--- /dev/null
+From 6c2794a2984f4c17a58117a68703cc7640f01c5a Mon Sep 17 00:00:00 2001
+From: Jiri Kosina <jkosina@suse.cz>
+Date: Mon, 2 Sep 2013 13:43:00 +0200
+Subject: HID: battery: don't do DMA from stack
+
+From: Jiri Kosina <jkosina@suse.cz>
+
+commit 6c2794a2984f4c17a58117a68703cc7640f01c5a upstream.
+
+Instead of using data from stack for DMA in hidinput_get_battery_property(),
+allocate the buffer dynamically.
+
+Reported-by: Richard Ryniker <ryniker@alum.mit.edu>
+Reported-by: Alan Stern <stern@rowland.harvard.edu>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-input.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/drivers/hid/hid-input.c
++++ b/drivers/hid/hid-input.c
+@@ -340,7 +340,7 @@ static int hidinput_get_battery_property
+ {
+ struct hid_device *dev = container_of(psy, struct hid_device, battery);
+ int ret = 0;
+- __u8 buf[2] = {};
++ __u8 *buf;
+
+ switch (prop) {
+ case POWER_SUPPLY_PROP_PRESENT:
+@@ -349,12 +349,19 @@ static int hidinput_get_battery_property
+ break;
+
+ case POWER_SUPPLY_PROP_CAPACITY:
++
++ buf = kmalloc(2 * sizeof(__u8), GFP_KERNEL);
++ if (!buf) {
++ ret = -ENOMEM;
++ break;
++ }
+ ret = dev->hid_get_raw_report(dev, dev->battery_report_id,
+- buf, sizeof(buf),
++ buf, 2,
+ dev->battery_report_type);
+
+ if (ret != 2) {
+ ret = -ENODATA;
++ kfree(buf);
+ break;
+ }
+ ret = 0;
+@@ -364,6 +371,7 @@ static int hidinput_get_battery_property
+ buf[1] <= dev->battery_max)
+ val->intval = (100 * (buf[1] - dev->battery_min)) /
+ (dev->battery_max - dev->battery_min);
++ kfree(buf);
+ break;
+
+ case POWER_SUPPLY_PROP_MODEL_NAME:
--- /dev/null
+From be67b68d52fa28b9b721c47bb42068f0c1214855 Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Wed, 28 Aug 2013 22:32:01 +0200
+Subject: HID: check for NULL field when setting values
+
+From: Kees Cook <keescook@chromium.org>
+
+commit be67b68d52fa28b9b721c47bb42068f0c1214855 upstream.
+
+Defensively check that the field to be worked on is not NULL.
+
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-core.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/drivers/hid/hid-core.c
++++ b/drivers/hid/hid-core.c
+@@ -1156,7 +1156,12 @@ EXPORT_SYMBOL_GPL(hid_output_report);
+
+ int hid_set_field(struct hid_field *field, unsigned offset, __s32 value)
+ {
+- unsigned size = field->report_size;
++ unsigned size;
++
++ if (!field)
++ return -1;
++
++ size = field->report_size;
+
+ hid_dump_input(field->report->device, field->usage + offset, value);
+
--- /dev/null
+From 212a871a3934beccf43431608c27ed2e05a476ec Mon Sep 17 00:00:00 2001
+From: Manoj Chourasia <mchourasia@nvidia.com>
+Date: Mon, 22 Jul 2013 15:33:13 +0530
+Subject: HID: hidraw: correctly deallocate memory on device disconnect
+
+From: Manoj Chourasia <mchourasia@nvidia.com>
+
+commit 212a871a3934beccf43431608c27ed2e05a476ec upstream.
+
+This changes puts the commit 4fe9f8e203f back in place
+with the fixes for slab corruption because of the commit.
+
+When a device is unplugged, wait for all processes that
+have opened the device to close before deallocating the device.
+
+This commit was solving kernel crash because of the corruption in
+rb tree of vmalloc. The rootcause was the device data pointer was
+geting excessed after the memory associated with hidraw was freed.
+
+The commit 4fe9f8e203f was buggy as it was also freeing the hidraw
+first and then calling delete operation on the list associated with
+that hidraw leading to slab corruption.
+
+Signed-off-by: Manoj Chourasia <mchourasia@nvidia.com>
+Tested-by: Peter Wu <lekensteyn@gmail.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hidraw.c | 60 +++++++++++++++++++++------------------------------
+ 1 file changed, 25 insertions(+), 35 deletions(-)
+
+--- a/drivers/hid/hidraw.c
++++ b/drivers/hid/hidraw.c
+@@ -113,7 +113,7 @@ static ssize_t hidraw_send_report(struct
+ __u8 *buf;
+ int ret = 0;
+
+- if (!hidraw_table[minor]) {
++ if (!hidraw_table[minor] || !hidraw_table[minor]->exist) {
+ ret = -ENODEV;
+ goto out;
+ }
+@@ -261,7 +261,7 @@ static int hidraw_open(struct inode *ino
+ }
+
+ mutex_lock(&minors_lock);
+- if (!hidraw_table[minor]) {
++ if (!hidraw_table[minor] || !hidraw_table[minor]->exist) {
+ err = -ENODEV;
+ goto out_unlock;
+ }
+@@ -302,39 +302,38 @@ static int hidraw_fasync(int fd, struct
+ return fasync_helper(fd, file, on, &list->fasync);
+ }
+
++static void drop_ref(struct hidraw *hidraw, int exists_bit)
++{
++ if (exists_bit) {
++ hid_hw_close(hidraw->hid);
++ hidraw->exist = 0;
++ if (hidraw->open)
++ wake_up_interruptible(&hidraw->wait);
++ } else {
++ --hidraw->open;
++ }
++
++ if (!hidraw->open && !hidraw->exist) {
++ device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor));
++ hidraw_table[hidraw->minor] = NULL;
++ kfree(hidraw);
++ }
++}
++
+ static int hidraw_release(struct inode * inode, struct file * file)
+ {
+ unsigned int minor = iminor(inode);
+- struct hidraw *dev;
+ struct hidraw_list *list = file->private_data;
+- int ret;
+- int i;
+
+ mutex_lock(&minors_lock);
+- if (!hidraw_table[minor]) {
+- ret = -ENODEV;
+- goto unlock;
+- }
+
+ list_del(&list->node);
+- dev = hidraw_table[minor];
+- if (!--dev->open) {
+- if (list->hidraw->exist) {
+- hid_hw_power(dev->hid, PM_HINT_NORMAL);
+- hid_hw_close(dev->hid);
+- } else {
+- kfree(list->hidraw);
+- }
+- }
+-
+- for (i = 0; i < HIDRAW_BUFFER_SIZE; ++i)
+- kfree(list->buffer[i].value);
+ kfree(list);
+- ret = 0;
+-unlock:
+- mutex_unlock(&minors_lock);
+
+- return ret;
++ drop_ref(hidraw_table[minor], 0);
++
++ mutex_unlock(&minors_lock);
++ return 0;
+ }
+
+ static long hidraw_ioctl(struct file *file, unsigned int cmd,
+@@ -539,18 +538,9 @@ void hidraw_disconnect(struct hid_device
+ struct hidraw *hidraw = hid->hidraw;
+
+ mutex_lock(&minors_lock);
+- hidraw->exist = 0;
+-
+- device_destroy(hidraw_class, MKDEV(hidraw_major, hidraw->minor));
+
+- hidraw_table[hidraw->minor] = NULL;
++ drop_ref(hidraw, 1);
+
+- if (hidraw->open) {
+- hid_hw_close(hid);
+- wake_up_interruptible(&hidraw->wait);
+- } else {
+- kfree(hidraw);
+- }
+ mutex_unlock(&minors_lock);
+ }
+ EXPORT_SYMBOL_GPL(hidraw_disconnect);
--- /dev/null
+From 875b4e3763dbc941f15143dd1a18d10bb0be303b Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Wed, 28 Aug 2013 22:31:28 +0200
+Subject: HID: ntrig: validate feature report details
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 875b4e3763dbc941f15143dd1a18d10bb0be303b upstream.
+
+A HID device could send a malicious feature report that would cause the
+ntrig HID driver to trigger a NULL dereference during initialization:
+
+[57383.031190] usb 3-1: New USB device found, idVendor=1b96, idProduct=0001
+...
+[57383.315193] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
+[57383.315308] IP: [<ffffffffa08102de>] ntrig_probe+0x25e/0x420 [hid_ntrig]
+
+CVE-2013-2896
+
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Rafi Rubin <rafi@seas.upenn.edu>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-ntrig.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/hid/hid-ntrig.c
++++ b/drivers/hid/hid-ntrig.c
+@@ -115,7 +115,8 @@ static inline int ntrig_get_mode(struct
+ struct hid_report *report = hdev->report_enum[HID_FEATURE_REPORT].
+ report_id_hash[0x0d];
+
+- if (!report)
++ if (!report || report->maxfield < 1 ||
++ report->field[0]->report_count < 1)
+ return -EINVAL;
+
+ hid_hw_request(hdev, report, HID_REQ_GET_REPORT);
--- /dev/null
+From 1cde501bb4655e98fb832194beb88ac73be5a05d Mon Sep 17 00:00:00 2001
+From: Bruno Prémont <bonbons@linux-vserver.org>
+Date: Sat, 31 Aug 2013 14:07:48 +0200
+Subject: HID: picolcd: Prevent NULL pointer dereference on _remove()
+
+From: Bruno Prémont <bonbons@linux-vserver.org>
+
+commit 1cde501bb4655e98fb832194beb88ac73be5a05d upstream.
+
+When picolcd is switched into bootloader mode (for FW flashing) make
+sure not to try to dereference NULL-pointers of feature-devices during
+unplug/unbind.
+
+This fixes following BUG:
+ BUG: unable to handle kernel NULL pointer dereference at 00000298
+ IP: [<f811f56b>] picolcd_exit_framebuffer+0x1b/0x80 [hid_picolcd]
+ *pde = 00000000
+ Oops: 0000 [#1]
+ Modules linked in: hid_picolcd syscopyarea sysfillrect sysimgblt fb_sys_fops
+ CPU: 0 PID: 15 Comm: khubd Not tainted 3.11.0-rc7-00002-g50d62d4 #2
+ EIP: 0060:[<f811f56b>] EFLAGS: 00010292 CPU: 0
+ EIP is at picolcd_exit_framebuffer+0x1b/0x80 [hid_picolcd]
+ Call Trace:
+ [<f811d1ab>] picolcd_remove+0xcb/0x120 [hid_picolcd]
+ [<c1469b09>] hid_device_remove+0x59/0xc0
+ [<c13464ca>] __device_release_driver+0x5a/0xb0
+ [<c134653f>] device_release_driver+0x1f/0x30
+ [<c134603d>] bus_remove_device+0x9d/0xd0
+ [<c13439a5>] device_del+0xd5/0x150
+ [<c14696a4>] hid_destroy_device+0x24/0x60
+ [<c1474cbb>] usbhid_disconnect+0x1b/0x40
+ ...
+
+Signed-off-by: Bruno Prémont <bonbons@linux-vserver.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-picolcd_cir.c | 3 ++-
+ drivers/hid/hid-picolcd_fb.c | 6 +++++-
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+
+--- a/drivers/hid/hid-picolcd_cir.c
++++ b/drivers/hid/hid-picolcd_cir.c
+@@ -145,6 +145,7 @@ void picolcd_exit_cir(struct picolcd_dat
+ struct rc_dev *rdev = data->rc_dev;
+
+ data->rc_dev = NULL;
+- rc_unregister_device(rdev);
++ if (rdev)
++ rc_unregister_device(rdev);
+ }
+
+--- a/drivers/hid/hid-picolcd_fb.c
++++ b/drivers/hid/hid-picolcd_fb.c
+@@ -593,10 +593,14 @@ err_nomem:
+ void picolcd_exit_framebuffer(struct picolcd_data *data)
+ {
+ struct fb_info *info = data->fb_info;
+- struct picolcd_fb_data *fbdata = info->par;
++ struct picolcd_fb_data *fbdata;
+ unsigned long flags;
+
++ if (!info)
++ return;
++
+ device_remove_file(&data->hdev->dev, &dev_attr_fb_update_rate);
++ fbdata = info->par;
+
+ /* disconnect framebuffer from HID dev */
+ spin_lock_irqsave(&fbdata->lock, flags);
--- /dev/null
+From 1e87a2456b0227ca4ab881e19a11bb99d164e792 Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Wed, 28 Aug 2013 22:31:52 +0200
+Subject: HID: picolcd_core: validate output report details
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 1e87a2456b0227ca4ab881e19a11bb99d164e792 upstream.
+
+A HID device could send a malicious output report that would cause the
+picolcd HID driver to trigger a NULL dereference during attr file writing.
+
+[jkosina@suse.cz: changed
+
+ report->maxfield < 1
+
+to
+
+ report->maxfield != 1
+
+as suggested by Bruno].
+
+CVE-2013-2899
+
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Reviewed-by: Bruno Prémont <bonbons@linux-vserver.org>
+Acked-by: Bruno Prémont <bonbons@linux-vserver.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-picolcd_core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/hid/hid-picolcd_core.c
++++ b/drivers/hid/hid-picolcd_core.c
+@@ -290,7 +290,7 @@ static ssize_t picolcd_operation_mode_st
+ buf += 10;
+ cnt -= 10;
+ }
+- if (!report)
++ if (!report || report->maxfield != 1)
+ return -EINVAL;
+
+ while (cnt > 0 && (buf[cnt-1] == '\n' || buf[cnt-1] == '\r'))
--- /dev/null
+From 9e8910257397372633e74b333ef891f20c800ee4 Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Wed, 28 Aug 2013 22:31:44 +0200
+Subject: HID: sensor-hub: validate feature report details
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 9e8910257397372633e74b333ef891f20c800ee4 upstream.
+
+A HID device could send a malicious feature report that would cause the
+sensor-hub HID driver to read past the end of heap allocation, leaking
+kernel memory contents to the caller.
+
+CVE-2013-2898
+
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-sensor-hub.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/hid/hid-sensor-hub.c
++++ b/drivers/hid/hid-sensor-hub.c
+@@ -221,7 +221,8 @@ int sensor_hub_get_feature(struct hid_se
+
+ mutex_lock(&data->mutex);
+ report = sensor_hub_report(report_id, hsdev->hdev, HID_FEATURE_REPORT);
+- if (!report || (field_index >= report->maxfield)) {
++ if (!report || (field_index >= report->maxfield) ||
++ report->field[field_index]->report_count < 1) {
+ ret = -EINVAL;
+ goto done_proc;
+ }
--- /dev/null
+From 60cbd53e4bf623fe978e6f23a6da642e730fde3a Mon Sep 17 00:00:00 2001
+From: Marcel Holtmann <marcel@holtmann.org>
+Date: Sun, 1 Sep 2013 11:02:46 -0700
+Subject: HID: uhid: add devname module alias
+
+From: Marcel Holtmann <marcel@holtmann.org>
+
+commit 60cbd53e4bf623fe978e6f23a6da642e730fde3a upstream.
+
+For simple device node creation, add the devname module alias.
+
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/uhid.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/hid/uhid.c
++++ b/drivers/hid/uhid.c
+@@ -659,3 +659,4 @@ module_exit(uhid_exit);
+ MODULE_LICENSE("GPL");
+ MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
+ MODULE_DESCRIPTION("User-space I/O driver support for HID subsystem");
++MODULE_ALIAS("devname:" UHID_NAME);
--- /dev/null
+From 9e0bf92c223dabe0789714f8f85f6e26f8f9cda4 Mon Sep 17 00:00:00 2001
+From: Vasily Titskiy <qehgt0@gmail.com>
+Date: Fri, 30 Aug 2013 18:25:04 -0400
+Subject: HID: usbhid: quirk for N-Trig DuoSense Touch Screen
+
+From: Vasily Titskiy <qehgt0@gmail.com>
+
+commit 9e0bf92c223dabe0789714f8f85f6e26f8f9cda4 upstream.
+
+The DuoSense touchscreen device causes a 10 second timeout. This fix
+removes the delay.
+
+Signed-off-by: Vasily Titskiy <qehgt0@gmail.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-ids.h | 1 +
+ drivers/hid/usbhid/hid-quirks.c | 2 ++
+ 2 files changed, 3 insertions(+)
+
+--- a/drivers/hid/hid-ids.h
++++ b/drivers/hid/hid-ids.h
+@@ -659,6 +659,7 @@
+ #define USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_16 0x0012
+ #define USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_17 0x0013
+ #define USB_DEVICE_ID_NTRIG_TOUCH_SCREEN_18 0x0014
++#define USB_DEVICE_ID_NTRIG_DUOSENSE 0x1500
+
+ #define USB_VENDOR_ID_ONTRAK 0x0a07
+ #define USB_DEVICE_ID_ONTRAK_ADU100 0x0064
+--- a/drivers/hid/usbhid/hid-quirks.c
++++ b/drivers/hid/usbhid/hid-quirks.c
+@@ -109,6 +109,8 @@ static const struct hid_blacklist {
+ { USB_VENDOR_ID_SIGMA_MICRO, USB_DEVICE_ID_SIGMA_MICRO_KEYBOARD, HID_QUIRK_NO_INIT_REPORTS },
+ { USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_MOUSEPEN_I608X, HID_QUIRK_MULTI_INPUT },
+ { USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_EASYPEN_M610X, HID_QUIRK_MULTI_INPUT },
++ { USB_VENDOR_ID_NTRIG, USB_DEVICE_ID_NTRIG_DUOSENSE, HID_QUIRK_NO_INIT_REPORTS },
++
+ { 0, 0 }
+ };
+
--- /dev/null
+From 43622021d2e2b82ea03d883926605bdd0525e1d1 Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Wed, 28 Aug 2013 22:29:55 +0200
+Subject: HID: validate HID report id size
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 43622021d2e2b82ea03d883926605bdd0525e1d1 upstream.
+
+The "Report ID" field of a HID report is used to build indexes of
+reports. The kernel's index of these is limited to 256 entries, so any
+malicious device that sets a Report ID greater than 255 will trigger
+memory corruption on the host:
+
+[ 1347.156239] BUG: unable to handle kernel paging request at ffff88094958a878
+[ 1347.156261] IP: [<ffffffff813e4da0>] hid_register_report+0x2a/0x8b
+
+CVE-2013-2888
+
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-core.c | 10 +++++++---
+ include/linux/hid.h | 4 +++-
+ 2 files changed, 10 insertions(+), 4 deletions(-)
+
+--- a/drivers/hid/hid-core.c
++++ b/drivers/hid/hid-core.c
+@@ -63,6 +63,8 @@ struct hid_report *hid_register_report(s
+ struct hid_report_enum *report_enum = device->report_enum + type;
+ struct hid_report *report;
+
++ if (id >= HID_MAX_IDS)
++ return NULL;
+ if (report_enum->report_id_hash[id])
+ return report_enum->report_id_hash[id];
+
+@@ -404,8 +406,10 @@ static int hid_parser_global(struct hid_
+
+ case HID_GLOBAL_ITEM_TAG_REPORT_ID:
+ parser->global.report_id = item_udata(item);
+- if (parser->global.report_id == 0) {
+- hid_err(parser->device, "report_id 0 is invalid\n");
++ if (parser->global.report_id == 0 ||
++ parser->global.report_id >= HID_MAX_IDS) {
++ hid_err(parser->device, "report_id %u is invalid\n",
++ parser->global.report_id);
+ return -1;
+ }
+ return 0;
+@@ -575,7 +579,7 @@ static void hid_close_report(struct hid_
+ for (i = 0; i < HID_REPORT_TYPES; i++) {
+ struct hid_report_enum *report_enum = device->report_enum + i;
+
+- for (j = 0; j < 256; j++) {
++ for (j = 0; j < HID_MAX_IDS; j++) {
+ struct hid_report *report = report_enum->report_id_hash[j];
+ if (report)
+ hid_free_report(report);
+--- a/include/linux/hid.h
++++ b/include/linux/hid.h
+@@ -393,10 +393,12 @@ struct hid_report {
+ struct hid_device *device; /* associated device */
+ };
+
++#define HID_MAX_IDS 256
++
+ struct hid_report_enum {
+ unsigned numbered;
+ struct list_head report_list;
+- struct hid_report *report_id_hash[256];
++ struct hid_report *report_id_hash[HID_MAX_IDS];
+ };
+
+ #define HID_REPORT_TYPES 3
hid-kye-add-report-fixup-for-genius-gx-imperator-keyboard.patch
hid-wiimote-work-around-broken-drm_kai-on-gen10.patch
hid-fix-speedlink-vad-cezanne-support-for-some-devices.patch
+hid-sensor-hub-validate-feature-report-details.patch
+hid-validate-hid-report-id-size.patch
+hid-picolcd_core-validate-output-report-details.patch
+hid-ntrig-validate-feature-report-details.patch
+hid-uhid-add-devname-module-alias.patch
+hid-picolcd-prevent-null-pointer-dereference-on-_remove.patch
+hid-battery-don-t-do-dma-from-stack.patch
+hid-hidraw-correctly-deallocate-memory-on-device-disconnect.patch
+hid-check-for-null-field-when-setting-values.patch
+hid-usbhid-quirk-for-n-trig-duosense-touch-screen.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
