Home Home > GIT Browse > SLE15-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKernel Build Daemon <kbuild@suse.de>2019-02-22 07:15:15 +0100
committerKernel Build Daemon <kbuild@suse.de>2019-02-22 07:15:15 +0100
commite75f78e15a55fbcd3c00bdd7febcfff2f6d01aa8 (patch)
tree32683b9623e02b6b81ee3b910311b953768c5fac
parent1766fec42ca0c5b817d12fc2683146dc14d008ad (diff)
parent00f6c39449da23939ce076309afcf7cf9ecdab40 (diff)
Merge branch 'SLE15' into SLE15-AZURESLE15-AZURE
-rw-r--r--blacklist.conf2
-rw-r--r--patches.drivers/ALSA-hda-realtek-Disable-PC-beep-in-passthrough-on-a.patch66
-rw-r--r--patches.drivers/ALSA-hda-realtek-Headset-microphone-and-internal-spe.patch92
-rw-r--r--patches.drivers/ALSA-hda-realtek-Headset-microphone-support-for-Syst.patch58
-rw-r--r--patches.drivers/Input-bma150-register-input-device-after-setting-pri.patch111
-rw-r--r--patches.drivers/Input-elan_i2c-add-ACPI-ID-for-touchpad-in-Lenovo-V3.patch35
-rw-r--r--patches.drivers/Input-elantech-enable-3rd-button-support-on-Fujitsu-.patch56
-rw-r--r--patches.drivers/Revert-Input-elan_i2c-add-ACPI-ID-for-touchpad-in-AS.patch38
-rw-r--r--patches.drivers/altera-stapl-check-for-a-null-key-before-strcasecmp-.patch41
-rw-r--r--patches.drivers/aquantia-Setup-max_mtu-in-ndev-to-enable-jumbo-frame.patch79
-rw-r--r--patches.drivers/ata-ahci-mvebu-remove-stale-comment.patch50
-rw-r--r--patches.drivers/gdrom-fix-a-memory-leak-bug.patch41
-rw-r--r--patches.drivers/mtd-cfi_cmdset_0002-Avoid-walking-all-chips-when-unl.patch37
-rw-r--r--patches.drivers/mtd-cfi_cmdset_0002-Change-write-buffer-to-check-cor.patch49
-rw-r--r--patches.drivers/mtd-cfi_cmdset_0002-Fix-unlocking-requests-crossing-.patch40
-rw-r--r--patches.drivers/mtd-cfi_cmdset_0002-Use-right-chip-in-do_ppb_xxlock.patch61
-rw-r--r--patches.drivers/mtd-cfi_cmdset_0002-fix-SEGV-unlocking-multiple-chip.patch58
-rw-r--r--patches.drivers/mtd-docg3-don-t-set-conflicting-BCH_CONST_PARAMS-opt.patch50
-rw-r--r--patches.drivers/mtd-maps-fix-solutionengine.c-printk-format-warnings.patch64
-rw-r--r--patches.drivers/mtd-mtd_oobtest-Handle-bitflips-during-reads.patch103
-rw-r--r--patches.drivers/mtd-nand-Fix-nand_do_read_oob-return-value.patch64
-rw-r--r--patches.drivers/mtd-nand-Fix-writing-mtdoops-to-nand-flash.patch55
-rw-r--r--patches.drivers/mtd-nand-atmel-Fix-get_sectorsize-function.patch41
-rw-r--r--patches.drivers/mtd-nand-atmel-fix-buffer-overflow-in-atmel_pmecc_us.patch42
-rw-r--r--patches.drivers/mtd-nand-atmel-fix-of_irq_get-error-check.patch61
-rw-r--r--patches.drivers/mtd-nand-brcmnand-Disable-prefetch-by-default.patch50
-rw-r--r--patches.drivers/mtd-nand-brcmnand-Zero-bitflip-is-not-an-error.patch40
-rw-r--r--patches.drivers/mtd-nand-denali_pci-add-missing-MODULE_DESCRIPTION-A.patch37
-rw-r--r--patches.drivers/mtd-nand-fix-interpretation-of-NAND_CMD_NONE-in-nand.patch73
-rw-r--r--patches.drivers/mtd-nand-fsl_ifc-Fix-nand-waitfunc-return-value.patch50
-rw-r--r--patches.drivers/mtd-nand-gpmi-Fix-failure-when-a-erased-page-has-a-b.patch66
-rw-r--r--patches.drivers/mtd-nand-ifc-update-bufnum-mask-for-ver-2.0.0.patch38
-rw-r--r--patches.drivers/mtd-nand-mtk-fix-infinite-ECC-decode-IRQ-issue.patch100
-rw-r--r--patches.drivers/mtd-nand-omap2-Fix-subpage-write.patch465
-rw-r--r--patches.drivers/mtd-nand-pxa3xx-Fix-READOOB-implementation.patch56
-rw-r--r--patches.drivers/mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch36
-rw-r--r--patches.drivers/mtd-nand-sunxi-Fix-ECC-strength-choice.patch52
-rw-r--r--patches.drivers/mtd-nand-sunxi-fix-potential-divide-by-zero-error.patch41
-rw-r--r--patches.drivers/mtd-nand-vf610-set-correct-ooblayout.patch46
-rw-r--r--patches.drivers/mtd-nandsim-remove-debugfs-entries-in-error-path.patch42
-rw-r--r--patches.drivers/mtd-spi-nor-Fix-Cadence-QSPI-page-fault-kernel-panic.patch73
-rw-r--r--patches.drivers/mtd-spi-nor-cadence-quadspi-Fix-page-fault-kernel-pa.patch80
-rw-r--r--patches.drivers/mtd-spi-nor-fsl-quadspi-fix-read-error-for-flash-siz.patch38
-rw-r--r--patches.drivers/mtd-spi-nor-stm32-quadspi-Fix-uninitialized-error-re.patch58
-rw-r--r--patches.drivers/mtdchar-fix-overflows-in-adjustment-of-count.patch57
-rw-r--r--patches.drivers/mtdchar-fix-usage-of-mtd_ooblayout_ecc.patch48
-rw-r--r--patches.drivers/net-aquantia-Fix-hardware-DMA-stream-overload-on-lar.patch83
-rw-r--r--patches.drivers/net-aquantia-driver-should-correctly-declare-vlan_fe.patch34
-rw-r--r--patches.drivers/net-bcmgenet-fix-OF-child-node-lookup.patch40
-rw-r--r--patches.drivers/net-bcmgenet-return-correct-value-ret-from-bcmgenet_.patch41
-rw-r--r--patches.drivers/niu-fix-missing-checks-of-niu_pci_eeprom_read.patch51
-rw-r--r--patches.drivers/pinctrl-meson-meson8b-fix-the-sdxc_a-data-1.3-pins.patch38
-rw-r--r--patches.drivers/pinctrl-msm-fix-gpio-hog-related-boot-issues.patch104
-rw-r--r--patches.drivers/skge-potential-memory-corruption-in-skge_get_regs.patch42
-rw-r--r--patches.drivers/tty-serial-samsung-Properly-set-flags-in-autoCTS-mod.patch47
-rw-r--r--patches.drivers/ucma-fix-a-use-after-free-in-ucma_resolve_ip.patch69
-rw-r--r--patches.drm/drm-bridge-tc358767-add-defines-for-DP1_SRCCTRL-PHY_.patch74
-rw-r--r--patches.drm/drm-bridge-tc358767-fix-initial-DP0-1_SRCCTRL-value.patch55
-rw-r--r--patches.drm/drm-bridge-tc358767-fix-output-H-V-syncs.patch48
-rw-r--r--patches.drm/drm-bridge-tc358767-fix-single-lane-configuration.patch60
-rw-r--r--patches.drm/drm-bridge-tc358767-reject-modes-which-require-too-m.patch47
-rw-r--r--patches.drm/drm-nouveau-falcon-avoid-touching-registers-if-engin.patch45
-rw-r--r--patches.fixes/ARM-8808-1-kexec-offline-panic_smp_self_stop-CPU.patch65
-rw-r--r--patches.fixes/ARM-OMAP2-hwmod-Fix-some-section-annotations.patch78
-rw-r--r--patches.fixes/ARM-pxa-avoid-section-mismatch-warning.patch78
-rw-r--r--patches.fixes/KEYS-allow-reaching-the-keys-quotas-exactly.patch47
-rw-r--r--patches.fixes/assoc_array-Fix-shortcut-creation.patch59
-rw-r--r--patches.fixes/keys-Timestamp-new-keys.patch34
-rw-r--r--series.conf67
69 files changed, 4246 insertions, 0 deletions
diff --git a/blacklist.conf b/blacklist.conf
index 28152dfd3d..97e7b24b74 100644
--- a/blacklist.conf
+++ b/blacklist.conf
@@ -961,3 +961,5 @@ a77660d231f8b3d84fd23ed482e0964f7aa546d6 # Fixes an unused debugging option
7d63fb3af87aa67aa7d24466e792f9d7c57d8e79 # Cosmetic fix only
c5c08bed843c2b2c048c16d1296d7631d7c1620e # Fixes build of a userspace test tool
da08d8cb8cfc58a340fc5e163385b5dfd714d762 # of: duplicated commit
+628bd85947091830a8c4872adfd5ed1d515a9cf2 # loop: the fix commit is blacklisted
+cf48bf9eee42061c0dbe06ba3e26244dd933cab1 # asus-wmi: already cherry-picked
diff --git a/patches.drivers/ALSA-hda-realtek-Disable-PC-beep-in-passthrough-on-a.patch b/patches.drivers/ALSA-hda-realtek-Disable-PC-beep-in-passthrough-on-a.patch
new file mode 100644
index 0000000000..fd9349cb91
--- /dev/null
+++ b/patches.drivers/ALSA-hda-realtek-Disable-PC-beep-in-passthrough-on-a.patch
@@ -0,0 +1,66 @@
+From c8c6ee611926685a7d753409e0a6e48b9e1b8748 Mon Sep 17 00:00:00 2001
+From: Hui Wang <hui.wang@canonical.com>
+Date: Thu, 14 Feb 2019 11:41:33 +0800
+Subject: [PATCH] ALSA: hda/realtek: Disable PC beep in passthrough on alc285
+Git-commit: c8c6ee611926685a7d753409e0a6e48b9e1b8748
+Patch-mainline: v5.0
+References: bsc#1051510
+
+It is reported that there's a constant background "hum/whitenoise"
+in the headset on the Lenovo X1 machines with the codec alc285, and it
+is confirmed that if we run the command below, the noise will stop.
+ sudo hda-verb /dev/snd/hwC0D0 0x1d SET_PIN_WIDGET_CONTROL 0x0
+
+Then I consulted this issue with Kailang, he told me the pin 0x1d on
+this codec is used for PC beep in, the noise probably comes from this
+pin and we can also disable the PC beep in passthrough, then the PC
+beep in will not affect other sound playback.
+
+Fixes: c4cfcf6f4297 ("ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops")
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1660581
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Kailang Yang <kailang@realtek.com>
+Signed-off-by: Hui Wang <hui.wang@canonical.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ sound/pci/hda/patch_realtek.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -5691,6 +5691,7 @@ enum {
+ ALC294_FIXUP_ASUS_HEADSET_MIC,
+ ALC294_FIXUP_ASUS_SPK,
+ ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE,
++ ALC285_FIXUP_LENOVO_PC_BEEP_IN_NOISE,
+ };
+
+ static const struct hda_fixup alc269_fixups[] = {
+@@ -6650,6 +6651,17 @@ static const struct hda_fixup alc269_fix
+ .chained = true,
+ .chain_id = ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC
+ },
++ [ALC285_FIXUP_LENOVO_PC_BEEP_IN_NOISE] = {
++ .type = HDA_FIXUP_VERBS,
++ .v.verbs = (const struct hda_verb[]) {
++ /* Disable PCBEEP-IN passthrough */
++ { 0x20, AC_VERB_SET_COEF_INDEX, 0x36 },
++ { 0x20, AC_VERB_SET_PROC_COEF, 0x57d7 },
++ { }
++ },
++ .chained = true,
++ .chain_id = ALC285_FIXUP_LENOVO_HEADPHONE_NOISE
++ },
+ };
+
+ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
+@@ -7249,7 +7261,7 @@ static const struct snd_hda_pin_quirk al
+ {0x12, 0x90a60130},
+ {0x19, 0x03a11020},
+ {0x21, 0x0321101f}),
+- SND_HDA_PIN_QUIRK(0x10ec0285, 0x17aa, "Lenovo", ALC285_FIXUP_LENOVO_HEADPHONE_NOISE,
++ SND_HDA_PIN_QUIRK(0x10ec0285, 0x17aa, "Lenovo", ALC285_FIXUP_LENOVO_PC_BEEP_IN_NOISE,
+ {0x12, 0x90a60130},
+ {0x14, 0x90170110},
+ {0x19, 0x04a11040},
diff --git a/patches.drivers/ALSA-hda-realtek-Headset-microphone-and-internal-spe.patch b/patches.drivers/ALSA-hda-realtek-Headset-microphone-and-internal-spe.patch
new file mode 100644
index 0000000000..f17ef0bd00
--- /dev/null
+++ b/patches.drivers/ALSA-hda-realtek-Headset-microphone-and-internal-spe.patch
@@ -0,0 +1,92 @@
+From 7f665b1c3283aae5b61843136d0a8ee808ba3199 Mon Sep 17 00:00:00 2001
+From: Jeremy Soller <jeremy@system76.com>
+Date: Wed, 13 Feb 2019 10:56:19 -0700
+Subject: [PATCH] ALSA: hda/realtek - Headset microphone and internal speaker support for System76 oryp5
+Git-commit: 7f665b1c3283aae5b61843136d0a8ee808ba3199
+Patch-mainline: v5.0
+References: bsc#1051510
+
+On the System76 Oryx Pro (oryp5), there is a headset microphone input
+attached to 0x19 that does not have a jack detect. In order to get it
+working, the pin configuration needs to be set correctly, and the
+ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC fixup needs to be applied. This is
+similar to the MIC_NO_PRESENCE fixups for some Dell laptops, except we
+have a separate microphone jack that is already configured correctly.
+
+Since the ALC1220 does not have a fixup similar to
+ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC, I have exposed the fixup from the
+ALC269 in a way that it can be accessed from the
+alc1220_fixup_system76_oryp5 function. In addition, the
+alc1220_fixup_clevo_p950 needs to be applied to gain speaker output.
+
+Signed-off-by: Jeremy Soller <jeremy@system76.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ sound/pci/hda/patch_realtek.c | 28 ++++++++++++++++++++++++++++
+ 1 file changed, 28 insertions(+)
+
+diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
+index 6df758adff84..3ce318a3086d 100644
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -1855,6 +1855,8 @@ enum {
+ ALC887_FIXUP_BASS_CHMAP,
+ ALC1220_FIXUP_GB_DUAL_CODECS,
+ ALC1220_FIXUP_CLEVO_P950,
++ ALC1220_FIXUP_SYSTEM76_ORYP5,
++ ALC1220_FIXUP_SYSTEM76_ORYP5_PINS,
+ };
+
+ static void alc889_fixup_coef(struct hda_codec *codec,
+@@ -2056,6 +2058,17 @@ static void alc1220_fixup_clevo_p950(struct hda_codec *codec,
+ snd_hda_override_conn_list(codec, 0x1b, 1, conn1);
+ }
+
++static void alc_fixup_headset_mode_no_hp_mic(struct hda_codec *codec,
++ const struct hda_fixup *fix, int action);
++
++static void alc1220_fixup_system76_oryp5(struct hda_codec *codec,
++ const struct hda_fixup *fix,
++ int action)
++{
++ alc1220_fixup_clevo_p950(codec, fix, action);
++ alc_fixup_headset_mode_no_hp_mic(codec, fix, action);
++}
++
+ static const struct hda_fixup alc882_fixups[] = {
+ [ALC882_FIXUP_ABIT_AW9D_MAX] = {
+ .type = HDA_FIXUP_PINS,
+@@ -2300,6 +2313,19 @@ static const struct hda_fixup alc882_fixups[] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc1220_fixup_clevo_p950,
+ },
++ [ALC1220_FIXUP_SYSTEM76_ORYP5] = {
++ .type = HDA_FIXUP_FUNC,
++ .v.func = alc1220_fixup_system76_oryp5,
++ },
++ [ALC1220_FIXUP_SYSTEM76_ORYP5_PINS] = {
++ .type = HDA_FIXUP_PINS,
++ .v.pins = (const struct hda_pintbl[]) {
++ { 0x19, 0x01a1913c }, /* use as headset mic, without its own jack detect */
++ {}
++ },
++ .chained = true,
++ .chain_id = ALC1220_FIXUP_SYSTEM76_ORYP5,
++ },
+ };
+
+ static const struct snd_pci_quirk alc882_fixup_tbl[] = {
+@@ -2376,6 +2402,8 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = {
+ SND_PCI_QUIRK(0x1558, 0x9501, "Clevo P950HR", ALC1220_FIXUP_CLEVO_P950),
+ SND_PCI_QUIRK(0x1558, 0x95e1, "Clevo P95xER", ALC1220_FIXUP_CLEVO_P950),
+ SND_PCI_QUIRK(0x1558, 0x95e2, "Clevo P950ER", ALC1220_FIXUP_CLEVO_P950),
++ SND_PCI_QUIRK(0x1558, 0x96e1, "System76 Oryx Pro (oryp5)", ALC1220_FIXUP_SYSTEM76_ORYP5_PINS),
++ SND_PCI_QUIRK(0x1558, 0x97e1, "System76 Oryx Pro (oryp5)", ALC1220_FIXUP_SYSTEM76_ORYP5_PINS),
+ SND_PCI_QUIRK_VENDOR(0x1558, "Clevo laptop", ALC882_FIXUP_EAPD),
+ SND_PCI_QUIRK(0x161f, 0x2054, "Medion laptop", ALC883_FIXUP_EAPD),
+ SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Y530", ALC882_FIXUP_LENOVO_Y530),
+--
+2.16.4
+
diff --git a/patches.drivers/ALSA-hda-realtek-Headset-microphone-support-for-Syst.patch b/patches.drivers/ALSA-hda-realtek-Headset-microphone-support-for-Syst.patch
new file mode 100644
index 0000000000..4b05ec8658
--- /dev/null
+++ b/patches.drivers/ALSA-hda-realtek-Headset-microphone-support-for-Syst.patch
@@ -0,0 +1,58 @@
+From 89e3a5682edaa4e5bb334719afb180256ac7bf78 Mon Sep 17 00:00:00 2001
+From: Jeremy Soller <jeremy@system76.com>
+Date: Wed, 30 Jan 2019 16:12:31 -0700
+Subject: [PATCH] ALSA: hda/realtek - Headset microphone support for System76 darp5
+Git-commit: 89e3a5682edaa4e5bb334719afb180256ac7bf78
+Patch-mainline: v5.0-rc6
+References: bsc#1051510
+
+On the System76 Darter Pro (darp5), there is a headset microphone
+input attached to 0x1a that does not have a jack detect. In order to
+get it working, the pin configuration needs to be set correctly, and
+the ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC fixup needs to be applied.
+This is similar to the MIC_NO_PRESENCE fixups for some Dell laptops,
+except we have a separate microphone jack that is already configured
+correctly.
+
+Signed-off-by: Jeremy Soller <jeremy@system76.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ sound/pci/hda/patch_realtek.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -5690,6 +5690,7 @@ enum {
+ ALC294_FIXUP_ASUS_MIC,
+ ALC294_FIXUP_ASUS_HEADSET_MIC,
+ ALC294_FIXUP_ASUS_SPK,
++ ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE,
+ };
+
+ static const struct hda_fixup alc269_fixups[] = {
+@@ -6640,6 +6641,15 @@ static const struct hda_fixup alc269_fix
+ .chained = true,
+ .chain_id = ALC294_FIXUP_ASUS_HEADSET_MIC
+ },
++ [ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE] = {
++ .type = HDA_FIXUP_PINS,
++ .v.pins = (const struct hda_pintbl[]) {
++ { 0x1a, 0x01a1913c }, /* use as headset mic, without its own jack detect */
++ { }
++ },
++ .chained = true,
++ .chain_id = ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC
++ },
+ };
+
+ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
+@@ -6817,6 +6827,7 @@ static const struct snd_pci_quirk alc269
+ SND_PCI_QUIRK(0x1458, 0xfa53, "Gigabyte BXBT-2807", ALC283_FIXUP_HEADSET_MIC),
+ SND_PCI_QUIRK(0x1462, 0xb120, "MSI Cubi MS-B120", ALC283_FIXUP_HEADSET_MIC),
+ SND_PCI_QUIRK(0x1462, 0xb171, "Cubi N 8GL (MS-B171)", ALC283_FIXUP_HEADSET_MIC),
++ SND_PCI_QUIRK(0x1558, 0x1325, "System76 Darter Pro (darp5)", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x17aa, 0x1036, "Lenovo P520", ALC233_FIXUP_LENOVO_MULTI_CODECS),
+ SND_PCI_QUIRK(0x17aa, 0x20f2, "Thinkpad SL410/510", ALC269_FIXUP_SKU_IGNORE),
+ SND_PCI_QUIRK(0x17aa, 0x215e, "Thinkpad L512", ALC269_FIXUP_SKU_IGNORE),
diff --git a/patches.drivers/Input-bma150-register-input-device-after-setting-pri.patch b/patches.drivers/Input-bma150-register-input-device-after-setting-pri.patch
new file mode 100644
index 0000000000..8af2bdc089
--- /dev/null
+++ b/patches.drivers/Input-bma150-register-input-device-after-setting-pri.patch
@@ -0,0 +1,111 @@
+From 90cc55f067f6ca0e64e5e52883ece47d8af7b67b Mon Sep 17 00:00:00 2001
+From: Jonathan Bakker <xc-racer2@live.ca>
+Date: Wed, 6 Feb 2019 10:45:37 -0800
+Subject: [PATCH] Input: bma150 - register input device after setting private data
+Mime-version: 1.0
+Content-type: text/plain; charset=UTF-8
+Content-transfer-encoding: 8bit
+Git-commit: 90cc55f067f6ca0e64e5e52883ece47d8af7b67b
+Patch-mainline: v5.0-rc7
+References: bsc#1051510
+
+Otherwise we introduce a race condition where userspace can request input
+before we're ready leading to null pointer dereference such as
+
+Input: bma150 as /devices/platform/i2c-gpio-2/i2c-5/5-0038/input/input3
+Unable to handle kernel NULL pointer dereference at virtual address 00000018
+pgd = (ptrval)
+[00000018] *pgd=55dac831, *pte=00000000, *ppte=00000000
+Internal error: Oops: 17 [#1] PREEMPT ARM
+Modules linked in: bma150 input_polldev [last unloaded: bma150]
+Cpu: 0 PID: 2870 Comm: accelerometer Not tainted 5.0.0-rc3-dirty #46
+Hardware name: Samsung S5PC110/S5PV210-based board
+PC is at input_event+0x8/0x60
+LR is at bma150_report_xyz+0x9c/0xe0 [bma150]
+pc : [<80450f70>] lr : [<7f0a614c>] psr: 800d0013
+sp : a4c1fd78 ip : 00000081 fp : 00020000
+R10: 00000000 r9 : a5e2944c r8 : a7455000
+r7 : 00000016 r6 : 00000101 r5 : a7617940 r4 : 80909048
+r3 : fffffff2 r2 : 00000000 r1 : 00000003 r0 : 00000000
+Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
+Control: 10c5387d Table: 54e34019 DAC: 00000051
+Process accelerometer (pid: 2870, stack limit = 0x(ptrval))
+Stackck: (0xa4c1fd78 to 0xa4c20000)
+Fd60: fffffff3 fc813f6c
+Fd80: 40410581 d7530ce3 a5e2817c a7617f00 a5e29404 a5e2817c 00000000 7f008324
+Fda0: a5e28000 8044f59c a5fdd9d0 a5e2945c a46a4a00 a5e29668 a7455000 80454f10
+Fdc0: 80909048 a5e29668 a5fdd9d0 a46a4a00 806316d0 00000000 a46a4a00 801df5f0
+Fde0: 00000000 d7530ce3 a4c1fec0 a46a4a00 00000000 a5fdd9d0 a46a4a08 801df53c
+Fe00: 00000000 801d74bc a4c1fec0 00000000 a4c1ff70 00000000 a7038da8 00000000
+Fe20: a46a4a00 801e91fc a411bbe0 801f2e88 00000004 00000000 80909048 00000041
+Fe40: 00000000 00020000 00000000 dead4ead a6a88da0 00000000 ffffe000 806fcae8
+Fe60: a4c1fec8 00000000 80909048 00000002 a5fdd9d0 a7660110 a411bab0 00000001
+Fe80: dead4ead ffffffff ffffffff a4c1fe8c a4c1fe8c d7530ce3 20000013 80909048
+Fea0: 80909048 a4c1ff70 00000001 fffff000 a4c1e000 00000005 00026038 801eabd8
+Fec0: a7660110 a411bab0 b9394901 00000006 a696201b 76fb3000 00000000 a7039720
+Fee0: a5fdd9d0 00000101 00000002 00000096 00000000 00000000 00000000 a4c1ff00
+Ff00: a6b310f4 805cb174 a6b310f4 00000010 00000fe0 00000010 a4c1e000 d7530ce3
+Ff20: 00000003 a5f41400 a5f41424 00000000 a6962000 00000000 00000003 00000002
+Ff40: ffffff9c 000a0000 80909048 d7530ce3 a6962000 00000003 80909048 ffffff9c
+Ff60: a6962000 801d890c 00000000 00000000 00020000 a7590000 00000004 00000100
+Ff80: 00000001 d7530ce3 000288b8 00026320 000288b8 00000005 80101204 a4c1e000
+Ffa0: 00000005 80101000 000288b8 00026320 000288b8 000a0000 00000000 00000000
+Ffc0: 000288b8 00026320 000288b8 00000005 7eef3bac 000264e8 00028ad8 00026038
+Ffe0: 00000005 7eef3300 76f76e91 76f78546 800d0030 000288b8 00000000 00000000
+[<80450f70>] (input_event) from [<a5e2817c>] (0xa5e2817c)
+
+Code: e1a08148 eaffffa8 e351001f 812fff1e (e590c018)
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---[ end trace 1c691ee85f2ff243 ]---
+
+Signed-off-by: Jonathan Bakker <xc-racer2@live.ca>
+Signed-off-by: Paweł Chmiel <pawel.mikolaj.chmiel@gmail.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+---
+ drivers/input/misc/bma150.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/input/misc/bma150.c b/drivers/input/misc/bma150.c
+index 1efcfdf9f8a8..dd9dd4e40827 100644
+--- a/drivers/input/misc/bma150.c
++++ b/drivers/input/misc/bma150.c
+@@ -481,13 +481,14 @@ static int bma150_register_input_device(struct bma150_data *bma150)
+ idev->close = bma150_irq_close;
+ input_set_drvdata(idev, bma150);
+
++ bma150->input = idev;
++
+ error = input_register_device(idev);
+ if (error) {
+ input_free_device(idev);
+ return error;
+ }
+
+- bma150->input = idev;
+ return 0;
+ }
+
+@@ -510,15 +511,15 @@ static int bma150_register_polled_device(struct bma150_data *bma150)
+
+ bma150_init_input_device(bma150, ipoll_dev->input);
+
++ bma150->input_polled = ipoll_dev;
++ bma150->input = ipoll_dev->input;
++
+ error = input_register_polled_device(ipoll_dev);
+ if (error) {
+ input_free_polled_device(ipoll_dev);
+ return error;
+ }
+
+- bma150->input_polled = ipoll_dev;
+- bma150->input = ipoll_dev->input;
+-
+ return 0;
+ }
+
+--
+2.16.4
+
diff --git a/patches.drivers/Input-elan_i2c-add-ACPI-ID-for-touchpad-in-Lenovo-V3.patch b/patches.drivers/Input-elan_i2c-add-ACPI-ID-for-touchpad-in-Lenovo-V3.patch
new file mode 100644
index 0000000000..665bb06920
--- /dev/null
+++ b/patches.drivers/Input-elan_i2c-add-ACPI-ID-for-touchpad-in-Lenovo-V3.patch
@@ -0,0 +1,35 @@
+From 7ad222b3aed350adfc27ee7eec4587ffe55dfdce Mon Sep 17 00:00:00 2001
+From: Mauro Ciancio <mauro@acadeu.com>
+Date: Mon, 14 Jan 2019 10:24:53 -0300
+Subject: [PATCH] Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
+Git-commit: 7ad222b3aed350adfc27ee7eec4587ffe55dfdce
+Patch-mainline: v5.0-rc7
+References: bsc#1051510
+
+This adds ELAN0617 to the ACPI table to support Elan touchpad found in
+Lenovo V330-15ISK.
+
+Signed-off-by: Mauro Ciancio <mauro@acadeu.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/input/mouse/elan_i2c_core.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/input/mouse/elan_i2c_core.c b/drivers/input/mouse/elan_i2c_core.c
+index a94b6494e71a..225ae6980182 100644
+--- a/drivers/input/mouse/elan_i2c_core.c
++++ b/drivers/input/mouse/elan_i2c_core.c
+@@ -1345,6 +1345,7 @@ static const struct acpi_device_id elan_acpi_id[] = {
+ { "ELAN060C", 0 },
+ { "ELAN0611", 0 },
+ { "ELAN0612", 0 },
++ { "ELAN0617", 0 },
+ { "ELAN0618", 0 },
+ { "ELAN061C", 0 },
+ { "ELAN061D", 0 },
+--
+2.16.4
+
diff --git a/patches.drivers/Input-elantech-enable-3rd-button-support-on-Fujitsu-.patch b/patches.drivers/Input-elantech-enable-3rd-button-support-on-Fujitsu-.patch
new file mode 100644
index 0000000000..0653e25a0f
--- /dev/null
+++ b/patches.drivers/Input-elantech-enable-3rd-button-support-on-Fujitsu-.patch
@@ -0,0 +1,56 @@
+From e8b22d0a329f0fb5c7ef95406872d268f01ee3b1 Mon Sep 17 00:00:00 2001
+From: Matti Kurkela <Matti.Kurkela@iki.fi>
+Date: Thu, 7 Feb 2019 23:49:23 -0800
+Subject: [PATCH] Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
+Git-commit: e8b22d0a329f0fb5c7ef95406872d268f01ee3b1
+Patch-mainline: v5.0-rc7
+References: bsc#1051510
+
+Like Fujitsu CELSIUS H760, the H780 also has a three-button Elantech
+touchpad, but the driver needs to be told so to enable the middle touchpad
+button.
+
+The elantech_dmi_force_crc_enabled quirk was not necessary with the H780.
+
+Also document the fw_version and caps values detected for both H760 and
+H780 models.
+
+Signed-off-by: Matti Kurkela <Matti.Kurkela@iki.fi>
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/input/mouse/elantech.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c
+index 9fe075c137dc..a7f8b1614559 100644
+--- a/drivers/input/mouse/elantech.c
++++ b/drivers/input/mouse/elantech.c
+@@ -1119,6 +1119,8 @@ static int elantech_get_resolution_v4(struct psmouse *psmouse,
+ * Asus UX31 0x361f00 20, 15, 0e clickpad
+ * Asus UX32VD 0x361f02 00, 15, 0e clickpad
+ * Avatar AVIU-145A2 0x361f00 ? clickpad
++ * Fujitsu CELSIUS H760 0x570f02 40, 14, 0c 3 hw buttons (**)
++ * Fujitsu CELSIUS H780 0x5d0f02 41, 16, 0d 3 hw buttons (**)
+ * Fujitsu LIFEBOOK E544 0x470f00 d0, 12, 09 2 hw buttons
+ * Fujitsu LIFEBOOK E546 0x470f00 50, 12, 09 2 hw buttons
+ * Fujitsu LIFEBOOK E547 0x470f00 50, 12, 09 2 hw buttons
+@@ -1171,6 +1173,13 @@ static const struct dmi_system_id elantech_dmi_has_middle_button[] = {
+ DMI_MATCH(DMI_PRODUCT_NAME, "CELSIUS H760"),
+ },
+ },
++ {
++ /* Fujitsu H780 also has a middle button */
++ .matches = {
++ DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"),
++ DMI_MATCH(DMI_PRODUCT_NAME, "CELSIUS H780"),
++ },
++ },
+ #endif
+ { }
+ };
+--
+2.16.4
+
diff --git a/patches.drivers/Revert-Input-elan_i2c-add-ACPI-ID-for-touchpad-in-AS.patch b/patches.drivers/Revert-Input-elan_i2c-add-ACPI-ID-for-touchpad-in-AS.patch
new file mode 100644
index 0000000000..d73857ef5d
--- /dev/null
+++ b/patches.drivers/Revert-Input-elan_i2c-add-ACPI-ID-for-touchpad-in-AS.patch
@@ -0,0 +1,38 @@
+From f420c54e4b12c1361c6ed313002ee7bd7ac58362 Mon Sep 17 00:00:00 2001
+From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Date: Mon, 11 Feb 2019 14:32:40 -0800
+Subject: [PATCH] Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
+Git-commit: f420c54e4b12c1361c6ed313002ee7bd7ac58362
+Patch-mainline: v5.0-rc7
+References: bsc#1051510
+
+This reverts commit 7db54c89f0b30a101584e09d3729144e6170059d as it
+breaks Acer Aspire V-371 and other devices. According to Elan:
+
+"Acer Aspire F5-573G is MS Precision touchpad which should use hid
+ multitouch driver. ELAN0501 should not be added in elan_i2c."
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202503
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/input/mouse/elan_i2c_core.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/drivers/input/mouse/elan_i2c_core.c b/drivers/input/mouse/elan_i2c_core.c
+index f322a1768fbb..a94b6494e71a 100644
+--- a/drivers/input/mouse/elan_i2c_core.c
++++ b/drivers/input/mouse/elan_i2c_core.c
+@@ -1336,7 +1336,6 @@ MODULE_DEVICE_TABLE(i2c, elan_id);
+ static const struct acpi_device_id elan_acpi_id[] = {
+ { "ELAN0000", 0 },
+ { "ELAN0100", 0 },
+- { "ELAN0501", 0 },
+ { "ELAN0600", 0 },
+ { "ELAN0602", 0 },
+ { "ELAN0605", 0 },
+--
+2.16.4
+
diff --git a/patches.drivers/altera-stapl-check-for-a-null-key-before-strcasecmp-.patch b/patches.drivers/altera-stapl-check-for-a-null-key-before-strcasecmp-.patch
new file mode 100644
index 0000000000..edd8aa6f32
--- /dev/null
+++ b/patches.drivers/altera-stapl-check-for-a-null-key-before-strcasecmp-.patch
@@ -0,0 +1,41 @@
+From 9ccb645683ef46e3c52c12c088a368baa58447d4 Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Sat, 24 Nov 2018 12:34:10 +0000
+Subject: [PATCH] altera-stapl: check for a null key before strcasecmp'ing it
+Git-commit: 9ccb645683ef46e3c52c12c088a368baa58447d4
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+Currently the null check on key is occurring after the strcasecmp on
+the key, hence there is a potential null pointer dereference on key.
+Fix this by checking if key is null first. Also replace the == 0
+check on strcasecmp with just the ! operator.
+
+Detected by CoverityScan, CID#1248787 ("Dereference before null check")
+
+Fixes: fa766c9be58b ("[media] Altera FPGA firmware download module")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/misc/altera-stapl/altera.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/drivers/misc/altera-stapl/altera.c b/drivers/misc/altera-stapl/altera.c
+index ef83a9078646..d2ed3b9728b7 100644
+--- a/drivers/misc/altera-stapl/altera.c
++++ b/drivers/misc/altera-stapl/altera.c
+@@ -2176,8 +2176,7 @@ static int altera_get_note(u8 *p, s32 program_size,
+ key_ptr = &p[note_strings +
+ get_unaligned_be32(
+ &p[note_table + (8 * i)])];
+- if ((strncasecmp(key, key_ptr, strlen(key_ptr)) == 0) &&
+- (key != NULL)) {
++ if (key && !strncasecmp(key, key_ptr, strlen(key_ptr))) {
+ status = 0;
+
+ value_ptr = &p[note_strings +
+--
+2.16.4
+
diff --git a/patches.drivers/aquantia-Setup-max_mtu-in-ndev-to-enable-jumbo-frame.patch b/patches.drivers/aquantia-Setup-max_mtu-in-ndev-to-enable-jumbo-frame.patch
new file mode 100644
index 0000000000..8a87ba5ad9
--- /dev/null
+++ b/patches.drivers/aquantia-Setup-max_mtu-in-ndev-to-enable-jumbo-frame.patch
@@ -0,0 +1,79 @@
+From d85fc17beeb06f9979d63fe4d9fbffbb1a00bba4 Mon Sep 17 00:00:00 2001
+From: Igor Russkikh <igor.russkikh@aquantia.com>
+Date: Mon, 25 Sep 2017 10:48:47 +0300
+Subject: [PATCH] aquantia: Setup max_mtu in ndev to enable jumbo frames
+Git-commit: d85fc17beeb06f9979d63fe4d9fbffbb1a00bba4
+Patch-mainline: v4.14-rc4
+References: bsc#1051510
+
+Although hardware is capable for almost 16K MTU, without max_mtu field
+correctly set it only allows standard MTU to be used.
+This patch enables max MTU, calculating it from hardware maximum frame size
+of 16352 octets (including FCS).
+
+Fixes: 5513e16421cb ("net: ethernet: aquantia: Fixes for aq_ndev_change_mtu")
+
+Signed-off-by: Pavel Belous <Pavel.Belous@aquantia.com>
+Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 11 ++---------
+ .../ethernet/aquantia/atlantic/hw_atl/hw_atl_b0_internal.h | 2 +-
+ 2 files changed, 3 insertions(+), 10 deletions(-)
+
+diff --git a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
+index 6ac9e2602d6d..bf26a59a9d8e 100644
+--- a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
++++ b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
+@@ -214,7 +214,6 @@ struct aq_nic_s *aq_nic_alloc_cold(const struct net_device_ops *ndev_ops,
+ SET_NETDEV_DEV(ndev, dev);
+
+ ndev->if_port = port;
+- ndev->min_mtu = ETH_MIN_MTU;
+ self->ndev = ndev;
+
+ self->aq_pci_func = aq_pci_func;
+@@ -283,6 +282,7 @@ int aq_nic_ndev_init(struct aq_nic_s *self)
+ self->ndev->features = aq_hw_caps->hw_features;
+ self->ndev->priv_flags = aq_hw_caps->hw_priv_flags;
+ self->ndev->mtu = aq_nic_cfg->mtu - ETH_HLEN;
++ self->ndev->max_mtu = self->aq_hw_caps.mtu - ETH_FCS_LEN - ETH_HLEN;
+
+ return 0;
+ }
+@@ -693,16 +693,9 @@ int aq_nic_set_multicast_list(struct aq_nic_s *self, struct net_device *ndev)
+
+ int aq_nic_set_mtu(struct aq_nic_s *self, int new_mtu)
+ {
+- int err = 0;
+-
+- if (new_mtu > self->aq_hw_caps.mtu) {
+- err = -EINVAL;
+- goto err_exit;
+- }
+ self->aq_nic_cfg.mtu = new_mtu;
+
+-err_exit:
+- return err;
++ return 0;
+ }
+
+ int aq_nic_set_mac(struct aq_nic_s *self, struct net_device *ndev)
+diff --git a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0_internal.h b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0_internal.h
+index f3957e930340..fcf89e25a773 100644
+--- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0_internal.h
++++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0_internal.h
+@@ -16,7 +16,7 @@
+
+ #include "../aq_common.h"
+
+-#define HW_ATL_B0_MTU_JUMBO (16000U)
++#define HW_ATL_B0_MTU_JUMBO 16352U
+ #define HW_ATL_B0_MTU 1514U
+
+ #define HW_ATL_B0_TX_RINGS 4U
+--
+2.16.4
+
diff --git a/patches.drivers/ata-ahci-mvebu-remove-stale-comment.patch b/patches.drivers/ata-ahci-mvebu-remove-stale-comment.patch
new file mode 100644
index 0000000000..59cb0e6aa3
--- /dev/null
+++ b/patches.drivers/ata-ahci-mvebu-remove-stale-comment.patch
@@ -0,0 +1,50 @@
+From c9bc136791ba0eefe07ed57d3850b8c5cee6471b Mon Sep 17 00:00:00 2001
+From: Miquel Raynal <miquel.raynal@bootlin.com>
+Date: Tue, 4 Dec 2018 20:28:26 +0100
+Subject: [PATCH] ata: ahci: mvebu: remove stale comment
+Git-commit: c9bc136791ba0eefe07ed57d3850b8c5cee6471b
+Patch-mainline: v5.0-rc2
+References: bsc#1051510
+
+For Armada-38x (32-bit) SoCs, PM platform support has been added since:
+commit 32f9494c9dfd ("ARM: mvebu: prepare pm-board.c for the
+ introduction of Armada 38x support")
+commit 3cbd6a6ca81c ("ARM: mvebu: Add standby support")
+
+For Armada 64-bit SoCs, like the A3700 also using this AHCI driver, PM
+platform support has always existed.
+
+There are even suspend/resume hooks in this driver since:
+commit d6ecf15814888 ("ata: ahci_mvebu: add suspend/resume support")
+
+Remove the stale comment at the end of this driver stating that all
+the above does not exist yet.
+
+Fixes: d6ecf15814888 ("ata: ahci_mvebu: add suspend/resume support")
+Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/ata/ahci_mvebu.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/drivers/ata/ahci_mvebu.c b/drivers/ata/ahci_mvebu.c
+index f9cb51be38eb..128d6f22926d 100644
+--- a/drivers/ata/ahci_mvebu.c
++++ b/drivers/ata/ahci_mvebu.c
+@@ -197,11 +197,6 @@ static const struct of_device_id ahci_mvebu_of_match[] = {
+ };
+ MODULE_DEVICE_TABLE(of, ahci_mvebu_of_match);
+
+-/*
+- * We currently don't provide power management related operations,
+- * since there is no suspend/resume support at the platform level for
+- * Armada 38x for the moment.
+- */
+ static struct platform_driver ahci_mvebu_driver = {
+ .probe = ahci_mvebu_probe,
+ .remove = ata_platform_remove_one,
+--
+2.16.4
+
diff --git a/patches.drivers/gdrom-fix-a-memory-leak-bug.patch b/patches.drivers/gdrom-fix-a-memory-leak-bug.patch
new file mode 100644
index 0000000000..e1c522f8b9
--- /dev/null
+++ b/patches.drivers/gdrom-fix-a-memory-leak-bug.patch
@@ -0,0 +1,41 @@
+From 093c48213ee37c3c3ff1cf5ac1aa2a9d8bc66017 Mon Sep 17 00:00:00 2001
+From: Wenwen Wang <wang6495@umn.edu>
+Date: Wed, 26 Dec 2018 20:15:13 -0600
+Subject: [PATCH] gdrom: fix a memory leak bug
+Git-commit: 093c48213ee37c3c3ff1cf5ac1aa2a9d8bc66017
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+In probe_gdrom(), the buffer pointed by 'gd.cd_info' is allocated through
+kzalloc() and is used to hold the information of the gdrom device. To
+register and unregister the device, the pointer 'gd.cd_info' is passed to
+the functions register_cdrom() and unregister_cdrom(), respectively.
+However, this buffer is not freed after it is used, which can cause a
+memory leak bug.
+
+This patch simply frees the buffer 'gd.cd_info' in exit_gdrom() to fix the
+above issue.
+
+Signed-off-by: Wenwen Wang <wang6495@umn.edu>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/cdrom/gdrom.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
+index a5b8afe3609c..f8b7345fe1cb 100644
+--- a/drivers/cdrom/gdrom.c
++++ b/drivers/cdrom/gdrom.c
+@@ -873,6 +873,7 @@ static void __exit exit_gdrom(void)
+ platform_device_unregister(pd);
+ platform_driver_unregister(&gdrom_driver);
+ kfree(gd.toc);
++ kfree(gd.cd_info);
+ }
+
+ module_init(init_gdrom);
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-cfi_cmdset_0002-Avoid-walking-all-chips-when-unl.patch b/patches.drivers/mtd-cfi_cmdset_0002-Avoid-walking-all-chips-when-unl.patch
new file mode 100644
index 0000000000..cc75da610e
--- /dev/null
+++ b/patches.drivers/mtd-cfi_cmdset_0002-Avoid-walking-all-chips-when-unl.patch
@@ -0,0 +1,37 @@
+From f1ce87f6080b1dda7e7b1eda3da332add19d87b9 Mon Sep 17 00:00:00 2001
+From: Joakim Tjernlund <joakim.tjernlund@infinera.com>
+Date: Wed, 6 Jun 2018 12:13:30 +0200
+Subject: [PATCH] mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
+Git-commit: f1ce87f6080b1dda7e7b1eda3da332add19d87b9
+Patch-mainline: v4.18-rc3
+References: bsc#1051510
+
+cfi_ppb_unlock() walks all flash chips when unlocking sectors,
+avoid walking chips unaffected by the unlock operation.
+
+Fixes: 1648eaaa1575 ("mtd: cfi_cmdset_0002: Support Persistent Protection Bits (PPB) locking")
+Cc: stable@vger.kernel.org
+Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/chips/cfi_cmdset_0002.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c
+index 9cfc2645dd93..1b64ac8c5bc8 100644
+--- a/drivers/mtd/chips/cfi_cmdset_0002.c
++++ b/drivers/mtd/chips/cfi_cmdset_0002.c
+@@ -2676,6 +2676,8 @@ static int __maybe_unused cfi_ppb_unlock(struct mtd_info *mtd, loff_t ofs,
+ i++;
+
+ if (adr >> cfi->chipshift) {
++ if (offset >= (ofs + len))
++ break;
+ adr = 0;
+ chipnum++;
+
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-cfi_cmdset_0002-Change-write-buffer-to-check-cor.patch b/patches.drivers/mtd-cfi_cmdset_0002-Change-write-buffer-to-check-cor.patch
new file mode 100644
index 0000000000..4e15269d60
--- /dev/null
+++ b/patches.drivers/mtd-cfi_cmdset_0002-Change-write-buffer-to-check-cor.patch
@@ -0,0 +1,49 @@
+From dfeae1073583dc35c33b32150e18b7048bbb37e6 Mon Sep 17 00:00:00 2001
+From: Tokunori Ikegami <ikegami@allied-telesis.co.jp>
+Date: Wed, 30 May 2018 18:32:26 +0900
+Subject: [PATCH] mtd: cfi_cmdset_0002: Change write buffer to check correct value
+Git-commit: dfeae1073583dc35c33b32150e18b7048bbb37e6
+Patch-mainline: v4.18-rc1
+References: bsc#1051510
+
+For the word write it is checked if the chip has the correct value.
+But it is not checked for the write buffer as only checked if ready.
+To make sure for the write buffer change to check the value.
+
+It is enough as this patch is only checking the last written word.
+Since it is described by data sheets to check the operation status.
+
+Signed-off-by: Tokunori Ikegami <ikegami@allied-telesis.co.jp>
+Reviewed-by: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>
+Cc: Chris Packham <chris.packham@alliedtelesis.co.nz>
+Cc: Brian Norris <computersforpeace@gmail.com>
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Boris Brezillon <boris.brezillon@free-electrons.com>
+Cc: Marek Vasut <marek.vasut@gmail.com>
+Cc: Richard Weinberger <richard@nod.at>
+Cc: Cyrille Pitchen <cyrille.pitchen@wedev4u.fr>
+Cc: linux-mtd@lists.infradead.org
+Cc: stable@vger.kernel.org
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/chips/cfi_cmdset_0002.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c
+index bd0c30ad8ee7..75d2c16029fd 100644
+--- a/drivers/mtd/chips/cfi_cmdset_0002.c
++++ b/drivers/mtd/chips/cfi_cmdset_0002.c
+@@ -1879,7 +1879,7 @@ static int __xipram do_write_buffer(struct map_info *map, struct flchip *chip,
+ if (time_after(jiffies, timeo) && !chip_ready(map, adr))
+ break;
+
+- if (chip_ready(map, adr)) {
++ if (chip_good(map, adr, datum)) {
+ xip_enable(map, chip, adr);
+ goto op_done;
+ }
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-cfi_cmdset_0002-Fix-unlocking-requests-crossing-.patch b/patches.drivers/mtd-cfi_cmdset_0002-Fix-unlocking-requests-crossing-.patch
new file mode 100644
index 0000000000..a01ed478d4
--- /dev/null
+++ b/patches.drivers/mtd-cfi_cmdset_0002-Fix-unlocking-requests-crossing-.patch
@@ -0,0 +1,40 @@
+From 0cd8116f172eed018907303dbff5c112690eeb91 Mon Sep 17 00:00:00 2001
+From: Joakim Tjernlund <joakim.tjernlund@infinera.com>
+Date: Wed, 6 Jun 2018 12:13:29 +0200
+Subject: [PATCH] mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
+Git-commit: 0cd8116f172eed018907303dbff5c112690eeb91
+Patch-mainline: v4.18-rc3
+References: bsc#1051510
+
+The "sector is in requested range" test used to determine whether
+sectors should be re-locked or not is done on a variable that is reset
+everytime we cross a chip boundary, which can lead to some blocks being
+re-locked while the caller expect them to be unlocked.
+Fix the check to make sure this cannot happen.
+
+Fixes: 1648eaaa1575 ("mtd: cfi_cmdset_0002: Support Persistent Protection Bits (PPB) locking")
+Cc: stable@vger.kernel.org
+Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/chips/cfi_cmdset_0002.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c
+index 87f9925d25f9..9cfc2645dd93 100644
+--- a/drivers/mtd/chips/cfi_cmdset_0002.c
++++ b/drivers/mtd/chips/cfi_cmdset_0002.c
+@@ -2660,7 +2660,7 @@ static int __maybe_unused cfi_ppb_unlock(struct mtd_info *mtd, loff_t ofs,
+ * sectors shall be unlocked, so lets keep their locking
+ * status at "unlocked" (locked=0) for the final re-locking.
+ */
+- if ((adr < ofs) || (adr >= (ofs + len))) {
++ if ((offset < ofs) || (offset >= (ofs + len))) {
+ sect[sectors].chip = &cfi->chips[chipnum];
+ sect[sectors].adr = adr;
+ sect[sectors].locked = do_ppb_xxlock(
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-cfi_cmdset_0002-Use-right-chip-in-do_ppb_xxlock.patch b/patches.drivers/mtd-cfi_cmdset_0002-Use-right-chip-in-do_ppb_xxlock.patch
new file mode 100644
index 0000000000..2cf7e83dc8
--- /dev/null
+++ b/patches.drivers/mtd-cfi_cmdset_0002-Use-right-chip-in-do_ppb_xxlock.patch
@@ -0,0 +1,61 @@
+From f93aa8c4de307069c270b2d81741961162bead6c Mon Sep 17 00:00:00 2001
+From: Joakim Tjernlund <joakim.tjernlund@infinera.com>
+Date: Wed, 6 Jun 2018 12:13:27 +0200
+Subject: [PATCH] mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
+Git-commit: f93aa8c4de307069c270b2d81741961162bead6c
+Patch-mainline: v4.18-rc3
+References: bsc#1051510
+
+do_ppb_xxlock() fails to add chip->start when querying for lock status
+(and chip_ready test), which caused false status reports.
+Fix that by adding adr += chip->start and adjust call sites
+accordingly.
+
+Fixes: 1648eaaa1575 ("mtd: cfi_cmdset_0002: Support Persistent Protection Bits (PPB) locking")
+Cc: stable@vger.kernel.org
+Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/chips/cfi_cmdset_0002.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c
+index a0c655628d6d..aa09d5155429 100644
+--- a/drivers/mtd/chips/cfi_cmdset_0002.c
++++ b/drivers/mtd/chips/cfi_cmdset_0002.c
+@@ -2544,8 +2544,9 @@ static int __maybe_unused do_ppb_xxlock(struct map_info *map,
+ unsigned long timeo;
+ int ret;
+
++ adr += chip->start;
+ mutex_lock(&chip->mutex);
+- ret = get_chip(map, chip, adr + chip->start, FL_LOCKING);
++ ret = get_chip(map, chip, adr, FL_LOCKING);
+ if (ret) {
+ mutex_unlock(&chip->mutex);
+ return ret;
+@@ -2563,8 +2564,8 @@ static int __maybe_unused do_ppb_xxlock(struct map_info *map,
+
+ if (thunk == DO_XXLOCK_ONEBLOCK_LOCK) {
+ chip->state = FL_LOCKING;
+- map_write(map, CMD(0xA0), chip->start + adr);
+- map_write(map, CMD(0x00), chip->start + adr);
++ map_write(map, CMD(0xA0), adr);
++ map_write(map, CMD(0x00), adr);
+ } else if (thunk == DO_XXLOCK_ONEBLOCK_UNLOCK) {
+ /*
+ * Unlocking of one specific sector is not supported, so we
+@@ -2602,7 +2603,7 @@ static int __maybe_unused do_ppb_xxlock(struct map_info *map,
+ map_write(map, CMD(0x00), chip->start);
+
+ chip->state = FL_READY;
+- put_chip(map, chip, adr + chip->start);
++ put_chip(map, chip, adr);
+ mutex_unlock(&chip->mutex);
+
+ return ret;
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-cfi_cmdset_0002-fix-SEGV-unlocking-multiple-chip.patch b/patches.drivers/mtd-cfi_cmdset_0002-fix-SEGV-unlocking-multiple-chip.patch
new file mode 100644
index 0000000000..9b9fc2c206
--- /dev/null
+++ b/patches.drivers/mtd-cfi_cmdset_0002-fix-SEGV-unlocking-multiple-chip.patch
@@ -0,0 +1,58 @@
+From 5fdfc3dbad099281bf027a353d5786c09408a8e5 Mon Sep 17 00:00:00 2001
+From: Joakim Tjernlund <joakim.tjernlund@infinera.com>
+Date: Wed, 6 Jun 2018 12:13:28 +0200
+Subject: [PATCH] mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
+Git-commit: 5fdfc3dbad099281bf027a353d5786c09408a8e5
+Patch-mainline: v4.18-rc3
+References: bsc#1051510
+
+cfi_ppb_unlock() tries to relock all sectors that were locked before
+unlocking the whole chip.
+This locking used the chip start address + the FULL offset from the
+first flash chip, thereby forming an illegal address. Fix that by using
+the chip offset(adr).
+
+Fixes: 1648eaaa1575 ("mtd: cfi_cmdset_0002: Support Persistent Protection Bits (PPB) locking")
+Cc: stable@vger.kernel.org
+Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/chips/cfi_cmdset_0002.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/mtd/chips/cfi_cmdset_0002.c b/drivers/mtd/chips/cfi_cmdset_0002.c
+index aa09d5155429..87f9925d25f9 100644
+--- a/drivers/mtd/chips/cfi_cmdset_0002.c
++++ b/drivers/mtd/chips/cfi_cmdset_0002.c
+@@ -2526,7 +2526,7 @@ static int cfi_atmel_unlock(struct mtd_info *mtd, loff_t ofs, uint64_t len)
+
+ struct ppb_lock {
+ struct flchip *chip;
+- loff_t offset;
++ unsigned long adr;
+ int locked;
+ };
+
+@@ -2662,7 +2662,7 @@ static int __maybe_unused cfi_ppb_unlock(struct mtd_info *mtd, loff_t ofs,
+ */
+ if ((adr < ofs) || (adr >= (ofs + len))) {
+ sect[sectors].chip = &cfi->chips[chipnum];
+- sect[sectors].offset = offset;
++ sect[sectors].adr = adr;
+ sect[sectors].locked = do_ppb_xxlock(
+ map, &cfi->chips[chipnum], adr, 0,
+ DO_XXLOCK_ONEBLOCK_GETLOCK);
+@@ -2706,7 +2706,7 @@ static int __maybe_unused cfi_ppb_unlock(struct mtd_info *mtd, loff_t ofs,
+ */
+ for (i = 0; i < sectors; i++) {
+ if (sect[i].locked)
+- do_ppb_xxlock(map, sect[i].chip, sect[i].offset, 0,
++ do_ppb_xxlock(map, sect[i].chip, sect[i].adr, 0,
+ DO_XXLOCK_ONEBLOCK_LOCK);
+ }
+
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-docg3-don-t-set-conflicting-BCH_CONST_PARAMS-opt.patch b/patches.drivers/mtd-docg3-don-t-set-conflicting-BCH_CONST_PARAMS-opt.patch
new file mode 100644
index 0000000000..395807a9c9
--- /dev/null
+++ b/patches.drivers/mtd-docg3-don-t-set-conflicting-BCH_CONST_PARAMS-opt.patch
@@ -0,0 +1,50 @@
+From be2e1c9dcf76886a83fb1c433a316e26d4ca2550 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Thu, 11 Oct 2018 13:06:16 +0200
+Subject: [PATCH] mtd: docg3: don't set conflicting BCH_CONST_PARAMS option
+Git-commit: be2e1c9dcf76886a83fb1c433a316e26d4ca2550
+Patch-mainline: v4.20-rc2
+References: bsc#1051510
+
+I noticed during the creation of another bugfix that the BCH_CONST_PARAMS
+option that is set by DOCG3 breaks setting variable parameters for any
+other users of the BCH library code.
+
+The only other user we have today is the MTD_NAND software BCH
+implementation (most flash controllers use hardware BCH these days
+and are not affected). I considered removing BCH_CONST_PARAMS entirely
+because of the inherent conflict, but according to the description in
+lib/bch.c there is a significant performance benefit in keeping it.
+
+To avoid the immediate problem of the conflict between MTD_NAND_BCH
+and DOCG3, this only sets the constant parameters if MTD_NAND_BCH
+is disabled, which should fix the problem for all cases that
+are affected. This should also work for all stable kernels.
+
+Note that there is only one machine that actually seems to use the
+DOCG3 driver (arch/arm/mach-pxa/mioa701.c), so most users should have
+the driver disabled, but it almost certainly shows up if we wanted
+to test random kernels on machines that use software BCH in MTD.
+
+Fixes: d13d19ece39f ("mtd: docg3: add ECC correction code")
+Cc: stable@vger.kernel.org
+Cc: Robert Jarzmik <robert.jarzmik@free.fr>
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/devices/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/mtd/devices/Kconfig
++++ b/drivers/mtd/devices/Kconfig
+@@ -196,7 +196,7 @@ comment "Disk-On-Chip Device Drivers"
+ config MTD_DOCG3
+ tristate "M-Systems Disk-On-Chip G3"
+ select BCH
+- select BCH_CONST_PARAMS
++ select BCH_CONST_PARAMS if !MTD_NAND_BCH
+ select BITREVERSE
+ ---help---
+ This provides an MTD device driver for the M-Systems DiskOnChip
diff --git a/patches.drivers/mtd-maps-fix-solutionengine.c-printk-format-warnings.patch b/patches.drivers/mtd-maps-fix-solutionengine.c-printk-format-warnings.patch
new file mode 100644
index 0000000000..e4916e2e47
--- /dev/null
+++ b/patches.drivers/mtd-maps-fix-solutionengine.c-printk-format-warnings.patch
@@ -0,0 +1,64 @@
+From 1d25e3eeed1d987404e2d2e451eebac8c15cecc1 Mon Sep 17 00:00:00 2001
+From: Randy Dunlap <rdunlap@infradead.org>
+Date: Tue, 24 Jul 2018 11:29:01 -0700
+Subject: [PATCH] mtd/maps: fix solutionengine.c printk format warnings
+Git-commit: 1d25e3eeed1d987404e2d2e451eebac8c15cecc1
+Patch-mainline: v4.19-rc1
+References: bsc#1051510
+
+Fix 2 printk format warnings (this driver is currently only used by
+arch/sh/) by using "%pap" instead of "%lx".
+
+Fixes these build warnings:
+
+../drivers/mtd/maps/solutionengine.c: In function 'init_soleng_maps':
+../include/linux/kern_levels.h:5:18: warning: format '%lx' expects argument of type 'long unsigned int', but argument 2 has type 'resource_size_t' {aka 'unsigned int'} [-Wformat=]
+../drivers/mtd/maps/solutionengine.c:62:54: note: format string is defined here
+ printk(KERN_NOTICE "Solution Engine: Flash at 0x%08lx, EPROM at 0x%08lx\n",
+ ~~~~^
+ %08x
+../include/linux/kern_levels.h:5:18: warning: format '%lx' expects argument of type 'long unsigned int', but argument 3 has type 'resource_size_t' {aka 'unsigned int'} [-Wformat=]
+../drivers/mtd/maps/solutionengine.c:62:72: note: format string is defined here
+ printk(KERN_NOTICE "Solution Engine: Flash at 0x%08lx, EPROM at 0x%08lx\n",
+ ~~~~^
+ %08x
+
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Brian Norris <computersforpeace@gmail.com>
+Cc: Boris Brezillon <boris.brezillon@bootlin.com>
+Cc: Marek Vasut <marek.vasut@gmail.com>
+Cc: Richard Weinberger <richard@nod.at>
+Cc: linux-mtd@lists.infradead.org
+Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
+Cc: Rich Felker <dalias@libc.org>
+Cc: linux-sh@vger.kernel.org
+Cc: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
+
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/maps/solutionengine.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/mtd/maps/solutionengine.c b/drivers/mtd/maps/solutionengine.c
+index bb580bc16445..c07f21b20463 100644
+--- a/drivers/mtd/maps/solutionengine.c
++++ b/drivers/mtd/maps/solutionengine.c
+@@ -59,9 +59,9 @@ static int __init init_soleng_maps(void)
+ return -ENXIO;
+ }
+ }
+- printk(KERN_NOTICE "Solution Engine: Flash at 0x%08lx, EPROM at 0x%08lx\n",
+- soleng_flash_map.phys & 0x1fffffff,
+- soleng_eprom_map.phys & 0x1fffffff);
++ printk(KERN_NOTICE "Solution Engine: Flash at 0x%pap, EPROM at 0x%pap\n",
++ &soleng_flash_map.phys,
++ &soleng_eprom_map.phys);
+ flash_mtd->owner = THIS_MODULE;
+
+ eprom_mtd = do_map_probe("map_rom", &soleng_eprom_map);
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-mtd_oobtest-Handle-bitflips-during-reads.patch b/patches.drivers/mtd-mtd_oobtest-Handle-bitflips-during-reads.patch
new file mode 100644
index 0000000000..661b6df78a
--- /dev/null
+++ b/patches.drivers/mtd-mtd_oobtest-Handle-bitflips-during-reads.patch
@@ -0,0 +1,103 @@
+From 12663b442e5ac5aa3d6097cd3f287c71ba46d26e Mon Sep 17 00:00:00 2001
+From: Miquel Raynal <miquel.raynal@free-electrons.com>
+Date: Thu, 11 Jan 2018 21:39:20 +0100
+Subject: [PATCH] mtd: mtd_oobtest: Handle bitflips during reads
+Git-commit: 12663b442e5ac5aa3d6097cd3f287c71ba46d26e
+Patch-mainline: v4.16-rc1
+References: bsc#1051510
+
+Reads from NAND devices usually trigger bitflips, this is an expected
+behavior. While bitflips are under a given threshold, the MTD core
+returns 0. However, when the number of corrected bitflips is above this
+same threshold, -EUCLEAN is returned to inform the upper layer that this
+block is slightly dying and soon the ECC engine will be overtaken so
+actions should be taken to move the data out of it.
+
+This particular condition should not be treated like an error and the
+test should continue.
+
+Signed-off-by: Miquel Raynal <miquel.raynal@free-electrons.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/tests/oobtest.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/drivers/mtd/tests/oobtest.c b/drivers/mtd/tests/oobtest.c
+index 1cb3f7758fb6..766b2c385682 100644
+--- a/drivers/mtd/tests/oobtest.c
++++ b/drivers/mtd/tests/oobtest.c
+@@ -193,6 +193,9 @@ static int verify_eraseblock(int ebnum)
+ ops.datbuf = NULL;
+ ops.oobbuf = readbuf;
+ err = mtd_read_oob(mtd, addr, &ops);
++ if (mtd_is_bitflip(err))
++ err = 0;
++
+ if (err || ops.oobretlen != use_len) {
+ pr_err("error: readoob failed at %#llx\n",
+ (long long)addr);
+@@ -227,6 +230,9 @@ static int verify_eraseblock(int ebnum)
+ ops.datbuf = NULL;
+ ops.oobbuf = readbuf;
+ err = mtd_read_oob(mtd, addr, &ops);
++ if (mtd_is_bitflip(err))
++ err = 0;
++
+ if (err || ops.oobretlen != mtd->oobavail) {
+ pr_err("error: readoob failed at %#llx\n",
+ (long long)addr);
+@@ -286,6 +292,9 @@ static int verify_eraseblock_in_one_go(int ebnum)
+
+ /* read entire block's OOB at one go */
+ err = mtd_read_oob(mtd, addr, &ops);
++ if (mtd_is_bitflip(err))
++ err = 0;
++
+ if (err || ops.oobretlen != len) {
+ pr_err("error: readoob failed at %#llx\n",
+ (long long)addr);
+@@ -527,6 +536,9 @@ static int __init mtd_oobtest_init(void)
+ pr_info("attempting to start read past end of OOB\n");
+ pr_info("an error is expected...\n");
+ err = mtd_read_oob(mtd, addr0, &ops);
++ if (mtd_is_bitflip(err))
++ err = 0;
++
+ if (err) {
+ pr_info("error occurred as expected\n");
+ err = 0;
+@@ -571,6 +583,9 @@ static int __init mtd_oobtest_init(void)
+ pr_info("attempting to read past end of device\n");
+ pr_info("an error is expected...\n");
+ err = mtd_read_oob(mtd, mtd->size - mtd->writesize, &ops);
++ if (mtd_is_bitflip(err))
++ err = 0;
++
+ if (err) {
+ pr_info("error occurred as expected\n");
+ err = 0;
+@@ -615,6 +630,9 @@ static int __init mtd_oobtest_init(void)
+ pr_info("attempting to read past end of device\n");
+ pr_info("an error is expected...\n");
+ err = mtd_read_oob(mtd, mtd->size - mtd->writesize, &ops);
++ if (mtd_is_bitflip(err))
++ err = 0;
++
+ if (err) {
+ pr_info("error occurred as expected\n");
+ err = 0;
+@@ -684,6 +702,9 @@ static int __init mtd_oobtest_init(void)
+ ops.datbuf = NULL;
+ ops.oobbuf = readbuf;
+ err = mtd_read_oob(mtd, addr, &ops);
++ if (mtd_is_bitflip(err))
++ err = 0;
++
+ if (err)
+ goto out;
+ if (memcmpshow(addr, readbuf, writebuf,
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-Fix-nand_do_read_oob-return-value.patch b/patches.drivers/mtd-nand-Fix-nand_do_read_oob-return-value.patch
new file mode 100644
index 0000000000..f5665e4bfc
--- /dev/null
+++ b/patches.drivers/mtd-nand-Fix-nand_do_read_oob-return-value.patch
@@ -0,0 +1,64 @@
+From 87e89ce8d0d14f573c068c61bec2117751fb5103 Mon Sep 17 00:00:00 2001
+From: Miquel Raynal <miquel.raynal@free-electrons.com>
+Date: Fri, 12 Jan 2018 10:13:36 +0100
+Subject: [PATCH] mtd: nand: Fix nand_do_read_oob() return value
+Git-commit: 87e89ce8d0d14f573c068c61bec2117751fb5103
+Patch-mainline: v4.16-rc1
+References: bsc#1051510
+
+Starting from commit 041e4575f034 ("mtd: nand: handle ECC errors in
+OOB"), nand_do_read_oob() (from the NAND core) did return 0 or a
+negative error, and the MTD layer expected it.
+
+However, the trend for the NAND layer is now to return an error or a
+positive number of bitflips. Deciding which status to return to the user
+belongs to the MTD layer.
+
+Commit e47f68587b82 ("mtd: check for max_bitflips in mtd_read_oob()")
+brought this logic to the mtd_read_oob() function while the return value
+coming from nand_do_read_oob() (called by the ->_read_oob() hook) was
+left unchanged.
+
+Fixes: e47f68587b82 ("mtd: check for max_bitflips in mtd_read_oob()")
+Cc: stable@vger.kernel.org
+Signed-off-by: Miquel Raynal <miquel.raynal@free-electrons.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/nand_base.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
+index 96c97588e1ba..3ff77bef9739 100644
+--- a/drivers/mtd/nand/nand_base.c
++++ b/drivers/mtd/nand/nand_base.c
+@@ -3797,6 +3797,7 @@ EXPORT_SYMBOL(nand_write_oob_syndrome);
+ static int nand_do_read_oob(struct mtd_info *mtd, loff_t from,
+ struct mtd_oob_ops *ops)
+ {
++ unsigned int max_bitflips = 0;
+ int page, realpage, chipnr;
+ struct nand_chip *chip = mtd_to_nand(mtd);
+ struct mtd_ecc_stats stats;
+@@ -3854,6 +3855,8 @@ static int nand_do_read_oob(struct mtd_info *mtd, loff_t from,
+ nand_wait_ready(mtd);
+ }
+
++ max_bitflips = max_t(unsigned int, max_bitflips, ret);
++
+ readlen -= len;
+ if (!readlen)
+ break;
+@@ -3879,7 +3882,7 @@ static int nand_do_read_oob(struct mtd_info *mtd, loff_t from,
+ if (mtd->ecc_stats.failed - stats.failed)
+ return -EBADMSG;
+
+- return mtd->ecc_stats.corrected - stats.corrected ? -EUCLEAN : 0;
++ return max_bitflips;
+ }
+
+ /**
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-Fix-writing-mtdoops-to-nand-flash.patch b/patches.drivers/mtd-nand-Fix-writing-mtdoops-to-nand-flash.patch
new file mode 100644
index 0000000000..e8f4e24ad8
--- /dev/null
+++ b/patches.drivers/mtd-nand-Fix-writing-mtdoops-to-nand-flash.patch
@@ -0,0 +1,55 @@
+From 30863e38ebeb500a31cecee8096fb5002677dd9b Mon Sep 17 00:00:00 2001
+From: Brent Taylor <motobud@gmail.com>
+Date: Mon, 30 Oct 2017 22:32:45 -0500
+Subject: [PATCH] mtd: nand: Fix writing mtdoops to nand flash.
+Git-commit: 30863e38ebeb500a31cecee8096fb5002677dd9b
+Patch-mainline: v4.15-rc1
+References: bsc#1051510
+
+When mtdoops calls mtd_panic_write(), it eventually calls
+panic_nand_write() in nand_base.c. In order to properly wait for the
+nand chip to be ready in panic_nand_wait(), the chip must first be
+selected.
+
+When using the atmel nand flash controller, a panic would occur due to
+a NULL pointer exception.
+
+Fixes: 2af7c6539931 ("mtd: Add panic_write for NAND flashes")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Brent Taylor <motobud@gmail.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/nand_base.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
+index 4c867115c53b..e48bf8260f54 100644
+--- a/drivers/mtd/nand/nand_base.c
++++ b/drivers/mtd/nand/nand_base.c
+@@ -2799,15 +2799,18 @@ static int panic_nand_write(struct mtd_info *mtd, loff_t to, size_t len,
+ size_t *retlen, const uint8_t *buf)
+ {
+ struct nand_chip *chip = mtd_to_nand(mtd);
++ int chipnr = (int)(to >> chip->chip_shift);
+ struct mtd_oob_ops ops;
+ int ret;
+
+- /* Wait for the device to get ready */
+- panic_nand_wait(mtd, chip, 400);
+-
+ /* Grab the device */
+ panic_nand_get_device(chip, mtd, FL_WRITING);
+
++ chip->select_chip(mtd, chipnr);
++
++ /* Wait for the device to get ready */
++ panic_nand_wait(mtd, chip, 400);
++
+ memset(&ops, 0, sizeof(ops));
+ ops.len = len;
+ ops.datbuf = (uint8_t *)buf;
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-atmel-Fix-get_sectorsize-function.patch b/patches.drivers/mtd-nand-atmel-Fix-get_sectorsize-function.patch
new file mode 100644
index 0000000000..2ccbe5798a
--- /dev/null
+++ b/patches.drivers/mtd-nand-atmel-Fix-get_sectorsize-function.patch
@@ -0,0 +1,41 @@
+From 2b1b1b4ac716fd929a2d221bd4ade62263bed915 Mon Sep 17 00:00:00 2001
+From: Boris Brezillon <boris.brezillon@bootlin.com>
+Date: Tue, 27 Mar 2018 19:01:58 +0200
+Subject: [PATCH] mtd: nand: atmel: Fix get_sectorsize() function
+Git-commit: 2b1b1b4ac716fd929a2d221bd4ade62263bed915
+Patch-mainline: v4.16
+References: bsc#1051510
+
+get_sectorsize() was not using the appropriate macro to extract the
+ECC sector size from the config cache, which led to buggy ECC when
+using 1024 byte sectors.
+
+Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver")
+Cc: <stable@vger.kernel.org>
+Reported-by: Olivier Schonken <olivier.schonken@gmail.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Reviewed-by: Richard Weinberger <richard@nod.at>
+Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
+Tested-by: Olivier Schonken <olivier.schonken@gmail.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/atmel/pmecc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/mtd/nand/atmel/pmecc.c b/drivers/mtd/nand/atmel/pmecc.c
+index fcbe4fd6e684..ca0a70389ba9 100644
+--- a/drivers/mtd/nand/atmel/pmecc.c
++++ b/drivers/mtd/nand/atmel/pmecc.c
+@@ -426,7 +426,7 @@ static int get_strength(struct atmel_pmecc_user *user)
+
+ static int get_sectorsize(struct atmel_pmecc_user *user)
+ {
+- return user->cache.cfg & PMECC_LOOKUP_TABLE_SIZE_1024 ? 1024 : 512;
++ return user->cache.cfg & PMECC_CFG_SECTOR1024 ? 1024 : 512;
+ }
+
+ static void atmel_pmecc_gen_syndrome(struct atmel_pmecc_user *user, int sector)
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-atmel-fix-buffer-overflow-in-atmel_pmecc_us.patch b/patches.drivers/mtd-nand-atmel-fix-buffer-overflow-in-atmel_pmecc_us.patch
new file mode 100644
index 0000000000..d913735d85
--- /dev/null
+++ b/patches.drivers/mtd-nand-atmel-fix-buffer-overflow-in-atmel_pmecc_us.patch
@@ -0,0 +1,42 @@
+From 36de80740008e6a4a55115b4a92e2059e47c1cba Mon Sep 17 00:00:00 2001
+From: Richard Genoud <richard.genoud@gmail.com>
+Date: Wed, 27 Sep 2017 14:49:17 +0200
+Subject: [PATCH] mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user
+Git-commit: 36de80740008e6a4a55115b4a92e2059e47c1cba
+Patch-mainline: v4.14-rc3
+References: bsc#1051510
+
+When calculating the size needed by struct atmel_pmecc_user *user,
+the dmu and delta buffer sizes were forgotten.
+This lead to a memory corruption (especially with a large ecc_strength).
+
+Link: http://lkml.kernel.org/r/1506503157.3016.5.camel@gmail.com
+Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver")
+Cc: stable@vger.kernel.org
+Reported-by: Richard Genoud <richard.genoud@gmail.com>
+Pointed-at-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Signed-off-by: Richard Genoud <richard.genoud@gmail.com>
+Reviewed-by: Nicolas Ferre <nicolas.ferre@microchip.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/atmel/pmecc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/mtd/nand/atmel/pmecc.c b/drivers/mtd/nand/atmel/pmecc.c
+index 146af8218314..8268636675ef 100644
+--- a/drivers/mtd/nand/atmel/pmecc.c
++++ b/drivers/mtd/nand/atmel/pmecc.c
+@@ -363,7 +363,7 @@ atmel_pmecc_create_user(struct atmel_pmecc *pmecc,
+ size += (req->ecc.strength + 1) * sizeof(u16);
+ /* Reserve space for mu, dmu and delta. */
+ size = ALIGN(size, sizeof(s32));
+- size += (req->ecc.strength + 1) * sizeof(s32);
++ size += (req->ecc.strength + 1) * sizeof(s32) * 3;
+
+ user = kzalloc(size, GFP_KERNEL);
+ if (!user)
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-atmel-fix-of_irq_get-error-check.patch b/patches.drivers/mtd-nand-atmel-fix-of_irq_get-error-check.patch
new file mode 100644
index 0000000000..adb29db382
--- /dev/null
+++ b/patches.drivers/mtd-nand-atmel-fix-of_irq_get-error-check.patch
@@ -0,0 +1,61 @@
+From 892dd1831392adbdf4e55d0c284c3aea6ba4d855 Mon Sep 17 00:00:00 2001
+From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
+Date: Sun, 6 Aug 2017 00:14:28 +0300
+Subject: [PATCH] mtd: nand: atmel: fix of_irq_get() error check
+Git-commit: 892dd1831392adbdf4e55d0c284c3aea6ba4d855
+Patch-mainline: v4.14-rc1
+References: bsc#1051510
+
+of_irq_get() may return 0 as well as negative error number on failure,
+while the driver only checks for the negative values. The driver would
+then call devm_request_irq() for IRQ0 in its probe method and never get
+a valid interrupt.
+
+Check for 'nc->irq <= 0' instead and return -ENXIO from the driver's probe
+if of_irq_get() returned 0.
+
+Fixes: f88fc122cc34 ("mtd: nand: Cleanup/rework the atmel_nand driver")
+Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
+Acked-by: Wenyou Yang <Wenyou.yang@microchip.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/atmel/nand-controller.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/mtd/nand/atmel/nand-controller.c b/drivers/mtd/nand/atmel/nand-controller.c
+index d922a88e407f..6b9d0ba3d707 100644
+--- a/drivers/mtd/nand/atmel/nand-controller.c
++++ b/drivers/mtd/nand/atmel/nand-controller.c
+@@ -2078,8 +2078,8 @@ atmel_hsmc_nand_controller_legacy_init(struct atmel_hsmc_nand_controller *nc)
+ }
+
+ nc->irq = of_irq_get(nand_np, 0);
+- if (nc->irq < 0) {
+- ret = nc->irq;
++ if (nc->irq <= 0) {
++ ret = nc->irq ?: -ENXIO;
+ if (ret != -EPROBE_DEFER)
+ dev_err(dev, "Failed to get IRQ number (err = %d)\n",
+ ret);
+@@ -2168,11 +2168,12 @@ atmel_hsmc_nand_controller_init(struct atmel_hsmc_nand_controller *nc)
+
+ nc->irq = of_irq_get(np, 0);
+ of_node_put(np);
+- if (nc->irq < 0) {
+- if (nc->irq != -EPROBE_DEFER)
++ if (nc->irq <= 0) {
++ ret = nc->irq ?: -ENXIO;
++ if (ret != -EPROBE_DEFER)
+ dev_err(dev, "Failed to get IRQ number (err = %d)\n",
+- nc->irq);
+- return nc->irq;
++ ret);
++ return ret;
+ }
+
+ np = of_parse_phandle(dev->of_node, "atmel,nfc-io", 0);
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-brcmnand-Disable-prefetch-by-default.patch b/patches.drivers/mtd-nand-brcmnand-Disable-prefetch-by-default.patch
new file mode 100644
index 0000000000..fcfc365dd1
--- /dev/null
+++ b/patches.drivers/mtd-nand-brcmnand-Disable-prefetch-by-default.patch
@@ -0,0 +1,50 @@
+From f953f0f89663c39f08f4baaa8a4a881401b65654 Mon Sep 17 00:00:00 2001
+From: Kamal Dasu <kdasu.kdev@gmail.com>
+Date: Mon, 8 Jan 2018 15:36:48 -0500
+Subject: [PATCH] mtd: nand: brcmnand: Disable prefetch by default
+Git-commit: f953f0f89663c39f08f4baaa8a4a881401b65654
+Patch-mainline: v4.16-rc1
+References: bsc#1051510
+
+Brcm nand controller prefetch feature needs to be disabled
+by default. Enabling affects performance on random reads as
+well as dma reads.
+
+Signed-off-by: Kamal Dasu <kdasu.kdev@gmail.com>
+Fixes: 27c5b17cd1b1 ("mtd: nand: add NAND driver "library" for Broadcom STB NAND controller")
+Cc: <stable@vger.kernel.org>
+Acked-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/brcmnand/brcmnand.c | 13 +++----------
+ 1 file changed, 3 insertions(+), 10 deletions(-)
+
+diff --git a/drivers/mtd/nand/brcmnand/brcmnand.c b/drivers/mtd/nand/brcmnand/brcmnand.c
+index e0797abb1ebd..b81ddbaae149 100644
+--- a/drivers/mtd/nand/brcmnand/brcmnand.c
++++ b/drivers/mtd/nand/brcmnand/brcmnand.c
+@@ -2200,16 +2200,9 @@ static int brcmnand_setup_dev(struct brcmnand_host *host)
+ if (ctrl->nand_version >= 0x0702)
+ tmp |= ACC_CONTROL_RD_ERASED;
+ tmp &= ~ACC_CONTROL_FAST_PGM_RDIN;
+- if (ctrl->features & BRCMNAND_HAS_PREFETCH) {
+- /*
+- * FIXME: Flash DMA + prefetch may see spurious erased-page ECC
+- * errors
+- */
+- if (has_flash_dma(ctrl))
+- tmp &= ~ACC_CONTROL_PREFETCH;
+- else
+- tmp |= ACC_CONTROL_PREFETCH;
+- }
++ if (ctrl->features & BRCMNAND_HAS_PREFETCH)
++ tmp &= ~ACC_CONTROL_PREFETCH;
++
+ nand_writereg(ctrl, offs, tmp);
+
+ return 0;
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-brcmnand-Zero-bitflip-is-not-an-error.patch b/patches.drivers/mtd-nand-brcmnand-Zero-bitflip-is-not-an-error.patch
new file mode 100644
index 0000000000..f4141c8e2e
--- /dev/null
+++ b/patches.drivers/mtd-nand-brcmnand-Zero-bitflip-is-not-an-error.patch
@@ -0,0 +1,40 @@
+From e44b9a9c135727f3410e029910275f40681dc8bc Mon Sep 17 00:00:00 2001
+From: Albert Hsieh <wen.hsieh@broadcom.com>
+Date: Mon, 20 Nov 2017 11:26:26 +0800
+Subject: [PATCH] mtd: nand: brcmnand: Zero bitflip is not an error
+Git-commit: e44b9a9c135727f3410e029910275f40681dc8bc
+Patch-mainline: v4.15-rc5
+References: bsc#1051510
+
+A negative return value of brcmstb_nand_verify_erased_page() indicates a
+real bitflip error of an erased page, and other return values (>= 0) show
+the corrected bitflip number. Zero return value means no bitflip, but the
+current driver code treats it as an error, and eventually leads to
+falsely reported ECC error.
+
+Fixes: 02b88eea9f9c ("mtd: brcmnand: Add check for erased page bitflip")
+Signed-off-by: Albert Hsieh <wen.hsieh@broadcom.com>
+Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/brcmnand/brcmnand.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/mtd/nand/brcmnand/brcmnand.c b/drivers/mtd/nand/brcmnand/brcmnand.c
+index e0eb51d8c012..dd56a671ea42 100644
+--- a/drivers/mtd/nand/brcmnand/brcmnand.c
++++ b/drivers/mtd/nand/brcmnand/brcmnand.c
+@@ -1763,7 +1763,7 @@ static int brcmnand_read(struct mtd_info *mtd, struct nand_chip *chip,
+ err = brcmstb_nand_verify_erased_page(mtd, chip, buf,
+ addr);
+ /* erased page bitflips corrected */
+- if (err > 0)
++ if (err >= 0)
+ return err;
+ }
+
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-denali_pci-add-missing-MODULE_DESCRIPTION-A.patch b/patches.drivers/mtd-nand-denali_pci-add-missing-MODULE_DESCRIPTION-A.patch
new file mode 100644
index 0000000000..4ab61c8001
--- /dev/null
+++ b/patches.drivers/mtd-nand-denali_pci-add-missing-MODULE_DESCRIPTION-A.patch
@@ -0,0 +1,37 @@
+From d822401d1c6898a4a4ee03977b78b8cec402e88a Mon Sep 17 00:00:00 2001
+From: Jesse Chan <jc@linux.com>
+Date: Mon, 20 Nov 2017 12:57:13 -0800
+Subject: [PATCH] mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+Git-commit: d822401d1c6898a4a4ee03977b78b8cec402e88a
+Patch-mainline: v4.16-rc1
+References: bsc#1051510
+
+This change resolves a new compile-time warning
+when built as a loadable module:
+
+Warning: modpost: missing MODULE_LICENSE() in drivers/mtd/nand/denali_pci.o
+see include/linux/module.h for more information
+
+This adds the license as "GPL v2", which matches the header of the file.
+
+MODULE_DESCRIPTION and MODULE_AUTHOR are also added.
+
+Signed-off-by: Jesse Chan <jc@linux.com>
+Acked-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/denali_pci.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/mtd/nand/denali_pci.c
++++ b/drivers/mtd/nand/denali_pci.c
+@@ -118,3 +118,7 @@ static struct pci_driver denali_pci_driv
+ };
+
+ module_pci_driver(denali_pci_driver);
++
++MODULE_DESCRIPTION("PCI driver for Denali NAND controller");
++MODULE_AUTHOR("Intel Corporation and its suppliers");
++MODULE_LICENSE("GPL v2");
diff --git a/patches.drivers/mtd-nand-fix-interpretation-of-NAND_CMD_NONE-in-nand.patch b/patches.drivers/mtd-nand-fix-interpretation-of-NAND_CMD_NONE-in-nand.patch
new file mode 100644
index 0000000000..8fb3b4a135
--- /dev/null
+++ b/patches.drivers/mtd-nand-fix-interpretation-of-NAND_CMD_NONE-in-nand.patch
@@ -0,0 +1,73 @@
+From df467899da0b71465760b4e35127bce837244eee Mon Sep 17 00:00:00 2001
+From: Miquel Raynal <miquel.raynal@free-electrons.com>
+Date: Wed, 8 Nov 2017 17:00:27 +0100
+Subject: [PATCH] mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]()
+Git-commit: df467899da0b71465760b4e35127bce837244eee
+Patch-mainline: v4.16-rc1
+References: bsc#1051510
+
+Some drivers (like nand_hynix.c) call ->cmdfunc() with NAND_CMD_NONE
+and a column address and expect the controller to only send address
+cycles. Right now, the default ->cmdfunc() implementations provided by
+the core do not filter out the command cycle in this case and forwards
+the request to the controller driver through the ->cmd_ctrl() method.
+The thing is, NAND controller drivers can get this wrong and send a
+command cycle with a NAND_CMD_NONE opcode and since NAND_CMD_NONE is
+-1, and the command field is usually casted to an u8, we end up sending
+the 0xFF command which is actually a RESET operation.
+
+Add conditions in nand_command[_lp]() functions to sending the initial
+command cycle when command == NAND_CMD_NONE.
+
+Signed-off-by: Miquel Raynal <miquel.raynal@free-electrons.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/nand_base.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/mtd/nand/nand_base.c b/drivers/mtd/nand/nand_base.c
+index 6135d007a068..630048f5abdc 100644
+--- a/drivers/mtd/nand/nand_base.c
++++ b/drivers/mtd/nand/nand_base.c
+@@ -710,7 +710,8 @@ static void nand_command(struct mtd_info *mtd, unsigned int command,
+ chip->cmd_ctrl(mtd, readcmd, ctrl);
+ ctrl &= ~NAND_CTRL_CHANGE;
+ }
+- chip->cmd_ctrl(mtd, command, ctrl);
++ if (command != NAND_CMD_NONE)
++ chip->cmd_ctrl(mtd, command, ctrl);
+
+ /* Address cycle, when necessary */
+ ctrl = NAND_CTRL_ALE | NAND_CTRL_CHANGE;
+@@ -738,6 +739,7 @@ static void nand_command(struct mtd_info *mtd, unsigned int command,
+ */
+ switch (command) {
+
++ case NAND_CMD_NONE:
+ case NAND_CMD_PAGEPROG:
+ case NAND_CMD_ERASE1:
+ case NAND_CMD_ERASE2:
+@@ -831,7 +833,9 @@ static void nand_command_lp(struct mtd_info *mtd, unsigned int command,
+ }
+
+ /* Command latch cycle */
+- chip->cmd_ctrl(mtd, command, NAND_NCE | NAND_CLE | NAND_CTRL_CHANGE);
++ if (command != NAND_CMD_NONE)
++ chip->cmd_ctrl(mtd, command,
++ NAND_NCE | NAND_CLE | NAND_CTRL_CHANGE);
+
+ if (column != -1 || page_addr != -1) {
+ int ctrl = NAND_CTRL_CHANGE | NAND_NCE | NAND_ALE;
+@@ -866,6 +870,7 @@ static void nand_command_lp(struct mtd_info *mtd, unsigned int command,
+ */
+ switch (command) {
+
++ case NAND_CMD_NONE:
+ case NAND_CMD_CACHEDPROG:
+ case NAND_CMD_PAGEPROG:
+ case NAND_CMD_ERASE1:
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-fsl_ifc-Fix-nand-waitfunc-return-value.patch b/patches.drivers/mtd-nand-fsl_ifc-Fix-nand-waitfunc-return-value.patch
new file mode 100644
index 0000000000..f1316cf01f
--- /dev/null
+++ b/patches.drivers/mtd-nand-fsl_ifc-Fix-nand-waitfunc-return-value.patch
@@ -0,0 +1,50 @@
+From fa8e6d58c5bc260f4369c6699683d69695daed0a Mon Sep 17 00:00:00 2001
+From: Jagdish Gediya <jagdish.gediya@nxp.com>
+Date: Wed, 21 Mar 2018 04:31:36 +0530
+Subject: [PATCH] mtd: nand: fsl_ifc: Fix nand waitfunc return value
+Git-commit: fa8e6d58c5bc260f4369c6699683d69695daed0a
+Patch-mainline: v4.16-rc7
+References: bsc#1051510
+
+As per the IFC hardware manual, Most significant 2 bytes in
+nand_fsr register are the outcome of NAND READ STATUS command.
+
+So status value need to be shifted and aligned as per the nand
+framework requirement.
+
+Fixes: 82771882d960 ("NAND Machine support for Integrated Flash Controller")
+Cc: stable@vger.kernel.org # v3.18+
+Signed-off-by: Jagdish Gediya <jagdish.gediya@nxp.com>
+Reviewed-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/fsl_ifc_nand.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/mtd/nand/fsl_ifc_nand.c
++++ b/drivers/mtd/nand/fsl_ifc_nand.c
+@@ -653,6 +653,7 @@ static int fsl_ifc_wait(struct mtd_info
+ struct fsl_ifc_ctrl *ctrl = priv->ctrl;
+ struct fsl_ifc_runtime __iomem *ifc = ctrl->rregs;
+ u32 nand_fsr;
++ int status;
+
+ /* Use READ_STATUS command, but wait for the device to be ready */
+ ifc_out32((IFC_FIR_OP_CW0 << IFC_NAND_FIR0_OP0_SHIFT) |
+@@ -667,12 +668,12 @@ static int fsl_ifc_wait(struct mtd_info
+ fsl_ifc_run_command(mtd);
+
+ nand_fsr = ifc_in32(&ifc->ifc_nand.nand_fsr);
+-
++ status = nand_fsr >> 24;
+ /*
+ * The chip always seems to report that it is
+ * write-protected, even when it is not.
+ */
+- return nand_fsr | NAND_STATUS_WP;
++ return status | NAND_STATUS_WP;
+ }
+
+ static int fsl_ifc_read_page(struct mtd_info *mtd, struct nand_chip *chip,
diff --git a/patches.drivers/mtd-nand-gpmi-Fix-failure-when-a-erased-page-has-a-b.patch b/patches.drivers/mtd-nand-gpmi-Fix-failure-when-a-erased-page-has-a-b.patch
new file mode 100644
index 0000000000..994cc7184a
--- /dev/null
+++ b/patches.drivers/mtd-nand-gpmi-Fix-failure-when-a-erased-page-has-a-b.patch
@@ -0,0 +1,66 @@
+From fdf2e821052958a114618a95ab18a300d0b080cb Mon Sep 17 00:00:00 2001
+From: Sascha Hauer <s.hauer@pengutronix.de>
+Date: Tue, 5 Dec 2017 11:51:40 +0100
+Subject: [PATCH] mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
+Git-commit: fdf2e821052958a114618a95ab18a300d0b080cb
+Patch-mainline: v4.15-rc5
+References: bsc#1051510
+
+When erased subpages are read then the BCH decoder returns STATUS_ERASED
+if they are all empty, or STATUS_UNCORRECTABLE if there are bitflips.
+When there are bitflips, we have to set these bits again to show the
+upper layers a completely erased page. When a bitflip happens in the
+exact byte where the bad block marker is, then this byte is swapped
+with another byte in block_mark_swapping(). The correction code then
+detects a bitflip in another subpage and no longer corrects the bitflip
+where it really happens.
+
+Correct this behaviour by calling block_mark_swapping() after the
+bitflips have been corrected.
+
+In our case UBIFS failed with this bug because it expects erased
+pages to be really empty:
+
+UBIFS error (pid 187): ubifs_scan: corrupt empty space at LEB 36:118735
+UBIFS error (pid 187): ubifs_scanned_corruption: corruption at LEB 36:118735
+UBIFS error (pid 187): ubifs_scanned_corruption: first 8192 bytes from LEB 36:118735
+UBIFS error (pid 187): ubifs_scan: LEB 36 scanning failed
+UBIFS error (pid 187): do_commit: commit failed, error -117
+
+Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
+Reviewed-by: Richard Weinberger <richard@nod.at>
+Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
+index 50f8d4a1b983..d4d824ef64e9 100644
+--- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
++++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c
+@@ -1067,9 +1067,6 @@ static int gpmi_ecc_read_page(struct mtd_info *mtd, struct nand_chip *chip,
+ return ret;
+ }
+
+- /* handle the block mark swapping */
+- block_mark_swapping(this, payload_virt, auxiliary_virt);
+-
+ /* Loop over status bytes, accumulating ECC status. */
+ status = auxiliary_virt + nfc_geo->auxiliary_status_offset;
+
+@@ -1158,6 +1155,9 @@ static int gpmi_ecc_read_page(struct mtd_info *mtd, struct nand_chip *chip,
+ max_bitflips = max_t(unsigned int, max_bitflips, *status);
+ }
+
++ /* handle the block mark swapping */
++ block_mark_swapping(this, buf, auxiliary_virt);
++
+ if (oob_required) {
+ /*
+ * It's time to deliver the OOB bytes. See gpmi_ecc_read_oob()
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-ifc-update-bufnum-mask-for-ver-2.0.0.patch b/patches.drivers/mtd-nand-ifc-update-bufnum-mask-for-ver-2.0.0.patch
new file mode 100644
index 0000000000..1f58c5e83e
--- /dev/null
+++ b/patches.drivers/mtd-nand-ifc-update-bufnum-mask-for-ver-2.0.0.patch
@@ -0,0 +1,38 @@
+From bccb06c353af3764ca86d9da47652458e6c2eb41 Mon Sep 17 00:00:00 2001
+From: Jagdish Gediya <jagdish.gediya@nxp.com>
+Date: Thu, 23 Nov 2017 17:04:31 +0530
+Subject: [PATCH] mtd: nand: ifc: update bufnum mask for ver >= 2.0.0
+Git-commit: bccb06c353af3764ca86d9da47652458e6c2eb41
+Patch-mainline: v4.16-rc1
+References: bsc#1051510
+
+Bufnum mask is used to calculate page position in the internal SRAM.
+
+As IFC version 2.0.0 has 16KB of internal SRAM as compared to older
+versions which had 8KB. Hence bufnum mask needs to be updated.
+
+Signed-off-by: Jagdish Gediya <jagdish.gediya@nxp.com>
+Signed-off-by: Prabhakar Kushwaha <prabhakar.kushwaha@nxp.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/fsl_ifc_nand.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/mtd/nand/fsl_ifc_nand.c
++++ b/drivers/mtd/nand/fsl_ifc_nand.c
+@@ -904,6 +904,13 @@ static int fsl_ifc_chip_init(struct fsl_
+ if (ctrl->version == FSL_IFC_VERSION_1_1_0)
+ fsl_ifc_sram_init(priv);
+
++ /*
++ * As IFC version 2.0.0 has 16KB of internal SRAM as compared to older
++ * versions which had 8KB. Hence bufnum mask needs to be updated.
++ */
++ if (ctrl->version >= FSL_IFC_VERSION_2_0_0)
++ priv->bufnum_mask = (priv->bufnum_mask * 2) + 1;
++
+ return 0;
+ }
+
diff --git a/patches.drivers/mtd-nand-mtk-fix-infinite-ECC-decode-IRQ-issue.patch b/patches.drivers/mtd-nand-mtk-fix-infinite-ECC-decode-IRQ-issue.patch
new file mode 100644
index 0000000000..02fc83296f
--- /dev/null
+++ b/patches.drivers/mtd-nand-mtk-fix-infinite-ECC-decode-IRQ-issue.patch
@@ -0,0 +1,100 @@
+From 1d2fcdcf33339c7c8016243de0f7f31cf6845e8d Mon Sep 17 00:00:00 2001
+From: Xiaolei Li <xiaolei.li@mediatek.com>
+Date: Mon, 30 Oct 2017 10:39:56 +0800
+Subject: [PATCH] mtd: nand: mtk: fix infinite ECC decode IRQ issue
+Git-commit: 1d2fcdcf33339c7c8016243de0f7f31cf6845e8d
+Patch-mainline: v4.15-rc1
+References: bsc#1051510
+
+For MT2701 NAND Controller, there may generate infinite ECC decode IRQ
+during long time burn test on some platforms. Once this issue occurred,
+the ECC decode IRQ status cannot be cleared in the IRQ handler function,
+and threads cannot be scheduled.
+
+ECC HW generates decode IRQ each sector, so there will have more than one
+decode IRQ if read one page of large page NAND.
+
+Currently, ECC IRQ handle flow is that we will check whether it is decode
+IRQ at first by reading the register ECC_DECIRQ_STA. This is a read-clear
+type register. If this IRQ is decode IRQ, then the ECC IRQ signal will be
+cleared at the same time.
+Secondly, we will check whether all sectors are decoded by reading the
+register ECC_DECDONE. This is because the current IRQ may be not dealed
+in time, and the next sectors have been decoded before reading the
+register ECC_DECIRQ_STA. Then, the next sectors's decode IRQs will not
+be generated.
+Thirdly, if all sectors are decoded by comparing with ecc->sectors, then we
+will complete ecc->done, set ecc->sectors as 0, and disable ECC IRQ by
+programming the register ECC_IRQ_REG(op) as 0. Otherwise, wait for the
+next ECC IRQ.
+
+But, there is a timing issue between step one and two. When we read the
+reigster ECC_DECIRQ_STA, all sectors are decoded except the last sector,
+and the ECC IRQ signal is cleared. But the last sector is decoded before
+reading ECC_DECDONE, so the ECC IRQ signal is enabled again by ECC HW, and
+it means we will receive one extra ECC IRQ later. In step three, we will
+find that all sectors were decoded, then disable ECC IRQ and return.
+When deal with the extra ECC IRQ, the ECC IRQ status cannot be cleared
+anymore. That is because the register ECC_DECIRQ_STA can only be cleared
+when the register ECC_IRQ_REG(op) is enabled. But actually we have
+disabled ECC IRQ in the previous ECC IRQ handle. So, there will
+keep receiving ECC decode IRQ.
+
+Now, we read the register ECC_DECIRQ_STA once again before completing the
+ecc done event. This ensures that there will be no extra ECC decode IRQ.
+
+Also, remove writel(0, ecc->regs + ECC_IRQ_REG(op)) from irq handler,
+because ECC IRQ is disabled in mtk_ecc_disable(). And clear ECC_DECIRQ_STA
+in mtk_ecc_disable() in case there is a timeout to wait decode IRQ.
+
+Fixes: 1d6b1e464950 ("mtd: mediatek: driver for MTK Smart Device")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Xiaolei Li <xiaolei.li@mediatek.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/mtk_ecc.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/mtd/nand/mtk_ecc.c b/drivers/mtd/nand/mtk_ecc.c
+index 7f3b065b6b8f..c51d214d169e 100644
+--- a/drivers/mtd/nand/mtk_ecc.c
++++ b/drivers/mtd/nand/mtk_ecc.c
+@@ -115,6 +115,11 @@ static irqreturn_t mtk_ecc_irq(int irq, void *id)
+ op = ECC_DECODE;
+ dec = readw(ecc->regs + ECC_DECDONE);
+ if (dec & ecc->sectors) {
++ /*
++ * Clear decode IRQ status once again to ensure that
++ * there will be no extra IRQ.
++ */
++ readw(ecc->regs + ECC_DECIRQ_STA);
+ ecc->sectors = 0;
+ complete(&ecc->done);
+ } else {
+@@ -130,8 +135,6 @@ static irqreturn_t mtk_ecc_irq(int irq, void *id)
+ }
+ }
+
+- writel(0, ecc->regs + ECC_IRQ_REG(op));
+-
+ return IRQ_HANDLED;
+ }
+
+@@ -307,6 +310,12 @@ void mtk_ecc_disable(struct mtk_ecc *ecc)
+
+ /* disable it */
+ mtk_ecc_wait_idle(ecc, op);
++ if (op == ECC_DECODE)
++ /*
++ * Clear decode IRQ status in case there is a timeout to wait
++ * decode IRQ.
++ */
++ readw(ecc->regs + ECC_DECIRQ_STA);
+ writew(0, ecc->regs + ECC_IRQ_REG(op));
+ writew(ECC_OP_DISABLE, ecc->regs + ECC_CTL_REG(op));
+
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-omap2-Fix-subpage-write.patch b/patches.drivers/mtd-nand-omap2-Fix-subpage-write.patch
new file mode 100644
index 0000000000..fba9df2d12
--- /dev/null
+++ b/patches.drivers/mtd-nand-omap2-Fix-subpage-write.patch
@@ -0,0 +1,465 @@
+From 739c64414f01748a36e7d82c8e0611dea94412bd Mon Sep 17 00:00:00 2001
+From: Roger Quadros <rogerq@ti.com>
+Date: Fri, 20 Oct 2017 15:16:21 +0300
+Subject: [PATCH] mtd: nand: omap2: Fix subpage write
+Git-commit: 739c64414f01748a36e7d82c8e0611dea94412bd
+Patch-mainline: v4.15-rc1
+References: bsc#1051510
+
+Since v4.12, NAND subpage writes were causing a NULL pointer
+dereference on OMAP platforms (omap2-nand) using OMAP_ECC_BCH4_CODE_HW,
+OMAP_ECC_BCH8_CODE_HW and OMAP_ECC_BCH16_CODE_HW.
+
+This is because for those ECC modes, omap_calculate_ecc_bch()
+generates ECC bytes for the entire (multi-sector) page and this can
+overflow the ECC buffer provided by nand_write_subpage_hwecc()
+as it expects ecc.calculate() to return ECC bytes for just one sector.
+
+However, the root cause of the problem is present since v3.9
+but was not seen then as NAND buffers were being allocated
+as one big chunk prior to commit 3deb9979c731 ("mtd: nand: allocate
+aligned buffers if NAND_OWN_BUFFERS is unset").
+
+Fix the issue by providing a OMAP optimized write_subpage()
+implementation.
+
+Fixes: 62116e5171e0 ("mtd: nand: omap2: Support for hardware BCH error correction.")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Roger Quadros <rogerq@ti.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/omap2.c | 339 +++++++++++++++++++++++++++++++----------------
+ 1 file changed, 224 insertions(+), 115 deletions(-)
+
+diff --git a/drivers/mtd/nand/omap2.c b/drivers/mtd/nand/omap2.c
+index a97c1aeed55e..dad438c4906a 100644
+--- a/drivers/mtd/nand/omap2.c
++++ b/drivers/mtd/nand/omap2.c
+@@ -1133,129 +1133,172 @@ static u8 bch8_polynomial[] = {0xef, 0x51, 0x2e, 0x09, 0xed, 0x93, 0x9a, 0xc2,
+ 0x97, 0x79, 0xe5, 0x24, 0xb5};
+
+ /**
+- * omap_calculate_ecc_bch - Generate bytes of ECC bytes
++ * _omap_calculate_ecc_bch - Generate ECC bytes for one sector
+ * @mtd: MTD device structure
+ * @dat: The pointer to data on which ecc is computed
+ * @ecc_code: The ecc_code buffer
++ * @i: The sector number (for a multi sector page)
+ *
+- * Support calculating of BCH4/8 ecc vectors for the page
++ * Support calculating of BCH4/8/16 ECC vectors for one sector
++ * within a page. Sector number is in @i.
+ */
+-static int __maybe_unused omap_calculate_ecc_bch(struct mtd_info *mtd,
+- const u_char *dat, u_char *ecc_calc)
++static int _omap_calculate_ecc_bch(struct mtd_info *mtd,
++ const u_char *dat, u_char *ecc_calc, int i)
+ {
+ struct omap_nand_info *info = mtd_to_omap(mtd);
+ int eccbytes = info->nand.ecc.bytes;
+ struct gpmc_nand_regs *gpmc_regs = &info->reg;
+ u8 *ecc_code;
+- unsigned long nsectors, bch_val1, bch_val2, bch_val3, bch_val4;
++ unsigned long bch_val1, bch_val2, bch_val3, bch_val4;
+ u32 val;
+- int i, j;
++ int j;
++
++ ecc_code = ecc_calc;
++ switch (info->ecc_opt) {
++ case OMAP_ECC_BCH8_CODE_HW_DETECTION_SW:
++ case OMAP_ECC_BCH8_CODE_HW:
++ bch_val1 = readl(gpmc_regs->gpmc_bch_result0[i]);
++ bch_val2 = readl(gpmc_regs->gpmc_bch_result1[i]);
++ bch_val3 = readl(gpmc_regs->gpmc_bch_result2[i]);
++ bch_val4 = readl(gpmc_regs->gpmc_bch_result3[i]);
++ *ecc_code++ = (bch_val4 & 0xFF);
++ *ecc_code++ = ((bch_val3 >> 24) & 0xFF);
++ *ecc_code++ = ((bch_val3 >> 16) & 0xFF);
++ *ecc_code++ = ((bch_val3 >> 8) & 0xFF);
++ *ecc_code++ = (bch_val3 & 0xFF);
++ *ecc_code++ = ((bch_val2 >> 24) & 0xFF);
++ *ecc_code++ = ((bch_val2 >> 16) & 0xFF);
++ *ecc_code++ = ((bch_val2 >> 8) & 0xFF);
++ *ecc_code++ = (bch_val2 & 0xFF);
++ *ecc_code++ = ((bch_val1 >> 24) & 0xFF);
++ *ecc_code++ = ((bch_val1 >> 16) & 0xFF);
++ *ecc_code++ = ((bch_val1 >> 8) & 0xFF);
++ *ecc_code++ = (bch_val1 & 0xFF);
++ break;
++ case OMAP_ECC_BCH4_CODE_HW_DETECTION_SW:
++ case OMAP_ECC_BCH4_CODE_HW:
++ bch_val1 = readl(gpmc_regs->gpmc_bch_result0[i]);
++ bch_val2 = readl(gpmc_regs->gpmc_bch_result1[i]);
++ *ecc_code++ = ((bch_val2 >> 12) & 0xFF);
++ *ecc_code++ = ((bch_val2 >> 4) & 0xFF);
++ *ecc_code++ = ((bch_val2 & 0xF) << 4) |
++ ((bch_val1 >> 28) & 0xF);
++ *ecc_code++ = ((bch_val1 >> 20) & 0xFF);
++ *ecc_code++ = ((bch_val1 >> 12) & 0xFF);
++ *ecc_code++ = ((bch_val1 >> 4) & 0xFF);
++ *ecc_code++ = ((bch_val1 & 0xF) << 4);
++ break;
++ case OMAP_ECC_BCH16_CODE_HW:
++ val = readl(gpmc_regs->gpmc_bch_result6[i]);
++ ecc_code[0] = ((val >> 8) & 0xFF);
++ ecc_code[1] = ((val >> 0) & 0xFF);
++ val = readl(gpmc_regs->gpmc_bch_result5[i]);
++ ecc_code[2] = ((val >> 24) & 0xFF);
++ ecc_code[3] = ((val >> 16) & 0xFF);
++ ecc_code[4] = ((val >> 8) & 0xFF);
++ ecc_code[5] = ((val >> 0) & 0xFF);
++ val = readl(gpmc_regs->gpmc_bch_result4[i]);
++ ecc_code[6] = ((val >> 24) & 0xFF);
++ ecc_code[7] = ((val >> 16) & 0xFF);
++ ecc_code[8] = ((val >> 8) & 0xFF);
++ ecc_code[9] = ((val >> 0) & 0xFF);
++ val = readl(gpmc_regs->gpmc_bch_result3[i]);
++ ecc_code[10] = ((val >> 24) & 0xFF);
++ ecc_code[11] = ((val >> 16) & 0xFF);
++ ecc_code[12] = ((val >> 8) & 0xFF);
++ ecc_code[13] = ((val >> 0) & 0xFF);
++ val = readl(gpmc_regs->gpmc_bch_result2[i]);
++ ecc_code[14] = ((val >> 24) & 0xFF);
++ ecc_code[15] = ((val >> 16) & 0xFF);
++ ecc_code[16] = ((val >> 8) & 0xFF);
++ ecc_code[17] = ((val >> 0) & 0xFF);
++ val = readl(gpmc_regs->gpmc_bch_result1[i]);
++ ecc_code[18] = ((val >> 24) & 0xFF);
++ ecc_code[19] = ((val >> 16) & 0xFF);
++ ecc_code[20] = ((val >> 8) & 0xFF);
++ ecc_code[21] = ((val >> 0) & 0xFF);
++ val = readl(gpmc_regs->gpmc_bch_result0[i]);
++ ecc_code[22] = ((val >> 24) & 0xFF);
++ ecc_code[23] = ((val >> 16) & 0xFF);
++ ecc_code[24] = ((val >> 8) & 0xFF);
++ ecc_code[25] = ((val >> 0) & 0xFF);
++ break;
++ default:
++ return -EINVAL;
++ }
++
++ /* ECC scheme specific syndrome customizations */
++ switch (info->ecc_opt) {
++ case OMAP_ECC_BCH4_CODE_HW_DETECTION_SW:
++ /* Add constant polynomial to remainder, so that
++ * ECC of blank pages results in 0x0 on reading back
++ */
++ for (j = 0; j < eccbytes; j++)
++ ecc_calc[j] ^= bch4_polynomial[j];
++ break;
++ case OMAP_ECC_BCH4_CODE_HW:
++ /* Set 8th ECC byte as 0x0 for ROM compatibility */
++ ecc_calc[eccbytes - 1] = 0x0;
++ break;
++ case OMAP_ECC_BCH8_CODE_HW_DETECTION_SW:
++ /* Add constant polynomial to remainder, so that
++ * ECC of blank pages results in 0x0 on reading back
++ */
++ for (j = 0; j < eccbytes; j++)
++ ecc_calc[j] ^= bch8_polynomial[j];
++ break;
++ case OMAP_ECC_BCH8_CODE_HW:
++ /* Set 14th ECC byte as 0x0 for ROM compatibility */
++ ecc_calc[eccbytes - 1] = 0x0;
++ break;
++ case OMAP_ECC_BCH16_CODE_HW:
++ break;
++ default:
++ return -EINVAL;
++ }
++
++ return 0;
++}
++
++/**
++ * omap_calculate_ecc_bch_sw - ECC generator for sector for SW based correction
++ * @mtd: MTD device structure
++ * @dat: The pointer to data on which ecc is computed
++ * @ecc_code: The ecc_code buffer
++ *
++ * Support calculating of BCH4/8/16 ECC vectors for one sector. This is used
++ * when SW based correction is required as ECC is required for one sector
++ * at a time.
++ */
++static int omap_calculate_ecc_bch_sw(struct mtd_info *mtd,
++ const u_char *dat, u_char *ecc_calc)
++{
++ return _omap_calculate_ecc_bch(mtd, dat, ecc_calc, 0);
++}
++
++/**
++ * omap_calculate_ecc_bch_multi - Generate ECC for multiple sectors
++ * @mtd: MTD device structure
++ * @dat: The pointer to data on which ecc is computed
++ * @ecc_code: The ecc_code buffer
++ *
++ * Support calculating of BCH4/8/16 ecc vectors for the entire page in one go.
++ */
++static int omap_calculate_ecc_bch_multi(struct mtd_info *mtd,
++ const u_char *dat, u_char *ecc_calc)
++{
++ struct omap_nand_info *info = mtd_to_omap(mtd);
++ int eccbytes = info->nand.ecc.bytes;
++ unsigned long nsectors;
++ int i, ret;
+
+ nsectors = ((readl(info->reg.gpmc_ecc_config) >> 4) & 0x7) + 1;
+ for (i = 0; i < nsectors; i++) {
+- ecc_code = ecc_calc;
+- switch (info->ecc_opt) {
+- case OMAP_ECC_BCH8_CODE_HW_DETECTION_SW:
+- case OMAP_ECC_BCH8_CODE_HW:
+- bch_val1 = readl(gpmc_regs->gpmc_bch_result0[i]);
+- bch_val2 = readl(gpmc_regs->gpmc_bch_result1[i]);
+- bch_val3 = readl(gpmc_regs->gpmc_bch_result2[i]);
+- bch_val4 = readl(gpmc_regs->gpmc_bch_result3[i]);
+- *ecc_code++ = (bch_val4 & 0xFF);
+- *ecc_code++ = ((bch_val3 >> 24) & 0xFF);
+- *ecc_code++ = ((bch_val3 >> 16) & 0xFF);
+- *ecc_code++ = ((bch_val3 >> 8) & 0xFF);
+- *ecc_code++ = (bch_val3 & 0xFF);
+- *ecc_code++ = ((bch_val2 >> 24) & 0xFF);
+- *ecc_code++ = ((bch_val2 >> 16) & 0xFF);
+- *ecc_code++ = ((bch_val2 >> 8) & 0xFF);
+- *ecc_code++ = (bch_val2 & 0xFF);
+- *ecc_code++ = ((bch_val1 >> 24) & 0xFF);
+- *ecc_code++ = ((bch_val1 >> 16) & 0xFF);
+- *ecc_code++ = ((bch_val1 >> 8) & 0xFF);
+- *ecc_code++ = (bch_val1 & 0xFF);
+- break;
+- case OMAP_ECC_BCH4_CODE_HW_DETECTION_SW:
+- case OMAP_ECC_BCH4_CODE_HW:
+- bch_val1 = readl(gpmc_regs->gpmc_bch_result0[i]);
+- bch_val2 = readl(gpmc_regs->gpmc_bch_result1[i]);
+- *ecc_code++ = ((bch_val2 >> 12) & 0xFF);
+- *ecc_code++ = ((bch_val2 >> 4) & 0xFF);
+- *ecc_code++ = ((bch_val2 & 0xF) << 4) |
+- ((bch_val1 >> 28) & 0xF);
+- *ecc_code++ = ((bch_val1 >> 20) & 0xFF);
+- *ecc_code++ = ((bch_val1 >> 12) & 0xFF);
+- *ecc_code++ = ((bch_val1 >> 4) & 0xFF);
+- *ecc_code++ = ((bch_val1 & 0xF) << 4);
+- break;
+- case OMAP_ECC_BCH16_CODE_HW:
+- val = readl(gpmc_regs->gpmc_bch_result6[i]);
+- ecc_code[0] = ((val >> 8) & 0xFF);
+- ecc_code[1] = ((val >> 0) & 0xFF);
+- val = readl(gpmc_regs->gpmc_bch_result5[i]);
+- ecc_code[2] = ((val >> 24) & 0xFF);
+- ecc_code[3] = ((val >> 16) & 0xFF);
+- ecc_code[4] = ((val >> 8) & 0xFF);
+- ecc_code[5] = ((val >> 0) & 0xFF);
+- val = readl(gpmc_regs->gpmc_bch_result4[i]);
+- ecc_code[6] = ((val >> 24) & 0xFF);
+- ecc_code[7] = ((val >> 16) & 0xFF);
+- ecc_code[8] = ((val >> 8) & 0xFF);
+- ecc_code[9] = ((val >> 0) & 0xFF);
+- val = readl(gpmc_regs->gpmc_bch_result3[i]);
+- ecc_code[10] = ((val >> 24) & 0xFF);
+- ecc_code[11] = ((val >> 16) & 0xFF);
+- ecc_code[12] = ((val >> 8) & 0xFF);
+- ecc_code[13] = ((val >> 0) & 0xFF);
+- val = readl(gpmc_regs->gpmc_bch_result2[i]);
+- ecc_code[14] = ((val >> 24) & 0xFF);
+- ecc_code[15] = ((val >> 16) & 0xFF);
+- ecc_code[16] = ((val >> 8) & 0xFF);
+- ecc_code[17] = ((val >> 0) & 0xFF);
+- val = readl(gpmc_regs->gpmc_bch_result1[i]);
+- ecc_code[18] = ((val >> 24) & 0xFF);
+- ecc_code[19] = ((val >> 16) & 0xFF);
+- ecc_code[20] = ((val >> 8) & 0xFF);
+- ecc_code[21] = ((val >> 0) & 0xFF);
+- val = readl(gpmc_regs->gpmc_bch_result0[i]);
+- ecc_code[22] = ((val >> 24) & 0xFF);
+- ecc_code[23] = ((val >> 16) & 0xFF);
+- ecc_code[24] = ((val >> 8) & 0xFF);
+- ecc_code[25] = ((val >> 0) & 0xFF);
+- break;
+- default:
+- return -EINVAL;
+- }
++ ret = _omap_calculate_ecc_bch(mtd, dat, ecc_calc, i);
++ if (ret)
++ return ret;
+
+- /* ECC scheme specific syndrome customizations */
+- switch (info->ecc_opt) {
+- case OMAP_ECC_BCH4_CODE_HW_DETECTION_SW:
+- /* Add constant polynomial to remainder, so that
+- * ECC of blank pages results in 0x0 on reading back */
+- for (j = 0; j < eccbytes; j++)
+- ecc_calc[j] ^= bch4_polynomial[j];
+- break;
+- case OMAP_ECC_BCH4_CODE_HW:
+- /* Set 8th ECC byte as 0x0 for ROM compatibility */
+- ecc_calc[eccbytes - 1] = 0x0;
+- break;
+- case OMAP_ECC_BCH8_CODE_HW_DETECTION_SW:
+- /* Add constant polynomial to remainder, so that
+- * ECC of blank pages results in 0x0 on reading back */
+- for (j = 0; j < eccbytes; j++)
+- ecc_calc[j] ^= bch8_polynomial[j];
+- break;
+- case OMAP_ECC_BCH8_CODE_HW:
+- /* Set 14th ECC byte as 0x0 for ROM compatibility */
+- ecc_calc[eccbytes - 1] = 0x0;
+- break;
+- case OMAP_ECC_BCH16_CODE_HW:
+- break;
+- default:
+- return -EINVAL;
+- }
+-
+- ecc_calc += eccbytes;
++ ecc_calc += eccbytes;
+ }
+
+ return 0;
+@@ -1496,7 +1539,7 @@ static int omap_write_page_bch(struct mtd_info *mtd, struct nand_chip *chip,
+ chip->write_buf(mtd, buf, mtd->writesize);
+
+ /* Update ecc vector from GPMC result registers */
+- chip->ecc.calculate(mtd, buf, &ecc_calc[0]);
++ omap_calculate_ecc_bch_multi(mtd, buf, &ecc_calc[0]);
+
+ ret = mtd_ooblayout_set_eccbytes(mtd, ecc_calc, chip->oob_poi, 0,
+ chip->ecc.total);
+@@ -1508,6 +1551,72 @@ static int omap_write_page_bch(struct mtd_info *mtd, struct nand_chip *chip,
+ return 0;
+ }
+
++/**
++ * omap_write_subpage_bch - BCH hardware ECC based subpage write
++ * @mtd: mtd info structure
++ * @chip: nand chip info structure
++ * @offset: column address of subpage within the page
++ * @data_len: data length
++ * @buf: data buffer
++ * @oob_required: must write chip->oob_poi to OOB
++ * @page: page number to write
++ *
++ * OMAP optimized subpage write method.
++ */
++static int omap_write_subpage_bch(struct mtd_info *mtd,
++ struct nand_chip *chip, u32 offset,
++ u32 data_len, const u8 *buf,
++ int oob_required, int page)
++{
++ u8 *ecc_calc = chip->buffers->ecccalc;
++ int ecc_size = chip->ecc.size;
++ int ecc_bytes = chip->ecc.bytes;
++ int ecc_steps = chip->ecc.steps;
++ u32 start_step = offset / ecc_size;
++ u32 end_step = (offset + data_len - 1) / ecc_size;
++ int step, ret = 0;
++
++ /*
++ * Write entire page at one go as it would be optimal
++ * as ECC is calculated by hardware.
++ * ECC is calculated for all subpages but we choose
++ * only what we want.
++ */
++
++ /* Enable GPMC ECC engine */
++ chip->ecc.hwctl(mtd, NAND_ECC_WRITE);
++
++ /* Write data */
++ chip->write_buf(mtd, buf, mtd->writesize);
++
++ for (step = 0; step < ecc_steps; step++) {
++ /* mask ECC of un-touched subpages by padding 0xFF */
++ if (step < start_step || step > end_step)
++ memset(ecc_calc, 0xff, ecc_bytes);
++ else
++ ret = _omap_calculate_ecc_bch(mtd, buf, ecc_calc, step);
++
++ if (ret)
++ return ret;
++
++ buf += ecc_size;
++ ecc_calc += ecc_bytes;
++ }
++
++ /* copy calculated ECC for whole page to chip->buffer->oob */
++ /* this include masked-value(0xFF) for unwritten subpages */
++ ecc_calc = chip->buffers->ecccalc;
++ ret = mtd_ooblayout_set_eccbytes(mtd, ecc_calc, chip->oob_poi, 0,
++ chip->ecc.total);
++ if (ret)
++ return ret;
++
++ /* write OOB buffer to NAND device */
++ chip->write_buf(mtd, chip->oob_poi, mtd->oobsize);
++
++ return 0;
++}
++
+ /**
+ * omap_read_page_bch - BCH ecc based page read function for entire page
+ * @mtd: mtd info structure
+@@ -1544,7 +1653,7 @@ static int omap_read_page_bch(struct mtd_info *mtd, struct nand_chip *chip,
+ chip->ecc.total);
+
+ /* Calculate ecc bytes */
+- chip->ecc.calculate(mtd, buf, ecc_calc);
++ omap_calculate_ecc_bch_multi(mtd, buf, ecc_calc);
+
+ ret = mtd_ooblayout_get_eccbytes(mtd, ecc_code, chip->oob_poi, 0,
+ chip->ecc.total);
+@@ -2023,7 +2132,7 @@ static int omap_nand_probe(struct platform_device *pdev)
+ nand_chip->ecc.strength = 4;
+ nand_chip->ecc.hwctl = omap_enable_hwecc_bch;
+ nand_chip->ecc.correct = nand_bch_correct_data;
+- nand_chip->ecc.calculate = omap_calculate_ecc_bch;
++ nand_chip->ecc.calculate = omap_calculate_ecc_bch_sw;
+ mtd_set_ooblayout(mtd, &omap_sw_ooblayout_ops);
+ /* Reserve one byte for the OMAP marker */
+ oobbytes_per_step = nand_chip->ecc.bytes + 1;
+@@ -2045,9 +2154,9 @@ static int omap_nand_probe(struct platform_device *pdev)
+ nand_chip->ecc.strength = 4;
+ nand_chip->ecc.hwctl = omap_enable_hwecc_bch;
+ nand_chip->ecc.correct = omap_elm_correct_data;
+- nand_chip->ecc.calculate = omap_calculate_ecc_bch;
+ nand_chip->ecc.read_page = omap_read_page_bch;
+ nand_chip->ecc.write_page = omap_write_page_bch;
++ nand_chip->ecc.write_subpage = omap_write_subpage_bch;
+ mtd_set_ooblayout(mtd, &omap_ooblayout_ops);
+ oobbytes_per_step = nand_chip->ecc.bytes;
+
+@@ -2066,7 +2175,7 @@ static int omap_nand_probe(struct platform_device *pdev)
+ nand_chip->ecc.strength = 8;
+ nand_chip->ecc.hwctl = omap_enable_hwecc_bch;
+ nand_chip->ecc.correct = nand_bch_correct_data;
+- nand_chip->ecc.calculate = omap_calculate_ecc_bch;
++ nand_chip->ecc.calculate = omap_calculate_ecc_bch_sw;
+ mtd_set_ooblayout(mtd, &omap_sw_ooblayout_ops);
+ /* Reserve one byte for the OMAP marker */
+ oobbytes_per_step = nand_chip->ecc.bytes + 1;
+@@ -2088,9 +2197,9 @@ static int omap_nand_probe(struct platform_device *pdev)
+ nand_chip->ecc.strength = 8;
+ nand_chip->ecc.hwctl = omap_enable_hwecc_bch;
+ nand_chip->ecc.correct = omap_elm_correct_data;
+- nand_chip->ecc.calculate = omap_calculate_ecc_bch;
+ nand_chip->ecc.read_page = omap_read_page_bch;
+ nand_chip->ecc.write_page = omap_write_page_bch;
++ nand_chip->ecc.write_subpage = omap_write_subpage_bch;
+ mtd_set_ooblayout(mtd, &omap_ooblayout_ops);
+ oobbytes_per_step = nand_chip->ecc.bytes;
+
+@@ -2110,9 +2219,9 @@ static int omap_nand_probe(struct platform_device *pdev)
+ nand_chip->ecc.strength = 16;
+ nand_chip->ecc.hwctl = omap_enable_hwecc_bch;
+ nand_chip->ecc.correct = omap_elm_correct_data;
+- nand_chip->ecc.calculate = omap_calculate_ecc_bch;
+ nand_chip->ecc.read_page = omap_read_page_bch;
+ nand_chip->ecc.write_page = omap_write_page_bch;
++ nand_chip->ecc.write_subpage = omap_write_subpage_bch;
+ mtd_set_ooblayout(mtd, &omap_ooblayout_ops);
+ oobbytes_per_step = nand_chip->ecc.bytes;
+
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-pxa3xx-Fix-READOOB-implementation.patch b/patches.drivers/mtd-nand-pxa3xx-Fix-READOOB-implementation.patch
new file mode 100644
index 0000000000..e9b993e42f
--- /dev/null
+++ b/patches.drivers/mtd-nand-pxa3xx-Fix-READOOB-implementation.patch
@@ -0,0 +1,56 @@
+From fee4380f368e84ed216b62ccd2fbc4126f2bf40b Mon Sep 17 00:00:00 2001
+From: Boris Brezillon <boris.brezillon@free-electrons.com>
+Date: Mon, 18 Dec 2017 11:32:45 +0100
+Subject: [PATCH] mtd: nand: pxa3xx: Fix READOOB implementation
+Mime-version: 1.0
+Content-type: text/plain; charset=UTF-8
+Content-transfer-encoding: 8bit
+Git-commit: fee4380f368e84ed216b62ccd2fbc4126f2bf40b
+Patch-mainline: v4.15-rc7
+References: bsc#1051510
+
+In the current driver, OOB bytes are accessed in raw mode, and when a
+page access is done with NDCR_SPARE_EN set and NDCR_ECC_EN cleared, the
+driver must read the whole spare area (64 bytes in case of a 2k page,
+16 bytes for a 512 page). The driver was only reading the free OOB
+bytes, which was leaving some unread data in the FIFO and was somehow
+leading to a timeout.
+
+We could patch the driver to read ->spare_size + ->ecc_size instead of
+just ->spare_size when READOOB is requested, but we'd better make
+in-band and OOB accesses consistent.
+Since the driver is always accessing in-band data in non-raw mode (with
+the ECC engine enabled), we should also access OOB data in this mode.
+That's particularly useful when using the BCH engine because in this
+mode the free OOB bytes are also ECC protected.
+
+Fixes: 43bcfd2bb24a ("mtd: nand: pxa3xx: Add driver-specific ECC BCH support")
+Cc: stable@vger.kernel.org
+Reported-by: Sean Nyekjær <sean.nyekjaer@prevas.dk>
+Tested-by: Willy Tarreau <w@1wt.eu>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
+Tested-by: Sean Nyekjaer <sean.nyekjaer@prevas.dk>
+Acked-by: Robert Jarzmik <robert.jarzmik@free.fr>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/pxa3xx_nand.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c
+index 90b9a9ccbe60..9285f60e5783 100644
+--- a/drivers/mtd/nand/pxa3xx_nand.c
++++ b/drivers/mtd/nand/pxa3xx_nand.c
+@@ -963,6 +963,7 @@ static void prepare_start_command(struct pxa3xx_nand_info *info, int command)
+
+ switch (command) {
+ case NAND_CMD_READ0:
++ case NAND_CMD_READOOB:
+ case NAND_CMD_PAGEPROG:
+ info->use_ecc = 1;
+ break;
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch b/patches.drivers/mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
new file mode 100644
index 0000000000..cbfde98c79
--- /dev/null
+++ b/patches.drivers/mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
@@ -0,0 +1,36 @@
+From 069f05346d01e7298939f16533953cdf52370be3 Mon Sep 17 00:00:00 2001
+From: Fabio Estevam <fabio.estevam@nxp.com>
+Date: Fri, 5 Jan 2018 18:02:55 -0200
+Subject: [PATCH] mtd: nand: qcom: Add a NULL check for devm_kasprintf()
+Git-commit: 069f05346d01e7298939f16533953cdf52370be3
+Patch-mainline: v4.16-rc1
+References: bsc#1051510
+
+devm_kasprintf() may fail, so we should better add a NULL check
+and propagate an error on failure.
+
+Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/qcom_nandc.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/mtd/nand/qcom_nandc.c b/drivers/mtd/nand/qcom_nandc.c
+index 245d0f39e0aa..6be555806eca 100644
+--- a/drivers/mtd/nand/qcom_nandc.c
++++ b/drivers/mtd/nand/qcom_nandc.c
+@@ -2639,6 +2639,9 @@ static int qcom_nand_host_init(struct qcom_nand_controller *nandc,
+
+ nand_set_flash_node(chip, dn);
+ mtd->name = devm_kasprintf(dev, GFP_KERNEL, "qcom_nand.%d", host->cs);
++ if (!mtd->name)
++ return -ENOMEM;
++
+ mtd->owner = THIS_MODULE;
+ mtd->dev.parent = dev;
+
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-sunxi-Fix-ECC-strength-choice.patch b/patches.drivers/mtd-nand-sunxi-Fix-ECC-strength-choice.patch
new file mode 100644
index 0000000000..45c4b190d9
--- /dev/null
+++ b/patches.drivers/mtd-nand-sunxi-Fix-ECC-strength-choice.patch
@@ -0,0 +1,52 @@
+From f4c6cd1a7f2275d5bc0e494b21fff26f8dde80f0 Mon Sep 17 00:00:00 2001
+From: Miquel Raynal <miquel.raynal@free-electrons.com>
+Date: Wed, 24 Jan 2018 23:49:31 +0100
+Subject: [PATCH] mtd: nand: sunxi: Fix ECC strength choice
+Git-commit: f4c6cd1a7f2275d5bc0e494b21fff26f8dde80f0
+Patch-mainline: v4.16-rc1
+References: bsc#1051510
+
+When the requested ECC strength does not exactly match the strengths
+supported by the ECC engine, the driver is selecting the closest
+strength meeting the 'selected_strength > requested_strength'
+constraint. Fix the fact that, in this particular case, ecc->strength
+value was not updated to match the 'selected_strength'.
+
+For instance, one can encounter this issue when no ECC requirement is
+filled in the device tree while the NAND chip minimum requirement is not
+a strength/step_size combo natively supported by the ECC engine.
+
+Fixes: 1fef62c1423b ("mtd: nand: add sunxi NAND flash controller support")
+Cc: <stable@vger.kernel.org>
+Suggested-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Signed-off-by: Miquel Raynal <miquel.raynal@free-electrons.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/sunxi_nand.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/mtd/nand/sunxi_nand.c b/drivers/mtd/nand/sunxi_nand.c
+index 2275fbedfb2a..f5a55c63935c 100644
+--- a/drivers/mtd/nand/sunxi_nand.c
++++ b/drivers/mtd/nand/sunxi_nand.c
+@@ -1858,8 +1858,14 @@ static int sunxi_nand_hw_common_ecc_ctrl_init(struct mtd_info *mtd,
+
+ /* Add ECC info retrieval from DT */
+ for (i = 0; i < ARRAY_SIZE(strengths); i++) {
+- if (ecc->strength <= strengths[i])
++ if (ecc->strength <= strengths[i]) {
++ /*
++ * Update ecc->strength value with the actual strength
++ * that will be used by the ECC engine.
++ */
++ ecc->strength = strengths[i];
+ break;
++ }
+ }
+
+ if (i >= ARRAY_SIZE(strengths)) {
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-sunxi-fix-potential-divide-by-zero-error.patch b/patches.drivers/mtd-nand-sunxi-fix-potential-divide-by-zero-error.patch
new file mode 100644
index 0000000000..0b43f8c7b4
--- /dev/null
+++ b/patches.drivers/mtd-nand-sunxi-fix-potential-divide-by-zero-error.patch
@@ -0,0 +1,41 @@
+From 791eccd94965a8029ae09c5530bcb9a76794e408 Mon Sep 17 00:00:00 2001
+From: Bryan O'Donoghue <pure.logic@nexus-software.ie>
+Date: Fri, 28 Jul 2017 14:22:57 +0100
+Subject: [PATCH] mtd: nand: sunxi: fix potential divide-by-zero error
+Git-commit: 791eccd94965a8029ae09c5530bcb9a76794e408
+Patch-mainline: v4.13-rc5
+References: bsc#1051510
+
+clk_round_rate() can return <= 0. Currently the value returned by
+clk_round_rate() is used directly for a division. This patch introduces a
+guard to ensure a divide-by-zero or a divide by a negative number for that
+matter can't happen by bugging out returning -EINVAL if clk_round_rate()
+returns <= 0.
+
+Fixes: 2d43457f79e4 ("mtd: nand: sunxi: fix EDO mode selection")
+Signed-off-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
+Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/sunxi_nand.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/mtd/nand/sunxi_nand.c b/drivers/mtd/nand/sunxi_nand.c
+index d0b6f8f9f297..6abd142b1324 100644
+--- a/drivers/mtd/nand/sunxi_nand.c
++++ b/drivers/mtd/nand/sunxi_nand.c
+@@ -1728,6 +1728,10 @@ static int sunxi_nfc_setup_data_interface(struct mtd_info *mtd, int csline,
+ */
+ chip->clk_rate = NSEC_PER_SEC / min_clk_period;
+ real_clk_rate = clk_round_rate(nfc->mod_clk, chip->clk_rate);
++ if (real_clk_rate <= 0) {
++ dev_err(nfc->dev, "Unable to round clk %lu\n", chip->clk_rate);
++ return -EINVAL;
++ }
+
+ /*
+ * ONFI specification 3.1, paragraph 4.15.2 dictates that EDO data
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nand-vf610-set-correct-ooblayout.patch b/patches.drivers/mtd-nand-vf610-set-correct-ooblayout.patch
new file mode 100644
index 0000000000..01a8b84a2a
--- /dev/null
+++ b/patches.drivers/mtd-nand-vf610-set-correct-ooblayout.patch
@@ -0,0 +1,46 @@
+From ea56fb282368ea08c2a313af6b55cb597aec4db1 Mon Sep 17 00:00:00 2001
+From: Stefan Agner <stefan@agner.ch>
+Date: Fri, 9 Feb 2018 13:21:42 +0100
+Subject: [PATCH] mtd: nand: vf610: set correct ooblayout
+Git-commit: ea56fb282368ea08c2a313af6b55cb597aec4db1
+Patch-mainline: v4.16-rc2
+References: bsc#1051510
+
+With commit 3cf32d180227 ("mtd: nand: vf610: switch to
+mtd_ooblayout_ops") the driver started to use the NAND cores
+default large page ooblayout. However, shortly after commit
+6a623e076944 ("mtd: nand: add ooblayout for old hamming layout")
+changed the default layout to the old hamming layout, which is
+not what vf610_nfc is using. Specify the default large page
+layout explicitly.
+
+Fixes: 6a623e076944 ("mtd: nand: add ooblayout for old hamming layout")
+Cc: <stable@vger.kernel.org> # v4.12+
+Signed-off-by: Stefan Agner <stefan@agner.ch>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/vf610_nfc.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/mtd/nand/vf610_nfc.c b/drivers/mtd/nand/vf610_nfc.c
+index 80d31a58e558..f367144f3c6f 100644
+--- a/drivers/mtd/nand/vf610_nfc.c
++++ b/drivers/mtd/nand/vf610_nfc.c
+@@ -752,10 +752,8 @@ static int vf610_nfc_probe(struct platform_device *pdev)
+ if (mtd->oobsize > 64)
+ mtd->oobsize = 64;
+
+- /*
+- * mtd->ecclayout is not specified here because we're using the
+- * default large page ECC layout defined in NAND core.
+- */
++ /* Use default large page ECC layout defined in NAND core */
++ mtd_set_ooblayout(mtd, &nand_ooblayout_lp_ops);
+ if (chip->ecc.strength == 32) {
+ nfc->ecc_mode = ECC_60_BYTE;
+ chip->ecc.bytes = 60;
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-nandsim-remove-debugfs-entries-in-error-path.patch b/patches.drivers/mtd-nandsim-remove-debugfs-entries-in-error-path.patch
new file mode 100644
index 0000000000..38c5ec69ca
--- /dev/null
+++ b/patches.drivers/mtd-nandsim-remove-debugfs-entries-in-error-path.patch
@@ -0,0 +1,42 @@
+From b974696da1cfc5aa0c29ed97dc8f6c239899e64b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <u.kleine-koenig@pengutronix.de>
+Date: Wed, 23 Aug 2017 09:03:04 +0200
+Subject: [PATCH] mtd: nandsim: remove debugfs entries in error path
+Mime-version: 1.0
+Content-type: text/plain; charset=UTF-8
+Content-transfer-encoding: 8bit
+Git-commit: b974696da1cfc5aa0c29ed97dc8f6c239899e64b
+Patch-mainline: v4.13-rc7
+References: bsc#1051510
+
+The debugfs entries must be removed before an error is returned in the
+probe function. Otherwise another try to load the module fails and when
+the debugfs files are accessed without the module loaded, the kernel
+still tries to call a function in that module.
+
+Fixes: 5346c27c5fed ("mtd: nandsim: Introduce debugfs infrastructure")
+Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
+Reviewed-by: Richard Weinberger <richard@nod.at>
+Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
+Signed-off-by: Brian Norris <computersforpeace@gmail.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/nand/nandsim.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/mtd/nand/nandsim.c b/drivers/mtd/nand/nandsim.c
+index 03a0d057bf2f..e4211c3cc49b 100644
+--- a/drivers/mtd/nand/nandsim.c
++++ b/drivers/mtd/nand/nandsim.c
+@@ -2373,6 +2373,7 @@ static int __init ns_init_module(void)
+ return 0;
+
+ err_exit:
++ nandsim_debugfs_remove(nand);
+ free_nandsim(nand);
+ nand_release(nsmtd);
+ for (i = 0;i < ARRAY_SIZE(nand->partitions); ++i)
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-spi-nor-Fix-Cadence-QSPI-page-fault-kernel-panic.patch b/patches.drivers/mtd-spi-nor-Fix-Cadence-QSPI-page-fault-kernel-panic.patch
new file mode 100644
index 0000000000..412cc891b6
--- /dev/null
+++ b/patches.drivers/mtd-spi-nor-Fix-Cadence-QSPI-page-fault-kernel-panic.patch
@@ -0,0 +1,73 @@
+From a6a66f80c85e8e20573ca03fabf32445954a88d5 Mon Sep 17 00:00:00 2001
+From: Thor Thayer <thor.thayer@linux.intel.com>
+Date: Fri, 16 Nov 2018 08:25:49 -0600
+Subject: [PATCH] mtd: spi-nor: Fix Cadence QSPI page fault kernel panic
+Git-commit: a6a66f80c85e8e20573ca03fabf32445954a88d5
+Patch-mainline: v4.20-rc4
+References: bsc#1051510
+
+The current Cadence QSPI driver caused a kernel panic sporadically
+when writing to QSPI. The problem was caused by writing more bytes
+than needed because the QSPI operated on 4 bytes at a time.
+<snip>
+[ 11.202044] Unable to handle kernel paging request at virtual address bffd3000
+[ 11.209254] pgd = e463054d
+[ 11.211948] [bffd3000] *pgd=2fffb811, *pte=00000000, *ppte=00000000
+[ 11.218202] Internal error: Oops: 7 [#1] SMP ARM
+[ 11.222797] Modules linked in:
+[ 11.225844] CPU: 1 PID: 1317 Comm: systemd-hwdb Not tainted 4.17.7-d0c45cd44a8f
+[ 11.235796] Hardware name: Altera SOCFPGA Arria10
+[ 11.240487] PC is at __raw_writesl+0x70/0xd4
+[ 11.244741] LR is at cqspi_write+0x1a0/0x2cc
+</snip>
+On a page boundary limit the number of bytes copied from the tx buffer
+to remain within the page.
+
+This patch uses a temporary buffer to hold the 4 bytes to write and then
+copies only the bytes required from the tx buffer.
+
+Reported-by: Adrian Amborzewicz <adrian.ambrozewicz@intel.com>
+Signed-off-by: Thor Thayer <thor.thayer@linux.intel.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/spi-nor/cadence-quadspi.c | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+--- a/drivers/mtd/spi-nor/cadence-quadspi.c
++++ b/drivers/mtd/spi-nor/cadence-quadspi.c
+@@ -625,9 +625,23 @@ static int cqspi_indirect_write_execute(
+ reg_base + CQSPI_REG_INDIRECTWR);
+
+ while (remaining > 0) {
++ size_t write_words, mod_bytes;
++
+ write_bytes = remaining > page_size ? page_size : remaining;
+- iowrite32_rep(cqspi->ahb_base, txbuf,
+- DIV_ROUND_UP(write_bytes, 4));
++ write_words = write_bytes / 4;
++ mod_bytes = write_bytes % 4;
++ /* Write 4 bytes at a time then single bytes. */
++ if (write_words) {
++ iowrite32_rep(cqspi->ahb_base, txbuf, write_words);
++ txbuf += (write_words * 4);
++ }
++ if (mod_bytes) {
++ unsigned int temp = 0xFFFFFFFF;
++
++ memcpy(&temp, txbuf, mod_bytes);
++ iowrite32(temp, cqspi->ahb_base);
++ txbuf += mod_bytes;
++ }
+
+ ret = wait_for_completion_timeout(&cqspi->transfer_complete,
+ msecs_to_jiffies
+@@ -638,7 +652,6 @@ static int cqspi_indirect_write_execute(
+ goto failwr;
+ }
+
+- txbuf += write_bytes;
+ remaining -= write_bytes;
+
+ if (remaining > 0)
diff --git a/patches.drivers/mtd-spi-nor-cadence-quadspi-Fix-page-fault-kernel-pa.patch b/patches.drivers/mtd-spi-nor-cadence-quadspi-Fix-page-fault-kernel-pa.patch
new file mode 100644
index 0000000000..fe8229d661
--- /dev/null
+++ b/patches.drivers/mtd-spi-nor-cadence-quadspi-Fix-page-fault-kernel-pa.patch
@@ -0,0 +1,80 @@
+From 47016b341fc3b3fd4909e058c6fa38f165b53646 Mon Sep 17 00:00:00 2001
+From: Thor Thayer <thor.thayer@linux.intel.com>
+Date: Mon, 23 Apr 2018 12:45:11 -0500
+Subject: [PATCH] mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic
+Git-commit: 47016b341fc3b3fd4909e058c6fa38f165b53646
+Patch-mainline: v4.17-rc3
+References: bsc#1051510
+
+The current Cadence QSPI driver caused a kernel panic when loading
+a Root Filesystem from QSPI. The problem was caused by reading more
+bytes than needed because the QSPI operated on 4 bytes at a time.
+<snip>
+[ 7.947754] spi_nor_read[1048]:from 0x037cad74, len 1 [bfe07fff]
+[ 7.956247] cqspi_read[910]:offset 0x58502516, buffer=bfe07fff
+[ 7.956247]
+[ 7.966046] Unable to handle kernel paging request at virtual
+address bfe08002
+[ 7.973239] pgd = eebfc000
+[ 7.975931] [bfe08002] *pgd=2fffb811, *pte=00000000, *ppte=00000000
+</snip>
+Notice above how only 1 byte needed to be read but by reading 4 bytes
+into the end of a mapped page, an unrecoverable page fault occurred.
+
+This patch uses a temporary buffer to hold the 4 bytes read and then
+copies only the bytes required into the buffer. A min() function is
+used to limit the length to prevent buffer overflows.
+
+Request testing of this patch on other platforms. This was tested
+on the Intel Arria10 SoCFPGA DevKit.
+
+Fixes: 0cf1725676a97fc8 ("mtd: spi-nor: cqspi: Fix build on arches missing readsl/writesl")
+Signed-off-by: Thor Thayer <thor.thayer@linux.intel.com>
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Marek Vasut <marek.vasut@gmail.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/spi-nor/cadence-quadspi.c | 19 +++++++++++++++++--
+ 1 file changed, 17 insertions(+), 2 deletions(-)
+
+--- a/drivers/mtd/spi-nor/cadence-quadspi.c
++++ b/drivers/mtd/spi-nor/cadence-quadspi.c
+@@ -495,7 +495,9 @@ static int cqspi_indirect_read_execute(s
+ void __iomem *reg_base = cqspi->iobase;
+ void __iomem *ahb_base = cqspi->ahb_base;
+ unsigned int remaining = n_rx;
++ unsigned int mod_bytes = n_rx % 4;
+ unsigned int bytes_to_read = 0;
++ u8 *rxbuf_end = rxbuf + n_rx;
+ int ret = 0;
+
+ writel(remaining, reg_base + CQSPI_REG_INDIRECTRDBYTES);
+@@ -523,11 +525,24 @@ static int cqspi_indirect_read_execute(s
+ }
+
+ while (bytes_to_read != 0) {
++ unsigned int word_remain = round_down(remaining, 4);
++
+ bytes_to_read *= cqspi->fifo_width;
+ bytes_to_read = bytes_to_read > remaining ?
+ remaining : bytes_to_read;
+- ioread32_rep(ahb_base, rxbuf,
+- DIV_ROUND_UP(bytes_to_read, 4));
++ bytes_to_read = round_down(bytes_to_read, 4);
++ /* Read 4 byte word chunks then single bytes */
++ if (bytes_to_read) {
++ ioread32_rep(ahb_base, rxbuf,
++ (bytes_to_read / 4));
++ } else if (!word_remain && mod_bytes) {
++ unsigned int temp = ioread32(ahb_base);
++
++ bytes_to_read = mod_bytes;
++ memcpy(rxbuf, &temp, min((unsigned int)
++ (rxbuf_end - rxbuf),
++ bytes_to_read));
++ }
+ rxbuf += bytes_to_read;
+ remaining -= bytes_to_read;
+ bytes_to_read = cqspi_get_rd_sram_level(cqspi);
diff --git a/patches.drivers/mtd-spi-nor-fsl-quadspi-fix-read-error-for-flash-siz.patch b/patches.drivers/mtd-spi-nor-fsl-quadspi-fix-read-error-for-flash-siz.patch
new file mode 100644
index 0000000000..2f7efcf77d
--- /dev/null
+++ b/patches.drivers/mtd-spi-nor-fsl-quadspi-fix-read-error-for-flash-siz.patch
@@ -0,0 +1,38 @@
+From 41fe242979e463d6ad251077ded01b825a330b7e Mon Sep 17 00:00:00 2001
+From: Liu Xiang <liu.xiang6@zte.com.cn>
+Date: Tue, 28 Aug 2018 22:32:57 +0800
+Subject: [PATCH] mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB
+Git-commit: 41fe242979e463d6ad251077ded01b825a330b7e
+Patch-mainline: v4.20-rc1
+References: bsc#1051510
+
+If the size of spi-nor flash is larger than 16MB, the read_opcode
+is set to SPINOR_OP_READ_1_1_4_4B, and fsl_qspi_get_seqid() will
+return -EINVAL when cmd is SPINOR_OP_READ_1_1_4_4B. This can
+cause read operation fail.
+
+Fixes: e46ecda764dc ("mtd: spi-nor: Add Freescale QuadSPI driver")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Liu Xiang <liu.xiang6@zte.com.cn>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/spi-nor/fsl-quadspi.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/mtd/spi-nor/fsl-quadspi.c b/drivers/mtd/spi-nor/fsl-quadspi.c
+index d1ace310e7c1..1ff3430f82c8 100644
+--- a/drivers/mtd/spi-nor/fsl-quadspi.c
++++ b/drivers/mtd/spi-nor/fsl-quadspi.c
+@@ -478,6 +478,7 @@ static int fsl_qspi_get_seqid(struct fsl_qspi *q, u8 cmd)
+ {
+ switch (cmd) {
+ case SPINOR_OP_READ_1_1_4:
++ case SPINOR_OP_READ_1_1_4_4B:
+ return SEQID_READ;
+ case SPINOR_OP_WREN:
+ return SEQID_WREN;
+--
+2.16.4
+
diff --git a/patches.drivers/mtd-spi-nor-stm32-quadspi-Fix-uninitialized-error-re.patch b/patches.drivers/mtd-spi-nor-stm32-quadspi-Fix-uninitialized-error-re.patch
new file mode 100644
index 0000000000..9f01071a00
--- /dev/null
+++ b/patches.drivers/mtd-spi-nor-stm32-quadspi-Fix-uninitialized-error-re.patch
@@ -0,0 +1,58 @@
+From 05521bd3d117704a1458eb4d0c3ae821858658f2 Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert@linux-m68k.org>
+Date: Thu, 26 Oct 2017 17:12:33 +0200
+Subject: [PATCH] mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code
+Mime-version: 1.0
+Content-type: text/plain; charset=UTF-8
+Content-transfer-encoding: 8bit
+Git-commit: 05521bd3d117704a1458eb4d0c3ae821858658f2
+Patch-mainline: v4.15-rc1
+References: bsc#1051510
+
+With gcc 4.1.2:
+
+ drivers/mtd/spi-nor/stm32-quadspi.c: In function ‘stm32_qspi_tx_poll’:
+ drivers/mtd/spi-nor/stm32-quadspi.c:230: warning: ‘ret’ may be used uninitialized in this function
+
+Indeed, if stm32_qspi_cmd.len is zero, ret will be uninitialized.
+This length is passed from outside the driver using the
+spi_nor.{read,write}{,_reg}() callbacks.
+
+Several functions in drivers/mtd/spi-nor/spi-nor.c (e.g. write_enable(),
+write_disable(), and erase_chip()) call spi_nor.write_reg() with a zero
+length.
+
+Fix this by returning an explicit zero on success.
+
+Fixes: 0d43d7ab277a048c ("mtd: spi-nor: add driver for STM32 quad spi flash controller")
+Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Acked-by: Ludovic Barre <ludovic.barre@st.com>
+Signed-off-by: Cyrille Pitchen <cyrille.pitchen@wedev4u.fr>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/spi-nor/stm32-quadspi.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/mtd/spi-nor/stm32-quadspi.c b/drivers/mtd/spi-nor/stm32-quadspi.c
+index 86c0931543c5..ad6a3e1844cb 100644
+--- a/drivers/mtd/spi-nor/stm32-quadspi.c
++++ b/drivers/mtd/spi-nor/stm32-quadspi.c
+@@ -240,12 +240,12 @@ static int stm32_qspi_tx_poll(struct stm32_qspi *qspi,
+ STM32_QSPI_FIFO_TIMEOUT_US);
+ if (ret) {
+ dev_err(qspi->dev, "fifo timeout (stat:%#x)\n", sr);
+- break;
++ return ret;
+ }
+ tx_fifo(buf++, qspi->io_base + QUADSPI_DR);
+ }
+
+- return ret;
++ return 0;
+ }
+
+ static int stm32_qspi_tx_mm(struct stm32_qspi *qspi,
+--
+2.16.4
+
diff --git a/patches.drivers/mtdchar-fix-overflows-in-adjustment-of-count.patch b/patches.drivers/mtdchar-fix-overflows-in-adjustment-of-count.patch
new file mode 100644
index 0000000000..b940bab23a
--- /dev/null
+++ b/patches.drivers/mtdchar-fix-overflows-in-adjustment-of-count.patch
@@ -0,0 +1,57 @@
+From 6c6bc9ea84d0008024606bf5ba10519e20d851bf Mon Sep 17 00:00:00 2001
+From: Jann Horn <jannh@google.com>
+Date: Sat, 7 Jul 2018 05:37:22 +0200
+Subject: [PATCH] mtdchar: fix overflows in adjustment of `count`
+Git-commit: 6c6bc9ea84d0008024606bf5ba10519e20d851bf
+Patch-mainline: v4.19-rc1
+References: bsc#1051510
+
+The first checks in mtdchar_read() and mtdchar_write() attempt to limit
+`count` such that `*ppos + count <= mtd->size`. However, they ignore the
+possibility of `*ppos > mtd->size`, allowing the calculation of `count` to
+wrap around. `mtdchar_lseek()` prevents seeking beyond mtd->size, but the
+pread/pwrite syscalls bypass this.
+
+I haven't found any codepath on which this actually causes dangerous
+behavior, but it seems like a sensible change anyway.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Jann Horn <jannh@google.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/mtdchar.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
+index cd67c85cc87d..02389528f622 100644
+--- a/drivers/mtd/mtdchar.c
++++ b/drivers/mtd/mtdchar.c
+@@ -160,8 +160,12 @@ static ssize_t mtdchar_read(struct file *file, char __user *buf, size_t count,
+
+ pr_debug("MTD_read\n");
+
+- if (*ppos + count > mtd->size)
+- count = mtd->size - *ppos;
++ if (*ppos + count > mtd->size) {
++ if (*ppos < mtd->size)
++ count = mtd->size - *ppos;
++ else
++ count = 0;
++ }
+
+ if (!count)
+ return 0;
+@@ -246,7 +250,7 @@ static ssize_t mtdchar_write(struct file *file, const char __user *buf, size_t c
+
+ pr_debug("MTD_write\n");
+
+- if (*ppos == mtd->size)
++ if (*ppos >= mtd->size)
+ return -ENOSPC;
+
+ if (*ppos + count > mtd->size)
+--
+2.16.4
+
diff --git a/patches.drivers/mtdchar-fix-usage-of-mtd_ooblayout_ecc.patch b/patches.drivers/mtdchar-fix-usage-of-mtd_ooblayout_ecc.patch
new file mode 100644
index 0000000000..f0694d1d63
--- /dev/null
+++ b/patches.drivers/mtdchar-fix-usage-of-mtd_ooblayout_ecc.patch
@@ -0,0 +1,48 @@
+From 6de564939e14327148e31ddcf769e34105176447 Mon Sep 17 00:00:00 2001
+From: OuYang ZhiZhong <ouyzz@yealink.com>
+Date: Sun, 11 Mar 2018 15:59:07 +0800
+Subject: [PATCH] mtdchar: fix usage of mtd_ooblayout_ecc()
+Git-commit: 6de564939e14327148e31ddcf769e34105176447
+Patch-mainline: v4.16-rc7
+References: bsc#1051510
+
+Section was not properly computed. The value of OOB region definition is
+always ECC section 0 information in the OOB area, but we want to get all
+the ECC bytes information, so we should call
+mtd_ooblayout_ecc(mtd, section++, &oobregion) until it returns -ERANGE.
+
+Fixes: c2b78452a9db ("mtd: use mtd_ooblayout_xxx() helpers where appropriate")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: OuYang ZhiZhong <ouyzz@yealink.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/mtd/mtdchar.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c
+index de8c902059b8..7d80a8bb96fe 100644
+--- a/drivers/mtd/mtdchar.c
++++ b/drivers/mtd/mtdchar.c
+@@ -479,7 +479,7 @@ static int shrink_ecclayout(struct mtd_info *mtd,
+ for (i = 0; i < MTD_MAX_ECCPOS_ENTRIES;) {
+ u32 eccpos;
+
+- ret = mtd_ooblayout_ecc(mtd, section, &oobregion);
++ ret = mtd_ooblayout_ecc(mtd, section++, &oobregion);
+ if (ret < 0) {
+ if (ret != -ERANGE)
+ return ret;
+@@ -526,7 +526,7 @@ static int get_oobinfo(struct mtd_info *mtd, struct nand_oobinfo *to)
+ for (i = 0; i < ARRAY_SIZE(to->eccpos);) {
+ u32 eccpos;
+
+- ret = mtd_ooblayout_ecc(mtd, section, &oobregion);
++ ret = mtd_ooblayout_ecc(mtd, section++, &oobregion);
+ if (ret < 0) {
+ if (ret != -ERANGE)
+ return ret;
+--
+2.16.4
+
diff --git a/patches.drivers/net-aquantia-Fix-hardware-DMA-stream-overload-on-lar.patch b/patches.drivers/net-aquantia-Fix-hardware-DMA-stream-overload-on-lar.patch
new file mode 100644
index 0000000000..377a97b890
--- /dev/null
+++ b/patches.drivers/net-aquantia-Fix-hardware-DMA-stream-overload-on-lar.patch
@@ -0,0 +1,83 @@
+From 1e366161510f266516107a69db91f1f2edaea11c Mon Sep 17 00:00:00 2001
+From: Igor Russkikh <igor.russkikh@aquantia.com>
+Date: Thu, 14 Dec 2017 12:34:41 +0300
+Subject: [PATCH] net: aquantia: Fix hardware DMA stream overload on large MRRS
+Git-commit: 1e366161510f266516107a69db91f1f2edaea11c
+Patch-mainline: v4.15-rc4
+References: bsc#1051510
+
+Systems with large MRRS on device (2K, 4K) with high data rates and/or
+large MTU, atlantic observes DMA packet buffer overflow. On some systems
+that causes PCIe transaction errors, hardware NMIs or datapath freeze.
+This patch
+1) Limits MRRS from device side to 2K (thats maximum our hardware supports)
+2) Limit maximum size of outstanding TX DMA data read requests. This makes
+hardware buffers running fine.
+
+Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
+Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c | 12 ++++++++++
+ drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_llh_internal.h | 6 +++++
+ 2 files changed, 18 insertions(+)
+
+--- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c
++++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_b0.c
+@@ -16,6 +16,7 @@
+ #include "hw_atl_utils.h"
+ #include "hw_atl_llh.h"
+ #include "hw_atl_b0_internal.h"
++#include "hw_atl_llh_internal.h"
+
+ static int hw_atl_b0_get_hw_caps(struct aq_hw_s *self,
+ struct aq_hw_caps_s *aq_hw_caps)
+@@ -357,6 +358,7 @@ static int hw_atl_b0_hw_init(struct aq_h
+ };
+
+ int err = 0;
++ u32 val;
+
+ self->aq_nic_cfg = aq_nic_cfg;
+
+@@ -374,6 +376,16 @@ static int hw_atl_b0_hw_init(struct aq_h
+ hw_atl_b0_hw_rss_set(self, &aq_nic_cfg->aq_rss);
+ hw_atl_b0_hw_rss_hash_set(self, &aq_nic_cfg->aq_rss);
+
++ /* Force limit MRRS on RDM/TDM to 2K */
++ val = aq_hw_read_reg(self, pci_reg_control6_adr);
++ aq_hw_write_reg(self, pci_reg_control6_adr, (val & ~0x707) | 0x404);
++
++ /* TX DMA total request limit. B0 hardware is not capable to
++ * handle more than (8K-MRRS) incoming DMA data.
++ * Value 24 in 256byte units
++ */
++ aq_hw_write_reg(self, tx_dma_total_req_limit_adr, 24);
++
+ err = aq_hw_err_from_flags(self);
+ if (err < 0)
+ goto err_exit;
+--- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_llh_internal.h
++++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_llh_internal.h
+@@ -2343,6 +2343,9 @@
+ #define tx_dma_desc_base_addrmsw_adr(descriptor) \
+ (0x00007c04u + (descriptor) * 0x40)
+
++/* tx dma total request limit */
++#define tx_dma_total_req_limit_adr 0x00007b20u
++
+ /* tx interrupt moderation control register definitions
+ * Preprocessor definitions for TX Interrupt Moderation Control Register
+ * Base Address: 0x00008980
+@@ -2369,6 +2372,9 @@
+ /* default value of bitfield reg_res_dsbl */
+ #define pci_reg_res_dsbl_default 0x1
+
++/* PCI core control register */
++#define pci_reg_control6_adr 0x1014u
++
+ /* global microprocessor scratch pad definitions */
+ #define glb_cpu_scratch_scp_adr(scratch_scp) (0x00000300u + (scratch_scp) * 0x4)
+
diff --git a/patches.drivers/net-aquantia-driver-should-correctly-declare-vlan_fe.patch b/patches.drivers/net-aquantia-driver-should-correctly-declare-vlan_fe.patch
new file mode 100644
index 0000000000..1538503703
--- /dev/null
+++ b/patches.drivers/net-aquantia-driver-should-correctly-declare-vlan_fe.patch
@@ -0,0 +1,34 @@
+From 8c61ab7f111a2b29d051348b9cb9a39804ebf1f8 Mon Sep 17 00:00:00 2001
+From: Igor Russkikh <igor.russkikh@aquantia.com>
+Date: Mon, 7 May 2018 16:10:38 +0300
+Subject: [PATCH] net: aquantia: driver should correctly declare vlan_features bits
+Git-commit: 8c61ab7f111a2b29d051348b9cb9a39804ebf1f8
+Patch-mainline: v4.17-rc5
+References: bsc#1051510
+
+In particular, not reporting SG forced skbs to be linear for vlan
+interfaces over atlantic NIC.
+
+With this fix it is possible to enable SG feature on device and
+therefore optimize performance.
+
+Reported-by: Ma Yuying <yuma@redhat.com>
+Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/net/ethernet/aquantia/atlantic/aq_nic.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
++++ b/drivers/net/ethernet/aquantia/atlantic/aq_nic.c
+@@ -281,6 +281,8 @@ int aq_nic_ndev_init(struct aq_nic_s *se
+
+ self->ndev->hw_features |= aq_hw_caps->hw_features;
+ self->ndev->features = aq_hw_caps->hw_features;
++ self->ndev->vlan_features |= NETIF_F_HW_CSUM | NETIF_F_RXCSUM |
++ NETIF_F_RXHASH | NETIF_F_SG | NETIF_F_LRO;
+ self->ndev->priv_flags = aq_hw_caps->hw_priv_flags;
+ self->ndev->mtu = aq_nic_cfg->mtu - ETH_HLEN;
+ self->ndev->max_mtu = self->aq_hw_caps.mtu - ETH_FCS_LEN - ETH_HLEN;
diff --git a/patches.drivers/net-bcmgenet-fix-OF-child-node-lookup.patch b/patches.drivers/net-bcmgenet-fix-OF-child-node-lookup.patch
new file mode 100644
index 0000000000..a41ff397d0
--- /dev/null
+++ b/patches.drivers/net-bcmgenet-fix-OF-child-node-lookup.patch
@@ -0,0 +1,40 @@
+From d397dbe606120a1ea1b11b0020c3f7a3852da5ac Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Mon, 27 Aug 2018 10:21:50 +0200
+Subject: [PATCH] net: bcmgenet: fix OF child-node lookup
+Git-commit: d397dbe606120a1ea1b11b0020c3f7a3852da5ac
+Patch-mainline: v4.20-rc1
+References: bsc#1051510
+
+Use the new of_get_compatible_child() helper to lookup the mdio child
+node instead of using of_find_compatible_node(), which searches the
+entire tree from a given start node and thus can return an unrelated
+(i.e. non-child) node.
+
+This also addresses a potential use-after-free (e.g. after probe
+deferral) as the tree-wide helper drops a reference to its first
+argument (i.e. the node of the device being probed).
+
+Fixes: aa09677cba42 ("net: bcmgenet: add MDIO routines")
+Cc: stable <stable@vger.kernel.org> # 3.15
+Cc: David S. Miller <davem@davemloft.net>
+Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Rob Herring <robh@kernel.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/broadcom/genet/bcmmii.c
++++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c
+@@ -491,7 +491,7 @@ static int bcmgenet_mii_of_init(struct b
+ if (!compat)
+ return -ENOMEM;
+
+- priv->mdio_dn = of_find_compatible_node(dn, NULL, compat);
++ priv->mdio_dn = of_get_compatible_child(dn, compat);
+ kfree(compat);
+ if (!priv->mdio_dn) {
+ dev_err(kdev, "unable to find MDIO bus node\n");
diff --git a/patches.drivers/net-bcmgenet-return-correct-value-ret-from-bcmgenet_.patch b/patches.drivers/net-bcmgenet-return-correct-value-ret-from-bcmgenet_.patch
new file mode 100644
index 0000000000..f29e58315d
--- /dev/null
+++ b/patches.drivers/net-bcmgenet-return-correct-value-ret-from-bcmgenet_.patch
@@ -0,0 +1,41 @@
+From 0db55093b56618088b9a1d445eb6e43b311bea33 Mon Sep 17 00:00:00 2001
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Thu, 8 Nov 2018 02:08:43 +0000
+Subject: [PATCH] net: bcmgenet: return correct value 'ret' from bcmgenet_power_down
+Git-commit: 0db55093b56618088b9a1d445eb6e43b311bea33
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+Fixes gcc '-Wunused-but-set-variable' warning:
+
+Drivers/net/ethernet/broadcom/genet/bcmgenet.c: In function 'bcmgenet_power_down':
+drivers/net/ethernet/broadcom/genet/bcmgenet.c:1136:6: warning:
+ variable 'ret' set but not used [-Wunused-but-set-variable]
+
+bcmgenet_power_down should return 'ret' instead of 0.
+
+Fixes: ca8cf341903f ("net: bcmgenet: propagate errors from bcmgenet_power_down")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/net/ethernet/broadcom/genet/bcmgenet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+index 2d6f090bf644..bf88749505a9 100644
+--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
++++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+@@ -1169,7 +1169,7 @@ static int bcmgenet_power_down(struct bcmgenet_priv *priv,
+ break;
+ }
+
+- return 0;
++ return ret;
+ }
+
+ static void bcmgenet_power_up(struct bcmgenet_priv *priv,
+--
+2.16.4
+
diff --git a/patches.drivers/niu-fix-missing-checks-of-niu_pci_eeprom_read.patch b/patches.drivers/niu-fix-missing-checks-of-niu_pci_eeprom_read.patch
new file mode 100644
index 0000000000..7eeb26b6cf
--- /dev/null
+++ b/patches.drivers/niu-fix-missing-checks-of-niu_pci_eeprom_read.patch
@@ -0,0 +1,51 @@
+From 26fd962bde0b15e54234fe762d86bc0349df1de4 Mon Sep 17 00:00:00 2001
+From: Kangjie Lu <kjlu@umn.edu>
+Date: Tue, 25 Dec 2018 01:56:14 -0600
+Subject: [PATCH] niu: fix missing checks of niu_pci_eeprom_read
+Git-commit: 26fd962bde0b15e54234fe762d86bc0349df1de4
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+niu_pci_eeprom_read() may fail, so we should check its return value
+before using the read data.
+
+Signed-off-by: Kangjie Lu <kjlu@umn.edu>
+Acked-by: Shannon Nelson <shannon.lee.nelson@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/net/ethernet/sun/niu.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/sun/niu.c b/drivers/net/ethernet/sun/niu.c
+index 9319d84bf49f..d84501441edd 100644
+--- a/drivers/net/ethernet/sun/niu.c
++++ b/drivers/net/ethernet/sun/niu.c
+@@ -8100,6 +8100,8 @@ static int niu_pci_vpd_scan_props(struct niu *np, u32 start, u32 end)
+ start += 3;
+
+ prop_len = niu_pci_eeprom_read(np, start + 4);
++ if (prop_len < 0)
++ return prop_len;
+ err = niu_pci_vpd_get_propname(np, start + 5, namebuf, 64);
+ if (err < 0)
+ return err;
+@@ -8144,8 +8146,12 @@ static int niu_pci_vpd_scan_props(struct niu *np, u32 start, u32 end)
+ netif_printk(np, probe, KERN_DEBUG, np->dev,
+ "VPD_SCAN: Reading in property [%s] len[%d]\n",
+ namebuf, prop_len);
+- for (i = 0; i < prop_len; i++)
+- *prop_buf++ = niu_pci_eeprom_read(np, off + i);
++ for (i = 0; i < prop_len; i++) {
++ err = niu_pci_eeprom_read(np, off + i);
++ if (err >= 0)
++ *prop_buf = err;
++ ++prop_buf;
++ }
+ }
+
+ start += len;
+--
+2.16.4
+
diff --git a/patches.drivers/pinctrl-meson-meson8b-fix-the-sdxc_a-data-1.3-pins.patch b/patches.drivers/pinctrl-meson-meson8b-fix-the-sdxc_a-data-1.3-pins.patch
new file mode 100644
index 0000000000..e772f78d22
--- /dev/null
+++ b/patches.drivers/pinctrl-meson-meson8b-fix-the-sdxc_a-data-1.3-pins.patch
@@ -0,0 +1,38 @@
+From c17abcfa93bf0be5e48bb011607d237ac2bfc839 Mon Sep 17 00:00:00 2001
+From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Date: Sat, 9 Feb 2019 02:01:01 +0100
+Subject: [PATCH] pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
+Git-commit: c17abcfa93bf0be5e48bb011607d237ac2bfc839
+Patch-mainline: v5.0
+References: bsc#1051510
+
+Fix the mismatch between the "sdxc_d13_1_a" pin group definition from
+meson8b_cbus_groups and the entry in sdxc_a_groups ("sdxc_d0_13_1_a").
+This makes it possible to use "sdxc_d13_1_a" in device-tree files to
+route the MMC data 1..3 pins to GPIOX_1..3.
+
+Fixes: 0fefcb6876d0d6 ("pinctrl: Add support for Meson8b")
+Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/pinctrl/meson/pinctrl-meson8b.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/pinctrl/meson/pinctrl-meson8b.c b/drivers/pinctrl/meson/pinctrl-meson8b.c
+index c69ca95b1ad5..0f140a802137 100644
+--- a/drivers/pinctrl/meson/pinctrl-meson8b.c
++++ b/drivers/pinctrl/meson/pinctrl-meson8b.c
+@@ -693,7 +693,7 @@ static const char * const sd_a_groups[] = {
+
+ static const char * const sdxc_a_groups[] = {
+ "sdxc_d0_0_a", "sdxc_d13_0_a", "sdxc_d47_a", "sdxc_clk_a",
+- "sdxc_cmd_a", "sdxc_d0_1_a", "sdxc_d0_13_1_a"
++ "sdxc_cmd_a", "sdxc_d0_1_a", "sdxc_d13_1_a"
+ };
+
+ static const char * const pcm_a_groups[] = {
+--
+2.16.4
+
diff --git a/patches.drivers/pinctrl-msm-fix-gpio-hog-related-boot-issues.patch b/patches.drivers/pinctrl-msm-fix-gpio-hog-related-boot-issues.patch
new file mode 100644
index 0000000000..8d13c3ceea
--- /dev/null
+++ b/patches.drivers/pinctrl-msm-fix-gpio-hog-related-boot-issues.patch
@@ -0,0 +1,104 @@
+From a86caa9ba5d70696ceb35d1d39caa20d8b641387 Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Mon, 21 May 2018 22:57:37 +0200
+Subject: [PATCH] pinctrl: msm: fix gpio-hog related boot issues
+Git-commit: a86caa9ba5d70696ceb35d1d39caa20d8b641387
+Patch-mainline: v4.18-rc1
+References: bsc#1051510
+
+Sven Eckelmann reported an issue with the current IPQ4019 pinctrl.
+Setting up any gpio-hog in the device-tree for his device would
+"kill the bootup completely":
+
+| [ 0.477838] msm_serial 78af000.serial: could not find pctldev for node /soc/pinctrl@1000000/serial_pinmux, deferring probe
+| [ 0.499828] spi_qup 78b5000.spi: could not find pctldev for node /soc/pinctrl@1000000/spi_0_pinmux, deferring probe
+| [ 1.298883] requesting hog GPIO enable USB2 power (chip 1000000.pinctrl, offset 58) failed, -517
+| [ 1.299609] gpiochip_add_data: GPIOs 0..99 (1000000.pinctrl) failed to register
+| [ 1.308589] ipq4019-pinctrl 1000000.pinctrl: Failed register gpiochip
+| [ 1.316586] msm_serial 78af000.serial: could not find pctldev for node /soc/pinctrl@1000000/serial_pinmux, deferring probe
+| [ 1.322415] spi_qup 78b5000.spi: could not find pctldev for node /soc/pinctrl@1000000/spi_0_pinmux, deferri
+
+This was also verified on a RT-AC58U (IPQ4018) which would
+no longer boot, if a gpio-hog was specified. (Tried forcing
+the USB LED PIN (GPIO0) to high.).
+
+The problem is that Pinctrl+GPIO registration is currently
+peformed in the following order in pinctrl-msm.c:
+ 1. pinctrl_register()
+ 2. gpiochip_add()
+ 3. gpiochip_add_pin_range()
+
+The actual error code -517 == -EPROBE_DEFER is coming from
+pinctrl_get_device_gpio_range(), which is called through:
+ gpiochip_add
+ of_gpiochip_add
+ of_gpiochip_scan_gpios
+ gpiod_hog
+ gpiochip_request_own_desc
+ __gpiod_request
+ chip->request
+ gpiochip_generic_request
+ pinctrl_gpio_request
+ pinctrl_get_device_gpio_range
+
+pinctrl_get_device_gpio_range() is unable to find any valid
+pin ranges, since nothing has been added to the pinctrldev_list yet.
+so the range can't be found, and the operation fails with -EPROBE_DEFER.
+
+This patch fixes the issue by adding the "gpio-ranges" property to
+the pinctrl device node of all upstream Qcom SoC. The pin ranges are
+then added by the gpio core.
+
+In order to remain compatible with older, existing DTs (and ACPI)
+a check for the "gpio-ranges" property has been added to
+msm_gpio_init(). This prevents the driver of adding the same entry
+to the pinctrldev_list twice.
+
+Reported-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
+Tested-by: Sven Eckelmann <sven.eckelmann@openmesh.com> [ipq4019]
+Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/pinctrl/qcom/pinctrl-msm.c | 23 ++++++++++++++++++-----
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/pinctrl/qcom/pinctrl-msm.c b/drivers/pinctrl/qcom/pinctrl-msm.c
+index d6b10bcdfe87..0e22f52b2a19 100644
+--- a/drivers/pinctrl/qcom/pinctrl-msm.c
++++ b/drivers/pinctrl/qcom/pinctrl-msm.c
+@@ -901,11 +901,24 @@ static int msm_gpio_init(struct msm_pinctrl *pctrl)
+ return ret;
+ }
+
+- ret = gpiochip_add_pin_range(&pctrl->chip, dev_name(pctrl->dev), 0, 0, chip->ngpio);
+- if (ret) {
+- dev_err(pctrl->dev, "Failed to add pin range\n");
+- gpiochip_remove(&pctrl->chip);
+- return ret;
++ /*
++ * For DeviceTree-supported systems, the gpio core checks the
++ * pinctrl's device node for the "gpio-ranges" property.
++ * If it is present, it takes care of adding the pin ranges
++ * for the driver. In this case the driver can skip ahead.
++ *
++ * In order to remain compatible with older, existing DeviceTree
++ * files which don't set the "gpio-ranges" property or systems that
++ * utilize ACPI the driver has to call gpiochip_add_pin_range().
++ */
++ if (!of_property_read_bool(pctrl->dev->of_node, "gpio-ranges")) {
++ ret = gpiochip_add_pin_range(&pctrl->chip,
++ dev_name(pctrl->dev), 0, 0, chip->ngpio);
++ if (ret) {
++ dev_err(pctrl->dev, "Failed to add pin range\n");
++ gpiochip_remove(&pctrl->chip);
++ return ret;
++ }
+ }
+
+ ret = gpiochip_irqchip_add(chip,
+--
+2.16.4
+
diff --git a/patches.drivers/skge-potential-memory-corruption-in-skge_get_regs.patch b/patches.drivers/skge-potential-memory-corruption-in-skge_get_regs.patch
new file mode 100644
index 0000000000..0fbb7a0404
--- /dev/null
+++ b/patches.drivers/skge-potential-memory-corruption-in-skge_get_regs.patch
@@ -0,0 +1,42 @@
+From 294c149a209c6196c2de85f512b52ef50f519949 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 1 Feb 2019 11:28:16 +0300
+Subject: [PATCH] skge: potential memory corruption in skge_get_regs()
+Git-commit: 294c149a209c6196c2de85f512b52ef50f519949
+Patch-mainline: v5.0-rc6
+References: bsc#1051510
+
+The "p" buffer is 0x4000 bytes long. B3_RI_WTO_R1 is 0x190. The value
+of "regs->len" is in the 1-0x4000 range. The bug here is that
+"regs->len - B3_RI_WTO_R1" can be a negative value which would lead to
+memory corruption and an abrupt crash.
+
+Fixes: c3f8be961808 ("[PATCH] skge: expand ethtool debug register dump")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/net/ethernet/marvell/skge.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/marvell/skge.c b/drivers/net/ethernet/marvell/skge.c
+index 04fd1f135011..654ac534b10e 100644
+--- a/drivers/net/ethernet/marvell/skge.c
++++ b/drivers/net/ethernet/marvell/skge.c
+@@ -152,8 +152,10 @@ static void skge_get_regs(struct net_device *dev, struct ethtool_regs *regs,
+ memset(p, 0, regs->len);
+ memcpy_fromio(p, io, B3_RAM_ADDR);
+
+- memcpy_fromio(p + B3_RI_WTO_R1, io + B3_RI_WTO_R1,
+- regs->len - B3_RI_WTO_R1);
++ if (regs->len > B3_RI_WTO_R1) {
++ memcpy_fromio(p + B3_RI_WTO_R1, io + B3_RI_WTO_R1,
++ regs->len - B3_RI_WTO_R1);
++ }
+ }
+
+ /* Wake on Lan only supported on Yukon chips with rev 1 or above */
+--
+2.16.4
+
diff --git a/patches.drivers/tty-serial-samsung-Properly-set-flags-in-autoCTS-mod.patch b/patches.drivers/tty-serial-samsung-Properly-set-flags-in-autoCTS-mod.patch
new file mode 100644
index 0000000000..fb9aa54832
--- /dev/null
+++ b/patches.drivers/tty-serial-samsung-Properly-set-flags-in-autoCTS-mod.patch
@@ -0,0 +1,47 @@
+From 31e933645742ee6719d37573a27cce0761dcf92b Mon Sep 17 00:00:00 2001
+From: Beomho Seo <beomho.seo@samsung.com>
+Date: Fri, 14 Dec 2018 12:34:08 +0100
+Subject: [PATCH] tty: serial: samsung: Properly set flags in autoCTS mode
+Git-commit: 31e933645742ee6719d37573a27cce0761dcf92b
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+Commit 391f93f2ec9f ("serial: core: Rework hw-assited flow control support")
+has changed the way the autoCTS mode is handled.
+
+According to that change, serial drivers which enable H/W autoCTS mode must
+set UPSTAT_AUTOCTS to prevent the serial core from inadvertently disabling
+TX. This patch adds proper handling of UPSTAT_AUTOCTS flag.
+
+Signed-off-by: Beomho Seo <beomho.seo@samsung.com>
+[mszyprow: rephrased commit message]
+Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/tty/serial/samsung.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c
+index da1bd4bba8a9..2a49b6d876b8 100644
+--- a/drivers/tty/serial/samsung.c
++++ b/drivers/tty/serial/samsung.c
+@@ -1365,11 +1365,14 @@ static void s3c24xx_serial_set_termios(struct uart_port *port,
+ wr_regl(port, S3C2410_ULCON, ulcon);
+ wr_regl(port, S3C2410_UBRDIV, quot);
+
++ port->status &= ~UPSTAT_AUTOCTS;
++
+ umcon = rd_regl(port, S3C2410_UMCON);
+ if (termios->c_cflag & CRTSCTS) {
+ umcon |= S3C2410_UMCOM_AFC;
+ /* Disable RTS when RX FIFO contains 63 bytes */
+ umcon &= ~S3C2412_UMCON_AFC_8;
++ port->status = UPSTAT_AUTOCTS;
+ } else {
+ umcon &= ~S3C2410_UMCOM_AFC;
+ }
+--
+2.16.4
+
diff --git a/patches.drivers/ucma-fix-a-use-after-free-in-ucma_resolve_ip.patch b/patches.drivers/ucma-fix-a-use-after-free-in-ucma_resolve_ip.patch
new file mode 100644
index 0000000000..9a8c8aad74
--- /dev/null
+++ b/patches.drivers/ucma-fix-a-use-after-free-in-ucma_resolve_ip.patch
@@ -0,0 +1,69 @@
+From 5fe23f262e0548ca7f19fb79f89059a60d087d22 Mon Sep 17 00:00:00 2001
+From: Cong Wang <xiyou.wangcong@gmail.com>
+Date: Wed, 12 Sep 2018 16:27:44 -0700
+Subject: [PATCH] ucma: fix a use-after-free in ucma_resolve_ip()
+Git-commit: 5fe23f262e0548ca7f19fb79f89059a60d087d22
+Patch-mainline: v4.19-rc6
+References: bsc#1051510
+
+There is a race condition between ucma_close() and ucma_resolve_ip():
+
+CPU0 CPU1
+Ucma_resolve_ip(): ucma_close():
+
+ctx = ucma_get_ctx(file, cmd.id);
+
+ list_for_each_entry_safe(ctx, tmp, &file->ctx_list, list) {
+ mutex_lock(&mut);
+ idr_remove(&ctx_idr, ctx->id);
+ mutex_unlock(&mut);
+ ...
+ mutex_lock(&mut);
+ if (!ctx->closing) {
+ mutex_unlock(&mut);
+ rdma_destroy_id(ctx->cm_id);
+ ...
+ ucma_free_ctx(ctx);
+
+ret = rdma_resolve_addr();
+ucma_put_ctx(ctx);
+
+Before idr_remove(), ucma_get_ctx() could still find the ctx
+and after rdma_destroy_id(), rdma_resolve_addr() may still
+access id_priv pointer. Also, ucma_put_ctx() may use ctx after
+ucma_free_ctx() too.
+
+ucma_close() should call ucma_put_ctx() too which tests the
+refcnt and waits for the last one releasing it. The similar
+pattern is already used by ucma_destroy_id().
+
+Reported-and-tested-by: syzbot+da2591e115d57a9cbb8b@syzkaller.appspotmail.com
+Reported-by: syzbot+cfe3c1e8ef634ba8964b@syzkaller.appspotmail.com
+Cc: Jason Gunthorpe <jgg@mellanox.com>
+Cc: Doug Ledford <dledford@redhat.com>
+Cc: Leon Romanovsky <leon@kernel.org>
+Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
+Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
+Signed-off-by: Doug Ledford <dledford@redhat.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/infiniband/core/ucma.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
+index 5f437d1570fb..21863ddde63e 100644
+--- a/drivers/infiniband/core/ucma.c
++++ b/drivers/infiniband/core/ucma.c
+@@ -1759,6 +1759,8 @@ static int ucma_close(struct inode *inode, struct file *filp)
+ mutex_lock(&mut);
+ if (!ctx->closing) {
+ mutex_unlock(&mut);
++ ucma_put_ctx(ctx);
++ wait_for_completion(&ctx->comp);
+ /* rdma_destroy_id ensures that no event handlers are
+ * inflight for that id before releasing it.
+ */
+--
+2.16.4
+
diff --git a/patches.drm/drm-bridge-tc358767-add-defines-for-DP1_SRCCTRL-PHY_.patch b/patches.drm/drm-bridge-tc358767-add-defines-for-DP1_SRCCTRL-PHY_.patch
new file mode 100644
index 0000000000..1e5e578909
--- /dev/null
+++ b/patches.drm/drm-bridge-tc358767-add-defines-for-DP1_SRCCTRL-PHY_.patch
@@ -0,0 +1,74 @@
+From adf4109896bbee27fd2ac3b48d22d6a0062fe517 Mon Sep 17 00:00:00 2001
+From: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Date: Thu, 3 Jan 2019 13:59:49 +0200
+Subject: [PATCH] drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE
+Git-commit: adf4109896bbee27fd2ac3b48d22d6a0062fe517
+Patch-mainline: v5.0-rc2
+References: bsc#1051510
+
+DP1_SRCCTRL register and PHY_2LANE field did not have matching defines.
+Add these.
+
+Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Reviewed-by: Andrzej Hajda <a.hajda@samsung.com>
+Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20190103115954.12785-3-tomi.valkeinen@ti.com
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/gpu/drm/bridge/tc358767.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/gpu/drm/bridge/tc358767.c b/drivers/gpu/drm/bridge/tc358767.c
+index 29a7e33e8ae0..5f0a666db2fd 100644
+--- a/drivers/gpu/drm/bridge/tc358767.c
++++ b/drivers/gpu/drm/bridge/tc358767.c
+@@ -142,6 +142,8 @@
+ #define DP0_LTLOOPCTRL 0x06d8
+ #define DP0_SNKLTCTRL 0x06e4
+
++#define DP1_SRCCTRL 0x07a0
++
+ /* PHY */
+ #define DP_PHY_CTRL 0x0800
+ #define DP_PHY_RST BIT(28) /* DP PHY Global Soft Reset */
+@@ -150,6 +152,7 @@
+ #define PHY_M1_RST BIT(12) /* Reset PHY1 Main Channel */
+ #define PHY_RDY BIT(16) /* PHY Main Channels Ready */
+ #define PHY_M0_RST BIT(8) /* Reset PHY0 Main Channel */
++#define PHY_2LANE BIT(2) /* PHY Enable 2 lanes */
+ #define PHY_A0_EN BIT(1) /* PHY Aux Channel0 Enable */
+ #define PHY_M0_EN BIT(0) /* PHY Main Channel0 Enable */
+
+@@ -564,7 +567,7 @@ static int tc_aux_link_setup(struct tc_data *tc)
+ value |= SYSCLK_SEL_LSCLK | LSCLK_DIV_2;
+ tc_write(SYS_PLLPARAM, value);
+
+- tc_write(DP_PHY_CTRL, BGREN | PWR_SW_EN | BIT(2) | PHY_A0_EN);
++ tc_write(DP_PHY_CTRL, BGREN | PWR_SW_EN | PHY_2LANE | PHY_A0_EN);
+
+ /*
+ * Initially PLLs are in bypass. Force PLL parameter update,
+@@ -834,7 +837,7 @@ static int tc_main_link_setup(struct tc_data *tc)
+ DP0_SRCCTRL_LANESKEW | DP0_SRCCTRL_LANES_2 |
+ DP0_SRCCTRL_BW27 | DP0_SRCCTRL_AUTOCORRECT);
+ /* from excel file - DP1_SrcCtrl */
+- tc_write(0x07a0, 0x00003083);
++ tc_write(DP1_SRCCTRL, 0x00003083);
+
+ rate = clk_get_rate(tc->refclk);
+ switch (rate) {
+@@ -855,8 +858,9 @@ static int tc_main_link_setup(struct tc_data *tc)
+ }
+ value |= SYSCLK_SEL_LSCLK | LSCLK_DIV_2;
+ tc_write(SYS_PLLPARAM, value);
++
+ /* Setup Main Link */
+- dp_phy_ctrl = BGREN | PWR_SW_EN | BIT(2) | PHY_A0_EN | PHY_M0_EN;
++ dp_phy_ctrl = BGREN | PWR_SW_EN | PHY_2LANE | PHY_A0_EN | PHY_M0_EN;
+ tc_write(DP_PHY_CTRL, dp_phy_ctrl);
+ msleep(100);
+
+--
+2.16.4
+
diff --git a/patches.drm/drm-bridge-tc358767-fix-initial-DP0-1_SRCCTRL-value.patch b/patches.drm/drm-bridge-tc358767-fix-initial-DP0-1_SRCCTRL-value.patch
new file mode 100644
index 0000000000..877218abd1
--- /dev/null
+++ b/patches.drm/drm-bridge-tc358767-fix-initial-DP0-1_SRCCTRL-value.patch
@@ -0,0 +1,55 @@
+From 9a63bd6fe1b5590ffa42ae2ed22ee21363293e31 Mon Sep 17 00:00:00 2001
+From: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Date: Thu, 3 Jan 2019 13:59:51 +0200
+Subject: [PATCH] drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value
+Git-commit: 9a63bd6fe1b5590ffa42ae2ed22ee21363293e31
+Patch-mainline: v5.0-rc2
+References: bsc#1051510
+
+Initially DP0_SRCCTRL is set to a static value which includes
+DP0_SRCCTRL_LANES_2 and DP0_SRCCTRL_BW27, even when only 1 lane of
+1.62Gbps speed is used. DP1_SRCCTRL is configured to a magic number.
+
+This patch changes the configuration as follows:
+
+Configure DP0_SRCCTRL by using tc_srcctrl() which provides the correct
+value.
+
+DP1_SRCCTRL needs two bits to be set to the same value as DP0_SRCCTRL:
+SSCG and BW27. All other bits can be zero.
+
+Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Reviewed-by: Andrzej Hajda <a.hajda@samsung.com>
+Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20190103115954.12785-5-tomi.valkeinen@ti.com
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/gpu/drm/bridge/tc358767.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/gpu/drm/bridge/tc358767.c b/drivers/gpu/drm/bridge/tc358767.c
+index fee53422c31f..ab299f4debfa 100644
+--- a/drivers/gpu/drm/bridge/tc358767.c
++++ b/drivers/gpu/drm/bridge/tc358767.c
+@@ -836,12 +836,11 @@ static int tc_main_link_setup(struct tc_data *tc)
+ if (!tc->mode)
+ return -EINVAL;
+
+- /* from excel file - DP0_SrcCtrl */
+- tc_write(DP0_SRCCTRL, DP0_SRCCTRL_SCRMBLDIS | DP0_SRCCTRL_EN810B |
+- DP0_SRCCTRL_LANESKEW | DP0_SRCCTRL_LANES_2 |
+- DP0_SRCCTRL_BW27 | DP0_SRCCTRL_AUTOCORRECT);
+- /* from excel file - DP1_SrcCtrl */
+- tc_write(DP1_SRCCTRL, 0x00003083);
++ tc_write(DP0_SRCCTRL, tc_srcctrl(tc));
++ /* SSCG and BW27 on DP1 must be set to the same as on DP0 */
++ tc_write(DP1_SRCCTRL,
++ (tc->link.spread ? DP0_SRCCTRL_SSCG : 0) |
++ ((tc->link.base.rate != 162000) ? DP0_SRCCTRL_BW27 : 0));
+
+ rate = clk_get_rate(tc->refclk);
+ switch (rate) {
+--
+2.16.4
+
diff --git a/patches.drm/drm-bridge-tc358767-fix-output-H-V-syncs.patch b/patches.drm/drm-bridge-tc358767-fix-output-H-V-syncs.patch
new file mode 100644
index 0000000000..151109738d
--- /dev/null
+++ b/patches.drm/drm-bridge-tc358767-fix-output-H-V-syncs.patch
@@ -0,0 +1,48 @@
+From 7923e09c7a766e2d58de7fc395bb84c18e5bc625 Mon Sep 17 00:00:00 2001
+From: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Date: Thu, 3 Jan 2019 13:59:53 +0200
+Subject: [PATCH] drm/bridge: tc358767: fix output H/V syncs
+Git-commit: 7923e09c7a766e2d58de7fc395bb84c18e5bc625
+Patch-mainline: v5.0-rc2
+References: bsc#1051510
+
+The H and V syncs of the DP output are always set to active high. This
+patch fixes the syncs by configuring them according to the videomode.
+
+Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Reviewed-by: Andrzej Hajda <a.hajda@samsung.com>
+Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20190103115954.12785-7-tomi.valkeinen@ti.com
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/gpu/drm/bridge/tc358767.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/bridge/tc358767.c b/drivers/gpu/drm/bridge/tc358767.c
+index a1f3dd2afbb1..391547358756 100644
+--- a/drivers/gpu/drm/bridge/tc358767.c
++++ b/drivers/gpu/drm/bridge/tc358767.c
+@@ -98,6 +98,8 @@
+ #define DP0_STARTVAL 0x064c
+ #define DP0_ACTIVEVAL 0x0650
+ #define DP0_SYNCVAL 0x0654
++#define SYNCVAL_HS_POL_ACTIVE_LOW (1 << 15)
++#define SYNCVAL_VS_POL_ACTIVE_LOW (1 << 31)
+ #define DP0_MISC 0x0658
+ #define TU_SIZE_RECOMMENDED (63) /* LSCLK cycles per TU */
+ #define BPC_6 (0 << 5)
+@@ -726,7 +728,9 @@ static int tc_set_video_mode(struct tc_data *tc, struct drm_display_mode *mode)
+
+ tc_write(DP0_ACTIVEVAL, (mode->vdisplay << 16) | (mode->hdisplay));
+
+- tc_write(DP0_SYNCVAL, (vsync_len << 16) | (hsync_len << 0));
++ tc_write(DP0_SYNCVAL, (vsync_len << 16) | (hsync_len << 0) |
++ ((mode->flags & DRM_MODE_FLAG_NHSYNC) ? SYNCVAL_HS_POL_ACTIVE_LOW : 0) |
++ ((mode->flags & DRM_MODE_FLAG_NVSYNC) ? SYNCVAL_VS_POL_ACTIVE_LOW : 0));
+
+ tc_write(DPIPXLFMT, VS_POL_ACTIVE_LOW | HS_POL_ACTIVE_LOW |
+ DE_POL_ACTIVE_HIGH | SUB_CFG_TYPE_CONFIG1 | DPI_BPP_RGB888);
+--
+2.16.4
+
diff --git a/patches.drm/drm-bridge-tc358767-fix-single-lane-configuration.patch b/patches.drm/drm-bridge-tc358767-fix-single-lane-configuration.patch
new file mode 100644
index 0000000000..ef53175565
--- /dev/null
+++ b/patches.drm/drm-bridge-tc358767-fix-single-lane-configuration.patch
@@ -0,0 +1,60 @@
+From 4d9d54a730434cc068dd3515ba6116697196f77b Mon Sep 17 00:00:00 2001
+From: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Date: Thu, 3 Jan 2019 13:59:50 +0200
+Subject: [PATCH] drm/bridge: tc358767: fix single lane configuration
+Git-commit: 4d9d54a730434cc068dd3515ba6116697196f77b
+Patch-mainline: v5.0-rc2
+References: bsc#1051510
+
+PHY_2LANE bit is always set in DP_PHY_CTRL, breaking 1 lane use.
+
+Set PHY_2LANE only when 2 lanes are used.
+
+Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Reviewed-by: Andrzej Hajda <a.hajda@samsung.com>
+Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20190103115954.12785-4-tomi.valkeinen@ti.com
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/gpu/drm/bridge/tc358767.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/gpu/drm/bridge/tc358767.c b/drivers/gpu/drm/bridge/tc358767.c
+index 5f0a666db2fd..fee53422c31f 100644
+--- a/drivers/gpu/drm/bridge/tc358767.c
++++ b/drivers/gpu/drm/bridge/tc358767.c
+@@ -543,6 +543,7 @@ static int tc_aux_link_setup(struct tc_data *tc)
+ unsigned long rate;
+ u32 value;
+ int ret;
++ u32 dp_phy_ctrl;
+
+ rate = clk_get_rate(tc->refclk);
+ switch (rate) {
+@@ -567,7 +568,10 @@ static int tc_aux_link_setup(struct tc_data *tc)
+ value |= SYSCLK_SEL_LSCLK | LSCLK_DIV_2;
+ tc_write(SYS_PLLPARAM, value);
+
+- tc_write(DP_PHY_CTRL, BGREN | PWR_SW_EN | PHY_2LANE | PHY_A0_EN);
++ dp_phy_ctrl = BGREN | PWR_SW_EN | PHY_A0_EN;
++ if (tc->link.base.num_lanes == 2)
++ dp_phy_ctrl |= PHY_2LANE;
++ tc_write(DP_PHY_CTRL, dp_phy_ctrl);
+
+ /*
+ * Initially PLLs are in bypass. Force PLL parameter update,
+@@ -860,7 +864,9 @@ static int tc_main_link_setup(struct tc_data *tc)
+ tc_write(SYS_PLLPARAM, value);
+
+ /* Setup Main Link */
+- dp_phy_ctrl = BGREN | PWR_SW_EN | PHY_2LANE | PHY_A0_EN | PHY_M0_EN;
++ dp_phy_ctrl = BGREN | PWR_SW_EN | PHY_A0_EN | PHY_M0_EN;
++ if (tc->link.base.num_lanes == 2)
++ dp_phy_ctrl |= PHY_2LANE;
+ tc_write(DP_PHY_CTRL, dp_phy_ctrl);
+ msleep(100);
+
+--
+2.16.4
+
diff --git a/patches.drm/drm-bridge-tc358767-reject-modes-which-require-too-m.patch b/patches.drm/drm-bridge-tc358767-reject-modes-which-require-too-m.patch
new file mode 100644
index 0000000000..7674711122
--- /dev/null
+++ b/patches.drm/drm-bridge-tc358767-reject-modes-which-require-too-m.patch
@@ -0,0 +1,47 @@
+From 51b9e62eb6950c762162ab7eb8390990179be067 Mon Sep 17 00:00:00 2001
+From: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Date: Thu, 3 Jan 2019 13:59:52 +0200
+Subject: [PATCH] drm/bridge: tc358767: reject modes which require too much BW
+Git-commit: 51b9e62eb6950c762162ab7eb8390990179be067
+Patch-mainline: v5.0-rc2
+References: bsc#1051510
+
+The current driver accepts any videomode with pclk < 154MHz. This is not
+correct, as with 1 lane and/or 1.62Mbps speed not all videomodes can be
+supported.
+
+Add code to reject modes that require more bandwidth that is available.
+
+Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Reviewed-by: Andrzej Hajda <a.hajda@samsung.com>
+Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20190103115954.12785-6-tomi.valkeinen@ti.com
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/gpu/drm/bridge/tc358767.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/drivers/gpu/drm/bridge/tc358767.c
++++ b/drivers/gpu/drm/bridge/tc358767.c
+@@ -1112,10 +1112,20 @@ static bool tc_bridge_mode_fixup(struct
+ static int tc_connector_mode_valid(struct drm_connector *connector,
+ struct drm_display_mode *mode)
+ {
++ struct tc_data *tc = connector_to_tc(connector);
++ u32 req, avail;
++ u32 bits_per_pixel = 24;
++
+ /* DPI interface clock limitation: upto 154 MHz */
+ if (mode->clock > 154000)
+ return MODE_CLOCK_HIGH;
+
++ req = mode->clock * bits_per_pixel / 8;
++ avail = tc->link.base.num_lanes * tc->link.base.rate;
++
++ if (req > avail)
++ return MODE_BAD;
++
+ return MODE_OK;
+ }
+
diff --git a/patches.drm/drm-nouveau-falcon-avoid-touching-registers-if-engin.patch b/patches.drm/drm-nouveau-falcon-avoid-touching-registers-if-engin.patch
new file mode 100644
index 0000000000..db9777a994
--- /dev/null
+++ b/patches.drm/drm-nouveau-falcon-avoid-touching-registers-if-engin.patch
@@ -0,0 +1,45 @@
+From a5176a4cb85bb6213daadf691097cf411da35df2 Mon Sep 17 00:00:00 2001
+From: Ilia Mirkin <imirkin@alum.mit.edu>
+Date: Thu, 13 Dec 2018 22:44:08 -0500
+Subject: [PATCH] drm/nouveau/falcon: avoid touching registers if engine is off
+Git-commit: a5176a4cb85bb6213daadf691097cf411da35df2
+Patch-mainline: v5.0-rc2
+References: bsc#1051510
+
+Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=108980
+Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
+Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/gpu/drm/nouveau/nvkm/engine/falcon.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/falcon.c b/drivers/gpu/drm/nouveau/nvkm/engine/falcon.c
+index 816ccaedfc73..8675613e142b 100644
+--- a/drivers/gpu/drm/nouveau/nvkm/engine/falcon.c
++++ b/drivers/gpu/drm/nouveau/nvkm/engine/falcon.c
+@@ -22,6 +22,7 @@
+ #include <engine/falcon.h>
+
+ #include <core/gpuobj.h>
++#include <subdev/mc.h>
+ #include <subdev/timer.h>
+ #include <engine/fifo.h>
+
+@@ -107,8 +108,10 @@ nvkm_falcon_fini(struct nvkm_engine *engine, bool suspend)
+ }
+ }
+
+- nvkm_mask(device, base + 0x048, 0x00000003, 0x00000000);
+- nvkm_wr32(device, base + 0x014, 0xffffffff);
++ if (nvkm_mc_enabled(device, engine->subdev.index)) {
++ nvkm_mask(device, base + 0x048, 0x00000003, 0x00000000);
++ nvkm_wr32(device, base + 0x014, 0xffffffff);
++ }
+ return 0;
+ }
+
+--
+2.16.4
+
diff --git a/patches.fixes/ARM-8808-1-kexec-offline-panic_smp_self_stop-CPU.patch b/patches.fixes/ARM-8808-1-kexec-offline-panic_smp_self_stop-CPU.patch
new file mode 100644
index 0000000000..e75edc0d3c
--- /dev/null
+++ b/patches.fixes/ARM-8808-1-kexec-offline-panic_smp_self_stop-CPU.patch
@@ -0,0 +1,65 @@
+From 82c08c3e7f171aa7f579b231d0abbc1d62e91974 Mon Sep 17 00:00:00 2001
+From: Yufen Wang <wangyufen@huawei.com>
+Date: Fri, 2 Nov 2018 11:51:31 +0100
+Subject: [PATCH] ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
+Git-commit: 82c08c3e7f171aa7f579b231d0abbc1d62e91974
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+In case panic() and panic() called at the same time on different CPUS.
+For example:
+CPU 0:
+ panic()
+ __crash_kexec
+ machine_crash_shutdown
+ crash_smp_send_stop
+ machine_kexec
+ BUG_ON(num_online_cpus() > 1);
+
+CPU 1:
+ panic()
+ local_irq_disable
+ panic_smp_self_stop
+
+If CPU 1 calls panic_smp_self_stop() before crash_smp_send_stop(), kdump
+fails. CPU1 can't receive the ipi irq, CPU1 will be always online.
+To fix this problem, this patch split out the panic_smp_self_stop()
+and add set_cpu_online(smp_processor_id(), false).
+
+Signed-off-by: Yufen Wang <wangyufen@huawei.com>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ arch/arm/kernel/smp.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c
+index 0978282d5fc2..f574a5e0d589 100644
+--- a/arch/arm/kernel/smp.c
++++ b/arch/arm/kernel/smp.c
+@@ -693,6 +693,21 @@ void smp_send_stop(void)
+ pr_warn("SMP: failed to stop secondary CPUs\n");
+ }
+
++/* In case panic() and panic() called at the same time on CPU1 and CPU2,
++ * and CPU 1 calls panic_smp_self_stop() before crash_smp_send_stop()
++ * CPU1 can't receive the ipi irqs from CPU2, CPU1 will be always online,
++ * kdump fails. So split out the panic_smp_self_stop() and add
++ * set_cpu_online(smp_processor_id(), false).
++ */
++void panic_smp_self_stop(void)
++{
++ pr_debug("CPU %u will stop doing anything useful since another CPU has paniced\n",
++ smp_processor_id());
++ set_cpu_online(smp_processor_id(), false);
++ while (1)
++ cpu_relax();
++}
++
+ /*
+ * not supported here
+ */
+--
+2.16.4
+
diff --git a/patches.fixes/ARM-OMAP2-hwmod-Fix-some-section-annotations.patch b/patches.fixes/ARM-OMAP2-hwmod-Fix-some-section-annotations.patch
new file mode 100644
index 0000000000..35b2613e4e
--- /dev/null
+++ b/patches.fixes/ARM-OMAP2-hwmod-Fix-some-section-annotations.patch
@@ -0,0 +1,78 @@
+From c10b26abeb53cabc1e6271a167d3f3d396ce0218 Mon Sep 17 00:00:00 2001
+From: Nathan Chancellor <natechancellor@gmail.com>
+Date: Wed, 17 Oct 2018 17:52:07 -0700
+Subject: [PATCH] ARM: OMAP2+: hwmod: Fix some section annotations
+Git-commit: c10b26abeb53cabc1e6271a167d3f3d396ce0218
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+When building the kernel with Clang, the following section mismatch
+warnings appears:
+
+Warning: vmlinux.o(.text+0x2d398): Section mismatch in reference from
+the function _setup() to the function .init.text:_setup_iclk_autoidle()
+The function _setup() references
+the function __init _setup_iclk_autoidle().
+This is often because _setup lacks a __init
+annotation or the annotation of _setup_iclk_autoidle is wrong.
+
+Warning: vmlinux.o(.text+0x2d3a0): Section mismatch in reference from
+the function _setup() to the function .init.text:_setup_reset()
+The function _setup() references
+the function __init _setup_reset().
+This is often because _setup lacks a __init
+annotation or the annotation of _setup_reset is wrong.
+
+Warning: vmlinux.o(.text+0x2d408): Section mismatch in reference from
+the function _setup() to the function .init.text:_setup_postsetup()
+The function _setup() references
+the function __init _setup_postsetup().
+This is often because _setup lacks a __init
+annotation or the annotation of _setup_postsetup is wrong.
+
+_setup is used in omap_hwmod_allocate_module, which isn't marked __init
+and looks like it shouldn't be, meaning to fix these warnings, those
+functions must be moved out of the init section, which this patch does.
+
+Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
+Signed-off-by: Tony Lindgren <tony@atomide.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ arch/arm/mach-omap2/omap_hwmod.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
+index 083dcd9942ce..921c9aaee63f 100644
+--- a/arch/arm/mach-omap2/omap_hwmod.c
++++ b/arch/arm/mach-omap2/omap_hwmod.c
+@@ -2413,7 +2413,7 @@ static int __init _init(struct omap_hwmod *oh, void *data)
+ * a stub; implementing this properly requires iclk autoidle usecounting in
+ * the clock code. No return value.
+ */
+-static void __init _setup_iclk_autoidle(struct omap_hwmod *oh)
++static void _setup_iclk_autoidle(struct omap_hwmod *oh)
+ {
+ struct omap_hwmod_ocp_if *os;
+
+@@ -2444,7 +2444,7 @@ static void __init _setup_iclk_autoidle(struct omap_hwmod *oh)
+ * reset. Returns 0 upon success or a negative error code upon
+ * failure.
+ */
+-static int __init _setup_reset(struct omap_hwmod *oh)
++static int _setup_reset(struct omap_hwmod *oh)
+ {
+ int r;
+
+@@ -2505,7 +2505,7 @@ static int __init _setup_reset(struct omap_hwmod *oh)
+ *
+ * No return value.
+ */
+-static void __init _setup_postsetup(struct omap_hwmod *oh)
++static void _setup_postsetup(struct omap_hwmod *oh)
+ {
+ u8 postsetup_state;
+
+--
+2.16.4
+
diff --git a/patches.fixes/ARM-pxa-avoid-section-mismatch-warning.patch b/patches.fixes/ARM-pxa-avoid-section-mismatch-warning.patch
new file mode 100644
index 0000000000..54e5697824
--- /dev/null
+++ b/patches.fixes/ARM-pxa-avoid-section-mismatch-warning.patch
@@ -0,0 +1,78 @@
+From 88af3209aa0881aa5ffd99664b6080a4be5f24e5 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Mon, 10 Dec 2018 22:58:39 +0100
+Subject: [PATCH] ARM: pxa: avoid section mismatch warning
+Git-commit: 88af3209aa0881aa5ffd99664b6080a4be5f24e5
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+Warning: vmlinux.o(.text+0x19f90): Section mismatch in reference from the function littleton_init_lcd() to the function .init.text:pxa_set_fb_info()
+The function littleton_init_lcd() references
+the function __init pxa_set_fb_info().
+This is often because littleton_init_lcd lacks a __init
+annotation or the annotation of pxa_set_fb_info is wrong.
+
+Warning: vmlinux.o(.text+0xf824): Section mismatch in reference from the function zeus_register_ohci() to the function .init.text:pxa_set_ohci_info()
+The function zeus_register_ohci() references
+the function __init pxa_set_ohci_info().
+This is often because zeus_register_ohci lacks a __init
+annotation or the annotation of pxa_set_ohci_info is wrong.
+
+Warning: vmlinux.o(.text+0xf95c): Section mismatch in reference from the function cm_x300_init_u2d() to the function .init.text:pxa3xx_set_u2d_info()
+The function cm_x300_init_u2d() references
+the function __init pxa3xx_set_u2d_info().
+This is often because cm_x300_init_u2d lacks a __init
+annotation or the annotation of pxa3xx_set_u2d_info is wrong.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Olof Johansson <olof@lixom.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ arch/arm/mach-pxa/cm-x300.c | 2 +-
+ arch/arm/mach-pxa/littleton.c | 2 +-
+ arch/arm/mach-pxa/zeus.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/arch/arm/mach-pxa/cm-x300.c b/arch/arm/mach-pxa/cm-x300.c
+index c5c0ab8ac9f9..024c1fbcc55a 100644
+--- a/arch/arm/mach-pxa/cm-x300.c
++++ b/arch/arm/mach-pxa/cm-x300.c
+@@ -558,7 +558,7 @@ static struct pxa3xx_u2d_platform_data cm_x300_u2d_platform_data = {
+ .exit = cm_x300_u2d_exit,
+ };
+
+-static void cm_x300_init_u2d(void)
++static void __init cm_x300_init_u2d(void)
+ {
+ pxa3xx_set_u2d_info(&cm_x300_u2d_platform_data);
+ }
+diff --git a/arch/arm/mach-pxa/littleton.c b/arch/arm/mach-pxa/littleton.c
+index 9e132b3e48c6..9960ea158829 100644
+--- a/arch/arm/mach-pxa/littleton.c
++++ b/arch/arm/mach-pxa/littleton.c
+@@ -184,7 +184,7 @@ static struct pxafb_mach_info littleton_lcd_info = {
+ .lcd_conn = LCD_COLOR_TFT_16BPP,
+ };
+
+-static void littleton_init_lcd(void)
++static void __init littleton_init_lcd(void)
+ {
+ pxa_set_fb_info(NULL, &littleton_lcd_info);
+ }
+diff --git a/arch/arm/mach-pxa/zeus.c b/arch/arm/mach-pxa/zeus.c
+index d53ea12fc766..54a32f0433a2 100644
+--- a/arch/arm/mach-pxa/zeus.c
++++ b/arch/arm/mach-pxa/zeus.c
+@@ -576,7 +576,7 @@ static struct pxaohci_platform_data zeus_ohci_platform_data = {
+ .flags = ENABLE_PORT_ALL | POWER_SENSE_LOW,
+ };
+
+-static void zeus_register_ohci(void)
++static void __init zeus_register_ohci(void)
+ {
+ /* Port 2 is shared between host and client interface. */
+ UP2OCR = UP2OCR_HXOE | UP2OCR_HXS | UP2OCR_DMPDE | UP2OCR_DPPDE;
+--
+2.16.4
+
diff --git a/patches.fixes/KEYS-allow-reaching-the-keys-quotas-exactly.patch b/patches.fixes/KEYS-allow-reaching-the-keys-quotas-exactly.patch
new file mode 100644
index 0000000000..a7bc87e45f
--- /dev/null
+++ b/patches.fixes/KEYS-allow-reaching-the-keys-quotas-exactly.patch
@@ -0,0 +1,47 @@
+From a08bf91ce28ed3ae7b6fef35d843fef8dc8c2cd9 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 14 Feb 2019 16:20:01 +0000
+Subject: [PATCH] KEYS: allow reaching the keys quotas exactly
+Git-commit: a08bf91ce28ed3ae7b6fef35d843fef8dc8c2cd9
+Patch-mainline: v5.0
+References: bsc#1051510
+
+If the sysctl 'kernel.keys.maxkeys' is set to some number n, then
+actually users can only add up to 'n - 1' keys. Likewise for
+'kernel.keys.maxbytes' and the root_* versions of these sysctls. But
+these sysctls are apparently supposed to be *maximums*, as per their
+names and all documentation I could find -- the keyrings(7) man page,
+Documentation/security/keys/core.rst, and all the mentions of EDQUOT
+meaning that the key quota was *exceeded* (as opposed to reached).
+
+Thus, fix the code to allow reaching the quotas exactly.
+
+Fixes: 0b77f5bfb45c ("keys: make the keyring quotas controllable through /proc/sys")
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: James Morris <james.morris@microsoft.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ security/keys/key.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/security/keys/key.c b/security/keys/key.c
+index 44a80d6741a1..0ec9322af4f9 100644
+--- a/security/keys/key.c
++++ b/security/keys/key.c
+@@ -265,8 +265,8 @@ struct key *key_alloc(struct key_type *type, const char *desc,
+
+ spin_lock(&user->lock);
+ if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) {
+- if (user->qnkeys + 1 >= maxkeys ||
+- user->qnbytes + quotalen >= maxbytes ||
++ if (user->qnkeys + 1 > maxkeys ||
++ user->qnbytes + quotalen > maxbytes ||
+ user->qnbytes + quotalen < user->qnbytes)
+ goto no_quota;
+ }
+--
+2.16.4
+
diff --git a/patches.fixes/assoc_array-Fix-shortcut-creation.patch b/patches.fixes/assoc_array-Fix-shortcut-creation.patch
new file mode 100644
index 0000000000..68fb938039
--- /dev/null
+++ b/patches.fixes/assoc_array-Fix-shortcut-creation.patch
@@ -0,0 +1,59 @@
+From bb2ba2d75a2d673e76ddaf13a9bd30d6a8b1bb08 Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Thu, 14 Feb 2019 16:20:15 +0000
+Subject: [PATCH] assoc_array: Fix shortcut creation
+Git-commit: bb2ba2d75a2d673e76ddaf13a9bd30d6a8b1bb08
+Patch-mainline: v5.0
+References: bsc#1051510
+
+Fix the creation of shortcuts for which the length of the index key value
+is an exact multiple of the machine word size. The problem is that the
+code that blanks off the unused bits of the shortcut value malfunctions if
+the number of bits in the last word equals machine word size. This is due
+to the "<<" operator being given a shift of zero in this case, and so the
+mask that should be all zeros is all ones instead. This causes the
+subsequent masking operation to clear everything rather than clearing
+nothing.
+
+Ordinarily, the presence of the hash at the beginning of the tree index key
+makes the issue very hard to test for, but in this case, it was encountered
+due to a development mistake that caused the hash output to be either 0
+(keyring) or 1 (non-keyring) only. This made it susceptible to the
+keyctl/unlink/valid test in the keyutils package.
+
+The fix is simply to skip the blanking if the shift would be 0. For
+example, an index key that is 64 bits long would produce a 0 shift and thus
+a 'blank' of all 1s. This would then be inverted and AND'd onto the
+index_key, incorrectly clearing the entire last word.
+
+Fixes: 3cb989501c26 ("Add a generic associative array implementation.")
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: James Morris <james.morris@microsoft.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ lib/assoc_array.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/lib/assoc_array.c b/lib/assoc_array.c
+index c6659cb37033..59875eb278ea 100644
+--- a/lib/assoc_array.c
++++ b/lib/assoc_array.c
+@@ -768,9 +768,11 @@ static bool assoc_array_insert_into_terminal_node(struct assoc_array_edit *edit,
+ new_s0->index_key[i] =
+ ops->get_key_chunk(index_key, i * ASSOC_ARRAY_KEY_CHUNK_SIZE);
+
+- blank = ULONG_MAX << (level & ASSOC_ARRAY_KEY_CHUNK_MASK);
+- pr_devel("blank off [%zu] %d: %lx\n", keylen - 1, level, blank);
+- new_s0->index_key[keylen - 1] &= ~blank;
++ if (level & ASSOC_ARRAY_KEY_CHUNK_MASK) {
++ blank = ULONG_MAX << (level & ASSOC_ARRAY_KEY_CHUNK_MASK);
++ pr_devel("blank off [%zu] %d: %lx\n", keylen - 1, level, blank);
++ new_s0->index_key[keylen - 1] &= ~blank;
++ }
+
+ /* This now reduces to a node splitting exercise for which we'll need
+ * to regenerate the disparity table.
+--
+2.16.4
+
diff --git a/patches.fixes/keys-Timestamp-new-keys.patch b/patches.fixes/keys-Timestamp-new-keys.patch
new file mode 100644
index 0000000000..d1a746e8d2
--- /dev/null
+++ b/patches.fixes/keys-Timestamp-new-keys.patch
@@ -0,0 +1,34 @@
+From 7c1857bdbdf1e4c541e45eab477ee23ed4333ea4 Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Thu, 14 Feb 2019 16:20:37 +0000
+Subject: [PATCH] keys: Timestamp new keys
+Git-commit: 7c1857bdbdf1e4c541e45eab477ee23ed4333ea4
+Patch-mainline: v5.0
+References: bsc#1051510
+
+Set the timestamp on new keys rather than leaving it unset.
+
+Fixes: 31d5a79d7f3d ("KEYS: Do LRU discard in full keyrings")
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: James Morris <james.morris@microsoft.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ security/keys/key.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/security/keys/key.c b/security/keys/key.c
+index 0ec9322af4f9..696f1c092c50 100644
+--- a/security/keys/key.c
++++ b/security/keys/key.c
+@@ -297,6 +297,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
+ key->gid = gid;
+ key->perm = perm;
+ key->restrict_link = restrict_link;
++ key->last_used_at = ktime_get_real_seconds();
+
+ if (!(flags & KEY_ALLOC_NOT_IN_QUOTA))
+ key->flags |= 1 << KEY_FLAG_IN_QUOTA;
+--
+2.16.4
+
diff --git a/series.conf b/series.conf
index 4a75861c92..745d8c0271 100644
--- a/series.conf
+++ b/series.conf
@@ -4191,6 +4191,7 @@
patches.drivers/media-Revert-media-et8ek8-Export-OF-device-ID-as-mod.patch
patches.drivers/media-rainshadow-cec-avoid-Wmaybe-uninitialized-warn2.patch
patches.suse/xfs-fix-per-inode-dax-flag-inheritance.patch
+ patches.drivers/mtd-nand-sunxi-fix-potential-divide-by-zero-error.patch
patches.fixes/scsi-bnx2fc-Plug-CPU-hotplug-race.patch
patches.fixes/scsi-bnx2fc-Prevent-recursive-cpuhotplug-locking.patch
patches.drivers/scsi-bnx2i-prevent-recursive-cpuhotplug-locking
@@ -4384,6 +4385,7 @@
patches.drm/drm-i915-Clear-lost-context-switch-interrupts-across
patches.drivers/dmaengine-tegra210-adma-fix-of_irq_get-error-check
patches.drivers/bsg-lib-fix-kernel-panic-resulting-from-missing-allo.patch
+ patches.drivers/mtd-nandsim-remove-debugfs-entries-in-error-path.patch
patches.arch/KVM-PPC-Book3S-HV-Use-msgsync-with-hypervisor-doorbell.patch
patches.arch/KVM-PPC-Book3S-0001-HV-Workaround-POWER9-DD1.0-bug-causin.patch
patches.arch/KVM-PPC-Book3S-0002-HV-Add-missing-barriers-to-XIVE-code-.patch
@@ -6737,6 +6739,7 @@
patches.drivers/power-supply-cpcap-charger-add-OMAP_USB2-dependency
patches.drivers/power-supply-act8945a_charger-fix-of_irq_get-error-c
patches.drivers/0001-power-supply-Fix-power_supply_am_i_supplied-to-retur.patch
+ patches.drivers/mtd-nand-atmel-fix-of_irq_get-error-check.patch
patches.drivers/0013-iommu-rockchip-add-multi-irqs-support.patch
patches.drivers/0014-iommu-rockchip-ignore-isp-mmu-reset-operation.patch
patches.drivers/iommu-vt-d-avoid-calling-virt_to_phys-on-null-pointer
@@ -7234,6 +7237,7 @@
patches.drivers/scsi-scsi_transport_fc-Also-check-for-NOTPRESENT-in-.patch
patches.drivers/scsi-aacraid-Add-a-small-delay-after-IOP-reset.patch
patches.fixes/scsi-ILLEGAL-REQUEST-ASC-27-target-failure.patch
+ patches.drivers/mtd-nand-atmel-fix-buffer-overflow-in-atmel_pmecc_us.patch
patches.suse/objtool-Skip-unreachable-warnings-for-GCC-4.4-and-ol.patch
patches.suse/objtool-Support-unoptimized-frame-pointer-setup.patch
patches.fixes/genirq-Check-__free_irq-return-value-for-NULL.patch
@@ -7316,6 +7320,7 @@
patches.suse/net-qcom-emac-specify-the-correct-size-when-mapping-.patch
patches.fixes/vti-fix-use-after-free-in-vti_tunnel_xmit-vti6_tnl_x.patch
patches.fixes/l2tp-fix-race-condition-in-l2tp_tunnel_delete.patch
+ patches.drivers/aquantia-Setup-max_mtu-in-ndev-to-enable-jumbo-frame.patch
patches.drivers/0001-iwlwifi-mvm-send-all-non-bufferable-frames-on-the-pr.patch
patches.drivers/0001-iwlwifi-mvm-change-state-when-queueing-agg-start-wor.patch
patches.drivers/0001-iwlwifi-mvm-wake-the-correct-mac80211-queue.patch
@@ -10300,6 +10305,10 @@
patches.fixes/0008-xfs-fix-memory-leak-in-xfs_iext_free_last_leaf.patch
patches.drivers/spi-nor-intel-spi-Fix-number-of-protected-range-regi
patches.drivers/spi-nor-intel-spi-Fix-broken-software-sequencing-cod
+ patches.drivers/mtd-spi-nor-stm32-quadspi-Fix-uninitialized-error-re.patch
+ patches.drivers/mtd-nand-omap2-Fix-subpage-write.patch
+ patches.drivers/mtd-nand-mtk-fix-infinite-ECC-decode-IRQ-issue.patch
+ patches.drivers/mtd-nand-Fix-writing-mtdoops-to-nand-flash.patch
patches.fixes/rtc-set-the-alarm-to-the-next-expiring-timer
patches.drivers/rtc-pl031-make-interrupt-optional
patches.drivers/rtc-pcf8563-fix-output-clock-rate
@@ -10866,6 +10875,7 @@
patches.drivers/s390-qeth-lock-IP-table-while-applying-takeover-chan.patch
patches.drivers/s390-qeth-update-takeover-IPs-after-configuration-ch.patch
patches.suse/sock-free-skb-in-skb_complete_tx_timestamp-on-error.patch
+ patches.drivers/net-aquantia-Fix-hardware-DMA-stream-overload-on-lar.patch
patches.fixes/0001-net-usb-qmi_wwan-add-Telit-ME910-PID-0x1101-support.patch
patches.drivers/net-sched-fix-static-key-imbalance-in-case-of-ingres.patch
patches.fixes/0001-nfs-fix-a-deadlock-in-nfs-client-initialization.patch
@@ -10918,6 +10928,8 @@
patches.arch/23-x86-paravirt-dont-patch-flush_tlb_single.patch
patches.arch/26-x86-paravirt-provide-a-way-to-check-for-hypervisors.patch
patches.arch/27-x86-cpufeatures-make-cpu-bugs-sticky.patch
+ patches.drivers/mtd-nand-gpmi-Fix-failure-when-a-erased-page-has-a-b.patch
+ patches.drivers/mtd-nand-brcmnand-Zero-bitflip-is-not-an-error.patch
patches.drivers/ALSA-usb-audio-Add-native-DSD-support-for-Esoteric-D
patches.drivers/ALSA-hda-Add-vendor-id-for-Cannonlake-HDMI-codec
patches.drivers/ALSA-rawmidi-Avoid-racy-info-ioctl-via-ctl-device
@@ -11210,6 +11222,7 @@
patches.drivers/KVM-s390-prevent-buffer-overrun-on-memory-hotplug-du.patch
patches.suse/mm-vmscan-Make-unregister_shrinker-no-op-if-register_shrinker-failed.patch
patches.fixes/sget-handle-failures-of-register_shrinker.patch
+ patches.drivers/mtd-nand-pxa3xx-Fix-READOOB-implementation.patch
patches.drivers/leds-core-Fix-regression-caused-by-commit-2b83ff96f5
patches.apparmor/apparmor-fix-regression-in-mount-mediation-when-feat.patch
patches.fixes/cgroup-avoid-copying-strings-longer-than-the-buffers.patch
@@ -11554,6 +11567,14 @@
patches.drivers/mfd-lpc_ich-Do-not-touch-SPI-NOR-write-protection-APL
patches.drivers/backlight-tdo24m-Fix-the-SPI-CS-between-transfers
patches.fixes/mtd-cfi-convert-inline-functions-to-macros.patch
+ patches.drivers/mtd-nand-fix-interpretation-of-NAND_CMD_NONE-in-nand.patch
+ patches.drivers/mtd-nand-denali_pci-add-missing-MODULE_DESCRIPTION-A.patch
+ patches.drivers/mtd-nand-ifc-update-bufnum-mask-for-ver-2.0.0.patch
+ patches.drivers/mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
+ patches.drivers/mtd-nand-brcmnand-Disable-prefetch-by-default.patch
+ patches.drivers/mtd-mtd_oobtest-Handle-bitflips-during-reads.patch
+ patches.drivers/mtd-nand-Fix-nand_do_read_oob-return-value.patch
+ patches.drivers/mtd-nand-sunxi-Fix-ECC-strength-choice.patch
patches.drivers/hwmon-ina2xx-Make-calibration-register-value-fixed
patches.drivers/hwmon-ina2xx-Fix-access-to-uninitialized-mutex
patches.drivers/mmc-sdhci-of-esdhc-fix-eMMC-couldn-t-work-after-kexe
@@ -13603,6 +13624,7 @@
patches.arch/0001-arm64-proc-Set-PTE_NG-for-table-entries-to-avoid-tra.patch
patches.arch/powerpc-xive-Use-hw-CPU-ids-when-configuring-the-CPU.patch
patches.arch/powerpc-pseries-Check-for-zero-filled-ibm-dynamic-me.patch
+ patches.drivers/mtd-nand-vf610-set-correct-ooblayout.patch
patches.drivers/mmc-bcm2835-Don-t-overwrite-max-frequency-unconditio
patches.drivers/nvme-rename-NVME_CTRL_RECONNECTING-state-to-NVME_CTR.patch
patches.drivers/nvme-rdma-use-NVME_CTRL_CONNECTING-state-to-mark-ini.patch
@@ -14294,6 +14316,8 @@
patches.suse/msft-hv-1609-Drivers-hv-vmbus-Fix-ring-buffer-signaling.patch
patches.drivers/iio-st_pressure-st_accel-pass-correct-platform-data-
patches.fixes/0001-staging-ncpfs-memory-corruption-in-ncp_read_kernel.patch
+ patches.drivers/mtdchar-fix-usage-of-mtd_ooblayout_ecc.patch
+ patches.drivers/mtd-nand-fsl_ifc-Fix-nand-waitfunc-return-value.patch
patches.suse/0001-mtd-nand-fsl_ifc-Fix-eccstat-array-overflow-for-IFC-.patch
patches.suse/0001-tracing-probeevent-Fix-to-support-minus-offset-from-.patch
patches.drivers/tty-vt-fix-up-tabstops-properly
@@ -14321,6 +14345,7 @@
patches.arch/powerpc-64s-Fix-i-side-SLB-miss-bad-address-handler-.patch
patches.fixes/ipc-shm.c-add-split-function-to-shm_vm_ops.patch
patches.fixes/mm-page_owner-fix-recursion-bug-after-changing-skip-entries.patch
+ patches.drivers/mtd-nand-atmel-Fix-get_sectorsize-function.patch
patches.suse/0001-mtd-jedec_probe-Fix-crash-in-jedec_read_mfr.patch
patches.drivers/RDMA-ucma-Correct-option-size-check-using-optlen.patch
patches.drivers/RDMA-qedr-fix-QP-s-ack-timeout-configuration.patch
@@ -15687,6 +15712,7 @@
patches.drm/drm-virtio-fix-vq-wait_event-condition
patches.drm/drm-i915-audio-set-minimum-CD-clock-to-twice-the-BCL
patches.drm/drm-i915-Enable-display-WA-1183-from-its-correct-spo
+ patches.drivers/mtd-spi-nor-cadence-quadspi-Fix-page-fault-kernel-pa.patch
patches.fixes/ARM-socfpga_defconfig-Remove-QSPI-Sector-4K-size-for.patch
patches.drivers/soc-bcm-raspberrypi-power-Fix-use-of-__packed
patches.drivers/soc-bcm2835-Make-RASPBERRYPI_FIRMWARE-dummies-return
@@ -15909,6 +15935,7 @@
patches.suse/sctp-delay-the-authentication-for-the-duplicated-coo.patch
patches.fixes/af_key-Always-verify-length-of-provided-sadb_key.patch
patches.fixes/vti6-Change-minimum-MTU-to-IPV4_MIN_MTU-vti6-can-car.patch
+ patches.drivers/net-aquantia-driver-should-correctly-declare-vlan_fe.patch
patches.suse/llc-better-deal-with-too-small-mtu.patch
patches.drivers/can-dev-increase-bus-off-message-severity
patches.drivers/can-kvaser_usb-Increase-correct-stats-counter-in-kva
@@ -16869,6 +16896,7 @@
patches.drivers/pinctrl-mvebu-use-correct-MPP-sel-value-for-dev-pins
patches.drivers/pinctrl-nand-meson-gxbb-fix-missing-data-pins
patches.drivers/pinctrl-nand-meson-gxl-fix-missing-data-pins
+ patches.drivers/pinctrl-msm-fix-gpio-hog-related-boot-issues.patch
patches.drivers/pinctrl-at91-pio4-add-missing-of_node_put
patches.drivers/auxdisplay-fix-broken-menu
patches.drivers/of-unittest-for-strings-account-for-trailing-0-in-pr
@@ -16886,6 +16914,7 @@
patches.drivers/HID-i2c-hid-check-if-device-is-there-before-really-p
patches.drivers/HID-hid-plantronics-Re-resend-Update-to-map-button-f
patches.suse/0001-mtd-cmdlinepart-Update-comment-for-introduction-of-O.patch
+ patches.drivers/mtd-cfi_cmdset_0002-Change-write-buffer-to-check-cor.patch
patches.drivers/iommu-vt-d-ratelimit-each-dmar-fault-printing
patches.drivers/0018-arm64-acpi-Create-arch-specific-cpu-to-acpi-id-helpe.patch
patches.arch/0003-arm-arm64-smccc-Add-SMCCC-specific-return-codes.patch
@@ -17354,6 +17383,10 @@
patches.arch/scsi-ipr-Eliminate-duplicate-barriers.patch
patches.drivers/scsi-qla2xxx-Spinlock-recursion-in-qla_target.patch
patches.drivers/soc-imx-gpcv2-correct-PGC-offset
+ patches.drivers/mtd-cfi_cmdset_0002-Use-right-chip-in-do_ppb_xxlock.patch
+ patches.drivers/mtd-cfi_cmdset_0002-fix-SEGV-unlocking-multiple-chip.patch
+ patches.drivers/mtd-cfi_cmdset_0002-Fix-unlocking-requests-crossing-.patch
+ patches.drivers/mtd-cfi_cmdset_0002-Avoid-walking-all-chips-when-unl.patch
patches.drivers/ALSA-hda-realtek-Fix-pop-noise-on-Lenovo-P50-co
patches.drivers/ALSA-hda-ca0132-Delete-pointless-assignments-to-stru
patches.drivers/ALSA-hda-ca0132-Delete-redundant-UNSOL-event-request
@@ -17968,6 +18001,8 @@
patches.fixes/nvme.h-fixup-ANA-group-descriptor-format.patch
patches.fixes/block-bvec_nr_vecs-returns-value-for-wrong-slab.patch
patches.suse/0236-bcache-fix-error-setting-writeback_rate-through-sysf.patch
+ patches.drivers/mtdchar-fix-overflows-in-adjustment-of-count.patch
+ patches.drivers/mtd-maps-fix-solutionengine.c-printk-format-warnings.patch
patches.suse/0001-md-cluster-clear-another-node-s-suspend_area-after-t.patch
patches.suse/0002-md-cluster-show-array-s-status-more-accurate.patch
patches.suse/0003-md-cluster-don-t-send-msg-if-array-is-closing.patch
@@ -18915,6 +18950,7 @@
patches.drivers/iommu-amd-return-devid-as-alias-for-acpi-hid-devices
patches.fixes/ext2-dax-set-ext2_dax_aops-for-dax-files.patch
patches.drivers/cxgb4-fix-abort_req_rss6-struct.patch
+ patches.drivers/ucma-fix-a-use-after-free-in-ucma_resolve_ip.patch
patches.drivers/RDMA-bnxt_re-Fix-system-crash-during-RDMA-resource-i.patch
patches.suse/PCI-dwc-Fix-scheduling-while-atomic-issues.patch
patches.drm/drm-mali-dp-Call-drm_crtc_vblank_reset-on-device-ini.patch
@@ -19119,6 +19155,7 @@
patches.drivers/hwmon-pwm-fan-Set-fan-speed-to-0-on-suspend.patch
patches.drivers/hwmon-pmbus-Fix-page-count-auto-detection.patch
patches.fixes/jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch
+ patches.drivers/mtd-spi-nor-fsl-quadspi-fix-read-error-for-flash-siz.patch
patches.drivers/spi-bcm-qspi-switch-back-to-reading-flash-using-smal.patch
patches.drivers/spi-sh-msiof-fix-deferred-probing.patch
patches.drivers/spi-bcm63xx-hsspi-keep-pll-clk-enabled.patch
@@ -19393,6 +19430,7 @@
patches.drivers/thermal-da9062-61-Prevent-hardware-access-during-sys.patch
patches.drm/0001-drm-mediatek-fix-OF-sibling-node-lookup.patch
patches.drm/0001-drm-msm-fix-OF-child-node-lookup.patch
+ patches.drivers/net-bcmgenet-fix-OF-child-node-lookup.patch
patches.drivers/NFC-nfcmrvl_uart-fix-OF-child-node-lookup.patch
patches.fixes/0001-xen-blkfront-avoid-NULL-blkfront_info-dereference-on.patch
patches.fixes/0001-dm-ioctl-harden-copy_params-s-copy_from_user-from-ma.patch
@@ -19581,6 +19619,7 @@
patches.drivers/HID-hiddev-fix-potential-Spectre-v1.patch
patches.drivers/hwmon-core-Fix-double-free-in-__hwmon_device_registe.patch
patches.drivers/hwmon-ibmpowernv-Remove-bogus-__init-annotations.patch
+ patches.drivers/mtd-docg3-don-t-set-conflicting-BCH_CONST_PARAMS-opt.patch
patches.fixes/xfs-Fix-error-code-in-xfs_ioc_getbmap.patch
patches.fixes/ceph-quota-fix-null-pointer-dereference-in-quota-check.patch
patches.fixes/block-respect-virtual-boundary-mask-in-bvecs.patch
@@ -19681,6 +19720,7 @@
patches.suse/tuntap-fix-multiqueue-rx.patch
patches.drivers/media-omap3isp-Unregister-media-device-as-first.patch
patches.fixes/scsi-qla2xxx-timeouts-occur-on-surprise-removal-of-qlogic-adapter.patch
+ patches.drivers/mtd-spi-nor-Fix-Cadence-QSPI-page-fault-kernel-panic.patch
patches.drivers/usb-quirks-Add-delay-init-quirk-for-Corsair-K70-LUX-.patch
patches.drivers/USB-quirks-Add-no-lpm-quirk-for-Raydium-touchscreens.patch
patches.drivers/USB-misc-appledisplay-add-20-Apple-Cinema-Display.patch
@@ -20117,6 +20157,7 @@
patches.fixes/pstore-ram-Avoid-NULL-deref-in-ftrace-merging-failur.patch
patches.fixes/selinux-always-allow-mounting-submounts.patch
patches.fixes/e1000e-allow-non-monotonic-SYSTIM-readings.patch
+ patches.drivers/net-bcmgenet-return-correct-value-ret-from-bcmgenet_.patch
patches.fixes/ptp-check-gettime64-return-code-in-PTP_SYS_OFFSET-io.patch
patches.drivers/usbnet-smsc95xx-fix-rx-packet-alignment.patch
patches.fixes/ptp-Fix-pass-zero-to-ERR_PTR-in-ptp_clock_register.patch
@@ -20250,6 +20291,7 @@
patches.suse/tty-ldsem-Add-lockdep-asserts-for-ldisc_sem.patch
patches.suse/tty-ldsem-Decrement-wait_readers-on-timeouted-down_r.patch
patches.drivers/tty-serial-do-not-free-trasnmit-buffer-page-under-po.patch
+ patches.drivers/tty-serial-samsung-Properly-set-flags-in-autoCTS-mod.patch
patches.drivers/serial-uartps-Fix-interrupt-mask-issue-to-handle-the.patch
patches.drivers/staging-iio-adc-ad7280a-handle-error-from-__ad7280_r.patch
patches.drivers/staging-iio-ad2s90-Make-probe-handle-spi_setup-failu.patch
@@ -20259,6 +20301,7 @@
patches.drivers/staging-wilc1000-fix-missing-read_write-setting-when.patch
patches.drivers/driver-core-Move-async_synchronize_full-call.patch
patches.fixes/sysfs-Disable-lockdep-for-driver-bind-unbind-files.patch
+ patches.drivers/altera-stapl-check-for-a-null-key-before-strcasecmp-.patch
patches.drivers/misc-vexpress-Off-by-one-in-vexpress_syscfg_exec.patch
patches.fixes/genwqe-Fix-size-check.patch
patches.drivers/intel_th-msu-Fix-an-off-by-one-in-attribute-store.patch
@@ -20266,6 +20309,8 @@
patches.fixes/kconfig-fix-memory-leak-when-EOF-is-encountered-in-q.patch
patches.suse/sched-fair-Fix-infinite-loop-in-update_blocked_averages-by-reverting-a9e7f6544b9c.patch
patches.fixes/seq_buf-Make-seq_buf_puts-null-terminate-the-buffer.patch
+ patches.fixes/ARM-OMAP2-hwmod-Fix-some-section-annotations.patch
+ patches.fixes/ARM-pxa-avoid-section-mismatch-warning.patch
patches.drivers/soc-bcm-brcmstb-Don-t-leak-device-tree-node-referenc.patch
patches.drivers/soc-tegra-Don-t-leak-device-tree-node-reference.patch
patches.drivers/watchdog-w83627hf_wdt-support-Inves.patch
@@ -20299,10 +20344,12 @@
patches.fixes/sunrpc-use-SVC_NET-in-svcauth_gss_-functions.patch
patches.fixes/sunrpc-use-after-free-in-svc_process_common.patch
patches.fixes/sunrpc-handle-ENOMEM-in-rpcb_getport_async.patch
+ patches.drivers/gdrom-fix-a-memory-leak-bug.patch
patches.suse/0001-block-swim3-Fix-EBUSY-error-when-re-opening-device-a.patch
patches.drivers/Input-elan_i2c-add-ACPI-ID-for-touchpad-in-ASUS-Aspi.patch
patches.drivers/Input-nomadik-ske-keypad-fix-a-loop-timeout-test.patch
patches.drivers/input-add-official-raspberry-pi-s-touchscreen-driver.patch
+ patches.drivers/niu-fix-missing-checks-of-niu_pci_eeprom_read.patch
patches.drivers/isdn-hisax-hfc_pci-Fix-a-possible-concurrency-use-af.patch
patches.suse/ax25-fix-a-use-after-free-in-ax25_fillin_cb.patch
patches.suse/net-wan-fix-a-double-free-in-x25_asy_open_tty.patch
@@ -20322,6 +20369,7 @@
patches.fixes/bpf-prevent-out-of-bounds-speculation-on-pointer-ari.patch
patches.drivers/ALSA-hda-realtek-Enable-the-headset-mic-auto-detecti.patch
patches.drivers/ALSA-hda-tegra-clear-pending-irq-handlers.patch
+ patches.fixes/ARM-8808-1-kexec-offline-panic_smp_self_stop-CPU.patch
patches.fixes/ceph-don-t-update-importing-cap-s-mseq-when-handing-cap-export.patch
patches.fixes/xfs-xfs_buf-drop-useless-LIST_HEAD.patch
patches.drivers/thermal-hwmon-inline-helpers-when-CONFIG_THERMAL_HWM.patch
@@ -20349,15 +20397,22 @@
patches.drivers/ALSA-cs46xx-Potential-NULL-dereference-in-probe.patch
patches.drivers/ALSA-hda-realtek-Add-unplug-function-into-unplug-sta.patch
patches.drivers/ALSA-hda-realtek-Disable-headset-Mic-VREF-for-headse.patch
+ patches.drm/drm-bridge-tc358767-add-defines-for-DP1_SRCCTRL-PHY_.patch
+ patches.drm/drm-bridge-tc358767-fix-single-lane-configuration.patch
+ patches.drm/drm-bridge-tc358767-fix-initial-DP0-1_SRCCTRL-value.patch
+ patches.drm/drm-bridge-tc358767-reject-modes-which-require-too-m.patch
+ patches.drm/drm-bridge-tc358767-fix-output-H-V-syncs.patch
patches.drivers/ACPI-power-Skip-duplicate-power-resource-references-.patch
patches.arch/x86-modpost-replace-last-remnants-of-retpoline-with-config_retpoline.patch
patches.fixes/rbd-don-t-return-0-on-unmap-if-rbd_dev_flag_removing-is-set.patch
patches.drivers/i2c-dev-prevent-adapter-retries-and-timeout-being-se.patch
patches.drm/drm-nouveau-Don-t-disable-polling-in-fallback-mode.patch
+ patches.drm/drm-nouveau-falcon-avoid-touching-registers-if-engin.patch
patches.drm/0001-drm-fb-helper-Partially-bring-back-workaround-for-bu.patch
patches.drm/0001-drm-fb-helper-Ignore-the-value-of-fb_var_screeninfo..patch
patches.fixes/kvm-sev-fail-kvm_sev_init-if-already-initialized.patch
patches.fixes/loop-drop-caches-if-offset-or-block_size-are-changed.patch
+ patches.drivers/ata-ahci-mvebu-remove-stale-comment.patch
patches.fixes/0001-usb-cdc-acm-send-ZLP-for-Telit-3G-Intel-based-modems.patch
patches.fixes/0001-USB-storage-don-t-insert-sane-sense-for-SPC3-when-ba.patch
patches.fixes/0001-USB-storage-add-quirk-for-SMI-SM3350.patch
@@ -20447,6 +20502,7 @@
patches.fixes/blk-mq-fix-a-hung-issue-when-fsync.patch
patches.arch/x86-speculation-remove-redundant-arch_smt_update-invocation.patch
patches.arch/x86-microcode-amd-don-t-falsely-trick-the-late-loading-mechanism.patch
+ patches.drivers/ALSA-hda-realtek-Headset-microphone-support-for-Syst.patch
patches.drivers/ALSA-hda-realtek-Fix-lose-hp_pins-for-disable-auto-m.patch
patches.drivers/ALSA-hda-realtek-Use-a-common-helper-for-hp-pin-refe.patch
patches.drivers/ALSA-hda-Serialize-codec-registrations.patch
@@ -20465,6 +20521,7 @@
patches.drivers/usb-phy-am335x-fix-race-condition-in-_probe.patch
patches.drivers/serial-fix-race-between-flush_to_ldisc-and-tty_open.patch
patches.drivers/iio-chemical-atlas-ph-sensor-correct-IIO_TEMP-values.patch
+ patches.drivers/skge-potential-memory-corruption-in-skge_get_regs.patch
patches.fixes/mac80211-ensure-that-mgmt-tx-skbs-have-tailroom-for-.patch
patches.drivers/batman-adv-Avoid-WARN-on-net_device-without-parent-i.patch
patches.drivers/batman-adv-Force-mac-header-to-start-of-data-on-xmit.patch
@@ -20494,9 +20551,19 @@
patches.drm/0005-drm-i915-opregion-fix-version-check.patch
patches.drm/0006-drm-i915-opregion-rvda-is-relative-from-opregion-bas.patch
patches.drivers/floppy-check_events-callback-should-not-return-a-neg.patch
+ patches.drivers/Input-bma150-register-input-device-after-setting-pri.patch
+ patches.drivers/Input-elantech-enable-3rd-button-support-on-Fujitsu-.patch
+ patches.drivers/Revert-Input-elan_i2c-add-ACPI-ID-for-touchpad-in-AS.patch
+ patches.drivers/Input-elan_i2c-add-ACPI-ID-for-touchpad-in-Lenovo-V3.patch
patches.drivers/i2c-cadence-Fix-the-hold-bit-setting.patch
patches.drivers/i2c-bcm2835-Clear-current-buffer-pointers-and-counts.patch
patches.fixes/mac80211-Restore-vif-beacon-interval-if-start-ap-fai.patch
+ patches.fixes/KEYS-allow-reaching-the-keys-quotas-exactly.patch
+ patches.fixes/assoc_array-Fix-shortcut-creation.patch
+ patches.fixes/keys-Timestamp-new-keys.patch
+ patches.drivers/pinctrl-meson-meson8b-fix-the-sdxc_a-data-1.3-pins.patch
+ patches.drivers/ALSA-hda-realtek-Headset-microphone-and-internal-spe.patch
+ patches.drivers/ALSA-hda-realtek-Disable-PC-beep-in-passthrough-on-a.patch
# davem/net-next
patches.suse/msft-hv-1766-hv_netvsc-fix-vf-serial-matching-with-pci-slot-info.patch