--- /dev/null
+From foo@baz Mon Sep 24 09:22:32 CEST 2018
+From: Timo Wischer <twischer@de.adit-jv.com>
+Date: Tue, 10 Jul 2018 17:28:45 +0200
+Subject: ALSA: pcm: Fix snd_interval_refine first/last with open min/max
+
+From: Timo Wischer <twischer@de.adit-jv.com>
+
+[ Upstream commit ff2d6acdf6f13d9f8fdcd890844c6d7535ac1f10 ]
+
+Without this commit the following intervals [x y), (x y) were be
+replaced to (y-1 y) by snd_interval_refine_last(). This was also done
+if y-1 is part of the previous interval.
+With this changes it will be replaced with [y-1 y) in case of y-1 is
+part of the previous interval. A similar behavior will be used for
+snd_interval_refine_first().
+
+This commit adapts the changes for alsa-lib of commit
+9bb985c ("pcm: snd_interval_refine_first/last: exclude value only if
+also excluded before")
+
+Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/core/pcm_lib.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+--- a/sound/core/pcm_lib.c
++++ b/sound/core/pcm_lib.c
+@@ -714,27 +714,33 @@ EXPORT_SYMBOL(snd_interval_refine);
+
+ static int snd_interval_refine_first(struct snd_interval *i)
+ {
++ const unsigned int last_max = i->max;
++
+ if (snd_BUG_ON(snd_interval_empty(i)))
+ return -EINVAL;
+ if (snd_interval_single(i))
+ return 0;
+ i->max = i->min;
+- i->openmax = i->openmin;
+- if (i->openmax)
++ if (i->openmin)
+ i->max++;
++ /* only exclude max value if also excluded before refine */
++ i->openmax = (i->openmax && i->max >= last_max);
+ return 1;
+ }
+
+ static int snd_interval_refine_last(struct snd_interval *i)
+ {
++ const unsigned int last_min = i->min;
++
+ if (snd_BUG_ON(snd_interval_empty(i)))
+ return -EINVAL;
+ if (snd_interval_single(i))
+ return 0;
+ i->min = i->max;
+- i->openmin = i->openmax;
+- if (i->openmin)
++ if (i->openmax)
+ i->min--;
++ /* only exclude min value if also excluded before refine */
++ i->openmin = (i->openmin && i->min <= last_min);
+ return 1;
+ }
+
--- /dev/null
+From foo@baz Mon Sep 24 09:22:32 CEST 2018
+From: Nicholas Mc Guire <hofrat@osadl.org>
+Date: Thu, 12 Jul 2018 11:28:23 +0200
+Subject: ARM: hisi: check of_iomap and fix missing of_node_put
+
+From: Nicholas Mc Guire <hofrat@osadl.org>
+
+[ Upstream commit 81646a3d39ef14749301374a3a0b8311384cd412 ]
+
+of_find_compatible_node() returns a device node with refcount incremented
+and thus needs an explicit of_node_put(). Further relying on an unchecked
+of_iomap() which can return NULL is problematic here, after all ctrl_base
+is critical enough for hix5hd2_set_cpu() to call BUG() if not available
+so a check seems mandated here.
+
+Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
+0002 Fixes: commit 06cc5c1d4d73 ("ARM: hisi: enable hix5hd2 SoC")
+Signed-off-by: Wei Xu <xuwei5@hisilicon.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/mach-hisi/hotplug.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+--- a/arch/arm/mach-hisi/hotplug.c
++++ b/arch/arm/mach-hisi/hotplug.c
+@@ -177,11 +177,15 @@ static bool hix5hd2_hotplug_init(void)
+ struct device_node *np;
+
+ np = of_find_compatible_node(NULL, NULL, "hisilicon,cpuctrl");
+- if (np) {
+- ctrl_base = of_iomap(np, 0);
+- return true;
+- }
+- return false;
++ if (!np)
++ return false;
++
++ ctrl_base = of_iomap(np, 0);
++ of_node_put(np);
++ if (!ctrl_base)
++ return false;
++
++ return true;
+ }
+
+ void hix5hd2_set_cpu(int cpu, bool enable)
--- /dev/null
+From foo@baz Mon Sep 24 09:22:32 CEST 2018
+From: Nicholas Mc Guire <hofrat@osadl.org>
+Date: Thu, 12 Jul 2018 11:28:24 +0200
+Subject: ARM: hisi: handle of_iomap and fix missing of_node_put
+
+From: Nicholas Mc Guire <hofrat@osadl.org>
+
+[ Upstream commit d396cb185c0337aae5664b250cdd9a73f6eb1503 ]
+
+Relying on an unchecked of_iomap() which can return NULL is problematic
+here, an explicit check seems mandatory. Also the call to
+of_find_compatible_node() returns a device node with refcount incremented
+therefor an explicit of_node_put() is needed here.
+
+Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
+Fixes: commit 22bae4290457 ("ARM: hi3xxx: add hotplug support")
+Signed-off-by: Wei Xu <xuwei5@hisilicon.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/mach-hisi/hotplug.c | 19 +++++++++++++------
+ 1 file changed, 13 insertions(+), 6 deletions(-)
+
+--- a/arch/arm/mach-hisi/hotplug.c
++++ b/arch/arm/mach-hisi/hotplug.c
+@@ -145,13 +145,20 @@ static int hi3xxx_hotplug_init(void)
+ struct device_node *node;
+
+ node = of_find_compatible_node(NULL, NULL, "hisilicon,sysctrl");
+- if (node) {
+- ctrl_base = of_iomap(node, 0);
+- id = HI3620_CTRL;
+- return 0;
++ if (!node) {
++ id = ERROR_CTRL;
++ return -ENOENT;
+ }
+- id = ERROR_CTRL;
+- return -ENOENT;
++
++ ctrl_base = of_iomap(node, 0);
++ of_node_put(node);
++ if (!ctrl_base) {
++ id = ERROR_CTRL;
++ return -ENOMEM;
++ }
++
++ id = HI3620_CTRL;
++ return 0;
+ }
+
+ void hi3xxx_set_cpu(int cpu, bool enable)
--- /dev/null
+From foo@baz Mon Sep 24 09:22:32 CEST 2018
+From: Ronny Chevalier <ronny.chevalier@hp.com>
+Date: Wed, 11 Jul 2018 14:39:37 +0200
+Subject: audit: fix use-after-free in audit_add_watch
+
+From: Ronny Chevalier <ronny.chevalier@hp.com>
+
+[ Upstream commit baa2a4fdd525c8c4b0f704d20457195b29437839 ]
+
+audit_add_watch stores locally krule->watch without taking a reference
+on watch. Then, it calls audit_add_to_parent, and uses the watch stored
+locally.
+
+Unfortunately, it is possible that audit_add_to_parent updates
+krule->watch.
+When it happens, it also drops a reference of watch which
+could free the watch.
+
+How to reproduce (with KASAN enabled):
+
+ auditctl -w /etc/passwd -F success=0 -k test_passwd
+ auditctl -w /etc/passwd -F success=1 -k test_passwd2
+
+The second call to auditctl triggers the use-after-free, because
+audit_to_parent updates krule->watch to use a previous existing watch
+and drops the reference to the newly created watch.
+
+To fix the issue, we grab a reference of watch and we release it at the
+end of the function.
+
+Signed-off-by: Ronny Chevalier <ronny.chevalier@hp.com>
+Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/audit_watch.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/kernel/audit_watch.c
++++ b/kernel/audit_watch.c
+@@ -414,6 +414,13 @@ int audit_add_watch(struct audit_krule *
+ struct path parent_path;
+ int h, ret = 0;
+
++ /*
++ * When we will be calling audit_add_to_parent, krule->watch might have
++ * been updated and watch might have been freed.
++ * So we need to keep a reference of watch.
++ */
++ audit_get_watch(watch);
++
+ mutex_unlock(&audit_filter_mutex);
+
+ /* Avoid calling path_lookup under audit_filter_mutex. */
+@@ -422,8 +429,10 @@ int audit_add_watch(struct audit_krule *
+ /* caller expects mutex locked */
+ mutex_lock(&audit_filter_mutex);
+
+- if (ret)
++ if (ret) {
++ audit_put_watch(watch);
+ return ret;
++ }
+
+ /* either find an old parent or attach a new one */
+ parent = audit_find_parent(parent_path.dentry->d_inode);
+@@ -444,6 +453,7 @@ int audit_add_watch(struct audit_krule *
+ *list = &audit_inode_hash[h];
+ error:
+ path_put(&parent_path);
++ audit_put_watch(watch);
+ return ret;
+ }
+
--- /dev/null
+From foo@baz Mon Sep 24 09:22:32 CEST 2018
+From: "Maciej W. Rozycki" <macro@mips.com>
+Date: Tue, 15 May 2018 23:32:45 +0100
+Subject: binfmt_elf: Respect error return from `regset->active'
+
+From: "Maciej W. Rozycki" <macro@mips.com>
+
+[ Upstream commit 2f819db565e82e5f73cd42b39925098986693378 ]
+
+The regset API documented in <linux/regset.h> defines -ENODEV as the
+result of the `->active' handler to be used where the feature requested
+is not available on the hardware found. However code handling core file
+note generation in `fill_thread_core_info' interpretes any non-zero
+result from the `->active' handler as the regset requested being active.
+Consequently processing continues (and hopefully gracefully fails later
+on) rather than being abandoned right away for the regset requested.
+
+Fix the problem then by making the code proceed only if a positive
+result is returned from the `->active' handler.
+
+Signed-off-by: Maciej W. Rozycki <macro@mips.com>
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Fixes: 4206d3aa1978 ("elf core dump: notes user_regset")
+Patchwork: https://patchwork.linux-mips.org/patch/19332/
+Cc: Alexander Viro <viro@zeniv.linux.org.uk>
+Cc: James Hogan <jhogan@kernel.org>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: linux-fsdevel@vger.kernel.org
+Cc: linux-mips@linux-mips.org
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/binfmt_elf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/binfmt_elf.c
++++ b/fs/binfmt_elf.c
+@@ -1552,7 +1552,7 @@ static int fill_thread_core_info(struct
+ const struct user_regset *regset = &view->regsets[i];
+ do_thread_regset_writeback(t->task, regset);
+ if (regset->core_note_type && regset->get &&
+- (!regset->active || regset->active(t->task, regset))) {
++ (!regset->active || regset->active(t->task, regset) > 0)) {
+ int ret;
+ size_t size = regset->n * regset->size;
+ void *data = kmalloc(size, GFP_KERNEL);
--- /dev/null
+From foo@baz Mon Sep 24 09:22:32 CEST 2018
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 4 Jul 2018 12:38:09 +0300
+Subject: drm/panel: type promotion bug in s6e8aa0_read_mtp_id()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit cd0e0ca69109d025b1a1b6609f70682db62138b0 ]
+
+The ARRAY_SIZE() macro is type size_t. If s6e8aa0_dcs_read() returns a
+negative error code, then "ret < ARRAY_SIZE(id)" is false because the
+negative error code is type promoted to a high positive value.
+
+Fixes: 02051ca06371 ("drm/panel: add S6E8AA0 driver")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Andrzej Hajda <a.hajda@samsung.com>
+Signed-off-by: Thierry Reding <treding@nvidia.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20180704093807.s3lqsb2v6dg2k43d@kili.mountain
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/panel/panel-s6e8aa0.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/panel/panel-s6e8aa0.c
++++ b/drivers/gpu/drm/panel/panel-s6e8aa0.c
+@@ -835,7 +835,7 @@ static void s6e8aa0_read_mtp_id(struct s
+ int ret, i;
+
+ ret = s6e8aa0_dcs_read(ctx, 0xd1, id, ARRAY_SIZE(id));
+- if (ret < ARRAY_SIZE(id) || id[0] == 0x00) {
++ if (ret < 0 || ret < ARRAY_SIZE(id) || id[0] == 0x00) {
+ dev_err(ctx->dev, "read id failed\n");
+ ctx->error = -EIO;
+ return;
--- /dev/null
+From foo@baz Mon Sep 24 09:22:32 CEST 2018
+From: Bart Van Assche <bart.vanassche@wdc.com>
+Date: Thu, 5 Jul 2018 10:51:35 -0700
+Subject: IB/nes: Fix a compiler warning
+
+From: Bart Van Assche <bart.vanassche@wdc.com>
+
+[ Upstream commit 4c5743bc4fe3233cecc1c184a773c79c8ee45bbe ]
+
+Avoid that the following compiler warning is reported when building with
+W=1:
+
+drivers/infiniband/hw/nes/nes_hw.c:646:51: warning: suggest braces around empty body in an 'if' statement [-Wempty-body]
+
+Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/infiniband/hw/nes/nes.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/infiniband/hw/nes/nes.h
++++ b/drivers/infiniband/hw/nes/nes.h
+@@ -156,7 +156,7 @@ do { \
+
+ #define NES_EVENT_TIMEOUT 1200000
+ #else
+-#define nes_debug(level, fmt, args...)
++#define nes_debug(level, fmt, args...) do {} while (0)
+ #define assert(expr) do {} while (0)
+
+ #define NES_EVENT_TIMEOUT 100000
--- /dev/null
+From foo@baz Mon Sep 24 09:22:32 CEST 2018
+From: Paul Burton <paul.burton@mips.com>
+Date: Mon, 16 Jul 2018 08:26:36 -0700
+Subject: MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads
+
+From: Paul Burton <paul.burton@mips.com>
+
+[ Upstream commit cd87668d601f622e0ebcfea4f78d116d5f572f4d ]
+
+The PCI_OHCI_INT_REG case in pci_ohci_read_reg() contains the following
+if statement:
+
+ if ((lo & 0x00000f00) == CS5536_USB_INTR)
+
+CS5536_USB_INTR expands to the constant 11, which gives us the following
+condition which can never evaluate true:
+
+ if ((lo & 0xf00) == 11)
+
+At least when using GCC 8.1.0 this falls foul of the tautoligcal-compare
+warning, and since the code is built with the -Werror flag the build
+fails.
+
+Fix this by shifting lo right by 8 bits in order to match the
+corresponding PCI_OHCI_INT_REG case in pci_ohci_write_reg().
+
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Patchwork: https://patchwork.linux-mips.org/patch/19861/
+Cc: Huacai Chen <chenhc@lemote.com>
+Cc: James Hogan <jhogan@kernel.org>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: linux-mips@linux-mips.org
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/mips/loongson/common/cs5536/cs5536_ohci.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/loongson/common/cs5536/cs5536_ohci.c
++++ b/arch/mips/loongson/common/cs5536/cs5536_ohci.c
+@@ -138,7 +138,7 @@ u32 pci_ohci_read_reg(int reg)
+ break;
+ case PCI_OHCI_INT_REG:
+ _rdmsr(DIVIL_MSR_REG(PIC_YSEL_LOW), &hi, &lo);
+- if ((lo & 0x00000f00) == CS5536_USB_INTR)
++ if (((lo >> PIC_YSEL_LOW_USB_SHIFT) & 0xf) == CS5536_USB_INTR)
+ conf_data = 1;
+ break;
+ default:
--- /dev/null
+From foo@baz Mon Sep 24 09:22:32 CEST 2018
+From: Jann Horn <jannh@google.com>
+Date: Sat, 7 Jul 2018 05:37:22 +0200
+Subject: mtdchar: fix overflows in adjustment of `count`
+
+From: Jann Horn <jannh@google.com>
+
+[ Upstream commit 6c6bc9ea84d0008024606bf5ba10519e20d851bf ]
+
+The first checks in mtdchar_read() and mtdchar_write() attempt to limit
+`count` such that `*ppos + count <= mtd->size`. However, they ignore the
+possibility of `*ppos > mtd->size`, allowing the calculation of `count` to
+wrap around. `mtdchar_lseek()` prevents seeking beyond mtd->size, but the
+pread/pwrite syscalls bypass this.
+
+I haven't found any codepath on which this actually causes dangerous
+behavior, but it seems like a sensible change anyway.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Jann Horn <jannh@google.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mtd/mtdchar.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/drivers/mtd/mtdchar.c
++++ b/drivers/mtd/mtdchar.c
+@@ -190,8 +190,12 @@ static ssize_t mtdchar_read(struct file
+
+ pr_debug("MTD_read\n");
+
+- if (*ppos + count > mtd->size)
+- count = mtd->size - *ppos;
++ if (*ppos + count > mtd->size) {
++ if (*ppos < mtd->size)
++ count = mtd->size - *ppos;
++ else
++ count = 0;
++ }
+
+ if (!count)
+ return 0;
+@@ -276,7 +280,7 @@ static ssize_t mtdchar_write(struct file
+
+ pr_debug("MTD_write\n");
+
+- if (*ppos == mtd->size)
++ if (*ppos >= mtd->size)
+ return -ENOSPC;
+
+ if (*ppos + count > mtd->size)
--- /dev/null
+From foo@baz Mon Sep 24 09:22:32 CEST 2018
+From: Julia Lawall <Julia.Lawall@lip6.fr>
+Date: Thu, 12 Jul 2018 22:29:55 +0100
+Subject: parport: sunbpp: fix error return code
+
+From: Julia Lawall <Julia.Lawall@lip6.fr>
+
+[ Upstream commit faa1a47388b33623e4d504c23569188907b039a0 ]
+
+Return an error code on failure. Change leading spaces to tab on the
+first if.
+
+Problem found using Coccinelle.
+
+Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
+Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/parport/parport_sunbpp.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/drivers/parport/parport_sunbpp.c
++++ b/drivers/parport/parport_sunbpp.c
+@@ -286,12 +286,16 @@ static int bpp_probe(struct platform_dev
+
+ ops = kmemdup(&parport_sunbpp_ops, sizeof(struct parport_operations),
+ GFP_KERNEL);
+- if (!ops)
++ if (!ops) {
++ err = -ENOMEM;
+ goto out_unmap;
++ }
+
+ dprintk(("register_port\n"));
+- if (!(p = parport_register_port((unsigned long)base, irq, dma, ops)))
++ if (!(p = parport_register_port((unsigned long)base, irq, dma, ops))) {
++ err = -ENOMEM;
+ goto out_free_ops;
++ }
+
+ p->size = size;
+ p->dev = &op->dev;
--- /dev/null
+From foo@baz Mon Sep 24 09:22:32 CEST 2018
+From: Zhouyang Jia <jiazhouyang09@gmail.com>
+Date: Tue, 12 Jun 2018 12:40:03 +0800
+Subject: rtc: bq4802: add error handling for devm_ioremap
+
+From: Zhouyang Jia <jiazhouyang09@gmail.com>
+
+[ Upstream commit 7874b919866ba91bac253fa219d3d4c82bb944df ]
+
+When devm_ioremap fails, the lack of error-handling code may
+cause unexpected results.
+
+This patch adds error-handling code after calling devm_ioremap.
+
+Signed-off-by: Zhouyang Jia <jiazhouyang09@gmail.com>
+Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/rtc/rtc-bq4802.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/rtc/rtc-bq4802.c
++++ b/drivers/rtc/rtc-bq4802.c
+@@ -164,6 +164,10 @@ static int bq4802_probe(struct platform_
+ } else if (p->r->flags & IORESOURCE_MEM) {
+ p->regs = devm_ioremap(&pdev->dev, p->r->start,
+ resource_size(p->r));
++ if (!p->regs){
++ err = -ENOMEM;
++ goto out;
++ }
+ p->read = bq4802_read_mem;
+ p->write = bq4802_write_mem;
+ } else {
usb-cdc-wdm-fix-a-sleep-in-atomic-context-bug-in-service_outstanding_interrupt.patch
cifs-prevent-integer-overflow-in-nxt_dir_entry.patch
cifs-fix-wrapping-bugs-in-num_entries.patch
+binfmt_elf-respect-error-return-from-regset-active.patch
+audit-fix-use-after-free-in-audit_add_watch.patch
+mtdchar-fix-overflows-in-adjustment-of-count.patch
+mips-loongson64-cs5536-fix-pci_ohci_int_reg-reads.patch
+arm-hisi-handle-of_iomap-and-fix-missing-of_node_put.patch
+arm-hisi-check-of_iomap-and-fix-missing-of_node_put.patch
+parport-sunbpp-fix-error-return-code.patch
+rtc-bq4802-add-error-handling-for-devm_ioremap.patch
+alsa-pcm-fix-snd_interval_refine-first-last-with-open-min-max.patch
+drm-panel-type-promotion-bug-in-s6e8aa0_read_mtp_id.patch
+ib-nes-fix-a-compiler-warning.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
