--- /dev/null
+From ad5b205f9e022b407d91f952faddd05718be2866 Mon Sep 17 00:00:00 2001
+From: Lianqin Hu <hulianqin@vivo.com>
+Date: Wed, 15 Jan 2025 09:32:35 +0000
+Subject: ALSA: usb-audio: Add delay quirk for USB Audio Device
+
+From: Lianqin Hu <hulianqin@vivo.com>
+
+commit ad5b205f9e022b407d91f952faddd05718be2866 upstream.
+
+Audio control requests that sets sampling frequency sometimes fail on
+this card. Adding delay between control messages eliminates that problem.
+
+usb 1-1: New USB device found, idVendor=0d8c, idProduct=0014
+usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
+usb 1-1: Product: USB Audio Device
+usb 1-1: Manufacturer: C-Media Electronics Inc.
+
+Signed-off-by: Lianqin Hu <hulianqin@vivo.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Link: https://patch.msgid.link/TYUPR06MB6217E94D922B9BF422A73F32D2192@TYUPR06MB6217.apcprd06.prod.outlook.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/quirks.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/sound/usb/quirks.c
++++ b/sound/usb/quirks.c
+@@ -2137,6 +2137,8 @@ static const struct usb_audio_quirk_flag
+ QUIRK_FLAG_CTL_MSG_DELAY_1M),
+ DEVICE_FLG(0x0c45, 0x6340, /* Sonix HD USB Camera */
+ QUIRK_FLAG_GET_SAMPLE_RATE),
++ DEVICE_FLG(0x0d8c, 0x0014, /* USB Audio Device */
++ QUIRK_FLAG_CTL_MSG_DELAY_1M),
+ DEVICE_FLG(0x0ecb, 0x205c, /* JBL Quantum610 Wireless */
+ QUIRK_FLAG_FIXED_RATE),
+ DEVICE_FLG(0x0ecb, 0x2069, /* JBL Quantum810 Wireless */
--- /dev/null
+From 907bc9268a5a9f823ffa751957a5c1dd59f83f42 Mon Sep 17 00:00:00 2001
+From: Mark Pearson <mpearson-lenovo@squebb.ca>
+Date: Mon, 20 Jan 2025 20:24:08 -0800
+Subject: Input: atkbd - map F23 key to support default copilot shortcut
+
+From: Mark Pearson <mpearson-lenovo@squebb.ca>
+
+commit 907bc9268a5a9f823ffa751957a5c1dd59f83f42 upstream.
+
+Microsoft defined Meta+Shift+F23 as the Copilot shortcut instead of a
+dedicated keycode, and multiple vendors have their keyboards emit this
+sequence in response to users pressing a dedicated "Copilot" key.
+Unfortunately the default keymap table in atkbd does not map scancode
+0x6e (F23) and so the key combination does not work even if userspace
+is ready to handle it.
+
+Because this behavior is common between multiple vendors and the
+scancode is currently unused map 0x6e to keycode 193 (KEY_F23) so that
+key sequence is generated properly.
+
+MS documentation for the scan code:
+https://learn.microsoft.com/en-us/windows/win32/inputdev/about-keyboard-input#scan-codes
+Confirmed on Lenovo, HP and Dell machines by Canonical.
+Tested on Lenovo T14s G6 AMD.
+
+Signed-off-by: Mark Pearson <mpearson-lenovo@squebb.ca>
+Link: https://lore.kernel.org/r/20250107034554.25843-1-mpearson-lenovo@squebb.ca
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/input/keyboard/atkbd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/input/keyboard/atkbd.c
++++ b/drivers/input/keyboard/atkbd.c
+@@ -89,7 +89,7 @@ static const unsigned short atkbd_set2_k
+ 0, 46, 45, 32, 18, 5, 4, 95, 0, 57, 47, 33, 20, 19, 6,183,
+ 0, 49, 48, 35, 34, 21, 7,184, 0, 0, 50, 36, 22, 8, 9,185,
+ 0, 51, 37, 23, 24, 11, 10, 0, 0, 52, 53, 38, 39, 25, 12, 0,
+- 0, 89, 40, 0, 26, 13, 0, 0, 58, 54, 28, 27, 0, 43, 0, 85,
++ 0, 89, 40, 0, 26, 13, 0,193, 58, 54, 28, 27, 0, 43, 0, 85,
+ 0, 86, 91, 90, 92, 0, 14, 94, 0, 79,124, 75, 71,121, 0, 0,
+ 82, 83, 80, 76, 77, 72, 1, 69, 87, 78, 81, 74, 55, 73, 70, 99,
+
--- /dev/null
+From 222f3390c15c4452a9f7e26f5b7d9138e75d00d5 Mon Sep 17 00:00:00 2001
+From: Jack Greiner <jack@emoss.org>
+Date: Fri, 17 Jan 2025 16:51:58 -0800
+Subject: Input: xpad - add support for wooting two he (arm)
+
+From: Jack Greiner <jack@emoss.org>
+
+commit 222f3390c15c4452a9f7e26f5b7d9138e75d00d5 upstream.
+
+Add Wooting Two HE (ARM) to the list of supported devices.
+
+Signed-off-by: Jack Greiner <jack@emoss.org>
+Signed-off-by: Pavel Rojtberg <rojtberg@gmail.com>
+Link: https://lore.kernel.org/r/20250107192830.414709-3-rojtberg@gmail.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/input/joystick/xpad.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/input/joystick/xpad.c
++++ b/drivers/input/joystick/xpad.c
+@@ -367,6 +367,7 @@ static const struct xpad_device {
+ { 0x31e3, 0x1200, "Wooting Two", 0, XTYPE_XBOX360 },
+ { 0x31e3, 0x1210, "Wooting Lekker", 0, XTYPE_XBOX360 },
+ { 0x31e3, 0x1220, "Wooting Two HE", 0, XTYPE_XBOX360 },
++ { 0x31e3, 0x1230, "Wooting Two HE (ARM)", 0, XTYPE_XBOX360 },
+ { 0x31e3, 0x1300, "Wooting 60HE (AVR)", 0, XTYPE_XBOX360 },
+ { 0x31e3, 0x1310, "Wooting 60HE (ARM)", 0, XTYPE_XBOX360 },
+ { 0x3285, 0x0607, "Nacon GC-100", 0, XTYPE_XBOX360 },
--- /dev/null
+From e4940fe6322c851659c17852b671c6e7b1aa9f56 Mon Sep 17 00:00:00 2001
+From: Nilton Perim Neto <niltonperimneto@gmail.com>
+Date: Fri, 17 Jan 2025 09:34:18 -0800
+Subject: Input: xpad - add unofficial Xbox 360 wireless receiver clone
+
+From: Nilton Perim Neto <niltonperimneto@gmail.com>
+
+commit e4940fe6322c851659c17852b671c6e7b1aa9f56 upstream.
+
+Although it mimics the Microsoft's VendorID, it is in fact a clone.
+Taking into account that the original Microsoft Receiver is not being
+manufactured anymore, this drive can solve dpad issues encontered by
+those who still use the original 360 Wireless controller
+but are using a receiver clone.
+
+Signed-off-by: Nilton Perim Neto <niltonperimneto@gmail.com>
+Signed-off-by: Pavel Rojtberg <rojtberg@gmail.com>
+Link: https://lore.kernel.org/r/20250107192830.414709-12-rojtberg@gmail.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/input/joystick/xpad.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/input/joystick/xpad.c
++++ b/drivers/input/joystick/xpad.c
+@@ -145,6 +145,7 @@ static const struct xpad_device {
+ { 0x045e, 0x028e, "Microsoft X-Box 360 pad", 0, XTYPE_XBOX360 },
+ { 0x045e, 0x028f, "Microsoft X-Box 360 pad v2", 0, XTYPE_XBOX360 },
+ { 0x045e, 0x0291, "Xbox 360 Wireless Receiver (XBOX)", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX360W },
++ { 0x045e, 0x02a9, "Xbox 360 Wireless Receiver (Unofficial)", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX360W },
+ { 0x045e, 0x02d1, "Microsoft X-Box One pad", 0, XTYPE_XBOXONE },
+ { 0x045e, 0x02dd, "Microsoft X-Box One pad (Firmware 2015)", 0, XTYPE_XBOXONE },
+ { 0x045e, 0x02e3, "Microsoft X-Box One Elite pad", MAP_PADDLES, XTYPE_XBOXONE },
--- /dev/null
+From 086fd062bc3883ae1ce4166cff5355db315ad879 Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Fri, 17 Jan 2025 09:17:12 +0100
+Subject: Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null"
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+commit 086fd062bc3883ae1ce4166cff5355db315ad879 upstream.
+
+This reverts commit 13014969cbf07f18d62ceea40bd8ca8ec9d36cec.
+
+It is reported to cause crashes on Tegra systems, so revert it for now.
+
+Link: https://lore.kernel.org/r/1037c1ad-9230-4181-b9c3-167dbaa47644@nvidia.com
+Reported-by: Jon Hunter <jonathanh@nvidia.com>
+Cc: stable <stable@kernel.org>
+Cc: Lianqin Hu <hulianqin@vivo.com>
+Link: https://lore.kernel.org/r/2025011711-yippee-fever-a737@gregkh
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/gadget/function/u_serial.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/usb/gadget/function/u_serial.c
++++ b/drivers/usb/gadget/function/u_serial.c
+@@ -1393,10 +1393,6 @@ void gserial_disconnect(struct gserial *
+ /* REVISIT as above: how best to track this? */
+ port->port_line_coding = gser->port_line_coding;
+
+- /* disable endpoints, aborting down any active I/O */
+- usb_ep_disable(gser->out);
+- usb_ep_disable(gser->in);
+-
+ port->port_usb = NULL;
+ gser->ioport = NULL;
+ if (port->port.count > 0) {
+@@ -1408,6 +1404,10 @@ void gserial_disconnect(struct gserial *
+ spin_unlock(&port->port_lock);
+ spin_unlock_irqrestore(&serial_port_lock, flags);
+
++ /* disable endpoints, aborting down any active I/O */
++ usb_ep_disable(gser->out);
++ usb_ep_disable(gser->in);
++
+ /* finally, free any unused/unusable I/O buffers */
+ spin_lock_irqsave(&port->port_lock, flags);
+ if (port->port.count == 0)
ipv4-ip_tunnel-fix-suspicious-rcu-usage-warning-in-ip_tunnel_find.patch
scsi-storvsc-ratelimit-warning-logs-to-prevent-vm-denial-of-service.patch
wifi-iwlwifi-add-a-few-rate-index-validity-checks.patch
+smb-client-fix-uaf-in-async-decryption.patch
+usb-serial-quatech2-fix-null-ptr-deref-in-qt2_process_read_urb.patch
+revert-usb-gadget-u_serial-disable-ep-before-setting-port-to-null-to-fix-the-crash-caused-by-port-being-null.patch
+alsa-usb-audio-add-delay-quirk-for-usb-audio-device.patch
+input-atkbd-map-f23-key-to-support-default-copilot-shortcut.patch
+input-xpad-add-unofficial-xbox-360-wireless-receiver-clone.patch
+input-xpad-add-support-for-wooting-two-he-arm.patch
--- /dev/null
+From b0abcd65ec545701b8793e12bc27dc98042b151a Mon Sep 17 00:00:00 2001
+From: Enzo Matsumiya <ematsumiya@suse.de>
+Date: Thu, 26 Sep 2024 14:46:13 -0300
+Subject: smb: client: fix UAF in async decryption
+
+From: Enzo Matsumiya <ematsumiya@suse.de>
+
+commit b0abcd65ec545701b8793e12bc27dc98042b151a upstream.
+
+Doing an async decryption (large read) crashes with a
+slab-use-after-free way down in the crypto API.
+
+Reproducer:
+ # mount.cifs -o ...,seal,esize=1 //srv/share /mnt
+ # dd if=/mnt/largefile of=/dev/null
+ ...
+ [ 194.196391] ==================================================================
+ [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110
+ [ 194.197269] Read of size 8 at addr ffff888112bd0448 by task kworker/u77:2/899
+ [ 194.197707]
+ [ 194.197818] CPU: 12 UID: 0 PID: 899 Comm: kworker/u77:2 Not tainted 6.11.0-lku-00028-gfca3ca14a17a-dirty #43
+ [ 194.198400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.2-3-gd478f380-prebuilt.qemu.org 04/01/2014
+ [ 194.199046] Workqueue: smb3decryptd smb2_decrypt_offload [cifs]
+ [ 194.200032] Call Trace:
+ [ 194.200191] <TASK>
+ [ 194.200327] dump_stack_lvl+0x4e/0x70
+ [ 194.200558] ? gf128mul_4k_lle+0xc1/0x110
+ [ 194.200809] print_report+0x174/0x505
+ [ 194.201040] ? __pfx__raw_spin_lock_irqsave+0x10/0x10
+ [ 194.201352] ? srso_return_thunk+0x5/0x5f
+ [ 194.201604] ? __virt_addr_valid+0xdf/0x1c0
+ [ 194.201868] ? gf128mul_4k_lle+0xc1/0x110
+ [ 194.202128] kasan_report+0xc8/0x150
+ [ 194.202361] ? gf128mul_4k_lle+0xc1/0x110
+ [ 194.202616] gf128mul_4k_lle+0xc1/0x110
+ [ 194.202863] ghash_update+0x184/0x210
+ [ 194.203103] shash_ahash_update+0x184/0x2a0
+ [ 194.203377] ? __pfx_shash_ahash_update+0x10/0x10
+ [ 194.203651] ? srso_return_thunk+0x5/0x5f
+ [ 194.203877] ? crypto_gcm_init_common+0x1ba/0x340
+ [ 194.204142] gcm_hash_assoc_remain_continue+0x10a/0x140
+ [ 194.204434] crypt_message+0xec1/0x10a0 [cifs]
+ [ 194.206489] ? __pfx_crypt_message+0x10/0x10 [cifs]
+ [ 194.208507] ? srso_return_thunk+0x5/0x5f
+ [ 194.209205] ? srso_return_thunk+0x5/0x5f
+ [ 194.209925] ? srso_return_thunk+0x5/0x5f
+ [ 194.210443] ? srso_return_thunk+0x5/0x5f
+ [ 194.211037] decrypt_raw_data+0x15f/0x250 [cifs]
+ [ 194.212906] ? __pfx_decrypt_raw_data+0x10/0x10 [cifs]
+ [ 194.214670] ? srso_return_thunk+0x5/0x5f
+ [ 194.215193] smb2_decrypt_offload+0x12a/0x6c0 [cifs]
+
+This is because TFM is being used in parallel.
+
+Fix this by allocating a new AEAD TFM for async decryption, but keep
+the existing one for synchronous READ cases (similar to what is done
+in smb3_calc_signature()).
+
+Also remove the calls to aead_request_set_callback() and
+crypto_wait_req() since it's always going to be a synchronous operation.
+
+Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/client/smb2ops.c | 47 ++++++++++++++++++++++++++++-------------------
+ fs/smb/client/smb2pdu.c | 6 ++++++
+ 2 files changed, 34 insertions(+), 19 deletions(-)
+
+--- a/fs/smb/client/smb2ops.c
++++ b/fs/smb/client/smb2ops.c
+@@ -4488,7 +4488,7 @@ smb2_get_enc_key(struct TCP_Server_Info
+ */
+ static int
+ crypt_message(struct TCP_Server_Info *server, int num_rqst,
+- struct smb_rqst *rqst, int enc)
++ struct smb_rqst *rqst, int enc, struct crypto_aead *tfm)
+ {
+ struct smb2_transform_hdr *tr_hdr =
+ (struct smb2_transform_hdr *)rqst[0].rq_iov[0].iov_base;
+@@ -4499,8 +4499,6 @@ crypt_message(struct TCP_Server_Info *se
+ u8 key[SMB3_ENC_DEC_KEY_SIZE];
+ struct aead_request *req;
+ u8 *iv;
+- DECLARE_CRYPTO_WAIT(wait);
+- struct crypto_aead *tfm;
+ unsigned int crypt_len = le32_to_cpu(tr_hdr->OriginalMessageSize);
+ void *creq;
+
+@@ -4511,14 +4509,6 @@ crypt_message(struct TCP_Server_Info *se
+ return rc;
+ }
+
+- rc = smb3_crypto_aead_allocate(server);
+- if (rc) {
+- cifs_server_dbg(VFS, "%s: crypto alloc failed\n", __func__);
+- return rc;
+- }
+-
+- tfm = enc ? server->secmech.enc : server->secmech.dec;
+-
+ if ((server->cipher_type == SMB2_ENCRYPTION_AES256_CCM) ||
+ (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
+ rc = crypto_aead_setkey(tfm, key, SMB3_GCM256_CRYPTKEY_SIZE);
+@@ -4557,11 +4547,7 @@ crypt_message(struct TCP_Server_Info *se
+ aead_request_set_crypt(req, sg, sg, crypt_len, iv);
+ aead_request_set_ad(req, assoc_data_len);
+
+- aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
+- crypto_req_done, &wait);
+-
+- rc = crypto_wait_req(enc ? crypto_aead_encrypt(req)
+- : crypto_aead_decrypt(req), &wait);
++ rc = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
+
+ if (!rc && enc)
+ memcpy(&tr_hdr->Signature, sign, SMB2_SIGNATURE_SIZE);
+@@ -4650,7 +4636,7 @@ smb3_init_transform_rq(struct TCP_Server
+ /* fill the 1st iov with a transform header */
+ fill_transform_hdr(tr_hdr, orig_len, old_rq, server->cipher_type);
+
+- rc = crypt_message(server, num_rqst, new_rq, 1);
++ rc = crypt_message(server, num_rqst, new_rq, 1, server->secmech.enc);
+ cifs_dbg(FYI, "Encrypt message returned %d\n", rc);
+ if (rc)
+ goto err_free;
+@@ -4676,8 +4662,9 @@ decrypt_raw_data(struct TCP_Server_Info
+ unsigned int npages, unsigned int page_data_size,
+ bool is_offloaded)
+ {
+- struct kvec iov[2];
++ struct crypto_aead *tfm;
+ struct smb_rqst rqst = {NULL};
++ struct kvec iov[2];
+ int rc;
+
+ iov[0].iov_base = buf;
+@@ -4692,9 +4679,31 @@ decrypt_raw_data(struct TCP_Server_Info
+ rqst.rq_pagesz = PAGE_SIZE;
+ rqst.rq_tailsz = (page_data_size % PAGE_SIZE) ? : PAGE_SIZE;
+
+- rc = crypt_message(server, 1, &rqst, 0);
++ if (is_offloaded) {
++ if ((server->cipher_type == SMB2_ENCRYPTION_AES128_GCM) ||
++ (server->cipher_type == SMB2_ENCRYPTION_AES256_GCM))
++ tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
++ else
++ tfm = crypto_alloc_aead("ccm(aes)", 0, 0);
++ if (IS_ERR(tfm)) {
++ rc = PTR_ERR(tfm);
++ cifs_server_dbg(VFS, "%s: Failed alloc decrypt TFM, rc=%d\n", __func__, rc);
++
++ return rc;
++ }
++ } else {
++ if (unlikely(!server->secmech.dec))
++ return -EIO;
++
++ tfm = server->secmech.dec;
++ }
++
++ rc = crypt_message(server, 1, &rqst, 0, tfm);
+ cifs_dbg(FYI, "Decrypt message returned %d\n", rc);
+
++ if (is_offloaded)
++ crypto_free_aead(tfm);
++
+ if (rc)
+ return rc;
+
+--- a/fs/smb/client/smb2pdu.c
++++ b/fs/smb/client/smb2pdu.c
+@@ -1105,6 +1105,12 @@ SMB2_negotiate(const unsigned int xid,
+ else
+ cifs_server_dbg(VFS, "Missing expected negotiate contexts\n");
+ }
++
++ if (server->cipher_type && !rc) {
++ rc = smb3_crypto_aead_allocate(server);
++ if (rc)
++ cifs_server_dbg(VFS, "%s: crypto alloc failed, rc=%d\n", __func__, rc);
++ }
+ neg_exit:
+ free_rsp_buf(resp_buftype, rsp);
+ return rc;
--- /dev/null
+From 575a5adf48b06a2980c9eeffedf699ed5534fade Mon Sep 17 00:00:00 2001
+From: Qasim Ijaz <qasdev00@gmail.com>
+Date: Mon, 13 Jan 2025 18:00:34 +0000
+Subject: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()
+
+From: Qasim Ijaz <qasdev00@gmail.com>
+
+commit 575a5adf48b06a2980c9eeffedf699ed5534fade upstream.
+
+This patch addresses a null-ptr-deref in qt2_process_read_urb() due to
+an incorrect bounds check in the following:
+
+ if (newport > serial->num_ports) {
+ dev_err(&port->dev,
+ "%s - port change to invalid port: %i\n",
+ __func__, newport);
+ break;
+ }
+
+The condition doesn't account for the valid range of the serial->port
+buffer, which is from 0 to serial->num_ports - 1. When newport is equal
+to serial->num_ports, the assignment of "port" in the
+following code is out-of-bounds and NULL:
+
+ serial_priv->current_port = newport;
+ port = serial->port[serial_priv->current_port];
+
+The fix checks if newport is greater than or equal to serial->num_ports
+indicating it is out-of-bounds.
+
+Reported-by: syzbot <syzbot+506479ebf12fe435d01a@syzkaller.appspotmail.com>
+Closes: https://syzkaller.appspot.com/bug?extid=506479ebf12fe435d01a
+Fixes: f7a33e608d9a ("USB: serial: add quatech2 usb to serial driver")
+Cc: <stable@vger.kernel.org> # 3.5
+Signed-off-by: Qasim Ijaz <qasdev00@gmail.com>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/quatech2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/serial/quatech2.c
++++ b/drivers/usb/serial/quatech2.c
+@@ -511,7 +511,7 @@ static void qt2_process_read_urb(struct
+
+ newport = *(ch + 3);
+
+- if (newport > serial->num_ports) {
++ if (newport >= serial->num_ports) {
+ dev_err(&port->dev,
+ "%s - port change to invalid port: %i\n",
+ __func__, newport);
projects / thirdparty / kernel / stable-queue.git / commitdiff
