--- /dev/null
+From 9fa4eb8e490a28de40964b1b0e583d8db4c7e57c Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.com>
+Date: Fri, 23 Jun 2017 15:08:43 -0700
+Subject: autofs: sanity check status reported with AUTOFS_DEV_IOCTL_FAIL
+
+From: NeilBrown <neilb@suse.com>
+
+commit 9fa4eb8e490a28de40964b1b0e583d8db4c7e57c upstream.
+
+If a positive status is passed with the AUTOFS_DEV_IOCTL_FAIL ioctl,
+autofs4_d_automount() will return
+
+ ERR_PTR(status)
+
+with that status to follow_automount(), which will then dereference an
+invalid pointer.
+
+So treat a positive status the same as zero, and map to ENOENT.
+
+See comment in systemd src/core/automount.c::automount_send_ready().
+
+Link: http://lkml.kernel.org/r/871sqwczx5.fsf@notabene.neil.brown.name
+Signed-off-by: NeilBrown <neilb@suse.com>
+Cc: Ian Kent <raven@themaw.net>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/autofs4/dev-ioctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/autofs4/dev-ioctl.c
++++ b/fs/autofs4/dev-ioctl.c
+@@ -331,7 +331,7 @@ static int autofs_dev_ioctl_fail(struct
+ int status;
+
+ token = (autofs_wqt_t) param->fail.token;
+- status = param->fail.status ? param->fail.status : -ENOENT;
++ status = param->fail.status < 0 ? param->fail.status : -ENOENT;
+ return autofs4_wait_release(sbi, token, status);
+ }
+
--- /dev/null
+From dcd87838c06f05ab7650b249ebf0d5b57ae63e1e Mon Sep 17 00:00:00 2001
+From: Pavel Shilovsky <pshilov@microsoft.com>
+Date: Tue, 6 Jun 2017 16:58:58 -0700
+Subject: CIFS: Improve readdir verbosity
+
+From: Pavel Shilovsky <pshilov@microsoft.com>
+
+commit dcd87838c06f05ab7650b249ebf0d5b57ae63e1e upstream.
+
+Downgrade the loglevel for SMB2 to prevent filling the log
+with messages if e.g. readdir was interrupted. Also make SMB2
+and SMB1 codepaths do the same logging during readdir.
+
+Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
+Signed-off-by: Steve French <smfrench@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/cifs/smb1ops.c | 9 +++++++--
+ fs/cifs/smb2ops.c | 4 ++--
+ 2 files changed, 9 insertions(+), 4 deletions(-)
+
+--- a/fs/cifs/smb1ops.c
++++ b/fs/cifs/smb1ops.c
+@@ -849,8 +849,13 @@ cifs_query_dir_first(const unsigned int
+ struct cifs_fid *fid, __u16 search_flags,
+ struct cifs_search_info *srch_inf)
+ {
+- return CIFSFindFirst(xid, tcon, path, cifs_sb,
+- &fid->netfid, search_flags, srch_inf, true);
++ int rc;
++
++ rc = CIFSFindFirst(xid, tcon, path, cifs_sb,
++ &fid->netfid, search_flags, srch_inf, true);
++ if (rc)
++ cifs_dbg(FYI, "find first failed=%d\n", rc);
++ return rc;
+ }
+
+ static int
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -842,7 +842,7 @@ smb2_query_dir_first(const unsigned int
+ rc = SMB2_open(xid, &oparms, utf16_path, &oplock, NULL, NULL);
+ kfree(utf16_path);
+ if (rc) {
+- cifs_dbg(VFS, "open dir failed\n");
++ cifs_dbg(FYI, "open dir failed rc=%d\n", rc);
+ return rc;
+ }
+
+@@ -852,7 +852,7 @@ smb2_query_dir_first(const unsigned int
+ rc = SMB2_query_directory(xid, tcon, fid->persistent_fid,
+ fid->volatile_fid, 0, srch_inf);
+ if (rc) {
+- cifs_dbg(VFS, "query directory failed\n");
++ cifs_dbg(FYI, "query directory failed rc=%d\n", rc);
+ SMB2_close(xid, tcon, fid->persistent_fid, fid->volatile_fid);
+ }
+ return rc;
--- /dev/null
+From 98da7d08850fb8bdeb395d6368ed15753304aa0c Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Fri, 23 Jun 2017 15:08:57 -0700
+Subject: fs/exec.c: account for argv/envp pointers
+
+From: Kees Cook <keescook@chromium.org>
+
+commit 98da7d08850fb8bdeb395d6368ed15753304aa0c upstream.
+
+When limiting the argv/envp strings during exec to 1/4 of the stack limit,
+the storage of the pointers to the strings was not included. This means
+that an exec with huge numbers of tiny strings could eat 1/4 of the stack
+limit in strings and then additional space would be later used by the
+pointers to the strings.
+
+For example, on 32-bit with a 8MB stack rlimit, an exec with 1677721
+single-byte strings would consume less than 2MB of stack, the max (8MB /
+4) amount allowed, but the pointers to the strings would consume the
+remaining additional stack space (1677721 * 4 == 6710884).
+
+The result (1677721 + 6710884 == 8388605) would exhaust stack space
+entirely. Controlling this stack exhaustion could result in
+pathological behavior in setuid binaries (CVE-2017-1000365).
+
+[akpm@linux-foundation.org: additional commenting from Kees]
+Fixes: b6a2fea39318 ("mm: variable length argument support")
+Link: http://lkml.kernel.org/r/20170622001720.GA32173@beast
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Acked-by: Rik van Riel <riel@redhat.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Cc: Alexander Viro <viro@zeniv.linux.org.uk>
+Cc: Qualys Security Advisory <qsa@qualys.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/exec.c | 28 ++++++++++++++++++++++++----
+ 1 file changed, 24 insertions(+), 4 deletions(-)
+
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -199,8 +199,26 @@ static struct page *get_arg_page(struct
+
+ if (write) {
+ unsigned long size = bprm->vma->vm_end - bprm->vma->vm_start;
++ unsigned long ptr_size;
+ struct rlimit *rlim;
+
++ /*
++ * Since the stack will hold pointers to the strings, we
++ * must account for them as well.
++ *
++ * The size calculation is the entire vma while each arg page is
++ * built, so each time we get here it's calculating how far it
++ * is currently (rather than each call being just the newly
++ * added size from the arg page). As a result, we need to
++ * always add the entire size of the pointers, so that on the
++ * last call to get_arg_page() we'll actually have the entire
++ * correct size.
++ */
++ ptr_size = (bprm->argc + bprm->envc) * sizeof(void *);
++ if (ptr_size > ULONG_MAX - size)
++ goto fail;
++ size += ptr_size;
++
+ acct_arg_size(bprm, size / PAGE_SIZE);
+
+ /*
+@@ -218,13 +236,15 @@ static struct page *get_arg_page(struct
+ * to work from.
+ */
+ rlim = current->signal->rlim;
+- if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur) / 4) {
+- put_page(page);
+- return NULL;
+- }
++ if (size > READ_ONCE(rlim[RLIMIT_STACK].rlim_cur) / 4)
++ goto fail;
+ }
+
+ return page;
++
++fail:
++ put_page(page);
++ return NULL;
+ }
+
+ static void put_arg_page(struct page *page)
--- /dev/null
+From 46a704f8409f79fd66567ad3f8a7304830a84293 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Thu, 15 Jun 2017 16:10:27 +1000
+Subject: KVM: PPC: Book3S HV: Preserve userspace HTM state properly
+
+From: Paul Mackerras <paulus@ozlabs.org>
+
+commit 46a704f8409f79fd66567ad3f8a7304830a84293 upstream.
+
+If userspace attempts to call the KVM_RUN ioctl when it has hardware
+transactional memory (HTM) enabled, the values that it has put in the
+HTM-related SPRs TFHAR, TFIAR and TEXASR will get overwritten by
+guest values. To fix this, we detect this condition and save those
+SPR values in the thread struct, and disable HTM for the task. If
+userspace goes to access those SPRs or the HTM facility in future,
+a TM-unavailable interrupt will occur and the handler will reload
+those SPRs and re-enable HTM.
+
+If userspace has started a transaction and suspended it, we would
+currently lose the transactional state in the guest entry path and
+would almost certainly get a "TM Bad Thing" interrupt, which would
+cause the host to crash. To avoid this, we detect this case and
+return from the KVM_RUN ioctl with an EINVAL error, with the KVM
+exit reason set to KVM_EXIT_FAIL_ENTRY.
+
+Fixes: b005255e12a3 ("KVM: PPC: Book3S HV: Context-switch new POWER8 SPRs", 2014-01-08)
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kvm/book3s_hv.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+--- a/arch/powerpc/kvm/book3s_hv.c
++++ b/arch/powerpc/kvm/book3s_hv.c
+@@ -1956,6 +1956,27 @@ static int kvmppc_vcpu_run_hv(struct kvm
+ return -EINVAL;
+ }
+
++ /*
++ * Don't allow entry with a suspended transaction, because
++ * the guest entry/exit code will lose it.
++ * If the guest has TM enabled, save away their TM-related SPRs
++ * (they will get restored by the TM unavailable interrupt).
++ */
++#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
++ if (cpu_has_feature(CPU_FTR_TM) && current->thread.regs &&
++ (current->thread.regs->msr & MSR_TM)) {
++ if (MSR_TM_ACTIVE(current->thread.regs->msr)) {
++ run->exit_reason = KVM_EXIT_FAIL_ENTRY;
++ run->fail_entry.hardware_entry_failure_reason = 0;
++ return -EINVAL;
++ }
++ current->thread.tm_tfhar = mfspr(SPRN_TFHAR);
++ current->thread.tm_tfiar = mfspr(SPRN_TFIAR);
++ current->thread.tm_texasr = mfspr(SPRN_TEXASR);
++ current->thread.regs->msr &= ~MSR_TM;
++ }
++#endif
++
+ kvmppc_core_prepare_to_enter(vcpu);
+
+ /* No need to go into the guest when all we'll do is come back out */
--- /dev/null
+From a91e0f680bcd9e10c253ae8b62462a38bd48f09f Mon Sep 17 00:00:00 2001
+From: Ilya Matveychikov <matvejchikov@gmail.com>
+Date: Fri, 23 Jun 2017 15:08:49 -0700
+Subject: lib/cmdline.c: fix get_options() overflow while parsing ranges
+
+From: Ilya Matveychikov <matvejchikov@gmail.com>
+
+commit a91e0f680bcd9e10c253ae8b62462a38bd48f09f upstream.
+
+When using get_options() it's possible to specify a range of numbers,
+like 1-100500. The problem is that it doesn't track array size while
+calling internally to get_range() which iterates over the range and
+fills the memory with numbers.
+
+Link: http://lkml.kernel.org/r/2613C75C-B04D-4BFF-82A6-12F97BA0F620@gmail.com
+Signed-off-by: Ilya V. Matveychikov <matvejchikov@gmail.com>
+Cc: Jonathan Corbet <corbet@lwn.net>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ lib/cmdline.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/lib/cmdline.c
++++ b/lib/cmdline.c
+@@ -22,14 +22,14 @@
+ * the values[M, M+1, ..., N] into the ints array in get_options.
+ */
+
+-static int get_range(char **str, int *pint)
++static int get_range(char **str, int *pint, int n)
+ {
+ int x, inc_counter, upper_range;
+
+ (*str)++;
+ upper_range = simple_strtol((*str), NULL, 0);
+ inc_counter = upper_range - *pint;
+- for (x = *pint; x < upper_range; x++)
++ for (x = *pint; n && x < upper_range; x++, n--)
+ *pint++ = x;
+ return inc_counter;
+ }
+@@ -96,7 +96,7 @@ char *get_options(const char *str, int n
+ break;
+ if (res == 3) {
+ int range_nums;
+- range_nums = get_range((char **)&str, ints + i);
++ range_nums = get_range((char **)&str, ints + i, nints - i);
+ if (range_nums < 0)
+ break;
+ /*
--- /dev/null
+fs-exec.c-account-for-argv-envp-pointers.patch
+autofs-sanity-check-status-reported-with-autofs_dev_ioctl_fail.patch
+lib-cmdline.c-fix-get_options-overflow-while-parsing-ranges.patch
+kvm-ppc-book3s-hv-preserve-userspace-htm-state-properly.patch
+cifs-improve-readdir-verbosity.patch
+signal-only-reschedule-timers-on-signals-timers-have-sent.patch
--- /dev/null
+From 57db7e4a2d92c2d3dfbca4ef8057849b2682436b Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Tue, 13 Jun 2017 04:31:16 -0500
+Subject: signal: Only reschedule timers on signals timers have sent
+
+From: Eric W. Biederman <ebiederm@xmission.com>
+
+commit 57db7e4a2d92c2d3dfbca4ef8057849b2682436b upstream.
+
+Thomas Gleixner wrote:
+> The CRIU support added a 'feature' which allows a user space task to send
+> arbitrary (kernel) signals to itself. The changelog says:
+>
+> The kernel prevents sending of siginfo with positive si_code, because
+> these codes are reserved for kernel. I think we can allow a task to
+> send such a siginfo to itself. This operation should not be dangerous.
+>
+> Quite contrary to that claim, it turns out that it is outright dangerous
+> for signals with info->si_code == SI_TIMER. The following code sequence in
+> a user space task allows to crash the kernel:
+>
+> id = timer_create(CLOCK_XXX, ..... signo = SIGX);
+> timer_set(id, ....);
+> info->si_signo = SIGX;
+> info->si_code = SI_TIMER:
+> info->_sifields._timer._tid = id;
+> info->_sifields._timer._sys_private = 2;
+> rt_[tg]sigqueueinfo(..., SIGX, info);
+> sigemptyset(&sigset);
+> sigaddset(&sigset, SIGX);
+> rt_sigtimedwait(sigset, info);
+>
+> For timers based on CLOCK_PROCESS_CPUTIME_ID, CLOCK_THREAD_CPUTIME_ID this
+> results in a kernel crash because sigwait() dequeues the signal and the
+> dequeue code observes:
+>
+> info->si_code == SI_TIMER && info->_sifields._timer._sys_private != 0
+>
+> which triggers the following callchain:
+>
+> do_schedule_next_timer() -> posix_cpu_timer_schedule() -> arm_timer()
+>
+> arm_timer() executes a list_add() on the timer, which is already armed via
+> the timer_set() syscall. That's a double list add which corrupts the posix
+> cpu timer list. As a consequence the kernel crashes on the next operation
+> touching the posix cpu timer list.
+>
+> Posix clocks which are internally implemented based on hrtimers are not
+> affected by this because hrtimer_start() can handle already armed timers
+> nicely, but it's a reliable way to trigger the WARN_ON() in
+> hrtimer_forward(), which complains about calling that function on an
+> already armed timer.
+
+This problem has existed since the posix timer code was merged into
+2.5.63. A few releases earlier in 2.5.60 ptrace gained the ability to
+inject not just a signal (which linux has supported since 1.0) but the
+full siginfo of a signal.
+
+The core problem is that the code will reschedule in response to
+signals getting dequeued not just for signals the timers sent but
+for other signals that happen to a si_code of SI_TIMER.
+
+Avoid this confusion by testing to see if the queued signal was
+preallocated as all timer signals are preallocated, and so far
+only the timer code preallocates signals.
+
+Move the check for if a timer needs to be rescheduled up into
+collect_signal where the preallocation check must be performed,
+and pass the result back to dequeue_signal where the code reschedules
+timers. This makes it clear why the code cares about preallocated
+timers.
+
+Reported-by: Thomas Gleixner <tglx@linutronix.de>
+History Tree: https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git
+Reference: 66dd34ad31e5 ("signal: allow to send any siginfo to itself")
+Reference: 1669ce53e2ff ("Add PTRACE_GETSIGINFO and PTRACE_SETSIGINFO")
+Fixes: db8b50ba75f2 ("[PATCH] POSIX clocks & timers")
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/signal.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -543,7 +543,8 @@ unblock_all_signals(void)
+ spin_unlock_irqrestore(¤t->sighand->siglock, flags);
+ }
+
+-static void collect_signal(int sig, struct sigpending *list, siginfo_t *info)
++static void collect_signal(int sig, struct sigpending *list, siginfo_t *info,
++ bool *resched_timer)
+ {
+ struct sigqueue *q, *first = NULL;
+
+@@ -565,6 +566,12 @@ static void collect_signal(int sig, stru
+ still_pending:
+ list_del_init(&first->list);
+ copy_siginfo(info, &first->info);
++
++ *resched_timer =
++ (first->flags & SIGQUEUE_PREALLOC) &&
++ (info->si_code == SI_TIMER) &&
++ (info->si_sys_private);
++
+ __sigqueue_free(first);
+ } else {
+ /*
+@@ -581,7 +588,7 @@ still_pending:
+ }
+
+ static int __dequeue_signal(struct sigpending *pending, sigset_t *mask,
+- siginfo_t *info)
++ siginfo_t *info, bool *resched_timer)
+ {
+ int sig = next_signal(pending, mask);
+
+@@ -595,7 +602,7 @@ static int __dequeue_signal(struct sigpe
+ }
+ }
+
+- collect_signal(sig, pending, info);
++ collect_signal(sig, pending, info, resched_timer);
+ }
+
+ return sig;
+@@ -609,15 +616,16 @@ static int __dequeue_signal(struct sigpe
+ */
+ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info)
+ {
++ bool resched_timer = false;
+ int signr;
+
+ /* We only dequeue private signals from ourselves, we don't let
+ * signalfd steal them
+ */
+- signr = __dequeue_signal(&tsk->pending, mask, info);
++ signr = __dequeue_signal(&tsk->pending, mask, info, &resched_timer);
+ if (!signr) {
+ signr = __dequeue_signal(&tsk->signal->shared_pending,
+- mask, info);
++ mask, info, &resched_timer);
+ /*
+ * itimer signal ?
+ *
+@@ -662,7 +670,7 @@ int dequeue_signal(struct task_struct *t
+ */
+ current->jobctl |= JOBCTL_STOP_DEQUEUED;
+ }
+- if ((info->si_code & __SI_MASK) == __SI_TIMER && info->si_sys_private) {
++ if (resched_timer) {
+ /*
+ * Release the siglock to ensure proper locking order
+ * of timer locks outside of siglocks. Note, we leave
--- /dev/null
+clk-sunxi-ng-a31-correct-lcd1-ch1-clock-register-offset.patch
+clk-sunxi-ng-v3s-fix-usb-otg-device-reset-bit.patch
+clk-sunxi-ng-sun5i-fix-ahb_bist_clk-definition.patch
+xen-blkback-fix-disconnect-while-i-os-in-flight.patch
+xen-blkback-don-t-leak-stack-data-via-response-ring.patch
+alsa-firewire-lib-fix-stall-of-process-context-at-packet-error.patch
+alsa-pcm-don-t-treat-null-chmap-as-a-fatal-error.patch
+alsa-hda-add-coffelake-pci-id.patch
+alsa-hda-apply-quirks-to-broxton-t-too.patch
+fs-exec.c-account-for-argv-envp-pointers.patch
+powerpc-perf-fix-oops-when-kthread-execs-user-process.patch
+autofs-sanity-check-status-reported-with-autofs_dev_ioctl_fail.patch
+fs-dax.c-fix-inefficiency-in-dax_writeback_mapping_range.patch
+lib-cmdline.c-fix-get_options-overflow-while-parsing-ranges.patch
+perf-x86-intel-add-1g-dtlb-load-store-miss-support-for-skl.patch
+perf-probe-fix-probe-definition-for-inlined-functions.patch
+kvm-x86-fix-singlestepping-over-syscall.patch
+kvm-mips-fix-maybe-uninitialized-build-failure.patch
+kvm-s390-gaccess-fix-real-space-designation-asce-handling-for-gmap-shadows.patch
+kvm-ppc-book3s-hv-cope-with-host-using-large-decrementer-mode.patch
+kvm-ppc-book3s-hv-preserve-userspace-htm-state-properly.patch
+kvm-ppc-book3s-hv-ignore-timebase-offset-on-power9-dd1.patch
+kvm-ppc-book3s-hv-context-switch-ebb-registers-properly.patch
+kvm-ppc-book3s-hv-restore-critical-sprs-to-host-values-on-guest-exit.patch
+kvm-ppc-book3s-hv-save-restore-host-values-of-debug-registers.patch
+cifs-improve-readdir-verbosity.patch
+cifs-fix-some-return-values-in-case-of-error-in-crypt_message.patch
+cxgb4-notify-up-to-route-ctrlq-compl-to-rdma-rspq.patch
+hid-add-quirk-for-dell-pixart-oem-mouse.patch
+random-silence-compiler-warnings-and-fix-race.patch
+signal-only-reschedule-timers-on-signals-timers-have-sent.patch
--- /dev/null
+fs-exec.c-account-for-argv-envp-pointers.patch
+autofs-sanity-check-status-reported-with-autofs_dev_ioctl_fail.patch
+lib-cmdline.c-fix-get_options-overflow-while-parsing-ranges.patch
+kvm-ppc-book3s-hv-preserve-userspace-htm-state-properly.patch
+cifs-improve-readdir-verbosity.patch
+hid-add-quirk-for-dell-pixart-oem-mouse.patch
+signal-only-reschedule-timers-on-signals-timers-have-sent.patch
--- /dev/null
+clk-sunxi-ng-a31-correct-lcd1-ch1-clock-register-offset.patch
+xen-blkback-fix-disconnect-while-i-os-in-flight.patch
+xen-blkback-don-t-leak-stack-data-via-response-ring.patch
+alsa-firewire-lib-fix-stall-of-process-context-at-packet-error.patch
+alsa-pcm-don-t-treat-null-chmap-as-a-fatal-error.patch
+fs-exec.c-account-for-argv-envp-pointers.patch
+powerpc-perf-fix-oops-when-kthread-execs-user-process.patch
+autofs-sanity-check-status-reported-with-autofs_dev_ioctl_fail.patch
+fs-dax.c-fix-inefficiency-in-dax_writeback_mapping_range.patch
+lib-cmdline.c-fix-get_options-overflow-while-parsing-ranges.patch
+perf-x86-intel-add-1g-dtlb-load-store-miss-support-for-skl.patch
+kvm-s390-gaccess-fix-real-space-designation-asce-handling-for-gmap-shadows.patch
+kvm-ppc-book3s-hv-preserve-userspace-htm-state-properly.patch
+kvm-ppc-book3s-hv-context-switch-ebb-registers-properly.patch
+cifs-improve-readdir-verbosity.patch
+cxgb4-notify-up-to-route-ctrlq-compl-to-rdma-rspq.patch
+hid-add-quirk-for-dell-pixart-oem-mouse.patch
+signal-only-reschedule-timers-on-signals-timers-have-sent.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
