--- /dev/null
+From 6e41e2257f1094acc37618bf6c856115374c6922 Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Mon, 20 May 2019 10:44:21 -0400
+Subject: p54usb: Fix race between disconnect and firmware loading
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit 6e41e2257f1094acc37618bf6c856115374c6922 upstream.
+
+The syzbot fuzzer found a bug in the p54 USB wireless driver. The
+issue involves a race between disconnect and the firmware-loader
+callback routine, and it has several aspects.
+
+One big problem is that when the firmware can't be loaded, the
+callback routine tries to unbind the driver from the USB _device_ (by
+calling device_release_driver) instead of from the USB _interface_ to
+which it is actually bound (by calling usb_driver_release_interface).
+
+The race involves access to the private data structure. The driver's
+disconnect handler waits for a completion that is signalled by the
+firmware-loader callback routine. As soon as the completion is
+signalled, you have to assume that the private data structure may have
+been deallocated by the disconnect handler -- even if the firmware was
+loaded without errors. However, the callback routine does access the
+private data several times after that point.
+
+Another problem is that, in order to ensure that the USB device
+structure hasn't been freed when the callback routine runs, the driver
+takes a reference to it. This isn't good enough any more, because now
+that the callback routine calls usb_driver_release_interface, it has
+to ensure that the interface structure hasn't been freed.
+
+Finally, the driver takes an unnecessary reference to the USB device
+structure in the probe function and drops the reference in the
+disconnect handler. This extra reference doesn't accomplish anything,
+because the USB core already guarantees that a device structure won't
+be deallocated while a driver is still bound to any of its interfaces.
+
+To fix these problems, this patch makes the following changes:
+
+ Call usb_driver_release_interface() rather than
+ device_release_driver().
+
+ Don't signal the completion until after the important
+ information has been copied out of the private data structure,
+ and don't refer to the private data at all thereafter.
+
+ Lock udev (the interface's parent) before unbinding the driver
+ instead of locking udev->parent.
+
+ During the firmware loading process, take a reference to the
+ USB interface instead of the USB device.
+
+ Don't take an unnecessary reference to the device during probe
+ (and then don't drop it during disconnect).
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Reported-and-tested-by: syzbot+200d4bb11b23d929335f@syzkaller.appspotmail.com
+CC: <stable@vger.kernel.org>
+Acked-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/intersil/p54/p54usb.c | 43 ++++++++++++-----------------
+ 1 file changed, 18 insertions(+), 25 deletions(-)
+
+--- a/drivers/net/wireless/intersil/p54/p54usb.c
++++ b/drivers/net/wireless/intersil/p54/p54usb.c
+@@ -33,6 +33,8 @@ MODULE_ALIAS("prism54usb");
+ MODULE_FIRMWARE("isl3886usb");
+ MODULE_FIRMWARE("isl3887usb");
+
++static struct usb_driver p54u_driver;
++
+ /*
+ * Note:
+ *
+@@ -921,9 +923,9 @@ static void p54u_load_firmware_cb(const
+ {
+ struct p54u_priv *priv = context;
+ struct usb_device *udev = priv->udev;
++ struct usb_interface *intf = priv->intf;
+ int err;
+
+- complete(&priv->fw_wait_load);
+ if (firmware) {
+ priv->fw = firmware;
+ err = p54u_start_ops(priv);
+@@ -932,26 +934,22 @@ static void p54u_load_firmware_cb(const
+ dev_err(&udev->dev, "Firmware not found.\n");
+ }
+
+- if (err) {
+- struct device *parent = priv->udev->dev.parent;
+-
+- dev_err(&udev->dev, "failed to initialize device (%d)\n", err);
+-
+- if (parent)
+- device_lock(parent);
++ complete(&priv->fw_wait_load);
++ /*
++ * At this point p54u_disconnect may have already freed
++ * the "priv" context. Do not use it anymore!
++ */
++ priv = NULL;
+
+- device_release_driver(&udev->dev);
+- /*
+- * At this point p54u_disconnect has already freed
+- * the "priv" context. Do not use it anymore!
+- */
+- priv = NULL;
++ if (err) {
++ dev_err(&intf->dev, "failed to initialize device (%d)\n", err);
+
+- if (parent)
+- device_unlock(parent);
++ usb_lock_device(udev);
++ usb_driver_release_interface(&p54u_driver, intf);
++ usb_unlock_device(udev);
+ }
+
+- usb_put_dev(udev);
++ usb_put_intf(intf);
+ }
+
+ static int p54u_load_firmware(struct ieee80211_hw *dev,
+@@ -972,14 +970,14 @@ static int p54u_load_firmware(struct iee
+ dev_info(&priv->udev->dev, "Loading firmware file %s\n",
+ p54u_fwlist[i].fw);
+
+- usb_get_dev(udev);
++ usb_get_intf(intf);
+ err = request_firmware_nowait(THIS_MODULE, 1, p54u_fwlist[i].fw,
+ device, GFP_KERNEL, priv,
+ p54u_load_firmware_cb);
+ if (err) {
+ dev_err(&priv->udev->dev, "(p54usb) cannot load firmware %s "
+ "(%d)!\n", p54u_fwlist[i].fw, err);
+- usb_put_dev(udev);
++ usb_put_intf(intf);
+ }
+
+ return err;
+@@ -1011,8 +1009,6 @@ static int p54u_probe(struct usb_interfa
+ skb_queue_head_init(&priv->rx_queue);
+ init_usb_anchor(&priv->submitted);
+
+- usb_get_dev(udev);
+-
+ /* really lazy and simple way of figuring out if we're a 3887 */
+ /* TODO: should just stick the identification in the device table */
+ i = intf->altsetting->desc.bNumEndpoints;
+@@ -1053,10 +1049,8 @@ static int p54u_probe(struct usb_interfa
+ priv->upload_fw = p54u_upload_firmware_net2280;
+ }
+ err = p54u_load_firmware(dev, intf);
+- if (err) {
+- usb_put_dev(udev);
++ if (err)
+ p54_free_common(dev);
+- }
+ return err;
+ }
+
+@@ -1072,7 +1066,6 @@ static void p54u_disconnect(struct usb_i
+ wait_for_completion(&priv->fw_wait_load);
+ p54_unregister_common(dev);
+
+- usb_put_dev(interface_to_usbdev(intf));
+ release_firmware(priv->fw);
+ p54_free_common(dev);
+ }
--- /dev/null
+From 3f2640ed7be838c3f05c0d2b0f7c7508e7431e48 Mon Sep 17 00:00:00 2001
+From: Oliver Barta <o.barta89@gmail.com>
+Date: Wed, 19 Jun 2019 10:16:39 +0200
+Subject: Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled"
+
+From: Oliver Barta <o.barta89@gmail.com>
+
+commit 3f2640ed7be838c3f05c0d2b0f7c7508e7431e48 upstream.
+
+This reverts commit 2e9fe539108320820016f78ca7704a7342788380.
+
+Reading LSR unconditionally but processing the error flags only if
+UART_IIR_RDI bit was set before in IIR may lead to a loss of transmission
+error information on UARTs where the transmission error flags are cleared
+by a read of LSR. Information are lost in case an error is detected right
+before the read of LSR while processing e.g. an UART_IIR_THRI interrupt.
+
+Signed-off-by: Oliver Barta <o.barta89@gmail.com>
+Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Fixes: 2e9fe5391083 ("serial: 8250: Don't service RX FIFO if interrupts are disabled")
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/serial/8250/8250_port.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/tty/serial/8250/8250_port.c
++++ b/drivers/tty/serial/8250/8250_port.c
+@@ -1814,8 +1814,7 @@ int serial8250_handle_irq(struct uart_po
+
+ status = serial_port_in(port, UART_LSR);
+
+- if (status & (UART_LSR_DR | UART_LSR_BI) &&
+- iir & UART_IIR_RDI) {
++ if (status & (UART_LSR_DR | UART_LSR_BI)) {
+ if (!up->dma || handle_rx_dma(up, iir))
+ status = serial8250_rx_chars(up, status);
+ }
mwifiex-fix-heap-overflow-in-mwifiex_uap_parse_tail_ies.patch
fscrypt-don-t-set-policy-for-a-dead-directory.patch
mwifiex-don-t-abort-on-small-spec-compliant-vendor-ies.patch
+usb-serial-ftdi_sio-add-id-for-isodebug-v1.patch
+usb-serial-option-add-support-for-gosuncn-me3630-rndis-mode.patch
+revert-serial-8250-don-t-service-rx-fifo-if-interrupts-are-disabled.patch
+p54usb-fix-race-between-disconnect-and-firmware-loading.patch
+usb-gadget-ether-fix-race-between-gether_disconnect-and-rx_submit.patch
+usb-renesas_usbhs-add-a-workaround-for-a-race-condition-of-workqueue.patch
+staging-comedi-dt282x-fix-a-null-pointer-deref-on-interrupt.patch
+staging-comedi-amplc_pci230-fix-null-pointer-deref-on-interrupt.patch
--- /dev/null
+From 7379e6baeddf580d01feca650ec1ad508b6ea8ee Mon Sep 17 00:00:00 2001
+From: Ian Abbott <abbotti@mev.co.uk>
+Date: Wed, 26 Jun 2019 14:17:39 +0100
+Subject: staging: comedi: amplc_pci230: fix null pointer deref on interrupt
+
+From: Ian Abbott <abbotti@mev.co.uk>
+
+commit 7379e6baeddf580d01feca650ec1ad508b6ea8ee upstream.
+
+The interrupt handler `pci230_interrupt()` causes a null pointer
+dereference for a PCI260 card. There is no analog output subdevice for
+a PCI260. The `dev->write_subdev` subdevice pointer and therefore the
+`s_ao` subdevice pointer variable will be `NULL` for a PCI260. The
+following call near the end of the interrupt handler results in the null
+pointer dereference for a PCI260:
+
+ comedi_handle_events(dev, s_ao);
+
+Fix it by only calling the above function if `s_ao` is valid.
+
+Note that the other uses of `s_ao` in the calls
+`pci230_handle_ao_nofifo(dev, s_ao);` and `pci230_handle_ao_fifo(dev,
+s_ao);` will never be reached for a PCI260, so they are safe.
+
+Fixes: 39064f23284c ("staging: comedi: amplc_pci230: use comedi_handle_events()")
+Cc: <stable@vger.kernel.org> # v3.19+
+Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/comedi/drivers/amplc_pci230.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/staging/comedi/drivers/amplc_pci230.c
++++ b/drivers/staging/comedi/drivers/amplc_pci230.c
+@@ -2337,7 +2337,8 @@ static irqreturn_t pci230_interrupt(int
+ devpriv->intr_running = false;
+ spin_unlock_irqrestore(&devpriv->isr_spinlock, irqflags);
+
+- comedi_handle_events(dev, s_ao);
++ if (s_ao)
++ comedi_handle_events(dev, s_ao);
+ comedi_handle_events(dev, s_ai);
+
+ return IRQ_HANDLED;
--- /dev/null
+From b8336be66dec06bef518030a0df9847122053ec5 Mon Sep 17 00:00:00 2001
+From: Ian Abbott <abbotti@mev.co.uk>
+Date: Wed, 26 Jun 2019 14:18:04 +0100
+Subject: staging: comedi: dt282x: fix a null pointer deref on interrupt
+
+From: Ian Abbott <abbotti@mev.co.uk>
+
+commit b8336be66dec06bef518030a0df9847122053ec5 upstream.
+
+The interrupt handler `dt282x_interrupt()` causes a null pointer
+dereference for those supported boards that have no analog output
+support. For these boards, `dev->write_subdev` will be `NULL` and
+therefore the `s_ao` subdevice pointer variable will be `NULL`. In that
+case, the following call near the end of the interrupt handler results
+in a null pointer dereference:
+
+ comedi_handle_events(dev, s_ao);
+
+Fix it by only calling the above function if `s_ao` is valid.
+
+(There are other uses of `s_ao` by the interrupt handler that may or may
+not be reached depending on values of hardware registers. Trust that
+they are reliable for now.)
+
+Note:
+commit 4f6f009b204f ("staging: comedi: dt282x: use comedi_handle_events()")
+propagates an earlier error from
+commit f21c74fa4cfe ("staging: comedi: dt282x: use cfc_handle_events()").
+
+Fixes: 4f6f009b204f ("staging: comedi: dt282x: use comedi_handle_events()")
+Cc: <stable@vger.kernel.org> # v3.19+
+Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/comedi/drivers/dt282x.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/staging/comedi/drivers/dt282x.c
++++ b/drivers/staging/comedi/drivers/dt282x.c
+@@ -566,7 +566,8 @@ static irqreturn_t dt282x_interrupt(int
+ }
+ #endif
+ comedi_handle_events(dev, s);
+- comedi_handle_events(dev, s_ao);
++ if (s_ao)
++ comedi_handle_events(dev, s_ao);
+
+ return IRQ_RETVAL(handled);
+ }
--- /dev/null
+From d29fcf7078bc8be2b6366cbd4418265b53c94fac Mon Sep 17 00:00:00 2001
+From: Kiruthika Varadarajan <Kiruthika.Varadarajan@harman.com>
+Date: Tue, 18 Jun 2019 08:39:06 +0000
+Subject: usb: gadget: ether: Fix race between gether_disconnect and rx_submit
+
+From: Kiruthika Varadarajan <Kiruthika.Varadarajan@harman.com>
+
+commit d29fcf7078bc8be2b6366cbd4418265b53c94fac upstream.
+
+On spin lock release in rx_submit, gether_disconnect get a chance to
+run, it makes port_usb NULL, rx_submit access NULL port USB, hence null
+pointer crash.
+
+Fixed by releasing the lock in rx_submit after port_usb is used.
+
+Fixes: 2b3d942c4878 ("usb ethernet gadget: split out network core")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Kiruthika Varadarajan <Kiruthika.Varadarajan@harman.com>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/gadget/function/u_ether.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/usb/gadget/function/u_ether.c
++++ b/drivers/usb/gadget/function/u_ether.c
+@@ -198,11 +198,12 @@ rx_submit(struct eth_dev *dev, struct us
+ out = dev->port_usb->out_ep;
+ else
+ out = NULL;
+- spin_unlock_irqrestore(&dev->lock, flags);
+
+ if (!out)
++ {
++ spin_unlock_irqrestore(&dev->lock, flags);
+ return -ENOTCONN;
+-
++ }
+
+ /* Padding up to RX_EXTRA handles minor disagreements with host.
+ * Normally we use the USB "terminate on short read" convention;
+@@ -223,6 +224,7 @@ rx_submit(struct eth_dev *dev, struct us
+
+ if (dev->port_usb->is_fixed)
+ size = max_t(size_t, size, dev->port_usb->fixed_out_len);
++ spin_unlock_irqrestore(&dev->lock, flags);
+
+ skb = alloc_skb(size + NET_IP_ALIGN, gfp_flags);
+ if (skb == NULL) {
--- /dev/null
+From b2357839c56ab7d06bcd4e866ebc2d0e2b7997f3 Mon Sep 17 00:00:00 2001
+From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+Date: Wed, 26 Jun 2019 22:06:33 +0900
+Subject: usb: renesas_usbhs: add a workaround for a race condition of workqueue
+
+From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+
+commit b2357839c56ab7d06bcd4e866ebc2d0e2b7997f3 upstream.
+
+The old commit 6e4b74e4690d ("usb: renesas: fix scheduling in atomic
+context bug") fixed an atomic issue by using workqueue for the shdmac
+dmaengine driver. However, this has a potential race condition issue
+between the work pending and usbhsg_ep_free_request() in gadget mode.
+When usbhsg_ep_free_request() is called while pending the queue,
+since the work_struct will be freed and then the work handler is
+called, kernel panic happens on process_one_work().
+
+To fix the issue, if we could call cancel_work_sync() at somewhere
+before the free request, it could be easy. However,
+the usbhsg_ep_free_request() is called on atomic (e.g. f_ncm driver
+calls free request via gether_disconnect()).
+
+For now, almost all users are having "USB-DMAC" and the DMAengine
+driver can be used on atomic. So, this patch adds a workaround for
+a race condition to call the DMAengine APIs without the workqueue.
+
+This means we still have TODO on shdmac environment (SH7724), but
+since it doesn't have SMP, the race condition might not happen.
+
+Fixes: ab330cf3888d ("usb: renesas_usbhs: add support for USB-DMAC")
+Cc: <stable@vger.kernel.org> # v4.1+
+Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/renesas_usbhs/fifo.c | 34 ++++++++++++++++++++++------------
+ 1 file changed, 22 insertions(+), 12 deletions(-)
+
+--- a/drivers/usb/renesas_usbhs/fifo.c
++++ b/drivers/usb/renesas_usbhs/fifo.c
+@@ -821,9 +821,8 @@ static int __usbhsf_dma_map_ctrl(struct
+ }
+
+ static void usbhsf_dma_complete(void *arg);
+-static void xfer_work(struct work_struct *work)
++static void usbhsf_dma_xfer_preparing(struct usbhs_pkt *pkt)
+ {
+- struct usbhs_pkt *pkt = container_of(work, struct usbhs_pkt, work);
+ struct usbhs_pipe *pipe = pkt->pipe;
+ struct usbhs_fifo *fifo;
+ struct usbhs_priv *priv = usbhs_pipe_to_priv(pipe);
+@@ -831,12 +830,10 @@ static void xfer_work(struct work_struct
+ struct dma_chan *chan;
+ struct device *dev = usbhs_priv_to_dev(priv);
+ enum dma_transfer_direction dir;
+- unsigned long flags;
+
+- usbhs_lock(priv, flags);
+ fifo = usbhs_pipe_to_fifo(pipe);
+ if (!fifo)
+- goto xfer_work_end;
++ return;
+
+ chan = usbhsf_dma_chan_get(fifo, pkt);
+ dir = usbhs_pipe_is_dir_in(pipe) ? DMA_DEV_TO_MEM : DMA_MEM_TO_DEV;
+@@ -845,7 +842,7 @@ static void xfer_work(struct work_struct
+ pkt->trans, dir,
+ DMA_PREP_INTERRUPT | DMA_CTRL_ACK);
+ if (!desc)
+- goto xfer_work_end;
++ return;
+
+ desc->callback = usbhsf_dma_complete;
+ desc->callback_param = pipe;
+@@ -853,7 +850,7 @@ static void xfer_work(struct work_struct
+ pkt->cookie = dmaengine_submit(desc);
+ if (pkt->cookie < 0) {
+ dev_err(dev, "Failed to submit dma descriptor\n");
+- goto xfer_work_end;
++ return;
+ }
+
+ dev_dbg(dev, " %s %d (%d/ %d)\n",
+@@ -864,8 +861,17 @@ static void xfer_work(struct work_struct
+ dma_async_issue_pending(chan);
+ usbhsf_dma_start(pipe, fifo);
+ usbhs_pipe_enable(pipe);
++}
++
++static void xfer_work(struct work_struct *work)
++{
++ struct usbhs_pkt *pkt = container_of(work, struct usbhs_pkt, work);
++ struct usbhs_pipe *pipe = pkt->pipe;
++ struct usbhs_priv *priv = usbhs_pipe_to_priv(pipe);
++ unsigned long flags;
+
+-xfer_work_end:
++ usbhs_lock(priv, flags);
++ usbhsf_dma_xfer_preparing(pkt);
+ usbhs_unlock(priv, flags);
+ }
+
+@@ -918,8 +924,13 @@ static int usbhsf_dma_prepare_push(struc
+ pkt->trans = len;
+
+ usbhsf_tx_irq_ctrl(pipe, 0);
+- INIT_WORK(&pkt->work, xfer_work);
+- schedule_work(&pkt->work);
++ /* FIXME: Workaound for usb dmac that driver can be used in atomic */
++ if (usbhs_get_dparam(priv, has_usb_dmac)) {
++ usbhsf_dma_xfer_preparing(pkt);
++ } else {
++ INIT_WORK(&pkt->work, xfer_work);
++ schedule_work(&pkt->work);
++ }
+
+ return 0;
+
+@@ -1025,8 +1036,7 @@ static int usbhsf_dma_prepare_pop_with_u
+
+ pkt->trans = pkt->length;
+
+- INIT_WORK(&pkt->work, xfer_work);
+- schedule_work(&pkt->work);
++ usbhsf_dma_xfer_preparing(pkt);
+
+ return 0;
+
--- /dev/null
+From f8377eff548170e8ea8022c067a1fbdf9e1c46a8 Mon Sep 17 00:00:00 2001
+From: Andreas Fritiofson <andreas.fritiofson@unjo.com>
+Date: Fri, 28 Jun 2019 15:08:34 +0200
+Subject: USB: serial: ftdi_sio: add ID for isodebug v1
+
+From: Andreas Fritiofson <andreas.fritiofson@unjo.com>
+
+commit f8377eff548170e8ea8022c067a1fbdf9e1c46a8 upstream.
+
+This adds the vid:pid of the isodebug v1 isolated JTAG/SWD+UART. Only the
+second channel is available for use as a serial port.
+
+Signed-off-by: Andreas Fritiofson <andreas.fritiofson@unjo.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ftdi_sio.c | 1 +
+ drivers/usb/serial/ftdi_sio_ids.h | 6 ++++++
+ 2 files changed, 7 insertions(+)
+
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -1024,6 +1024,7 @@ static const struct usb_device_id id_tab
+ { USB_DEVICE(AIRBUS_DS_VID, AIRBUS_DS_P8GR) },
+ /* EZPrototypes devices */
+ { USB_DEVICE(EZPROTOTYPES_VID, HJELMSLUND_USB485_ISO_PID) },
++ { USB_DEVICE_INTERFACE_NUMBER(UNJO_VID, UNJO_ISODEBUG_V1_PID, 1) },
+ { } /* Terminating entry */
+ };
+
+--- a/drivers/usb/serial/ftdi_sio_ids.h
++++ b/drivers/usb/serial/ftdi_sio_ids.h
+@@ -1542,3 +1542,9 @@
+ #define CHETCO_SEASMART_DISPLAY_PID 0xA5AD /* SeaSmart NMEA2000 Display */
+ #define CHETCO_SEASMART_LITE_PID 0xA5AE /* SeaSmart Lite USB Adapter */
+ #define CHETCO_SEASMART_ANALOG_PID 0xA5AF /* SeaSmart Analog Adapter */
++
++/*
++ * Unjo AB
++ */
++#define UNJO_VID 0x22B7
++#define UNJO_ISODEBUG_V1_PID 0x150D
--- /dev/null
+From aed2a26283528fb69c38e414f649411aa48fb391 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=B6rgen=20Storvist?= <jorgen.storvist@gmail.com>
+Date: Wed, 19 Jun 2019 00:30:19 +0200
+Subject: USB: serial: option: add support for GosunCn ME3630 RNDIS mode
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Jörgen Storvist <jorgen.storvist@gmail.com>
+
+commit aed2a26283528fb69c38e414f649411aa48fb391 upstream.
+
+Added USB IDs for GosunCn ME3630 cellular module in RNDIS mode.
+
+T: Bus=03 Lev=01 Prnt=01 Port=01 Cnt=03 Dev#= 18 Spd=480 MxCh= 0
+D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
+P: Vendor=19d2 ProdID=0601 Rev=03.18
+S: Manufacturer=Android
+S: Product=Android
+S: SerialNumber=b950269c
+C: #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA
+I: If#=0x0 Alt= 0 #EPs= 1 Cls=e0(wlcon) Sub=01 Prot=03 Driver=rndis_host
+I: If#=0x1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host
+I: If#=0x2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
+I: If#=0x3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+I: If#=0x4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+
+Signed-off-by: Jörgen Storvist <jorgen.storvist@gmail.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/option.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -1338,6 +1338,7 @@ static const struct usb_device_id option
+ .driver_info = RSVD(4) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0414, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0417, 0xff, 0xff, 0xff) },
++ { USB_DEVICE_INTERFACE_CLASS(ZTE_VENDOR_ID, 0x0601, 0xff) }, /* GosunCn ZTE WeLink ME3630 (RNDIS mode) */
+ { USB_DEVICE_INTERFACE_CLASS(ZTE_VENDOR_ID, 0x0602, 0xff) }, /* GosunCn ZTE WeLink ME3630 (MBIM mode) */
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1008, 0xff, 0xff, 0xff),
+ .driver_info = RSVD(4) },
projects / thirdparty / kernel / stable-queue.git / commitdiff
