summaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)Author
2026-04-28wifi: cfg80211: remove HE/SAE H2E required fieldsJohannes Berg
These are not used by any drivers, even the HT/VHT ones are only used by the qtnfmac driver. Remove the fields. Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com> Link: https://patch.msgid.link/20260415144514.a4a3ebb0f95a.Ifadd953e13133e7a45ee3318fb04b2ff9dde62e4@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2026-04-28wifi: nl80211: document channel opmode change channel widthJohannes Berg
The opmode change notification is entirely unused by existing userspace except for printing out the values. As such, there's no need to keep it perfectly accurate, and the implementation in mac80211 doesn't report it correctly today. Add a note in the documentation that it may not differentiate 80+80 and 160. Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com> Link: https://patch.msgid.link/20260415144514.87d5b1ce688f.Ia9a0769d52dcfe56f7b0dff903ed14db3ef04920@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2026-04-28wifi: mac80211: add __packed to union members of struct ieee80211_rx_statusPing-Ke Shih
The arm-linux-gnueabi-gcc compiler, align the field followed by union members, causing size of struct ieee80211_rx_status over skb->cb (48 bytes). By investigation, the union member starts at offset 32, and the offset of next field rate_idx is 36 instead of expected 33, and the total size is (unexpected) 52. When compiling rtw88 driver, it throws: In file included from /work/linux-src/linux-stable/include/linux/string.h:386, from /work/linux-src/linux-stable/include/linux/bitmap.h:13, from /work/linux-src/linux-stable/include/linux/cpumask.h:11, from /work/linux-src/linux-stable/include/linux/smp.h:13, from /work/linux-src/linux-stable/include/linux/lockdep.h:14, from /work/linux-src/linux-stable/include/linux/mutex.h:17, from /work/linux-src/linux-stable/include/linux/kernfs.h:11, from /work/linux-src/linux-stable/include/linux/sysfs.h:16, from /work/linux-src/linux-stable/include/linux/kobject.h:20, from /work/linux-src/linux-stable/include/linux/dmi.h:6, from pci.c:5: In function 'fortify_memcpy_chk', inlined from 'rtw_pci_rx_napi.constprop' at pci.c:1095:4: /work/linux-src/linux-stable/include/linux/fortify-string.h:569:25: warning: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wattribute-warning] 569 | __write_overflow_field(p_size_field, size); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ After this patch, the size of struct ieee80211_rx_status is 48. Signed-off-by: Ping-Ke Shih <pkshih@realtek.com> Link: https://patch.msgid.link/20260411072509.1556635-1-pkshih@realtek.com Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2026-04-28wifi: Update EML function documentation to remove EMLSR-specific referencesPablo Martin-Gomez
Transition Timeout is not specific to EMLSR, and is used by both EMLSR and EMLMR mode. Signed-off-by: Pablo Martin-Gomez <pmartin-gomez@freebox.fr> Link: https://patch.msgid.link/20260410170429.343617-5-pmartin-gomez@freebox.fr Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2026-04-28wifi: Rename EMLSR delay constants and add EMLMR helpers and definitionsPablo Martin-Gomez
In the final version of 802.11be-2024, Transition Delay and Padding Delay subfield are for both EMLSR and EMLMR. Depending if the mode is EMLSR or EMLMR, the interpretation of the encoded value might change. Define all the constants and helpers to interpret delay subfields both in EMLSR and EMLMR mode. Signed-off-by: Pablo Martin-Gomez <pmartin-gomez@freebox.fr> Link: https://patch.msgid.link/20260410170429.343617-4-pmartin-gomez@freebox.fr Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2026-04-28wifi: Remove EMLMR Delay subfield definitionsPablo Martin-Gomez
In the finalized version of 802.11be-2024, the EMLMR delay values have been merged in the EMLSR Padding/Transition Delay subfields and therefore the subfield EMLMR Delay has been converted to a reserved field. Signed-off-by: Pablo Martin-Gomez <pmartin-gomez@freebox.fr> Link: https://patch.msgid.link/20260410170429.343617-3-pmartin-gomez@freebox.fr Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2026-04-28wifi: Remove invalid 128TU transition timeout constantPablo Martin-Gomez
In Table 9-417m of 802.11be-2024, Transition Timeout is defined up to value 10 for a Transition Timeout of 64TUs. The value 11 is reserved and does not correspond to a Transition Timeout of 128TUs. Signed-off-by: Pablo Martin-Gomez <pmartin-gomez@freebox.fr> Link: https://patch.msgid.link/20260410170429.343617-2-pmartin-gomez@freebox.fr Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2026-04-27ipmr: Free mr_table after RCU grace period.Kuniyuki Iwashima
With CONFIG_IP_MROUTE_MULTIPLE_TABLES=n, ipmr_fib_lookup() does not check if net->ipv4.mrt is NULL. Since default_device_exit_batch() is called after ->exit_rtnl(), a device could receive IGMP packets and access net->ipv4.mrt during/after ipmr_rules_exit_rtnl(). If ipmr_rules_exit_rtnl() had already cleared it and freed the memory, the access would trigger null-ptr-deref or use-after-free. Let's fix it by using RCU helper and free mrt after RCU grace period. In addition, check_net(net) is added to mroute_clean_tables() and ipmr_cache_unresolved() to synchronise via mfc_unres_lock. This prevents ipmr_cache_unresolved() from putting skb into c->_c.mfc_un.unres.unresolved after mroute_clean_tables() purges it. For the same reason, timer_shutdown_sync() is moved after mroute_clean_tables(). Since rhltable_destroy() holds mutex internally, rcu_work is used, and it is placed as the first member because rcu_head must be placed within <4K offset. mr_table is alraedy 3864 bytes without rcu_work. Note that IP6MR is not yet converted to ->exit_rtnl(), so this change is not needed for now but will be. Fixes: b22b01867406 ("ipmr: Convert ipmr_net_exit_batch() to ->exit_rtnl().") Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> Link: https://patch.msgid.link/20260423053456.4097409-1-kuniyu@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-04-27Merge tag 'fsnotify_for_v7.1-rc2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull fsnotify fixes from Jan Kara: "Three fixes for fsnotify / fanotify" * tag 'fsnotify_for_v7.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: fsnotify: fix inode reference leak in fsnotify_recalc_mask() fanotify: Fix spelling mistake "enforecement" -> "enforcement" fanotify: fix false positive on permission events
2026-04-27hfsplus: Add a sanity check for btree node sizeEdward Adam Davis
Syzbot reported an uninit-value bug in [1] with a corrupted HFS+ image, during the file system mounting process, specifically while loading the catalog, a corrupted node_size value of 1 caused the rec_off argument passed to hfs_bnode_read_u16() (within hfs_bnode_find()) to be excessively large. Consequently, the function failed to return a valid value to initialize the off variable, triggering the bug [1]. Every node starts from BTree node descriptor: struct hfs_bnode_desc. So, the size of node cannot be lesser than that. However, technical specification declares that: "The node size (which is expressed in bytes) must be power of two, from 512 through 32,768, inclusive." Add a check for btree node size base on technical specification. [1] BUG: KMSAN: uninit-value in hfsplus_bnode_find+0x141c/0x1600 fs/hfsplus/bnode.c:584 hfsplus_bnode_find+0x141c/0x1600 fs/hfsplus/bnode.c:584 hfsplus_btree_open+0x169a/0x1e40 fs/hfsplus/btree.c:382 hfsplus_fill_super+0x111f/0x2770 fs/hfsplus/super.c:553 get_tree_bdev_flags+0x6e6/0x920 fs/super.c:1694 get_tree_bdev+0x38/0x50 fs/super.c:1717 hfsplus_get_tree+0x35/0x40 fs/hfsplus/super.c:709 vfs_get_tree+0xb3/0x5d0 fs/super.c:1754 fc_mount fs/namespace.c:1193 [inline] Fixes: 8ad2c6a36ac4 ("hfsplus: validate b-tree node 0 bitmap at mount time") Reported-by: syzbot+217eb327242d08197efb@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=217eb327242d08197efb Signed-off-by: Edward Adam Davis <eadavis@qq.com> Reviewed-by: Viacheslav Dubeyko <slava@dubeyko.com> Signed-off-by: Viacheslav Dubeyko <slava@dubeyko.com> Link: https://lore.kernel.org/r/tencent_5ED373437A697F83A4A446B771577626CD05@qq.com Signed-off-by: Viacheslav Dubeyko <slava@dubeyko.com>
2026-04-27Merge tag 'mailbox-v7.1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jassibrar/mailbox Pull mailbox updates from Jassi Brar: - core: fix NULL message handling and add API to query TX queue slots - test: resolve concurrency bugs, dangling IRQs, and memory leaks - dt-bindings: qcom: add Eliza IPCC - mtk: fix address calculation and pointer handling bugs - cix: resolve SCMI suspend timeouts - misc memory allocation optimizations and cleanups * tag 'mailbox-v7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/jassibrar/mailbox: mailbox: mailbox-test: make data_ready a per-instance variable mailbox: mailbox-test: initialize struct earlier mailbox: mailbox-test: don't free the reused channel mailbox: mailbox-test: handle channel errors consistently mailbox: update kdoc for struct mbox_controller mailbox: add sanity check for channel array mailbox: mailbox-test: free channels on probe error mailbox: prefix new constants with MBOX_ dt-bindings: mailbox: qcom-ipcc: Document the Eliza Inter-Processor Communication Controller mailbox: cix: Add IRQF_NO_SUSPEND to mailbox interrupt mailbox: Fix NULL message support in mbox_send_message() mailbox: remove superfluous internal header mailbox: correct kdoc title for mbox_bind_client mailbox: test: really ignore optional memory resources mailbox: exynos: drop superfluous mbox setting per channel mailbox: mtk-cmdq: Fix CURR and END addr for task insert case mailbox: mtk-vcp-mailbox: Fix the return value in mtk_vcp_mbox_xlate() mailbox: hi6220: kzalloc + kcalloc to kzalloc mailbox: rockchip: kzalloc + kcalloc to kzalloc mailbox: add API to query available TX queue slots
2026-04-27cdrom, scsi: sr: propagate read-only status to block layer via set_disk_ro()Daan De Meyer
The cdrom core never calls set_disk_ro() for a registered device, so BLKROGET on a CD-ROM device always returns 0 (writable), even when the drive has no write capabilities and writes will inevitably fail. This causes problems for userspace that relies on BLKROGET to determine whether a block device is read-only. For example, systemd's loop device setup uses BLKROGET to decide whether to create a loop device with LO_FLAGS_READ_ONLY. Without the read-only flag, writes pass through the loop device to the CD-ROM and fail with I/O errors. systemd-fsck similarly checks BLKROGET to decide whether to run fsck in no-repair mode (-n). The write-capability bits in cdi->mask come from two different sources: CDC_DVD_RAM and CDC_CD_RW are populated by the driver from the MODE SENSE capabilities page (page 0x2A) before register_cdrom() is called, while CDC_MRW_W and CDC_RAM require the MMC GET CONFIGURATION command and were only probed by cdrom_open_write() at device open time. This meant that any attempt to compute the writable state from the full mask at probe time was incorrect, because the GET CONFIGURATION bits were still unset (and cdi->mask is initialized such that capabilities are assumed present). Fix this by factoring the GET CONFIGURATION probing out of cdrom_open_write() into a new exported helper, cdrom_probe_write_features(), and having sr call it from sr_probe() right after get_capabilities() has populated the MODE SENSE bits. register_cdrom() then calls set_disk_ro() based on the full write-capability mask (CDC_DVD_RAM | CDC_MRW_W | CDC_RAM | CDC_CD_RW) so the block layer reflects the drive's actual write support. The feature queries used (CDF_MRW and CDF_RWRT via GET CONFIGURATION with RT=00) report drive-level capabilities that are persistent across media, so a single probe before register_cdrom() is sufficient and the redundant probe at open time is dropped. With set_disk_ro() now accurate, the long-vestigial cd->writeable flag in sr can go: get_capabilities() used to set cd->writeable based on the same four mask bits, but because CDC_MRW_W and CDC_RAM default to "capability present" in cdi->mask and aren't touched by MODE SENSE, the condition that gated cd->writeable was always true, making it unconditionally 1. Replace the corresponding gate in sr_init_command() with get_disk_ro(cd->disk), which turns a previously no-op check into a real one and also catches kernel-internal bio writers that bypass blkdev_write_iter()'s bdev_read_only() check. The sd driver (SCSI disks) does not have this problem because it checks the MODE SENSE Write Protect bit and calls set_disk_ro() accordingly. The sr driver cannot use the same approach because the MMC specification does not define the WP bit in the MODE SENSE device-specific parameter byte for CD-ROM devices. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Daan De Meyer <daan@amutable.com> Reviewed-by: Phillip Potter <phil@philpotter.co.uk> Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Phillip Potter <phil@philpotter.co.uk> Link: https://patch.msgid.link/20260427210139.1400-2-phil@philpotter.co.uk Signed-off-by: Jens Axboe <axboe@kernel.dk>
2026-04-27Merge tag 'nvme-7.1-2026-04-24' of git://git.infradead.org/nvme into block-7.1Jens Axboe
Pull NVMe fixes from Keith: "- Target data transfer size confiruation (Aurelien) - Enable P2P for RDMA (Shivaji Kant) - TCP target updates (Maurizio, Alistair, Chaitanya, Shivam Kumar) - TCP host updates (Alistair, Chaitanya) - Authentication updates (Alistair, Daniel, Chris Leech) - Multipath fixes (John Garry) - New quirks (Alan Cui, Tao Jiang) - Apple driver fix (Fedor Pchelkin) - PCI admin doorbell update fix (Keith)" * tag 'nvme-7.1-2026-04-24' of git://git.infradead.org/nvme: (22 commits) nvme-auth: Hash DH shared secret to create session key nvme-pci: fix missed admin queue sq doorbell write nvme-auth: Include SC_C in RVAL controller hash nvme-tcp: teardown circular locking fixes nvmet-tcp: Don't clear tls_key when freeing sq Revert "nvmet-tcp: Don't free SQ on authentication success" nvme: skip trace completion for host path errors nvme-pci: add quirk for Memblaze Pblaze5 (0x1c5f:0x0555) nvme-multipath: put module reference when delayed removal work is canceled nvme: expose TLS mode nvme-apple: drop invalid put of admin queue reference count nvme-core: fix parameter name in comment nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free nvme-multipath: drop head pointer check in nvme_mpath_clear_current_path() nvme: add quirk NVME_QUIRK_IGNORE_DEV_SUBNQN for 144d:a808 (Samsung PM981/983/970 EVO Plus ) nvmet-tcp: fix race between ICReq handling and queue teardown nvmet-tcp: remove redundant calls to nvmet_tcp_fatal_error() nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers nvme: enable PCI P2PDMA support for RDMA transport nvmet: introduce new mdts configuration entry ...
2026-04-27ACPI: bus: add missing forward declaration to acpi_bus.hBartosz Golaszewski
The header references struct notifier_block but neither includes linux/notifier.h nor contains the relevant forward declaration. Add the latter for correctness. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@oss.qualcomm.com> [ rjw: Subject tweak ] Link: https://patch.msgid.link/20260427112238.132419-1-bartosz.golaszewski@oss.qualcomm.com Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2026-04-27ACPICA: Provide #defines for EINJV2 error typesTony Luck
EINJV2 defined new error types by moving the severity (correctable, uncorrectable non-fatal, uncorrectable fatal) out of the "type". ACPI 6.5 introduced EINJV2 and defined a vendor defined error type using bit 31. This was dropped in ACPI 6.6. Link: https://github.com/acpica/acpica/commit/e82d2d2fd145 Signed-off-by: Tony Luck <tony.luck@intel.com> Link: https://patch.msgid.link/20260421150216.11666-2-tony.luck@intel.com Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2026-04-27bpf: range_within() must check cnum ranges instead of min/max pairsEduard Zingerman
states.c:range_within() must be updated to properly check if cnum-based range in an old state is a superset of a range in the cur state. Currently it makes the decision using min/max accessors: reg_umin(old) <= reg_umin(cur) <= reg_umax(old) This is wrong for cnums that cross both UT_MAX/0 and ST_MAX/ST_MIN boundaries. Consider cnum32{base=0x7FFFFFF0, size=0x80000020}, which represents values [0x7FFFFFF0, ..., U32_MAX, 0, ..., 0x10]. Its projections are u32_min/max=0/U32_MAX, s32_min/max=S32_MIN/MAX. A register with range [0x100, 0x200] (which lies entirely in the gap of the wrapping range) would pass the min/max check despite having no overlap with the actual cnum arc. This commit replaces min/max comparison with cnum{32,64}_is_subset() operation. The operation implementation is verified using cbmc model checker in [1]. [1] https://github.com/eddyz87/cnum-verif/ Fixes: bbc631085503 ("bpf: replace min/max fields with struct cnum{32,64}") Signed-off-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/r/20260425-cnum-range-within-v1-1-2fdca70cb09d@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-27usb: udc: pxa: remove unused platform_dataArnd Bergmann
None of the remaining boards put useful data into the platform_data structures, so effectively this only works with DT based probing. Remove all code that references this data, to stop using the legacy gpiolib interfaces. The pxa27x version already supports gpio descriptors, while the pxa25x version now does it the same way. Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Arnd Bergmann <arnd@arndb.de> Link: https://patch.msgid.link/20260427143300.2887692-1-arnd@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2026-04-27PCI/P2PDMA: Avoid returning a provider for non_mappable_barsMatt Evans
Extend the checks in pcim_p2pdma_init() and pcim_p2pdma_provider() to exclude functions that have pdev->non_mappable_bars set. Consumers such as VFIO were previously able to map these for access by the CPU or P2P. Update the comment on non_mappable_bars to show it refers to any access, not just userspace CPU access. Fixes: 372d6d1b8ae3c ("PCI/P2PDMA: Refactor to separate core P2P functionality from memory allocation") Suggested-by: Alex Williamson <alex@shazbot.org> Signed-off-by: Matt Evans <mattev@meta.com> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Reviewed-by: Niklas Schnelle <schnelle@linux.ibm.com> Reviewed-by: Alex Williamson <alex@shazbot.org> Link: https://patch.msgid.link/20260423173051.1999679-1-mattev@meta.com
2026-04-27mtd: spinand: Add support for packed read data ODTR commandsMiquel Raynal
Some devices stuff address bits in the double byte opcode (in place of the repeated byte) in order to be able to increase the size of the devices, without adding extra address bytes. Create a flag to identify those devices. When the flag is set, use the "packed" variant for the read data operation. Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
2026-04-27MAINTAINERS: update Liam's email addressLiam R. Howlett
Switching to private email address. Update all contact information Add an entry to mailmap at the same time. Link: https://lore.kernel.org/20260422184310.2682901-1-liam@infradead.org Signed-off-by: Liam R. Howlett <liam@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2026-04-27mm/vma: do not try to unmap a VMA if mmap_prepare() invoked from mmap()Lorenzo Stoakes
The mmap_prepare hook functionality includes the ability to invoke mmap_prepare() from the mmap() hook of existing 'stacked' drivers, that is ones which are capable of calling the mmap hooks of other drivers/file systems (e.g. overlayfs, shm). As part of the mmap_prepare action functionality, we deal with errors by unmapping the VMA should one arise. This works in the usual mmap_prepare case, as we invoke this action at the last moment, when the VMA is established in the maple tree. However, the mmap() hook passes a not-fully-established VMA pointer to the caller (which is the motivation behind the mmap_prepare() work), which is detached. So attempting to unmap a VMA in this state will be problematic, with the most obvious symptom being a warning in vma_mark_detached(), because the VMA is already detached. It's also unncessary - the mmap() handler will clean up the VMA on error. So to fix this issue, this patch propagates whether or not an mmap action is being completed via the compatibility layer or directly. If the former, then we do not attempt VMA cleanup, if the latter, then we do. This patch also updates the userland VMA tests to reflect the change. Link: https://lore.kernel.org/20260421102150.189982-1-ljs@kernel.org Fixes: ac0a3fc9c07d ("mm: add ability to take further action in vm_area_desc") Signed-off-by: Lorenzo Stoakes <ljs@kernel.org> Reported-by: syzbot+db390288d141a1dccf96@syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/69e69734.050a0220.24bfd3.0027.GAE@google.com/ Cc: David Hildenbrand <david@kernel.org> Cc: Jann Horn <jannh@google.com> Cc: Liam Howlett <liam.howlett@oracle.com> Cc: Michal Hocko <mhocko@suse.com> Cc: Mike Rapoport <rppt@kernel.org> Cc: Pedro Falcato <pfalcato@suse.de> Cc: Suren Baghdasaryan <surenb@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
2026-04-27Merge branch 'v7.2-shared/socids' into v7.2-clk/nextHeiko Stuebner
2026-04-27soc: rockchip: rk3588: add SYS_GRF SOC_CON6 register offsetDaniele Briguglio
Add the RK3588_SYSGRF_SOC_CON6 register offset to the RK3588 GRF header. This register contains the I2S MCLK output to IO gate bits, needed by the clock driver. Signed-off-by: Daniele Briguglio <hello@superkali.me> Reviewed-by: Nicolas Frattaroli <nicolas.frattaroli@collabora.com> Link: https://patch.msgid.link/20260419-rk3588-mclk-gate-grf-v4-4-513a42dd1dcc@superkali.me Signed-off-by: Heiko Stuebner <heiko@sntech.de>
2026-04-27dt-bindings: clock: rockchip,rk3588-cru: add I2S MCLK output to IO clock IDsDaniele Briguglio
Add clock identifiers for the four I2S MCLK output to IO gate clocks on RK3588, needed by board DTS files where the codec requires MCLK from the SoC on an external IO pin. Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@oss.qualcomm.com> Signed-off-by: Daniele Briguglio <hello@superkali.me> Tested-by: Ricardo Pardini <ricardo@pardini.net> Link: https://patch.msgid.link/20260419-rk3588-mclk-gate-grf-v4-1-513a42dd1dcc@superkali.me Signed-off-by: Heiko Stuebner <heiko@sntech.de>
2026-04-27dt-bindings: clock: renesas,cpg-clocks: Document ZT/ZTR trace clock on ↵Marek Vasut
R-Mobile A1 Document the ZT trace bus and ZTR trace clocks on R-Mobile A1. These clocks supply the coresight tracing modules, PTM, TPIU, ETB and replicator. Without these clocks, coresight tracing can not be operated. While this does change the ABI, it does so by extending the existing clock-output-names, therefore if old software is used with new DT, the coresight tracing parts will likely fail to probe, otherwise if new software is used with an old DT, there is no impact. Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@oss.qualcomm.com> Signed-off-by: Marek Vasut <marek.vasut+renesas@mailbox.org> Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be> Link: https://patch.msgid.link/20260422233744.149872-2-marek.vasut+renesas@mailbox.org Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
2026-04-27misc: Remove old APDS990x driverSvyatoslav Ryhel
The APDS990x driver in misc lacks DeviceTree support, and no mainline pre-DT board files configured this device using apds990x_platform_data. This driver belongs to a legacy group of ambient light sensor drivers in drivers/misc/ that predates the migration to DT and the standard IIO ABI. Since the Avago APDS9900/9901 ALS/Proximity sensor is now supported by the tsl2772 IIO driver and there are no active users in the kernel tree, remove this old implementation. Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Svyatoslav Ryhel <clamor95@gmail.com> Signed-off-by: Jonathan Cameron <jic23@kernel.org>
2026-04-27iio: ABI: Add quaternion axis modifierFrancesco Lavra
This modifier applies to the IIO_ROT channel type, and indicates a data representation that specifies the {x, y, z} components of the normalized quaternion vector. Signed-off-by: Francesco Lavra <flavra@baylibre.com> Reviewed-by: David Lechner <dlechner@baylibre.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
2026-04-27iio: ABI: Add support for floating-point numbers in buffer scan elementsFrancesco Lavra
In the data storage description of a scan element, the first character after the colon can have the values 's' and 'u' to specify signed and unsigned integers, respectively. Add 'f' as an allowed value to specify floating-point numbers formatted according to the IEEE 754 standard. Signed-off-by: Francesco Lavra <flavra@baylibre.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
2026-04-27iio: Replace 'sign' field with union in struct iio_scan_typeFrancesco Lavra
This field is used to differentiate between signed and unsigned integers. A following commit will extend its use in order to add support for non- integer scan elements; therefore, replace it with a union that contains a more generic 'format' field. This union will be dropped when all drivers are changed to use the format field. Opportunistically replace character literals with symbolic constants that represent the set of allowed values for the format field. Signed-off-by: Francesco Lavra <flavra@baylibre.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
2026-04-27iio: buffer: fix timestamp alignment when quaternion in scanDavid Lechner
Fix timestamp alignment when a scan buffer contains an element larger than sizeof(int64_t). Currently s32 quaternions are the only such element, and the one driver that has this (hid-sensor-rotation) has a workaround in place already so this change does not affect it. Previously, we assumed that the timestamp would always be 8-byte aligned relative to the end of the scan buffer, but in the case of a scan buffer a 16-byte quaternion vector, scan_bytes == 32, but the timestamp needs to be placed at offset 16, not 24. ts_offset is now a value in bytes so we have to change how the array access is done. Signed-off-by: David Lechner <dlechner@baylibre.com> Reviewed-by: Nuno Sá <nuno.sa@analog.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
2026-04-27iio: buffer: cache timestamp offset in scan bufferDavid Lechner
Cache the offset (in bytes) for the timestamp element in a scan buffer. This will be used later to ensure proper alignment of the timestamp element in the scan buffer. The new field could not be placed in struct iio_dev_opaque because we will need to access it in a static inline function later, so we make it __private instead. It is only intended to be used by core IIO code. Signed-off-by: David Lechner <dlechner@baylibre.com> Reviewed-by: Nuno Sá <nuno.sa@analog.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
2026-04-27Merge drm/drm-next into drm-misc-nextThomas Zimmermann
Getting fixes and updates from v7.1-rc1. Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
2026-04-27Merge drm/drm-fixes into drm-misc-fixesThomas Zimmermann
Getting fixes and updates from v7.1-rc1. Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>
2026-04-26Merge branch '7.1/scsi-queue' into 7.1/scsi-fixesMartin K. Petersen
Pull in remaining commits from 7.1/scsi-queue. Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2026-04-26driver core: Replace dev->offline + ->offline_disabled with accessorsDouglas Anderson
In C, bitfields are not necessarily safe to modify from multiple threads without locking. Switch "offline" and "offline_disabled" over to the "flags" field so modifications are safe. Cc: Rafael J. Wysocki <rafael@kernel.org> Acked-by: Mark Brown <broonie@kernel.org> Reviewed-by: Rafael J. Wysocki (Intel) <rafael@kernel.org> Reviewed-by: Danilo Krummrich <dakr@kernel.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Douglas Anderson <dianders@chromium.org> Link: https://patch.msgid.link/20260406162231.v5.9.I897d478b4a9361d79cd5073207c1062fd4d0d0e4@changeid Signed-off-by: Danilo Krummrich <dakr@kernel.org>
2026-04-26driver core: Replace dev->of_node_reused with dev_of_node_reused()Douglas Anderson
In C, bitfields are not necessarily safe to modify from multiple threads without locking. Switch "of_node_reused" over to the "flags" field so modifications are safe. Cc: Johan Hovold <johan@kernel.org> Acked-by: Mark Brown <broonie@kernel.org> Reviewed-by: Rafael J. Wysocki (Intel) <rafael@kernel.org> Reviewed-by: Danilo Krummrich <dakr@kernel.org> Signed-off-by: Douglas Anderson <dianders@chromium.org> Reviewed-by: Johan Hovold <johan@kernel.org> Acked-by: Manivannan Sadhasivam <mani@kernel.org> # PCI_PWRCTRL Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Marek Szyprowski <m.szyprowski@samsung.com> Link: https://patch.msgid.link/20260406162231.v5.8.I806b8636cd3724f6cd1f5e199318ab8694472d90@changeid Signed-off-by: Danilo Krummrich <dakr@kernel.org>
2026-04-26driver core: Replace dev->dma_coherent with dev_dma_coherent()Douglas Anderson
In C, bitfields are not necessarily safe to modify from multiple threads without locking. Switch "dma_coherent" over to the "flags" field so modifications are safe. Cc: Christoph Hellwig <hch@lst.de> Reviewed-by: Rafael J. Wysocki (Intel) <rafael@kernel.org> Reviewed-by: Danilo Krummrich <dakr@kernel.org> Acked-by: Vinod Koul <vkoul@kernel.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Douglas Anderson <dianders@chromium.org> Link: https://patch.msgid.link/20260406162231.v5.7.If839f6dde98979fce177f70c6c74689a1904ee76@changeid [ Since all DEV_FLAG_DMA_COHERENT accessors are exposed unconditionally, also drop the CONFIG guards around dev_assign_dma_coherent() in device_initialize() to ensure a correct default value. - Danilo ] Signed-off-by: Danilo Krummrich <dakr@kernel.org>
2026-04-26driver core: Replace dev->state_synced with dev_state_synced()Douglas Anderson
In C, bitfields are not necessarily safe to modify from multiple threads without locking. Switch "state_synced" over to the "flags" field so modifications are safe. Cc: Saravana Kannan <saravanak@kernel.org> Reviewed-by: Rafael J. Wysocki (Intel) <rafael@kernel.org> Reviewed-by: Danilo Krummrich <dakr@kernel.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Douglas Anderson <dianders@chromium.org> Link: https://patch.msgid.link/20260406162231.v5.6.Idb4818e1159fef104c7756bfd6e7ba8f374bebcd@changeid Signed-off-by: Danilo Krummrich <dakr@kernel.org>
2026-04-26driver core: Replace dev->dma_ops_bypass with dev_dma_ops_bypass()Douglas Anderson
In C, bitfields are not necessarily safe to modify from multiple threads without locking. Switch "dma_ops_bypass" over to the "flags" field so modifications are safe. Cc: Christoph Hellwig <hch@lst.de> Cc: Alexey Kardashevskiy <aik@ozlabs.ru> Reviewed-by: Rafael J. Wysocki (Intel) <rafael@kernel.org> Reviewed-by: Danilo Krummrich <dakr@kernel.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Douglas Anderson <dianders@chromium.org> Link: https://patch.msgid.link/20260406162231.v5.5.If62b84471ef2c85e7ad250f0468867d6dba965ab@changeid Signed-off-by: Danilo Krummrich <dakr@kernel.org>
2026-04-26driver core: Replace dev->dma_skip_sync with dev_dma_skip_sync()Douglas Anderson
In C, bitfields are not necessarily safe to modify from multiple threads without locking. Switch "dma_skip_sync" over to the "flags" field so modifications are safe. Cc: Alexander Lobakin <aleksander.lobakin@intel.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Christoph Hellwig <hch@lst.de> Reviewed-by: Rafael J. Wysocki (Intel) <rafael@kernel.org> Reviewed-by: Danilo Krummrich <dakr@kernel.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Douglas Anderson <dianders@chromium.org> Link: https://patch.msgid.link/20260406162231.v5.4.Icf072aa4184dd86a88fa8ca195b09d1651984000@changeid Signed-off-by: Danilo Krummrich <dakr@kernel.org>
2026-04-26driver core: Replace dev->dma_iommu with dev_dma_iommu()Douglas Anderson
In C, bitfields are not necessarily safe to modify from multiple threads without locking. Switch "dma_iommu" over to the "flags" field so modifications are safe. Cc: Leon Romanovsky <leon@kernel.org> Cc: Robin Murphy <robin.murphy@arm.com> Cc: Christoph Hellwig <hch@lst.de> Reviewed-by: Rafael J. Wysocki (Intel) <rafael@kernel.org> Reviewed-by: Danilo Krummrich <dakr@kernel.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Douglas Anderson <dianders@chromium.org> Link: https://patch.msgid.link/20260406162231.v5.3.Id20d5973cbff542fea290e13177e9423f5d81342@changeid Signed-off-by: Danilo Krummrich <dakr@kernel.org>
2026-04-26driver core: Replace dev->can_match with dev_can_match()Douglas Anderson
In C, bitfields are not necessarily safe to modify from multiple threads without locking. Switch "can_match" over to the "flags" field so modifications are safe. Cc: Saravana Kannan <saravanak@kernel.org> Reviewed-by: Rafael J. Wysocki (Intel) <rafael@kernel.org> Reviewed-by: Danilo Krummrich <dakr@kernel.org> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Acked-by: Marek Szyprowski <m.szyprowski@samsung.com> Signed-off-by: Douglas Anderson <dianders@chromium.org> Link: https://patch.msgid.link/20260406162231.v5.2.I54b3ae6311ff34ad30227659d91bb109911a4aea@changeid Signed-off-by: Danilo Krummrich <dakr@kernel.org>
2026-04-26drm/edid: add CTA Video Format Data Block supportHamza Mahfooz
Video Format Data Blocks (VFDBs) contain the necessary information that needs to be fed to the Optimized Video Timings (OVT) Algorithm. Also, we require OVT support to cover modes that aren't supported by earlier standards (e.g. CVT). So, parse all of the relevant VFDB data and feed it to the OVT Algorithm, to extract all of the missing OVT modes. Suggested-by: Karol Herbst <kherbst@redhat.com> Signed-off-by: Hamza Mahfooz <someguy@effective-light.com> Link: https://patch.msgid.link/20260225175709.408010-1-someguy@effective-light.com
2026-04-25Merge tag 'for-next-tpm-7.1-rc1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd Pull tpm updates from Jarkko Sakkinen: "Here are the accumulated fixes for 7.1-rc1 and a single structural change worth mentioning separately: Rafael's commit converting tpm_crb from ACPI driver to a platform driver" * tag 'for-next-tpm-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: tpm: tpm_tis: stop transmit if retries are exhausted tpm: tpm_tis: add error logging for data transfer tpm: avoid -Wunused-but-set-variable tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public() tpm: Fix auth session leak in tpm2_get_random() error path tpm: i2c: atmel: fix block comment formatting tpm_crb: Convert ACPI driver to a platform one tpm: Make tcpci_pm_ops variable static const
2026-04-24bpf: replace min/max fields with struct cnum{32,64}Eduard Zingerman
Replace eight independent s64, u64, s32, u32 min/max fields in bpf_reg_state with two circular number fields: - cnum64 for a unified signed/unsigned 64-bit range tracking; - cnum32 for a unified signed/unsigned 32-bit range tracking. Each cnum represents a range as a single arc on the circular number line (base + size), from which signed and unsigned bounds are derived on demand via accessor functions introduced in the preceding commit. Notable changes: - Signed<->unsigned deductions in __reg_deduce_bounds() are removed. - 64<->32 bit deductions are replaced with: - reg->r32 = cnum32_intersect(reg->r32, cnum32_from_cnum64(reg->r64)); this is functionally equivalent to the old code. - reg->r64 = cnum64_cnum32_intersect(reg->r64, reg->r32); this handles a few additional cases, see commit message for "bpf: representation and basic operations on circular numbers". - regs_refine_cond_op() now computes results in terms of operations on sets, e.g. for JNE: /* Complement of the range [val, val] as cnum64. */ lo = (struct cnum64){ val + 1, U64_MAX - 1 }; reg1->r64 = cnum64_intersect(reg1->r64, lo); - For add, sub operations on scalars replace explicit bounds computations with cnum{32,64}_{add,negate}. - For add, sub operations on pointers deduplicate with arithmetic operations on scalars and use cnum{32,64}_{add,negate}. - For and, or, xor operations on scalars remove explicit signed bounds computations. - range_bounds_violation() reduces to checking cnum_is_empty(). - const_tnum_range_mismatch() reduces to checking cnum_is_const(). Selftest adjustments: a few existing tests are updated because a single cnum arc cannot always represent what the old system expressed as the intersection of independent signed and unsigned ranges. For example, if the old system tracked u64=[0, U64_MAX-U32_MAX+2] and s64=[S64_MIN+2, 2] independently, their intersection is a tight two-point set. A single cnum must pick the shorter arc, losing the other constraint. These cases are documented with comments in the adjusted tests. reg_bounds.c is updated with logic similar to cnum64_cnum32_intersect(). Instead of using cnums it inspects intersection between 'b' and first / last / next-after-first / previous-before-last sub-ranges of 'a'. reg_bounds.c is also updated to skip test cases that rely in signed and unsigned ranges intersecting in two intervals, as such cases are not representable by a single cnum. The following "crafted" test cases are affected: - reg_bounds_crafted/(s64)[0xffffffffffff8000; 0x7fff] (u32)<op> [0; 0x1f] - reg_bounds_crafted/(s64)[0; 0x1f] (u32)<op> [0xffffffffffffff80; 0x7f] - reg_bounds_crafted/(s64)[0xffffffffffffff80; 0x7f] (u32)<op> [0; 0x1f] - reg_bounds_crafted/(u64)[0; 1] (s32)<op> [1; 2147483648] - reg_bounds_crafted/(u64)[1; 2147483648] (s32)<op> [0; 1] - reg_bounds_crafted/(u64)[0; 0xffffffff00000000] (s64)<op> 0 - reg_bounds_crafted/(u64)0 (s64)<op> [0; 0xffffffff00000000] - reg_bounds_crafted/(u64)[0; 0xffffffff00000000] (s32)<op> 0 - reg_bounds_crafted/(u64)0 (s32)<op> [0; 0xffffffff00000000] - reg_bounds_crafted/(s64)[S64_MIN; 0] (u64)<op> S64_MIN - reg_bounds_crafted/(s64)S64_MIN (u64)<op> [S64_MIN; 0] - reg_bounds_crafted/(s32)[S32_MIN; 0] (u32)<op> S32_MIN - reg_bounds_crafted/(s32)S32_MIN (u32)<op> [S32_MIN; 0] - reg_bounds_crafted/(s64)[0; 0x1f] (u32)<op> [0xffffffff80000000; 0x7fffffff] - reg_bounds_crafted/(s64)[0xffffffff80000000; 0x7fffffff] (u32)<op> [0; 0x1f] - reg_bounds_crafted/(s64)[0; 0x1f] (u32)<op> [0xffffffffffff8000; 0x7fff] As well as some reg_bounds_roand_{consts,ranges}_A_B, where A and B differ in sign domain. Signed-off-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/r/20260424-cnums-everywhere-rfc-v1-v3-3-ca434b39a486@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-24bpf: use accessor functions for bpf_reg_state min/max fieldsEduard Zingerman
Replace direct access to bpf_reg_state->{smin,smax,umin,umax, s32_min,s32_max,u32_min,u32_max}_value with getter/setter inline functions, preparing for future switch to cnum-based internal representation. Signed-off-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/r/20260424-cnums-everywhere-rfc-v1-v3-2-ca434b39a486@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-24bpf: representation and basic operations on circular numbersEduard Zingerman
This commit adds basic definitions for cnum32/cnum64. This is a unified numeric range representation for signed and unsigned domains. Inspired by an old post from Shung-Hsi Yu [1] and paper [2]. Operations correctness is verified using cbmc model checker, tests source code can be found in a separate repo [3]. The cnum64_cnum32_intersect() function is notable, because it handled several cases verifier.c:deduce_bounds_64_from_32() does not. Given: - a is a 64-bit range - b is a 32-bit range - t is a refined 64-bit range, such that ∀ v ∈ a, (u32)v ∈ b: v ∈ t. cnum64_cnum32_intersect() makes the following deductions: (A): 'b' is a sub-range of the first or the last 32-bit sub-range of 'a': 64-bit number axis ---> N*2^32 (N+1)*2^32 (N+2)*2^32 (N+3)*2^32 ||------|---|=====|-------||----------|=====|-------||----------|=====|----|--|| | |< b >| |< b >| |< b >| | | | | | |<--+--------------------------- a ---------------------------+--->| | | |<-------------------------- t -------------------------->| (B) 'b' does not intersect with the first of the last 32-bit sub-range of 'a': N*2^32 (N+1)*2^32 (N+2)*2^32 (N+3)*2^32 ||--|=====|----|----------||--|=====|---------------||--|=====|------------|--|| |< b >| | |< b >| |< b >| | | | | | |<-------------+--------- a -------------------|----------->| | | |<-------- t ------------------>| (C) 'b' crosses 0/U32_MAX boundary: N*2^32 (N+1)*2^32 (N+2)*2^32 (N+3)*2^32 ||===|---------|------|===||===|----------------|===||===|---------|------|===|| |b >| | |< b||b >| |< b||b >| | |< b| | | | | |<-----+----------------- a --------------+-------->| | | |<---------------- t ------------->| Current implementation of deduce_bounds_64_from_32() only handles case (A). [1] https://lore.kernel.org/all/ZTZxoDJJbX9mrQ9w@u94a/ [2] https://jorgenavas.github.io/papers/ACM-TOPLAS-wrapped.pdf [3] https://github.com/eddyz87/cnum-verif/tree/master Signed-off-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/r/20260424-cnums-everywhere-rfc-v1-v3-1-ca434b39a486@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-04-24Merge tag 'block-7.1-20260424' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux Pull block fixes from Jens Axboe: - Series for zloop, fixing a variety of issues - t10-pi code cleanup - Fix for a merge window regression with the bio memory allocation mask - Fix for a merge window regression in ublk, caused by an issue with the maple tree iteration code at teardown - ublk self tests additions - Zoned device pgmap fixes - Various little cleanups and fixes * tag 'block-7.1-20260424' of git://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux: (21 commits) Revert "floppy: fix reference leak on platform_device_register() failure" ublk: avoid unpinning pages under maple tree spinlock ublk: refactor common helper ublk_shmem_remove_ranges() ublk: fix maple tree lockdep warning in ublk_buf_cleanup selftests: ublk: add ublk auto integrity test selftests: ublk: enable test_integrity_02.sh on fio 3.42 selftests: ublk: remove unused argument to _cleanup block: only restrict bio allocation gfp mask asked to block block/blk-throttle: Add WQ_PERCPU to alloc_workqueue users block: Add WQ_PERCPU to alloc_workqueue users block: relax pgmap check in bio_add_page for compatible zone device pages block: add pgmap check to biovec_phys_mergeable floppy: fix reference leak on platform_device_register() failure ublk: use unchecked copy helpers for bio page data t10-pi: reduce ref tag code duplication zloop: remove irq-safe locking zloop: factor out zloop_mark_{full,empty} helpers zloop: set RQF_QUIET when completing requests on deleted devices zloop: improve the unaligned write pointer warning zloop: use vfs_truncate ...
2026-04-24Merge tag 'nfs-for-7.1-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfsLinus Torvalds
Pull NFS client updates from Trond Myklebust: "Bugfixes: - Fix handling of ENOSPC so that if we have to resend writes, they are written synchronously - SUNRPC RDMA transport fixes from Chuck - Several fixes for delegated timestamps in NFSv4.2 - Failure to obtain a directory delegation should not cause stat() to fail with NFSv4 - Rename was failing to update timestamps when a directory delegation is held on NFSv4 - Ensure we check rsize/wsize after crossing a NFSv4 filesystem boundary - NFSv4/pnfs: - If the server is down, retry the layout returns on reboot - Fallback to MDS could result in a short write being incorrectly logged Cleanups: - Use memcpy_and_pad in decode_fh" * tag 'nfs-for-7.1-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (21 commits) NFS: Fix RCU dereference of cl_xprt in nfs_compare_super_address NFS: remove redundant __private attribute from nfs_page_class NFSv4.2: fix CLONE/COPY attrs in presence of delegated attributes NFS: fix writeback in presence of errors nfs: use memcpy_and_pad in decode_fh NFSv4.1: Apply session size limits on clone path NFSv4: retry GETATTR if GET_DIR_DELEGATION failed NFS: fix RENAME attr in presence of directory delegations pnfs/flexfiles: validate ds_versions_cnt is non-zero NFS/blocklayout: print each device used for SCSI layouts xprtrdma: Post receive buffers after RPC completion xprtrdma: Scale receive batch size with credit window xprtrdma: Replace rpcrdma_mr_seg with xdr_buf cursor xprtrdma: Decouple frwr_wp_create from frwr_map xprtrdma: Close lost-wakeup race in xprt_rdma_alloc_slot xprtrdma: Avoid 250 ms delay on backlog wakeup xprtrdma: Close sendctx get/put race that can block a transport nfs: update inode ctime after removexattr operation nfs: fix utimensat() for atime with delegated timestamps NFS: improve "Server wrote zero bytes" error ...
2026-04-24Merge tag '9p-for-7.1-rc1' of https://github.com/martinetd/linuxLinus Torvalds
Pull 9p updates from Dominique Martinet: - 9p access flag fix (cannot change access flag since new mount API implem) - some minor cleanup * tag '9p-for-7.1-rc1' of https://github.com/martinetd/linux: 9p/trans_xen: replace simple_strto* with kstrtouint 9p/trans_xen: make cleanup idempotent after dataring alloc errors 9p: document missing enum values in kernel-doc comments 9p: fix access mode flags being ORed instead of replaced 9p: fix memory leak in v9fs_init_fs_context error path