--- /dev/null
+From 8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 Mon Sep 17 00:00:00 2001
+From: Scott Bauer <scott.bauer@intel.com>
+Date: Thu, 26 Apr 2018 11:51:08 -0600
+Subject: cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
+
+From: Scott Bauer <scott.bauer@intel.com>
+
+commit 8f3fafc9c2f0ece10832c25f7ffcb07c97a32ad4 upstream.
+
+Like d88b6d04: "cdrom: information leak in cdrom_ioctl_media_changed()"
+
+There is another cast from unsigned long to int which causes
+a bounds check to fail with specially crafted input. The value is
+then used as an index in the slot array in cdrom_slot_status().
+
+Signed-off-by: Scott Bauer <scott.bauer@intel.com>
+Signed-off-by: Scott Bauer <sbauer@plzdonthack.me>
+Cc: stable@vger.kernel.org
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/cdrom/cdrom.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/cdrom/cdrom.c
++++ b/drivers/cdrom/cdrom.c
+@@ -2536,7 +2536,7 @@ static int cdrom_ioctl_drive_status(stru
+ if (!CDROM_CAN(CDC_SELECT_DISC) ||
+ (arg == CDSL_CURRENT || arg == CDSL_NONE))
+ return cdi->ops->drive_status(cdi, CDSL_CURRENT);
+- if (((int)arg >= cdi->capacity))
++ if (arg >= cdi->capacity)
+ return -EINVAL;
+ return cdrom_slot_status(cdi, arg);
+ }
--- /dev/null
+From a64ad008980c65d38e6cf6858429c78e6b740c41 Mon Sep 17 00:00:00 2001
+From: Alberto Panizzo <alberto@amarulasolutions.com>
+Date: Fri, 6 Jul 2018 15:18:51 +0200
+Subject: clk: rockchip: fix clk_i2sout parent selection bits on rk3399
+
+From: Alberto Panizzo <alberto@amarulasolutions.com>
+
+commit a64ad008980c65d38e6cf6858429c78e6b740c41 upstream.
+
+Register, shift and mask were wrong according to datasheet.
+
+Fixes: 115510053e5e ("clk: rockchip: add clock controller for the RK3399")
+Cc: stable@vger.kernel.org
+Signed-off-by: Alberto Panizzo <alberto@amarulasolutions.com>
+Signed-off-by: Anthony Brandon <anthony@amarulasolutions.com>
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/clk/rockchip/clk-rk3399.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/clk/rockchip/clk-rk3399.c
++++ b/drivers/clk/rockchip/clk-rk3399.c
+@@ -629,7 +629,7 @@ static struct rockchip_clk_branch rk3399
+ MUX(0, "clk_i2sout_src", mux_i2sch_p, CLK_SET_RATE_PARENT,
+ RK3399_CLKSEL_CON(31), 0, 2, MFLAGS),
+ COMPOSITE_NODIV(SCLK_I2S_8CH_OUT, "clk_i2sout", mux_i2sout_p, CLK_SET_RATE_PARENT,
+- RK3399_CLKSEL_CON(30), 8, 2, MFLAGS,
++ RK3399_CLKSEL_CON(31), 2, 1, MFLAGS,
+ RK3399_CLKGATE_CON(8), 12, GFLAGS),
+
+ /* uart */
--- /dev/null
+From 26abc916a898d34c5ad159315a2f683def3c5555 Mon Sep 17 00:00:00 2001
+From: Mike Christie <mchristi@redhat.com>
+Date: Thu, 26 Jul 2018 12:13:49 -0500
+Subject: iscsi target: fix session creation failure handling
+
+From: Mike Christie <mchristi@redhat.com>
+
+commit 26abc916a898d34c5ad159315a2f683def3c5555 upstream.
+
+The problem is that iscsi_login_zero_tsih_s1 sets conn->sess early in
+iscsi_login_set_conn_values. If the function fails later like when we
+alloc the idr it does kfree(sess) and leaves the conn->sess pointer set.
+iscsi_login_zero_tsih_s1 then returns -Exyz and we then call
+iscsi_target_login_sess_out and access the freed memory.
+
+This patch has iscsi_login_zero_tsih_s1 either completely setup the
+session or completely tear it down, so later in
+iscsi_target_login_sess_out we can just check for it being set to the
+connection.
+
+Cc: stable@vger.kernel.org
+Fixes: 0957627a9960 ("iscsi-target: Fix sess allocation leak in...")
+Signed-off-by: Mike Christie <mchristi@redhat.com>
+Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Matthew Wilcox <willy@infradead.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/iscsi/iscsi_target_login.c | 35 ++++++++++++++++++------------
+ 1 file changed, 21 insertions(+), 14 deletions(-)
+
+--- a/drivers/target/iscsi/iscsi_target_login.c
++++ b/drivers/target/iscsi/iscsi_target_login.c
+@@ -333,8 +333,7 @@ static int iscsi_login_zero_tsih_s1(
+ pr_err("idr_alloc() for sess_idr failed\n");
+ iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
+ ISCSI_LOGIN_STATUS_NO_RESOURCES);
+- kfree(sess);
+- return -ENOMEM;
++ goto free_sess;
+ }
+
+ sess->creation_time = get_jiffies_64();
+@@ -350,20 +349,28 @@ static int iscsi_login_zero_tsih_s1(
+ ISCSI_LOGIN_STATUS_NO_RESOURCES);
+ pr_err("Unable to allocate memory for"
+ " struct iscsi_sess_ops.\n");
+- kfree(sess);
+- return -ENOMEM;
++ goto remove_idr;
+ }
+
+ sess->se_sess = transport_init_session(TARGET_PROT_NORMAL);
+ if (IS_ERR(sess->se_sess)) {
+ iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR,
+ ISCSI_LOGIN_STATUS_NO_RESOURCES);
+- kfree(sess->sess_ops);
+- kfree(sess);
+- return -ENOMEM;
++ goto free_ops;
+ }
+
+ return 0;
++
++free_ops:
++ kfree(sess->sess_ops);
++remove_idr:
++ spin_lock_bh(&sess_idr_lock);
++ idr_remove(&sess_idr, sess->session_index);
++ spin_unlock_bh(&sess_idr_lock);
++free_sess:
++ kfree(sess);
++ conn->sess = NULL;
++ return -ENOMEM;
+ }
+
+ static int iscsi_login_zero_tsih_s2(
+@@ -1152,13 +1159,13 @@ void iscsi_target_login_sess_out(struct
+ ISCSI_LOGIN_STATUS_INIT_ERR);
+ if (!zero_tsih || !conn->sess)
+ goto old_sess_out;
+- if (conn->sess->se_sess)
+- transport_free_session(conn->sess->se_sess);
+- if (conn->sess->session_index != 0) {
+- spin_lock_bh(&sess_idr_lock);
+- idr_remove(&sess_idr, conn->sess->session_index);
+- spin_unlock_bh(&sess_idr_lock);
+- }
++
++ transport_free_session(conn->sess->se_sess);
++
++ spin_lock_bh(&sess_idr_lock);
++ idr_remove(&sess_idr, conn->sess->session_index);
++ spin_unlock_bh(&sess_idr_lock);
++
+ kfree(conn->sess->sess_ops);
+ kfree(conn->sess);
+ conn->sess = NULL;
--- /dev/null
+From f2a3ab36077222437b4826fc76111caa14562b7c Mon Sep 17 00:00:00 2001
+From: Masami Hiramatsu <mhiramat@kernel.org>
+Date: Sat, 28 Apr 2018 21:35:01 +0900
+Subject: kprobes: Make list and blacklist root user read only
+
+From: Masami Hiramatsu <mhiramat@kernel.org>
+
+commit f2a3ab36077222437b4826fc76111caa14562b7c upstream.
+
+Since the blacklist and list files on debugfs indicates
+a sensitive address information to reader, it should be
+restricted to the root user.
+
+Suggested-by: Thomas Richter <tmricht@linux.ibm.com>
+Suggested-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
+Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Cc: David Howells <dhowells@redhat.com>
+Cc: David S . Miller <davem@davemloft.net>
+Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
+Cc: Jon Medhurst <tixy@linaro.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Tobin C . Harding <me@tobin.cc>
+Cc: Will Deacon <will.deacon@arm.com>
+Cc: acme@kernel.org
+Cc: akpm@linux-foundation.org
+Cc: brueckner@linux.vnet.ibm.com
+Cc: linux-arch@vger.kernel.org
+Cc: rostedt@goodmis.org
+Cc: schwidefsky@de.ibm.com
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/lkml/152491890171.9916.5183693615601334087.stgit@devbox
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/kprobes.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/kprobes.c
++++ b/kernel/kprobes.c
+@@ -2441,7 +2441,7 @@ static int __init debugfs_kprobe_init(vo
+ if (!dir)
+ return -ENOMEM;
+
+- file = debugfs_create_file("list", 0444, dir, NULL,
++ file = debugfs_create_file("list", 0400, dir, NULL,
+ &debugfs_kprobes_operations);
+ if (!file)
+ goto error;
+@@ -2451,7 +2451,7 @@ static int __init debugfs_kprobe_init(vo
+ if (!file)
+ goto error;
+
+- file = debugfs_create_file("blacklist", 0444, dir, NULL,
++ file = debugfs_create_file("blacklist", 0400, dir, NULL,
+ &debugfs_kprobe_blacklist_ops);
+ if (!file)
+ goto error;
--- /dev/null
+From f5958b4cf4fc38ed4583ab83fb7c4cd1ab05f47b Mon Sep 17 00:00:00 2001
+From: "Maciej W. Rozycki" <macro@mips.com>
+Date: Tue, 15 May 2018 23:33:26 +0100
+Subject: MIPS: Correct the 64-bit DSP accumulator register size
+
+From: Maciej W. Rozycki <macro@mips.com>
+
+commit f5958b4cf4fc38ed4583ab83fb7c4cd1ab05f47b upstream.
+
+Use the `unsigned long' rather than `__u32' type for DSP accumulator
+registers, like with the regular MIPS multiply/divide accumulator and
+general-purpose registers, as all are 64-bit in 64-bit implementations
+and using a 32-bit data type leads to contents truncation on context
+saving.
+
+Update `arch_ptrace' and `compat_arch_ptrace' accordingly, removing
+casts that are similarly not used with multiply/divide accumulator or
+general-purpose register accesses.
+
+Signed-off-by: Maciej W. Rozycki <macro@mips.com>
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Fixes: e50c0a8fa60d ("Support the MIPS32 / MIPS64 DSP ASE.")
+Patchwork: https://patchwork.linux-mips.org/patch/19329/
+Cc: Alexander Viro <viro@zeniv.linux.org.uk>
+Cc: James Hogan <jhogan@kernel.org>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: linux-fsdevel@vger.kernel.org
+Cc: linux-mips@linux-mips.org
+Cc: linux-kernel@vger.kernel.org
+Cc: stable@vger.kernel.org # 2.6.15+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/processor.h | 2 +-
+ arch/mips/kernel/ptrace.c | 2 +-
+ arch/mips/kernel/ptrace32.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/mips/include/asm/processor.h
++++ b/arch/mips/include/asm/processor.h
+@@ -141,7 +141,7 @@ struct mips_fpu_struct {
+
+ #define NUM_DSP_REGS 6
+
+-typedef __u32 dspreg_t;
++typedef unsigned long dspreg_t;
+
+ struct mips_dsp_state {
+ dspreg_t dspr[NUM_DSP_REGS];
+--- a/arch/mips/kernel/ptrace.c
++++ b/arch/mips/kernel/ptrace.c
+@@ -876,7 +876,7 @@ long arch_ptrace(struct task_struct *chi
+ goto out;
+ }
+ dregs = __get_dsp_regs(child);
+- tmp = (unsigned long) (dregs[addr - DSP_BASE]);
++ tmp = dregs[addr - DSP_BASE];
+ break;
+ }
+ case DSP_CONTROL:
+--- a/arch/mips/kernel/ptrace32.c
++++ b/arch/mips/kernel/ptrace32.c
+@@ -140,7 +140,7 @@ long compat_arch_ptrace(struct task_stru
+ goto out;
+ }
+ dregs = __get_dsp_regs(child);
+- tmp = (unsigned long) (dregs[addr - DSP_BASE]);
++ tmp = dregs[addr - DSP_BASE];
+ break;
+ }
+ case DSP_CONTROL:
--- /dev/null
+From 690d9163bf4b8563a2682e619f938e6a0443947f Mon Sep 17 00:00:00 2001
+From: Paul Burton <paul.burton@mips.com>
+Date: Tue, 21 Aug 2018 12:12:59 -0700
+Subject: MIPS: lib: Provide MIPS64r6 __multi3() for GCC < 7
+
+From: Paul Burton <paul.burton@mips.com>
+
+commit 690d9163bf4b8563a2682e619f938e6a0443947f upstream.
+
+Some versions of GCC suboptimally generate calls to the __multi3()
+intrinsic for MIPS64r6 builds, resulting in link failures due to the
+missing function:
+
+ LD vmlinux.o
+ MODPOST vmlinux.o
+ kernel/bpf/verifier.o: In function `kmalloc_array':
+ include/linux/slab.h:631: undefined reference to `__multi3'
+ fs/select.o: In function `kmalloc_array':
+ include/linux/slab.h:631: undefined reference to `__multi3'
+ ...
+
+We already have a workaround for this in which we provide the
+instrinsic, but we do so selectively for GCC 7 only. Unfortunately the
+issue occurs with older GCC versions too - it has been observed with
+both GCC 5.4.0 & GCC 6.4.0.
+
+MIPSr6 support was introduced in GCC 5, so all major GCC versions prior
+to GCC 8 are affected and we extend our workaround accordingly to all
+MIPS64r6 builds using GCC versions older than GCC 8.
+
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Reported-by: Vladimir Kondratiev <vladimir.kondratiev@intel.com>
+Fixes: ebabcf17bcd7 ("MIPS: Implement __multi3 for GCC7 MIPS64r6 builds")
+Patchwork: https://patchwork.linux-mips.org/patch/20297/
+Cc: James Hogan <jhogan@kernel.org>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: linux-mips@linux-mips.org
+Cc: stable@vger.kernel.org # 4.15+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/lib/multi3.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/mips/lib/multi3.c
++++ b/arch/mips/lib/multi3.c
+@@ -4,12 +4,12 @@
+ #include "libgcc.h"
+
+ /*
+- * GCC 7 suboptimally generates __multi3 calls for mips64r6, so for that
+- * specific case only we'll implement it here.
++ * GCC 7 & older can suboptimally generate __multi3 calls for mips64r6, so for
++ * that specific case only we implement that intrinsic here.
+ *
+ * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82981
+ */
+-#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ == 7)
++#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ < 8)
+
+ /* multiply 64-bit values, low 64-bits returned */
+ static inline long long notrace dmulu(long long a, long long b)
--- /dev/null
+From 5e2e2f9f76e157063a656351728703cb02b068f1 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Thu, 23 Aug 2018 16:59:25 +0300
+Subject: PM / clk: signedness bug in of_pm_clk_add_clks()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 5e2e2f9f76e157063a656351728703cb02b068f1 upstream.
+
+"count" needs to be signed for the error handling to work. I made "i"
+signed as well so they match.
+
+Fixes: 02113ba93ea4 (PM / clk: Add support for obtaining clocks from device-tree)
+Cc: 4.6+ <stable@vger.kernel.org> # 4.6+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/power/clock_ops.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/base/power/clock_ops.c
++++ b/drivers/base/power/clock_ops.c
+@@ -185,7 +185,7 @@ EXPORT_SYMBOL_GPL(of_pm_clk_add_clk);
+ int of_pm_clk_add_clks(struct device *dev)
+ {
+ struct clk **clks;
+- unsigned int i, count;
++ int i, count;
+ int ret;
+
+ if (!dev || !dev->of_node)
--- /dev/null
+From a427503edaaed9b75ed9746a654cece7e93e60a8 Mon Sep 17 00:00:00 2001
+From: "H. Nikolaus Schaller" <hns@goldelico.com>
+Date: Tue, 26 Jun 2018 15:28:30 +0200
+Subject: power: generic-adc-battery: check for duplicate properties copied from iio channels
+
+From: H. Nikolaus Schaller <hns@goldelico.com>
+
+commit a427503edaaed9b75ed9746a654cece7e93e60a8 upstream.
+
+If an iio channel defines a basic property, there are duplicate entries
+in /sys/class/power/*/uevent.
+
+So add a check to avoid duplicates. Since all channels may be duplicates,
+we have to modify the related error check.
+
+Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
+Cc: stable@vger.kernel.org
+Fixes: e60fea794e6e ("power: battery: Generic battery driver using IIO")
+Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/power/supply/generic-adc-battery.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+--- a/drivers/power/supply/generic-adc-battery.c
++++ b/drivers/power/supply/generic-adc-battery.c
+@@ -246,6 +246,7 @@ static int gab_probe(struct platform_dev
+ int ret = 0;
+ int chan;
+ int index = ARRAY_SIZE(gab_props);
++ bool any = false;
+
+ adc_bat = devm_kzalloc(&pdev->dev, sizeof(*adc_bat), GFP_KERNEL);
+ if (!adc_bat) {
+@@ -292,12 +293,22 @@ static int gab_probe(struct platform_dev
+ adc_bat->channel[chan] = NULL;
+ } else {
+ /* copying properties for supported channels only */
+- psy_desc->properties[index++] = gab_dyn_props[chan];
++ int index2;
++
++ for (index2 = 0; index2 < index; index2++) {
++ if (psy_desc->properties[index2] ==
++ gab_dyn_props[chan])
++ break; /* already known */
++ }
++ if (index2 == index) /* really new */
++ psy_desc->properties[index++] =
++ gab_dyn_props[chan];
++ any = true;
+ }
+ }
+
+ /* none of the channels are supported so let's bail out */
+- if (index == ARRAY_SIZE(gab_props)) {
++ if (!any) {
+ ret = -ENODEV;
+ goto second_mem_fail;
+ }
--- /dev/null
+From 932d47448c3caa0fa99e84d7f5bc302aa286efd8 Mon Sep 17 00:00:00 2001
+From: "H. Nikolaus Schaller" <hns@goldelico.com>
+Date: Tue, 26 Jun 2018 15:28:29 +0200
+Subject: power: generic-adc-battery: fix out-of-bounds write when copying channel properties
+
+From: H. Nikolaus Schaller <hns@goldelico.com>
+
+commit 932d47448c3caa0fa99e84d7f5bc302aa286efd8 upstream.
+
+We did have sporadic problems in the pinctrl framework during boot
+where a pin group name unexpectedly became NULL leading to a NULL
+dereference in strcmp.
+
+Detailled analysis of the failing cases did reveal that there were
+two devm allocated objects close to each other. The second one was
+the affected group_desc in pinmux and the first one was the
+psy_desc->properties buffer of the gab driver.
+
+Review of the gab code showed that the address calculation for
+one memcpy() is wrong. It does
+
+ properties + sizeof(type) * index
+
+but C is defined to do the index multiplication already for
+pointer + integer additions. Hence the factor was applied twice
+and the memcpy() does write outside of the properties buffer.
+Sometimes it happened to be the pinctrl and triggered the strcmp(NULL).
+
+Anyways, it is overkill to use a memcpy() here instead of a simple
+assignment, which is easier to read and has less risk for wrong
+address calculations. So we change code to a simple assignment.
+
+If we initialize the index to the first free location, we can even
+remove the local variable 'properties'.
+
+This bug seems to exist right from the beginning in 3.7-rc1 in
+
+commit e60fea794e6e ("power: battery: Generic battery driver using IIO")
+
+Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
+Cc: stable@vger.kernel.org
+Fixes: e60fea794e6e ("power: battery: Generic battery driver using IIO")
+Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.co.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/power/supply/generic-adc-battery.c | 14 ++++----------
+ 1 file changed, 4 insertions(+), 10 deletions(-)
+
+--- a/drivers/power/supply/generic-adc-battery.c
++++ b/drivers/power/supply/generic-adc-battery.c
+@@ -243,10 +243,9 @@ static int gab_probe(struct platform_dev
+ struct power_supply_desc *psy_desc;
+ struct power_supply_config psy_cfg = {};
+ struct gab_platform_data *pdata = pdev->dev.platform_data;
+- enum power_supply_property *properties;
+ int ret = 0;
+ int chan;
+- int index = 0;
++ int index = ARRAY_SIZE(gab_props);
+
+ adc_bat = devm_kzalloc(&pdev->dev, sizeof(*adc_bat), GFP_KERNEL);
+ if (!adc_bat) {
+@@ -280,8 +279,6 @@ static int gab_probe(struct platform_dev
+ }
+
+ memcpy(psy_desc->properties, gab_props, sizeof(gab_props));
+- properties = (enum power_supply_property *)
+- ((char *)psy_desc->properties + sizeof(gab_props));
+
+ /*
+ * getting channel from iio and copying the battery properties
+@@ -295,15 +292,12 @@ static int gab_probe(struct platform_dev
+ adc_bat->channel[chan] = NULL;
+ } else {
+ /* copying properties for supported channels only */
+- memcpy(properties + sizeof(*(psy_desc->properties)) * index,
+- &gab_dyn_props[chan],
+- sizeof(gab_dyn_props[chan]));
+- index++;
++ psy_desc->properties[index++] = gab_dyn_props[chan];
+ }
+ }
+
+ /* none of the channels are supported so let's bail out */
+- if (index == 0) {
++ if (index == ARRAY_SIZE(gab_props)) {
+ ret = -ENODEV;
+ goto second_mem_fail;
+ }
+@@ -314,7 +308,7 @@ static int gab_probe(struct platform_dev
+ * as come channels may be not be supported by the device.So
+ * we need to take care of that.
+ */
+- psy_desc->num_properties = ARRAY_SIZE(gab_props) + index;
++ psy_desc->num_properties = index;
+
+ adc_bat->psy = power_supply_register(&pdev->dev, psy_desc, &psy_cfg);
+ if (IS_ERR(adc_bat->psy)) {
--- /dev/null
+From 26f843848bae973817b3587780ce6b7b0200d3e4 Mon Sep 17 00:00:00 2001
+From: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Date: Mon, 6 Aug 2018 14:26:39 +0200
+Subject: s390: fix br_r1_trampoline for machines without exrl
+
+From: Martin Schwidefsky <schwidefsky@de.ibm.com>
+
+commit 26f843848bae973817b3587780ce6b7b0200d3e4 upstream.
+
+For machines without the exrl instruction the BFP jit generates
+code that uses an "br %r1" instruction located in the lowcore page.
+Unfortunately there is a cut & paste error that puts an additional
+"larl %r1,.+14" instruction in the code that clobbers the branch
+target address in %r1. Remove the larl instruction.
+
+Cc: <stable@vger.kernel.org> # v4.17+
+Fixes: de5cb6eb51 ("s390: use expoline thunks in the BPF JIT")
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/net/bpf_jit_comp.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/arch/s390/net/bpf_jit_comp.c
++++ b/arch/s390/net/bpf_jit_comp.c
+@@ -517,8 +517,6 @@ static void bpf_jit_epilogue(struct bpf_
+ /* br %r1 */
+ _EMIT2(0x07f1);
+ } else {
+- /* larl %r1,.+14 */
+- EMIT6_PCREL_RILB(0xc0000000, REG_1, jit->prg + 14);
+ /* ex 0,S390_lowcore.br_r1_tampoline */
+ EMIT4_DISP(0x44000000, REG_0, REG_0,
+ offsetof(struct lowcore, br_r1_trampoline));
--- /dev/null
+From fb7d7518b0d65955f91c7b875c36eae7694c69bd Mon Sep 17 00:00:00 2001
+From: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Date: Tue, 31 Jul 2018 16:14:18 +0200
+Subject: s390/numa: move initial setup of node_to_cpumask_map
+
+From: Martin Schwidefsky <schwidefsky@de.ibm.com>
+
+commit fb7d7518b0d65955f91c7b875c36eae7694c69bd upstream.
+
+The numa_init_early initcall sets the node_to_cpumask_map[0] to the
+full cpu_possible_mask. Unfortunately this early_initcall is too late,
+the NUMA setup for numa=emu is done even earlier. The order of calls
+is numa_setup() -> emu_update_cpu_topology(), then the early_initcalls(),
+followed by sched_init_domains().
+
+Starting with git commit 051f3ca02e46432c0965e8948f00c07d8a2f09c0
+"sched/topology: Introduce NUMA identity node sched domain"
+the incorrect node_to_cpumask_map[0] really screws up the domain
+setup and the kernel panics with the follow oops:
+
+Cc: <stable@vger.kernel.org> # v4.15+
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/numa/numa.c | 16 ++--------------
+ 1 file changed, 2 insertions(+), 14 deletions(-)
+
+--- a/arch/s390/numa/numa.c
++++ b/arch/s390/numa/numa.c
+@@ -133,6 +133,8 @@ void __init numa_setup(void)
+ {
+ pr_info("NUMA mode: %s\n", mode->name);
+ nodes_clear(node_possible_map);
++ /* Initially attach all possible CPUs to node 0. */
++ cpumask_copy(&node_to_cpumask_map[0], cpu_possible_mask);
+ if (mode->setup)
+ mode->setup();
+ numa_setup_memory();
+@@ -140,20 +142,6 @@ void __init numa_setup(void)
+ }
+
+ /*
+- * numa_init_early() - Initialization initcall
+- *
+- * This runs when only one CPU is online and before the first
+- * topology update is called for by the scheduler.
+- */
+-static int __init numa_init_early(void)
+-{
+- /* Attach all possible CPUs to node 0 for now. */
+- cpumask_copy(&node_to_cpumask_map[0], cpu_possible_mask);
+- return 0;
+-}
+-early_initcall(numa_init_early);
+-
+-/*
+ * numa_init_late() - Initialization initcall
+ *
+ * Register NUMA nodes.
--- /dev/null
+From 866f3576a72b2233a76dffb80290f8086dc49e17 Mon Sep 17 00:00:00 2001
+From: Sebastian Ott <sebott@linux.ibm.com>
+Date: Mon, 13 Aug 2018 11:26:46 +0200
+Subject: s390/pci: fix out of bounds access during irq setup
+
+From: Sebastian Ott <sebott@linux.ibm.com>
+
+commit 866f3576a72b2233a76dffb80290f8086dc49e17 upstream.
+
+During interrupt setup we allocate interrupt vectors, walk the list of msi
+descriptors, and fill in the message data. Requesting more interrupts than
+supported on s390 can lead to an out of bounds access.
+
+When we restrict the number of interrupts we should also stop walking the
+msi list after all supported interrupts are handled.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Sebastian Ott <sebott@linux.ibm.com>
+Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/pci/pci.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/s390/pci/pci.c
++++ b/arch/s390/pci/pci.c
+@@ -407,6 +407,8 @@ int arch_setup_msi_irqs(struct pci_dev *
+ hwirq = 0;
+ for_each_pci_msi_entry(msi, pdev) {
+ rc = -EIO;
++ if (hwirq >= msi_vecs)
++ break;
+ irq = irq_alloc_desc(0); /* Alloc irq on node 0 */
+ if (irq < 0)
+ goto out_msi;
--- /dev/null
+From 64e03ff72623b8c2ea89ca3cb660094e019ed4ae Mon Sep 17 00:00:00 2001
+From: Julian Wiedmann <jwi@linux.ibm.com>
+Date: Wed, 16 May 2018 09:37:25 +0200
+Subject: s390/qdio: reset old sbal_state flags
+
+From: Julian Wiedmann <jwi@linux.ibm.com>
+
+commit 64e03ff72623b8c2ea89ca3cb660094e019ed4ae upstream.
+
+When allocating a new AOB fails, handle_outbound() is still capable of
+transmitting the selected buffer (just without async completion).
+
+But if a previous transfer on this queue slot used async completion, its
+sbal_state flags field is still set to QDIO_OUTBUF_STATE_FLAG_PENDING.
+So when the upper layer driver sees this stale flag, it expects an async
+completion that never happens.
+
+Fix this by unconditionally clearing the flags field.
+
+Fixes: 104ea556ee7f ("qdio: support asynchronous delivery of storage blocks")
+Cc: <stable@vger.kernel.org> #v3.2+
+Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/s390/include/asm/qdio.h | 1 -
+ drivers/s390/cio/qdio_main.c | 5 ++---
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+--- a/arch/s390/include/asm/qdio.h
++++ b/arch/s390/include/asm/qdio.h
+@@ -261,7 +261,6 @@ struct qdio_outbuf_state {
+ void *user;
+ };
+
+-#define QDIO_OUTBUF_STATE_FLAG_NONE 0x00
+ #define QDIO_OUTBUF_STATE_FLAG_PENDING 0x01
+
+ #define CHSC_AC1_INITIATE_INPUTQ 0x80
+--- a/drivers/s390/cio/qdio_main.c
++++ b/drivers/s390/cio/qdio_main.c
+@@ -640,21 +640,20 @@ static inline unsigned long qdio_aob_for
+ unsigned long phys_aob = 0;
+
+ if (!q->use_cq)
+- goto out;
++ return 0;
+
+ if (!q->aobs[bufnr]) {
+ struct qaob *aob = qdio_allocate_aob();
+ q->aobs[bufnr] = aob;
+ }
+ if (q->aobs[bufnr]) {
+- q->sbal_state[bufnr].flags = QDIO_OUTBUF_STATE_FLAG_NONE;
+ q->sbal_state[bufnr].aob = q->aobs[bufnr];
+ q->aobs[bufnr]->user1 = (u64) q->sbal_state[bufnr].user;
+ phys_aob = virt_to_phys(q->aobs[bufnr]);
+ WARN_ON_ONCE(phys_aob & 0xFF);
+ }
+
+-out:
++ q->sbal_state[bufnr].flags = 0;
+ return phys_aob;
+ }
+
--- /dev/null
+From 0ee223b2e1f67cb2de9c0e3247c510d846e74d63 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bart.vanassche@wdc.com>
+Date: Thu, 2 Aug 2018 10:51:41 -0700
+Subject: scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock
+
+From: Bart Van Assche <bart.vanassche@wdc.com>
+
+commit 0ee223b2e1f67cb2de9c0e3247c510d846e74d63 upstream.
+
+A long time ago the unfortunate decision was taken to add a self-deletion
+attribute to the sysfs SCSI device directory. That decision was unfortunate
+because self-deletion is really tricky. We can't drop that attribute
+because widely used user space software depends on it, namely the
+rescan-scsi-bus.sh script. Hence this patch that avoids that writing into
+that attribute triggers a deadlock. See also commit 7973cbd9fbd9 ("[PATCH]
+add sysfs attributes to scan and delete scsi_devices").
+
+This patch avoids that self-removal triggers the following deadlock:
+
+======================================================
+WARNING: possible circular locking dependency detected
+4.18.0-rc2-dbg+ #5 Not tainted
+------------------------------------------------------
+modprobe/6539 is trying to acquire lock:
+000000008323c4cd (kn->count#202){++++}, at: kernfs_remove_by_name_ns+0x45/0x90
+
+but task is already holding lock:
+00000000a6ec2c69 (&shost->scan_mutex){+.+.}, at: scsi_remove_host+0x21/0x150 [scsi_mod]
+
+which lock already depends on the new lock.
+
+the existing dependency chain (in reverse order) is:
+
+-> #1 (&shost->scan_mutex){+.+.}:
+ __mutex_lock+0xfe/0xc70
+ mutex_lock_nested+0x1b/0x20
+ scsi_remove_device+0x26/0x40 [scsi_mod]
+ sdev_store_delete+0x27/0x30 [scsi_mod]
+ dev_attr_store+0x3e/0x50
+ sysfs_kf_write+0x87/0xa0
+ kernfs_fop_write+0x190/0x230
+ __vfs_write+0xd2/0x3b0
+ vfs_write+0x101/0x270
+ ksys_write+0xab/0x120
+ __x64_sys_write+0x43/0x50
+ do_syscall_64+0x77/0x230
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+-> #0 (kn->count#202){++++}:
+ lock_acquire+0xd2/0x260
+ __kernfs_remove+0x424/0x4a0
+ kernfs_remove_by_name_ns+0x45/0x90
+ remove_files.isra.1+0x3a/0x90
+ sysfs_remove_group+0x5c/0xc0
+ sysfs_remove_groups+0x39/0x60
+ device_remove_attrs+0x82/0xb0
+ device_del+0x251/0x580
+ __scsi_remove_device+0x19f/0x1d0 [scsi_mod]
+ scsi_forget_host+0x37/0xb0 [scsi_mod]
+ scsi_remove_host+0x9b/0x150 [scsi_mod]
+ sdebug_driver_remove+0x4b/0x150 [scsi_debug]
+ device_release_driver_internal+0x241/0x360
+ device_release_driver+0x12/0x20
+ bus_remove_device+0x1bc/0x290
+ device_del+0x259/0x580
+ device_unregister+0x1a/0x70
+ sdebug_remove_adapter+0x8b/0xf0 [scsi_debug]
+ scsi_debug_exit+0x76/0xe8 [scsi_debug]
+ __x64_sys_delete_module+0x1c1/0x280
+ do_syscall_64+0x77/0x230
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+other info that might help us debug this:
+
+ Possible unsafe locking scenario:
+
+ CPU0 CPU1
+ ---- ----
+ lock(&shost->scan_mutex);
+ lock(kn->count#202);
+ lock(&shost->scan_mutex);
+ lock(kn->count#202);
+
+ *** DEADLOCK ***
+
+2 locks held by modprobe/6539:
+ #0: 00000000efaf9298 (&dev->mutex){....}, at: device_release_driver_internal+0x68/0x360
+ #1: 00000000a6ec2c69 (&shost->scan_mutex){+.+.}, at: scsi_remove_host+0x21/0x150 [scsi_mod]
+
+stack backtrace:
+CPU: 10 PID: 6539 Comm: modprobe Not tainted 4.18.0-rc2-dbg+ #5
+Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
+Call Trace:
+ dump_stack+0xa4/0xf5
+ print_circular_bug.isra.34+0x213/0x221
+ __lock_acquire+0x1a7e/0x1b50
+ lock_acquire+0xd2/0x260
+ __kernfs_remove+0x424/0x4a0
+ kernfs_remove_by_name_ns+0x45/0x90
+ remove_files.isra.1+0x3a/0x90
+ sysfs_remove_group+0x5c/0xc0
+ sysfs_remove_groups+0x39/0x60
+ device_remove_attrs+0x82/0xb0
+ device_del+0x251/0x580
+ __scsi_remove_device+0x19f/0x1d0 [scsi_mod]
+ scsi_forget_host+0x37/0xb0 [scsi_mod]
+ scsi_remove_host+0x9b/0x150 [scsi_mod]
+ sdebug_driver_remove+0x4b/0x150 [scsi_debug]
+ device_release_driver_internal+0x241/0x360
+ device_release_driver+0x12/0x20
+ bus_remove_device+0x1bc/0x290
+ device_del+0x259/0x580
+ device_unregister+0x1a/0x70
+ sdebug_remove_adapter+0x8b/0xf0 [scsi_debug]
+ scsi_debug_exit+0x76/0xe8 [scsi_debug]
+ __x64_sys_delete_module+0x1c1/0x280
+ do_syscall_64+0x77/0x230
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+See also https://www.mail-archive.com/linux-scsi@vger.kernel.org/msg54525.html.
+
+Fixes: ac0ece9174ac ("scsi: use device_remove_file_self() instead of device_schedule_callback()")
+Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Tejun Heo <tj@kernel.org>
+Cc: Johannes Thumshirn <jthumshirn@suse.de>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+
+---
+ drivers/scsi/scsi_sysfs.c | 20 ++++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/scsi_sysfs.c
++++ b/drivers/scsi/scsi_sysfs.c
+@@ -709,8 +709,24 @@ static ssize_t
+ sdev_store_delete(struct device *dev, struct device_attribute *attr,
+ const char *buf, size_t count)
+ {
+- if (device_remove_file_self(dev, attr))
+- scsi_remove_device(to_scsi_device(dev));
++ struct kernfs_node *kn;
++
++ kn = sysfs_break_active_protection(&dev->kobj, &attr->attr);
++ WARN_ON_ONCE(!kn);
++ /*
++ * Concurrent writes into the "delete" sysfs attribute may trigger
++ * concurrent calls to device_remove_file() and scsi_remove_device().
++ * device_remove_file() handles concurrent removal calls by
++ * serializing these and by ignoring the second and later removal
++ * attempts. Concurrent calls of scsi_remove_device() are
++ * serialized. The second and later calls of scsi_remove_device() are
++ * ignored because the first call of that function changes the device
++ * state into SDEV_DEL.
++ */
++ device_remove_file(dev, attr);
++ scsi_remove_device(to_scsi_device(dev));
++ if (kn)
++ sysfs_unbreak_active_protection(kn);
+ return count;
+ };
+ static DEVICE_ATTR(delete, S_IWUSR, NULL, sdev_store_delete);
--- /dev/null
+From 2afc9166f79b8f6da5f347f48515215ceee4ae37 Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bart.vanassche@wdc.com>
+Date: Thu, 2 Aug 2018 10:51:40 -0700
+Subject: scsi: sysfs: Introduce sysfs_{un,}break_active_protection()
+
+From: Bart Van Assche <bart.vanassche@wdc.com>
+
+commit 2afc9166f79b8f6da5f347f48515215ceee4ae37 upstream.
+
+Introduce these two functions and export them such that the next patch
+can add calls to these functions from the SCSI core.
+
+Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
+Acked-by: Tejun Heo <tj@kernel.org>
+Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/sysfs/file.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
+ include/linux/sysfs.h | 14 ++++++++++++++
+ 2 files changed, 58 insertions(+)
+
+--- a/fs/sysfs/file.c
++++ b/fs/sysfs/file.c
+@@ -408,6 +408,50 @@ int sysfs_chmod_file(struct kobject *kob
+ EXPORT_SYMBOL_GPL(sysfs_chmod_file);
+
+ /**
++ * sysfs_break_active_protection - break "active" protection
++ * @kobj: The kernel object @attr is associated with.
++ * @attr: The attribute to break the "active" protection for.
++ *
++ * With sysfs, just like kernfs, deletion of an attribute is postponed until
++ * all active .show() and .store() callbacks have finished unless this function
++ * is called. Hence this function is useful in methods that implement self
++ * deletion.
++ */
++struct kernfs_node *sysfs_break_active_protection(struct kobject *kobj,
++ const struct attribute *attr)
++{
++ struct kernfs_node *kn;
++
++ kobject_get(kobj);
++ kn = kernfs_find_and_get(kobj->sd, attr->name);
++ if (kn)
++ kernfs_break_active_protection(kn);
++ return kn;
++}
++EXPORT_SYMBOL_GPL(sysfs_break_active_protection);
++
++/**
++ * sysfs_unbreak_active_protection - restore "active" protection
++ * @kn: Pointer returned by sysfs_break_active_protection().
++ *
++ * Undo the effects of sysfs_break_active_protection(). Since this function
++ * calls kernfs_put() on the kernfs node that corresponds to the 'attr'
++ * argument passed to sysfs_break_active_protection() that attribute may have
++ * been removed between the sysfs_break_active_protection() and
++ * sysfs_unbreak_active_protection() calls, it is not safe to access @kn after
++ * this function has returned.
++ */
++void sysfs_unbreak_active_protection(struct kernfs_node *kn)
++{
++ struct kobject *kobj = kn->parent->priv;
++
++ kernfs_unbreak_active_protection(kn);
++ kernfs_put(kn);
++ kobject_put(kobj);
++}
++EXPORT_SYMBOL_GPL(sysfs_unbreak_active_protection);
++
++/**
+ * sysfs_remove_file_ns - remove an object attribute with a custom ns tag
+ * @kobj: object we're acting for
+ * @attr: attribute descriptor
+--- a/include/linux/sysfs.h
++++ b/include/linux/sysfs.h
+@@ -238,6 +238,9 @@ int __must_check sysfs_create_files(stru
+ const struct attribute **attr);
+ int __must_check sysfs_chmod_file(struct kobject *kobj,
+ const struct attribute *attr, umode_t mode);
++struct kernfs_node *sysfs_break_active_protection(struct kobject *kobj,
++ const struct attribute *attr);
++void sysfs_unbreak_active_protection(struct kernfs_node *kn);
+ void sysfs_remove_file_ns(struct kobject *kobj, const struct attribute *attr,
+ const void *ns);
+ bool sysfs_remove_file_self(struct kobject *kobj, const struct attribute *attr);
+@@ -351,6 +354,17 @@ static inline int sysfs_chmod_file(struc
+ return 0;
+ }
+
++static inline struct kernfs_node *
++sysfs_break_active_protection(struct kobject *kobj,
++ const struct attribute *attr)
++{
++ return NULL;
++}
++
++static inline void sysfs_unbreak_active_protection(struct kernfs_node *kn)
++{
++}
++
+ static inline void sysfs_remove_file_ns(struct kobject *kobj,
+ const struct attribute *attr,
+ const void *ns)
x86-spectre-add-missing-family-6-check-to-microcode-check.patch
x86-speculation-l1tf-increase-l1tf-memory-limit-for-nehalem.patch
x86-entry-64-wipe-kasan-stack-shadow-before-rewind_stack_do_exit.patch
+s390-fix-br_r1_trampoline-for-machines-without-exrl.patch
+s390-qdio-reset-old-sbal_state-flags.patch
+s390-numa-move-initial-setup-of-node_to_cpumask_map.patch
+s390-pci-fix-out-of-bounds-access-during-irq-setup.patch
+kprobes-make-list-and-blacklist-root-user-read-only.patch
+mips-correct-the-64-bit-dsp-accumulator-register-size.patch
+mips-lib-provide-mips64r6-__multi3-for-gcc-7.patch
+scsi-sysfs-introduce-sysfs_-un-break_active_protection.patch
+scsi-core-avoid-that-scsi-device-removal-through-sysfs-triggers-a-deadlock.patch
+iscsi-target-fix-session-creation-failure-handling.patch
+clk-rockchip-fix-clk_i2sout-parent-selection-bits-on-rk3399.patch
+pm-clk-signedness-bug-in-of_pm_clk_add_clks.patch
+power-generic-adc-battery-fix-out-of-bounds-write-when-copying-channel-properties.patch
+power-generic-adc-battery-check-for-duplicate-properties-copied-from-iio-channels.patch
+cdrom-fix-info-leak-oob-read-in-cdrom_ioctl_drive_status.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
