Merge tag 'spi-fix-v7.2-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"A fairly unremarkable collection of fixes that came in over the
merge window, plus a new device ID for the DesignWare controller
in the StarFive JHB100 SoC.
There's a couple of core fixes included, one avoiding freeing an
empty resource in error handling cases and another which fixes a
NULL dereference which could be triggered by using an abnormal
device registration flow like driver_override"
* tag 'spi-fix-v7.2-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: imx: reconfigure for PIO when DMA cannot be started
spi: dw: Add support for snps,dwc-ssi-2.00a
spi: dt-bindings: snps,dw-apb-ssi: Add starfive,jhb100-spi
spi: rpc-if: Use correct device for hardware reinitialization on resume
spi: acpi: Free resource list at appropriate time
spi: dw: fix wrong BAUDR setting after resume
[2 lines not shown]
Merge tag 'regulator-fix-v7.2-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"A couple of unremarkable driver specific fixes that came in during the
merge window"
* tag 'regulator-fix-v7.2-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: da9121: Use subvariant ids in the I2C table
regulator: pca9450: Correct default t_off_deb for PCA9451A/PCA9452
Merge tag 'regmap-fix-v7.2-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap
Pull regmap fix from Mark Brown:
"Ensure that we don't overwrite the error code when cleaning up a
failed cache initialisation, helping people debug issues if they
do arise"
* tag 'regmap-fix-v7.2-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
regcache: Do not overwrite error code when finalizing cache after error
Merge tag 'devicetree-fixes-for-7.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux
Pull devicetree fixes from Rob Herring:
- Drop unnecessary type reference from khadas,mcu "fan-supply"
- Fix clocks in Renesas R-Mobile APE6 example
- Add missing Unisoc SC2730 PMIC regulators schema
- Fix Amlogic thermal example
- kernel-doc fix for of_map_id()
- Handle negative index in of_fwnode_get_reference_args()
* tag 'devicetree-fixes-for-7.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
dt-bindings: mfd: khadas,mcu: Drop type reference from "fan-supply"
dt-bindings: clock: renesas: div6: Use ZT/ZTR trace clock in R-Mobile APE6 example
[5 lines not shown]
Merge tag 'loongarch-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
Pull LoongArch updates from Huacai Chen:
- Add THREAD_INFO_IN_TASK implementation
- Add build salt to the vDSO
- Add some BPF JIT inline helpers
- Update DTS for I2C clocks and clock-frequency
- Some bug fixes and other small changes
* tag 'loongarch-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson:
selftests/bpf: Test jited inline of bpf_get_smp_processor_id() for LoongArch
selftests/bpf: Test jited inline of bpf_get_current_task() for LoongArch
selftests/bpf: Add __arch_loongarch to limit test cases for LoongArch
selftests/bpf: Add get_preempt_count() support for LoongArch
[14 lines not shown]
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"Small crop of arm64 fixes for -rc1. We've got a build fix for a new
randconfig permutation, a fix for a long-standing truncation issue
with hardware watchpoints and a KVM initialisation fix for the newly
merged remapping of the kernel data and bss sections:
- Fix randconfig build failure due to missing include of asm/insn.h
- Reject unaligned hardware watchpoints which were silently being
truncated
- Fix crash in KVM initialisation by deferring the read-only
remapping of the kernel data and bss sections"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: mm: Defer read-only remap of data/bss linear alias
arm64/hw_breakpoint: reject unaligned watchpoints that would truncate BAS
arm64: static_call: include asm/insns.h
Merge tag 'ecryptfs-7.2-rc1-updates' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs
Pull ecryptfs updates from Tyler Hicks:
"No functional changes, just code cleanups:
- replace kmalloc()/snprintf() with kasprintf()
- simplify code flow by removing an unnecessary variable"
* tag 'ecryptfs-7.2-rc1-updates' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
ecryptfs: use kasprintf in ecryptfs_crypto_api_algify_cipher_name
ecryptfs: remove redundant variable found_auth_tok
Merge tag 'v7.2-rc-part2-smb3-server-fixes' of git://git.samba.org/ksmbd
Pull smb server updates from Steve French:
"This is mostly a correctness and compatibility update for ksmbd's
SMB2/3 lease, oplock, durable handle, compound request, CREATE,
rename, stream and share-mode handling.
A large part of the series fixes cases found by smbtorture where ksmbd
diverged from the SMB2/3 protocol requirements.
The main changes are:
- Rework SMB2 lease state handling so lease state is shared per
ClientGuid/LeaseKey across opens, with better validation of lease
create contexts, ACK handling, epochs, break-in-progress reporting,
v2 lease notification routing, and chained lease breaks
- Fix several oplock break corner cases, including ACK validation,
timeout downgrade behavior, level-II break handling on unlink,
[56 lines not shown]
Merge tag 'v7.2-rc-part2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull smb client fixes from Steve French:
- fix potential double frees
- fix potential memory leak in receiving compound response
- querydir improvement
- fix chown with smb311 posix extensions
- ACL setting fixes
- minor debug improvement and cleanup
- add some missing protocol defines
- sparse file fixes
* tag 'v7.2-rc-part2-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
cifs: define variable sized buffer for querydir responses
smb/client: do not account EOF extension as allocation
smb/client: preserve errors from smb2_set_sparse()
smb: client: Fix next buffer leak in receive_encrypted_standard()
smb/client: use %pe to print error pointer
smb/client: name the default fallocate mode
[11 lines not shown]
Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
Pull bpf fixes from Alexei Starovoitov:
- Fix effective prog array index with BPF_F_PREORDER (Amery Hung)
- Zero-initialize the fib lookup flow struct (Avinash Duduskar)
- Disable xfrm_decode_session hook attachment (Bradley Morgan)
- Allow type tag BTF records to succeed other modifier records (Emil
Tsalapatis)
- Fix build_id caching in stack_map_get_build_id_offset() (Ihor
Solodrai)
- Add missing access_ok call to copy_user_syms (Jiri Olsa)
- Fix stack slot index in nospec checks (Nuoqi Gui)
[33 lines not shown]
Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
Pull clk updates from Stephen Boyd:
"This is all clk driver updates. Mostly new SoC support for various
Qualcomm chips and Canaan K230. Otherwise there's non-critical fixes
and updates to clk data such as adding missing clks to existing
drivers or marking clks critical. Nothing looks especially exciting"
* tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (106 commits)
clk: qcom: regmap-phy-mux: Rework the implementation
clk: qcom: a53: Corrected frequency multiplier for 1152MHz
clk: qcom: camcc-milos: Declare icc path dependency for CAMSS_TOP_GDSC
clk: qcom: gdsc: Support enabling interconnect path for power domain
dt-bindings: clock: qcom,milos-camcc: Document interconnect path
interconnect: Add devm_of_icc_get_by_index() as exported API for users
clk: qcom: camcc-x1p42100: Add support for camera clock controller
clk: qcom: camcc-x1e80100: Add support for camera QDSS debug clocks
clk: qcom: videocc-x1p42100: Add support for video clock controller
dt-bindings: clock: qcom: Add X1P42100 camera clock controller
[11 lines not shown]
Merge tag 'spmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sboyd/spmi
Pull SPMI updates from Stephen Boyd:
"Support for Qualcomm PMIC arbiter v8.5 and Hawi along with a
kernel doc cleanup and a kzalloc flex usage"
* tag 'spmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sboyd/spmi:
spmi: use kzalloc_flex in main allocation
spmi: clean up kernel-doc in spmi.h
spmi: spmi-pmic-arb: add support for PMIC arbiter v8.5
dt-bindings: spmi: glymur-spmi-pmic-arb: Add compatible for Qualcomm Hawi SoC
Merge tag 'trace-tools-7.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
Pull rtla fixes from Steven Rostedt:
- Fix and cleanup .gitignore
- Fix pgrep filter in get_workload_pids.sh
Fix parsing of kernel thread names in get_workload_pids() helper
function. On some systems pgrep matches kernel thread names including
the brackets (e.g. "[osnoise/0]") and other systems brackets are not
included. Fix the tests to handle both.
* tag 'trace-tools-7.2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
rtla/tests: Fix pgrep filter in get_workload_pids.sh
rtla: Fix and clean up .gitignore
Merge tag 'net-7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Jakub Kicinski:
"Including fixes from netfilter and IPsec.
Current release - regressions:
- do not acquire dev->tx_global_lock in netdev_watchdog_up()
- ethtool: keep rtnl_lock for ops using ethtool_op_get_link()
- fix deadlock in nested UP notifier events
Current release - new code bugs:
- eth:
- cn20k: fix subbank free list indexing for search order
- airoha: fix BQL underflow in shared QDMA TX ring
[44 lines not shown]
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull kvm fixes from Paolo Bonzini:
"s390:
- Fix S390_USER_OPEREXEC so it can now be enabled regardless of other
unrelated capabilities
- Fix handling of the _PAGE_UNUSED pte bit that could lead to guest
memory corruption in some scenarios
- A bunch of misc gmap fixes (locking, behaviour under memory
pressure)
- Fix CMMA dirty tracking
x86:
- Tidy up some WARN_ON() and BUG_ON(), replacing them with
[33 lines not shown]
Merge branch 'net-avoid-nested-up-notifier-events'
Jakub Kicinski says:
====================
net: avoid nested UP notifier events
syzbot reported that recent ethtool rework leads to deadlock
on stacked devices. VLANs create nested notifications, confusing
execution context. Bringing up dummy causes vlan to bring itself
up as well. Which in turn causes bond to ask for link state -
a call chain traveling in the opposite direction.
bond (3) bond_update_speed_duplex(vlan)
| ^ v
vlan (2) UP(vlan) (4) vlan_ethtool_get_link_ksettings()
| ^ v
dummy (1) UP(dummy) (5) __ethtool_get_link_ksettings()
[16 lines not shown]
selftests: bonding: add a test for VLAN propagation over a bonded real device
Add a regression test for the VLAN notifier handling that the netdev_work
deferral fixed.
A VLAN's real device propagates its UP/DOWN, MTU and feature changes onto
the VLANs stacked on top of it. This used to be done synchronously from the
real device's notifier and deadlocked when the real device was brought up
while enslaved to a bond (instance lock held across NETDEV_UP) and the VLAN
on top was itself a bond member: the synchronous propagation re-entered the
stack and took the same instance lock again.
The test covers both halves:
- that the deferred UP/DOWN, MTU and feature propagation actually lands on
the VLAN (link state and MTU use an ops-locked dummy, i.e. the deferral
path; features use veth, which exports vlan_features to inherit), and
- that the deadlock-prone topology - a VLAN on a dummy, with the VLAN and
the dummy each enslaved to a different bond - can be built without
hanging.
[5 lines not shown]
net: turn the rx_mode work into a generic netdev_work facility
The rx_mode update runs from a workqueue: drivers have their
ndo_set_rx_mode_async() callback executed by a single global
work item under RTNL and ops lock. This is a useful pattern.
Support multiple "events" that need to be serviced and make RX_MODE
sync the first one. Call the events "core" because later on
we will let drivers define and schedule their own.
Reviewed-by: Kuniyuki Iwashima <kuniyu at google.com>
Acked-by: Stanislav Fomichev <sdf at fomichev.me>
Link: https://patch.msgid.link/20260624182018.2445732-2-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba at kernel.org>
net: add the driver-facing netdev_work scheduling API
With an extra event mask we can easily extend the netdev work
to also service driver-defined events. For advanced drivers
this is probably not a perfect match, but it makes running
deferred work easier in simple cases.
Expose the netdev_work facility to drivers. Add helpers
to schedule work and a dedicated ndo to perform the driver-
-scheduled actions.
Reviewed-by: Kuniyuki Iwashima <kuniyu at google.com>
Acked-by: Stanislav Fomichev <sdf at fomichev.me>
Link: https://patch.msgid.link/20260624182018.2445732-3-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba at kernel.org>
vlan: defer real device state propagation to netdev_work
vlan_device_event() generates nested UP/DOWN, MTU and feature
change events. It executes an event for the VLAN device directly
from the notifier - while the locks of the lower device are held.
This causes deadlocks, for example:
bond (3) bond_update_speed_duplex(vlan)
| ^ v
vlan (2) UP(vlan) (4) vlan_ethtool_get_link_ksettings()
| ^ v
dummy (1) UP(dummy) (5) __ethtool_get_link_ksettings()
The dummy device is ops locked, vlan creates a nested event (2),
then bond wants to ask vlan for link state (3). bond uses the
"I'm already holding the instance lock" flavor of API. But in
this case the lock held refers to vlan itself. We hit vlan's
link settings trampoline (4) and call __ethtool_get_link_ksettings()
[37 lines not shown]
net: ethtool: keep rtnl_lock for ops using ethtool_op_get_link()
Breno reports following splats on mlx5:
RTNL: assertion failed at net/core/dev.c (2241)
WARNING: net/core/dev.c:2241 at netif_state_change+0xed/0x130, CPU#5: ethtool/1335
RIP: 0010:netif_state_change+0xf9/0x130
Call Trace:
<TASK>
__linkwatch_sync_dev+0xea/0x120
ethtool_op_get_link+0xe/0x20
__ethtool_get_link+0x26/0x40
linkstate_prepare_data+0x51/0x200
ethnl_default_doit+0x213/0x470
genl_family_rcv_msg_doit+0xdd/0x110
Looks like I missed ethtool_op_get_link() trying to sync linkwatch,
which needs rtnl_lock. Not all drivers do this - bnxt doesn't,
it just returns the link state, so add an opt-in bit.
[8 lines not shown]
Merge branch 'rxrpc-miscellaneous-fixes'
David Howells says:
====================
rxrpc: Miscellaneous fixes
Here are some miscellaneous AF_RXRPC fixes for more stuff found by Sashiko[1][2]:
(1) Fix ACKALL handling by adding two more call states to simplify when
ACKs are valid.
(2) Fix connection leak from AF_RXRPC recvmsg userspace OOB handling.
(3) Fix double unlock in AF_RXRPC recvmsg userspace OOB handling.
(4) Fix AFS preallocate charge to flush the waitqueue after unlistening
the socket so that any charging thread that does manage to get started
will be waited for before socket destruction.
[22 lines not shown]
rxrpc: Fix rxrpc_rotate_tx_rotate() to check there's something to rotate
Fix rxrpc_rotate_tx_rotate() to check that there's something in the
transmission buffer to be rotated before it attempts to rotate anything.
Fixes: b341a0263b1b ("rxrpc: Implement progressive transmission queue struct")
Link: https://sashiko.dev/#/patchset/20260618134802.2477777-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells at redhat.com>
cc: Marc Dionne <marc.dionne at auristor.com>
cc: Jeffrey Altman <jaltman at auristor.com>
cc: Simon Horman <horms at kernel.org>
cc: linux-afs at lists.infradead.org
cc: stable at kernel.org
Link: https://patch.msgid.link/20260624163819.3017002-12-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba at kernel.org>
rxrpc: Fix leak of released call in recvmsg(MSG_PEEK)
Fix rxrpc_recvmsg() to also drop the ref it holds on an already-released
call if MSG_PEEK is in force (the function holds a ref on the call
irrespective of whether MSG_PEEK is specified or not).
Fixes: 962fb1f651c2 ("rxrpc: Fix recv-recv race of completed call")
Link: https://sashiko.dev/#/patchset/20260616155749.2125907-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells at redhat.com>
cc: Marc Dionne <marc.dionne at auristor.com>
cc: Jeffrey Altman <jaltman at auristor.com>
cc: Simon Horman <horms at kernel.org>
cc: linux-afs at lists.infradead.org
cc: stable at kernel.org
Link: https://patch.msgid.link/20260624163819.3017002-11-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba at kernel.org>
rxrpc: Fix socket notification race
There's a race between rxrpc_recvmsg() and rxrpc_notify_socket(), whereby
the latter's attempt to avoid disabling interrupts and taking the socket's
recvmsg_lock if the call is already queued may happen simultaneously with
the former's discarding of a call that has nothing queued.
Fix this by removing the shortcut. Note that this only affects userspace's
use of AF_RXRPC; the AFS filesystem driver doesn't use the socket queue.
Fixes: 248f219cb8bc ("rxrpc: Rewrite the data and ack handling code")
Link: https://sashiko.dev/#/patchset/20260616155749.2125907-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells at redhat.com>
cc: Marc Dionne <marc.dionne at auristor.com>
cc: Jeffrey Altman <jaltman at auristor.com>
cc: Simon Horman <horms at kernel.org>
cc: linux-afs at lists.infradead.org
cc: stable at kernel.org
Link: https://patch.msgid.link/20260624163819.3017002-10-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba at kernel.org>
rxrpc: Fix the reception of a reply packet before data transmission
Fix rxrpc_receiving_reply() to handle the reception of an apparent reply
DATA packet before rxrpc has had a chance to send any request DATA packets
on a client call by checking to see if the call has been exposed yet by
sending the first packet.
Without this, rxrpc_rotate_tx_window() might oops.
Also fix rxrpc_rotate_tx_window() to handle the Tx queue being empty by
changing the do...while loop into a while loop, just in case a call is
abnormally terminated by an early reply before the last request packet is
transmitted.
Fixes: b341a0263b1b ("rxrpc: Implement progressive transmission queue struct")
Link: https://sashiko.dev/#/patchset/20260616155749.2125907-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells at redhat.com>
cc: Marc Dionne <marc.dionne at auristor.com>
cc: Jeffrey Altman <jaltman at auristor.com>
[5 lines not shown]
afs: Fix further netns teardown to cancel the preallocation charger
When an afs network namespace is torn down, it cancels and waits for the
work item that keeps the preallocated rxrpc call/conn/peer queue charged
before disabling incoming (i.e. listen 0), but there's a small window in
which it can be requeued by an incoming call wending through the I/O
thread.
Fix this by cancelling the charger work item again after reducing the
listen backlog to zero.
Fixes: 47694fbc9d24 ("afs: Fix netns teardown to cancel the preallocation charger")
Reported-by: Jakub Kicinski <kuba at kernel.org>
Signed-off-by: David Howells <dhowells at redhat.com>
Link: https://sashiko.dev/#/patchset/20260609140911.838677-1-dhowells%40redhat.com
cc: Li Daming <d4n.for.sec at gmail.com>
cc: Ren Wei <n05ec at lzu.edu.cn>
cc: Marc Dionne <marc.dionne at auristor.com>
cc: Jeffrey Altman <jaltman at auristor.com>
[5 lines not shown]
rxrpc: Fix potential infinite loop in rxrpc_recvmsg()
Fix the wait in rxrpc_recvmsg() also take check the oob queue.
Fixes: 5800b1cf3fd8 ("rxrpc: Allow CHALLENGEs to the passed to the app for a RESPONSE")
Link: https://sashiko.dev/#/patchset/20260616155749.2125907-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells at redhat.com>
cc: Marc Dionne <marc.dionne at auristor.com>
cc: Jeffrey Altman <jaltman at auristor.com>
cc: Simon Horman <horms at kernel.org>
cc: linux-afs at lists.infradead.org
cc: stable at kernel.org
Link: https://patch.msgid.link/20260624163819.3017002-9-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba at kernel.org>
afs: Fix uncancelled rxrpc OOB message handler
Fix AFS to cancel its OOB message processing (typically to respond to
security challenges). Also move OOB message processing to afs_wq so that
it's also waited for and make the OOB handler just return if the net
namespace is no longer live.
Fixes: 5800b1cf3fd8 ("rxrpc: Allow CHALLENGEs to the passed to the app for a RESPONSE")
Link: https://sashiko.dev/#/patchset/20260609140911.838677-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells at redhat.com>
cc: Li Daming <d4n.for.sec at gmail.com>
cc: Ren Wei <n05ec at lzu.edu.cn>
cc: Marc Dionne <marc.dionne at auristor.com>
cc: Jeffrey Altman <jaltman at auristor.com>
cc: Simon Horman <horms at kernel.org>
cc: linux-afs at lists.infradead.org
cc: stable at kernel.org
Link: https://patch.msgid.link/20260624163819.3017002-6-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba at kernel.org>
rxrpc: Fix oob challenge leak in cleanup after notification failure
Fix rxrpc_notify_socket_oob() to return an indication of failure in the
event that it failed to queue a packet and fix rxrpc_post_challenge() to
clean up the connection ref in such an event.
Fixes: 5800b1cf3fd8 ("rxrpc: Allow CHALLENGEs to the passed to the app for a RESPONSE")
Link: https://sashiko.dev/#/patchset/20260616155749.2125907-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells at redhat.com>
cc: Marc Dionne <marc.dionne at auristor.com>
cc: Jeffrey Altman <jaltman at auristor.com>
cc: Simon Horman <horms at kernel.org>
cc: linux-afs at lists.infradead.org
cc: stable at kernel.org
Link: https://patch.msgid.link/20260624163819.3017002-8-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba at kernel.org>