Sync updates #38
Merged
Sync updates #38
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In sprd_clk_init(), when devm_clk_get() returns -EPROBE_DEFER for either uart or source clock, we should propagate the error instead of just warning and continuing with NULL clocks. Currently the driver only emits a warning when clock acquisition fails and proceeds with NULL clock pointers. This can lead to issues later when the clocks are actually needed. More importantly, when the clock provider is not ready yet and returns -EPROBE_DEFER, we should return this error to allow deferred probing. This change adds explicit checks for -EPROBE_DEFER after both: 1. devm_clk_get(uport->dev, uart) 2. devm_clk_get(uport->dev, source) When -EPROBE_DEFER is encountered, the function now returns -EPROBE_DEFER to let the driver framework retry probing later when the clock dependencies are resolved. Signed-off-by: Wenhua Lin <[email protected]> Link: https://patch.msgid.link/[email protected] Reviewed-by: Cixi Geng <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
The GENI serial driver currently handles power resource management through calls to the statically defined geni_serial_resources_on() and geni_serial_resources_off() functions. This approach reduces modularity and limits support for platforms with diverse power management mechanisms, including resource managed by firmware. Improve modularity and enable better integration with platform-specific power management, introduce support for runtime PM. Use pm_runtime_resume_and_get() and pm_runtime_put_sync() within the qcom_geni_serial_pm() callback to control resource power state transitions based on UART power state changes. Signed-off-by: Praveen Talari <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
The Qualcomm automotive SA8255p SoC relies on firmware to configure platform resources, including clocks, interconnects and TLMM. The driver requests resources operations over SCMI using power and performance protocols. The SCMI power protocol enables or disables resources like clocks, interconnect paths, and TLMM (GPIOs) using runtime PM framework APIs, such as resume/suspend, to control power states(on/off). The SCMI performance protocol manages UART baud rates, with each baud rate represented by a performance level. The driver uses the dev_pm_opp_set_level() API to request the desired baud rate by specifying the performance level. Signed-off-by: Praveen Talari <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
Commit fe7f0fa ("serial: 8250: Support rs485 devicetree properties") retrieves rs485 properties for 8250 drivers. These properties are read from the firmware node of the device within uart_get_rs485_mode(). If the firmware node does not exist, then the rs485 flags are still reset. Thus, 8250 driver cannot set rs485 flags to enable a defined rs485 mode during driver loading. This is no problem so far, as no 8250 driver sets the rs485 flags. The default rs485 mode can also be set by firmware nodes. But for some devices a firmware node does not exist. E.g., for a PCIe based serial interface on x86 no device tree is available and the ACPI information of the BIOS often cannot by modified. In this case it shall be possible, that a driver works out of the box by setting a reasonable default rs485 mode. If no firmware node exists, then it should be possible for the driver to set a reasonable default rs485 mode. Therefore, reset rs485 flags only if a firmware node exists. Signed-off-by: Gerhard Engleder <[email protected]> Cc: Lukas Wunner <[email protected]> Reviewed-by: Lukas Wunner <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
The KEBA UART is found in the system FPGA of KEBA PLC devices. It is mostly 8250 compatible with extension for some UART modes. 3 different variants exist. The simpliest variant supports only RS-232 and is used for debug interfaces. The next variant supports only RS-485 and is used mostly for communication with KEBA panel devices. The third variant is able to support RS-232, RS-485 and RS-422. For this variant not only the mode of the UART is configured, also the physics and transceivers are switched according to the mode. Signed-off-by: Gerhard Engleder <[email protected]> Tested-by: Daniel Gierlinger <[email protected]> Reviewed-by: Lukas Wunner <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
The Loongson family have a mostly NS16550A-compatible UART and High-Speed UART hardware with the exception of custom frequency divider latch settings register. Co-developed-by: Haowei Zheng <[email protected]> Signed-off-by: Haowei Zheng <[email protected]> Acked-by: Conor Dooley <[email protected]> Signed-off-by: Binbin Zhou <[email protected]> Reviewed-by: Huacai Chen <[email protected]> Link: https://patch.msgid.link/2d858e9303d95a3e4909aa9c1379d4abbdc52cc2.1760166651.git.zhoubinbin@loongson.cn Signed-off-by: Greg Kroah-Hartman <[email protected]>
Add the driver for on-chip UART used on Loongson family chips.
The hardware is similar to NS16550A, but there are the following
differences:
- Some chips (such as Loongson-2K2000) have added a fractional division
register to obtain the required baud rate accurately, so the
{get,set}_divisor callback is overridden.
- Due to hardware defects, quirk handling is required for
UART_MCR/UART_MSR.
Co-developed-by: Haowei Zheng <[email protected]>
Signed-off-by: Haowei Zheng <[email protected]>
Signed-off-by: Binbin Zhou <[email protected]>
Reviewed-by: Huacai Chen <[email protected]>
Link: https://patch.msgid.link/2c2a01a276b9250efea0c7aa190efecdfd6fdf5a.1760166651.git.zhoubinbin@loongson.cn
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Add loongson,ls2k*-uart compatible string on uarts. Co-developed-by: Haowei Zheng <[email protected]> Signed-off-by: Haowei Zheng <[email protected]> Signed-off-by: Binbin Zhou <[email protected]> Reviewed-by: Huacai Chen <[email protected]> Link: https://patch.msgid.link/8e0c08459fa5bddefd898648fea28a9f2fde701a.1760166651.git.zhoubinbin@loongson.cn Signed-off-by: Greg Kroah-Hartman <[email protected]>
Drop "uart-has-rtscts: false" from binding as the IP supports hardware flow control on all SoCs. Cc: [email protected] Fixes: 25422e8 ("dt-bindings: serial: Add compatible for Renesas RZ/T2H SoC in sci") Acked-by: Conor Dooley <[email protected]> Reviewed-by: Geert Uytterhoeven <[email protected]> Signed-off-by: Biju Das <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
On RSCI IP, a deadlock occurs during a FIFO overrun error, as it uses a different register to clear the FIFO overrun error status. Cc: [email protected] Fixes: 0666e3f ("serial: sh-sci: Add support for RZ/T2H SCI") Signed-off-by: Biju Das <[email protected]> Reviewed-by: Geert Uytterhoeven <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
The binder_alloc_exhaustive_test kunit test takes over 30s to complete and the kunit framework reports: # binder_alloc_exhaustive_test: Test should be marked slow (runtime: 33.842881934s) Mark the test as suggested to silence the warning. Cc: Tiffany Yang <[email protected]> Signed-off-by: Carlos Llamas <[email protected]> Reviewed-by: Tiffany Yang <[email protected]> Reviewed-by: Alice Ryhl <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
Binder always treats the ioctl argument as a pointer. In this scenario, the idiomatic way to implement compat_ioctl is to use compat_ptr_ioctl. Thus update Rust Binder to do that. Signed-off-by: Alice Ryhl <[email protected]> Acked-by: Carlos Llamas <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
When looking at flamegraphs, there is a pretty large entry for the
function call drop_in_place::<Option<Allocation>> which in turn calls
drop_in_place::<Allocation>. Combined with the looper_need_return
condition, this means that the generated code looks like this:
if let Some(buffer) = buffer {
if buffer.looper_need_return_on_free() {
self.inner.lock().looper_need_return = true;
}
}
drop_in_place::<Option<Allocation>>() { // not inlined
if let Some(buffer) = buffer {
drop_in_place::<Allocation>(buffer);
}
}
This kind of situation where you check X and then check X again is
normally optimized into a single condition, but in this case due to the
non-inlined function call to drop_in_place::<Option<Allocation>>, that
optimization does not happen.
Furthermore, the drop_in_place::<Allocation> call is only two-thirds of
the drop_in_place::<Option<Allocation>> call in the flamegraph. This
indicates that this double condition is not performing well. Also, last
time I looked at Binder perf, I remember finding that the destructor of
Allocation was involved with many branch mispredictions.
Thus, change this code to look like this:
if let Some(buffer) = buffer {
if buffer.looper_need_return_on_free() {
self.inner.lock().looper_need_return = true;
}
drop_in_place::<Allocation>(buffer);
}
by dropping the Allocation directly. Flamegraphs confirm that the
drop_in_place::<Option<Allocation>> call disappears from this change.
Signed-off-by: Alice Ryhl <[email protected]>
Acked-by: Carlos Llamas <[email protected]>
Link: https://patch.msgid.link/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Alice has been reviewing binder patches for years now and has a strong understanding of the driver, so this patch is well overdue. While here also clean up the list from folks who haven't been active for a while. Signed-off-by: Carlos Llamas <[email protected]> Acked-by: Joel Fernandes <[email protected]> Acked-by: Alice Ryhl <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
The kernel-doc comment for binder_ctl_ioctl() lacks descriptions for the @file, @cmd, and @arg parameters, which triggers warnings during documentation builds. Add the missing parameter descriptions to keep the kernel-doc consistent and free of warnings. Reported-by: kernel test robot <[email protected]> Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/ Signed-off-by: Sunday Adelodun <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
…ply_fd_fixups() The kernel-doc for binder_apply_fd_fixups() was missing a description of its return value, which triggers a kernel-doc warning. Add the missing "Return:" entry to doc that the function returns 0 on success or a negative errno on failure. Signed-off-by: Sunday Adelodun <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
Rust Binder contains the following unsafe operation:
// SAFETY: A `NodeDeath` is never inserted into the death list
// of any node other than its owner, so it is either in this
// death list or in no death list.
unsafe { node_inner.death_list.remove(self) };
This operation is unsafe because when touching the prev/next pointers of
a list element, we have to ensure that no other thread is also touching
them in parallel. If the node is present in the list that `remove` is
called on, then that is fine because we have exclusive access to that
list. If the node is not in any list, then it's also ok. But if it's
present in a different list that may be accessed in parallel, then that
may be a data race on the prev/next pointers.
And unfortunately that is exactly what is happening here. In
Node::release, we:
1. Take the lock.
2. Move all items to a local list on the stack.
3. Drop the lock.
4. Iterate the local list on the stack.
Combined with threads using the unsafe remove method on the original
list, this leads to memory corruption of the prev/next pointers. This
leads to crashes like this one:
Unable to handle kernel paging request at virtual address 000bb9841bcac70e
Mem abort info:
ESR = 0x0000000096000044
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000
CM = 0, WnR = 1, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[000bb9841bcac70e] address between user and kernel address ranges
Internal error: Oops: 0000000096000044 [#1] PREEMPT SMP
google-cdd 538c004.gcdd: context saved(CPU:1)
item - log_kevents is disabled
Modules linked in: ... rust_binder
CPU: 1 UID: 0 PID: 2092 Comm: kworker/1:178 Tainted: G S W OE 6.12.52-android16-5-g98debd5df505-4k #1 f94a6367396c5488d635708e43ee0c888d230b0b
Tainted: [S]=CPU_OUT_OF_SPEC, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: MUSTANG PVT 1.0 based on LGA (DT)
Workqueue: events _RNvXs6_NtCsdfZWD8DztAw_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCs8QPsHWIn21X_16rust_binder_main7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_ [rust_binder]
pstate: 23400005 (nzCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : _RNvXs3_NtCs8QPsHWIn21X_16rust_binder_main7processNtB5_7ProcessNtNtCsdfZWD8DztAw_6kernel9workqueue8WorkItem3run+0x450/0x11f8 [rust_binder]
lr : _RNvXs3_NtCs8QPsHWIn21X_16rust_binder_main7processNtB5_7ProcessNtNtCsdfZWD8DztAw_6kernel9workqueue8WorkItem3run+0x464/0x11f8 [rust_binder]
sp : ffffffc09b433ac0
x29: ffffffc09b433d30 x28: ffffff8821690000 x27: ffffffd40cbaa448
x26: ffffff8821690000 x25: 00000000ffffffff x24: ffffff88d0376578
x23: 0000000000000001 x22: ffffffc09b433c78 x21: ffffff88e8f9bf40
x20: ffffff88e8f9bf40 x19: ffffff882692b000 x18: ffffffd40f10bf00
x17: 00000000c006287d x16: 00000000c006287d x15: 00000000000003b0
x14: 0000000000000100 x13: 000000201cb79ae0 x12: fffffffffffffff0
x11: 0000000000000000 x10: 0000000000000001 x9 : 0000000000000000
x8 : b80bb9841bcac706 x7 : 0000000000000001 x6 : fffffffebee63f30
x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000
x2 : 0000000000004c31 x1 : ffffff88216900c0 x0 : ffffff88e8f9bf00
Call trace:
_RNvXs3_NtCs8QPsHWIn21X_16rust_binder_main7processNtB5_7ProcessNtNtCsdfZWD8DztAw_6kernel9workqueue8WorkItem3run+0x450/0x11f8 [rust_binder bbc172b53665bbc815363b22e97e3f7e3fe971fc]
process_scheduled_works+0x1c4/0x45c
worker_thread+0x32c/0x3e8
kthread+0x11c/0x1c8
ret_from_fork+0x10/0x20
Code: 94218d85 b4000155 a94026a8 d10102a0 (f9000509)
---[ end trace 0000000000000000 ]---
Thus, modify Node::release to pop items directly off the original list.
Cc: [email protected]
Fixes: eafedbc ("rust_binder: add Rust Binder driver")
Signed-off-by: Alice Ryhl <[email protected]>
Acked-by: Miguel Ojeda <[email protected]>
Link: https://patch.msgid.link/[email protected]
Signed-off-by: Greg Kroah-Hartman <[email protected]>
Similar to the previous commit, List::remove is used on delivered_deaths, so do not use mem::take on it as that may result in violations of the List::remove safety requirements. I don't think this particular case can be triggered because it requires fd close to run in parallel with an ioctl on the same fd. But let's not tempt fate. Cc: [email protected] Fixes: eafedbc ("rust_binder: add Rust Binder driver") Signed-off-by: Alice Ryhl <[email protected]> Acked-by: Miguel Ojeda <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
The previous patches in this series illustrate why the List::remove method is really dangerous. I think the real takeaway here is to replace the linked lists with a different data structure without this unsafe footgun, but for now we fix the bugs and add a warning to the docs. Signed-off-by: Alice Ryhl <[email protected]> Acked-by: Miguel Ojeda <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
pm_runtime_put_autosuspend(), pm_runtime_put_sync_autosuspend(), pm_runtime_autosuspend() and pm_request_autosuspend() now include a call to pm_runtime_mark_last_busy(). Remove the now-reduntant explicit call to pm_runtime_mark_last_busy(). Signed-off-by: Sakari Ailus <[email protected]> Acked-by: Alexander Usyskin <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
INTEL_MEI_GSC depends on either i915 or Xe and can be present when either of above is present. Cc: stable <[email protected]> Fixes: 87a4c85 ("drm/xe/gsc: add gsc device support") Tested-by: Baoli Zhang <[email protected]> Signed-off-by: Junxiao Chang <[email protected]> Signed-off-by: Alexander Usyskin <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
mei_register() fails to release the device reference in error paths after device_initialize(). During normal device registration, the reference is properly handled through mei_deregister() which calls device_destroy(). However, in error handling paths (such as cdev_alloc failure, cdev_add failure, etc.), missing put_device() calls cause reference count leaks, preventing the device's release function (mei_device_release) from being called and resulting in memory leaks of mei_device. Found by code review. Cc: stable <[email protected]> Fixes: 7704e6b ("mei: hook mei_device on class device") Signed-off-by: Ma Ke <[email protected]> Acked-by: Alexander Usyskin <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
There hasn't been any substantive work on the ocxl driver since 2020, and all patches since then have been minor fixes or part of treewide or arch-wide changes. Frederic and I are no longer spending much time on this driver. Downgrade the status of the ocxl driver to Odd Fixes, to reflect the current reality. Signed-off-by: Andrew Donnellan <[email protected]> Acked-by: Frederic Barrat <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler `c6xdigio_attach()` to configure a Comedi to use this driver, it tries to enable the parallel port PNP resources by registering a PNP driver with `pnp_register_driver()`, but ignores the return value. (The `struct pnp_driver` it uses has only the `name` and `id_table` members filled in.) The driver's Comedi "detach" handler `c6xdigio_detach()` unconditionally unregisters the PNP driver with `pnp_unregister_driver()`. It is possible for `c6xdigio_attach()` to return an error before it calls `pnp_register_driver()` and it is possible for the call to `pnp_register_driver()` to return an error (that is ignored). In both cases, the driver should not be calling `pnp_unregister_driver()` as it does in `c6xdigio_detach()`. (Note that `c6xdigio_detach()` will be called by the Comedi core if `c6xdigio_attach()` returns an error, or if the Comedi core decides to detach the Comedi device from the driver for some other reason.) The unconditional call to `pnp_unregister_driver()` without a previous successful call to `pnp_register_driver()` will cause `driver_unregister()` to issue a warning "Unexpected driver unregister!". This was detected by Syzbot [1]. Also, the PNP driver registration and unregistration should be done at module init and exit time, respectively, not when attaching or detaching Comedi devices to the driver. (There might be more than one Comedi device being attached to the driver, although that is unlikely.) Change the driver to do the PNP driver registration at module init time, and the unregistration at module exit time. Since `c6xdigio_detach()` now only calls `comedi_legacy_detach()`, remove the function and change the Comedi driver "detach" handler to `comedi_legacy_detach`. ------------------------------------------- [1] Syzbot sample crash report: Unexpected driver unregister! WARNING: CPU: 0 PID: 5970 at drivers/base/driver.c:273 driver_unregister drivers/base/driver.c:273 [inline] WARNING: CPU: 0 PID: 5970 at drivers/base/driver.c:273 driver_unregister+0x90/0xb0 drivers/base/driver.c:270 Modules linked in: CPU: 0 UID: 0 PID: 5970 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 RIP: 0010:driver_unregister drivers/base/driver.c:273 [inline] RIP: 0010:driver_unregister+0x90/0xb0 drivers/base/driver.c:270 Code: 48 89 ef e8 c2 e6 82 fc 48 89 df e8 3a 93 ff ff 5b 5d e9 c3 6d d9 fb e8 be 6d d9 fb 90 48 c7 c7 e0 f8 1f 8c e8 51 a2 97 fb 90 <0f> 0b 90 90 5b 5d e9 a5 6d d9 fb e8 e0 f4 41 fc eb 94 e8 d9 f4 41 RSP: 0018:ffffc9000373f9a0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffffffff8ff24720 RCX: ffffffff817b6ee8 RDX: ffff88807c932480 RSI: ffffffff817b6ef5 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8ff24660 R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88814cca0000 FS: 000055556dab1500(0000) GS:ffff8881249d9000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f77f285cd0 CR3: 000000007d871000 CR4: 00000000003526f0 Call Trace: <TASK> comedi_device_detach_locked+0x12f/0xa50 drivers/comedi/drivers.c:207 comedi_device_detach+0x67/0xb0 drivers/comedi/drivers.c:215 comedi_device_attach+0x43d/0x900 drivers/comedi/drivers.c:1011 do_devconfig_ioctl+0x1b1/0x710 drivers/comedi/comedi_fops.c:872 comedi_unlocked_ioctl+0x165d/0x2f00 drivers/comedi/comedi_fops.c:2178 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597 [inline] __se_sys_ioctl fs/ioctl.c:583 [inline] __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc05798eec9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcf8184238 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007fc057be5fa0 RCX: 00007fc05798eec9 RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003 RBP: 00007fc057a11f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fc057be5fa0 R14: 00007fc057be5fa0 R15: 0000000000000003 </TASK> ------------------------------------------- Reported-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=6616bba359cec7a1def1 Fixes: 2c89e15 ("Staging: comedi: add c6xdigio driver") Cc: stable <[email protected]> Signed-off-by: Ian Abbott <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
Syzbot identified an issue [1] that crashes kernel, seemingly due to unexistent callback dev->get_valid_routes(). By all means, this should not occur as said callback must always be set to get_zero_valid_routes() in __comedi_device_postconfig(). As the crash seems to appear exclusively in i386 kernels, at least, judging from [1] reports, the blame lies with compat versions of standard IOCTL handlers. Several of them are modified and do not use comedi_unlocked_ioctl(). While functionality of these ioctls essentially copy their original versions, they do not have required sanity check for device's attached status. This, in turn, leads to a possibility of calling select IOCTLs on a device that has not been properly setup, even via COMEDI_DEVCONFIG. Doing so on unconfigured devices means that several crucial steps are missed, for instance, specifying dev->get_valid_routes() callback. Fix this somewhat crudely by ensuring device's attached status before performing any ioctls, improving logic consistency between modern and compat functions. [1] Syzbot report: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... CR2: ffffffffffffffd6 CR3: 000000006c717000 CR4: 0000000000352ef0 Call Trace: <TASK> get_valid_routes drivers/comedi/comedi_fops.c:1322 [inline] parse_insn+0x78c/0x1970 drivers/comedi/comedi_fops.c:1401 do_insnlist_ioctl+0x272/0x700 drivers/comedi/comedi_fops.c:1594 compat_insnlist drivers/comedi/comedi_fops.c:3208 [inline] comedi_compat_ioctl+0x810/0x990 drivers/comedi/comedi_fops.c:3273 __do_compat_sys_ioctl fs/ioctl.c:695 [inline] __se_compat_sys_ioctl fs/ioctl.c:638 [inline] __ia32_compat_sys_ioctl+0x242/0x370 fs/ioctl.c:638 do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline] ... Reported-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=ab8008c24e84adee93ff Fixes: 3fbfd22 ("comedi: get rid of compat_alloc_user_space() mess in COMEDI_CHANINFO compat") Cc: stable <[email protected]> Reviewed-by: Ian Abbott <[email protected]> Signed-off-by: Nikita Zhandarovich <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
Syzbot identified an issue [1] in multiq3_attach() that induces a task timeout due to open() or COMEDI_DEVCONFIG ioctl operations, specifically, in the case of multiq3 driver. This problem arose when syzkaller managed to craft weird configuration options used to specify the number of channels in encoder subdevice. If a particularly great number is passed to s->n_chan in multiq3_attach() via it->options[2], then multiple calls to multiq3_encoder_reset() at the end of driver-specific attach() method will be running for minutes, thus blocking tasks and affected devices as well. While this issue is most likely not too dangerous for real-life devices, it still makes sense to sanitize configuration inputs. Enable a sensible limit on the number of encoder chips (4 chips max, each with 2 channels) to stop this behaviour from manifesting. [1] Syzbot crash: INFO: task syz.2.19:6067 blocked for more than 143 seconds. ... Call Trace: <TASK> context_switch kernel/sched/core.c:5254 [inline] __schedule+0x17c4/0x4d60 kernel/sched/core.c:6862 __schedule_loop kernel/sched/core.c:6944 [inline] schedule+0x165/0x360 kernel/sched/core.c:6959 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7016 __mutex_lock_common kernel/locking/mutex.c:676 [inline] __mutex_lock+0x7e6/0x1350 kernel/locking/mutex.c:760 comedi_open+0xc0/0x590 drivers/comedi/comedi_fops.c:2868 chrdev_open+0x4cc/0x5e0 fs/char_dev.c:414 do_dentry_open+0x953/0x13f0 fs/open.c:965 vfs_open+0x3b/0x340 fs/open.c:1097 ... Reported-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=7811bb68a317954a0347 Fixes: 77e01cd ("Staging: comedi: add multiq3 driver") Cc: stable <[email protected]> Signed-off-by: Nikita Zhandarovich <[email protected]> Reviewed-by: Ian Abbott <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems from the fact that in case of early device detach via pcl818_detach(), subdevice dev->read_subdev may not have initialized its pointer to &struct comedi_async as intended. Thus, any such dereferencing of &s->async->cmd will lead to general protection fault and kernel crash. Mitigate this problem by removing a call to pcl818_ai_cancel() from pcl818_detach() altogether. This way, if the subdevice setups its support for async commands, everything async-related will be handled via subdevice's own ->cancel() function in comedi_device_detach_locked() even before pcl818_detach(). If no support for asynchronous commands is provided, there is no need to cancel anything either. [1] Syzbot crash: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] CPU: 1 UID: 0 PID: 6050 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 drivers/comedi/drivers/pcl818.c:762 ... Call Trace: <TASK> pcl818_detach+0x66/0xd0 drivers/comedi/drivers/pcl818.c:1115 comedi_device_detach_locked+0x178/0x750 drivers/comedi/drivers.c:207 do_devconfig_ioctl drivers/comedi/comedi_fops.c:848 [inline] comedi_unlocked_ioctl+0xcde/0x1020 drivers/comedi/comedi_fops.c:2178 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:597 [inline] ... Reported-by: [email protected] Closes: https://syzkaller.appspot.com/bug?extid=fce5d9d5bd067d6fbe9b Fixes: 00aba6e ("staging: comedi: pcl818: remove 'neverending_ai' from private data") Cc: stable <[email protected]> Signed-off-by: Nikita Zhandarovich <[email protected]> Reviewed-by: Ian Abbott <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
For interrupts from badly behaved hardware (as emulated by Syzbot), it is possible for the Comedi core functions that manage the progress of asynchronous data acquisition to be called from driver ISRs while no asynchronous command has been set up, which can cause problems such as invalid pointer dereferencing or dividing by zero. To help protect against that, introduce new functions to maintain a reference counter for asynchronous commands that are being set up. `comedi_get_is_subdevice_running(s)` will check if a command has been set up on a subdevice and is still marked as running, and if so will increment the reference counter and return `true`, otherwise it will return `false` without modifying the reference counter. `comedi_put_is_subdevice_running(s)` will decrement the reference counter and set a completion event when decremented to 0. Change the `do_cmd_ioctl()` function (responsible for setting up the asynchronous command) to reinitialize the completion event and set the reference counter to 1 before it marks the subdevice as running. Change the `do_become_nonbusy()` function (responsible for destroying a completed command) to call `comedi_put_is_subdevice_running(s)` and wait for the completion event after marking the subdevice as not running. Because the subdevice normally gets marked as not running before the call to `do_become_nonbusy()` (and may also be called when the Comedi device is being detached from the low-level driver), add a new flag `COMEDI_SRF_BUSY` to the set of subdevice run-flags that indicates that an asynchronous command was set up and will need to be destroyed. This flag is set by `do_cmd_ioctl()` and cleared and checked by `do_become_nonbusy()`. Subsequent patches will change the Comedi core functions that are called from low-level drivers for asynchrous command handling to make use of the `comedi_get_is_subdevice_running()` and `comedi_put_is_subdevice_running()` functions, and will modify the ISRs of some of these low-level drivers if they dereference the subdevice's `async` pointer directly. Signed-off-by: Ian Abbott <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
For interrupts from badly behaved hardware (as emulated by Syzbot), it is possible for the Comedi core functions that manage the progress of asynchronous data acquisition to be called from driver ISRs while no asynchronous command has been set up, which can cause problems such as invalid pointer dereferencing or dividing by zero. Change those functions in the Comedi core to use this pattern: if `comedi_get_is_subdevice_running(s)` returns `true` then call a safe version of the function with the same name prefixed with an underscore, followed by a call to `comedi_put_is_subdevice_running(s)`, otherwise take some default action. `comedi_get_is_subdevice_running(s)` returning `true` ensures that the details of the asynchronous command will not be destroyed before the matching call to `comedi_put_is_subdevice_running(s)`. Replace calls to those functions from elsewhere in the Comedi core with calls to the safe versions of the functions. The modified functions are: `comedi_buf_read_alloc()`, `comedi_buf_read_free()`, `comedi_buf_read_n_available()`, `comedi_buf_read_samples()`, `comedi_buf_write_alloc()`, `comedi_buf_write_free()`, `comedi_buf_write_samples()`, `comedi_bytes_per_scan()`, `comedi_event()`, `comedi_handle_events()`, `comedi_inc_scan_progress()`, `comedi_nsamples_left()`, `comedi_nscans_left()`. Signed-off-by: Ian Abbott <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
Add `comedi_open_from(path, from)` and `comedi_close_from(dev, from)` as variants of the existing `comedi_from(path)` and `comedi_close(dev)`. The additional `from` parameter is a minor device number that tells the function that the COMEDI device is being opened or closed from another COMEDI device if the value is in the range [0, `COMEDI_NUM_BOARD_MINORS`-1]. In that case the function will refuse to open the device if it would lead to a chain of devices opening each other. (It will also impose a limit on the number of simultaneous opens from one device to another because we need to count those.) The new functions are intended to be used by the "comedi_bond" driver, which is the only driver that uses the existing `comedi_open()` and `comedi_close()` functions. The new functions will be used to avoid some possible deadlock situations. Replace the existing, exported `comedi_open()` and `comedi_close()` functions with inline wrapper functions that call the newly exported `comedi_open_from()` and `comedi_close_from()` functions. Signed-off-by: Ian Abbott <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Greg Kroah-Hartman <[email protected]>
Currently, if the sleep flag is set, psi_dequeue() doesn't change any of the psi_flags. This is because psi_task_switch() will clear TSK_ONCPU as well as other potential flags (TSK_RUNNING), and the assumption is that a voluntary sleep always consists of a task being dequeued followed shortly there after with a psi_sched_switch() call. Proxy Execution changes this expectation, as mutex-blocked tasks that would normally sleep stay on the runqueue. But in the case where the mutex-owning task goes to sleep, or the owner is on a remote cpu, we will then deactivate the blocked task shortly after. In that situation, the mutex-blocked task will have had its TSK_ONCPU cleared when it was switched off the cpu, but it will stay TSK_RUNNING. Then if we later dequeue it (as currently done if we hit a case find_proxy_task() can't yet handle, such as the case of the owner being on another rq or a sleeping owner) psi_dequeue() won't change any state (leaving it TSK_RUNNING), as it incorrectly expects a psi_task_switch() call to immediately follow. Later on when the task get woken/re-enqueued, and psi_flags are set for TSK_RUNNING, we hit an error as the task is already TSK_RUNNING: psi: inconsistent task state! task=188:kworker/28:0 cpu=28 psi_flags=4 clear=0 set=4 To resolve this, extend the logic in psi_dequeue() so that if the sleep flag is set, we also check if psi_flags have TSK_ONCPU set (meaning the psi_task_switch is imminent) before we do the shortcut return. If TSK_ONCPU is not set, that means we've already switched away, and this psi_dequeue call needs to clear the flags. Fixes: be41bde ("sched: Add an initial sketch of the find_proxy_task() function") Reported-by: K Prateek Nayak <[email protected]> Signed-off-by: John Stultz <[email protected]> Signed-off-by: Ingo Molnar <[email protected]> Tested-by: K Prateek Nayak <[email protected]> Tested-by: Haiyue Wang <[email protected]> Acked-by: Johannes Weiner <[email protected]> Link: https://patch.msgid.link/[email protected] Closes: https://lore.kernel.org/lkml/[email protected]/
…rnel/git/modules/linux
Pull module updates from Daniel Gomez:
"Rust module parameter support:
- Add Rust module parameter support, enabling Rust kernel modules to
declare and use module parameters. The rust_minimal sample module
demonstrates this, and the rust null block driver will be the first
to use it in the next cycle. This also adds the Rust module files
under the modules subsystem as agreed between the Rust and modules
maintainers.
Hardening:
- Add compile-time check for embedded NUL characters in MODULE_*()
macros. This module metadata was once used (and maybe still) to
bypass license enforcement (LWN article from 2003):
https://lwn.net/Articles/82305/ [1]
MAINTAINERS:
- Add Aaron Tomlin as reviewer for the Modules subsystem"
* tag 'modules-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux:
MAINTAINERS: Add myself as reviewer for module support
module: Add compile-time check for embedded NUL characters
media: radio: si470x: Fix DRIVER_AUTHOR macro definition
media: dvb-usb-v2: lmedm04: Fix firmware macro definitions
modules: add rust modules files to MAINTAINERS
rust: samples: add a module parameter to the rust_minimal sample
rust: module: update the module macro with module parameter support
rust: module: use a reference in macros::module::module
rust: introduce module_param module
rust: str: add radix prefixed integer parsing functions
rust: sync: add `SetOnce`
Commit 14e9a18 ("rust: sync: atomic: Make Atomic*Ops pub(crate)") added a `pub(crate)` import in the same "block" as the `pub` one, without running `rustfmt`, which would sort them differently. Instead of running `rustfmt` as-is, add a newline to keep the import "blocks" with different visibilities separate. Signed-off-by: Miguel Ojeda <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
Pull bitmap updates from Yury Norov:
- Runtime field_{get,prep}() (Geert)
- Rust ID pool updates (Alice)
- min_t() simplification (David)
- __sw_hweightN kernel-doc fixes (Andy)
- cpumask.h headers cleanup (Andy)
* tag 'bitmap-for-6.19' of github.com:/norov/linux: (32 commits)
rust_binder: use bitmap for allocation of handles
rust: id_pool: do not immediately acquire new ids
rust: id_pool: do not supply starting capacity
rust: id_pool: rename IdPool::new() to with_capacity()
rust: bitmap: add BitmapVec::new_inline()
rust: bitmap: add MAX_LEN and MAX_INLINE_LEN constants
cpumask: Don't use "proxy" headers
soc: renesas: Use bitfield helpers
clk: renesas: Use bitfield helpers
ALSA: usb-audio: Convert to common field_{get,prep}() helpers
soc: renesas: rz-sysc: Convert to common field_get() helper
pinctrl: ma35: Convert to common field_{get,prep}() helpers
iio: mlx90614: Convert to common field_{get,prep}() helpers
iio: dac: Convert to common field_prep() helper
gpio: aspeed: Convert to common field_{get,prep}() helpers
EDAC/ie31200: Convert to common field_get() helper
crypto: qat - convert to common field_get() helper
clk: at91: Convert to common field_{get,prep}() helpers
bitfield: Add non-constant field_{prep,get}() helpers
bitfield: Add less-checking __FIELD_{GET,PREP}()
...
…cm/linux/kernel/git/mszyprowski/linux Pull dma-mapping updates from Marek Szyprowski: - More DMA mapping API refactoring to physical addresses as the primary interface instead of page+offset parameters. This time dma_map_ops callbacks are converted to physical addresses, what in turn results also in some simplification of architecture specific code (Leon Romanovsky and Jason Gunthorpe) - Clarify that dma_map_benchmark is not a kernel self-test, but standalone tool (Qinxin Xia) * tag 'dma-mapping-6.19-2025-12-05' of git://git.kernel.org/pub/scm/linux/kernel/git/mszyprowski/linux: dma-mapping: remove unused map_page callback xen: swiotlb: Convert mapping routine to rely on physical address x86: Use physical address for DMA mapping sparc: Use physical address DMA mapping powerpc: Convert to physical address DMA mapping parisc: Convert DMA map_page to map_phys interface MIPS/jazzdma: Provide physical address directly alpha: Convert mapping routine to rely on physical address dma-mapping: remove unused mapping resource callbacks xen: swiotlb: Switch to physical address mapping callbacks ARM: dma-mapping: Switch to physical address mapping callbacks ARM: dma-mapping: Reduce struct page exposure in arch_sync_dma*() dma-mapping: convert dummy ops to physical address mapping dma-mapping: prepare dma_map_ops to conversion to physical address tools/dma: move dma_map_benchmark from selftests to tools/dma
…kernel/git/nvdimm/nvdimm Pull nvdimm updates from Ira Weiny: "These are mainly bug fixes and code updates. There is a new feature to divide up memmap= carve outs and a fix caught in linux-next for that patch. Managing memmap memory on the fly for multiple VM's was proving difficult and Mike provided a driver which allows for the memory to be better manged. Summary: - Allow exposing RAM carveouts as NVDIMM DIMM devices - Prevent integer overflow in ramdax_get_config_data() - Replace use of system_wq with system_percpu_wq - Documentation: btt: Unwrap bit 31-30 nested table - tools/testing/nvdimm: Use per-DIMM device handle" * tag 'libnvdimm-for-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: nvdimm: Prevent integer overflow in ramdax_get_config_data() Documentation: btt: Unwrap bit 31-30 nested table nvdimm: replace use of system_wq with system_percpu_wq tools/testing/nvdimm: Use per-DIMM device handle nvdimm: allow exposing RAM carveouts as NVDIMM DIMM devices
…ux/kernel/git/lenb/linux Pull turbostat updates from Len Brown: - Add LLC statistics columns: LLCkRPS = Last Level Cache Thousands of References Per Second LLC%hit = Last Level Cache Hit % - Recognize Wildcat Lake and Nova Lake platforms - Add MSR check for Android - Add APERF check for VMWARE - Add RAPL check for AWS - Minor fixes to turbostat (and x86_energy_perf_policy) * tag 'turbostat-v2025.12.02' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux: (21 commits) tools/power turbostat: version 2025.12.02 tools/power turbostat: Print wide names only for RAW 64-bit columns tools/power turbostat: Print percentages in 8-columns tools/power turbostat: Print "nan" for out of range percentages tools/power turbostat: Validate APERF access for VMWARE tools/power turbostat: Enhance perf probe tools/power turbostat: Validate RAPL MSRs for AWS Nitro Hypervisor tools/power x86_energy_perf_policy: Fix potential NULL pointer dereference tools/power x86_energy_perf_policy: Fix format string in error message tools/power x86_energy_perf_policy: Simplify Android MSR probe tools/power x86_energy_perf_policy: Add Android MSR device support tools/power turbostat: Add run-time MSR driver probe tools/power turbostat: Set per_cpu_msr_sum to NULL after free tools/power turbostat: Add LLC stats tools/power turbostat: Remove dead code tools/power turbostat: Refactor floating point printout code tools/power turbostat.8: Update example tools/power turbostat: Refactor added-counter value printing code tools/power turbostat: Refactor added column header printing tools/power turbostat: Add Wildcat Lake and Nova Lake support ...
…ernel/git/mic/linux Pull landlock updates from Mickaël Salaün: "This mainly fixes handling of disconnected directories and adds new tests" * tag 'landlock-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux: selftests/landlock: Add disconnected leafs and branch test suites selftests/landlock: Add tests for access through disconnected paths landlock: Improve variable scope landlock: Fix handling of disconnected directories selftests/landlock: Fix makefile header list landlock: Make docs in cred.h and domain.h visible landlock: Minor comments improvements
…git/remoteproc/linux Pull remoteproc updates from Bjorn Andersson: - Add support for the compute DSP in the Qualcomm SDM660 platform, and finally fix up the way MSM8974 audio DSP remoteproc driver manages its power rails - Replace the usage of of_reserved_mem_lookup() with of_reserved_mem_region_to_resource() to clean things up across most of the drivers - Perform a variety of housekeeping and cleanup work across iMX, Mediatek, and TI remoteproc drivers * tag 'rproc-v6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux: (45 commits) remoteproc: qcom_q6v5_wcss: use optional reset for wcss_q6_bcr_reset remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs remoteproc: qcom_wcnss: Fix NULL vs IS_ERR() bug in wcnss_alloc_memory_region() remoteproc: qcom: q6v5: Fix NULL vs IS_ERR() bug in q6v5_alloc_memory_region() remoteproc: qcom: pas: Fix a couple NULL vs IS_ERR() bugs remoteproc: qcom_q6v5_adsp: Fix a NULL vs IS_ERR() check in adsp_alloc_memory_region() remoteproc: imx_dsp_rproc: Fix NULL vs IS_ERR() bug in imx_dsp_rproc_add_carveout() remoteproc: st: Fix indexing of memory-regions remoteproc: qcom: pas: Add support for SDM660 CDSP dt-bindings: remoteproc: qcom: adsp: Add SDM660 CDSP compatible dt-bindings: remoteproc: qcom: adsp: Add missing constrains for SDM660 ADSP dt-bindings: remoteproc: qcom,sc8280xp-pas: Fix CDSP power desc remoteproc: omap: Remove redundant pm_runtime_mark_last_busy() calls remoteproc: qcom: Use of_reserved_mem_region_* functions for "memory-region" remoteproc: qcom_q6v5_pas: Use resource with CX PD for MSM8974 dt-bindings: remoteproc: qcom,adsp: Make msm8974 use CX as power domain remoteproc: Use of_reserved_mem_region_* functions for "memory-region" remoteproc: imx_dsp_rproc: Simplify start/stop error handling remoteproc: imx_rproc: Remove enum imx_rproc_method remoteproc: imx_dsp_rproc: Simplify IMX_RPROC_RESET_CONTROLLER switch case ...
…git/remoteproc/linux Pull rpmsg updates from Bjorn Andersson: - Reduce code duplication related to channel removal, and invoke the removal in one case previously missing, both in the Glink driver * tag 'rpmsg-v6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux: rpmsg: glink: remove duplicate code for rpmsg device remove rpmsg: glink: fix rpmsg device leak
…inux-watchdog Pull watchdog updates from Wim Van Sebroeck: - Add watchdog support for: - Renesas WWDT - AST2700 platform - MediaTek MT8189 SoC - Loongson-2k0300 watchdog - Qualcomm Kaanapali watchdog - RK3506 compatible - Airoha AN7583 SoC - DT Schema conversions: - lantiq,wdt - TI OMAP - marvell,orion-wdt - Several other fixes and improvements * tag 'linux-watchdog-6.19-rc1' of git://www.linux-watchdog.org/linux-watchdog: (30 commits) watchdog: starfive: Fix resource leak in probe error path dt-bindings: watchdog: airoha: Add support for Airoha AN7583 SoC dt-bindings: watchdog: lantiq,wdt: convert bindings to dtschema dt-bindings: watchdog: Add RK3506 compatible dt-bindings: watchdog: Document Qualcomm Kaanapali watchdog watchdog: wdat_wdt: Fix ACPI table leak in probe function watchdog: loongson1: Add Loongson-2k0300 watchdog support dt-bindings: watchdog: loongson,ls1x-wdt: Add ls2k0300-wdt compatible watchdog: loongson1: Drop CONFIG_OF watchdog: loongson1: Simplify ls1x_wdt_probe code watchdog: loongson1: Add missing MODULE_PARM_DESC watchdog/diag288: Fix module comment typos dt-bindings: watchdog: Support MediaTek MT8189 wdt dt-bindings: watchdog: mediatek,mtk-wdt: Add compatible for MT8189 SoC dt-bindings: mfd: rohm,bd96801-pmic: Correct timeout-sec length and reference watchdog schema dt-bindings: watchdog: Allow node names named 'pmic' dt-bindings: watchdog: Restrict timeout-sec to one number watchdog: renesas_wwdt: add driver dt-bindings: watchdog: Add Renesas WWDT dt-bindings: watchdog: Convert marvell,orion-wdt to DT schema ...
…/git/devsec/tsm
Pull PCIe Link Encryption and Device Authentication from Dan Williams:
"New PCI infrastructure and one architecture implementation for PCIe
link encryption establishment via platform firmware services.
This work is the result of multiple vendors coming to consensus on
some core infrastructure (thanks Alexey, Yilun, and Aneesh!), and
three vendor implementations, although only one is included in this
pull. The PCI core changes have an ack from Bjorn, the crypto/ccp/
changes have an ack from Tom, and the iommu/amd/ changes have an ack
from Joerg.
PCIe link encryption is made possible by the soup of acronyms
mentioned in the shortlog below. Link Integrity and Data Encryption
(IDE) is a protocol for installing keys in the transmitter and
receiver at each end of a link. That protocol is transported over Data
Object Exchange (DOE) mailboxes using PCI configuration requests.
The aspect that makes this a "platform firmware service" is that the
key provisioning and protocol is coordinated through a Trusted
Execution Envrionment (TEE) Security Manager (TSM). That is either
firmware running in a coprocessor (AMD SEV-TIO), or quasi-hypervisor
software (Intel TDX Connect / ARM CCA) running in a protected CPU
mode.
Now, the only reason to ask a TSM to run this protocol and install the
keys rather than have a Linux driver do the same is so that later, a
confidential VM can ask the TSM directly "can you certify this
device?".
That precludes host Linux from provisioning its own keys, because host
Linux is outside the trust domain for the VM. It also turns out that
all architectures, save for one, do not publish a mechanism for an OS
to establish keys in the root port. So "TSM-established link
encryption" is the only cross-architecture path for this capability
for the foreseeable future.
This unblocks the other arch implementations to follow in v6.20/v7.0,
once they clear some other dependencies, and it unblocks the next
phase of work to implement the end-to-end flow of confidential device
assignment. The PCIe specification calls this end-to-end flow Trusted
Execution Environment (TEE) Device Interface Security Protocol
(TDISP).
In the meantime, Linux gets a link encryption facility which has
practical benefits along the same lines as memory encryption. It
authenticates devices via certificates and may protect against
interposer attacks trying to capture clear-text PCIe traffic.
Summary:
- Introduce the PCI/TSM core for the coordination of device
authentication, link encryption and establishment (IDE), and later
management of the device security operational states (TDISP).
Notify the new TSM core layer of PCI device arrival and departure
- Add a low level TSM driver for the link encryption establishment
capabilities of the AMD SEV-TIO architecture
- Add a library of helpers TSM drivers to use for IDE establishment
and the DOE transport
- Add skeleton support for 'bind' and 'guest_request' operations in
support of TDISP"
* tag 'tsm-for-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/devsec/tsm: (23 commits)
crypto/ccp: Fix CONFIG_PCI=n build
virt: Fix Kconfig warning when selecting TSM without VIRT_DRIVERS
crypto/ccp: Implement SEV-TIO PCIe IDE (phase1)
iommu/amd: Report SEV-TIO support
psp-sev: Assign numbers to all status codes and add new
ccp: Make snp_reclaim_pages and __sev_do_cmd_locked public
PCI/TSM: Add 'dsm' and 'bound' attributes for dependent functions
PCI/TSM: Add pci_tsm_guest_req() for managing TDIs
PCI/TSM: Add pci_tsm_bind() helper for instantiating TDIs
PCI/IDE: Initialize an ID for all IDE streams
PCI/IDE: Add Address Association Register setup for downstream MMIO
resource: Introduce resource_assigned() for discerning active resources
PCI/TSM: Drop stub for pci_tsm_doe_transfer()
drivers/virt: Drop VIRT_DRIVERS build dependency
PCI/TSM: Report active IDE streams
PCI/IDE: Report available IDE streams
PCI/IDE: Add IDE establishment helpers
PCI: Establish document for PCI host bridge sysfs attributes
PCI: Add PCIe Device 3 Extended Capability enumeration
PCI/TSM: Establish Secure Sessions and Link Encryption
...
…nux/kernel/git/xen/tip Pull xen updates from Juergen Gross: "This round it contains only three small cleanup patches" * tag 'for-linus-6.19-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: drivers/xen: use min() instead of min_t() drivers/xen/xenbus: Replace deprecated strcpy in xenbus_transaction_end drivers/xen/xenbus: Simplify return statement in join()
…t/cel/linux
Pull nfsd updates from Chuck Lever:
- Mike Snitzer's mechanism for disabling I/O caching introduced in
v6.18 is extended to include using direct I/O. The goal is to further
reduce the memory footprint consumed by NFS clients accessing large
data sets via NFSD.
- The NFSD community adopted a maintainer entry profile during this
cycle. See
Documentation/filesystems/nfs/nfsd-maintainer-entry-profile.rst
- Work continues on hardening NFSD's implementation of the pNFS block
layout type. This type enables pNFS clients to directly access the
underlying block devices that contain an exported file system,
reducing server overhead and increasing data throughput.
- The remaining patches are clean-ups and minor optimizations. Many
thanks to the contributors, reviewers, testers, and bug reporters who
participated during the v6.19 NFSD development cycle.
* tag 'nfsd-6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux: (38 commits)
NFSD: nfsd-io-modes: Separate lists
NFSD: nfsd-io-modes: Wrap shell snippets in literal code blocks
NFSD: Add toctree entry for NFSD IO modes docs
NFSD: add Documentation/filesystems/nfs/nfsd-io-modes.rst
NFSD: Implement NFSD_IO_DIRECT for NFS WRITE
NFSD: Make FILE_SYNC WRITEs comply with spec
NFSD: Add trace point for SCSI fencing operation.
NFSD: use correct reservation type in nfsd4_scsi_fence_client
xdrgen: Don't generate unnecessary semicolon
xdrgen: Fix union declarations
NFSD: don't start nfsd if sv_permsocks is empty
xdrgen: handle _XdrString in union encoder/decoder
xdrgen: Fix the variable-length opaque field decoder template
xdrgen: Make the xdrgen script location-independent
xdrgen: Generalize/harden pathname construction
lockd: don't allow locking on reexported NFSv2/3
MAINTAINERS: add a nfsd blocklayout reviewer
nfsd: Use MD5 library instead of crypto_shash
nfsd: stop pretending that we cache the SEQUENCE reply.
NFS: nfsd-maintainer-entry-profile: Inline function name prefixes
...
Commit eeb9341 ("iommu/amd: Report SEV-TIO support") was confused about the config options that expose amd_iommu_sev_tio_supported(), and made the declaration (and alternative dummy function) conditional on the CONFIG_AMD_IOMMU config option. But the code is actually dependent on CONFIG_KVM_AMD_SEV, resulting in ERROR: modpost: "amd_iommu_sev_tio_supported" [drivers/crypto/ccp/ccp.ko] undefined! make[2]: *** [scripts/Makefile.modpost:147: Module.symvers] Error 1 if you have the AMD iommu enabled, but don't enable KVM_AMD_SEV support. Fix it by moving the declaration into the right #ifdef section in the header file. Fixes: eeb9341 ("iommu/amd: Report SEV-TIO support") Cc: Alexey Kardashevskiy <[email protected]> Cc: Joerg Roedel <[email protected]> Cc: Vasant Hegde <[email protected]> Cc: Tom Lendacky <[email protected]> Cc: Dan Williams <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
…/linux/kernel/git/tip/tip
Pull locking fixes from Ingo Molnar:
"Two fixes related to recent introduction of scoped_seqlock_read():
- Fix compiler build failures when a particular .config and compiler
build options variant doesn't result in the expected removal of
unused, catch-bugs portions of scoped_seqlock_read() by the inliner
at build time, and cause a linker fail even in correct code
- Match read-locking order in do_task_stat() and do_io_accounting().
The inconsistency here was harmless but unnecessary"
* tag 'locking-urgent-2025-12-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
seqlock: Cure some more scoped_seqlock() optimization fails
seqlock, procfs: Match scoped_seqlock_read() critical section vs. RCU ordering in do_task_stat() to do_io_accounting()
…/linux/kernel/git/tip/tip Pull objtool fixes from Ingo Molnar: "Address various objtool scalability bugs/inefficiencies exposed by allmodconfig builds, plus improve the quality of alternatives instructions generated code and disassembly" * tag 'objtool-urgent-2025-12-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: objtool: Simplify .annotate_insn code generation output some more objtool: Add more robust signal error handling, detect and warn about stack overflows objtool: Remove newlines and tabs from annotation macros objtool: Consolidate annotation macros x86/asm: Remove ANNOTATE_DATA_SPECIAL usage x86/alternative: Remove ANNOTATE_DATA_SPECIAL usage objtool: Fix stack overflow in validate_branch()
…inux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar:
"Miscellaneous scheduler fixes/cleanups:
- Fix psi_dequeue() for Proxy Execution
- Fix hrtick() vs. scheduling context bug
- Fix unfairness caused by stalled tg_load_avg_contrib when the last
task migrates out
- Fix whitespace noise in headers
- Remove a preempt-disable section in rt_mutex_setprio()"
* tag 'sched-urgent-2025-12-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
sched/core: Fix psi_dequeue() for Proxy Execution
sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out
sched/rt: Remove a preempt-disable section in rt_mutex_setprio()
sched/hrtick: Fix hrtick() vs. scheduling context
sched/headers: Remove whitespace noise from kernel/sched/sched.h
…ux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Miscellaneous documentation fixes" * tag 'x86-urgent-2025-12-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/boot/Documentation: Prefix hexadecimal literals with 0x x86/boot/Documentation: Spell 'ID' consistently x86/platform: Fix and extend kernel-doc comments in <asm/x86_init.h>
…l/git/trace/linux-trace Pull tracing fixes from Steven Rostedt: - Fix accounting of stop_count in file release On opening the trace file, if "pause-on-trace" option is set, it will increment the stop_count. On file release, it checks if stop_count is set, and if so it decrements it. Since this code was originally written, the stop_count can be incremented by other use cases. This makes just checking the stop_count not enough to know if it should be decremented. Add a new iterator flag called "PAUSE" and have it set if the open disables tracing and only decrement the stop_count if that flag is set on close. - Remove length field in trace_seq_printf() of print_synth_event() When printing the synthetic event that has a static length array field, the vsprintf() of the trace_seq_printf() triggered a "(efault)" in the output. That's because the print_fmt replaced the "%.*s" with "%s" causing the arguments to be off. - Fix a bunch of typos * tag 'trace-v6.19-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace: tracing: Fix typo in trace_seq.c tracing: Fix typo in trace_probe.c tracing: Fix multiple typos in trace_osnoise.c tracing: Fix multiple typos in trace_events_user.c tracing: Fix typo in trace_events_trigger.c tracing: Fix typo in trace_events_hist.c tracing: Fix typo in trace_events_filter.c tracing: Fix multiple typos in trace_events.c tracing: Fix multiple typos in trace.c tracing: Fix typo in ring_buffer_benchmark.c tracing: Fix multiple typos in ring_buffer.c tracing: Fix typo in fprobe.c tracing: Fix typo in fpgraph.c tracing: Fix fixed array of synthetic event tracing: Fix enabling of tracing on file release
…pub/scm/linux/kernel/git/akpm/mm
Pull non-MM updates from Andrew Morton:
- "panic: sys_info: Refactor and fix a potential issue" (Andy Shevchenko)
fixes a build issue and does some cleanup in ib/sys_info.c
- "Implement mul_u64_u64_div_u64_roundup()" (David Laight)
enhances the 64-bit math code on behalf of a PWM driver and beefs up
the test module for these library functions
- "scripts/gdb/symbols: make BPF debug info available to GDB" (Ilya Leoshkevich)
makes BPF symbol names, sizes, and line numbers available to the GDB
debugger
- "Enable hung_task and lockup cases to dump system info on demand" (Feng Tang)
adds a sysctl which can be used to cause additional info dumping when
the hung-task and lockup detectors fire
- "lib/base64: add generic encoder/decoder, migrate users" (Kuan-Wei Chiu)
adds a general base64 encoder/decoder to lib/ and migrates several
users away from their private implementations
- "rbree: inline rb_first() and rb_last()" (Eric Dumazet)
makes TCP a little faster
- "liveupdate: Rework KHO for in-kernel users" (Pasha Tatashin)
reworks the KEXEC Handover interfaces in preparation for Live Update
Orchestrator (LUO), and possibly for other future clients
- "kho: simplify state machine and enable dynamic updates" (Pasha Tatashin)
increases the flexibility of KEXEC Handover. Also preparation for LUO
- "Live Update Orchestrator" (Pasha Tatashin)
is a major new feature targeted at cloud environments. Quoting the
cover letter:
This series introduces the Live Update Orchestrator, a kernel
subsystem designed to facilitate live kernel updates using a
kexec-based reboot. This capability is critical for cloud
environments, allowing hypervisors to be updated with minimal
downtime for running virtual machines. LUO achieves this by
preserving the state of selected resources, such as memory,
devices and their dependencies, across the kernel transition.
As a key feature, this series includes support for preserving
memfd file descriptors, which allows critical in-memory data, such
as guest RAM or any other large memory region, to be maintained in
RAM across the kexec reboot.
Mike Rappaport merits a mention here, for his extensive review and
testing work.
- "kexec: reorganize kexec and kdump sysfs" (Sourabh Jain)
moves the kexec and kdump sysfs entries from /sys/kernel/ to
/sys/kernel/kexec/ and adds back-compatibility symlinks which can
hopefully be removed one day
- "kho: fixes for vmalloc restoration" (Mike Rapoport)
fixes a BUG which was being hit during KHO restoration of vmalloc()
regions
* tag 'mm-nonmm-stable-2025-12-06-11-14' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (139 commits)
calibrate: update header inclusion
Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()"
vmcoreinfo: track and log recoverable hardware errors
kho: fix restoring of contiguous ranges of order-0 pages
kho: kho_restore_vmalloc: fix initialization of pages array
MAINTAINERS: TPM DEVICE DRIVER: update the W-tag
init: replace simple_strtoul with kstrtoul to improve lpj_setup
KHO: fix boot failure due to kmemleak access to non-PRESENT pages
Documentation/ABI: new kexec and kdump sysfs interface
Documentation/ABI: mark old kexec sysfs deprecated
kexec: move sysfs entries to /sys/kernel/kexec
test_kho: always print restore status
kho: free chunks using free_page() instead of kfree()
selftests/liveupdate: add kexec test for multiple and empty sessions
selftests/liveupdate: add simple kexec-based selftest for LUO
selftests/liveupdate: add userspace API selftests
docs: add documentation for memfd preservation via LUO
mm: memfd_luo: allow preserving memfd
liveupdate: luo_file: add private argument to store runtime state
mm: shmem: export some functions to internal.h
...
Commit 2f26f58 ("ocfs2: annotate flexible array members with __counted_by_le()") started annotating the flexible arrays used by ocfs2, and now gcc complains about ocfs2_reflink_xattr_header(): In function ‘fortify_memset_chk’, inlined from ‘ocfs2_reflink_xattr_header’ at fs/ocfs2/xattr.c:6365:5: include/linux/fortify-string.h:480:25: error: call to ‘__write_overflow_field’ declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror=attribute-warning] and it looks like the complaint is valid - even if the actual error message is somewhat confusing. The 'last' pointer points to past the end of the counted flex array, but is used as an actual 'last' entry rather than a 'one-past-last'. It looks like the code copied and cleared an extra entry (which is likely harmless in practice), but I don't know ocfs2 at all. Because it's also possible that the counted-by annotations are off-by-one, and so this needs checking by somebody who actually knows ocfs2. But in the meantime this fixes the build error, and certainly _looks_ sane. Cc: Dmitry Antipov <[email protected]> Cc: Joseph Qi <[email protected]> Cc: Heming Zhao <[email protected]> Cc: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
…kernel/git/deller/linux-fbdev Pull fbdev updates from Helge Deller: "The Termius 10x18 console bitmap font has been added. It is good match for modern 13-16 inch laptop displays with resolutions like 1280x800 and 1440x900 pixels. The gbefb and tcx.c drivers got some fixes to restore X11 support, pxafb was not actually clamping input values and the ssd1307fb driver leaked memory in the failure path. The other patches convert some common drivers to use dev_info() and dev_dbg() instead of printk(). Summary: Framework updates: - fonts: Add Terminus 10x18 console font [Neilay Kharwadkar] Driver fixes: - gbefb: fix to use physical address instead of dma address [René Rebe] - tcx.c fix mem_map to correct smem_start offset [René Rebe] - pxafb: Fix multiple clamped values in pxafb_adjust_timing [Thorsten Blum] - ssd1307fb: fix potential page leak in ssd1307fb_probe() [Abdun Nihaal] Cleanups: - vga16fb: Request memory region [Javier Garcia] - vga16fb: replace printk() with dev_*() in probe [Vivek BalachandharTN] - vesafb, gxt4500fb, tridentfb: Use dev_dbg() instead of printk() [Javier Garcia] - i810: use dev_info() [Shi Hao]" * tag 'fbdev-for-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev: fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() fbdev: i810: use appopriate log interface dev_info fbdev: tridentfb: replace printk() with dev_*() in probe lib/fonts: Add Terminus 10x18 console font fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing fbdev: tcx.c fix mem_map to correct smem_start offset fbdev: gxt4500fb: Use dev_err instead of printk fbdev: gbefb: fix to use physical address instead of dma address fbdev: vesafb: Use dev_* fn's instead printk fbdev: vga16fb: Request memory region fbdev: vga16fb: replace printk() with dev_*() in probe
…/kernel/git/deller/parisc-linux
Pull parisc architecture updates from Helge Deller:
"A fix which allows booting on the very old 710 workstations, and two
fixes in the syscall entry/exit path which allow to execute 64-bit
userspace binaries.
Note that although we currently have a 64-bit (static) kernel to allow
more than 4 GB physical RAM, there is no support for 64-bit userspace
for parisc-linux yet, but Dave and Sven are making slowly progress to
port and fix glibc and gcc.
Summary:
- Fix boot on 710 workstation by not reprogramming ASP chip
- Fix 64bit userspace syscalls (64-bit userspace is still being
developed)
- minor code cleanups in asm/bug.h and perf_regs.c"
* tag 'parisc-for-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Do not reprogram affinitiy on ASP chip
parisc: Drop linux/kernel.h include from asm/bug.h header
parisc: remove unneeded semicolon in perf_regs.c
parisc: entry.S: fix space adjustment on interruption for 64-bit userspace
parisc: entry: set W bit for !compat tasks in syscall_restore_rfi()
parisc: Drop padding fields and layers entries from inventory log
…l/git/gregkh/spdx Pull SPDX License update from Greg KH: "Here is a single patch that updates the LGPL-2.1 license text with the "alternate" SPDX tags that are allowed for this license type" * tag 'spdx-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx: LICENSES: Add modern form of the LGPL-2.1 tags to the usage guide section
…kernel/git/gregkh/char-misc
Pull char/misc/IIO driver updates from Greg KH:
"Here is the big set of char/misc/iio driver updates for 6.19-rc1. Lots
of stuff in here including:
- lots of IIO driver updates, cleanups, and additions
- large interconnect driver changes as they get converted over to a
dynamic system of ids
- coresight driver updates
- mwave driver updates
- binder driver updates and changes
- comedi driver fixes now that the fuzzers are being set loose on
them
- nvmem driver updates
- new uio driver addition
- lots of other small char/misc driver updates, full details in the
shortlog
All of these have been in linux-next for a while now"
* tag 'char-misc-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (304 commits)
char: applicom: fix NULL pointer dereference in ac_ioctl
hangcheck-timer: fix coding style spacing
hangcheck-timer: Replace %Ld with %lld
hangcheck-timer: replace printk(KERN_CRIT) with pr_crit
uio: Add SVA support for PCI devices via uio_pci_generic_sva.c
dt-bindings: slimbus: fix warning from example
intel_th: Fix error handling in intel_th_output_open
misc: rp1: Fix an error handling path in rp1_probe()
char: xillybus: add WQ_UNBOUND to alloc_workqueue users
misc: bh1770glc: use pm_runtime_resume_and_get() in power_state_store
misc: cb710: Fix a NULL vs IS_ERR() check in probe()
mux: mmio: Add suspend and resume support
virt: acrn: split acrn_mmio_dev_res out of acrn_mmiodev
greybus: gb-beagleplay: Fix timeout handling in bootloader functions
greybus: add WQ_PERCPU to alloc_workqueue users
char/mwave: drop typedefs
char/mwave: drop printk wrapper
char/mwave: remove printk tracing
char/mwave: remove unneeded fops
char/mwave: remove MWAVE_FUTZ_WITH_OTHER_DEVICES ifdeffery
...
…/git/gregkh/tty
Pull tty/serial updates from Greg KH:
"Here is the big set of tty/serial driver changes for 6.19-rc1. Nothing
major at all, just small constant churn to make the tty layer
"cleaner" as well as serial driver updates and even a new test added!
Included in here are:
- More tty/serial cleanups from Jiri
- tty tiocsti test added to hopefully ensure we don't regress in this
area again
- sc16is7xx driver updates
- imx serial driver updates
- 8250 driver updates
- new hardware device ids added
- other minor serial/tty driver cleanups and tweaks
All of these have been in linux-next for a while with no reported
issues"
* tag 'tty-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (60 commits)
serial: sh-sci: Fix deadlock during RSCI FIFO overrun error
dt-bindings: serial: rsci: Drop "uart-has-rtscts: false"
LoongArch: dts: Add uart new compatible string
serial: 8250: Add Loongson uart driver support
dt-bindings: serial: 8250: Add Loongson uart compatible
serial: 8250: add driver for KEBA UART
serial: Keep rs485 settings for devices without firmware node
serial: qcom-geni: Enable Serial on SA8255p Qualcomm platforms
serial: qcom-geni: Enable PM runtime for serial driver
serial: sprd: Return -EPROBE_DEFER when uart clock is not ready
tty: serial: samsung: Declare earlycon for Exynos850
serial: icom: Convert PCIBIOS_* return codes to errnos
serial: 8250-of: Fix style issues in 8250_of.c
serial: add support of CPCI cards
serial: mux: Fix kernel doc for mux_poll()
tty: replace use of system_unbound_wq with system_dfl_wq
serial: 8250_platform: simplify IRQF_SHARED handling
serial: 8250: make share_irqs local to 8250_platform
serial: 8250: move skip_txen_test to core
serial: drop SERIAL_8250_DEPRECATED_OPTIONS
...
…/git/gregkh/usb Pull USB/Thunderbolt updates from Greg KH: "Here is the big set of USB and Thunderbolt driver updates for 6.19-rc1. Nothing major here, just lots of tiny updates for most of the common USB drivers. Included in here are: - more xhci driver updates and fixes - Thunderbolt driver cleanups - usb serial driver updates - typec driver updates - USB tracepoint additions - dwc3 driver updates, including support for Apple hardware - lots of other smaller driver updates and cleanups All of these have been in linux-next for a while with no reported issues" * tag 'usb-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (161 commits) usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt USB: serial: option: move Telit 0x10c7 composition in the right place USB: serial: option: add Telit Cinterion FE910C04 new compositions usb: typec: ucsi: fix use-after-free caused by uec->work usb: typec: ucsi: fix probe failure in gaokun_ucsi_probe() usb: dwc3: core: Remove redundant comment in core init usb: phy: Initialize struct usb_phy list_head USB: serial: option: add Foxconn T99W760 usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. usb: typec: hd3ss3220: Enable VBUS based on ID pin state dt-bindings: usb: ti,hd3ss3220: Add support for VBUS based on ID state usb: typec: anx7411: add WQ_PERCPU to alloc_workqueue users USB: add WQ_PERCPU to alloc_workqueue users dt-bindings: usb: dwc3-xilinx: Describe the reset constraint for the versal platform drivers/usb/storage: use min() instead of min_t() usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE usb: ohci-da8xx: remove unused platform data usb: gadget: functionfs: use dma_buf_unmap_attachment_unlocked() helper usb: uas: reduce time under spinlock usb: dwc3: eic7700: Add EIC7700 USB driver ...
…rnel/git/gregkh/staging Pull staging driver updates from Greg KH: "Here is the big set of staging driver updates for 6.19-rc1. Only thing "major" in here is that two subsystems, gpib and vc04 have moved out of the staging tree into the "real" portion of the kernel, which is great to see. Other than that, the rest of the changes are just tiny coding style cleanups, nothing earth-shattering. All of these have been in linux-next for a while with no reported problems" * tag 'staging-6.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (53 commits) staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser staging: gpib: Clean-up commented-out code staging: rtl8723bs: remove custom FIELD_OFFSET macro staging: rtl8723bs: replace FIELD_OFFSET usage with offsetof in rtw_mlme_ext.c staging: rtl8723bs: remove dead commented code from odm.c staging: rtl8723bs: use standard offsetof in cfg80211 operations staging: rtl8723bs: remove unused registry and BSSID offset macros staging: rtl8723bs: core: delete commented-out code staging: rtl8723bs: core: fix block comment style issues staging: greybus: uart: check return values during probe staging: fbtft: core: fix potential memory leak in fbtft_probe_common() staging: gpib: Destage gpib staging: gpib: Fix SPDX license for gpib headers staging: gpib: Update TODO file staging: gpib: Change // comments in uapi header file platform/raspberrypi: Destage VCHIQ MMAL driver platform/raspberrypi: Destage VCHIQ interface staging: vc04_services: Cleanup VCHIQ TODO entries ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.