--- /dev/null
+From 37c3a91e9730e274fe2eca9703033ae0f154cb62 Mon Sep 17 00:00:00 2001
+From: Stanimir Varbanov <svarbanov@suse.de>
+Date: Fri, 31 Oct 2025 20:33:09 +0200
+Subject: arm64: dts: broadcom: bcm2712: Add watchdog DT node
+
+From: Stanimir Varbanov <svarbanov@suse.de>
+
+commit 37c3a91e9730e274fe2eca9703033ae0f154cb62 upstream.
+
+Add watchdog device-tree node for bcm2712 SoC.
+
+Signed-off-by: Stanimir Varbanov <svarbanov@suse.de>
+Link: https://lore.kernel.org/r/20251031183309.1163384-5-svarbanov@suse.de
+Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/boot/dts/broadcom/bcm2712.dtsi | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/arch/arm64/boot/dts/broadcom/bcm2712.dtsi
++++ b/arch/arm64/boot/dts/broadcom/bcm2712.dtsi
+@@ -250,6 +250,15 @@
+ status = "disabled";
+ };
+
++ pm: watchdog@7d200000 {
++ compatible = "brcm,bcm2712-pm", "brcm,bcm2835-pm-wdt";
++ reg = <0x7d200000 0x604>;
++ reg-names = "pm";
++ #power-domain-cells = <1>;
++ #reset-cells = <1>;
++ system-power-controller;
++ };
++
+ pinctrl: pinctrl@7d504100 {
+ compatible = "brcm,bcm2712c0-pinctrl";
+ reg = <0x7d504100 0x30>;
--- /dev/null
+From 34194cb385033656d347ebe45c241e4739a58125 Mon Sep 17 00:00:00 2001
+From: Stanimir Varbanov <svarbanov@suse.de>
+Date: Fri, 31 Oct 2025 20:33:07 +0200
+Subject: dt-bindings: soc: bcm: Add bcm2712 compatible
+
+From: Stanimir Varbanov <svarbanov@suse.de>
+
+commit 34194cb385033656d347ebe45c241e4739a58125 upstream.
+
+Add bcm2712-pm compatible and update the bindings to satisfy it's
+requirements. The PM hardware block inside bcm2712 lacks the "asb"
+and "rpivid_asb" register ranges and also does not have clocks, update
+the bindings accordingly.
+
+Signed-off-by: Stanimir Varbanov <svarbanov@suse.de>
+Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
+Acked-by: Conor Dooley <conor.dooley@microchip.com>
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Documentation/devicetree/bindings/soc/bcm/brcm,bcm2835-pm.yaml | 38 ++++++++--
+ 1 file changed, 32 insertions(+), 6 deletions(-)
+
+--- a/Documentation/devicetree/bindings/soc/bcm/brcm,bcm2835-pm.yaml
++++ b/Documentation/devicetree/bindings/soc/bcm/brcm,bcm2835-pm.yaml
+@@ -13,23 +13,21 @@ description: |
+ maintainers:
+ - Nicolas Saenz Julienne <nsaenz@kernel.org>
+
+-allOf:
+- - $ref: /schemas/watchdog/watchdog.yaml#
+-
+ properties:
+ compatible:
+ items:
+ - enum:
+ - brcm,bcm2835-pm
+ - brcm,bcm2711-pm
++ - brcm,bcm2712-pm
+ - const: brcm,bcm2835-pm-wdt
+
+ reg:
+- minItems: 2
++ minItems: 1
+ maxItems: 3
+
+ reg-names:
+- minItems: 2
++ minItems: 1
+ items:
+ - const: pm
+ - const: asb
+@@ -62,7 +60,35 @@ required:
+ - reg
+ - "#power-domain-cells"
+ - "#reset-cells"
+- - clocks
++
++allOf:
++ - $ref: /schemas/watchdog/watchdog.yaml#
++
++ - if:
++ properties:
++ compatible:
++ contains:
++ enum:
++ - brcm,bcm2835-pm
++ - brcm,bcm2711-pm
++ then:
++ required:
++ - clocks
++
++ properties:
++ reg:
++ minItems: 2
++
++ reg-names:
++ minItems: 2
++
++ else:
++ properties:
++ reg:
++ maxItems: 1
++
++ reg-names:
++ maxItems: 1
+
+ additionalProperties: false
+
--- /dev/null
+From 30ed024fb0768e9353f21d1d9e6960b7028acdfa Mon Sep 17 00:00:00 2001
+From: Stanimir Varbanov <svarbanov@suse.de>
+Date: Wed, 17 Sep 2025 09:32:32 +0300
+Subject: mfd: bcm2835-pm: Add support for BCM2712
+
+From: Stanimir Varbanov <svarbanov@suse.de>
+
+commit 30ed024fb0768e9353f21d1d9e6960b7028acdfa upstream.
+
+The BCM2712 SoC has PM block but lacks the "asb" and "rpivid_asb"
+register spaces, and doesn't need clock(s). Add a compatible
+string for bcm2712 to allow probe of bcm2835-wdt and
+bcm2835-power drivers.
+
+Signed-off-by: Stanimir Varbanov <svarbanov@suse.de>
+Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
+Link: https://patch.msgid.link/20250917063233.1270-4-svarbanov@suse.de
+Signed-off-by: Lee Jones <lee@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mfd/bcm2835-pm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/mfd/bcm2835-pm.c
++++ b/drivers/mfd/bcm2835-pm.c
+@@ -108,6 +108,7 @@ static const struct of_device_id bcm2835
+ { .compatible = "brcm,bcm2835-pm-wdt", },
+ { .compatible = "brcm,bcm2835-pm", },
+ { .compatible = "brcm,bcm2711-pm", },
++ { .compatible = "brcm,bcm2712-pm", },
+ {},
+ };
+ MODULE_DEVICE_TABLE(of, bcm2835_pm_of_match);
bridge-mrp-reject-zero-test-interval-to-avoid-oom-pa.patch
spi-spi-dw-dma-fix-print-error-log-when-wait-finish-.patch
ksmbd-close-durable-scavenger-races-against-m_fp_lis.patch
+smb-client-reject-userspace-cifs.spnego-descriptions.patch
+dt-bindings-soc-bcm-add-bcm2712-compatible.patch
+arm64-dts-broadcom-bcm2712-add-watchdog-dt-node.patch
+mfd-bcm2835-pm-add-support-for-bcm2712.patch
--- /dev/null
+From 3da1fdf4efbc490041eb4f836bf596201203f8f2 Mon Sep 17 00:00:00 2001
+From: Asim Viladi Oglu Manizada <manizada@pm.me>
+Date: Sat, 16 May 2026 21:15:39 +0000
+Subject: smb: client: reject userspace cifs.spnego descriptions
+
+From: Asim Viladi Oglu Manizada <manizada@pm.me>
+
+commit 3da1fdf4efbc490041eb4f836bf596201203f8f2 upstream.
+
+cifs.spnego key descriptions contain authority-bearing fields such as
+pid, uid, creduid, and upcall_target that cifs.upcall treats as
+kernel-originating inputs. However, userspace can also create keys of
+this type through request_key(2) or add_key(2), allowing those fields to
+be supplied without CIFS origin.
+
+Only accept cifs.spnego descriptions while CIFS is using its private
+spnego_cred to request the key.
+
+Fixes: f1d662a7d5e5 ("[CIFS] Add upcall files for cifs to use spnego/kerberos")
+Assisted-by: avom-custom-harness:gpt-5.5-qwen3.6-mod-mix
+Reviewed-by: David Howells <dhowells@redhat.com>
+Signed-off-by: Asim Viladi Oglu Manizada <manizada@pm.me>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/client/cifs_spnego.c | 16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+--- a/fs/smb/client/cifs_spnego.c
++++ b/fs/smb/client/cifs_spnego.c
+@@ -8,6 +8,7 @@
+ */
+
+ #include <linux/list.h>
++#include <linux/cred.h>
+ #include <linux/slab.h>
+ #include <linux/string.h>
+ #include <keys/user-type.h>
+@@ -40,12 +41,27 @@ cifs_spnego_key_destroy(struct key *key)
+ kfree(key->payload.data[0]);
+ }
+
++static int
++cifs_spnego_key_vet_description(const char *description)
++{
++ /*
++ * cifs.spnego descriptions are authority-bearing inputs to cifs.upcall.
++ * They are only valid when produced by CIFS while using the private
++ * spnego_cred installed below. Do not let userspace create this type
++ * of key through request_key(2)/add_key(2), since the helper treats
++ * pid/uid/creduid/upcall_target as kernel-originating fields.
++ */
++ if (current_cred() != spnego_cred)
++ return -EPERM;
++ return 0;
++}
+
+ /*
+ * keytype for CIFS spnego keys
+ */
+ struct key_type cifs_spnego_key_type = {
+ .name = "cifs.spnego",
++ .vet_description = cifs_spnego_key_vet_description,
+ .instantiate = cifs_spnego_key_instantiate,
+ .destroy = cifs_spnego_key_destroy,
+ .describe = user_describe,
projects / thirdparty / kernel / stable-queue.git / commitdiff
