--- /dev/null
+From eceb05965489784f24bbf4d61ba60e475a983016 Mon Sep 17 00:00:00 2001
+From: Dexuan Cui <decui@microsoft.com>
+Date: Mon, 26 Nov 2018 02:29:56 +0000
+Subject: Drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl()
+
+From: Dexuan Cui <decui@microsoft.com>
+
+commit eceb05965489784f24bbf4d61ba60e475a983016 upstream.
+
+This is a longstanding issue: if the vmbus upper-layer drivers try to
+consume too many GPADLs, the host may return with an error
+0xC0000044 (STATUS_QUOTA_EXCEEDED), but currently we forget to check
+the creation_status, and hence we can pass an invalid GPADL handle
+into the OPEN_CHANNEL message, and get an error code 0xc0000225 in
+open_info->response.open_result.status, and finally we hang in
+vmbus_open() -> "goto error_free_info" -> vmbus_teardown_gpadl().
+
+With this patch, we can exit gracefully on STATUS_QUOTA_EXCEEDED.
+
+Cc: Stephen Hemminger <sthemmin@microsoft.com>
+Cc: K. Y. Srinivasan <kys@microsoft.com>
+Cc: Haiyang Zhang <haiyangz@microsoft.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Dexuan Cui <decui@microsoft.com>
+Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hv/channel.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/hv/channel.c
++++ b/drivers/hv/channel.c
+@@ -482,6 +482,14 @@ int vmbus_establish_gpadl(struct vmbus_c
+ }
+ wait_for_completion(&msginfo->waitevent);
+
++ if (msginfo->response.gpadl_created.creation_status != 0) {
++ pr_err("Failed to establish GPADL: err = 0x%x\n",
++ msginfo->response.gpadl_created.creation_status);
++
++ ret = -EDQUOT;
++ goto cleanup;
++ }
++
+ if (channel->rescind) {
+ ret = -ENODEV;
+ goto cleanup;
--- /dev/null
+From 0145b50566e7de5637e80ecba96c7f0e6fff1aad Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Wed, 31 Oct 2018 15:20:05 +0100
+Subject: iio/hid-sensors: Fix IIO_CHAN_INFO_RAW returning wrong values for signed numbers
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit 0145b50566e7de5637e80ecba96c7f0e6fff1aad upstream.
+
+Before this commit sensor_hub_input_attr_get_raw_value() failed to take
+the signedness of 16 and 8 bit values into account, returning e.g.
+65436 instead of -100 for the z-axis reading of an accelerometer.
+
+This commit adds a new is_signed parameter to the function and makes all
+callers pass the appropriate value for this.
+
+While at it, this commit also fixes up some neighboring lines where
+statements were needlessly split over 2 lines to improve readability.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
+Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Cc: <Stable@vger.kernel.org>
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-sensor-custom.c | 2 +-
+ drivers/hid/hid-sensor-hub.c | 13 ++++++++++---
+ drivers/iio/accel/hid-sensor-accel-3d.c | 5 ++++-
+ drivers/iio/gyro/hid-sensor-gyro-3d.c | 5 ++++-
+ drivers/iio/humidity/hid-sensor-humidity.c | 3 ++-
+ drivers/iio/light/hid-sensor-als.c | 8 +++++---
+ drivers/iio/light/hid-sensor-prox.c | 8 +++++---
+ drivers/iio/magnetometer/hid-sensor-magn-3d.c | 8 +++++---
+ drivers/iio/orientation/hid-sensor-incl-3d.c | 8 +++++---
+ drivers/iio/pressure/hid-sensor-press.c | 8 +++++---
+ drivers/iio/temperature/hid-sensor-temperature.c | 3 ++-
+ drivers/rtc/rtc-hid-sensor-time.c | 2 +-
+ include/linux/hid-sensor-hub.h | 4 +++-
+ 13 files changed, 52 insertions(+), 25 deletions(-)
+
+--- a/drivers/hid/hid-sensor-custom.c
++++ b/drivers/hid/hid-sensor-custom.c
+@@ -358,7 +358,7 @@ static ssize_t show_value(struct device
+ sensor_inst->hsdev,
+ sensor_inst->hsdev->usage,
+ usage, report_id,
+- SENSOR_HUB_SYNC);
++ SENSOR_HUB_SYNC, false);
+ } else if (!strncmp(name, "units", strlen("units")))
+ value = sensor_inst->fields[field_index].attribute.units;
+ else if (!strncmp(name, "unit-expo", strlen("unit-expo")))
+--- a/drivers/hid/hid-sensor-hub.c
++++ b/drivers/hid/hid-sensor-hub.c
+@@ -299,7 +299,8 @@ EXPORT_SYMBOL_GPL(sensor_hub_get_feature
+ int sensor_hub_input_attr_get_raw_value(struct hid_sensor_hub_device *hsdev,
+ u32 usage_id,
+ u32 attr_usage_id, u32 report_id,
+- enum sensor_hub_read_flags flag)
++ enum sensor_hub_read_flags flag,
++ bool is_signed)
+ {
+ struct sensor_hub_data *data = hid_get_drvdata(hsdev->hdev);
+ unsigned long flags;
+@@ -331,10 +332,16 @@ int sensor_hub_input_attr_get_raw_value(
+ &hsdev->pending.ready, HZ*5);
+ switch (hsdev->pending.raw_size) {
+ case 1:
+- ret_val = *(u8 *)hsdev->pending.raw_data;
++ if (is_signed)
++ ret_val = *(s8 *)hsdev->pending.raw_data;
++ else
++ ret_val = *(u8 *)hsdev->pending.raw_data;
+ break;
+ case 2:
+- ret_val = *(u16 *)hsdev->pending.raw_data;
++ if (is_signed)
++ ret_val = *(s16 *)hsdev->pending.raw_data;
++ else
++ ret_val = *(u16 *)hsdev->pending.raw_data;
+ break;
+ case 4:
+ ret_val = *(u32 *)hsdev->pending.raw_data;
+--- a/drivers/iio/accel/hid-sensor-accel-3d.c
++++ b/drivers/iio/accel/hid-sensor-accel-3d.c
+@@ -149,6 +149,7 @@ static int accel_3d_read_raw(struct iio_
+ int report_id = -1;
+ u32 address;
+ int ret_type;
++ s32 min;
+ struct hid_sensor_hub_device *hsdev =
+ accel_state->common_attributes.hsdev;
+
+@@ -158,12 +159,14 @@ static int accel_3d_read_raw(struct iio_
+ case IIO_CHAN_INFO_RAW:
+ hid_sensor_power_state(&accel_state->common_attributes, true);
+ report_id = accel_state->accel[chan->scan_index].report_id;
++ min = accel_state->accel[chan->scan_index].logical_minimum;
+ address = accel_3d_addresses[chan->scan_index];
+ if (report_id >= 0)
+ *val = sensor_hub_input_attr_get_raw_value(
+ accel_state->common_attributes.hsdev,
+ hsdev->usage, address, report_id,
+- SENSOR_HUB_SYNC);
++ SENSOR_HUB_SYNC,
++ min < 0);
+ else {
+ *val = 0;
+ hid_sensor_power_state(&accel_state->common_attributes,
+--- a/drivers/iio/gyro/hid-sensor-gyro-3d.c
++++ b/drivers/iio/gyro/hid-sensor-gyro-3d.c
+@@ -111,6 +111,7 @@ static int gyro_3d_read_raw(struct iio_d
+ int report_id = -1;
+ u32 address;
+ int ret_type;
++ s32 min;
+
+ *val = 0;
+ *val2 = 0;
+@@ -118,13 +119,15 @@ static int gyro_3d_read_raw(struct iio_d
+ case IIO_CHAN_INFO_RAW:
+ hid_sensor_power_state(&gyro_state->common_attributes, true);
+ report_id = gyro_state->gyro[chan->scan_index].report_id;
++ min = gyro_state->gyro[chan->scan_index].logical_minimum;
+ address = gyro_3d_addresses[chan->scan_index];
+ if (report_id >= 0)
+ *val = sensor_hub_input_attr_get_raw_value(
+ gyro_state->common_attributes.hsdev,
+ HID_USAGE_SENSOR_GYRO_3D, address,
+ report_id,
+- SENSOR_HUB_SYNC);
++ SENSOR_HUB_SYNC,
++ min < 0);
+ else {
+ *val = 0;
+ hid_sensor_power_state(&gyro_state->common_attributes,
+--- a/drivers/iio/humidity/hid-sensor-humidity.c
++++ b/drivers/iio/humidity/hid-sensor-humidity.c
+@@ -75,7 +75,8 @@ static int humidity_read_raw(struct iio_
+ HID_USAGE_SENSOR_HUMIDITY,
+ HID_USAGE_SENSOR_ATMOSPHERIC_HUMIDITY,
+ humid_st->humidity_attr.report_id,
+- SENSOR_HUB_SYNC);
++ SENSOR_HUB_SYNC,
++ humid_st->humidity_attr.logical_minimum < 0);
+ hid_sensor_power_state(&humid_st->common_attributes, false);
+
+ return IIO_VAL_INT;
+--- a/drivers/iio/light/hid-sensor-als.c
++++ b/drivers/iio/light/hid-sensor-als.c
+@@ -93,6 +93,7 @@ static int als_read_raw(struct iio_dev *
+ int report_id = -1;
+ u32 address;
+ int ret_type;
++ s32 min;
+
+ *val = 0;
+ *val2 = 0;
+@@ -102,8 +103,8 @@ static int als_read_raw(struct iio_dev *
+ case CHANNEL_SCAN_INDEX_INTENSITY:
+ case CHANNEL_SCAN_INDEX_ILLUM:
+ report_id = als_state->als_illum.report_id;
+- address =
+- HID_USAGE_SENSOR_LIGHT_ILLUM;
++ min = als_state->als_illum.logical_minimum;
++ address = HID_USAGE_SENSOR_LIGHT_ILLUM;
+ break;
+ default:
+ report_id = -1;
+@@ -116,7 +117,8 @@ static int als_read_raw(struct iio_dev *
+ als_state->common_attributes.hsdev,
+ HID_USAGE_SENSOR_ALS, address,
+ report_id,
+- SENSOR_HUB_SYNC);
++ SENSOR_HUB_SYNC,
++ min < 0);
+ hid_sensor_power_state(&als_state->common_attributes,
+ false);
+ } else {
+--- a/drivers/iio/light/hid-sensor-prox.c
++++ b/drivers/iio/light/hid-sensor-prox.c
+@@ -73,6 +73,7 @@ static int prox_read_raw(struct iio_dev
+ int report_id = -1;
+ u32 address;
+ int ret_type;
++ s32 min;
+
+ *val = 0;
+ *val2 = 0;
+@@ -81,8 +82,8 @@ static int prox_read_raw(struct iio_dev
+ switch (chan->scan_index) {
+ case CHANNEL_SCAN_INDEX_PRESENCE:
+ report_id = prox_state->prox_attr.report_id;
+- address =
+- HID_USAGE_SENSOR_HUMAN_PRESENCE;
++ min = prox_state->prox_attr.logical_minimum;
++ address = HID_USAGE_SENSOR_HUMAN_PRESENCE;
+ break;
+ default:
+ report_id = -1;
+@@ -95,7 +96,8 @@ static int prox_read_raw(struct iio_dev
+ prox_state->common_attributes.hsdev,
+ HID_USAGE_SENSOR_PROX, address,
+ report_id,
+- SENSOR_HUB_SYNC);
++ SENSOR_HUB_SYNC,
++ min < 0);
+ hid_sensor_power_state(&prox_state->common_attributes,
+ false);
+ } else {
+--- a/drivers/iio/magnetometer/hid-sensor-magn-3d.c
++++ b/drivers/iio/magnetometer/hid-sensor-magn-3d.c
+@@ -163,21 +163,23 @@ static int magn_3d_read_raw(struct iio_d
+ int report_id = -1;
+ u32 address;
+ int ret_type;
++ s32 min;
+
+ *val = 0;
+ *val2 = 0;
+ switch (mask) {
+ case IIO_CHAN_INFO_RAW:
+ hid_sensor_power_state(&magn_state->magn_flux_attributes, true);
+- report_id =
+- magn_state->magn[chan->address].report_id;
++ report_id = magn_state->magn[chan->address].report_id;
++ min = magn_state->magn[chan->address].logical_minimum;
+ address = magn_3d_addresses[chan->address];
+ if (report_id >= 0)
+ *val = sensor_hub_input_attr_get_raw_value(
+ magn_state->magn_flux_attributes.hsdev,
+ HID_USAGE_SENSOR_COMPASS_3D, address,
+ report_id,
+- SENSOR_HUB_SYNC);
++ SENSOR_HUB_SYNC,
++ min < 0);
+ else {
+ *val = 0;
+ hid_sensor_power_state(
+--- a/drivers/iio/orientation/hid-sensor-incl-3d.c
++++ b/drivers/iio/orientation/hid-sensor-incl-3d.c
+@@ -111,21 +111,23 @@ static int incl_3d_read_raw(struct iio_d
+ int report_id = -1;
+ u32 address;
+ int ret_type;
++ s32 min;
+
+ *val = 0;
+ *val2 = 0;
+ switch (mask) {
+ case IIO_CHAN_INFO_RAW:
+ hid_sensor_power_state(&incl_state->common_attributes, true);
+- report_id =
+- incl_state->incl[chan->scan_index].report_id;
++ report_id = incl_state->incl[chan->scan_index].report_id;
++ min = incl_state->incl[chan->scan_index].logical_minimum;
+ address = incl_3d_addresses[chan->scan_index];
+ if (report_id >= 0)
+ *val = sensor_hub_input_attr_get_raw_value(
+ incl_state->common_attributes.hsdev,
+ HID_USAGE_SENSOR_INCLINOMETER_3D, address,
+ report_id,
+- SENSOR_HUB_SYNC);
++ SENSOR_HUB_SYNC,
++ min < 0);
+ else {
+ hid_sensor_power_state(&incl_state->common_attributes,
+ false);
+--- a/drivers/iio/pressure/hid-sensor-press.c
++++ b/drivers/iio/pressure/hid-sensor-press.c
+@@ -77,6 +77,7 @@ static int press_read_raw(struct iio_dev
+ int report_id = -1;
+ u32 address;
+ int ret_type;
++ s32 min;
+
+ *val = 0;
+ *val2 = 0;
+@@ -85,8 +86,8 @@ static int press_read_raw(struct iio_dev
+ switch (chan->scan_index) {
+ case CHANNEL_SCAN_INDEX_PRESSURE:
+ report_id = press_state->press_attr.report_id;
+- address =
+- HID_USAGE_SENSOR_ATMOSPHERIC_PRESSURE;
++ min = press_state->press_attr.logical_minimum;
++ address = HID_USAGE_SENSOR_ATMOSPHERIC_PRESSURE;
+ break;
+ default:
+ report_id = -1;
+@@ -99,7 +100,8 @@ static int press_read_raw(struct iio_dev
+ press_state->common_attributes.hsdev,
+ HID_USAGE_SENSOR_PRESSURE, address,
+ report_id,
+- SENSOR_HUB_SYNC);
++ SENSOR_HUB_SYNC,
++ min < 0);
+ hid_sensor_power_state(&press_state->common_attributes,
+ false);
+ } else {
+--- a/drivers/iio/temperature/hid-sensor-temperature.c
++++ b/drivers/iio/temperature/hid-sensor-temperature.c
+@@ -76,7 +76,8 @@ static int temperature_read_raw(struct i
+ HID_USAGE_SENSOR_TEMPERATURE,
+ HID_USAGE_SENSOR_DATA_ENVIRONMENTAL_TEMPERATURE,
+ temp_st->temperature_attr.report_id,
+- SENSOR_HUB_SYNC);
++ SENSOR_HUB_SYNC,
++ temp_st->temperature_attr.logical_minimum < 0);
+ hid_sensor_power_state(
+ &temp_st->common_attributes,
+ false);
+--- a/drivers/rtc/rtc-hid-sensor-time.c
++++ b/drivers/rtc/rtc-hid-sensor-time.c
+@@ -213,7 +213,7 @@ static int hid_rtc_read_time(struct devi
+ /* get a report with all values through requesting one value */
+ sensor_hub_input_attr_get_raw_value(time_state->common_attributes.hsdev,
+ HID_USAGE_SENSOR_TIME, hid_time_addresses[0],
+- time_state->info[0].report_id, SENSOR_HUB_SYNC);
++ time_state->info[0].report_id, SENSOR_HUB_SYNC, false);
+ /* wait for all values (event) */
+ ret = wait_for_completion_killable_timeout(
+ &time_state->comp_last_time, HZ*6);
+--- a/include/linux/hid-sensor-hub.h
++++ b/include/linux/hid-sensor-hub.h
+@@ -177,6 +177,7 @@ int sensor_hub_input_get_attribute_info(
+ * @attr_usage_id: Attribute usage id as per spec
+ * @report_id: Report id to look for
+ * @flag: Synchronous or asynchronous read
++* @is_signed: If true then fields < 32 bits will be sign-extended
+ *
+ * Issues a synchronous or asynchronous read request for an input attribute.
+ * Returns data upto 32 bits.
+@@ -190,7 +191,8 @@ enum sensor_hub_read_flags {
+ int sensor_hub_input_attr_get_raw_value(struct hid_sensor_hub_device *hsdev,
+ u32 usage_id,
+ u32 attr_usage_id, u32 report_id,
+- enum sensor_hub_read_flags flag
++ enum sensor_hub_read_flags flag,
++ bool is_signed
+ );
+
+ /**
--- /dev/null
+From fe5192ac81ad0d4dfe1395d11f393f0513c15f7f Mon Sep 17 00:00:00 2001
+From: Martin Kelly <martin@martingkelly.com>
+Date: Sun, 28 Oct 2018 20:18:53 -0700
+Subject: iio:st_magn: Fix enable device after trigger
+
+From: Martin Kelly <martin@martingkelly.com>
+
+commit fe5192ac81ad0d4dfe1395d11f393f0513c15f7f upstream.
+
+Currently, we enable the device before we enable the device trigger. At
+high frequencies, this can cause interrupts that don't yet have a poll
+function associated with them and are thus treated as spurious. At high
+frequencies with level interrupts, this can even cause an interrupt storm
+of repeated spurious interrupts (~100,000 on my Beagleboard with the
+LSM9DS1 magnetometer). If these repeat too much, the interrupt will get
+disabled and the device will stop functioning.
+
+To prevent these problems, enable the device prior to enabling the device
+trigger, and disable the divec prior to disabling the trigger. This means
+there's no window of time during which the device creates interrupts but we
+have no trigger to answer them.
+
+Fixes: 90efe055629 ("iio: st_sensors: harden interrupt handling")
+Signed-off-by: Martin Kelly <martin@martingkelly.com>
+Tested-by: Denis Ciocca <denis.ciocca@st.com>
+Cc: <Stable@vger.kernel.org>
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iio/magnetometer/st_magn_buffer.c | 12 +++---------
+ 1 file changed, 3 insertions(+), 9 deletions(-)
+
+--- a/drivers/iio/magnetometer/st_magn_buffer.c
++++ b/drivers/iio/magnetometer/st_magn_buffer.c
+@@ -30,11 +30,6 @@ int st_magn_trig_set_state(struct iio_tr
+ return st_sensors_set_dataready_irq(indio_dev, state);
+ }
+
+-static int st_magn_buffer_preenable(struct iio_dev *indio_dev)
+-{
+- return st_sensors_set_enable(indio_dev, true);
+-}
+-
+ static int st_magn_buffer_postenable(struct iio_dev *indio_dev)
+ {
+ int err;
+@@ -50,7 +45,7 @@ static int st_magn_buffer_postenable(str
+ if (err < 0)
+ goto st_magn_buffer_postenable_error;
+
+- return err;
++ return st_sensors_set_enable(indio_dev, true);
+
+ st_magn_buffer_postenable_error:
+ kfree(mdata->buffer_data);
+@@ -63,11 +58,11 @@ static int st_magn_buffer_predisable(str
+ int err;
+ struct st_sensor_data *mdata = iio_priv(indio_dev);
+
+- err = iio_triggered_buffer_predisable(indio_dev);
++ err = st_sensors_set_enable(indio_dev, false);
+ if (err < 0)
+ goto st_magn_buffer_predisable_error;
+
+- err = st_sensors_set_enable(indio_dev, false);
++ err = iio_triggered_buffer_predisable(indio_dev);
+
+ st_magn_buffer_predisable_error:
+ kfree(mdata->buffer_data);
+@@ -75,7 +70,6 @@ st_magn_buffer_predisable_error:
+ }
+
+ static const struct iio_buffer_setup_ops st_magn_buffer_setup_ops = {
+- .preenable = &st_magn_buffer_preenable,
+ .postenable = &st_magn_buffer_postenable,
+ .predisable = &st_magn_buffer_predisable,
+ };
--- /dev/null
+From 5618cf031fecda63847cafd1091e7b8bd626cdb1 Mon Sep 17 00:00:00 2001
+From: Luis Chamberlain <mcgrof@kernel.org>
+Date: Fri, 30 Nov 2018 14:09:21 -0800
+Subject: lib/test_kmod.c: fix rmmod double free
+
+From: Luis Chamberlain <mcgrof@kernel.org>
+
+commit 5618cf031fecda63847cafd1091e7b8bd626cdb1 upstream.
+
+We free the misc device string twice on rmmod; fix this. Without this
+we cannot remove the module without crashing.
+
+Link: http://lkml.kernel.org/r/20181124050500.5257-1-mcgrof@kernel.org
+Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
+Reported-by: Randy Dunlap <rdunlap@infradead.org>
+Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
+Cc: <stable@vger.kernel.org> [4.12+]
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ lib/test_kmod.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/lib/test_kmod.c
++++ b/lib/test_kmod.c
+@@ -1214,7 +1214,6 @@ void unregister_test_dev_kmod(struct kmo
+
+ dev_info(test_dev->dev, "removing interface\n");
+ misc_deregister(&test_dev->misc_dev);
+- kfree(&test_dev->misc_dev.name);
+
+ mutex_unlock(&test_dev->config_mutex);
+ mutex_unlock(&test_dev->trigger_mutex);
--- /dev/null
+From 6484a677294aa5d08c0210f2f387ebb9be646115 Mon Sep 17 00:00:00 2001
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Wed, 14 Nov 2018 01:57:03 +0000
+Subject: misc: mic/scif: fix copy-paste error in scif_create_remote_lookup
+
+From: YueHaibing <yuehaibing@huawei.com>
+
+commit 6484a677294aa5d08c0210f2f387ebb9be646115 upstream.
+
+gcc '-Wunused-but-set-variable' warning:
+
+drivers/misc/mic/scif/scif_rma.c: In function 'scif_create_remote_lookup':
+drivers/misc/mic/scif/scif_rma.c:373:25: warning:
+ variable 'vmalloc_num_pages' set but not used [-Wunused-but-set-variable]
+
+'vmalloc_num_pages' should be used to determine if the address is
+within the vmalloc range.
+
+Fixes: ba612aa8b487 ("misc: mic: SCIF memory registration and unregistration")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/misc/mic/scif/scif_rma.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/misc/mic/scif/scif_rma.c
++++ b/drivers/misc/mic/scif/scif_rma.c
+@@ -416,7 +416,7 @@ static int scif_create_remote_lookup(str
+ if (err)
+ goto error_window;
+ err = scif_map_page(&window->num_pages_lookup.lookup[j],
+- vmalloc_dma_phys ?
++ vmalloc_num_pages ?
+ vmalloc_to_page(&window->num_pages[i]) :
+ virt_to_page(&window->num_pages[i]),
+ remote_dev);
--- /dev/null
+From 6ff38bd40230af35e446239396e5fc8ebd6a5248 Mon Sep 17 00:00:00 2001
+From: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
+Date: Fri, 30 Nov 2018 14:09:00 -0800
+Subject: mm: cleancache: fix corruption on missed inode invalidation
+
+From: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
+
+commit 6ff38bd40230af35e446239396e5fc8ebd6a5248 upstream.
+
+If all pages are deleted from the mapping by memory reclaim and also
+moved to the cleancache:
+
+__delete_from_page_cache
+ (no shadow case)
+ unaccount_page_cache_page
+ cleancache_put_page
+ page_cache_delete
+ mapping->nrpages -= nr
+ (nrpages becomes 0)
+
+We don't clean the cleancache for an inode after final file truncation
+(removal).
+
+truncate_inode_pages_final
+ check (nrpages || nrexceptional) is false
+ no truncate_inode_pages
+ no cleancache_invalidate_inode(mapping)
+
+These way when reading the new file created with same inode we may get
+these trash leftover pages from cleancache and see wrong data instead of
+the contents of the new file.
+
+Fix it by always doing truncate_inode_pages which is already ready for
+nrpages == 0 && nrexceptional == 0 case and just invalidates inode.
+
+[akpm@linux-foundation.org: add comment, per Jan]
+Link: http://lkml.kernel.org/r/20181112095734.17979-1-ptikhomirov@virtuozzo.com
+Fixes: commit 91b0abe36a7b ("mm + fs: store shadow entries in page cache")
+Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
+Reviewed-by: Vasily Averin <vvs@virtuozzo.com>
+Reviewed-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Cc: Johannes Weiner <hannes@cmpxchg.org>
+Cc: Mel Gorman <mgorman@techsingularity.net>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/truncate.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/mm/truncate.c
++++ b/mm/truncate.c
+@@ -520,9 +520,13 @@ void truncate_inode_pages_final(struct a
+ */
+ xa_lock_irq(&mapping->i_pages);
+ xa_unlock_irq(&mapping->i_pages);
+-
+- truncate_inode_pages(mapping, 0);
+ }
++
++ /*
++ * Cleancache needs notification even if there are no pages or shadow
++ * entries.
++ */
++ truncate_inode_pages(mapping, 0);
+ }
+ EXPORT_SYMBOL(truncate_inode_pages_final);
+
--- /dev/null
+From c1cb20d43728aa9b5393bd8d489bc85c142949b2 Mon Sep 17 00:00:00 2001
+From: Yu Zhao <yuzhao@google.com>
+Date: Fri, 30 Nov 2018 14:09:03 -0800
+Subject: mm: use swp_offset as key in shmem_replace_page()
+
+From: Yu Zhao <yuzhao@google.com>
+
+commit c1cb20d43728aa9b5393bd8d489bc85c142949b2 upstream.
+
+We changed the key of swap cache tree from swp_entry_t.val to
+swp_offset. We need to do so in shmem_replace_page() as well.
+
+Hugh said:
+ "shmem_replace_page() has been wrong since the day I wrote it: good
+ enough to work on swap "type" 0, which is all most people ever use
+ (especially those few who need shmem_replace_page() at all), but
+ broken once there are any non-0 swp_type bits set in the higher order
+ bits"
+
+Link: http://lkml.kernel.org/r/20181121215442.138545-1-yuzhao@google.com
+Fixes: f6ab1f7f6b2d ("mm, swap: use offset of swap entry as key of swap cache")
+Signed-off-by: Yu Zhao <yuzhao@google.com>
+Reviewed-by: Matthew Wilcox <willy@infradead.org>
+Acked-by: Hugh Dickins <hughd@google.com>
+Cc: <stable@vger.kernel.org> [4.9+]
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/shmem.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/mm/shmem.c
++++ b/mm/shmem.c
+@@ -1551,11 +1551,13 @@ static int shmem_replace_page(struct pag
+ {
+ struct page *oldpage, *newpage;
+ struct address_space *swap_mapping;
++ swp_entry_t entry;
+ pgoff_t swap_index;
+ int error;
+
+ oldpage = *pagep;
+- swap_index = page_private(oldpage);
++ entry.val = page_private(oldpage);
++ swap_index = swp_offset(entry);
+ swap_mapping = page_mapping(oldpage);
+
+ /*
+@@ -1574,7 +1576,7 @@ static int shmem_replace_page(struct pag
+ __SetPageLocked(newpage);
+ __SetPageSwapBacked(newpage);
+ SetPageUptodate(newpage);
+- set_page_private(newpage, swap_index);
++ set_page_private(newpage, entry.val);
+ SetPageSwapCache(newpage);
+
+ /*
--- /dev/null
+From 38317f5c0f2faae5110854f36edad810f841d62f Mon Sep 17 00:00:00 2001
+From: Felipe Balbi <felipe.balbi@linux.intel.com>
+Date: Mon, 19 Nov 2018 08:34:04 +0200
+Subject: Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid"
+
+From: Felipe Balbi <felipe.balbi@linux.intel.com>
+
+commit 38317f5c0f2faae5110854f36edad810f841d62f upstream.
+
+This reverts commit ffb80fc672c3a7b6afd0cefcb1524fb99917b2f3.
+
+Turns out that commit is wrong. Host controllers are allowed to use
+Clear Feature HALT as means to sync data toggle between host and
+periperal.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/dwc3/gadget.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+--- a/drivers/usb/dwc3/gadget.c
++++ b/drivers/usb/dwc3/gadget.c
+@@ -1461,9 +1461,6 @@ int __dwc3_gadget_ep_set_halt(struct dwc
+ unsigned transfer_in_flight;
+ unsigned started;
+
+- if (dep->flags & DWC3_EP_STALL)
+- return 0;
+-
+ if (dep->number > 1)
+ trb = dwc3_ep_prev_trb(dep, dep->trb_enqueue);
+ else
+@@ -1485,8 +1482,6 @@ int __dwc3_gadget_ep_set_halt(struct dwc
+ else
+ dep->flags |= DWC3_EP_STALL;
+ } else {
+- if (!(dep->flags & DWC3_EP_STALL))
+- return 0;
+
+ ret = dwc3_send_clear_stall_ep_cmd(dep);
+ if (ret)
arm-dts-rockchip-remove-0-from-the-veyron-memory-node.patch
dmaengine-at_hdmac-fix-memory-leak-in-at_dma_xlate.patch
dmaengine-at_hdmac-fix-module-unloading.patch
+staging-most-use-format-specifier-s-in-snprintf.patch
+staging-vchiq_arm-fix-compat-vchiq_ioc_await_completion.patch
+staging-mt7621-dma-fix-potentially-dereferencing-uninitialized-tx_desc.patch
+staging-mt7621-pinctrl-fix-uninitialized-variable-ngroups.patch
+staging-rtl8723bs-fix-incorrect-sense-of-ether_addr_equal.patch
+staging-rtl8723bs-add-missing-return-for-cfg80211_rtw_get_station.patch
+usb-usb-storage-add-new-ids-to-ums-realtek.patch
+usb-core-quirks-add-reset_resume-quirk-for-cherry-g230-stream-series.patch
+revert-usb-dwc3-gadget-skip-set-clear-halt-when-invalid.patch
+iio-hid-sensors-fix-iio_chan_info_raw-returning-wrong-values-for-signed-numbers.patch
+iio-st_magn-fix-enable-device-after-trigger.patch
+lib-test_kmod.c-fix-rmmod-double-free.patch
+mm-cleancache-fix-corruption-on-missed-inode-invalidation.patch
+mm-use-swp_offset-as-key-in-shmem_replace_page.patch
+drivers-hv-vmbus-check-the-creation_status-in-vmbus_establish_gpadl.patch
+misc-mic-scif-fix-copy-paste-error-in-scif_create_remote_lookup.patch
--- /dev/null
+From 13c45007e0a87e912da21223599583fdea677914 Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Fri, 9 Nov 2018 11:56:45 +0000
+Subject: staging: most: use format specifier "%s" in snprintf
+
+From: Colin Ian King <colin.king@canonical.com>
+
+commit 13c45007e0a87e912da21223599583fdea677914 upstream.
+
+Passing string ch_data_type[i].name as the format specifier is
+potentially hazardous because it could (although very unlikely to)
+have a format specifier embedded in it causing issues when parsing
+the non-existent arguments to these. Follow best practice by using
+the "%s" format string for the string.
+
+Cleans up clang warning:
+format string is not a string literal (potentially insecure) [-Wformat-security]
+
+Fixes: e7f2b70fd3a9 ("staging: most: replace multiple if..else with table lookup")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/most/core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/staging/most/core.c
++++ b/drivers/staging/most/core.c
+@@ -351,7 +351,7 @@ static ssize_t set_datatype_show(struct
+
+ for (i = 0; i < ARRAY_SIZE(ch_data_type); i++) {
+ if (c->cfg.data_type & ch_data_type[i].most_ch_data_type)
+- return snprintf(buf, PAGE_SIZE, ch_data_type[i].name);
++ return snprintf(buf, PAGE_SIZE, "%s", ch_data_type[i].name);
+ }
+ return snprintf(buf, PAGE_SIZE, "unconfigured\n");
+ }
--- /dev/null
+From 354e379684fcc70ab8d5450b4d57bd92b5294dfd Mon Sep 17 00:00:00 2001
+From: Sergio Paracuellos <sergio.paracuellos@gmail.com>
+Date: Sat, 20 Oct 2018 13:31:06 +0200
+Subject: staging: mt7621-dma: fix potentially dereferencing uninitialized 'tx_desc'
+
+From: Sergio Paracuellos <sergio.paracuellos@gmail.com>
+
+commit 354e379684fcc70ab8d5450b4d57bd92b5294dfd upstream.
+
+Function 'mtk_hsdma_start_transfer' uses 'tx_desc' pointer which can be
+dereferenced before it is initializated. Initializate pointer before
+avoiding the problem.
+
+Fixes: 0853c7a53eb3 ("staging: mt7621-dma: ralink: add rt2880 dma engine")
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Sergio Paracuellos <sergio.paracuellos@gmail.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/mt7621-dma/mtk-hsdma.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/staging/mt7621-dma/mtk-hsdma.c
++++ b/drivers/staging/mt7621-dma/mtk-hsdma.c
+@@ -335,6 +335,8 @@ static int mtk_hsdma_start_transfer(stru
+ /* tx desc */
+ src = sg->src_addr;
+ for (i = 0; i < chan->desc->num_sgs; i++) {
++ tx_desc = &chan->tx_ring[chan->tx_idx];
++
+ if (len > HSDMA_MAX_PLEN)
+ tlen = HSDMA_MAX_PLEN;
+ else
+@@ -344,7 +346,6 @@ static int mtk_hsdma_start_transfer(stru
+ tx_desc->addr1 = src;
+ tx_desc->flags |= HSDMA_DESC_PLEN1(tlen);
+ } else {
+- tx_desc = &chan->tx_ring[chan->tx_idx];
+ tx_desc->addr0 = src;
+ tx_desc->flags = HSDMA_DESC_PLEN0(tlen);
+
--- /dev/null
+From cd56a5141331abfe218d744a3d66e1788135d482 Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Sat, 10 Nov 2018 23:28:06 +0000
+Subject: staging: mt7621-pinctrl: fix uninitialized variable ngroups
+
+From: Colin Ian King <colin.king@canonical.com>
+
+commit cd56a5141331abfe218d744a3d66e1788135d482 upstream.
+
+Currently the for_each_node_with_property loop us incrementing variable
+ngroups however it was not initialized and hence will contain garbage.
+Fix this by initializing ngroups to zero.
+
+Detected with static analysis with cppcheck:
+
+drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c:89]: (error) Uninitialized
+variable: ngroups
+
+Fixes: e12a1a6e087b ("staging: mt7621-pinctrl: refactor rt2880_pinctrl_dt_node_to_map function")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Reviewed-by: Sergio Paracuellos <sergio.paracuellos@gmail.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c
++++ b/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c
+@@ -82,7 +82,7 @@ static int rt2880_pinctrl_dt_node_to_map
+ struct property *prop;
+ const char *function_name, *group_name;
+ int ret;
+- int ngroups;
++ int ngroups = 0;
+ unsigned int reserved_maps = 0;
+
+ for_each_node_with_property(np_config, "group")
--- /dev/null
+From 8561fb31a1f9594e2807681f5c0721894e367f19 Mon Sep 17 00:00:00 2001
+From: Larry Finger <Larry.Finger@lwfinger.net>
+Date: Thu, 8 Nov 2018 23:30:09 -0600
+Subject: staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station
+
+From: Larry Finger <Larry.Finger@lwfinger.net>
+
+commit 8561fb31a1f9594e2807681f5c0721894e367f19 upstream.
+
+With Androidx86 8.1, wificond returns "failed to get
+nl80211_sta_info_tx_failed" and wificondControl returns "Invalid signal
+poll result from wificond". The fix is to OR sinfo->filled with
+BIT_ULL(NL80211_STA_INFO_TX_FAILED).
+
+This missing bit is apparently not needed with NetworkManager, but it
+does no harm in that case.
+
+Reported-and-Tested-by: youling257 <youling257@gmail.com>
+Cc: linux-wireless@vger.kernel.org
+Cc: youling257 <youling257@gmail.com>
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c
++++ b/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c
+@@ -1277,7 +1277,7 @@ static int cfg80211_rtw_get_station(stru
+
+ sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
+ sinfo->tx_packets = psta->sta_stats.tx_pkts;
+-
++ sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
+ }
+
+ /* for Ad-Hoc/AP mode */
--- /dev/null
+From c948c6915b620f075496846df8d4487ee0c56121 Mon Sep 17 00:00:00 2001
+From: Larry Finger <Larry.Finger@lwfinger.net>
+Date: Tue, 6 Nov 2018 21:33:14 -0600
+Subject: staging: rtl8723bs: Fix incorrect sense of ether_addr_equal
+
+From: Larry Finger <Larry.Finger@lwfinger.net>
+
+commit c948c6915b620f075496846df8d4487ee0c56121 upstream.
+
+In commit b37f9e1c3801 ("staging: rtl8723bs: Fix lines too long in
+update_recvframe_attrib()."), the refactoring involved replacing
+two memcmp() calls with ether_addr_equal() calls. What the author
+missed is that memcmp() returns false when the two strings are equal,
+whereas ether_addr_equal() returns true when the two addresses are
+equal. One side effect of this error is that the strength of an
+unassociated AP was much stronger than the same AP after association.
+This bug is reported at bko#201611.
+
+Fixes: b37f9e1c3801 ("staging: rtl8723bs: Fix lines too long in update_recvframe_attrib().")
+Cc: Stable <stable@vger.kernel.org>
+Cc: youling257 <youling257@gmail.com>
+Cc: u.srikant.patnaik@gmail.com
+Reported-and-tested-by: youling257 <youling257@gmail.com>
+Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c
++++ b/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c
+@@ -109,12 +109,12 @@ static void update_recvframe_phyinfo(uni
+ rx_bssid = get_hdr_bssid(wlanhdr);
+ pkt_info.bssid_match = ((!IsFrameTypeCtrl(wlanhdr)) &&
+ !pattrib->icv_err && !pattrib->crc_err &&
+- !ether_addr_equal(rx_bssid, my_bssid));
++ ether_addr_equal(rx_bssid, my_bssid));
+
+ rx_ra = get_ra(wlanhdr);
+ my_hwaddr = myid(&padapter->eeprompriv);
+ pkt_info.to_self = pkt_info.bssid_match &&
+- !ether_addr_equal(rx_ra, my_hwaddr);
++ ether_addr_equal(rx_ra, my_hwaddr);
+
+
+ pkt_info.is_beacon = pkt_info.bssid_match &&
--- /dev/null
+From 5a96b2d38dc054c0bbcbcd585b116566cbd877fe Mon Sep 17 00:00:00 2001
+From: Ben Wolsieffer <benwolsieffer@gmail.com>
+Date: Sat, 3 Nov 2018 19:32:20 -0400
+Subject: staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION
+
+From: Ben Wolsieffer <benwolsieffer@gmail.com>
+
+commit 5a96b2d38dc054c0bbcbcd585b116566cbd877fe upstream.
+
+The compatibility ioctl wrapper for VCHIQ_IOC_AWAIT_COMPLETION assumes that
+the native ioctl always uses a message buffer and decrements msgbufcount.
+Certain message types do not use a message buffer and in this case
+msgbufcount is not decremented, and completion->header for the message is
+NULL. Because the wrapper unconditionally decrements msgbufcount, the
+calling process may assume that a message buffer has been used even when
+it has not.
+
+This results in a memory leak in the userspace code that interfaces with
+this driver. When msgbufcount is decremented, the userspace code assumes
+that the buffer can be freed though the reference in completion->header,
+which cannot happen when the reference is NULL.
+
+This patch causes the wrapper to only decrement msgbufcount when the
+native ioctl decrements it. Note that we cannot simply copy the native
+ioctl's value of msgbufcount, because the wrapper only retrieves messages
+from the native ioctl one at a time, while userspace may request multiple
+messages.
+
+See https://github.com/raspberrypi/linux/pull/2703 for more discussion of
+this patch.
+
+Fixes: 5569a1260933 ("staging: vchiq_arm: Add compatibility wrappers for ioctls")
+Signed-off-by: Ben Wolsieffer <benwolsieffer@gmail.com>
+Acked-by: Stefan Wahren <stefan.wahren@i2se.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
++++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+@@ -1787,6 +1787,7 @@ vchiq_compat_ioctl_await_completion(stru
+ struct vchiq_await_completion32 args32;
+ struct vchiq_completion_data32 completion32;
+ unsigned int *msgbufcount32;
++ unsigned int msgbufcount_native;
+ compat_uptr_t msgbuf32;
+ void *msgbuf;
+ void **msgbufptr;
+@@ -1898,7 +1899,11 @@ vchiq_compat_ioctl_await_completion(stru
+ sizeof(completion32)))
+ return -EFAULT;
+
+- args32.msgbufcount--;
++ if (get_user(msgbufcount_native, &args->msgbufcount))
++ return -EFAULT;
++
++ if (!msgbufcount_native)
++ args32.msgbufcount--;
+
+ msgbufcount32 =
+ &((struct vchiq_await_completion32 __user *)arg)->msgbufcount;
--- /dev/null
+From effd14f66cc1ef6701a19c5a56e39c35f4d395a5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20Niew=C3=B6hner?= <linux@mniewoehner.de>
+Date: Sun, 25 Nov 2018 17:57:33 +0100
+Subject: usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Michael Niewöhner <linux@mniewoehner.de>
+
+commit effd14f66cc1ef6701a19c5a56e39c35f4d395a5 upstream.
+
+Cherry G230 Stream 2.0 (G85-231) and 3.0 (G85-232) need this quirk to
+function correctly. This fixes a but where double pressing numlock locks
+up the device completely with need to replug the keyboard.
+
+Signed-off-by: Michael Niewöhner <linux@mniewoehner.de>
+Tested-by: Michael Niewöhner <linux@mniewoehner.de>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/core/quirks.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/usb/core/quirks.c
++++ b/drivers/usb/core/quirks.c
+@@ -209,6 +209,9 @@ static const struct usb_device_id usb_qu
+ /* Microsoft LifeCam-VX700 v2.0 */
+ { USB_DEVICE(0x045e, 0x0770), .driver_info = USB_QUIRK_RESET_RESUME },
+
++ /* Cherry Stream G230 2.0 (G85-231) and 3.0 (G85-232) */
++ { USB_DEVICE(0x046a, 0x0023), .driver_info = USB_QUIRK_RESET_RESUME },
++
+ /* Logitech HD Pro Webcams C920, C920-C, C925e and C930e */
+ { USB_DEVICE(0x046d, 0x082d), .driver_info = USB_QUIRK_DELAY_INIT },
+ { USB_DEVICE(0x046d, 0x0841), .driver_info = USB_QUIRK_DELAY_INIT },
--- /dev/null
+From a84a1bcc992f0545a51d2e120b8ca2ef20e2ea97 Mon Sep 17 00:00:00 2001
+From: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Date: Fri, 23 Nov 2018 08:42:19 +0000
+Subject: USB: usb-storage: Add new IDs to ums-realtek
+
+From: Kai-Heng Feng <kai.heng.feng@canonical.com>
+
+commit a84a1bcc992f0545a51d2e120b8ca2ef20e2ea97 upstream.
+
+There are two new Realtek card readers require ums-realtek to work
+correctly.
+
+Add the new IDs to support them.
+
+Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Acked-by: Alan Stern <stern@rowland.harvard.edu>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/storage/unusual_realtek.h | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/drivers/usb/storage/unusual_realtek.h
++++ b/drivers/usb/storage/unusual_realtek.h
+@@ -27,4 +27,14 @@ UNUSUAL_DEV(0x0bda, 0x0159, 0x0000, 0x99
+ "USB Card Reader",
+ USB_SC_DEVICE, USB_PR_DEVICE, init_realtek_cr, 0),
+
++UNUSUAL_DEV(0x0bda, 0x0177, 0x0000, 0x9999,
++ "Realtek",
++ "USB Card Reader",
++ USB_SC_DEVICE, USB_PR_DEVICE, init_realtek_cr, 0),
++
++UNUSUAL_DEV(0x0bda, 0x0184, 0x0000, 0x9999,
++ "Realtek",
++ "USB Card Reader",
++ USB_SC_DEVICE, USB_PR_DEVICE, init_realtek_cr, 0),
++
+ #endif /* defined(CONFIG_USB_STORAGE_REALTEK) || ... */
projects / thirdparty / kernel / stable-queue.git / commitdiff
