6.1-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Tue, 20 Jan 2026 11:07:43 +0000 (12:07 +0100)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Tue, 20 Jan 2026 11:07:43 +0000 (12:07 +0100)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 20 Jan 2026 11:07:43 +0000 (12:07 +0100)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 20 Jan 2026 11:07:43 +0000 (12:07 +0100)
diff --git a/queue-6.1/hid-usbhid-paper-over-wrong-bnumdescriptor-field.patch b/queue-6.1/hid-usbhid-paper-over-wrong-bnumdescriptor-field.patch

new file mode 100644 (file)

index 0000000..3a8218d
--- /dev/null
+++ b/queue-6.1/hid-usbhid-paper-over-wrong-bnumdescriptor-field.patch
@@ -0,0 +1,55 @@
+From f28beb69c51517aec7067dfb2074e7c751542384 Mon Sep 17 00:00:00 2001
+From: Benjamin Tissoires <bentiss@kernel.org>
+Date: Mon, 15 Dec 2025 12:57:21 +0100
+Subject: HID: usbhid: paper over wrong bNumDescriptor field
+
+From: Benjamin Tissoires <bentiss@kernel.org>
+
+commit f28beb69c51517aec7067dfb2074e7c751542384 upstream.
+
+Some faulty devices (ZWO EFWmini) have a wrong optional HID class
+descriptor count compared to the provided length.
+
+Given that we plainly ignore those optional descriptor, we can attempt
+to fix the provided number so we do not lock out those devices.
+
+Signed-off-by: Benjamin Tissoires <bentiss@kernel.org>
+Cc: Salvatore Bonaccorso <carnil@debian.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hid/usbhid/hid-core.c |   17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+--- a/drivers/hid/usbhid/hid-core.c
++++ b/drivers/hid/usbhid/hid-core.c
+@@ -983,6 +983,7 @@ static int usbhid_parse(struct hid_devic
+       struct usb_device *dev = interface_to_usbdev (intf);
+       struct hid_descriptor *hdesc;
+       struct hid_class_descriptor *hcdesc;
++      __u8 fixed_opt_descriptors_size;
+       u32 quirks = 0;
+       unsigned int rsize = 0;
+       char *rdesc;
+@@ -1013,7 +1014,21 @@ static int usbhid_parse(struct hid_devic
+                             (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) {
+               dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n",
+                       hdesc->bLength, hdesc->bNumDescriptors);
+-              return -EINVAL;
++
++              /*
++               * Some devices may expose a wrong number of descriptors compared
++               * to the provided length.
++               * However, we ignore the optional hid class descriptors entirely
++               * so we can safely recompute the proper field.
++               */
++              if (hdesc->bLength >= sizeof(*hdesc)) {
++                      fixed_opt_descriptors_size = hdesc->bLength - sizeof(*hdesc);
++
++                      hid_warn(intf, "fixing wrong optional hid class descriptors count\n");
++                      hdesc->bNumDescriptors = fixed_opt_descriptors_size / sizeof(*hcdesc) + 1;
++              } else {
++                      return -EINVAL;
++              }
+       }
+ 
+       hid->version = le16_to_cpu(hdesc->bcdHID);
diff --git a/queue-6.1/series b/queue-6.1/series

index e0619fdd076a1acdb5b6f91a615734484ed5b053..ac674bea70e145b4d1f5085b55ef6f95f4982918 100644 (file)
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -33,3 +33,4 @@ dmaengine-xilinx_dma-fix-uninitialized-addr_width-wh.patch
  phy-stm32-usphyc-fix-off-by-one-in-probe.patch
  phy-broadcom-ns-usb3-fix-wvoid-pointer-to-enum-cast-.patch
  dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch
+hid-usbhid-paper-over-wrong-bnumdescriptor-field.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 20 Jan 2026 11:07:43 +0000 (12:07 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 20 Jan 2026 11:07:43 +0000 (12:07 +0100)
queue-6.1/hid-usbhid-paper-over-wrong-bnumdescriptor-field.patch	[new file with mode: 0644]	patch \| blob
queue-6.1/series		patch \| blob \| blame \| history