linux.git/Documentation, branch v7.1-rc4 Linux kernel source tree Merge tag 'riscv-for-linus-7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux 2026-05-17T16:33:49+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-17T16:33:49+00:00 f7c79949bef47ff93167c8ae85a07ac006ed7139 Pull RISC-V fixes from Paul Walmsley: "Relatively low-impact fixes. Probably the most notable one is that we no longer ask the monitor-mode firmware to delegate misaligned access handling to the kernel by default, since the kernel code needs significant improvement to match the functionality of the firmware. This change avoids functional problems at some cost in performance, but shouldn't affect any system with misaligned access handling in hardware. - Disable satp register probing when no5lvl is specified on the kernel command line - Fix a CFI-related issue with the misaligned access speed measurement code - Reduce the CFI shadow stack size limit from 4GB to 2GB (following ARM64 GCS) - Prevent the kernel from requesting delegation of misaligned access faults unless a new Kconfig option, RISCV_SBI_FWFT_DELEGATE_MISALIGNED, is enabled. This will depend on CONFIG_NONPORTABLE until the deficiencies of the kernel misaligned access fixup code are fixed - Fix some potential uninitialized memory accesses in error paths in compat_riscv_gpr_set() and compat_restore_sigcontext() - Fix a bug in the RISC-V MIPS vendor errata patching code where a logical-and was used in place of a bitwise-and - Drop some unnecessary code in riscv_fill_hwcap_from_isa_string() - Use macros for isa2hwcap indices in riscv_fill_hwcap(), rather than open-coding them - Fix some documentation typos (one affecting 'make htmldocs')" * tag 'riscv-for-linus-7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: riscv: misaligned: Make enabling delegation depend on NONPORTABLE riscv: Docs: fix unmatched quote warning riscv: cfi: reduce shadow stack size limit from 4GB to 2GB riscv: cpufeature: Use pre-defined ISA ext macros to index isa2hwcap riscv: mm: Fixup no5lvl failure when vaddr is invalid riscv: Fix register corruption from uninitialized cregs on error riscv: errata: Fix bitwise vs logical AND in MIPS errata patching Documentation: riscv: cmodx: fix typos riscv: cpufeature: Drop this_hwcap clear in T-Head vector workaround riscv: Define __riscv_copy_{,vec_}{words,bytes}_unaligned() using SYM_TYPED_FUNC_START 
Pull RISC-V fixes from Paul Walmsley:
 "Relatively low-impact fixes. Probably the most notable one is that we
  no longer ask the monitor-mode firmware to delegate misaligned access
  handling to the kernel by default, since the kernel code needs
  significant improvement to match the functionality of the firmware.
  This change avoids functional problems at some cost in performance,
  but shouldn't affect any system with misaligned access handling in
  hardware.

   - Disable satp register probing when no5lvl is specified on the
     kernel command line

   - Fix a CFI-related issue with the misaligned access speed
     measurement code

   - Reduce the CFI shadow stack size limit from 4GB to 2GB (following
     ARM64 GCS)

   - Prevent the kernel from requesting delegation of misaligned access
     faults unless a new Kconfig option, RISCV_SBI_FWFT_DELEGATE_MISALIGNED,
     is enabled. This will depend on CONFIG_NONPORTABLE until the
     deficiencies of the kernel misaligned access fixup code are fixed

   - Fix some potential uninitialized memory accesses in error paths in
     compat_riscv_gpr_set() and compat_restore_sigcontext()

   - Fix a bug in the RISC-V MIPS vendor errata patching code where a
     logical-and was used in place of a bitwise-and

   - Drop some unnecessary code in riscv_fill_hwcap_from_isa_string()

   - Use macros for isa2hwcap indices in riscv_fill_hwcap(), rather than
     open-coding them

   - Fix some documentation typos (one affecting 'make htmldocs')"

* tag 'riscv-for-linus-7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  riscv: misaligned: Make enabling delegation depend on NONPORTABLE
  riscv: Docs: fix unmatched quote warning
  riscv: cfi: reduce shadow stack size limit from 4GB to 2GB
  riscv: cpufeature: Use pre-defined ISA ext macros to index isa2hwcap
  riscv: mm: Fixup no5lvl failure when vaddr is invalid
  riscv: Fix register corruption from uninitialized cregs on error
  riscv: errata: Fix bitwise vs logical AND in MIPS errata patching
  Documentation: riscv: cmodx: fix typos
  riscv: cpufeature: Drop this_hwcap clear in T-Head vector workaround
  riscv: Define __riscv_copy_{,vec_}{words,bytes}_unaligned() using SYM_TYPED_FUNC_START
Merge tag 'hwmon-for-v7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging 2026-05-17T16:23:28+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-17T16:23:28+00:00 1405a07192a3c5420c5fd7437f7945ebe1e71ad7 Pull hwmon fixes from Guenter Roeck: - asus_atk0110, acpi_power_meter: Add missing NULL pointer checks - lm90: Fix locking and UAF issues - sy7636a: Fix sysfs attribute name in documentation * tag 'hwmon-for-v7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (lm90) Add lock protection to lm90_alert hwmon: (lm90) Stop work before releasing hwmon device docs: hwmon: sy7636a: fix temperature sysfs attribute name hwmon: (asus_atk0110) Check ACPI_COMPANION() against NULL hwmon: (acpi_power_meter) Check ACPI_COMPANION() against NULL 
Pull hwmon fixes from Guenter Roeck:

 - asus_atk0110, acpi_power_meter: Add missing NULL pointer checks

 - lm90: Fix locking and UAF issues

 - sy7636a: Fix sysfs attribute name in documentation

* tag 'hwmon-for-v7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
  hwmon: (lm90) Add lock protection to lm90_alert
  hwmon: (lm90) Stop work before releasing hwmon device
  docs: hwmon: sy7636a: fix temperature sysfs attribute name
  hwmon: (asus_atk0110) Check ACPI_COMPANION() against NULL
  hwmon: (acpi_power_meter) Check ACPI_COMPANION() against NULL
Merge tag 'sound-7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound 2026-05-16T16:32:30+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-16T16:32:30+00:00 b6a08b017f8c7723c7e4c3fc460a3a7bf5870b2c Pull sound fixes from Takashi Iwai: "A collection of small fixes. All device-specific small changes: HD-audio: - Fix NULL pointer dereference in snd_hda_ctl_add() - ACPI and Kconfig fixes for Cirrus drivers - A regression fix CA0132 codec - Various device-specific quirks for HP, Lenovo, Samsung, Framework etc - Documentation path fix USB-audio: - Boundary checks for MIDI endpoint descriptors - Offload mapping error handling for Qualcomm - A new device quirk for TTGK Technology USB-C Audio - A fix for Focusrite Scarlett2 mixer" * tag 'sound-7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/ca0132: Disable auto-detect on manual output select ALSA: hda/realtek: Add mute LED quirk for HP Pavilion Laptop 16-ag0xxx ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Pro 7 15ASH111 audio ALSA: hda: Fix NULL pointer dereference in snd_hda_ctl_add() ALSA: hda/realtek: Add quirk for Samsung Galaxy Book5 360 headphone ALSA: hda/cs35l56: Drop malformed default N from Kconfig ALSA: hda/realtek: fix mic boost on Framework PTL ALSA: hda/realtek: Limit mic boost on Positivo DN50E ALSA: doc: cs35l56: Update path to HDA driver source ALSA: usb-audio: qcom: Check offload mapping failures ALSA: hda/realtek: Fix Legion 7 16ITHG6 speaker amp binding ALSA: usb-audio: Add iface reset and delay quirk for TTGK Technology USB-C Audio ALSA: scarlett2: Add missing error check when initialise Autogain Status ALSA: hda: cs35l41: Put ACPI device on missing physical node ALSA: hda: cs35l56: Put ACPI device after setting companion ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans ALSA: usb-audio: Bound MIDI endpoint descriptor scans ALSA: hda/realtek: Add codec SSID quirk for Lenovo Yoga Pro 9 16IMH9 (17aa:38d5) 
Pull sound fixes from Takashi Iwai:
 "A collection of small fixes.  All device-specific small changes:

  HD-audio:
   - Fix NULL pointer dereference in snd_hda_ctl_add()
   - ACPI and Kconfig fixes for Cirrus drivers
   - A regression fix CA0132 codec
   - Various device-specific quirks for HP, Lenovo, Samsung, Framework etc
   - Documentation path fix

  USB-audio:
   - Boundary checks for MIDI endpoint descriptors
   - Offload mapping error handling for Qualcomm
   - A new device quirk for TTGK Technology USB-C Audio
   - A fix for Focusrite Scarlett2 mixer"

* tag 'sound-7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/ca0132: Disable auto-detect on manual output select
  ALSA: hda/realtek: Add mute LED quirk for HP Pavilion Laptop 16-ag0xxx
  ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Pro 7 15ASH111 audio
  ALSA: hda: Fix NULL pointer dereference in snd_hda_ctl_add()
  ALSA: hda/realtek: Add quirk for Samsung Galaxy Book5 360 headphone
  ALSA: hda/cs35l56: Drop malformed default N from Kconfig
  ALSA: hda/realtek: fix mic boost on Framework PTL
  ALSA: hda/realtek: Limit mic boost on Positivo DN50E
  ALSA: doc: cs35l56: Update path to HDA driver source
  ALSA: usb-audio: qcom: Check offload mapping failures
  ALSA: hda/realtek: Fix Legion 7 16ITHG6 speaker amp binding
  ALSA: usb-audio: Add iface reset and delay quirk for TTGK Technology USB-C Audio
  ALSA: scarlett2: Add missing error check when initialise Autogain Status
  ALSA: hda: cs35l41: Put ACPI device on missing physical node
  ALSA: hda: cs35l56: Put ACPI device after setting companion
  ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans
  ALSA: usb-audio: Bound MIDI endpoint descriptor scans
  ALSA: hda/realtek: Add codec SSID quirk for Lenovo Yoga Pro 9 16IMH9 (17aa:38d5)
Merge tag 'docs-7.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/docs/linux 2026-05-15T19:24:09+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-15T19:24:09+00:00 36d49bba19f2c19c933d13b25dcf4eb607a030b3 Pull documentation fixes from Jonathan Corbet: "This is Willy Tarreau's new document clarifying the definition and handling of security-related bugs, which we're trying to get out there quickly on the theory that some of the bug reporters might actually read and pay attention to it" * tag 'docs-7.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/docs/linux: docs: threat-model: don't limit root capabilities to CAP_SYS_ADMIN docs: security-bugs: add a link to the threat-model documentation Documentation: security-bugs: clarify requirements for AI-assisted reports Documentation: security-bugs: explain what is and is not a security bug Documentation: security-bugs: do not systematically Cc the security team 
Pull documentation fixes from Jonathan Corbet:
 "This is Willy Tarreau's new document clarifying the definition and
  handling of security-related bugs, which we're trying to get out there
  quickly on the theory that some of the bug reporters might actually
  read and pay attention to it"

* tag 'docs-7.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/docs/linux:
  docs: threat-model: don't limit root capabilities to CAP_SYS_ADMIN
  docs: security-bugs: add a link to the threat-model documentation
  Documentation: security-bugs: clarify requirements for AI-assisted reports
  Documentation: security-bugs: explain what is and is not a security bug
  Documentation: security-bugs: do not systematically Cc the security team
ALSA: doc: cs35l56: Update path to HDA driver source 2026-05-15T06:53:34+00:00 Richard Fitzgerald rf@opensource.cirrus.com 2026-05-11T10:41:48+00:00 74e8409821ac8cda70bf23eb593f2c7f6e3b5a2f The HDA drivers were moved to sound/hda/... so update a Documentation reference that still pointed to the old location. Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com> Link: https://patch.msgid.link/20260511104148.36382-1-rf@opensource.cirrus.com Signed-off-by: Takashi Iwai <tiwai@suse.de> 
The HDA drivers were moved to sound/hda/... so update a Documentation
reference that still pointed to the old location.

Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
Link: https://patch.msgid.link/20260511104148.36382-1-rf@opensource.cirrus.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
docs: hwmon: sy7636a: fix temperature sysfs attribute name 2026-05-14T22:48:57+00:00 Chen-Shi-Hong eric039eric@gmail.com 2026-05-14T15:39:13+00:00 51f57607e30bee282a1d40845f89a311cbb26481 The hwmon sysfs naming convention uses temp[1-*]_input for temperature channels. Documentation/hwmon/sy7636a-hwmon.rst currently documents temp0_input, while the driver uses the standard hwmon temperature channel interface. Update the documentation to use temp1_input. Signed-off-by: Chen-Shi-Hong <eric039eric@gmail.com> Link: https://lore.kernel.org/r/20260514154108.1937-1-eric039eric@gmail.com Signed-off-by: Guenter Roeck <linux@roeck-us.net> 
The hwmon sysfs naming convention uses
temp[1-*]_input for temperature channels.

Documentation/hwmon/sy7636a-hwmon.rst currently documents
temp0_input, while the driver uses the standard hwmon
temperature channel interface.

Update the documentation to use temp1_input.

Signed-off-by: Chen-Shi-Hong <eric039eric@gmail.com>
Link: https://lore.kernel.org/r/20260514154108.1937-1-eric039eric@gmail.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Merge tag 'net-7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-05-14T15:57:43+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-05-14T15:57:43+00:00 66182ca873a4e87b3496eca79d57f86b76d7f52d Pull networking fixes from Paolo Abeni: "Including fixes from netfilter. Previous releases - regressions: - ethtool: fix NULL pointer dereference in phy_reply_size - netfilter: - allocate hook ops while under mutex - close dangling table module init race - restore nf_conntrack helper propagation via expectation - tcp: - fix potential UAF in reqsk_timer_handler(). - fix out-of-bounds access for twsk in tcp_ao_established_key(). - vsock: fix empty payload in tap skb for non-linear buffers - hsr: fix NULL pointer dereference in hsr_get_node_data() - eth: - cortina: fix RX drop accounting - ice: fix locking in ice_dcb_rebuild() Previous releases - always broken: - napi: avoid gro timer misfiring at end of busypoll - sched: - dualpi2: initialize timer earlier in dualpi2_init() - sch_cbs: Call qdisc_reset for child qdisc - shaper: - fix ordering issue in net_shaper_commit() - reject handle IDs exceeding internal bit-width - ipv6: flowlabel: enforce per-netns limit for unprivileged callers - tls: fix off-by-one in sg_chain entry count for wrapped sk_msg ring - smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint - sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL - batman-adv: - reject new tp_meter sessions during teardown - purge non-released claims - eth: - i40e: cleanup PTP registration on probe failure - idpf: fix double free and use-after-free in aux device error paths - ena: fix potential use-after-free in get_timestamp" * tag 'net-7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (88 commits) net: phy: DP83TC811: add reading of abilities net: tls: prevent chain-after-chain in plain text SG net: tls: fix off-by-one in sg_chain entry count for wrapped sk_msg ring net/smc: reject CHID-0 ACCEPT that matches an empty ism_dev slot macsec: use rcu_work to defer TX SA crypto cleanup out of softirq macsec: use rcu_work to defer RX SA crypto cleanup out of softirq macsec: introduce dedicated workqueue for SA crypto cleanup net: net_failover: Fix the deadlock in slave register MAINTAINERS: update atlantic driver maintainer selftests/tc-testing: Add QFQ/CBS qlen underflow test net/sched: sch_cbs: Call qdisc_reset for child qdisc FDDI: defza: Sanitise the reset safety timer net: ethernet: ravb: Do not check URAM suspension when WoL is active ethtool: fix ethnl_bitmap32_not_zero() bit interval semantics net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS net: atm: fix skb leak in sigd_send() default branch net: ethtool: phy: avoid NULL deref when PHY driver is unbound net: atlantic: preserve PCI wake-from-D3 on shutdown when WOL enabled net: shaper: reject QUEUE scope handle with missing id ... 
Pull networking fixes from Paolo Abeni:
 "Including fixes from netfilter.

  Previous releases - regressions:

   - ethtool: fix NULL pointer dereference in phy_reply_size

   - netfilter:
      - allocate hook ops while under mutex
      - close dangling table module init race
      - restore nf_conntrack helper propagation via expectation

   - tcp:
      - fix potential UAF in reqsk_timer_handler().
      - fix out-of-bounds access for twsk in tcp_ao_established_key().

   - vsock: fix empty payload in tap skb for non-linear buffers

   - hsr: fix NULL pointer dereference in hsr_get_node_data()

   - eth:
      - cortina: fix RX drop accounting
      - ice: fix locking in ice_dcb_rebuild()

  Previous releases - always broken:

   - napi: avoid gro timer misfiring at end of busypoll

   - sched:
      - dualpi2: initialize timer earlier in dualpi2_init()
      - sch_cbs: Call qdisc_reset for child qdisc

   - shaper:
      - fix ordering issue in net_shaper_commit()
      - reject handle IDs exceeding internal bit-width

   - ipv6: flowlabel: enforce per-netns limit for unprivileged callers

   - tls: fix off-by-one in sg_chain entry count for wrapped sk_msg ring

   - smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint

   - sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

   - batman-adv:
      - reject new tp_meter sessions during teardown
      - purge non-released claims

   - eth:
      - i40e: cleanup PTP registration on probe failure
      - idpf: fix double free and use-after-free in aux device error paths
      - ena: fix potential use-after-free in get_timestamp"

* tag 'net-7.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (88 commits)
  net: phy: DP83TC811: add reading of abilities
  net: tls: prevent chain-after-chain in plain text SG
  net: tls: fix off-by-one in sg_chain entry count for wrapped sk_msg ring
  net/smc: reject CHID-0 ACCEPT that matches an empty ism_dev slot
  macsec: use rcu_work to defer TX SA crypto cleanup out of softirq
  macsec: use rcu_work to defer RX SA crypto cleanup out of softirq
  macsec: introduce dedicated workqueue for SA crypto cleanup
  net: net_failover: Fix the deadlock in slave register
  MAINTAINERS: update atlantic driver maintainer
  selftests/tc-testing: Add QFQ/CBS qlen underflow test
  net/sched: sch_cbs: Call qdisc_reset for child qdisc
  FDDI: defza: Sanitise the reset safety timer
  net: ethernet: ravb: Do not check URAM suspension when WoL is active
  ethtool: fix ethnl_bitmap32_not_zero() bit interval semantics
  net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint
  net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS
  net: atm: fix skb leak in sigd_send() default branch
  net: ethtool: phy: avoid NULL deref when PHY driver is unbound
  net: atlantic: preserve PCI wake-from-D3 on shutdown when WOL enabled
  net: shaper: reject QUEUE scope handle with missing id
  ...
docs: threat-model: don't limit root capabilities to CAP_SYS_ADMIN 2026-05-14T12:23:44+00:00 Jonathan Corbet corbet@lwn.net 2026-05-13T20:58:53+00:00 f2e65e4e5b4b4b9ecf43f03c3fdbe8c9a8a43a9e The threat-model document says that only users with CAP_SYS_ADMIN can carry out a number of admin-level tasks, but there are numerous capabilities that can confer that sort of power. Generalize the text slightly to make it clear that CAP_SYS_ADMIN is not the only all-powerful capability. Acked-by: Willy Tarreau <w@1wt.eu> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
The threat-model document says that only users with CAP_SYS_ADMIN can carry
out a number of admin-level tasks, but there are numerous capabilities that
can confer that sort of power.  Generalize the text slightly to make it
clear that CAP_SYS_ADMIN is not the only all-powerful capability.

Acked-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
docs: security-bugs: add a link to the threat-model documentation 2026-05-14T12:23:06+00:00 Jonathan Corbet corbet@lwn.net 2026-05-13T20:51:29+00:00 561458db0d6b08b4e4956c6e4456d7781b18676f Rather than make readers search for this document, just a link to it where it is referenced. (While I was at it, I removed the unused and unneeded _threatmodel label from the top of threat-model.rst). Acked-by: Willy Tarreau <w@1wt.eu> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 
Rather than make readers search for this document, just a link to it where
it is referenced.

(While I was at it, I removed the unused and unneeded _threatmodel label
from the top of threat-model.rst).

Acked-by: Willy Tarreau <w@1wt.eu>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
riscv: Docs: fix unmatched quote warning 2026-05-14T04:21:32+00:00 Randy Dunlap rdunlap@infradead.org 2026-04-06T23:23:04+00:00 50da1c9ccb70fc5250c37ac474b54ee072732ea3 'make htmldocs' complains about ``prctrl` -- so add a second '`' to avoid the warning. Documentation/arch/riscv/zicfilp.rst:79: WARNING: Inline literal start-string without end-string. [docutils] Fixes: 08ee1559052b ("prctl: cfi: change the branch landing pad prctl()s to be more descriptive") Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Link: https://patch.msgid.link/20260406232304.1892528-1-rdunlap@infradead.org Signed-off-by: Paul Walmsley <pjw@kernel.org> 
'make htmldocs' complains about ``prctrl` -- so add a second '`' to
avoid the warning.

Documentation/arch/riscv/zicfilp.rst:79: WARNING: Inline literal start-string without end-string. [docutils]

Fixes: 08ee1559052b ("prctl: cfi: change the branch landing pad prctl()s to be more descriptive")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://patch.msgid.link/20260406232304.1892528-1-rdunlap@infradead.org
Signed-off-by: Paul Walmsley <pjw@kernel.org>