--- /dev/null
+From 6cf18e6927c0b224f972e3042fb85770d63cb9f8 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 15 Feb 2017 11:11:51 +0100
+Subject: goldfish: Sanitize the broken interrupt handler
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 6cf18e6927c0b224f972e3042fb85770d63cb9f8 upstream.
+
+This interrupt handler is broken in several ways:
+
+ - It loops forever when the op code is not decodeable
+
+ - It never returns IRQ_HANDLED because the only way to exit the loop
+ returns IRQ_NONE unconditionally.
+
+The whole concept of this is broken. Creating devices in an interrupt
+handler is beyond any point of sanity.
+
+Make it at least behave halfways sane so accidental users do not have to
+deal with a hard to debug lockup.
+
+Fixes: e809c22b8fb028 ("goldfish: add the goldfish virtual bus")
+Reported-by: Gabriel C <nix.or.die@gmail.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/platform/goldfish/pdev_bus.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+--- a/drivers/platform/goldfish/pdev_bus.c
++++ b/drivers/platform/goldfish/pdev_bus.c
+@@ -157,23 +157,26 @@ static int goldfish_new_pdev(void)
+ static irqreturn_t goldfish_pdev_bus_interrupt(int irq, void *dev_id)
+ {
+ irqreturn_t ret = IRQ_NONE;
++
+ while (1) {
+ u32 op = readl(pdev_bus_base + PDEV_BUS_OP);
+- switch (op) {
+- case PDEV_BUS_OP_DONE:
+- return IRQ_NONE;
+
++ switch (op) {
+ case PDEV_BUS_OP_REMOVE_DEV:
+ goldfish_pdev_remove();
++ ret = IRQ_HANDLED;
+ break;
+
+ case PDEV_BUS_OP_ADD_DEV:
+ goldfish_new_pdev();
++ ret = IRQ_HANDLED;
+ break;
++
++ case PDEV_BUS_OP_DONE:
++ default:
++ return ret;
+ }
+- ret = IRQ_HANDLED;
+ }
+- return ret;
+ }
+
+ static int goldfish_pdev_bus_probe(struct platform_device *pdev)
irda-fix-lockdep-annotations-in-hashbin_delete.patch
ip-fix-ip_checksum-handling.patch
net-socket-fix-recvmmsg-not-returning-error-from-sock_error.patch
+tty-serial-msm-fix-module-autoload.patch
+usb-serial-mos7840-fix-another-null-deref-at-open.patch
+usb-serial-cp210x-add-new-ids-for-ge-bx50v3-boards.patch
+usb-serial-ftdi_sio-fix-modem-status-error-handling.patch
+usb-serial-ftdi_sio-fix-extreme-low-latency-setting.patch
+usb-serial-ftdi_sio-fix-line-status-over-reporting.patch
+usb-serial-digi_acceleport-fix-oob-data-sanity-check.patch
+usb-serial-spcp8x5-fix-modem-status-handling.patch
+usb-serial-opticon-fix-cts-retrieval-at-open.patch
+usb-serial-ark3116-fix-register-accessor-error-handling.patch
+x86-platform-goldfish-prevent-unconditional-loading.patch
+goldfish-sanitize-the-broken-interrupt-handler.patch
--- /dev/null
+From abe81f3b8ed2996e1712d26d38ff6b73f582c616 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javier@osg.samsung.com>
+Date: Mon, 2 Jan 2017 11:57:20 -0300
+Subject: tty: serial: msm: Fix module autoload
+
+From: Javier Martinez Canillas <javier@osg.samsung.com>
+
+commit abe81f3b8ed2996e1712d26d38ff6b73f582c616 upstream.
+
+If the driver is built as a module, autoload won't work because the module
+alias information is not filled. So user-space can't match the registered
+device with the corresponding module.
+
+Export the module alias information using the MODULE_DEVICE_TABLE() macro.
+
+Before this patch:
+
+$ modinfo drivers/tty/serial/msm_serial.ko | grep alias
+$
+
+After this patch:
+
+$ modinfo drivers/tty/serial/msm_serial.ko | grep alias
+alias: of:N*T*Cqcom,msm-uartdmC*
+alias: of:N*T*Cqcom,msm-uartdm
+alias: of:N*T*Cqcom,msm-uartC*
+alias: of:N*T*Cqcom,msm-uart
+
+Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
+Acked-by: Bjorn Andersson <bjorn.andersson@linaro.org>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/serial/msm_serial.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/tty/serial/msm_serial.c
++++ b/drivers/tty/serial/msm_serial.c
+@@ -1615,6 +1615,7 @@ static const struct of_device_id msm_mat
+ { .compatible = "qcom,msm-uartdm" },
+ {}
+ };
++MODULE_DEVICE_TABLE(of, msm_match_table);
+
+ static struct platform_driver msm_platform_driver = {
+ .remove = msm_serial_remove,
--- /dev/null
+From 9fef37d7cf170522fb354d6d0ea6de09b9b16678 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Thu, 12 Jan 2017 14:56:09 +0100
+Subject: USB: serial: ark3116: fix register-accessor error handling
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 9fef37d7cf170522fb354d6d0ea6de09b9b16678 upstream.
+
+The current implementation failed to detect short transfers, something
+which could lead to bits of the uninitialised heap transfer buffer
+leaking to user space.
+
+Fixes: 149fc791a452 ("USB: ark3116: Setup some basic infrastructure for new ark3116 driver.")
+Fixes: f4c1e8d597d1 ("USB: ark3116: Make existing functions 16450-aware and add close and release functions.")
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ark3116.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+--- a/drivers/usb/serial/ark3116.c
++++ b/drivers/usb/serial/ark3116.c
+@@ -99,10 +99,17 @@ static int ark3116_read_reg(struct usb_s
+ usb_rcvctrlpipe(serial->dev, 0),
+ 0xfe, 0xc0, 0, reg,
+ buf, 1, ARK_TIMEOUT);
+- if (result < 0)
++ if (result < 1) {
++ dev_err(&serial->interface->dev,
++ "failed to read register %u: %d\n",
++ reg, result);
++ if (result >= 0)
++ result = -EIO;
++
+ return result;
+- else
+- return buf[0];
++ }
++
++ return buf[0];
+ }
+
+ static inline int calc_divisor(int bps)
--- /dev/null
+From 9a593656def0dc2f6c227851e8e602077267a5f1 Mon Sep 17 00:00:00 2001
+From: Ken Lin <yungching0725@gmail.com>
+Date: Sat, 4 Feb 2017 04:00:24 +0800
+Subject: USB: serial: cp210x: add new IDs for GE Bx50v3 boards
+
+From: Ken Lin <yungching0725@gmail.com>
+
+commit 9a593656def0dc2f6c227851e8e602077267a5f1 upstream.
+
+Add new USB IDs for cp2104/5 devices on Bx50v3 boards due to the design
+change.
+
+Signed-off-by: Ken Lin <yungching0725@gmail.com>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/cp210x.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/usb/serial/cp210x.c
++++ b/drivers/usb/serial/cp210x.c
+@@ -171,6 +171,8 @@ static const struct usb_device_id id_tab
+ { USB_DEVICE(0x1901, 0x0190) }, /* GE B850 CP2105 Recorder interface */
+ { USB_DEVICE(0x1901, 0x0193) }, /* GE B650 CP2104 PMC interface */
+ { USB_DEVICE(0x1901, 0x0194) }, /* GE Healthcare Remote Alarm Box */
++ { USB_DEVICE(0x1901, 0x0195) }, /* GE B850/B650/B450 CP2104 DP UART interface */
++ { USB_DEVICE(0x1901, 0x0196) }, /* GE B850 CP2105 DP UART interface */
+ { USB_DEVICE(0x19CF, 0x3000) }, /* Parrot NMEA GPS Flight Recorder */
+ { USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */
+ { USB_DEVICE(0x1B1C, 0x1C00) }, /* Corsair USB Dongle */
--- /dev/null
+From 2d380889215fe20b8523345649dee0579821800c Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Tue, 31 Jan 2017 17:17:27 +0100
+Subject: USB: serial: digi_acceleport: fix OOB data sanity check
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 2d380889215fe20b8523345649dee0579821800c upstream.
+
+Make sure to check for short transfers to avoid underflow in a loop
+condition when parsing the receive buffer.
+
+Also fix an off-by-one error in the incomplete sanity check which could
+lead to invalid data being parsed.
+
+Fixes: 8c209e6782ca ("USB: make actual_length in struct urb field u32")
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/digi_acceleport.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+--- a/drivers/usb/serial/digi_acceleport.c
++++ b/drivers/usb/serial/digi_acceleport.c
+@@ -1483,16 +1483,20 @@ static int digi_read_oob_callback(struct
+ struct usb_serial *serial = port->serial;
+ struct tty_struct *tty;
+ struct digi_port *priv = usb_get_serial_port_data(port);
++ unsigned char *buf = urb->transfer_buffer;
+ int opcode, line, status, val;
+ int i;
+ unsigned int rts;
+
++ if (urb->actual_length < 4)
++ return -1;
++
+ /* handle each oob command */
+- for (i = 0; i < urb->actual_length - 3;) {
+- opcode = ((unsigned char *)urb->transfer_buffer)[i++];
+- line = ((unsigned char *)urb->transfer_buffer)[i++];
+- status = ((unsigned char *)urb->transfer_buffer)[i++];
+- val = ((unsigned char *)urb->transfer_buffer)[i++];
++ for (i = 0; i < urb->actual_length - 4; i += 4) {
++ opcode = buf[i];
++ line = buf[i + 1];
++ status = buf[i + 2];
++ val = buf[i + 3];
+
+ dev_dbg(&port->dev, "digi_read_oob_callback: opcode=%d, line=%d, status=%d, val=%d\n",
+ opcode, line, status, val);
--- /dev/null
+From c6dce2626606ef16434802989466636bc28c1419 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Wed, 25 Jan 2017 15:35:20 +0100
+Subject: USB: serial: ftdi_sio: fix extreme low-latency setting
+
+From: Johan Hovold <johan@kernel.org>
+
+commit c6dce2626606ef16434802989466636bc28c1419 upstream.
+
+Since commit 557aaa7ffab6 ("ft232: support the ASYNC_LOW_LATENCY
+flag") the FTDI driver has been using a receive latency-timer value of
+1 ms instead of the device default of 16 ms.
+
+The latency timer is used to periodically empty a non-full receive
+buffer, but a status header is always sent when the timer expires
+including when the buffer is empty. This means that a two-byte bulk
+message is received every millisecond also for an otherwise idle port as
+long as it is open.
+
+Let's restore the pre-2009 behaviour which reduces the rate of the
+status messages to 1/16th (e.g. interrupt frequency drops from 1 kHz to
+62.5 Hz) by not setting ASYNC_LOW_LATENCY by default.
+
+Anyone willing to pay the price for the minimum-latency behaviour should
+set the flag explicitly instead using the TIOCSSERIAL ioctl or a tool
+such as setserial (e.g. setserial /dev/ttyUSB0 low_latency).
+
+Note that since commit 0cbd81a9f6ba ("USB: ftdi_sio: remove
+tty->low_latency") the ASYNC_LOW_LATENCY flag has no other effects but
+to set a minimal latency timer.
+
+Reported-by: Antoine Aubert <a.aubert@overkiz.com>
+Fixes: 557aaa7ffab6 ("ft232: support the ASYNC_LOW_LATENCY flag")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ftdi_sio.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -1807,8 +1807,6 @@ static int ftdi_sio_port_probe(struct us
+
+ mutex_init(&priv->cfg_lock);
+
+- priv->flags = ASYNC_LOW_LATENCY;
+-
+ if (quirk && quirk->port_probe)
+ quirk->port_probe(priv);
+
--- /dev/null
+From a6bb1e17a39818b01b55d8e6238b4b5f06d55038 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Thu, 2 Feb 2017 17:38:35 +0100
+Subject: USB: serial: ftdi_sio: fix line-status over-reporting
+
+From: Johan Hovold <johan@kernel.org>
+
+commit a6bb1e17a39818b01b55d8e6238b4b5f06d55038 upstream.
+
+FTDI devices use a receive latency timer to periodically empty the
+receive buffer and report modem and line status (also when the buffer is
+empty).
+
+When a break or error condition is detected the corresponding status
+flags will be set on a packet with nonzero data payload and the flags
+are not updated until the break is over or further characters are
+received.
+
+In order to avoid over-reporting break and error conditions, these flags
+must therefore only be processed for packets with payload.
+
+This specifically fixes the case where after an overrun, the error
+condition is continuously reported and NULL-characters inserted until
+further data is received.
+
+Reported-by: Michael Walle <michael@walle.cc>
+Fixes: 72fda3ca6fc1 ("USB: serial: ftd_sio: implement sysrq handling on
+break")
+Fixes: 166ceb690750 ("USB: ftdi_sio: clean up line-status handling")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ftdi_sio.c | 23 ++++++++++++++---------
+ 1 file changed, 14 insertions(+), 9 deletions(-)
+
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -2070,6 +2070,20 @@ static int ftdi_process_packet(struct us
+ priv->prev_status = status;
+ }
+
++ /* save if the transmitter is empty or not */
++ if (packet[1] & FTDI_RS_TEMT)
++ priv->transmit_empty = 1;
++ else
++ priv->transmit_empty = 0;
++
++ len -= 2;
++ if (!len)
++ return 0; /* status only */
++
++ /*
++ * Break and error status must only be processed for packets with
++ * data payload to avoid over-reporting.
++ */
+ flag = TTY_NORMAL;
+ if (packet[1] & FTDI_RS_ERR_MASK) {
+ /* Break takes precedence over parity, which takes precedence
+@@ -2092,15 +2106,6 @@ static int ftdi_process_packet(struct us
+ }
+ }
+
+- /* save if the transmitter is empty or not */
+- if (packet[1] & FTDI_RS_TEMT)
+- priv->transmit_empty = 1;
+- else
+- priv->transmit_empty = 0;
+-
+- len -= 2;
+- if (!len)
+- return 0; /* status only */
+ port->icount.rx += len;
+ ch = packet + 2;
+
--- /dev/null
+From 427c3a95e3e29e65f59d99aaf320d7506f3eed57 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Thu, 12 Jan 2017 14:56:11 +0100
+Subject: USB: serial: ftdi_sio: fix modem-status error handling
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 427c3a95e3e29e65f59d99aaf320d7506f3eed57 upstream.
+
+Make sure to detect short responses when fetching the modem status in
+order to avoid parsing uninitialised buffer data and having bits of it
+leak to user space.
+
+Note that we still allow for short 1-byte responses.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ftdi_sio.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -2433,8 +2433,12 @@ static int ftdi_get_modem_status(struct
+ FTDI_SIO_GET_MODEM_STATUS_REQUEST_TYPE,
+ 0, priv->interface,
+ buf, len, WDR_TIMEOUT);
+- if (ret < 0) {
++
++ /* NOTE: We allow short responses and handle that below. */
++ if (ret < 1) {
+ dev_err(&port->dev, "failed to get modem status: %d\n", ret);
++ if (ret >= 0)
++ ret = -EIO;
+ ret = usb_translate_errors(ret);
+ goto out;
+ }
--- /dev/null
+From 5182c2cf2a9bfb7f066ef0bdd2bb6330b94dd74e Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Thu, 9 Feb 2017 12:11:41 +0100
+Subject: USB: serial: mos7840: fix another NULL-deref at open
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 5182c2cf2a9bfb7f066ef0bdd2bb6330b94dd74e upstream.
+
+Fix another NULL-pointer dereference at open should a malicious device
+lack an interrupt-in endpoint.
+
+Note that the driver has a broken check for an interrupt-in endpoint
+which means that an interrupt URB has never even been submitted.
+
+Fixes: 3f5429746d91 ("USB: Moschip 7840 USB-Serial Driver")
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/mos7840.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/serial/mos7840.c
++++ b/drivers/usb/serial/mos7840.c
+@@ -1024,6 +1024,7 @@ static int mos7840_open(struct tty_struc
+ * (can't set it up in mos7840_startup as the structures *
+ * were not set up at that time.) */
+ if (port0->open_ports == 1) {
++ /* FIXME: Buffer never NULL, so URB is not submitted. */
+ if (serial->port[0]->interrupt_in_buffer == NULL) {
+ /* set up interrupt urb */
+ usb_fill_int_urb(serial->port[0]->interrupt_in_urb,
+@@ -2119,7 +2120,8 @@ static int mos7840_calc_num_ports(struct
+ static int mos7840_attach(struct usb_serial *serial)
+ {
+ if (serial->num_bulk_in < serial->num_ports ||
+- serial->num_bulk_out < serial->num_ports) {
++ serial->num_bulk_out < serial->num_ports ||
++ serial->num_interrupt_in < 1) {
+ dev_err(&serial->interface->dev, "missing endpoints\n");
+ return -ENODEV;
+ }
--- /dev/null
+From 2eee05020a0e7ee7c04422cbacdb07859e45dce6 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Fri, 13 Jan 2017 13:21:08 +0100
+Subject: USB: serial: opticon: fix CTS retrieval at open
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 2eee05020a0e7ee7c04422cbacdb07859e45dce6 upstream.
+
+The opticon driver used a control request at open to trigger a CTS
+status notification to be sent over the bulk-in pipe. When the driver
+was converted to using the generic read implementation, an inverted test
+prevented this request from being sent, something which could lead to
+TIOCMGET reporting an incorrect CTS state.
+
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Fixes: 7a6ee2b02751 ("USB: opticon: switch to generic read implementation")
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/opticon.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/serial/opticon.c
++++ b/drivers/usb/serial/opticon.c
+@@ -142,7 +142,7 @@ static int opticon_open(struct tty_struc
+ usb_clear_halt(port->serial->dev, port->read_urb->pipe);
+
+ res = usb_serial_generic_open(tty, port);
+- if (!res)
++ if (res)
+ return res;
+
+ /* Request CTS line state, sometimes during opening the current
--- /dev/null
+From 5ed8d41023751bdd3546f2fe4118304357efe8d2 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Thu, 12 Jan 2017 14:56:21 +0100
+Subject: USB: serial: spcp8x5: fix modem-status handling
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 5ed8d41023751bdd3546f2fe4118304357efe8d2 upstream.
+
+Make sure to detect short control transfers and return zero on success
+when retrieving the modem status.
+
+This fixes the TIOCMGET implementation which since e1ed212d8593 ("USB:
+spcp8x5: add proper modem-status support") has returned TIOCM_LE on
+successful retrieval, and avoids leaking bits from the stack on short
+transfers.
+
+This also fixes the carrier-detect implementation which since the above
+mentioned commit unconditionally has returned true.
+
+Fixes: e1ed212d8593 ("USB: spcp8x5: add proper modem-status support")
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/spcp8x5.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/serial/spcp8x5.c
++++ b/drivers/usb/serial/spcp8x5.c
+@@ -232,11 +232,17 @@ static int spcp8x5_get_msr(struct usb_se
+ ret = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
+ GET_UART_STATUS, GET_UART_STATUS_TYPE,
+ 0, GET_UART_STATUS_MSR, buf, 1, 100);
+- if (ret < 0)
++ if (ret < 1) {
+ dev_err(&port->dev, "failed to get modem status: %d\n", ret);
++ if (ret >= 0)
++ ret = -EIO;
++ goto out;
++ }
+
+ dev_dbg(&port->dev, "0xc0:0x22:0:6 %d - 0x02%x\n", ret, *buf);
+ *status = *buf;
++ ret = 0;
++out:
+ kfree(buf);
+
+ return ret;
--- /dev/null
+From 47512cfd0d7a8bd6ab71d01cd89fca19eb2093eb Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Wed, 15 Feb 2017 11:11:50 +0100
+Subject: x86/platform/goldfish: Prevent unconditional loading
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 47512cfd0d7a8bd6ab71d01cd89fca19eb2093eb upstream.
+
+The goldfish platform code registers the platform device unconditionally
+which causes havoc in several ways if the goldfish_pdev_bus driver is
+enabled:
+
+ - Access to the hardcoded physical memory region, which is either not
+ available or contains stuff which is completely unrelated.
+
+ - Prevents that the interrupt of the serial port can be requested
+
+ - In case of a spurious interrupt it goes into a infinite loop in the
+ interrupt handler of the pdev_bus driver (which needs to be fixed
+ seperately).
+
+Add a 'goldfish' command line option to make the registration opt-in when
+the platform is compiled in.
+
+I'm seriously grumpy about this engineering trainwreck, which has seven
+SOBs from Intel developers for 50 lines of code. And none of them figured
+out that this is broken. Impressive fail!
+
+Fixes: ddd70cf93d78 ("goldfish: platform device for x86")
+Reported-by: Gabriel C <nix.or.die@gmail.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Documentation/kernel-parameters.txt | 4 ++++
+ arch/x86/platform/goldfish/goldfish.c | 14 +++++++++++++-
+ 2 files changed, 17 insertions(+), 1 deletion(-)
+
+--- a/Documentation/kernel-parameters.txt
++++ b/Documentation/kernel-parameters.txt
+@@ -1255,6 +1255,10 @@ bytes respectively. Such letter suffixes
+ When zero, profiling data is discarded and associated
+ debugfs files are removed at module unload time.
+
++ goldfish [X86] Enable the goldfish android emulator platform.
++ Don't use this when you are not running on the
++ android emulator
++
+ gpt [EFI] Forces disk with valid GPT signature but
+ invalid Protective MBR to be treated as GPT. If the
+ primary GPT is corrupted, it enables the backup/alternate
+--- a/arch/x86/platform/goldfish/goldfish.c
++++ b/arch/x86/platform/goldfish/goldfish.c
+@@ -42,10 +42,22 @@ static struct resource goldfish_pdev_bus
+ }
+ };
+
++static bool goldfish_enable __initdata;
++
++static int __init goldfish_setup(char *str)
++{
++ goldfish_enable = true;
++ return 0;
++}
++__setup("goldfish", goldfish_setup);
++
+ static int __init goldfish_init(void)
+ {
++ if (!goldfish_enable)
++ return -ENODEV;
++
+ platform_device_register_simple("goldfish_pdev_bus", -1,
+- goldfish_pdev_bus_resources, 2);
++ goldfish_pdev_bus_resources, 2);
+ return 0;
+ }
+ device_initcall(goldfish_init);
projects / thirdparty / kernel / stable-queue.git / commitdiff
