--- /dev/null
+From 3b05ac3824ed9648c0d9c02d51d9b54e4e7e874f Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Sat, 6 Dec 2014 16:49:24 +0300
+Subject: ipvs: uninitialized data with IP_VS_IPV6
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 3b05ac3824ed9648c0d9c02d51d9b54e4e7e874f upstream.
+
+The app_tcp_pkt_out() function expects "*diff" to be set and ends up
+using uninitialized data if CONFIG_IP_VS_IPV6 is turned on.
+
+The same issue is there in app_tcp_pkt_in(). Thanks to Julian Anastasov
+for noticing that.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Julian Anastasov <ja@ssi.bg>
+Signed-off-by: Simon Horman <horms@verge.net.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/ipvs/ip_vs_ftp.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/net/netfilter/ipvs/ip_vs_ftp.c
++++ b/net/netfilter/ipvs/ip_vs_ftp.c
+@@ -183,6 +183,8 @@ static int ip_vs_ftp_out(struct ip_vs_ap
+ struct nf_conn *ct;
+ struct net *net;
+
++ *diff = 0;
++
+ #ifdef CONFIG_IP_VS_IPV6
+ /* This application helper doesn't work with IPv6 yet,
+ * so turn this into a no-op for IPv6 packets
+@@ -191,8 +193,6 @@ static int ip_vs_ftp_out(struct ip_vs_ap
+ return 1;
+ #endif
+
+- *diff = 0;
+-
+ /* Only useful for established sessions */
+ if (cp->state != IP_VS_TCP_S_ESTABLISHED)
+ return 1;
+@@ -322,6 +322,9 @@ static int ip_vs_ftp_in(struct ip_vs_app
+ struct ip_vs_conn *n_cp;
+ struct net *net;
+
++ /* no diff required for incoming packets */
++ *diff = 0;
++
+ #ifdef CONFIG_IP_VS_IPV6
+ /* This application helper doesn't work with IPv6 yet,
+ * so turn this into a no-op for IPv6 packets
+@@ -330,9 +333,6 @@ static int ip_vs_ftp_in(struct ip_vs_app
+ return 1;
+ #endif
+
+- /* no diff required for incoming packets */
+- *diff = 0;
+-
+ /* Only useful for established sessions */
+ if (cp->state != IP_VS_TCP_S_ESTABLISHED)
+ return 1;
--- /dev/null
+From 45f87de57f8fad59302fd263dd81ffa4843b5b24 Mon Sep 17 00:00:00 2001
+From: Michal Hocko <mhocko@suse.cz>
+Date: Mon, 29 Dec 2014 20:30:35 +0100
+Subject: mm: get rid of radix tree gfp mask for pagecache_get_page
+
+From: Michal Hocko <mhocko@suse.cz>
+
+commit 45f87de57f8fad59302fd263dd81ffa4843b5b24 upstream.
+
+Commit 2457aec63745 ("mm: non-atomically mark page accessed during page
+cache allocation where possible") has added a separate parameter for
+specifying gfp mask for radix tree allocations.
+
+Not only this is less than optimal from the API point of view because it
+is error prone, it is also buggy currently because
+grab_cache_page_write_begin is using GFP_KERNEL for radix tree and if
+fgp_flags doesn't contain FGP_NOFS (mostly controlled by fs by
+AOP_FLAG_NOFS flag) but the mapping_gfp_mask has __GFP_FS cleared then
+the radix tree allocation wouldn't obey the restriction and might
+recurse into filesystem and cause deadlocks. This is the case for most
+filesystems unfortunately because only ext4 and gfs2 are using
+AOP_FLAG_NOFS.
+
+Let's simply remove radix_gfp_mask parameter because the allocation
+context is same for both page cache and for the radix tree. Just make
+sure that the radix tree gets only the sane subset of the mask (e.g. do
+not pass __GFP_WRITE).
+
+Long term it is more preferable to convert remaining users of
+AOP_FLAG_NOFS to use mapping_gfp_mask instead and simplify this
+interface even further.
+
+Reported-by: Dave Chinner <david@fromorbit.com>
+Signed-off-by: Michal Hocko <mhocko@suse.cz>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/pagemap.h | 13 ++++++-------
+ mm/filemap.c | 29 ++++++++++++-----------------
+ 2 files changed, 18 insertions(+), 24 deletions(-)
+
+--- a/include/linux/pagemap.h
++++ b/include/linux/pagemap.h
+@@ -251,7 +251,7 @@ pgoff_t page_cache_prev_hole(struct addr
+ #define FGP_NOWAIT 0x00000020
+
+ struct page *pagecache_get_page(struct address_space *mapping, pgoff_t offset,
+- int fgp_flags, gfp_t cache_gfp_mask, gfp_t radix_gfp_mask);
++ int fgp_flags, gfp_t cache_gfp_mask);
+
+ /**
+ * find_get_page - find and get a page reference
+@@ -266,13 +266,13 @@ struct page *pagecache_get_page(struct a
+ static inline struct page *find_get_page(struct address_space *mapping,
+ pgoff_t offset)
+ {
+- return pagecache_get_page(mapping, offset, 0, 0, 0);
++ return pagecache_get_page(mapping, offset, 0, 0);
+ }
+
+ static inline struct page *find_get_page_flags(struct address_space *mapping,
+ pgoff_t offset, int fgp_flags)
+ {
+- return pagecache_get_page(mapping, offset, fgp_flags, 0, 0);
++ return pagecache_get_page(mapping, offset, fgp_flags, 0);
+ }
+
+ /**
+@@ -292,7 +292,7 @@ static inline struct page *find_get_page
+ static inline struct page *find_lock_page(struct address_space *mapping,
+ pgoff_t offset)
+ {
+- return pagecache_get_page(mapping, offset, FGP_LOCK, 0, 0);
++ return pagecache_get_page(mapping, offset, FGP_LOCK, 0);
+ }
+
+ /**
+@@ -319,7 +319,7 @@ static inline struct page *find_or_creat
+ {
+ return pagecache_get_page(mapping, offset,
+ FGP_LOCK|FGP_ACCESSED|FGP_CREAT,
+- gfp_mask, gfp_mask & GFP_RECLAIM_MASK);
++ gfp_mask);
+ }
+
+ /**
+@@ -340,8 +340,7 @@ static inline struct page *grab_cache_pa
+ {
+ return pagecache_get_page(mapping, index,
+ FGP_LOCK|FGP_CREAT|FGP_NOFS|FGP_NOWAIT,
+- mapping_gfp_mask(mapping),
+- GFP_NOFS);
++ mapping_gfp_mask(mapping));
+ }
+
+ struct page *find_get_entry(struct address_space *mapping, pgoff_t offset);
+--- a/mm/filemap.c
++++ b/mm/filemap.c
+@@ -1046,8 +1046,7 @@ EXPORT_SYMBOL(find_lock_entry);
+ * @mapping: the address_space to search
+ * @offset: the page index
+ * @fgp_flags: PCG flags
+- * @cache_gfp_mask: gfp mask to use for the page cache data page allocation
+- * @radix_gfp_mask: gfp mask to use for radix tree node allocation
++ * @gfp_mask: gfp mask to use for the page cache data page allocation
+ *
+ * Looks up the page cache slot at @mapping & @offset.
+ *
+@@ -1056,11 +1055,9 @@ EXPORT_SYMBOL(find_lock_entry);
+ * FGP_ACCESSED: the page will be marked accessed
+ * FGP_LOCK: Page is return locked
+ * FGP_CREAT: If page is not present then a new page is allocated using
+- * @cache_gfp_mask and added to the page cache and the VM's LRU
+- * list. If radix tree nodes are allocated during page cache
+- * insertion then @radix_gfp_mask is used. The page is returned
+- * locked and with an increased refcount. Otherwise, %NULL is
+- * returned.
++ * @gfp_mask and added to the page cache and the VM's LRU
++ * list. The page is returned locked and with an increased
++ * refcount. Otherwise, %NULL is returned.
+ *
+ * If FGP_LOCK or FGP_CREAT are specified then the function may sleep even
+ * if the GFP flags specified for FGP_CREAT are atomic.
+@@ -1068,7 +1065,7 @@ EXPORT_SYMBOL(find_lock_entry);
+ * If there is a page cache page, it is returned with an increased refcount.
+ */
+ struct page *pagecache_get_page(struct address_space *mapping, pgoff_t offset,
+- int fgp_flags, gfp_t cache_gfp_mask, gfp_t radix_gfp_mask)
++ int fgp_flags, gfp_t gfp_mask)
+ {
+ struct page *page;
+
+@@ -1105,13 +1102,11 @@ no_page:
+ if (!page && (fgp_flags & FGP_CREAT)) {
+ int err;
+ if ((fgp_flags & FGP_WRITE) && mapping_cap_account_dirty(mapping))
+- cache_gfp_mask |= __GFP_WRITE;
+- if (fgp_flags & FGP_NOFS) {
+- cache_gfp_mask &= ~__GFP_FS;
+- radix_gfp_mask &= ~__GFP_FS;
+- }
++ gfp_mask |= __GFP_WRITE;
++ if (fgp_flags & FGP_NOFS)
++ gfp_mask &= ~__GFP_FS;
+
+- page = __page_cache_alloc(cache_gfp_mask);
++ page = __page_cache_alloc(gfp_mask);
+ if (!page)
+ return NULL;
+
+@@ -1122,7 +1117,8 @@ no_page:
+ if (fgp_flags & FGP_ACCESSED)
+ __SetPageReferenced(page);
+
+- err = add_to_page_cache_lru(page, mapping, offset, radix_gfp_mask);
++ err = add_to_page_cache_lru(page, mapping, offset,
++ gfp_mask & GFP_RECLAIM_MASK);
+ if (unlikely(err)) {
+ page_cache_release(page);
+ page = NULL;
+@@ -2443,8 +2439,7 @@ struct page *grab_cache_page_write_begin
+ fgp_flags |= FGP_NOFS;
+
+ page = pagecache_get_page(mapping, index, fgp_flags,
+- mapping_gfp_mask(mapping),
+- GFP_KERNEL);
++ mapping_gfp_mask(mapping));
+ if (page)
+ wait_for_stable_page(page);
+
--- /dev/null
+From 8ca3f5e974f2b4b7f711589f4abff920db36637a Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Tue, 25 Nov 2014 00:14:47 +0100
+Subject: netfilter: conntrack: fix race between confirmation and flush
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 8ca3f5e974f2b4b7f711589f4abff920db36637a upstream.
+
+Commit 5195c14c8b27c ("netfilter: conntrack: fix race in
+__nf_conntrack_confirm against get_next_corpse") aimed to resolve the
+race condition between the confirmation (packet path) and the flush
+command (from control plane). However, it introduced a crash when
+several packets race to add a new conntrack, which seems easier to
+reproduce when nf_queue is in place.
+
+Fix this race, in __nf_conntrack_confirm(), by removing the CT
+from unconfirmed list before checking the DYING bit. In case
+race occured, re-add the CT to the dying list
+
+This patch also changes the verdict from NF_ACCEPT to NF_DROP when
+we lose race. Basically, the confirmation happens for the first packet
+that we see in a flow. If you just invoked conntrack -F once (which
+should be the common case), then this is likely to be the first packet
+of the flow (unless you already called flush anytime soon in the past).
+This should be hard to trigger, but better drop this packet, otherwise
+we leave things in inconsistent state since the destination will likely
+reply to this packet, but it will find no conntrack, unless the origin
+retransmits.
+
+The change of the verdict has been discussed in:
+https://www.marc.info/?l=linux-netdev&m=141588039530056&w=2
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_conntrack_core.c | 22 ++++++++++------------
+ 1 file changed, 10 insertions(+), 12 deletions(-)
+
+--- a/net/netfilter/nf_conntrack_core.c
++++ b/net/netfilter/nf_conntrack_core.c
+@@ -611,16 +611,15 @@ __nf_conntrack_confirm(struct sk_buff *s
+ */
+ NF_CT_ASSERT(!nf_ct_is_confirmed(ct));
+ pr_debug("Confirming conntrack %p\n", ct);
+- /* We have to check the DYING flag inside the lock to prevent
+- a race against nf_ct_get_next_corpse() possibly called from
+- user context, else we insert an already 'dead' hash, blocking
+- further use of that particular connection -JM */
+-
+- if (unlikely(nf_ct_is_dying(ct))) {
+- nf_conntrack_double_unlock(hash, reply_hash);
+- local_bh_enable();
+- return NF_ACCEPT;
+- }
++ /* We have to check the DYING flag after unlink to prevent
++ * a race against nf_ct_get_next_corpse() possibly called from
++ * user context, else we insert an already 'dead' hash, blocking
++ * further use of that particular connection -JM.
++ */
++ nf_ct_del_from_dying_or_unconfirmed_list(ct);
++
++ if (unlikely(nf_ct_is_dying(ct)))
++ goto out;
+
+ /* See if there's one in the list already, including reverse:
+ NAT could have grabbed it without realizing, since we're
+@@ -636,8 +635,6 @@ __nf_conntrack_confirm(struct sk_buff *s
+ zone == nf_ct_zone(nf_ct_tuplehash_to_ctrack(h)))
+ goto out;
+
+- nf_ct_del_from_dying_or_unconfirmed_list(ct);
+-
+ /* Timer relative to confirmation time, not original
+ setting time, otherwise we'd get timer wrap in
+ weird delay cases. */
+@@ -673,6 +670,7 @@ __nf_conntrack_confirm(struct sk_buff *s
+ return NF_ACCEPT;
+
+ out:
++ nf_ct_add_to_dying_list(ct);
+ nf_conntrack_double_unlock(hash, reply_hash);
+ NF_CT_STAT_INC(net, insert_failed);
+ local_bh_enable();
--- /dev/null
+From a2f18db0c68fec96631c10cad9384c196e9008ac Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Sun, 4 Jan 2015 15:14:22 +0100
+Subject: netfilter: nf_tables: fix flush ruleset chain dependencies
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit a2f18db0c68fec96631c10cad9384c196e9008ac upstream.
+
+Jumping between chains doesn't mix well with flush ruleset. Rules
+from a different chain and set elements may still refer to us.
+
+[ 353.373791] ------------[ cut here ]------------
+[ 353.373845] kernel BUG at net/netfilter/nf_tables_api.c:1159!
+[ 353.373896] invalid opcode: 0000 [#1] SMP
+[ 353.373942] Modules linked in: intel_powerclamp uas iwldvm iwlwifi
+[ 353.374017] CPU: 0 PID: 6445 Comm: 31c3.nft Not tainted 3.18.0 #98
+[ 353.374069] Hardware name: LENOVO 5129CTO/5129CTO, BIOS 6QET47WW (1.17 ) 07/14/2010
+[...]
+[ 353.375018] Call Trace:
+[ 353.375046] [<ffffffff81964c31>] ? nf_tables_commit+0x381/0x540
+[ 353.375101] [<ffffffff81949118>] nfnetlink_rcv+0x3d8/0x4b0
+[ 353.375150] [<ffffffff81943fc5>] netlink_unicast+0x105/0x1a0
+[ 353.375200] [<ffffffff8194438e>] netlink_sendmsg+0x32e/0x790
+[ 353.375253] [<ffffffff818f398e>] sock_sendmsg+0x8e/0xc0
+[ 353.375300] [<ffffffff818f36b9>] ? move_addr_to_kernel.part.20+0x19/0x70
+[ 353.375357] [<ffffffff818f44f9>] ? move_addr_to_kernel+0x19/0x30
+[ 353.375410] [<ffffffff819016d2>] ? verify_iovec+0x42/0xd0
+[ 353.375459] [<ffffffff818f3e10>] ___sys_sendmsg+0x3f0/0x400
+[ 353.375510] [<ffffffff810615fa>] ? native_sched_clock+0x2a/0x90
+[ 353.375563] [<ffffffff81176697>] ? acct_account_cputime+0x17/0x20
+[ 353.375616] [<ffffffff8110dc78>] ? account_user_time+0x88/0xa0
+[ 353.375667] [<ffffffff818f4bbd>] __sys_sendmsg+0x3d/0x80
+[ 353.375719] [<ffffffff81b184f4>] ? int_check_syscall_exit_work+0x34/0x3d
+[ 353.375776] [<ffffffff818f4c0d>] SyS_sendmsg+0xd/0x20
+[ 353.375823] [<ffffffff81b1826d>] system_call_fastpath+0x16/0x1b
+
+Release objects in this order: rules -> sets -> chains -> tables, to
+make sure no references to chains are held anymore.
+
+Reported-by: Asbjoern Sloth Toennesen <asbjorn@asbjorn.biz>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_tables_api.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -713,16 +713,12 @@ static int nft_flush_table(struct nft_ct
+ struct nft_chain *chain, *nc;
+ struct nft_set *set, *ns;
+
+- list_for_each_entry_safe(chain, nc, &ctx->table->chains, list) {
++ list_for_each_entry(chain, &ctx->table->chains, list) {
+ ctx->chain = chain;
+
+ err = nft_delrule_by_chain(ctx);
+ if (err < 0)
+ goto out;
+-
+- err = nft_delchain(ctx);
+- if (err < 0)
+- goto out;
+ }
+
+ list_for_each_entry_safe(set, ns, &ctx->table->sets, list) {
+@@ -734,6 +730,14 @@ static int nft_flush_table(struct nft_ct
+ if (err < 0)
+ goto out;
+ }
++
++ list_for_each_entry_safe(chain, nc, &ctx->table->chains, list) {
++ ctx->chain = chain;
++
++ err = nft_delchain(ctx);
++ if (err < 0)
++ goto out;
++ }
+
+ err = nft_deltable(ctx);
+ out:
--- /dev/null
+From 62924af247e95de7041a6d6f2d06cdd05152e2dc Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Sun, 4 Jan 2015 15:20:41 +0100
+Subject: netfilter: nfnetlink: relax strict multicast group check from netlink_bind
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 62924af247e95de7041a6d6f2d06cdd05152e2dc upstream.
+
+Relax the checking that was introduced in 97840cb ("netfilter:
+nfnetlink: fix insufficient validation in nfnetlink_bind") when the
+subscription bitmask is used. Existing userspace code code may request
+to listen to all of the existing netlink groups by setting an all to one
+subscription group bitmask. Netlink already validates subscription via
+setsockopt() for us.
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nfnetlink.c
++++ b/net/netfilter/nfnetlink.c
+@@ -470,7 +470,7 @@ static int nfnetlink_bind(int group)
+ int type;
+
+ if (group <= NFNLGRP_NONE || group > NFNLGRP_MAX)
+- return -EINVAL;
++ return 0;
+
+ type = nfnl_group2type[group];
+
--- /dev/null
+From 9ea2aa8b7dba9e99544c4187cc298face254569f Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Sun, 4 Jan 2015 15:20:29 +0100
+Subject: netfilter: nfnetlink: validate nfnetlink header from batch
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 9ea2aa8b7dba9e99544c4187cc298face254569f upstream.
+
+Make sure there is enough room for the nfnetlink header in the
+netlink messages that are part of the batch. There is a similar
+check in netlink_rcv_skb().
+
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nfnetlink.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/netfilter/nfnetlink.c
++++ b/net/netfilter/nfnetlink.c
+@@ -321,7 +321,8 @@ replay:
+ nlh = nlmsg_hdr(skb);
+ err = 0;
+
+- if (nlh->nlmsg_len < NLMSG_HDRLEN) {
++ if (nlmsg_len(nlh) < sizeof(struct nfgenmsg) ||
++ skb->len < nlh->nlmsg_len) {
+ err = -EINVAL;
+ goto ack;
+ }
--- /dev/null
+From dbdd74763f1faf799fbb9ed30423182e92919378 Mon Sep 17 00:00:00 2001
+From: David Vrabel <david.vrabel@citrix.com>
+Date: Wed, 10 Dec 2014 14:48:43 +0000
+Subject: Revert "swiotlb-xen: pass dev_addr to swiotlb_tbl_unmap_single"
+
+From: David Vrabel <david.vrabel@citrix.com>
+
+commit dbdd74763f1faf799fbb9ed30423182e92919378 upstream.
+
+This reverts commit 2c3fc8d26dd09b9d7069687eead849ee81c78e46.
+
+This commit broke on x86 PV because entries in the generic SWIOTLB are
+indexed using (pseudo-)physical address not DMA address and these are
+not the same in a x86 PV guest.
+
+Signed-off-by: David Vrabel <david.vrabel@citrix.com>
+Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/xen/swiotlb-xen.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/xen/swiotlb-xen.c
++++ b/drivers/xen/swiotlb-xen.c
+@@ -449,7 +449,7 @@ static void xen_unmap_single(struct devi
+
+ /* NOTE: We use dev_addr here, not paddr! */
+ if (is_xen_swiotlb_buffer(dev_addr)) {
+- swiotlb_tbl_unmap_single(hwdev, dev_addr, size, dir);
++ swiotlb_tbl_unmap_single(hwdev, paddr, size, dir);
+ return;
+ }
+
sata_dwc_460ex-fix-resource-leak-on-error-path.patch
ahci_xgene-fix-the-endianess-issue-in-apm-x-gene-soc-ahci-sata-controller-driver.patch
keys-close-race-between-key-lookup-and-freeing.patch
+mm-get-rid-of-radix-tree-gfp-mask-for-pagecache_get_page.patch
+netfilter-nfnetlink-validate-nfnetlink-header-from-batch.patch
+netfilter-nf_tables-fix-flush-ruleset-chain-dependencies.patch
+netfilter-nfnetlink-relax-strict-multicast-group-check-from-netlink_bind.patch
+netfilter-conntrack-fix-race-between-confirmation-and-flush.patch
+ipvs-uninitialized-data-with-ip_vs_ipv6.patch
+revert-swiotlb-xen-pass-dev_addr-to-swiotlb_tbl_unmap_single.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
