summaryrefslogtreecommitdiff
path: root/drivers
AgeCommit message (Collapse)Author
2026-06-14i3c: master: Move DAA API functions after i3c_master_add_i3c_dev_locked()Adrian Hunter
Relocate i3c_master_do_daa_ext() and i3c_master_do_daa() so they appear after i3c_master_add_i3c_dev_locked(). This ordering is required for upcoming changes where the DAA flow will (indirectly) rely on i3c_master_add_i3c_dev_locked() functionality. Reordering avoids forward dependency issues and keeps related code paths logically arranged. No functional change. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260612080107.11606-7-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: master: Make i3c_master_add_i3c_dev_locked() return voidAdrian Hunter
The return value of i3c_master_add_i3c_dev_locked() is not used by any caller, and callers are not in a position to recover from failures in this path. Change the function to return void. Amend the kernel-doc accordingly, fix some grammar and remove a stale paragraph. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260612080107.11606-6-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Tolerate i3c_master_add_i3c_dev_locked() failures in DAAAdrian Hunter
i3c_master_add_i3c_dev_locked() no longer leaves the address marked as free on failure, so aborting the DAA sequence on its error is unnecessary. Failure to register a discovered device does not invalidate the entire Dynamic Address Assignment (DAA) procedure. Align with the behavior of other I3C master drivers by ignoring errors from i3c_master_add_i3c_dev_locked() and continuing enumeration. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260612080107.11606-5-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: master: Prevent reuse of dynamic address on device add failureAdrian Hunter
i3c_master_add_i3c_dev_locked() is called after a device has already been assigned a dynamic address. If the function fails, the address remains marked as free and may be reallocated to another device, leading to address conflicts on the bus. Ensure the address is not marked as free on failure, by updating the address slot state to prevent the address from being re-used. Emit an error message to inform of the failure. Opportunistically remove the !master check because it is impossible. Note, directly resetting the device's dynamic address is no longer an option, since Direct RSTDAA was deprecated from I3C starting from version 1.1 and v1.1 (or later) target devices are meant to NACK it. Fixes: 3a379bbcea0af ("i3c: Add core I3C infrastructure") Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260612080107.11606-4-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Ignore DISEC failures when disabling IBIsAdrian Hunter
Disabling IBIs currently returns the result of the DISEC CCC, causing i3c_hci_disable_ibi() to fail if the transfer errors out. However, the controller has already been programmed to reject IBIs by setting DAT_0_SIR_REJECT, so the target’s IBIs are effectively disabled from the host side regardless of the outcome of the DISEC command. At this point, teardown of the IBI infrastructure can safely proceed even if DISEC fails. Note, from then on, the MIPI I3C HCI not only NACKs the target's IBI but automatically sends another DISEC command. Make i3c_hci_disable_ibi() resilient by ignoring the return value of i3c_master_disec_locked() and always returning success. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260612080107.11606-3-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Fix race in i3c_hci_addr_to_dev()Adrian Hunter
i3c_hci_addr_to_dev() walks bus->devs.i3c, which is protected by bus.lock (rwsem). However, it is invoked from the MIPI I3C HCI IRQ handler, which cannot take bus.lock. This allows concurrent device addition/removal in the I3C core to modify the list while it is being traversed, potentially leading to use-after-free or crashes. Remove the dependency on the bus device list and introduce a dedicated lookup table. Add an ibi_devs[] array indexed by DAT entry, maintained under hci->lock. Update the array when IBIs are enabled or disabled, so that it always reflects the set of devices allowed to generate IBIs. Also update when IBIs are freed, to cover the corner case when an IBI is freed without first being disabled (e.g. oldedev in i3c_master_add_i3c_dev_locked()). Move i3c_hci_addr_to_dev() into core.c, reimplement it using the new array, and add a lockdep assertion to enforce that hci->lock is held by callers. Demote a message in PIO and DMA IBI handling, from an error to a debug message, because there is a race window when the condition can arise normally. Fixes: 9ad9a52cce282 ("i3c/master: introduce the mipi-i3c-hci driver") Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260612080107.11606-2-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Add Hot-Join supportAdrian Hunter
Wire the MIPI I3C HCI driver into the I3C core Hot-Join framework to allow targets to dynamically join the bus after initial DAA. HCI hardware ACKs or NACKs Hot-Join requests based on HC_CONTROL.HOT_JOIN_CTRL. This was previously left in the NACK-and-DISEC state, effectively preventing Hot-Join. Implement the ->enable_hotjoin() and ->disable_hotjoin() master operations so the core and user space can control this policy at runtime. Also issue broadcast ENEC HJ when enabling Hot-Join. This is required because the controller may have previously DISEC'ed the Hot-Join event, causing targets that were NACKed once to never retry. Acknowledged Hot-Join requests are delivered as IBIs on the reserved address 0x02. Update both the DMA and PIO IBI paths to recognise this address and forward the event to i3c_master_queue_hotjoin(). To make Hot-Join usable by default, enable it once after the initial DAA. This is gated by rpm_ibi_allowed, since otherwise keeping Hot-Join enabled prevents runtime suspend. A new hj_init_done flag ensures this one-time enablement is not repeated on subsequent DAAs. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260608054312.10604-9-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: master: Export i3c_master_enec_disec_locked()Adrian Hunter
The existing i3c_master_enec_locked() wrapper always treats a NACKed ENEC CCC as a failure (M2 error). However, broadcasting ENEC to enable Hot-Join is legitimately useful even when no I3C devices are currently present on the bus, in which case the broadcast will be NACKed and should not be reported as an error. The underlying helper i3c_master_enec_disec_locked() already accepts a suppress_m2 flag that lets callers ignore such NACKs. Expose it so that a subsequent patch enabling Hot-Join events can issue ENEC with M2 suppression. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260608054312.10604-8-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: master: Defer new-device registration out of DAA caller contextAdrian Hunter
Master drivers may invoke i3c_master_do_daa_ext() during resume to re-run Dynamic Address Assignment. As well as assigning addresses to any newly arrived devices, this restores the dynamic address of devices that lost it across system suspend, so it has to run as part of the controller's resume path. A side effect of i3c_master_do_daa_ext() today is that it also registers any newly discovered I3C devices with the driver model inline, via i3c_master_register_new_i3c_devs(). Doing that from the resume path is problematic: a hot-join-capable device may join the bus during this same DAA, and registering it immediately would push driver model work (probing, sysfs, etc.) into the controller's resume context, where the rest of the system is not yet fully resumed and the controller driver is still partway through its own resume sequence. Decouple discovery from registration: add a reg_work work item to struct i3c_master_controller and have i3c_master_do_daa_ext() queue it on master->wq (the freezable workqueue) instead of calling i3c_master_register_new_i3c_devs() directly. The worker performs the registration only when the controller is not shutting_down, and is cancelled alongside hj_work in i3c_master_shutdown(). Because wq is freezable, any newly observed devices end up being registered after the system has finished resuming. i3c_master_register() also routes its initial post-bus-init registration through reg_work, using flush_work() to keep probe-time behavior synchronous. This keeps a single registration code path and ensures the worker is the only writer of desc->dev. Fixes: 3a379bbcea0af ("i3c: Add core I3C infrastructure") Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260608054312.10604-7-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: dw: Drop redundant Hot-Join cancel_work_sync() in shutdownAdrian Hunter
The I3C core now installs an i3c_bus_type shutdown callback that flushes master->hj_work (via i3c_master_shutdown()) before any driver's platform shutdown hook runs. The explicit cancel_work_sync() in dw_i3c_shutdown() is therefore redundant: by the time it executes, the Hot-Join worker has already been cancelled, and the shutting_down gate makes a new worker a no-op. Remove the now-unneeded call. No functional change. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260608054312.10604-6-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: master: Ensure Hot-Join operations are stopped on shutdownAdrian Hunter
System shutdown invokes each device's bus shutdown callback to quiesce hardware, but the I3C bus type does not currently implement one. As a result, on shutdown the controller's Hot-Join work and any in-flight i3c_master_do_daa() can keep running (or be newly triggered) while the rest of the system is being torn down. A similar window exists at i3c_master_unregister() time: cancel_work_sync() on hj_work prevents queued work from completing, but does not stop a fresh Hot-Join IBI from re-queueing the worker, nor a concurrent sysfs writer from toggling Hot-Join via i3c_set_hotjoin(). Introduce a single "shutting down" gate in the I3C core, set under the bus maintenance lock so it is observed by any in-progress DAA path before pending work is cancelled. Install an i3c_bus_type shutdown callback that engages this gate for master devices during system shutdown, and use the same gate in i3c_master_unregister() so both paths get identical guarantees. Once the gate is engaged, the Hot-Join worker, i3c_master_do_daa_ext() and i3c_set_hotjoin() all bail out cleanly, so Hot-Join IBIs that race with shutdown become no-ops, direct DAA callers see -ENODEV, and sysfs writers can no longer re-enable Hot-Join through ops->enable_hotjoin() while the controller is going away. No functional change for the steady-state runtime path; the new checks only take effect once the controller has been marked as shutting down. Note, this patch depends on patch "i3c: master: Consolidate Hot-Join DAA work in the core". Fixes: 3a379bbcea0af ("i3c: Add core I3C infrastructure") Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260608054312.10604-5-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: master: Consolidate Hot-Join DAA work in the coreAdrian Hunter
Three master drivers (dw-i3c-master, i3c-master-cdns, svc-i3c-master) each carry an essentially identical Hot-Join handler: a struct work_struct embedded in their private state, a work function that just calls i3c_master_do_daa() on the embedded i3c_master_controller, plus matching INIT_WORK()/cancel_work_sync() boilerplate in probe/remove (and shutdown for dw-i3c). The IBI/ISR paths then queue that work onto master->wq, which already lives in the core. Move this pattern into the I3C core: - Add struct work_struct hj_work to struct i3c_master_controller and initialise it in i3c_master_register() with a core-provided handler i3c_master_hj_work_fn() that performs i3c_master_do_daa(). - Cancel the work in i3c_master_unregister() so all controllers get correct teardown ordering against the workqueue for free. - Export i3c_master_queue_hotjoin() as the single entry point drivers call from their Hot-Join IBI handler. Convert the three existing users to the new API: drop their private hj_work fields, work functions, INIT_WORK() and cancel_work_sync() calls, and replace the queue_work(master->wq, &drv->hj_work) call sites with i3c_master_queue_hotjoin(&drv->base). The dw-i3c shutdown path still needs to flush pending Hot-Join work before tearing down the hardware, so it is updated to cancel master->base.hj_work directly. No functional change intended: the work is still queued on the same master->wq, runs the same i3c_master_do_daa(), and is cancelled at controller teardown. Future Hot-Join improvements now only need to be made in one place. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260608054312.10604-4-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: master: Serialize i3c_set_hotjoin() with the maintenance lockAdrian Hunter
i3c_set_hotjoin() dispatches the controller's enable_hotjoin() or disable_hotjoin() op and updates master->hotjoin under i3c_bus_normaluse_lock(). That lock is a read-side acquisition of bus->lock (down_read()), so it does not exclude concurrent callers. The hotjoin sysfs attribute can be opened multiple times, and writes through different opens are not serialized. Two concurrent writers to "hotjoin" can therefore race in i3c_set_hotjoin(), with the controller op and the master->hotjoin store from one call interleaving with the other. The hardware enable/disable state and the value reported by hotjoin_show() can end up out of sync. Take i3c_bus_maintenance_lock() instead. Toggling Hot Join enable changes bus state and is conceptually a maintenance operation, so the write-side acquisition of bus->lock is the appropriate lock and serializes concurrent callers against each other and against other maintenance operations. Fixes: 317bacf960a48 ("i3c: master: add enable(disable) hot join in sys entry") Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260608054312.10604-3-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: master: Make hot-join workqueue freezable to block hot-join during suspendAdrian Hunter
The I3C master workqueue (master->wq) is used to defer work that needs thread context and the bus maintenance lock, most notably Hot Join processing (which calls i3c_master_do_daa() to assign dynamic addresses to newly joined devices). Currently the workqueue keeps running across system suspend, which can race with the suspend path: - do_daa() may execute after the controller has been suspended, issuing bus transactions on a powered-down or otherwise unusable controller. - New I3C devices can be enumerated and added to the bus mid-suspend, registering driver model objects at a point where the I3C subsystem and its consumers are not prepared to handle them. Mark the workqueue WQ_FREEZABLE so its workers are frozen for the duration of system suspend/hibernate and resumed afterwards. This naturally defers any pending or newly queued Hot Join work until the system (and the controller) is fully resumed, closing both races without adding explicit suspend/resume synchronization in the master drivers. Update the kerneldoc for struct i3c_master_controller::wq to reflect that the workqueue is freezable. Fixes: 3a379bbcea0af ("i3c: Add core I3C infrastructure") Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260608054312.10604-2-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Increase DMA transfer ring size to maximumAdrian Hunter
The DMA transfer ring is currently limited to 16 entries, despite the MIPI I3C HCI supporting up to 32 devices. When the ring lacks space for a new transfer list, the driver returns -EBUSY, which can be unexpected for clients. Increase the DMA transfer ring size to the maximum supported value of 255 entries. This effectively eliminates ring-space exhaustion in practice and avoids the complexity of adding secondary queuing mechanisms. Even at the maximum size, the memory overhead remains small (approximately 24 bytes per entry by default). Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-18-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Consolidate DMA ring allocationAdrian Hunter
dma_alloc_coherent() allocates memory in whole pages, which can waste space when command and response queues are allocated separately. Allocate the DMA command and response queues from a single coherent allocation instead, while preserving the required 4-byte alignment. This reduces memory overhead without changing behavior. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-17-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Base timeouts on actual transfer start timeAdrian Hunter
Transfer timeouts are currently measured from the point where a transfer list is queued to the controller. This can cause transfers to time out before they have actually started, if earlier queued transfers consume the timeout interval. Fix this by recording when a transfer reaches the head of the queue and adjusting the timeout calculation to start from that point. The existing low-overhead completion-based timeout mechanism is preserved, but care is taken to ensure the transfer start time is consistently recorded for both PIO and DMA paths. This prevents premature timeouts while retaining efficient timeout handling. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-16-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Wait for NoOp commands to completeAdrian Hunter
When a transfer list is only partially completed due to an error, hci_dma_dequeue_xfer() overwrites the remaining DMA ring entries with NoOp commands and restarts the ring to flush them out. While NoOp commands are expected to complete successfully, they may still fail to complete if the DMA ring is stuck. Explicitly wait for the NoOp commands to finish, and trigger controller recovery if they do not complete or report an error. This ensures that partially completed transfer lists are reliably resolved and that a stuck ring is recovered promptly. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-15-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Add DMA-mode recovery for internal controller errorsAdrian Hunter
Handle internal I3C HCI errors when operating in DMA mode by adding a simple recovery mechanism. On detection of an internal controller error, mark recovery as needed and attempt to restore operation by performing a software reset followed by state restore. To keep recovery straightforward on this unlikely error path, all currently queued transfers are terminated and completed with an error. This allows the controller to resume operation after internal failures rather than remaining permanently stuck. Note, internal errors indicated by INTR_HC_INTERNAL_ERR, cause the controller to stop. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-14-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Factor out reset-and-restore helperAdrian Hunter
Factor the reset-and-restore sequence out of i3c_hci_rpm_resume() into a separate helper. This allows the same logic to be reused for recovery paths in subsequent changes without duplicating suspend/resume handling. No functional change. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-13-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Add DMA ring abort quirk for Intel controllersAdrian Hunter
DMA rings can be aborted either per-ring via RING_CONTROL or globally via HC_CONTROL_ABORT. The driver currently relies on the per-ring mechanism. Some Intel I3C HCI controllers require HC_CONTROL_ABORT to be asserted before a DMA ring abort is effective. This behavior is non-standard. Introduce a controller quirk to select the required abort method and enable it for Intel LPSS I3C controllers. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-12-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Factor out hci_dma_abort()Adrian Hunter
Factor out hci_dma_abort() from hci_dma_dequeue_xfer() in preparation for further changes. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-11-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Add DMA ring abort/reset quirk for Intel controllersAdrian Hunter
Some Intel I3C HCI controllers cannot reliably restart a DMA ring after an ABORT. Additional queue resets are required to recover, and must be performed using PIO reset bits even while operating in DMA mode. This behavior is non-standard. Introduce a controller quirk to opt into the required PIO queue resets after a DMA ring abort, and enable it for Intel LPSS I3C controllers. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-10-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Avoid restarting DMA ring after aborting wrong transferAdrian Hunter
Software ABORT of the DMA ring is used to recover from transfer list timeouts, but it is inherently racy. The intended transfer list may complete just before the ABORT takes effect, causing the subsequent transfer list to be aborted instead. In this case, an incomplete transfer list may remain in the ring and has not yet been processed by hci_dma_dequeue_xfer(). Restarting the DMA ring at that point can lead to unpredictable results. Detect when the next queued transfer is not the first entry of a transfer list and does not belong to the list currently being dequeued. In that case, skip restarting the DMA ring and defer recovery until a subsequent call to hci_dma_dequeue_xfer(), which will safely restart the ring once the incomplete list is handled. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-9-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Complete transfer lists immediately on errorAdrian Hunter
In DMA mode, transfer lists are currently completed only when the final transfer in the list completes. If an earlier transfer fails, the list is left incomplete and callers wait until timeout. There is no need to wait for a timeout, as the completion path in i3c_hci_process_xfer() already checks for error status. Complete the transfer list as soon as any transfer in the list reports an error. This avoids unnecessary delays and spurious timeouts on error. Complete a transfer list completion immediately there is an error. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-8-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Call hci_dma_xfer_done() from dequeue pathAdrian Hunter
hci_dma_dequeue_xfer() relies on state normally updated by the DMA interrupt handler. Ensure that state is current by explicitly invoking hci_dma_xfer_done() from the dequeue path. This handles cases where the interrupt handler has not (yet) run. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-7-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Move hci_dma_xfer_done() definitionAdrian Hunter
Move hci_dma_xfer_done() earlier in the file to avoid a forward declaration needed by a subsequent change. No functional change. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-6-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Wait for DMA ring restart to completeAdrian Hunter
Although hci_dma_dequeue_xfer() is serialized against itself via control_mutex, this does not guarantee that a DMA ring restart triggered by a previous invocation has fully completed. When the function is called again in rapid succession, the DMA ring may still be transitioning back to the running state, which may confound or disrupt further state changes. Address this by waiting for the DMA ring restart to complete before continuing. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-5-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Prevent DMA enqueue while ring is aborting or in errorAdrian Hunter
Block the DMA enqueue path while a Ring abort is in progress or after an error condition has been detected. Previously, new transfers could be enqueued while the DMA Ring was being aborted or while error handling was underway. This allowed enqueue and error-recovery paths to run concurrently, potentially interfering with each other and corrupting Ring state. Introduce explicit enqueue blocking and a wait queue to serialize access: enqueue operations now wait until abort or error handling has completed before proceeding. Enqueue is unblocked once the Ring is safely restarted. Note, there is only 1 ring bundle configured, and a transfer error causes the controller to halt ring (bundle) operation, so there is only ever 1 outstanding error at a time. Furthermore, a later patch ensures that only the currently active transfer list can time out. Consequently, the DMA queue will not be unblocked while there are outstanding transfer errors or timeouts. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-4-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Preserve RUN bit when aborting DMA ringAdrian Hunter
The MIPI I3C HCI specification does not require the DMA ring RUN bit (RUN_STOP) to be cleared when issuing an ABORT. That allows the DMA ring to continue to receive IBIs, although an IBI is anyway not lost because it can be received once the ring restarts if the I3C device has not given up. Note, currently ABORT is only used on a timeout error path so the change has very little effect in practice. In the more common case of a transfer error, the ring (bundle) operation is halted by the controller anyway. Adjust the RING_CONTROL handling to set ABORT without clearing RUN_STOP, bringing the driver into alignment with the specification. Fixes: b795e68bf3073 ("i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue") Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-3-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14i3c: mipi-i3c-hci: Fix suspend behavior when bus disable falls back to ↵Adrian Hunter
software reset Software reset was introduced as a fallback if bus disable failed. The change was made in 2 places: the cleanup path and the suspend path. For the cleanup path (i3c_hci_bus_cleanup()), after software reset the function continues to do cleanup for the current I/O mode. For the suspend path (i3c_hci_rpm_suspend()), after software reset the function returns early. However software reset does not reset any Ring Headers in the Host Controller, so returning early is not the right thing to do. Instead, continue to call suspend for the current I/O mode, which for DMA mode will reset any Ring Headers. Note, although Ring Headers should not be active at this stage, performing this reset follows the procedure defined by the specification and keeps the suspend path consistent with the cleanup path. Note also, i3c_hci_sync_irq_inactive() is still called via the PIO and DMA hci->io->suspend() callbacks. Always return 0 because the device is quiesced as much as possible and returning a negative error code would unnecessarily prevent system suspend. Fixes: 9a258d1336f7 ("i3c: mipi-i3c-hci: Fallback to software reset when bus disable fails") Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Reviewed-by: Frank Li <Frank.Li@nxp.com> Link: https://patch.msgid.link/20260603090754.16252-2-adrian.hunter@intel.com Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2026-06-14geneve: Fix off-by-one comparing with GRO_LEGACY_MAX_SIZEAlice Mikityanska
GRO_LEGACY_MAX_SIZE = 65536; total_len being 65536 is too big to fit into a u16. As can be seen in skb_gro_receive, packets bigger or equal to gro_max_size (or GRO_LEGACY_MAX_SIZE) are dropped with -E2BIG. Apply the same boundary to geneve_post_decap_hint to avoid writing 65536 to a 16-bit iph->tot_len field with an overflow. Fixes: fd0dd796576e ("geneve: use GRO hint option in the RX path") Signed-off-by: Alice Mikityanska <alice@isovalent.com> Reviewed-by: Willem de Bruijn <willemb@google.com> Link: https://patch.msgid.link/20260611192955.604661-3-alice.kernel@fastmail.im Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2026-06-14Merge branch 'for-next/perf' into for-next/coreWill Deacon
* for-next/perf: perf/arm-cmn: Fix DVM node events perf: qcom: Unify user-visible "Qualcomm" name MAINTAINERS: Update HiSilicon PMU driver maintainer to Yushan Wang
2026-06-14Merge tag 'iio-fixes-for-7.1b' of ↵Greg Kroah-Hartman
ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jic23/iio into char-misc-next IIO: 2nd set of fixes for the 7.1 cycle. Usual mixed bag of ancient issues and the recently introduced. Various drivers - Ensure use of simple_write_to_buffer() in debugfs callbacks doesn't result in reading off the end of intended data by checking the position is always 0. buffer/hw-consumer - Ensure scan_mask is freed on buffer release. acpi-als - Check ACPI_COMPANION() against NULL to close corner case where a driver is overridden. adi,ad4062 - Add GPIOLIB dependency to avoid undefined ref to gpiochip_get_data() adi.ad7768-1 - Add GPIOLIB dependency to avoid several undefined functions. adi,ad2s1210 - Ensure possible recovery path if a read fails in the interrupt handler. bosch,bmg160 - Increase sleep on startup to ensure device is ready. bosch,bmp280 - Ensure buffer pushed to kfifo is zeroed to avoid leaking uninitialized stack data to userspace. dyna-image,al3010 - Fix refactor that stopped reading one of the two measurement registers. dyna-image,al3320a - Fix refactor that stopped reading one of the two measurement registers. qcom,spmi-iadc - Ensure disable_irq_wake() is called on remove path. sensiron,scd30 - Fix a sign extension bug. st,vl5310x - Ensure possible recovery path if a read fails in the interrupt handler. ti,adc1298 - Bounds check for pga_settings index. Hardening against device returning unexpected values. ti,tmp006 - Ensure trigger correctly released on remove path. vishay,veml6030 - Fix incorrect channel type in events. vishay,veml6074 - Bounds check for veml6075_it_ms. Hardening against device returning unexpected values. * tag 'iio-fixes-for-7.1b' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jic23/iio: (23 commits) iio: adc: ad_sigma_delta: fix clear_pending_event for registerless devices iio: adc: ad_sigma_delta: fix CS held asserted and state leaks iio: light: opt3001: fix missing state reset on timeout iio: chemical: scd30: Cleanup initializations and fix sign-extension bug iio: core: fix uninitialized data in debugfs iio: backend: fix uninitialized data in debugfs iio: dac: ad3552r-hs: fix uninitialized data ni ad3552r_hs_write_data_source() iio: adc: qcom-spmi-iadc: balance enable_irq_wake() on driver unbind iio: light: al3320a: read both ALS ADC registers again iio: light: al3010: read both ALS ADC registers again iio: temperature: tmp006: use devm_iio_trigger_register iio: buffer: hw-consumer: free scan_mask on buffer release iio: adc: ad7768-1: Select GPIOLIB iio: light: veml6030: fix channel type when pushing events iio: light: acpi-als: Check ACPI_COMPANION() against NULL iio: resolver: ad2s1210: notify trigger and clear state on fault read error iio: proximity: vl53l0x: notify trigger and clear IRQ on error paths iio: gyro: bmg160: wait full startup time after mode change at probe iio: gyro: bmg160: bail out when bandwidth/filter is not in table iio: pressure: bmp280: zero-init bmp580 trigger handler buffer ...
2026-06-13Merge tag 'clk-fixes-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk fixes from Stephen Boyd: "Fixes for the Qualcomm and Google GS101 clk drivers: - Skip parking clks on some Qualcomm platforms so that the recovery console keeps working - Fix Google GS101 resume by using the correct div register" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: qcom: dispcc-sc8280xp: Don't park mdp_clk_src at registration time clk: samsung: gs101: Fix missing USI7_USI DIV clock in peric0_clk_regs clk: qcom: x1e80100-dispcc: Stop disp_cc_mdss_mdp_clk_src from getting parked
2026-06-13net: hns3: move fd code to a separate fileJijie Shao
The hclge_main.c file has become very large, so the fd code has been moved to a separate hclge_fd.c file. This patch only moves the code and does not modify any functionality. Signed-off-by: Jijie Shao <shaojijie@huawei.com> Link: https://patch.msgid.link/20260610060618.834987-7-shaojijie@huawei.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-13net: hns3: debugfs support for dumping fd rulesJijie Shao
Currently, the tc tool only supports adding and deleting rules from the driver but does not support querying rules from the driver. This patch adds a rule dump file in debugfs to check whether the driver's configuration matches the configuration issued by tc flow. Signed-off-by: Jijie Shao <shaojijie@huawei.com> Link: https://patch.msgid.link/20260610060618.834987-6-shaojijie@huawei.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-13net: hns3: support IP and tunnel VNI dissectors for tc flowJijie Shao
Currently, the driver does not support FLOW_DISSECTOR_KEY_IP and FLOW_DISSECTOR_KEY_ENC_KEYID. But the hardware supports ip_tos (FLOW_DISSECTOR_KEY_IP) and outer_tun_vni (FLOW_DISSECTOR_KEY_ENC_KEYID). This patch adds support for FLOW_DISSECTOR_KEY_IP and FLOW_DISSECTOR_KEY_ENC_KEYID. Additionally, since tc flow cannot effectively support l2_user_def, l3_user_def, and l4_user_def, this patch explicitly sets them to not be used. Signed-off-by: Jijie Shao <shaojijie@huawei.com> Link: https://patch.msgid.link/20260610060618.834987-5-shaojijie@huawei.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-13net: hns3: support two more actions for tc flowJijie Shao
Currently, the driver supports only one action:HCLGE_FD_ACTION_SELECT_TC. This patch adds support for HCLGE_FD_ACTION_SELECT_QUEUE and HCLGE_FD_ACTION_DROP_PACKET. A rule can have only one action. Therefore, the driver intercepts rules that have multiple actions or no action. Note: The driver considers cls_flower->classid as an action: HCLGE_FD_ACTION_SELECT_TC. Signed-off-by: Jijie Shao <shaojijie@huawei.com> Link: https://patch.msgid.link/20260610060618.834987-4-shaojijie@huawei.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-13net: hns3: improve the unused_tuple parameter settingJijie Shao
Currently, when the tc tool is used to set flow table rules, the IP address and MAC address can be configured separately, for example, src_xx or dst_xx can be configured separately. Therefore, the driver needs to check whether the mask is all zero in keys, such as FLOW_DISSECTOR_KEY_IPV4_ADDRS, FLOW_DISSECTOR_KEY_IPV6_ADDRS, and FLOW_DISSECTOR_KEY_ETH_ADDRS. If the mask is all zero, the tuple is not configured. In this case, the driver adds the tuple to unused_tuple. Signed-off-by: Jijie Shao <shaojijie@huawei.com> Link: https://patch.msgid.link/20260610060618.834987-3-shaojijie@huawei.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-13net: hns3: refactor add_cls_flower to prepare for multiple actionsJijie Shao
Remove the tc parameter from the add_cls_flower() ops callback and refactor action parsing to support future extensions for SELECT_QUEUE and DROP_PACKET actions. Changes: * Remove the tc parameter from the add_cls_flower() callback signature. * Extract TC-based action parsing into hclge_get_tc_flower_action(). * Move the dissector->used_keys check from hclge_parse_cls_flower() to hclge_check_cls_flower(), and restrict ETH_ADDRS to HCLGE_FD_MODE_DEPTH_2K_WIDTH_400B_STAGE_1 mode since hardware only supports MAC matching there. * Migrate error reporting from dev_err() to netlink extended ACK (extack). Signed-off-by: Jijie Shao <shaojijie@huawei.com> Link: https://patch.msgid.link/20260610060618.834987-2-shaojijie@huawei.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-13dpaa2-switch: unify the FDB update logic in dpaa2_switch_port_set_fdb()Ioana Ciornei
For both the join and leave paths, the logic goes through the following steps: determines which FDB should be used on a port after the current changeupper change, populate the private port structures with the new FDB and, if necessary, make as not used the old FDB. Instead of having two distinct paths inside the dpaa2_switch_port_set_fdb() for linking=true and linking=false, unify them. This will hopefully help in making this function easier to read. No behavior changes are expected. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Link: https://patch.msgid.link/20260610150912.1788482-6-ioana.ciornei@nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-13dpaa2-switch: move FDB selection for leave path into a helperIoana Ciornei
Move the FDB selection for when a port leaves bridge into a new helper - dpaa2_switch_fdb_for_leave(). This will hopefully make the dpaa2_switch_port_set_fdb() function easier to read and follow. The new helper only determines the FDB to be used, any updates into the private port structure still gets done in the set_fdb() function. No changes in the actual behavior are intended. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Link: https://patch.msgid.link/20260610150912.1788482-5-ioana.ciornei@nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-13dpaa2-switch: move FDB selection for join path into a helperIoana Ciornei
The dpaa2_switch_port_set_fdb() function handles the setup of the FDB for both changeupper cases: join and leave. Move the code block which handles the join path into a new helper - dpaa2_switch_fdb_for_join() - with the hope that the entire function will become easier to read and extend with other use cases in the future. This new helper just determines and returns what FDB should be used for a specific port, the cleanup of the old FDB and the actual setup in the per port structure remains in the dpaa2_switch_port_set_fdb() function. No changes in the actual behavior are intended. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Link: https://patch.msgid.link/20260610150912.1788482-4-ioana.ciornei@nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-13dpaa2-switch: factor out the FDB in-use check into a helperIoana Ciornei
The dpaa2_switch_port_set_fdb() function is hard to follow and open-coding the in-use check into it makes it even harder to read. Factor out that code block into a new helper - dpaa2_switch_fdb_in_use_by_others(). Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Link: https://patch.msgid.link/20260610150912.1788482-3-ioana.ciornei@nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-13dpaa2-switch: change dpaa2_switch_port_set_fdb() function prototypeIoana Ciornei
Since there dpaa2_switch_port_set_fdb() never fails and its return value was never checked, change its prototype to return void. Also, instead of determining if the DPAA2 port is joining or leaving an upper based on the value of the 'bridge_dev' parameter, add the 'linking' parameter to explicitly specify the action. Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com> Link: https://patch.msgid.link/20260610150912.1788482-2-ioana.ciornei@nxp.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-14spi: Fix mismatched DT property access typesRob Herring (Arm)
The SPI drivers read properties whose bindings use normal uint32 cells. Using boolean or u16 helpers makes the access look like a different DT encoding and causes the property checker to flag the call sites. Use presence checks for unsupported properties and read numeric cell properties through u32 helpers before assigning to driver fields. Assisted-by: Codex:gpt-5-5 Signed-off-by: Rob Herring (Arm) <robh@kernel.org> Link: https://patch.msgid.link/20260612215017.1884893-1-robh@kernel.org Signed-off-by: Mark Brown <broonie@kernel.org>
2026-06-13igc: fix typos in commentsMaximilian Pezzullo
Fix spelling errors in code comments: - igc_diag.c: 'autonegotioation' -> 'autonegotiation' - igc_main.c: 'revisons' -> 'revisions' (two occurrences) Signed-off-by: Maximilian Pezzullo <maximilianpezzullo@gmail.com> Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com> Reviewed-by: Joe Damato <joe@dama.to> Tested-by: Avigail Dahan <avigailx.dahan@intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> Link: https://patch.msgid.link/20260609213559.178657-16-anthony.l.nguyen@intel.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-13igb: fix typos in commentsMaximilian Pezzullo
Fix spelling errors in code comments: - e1000_nvm.c: 'likley' -> 'likely' - e1000_mac.c: 'auto-negotitation' -> 'auto-negotiation' - e1000_mbx.h: 'exra' -> 'extra' - e1000_defines.h: 'Aserted' -> 'Asserted' Signed-off-by: Maximilian Pezzullo <maximilianpezzullo@gmail.com> Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov@intel.com> Reviewed-by: Joe Damato <joe@dama.to> Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> Link: https://patch.msgid.link/20260609213559.178657-15-anthony.l.nguyen@intel.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-06-13e1000e: limit endianness conversion to boundary wordsAgalakov Daniil
[Why] In e1000_set_eeprom(), the eeprom_buff is allocated to hold a range of words. However, only the boundary words (the first and the last) are populated from the EEPROM if the write request is not word-aligned. The words in the middle of the buffer remain uninitialized because they are intended to be completely overwritten by the new data via memcpy(). The previous implementation had a loop that performed le16_to_cpus() on the entire buffer. This resulted in endianness conversion being performed on uninitialized memory for all interior words. Fix this by converting the endianness only for the boundary words immediately after they are successfully read from the EEPROM. Found by Linux Verification Center (linuxtesting.org) with SVACE. Co-developed-by: Iskhakov Daniil <dish@amicon.ru> Signed-off-by: Iskhakov Daniil <dish@amicon.ru> Signed-off-by: Agalakov Daniil <ade@amicon.ru> Tested-by: Avigail Dahan <avigailx.dahan@intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com> Link: https://patch.msgid.link/20260609213559.178657-14-anthony.l.nguyen@intel.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>