review about the polling work
being able to requeue itself while the driver is being removed.
soc: bcm2835: raspberrypi-firmware: Add voltage domain IDs
Add Raspberry Pi firmware voltage domain identifiers for the mailbox
property interface.
Also add the voltage request structure used with
RPI_FIRMWARE_GET_VOLTAGE so firmware clients can share the common API
definition from the firmware header.
Flaviu Nistor [Mon, 18 May 2026 07:23:37 +0000 (10:23 +0300)]
hwmon: (lm75) Add explicit header include
Since device_property_read_string() is used in the probe function add
explicit include for linux/mod_devicetable.h and linux/property.h rather
than having implicit inclusions. Header linux/of.h can be removed and
also of_match_ptr() improving non-Device Tree compatibility of the driver.
Remove __maybe_unuse because it is not needed anymore.
- Remove broken Intel wiki link; add Intel SDM download page link
- Fix description of tempX_max to clarify it is not Core2-only
- Correct tempX_label string for package temperature (changed in commit 2bc0e6d07ee5 ("hwmon: (coretemp) rearrange tjmax handing code"))
Hassan Maazu [Sat, 16 May 2026 22:09:26 +0000 (22:09 +0000)]
Documentation: hwmon: fix typo in heading for max31730
Generated heading & link to driver doc for max31730 wrongly named
max31790 under hwmon docs. This patch fixes typo so link to max31730
is easily identifiable without confusion with max31790.
The Murata D1U74T-W series are hot-pluggable 1U AC/DC front-end
power supplies in the Intel CRPS-185 / OCP M-CRPS form factor.
Each variant delivers a 12 V main output plus a 12 V standby output
from a wide AC input (90-264 Vac) or HVDC supply, and includes an
internal variable-speed cooling fan and on-board voltage, current,
power, fan-speed, and temperature telemetry.
The host-side digital interface is a PMBus 1.2 port on I2C. The
PSU's other electrical signals (status, alert, current-share) live
on the CRPS edge connector and are consumed by the chassis
controller rather than the host SoC, so there are no host-described
supplies, GPIOs, clocks, or interrupts. Add the compatible to
trivial-devices.yaml rather than carrying a standalone binding file.
Roman Bakshansky [Sat, 16 May 2026 11:42:52 +0000 (14:42 +0300)]
hwmon: (coretemp) replace hardcoded core count with dynamic value
The hardcoded maximum of 512 cores per package was first defined by commit 34cf8c657cf0 ("hwmon: (coretemp) Enlarge per package core count limit")
and later kept as a fallback with a TODO in commit 1a793caf6f69 ("hwmon:
(coretemp) Use dynamic allocated memory for core temp_data") because the
actual per-package core count was not reliably available at the time.
Now that topology_num_cores_per_package() is stable and suitable for use,
it's time to complete the TODO and allocate only the needed amount of
memory for core_data.
The adt7411 driver exposes additional standard hwmon attributes beyond
the ones currently listed in Documentation/hwmon/adt7411.rst.
Document voltage min/max/alarm attributes, temperature min/max and
min_alarm/max_alarm attributes, and the temp2_fault attribute for the
external temperature channel.
Also update the documentation to clarify that analog inputs in1 and in2
are not available when the external temperature sensor is enabled, and
remove the outdated statement claiming that external temperature support
and limit registers are unsupported.
The ADM1266 reports its firmware revision via the IC_DEVICE_REV
manufacturer-specific block-read command (0xAE, datasheet Rev. D
Table 80). The first three returned bytes are the firmware
major.minor.patch fields. This is useful when correlating field
behaviour against ADI release notes; expose it through debugfs
alongside the existing sequencer_state entry.
The standard PMBus MFR_REVISION (0x9B) register is already exposed
by pmbus_core's debugfs auto-create path and reports the
manufacturer revision, which is a separate thing from the firmware
running on the device.
Ronan Dalton [Thu, 14 May 2026 00:34:04 +0000 (12:34 +1200)]
hwmon: (nct7802) Add time step attributes for tweaking responsiveness
The nct7802 chip exposes two registers that allow setting the time
interval between successive duty increases or decreases in Smart Fan
mode. The units are intervals of 0.1 second. The default value at power
on is 10, so 1 second.
Add sysfs attributes for step_up_time and step_down_time to allow
controlling the responsiveness of the fan speed. Values are represented
as milliseconds to the user. When set, the value is clamped to the valid
range of 100 to 25500 (0.1 to 25.5 seconds), and rounded to the nearest
multiple of 100.
hwmon: Use named initializers for arrays of i2c_device_data
While being less compact, using named initializers allows to more easily
see which members of the structs are assigned which value without having
to lookup the declaration of the struct. And it's also more robust
against changes to the struct definition.
The mentioned robustness is relevant for a planned change to struct
i2c_device_id that replaces .driver_data by an anonymous union.
While touching all these arrays, unify indention and usage of commas.
This patch doesn't modify the compiled arrays, only their representation
in source form benefits. The former was confirmed with x86 and arm64
builds.
Flaviu Nistor [Sun, 10 May 2026 09:25:43 +0000 (12:25 +0300)]
hwmon: (tmp102) Use device_property_read_string API
Replace of_property_read_string() with the preferded
device_property_read_string() in the probe function to
read the device label property, improving the driver
compatibility since this method is not limited to
Device Tree only.
Also drop the now unnecessary __maybe_unused from tmp102_of_match.
Add hwmon driver for the ARCTIC Fan Controller, a USB HID device
(VID 0x3904, PID 0xF001) with 10 fan channels. Exposes fan speed in
RPM (read-only) and PWM duty cycle (0-255, read/write) via sysfs.
The device pushes IN reports at ~1 Hz containing RPM readings. PWM is
set via OUT reports; the device applies the new duty cycle and sends
back a 2-byte ACK (Report ID 0x02). The driver waits up to 1 s for
the ACK using a completion. Measured device latency: max ~563 ms over
500 iterations. PWM control is manual-only: the device never changes
duty cycle autonomously.
raw_event() may run in hardirq context, so fan_rpm[] is protected by
a spinlock with irq-save. pwm_duty[] is also protected by this spinlock
because reset_resume() clears it outside the hwmon core lock. The OUT
report buffer is built and write_pending is armed under the same lock so
that no reset_resume() can race with the pwm_duty[] snapshot. priv->buf
is exclusively accessed by write(), which the hwmon core serializes.
Add support for MAX20830 step-down DC-DC switching regulator with
PMBus interface. It allows monitoring of input/output voltage,
output current and temperature through the PMBus serial interface.
LM75 devices supported by this driver support configurable active-high
alert polarity. This is already documented in the devicetree description.
Add support for it to the driver.
Follow documentation and defensively enforce active-low if property is
not set. This avoids possible inconsistencies for future devices with
wrong parametrization. No API breakage as all current devices have
their parameters set to active-low.
The LM75 alert pin is asserted based on the value of alert polarity bit
of the configuration register. The device/driver default is 0 which means
alert pin is configured to be active-low. A value of 1 maps to inverted
(active-high).
Add an optional boolean property "ti,alert-polarity-active-high" to
override the alert pin polarity. When absent, the default active-low
polarity is kept.
hwmon: Move MODULE_DEVICE_TABLE next to the table itself
By convention MODULE_DEVICE_TABLE() immediately follows the ID table it
exports, because this is easier to read and verify. It also makes more
sense since #ifdef for ACPI or OF could hide both of them.
Most of the privers already have this correctly placed, so adjust
the missing ones. No functional impact.
Tabrez Ahmed [Sat, 2 May 2026 02:08:44 +0000 (07:38 +0530)]
hwmon: (ads7871) Use DMA-safe buffer for SPI writes
The driver currently passes a stack-allocated buffer to spi_write(),
which is incompatible with DMA on systems with CONFIG_VMAP_STACK
enabled.
Move the transfer buffer into the driver's private data structure
to ensure it is DMA-safe. Since this shared buffer now requires
serialization, this change depends on the previous commit which
migrated the driver to the hwmon 'with_info' API.
While moving the logic, also:
- Corrected the sign extension for 14-bit data by casting to s16.
- Scaled the output to millivolts (2500mV full scale
) to comply with the hwmon ABI.
Tabrez Ahmed [Sat, 2 May 2026 02:08:43 +0000 (07:38 +0530)]
hwmon: (ads7871) Convert to hwmon_device_register_with_info
Convert the ads7871 driver from the legacy hwmon_device_register() to the
modern hwmon_device_register_with_info() API. This migration simplifies
the driver by using the structured hwmon_channel_info approach and
prepares the codebase for the transition to a shared DMA-safe buffer.
While at it, fix checkpatch violations.
hwmon: emc2305: Support configurable fan PWM at shutdown
Some systems require fans to enter in a defined safe state during system
shutdown or reboot handoff.
Add support for the optional Device Tree property "fan-shutdown-percent"
to configure the shutdown PWM duty cycle per fan output.
If the property is present for a fan channel, the driver converts the
configured percentage value to the corresponding PWM duty cycle and
applies it during driver shutdown.
If the property is not present, the fan state remains unchanged.
The EMC2305 fan controller supports multiple independent PWM fan
outputs. Some systems require fans to enter a defined safe state
during system shutdown or reboot handoff, until firmware or the next
boot stage reconfigures the controller.
Add an optional "fan-shutdown-percent" property to fan child nodes
allowing the PWM duty cycle applied during shutdown to be configured
per fan output.
The fan channel index is used to access per-channel data structures.
Validate the index against the number of available channels
before use to prevent out-of-bounds access if an invalid
value is provided.
The thermal registration path currently uses a sequential child index,
which may not match the validated channel from DT. Use the DT "reg"
property when registering cooling devices to ensure consistent
channel handling
Linus Torvalds [Tue, 9 Jun 2026 15:19:48 +0000 (08:19 -0700)]
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Pull rdma fixes from Jason Gunthorpe:
"Several significant bug fixes of pre-existing issues:
- Missing validation on ucap fd types passed from userspace
- Missing validation of HW DMA space vs userpace expected sizes in
EFA queue setup
- DMA corruption when using DMA block sizes >= 4G when setting up MRs
in all drivers
- Missing validation of CPU IDs when setting up dma handles
- Missing validation of IB_MR_REREG_ACCESS when changing writability
of a MR
- Missing validation of received message/packet size in ISER and SRP"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
RDMA/srp: bound SRP_RSP sense copy by the received length
IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN
RDMA: During rereg_mr ensure that REREG_ACCESS is compatible
RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc
RDMA/umem: Fix truncation for block sizes >= 4G
RDMA/efa: Validate SQ ring size against max LLQ size
RDMA/core: Validate the passed in fops for ib_get_ucaps()
Jeff Layton [Thu, 29 Jan 2026 21:47:43 +0000 (16:47 -0500)]
vfs: add FS_USERNS_DELEGATABLE flag and set it for NFS
Commit e1c5ae59c0f2 ("fs: don't allow non-init s_user_ns for filesystems
without FS_USERNS_MOUNT") prevents the mount of any filesystem inside a
container that doesn't have FS_USERNS_MOUNT set.
This broke NFS mounts in our containerized environment. We have a daemon
somewhat like systemd-mountfsd running in the init_ns. A process does a
fsopen() inside the container and passes it to the daemon via unix
socket.
The daemon then vets that the request is for an allowed NFS server and
performs the mount. This now fails because the fc->user_ns is set to the
value in the container and NFS doesn't set FS_USERNS_MOUNT. We don't
want to add FS_USERNS_MOUNT to NFS since that would allow the container
to mount any NFS server (even malicious ones).
Add a new FS_USERNS_DELEGATABLE flag, and enable it on NFS.
Fixes: e1c5ae59c0f2 ("fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT") Signed-off-by: Jeff Layton <jlayton@kernel.org> Link: https://patch.msgid.link/20260129-twmount-v1-1-4874ed2a15c4@kernel.org Acked-by: Anna Schumaker <anna.schumaker@oracle.com> Reviewed-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@futurfusion.io> Reviewed-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Christian Brauner (Amutable) <brauner@kernel.org>
Thomas Weißschuh [Thu, 21 May 2026 06:53:23 +0000 (08:53 +0200)]
MIPS: VDSO: Fold MIPS_CLOCK_VSYSCALL into MIPS_GENERIC_GETTIMEOFDAY
This configuration option exists so "that we don't provide the symbol
when there's no possibility of there being a usable clocksource".
However it only covers __vdso_gettimeofday() and none of the other vDSO
functions which should be affected by the same circumstances.slightly slightly.
Remove MIPS_CLOCK_VSYSCALL and fold its usecase into
MIPS_GENERIC_GETTIMEOFDAY, which works correctly.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de> Signed-off-by: Thomas Gleixner <tglx@kernel.org> Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Cc: Daniel Lezcano <daniel.lezcano@kernel.org> Cc: Thomas Gleixner <tglx@kernel.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: linux-mips@vger.kernel.org Link: https://patch.msgid.link/20260521-vdso-mips-kconfig-v1-9-2f79dcd6c78f@linutronix.de
Thomas Weißschuh [Thu, 21 May 2026 06:53:21 +0000 (08:53 +0200)]
MIPS: VDSO: Fold MIPS_DISABLE_VDSO into MIPS_GENERIC_GETTIMEOFDAY
The currently used MIPS_DISABLE_VDSO will disable only the userspace
bits of the time-related vDSO. The kernel part is still pointlessly
built and running.
Remove MIPS_DISABLE_VDSO and fold its usecase into
MIPS_GENERIC_GETTIMEOFDAY, which works correctly.
Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de> Signed-off-by: Thomas Gleixner <tglx@kernel.org> Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Cc: Daniel Lezcano <daniel.lezcano@kernel.org> Cc: Thomas Gleixner <tglx@kernel.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Vincenzo Frascino <vincenzo.frascino@arm.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: linux-mips@vger.kernel.org Link: https://patch.msgid.link/20260521-vdso-mips-kconfig-v1-7-2f79dcd6c78f@linutronix.de
Arnd Bergmann [Tue, 9 Jun 2026 15:00:43 +0000 (17:00 +0200)]
Merge tag 'cache-for-v7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/conor/linux into soc/drivers
standalone cache drivers for v7.2
SiFive ccache:
Add the Starfive JH7110 to the list of devices that need the
non-standard cache ops, because the GPU appears to be DMA non-coherent
unlike other peripherals.
Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
* tag 'cache-for-v7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/conor/linux:
cache: sifive_ccache: Add StarFive JH7110 SoC support
Sumit Gupta [Wed, 27 May 2026 14:01:27 +0000 (19:31 +0530)]
memory: tegra234: drop dead NULL check in tegra234_mc_icc_aggregate()
In tegra234_mc_icc_aggregate(), the 'if (mc)' check inside the
CPU-cluster branch is always true. 'mc' was already dereferenced
via 'mc->bwmgr_mrq_supported' a few lines above, so if it were NULL
the function would have faulted there. Drop the redundant check.
Reported-by: Jon Hunter <jonathanh@nvidia.com> Signed-off-by: Sumit Gupta <sumitg@nvidia.com> Reviewed-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Jon Hunter <jonathanh@nvidia.com> Link: https://patch.msgid.link/20260527140127.49172-4-sumitg@nvidia.com Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Sumit Gupta [Wed, 27 May 2026 14:01:26 +0000 (19:31 +0530)]
memory: tegra264: drop redundant tegra264_mc_icc_aggregate()
tegra264_mc_icc_aggregate() does nothing on top of icc_std_aggregate
except an early return on !mc->bwmgr_mrq_supported.
tegra264_mc_icc_set() already returns early on the same condition,
before reading any of the aggregated avg_bw / peak_bw values. This
makes the early return in aggregate() redundant. So, set
tegra264_mc_icc_ops.aggregate to icc_std_aggregate and drop the
helper.
Reported-by: Jon Hunter <jonathanh@nvidia.com> Signed-off-by: Sumit Gupta <sumitg@nvidia.com> Reviewed-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Jon Hunter <jonathanh@nvidia.com> Link: https://patch.msgid.link/20260527140127.49172-3-sumitg@nvidia.com Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Sumit Gupta [Wed, 27 May 2026 14:01:25 +0000 (19:31 +0530)]
memory: tegra186-emc: stop borrowing MC aggregate hook for EMC
tegra186_emc_interconnect_init() copies the MC's ICC aggregate hook
into the EMC provider. That hook (tegra234_mc_icc_aggregate /
tegra264_mc_icc_aggregate) uses container_of() to recover 'mc',
which is only valid when the icc_provider is embedded in struct
tegra_mc. For an EMC node the provider is embedded in struct
tegra186_emc, so 'mc' points into unrelated memory.
This stayed harmless until commit faafd6ca7e6e ("memory: tegra:
make icc_set_bw return zero if BWMGR not supported") added an
unconditional read of mc->bwmgr_mrq_supported at the top of the
hook. UBSAN catches the stray load on every EMC aggregation:
UBSAN: invalid-load in drivers/memory/tegra/tegra234.c:1104:9
load of value 112 is not a valid value for type '_Bool'
No functional impact in practice, since the hook's only other mc
dereference (mc->num_channels) sits inside a
TEGRA_ICC_MC_CPU_CLUSTER* branch that EMC nodes never enter.
Fix this by setting the EMC provider's aggregate hook to
icc_std_aggregate, instead of borrowing the MC's hook. The MC
providers continue using their own aggregate hooks, where
container_of() correctly resolves to struct tegra_mc.
Reported-by: Jon Hunter <jonathanh@nvidia.com> Fixes: 9a38cb27668e ("memory: tegra: Add interconnect support for DRAM scaling in Tegra234") Signed-off-by: Sumit Gupta <sumitg@nvidia.com> Reviewed-by: Jon Hunter <jonathanh@nvidia.com> Tested-by: Jon Hunter <jonathanh@nvidia.com> Link: https://patch.msgid.link/20260527140127.49172-2-sumitg@nvidia.com Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Paul Moses [Tue, 9 Jun 2026 10:08:54 +0000 (05:08 -0500)]
selftests/bpf: Add BTF repeated field count overflow test
Add a raw BTF test that exercises repeated special-field expansion with a
large array count. The compact element layout keeps the array byte size
representable while the repeated field count overflows the old u32 capacity
calculation in btf_repeat_fields().
Arnd Bergmann [Tue, 9 Jun 2026 14:59:20 +0000 (16:59 +0200)]
Merge tag 'ti-driver-soc-for-v7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/ti/linux into soc/drivers
TI SoC driver updates for v7.2
TI K3 TISCI:
- ti_sci: Add BOARDCFG_MANAGED mode for support system suspend/resume cycles
- ti_sci: Add support for restoring IRQ and clock contexts during resume.
- clk: keystone: sci-clk: Add clock restoration support.
SoC Drivers:
- k3-socinfo: Add support for identifying AM62P silicon variants via NVMEM,
along with corresponding dt-bindings update for nvmem-cells support
- k3-ringacc: Fix incorrect access mode for ring pop tail IO/proxy operations
Keystone Navigator (knav) Cleanup and Fixes:
- knav_qmss: Multiple code quality improvements
- knav_qmss_queue: Implement proper resource cleanup in the remove() path
General Cleanups:
- k3-ringacc: Use str_enabled_disabled() helper for consistency
- knav_qmss: Use %pe format specifier for PTR_ERR() printing
* tag 'ti-driver-soc-for-v7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/ti/linux:
firmware: ti_sci: Add support for restoring clock context during resume
clk: keystone: sci-clk: Add restore_context() operation
firmware: ti_sci: Add support for restoring IRQs during resume
firmware: ti_sci: Add BOARDCFG_MANAGED mode support
soc: ti: k3-ringacc: Use str_enabled_disabled() helper
soc: ti: knav_dma: Use IOMEM_ERR_PTR() in pktdma_get_regs()
soc: ti: knav_dma: Remove dead check on unsigned args.args[0]
soc: ti: knav_dma: Remove unused DMA_PRIO_MASK macro
soc: ti: knav_qmss_acc: Fix kernel-doc Return: tag
soc: ti: knav_qmss: Fix __iomem annotations and __be32 type
soc: ti: knav_qmss: Use %pe to print PTR_ERR()
soc: ti: knav_qmss: Fix kernel-doc Return: tags
soc: ti: knav_qmss: Inline lockdep condition in for_each_handle_rcu
soc: ti: knav_qmss: Rename global kdev to knav_qdev to fix -Wshadow
soc: ti: knav_qmss: Remove remaining redundant ENOMEM printks
soc: ti: knav_qmss_queue: Implement resource cleanup in remove()
soc: ti: k3-ringacc: Fix access mode for k3_ringacc_ring_pop_tail_io/proxy
soc: ti: knav_dma: fix all kernel-doc warnings in knav_dma.h
soc: ti: k3-socinfo: Add support for AM62P variants via NVMEM
dt-bindings: hwinfo: ti,k3-socinfo: Add nvmem-cells support
Arnd Bergmann [Tue, 9 Jun 2026 14:57:55 +0000 (16:57 +0200)]
Merge tag 'arm-soc/for-7.2/drivers' of https://github.com/Broadcom/stblinux into soc/drivers
This pull request contains Broadcom SoC drivers changes for 7.2, please
pull the following:
- Justin changes the soc_device driver to be more modern and consolidate
the initialization
- Chen-Yu updates the BCM2835 firmware Kconfig dependency and adds
COMPILE_TEST
* tag 'arm-soc/for-7.2/drivers' of https://github.com/Broadcom/stblinux:
firmware: raspberrypi: Change dependency to ARCH_BCM2835 and COMPILE_TEST
soc: brcmstb: consolidate initcall functions
Arnd Bergmann [Tue, 9 Jun 2026 14:53:10 +0000 (16:53 +0200)]
Merge tag 'memory-controller-drv-7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux-mem-ctrl into soc/drivers
Memory controller drivers for v7.2
1. Tegra MC/EMC:
- Handle system sleep, necessary to re-program registers after system
resume. A few more improvements.
- Add Tegra114 and Tegra238 Memory Controller, and Tegra114 External
MC support.
- Grow Tegra264 support.
2. Renesas XSPI: Document RZ/T2H and RZ/N2H variants, compatible with
existing devices.
* tag 'memory-controller-drv-7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux-mem-ctrl:
memory: tegra264: Add full set of MC clients
dt-bindings: memory: tegra264: Add full set of MC client IDs
memory: tegra264: Skip clients without bpmp_id or type
memory: renesas-rpc-if: Fix duplicate device name on multi-instance platforms
dt-bindings: memory: renesas,rzg3e-xspi: Add RZ/T2H and RZ/N2H support
memory: omap-gpmc: Silence W=1 kerneldoc warnings
memory: tegra114-emc: Simplify tegra114_emc_interconnect_init() error message
memory: tegra114-emc: Do not print error on icc_node_create() failure
memory: tegra: Fix possible null pointer dereference
memory: tegra: Add Tegra114 EMC driver
memory: tegra: Implement EMEM regs and ICC ops for Tegra114
dt-bindings: memory: Document Tegra114 External Memory Controller
dt-bindings: memory: Document Tegra114 Memory Controller
memory: tegra: Add Tegra238 MC support
dt-bindings: memory: tegra: Add nvidia,tegra238-mc compatible
memory: tegra: Restore MC interrupt masks on resume
memory: tegra: Wire up system sleep PM ops
memory: tegra: Make ->resume() callback return void
memory: tegra: Deduplicate rate request management code
memory: atmel-ebi: Allow deferred probing
Arnd Bergmann [Tue, 9 Jun 2026 14:51:22 +0000 (16:51 +0200)]
Merge tag 'samsung-drivers-7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux into soc/drivers
Samsung SoC drivers for v7.2
Improve Samsung Exynos (and Google GS101) ACPM (Alive Clock and Power
Manager) firmware driver:
1. Few code improvements.
2. Add support for protocol used to communicate with Thermal Management
Unit (TMU). This will allow to implement the thermal driver working
for newer Samsung Exynos and Google GS101 SoCs.
* tag 'samsung-drivers-7.2' of https://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux:
firmware: samsung: acpm: remove compile-testing stubs
firmware: samsung: acpm: Add devm_acpm_get_by_phandle helper
firmware: samsung: acpm: Add TMU protocol support
firmware: samsung: acpm: Make acpm_ops const and access via pointer
firmware: samsung: acpm: Drop redundant _ops suffix in acpm_ops members
firmware: samsung: acpm: Annotate rx_data->cmd with __counted_by_ptr
firmware: samsung: acpm: Consolidate transfer initialization helper
firmware: samsung: acpm: Fix infinite loop on sequence number exhaustion
firmware: samsung: acpm: Fix missing LKMM barriers in sequence allocator
firmware: samsung: acpm: Fix false timeouts and Use-After-Free in polling
firmware: samsung: acpm: Fix mailbox channel leak on probe error
firmware: samsung: acpm: Fix cross-thread RX length corruption
Arnd Bergmann [Tue, 9 Jun 2026 14:22:50 +0000 (16:22 +0200)]
Merge tag 'tegra-for-7.2-firmware' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux into soc/drivers
firmware: tegra: Changes for v7.2-rc1
This set of changes contains another attempt at resolving a Kconfig
dependency, propagates debugfs error codes and adds support for multiple
sockets to the BPMP driver.
* tag 'tegra-for-7.2-firmware' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux:
firmware: tegra: bpmp: Add support for multi-socket platforms
firmware: tegra: bpmp: Propagate debugfs errors
firmware: tegra: Make TEGRA_IVC a hidden Kconfig symbol
Arnd Bergmann [Tue, 9 Jun 2026 14:20:55 +0000 (16:20 +0200)]
Merge tag 'tegra-for-7.2-pmc' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux into soc/drivers
soc/tegra: pmc: Changes for v7.2-rc1
The bulk of these changes converts existing users to the modern variants
of the API that take a PMC instance as argument. This completes the
transition to multi-instance support, which then makes room for cleanups
and restricting the remaining legacy APIs to 32-bit platforms.
Some changes in this set also clean up powergate debugfs and restrict
the power-off handler to be installed only where appropriate. Lastly,
support for Tegra238 is added.
* tag 'tegra-for-7.2-pmc' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux:
soc/tegra: pmc: Add Tegra238 support
soc/tegra: pmc: Restrict power-off handler to Nexus 7
soc/tegra: pmc: Populate powergate debugfs only when needed
soc/tegra: pmc: Move legacy code behind CONFIG_ARM guard
soc/tegra: pmc: Remove unused legacy functions
soc/tegra: pmc: Create PMC context dynamically
usb: xhci: tegra: Explicitly specify PMC instance to use
PCI: tegra: Explicitly specify PMC instance to use
media: vde: Explicitly specify PMC instance to use
drm/tegra: Explicitly specify PMC instance to use
drm/nouveau: tegra: Explicitly specify PMC instance to use
ata: ahci_tegra: Explicitly specify PMC instance to use
projects / thirdparty / kernel / stable.git / log
