summaryrefslogtreecommitdiff
path: root/arch
AgeCommit message (Collapse)Author
2026-04-22LoongArch: Define instruction formats for AM{SWAP/ADD}.{B/H} and DBARTiezhu Yang
The 8 and 16 bit read-modify-write atomic instructions amadd.{b/h} and amswap.{b/h} were newly added in the latest LoongArch Reference Manual, define the instruction format and check whether support via CPUCFG. Furthermore, define the instruction format for DBAR which will be used to support BPF load-acquire and store-release instructions. This is preparation for later patches. Acked-by: Hengqi Chen <hengqi.chen@gmail.com> Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2026-04-22LoongArch: Batch the icache maintenance for jump_labelYouling Tang
Switch to the batched version of the jump label update functions so instruction cache maintenance is deferred until the end of the update. Signed-off-by: Youling Tang <tangyouling@kylinos.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2026-04-22LoongArch: Add flush_icache_all()/local_flush_icache_all()Youling Tang
LoongArch maintains ICache/DCache coherency by hardware, so we just need "ibar 0" to avoid instruction hazard here. Signed-off-by: Youling Tang <tangyouling@kylinos.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2026-04-22LoongArch: Add spectre boundry for syscall dispatch tableGreg Kroah-Hartman
The LoongArch syscall number is directly controlled by userspace, but does not have a array_index_nospec() boundry to prevent access past the syscall function pointer tables. Cc: stable@vger.kernel.org Assisted-by: gkh_clanker_2000 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2026-04-22LoongArch: Show CPU vulnerabilites correctlyHuacai Chen
Most LoongArch processors are vulnerable to Spectre-V1 Proof-of-Concept (PoC). And the generic mechanism, __user pointer sanitization, can be used as a mitigation. This means to use array_index_nospec() to prevent out of boundry access in syscall and other critical paths. Implement the arch-specific cpu_show_spectre_v1() to show CPU Spectre-V1 vulnerabilites correctly. Cc: stable@vger.kernel.org Link: https://cc-sw.com/chinese-loongarch-architecture-evaluation-part-3-of-3/ Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2026-04-22LoongArch: Make arch_irq_work_has_interrupt() true only if IPI HW existHuacai Chen
After commit 7c405fb3279b3924 ("rcu: Use an intermediate irq_work to start process_srcu()"), Loongson-2K0300/2K0500 fail to boot. Because IRQ_WORK need IPI but Loongson-2K0300/2K0500 don't have IPI HW. So make arch_irq_work_has_interrupt() return true only if IPI HW exist. Cc: stable@vger.kernel.org Reported-by: Binbin Zhou <zhoubinbin@loongson.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2026-04-22LoongArch: Use get_random_canary() for stack canary initLuo Qiu
Like others, replace the custom stack canary initialization with the get_random_canary() helper, following the pattern established in commit 622754e84b10 ("stackprotector: actually use get_random_canary()"). Signed-off-by: Luo Qiu <luoqiu@kylinsec.com.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2026-04-22LoongArch: Improve the logging of disabling KASLRYuqian Yang
Whether KASLR is disabled is not handled in nokaslr() which is the early param "nokaslr" setup function, but in kaslr_disabled(). However, the logging was previously done in nokaslr() and lack detail. So we move the logging to the right place and add more specific infomation about why it is disabled. Suggested-by: Wentao Guan <guanwentao@uniontech.com> Signed-off-by: Yuqian Yang <yangyuqian@uniontech.com> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2026-04-22LoongArch: Align FPU register state to 32 bytesLisa Robinson
Move fpr to the beginning of struct loongarch_fpu so it is naturally aligned to FPU_ALIGN (32 bytes), improving 256-bit SIMD (LASX) context switch performance. Also adjust process.c and fpu.S to work well with the new loongarch_fpu layout. Signed-off-by: Lisa Robinson <lisa@bytefly.space> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2026-04-22LoongArch: Handle CONFIG_32BIT in syscall_get_arch()Tiezhu Yang
If CONFIG_32BIT is set, it should return AUDIT_ARCH_LOONGARCH32 instead of AUDIT_ARCH_LOONGARCH64 in syscall_get_arch(). Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2026-04-22LoongArch: Add HIGHMEM (PKMAP and FIX_KMAP) supportHuacai Chen
Add HIGHMEM (High Memory) support for LoongArch, mostly needed by 32BIT kernel because the size of kernel virtual memory space is only 512MB and the size of usable physical memory is only 256MB in this case. HIGHMEM adds permanent kernel mapping (PKMAP) and fixed kernel mapping (FIX_KMAP), which increase usable physical memory up to 2.25GB (2304MB). We can just use the generic copy_user_highpage(), so remove the custom version. Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2026-04-22LoongArch: Adjust build infrastructure for 32BIT/64BITHuacai Chen
Adjust build infrastructure (Kconfig, Makefile and ld scripts) to let us enable both 32BIT/64BIT kernel build. Reviewed-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
2026-04-22x86/hyperv: Skip LP/VP creation on kexecJork Loeser
After a kexec the logical processors and virtual processors already exist in the hypervisor because they were created by the previous kernel. Attempting to add them again causes either a BUG_ON or corrupted VP state leading to MCEs in the new kernel. Add hv_lp_exists() to probe whether an LP is already present by calling HVCALL_GET_LOGICAL_PROCESSOR_RUN_TIME. When it succeeds the LP exists and we skip the add-LP and create-VP loops entirely. Also add hv_call_notify_all_processors_started() which informs the hypervisor that all processors are online. This is required after adding LPs (fresh boot) and is a no-op on kexec since we skip that path. Co-developed-by: Anirudh Rayabharam <anrayabh@linux.microsoft.com> Signed-off-by: Anirudh Rayabharam <anrayabh@linux.microsoft.com> Co-developed-by: Stanislav Kinsburskii <stanislav.kinsburskii@gmail.com> Signed-off-by: Stanislav Kinsburskii <stanislav.kinsburskii@gmail.com> Co-developed-by: Mukesh Rathor <mrathor@linux.microsoft.com> Signed-off-by: Mukesh Rathor <mrathor@linux.microsoft.com> Signed-off-by: Jork Loeser <jloeser@linux.microsoft.com> Reviewed-by: Stanislav Kinsburskii <skinsburskii@linux.microsoft.com> Signed-off-by: Wei Liu <wei.liu@kernel.org>
2026-04-22x86/hyperv: move stimer cleanup to hv_machine_shutdown()Jork Loeser
Move hv_stimer_global_cleanup() from vmbus's hv_kexec_handler() to hv_machine_shutdown() in the platform code. This ensures stimer cleanup happens before the vmbus unload, which is required for root partition kexec to work correctly. Co-developed-by: Anirudh Rayabharam <anrayabh@linux.microsoft.com> Signed-off-by: Anirudh Rayabharam <anrayabh@linux.microsoft.com> Signed-off-by: Jork Loeser <jloeser@linux.microsoft.com> Reviewed-by: Stanislav Kinsburskii <skinsburskii@linux.microsoft.com> Signed-off-by: Wei Liu <wei.liu@kernel.org>
2026-04-21s390/bpf: Inline smp_processor_id and current_taskMaxim Khmelevskii
Inline these calls in bpf jit: - bpf_get_smp_processor_id() - bpf_get_current_task() - bpf_get_current_task_btf() s390 has a 8 KiB per-CPU prefix area in the CPU's virtual address space, called the lowcore. It is a struct that contains the cpu number and a pointer to the current task. These are exactly the values returned by the BPF helpers. Emit a load from the lowcore instead of a helper function call. JIT output for `bpf_get_smp_processor_id`: Before: After: --------------- ---------------- brasl %r14,0x3ffe0385460 ly %r14,928 lgr %r14,%r2 JIT output for `bpf_get_current_task`: Before: After: --------------- ---------------- brasl %r14,0x3ffe0362a90 lg %r14,832 lgr %r14,%r2 Benchmark using [1] on KVM(virtme-ng). ./benchs/run_bench_trigger.sh glob-arr-inc arr-inc hash-inc +---------------+--------------------+--------------------+--------------+ | Name | Before | After | % change | |---------------+--------------------+--------------------+--------------| | glob-arr-inc | 244.954 ± 0.654M/s | 278.501 ± 0.834M/s | + 13.70% | | arr-inc | 311.597 ± 1.016M/s | 313.610 ± 0.331M/s | + 0.65% | | hash-inc | 47.421 ± 0.017M/s | 47.600 ± 0.004M/s | + 0.38% | +---------------+--------------------+--------------------+--------------+ [1] https://github.com/anakryiko/linux/commit/8dec900975ef Signed-off-by: Maxim Khmelevskii <max@linux.ibm.com> Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com> Link: https://lore.kernel.org/r/20260414142930.528751-1-max@linux.ibm.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-21x86/cpu: Disable FRED when PTI is forced onDave Hansen
FRED and PTI were never intended to work together. No FRED hardware is vulnerable to Meltdown and all of it should have LASS anyway. Nevertheless, if you boot a system with pti=on and fred=on, the kernel tries to do what is asked of it and dies a horrible death on the first attempt to run userspace (since it never switches to the user page tables). Disable FRED when PTI is forced on, and print a warning about it. A quick brain dump about what a FRED+PTI implementation would look like is below. I'm not sure it would make any sense to do it, but never say never. All I know is that it's way too complicated to be worth it today. <brain dump> The SWITCH_TO_USER/KERNEL_CR3 bits are simple to fix (or at least we have the assembly tools to do it already), as is sticking the FRED entry text in .entry.text (it's not in there today). The nasty part is the stacks. Today, the CPU pops into the kernel on MSR_IA32_FRED_RSP0 which is normal old kernel memory and not mapped to userspace. The hardware pushes gunk on to MSR_IA32_FRED_RSP0, which is currently the task stacks. MSR_IA32_FRED_RSP0 would need to point elsewhere, probably cpu_entry_stack(). Then, start playing games with stacks on entry/exit, including copying gunk to and from the task stack. While I'd *like* to have PTI everywhere, I'm not sure it's worth mucking up the FRED code with PTI kludges. If a user wants fast entry/exit, they use FRED. If you want PTI (and sekuritay), you certainly don't care about fast entry and FRED isn't going to help you *all* that much, so you can just stay with the IDT. Plus, FRED hardware should have LASS which gives you a similar security profile to PTI without the CR3 munging. </brain dump> Reported-by: Gayatri Kammela <Gayatri.Kammela@amd.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de> Tested-by: Maciej Wieczor-Retman <maciej.wieczor-retman@intel.com> Cc:stable@vger.kernel.org Link: https://patch.msgid.link/20260421163136.E7C6788A@davehans-spike.ostc.intel.com
2026-04-21kgdb: update outdated references to kgdb_wait()Kexin Sun
The function kgdb_wait() was folded into the static function kgdb_cpu_enter() by commit 62fae312197a ("kgdb: eliminate kgdb_wait(), all cpus enter the same way"). Update the four stale references accordingly: - include/linux/kgdb.h and arch/x86/kernel/kgdb.c: the kgdb_roundup_cpus() kdoc describes what other CPUs are rounded up to call. Because kgdb_cpu_enter() is static, the correct public entry point is kgdb_handle_exception(); also fix a pre-existing grammar error ("get them be" -> "get them into") and reflow the text. - kernel/debug/debug_core.c: replace with the generic description "the debug trap handler", since the actual entry path is architecture-specific. - kernel/debug/gdbstub.c: kgdb_cpu_enter() is correct here (it describes internal state, not a call target); add the missing parentheses. Suggested-by: Daniel Thompson <daniel@riscstar.com> Assisted-by: unnamed:deepseek-v3.2 coccinelle Signed-off-by: Kexin Sun <kexinsun@smail.nju.edu.cn>
2026-04-21arm64: dts: amlogic: t7: Add eMMC, SD card and SDIO pinctrl nodesRonald Claveau
These pinctrl nodes are required by the eMMC, SD card and SDIO drivers to configure pin muxing at runtime. - eMMC: control, 4-bit/8-bit data, data strobe and clock gate pins - SD card: data, clock, command and clock gate pins - SDIO: data, clock, command and clock gate pins Signed-off-by: Ronald Claveau <linux-kernel-dev@aliel.fr> Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org> Link: https://patch.msgid.link/20260326-add-emmc-t7-vim4-v5-1-d3f182b48e9d@aliel.fr Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
2026-04-21arm64: dts: amlogic: meson-s4-s905y4-khadas-vim1s: add POWER key supportNick Xie
Add the gpio-keys-polled node to support the Power button found on the Khadas VIM1S board. The button is connected to the GPIOD_8 pin. Use polled mode instead of gpio-keys because the GPIO interrupt controller support for Meson S4 SoC is not yet available upstream. Signed-off-by: Nick Xie <nick@khadas.com> Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Link: https://patch.msgid.link/20260228063750.701887-5-nick@khadas.com Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
2026-04-21arm64: dts: amlogic: meson-s4-s905y4-khadas-vim1s: add PWM LED supportNick Xie
The Khadas VIM1S board features a white LED connected to the PWM_G controller (PWM channel 0). Enable the PWM_G controller and add the pwm-leds node to support using this LED as a heartbeat indicator. Signed-off-by: Nick Xie <nick@khadas.com> Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Link: https://patch.msgid.link/20260228063750.701887-4-nick@khadas.com Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
2026-04-21arm64: dts: amlogic: meson-s4-s905y4-khadas-vim1s: enable bluetoothNick Xie
The Khadas VIM1S board uses the Ampak AP6256 Wi-Fi/Bluetooth module. The Bluetooth controller is connected via UART_A and requires the external 32k clock (LPO). Enable the UART_A node and add the bluetooth child node to support it. Signed-off-by: Nick Xie <nick@khadas.com> Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Link: https://patch.msgid.link/20260228063750.701887-3-nick@khadas.com Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
2026-04-21arm64: dts: amlogic: meson-s4: add UART_A nodeNick Xie
Add the UART_A node and its related pinctrl definitions to the Meson S4 SoC dtsi. The pinctrl groups are split into basic tx/rx and flow control (cts/rts) to allow board-level flexibility. This interface is typically used for Bluetooth communication on boards like the Khadas VIM1S. Signed-off-by: Nick Xie <nick@khadas.com> Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Link: https://patch.msgid.link/20260228063750.701887-2-nick@khadas.com Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
2026-04-21arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: add bluetooth nodeJun Yan
The Phicomm N1 uses a CY43455 (BCM43438) module with its Bluetooth interface connected to uart_A. Add the required device tree node to enable proper functionality. Signed-off-by: Jun Yan <jerrysteve1101@gmail.com> Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org> Link: https://patch.msgid.link/20260213073810.552341-1-jerrysteve1101@gmail.com Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
2026-04-21arm64: dts: meson-gxl-p230: fix ethernet PHY interrupt numberJun Yan
Correct the interrupt number assigned to the Realtek PHY in the p230 following the same logic as commit 3106507e1004 ("ARM64: dts: meson-gxm: fix q200 interrupt number"),as reported in [PATCH 0/2] Ethernet PHY interrupt improvements [1]. [1] https://lore.kernel.org/all/20171202214037.17017-1-martin.blumenstingl@googlemail.com/ Fixes: b94d22d94ad2 ("ARM64: dts: meson-gx: add external PHY interrupt on some platforms") Signed-off-by: Jun Yan <jerrysteve1101@gmail.com> Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Link: https://patch.msgid.link/20260330145111.115318-1-jerrysteve1101@gmail.com Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
2026-04-21arm64: dts: amlogic: meson-axg: Add missing cache information to cpu0Anand Moon
Add missing L1 data and instruction cache parameters to the CPU node 0 for the Cortex-A53 caches on the Meson AXG SoC. Fixes: 3b6ad2a43367 ("arm64: dts: amlogic: Add cache information to the Amlogic AXG SoCS") Signed-off-by: Anand Moon <linux.amoon@gmail.com> Link: https://patch.msgid.link/20260219103548.18392-1-linux.amoon@gmail.com Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
2026-04-21arm64: dts: amlogic: t7: khadas-vim4: fix board model nameNick Xie
Update the model property to "Khadas VIM4" to match the official product branding and maintain consistency with other Khadas boards (e.g., VIM1, VIM2, VIM3) in the kernel tree. Signed-off-by: Nick Xie <nick@khadas.com> Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org> Link: https://patch.msgid.link/20260306030756.2421841-1-nick@khadas.com Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
2026-04-21arm64: dts: amlogic: Fix GIC register ranges for Amlogic T7Ronald Claveau
This patch aims to fix the GIC register ranges for Amlogic T7 SoC family. - Context Kernel log shows a warning about GIC [ 0.000000] GIC: GICv2 detected, but range too small and irqchip.gicv2_force_probe not set Using cat /proc/interrupts command shows GIC as GIC-0 Adding some peripherals sometimes causes hangs on interrupts. - According to the GIC-400 ARM doc, the memory map is like: 0x1000-0x1FFF Distributor 0x2000-0x3FFF CPU interfaces 0x4000-0x5FFF Virtual interface control block 0x6000-0x7FFF Virtual CPU interfaces - Identify GIC model from distributor register Offset | Name | Type | Reset 0x008 | GICD_IIDR | RO | 0x0200143B kvim4# md.l 0xFFF01008 1 fff01008: 0200143b - Identify CPU interface from CPU interface register Offset | Name | Type | Reset 0x00FC | GICC_IIDR | RO | 0x0202143B kvim4# md.l 0xFFF020FC 1 fff020fc: 0202143b - Virtual interface control register check Offset | Name | Type | Reset 0x004 | GICH_VTR | RO | 0x90000003 kvim4# md.l 0xFFF04004 1 fff04004: 90000003 - Virtual CPU interfaces check Offset | Name | Type | Reset 0x00FC | GICV_IIDR | RO | 0x0202143B kvim4# md.l 0xFFF060FC 1 fff060fc: 0202143b - After this patch there is no warning anymore. GICv2 is correctly identified. [ 0.000000] GIC: Using split EOI/Deactivate mode Using cat /proc/interrupts command shows GIC as GICv2 Signed-off-by: Ronald Claveau <linux-kernel-dev@aliel.fr> Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org> Link: https://patch.msgid.link/20260305-fix-amlt7-gic-dts-v1-1-5944415c74bf@aliel.fr Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
2026-04-21arm64: dts: amlogic: t7: khadas-vim4: fix memory layout for 8GB RAMNick Xie
The Khadas VIM4 features 8GB of LPDDR4X RAM. The previous memory node mapped a single incorrect region. This caused the kernel to map MMIO and secure firmware (ATF/TrustZone) memory holes as standard RAM, leading to an Asynchronous SError Interrupt during early boot (paging_init) when the kernel attempted to clear those pages. Fix this by splitting the 8GB memory layout into three separate regions to properly avoid the memory holes (e.g., 0xe0000000 - 0xffffffff): - 3.5GB @ 0x000000000 - 3.5GB @ 0x100000000 - 1.0GB @ 0x200000000 Signed-off-by: Nick Xie <nick@khadas.com> Suggested-by: Ronald Claveau <linux-kernel-dev@aliel.fr> Link: https://patch.msgid.link/20260319023446.3422695-1-nick@khadas.com Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
2026-04-21arm64: dts: amlogic: s6: Drop CPU masks from GICv3 PPI interruptsGeert Uytterhoeven
Unlike older GIC variants, the GICv3 DT bindings do not support specifying a CPU mask in PPI interrupt specifiers. Drop the masks. While at it, replace the magic number for IRQ_TYPE_LEVEL_HIGH by its symbolic definition. Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org> Link: https://patch.msgid.link/f9c6eddebebcd2e128edd2dbc51706e23589f9e8.1772643434.git.geert+renesas@glider.be Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
2026-04-20Merge tag 'arm64-upstream' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull more arm64 updates from Catalin Marinas: "The main 'feature' is a workaround for C1-Pro erratum 4193714 requiring IPIs during TLB maintenance if a process is running in user space with SME enabled. The hardware acknowledges the DVMSync messages before completing in-flight SME accesses, with security implications. The workaround makes use of the mm_cpumask() to track the cores that need interrupting (arm64 hasn't used this mask before). The rest are fixes for MPAM, CCA and generated header that turned up during the merging window or shortly before. Summary: Core features: - Add workaround for C1-Pro erratum 4193714 - early CME (SME unit) DVMSync acknowledgement. The fix consists of sending IPIs on TLB maintenance to those CPUs running in user space with SME enabled - Include kernel-hwcap.h in list of generated files (missed in a recent commit generating the KERNEL_HWCAP_* macros) CCA: - Fix RSI_INCOMPLETE error check in arm-cca-guest MPAM: - Fix an unmount->remount problem with the CDP emulation, uninitialised variable and checker warnings" * tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm_mpam: resctrl: Make resctrl_mon_ctx_waiters static arm_mpam: resctrl: Fix the check for no monitor components found arm_mpam: resctrl: Fix MBA CDP alloc_capable handling on unmount virt: arm-cca-guest: fix error check for RSI_INCOMPLETE arm64/hwcap: Include kernel-hwcap.h in list of generated files arm64: errata: Work around early CME DVMSync acknowledgement arm64: cputype: Add C1-Pro definitions arm64: tlb: Pass the corresponding mm to __tlbi_sync_s1ish() arm64: tlb: Introduce __tlbi_sync_s1ish_{kernel,batch}() for TLB maintenance
2026-04-20Merge tag 'sh-for-v7.1-tag1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/glaubitz/sh-linux Pull sh updates from John Paul Adrian Glaubitz: "Two patches from Thomas Zimmermann, one by Tim Bird and one by Thomas Weißschuh. The first patch by Thomas Zimmermann adds a missing include in dac.h for SH-3 which became necessary after 243ce64b2b37 ("backlight: Do not include <linux/fb.h> in header file") which made __raw_readb() and __raw_writeb() inaccessible in dac.h. Thomas' second patch drops CONFIG_FIRMWARE_EDID for SH as it depends on X86 or EFI_GENERIC_STUB which are not defined on SH for obvious reasons. The patch by Tim Bird fixes just a small typo in two SPDX ID lines which he stumbled over by accident. And, least but not last, the patch by Thomas Weißschuh removes the CONFIG_VSYSCALL reference from UAPI. This was necessary as the definition of AT_SYSINFO_EHDR was gated between CONFIG_VSYSCALL to avoid a default gate VMA to be created. However that default gate VMA was removed entirely in commit a6c19dfe3994 (arm64,ia64,ppc,s390, sh,tile,um,x86,mm: remove default gate area)" * tag 'sh-for-v7.1-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/glaubitz/sh-linux: sh: Drop CONFIG_FIRMWARE_EDID from defconfig files sh: Remove CONFIG_VSYSCALL reference from UAPI sh: Fix typo in SPDX license ID lines sh: Include <linux/io.h> in dac.h
2026-04-20Merge tag 'uml-for-7.1-rc1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux Pull uml updates from Johannes Berg: "Mostly cleanups and small things, notably: - musl libc compatibility - vDSO installation fix - TLB sync race fix for recent SMP support - build fix for 32-bit with Clang 20/21" * tag 'uml-for-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux: um: Disable GCOV_PROFILE_ALL on 32-bit UML with Clang 20/21 um: drivers: call kernel_strrchr() explicitly in cow_user.c um: Replace strncpy() with strnlen()+memcpy_and_pad() in strncpy_chunk_from_user() x86/um: fix vDSO installation um: Remove CONFIG_FRAME_WARN from x86_64_defconfig um: Fix pte_read() and pte_exec() for kernel mappings um: Fix potential race condition in TLB sync um: time-travel: clean up kernel-doc warnings um: avoid struct sigcontext redefinition with musl um: fix address-of CMSG_DATA() rvalue in stub
2026-04-20x86/shstk: Prevent deadlock during shstk sigreturnRick Edgecombe
During sigreturn the shadow stack signal frame is popped. The kernel does this by reading the shadow stack using normal read accesses. When it can't assume the memory is shadow stack, it takes extra steps to makes sure it is reading actual shadow stack memory and not other normal readable memory. It does this by holding the mmap read lock while doing the access and checking the flags of the VMA. Unfortunately that is not safe. If the read of the shadow stack sigframe hits a page fault, the fault handler will try to recursively grab another mmap read lock. This normally works ok, but if a writer on another CPU is also waiting, the second read lock could fail and cause a deadlock. Fix this by not holding mmap lock during the read access to userspace. Instead use mmap_lock_speculate_...() to watch for changes between dropping mmap lock and the userspace access. Retry if anything grabbed an mmap write lock in between and could have changed the VMA. These mmap_lock_speculate_...() helpers use mm::mm_lock_seq, which is only available when PER_VMA_LOCK is configured. So make X86_USER_SHADOW_STACK depend on it. On x86, PER_VMA_LOCK is a default configuration for SMP kernels. So drop support for the other configs under the assumption that the !SMP shadow stack user base does not exist. Currently there is a check that skips the lookup work when the SSP can be assumed to be on a shadow stack. While reorganizing the function, remove the optimization to make the tricky code flows more common, such that issues like this cannot escape detection for so long. Fixes: 7fad2a432cd3 ("x86/shstk: Check that signal frame is shadow stack mem") Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> Signed-off-by: Thomas Gleixner <tglx@kernel.org> Reviewed-by: Dave Hansen <dave.hansen@intel.com> Reviewed-by: Thomas Gleixner <tglx@kernel.org> Cc: stable@vger.kernel.org
2026-04-20Merge tag 'apple-soc-fixes-7.0' of ↵Arnd Bergmann
https://git.kernel.org/pub/scm/linux/kernel/git/sven/linux into soc/late2 Apple SoC fixes for 7.0 Two commits without any functional changes that arrived just before the merge window opened: - Update Sasha's email address in all dt-bindings, MAINTAINERS and add him to mailmap - Fix a typo in spi1-nvram.dtsi * tag 'apple-soc-fixes-7.0' of https://git.kernel.org/pub/scm/linux/kernel/git/sven/linux: arm64: dts: apple: Fix spelling error dt-bindings: Update Sasha Finkelstein's email address mailmap: Update Sasha Finkelstein's email address Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2026-04-20ARM: dts: bcm4709: fix bus range assignmentArnd Bergmann
The netgear r8000 dts file limits the bus range for the first host bridge to exclude bus 0, but the two devices on the first bus are explicitly assigned to bus 0, causing a build time warning: /home/arnd/arm-soc/arch/arm/boot/dts/broadcom/bcm4709-netgear-r8000.dts:142.3-27: Warning (pci_device_bus_num): /axi@18000000/pcie@13000/pcie@0/pcie@0,0/pcie@1,0:bus-range: PCI bus number 0 out of range, expected (1 - 255) /home/arnd/arm-soc/arch/arm/boot/dts/broadcom/bcm4709-netgear-r8000.dts:142.3-27: Warning (pci_device_bus_num): /axi@18000000/pcie@13000/pcie@0/pcie@0,0/pcie@2,0:bus-range: PCI bus number 0 out of range, expected (1 - 255) As Rosen mentioned, the bus-range property was a mistake, so just remove it and keep the reg values pointing to bus 0, which is allowed by the default bus range of the SoC. Fixes: 893faf67438c ("ARM: dts: BCM5301X: add root pcie bridges") Suggested-by: Rosen Penev <rosenp@gmail.com> Link: https://lore.kernel.org/r/20260414064754.3129667-1-arnd@kernel.org Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2026-04-20Merge tag 'mvebu-dt64-7.1-1' of ↵Arnd Bergmann
https://git.kernel.org/pub/scm/linux/kernel/git/gclement/mvebu into soc/late2 mvebu dt64 for 7.1 (part 1) - Armada 37xx/3720 device tree fixes: - Reorder USB PHYs, standardize names, drop undocumented properties, fix schema alignment - Add Marvell 7k COMe board bindings and uDPU ethernet aliases - Cleanup: drop unused .dtsi files * tag 'mvebu-dt64-7.1-1' of https://git.kernel.org/pub/scm/linux/kernel/git/gclement/mvebu: arm64: dts: marvell: armada-37xx: swap PHYs' order in USB3 controller node arm64: dts: marvell: armada-37xx: use 'usb2-phy' in USB3 controller's phy-names arm64: dts: marvell: armada-37xx: drop 'marvell,usb-misc-reg' from USB host nodes arm64: dts: marvell: armada-37xx: drop redundant status property arm64: dts: marvell: armada-37xx: align 'phy-names' of EHCI node with DT schema dt-bindings: arm64: add Marvell 7k COMe boards arm64: dts: marvell: armada-3720: drop 'marvell,xenon-emmc' properties arm64: dts: marvell: uDPU: add ethernet aliases arm/arm64: dts: marvell: Drop unused .dtsi arm64: dts: a7k: use phy handle Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2026-04-20Merge branch 'arm/fixes' into soc/late2Arnd Bergmann
* arm/fixes: arm64: dts: imx8mm-tqma8mqml: Correct PAD settings for PMIC_nINT arm64: dts: imx8mn-tqma8mqnl: Correct PAD settings for PMIC_nINT arm64: dts: imx8mm-emtop-som: Correct PAD settings for PMIC_nINT reset: amlogic: t7: Fix null reset ops arm64: dts: imx8mp-data-modul-edm-sbc: Correct PAD settings for PMIC_nINT arm64: dts: imx8mp-dhcom-som: Correct PAD settings for PMIC_nINT arm64: dts: imx8mp-ultra-mach-sbc: Correct PAD settings for PMIC_nINT arm64: dts: imx8mp-sr-som: Correct PAD settings for PMIC_nINT arm64: dts: imx8mp-nitrogen-som: Correct PAD settings for PMIC_nINT arm64: dts: imx8mp-aristainetos3a-som-v1: Correct PAD settings for PMIC_nINT arm64: dts: imx8mp-edm-g: Correct PAD settings for PMIC_nINT arm64: dts: imx8mp-icore-mx8mp: Correct PAD settings for PMIC_nINT arm64: dts: imx8mp-navqp: Correct PAD settings for PMIC_nINT arm64: dts: imx8mp-debix-som-a: Correct PAD settings for PMIC_nINT arm64: dts: imx8mp-debix-model-a: Correct PAD settings for PMIC_nINT dt-bindings: arm64: add Marvell 7k COMe boards
2026-04-20Merge branch 'for-next/c1-pro-erratum-4193714' into for-next/coreCatalin Marinas
* for-next/c1-pro-erratum-4193714: : Work around C1-Pro erratum 4193714 (CVE-2026-0995) arm64: errata: Work around early CME DVMSync acknowledgement arm64: cputype: Add C1-Pro definitions arm64: tlb: Pass the corresponding mm to __tlbi_sync_s1ish() arm64: tlb: Introduce __tlbi_sync_s1ish_{kernel,batch}() for TLB maintenance
2026-04-20Merge branches 'for-next/misc' and 'for-next/mpam' into for-next/coreCatalin Marinas
* for-next/misc: : Miscellaneous cleanups/fixes virt: arm-cca-guest: fix error check for RSI_INCOMPLETE arm64/hwcap: Include kernel-hwcap.h in list of generated files * for-next/mpam: : Fix an unmount->remount problem with the CDP emulation, uninitialised : variable and checker warnings arm_mpam: resctrl: Make resctrl_mon_ctx_waiters static arm_mpam: resctrl: Fix the check for no monitor components found arm_mpam: resctrl: Fix MBA CDP alloc_capable handling on unmount
2026-04-18Merge tag 'parisc-for-7.1-rc1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc architecture updates from Helge Deller: - A fix to make modules on 32-bit parisc architecture work again - Drop ip_fast_csum() inline assembly to avoid unaligned memory accesses - Allow to build kernel without 32-bit VDSO - Reference leak fix in error path in LED driver * tag 'parisc-for-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: led: fix reference leak on failed device registration module.lds.S: Fix modules on 32-bit parisc architecture parisc: Allow to build without VDSO32 parisc: Include 32-bit VDSO only when building for 32-bit or compat mode parisc: Allow to disable COMPAT mode on 64-bit kernel parisc: Fix default stack size when COMPAT=n parisc: Fix signal code to depend on CONFIG_COMPAT instead of CONFIG_64BIT parisc: is_compat_task() shall return false for COMPAT=n parisc: Avoid compat syscalls when COMPAT=n parisc: _llseek syscall is only available for 32-bit userspace parisc: Drop ip_fast_csum() inline assembly implementation parisc: update outdated comments for renamed ccio_alloc_consistent()
2026-04-18Merge tag 'memblock-v7.1-rc1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock Pull memblock updates from Mike Rapoport: - improve debuggability of reserve_mem kernel parameter handling with print outs in case of a failure and debugfs info showing what was actually reserved - Make memblock_free_late() and free_reserved_area() use the same core logic for freeing the memory to buddy and ensure it takes care of updating memblock arrays when ARCH_KEEP_MEMBLOCK is enabled. * tag 'memblock-v7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock: x86/alternative: delay freeing of smp_locks section memblock: warn when freeing reserved memory before memory map is initialized memblock, treewide: make memblock_free() handle late freeing memblock: make free_reserved_area() update memblock if ARCH_KEEP_MEMBLOCK=y memblock: extract page freeing from free_reserved_area() into a helper memblock: make free_reserved_area() more robust mm: move free_reserved_area() to mm/memblock.c powerpc: opal-core: pair alloc_pages_exact() with free_pages_exact() powerpc: fadump: pair alloc_pages_exact() with free_pages_exact() memblock: reserve_mem: fix end caclulation in reserve_mem_release_by_name() memblock: move reserve_bootmem_range() to memblock.c and make it static memblock: Add reserve_mem debugfs info memblock: Print out errors on reserve_mem parser
2026-04-18sh: Drop CONFIG_FIRMWARE_EDID from defconfig filesThomas Zimmermann
CONFIG_FIRMWARE_EDID=y depends on X86 or EFI_GENERIC_STUB. Neither is true here, so drop the lines from the defconfig files. Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de> Reviewed-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
2026-04-18sh: Remove CONFIG_VSYSCALL reference from UAPIThomas Weißschuh
AT_SYSINFO_EHDR defines the auxvector index representing the vDSO entrypoint. Its value or presence does not depend on whether a vDSO is actually provided by the kernel. The definition of AT_SYSINFO_EHDR was gated between CONFIG_VSYSCALL to avoid a default gate VMA to be created. However that default gate VMA was removed entirely in commit a6c19dfe3994 ("arm64,ia64,ppc,s390,sh,tile,um,x86,mm: remove default gate area"). Remove the now unnecessary conditional. Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de> Reviewed-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
2026-04-18sh: Fix typo in SPDX license ID linesTim Bird
Both platform_early.c and platform_early.h have an extra dash in their SPDX-License-Identifier lines. Use the correct (single-dash) syntax for these lines. Signed-off-by: Tim Bird <tim.bird@sony.com> Reviewed-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
2026-04-18sh: Include <linux/io.h> in dac.hThomas Zimmermann
Include <linux/io.h> to avoid depending on <linux/backlight.h> for including it. Declares __raw_readb() and __raw_writeb(). Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de> Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202510282206.wI0HrqcK-lkp@intel.com/ Fixes: 243ce64b2b37 ("backlight: Do not include <linux/fb.h> in header file") Cc: Thomas Zimmermann <tzimmermann@suse.de> Cc: Daniel Thompson (RISCstar) <danielt@kernel.org> Cc: Simona Vetter <simona.vetter@ffwll.ch> Cc: Lee Jones <lee@kernel.org> Cc: Daniel Thompson <danielt@kernel.org> Cc: Jingoo Han <jingoohan1@gmail.com> Cc: dri-devel@lists.freedesktop.org Reviewed-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Reviewed-by: Daniel Thompson (RISCstar) <danielt@kernel.org> Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
2026-04-18KVM: arm64: pkvm: Adopt MARKER() to define host hypercall rangesMarc Zyngier
The EL2 code defines ranges of host hypercalls that are either enabled at boot-time only, used by [nh]VHE KVM, or reserved to pKVM. The way these ranges are delineated is error prone, as the enum symbols defining the limits are expressed in terms of actual function symbols. This means that should a new function be added, special care must be taken to also update the limit symbol. Improve this by reusing the mechanism introduced for the vcpu_sysreg enum, which uses a MARKER() macro and some extra trickery to make the limit symbol standalone. Crucially, the limit symbol has the same value as the *following* symbol. The handle_host_hcall() function is then updated to make use of the new limit definitions and get rid of the brittle default upper limit. This allows for some more strict checks at build time, and the removal of an comparison at run time. Tested-by: Fuad Tabba <tabba@google.com> Reviewed-by: Fuad Tabba <tabba@google.com> Link: https://patch.msgid.link/20260414160528.2218858-1-maz@kernel.org Signed-off-by: Marc Zyngier <maz@kernel.org>
2026-04-17Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpfLinus Torvalds
Pull bpf fixes from Alexei Starovoitov: "Most of the diff stat comes from Xu Kuohai's fix to emit ENDBR/BTI, since all JITs had to be touched to move constant blinding out and pass bpf_verifier_env in. - Fix use-after-free in arena_vm_close on fork (Alexei Starovoitov) - Dissociate struct_ops program with map if map_update fails (Amery Hung) - Fix out-of-range and off-by-one bugs in arm64 JIT (Daniel Borkmann) - Fix precedence bug in convert_bpf_ld_abs alignment check (Daniel Borkmann) - Fix arg tracking for imprecise/multi-offset in BPF_ST/STX insns (Eduard Zingerman) - Copy token from main to subprogs to fix missing kallsyms (Eduard Zingerman) - Prevent double close and leak of btf objects in libbpf (Jiri Olsa) - Fix af_unix null-ptr-deref in sockmap (Michal Luczaj) - Fix NULL deref in map_kptr_match_type for scalar regs (Mykyta Yatsenko) - Avoid unnecessary IPIs. Remove redundant bpf_flush_icache() in arm64 and riscv JITs (Puranjay Mohan) - Fix out of bounds access. Validate node_id in arena_alloc_pages() (Puranjay Mohan) - Reject BPF-to-BPF calls and callbacks in arm32 JIT (Puranjay Mohan) - Refactor all JITs to pass bpf_verifier_env to emit ENDBR/BTI for indirect jump targets on x86-64, arm64 JITs (Xu Kuohai) - Allow UTF-8 literals in bpf_bprintf_prepare() (Yihan Ding)" * tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf: (32 commits) bpf, arm32: Reject BPF-to-BPF calls and callbacks in the JIT bpf: Dissociate struct_ops program with map if map_update fails bpf: Validate node_id in arena_alloc_pages() libbpf: Prevent double close and leak of btf objects selftests/bpf: cover UTF-8 trace_printk output bpf: allow UTF-8 literals in bpf_bprintf_prepare() selftests/bpf: Reject scalar store into kptr slot bpf: Fix NULL deref in map_kptr_match_type for scalar regs bpf: Fix precedence bug in convert_bpf_ld_abs alignment check bpf, arm64: Emit BTI for indirect jump target bpf, x86: Emit ENDBR for indirect jump targets bpf: Add helper to detect indirect jump targets bpf: Pass bpf_verifier_env to JIT bpf: Move constants blinding out of arch-specific JITs bpf, sockmap: Take state lock for af_unix iter bpf, sockmap: Fix af_unix null-ptr-deref in proto update selftests/bpf: Extend bpf_iter_unix to attempt deadlocking bpf, sockmap: Fix af_unix iter deadlock bpf, sockmap: Annotate af_unix sock:: Sk_state data-races selftests/bpf: verify kallsyms entries for token-loaded subprograms ...
2026-04-17Merge tag 'integrity-v7.1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity Pull integrity updates from Mimi Zohar: "There are two main changes, one feature removal, some code cleanup, and a number of bug fixes. Main changes: - Detecting secure boot mode was limited to IMA. Make detecting secure boot mode accessible to EVM and other LSMs - IMA sigv3 support was limited to fsverity. Add IMA sigv3 support for IMA regular file hashes and EVM portable signatures Remove: - Remove IMA support for asychronous hash calculation originally added for hardware acceleration Cleanup: - Remove unnecessary Kconfig CONFIG_MODULE_SIG and CONFIG_KEXEC_SIG tests - Add descriptions of the IMA atomic flags Bug fixes: - Like IMA, properly limit EVM "fix" mode - Define and call evm_fix_hmac() to update security.evm - Fallback to using i_version to detect file change for filesystems that do not support STATX_CHANGE_COOKIE - Address missing kernel support for configured (new) TPM hash algorithms - Add missing crypto_shash_final() return value" * tag 'integrity-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: evm: Enforce signatures version 3 with new EVM policy 'bit 3' integrity: Allow sigv3 verification on EVM_XATTR_PORTABLE_DIGSIG ima: add support to require IMA sigv3 signatures ima: add regular file data hash signature version 3 support ima: Define asymmetric_verify_v3() to verify IMA sigv3 signatures ima: remove buggy support for asynchronous hashes integrity: Eliminate weak definition of arch_get_secureboot() ima: Add code comments to explain IMA iint cache atomic_flags ima_fs: Correctly create securityfs files for unsupported hash algos ima: check return value of crypto_shash_final() in boot aggregate ima: Define and use a digest_size field in the ima_algo_desc structure powerpc/ima: Drop unnecessary check for CONFIG_MODULE_SIG ima: efi: Drop unnecessary check for CONFIG_MODULE_SIG/CONFIG_KEXEC_SIG ima: fallback to using i_version to detect file change evm: fix security.evm for a file with IMA signature s390: Drop unnecessary CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT evm: Don't enable fix mode when secure boot is enabled integrity: Make arch_ima_get_secureboot integrity-wide
2026-04-17Merge tag 'hwlock-v7.1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux Pull hwspinlock updates from Bjorn Andersson: "Remove the unused u8500 hardware spinlock driver, and clean out the hwspinlock_pdata struct as this was the last user of the struct" * tag 'hwlock-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux: hwspinlock: remove now unused pdata from header file hwspinlock: u8500: delete driver
2026-04-17bpf, arm32: Reject BPF-to-BPF calls and callbacks in the JITPuranjay Mohan
The ARM32 BPF JIT does not support BPF-to-BPF function calls (BPF_PSEUDO_CALL) or callbacks (BPF_PSEUDO_FUNC), but it does not reject them either. When a program with subprograms is loaded (e.g. libxdp's XDP dispatcher uses __noinline__ subprograms, or any program using callbacks like bpf_loop or bpf_for_each_map_elem), the verifier invokes bpf_jit_subprogs() which calls bpf_int_jit_compile() for each subprogram. For BPF_PSEUDO_CALL, since ARM32 does not reject it, the JIT silently emits code using the wrong address computation: func = __bpf_call_base + imm where imm is a pc-relative subprogram offset, producing a bogus function pointer. For BPF_PSEUDO_FUNC, the ldimm64 handler ignores src_reg and loads the immediate as a normal 64-bit value without error. In both cases, build_body() reports success and a JIT image is allocated. ARM32 lacks the jit_data/extra_pass mechanism needed for the second JIT pass in bpf_jit_subprogs(). On the second pass, bpf_int_jit_compile() performs a full fresh compilation, allocating a new JIT binary and overwriting prog->bpf_func. The first allocation is never freed. bpf_jit_subprogs() then detects the function pointer changed and aborts with -ENOTSUPP, but the original JIT binary has already been leaked. Each program load/unload cycle leaks one JIT binary allocation, as reported by kmemleak: unreferenced object 0xbf0a1000 (size 4096): backtrace: bpf_jit_binary_alloc+0x64/0xfc bpf_int_jit_compile+0x14c/0x348 bpf_jit_subprogs+0x4fc/0xa60 Fix this by rejecting both BPF_PSEUDO_CALL in the BPF_CALL handler and BPF_PSEUDO_FUNC in the BPF_LD_IMM64 handler, falling through to the existing 'notyet' path. This causes build_body() to fail before any JIT binary is allocated, so bpf_int_jit_compile() returns the original program unjitted. bpf_jit_subprogs() then sees !prog->jited and cleanly falls back to the interpreter with no leak. Acked-by: Daniel Borkmann <daniel@iogearbox.net> Fixes: 1c2a088a6626 ("bpf: x64: add JIT support for multi-function programs") Reported-by: Jonas Rebmann <jre@pengutronix.de> Closes: https://lore.kernel.org/bpf/b63e9174-7a3d-4e22-8294-16df07a4af89@pengutronix.de Tested-by: Jonas Rebmann <jre@pengutronix.de> Signed-off-by: Puranjay Mohan <puranjay@kernel.org> Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com> Link: https://lore.kernel.org/r/20260417143353.838911-1-puranjay@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>