--- /dev/null
+From 67e40054de86aae520ddc2a072d7f6951812a14f Mon Sep 17 00:00:00 2001
+From: Qinglang Miao <miaoqinglang@huawei.com>
+Date: Fri, 15 Jan 2021 10:22:50 +0800
+Subject: ACPI: configfs: add missing check after configfs_register_default_group()
+
+From: Qinglang Miao <miaoqinglang@huawei.com>
+
+commit 67e40054de86aae520ddc2a072d7f6951812a14f upstream.
+
+A list_add corruption is reported by Hulk Robot like this:
+==============
+list_add corruption.
+Call Trace:
+link_obj+0xc0/0x1c0
+link_group+0x21/0x140
+configfs_register_subsystem+0xdb/0x380
+acpi_configfs_init+0x25/0x1000 [acpi_configfs]
+do_one_initcall+0x149/0x820
+do_init_module+0x1ef/0x720
+load_module+0x35c8/0x4380
+__do_sys_finit_module+0x10d/0x1a0
+do_syscall_64+0x34/0x80
+
+It's because of the missing check after configfs_register_default_group,
+where configfs_unregister_subsystem should be called once failure.
+
+Fixes: 612bd01fc6e0 ("ACPI: add support for loading SSDTs via configfs")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Suggested-by: Hanjun Guo <guohanjun@huawei.com>
+Signed-off-by: Qinglang Miao <miaoqinglang@huawei.com>
+Cc: 4.10+ <stable@vger.kernel.org> # 4.10+
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/acpi/acpi_configfs.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/drivers/acpi/acpi_configfs.c
++++ b/drivers/acpi/acpi_configfs.c
+@@ -251,7 +251,12 @@ static int __init acpi_configfs_init(voi
+
+ acpi_table_group = configfs_register_default_group(root, "table",
+ &acpi_tables_type);
+- return PTR_ERR_OR_ZERO(acpi_table_group);
++ if (IS_ERR(acpi_table_group)) {
++ configfs_unregister_subsystem(&acpi_configfs);
++ return PTR_ERR(acpi_table_group);
++ }
++
++ return 0;
+ }
+ module_init(acpi_configfs_init);
+
--- /dev/null
+From 97f433c3601a24d3513d06f575a389a2ca4e11e4 Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Tue, 23 Feb 2021 19:25:30 -0700
+Subject: blk-settings: align max_sectors on "logical_block_size" boundary
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit 97f433c3601a24d3513d06f575a389a2ca4e11e4 upstream.
+
+We get I/O errors when we run md-raid1 on the top of dm-integrity on the
+top of ramdisk.
+device-mapper: integrity: Bio not aligned on 8 sectors: 0xff00, 0xff
+device-mapper: integrity: Bio not aligned on 8 sectors: 0xff00, 0xff
+device-mapper: integrity: Bio not aligned on 8 sectors: 0xffff, 0x1
+device-mapper: integrity: Bio not aligned on 8 sectors: 0xffff, 0x1
+device-mapper: integrity: Bio not aligned on 8 sectors: 0x8048, 0xff
+device-mapper: integrity: Bio not aligned on 8 sectors: 0x8147, 0xff
+device-mapper: integrity: Bio not aligned on 8 sectors: 0x8246, 0xff
+device-mapper: integrity: Bio not aligned on 8 sectors: 0x8345, 0xbb
+
+The ramdisk device has logical_block_size 512 and max_sectors 255. The
+dm-integrity device uses logical_block_size 4096 and it doesn't affect the
+"max_sectors" value - thus, it inherits 255 from the ramdisk. So, we have
+a device with max_sectors not aligned on logical_block_size.
+
+The md-raid device sees that the underlying leg has max_sectors 255 and it
+will split the bios on 255-sector boundary, making the bios unaligned on
+logical_block_size.
+
+In order to fix the bug, we round down max_sectors to logical_block_size.
+
+Cc: stable@vger.kernel.org
+Reviewed-by: Ming Lei <ming.lei@redhat.com>
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ block/blk-settings.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/block/blk-settings.c
++++ b/block/blk-settings.c
+@@ -494,6 +494,14 @@ void blk_queue_stack_limits(struct reque
+ }
+ EXPORT_SYMBOL(blk_queue_stack_limits);
+
++static unsigned int blk_round_down_sectors(unsigned int sectors, unsigned int lbs)
++{
++ sectors = round_down(sectors, lbs >> SECTOR_SHIFT);
++ if (sectors < PAGE_SIZE >> SECTOR_SHIFT)
++ sectors = PAGE_SIZE >> SECTOR_SHIFT;
++ return sectors;
++}
++
+ /**
+ * blk_stack_limits - adjust queue_limits for stacked devices
+ * @t: the stacking driver limits (top device)
+@@ -606,6 +614,10 @@ int blk_stack_limits(struct queue_limits
+ ret = -1;
+ }
+
++ t->max_sectors = blk_round_down_sectors(t->max_sectors, t->logical_block_size);
++ t->max_hw_sectors = blk_round_down_sectors(t->max_hw_sectors, t->logical_block_size);
++ t->max_dev_sectors = blk_round_down_sectors(t->max_dev_sectors, t->logical_block_size);
++
+ /* Discard alignment and granularity */
+ if (b->discard_granularity) {
+ alignment = queue_limit_discard_alignment(b, start);
--- /dev/null
+From 867ed321f90d06aaba84e2c91de51cd3038825ef Mon Sep 17 00:00:00 2001
+From: Josef Bacik <josef@toxicpanda.com>
+Date: Thu, 14 Jan 2021 14:02:46 -0500
+Subject: btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+commit 867ed321f90d06aaba84e2c91de51cd3038825ef upstream.
+
+While testing my error handling patches, I added a error injection site
+at btrfs_inc_extent_ref, to validate the error handling I added was
+doing the correct thing. However I hit a pretty ugly corruption while
+doing this check, with the following error injection stack trace:
+
+btrfs_inc_extent_ref
+ btrfs_copy_root
+ create_reloc_root
+ btrfs_init_reloc_root
+ btrfs_record_root_in_trans
+ btrfs_start_transaction
+ btrfs_update_inode
+ btrfs_update_time
+ touch_atime
+ file_accessed
+ btrfs_file_mmap
+
+This is because we do not catch the error from btrfs_inc_extent_ref,
+which in practice would be ENOMEM, which means we lose the extent
+references for a root that has already been allocated and inserted,
+which is the problem. Fix this by aborting the transaction if we fail
+to do the reference modification.
+
+CC: stable@vger.kernel.org # 4.4+
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/ctree.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/btrfs/ctree.c
++++ b/fs/btrfs/ctree.c
+@@ -279,9 +279,10 @@ int btrfs_copy_root(struct btrfs_trans_h
+ ret = btrfs_inc_ref(trans, root, cow, 1);
+ else
+ ret = btrfs_inc_ref(trans, root, cow, 0);
+-
+- if (ret)
++ if (ret) {
++ btrfs_abort_transaction(trans, ret);
+ return ret;
++ }
+
+ btrfs_mark_buffer_dirty(cow);
+ *cow_ret = cow;
--- /dev/null
+From 72c9925f87c8b74f36f8e75a4cd93d964538d3ca Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Thu, 4 Feb 2021 14:35:44 +0000
+Subject: btrfs: fix extent buffer leak on failure to copy root
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit 72c9925f87c8b74f36f8e75a4cd93d964538d3ca upstream.
+
+At btrfs_copy_root(), if the call to btrfs_inc_ref() fails we end up
+returning without unlocking and releasing our reference on the extent
+buffer named "cow" we previously allocated with btrfs_alloc_tree_block().
+
+So fix that by unlocking the extent buffer and dropping our reference on
+it before returning.
+
+Fixes: be20aa9dbadc8c ("Btrfs: Add mount option to turn off data cow")
+CC: stable@vger.kernel.org # 4.4+
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/ctree.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/btrfs/ctree.c
++++ b/fs/btrfs/ctree.c
+@@ -280,6 +280,8 @@ int btrfs_copy_root(struct btrfs_trans_h
+ else
+ ret = btrfs_inc_ref(trans, root, cow, 0);
+ if (ret) {
++ btrfs_tree_unlock(cow);
++ free_extent_buffer(cow);
+ btrfs_abort_transaction(trans, ret);
+ return ret;
+ }
--- /dev/null
+From c78a10aebb275c38d0cfccae129a803fe622e305 Mon Sep 17 00:00:00 2001
+From: Josef Bacik <josef@toxicpanda.com>
+Date: Thu, 14 Jan 2021 14:02:42 -0500
+Subject: btrfs: fix reloc root leak with 0 ref reloc roots on recovery
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+commit c78a10aebb275c38d0cfccae129a803fe622e305 upstream.
+
+When recovering a relocation, if we run into a reloc root that has 0
+refs we simply add it to the reloc_control->reloc_roots list, and then
+clean it up later. The problem with this is __del_reloc_root() doesn't
+do anything if the root isn't in the radix tree, which in this case it
+won't be because we never call __add_reloc_root() on the reloc_root.
+
+This exit condition simply isn't correct really. During normal
+operation we can remove ourselves from the rb tree and then we're meant
+to clean up later at merge_reloc_roots() time, and this happens
+correctly. During recovery we're depending on free_reloc_roots() to
+drop our references, but we're short-circuiting.
+
+Fix this by continuing to check if we're on the list and dropping
+ourselves from the reloc_control root list and dropping our reference
+appropriately. Change the corresponding BUG_ON() to an ASSERT() that
+does the correct thing if we aren't in the rb tree.
+
+CC: stable@vger.kernel.org # 4.4+
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/relocation.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/fs/btrfs/relocation.c
++++ b/fs/btrfs/relocation.c
+@@ -1335,9 +1335,7 @@ static void __del_reloc_root(struct btrf
+ RB_CLEAR_NODE(&node->rb_node);
+ }
+ spin_unlock(&rc->reloc_root_tree.lock);
+- if (!node)
+- return;
+- BUG_ON((struct btrfs_root *)node->data != root);
++ ASSERT(!node || (struct btrfs_root *)node->data == root);
+ }
+
+ spin_lock(&root->fs_info->trans_lock);
--- /dev/null
+From 2fd10bcf0310b9525b2af9e1f7aa9ddd87c3772e Mon Sep 17 00:00:00 2001
+From: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
+Date: Tue, 9 Feb 2021 16:26:12 +0600
+Subject: drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
+
+From: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
+
+commit 2fd10bcf0310b9525b2af9e1f7aa9ddd87c3772e upstream.
+
+syzbot found WARNING in qp_broker_alloc[1] in qp_host_alloc_queue()
+when num_pages is 0x100001, giving queue_size + queue_page_size
+bigger than KMALLOC_MAX_SIZE for kzalloc(), resulting order >= MAX_ORDER
+condition.
+
+queue_size + queue_page_size=0x8000d8, where KMALLOC_MAX_SIZE=0x400000.
+
+[1]
+Call Trace:
+ alloc_pages include/linux/gfp.h:547 [inline]
+ kmalloc_order+0x40/0x130 mm/slab_common.c:837
+ kmalloc_order_trace+0x15/0x70 mm/slab_common.c:853
+ kmalloc_large include/linux/slab.h:481 [inline]
+ __kmalloc+0x257/0x330 mm/slub.c:3959
+ kmalloc include/linux/slab.h:557 [inline]
+ kzalloc include/linux/slab.h:682 [inline]
+ qp_host_alloc_queue drivers/misc/vmw_vmci/vmci_queue_pair.c:540 [inline]
+ qp_broker_create drivers/misc/vmw_vmci/vmci_queue_pair.c:1351 [inline]
+ qp_broker_alloc+0x936/0x2740 drivers/misc/vmw_vmci/vmci_queue_pair.c:1739
+
+Reported-by: syzbot+15ec7391f3d6a1a7cc7d@syzkaller.appspotmail.com
+Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
+Link: https://lore.kernel.org/r/20210209102612.2112247-1-snovitoll@gmail.com
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/misc/vmw_vmci/vmci_queue_pair.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/misc/vmw_vmci/vmci_queue_pair.c
++++ b/drivers/misc/vmw_vmci/vmci_queue_pair.c
+@@ -639,6 +639,9 @@ static struct vmci_queue *qp_host_alloc_
+
+ queue_page_size = num_pages * sizeof(*queue->kernel_if->u.h.page);
+
++ if (queue_size + queue_page_size > KMALLOC_MAX_SIZE)
++ return NULL;
++
+ queue = kzalloc(queue_size + queue_page_size, GFP_KERNEL);
+ if (queue) {
+ queue->q_header = NULL;
--- /dev/null
+From b5d6e7ab7fe7d186878142e9fc1a05e4c3b65eb9 Mon Sep 17 00:00:00 2001
+From: Marcos Paulo de Souza <mpdesouza@suse.com>
+Date: Fri, 19 Feb 2021 10:37:13 -0800
+Subject: Input: i8042 - add ASUS Zenbook Flip to noselftest list
+
+From: Marcos Paulo de Souza <mpdesouza@suse.com>
+
+commit b5d6e7ab7fe7d186878142e9fc1a05e4c3b65eb9 upstream.
+
+After commit 77b425399f6d ("Input: i8042 - use chassis info to skip
+selftest on Asus laptops"), all modern Asus laptops have the i8042
+selftest disabled. It has done by using chassys type "10" (laptop).
+
+The Asus Zenbook Flip suffers from similar suspend/resume issues, but
+it _sometimes_ work and sometimes it doesn't. Setting noselftest makes
+it work reliably. In this case, we need to add chassis type "31"
+(convertible) in order to avoid selftest in this device.
+
+Reported-by: Ludvig Norgren Guldhag <ludvigng@gmail.com>
+Signed-off-by: Marcos Paulo de Souza <mpdesouza@suse.com>
+Link: https://lore.kernel.org/r/20210219164638.761-1-mpdesouza@suse.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/input/serio/i8042-x86ia64io.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/input/serio/i8042-x86ia64io.h
++++ b/drivers/input/serio/i8042-x86ia64io.h
+@@ -579,6 +579,10 @@ static const struct dmi_system_id i8042_
+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-CS"),
+ },
++ .matches = {
++ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."),
++ DMI_MATCH(DMI_CHASSIS_TYPE, "31"), /* Convertible Notebook */
++ },
+ },
+ { }
+ };
--- /dev/null
+From 182d679b2298d62bf42bb14b12a8067b8e17b617 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 17 Feb 2021 12:21:10 -0800
+Subject: Input: joydev - prevent potential read overflow in ioctl
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 182d679b2298d62bf42bb14b12a8067b8e17b617 upstream.
+
+The problem here is that "len" might be less than "joydev->nabs" so the
+loops which verfy abspam[i] and keypam[] might read beyond the buffer.
+
+Fixes: 999b874f4aa3 ("Input: joydev - validate axis/button maps before clobbering current ones")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Link: https://lore.kernel.org/r/YCyzR8WvFRw4HWw6@mwanda
+[dtor: additional check for len being even in joydev_handle_JSIOCSBTNMAP]
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/input/joydev.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/drivers/input/joydev.c
++++ b/drivers/input/joydev.c
+@@ -448,7 +448,7 @@ static int joydev_handle_JSIOCSAXMAP(str
+ if (IS_ERR(abspam))
+ return PTR_ERR(abspam);
+
+- for (i = 0; i < joydev->nabs; i++) {
++ for (i = 0; i < len && i < joydev->nabs; i++) {
+ if (abspam[i] > ABS_MAX) {
+ retval = -EINVAL;
+ goto out;
+@@ -472,6 +472,9 @@ static int joydev_handle_JSIOCSBTNMAP(st
+ int i;
+ int retval = 0;
+
++ if (len % sizeof(*keypam))
++ return -EINVAL;
++
+ len = min(len, sizeof(joydev->keypam));
+
+ /* Validate the map. */
+@@ -479,7 +482,7 @@ static int joydev_handle_JSIOCSBTNMAP(st
+ if (IS_ERR(keypam))
+ return PTR_ERR(keypam);
+
+- for (i = 0; i < joydev->nkey; i++) {
++ for (i = 0; i < (len / 2) && i < joydev->nkey; i++) {
+ if (keypam[i] > KEY_MAX || keypam[i] < BTN_MISC) {
+ retval = -EINVAL;
+ goto out;
--- /dev/null
+From fafd320ae51b9c72d371585b2501f86640ea7b7d Mon Sep 17 00:00:00 2001
+From: "jeffrey.lin" <jeffrey.lin@rad-ic.com>
+Date: Tue, 15 Dec 2020 10:50:12 -0800
+Subject: Input: raydium_ts_i2c - do not send zero length
+
+From: jeffrey.lin <jeffrey.lin@rad-ic.com>
+
+commit fafd320ae51b9c72d371585b2501f86640ea7b7d upstream.
+
+Add default write command package to prevent i2c quirk error of zero
+data length as Raydium touch firmware update is executed.
+
+Signed-off-by: jeffrey.lin <jeffrey.lin@rad-ic.com>
+Link: https://lore.kernel.org/r/1608031217-7247-1-git-send-email-jeffrey.lin@raydium.corp-partner.google.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/input/touchscreen/raydium_i2c_ts.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/input/touchscreen/raydium_i2c_ts.c
++++ b/drivers/input/touchscreen/raydium_i2c_ts.c
+@@ -419,6 +419,7 @@ static int raydium_i2c_write_object(stru
+ enum raydium_bl_ack state)
+ {
+ int error;
++ static const u8 cmd[] = { 0xFF, 0x39 };
+
+ error = raydium_i2c_send(client, RM_CMD_BOOT_WRT, data, len);
+ if (error) {
+@@ -427,7 +428,7 @@ static int raydium_i2c_write_object(stru
+ return error;
+ }
+
+- error = raydium_i2c_send(client, RM_CMD_BOOT_ACK, NULL, 0);
++ error = raydium_i2c_send(client, RM_CMD_BOOT_ACK, cmd, sizeof(cmd));
+ if (error) {
+ dev_err(&client->dev, "Ack obj command failed: %d\n", error);
+ return error;
--- /dev/null
+From 42ffcd1dba1796bcda386eb6f260df9fc23c90af Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Olivier=20Cr=C3=AAte?= <olivier.crete@ocrete.ca>
+Date: Fri, 5 Feb 2021 11:59:08 -0800
+Subject: Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Olivier Crête <olivier.crete@ocrete.ca>
+
+commit 42ffcd1dba1796bcda386eb6f260df9fc23c90af upstream.
+
+Signed-off-by: Olivier Crête <olivier.crete@ocrete.ca>
+Link: https://lore.kernel.org/r/20210204005318.615647-1-olivier.crete@collabora.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/input/joystick/xpad.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/input/joystick/xpad.c
++++ b/drivers/input/joystick/xpad.c
+@@ -322,6 +322,7 @@ static const struct xpad_device {
+ { 0x1bad, 0xfd00, "Razer Onza TE", 0, XTYPE_XBOX360 },
+ { 0x1bad, 0xfd01, "Razer Onza", 0, XTYPE_XBOX360 },
+ { 0x20d6, 0x2001, "BDA Xbox Series X Wired Controller", 0, XTYPE_XBOXONE },
++ { 0x20d6, 0x2009, "PowerA Enhanced Wired Controller for Xbox Series X|S", 0, XTYPE_XBOXONE },
+ { 0x20d6, 0x281f, "PowerA Wired Controller For Xbox 360", 0, XTYPE_XBOX360 },
+ { 0x2e24, 0x0652, "Hyperkin Duke X-Box One pad", 0, XTYPE_XBOXONE },
+ { 0x24c6, 0x5000, "Razer Atrox Arcade Stick", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 },
--- /dev/null
+From 8da7520c80468c48f981f0b81fc1be6599e3b0ad Mon Sep 17 00:00:00 2001
+From: Jarkko Sakkinen <jarkko@kernel.org>
+Date: Fri, 29 Jan 2021 01:56:20 +0200
+Subject: KEYS: trusted: Fix migratable=1 failing
+
+From: Jarkko Sakkinen <jarkko@kernel.org>
+
+commit 8da7520c80468c48f981f0b81fc1be6599e3b0ad upstream.
+
+Consider the following transcript:
+
+$ keyctl add trusted kmk "new 32 blobauth=helloworld keyhandle=80000000 migratable=1" @u
+add_key: Invalid argument
+
+The documentation has the following description:
+
+ migratable= 0|1 indicating permission to reseal to new PCR values,
+ default 1 (resealing allowed)
+
+The consequence is that "migratable=1" should succeed. Fix this by
+allowing this condition to pass instead of return -EINVAL.
+
+[*] Documentation/security/keys/trusted-encrypted.rst
+
+Cc: stable@vger.kernel.org
+Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
+Cc: Mimi Zohar <zohar@linux.ibm.com>
+Cc: David Howells <dhowells@redhat.com>
+Fixes: d00a1c72f7f4 ("keys: add new trusted key-type")
+Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ security/keys/trusted.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/security/keys/trusted.c
++++ b/security/keys/trusted.c
+@@ -797,7 +797,7 @@ static int getoptions(char *c, struct tr
+ case Opt_migratable:
+ if (*args[0].from == '0')
+ pay->migratable = 0;
+- else
++ else if (*args[0].from != '1')
+ return -EINVAL;
+ break;
+ case Opt_pcrlock:
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
- mm/huge_memory.c | 15 +++++++++++++++
+ mm/huge_memory.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
-diff --git a/mm/huge_memory.c b/mm/huge_memory.c
-index 05ca01ef97f7f..14cd0ef33b628 100644
--- a/mm/huge_memory.c
+++ b/mm/huge_memory.c
-@@ -1022,6 +1022,19 @@ int do_huge_pmd_wp_page(struct fault_env *fe, pmd_t orig_pmd)
+@@ -1022,6 +1022,19 @@ int do_huge_pmd_wp_page(struct fault_env
* We can only reuse the page if nobody else maps the huge page or it's
* part.
*/
if (page_trans_huge_mapcount(page, NULL) == 1) {
pmd_t entry;
entry = pmd_mkyoung(orig_pmd);
-@@ -1029,8 +1042,10 @@ int do_huge_pmd_wp_page(struct fault_env *fe, pmd_t orig_pmd)
+@@ -1029,8 +1042,10 @@ int do_huge_pmd_wp_page(struct fault_env
if (pmdp_set_access_flags(vma, haddr, fe->pmd, entry, 1))
update_mmu_cache_pmd(vma, fe->address, fe->pmd);
ret |= VM_FAULT_WRITE;
get_page(page);
spin_unlock(fe->ptl);
alloc:
---
-2.27.0
-
--- /dev/null
+From 04b38d012556199ba4c31195940160e0c44c64f0 Mon Sep 17 00:00:00 2001
+From: Paul Cercueil <paul@crapouillou.net>
+Date: Mon, 11 Jan 2021 17:28:39 +0000
+Subject: seccomp: Add missing return in non-void function
+
+From: Paul Cercueil <paul@crapouillou.net>
+
+commit 04b38d012556199ba4c31195940160e0c44c64f0 upstream.
+
+We don't actually care about the value, since the kernel will panic
+before that; but a value should nonetheless be returned, otherwise the
+compiler will complain.
+
+Fixes: 8112c4f140fa ("seccomp: remove 2-phase API")
+Cc: stable@vger.kernel.org # 4.7+
+Signed-off-by: Paul Cercueil <paul@crapouillou.net>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Link: https://lore.kernel.org/r/20210111172839.640914-1-paul@crapouillou.net
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/seccomp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/kernel/seccomp.c
++++ b/kernel/seccomp.c
+@@ -669,6 +669,8 @@ static int __seccomp_filter(int this_sys
+ const bool recheck_after_trace)
+ {
+ BUG();
++
++ return -1;
+ }
+ #endif
+
arm64-add-missing-isb-after-invalidating-tlb-in-__pr.patch
i2c-brcmstb-fix-brcmstd_send_i2c_cmd-condition.patch
scsi-bnx2fc-fix-kconfig-warning-cnic-build-errors.patch
+blk-settings-align-max_sectors-on-logical_block_size-boundary.patch
+acpi-configfs-add-missing-check-after-configfs_register_default_group.patch
+input-raydium_ts_i2c-do-not-send-zero-length.patch
+input-xpad-add-support-for-powera-enhanced-wired-controller-for-xbox-series-x-s.patch
+input-joydev-prevent-potential-read-overflow-in-ioctl.patch
+input-i8042-add-asus-zenbook-flip-to-noselftest-list.patch
+usb-serial-option-update-interface-mapping-for-zte-p685m.patch
+usb-musb-fix-runtime-pm-race-in-musb_queue_resume_work.patch
+usb-serial-mos7840-fix-error-code-in-mos7840_write.patch
+usb-serial-mos7720-fix-error-code-in-mos7720_write.patch
+usb-dwc3-gadget-fix-setting-of-depcfg.binterval_m1.patch
+usb-dwc3-gadget-fix-dep-interval-for-fullspeed-interrupt.patch
+keys-trusted-fix-migratable-1-failing.patch
+btrfs-abort-the-transaction-if-we-fail-to-inc-ref-in-btrfs_copy_root.patch
+btrfs-fix-reloc-root-leak-with-0-ref-reloc-roots-on-recovery.patch
+btrfs-fix-extent-buffer-leak-on-failure-to-copy-root.patch
+seccomp-add-missing-return-in-non-void-function.patch
+drivers-misc-vmw_vmci-restrict-too-big-queue-size-in-qp_host_alloc_queue.patch
+staging-rtl8188eu-add-edimax-ew-7811un-v2-to-device-table.patch
--- /dev/null
+From 7a8d2f1908a59003e55ef8691d09efb7fbc51625 Mon Sep 17 00:00:00 2001
+From: Martin Kaiser <martin@kaiser.cx>
+Date: Thu, 4 Feb 2021 09:52:17 +0100
+Subject: staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
+
+From: Martin Kaiser <martin@kaiser.cx>
+
+commit 7a8d2f1908a59003e55ef8691d09efb7fbc51625 upstream.
+
+The Edimax EW-7811UN V2 uses an RTL8188EU chipset and works with this
+driver.
+
+Signed-off-by: Martin Kaiser <martin@kaiser.cx>
+Cc: stable <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20210204085217.9743-1-martin@kaiser.cx
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/staging/rtl8188eu/os_dep/usb_intf.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/staging/rtl8188eu/os_dep/usb_intf.c
++++ b/drivers/staging/rtl8188eu/os_dep/usb_intf.c
+@@ -49,6 +49,7 @@ static struct usb_device_id rtw_usb_id_t
+ {USB_DEVICE(0x2357, 0x0111)}, /* TP-Link TL-WN727N v5.21 */
+ {USB_DEVICE(0x2C4E, 0x0102)}, /* MERCUSYS MW150US v2 */
+ {USB_DEVICE(0x0df6, 0x0076)}, /* Sitecom N150 v2 */
++ {USB_DEVICE(0x7392, 0xb811)}, /* Edimax EW-7811UN V2 */
+ {USB_DEVICE(USB_VENDER_ID_REALTEK, 0xffef)}, /* Rosewill RNX-N150NUB */
+ {} /* Terminating entry */
+ };
--- /dev/null
+From 4b049f55ed95cd889bcdb3034fd75e1f01852b38 Mon Sep 17 00:00:00 2001
+From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
+Date: Mon, 8 Feb 2021 13:53:16 -0800
+Subject: usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
+
+From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
+
+commit 4b049f55ed95cd889bcdb3034fd75e1f01852b38 upstream.
+
+The dep->interval captures the number of frames/microframes per interval
+from bInterval. Fullspeed interrupt endpoint bInterval is the number of
+frames per interval and not 2^(bInterval - 1). So fix it here. This
+change is only for debugging purpose and should not affect the interrupt
+endpoint operation.
+
+Fixes: 72246da40f37 ("usb: Introduce DesignWare USB3 DRD Driver")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
+Link: https://lore.kernel.org/r/1263b563dedc4ab8b0fb854fba06ce4bc56bd495.1612820995.git.Thinh.Nguyen@synopsys.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/dwc3/gadget.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/dwc3/gadget.c
++++ b/drivers/usb/dwc3/gadget.c
+@@ -538,8 +538,13 @@ static int dwc3_gadget_set_ep_config(str
+ if (dwc->gadget.speed == USB_SPEED_FULL)
+ bInterval_m1 = 0;
+
++ if (usb_endpoint_type(desc) == USB_ENDPOINT_XFER_INT &&
++ dwc->gadget.speed == USB_SPEED_FULL)
++ dep->interval = desc->bInterval;
++ else
++ dep->interval = 1 << (desc->bInterval - 1);
++
+ params.param1 |= DWC3_DEPCFG_BINTERVAL_M1(bInterval_m1);
+- dep->interval = 1 << (desc->bInterval - 1);
+ }
+
+ return dwc3_send_gadget_ep_cmd(dep, DWC3_DEPCMD_SETEPCONFIG, ¶ms);
--- /dev/null
+From a1679af85b2ae35a2b78ad04c18bb069c37330cc Mon Sep 17 00:00:00 2001
+From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
+Date: Mon, 8 Feb 2021 13:53:10 -0800
+Subject: usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
+
+From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
+
+commit a1679af85b2ae35a2b78ad04c18bb069c37330cc upstream.
+
+Valid range for DEPCFG.bInterval_m1 is from 0 to 13, and it must be set
+to 0 when the controller operates in full-speed. See the programming
+guide for DEPCFG command section 3.2.2.1 (v3.30a).
+
+Fixes: 72246da40f37 ("usb: Introduce DesignWare USB3 DRD Driver")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
+Link: https://lore.kernel.org/r/3f57026f993c0ce71498dbb06e49b3a47c4d0265.1612820995.git.Thinh.Nguyen@synopsys.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/dwc3/gadget.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/dwc3/gadget.c
++++ b/drivers/usb/dwc3/gadget.c
+@@ -528,7 +528,17 @@ static int dwc3_gadget_set_ep_config(str
+ params.param0 |= DWC3_DEPCFG_FIFO_NUMBER(dep->number >> 1);
+
+ if (desc->bInterval) {
+- params.param1 |= DWC3_DEPCFG_BINTERVAL_M1(desc->bInterval - 1);
++ u8 bInterval_m1;
++
++ /*
++ * Valid range for DEPCFG.bInterval_m1 is from 0 to 13, and it
++ * must be set to 0 when the controller operates in full-speed.
++ */
++ bInterval_m1 = min_t(u8, desc->bInterval - 1, 13);
++ if (dwc->gadget.speed == USB_SPEED_FULL)
++ bInterval_m1 = 0;
++
++ params.param1 |= DWC3_DEPCFG_BINTERVAL_M1(bInterval_m1);
+ dep->interval = 1 << (desc->bInterval - 1);
+ }
+
--- /dev/null
+From 0eaa1a3714db34a59ce121de5733c3909c529463 Mon Sep 17 00:00:00 2001
+From: Paul Cercueil <paul@crapouillou.net>
+Date: Sat, 23 Jan 2021 14:24:59 +0000
+Subject: usb: musb: Fix runtime PM race in musb_queue_resume_work
+
+From: Paul Cercueil <paul@crapouillou.net>
+
+commit 0eaa1a3714db34a59ce121de5733c3909c529463 upstream.
+
+musb_queue_resume_work() would call the provided callback if the runtime
+PM status was 'active'. Otherwise, it would enqueue the request if the
+hardware was still suspended (musb->is_runtime_suspended is true).
+
+This causes a race with the runtime PM handlers, as it is possible to be
+in the case where the runtime PM status is not yet 'active', but the
+hardware has been awaken (PM resume function has been called).
+
+When hitting the race, the resume work was not enqueued, which probably
+triggered other bugs further down the stack. For instance, a telnet
+connection on Ingenic SoCs would result in a 50/50 chance of a
+segmentation fault somewhere in the musb code.
+
+Rework the code so that either we call the callback directly if
+(musb->is_runtime_suspended == 0), or enqueue the query otherwise.
+
+Fixes: ea2f35c01d5e ("usb: musb: Fix sleeping function called from invalid context for hdrc glue")
+Cc: stable@vger.kernel.org # v4.9+
+Tested-by: Tony Lindgren <tony@atomide.com>
+Reviewed-by: Tony Lindgren <tony@atomide.com>
+Signed-off-by: Paul Cercueil <paul@crapouillou.net>
+Link: https://lore.kernel.org/r/20210123142502.16980-1-paul@crapouillou.net
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/musb/musb_core.c | 31 +++++++++++++++++--------------
+ 1 file changed, 17 insertions(+), 14 deletions(-)
+
+--- a/drivers/usb/musb/musb_core.c
++++ b/drivers/usb/musb/musb_core.c
+@@ -2097,32 +2097,35 @@ int musb_queue_resume_work(struct musb *
+ {
+ struct musb_pending_work *w;
+ unsigned long flags;
++ bool is_suspended;
+ int error;
+
+ if (WARN_ON(!callback))
+ return -EINVAL;
+
+- if (pm_runtime_active(musb->controller))
+- return callback(musb, data);
++ spin_lock_irqsave(&musb->list_lock, flags);
++ is_suspended = musb->is_runtime_suspended;
+
+- w = devm_kzalloc(musb->controller, sizeof(*w), GFP_ATOMIC);
+- if (!w)
+- return -ENOMEM;
++ if (is_suspended) {
++ w = devm_kzalloc(musb->controller, sizeof(*w), GFP_ATOMIC);
++ if (!w) {
++ error = -ENOMEM;
++ goto out_unlock;
++ }
++
++ w->callback = callback;
++ w->data = data;
+
+- w->callback = callback;
+- w->data = data;
+- spin_lock_irqsave(&musb->list_lock, flags);
+- if (musb->is_runtime_suspended) {
+ list_add_tail(&w->node, &musb->pending_list);
+ error = 0;
+- } else {
+- dev_err(musb->controller, "could not add resume work %p\n",
+- callback);
+- devm_kfree(musb->controller, w);
+- error = -EINPROGRESS;
+ }
++
++out_unlock:
+ spin_unlock_irqrestore(&musb->list_lock, flags);
+
++ if (!is_suspended)
++ error = callback(musb, data);
++
+ return error;
+ }
+ EXPORT_SYMBOL_GPL(musb_queue_resume_work);
--- /dev/null
+From fea7372cbc40869876df0f045e367f6f97a1666c Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Thu, 28 Jan 2021 12:35:23 +0300
+Subject: USB: serial: mos7720: fix error code in mos7720_write()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit fea7372cbc40869876df0f045e367f6f97a1666c upstream.
+
+This code should return -ENOMEM if the kmalloc() fails but instead
+it returns success.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Fixes: 0f64478cbc7a ("USB: add USB serial mos7720 driver")
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/mos7720.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/serial/mos7720.c
++++ b/drivers/usb/serial/mos7720.c
+@@ -1239,8 +1239,10 @@ static int mos7720_write(struct tty_stru
+ if (urb->transfer_buffer == NULL) {
+ urb->transfer_buffer = kmalloc(URB_TRANSFER_BUFFER_SIZE,
+ GFP_ATOMIC);
+- if (!urb->transfer_buffer)
++ if (!urb->transfer_buffer) {
++ bytes_sent = -ENOMEM;
+ goto exit;
++ }
+ }
+ transfer_size = min(count, URB_TRANSFER_BUFFER_SIZE);
+
--- /dev/null
+From a70aa7dc60099bbdcbd6faca42a915d80f31161e Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Tue, 26 Jan 2021 13:26:54 +0300
+Subject: USB: serial: mos7840: fix error code in mos7840_write()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit a70aa7dc60099bbdcbd6faca42a915d80f31161e upstream.
+
+This should return -ENOMEM instead of 0 if the kmalloc() fails.
+
+Fixes: 3f5429746d91 ("USB: Moschip 7840 USB-Serial Driver")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/mos7840.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/serial/mos7840.c
++++ b/drivers/usb/serial/mos7840.c
+@@ -1362,8 +1362,10 @@ static int mos7840_write(struct tty_stru
+ if (urb->transfer_buffer == NULL) {
+ urb->transfer_buffer = kmalloc(URB_TRANSFER_BUFFER_SIZE,
+ GFP_ATOMIC);
+- if (!urb->transfer_buffer)
++ if (!urb->transfer_buffer) {
++ bytes_sent = -ENOMEM;
+ goto exit;
++ }
+ }
+ transfer_size = min(count, URB_TRANSFER_BUFFER_SIZE);
+
--- /dev/null
+From 6420a569504e212d618d4a4736e2c59ed80a8478 Mon Sep 17 00:00:00 2001
+From: Lech Perczak <lech.perczak@gmail.com>
+Date: Sun, 7 Feb 2021 01:54:43 +0100
+Subject: USB: serial: option: update interface mapping for ZTE P685M
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Lech Perczak <lech.perczak@gmail.com>
+
+commit 6420a569504e212d618d4a4736e2c59ed80a8478 upstream.
+
+This patch prepares for qmi_wwan driver support for the device.
+Previously "option" driver mapped itself to interfaces 0 and 3 (matching
+ff/ff/ff), while interface 3 is in fact a QMI port.
+Interfaces 1 and 2 (matching ff/00/00) expose AT commands,
+and weren't supported previously at all.
+Without this patch, a possible conflict would exist if device ID was
+added to qmi_wwan driver for interface 3.
+
+Update and simplify device ID to match interfaces 0-2 directly,
+to expose QCDM (0), PCUI (1), and modem (2) ports and avoid conflict
+with QMI (3), and ADB (4).
+
+The modem is used inside ZTE MF283+ router and carriers identify it as
+such.
+Interface mapping is:
+0: QCDM, 1: AT (PCUI), 2: AT (Modem), 3: QMI, 4: ADB
+
+T: Bus=02 Lev=02 Prnt=02 Port=05 Cnt=01 Dev#= 3 Spd=480 MxCh= 0
+D: Ver= 2.01 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
+P: Vendor=19d2 ProdID=1275 Rev=f0.00
+S: Manufacturer=ZTE,Incorporated
+S: Product=ZTE Technologies MSM
+S: SerialNumber=P685M510ZTED0000CP&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&0
+C:* #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA
+I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
+E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
+E: Ad=87(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
+E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
+E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+
+Cc: Johan Hovold <johan@kernel.org>
+Cc: Bjørn Mork <bjorn@mork.no>
+Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
+Link: https://lore.kernel.org/r/20210207005443.12936-1-lech.perczak@gmail.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/option.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -1551,7 +1551,8 @@ static const struct usb_device_id option
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1272, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1273, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1274, 0xff, 0xff, 0xff) },
+- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1275, 0xff, 0xff, 0xff) },
++ { USB_DEVICE(ZTE_VENDOR_ID, 0x1275), /* ZTE P685M */
++ .driver_info = RSVD(3) | RSVD(4) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1276, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1277, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1278, 0xff, 0xff, 0xff) },
projects / thirdparty / kernel / stable-queue.git / commitdiff
