--- /dev/null
+From cb04fc3b6b076f67d228a0b7d096c69ad486c09c Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Fri, 13 Dec 2019 09:51:10 +0100
+Subject: ALSA: hda/ca0132 - Avoid endless loop
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit cb04fc3b6b076f67d228a0b7d096c69ad486c09c upstream.
+
+Introduce a timeout to dspio_clear_response_queue() so that it won't
+be caught in an endless loop even if the hardware doesn't respond
+properly.
+
+Fixes: a73d511c4867 ("ALSA: hda/ca0132: Add unsol handler for DSP and jack detection")
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20191213085111.22855-3-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_ca0132.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/sound/pci/hda/patch_ca0132.c
++++ b/sound/pci/hda/patch_ca0132.c
+@@ -1300,13 +1300,14 @@ struct scp_msg {
+
+ static void dspio_clear_response_queue(struct hda_codec *codec)
+ {
++ unsigned long timeout = jiffies + msecs_to_jiffies(1000);
+ unsigned int dummy = 0;
+- int status = -1;
++ int status;
+
+ /* clear all from the response queue */
+ do {
+ status = dspio_read(codec, &dummy);
+- } while (status == 0);
++ } while (status == 0 && time_before(jiffies, timeout));
+ }
+
+ static int dspio_get_response_data(struct hda_codec *codec)
--- /dev/null
+From 377bc0cfabce0244632dada19060839ced4e6949 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Fri, 13 Dec 2019 09:51:09 +0100
+Subject: ALSA: hda/ca0132 - Keep power on during processing DSP response
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 377bc0cfabce0244632dada19060839ced4e6949 upstream.
+
+We need to keep power on while processing the DSP response via unsol
+event. Each snd_hda_codec_read() call does the power management, so
+it should work normally, but still it's safer to keep the power up for
+the whole function.
+
+Fixes: a73d511c4867 ("ALSA: hda/ca0132: Add unsol handler for DSP and jack detection")
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20191213085111.22855-2-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_ca0132.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/sound/pci/hda/patch_ca0132.c
++++ b/sound/pci/hda/patch_ca0132.c
+@@ -4424,12 +4424,14 @@ static void ca0132_process_dsp_response(
+ struct ca0132_spec *spec = codec->spec;
+
+ codec_dbg(codec, "ca0132_process_dsp_response\n");
++ snd_hda_power_up_pm(codec);
+ if (spec->wait_scp) {
+ if (dspio_get_response_data(codec) >= 0)
+ spec->wait_scp = 0;
+ }
+
+ dspio_clear_response_queue(codec);
++ snd_hda_power_down_pm(codec);
+ }
+
+ static void hp_callback(struct hda_codec *codec, struct hda_jack_callback *cb)
--- /dev/null
+From add9d56d7b3781532208afbff5509d7382fb6efe Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 11 Dec 2019 16:57:42 +0100
+Subject: ALSA: pcm: Avoid possible info leaks from PCM stream buffers
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit add9d56d7b3781532208afbff5509d7382fb6efe upstream.
+
+The current PCM code doesn't initialize explicitly the buffers
+allocated for PCM streams, hence it might leak some uninitialized
+kernel data or previous stream contents by mmapping or reading the
+buffer before actually starting the stream.
+
+Since this is a common problem, this patch simply adds the clearance
+of the buffer data at hw_params callback. Although this does only
+zero-clear no matter which format is used, which doesn't mean the
+silence for some formats, but it should be OK because the intention is
+just to clear the previous data on the buffer.
+
+Reported-by: Lionel Koenig <lionel.koenig@gmail.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20191211155742.3213-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/core/pcm_native.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/sound/core/pcm_native.c
++++ b/sound/core/pcm_native.c
+@@ -720,6 +720,10 @@ static int snd_pcm_hw_params(struct snd_
+ while (runtime->boundary * 2 <= LONG_MAX - runtime->buffer_size)
+ runtime->boundary *= 2;
+
++ /* clear the buffer for avoiding possible kernel info leaks */
++ if (runtime->dma_area && !substream->ops->copy_user)
++ memset(runtime->dma_area, 0, runtime->dma_bytes);
++
+ snd_pcm_timer_resolution_change(substream);
+ snd_pcm_set_state(substream, SNDRV_PCM_STATE_SETUP);
+
--- /dev/null
+From f72ff01df9cf5db25c76674cac16605992d15467 Mon Sep 17 00:00:00 2001
+From: Josef Bacik <josef@toxicpanda.com>
+Date: Tue, 19 Nov 2019 13:59:35 -0500
+Subject: btrfs: do not call synchronize_srcu() in inode_tree_del
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+commit f72ff01df9cf5db25c76674cac16605992d15467 upstream.
+
+Testing with the new fsstress uncovered a pretty nasty deadlock with
+lookup and snapshot deletion.
+
+Process A
+unlink
+ -> final iput
+ -> inode_tree_del
+ -> synchronize_srcu(subvol_srcu)
+
+Process B
+btrfs_lookup <- srcu_read_lock() acquired here
+ -> btrfs_iget
+ -> find inode that has I_FREEING set
+ -> __wait_on_freeing_inode()
+
+We're holding the srcu_read_lock() while doing the iget in order to make
+sure our fs root doesn't go away, and then we are waiting for the inode
+to finish freeing. However because the free'ing process is doing a
+synchronize_srcu() we deadlock.
+
+Fix this by dropping the synchronize_srcu() in inode_tree_del(). We
+don't need people to stop accessing the fs root at this point, we're
+only adding our empty root to the dead roots list.
+
+A larger much more invasive fix is forthcoming to address how we deal
+with fs roots, but this fixes the immediate problem.
+
+Fixes: 76dda93c6ae2 ("Btrfs: add snapshot/subvolume destroy ioctl")
+CC: stable@vger.kernel.org # 4.4+
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/inode.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/fs/btrfs/inode.c
++++ b/fs/btrfs/inode.c
+@@ -5729,7 +5729,6 @@ static void inode_tree_add(struct inode
+
+ static void inode_tree_del(struct inode *inode)
+ {
+- struct btrfs_fs_info *fs_info = btrfs_sb(inode->i_sb);
+ struct btrfs_root *root = BTRFS_I(inode)->root;
+ int empty = 0;
+
+@@ -5742,7 +5741,6 @@ static void inode_tree_del(struct inode
+ spin_unlock(&root->inode_lock);
+
+ if (empty && btrfs_root_refs(&root->root_item) == 0) {
+- synchronize_srcu(&fs_info->subvol_srcu);
+ spin_lock(&root->inode_lock);
+ empty = RB_EMPTY_ROOT(&root->inode_tree);
+ spin_unlock(&root->inode_lock);
--- /dev/null
+From ca1aa2818a53875cfdd175fb5e9a2984e997cce9 Mon Sep 17 00:00:00 2001
+From: Josef Bacik <josef@toxicpanda.com>
+Date: Fri, 6 Dec 2019 09:37:18 -0500
+Subject: btrfs: do not leak reloc root if we fail to read the fs root
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+commit ca1aa2818a53875cfdd175fb5e9a2984e997cce9 upstream.
+
+If we fail to read the fs root corresponding with a reloc root we'll
+just break out and free the reloc roots. But we remove our current
+reloc_root from this list higher up, which means we'll leak this
+reloc_root. Fix this by adding ourselves back to the reloc_roots list
+so we are properly cleaned up.
+
+CC: stable@vger.kernel.org # 4.4+
+Reviewed-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/relocation.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/btrfs/relocation.c
++++ b/fs/btrfs/relocation.c
+@@ -4587,6 +4587,7 @@ int btrfs_recover_relocation(struct btrf
+ fs_root = read_fs_root(fs_info, reloc_root->root_key.offset);
+ if (IS_ERR(fs_root)) {
+ err = PTR_ERR(fs_root);
++ list_add_tail(&reloc_root->root_list, &reloc_roots);
+ goto out_free;
+ }
+
--- /dev/null
+From 943eb3bf25f4a7b745dd799e031be276aa104d82 Mon Sep 17 00:00:00 2001
+From: Josef Bacik <josef@toxicpanda.com>
+Date: Tue, 19 Nov 2019 13:59:20 -0500
+Subject: btrfs: don't double lock the subvol_sem for rename exchange
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+commit 943eb3bf25f4a7b745dd799e031be276aa104d82 upstream.
+
+If we're rename exchanging two subvols we'll try to lock this lock
+twice, which is bad. Just lock once if either of the ino's are subvols.
+
+Fixes: cdd1fedf8261 ("btrfs: add support for RENAME_EXCHANGE and RENAME_WHITEOUT")
+CC: stable@vger.kernel.org # 4.4+
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/inode.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+--- a/fs/btrfs/inode.c
++++ b/fs/btrfs/inode.c
+@@ -9820,9 +9820,8 @@ static int btrfs_rename_exchange(struct
+ return -EXDEV;
+
+ /* close the race window with snapshot create/destroy ioctl */
+- if (old_ino == BTRFS_FIRST_FREE_OBJECTID)
+- down_read(&fs_info->subvol_sem);
+- if (new_ino == BTRFS_FIRST_FREE_OBJECTID)
++ if (old_ino == BTRFS_FIRST_FREE_OBJECTID ||
++ new_ino == BTRFS_FIRST_FREE_OBJECTID)
+ down_read(&fs_info->subvol_sem);
+
+ /*
+@@ -10014,9 +10013,8 @@ out_fail:
+ ret2 = btrfs_end_transaction(trans);
+ ret = ret ? ret : ret2;
+ out_notrans:
+- if (new_ino == BTRFS_FIRST_FREE_OBJECTID)
+- up_read(&fs_info->subvol_sem);
+- if (old_ino == BTRFS_FIRST_FREE_OBJECTID)
++ if (new_ino == BTRFS_FIRST_FREE_OBJECTID ||
++ old_ino == BTRFS_FIRST_FREE_OBJECTID)
+ up_read(&fs_info->subvol_sem);
+
+ return ret;
--- /dev/null
+From 6609fee8897ac475378388238456c84298bff802 Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Fri, 6 Dec 2019 12:27:39 +0000
+Subject: Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit 6609fee8897ac475378388238456c84298bff802 upstream.
+
+When a tree mod log user no longer needs to use the tree it calls
+btrfs_put_tree_mod_seq() to remove itself from the list of users and
+delete all no longer used elements of the tree's red black tree, which
+should be all elements with a sequence number less then our equals to
+the caller's sequence number. However the logic is broken because it
+can delete and free elements from the red black tree that have a
+sequence number greater then the caller's sequence number:
+
+1) At a point in time we have sequence numbers 1, 2, 3 and 4 in the
+ tree mod log;
+
+2) The task which got assigned the sequence number 1 calls
+ btrfs_put_tree_mod_seq();
+
+3) Sequence number 1 is deleted from the list of sequence numbers;
+
+4) The current minimum sequence number is computed to be the sequence
+ number 2;
+
+5) A task using sequence number 2 is at tree_mod_log_rewind() and gets
+ a pointer to one of its elements from the red black tree through
+ a call to tree_mod_log_search();
+
+6) The task with sequence number 1 iterates the red black tree of tree
+ modification elements and deletes (and frees) all elements with a
+ sequence number less then or equals to 2 (the computed minimum sequence
+ number) - it ends up only leaving elements with sequence numbers of 3
+ and 4;
+
+7) The task with sequence number 2 now uses the pointer to its element,
+ already freed by the other task, at __tree_mod_log_rewind(), resulting
+ in a use-after-free issue. When CONFIG_DEBUG_PAGEALLOC=y it produces
+ a trace like the following:
+
+ [16804.546854] general protection fault: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI
+ [16804.547451] CPU: 0 PID: 28257 Comm: pool Tainted: G W 5.4.0-rc8-btrfs-next-51 #1
+ [16804.548059] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014
+ [16804.548666] RIP: 0010:rb_next+0x16/0x50
+ (...)
+ [16804.550581] RSP: 0018:ffffb948418ef9b0 EFLAGS: 00010202
+ [16804.551227] RAX: 6b6b6b6b6b6b6b6b RBX: ffff90e0247f6600 RCX: 6b6b6b6b6b6b6b6b
+ [16804.551873] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff90e0247f6600
+ [16804.552504] RBP: ffff90dffe0d4688 R08: 0000000000000001 R09: 0000000000000000
+ [16804.553136] R10: ffff90dffa4a0040 R11: 0000000000000000 R12: 000000000000002e
+ [16804.553768] R13: ffff90e0247f6600 R14: 0000000000001663 R15: ffff90dff77862b8
+ [16804.554399] FS: 00007f4b197ae700(0000) GS:ffff90e036a00000(0000) knlGS:0000000000000000
+ [16804.555039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ [16804.555683] CR2: 00007f4b10022000 CR3: 00000002060e2004 CR4: 00000000003606f0
+ [16804.556336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+ [16804.556968] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+ [16804.557583] Call Trace:
+ [16804.558207] __tree_mod_log_rewind+0xbf/0x280 [btrfs]
+ [16804.558835] btrfs_search_old_slot+0x105/0xd00 [btrfs]
+ [16804.559468] resolve_indirect_refs+0x1eb/0xc70 [btrfs]
+ [16804.560087] ? free_extent_buffer.part.19+0x5a/0xc0 [btrfs]
+ [16804.560700] find_parent_nodes+0x388/0x1120 [btrfs]
+ [16804.561310] btrfs_check_shared+0x115/0x1c0 [btrfs]
+ [16804.561916] ? extent_fiemap+0x59d/0x6d0 [btrfs]
+ [16804.562518] extent_fiemap+0x59d/0x6d0 [btrfs]
+ [16804.563112] ? __might_fault+0x11/0x90
+ [16804.563706] do_vfs_ioctl+0x45a/0x700
+ [16804.564299] ksys_ioctl+0x70/0x80
+ [16804.564885] ? trace_hardirqs_off_thunk+0x1a/0x20
+ [16804.565461] __x64_sys_ioctl+0x16/0x20
+ [16804.566020] do_syscall_64+0x5c/0x250
+ [16804.566580] entry_SYSCALL_64_after_hwframe+0x49/0xbe
+ [16804.567153] RIP: 0033:0x7f4b1ba2add7
+ (...)
+ [16804.568907] RSP: 002b:00007f4b197adc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
+ [16804.569513] RAX: ffffffffffffffda RBX: 00007f4b100210d8 RCX: 00007f4b1ba2add7
+ [16804.570133] RDX: 00007f4b100210d8 RSI: 00000000c020660b RDI: 0000000000000003
+ [16804.570726] RBP: 000055de05a6cfe0 R08: 0000000000000000 R09: 00007f4b197add44
+ [16804.571314] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4b197add48
+ [16804.571905] R13: 00007f4b197add40 R14: 00007f4b100210d0 R15: 00007f4b197add50
+ (...)
+ [16804.575623] ---[ end trace 87317359aad4ba50 ]---
+
+Fix this by making btrfs_put_tree_mod_seq() skip deletion of elements that
+have a sequence number equals to the computed minimum sequence number, and
+not just elements with a sequence number greater then that minimum.
+
+Fixes: bd989ba359f2ac ("Btrfs: add tree modification log functions")
+CC: stable@vger.kernel.org # 4.4+
+Reviewed-by: Josef Bacik <josef@toxicpanda.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/ctree.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/btrfs/ctree.c
++++ b/fs/btrfs/ctree.c
+@@ -427,7 +427,7 @@ void btrfs_put_tree_mod_seq(struct btrfs
+ for (node = rb_first(tm_root); node; node = next) {
+ next = rb_next(node);
+ tm = rb_entry(node, struct tree_mod_elem, node);
+- if (tm->seq > min_seq)
++ if (tm->seq >= min_seq)
+ continue;
+ rb_erase(node, tm_root);
+ kfree(tm);
--- /dev/null
+From 714cd3e8cba6841220dce9063a7388a81de03825 Mon Sep 17 00:00:00 2001
+From: Josef Bacik <josef@toxicpanda.com>
+Date: Fri, 6 Dec 2019 11:39:00 -0500
+Subject: btrfs: handle ENOENT in btrfs_uuid_tree_iterate
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+commit 714cd3e8cba6841220dce9063a7388a81de03825 upstream.
+
+If we get an -ENOENT back from btrfs_uuid_iter_rem when iterating the
+uuid tree we'll just continue and do btrfs_next_item(). However we've
+done a btrfs_release_path() at this point and no longer have a valid
+path. So increment the key and go back and do a normal search.
+
+CC: stable@vger.kernel.org # 4.4+
+Reviewed-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/uuid-tree.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/btrfs/uuid-tree.c
++++ b/fs/btrfs/uuid-tree.c
+@@ -336,6 +336,8 @@ again_search_slot:
+ }
+ if (ret < 0 && ret != -ENOENT)
+ goto out;
++ key.offset++;
++ goto again_search_slot;
+ }
+ item_size -= sizeof(subid_le);
+ offset += sizeof(subid_le);
--- /dev/null
+From 9bc574de590510eff899c3ca8dbaf013566b5efe Mon Sep 17 00:00:00 2001
+From: Josef Bacik <josef@toxicpanda.com>
+Date: Fri, 6 Dec 2019 09:37:17 -0500
+Subject: btrfs: skip log replay on orphaned roots
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+commit 9bc574de590510eff899c3ca8dbaf013566b5efe upstream.
+
+My fsstress modifications coupled with generic/475 uncovered a failure
+to mount and replay the log if we hit a orphaned root. We do not want
+to replay the log for an orphan root, but it's completely legitimate to
+have an orphaned root with a log attached. Fix this by simply skipping
+replaying the log. We still need to pin it's root node so that we do
+not overwrite it while replaying other logs, as we re-read the log root
+at every stage of the replay.
+
+CC: stable@vger.kernel.org # 4.4+
+Reviewed-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/tree-log.c | 23 +++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+--- a/fs/btrfs/tree-log.c
++++ b/fs/btrfs/tree-log.c
+@@ -6018,9 +6018,28 @@ again:
+ wc.replay_dest = btrfs_read_fs_root_no_name(fs_info, &tmp_key);
+ if (IS_ERR(wc.replay_dest)) {
+ ret = PTR_ERR(wc.replay_dest);
++
++ /*
++ * We didn't find the subvol, likely because it was
++ * deleted. This is ok, simply skip this log and go to
++ * the next one.
++ *
++ * We need to exclude the root because we can't have
++ * other log replays overwriting this log as we'll read
++ * it back in a few more times. This will keep our
++ * block from being modified, and we'll just bail for
++ * each subsequent pass.
++ */
++ if (ret == -ENOENT)
++ ret = btrfs_pin_extent_for_log_replay(fs_info,
++ log->node->start,
++ log->node->len);
+ free_extent_buffer(log->node);
+ free_extent_buffer(log->commit_root);
+ kfree(log);
++
++ if (!ret)
++ goto next;
+ btrfs_handle_fs_error(fs_info, ret,
+ "Couldn't read target root for tree log recovery.");
+ goto error;
+@@ -6052,7 +6071,6 @@ again:
+ &root->highest_objectid);
+ }
+
+- key.offset = found_key.offset - 1;
+ wc.replay_dest->log_root = NULL;
+ free_extent_buffer(log->node);
+ free_extent_buffer(log->commit_root);
+@@ -6060,9 +6078,10 @@ again:
+
+ if (ret)
+ goto error;
+-
++next:
+ if (found_key.offset == 0)
+ break;
++ key.offset = found_key.offset - 1;
+ }
+ btrfs_release_path(path);
+
+btrfs-don-t-double-lock-the-subvol_sem-for-rename-exchange.patch
+btrfs-do-not-call-synchronize_srcu-in-inode_tree_del.patch
+btrfs-skip-log-replay-on-orphaned-roots.patch
+btrfs-do-not-leak-reloc-root-if-we-fail-to-read-the-fs-root.patch
+btrfs-handle-enoent-in-btrfs_uuid_tree_iterate.patch
+btrfs-fix-removal-logic-of-the-tree-mod-log-that-leads-to-use-after-free-issues.patch
+alsa-pcm-avoid-possible-info-leaks-from-pcm-stream-buffers.patch
+alsa-hda-ca0132-keep-power-on-during-processing-dsp-response.patch
+alsa-hda-ca0132-avoid-endless-loop.patch
drm-mst-fix-query_payload-ack-reply-struct.patch
drm-bridge-analogix-anx78xx-silence-eprobe_defer-war.patch
iio-light-bh1750-resolve-compiler-warning-and-make-c.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
