Update / add upstream kernel patches and ajdust configs

config/kernel/linux-meson-legacy.config

@@ -980,7 +980,7 @@ CONFIG_TCP_CONG_HTCP=m
 # CONFIG_TCP_CONG_ILLINOIS is not set
 # CONFIG_TCP_CONG_DCTCP is not set
 # CONFIG_TCP_CONG_CDG is not set
-CONFIG_TCP_CONG_BBR=m
+# CONFIG_TCP_CONG_BBR is not set
 CONFIG_DEFAULT_CUBIC=y
 # CONFIG_DEFAULT_RENO is not set
 CONFIG_DEFAULT_TCP_CONG="cubic"
@@ -3160,7 +3160,7 @@ CONFIG_INPUT_MATRIXKMAP=y
 # Userland interfaces
 #
 # CONFIG_INPUT_MOUSEDEV is not set
-CONFIG_INPUT_JOYDEV=m
+# CONFIG_INPUT_JOYDEV is not set
 CONFIG_INPUT_EVDEV=m
 # CONFIG_INPUT_EVBUG is not set
 
@@ -3227,36 +3227,7 @@ CONFIG_MOUSE_ELAN_I2C_I2C=y
 # CONFIG_MOUSE_GPIO is not set
 # CONFIG_MOUSE_SYNAPTICS_I2C is not set
 # CONFIG_MOUSE_SYNAPTICS_USB is not set
-CONFIG_INPUT_JOYSTICK=y
-# CONFIG_JOYSTICK_ANALOG is not set
-# CONFIG_JOYSTICK_A3D is not set
-# CONFIG_JOYSTICK_ADI is not set
-# CONFIG_JOYSTICK_COBRA is not set
-# CONFIG_JOYSTICK_GF2K is not set
-# CONFIG_JOYSTICK_GRIP is not set
-# CONFIG_JOYSTICK_GRIP_MP is not set
-# CONFIG_JOYSTICK_GUILLEMOT is not set
-# CONFIG_JOYSTICK_INTERACT is not set
-# CONFIG_JOYSTICK_SIDEWINDER is not set
-# CONFIG_JOYSTICK_TMDC is not set
-CONFIG_JOYSTICK_IFORCE=m
-CONFIG_JOYSTICK_IFORCE_USB=m
-# CONFIG_JOYSTICK_IFORCE_232 is not set
-# CONFIG_JOYSTICK_WARRIOR is not set
-# CONFIG_JOYSTICK_MAGELLAN is not set
-# CONFIG_JOYSTICK_SPACEORB is not set
-# CONFIG_JOYSTICK_SPACEBALL is not set
-# CONFIG_JOYSTICK_STINGER is not set
-# CONFIG_JOYSTICK_TWIDJOY is not set
-# CONFIG_JOYSTICK_ZHENHUA is not set
-# CONFIG_JOYSTICK_AS5011 is not set
-# CONFIG_JOYSTICK_JOYDUMP is not set
-CONFIG_JOYSTICK_XPAD=m
-CONFIG_JOYSTICK_XPAD_FF=y
-CONFIG_JOYSTICK_XPAD_LEDS=y
-# CONFIG_JOYSTICK_PSXPAD_SPI is not set
-# CONFIG_JOYSTICK_PXRC is not set
-# CONFIG_JOYSTICK_FSIA6B is not set
+# CONFIG_INPUT_JOYSTICK is not set
 # CONFIG_INPUT_TABLET is not set
 CONFIG_INPUT_TOUCHSCREEN=y
 CONFIG_TOUCHSCREEN_PROPERTIES=y

config/kernel/linux-odroidxu4-current.config

@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 5.4.83 Kernel Configuration
+# Linux/arm 5.4.85 Kernel Configuration
 #
 
 #
@@ -840,7 +840,6 @@ CONFIG_CMA_AREAS=7
 # CONFIG_ZPOOL is not set
 # CONFIG_ZBUD is not set
 CONFIG_ZSMALLOC=y
-CONFIG_PGTABLE_MAPPING=y
 # CONFIG_ZSMALLOC_STAT is not set
 CONFIG_GENERIC_EARLY_IOREMAP=y
 # CONFIG_IDLE_PAGE_TRACKING is not set

config/kernel/linux-sunxi-legacy.config

@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm 5.4.84 Kernel Configuration
+# Linux/arm 5.4.85 Kernel Configuration
 #
 
 #
@@ -5572,7 +5572,6 @@ CONFIG_USB_IDMOUSE=m
 CONFIG_USB_FTDI_ELAN=m
 CONFIG_USB_APPLEDISPLAY=m
 CONFIG_USB_SISUSBVGA=m
-CONFIG_USB_SISUSBVGA_CON=y
 CONFIG_USB_LD=m
 CONFIG_USB_TRANCEVIBRATOR=m
 CONFIG_USB_IOWARRIOR=m

config/kernel/linux-sunxi64-legacy.config

@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm64 5.4.84 Kernel Configuration
+# Linux/arm64 5.4.85 Kernel Configuration
 #
 
 #
@@ -5572,7 +5572,6 @@ CONFIG_USB_IDMOUSE=m
 CONFIG_USB_FTDI_ELAN=m
 CONFIG_USB_APPLEDISPLAY=m
 CONFIG_USB_SISUSBVGA=m
-# CONFIG_USB_SISUSBVGA_CON is not set
 CONFIG_USB_LD=m
 CONFIG_USB_TRANCEVIBRATOR=m
 CONFIG_USB_IOWARRIOR=m

patch/kernel/meson64-legacy/patch-4.9.239-240.patch

@@ -1,601 +0,0 @@
-diff --git a/Makefile b/Makefile
-index 82bb1b27d2f57..a6a9d494dc18f 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,6 +1,6 @@
- VERSION = 4
- PATCHLEVEL = 9
--SUBLEVEL = 239
-+SUBLEVEL = 240
- EXTRAVERSION =
- NAME = Roaring Lionus
- 
-diff --git a/drivers/crypto/qat/qat_common/qat_algs.c b/drivers/crypto/qat/qat_common/qat_algs.c
-index 20f35df8a01fa..4f4884521a877 100644
---- a/drivers/crypto/qat/qat_common/qat_algs.c
-+++ b/drivers/crypto/qat/qat_common/qat_algs.c
-@@ -822,6 +822,11 @@ static int qat_alg_aead_dec(struct aead_request *areq)
- 	struct icp_qat_fw_la_bulk_req *msg;
- 	int digst_size = crypto_aead_authsize(aead_tfm);
- 	int ret, ctr = 0;
-+	u32 cipher_len;
-+
-+	cipher_len = areq->cryptlen - digst_size;
-+	if (cipher_len % AES_BLOCK_SIZE != 0)
-+		return -EINVAL;
- 
- 	ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req);
- 	if (unlikely(ret))
-@@ -836,7 +841,7 @@ static int qat_alg_aead_dec(struct aead_request *areq)
- 	qat_req->req.comn_mid.src_data_addr = qat_req->buf.blp;
- 	qat_req->req.comn_mid.dest_data_addr = qat_req->buf.bloutp;
- 	cipher_param = (void *)&qat_req->req.serv_specif_rqpars;
--	cipher_param->cipher_length = areq->cryptlen - digst_size;
-+	cipher_param->cipher_length = cipher_len;
- 	cipher_param->cipher_offset = areq->assoclen;
- 	memcpy(cipher_param->u.cipher_IV_array, areq->iv, AES_BLOCK_SIZE);
- 	auth_param = (void *)((uint8_t *)cipher_param + sizeof(*cipher_param));
-@@ -865,6 +870,9 @@ static int qat_alg_aead_enc(struct aead_request *areq)
- 	uint8_t *iv = areq->iv;
- 	int ret, ctr = 0;
- 
-+	if (areq->cryptlen % AES_BLOCK_SIZE != 0)
-+		return -EINVAL;
-+
- 	ret = qat_alg_sgl_to_bufl(ctx->inst, areq->src, areq->dst, qat_req);
- 	if (unlikely(ret))
- 		return ret;
-diff --git a/drivers/media/usb/usbtv/usbtv-core.c b/drivers/media/usb/usbtv/usbtv-core.c
-index d8ce7d75ff187..fcbabd2a41144 100644
---- a/drivers/media/usb/usbtv/usbtv-core.c
-+++ b/drivers/media/usb/usbtv/usbtv-core.c
-@@ -110,7 +110,8 @@ static int usbtv_probe(struct usb_interface *intf,
- 
- usbtv_audio_fail:
- 	/* we must not free at this point */
--	usb_get_dev(usbtv->udev);
-+	v4l2_device_get(&usbtv->v4l2_dev);
-+	/* this will undo the v4l2_device_get() */
- 	usbtv_video_free(usbtv);
- 
- usbtv_video_fail:
-diff --git a/drivers/staging/comedi/drivers/vmk80xx.c b/drivers/staging/comedi/drivers/vmk80xx.c
-index 1800eb3ae0176..cdf86284dd047 100644
---- a/drivers/staging/comedi/drivers/vmk80xx.c
-+++ b/drivers/staging/comedi/drivers/vmk80xx.c
-@@ -676,6 +676,9 @@ static int vmk80xx_find_usb_endpoints(struct comedi_device *dev)
- 	if (!devpriv->ep_rx || !devpriv->ep_tx)
- 		return -ENODEV;
- 
-+	if (!usb_endpoint_maxp(devpriv->ep_rx) || !usb_endpoint_maxp(devpriv->ep_tx))
-+		return -EINVAL;
-+
- 	return 0;
- }
- 
-diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
-index 838123dc390ca..c9f979063af13 100644
---- a/drivers/usb/serial/ftdi_sio.c
-+++ b/drivers/usb/serial/ftdi_sio.c
-@@ -1032,6 +1032,11 @@ static const struct usb_device_id id_table_combined[] = {
- 	/* U-Blox devices */
- 	{ USB_DEVICE(UBLOX_VID, UBLOX_C099F9P_ZED_PID) },
- 	{ USB_DEVICE(UBLOX_VID, UBLOX_C099F9P_ODIN_PID) },
-+	/* FreeCalypso USB adapters */
-+	{ USB_DEVICE(FTDI_VID, FTDI_FALCONIA_JTAG_BUF_PID),
-+		.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
-+	{ USB_DEVICE(FTDI_VID, FTDI_FALCONIA_JTAG_UNBUF_PID),
-+		.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
- 	{ }					/* Terminating entry */
- };
- 
-diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
-index c33e06752b5f0..f3302516a1e4f 100644
---- a/drivers/usb/serial/ftdi_sio_ids.h
-+++ b/drivers/usb/serial/ftdi_sio_ids.h
-@@ -38,6 +38,13 @@
- 
- #define FTDI_LUMEL_PD12_PID	0x6002
- 
-+/*
-+ * Custom USB adapters made by Falconia Partners LLC
-+ * for FreeCalypso project, ID codes allocated to Falconia by FTDI.
-+ */
-+#define FTDI_FALCONIA_JTAG_BUF_PID	0x7150
-+#define FTDI_FALCONIA_JTAG_UNBUF_PID	0x7151
-+
- /* Sienna Serial Interface by Secyourit GmbH */
- #define FTDI_SIENNA_PID		0x8348
- 
-diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
-index 8cff50ef4fd14..5017d37afe392 100644
---- a/drivers/usb/serial/option.c
-+++ b/drivers/usb/serial/option.c
-@@ -529,6 +529,7 @@ static void option_instat_callback(struct urb *urb);
- /* Cellient products */
- #define CELLIENT_VENDOR_ID			0x2692
- #define CELLIENT_PRODUCT_MEN200			0x9005
-+#define CELLIENT_PRODUCT_MPL200			0x9025
- 
- /* Hyundai Petatel Inc. products */
- #define PETATEL_VENDOR_ID			0x1ff4
-@@ -1171,6 +1172,8 @@ static const struct usb_device_id option_ids[] = {
- 	  .driver_info = NCTRL(2) | RSVD(3) },
- 	{ USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1053, 0xff),	/* Telit FN980 (ECM) */
- 	  .driver_info = NCTRL(0) | RSVD(1) },
-+	{ USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1054, 0xff),	/* Telit FT980-KS */
-+	  .driver_info = NCTRL(2) | RSVD(3) },
- 	{ USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910),
- 	  .driver_info = NCTRL(0) | RSVD(1) | RSVD(3) },
- 	{ USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910_DUAL_MODEM),
-@@ -1967,6 +1970,8 @@ static const struct usb_device_id option_ids[] = {
- 	{ USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_DC_4COM2, 0xff, 0x02, 0x01) },
- 	{ USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_DC_4COM2, 0xff, 0x00, 0x00) },
- 	{ USB_DEVICE(CELLIENT_VENDOR_ID, CELLIENT_PRODUCT_MEN200) },
-+	{ USB_DEVICE(CELLIENT_VENDOR_ID, CELLIENT_PRODUCT_MPL200),
-+	  .driver_info = RSVD(1) | RSVD(4) },
- 	{ USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T_600A) },
- 	{ USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T_600E) },
- 	{ USB_DEVICE_AND_INTERFACE_INFO(TPLINK_VENDOR_ID, TPLINK_PRODUCT_LTE, 0xff, 0x00, 0x00) },	/* TP-Link LTE Module */
-diff --git a/drivers/usb/serial/pl2303.c b/drivers/usb/serial/pl2303.c
-index 4fcded2971d1d..bf5533d6d83bd 100644
---- a/drivers/usb/serial/pl2303.c
-+++ b/drivers/usb/serial/pl2303.c
-@@ -89,6 +89,7 @@ static const struct usb_device_id id_table[] = {
- 	{ USB_DEVICE(HP_VENDOR_ID, HP_LD220_PRODUCT_ID) },
- 	{ USB_DEVICE(HP_VENDOR_ID, HP_LD220TA_PRODUCT_ID) },
- 	{ USB_DEVICE(HP_VENDOR_ID, HP_LD381_PRODUCT_ID) },
-+	{ USB_DEVICE(HP_VENDOR_ID, HP_LD381GC_PRODUCT_ID) },
- 	{ USB_DEVICE(HP_VENDOR_ID, HP_LD960_PRODUCT_ID) },
- 	{ USB_DEVICE(HP_VENDOR_ID, HP_LD960TA_PRODUCT_ID) },
- 	{ USB_DEVICE(HP_VENDOR_ID, HP_LCM220_PRODUCT_ID) },
-diff --git a/drivers/usb/serial/pl2303.h b/drivers/usb/serial/pl2303.h
-index 54d2fb974a418..9d27c076f477e 100644
---- a/drivers/usb/serial/pl2303.h
-+++ b/drivers/usb/serial/pl2303.h
-@@ -125,6 +125,7 @@
- 
- /* Hewlett-Packard POS Pole Displays */
- #define HP_VENDOR_ID		0x03f0
-+#define HP_LD381GC_PRODUCT_ID	0x0183
- #define HP_LM920_PRODUCT_ID	0x026b
- #define HP_TD620_PRODUCT_ID	0x0956
- #define HP_LD960_PRODUCT_ID	0x0b39
-diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c
-index 9531b6c18ac7b..897154e993800 100644
---- a/fs/reiserfs/inode.c
-+++ b/fs/reiserfs/inode.c
-@@ -1554,11 +1554,7 @@ void reiserfs_read_locked_inode(struct inode *inode,
- 	 * set version 1, version 2 could be used too, because stat data
- 	 * key is the same in both versions
- 	 */
--	key.version = KEY_FORMAT_3_5;
--	key.on_disk_key.k_dir_id = dirino;
--	key.on_disk_key.k_objectid = inode->i_ino;
--	key.on_disk_key.k_offset = 0;
--	key.on_disk_key.k_type = 0;
-+	_make_cpu_key(&key, KEY_FORMAT_3_5, dirino, inode->i_ino, 0, 0, 3);
- 
- 	/* look for the object's stat data */
- 	retval = search_item(inode->i_sb, &key, &path_to_sd);
-diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c
-index 07900105523f0..645ee1bbd0255 100644
---- a/fs/reiserfs/xattr.c
-+++ b/fs/reiserfs/xattr.c
-@@ -664,6 +664,13 @@ reiserfs_xattr_get(struct inode *inode, const char *name, void *buffer,
- 	if (get_inode_sd_version(inode) == STAT_DATA_V1)
- 		return -EOPNOTSUPP;
- 
-+	/*
-+	 * priv_root needn't be initialized during mount so allow initial
-+	 * lookups to succeed.
-+	 */
-+	if (!REISERFS_SB(inode->i_sb)->priv_root)
-+		return 0;
-+
- 	dentry = xattr_lookup(inode, name, XATTR_REPLACE);
- 	if (IS_ERR(dentry)) {
- 		err = PTR_ERR(dentry);
-diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
-index 57a7dba49d298..52b5352e8fe08 100644
---- a/include/net/bluetooth/hci_core.h
-+++ b/include/net/bluetooth/hci_core.h
-@@ -1250,16 +1250,34 @@ static inline void hci_auth_cfm(struct hci_conn *conn, __u8 status)
- 		conn->security_cfm_cb(conn, status);
- }
- 
--static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status,
--								__u8 encrypt)
-+static inline void hci_encrypt_cfm(struct hci_conn *conn, __u8 status)
- {
- 	struct hci_cb *cb;
-+	__u8 encrypt;
-+
-+	if (conn->state == BT_CONFIG) {
-+		if (!status)
-+			conn->state = BT_CONNECTED;
- 
--	if (conn->sec_level == BT_SECURITY_SDP)
--		conn->sec_level = BT_SECURITY_LOW;
-+		hci_connect_cfm(conn, status);
-+		hci_conn_drop(conn);
-+		return;
-+	}
- 
--	if (conn->pending_sec_level > conn->sec_level)
--		conn->sec_level = conn->pending_sec_level;
-+	if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
-+		encrypt = 0x00;
-+	else if (test_bit(HCI_CONN_AES_CCM, &conn->flags))
-+		encrypt = 0x02;
-+	else
-+		encrypt = 0x01;
-+
-+	if (!status) {
-+		if (conn->sec_level == BT_SECURITY_SDP)
-+			conn->sec_level = BT_SECURITY_LOW;
-+
-+		if (conn->pending_sec_level > conn->sec_level)
-+			conn->sec_level = conn->pending_sec_level;
-+	}
- 
- 	mutex_lock(&hci_cb_list_lock);
- 	list_for_each_entry(cb, &hci_cb_list, list) {
-diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
-index 5ee3c689c8637..9c50d458ee83b 100644
---- a/include/net/bluetooth/l2cap.h
-+++ b/include/net/bluetooth/l2cap.h
-@@ -619,6 +619,8 @@ struct l2cap_ops {
- 	struct sk_buff		*(*alloc_skb) (struct l2cap_chan *chan,
- 					       unsigned long hdr_len,
- 					       unsigned long len, int nb);
-+	int			(*filter) (struct l2cap_chan * chan,
-+					   struct sk_buff *skb);
- };
- 
- struct l2cap_conn {
-diff --git a/net/bluetooth/a2mp.c b/net/bluetooth/a2mp.c
-index 5f123c3320a7b..8f918155685db 100644
---- a/net/bluetooth/a2mp.c
-+++ b/net/bluetooth/a2mp.c
-@@ -233,6 +233,9 @@ static int a2mp_discover_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
- 			struct a2mp_info_req req;
- 
- 			found = true;
-+
-+			memset(&req, 0, sizeof(req));
-+
- 			req.id = cl->id;
- 			a2mp_send(mgr, A2MP_GETINFO_REQ, __next_ident(mgr),
- 				  sizeof(req), &req);
-@@ -312,6 +315,8 @@ static int a2mp_getinfo_req(struct amp_mgr *mgr, struct sk_buff *skb,
- 	if (!hdev || hdev->dev_type != HCI_AMP) {
- 		struct a2mp_info_rsp rsp;
- 
-+		memset(&rsp, 0, sizeof(rsp));
-+
- 		rsp.id = req->id;
- 		rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
- 
-@@ -355,6 +360,8 @@ static int a2mp_getinfo_rsp(struct amp_mgr *mgr, struct sk_buff *skb,
- 	if (!ctrl)
- 		return -ENOMEM;
- 
-+	memset(&req, 0, sizeof(req));
-+
- 	req.id = rsp->id;
- 	a2mp_send(mgr, A2MP_GETAMPASSOC_REQ, __next_ident(mgr), sizeof(req),
- 		  &req);
-@@ -383,6 +390,8 @@ static int a2mp_getampassoc_req(struct amp_mgr *mgr, struct sk_buff *skb,
- 		struct a2mp_amp_assoc_rsp rsp;
- 		rsp.id = req->id;
- 
-+		memset(&rsp, 0, sizeof(rsp));
-+
- 		if (tmp) {
- 			rsp.status = A2MP_STATUS_COLLISION_OCCURED;
- 			amp_mgr_put(tmp);
-@@ -471,7 +480,6 @@ static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
- 				   struct a2mp_cmd *hdr)
- {
- 	struct a2mp_physlink_req *req = (void *) skb->data;
--
- 	struct a2mp_physlink_rsp rsp;
- 	struct hci_dev *hdev;
- 	struct hci_conn *hcon;
-@@ -482,6 +490,8 @@ static int a2mp_createphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
- 
- 	BT_DBG("local_id %d, remote_id %d", req->local_id, req->remote_id);
- 
-+	memset(&rsp, 0, sizeof(rsp));
-+
- 	rsp.local_id = req->remote_id;
- 	rsp.remote_id = req->local_id;
- 
-@@ -560,6 +570,8 @@ static int a2mp_discphyslink_req(struct amp_mgr *mgr, struct sk_buff *skb,
- 
- 	BT_DBG("local_id %d remote_id %d", req->local_id, req->remote_id);
- 
-+	memset(&rsp, 0, sizeof(rsp));
-+
- 	rsp.local_id = req->remote_id;
- 	rsp.remote_id = req->local_id;
- 	rsp.status = A2MP_STATUS_SUCCESS;
-@@ -682,6 +694,8 @@ static int a2mp_chan_recv_cb(struct l2cap_chan *chan, struct sk_buff *skb)
- 	if (err) {
- 		struct a2mp_cmd_rej rej;
- 
-+		memset(&rej, 0, sizeof(rej));
-+
- 		rej.reason = cpu_to_le16(0);
- 		hdr = (void *) skb->data;
- 
-@@ -905,6 +919,8 @@ void a2mp_send_getinfo_rsp(struct hci_dev *hdev)
- 
- 	BT_DBG("%s mgr %p", hdev->name, mgr);
- 
-+	memset(&rsp, 0, sizeof(rsp));
-+
- 	rsp.id = hdev->id;
- 	rsp.status = A2MP_STATUS_INVALID_CTRL_ID;
- 
-@@ -1002,6 +1018,8 @@ void a2mp_send_create_phy_link_rsp(struct hci_dev *hdev, u8 status)
- 	if (!mgr)
- 		return;
- 
-+	memset(&rsp, 0, sizeof(rsp));
-+
- 	hs_hcon = hci_conn_hash_lookup_state(hdev, AMP_LINK, BT_CONNECT);
- 	if (!hs_hcon) {
- 		rsp.status = A2MP_STATUS_UNABLE_START_LINK_CREATION;
-@@ -1034,6 +1052,8 @@ void a2mp_discover_amp(struct l2cap_chan *chan)
- 
- 	mgr->bredr_chan = chan;
- 
-+	memset(&req, 0, sizeof(req));
-+
- 	req.mtu = cpu_to_le16(L2CAP_A2MP_DEFAULT_MTU);
- 	req.ext_feat = 0;
- 	a2mp_send(mgr, A2MP_DISCOVER_REQ, 1, sizeof(req), &req);
-diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
-index 1d085eed72d0c..e3cd81ce2a7bb 100644
---- a/net/bluetooth/hci_conn.c
-+++ b/net/bluetooth/hci_conn.c
-@@ -1163,6 +1163,23 @@ int hci_conn_check_link_mode(struct hci_conn *conn)
- 			return 0;
- 	}
- 
-+	 /* AES encryption is required for Level 4:
-+	  *
-+	  * BLUETOOTH CORE SPECIFICATION Version 5.2 | Vol 3, Part C
-+	  * page 1319:
-+	  *
-+	  * 128-bit equivalent strength for link and encryption keys
-+	  * required using FIPS approved algorithms (E0 not allowed,
-+	  * SAFER+ not allowed, and P-192 not allowed; encryption key
-+	  * not shortened)
-+	  */
-+	if (conn->sec_level == BT_SECURITY_FIPS &&
-+	    !test_bit(HCI_CONN_AES_CCM, &conn->flags)) {
-+		bt_dev_err(conn->hdev,
-+			   "Invalid security: Missing AES-CCM usage");
-+		return 0;
-+	}
-+
- 	if (hci_conn_ssp_enabled(conn) &&
- 	    !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
- 		return 0;
-diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
-index d6da119f5082e..1f5c48d1493c9 100644
---- a/net/bluetooth/hci_event.c
-+++ b/net/bluetooth/hci_event.c
-@@ -1133,6 +1133,9 @@ static void store_pending_adv_report(struct hci_dev *hdev, bdaddr_t *bdaddr,
- {
- 	struct discovery_state *d = &hdev->discovery;
- 
-+	if (len > HCI_MAX_AD_LENGTH)
-+		return;
-+
- 	bacpy(&d->last_adv_addr, bdaddr);
- 	d->last_adv_addr_type = bdaddr_type;
- 	d->last_adv_rssi = rssi;
-@@ -2490,7 +2493,7 @@ static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
- 				     &cp);
- 		} else {
- 			clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
--			hci_encrypt_cfm(conn, ev->status, 0x00);
-+			hci_encrypt_cfm(conn, ev->status);
- 		}
- 	}
- 
-@@ -2576,22 +2579,7 @@ static void read_enc_key_size_complete(struct hci_dev *hdev, u8 status,
- 		conn->enc_key_size = rp->key_size;
- 	}
- 
--	if (conn->state == BT_CONFIG) {
--		conn->state = BT_CONNECTED;
--		hci_connect_cfm(conn, 0);
--		hci_conn_drop(conn);
--	} else {
--		u8 encrypt;
--
--		if (!test_bit(HCI_CONN_ENCRYPT, &conn->flags))
--			encrypt = 0x00;
--		else if (test_bit(HCI_CONN_AES_CCM, &conn->flags))
--			encrypt = 0x02;
--		else
--			encrypt = 0x01;
--
--		hci_encrypt_cfm(conn, 0, encrypt);
--	}
-+	hci_encrypt_cfm(conn, 0);
- 
- unlock:
- 	hci_dev_unlock(hdev);
-@@ -2638,27 +2626,23 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
- 
- 	clear_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
- 
-+	/* Check link security requirements are met */
-+	if (!hci_conn_check_link_mode(conn))
-+		ev->status = HCI_ERROR_AUTH_FAILURE;
-+
- 	if (ev->status && conn->state == BT_CONNECTED) {
- 		if (ev->status == HCI_ERROR_PIN_OR_KEY_MISSING)
- 			set_bit(HCI_CONN_AUTH_FAILURE, &conn->flags);
- 
-+		/* Notify upper layers so they can cleanup before
-+		 * disconnecting.
-+		 */
-+		hci_encrypt_cfm(conn, ev->status);
- 		hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
- 		hci_conn_drop(conn);
- 		goto unlock;
- 	}
- 
--	/* In Secure Connections Only mode, do not allow any connections
--	 * that are not encrypted with AES-CCM using a P-256 authenticated
--	 * combination key.
--	 */
--	if (hci_dev_test_flag(hdev, HCI_SC_ONLY) &&
--	    (!test_bit(HCI_CONN_AES_CCM, &conn->flags) ||
--	     conn->key_type != HCI_LK_AUTH_COMBINATION_P256)) {
--		hci_connect_cfm(conn, HCI_ERROR_AUTH_FAILURE);
--		hci_conn_drop(conn);
--		goto unlock;
--	}
--
- 	/* Try reading the encryption key size for encrypted ACL links */
- 	if (!ev->status && ev->encrypt && conn->type == ACL_LINK) {
- 		struct hci_cp_read_enc_key_size cp;
-@@ -2688,14 +2672,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
- 	}
- 
- notify:
--	if (conn->state == BT_CONFIG) {
--		if (!ev->status)
--			conn->state = BT_CONNECTED;
--
--		hci_connect_cfm(conn, ev->status);
--		hci_conn_drop(conn);
--	} else
--		hci_encrypt_cfm(conn, ev->status, ev->encrypt);
-+	hci_encrypt_cfm(conn, ev->status);
- 
- unlock:
- 	hci_dev_unlock(hdev);
-@@ -4779,6 +4756,11 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
- 		return;
- 	}
- 
-+	if (len > HCI_MAX_AD_LENGTH) {
-+		pr_err_ratelimited("legacy adv larger than 31 bytes");
-+		return;
-+	}
-+
- 	/* Find the end of the data in case the report contains padded zero
- 	 * bytes at the end causing an invalid length value.
- 	 *
-@@ -4839,7 +4821,7 @@ static void process_adv_report(struct hci_dev *hdev, u8 type, bdaddr_t *bdaddr,
- 	 */
- 	conn = check_pending_le_conn(hdev, bdaddr, bdaddr_type, type,
- 								direct_addr);
--	if (conn && type == LE_ADV_IND) {
-+	if (conn && type == LE_ADV_IND && len <= HCI_MAX_AD_LENGTH) {
- 		/* Store report for later inclusion by
- 		 * mgmt_device_connected
- 		 */
-@@ -4964,10 +4946,14 @@ static void hci_le_adv_report_evt(struct hci_dev *hdev, struct sk_buff *skb)
- 		struct hci_ev_le_advertising_info *ev = ptr;
- 		s8 rssi;
- 
--		rssi = ev->data[ev->length];
--		process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
--				   ev->bdaddr_type, NULL, 0, rssi,
--				   ev->data, ev->length);
-+		if (ev->length <= HCI_MAX_AD_LENGTH) {
-+			rssi = ev->data[ev->length];
-+			process_adv_report(hdev, ev->evt_type, &ev->bdaddr,
-+					   ev->bdaddr_type, NULL, 0, rssi,
-+					   ev->data, ev->length);
-+		} else {
-+			bt_dev_err(hdev, "Dropping invalid advertising data");
-+		}
- 
- 		ptr += sizeof(*ev) + ev->length + 1;
- 	}
-diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
-index 5e3f5c1ba07d6..b96818cda12da 100644
---- a/net/bluetooth/l2cap_core.c
-+++ b/net/bluetooth/l2cap_core.c
-@@ -6675,9 +6675,10 @@ static int l2cap_data_rcv(struct l2cap_chan *chan, struct sk_buff *skb)
- 		goto drop;
- 	}
- 
--	if ((chan->mode == L2CAP_MODE_ERTM ||
--	     chan->mode == L2CAP_MODE_STREAMING) && sk_filter(chan->data, skb))
--		goto drop;
-+	if (chan->ops->filter) {
-+		if (chan->ops->filter(chan, skb))
-+			goto drop;
-+	}
- 
- 	if (!control->sframe) {
- 		int err;
-diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
-index bbf08c6092f4a..ab6b1788dbfc3 100644
---- a/net/bluetooth/l2cap_sock.c
-+++ b/net/bluetooth/l2cap_sock.c
-@@ -1475,6 +1475,19 @@ static void l2cap_sock_suspend_cb(struct l2cap_chan *chan)
- 	sk->sk_state_change(sk);
- }
- 
-+static int l2cap_sock_filter(struct l2cap_chan *chan, struct sk_buff *skb)
-+{
-+	struct sock *sk = chan->data;
-+
-+	switch (chan->mode) {
-+	case L2CAP_MODE_ERTM:
-+	case L2CAP_MODE_STREAMING:
-+		return sk_filter(sk, skb);
-+	}
-+
-+	return 0;
-+}
-+
- static const struct l2cap_ops l2cap_chan_ops = {
- 	.name			= "L2CAP Socket Interface",
- 	.new_connection		= l2cap_sock_new_connection_cb,
-@@ -1489,6 +1502,7 @@ static const struct l2cap_ops l2cap_chan_ops = {
- 	.set_shutdown		= l2cap_sock_set_shutdown_cb,
- 	.get_sndtimeo		= l2cap_sock_get_sndtimeo_cb,
- 	.alloc_skb		= l2cap_sock_alloc_skb_cb,
-+	.filter			= l2cap_sock_filter,
- };
- 
- static void l2cap_sock_destruct(struct sock *sk)
-diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
-index ba24f613c0fc1..bca1408f815ff 100644
---- a/net/bluetooth/mgmt.c
-+++ b/net/bluetooth/mgmt.c
-@@ -635,7 +635,8 @@ static u32 get_supported_settings(struct hci_dev *hdev)
- 
- 		if (lmp_ssp_capable(hdev)) {
- 			settings |= MGMT_SETTING_SSP;
--			settings |= MGMT_SETTING_HS;
-+			if (IS_ENABLED(CONFIG_BT_HS))
-+				settings |= MGMT_SETTING_HS;
- 		}
- 
- 		if (lmp_sc_capable(hdev))
-@@ -1645,6 +1646,10 @@ static int set_hs(struct sock *sk, struct hci_dev *hdev, void *data, u16 len)
- 
- 	BT_DBG("request for %s", hdev->name);
- 
-+	if (!IS_ENABLED(CONFIG_BT_HS))
-+		return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS,
-+				       MGMT_STATUS_NOT_SUPPORTED);
-+
- 	status = mgmt_bredr_support(hdev);
- 	if (status)
- 		return mgmt_cmd_status(sk, hdev->id, MGMT_OP_SET_HS, status);