<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/hid, branch v4.9.334</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>HID: hyperv: fix possible memory leak in mousevsc_probe()</title>
<updated>2022-11-25T16:35:35+00:00</updated>
<author>
<name>Yang Yingliang</name>
<email>yangyingliang@huawei.com</email>
</author>
<published>2022-10-28T13:40:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ed75d1a1c31a0cae8ecc8bcea710b25c0be68da0'/>
<id>ed75d1a1c31a0cae8ecc8bcea710b25c0be68da0</id>
<content type='text'>
[ Upstream commit b5bcb94b0954a026bbd671741fdb00e7141f9c91 ]

If hid_add_device() returns error, it should call hid_destroy_device()
to free hid_dev which is allocated in hid_allocate_device().

Fixes: 74c4fb058083 ("HID: hv_mouse: Properly add the hid device")
Signed-off-by: Yang Yingliang &lt;yangyingliang@huawei.com&gt;
Reviewed-by: Wei Liu &lt;wei.liu@kernel.org&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit b5bcb94b0954a026bbd671741fdb00e7141f9c91 ]

If hid_add_device() returns error, it should call hid_destroy_device()
to free hid_dev which is allocated in hid_allocate_device().

Fixes: 74c4fb058083 ("HID: hv_mouse: Properly add the hid device")
Signed-off-by: Yang Yingliang &lt;yangyingliang@huawei.com&gt;
Reviewed-by: Wei Liu &lt;wei.liu@kernel.org&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>HID: magicmouse: Do not set BTN_MOUSE on double report</title>
<updated>2022-11-03T14:49:15+00:00</updated>
<author>
<name>José Expósito</name>
<email>jose.exposito89@gmail.com</email>
</author>
<published>2022-10-09T18:27:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=45e38311fde5b3f362fd865143b880575edc2254'/>
<id>45e38311fde5b3f362fd865143b880575edc2254</id>
<content type='text'>
[ Upstream commit bb5f0c855dcfc893ae5ed90e4c646bde9e4498bf ]

Under certain conditions the Magic Trackpad can group 2 reports in a
single packet. The packet is split and the raw event function is
invoked recursively for each part.

However, after processing each part, the BTN_MOUSE status is updated,
sending multiple click events. [1]

Return after processing double reports to avoid this issue.

Link: https://gitlab.freedesktop.org/libinput/libinput/-/issues/811  # [1]
Fixes: a462230e16ac ("HID: magicmouse: enable Magic Trackpad support")
Reported-by: Nulo &lt;git@nulo.in&gt;
Signed-off-by: José Expósito &lt;jose.exposito89@gmail.com&gt;
Signed-off-by: Benjamin Tissoires &lt;benjamin.tissoires@redhat.com&gt;
Link: https://lore.kernel.org/r/20221009182747.90730-1-jose.exposito89@gmail.com
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit bb5f0c855dcfc893ae5ed90e4c646bde9e4498bf ]

Under certain conditions the Magic Trackpad can group 2 reports in a
single packet. The packet is split and the raw event function is
invoked recursively for each part.

However, after processing each part, the BTN_MOUSE status is updated,
sending multiple click events. [1]

Return after processing double reports to avoid this issue.

Link: https://gitlab.freedesktop.org/libinput/libinput/-/issues/811  # [1]
Fixes: a462230e16ac ("HID: magicmouse: enable Magic Trackpad support")
Reported-by: Nulo &lt;git@nulo.in&gt;
Signed-off-by: José Expósito &lt;jose.exposito89@gmail.com&gt;
Signed-off-by: Benjamin Tissoires &lt;benjamin.tissoires@redhat.com&gt;
Link: https://lore.kernel.org/r/20221009182747.90730-1-jose.exposito89@gmail.com
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>HID: roccat: Fix use-after-free in roccat_read()</title>
<updated>2022-10-26T11:15:47+00:00</updated>
<author>
<name>Hyunwoo Kim</name>
<email>imv4bel@gmail.com</email>
</author>
<published>2022-09-04T19:31:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=84607bd3a8542b84b450d19a3579172f96c2bb47'/>
<id>84607bd3a8542b84b450d19a3579172f96c2bb47</id>
<content type='text'>
[ Upstream commit cacdb14b1c8d3804a3a7d31773bc7569837b71a4 ]

roccat_report_event() is responsible for registering
roccat-related reports in struct roccat_device.

int roccat_report_event(int minor, u8 const *data)
{
	struct roccat_device *device;
	struct roccat_reader *reader;
	struct roccat_report *report;
	uint8_t *new_value;

	device = devices[minor];

	new_value = kmemdup(data, device-&gt;report_size, GFP_ATOMIC);
	if (!new_value)
		return -ENOMEM;

	report = &amp;device-&gt;cbuf[device-&gt;cbuf_end];

	/* passing NULL is safe */
	kfree(report-&gt;value);
	...

The registered report is stored in the struct roccat_device member
"struct roccat_report cbuf[ROCCAT_CBUF_SIZE];".
If more reports are received than the "ROCCAT_CBUF_SIZE" value,
kfree() the saved report from cbuf[0] and allocates a new reprot.
Since there is no lock when this kfree() is performed,
kfree() can be performed even while reading the saved report.

static ssize_t roccat_read(struct file *file, char __user *buffer,
		size_t count, loff_t *ppos)
{
	struct roccat_reader *reader = file-&gt;private_data;
	struct roccat_device *device = reader-&gt;device;
	struct roccat_report *report;
	ssize_t retval = 0, len;
	DECLARE_WAITQUEUE(wait, current);

	mutex_lock(&amp;device-&gt;cbuf_lock);

	...

	report = &amp;device-&gt;cbuf[reader-&gt;cbuf_start];
	/*
	 * If report is larger than requested amount of data, rest of report
	 * is lost!
	 */
	len = device-&gt;report_size &gt; count ? count : device-&gt;report_size;

	if (copy_to_user(buffer, report-&gt;value, len)) {
		retval = -EFAULT;
		goto exit_unlock;
	}
	...

The roccat_read() function receives the device-&gt;cbuf report and
delivers it to the user through copy_to_user().
If the N+ROCCAT_CBUF_SIZE th report is received while copying of
the Nth report-&gt;value is in progress, the pointer that copy_to_user()
is working on is kfree()ed and UAF read may occur. (race condition)

Since the device node of this driver does not set separate permissions,
this is not a security vulnerability, but because it is used for
requesting screen display of profile or dpi settings,
a user using the roccat device can apply udev to this device node or
There is a possibility to use it by giving.

Signed-off-by: Hyunwoo Kim &lt;imv4bel@gmail.com&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit cacdb14b1c8d3804a3a7d31773bc7569837b71a4 ]

roccat_report_event() is responsible for registering
roccat-related reports in struct roccat_device.

int roccat_report_event(int minor, u8 const *data)
{
	struct roccat_device *device;
	struct roccat_reader *reader;
	struct roccat_report *report;
	uint8_t *new_value;

	device = devices[minor];

	new_value = kmemdup(data, device-&gt;report_size, GFP_ATOMIC);
	if (!new_value)
		return -ENOMEM;

	report = &amp;device-&gt;cbuf[device-&gt;cbuf_end];

	/* passing NULL is safe */
	kfree(report-&gt;value);
	...

The registered report is stored in the struct roccat_device member
"struct roccat_report cbuf[ROCCAT_CBUF_SIZE];".
If more reports are received than the "ROCCAT_CBUF_SIZE" value,
kfree() the saved report from cbuf[0] and allocates a new reprot.
Since there is no lock when this kfree() is performed,
kfree() can be performed even while reading the saved report.

static ssize_t roccat_read(struct file *file, char __user *buffer,
		size_t count, loff_t *ppos)
{
	struct roccat_reader *reader = file-&gt;private_data;
	struct roccat_device *device = reader-&gt;device;
	struct roccat_report *report;
	ssize_t retval = 0, len;
	DECLARE_WAITQUEUE(wait, current);

	mutex_lock(&amp;device-&gt;cbuf_lock);

	...

	report = &amp;device-&gt;cbuf[reader-&gt;cbuf_start];
	/*
	 * If report is larger than requested amount of data, rest of report
	 * is lost!
	 */
	len = device-&gt;report_size &gt; count ? count : device-&gt;report_size;

	if (copy_to_user(buffer, report-&gt;value, len)) {
		retval = -EFAULT;
		goto exit_unlock;
	}
	...

The roccat_read() function receives the device-&gt;cbuf report and
delivers it to the user through copy_to_user().
If the N+ROCCAT_CBUF_SIZE th report is received while copying of
the Nth report-&gt;value is in progress, the pointer that copy_to_user()
is working on is kfree()ed and UAF read may occur. (race condition)

Since the device node of this driver does not set separate permissions,
this is not a security vulnerability, but because it is used for
requesting screen display of profile or dpi settings,
a user using the roccat device can apply udev to this device node or
There is a possibility to use it by giving.

Signed-off-by: Hyunwoo Kim &lt;imv4bel@gmail.com&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo</title>
<updated>2022-09-20T09:50:15+00:00</updated>
<author>
<name>Jason Wang</name>
<email>wangborong@cdjrlc.com</email>
</author>
<published>2022-08-04T00:58:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=cacdc222f2a729c18d2ddd2be136c7259f02d6d3'/>
<id>cacdc222f2a729c18d2ddd2be136c7259f02d6d3</id>
<content type='text'>
[ Upstream commit 94553f8a218540d676efbf3f7827ed493d1057cf ]

The double `like' is duplicated in the comment, remove one.

Signed-off-by: Jason Wang &lt;wangborong@cdjrlc.com&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 94553f8a218540d676efbf3f7827ed493d1057cf ]

The double `like' is duplicated in the comment, remove one.

Signed-off-by: Jason Wang &lt;wangborong@cdjrlc.com&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>HID: hidraw: fix memory leak in hidraw_release()</title>
<updated>2022-09-05T08:23:57+00:00</updated>
<author>
<name>Karthik Alapati</name>
<email>mail@karthek.com</email>
</author>
<published>2022-07-28T15:43:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1bea0bbf66001b0c7bf239a4d70eaf47824d3feb'/>
<id>1bea0bbf66001b0c7bf239a4d70eaf47824d3feb</id>
<content type='text'>
commit a5623a203cffe2d2b84d2f6c989d9017db1856af upstream.

Free the buffered reports before deleting the list entry.

BUG: memory leak
unreferenced object 0xffff88810e72f180 (size 32):
  comm "softirq", pid 0, jiffies 4294945143 (age 16.080s)
  hex dump (first 32 bytes):
    64 f3 c6 6a d1 88 07 04 00 00 00 00 00 00 00 00  d..j............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [&lt;ffffffff814ac6c3&gt;] kmemdup+0x23/0x50 mm/util.c:128
    [&lt;ffffffff8357c1d2&gt;] kmemdup include/linux/fortify-string.h:440 [inline]
    [&lt;ffffffff8357c1d2&gt;] hidraw_report_event+0xa2/0x150 drivers/hid/hidraw.c:521
    [&lt;ffffffff8356ddad&gt;] hid_report_raw_event+0x27d/0x740 drivers/hid/hid-core.c:1992
    [&lt;ffffffff8356e41e&gt;] hid_input_report+0x1ae/0x270 drivers/hid/hid-core.c:2065
    [&lt;ffffffff835f0d3f&gt;] hid_irq_in+0x1ff/0x250 drivers/hid/usbhid/hid-core.c:284
    [&lt;ffffffff82d3c7f9&gt;] __usb_hcd_giveback_urb+0xf9/0x230 drivers/usb/core/hcd.c:1670
    [&lt;ffffffff82d3cc26&gt;] usb_hcd_giveback_urb+0x1b6/0x1d0 drivers/usb/core/hcd.c:1747
    [&lt;ffffffff82ef1e14&gt;] dummy_timer+0x8e4/0x14c0 drivers/usb/gadget/udc/dummy_hcd.c:1988
    [&lt;ffffffff812f50a8&gt;] call_timer_fn+0x38/0x200 kernel/time/timer.c:1474
    [&lt;ffffffff812f5586&gt;] expire_timers kernel/time/timer.c:1519 [inline]
    [&lt;ffffffff812f5586&gt;] __run_timers.part.0+0x316/0x430 kernel/time/timer.c:1790
    [&lt;ffffffff812f56e4&gt;] __run_timers kernel/time/timer.c:1768 [inline]
    [&lt;ffffffff812f56e4&gt;] run_timer_softirq+0x44/0x90 kernel/time/timer.c:1803
    [&lt;ffffffff848000e6&gt;] __do_softirq+0xe6/0x2ea kernel/softirq.c:571
    [&lt;ffffffff81246db0&gt;] invoke_softirq kernel/softirq.c:445 [inline]
    [&lt;ffffffff81246db0&gt;] __irq_exit_rcu kernel/softirq.c:650 [inline]
    [&lt;ffffffff81246db0&gt;] irq_exit_rcu+0xc0/0x110 kernel/softirq.c:662
    [&lt;ffffffff84574f02&gt;] sysvec_apic_timer_interrupt+0xa2/0xd0 arch/x86/kernel/apic/apic.c:1106
    [&lt;ffffffff84600c8b&gt;] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649
    [&lt;ffffffff8458a070&gt;] native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
    [&lt;ffffffff8458a070&gt;] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
    [&lt;ffffffff8458a070&gt;] acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]
    [&lt;ffffffff8458a070&gt;] acpi_idle_do_entry+0xc0/0xd0 drivers/acpi/processor_idle.c:554

Link: https://syzkaller.appspot.com/bug?id=19a04b43c75ed1092021010419b5e560a8172c4f
Reported-by: syzbot+f59100a0428e6ded9443@syzkaller.appspotmail.com
Signed-off-by: Karthik Alapati &lt;mail@karthek.com&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit a5623a203cffe2d2b84d2f6c989d9017db1856af upstream.

Free the buffered reports before deleting the list entry.

BUG: memory leak
unreferenced object 0xffff88810e72f180 (size 32):
  comm "softirq", pid 0, jiffies 4294945143 (age 16.080s)
  hex dump (first 32 bytes):
    64 f3 c6 6a d1 88 07 04 00 00 00 00 00 00 00 00  d..j............
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace:
    [&lt;ffffffff814ac6c3&gt;] kmemdup+0x23/0x50 mm/util.c:128
    [&lt;ffffffff8357c1d2&gt;] kmemdup include/linux/fortify-string.h:440 [inline]
    [&lt;ffffffff8357c1d2&gt;] hidraw_report_event+0xa2/0x150 drivers/hid/hidraw.c:521
    [&lt;ffffffff8356ddad&gt;] hid_report_raw_event+0x27d/0x740 drivers/hid/hid-core.c:1992
    [&lt;ffffffff8356e41e&gt;] hid_input_report+0x1ae/0x270 drivers/hid/hid-core.c:2065
    [&lt;ffffffff835f0d3f&gt;] hid_irq_in+0x1ff/0x250 drivers/hid/usbhid/hid-core.c:284
    [&lt;ffffffff82d3c7f9&gt;] __usb_hcd_giveback_urb+0xf9/0x230 drivers/usb/core/hcd.c:1670
    [&lt;ffffffff82d3cc26&gt;] usb_hcd_giveback_urb+0x1b6/0x1d0 drivers/usb/core/hcd.c:1747
    [&lt;ffffffff82ef1e14&gt;] dummy_timer+0x8e4/0x14c0 drivers/usb/gadget/udc/dummy_hcd.c:1988
    [&lt;ffffffff812f50a8&gt;] call_timer_fn+0x38/0x200 kernel/time/timer.c:1474
    [&lt;ffffffff812f5586&gt;] expire_timers kernel/time/timer.c:1519 [inline]
    [&lt;ffffffff812f5586&gt;] __run_timers.part.0+0x316/0x430 kernel/time/timer.c:1790
    [&lt;ffffffff812f56e4&gt;] __run_timers kernel/time/timer.c:1768 [inline]
    [&lt;ffffffff812f56e4&gt;] run_timer_softirq+0x44/0x90 kernel/time/timer.c:1803
    [&lt;ffffffff848000e6&gt;] __do_softirq+0xe6/0x2ea kernel/softirq.c:571
    [&lt;ffffffff81246db0&gt;] invoke_softirq kernel/softirq.c:445 [inline]
    [&lt;ffffffff81246db0&gt;] __irq_exit_rcu kernel/softirq.c:650 [inline]
    [&lt;ffffffff81246db0&gt;] irq_exit_rcu+0xc0/0x110 kernel/softirq.c:662
    [&lt;ffffffff84574f02&gt;] sysvec_apic_timer_interrupt+0xa2/0xd0 arch/x86/kernel/apic/apic.c:1106
    [&lt;ffffffff84600c8b&gt;] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:649
    [&lt;ffffffff8458a070&gt;] native_safe_halt arch/x86/include/asm/irqflags.h:51 [inline]
    [&lt;ffffffff8458a070&gt;] arch_safe_halt arch/x86/include/asm/irqflags.h:89 [inline]
    [&lt;ffffffff8458a070&gt;] acpi_safe_halt drivers/acpi/processor_idle.c:111 [inline]
    [&lt;ffffffff8458a070&gt;] acpi_idle_do_entry+0xc0/0xd0 drivers/acpi/processor_idle.c:554

Link: https://syzkaller.appspot.com/bug?id=19a04b43c75ed1092021010419b5e560a8172c4f
Reported-by: syzbot+f59100a0428e6ded9443@syzkaller.appspotmail.com
Signed-off-by: Karthik Alapati &lt;mail@karthek.com&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>HID: hid-led: fix maximum brightness for Dream Cheeky</title>
<updated>2022-06-14T14:52:31+00:00</updated>
<author>
<name>Jonathan Teh</name>
<email>jonathan.teh@outlook.com</email>
</author>
<published>2022-03-13T19:48:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=dce87f324348c4e5883ee2d0363aeb964e4fedfc'/>
<id>dce87f324348c4e5883ee2d0363aeb964e4fedfc</id>
<content type='text'>
[ Upstream commit 116c3f4a78ebe478d5ad5a038baf931e93e7d748 ]

Increase maximum brightness for Dream Cheeky to 63. Emperically
determined based on testing in kernel 4.4 on this device:

Bus 003 Device 002: ID 1d34:0004 Dream Cheeky Webmail Notifier

Fixes: 6c7ad07e9e05 ("HID: migrate USB LED driver from usb misc to hid")
Signed-off-by: Jonathan Teh &lt;jonathan.teh@outlook.com&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 116c3f4a78ebe478d5ad5a038baf931e93e7d748 ]

Increase maximum brightness for Dream Cheeky to 63. Emperically
determined based on testing in kernel 4.4 on this device:

Bus 003 Device 002: ID 1d34:0004 Dream Cheeky Webmail Notifier

Fixes: 6c7ad07e9e05 ("HID: migrate USB LED driver from usb misc to hid")
Signed-off-by: Jonathan Teh &lt;jonathan.teh@outlook.com&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports</title>
<updated>2022-04-20T07:06:34+00:00</updated>
<author>
<name>Dmitry Torokhov</name>
<email>dmitry.torokhov@gmail.com</email>
</author>
<published>2022-01-18T07:26:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=68bcc48c54f65829bef50eb0665ea19b04b97559'/>
<id>68bcc48c54f65829bef50eb0665ea19b04b97559</id>
<content type='text'>
[ Upstream commit a5e5e03e94764148a01757b2fa4737d3445c13a6 ]

Internally kernel prepends all report buffers, for both numbered and
unnumbered reports, with report ID, therefore to properly handle unnumbered
reports we should prepend it ourselves.

For the same reason we should skip the first byte of the buffer when
calling i2c_hid_set_or_send_report() which then will take care of properly
formatting the transfer buffer based on its separate report ID argument
along with report payload.

[jkosina@suse.cz: finalize trimmed sentence in changelog as spotted by Benjamin]
Fixes: 9b5a9ae88573 ("HID: i2c-hid: implement ll_driver transport-layer callbacks")
Signed-off-by: Dmitry Torokhov &lt;dmitry.torokhov@gmail.com&gt;
Tested-by: Benjamin Tissoires &lt;benjamin.tissoires@redhat.com&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit a5e5e03e94764148a01757b2fa4737d3445c13a6 ]

Internally kernel prepends all report buffers, for both numbered and
unnumbered reports, with report ID, therefore to properly handle unnumbered
reports we should prepend it ourselves.

For the same reason we should skip the first byte of the buffer when
calling i2c_hid_set_or_send_report() which then will take care of properly
formatting the transfer buffer based on its separate report ID argument
along with report payload.

[jkosina@suse.cz: finalize trimmed sentence in changelog as spotted by Benjamin]
Fixes: 9b5a9ae88573 ("HID: i2c-hid: implement ll_driver transport-layer callbacks")
Signed-off-by: Dmitry Torokhov &lt;dmitry.torokhov@gmail.com&gt;
Tested-by: Benjamin Tissoires &lt;benjamin.tissoires@redhat.com&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>HID: add mapping for KEY_ALL_APPLICATIONS</title>
<updated>2022-03-08T18:00:59+00:00</updated>
<author>
<name>William Mahon</name>
<email>wmahon@chromium.org</email>
</author>
<published>2022-03-04T02:26:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=625818d1607cdb42a351958ac5079e5eeec4f0e6'/>
<id>625818d1607cdb42a351958ac5079e5eeec4f0e6</id>
<content type='text'>
commit 327b89f0acc4c20a06ed59e4d9af7f6d804dc2e2 upstream.

This patch adds a new key definition for KEY_ALL_APPLICATIONS
and aliases KEY_DASHBOARD to it.

It also maps the 0x0c/0x2a2 usage code to KEY_ALL_APPLICATIONS.

Signed-off-by: William Mahon &lt;wmahon@chromium.org&gt;
Acked-by: Benjamin Tissoires &lt;benjamin.tissoires@redhat.com&gt;
Link: https://lore.kernel.org/r/20220303035618.1.I3a7746ad05d270161a18334ae06e3b6db1a1d339@changeid
Signed-off-by: Dmitry Torokhov &lt;dmitry.torokhov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 327b89f0acc4c20a06ed59e4d9af7f6d804dc2e2 upstream.

This patch adds a new key definition for KEY_ALL_APPLICATIONS
and aliases KEY_DASHBOARD to it.

It also maps the 0x0c/0x2a2 usage code to KEY_ALL_APPLICATIONS.

Signed-off-by: William Mahon &lt;wmahon@chromium.org&gt;
Acked-by: Benjamin Tissoires &lt;benjamin.tissoires@redhat.com&gt;
Link: https://lore.kernel.org/r/20220303035618.1.I3a7746ad05d270161a18334ae06e3b6db1a1d339@changeid
Signed-off-by: Dmitry Torokhov &lt;dmitry.torokhov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>HID: wacom: add USB_HID dependency</title>
<updated>2022-02-16T11:43:55+00:00</updated>
<author>
<name>Arnd Bergmann</name>
<email>arnd@arndb.de</email>
</author>
<published>2017-07-28T13:18:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=47e529da055fd8012dbbc322f34c9ad38c6369e1'/>
<id>47e529da055fd8012dbbc322f34c9ad38c6369e1</id>
<content type='text'>
commit 9d14201c7444bbdf89413e88d91b73150c3de38b upstream.

The driver has gained a compile-time dependency that we should
express in Kconfig to avoid this link error:

drivers/hid/wacom_sys.o: In function `wacom_parse_and_register':
wacom_sys.c:(.text+0x2eec): undefined reference to `usb_hid_driver'

Fixes: 09dc28acaec7 ("HID: wacom: Improve generic name generation")
Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Cc: Jason Self &lt;jason@bluehome.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 9d14201c7444bbdf89413e88d91b73150c3de38b upstream.

The driver has gained a compile-time dependency that we should
express in Kconfig to avoid this link error:

drivers/hid/wacom_sys.o: In function `wacom_parse_and_register':
wacom_sys.c:(.text+0x2eec): undefined reference to `usb_hid_driver'

Fixes: 09dc28acaec7 ("HID: wacom: Improve generic name generation")
Signed-off-by: Arnd Bergmann &lt;arnd@arndb.de&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Cc: Jason Self &lt;jason@bluehome.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>HID: apple: Do not reset quirks when the Fn key is not found</title>
<updated>2022-01-27T07:47:36+00:00</updated>
<author>
<name>José Expósito</name>
<email>jose.exposito89@gmail.com</email>
</author>
<published>2021-11-18T07:29:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=02191c9fb0fa4baa64ce5cef8488ddc5d6df0282'/>
<id>02191c9fb0fa4baa64ce5cef8488ddc5d6df0282</id>
<content type='text'>
[ Upstream commit a5fe7864d8ada170f19cc47d176bf8260ffb4263 ]

When a keyboard without a function key is detected, instead of removing
all quirks, remove only the APPLE_HAS_FN quirk.

Signed-off-by: José Expósito &lt;jose.exposito89@gmail.com&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit a5fe7864d8ada170f19cc47d176bf8260ffb4263 ]

When a keyboard without a function key is detected, instead of removing
all quirks, remove only the APPLE_HAS_FN quirk.

Signed-off-by: José Expósito &lt;jose.exposito89@gmail.com&gt;
Signed-off-by: Jiri Kosina &lt;jkosina@suse.cz&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
