--- /dev/null
+From 5fadc941d07530d681f3b7ec91e56d8445bc3825 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 21 Aug 2023 13:18:57 +0200
+Subject: ALSA: usb-audio: Fix init call orders for UAC1
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 5fadc941d07530d681f3b7ec91e56d8445bc3825 upstream.
+
+There have been reports of USB-audio driver spewing errors at the
+probe time on a few devices like Jabra and Logitech. The suggested
+fix there couldn't be applied as is, unfortunately, because it'll
+likely break other devices.
+
+But, the patch suggested an interesting point: looking at the current
+init code in stream.c, one may notice that it does initialize
+differently from the device setup in endpoint.c. Namely, for UAC1, we
+should call snd_usb_init_pitch() and snd_usb_init_sample_rate() after
+setting the interface, while the init sequence at parsing calls them
+before setting the interface blindly.
+
+This patch changes the init sequence at parsing for UAC1 (and other
+devices that need a similar behavior) to be aligned with the rest of
+the code, setting the interface at first. And, this fixes the
+long-standing problems on a few UAC1 devices like Jabra / Logitech,
+as reported, too.
+
+Reported-and-tested-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
+Closes: https://lore.kernel.org/r/202bbbc0f51522e8545783c4c5577d12a8e2d56d.camel@infinera.com
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20230821111857.28926-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/stream.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/sound/usb/stream.c
++++ b/sound/usb/stream.c
+@@ -1093,6 +1093,7 @@ static int __snd_usb_parse_audio_interfa
+ int i, altno, err, stream;
+ struct audioformat *fp = NULL;
+ struct snd_usb_power_domain *pd = NULL;
++ bool set_iface_first;
+ int num, protocol;
+
+ dev = chip->dev;
+@@ -1223,11 +1224,19 @@ static int __snd_usb_parse_audio_interfa
+ return err;
+ }
+
++ set_iface_first = false;
++ if (protocol == UAC_VERSION_1 ||
++ (chip->quirk_flags & QUIRK_FLAG_SET_IFACE_FIRST))
++ set_iface_first = true;
++
+ /* try to set the interface... */
+ usb_set_interface(chip->dev, iface_no, 0);
++ if (set_iface_first)
++ usb_set_interface(chip->dev, iface_no, altno);
+ snd_usb_init_pitch(chip, fp);
+ snd_usb_init_sample_rate(chip, fp, fp->rate_max);
+- usb_set_interface(chip->dev, iface_no, altno);
++ if (!set_iface_first)
++ usb_set_interface(chip->dev, iface_no, altno);
+ }
+ return 0;
+ }
--- /dev/null
+From 0faa29c4207e6e29cfc81b427df60e326c37083a Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Tue, 1 Aug 2023 19:35:40 +0200
+Subject: ARM: pxa: remove use of symbol_get()
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 0faa29c4207e6e29cfc81b427df60e326c37083a upstream.
+
+The spitz board file uses the obscure symbol_get() function
+to optionally call a function from sharpsl_pm.c if that is
+built. However, the two files are always built together
+these days, and have been for a long time, so this can
+be changed to a normal function call.
+
+Link: https://lore.kernel.org/lkml/20230731162639.GA9441@lst.de/
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/mach-pxa/sharpsl_pm.c | 2 --
+ arch/arm/mach-pxa/spitz.c | 14 +-------------
+ 2 files changed, 1 insertion(+), 15 deletions(-)
+
+--- a/arch/arm/mach-pxa/sharpsl_pm.c
++++ b/arch/arm/mach-pxa/sharpsl_pm.c
+@@ -216,8 +216,6 @@ void sharpsl_battery_kick(void)
+ {
+ schedule_delayed_work(&sharpsl_bat, msecs_to_jiffies(125));
+ }
+-EXPORT_SYMBOL(sharpsl_battery_kick);
+-
+
+ static void sharpsl_battery_thread(struct work_struct *private_)
+ {
+--- a/arch/arm/mach-pxa/spitz.c
++++ b/arch/arm/mach-pxa/spitz.c
+@@ -9,7 +9,6 @@
+ */
+
+ #include <linux/kernel.h>
+-#include <linux/module.h> /* symbol_get ; symbol_put */
+ #include <linux/platform_device.h>
+ #include <linux/delay.h>
+ #include <linux/gpio_keys.h>
+@@ -518,17 +517,6 @@ static struct gpiod_lookup_table spitz_a
+ },
+ };
+
+-static void spitz_bl_kick_battery(void)
+-{
+- void (*kick_batt)(void);
+-
+- kick_batt = symbol_get(sharpsl_battery_kick);
+- if (kick_batt) {
+- kick_batt();
+- symbol_put(sharpsl_battery_kick);
+- }
+-}
+-
+ static struct gpiod_lookup_table spitz_lcdcon_gpio_table = {
+ .dev_id = "spi2.1",
+ .table = {
+@@ -556,7 +544,7 @@ static struct corgi_lcd_platform_data sp
+ .max_intensity = 0x2f,
+ .default_intensity = 0x1f,
+ .limit_mask = 0x0b,
+- .kick_battery = spitz_bl_kick_battery,
++ .kick_battery = sharpsl_battery_kick,
+ };
+
+ static struct spi_board_info spitz_spi_devices[] = {
--- /dev/null
+From 9ac6678b95b0dd9458a7a6869f46e51cd55a1d84 Mon Sep 17 00:00:00 2001
+From: Aaron Armstrong Skomra <aaron.skomra@wacom.com>
+Date: Tue, 25 Jul 2023 15:20:25 -0700
+Subject: HID: wacom: remove the battery when the EKR is off
+
+From: Aaron Armstrong Skomra <aaron.skomra@wacom.com>
+
+commit 9ac6678b95b0dd9458a7a6869f46e51cd55a1d84 upstream.
+
+Currently the EKR battery remains even after we stop getting information
+from the device. This can lead to a stale battery persisting indefinitely
+in userspace.
+
+The remote sends a heartbeat every 10 seconds. Delete the battery if we
+miss two heartbeats (after 21 seconds). Restore the battery once we see
+a heartbeat again.
+
+Signed-off-by: Aaron Skomra <skomra@gmail.com>
+Signed-off-by: Aaron Armstrong Skomra <aaron.skomra@wacom.com>
+Reviewed-by: Jason Gerecke <jason.gerecke@wacom.com>
+Fixes: 9f1015d45f62 ("HID: wacom: EKR: attach the power_supply on first connection")
+CC: stable@vger.kernel.org
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hid/wacom.h | 1 +
+ drivers/hid/wacom_sys.c | 25 +++++++++++++++++++++----
+ drivers/hid/wacom_wac.c | 1 +
+ drivers/hid/wacom_wac.h | 1 +
+ 4 files changed, 24 insertions(+), 4 deletions(-)
+
+--- a/drivers/hid/wacom.h
++++ b/drivers/hid/wacom.h
+@@ -150,6 +150,7 @@ struct wacom_remote {
+ struct input_dev *input;
+ bool registered;
+ struct wacom_battery battery;
++ ktime_t active_time;
+ } remotes[WACOM_MAX_REMOTES];
+ };
+
+--- a/drivers/hid/wacom_sys.c
++++ b/drivers/hid/wacom_sys.c
+@@ -2523,6 +2523,18 @@ fail:
+ return;
+ }
+
++static void wacom_remote_destroy_battery(struct wacom *wacom, int index)
++{
++ struct wacom_remote *remote = wacom->remote;
++
++ if (remote->remotes[index].battery.battery) {
++ devres_release_group(&wacom->hdev->dev,
++ &remote->remotes[index].battery.bat_desc);
++ remote->remotes[index].battery.battery = NULL;
++ remote->remotes[index].active_time = 0;
++ }
++}
++
+ static void wacom_remote_destroy_one(struct wacom *wacom, unsigned int index)
+ {
+ struct wacom_remote *remote = wacom->remote;
+@@ -2537,9 +2549,7 @@ static void wacom_remote_destroy_one(str
+ remote->remotes[i].registered = false;
+ spin_unlock_irqrestore(&remote->remote_lock, flags);
+
+- if (remote->remotes[i].battery.battery)
+- devres_release_group(&wacom->hdev->dev,
+- &remote->remotes[i].battery.bat_desc);
++ wacom_remote_destroy_battery(wacom, i);
+
+ if (remote->remotes[i].group.name)
+ devres_release_group(&wacom->hdev->dev,
+@@ -2547,7 +2557,6 @@ static void wacom_remote_destroy_one(str
+
+ remote->remotes[i].serial = 0;
+ remote->remotes[i].group.name = NULL;
+- remote->remotes[i].battery.battery = NULL;
+ wacom->led.groups[i].select = WACOM_STATUS_UNKNOWN;
+ }
+ }
+@@ -2632,6 +2641,9 @@ static int wacom_remote_attach_battery(s
+ if (remote->remotes[index].battery.battery)
+ return 0;
+
++ if (!remote->remotes[index].active_time)
++ return 0;
++
+ if (wacom->led.groups[index].select == WACOM_STATUS_UNKNOWN)
+ return 0;
+
+@@ -2647,6 +2659,7 @@ static void wacom_remote_work(struct wor
+ {
+ struct wacom *wacom = container_of(work, struct wacom, remote_work);
+ struct wacom_remote *remote = wacom->remote;
++ ktime_t kt = ktime_get();
+ struct wacom_remote_data data;
+ unsigned long flags;
+ unsigned int count;
+@@ -2673,6 +2686,10 @@ static void wacom_remote_work(struct wor
+ serial = data.remote[i].serial;
+ if (data.remote[i].connected) {
+
++ if (kt - remote->remotes[i].active_time > WACOM_REMOTE_BATTERY_TIMEOUT
++ && remote->remotes[i].active_time != 0)
++ wacom_remote_destroy_battery(wacom, i);
++
+ if (remote->remotes[i].serial == serial) {
+ wacom_remote_attach_battery(wacom, i);
+ continue;
+--- a/drivers/hid/wacom_wac.c
++++ b/drivers/hid/wacom_wac.c
+@@ -1134,6 +1134,7 @@ static int wacom_remote_irq(struct wacom
+ if (index < 0 || !remote->remotes[index].registered)
+ goto out;
+
++ remote->remotes[i].active_time = ktime_get();
+ input = remote->remotes[index].input;
+
+ input_report_key(input, BTN_0, (data[9] & 0x01));
+--- a/drivers/hid/wacom_wac.h
++++ b/drivers/hid/wacom_wac.h
+@@ -13,6 +13,7 @@
+ #define WACOM_NAME_MAX 64
+ #define WACOM_MAX_REMOTES 5
+ #define WACOM_STATUS_UNKNOWN 255
++#define WACOM_REMOTE_BATTERY_TIMEOUT 21000000000ll
+
+ /* packet length for individual models */
+ #define WACOM_PKGLEN_BBFUN 9
--- /dev/null
+From 4b081ce0d830b684fdf967abc3696d1261387254 Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Fri, 25 Aug 2023 23:40:31 +0900
+Subject: ksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit 4b081ce0d830b684fdf967abc3696d1261387254 upstream.
+
+If authblob->SessionKey.Length is bigger than session key
+size(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.
+cifs_arc4_crypt copy to session key array from SessionKey from client.
+
+Cc: stable@vger.kernel.org
+Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21940
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/auth.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/fs/smb/server/auth.c
++++ b/fs/smb/server/auth.c
+@@ -355,6 +355,9 @@ int ksmbd_decode_ntlmssp_auth_blob(struc
+ if (blob_len < (u64)sess_key_off + sess_key_len)
+ return -EINVAL;
+
++ if (sess_key_len > CIFS_KEY_SIZE)
++ return -EINVAL;
++
+ ctx_arc4 = kmalloc(sizeof(*ctx_arc4), GFP_KERNEL);
+ if (!ctx_arc4)
+ return -ENOMEM;
--- /dev/null
+From 17d5b135bb720832364e8f55f6a887a3c7ec8fdb Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Fri, 25 Aug 2023 23:39:40 +0900
+Subject: ksmbd: fix wrong DataOffset validation of create context
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit 17d5b135bb720832364e8f55f6a887a3c7ec8fdb upstream.
+
+If ->DataOffset of create context is 0, DataBuffer size is not correctly
+validated. This patch change wrong validation code and consider tag
+length in request.
+
+Cc: stable@vger.kernel.org
+Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-21824
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/oplock.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/smb/server/oplock.c
++++ b/fs/smb/server/oplock.c
+@@ -1492,7 +1492,7 @@ struct create_context *smb2_find_context
+ name_len < 4 ||
+ name_off + name_len > cc_len ||
+ (value_off & 0x7) != 0 ||
+- (value_off && (value_off < name_off + name_len)) ||
++ (value_len && value_off < name_off + (name_len < 8 ? 8 : name_len)) ||
+ ((u64)value_off + value_len > cc_len))
+ return ERR_PTR(-EINVAL);
+
--- /dev/null
+From e628bf939aafb61fbc56e9bdac8795cea5127e25 Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Tue, 29 Aug 2023 23:40:37 +0900
+Subject: ksmbd: reduce descriptor size if remaining bytes is less than request size
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit e628bf939aafb61fbc56e9bdac8795cea5127e25 upstream.
+
+Create 3 kinds of files to reproduce this problem.
+
+dd if=/dev/urandom of=127k.bin bs=1024 count=127
+dd if=/dev/urandom of=128k.bin bs=1024 count=128
+dd if=/dev/urandom of=129k.bin bs=1024 count=129
+
+When copying files from ksmbd share to windows or cifs.ko, The following
+error message happen from windows client.
+
+"The file '129k.bin' is too large for the destination filesystem."
+
+We can see the error logs from ksmbd debug prints
+
+[48394.611537] ksmbd: RDMA r/w request 0x0: token 0x669d, length 0x20000
+[48394.612054] ksmbd: smb_direct: RDMA write, len 0x20000, needed credits 0x1
+[48394.612572] ksmbd: filename 129k.bin, offset 131072, len 131072
+[48394.614189] ksmbd: nbytes 1024, offset 132096 mincount 0
+[48394.614585] ksmbd: Failed to process 8 [-22]
+
+And we can reproduce it with cifs.ko,
+e.g. dd if=129k.bin of=/dev/null bs=128KB count=2
+
+This problem is that ksmbd rdma return error if remaining bytes is less
+than Length of Buffer Descriptor V1 Structure.
+
+smb_direct_rdma_xmit()
+...
+ if (desc_buf_len == 0 || total_length > buf_len ||
+ total_length > t->max_rdma_rw_size)
+ return -EINVAL;
+
+This patch reduce descriptor size with remaining bytes and remove the
+check for total_length and buf_len.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/transport_rdma.c | 25 ++++++++++++++++++-------
+ 1 file changed, 18 insertions(+), 7 deletions(-)
+
+--- a/fs/smb/server/transport_rdma.c
++++ b/fs/smb/server/transport_rdma.c
+@@ -1366,24 +1366,35 @@ static int smb_direct_rdma_xmit(struct s
+ LIST_HEAD(msg_list);
+ char *desc_buf;
+ int credits_needed;
+- unsigned int desc_buf_len;
+- size_t total_length = 0;
++ unsigned int desc_buf_len, desc_num = 0;
+
+ if (t->status != SMB_DIRECT_CS_CONNECTED)
+ return -ENOTCONN;
+
++ if (buf_len > t->max_rdma_rw_size)
++ return -EINVAL;
++
+ /* calculate needed credits */
+ credits_needed = 0;
+ desc_buf = buf;
+ for (i = 0; i < desc_len / sizeof(*desc); i++) {
++ if (!buf_len)
++ break;
++
+ desc_buf_len = le32_to_cpu(desc[i].length);
++ if (!desc_buf_len)
++ return -EINVAL;
++
++ if (desc_buf_len > buf_len) {
++ desc_buf_len = buf_len;
++ desc[i].length = cpu_to_le32(desc_buf_len);
++ buf_len = 0;
++ }
+
+ credits_needed += calc_rw_credits(t, desc_buf, desc_buf_len);
+ desc_buf += desc_buf_len;
+- total_length += desc_buf_len;
+- if (desc_buf_len == 0 || total_length > buf_len ||
+- total_length > t->max_rdma_rw_size)
+- return -EINVAL;
++ buf_len -= desc_buf_len;
++ desc_num++;
+ }
+
+ ksmbd_debug(RDMA, "RDMA %s, len %#x, needed credits %#x\n",
+@@ -1395,7 +1406,7 @@ static int smb_direct_rdma_xmit(struct s
+
+ /* build rdma_rw_ctx for each descriptor */
+ desc_buf = buf;
+- for (i = 0; i < desc_len / sizeof(*desc); i++) {
++ for (i = 0; i < desc_num; i++) {
+ msg = kzalloc(offsetof(struct smb_direct_rdma_rw_msg, sg_list) +
+ sizeof(struct scatterlist) * SG_CHUNK_SIZE, GFP_KERNEL);
+ if (!msg) {
--- /dev/null
+From 0ba5439d9afa2722e7728df56f272c89987540a4 Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Fri, 25 Aug 2023 23:41:58 +0900
+Subject: ksmbd: replace one-element array with flex-array member in struct smb2_ea_info
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit 0ba5439d9afa2722e7728df56f272c89987540a4 upstream.
+
+UBSAN complains about out-of-bounds array indexes on 1-element arrays in
+struct smb2_ea_info.
+
+UBSAN: array-index-out-of-bounds in fs/smb/server/smb2pdu.c:4335:15
+index 1 is out of range for type 'char [1]'
+CPU: 1 PID: 354 Comm: kworker/1:4 Not tainted 6.5.0-rc4 #1
+Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop
+Reference Platform, BIOS 6.00 07/22/2020
+Workqueue: ksmbd-io handle_ksmbd_work [ksmbd]
+Call Trace:
+ <TASK>
+ __dump_stack linux/lib/dump_stack.c:88
+ dump_stack_lvl+0x48/0x70 linux/lib/dump_stack.c:106
+ dump_stack+0x10/0x20 linux/lib/dump_stack.c:113
+ ubsan_epilogue linux/lib/ubsan.c:217
+ __ubsan_handle_out_of_bounds+0xc6/0x110 linux/lib/ubsan.c:348
+ smb2_get_ea linux/fs/smb/server/smb2pdu.c:4335
+ smb2_get_info_file linux/fs/smb/server/smb2pdu.c:4900
+ smb2_query_info+0x63ae/0x6b20 linux/fs/smb/server/smb2pdu.c:5275
+ __process_request linux/fs/smb/server/server.c:145
+ __handle_ksmbd_work linux/fs/smb/server/server.c:213
+ handle_ksmbd_work+0x348/0x10b0 linux/fs/smb/server/server.c:266
+ process_one_work+0x85a/0x1500 linux/kernel/workqueue.c:2597
+ worker_thread+0xf3/0x13a0 linux/kernel/workqueue.c:2748
+ kthread+0x2b7/0x390 linux/kernel/kthread.c:389
+ ret_from_fork+0x44/0x90 linux/arch/x86/kernel/process.c:145
+ ret_from_fork_asm+0x1b/0x30 linux/arch/x86/entry/entry_64.S:304
+ </TASK>
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/smb2pdu.c | 2 +-
+ fs/smb/server/smb2pdu.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/smb/server/smb2pdu.c
++++ b/fs/smb/server/smb2pdu.c
+@@ -4308,7 +4308,7 @@ static int smb2_get_ea(struct ksmbd_work
+ if (!strncmp(name, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
+ name_len -= XATTR_USER_PREFIX_LEN;
+
+- ptr = (char *)(&eainfo->name + name_len + 1);
++ ptr = eainfo->name + name_len + 1;
+ buf_free_len -= (offsetof(struct smb2_ea_info, name) +
+ name_len + 1);
+ /* bailout if xattr can't fit in buf_free_len */
+--- a/fs/smb/server/smb2pdu.h
++++ b/fs/smb/server/smb2pdu.h
+@@ -361,7 +361,7 @@ struct smb2_ea_info {
+ __u8 Flags;
+ __u8 EaNameLength;
+ __le16 EaValueLength;
+- char name[1];
++ char name[];
+ /* optionally followed by value */
+ } __packed; /* level 15 Query */
+
--- /dev/null
+From d4a5c59a955bba96b273ec1a5885bada24c56979 Mon Sep 17 00:00:00 2001
+From: Christoph Hellwig <hch@lst.de>
+Date: Tue, 1 Aug 2023 19:35:41 +0200
+Subject: mmc: au1xmmc: force non-modular build and remove symbol_get usage
+
+From: Christoph Hellwig <hch@lst.de>
+
+commit d4a5c59a955bba96b273ec1a5885bada24c56979 upstream.
+
+au1xmmc is split somewhat awkwardly into the main mmc subsystem driver,
+and callbacks in platform_data that sit under arch/mips/ and are
+always built in. The latter than call mmc_detect_change through
+symbol_get. Remove the use of symbol_get by requiring the driver
+to be built in. In the future the interrupt handlers for card
+insert/eject detection should probably be moved into the main driver,
+and which point it can be built modular again.
+
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Acked-by: Manuel Lauss <manuel.lauss@gmail.com>
+Reviewed-by: Arnd Bergmann <arnd@arndb.de>
+[mcgrof: squashed in depends on MMC=y suggested by Arnd]
+Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/mips/alchemy/devboards/db1000.c | 8 +-------
+ arch/mips/alchemy/devboards/db1200.c | 19 ++-----------------
+ arch/mips/alchemy/devboards/db1300.c | 10 +---------
+ drivers/mmc/host/Kconfig | 5 +++--
+ 4 files changed, 7 insertions(+), 35 deletions(-)
+
+--- a/arch/mips/alchemy/devboards/db1000.c
++++ b/arch/mips/alchemy/devboards/db1000.c
+@@ -14,7 +14,6 @@
+ #include <linux/interrupt.h>
+ #include <linux/leds.h>
+ #include <linux/mmc/host.h>
+-#include <linux/module.h>
+ #include <linux/platform_device.h>
+ #include <linux/pm.h>
+ #include <linux/spi/spi.h>
+@@ -167,12 +166,7 @@ static struct platform_device db1x00_aud
+
+ static irqreturn_t db1100_mmc_cd(int irq, void *ptr)
+ {
+- void (*mmc_cd)(struct mmc_host *, unsigned long);
+- /* link against CONFIG_MMC=m */
+- mmc_cd = symbol_get(mmc_detect_change);
+- mmc_cd(ptr, msecs_to_jiffies(500));
+- symbol_put(mmc_detect_change);
+-
++ mmc_detect_change(ptr, msecs_to_jiffies(500));
+ return IRQ_HANDLED;
+ }
+
+--- a/arch/mips/alchemy/devboards/db1200.c
++++ b/arch/mips/alchemy/devboards/db1200.c
+@@ -10,7 +10,6 @@
+ #include <linux/gpio.h>
+ #include <linux/i2c.h>
+ #include <linux/init.h>
+-#include <linux/module.h>
+ #include <linux/interrupt.h>
+ #include <linux/io.h>
+ #include <linux/leds.h>
+@@ -340,14 +339,7 @@ static irqreturn_t db1200_mmc_cd(int irq
+
+ static irqreturn_t db1200_mmc_cdfn(int irq, void *ptr)
+ {
+- void (*mmc_cd)(struct mmc_host *, unsigned long);
+-
+- /* link against CONFIG_MMC=m */
+- mmc_cd = symbol_get(mmc_detect_change);
+- if (mmc_cd) {
+- mmc_cd(ptr, msecs_to_jiffies(200));
+- symbol_put(mmc_detect_change);
+- }
++ mmc_detect_change(ptr, msecs_to_jiffies(200));
+
+ msleep(100); /* debounce */
+ if (irq == DB1200_SD0_INSERT_INT)
+@@ -431,14 +423,7 @@ static irqreturn_t pb1200_mmc1_cd(int ir
+
+ static irqreturn_t pb1200_mmc1_cdfn(int irq, void *ptr)
+ {
+- void (*mmc_cd)(struct mmc_host *, unsigned long);
+-
+- /* link against CONFIG_MMC=m */
+- mmc_cd = symbol_get(mmc_detect_change);
+- if (mmc_cd) {
+- mmc_cd(ptr, msecs_to_jiffies(200));
+- symbol_put(mmc_detect_change);
+- }
++ mmc_detect_change(ptr, msecs_to_jiffies(200));
+
+ msleep(100); /* debounce */
+ if (irq == PB1200_SD1_INSERT_INT)
+--- a/arch/mips/alchemy/devboards/db1300.c
++++ b/arch/mips/alchemy/devboards/db1300.c
+@@ -17,7 +17,6 @@
+ #include <linux/interrupt.h>
+ #include <linux/ata_platform.h>
+ #include <linux/mmc/host.h>
+-#include <linux/module.h>
+ #include <linux/mtd/mtd.h>
+ #include <linux/mtd/platnand.h>
+ #include <linux/platform_device.h>
+@@ -459,14 +458,7 @@ static irqreturn_t db1300_mmc_cd(int irq
+
+ static irqreturn_t db1300_mmc_cdfn(int irq, void *ptr)
+ {
+- void (*mmc_cd)(struct mmc_host *, unsigned long);
+-
+- /* link against CONFIG_MMC=m. We can only be called once MMC core has
+- * initialized the controller, so symbol_get() should always succeed.
+- */
+- mmc_cd = symbol_get(mmc_detect_change);
+- mmc_cd(ptr, msecs_to_jiffies(200));
+- symbol_put(mmc_detect_change);
++ mmc_detect_change(ptr, msecs_to_jiffies(200));
+
+ msleep(100); /* debounce */
+ if (irq == DB1300_SD1_INSERT_INT)
+--- a/drivers/mmc/host/Kconfig
++++ b/drivers/mmc/host/Kconfig
+@@ -526,11 +526,12 @@ config MMC_ALCOR
+ of Alcor Micro PCI-E card reader
+
+ config MMC_AU1X
+- tristate "Alchemy AU1XX0 MMC Card Interface support"
++ bool "Alchemy AU1XX0 MMC Card Interface support"
+ depends on MIPS_ALCHEMY
++ depends on MMC=y
+ help
+ This selects the AMD Alchemy(R) Multimedia card interface.
+- If you have a Alchemy platform with a MMC slot, say Y or M here.
++ If you have a Alchemy platform with a MMC slot, say Y here.
+
+ If unsure, say N.
+
--- /dev/null
+From 9011e49d54dcc7653ebb8a1e05b5badb5ecfa9f9 Mon Sep 17 00:00:00 2001
+From: Christoph Hellwig <hch@lst.de>
+Date: Tue, 1 Aug 2023 19:35:44 +0200
+Subject: modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
+
+From: Christoph Hellwig <hch@lst.de>
+
+commit 9011e49d54dcc7653ebb8a1e05b5badb5ecfa9f9 upstream.
+
+It has recently come to my attention that nvidia is circumventing the
+protection added in 262e6ae7081d ("modules: inherit
+TAINT_PROPRIETARY_MODULE") by importing exports from their proprietary
+modules into an allegedly GPL licensed module and then rexporting them.
+
+Given that symbol_get was only ever intended for tightly cooperating
+modules using very internal symbols it is logical to restrict it to
+being used on EXPORT_SYMBOL_GPL and prevent nvidia from costly DMCA
+Circumvention of Access Controls law suites.
+
+All symbols except for four used through symbol_get were already exported
+as EXPORT_SYMBOL_GPL, and the remaining four ones were switched over in
+the preparation patches.
+
+Fixes: 262e6ae7081d ("modules: inherit TAINT_PROPRIETARY_MODULE")
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/module/main.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+--- a/kernel/module/main.c
++++ b/kernel/module/main.c
+@@ -1295,12 +1295,20 @@ void *__symbol_get(const char *symbol)
+ };
+
+ preempt_disable();
+- if (!find_symbol(&fsa) || strong_try_module_get(fsa.owner)) {
+- preempt_enable();
+- return NULL;
++ if (!find_symbol(&fsa))
++ goto fail;
++ if (fsa.license != GPL_ONLY) {
++ pr_warn("failing symbol_get of non-GPLONLY symbol %s.\n",
++ symbol);
++ goto fail;
+ }
++ if (strong_try_module_get(fsa.owner))
++ goto fail;
+ preempt_enable();
+ return (void *)kernel_symbol_value(fsa.sym);
++fail:
++ preempt_enable();
++ return NULL;
+ }
+ EXPORT_SYMBOL_GPL(__symbol_get);
+
--- /dev/null
+From 569820befb16ffc755ab7af71f4f08cc5f68f0fe Mon Sep 17 00:00:00 2001
+From: Christoph Hellwig <hch@lst.de>
+Date: Tue, 1 Aug 2023 19:35:42 +0200
+Subject: net: enetc: use EXPORT_SYMBOL_GPL for enetc_phc_index
+
+From: Christoph Hellwig <hch@lst.de>
+
+commit 569820befb16ffc755ab7af71f4f08cc5f68f0fe upstream.
+
+enetc_phc_index is only used via symbol_get, which was only ever
+intended for very internal symbols like this one. Use EXPORT_SYMBOL_GPL
+for it so that symbol_get can enforce only being used on
+EXPORT_SYMBOL_GPL symbols.
+
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: Jakub Kicinski <kuba@kernel.org>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/freescale/enetc/enetc_ptp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/freescale/enetc/enetc_ptp.c
++++ b/drivers/net/ethernet/freescale/enetc/enetc_ptp.c
+@@ -8,7 +8,7 @@
+ #include "enetc.h"
+
+ int enetc_phc_index = -1;
+-EXPORT_SYMBOL(enetc_phc_index);
++EXPORT_SYMBOL_GPL(enetc_phc_index);
+
+ static struct ptp_clock_info enetc_ptp_caps = {
+ .owner = THIS_MODULE,
--- /dev/null
+From 95e7ebc6823170256a8ce19fad87912805bfa001 Mon Sep 17 00:00:00 2001
+From: Christoph Hellwig <hch@lst.de>
+Date: Tue, 1 Aug 2023 19:35:43 +0200
+Subject: rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
+
+From: Christoph Hellwig <hch@lst.de>
+
+commit 95e7ebc6823170256a8ce19fad87912805bfa001 upstream.
+
+ds1685_rtc_poweroff is only used externally via symbol_get, which was
+only ever intended for very internal symbols like this one. Use
+EXPORT_SYMBOL_GPL for it so that symbol_get can enforce only being used
+on EXPORT_SYMBOL_GPL symbols.
+
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Acked-by: Joshua Kinard <kumba@gentoo.org>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/rtc/rtc-ds1685.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/rtc/rtc-ds1685.c
++++ b/drivers/rtc/rtc-ds1685.c
+@@ -1432,7 +1432,7 @@ ds1685_rtc_poweroff(struct platform_devi
+ unreachable();
+ }
+ }
+-EXPORT_SYMBOL(ds1685_rtc_poweroff);
++EXPORT_SYMBOL_GPL(ds1685_rtc_poweroff);
+ /* ----------------------------------------------------------------------- */
+
+
drm-amdgpu-correct-vmhub-index-in-gmc-v10-11.patch
erofs-ensure-that-the-post-eof-tails-are-all-zeroed.patch
+ksmbd-fix-wrong-dataoffset-validation-of-create-context.patch
+ksmbd-fix-slub-overflow-in-ksmbd_decode_ntlmssp_auth_blob.patch
+ksmbd-replace-one-element-array-with-flex-array-member-in-struct-smb2_ea_info.patch
+ksmbd-reduce-descriptor-size-if-remaining-bytes-is-less-than-request-size.patch
+arm-pxa-remove-use-of-symbol_get.patch
+mmc-au1xmmc-force-non-modular-build-and-remove-symbol_get-usage.patch
+net-enetc-use-export_symbol_gpl-for-enetc_phc_index.patch
+rtc-ds1685-use-export_symbol_gpl-for-ds1685_rtc_poweroff.patch
+modules-only-allow-symbol_get-of-export_symbol_gpl-modules.patch
+usb-serial-option-add-quectel-em05g-variant-0x030e.patch
+usb-serial-option-add-foxconn-t99w368-t99w373-product.patch
+alsa-usb-audio-fix-init-call-orders-for-uac1.patch
+usb-dwc3-meson-g12a-do-post-init-to-fix-broken-usb-after-resumption.patch
+usb-chipidea-imx-improve-logic-if-samsung-picophy-parameter-is-0.patch
+hid-wacom-remove-the-battery-when-the-ekr-is-off.patch
+staging-rtl8712-fix-race-condition.patch
--- /dev/null
+From 1422b526fba994cf05fd288a152106563b875fce Mon Sep 17 00:00:00 2001
+From: Nam Cao <namcaov@gmail.com>
+Date: Mon, 31 Jul 2023 13:06:20 +0200
+Subject: staging: rtl8712: fix race condition
+
+From: Nam Cao <namcaov@gmail.com>
+
+commit 1422b526fba994cf05fd288a152106563b875fce upstream.
+
+In probe function, request_firmware_nowait() is called to load firmware
+asynchronously. At completion of firmware loading, register_netdev() is
+called. However, a mutex needed by netdev is initialized after the call
+to request_firmware_nowait(). Consequently, it can happen that
+register_netdev() is called before the driver is ready.
+
+Move the mutex initialization into r8712_init_drv_sw(), which is called
+before request_firmware_nowait().
+
+Reported-by: syzbot+b08315e8cf5a78eed03c@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/linux-staging/000000000000d9d4560601b8e0d7@google.com/T/#u
+Fixes: 8c213fa59199 ("staging: r8712u: Use asynchronous firmware loading")
+Cc: stable <stable@kernel.org>
+Signed-off-by: Nam Cao <namcaov@gmail.com>
+Link: https://lore.kernel.org/r/20230731110620.116562-1-namcaov@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/staging/rtl8712/os_intfs.c | 1 +
+ drivers/staging/rtl8712/usb_intf.c | 1 -
+ 2 files changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/staging/rtl8712/os_intfs.c
++++ b/drivers/staging/rtl8712/os_intfs.c
+@@ -327,6 +327,7 @@ int r8712_init_drv_sw(struct _adapter *p
+ mp871xinit(padapter);
+ init_default_value(padapter);
+ r8712_InitSwLeds(padapter);
++ mutex_init(&padapter->mutex_start);
+
+ return 0;
+
+--- a/drivers/staging/rtl8712/usb_intf.c
++++ b/drivers/staging/rtl8712/usb_intf.c
+@@ -567,7 +567,6 @@ static int r871xu_drv_init(struct usb_in
+ if (rtl871x_load_fw(padapter))
+ goto deinit_drv_sw;
+ init_completion(&padapter->rx_filter_ready);
+- mutex_init(&padapter->mutex_start);
+ return 0;
+
+ deinit_drv_sw:
--- /dev/null
+From 36668515d56bf73f06765c71e08c8f7465f1e5c4 Mon Sep 17 00:00:00 2001
+From: Xu Yang <xu.yang_2@nxp.com>
+Date: Tue, 27 Jun 2023 19:21:24 +0800
+Subject: usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0
+
+From: Xu Yang <xu.yang_2@nxp.com>
+
+commit 36668515d56bf73f06765c71e08c8f7465f1e5c4 upstream.
+
+In current driver, the value of tuning parameter will not take effect
+if samsung,picophy-* is assigned as 0. Because 0 is also a valid value
+acccording to the description of USB_PHY_CFG1 register, this will improve
+the logic to let it work.
+
+Fixes: 58a3cefb3840 ("usb: chipidea: imx: add two samsung picophy parameters tuning implementation")
+cc: <stable@vger.kernel.org>
+Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
+Acked-by: Peter Chen <peter.chen@kernel.org>
+Link: https://lore.kernel.org/r/20230627112126.1882666-1-xu.yang_2@nxp.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/chipidea/ci_hdrc_imx.c | 10 ++++++----
+ drivers/usb/chipidea/usbmisc_imx.c | 6 ++++--
+ 2 files changed, 10 insertions(+), 6 deletions(-)
+
+--- a/drivers/usb/chipidea/ci_hdrc_imx.c
++++ b/drivers/usb/chipidea/ci_hdrc_imx.c
+@@ -175,10 +175,12 @@ static struct imx_usbmisc_data *usbmisc_
+ if (of_usb_get_phy_mode(np) == USBPHY_INTERFACE_MODE_ULPI)
+ data->ulpi = 1;
+
+- of_property_read_u32(np, "samsung,picophy-pre-emp-curr-control",
+- &data->emp_curr_control);
+- of_property_read_u32(np, "samsung,picophy-dc-vol-level-adjust",
+- &data->dc_vol_level_adjust);
++ if (of_property_read_u32(np, "samsung,picophy-pre-emp-curr-control",
++ &data->emp_curr_control))
++ data->emp_curr_control = -1;
++ if (of_property_read_u32(np, "samsung,picophy-dc-vol-level-adjust",
++ &data->dc_vol_level_adjust))
++ data->dc_vol_level_adjust = -1;
+
+ return data;
+ }
+--- a/drivers/usb/chipidea/usbmisc_imx.c
++++ b/drivers/usb/chipidea/usbmisc_imx.c
+@@ -659,13 +659,15 @@ static int usbmisc_imx7d_init(struct imx
+ usbmisc->base + MX7D_USBNC_USB_CTRL2);
+ /* PHY tuning for signal quality */
+ reg = readl(usbmisc->base + MX7D_USB_OTG_PHY_CFG1);
+- if (data->emp_curr_control && data->emp_curr_control <=
++ if (data->emp_curr_control >= 0 &&
++ data->emp_curr_control <=
+ (TXPREEMPAMPTUNE0_MASK >> TXPREEMPAMPTUNE0_BIT)) {
+ reg &= ~TXPREEMPAMPTUNE0_MASK;
+ reg |= (data->emp_curr_control << TXPREEMPAMPTUNE0_BIT);
+ }
+
+- if (data->dc_vol_level_adjust && data->dc_vol_level_adjust <=
++ if (data->dc_vol_level_adjust >= 0 &&
++ data->dc_vol_level_adjust <=
+ (TXVREFTUNE0_MASK >> TXVREFTUNE0_BIT)) {
+ reg &= ~TXVREFTUNE0_MASK;
+ reg |= (data->dc_vol_level_adjust << TXVREFTUNE0_BIT);
--- /dev/null
+From 1fa206bb764f37d2ab4bf671e483153ef0659b34 Mon Sep 17 00:00:00 2001
+From: Luke Lu <luke.lu@libre.computer>
+Date: Wed, 9 Aug 2023 21:29:11 +0000
+Subject: usb: dwc3: meson-g12a: do post init to fix broken usb after resumption
+
+From: Luke Lu <luke.lu@libre.computer>
+
+commit 1fa206bb764f37d2ab4bf671e483153ef0659b34 upstream.
+
+Device connected to usb otg port of GXL-based boards can not be
+recognised after resumption, doesn't recover even if disconnect and
+reconnect the device. dmesg shows it disconnects during resumption.
+
+[ 41.492911] usb 1-2: USB disconnect, device number 3
+[ 41.499346] usb 1-2: unregistering device
+[ 41.511939] usb 1-2: unregistering interface 1-2:1.0
+
+Calling usb_post_init() will fix this issue, and it's tested and
+verified on libretech's aml-s905x-cc board.
+
+Cc: stable@vger.kernel.org # v5.8+
+Fixes: c99993376f72 ("usb: dwc3: Add Amlogic G12A DWC3 glue")
+Signed-off-by: Luke Lu <luke.lu@libre.computer>
+Acked-by: Neil Armstrong <neil.armstrong@linaro.org>
+Link: https://lore.kernel.org/r/20230809212911.18903-1-luke.lu@libre.computer
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/dwc3/dwc3-meson-g12a.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/usb/dwc3/dwc3-meson-g12a.c
++++ b/drivers/usb/dwc3/dwc3-meson-g12a.c
+@@ -926,6 +926,12 @@ static int __maybe_unused dwc3_meson_g12
+ return ret;
+ }
+
++ if (priv->drvdata->usb_post_init) {
++ ret = priv->drvdata->usb_post_init(priv);
++ if (ret)
++ return ret;
++ }
++
+ return 0;
+ }
+
--- /dev/null
+From 4d9488b294e1f8353bbcadc4c7172a7f7490199b Mon Sep 17 00:00:00 2001
+From: Slark Xiao <slark_xiao@163.com>
+Date: Wed, 23 Aug 2023 15:57:51 +0800
+Subject: USB: serial: option: add FOXCONN T99W368/T99W373 product
+
+From: Slark Xiao <slark_xiao@163.com>
+
+commit 4d9488b294e1f8353bbcadc4c7172a7f7490199b upstream.
+
+The difference of T99W368 and T99W373 is the chip solution.
+T99W368 is designed based on Qualcomm SDX65 and T99W373 is SDX62.
+
+Test evidence as below:
+T: Bus=01 Lev=02 Prnt=05 Port=00 Cnt=01 Dev#= 7 Spd=480 MxCh= 0
+D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
+P: Vendor=0489 ProdID=e0f0 Rev=05.04
+S: Manufacturer=FII
+S: Product=OLYMPIC USB WWAN Adapter
+S: SerialNumber=78ada8c4
+C: #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA
+I: If#=0x0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim
+I: If#=0x1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
+I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
+I: If#=0x3 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
+I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
+I: If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
+
+T: Bus=01 Lev=02 Prnt=05 Port=00 Cnt=01 Dev#= 8 Spd=480 MxCh= 0
+D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
+P: Vendor=0489 ProdID=e0ee Rev=05.04
+S: Manufacturer=FII
+S: Product=OLYMPIC USB WWAN Adapter
+S: SerialNumber=78ada8d5
+C: #Ifs= 6 Cfg#= 1 Atr=a0 MxPwr=500mA
+I: If#=0x0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim
+I: If#=0x1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
+I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
+I: If#=0x3 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
+I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
+I: If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
+
+Both of them share the same port configuration:
+0&1: MBIM, 2: Modem, 3:GNSS, 4:NMEA, 5:Diag
+GNSS port don't use serial driver.
+
+Signed-off-by: Slark Xiao <slark_xiao@163.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/option.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -2235,6 +2235,10 @@ static const struct usb_device_id option
+ .driver_info = RSVD(0) | RSVD(1) | RSVD(6) },
+ { USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe0db, 0xff), /* Foxconn T99W265 MBIM */
+ .driver_info = RSVD(3) },
++ { USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe0ee, 0xff), /* Foxconn T99W368 MBIM */
++ .driver_info = RSVD(3) },
++ { USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe0f0, 0xff), /* Foxconn T99W373 MBIM */
++ .driver_info = RSVD(3) },
+ { USB_DEVICE(0x1508, 0x1001), /* Fibocom NL668 (IOT version) */
+ .driver_info = RSVD(4) | RSVD(5) | RSVD(6) },
+ { USB_DEVICE(0x1782, 0x4d10) }, /* Fibocom L610 (AT mode) */
--- /dev/null
+From 873854c02364ebb991fc06f7148c14dfb5419e1b Mon Sep 17 00:00:00 2001
+From: Martin Kohn <m.kohn@welotec.com>
+Date: Thu, 27 Jul 2023 22:23:00 +0000
+Subject: USB: serial: option: add Quectel EM05G variant (0x030e)
+
+From: Martin Kohn <m.kohn@welotec.com>
+
+commit 873854c02364ebb991fc06f7148c14dfb5419e1b upstream.
+
+Add Quectel EM05G with product ID 0x030e.
+Interface 4 is used for qmi.
+
+T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=480 MxCh= 0
+D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
+P: Vendor=2c7c ProdID=030e Rev= 3.18
+S: Manufacturer=Quectel
+S: Product=Quectel EM05-G
+C:* #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA
+I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
+E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
+E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
+E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+
+Signed-off-by: Martin Kohn <m.kohn@welotec.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/option.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -259,6 +259,7 @@ static void option_instat_callback(struc
+ #define QUECTEL_PRODUCT_EM05G 0x030a
+ #define QUECTEL_PRODUCT_EM060K 0x030b
+ #define QUECTEL_PRODUCT_EM05G_CS 0x030c
++#define QUECTEL_PRODUCT_EM05GV2 0x030e
+ #define QUECTEL_PRODUCT_EM05CN_SG 0x0310
+ #define QUECTEL_PRODUCT_EM05G_SG 0x0311
+ #define QUECTEL_PRODUCT_EM05CN 0x0312
+@@ -1188,6 +1189,8 @@ static const struct usb_device_id option
+ .driver_info = RSVD(6) | ZLP },
+ { USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM05G, 0xff),
+ .driver_info = RSVD(6) | ZLP },
++ { USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM05GV2, 0xff),
++ .driver_info = RSVD(4) | ZLP },
+ { USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM05G_CS, 0xff),
+ .driver_info = RSVD(6) | ZLP },
+ { USB_DEVICE_INTERFACE_CLASS(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EM05G_GR, 0xff),
projects / thirdparty / kernel / stable-queue.git / commitdiff
