30bbcb4470
11735 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Linus Torvalds
|
38057e3236 |
soc: driver updates for 6.18
Lots of platform specific updates for Qualcomm SoCs, including a new TEE subsystem driver for the Qualcomm QTEE firmware interface. Added support for the Apple A11 SoC in drivers that are shared with the M1/M2 series, among more updates for those. Smaller platform specific driver updates for Renesas, ASpeed, Broadcom, Nvidia, Mediatek, Amlogic, TI, Allwinner, and Freescale SoCs. Driver updates in the cache controller, memory controller and reset controller subsystems. SCMI firmware updates to add more features and improve robustness. This includes support for having multiple SCMI providers in a single system. TEE subsystem support for protected DMA-bufs, allowing hardware to access memory areas that managed by the kernel but remain inaccessible from the CPU in EL1/EL0. -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmjdpaoACgkQmmx57+YA GNnBXA//QgmFXYGG7QfB825mt0orKZxpfpLcwvqO7hkWgbXtl7Gokw2lGYN6bwLu zvY4MQ/bVoZ8R5uTVmuaSHBRsttSen8mBf+V0vzsBM/DRRVxvIN/7TESrY3J7Dtx J5syHKIBiUtdkDebWWC6jIElczIBItsd03Ln4Xjjt8Vas5YOO4n44zFrPo+FwlN/ I6D2K86AiNZTtUCDMtB6VfJ6YtjYBWcWnJm7FXw/vE8FAXdZUnNWnZ8hbdQ5GaME JZGepUhONaOMUoGNZNaDGw511RdPhYzPjj9rCsIx2qdsRO9/4tJ8ccpW2aUMYh8c nA6w8Hj8jCwco6aYYrDUDV9uRtURDrmyJgTJBNLU05e/L+MuJ3IZNlzHFWlsxIAE vhyTdmg/P04ClQyixCl67IH/66F/0smX9C+1761LrD7GTdfR92KPl5W6q+DPBg/x yf+s2p3+f7ItV5XobKOrbf3w0xazeDb5o/EK8BufMx9vSe9bpzJ0gOf0CmNXEpyZ owAhbh6wXX1YwPcyA9LHv6gthyJwc/3fLu49ggMZP2rU01ccKOYn9H0cr7C8NVmy wEpJR0lp5aSw2oRkPkxB6sFmUohcpr8/OXGGJuvCXkYsUY1BEup4lewvbIWK4WoE c84kbbaHsjgFhe3IRlQw3G4KLYQT3jRtF7fH+gPx556BcI6K+lg= =mcZR -----END PGP SIGNATURE----- Merge tag 'soc-drivers-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull SoC driver updates from Arnd Bergmann: "Lots of platform specific updates for Qualcomm SoCs, including a new TEE subsystem driver for the Qualcomm QTEE firmware interface. Added support for the Apple A11 SoC in drivers that are shared with the M1/M2 series, among more updates for those. Smaller platform specific driver updates for Renesas, ASpeed, Broadcom, Nvidia, Mediatek, Amlogic, TI, Allwinner, and Freescale SoCs. Driver updates in the cache controller, memory controller and reset controller subsystems. SCMI firmware updates to add more features and improve robustness. This includes support for having multiple SCMI providers in a single system. TEE subsystem support for protected DMA-bufs, allowing hardware to access memory areas that managed by the kernel but remain inaccessible from the CPU in EL1/EL0" * tag 'soc-drivers-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (139 commits) soc/fsl/qbman: Use for_each_online_cpu() instead of for_each_cpu() soc: fsl: qe: Drop legacy-of-mm-gpiochip.h header from GPIO driver soc: fsl: qe: Change GPIO driver to a proper platform driver tee: fix register_shm_helper() pmdomain: apple: Add "apple,t8103-pmgr-pwrstate" dt-bindings: spmi: Add Apple A11 and T2 compatible serial: qcom-geni: Load UART qup Firmware from linux side spi: geni-qcom: Load spi qup Firmware from linux side i2c: qcom-geni: Load i2c qup Firmware from linux side soc: qcom: geni-se: Add support to load QUP SE Firmware via Linux subsystem soc: qcom: geni-se: Cleanup register defines and update copyright dt-bindings: qcom: se-common: Add QUP Peripheral-specific properties for I2C, SPI, and SERIAL bus Documentation: tee: Add Qualcomm TEE driver tee: qcom: enable TEE_IOC_SHM_ALLOC ioctl tee: qcom: add primordial object tee: add Qualcomm TEE driver tee: increase TEE_MAX_ARG_SIZE to 4096 tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF tee: add close_context to TEE driver operation ... |
||
|
Linus Torvalds
|
ea1c6c5925 |
spi: Updates for v6.18
There's one big core change in this release, Jonas Gorski has addressed
the issues with multiple chip selects which makes things more robust and
stable. Otherwise there's quite a bit of driver work, as well as some
new drivers several existing drivers have had quite a bit of work done
on them.
Possibly the most interesting thing is the VirtIO driver, this is
apparently useful for some automotive applications which want to keep as
small and robust a host system as they can, moving less critical
functionality into guests.
- James Clark has done some substantial updates on the Freescale DSPI
driver, porting in code from the BSP and building onm top of that to
fix some bugs and increase performance.
- Jonas Gorski has fixed the issues with handling multple chip selects,
making things more robust and scalable.
- Support for higher performance modes in the NXP FSPI driver from
Haibo Chen.
- Removal of the obsolete S3C2443 driver, the underlying SoC support
has been removed from the kernel.
- Support for Amlogic AL113L2, Atmel SAMA7D65 and SAM9x7 and for VirtIO
controllers.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmjacIwACgkQJNaLcl1U
h9CueQf/abv7rjoK4EbGeQBp3V3lQWAmB6en8SatMGf3ff8mKwsZLsePWYqpd8ir
e4Dk5mj+R6HYEDKdXg5SW6+5BpMyiiBkfJpUq7OMQg+86wOsBGHPuZw/65+sGc+R
hyy6AGf0YahmPiqeQVqJubYeqwWbFFCaOBWR3Q45aWhGQhRGG04vRESks1F247cl
EAuPhhBpS30o5NzhBanqW6s5scQ4dYFIIl/KTHZQyaRgG2lT4CvRObmhco+Yyl/O
4Mge0h/MMBx+UliuwQaPCp72h7DfA4iTeKdsnUYcfQW/OB3DZDye9HKN29k3CZyf
6brBp14ZZ+fvseg8GW/pAsT3YQIHwg==
=XwEA
-----END PGP SIGNATURE-----
Merge tag 'spi-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi updates from Mark Brown:
"There's one big core change in this release, Jonas Gorski has
addressed the issues with multiple chip selects which makes things
more robust and stable. Otherwise there's quite a bit of driver work,
as well as some new drivers several existing drivers have had quite a
bit of work done on them.
Possibly the most interesting thing is the VirtIO driver, this is
apparently useful for some automotive applications which want to keep
as small and robust a host system as they can, moving less critical
functionality into guests.
- James Clark has done some substantial updates on the Freescale DSPI
driver, porting in code from the BSP and building onm top of that
to fix some bugs and increase performance
- Jonas Gorski has fixed the issues with handling multple chip
selects, making things more robust and scalable
- Support for higher performance modes in the NXP FSPI driver from
Haibo Chen
- Removal of the obsolete S3C2443 driver, the underlying SoC support
has been removed from the kernel
- Support for Amlogic AL113L2, Atmel SAMA7D65 and SAM9x7 and for
VirtIO controllers"
* tag 'spi-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: (74 commits)
spi: ljca: Remove Wentong's e-mail address
spi: rename SPI_CS_CNT_MAX => SPI_DEVICE_CS_CNT_MAX
spi: reduce device chip select limit again
spi: don't check spi_controller::num_chipselect when parsing a dt device
spi: drop check for validity of device chip selects
spi: move unused device CS initialization to __spi_add_device()
spi: keep track of number of chipselects in spi_device
spi: fix return code when spi device has too many chipselects
SPI: Add virtio SPI driver
virtio-spi: Add virtio-spi.h
virtio: Add ID for virtio SPI
spi: rpc-if: Add resume support for RZ/G3E
spi: rpc-if: Drop deprecated SIMPLE_DEV_PM_OPS
spi: spi-qpic-snand: simplify clock handling by using devm_clk_get_enabled()
spi: spi-nxp-fspi: Add OCT-DTR mode support
spi: spi-nxp-fspi: add the support for sample data from DQS pad
spi: spi-nxp-fspi: Add the DDR LUT command support
spi: spi-nxp-fspi: set back to dll override mode when clock rate < 100MHz
spi: spi-nxp-fspi: extract function nxp_fspi_dll_override()
spi: atmel-quadspi: Add support for sama7d65 QSPI
...
|
||
|
Linus Torvalds
|
989253cc46 |
hwmon updates for v6.18-rc1
* New drivers - Driver for Kontron SMARC-sAM67 - Driver for GPD device sensors - Driver for MP29502 - Driver for MP2869, MP29608, MP29612 and MP29816 series * Added chip support to existing drivers - asus-ec-sensors: Add B650E-I Add PRIME Z270-A Add Pro WS WRX90E-SAGE SE Add ROG STRIX X670E-E GAMING WIFI Add ROG STRIX X870-I GAMING WIFI Add ROG STRIX X870E-E GAMING WIFI Add ROG STRIX Z690-E GAMING WIFI Add ROG STRIX Z790E GAMING WIFI II Add STRIX B850-I GAMING WIFI Add TUF GAMING X670E PLUS WIFI Add X670E-I GAMING WIFI Add Z790-I GAMING WIFI - dell-smm: Add support for Dell OptiPlex 7040 - ina238: Major cleanup, and Add support for INA700 Add support for INA780 - k10temp: Add device ID for Strix Halo Add support for AMD Family 1Ah-based models - lenovo-ec-sensors: Update P8 supprt - lm75: Add NXP P3T1750 support - pmbus/adm1275: Add sq24905c support - pmbus/isl68137: Add support for Renesas RAA228244 and RAA228246 - pmbus/mp5990: Add support for MP5998 - sht21: Add support for SHT20, SHT25 - sl28cpld: Add sa67mcu compatible * Other notable changes - core: Handle locking internally Introduce 64-bit energy attribute support - cros_ec: Register into thermal framework, improve PWM control - lm75: allow interrupt for ti,tmp75 - mlxreg-fan: Add support for new flavour of capability register - sbtsi_temp: AMD CPU extended temperature range support - sht21: Add devicetree support * Various other minor improvements and fixes -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEiHPvMQj9QTOCiqgVyx8mb86fmYEFAmjZ2VAACgkQyx8mb86f mYHegQ//YImjHnlWcRbr8meprHHezIkGDA0nJEzjsCSD7owq00sOC4w4BGXf7MPV d1rK0VbAU2Up53j4xZKr7PnHzUHFil/K/9hDBHFfYd6fr570ADdMnewRmVoKuSuR JBeV0308y0WbeAhNOaIIcGx3/4wMgQklvUycjOZKUgBC2jY/vnuwlgrt21a4rbB/ c5yNUEfqk9thZY/xOBbbrcvej0RXZ/naV+tRgVYQUo6Ep1CUynxOr2VCUbWxoQWh lnekEhJuylbIDodAZ405Cpn3AuqyVypbKBjAyGWSwl92KuoYyBGJnbk/GYokWvCH ftMlLF+HUbNRd75W3mwxZOuSX5tIps2NP8aQrdRdOxhF6Ln5b49R4NLI7ZqnOVzO syRo96J1joMIGwfRga/b8dqCLYZ45fX2VbfisdhrzZ0OM3e7yg3fVyJRbxubP+n6 VxCQPfFUQoLKGOAiBfCA5yYCDE+qFXT1HBKORhtUF/wZnq6X7rYMtC0ci0TfcKo0 Ar0s4xnxX2avFhySvuJL7snv01oOR/9SkCrKY4LqXETMSvNwTNQjLKGo0uly+Mxs bs63JFnLtA1BHXvPuFklxDMAqQ4KZZAz1AznePFV7uFRk2VRbzKf1GkS4S9jVlc+ 2/nKb2gWBVdtAqone0D0dC9EoFNZwGqCPuymyTgEkYkO0vgZ2qs= =jb6g -----END PGP SIGNATURE----- Merge tag 'hwmon-for-v6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon updates from Guenter Roeck: "New drivers: - Kontron SMARC-sAM67 - GPD device sensors - MP29502 - MP2869, MP29608, MP29612 and MP29816 series Added chip support to existing drivers: - asus-ec-sensors: Add B650E-I Add PRIME Z270-A Add Pro WS WRX90E-SAGE SE Add ROG STRIX X670E-E GAMING WIFI Add ROG STRIX X870-I GAMING WIFI Add ROG STRIX X870E-E GAMING WIFI Add ROG STRIX Z690-E GAMING WIFI Add ROG STRIX Z790E GAMING WIFI II Add STRIX B850-I GAMING WIFI Add TUF GAMING X670E PLUS WIFI Add X670E-I GAMING WIFI Add Z790-I GAMING WIFI - dell-smm: Add support for Dell OptiPlex 7040 - ina238: Major cleanup, and Add support for INA700 Add support for INA780 - k10temp: Add device ID for Strix Halo Add support for AMD Family 1Ah-based models - lenovo-ec-sensors: Update P8 supprt - lm75: Add NXP P3T1750 support - pmbus/adm1275: Add sq24905c support - pmbus/isl68137: Add support for Renesas RAA228244 and RAA228246 - pmbus/mp5990: Add support for MP5998 - sht21: Add support for SHT20, SHT25 - sl28cpld: Add sa67mcu compatible Other notable changes: - core: Handle locking internally Introduce 64-bit energy attribute support - cros_ec: Register into thermal framework, improve PWM control - lm75: allow interrupt for ti,tmp75 - mlxreg-fan: Add support for new flavour of capability register - sbtsi_temp: AMD CPU extended temperature range support - sht21: Add devicetree support Various other minor improvements and fixes" * tag 'hwmon-for-v6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: (86 commits) dt-bindings: hwmon: (lm75) allow interrupt for ti,tmp75 hwmon: (mlxreg-fan) Add support for new flavour of capability register hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems hwmon: (cros_ec) register fans into thermal framework cooling devices hwmon: (cros_ec) add PWM control over fans platform/chrome: update pwm fan control host commands hwmon: add SMARC-sAM67 support dt-bindings: hwmon: sl28cpld: add sa67mcu compatible hwmon: (asus-ec-sensors) add TUF GAMING X670E PLUS WIFI hwmon: (dell-smm) Add support for Dell OptiPlex 7040 hwmon: (dell-smm) Add support for automatic fan mode hwmon: (gpd-fan) complete Kconfig dependencies hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex hwmon: (asus-ec-sensors) add ROG STRIX X870E-E GAMING WIFI hwmon: (dell-smm) Move clamping of fan speed out of i8k_set_fan() hwmon: (dell-smm) Remove Dell Precision 490 custom config data hwmon: (asus-ec-sensors) add ROG STRIX X670E-E GAMING WIFI hwmon: (gpd-fan) Fix range check for pwm input hwmon: (pmbus/mp5990) add support for MP5998 dt-bindings: trivial-devices: add mps,mp5998 ... |
||
|
Linus Torvalds
|
ae28ed4578 |
bpf-next-6.18
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE+soXsSLHKoYyzcli6rmadz2vbToFAmjZH40ACgkQ6rmadz2v bTrG7w//X/5CyDoKIYJCqynYRdMtfqYuCe8Jhud4p5++iBVqkDyS6Y8EFLqZVyg/ UHTqaSE4Nz8/pma0WSjhUYn6Chs1AeH+Rw/g109SovE/YGkek2KNwY3o2hDrtPMX +oD0my8qF2HLKgEyteXXyZ5Ju+AaF92JFiGko4/wNTX8O99F9nyz2pTkrctS9Vl9 VwuTxrEXpmhqrhP3WCxkfNfcbs9HP+AALpgOXZKdMI6T4KI0N1gnJ0ZWJbiXZ8oT tug0MTPkNRidYMl0wHY2LZ6ZG8Q3a7Sgc+M0xFzaHGvGlJbBg1HjsDMtT6j34CrG TIVJ/O8F6EJzAnQ5Hio0FJk8IIgMRgvng5Kd5GXidU+mE6zokTyHIHOXitYkBQNH Hk+lGA7+E2cYqUqKvB5PFoyo+jlucuIH7YwrQlyGfqz+98n65xCgZKcmdVXr0hdB 9v3WmwJFtVIoPErUvBC3KRANQYhFk4eVk1eiGV/20+eIVyUuNbX6wqSWSA9uEXLy n5fm/vlk4RjZmrPZHxcJ0dsl9LTF1VvQQHkgoC1Sz/Cc+jA6k4I+ECVHAqEbk36p 1TUF52yPOD2ViaJKkj+962JaaaXlUn6+Dq7f1GMP6VuyHjz4gsI3mOo4XarqNdWd c7TnYmlGO/cGwqd4DdbmWiF1DDsrBcBzdbC8+FgffxQHLPXGzUg= =LeQi -----END PGP SIGNATURE----- Merge tag 'bpf-next-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next Pull bpf updates from Alexei Starovoitov: - Support pulling non-linear xdp data with bpf_xdp_pull_data() kfunc (Amery Hung) Applied as a stable branch in bpf-next and net-next trees. - Support reading skb metadata via bpf_dynptr (Jakub Sitnicki) Also a stable branch in bpf-next and net-next trees. - Enforce expected_attach_type for tailcall compatibility (Daniel Borkmann) - Replace path-sensitive with path-insensitive live stack analysis in the verifier (Eduard Zingerman) This is a significant change in the verification logic. More details, motivation, long term plans are in the cover letter/merge commit. - Support signed BPF programs (KP Singh) This is another major feature that took years to materialize. Algorithm details are in the cover letter/marge commit - Add support for may_goto instruction to s390 JIT (Ilya Leoshkevich) - Add support for may_goto instruction to arm64 JIT (Puranjay Mohan) - Fix USDT SIB argument handling in libbpf (Jiawei Zhao) - Allow uprobe-bpf program to change context registers (Jiri Olsa) - Support signed loads from BPF arena (Kumar Kartikeya Dwivedi and Puranjay Mohan) - Allow access to union arguments in tracing programs (Leon Hwang) - Optimize rcu_read_lock() + migrate_disable() combination where it's used in BPF subsystem (Menglong Dong) - Introduce bpf_task_work_schedule*() kfuncs to schedule deferred execution of BPF callback in the context of a specific task using the kernel’s task_work infrastructure (Mykyta Yatsenko) - Enforce RCU protection for KF_RCU_PROTECTED kfuncs (Kumar Kartikeya Dwivedi) - Add stress test for rqspinlock in NMI (Kumar Kartikeya Dwivedi) - Improve the precision of tnum multiplier verifier operation (Nandakumar Edamana) - Use tnums to improve is_branch_taken() logic (Paul Chaignon) - Add support for atomic operations in arena in riscv JIT (Pu Lehui) - Report arena faults to BPF error stream (Puranjay Mohan) - Search for tracefs at /sys/kernel/tracing first in bpftool (Quentin Monnet) - Add bpf_strcasecmp() kfunc (Rong Tao) - Support lookup_and_delete_elem command in BPF_MAP_STACK_TRACE (Tao Chen) * tag 'bpf-next-6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next: (197 commits) libbpf: Replace AF_ALG with open coded SHA-256 selftests/bpf: Add stress test for rqspinlock in NMI selftests/bpf: Add test case for different expected_attach_type bpf: Enforce expected_attach_type for tailcall compatibility bpftool: Remove duplicate string.h header bpf: Remove duplicate crypto/sha2.h header libbpf: Fix error when st-prefix_ops and ops from differ btf selftests/bpf: Test changing packet data from kfunc selftests/bpf: Add stacktrace map lookup_and_delete_elem test case selftests/bpf: Refactor stacktrace_map case with skeleton bpf: Add lookup_and_delete_elem for BPF_MAP_STACK_TRACE selftests/bpf: Fix flaky bpf_cookie selftest selftests/bpf: Test changing packet data from global functions with a kfunc bpf: Emit struct bpf_xdp_sock type in vmlinux BTF selftests/bpf: Task_work selftest cleanup fixes MAINTAINERS: Delete inactive maintainers from AF_XDP bpf: Mark kfuncs as __noclone selftests/bpf: Add kprobe multi write ctx attach test selftests/bpf: Add kprobe write ctx attach test selftests/bpf: Add uprobe context ip register change test ... |
||
|
Linus Torvalds
|
22bdd6e68b |
- Add functionality to provide runtime firmware updates for the non-x86 parts
of an AMD platform like the security processor (ASP) firmware, modules etc, for example. The intent being that these updates are interim, live fixups before a proper BIOS update can be attempted - Add guest support for AMD's Secure AVIC feature which gives encrypted guests the needed protection against a malicious hypervisor generating unexpected interrupts and injecting them into such guest, thus interfering with its operation in an unexpected and negative manner. The advantage of this scheme is that the guest determines which interrupts and when to accept them vs leaving that to the benevolence (or not) of the hypervisor - Strictly separate the startup code from the rest of the kernel where former is executed from the initial 1:1 mapping of memory. The problem was that the toolchain-generated version of the code was being executed from a different mapping of memory than what was "assumed" during code generation, needing an ever-growing pile of fixups for absolute memory references which are invalid in the early, 1:1 memory mapping during boot. The major advantage of this is that there's no need to check the 1:1 mapping portion of the code for absolute relocations anymore and get rid of the RIP_REL_REF() macro sprinkling all over the place. For more info, see Ard's very detailed writeup on this: https://lore.kernel.org/r/CAMj1kXEzKEuePEiHB%2BHxvfQbFz0sTiHdn4B%2B%2BzVBJ2mhkPkQ4Q@mail.gmail.com - The usual cleanups and fixes -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEzv7L6UO9uDPlPSfHEsHwGGHeVUoFAmjWaaMACgkQEsHwGGHe VUr/RBAAnfneG+5U7f5x+hYW68mwZu07eoQn02IW9WGb2xjV6LKYxzDqyEj/+l+x jgN77i1uhl/4sqqKBvUjFfgot1gQ0g6M2fok2eZscSf+AHZF+LfDJPl4dFheVENo KtPieu1yi2bA+stL9JgaKh0I1ELX40qebXeZY4H4rYVzokHG0H+CEcuhv6Es71bW 1C6efkZKHS3pAhlRUoa2MZagxnw+3mn9bfZDvSSNNM6I4qy9/CAPZlWw0jGrXKQX K/gjBI2KcoqK2bdJtCQsTvbrsuBedjkM6BZveAAhvOVCh6Aq6lnbqirJPJX8WJLq bIDAdsWGJ1vOzcgiPwT0e3qsfaTWep6MewcAQ/HnzrksH+IFb7J/l9awUgGY6LFh GzG7KPEKIWiLOxYFC+gLxRn8SWhcXHeY/fB8i5OOnhnikODWG4bJtM8F1MTQO4O1 u2UuZ+wNzgdatJDXmLK1eluyuhkIqCZ7Hd8kpE0Zr32rbipEvuxnUPSyMzfhDM9M +UJGm3C205vPU6doRG8X0+EosFGCyZcixQNXhOugmedT5g3XGHHoJtiLj2i29jLN Xi0npxh2hwBe6N+WcIRnOfonFTsp6wWYatWPnGWTChpe+OGj9ZISXpmxnFUVCSag spG1J+upBA7ck1exuwpS3ldNSiw/066iTxB7Ht02vbeQ4JXIF6M= =shVa -----END PGP SIGNATURE----- Merge tag 'x86_apic_for_v6.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 SEV and apic updates from Borislav Petkov: - Add functionality to provide runtime firmware updates for the non-x86 parts of an AMD platform like the security processor (ASP) firmware, modules etc, for example. The intent being that these updates are interim, live fixups before a proper BIOS update can be attempted - Add guest support for AMD's Secure AVIC feature which gives encrypted guests the needed protection against a malicious hypervisor generating unexpected interrupts and injecting them into such guest, thus interfering with its operation in an unexpected and negative manner. The advantage of this scheme is that the guest determines which interrupts and when to accept them vs leaving that to the benevolence (or not) of the hypervisor - Strictly separate the startup code from the rest of the kernel where former is executed from the initial 1:1 mapping of memory. The problem was that the toolchain-generated version of the code was being executed from a different mapping of memory than what was "assumed" during code generation, needing an ever-growing pile of fixups for absolute memory references which are invalid in the early, 1:1 memory mapping during boot. The major advantage of this is that there's no need to check the 1:1 mapping portion of the code for absolute relocations anymore and get rid of the RIP_REL_REF() macro sprinkling all over the place. For more info, see Ard's very detailed writeup on this [1] - The usual cleanups and fixes Link: https://lore.kernel.org/r/CAMj1kXEzKEuePEiHB%2BHxvfQbFz0sTiHdn4B%2B%2BzVBJ2mhkPkQ4Q@mail.gmail.com [1] * tag 'x86_apic_for_v6.18_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (49 commits) x86/boot: Drop erroneous __init annotation from early_set_pages_state() crypto: ccp - Add AMD Seamless Firmware Servicing (SFS) driver crypto: ccp - Add new HV-Fixed page allocation/free API x86/sev: Add new dump_rmp parameter to snp_leak_pages() API x86/startup/sev: Document the CPUID flow in the boot #VC handler objtool: Ignore __pi___cfi_ prefixed symbols x86/sev: Zap snp_abort() x86/apic/savic: Do not use snp_abort() x86/boot: Get rid of the .head.text section x86/boot: Move startup code out of __head section efistub/x86: Remap inittext read-execute when needed x86/boot: Create a confined code area for startup code x86/kbuild: Incorporate boot/startup/ via Kbuild makefile x86/boot: Revert "Reject absolute references in .head.text" x86/boot: Check startup code for absence of absolute relocations objtool: Add action to check for absence of absolute relocations x86/sev: Export startup routines for later use x86/sev: Move __sev_[get|put]_ghcb() into separate noinstr object x86/sev: Provide PIC aliases for SEV related data objects x86/boot: Provide PIC aliases for 5-level paging related constants ... |
||
|
Linus Torvalds
|
56a0810d8c |
audit/stable-6.18 PR 20250926
-----BEGIN PGP SIGNATURE----- iQJIBAABCgAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAmjWq5oUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXPTjRAAwYapnw+ZGdFtTGIDT63HtlKjCGHg DRR8J1RYWhxQL78dInjl7hlGPd4ULdpdF6zsh27X/8OsdFotw4NhDyPJwS1qWZv9 uBJMy/s1Qi1V/rrtDygLGgkQ9ICfl/hgVh3L+g9AXU8H9IapMULp33z+2ueFU4rA PXgXppgNQTOhIQml0tagY7iPlLaaI1uPv/Dbvt792CSrKZReC+uiDSQKD6SUy5oJ NBRs0emdCqbllo8Eo7wTGdfzUttsPWYHe7X9BGCMK2bHp0BpMnFBDtuipUAgjNE8 O16EkAtBMpEBW9VEFvDYW1jMFO7ccD8b09CbqPLdE7E0GeigTiODg+FdncKEpZn0 Dl4xPbIoPBHVrDHKFK3HcuEdUs0FZH3NpTLFRg0/nWbg3CfSOFq1ZKhSbwLTZ48V 2Iq22G0hIIl3yTEePSoR8xCSQkWf6hA1SVvzBqw5Xn1tnkdIUuM+KzeZUPKxCOiH r5b3ufrN5YMAcmc59q393sNuSMd7s97fohhK8/HouB93EcVNM2UjLEKVJnhMhYRE N21O17jwQG9F+OYTnmtMzuUF6yxwSAmkzQOg6F+lalJ8MECnNrZOEeyuA3d5ISi5 4ZrXHWw90qaDy9lCV1o0UwWt9na+WxeMCJNpI07h5V1k3x7BULiI6WeP7J1qnY9r YlLv/6Hgx29dtqE= =iQal -----END PGP SIGNATURE----- Merge tag 'audit-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit Pull audit updates from Paul Moore: - Proper audit support for multiple LSMs As the audit subsystem predated the work to enable multiple LSMs, some additional work was needed to support logging the different LSM labels for the subjects/tasks and objects on the system. Casey's patches add new auxillary records for subjects and objects that convey the additional labels. - Ensure fanotify audit events are always generated Generally speaking security relevant subsystems always generate audit events, unless explicitly ignored. However, up to this point fanotify events had been ignored by default, but starting with this pull request fanotify follows convention and generates audit events by default. - Replace an instance of strcpy() with strscpy() - Minor indentation, style, and comment fixes * tag 'audit-pr-20250926' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: fix skb leak when audit rate limit is exceeded audit: init ab->skb_list earlier in audit_buffer_alloc() audit: add record for multiple object contexts audit: add record for multiple task security contexts lsm: security_lsmblob_to_secctx module selection audit: create audit_stamp structure audit: add a missing tab audit: record fanotify event regardless of presence of rules audit: fix typo in auditfilter.c comment audit: Replace deprecated strcpy() with strscpy() audit: fix indentation in audit_log_exit() |
||
|
Linus Torvalds
|
18b19abc37 |
namespace-6.18-rc1
-----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCaNZQgQAKCRCRxhvAZXjc oiFXAQCpbLvkWbld9wLgxUBhq+q+kw5NvGxzpvqIhXwJB9F9YAEA44/Wevln4xGx +kRUbP+xlRQqenIYs2dLzVHzAwAdfQ4= =EO4Y -----END PGP SIGNATURE----- Merge tag 'namespace-6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs Pull namespace updates from Christian Brauner: "This contains a larger set of changes around the generic namespace infrastructure of the kernel. Each specific namespace type (net, cgroup, mnt, ...) embedds a struct ns_common which carries the reference count of the namespace and so on. We open-coded and cargo-culted so many quirks for each namespace type that it just wasn't scalable anymore. So given there's a bunch of new changes coming in that area I've started cleaning all of this up. The core change is to make it possible to correctly initialize every namespace uniformly and derive the correct initialization settings from the type of the namespace such as namespace operations, namespace type and so on. This leaves the new ns_common_init() function with a single parameter which is the specific namespace type which derives the correct parameters statically. This also means the compiler will yell as soon as someone does something remotely fishy. The ns_common_init() addition also allows us to remove ns_alloc_inum() and drops any special-casing of the initial network namespace in the network namespace initialization code that Linus complained about. Another part is reworking the reference counting. The reference counting was open-coded and copy-pasted for each namespace type even though they all followed the same rules. This also removes all open accesses to the reference count and makes it private and only uses a very small set of dedicated helpers to manipulate them just like we do for e.g., files. In addition this generalizes the mount namespace iteration infrastructure introduced a few cycles ago. As reminder, the vfs makes it possible to iterate sequentially and bidirectionally through all mount namespaces on the system or all mount namespaces that the caller holds privilege over. This allow userspace to iterate over all mounts in all mount namespaces using the listmount() and statmount() system call. Each mount namespace has a unique identifier for the lifetime of the systems that is exposed to userspace. The network namespace also has a unique identifier working exactly the same way. This extends the concept to all other namespace types. The new nstree type makes it possible to lookup namespaces purely by their identifier and to walk the namespace list sequentially and bidirectionally for all namespace types, allowing userspace to iterate through all namespaces. Looking up namespaces in the namespace tree works completely locklessly. This also means we can move the mount namespace onto the generic infrastructure and remove a bunch of code and members from struct mnt_namespace itself. There's a bunch of stuff coming on top of this in the future but for now this uses the generic namespace tree to extend a concept introduced first for pidfs a few cycles ago. For a while now we have supported pidfs file handles for pidfds. This has proven to be very useful. This extends the concept to cover namespaces as well. It is possible to encode and decode namespace file handles using the common name_to_handle_at() and open_by_handle_at() apis. As with pidfs file handles, namespace file handles are exhaustive, meaning it is not required to actually hold a reference to nsfs in able to decode aka open_by_handle_at() a namespace file handle. Instead the FD_NSFS_ROOT constant can be passed which will let the kernel grab a reference to the root of nsfs internally and thus decode the file handle. Namespaces file descriptors can already be derived from pidfds which means they aren't subject to overmount protection bugs. IOW, it's irrelevant if the caller would not have access to an appropriate /proc/<pid>/ns/ directory as they could always just derive the namespace based on a pidfd already. It has the same advantage as pidfds. It's possible to reliably and for the lifetime of the system refer to a namespace without pinning any resources and to compare them trivially. Permission checking is kept simple. If the caller is located in the namespace the file handle refers to they are able to open it otherwise they must hold privilege over the owning namespace of the relevant namespace. The namespace file handle layout is exposed as uapi and has a stable and extensible format. For now it simply contains the namespace identifier, the namespace type, and the inode number. The stable format means that userspace may construct its own namespace file handles without going through name_to_handle_at() as they are already allowed for pidfs and cgroup file handles" * tag 'namespace-6.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (65 commits) ns: drop assert ns: move ns type into struct ns_common nstree: make struct ns_tree private ns: add ns_debug() ns: simplify ns_common_init() further cgroup: add missing ns_common include ns: use inode initializer for initial namespaces selftests/namespaces: verify initial namespace inode numbers ns: rename to __ns_ref nsfs: port to ns_ref_*() helpers net: port to ns_ref_*() helpers uts: port to ns_ref_*() helpers ipv4: use check_net() net: use check_net() net-sysfs: use check_net() user: port to ns_ref_*() helpers time: port to ns_ref_*() helpers pid: port to ns_ref_*() helpers ipc: port to ns_ref_*() helpers cgroup: port to ns_ref_*() helpers ... |
||
|
Linus Torvalds
|
b7ce6fa90f |
vfs-6.18-rc1.misc
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCaNZQMQAKCRCRxhvAZXjc
omNLAQCgrwzd9sa1JTlixweu3OAxQlSEbLuMpEv7Ztm+B7Wz0AD9HtwPC44Kev03
GbMcB2DCFLC4evqYECj6IG7NBmoKsAs=
=1ICf
-----END PGP SIGNATURE-----
Merge tag 'vfs-6.18-rc1.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
Pull misc vfs updates from Christian Brauner:
"This contains the usual selections of misc updates for this cycle.
Features:
- Add "initramfs_options" parameter to set initramfs mount options.
This allows to add specific mount options to the rootfs to e.g.,
limit the memory size
- Add RWF_NOSIGNAL flag for pwritev2()
Add RWF_NOSIGNAL flag for pwritev2. This flag prevents the SIGPIPE
signal from being raised when writing on disconnected pipes or
sockets. The flag is handled directly by the pipe filesystem and
converted to the existing MSG_NOSIGNAL flag for sockets
- Allow to pass pid namespace as procfs mount option
Ever since the introduction of pid namespaces, procfs has had very
implicit behaviour surrounding them (the pidns used by a procfs
mount is auto-selected based on the mounting process's active
pidns, and the pidns itself is basically hidden once the mount has
been constructed)
This implicit behaviour has historically meant that userspace was
required to do some special dances in order to configure the pidns
of a procfs mount as desired. Examples include:
* In order to bypass the mnt_too_revealing() check, Kubernetes
creates a procfs mount from an empty pidns so that user
namespaced containers can be nested (without this, the nested
containers would fail to mount procfs)
But this requires forking off a helper process because you cannot
just one-shot this using mount(2)
* Container runtimes in general need to fork into a container
before configuring its mounts, which can lead to security issues
in the case of shared-pidns containers (a privileged process in
the pidns can interact with your container runtime process)
While SUID_DUMP_DISABLE and user namespaces make this less of an
issue, the strict need for this due to a minor uAPI wart is kind
of unfortunate
Things would be much easier if there was a way for userspace to
just specify the pidns they want. So this pull request contains
changes to implement a new "pidns" argument which can be set
using fsconfig(2):
fsconfig(procfd, FSCONFIG_SET_FD, "pidns", NULL, nsfd);
fsconfig(procfd, FSCONFIG_SET_STRING, "pidns", "/proc/self/ns/pid", 0);
or classic mount(2) / mount(8):
// mount -t proc -o pidns=/proc/self/ns/pid proc /tmp/proc
mount("proc", "/tmp/proc", "proc", MS_..., "pidns=/proc/self/ns/pid");
Cleanups:
- Remove the last references to EXPORT_OP_ASYNC_LOCK
- Make file_remove_privs_flags() static
- Remove redundant __GFP_NOWARN when GFP_NOWAIT is used
- Use try_cmpxchg() in start_dir_add()
- Use try_cmpxchg() in sb_init_done_wq()
- Replace offsetof() with struct_size() in ioctl_file_dedupe_range()
- Remove vfs_ioctl() export
- Replace rwlock() with spinlock in epoll code as rwlock causes
priority inversion on preempt rt kernels
- Make ns_entries in fs/proc/namespaces const
- Use a switch() statement() in init_special_inode() just like we do
in may_open()
- Use struct_size() in dir_add() in the initramfs code
- Use str_plural() in rd_load_image()
- Replace strcpy() with strscpy() in find_link()
- Rename generic_delete_inode() to inode_just_drop() and
generic_drop_inode() to inode_generic_drop()
- Remove unused arguments from fcntl_{g,s}et_rw_hint()
Fixes:
- Document @name parameter for name_contains_dotdot() helper
- Fix spelling mistake
- Always return zero from replace_fd() instead of the file descriptor
number
- Limit the size for copy_file_range() in compat mode to prevent a
signed overflow
- Fix debugfs mount options not being applied
- Verify the inode mode when loading it from disk in minixfs
- Verify the inode mode when loading it from disk in cramfs
- Don't trigger automounts with RESOLVE_NO_XDEV
If openat2() was called with RESOLVE_NO_XDEV it didn't traverse
through automounts, but could still trigger them
- Add FL_RECLAIM flag to show_fl_flags() macro so it appears in
tracepoints
- Fix unused variable warning in rd_load_image() on s390
- Make INITRAMFS_PRESERVE_MTIME depend on BLK_DEV_INITRD
- Use ns_capable_noaudit() when determining net sysctl permissions
- Don't call path_put() under namespace semaphore in listmount() and
statmount()"
* tag 'vfs-6.18-rc1.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs: (38 commits)
fcntl: trim arguments
listmount: don't call path_put() under namespace semaphore
statmount: don't call path_put() under namespace semaphore
pid: use ns_capable_noaudit() when determining net sysctl permissions
fs: rename generic_delete_inode() and generic_drop_inode()
init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD
initramfs: Replace strcpy() with strscpy() in find_link()
initrd: Use str_plural() in rd_load_image()
initramfs: Use struct_size() helper to improve dir_add()
initrd: Fix unused variable warning in rd_load_image() on s390
fs: use the switch statement in init_special_inode()
fs/proc/namespaces: make ns_entries const
filelock: add FL_RECLAIM to show_fl_flags() macro
eventpoll: Replace rwlock with spinlock
selftests/proc: add tests for new pidns APIs
procfs: add "pidns" mount option
pidns: move is-ancestor logic to helper
openat2: don't trigger automounts with RESOLVE_NO_XDEV
namei: move cross-device check to __traverse_mounts
namei: remove LOOKUP_NO_XDEV check from handle_mounts
...
|
||
|
Linus Torvalds
|
4ff71af020 |
Including fixes from Bluetooth, IPsec and CAN.
No known regressions at this point.
Current release - regressions:
- xfrm: xfrm_alloc_spi shouldn't use 0 as SPI
Previous releases - regressions:
- xfrm: fix offloading of cross-family tunnels
- bluetooth: fix several races leading to UaFs
- dsa: lantiq_gswip: fix FDB entries creation for the CPU port
- eth: tun: update napi->skb after XDP process
- eth: mlx: fix UAF in flow counter release
Previous releases - always broken:
- core: forbid FDB status change while nexthop is in a group
- smc: fix warning in smc_rx_splice() when calling get_page()
- can: provide missing ndo_change_mtu(), to prevent buffer overflow.
- eth: i40e: fix VF config validation
- eth: broadcom: fix support for PTP_EXTTS_REQUEST2 ioctl
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEEg1AjqC77wbdLX2LbKSR5jcyPE6QFAmjVKrYSHHBhYmVuaUBy
ZWRoYXQuY29tAAoJECkkeY3MjxOkttwQAIErYmSE3aGyQ2ps9iDYFzM0BJyE2dZg
BfZDdpL3PiRJkckltGzQSE4/Lw4ypIIxDuWrXmjbaaMwg7j6Y1hIe1KS81NnptyR
2slfubXVWsmO6KVl9UHauxnsewCbozTemWI+2bRf6Urc2j8OpAkyHCPWT2NBzFv2
U7ykcSLGDqrMa0NH3UD+ymmGfpdZe0x9RFzkBTUQIxS/Oo7EgGD3jgY0h85n04C5
bTTOeWbMopS10L0Ow79xH4MnT4iPenxW7ABRhMwyres4Mm9WA39nP6Iep8VtmCKX
51xLK4NBvPR0OMipJZj3hD+5RCWsLeGW+AVY3HoMPDSvetxjDlPcLJ1yMW6zP4Qa
ZwW1OhMTSqSGviJ+9NSb849I+RRLcIs5206dXYfRLTXZl/DTcBvYCcFsh0QohHOa
OYXarf9wXK2kekNukJY5isqgvNNZWsah4Mvjv4NcjF9xxg9NHQaD0QRI6NyFQAU+
4OfH1bzCV20hLiUjEI3U5t+EN9gJl5bNloEmHPkgW7NnkRoobjnCRwzTMY+UeF57
55P4AmD6gAHSSE7ZtaHRLt5ZV4TP7ySYWDEgRCXA/DgtdsQLPUhB4sw6xkz7j1a+
3k9AeSXu87khyXpqRxI/lPb+xqZ52wPHhlRwDlKD3dLnCd+y+YuT7+dLlvnrPNEF
pYsu6LF0yTQY
=M0Pd
-----END PGP SIGNATURE-----
Merge tag 'net-6.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Pull networking fixes from Paolo Abeni:
"Including fixes from Bluetooth, IPsec and CAN.
No known regressions at this point.
Current release - regressions:
- xfrm: xfrm_alloc_spi shouldn't use 0 as SPI
Previous releases - regressions:
- xfrm: fix offloading of cross-family tunnels
- bluetooth: fix several races leading to UaFs
- dsa: lantiq_gswip: fix FDB entries creation for the CPU port
- eth:
- tun: update napi->skb after XDP process
- mlx: fix UAF in flow counter release
Previous releases - always broken:
- core: forbid FDB status change while nexthop is in a group
- smc: fix warning in smc_rx_splice() when calling get_page()
- can: provide missing ndo_change_mtu(), to prevent buffer overflow.
- eth:
- i40e: fix VF config validation
- broadcom: fix support for PTP_EXTTS_REQUEST2 ioctl"
* tag 'net-6.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (40 commits)
octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()
net: dsa: lantiq_gswip: suppress -EINVAL errors for bridge FDB entries added to the CPU port
net: dsa: lantiq_gswip: move gswip_add_single_port_br() call to port_setup()
libie: fix string names for AQ error codes
net/mlx5e: Fix missing FEC RS stats for RS_544_514_INTERLEAVED_QUAD
net/mlx5: HWS, ignore flow level for multi-dest table
net/mlx5: fs, fix UAF in flow counter release
selftests: fib_nexthops: Add test cases for FDB status change
selftests: fib_nexthops: Fix creation of non-FDB nexthops
nexthop: Forbid FDB status change while nexthop is in a group
net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS
bnxt_en: correct offset handling for IPv6 destination address
ptp: document behavior of PTP_STRICT_FLAGS
broadcom: fix support for PTP_EXTTS_REQUEST2 ioctl
broadcom: fix support for PTP_PEROUT_DUTY_CYCLE
Bluetooth: MGMT: Fix possible UAFs
Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue
Bluetooth: hci_sync: Fix hci_resume_advertising_sync
Bluetooth: Fix build after header cleanup
...
|
||
|
Linus Torvalds
|
93a2744561 |
virtio,vhost: last minute fixes
More small fixes. Most notably this fixes crashes and hangs in vhost-net. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> -----BEGIN PGP SIGNATURE----- iQFDBAABCgAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmjQcdAPHG1zdEByZWRo YXQuY29tAAoJECgfDbjSjVRpXMAH/A2lEeCVLnz15Depf4OK0qbldynTA0epbtc0 zdjDpyoMZ9qk7oeYl/vZhYQtBTjGXtzTcmHcIJucHA44vGTuRCDuR6tuUeatE6aS 1NoqhtFc2kzes/gTwkMmnM5woogOfOzLyyiEktP3f/e22srHQfVxYmC5Xr+/NcHy 3j4yeV9M9PKDuX9UDYHXA0x41z9pu5tkcDtLC9nJLiYuDllrQAs7CvIsqkCiVpG5 IX2IoESl32egLzuJAtYguBTF+ckJNtg2+qOuXwXfmP/HdU+ygXq8u9iv21pG8897 nkUwiKN9j9q4Csmhfw8ma3Y4tK7BoomYt4ndnAt1R7M+dkqherA= =0APL -----END PGP SIGNATURE----- Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio fixes from Michael Tsirkin: "virtio,vhost: last minute fixes More small fixes. Most notably this fixes crashes and hangs in vhost-net" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: MAINTAINERS, mailmap: Update address for Peter Hilber virtio_config: clarify output parameters uapi: vduse: fix typo in comment vhost: Take a reference on the task in struct vhost_task. vhost-net: flush batched before enabling notifications Revert "vhost/net: Defer TX queue re-enable until after sendmsg" vhost-net: unbreak busy polling vhost-scsi: fix argument order in tport allocation error message |
||
|
Armin Wolf
|
1c1658058c |
hwmon: (dell-smm) Add support for automatic fan mode
Many machines treat fan state 3 as some sort of automatic mode, which is superior to the separate SMM calls for switching to automatic fan mode for two reasons: - the fan control mode can be controlled for each fan separately - the current fan control mode can be retrieved from the BIOS On some machines however, this special fan state does not exist. Fan state 3 acts like a regular fan state on such machines or does not exist at all. Such machines usually use separate SMM calls for enabling/disabling automatic fan control. Add support for it. If the machine supports separate SMM calls for changing the fan control mode, then the other interface is ignored. Signed-off-by: Armin Wolf <W_Armin@gmx.de> Link: https://lore.kernel.org/r/20250917181036.10972-4-W_Armin@gmx.de Signed-off-by: Guenter Roeck <linux@roeck-us.net> |
||
|
Arnd Bergmann
|
ff0bebab77 |
Add Qualcomm TEE driver (QTEE)
This introduces a Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) and services to run securely. It uses an object-based interface, where each service is an object with sets of operations. Kernel and userspace services are also available to QTEE through a similar approach. QTEE makes callback requests that are converted into object invocations. These objects can represent services within the kernel or userspace process. We extend the TEE subsystem to understand object parameters and an ioctl call so client can invoke objects in QTEE: - TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_* - TEE_IOC_OBJECT_INVOKE The existing ioctl calls TEE_IOC_SUPPL_RECV and TEE_IOC_SUPPL_SEND are used for invoking services in the userspace process by QTEE. The TEE backend driver uses the QTEE Transport Message to communicate with QTEE. Interactions through the object INVOKE interface are translated into QTEE messages. Likewise, object invocations from QTEE for userspace objects are converted into SEND/RECV ioctl calls to supplicants. -----BEGIN PGP SIGNATURE----- iQJOBAABCgA4FiEE0qerISgy2SKkqO79Wr/6JGat8H4FAmjIS8AaHGplbnMud2lr bGFuZGVyQGxpbmFyby5vcmcACgkQWr/6JGat8H4Wzg/+KnIx5XCYpj1QmL2H8vz5 dkqB5+QEHfaUIKxUrbk7X/Gow7ZTO8IuDPaiWPSIaGhOosio7fr9J6SdGWySSvBw qXazPLgRP7tvhhUA8H1zGO6J9GSGIGENtzRyeK9QzglmkBQcoK9fLRH7StGiwFdP f3NKPIx3YZKKL5+I4Xe8J0jvLZmiJW59cSj7m1sfDbPobuLLEKff4VFd4NSv8ufc JKpxlxwa3xCtpjNsDJFNlpRwtO0YvF10V3xlDtRGZQs7Gq/dbOA48koA0EqZtTc9 Yhigl+F4gjleQcrpVT2QM7qJt8fdmuR77FI67YQCmr1cqY1pT/gT3l3Fri0Ok3XU Yl+EBI32QLFTjJeGvoEehaEhhpJsWJaLDNDgOV9gDJfZoJK3UgYVjUFwWlVF8Xju 6iplkDBGpexogjDXoBo8vZEP+/EGwr+cGhWvokLymZCe8R8tfmbA4KkU1mhxo3ma eHleGKKghC78xQzUc7gwt0pVJm4FY+uoCzbdV/S/i5j5Kn6l4un5lkUOzXH6D7lj HBLExWqL8nxc7mC0Zxtvcd58FiVbLgjEmgMQEGOTliuO8/BXxKU1OJeyNGd4D9vz 8F2vwBSgyCcrpkx1MmDC2NxYPzUOQ58ct6z07UxlpUCcBgCXlnrRBMjX1k8CwJpn BkiizW+aj53HRTQlWlBZLp0= =+Jqo -----END PGP SIGNATURE----- gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmjTDEkACgkQmmx57+YA GNk5ww//TTwhmt8/XMNbozvUHYvz2/BsJJ9jVlFZUp9nuf7nVkDESGiNAvj439Fy xSwnFKjplRxDwLWixsi92QSF60VfhTm3pQ7ggsga/5IoHr+R2l0L2aMzkZUl4jKX y6pCg9A/FE1D87AfOh4dzuagddkwzOf1CEcJlE95t7NH9uome3QdsIzmc7/yg/MV 01xq+30YaSRNbGxiQkmIqChU8bJBFqaH+ygPWZVyAX0gzk9nQHhzNgvbsi8v0Otv iFNO3/VF7uzsv2Q8Qx0unIBq6kJIxhHC3K3M1TXHJKRtax8N/8M6UVVkdfshes5+ reg0CIsOEQ9FqevyabEkirtiwvCF61knmhkKJjCnysd+18PCzLjxnNEVtY+tUomH sFI++U5MLuybfCAx4jqjW9dEUrLNiGF8sbJTkQ4ToBjRJR1YihT9aBHeoH7OCKfb izS03PlJqDAK7qGH7PTjabi/YmYujizxVrh29CsP3Lk0FfB5m2h2dsX1gr9Z9V5d hq0z8nAsh6UJt26Nfq2+hhMaC4AiBn4foc+YaCx/Z8pf9pejzEu/NxRNox05LZem EThVNRF1zTtI+0SCHGDAwV3Tuj/uuvrOl9FkcdPbP0kFErsW8b5zwZWIDvzqc2FT L39E/C91Ptoe9ZpmCAfnyzKcfI6FeEfXwtMsLcagHsm6pcVbfyc= =BBL5 -----END PGP SIGNATURE----- Merge tag 'tee-qcomtee-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into soc/drivers Add Qualcomm TEE driver (QTEE) This introduces a Trusted Execution Environment (TEE) driver for Qualcomm TEE (QTEE). QTEE enables Trusted Applications (TAs) and services to run securely. It uses an object-based interface, where each service is an object with sets of operations. Kernel and userspace services are also available to QTEE through a similar approach. QTEE makes callback requests that are converted into object invocations. These objects can represent services within the kernel or userspace process. We extend the TEE subsystem to understand object parameters and an ioctl call so client can invoke objects in QTEE: - TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_* - TEE_IOC_OBJECT_INVOKE The existing ioctl calls TEE_IOC_SUPPL_RECV and TEE_IOC_SUPPL_SEND are used for invoking services in the userspace process by QTEE. The TEE backend driver uses the QTEE Transport Message to communicate with QTEE. Interactions through the object INVOKE interface are translated into QTEE messages. Likewise, object invocations from QTEE for userspace objects are converted into SEND/RECV ioctl calls to supplicants. * tag 'tee-qcomtee-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee: Documentation: tee: Add Qualcomm TEE driver tee: qcom: enable TEE_IOC_SHM_ALLOC ioctl tee: qcom: add primordial object tee: add Qualcomm TEE driver tee: increase TEE_MAX_ARG_SIZE to 4096 tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF tee: add close_context to TEE driver operation tee: allow a driver to allocate a tee_device without a pool Link: https://lore.kernel.org/r/20250915174957.GA2040478@rayden Signed-off-by: Arnd Bergmann <arnd@arndb.de> |
||
|
Mykyta Yatsenko
|
5c8fd7e2b5 |
bpf: bpf task work plumbing
This patch adds necessary plumbing in verifier, syscall and maps to support handling new kfunc bpf_task_work_schedule and kernel structure bpf_task_work. The idea is similar to how we already handle bpf_wq and bpf_timer. verifier changes validate calls to bpf_task_work_schedule to make sure it is safe and expected invariants hold. btf part is required to detect bpf_task_work structure inside map value and store its offset, which will be used in the next patch to calculate key and value addresses. arraymap and hashtab changes are needed to handle freeing of the bpf_task_work: run code needed to deinitialize it, for example cancel task_work callback if possible. The use of bpf_task_work and proper implementation for kfuncs are introduced in the next patch. Signed-off-by: Mykyta Yatsenko <yatsenko@meta.com> Acked-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/r/20250923112404.668720-6-mykyta.yatsenko5@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Mark Brown
|
2bfb20b65d
|
spi: rpc-if: Add resume support for RZ/G3E
Merge series from Biju Das <biju.das.jz@bp.renesas.com>: On RZ/G3E using PSCI, s2ram powers down the SoC. After resume, reinitialize the hardware for SPI operations. Also Replace the macro SIMPLE_DEV_PM_OPS->DEFINE_SIMPLE_DEV_PM_OPS macro and use pm_sleep_ptr(). This lets us drop the check for CONFIG_PM_SLEEP and __maybe_unused attribute from PM functions. |
||
|
KP Singh
|
3492715683 |
bpf: Implement signature verification for BPF programs
This patch extends the BPF_PROG_LOAD command by adding three new fields
to `union bpf_attr` in the user-space API:
- signature: A pointer to the signature blob.
- signature_size: The size of the signature blob.
- keyring_id: The serial number of a loaded kernel keyring (e.g.,
the user or session keyring) containing the trusted public keys.
When a BPF program is loaded with a signature, the kernel:
1. Retrieves the trusted keyring using the provided `keyring_id`.
2. Verifies the supplied signature against the BPF program's
instruction buffer.
3. If the signature is valid and was generated by a key in the trusted
keyring, the program load proceeds.
4. If no signature is provided, the load proceeds as before, allowing
for backward compatibility. LSMs can chose to restrict unsigned
programs and implement a security policy.
5. If signature verification fails for any reason,
the program is not loaded.
Tested-by: syzbot@syzkaller.appspotmail.com
Signed-off-by: KP Singh <kpsingh@kernel.org>
Link: https://lore.kernel.org/r/20250921160120.9711-2-kpsingh@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
|
||
|
Jacob Keller
|
cd875625b4 |
ptp: document behavior of PTP_STRICT_FLAGS
Commit 6138e687c7b6 ("ptp: Introduce strict checking of external time stamp
options.") added the PTP_STRICT_FLAGS to the set of flags supported for the
external timestamp request ioctl.
It is only supported by PTP_EXTTS_REQUEST2, as it was introduced the
introduction of the new ioctls. Further, the kernel has always set this
flag for PTP_EXTTS_REQUEST2 regardless of whether or not the user requested
the behavior.
This effectively means that the flag is not useful for userspace. If the
user issues a PTP_EXTTS_REQUEST ioctl, the flag is ignored due to not being
supported on the old ioctl. If the user issues a PTP_EXTTS_REQUEST2 ioctl,
the flag will be set by the kernel regardless of whether the user set the
flag in their structure.
Add a comment documenting this behavior in the uAPI header file.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Reviewed-by: Kory Maincent <kory.maincent@bootlin.com>
Tested-by: James Clark <jjc@jclark.com>
Link: https://patch.msgid.link/20250918-jk-fix-bcm-phy-supported-flags-v1-3-747b60407c9c@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
||
|
Haixu Cui
|
6a1f3390fa
|
virtio-spi: Add virtio-spi.h
Add virtio-spi.h header for virtio SPI. Signed-off-by: Haixu Cui <quic_haixcui@quicinc.com> Link: https://patch.msgid.link/20250908092348.1283552-3-quic_haixcui@quicinc.com Signed-off-by: Mark Brown <broonie@kernel.org> |
||
|
Haixu Cui
|
d9a2211dd3
|
virtio: Add ID for virtio SPI
Add VIRTIO_ID_SPI definition for virtio SPI. Signed-off-by: Haixu Cui <quic_haixcui@quicinc.com> Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Link: https://patch.msgid.link/20250908092348.1283552-2-quic_haixcui@quicinc.com Signed-off-by: Mark Brown <broonie@kernel.org> |
||
|
Ashwini Sahu
|
d6d673dd1e |
uapi: vduse: fix typo in comment
Fix a spelling mistake in vduse.h: "regsion" → "region" in the documentation for struct vduse_iova_info. No functional change. Signed-off-by: Ashwini Sahu <ashwini@wisig.com> Message-Id: <20250908095645.610336-1-ashwini@wisig.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
||
|
Christian Brauner
|
cc47f43427
|
nsfs: add inode number for anon namespace
Add an inode number anonymous namespaces. Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Christian Brauner <brauner@kernel.org> |
||
|
Christian Brauner
|
f861225b9e
|
nsfs: add missing id retrieval support
The mount namespace has supported id retrieval for a while already. Add support for the other types as well. Signed-off-by: Christian Brauner <brauner@kernel.org> |
||
|
Christian Brauner
|
e83f0b5d10
|
nsfs: support exhaustive file handles
Pidfd file handles are exhaustive meaning they don't require a handle on another pidfd to pass to open_by_handle_at() so it can derive the filesystem to decode in. Instead it can be derived from the file handle itself. The same is possible for namespace file handles. Reviewed-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Christian Brauner <brauner@kernel.org> |
||
|
Christian Brauner
|
5222470b2f
|
nsfs: support file handles
A while ago we added support for file handles to pidfs so pidfds can be encoded and decoded as file handles. Userspace has adopted this quickly and it's proven very useful. Implement file handles for namespaces as well. A process is not always able to open /proc/self/ns/. That requires procfs to be mounted and for /proc/self/ or /proc/self/ns/ to not be overmounted. However, userspace can always derive a namespace fd from a pidfd. And that always works for a task's own namespace. There's no need to introduce unnecessary behavioral differences between /proc/self/ns/ fds, pidfd-derived namespace fds, and file-handle-derived namespace fds. So namespace file handles are always decodable if the caller is located in the namespace the file handle refers to. This also allows a task to e.g., store a set of file handles to its namespaces in a file on-disk so it can verify when it gets rexeced that they're still valid and so on. This is akin to the pidfd use-case. Or just plainly for namespace comparison reasons where a file handle to the task's own namespace can be easily compared against others. Reviewed-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Christian Brauner <brauner@kernel.org> |
||
|
KP Singh
|
ea2e6467ac |
bpf: Return hashes of maps in BPF_OBJ_GET_INFO_BY_FD
Currently only array maps are supported, but the implementation can be extended for other maps and objects. The hash is memoized only for exclusive and frozen maps as their content is stable until the exclusive program modifies the map. This is required for BPF signing, enabling a trusted loader program to verify a map's integrity. The loader retrieves the map's runtime hash from the kernel and compares it against an expected hash computed at build time. Signed-off-by: KP Singh <kpsingh@kernel.org> Link: https://lore.kernel.org/r/20250914215141.15144-7-kpsingh@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
KP Singh
|
baefdbdf68 |
bpf: Implement exclusive map creation
Exclusive maps allow maps to only be accessed by program with a program with a matching hash which is specified in the excl_prog_hash attr. For the signing use-case, this allows the trusted loader program to load the map and verify the integrity Signed-off-by: KP Singh <kpsingh@kernel.org> Link: https://lore.kernel.org/r/20250914215141.15144-3-kpsingh@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Ashish Kalra
|
648dbccc03 |
crypto: ccp - Add AMD Seamless Firmware Servicing (SFS) driver
AMD Seamless Firmware Servicing (SFS) is a secure method to allow non-persistent updates to running firmware and settings without requiring BIOS reflash and/or system reset. SFS does not address anything that runs on the x86 processors and it can be used to update ASP firmware, modules, register settings and update firmware for other microprocessors like TMPM, etc. SFS driver support adds ioctl support to communicate the SFS commands to the ASP/PSP by using the TEE mailbox interface. The Seamless Firmware Servicing (SFS) driver is added as a PSP sub-device. For detailed information, please look at the SFS specifications: https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/58604.pdf Signed-off-by: Ashish Kalra <ashish.kalra@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Link: https://lore.kernel.org/cover.1758057691.git.ashish.kalra@amd.com |
||
|
Matthieu Baerts (NGI0)
|
2293c57484 |
mptcp: pm: nl: announce deny-join-id0 flag
During the connection establishment, a peer can tell the other one that it cannot establish new subflows to the initial IP address and port by setting the 'C' flag [1]. Doing so makes sense when the sender is behind a strict NAT, operating behind a legacy Layer 4 load balancer, or using anycast IP address for example. When this 'C' flag is set, the path-managers must then not try to establish new subflows to the other peer's initial IP address and port. The in-kernel PM has access to this info, but the userspace PM didn't. The RFC8684 [1] is strict about that: (...) therefore the receiver MUST NOT try to open any additional subflows toward this address and port. So it is important to tell the userspace about that as it is responsible for the respect of this flag. When a new connection is created and established, the Netlink events now contain the existing but not currently used 'flags' attribute. When MPTCP_PM_EV_FLAG_DENY_JOIN_ID0 is set, it means no other subflows to the initial IP address and port -- info that are also part of the event -- can be established. Link: https://datatracker.ietf.org/doc/html/rfc8684#section-3.1-20.6 [1] Fixes: 702c2f646d42 ("mptcp: netlink: allow userspace-driven subflow establishment") Reported-by: Marek Majkowski <marek@cloudflare.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/532 Reviewed-by: Mat Martineau <martineau@kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org> Link: https://patch.msgid.link/20250912-net-mptcp-pm-uspace-deny_join_id0-v1-2-40171884ade8@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
|
Amirreza Zarrabi
|
d6e290837e |
tee: add Qualcomm TEE driver
Introduce qcomtee_object, which represents an object in both QTEE and the kernel. QTEE clients can invoke an instance of qcomtee_object to access QTEE services. If this invocation produces a new object in QTEE, an instance of qcomtee_object will be returned. Similarly, QTEE can request services from by issuing a callback request, which invokes an instance of qcomtee_object. Implement initial support for exporting qcomtee_object to userspace and QTEE, enabling the invocation of objects hosted in QTEE and userspace through the TEE subsystem. Tested-by: Neil Armstrong <neil.armstrong@linaro.org> Tested-by: Harshal Dev <quic_hdev@quicinc.com> Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
|
Amirreza Zarrabi
|
bd51393068 |
tee: increase TEE_MAX_ARG_SIZE to 4096
Increase TEE_MAX_ARG_SIZE to accommodate worst-case scenarios where additional buffer space is required to pass all arguments to TEE. This change is necessary for upcoming support for Qualcomm TEE, which requires a larger buffer for argument marshaling. Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Tested-by: Harshal Dev <quic_hdev@quicinc.com> Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
|
Amirreza Zarrabi
|
d5b8b0fa17 |
tee: add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF
The TEE subsystem allows session-based access to trusted services, requiring a session to be established to receive a service. This is not suitable for an environment that represents services as objects. An object supports various operations that a client can invoke, potentially generating a result or a new object that can be invoked independently of the original object. Add TEE_IOCTL_PARAM_ATTR_TYPE_OBJREF_INPUT/OUTPUT/INOUT to represent an object. Objects may reside in either TEE or userspace. To invoke an object in TEE, introduce a new ioctl. Use the existing SUPPL_RECV and SUPPL_SEND to invoke an object in userspace. Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Tested-by: Neil Armstrong <neil.armstrong@linaro.org> Tested-by: Harshal Dev <quic_hdev@quicinc.com> Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
|
Amirreza Zarrabi
|
54a53e95a9 |
tee: add TEE_IOCTL_PARAM_ATTR_TYPE_UBUF
For drivers that can transfer data to the TEE without using shared memory from client, it is necessary to receive the user address directly, bypassing any processing by the TEE subsystem. Introduce TEE_IOCTL_PARAM_ATTR_TYPE_UBUF_INPUT/OUTPUT/INOUT to represent userspace buffers. Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Tested-by: Neil Armstrong <neil.armstrong@linaro.org> Tested-by: Harshal Dev <quic_hdev@quicinc.com> Signed-off-by: Amirreza Zarrabi <amirreza.zarrabi@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
|
Arnd Bergmann
|
820429d53b |
TEE protected DMA-bufs for v6.18
- Allocates protected DMA-bufs from a DMA-heap instantiated from the TEE subsystem. - The DMA-heap uses a protected memory pool provided by the backend TEE driver, allowing it to choose how to allocate the protected physical memory. - Three use-cases (Secure Video Playback, Trusted UI, and Secure Video Recording) have been identified so far to serve as examples of what can be expected. - The use-cases have predefined DMA-heap names, "protected,secure-video", "protected,trusted-ui", and "protected,secure-video-record". The backend driver registers protected memory pools for the use-cases it supports. -----BEGIN PGP SIGNATURE----- iQJOBAABCgA4FiEE0qerISgy2SKkqO79Wr/6JGat8H4FAmjD5vIaHGplbnMud2lr bGFuZGVyQGxpbmFyby5vcmcACgkQWr/6JGat8H7nMQ//afmnhAZKFnHjCfhSuk8e u7mOCcL32+SY2R2i/OSvXzLNo6zAfpqKPjyBT5h/DEYK+bAgHSNeCNCgmmxvrKkg 3Zptyi4+kW+XPcUvAY4yT82JwhpZoR2YTnmGjDQzhLBcIlHRDHUmVblK7XUkBHUV YrCqc6HicqcqCKZT8ZWTWa/K1lfe0xvQWOJYVFN8yF867ThHimyp7XJglEsRjUUQ ygPLRZHZmMNq3Paoz3WQk4v4RDEC+VNVS8DxAvYvN75dSAn7b0v72i2Y64Ox+0BO 2RQcN+PTeHCvGBng3r6PP8gW/nbPQhtu0pCAkARK8xWkTUamWP5H/DvhgzdgO45T em9F+K4NnWtep9VtfE1dYLoe4ktyyqjmojaE+izCXOX/xtQ2V9xKyDHuPZccmLXV p9/fXLSyVEy2NUD9W4x6tkfNdnLMINLfPJzNRT8VCFqu9ebc+ldq3Gg1zCoHaFWx VaOQ9KtelfuNcRLauFy2f5mXkkzf7GKMTgvj636WZBk5fqCCnMF55JJhucV2hD28 I5vKJkfLGDPAXaEuPJut86MZ2bXXEVxhT9i05hb2qVSGocfPuLqwdrOYYJ253wL7 xUmVxWnwEMMK+JKfiMOOW5wdPxrzee6idUBUWZe3y3xqXkTnwFY8KP/CsXV2a7SE Zsm9/kcU2N7xBzHwocvCUys= =l0SR -----END PGP SIGNATURE----- gpgsig -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEo6/YBQwIrVS28WGKmmx57+YAGNkFAmjIH7kACgkQmmx57+YA GNl8kg/9Gy9WbDLCvfu6CKOT5g7Z58jF0z1RetGA92684rCDW3hZuyiAy3nHp3h5 aSkGpJd8hcbJ6S89de7XXY4u0cvFzW8bxX9Zsb7XlKilGdzR5aNs02AHqeJ1BHkV UcVH+zTB/qrg5JIH68RBD2CLDr7ScnlCa/1IgjU0rIuyilPDC/hsoGjazHV9mG0u s9ieaHedVgzruNPtAy7MZyJyehuhgGTZh8mJ6O+AN8qWVSu0EIDYNVaT3dZiG0M+ M1N7C2Hxe0RMWd95+xotnz+o/3ifuqkK5BdsuomZT5X4A2oR7rxYb3En+Wsq7/aq 7x4Gdn+8W4eULKepr3l0wLQYVKCYKxbm1R7rKnfYFDOJFZwOyH/h9H56ouO2bekE h2MsgV7lhKmMhrcAGIN9OsIz9DdPqj4n+z6lqyrCvSsWXGcKtTyTONsrzS3eKTv9 GdfpIkG9pPSlJFH1sO8OegRsolAkxUOx5P/PgdSmiGazKhnBtmFHlXXn+X56fcia kdwNEBZxiynOkGZjgvqtQWYYr2yXD2YOp00eQHI9rzj8tL38zM49aSO8DlG41rhT BK5Q1Qsr+dyCpb0/AUdz71LCAz4cKfIYGRavOpZXoNMi+9/+k+2/natLBOA4jetr wDp3LH8av435LRj/g87zI8n9d7G1NMHaRWJZzOfXquFdTlH3kYk= =z4o4 -----END PGP SIGNATURE----- Merge tag 'tee-prot-dma-buf-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee into soc/drivers TEE protected DMA-bufs for v6.18 - Allocates protected DMA-bufs from a DMA-heap instantiated from the TEE subsystem. - The DMA-heap uses a protected memory pool provided by the backend TEE driver, allowing it to choose how to allocate the protected physical memory. - Three use-cases (Secure Video Playback, Trusted UI, and Secure Video Recording) have been identified so far to serve as examples of what can be expected. - The use-cases have predefined DMA-heap names, "protected,secure-video", "protected,trusted-ui", and "protected,secure-video-record". The backend driver registers protected memory pools for the use-cases it supports. * tag 'tee-prot-dma-buf-for-v6.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee: optee: smc abi: dynamic protected memory allocation optee: FF-A: dynamic protected memory allocation optee: support protected memory allocation tee: add tee_shm_alloc_dma_mem() tee: new ioctl to a register tee_shm from a dmabuf file descriptor tee: refactor params_from_user() tee: implement protected DMA-heap dma-buf: dma-heap: export declared functions optee: sync secure world ABI headers Link: https://lore.kernel.org/r/20250912101752.GA1453408@rayden Signed-off-by: Arnd Bergmann <arnd@arndb.de> |
||
|
Etienne Carriere
|
146bf4e75e |
tee: new ioctl to a register tee_shm from a dmabuf file descriptor
Add a userspace API to create a tee_shm object that refers to a dmabuf reference. Userspace registers the dmabuf file descriptor as in a tee_shm object. The registration is completed with a tee_shm returned file descriptor. Userspace is free to close the dmabuf file descriptor after it has been registered since all the resources are now held via the new tee_shm object. Closing the tee_shm file descriptor will eventually release all resources used by the tee_shm object when all references are released. The new IOCTL, TEE_IOC_SHM_REGISTER_FD, supports dmabuf references to physically contiguous memory buffers. Dmabuf references acquired from the TEE DMA-heap can be used as protected memory for Secure Video Path and such use cases. It depends on the TEE and the TEE driver if dmabuf references acquired by other means can be used. A new tee_shm flag is added to identify tee_shm objects built from a registered dmabuf, TEE_SHM_DMA_BUF. Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Signed-off-by: Olivier Masse <olivier.masse@nxp.com> Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> |
||
|
Phil Sutter
|
4039ce7ef4 |
netfilter: nf_tables: Introduce NFTA_DEVICE_PREFIX
This new attribute is supposed to be used instead of NFTA_DEVICE_NAME
for simple wildcard interface specs. It holds a NUL-terminated string
representing an interface name prefix to match on.
While kernel code to distinguish full names from prefixes in
NFTA_DEVICE_NAME is simpler than this solution, reusing the existing
attribute with different semantics leads to confusion between different
versions of kernel and user space though:
* With old kernels, wildcards submitted by user space are accepted yet
silently treated as regular names.
* With old user space, wildcards submitted by kernel may cause crashes
since libnftnl expects NUL-termination when there is none.
Using a distinct attribute type sanitizes these situations as the
receiving part detects and rejects the unexpected attribute nested in
*_HOOK_DEVS attributes.
Fixes: 6d07a289504a ("netfilter: nf_tables: Support wildcard netdev hook specs")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
|
||
|
Casey Schaufler
|
0ffbc876d0 |
audit: add record for multiple object contexts
Create a new audit record AUDIT_MAC_OBJ_CONTEXTS.
An example of the MAC_OBJ_CONTEXTS record is:
type=MAC_OBJ_CONTEXTS
msg=audit(1601152467.009:1050):
obj_selinux=unconfined_u:object_r:user_home_t:s0
When an audit event includes a AUDIT_MAC_OBJ_CONTEXTS record
the "obj=" field in other records in the event will be "obj=?".
An AUDIT_MAC_OBJ_CONTEXTS record is supplied when the system has
multiple security modules that may make access decisions based
on an object security context.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subj tweak, audit example readability indents]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
||
|
Casey Schaufler
|
eb59d494ee |
audit: add record for multiple task security contexts
Replace the single skb pointer in an audit_buffer with a list of
skb pointers. Add the audit_stamp information to the audit_buffer as
there's no guarantee that there will be an audit_context containing
the stamp associated with the event. At audit_log_end() time create
auxiliary records as have been added to the list. Functions are
created to manage the skb list in the audit_buffer.
Create a new audit record AUDIT_MAC_TASK_CONTEXTS.
An example of the MAC_TASK_CONTEXTS record is:
type=MAC_TASK_CONTEXTS
msg=audit(1600880931.832:113)
subj_apparmor=unconfined
subj_smack=_
When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record the
"subj=" field in other records in the event will be "subj=?".
An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has
multiple security modules that may make access decisions based on a
subject security context.
Refactor audit_log_task_context(), creating a new audit_log_subj_ctx().
This is used in netlabel auditing to provide multiple subject security
contexts as necessary.
Suggested-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subj tweak, audit example readability indents]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
||
|
Lauri Vasama
|
db2ab24a34
|
Add RWF_NOSIGNAL flag for pwritev2
For a user mode library to avoid generating SIGPIPE signals (e.g. because this behaviour is not portable across operating systems) is cumbersome. It is generally bad form to change the process-wide signal mask in a library, so a local solution is needed instead. For I/O performed directly using system calls (synchronous or readiness based asynchronous) this currently involves applying a thread-specific signal mask before the operation and reverting it afterwards. This can be avoided when it is known that the file descriptor refers to neither a pipe nor a socket, but a conservative implementation must always apply the mask. This incurs the cost of two additional system calls. In the case of sockets, the existing MSG_NOSIGNAL flag can be used with send. For asynchronous I/O performed using io_uring, currently the only option (apart from MSG_NOSIGNAL for sockets), is to mask SIGPIPE entirely in the call to io_uring_enter. Thankfully io_uring_enter takes a signal mask, so only a single syscall is needed. However, copying the signal mask on every call incurs a non-zero performance penalty. Furthermore, this mask applies to all completions, meaning that if the non-signaling behaviour is desired only for some subset of operations, the desired signals must be raised manually from user-mode depending on the completed operation. Add RWF_NOSIGNAL flag for pwritev2. This flag prevents the SIGPIPE signal from being raised when writing on disconnected pipes or sockets. The flag is handled directly by the pipe filesystem and converted to the existing MSG_NOSIGNAL flag for sockets. Signed-off-by: Lauri Vasama <git@vasama.org> Link: https://lore.kernel.org/20250827133901.1820771-1-git@vasama.org Reviewed-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Christian Brauner <brauner@kernel.org> |
||
|
Namhyung Kim
|
24fc631539 |
vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER
The VHOST_[GS]ET_FEATURES_ARRAY ioctl already took 0x83 and it would
result in a build error when the vhost uapi header is used for perf tool
build like below.
In file included from trace/beauty/ioctl.c:93:
tools/perf/trace/beauty/generated/ioctl/vhost_virtio_ioctl_array.c: In function ‘ioctl__scnprintf_vhost_virtio_cmd’:
tools/perf/trace/beauty/generated/ioctl/vhost_virtio_ioctl_array.c:36:18: error: initialized field overwritten [-Werror=override-init]
36 | [0x83] = "SET_FORK_FROM_OWNER",
| ^~~~~~~~~~~~~~~~~~~~~
tools/perf/trace/beauty/generated/ioctl/vhost_virtio_ioctl_array.c:36:18: note: (near initialization for ‘vhost_virtio_ioctl_cmds[131]’)
Fixes: 7d9896e9f6d02d8a ("vhost: Reintroduce kthread API and add mode selection")
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Message-Id: <20250819063958.833770-1-namhyung@kernel.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Lei Yang <leiyang@redhat.com>
|
||
|
Linus Torvalds
|
a2e94e8079 |
block-6.17-20250822
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmiobRkQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpnvDEAC6ybsqvNAOSV1Tdk1EQZ/mIrmIb7tVrp/P
zRReWTK9jF7kzOLn2Mqgu0c4RFLCMABXmPb5F2aLx72uSxMSFq2sI9QZCgGzZQeZ
yjOIxFBAPsdgr+gyIOdS3zH04+IKfJw20ojJb83irCgd5M1hpmVwzZ3iGMq8Gs9q
VJQYvKny7tjjpuLpk3DWl7t1J0YV+0sGQhk3iZdWEHrui7mqmfh6DkeB5forTu6z
Gn5e4DNbZvmcvkJQ+Rnkua1UmTZ4hr/+3YV9mqzsWYv+1hOTx/uomGbY7DjSdSyK
vWWNwN97sgAjwhaFgWvB2iRk1pdAb4A3zP+NV1MXheOhHnAT3C6i43DaS1fivone
YKLEqy4v3IzB5WcdlwclJW2qizoLtopu7A4pRURv9v+Q0wb4Q2YM0gRum59QgxZN
+YUhglR5ucazYPmIAxOZMaU/WMIN6m4h3hRa1RkFRNXkBvPGxV2fQxi8exX0QWqf
oxSSfImO0QVjYPlAL7oi0eWwHtqXtebXXdrUNozQdnrEQnimTrxPAuSnfRIv63un
swlaCzfqXXhtl25t9p6Sx7xM7aKF2k7tYnZdSM7JjiOS7KXHFaZcYt3YcoFfdLc7
X/vtT9OQWwnEtqzFKnK8EvcjSN+4KbXwI4neVLmsWK81dwqI2huScB+Xe5eBPidU
6d6dZzUikA==
=mbqK
-----END PGP SIGNATURE-----
Merge tag 'block-6.17-20250822' of git://git.kernel.dk/linux
Pull block fixes from Jens Axboe:
"A set of fixes for block that should go into this tree. A bit larger
than what I usually have at this point in time, a lot of that is the
continued fixing of the lockdep annotation for queue freezing that we
recently added, which has highlighted a number of little issues here
and there. This contains:
- MD pull request via Yu:
- Add a legacy_async_del_gendisk mode, to prevent a user tools
regression. New user tools releases will not use such a mode,
the old release with a new kernel now will have warning about
deprecated behavior, and we prepare to remove this legacy mode
after about a year later
- The rename in kernel causing user tools build failure, revert
the rename in mdp_superblock_s
- Fix a regression that interrupted resync can be shown as
recover from mdstat or sysfs
- Improve file size detection for loop, particularly for networked
file systems, by using getattr to get the size rather than the
cached inode size.
- Hotplug CPU lock vs queue freeze fix
- Lockdep fix while updating the number of hardware queues
- Fix stacking for PI devices
- Silence bio_check_eod() for the known case of device removal where
the size is truncated to 0 sectors"
* tag 'block-6.17-20250822' of git://git.kernel.dk/linux:
block: avoid cpu_hotplug_lock depedency on freeze_lock
block: decrement block_rq_qos static key in rq_qos_del()
block: skip q->rq_qos check in rq_qos_done_bio()
blk-mq: fix lockdep warning in __blk_mq_update_nr_hw_queues
block: tone down bio_check_eod
loop: use vfs_getattr_nosec for accurate file size
loop: Consolidate size calculation logic into lo_calculate_size()
block: remove newlines from the warnings in blk_validate_integrity_limits
block: handle pi_tuple_size in queue_limits_stack_integrity
selftests: ublk: Use ARRAY_SIZE() macro to improve code
md: fix sync_action incorrect display during resync
md: add helper rdev_needs_recovery()
md: keep recovery_cp in mdp_superblock_s
md: add legacy_async_del_gendisk mode
|
||
|
Chen Yu
|
8151320c74 |
ACPI: pfr_update: Fix the driver update version check
The security-version-number check should be used rather
than the runtime version check for driver updates.
Otherwise, the firmware update would fail when the update binary had
a lower runtime version number than the current one.
Fixes: 0db89fa243e5 ("ACPI: Introduce Platform Firmware Runtime Update device driver")
Cc: 5.17+ <stable@vger.kernel.org> # 5.17+
Reported-by: "Govindarajulu, Hariganesh" <hariganesh.govindarajulu@intel.com>
Signed-off-by: Chen Yu <yu.c.chen@intel.com>
Link: https://patch.msgid.link/20250722143233.3970607-1-yu.c.chen@intel.com
[ rjw: Changelog edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
|
||
|
Xiao Ni
|
c27973211f |
md: keep recovery_cp in mdp_superblock_s
commit 907a99c314a5 ("md: rename recovery_cp to resync_offset") replaces
recovery_cp with resync_offset in mdp_superblock_s which is in md_p.h.
md_p.h is used in userspace too. So mdadm building fails because of this.
This patch revert this change.
Fixes: 907a99c314a5 ("md: rename recovery_cp to resync_offset")
Signed-off-by: Xiao Ni <xni@redhat.com>
Link: https://lore.kernel.org/linux-raid/20250815040028.18085-1-xni@redhat.com
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
|
||
|
Linus Torvalds
|
561c80369d |
TTY revert fix for 6.16-rc1
Here is a single revert of one of the previous patches that went in the last tty/serial merge that is breaking userspace on some platforms (specifically powerpc, probably a few others.) It accidentially changed the ioctl values of some tty ioctls, which breaks xorg. The revert has been in linux-next all this week with no reported issues. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -----BEGIN PGP SIGNATURE----- iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCaJdfkg8cZ3JlZ0Brcm9h aC5jb20ACgkQMUfUDdst+ymq2QCgxaxTJGciGevsEi3rcXw+TkS0dq4AniOTgmCb cLQx6kIGVCucA1dOxWr8 =Vzw4 -----END PGP SIGNATURE----- Merge tag 'tty-6.16-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull TTY fix from Greg KH: "Here is a single revert of one of the previous patches that went in the last tty/serial merge that is breaking userspace on some platforms (specifically powerpc, probably a few others.) It accidentially changed the ioctl values of some tty ioctls, which breaks xorg. The revert has been in linux-next all this week with no reported issues" * tag 'tty-6.16-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: Revert "tty: vt: use _IO() to define ioctl numbers" |
||
|
Linus Torvalds
|
2988dfed8a |
block-6.17-20250808
-----BEGIN PGP SIGNATURE-----
iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmiWLjoQHGF4Ym9lQGtl
cm5lbC5kawAKCRD301j7KXHgpvveD/9vbvp3XaF0LagRJLH0fcdhcxL7Z+IHD+7U
v5vICMeoeBhhhOtPJ0y+h/9LMLQWFYDFl6drkY0atSSxp/CK6CB25qFhIDsoA6Qk
RBM/qZ64z4Uxvlc+VQmCqI2EMc/ZrYtrcr7jsornwORoTSEKXVHdyO5k7Q9002Sw
XNWc0bZKIibFlgOk12Wnd8ZS5RWHw1uViUcreojcGVZAVR+BuHNGGoa3xq0bLiHU
ERbQXfjaN28R+eo4E1euCtdf++7tW2kFjClrDmLcszdb27E2+MWMA6AKMiSTBE2k
2e2TvJUcGZs1s8atqSIIjBtmwQW3rKws33zODLMONzOP8CIErcaniHxyDSaxJIJr
kjsdKnwlziL3xVnwQcpgnVOPvvDSKZ4OKEqx8rAuYTqiknpz3uhbt/7EqumuPLHr
e7Rz0MnFolrVN7KZOHQ5CPJIezkEAOAEpItLdfc5cfLS06pbeTN3j+dJZp+tUohi
WP/K3l2N3C5pkXA0ilAzshRF20Rwv/09M85BoqWocTLBJY7WqyIKXywCNdX81wkv
tpbQvp2MpPkJXUIbAh5484BOfCfx9vkYVm2cam2UxXJhR6VfrQCjYfXIjfpqF4jp
q7xxNesUezrOqB2Q/cKxw8dKOaRtO1XzVnmwutBrcKgqqLezMwUTDDjQYe8l6p1Z
40E74tsJwQ==
=EQ7g
-----END PGP SIGNATURE-----
Merge tag 'block-6.17-20250808' of git://git.kernel.dk/linux
Pull more block updates from Jens Axboe:
- MD pull request via Yu:
- mddev null-ptr-dereference fix, by Erkun
- md-cluster fail to remove the faulty disk regression fix, by
Heming
- minor cleanup, by Li Nan and Jinchao
- mdadm lifetime regression fix reported by syzkaller, by Yu Kuai
- MD pull request via Christoph
- add support for getting the FDP featuee in fabrics passthru path
(Nitesh Shetty)
- add capability to connect to an administrative controller
(Kamaljit Singh)
- fix a leak on sgl setup error (Keith Busch)
- initialize discovery subsys after debugfs is initialized
(Mohamed Khalfella)
- fix various comment typos (Bjorn Helgaas)
- remove unneeded semicolons (Jiapeng Chong)
- nvmet debugfs ordering issue fix
- Fix UAF in the tag_set in zloop
- Ensure sbitmap shallow depth covers entire set
- Reduce lock roundtrips in io context lookup
- Move scheduler tags alloc/free out of elevator and freeze lock, to
fix some lockdep found issues
- Improve robustness of queue limits checking
- Fix a regression with IO priorities, if no io context exists
* tag 'block-6.17-20250808' of git://git.kernel.dk/linux: (26 commits)
lib/sbitmap: make sbitmap_get_shallow() internal
lib/sbitmap: convert shallow_depth from one word to the whole sbitmap
nvmet: exit debugfs after discovery subsystem exits
block, bfq: Reorder struct bfq_iocq_bfqq_data
md: make rdev_addable usable for rcu mode
md/raid1: remove struct pool_info and related code
md/raid1: change r1conf->r1bio_pool to a pointer type
block: ensure discard_granularity is zero when discard is not supported
zloop: fix KASAN use-after-free of tag set
block: Fix default IO priority if there is no IO context
nvme: fix various comment typos
nvme-auth: remove unneeded semicolon
nvme-pci: fix leak on sgl setup error
nvmet: initialize discovery subsys after debugfs is initialized
nvme: add capability to connect to an administrative controller
nvmet: add support for FDP in fabrics passthru path
md: rename recovery_cp to resync_offset
md/md-cluster: handle REMOVE message earlier
md: fix create on open mddev lifetime regression
block: fix potential deadlock while running nr_hw_queue update
...
|
||
|
Linus Torvalds
|
24bbfb8920 |
io_uring-6.17-20250808
-----BEGIN PGP SIGNATURE----- iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmiWLk0QHGF4Ym9lQGtl cm5lbC5kawAKCRD301j7KXHgpjl3D/0eZiD3qTmdIcf7GNAoaR/aD4zgICEhwEUf 2bzVFJ7RAZeplPhT2QLAf4CRoDui6iYLXaJONNsZc8r355FLKsZcMVmU8FFBnM6Q chn0wAmv92Jk/fMQWhw1mL4c19jCibTOefzHzm7s2AMhPyhAzlvcMG/Mr9uiNt38 uBXOo9DOkX1fYlUcmYH9v8KDTQBE6UMXeEcDiLvxGUs+JW1hbBAPmh9K3/KJ5qbs wShNL0UOgq5V/GUZqMr6xRqkW++B/6/v6Y/O+wbJ8lgLV97YQi3xemHu3BCx8Kv4 lbvyctUKCTCgQPgnhluu3KuldDkLn3FA7sQ2g1b1FZWkEpqLhgJIRjgGR53GmeHX c58VcRc+MNXf+Lzuy7ZbrYdI6Gbt52Ns+g4S05TNo6ZZW0NGyaZK5aeb7qQyhmnY rCELejwPQKTZv8YfRgV+Kt14x2Z7OdGa49u31JeYUE/IYu9M2FC+XE3//D7Bdz+3 QhU4ZzOW/LRA7xXq/uRb6XK0qRFt34nA+A7jFeKaZbrh6XvXD8VN5MFKkEttcyw5 JCr3jeYV7RbhWuPyKFwAJ4EBn/HnUUEsSEKA5/Rr0tvHkR95ytx+2l3qZfihrCsU jsjSMCn4PZ+L3t2OQ2EaVEeiJ4oB4zwi37GZdQGiMQ7T46RkSzwBam6sJETFGPhF TCL70jIwbg== =LCD/ -----END PGP SIGNATURE----- Merge tag 'io_uring-6.17-20250808' of git://git.kernel.dk/linux Pull io_uring fixes from Jens Axboe: - Allow vectorized payloads for send/send-zc - like sendmsg, but without the hassle of a msghdr. - Fix for an integer wrap that should go to stable, spotted by syzbot. Nothing alarming here, as you need to be root to hit this. Nevertheless, it should get fixed. FWIW, kudos to the syzbot crew for having much nicer reproducers now, and with nicely annotated source code as well. This is particularly useful as syzbot uses the raw interface rather than liburing, historically it's been difficult to turn a syzbot reproducer into a meaningful test case. With the recent changes, not true anymore! * tag 'io_uring-6.17-20250808' of git://git.kernel.dk/linux: io_uring/memmap: cast nr_pages to size_t before shifting io_uring/net: Allow to do vectorized send |
||
|
Linus Torvalds
|
6e64f45803 |
Input updates for v6.17-rc0
- updates to several drivers consuming GPIO APIs to use setters returning error codes - an infrastructure allowing to define "overlays" for touchscreens carving out regions implementing buttons and other elements from a bigger sensors and a corresponding update to st1232 driver - an update to AT/PS2 keyboard driver to map F13-F24 by default - Samsung keypad driver got a facelift - evdev input handler will now bind to all devices using EV_SYN event instead of abusing id->driver_info - 2 new sub-drivers implementing 1A (capacitive buttons) and 21 (forcepad button) functions in Synaptics RMI driver - support for polling mode in Goodix touchscreen driver - support for support for FocalTech FT8716 in edt-ft5x06 driver - support for MT6359 in mtk-pmic-keys driver - removal of pcf50633-input driver since platform it was used on is gone - new definitions for game controller "grip" buttons (BTN_GRIP*) and corresponding changes to xpad and hid-steam controller drivers - a new definition for "performance" key -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQST2eWILY88ieB2DOtAj56VGEWXnAUCaJOUOwAKCRBAj56VGEWX nPJTAQC1hrYgCv1L8hxUukbGH5FFPF2nlk63U78izh/dd7R9fwD+OqrQT7+IEr/5 VBqxiqdy77R1mmYs8RpmjOSTg0MEwwg= =jm8o -----END PGP SIGNATURE----- Merge tag 'input-for-v6.17-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input updates from Dmitry Torokhov: - updates to several drivers consuming GPIO APIs to use setters returning error codes - an infrastructure allowing to define "overlays" for touchscreens carving out regions implementing buttons and other elements from a bigger sensors and a corresponding update to st1232 driver - an update to AT/PS2 keyboard driver to map F13-F24 by default - Samsung keypad driver got a facelift - evdev input handler will now bind to all devices using EV_SYN event instead of abusing id->driver_info - two new sub-drivers implementing 1A (capacitive buttons) and 21 (forcepad button) functions in Synaptics RMI driver - support for polling mode in Goodix touchscreen driver - support for support for FocalTech FT8716 in edt-ft5x06 driver - support for MT6359 in mtk-pmic-keys driver - removal of pcf50633-input driver since platform it was used on is gone - new definitions for game controller "grip" buttons (BTN_GRIP*) and corresponding changes to xpad and hid-steam controller drivers - a new definition for "performance" key * tag 'input-for-v6.17-rc0' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (38 commits) HID: hid-steam: Use new BTN_GRIP* buttons Input: add keycode for performance mode key Input: max77693 - convert to atomic pwm operation Input: st1232 - add touch-overlay handling dt-bindings: input: touchscreen: st1232: add touch-overlay example Input: touch-overlay - add touchscreen overlay handling dt-bindings: touchscreen: add touch-overlay property Input: atkbd - correctly map F13 - F24 Input: xpad - use new BTN_GRIP* buttons Input: Add and document BTN_GRIP* Input: xpad - change buttons the D-Pad gets mapped as to BTN_DPAD_* Documentation: Fix capitalization of XBox -> Xbox Input: synaptics-rmi4 - add support for F1A dt-bindings: input: syna,rmi4: Document F1A function Input: synaptics-rmi4 - add support for Forcepads (F21) Input: mtk-pmic-keys - add support for MT6359 PMIC keys Input: remove special handling of id->driver_info when matching Input: evdev - switch matching to EV_SYN Input: samsung-keypad - use BIT() and GENMASK() where appropriate Input: samsung-keypad - use per-chip parameters ... |
||
|
Linus Torvalds
|
e8214ed59b |
VFIO updates for v6.17-rc1 v2
- Fix imbalance where the no-iommu/cdev device path skips too much
on open, failing to increment a reference, but still decrements
the reference on close. Add bounds checking to prevent such
underflows. (Jacob Pan)
- Fill missing detach_ioas op for pds_vfio_pci, fixing probe failure
when used with IOMMUFD. (Brett Creeley)
- Split SR-IOV VFs to separate dev_set, avoiding unnecessary
serialization between VFs that appear on the same bus.
(Alex Williamson)
- Fix a theoretical integer overflow is the mlx5-vfio-pci variant
driver. (Artem Sadovnikov)
- Implement missing VF token checking support via vfio cdev/IOMMUFD
interface. (Jason Gunthorpe)
- Update QAT vfio-pci variant driver to claim latest VF devices.
(Małgorzata Mielnik)
- Add a cond_resched() call to avoid holding the CPU too long during
DMA mapping operations. (Keith Busch)
-----BEGIN PGP SIGNATURE-----
iQJPBAABCAA5FiEEQvbATlQL0amee4qQI5ubbjuwiyIFAmiTcwAbHGFsZXgud2ls
bGlhbXNvbkByZWRoYXQuY29tAAoJECObm247sIsit4MP/3h6nezTT2sBN6//nbYM
maKV//WBCcaaWfi5kT+I8u6lia0ahPRQsG1qrmvl/ZL5RGSU43N45+R/ahcyo1NP
dd3pc8g7XjLYm8WSfziNzx67DBBiwcycV18vGIvGut4O9CIYzWvn/UTvcWdTd2gk
AEoBOJsmTfdipQCO6/rXJ96HAApEKHfIPLg9GKXOwabBD045CP1/5d/N3DIlZ9B2
rYsb966UxUcS3QZDkSTSjommm5MSOS1MXlxRsn35Ug1OciyPb82qox2jVufVVSKu
Zoan5tLLwN9YlJdiryuC9pvnl+g0T8Xum/ARcLDGLdWEtdfaAjvmdOoigefckDIb
PEWSLttezPs2VeW7v3p3HqW5BmMEFWs2LMah3/drC3BGOpizKEahrDU+hLC0QcAm
+hULbYvZ3IKNcrVvSubLriwt0zm5ihtZ5FUEr2/6JgnuPwMl3WOUaB5h3qBAjZVf
41wmo4ef2vbd9B5dXz8p7BxsePsas2Hnvu4s8sp+JKa0khoRZIgucA8ecSpN5LBv
PxJ4dzcv9LeSPSfExwQSXoMb+Wj9xtRbA5O0U8WzjNmnvRibdZYsjEuA+pJLfAeq
gBwuEzr48WGZEpYfCl2nhezaT6s/OqAhU/uVZJ+3LAV2SJ2nVMGkc5DCPoVB7KOy
f5v+9X4IxZcjHRZgHuWEIWrV
=c3K5
-----END PGP SIGNATURE-----
Merge tag 'vfio-v6.17-rc1-v2' of https://github.com/awilliam/linux-vfio
Pull VFIO updates from Alex Williamson:
- Fix imbalance where the no-iommu/cdev device path skips too much on
open, failing to increment a reference, but still decrements the
reference on close. Add bounds checking to prevent such underflows
(Jacob Pan)
- Fill missing detach_ioas op for pds_vfio_pci, fixing probe failure
when used with IOMMUFD (Brett Creeley)
- Split SR-IOV VFs to separate dev_set, avoiding unnecessary
serialization between VFs that appear on the same bus (Alex
Williamson)
- Fix a theoretical integer overflow is the mlx5-vfio-pci variant
driver (Artem Sadovnikov)
- Implement missing VF token checking support via vfio cdev/IOMMUFD
interface (Jason Gunthorpe)
- Update QAT vfio-pci variant driver to claim latest VF devices
(Małgorzata Mielnik)
- Add a cond_resched() call to avoid holding the CPU too long during
DMA mapping operations (Keith Busch)
* tag 'vfio-v6.17-rc1-v2' of https://github.com/awilliam/linux-vfio:
vfio/type1: conditional rescheduling while pinning
vfio/qat: add support for intel QAT 6xxx virtual functions
vfio/qat: Remove myself from VFIO QAT PCI driver maintainers
vfio/pci: Do vf_token checks for VFIO_DEVICE_BIND_IOMMUFD
vfio/mlx5: fix possible overflow in tracking max message size
vfio/pci: Separate SR-IOV VF dev_set
vfio/pds: Fix missing detach_ioas op
vfio: Prevent open_count decrement to negative
vfio: Fix unbalanced vfio_df_close call in no-iommu mode
|
||
|
Jason Gunthorpe
|
86624ba3b5 |
vfio/pci: Do vf_token checks for VFIO_DEVICE_BIND_IOMMUFD
This was missed during the initial implementation. The VFIO PCI encodes
the vf_token inside the device name when opening the device from the group
FD, something like:
"0000:04:10.0 vf_token=bd8d9d2b-5a5f-4f5a-a211-f591514ba1f3"
This is used to control access to a VF unless there is co-ordination with
the owner of the PF.
Since we no longer have a device name in the cdev path, pass the token
directly through VFIO_DEVICE_BIND_IOMMUFD using an optional field
indicated by VFIO_DEVICE_BIND_FLAG_TOKEN.
Fixes: 5fcc26969a16 ("vfio: Add VFIO_DEVICE_BIND_IOMMUFD")
Tested-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Link: https://lore.kernel.org/r/0-v3-bdd8716e85fe+3978a-vfio_token_jgg@nvidia.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
|
||
|
Marcos Alano
|
89c5214639 |
Input: add keycode for performance mode key
Alienware calls this key "Performance Boost". Dell calls it "G-Mode". The goal is to have a specific keycode to detect when this key is pressed, so userspace can act upon it and do what have to do, usually starting the power profile for performance. Signed-off-by: Marcos Alano <marcoshalano@gmail.com> Link: https://lore.kernel.org/r/20250509193708.2190586-1-marcoshalano@gmail.com Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> |
||
|
Dmitry Torokhov
|
a7bee4e7f7 |
Immutable branch between MFD, GPIO, Input and PWM due for the v6.17 merge window
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEdrbJNaO+IJqU8IdIUa+KL4f8d2EFAmhlNWcACgkQUa+KL4f8 d2FKARAAqS2hF4Kf86wdNBaQofYbabXFIZYCbB4OYN/9bHj0yI2Yz/Z8THbEFxVx e/C7ArAf6iVU9ojVUuTnjAB7Nn2qPQ6SqIkNuzF2M9iZM9P1e//7UBzBJDcPnEKA mYUw6XqrskI59QVqfEs8AC1TYa9QYgNDLtOyEHuQ4YdEn1J4BoO0hS8PRTXATISK aSy9n5OlqqgTmVHY18F/Sps39ZqWx2dDQxH4sfJ4hN3marfdk5AxEKYO+sWpHaVC ahi1qqBni1pUXCFpl5Yf09UhTCwDdvpBGwyoPf5bhH6YB3HXxnP8+53dUXNZh2y1 CVILgPyMfdcMxBjYVSNP+uosnMdPVsM/88SLDiadBe7uAi4Qq2ZKWubXS4TQFkSI Du6uKKSIa630ovt8G9kfnN+wEMaxlPTpJ1sITGc6RScN6Q7h80lNnVXxfJZV961C fvbS1TPByMKr3NB0fqHW5DiKKwEdNgQwgK2uc+qyNIMiRMFMGzUja7c3hEWqGHE9 4vGwiMo+Vfohnq2HAeG17N7CPJynSiqxRUL/aSJRmNRAlFwRW9cbqUQ9d7fkaD9j tiNqzTC8qb0bwhlFTxO8hR/VWPU1L4PY7OghKENYfDV2MyvP0njeHFWpZOw3c68A /lObItFnc4Tq4l2q1WZuuVHFfCvhtNV+ge7wNvfxGLzkK/uGfe0= =Vo0F -----END PGP SIGNATURE----- Merge tag 'ib-mfd-gpio-input-pwm-v6.17' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd into next Merge an immutable branch between MFD, GPIO, Input and PWM to resolve conflicts for the merge window pull request. |
||
|
Linus Torvalds
|
e991acf1bc |
Significant patch series in this pull request:
- The 2 patch series "squashfs: Remove page->mapping references" from
Matthew Wilcox gets us closer to being able to remove page->mapping.
- The 5 patch series "relayfs: misc changes" from Jason Xing does some
maintenance and minor feature addition work in relayfs.
- The 5 patch series "kdump: crashkernel reservation from CMA" from Jiri
Bohac switches us from static preallocation of the kdump crashkernel's
working memory over to dynamic allocation. So the difficulty of
a-priori estimation of the second kernel's needs is removed and the
first kernel obtains extra memory.
- The 5 patch series "generalize panic_print's dump function to be used
by other kernel parts" from Feng Tang implements some consolidation and
rationalizatio of the various ways in which a faiing kernel splats
information at the operator.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCaI+82gAKCRDdBJ7gKXxA
jj4JAP9xb+w9DrBY6sa+7KTPIb+aTqQ7Zw3o9O2m+riKQJv6jAEA6aEwRnDA0451
fDT5IqVlCWGvnVikdZHSnvhdD7TGsQ0=
=rT71
-----END PGP SIGNATURE-----
Merge tag 'mm-nonmm-stable-2025-08-03-12-47' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull non-MM updates from Andrew Morton:
"Significant patch series in this pull request:
- "squashfs: Remove page->mapping references" (Matthew Wilcox) gets
us closer to being able to remove page->mapping
- "relayfs: misc changes" (Jason Xing) does some maintenance and
minor feature addition work in relayfs
- "kdump: crashkernel reservation from CMA" (Jiri Bohac) switches
us from static preallocation of the kdump crashkernel's working
memory over to dynamic allocation. So the difficulty of a-priori
estimation of the second kernel's needs is removed and the first
kernel obtains extra memory
- "generalize panic_print's dump function to be used by other
kernel parts" (Feng Tang) implements some consolidation and
rationalization of the various ways in which a failing kernel
splats information at the operator
* tag 'mm-nonmm-stable-2025-08-03-12-47' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (80 commits)
tools/getdelays: add backward compatibility for taskstats version
kho: add test for kexec handover
delaytop: enhance error logging and add PSI feature description
samples: Kconfig: fix spelling mistake "instancess" -> "instances"
fat: fix too many log in fat_chain_add()
scripts/spelling.txt: add notifer||notifier to spelling.txt
xen/xenbus: fix typo "notifer"
net: mvneta: fix typo "notifer"
drm/xe: fix typo "notifer"
cxl: mce: fix typo "notifer"
KVM: x86: fix typo "notifer"
MAINTAINERS: add maintainers for delaytop
ucount: use atomic_long_try_cmpxchg() in atomic_long_inc_below()
ucount: fix atomic_long_inc_below() argument type
kexec: enable CMA based contiguous allocation
stackdepot: make max number of pools boot-time configurable
lib/xxhash: remove unused functions
init/Kconfig: restore CONFIG_BROKEN help text
lib/raid6: update recov_rvv.c zero page usage
docs: update docs after introducing delaytop
...
|