--- /dev/null
+From 2acf40f0454d41b8d51c95d317283c20c931164d Mon Sep 17 00:00:00 2001
+From: Sebastian Parschauer <s.parschauer@gmx.de>
+Date: Mon, 2 Sep 2019 12:39:30 +0200
+Subject: HID: Add quirk for HP X500 PIXART OEM mouse
+
+From: Sebastian Parschauer <s.parschauer@gmx.de>
+
+commit 2acf40f0454d41b8d51c95d317283c20c931164d upstream.
+
+The PixArt OEM mice are known for disconnecting every minute in
+runlevel 1 or 3 if they are not always polled. So add quirk
+ALWAYS_POLL for this one as well.
+
+Ville Viinikka (viinikv) reported and tested the quirk.
+Link: https://github.com/sriemer/fix-linux-mouse issue 15
+
+Signed-off-by: Sebastian Parschauer <s.parschauer@gmx.de>
+CC: stable@vger.kernel.org # v4.16+
+Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-ids.h | 1 +
+ drivers/hid/hid-quirks.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+--- a/drivers/hid/hid-ids.h
++++ b/drivers/hid/hid-ids.h
+@@ -568,6 +568,7 @@
+ #define USB_PRODUCT_ID_HP_LOGITECH_OEM_USB_OPTICAL_MOUSE_0B4A 0x0b4a
+ #define USB_PRODUCT_ID_HP_PIXART_OEM_USB_OPTICAL_MOUSE 0x134a
+ #define USB_PRODUCT_ID_HP_PIXART_OEM_USB_OPTICAL_MOUSE_094A 0x094a
++#define USB_PRODUCT_ID_HP_PIXART_OEM_USB_OPTICAL_MOUSE_0941 0x0941
+ #define USB_PRODUCT_ID_HP_PIXART_OEM_USB_OPTICAL_MOUSE_0641 0x0641
+
+ #define USB_VENDOR_ID_HUION 0x256c
+--- a/drivers/hid/hid-quirks.c
++++ b/drivers/hid/hid-quirks.c
+@@ -91,6 +91,7 @@ static const struct hid_device_id hid_qu
+ { HID_USB_DEVICE(USB_VENDOR_ID_HP, USB_PRODUCT_ID_HP_LOGITECH_OEM_USB_OPTICAL_MOUSE_0B4A), HID_QUIRK_ALWAYS_POLL },
+ { HID_USB_DEVICE(USB_VENDOR_ID_HP, USB_PRODUCT_ID_HP_PIXART_OEM_USB_OPTICAL_MOUSE), HID_QUIRK_ALWAYS_POLL },
+ { HID_USB_DEVICE(USB_VENDOR_ID_HP, USB_PRODUCT_ID_HP_PIXART_OEM_USB_OPTICAL_MOUSE_094A), HID_QUIRK_ALWAYS_POLL },
++ { HID_USB_DEVICE(USB_VENDOR_ID_HP, USB_PRODUCT_ID_HP_PIXART_OEM_USB_OPTICAL_MOUSE_0941), HID_QUIRK_ALWAYS_POLL },
+ { HID_USB_DEVICE(USB_VENDOR_ID_HP, USB_PRODUCT_ID_HP_PIXART_OEM_USB_OPTICAL_MOUSE_0641), HID_QUIRK_ALWAYS_POLL },
+ { HID_USB_DEVICE(USB_VENDOR_ID_IDEACOM, USB_DEVICE_ID_IDEACOM_IDC6680), HID_QUIRK_MULTI_INPUT },
+ { HID_USB_DEVICE(USB_VENDOR_ID_INNOMEDIA, USB_DEVICE_ID_INNEX_GENESIS_ATARI), HID_QUIRK_MULTI_INPUT },
--- /dev/null
+From 416dacb819f59180e4d86a5550052033ebb6d72c Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Wed, 21 Aug 2019 13:27:12 -0400
+Subject: HID: hidraw: Fix invalid read in hidraw_ioctl
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit 416dacb819f59180e4d86a5550052033ebb6d72c upstream.
+
+The syzbot fuzzer has reported a pair of problems in the
+hidraw_ioctl() function: slab-out-of-bounds read and use-after-free
+read. An example of the first:
+
+BUG: KASAN: slab-out-of-bounds in strlen+0x79/0x90 lib/string.c:525
+Read of size 1 at addr ffff8881c8035f38 by task syz-executor.4/2833
+
+CPU: 1 PID: 2833 Comm: syz-executor.4 Not tainted 5.3.0-rc2+ #1
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
+Google 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:77 [inline]
+ dump_stack+0xca/0x13e lib/dump_stack.c:113
+ print_address_description+0x6a/0x32c mm/kasan/report.c:351
+ __kasan_report.cold+0x1a/0x33 mm/kasan/report.c:482
+ kasan_report+0xe/0x12 mm/kasan/common.c:612
+ strlen+0x79/0x90 lib/string.c:525
+ strlen include/linux/string.h:281 [inline]
+ hidraw_ioctl+0x245/0xae0 drivers/hid/hidraw.c:446
+ vfs_ioctl fs/ioctl.c:46 [inline]
+ file_ioctl fs/ioctl.c:509 [inline]
+ do_vfs_ioctl+0xd2d/0x1330 fs/ioctl.c:696
+ ksys_ioctl+0x9b/0xc0 fs/ioctl.c:713
+ __do_sys_ioctl fs/ioctl.c:720 [inline]
+ __se_sys_ioctl fs/ioctl.c:718 [inline]
+ __x64_sys_ioctl+0x6f/0xb0 fs/ioctl.c:718
+ do_syscall_64+0xb7/0x580 arch/x86/entry/common.c:296
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+RIP: 0033:0x459829
+Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
+48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
+ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
+RSP: 002b:00007f7a68f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
+RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459829
+RDX: 0000000000000000 RSI: 0000000080404805 RDI: 0000000000000004
+RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7a68f6e6d4
+R13: 00000000004c21de R14: 00000000004d5620 R15: 00000000ffffffff
+
+The two problems have the same cause: hidraw_ioctl() fails to test
+whether the device has been removed. This patch adds the missing test.
+
+Reported-and-tested-by: syzbot+5a6c4ec678a0c6ee84ba@syzkaller.appspotmail.com
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+CC: <stable@vger.kernel.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hidraw.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/hid/hidraw.c
++++ b/drivers/hid/hidraw.c
+@@ -370,7 +370,7 @@ static long hidraw_ioctl(struct file *fi
+
+ mutex_lock(&minors_lock);
+ dev = hidraw_table[minor];
+- if (!dev) {
++ if (!dev || !dev->exist) {
+ ret = -ENODEV;
+ goto out;
+ }
--- /dev/null
+From 8ccff2843fb4e6d9d26e5ae9ffe9840b38b92638 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Sun, 25 Aug 2019 17:35:42 +0200
+Subject: HID: logitech-dj: Fix crash when initial logi_dj_recv_query_paired_devices fails
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit 8ccff2843fb4e6d9d26e5ae9ffe9840b38b92638 upstream.
+
+Before this commit dj_probe would exit with an error if the initial
+logi_dj_recv_query_paired_devices fails. The initial call may fail
+when the receiver is connected through a kvm and the focus is away.
+
+When the call fails this causes 2 problems:
+
+1) dj_probe calls logi_dj_recv_query_paired_devices after calling
+hid_device_io_start() so a HID report may have been received in between
+and our delayedwork_callback may be running. It seems that the initial
+logi_dj_recv_query_paired_devices failure happening with some KVMs triggers
+this exact scenario, causing the work-queue to run on free-ed memory,
+leading to:
+
+ BUG: unable to handle page fault for address: 0000000000001e88
+ #PF: supervisor read access in kernel mode
+ #PF: error_code(0x0000) - not-present page
+ PGD 0 P4D 0
+ Oops: 0000 [#1] SMP PTI
+ CPU: 3 PID: 257 Comm: kworker/3:3 Tainted: G OE 5.3.0-rc5+ #100
+ Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./B150M Pro4S/D3, BIOS P7.10 12/06/2016
+ Workqueue: events 0xffffffffc02ba200
+ RIP: 0010:0xffffffffc02ba1bd
+ Code: e8 e8 13 00 d8 48 89 c5 48 85 c0 74 4c 48 8b 7b 10 48 89 ea b9 07 00 00 00 41 b9 09 00 00 00 41 b8 01 00 00 00 be 10 00 00 00 <48> 8b 87 88 1e 00 00 48 8b 40 40 e8 b3 6b b4 d8 48 89 ef 41 89 c4
+ RSP: 0018:ffffb760c046bdb8 EFLAGS: 00010286
+ RAX: ffff935038ea4550 RBX: ffff935046778000 RCX: 0000000000000007
+ RDX: ffff935038ea4550 RSI: 0000000000000010 RDI: 0000000000000000
+ RBP: ffff935038ea4550 R08: 0000000000000001 R09: 0000000000000009
+ R10: 000000000000e011 R11: 0000000000000001 R12: ffff9350467780e8
+ R13: ffff935046778000 R14: 0000000000000000 R15: ffff935046778070
+ FS: 0000000000000000(0000) GS:ffff935054e00000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 0000000000001e88 CR3: 000000075a612002 CR4: 00000000003606e0
+ DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+ DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+ Call Trace:
+ 0xffffffffc02ba2f7
+ ? process_one_work+0x1b1/0x560
+ process_one_work+0x234/0x560
+ worker_thread+0x50/0x3b0
+ kthread+0x10a/0x140
+ ? process_one_work+0x560/0x560
+ ? kthread_park+0x80/0x80
+ ret_from_fork+0x3a/0x50
+ Modules linked in: vboxpci(O) vboxnetadp(O) vboxnetflt(O) vboxdrv(O) bnep vfat fat btusb btrtl btbcm btintel bluetooth intel_rapl_msr ecdh_generic rfkill ecc snd_usb_audio snd_usbmidi_lib intel_rapl_common snd_rawmidi mc x86_pkg_temp_thermal intel_powerclamp coretemp iTCO_wdt iTCO_vendor_support mei_wdt mei_hdcp ppdev kvm_intel kvm irqbypass crct10dif_pclmul crc32_generic crc32_pclmul snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio ghash_clmulni_intel intel_cstate snd_hda_intel snd_hda_codec intel_uncore snd_hda_core snd_hwdep intel_rapl_perf snd_seq snd_seq_device snd_pcm snd_timer intel_wmi_thunderbolt snd e1000e soundcore mxm_wmi i2c_i801 bfq mei_me mei intel_pch_thermal parport_pc parport acpi_pad binfmt_misc hid_lg_g15(E) hid_logitech_dj(E) i915 crc32c_intel i2c_algo_bit drm_kms_helper nvme nvme_core drm wmi video uas usb_storage i2c_dev
+ CR2: 0000000000001e88
+ ---[ end trace 1d3f8afdcfcbd842 ]---
+
+2) Even if we were to fix 1. by making sure the work is stopped before
+failing probe, failing probe is the wrong thing to do, we have
+logi_dj_recv_queue_unknown_work to deal with the initial
+logi_dj_recv_query_paired_devices failure.
+
+Rather then error-ing out of the probe, causing the receiver to not work at
+all we should rely on this, so that the attached devices will get properly
+enumerated once the KVM focus is switched back.
+
+Cc: stable@vger.kernel.org
+Fixes: 74808f9115ce ("HID: logitech-dj: add support for non unifying receivers")
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-logitech-dj.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/drivers/hid/hid-logitech-dj.c
++++ b/drivers/hid/hid-logitech-dj.c
+@@ -1732,14 +1732,14 @@ static int logi_dj_probe(struct hid_devi
+ if (retval < 0) {
+ hid_err(hdev, "%s: logi_dj_recv_query_paired_devices error:%d\n",
+ __func__, retval);
+- goto logi_dj_recv_query_paired_devices_failed;
++ /*
++ * This can happen with a KVM, let the probe succeed,
++ * logi_dj_recv_queue_unknown_work will retry later.
++ */
+ }
+ }
+
+- return retval;
+-
+-logi_dj_recv_query_paired_devices_failed:
+- hid_hw_close(hdev);
++ return 0;
+
+ llopen_failed:
+ switch_to_dj_mode_fail:
--- /dev/null
+From 5f9242775bb61f390f0885f23fc16397262c7538 Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Tue, 20 Aug 2019 16:00:21 -0400
+Subject: HID: logitech: Fix general protection fault caused by Logitech driver
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit 5f9242775bb61f390f0885f23fc16397262c7538 upstream.
+
+The syzbot fuzzer found a general protection fault in the HID subsystem:
+
+kasan: CONFIG_KASAN_INLINE enabled
+kasan: GPF could be caused by NULL-ptr deref or user memory access
+general protection fault: 0000 [#1] SMP KASAN
+CPU: 0 PID: 3715 Comm: syz-executor.3 Not tainted 5.2.0-rc6+ #15
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
+Google 01/01/2011
+RIP: 0010:__pm_runtime_resume+0x49/0x180 drivers/base/power/runtime.c:1069
+Code: ed 74 d5 fe 45 85 ed 0f 85 9a 00 00 00 e8 6f 73 d5 fe 48 8d bd c1 02
+00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48
+89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 fe 00 00 00
+RSP: 0018:ffff8881d99d78e0 EFLAGS: 00010202
+RAX: dffffc0000000000 RBX: 0000000000000020 RCX: ffffc90003f3f000
+RDX: 0000000416d8686d RSI: ffffffff82676841 RDI: 00000020b6c3436a
+RBP: 00000020b6c340a9 R08: ffff8881c6d64800 R09: fffffbfff0e84c25
+R10: ffff8881d99d7940 R11: ffffffff87426127 R12: 0000000000000004
+R13: 0000000000000000 R14: ffff8881d9b94000 R15: ffffffff897f9048
+FS: 00007f047f542700(0000) GS:ffff8881db200000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000001b30f21000 CR3: 00000001ca032000 CR4: 00000000001406f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ pm_runtime_get_sync include/linux/pm_runtime.h:226 [inline]
+ usb_autopm_get_interface+0x1b/0x50 drivers/usb/core/driver.c:1707
+ usbhid_power+0x7c/0xe0 drivers/hid/usbhid/hid-core.c:1234
+ hid_hw_power include/linux/hid.h:1038 [inline]
+ hidraw_open+0x20d/0x740 drivers/hid/hidraw.c:282
+ chrdev_open+0x219/0x5c0 fs/char_dev.c:413
+ do_dentry_open+0x497/0x1040 fs/open.c:778
+ do_last fs/namei.c:3416 [inline]
+ path_openat+0x1430/0x3ff0 fs/namei.c:3533
+ do_filp_open+0x1a1/0x280 fs/namei.c:3563
+ do_sys_open+0x3c0/0x580 fs/open.c:1070
+ do_syscall_64+0xb7/0x560 arch/x86/entry/common.c:301
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+It turns out the fault was caused by a bug in the HID Logitech driver,
+which violates the requirement that every pathway calling
+hid_hw_start() must also call hid_hw_stop(). This patch fixes the bug
+by making sure the requirement is met.
+
+Reported-and-tested-by: syzbot+3cbe5cd105d2ad56a1df@syzkaller.appspotmail.com
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+CC: <stable@vger.kernel.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-lg.c | 10 ++++++----
+ drivers/hid/hid-lg4ff.c | 1 -
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+--- a/drivers/hid/hid-lg.c
++++ b/drivers/hid/hid-lg.c
+@@ -818,7 +818,7 @@ static int lg_probe(struct hid_device *h
+
+ if (!buf) {
+ ret = -ENOMEM;
+- goto err_free;
++ goto err_stop;
+ }
+
+ ret = hid_hw_raw_request(hdev, buf[0], buf, sizeof(cbuf),
+@@ -850,9 +850,12 @@ static int lg_probe(struct hid_device *h
+ ret = lg4ff_init(hdev);
+
+ if (ret)
+- goto err_free;
++ goto err_stop;
+
+ return 0;
++
++err_stop:
++ hid_hw_stop(hdev);
+ err_free:
+ kfree(drv_data);
+ return ret;
+@@ -863,8 +866,7 @@ static void lg_remove(struct hid_device
+ struct lg_drv_data *drv_data = hid_get_drvdata(hdev);
+ if (drv_data->quirks & LG_FF4)
+ lg4ff_deinit(hdev);
+- else
+- hid_hw_stop(hdev);
++ hid_hw_stop(hdev);
+ kfree(drv_data);
+ }
+
+--- a/drivers/hid/hid-lg4ff.c
++++ b/drivers/hid/hid-lg4ff.c
+@@ -1477,7 +1477,6 @@ int lg4ff_deinit(struct hid_device *hid)
+ }
+ }
+ #endif
+- hid_hw_stop(hid);
+ drv_data->device_props = NULL;
+
+ kfree(entry);
--- /dev/null
+From 98375b86c79137416e9fd354177b85e768c16e56 Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Wed, 4 Sep 2019 11:54:20 -0400
+Subject: HID: prodikeys: Fix general protection fault during probe
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit 98375b86c79137416e9fd354177b85e768c16e56 upstream.
+
+The syzbot fuzzer provoked a general protection fault in the
+hid-prodikeys driver:
+
+kasan: CONFIG_KASAN_INLINE enabled
+kasan: GPF could be caused by NULL-ptr deref or user memory access
+general protection fault: 0000 [#1] SMP KASAN
+CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.3.0-rc5+ #28
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
+Google 01/01/2011
+Workqueue: usb_hub_wq hub_event
+RIP: 0010:pcmidi_submit_output_report drivers/hid/hid-prodikeys.c:300 [inline]
+RIP: 0010:pcmidi_set_operational drivers/hid/hid-prodikeys.c:558 [inline]
+RIP: 0010:pcmidi_snd_initialise drivers/hid/hid-prodikeys.c:686 [inline]
+RIP: 0010:pk_probe+0xb51/0xfd0 drivers/hid/hid-prodikeys.c:836
+Code: 0f 85 50 04 00 00 48 8b 04 24 4c 89 7d 10 48 8b 58 08 e8 b2 53 e4 fc
+48 8b 54 24 20 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f
+85 13 04 00 00 48 ba 00 00 00 00 00 fc ff df 49 8b
+
+The problem is caused by the fact that pcmidi_get_output_report() will
+return an error if the HID device doesn't provide the right sort of
+output report, but pcmidi_set_operational() doesn't bother to check
+the return code and assumes the function call always succeeds.
+
+This patch adds the missing check and aborts the probe operation if
+necessary.
+
+Reported-and-tested-by: syzbot+1088533649dafa1c9004@syzkaller.appspotmail.com
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+CC: <stable@vger.kernel.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-prodikeys.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/drivers/hid/hid-prodikeys.c
++++ b/drivers/hid/hid-prodikeys.c
+@@ -551,10 +551,14 @@ static void pcmidi_setup_extra_keys(
+
+ static int pcmidi_set_operational(struct pcmidi_snd *pm)
+ {
++ int rc;
++
+ if (pm->ifnum != 1)
+ return 0; /* only set up ONCE for interace 1 */
+
+- pcmidi_get_output_report(pm);
++ rc = pcmidi_get_output_report(pm);
++ if (rc < 0)
++ return rc;
+ pcmidi_submit_output_report(pm, 0xc1);
+ return 0;
+ }
+@@ -683,7 +687,11 @@ static int pcmidi_snd_initialise(struct
+ spin_lock_init(&pm->rawmidi_in_lock);
+
+ init_sustain_timers(pm);
+- pcmidi_set_operational(pm);
++ err = pcmidi_set_operational(pm);
++ if (err < 0) {
++ pk_error("failed to find output report\n");
++ goto fail_register;
++ }
+
+ /* register it */
+ err = snd_card_register(card);
--- /dev/null
+From 2bcdacb70327013ca2066bfcf2af1009eff01f1d Mon Sep 17 00:00:00 2001
+From: Roderick Colenbrander <roderick.colenbrander@sony.com>
+Date: Wed, 4 Sep 2019 14:22:11 -0700
+Subject: HID: sony: Fix memory corruption issue on cleanup.
+
+From: Roderick Colenbrander <roderick.colenbrander@sony.com>
+
+commit 2bcdacb70327013ca2066bfcf2af1009eff01f1d upstream.
+
+The sony driver is not properly cleaning up from potential failures in
+sony_input_configured. Currently it calls hid_hw_stop, while hid_connect
+is still running. This is not a good idea, instead hid_hw_stop should
+be moved to sony_probe. Similar changes were recently made to Logitech
+drivers, which were also doing improper cleanup.
+
+Signed-off-by: Roderick Colenbrander <roderick.colenbrander@sony.com>
+CC: stable@vger.kernel.org
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-sony.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/hid/hid-sony.c
++++ b/drivers/hid/hid-sony.c
+@@ -2811,7 +2811,6 @@ err_stop:
+ sony_cancel_work_sync(sc);
+ sony_remove_dev_list(sc);
+ sony_release_device_id(sc);
+- hid_hw_stop(hdev);
+ return ret;
+ }
+
+@@ -2876,6 +2875,7 @@ static int sony_probe(struct hid_device
+ */
+ if (!(hdev->claimed & HID_CLAIMED_INPUT)) {
+ hid_err(hdev, "failed to claim input\n");
++ hid_hw_stop(hdev);
+ return -ENODEV;
+ }
+
--- /dev/null
+From 37c673ade35c707d50583b5b25091ff8ebdeafd7 Mon Sep 17 00:00:00 2001
+From: Tokunori Ikegami <ikegami.t@gmail.com>
+Date: Tue, 6 Aug 2019 04:03:18 +0900
+Subject: mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
+
+From: Tokunori Ikegami <ikegami.t@gmail.com>
+
+commit 37c673ade35c707d50583b5b25091ff8ebdeafd7 upstream.
+
+As reported by the OpenWRT team, write requests sometimes fail on some
+platforms.
+Currently to check the state chip_ready() is used correctly as described by
+the flash memory S29GL256P11TFI01 datasheet.
+Also chip_good() is used to check if the write is succeeded and it was
+implemented by the commit fb4a90bfcd6d8 ("[MTD] CFI-0002 - Improve error
+checking").
+But actually the write failure is caused on some platforms and also it can
+be fixed by using chip_good() to check the state and retry instead.
+Also it seems that it is caused after repeated about 1,000 times to retry
+the write one word with the reset command.
+By using chip_good() to check the state to be done it can be reduced the
+retry with reset.
+It is depended on the actual flash chip behavior so the root cause is
+unknown.
+
+Cc: Chris Packham <chris.packham@alliedtelesis.co.nz>
+Cc: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
+Cc: linux-mtd@lists.infradead.org
+Cc: stable@vger.kernel.org
+Reported-by: Fabio Bettoni <fbettoni@gmail.com>
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
+Signed-off-by: Tokunori Ikegami <ikegami.t@gmail.com>
+[vigneshr@ti.com: Fix a checkpatch warning]
+Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mtd/chips/cfi_cmdset_0002.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+--- a/drivers/mtd/chips/cfi_cmdset_0002.c
++++ b/drivers/mtd/chips/cfi_cmdset_0002.c
+@@ -1628,29 +1628,35 @@ static int __xipram do_write_oneword(str
+ continue;
+ }
+
+- if (time_after(jiffies, timeo) && !chip_ready(map, adr)){
++ /*
++ * We check "time_after" and "!chip_good" before checking
++ * "chip_good" to avoid the failure due to scheduling.
++ */
++ if (time_after(jiffies, timeo) && !chip_good(map, adr, datum)) {
+ xip_enable(map, chip, adr);
+ printk(KERN_WARNING "MTD %s(): software timeout\n", __func__);
+ xip_disable(map, chip, adr);
++ ret = -EIO;
+ break;
+ }
+
+- if (chip_ready(map, adr))
++ if (chip_good(map, adr, datum))
+ break;
+
+ /* Latency issues. Drop the lock, wait a while and retry */
+ UDELAY(map, chip, adr, 1);
+ }
++
+ /* Did we succeed? */
+- if (!chip_good(map, adr, datum)) {
++ if (ret) {
+ /* reset on all failures. */
+ map_write(map, CMD(0xF0), chip->start);
+ /* FIXME - should have reset delay before continuing */
+
+- if (++retry_cnt <= MAX_RETRIES)
++ if (++retry_cnt <= MAX_RETRIES) {
++ ret = 0;
+ goto retry;
+-
+- ret = -EIO;
++ }
+ }
+ xip_enable(map, chip, adr);
+ op_done:
--- /dev/null
+From b3e487c0cf425369a48049251af75593a5652dc1 Mon Sep 17 00:00:00 2001
+From: "David S. Miller" <davem@davemloft.net>
+Date: Mon, 22 Jul 2019 20:44:48 -0700
+Subject: Revert "net: hns: fix LED configuration for marvell phy"
+
+From: David S. Miller <davem@davemloft.net>
+
+commit b3e487c0cf425369a48049251af75593a5652dc1 upstream.
+
+This reverts commit f4e5f775db5a4631300dccd0de5eafb50a77c131.
+
+Andrew Lunn says this should be handled another way.
+
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Yonglong Liu <liuyonglong@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/hisilicon/hns/hns_enet.c | 23 +----------------------
+ 1 file changed, 1 insertion(+), 22 deletions(-)
+
+--- a/drivers/net/ethernet/hisilicon/hns/hns_enet.c
++++ b/drivers/net/ethernet/hisilicon/hns/hns_enet.c
+@@ -11,7 +11,6 @@
+ #include <linux/io.h>
+ #include <linux/ip.h>
+ #include <linux/ipv6.h>
+-#include <linux/marvell_phy.h>
+ #include <linux/module.h>
+ #include <linux/phy.h>
+ #include <linux/platform_device.h>
+@@ -1150,13 +1149,6 @@ static void hns_nic_adjust_link(struct n
+ }
+ }
+
+-static int hns_phy_marvell_fixup(struct phy_device *phydev)
+-{
+- phydev->dev_flags |= MARVELL_PHY_LED0_LINK_LED1_ACTIVE;
+-
+- return 0;
+-}
+-
+ /**
+ *hns_nic_init_phy - init phy
+ *@ndev: net device
+@@ -1182,16 +1174,6 @@ int hns_nic_init_phy(struct net_device *
+ if (h->phy_if != PHY_INTERFACE_MODE_XGMII) {
+ phy_dev->dev_flags = 0;
+
+- /* register the PHY fixup (for Marvell 88E1510) */
+- ret = phy_register_fixup_for_uid(MARVELL_PHY_ID_88E1510,
+- MARVELL_PHY_ID_MASK,
+- hns_phy_marvell_fixup);
+- /* we can live without it, so just issue a warning */
+- if (ret)
+- netdev_warn(ndev,
+- "Cannot register PHY fixup, ret=%d\n",
+- ret);
+-
+ ret = phy_connect_direct(ndev, phy_dev, hns_nic_adjust_link,
+ h->phy_if);
+ } else {
+@@ -2447,11 +2429,8 @@ static int hns_nic_dev_remove(struct pla
+ hns_nic_uninit_ring_data(priv);
+ priv->ring_data = NULL;
+
+- if (ndev->phydev) {
+- phy_unregister_fixup_for_uid(MARVELL_PHY_ID_88E1510,
+- MARVELL_PHY_ID_MASK);
++ if (ndev->phydev)
+ phy_disconnect(ndev->phydev);
+- }
+
+ if (!IS_ERR_OR_NULL(priv->ae_handle))
+ hnae_put_handle(priv->ae_handle);
drm-amd-display-don-t-replace-the-dc_state-for-fast-updates.patch
powerpc-xive-fix-bogus-error-code-returned-by-opal.patch
drm-amd-display-readd-msse2-to-prevent-clang-from-em.patch
+revert-net-hns-fix-led-configuration-for-marvell-phy.patch
+hid-prodikeys-fix-general-protection-fault-during-probe.patch
+hid-sony-fix-memory-corruption-issue-on-cleanup.patch
+hid-logitech-fix-general-protection-fault-caused-by-logitech-driver.patch
+hid-logitech-dj-fix-crash-when-initial-logi_dj_recv_query_paired_devices-fails.patch
+hid-hidraw-fix-invalid-read-in-hidraw_ioctl.patch
+hid-add-quirk-for-hp-x500-pixart-oem-mouse.patch
+mtd-cfi_cmdset_0002-use-chip_good-to-retry-in-do_write_oneword.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
