Merge tag 'x86-urgent-2026-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fix from Ingo Molnar:
- Prevent OOB access in the resctrl code while offlining
CPUs when Intel SNC (Sub-NUMA Clustering) is enabled
(Reinette Chatre)
* tag 'x86-urgent-2026-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86,fs/resctrl: Prevent out-of-bounds access while offlining CPU when SNC enabled
Merge tag 'perf-urgent-2026-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf events fixes from Ingo Molnar:
- Fix a perf_event_attr::remove_on_exec bug for group events
(Taeyang Lee)
- Fix uprobes CALL emulation interaction with shadow stacks, and
add a testcase for this (David Windsor)
- Fix uprobes unregister bug (Jiri Olsa)
* tag 'perf-urgent-2026-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
uprobes/x86: Use proper mm_struct in __in_uprobe_trampoline
selftests/x86: Add shadow stack uprobe CALL test
x86/uprobes: Keep shadow stack in sync for emulated CALLs
perf/core: Detach event groups during remove_on_exec
Merge tag 'locking-urgent-2026-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull futex fix from Ingo Molnar:
- Fix a futex-requeue deadlock detection regression (Thomas Gleixner)
* tag 'locking-urgent-2026-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
futex/requeue: Revert "Prevent NULL pointer dereference in remove_waiter() on self-deadlock""
Merge tag 'irq-urgent-2026-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull irq fixes from Ingo Molnar:
"Misc irqchip driver fixes:
- Fix a resource leak in the RISC-V imsic-early driver (Haoxiang Li)
- Fix an OF node reference leak in the ARM gic-v3-its driver (Yuho
Choi)
- Fix a dangling handler function on module removal bug in the
TS-4800 ARM board irqchip driver (Qingshuang Fu)"
* tag 'irq-urgent-2026-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
irqchip/ts4800: Fix missing chained handler cleanup on remove
irqchip/gic-v3-its: Fix OF node reference leak
irqchip/irq-riscv-imsic-early: Fix fwnode leak on state setup failure
Merge tag 'sound-7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A standard set of driver-specific fixes and quirks accumulated since
the merge window:
ASoC:
- SOF: Sanity check to prevent OOB reads
- rsnd: Fix clock leak and double-disable issues with PM
- tas675x: Misc fixes for register fields, etc
- lpass-va-macro: Correct codec version for Qualcomm SC7280
- amd-yc: DMIC quirk for Alienware m15 R7 AMD
Others:
- us144mkii: Fix a UAF on disconnect and anchor list corruption
- HD-audio: Realtek quirks for HP models"
* tag 'sound-7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ASoC: rsnd: src: Add missing scu_supply clock to suspend/resume
[11 lines not shown]
Merge tag 'spi-fix-v7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"A small set of fixes that came in since -rc1, we have one core fix for
shutting down target mode properly if the system suspends while it's
running plus a small set of fairly unremarkable device specific fixes.
There's also a couple of pure DT binding changes for Renesas SoCs, the
power domains one allows some SoCs to be correctly described with
existing code"
* tag 'spi-fix-v7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: rzv2h-rspi: Fix DMA transfer error handling for signal interruption
spi: dt-bindings: snps,dw-apb-ssi: add 'power-domains' property
spi: dt-bindings: snps,dw-apb-ssi: drop superfluous RZ/N1 entry
spi: dw: use the correct error msg if request_irq() fails
spi: dw: fix first spi transfer with dma always fallback to PIO
spi: core: Abort active target transfer on controller suspend
spi: sh-msiof: abort transfers when reset times out
Merge tag 's390-7.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fixes from Vasily Gorbik:
- Fix PKEY_VERIFYPROTK ioctl key type handling by removing the generic
key-length based type check with its wrong bit-size calculation, and
leaving protected key verification to the pkey handler
- Fix monwriter buffer reuse by rejecting records that change the data
length, preventing out of bounds user copy into the kernel buffer
* tag 's390-7.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/monwriter: Reject buffer reuse with different data length
pkey: Move keytype check from pkey api to handler
Merge tag 'mips-fixes_7.2_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
Pull MIPS fixes from Thomas Bogendoerfer.
* tag 'mips-fixes_7.2_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
MIPS: configs: Enable the current Ingenic USB PHY symbol
MIPS: loongson64: add IRQ work based on self-IPI
MIPS: mm: Add check for highmem before removing memory block
mips: Add build salt to the vDSO
MIPS: DEC: Ensure RTC platform device deregistration upon failure
Merge tag 'v7.2-rc1-smb3-server-fixes' of git://git.samba.org/ksmbd
Pull smb server fixes from Steve French:
- Fix several use-after-free races in durable handle reconnect,
supersede, and oplock handling
- Avoid holding the inode oplock lock while waiting for a lease break
acknowledgement. This removes delays of up to 35 seconds when cifs.ko
closes a deferred handle in response to a lease break
- Fix malformed security descriptor handling, including an undersized
DACL allocation issue and an out-of-bounds ACE SID read
- Fix memory leaks in security descriptor and DOS attribute xattr
encoding/decoding error paths
- Fix outstanding SMB2 credit leaks on aborted requests and correct the
QUERY_INFO credit charge calculation
[31 lines not shown]
Merge tag 'drm-fixes-2026-07-04' of https://gitlab.freedesktop.org/drm/kernel
Pull drm fixes from Dave Airlie:
"Weekly fixes for drm. This is large for rc2 but it's just a lot of
small fixes across a bunch of drivers, xe, amdgpu as usual, plus some
sashiko-inspired fixes for panthor, and some dma-fence updates.
core:
- kernel doc fix
- include types.h in drm_ras.h
dma-fence:
- fix NULL ptr dereference
- use correct callback
- make dma_fence_dedup_array more robust
dp:
- handle torn down topology gracefully
- fix kernel doc
[101 lines not shown]
Merge tag 'acpi-7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI support fixes from Rafael Wysocki:
"These fix a coding mistake in the ACPI TAD (Time and Alarm
Device) driver introduced by one of its previous updates and
get rid of the ugly #ifdef __KERNEL__ conditional compilation
in acpi_ut_safe_strncpy() by redefining that function as an
alias for strscpy_pad():
- Add a missing ACPI_TAD_AC_WAKE capability check omitted by mistake
to the ACPI TAD driver (Xu Rao)
- Define acpi_ut_safe_strncpy() as an alias for strscpy_pad()
which is viable because that function is only called from kernel
code (Rafael Wysocki)"
* tag 'acpi-7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPICA: Define acpi_ut_safe_strncpy() as strscpy_pad() alias
ACPI: TAD: Check AC wake capability before enabling wakeup
Merge tag 'riscv-for-linus-7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux
Pull RISC-V fixes from Paul Walmsley:
- Fix a crash when a kretprobe reads from the stack
- Fix an issue with the build-time mcount sorter that broke ftrace
- Fix the rv32 IRQ stack frame padding to match the ABI
- Only defer IOMMU configuration during initialization. This avoids an
issue where IOMMU configuration could be indefinitely deferred
- Add the missing build salt to the vDSO
- Now that RISC-V systems with higher numbers of cores are starting to
become available, raise NR_CPUS for RISC-V to 256
- Clean up some warnings from sparse caused by the RISC-V-optimized
[14 lines not shown]
Merge tag 'v7.2-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6
Pull smb client fixes from Steve French:
- Credit fix
- Fix alignment issue in parse_posix_ctxt
- SID parsing fix
* tag 'v7.2-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
cifs: Fix missing credit release on failure in cifs_issue_read()
cifs: update internal module version number
smb: client: use unaligned reads in parse_posix_ctxt()
smb: client: harden POSIX SID length parsing
Merge branch 'acpi-tad'
Merge an ACPI TAD (Time and Alarm Device) driver fix for 7.2-rc2.
* acpi-tad:
ACPI: TAD: Check AC wake capability before enabling wakeup
Merge tag 'vfs-7.2-rc2.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
Pull vfs fixes from Christian Brauner:
- netfs:
- fix the decision when to disallow write-streaming with fscache in
use, handling of asynchronous cache object creation, a double fput
in cachefiles, clearing S_KERNEL_FILE without the inode lock held,
page extraction bugs in the iov_iter helpers (a potential
underflow, a missing allocation failure check, a memory leak, and
a folio offset miscalculation), writeback error and ENOMEM
handling, DIO write retry for filesystems without a
->prepare_write() method, and the replacement of the wb_lock mutex
with a bit lock plus writethrough collection offload so that
multiple asynchronous writebacks don't interfere with each other.
- Fix the barriering when walking the netfs subrequest list during
retries as it was possible to see a subrequest that was just added
[132 lines not shown]
Merge tag 'xfs-fixes-7.2-rc2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Pull xfs fixes from Carlos Maiolino:
"A collection of bugfixes and some small code refactoring"
* tag 'xfs-fixes-7.2-rc2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: simplify __xfs_buf_ioend
xfs: fix handling of synchronous errors in xfs_buf_submit
xfs: remove xfs_buf_ioend
xfs: improve the xfs_buf_ioend_fail calling convention
xfs: use null daddr for unset first bad log block
xfs: fix memory leak in xfs_dqinode_metadir_create()
xfs: release dquot buffer after dqflush failure
xfs: also mark the buffer stale on verifier failure in xfs_buf_submit
xfs: open code xfs_buf_ioend_fail in xfs_buf_submit
xfs: fix AGFL extent count calculation in xrep_agfl_fill
xfs: simplify the failure path in xfs_buf_alloc_vmalloc
xfs: fix incorrect use of gfp flags in xfs_buf_alloc_backing_mem
xfs: lift setting __GFP_NOFAIL from xfs_buf_alloc_kmem to the caller
xfs: split up xfs_buf_alloc_backing_mem
Merge tag 'for-linus-7.2a-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull xen fixes from Juergen Gross:
- rename function parameters and a comment related to
xen_exchange_memory() (Jan Beulich)
- replace __ASSEMBLY__ with __ASSEMBLER__ (Thomas Huth)
- add some sanity checking to the Xen pvcalls frontend driver (Michael
Bommarito)
- fix error handling in the Xen gntdev driver (Wentao Liang)
- fix several minor bugs in Xen related drivers (Yousef Alhouseen)
* tag 'for-linus-7.2a-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
x86/Xen: correct commentary and parameter naming of xen_exchange_memory()
xenbus: reject unterminated directory replies
[6 lines not shown]
Merge tag 'gpio-fixes-for-v7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux
Pull gpio fixes from Bartosz Golaszewski:
- check the return value of gpiochip_add_data() in gpio-mvebu and
gpio-htc-egpio
- avoid locking context issues with GPIO drivers using the shared GPIO
proxy by only allowing sleeping operations (atomic GPIO ops don't
really make sense in shared context anyway)
- with the above: restore non-sleeping GPIO access in pinctrl-meson
- fix return value on OOM in gpio-timberdale
- fix interrupt handling in gpio-mt7621
- support both A and B variants of NCT6126D in gpio-f7188x
[10 lines not shown]
netfs: Fix barriering when walking subrequest list
Fix the barriering used when walking the subrequest list in retry as
there's a possibility of seeing a subreq that's just been added by the
application thread.
Fixes: ee4cdf7ba857 ("netfs: Speed up buffered reading")
Fixes: 288ace2f57c9 ("netfs: New writeback implementation")
Link: https://sashiko.dev/#/patchset/20260608145432.681865-1-dhowells%40redhat.com
Signed-off-by: David Howells <dhowells at redhat.com>
Link: https://patch.msgid.link/138807.1782980582@warthog.procyon.org.uk
Reviewed-by: Paulo Alcantara (Red Hat) <pc at manguebit.org>
cc: Paulo Alcantara <pc at manguebit.org>
cc: netfs at lists.linux.dev
cc: linux-fsdevel at vger.kernel.org
Signed-off-by: Christian Brauner (Amutable) <brauner at kernel.org>
Merge tag 'asoc-fix-v7.2-rc1' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v7.2
A fairly standard set of driver specific fixes and quirks that have come
in since the merge window, plus a MAINTAINERS update. The tas675x
READ_ONCE change is probably not actually fixing issues properly but we
need a whole new approach to concurrency there and it came along with
some good fixes.
Merge tag 'device-id-rework' of git://git.kernel.org/pub/scm/linux/kernel/git/ukleinek/linux
Pull mod_devicetable.h header split from Uwe Kleine-König:
"Split <linux/mod_devicetable.h> in per subsystem headers
<linux/mod_devicetable.h> is included transitively in nearly every
driver in an x86_64 allmodconfig build of v7.1:
$ find drivers -name \*.o -not -name \*.mod.o | wc -l
21330
$ find drivers -name \*.o.cmd -not -name \*.mod.o.cmd | xargs grep -l mod_devicetable.h | wc -l
17038
The result of this mixture of different and unrelated subsystem
details is that even when touching an obscure device id struct most of
the kernel needs to be recompiled. Given that each driver typically
only needs one or two of these structures, splitting into per
subsystem headers and only including what is really needed reduces the
amount of needed recompilation.
[29 lines not shown]
Merge tag 'ata-7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux
Pull ata fixes from Damien Le Moal:
- Quirk the Phison PS3111-S11 SSD with NOLPM due to its defective
link power management (Bryam)
- Strengthen checks on a device concurrent positioning range
information to make sure to reject any invalid report (Bryam)
- Fix probe error handling in the pata_pxa and sata_gemini
drivers (Myeonghun, Wentao)
- Limit buffer size of replies from translated commands to what
libata actually generated (Karuna)
* tag 'ata-7.2-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux:
ata: libata-scsi: limit simulated SCSI command copy to response length
ata: pata_pxa: Fix DMA channel leak on probe error
[3 lines not shown]
Replace <linux/mod_devicetable.h> by more specific <linux/device-id/*.h> (c files)
Replace the #include of <linux/mod_devicetable.h> by the more specific
<linux/device-id/*.h> where applicable. For most cases the include
can be dropped completely, only a few drivers need one or two headers
added.
Acked-by: Danilo Krummrich <dakr at kernel.org>
Acked-by: Takashi Sakamoto <o-takashi at sakamocchi.jp>
Acked-by: Bjorn Helgaas <bhelgaas at google.com>
Link: https://patch.msgid.link/1a3f2007c5c5dcf555c09a4035ce3ae8ef1b6c49.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) <u.kleine-koenig at baylibre.com>
LoongArch: KVM: Add include defining struct cpu_feature
Traditionally <linux/mod_devicetable.h> was a header defining a plethora
of structs, among them struct cpu_features. This was split now with the
objective that only the relevant bits are included.
Currently <linux/mod_devicetable.h> is transitively included in
arch/loongarch/kvm/main.c via:
arch/loongarch/kvm/main.c ->
<linux/kvm_host.h> ->
<linux/entry-virt.h> ->
<linux/resume_user_mode.h> ->
<linux/memcontrol.h> ->
<linux/cgroup.h> ->
<linux/kernel_stat.h> ->
<linux/interrupt.h> ->
<linux/hardirq> ->
<asm/hardirq.h> ->
[14 lines not shown]
Replace <linux/mod_devicetable.h> by more specific <linux/device-id/*.h> (headers)
<linux/mod_devicetable.h> is included in a many files:
$ git grep '<linux/mod_devicetable.h>' ef0c9f75a195 | wc -l
1598
; some of them are widely used headers. To stop mixing up different and
unrelated driver( type)s let the subsystem headers only use the subset
of the recently split <linux/mod_devicetable.h> that are relevant for
them.
The fallout (I hope) is addressed in the previous commits that handle
sources relying on e.g. <linux/i2c.h> pulling in the full legacy header
and thus providing pci_device_id.
Acked-by: Danilo Krummrich <dakr at kernel.org>
Acked-by: Takashi Sakamoto <o-takashi at sakamocchi.jp>
Link: https://patch.msgid.link/199fe46b624ba07fb9bd3e0cd6ff13757932cb5f.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) <u.kleine-koenig at baylibre.com>
media: em28xx: Add include for struct usb_device_id
Traditionally <linux/mod_devicetable.h> was a header defining a plethora
of structs, among them struct usb_device_id. This was split now with the
objective that only the relevant bits are included.
Currently <linux/mod_devicetable.h> is transitively included in
drivers/media/usb/em28xx/em28xx.h via:
drivers/media/usb/em28xx/em28xx.h ->
<linux/i2c.h> ->
<linux/acpi.h> ->
<linux/device.h> ->
<linux/device/driver.h> ->
<linux/mod_devicetable.h
To keep struct usb_device_id available once <linux/device/driver.h>
stops including <linux/mod_devicetable.h>, include it the header
providing that struct explictly.
[5 lines not shown]
parisc: #include <linux/compiler.h> for unlikely() in <asm/ptrace.h>
Currently <linux/compiler.h> isn't included at all (not even
transitively) in <asm/ptrace.h>.
arch/parisc/kernel/asm-offsets.c just happens to include the following
chain of includes before <asm/ptrace.h>:
<linux/sched.h>
-> <asm/processor.h>
-> <asm/hardware.h>
-> <linux/mod_devicetable.h>
-> <linux/uuid.h>
-> <linux/string.h>
-> <linux/compiler.h>
. That chain will be broken, because in one of the next commits
<asm/hardware.h> is changed to only include <linux/device-id/parisc.h>
instead of <linux/mod_devicetable.h>. So to ensure
arch/parisc/kernel/asm-offsets.c knows about unlikely() even after that
[4 lines not shown]
ALSA: hda/core: Add include defining struct hda_device_id
Traditionally all *_device_id were defined in a single header
<linux/mod_devicetable.h>. This was split now with the objective that
only the relevant bits are included. So including <linux/pci.h> won't be
enough to get a definition of (the unrelated to pci) struct
hda_device_id.
Add an explicit include for the header defining struct hda_device_id to
keep working when <linux/pci.h> stops providing this defintion.
Acked-by: Danilo Krummrich <dakr at kernel.org>
Acked-by: Takashi Sakamoto <o-takashi at sakamocchi.jp>
Reviewed-by: Takashi Iwai <tiwai at suse.de>
Link: https://patch.msgid.link/376883bc5889d5cca01efb6f8d4e07a20158f2b8.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) <u.kleine-koenig at baylibre.com>
i2c: Let i2c-core.h include <linux/i2c.h>
The subsystem private header i2c-core.h uses several symbols defined in
<linux/i2c.h>, e.g. struct i2c_board_info and i2c_lock_bus()). This
doesn't pose a problem in practise because all files including
"i2c-core.h" also include <linux/i2c.h>.
To make this more robust add an include statement for <linux/i2c.h>
making the header self-contained.
Acked-by: Danilo Krummrich <dakr at kernel.org>
Reviewed-by: Wolfram Sang <wsa+renesas at sang-engineering.com>
Acked-by: Takashi Sakamoto <o-takashi at sakamocchi.jp>
Link: https://patch.msgid.link/46aa85ab3dc4e63bfb5bd8ff1fd212a3d0e31f58.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) <u.kleine-koenig at baylibre.com>
platform/x86: int3472: Add include defining struct dmi_system_id
Currently <linux/mod_devicetable.h> is included transitively in
int3472.h via
<linux/clk-provider.h> ->
<linux/of.h> ->
<linux/mod_devicetable.h>
However these includes will be tightend such that only the bits relevant
for of will be provided by <linux/of.h>. To ensure that dmi_system_id
stays around, include the respective header explicitly.
Acked-by: Danilo Krummrich <dakr at kernel.org>
Acked-by: Ilpo Järvinen <ilpo.jarvinen at linux.intel.com>
Acked-by: Takashi Sakamoto <o-takashi at sakamocchi.jp>
Acked-by: Sakari Ailus <sakari.ailus at linux.intel.com>
Link: https://patch.msgid.link/0ba52730f67dc995d9d896b81fa6a7320bf8cb4b.1782808461.git.u.kleine-koenig@baylibre.com
Signed-off-by: Uwe Kleine-König (The Capable Hub) <u.kleine-koenig at baylibre.com>