Prepare qcom-next based on tag 'Linux 6.16-rc1' of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git#31
Closed
sgaud-quic wants to merge 92 commits intoqualcomm-linux:qcom-next-stagingfrom
Conversation
Add prune.config fragment to disable support for non-Qualcomm architectures. This helps reduce boot image size and improves kernel build KPIs by trimming unnecessary configuration options. Signed-off-by: Komal Bajaj <quic_kbajaj@quicinc.com>
sa8775p-ride firmware supports vendor-defined SYSTEM_RESET2 types. Describe the reset types: "bootloader" will cause device to reboot and stop in the bootloader's fastboot mode. "edl" will cause device to reboot into "emergency download mode", which permits loading images via the Firehose protocol. Link: https://lore.kernel.org/r/20250303-arm-psci-system_reset2-vendor-reboots-v9-5-b2cf4a20feda@oss.qualcomm.com Co-developed-by: Shivendra Pratap <quic_spratap@quicinc.com> Signed-off-by: Shivendra Pratap <quic_spratap@quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
Now some chips which support 'support_dual_stations' will enable DBS, but will disable DFS. Restructure the ath11k_mac_setup_iface_combinations function to support DBS and DFS compatibility. About 'support_dual_station' feature can refer: https://msgid.link/20230714023801.2621802-2-quic_cjhuang@quicinc.com Add a ieee80211_iface_combination to support DBS and DFS compatibility, one combination can support DFS(same with non dual sta), another combination can support DBS. When running different scenarios that will use different ieee80211_iface_combination due to mac80211 will go through all of possible interface combinations. In addition, maximum number of interfaces of these types should be total allowed in this group. The chips affected are: QCA6390 hw2.0 WCN6855 hw2.0 WCN6855 hw2.1 Other chips are not affected. Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.1.0.1-00410-QCAHKSWPL_SILICONZ-2 Tested-on: IPQ6018 hw1.0 AHB WLAN.HK.2.1.0.1-01161-QCAHKSWPL_SILICONZ-1 Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-04402-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1. Tested-on: QCA6390 hw2.0 PCI WLAN.HST.1.0.1-05266-QCAHSTSWPLZ_V2_TO_X86-1 Reviewed-by: Baochen Qiang <quic_bqiang@quicinc.com> Reviewed-by: Vasanthakumar Thiagarajan <vasanthakumar.thiagarajan@oss.qualcomm.com> Acked-by: Jeff Johnson <quic_jjohnson@quicinc.com> Tested-by: Mihai Moldovan <ionic@ionic.de> Link: https://patch.msgid.link/20241127022742.4016870-1-quic_yuzha@quicinc.com Signed-off-by: Yu Zhang (Yuriy) <quic_yuzha@quicinc.com> Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com> Signed-off-by: Miaoqing Pan <miaoqing.pan@oss.qualcomm.com> Co-authored-by: Yu Zhang(Yuriy) <quic_yuzha@quicinc.com>
SoC vendors have different types of resets and are controlled through
various registers. For instance, Qualcomm chipsets can reboot to a
"download mode" that allows a RAM dump to be collected. Another example
is they also support writing a cookie that can be read by bootloader
during next boot. PSCI offers a mechanism, SYSTEM_RESET2, for these
vendor reset types to be implemented without requiring drivers for every
register/cookie.
Add support in PSCI to statically map reboot mode commands from
userspace to a vendor reset and cookie value using the device tree.
A separate initcall is needed to parse the devicetree, instead of using
psci_dt_init because mm isn't sufficiently set up to allocate memory.
Reboot mode framework is close but doesn't quite fit with the
design and requirements for PSCI SYSTEM_RESET2. Some of these issues can
be solved but doesn't seem reasonable in sum:
1. reboot mode registers against the reboot_notifier_list, which is too
early to call SYSTEM_RESET2. PSCI would need to remember the reset
type from the reboot-mode framework callback and use it
psci_sys_reset.
2. reboot mode assumes only one cookie/parameter is described in the
device tree. SYSTEM_RESET2 uses 2: one for the type and one for
cookie.
3. psci cpuidle driver already registers a driver against the
arm,psci-1.0 compatible. Refactoring would be needed to have both a
cpuidle and reboot-mode driver.
Link: https://lore.kernel.org/r/20250303-arm-psci-system_reset2-vendor-reboots-v9-2-b2cf4a20feda@oss.qualcomm.com
Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Tested-by: Florian Fainelli <florian.fainelli@broadcom.com>
…or QUP SEs Default pinctrl configurations for all QUP (Qualcomm Universal Peripheral) Serial Engines (SEs) are missing in the SoC device tree. These configurations are required by client teams when enabling any SEs as I2C, SPI, or Serial protocols. Add default pin configurations for Serial Engines (SEs) for all supported protocols, including I2C, SPI, and UART, to the sa8775p device tree. This change facilitates slave device driver clients to enable usecase with minimal modifications. Remove duplicate pin configurations from target-specific file as same pin configuration is included in the SoC device tree. Link: https://lore.kernel.org/r/20250509090443.4107378-1-quic_vdadhani@quicinc.com Acked-by: Mukesh Kumar Savaliya <quic_msavaliy@quicinc.com> Signed-off-by: Viken Dadhaniya <quic_vdadhani@quicinc.com>
…board QCS9075 is compatible Industrial-IOT grade variant of SA8775p SOC. Unlike QCS9100, it doesn't have safety monitoring feature of Safety-Island(SAIL) subsystem, which affects thermal management. qcs9075-iq-9075-evk board is based on QCS9075 SOC. Link: https://lore.kernel.org/r/20250528122753.3623570-2-quic_wasimn@quicinc.com Signed-off-by: Wasim Nazir <quic_wasimn@quicinc.com>
…/qcs9075 SA8775P has a memory map which caters to the auto specific requirements. QCS9100 & QCS9075 are its IOT variants (with marketing name as IQ9) which inherit the memory map of SA8775P require a slightly different memory map as compared to SA8775P auto parts. This new memory map is applicable for all the IoT boards which inherit the initial SA8775P memory map. This is not applicable for non-IoT boards. Some new carveouts (viz. gunyah_md and a few pil dtb carveouts) have been introduced as part of firmware updates for IoT. The size and base address have been updated for video PIL carveout compared to SA8775P since it is being brought up for the first time on IoT boards. The base addresses of the rest of the PIL carveouts have been updated to accommodate the change in size of video since PIL regions are relocatable and their functionality is not impacted due to this change. The size of camera pil has also been increased without breaking any feature. The size of trusted apps carveout has also been reduced since it is sufficient to meet IoT requirements. Also, audio_mdf_mem & tz_ffi_mem carveout and its corresponding scm reference has been removed as these are not required for IoT parts. Incorporate these changes in the updated memory map. Link: https://lore.kernel.org/r/20250528122753.3623570-3-quic_wasimn@quicinc.com Signed-off-by: Pratyush Brahma <quic_pbrahma@quicinc.com> Signed-off-by: Prakash Gupta <quic_guptap@quicinc.com> Signed-off-by: Wasim Nazir <quic_wasimn@quicinc.com>
QCS9075 is an IoT variant of SA8775P SOC, most notably without safety monitoring feature of Safety Island(SAIL) subsystem. Add qcs9075-som.dtsi to specifies QCS9075 based SOM having SOC, PMICs, Memory-map updates. Use this SOM for qcs9075-iq-9075-evk board. Link: https://lore.kernel.org/r/20250528122753.3623570-4-quic_wasimn@quicinc.com Signed-off-by: Wasim Nazir <quic_wasimn@quicinc.com>
Add initial device tree support for IQ-9075-EVK board, based on Qualcomm's QCS9075 SOC. Implement basic features like uart/ufs to enable boot to shell. Link: https://lore.kernel.org/r/20250528122753.3623570-5-quic_wasimn@quicinc.com Co-developed-by: Rakesh Kota <quic_kotarake@quicinc.com> Signed-off-by: Rakesh Kota <quic_kotarake@quicinc.com> Co-developed-by: Sayali Lokhande <quic_sayalil@quicinc.com> Signed-off-by: Sayali Lokhande <quic_sayalil@quicinc.com> Signed-off-by: Wasim Nazir <quic_wasimn@quicinc.com>
Add RTC node, the RTC is controlled by PMIC device via spmi bus. Signed-off-by: Tingguo Cheng <quic_tingguoc@quicinc.com> Link: https://lore.kernel.org/r/20240902104302.3959670-1-quic_tingguoc@quicinc.com Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
…d card Document the bindings for the Qualcomm QCS9100 and QCS9075 board specific sound card. The bindings are the same as for other newer Qualcomm ADSP sound cards, thus keep them in existing qcom,sm8250.yaml file, even though Linux driver is separate. Signed-off-by: Mohammad Rafi Shaik <mohammad.rafi.shaik@oss.qualcomm.com> Link: https://patch.msgid.link/20250519083244.4070689-2-mohammad.rafi.shaik@oss.qualcomm.com Signed-off-by: Mark Brown <broonie@kernel.org>
… QCS9075 Add compatibles for sound card on Qualcomm QCS9100 and QCS9075 boards. Signed-off-by: Mohammad Rafi Shaik <mohammad.rafi.shaik@oss.qualcomm.com> Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@oss.qualcomm.com> Link: https://patch.msgid.link/20250519083244.4070689-3-mohammad.rafi.shaik@oss.qualcomm.com Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Signed-off-by: Mark Brown <broonie@kernel.org>
Correct the ngpios entry to account for the UFS_RESET pin being exported as a GPIO in addition to the real GPIOs, allowing the UFS driver to toggle it. Fixes: b698f36 ("pinctrl: qcom: add the tlmm driver for QCS615 platform") Signed-off-by: Lijuan Gao <quic_lijuang@quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Link: https://lore.kernel.org/all/20241219-correct_gpio_ranges-v2-3-19af8588dbd0@quicinc.com/ Signed-off-by: Yuanjie Yang <quic_yuanjiey@quicinc.com>
… for qcs615 Correct the gpio-ranges in the QCS615 TLMM pin controller example to include the UFS_RESET pin, which is expected to be wired to the reset pin of the primary UFS memory. This allows the UFS driver to toggle it. Link: https://lore.kernel.org/r/20250506-correct_gpio_ranges-v3-1-49a7d292befa@quicinc.com Fixes: 55c487e ("dt-bindings: pinctrl: document the QCS615 Top Level Mode Multiplexer") Acked-by: Rob Herring (Arm) <robh@kernel.org> Signed-off-by: Lijuan Gao <quic_lijuang@quicinc.com>
… for qcs8300 Correct the gpio-ranges in the QCS8300 TLMM pin controller example to include the UFS_RESET pin, which is expected to be wired to the reset pin of the primary UFS memory. This allows the UFS driver to toggle it. Link: https://lore.kernel.org/r/20250506-correct_gpio_ranges-v3-2-49a7d292befa@quicinc.com Fixes: 5778535 ("dt-bindings: pinctrl: describe qcs8300-tlmm") Acked-by: Rob Herring (Arm) <robh@kernel.org> Signed-off-by: Lijuan Gao <quic_lijuang@quicinc.com>
Correct the ngpios entry to account for the UFS_RESET pin, which is expected to be wired to the reset pin of the primary UFS memory and is exported as GPIOs in addition to the real GPIOs, allowing the UFS driver to toggle it. Link: https://lore.kernel.org/r/20250506-correct_gpio_ranges-v3-4-49a7d292befa@quicinc.com Fixes: 0c4cd2c ("pinctrl: qcom: add the tlmm driver for QCS8300 platforms") Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Signed-off-by: Lijuan Gao <quic_lijuang@quicinc.com>
The files generated by gen_header.py capture the source path to the input files and the date. While that can be informative, it varies based on where and when the kernel was built as the full path is captured. Since all of the files that this tool is run on is under the drivers directory, this modifies the application to strip all of the path before drivers. Additionally it prints <stripped> instead of the date. Signed-off-by: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Link: https://lore.kernel.org/dri-devel/20250524-binrep-v2-1-09040177218e@oss.qualcomm.com/ Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Komal Bajaj <kbajaj@qti.qualcomm.com>
Add bindings to describe vendor-specific reboot modes. Values here correspond to valid parameters to vendor-specific reset types in PSCI SYSTEM_RESET2 call. Link: https://lore.kernel.org/r/20250303-arm-psci-system_reset2-vendor-reboots-v9-1-b2cf4a20feda@oss.qualcomm.com Reviewed-by: Rob Herring (Arm) <robh@kernel.org> Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
qcm6490-idp firmware supports vendor-defined SYSTEM_RESET2 types. Describe the reset types: "bootloader" will cause device to reboot and stop in the bootloader's fastboot mode. "edl" will cause device to reboot into "emergency download mode", which permits loading images via the Firehose protocol. Link: https://lore.kernel.org/r/20250303-arm-psci-system_reset2-vendor-reboots-v9-3-b2cf4a20feda@oss.qualcomm.com Co-developed-by: Shivendra Pratap <quic_spratap@quicinc.com> Signed-off-by: Shivendra Pratap <quic_spratap@quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org> Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
…ypes qcs6490-rb3gen2 firmware supports vendor-defined SYSTEM_RESET2 types. Describe the reset types: "bootloader" will cause device to reboot and stop in the bootloader's fastboot mode. "edl" will cause device to reboot into "emergency download mode", which permits loading images via the Firehose protocol. Link: https://lore.kernel.org/r/20250303-arm-psci-system_reset2-vendor-reboots-v9-4-b2cf4a20feda@oss.qualcomm.com Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Signed-off-by: Elliot Berman <elliot.berman@oss.qualcomm.com>
Add GPR(Generic Pack router) node along with APM(Audio Process Manager) and PRM(Proxy resource Manager) audio services. Co-developed-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Signed-off-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Link: https://lore.kernel.org/linux-arm-msm/20250527111227.2318021-2-quic_pkumpatl@quicinc.com/ Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Signed-off-by: Mohammad Rafi Shaik <quic_mohs@quicinc.com>
…ution Manage clock settings for ADSP solution and document the clock properties on sc7280 lpass pincontrol node which is required for ADSP based solution. Co-developed-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Signed-off-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Link: https://lore.kernel.org/linux-arm-msm/20250527111227.2318021-3-quic_pkumpatl@quicinc.com/ Signed-off-by: Mohammad Rafi Shaik <quic_mohs@quicinc.com>
Add WSA LPASS macro Codec along with SoundWire controller. Co-developed-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Signed-off-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Link: https://lore.kernel.org/linux-arm-msm/20250527111227.2318021-4-quic_pkumpatl@quicinc.com/ Signed-off-by: Mohammad Rafi Shaik <quic_mohs@quicinc.com>
…lock settings for audioreach Modify and enable WSA, VA, RX and TX lpass macros and lpass_tlmm clock settings. For audioreach solution mclk, npl and fsgen clocks are enabled through the q6prm clock driver. For qcs6490 RX drives clk from TX CORE which is mandated from DSP side, Unlike dedicated core clocks. Core TX clk is used for both RX and WSA as per DSP recommendations. Co-developed-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Signed-off-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Link: https://lore.kernel.org/linux-arm-msm/20250527111227.2318021-5-quic_pkumpatl@quicinc.com/ Signed-off-by: Mohammad Rafi Shaik <quic_mohs@quicinc.com>
…lifier Add nodes for WSA8830 speakers amplifier on qcs6490-rb3gen2 board. Enable lpass_wsa and lpass_va macros along with pinctrl settings for audio. Co-developed-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Signed-off-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Link: https://lore.kernel.org/linux-arm-msm/20250527111227.2318021-6-quic_pkumpatl@quicinc.com/ Signed-off-by: Mohammad Rafi Shaik <quic_mohs@quicinc.com>
Add the sound card node with tested playback over WSA8835 speakers and digital on-board mics. Co-developed-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Signed-off-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Link: https://lore.kernel.org/linux-arm-msm/20250527111227.2318021-7-quic_pkumpatl@quicinc.com/ Signed-off-by: Mohammad Rafi Shaik <quic_mohs@quicinc.com>
…9370 headset codec Add nodes for WSA8830 speakers and WCD9370 headset codec on qcm6490-idp board. Enable lpass macros along with audio support pin controls. Co-developed-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Signed-off-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Link: https://lore.kernel.org/linux-arm-msm/20250527111227.2318021-8-quic_pkumpatl@quicinc.com/ Signed-off-by: Mohammad Rafi Shaik <quic_mohs@quicinc.com>
Add the sound card node with tested playback over WSA8835 speakers, digital on-board mics along with wcd9370 headset playabck and record. Co-developed-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Signed-off-by: Prasad Kumpatla <quic_pkumpatl@quicinc.com> Link: https://lore.kernel.org/linux-arm-msm/20250527111227.2318021-9-quic_pkumpatl@quicinc.com/ Signed-off-by: Mohammad Rafi Shaik <quic_mohs@quicinc.com>
Firmware might hold the DPB buffers for reference in case of sequence change, so skip destroying buffers for which QUEUED flag is not removed. Cc: stable@vger.kernel.org Fixes: 73702f4 ("media: iris: allocate, initialize and queue internal buffers") Link: https://lore.kernel.org/linux-arm-msm/20250509-video-iris-hevc-vp9-v5-1-59b4ff7d331c@quicinc.com/ Reviewed-by: Vikash Garodia <quic_vgarodia@quicinc.com> Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8550-QRD Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8550-HDK Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8650-QRD Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8650-HDK Tested-by: Vikash Garodia <quic_vgarodia@quicinc.com> # on sa8775p-ride Signed-off-by: Dikshita Agarwal <quic_dikshita@quicinc.com>
…on qcs615-ride The timing of sampling at the RX side for qcs615-ride needs adjustment. It varies from board to board. Link: https://lore.kernel.org/r/20241225-support_10m100m-v1-3-4b52ef48b488@quicinc.com Signed-off-by: Yijie Yang <quic_yijiyang@quicinc.com>
Document the components used to boot the ADSP and CDSP on the Qualcomm QCS615 SoC. Use fallback to indicate the compatibility of the remoteproc on the QCS615 with that on the SM8150. Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Signed-off-by: Lijuan Gao <quic_lijuang@quicinc.com> Link: https://lore.kernel.org/r/20250526-add_qcs615_remoteproc_support-v4-1-06a7d8bed0b5@quicinc.com
Document qcom,qcs615-imem compatible. It has a child node for debugging purposes. Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Signed-off-by: Lijuan Gao <quic_lijuang@quicinc.com> Link: https://lore.kernel.org/r/20250526-add_qcs615_remoteproc_support-v4-2-06a7d8bed0b5@quicinc.com
The Shared Memory Point to Point (SMP2P) protocol facilitates communication of a single 32-bit value between two processors. Add these two nodes for remoteproc enablement on QCS615 SoC. Signed-off-by: Kyle Deng <quic_chunkaid@quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Signed-off-by: Lijuan Gao <quic_lijuang@quicinc.com> Link: https://lore.kernel.org/r/20250526-add_qcs615_remoteproc_support-v4-3-06a7d8bed0b5@quicinc.com
Add a simple-mfd representing IMEM on QCS615 and define the PIL relocation info region as its child. The PIL region in IMEM is used to communicate load addresses of remoteproc to post mortem debug tools, so that these tools can collect ramdumps. Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Signed-off-by: Lijuan Gao <quic_lijuang@quicinc.com> Link: https://lore.kernel.org/r/20250526-add_qcs615_remoteproc_support-v4-4-06a7d8bed0b5@quicinc.com
Add nodes for remoteprocs: ADSP and CDSP for QCS615 SoC to enable proper remoteproc functionality. Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Signed-off-by: Lijuan Gao <quic_lijuang@quicinc.com> Link: https://lore.kernel.org/r/20250526-add_qcs615_remoteproc_support-v4-5-06a7d8bed0b5@quicinc.com
Enable all remoteproc nodes on the qcs615-ride board and point to the appropriate firmware files to allow proper functioning of the remote processors. Reviewed-by: Konrad Dybcio <konrad.dybcio@oss.qualcomm.com> Signed-off-by: Lijuan Gao <quic_lijuang@quicinc.com> Link: https://lore.kernel.org/r/20250526-add_qcs615_remoteproc_support-v4-6-06a7d8bed0b5@quicinc.com
Add the global clock controller support for QCS615 SoC. Signed-off-by: Taniya Das <quic_tdas@quicinc.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> Reviewed-by: Imran Shaik <quic_imrashai@quicinc.com>
sgaud-quic
force-pushed
the
qcom-next-staging
branch
from
a247085 to
53ebb58
Compare
sgaud-quic
pushed a commit
that referenced
this pull request
Sep 22, 2025
…l_access() Function copy_from_user() and copy_to_user() may sleep because of page fault, and they cannot be called in spin_lock hold context. Here move function calling of copy_from_user() and copy_to_user() before spinlock context in function kvm_eiointc_ctrl_access(). Otherwise there will be possible warning such as: BUG: sleeping function called from invalid context at include/linux/uaccess.h:192 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 6292, name: qemu-system-loo preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<9000000004c4a554>] copy_process+0x90c/0x1d40 softirqs last enabled at (0): [<9000000004c4a554>] copy_process+0x90c/0x1d40 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 41 UID: 0 PID: 6292 Comm: qemu-system-loo Tainted: G W 6.17.0-rc3+ #31 PREEMPT(full) Tainted: [W]=WARN Stack : 0000000000000076 0000000000000000 9000000004c28264 9000100092ff4000 9000100092ff7b80 9000100092ff7b88 0000000000000000 9000100092ff7cc8 9000100092ff7cc0 9000100092ff7cc0 9000100092ff7a00 0000000000000001 0000000000000001 9000100092ff7b88 947d2f9216a5e8b9 900010008773d880 00000000ffff8b9f fffffffffffffffe 0000000000000ba1 fffffffffffffffe 000000000000003e 900000000825a15b 000010007ad38000 9000100092ff7ec0 0000000000000000 0000000000000000 9000000006f3ac60 9000000007252000 0000000000000000 00007ff746ff2230 0000000000000053 9000200088a021b0 0000555556c9d190 0000000000000000 9000000004c2827c 000055556cfb5f40 00000000000000b0 0000000000000007 0000000000000007 0000000000071c1d Call Trace: [<9000000004c2827c>] show_stack+0x5c/0x180 [<9000000004c20fac>] dump_stack_lvl+0x94/0xe4 [<9000000004c99c7c>] __might_resched+0x26c/0x290 [<9000000004f68968>] __might_fault+0x20/0x88 [<ffff800002311de0>] kvm_eiointc_ctrl_access.isra.0+0x88/0x380 [kvm] [<ffff8000022f8514>] kvm_device_ioctl+0x194/0x290 [kvm] [<900000000506b0d8>] sys_ioctl+0x388/0x1010 [<90000000063ed210>] do_syscall+0xb0/0x2d8 [<9000000004c25ef8>] handle_syscall+0xb8/0x158 Cc: stable@vger.kernel.org Fixes: 1ad7efa ("LoongArch: KVM: Add EIOINTC user mode read and write functions") Signed-off-by: Bibo Mao <maobibo@loongson.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
sgaud-quic
pushed a commit
that referenced
this pull request
Sep 22, 2025
…s_access() Function copy_from_user() and copy_to_user() may sleep because of page fault, and they cannot be called in spin_lock hold context. Here move function calling of copy_from_user() and copy_to_user() before spinlock context in function kvm_eiointc_ctrl_access(). Otherwise there will be possible warning such as: BUG: sleeping function called from invalid context at include/linux/uaccess.h:192 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 6292, name: qemu-system-loo preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<9000000004c4a554>] copy_process+0x90c/0x1d40 softirqs last enabled at (0): [<9000000004c4a554>] copy_process+0x90c/0x1d40 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 41 UID: 0 PID: 6292 Comm: qemu-system-loo Tainted: G W 6.17.0-rc3+ #31 PREEMPT(full) Tainted: [W]=WARN Stack : 0000000000000076 0000000000000000 9000000004c28264 9000100092ff4000 9000100092ff7b80 9000100092ff7b88 0000000000000000 9000100092ff7cc8 9000100092ff7cc0 9000100092ff7cc0 9000100092ff7a00 0000000000000001 0000000000000001 9000100092ff7b88 947d2f9216a5e8b9 900010008773d880 00000000ffff8b9f fffffffffffffffe 0000000000000ba1 fffffffffffffffe 000000000000003e 900000000825a15b 000010007ad38000 9000100092ff7ec0 0000000000000000 0000000000000000 9000000006f3ac60 9000000007252000 0000000000000000 00007ff746ff2230 0000000000000053 9000200088a021b0 0000555556c9d190 0000000000000000 9000000004c2827c 000055556cfb5f40 00000000000000b0 0000000000000007 0000000000000007 0000000000071c1d Call Trace: [<9000000004c2827c>] show_stack+0x5c/0x180 [<9000000004c20fac>] dump_stack_lvl+0x94/0xe4 [<9000000004c99c7c>] __might_resched+0x26c/0x290 [<9000000004f68968>] __might_fault+0x20/0x88 [<ffff800002311de0>] kvm_eiointc_regs_access.isra.0+0x88/0x380 [kvm] [<ffff8000022f8514>] kvm_device_ioctl+0x194/0x290 [kvm] [<900000000506b0d8>] sys_ioctl+0x388/0x1010 [<90000000063ed210>] do_syscall+0xb0/0x2d8 [<9000000004c25ef8>] handle_syscall+0xb8/0x158 Cc: stable@vger.kernel.org Fixes: 1ad7efa ("LoongArch: KVM: Add EIOINTC user mode read and write functions") Signed-off-by: Bibo Mao <maobibo@loongson.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
sgaud-quic
pushed a commit
that referenced
this pull request
Sep 22, 2025
…status_access() Function copy_from_user() and copy_to_user() may sleep because of page fault, and they cannot be called in spin_lock hold context. Here move funtcion calling of copy_from_user() and copy_to_user() out of function kvm_eiointc_sw_status_access(). Otherwise there will be possible warning such as: BUG: sleeping function called from invalid context at include/linux/uaccess.h:192 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 6292, name: qemu-system-loo preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<9000000004c4a554>] copy_process+0x90c/0x1d40 softirqs last enabled at (0): [<9000000004c4a554>] copy_process+0x90c/0x1d40 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 41 UID: 0 PID: 6292 Comm: qemu-system-loo Tainted: G W 6.17.0-rc3+ #31 PREEMPT(full) Tainted: [W]=WARN Stack : 0000000000000076 0000000000000000 9000000004c28264 9000100092ff4000 9000100092ff7b80 9000100092ff7b88 0000000000000000 9000100092ff7cc8 9000100092ff7cc0 9000100092ff7cc0 9000100092ff7a00 0000000000000001 0000000000000001 9000100092ff7b88 947d2f9216a5e8b9 900010008773d880 00000000ffff8b9f fffffffffffffffe 0000000000000ba1 fffffffffffffffe 000000000000003e 900000000825a15b 000010007ad38000 9000100092ff7ec0 0000000000000000 0000000000000000 9000000006f3ac60 9000000007252000 0000000000000000 00007ff746ff2230 0000000000000053 9000200088a021b0 0000555556c9d190 0000000000000000 9000000004c2827c 000055556cfb5f40 00000000000000b0 0000000000000007 0000000000000007 0000000000071c1d Call Trace: [<9000000004c2827c>] show_stack+0x5c/0x180 [<9000000004c20fac>] dump_stack_lvl+0x94/0xe4 [<9000000004c99c7c>] __might_resched+0x26c/0x290 [<9000000004f68968>] __might_fault+0x20/0x88 [<ffff800002311de0>] kvm_eiointc_sw_status_access.isra.0+0x88/0x380 [kvm] [<ffff8000022f8514>] kvm_device_ioctl+0x194/0x290 [kvm] [<900000000506b0d8>] sys_ioctl+0x388/0x1010 [<90000000063ed210>] do_syscall+0xb0/0x2d8 [<9000000004c25ef8>] handle_syscall+0xb8/0x158 Cc: stable@vger.kernel.org Fixes: 1ad7efa ("LoongArch: KVM: Add EIOINTC user mode read and write functions") Signed-off-by: Bibo Mao <maobibo@loongson.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
sgaud-quic
pushed a commit
that referenced
this pull request
Sep 22, 2025
…s_access() Function copy_from_user() and copy_to_user() may sleep because of page fault, and they cannot be called in spin_lock hold context. Here move function calling of copy_from_user() and copy_to_user() out of spinlock context in function kvm_pch_pic_regs_access(). Otherwise there will be possible warning such as: BUG: sleeping function called from invalid context at include/linux/uaccess.h:192 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 6292, name: qemu-system-loo preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 INFO: lockdep is turned off. irq event stamp: 0 hardirqs last enabled at (0): [<0000000000000000>] 0x0 hardirqs last disabled at (0): [<9000000004c4a554>] copy_process+0x90c/0x1d40 softirqs last enabled at (0): [<9000000004c4a554>] copy_process+0x90c/0x1d40 softirqs last disabled at (0): [<0000000000000000>] 0x0 CPU: 41 UID: 0 PID: 6292 Comm: qemu-system-loo Tainted: G W 6.17.0-rc3+ #31 PREEMPT(full) Tainted: [W]=WARN Stack : 0000000000000076 0000000000000000 9000000004c28264 9000100092ff4000 9000100092ff7b80 9000100092ff7b88 0000000000000000 9000100092ff7cc8 9000100092ff7cc0 9000100092ff7cc0 9000100092ff7a00 0000000000000001 0000000000000001 9000100092ff7b88 947d2f9216a5e8b9 900010008773d880 00000000ffff8b9f fffffffffffffffe 0000000000000ba1 fffffffffffffffe 000000000000003e 900000000825a15b 000010007ad38000 9000100092ff7ec0 0000000000000000 0000000000000000 9000000006f3ac60 9000000007252000 0000000000000000 00007ff746ff2230 0000000000000053 9000200088a021b0 0000555556c9d190 0000000000000000 9000000004c2827c 000055556cfb5f40 00000000000000b0 0000000000000007 0000000000000007 0000000000071c1d Call Trace: [<9000000004c2827c>] show_stack+0x5c/0x180 [<9000000004c20fac>] dump_stack_lvl+0x94/0xe4 [<9000000004c99c7c>] __might_resched+0x26c/0x290 [<9000000004f68968>] __might_fault+0x20/0x88 [<ffff800002311de0>] kvm_pch_pic_regs_access.isra.0+0x88/0x380 [kvm] [<ffff8000022f8514>] kvm_device_ioctl+0x194/0x290 [kvm] [<900000000506b0d8>] sys_ioctl+0x388/0x1010 [<90000000063ed210>] do_syscall+0xb0/0x2d8 [<9000000004c25ef8>] handle_syscall+0xb8/0x158 Cc: stable@vger.kernel.org Fixes: d206d95 ("LoongArch: KVM: Add PCHPIC user mode read and write functions") Signed-off-by: Bibo Mao <maobibo@loongson.cn> Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
sgaud-quic
pushed a commit
that referenced
this pull request
Sep 29, 2025
commit 2a6c727 ("cpufreq: Initialize cpufreq-based frequency-invariance later") postponed the frequency invariance initialization to avoid disabling it in the error case. This isn't locking safe, instead move the initialization up before the subsys interface is registered (which will rebuild the sched_domains) and add the corresponding disable on the error path. Observed lockdep without this patch: [ 0.989686] ====================================================== [ 0.989688] WARNING: possible circular locking dependency detected [ 0.989690] 6.17.0-rc4-cix-build+ #31 Tainted: G S [ 0.989691] ------------------------------------------------------ [ 0.989692] swapper/0/1 is trying to acquire lock: [ 0.989693] ffff800082ada7f8 (sched_energy_mutex){+.+.}-{4:4}, at: rebuild_sched_domains_energy+0x30/0x58 [ 0.989705] but task is already holding lock: [ 0.989706] ffff000088c89bc8 (&policy->rwsem){+.+.}-{4:4}, at: cpufreq_online+0x7f8/0xbe0 [ 0.989713] which lock already depends on the new lock. Fixes: 2a6c727 ("cpufreq: Initialize cpufreq-based frequency-invariance later") Signed-off-by: Christian Loehle <christian.loehle@arm.com> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
sgaud-quic
pushed a commit
that referenced
this pull request
Feb 10, 2026
When deassigning a KVM_IRQFD, don't clobber the irqfd's copy of the IRQ's routing entry as doing so breaks kvm_arch_irq_bypass_del_producer() on x86 and arm64, which explicitly look for KVM_IRQ_ROUTING_MSI. Instead, to handle a concurrent routing update, verify that the irqfd is still active before consuming the routing information. As evidenced by the x86 and arm64 bugs, and another bug in kvm_arch_update_irqfd_routing() (see below), clobbering the entry type without notifying arch code is surprising and error prone. As a bonus, checking that the irqfd is active provides a convenient location for documenting _why_ KVM must not consume the routing entry for an irqfd that is in the process of being deassigned: once the irqfd is deleted from the list (which happens *before* the eventfd is detached), it will no longer receive updates via kvm_irq_routing_update(), and so KVM could deliver an event using stale routing information (relative to KVM_SET_GSI_ROUTING returning to userspace). As an even better bonus, explicitly checking for the irqfd being active fixes a similar bug to the one the clobbering is trying to prevent: if an irqfd is deactivated, and then its routing is changed, kvm_irq_routing_update() won't invoke kvm_arch_update_irqfd_routing() (because the irqfd isn't in the list). And so if the irqfd is in bypass mode, IRQs will continue to be posted using the old routing information. As for kvm_arch_irq_bypass_del_producer(), clobbering the routing type results in KVM incorrectly keeping the IRQ in bypass mode, which is especially problematic on AMD as KVM tracks IRQs that are being posted to a vCPU in a list whose lifetime is tied to the irqfd. Without the help of KASAN to detect use-after-free, the most common sympton on AMD is a NULL pointer deref in amd_iommu_update_ga() due to the memory for irqfd structure being re-allocated and zeroed, resulting in irqfd->irq_bypass_data being NULL when read by avic_update_iommu_vcpu_affinity(): BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 40cf2b9067 P4D 40cf2b9067 PUD 408362a067 PMD 0 Oops: Oops: 0000 [#1] SMP CPU: 6 UID: 0 PID: 40383 Comm: vfio_irq_test Tainted: G U W O 6.19.0-smp--5dddc257e6b2-irqfd #31 NONE Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.78.2-0 09/05/2025 RIP: 0010:amd_iommu_update_ga+0x19/0xe0 Call Trace: <TASK> avic_update_iommu_vcpu_affinity+0x3d/0x90 [kvm_amd] __avic_vcpu_load+0xf4/0x130 [kvm_amd] kvm_arch_vcpu_load+0x89/0x210 [kvm] vcpu_load+0x30/0x40 [kvm] kvm_arch_vcpu_ioctl_run+0x45/0x620 [kvm] kvm_vcpu_ioctl+0x571/0x6a0 [kvm] __se_sys_ioctl+0x6d/0xb0 do_syscall_64+0x6f/0x9d0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x46893b </TASK> ---[ end trace 0000000000000000 ]--- If AVIC is inhibited when the irfd is deassigned, the bug will manifest as list corruption, e.g. on the next irqfd assignment. list_add corruption. next->prev should be prev (ffff8d474d5cd588), but was 0000000000000000. (next=ffff8d8658f86530). ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:31! Oops: invalid opcode: 0000 [#1] SMP CPU: 128 UID: 0 PID: 80818 Comm: vfio_irq_test Tainted: G U W O 6.19.0-smp--f19dc4d680ba-irqfd #28 NONE Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.78.2-0 09/05/2025 RIP: 0010:__list_add_valid_or_report+0x97/0xc0 Call Trace: <TASK> avic_pi_update_irte+0x28e/0x2b0 [kvm_amd] kvm_pi_update_irte+0xbf/0x190 [kvm] kvm_arch_irq_bypass_add_producer+0x72/0x90 [kvm] irq_bypass_register_consumer+0xcd/0x170 [irqbypass] kvm_irqfd+0x4c6/0x540 [kvm] kvm_vm_ioctl+0x118/0x5d0 [kvm] __se_sys_ioctl+0x6d/0xb0 do_syscall_64+0x6f/0x9d0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> ---[ end trace 0000000000000000 ]--- On Intel and arm64, the bug is less noisy, as the end result is that the device keeps posting IRQs to the vCPU even after it's been deassigned. Note, the worst of the breakage can be traced back to commit cb21073 ("KVM: Pass new routing entries and irqfd when updating IRTEs"), as before that commit KVM would pull the routing information from the per-VM routing table. But as above, similar bugs have existed since support for IRQ bypass was added. E.g. if a routing change finished before irq_shutdown() invoked kvm_arch_irq_bypass_del_producer(), VMX and SVM would see stale routing information and potentially leave the irqfd in bypass mode. Alternatively, x86 could be fixed by explicitly checking irq_bypass_vcpu instead of irq_entry.type in kvm_arch_irq_bypass_del_producer(), and arm64 could be modified to utilize irq_bypass_vcpu in a similar manner. But (a) that wouldn't fix the routing updates bug, and (b) fixing core code doesn't preclude x86 (or arm64) from adding such code as a sanity check (spoiler alert). Fixes: f70c20a ("KVM: Add an arch specific hooks in 'struct kvm_kernel_irqfd'") Fixes: cb21073 ("KVM: Pass new routing entries and irqfd when updating IRTEs") Fixes: a0d7e2f ("KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs") Cc: stable@vger.kernel.org Cc: Marc Zyngier <maz@kernel.org> Cc: Oliver Upton <oupton@kernel.org> Link: https://patch.msgid.link/20260113174606.104978-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc@google.com>
svankas
pushed a commit
to svankas/kernel
that referenced
this pull request
Feb 16, 2026
commit b4d37cd upstream. When deassigning a KVM_IRQFD, don't clobber the irqfd's copy of the IRQ's routing entry as doing so breaks kvm_arch_irq_bypass_del_producer() on x86 and arm64, which explicitly look for KVM_IRQ_ROUTING_MSI. Instead, to handle a concurrent routing update, verify that the irqfd is still active before consuming the routing information. As evidenced by the x86 and arm64 bugs, and another bug in kvm_arch_update_irqfd_routing() (see below), clobbering the entry type without notifying arch code is surprising and error prone. As a bonus, checking that the irqfd is active provides a convenient location for documenting _why_ KVM must not consume the routing entry for an irqfd that is in the process of being deassigned: once the irqfd is deleted from the list (which happens *before* the eventfd is detached), it will no longer receive updates via kvm_irq_routing_update(), and so KVM could deliver an event using stale routing information (relative to KVM_SET_GSI_ROUTING returning to userspace). As an even better bonus, explicitly checking for the irqfd being active fixes a similar bug to the one the clobbering is trying to prevent: if an irqfd is deactivated, and then its routing is changed, kvm_irq_routing_update() won't invoke kvm_arch_update_irqfd_routing() (because the irqfd isn't in the list). And so if the irqfd is in bypass mode, IRQs will continue to be posted using the old routing information. As for kvm_arch_irq_bypass_del_producer(), clobbering the routing type results in KVM incorrectly keeping the IRQ in bypass mode, which is especially problematic on AMD as KVM tracks IRQs that are being posted to a vCPU in a list whose lifetime is tied to the irqfd. Without the help of KASAN to detect use-after-free, the most common sympton on AMD is a NULL pointer deref in amd_iommu_update_ga() due to the memory for irqfd structure being re-allocated and zeroed, resulting in irqfd->irq_bypass_data being NULL when read by avic_update_iommu_vcpu_affinity(): BUG: kernel NULL pointer dereference, address: 0000000000000018 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 40cf2b9067 P4D 40cf2b9067 PUD 408362a067 PMD 0 Oops: Oops: 0000 [qualcomm-linux#1] SMP CPU: 6 UID: 0 PID: 40383 Comm: vfio_irq_test Tainted: G U W O 6.19.0-smp--5dddc257e6b2-irqfd qualcomm-linux#31 NONE Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.78.2-0 09/05/2025 RIP: 0010:amd_iommu_update_ga+0x19/0xe0 Call Trace: <TASK> avic_update_iommu_vcpu_affinity+0x3d/0x90 [kvm_amd] __avic_vcpu_load+0xf4/0x130 [kvm_amd] kvm_arch_vcpu_load+0x89/0x210 [kvm] vcpu_load+0x30/0x40 [kvm] kvm_arch_vcpu_ioctl_run+0x45/0x620 [kvm] kvm_vcpu_ioctl+0x571/0x6a0 [kvm] __se_sys_ioctl+0x6d/0xb0 do_syscall_64+0x6f/0x9d0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x46893b </TASK> ---[ end trace 0000000000000000 ]--- If AVIC is inhibited when the irfd is deassigned, the bug will manifest as list corruption, e.g. on the next irqfd assignment. list_add corruption. next->prev should be prev (ffff8d474d5cd588), but was 0000000000000000. (next=ffff8d8658f86530). ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:31! Oops: invalid opcode: 0000 [qualcomm-linux#1] SMP CPU: 128 UID: 0 PID: 80818 Comm: vfio_irq_test Tainted: G U W O 6.19.0-smp--f19dc4d680ba-irqfd qualcomm-linux#28 NONE Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.78.2-0 09/05/2025 RIP: 0010:__list_add_valid_or_report+0x97/0xc0 Call Trace: <TASK> avic_pi_update_irte+0x28e/0x2b0 [kvm_amd] kvm_pi_update_irte+0xbf/0x190 [kvm] kvm_arch_irq_bypass_add_producer+0x72/0x90 [kvm] irq_bypass_register_consumer+0xcd/0x170 [irqbypass] kvm_irqfd+0x4c6/0x540 [kvm] kvm_vm_ioctl+0x118/0x5d0 [kvm] __se_sys_ioctl+0x6d/0xb0 do_syscall_64+0x6f/0x9d0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 </TASK> ---[ end trace 0000000000000000 ]--- On Intel and arm64, the bug is less noisy, as the end result is that the device keeps posting IRQs to the vCPU even after it's been deassigned. Note, the worst of the breakage can be traced back to commit cb21073 ("KVM: Pass new routing entries and irqfd when updating IRTEs"), as before that commit KVM would pull the routing information from the per-VM routing table. But as above, similar bugs have existed since support for IRQ bypass was added. E.g. if a routing change finished before irq_shutdown() invoked kvm_arch_irq_bypass_del_producer(), VMX and SVM would see stale routing information and potentially leave the irqfd in bypass mode. Alternatively, x86 could be fixed by explicitly checking irq_bypass_vcpu instead of irq_entry.type in kvm_arch_irq_bypass_del_producer(), and arm64 could be modified to utilize irq_bypass_vcpu in a similar manner. But (a) that wouldn't fix the routing updates bug, and (b) fixing core code doesn't preclude x86 (or arm64) from adding such code as a sanity check (spoiler alert). Fixes: f70c20a ("KVM: Add an arch specific hooks in 'struct kvm_kernel_irqfd'") Fixes: cb21073 ("KVM: Pass new routing entries and irqfd when updating IRTEs") Fixes: a0d7e2f ("KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs") Cc: stable@vger.kernel.org Cc: Marc Zyngier <maz@kernel.org> Cc: Oliver Upton <oupton@kernel.org> Link: https://patch.msgid.link/20260113174606.104978-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Name SHA
tech/bsp/clk d64d8f1
tech/bsp/pinctrl d7e196c
tech/debug/hwtracing efd272e
tech/mm/audio/all a0a1b5c
tech/mm/drm aa742d7
tech/mm/video 8e7bd48
tech/net/ath 5bc89ad
tech/pm/power 1eeed9b
tech/all/dt/qcs6490 e9c1cce
tech/all/dt/qcs9100 de711b0
tech/all/dt/qcs615 9121250
tech/all/config a58db88