--- /dev/null
+From 9ed38fd4a15417cac83967360cf20b853bfab9b6 Mon Sep 17 00:00:00 2001
+From: Steve French <stfrench@microsoft.com>
+Date: Thu, 23 Sep 2021 19:18:37 -0500
+Subject: cifs: fix incorrect check for null pointer in header_assemble
+
+From: Steve French <stfrench@microsoft.com>
+
+commit 9ed38fd4a15417cac83967360cf20b853bfab9b6 upstream.
+
+Although very unlikely that the tlink pointer would be null in this case,
+get_next_mid function can in theory return null (but not an error)
+so need to check for null (not for IS_ERR, which can not be returned
+here).
+
+Address warning:
+
+ fs/smbfs_client/connect.c:2392 cifs_match_super()
+ warn: 'tlink' isn't an ERR_PTR
+
+Pointed out by Dan Carpenter via smatch code analysis tool
+
+CC: stable@vger.kernel.org
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/connect.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -2961,9 +2961,10 @@ cifs_match_super(struct super_block *sb,
+ spin_lock(&cifs_tcp_ses_lock);
+ cifs_sb = CIFS_SB(sb);
+ tlink = cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
+- if (IS_ERR(tlink)) {
++ if (tlink == NULL) {
++ /* can not match superblock if tlink were ever null */
+ spin_unlock(&cifs_tcp_ses_lock);
+- return rc;
++ return 0;
+ }
+ tcon = tlink_tcon(tlink);
+ ses = tcon->ses;
--- /dev/null
+usb-gadget-r8a66597-fix-a-loop-in-set_feature.patch
+usb-musb-tusb6010-uninitialized-data-in-tusb_fifo_write_unaligned.patch
+cifs-fix-incorrect-check-for-null-pointer-in-header_assemble.patch
+xen-x86-fix-pv-trap-handling-on-secondary-processors.patch
+usb-serial-cp210x-add-id-for-gw-instek-gdm-834x-digital-multimeter.patch
+usb-serial-mos7840-remove-duplicated-0xac24-device-id.patch
+usb-serial-option-add-telit-ln920-compositions.patch
+usb-serial-option-remove-duplicate-usb-device-id.patch
+usb-serial-option-add-device-id-for-foxconn-t99w265.patch
--- /dev/null
+From 17956b53ebff6a490baf580a836cbd3eae94892b Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Mon, 6 Sep 2021 12:42:21 +0300
+Subject: usb: gadget: r8a66597: fix a loop in set_feature()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 17956b53ebff6a490baf580a836cbd3eae94892b upstream.
+
+This loop is supposed to loop until if reads something other than
+CS_IDST or until it times out after 30,000 attempts. But because of
+the || vs && bug, it will never time out and instead it will loop a
+minimum of 30,000 times.
+
+This bug is quite old but the code is only used in USB_DEVICE_TEST_MODE
+so it probably doesn't affect regular usage.
+
+Fixes: 96fe53ef5498 ("usb: gadget: r8a66597-udc: add support for TEST_MODE")
+Cc: stable <stable@vger.kernel.org>
+Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+Acked-by: Felipe Balbi <balbi@kernel.org>
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Link: https://lore.kernel.org/r/20210906094221.GA10957@kili
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/gadget/udc/r8a66597-udc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/gadget/udc/r8a66597-udc.c
++++ b/drivers/usb/gadget/udc/r8a66597-udc.c
+@@ -1253,7 +1253,7 @@ static void set_feature(struct r8a66597
+ do {
+ tmp = r8a66597_read(r8a66597, INTSTS0) & CTSQ;
+ udelay(1);
+- } while (tmp != CS_IDST || timeout-- > 0);
++ } while (tmp != CS_IDST && timeout-- > 0);
+
+ if (tmp == CS_IDST)
+ r8a66597_bset(r8a66597,
--- /dev/null
+From 517c7bf99bad3d6b9360558414aae634b7472d80 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Thu, 16 Sep 2021 16:57:37 +0300
+Subject: usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 517c7bf99bad3d6b9360558414aae634b7472d80 upstream.
+
+This is writing to the first 1 - 3 bytes of "val" and then writing all
+four bytes to musb_writel(). The last byte is always going to be
+garbage. Zero out the last bytes instead.
+
+Fixes: 550a7375fe72 ("USB: Add MUSB and TUSB support")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Cc: stable <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20210916135737.GI25094@kili
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/musb/tusb6010.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/usb/musb/tusb6010.c
++++ b/drivers/usb/musb/tusb6010.c
+@@ -193,6 +193,7 @@ tusb_fifo_write_unaligned(void __iomem *
+ }
+ if (len > 0) {
+ /* Write the rest 1 - 3 bytes to FIFO */
++ val = 0;
+ memcpy(&val, buf, len);
+ musb_writel(fifo, 0, val);
+ }
--- /dev/null
+From 3bd18ba7d859eb1fbef3beb1e80c24f6f7d7596c Mon Sep 17 00:00:00 2001
+From: Uwe Brandt <uwe.brandt@gmail.com>
+Date: Tue, 21 Sep 2021 19:54:46 +0200
+Subject: USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
+
+From: Uwe Brandt <uwe.brandt@gmail.com>
+
+commit 3bd18ba7d859eb1fbef3beb1e80c24f6f7d7596c upstream.
+
+Add the USB serial device ID for the GW Instek GDM-834x Digital Multimeter.
+
+Signed-off-by: Uwe Brandt <uwe.brandt@gmail.com>
+Link: https://lore.kernel.org/r/YUxFl3YUCPGJZd8Y@hovoldconsulting.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/cp210x.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/usb/serial/cp210x.c
++++ b/drivers/usb/serial/cp210x.c
+@@ -230,6 +230,7 @@ static const struct usb_device_id id_tab
+ { USB_DEVICE(0x1FB9, 0x0602) }, /* Lake Shore Model 648 Magnet Power Supply */
+ { USB_DEVICE(0x1FB9, 0x0700) }, /* Lake Shore Model 737 VSM Controller */
+ { USB_DEVICE(0x1FB9, 0x0701) }, /* Lake Shore Model 776 Hall Matrix */
++ { USB_DEVICE(0x2184, 0x0030) }, /* GW Instek GDM-834x Digital Multimeter */
+ { USB_DEVICE(0x2626, 0xEA60) }, /* Aruba Networks 7xxx USB Serial Console */
+ { USB_DEVICE(0x3195, 0xF190) }, /* Link Instruments MSO-19 */
+ { USB_DEVICE(0x3195, 0xF280) }, /* Link Instruments MSO-28 */
--- /dev/null
+From 211f323768a25b30c106fd38f15a0f62c7c2b5f4 Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+Date: Fri, 17 Sep 2021 11:18:47 +0200
+Subject: USB: serial: mos7840: remove duplicated 0xac24 device ID
+
+From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+
+commit 211f323768a25b30c106fd38f15a0f62c7c2b5f4 upstream.
+
+0xac24 device ID is already defined and used via
+BANDB_DEVICE_ID_USO9ML2_4. Remove the duplicate from the list.
+
+Fixes: 27f1281d5f72 ("USB: serial: Extra device/vendor ID for mos7840 driver")
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/mos7840.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/drivers/usb/serial/mos7840.c
++++ b/drivers/usb/serial/mos7840.c
+@@ -126,7 +126,6 @@
+ #define BANDB_DEVICE_ID_USOPTL4_2P 0xBC02
+ #define BANDB_DEVICE_ID_USOPTL4_4 0xAC44
+ #define BANDB_DEVICE_ID_USOPTL4_4P 0xBC03
+-#define BANDB_DEVICE_ID_USOPTL2_4 0xAC24
+
+ /* This driver also supports
+ * ATEN UC2324 device using Moschip MCS7840
+@@ -207,7 +206,6 @@ static const struct usb_device_id id_tab
+ {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL4_2P)},
+ {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL4_4)},
+ {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL4_4P)},
+- {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL2_4)},
+ {USB_DEVICE(USB_VENDOR_ID_ATENINTL, ATENINTL_DEVICE_ID_UC2324)},
+ {USB_DEVICE(USB_VENDOR_ID_ATENINTL, ATENINTL_DEVICE_ID_UC2322)},
+ {USB_DEVICE(USB_VENDOR_ID_MOXA, MOXA_DEVICE_ID_2210)},
--- /dev/null
+From 9e3eed534f8235a4a596a9dae5b8a6425d81ea1a Mon Sep 17 00:00:00 2001
+From: Slark Xiao <slark_xiao@163.com>
+Date: Fri, 17 Sep 2021 19:01:06 +0800
+Subject: USB: serial: option: add device id for Foxconn T99W265
+
+From: Slark Xiao <slark_xiao@163.com>
+
+commit 9e3eed534f8235a4a596a9dae5b8a6425d81ea1a upstream.
+
+Adding support for Foxconn device T99W265 for enumeration with
+PID 0xe0db.
+
+usb-devices output for 0xe0db
+T: Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 19 Spd=5000 MxCh= 0
+D: Ver= 3.20 Cls=ef(misc ) Sub=02 Prot=01 MxPS= 9 #Cfgs= 1
+P: Vendor=0489 ProdID=e0db Rev=05.04
+S: Manufacturer=Microsoft
+S: Product=Generic Mobile Broadband Adapter
+S: SerialNumber=6c50f452
+C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=896mA
+I: If#=0x0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim
+I: If#=0x1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
+I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
+I: If#=0x3 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
+I: If#=0x4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
+
+if0/1: MBIM, if2:Diag, if3:GNSS, if4: Modem
+
+Signed-off-by: Slark Xiao <slark_xiao@163.com>
+Link: https://lore.kernel.org/r/20210917110106.9852-1-slark_xiao@163.com
+[ johan: use USB_DEVICE_INTERFACE_CLASS(), amend comment ]
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/option.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -2059,6 +2059,8 @@ static const struct usb_device_id option
+ .driver_info = RSVD(0) | RSVD(1) | RSVD(6) },
+ { USB_DEVICE(0x0489, 0xe0b5), /* Foxconn T77W968 ESIM */
+ .driver_info = RSVD(0) | RSVD(1) | RSVD(6) },
++ { USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe0db, 0xff), /* Foxconn T99W265 MBIM */
++ .driver_info = RSVD(3) },
+ { USB_DEVICE(0x1508, 0x1001), /* Fibocom NL668 (IOT version) */
+ .driver_info = RSVD(4) | RSVD(5) | RSVD(6) },
+ { USB_DEVICE(0x2cb7, 0x0104), /* Fibocom NL678 series */
--- /dev/null
+From 7bb057134d609b9c038a00b6876cf0d37d0118ce Mon Sep 17 00:00:00 2001
+From: Carlo Lobrano <c.lobrano@gmail.com>
+Date: Fri, 3 Sep 2021 14:39:13 +0200
+Subject: USB: serial: option: add Telit LN920 compositions
+
+From: Carlo Lobrano <c.lobrano@gmail.com>
+
+commit 7bb057134d609b9c038a00b6876cf0d37d0118ce upstream.
+
+This patch adds the following Telit LN920 compositions:
+
+0x1060: tty, adb, rmnet, tty, tty, tty, tty
+0x1061: tty, adb, mbim, tty, tty, tty, tty
+0x1062: rndis, tty, adb, tty, tty, tty, tty
+0x1063: tty, adb, ecm, tty, tty, tty, tty
+
+Signed-off-by: Carlo Lobrano <c.lobrano@gmail.com>
+Link: https://lore.kernel.org/r/20210903123913.1086513-1-c.lobrano@gmail.com
+Reviewed-by: Daniele Palmas <dnlplm@gmail.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/option.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -1187,6 +1187,14 @@ static const struct usb_device_id option
+ .driver_info = NCTRL(0) | RSVD(1) },
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1056, 0xff), /* Telit FD980 */
+ .driver_info = NCTRL(2) | RSVD(3) },
++ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1060, 0xff), /* Telit LN920 (rmnet) */
++ .driver_info = NCTRL(0) | RSVD(1) | RSVD(2) },
++ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1061, 0xff), /* Telit LN920 (MBIM) */
++ .driver_info = NCTRL(0) | RSVD(1) },
++ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1062, 0xff), /* Telit LN920 (RNDIS) */
++ .driver_info = NCTRL(2) | RSVD(3) },
++ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1063, 0xff), /* Telit LN920 (ECM) */
++ .driver_info = NCTRL(0) | RSVD(1) },
+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910),
+ .driver_info = NCTRL(0) | RSVD(1) | RSVD(3) },
+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910_DUAL_MODEM),
--- /dev/null
+From 1ca200a8c6f079950a04ea3c3380fe8cf78e95a2 Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+Date: Fri, 17 Sep 2021 11:18:48 +0200
+Subject: USB: serial: option: remove duplicate USB device ID
+
+From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+
+commit 1ca200a8c6f079950a04ea3c3380fe8cf78e95a2 upstream.
+
+The device ZTE 0x0094 is already on the list.
+
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+Fixes: b9e44fe5ecda ("USB: option: cleanup zte 3g-dongle's pid in option.c")
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/option.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -1640,7 +1640,6 @@ static const struct usb_device_id option
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0060, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0070, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0073, 0xff, 0xff, 0xff) },
+- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0094, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0130, 0xff, 0xff, 0xff),
+ .driver_info = RSVD(1) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0133, 0xff, 0xff, 0xff),
--- /dev/null
+From 0594c58161b6e0f3da8efa9c6e3d4ba52b652717 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Mon, 20 Sep 2021 18:15:11 +0200
+Subject: xen/x86: fix PV trap handling on secondary processors
+
+From: Jan Beulich <jbeulich@suse.com>
+
+commit 0594c58161b6e0f3da8efa9c6e3d4ba52b652717 upstream.
+
+The initial observation was that in PV mode under Xen 32-bit user space
+didn't work anymore. Attempts of system calls ended in #GP(0x402). All
+of the sudden the vector 0x80 handler was not in place anymore. As it
+turns out up to 5.13 redundant initialization did occur: Once from
+cpu_initialize_context() (through its VCPUOP_initialise hypercall) and a
+2nd time while each CPU was brought fully up. This 2nd initialization is
+now gone, uncovering that the 1st one was flawed: Unlike for the
+set_trap_table hypercall, a full virtual IDT needs to be specified here;
+the "vector" fields of the individual entries are of no interest. With
+many (kernel) IDT entries still(?) (i.e. at that point at least) empty,
+the syscall vector 0x80 ended up in slot 0x20 of the virtual IDT, thus
+becoming the domain's handler for vector 0x20.
+
+Make xen_convert_trap_info() fit for either purpose, leveraging the fact
+that on the xen_copy_trap_info() path the table starts out zero-filled.
+This includes moving out the writing of the sentinel, which would also
+have lead to a buffer overrun in the xen_copy_trap_info() case if all
+(kernel) IDT entries were populated. Convert the writing of the sentinel
+to clearing of the entire table entry rather than just the address
+field.
+
+(I didn't bother trying to identify the commit which uncovered the issue
+in 5.14; the commit named below is the one which actually introduced the
+bad code.)
+
+Fixes: f87e4cac4f4e ("xen: SMP guest support")
+Cc: stable@vger.kernel.org
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Link: https://lore.kernel.org/r/7a266932-092e-b68f-f2bb-1473b61adc6e@suse.com
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/xen/enlighten.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+--- a/arch/x86/xen/enlighten.c
++++ b/arch/x86/xen/enlighten.c
+@@ -861,8 +861,8 @@ static void xen_write_idt_entry(gate_des
+ preempt_enable();
+ }
+
+-static void xen_convert_trap_info(const struct desc_ptr *desc,
+- struct trap_info *traps)
++static unsigned xen_convert_trap_info(const struct desc_ptr *desc,
++ struct trap_info *traps, bool full)
+ {
+ unsigned in, out, count;
+
+@@ -872,17 +872,18 @@ static void xen_convert_trap_info(const
+ for (in = out = 0; in < count; in++) {
+ gate_desc *entry = (gate_desc*)(desc->address) + in;
+
+- if (cvt_gate_to_trap(in, entry, &traps[out]))
++ if (cvt_gate_to_trap(in, entry, &traps[out]) || full)
+ out++;
+ }
+- traps[out].address = 0;
++
++ return out;
+ }
+
+ void xen_copy_trap_info(struct trap_info *traps)
+ {
+ const struct desc_ptr *desc = this_cpu_ptr(&idt_desc);
+
+- xen_convert_trap_info(desc, traps);
++ xen_convert_trap_info(desc, traps, true);
+ }
+
+ /* Load a new IDT into Xen. In principle this can be per-CPU, so we
+@@ -892,6 +893,7 @@ static void xen_load_idt(const struct de
+ {
+ static DEFINE_SPINLOCK(lock);
+ static struct trap_info traps[257];
++ unsigned out;
+
+ trace_xen_cpu_load_idt(desc);
+
+@@ -899,7 +901,8 @@ static void xen_load_idt(const struct de
+
+ memcpy(this_cpu_ptr(&idt_desc), desc, sizeof(idt_desc));
+
+- xen_convert_trap_info(desc, traps);
++ out = xen_convert_trap_info(desc, traps, false);
++ memset(&traps[out], 0, sizeof(traps[0]));
+
+ xen_mc_flush();
+ if (HYPERVISOR_set_trap_table(traps))
projects / thirdparty / kernel / stable-queue.git / commitdiff
