Changes in 4.9.63
gso: fix payload length when gso_size is zero
tun/tap: sanitize TUNSETSNDBUF input
ipv6: addrconf: increment ifp refcount before ipv6_del_addr()
netlink: do not set cb_running if dump's start() errs
net: call cgroup_sk_alloc() earlier in sk_clone_lock()
tcp: fix tcp_mtu_probe() vs highest_sack
l2tp: check ps->sock before running pppol2tp_session_ioctl()
tun: call dev_get_valid_name() before register_netdevice()
sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect
tcp/dccp: fix ireq->opt races
packet: avoid panic in packet_getsockopt()
soreuseport: fix initialization race
ipv6: flowlabel: do not leave opt->tot_len with garbage
sctp: full support for ipv6 ip_nonlocal_bind & IP_FREEBIND
tcp/dccp: fix lockdep splat in inet_csk_route_req()
tcp/dccp: fix other lockdep splats accessing ireq_opt
net/unix: don't show information about sockets from other namespaces
tap: double-free in error path in tap_open()
ipip: only increase err_count for some certain type icmp in ipip_err
ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err
ip6_gre: update dst pmtu if dev mtu has been updated by toobig in __gre6_xmit
tun: allow positive return values on dev_get_valid_name() call
sctp: reset owner sk for data chunks on out queues when migrating a sock
net_sched: avoid matching qdisc with zero handle
ppp: fix race in ppp device destruction
mac80211: accept key reinstall without changing anything
mac80211: use constant time comparison with keys
mac80211: don't compare TKIP TX MIC key in reinstall prevention
usb: usbtest: fix NULL pointer dereference
Input: ims-psu - check if CDC union descriptor is sane
ALSA: seq: Cancel pending autoload work at unbinding device
Revert "ARM: dts: imx53-qsb-common: fix FEC pinmux config"
netfilter: nat: avoid use of nf_conn_nat extension
netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable"
security/keys: add CONFIG_KEYS_COMPAT to Kconfig
brcmfmac: remove setting IBSS mode when stopping AP
target/iscsi: Fix iSCSI task reassignment handling
qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT (v2)
misc: panel: properly restore atomic counter on error path
Linux 4.9.63
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit ea04efee76 upstream.
Before trying to use CDC union descriptor, try to validate whether that it
is sane by checking that intf->altsetting->extra is big enough and that
descriptor bLength is not too big and not too small.
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.9.62
adv7604: Initialize drive strength to default when using DT
video: fbdev: pmag-ba-fb: Remove bad `__init' annotation
PCI: mvebu: Handle changes to the bridge windows while enabled
sched/core: Add missing update_rq_clock() call in sched_move_task()
xen/netback: set default upper limit of tx/rx queues to 8
ARM: dts: imx53-qsb-common: fix FEC pinmux config
dt-bindings: clockgen: Add compatible string for LS1012A
EDAC, amd64: Add x86cpuid sanity check during init
PM / OPP: Error out on failing to add static OPPs for v1 bindings
clk: samsung: exynos5433: Add IDs for PHYCLK_MIPIDPHY0_* clocks
drm: drm_minor_register(): Clean up debugfs on failure
KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter
iommu/arm-smmu-v3: Clear prior settings when updating STEs
pinctrl: baytrail: Fix debugfs offset output
powerpc/corenet: explicitly disable the SDHC controller on kmcoge4
cxl: Force psl data-cache flush during device shutdown
ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6
arm64: dma-mapping: Only swizzle DMA ops for IOMMU_DOMAIN_DMA
crypto: vmx - disable preemption to enable vsx in aes_ctr.c
drm: mali-dp: fix Lx_CONTROL register fields clobber
iio: trigger: free trigger resource correctly
iio: pressure: ms5611: claim direct mode during oversampling changes
iio: magnetometer: mag3110: claim direct mode during raw writes
iio: proximity: sx9500: claim direct mode during raw proximity reads
dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification
dt-bindings: Add vendor prefix for LEGO
phy: increase size of MII_BUS_ID_SIZE and bus_id
serial: sh-sci: Fix register offsets for the IRDA serial port
libertas: fix improper return value
usb: hcd: initialize hcd->flags to 0 when rm hcd
netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family
brcmfmac: setup wiphy bands after registering it first
rt2800usb: mark tx failure on timeout
apparmor: fix undefined reference to `aa_g_hash_policy'
IPsec: do not ignore crypto err in ah4 input
EDAC, amd64: Save and return err code from probe_one_instance()
s390/topology: make "topology=off" parameter work
Input: mpr121 - handle multiple bits change of status register
Input: mpr121 - set missing event capability
sched/cputime, powerpc32: Fix stale scaled stime on context switch
IB/ipoib: Change list_del to list_del_init in the tx object
ARM: dts: STiH410-family: fix wrong parent clock frequency
s390/qeth: fix retrieval of vipa and proxy-arp addresses
s390/qeth: issue STARTLAN as first IPA command
wcn36xx: Don't use the destroyed hal_mutex
IB/rxe: Fix reference leaks in memory key invalidation code
clk: mvebu: adjust AP806 CPU clock frequencies to production chip
net: dsa: select NET_SWITCHDEV
platform/x86: hp-wmi: Fix detection for dock and tablet mode
cdc_ncm: Set NTB format again after altsetting switch for Huawei devices
KEYS: trusted: sanitize all key material
KEYS: trusted: fix writing past end of buffer in trusted_read()
platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state
platform/x86: hp-wmi: Do not shadow error values
x86/uaccess, sched/preempt: Verify access_ok() context
workqueue: Fix NULL pointer dereference
crypto: ccm - preserve the IV buffer
crypto: x86/sha1-mb - fix panic due to unaligned access
crypto: x86/sha256-mb - fix panic due to unaligned access
KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
ARM: 8720/1: ensure dump_instr() checks addr_limit
ALSA: seq: Fix OSS sysex delivery in OSS emulation
ALSA: seq: Avoid invalid lockdep class warning
drm/i915: Do not rely on wm preservation for ILK watermarks
MIPS: microMIPS: Fix incorrect mask in insn_table_MM
MIPS: Fix CM region target definitions
MIPS: SMP: Use a completion event to signal CPU up
MIPS: Fix race on setting and getting cpu_online_mask
MIPS: SMP: Fix deadlock & online race
selftests: firmware: send expected errors to /dev/null
tools: firmware: check for distro fallback udev cancel rule
ASoC: sun4i-spdif: remove legacy dapm components
MIPS: BMIPS: Fix missing cbr address
MIPS: AR7: Defer registration of GPIO
MIPS: AR7: Ensure that serial ports are properly set up
Input: elan_i2c - add ELAN060C to the ACPI table
rbd: use GFP_NOIO for parent stat and data requests
drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue
drm/bridge: adv7511: Rework adv7511_power_on/off() so they can be reused internally
drm/bridge: adv7511: Reuse __adv7511_power_on/off() when probing EDID
drm/bridge: adv7511: Re-write the i2c address before EDID probing
can: sun4i: handle overrun in RX FIFO
can: ifi: Fix transmitter delay calculation
can: c_can: don't indicate triple sampling support for D_CAN
x86/smpboot: Make optimization of delay calibration work correctly
x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context
Linux 4.9.62
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 9723ddc8fe ]
This driver reports misc scan input events on the sensor's status
register changes. But the event capability for them was not set in the
device initialization, so these events were ignored.
This change adds the missing event capability.
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 08fea55e37 ]
This driver reports input events on their interrupts which are triggered
by the sensor's status register changes. But only single bit change is
reported in the interrupt handler. So if there are multiple bits are
changed at almost the same time, other press or release events are ignored.
This fixes it by detecting all changed bits in the status register.
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.9.60
workqueue: replace pool->manager_arb mutex with a flag
ALSA: hda/realtek - Add support for ALC236/ALC3204
ALSA: hda - fix headset mic problem for Dell machines with alc236
ceph: unlock dangling spinlock in try_flush_caps()
usb: xhci: Handle error condition in xhci_stop_device()
KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM
spi: uapi: spidev: add missing ioctl header
spi: bcm-qspi: Fix use after free in bcm_qspi_probe() in error path
fuse: fix READDIRPLUS skipping an entry
xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap()
Input: elan_i2c - add ELAN0611 to the ACPI table
Input: gtco - fix potential out-of-bound access
assoc_array: Fix a buggy node-splitting case
scsi: zfcp: fix erp_action use-before-initialize in REC action trace
scsi: sg: Re-fix off by one in sg_fill_request_table()
drm/amd/powerplay: fix uninitialized variable
can: sun4i: fix loopback mode
can: kvaser_usb: Correct return value in printout
can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages
cfg80211: fix connect/disconnect edge cases
ipsec: Fix aborted xfrm policy dump crash
regulator: fan53555: fix I2C device ids
ecryptfs: fix dereference of NULL user_key_payload
Linux 4.9.60
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit a50829479f upstream.
parse_hid_report_descriptor() has a while (i < length) loop, which
only guarantees that there's at least 1 byte in the buffer, but the
loop body can read multiple bytes which causes out-of-bounds access.
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Reviewed-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.9.52
SUNRPC: Refactor svc_set_num_threads()
NFSv4: Fix callback server shutdown
mm: prevent double decrease of nr_reserved_highatomic
orangefs: Don't clear SGID when inheriting ACLs
IB/{qib, hfi1}: Avoid flow control testing for RDMA write operation
drm/sun4i: Implement drm_driver lastclose to restore fbdev console
IB/addr: Fix setting source address in addr6_resolve()
tty: improve tty_insert_flip_char() fast path
tty: improve tty_insert_flip_char() slow path
tty: fix __tty_insert_flip_char regression
pinctrl/amd: save pin registers over suspend/resume
Input: i8042 - add Gigabyte P57 to the keyboard reset table
MIPS: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation
MIPS: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero
MIPS: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative
MIPS: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with opposite signs
MIPS: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs
MIPS: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs
MIPS: math-emu: Handle zero accumulator case in MADDF and MSUBF separately
MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix NaN propagation
MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix some cases of infinite inputs
MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Fix some cases of zero inputs
MIPS: math-emu: <MADDF|MSUBF>.<D|S>: Clean up "maddf_flags" enumeration
MIPS: math-emu: <MADDF|MSUBF>.S: Fix accuracy (32-bit case)
MIPS: math-emu: <MADDF|MSUBF>.D: Fix accuracy (64-bit case)
crypto: ccp - Fix XTS-AES-128 support on v5 CCPs
crypto: AF_ALG - remove SGL terminator indicator when chaining
ext4: fix incorrect quotaoff if the quota feature is enabled
ext4: fix quota inconsistency during orphan cleanup for read-only mounts
powerpc: Fix DAR reporting when alignment handler faults
block: Relax a check in blk_start_queue()
md/bitmap: disable bitmap_resize for file-backed bitmaps.
skd: Avoid that module unloading triggers a use-after-free
skd: Submit requests to firmware before triggering the doorbell
scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records
scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA
scsi: zfcp: fix missing trace records for early returns in TMF eh handlers
scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response
scsi: zfcp: trace high part of "new" 64 bit SCSI LUN
scsi: megaraid_sas: set minimum value of resetwaittime to be 1 secs
scsi: megaraid_sas: Check valid aen class range to avoid kernel panic
scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead
scsi: storvsc: fix memory leak on ring buffer busy
scsi: sg: remove 'save_scat_len'
scsi: sg: use standard lists for sg_requests
scsi: sg: off by one in sg_ioctl()
scsi: sg: factor out sg_fill_request_table()
scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
scsi: qla2xxx: Correction to vha->vref_count timeout
scsi: qla2xxx: Fix an integer overflow in sysfs code
ftrace: Fix selftest goto location on error
ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
tracing: Add barrier to trace_printk() buffer nesting modification
tracing: Apply trace_clock changes to instance max buffer
ARC: Re-enable MMU upon Machine Check exception
PCI: shpchp: Enable bridge bus mastering if MSI is enabled
PCI: pciehp: Report power fault only once until we clear it
net/netfilter/nf_conntrack_core: Fix net_conntrack_lock()
s390/mm: fix local TLB flushing vs. detach of an mm address space
s390/mm: fix race on mm->context.flush_mm
media: v4l2-compat-ioctl32: Fix timespec conversion
media: uvcvideo: Prevent heap overflow when accessing mapped controls
PM / devfreq: Fix memory leak when fail to register device
bcache: initialize dirty stripes in flash_dev_run()
bcache: Fix leak of bdev reference
bcache: do not subtract sectors_to_gc for bypassed IO
bcache: correct cache_dirty_target in __update_writeback_rate()
bcache: Correct return value for sysfs attach errors
bcache: fix for gc and write-back race
bcache: fix bch_hprint crash and improve output
Linux 4.9.52
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 4.9.49
usb: quirks: add delay init quirk for Corsair Strafe RGB keyboard
USB: serial: option: add support for D-Link DWM-157 C1
usb: Add device quirk for Logitech HD Pro Webcam C920-C
usb:xhci:Fix regression when ATI chipsets detected
USB: musb: fix external abort on suspend
USB: core: Avoid race of async_completed() w/ usbdev_release()
staging/rts5208: fix incorrect shift to extract upper nybble
iio: adc: ti-ads1015: fix incorrect data rate setting update
iio: adc: ti-ads1015: fix scale information for ADS1115
iio: adc: ti-ads1015: enable conversion when CONFIG_PM is not set
iio: adc: ti-ads1015: avoid getting stale result after runtime resume
iio: adc: ti-ads1015: don't return invalid value from buffer setup callbacks
iio: adc: ti-ads1015: add adequate wait time to get correct conversion
driver core: bus: Fix a potential double free
intel_th: pci: Add Cannon Lake PCH-H support
intel_th: pci: Add Cannon Lake PCH-LP support
ath10k: fix memory leak in rx ring buffer allocation
Input: trackpoint - assume 3 buttons when buttons detection fails
rtlwifi: rtl_pci_probe: Fix fail path of _rtl_pci_find_adapter
Bluetooth: Add support of 13d3:3494 RTL8723BE device
iwlwifi: pci: add new PCI ID for 7265D
dlm: avoid double-free on error path in dlm_device_{register,unregister}
mwifiex: correct channel stat buffer overflows
MCB: add support for SC31 to mcb-lpc
s390/mm: avoid empty zero pages for KVM guests to avoid postcopy hangs
drm/nouveau/pci/msi: disable MSI on big-endian platforms by default
workqueue: Fix flag collision
cs5536: add support for IDE controller variant
scsi: sg: protect against races between mmap() and SG_SET_RESERVED_SIZE
scsi: sg: recheck MMAP_IO request length with lock held
drm/bridge: adv7511: Use work_struct to defer hotplug handing to out of irq context
drm/bridge: adv7511: Switch to using drm_kms_helper_hotplug_event()
Linux 4.9.49
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 293b915fd9 upstream.
Trackpoint buttons detection fails on ThinkPad 570 and 470 series,
this makes the middle button of the trackpoint to not being recogized.
As I don't believe there is any trackpoint with less than 3 buttons this
patch just assumes three buttons when the extended button information
read fails.
Signed-off-by: Oscar Campos <oscar.campos@member.fsf.org>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Aaron Ma <aaron.ma@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.9.46
sparc64: remove unnecessary log message
af_key: do not use GFP_KERNEL in atomic contexts
dccp: purge write queue in dccp_destroy_sock()
dccp: defer ccid_hc_tx_delete() at dismantle time
ipv4: fix NULL dereference in free_fib_info_rcu()
net_sched/sfq: update hierarchical backlog when drop packet
net_sched: remove warning from qdisc_hash_add
bpf: fix bpf_trace_printk on 32 bit archs
openvswitch: fix skb_panic due to the incorrect actions attrlen
ptr_ring: use kmalloc_array()
ipv4: better IP_MAX_MTU enforcement
nfp: fix infinite loop on umapping cleanup
sctp: fully initialize the IPv6 address in sctp_v6_to_addr()
tipc: fix use-after-free
ipv6: reset fn->rr_ptr when replacing route
ipv6: repair fib6 tree in failure case
tcp: when rearming RTO, if RTO time is in past then fire RTO ASAP
net/mlx4_core: Enable 4K UAR if SRIOV module parameter is not enabled
irda: do not leak initialized list.dev to userspace
net: sched: fix NULL pointer dereference when action calls some targets
net_sched: fix order of queue length updates in qdisc_replace()
bpf, verifier: add additional patterns to evaluate_reg_imm_alu
bpf: adjust verifier heuristics
bpf, verifier: fix alu ops against map_value{, _adj} register types
bpf: fix mixed signed/unsigned derived min/max value bounds
bpf/verifier: fix min/max handling in BPF_SUB
Input: trackpoint - add new trackpoint firmware ID
Input: elan_i2c - add ELAN0602 ACPI ID to support Lenovo Yoga310
Input: ALPS - fix two-finger scroll breakage in right side on ALPS touchpad
KVM: s390: sthyi: fix sthyi inline assembly
KVM: s390: sthyi: fix specification exception detection
KVM: x86: block guest protection keys unless the host has them enabled
ALSA: usb-audio: Add delay quirk for H650e/Jabra 550a USB headsets
ALSA: core: Fix unexpected error at replacing user TLV
ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)
ALSA: firewire: fix NULL pointer dereference when releasing uninitialized data of iso-resource
ARCv2: PAE40: Explicitly set MSB counterpart of SLC region ops addresses
mm, shmem: fix handling /sys/kernel/mm/transparent_hugepage/shmem_enabled
i2c: designware: Fix system suspend
mm/madvise.c: fix freeing of locked page with MADV_FREE
fork: fix incorrect fput of ->exe_file causing use-after-free
mm/memblock.c: reversed logic in memblock_discard()
drm: Release driver tracking before making the object available again
drm/atomic: If the atomic check fails, return its value first
drm: rcar-du: Fix crash in encoder failure error path
drm: rcar-du: Fix display timing controller parameter
drm: rcar-du: Fix H/V sync signal polarity configuration
tracing: Call clear_boot_tracer() at lateinit_sync
tracing: Fix kmemleak in tracing_map_array_free()
tracing: Fix freeing of filter in create_filter() when set_str is false
kbuild: linker script do not match C names unless LD_DEAD_CODE_DATA_ELIMINATION is configured
cifs: Fix df output for users with quota limits
cifs: return ENAMETOOLONG for overlong names in cifs_open()/cifs_lookup()
nfsd: Limit end of page list when decoding NFSv4 WRITE
ftrace: Check for null ret_stack on profile function graph entry function
perf/core: Fix group {cpu,task} validation
perf probe: Fix --funcs to show correct symbols for offline module
perf/x86/intel/rapl: Make package handling more robust
timers: Fix excessive granularity of new timers after a nohz idle
x86/mm: Fix use-after-free of ldt_struct
net: sunrpc: svcsock: fix NULL-pointer exception
Revert "leds: handle suspend/resume in heartbeat trigger"
netfilter: nat: fix src map lookup
Bluetooth: hidp: fix possible might sleep error in hidp_session_thread
Bluetooth: cmtp: fix possible might sleep error in cmtp_session
Bluetooth: bnep: fix possible might sleep error in bnep_session
Revert "android: binder: Sanity check at binder ioctl"
binder: use group leader instead of open thread
binder: Use wake up hint for synchronous transactions.
ANDROID: binder: fix proc->tsk check.
iio: imu: adis16480: Fix acceleration scale factor for adis16480
iio: hid-sensor-trigger: Fix the race with user space powering up sensors
staging: rtl8188eu: add RNX-N150NUB support
Clarify (and fix) MAX_LFS_FILESIZE macros
ntb_transport: fix qp count bug
ntb_transport: fix bug calculating num_qps_mw
NTB: ntb_test: fix bug printing ntb_perf results
ntb: no sleep in ntb_async_tx_submit
ntb: ntb_test: ensure the link is up before trying to configure the mws
ntb: transport shouldn't disable link due to bogus values in SPADs
ACPI: ioapic: Clear on-stack resource before using it
ACPI / APEI: Add missing synchronize_rcu() on NOTIFY_SCI removal
ACPI: EC: Fix regression related to wrong ECDT initialization order
powerpc/mm: Ensure cpumask update is ordered
Linux 4.9.46
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 4a646580f7 upstream.
Fixed the issue that two finger scroll does not work correctly
on V8 protocol. The cause is that V8 protocol X-coordinate decode
is wrong at SS4 PLUS device. I added SS4 PLUS X decode definition.
Mote notes:
the problem manifests itself by the commit e7348396c6 ("Input: ALPS
- fix V8+ protocol handling (73 03 28)"), where a fix for the V8+
protocol was applied. Although the culprit must have been present
beforehand, the two-finger scroll worked casually even with the
wrongly reported values by some reason. It got broken by the commit
above just because it changed x_max value, and this made libinput
correctly figuring the MT events. Since the X coord is reported as
falsely doubled, the events on the right-half side go outside the
boundary, thus they are no longer handled. This resulted as a broken
two-finger scroll.
One finger event is decoded differently, and it didn't suffer from
this problem. The problem was only about MT events. --tiwai
Fixes: e7348396c6 ("Input: ALPS - fix V8+ protocol handling (73 03 28)")
Signed-off-by: Masaki Ota <masaki.ota@jp.alps.com>
Tested-by: Takashi Iwai <tiwai@suse.de>
Tested-by: Paul Donohue <linux-kernel@PaulSD.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ec667683c5 upstream.
Synaptics add new TP firmware ID: 0x2 and 0x3, for now both lower 2 bits
are indicated as TP. Change the constant to bitwise values.
This makes trackpoint to be recognized on Lenovo Carbon X1 Gen5 instead
of it being identified as "PS/2 Generic Mouse".
Signed-off-by: Aaron Ma <aaron.ma@canonical.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.9.45
netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister
audit: Fix use after free in audit_remove_watch_rule()
parisc: pci memory bar assignment fails with 64bit kernels on dino/cujo
crypto: ixp4xx - Fix error handling path in 'aead_perform()'
crypto: x86/sha1 - Fix reads beyond the number of blocks passed
Input: elan_i2c - add ELAN0608 to the ACPI table
Input: elan_i2c - Add antoher Lenovo ACPI ID for upcoming Lenovo NB
ALSA: seq: 2nd attempt at fixing race creating a queue
ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset
ALSA: usb-audio: Add mute TLV for playback volumes on C-Media devices
mm: discard memblock data later
mm: fix double mmap_sem unlock on MMF_UNSTABLE enforced SIGBUS
mm/mempolicy: fix use after free when calling get_mempolicy
mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes
xen: fix bio vec merging
blk-mq-pci: add a fallback when pci_irq_get_affinity returns NULL
powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
xen-blkfront: use a right index when checking requests
x86/asm/64: Clear AC on NMI entries
irqchip/atmel-aic: Fix unbalanced of_node_put() in aic_common_irq_fixup()
irqchip/atmel-aic: Fix unbalanced refcount in aic_common_rtc_irq_fixup()
genirq: Restore trigger settings in irq_modify_status()
genirq/ipi: Fixup checks against nr_cpu_ids
Sanitize 'move_pages()' permission checks
pids: make task_tgid_nr_ns() safe
usb: optimize acpi companion search for usb port devices
usb: qmi_wwan: add D-Link DWM-222 device ID
Linux 4.9.45
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Fixes a steady memory leak in the keychord release code. A close of
the keychord device will leak 1 keychord structure. Easily
reproducible by a simple program that does an open()->write()->close()
of the keychord device.
Bug: 64483974
Change-Id: I1fa402c666cffb00b8cfd6379d9fe47a0989152c
Signed-off-by: Mohan Srinivasan <srmohan@google.com>
There are multiple bugs caused by threads racing in keychord_write.
1) Threads racing through this function can cause the same element to
be added to a linked list twice (multiple calls to
input_register_handler() for the same input_handler struct). And the
races can also cause an element in a linked list that doesn't exist
attempted to be removed (multiple calls to input_unregister_handler()
with the same input_handler struct).
2) The races can also cause duplicate kfree's of the keychords
struct.
Bug: 64133562
Bug: 63974334
Change-Id: I6329a4d58c665fab5d3e96ef96391e07b4941e80
Signed-off-by: Mohan Srinivasan <srmohan@google.com>
Changes in 4.9.40
disable new gcc-7.1.1 warnings for now
ir-core: fix gcc-7 warning on bool arithmetic
dm mpath: cleanup -Wbool-operation warning in choose_pgpath()
s5p-jpeg: don't return a random width/height
thermal: max77620: fix device-node reference imbalance
thermal: cpu_cooling: Avoid accessing potentially freed structures
ath9k: fix tx99 use after free
ath9k: fix tx99 bus error
ath9k: fix an invalid pointer dereference in ath9k_rng_stop()
NFC: fix broken device allocation
NFC: nfcmrvl_uart: add missing tty-device sanity check
NFC: nfcmrvl: do not use device-managed resources
NFC: nfcmrvl: use nfc-device for firmware download
NFC: nfcmrvl: fix firmware-management initialisation
nfc: Ensure presence of required attributes in the activate_target handler
nfc: Fix the sockaddr length sanitization in llcp_sock_connect
NFC: Add sockaddr length checks before accessing sa_family in bind handlers
perf intel-pt: Move decoder error setting into one condition
perf intel-pt: Improve sample timestamp
perf intel-pt: Fix missing stack clear
perf intel-pt: Ensure IP is zero when state is INTEL_PT_STATE_NO_IP
perf intel-pt: Fix last_ip usage
perf intel-pt: Ensure never to set 'last_ip' when packet 'count' is zero
perf intel-pt: Use FUP always when scanning for an IP
perf intel-pt: Clear FUP flag on error
Bluetooth: use constant time memory comparison for secret values
wlcore: fix 64K page support
btrfs: Don't clear SGID when inheriting ACLs
igb: Explicitly select page 0 at initialization
ASoC: compress: Derive substream from stream based on direction
PM / Domains: Fix unsafe iteration over modified list of device links
PM / Domains: Fix unsafe iteration over modified list of domain providers
PM / Domains: Fix unsafe iteration over modified list of domains
scsi: ses: do not add a device to an enclosure if enclosure_add_links() fails.
scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state
iscsi-target: Add login_keys_workaround attribute for non RFC initiators
xen/scsiback: Fix a TMR related use-after-free
powerpc/pseries: Fix passing of pp0 in updatepp() and updateboltedpp()
powerpc/64: Fix atomic64_inc_not_zero() to return an int
powerpc: Fix emulation of mcrf in emulate_step()
powerpc: Fix emulation of mfocrf in emulate_step()
powerpc/asm: Mark cr0 as clobbered in mftb()
powerpc/mm/radix: Properly clear process table entry
af_key: Fix sadb_x_ipsecrequest parsing
PCI: Work around poweroff & suspend-to-RAM issue on Macbook Pro 11
PCI: rockchip: Use normal register bank for config accessors
PCI/PM: Restore the status of PCI devices across hibernation
ipvs: SNAT packet replies only for NATed connections
xhci: fix 20000ms port resume timeout
xhci: Fix NULL pointer dereference when cleaning up streams for removed host
xhci: Bad Ethernet performance plugged in ASM1042A host
mxl111sf: Fix driver to use heap allocate buffers for USB messages
usb: storage: return on error to avoid a null pointer dereference
USB: cdc-acm: add device-id for quirky printer
usb: renesas_usbhs: fix usbhsc_resume() for !USBHSF_RUNTIME_PWCTRL
usb: renesas_usbhs: gadget: disable all eps when the driver stops
md: don't use flush_signals in userspace processes
x86/xen: allow userspace access during hypercalls
cx88: Fix regression in initial video standard setting
libnvdimm, btt: fix btt_rw_page not returning errors
libnvdimm: fix badblock range handling of ARS range
ext2: Don't clear SGID when inheriting ACLs
Raid5 should update rdev->sectors after reshape
s390/syscalls: Fix out of bounds arguments access
drm/amd/amdgpu: Return error if initiating read out of range on vram
drm/radeon/ci: disable mclk switching for high refresh rates (v2)
drm/radeon: Fix eDP for single-display iMac10,1 (v2)
ipmi: use rcu lock around call to intf->handlers->sender()
ipmi:ssif: Add missing unlock in error branch
xfs: Don't clear SGID when inheriting ACLs
f2fs: sanity check size of nat and sit cache
f2fs: Don't clear SGID when inheriting ACLs
drm/ttm: Fix use-after-free in ttm_bo_clean_mm
ovl: drop CAP_SYS_RESOURCE from saved mounter's credentials
vfio: Fix group release deadlock
vfio: New external user group/file match
nvme-rdma: remove race conditions from IB signalling
ftrace: Fix uninitialized variable in match_records()
MIPS: Fix mips_atomic_set() retry condition
MIPS: Fix mips_atomic_set() with EVA
MIPS: Negate error syscall return in trace
ubifs: Don't leak kernel memory to the MTD
ACPI / EC: Drop EC noirq hooks to fix a regression
Revert "ACPI / EC: Enable event freeze mode..." to fix a regression
x86/acpi: Prevent out of bound access caused by broken ACPI tables
x86/ioapic: Pass the correct data to unmask_ioapic_irq()
MIPS: Fix MIPS I ISA /proc/cpuinfo reporting
MIPS: Save static registers before sysmips
MIPS: Actually decode JALX in `__compute_return_epc_for_insn'
MIPS: Fix unaligned PC interpretation in `compute_return_epc'
MIPS: math-emu: Prevent wrong ISA mode instruction emulation
MIPS: Send SIGILL for BPOSGE32 in `__compute_return_epc_for_insn'
MIPS: Rename `sigill_r6' to `sigill_r2r6' in `__compute_return_epc_for_insn'
MIPS: Send SIGILL for linked branches in `__compute_return_epc_for_insn'
MIPS: Send SIGILL for R6 branches in `__compute_return_epc_for_insn'
MIPS: Fix a typo: s/preset/present/ in r2-to-r6 emulation error message
Input: i8042 - fix crash at boot time
IB/iser: Fix connection teardown race condition
IB/core: Namespace is mandatory input for address resolution
sunrpc: use constant time memory comparison for mac
NFS: only invalidate dentrys that are clearly invalid.
udf: Fix deadlock between writeback and udf_setsize()
target: Fix COMPARE_AND_WRITE caw_sem leak during se_cmd quiesce
iser-target: Avoid isert_conn->cm_id dereference in isert_login_recv_done
perf annotate: Fix broken arrow at row 0 connecting jmp instruction to its target
Revert "perf/core: Drop kernel samples even though :u is specified"
staging: rtl8188eu: add TL-WN722N v2 support
staging: comedi: ni_mio_common: fix AO timer off-by-one regression
staging: sm750fb: avoid conflicting vesafb
staging: lustre: ko2iblnd: check copy_from_iter/copy_to_iter return code
ceph: fix race in concurrent readdir
RDMA/core: Initialize port_num in qp_attr
drm/mst: Fix error handling during MST sideband message reception
drm/mst: Avoid dereferencing a NULL mstb in drm_dp_mst_handle_up_req()
drm/mst: Avoid processing partially received up/down message transactions
mlx5: Avoid that mlx5_ib_sg_to_klms() overflows the klms[] array
hfsplus: Don't clear SGID when inheriting ACLs
ovl: fix random return value on mount
acpi/nfit: Fix memory corruption/Unregister mce decoder on failure
of: device: Export of_device_{get_modalias, uvent_modalias} to modules
spmi: Include OF based modalias in device uevent
reiserfs: Don't clear SGID when inheriting ACLs
PM / Domains: defer dev_pm_domain_set() until genpd->attach_dev succeeds if present
tracing: Fix kmemleak in instance_rmdir
alarmtimer: don't rate limit one-shot timers
Linux 4.9.40
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Fix a slab out of bounds read in keychord_write(), detected by KASAN.
Signed-off-by: Mohan Srinivasan <srmohan@google.com>
Bug: 63962952
Change-Id: Iafef48b5d7283750ac0f39f5aaa767b1c3bf2004
Changes in 4.9.35
clk: sunxi-ng: a31: Correct lcd1-ch1 clock register offset
xen/blkback: fix disconnect while I/Os in flight
xen-blkback: don't leak stack data via response ring
ALSA: firewire-lib: Fix stall of process context at packet error
ALSA: pcm: Don't treat NULL chmap as a fatal error
fs/exec.c: account for argv/envp pointers
powerpc/perf: Fix oops when kthread execs user process
autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
lib/cmdline.c: fix get_options() overflow while parsing ranges
perf/x86/intel: Add 1G DTLB load/store miss support for SKL
KVM: s390: gaccess: fix real-space designation asce handling for gmap shadows
KVM: PPC: Book3S HV: Preserve userspace HTM state properly
KVM: PPC: Book3S HV: Context-switch EBB registers properly
CIFS: Improve readdir verbosity
cxgb4: notify uP to route ctrlq compl to rdma rspq
HID: Add quirk for Dell PIXART OEM mouse
signal: Only reschedule timers on signals timers have sent
powerpc/kprobes: Pause function_graph tracing during jprobes handling
powerpc/64s: Handle data breakpoints in Radix mode
Input: i8042 - add Fujitsu Lifebook AH544 to notimeout list
brcmfmac: add parameter to pass error code in firmware callback
brcmfmac: use firmware callback upon failure to load
brcmfmac: unbind all devices upon failure in firmware callback
time: Fix clock->read(clock) race around clocksource changes
time: Fix CLOCK_MONOTONIC_RAW sub-nanosecond accounting
arm64/vdso: Fix nsec handling for CLOCK_MONOTONIC_RAW
target: Fix kref->refcount underflow in transport_cmd_finish_abort
iscsi-target: Fix delayed logout processing greater than SECONDS_FOR_LOGOUT_COMP
iscsi-target: Reject immediate data underflow larger than SCSI transfer length
drm/radeon: add a PX quirk for another K53TK variant
drm/radeon: add a quirk for Toshiba Satellite L20-183
drm/amdgpu/atom: fix ps allocation size for EnableDispPowerGating
drm/amdgpu: adjust default display clock
rxrpc: Fix several cases where a padded len isn't checked in ticket decode
of: Add check to of_scan_flat_dt() before accessing initial_boot_params
mtd: spi-nor: fix spansion quad enable
usb: gadget: f_fs: avoid out of bounds access on comp_desc
rt2x00: avoid introducing a USB dependency in the rt2x00lib module
net: phy: Initialize mdio clock at probe function
dmaengine: bcm2835: Fix cyclic DMA period splitting
spi: double time out tolerance
net: phy: fix marvell phy status reading
jump label: fix passing kbuild_cflags when checking for asm goto support
brcmfmac: fix uninitialized warning in brcmf_usb_probe_phase2()
Linux 4.9.35
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 817ae460c7 upstream.
Without this quirk, the touchpad is not responsive on this product, with
the following message repeated in the logs:
psmouse serio1: bad data from KBC - timeout
Add it to the notimeout list alongside other similar Fujitsu laptops.
Signed-off-by: Daniel Drake <drake@endlessm.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.9.32
bnx2x: Fix Multi-Cos
vxlan: eliminate cached dst leak
ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
cxgb4: avoid enabling napi twice to the same queue
tcp: disallow cwnd undo when switching congestion control
vxlan: fix use-after-free on deletion
ipv6: Fix leak in ipv6_gso_segment().
net: ping: do not abuse udp_poll()
net/ipv6: Fix CALIPSO causing GPF with datagram support
net: ethoc: enable NAPI before poll may be scheduled
net: stmmac: fix completely hung TX when using TSO
net: bridge: start hello timer only if device is up
sparc64: Add __multi3 for gcc 7.x and later.
sparc64: mm: fix copy_tsb to correctly copy huge page TSBs
sparc: Machine description indices can vary
sparc64: reset mm cpumask after wrap
sparc64: combine activate_mm and switch_mm
sparc64: redefine first version
sparc64: add per-cpu mm of secondary contexts
sparc64: new context wrap
sparc64: delete old wrap code
arch/sparc: support NR_CPUS = 4096
serial: ifx6x60: fix use-after-free on module unload
ptrace: Properly initialize ptracer_cred on fork
crypto: asymmetric_keys - handle EBUSY due to backlog correctly
KEYS: fix dereferencing NULL payload with nonzero length
KEYS: fix freeing uninitialized memory in key_update()
KEYS: encrypted: avoid encrypting/decrypting stack buffers
crypto: drbg - wait for crypto op not signal safe
crypto: gcm - wait for crypto op not signal safe
drm/amdgpu/ci: disable mclk switching for high refresh rates (v2)
nfsd4: fix null dereference on replay
nfsd: Fix up the "supattr_exclcreat" attributes
efi: Don't issue error message when booted under Xen
kvm: async_pf: fix rcu_irq_enter() with irqs enabled
KVM: cpuid: Fix read/write out-of-bounds vulnerability in cpuid emulation
arm64: KVM: Preserve RES1 bits in SCTLR_EL2
arm64: KVM: Allow unaligned accesses at EL2
arm: KVM: Allow unaligned accesses at HYP
KVM: async_pf: avoid async pf injection when in guest mode
KVM: arm/arm64: vgic-v3: Do not use Active+Pending state for a HW interrupt
KVM: arm/arm64: vgic-v2: Do not use Active+Pending state for a HW interrupt
dmaengine: usb-dmac: Fix DMAOR AE bit definition
dmaengine: ep93xx: Always start from BASE0
dmaengine: ep93xx: Don't drain the transfers in terminate_all()
dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc() error properly
dmaengine: mv_xor_v2: properly handle wrapping in the array of HW descriptors
dmaengine: mv_xor_v2: do not use descriptors not acked by async_tx
dmaengine: mv_xor_v2: enable XOR engine after its configuration
dmaengine: mv_xor_v2: fix tx_submit() implementation
dmaengine: mv_xor_v2: remove interrupt coalescing
dmaengine: mv_xor_v2: set DMA mask to 40 bits
cfq-iosched: fix the delay of cfq_group's vdisktime under iops mode
xen/privcmd: Support correctly 64KB page granularity when mapping memory
ext4: fix SEEK_HOLE
ext4: keep existing extra fields when inode expands
ext4: fix data corruption with EXT4_GET_BLOCKS_ZERO
ext4: fix fdatasync(2) after extent manipulation operations
drm: Fix oops + Xserver hang when unplugging USB drm devices
usb: gadget: f_mass_storage: Serialize wake and sleep execution
usb: chipidea: udc: fix NULL pointer dereference if udc_start failed
usb: chipidea: debug: check before accessing ci_role
staging/lustre/lov: remove set_fs() call from lov_getstripe()
iio: adc: bcm_iproc_adc: swap primary and secondary isr handler's
iio: light: ltr501 Fix interchanged als/ps register field
iio: proximity: as3935: fix AS3935_INT mask
iio: proximity: as3935: fix iio_trigger_poll issue
mei: make sysfs modalias format similar as uevent modalias
cpufreq: cpufreq_register_driver() should return -ENODEV if init fails
target: Re-add check to reject control WRITEs with overflow data
drm/msm: Expose our reservation object when exporting a dmabuf.
ahci: Acer SA5-271 SSD Not Detected Fix
cgroup: Prevent kill_css() from being called more than once
Input: elantech - add Fujitsu Lifebook E546/E557 to force crc_enabled
cpuset: consider dying css as offline
fs: add i_blocksize()
ufs: restore proper tail allocation
fix ufs_isblockset()
ufs: restore maintaining ->i_blocks
ufs: set correct ->s_maxsize
ufs_extend_tail(): fix the braino in calling conventions of ufs_new_fragments()
ufs_getfrag_block(): we only grab ->truncate_mutex on block creation path
cxl: Fix error path on bad ioctl
cxl: Avoid double free_irq() for psl,slice interrupts
btrfs: use correct types for page indices in btrfs_page_exists_in_range
btrfs: fix memory leak in update_space_info failure path
KVM: arm/arm64: Handle possible NULL stage2 pud when ageing pages
scsi: qla2xxx: don't disable a not previously enabled PCI device
scsi: qla2xxx: Modify T262 FW dump template to specify same start/end to debug customer issues
scsi: qla2xxx: Set bit 15 for DIAG_ECHO_TEST MBC
scsi: qla2xxx: Fix mailbox pointer error in fwdump capture
powerpc/sysdev/simple_gpio: Fix oops in gpio save_regs function
powerpc/numa: Fix percpu allocations to be NUMA aware
powerpc/hotplug-mem: Fix missing endian conversion of aa_index
powerpc/kernel: Fix FP and vector register restoration
powerpc/kernel: Initialize load_tm on task creation
perf/core: Drop kernel samples even though :u is specified
drm/vmwgfx: Handle vmalloc() failure in vmw_local_fifo_reserve()
drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
drm/vmwgfx: Make sure backup_handle is always valid
drm/nouveau/tmr: fully separate alarm execution/pending lists
ALSA: timer: Fix race between read and ioctl
ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT
ASoC: Fix use-after-free at card unregistration
cpu/hotplug: Drop the device lock on error
drivers: char: mem: Fix wraparound check to allow mappings up to the end
serial: sh-sci: Fix panic when serial console and DMA are enabled
arm64: traps: fix userspace cache maintenance emulation on a tagged pointer
arm64: hw_breakpoint: fix watchpoint matching for tagged pointers
arm64: entry: improve data abort handling of tagged pointers
ARM: 8636/1: Cleanup sanity_check_meminfo
ARM: 8637/1: Adjust memory boundaries after reservations
usercopy: Adjust tests to deal with SMAP/PAN
drm/i915/vbt: don't propagate errors from intel_bios_init()
drm/i915/vbt: split out defaults that are set when there is no VBT
cpufreq: schedutil: move cached_raw_freq to struct sugov_policy
cpufreq: schedutil: Fix per-CPU structure initialization in sugov_start()
netfilter: nft_set_rbtree: handle element re-addition after deletion
Linux 4.9.32
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 47eb0c8b4d upstream.
The Lifebook E546 and E557 touchpad were also not functioning and
worked after running:
echo "1" > /sys/devices/platform/i8042/serio2/crc_enabled
Add them to the list of machines that need this workaround.
Signed-off-by: Ulrik De Bie <ulrik.debie-os@e2big.org>
Reviewed-by: Arjan Opmeer <arjan@opmeer.net>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.9.26:
Revert "mmc: sdhci-msm: Enable few quirks"
ping: implement proper locking
sparc64: kern_addr_valid regression
sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write()
net: neigh: guard against NULL solicit() method
net: phy: handle state correctly in phy_stop_machine
kcm: return immediately after copy_from_user() failure
bpf: improve verifier packet range checks
net/mlx5: Avoid dereferencing uninitialized pointer
l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6
l2tp: purge socket queues in the .destruct() callback
net/packet: fix overflow in check for tp_frame_nr
net/packet: fix overflow in check for tp_reserve
l2tp: take reference on sessions being dumped
l2tp: fix PPP pseudo-wire auto-loading
net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given
sctp: listen on the sock only when it's state is listening or closed
tcp: clear saved_syn in tcp_disconnect()
ipv6: Fix idev->addr_list corruption
net-timestamp: avoid use-after-free in ip_recv_error
net: vrf: Fix setting NLM_F_EXCL flag when adding l3mdev rule
sh_eth: unmap DMA buffers when freeing rings
dp83640: don't recieve time stamps twice
gso: Validate assumption of frag_list segementation
net: ipv6: RTF_PCPU should not be settable from userspace
netpoll: Check for skb->queue_mapping
ip6mr: fix notification device destruction
net/mlx5: Fix driver load bad flow when having fw initializing timeout
net/mlx5e: Fix small packet threshold
net/mlx5e: Fix ETHTOOL_GRXCLSRLALL handling
macvlan: Fix device ref leak when purging bc_queue
net: ipv6: regenerate host route if moved to gc list
net: phy: fix auto-negotiation stall due to unavailable interrupt
ipv6: check skb->protocol before lookup for nexthop
tcp: memset ca_priv data to 0 properly
ipv6: check raw payload size correctly in ioctl
ALSA: oxfw: fix regression to handle Stanton SCS.1m/1d
ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned type
ALSA: seq: Don't break snd_use_lock_sync() loop by timeout
ARC: [plat-eznps] Fix build error
MIPS: KGDB: Use kernel context for sleeping threads
MIPS: cevt-r4k: Fix out-of-bounds array access
MIPS: Avoid BUG warning in arch_check_elf
p9_client_readdir() fix
ASoC: intel: Fix PM and non-atomic crash in bytcr drivers
Input: i8042 - add Clevo P650RS to the i8042 reset list
nfsd: check for oversized NFSv2/v3 arguments
nfsd4: minor NFSv2/v3 write decoding cleanup
nfsd: stricter decoding of write-like NFSv2/v3 ops
ceph: fix recursion between ceph_set_acl() and __ceph_setattr()
macsec: avoid heap overflow in skb_to_sgvec
net: can: usb: gs_usb: Fix buffer on stack
ARCv2: save r30 on kernel entry as gcc uses it for code-gen
ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram
Linux 4.9.26
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 4.9.25:
KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
KEYS: Change the name of the dead type to ".dead" to prevent user access
KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
tracing: Allocate the snapshot buffer before enabling probe
ring-buffer: Have ring_buffer_iter_empty() return true when empty
mm: prevent NR_ISOLATE_* stats from going negative
cifs: Do not send echoes before Negotiate is complete
CIFS: remove bad_network_name flag
s390/mm: fix CMMA vs KSM vs others
Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled
ACPI / power: Avoid maybe-uninitialized warning
mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card
ubifs: Fix RENAME_WHITEOUT support
ubifs: Fix O_TMPFILE corner case in ubifs_link()
mac80211: reject ToDS broadcast data frames
mac80211: fix MU-MIMO follow-MAC mode
ubi/upd: Always flush after prepared for an update
powerpc/kprobe: Fix oops when kprobed on 'stdu' instruction
x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs
x86/mce: Make the MCE notifier a blocking one
device-dax: switch to srcu, fix rcu_read_lock() vs pte allocation
Linux 4.9.25
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 704de489e0 upstream.
Temporary got a Lifebook E547 into my hands and noticed the touchpad
only works after running:
echo "1" > /sys/devices/platform/i8042/serio2/crc_enabled
Add it to the list of machines that need this workaround.
Signed-off-by: Thorsten Leemhuis <linux@leemhuis.info>
Reviewed-by: Ulrik De Bie <ulrik.debie-os@e2big.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.9.24:
cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups
tcmu: Fix possible overwrite of t_data_sg's last iov[]
tcmu: Fix wrongly calculating of the base_command_size
tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case
thp: fix MADV_DONTNEED vs. MADV_FREE race
thp: fix MADV_DONTNEED vs clear soft dirty race
zsmalloc: expand class bit
orangefs: free superblock when mount fails
drm/nouveau/mpeg: mthd returns true on success now
drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one
drm/etnaviv: fix missing unlock on error in etnaviv_gpu_submit()
CIFS: reconnect thread reschedule itself
CIFS: store results of cifs_reopen_file to avoid infinite wait
Input: xpad - add support for Razer Wildcat gamepad
perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32()
x86/efi: Don't try to reserve runtime regions
x86/signals: Fix lower/upper bound reporting in compat siginfo
x86, pmem: fix broken __copy_user_nocache cache-bypass assumptions
x86/vdso: Ensure vdso32_enabled gets set to valid values only
x86/vdso: Plug race between mapping and ELF header setup
acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison)
ACPI / scan: Set the visited flag for all enumerated devices
parisc: fix bugs in pa_memcpy
efi/libstub: Skip GOP with PIXEL_BLT_ONLY format
efi/fb: Avoid reconfiguration of BAR that covers the framebuffer
iscsi-target: Fix TMR reference leak during session shutdown
iscsi-target: Drop work-around for legacy GlobalSAN initiator
scsi: sr: Sanity check returned mode data
scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable
scsi: qla2xxx: Add fix to read correct register value for ISP82xx.
scsi: sd: Fix capacity calculation with 32-bit sector_t
target: Avoid mappedlun symlink creation during lun shutdown
xen, fbfront: fix connecting to backend
new privimitive: iov_iter_revert()
make skb_copy_datagram_msg() et.al. preserve ->msg_iter on error
libnvdimm: fix blk free space accounting
libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat
can: ifi: use correct register to read rx status
pwm: rockchip: State of PWM clock should synchronize with PWM enabled state
cpufreq: Bring CPUs up even if cpufreq_online() failed
irqchip/irq-imx-gpcv2: Fix spinlock initialization
ftrace: Fix removing of second function probe
char: lack of bool string made CONFIG_DEVPORT always on
Revert "MIPS: Lantiq: Fix cascaded IRQ setup"
kvm: fix page struct leak in handle_vmon
zram: do not use copy_page with non-page aligned address
ftrace: Fix function pid filter on instances
crypto: algif_aead - Fix bogus request dereference in completion function
crypto: ahash - Fix EINPROGRESS notification callback
parisc: Fix get_user() for 64-bit value on 32-bit kernel
ath9k: fix NULL pointer dereference
dvb-usb-v2: avoid use-after-free
ext4: fix inode checksum calculation problem if i_extra_size is small
mm: memcontrol: use special workqueue for creating per-memcg caches
drm/nouveau/disp/mcp7x: disable dptmds workaround
nbd: use loff_t for blocksize and nbd_set_size args
nbd: fix 64-bit division
ASoC: Intel: select DW_DMAC_CORE since it's mandatory
platform/x86: acer-wmi: setup accelerometer when machine has appropriate notify event
x86/xen: Fix APIC id mismatch warning on Intel
ACPI / EC: Use busy polling mode when GPE is not enabled
rtc: tegra: Implement clock handling
mm: Tighten x86 /dev/mem with zeroing reads
dvb-usb: don't use stack for firmware load
dvb-usb-firmware: don't do DMA on stack
cxusb: Use a dma capable buffer also for reading
virtio-console: avoid DMA from stack
net: ipv6: check route protocol when deleting routes
sctp: deny peeloff operation on asocs with threads sleeping on it
Linux 4.9.24
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Changes in 4.9.22:
ppdev: check before attaching port
ppdev: fix registering same device name
drm/vmwgfx: Type-check lookups of fence objects
drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
drm/vmwgfx: avoid calling vzalloc with a 0 size in vmw_get_cap_3d_ioctl()
drm/ttm, drm/vmwgfx: Relax permission checking when opening surfaces
drm/vmwgfx: Remove getparam error message
drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
sysfs: be careful of error returns from ops->show()
staging: android: ashmem: lseek failed due to no FMODE_LSEEK.
arm/arm64: KVM: Take mmap_sem in stage2_unmap_vm
arm/arm64: KVM: Take mmap_sem in kvm_arch_prepare_memory_region
kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd
iio: bmg160: reset chip when probing
arm64: mm: unaligned access by user-land should be received as SIGBUS
cfg80211: check rdev resume callback only for registered wiphy
Reset TreeId to zero on SMB2 TREE_CONNECT
mm/page_alloc.c: fix print order in show_free_areas()
ptrace: fix PTRACE_LISTEN race corrupting task->state
dm verity fec: limit error correction recursion
dm verity fec: fix bufio leaks
ACPI / gpio: do not fall back to parsing _CRS when we get a deferral
Kbuild: use cc-disable-warning consistently for maybe-uninitialized
orangefs: move features validation to fix filesystem hang
xfs: Honor FALLOC_FL_KEEP_SIZE when punching ends of files
ring-buffer: Fix return value check in test_ringbuffer()
mac80211: unconditionally start new netdev queues with iTXQ support
brcmfmac: use local iftype avoiding use-after-free of virtual interface
metag/usercopy: Drop unused macros
metag/usercopy: Fix alignment error checking
metag/usercopy: Add early abort to copy_to_user
metag/usercopy: Zero rest of buffer from copy_from_user
metag/usercopy: Set flags before ADDZ
metag/usercopy: Fix src fixup in from user rapf loops
metag/usercopy: Add missing fixups
powerpc: Disable HFSCR[TM] if TM is not supported
powerpc/mm: Add missing global TLB invalidate if cxl is active
powerpc/64: Fix flush_(d|i)cache_range() called from modules
powerpc: Don't try to fix up misaligned load-with-reservation instructions
powerpc/crypto/crc32c-vpmsum: Fix missing preempt_disable()
dm raid: fix NULL pointer dereference for raid1 without bitmap
nios2: reserve boot memory for device tree
xtensa: make __pa work with uncached KSEG addresses
s390/decompressor: fix initrd corruption caused by bss clear
s390/uaccess: get_user() should zero on failure (again)
MIPS: Force o32 fp64 support on 32bit MIPS64r6 kernels
MIPS: ralink: Fix typos in rt3883 pinctrl
MIPS: End spinlocks with .insn
MIPS: Lantiq: fix missing xbar kernel panic
MIPS: Check TLB before handle_ri_rdhwr() for Loongson-3
MIPS: Add MIPS_CPU_FTLB for Loongson-3A R2
MIPS: Flush wrong invalid FTLB entry for huge page
MIPS: c-r4k: Fix Loongson-3's vcache/scache waysize calculation
Documentation: stable-kernel-rules: fix stable-tag format
mm/mempolicy.c: fix error handling in set_mempolicy and mbind.
random: use chacha20 for get_random_int/long
drm/sun4i: tcon: Move SoC specific quirks to a DT matched data structure
drm/sun4i: Add compatible strings for A31/A31s display pipelines
drm/sun4i: Add compatible string for A31/A31s TCON (timing controller)
clk: lpc32xx: add a quirk for PWM and MS clock dividers
HID: usbhid: Add quirks for Mayflash/Dragonrise GameCube and PS3 adapters
HID: i2c-hid: add a simple quirk to fix device defects
usb: dwc3: gadget: delay unmap of bounced requests
ASoC: Intel: bytct_rt5640: change default capture settings
arm64: dts: hisi: fix hip06 sas am-max-trans quirk
net/mlx4_core: Use device ID defines
clocksource/drivers/arm_arch_timer: Don't assume clock runs in suspend
scsi: ufs: introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk
HID: sensor-hub add quirk for Microsoft Surface 3
HID: sensor-hub: add quirk for Microchip MM7150
HID: multitouch: enable the Surface 3 Type Cover to report multitouch data
HID: multitouch: do not retrieve all reports for all devices
mmc: sdhci-msm: Enable few quirks
scsi: ufs: ensure that host pa_tactivate is higher than device
svcauth_gss: Close connection when dropping an incoming message
x86/intel_idle: Add CPU model 0x4a (Atom Z34xx series)
arm64: PCI: Manage controller-specific data on per-controller basis
arm64: PCI: Add local struct device pointers
PCI: thunder-pem: Factor out resource lookup
scsi: ufs: add quirk to increase host PA_SaveConfigTime
ALSA: usb-audio: add implicit fb quirk for Axe-Fx II
PCI: Expand "VPD access disabled" quirk message
ALSA: usb-audio: Add native DSD support for TEAC 501/503 DAC
platform/x86: acer-wmi: Only supports AMW0_GUID1 on acer family
nvme: simplify stripe quirk
ACPI / sysfs: Provide quirk mechanism to prevent GPE flooding
HID: usbhid: Add quirk for the Futaba TOSD-5711BB VFD
HID: usbhid: Add quirk for Mayflash/Dragonrise DolphinBar.
drm/edid: constify edid quirk list
drm/i915: fix INTEL_BDW_IDS definition
drm/i915: more .is_mobile cleanups for BDW
drm/i915: actually drive the BDW reserved IDs
ASoC: Intel: bytcr_rt5640: quirks for Insyde devices
scsi: ufs: introduce a new ufshcd_statea UFSHCD_STATE_EH_SCHEDULED
scsi: ufs: issue link starup 2 times if device isn't active
usb: chipidea: msm: Rely on core to override AHBBURST
serial: 8250_omap: Add OMAP_DMA_TX_KICK quirk for AM437x
Input: gpio_keys - add support for GPIO descriptors
ARM: davinci: PM: support da8xx DT platforms
usb: xhci: add quirk flag for broken PED bits
usb: host: xhci-plat: enable BROKEN_PED quirk if platform requested
usb: dwc3: host: pass quirk-broken-port-ped property for known broken revisions
drm/mga: remove device_is_agp callback
ARM: dts: STiH407-family: set snps,dis_u3_susphy_quirk
PCI: Add ACS quirk for Intel Union Point
sata: ahci-da850: implement a workaround for the softreset quirk
ACPI / button: Change default behavior to lid_init_state=open
ASoC: rt5670: Add missing 10EC5072 ACPI ID
ASoC: codecs: rt5670: add quirk for Lenovo Thinkpad 10
ASoC: Intel: Baytrail: add quirk for Lenovo Thinkpad 10
ASoC: Intel: cht_bsw_rt5645: harden ACPI device detection
ASoC: Intel: cht_bsw_rt5645: add Baytrail MCLK support
ACPI: save NVS memory for Lenovo G50-45
ASoC: sun4i-i2s: Add quirks to handle a31 compatible
HID: wacom: don't apply generic settings to old devices
arm: kernel: Add SMC structure parameter
firmware: qcom: scm: Fix interrupted SCM calls
drm/msm/adreno: move function declarations to header file
ARM: smccc: Update HVC comment to describe new quirk parameter
PCI: Add Broadcom Northstar2 PAXC quirk for device class and MPSS
PCI: Disable MSI for HiSilicon Hip06/Hip07 Root Ports
mmc: sdhci-of-esdhc: remove default broken-cd for ARM
PCI: Sort the list of devices with D3 delay quirk by ID
PCI: Add ACS quirk for Qualcomm QDF2400 and QDF2432
watchdog: s3c2410: Fix infinite interrupt in soft mode
platform/x86: asus-wmi: Set specified XUSB2PR value for X550LB
platform/x86: asus-wmi: Detect quirk_no_rfkill from the DSDT
x86/reboot/quirks: Add ASUS EeeBook X205TA reboot quirk
x86/reboot/quirks: Add ASUS EeeBook X205TA/W reboot quirk
usb-storage: Add ignore-residue quirk for Initio INIC-3619
x86/reboot/quirks: Fix typo in ASUS EeeBook X205TA reboot quirk
Linux 4.9.22
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 5feeca3c1e ]
GPIO descriptors are the preferred way over legacy GPIO numbers
nowadays. Convert the driver to use GPIO descriptors internally but
still allow passing legacy GPIO numbers from platform data to support
existing platforms.
Based on commits 633a21d80b ("input: gpio_keys_polled: Add support
for GPIO descriptors") and 1ae5ddb6f8 ("Input: gpio_keys_polled -
request GPIO pin as input.").
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Tested-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changes in 4.9.19:
net/openvswitch: Set the ipv6 source tunnel key address attribute correctly
net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled
net: properly release sk_frag.page
amd-xgbe: Fix jumbo MTU processing on newer hardware
openvswitch: Add missing case OVS_TUNNEL_KEY_ATTR_PAD
net: unix: properly re-increment inflight counter of GC discarded candidates
qmi_wwan: add Dell DW5811e
net: vrf: Reset rt6i_idev in local dst after put
net/mlx5: Add missing entries for set/query rate limit commands
net/mlx5e: Use the proper UAPI values when offloading TC vlan actions
net/mlx5: Increase number of max QPs in default profile
net/mlx5e: Count GSO packets correctly
net/mlx5e: Count LRO packets correctly
ipv6: make sure to initialize sockc.tsflags before first use
net: bcmgenet: remove bcmgenet_internal_phy_setup()
ipv4: provide stronger user input validation in nl_fib_input()
socket, bpf: fix sk_filter use after free in sk_clone_lock
tcp: initialize icsk_ack.lrcvtime at session start time
Input: ALPS - fix V8+ protocol handling (73 03 28)
Input: ALPS - fix trackstick button handling on V8 devices
Input: elan_i2c - add ASUS EeeBook X205TA special touchpad fw
Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000
Input: iforce - validate number of endpoints before using them
Input: ims-pcu - validate number of endpoints before using them
Input: hanwang - validate number of endpoints before using them
Input: yealink - validate number of endpoints before using them
Input: cm109 - validate number of endpoints before using them
Input: kbtab - validate number of endpoints before using them
Input: sur40 - validate number of endpoints before using them
ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
ALSA: hda - Adding a group of pin definition to fix headset problem
USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems
USB: serial: qcserial: add Dell DW5811e
ACM gadget: fix endianness in notifications
usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval
usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk
USB: uss720: fix NULL-deref at probe
USB: lvtest: fix NULL-deref at probe
USB: idmouse: fix NULL-deref at probe
USB: wusbcore: fix NULL-deref at probe
usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer
usb: hub: Fix crash after failure to read BOS descriptor
USB: usbtmc: add missing endpoint sanity check
USB: usbtmc: fix probe error path
uwb: i1480-dfu: fix NULL-deref at probe
uwb: hwa-rc: fix NULL-deref at probe
mmc: ushc: fix NULL-deref at probe
iio: adc: ti_am335x_adc: fix fifo overrun recovery
iio: sw-device: Fix config group initialization
iio: hid-sensor-trigger: Change get poll value function order to avoid sensor properties losing after resume from S3
iio: magnetometer: ak8974: remove incorrect __exit markups
parport: fix attempt to write duplicate procfiles
ext4: mark inode dirty after converting inline directory
ext4: lock the xattr block before checksuming it
powerpc/64s: Fix idle wakeup potential to clobber registers
mmc: sdhci-of-at91: Support external regulators
mmc: sdhci-of-arasan: fix incorrect timeout clock
mmc: sdhci: Do not disable interrupts while waiting for clock
mmc: sdhci-pci: Do not disable interrupts in sdhci_intel_set_power
hwrng: amd - Revert managed API changes
hwrng: geode - Revert managed API changes
clk: sunxi-ng: sun6i: Fix enable bit offset for hdmi-ddc module clock
clk: sunxi-ng: mp: Adjust parent rate for pre-dividers
mwifiex: pcie: don't leak DMA buffers when removing
crypto: ccp - Assign DMA commands to the channel's CCP
xen/acpi: upload PM state from init-domain to Xen
iommu/vt-d: Fix NULL pointer dereference in device_to_iommu
Revert "ARM: at91/dt: sama5d2: Use new compatible for ohci node"
ARM: at91: pm: cpu_idle: switch DDR to power-down mode
arm64: kaslr: Fix up the kernel image alignment
cpufreq: Restore policy min/max limits on CPU online
cgroup, net_cls: iterate the fds of only the tasks which are being migrated
blk-mq: don't complete un-started request in timeout handler
drm/amdgpu: reinstate oland workaround for sclk
auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches
jbd2: don't leak memory if setting up journal fails
intel_th: Don't leak module refcount on failure to activate
Drivers: hv: vmbus: Don't leak channel ids
Drivers: hv: vmbus: Don't leak memory when a channel is rescinded
libceph: don't set weight to IN when OSD is destroyed
device-dax: fix pmd/pte fault fallback handling
drm/bridge: analogix dp: Fix runtime PM state on driver bind
nl80211: fix dumpit error path RTNL deadlocks
drm: reference count event->completion
fbcon: Fix vc attr at deinit
crypto: algif_hash - avoid zero-sized array
Linux 4.9.19
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 92461f5d72 upstream.
Make sure to check the number of endpoints to avoid dereferencing a
NULL-pointer or accessing memory that lie beyond the end of the endpoint
array should a malicious device lack the expected endpoints.
Fixes: bdb5c57f20 ("Input: add sur40 driver for Samsung SUR40... ")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit cb1b494663 upstream.
Make sure to check the number of endpoints to avoid dereferencing a
NULL-pointer should a malicious device lack endpoints.
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ac2ee9ba95 upstream.
Make sure to check the number of endpoints to avoid dereferencing a
NULL-pointer should a malicious device lack endpoints.
Fixes: c04148f915 ("Input: add driver for USB VoIP phones with CM109...")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5cc4a1a9f5 upstream.
Make sure to check the number of endpoints to avoid dereferencing a
NULL-pointer should a malicious device lack endpoints.
Fixes: aca951a22a ("[PATCH] input-driver-yealink-P1K-usb-phone")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ba340d7b83 upstream.
Make sure to check the number of endpoints to avoid dereferencing a
NULL-pointer should a malicious device lack endpoints.
Fixes: bba5394ad3 ("Input: add support for Hanwang tablets")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1916d31927 upstream.
Make sure to check the number of endpoints to avoid dereferencing a
NULL-pointer should a malicious device lack control-interface endpoints.
Fixes: 628329d524 ("Input: add IMS Passenger Control Unit driver")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 59cf8bed44 upstream.
Make sure to check the number of endpoints to avoid dereferencing a
NULL-pointer or accessing memory that lie beyond the end of the endpoint
array should a malicious device lack the expected endpoints.
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 92ef6f97a6 upstream.
EeeBook X205TA is yet another ASUS device with a special touchpad
firmware that needs to be accounted for during initialization, or
else the touchpad will go into an invalid state upon suspend/resume.
Adding the appropriate ic_type and product_id check fixes the problem.
Signed-off-by: Matjaz Hegedic <matjaz.hegedic@gmail.com>
Acked-by: KT Liao <kt.liao@emc.com.tw>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
