summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2026-06-15net: dsa: mxl862xx: store firmware version for feature gatingDaniel Golle
Query the firmware version at init (already done in wait_ready), cache it in priv->fw_version, and provide MXL862XX_FW_VER_MIN() for version-gated code paths throughout the driver. MXL862XX_FW_VER() packs major/minor/revision into a u32 with bitwise shifts so that versions compare with natural ordering, independent of host endianness. Signed-off-by: Daniel Golle <daniel@makrotopia.org> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Link: https://patch.msgid.link/91a26a8ffeaa2ce1729f98347e93e779973976bb.1781319534.git.daniel@makrotopia.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-16Merge tag 'x86_microcode_for_v7.2_rc1' of ↵Linus Torvalds
gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip Pull x86 microcode loader updates from Borislav Petkov: - Move the zero-revision fixup for AMD microcode to the patch level retrieval function and restrict it to Zen family processors, ensuring patch level arithmetic always operates on a valid revision - Fix an incorrect comment about which CPUID bit is checked when determining whether the microcode loader should be disabled - Add the latest Intel microcode revision data for a broad range of processor models and steppings and add the script which generates the header of minimum expected Intel microcode revisions * tag 'x86_microcode_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip: x86/microcode/AMD: Move the no-revision fixup to get_patch_level() x86/microcode: Fix comment in microcode_loader_disabled() scripts/x86/intel: Add a script to update the old microcode list x86/microcode/intel: Refresh old_microcode defines with Nov 2025 release
2026-06-16Merge tag 'x86_cleanups_for_v7.2_rc1' of ↵Linus Torvalds
gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip Pull x86 cleanups from Borislav Petkov: - The usual pile of cleanups and fixlets the cat dragged in * tag 'x86_cleanups_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip: x86/cpu: Remove obsolete aperfmperf_get_khz() declaration x86/pmem: Check for platform_device_alloc() retval x86/platform/uv: Use str_enabled_disabled() in uv_nmi_setup_hubless_intr() x86/cpu: Keep the PROCESSOR_SELECT menu together x86/tlb: Convert copy_from_user() + kstrtouint() to kstrtouint_from_user() x86/purgatory: Fix #endif comment x86/boot: Get rid of kstrtoull() x86/boot/compressed: Use boot_kstrtoul() for hugepages= parsing
2026-06-16Merge tag 'x86_cache_for_v7.2_rc1' of ↵Linus Torvalds
gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip Pull x86 resource control updates from Borislav Petkov: "Preparatory work for MPAM counter assignment: - Simplify the error handling path when creating monitor group event configuration directories - Make the MBM event filter configurable only on architectures that support it and expose this with the respective file modes in the event config - Disallow the MBA software controller on systems where MBM counters are assignable, as it requires continuous bandwidth measurement that assignable counters do not guarantee - Replace a compile-time Kconfig option for fixed counter assignment with a per-architecture runtime property, and expose whether the counter assignment mode is changeable to userspace - Continue counter allocation across all domains instead of aborting at the first failure - Document that automatic MBM counter assignment is best effort and may not assign counters to all domains - Document the behavior of task ID 0 and idle tasks in the resctrl tasks file" * tag 'x86_cache_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip: fs/resctrl: Document tasks file behaviour for task id 0 and idle tasks fs/resctrl: Document that automatic counter assignment is best effort fs/resctrl: Continue counter allocation after failure fs/resctrl: Add monitor property 'mbm_cntr_assign_fixed' fs/resctrl: Disallow the software controller when MBM counters are assignable x86,fs/resctrl: Create 'event_filter' files read only if they're not configurable fs/resctrl: Tidy up the error path in resctrl_mkdir_event_configs()
2026-06-16Merge tag 'edac_updates_for_v7.2_rc1' of ↵Linus Torvalds
gitolite.kernel.org:pub/scm/linux/kernel/git/ras/ras Pull EDAC updates from Borislav Petkov: - Fix a malformed Kconfig default for the AMD Address Translation Library - Make sure i10nm loads successfully when the ADXL address decoder is absent because former has decoding capabilities too - Ensure error reporting is cleanly disabled on driver teardown and on failed initialization for several legacy Intel EDAC drivers - Fix a grammar issue in a diagnostic warning in the Sandy Bridge driver - Fix a missing resource release callback and incorrect memory topology parsing in the igen6 driver, and add support for Intel Panther Lake-H and Nova Lake-H SoCs - Fix an out-of-bounds shift causing undefined behaviour in the Skylake driver - Consolidate memory controller register access helpers into shared common code across the Intel Skylake, Ice Lake, and Meteor Lake drivers - Introduce sub-channel awareness and Rank Retry Logic improvements to the Intel Skylake and i10nm drivers in preparation for Diamond Rapids server support - Add Rank Retry Logic support for Intel Diamond Rapids server to imh_edac - Make In-Band ECC detection registers configurable per SoC in the igen6 driver - Standardize PCI device ID table definitions across all EDAC drivers to use named field initializers and standard PCI helper macros * tag 'edac_updates_for_v7.2_rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/ras/ras: (22 commits) EDAC: Consistently define pci_device_ids using named initializers EDAC/igen6: Add Intel Nova Lake-H SoC support EDAC/igen6: Make registers for detecting IBECC configurable EDAC/imh: Add RRL support for Intel Diamond Rapids server EDAC/{skx_common,i10nm}: Prepare RRL for sub-channel granularity EDAC/skx_common: Add SubChannel support to ADXL decode EDAC/{skx_common,i10nm}: Move RRL handling to common code EDAC/{skx_common,i10nm}: Introduce rrl_ctrl_mode EDAC/{skx_common,i10nm}: Rename rrl_mode to rrl_source_type EDAC/{skx_common,skx,i10nm}: Split skx_set_decode() EDAC/{skx_common,i10nm,imh}: Move MC register access helpers to skx_common EDAC/{skx_common,skx}: Fix UBSAN shift-out-of-bounds in skx_get_dimm_info EDAC/igen6: Add one Intel Panther Lake-H SoC support EDAC/igen6: Fix memory topology parsing for Panther Lake-H SoCs EDAC/igen6: Fix call trace due to missing release() EDAC/sb_edac: fix grammar in sb_decode_ddr3 warning EDAC/i5400: disable error reporting at teardown and refactor helper EDAC/i5100: disable error reporting at teardown and create helper EDAC/i5000: disable error reporting at teardown and refactor helper EDAC/i7300: disable error reporting if init fails and refactor helper ...
2026-06-16Merge tag 'arm64-upstream' of ↵Linus Torvalds
gitolite.kernel.org:pub/scm/linux/kernel/git/arm64/linux Pull arm64 updates from Will Deacon: "It feels like the new world of AI tooling has slowed us down a little on the feature side when compared to the fixes side. The extra rounds of Sashiko review have also pushed a few things out until next time. Still, there's some good foundational stuff here for the fpsimd code and hardening work towards removing the predictable linear alias of the kernel image. CPU errata handling: - Extend CnP disabling workaround to HiSilicon HIP09 hardware. - Work around eternally broken broadcast TLB invalidation on more CPUs. - Documentation and code cleanups. CPU features: - Add new hwcaps for the 2025 dpISA extensions. Floating point / SVE / SME: - Significant cleanup to the low-level state management code in the core architecture code and KVM. - Use correct register widths during SVE/SME save/restore assembly. - Expose SVE/SME save/restore memory accesses to sanitisers. Memory management: - Preparatory work for unmapping the kernel data and bss sections from the linear map. Miscellaneous: - Inline DAIF manipulation helpers so they can be used safely from non-instrumentable code. - Fix handling of the 'nosmp' cmdline option to avoid marking secondary cores as "possible". MPAM: - Add support for v0.1 of the MPAM architecture. Perf: - Update HiSilicon PMU MAINTAINERS entry. - Fix event encodings for the DVM node in the CMN driver. Selftests: - Extend sigframe tests to cover POE context. - Add coverage for the newly added 2025 dpISA hwcaps. System registers: - Add new registers and ESR encodings for the HDBSS feature. Plus minor fixes and cleanups across the board" * tag 'arm64-upstream' of gitolite.kernel.org:pub/scm/linux/kernel/git/arm64/linux: (73 commits) arm64: errata: Mitigate TLBI errata on Microsoft Azure Cobalt 100 CPU arm64: errata: Mitigate TLBI errata on NVIDIA Olympus CPU arm64: errata: Mitigate TLBI errata on various Arm CPUs arm64: cputype: Add C1-Premium definitions arm64: cputype: Add C1-Ultra definitions Revert "arm64: mm: Unmap kernel data/bss entirely from the linear map" Revert "arm64: mm: Defer remap of linear alias of data/bss" arm64: arch_timer: reuse arch_timer_read_cnt{p,v}ct_el0() helpers arm64/mm: Rename ptdesc_t arm64: mm: Defer remap of linear alias of data/bss KVM: arm64: Omit tag sync on stage-2 mappings of the zero page arm64: Avoid double evaluation of __ptep_get() kasan: Move generic KASAN page tables out of BSS too arm64: Rename page table BSS section to .bss..pgtbl arm64: patching: replace min_t with min in __text_poke perf/arm-cmn: Fix DVM node events arm64: fpsimd: Remove <asm/fpsimdmacros.h> arm64: fpsimd: Move SME save/restore inline arm64: fpsimd: Move sve_flush_live() inline arm64: fpsimd: Move SVE save/restore inline ...
2026-06-16Merge tag 's390-7.2-1' of ↵Linus Torvalds
gitolite.kernel.org:pub/scm/linux/kernel/git/s390/linux Pull s390 updates from Alexander Gordeev: - Use CIO device online variable instead of the internal FSM state to determine device availability during purge operations - Remove extra check of task_stack_page() because try_get_task_stack() already takes care of that when reading /proc/<pid>/wchan - Allow user-space to use the new SCLP action qualifier 4 for to provide NVMe SMART log data to the platform. - Send AP CHANGE uevents on successful bind and successful association to notify user-space about SE operations on AP queue devices - Add an s390dbf kernel parameter to configure debug log levels and area sizes during early boot - On arm64 the empty zero page is going to be mapped read-only. Do the same for s390 with an explicit set_memory_ro() call - Improve s390-specific bcr_serialize() and cpu_relax() implementations - Remove all unused variables to avoid allmodconfig W=1 build fails with latest clang-23 - Cleanup default Kconfig values for s390 selftests - Add a s390-tod trace clock to allow comparing trace timestamps between different systems or virtual machines on s390 - Remove the s390 implementation of strlcat() in favor of the generic variant - Make consistent the calling order between page_table_check_pte_clear() and secure page conversion across all code paths - Rearrange some fields within AP and zcrypt structs to reduce memory consumption and unused holes - Shorten GR_NUM and VX_NUM macros and move them to a separate header - Replace __get_free_page() with kmalloc() in few sources - Introduce an infrastructure for more efficient this_cpu operations. Eliminate conditional branches when PREEMPT_NONE is removed - Enable Rust support - Use z10 as minimum architecture level, similar to the boot code, to enforce a defined architecture level set - Improve and convert various mem*() helper functions to C. For that add .noinstr.text section to avoid orphaned warnings from the linker - Fix the function pointer type in __ret_from_fork() to correct the indirect call to match kernel thread return type of int - Revert support for DCACHE_WORD_ACCESS to avoid an endless exception loop on read from donated Ultravisor pages at unaligned addresses * tag 's390-7.2-1' of gitolite.kernel.org:pub/scm/linux/kernel/git/s390/linux: (52 commits) s390: Revert support for DCACHE_WORD_ACCESS s390/process: Fix kernel thread function pointer type s390/tishift: Convert __ashlti3(), __ashrti3(), __lshrti3() to C s390/memmove: Optimize backward copy case s390/string: Convert memset(16|32|64)() to C s390/string: Convert memcpy() to C s390/string: Convert memset() to C s390/string: Convert memmove() to C s390/string: Add -ffreestanding compile option to string.o s390: Add .noinstr.text to boot and purgatory linker scripts s390/purgatory: Enforce z10 minimum architecture level s390: Enable Rust support s390/cmpxchg: Fix KASAN stack-out-of-bounds in atomic helpers rust: helpers: Add memchr wrapper for string operations rust/bindgen_parameters: Mark s390 types as opaque to prevent repr conflicts s390/jump_label: Implement ARCH_STATIC_BRANCH_JUMP_ASM and ARCH_STATIC_BRANCH_ASM macros s390/bug: Provide ARCH_WARN_ASM for Rust WARN/BUG support s390/ap: Fix locking issue in SE bind and associate sysfs functions s390/percpu: Provide arch_this_cpu_write() implementation s390/percpu: Provide arch_this_cpu_read() implementation ...
2026-06-15net: airoha: use int instead of atomic_t for qdma users counterLorenzo Bianconi
QDMA users counter is always accessed holding RTNL lock so we do not require atomic_t for it. Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15Merge branch 'mac-phy-interrupt-changed-to-level-triggered-interrupt'Jakub Kicinski
Selvamani Rajagopal says: ==================== MAC-PHY interrupt changed to level triggered interrupt According to OPEN Alliance 10BASE-T1x MAC-PHY Serial Interface specification, MAC-PHY interrupt is "active low, level triggered". The specification mentions about the conditions in which the IRQ is asserted and deasserted. Bug is inadvertently introduced by treating the IRQ in the OA TC6 framework driver and in dt-binding YAML file as edge triggered. With the changes to use level triggered interrupt, use of threaded irq is more efficient than the current method that has interrupt hander working with work queue. This change of interrupt handler mechanism exposed couple of race conditions due to the fact that interrupts were not masked on protocol error. And pointers were not initialized with null after skbs are freed. Changes are done in two files - OA TC6 framework Ethernet driver - YAML file for the vendor that already uses OA TC6 framework. Maintainer for this driver is already informed and aware of these changes. Testing for these changes was done in onsemi's setup and found to be working. ==================== Link: https://patch.msgid.link/20260611-level-trigger-v5-0-4533a9e85ce2@onsemi.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15dt-bindings: net: updated interrupt type to be active low, level triggeredSelvamani Rajagopal
According to OPEN Alliance 10BASE-T1x MACPHY Serial Interface (TC6) specification, interrupt type is active low, level triggered interrupt. Specification calls for when interrupt level will be asserted and what condition it is de-asserted. By using edge triggered interrupt, there is a potential chance to miss it, particularly if it is asserted when interrupt is disabled. Level triggered interrupt can't be missed as it gets de-asserted only on interrupt handler taking actions on interrupting conditions. Fixes: ac49b950bea9 ("dt-bindings: net: add Microchip's LAN865X 10BASE-T1S MACPHY") Signed-off-by: Selvamani Rajagopal <Selvamani.Rajagopal@onsemi.com> Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@oss.qualcomm.com> Link: https://patch.msgid.link/20260611-level-trigger-v5-4-4533a9e85ce2@onsemi.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: ethernet: oa_tc6: Remove FCS size in RX frameSelvamani Rajagopal
OA TC6 MAC-PHY appends FCS to the incoming frame. It must be removed from the frame before being passed to the stack. With FCS in the frame, many applications, like ping or any application that uses IP layer may work as they may carry the packet size information in the protocol. Application like ptp4l, particularly if it uses layer 2 for its communication, it will fail with "bad message" due to the extra 4 bytes added by the presence of FCS. Fixes: d70a0d8f2f2d ("net: ethernet: oa_tc6: implement receive path to receive rx ethernet frames") Signed-off-by: Selvamani Rajagopal <Selvamani.Rajagopal@onsemi.com> Link: https://patch.msgid.link/20260611-level-trigger-v5-3-4533a9e85ce2@onsemi.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: ethernet: oa_tc6: mdiobus->parent initialized with NULLSelvamani Rajagopal
As "dev" pointer in oa_tc6 structure is never initialized, mbiobus->parent was initialized with NULL. This change fixes it by initializing it with device pointer of spi. Fixes: 8f9bf857e43b ("net: ethernet: oa_tc6: implement internal PHY initialization") Signed-off-by: Selvamani Rajagopal <Selvamani.Rajagopal@onsemi.com> Link: https://patch.msgid.link/20260611-level-trigger-v5-2-4533a9e85ce2@onsemi.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: ethernet: oa_tc6: Interrupt is active low, level triggered.Selvamani Rajagopal
According OPEN Alliance 10BASET1x MAC-PHY Serial Interface specification, interrupt is active low, level triggered. Code used edge triggered interrupt which has the risk of losing an interrupt on instances like when interrupt is disabled. Level triggered interrupt won't be deasserted unless handler runs and clear the interrupting conditions. Interrupt handler mechanism is changed to threaded irq from interrupt handler and kernel thread waiting on work queue. Threaded irq mechanism is best suited for level triggered interrupt as it disables the interrupt until handler is run in thread level, while giving us an ability to have interrupt context handler to signal the threaded irq handler. Introduced a logic to disable the device interrupt on error. Error could be due in data chunk's header and footer or SPI interface itself. This will avoid having repeated interrupts, in case the driver couldn't recover from the error condition with the available recovery mechanism. Fixes: 2c6ce5354453 ("net: ethernet: oa_tc6: implement mac-phy interrupt") Signed-off-by: Selvamani Rajagopal <Selvamani.Rajagopal@onsemi.com> Link: https://patch.msgid.link/20260611-level-trigger-v5-1-4533a9e85ce2@onsemi.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-16Merge tag 'm68k-for-v7.2-tag1' of ↵Linus Torvalds
gitolite.kernel.org:pub/scm/linux/kernel/git/geert/linux-m68k Pull m68k updates from Geert Uytterhoeven: - Replace more deprecated functions by safer counterparts - Switch Mac NuBus to a dynamic root device - defconfig updates - Miscellaneous fixes and improvements * tag 'm68k-for-v7.2-tag1' of gitolite.kernel.org:pub/scm/linux/kernel/git/geert/linux-m68k: m68k: Correct CONFIG_MVME16x macro name in #endif comment m68k: hash: Use lower_16_bits() helper m68k: defconfig: Update defconfigs for v7.1-rc1 dio: Update DIO_SCMAX comment dio: Use tabs and avoid continuation logging in dio_init dio: Replace deprecated strcpy with strscpy in dio_init nubus: Switch to dynamic root device zorro: sysfs: Replace sprintf() by sysfs_emit()
2026-06-16i3c: master: Expose the APIs to support I3C hubAman Kumar Pandey
Change the below internal static functions to APIs to allow new I3C hub driver to use them 1) i3c_dev_enable_ibi_locked() 2) i3c_dev_disable_ibi_locked() 3) i3c_dev_request_ibi_locked() 4) i3c_dev_free_ibi_locked() 5) i3c_master_reattach_i3c_dev_locked() Signed-off-by: Aman Kumar Pandey <aman.kumarpandey@nxp.com> Signed-off-by: Lakshay Piplani <lakshay.piplani@nxp.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260612111816.3688240-3-lakshay.piplani@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-16i3c: master: rename i3c_master_reattach_i3c_dev() to *_lockedLakshay Piplani
Rename i3c_master_reattach_i3c_dev() to *_locked() to make the locking requirement explicit and consistent with other I3C core helpers that require the bus lock to be held by the caller. Signed-off-by: Lakshay Piplani <lakshay.piplani@nxp.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260612111816.3688240-2-lakshay.piplani@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-15Merge branch 'icssg-xdp-zero-copy-bug-fixes'Jakub Kicinski
Meghana Malladi says: ==================== ICSSG XDP zero copy bug fixes [part] This patch series fixes bugs introduced while adding xdp zero copy support in the icssg driver. Patch 1: Fix wakeup handling for Rx when available CPPI descriptor is zero Patch 2,3: Fix destination tag in CPPI descriptor to enable proper Tx xmit for HSR offload mode with XDP and zero copy ==================== Link: https://patch.msgid.link/20260611185744.2498070-1-m-malladi@ti.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: ti: icssg: Use undirected TX tag for XDP zero copy in HSR offload modeMeghana Malladi
emac_xsk_xmit_zc() has the same issue as the fixed emac_xmit_xdp_frame(): it always sets the CPPI5 descriptor destination tag to emac->port_id, which directs the PRU firmware to transmit on only one slave port in HSR mode, breaking redundancy. Apply the same fix: in HSR offload mode when NETIF_F_HW_HSR_DUP is set, use PRUETH_UNDIRECTED_PKT_DST_TAG (port 0) so the PRU duplicates frames to both ports. Also set PRUETH_UNDIRECTED_PKT_TAG_INS when NETIF_F_HW_HSR_TAG_INS is set so the PRU re-inserts the HSR sequence tag that was stripped by the PRU on RX before the XDP program saw the frame. This ensures XSK XDP_TX frames in HSR mode are treated identically to skb TX via hsr0. Fixes: 8756ef2eb078 ("net: ti: icssg-prueth: Add AF_XDP zero copy for TX") Signed-off-by: Meghana Malladi <m-malladi@ti.com> Link: https://patch.msgid.link/20260611185744.2498070-4-m-malladi@ti.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: ti: icssg: Use undirected TX tag for native XDP in HSR offload modeMeghana Malladi
emac_xmit_xdp_frame() always sets the CPPI5 descriptor destination tag to emac->port_id, which directs the PRU firmware to transmit the frame on that specific slave port only. In HSR offload mode this bypasses the firmware's HSR duplication logic: the frame goes out on one ring leg and never appears on the other, breaking HSR redundancy for XDP_TX paths. icssg_ndo_start_xmit() already handles this correctly: when HSR offload mode is active and NETIF_F_HW_HSR_DUP is set it substitutes PRUETH_UNDIRECTED_PKT_DST_TAG (port 0) so the PRU duplicates the frame to both slave ports. It also sets PRUETH_UNDIRECTED_PKT_TAG_INS in epib[1] when NETIF_F_HW_HSR_TAG_INS is set so the PRU inserts the HSR sequence tag, which XDP_TX frames lack (the tag is stripped by the PRU on RX before the frame reaches the XDP program). Apply the same logic in emac_xmit_xdp_frame() so XDP_TX frames in HSR mode are treated identically to skb TX via hsr0. Fixes: 62aa3246f462 ("net: ti: icssg-prueth: Add XDP support") Signed-off-by: Meghana Malladi <m-malladi@ti.com> Link: https://patch.msgid.link/20260611185744.2498070-3-m-malladi@ti.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: ti: icssg-prueth: Fix AF_XDP fill ring alloc and wakeup conditionMeghana Malladi
emac_rx_packet_zc() calls prueth_rx_alloc_zc() with count (frames received in the current NAPI poll) as the allocation budget. Two problems arise from this: 1. When the CPPI5 descriptor pool is exhausted (avail_desc == 0, FDQ already holds the maximum number of descriptors), count > 0 still triggers allocation attempts that all fail, spamming the kernel log with "rx push: failed to allocate descriptor" at high packet rates. 2. The XSK wakeup condition "ret < count" is wrong when avail_desc is zero: ret == 0 and count can be up to 64, so the condition is always true. This causes ~200 spurious ndo_xsk_wakeup() calls per second even when the FDQ is already full, wasting CPU cycles in repeated NAPI invocations that process zero frames. Fix both by introducing alloc_budget = min(budget, avail_desc): - When avail_desc == 0 no allocation is attempted, avoiding pool exhaustion errors. The wakeup condition "ret < alloc_budget" evaluates to 0 < 0 == false, correctly clearing the wakeup flag so the hardware IRQ re-arms NAPI without spurious kicks. - In steady state avail_desc == count <= budget, so alloc_budget == count and behaviour is unchanged. - After a dry-ring stall (count == 0, avail_desc > 0), alloc_budget > 0 causes new descriptors to be posted to the FDQ so the hardware can resume receiving immediately. Fixes: 7a64bb388df3 ("net: ti: icssg-prueth: Add AF_XDP zero copy for RX") Signed-off-by: Meghana Malladi <m-malladi@ti.com> Link: https://patch.msgid.link/20260611185744.2498070-2-m-malladi@ti.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15Merge branch 'tcp-rehash-onto-different-local-ecmp-path-on-retransmit-timeout'Jakub Kicinski
Neil Spring says: ==================== tcp: rehash onto different local ECMP path on retransmit timeout Currently sk_rethink_txhash() re-rolls the socket's txhash on RTO, PLB, and spurious-retransmission events, but the new hash is not propagated into the IPv6 ECMP path selection. The cached route is reused and fib6_select_path() is never re-invoked, so the connection uses the same local ECMP decision. This series adds the two missing pieces: 1. __sk_dst_reset() alongside sk_rethink_txhash() so the cached dst is invalidated and the next transmit triggers a fresh route lookup. 2. fl6->mp_hash set from sk_txhash before each route lookup so fib6_select_path() picks a path from the (potentially re-rolled) hash. The override applies only to fib_multipath_hash_policy 0 (the default L3 policy). Its hash includes the flow label, but that is 0 by default (np->flow_label is unset; auto_flowlabels computes the on-wire label later, per packet), so flows to the same peer share one local path. Keying it on sk_txhash makes that local path per-connection and lets a rehash re-select it; even when a flow label is present (reflected REPFLOW or explicitly set) only local path selection changes -- the on-wire flow label is unaffected. Policies 1-3 are left unchanged. Patch 1 is the kernel change; patch 2 adds selftests covering rehash on SYN, SYN/ACK, midstream RTO, midstream spurious-retransmission, and PLB events, plus a policy 1 negative test, a flowlabel-leak regression test, a dst-rebuild consistency test, and a syncookie path-consistency test. ==================== Link: https://patch.msgid.link/20260615042158.1600746-1-ntspring@meta.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15selftests: net: add local ECMP rehash testNeil Spring
Add ecmp_rehash.sh with nine scenarios verifying that TCP rehash selects a different local ECMP path for IPv6: - SYN retransmission (forward path blocked during setup) - SYN/ACK retransmission (reverse path blocked during setup) - Midstream RTO (forward path blocked on established connection) - Midstream ACK rehash (reverse path blocked on established connection) - PLB rehash (ECN-driven congestion on established connection) - Hash policy 1 negative test (rehash attempted but path unchanged) - No flowlabel leak (client mp_hash does not alter on-wire flowlabel) - Dst rebuild consistency (dst invalidation does not change path) - Syncookie server path consistency (SYN-ACK and post-cookie ACKs use the same ECMP path) The policy 1 test verifies that fib_multipath_hash_policy=1 computes a deterministic 5-tuple hash, so txhash re-rolls do not change the ECMP path while TcpTimeoutRehash still increments. The flowlabel leak test sets auto_flowlabels=0 on the client and installs tc filters on client egress that drop TCP packets with nonzero flowlabel, confirming that the client's fl6->mp_hash does not leak into the on-wire IPv6 flow label. The PLB test needs DCTCP, a restricted congestion control. Rather than relax the host-global tcp_allowed_congestion_control (no per-netns equivalent), it pins dctcp on the test routes via the congctl route attribute, confined to the test namespaces. The dst rebuild test streams data, invalidates the cached dst by adding and removing a dummy route (bumping the fib6_node sernum), and verifies that traffic stays on the same path. The sernum change causes ip6_dst_check() to fail on the next transmit, triggering a fresh route lookup via inet6_csk_route_socket(). ECMP_REBUILD_ROUNDS=10 repeats the check to reduce the probability of a buggy kernel passing by chance with 2-way ECMP. The syncookie server path consistency test verifies that the server's SYN-ACK and subsequent ACKs use the same ECMP path. With syncookies, the request socket is freed after the SYN-ACK, so cookie_tcp_reqsk_init() must derive the same txhash (from the cookie) that was used for the SYN-ACK's route lookup. The syncookie test forces tcp_syncookies=2; it skips when CONFIG_SYN_COOKIES is not available. selftests/net/config selects it (and CONFIG_TCP_CONG_DCTCP for the PLB test). Signed-off-by: Neil Spring <ntspring@meta.com> Link: https://patch.msgid.link/20260615042158.1600746-3-ntspring@meta.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15tcp: rehash onto different local ECMP path on retransmit timeoutNeil Spring
Currently sk_rethink_txhash() re-rolls the socket's txhash on RTO, PLB, and spurious-retransmission events, but the cached route is reused and the new hash is not propagated into the ECMP path selection logic. Two changes are needed to make rehash select a different local ECMP path: 1. Add __sk_dst_reset() alongside sk_rethink_txhash() in tcp_write_timeout(), tcp_rcv_spurious_retrans(), and tcp_plb_check_rehash() so the cached dst is invalidated and the next transmit triggers a fresh route lookup. 2. Set fl6->mp_hash from sk_txhash (or tcp_rsk(req)->txhash for SYN/ACK retransmits and syncookies) in tcp_v6_connect(), inet6_sk_rebuild_header(), inet6_csk_route_req(), inet6_csk_route_socket(), tcp_v6_send_response(), and cookie_v6_check() so fib6_select_path() picks a path based on the new hash. The mp_hash override only applies to fib_multipath_hash_policy 0 (the default L3 policy). Its hash includes the flow label, but that is 0 by default -- np->flow_label is unset, and auto_flowlabels only computes the on-wire label later, per packet -- so flows to the same peer share one local path. Keying the hash on sk_txhash makes the local path per-connection and lets a rehash re-select it. Policies 1-3 are left unchanged. The mp_hash assignment is factored into a small helper, ip6_ecmp_set_mp_hash(), shared by inet6_csk_route_req(), inet6_csk_route_socket(), tcp_v6_connect(), inet6_sk_rebuild_header(), tcp_v6_send_response(), and cookie_v6_check(). It applies (txhash >> 1) ?: 1 for policy 0 (the >> 1 keeps mp_hash in the 31-bit range; ?: 1 keeps it non-zero, since 0 would fall back to rt6_multipath_hash()). inet6_csk_route_socket() calls it only for sk_protocol == IPPROTO_TCP so that non-TCP callers (e.g., L2TP via inet6_csk_xmit) fall through to rt6_multipath_hash() and retain their existing flow-key-based ECMP behavior. tcp_v6_send_response() also sets mp_hash from the response txhash so that a control packet (a RST from the full socket, or an ACK from a time-wait socket) selects the same local ECMP nexthop as the connection's txhash rather than falling back to the flow hash. The time-wait socket's tw_txhash is copied from sk_txhash when the connection enters TIME_WAIT, so it reflects any rehash that occurred. Setting mp_hash explicitly is necessary because the default ECMP hash derives from fl6->flowlabel via np->flow_label, which is not updated from sk_txhash (REPFLOW is off by default). ip6_make_flowlabel() cannot help either, as it runs after the route lookup. As a consequence, for policy 0 the local ECMP path of an IPv6 TCP flow follows sk_txhash even when fl6->flowlabel is non-zero, e.g. a reflected (REPFLOW) or explicitly set (IPV6_FLOWLABEL_MGR) flow label. This is intentional: only local path selection changes, so rehash can recover from a failed path; the on-wire flow label is unchanged. sk_set_txhash() is moved before ip6_dst_lookup_flow() in tcp_v6_connect() so the initial ECMP path is selected by the same txhash that subsequent route rebuilds will use. This avoids unintended path changes when the cached dst is naturally invalidated (e.g., by PMTU discovery or route changes). The rehash sites (tcp_write_timeout(), tcp_plb_check_rehash(), and tcp_rcv_spurious_retrans()) call __sk_rethink_txhash_reset_dst(), which re-rolls the txhash and, when it changed, drops the cached dst so the next transmit re-runs route selection. The dst reset is guarded by sk->sk_family == AF_INET6 since IPv4 ECMP does not currently use sk_txhash for path selection. For IPv4-mapped IPv6 sockets this produces a redundant dst reset on a cold path (RTO/PLB); the subsequent IPv4 route lookup returns the same result. The helper is deliberately separate from sk_rethink_txhash() itself: dst_negative_advice() calls sk_rethink_txhash() before its own dst op, so resetting the dst inside sk_rethink_txhash() would skip that op (e.g. rt6_remove_exception_rt()). For syncookies, cookie_init_sequence() computes the cookie value before route_req() and sets txhash so the SYN-ACK selects the same ECMP path that cookie_v6_check() will use when the full socket is created. cookie_tcp_reqsk_init() derives txhash from the cookie so the full socket's ECMP path matches the SYN-ACK. Both the SYN-ACK assignment in tcp_conn_request() and the full-socket assignment in cookie_tcp_reqsk_init() set txhash from the cookie for IPv4 and IPv6 alike. On IPv6 this drives ECMP path selection; on IPv4, which does not use sk_txhash for ECMP, it only affects TX-queue selection. That selection scales the hash by its high bits (reciprocal_scale()), which are uniform in the keyed secure_tcp_syn_cookie() output -- the MSS index only perturbs the low bits -- so the queue distribution matches net_tx_rndhash(). cookie_init_sequence() is split from the former version that also called tcp_synq_overflow() and incremented SYNCOOKIESSENT; those side effects are now in cookie_record_sent(), called after route_req() succeeds so they are not bumped when route_req() fails. cookie_record_sent() is guarded by CONFIG_SYN_COOKIES to match the guard on tcp_synq_overflow(). route_req() receives 0 as tw_isn for the syncookie path so that tcp_v6_init_req() still saves ireq->pktopts for REPFLOW flowlabel reflection and IPv6 cmsg options. The ecn_ok clear for syncookies without timestamps stays after tcp_ecn_create_request() so it takes precedence. Signed-off-by: Neil Spring <ntspring@meta.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20260615042158.1600746-2-ntspring@meta.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: airoha: Fix MODULE_LICENSE to match SPDX GPL-2.0-only identifierWayen.Yan
Both airoha_eth.c and airoha_npu.c declare SPDX-License-Identifier: GPL-2.0-only but use MODULE_LICENSE("GPL"), which the kernel module loader interprets as GPL-2.0+ (any GPL version). This mismatch causes license compliance tools (FOSSology, ScanCode, etc.) to misidentify the effective license as more permissive than intended. Replace MODULE_LICENSE("GPL") with MODULE_LICENSE("GPL v2") to align with the GPL-2.0-only SPDX identifier. Per include/linux/module.h, "GPL v2" maps to GPL-2.0-only, matching the source files' declared license. Signed-off-by: Wayen <win847@gmail.com> Link: https://patch.msgid.link/6a2ded59.63d39acb.391892.7632@mx.google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15sctp: correct CONFIG_SCTP_DBG_OBJCNT macro name in commentEthan Nelson-Moore
A comment in <net/sctp/sctp.h> incorrectly refers to CONFIG_SCTP_DBG_OBJCOUNT instead of CONFIG_SCTP_DBG_OBJCNT. Correct it. Discovered while searching for CONFIG_* symbols referenced in code but not defined in any Kconfig file. Signed-off-by: Ethan Nelson-Moore <enelsonmoore@gmail.com> Link: https://patch.msgid.link/20260613233725.162470-1-enelsonmoore@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net/mlx5: HWS: correct CONFIG_MLX5_HW_STEERING macro name in commentEthan Nelson-Moore
A comment in drivers/net/ethernet/mellanox/mlx5/core/steering/hws/fs_hws.h incorrectly refers to CONFIG_MLX5_HWS_STEERING instead of CONFIG_MLX5_HW_STEERING. Correct it. Discovered while searching for CONFIG_* symbols referenced in code but not defined in any Kconfig file. Signed-off-by: Ethan Nelson-Moore <enelsonmoore@gmail.com> Reviewed-by: Gal Pressman <gal@nvidia.com> Link: https://patch.msgid.link/20260613225904.140791-1-enelsonmoore@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: airoha: Fix typos in comments and KconfigWayen.Yan
Fix several typos found during code review: - Kconfig: "Aiorha" -> "Airoha" in NET_AIROHA_FLOW_STATS help text - Comment: "CMD1" -> "CDM1" (Central DMA, not Command) - Comments: "GMD1/2/3/4" -> "GDM1/2/3/4" (Gigabit DMA, not GMD) These are pure comment and documentation fixes with no functional impact. Signed-off-by: Wayen.Yan <win847@gmail.com> Acked-by: Lorenzo Bianconi <lorenzo@kernel.org> Link: https://patch.msgid.link/6a2ca74a.c5b1db4e.21a698.01e7@mx.google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: airoha: Fix always-true condition in PPE1 queue reservation loopWayen.Yan
In airoha_fe_pse_ports_init(), the inner condition for PPE1 queue reservation is identical to the for-loop bound, making it always true and the else branch dead code: for (q = 0; q < pse_port_num_queues[FE_PSE_PORT_PPE1]; q++) { if (q < pse_port_num_queues[FE_PSE_PORT_PPE1]) /* always true */ set RSV_PAGES; else set 0; /* unreachable */ } The intended behavior is to reserve pages only for the first half of the queues, matching the PPE2 implementation on line 334 which correctly uses the /2 divisor. Fix the PPE1 condition accordingly. Fixes: 23020f049327 ("net: airoha: Introduce ethernet support for EN7581 SoC") Signed-off-by: Wayen.Yan <win847@gmail.com> Acked-by: Lorenzo Bianconi <lorenzo@kernel.org> Link: https://patch.msgid.link/6a2ca3de.ad59c0a6.147df9.2ac1@mx.google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: airoha: Fix non-standard return value in airoha_ppe_get_wdma_info()Wayen.Yan
airoha_ppe_get_wdma_info() returns -1 when the last path in the forwarding path stack is not of type DEV_PATH_MTK_WDMA. This is not a standard kernel error code. Replace it with -EINVAL since the input path type is invalid from the caller's perspective. Signed-off-by: Wayen.Yan <win847@gmail.com> Acked-by: Lorenzo Bianconi <lorenzo@kernel.org> Link: https://patch.msgid.link/6a2ca3d9.ad59c0a6.147df9.2a62@mx.google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15Merge branch 'docs-net-more-adjustments-to-docs'Jakub Kicinski
Jakub Kicinski says: ==================== docs: net: more adjustments to docs A few small updates to the docs. This is trying to prepare docs for getting fed directly into AI reviews. ==================== Link: https://patch.msgid.link/20260613165846.2913092-1-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15docs: net: fix minor issues with strparser docsJakub Kicinski
Not sure if anyone would read this doc, but the API has evolved since it was written. Update to: - show the int return type for strp_init() - refer to strp_data_ready(), not the old strp_tcp_data_ready() name - direct users to strp_msg(skb) for strparser metadata instead of treating skb->cb as struct strp_msg directly Link: https://patch.msgid.link/20260613165846.2913092-4-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15docs: net: fix minor issues with devlink docsJakub Kicinski
Update devlink documentation to match current code: - describe health reporter defaults (it's currently under "callbacks"), best-effort auto-dump, and port-scoped reporters - fix generic parameter names and values - fix nested devlink setup wording and registration ordering Link: https://patch.msgid.link/20260613165846.2913092-3-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15docs: net: tls-offload: document tls_dev_del, tls_dev_resync, and rekeyJakub Kicinski
Fill in some gaps in the TLS offload doc: - describe the tls_dev_del and tls_dev_resync callbacks - add a mention of rekeying being out of scope for now Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Link: https://patch.msgid.link/20260613165846.2913092-2-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-16KVM: x86/mmu: Ensure hugepage is in by slot before checking max mapping levelSean Christopherson
When recovering hugepages in the shadow MMU, verify that the base gfn of the shadow page is actually contained within the target memslot, *before* querying the max mapping level given the shadow page's gfn. Failure to pre-check the validity of the gfn can lead to an out-of-bounds access to the slot's lpage_info (which typically manifests as a host #PF because the lpage_info is vmalloc'd) if the guest creates a hugepage mapping (in its PTEs) that extends "below" the bounds of a memslot. When faulting in memory for a guest, and the size of the guest mapping is greater than KVM's (current) max mapping, then KVM will create a "direct" shadow page (direct in that there are no gPTEs to shadow, and so the target gfn is a direct calculation given the base gfn of the shadow page). The hugepage recovery flow looks for such direct shadow pages, as forcing 4KiB mappings when dirty logging generates the guest > host mapping size case. When the 4KiB restriction is lifted, then KVM can replace the shadow page with a hugepage. But if KVM originally used a smaller mapping than the guest because the range of memory covered by the guest hugepage exceeds the bounds of a memslot, then KVM will link a direct shadow page with a gfn that is outside the bounds of the memslot being used to fault in memory. The rmap entry added for the leaf mapping is correct and within bounds, but the gfn of the leaf SPTE's parent shadow page will be out of bounds. BUG: unable to handle page fault for address: ffffc90000806ffc #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 100000067 P4D 100000067 PUD 1002a7067 PMD 10612f067 PTE 0 Oops: Oops: 0000 [#1] SMP CPU: 13 UID: 1000 PID: 757 Comm: mmu_stress_test Not tainted 7.1.0-rc1-48ce1e26eace-x86_pir_to_irr_comments-vm #341 PREEMPT Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:kvm_mmu_max_mapping_level+0x79/0x2b0 [kvm] Call Trace: <TASK> kvm_mmu_recover_huge_pages+0x21b/0x320 [kvm] kvm_set_memslot+0x1ee/0x590 [kvm] kvm_set_memory_region.part.0+0x3a1/0x4d0 [kvm] kvm_vm_ioctl+0x9bf/0x15d0 [kvm] __x64_sys_ioctl+0x8a/0xd0 do_syscall_64+0xb7/0xbb0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7f21c0f1a9bf </TASK> Don't bother pre-checking the bounds of the potential hugepage, i.e. don't check that e.g. sp->gfn + KVM_PAGES_PER_HPAGE(sp->role.level + 1) is also within the memslot, as the checks performed by kvm_mmu_max_mapping_level() are a superset of the basic bounds checks. I.e. pre-checking the full range would be a dubious micro-optimization. Fixes: 9eba50f8d7fc ("KVM: x86/mmu: Consult max mapping level when zapping collapsible SPTEs") Cc: stable@vger.kernel.org Cc: David Matlack <dmatlack@google.com> Cc: James Houghton <jthoughton@google.com> Cc: Alexander Bulekov <bkov@amazon.com> Cc: Fred Griffoul <fgriffo@amazon.co.uk> Cc: Alexander Graf <graf@amazon.de> Cc: David Woodhouse <dwmw@amazon.co.uk> Cc: Filippo Sironi <sironi@amazon.de> Cc: Ivan Orlov <iorlov@amazon.co.uk> Signed-off-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2026-06-16KVM: x86: Fix shadow paging use-after-free due to unexpected rolePaolo Bonzini
Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and computed GFNs; the bug could be triggered by changing a PDE mapping from outside the guest, and then deleting a memslot. The rmap_remove() call would miss entries created after the PDE change because the GFN of the leaf SPTE does not match the GFN of the struct kvm_mmu_page. A similar hole however remains if the modified PDE points to a non-leaf page. In this case the gfn can be made to match, but the role does not match: the original large 2MB page creates a kvm_mmu_page with direct=1, while the new 4KB needs a kvm_mmu_page with direct=0. However, kvm_mmu_get_child_sp() does not compare the role, and therefore reuses the page. The next step is installing a leaf (4KB) SPTE on the new path which records an rmap entry under the gfn resolved by the walk. But when that child is zapped its parent kvm_mmu_page has direct=1 and kvm_mmu_page_get_gfn() computes the gfn for the 4KB page as sp->gfn + index instead of using sp->shadowed_translation[] (or sp->gfns[] in older kernels). It therefore fails to remove the recorded entry. When the memslot is dropped the shadow page is freed but the rmap entry survives, as in the scenario that was already fixed. Code that later walks that gfn (dirty logging, MMU notifier invalidation, and so on) dereferences an sptep that lies in the freed page, causing the use-after-free. Fixes: 2032a93d66fa ("KVM: MMU: Don't allocate gfns page for direct mmu pages") Reported-by: Hyunwoo Kim <imv4bel@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2026-06-15Merge branch 'net-atlantic-add-ptp-support-for-aqc113-antigua'Jakub Kicinski
Sukhdeep Singh says: ==================== net: atlantic: add PTP support for AQC113 (Antigua) This series adds IEEE 1588 PTP support for the AQC113 (Antigua) network controller. AQC113 is the successor to the existing AQC107 (Atlantic) chip already supported by the atlantic driver. AQC113 uses a substantially different hardware architecture for PTP compared to AQC107: - Dual on-chip TSG clocks with direct register access instead of PHY-based timestamping via firmware - TX timestamps via descriptor writeback instead of firmware mailbox - Hardware L3/L4 RX filters for PTP multicast steering with both IPv4 and IPv6 support - Reference-counted shared filter slots managed through an Action Resolver Table (ART), allowing multiple rules to share L3/L4 hardware filters when their match criteria are identical The series is structured in four parts: Patches 1-3 prepare the existing L3/L4 filter path: Patch 1 corrects flow_type masking and IPv6 address handling in aq_set_data_fl3l4(). Patch 2 moves the active_ipv4/ipv6 bitmap updates to after the hardware write succeeds. Patch 3 decouples the function from driver-internal structures so it can be called directly by the AQC113 PTP filter setup code. Patches 4-5 add the AQC113 hardware infrastructure: Patch 4 adds the low-level register definitions and accessor functions. Patch 5 adds filter data structures and firmware capability query. Patches 6-7 implement the AQC113 L2/L3/L4 RX filter management: Patch 6 fixes the AQC113 HW init path: ART section selection, L2 filter slot assignment, and MAC address programming. Patch 7 implements the complete L3/L4 RX filter ops including reference- counted ART sharing and IPv4/IPv6 steering. Patches 8-12 add the AQC113 PTP feature: Patch 8 reserves the dedicated PTP traffic class buffer and configures the TX path. Patch 9 extends the hw_ops interface with PTP-specific function pointers and updates AQC107 to the new signatures. Patches 10-12 implement the full PTP subsystem: Patch 10 adds the hw_atl2 register-level PTP clock ops, Patch 11 adds TX timestamp polling and PTP TX traffic classification, and Patch 12 integrates PTP into aq_ptp and the driver core. The existing AQC107 PTP implementation is not functionally changed by this series; AQC113-specific code paths are gated on chip detection throughout. Tested on AQC113 at 1G, 2.5G, 5G, and 10G link speeds using ptp4l/phc2sys with hardware timestamping in both L2 and L4 (IPv4/IPv6) modes. ==================== Link: https://patch.msgid.link/20260610115448.272-1-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: atlantic: add AQC113 PTP support in aq_ptp and driver coreSukhdeep Singh
aq_ptp.c / aq_ptp.h: - Add aq_ptp_state enum (AQ_PTP_FIRST_INIT, AQ_PTP_LINK_UP, AQ_PTP_NO_LINK) to distinguish first init from link-change events; on AQC113 only reset the TSG clock on first init to avoid disrupting ongoing synchronization. - Add aq_ptp_dpath_enable() for comprehensive L3/L4 PTP filter setup/teardown, replacing the previous single-filter approach with an array of 4 slots for IPv4 and IPv6 PTP multicast addresses (224.0.1.129, 224.0.0.107, ff0e::181, ff02::6b). - Add aq_ptp_parse_rx_filters() to map hwtstamp_rx_filters to L2/L4 enable flags and call aq_ptp_dpath_enable(). - Re-apply RX filters on link change (hardware state lost after reset). - Extend PTP ring alloc/init/start/stop to handle AQC113 PTP ring ops. - Add per-instance PTP offset table for AQC113 with empirically measured values at 100M/1G/2.5G/5G/10G link speeds. - Export aq_ptp_dpath_enable() and updated ring helpers in aq_ptp.h. aq_hw.h: - Include hw_atl2/hw_atl2.h for AQC113 PTP type definitions. aq_nic.c: - Account for PTP IRQ vector (AQ_HW_PTP_IRQS) in vector count math. - Call hw_atl2 PTP re-enable hook after hardware reset in aq_nic_update_link_status(). aq_pci_func.c: - Pass PTP IRQ index to aq_ptp_irq_alloc() in probe path. Signed-off-by: Sukhdeep Singh <sukhdeeps@marvell.com> Link: https://patch.msgid.link/20260610115448.272-13-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: atlantic: add AQC113 TX timestamp polling and PTP TX classificationSukhdeep Singh
aq_ring.h / aq_ring.c: - Add ptp_ts_deadline field to aq_ring_s to track TX timestamp timeout. - In aq_ring_tx_clean(): when hw_ring_tx_ptp_get_ts() returns 0 (HW not yet written back the timestamp), clear buff->is_mapped and buff->pa before breaking to prevent double dma_unmap on retry. When ptp_ts_deadline expires, dequeue and drop the head of skb_ring to keep it in lockstep with buff_ring, then clear request_ts and free the skb via dev_kfree_skb_any() to unblock the ring. aq_main.c: - Add IPv6 PTP packet detection in aq_ndev_start_xmit() using ipv6_hdr()->nexthdr for ETH_P_IPV6 frames, steering them through aq_ptp_xmit() alongside the existing IPv4 path. - Use PTP_EV_PORT/PTP_GEN_PORT constants instead of magic numbers 319/320. - Remove duplicate aq_reapply_rxnfc_all_rules() and aq_filters_vlans_update() calls from aq_ndev_open() - now covered by aq_nic_start(), which also ensures filters are restored correctly after PM resume. aq_nic.c: - Move aq_reapply_rxnfc_all_rules() and aq_filters_vlans_update() into aq_nic_start() after hardware init, replacing the duplicate calls that were removed from aq_ndev_open(). Signed-off-by: Sukhdeep Singh <sukhdeeps@marvell.com> Link: https://patch.msgid.link/20260610115448.272-12-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: atlantic: add AQC113 PTP hardware ops in hw_atl2Sukhdeep Singh
Add the hardware-layer PTP implementation for AQC113 (Antigua): - hw_atl2.h/hw_atl2_utils.h/hw_atl2_internal.h: add PTP offset constants, RX timestamp size (HW_ATL2_RX_TS_SIZE=8), and reduced HW_ATL2_RXBUF_MAX=172 (AQC113 on-chip RX packet buffer hardware limit for data TCs). - hw_atl2.c: implement hw_atl2_enable_ptp() to reset and enable TSG clocks and set PTP TC scheduling priority after hardware reset. - hw_atl2.c: implement hw_atl2_adj_sys_clock(), hw_atl2_adj_clock_freq(), and aq_get_ptp_ts() for TSG clock read/adjust/increment operations. - hw_atl2.c: implement hw_atl2_gpio_pulse() for PPS output generation via TSG pulse generator. - hw_atl2.c: implement hw_atl2_hw_tx_ptp_ring_init() and hw_atl2_hw_rx_ptp_ring_init() for PTP ring setup. - hw_atl2.c: implement hw_atl2_hw_ring_tx_ptp_get_ts() to read TX timestamp from descriptor writeback, and hw_atl2_hw_rx_extract_ts() to extract RX timestamp from the 8-byte packet trailer. - hw_atl2.c: add hw_atl2_hw_get_clk_sel() helper. - Wire all new ops into hw_atl2_ops. Signed-off-by: Sukhdeep Singh <sukhdeeps@marvell.com> Link: https://patch.msgid.link/20260610115448.272-11-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: atlantic: extend hw_ops and TX descriptor for AQC113 PTPSukhdeep Singh
Extend the aq_hw_ops interface with new function pointers required for PTP support on AQC113: - enable_ptp: enable/disable PTP counter with clock selection - hw_ring_tx_ptp_get_ts: read TX timestamp from descriptor writeback - hw_tx_ptp_ring_init/hw_rx_ptp_ring_init: per-ring PTP initialization - hw_get_clk_sel: query active TSG clock selection Update existing hw_ops signatures to support AQC113 dual-clock architecture: - hw_gpio_pulse: add clk_sel and hightime parameters - hw_extts_gpio_enable: add channel parameter Add PTP-related hardware defines: - AQ_HW_TXD_CTL_TS_EN/TS_TSG0 for TX descriptor timestamp control - AQ2_HW_PTP_COUNTER_HZ for AQC113 TSG clock frequency - AQ_HW_PTP_IRQS for PTP interrupt vector accounting - PTP enable flags (L2/L4) and TSG clock selection constants Add request_ts and clk_sel bitfields to aq_ring_buff_s for per-packet TX timestamp request tracking. Update hw_atl_b0.c (AQC107) implementations: - Adapt gpio_pulse and extts_gpio_enable to new signatures - Add TX descriptor timestamp bits for AQC113 when ANTIGUA chip feature is detected Signed-off-by: Sukhdeep Singh <sukhdeeps@marvell.com> Link: https://patch.msgid.link/20260610115448.272-10-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: atlantic: add AQC113 PTP traffic class and TX path setupSukhdeep Singh
Add PTP traffic class (TC) buffer reservation and TX path improvements for AQC113: - Reserve dedicated TX and RX buffer space for PTP TC when PTP is enabled, reducing user TC buffers accordingly (TX: 8KB, RX: 16KB). - Configure PTP TC with no flow control and highest priority scheduling to ensure timely PTP packet transmission. TX path improvements: - Increase TX data and descriptor read-request limits when firmware has already enabled extended PCIe tag mode. Also simplify RSS queue calculation in hw_atl2_hw_rss_set() by extracting to a local variable and use unsigned types for loop variables to match their usage. Signed-off-by: Sukhdeep Singh <sukhdeeps@marvell.com> Link: https://patch.msgid.link/20260610115448.272-9-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: atlantic: implement AQC113 L2/L3/L4 RX filter opsSukhdeep Singh
Implement complete RX filter management for AQC113 hardware: - Add tag-based ethertype filter policy (hw_atl2_filter_tag_get/put) that allocates and releases ART tags for L2 ethertype filters. - Add L3/L4 filter sharing via serialized usage counters in hw_atl2_l3_filter/hw_atl2_l4_filter, managed through hw_atl2_rxf_l3_get/put and hw_atl2_rxf_l4_get/put. - Implement L3 (IPv4/IPv6 source/destination address and protocol) filter find, get (program HW and increment refcount), and put (decrement refcount and clear HW when last user releases). - Implement L4 (TCP/UDP/SCTP source/destination port) filter management with the same find/get/put pattern. - Add combined L3L4 filter configuration (hw_atl2_new_fl3l4_configure) that translates legacy aq_rx_filter_l3l4 commands into AQC113 separate L3+L4 filter programming with Action Resolver Table (ART) entries. - Add L2 ethertype filter set/clear (hw_atl2_hw_fl2_set/clear) with tag-based ART integration. - Wire .hw_filter_l2_set, .hw_filter_l2_clear, .hw_filter_l3l4_set into hw_atl2_ops. Signed-off-by: Sukhdeep Singh <sukhdeeps@marvell.com> Link: https://patch.msgid.link/20260610115448.272-8-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: atlantic: fix AQC113 HW init: ART, L2 filter slot, MAC addressSukhdeep Singh
Fix initialization issues in hw_atl2 to correctly support AQC113: - hw_atl2_hw_reset: replace unconditional priv memset with selective field clears so that l3l4_filters[].l3_index and l4_index can be initialized to -1 (not allocated) rather than 0; 0 is a valid filter index and would incorrectly appear as an occupied slot after a reset. - hw_atl2_hw_init_new_rx_filters: use firmware-reported ART section base and count (clamped to 16) instead of hardcoded 0xFFFF mask; enable simultaneous IPv4/IPv6 L3 filter mode (rpf_l3_v6_v4_select); tag the UC MAC slot using firmware-supplied l2_filters_base_index instead of hardcoded HW_ATL2_MAC_UC. - hw_atl2_hw_init_rx_path: enable only the firmware-assigned MAC slot (priv->l2_filters_base_index) instead of always slot 0. - Add hw_atl2_hw_mac_addr_set() that programs the MAC address into the firmware-assigned L2 filter slot. Wire into hw_atl2_ops replacing the A1 hw_atl_b0_hw_mac_addr_set; call it from hw_init. - Wire .hw_get_regs into hw_atl2_ops. Signed-off-by: Sukhdeep Singh <sukhdeeps@marvell.com> Link: https://patch.msgid.link/20260610115448.272-7-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: atlantic: add AQC113 filter data structures, firmware query and ↵Sukhdeep Singh
register dump Add filter infrastructure for AQC113 hardware: - Define L3 (IPv4/IPv6), L4 (TCP/UDP/SCTP), and combined L3L4 filter structures with serialized usage counter for filter sharing. - Define tag policy structure for ethertype filter management. - Add RPF L3/L4 command bit definitions for filter programming. - Add filter count constants for L3L4, L3V4, L4, VLAN, and ethertype. - Extend hw_atl2_priv with filter arrays, base indices, and counts discovered from firmware. Query filter capabilities from firmware shared memory at init time to discover available L2/L3/L4/VLAN/ethertype filter resources and ART (Action Resolver Table) configuration. Add hardware register dump utility for AQC113 debug support. Signed-off-by: Sukhdeep Singh <sukhdeeps@marvell.com> Link: https://patch.msgid.link/20260610115448.272-6-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: atlantic: add AQC113 hardware register definitions and accessorsSukhdeep Singh
Add low-level hardware register definitions and accessor functions for AQC113 (Antigua) chip features: - L3/L4 filter command, tag, and address registers for IPv4/IPv6 - Ethertype filter tag registers - TSG (Time Stamp Generator) clock control, modification, and GPIO event generation/input timestamp registers - TX descriptor timestamp writeback, timestamp enable, and AVB enable registers - TX data/descriptor read request limit registers - TPB highest priority TC registers - PCIe extended tag enable register - RX descriptor timestamp request register - Action resolver section enable getter - GPIO special mode and TSG external GPIO TS input select Signed-off-by: Sukhdeep Singh <sukhdeeps@marvell.com> Link: https://patch.msgid.link/20260610115448.272-5-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: atlantic: decouple aq_set_data_fl3l4() from driver internalsSukhdeep Singh
Refactor aq_set_data_fl3l4() to take an ethtool_rx_flow_spec pointer and an explicit HW register location instead of driver-internal structures (aq_nic_s, aq_rx_filter). This makes the function reusable for PTP filter setup which constructs flow specs independently. Key changes: - Add aq_is_ipv6_flow_type() helper to derive IPv6 status from the flow_type field, replacing the dependency on rx_fltrs->fl3l4.is_ipv6 shared state. - Change aq_set_data_fl3l4() signature to accept (fsp, data, location, add) and export it via aq_filters.h. - Update aq_add_del_fl3l4() to compute the HW register location and pass it explicitly. Signed-off-by: Sukhdeep Singh <sukhdeeps@marvell.com> Link: https://patch.msgid.link/20260610115448.272-4-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: atlantic: move active_ipv4/ipv6 bitmap updates after HW writeSukhdeep Singh
Move active_ipv4/active_ipv6 bitmap updates from aq_set_data_fl3l4() into aq_add_del_fl3l4() after the hardware write succeeds. The bitmaps track which filter slots are actively programmed in hardware and must only be updated once the HW write is confirmed. The bitmap updates in aq_nic_reserve_filter() and aq_nic_release_filter() are intentionally retained: they guard the aq_check_approve_fl3l4() IPv4/IPv6 mixing validation for callers such as the AQC113 PTP path that program filters directly via hw_atl2_new_fl3l4_configure() without going through aq_add_del_fl3l4(). Signed-off-by: Sukhdeep Singh <sukhdeeps@marvell.com> Link: https://patch.msgid.link/20260610115448.272-3-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: atlantic: correct L3L4 filter flow_type masking and IPv6 handlingSukhdeep Singh
Correct three issues in aq_set_data_fl3l4() required for the AQC113 PTP filter path introduced later in this series: 1. Mask FLOW_EXT from flow_type before the protocol switch statement. Flow types with FLOW_EXT set (e.g. TCP_V4_FLOW | FLOW_EXT) fall through to the default case and skip protocol comparison flags. 2. Extend the L3 address comparison check to cover all four IPv6 words. The original code only checked ip_src[0]/ip_dst[0] and required !is_ipv6, so CMP_SRC_ADDR_L3/CMP_DEST_ADDR_L3 were never set for IPv6 filters. 3. Use explicit flow type checks for port extraction instead of negating IP_USER_FLOW/IPV6_USER_FLOW. The old check did not mask FLOW_EXT, so IP_USER_FLOW | FLOW_EXT would incorrectly attempt port extraction. Use the actual flow type to pick the correct union member directly. Signed-off-by: Sukhdeep Singh <sukhdeeps@marvell.com> Link: https://patch.msgid.link/20260610115448.272-2-sukhdeeps@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15Merge branch 'net-dsa-netc-add-bridge-mode-support'Jakub Kicinski
Wei Fang says: ==================== net: dsa: netc: add bridge mode support This series adds bridge mode support to the NETC DSA switch driver, covering both VLAN-aware and VLAN-unaware operation. The NETC switch manages forwarding through a set of hardware tables accessed via NTMP: the FDB table (FDBT), VLAN filter table (VFT), egress treatment table (ETT), and egress count table (ECT). The series extends the NTMP layer with the operations required for bridging, then builds the DSA bridge callbacks on top. Since all switch ports share the VFT, so only one VLAN-aware bridge is supported. FDB aging is managed in software. A periodic delayed work sweeps the table using the hardware activity element mechanism, with a default aging time of 300 seconds matching the IEEE 802.1Q standard. Per-port entries are also flushed immediately on bridge leave and link-down events. ==================== Link: https://patch.msgid.link/20260611021458.2629145-1-wei.fang@oss.nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-15net: dsa: netc: implement dynamic FDB entry ageingWei Fang
The NETC switch does not age out dynamic FDB entries automatically. Without software management, stale entries persist after topology changes and cause incorrect forwarding. Add a delayed work that periodically removes entries that have not been refreshed within the specified cycles. The effective ageing time is: ageing_time = fdbt_ageing_delay * 100 Default values are 3s interval and 100 cycles (300s total), matching the IEEE 802.1Q default ageing time. The work starts when the first port joins a bridge (tracked via br_cnt) and is cancelled when the last port leaves. All FDB operations are serialized under fdbt_lock. Implement .set_ageing_time() to allow the bridge layer to reconfigure ageing parameters on demand. Signed-off-by: Wei Fang <wei.fang@nxp.com> Link: https://patch.msgid.link/20260611021458.2629145-10-wei.fang@oss.nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>