Merge drm/drm-fixes into drm-misc-fixes

Getting fixes and updates from v7.1-rc1.

Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de>

Merge drm/drm-fixes into drm-misc-fixes

Tomi needs 7.0 to apply a patch from drm-misc-fixes.

Signed-off-by: Maxime Ripard <mripard@kernel.org>

Merge tag 'v7.0-rc7' into char-misc-next

We need the char/misc/iio/comedi fixes in here as well for testing

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Merge tag 'v7.0-rc4' into togreg

Linux 7.0-rc4

Required for the ds4422 series which is build upon;
5187e03b817c ("iio: dac: ds4424: reject -128 RAW value")

Merge 7.0-rc4 into char-misc-next

We need the char/misc/iio fixes in this branch as well to build on top
of.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Merge branch 'next' into for-linus

Prepare input updates for 7.1 merge window.

Merge tag 'v7.0-rc5' into next

Sync up with mainline to pull in a fix for smb compilation error.

Merge tag 'v7.0-rc3' into next

Sync up with the mainline to brig up the latest changes, specifically
changes to ALPS driver.

Merge branch 'for-7.1-printf-kunit-build' into for-linus

Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

Pull bpf fixes from Alexei Starovoitov:
"Most of the diff stat comes from Xu Kuohai's fix to emit ENDBR/BTI,
since a

Merge tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

Pull bpf fixes from Alexei Starovoitov:
"Most of the diff stat comes from Xu Kuohai's fix to emit ENDBR/BTI,
since all JITs had to be touched to move constant blinding out and
pass bpf_verifier_env in.

- Fix use-after-free in arena_vm_close on fork (Alexei Starovoitov)

- Dissociate struct_ops program with map if map_update fails (Amery
Hung)

- Fix out-of-range and off-by-one bugs in arm64 JIT (Daniel Borkmann)

- Fix precedence bug in convert_bpf_ld_abs alignment check (Daniel
Borkmann)

- Fix arg tracking for imprecise/multi-offset in BPF_ST/STX insns
(Eduard Zingerman)

- Copy token from main to subprogs to fix missing kallsyms (Eduard
Zingerman)

- Prevent double close and leak of btf objects in libbpf (Jiri Olsa)

- Fix af_unix null-ptr-deref in sockmap (Michal Luczaj)

- Fix NULL deref in map_kptr_match_type for scalar regs (Mykyta
Yatsenko)

- Avoid unnecessary IPIs. Remove redundant bpf_flush_icache() in
arm64 and riscv JITs (Puranjay Mohan)

- Fix out of bounds access. Validate node_id in arena_alloc_pages()
(Puranjay Mohan)

- Reject BPF-to-BPF calls and callbacks in arm32 JIT (Puranjay Mohan)

- Refactor all JITs to pass bpf_verifier_env to emit ENDBR/BTI for
indirect jump targets on x86-64, arm64 JITs (Xu Kuohai)

- Allow UTF-8 literals in bpf_bprintf_prepare() (Yihan Ding)"

* tag 'bpf-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf: (32 commits)
bpf, arm32: Reject BPF-to-BPF calls and callbacks in the JIT
bpf: Dissociate struct_ops program with map if map_update fails
bpf: Validate node_id in arena_alloc_pages()
libbpf: Prevent double close and leak of btf objects
selftests/bpf: cover UTF-8 trace_printk output
bpf: allow UTF-8 literals in bpf_bprintf_prepare()
selftests/bpf: Reject scalar store into kptr slot
bpf: Fix NULL deref in map_kptr_match_type for scalar regs
bpf: Fix precedence bug in convert_bpf_ld_abs alignment check
bpf, arm64: Emit BTI for indirect jump target
bpf, x86: Emit ENDBR for indirect jump targets
bpf: Add helper to detect indirect jump targets
bpf: Pass bpf_verifier_env to JIT
bpf: Move constants blinding out of arch-specific JITs
bpf, sockmap: Take state lock for af_unix iter
bpf, sockmap: Fix af_unix null-ptr-deref in proto update
selftests/bpf: Extend bpf_iter_unix to attempt deadlocking
bpf, sockmap: Fix af_unix iter deadlock
bpf, sockmap: Annotate af_unix sock:: Sk_state data-races
selftests/bpf: verify kallsyms entries for token-loaded subprograms
...

show more ...

Merge branch 'for-7.1/winwing' into for-linus

- support for rubmle effects in winwing driver (Ivan Gorinov)

Merge branch 'for-7.1/core-v2' into for-linus

- fixed handling of 0-sized reports (Dmitry Torokhov)
- convert core code to __free() (Dmitry Torokhov)
- support for multiple batteries per HID device

Merge branch 'for-7.1/core-v2' into for-linus

- fixed handling of 0-sized reports (Dmitry Torokhov)
- convert core code to __free() (Dmitry Torokhov)
- support for multiple batteries per HID device (Lucas Zampieri)

show more ...

Merge tag 'v7.0-rc6' into perf-tools

To get the latest updates and fixes.

Signed-off-by: Namhyung Kim <namhyung@kernel.org>

Merge branch 'bpf-copy-bpf-token-from-main-program-to-subprograms'

Eduard Zingerman says:

====================
bpf: copy BPF token from main program to subprograms

bpf_jit_subprogs() omits aux->to

Merge branch 'bpf-copy-bpf-token-from-main-program-to-subprograms'

Eduard Zingerman says:

====================
bpf: copy BPF token from main program to subprograms

bpf_jit_subprogs() omits aux->token when it creates a struct
bpf_prog_aux instances for a subprograms.
This means that for programs loaded via BPF token (i.e., from a
non-init user namespace), subprograms fail the bpf_token_capable()
check in bpf_prog_kallsyms_add() and don't appear in /proc/kallsyms.
Which in-turn makes it impossible to freplace such subprograms.

Changelog:
v3 -> v4:
- check sysctl_set calls for errors (sashiko).
v2 -> v3:
- mark selftest as serial (sashiko).
v1 -> v2:
- target bpf-next tree (fixups.c) instead of bpf tree (verifier.c).

v1: https://lore.kernel.org/bpf/20260414-subprog-token-fix-v1-0-5b1a38e01546@gmail.com/T/
v2: https://lore.kernel.org/bpf/20260414-subprog-token-fix-v2-0-59146c31f6f1@gmail.com/T/
v3: https://lore.kernel.org/bpf/20260415-subprog-token-fix-v3-0-6fefe1d51646@gmail.com/T/
====================

Link: https://patch.msgid.link/20260415-subprog-token-fix-v4-0-9bd000e8b068@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

show more ...

selftests/bpf: verify kallsyms entries for token-loaded subprograms

Add a test that loads an XDP program with a global subprogram using a
BPF token from a user namespace, then verifies that both the

selftests/bpf: verify kallsyms entries for token-loaded subprograms

Add a test that loads an XDP program with a global subprogram using a
BPF token from a user namespace, then verifies that both the main
program and the subprogram appear in /proc/kallsyms.

This exercises the bpf_prog_kallsyms_add() path for subprograms and
would have caught the missing aux->token copy in bpf_jit_subprogs().

load_kallsyms_local() filters out kallsyms with zero addresses.
For a process with limited capabilities to read kallsym addresses the
following sysctl variables have to be set to zero:
- /proc/sys/kernel/perf_event_paranoid
- /proc/sys/kernel/kptr_restrict
Set these variables using sysctl_set() utility function extracted from
unpriv_bpf_disabled.c to a separate c/header.
Since the test modifies global system state, mark it as serial.

Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20260415-subprog-token-fix-v4-2-9bd000e8b068@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

show more ...

Merge tag 'bpf-next-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

Pull bpf updates from Alexei Starovoitov:

- Welcome new BPF maintainers: Kumar Kartikeya Dwivedi, Eduard
Z

Merge tag 'bpf-next-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

Pull bpf updates from Alexei Starovoitov:

- Welcome new BPF maintainers: Kumar Kartikeya Dwivedi, Eduard
Zingerman while Martin KaFai Lau reduced his load to Reviwer.

- Lots of fixes everywhere from many first time contributors. Thank you
All.

- Diff stat is dominated by mechanical split of verifier.c into
multiple components:

- backtrack.c: backtracking logic and jump history
- states.c: state equivalence
- cfg.c: control flow graph, postorder, strongly connected
components
- liveness.c: register and stack liveness
- fixups.c: post-verification passes: instruction patching, dead
code removal, bpf_loop inlining, finalize fastcall

8k line were moved. verifier.c still stands at 20k lines.

Further refactoring is planned for the next release.

- Replace dynamic stack liveness with static stack liveness based on
data flow analysis.

This improved the verification time by 2x for some programs and
equally reduced memory consumption. New logic is in liveness.c and
supported by constant folding in const_fold.c (Eduard Zingerman,
Alexei Starovoitov)

- Introduce BTF layout to ease addition of new BTF kinds (Alan Maguire)

- Use kmalloc_nolock() universally in BPF local storage (Amery Hung)

- Fix several bugs in linked registers delta tracking (Daniel Borkmann)

- Improve verifier support of arena pointers (Emil Tsalapatis)

- Improve verifier tracking of register bounds in min/max and tnum
domains (Harishankar Vishwanathan, Paul Chaignon, Hao Sun)

- Further extend support for implicit arguments in the verifier (Ihor
Solodrai)

- Add support for nop,nop5 instruction combo for USDT probes in libbpf
(Jiri Olsa)

- Support merging multiple module BTFs (Josef Bacik)

- Extend applicability of bpf_kptr_xchg (Kaitao Cheng)

- Retire rcu_trace_implies_rcu_gp() (Kumar Kartikeya Dwivedi)

- Support variable offset context access for 'syscall' programs (Kumar
Kartikeya Dwivedi)

- Migrate bpf_task_work and dynptr to kmalloc_nolock() (Mykyta
Yatsenko)

- Fix UAF in in open-coded task_vma iterator (Puranjay Mohan)

* tag 'bpf-next-7.1' of git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next: (241 commits)
selftests/bpf: cover short IPv4/IPv6 inputs with adjust_room
bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb
selftests/bpf: Use memfd_create instead of shm_open in cgroup_iter_memcg
selftests/bpf: Add test for cgroup storage OOB read
bpf: Fix OOB in pcpu_init_value
selftests/bpf: Fix reg_bounds to match new tnum-based refinement
selftests/bpf: Add tests for non-arena/arena operations
bpf: Allow instructions with arena source and non-arena dest registers
bpftool: add missing fsession to the usage and docs of bpftool
docs/bpf: add missing fsession attach type to docs
bpf: add missing fsession to the verifier log
bpf: Move BTF checking logic into check_btf.c
bpf: Move backtracking logic to backtrack.c
bpf: Move state equivalence logic to states.c
bpf: Move check_cfg() into cfg.c
bpf: Move compute_insn_live_regs() into liveness.c
bpf: Move fixup/post-processing logic from verifier.c into fixups.c
bpf: Simplify do_check_insn()
bpf: Move checks for reserved fields out of the main pass
bpf: Delete unused variable
...

show more ...

Merge tag 'modules-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux

Pull module updates from Sami Tolvanen:
"Kernel symbol flags:

- Replace the separate *_gpl symbol sect

Merge tag 'modules-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux

Pull module updates from Sami Tolvanen:
"Kernel symbol flags:

- Replace the separate *_gpl symbol sections (__ksymtab_gpl and
__kcrctab_gpl) with a unified symbol table and a new __kflagstab
section.

This section stores symbol flags, such as the GPL-only flag, as an
8-bit bitset for each exported symbol. This is a cleanup that
simplifies symbol lookup in the module loader by avoiding table
fragmentation and will allow a cleaner way to add more flags later
if needed.

Module signature UAPI:

- Move struct module_signature to the UAPI headers to allow reuse by
tools outside the kernel proper, such as kmod and
scripts/sign-file.

This also renames a few constants for clarity and drops unused
signature types as preparation for hash-based module integrity
checking work that's in progress.

Sysfs:

- Add a /sys/module/<module>/import_ns sysfs attribute to show the
symbol namespaces imported by loaded modules.

This makes it easier to verify driver API access at runtime on
systems that care about such things (e.g. Android).

Cleanups and fixes:

- Force sh_addr to 0 for all sections in module.lds. This prevents
non-zero section addresses when linking modules with 'ld.bfd -r',
which confused elfutils.

- Fix a memory leak of charp module parameters on module unload when
the kernel is configured with CONFIG_SYSFS=n.

- Override the -EEXIST error code returned by module_init() to
userspace. This prevents confusion with the errno reserved by the
module loader to indicate that a module is already loaded.

- Simplify the warning message and drop the stack dump on positive
returns from module_init().

- Drop unnecessary extern keywords from function declarations and
synchronize parse_args() arguments with their implementation"

* tag 'modules-7.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/modules/linux: (23 commits)
module: Simplify warning on positive returns from module_init()
module: Override -EEXIST module return
documentation: remove references to *_gpl sections
module: remove *_gpl sections from vmlinux and modules
module: deprecate usage of *_gpl sections in module loader
module: use kflagstab instead of *_gpl sections
module: populate kflagstab in modpost
module: add kflagstab section to vmlinux and modules
module: define ksym_flags enumeration to represent kernel symbol flags
selftests/bpf: verify_pkcs7_sig: Use 'struct module_signature' from the UAPI headers
sign-file: use 'struct module_signature' from the UAPI headers
tools uapi headers: add linux/module_signature.h
module: Move 'struct module_signature' to UAPI
module: Give MODULE_SIG_STRING a more descriptive name
module: Give 'enum pkey_id_type' a more specific name
module: Drop unused signature types
extract-cert: drop unused definition of PKEY_ID_PKCS7
docs: symbol-namespaces: mention sysfs attribute
module: expose imported namespaces via sysfs
module: Remove extern keyword from param prototypes
...

show more ...

Merge branch 'timers/urgent' into timers/core

to resolve the conflict with urgent fixes.

Merge tag 'rust-timekeeping-for-v7.1' of https://github.com/Rust-for-Linux/linux into rust-next

Pull timekeeping updates from Andreas Hindborg:

- Expand the example section in the 'HrTimer' docume

Merge tag 'rust-timekeeping-for-v7.1' of https://github.com/Rust-for-Linux/linux into rust-next

Pull timekeeping updates from Andreas Hindborg:

- Expand the example section in the 'HrTimer' documentation.

- Mark the 'ClockSource' trait as unsafe to ensure valid values for
'ktime_get()'.

- Add 'Delta::from_nanos()'.

This is a back merge since the pull request has a newer base -- we will
avoid that in the future.

And, given it is a back merge, it happens to resolve the "subtle" conflict
around '--remap-path-{prefix,scope}' that I discussed in linux-next [1],
plus a few other common conflicts. The result matches what we did for
next-20260407.

The actual diffstat (i.e. using a temporary merge of upstream first) is:

rust/kernel/time.rs | 32 ++++-
rust/kernel/time/hrtimer.rs | 336 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 362 insertions(+), 6 deletions(-)

Link: https://lore.kernel.org/linux-next/CANiq72kdxB=W3_CV1U44oOK3SssztPo2wLDZt6LP94TEO+Kj4g@mail.gmail.com/ [1]

* tag 'rust-timekeeping-for-v7.1' of https://github.com/Rust-for-Linux/linux:
hrtimer: add usage examples to documentation
rust: time: make ClockSource unsafe trait
rust/time: Add Delta::from_nanos()

show more ...

Merge tag 'v7.0-rc7' into usb-next

We need the USB fixes in here to build on and for testing

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Merge tag 'v7.0-rc6' into irq/core

to be able to merge the hyper-v patch related to randomness.

Merge branch 'sched/urgent' into sched/core, to resolve conflicts

The following fix in sched/urgent:

e08d007f9d81 ("sched/debug: Fix avg_vruntime() usage")

is in conflict with this pending commi

Merge branch 'sched/urgent' into sched/core, to resolve conflicts

The following fix in sched/urgent:

e08d007f9d81 ("sched/debug: Fix avg_vruntime() usage")

is in conflict with this pending commit in sched/core:

4823725d9d1d ("sched/fair: Increase weight bits for avg_vruntime")

Both modify the same variable definition and initialization blocks,
resolve it by merging the two.

Conflicts:
kernel/sched/debug.c

Signed-off-by: Ingo Molnar <mingo@kernel.org>

show more ...

Merge branch 'for-linus' into for-next

Pull 7.0 devel branch for further cleanups of ctxfi driver & co.

Signed-off-by: Takashi Iwai <tiwai@suse.de>

BackMerge tag 'v7.0-rc6' into drm-next

Linux 7.0-rc6

Requested by a few people on irc to resolve conflicts in other tress.

Signed-off-by: Dave Airlie <airlied@redhat.com>

Merge branch 'master' into rdma-next

Let's bring v7.0-rc6 to the -next branch, so we can merge the DMA
attributes fix [1] without merge conflicts.

[1] https://lore.kernel.org/all/20260323-umem-dma-

Merge branch 'master' into rdma-next

Let's bring v7.0-rc6 to the -next branch, so we can merge the DMA
attributes fix [1] without merge conflicts.

[1] https://lore.kernel.org/all/20260323-umem-dma-attrs-v1-1-d6890f2e6a1e@nvidia.com

Signed-off-by: Leon Romanovsky <leon@kernel.org>

* master: (1688 commits)
Linux 7.0-rc6
...

show more ...