--- /dev/null
+From 30f939feaeee23e21391cfc7b484f012eb189c3c Mon Sep 17 00:00:00 2001
+From: Vlad Tsyrklevich <vlad@tsyrklevich.net>
+Date: Mon, 9 Jan 2017 22:53:36 +0700
+Subject: i2c: fix kernel memory disclosure in dev interface
+
+From: Vlad Tsyrklevich <vlad@tsyrklevich.net>
+
+commit 30f939feaeee23e21391cfc7b484f012eb189c3c upstream.
+
+i2c_smbus_xfer() does not always fill an entire block, allowing
+kernel stack memory disclosure through the temp variable. Clear
+it before it's read to.
+
+Signed-off-by: Vlad Tsyrklevich <vlad@tsyrklevich.net>
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/i2c/i2c-dev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/i2c/i2c-dev.c
++++ b/drivers/i2c/i2c-dev.c
+@@ -329,7 +329,7 @@ static noinline int i2cdev_ioctl_smbus(s
+ unsigned long arg)
+ {
+ struct i2c_smbus_ioctl_data data_arg;
+- union i2c_smbus_data temp;
++ union i2c_smbus_data temp = {};
+ int datasize, res;
+
+ if (copy_from_user(&data_arg,
--- /dev/null
+From 6f724fb3039522486fce2e32e4c0fbe238a6ab02 Mon Sep 17 00:00:00 2001
+From: John Garry <john.garry@huawei.com>
+Date: Fri, 6 Jan 2017 19:02:57 +0800
+Subject: i2c: print correct device invalid address
+
+From: John Garry <john.garry@huawei.com>
+
+commit 6f724fb3039522486fce2e32e4c0fbe238a6ab02 upstream.
+
+In of_i2c_register_device(), when the check for
+device address validity fails we print the info.addr,
+which has not been assigned properly.
+
+Fix this by printing the actual invalid address.
+
+Signed-off-by: John Garry <john.garry@huawei.com>
+Reviewed-by: Vladimir Zapolskiy <vz@mleia.com>
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Fixes: b4e2f6ac1281 ("i2c: apply DT flags when probing")
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/i2c/i2c-core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/i2c/i2c-core.c
++++ b/drivers/i2c/i2c-core.c
+@@ -1400,7 +1400,7 @@ static struct i2c_client *of_i2c_registe
+
+ if (i2c_check_addr_validity(addr, info.flags)) {
+ dev_err(&adap->dev, "of_i2c: invalid addr=%x on %s\n",
+- info.addr, node->full_name);
++ addr, node->full_name);
+ return ERR_PTR(-EINVAL);
+ }
+
--- /dev/null
+From 1c3415a06b1016a596bfe59e0cfee56c773aa958 Mon Sep 17 00:00:00 2001
+From: Guenter Roeck <linux@roeck-us.net>
+Date: Thu, 5 Jan 2017 14:14:54 -0800
+Subject: Input: elants_i2c - avoid divide by 0 errors on bad touchscreen data
+
+From: Guenter Roeck <linux@roeck-us.net>
+
+commit 1c3415a06b1016a596bfe59e0cfee56c773aa958 upstream.
+
+The following crash may be seen if bad data is received from the
+touchscreen.
+
+[ 2189.425150] elants_i2c i2c-ELAN0001:00: unknown packet ff ff ff ff
+[ 2189.430738] divide error: 0000 [#1] PREEMPT SMP
+[ 2189.434679] gsmi: Log Shutdown Reason 0x03
+[ 2189.434689] Modules linked in: ip6t_REJECT nf_reject_ipv6 rfcomm evdi
+uinput uvcvideo cmac videobuf2_vmalloc videobuf2_memops snd_hda_codec_hdmi
+i2c_dev videobuf2_core snd_soc_sst_cht_bsw_rt5645 snd_hda_intel
+snd_intel_sst_acpi btusb btrtl btbcm btintel bluetooth snd_soc_sst_acpi
+snd_hda_codec snd_intel_sst_core snd_hwdep snd_soc_sst_mfld_platform
+snd_hda_core snd_soc_rt5645 memconsole_x86_legacy memconsole zram snd_soc_rl6231
+fuse ip6table_filter iwlmvm iwlwifi iwl7000_mac80211 cfg80211 iio_trig_sysfs
+joydev cros_ec_sensors cros_ec_sensors_core industrialio_triggered_buffer
+kfifo_buf industrialio snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq
+snd_seq_device ppp_async ppp_generic slhc tun
+[ 2189.434866] CPU: 0 PID: 106 Comm: irq/184-ELAN000 Tainted: G W
+3.18.0-13101-g57e8190 #1
+[ 2189.434883] Hardware name: GOOGLE Ultima, BIOS Google_Ultima.7287.131.43 07/20/2016
+[ 2189.434898] task: ffff88017a0b6d80 ti: ffff88017a2bc000 task.ti: ffff88017a2bc000
+[ 2189.434913] RIP: 0010:[<ffffffffbecc48d5>] [<ffffffffbecc48d5>] elants_i2c_irq+0x190/0x200
+[ 2189.434937] RSP: 0018:ffff88017a2bfd98 EFLAGS: 00010293
+[ 2189.434948] RAX: 0000000000000000 RBX: ffff88017a967828 RCX: ffff88017a9678e8
+[ 2189.434962] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000000
+[ 2189.434975] RBP: ffff88017a2bfdd8 R08: 00000000000003e8 R09: 0000000000000000
+[ 2189.434989] R10: 0000000000000000 R11: 000000000044a2bd R12: ffff88017a991800
+[ 2189.435001] R13: ffffffffbe8a2a53 R14: ffff88017a0b6d80 R15: ffff88017a0b6d80
+[ 2189.435011] FS: 0000000000000000(0000) GS:ffff88017fc00000(0000) knlGS:0000000000000000
+[ 2189.435022] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
+[ 2189.435030] CR2: 00007f678d94b000 CR3: 000000003f41a000 CR4: 00000000001007f0
+[ 2189.435039] Stack:
+[ 2189.435044] ffff88017a2bfda8 ffff88017a9678e8 646464647a2bfdd8 0000000006e09574
+[ 2189.435060] 0000000000000000 ffff88017a088b80 ffff88017a921000 ffffffffbe8a2a53
+[ 2189.435074] ffff88017a2bfe08 ffffffffbe8a2a73 ffff88017a0b6d80 0000000006e09574
+[ 2189.435089] Call Trace:
+[ 2189.435101] [<ffffffffbe8a2a53>] ? irq_thread_dtor+0xa9/0xa9
+[ 2189.435112] [<ffffffffbe8a2a73>] irq_thread_fn+0x20/0x40
+[ 2189.435123] [<ffffffffbe8a2be1>] irq_thread+0x14e/0x222
+[ 2189.435135] [<ffffffffbee8cbeb>] ? __schedule+0x3b3/0x57a
+[ 2189.435145] [<ffffffffbe8a29aa>] ? wake_threads_waitq+0x2d/0x2d
+[ 2189.435156] [<ffffffffbe8a2a93>] ? irq_thread_fn+0x40/0x40
+[ 2189.435168] [<ffffffffbe87c385>] kthread+0x10e/0x116
+[ 2189.435178] [<ffffffffbe87c277>] ? __kthread_parkme+0x67/0x67
+[ 2189.435189] [<ffffffffbee900ac>] ret_from_fork+0x7c/0xb0
+[ 2189.435199] [<ffffffffbe87c277>] ? __kthread_parkme+0x67/0x67
+[ 2189.435208] Code: ff ff eb 73 0f b6 bb c1 00 00 00 83 ff 03 7e 13 49 8d 7c
+24 20 ba 04 00 00 00 48 c7 c6 8a cd 21 bf eb 4d 0f b6 83 c2 00 00 00 99 <f7> ff
+83 f8 37 75 15 48 6b f7 37 4c 8d a3 c4 00 00 00 4c 8d ac
+[ 2189.435312] RIP [<ffffffffbecc48d5>] elants_i2c_irq+0x190/0x200
+[ 2189.435323] RSP <ffff88017a2bfd98>
+[ 2189.435350] ---[ end trace f4945345a75d96dd ]---
+[ 2189.443841] Kernel panic - not syncing: Fatal exception
+[ 2189.444307] Kernel Offset: 0x3d800000 from 0xffffffff81000000
+ (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
+[ 2189.444519] gsmi: Log Shutdown Reason 0x02
+
+The problem was seen with a 3.18 based kernel, but there is no reason
+to believe that the upstream code is safe.
+
+Fixes: 66aee90088da2 ("Input: add support for Elan eKTH I2C touchscreens")
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/input/touchscreen/elants_i2c.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/input/touchscreen/elants_i2c.c
++++ b/drivers/input/touchscreen/elants_i2c.c
+@@ -905,9 +905,9 @@ static irqreturn_t elants_i2c_irq(int ir
+
+ case QUEUE_HEADER_NORMAL:
+ report_count = ts->buf[FW_HDR_COUNT];
+- if (report_count > 3) {
++ if (report_count == 0 || report_count > 3) {
+ dev_err(&client->dev,
+- "too large report count: %*ph\n",
++ "bad report count: %*ph\n",
+ HEADER_SIZE, ts->buf);
+ break;
+ }
--- /dev/null
+From 3895dbf8985f656675b5bde610723a29cbce3fa7 Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Tue, 3 Jan 2017 14:18:43 +1300
+Subject: mnt: Protect the mountpoint hashtable with mount_lock
+
+From: Eric W. Biederman <ebiederm@xmission.com>
+
+commit 3895dbf8985f656675b5bde610723a29cbce3fa7 upstream.
+
+Protecting the mountpoint hashtable with namespace_sem was sufficient
+until a call to umount_mnt was added to mntput_no_expire. At which
+point it became possible for multiple calls of put_mountpoint on
+the same hash chain to happen on the same time.
+
+Kristen Johansen <kjlx@templeofstupid.com> reported:
+> This can cause a panic when simultaneous callers of put_mountpoint
+> attempt to free the same mountpoint. This occurs because some callers
+> hold the mount_hash_lock, while others hold the namespace lock. Some
+> even hold both.
+>
+> In this submitter's case, the panic manifested itself as a GP fault in
+> put_mountpoint() when it called hlist_del() and attempted to dereference
+> a m_hash.pprev that had been poisioned by another thread.
+
+Al Viro observed that the simple fix is to switch from using the namespace_sem
+to the mount_lock to protect the mountpoint hash table.
+
+I have taken Al's suggested patch moved put_mountpoint in pivot_root
+(instead of taking mount_lock an additional time), and have replaced
+new_mountpoint with get_mountpoint a function that does the hash table
+lookup and addition under the mount_lock. The introduction of get_mounptoint
+ensures that only the mount_lock is needed to manipulate the mountpoint
+hashtable.
+
+d_set_mounted is modified to only set DCACHE_MOUNTED if it is not
+already set. This allows get_mountpoint to use the setting of
+DCACHE_MOUNTED to ensure adding a struct mountpoint for a dentry
+happens exactly once.
+
+Fixes: ce07d891a089 ("mnt: Honor MNT_LOCKED when detaching mounts")
+Reported-by: Krister Johansen <kjlx@templeofstupid.com>
+Suggested-by: Al Viro <viro@ZenIV.linux.org.uk>
+Acked-by: Al Viro <viro@ZenIV.linux.org.uk>
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/dcache.c | 7 ++++--
+ fs/namespace.c | 64 ++++++++++++++++++++++++++++++++++++++++-----------------
+ 2 files changed, 50 insertions(+), 21 deletions(-)
+
+--- a/fs/dcache.c
++++ b/fs/dcache.c
+@@ -1322,8 +1322,11 @@ int d_set_mounted(struct dentry *dentry)
+ }
+ spin_lock(&dentry->d_lock);
+ if (!d_unlinked(dentry)) {
+- dentry->d_flags |= DCACHE_MOUNTED;
+- ret = 0;
++ ret = -EBUSY;
++ if (!d_mountpoint(dentry)) {
++ dentry->d_flags |= DCACHE_MOUNTED;
++ ret = 0;
++ }
+ }
+ spin_unlock(&dentry->d_lock);
+ out:
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -743,26 +743,50 @@ static struct mountpoint *lookup_mountpo
+ return NULL;
+ }
+
+-static struct mountpoint *new_mountpoint(struct dentry *dentry)
++static struct mountpoint *get_mountpoint(struct dentry *dentry)
+ {
+- struct hlist_head *chain = mp_hash(dentry);
+- struct mountpoint *mp;
++ struct mountpoint *mp, *new = NULL;
+ int ret;
+
+- mp = kmalloc(sizeof(struct mountpoint), GFP_KERNEL);
+- if (!mp)
++ if (d_mountpoint(dentry)) {
++mountpoint:
++ read_seqlock_excl(&mount_lock);
++ mp = lookup_mountpoint(dentry);
++ read_sequnlock_excl(&mount_lock);
++ if (mp)
++ goto done;
++ }
++
++ if (!new)
++ new = kmalloc(sizeof(struct mountpoint), GFP_KERNEL);
++ if (!new)
+ return ERR_PTR(-ENOMEM);
+
++
++ /* Exactly one processes may set d_mounted */
+ ret = d_set_mounted(dentry);
+- if (ret) {
+- kfree(mp);
+- return ERR_PTR(ret);
+- }
+
+- mp->m_dentry = dentry;
+- mp->m_count = 1;
+- hlist_add_head(&mp->m_hash, chain);
+- INIT_HLIST_HEAD(&mp->m_list);
++ /* Someone else set d_mounted? */
++ if (ret == -EBUSY)
++ goto mountpoint;
++
++ /* The dentry is not available as a mountpoint? */
++ mp = ERR_PTR(ret);
++ if (ret)
++ goto done;
++
++ /* Add the new mountpoint to the hash table */
++ read_seqlock_excl(&mount_lock);
++ new->m_dentry = dentry;
++ new->m_count = 1;
++ hlist_add_head(&new->m_hash, mp_hash(dentry));
++ INIT_HLIST_HEAD(&new->m_list);
++ read_sequnlock_excl(&mount_lock);
++
++ mp = new;
++ new = NULL;
++done:
++ kfree(new);
+ return mp;
+ }
+
+@@ -1557,11 +1581,11 @@ void __detach_mounts(struct dentry *dent
+ struct mount *mnt;
+
+ namespace_lock();
++ lock_mount_hash();
+ mp = lookup_mountpoint(dentry);
+ if (IS_ERR_OR_NULL(mp))
+ goto out_unlock;
+
+- lock_mount_hash();
+ event++;
+ while (!hlist_empty(&mp->m_list)) {
+ mnt = hlist_entry(mp->m_list.first, struct mount, mnt_mp_list);
+@@ -1571,9 +1595,9 @@ void __detach_mounts(struct dentry *dent
+ }
+ else umount_tree(mnt, UMOUNT_CONNECTED);
+ }
+- unlock_mount_hash();
+ put_mountpoint(mp);
+ out_unlock:
++ unlock_mount_hash();
+ namespace_unlock();
+ }
+
+@@ -1962,9 +1986,7 @@ retry:
+ namespace_lock();
+ mnt = lookup_mnt(path);
+ if (likely(!mnt)) {
+- struct mountpoint *mp = lookup_mountpoint(dentry);
+- if (!mp)
+- mp = new_mountpoint(dentry);
++ struct mountpoint *mp = get_mountpoint(dentry);
+ if (IS_ERR(mp)) {
+ namespace_unlock();
+ mutex_unlock(&dentry->d_inode->i_mutex);
+@@ -1983,7 +2005,11 @@ retry:
+ static void unlock_mount(struct mountpoint *where)
+ {
+ struct dentry *dentry = where->m_dentry;
++
++ read_seqlock_excl(&mount_lock);
+ put_mountpoint(where);
++ read_sequnlock_excl(&mount_lock);
++
+ namespace_unlock();
+ mutex_unlock(&dentry->d_inode->i_mutex);
+ }
+@@ -3055,9 +3081,9 @@ SYSCALL_DEFINE2(pivot_root, const char _
+ touch_mnt_namespace(current->nsproxy->mnt_ns);
+ /* A moved mount should not expire automatically */
+ list_del_init(&new_mnt->mnt_expire);
++ put_mountpoint(root_mp);
+ unlock_mount_hash();
+ chroot_fs_refs(&root, &new);
+- put_mountpoint(root_mp);
+ error = 0;
+ out4:
+ unlock_mount(old_mp);
usb-serial-ch341-fix-open-error-handling.patch
usb-serial-ch341-fix-control-message-error-handling.patch
usb-serial-ch341-fix-open-and-resume-after-b0.patch
+input-elants_i2c-avoid-divide-by-0-errors-on-bad-touchscreen-data.patch
+i2c-print-correct-device-invalid-address.patch
+i2c-fix-kernel-memory-disclosure-in-dev-interface.patch
+xhci-fix-deadlock-at-host-remove-by-running-watchdog-correctly.patch
+vme-fix-wrong-pointer-utilization-in-ca91cx42_slave_get.patch
+mnt-protect-the-mountpoint-hashtable-with-mount_lock.patch
--- /dev/null
+From c8a6a09c1c617402cc9254b2bc8da359a0347d75 Mon Sep 17 00:00:00 2001
+From: Augusto Mecking Caringi <augustocaringi@gmail.com>
+Date: Tue, 10 Jan 2017 10:45:00 +0000
+Subject: vme: Fix wrong pointer utilization in ca91cx42_slave_get
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Augusto Mecking Caringi <augustocaringi@gmail.com>
+
+commit c8a6a09c1c617402cc9254b2bc8da359a0347d75 upstream.
+
+In ca91cx42_slave_get function, the value pointed by vme_base pointer is
+set through:
+
+*vme_base = ioread32(bridge->base + CA91CX42_VSI_BS[i]);
+
+So it must be dereferenced to be used in calculation of pci_base:
+
+*pci_base = (dma_addr_t)*vme_base + pci_offset;
+
+This bug was caught thanks to the following gcc warning:
+
+drivers/vme/bridges/vme_ca91cx42.c: In function ‘ca91cx42_slave_get’:
+drivers/vme/bridges/vme_ca91cx42.c:467:14: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
+*pci_base = (dma_addr_t)vme_base + pci_offset;
+
+Signed-off-by: Augusto Mecking Caringi <augustocaringi@gmail.com>
+Acked-By: Martyn Welch <martyn@welchs.me.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/vme/bridges/vme_ca91cx42.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/vme/bridges/vme_ca91cx42.c
++++ b/drivers/vme/bridges/vme_ca91cx42.c
+@@ -467,7 +467,7 @@ static int ca91cx42_slave_get(struct vme
+ vme_bound = ioread32(bridge->base + CA91CX42_VSI_BD[i]);
+ pci_offset = ioread32(bridge->base + CA91CX42_VSI_TO[i]);
+
+- *pci_base = (dma_addr_t)vme_base + pci_offset;
++ *pci_base = (dma_addr_t)*vme_base + pci_offset;
+ *size = (unsigned long long)((vme_bound - *vme_base) + granularity);
+
+ *enabled = 0;
--- /dev/null
+From d6169d04097fd9ddf811e63eae4e5cd71e6666e2 Mon Sep 17 00:00:00 2001
+From: Mathias Nyman <mathias.nyman@linux.intel.com>
+Date: Wed, 11 Jan 2017 17:10:34 +0200
+Subject: xhci: fix deadlock at host remove by running watchdog correctly
+
+From: Mathias Nyman <mathias.nyman@linux.intel.com>
+
+commit d6169d04097fd9ddf811e63eae4e5cd71e6666e2 upstream.
+
+If a URB is killed while the host is removed we can end up in a situation
+where the hub thread takes the roothub device lock, and waits for
+the URB to be given back by xhci-hcd, blocking the host remove code.
+
+xhci-hcd tries to stop the endpoint and give back the urb, but can't
+as the host is removed from PCI bus at the same time, preventing the normal
+way of giving back urb.
+
+Instead we need to rely on the stop command timeout function to give back
+the urb. This xhci_stop_endpoint_command_watchdog() timeout function
+used a XHCI_STATE_DYING flag to indicate if the timeout function is already
+running, but later this flag has been taking into use in other places to
+mark that xhci is dying.
+
+Remove checks for XHCI_STATE_DYING in xhci_urb_dequeue. We are still
+checking that reading from pci state does not return 0xffffffff or that
+host is not halted before trying to stop the endpoint.
+
+This whole area of stopping endpoints, giving back URBs, and the wathdog
+timeout need rework, this fix focuses on solving a specific deadlock
+issue that we can then send to stable before any major rework.
+
+Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/host/xhci-ring.c | 11 -----------
+ drivers/usb/host/xhci.c | 13 -------------
+ 2 files changed, 24 deletions(-)
+
+--- a/drivers/usb/host/xhci-ring.c
++++ b/drivers/usb/host/xhci-ring.c
+@@ -913,17 +913,6 @@ void xhci_stop_endpoint_command_watchdog
+ spin_lock_irqsave(&xhci->lock, flags);
+
+ ep->stop_cmds_pending--;
+- if (xhci->xhc_state & XHCI_STATE_REMOVING) {
+- spin_unlock_irqrestore(&xhci->lock, flags);
+- return;
+- }
+- if (xhci->xhc_state & XHCI_STATE_DYING) {
+- xhci_dbg_trace(xhci, trace_xhci_dbg_cancel_urb,
+- "Stop EP timer ran, but another timer marked "
+- "xHCI as DYING, exiting.");
+- spin_unlock_irqrestore(&xhci->lock, flags);
+- return;
+- }
+ if (!(ep->stop_cmds_pending == 0 && (ep->ep_state & EP_HALT_PENDING))) {
+ xhci_dbg_trace(xhci, trace_xhci_dbg_cancel_urb,
+ "Stop EP timer ran, but no command pending, "
+--- a/drivers/usb/host/xhci.c
++++ b/drivers/usb/host/xhci.c
+@@ -1569,19 +1569,6 @@ int xhci_urb_dequeue(struct usb_hcd *hcd
+ xhci_urb_free_priv(urb_priv);
+ return ret;
+ }
+- if ((xhci->xhc_state & XHCI_STATE_DYING) ||
+- (xhci->xhc_state & XHCI_STATE_HALTED)) {
+- xhci_dbg_trace(xhci, trace_xhci_dbg_cancel_urb,
+- "Ep 0x%x: URB %p to be canceled on "
+- "non-responsive xHCI host.",
+- urb->ep->desc.bEndpointAddress, urb);
+- /* Let the stop endpoint command watchdog timer (which set this
+- * state) finish cleaning up the endpoint TD lists. We must
+- * have caught it in the middle of dropping a lock and giving
+- * back an URB.
+- */
+- goto done;
+- }
+
+ ep_index = xhci_get_endpoint_index(&urb->ep->desc);
+ ep = &xhci->devs[urb->dev->slot_id]->eps[ep_index];
projects / thirdparty / kernel / stable-queue.git / commitdiff
