linux.git/drivers, branch nocache-cleanup Linux kernel source tree x86: rename and clean up __copy_from_user_inatomic_nocache() 2026-03-30T22:05:57+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-03-30T20:11:07+00:00 5de7bcaadf160c1716b20a263cf8f5b06f658959 Similarly to the previous commit, this renames the somewhat confusingly named function. But in this case, it was at least less confusing: the __copy_from_user_inatomic_nocache is indeed copying from user memory, and it is indeed ok to be used in an atomic context, so it will not warn about it. But the previous commit also removed the NTB mis-use of the __copy_from_user_inatomic_nocache() function, and as a result every call-site is now _actually_ doing a real user copy. That means that we can now do the proper user pointer verification too. End result: add proper address checking, remove the double underscores, and change the "nocache" to "nontemporal" to more accurately describe what this x86-only function actually does. It might be worth noting that only the target is non-temporal: the actual user accesses are normal memory accesses. Also worth noting is that non-x86 targets (and on older 32-bit x86 CPU's before XMM2 in the Pentium III) we end up just falling back on a regular user copy, so nothing can actually depend on the non-temporal semantics, but that has always been true. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Similarly to the previous commit, this renames the somewhat confusingly
named function.  But in this case, it was at least less confusing: the
__copy_from_user_inatomic_nocache is indeed copying from user memory,
and it is indeed ok to be used in an atomic context, so it will not warn
about it.

But the previous commit also removed the NTB mis-use of the
__copy_from_user_inatomic_nocache() function, and as a result every
call-site is now _actually_ doing a real user copy.  That means that we
can now do the proper user pointer verification too.

End result: add proper address checking, remove the double underscores,
and change the "nocache" to "nontemporal" to more accurately describe
what this x86-only function actually does.  It might be worth noting
that only the target is non-temporal: the actual user accesses are
normal memory accesses.

Also worth noting is that non-x86 targets (and on older 32-bit x86 CPU's
before XMM2 in the Pentium III) we end up just falling back on a regular
user copy, so nothing can actually depend on the non-temporal semantics,
but that has always been true.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
x86-64: rename misleadingly named '__copy_user_nocache()' function 2026-03-30T22:05:56+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-03-30T17:39:09+00:00 d187a86de793f84766ea40b9ade7ac60aabbb4fe This function was a masterclass in bad naming, for various historical reasons. It claimed to be a non-cached user copy. It is literally _neither_ of those things. It's a specialty memory copy routine that uses non-temporal stores for the destination (but not the source), and that does exception handling for both source and destination accesses. Also note that while it works for unaligned targets, any unaligned parts (whether at beginning or end) will not use non-temporal stores, since only words and quadwords can be non-temporal on x86. The exception handling means that it _can_ be used for user space accesses, but not on its own - it needs all the normal "start user space access" logic around it. But typically the user space access would be the source, not the non-temporal destination. That was the original intention of this, where the destination was some fragile persistent memory target that needed non-temporal stores in order to catch machine check exceptions synchronously and deal with them gracefully. Thus that non-descriptive name: one use case was to copy from user space into a non-cached kernel buffer. However, the existing users are a mix of that intended use-case, and a couple of random drivers that just did this as a performance tweak. Some of those random drivers then actively misused the user copying version (with STAC/CLAC and all) to do kernel copies without ever even caring about the exception handling, _just_ for the non-temporal destination. Rename it as a first small step to actually make it halfway sane, and change the prototype to be more normal: it doesn't take a user pointer unless the caller has done the proper conversion, and the argument size is the full size_t (it still won't actually copy more than 4GB in one go, but there's also no reason to silently truncate the size argument in the caller). Finally, use this now sanely named function in the NTB code, which mis-used a user copy version (with STAC/CLAC and all) of this interface despite it not actually being a user copy at all. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
This function was a masterclass in bad naming, for various historical
reasons.

It claimed to be a non-cached user copy.  It is literally _neither_ of
those things.  It's a specialty memory copy routine that uses
non-temporal stores for the destination (but not the source), and that
does exception handling for both source and destination accesses.

Also note that while it works for unaligned targets, any unaligned parts
(whether at beginning or end) will not use non-temporal stores, since
only words and quadwords can be non-temporal on x86.

The exception handling means that it _can_ be used for user space
accesses, but not on its own - it needs all the normal "start user space
access" logic around it.

But typically the user space access would be the source, not the
non-temporal destination.  That was the original intention of this,
where the destination was some fragile persistent memory target that
needed non-temporal stores in order to catch machine check exceptions
synchronously and deal with them gracefully.

Thus that non-descriptive name: one use case was to copy from user space
into a non-cached kernel buffer.  However, the existing users are a mix
of that intended use-case, and a couple of random drivers that just did
this as a performance tweak.

Some of those random drivers then actively misused the user copying
version (with STAC/CLAC and all) to do kernel copies without ever even
caring about the exception handling, _just_ for the non-temporal
destination.

Rename it as a first small step to actually make it halfway sane, and
change the prototype to be more normal: it doesn't take a user pointer
unless the caller has done the proper conversion, and the argument size
is the full size_t (it still won't actually copy more than 4GB in one
go, but there's also no reason to silently truncate the size argument in
the caller).

Finally, use this now sanely named function in the NTB code, which
mis-used a user copy version (with STAC/CLAC and all) of this interface
despite it not actually being a user copy at all.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Merge tag 'i2c-for-6.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2026-02-08T17:17:46+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-08T17:17:46+00:00 e98f34af61167aee238e666bfbc97d1620afd88a Pull i2c fix from Wolfram Sang: - imx: preserve error state during SMBus block read length handling * tag 'i2c-for-6.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: imx: preserve error state in block data length handler 
Pull i2c fix from Wolfram Sang:

 - imx: preserve error state during SMBus block read length handling

* tag 'i2c-for-6.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: imx: preserve error state in block data length handler
Merge tag 'spi-fix-v6.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi 2026-02-07T17:37:34+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-07T17:37:34+00:00 e7aa57247700733e52a8e2e4dee6a52c2a76de02 Pull spi fixes from Mark Brown: "One final batch of fixes for the Tegra SPI drivers, the main one is a batch of fixes for races with the interrupts in the Tegra210 QSPI driver that Breno has been working on for a while" * tag 'spi-fix-v6.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: tegra114: Preserve SPI mode bits in def_command1_reg spi: tegra: Fix a memory leak in tegra_slink_probe() spi: tegra210-quad: Protect curr_xfer check in IRQ handler spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one spi: tegra210-quad: Move curr_xfer read inside spinlock spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer 
Pull spi fixes from Mark Brown:
 "One final batch of fixes for the Tegra SPI drivers, the main one is a
  batch of fixes for races with the interrupts in the Tegra210 QSPI
  driver that Breno has been working on for a while"

* tag 'spi-fix-v6.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
  spi: tegra114: Preserve SPI mode bits in def_command1_reg
  spi: tegra: Fix a memory leak in tegra_slink_probe()
  spi: tegra210-quad: Protect curr_xfer check in IRQ handler
  spi: tegra210-quad: Protect curr_xfer clearing in tegra_qspi_non_combined_seq_xfer
  spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer
  spi: tegra210-quad: Protect curr_xfer assignment in tegra_qspi_setup_transfer_one
  spi: tegra210-quad: Move curr_xfer read inside spinlock
  spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed transfer
Merge tag 'regulator-fix-v6.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator 2026-02-07T17:34:49+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-07T17:34:49+00:00 142fdd7bb7095c114d027b1ee36878a67b869228 Pull regulator fix from Mark Brown: "One last fix for v6.19: the voltages for the SpaceMIT P1 were not described correctly" * tag 'regulator-fix-v6.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: spacemit-p1: Fix n_voltages for BUCK and LDO regulators 
Pull regulator fix from Mark Brown:
 "One last fix for v6.19: the voltages for the SpaceMIT P1 were not
  described correctly"

* tag 'regulator-fix-v6.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
  regulator: spacemit-p1: Fix n_voltages for BUCK and LDO regulators
Merge tag 'char-misc-6.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc 2026-02-07T17:27:57+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-07T17:27:57+00:00 b0e7d3f88e563b5ca793fca23c7d7fa1352c1079 Pull binder fixes from Greg KH: "Here are some small, last-minute binder C and Rust driver fixes for reported issues. They include a number of fixes for reported crashes and other problems. All of these have been in linux-next this week, and longer" * tag 'char-misc-6.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: binderfs: fix ida_alloc_max() upper bound rust_binderfs: fix ida_alloc_max() upper bound binder: fix BR_FROZEN_REPLY error log rust_binder: add additional alignment checks binder: fix UAF in binder_netlink_report() rust_binder: correctly handle FDA objects of length zero 
Pull binder fixes from Greg KH:
 "Here are some small, last-minute binder C and Rust driver fixes for
  reported issues. They include a number of fixes for reported crashes
  and other problems.

  All of these have been in linux-next this week, and longer"

* tag 'char-misc-6.19-final' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  binderfs: fix ida_alloc_max() upper bound
  rust_binderfs: fix ida_alloc_max() upper bound
  binder: fix BR_FROZEN_REPLY error log
  rust_binder: add additional alignment checks
  binder: fix UAF in binder_netlink_report()
  rust_binder: correctly handle FDA objects of length zero
Merge tag 'ceph-for-6.19-rc9' of https://github.com/ceph/ceph-client 2026-02-06T18:34:17+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-06T18:34:17+00:00 240b8d8227468344e814c6bc7eb8ae532e3b8a09 Pull ceph fixes from Ilya Dryomov: "One RBD and two CephFS fixes which address potential oopses. The RBD thing is more of a rare edge case that pops up in our CI, while the two CephFS scenarios are regressions that were reported by users and can be triggered trivially in normal operation. All marked for stable" * tag 'ceph-for-6.19-rc9' of https://github.com/ceph/ceph-client: ceph: fix NULL pointer dereference in ceph_mds_auth_match() ceph: fix oops due to invalid pointer for kfree() in parse_longname() rbd: check for EOD after exclusive lock is ensured to be held 
Pull ceph fixes from Ilya Dryomov:
 "One RBD and two CephFS fixes which address potential oopses.

  The RBD thing is more of a rare edge case that pops up in our CI,
  while the two CephFS scenarios are regressions that were reported by
  users and can be triggered trivially in normal operation. All marked
  for stable"

* tag 'ceph-for-6.19-rc9' of https://github.com/ceph/ceph-client:
  ceph: fix NULL pointer dereference in ceph_mds_auth_match()
  ceph: fix oops due to invalid pointer for kfree() in parse_longname()
  rbd: check for EOD after exclusive lock is ensured to be held
Merge tag 'iommu-fix-v6.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux 2026-02-06T18:19:54+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-06T18:19:54+00:00 fe70b3260e39ce4915a01cf3556a3ffe5b7f8817 Pull iommu fix from Joerg Roedel: - Fix wrong definition of PASID_FLAG_PWSNP bit. This caused DMAR errors on Arrow Lake platforms. * tag 'iommu-fix-v6.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux: iommu/vt-d: Treat PAGE_SNOOP and PWSNP separately 
Pull iommu fix from Joerg Roedel:

 - Fix wrong definition of PASID_FLAG_PWSNP bit. This caused DMAR errors
   on Arrow Lake platforms.

* tag 'iommu-fix-v6.19-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/iommu/linux:
  iommu/vt-d: Treat PAGE_SNOOP and PWSNP separately
Merge tag 'pmdomain-v6.19-rc3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm 2026-02-06T18:10:39+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-06T18:10:39+00:00 0dbc3577107008883a9d4275e4b67cd3b4dfacf5 Pull pmdomain fixes from Ulf Hansson: - imx: - Fix system wakeup support for imx8mp power domains - Fix potential out-of-range access for imx8m power domains - Fix the imx8mm gpu hang - qcom: Fix off-by-one error for highest state in rpmpd * tag 'pmdomain-v6.19-rc3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm: pmdomain: imx8mp-blk-ctrl: Keep usb phy power domain on for system wakeup pmdomain: imx8mp-blk-ctrl: Keep gpc power domain on for system wakeup pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset pmdomain: qcom: rpmpd: fix off-by-one error in clamping to the highest state 
Pull pmdomain fixes from Ulf Hansson:

 - imx:
     - Fix system wakeup support for imx8mp power domains
     - Fix potential out-of-range access for imx8m power domains
     - Fix the imx8mm gpu hang

 - qcom: Fix off-by-one error for highest state in rpmpd

* tag 'pmdomain-v6.19-rc3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm:
  pmdomain: imx8mp-blk-ctrl: Keep usb phy power domain on for system wakeup
  pmdomain: imx8mp-blk-ctrl: Keep gpc power domain on for system wakeup
  pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains
  pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset
  pmdomain: qcom: rpmpd: fix off-by-one error in clamping to the highest state
Merge tag 'gpio-fixes-for-v6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux 2026-02-06T18:05:35+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-06T18:05:35+00:00 8aa3041808b5dcf43f4964a5b58cd44652d772a8 Pull gpio fixes from Bartosz Golaszewski: - fix incorrect retval check in gpio-loongson-64bit - fix GPIO counting with ACPI * tag 'gpio-fixes-for-v6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux: gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc() gpiolib: acpi: Fix gpio count with string references 
Pull gpio fixes from Bartosz Golaszewski:

 - fix incorrect retval check in gpio-loongson-64bit

 - fix GPIO counting with ACPI

* tag 'gpio-fixes-for-v6.19' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
  gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc()
  gpiolib: acpi: Fix gpio count with string references