Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rmk/linux
Pull ARM fixes from Russell King:
- Avoid KASAN instrumentation of half-word IO
- Use a byte load for KASAN shadow stack
- Fix kexec and hibernation with PAN
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rmk/linux:
ARM: 9476/1: mm: fix kexec and hibernation with CONFIG_CPU_TTBR0_PAN
ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow
ARM: 9474/1: io: avoid KASAN instrumentation of raw halfword I/O
Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
Pull clk fixes from Stephen Boyd:
"Fixes for the Qualcomm and Google GS101 clk drivers:
- Skip parking clks on some Qualcomm platforms so that the recovery
console keeps working
- Fix Google GS101 resume by using the correct div register"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
clk: qcom: dispcc-sc8280xp: Don't park mdp_clk_src at registration time
clk: samsung: gs101: Fix missing USI7_USI DIV clock in peric0_clk_regs
clk: qcom: x1e80100-dispcc: Stop disp_cc_mdss_mdp_clk_src from getting parked
Merge tag 'core-urgent-2026-06-13' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull debugobjects fix from Ingo Molnar:
- Fix potential debugobjects deadlock on PREEMPT_RT kernels (Waiman
Long)
* tag 'core-urgent-2026-06-13' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
debugobjects: Don't call fill_pool() in early boot hardirq context
Merge tag 'i2c-for-7.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
"The biggest news here is that this is my last pull request as I2C
maintainer after 13.5 years. Starting with the 7.2 cycle, Andi Shyti
is taking over who helped me greatly maintaining the host drivers for
a while now. Thank you, Andi, and good luck with the subsystem. I'll
be around for help, of course.
Technically, there are two patches which might be a tad large for this
late cycle, but most of them is explaining comments, so I think they
are suitable.
- MAINTAINERS:
- hand over I2C maintainership to Andi
- minor updates
- rust: fix I2cAdapter refcount double increment
[26 lines not shown]
Merge tag 'pinctrl-v7.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
- Two fixes for the mcp23s08 driver.
- Revert an earlier fix to the AMD pin controller that was all wrong. A
proper fix is being developed.
* tag 'pinctrl-v7.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
Revert "pinctrl-amd: enable IRQ for WACF2200 touchscreen on Lenovo Yoga 7 14AGP11"
pinctrl: mcp23s08: Read spi-present-mask as u8 not u32
pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init
Merge tag 'drm-fixes-2026-06-13' of https://gitlab.freedesktop.org/drm/kernel
Pull drm fixes from Dave Airlie:
"Looks like it's settled down a bit more thankfully. Small changes
across the board, amdgpu/xe leading with some colorop changes in the
core/amd. Otherwise some misc driver fixes.
colorop:
- make lut interpolation mutable
- track colorop updates correctly
amdgpu:
- UserQ fix
- Userptr fix
- MCCS freesync fix
- track colorop changes correctly
amdkfd:
- Fix an event information leak
[49 lines not shown]
Merge tag 'pci-v7.1-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
Pull pci fix from Bjorn Helgaas:
- Add Frank Li as PCI endpoint reviewer (Frank Li)
* tag 'pci-v7.1-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci:
MAINTAINERS: Add Frank Li as PCI endpoint reviewer
MAINTAINERS: Add Frank Li as PCI endpoint reviewer
I have volunteered to review PCI endpoint-related changes. Add myself as a
reviewer to be notified when related patches are posted.
Signed-off-by: Frank Li <Frank.Li at nxp.com>
Signed-off-by: Bjorn Helgaas <bhelgaas at google.com>
Reviewed-by: Krzysztof Wilczyński <kwilczynski at kernel.org>
Link: https://patch.msgid.link/20260611210007.529205-1-Frank.Li@oss.nxp.com
Merge tag 'spi-fix-v7.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"A couple of driver specific fixes: a small targeted fix for hardware
error handling on DesignWare controllers and another for handling of
custom chip select management on Qualcomm GENI controllers"
* tag 'spi-fix-v7.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: dw: fix race between IRQ handler and error handler on SMP
spi: qcom-geni: Fix cs_change handling on the last transfer
Merge tag 'io_uring-7.1-20260611' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux
Pull io_uring fixes from Jens Axboe:
- Tweak for an off-by-one in the CQ ring accounting for the min wait
support.
- Don't truncate end buffer length for a bundle, as the transfer might
not happen. It's not required in the first place, as the completion
side handles this condition already.
* tag 'io_uring-7.1-20260611' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux:
io_uring/wait: fix min_timeout behavior
io_uring/kbuf: don't truncate end buffer for bundles
Merge tag 'usb-7.1-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Pull USB / Thunderbolt fixes from Greg KH:
"Here are some small bugfixes for USB serial and Thunderbolt drivers
for some reported and found issues. Included in here are:
- usb serial overflow bugs fixed
- new usb serial device id
- thunderbolt validation fixes for reported issues
All of these have been in linux-next this week with no reported
issues"
* tag 'usb-7.1-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
USB: serial: kl5kusb105: fix bulk-out buffer overflow
USB: serial: option: add usb-id for Dell Wireless DW5826e-m
USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr()
[6 lines not shown]
Merge tag 'staging-7.1-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging
Pull staging driver fixes from Greg KH:
"Here are two small bugfixes for a staging driver to fix a
much-reported issue.
The fixes are for the rtl8723bs driver and it's something that many
scanning tools keep tripping over in convoluted ways (and seems to be
able to be triggered by network traffic)
These fixes have been in linux-next for many weeks with no reported
issues, sorry for the delay in getting them to you"
* tag 'staging-7.1-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction
staging: rtl8723bs: fix buffer over-read in rtw_update_protection
Merge tag 'char-misc-7.1-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver fixes from Greg KH:
"Here are some small driver fixes for 7.1-final to resolve some
reported issues. Included in here are:
- slimbus qcom driver bugfixes
- nvmem driver bugfixes
- fastrpc driver bugfixes
- stratix10 firmware driver bugfixes
All of these have been in linux-next for over a week with no
reported issues"
* tag 'char-misc-7.1-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
misc: fastrpc: fix use-after-free race in fastrpc_map_create
[16 lines not shown]
Merge tag 'sound-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A few small fixes for the last spurt. All changes are small, mostly
consisting of driver-specific fixes, along with two UAF fixes for the
ALSA timer core.
Core:
- Two UAF fixes in ALSA timer core
ASoC:
- SDCA: Fix NULL pointer dereference
- amd / yc: Add DMI quirk for ASUS ExpertBook PM1403CDA
- SOF amd: Fix garbage/spurious warnings
- wm_adsp: Fix potential NULL dereference when removing firmware
controls
- loongson: Fix negative position calculation
- spi-rzv2h-rspi: Fix SPDR read access width on 16-bit RX path"
[10 lines not shown]
Merge tag 'soc-fixes-7.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc
Pull SoC fixes from Arnd Bergmann:
"Two more small fixes came in, both addressing corner cases in platform
specific code: the microchip mpfs system controller probe and the CPU
power management on 32-bit rockchips SoCs"
* tag 'soc-fixes-7.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
ARM: rockchip: keep reset control around
soc: microchip: mpfs-sys-controller: fix resource leak on probe error
Merge tag 'i2c-host-fixes-7.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/andi.shyti/linux into i2c/for-current
i2c-host-fixes for v7.1-rc8
- imx: keep clock and pinctrl states consistent in runtime PM
- imx-lpi2c: fix DMA resource leaks on PIO fallback
- qcom-cci: fix NULL pointer dereference on remove
- riic: fix reset refcount leak on resume_noirq error path
- stm32f7: account for analog filter in timing computation
- tegra: fix suspend/resume handling in NOIRQ phase
- tegra: update Tegra410 I2C timings to match hardware specs
- MAINTAINERS: hand over I2C maintainership to Andi
dt-bindings: i2c: mux-gpio: name correct maintainer
The YAML conversion added me as maintainer but I can't recall being
asked nor do I want to maintain it. Add Peter as maintainer for the
binding as he is maintainer of the driver.
Signed-off-by: Wolfram Sang <wsa+renesas at sang-engineering.com>
Acked-by: Peter Korsgaard <peter.korsgaard at barco.com>
Acked-by: Conor Dooley <conor.dooley at microchip.com>
MAINTAINERS: hand over I2C to Andi Shyti
After 13.5 years of maintaining I2C, it is finally time for me to move
to other areas. So, I hereby transfer I2C maintainership to Andi Shyti.
He has been taking care of the I2C host drivers for a while now and
kindly agreed to look after the whole subsystem. Thank you, Andi! I also
want to thank all contributors, reviewers, and fellow maintainers making
all these years a mostly smooth ride. Happy hacking, everyone!
Signed-off-by: Wolfram Sang <wsa+renesas at sang-engineering.com>
Signed-off-by: Andi Shyti <andi.shyti at kernel.org>
Link: https://lore.kernel.org/r/20260609091612.8228-4-wsa+renesas@sang-engineering.com
Merge tag 'drm-xe-fixes-2026-06-11' of https://gitlab.freedesktop.org/drm/xe/kernel into drm-fixes
UAPI Changes:
Cross-subsystem Changes:
Core Changes:
Driver Changes:
- fix oops in suspend/shutdown without display (Jani)
- RAS fixes (Raag)
- Use HW_ERR prefix in log (Raag)
- include all registered queues in TLB invalidation (Tangudu)
- Fix refcount leak in xe_range_tree in error paths (Wentao)
- fix job timeout recovery for unstarted jobs and kernel queues (Rodrigo)
Signed-off-by: Dave Airlie <airlied at redhat.com>
From: Matthew Brost <matthew.brost at intel.com>
Link: https://patch.msgid.link/aitt8ZkYmxIT9cdP@gsse-cloud1.jf.intel.com
Merge tag 'drm-intel-fixes-2026-06-11' of https://gitlab.freedesktop.org/drm/i915/kernel into drm-fixes
- Check supported link rates DPCD read [edp] (Nikita Zhandarovich)
- Fix phys BO pread/pwrite with offset [gem] (Joonas Lahtinen)
Signed-off-by: Dave Airlie <airlied at redhat.com>
From: Tvrtko Ursulin <tursulin at igalia.com>
Link: https://patch.msgid.link/aipkcUDnTlzre-8F@linux
Merge tag 'dma-mapping-7.1-2026-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/mszyprowski/linux
Pull dma-mapping fix from Marek Szyprowski:
"Three more fixes for the DMA-mapping code, related to PCI P2PDMA, DMA
debug and DMA link ranges API (Li RongQing and Jason Gunthorpe)"
* tag 'dma-mapping-7.1-2026-06-11' of git://git.kernel.org/pub/scm/linux/kernel/git/mszyprowski/linux:
iommu/dma: Do not try to iommu_map a 0 length region in swiotlb
dma-debug: fix physical address retrieval in debug_dma_sync_sg_for_device
dma-mapping: direct: fix missing mapping for THRU_HOST_BRIDGE segments
Merge tag 's390-7.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fix from Alexander Gordeev:
- s390 selects GENERIC_LOCKBREAK when PREEMPT is enabled to tackle an
old compile error that no longer exists. Since recently PREEMPT is
always enabled, this LOCKBREAK config causes massive performance
regressions.
Remove GENERIC_LOCKBREAK from s390 Kconfig to fix the degradation.
* tag 's390-7.1-5' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390: Remove GENERIC_LOCKBREAK Kconfig option
Merge tag 'net-7.1-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Paolo Abeni:
"Including fixes from IPsec and netfilter.
This is relatively small, mostly because we are a bit behind our PW
queue. I'm not aware of any pending regression.
Current release - regressions:
- netfilter: nf_tables_offload: drop device refcount on error
Previous releases - regressions:
- core: add pskb_may_pull() to skb_gro_receive_list()
- xfrm: iptfs: preserve shared-frag marker in iptfs_consume_frags()
- ipv6: fix a potential NPD in cleanup_prefix_route()
[49 lines not shown]
Merge tag 'pmdomain-v7.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm
Pull pmdomain fixes from Ulf Hansson:
- imx: Fix OF node refcount
- ti: Fix wakeup configuration for parent devices of wakeup sources
* tag 'pmdomain-v7.1-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm:
pmdomain: imx: fix OF node refcount
pmdomain: ti_sci: add wakeup constraint to parent devices of wakeup source
accel/amdxdna: Fix mm_struct reference leak in aie2_populate_range()
aie2_populate_range() jumps back to the again label without calling
mmput(mm), leaking a reference to the mm_struct.
Add the missing mmput() before jumping to again.
Fixes: e486147c912f ("accel/amdxdna: Add BO import and export")
Reviewed-by: Mario Limonciello (AMD) <superm1 at kernel.org>
Signed-off-by: Lizhi Hou <lizhi.hou at amd.com>
Link: https://patch.msgid.link/20260610151127.2994185-1-lizhi.hou@amd.com
Merge tag 'gpio-fixes-for-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
Pull gpio fixes from Bartosz Golaszewski:
- fix NULL pointer dereference in gpio-mvebu
- fix runtime PM leak in remove path in gpio-zynq
- reject invalid module params in gpio-mockup
- fix generic IRQ chip leak in remove parh in gpio-rockchip
- fix resource leaks in GPIO chip cleanup path on hog failure
- fix a regression in how GPIO hogging code handles multiple GPIO chips
reusing the same OF node
* tag 'gpio-fixes-for-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
gpiolib: handle gpio-hogs only once
[5 lines not shown]
ASoC: SDCA: fix NULL pointer dereference in sdca_dev_unregister_functions
sdca_dev_unregister_functions() iterates over all SDCA function
descriptors and calls sdca_dev_unregister() on each func_dev without
checking for NULL. When a function registration has failed partway
through, or the device cleanup races with probe deferral, func_dev
entries may be NULL, leading to a kernel oops:
BUG: kernel NULL pointer dereference, address: 0000000000000040
RIP: 0010:device_del+0x1e/0x3e0
Call Trace:
sdca_dev_unregister_functions+0x37/0x60 [snd_soc_sdca]
release_nodes+0x35/0xb0
devres_release_all+0x90/0x100
device_unbind_cleanup+0xe/0x80
device_release_driver_internal+0x1c1/0x200
bus_remove_device+0xc6/0x130
device_del+0x161/0x3e0
device_unregister+0x17/0x60
[28 lines not shown]
ARM: 9476/1: mm: fix kexec and hibernation with CONFIG_CPU_TTBR0_PAN
Commit 7af5b901e847 ("ARM: 9358/2: Implement PAN for LPAE by TTBR0
page table walks disablement") implemented PAN for LPAE kernels by
setting TTBCR.EPD0 on every kernel entry, disabling TTBR0 page-table
walks while running in kernel mode. The commit correctly updated
cpu_suspend() in arch/arm/kernel/suspend.c, but missed two other code
paths that switch the CPU to the identity mapping before jumping to
low-PA (TTBR0-range) physical addresses:
1. setup_mm_for_reboot() in arch/arm/mm/idmap.c, used by the kexec
reboot path. With TTBCR.EPD0 still set, the subsequent branch to
the identity-mapped cpu_v7_reset causes a PrefetchAbort because the
TTBR0 page-table walk needed to resolve the identity-mapped address
is disabled. This manifests as a hard hang or "bad PC value" panic
on LPAE kernels booted on CPUs that strictly enforce EPD0 for
instruction fetch (e.g. Cortex-A53 in AArch32 mode) while the same
image may accidentally work on Cortex-A15 due to microarchitectural
differences in EPD0 enforcement.
[18 lines not shown]
