--- /dev/null
+From 9ed38fd4a15417cac83967360cf20b853bfab9b6 Mon Sep 17 00:00:00 2001
+From: Steve French <stfrench@microsoft.com>
+Date: Thu, 23 Sep 2021 19:18:37 -0500
+Subject: cifs: fix incorrect check for null pointer in header_assemble
+
+From: Steve French <stfrench@microsoft.com>
+
+commit 9ed38fd4a15417cac83967360cf20b853bfab9b6 upstream.
+
+Although very unlikely that the tlink pointer would be null in this case,
+get_next_mid function can in theory return null (but not an error)
+so need to check for null (not for IS_ERR, which can not be returned
+here).
+
+Address warning:
+
+ fs/smbfs_client/connect.c:2392 cifs_match_super()
+ warn: 'tlink' isn't an ERR_PTR
+
+Pointed out by Dan Carpenter via smatch code analysis tool
+
+CC: stable@vger.kernel.org
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/connect.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -3079,9 +3079,10 @@ cifs_match_super(struct super_block *sb,
+ spin_lock(&cifs_tcp_ses_lock);
+ cifs_sb = CIFS_SB(sb);
+ tlink = cifs_get_tlink(cifs_sb_master_tlink(cifs_sb));
+- if (IS_ERR(tlink)) {
++ if (tlink == NULL) {
++ /* can not match superblock if tlink were ever null */
+ spin_unlock(&cifs_tcp_ses_lock);
+- return rc;
++ return 0;
+ }
+ tcon = tlink_tcon(tlink);
+ ses = tcon->ses;
--- /dev/null
+From ce1c42b4dacfe7d71c852d8bf3371067ccba865c Mon Sep 17 00:00:00 2001
+From: Julian Sikorski <belegdol@gmail.com>
+Date: Mon, 13 Sep 2021 20:14:55 +0200
+Subject: Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
+
+From: Julian Sikorski <belegdol@gmail.com>
+
+commit ce1c42b4dacfe7d71c852d8bf3371067ccba865c upstream.
+
+Further testing has revealed that LaCie Rugged USB3-FW does work with
+uas as long as US_FL_NO_REPORT_OPCODES and US_FL_NO_SAME are enabled.
+
+Link: https://lore.kernel.org/linux-usb/2167ea48-e273-a336-a4e0-10a4e883e75e@redhat.com/
+Cc: stable <stable@vger.kernel.org>
+Suggested-by: Hans de Goede <hdegoede@redhat.com>
+Reviewed-by: Hans de Goede <hdegoede@redhat.com>
+Acked-by: Oliver Neukum <oneukum@suse.com>
+Signed-off-by: Julian Sikorski <belegdol+github@gmail.com>
+Link: https://lore.kernel.org/r/20210913181454.7365-1-belegdol+github@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/storage/unusual_uas.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/storage/unusual_uas.h
++++ b/drivers/usb/storage/unusual_uas.h
+@@ -63,7 +63,7 @@ UNUSUAL_DEV(0x059f, 0x1061, 0x0000, 0x99
+ "LaCie",
+ "Rugged USB3-FW",
+ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
+- US_FL_IGNORE_UAS),
++ US_FL_NO_REPORT_OPCODES | US_FL_NO_SAME),
+
+ /*
+ * Apricorn USB3 dongle sometimes returns "USBSUSBSUSBS" in response to SCSI
--- /dev/null
+From 25a1433216489de4abc889910f744e952cb6dbae Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Mon, 6 Sep 2021 21:35:48 +0900
+Subject: mcb: fix error handling in mcb_alloc_bus()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 25a1433216489de4abc889910f744e952cb6dbae upstream.
+
+There are two bugs:
+1) If ida_simple_get() fails then this code calls put_device(carrier)
+ but we haven't yet called get_device(carrier) and probably that
+ leads to a use after free.
+2) After device_initialize() then we need to use put_device() to
+ release the bus. This will free the internal resources tied to the
+ device and call mcb_free_bus() which will free the rest.
+
+Fixes: 5d9e2ab9fea4 ("mcb: Implement bus->dev.release callback")
+Fixes: 18d288198099 ("mcb: Correctly initialize the bus's device")
+Cc: stable@vger.kernel.org
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Johannes Thumshirn <jth@kernel.org>
+Link: https://lore.kernel.org/r/32e160cf6864ce77f9d62948338e24db9fd8ead9.1630931319.git.johannes.thumshirn@wdc.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mcb/mcb-core.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/drivers/mcb/mcb-core.c
++++ b/drivers/mcb/mcb-core.c
+@@ -280,8 +280,8 @@ struct mcb_bus *mcb_alloc_bus(struct dev
+
+ bus_nr = ida_simple_get(&mcb_ida, 0, 0, GFP_KERNEL);
+ if (bus_nr < 0) {
+- rc = bus_nr;
+- goto err_free;
++ kfree(bus);
++ return ERR_PTR(bus_nr);
+ }
+
+ bus->bus_nr = bus_nr;
+@@ -296,12 +296,12 @@ struct mcb_bus *mcb_alloc_bus(struct dev
+ dev_set_name(&bus->dev, "mcb:%d", bus_nr);
+ rc = device_add(&bus->dev);
+ if (rc)
+- goto err_free;
++ goto err_put;
+
+ return bus;
+-err_free:
+- put_device(carrier);
+- kfree(bus);
++
++err_put:
++ put_device(&bus->dev);
+ return ERR_PTR(rc);
+ }
+ EXPORT_SYMBOL_GPL(mcb_alloc_bus);
--- /dev/null
+From 9c0f0a03e386f4e1df33db676401547e1b7800c6 Mon Sep 17 00:00:00 2001
+From: Wengang Wang <wen.gang.wang@oracle.com>
+Date: Fri, 24 Sep 2021 15:43:35 -0700
+Subject: ocfs2: drop acl cache for directories too
+
+From: Wengang Wang <wen.gang.wang@oracle.com>
+
+commit 9c0f0a03e386f4e1df33db676401547e1b7800c6 upstream.
+
+ocfs2_data_convert_worker() is currently dropping any cached acl info
+for FILE before down-converting meta lock. It should also drop for
+DIRECTORY. Otherwise the second acl lookup returns the cached one (from
+VFS layer) which could be already stale.
+
+The problem we are seeing is that the acl changes on one node doesn't
+get refreshed on other nodes in the following case:
+
+ Node 1 Node 2
+ -------------- ----------------
+ getfacl dir1
+
+ getfacl dir1 <-- this is OK
+
+ setfacl -m u:user1:rwX dir1
+ getfacl dir1 <-- see the change for user1
+
+ getfacl dir1 <-- can't see change for user1
+
+Link: https://lkml.kernel.org/r/20210903012631.6099-1-wen.gang.wang@oracle.com
+Signed-off-by: Wengang Wang <wen.gang.wang@oracle.com>
+Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Cc: Mark Fasheh <mark@fasheh.com>
+Cc: Joel Becker <jlbec@evilplan.org>
+Cc: Junxiao Bi <junxiao.bi@oracle.com>
+Cc: Changwei Ge <gechangwei@live.cn>
+Cc: Gang He <ghe@suse.com>
+Cc: Jun Piao <piaojun@huawei.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ocfs2/dlmglue.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/ocfs2/dlmglue.c
++++ b/fs/ocfs2/dlmglue.c
+@@ -3705,7 +3705,7 @@ static int ocfs2_data_convert_worker(str
+ oi = OCFS2_I(inode);
+ oi->ip_dir_lock_gen++;
+ mlog(0, "generation: %u\n", oi->ip_dir_lock_gen);
+- goto out;
++ goto out_forget;
+ }
+
+ if (!S_ISREG(inode->i_mode))
+@@ -3736,6 +3736,7 @@ static int ocfs2_data_convert_worker(str
+ filemap_fdatawait(mapping);
+ }
+
++out_forget:
+ forget_all_cached_acls(inode);
+
+ out:
--- /dev/null
+ocfs2-drop-acl-cache-for-directories-too.patch
+usb-gadget-r8a66597-fix-a-loop-in-set_feature.patch
+usb-musb-tusb6010-uninitialized-data-in-tusb_fifo_write_unaligned.patch
+cifs-fix-incorrect-check-for-null-pointer-in-header_assemble.patch
+xen-x86-fix-pv-trap-handling-on-secondary-processors.patch
+usb-storage-add-quirk-for-scanlogic-sl11r-ide-older-than-2.6c.patch
+usb-serial-cp210x-add-id-for-gw-instek-gdm-834x-digital-multimeter.patch
+staging-greybus-uart-fix-tty-use-after-free.patch
+enable-uas-for-lacie-rugged-usb3-fw-with-fk-quirk.patch
+usb-serial-mos7840-remove-duplicated-0xac24-device-id.patch
+usb-serial-option-add-telit-ln920-compositions.patch
+usb-serial-option-remove-duplicate-usb-device-id.patch
+usb-serial-option-add-device-id-for-foxconn-t99w265.patch
+mcb-fix-error-handling-in-mcb_alloc_bus.patch
--- /dev/null
+From 92dc0b1f46e12cfabd28d709bb34f7a39431b44f Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Mon, 6 Sep 2021 14:45:38 +0200
+Subject: staging: greybus: uart: fix tty use after free
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 92dc0b1f46e12cfabd28d709bb34f7a39431b44f upstream.
+
+User space can hold a tty open indefinitely and tty drivers must not
+release the underlying structures until the last user is gone.
+
+Switch to using the tty-port reference counter to manage the life time
+of the greybus tty state to avoid use after free after a disconnect.
+
+Fixes: a18e15175708 ("greybus: more uart work")
+Cc: stable@vger.kernel.org # 4.9
+Reviewed-by: Alex Elder <elder@linaro.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Link: https://lore.kernel.org/r/20210906124538.22358-1-johan@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/staging/greybus/uart.c | 62 +++++++++++++++++++++--------------------
+ 1 file changed, 32 insertions(+), 30 deletions(-)
+
+--- a/drivers/staging/greybus/uart.c
++++ b/drivers/staging/greybus/uart.c
+@@ -800,6 +800,17 @@ out:
+ gbphy_runtime_put_autosuspend(gb_tty->gbphy_dev);
+ }
+
++static void gb_tty_port_destruct(struct tty_port *port)
++{
++ struct gb_tty *gb_tty = container_of(port, struct gb_tty, port);
++
++ if (gb_tty->minor != GB_NUM_MINORS)
++ release_minor(gb_tty);
++ kfifo_free(&gb_tty->write_fifo);
++ kfree(gb_tty->buffer);
++ kfree(gb_tty);
++}
++
+ static const struct tty_operations gb_ops = {
+ .install = gb_tty_install,
+ .open = gb_tty_open,
+@@ -823,6 +834,7 @@ static const struct tty_port_operations
+ .dtr_rts = gb_tty_dtr_rts,
+ .activate = gb_tty_port_activate,
+ .shutdown = gb_tty_port_shutdown,
++ .destruct = gb_tty_port_destruct,
+ };
+
+ static int gb_uart_probe(struct gbphy_device *gbphy_dev,
+@@ -835,17 +847,11 @@ static int gb_uart_probe(struct gbphy_de
+ int retval;
+ int minor;
+
+- gb_tty = kzalloc(sizeof(*gb_tty), GFP_KERNEL);
+- if (!gb_tty)
+- return -ENOMEM;
+-
+ connection = gb_connection_create(gbphy_dev->bundle,
+ le16_to_cpu(gbphy_dev->cport_desc->id),
+ gb_uart_request_handler);
+- if (IS_ERR(connection)) {
+- retval = PTR_ERR(connection);
+- goto exit_tty_free;
+- }
++ if (IS_ERR(connection))
++ return PTR_ERR(connection);
+
+ max_payload = gb_operation_get_payload_size_max(connection);
+ if (max_payload < sizeof(struct gb_uart_send_data_request)) {
+@@ -853,13 +859,23 @@ static int gb_uart_probe(struct gbphy_de
+ goto exit_connection_destroy;
+ }
+
++ gb_tty = kzalloc(sizeof(*gb_tty), GFP_KERNEL);
++ if (!gb_tty) {
++ retval = -ENOMEM;
++ goto exit_connection_destroy;
++ }
++
++ tty_port_init(&gb_tty->port);
++ gb_tty->port.ops = &gb_port_ops;
++ gb_tty->minor = GB_NUM_MINORS;
++
+ gb_tty->buffer_payload_max = max_payload -
+ sizeof(struct gb_uart_send_data_request);
+
+ gb_tty->buffer = kzalloc(gb_tty->buffer_payload_max, GFP_KERNEL);
+ if (!gb_tty->buffer) {
+ retval = -ENOMEM;
+- goto exit_connection_destroy;
++ goto exit_put_port;
+ }
+
+ INIT_WORK(&gb_tty->tx_work, gb_uart_tx_write_work);
+@@ -867,7 +883,7 @@ static int gb_uart_probe(struct gbphy_de
+ retval = kfifo_alloc(&gb_tty->write_fifo, GB_UART_WRITE_FIFO_SIZE,
+ GFP_KERNEL);
+ if (retval)
+- goto exit_buf_free;
++ goto exit_put_port;
+
+ gb_tty->credits = GB_UART_FIRMWARE_CREDITS;
+ init_completion(&gb_tty->credits_complete);
+@@ -881,7 +897,7 @@ static int gb_uart_probe(struct gbphy_de
+ } else {
+ retval = minor;
+ }
+- goto exit_kfifo_free;
++ goto exit_put_port;
+ }
+
+ gb_tty->minor = minor;
+@@ -890,9 +906,6 @@ static int gb_uart_probe(struct gbphy_de
+ init_waitqueue_head(&gb_tty->wioctl);
+ mutex_init(&gb_tty->mutex);
+
+- tty_port_init(&gb_tty->port);
+- gb_tty->port.ops = &gb_port_ops;
+-
+ gb_tty->connection = connection;
+ gb_tty->gbphy_dev = gbphy_dev;
+ gb_connection_set_data(connection, gb_tty);
+@@ -900,7 +913,7 @@ static int gb_uart_probe(struct gbphy_de
+
+ retval = gb_connection_enable_tx(connection);
+ if (retval)
+- goto exit_release_minor;
++ goto exit_put_port;
+
+ send_control(gb_tty, gb_tty->ctrlout);
+
+@@ -927,16 +940,10 @@ static int gb_uart_probe(struct gbphy_de
+
+ exit_connection_disable:
+ gb_connection_disable(connection);
+-exit_release_minor:
+- release_minor(gb_tty);
+-exit_kfifo_free:
+- kfifo_free(&gb_tty->write_fifo);
+-exit_buf_free:
+- kfree(gb_tty->buffer);
++exit_put_port:
++ tty_port_put(&gb_tty->port);
+ exit_connection_destroy:
+ gb_connection_destroy(connection);
+-exit_tty_free:
+- kfree(gb_tty);
+
+ return retval;
+ }
+@@ -967,15 +974,10 @@ static void gb_uart_remove(struct gbphy_
+ gb_connection_disable_rx(connection);
+ tty_unregister_device(gb_tty_driver, gb_tty->minor);
+
+- /* FIXME - free transmit / receive buffers */
+-
+ gb_connection_disable(connection);
+- tty_port_destroy(&gb_tty->port);
+ gb_connection_destroy(connection);
+- release_minor(gb_tty);
+- kfifo_free(&gb_tty->write_fifo);
+- kfree(gb_tty->buffer);
+- kfree(gb_tty);
++
++ tty_port_put(&gb_tty->port);
+ }
+
+ static int gb_tty_init(void)
--- /dev/null
+From 17956b53ebff6a490baf580a836cbd3eae94892b Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Mon, 6 Sep 2021 12:42:21 +0300
+Subject: usb: gadget: r8a66597: fix a loop in set_feature()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 17956b53ebff6a490baf580a836cbd3eae94892b upstream.
+
+This loop is supposed to loop until if reads something other than
+CS_IDST or until it times out after 30,000 attempts. But because of
+the || vs && bug, it will never time out and instead it will loop a
+minimum of 30,000 times.
+
+This bug is quite old but the code is only used in USB_DEVICE_TEST_MODE
+so it probably doesn't affect regular usage.
+
+Fixes: 96fe53ef5498 ("usb: gadget: r8a66597-udc: add support for TEST_MODE")
+Cc: stable <stable@vger.kernel.org>
+Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+Acked-by: Felipe Balbi <balbi@kernel.org>
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Link: https://lore.kernel.org/r/20210906094221.GA10957@kili
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/gadget/udc/r8a66597-udc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/gadget/udc/r8a66597-udc.c
++++ b/drivers/usb/gadget/udc/r8a66597-udc.c
+@@ -1253,7 +1253,7 @@ static void set_feature(struct r8a66597
+ do {
+ tmp = r8a66597_read(r8a66597, INTSTS0) & CTSQ;
+ udelay(1);
+- } while (tmp != CS_IDST || timeout-- > 0);
++ } while (tmp != CS_IDST && timeout-- > 0);
+
+ if (tmp == CS_IDST)
+ r8a66597_bset(r8a66597,
--- /dev/null
+From 517c7bf99bad3d6b9360558414aae634b7472d80 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Thu, 16 Sep 2021 16:57:37 +0300
+Subject: usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 517c7bf99bad3d6b9360558414aae634b7472d80 upstream.
+
+This is writing to the first 1 - 3 bytes of "val" and then writing all
+four bytes to musb_writel(). The last byte is always going to be
+garbage. Zero out the last bytes instead.
+
+Fixes: 550a7375fe72 ("USB: Add MUSB and TUSB support")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Cc: stable <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20210916135737.GI25094@kili
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/musb/tusb6010.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/usb/musb/tusb6010.c
++++ b/drivers/usb/musb/tusb6010.c
+@@ -193,6 +193,7 @@ tusb_fifo_write_unaligned(void __iomem *
+ }
+ if (len > 0) {
+ /* Write the rest 1 - 3 bytes to FIFO */
++ val = 0;
+ memcpy(&val, buf, len);
+ musb_writel(fifo, 0, val);
+ }
--- /dev/null
+From 3bd18ba7d859eb1fbef3beb1e80c24f6f7d7596c Mon Sep 17 00:00:00 2001
+From: Uwe Brandt <uwe.brandt@gmail.com>
+Date: Tue, 21 Sep 2021 19:54:46 +0200
+Subject: USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
+
+From: Uwe Brandt <uwe.brandt@gmail.com>
+
+commit 3bd18ba7d859eb1fbef3beb1e80c24f6f7d7596c upstream.
+
+Add the USB serial device ID for the GW Instek GDM-834x Digital Multimeter.
+
+Signed-off-by: Uwe Brandt <uwe.brandt@gmail.com>
+Link: https://lore.kernel.org/r/YUxFl3YUCPGJZd8Y@hovoldconsulting.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/cp210x.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/usb/serial/cp210x.c
++++ b/drivers/usb/serial/cp210x.c
+@@ -237,6 +237,7 @@ static const struct usb_device_id id_tab
+ { USB_DEVICE(0x1FB9, 0x0602) }, /* Lake Shore Model 648 Magnet Power Supply */
+ { USB_DEVICE(0x1FB9, 0x0700) }, /* Lake Shore Model 737 VSM Controller */
+ { USB_DEVICE(0x1FB9, 0x0701) }, /* Lake Shore Model 776 Hall Matrix */
++ { USB_DEVICE(0x2184, 0x0030) }, /* GW Instek GDM-834x Digital Multimeter */
+ { USB_DEVICE(0x2626, 0xEA60) }, /* Aruba Networks 7xxx USB Serial Console */
+ { USB_DEVICE(0x3195, 0xF190) }, /* Link Instruments MSO-19 */
+ { USB_DEVICE(0x3195, 0xF280) }, /* Link Instruments MSO-28 */
--- /dev/null
+From 211f323768a25b30c106fd38f15a0f62c7c2b5f4 Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+Date: Fri, 17 Sep 2021 11:18:47 +0200
+Subject: USB: serial: mos7840: remove duplicated 0xac24 device ID
+
+From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+
+commit 211f323768a25b30c106fd38f15a0f62c7c2b5f4 upstream.
+
+0xac24 device ID is already defined and used via
+BANDB_DEVICE_ID_USO9ML2_4. Remove the duplicate from the list.
+
+Fixes: 27f1281d5f72 ("USB: serial: Extra device/vendor ID for mos7840 driver")
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/mos7840.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/drivers/usb/serial/mos7840.c
++++ b/drivers/usb/serial/mos7840.c
+@@ -126,7 +126,6 @@
+ #define BANDB_DEVICE_ID_USOPTL4_2P 0xBC02
+ #define BANDB_DEVICE_ID_USOPTL4_4 0xAC44
+ #define BANDB_DEVICE_ID_USOPTL4_4P 0xBC03
+-#define BANDB_DEVICE_ID_USOPTL2_4 0xAC24
+
+ /* This driver also supports
+ * ATEN UC2324 device using Moschip MCS7840
+@@ -207,7 +206,6 @@ static const struct usb_device_id id_tab
+ {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL4_2P)},
+ {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL4_4)},
+ {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL4_4P)},
+- {USB_DEVICE(USB_VENDOR_ID_BANDB, BANDB_DEVICE_ID_USOPTL2_4)},
+ {USB_DEVICE(USB_VENDOR_ID_ATENINTL, ATENINTL_DEVICE_ID_UC2324)},
+ {USB_DEVICE(USB_VENDOR_ID_ATENINTL, ATENINTL_DEVICE_ID_UC2322)},
+ {USB_DEVICE(USB_VENDOR_ID_MOXA, MOXA_DEVICE_ID_2210)},
--- /dev/null
+From 9e3eed534f8235a4a596a9dae5b8a6425d81ea1a Mon Sep 17 00:00:00 2001
+From: Slark Xiao <slark_xiao@163.com>
+Date: Fri, 17 Sep 2021 19:01:06 +0800
+Subject: USB: serial: option: add device id for Foxconn T99W265
+
+From: Slark Xiao <slark_xiao@163.com>
+
+commit 9e3eed534f8235a4a596a9dae5b8a6425d81ea1a upstream.
+
+Adding support for Foxconn device T99W265 for enumeration with
+PID 0xe0db.
+
+usb-devices output for 0xe0db
+T: Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 19 Spd=5000 MxCh= 0
+D: Ver= 3.20 Cls=ef(misc ) Sub=02 Prot=01 MxPS= 9 #Cfgs= 1
+P: Vendor=0489 ProdID=e0db Rev=05.04
+S: Manufacturer=Microsoft
+S: Product=Generic Mobile Broadband Adapter
+S: SerialNumber=6c50f452
+C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=896mA
+I: If#=0x0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim
+I: If#=0x1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
+I: If#=0x2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
+I: If#=0x3 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
+I: If#=0x4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
+
+if0/1: MBIM, if2:Diag, if3:GNSS, if4: Modem
+
+Signed-off-by: Slark Xiao <slark_xiao@163.com>
+Link: https://lore.kernel.org/r/20210917110106.9852-1-slark_xiao@163.com
+[ johan: use USB_DEVICE_INTERFACE_CLASS(), amend comment ]
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/option.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -2077,6 +2077,8 @@ static const struct usb_device_id option
+ .driver_info = RSVD(0) | RSVD(1) | RSVD(6) },
+ { USB_DEVICE(0x0489, 0xe0b5), /* Foxconn T77W968 ESIM */
+ .driver_info = RSVD(0) | RSVD(1) | RSVD(6) },
++ { USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe0db, 0xff), /* Foxconn T99W265 MBIM */
++ .driver_info = RSVD(3) },
+ { USB_DEVICE(0x1508, 0x1001), /* Fibocom NL668 (IOT version) */
+ .driver_info = RSVD(4) | RSVD(5) | RSVD(6) },
+ { USB_DEVICE(0x2cb7, 0x0104), /* Fibocom NL678 series */
--- /dev/null
+From 7bb057134d609b9c038a00b6876cf0d37d0118ce Mon Sep 17 00:00:00 2001
+From: Carlo Lobrano <c.lobrano@gmail.com>
+Date: Fri, 3 Sep 2021 14:39:13 +0200
+Subject: USB: serial: option: add Telit LN920 compositions
+
+From: Carlo Lobrano <c.lobrano@gmail.com>
+
+commit 7bb057134d609b9c038a00b6876cf0d37d0118ce upstream.
+
+This patch adds the following Telit LN920 compositions:
+
+0x1060: tty, adb, rmnet, tty, tty, tty, tty
+0x1061: tty, adb, mbim, tty, tty, tty, tty
+0x1062: rndis, tty, adb, tty, tty, tty, tty
+0x1063: tty, adb, ecm, tty, tty, tty, tty
+
+Signed-off-by: Carlo Lobrano <c.lobrano@gmail.com>
+Link: https://lore.kernel.org/r/20210903123913.1086513-1-c.lobrano@gmail.com
+Reviewed-by: Daniele Palmas <dnlplm@gmail.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/option.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -1208,6 +1208,14 @@ static const struct usb_device_id option
+ .driver_info = NCTRL(0) | RSVD(1) },
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1056, 0xff), /* Telit FD980 */
+ .driver_info = NCTRL(2) | RSVD(3) },
++ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1060, 0xff), /* Telit LN920 (rmnet) */
++ .driver_info = NCTRL(0) | RSVD(1) | RSVD(2) },
++ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1061, 0xff), /* Telit LN920 (MBIM) */
++ .driver_info = NCTRL(0) | RSVD(1) },
++ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1062, 0xff), /* Telit LN920 (RNDIS) */
++ .driver_info = NCTRL(2) | RSVD(3) },
++ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1063, 0xff), /* Telit LN920 (ECM) */
++ .driver_info = NCTRL(0) | RSVD(1) },
+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910),
+ .driver_info = NCTRL(0) | RSVD(1) | RSVD(3) },
+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910_DUAL_MODEM),
--- /dev/null
+From 1ca200a8c6f079950a04ea3c3380fe8cf78e95a2 Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+Date: Fri, 17 Sep 2021 11:18:48 +0200
+Subject: USB: serial: option: remove duplicate USB device ID
+
+From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+
+commit 1ca200a8c6f079950a04ea3c3380fe8cf78e95a2 upstream.
+
+The device ZTE 0x0094 is already on the list.
+
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+Fixes: b9e44fe5ecda ("USB: option: cleanup zte 3g-dongle's pid in option.c")
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/option.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -1661,7 +1661,6 @@ static const struct usb_device_id option
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0060, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0070, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0073, 0xff, 0xff, 0xff) },
+- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0094, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0130, 0xff, 0xff, 0xff),
+ .driver_info = RSVD(1) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0133, 0xff, 0xff, 0xff),
--- /dev/null
+From b55d37ef6b7db3eda9b4495a8d9b0a944ee8c67d Mon Sep 17 00:00:00 2001
+From: Ondrej Zary <linux@zary.sk>
+Date: Mon, 13 Sep 2021 23:01:06 +0200
+Subject: usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
+
+From: Ondrej Zary <linux@zary.sk>
+
+commit b55d37ef6b7db3eda9b4495a8d9b0a944ee8c67d upstream.
+
+ScanLogic SL11R-IDE with firmware older than 2.6c (the latest one) has
+broken tag handling, preventing the device from working at all:
+usb 1-1: new full-speed USB device number 2 using uhci_hcd
+usb 1-1: New USB device found, idVendor=04ce, idProduct=0002, bcdDevice= 2.60
+usb 1-1: New USB device strings: Mfr=1, Product=1, SerialNumber=0
+usb 1-1: Product: USB Device
+usb 1-1: Manufacturer: USB Device
+usb-storage 1-1:1.0: USB Mass Storage device detected
+scsi host2: usb-storage 1-1:1.0
+usbcore: registered new interface driver usb-storage
+usb 1-1: reset full-speed USB device number 2 using uhci_hcd
+usb 1-1: reset full-speed USB device number 2 using uhci_hcd
+usb 1-1: reset full-speed USB device number 2 using uhci_hcd
+usb 1-1: reset full-speed USB device number 2 using uhci_hcd
+
+Add US_FL_BULK_IGNORE_TAG to fix it. Also update my e-mail address.
+
+2.6c is the only firmware that claims Linux compatibility.
+The firmware can be upgraded using ezotgdbg utility:
+https://github.com/asciilifeform/ezotgdbg
+
+Acked-by: Alan Stern <stern@rowland.harvard.edu>
+Signed-off-by: Ondrej Zary <linux@zary.sk>
+Cc: stable <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20210913210106.12717-1-linux@zary.sk
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/storage/unusual_devs.h | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/storage/unusual_devs.h
++++ b/drivers/usb/storage/unusual_devs.h
+@@ -435,9 +435,16 @@ UNUSUAL_DEV( 0x04cb, 0x0100, 0x0000, 0x
+ USB_SC_UFI, USB_PR_DEVICE, NULL, US_FL_FIX_INQUIRY | US_FL_SINGLE_LUN),
+
+ /*
+- * Reported by Ondrej Zary <linux@rainbow-software.org>
++ * Reported by Ondrej Zary <linux@zary.sk>
+ * The device reports one sector more and breaks when that sector is accessed
++ * Firmwares older than 2.6c (the latest one and the only that claims Linux
++ * support) have also broken tag handling
+ */
++UNUSUAL_DEV( 0x04ce, 0x0002, 0x0000, 0x026b,
++ "ScanLogic",
++ "SL11R-IDE",
++ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
++ US_FL_FIX_CAPACITY | US_FL_BULK_IGNORE_TAG),
+ UNUSUAL_DEV( 0x04ce, 0x0002, 0x026c, 0x026c,
+ "ScanLogic",
+ "SL11R-IDE",
--- /dev/null
+From 0594c58161b6e0f3da8efa9c6e3d4ba52b652717 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Mon, 20 Sep 2021 18:15:11 +0200
+Subject: xen/x86: fix PV trap handling on secondary processors
+
+From: Jan Beulich <jbeulich@suse.com>
+
+commit 0594c58161b6e0f3da8efa9c6e3d4ba52b652717 upstream.
+
+The initial observation was that in PV mode under Xen 32-bit user space
+didn't work anymore. Attempts of system calls ended in #GP(0x402). All
+of the sudden the vector 0x80 handler was not in place anymore. As it
+turns out up to 5.13 redundant initialization did occur: Once from
+cpu_initialize_context() (through its VCPUOP_initialise hypercall) and a
+2nd time while each CPU was brought fully up. This 2nd initialization is
+now gone, uncovering that the 1st one was flawed: Unlike for the
+set_trap_table hypercall, a full virtual IDT needs to be specified here;
+the "vector" fields of the individual entries are of no interest. With
+many (kernel) IDT entries still(?) (i.e. at that point at least) empty,
+the syscall vector 0x80 ended up in slot 0x20 of the virtual IDT, thus
+becoming the domain's handler for vector 0x20.
+
+Make xen_convert_trap_info() fit for either purpose, leveraging the fact
+that on the xen_copy_trap_info() path the table starts out zero-filled.
+This includes moving out the writing of the sentinel, which would also
+have lead to a buffer overrun in the xen_copy_trap_info() case if all
+(kernel) IDT entries were populated. Convert the writing of the sentinel
+to clearing of the entire table entry rather than just the address
+field.
+
+(I didn't bother trying to identify the commit which uncovered the issue
+in 5.14; the commit named below is the one which actually introduced the
+bad code.)
+
+Fixes: f87e4cac4f4e ("xen: SMP guest support")
+Cc: stable@vger.kernel.org
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Link: https://lore.kernel.org/r/7a266932-092e-b68f-f2bb-1473b61adc6e@suse.com
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/xen/enlighten_pv.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+--- a/arch/x86/xen/enlighten_pv.c
++++ b/arch/x86/xen/enlighten_pv.c
+@@ -721,8 +721,8 @@ static void xen_write_idt_entry(gate_des
+ preempt_enable();
+ }
+
+-static void xen_convert_trap_info(const struct desc_ptr *desc,
+- struct trap_info *traps)
++static unsigned xen_convert_trap_info(const struct desc_ptr *desc,
++ struct trap_info *traps, bool full)
+ {
+ unsigned in, out, count;
+
+@@ -732,17 +732,18 @@ static void xen_convert_trap_info(const
+ for (in = out = 0; in < count; in++) {
+ gate_desc *entry = (gate_desc *)(desc->address) + in;
+
+- if (cvt_gate_to_trap(in, entry, &traps[out]))
++ if (cvt_gate_to_trap(in, entry, &traps[out]) || full)
+ out++;
+ }
+- traps[out].address = 0;
++
++ return out;
+ }
+
+ void xen_copy_trap_info(struct trap_info *traps)
+ {
+ const struct desc_ptr *desc = this_cpu_ptr(&idt_desc);
+
+- xen_convert_trap_info(desc, traps);
++ xen_convert_trap_info(desc, traps, true);
+ }
+
+ /* Load a new IDT into Xen. In principle this can be per-CPU, so we
+@@ -752,6 +753,7 @@ static void xen_load_idt(const struct de
+ {
+ static DEFINE_SPINLOCK(lock);
+ static struct trap_info traps[257];
++ unsigned out;
+
+ trace_xen_cpu_load_idt(desc);
+
+@@ -759,7 +761,8 @@ static void xen_load_idt(const struct de
+
+ memcpy(this_cpu_ptr(&idt_desc), desc, sizeof(idt_desc));
+
+- xen_convert_trap_info(desc, traps);
++ out = xen_convert_trap_info(desc, traps, false);
++ memset(&traps[out], 0, sizeof(traps[0]));
+
+ xen_mc_flush();
+ if (HYPERVISOR_set_trap_table(traps))
projects / thirdparty / kernel / stable-queue.git / commitdiff
