Hi all,

Self-review (with Sashiko AI assist) caught eight real issues in v1
before maintainer review reached them; re-rolling promptly. v1:

  https://lore.kernel.org/linux-arm-msm/cover.1780148149.git.github.com@herrie.org/

v2 changes:

  - PREEMPT_RT: drop the syscon regmap and ioremap the vMPM sub-region
    of the RPM control block directly. The IRQ core invokes the
    irqchip mask/unmask/set_type/set_wake callbacks with the irq_desc
    raw_spinlock_t held, and syscon regmaps use a sleepable
    spinlock_t that becomes an rt_mutex on PREEMPT_RT. Direct MMIO
    (readl_relaxed/writel_relaxed) is what every other SoC irqchip
    in tree does for the same reason (qcom-pdc, gic-v3, ...).

  - RPM doorbell: after every vMPM register write, send a message
    through the qcom-apcs-ipc mailbox. v1 acquired the mailbox
    channel but never used it, so the RPM kept running with its
    cached enable / detect / polarity state and our configuration
    changes had no effect.

  - Teardown order: v1 used devm_request_irq() and then called
    irq_domain_remove() manually in ->remove(); the devres-managed
    handler outlives the domain, so an IRQ arriving in the removal
    window would dereference a freed domain. Switch to plain
    request_irq() / free_irq() and remove in strict reverse-init
    order (free_irq, free mailbox, irq_domain_remove).

  - .irq_set_wake: implement it (toggle the MPM enable bit + delegate
    to irq_chip_set_wake_parent for the GIC) and drop
    IRQCHIP_SKIP_SET_WAKE. v1 declared SKIP and provided no
    callback, so enable_irq_wake() was a silent no-op for every
    consumer.

  - Clear-before-dispatch: in the IPC IRQ handler, write CLEAR for
    the pending bits before calling generic_handle_domain_irq() for
    each pin. v1 cleared after the handler returned, racing against
    a fresh edge latched during dispatch and silently dropping it.

  - DT pin-map bounds check: validate each qcom,mpm-pin-map pin
    entry against MSM8660_MPM_PIN_COUNT before storing it, so a
    malformed DT cannot induce out-of-bounds register accesses in
    later set_type/enable paths.

  - Consumer API lifetime: msm8660_mpm_get() now takes a consumer
    device argument and establishes a DL_FLAG_AUTOREMOVE_CONSUMER
    device link to the MPM device. Without this, an unbind of the
    MPM driver would free the devres-managed struct while consumers
    still hold pointers, causing UAF on the next call.

  - regmap_read return check: moot now that we use readl_relaxed,
    but the original Sashiko finding (uninitialised val on regmap
    error) is closed.

DT binding: drop qcom,rpm-syscon and qcom,mpm-offset; replace with a
single reg property pointing at the vMPM window inside the RPM
control block. dt_binding_check passes on the example.

Driver passes checkpatch with zero warnings or errors.

Thanks,
Herman

Herman van Hazendonk (2):
  dt-bindings: interrupt-controller: qcom: add msm8660-mpm
  irqchip: add MSM8x60 MPM wakeup interrupt controller driver

 .../qcom,msm8660-mpm.yaml                     | 122 +++
 drivers/irqchip/Kconfig                       |  23 +
 drivers/irqchip/Makefile                      |   1 +
 drivers/irqchip/irq-msm8660-mpm.c             | 740 ++++++++++++++++++
 include/soc/qcom/msm8660-mpm.h                |  83 ++
 5 files changed, 969 insertions(+)
 create mode 100644 Documentation/devicetree/bindings/interrupt-controller/qcom,msm8660-mpm.yaml
 create mode 100644 drivers/irqchip/irq-msm8660-mpm.c
 create mode 100644 include/soc/qcom/msm8660-mpm.h

-- 
2.43.0