Home Home > GIT Browse > SLE12-SP4
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Thumshirn <jthumshirn@suse.de>2019-07-22 09:35:22 +0200
committerJohannes Thumshirn <jthumshirn@suse.de>2019-07-22 09:35:22 +0200
commit29ec5476cfb895b90aa90267c01e8f1da2d9cbca (patch)
tree5ddb396da973e080ee1c2954066c8697ecb703ca
parentdfd082ce39b049e1e6e76e672ede26f7bc64b82f (diff)
parent92c97100e3460d2fcf9253048582b82b35898332 (diff)
Merge remote-tracking branch 'origin/SLE15' into SLE12-SP4SLE12-SP4
Conflicts: series.conf
-rw-r--r--patches.arch/mm-nvdimm-add-is_ioremap_addr-and-use-that-to-check-.patch4
-rw-r--r--patches.drivers/ALSA-hda-realtek-Fixed-Headphone-Mic-can-t-record-on.patch40
-rw-r--r--patches.drivers/ALSA-hda-realtek-apply-ALC891-headset-fixup-to-one-D.patch37
-rw-r--r--patches.drivers/ALSA-seq-Break-too-long-mutex-context-in-the-write-l.patch76
-rw-r--r--patches.drivers/clk-qcom-Fix-Wunused-const-variable.patch98
-rw-r--r--patches.drivers/clk-rockchip-Don-t-yell-about-bad-mmc-phases-when-ge.patch52
-rw-r--r--patches.drivers/clk-tegra210-fix-PLLU-and-PLLU_OUT1.patch72
-rw-r--r--patches.drivers/dmaengine-hsu-Revert-set-HSU_CH_MTSR-to-memory-width.patch51
-rw-r--r--patches.drivers/mei-bus-need-to-unlink-client-before-freeing.patch79
-rw-r--r--patches.drivers/mei-me-add-denverton-innovation-engine-device-IDs.patch45
-rw-r--r--patches.drivers/mei-me-add-gemini-lake-devices-id.patch42
-rw-r--r--patches.fixes/crypto-talitos-fix-max-key-size-for-sha384-and-sha51.patch42
-rw-r--r--patches.suse/be2net-Fix-number-of-Rx-queues-used-for-flow-hashing.patch72
-rw-r--r--patches.suse/ipv6-flowlabel-fl6_sock_lookup-must-use-atomic_inc_n.patch45
-rw-r--r--patches.suse/lapb-fixed-leak-of-control-blocks.patch40
-rw-r--r--patches.suse/neigh-fix-use-after-free-read-in-pneigh_get_next.patch183
-rw-r--r--patches.suse/net-openvswitch-do-not-free-vport-if-register_netdev.patch107
-rw-r--r--patches.suse/pkey-indicate-old-mkvp-only-if-old-and-current-mkvp-are-different32
-rw-r--r--patches.suse/sctp-Free-cookie-before-we-memdup-a-new-one.patch80
-rw-r--r--patches.suse/sunhv-Fix-device-naming-inconsistency-between-sunhv_.patch60
-rw-r--r--patches.suse/vsock-virtio-set-SOCK_DONE-on-peer-shutdown.patch36
-rw-r--r--series.conf24
22 files changed, 1311 insertions, 6 deletions
diff --git a/patches.arch/mm-nvdimm-add-is_ioremap_addr-and-use-that-to-check-.patch b/patches.arch/mm-nvdimm-add-is_ioremap_addr-and-use-that-to-check-.patch
index 1fc3953ec2..4d284a35b7 100644
--- a/patches.arch/mm-nvdimm-add-is_ioremap_addr-and-use-that-to-check-.patch
+++ b/patches.arch/mm-nvdimm-add-is_ioremap_addr-and-use-that-to-check-.patch
@@ -5,9 +5,7 @@ Subject: [PATCH] mm/nvdimm: add is_ioremap_addr and use that to check ioremap
address
References: bsc#1140322 LTC#176270
-Patch-mainline: queued
-Git-repo: git://git.cmpxchg.org/linux-mmots.git
-Git-commit: 5d61685fe1a3cf52269f94b2a28af64c616a0ea9
+Patch-mainline: Submitted, https://patchwork.kernel.org/patch/11026025/
Architectures like powerpc use different address range to map ioremap and
vmalloc range. The memunmap() check used by the nvdimm layer was wrongly
diff --git a/patches.drivers/ALSA-hda-realtek-Fixed-Headphone-Mic-can-t-record-on.patch b/patches.drivers/ALSA-hda-realtek-Fixed-Headphone-Mic-can-t-record-on.patch
new file mode 100644
index 0000000000..b87e2efc55
--- /dev/null
+++ b/patches.drivers/ALSA-hda-realtek-Fixed-Headphone-Mic-can-t-record-on.patch
@@ -0,0 +1,40 @@
+From fbc571290d9f7bfe089c50f4ac4028dd98ebfe98 Mon Sep 17 00:00:00 2001
+From: Kailang Yang <kailang@realtek.com>
+Date: Mon, 15 Jul 2019 10:41:50 +0800
+Subject: [PATCH] ALSA: hda/realtek - Fixed Headphone Mic can't record on Dell platform
+Git-commit: fbc571290d9f7bfe089c50f4ac4028dd98ebfe98
+Patch-mainline: v5.3-rc1
+References: bsc#1051510
+
+It assigned to wrong model. So, The headphone Mic can't work.
+
+Fixes: 3f640970a414 ("ALSA: hda - Fix headset mic detection problem for several Dell laptops")
+Signed-off-by: Kailang Yang <kailang@realtek.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ sound/pci/hda/patch_realtek.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
+index f24a757f8239..1c84c12b39b3 100644
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -7657,9 +7657,12 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = {
+ {0x12, 0x90a60130},
+ {0x17, 0x90170110},
+ {0x21, 0x03211020}),
+- SND_HDA_PIN_QUIRK(0x10ec0295, 0x1028, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE,
++ SND_HDA_PIN_QUIRK(0x10ec0295, 0x1028, "Dell", ALC269_FIXUP_DELL4_MIC_NO_PRESENCE,
+ {0x14, 0x90170110},
+ {0x21, 0x04211020}),
++ SND_HDA_PIN_QUIRK(0x10ec0295, 0x1028, "Dell", ALC269_FIXUP_DELL4_MIC_NO_PRESENCE,
++ {0x14, 0x90170110},
++ {0x21, 0x04211030}),
+ SND_HDA_PIN_QUIRK(0x10ec0295, 0x1028, "Dell", ALC269_FIXUP_DELL1_MIC_NO_PRESENCE,
+ ALC295_STANDARD_PINS,
+ {0x17, 0x21014020},
+--
+2.16.4
+
diff --git a/patches.drivers/ALSA-hda-realtek-apply-ALC891-headset-fixup-to-one-D.patch b/patches.drivers/ALSA-hda-realtek-apply-ALC891-headset-fixup-to-one-D.patch
new file mode 100644
index 0000000000..30187d84d0
--- /dev/null
+++ b/patches.drivers/ALSA-hda-realtek-apply-ALC891-headset-fixup-to-one-D.patch
@@ -0,0 +1,37 @@
+From 4b4e0e32e4b09274dbc9d173016c1a026f44608c Mon Sep 17 00:00:00 2001
+From: Hui Wang <hui.wang@canonical.com>
+Date: Tue, 16 Jul 2019 15:21:34 +0800
+Subject: [PATCH] ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
+Git-commit: 4b4e0e32e4b09274dbc9d173016c1a026f44608c
+Patch-mainline: v5.3-rc1
+References: bsc#1051510
+
+Without this patch, the headset-mic and headphone-mic don't work.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Hui Wang <hui.wang@canonical.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ sound/pci/hda/patch_realtek.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
+index 1c84c12b39b3..de224cbea7a0 100644
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -8803,6 +8803,11 @@ static const struct snd_hda_pin_quirk alc662_pin_fixup_tbl[] = {
+ {0x18, 0x01a19030},
+ {0x1a, 0x01813040},
+ {0x21, 0x01014020}),
++ SND_HDA_PIN_QUIRK(0x10ec0867, 0x1028, "Dell", ALC891_FIXUP_DELL_MIC_NO_PRESENCE,
++ {0x16, 0x01813030},
++ {0x17, 0x02211010},
++ {0x18, 0x01a19040},
++ {0x21, 0x01014020}),
+ SND_HDA_PIN_QUIRK(0x10ec0662, 0x1028, "Dell", ALC662_FIXUP_DELL_MIC_NO_PRESENCE,
+ {0x14, 0x01014010},
+ {0x18, 0x01a19020},
+--
+2.16.4
+
diff --git a/patches.drivers/ALSA-seq-Break-too-long-mutex-context-in-the-write-l.patch b/patches.drivers/ALSA-seq-Break-too-long-mutex-context-in-the-write-l.patch
new file mode 100644
index 0000000000..123538a072
--- /dev/null
+++ b/patches.drivers/ALSA-seq-Break-too-long-mutex-context-in-the-write-l.patch
@@ -0,0 +1,76 @@
+From ede34f397ddb063b145b9e7d79c6026f819ded13 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 15 Jul 2019 22:50:27 +0200
+Subject: [PATCH] ALSA: seq: Break too long mutex context in the write loop
+Git-commit: ede34f397ddb063b145b9e7d79c6026f819ded13
+Patch-mainline: v5.3-rc1
+References: bsc#1051510
+
+The fix for the racy writes and ioctls to sequencer widened the
+application of client->ioctl_mutex to the whole write loop. Although
+it does unlock/relock for the lengthy operation like the event dup,
+the loop keeps the ioctl_mutex for the whole time in other
+situations. This may take quite long time if the user-space would
+give a huge buffer, and this is a likely cause of some weird behavior
+spotted by syzcaller fuzzer.
+
+This patch puts a simple workaround, just adding a mutex break in the
+loop when a large number of events have been processed. This
+shouldn't hit any performance drop because the threshold is set high
+enough for usual operations.
+
+Fixes: 7bd800915677 ("ALSA: seq: More protection for concurrent write and ioctl races")
+Reported-by: syzbot+97aae04ce27e39cbfca9@syzkaller.appspotmail.com
+Reported-by: syzbot+4c595632b98bb8ffcc66@syzkaller.appspotmail.com
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ sound/core/seq/seq_clientmgr.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c
+index a60e7a17f0b8..7737b2670064 100644
+--- a/sound/core/seq/seq_clientmgr.c
++++ b/sound/core/seq/seq_clientmgr.c
+@@ -1021,7 +1021,7 @@ static ssize_t snd_seq_write(struct file *file, const char __user *buf,
+ {
+ struct snd_seq_client *client = file->private_data;
+ int written = 0, len;
+- int err;
++ int err, handled;
+ struct snd_seq_event event;
+
+ if (!(snd_seq_file_flags(file) & SNDRV_SEQ_LFLG_OUTPUT))
+@@ -1034,6 +1034,8 @@ static ssize_t snd_seq_write(struct file *file, const char __user *buf,
+ if (!client->accept_output || client->pool == NULL)
+ return -ENXIO;
+
++ repeat:
++ handled = 0;
+ /* allocate the pool now if the pool is not allocated yet */
+ mutex_lock(&client->ioctl_mutex);
+ if (client->pool->size > 0 && !snd_seq_write_pool_allocated(client)) {
+@@ -1093,12 +1095,19 @@ static ssize_t snd_seq_write(struct file *file, const char __user *buf,
+ 0, 0, &client->ioctl_mutex);
+ if (err < 0)
+ break;
++ handled++;
+
+ __skip_event:
+ /* Update pointers and counts */
+ count -= len;
+ buf += len;
+ written += len;
++
++ /* let's have a coffee break if too many events are queued */
++ if (++handled >= 200) {
++ mutex_unlock(&client->ioctl_mutex);
++ goto repeat;
++ }
+ }
+
+ out:
+--
+2.16.4
+
diff --git a/patches.drivers/clk-qcom-Fix-Wunused-const-variable.patch b/patches.drivers/clk-qcom-Fix-Wunused-const-variable.patch
new file mode 100644
index 0000000000..3ce29afdd8
--- /dev/null
+++ b/patches.drivers/clk-qcom-Fix-Wunused-const-variable.patch
@@ -0,0 +1,98 @@
+From da642427bd7710ec4f4140f693f59aa8521a358c Mon Sep 17 00:00:00 2001
+From: Nathan Huckleberry <nhuck@google.com>
+Date: Tue, 11 Jun 2019 14:11:34 -0700
+Subject: [PATCH] clk: qcom: Fix -Wunused-const-variable
+Git-commit: da642427bd7710ec4f4140f693f59aa8521a358c
+Patch-mainline: 5.3-rc1
+References: bsc#1051510
+
+Clang produces the following warning
+
+drivers/clk/qcom/gcc-msm8996.c:133:32: warning: unused variable
+'gcc_xo_gpll0_gpll2_gpll3_gpll0_early_div_map' [-Wunused-const-variable]
+static const struct
+parent_map gcc_xo_gpll0_gpll2_gpll3_gpll0_early_div_map[] =
+{ ^drivers/clk/qcom/gcc-msm8996.c:141:27: warning: unused variable
+'gcc_xo_gpll0_gpll2_gpll3_gpll0_early_div' [-Wunused-const-variable] static
+const char * const gcc_xo_gpll0_gpll2_gpll3_gpll0_early_div[] = { ^
+drivers/clk/qcom/gcc-msm8996.c:187:32: warning: unused variable
+'gcc_xo_gpll0_gpll2_gpll3_gpll1_gpll4_gpll0_early_div_map'
+[-Wunused-const-variable] static const struct parent_map
+gcc_xo_gpll0_gpll2_gpll3_gpll1_gpll4_gpll0_early_div_map[] = { ^
+drivers/clk/qcom/gcc-msm8996.c:197:27: warning: unused variable
+'gcc_xo_gpll0_gpll2_gpll3_gpll1_gpll4_gpll0_early_div'
+[-Wunused-const-variable] static const char * const
+gcc_xo_gpll0_gpll2_gpll3_gpll1_gpll4_gpll0_early_div[] = {
+
+It looks like these were never used.
+
+Fixes: b1e010c0730a ("clk: qcom: Add MSM8996 Global Clock Control (GCC) driver")
+Cc: clang-built-linux@googlegroups.com
+Link: https://github.com/ClangBuiltLinux/linux/issues/518
+Suggested-by: Nathan Chancellor <natechancellor@gmail.com>
+Signed-off-by: Nathan Huckleberry <nhuck@google.com>
+Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
+Signed-off-by: Stephen Boyd <sboyd@kernel.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/clk/qcom/gcc-msm8996.c | 36 ------------------------------------
+ 1 file changed, 36 deletions(-)
+
+diff --git a/drivers/clk/qcom/gcc-msm8996.c b/drivers/clk/qcom/gcc-msm8996.c
+index 4632b9272b7f..292d7214a226 100644
+--- a/drivers/clk/qcom/gcc-msm8996.c
++++ b/drivers/clk/qcom/gcc-msm8996.c
+@@ -138,22 +138,6 @@ static const char * const gcc_xo_gpll0_gpll4_gpll0_early_div[] = {
+ "gpll0_early_div"
+ };
+
+-static const struct parent_map gcc_xo_gpll0_gpll2_gpll3_gpll0_early_div_map[] = {
+- { P_XO, 0 },
+- { P_GPLL0, 1 },
+- { P_GPLL2, 2 },
+- { P_GPLL3, 3 },
+- { P_GPLL0_EARLY_DIV, 6 }
+-};
+-
+-static const char * const gcc_xo_gpll0_gpll2_gpll3_gpll0_early_div[] = {
+- "xo",
+- "gpll0",
+- "gpll2",
+- "gpll3",
+- "gpll0_early_div"
+-};
+-
+ static const struct parent_map gcc_xo_gpll0_gpll1_early_div_gpll1_gpll4_gpll0_early_div_map[] = {
+ { P_XO, 0 },
+ { P_GPLL0, 1 },
+@@ -192,26 +176,6 @@ static const char * const gcc_xo_gpll0_gpll2_gpll3_gpll1_gpll2_early_gpll0_early
+ "gpll0_early_div"
+ };
+
+-static const struct parent_map gcc_xo_gpll0_gpll2_gpll3_gpll1_gpll4_gpll0_early_div_map[] = {
+- { P_XO, 0 },
+- { P_GPLL0, 1 },
+- { P_GPLL2, 2 },
+- { P_GPLL3, 3 },
+- { P_GPLL1, 4 },
+- { P_GPLL4, 5 },
+- { P_GPLL0_EARLY_DIV, 6 }
+-};
+-
+-static const char * const gcc_xo_gpll0_gpll2_gpll3_gpll1_gpll4_gpll0_early_div[] = {
+- "xo",
+- "gpll0",
+- "gpll2",
+- "gpll3",
+- "gpll1",
+- "gpll4",
+- "gpll0_early_div"
+-};
+-
+ static struct clk_fixed_factor xo = {
+ .mult = 1,
+ .div = 1,
+--
+2.16.4
+
diff --git a/patches.drivers/clk-rockchip-Don-t-yell-about-bad-mmc-phases-when-ge.patch b/patches.drivers/clk-rockchip-Don-t-yell-about-bad-mmc-phases-when-ge.patch
new file mode 100644
index 0000000000..49795603d8
--- /dev/null
+++ b/patches.drivers/clk-rockchip-Don-t-yell-about-bad-mmc-phases-when-ge.patch
@@ -0,0 +1,52 @@
+From 6943b839721ad4a31ad2bacf6e71b21f2dfe3134 Mon Sep 17 00:00:00 2001
+From: Douglas Anderson <dianders@chromium.org>
+Date: Fri, 3 May 2019 14:22:08 -0700
+Subject: [PATCH] clk: rockchip: Don't yell about bad mmc phases when getting
+Git-commit: 6943b839721ad4a31ad2bacf6e71b21f2dfe3134
+Patch-mainline: 5.3-rc1
+References: bsc#1051510
+
+At boot time, my rk3288-veyron devices yell with 8 lines that look
+like this:
+ [ 0.000000] rockchip_mmc_get_phase: invalid clk rate
+
+This is because the clock framework at clk_register() time tries to
+get the phase but we don't have a parent yet.
+
+While the errors appear to be harmless they are still ugly and, in
+general, we don't want yells like this in the log unless they are
+important.
+
+There's no real reason to be yelling here. We can still return
+-EINVAL to indicate that the phase makes no sense without a parent.
+If someone really tries to do tuning and the clock is reported as 0
+then we'll see the yells in rockchip_mmc_set_phase().
+
+Fixes: 4bf59902b500 ("clk: rockchip: Prevent calculating mmc phase if clock rate is zero")
+Signed-off-by: Douglas Anderson <dianders@chromium.org>
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/clk/rockchip/clk-mmc-phase.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/drivers/clk/rockchip/clk-mmc-phase.c b/drivers/clk/rockchip/clk-mmc-phase.c
+index 07526f64dbfd..17662217d1bb 100644
+--- a/drivers/clk/rockchip/clk-mmc-phase.c
++++ b/drivers/clk/rockchip/clk-mmc-phase.c
+@@ -61,10 +61,8 @@ static int rockchip_mmc_get_phase(struct clk_hw *hw)
+ u32 delay_num = 0;
+
+ /* See the comment for rockchip_mmc_set_phase below */
+- if (!rate) {
+- pr_err("%s: invalid clk rate\n", __func__);
++ if (!rate)
+ return -EINVAL;
+- }
+
+ raw_value = readl(mmc_clock->reg) >> (mmc_clock->shift);
+
+--
+2.16.4
+
diff --git a/patches.drivers/clk-tegra210-fix-PLLU-and-PLLU_OUT1.patch b/patches.drivers/clk-tegra210-fix-PLLU-and-PLLU_OUT1.patch
new file mode 100644
index 0000000000..69ac925158
--- /dev/null
+++ b/patches.drivers/clk-tegra210-fix-PLLU-and-PLLU_OUT1.patch
@@ -0,0 +1,72 @@
+From 0d34dfbf3023cf119b83f6470692c0b10c832495 Mon Sep 17 00:00:00 2001
+From: JC Kuo <jckuo@nvidia.com>
+Date: Wed, 12 Jun 2019 11:14:34 +0800
+Subject: [PATCH] clk: tegra210: fix PLLU and PLLU_OUT1
+Git-commit: 0d34dfbf3023cf119b83f6470692c0b10c832495
+Patch-mainline: 5.3-rc1
+References: bsc#1051510
+
+Full-speed and low-speed USB devices do not work with Tegra210
+platforms because of incorrect PLLU/PLLU_OUT1 clock settings.
+
+When full-speed device is connected:
+[ 14.059886] usb 1-3: new full-speed USB device number 2 using tegra-xusb
+[ 14.196295] usb 1-3: device descriptor read/64, error -71
+[ 14.436311] usb 1-3: device descriptor read/64, error -71
+[ 14.675749] usb 1-3: new full-speed USB device number 3 using tegra-xusb
+[ 14.812335] usb 1-3: device descriptor read/64, error -71
+[ 15.052316] usb 1-3: device descriptor read/64, error -71
+[ 15.164799] usb usb1-port3: attempt power cycle
+
+When low-speed device is connected:
+[ 37.610949] usb usb1-port3: Cannot enable. Maybe the USB cable is bad?
+[ 38.557376] usb usb1-port3: Cannot enable. Maybe the USB cable is bad?
+[ 38.564977] usb usb1-port3: attempt power cycle
+
+This commit fixes the issue by:
+ 1. initializing PLLU_OUT1 before initializing XUSB_FS_SRC clock
+ because PLLU_OUT1 is parent of XUSB_FS_SRC.
+ 2. changing PLLU post-divider to /2 (DIVP=1) according to Technical
+ Reference Manual.
+
+Fixes: e745f992cf4b ("clk: tegra: Rework pll_u")
+Signed-off-by: JC Kuo <jckuo@nvidia.com>
+Acked-by: Peter De Schrijver <pdeschrijver@nvidia.com>
+Signed-off-by: Stephen Boyd <sboyd@kernel.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/clk/tegra/clk-tegra210.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/clk/tegra/clk-tegra210.c
++++ b/drivers/clk/tegra/clk-tegra210.c
+@@ -2054,9 +2054,9 @@ static struct div_nmp pllu_nmp = {
+ };
+
+ static struct tegra_clk_pll_freq_table pll_u_freq_table[] = {
+- { 12000000, 480000000, 40, 1, 0, 0 },
+- { 13000000, 480000000, 36, 1, 0, 0 }, /* actual: 468.0 MHz */
+- { 38400000, 480000000, 25, 2, 0, 0 },
++ { 12000000, 480000000, 40, 1, 1, 0 },
++ { 13000000, 480000000, 36, 1, 1, 0 }, /* actual: 468.0 MHz */
++ { 38400000, 480000000, 25, 2, 1, 0 },
+ { 0, 0, 0, 0, 0, 0 },
+ };
+
+@@ -2979,6 +2979,7 @@ static struct tegra_clk_init_table init_
+ { TEGRA210_CLK_DFLL_REF, TEGRA210_CLK_PLL_P, 51000000, 1 },
+ { TEGRA210_CLK_SBC4, TEGRA210_CLK_PLL_P, 12000000, 1 },
+ { TEGRA210_CLK_PLL_RE_VCO, TEGRA210_CLK_CLK_MAX, 672000000, 1 },
++ { TEGRA210_CLK_PLL_U_OUT1, TEGRA210_CLK_CLK_MAX, 48000000, 1 },
+ { TEGRA210_CLK_XUSB_GATE, TEGRA210_CLK_CLK_MAX, 0, 1 },
+ { TEGRA210_CLK_XUSB_SS_SRC, TEGRA210_CLK_PLL_U_480M, 120000000, 0 },
+ { TEGRA210_CLK_XUSB_FS_SRC, TEGRA210_CLK_PLL_U_48M, 48000000, 0 },
+@@ -3004,7 +3005,6 @@ static struct tegra_clk_init_table init_
+ { TEGRA210_CLK_PLL_DP, TEGRA210_CLK_CLK_MAX, 270000000, 0 },
+ { TEGRA210_CLK_SOC_THERM, TEGRA210_CLK_PLL_P, 51000000, 0 },
+ { TEGRA210_CLK_CCLK_G, TEGRA210_CLK_CLK_MAX, 0, 1 },
+- { TEGRA210_CLK_PLL_U_OUT1, TEGRA210_CLK_CLK_MAX, 48000000, 1 },
+ { TEGRA210_CLK_PLL_U_OUT2, TEGRA210_CLK_CLK_MAX, 60000000, 1 },
+ /* This MUST be the last entry. */
+ { TEGRA210_CLK_CLK_MAX, TEGRA210_CLK_CLK_MAX, 0, 0 },
diff --git a/patches.drivers/dmaengine-hsu-Revert-set-HSU_CH_MTSR-to-memory-width.patch b/patches.drivers/dmaengine-hsu-Revert-set-HSU_CH_MTSR-to-memory-width.patch
new file mode 100644
index 0000000000..eabef6274a
--- /dev/null
+++ b/patches.drivers/dmaengine-hsu-Revert-set-HSU_CH_MTSR-to-memory-width.patch
@@ -0,0 +1,51 @@
+From c24a5c735f87d0549060de31367c095e8810b895 Mon Sep 17 00:00:00 2001
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Date: Thu, 13 Jun 2019 16:32:32 +0300
+Subject: [PATCH] dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width"
+Git-commit: c24a5c735f87d0549060de31367c095e8810b895
+Patch-mainline: 5.3-rc1
+References: bsc#1051510
+
+The commit
+
+ 080edf75d337 ("dmaengine: hsu: set HSU_CH_MTSR to memory width")
+
+has been mistakenly submitted. The further investigations show that
+the original code does better job since the memory side transfer size
+has never been configured by DMA users.
+
+As per latest revision of documentation: "Channel minimum transfer size
+(CHnMTSR)... For IOSF UART, maximum value that can be programmed is 64 and
+minimum value that can be programmed is 1."
+
+This reverts commit 080edf75d337d35faa6fc3df99342b10d2848d16.
+
+Fixes: 080edf75d337 ("dmaengine: hsu: set HSU_CH_MTSR to memory width")
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Signed-off-by: Vinod Koul <vkoul@kernel.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/dma/hsu/hsu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/dma/hsu/hsu.c b/drivers/dma/hsu/hsu.c
+index e06f20272fd7..dfabc64c2ab0 100644
+--- a/drivers/dma/hsu/hsu.c
++++ b/drivers/dma/hsu/hsu.c
+@@ -64,10 +64,10 @@ static void hsu_dma_chan_start(struct hsu_dma_chan *hsuc)
+
+ if (hsuc->direction == DMA_MEM_TO_DEV) {
+ bsr = config->dst_maxburst;
+- mtsr = config->src_addr_width;
++ mtsr = config->dst_addr_width;
+ } else if (hsuc->direction == DMA_DEV_TO_MEM) {
+ bsr = config->src_maxburst;
+- mtsr = config->dst_addr_width;
++ mtsr = config->src_addr_width;
+ }
+
+ hsu_chan_disable(hsuc);
+--
+2.16.4
+
diff --git a/patches.drivers/mei-bus-need-to-unlink-client-before-freeing.patch b/patches.drivers/mei-bus-need-to-unlink-client-before-freeing.patch
new file mode 100644
index 0000000000..dcaf538c99
--- /dev/null
+++ b/patches.drivers/mei-bus-need-to-unlink-client-before-freeing.patch
@@ -0,0 +1,79 @@
+From 34f1166afd67f9f48a08c52f36180048908506a4 Mon Sep 17 00:00:00 2001
+From: Tomas Winkler <tomas.winkler@intel.com>
+Date: Mon, 27 Aug 2018 22:40:16 +0300
+Subject: [PATCH] mei: bus: need to unlink client before freeing
+Mime-version: 1.0
+Content-type: text/plain; charset=UTF-8
+Content-transfer-encoding: 8bit
+Git-commit: 34f1166afd67f9f48a08c52f36180048908506a4
+Patch-mainline: v4.19-rc4
+References: bsc#1051510
+
+In case a client fails to connect in mei_cldev_enable(), the
+caller won't call the mei_cldev_disable leaving the client
+in a linked stated. Upon driver unload the client structure
+will be freed in mei_cl_bus_dev_release(), leaving a stale pointer
+on a fail_list. This will eventually end up in crash
+during power down flow in mei_cl_set_disonnected().
+
+Rip: mei_cl_set_disconnected+0x5/0x260[mei]
+Call trace:
+mei_cl_all_disconnect+0x22/0x30
+mei_reset+0x194/0x250
+__synchronize_hardirq+0x43/0x50
+_cond_resched+0x15/0x30
+mei_me_intr_clear+0x20/0x100
+mei_stop+0x76/0xb0
+mei_me_shutdown+0x3f/0x80
+pci_device_shutdown+0x34/0x60
+kernel_restart+0x0e/0x30
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200455
+Fixes: 'c110cdb17148 ("mei: bus: make a client pointer always available")'
+Cc: <stable@vger.kernel.org> 4.10+
+Tested-by: Georg Müller <georgmueller@gmx.net>
+Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/misc/mei/bus.c | 9 ++++-----
+ 1 file changed, 4 insertions(+), 5 deletions(-)
+
+--- a/drivers/misc/mei/bus.c
++++ b/drivers/misc/mei/bus.c
+@@ -465,17 +465,15 @@ int mei_cldev_enable(struct mei_cl_devic
+
+ cl = cldev->cl;
+
++ mutex_lock(&bus->device_lock);
+ if (cl->state == MEI_FILE_UNINITIALIZED) {
+- mutex_lock(&bus->device_lock);
+ ret = mei_cl_link(cl);
+- mutex_unlock(&bus->device_lock);
+ if (ret)
+- return ret;
++ goto out;
+ /* update pointers */
+ cl->cldev = cldev;
+ }
+
+- mutex_lock(&bus->device_lock);
+ if (mei_cl_is_connected(cl)) {
+ ret = 0;
+ goto out;
+@@ -841,12 +839,13 @@ static void mei_cl_bus_dev_release(struc
+
+ mei_me_cl_put(cldev->me_cl);
+ mei_dev_bus_put(cldev->bus);
++ mei_cl_unlink(cldev->cl);
+ kfree(cldev->cl);
+ kfree(cldev);
+ }
+
+ static struct device_type mei_cl_device_type = {
+- .release = mei_cl_bus_dev_release,
++ .release = mei_cl_bus_dev_release,
+ };
+
+ /**
diff --git a/patches.drivers/mei-me-add-denverton-innovation-engine-device-IDs.patch b/patches.drivers/mei-me-add-denverton-innovation-engine-device-IDs.patch
new file mode 100644
index 0000000000..d6a9450207
--- /dev/null
+++ b/patches.drivers/mei-me-add-denverton-innovation-engine-device-IDs.patch
@@ -0,0 +1,45 @@
+From f7ee8ead151f9d0b8dac6ab6c3ff49bbe809c564 Mon Sep 17 00:00:00 2001
+From: Tomas Winkler <tomas.winkler@intel.com>
+Date: Sun, 13 Jan 2019 14:24:48 +0200
+Subject: [PATCH] mei: me: add denverton innovation engine device IDs
+Git-commit: f7ee8ead151f9d0b8dac6ab6c3ff49bbe809c564
+Patch-mainline: v5.0-rc4
+References: bsc#1051510
+
+Add the Denverton innovation engine (IE) device ids.
+The IE is an ME-like device which provides HW security
+offloading.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
+Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/misc/mei/hw-me-regs.h | 2 ++
+ drivers/misc/mei/pci-me.c | 2 ++
+ 2 files changed, 4 insertions(+)
+
+--- a/drivers/misc/mei/hw-me-regs.h
++++ b/drivers/misc/mei/hw-me-regs.h
+@@ -127,6 +127,8 @@
+ #define MEI_DEV_ID_BXT_M 0x1A9A /* Broxton M */
+ #define MEI_DEV_ID_APL_I 0x5A9A /* Apollo Lake I */
+
++#define MEI_DEV_ID_DNV_IE 0x19E5 /* Denverton IE */
++
+ #define MEI_DEV_ID_GLK 0x319A /* Gemini Lake */
+
+ #define MEI_DEV_ID_KBP 0xA2BA /* Kaby Point */
+--- a/drivers/misc/mei/pci-me.c
++++ b/drivers/misc/mei/pci-me.c
+@@ -92,6 +92,8 @@ static const struct pci_device_id mei_me
+ {MEI_PCI_DEVICE(MEI_DEV_ID_BXT_M, mei_me_pch8_cfg)},
+ {MEI_PCI_DEVICE(MEI_DEV_ID_APL_I, mei_me_pch8_cfg)},
+
++ {MEI_PCI_DEVICE(MEI_DEV_ID_DNV_IE, mei_me_pch8_cfg)},
++
+ {MEI_PCI_DEVICE(MEI_DEV_ID_GLK, mei_me_pch8_cfg)},
+
+ {MEI_PCI_DEVICE(MEI_DEV_ID_KBP, mei_me_pch8_cfg)},
diff --git a/patches.drivers/mei-me-add-gemini-lake-devices-id.patch b/patches.drivers/mei-me-add-gemini-lake-devices-id.patch
new file mode 100644
index 0000000000..26bfea1fe7
--- /dev/null
+++ b/patches.drivers/mei-me-add-gemini-lake-devices-id.patch
@@ -0,0 +1,42 @@
+From 688cb67839e852740d22cf763e5eafb27d5a6e53 Mon Sep 17 00:00:00 2001
+From: Tomas Winkler <tomas.winkler@intel.com>
+Date: Sun, 24 Sep 2017 11:35:34 +0300
+Subject: [PATCH] mei: me: add gemini lake devices id
+Git-commit: 688cb67839e852740d22cf763e5eafb27d5a6e53
+Patch-mainline: v4.14-rc5
+References: bsc#1051510
+
+Add Gemini Lake (GLK) device id.
+
+Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/misc/mei/hw-me-regs.h | 2 ++
+ drivers/misc/mei/pci-me.c | 2 ++
+ 2 files changed, 4 insertions(+)
+
+--- a/drivers/misc/mei/hw-me-regs.h
++++ b/drivers/misc/mei/hw-me-regs.h
+@@ -127,6 +127,8 @@
+ #define MEI_DEV_ID_BXT_M 0x1A9A /* Broxton M */
+ #define MEI_DEV_ID_APL_I 0x5A9A /* Apollo Lake I */
+
++#define MEI_DEV_ID_GLK 0x319A /* Gemini Lake */
++
+ #define MEI_DEV_ID_KBP 0xA2BA /* Kaby Point */
+ #define MEI_DEV_ID_KBP_2 0xA2BB /* Kaby Point 2 */
+
+--- a/drivers/misc/mei/pci-me.c
++++ b/drivers/misc/mei/pci-me.c
+@@ -92,6 +92,8 @@ static const struct pci_device_id mei_me
+ {MEI_PCI_DEVICE(MEI_DEV_ID_BXT_M, mei_me_pch8_cfg)},
+ {MEI_PCI_DEVICE(MEI_DEV_ID_APL_I, mei_me_pch8_cfg)},
+
++ {MEI_PCI_DEVICE(MEI_DEV_ID_GLK, mei_me_pch8_cfg)},
++
+ {MEI_PCI_DEVICE(MEI_DEV_ID_KBP, mei_me_pch8_cfg)},
+ {MEI_PCI_DEVICE(MEI_DEV_ID_KBP_2, mei_me_pch8_cfg)},
+
diff --git a/patches.fixes/crypto-talitos-fix-max-key-size-for-sha384-and-sha51.patch b/patches.fixes/crypto-talitos-fix-max-key-size-for-sha384-and-sha51.patch
new file mode 100644
index 0000000000..194d4bbf1d
--- /dev/null
+++ b/patches.fixes/crypto-talitos-fix-max-key-size-for-sha384-and-sha51.patch
@@ -0,0 +1,42 @@
+From 192125ed5ce62afba24312d8e7a0314577565b4a Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Wed, 12 Jun 2019 05:49:50 +0000
+Subject: [PATCH] crypto: talitos - fix max key size for sha384 and sha512
+Mime-version: 1.0
+Content-type: text/plain; charset=UTF-8
+Content-transfer-encoding: 8bit
+Git-commit: 192125ed5ce62afba24312d8e7a0314577565b4a
+Patch-mainline: 5.3-rc1
+References: bsc#1051510
+
+Below commit came with a typo in the CONFIG_ symbol, leading
+to a permanently reduced max key size regarless of the driver
+capabilities.
+
+Reported-by: Horia Geantă <horia.geanta@nxp.com>
+Fixes: b8fbdc2bc4e7 ("crypto: talitos - reduce max key size for SEC1")
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/crypto/talitos.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c
+index 32a7e747dc5f..c865f5d5eaba 100644
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -823,7 +823,7 @@ static void talitos_unregister_rng(struct device *dev)
+ * HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP
+ */
+ #define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1)
+-#ifdef CONFIG_CRYPTO_DEV_TALITOS_SEC2
++#ifdef CONFIG_CRYPTO_DEV_TALITOS2
+ #define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA512_BLOCK_SIZE)
+ #else
+ #define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA256_BLOCK_SIZE)
+--
+2.16.4
+
diff --git a/patches.suse/be2net-Fix-number-of-Rx-queues-used-for-flow-hashing.patch b/patches.suse/be2net-Fix-number-of-Rx-queues-used-for-flow-hashing.patch
new file mode 100644
index 0000000000..9d2436aa0f
--- /dev/null
+++ b/patches.suse/be2net-Fix-number-of-Rx-queues-used-for-flow-hashing.patch
@@ -0,0 +1,72 @@
+From: Ivan Vecera <ivecera@redhat.com>
+Date: Fri, 14 Jun 2019 17:48:36 +0200
+Subject: be2net: Fix number of Rx queues used for flow hashing
+Git-commit: 718f4a2537089ea41903bf357071306163bc7c04
+Patch-mainline: 5.2-rc6
+References: networking-stable-19_06_18
+
+Number of Rx queues used for flow hashing returned by the driver is
+incorrect and this bug prevents user to use the last Rx queue in
+indirection table.
+
+Let's say we have a NIC with 6 combined queues:
+
+[root@sm-03 ~]# ethtool -l enp4s0f0
+Channel parameters for enp4s0f0:
+Pre-set maximums:
+RX: 5
+TX: 5
+Other: 0
+Combined: 6
+Current hardware settings:
+RX: 0
+TX: 0
+Other: 0
+Combined: 6
+
+Default indirection table maps all (6) queues equally but the driver
+reports only 5 rings available.
+
+[root@sm-03 ~]# ethtool -x enp4s0f0
+RX flow hash indirection table for enp4s0f0 with 5 RX ring(s):
+ 0: 0 1 2 3 4 5 0 1
+ 8: 2 3 4 5 0 1 2 3
+ 16: 4 5 0 1 2 3 4 5
+ 24: 0 1 2 3 4 5 0 1
+...
+
+Now change indirection table somehow:
+
+[root@sm-03 ~]# ethtool -X enp4s0f0 weight 1 1
+[root@sm-03 ~]# ethtool -x enp4s0f0
+RX flow hash indirection table for enp4s0f0 with 6 RX ring(s):
+ 0: 0 0 0 0 0 0 0 0
+...
+ 64: 1 1 1 1 1 1 1 1
+...
+
+Now it is not possible to change mapping back to equal (default) state:
+
+[root@sm-03 ~]# ethtool -X enp4s0f0 equal 6
+Cannot set RX flow hash configuration: Invalid argument
+
+Fixes: 594ad54a2c3b ("be2net: Add support for setting and getting rx flow hash options")
+Reported-by: Tianhao <tizhao@redhat.com>
+Signed-off-by: Ivan Vecera <ivecera@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/net/ethernet/emulex/benet/be_ethtool.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/emulex/benet/be_ethtool.c
++++ b/drivers/net/ethernet/emulex/benet/be_ethtool.c
+@@ -1104,7 +1104,7 @@ static int be_get_rxnfc(struct net_devic
+ cmd->data = be_get_rss_hash_opts(adapter, cmd->flow_type);
+ break;
+ case ETHTOOL_GRXRINGS:
+- cmd->data = adapter->num_rx_qs - 1;
++ cmd->data = adapter->num_rx_qs;
+ break;
+ default:
+ return -EINVAL;
diff --git a/patches.suse/ipv6-flowlabel-fl6_sock_lookup-must-use-atomic_inc_n.patch b/patches.suse/ipv6-flowlabel-fl6_sock_lookup-must-use-atomic_inc_n.patch
new file mode 100644
index 0000000000..eba0af08e8
--- /dev/null
+++ b/patches.suse/ipv6-flowlabel-fl6_sock_lookup-must-use-atomic_inc_n.patch
@@ -0,0 +1,45 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Thu, 6 Jun 2019 14:32:34 -0700
+Subject: ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
+Git-commit: 65a3c497c0e965a552008db8bc2653f62bc925a1
+Patch-mainline: 5.2-rc6
+References: networking-stable-19_06_18
+
+Before taking a refcount, make sure the object is not already
+scheduled for deletion.
+
+Same fix is needed in ipv6_flowlabel_opt()
+
+Fixes: 18367681a10b ("ipv6 flowlabel: Convert np->ipv6_fl_list to RCU.")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Willem de Bruijn <willemb@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/ipv6/ip6_flowlabel.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/net/ipv6/ip6_flowlabel.c
++++ b/net/ipv6/ip6_flowlabel.c
+@@ -254,9 +254,9 @@ struct ip6_flowlabel *fl6_sock_lookup(st
+ rcu_read_lock_bh();
+ for_each_sk_fl_rcu(np, sfl) {
+ struct ip6_flowlabel *fl = sfl->fl;
+- if (fl->label == label) {
++
++ if (fl->label == label && atomic_inc_not_zero(&fl->users)) {
+ fl->lastuse = jiffies;
+- atomic_inc(&fl->users);
+ rcu_read_unlock_bh();
+ return fl;
+ }
+@@ -623,7 +623,8 @@ int ipv6_flowlabel_opt(struct sock *sk,
+ goto done;
+ }
+ fl1 = sfl->fl;
+- atomic_inc(&fl1->users);
++ if (!atomic_inc_not_zero(&fl1->users))
++ fl1 = NULL;
+ break;
+ }
+ }
diff --git a/patches.suse/lapb-fixed-leak-of-control-blocks.patch b/patches.suse/lapb-fixed-leak-of-control-blocks.patch
new file mode 100644
index 0000000000..d8485218a9
--- /dev/null
+++ b/patches.suse/lapb-fixed-leak-of-control-blocks.patch
@@ -0,0 +1,40 @@
+From: Jeremy Sowden <jeremy@azazel.net>
+Date: Sun, 16 Jun 2019 16:54:37 +0100
+Subject: lapb: fixed leak of control-blocks.
+Git-commit: 6be8e297f9bcea666ea85ac7a6cd9d52d6deaf92
+Patch-mainline: 5.2-rc6
+References: networking-stable-19_06_18
+
+lapb_register calls lapb_create_cb, which initializes the control-
+block's ref-count to one, and __lapb_insert_cb, which increments it when
+adding the new block to the list of blocks.
+
+lapb_unregister calls __lapb_remove_cb, which decrements the ref-count
+when removing control-block from the list of blocks, and calls lapb_put
+itself to decrement the ref-count before returning.
+
+However, lapb_unregister also calls __lapb_devtostruct to look up the
+right control-block for the given net_device, and __lapb_devtostruct
+also bumps the ref-count, which means that when lapb_unregister returns
+the ref-count is still 1 and the control-block is leaked.
+
+Call lapb_put after __lapb_devtostruct to fix leak.
+
+Reported-by: syzbot+afb980676c836b4a0afa@syzkaller.appspotmail.com
+Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/lapb/lapb_iface.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/lapb/lapb_iface.c
++++ b/net/lapb/lapb_iface.c
+@@ -182,6 +182,7 @@ int lapb_unregister(struct net_device *d
+ lapb = __lapb_devtostruct(dev);
+ if (!lapb)
+ goto out;
++ lapb_put(lapb);
+
+ lapb_stop_t1timer(lapb);
+ lapb_stop_t2timer(lapb);
diff --git a/patches.suse/neigh-fix-use-after-free-read-in-pneigh_get_next.patch b/patches.suse/neigh-fix-use-after-free-read-in-pneigh_get_next.patch
new file mode 100644
index 0000000000..413fab4c8e
--- /dev/null
+++ b/patches.suse/neigh-fix-use-after-free-read-in-pneigh_get_next.patch
@@ -0,0 +1,183 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Sat, 15 Jun 2019 16:28:48 -0700
+Subject: neigh: fix use-after-free read in pneigh_get_next
+Git-commit: f3e92cb8e2eb8c27d109e6fd73d3a69a8c09e288
+Patch-mainline: 5.2-rc6
+References: networking-stable-19_06_18
+
+Nine years ago, I added RCU handling to neighbours, not pneighbours.
+(pneigh are not commonly used)
+
+Unfortunately I missed that /proc dump operations would use a
+common entry and exit point : neigh_seq_start() and neigh_seq_stop()
+
+We need to read_lock(tbl->lock) or risk use-after-free while
+iterating the pneigh structures.
+
+We might later convert pneigh to RCU and revert this patch.
+
+sysbot reported :
+
+BUG: KASAN: use-after-free in pneigh_get_next.isra.0+0x24b/0x280 net/core/neighbour.c:3158
+Read of size 8 at addr ffff888097f2a700 by task syz-executor.0/9825
+
+CPU: 1 PID: 9825 Comm: syz-executor.0 Not tainted 5.2.0-rc4+ #32
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+Call Trace:
+ __dump_stack lib/dump_stack.c:77 [inline]
+ dump_stack+0x172/0x1f0 lib/dump_stack.c:113
+ print_address_description.cold+0x7c/0x20d mm/kasan/report.c:188
+ __kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317
+ kasan_report+0x12/0x20 mm/kasan/common.c:614
+ __asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:132
+ pneigh_get_next.isra.0+0x24b/0x280 net/core/neighbour.c:3158
+ neigh_seq_next+0xdb/0x210 net/core/neighbour.c:3240
+ seq_read+0x9cf/0x1110 fs/seq_file.c:258
+ proc_reg_read+0x1fc/0x2c0 fs/proc/inode.c:221
+ do_loop_readv_writev fs/read_write.c:714 [inline]
+ do_loop_readv_writev fs/read_write.c:701 [inline]
+ do_iter_read+0x4a4/0x660 fs/read_write.c:935
+ vfs_readv+0xf0/0x160 fs/read_write.c:997
+ kernel_readv fs/splice.c:359 [inline]
+ default_file_splice_read+0x475/0x890 fs/splice.c:414
+ do_splice_to+0x127/0x180 fs/splice.c:877
+ splice_direct_to_actor+0x2d2/0x970 fs/splice.c:954
+ do_splice_direct+0x1da/0x2a0 fs/splice.c:1063
+ do_sendfile+0x597/0xd00 fs/read_write.c:1464
+ __do_sys_sendfile64 fs/read_write.c:1525 [inline]
+ __se_sys_sendfile64 fs/read_write.c:1511 [inline]
+ __x64_sys_sendfile64+0x1dd/0x220 fs/read_write.c:1511
+ do_syscall_64+0xfd/0x680 arch/x86/entry/common.c:301
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+RIP: 0033:0x4592c9
+Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
+RSP: 002b:00007f4aab51dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
+RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000004592c9
+RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005
+RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000080000000 R11: 0000000000000246 R12: 00007f4aab51e6d4
+R13: 00000000004c689d R14: 00000000004db828 R15: 00000000ffffffff
+
+Allocated by task 9827:
+ save_stack+0x23/0x90 mm/kasan/common.c:71
+ set_track mm/kasan/common.c:79 [inline]
+ __kasan_kmalloc mm/kasan/common.c:489 [inline]
+ __kasan_kmalloc.constprop.0+0xcf/0xe0 mm/kasan/common.c:462
+ kasan_kmalloc+0x9/0x10 mm/kasan/common.c:503
+ __do_kmalloc mm/slab.c:3660 [inline]
+ __kmalloc+0x15c/0x740 mm/slab.c:3669
+ kmalloc include/linux/slab.h:552 [inline]
+ pneigh_lookup+0x19c/0x4a0 net/core/neighbour.c:731
+ arp_req_set_public net/ipv4/arp.c:1010 [inline]
+ arp_req_set+0x613/0x720 net/ipv4/arp.c:1026
+ arp_ioctl+0x652/0x7f0 net/ipv4/arp.c:1226
+ inet_ioctl+0x2a0/0x340 net/ipv4/af_inet.c:926
+ sock_do_ioctl+0xd8/0x2f0 net/socket.c:1043
+ sock_ioctl+0x3ed/0x780 net/socket.c:1194
+ vfs_ioctl fs/ioctl.c:46 [inline]
+ file_ioctl fs/ioctl.c:509 [inline]
+ do_vfs_ioctl+0xd5f/0x1380 fs/ioctl.c:696
+ ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
+ __do_sys_ioctl fs/ioctl.c:720 [inline]
+ __se_sys_ioctl fs/ioctl.c:718 [inline]
+ __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
+ do_syscall_64+0xfd/0x680 arch/x86/entry/common.c:301
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+Freed by task 9824:
+ save_stack+0x23/0x90 mm/kasan/common.c:71
+ set_track mm/kasan/common.c:79 [inline]
+ __kasan_slab_free+0x102/0x150 mm/kasan/common.c:451
+ kasan_slab_free+0xe/0x10 mm/kasan/common.c:459
+ __cache_free mm/slab.c:3432 [inline]
+ kfree+0xcf/0x220 mm/slab.c:3755
+ pneigh_ifdown_and_unlock net/core/neighbour.c:812 [inline]
+ __neigh_ifdown+0x236/0x2f0 net/core/neighbour.c:356
+ neigh_ifdown+0x20/0x30 net/core/neighbour.c:372
+ arp_ifdown+0x1d/0x21 net/ipv4/arp.c:1274
+ inetdev_destroy net/ipv4/devinet.c:319 [inline]
+ inetdev_event+0xa14/0x11f0 net/ipv4/devinet.c:1544
+ notifier_call_chain+0xc2/0x230 kernel/notifier.c:95
+ __raw_notifier_call_chain kernel/notifier.c:396 [inline]
+ raw_notifier_call_chain+0x2e/0x40 kernel/notifier.c:403
+ call_netdevice_notifiers_info+0x3f/0x90 net/core/dev.c:1749
+ call_netdevice_notifiers_extack net/core/dev.c:1761 [inline]
+ call_netdevice_notifiers net/core/dev.c:1775 [inline]
+ rollback_registered_many+0x9b9/0xfc0 net/core/dev.c:8178
+ rollback_registered+0x109/0x1d0 net/core/dev.c:8220
+ unregister_netdevice_queue net/core/dev.c:9267 [inline]
+ unregister_netdevice_queue+0x1ee/0x2c0 net/core/dev.c:9260
+ unregister_netdevice include/linux/netdevice.h:2631 [inline]
+ __tun_detach+0xd8a/0x1040 drivers/net/tun.c:724
+ tun_detach drivers/net/tun.c:741 [inline]
+ tun_chr_close+0xe0/0x180 drivers/net/tun.c:3451
+ __fput+0x2ff/0x890 fs/file_table.c:280
+ ____fput+0x16/0x20 fs/file_table.c:313
+ task_work_run+0x145/0x1c0 kernel/task_work.c:113
+ tracehook_notify_resume include/linux/tracehook.h:185 [inline]
+ exit_to_usermode_loop+0x273/0x2c0 arch/x86/entry/common.c:168
+ prepare_exit_to_usermode arch/x86/entry/common.c:199 [inline]
+ syscall_return_slowpath arch/x86/entry/common.c:279 [inline]
+ do_syscall_64+0x58e/0x680 arch/x86/entry/common.c:304
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+The buggy address belongs to the object at ffff888097f2a700
+ which belongs to the cache kmalloc-64 of size 64
+The buggy address is located 0 bytes inside of
+ 64-byte region [ffff888097f2a700, ffff888097f2a740)
+The buggy address belongs to the page:
+page:ffffea00025fca80 refcount:1 mapcount:0 mapping:ffff8880aa400340 index:0x0
+flags: 0x1fffc0000000200(slab)
+raw: 01fffc0000000200 ffffea000250d548 ffffea00025726c8 ffff8880aa400340
+raw: 0000000000000000 ffff888097f2a000 0000000100000020 0000000000000000
+page dumped because: kasan: bad access detected
+
+Memory state around the buggy address:
+ ffff888097f2a600: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
+ ffff888097f2a680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
+>ffff888097f2a700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
+ ^
+ ffff888097f2a780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
+ ffff888097f2a800: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
+
+Fixes: 767e97e1e0db ("neigh: RCU conversion of struct neighbour")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/core/neighbour.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/net/core/neighbour.c
++++ b/net/core/neighbour.c
+@@ -2744,6 +2744,7 @@ static void *neigh_get_idx_any(struct se
+ }
+
+ void *neigh_seq_start(struct seq_file *seq, loff_t *pos, struct neigh_table *tbl, unsigned int neigh_seq_flags)
++ __acquires(tbl->lock)
+ __acquires(rcu_bh)
+ {
+ struct neigh_seq_state *state = seq->private;
+@@ -2754,6 +2755,7 @@ void *neigh_seq_start(struct seq_file *s
+
+ rcu_read_lock_bh();
+ state->nht = rcu_dereference_bh(tbl->nht);
++ read_lock(&tbl->lock);
+
+ return *pos ? neigh_get_idx_any(seq, pos) : SEQ_START_TOKEN;
+ }
+@@ -2787,8 +2789,13 @@ out:
+ EXPORT_SYMBOL(neigh_seq_next);
+
+ void neigh_seq_stop(struct seq_file *seq, void *v)
++ __releases(tbl->lock)
+ __releases(rcu_bh)
+ {
++ struct neigh_seq_state *state = seq->private;
++ struct neigh_table *tbl = state->tbl;
++
++ read_unlock(&tbl->lock);
+ rcu_read_unlock_bh();
+ }
+ EXPORT_SYMBOL(neigh_seq_stop);
diff --git a/patches.suse/net-openvswitch-do-not-free-vport-if-register_netdev.patch b/patches.suse/net-openvswitch-do-not-free-vport-if-register_netdev.patch
new file mode 100644
index 0000000000..9bc0a3266c
--- /dev/null
+++ b/patches.suse/net-openvswitch-do-not-free-vport-if-register_netdev.patch
@@ -0,0 +1,107 @@
+From: Taehee Yoo <ap420073@gmail.com>
+Date: Sun, 9 Jun 2019 23:26:21 +0900
+Subject: net: openvswitch: do not free vport if register_netdevice() is
+ failed.
+Git-commit: 309b66970ee2abf721ecd0876a48940fa0b99a35
+Patch-mainline: 5.2-rc6
+References: networking-stable-19_06_18
+
+In order to create an internal vport, internal_dev_create() is used and
+that calls register_netdevice() internally.
+If register_netdevice() fails, it calls dev->priv_destructor() to free
+private data of netdev. actually, a private data of this is a vport.
+
+Hence internal_dev_create() should not free and use a vport after failure
+of register_netdevice().
+
+Test command
+ ovs-dpctl add-dp bonding_masters
+
+Splat looks like:
+[ 1035.667767] kasan: GPF could be caused by NULL-ptr deref or user memory access
+[ 1035.675958] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI
+[ 1035.676916] CPU: 1 PID: 1028 Comm: ovs-vswitchd Tainted: G B 5.2.0-rc3+ #240
+[ 1035.676916] RIP: 0010:internal_dev_create+0x2e5/0x4e0 [openvswitch]
+[ 1035.676916] Code: 48 c1 ea 03 80 3c 02 00 0f 85 9f 01 00 00 4c 8b 23 48 b8 00 00 00 00 00 fc ff df 49 8d bc 24 60 05 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 86 01 00 00 49 8b bc 24 60 05 00 00 e8 e4 68 f4
+[ 1035.713720] RSP: 0018:ffff88810dcb7578 EFLAGS: 00010206
+[ 1035.713720] RAX: dffffc0000000000 RBX: ffff88810d13fe08 RCX: ffffffff84297704
+[ 1035.713720] RDX: 00000000000000ac RSI: 0000000000000000 RDI: 0000000000000560
+[ 1035.713720] RBP: 00000000ffffffef R08: fffffbfff0d3b881 R09: fffffbfff0d3b881
+[ 1035.713720] R10: 0000000000000001 R11: fffffbfff0d3b880 R12: 0000000000000000
+[ 1035.768776] R13: 0000607ee460b900 R14: ffff88810dcb7690 R15: ffff88810dcb7698
+[ 1035.777709] FS: 00007f02095fc980(0000) GS:ffff88811b400000(0000) knlGS:0000000000000000
+[ 1035.777709] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 1035.777709] CR2: 00007ffdf01d2f28 CR3: 0000000108258000 CR4: 00000000001006e0
+[ 1035.777709] Call Trace:
+[ 1035.777709] ovs_vport_add+0x267/0x4f0 [openvswitch]
+[ 1035.777709] new_vport+0x15/0x1e0 [openvswitch]
+[ 1035.777709] ovs_vport_cmd_new+0x567/0xd10 [openvswitch]
+[ 1035.777709] ? ovs_dp_cmd_dump+0x490/0x490 [openvswitch]
+[ 1035.777709] ? __kmalloc+0x131/0x2e0
+[ 1035.777709] ? genl_family_rcv_msg+0xa54/0x1030
+[ 1035.777709] genl_family_rcv_msg+0x63a/0x1030
+[ 1035.777709] ? genl_unregister_family+0x630/0x630
+[ 1035.841681] ? debug_show_all_locks+0x2d0/0x2d0
+[ ... ]
+
+Fixes: cf124db566e6 ("net: Fix inconsistent teardown and release of private netdev state.")
+Signed-off-by: Taehee Yoo <ap420073@gmail.com>
+Reviewed-by: Greg Rose <gvrose8192@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/openvswitch/vport-internal_dev.c | 18 ++++++++++++------
+ 1 file changed, 12 insertions(+), 6 deletions(-)
+
+--- a/net/openvswitch/vport-internal_dev.c
++++ b/net/openvswitch/vport-internal_dev.c
+@@ -176,7 +176,9 @@ static struct vport *internal_dev_create
+ {
+ struct vport *vport;
+ struct internal_dev *internal_dev;
++ struct net_device *dev;
+ int err;
++ bool free_vport = true;
+
+ vport = ovs_vport_alloc(0, &ovs_internal_vport_ops, parms);
+ if (IS_ERR(vport)) {
+@@ -184,8 +186,9 @@ static struct vport *internal_dev_create
+ goto error;
+ }
+
+- vport->dev = alloc_netdev(sizeof(struct internal_dev),
+- parms->name, NET_NAME_USER, do_setup);
++ dev = alloc_netdev(sizeof(struct internal_dev),
++ parms->name, NET_NAME_USER, do_setup);
++ vport->dev = dev;
+ if (!vport->dev) {
+ err = -ENOMEM;
+ goto error_free_vport;
+@@ -207,8 +210,10 @@ static struct vport *internal_dev_create
+
+ rtnl_lock();
+ err = register_netdevice(vport->dev);
+- if (err)
++ if (err) {
++ free_vport = false;
+ goto error_unlock;
++ }
+
+ dev_set_promiscuity(vport->dev, 1);
+ rtnl_unlock();
+@@ -218,11 +223,12 @@ static struct vport *internal_dev_create
+
+ error_unlock:
+ rtnl_unlock();
+- free_percpu(vport->dev->tstats);
++ free_percpu(dev->tstats);
+ error_free_netdev:
+- free_netdev(vport->dev);
++ free_netdev(dev);
+ error_free_vport:
+- ovs_vport_free(vport);
++ if (free_vport)
++ ovs_vport_free(vport);
+ error:
+ return ERR_PTR(err);
+ }
diff --git a/patches.suse/pkey-indicate-old-mkvp-only-if-old-and-current-mkvp-are-different b/patches.suse/pkey-indicate-old-mkvp-only-if-old-and-current-mkvp-are-different
new file mode 100644
index 0000000000..e93f45c122
--- /dev/null
+++ b/patches.suse/pkey-indicate-old-mkvp-only-if-old-and-current-mkvp-are-different
@@ -0,0 +1,32 @@
+From: Ingo Franzki <ifranzki@linux.ibm.com>
+Date: Wed, 20 Feb 2019 14:01:39 +0100
+Subject: pkey: Indicate old mkvp only if old and current mkvp are different
+Git-commit: ebb7c695d3bc7a4986b92edc8d9ef43491be183e
+Patch-mainline: v5.1-rc1
+References: bsc#1137827 LTC#178090
+
+When the CCA master key is set twice with the same master key,
+then the old and the current master key are the same and thus the
+verification patterns are the same, too. The check to report if a
+secure key is currently wrapped by the old master key erroneously
+reports old mkvp in this case.
+
+Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
+Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Acked-by: Petr Tesarik <ptesarik@suse.com>
+---
+ drivers/s390/crypto/pkey_api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/s390/crypto/pkey_api.c
++++ b/drivers/s390/crypto/pkey_api.c
+@@ -1046,7 +1046,7 @@ int pkey_verifykey(const struct pkey_sec
+ rc = mkvp_cache_fetch(cardnr, domain, mkvp);
+ if (rc)
+ goto out;
+- if (t->mkvp == mkvp[1]) {
++ if (t->mkvp == mkvp[1] && t->mkvp != mkvp[0]) {
+ DEBUG_DBG("pkey_verifykey secure key has old mkvp\n");
+ if (pattributes)
+ *pattributes |= PKEY_VERIFY_ATTR_OLD_MKVP;
diff --git a/patches.suse/sctp-Free-cookie-before-we-memdup-a-new-one.patch b/patches.suse/sctp-Free-cookie-before-we-memdup-a-new-one.patch
new file mode 100644
index 0000000000..a93ee56a79
--- /dev/null
+++ b/patches.suse/sctp-Free-cookie-before-we-memdup-a-new-one.patch
@@ -0,0 +1,80 @@
+From: Neil Horman <nhorman@tuxdriver.com>
+Date: Thu, 13 Jun 2019 06:35:59 -0400
+Subject: sctp: Free cookie before we memdup a new one
+Git-commit: ce950f1050cece5e406a5cde723c69bba60e1b26
+Patch-mainline: 5.2-rc6
+References: networking-stable-19_06_18
+
+Based on comments from Xin, even after fixes for our recent syzbot
+report of cookie memory leaks, its possible to get a resend of an INIT
+chunk which would lead to us leaking cookie memory.
+
+To ensure that we don't leak cookie memory, free any previously
+allocated cookie first.
+
+Change notes
+v1->v2
+update subsystem tag in subject (davem)
+repeat kfree check for peer_random and peer_hmacs (xin)
+
+v2->v3
+net->sctp
+also free peer_chunks
+
+v3->v4
+fix subject tags
+
+v4->v5
+remove cut line
+
+Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
+Reported-by: syzbot+f7e9153b037eac9b1df8@syzkaller.appspotmail.com
+CC: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
+CC: Xin Long <lucien.xin@gmail.com>
+CC: "David S. Miller" <davem@davemloft.net>
+CC: netdev@vger.kernel.org
+Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/sctp/sm_make_chunk.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/net/sctp/sm_make_chunk.c
++++ b/net/sctp/sm_make_chunk.c
+@@ -2590,6 +2590,8 @@ do_addr_param:
+ case SCTP_PARAM_STATE_COOKIE:
+ asoc->peer.cookie_len =
+ ntohs(param.p->length) - sizeof(sctp_paramhdr_t);
++ if (asoc->peer.cookie)
++ kfree(asoc->peer.cookie);
+ asoc->peer.cookie = kmemdup(param.cookie->body, asoc->peer.cookie_len, gfp);
+ if (!asoc->peer.cookie)
+ retval = 0;
+@@ -2654,6 +2656,8 @@ do_addr_param:
+ goto fall_through;
+
+ /* Save peer's random parameter */
++ if (asoc->peer.peer_random)
++ kfree(asoc->peer.peer_random);
+ asoc->peer.peer_random = kmemdup(param.p,
+ ntohs(param.p->length), gfp);
+ if (!asoc->peer.peer_random) {
+@@ -2667,6 +2671,8 @@ do_addr_param:
+ goto fall_through;
+
+ /* Save peer's HMAC list */
++ if (asoc->peer.peer_hmacs)
++ kfree(asoc->peer.peer_hmacs);
+ asoc->peer.peer_hmacs = kmemdup(param.p,
+ ntohs(param.p->length), gfp);
+ if (!asoc->peer.peer_hmacs) {
+@@ -2682,6 +2688,8 @@ do_addr_param:
+ if (!ep->auth_enable)
+ goto fall_through;
+
++ if (asoc->peer.peer_chunks)
++ kfree(asoc->peer.peer_chunks);
+ asoc->peer.peer_chunks = kmemdup(param.p,
+ ntohs(param.p->length), gfp);
+ if (!asoc->peer.peer_chunks)
diff --git a/patches.suse/sunhv-Fix-device-naming-inconsistency-between-sunhv_.patch b/patches.suse/sunhv-Fix-device-naming-inconsistency-between-sunhv_.patch
new file mode 100644
index 0000000000..9302c4fd29
--- /dev/null
+++ b/patches.suse/sunhv-Fix-device-naming-inconsistency-between-sunhv_.patch
@@ -0,0 +1,60 @@
+From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+Date: Tue, 11 Jun 2019 17:38:37 +0200
+Subject: sunhv: Fix device naming inconsistency between sunhv_console and
+ sunhv_reg
+Git-commit: 07a6d63eb1b54b5fb38092780fe618dfe1d96e23
+Patch-mainline: v5.3-rc1
+References: networking-stable-19_06_18
+
+In d5a2aa24, the name in struct console sunhv_console was changed from "ttyS"
+to "ttyHV" while the name in struct uart_ops sunhv_pops remained unchanged.
+
+This results in the hypervisor console device to be listed as "ttyHV0" under
+/proc/consoles while the device node is still named "ttyS0":
+
+root@osaka:~# cat /proc/consoles
+ttyHV0 -W- (EC p ) 4:64
+tty0 -WU (E ) 4:1
+root@osaka:~# readlink /sys/dev/char/4:64
+../../devices/root/f02836f0/f0285690/tty/ttyS0
+root@osaka:~#
+
+This means that any userland code which tries to determine the name of the
+device file of the hypervisor console device can not rely on the information
+provided by /proc/consoles. In particular, booting current versions of debian-
+installer inside a SPARC LDOM will fail with the installer unable to determine
+the console device.
+
+After renaming the device in struct uart_ops sunhv_pops to "ttyHV" as well,
+the inconsistency is fixed and it is possible again to determine the name
+of the device file of the hypervisor console device by reading the contents
+of /proc/console:
+
+root@osaka:~# cat /proc/consoles
+ttyHV0 -W- (EC p ) 4:64
+tty0 -WU (E ) 4:1
+root@osaka:~# readlink /sys/dev/char/4:64
+../../devices/root/f02836f0/f0285690/tty/ttyHV0
+root@osaka:~#
+
+With this change, debian-installer works correctly when installing inside
+a SPARC LDOM.
+
+Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/tty/serial/sunhv.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/tty/serial/sunhv.c
++++ b/drivers/tty/serial/sunhv.c
+@@ -396,7 +396,7 @@ static const struct uart_ops sunhv_pops
+ static struct uart_driver sunhv_reg = {
+ .owner = THIS_MODULE,
+ .driver_name = "sunhv",
+- .dev_name = "ttyS",
++ .dev_name = "ttyHV",
+ .major = TTY_MAJOR,
+ };
+
diff --git a/patches.suse/vsock-virtio-set-SOCK_DONE-on-peer-shutdown.patch b/patches.suse/vsock-virtio-set-SOCK_DONE-on-peer-shutdown.patch
new file mode 100644
index 0000000000..bdfad47e14
--- /dev/null
+++ b/patches.suse/vsock-virtio-set-SOCK_DONE-on-peer-shutdown.patch
@@ -0,0 +1,36 @@
+From: Stephen Barber <smbarber@chromium.org>
+Date: Fri, 14 Jun 2019 23:42:37 -0700
+Subject: vsock/virtio: set SOCK_DONE on peer shutdown
+Git-commit: 42f5cda5eaf4396a939ae9bb43bb8d1d09c1b15c
+Patch-mainline: 5.2-rc6
+References: networking-stable-19_06_18
+
+Set the SOCK_DONE flag to match the TCP_CLOSING state when a peer has
+shut down and there is nothing left to read.
+
+This fixes the following bug:
+1) Peer sends SHUTDOWN(RDWR).
+2) Socket enters TCP_CLOSING but SOCK_DONE is not set.
+3) read() returns -ENOTCONN until close() is called, then returns 0.
+
+Signed-off-by: Stephen Barber <smbarber@chromium.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/vmw_vsock/virtio_transport_common.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/net/vmw_vsock/virtio_transport_common.c
++++ b/net/vmw_vsock/virtio_transport_common.c
+@@ -872,8 +872,10 @@ virtio_transport_recv_connected(struct s
+ if (le32_to_cpu(pkt->hdr.flags) & VIRTIO_VSOCK_SHUTDOWN_SEND)
+ vsk->peer_shutdown |= SEND_SHUTDOWN;
+ if (vsk->peer_shutdown == SHUTDOWN_MASK &&
+- vsock_stream_has_data(vsk) <= 0)
++ vsock_stream_has_data(vsk) <= 0) {
++ sock_set_flag(sk, SOCK_DONE);
+ sk->sk_state = SS_DISCONNECTING;
++ }
+ if (le32_to_cpu(pkt->hdr.flags))
+ sk->sk_state_change(sk);
+ break;
diff --git a/series.conf b/series.conf
index 0e621c2140..203bf86102 100644
--- a/series.conf
+++ b/series.conf
@@ -7564,6 +7564,7 @@
patches.fixes/0001-USB-serial-console-fix-use-after-free-after-failed-s.patch
patches.fixes/0001-usb-renesas_usbhs-Fix-DMAC-sequence-for-receiving-ze.patch
patches.fixes/0001-usb-usbtest-fix-NULL-pointer-dereference.patch
+ patches.drivers/mei-me-add-gemini-lake-devices-id.patch
patches.suse/msft-hv-1507-Drivers-hv-vmbus-Fix-bugs-in-rescind-handling.patch
patches.drivers/media-dvb-i2c-transfers-over-usb-cannot-be-done-from
patches.drivers/media-s5p-cec-add-NACK-detection-support
@@ -19387,6 +19388,7 @@
patches.drm/drm-i915-overlay-Allocate-physical-registers-from-st.patch
patches.drm/0001-drm-amdgpu-fix-error-handling-in-amdgpu_cs_user_fenc.patch
patches.drivers/mei-ignore-not-found-client-in-the-enumeration.patch
+ patches.drivers/mei-bus-need-to-unlink-client-before-freeing.patch
patches.suse/msft-hv-1753-Tools-hv-Fix-a-bug-in-the-key-delete-code.patch
patches.drivers/misc-hmc6352-fix-potential-Spectre-v1.patch
patches.suse/msft-hv-1754-vmbus-don-t-return-values-for-uninitalized-channels.patch
@@ -21399,6 +21401,7 @@
patches.drivers/staging-rtl8188eu-Add-device-code-for-D-Link-DWA-121.patch
patches.drivers/staging-rtl8723bs-Fix-build-error-with-Clang-when-in.patch
patches.suse/msft-hv-1831-Drivers-hv-vmbus-Check-for-ring-when-getting-debug-i.patch
+ patches.drivers/mei-me-add-denverton-innovation-engine-device-IDs.patch
patches.drivers/char-mwave-fix-potential-Spectre-v1-vulnerability.patch
patches.drivers/mmc-sdhci-iproc-handle-mmc_of_parse-errors-during-pr.patch
patches.drivers/mmc-dw_mmc-bluefield-Fix-the-license-information.patch
@@ -21782,6 +21785,7 @@
patches.fixes/crypto-crypto4xx-add-missing-of_node_put-after-of_de.patch
patches.arch/s390-jump_label-Use-jdd-constraint-on-gcc9.patch
patches.arch/s390-ism-ignore-some-errors-during-deregistration
+ patches.suse/pkey-indicate-old-mkvp-only-if-old-and-current-mkvp-are-different
patches.drivers/clocksource-drivers-sun5i-Fail-gracefully-when-clock.patch
patches.drivers/clocksource-drivers-exynos_mct-Move-one-shot-check-f.patch
patches.drivers/clocksource-drivers-exynos_mct-Clear-timer-interrupt.patch
@@ -23050,12 +23054,14 @@
patches.fixes/0001-mwifiex-Fix-possible-buffer-overflows-at-parsing-bss.patch
patches.fixes/0001-mwifiex-Abort-at-too-short-BSS-descriptor-element.patch
patches.fixes/0001-mwifiex-Fix-heap-overflow-in-mwifiex_uap_parse_tail_.patch
+ patches.suse/ipv6-flowlabel-fl6_sock_lookup-must-use-atomic_inc_n.patch
patches.drivers/can-flexcan-fix-timeout-when-set-small-bitrate.patch
patches.fixes/can-af_can-Fix-error-path-of-can_init.patch
patches.fixes/can-purge-socket-error-queue-on-sock-destruct.patch
patches.drivers/ibmvnic-Do-not-close-unopened-driver-during-reset.patch
patches.drivers/ibmvnic-Refresh-device-multicast-list-after-reset.patch
patches.drivers/ibmvnic-Fix-unchecked-return-codes-of-memory-allocat.patch
+ patches.suse/net-openvswitch-do-not-free-vport-if-register_netdev.patch
patches.drivers/net-mvpp2-prs-Fix-parser-range-for-VID-filtering.patch
patches.drivers/net-mvpp2-prs-Use-the-correct-helpers-when-removing-.patch
patches.fixes/mac80211-handle-deauthentication-disassociation-from.patch
@@ -23066,8 +23072,13 @@
patches.drivers/qmi_wwan-add-network-device-usage-statistics-for-qmi.patch
patches.drivers/qmi_wwan-avoid-RCU-stalls-on-device-disconnect-when-.patch
patches.drivers/qmi_wwan-extend-permitted-QMAP-mux_id-value-range.patch
+ patches.suse/sctp-Free-cookie-before-we-memdup-a-new-one.patch
+ patches.suse/vsock-virtio-set-SOCK_DONE-on-peer-shutdown.patch
patches.fixes/bpf-x64-fix-stack-layout-of-JITed-bpf-code.patch
+ patches.suse/be2net-Fix-number-of-Rx-queues-used-for-flow-hashing.patch
+ patches.suse/neigh-fix-use-after-free-read-in-pneigh_get_next.patch
patches.fixes/ax25-fix-inconsistent-lock-state-in-ax25_destroy_tim.patch
+ patches.suse/lapb-fixed-leak-of-control-blocks.patch
patches.fixes/tcp-limit-payload-size-of-sacked-skbs.patch
patches.fixes/tcp-tcp_fragment-should-apply-sane-memory-limits.patch
patches.fixes/tcp-add-tcp_min_snd_mss-sysctl.patch
@@ -23118,6 +23129,7 @@
patches.fixes/crypto-arm64-sha2-ce-correct-digest-for-empty-data-i.patch
patches.fixes/crypto-ghash-fix-unaligned-memory-access-in-ghash_se.patch
patches.fixes/crypto-chacha20poly1305-fix-atomic-sleep-when-using-.patch
+ patches.fixes/crypto-talitos-fix-max-key-size-for-sha384-and-sha51.patch
patches.fixes/lib-scatterlist-Fix-mapping-iterator-when-sg-offset-.patch
patches.fixes/crypto-ccp-Validate-the-the-error-value-used-to-inde.patch
patches.drivers/pwm-stm32-Use-3-cells-of_xlate.patch
@@ -23213,6 +23225,7 @@
patches.fixes/0002-ocfs2-add-locking-filter-debugfs-file.patch
patches.fixes/0003-ocfs2-add-first-lock-wait-time-in-locking_state.patch
patches.arch/kvm-svm-avic-do-not-send-avic-doorbell-to-self
+ patches.suse/sunhv-Fix-device-naming-inconsistency-between-sunhv_.patch
patches.arch/powerpc-watchpoint-Restore-NV-GPRs-while-returning-f.patch
patches.arch/powerpc-mm-drconf-Use-NUMA_NO_NODE-on-failures-inste.patch
patches.arch/powerpc-mm-Fix-node-look-up-with-numa-off-boot.patch
@@ -23224,6 +23237,13 @@
patches.drivers/mfd-intel-lpss-Release-IDA-resources.patch
patches.drivers/PCI-Return-error-if-cannot-probe-VF.patch
patches.drivers/PCI-Always-allow-probing-with-driver_override.patch
+ patches.drivers/dmaengine-hsu-Revert-set-HSU_CH_MTSR-to-memory-width.patch
+ patches.drivers/clk-qcom-Fix-Wunused-const-variable.patch
+ patches.drivers/clk-tegra210-fix-PLLU-and-PLLU_OUT1.patch
+ patches.drivers/clk-rockchip-Don-t-yell-about-bad-mmc-phases-when-ge.patch
+ patches.drivers/ALSA-hda-realtek-Fixed-Headphone-Mic-can-t-record-on.patch
+ patches.drivers/ALSA-hda-realtek-apply-ALC891-headset-fixup-to-one-D.patch
+ patches.drivers/ALSA-seq-Break-too-long-mutex-context-in-the-write-l.patch
# powerpc/linux next
patches.arch/powerpc-pseries-dlpar-Fix-a-missing-check-in-dlpar_p.patch
@@ -23266,9 +23286,6 @@
patches.fixes/drivers-base-introduce-kill_device.patch
patches.fixes/libnvdimm-bus-prevent-duplicate-device_unregister-calls.patch
- # git://git.cmpxchg.org/linux-mmots.git
- patches.arch/mm-nvdimm-add-is_ioremap_addr-and-use-that-to-check-.patch
-
# out-of-tree patches
patches.suse/nvme-multipath-round-robin-I-O-policy.patch
patches.suse/cifs-fix-set-info.patch
@@ -23289,6 +23306,7 @@
patches.suse/dasd_fba-Display-00000000-for-zero-page-when-dumping.patch
patches.kabi/kabi-fix-KVM-s390-provide-kvm_arch_no_poll-function.patch
patches.kabi/kabi-fix-s390-vtime-steal-time-exponential-moving-average.patch
+ patches.arch/mm-nvdimm-add-is_ioremap_addr-and-use-that-to-check-.patch
########################################################
# end of sorted patches