summaryrefslogtreecommitdiff
path: root/include/uapi
AgeCommit message (Collapse)Author
2026-06-09KVM: s390: Add capability to support 2G hugepagesClaudio Imbrenda
Add KVM_CAP_S390_HPAGE_2G to signal to userspace that 2G hugepages may be used to back the guest; restrictions apply similar to 1M hugepages. Enable the (for now still ignored) GMAP_FLAG_ALLOW_HPAGE_2G flag for the guest gmap, and propagate / disable it as necessary. Reviewed-by: Steffen Eiden <seiden@linux.ibm.com> Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Message-ID: <20260609150930.665370-3-imbrenda@linux.ibm.com>
2026-06-08if_ether.h: add 802.1AC, warn about GRE 0x00FEDavid 'equinox' Lamparter
Because LLC wasn't complicated/annoying enough, there's 2 more "ethertypes" being used for it: - 0x8870 is pretty "normal", it got standardized in 802.1AC-2016/Cor1-2018 for transporting LLC frames > 1500 bytes. It simply replaces the length value (which is no longer encoded, and must now be derived from the packet.) The actual value dates back to 2001; https://datatracker.ietf.org/doc/html/draft-ietf-isis-ext-eth-01 (it was used without "proper" standardization for a long time) - 0x00fe is a doozy - actually "invalid" depending on how you look at it; it's used in GRE (and possibly GENEVE) tunnels to transport the IS-IS routing protocol. https://seclists.org/tcpdump/2002/q4/61 is the best/oldest source I could find. It's inspired by the 0xfe SAP value, a GRE packet with protocol 0x00fe is followed by a payload "as if" it was Ethernet with "<length> 0xfe 0xfe 0x03". (Again the length isn't encoded explicitly anymore.) The 0x00fe value is quite close to other values the kernel is using internally for various things (after all they "won't clash for 1500 types"). Except this one does clash, and if someone unknowingly starts using it for something internal... we end up in a world of pain in getting IS-IS running on GRE tunnels. Hence the "WARNING". Signed-off-by: David 'equinox' Lamparter <equinox@diac24.net> Cc: Andrew Lunn <andrew+netdev@lunn.ch> Link: https://patch.msgid.link/20260605164144.81184-1-equinox@diac24.net Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-08Merge tag 'batadv-next-pullrequest-20260605' of https://git.open-mesh.org/batadvJakub Kicinski
Simon Wunderlich says: ==================== This cleanup patchset includes the following patches, all by Sven Eckelmann: - tp_meter: initialize last_recv_time during init - convert cancellation of work items to disable helper - clean up wifi detection cache (3 patches) - clean up kernel-doc: corrections, reword, typos (6 patches) * tag 'batadv-next-pullrequest-20260605' of https://git.open-mesh.org/batadv: batman-adv: fix kernel-doc typos and grammar errors batman-adv: fix batadv_v_ogm_packet_recv error handling kernel-doc batman-adv: uapi: keep kernel-doc in struct member order batman-adv: bla: update stale kernel-doc batman-adv: tp_meter: update stale kernel-doc after refactoring batman-adv: correct batadv_wifi_* kernel-doc batman-adv: document cleanup of batadv_wifi_net_devices entries batman-adv: use GFP_KERNEL allocations for the wifi detection cache batman-adv: drop duplicated wifi_flags assignments batman-adv: convert cancellation of work items to disable helper batman-adv: tp_meter: initialize last_recv_time during init ==================== Link: https://patch.msgid.link/20260605072005.490368-1-sw@simonwunderlich.de Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-08watchdog: uapi: add comments for what bit masks apply toRandy Dunlap
Add comments similar to those in include/linux/watchdog.h so that the reader/user doesn't have to dig into the API documentation files for this. Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2026-06-08btrfs: add ioctl GET_CSUMS to read raw checksums from file rangeMark Harmstone
Add a new unprivileged BTRFS_IOC_GET_CSUMS ioctl, which can be used to query the on-disk csums for a file range. The ioctl is deliberately per-file rather than exposing raw csum tree lookups, to avoid leaking information to users about files they may not have access to. This is done by userspace passing a struct btrfs_ioctl_get_csums_args to the kernel, which details the offset and length we're interested in, and a buffer for the kernel to write its results into. The kernel writes a struct btrfs_ioctl_get_csums_entry into the buffer, followed by the csums if available. The maximum size of the user buffer is capped to 16MiB. If the extent is an uncompressed, non-NODATASUM extent, the kernel sets the entry type to BTRFS_GET_CSUMS_HAS_CSUMS and follows it with the csums. If it is sparse, preallocated, or beyond the EOF, it sets the type to BTRFS_GET_CSUMS_ZEROED - this is so userspace knows it can use the precomputed hash of the zero sector. Otherwise, it sets the type to BTRFS_GET_CSUMS_NODATASUM, BTRFS_GET_CSUMS_COMPRESSED, BTRFS_GET_CSUM_ENCRYPTED, or BTRFS_GET_CSUM_INLINE. For example, a file with a [0, 4K) hole and [4K, 12K) data extent would produce the following output buffer: | [0, 4K) ZEROED | [4K, 12K) HAS_CSUMS | csum data | We do store the csums of compressed extents, but we deliberately don't return them here: they're calculated over the compressed data, not the uncompressed data that's returned to userspace. Similarly for encrypted data, once encryption is supported, in which the csums will be on the ciphertext. The main use case for this is for speeding up mkfs.btrfs --rootdir. For the case when the source FS is btrfs and using the same csum algorithm, we can avoid having to recalculate the csums - in my synthetic benchmarks (16GB file on a spinning-rust drive), this resulted in a ~11% speed-up (218s to 196s). When using the --reflink option added in btrfs-progs v6.16.1, we can forgo reading the data entirely, resulting a ~2200% speed-up on the same test (128s to 6s). # mkdir rootdir # dd if=/dev/urandom of=rootdir/file bs=4096 count=4194304 (without ioctl) # echo 3 > /proc/sys/vm/drop_caches # time mkfs.btrfs --rootdir rootdir testimg ... real 3m37.965s user 0m5.496s sys 0m6.125s # echo 3 > /proc/sys/vm/drop_caches # time mkfs.btrfs --rootdir rootdir --reflink testimg ... real 2m8.342s user 0m5.472s sys 0m1.667s (with ioctl) # echo 3 > /proc/sys/vm/drop_caches # time mkfs.btrfs --rootdir rootdir testimg ... real 3m15.865s user 0m4.258s sys 0m6.261s # echo 3 > /proc/sys/vm/drop_caches # time mkfs.btrfs --rootdir rootdir --reflink testimg ... real 0m5.847s user 0m2.899s sys 0m0.097s Another notable use case is for deduplication, where reading the checksums may serve as a hint instead of reading the whole file data. Reviewed-by: Qu Wenruo <wqu@suse.com> Signed-off-by: Mark Harmstone <mark@harmstone.com> Signed-off-by: David Sterba <dsterba@suse.com>
2026-06-07bpf: Add support for tracing_multi link sessionJiri Olsa
Adding support to use session attachment with tracing_multi link. Adding new BPF_TRACE_FSESSION_MULTI program attach type, that follows the BPF_TRACE_FSESSION behaviour but on the tracing_multi link. Such program is called on entry and exit of the attached function and allows to pass cookie value from entry to exit execution. Signed-off-by: Jiri Olsa <jolsa@kernel.org> Link: https://lore.kernel.org/r/20260606123955.345967-16-jolsa@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-06-07bpf: Add support for tracing_multi link cookiesJiri Olsa
Add support to specify cookies for tracing_multi link. Cookies are provided in array where each value is paired with provided BTF ID value with the same array index. Such cookie can be retrieved by bpf program with bpf_get_attach_cookie helper call. We need to sort cookies array together with ids array in check_dup_ids, to keep the id->cookie relation. Signed-off-by: Jiri Olsa <jolsa@kernel.org> Link: https://lore.kernel.org/r/20260606123955.345967-15-jolsa@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-06-07bpf: Add support for tracing multi linkJiri Olsa
Adding new link to allow to attach program to multiple function BTF IDs. The link is represented by struct bpf_tracing_multi_link. To configure the link, new fields are added to bpf_attr::link_create to pass array of BTF IDs; struct { __aligned_u64 ids; __u32 cnt; } tracing_multi; Each BTF ID represents function (BTF_KIND_FUNC) that the link will attach bpf program to. We use previously added bpf_trampoline_multi_attach/detach functions to attach/detach the link. The linkinfo/fdinfo callbacks will be implemented in following changes. Note this is supported only for archs (x86_64) with ftrace direct and have single ops support. CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS && CONFIG_HAVE_SINGLE_FTRACE_DIRECT_OPS Note using sort_r (instead of plain sort) in check_dup_ids, because we will use the swap callback in following changes. Signed-off-by: Jiri Olsa <jolsa@kernel.org> Link: https://lore.kernel.org/r/20260606123955.345967-14-jolsa@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-06-07bpf: Add multi tracing attach typesJiri Olsa
Adding new program attach types multi tracing attachment: BPF_TRACE_FENTRY_MULTI BPF_TRACE_FEXIT_MULTI and their base support in verifier code. Programs with such attach type will use specific link attachment interface coming in following changes. This was suggested by Andrii some (long) time ago and turned out to be easier than having special program flag for that. Bpf programs with such types have 'bpf_multi_func' function set as their attach_btf_id and keep module reference when it's specified by attach_prog_fd. They are also accepted as sleepable programs during verification, and the real validation for specific BTF_IDs/functions will happen during the multi link attachment in following changes. Suggested-by: Andrii Nakryiko <andrii@kernel.org> Signed-off-by: Jiri Olsa <jolsa@kernel.org> Link: https://lore.kernel.org/r/20260606123955.345967-11-jolsa@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-06-06vfs: uapi: retire octal and hex numbers in favor of (1 << n) for O_ flagsJori Koolstra
A recent build failure[1] exposed the diffculty of working with the current octal and hex definitions of O_ flags when trying to find a gap for a new flag. This difficulty is compounded by the fact that O_ flags may have architectural specific values. Replace the hex/octal #defines, which are hard to parse when looking for free bits, with explicit bit shifts like (1 << 11). Also, add comments that identify which architectures redefine some of the seemingly free ("cursed") bits in uapi/asm-generic/fcntl.h. These should not be used to define new O_ flags (for now, at least). The translastion was done with Claude Opus 4.8, and verified with a (non-AI) gawk script. The accounting of which architectures claim which bit-gaps in uapi/asm-generic/fcntl.h is also done by hand. [1]: https://lore.kernel.org/all/agruPPybCx8q2XcJ@sirena.org.uk/ Assisted-by: Claude:Opus 4.8 Signed-off-by: Jori Koolstra <jkoolstra@xs4all.nl> Link: https://patch.msgid.link/20260604222405.5382-1-jkoolstra@xs4all.nl Signed-off-by: Christian Brauner (Amutable) <brauner@kernel.org>
2026-06-05bpf: Check tail zero of bpf_prog_infoLeon Hwang
Since there're 4 bytes padding at the end of struct bpf_prog_info, they won't be checked by bpf_check_uarg_tail_zero(). pahole -C bpf_prog_info ./vmlinux struct bpf_prog_info { ... __u32 attach_btf_obj_id; /* 220 4 */ __u32 attach_btf_id; /* 224 4 */ /* size: 232, cachelines: 4, members: 38 */ /* sum members: 224 */ /* sum bitfield members: 1 bits, bit holes: 1, sum bit holes: 31 bits */ /* padding: 4 */ /* forced alignments: 9 */ /* last cacheline: 40 bytes */ } __attribute__((__aligned__(8))); If a future kernel extension adds a new 4-byte field, older userspace programs allocating this structure on the stack might inadvertently pass uninitialized stack garbage into the new field, permanently breaking backward compatibility. -- sashiko [1] Fix it by changing sizeof(info) to offsetofend(struct bpf_prog_info, attach_btf_id). And, add "__u32 :32" to the tail of struct bpf_prog_info. [1] https://lore.kernel.org/bpf/20260513224823.6494FC19425@smtp.kernel.org/ Fixes: aba64c7da983 ("bpf: Add verified_insns to bpf_prog_info and fdinfo") Acked-by: Mykyta Yatsenko <yatsenko@meta.com> Signed-off-by: Leon Hwang <leon.hwang@linux.dev> Link: https://lore.kernel.org/r/20260605155249.20772-3-leon.hwang@linux.dev Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-06-05bpf: Check tail zero of bpf_map_infoLeon Hwang
Since there're 4 bytes padding at the end of struct bpf_map_info, they won't be checked by bpf_check_uarg_tail_zero(). pahole -C bpf_map_info ./vmlinux struct bpf_map_info { ... __u64 hash __attribute__((__aligned__(8))); /* 88 8 */ __u32 hash_size; /* 96 4 */ /* size: 104, cachelines: 2, members: 18 */ /* padding: 4 */ /* forced alignments: 1 */ /* last cacheline: 40 bytes */ } __attribute__((__aligned__(8))); If a future kernel extension adds a new 4-byte field, older userspace programs allocating this structure on the stack might inadvertently pass uninitialized stack garbage into the new field, permanently breaking backward compatibility. -- sashiko [1] Fix it by changing sizeof(info) to offsetofend(struct bpf_map_info, hash_size). And, add "__u32 :32" to the tail of struct bpf_map_info. [1] https://lore.kernel.org/bpf/20260513224823.6494FC19425@smtp.kernel.org/ Fixes: ea2e6467ac36 ("bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD") Acked-by: Mykyta Yatsenko <yatsenko@meta.com> Signed-off-by: Leon Hwang <leon.hwang@linux.dev> Link: https://lore.kernel.org/r/20260605155249.20772-2-leon.hwang@linux.dev Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-06-05vfio/nvgrace-gpu: Add Blackwell-Next GPU readiness check via CXL DVSECAnkit Agrawal
Add a CXL DVSEC-based readiness check for Blackwell-Next GPUs alongside the existing legacy BAR0 polling path. The CXL Device DVSEC offset is discovered at probe time. Probe, fault and read/write paths then branch on that to use either the legacy BAR0 polling or the CXL DVSEC polling. The CXL path polls Memory_Active, requiring MEM_INFO_VALID within 1s and MEM_ACTIVE within Memory_Active_Timeout (up to 256s) as per CXL spec r4.0 sec 8.1.3.8.2. Given the long worst-case wait, the CXL poll runs outside memory_lock with only a quick readiness check is done under the lock. The poll loops sleep with schedule_timeout_killable() and return -EINTR on a fatal signal. This avoids hung-task panics during the long uninterruptible wait. Extend this to the legacy based wait as well for improvement. In the fault handler the wait runs locklessly before memory_lock. If a reset races in, the in-lock recheck returns -EAGAIN and the wait is retried rather than returning a spurious VM_FAULT_SIGBUS. Add PCI_DVSEC_CXL_MEM_ACTIVE_TIMEOUT to pci_regs.h for the timeout field. Cc: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com> Cc: Kevin Tian <kevin.tian@intel.com> Suggested-by: Alex Williamson <alex@shazbot.org> Signed-off-by: Ankit Agrawal <ankita@nvidia.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com> Link: https://lore.kernel.org/r/20260602063015.3915-1-ankita@nvidia.com Signed-off-by: Alex Williamson <alex@shazbot.org>
2026-06-05bpf: Implement resizable hashmap basic functionsMykyta Yatsenko
Use rhashtable_lookup_likely() for lookups, rhashtable_remove_fast() for deletes, and rhashtable_lookup_get_insert_fast() for inserts. Updates modify values in place under RCU rather than allocating a new element and swapping the pointer (as regular htab does). This trades read consistency for performance: concurrent readers may see partial updates. BPF_F_LOCK support and special-field handling (timers, kptrs, etc.) follow in a later commit. Initialize rhashtable with bpf_mem_alloc element cache. Require BPF_F_NO_PREALLOC. Limit max_entries to 2^31. Free elements via rhashtable_free_and_destroy(). Signed-off-by: Mykyta Yatsenko <yatsenko@meta.com> Link: https://lore.kernel.org/r/20260605-rhash-v7-4-5b8e05f8630d@meta.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-06-05batman-adv: uapi: keep kernel-doc in struct member orderSven Eckelmann
The order of the members of struct batadv_coded_packet and struct batadv_unicast_tvlv_packet didn't match the kernel doc. This is the case for all other structures and should also be done the same way for these two. Signed-off-by: Sven Eckelmann <sven@narfation.org>
2026-06-04Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski
Cross-merge networking fixes after downstream PR (net-7.1-rc7). Silent conflicts: net/wireless/nl80211.c cb9959ab5f99 ("wifi: cfg80211: enforce HE/EHT cap/oper consistency") a384ae969902 ("wifi: cfg80211: move AP HT/VHT/... operation to beacon info") https://lore.kernel.org/aiGJDaHV4UlCexIQ@sirena.org.uk Conflicts: drivers/net/wireless/intel/iwlwifi/mld/ap.c a342c99cb70d ("wifi: iwlwifi: mld: honor BSS_CHANGED_BEACON_ENABLED") 9bf1b409afc7 ("wifi: iwlwifi: mld: send tx power constraints before link activation") https://lore.kernel.org/ah2bfedhV45ZxMO8@sirena.org.uk drivers/net/wireless/intel/iwlwifi/pcie/drv.c 093305d801fa ("wifi: iwlwifi: pcie: simplify the resume flow if fast resume is not used") e2323929a68a ("wifi: iwlwifi: pcie: add debug print for resume flow if powered off") https://lore.kernel.org/ah2bfedhV45ZxMO8@sirena.org.uk Adjacent changes: drivers/net/ethernet/airoha/airoha_eth.c b38cae85d1c4 ("net: airoha: Fix use-after-free in metadata dst teardown") ec6c391bcca7 ("net: airoha: Introduce airoha_gdm_dev struct") drivers/net/ethernet/microchip/lan743x_main.c 8173d22b211f ("net: lan743x: permit VLAN-tagged packets up to configured MTU") e3c6508a46f5 ("net: lan743x: avoid netdev-based logging before netdev registration") Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-04xfrm: add XFRM_MSG_MIGRATE_STATE for single SA migrationAntony Antony
Add a new netlink method to migrate a single xfrm_state. Unlike the existing migration mechanism (SA + policy), this supports migrating only the SA and allows changing the reqid. The SA is looked up via xfrm_usersa_id, which uniquely identifies it, so old_saddr is not needed. old_daddr is carried in xfrm_usersa_id.daddr. The reqid is invariant in the old migration. Signed-off-by: Antony Antony <antony.antony@secunet.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2026-06-03geneve: Introduce IFLA_GENEVE_LOCAL and IFLA_GENEVE_LOCAL6.Kuniyuki Iwashima
By default, a GENEVE device bind()s its underlying UDP socket(s) to the IPv4 or IPv6 wildcard address because there is no way to specify a specific local IP address to bind() to. This prevents deploying multiple GENEVE devices on a multi-homed host where each device should be isolated and bound to a different local IP address on the same UDP port. Let's introduce new options, IFLA_GENEVE_LOCAL and IFLA_GENEVE_LOCAL6, to allow specifying a local IPv4/IPv6 address for the backend UDP socket. By default, when collect metadata mode (IFLA_GENEVE_COLLECT_METADATA) is enabled, both IPv4 and IPv6 sockets are created. However, if a source address is specified via the new attributes, only a single socket corresponding to that specific address family is created. Accordingly, geneve_find_sock() and geneve_find_dev() are updated to take the source address into account, ensuring that multiple devices and sockets configured with different source addresses can coexist without conflict. In addition, the source address is validated in geneve_xmit_skb() and geneve6_xmit_skb(), so the BPF prog must set it in bpf_tunnel_key. With this change, multiple GENEVE devices can be successfully created and bound to their respective local IP addresses: (*) "local" is the keyword for IFLA_GENEVE_LOCAL / IFLA_GENEVE_LOCAL6 # for i in $(seq 1 2); do ip link add geneve4_${i} type geneve local 192.168.0.${i} external ip addr add 192.168.0.${i}/24 dev geneve4_${i} ip link set geneve4_${i} up ip link add geneve6_${i} type geneve local 2001:9292::${i} external ip addr add 2001:9292::${i}/64 dev geneve6_${i} nodad ip link set geneve6_${i} up done # ip -d l | grep geneve 9: geneve4_1: <BROADCAST,MULTICAST,UP,LOWER_UP> ... geneve external id 0 local 192.168.0.1 ... 10: geneve6_1: <BROADCAST,MULTICAST,UP,LOWER_UP> ... geneve external id 0 local 2001:9292::1 ... 11: geneve4_2: <BROADCAST,MULTICAST,UP,LOWER_UP> ... geneve external id 0 local 192.168.0.2 ... 12: geneve6_2: <BROADCAST,MULTICAST,UP,LOWER_UP> ... geneve external id 0 local 2001:9292::2 ... # ss -ua | grep geneve UNCONN 0 0 192.168.0.2:geneve 0.0.0.0:* UNCONN 0 0 192.168.0.1:geneve 0.0.0.0:* UNCONN 0 0 [2001:9292::2]:geneve *:* UNCONN 0 0 [2001:9292::1]:geneve *:* Note that even if the local address is explicitly configured with the wildcard address, kernel does not dump it except for devices with IFLA_GENEVE_COLLECT_METADATA. This is consistent with the behaviour of is_tnl_info_zero(), which treats the wildcard remote address as not configured. ## ynl example. # ./tools/net/ynl/pyynl/cli.py \ --spec ./Documentation/netlink/specs/rt-link.yaml \ --do newlink --create \ --json '{"ifname": "geneve0", "linkinfo": {"kind":"geneve", "data": {"local": "0.0.0.0", "collect-metadata": true}}}' # ./tools/net/ynl/pyynl/cli.py \ --spec ./Documentation/netlink/specs/rt-link.yaml \ --do getlink \ --json '{"ifname": "geneve0"}' --output-json | \ jq .linkinfo.data.local "0.0.0.0" Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> Link: https://patch.msgid.link/20260602190436.139591-6-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-04Merge tag 'drm-msm-next-2026-05-30' of ↵Dave Airlie
https://gitlab.freedesktop.org/drm/msm into drm-next Changes for v7.2 Core: - Fixed documentation for msm_gem_shrinker functions - IFPC related enablement/fixes for gen8 - PERFCNTR_CONFIG ioctl support GPU - Reworked handling of UBWC configuration - a810 suppport MDSS: - Added Milos platform support - Reworked handling of UBWC configuration DisplayPort: - Reworked HPD handling, preparing for the MST support DPU: - Added Milos platform support - Reworked handling of UBWC configuration DSI: - Added Milos platform support Signed-off-by: Dave Airlie <airlied@redhat.com> From: Rob Clark <rob.clark@oss.qualcomm.com> Link: https://patch.msgid.link/CACSVV00DXZcvFH2-C3fouve5DGs0DGa-vvsJPuaRmUZZVNKOfg@mail.gmail.com
2026-06-03futex: Add support for unlocking robust futexesThomas Gleixner
Unlocking robust non-PI futexes happens in user space with the following sequence: 1) robust_list_set_op_pending(mutex); 2) robust_list_remove(mutex); lval = 0; 3) lval = atomic_xchg(lock, lval); 4) if (lval & WAITERS) 5) sys_futex(WAKE,....); 6) robust_list_clear_op_pending(); That opens a window between #3 and #6 where the mutex could be acquired by some other task which observes that it is the last user and: A) unmaps the mutex memory B) maps a different file, which ends up covering the same address When the original task exits before reaching #6 then the kernel robust list handling observes the pending op entry and tries to fix up user space. In case that the newly mapped data contains the TID of the exiting thread at the address of the mutex/futex the kernel will set the owner died bit in that memory and therefore corrupting unrelated data. PI futexes have a similar problem both for the non-contented user space unlock and the in kernel unlock: 1) robust_list_set_op_pending(mutex); 2) robust_list_remove(mutex); lval = gettid(); 3) if (!atomic_try_cmpxchg(lock, lval, 0)) 4) sys_futex(UNLOCK_PI,....); 5) robust_list_clear_op_pending(); Address the first part of the problem where the futexes have waiters and need to enter the kernel anyway. Add a new FUTEX_ROBUST_UNLOCK flag, which is valid for the sys_futex() FUTEX_UNLOCK_PI, FUTEX_WAKE, FUTEX_WAKE_BITSET operations. This deliberately omits FUTEX_WAKE_OP from this treatment as it's unclear whether this is needed and there is no usage of it in glibc either to investigate. For the futex2 syscall family this needs to be implemented with a new syscall. The sys_futex() case [ab]uses the @uaddr2 argument to hand the pointer to robust_list_head::list_pending_op into the kernel. This argument is only evaluated when the FUTEX_ROBUST_UNLOCK bit is set and is therefore backward compatible. This is an explicit argument to avoid the lookup of the robust list pointer and retrieving the pending op pointer from there. User space has the pointer already available so it can just put it into the @uaddr2 argument. Aside of that this allows the usage of multiple robust lists in the future without any changes to the internal functions as they just operate on the provided pointer. This requires a second flag FUTEX_ROBUST_LIST32 which indicates that the robust list pointer points to an u32 and not to an u64. This is required for two reasons: 1) sys_futex() has no compat variant 2) The gaming emulators use both both 64-bit and compat 32-bit robust lists in the same 64-bit application As a consequence 32-bit applications have to set this flag unconditionally so they can run on a 64-bit kernel in compat mode unmodified. 32-bit kernels return an error code when the flag is not set. 64-bit kernels will happily clear the full 64 bits if user space fails to set it. In case of FUTEX_UNLOCK_PI this clears the robust list pending op when the unlock succeeded. In case of errors, the user space value is still locked by the caller and therefore the above cannot happen. In case of FUTEX_WAKE* this does the unlock of the futex in the kernel and clears the robust list pending op when the unlock was successful. If not, the user space value is still locked and user space has to deal with the returned error. That means that the unlocking of non-PI robust futexes has to use the same try_cmpxchg() unlock scheme as PI futexes. If the clearing of the pending list op fails (fault) then the kernel clears the registered robust list pointer if it matches to prevent that exit() will try to handle invalid data. That's a valid paranoid decision because the robust list head sits usually in the TLS and if the TLS is not longer accessible then the chance for fixing up the resulting mess is very close to zero. The problem of non-contended unlocks still exists and will be addressed separately. Signed-off-by: Thomas Gleixner <tglx@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: André Almeida <andrealmeid@igalia.com> Link: https://patch.msgid.link/20260602090535.670514505@kernel.org
2026-06-03futex: Cleanup UAPI definesThomas Gleixner
Make the operand defines tabular for readability sake. Signed-off-by: Thomas Gleixner <tglx@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: André Almeida <andrealmeid@igalia.com> Link: https://patch.msgid.link/20260602090535.615600933@kernel.org
2026-06-03futex: Provide UABI defines for robust list entry modifiersThomas Gleixner
The marker for PI futexes in the robust list is a hardcoded 0x1 which lacks any sensible form of documentation. Provide proper defines for the bit and the mask and fix up the usage sites. Thereby convert the boolean pi argument into a modifier argument, which allows new modifier bits to be trivially added and conveyed. Signed-off-by: Thomas Gleixner <tglx@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Reviewed-by: André Almeida <andrealmeid@igalia.com> Link: https://patch.msgid.link/20260602090535.458758556@kernel.org
2026-06-02Merge tag 'soc-fixes-7.1-2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull SoC fixes from Arnd Bergmann: "Following the previous set of fixes, this addresses another significant number of small issues found in firmware drivers (tee, optee, qcomtee, qcom ice, exynos acpm) drivers through various tools. This is about error handling, resource leaks, concurrency and a use-after-free bug. The fixes for the Qualcomm ICE driver also introduce interface changes in the UFS and MMC drivers using it. Outside of firmware drivers, there are a few fixes across the tree: - Minor driver code mistakes in the Atmel EBI memory controller, the i.MX soc ID driver and socfpga boot logic - A defconfig change to avoid a boot time regression on multiple qualcomm boards - Device tree fixes for qualcomm, at91 and gemini, addressing mostly minor configuration mistakes" * tag 'soc-fixes-7.1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (28 commits) firmware: samsung: acpm: Fix infinite loop on sequence number exhaustion firmware: samsung: acpm: Fix missing LKMM barriers in sequence allocator firmware: samsung: acpm: Fix false timeouts and Use-After-Free in polling ARM: dts: gemini: Fix partition offsets ARM: socfpga: Fix OF node refcount leak in SMP setup soc: qcom: ice: Fix the error code when 'qcom,ice' property is not found arm64: dts: qcom: eliza: Add power-domain and iface clk for ice node arm64: dts: qcom: milos: Add power-domain and iface clk for ice node tee: qcomtee: add missing va_end in early return qcomtee_object_user_init() tee: fix params_from_user() error path in tee_ioctl_supp_recv tee: shm: fix shm leak in register_shm_helper() tee: fix tee_ioctl_object_invoke_arg padding arm64: defconfig: Enable PCI M.2 power sequencing driver scsi: ufs: ufs-qcom: Remove NULL check from devm_of_qcom_ice_get() mmc: sdhci-msm: Remove NULL check from devm_of_qcom_ice_get() soc: qcom: ice: Return proper error codes from devm_of_qcom_ice_get() instead of NULL soc: qcom: ice: Return -ENODEV if the ICE platform device is not found soc: qcom: ice: Fix race between qcom_ice_probe() and of_qcom_ice_get() ARM: dts: microchip: sam9x7: fix GMAC clock configuration firmware: samsung: acpm: Fix mailbox channel leak on probe error ...
2026-06-02Merge tag 'v7.1-rc6' into workJonathan Cameron
Linux 7.1-rc6
2026-06-01Input: userio - allow setting other id valuesVicki Pfau
Previously, only the type value was settable. The proto value is used internally for choosing the right drivers, so we should expose it. The other values make sense to expose as well. Signed-off-by: Vicki Pfau <vi@endrift.com> Link: https://patch.msgid.link/20260522015040.3953472-2-vi@endrift.com Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2026-06-01Input: userio - update maintainer nameVicki Pfau
She's been committing under the name Lyude Paul for a while Signed-off-by: Vicki Pfau <vi@endrift.com> Link: https://patch.msgid.link/20260522015040.3953472-1-vi@endrift.com Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2026-06-01Merge tag 'v7.1-rc6' into tty-nextGreg Kroah-Hartman
We need the tty/serial fixes in here as well. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2026-06-01nfsd: add NFSD_CMD_CACHE_FLUSH netlink commandJeff Layton
Add a new NFSD_CMD_CACHE_FLUSH generic netlink command that allows userspace to flush the nfsd export caches (svc_export and expkey) without writing to /proc/net/rpc/*/flush. An optional NFSD_A_CACHE_FLUSH_MASK u32 attribute selects which caches to flush (bit 1 = svc_export, bit 2 = expkey). If the attribute is omitted, all nfsd caches are flushed. This is used by exportfs to replace its /proc-based cache_flush() with a netlink equivalent, with /proc fallback for older kernels. Signed-off-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-01sunrpc: add SUNRPC_CMD_CACHE_FLUSH netlink commandJeff Layton
Add a new SUNRPC_CMD_CACHE_FLUSH generic netlink command that allows userspace to flush the sunrpc auth caches (ip_map and unix_gid) without writing to /proc/net/rpc/*/flush. An optional SUNRPC_A_CACHE_FLUSH_MASK u32 attribute selects which caches to flush (bit 1 = ip_map, bit 2 = unix_gid). If the attribute is omitted, all sunrpc caches are flushed. This is used by exportfs to replace its /proc-based cache_flush() with a netlink equivalent, with /proc fallback for older kernels. Signed-off-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-01nfsd: add netlink upcall for the nfsd.fh cacheJeff Layton
Add netlink-based cache upcall support for the expkey (nfsd.fh) cache, following the same pattern as the existing svc_export netlink support. Add expkey to the cache-type enum, a new expkey attribute-set with client, fsidtype, fsid, negative, expiry, and path fields, and the expkey-get-reqs / expkey-set-reqs operations to the nfsd YAML spec and generated headers. Implement nfsd_nl_expkey_get_reqs_dumpit() which snapshots pending expkey cache requests and sends each entry's seqno, client name, fsidtype, and fsid over netlink. Implement nfsd_nl_expkey_set_reqs_doit() which parses expkey cache responses from userspace (client, fsidtype, fsid, expiry, and path or negative flag) and updates the cache via svc_expkey_lookup() / svc_expkey_update(). Wire up the expkey_notify() callback in svc_expkey_cache_template so cache misses trigger NFSD_CMD_CACHE_NOTIFY multicast events with NFSD_CACHE_TYPE_EXPKEY. Signed-off-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-01nfsd: add netlink upcall for the svc_export cacheJeff Layton
Add netlink-based cache upcall support for the svc_export (nfsd.export) cache to Documentation/netlink/specs/nfsd.yaml and regenerate the resulting files. Implement nfsd_cache_notify() which sends a NFSD_CMD_CACHE_NOTIFY multicast event to the "exportd" group, carrying the cache type so userspace knows which cache has pending requests. Implement nfsd_nl_svc_export_get_reqs_dumpit() which snapshots pending svc_export cache requests and sends each entry's seqno, client name, and path over netlink. Implement nfsd_nl_svc_export_set_reqs_doit() which parses svc_export cache responses from userspace (client, path, expiry, flags, anon uid/gid, fslocations, uuid, secinfo, xprtsec, fsid, or negative flag) and updates the cache via svc_export_lookup() / svc_export_update(). Wire up the svc_export_notify() callback in svc_export_cache_template so cache misses trigger NFSD_CMD_CACHE_NOTIFY multicast events with NFSD_CACHE_TYPE_SVC_EXPORT. Note that the export-flags and xprtsec-mode enums are organized to match their counterparts in include/uapi/linux/nfsd/export.h. The intent is that future export options will only be added to the netlink headers, which should eliminate the need to keep so much in sync. Signed-off-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-01sunrpc: add netlink upcall for the auth.unix.gid cacheJeff Layton
Add netlink-based cache upcall support for the unix_gid (auth.unix.gid) cache, using the sunrpc generic netlink family. Add unix-gid attribute-set (seqno, uid, gids multi-attr, negative, expiry), unix-gid-reqs wrapper, and unix-gid-get-reqs / unix-gid-set-reqs operations to the sunrpc_cache YAML spec and generated headers. Implement sunrpc_nl_unix_gid_get_reqs_dumpit() which snapshots pending unix_gid cache requests and sends each entry's seqno and uid over netlink. Implement sunrpc_nl_unix_gid_set_reqs_doit() which parses unix_gid cache responses from userspace (uid, expiry, gids as u32 multi-attr or negative flag) and updates the cache via unix_gid_lookup() / sunrpc_cache_update(). Wire up unix_gid_notify() callback in unix_gid_cache_template so cache misses trigger SUNRPC_CMD_CACHE_NOTIFY multicast events with SUNRPC_CACHE_TYPE_UNIX_GID. Signed-off-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-01sunrpc: add netlink upcall for the auth.unix.ip cacheJeff Layton
Add netlink-based cache upcall support for the ip_map (auth.unix.ip) cache, using the sunrpc generic netlink family. Add ip-map attribute-set (seqno, class, addr, domain, negative, expiry), ip-map-reqs wrapper, and ip-map-get-reqs / ip-map-set-reqs operations to the sunrpc_cache YAML spec and generated headers. Implement sunrpc_nl_ip_map_get_reqs_dumpit() which snapshots pending ip_map cache requests and sends each entry's seqno, class name, and IP address over netlink. Implement sunrpc_nl_ip_map_set_reqs_doit() which parses ip_map cache responses from userspace (class, addr, expiry, and domain name or negative flag) and updates the cache via __ip_map_lookup() / __ip_map_update(). Wire up ip_map_notify() callback in ip_map_cache_template so cache misses trigger SUNRPC_CMD_CACHE_NOTIFY multicast events with SUNRPC_CACHE_TYPE_IP_MAP. Signed-off-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-01sunrpc: add a generic netlink family for cache upcallsJeff Layton
The auth.unix.ip and auth.unix.gid caches live in the sunrpc module, so they cannot use the nfsd generic netlink family. Create a new "sunrpc" generic netlink family with its own "exportd" multicast group to support cache upcall notifications for sunrpc-resident caches. Define a YAML spec (sunrpc_cache.yaml) with a cache-type enum (ip_map, unix_gid), a cache-notify multicast event, and the corresponding uapi header. Implement sunrpc_cache_notify() in cache.c, which checks for listeners on the exportd multicast group, builds and sends a SUNRPC_CMD_CACHE_NOTIFY message with the cache-type attribute. Register/unregister the sunrpc_nl_family in init_sunrpc() and cleanup_sunrpc(). Signed-off-by: Jeff Layton <jlayton@kernel.org> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
2026-06-01Merge remote-tracking branches 'vfs/vfs-7.2.casefold', ↵Chuck Lever
'vfs/vfs-7.2.directory.delegations' and 'vfs/vfs-7.2.exportfs' into vfs-7.2-merge
2026-06-01liveupdate: add LIVEUPDATE_SESSION_GET_NAME ioctlLuca Boccassi
Userspace when requesting a session via the ioctl specifies a name and gets a FD, but then there is no ioctl to go back the other way and get the name given a LUO session FD. This is problematic especially when there is a userspace orchestrator that wants to check what FDs it is handling for clients without having to do manual string scraping of procfs, or without procfs at all. Add a ioctl to simply get the name from an FD. Signed-off-by: Luca Boccassi <luca.boccassi@gmail.com> Reviewed-by: Pasha Tatashin <pasha.tatashin@soleen.com> Reviewed-by: Pratyush Yadav <pratyush@kernel.org> Link: https://lore.kernel.org/r/20260429212221.814107-4-luca.boccassi@gmail.com Signed-off-by: Pasha Tatashin <pasha.tatashin@soleen.com> Signed-off-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
2026-05-31iio: core: Add IIO_COVERAGE channel typeLiviu Stan
Add a new channel type for sensors that report fractional coverage as a percentage. The sysfs attribute is in_coverageY_raw; after applying in_coverageY_scale the value is in percent. The first user is the ADT7604 leak detector, where the value represents the portion of the sensing element that is wetted. Signed-off-by: Liviu Stan <liviu.stan@analog.com> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2026-05-29RDMA/uverbs: Expose CoCo DMA bounce requirement to userspaceJiri Pirko
In CoCo guests, guest memory is encrypted and untrusted (T=0) devices cannot DMA to it directly; such transfers must go through unencrypted bounce buffers. RDMA registers user pages for direct device access, bypassing the DMA layer and thus any bouncing, so registered memory does not work in this configuration. Until trusted (T=1) device detection is available, conservatively flag every device attached to a CoCo guest. Expose the condition to userspace as IB_UVERBS_DEVICE_CC_DMA_BOUNCE in device_cap_flags_ex so applications can avoid memory registration and fall back to copying buffers through send/recv. Link: https://patch.msgid.link/r/20260517141311.2409230-2-jiri@resnulli.us Signed-off-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2026-05-29RDMA/mlx5: Use UMEM attribute for QP doorbell recordJiri Pirko
Add an optional mlx5 driver-namespace UMEM attribute on QP create so userspace can supply the doorbell record umem explicitly, symmetric to the CQ side. Resolve it inside mlx5_ib_db_map_user() and use it as a private DBR page when present; otherwise take the existing UHW share-or-pin path that preserves per-page DBR sharing across CQ/QP/SRQ in the same process. Add mlx5's first UVERBS_OBJECT_QP UAPI definition chain to attach the new attr. Link: https://patch.msgid.link/r/20260529134312.2836341-17-jiri@resnulli.us Signed-off-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2026-05-29RDMA/mlx5: Use UMEM attribute for CQ doorbell recordJiri Pirko
Add an optional mlx5 driver-namespace UMEM attribute on CQ create so userspace can supply the doorbell record buffer explicitly. mlx5_ib_db_map_user() resolves the attribute (or falls back to the legacy UHW VA) into a struct ib_uverbs_buffer_desc and runs a unified lookup-then-pin: VA-typed descriptors share a per-page umem across CQ/QP/SRQ in the same process, FD-typed descriptors are pinned per call. Link: https://patch.msgid.link/r/20260529134312.2836341-16-jiri@resnulli.us Signed-off-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2026-05-29RDMA/uverbs: Use UMEM attributes for QP creationJiri Pirko
Apply the per-attribute UMEM model to the QP create method. Add three optional UMEM attributes that drivers pick from based on how their user ABI lays out the QP rings: - CREATE_QP_BUF_UMEM is a single user buffer that backs both the SQ and RQ of one QP. This is the common case where userspace pins one contiguous WQE region for the QP. - CREATE_QP_SQ_BUF_UMEM and CREATE_QP_RQ_BUF_UMEM are a pair of user buffers backing the SQ and RQ independently, used when the two rings live in physically distinct user allocations and must be pinned and addressed separately. Existing drivers would map their current umems as follows: - mlx5: BUF for normal QPs (one ucmd->buf_addr covers SQ+RQ); for IB_QPT_RAW_PACKET and IB_QP_CREATE_SOURCE_QPN, the RQ side comes from ucmd->buf_addr (RQ-sized) via RQ_BUF and the SQ from ucmd->sq_buf_addr via SQ_BUF. - mlx4: BUF, single ucmd.buf_addr covering SQ+RQ. - hns: BUF, single ucmd.buf_addr covering SQ + ext-SGE + RQ. - erdma: BUF, single ureq.qbuf_va sliced by the kernel into SQ at offset 0 and RQ at rq_offset. - bnxt_re: SQ_BUF (ureq->qpsva) + RQ_BUF (ureq->qprva, the RQ side is skipped when the QP uses an SRQ). - vmw_pvrdma: SQ_BUF (sbuf_addr) + RQ_BUF (rbuf_addr, the RQ side is skipped when the QP uses an SRQ). - qedr: SQ_BUF (sq_addr) + RQ_BUF (rq_addr) for whichever side the QP type actually has (no SQ for XRC_TGT/GSI; no RQ for XRC_INI/XRC_TGT/SRQ). - ionic: SQ_BUF (req.sq.addr) + RQ_BUF (req.rq.addr); both are skipped when the rings are placed in CMB instead of host memory. - mana: raw-packet QP uses SQ_BUF (sq_buf_addr) only; the RC path uses multiple per-queue user buffers (ucmd.queue_buf[]) that do not fit the SQ/RQ pair semantics of these attrs and stays on the legacy UHW path. - efa, irdma, hfi1, ocrdma, mthca, cxgb4 and usnic do not pin a QP WQE buffer via umem; none of these attributes apply. Link: https://patch.msgid.link/r/20260529134312.2836341-13-jiri@resnulli.us Signed-off-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2026-05-29RDMA/uverbs: Add CQ buffer UMEM attribute and driver helpersJiri Pirko
Add UVERBS_ATTR_CREATE_CQ_BUF_UMEM and two driver-facing wrappers, ib_umem_get_cq_buf() and ib_umem_get_cq_buf_or_va(), that pin a CQ buffer umem from it. The wrappers reuse the existing legacy CQ buffer-attr filler. Link: https://patch.msgid.link/r/20260529134312.2836341-7-jiri@resnulli.us Signed-off-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2026-05-29RDMA/core: Introduce generic buffer descriptor infrastructure for umemJiri Pirko
Introduce a per-attribute UVERBS_ATTR_UMEM model so each uverbs command's umem set is explicit in its UAPI definition. Add driver-facing wrapper helpers that pin a umem on demand from an attribute or a VA addr; the driver owns the returned umem and releases it from its destroy/error paths. Link: https://patch.msgid.link/r/20260529134312.2836341-4-jiri@resnulli.us Signed-off-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
2026-05-29drm/msm: Add PERFCNTR_CONFIG ioctlRob Clark
Add new UABI and implementation of PERFCNTR_CONFIG ioctl. A bit more work is required to configure the pwrup_reglist for the GMU to restore SELect regs on exit of IFPC, before we can stop disabling IFPC while global counter collection. This will follow in a later commit, but will be transparent to userspace. Signed-off-by: Rob Clark <robin.clark@oss.qualcomm.com> Reviewed-by: Anna Maniscalco <anna.maniscalco2000@gmail.com> Reviewed-by: Akhil P Oommen <akhilpo@oss.qualcomm.com> Patchwork: https://patchwork.freedesktop.org/patch/728217/ Message-ID: <20260526145137.160554-14-robin.clark@oss.qualcomm.com>
2026-05-28drm/tegra: tegra_drm.h: fix all uapi kernel-doc warningsRandy Dunlap
Add 2 struct member descriptions and convert #define macro constants comments to kernel-doc comments to eliminate all kernel-doc warnings: Warning: include/uapi/drm/tegra_drm.h:353 struct member 'cmdbuf' not described in 'drm_tegra_reloc' Warning: include/uapi/drm/tegra_drm.h:353 struct member 'target' not described in 'drm_tegra_reloc' Warning: include/uapi/drm/tegra_drm.h:780 This comment starts with '/**', but isn't a kernel-doc comment. * Specify that bit 39 of the patched-in address should be set to switch Warning: include/uapi/drm/tegra_drm.h:832 This comment starts with '/**', but isn't a kernel-doc comment. * Execute `words` words of Host1x opcodes specified in the `gather_data_ptr` Warning: include/uapi/drm/tegra_drm.h:837 This comment starts with '/**', but isn't a kernel-doc comment. * Wait for a syncpoint to reach a value before continuing with further Warning: include/uapi/drm/tegra_drm.h:842 This comment starts with '/**', but isn't a kernel-doc comment. * Wait for a syncpoint to reach a value before continuing with further Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Mikko Perttunen <mperttunen@nvidia.com> Signed-off-by: Thierry Reding <treding@nvidia.com> Link: https://patch.msgid.link/20260427184454.693794-1-rdunlap@infradead.org
2026-05-28Merge tag 'tee-fixes-for-v7.1' of ↵Arnd Bergmann
git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into arm/fixes TEE fixes for v7.1 Fixing: - params_from_user() cleanup in error path in tee_ioctl_supp_recv() - possible tee_shm leak in error path in register_shm_helper() - padding in struct tee_ioctl_object_invoke_arg * tag 'tee-fixes-for-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee: tee: fix params_from_user() error path in tee_ioctl_supp_recv tee: shm: fix shm leak in register_shm_helper() tee: fix tee_ioctl_object_invoke_arg padding Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2026-05-28Merge v7.1-rc5 into drm-nextSimona Vetter
Boris Brezillion needs the gem lru fixes 379e8f1ca5e9 ("drm/gem: Make the GEM LRU lock part of drm_device") backmerged for drm-misc-next. That also means we need to sort out the rename conflict in panthor with the fixup patch from Boris from drm-tip. Signed-off-by: Simona Vetter <simona.vetter@ffwll.ch>
2026-05-28PCI: Add pci_ats_required() for CXL.cache capable devicesNicolin Chen
Controlled by IOMMU drivers, ATS can be enabled "on demand", when a given PASID on a device is attached to an I/O page table. This is working, even when a device has no translation on its RID (i.e., RID is IOMMU bypassed). However, certain PCIe devices require non-PASID ATS on their RID even when the RID is IOMMU bypassed. Call this "ATS always on" in IOMMU term. For example, CXL spec r4.0 notes in sec 3.2.5.13 Memory Type on CXL.cache: "To source requests on CXL.cache, devices need to get the Host Physical Address (HPA) from the Host by means of an ATS request on CXL.io." In other words, the CXL.cache capability requires ATS; otherwise, it can't access host physical memory. Introduce a new pci_ats_required() helper for the IOMMU driver to scan a PCI device and shift ATS policies between "on demand" and "always on". Add the support for CXL.cache devices first. Pre-CXL devices will be added in quirks.c file. Note that pci_ats_required() validates against pci_ats_supported(), so we ensure that untrusted devices (e.g. external ports) will not be always on. This maintains the existing ATS security policy regarding potential side- channel attacks via ATS. Cc: linux-cxl@vger.kernel.org Suggested-by: Vikram Sethi <vsethi@nvidia.com> Suggested-by: Jason Gunthorpe <jgg@nvidia.com> Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Jason Gunthorpe <jgg@nvidia.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com> Tested-by: Nirmoy Das <nirmoyd@nvidia.com> Acked-by: Nirmoy Das <nirmoyd@nvidia.com> Reviewed-by: Dave Jiang <dave.jiang@intel.com> Acked-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Nicolin Chen <nicolinc@nvidia.com> Reviewed-by: Yi Liu <yi.l.liu@intel.com> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
2026-05-26llc: Add SPDX id lines to some llc source filesTim Bird
Most of the lls source files are missing SPDX-License-Identifier lines. Add appropriate IDs to these files, and remove other license info from the header. In once case, leave the existing id line and just remove the license reference text. Signed-off-by: Tim Bird <tim.bird@sony.com> Link: https://patch.msgid.link/20260522225508.24006-1-tim.bird@sony.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-05-26io_uring/zcrx: add shared-memory notification statisticsClément Léger
Add support for an optional stats struct embedded in the refill queue region, allowing userspace to monitor copy-fallback in real-time. Userspace queries the stats struct size and alignment via IO_URING_QUERY_ZCRX_NOTIF (notif_stats_size / notif_stats_alignment), then provides a stats_offset in zcrx_notification_desc pointing to a location within the refill queue region. The kernel updates the stats counters in-place on every copy-fallback event. Signed-off-by: Clément Léger <cleger@meta.com> [pavel: rename io_uring_zcrx_notif_stats] Signed-off-by: Pavel Begunkov <asml.silence@gmail.com> Link: https://patch.msgid.link/f6af5a21015efea4b733b9d77aba22c637788fe4.1779189667.git.asml.silence@gmail.com Signed-off-by: Jens Axboe <axboe@kernel.dk>