--- /dev/null
+From 4b0556b96e1fe7723629bd40e3813a30cd632faf Mon Sep 17 00:00:00 2001
+From: Alexander Tsoy <alexander@tsoy.me>
+Date: Tue, 27 Jul 2021 12:33:26 +0300
+Subject: ALSA: usb-audio: Add registration quirk for JBL Quantum 600
+
+From: Alexander Tsoy <alexander@tsoy.me>
+
+commit 4b0556b96e1fe7723629bd40e3813a30cd632faf upstream.
+
+Apparently JBL Quantum 600 has multiple hardware revisions. Apply
+registration quirk to another device id as well.
+
+Signed-off-by: Alexander Tsoy <alexander@tsoy.me>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20210727093326.1153366-1-alexander@tsoy.me
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/quirks.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/usb/quirks.c
++++ b/sound/usb/quirks.c
+@@ -1555,6 +1555,7 @@ static const struct registration_quirk r
+ REG_QUIRK_ENTRY(0x0951, 0x16ea, 2), /* Kingston HyperX Cloud Flight S */
+ REG_QUIRK_ENTRY(0x0ecb, 0x1f46, 2), /* JBL Quantum 600 */
+ REG_QUIRK_ENTRY(0x0ecb, 0x2039, 2), /* JBL Quantum 400 */
++ REG_QUIRK_ENTRY(0x0ecb, 0x203c, 2), /* JBL Quantum 600 */
+ REG_QUIRK_ENTRY(0x0ecb, 0x203e, 2), /* JBL Quantum 800 */
+ { 0 } /* terminator */
+ };
usb-serial-ftdi_sio-add-device-id-for-auto-m3-op-com-v2.patch
firmware_loader-use-etimedout-instead-of-eagain-in-fw_load_sysfs_fallback.patch
firmware_loader-fix-use-after-free-in-firmware_fallback_sysfs.patch
+alsa-usb-audio-add-registration-quirk-for-jbl-quantum-600.patch
+usb-gadget-f_hid-added-get_idle-and-set_idle-handlers.patch
+usb-gadget-f_hid-fixed-null-pointer-dereference.patch
+usb-gadget-f_hid-idle-uses-the-highest-byte-for-duration.patch
+usb-otg-fsm-fix-hrtimer-list-corruption.patch
--- /dev/null
+From afcff6dc690e24d636a41fd4bee6057e7c70eebd Mon Sep 17 00:00:00 2001
+From: Maxim Devaev <mdevaev@gmail.com>
+Date: Wed, 21 Jul 2021 21:03:51 +0300
+Subject: usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
+
+From: Maxim Devaev <mdevaev@gmail.com>
+
+commit afcff6dc690e24d636a41fd4bee6057e7c70eebd upstream.
+
+The USB HID standard declares mandatory support for GET_IDLE and SET_IDLE
+requests for Boot Keyboard. Most hosts can handle their absence, but others
+like some old/strange UEFIs and BIOSes consider this a critical error
+and refuse to work with f_hid.
+
+This primitive implementation of saving and returning idle is sufficient
+to meet the requirements of the standard and these devices.
+
+Acked-by: Felipe Balbi <balbi@kernel.org>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Maxim Devaev <mdevaev@gmail.com>
+Link: https://lore.kernel.org/r/20210721180351.129450-1-mdevaev@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/gadget/function/f_hid.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+--- a/drivers/usb/gadget/function/f_hid.c
++++ b/drivers/usb/gadget/function/f_hid.c
+@@ -41,6 +41,7 @@ struct f_hidg {
+ unsigned char bInterfaceSubClass;
+ unsigned char bInterfaceProtocol;
+ unsigned char protocol;
++ unsigned char idle;
+ unsigned short report_desc_length;
+ char *report_desc;
+ unsigned short report_length;
+@@ -529,6 +530,14 @@ static int hidg_setup(struct usb_functio
+ goto respond;
+ break;
+
++ case ((USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
++ | HID_REQ_GET_IDLE):
++ VDBG(cdev, "get_idle\n");
++ length = min_t(unsigned int, length, 1);
++ ((u8 *) req->buf)[0] = hidg->idle;
++ goto respond;
++ break;
++
+ case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
+ | HID_REQ_SET_REPORT):
+ VDBG(cdev, "set_report | wLength=%d\n", ctrl->wLength);
+@@ -552,6 +561,14 @@ static int hidg_setup(struct usb_functio
+ goto stall;
+ break;
+
++ case ((USB_DIR_OUT | USB_TYPE_CLASS | USB_RECIP_INTERFACE) << 8
++ | HID_REQ_SET_IDLE):
++ VDBG(cdev, "set_idle\n");
++ length = 0;
++ hidg->idle = value;
++ goto respond;
++ break;
++
+ case ((USB_DIR_IN | USB_TYPE_STANDARD | USB_RECIP_INTERFACE) << 8
+ | USB_REQ_GET_DESCRIPTOR):
+ switch (value >> 8) {
+@@ -779,6 +796,7 @@ static int hidg_bind(struct usb_configur
+ hidg_interface_desc.bInterfaceSubClass = hidg->bInterfaceSubClass;
+ hidg_interface_desc.bInterfaceProtocol = hidg->bInterfaceProtocol;
+ hidg->protocol = HID_REPORT_PROTOCOL;
++ hidg->idle = 1;
+ hidg_ss_in_ep_desc.wMaxPacketSize = cpu_to_le16(hidg->report_length);
+ hidg_ss_in_comp_desc.wBytesPerInterval =
+ cpu_to_le16(hidg->report_length);
--- /dev/null
+From 2867652e4766360adf14dfda3832455e04964f2a Mon Sep 17 00:00:00 2001
+From: Phil Elwell <phil@raspberrypi.com>
+Date: Fri, 23 Jul 2021 18:59:30 +0300
+Subject: usb: gadget: f_hid: fixed NULL pointer dereference
+
+From: Phil Elwell <phil@raspberrypi.com>
+
+commit 2867652e4766360adf14dfda3832455e04964f2a upstream.
+
+Disconnecting and reconnecting the USB cable can lead to crashes
+and a variety of kernel log spam.
+
+The problem was found and reproduced on the Raspberry Pi [1]
+and the original fix was created in Raspberry's own fork [2].
+
+Link: https://github.com/raspberrypi/linux/issues/3870 [1]
+Link: https://github.com/raspberrypi/linux/commit/a6e47d5f4efbd2ea6a0b6565cd2f9b7bb217ded5 [2]
+Signed-off-by: Maxim Devaev <mdevaev@gmail.com>
+Signed-off-by: Phil Elwell <phil@raspberrypi.com>
+Cc: stable <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20210723155928.210019-1-mdevaev@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/gadget/function/f_hid.c | 26 ++++++++++++++++++++------
+ 1 file changed, 20 insertions(+), 6 deletions(-)
+
+--- a/drivers/usb/gadget/function/f_hid.c
++++ b/drivers/usb/gadget/function/f_hid.c
+@@ -345,6 +345,11 @@ static ssize_t f_hidg_write(struct file
+
+ spin_lock_irqsave(&hidg->write_spinlock, flags);
+
++ if (!hidg->req) {
++ spin_unlock_irqrestore(&hidg->write_spinlock, flags);
++ return -ESHUTDOWN;
++ }
++
+ #define WRITE_COND (!hidg->write_pending)
+ try_again:
+ /* write queue */
+@@ -365,8 +370,14 @@ try_again:
+ count = min_t(unsigned, count, hidg->report_length);
+
+ spin_unlock_irqrestore(&hidg->write_spinlock, flags);
+- status = copy_from_user(req->buf, buffer, count);
+
++ if (!req) {
++ ERROR(hidg->func.config->cdev, "hidg->req is NULL\n");
++ status = -ESHUTDOWN;
++ goto release_write_pending;
++ }
++
++ status = copy_from_user(req->buf, buffer, count);
+ if (status != 0) {
+ ERROR(hidg->func.config->cdev,
+ "copy_from_user error\n");
+@@ -394,14 +405,17 @@ try_again:
+
+ spin_unlock_irqrestore(&hidg->write_spinlock, flags);
+
++ if (!hidg->in_ep->enabled) {
++ ERROR(hidg->func.config->cdev, "in_ep is disabled\n");
++ status = -ESHUTDOWN;
++ goto release_write_pending;
++ }
++
+ status = usb_ep_queue(hidg->in_ep, req, GFP_ATOMIC);
+- if (status < 0) {
+- ERROR(hidg->func.config->cdev,
+- "usb_ep_queue error on int endpoint %zd\n", status);
++ if (status < 0)
+ goto release_write_pending;
+- } else {
++ else
+ status = count;
+- }
+
+ return status;
+ release_write_pending:
--- /dev/null
+From fa20bada3f934e3b3e4af4c77e5b518cd5a282e5 Mon Sep 17 00:00:00 2001
+From: Maxim Devaev <mdevaev@gmail.com>
+Date: Tue, 27 Jul 2021 21:58:00 +0300
+Subject: usb: gadget: f_hid: idle uses the highest byte for duration
+
+From: Maxim Devaev <mdevaev@gmail.com>
+
+commit fa20bada3f934e3b3e4af4c77e5b518cd5a282e5 upstream.
+
+SET_IDLE value must be shifted 8 bits to the right to get duration.
+This confirmed by USBCV test.
+
+Fixes: afcff6dc690e ("usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers")
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Maxim Devaev <mdevaev@gmail.com>
+Link: https://lore.kernel.org/r/20210727185800.43796-1-mdevaev@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/gadget/function/f_hid.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/gadget/function/f_hid.c
++++ b/drivers/usb/gadget/function/f_hid.c
+@@ -579,7 +579,7 @@ static int hidg_setup(struct usb_functio
+ | HID_REQ_SET_IDLE):
+ VDBG(cdev, "set_idle\n");
+ length = 0;
+- hidg->idle = value;
++ hidg->idle = value >> 8;
+ goto respond;
+ break;
+
--- /dev/null
+From bf88fef0b6f1488abeca594d377991171c00e52a Mon Sep 17 00:00:00 2001
+From: Dmitry Osipenko <digetx@gmail.com>
+Date: Sat, 17 Jul 2021 21:21:27 +0300
+Subject: usb: otg-fsm: Fix hrtimer list corruption
+
+From: Dmitry Osipenko <digetx@gmail.com>
+
+commit bf88fef0b6f1488abeca594d377991171c00e52a upstream.
+
+The HNP work can be re-scheduled while it's still in-fly. This results in
+re-initialization of the busy work, resetting the hrtimer's list node of
+the work and crashing kernel with null dereference within kernel/timer
+once work's timer is expired. It's very easy to trigger this problem by
+re-plugging USB cable quickly. Initialize HNP work only once to fix this
+trouble.
+
+ Unable to handle kernel NULL pointer dereference at virtual address 00000126)
+ ...
+ PC is at __run_timers.part.0+0x150/0x228
+ LR is at __next_timer_interrupt+0x51/0x9c
+ ...
+ (__run_timers.part.0) from [<c0187a2b>] (run_timer_softirq+0x2f/0x50)
+ (run_timer_softirq) from [<c01013ad>] (__do_softirq+0xd5/0x2f0)
+ (__do_softirq) from [<c012589b>] (irq_exit+0xab/0xb8)
+ (irq_exit) from [<c0170341>] (handle_domain_irq+0x45/0x60)
+ (handle_domain_irq) from [<c04c4a43>] (gic_handle_irq+0x6b/0x7c)
+ (gic_handle_irq) from [<c0100b65>] (__irq_svc+0x65/0xac)
+
+Cc: stable@vger.kernel.org
+Acked-by: Peter Chen <peter.chen@kernel.org>
+Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
+Link: https://lore.kernel.org/r/20210717182134.30262-6-digetx@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/common/usb-otg-fsm.c | 6 +++++-
+ include/linux/usb/otg-fsm.h | 1 +
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/common/usb-otg-fsm.c
++++ b/drivers/usb/common/usb-otg-fsm.c
+@@ -193,7 +193,11 @@ static void otg_start_hnp_polling(struct
+ if (!fsm->host_req_flag)
+ return;
+
+- INIT_DELAYED_WORK(&fsm->hnp_polling_work, otg_hnp_polling_work);
++ if (!fsm->hnp_work_inited) {
++ INIT_DELAYED_WORK(&fsm->hnp_polling_work, otg_hnp_polling_work);
++ fsm->hnp_work_inited = true;
++ }
++
+ schedule_delayed_work(&fsm->hnp_polling_work,
+ msecs_to_jiffies(T_HOST_REQ_POLL));
+ }
+--- a/include/linux/usb/otg-fsm.h
++++ b/include/linux/usb/otg-fsm.h
+@@ -196,6 +196,7 @@ struct otg_fsm {
+ struct mutex lock;
+ u8 *host_req_flag;
+ struct delayed_work hnp_polling_work;
++ bool hnp_work_inited;
+ bool state_changed;
+ };
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
