--- /dev/null
+From 7a2b9e6ec84588b0be65cc0ae45a65bac431496b Mon Sep 17 00:00:00 2001
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+Date: Tue, 5 Nov 2019 17:05:13 +0200
+Subject: mei: bus: prefix device names on bus with the bus name
+
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+
+commit 7a2b9e6ec84588b0be65cc0ae45a65bac431496b upstream.
+
+Add parent device name to the name of devices on bus to avoid
+device names collisions for same client UUID available
+from different MEI heads. Namely this prevents sysfs collision under
+/sys/bus/mei/device/
+
+In the device part leave just UUID other parameters that are
+required for device matching are not required here and are
+just bloating the name.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
+Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
+Link: https://lore.kernel.org/r/20191105150514.14010-1-tomas.winkler@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/misc/mei/bus.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/drivers/misc/mei/bus.c
++++ b/drivers/misc/mei/bus.c
+@@ -873,15 +873,16 @@ static const struct device_type mei_cl_d
+
+ /**
+ * mei_cl_bus_set_name - set device name for me client device
++ * <controller>-<client device>
++ * Example: 0000:00:16.0-55213584-9a29-4916-badf-0fb7ed682aeb
+ *
+ * @cldev: me client device
+ */
+ static inline void mei_cl_bus_set_name(struct mei_cl_device *cldev)
+ {
+- dev_set_name(&cldev->dev, "mei:%s:%pUl:%02X",
+- cldev->name,
+- mei_me_cl_uuid(cldev->me_cl),
+- mei_me_cl_ver(cldev->me_cl));
++ dev_set_name(&cldev->dev, "%s-%pUl",
++ dev_name(cldev->bus->dev),
++ mei_me_cl_uuid(cldev->me_cl));
+ }
+
+ /**
--- /dev/null
+From 82b29b9f72afdccb40ea5f3c13c6a3cb65a597bc Mon Sep 17 00:00:00 2001
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+Date: Tue, 5 Nov 2019 17:05:14 +0200
+Subject: mei: me: add comet point V device id
+
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+
+commit 82b29b9f72afdccb40ea5f3c13c6a3cb65a597bc upstream.
+
+Comet Point (Comet Lake) V device id.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
+Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
+Link: https://lore.kernel.org/r/20191105150514.14010-2-tomas.winkler@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/misc/mei/hw-me-regs.h | 1 +
+ drivers/misc/mei/pci-me.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+--- a/drivers/misc/mei/hw-me-regs.h
++++ b/drivers/misc/mei/hw-me-regs.h
+@@ -81,6 +81,7 @@
+
+ #define MEI_DEV_ID_CMP_LP 0x02e0 /* Comet Point LP */
+ #define MEI_DEV_ID_CMP_LP_3 0x02e4 /* Comet Point LP 3 (iTouch) */
++#define MEI_DEV_ID_CMP_V 0xA3BA /* Comet Point Lake V */
+
+ #define MEI_DEV_ID_ICP_LP 0x34E0 /* Ice Lake Point LP */
+
+--- a/drivers/misc/mei/pci-me.c
++++ b/drivers/misc/mei/pci-me.c
+@@ -98,6 +98,7 @@ static const struct pci_device_id mei_me
+
+ {MEI_PCI_DEVICE(MEI_DEV_ID_CMP_LP, MEI_ME_PCH12_CFG)},
+ {MEI_PCI_DEVICE(MEI_DEV_ID_CMP_LP_3, MEI_ME_PCH8_CFG)},
++ {MEI_PCI_DEVICE(MEI_DEV_ID_CMP_V, MEI_ME_PCH12_CFG)},
+
+ {MEI_PCI_DEVICE(MEI_DEV_ID_ICP_LP, MEI_ME_PCH12_CFG)},
+
i40e-fix-for-ethtool-m-issue-on-x722-nic.patch
clk-at91-fix-update-bit-maps-on-cfg_mor-write.patch
usb-dwc2-use-a-longer-core-rest-timeout-in-dwc2_core_reset.patch
+staging-wilc1000-fix-illegal-memory-access-in-wilc_parse_join_bss_param.patch
+staging-rtl8192e-fix-potential-use-after-free.patch
+staging-rtl8723bs-drop-acpi-device-ids.patch
+staging-rtl8723bs-add-024c-0525-to-the-list-of-sdio-device-ids.patch
+usb-serial-ftdi_sio-add-device-ids-for-u-blox-c099-f9p.patch
+mei-bus-prefix-device-names-on-bus-with-the-bus-name.patch
+mei-me-add-comet-point-v-device-id.patch
+thunderbolt-power-cycle-the-router-if-nvm-authentication-fails.patch
--- /dev/null
+From b7aa39a2ed0112d07fc277ebd24a08a7b2368ab9 Mon Sep 17 00:00:00 2001
+From: Pan Bian <bianpan2016@163.com>
+Date: Tue, 5 Nov 2019 22:49:11 +0800
+Subject: staging: rtl8192e: fix potential use after free
+
+From: Pan Bian <bianpan2016@163.com>
+
+commit b7aa39a2ed0112d07fc277ebd24a08a7b2368ab9 upstream.
+
+The variable skb is released via kfree_skb() when the return value of
+_rtl92e_tx is not zero. However, after that, skb is accessed again to
+read its length, which may result in a use after free bug. This patch
+fixes the bug by moving the release operation to where skb is never
+used later.
+
+Signed-off-by: Pan Bian <bianpan2016@163.com>
+Reviewed-by: Dan Carpenter <dan.carpenter@oracle.com>
+Cc: stable <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/1572965351-6745-1-git-send-email-bianpan2016@163.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/rtl8192e/rtl8192e/rtl_core.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/staging/rtl8192e/rtl8192e/rtl_core.c
++++ b/drivers/staging/rtl8192e/rtl8192e/rtl_core.c
+@@ -1616,14 +1616,15 @@ static void _rtl92e_hard_data_xmit(struc
+ memcpy((unsigned char *)(skb->cb), &dev, sizeof(dev));
+ skb_push(skb, priv->rtllib->tx_headroom);
+ ret = _rtl92e_tx(dev, skb);
+- if (ret != 0)
+- kfree_skb(skb);
+
+ if (queue_index != MGNT_QUEUE) {
+ priv->rtllib->stats.tx_bytes += (skb->len -
+ priv->rtllib->tx_headroom);
+ priv->rtllib->stats.tx_packets++;
+ }
++
++ if (ret != 0)
++ kfree_skb(skb);
+ }
+
+ static int _rtl92e_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
--- /dev/null
+From 3d5f1eedbfd22ceea94b39989d6021b1958181f4 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Mon, 11 Nov 2019 12:38:45 +0100
+Subject: staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit 3d5f1eedbfd22ceea94b39989d6021b1958181f4 upstream.
+
+Add 024c:0525 to the list of SDIO device-ids, based on a patch found
+in the Android X86 kernels. According to that patch this device id is
+used on the Alcatel Plus 10 device.
+
+Reported-and-tested-by: youling257 <youling257@gmail.com>
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Cc: stable <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20191111113846.24940-1-hdegoede@redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/rtl8723bs/os_dep/sdio_intf.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/staging/rtl8723bs/os_dep/sdio_intf.c
++++ b/drivers/staging/rtl8723bs/os_dep/sdio_intf.c
+@@ -18,6 +18,7 @@
+ static const struct sdio_device_id sdio_ids[] =
+ {
+ { SDIO_DEVICE(0x024c, 0x0523), },
++ { SDIO_DEVICE(0x024c, 0x0525), },
+ { SDIO_DEVICE(0x024c, 0x0623), },
+ { SDIO_DEVICE(0x024c, 0x0626), },
+ { SDIO_DEVICE(0x024c, 0xb723), },
--- /dev/null
+From 2d9d2491530a156b9a5614adf9dc79285e35d55e Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Mon, 11 Nov 2019 12:38:46 +0100
+Subject: staging: rtl8723bs: Drop ACPI device ids
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit 2d9d2491530a156b9a5614adf9dc79285e35d55e upstream.
+
+The driver only binds by SDIO device-ids, all the ACPI device-id does
+is causing the driver to load unnecessarily on devices where the DSDT
+contains a bogus OBDA8723 device.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Cc: stable <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20191111113846.24940-2-hdegoede@redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/rtl8723bs/os_dep/sdio_intf.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+--- a/drivers/staging/rtl8723bs/os_dep/sdio_intf.c
++++ b/drivers/staging/rtl8723bs/os_dep/sdio_intf.c
+@@ -23,13 +23,7 @@ static const struct sdio_device_id sdio_
+ { SDIO_DEVICE(0x024c, 0xb723), },
+ { /* end: all zeroes */ },
+ };
+-static const struct acpi_device_id acpi_ids[] = {
+- {"OBDA8723", 0x0000},
+- {}
+-};
+-
+ MODULE_DEVICE_TABLE(sdio, sdio_ids);
+-MODULE_DEVICE_TABLE(acpi, acpi_ids);
+
+ static int rtw_drv_init(struct sdio_func *func, const struct sdio_device_id *id);
+ static void rtw_dev_remove(struct sdio_func *func);
--- /dev/null
+From c7e621bb981b76d3bfd8a595070ee8282ac4a32b Mon Sep 17 00:00:00 2001
+From: Ajay Singh <ajay.kathat@microchip.com>
+Date: Thu, 7 Nov 2019 15:58:54 +0000
+Subject: staging: wilc1000: fix illegal memory access in wilc_parse_join_bss_param()
+
+From: Ajay Singh <ajay.kathat@microchip.com>
+
+commit c7e621bb981b76d3bfd8a595070ee8282ac4a32b upstream.
+
+Do not copy the extended supported rates in 'param->supp_rates' if the
+array is already full with basic rates values. The array size check
+helped to avoid possible illegal memory access [1] while copying to
+'param->supp_rates' array.
+
+1. https://marc.info/?l=linux-next&m=157301720517456&w=2
+
+Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
+Addresses-Coverity-ID: 1487400 ("Memory - illegal accesses")
+Fixes: 4e0b0f42c9c7 ("staging: wilc1000: use struct to pack join parameters for FW")
+Cc: stable@vger.kernel.org
+Signed-off-by: Ajay Singh <ajay.kathat@microchip.com>
+Link: https://lore.kernel.org/r/20191106062127.3165-1-ajay.kathat@microchip.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/wilc1000/wilc_hif.c | 23 ++++++++++++++---------
+ 1 file changed, 14 insertions(+), 9 deletions(-)
+
+--- a/drivers/staging/wilc1000/wilc_hif.c
++++ b/drivers/staging/wilc1000/wilc_hif.c
+@@ -477,16 +477,21 @@ void *wilc_parse_join_bss_param(struct c
+ memcpy(¶m->supp_rates[1], rates_ie + 2, rates_len);
+ }
+
+- supp_rates_ie = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies->data,
+- ies->len);
+- if (supp_rates_ie) {
+- if (supp_rates_ie[1] > (WILC_MAX_RATES_SUPPORTED - rates_len))
+- param->supp_rates[0] = WILC_MAX_RATES_SUPPORTED;
+- else
+- param->supp_rates[0] += supp_rates_ie[1];
++ if (rates_len < WILC_MAX_RATES_SUPPORTED) {
++ supp_rates_ie = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES,
++ ies->data, ies->len);
++ if (supp_rates_ie) {
++ u8 ext_rates = supp_rates_ie[1];
+
+- memcpy(¶m->supp_rates[rates_len + 1], supp_rates_ie + 2,
+- (param->supp_rates[0] - rates_len));
++ if (ext_rates > (WILC_MAX_RATES_SUPPORTED - rates_len))
++ param->supp_rates[0] = WILC_MAX_RATES_SUPPORTED;
++ else
++ param->supp_rates[0] += ext_rates;
++
++ memcpy(¶m->supp_rates[rates_len + 1],
++ supp_rates_ie + 2,
++ (param->supp_rates[0] - rates_len));
++ }
+ }
+
+ ht_ie = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies->data, ies->len);
--- /dev/null
+From 7a7ebfa85f4fac349f3ab219538c44efe18b0cf6 Mon Sep 17 00:00:00 2001
+From: Mika Westerberg <mika.westerberg@linux.intel.com>
+Date: Mon, 11 Nov 2019 13:25:44 +0300
+Subject: thunderbolt: Power cycle the router if NVM authentication fails
+
+From: Mika Westerberg <mika.westerberg@linux.intel.com>
+
+commit 7a7ebfa85f4fac349f3ab219538c44efe18b0cf6 upstream.
+
+On zang's Dell XPS 13 9370 after Thunderbolt NVM firmware upgrade the
+Thunderbolt controller did not come back as expected. Only after the
+system was rebooted it became available again. It is not entirely clear
+what happened but I suspect the new NVM firmware image authentication
+failed for some reason. Regardless of this the router needs to be power
+cycled if NVM authentication fails in order to get it fully functional
+again.
+
+This modifies the driver to issue a power cycle in case the NVM
+authentication fails immediately when dma_port_flash_update_auth()
+returns. We also need to call tb_switch_set_uuid() earlier to be able to
+fetch possible NVM authentication failure when DMA port is added.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=205457
+Reported-by: zang <dump@tzib.net>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/thunderbolt/switch.c | 54 +++++++++++++++++++++++++++++++++----------
+ 1 file changed, 42 insertions(+), 12 deletions(-)
+
+--- a/drivers/thunderbolt/switch.c
++++ b/drivers/thunderbolt/switch.c
+@@ -168,7 +168,7 @@ static int nvm_validate_and_write(struct
+
+ static int nvm_authenticate_host(struct tb_switch *sw)
+ {
+- int ret;
++ int ret = 0;
+
+ /*
+ * Root switch NVM upgrade requires that we disconnect the
+@@ -176,6 +176,8 @@ static int nvm_authenticate_host(struct
+ * already).
+ */
+ if (!sw->safe_mode) {
++ u32 status;
++
+ ret = tb_domain_disconnect_all_paths(sw->tb);
+ if (ret)
+ return ret;
+@@ -184,7 +186,16 @@ static int nvm_authenticate_host(struct
+ * everything goes well so getting timeout is expected.
+ */
+ ret = dma_port_flash_update_auth(sw->dma_port);
+- return ret == -ETIMEDOUT ? 0 : ret;
++ if (!ret || ret == -ETIMEDOUT)
++ return 0;
++
++ /*
++ * Any error from update auth operation requires power
++ * cycling of the host router.
++ */
++ tb_sw_warn(sw, "failed to authenticate NVM, power cycling\n");
++ if (dma_port_flash_update_auth_status(sw->dma_port, &status) > 0)
++ nvm_set_auth_status(sw, status);
+ }
+
+ /*
+@@ -192,7 +203,7 @@ static int nvm_authenticate_host(struct
+ * switch.
+ */
+ dma_port_power_cycle(sw->dma_port);
+- return 0;
++ return ret;
+ }
+
+ static int nvm_authenticate_device(struct tb_switch *sw)
+@@ -200,8 +211,16 @@ static int nvm_authenticate_device(struc
+ int ret, retries = 10;
+
+ ret = dma_port_flash_update_auth(sw->dma_port);
+- if (ret && ret != -ETIMEDOUT)
++ switch (ret) {
++ case 0:
++ case -ETIMEDOUT:
++ case -EACCES:
++ case -EINVAL:
++ /* Power cycle is required */
++ break;
++ default:
+ return ret;
++ }
+
+ /*
+ * Poll here for the authentication status. It takes some time
+@@ -1237,8 +1256,6 @@ static ssize_t nvm_authenticate_store(st
+ */
+ nvm_authenticate_start(sw);
+ ret = nvm_authenticate_host(sw);
+- if (ret)
+- nvm_authenticate_complete(sw);
+ } else {
+ ret = nvm_authenticate_device(sw);
+ }
+@@ -1664,13 +1681,16 @@ static int tb_switch_add_dma_port(struct
+ int ret;
+
+ switch (sw->generation) {
+- case 3:
+- break;
+-
+ case 2:
+ /* Only root switch can be upgraded */
+ if (tb_route(sw))
+ return 0;
++
++ /* fallthrough */
++ case 3:
++ ret = tb_switch_set_uuid(sw);
++ if (ret)
++ return ret;
+ break;
+
+ default:
+@@ -1691,6 +1711,19 @@ static int tb_switch_add_dma_port(struct
+ return 0;
+
+ /*
++ * If there is status already set then authentication failed
++ * when the dma_port_flash_update_auth() returned. Power cycling
++ * is not needed (it was done already) so only thing we do here
++ * is to unblock runtime PM of the root port.
++ */
++ nvm_get_auth_status(sw, &status);
++ if (status) {
++ if (!tb_route(sw))
++ nvm_authenticate_complete(sw);
++ return 0;
++ }
++
++ /*
+ * Check status of the previous flash authentication. If there
+ * is one we need to power cycle the switch in any case to make
+ * it functional again.
+@@ -1705,9 +1738,6 @@ static int tb_switch_add_dma_port(struct
+
+ if (status) {
+ tb_sw_info(sw, "switch flash authentication failed\n");
+- ret = tb_switch_set_uuid(sw);
+- if (ret)
+- return ret;
+ nvm_set_auth_status(sw, status);
+ }
+
--- /dev/null
+From c1a1f273d0825774c80896b8deb1c9ea1d0b91e3 Mon Sep 17 00:00:00 2001
+From: Fabio D'Urso <fabiodurso@hotmail.it>
+Date: Thu, 14 Nov 2019 01:30:53 +0000
+Subject: USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P
+
+From: Fabio D'Urso <fabiodurso@hotmail.it>
+
+commit c1a1f273d0825774c80896b8deb1c9ea1d0b91e3 upstream.
+
+This device presents itself as a USB hub with three attached devices:
+ - An ACM serial port connected to the GPS module (not affected by this
+ commit)
+ - An FTDI serial port connected to the GPS module (1546:0502)
+ - Another FTDI serial port connected to the ODIN-W2 radio module
+ (1546:0503)
+
+This commit registers U-Blox's VID and the PIDs of the second and third
+devices.
+
+Datasheet: https://www.u-blox.com/sites/default/files/C099-F9P-AppBoard-Mbed-OS3-FW_UserGuide_%28UBX-18063024%29.pdf
+
+Signed-off-by: Fabio D'Urso <fabiodurso@hotmail.it>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ftdi_sio.c | 3 +++
+ drivers/usb/serial/ftdi_sio_ids.h | 7 +++++++
+ 2 files changed, 10 insertions(+)
+
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -1033,6 +1033,9 @@ static const struct usb_device_id id_tab
+ /* Sienna devices */
+ { USB_DEVICE(FTDI_VID, FTDI_SIENNA_PID) },
+ { USB_DEVICE(ECHELON_VID, ECHELON_U20_PID) },
++ /* U-Blox devices */
++ { USB_DEVICE(UBLOX_VID, UBLOX_C099F9P_ZED_PID) },
++ { USB_DEVICE(UBLOX_VID, UBLOX_C099F9P_ODIN_PID) },
+ { } /* Terminating entry */
+ };
+
+--- a/drivers/usb/serial/ftdi_sio_ids.h
++++ b/drivers/usb/serial/ftdi_sio_ids.h
+@@ -1558,3 +1558,10 @@
+ */
+ #define UNJO_VID 0x22B7
+ #define UNJO_ISODEBUG_V1_PID 0x150D
++
++/*
++ * U-Blox products (http://www.u-blox.com).
++ */
++#define UBLOX_VID 0x1546
++#define UBLOX_C099F9P_ZED_PID 0x0502
++#define UBLOX_C099F9P_ODIN_PID 0x0503
projects / thirdparty / kernel / stable-queue.git / commitdiff
