Home Home > GIT Browse > SLE15-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKernel Build Daemon <kbuild@suse.de>2019-02-15 07:04:55 +0100
committerKernel Build Daemon <kbuild@suse.de>2019-02-15 07:04:55 +0100
commite44cdaecdf121f0654d18fbf0fa8fea8761fc88b (patch)
treed9c97f71c4bd28980a87ca9b530af5fa4e242a82
parent3ed1a26ee30b4c166888ea6b8ed57edf0b28cda9 (diff)
parent88514bc9b2517ca0f299b2d429751fe9c4276bed (diff)
Merge branch 'SLE15' into SLE15-AZURE
-rw-r--r--blacklist.conf1
-rw-r--r--patches.drivers/cw1200-Fix-concurrency-use-after-free-bugs-in-cw1200.patch83
-rw-r--r--patches.drivers/dmaengine-stm32-dma-fix-incomplete-configuration-in-.patch57
-rw-r--r--patches.drivers/hwmon-lm80-Fix-missing-unlock-on-error-in-set_fan_di.patch39
-rw-r--r--patches.drivers/hwmon-lm80-fix-a-missing-check-of-bus-read-in-lm80-p.patch55
-rw-r--r--patches.drivers/hwmon-lm80-fix-a-missing-check-of-the-status-of-SMBu.patch60
-rw-r--r--patches.drivers/pinctrl-meson-fix-pull-enable-register-calculation.patch44
-rw-r--r--patches.drivers/pinctrl-meson-meson8-fix-the-GPIO-function-for-the-G.patch51
-rw-r--r--patches.drivers/pinctrl-meson-meson8b-fix-the-GPIO-function-for-the-.patch65
-rw-r--r--patches.drivers/pinctrl-sunxi-a64-Rename-function-csi0-to-csi.patch116
-rw-r--r--patches.drivers/pinctrl-sunxi-a64-Rename-function-ts0-to-ts.patch105
-rw-r--r--patches.drivers/pinctrl-sunxi-a83t-Fix-IRQ-offset-typo-for-PH11.patch41
-rw-r--r--patches.drivers/pinctrl-sx150x-handle-failure-case-of-devm_kstrdup.patch66
-rw-r--r--patches.fixes/earlycon-Initialize-port-uartclk-based-on-clock-freq.patch37
-rw-r--r--patches.fixes/earlycon-Remove-hardcoded-port-uartclk-initializatio.patch35
-rw-r--r--patches.fixes/esp-Fix-locking-on-page-fragment-allocation.patch73
-rw-r--r--patches.fixes/esp-Fix-memleaks-on-error-paths.patch121
-rw-r--r--patches.fixes/esp-Fix-skb-tailroom-calculation.patch47
-rw-r--r--patches.fixes/esp6-fix-memleak-on-error-path-in-esp6_input.patch41
-rw-r--r--patches.fixes/genwqe-Fix-size-check.patch70
-rw-r--r--patches.fixes/gianfar-Fix-Rx-byte-accounting-for-ndev-stats.patch60
-rw-r--r--patches.fixes/gianfar-fix-a-flooded-alignment-reports-because-of-p.patch84
-rw-r--r--patches.fixes/gianfar-prevent-integer-wrapping-in-the-rx-handler.patch87
-rw-r--r--patches.fixes/hvc_opal-don-t-set-tb_ticks_per_usec-in-udbg_init_op.patch50
-rw-r--r--patches.fixes/ipsec-check-return-value-of-skb_to_sgvec-always.patch167
-rw-r--r--patches.fixes/ipv4-speedup-ipv6-tunnels-dismantle.patch172
-rw-r--r--patches.fixes/ipv6-addrlabel-per-netns-list.patch279
-rw-r--r--patches.fixes/ipv6-speedup-ipv6-tunnels-dismantle.patch225
-rw-r--r--patches.fixes/kconfig-fix-file-name-and-line-number-of-warn_ignore.patch60
-rw-r--r--patches.fixes/kconfig-fix-line-numbers-for-if-entries-in-menu-tree.patch71
-rw-r--r--patches.fixes/kconfig-fix-memory-leak-when-EOF-is-encountered-in-q.patch69
-rw-r--r--patches.fixes/kconfig-fix-the-rule-of-mainmenu_stmt-symbol.patch48
-rw-r--r--patches.fixes/kgdboc-Fix-restrict-error.patch57
-rw-r--r--patches.fixes/kgdboc-Fix-warning-with-module-build.patch81
-rw-r--r--patches.fixes/kgdboc-fix-KASAN-global-out-of-bounds-bug-in-param_s.patch81
-rw-r--r--patches.fixes/kobject-add-kobject_uevent_net_broadcast.patch136
-rw-r--r--patches.fixes/kobject-copy-env-blob-in-one-go.patch70
-rw-r--r--patches.fixes/kobject-factorize-skb-setup-in-kobject_uevent_net_br.patch110
-rw-r--r--patches.fixes/kprobes-Return-error-if-we-fail-to-reuse-kprobe-inst.patch90
-rw-r--r--patches.fixes/net-add-uevent-socket-member.patch90
-rw-r--r--patches.fixes/netns-restrict-uevents.patch310
-rw-r--r--patches.fixes/ptp-Fix-pass-zero-to-ERR_PTR-in-ptp_clock_register.patch53
-rw-r--r--patches.fixes/ptp-check-gettime64-return-code-in-PTP_SYS_OFFSET-io.patch47
-rw-r--r--patches.fixes/sd-disable-logical-block-provisioning-if-lbpme-is-no.patch45
-rw-r--r--patches.fixes/tcp-batch-tcp_net_metrics_exit.patch55
-rw-r--r--patches.fixes/uevent-add-alloc_uevent_skb-helper.patch90
-rw-r--r--patches.kabi/kabi-handle-addition-of-ip6addrlbl_table-into-struct.patch164
-rw-r--r--patches.kabi/kabi-handle-addition-of-uevent_sock-into-struct-net.patch35
-rw-r--r--patches.kabi/kabi-restore-ip_tunnel_delete_net.patch48
-rw-r--r--patches.suse/0001-btrfs-qgroup-Make-qgroup-async-transaction-commit-mo.patch119
-rw-r--r--patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch10
-rw-r--r--series.conf49
52 files changed, 4314 insertions, 5 deletions
diff --git a/blacklist.conf b/blacklist.conf
index 8e06f7586d..a2bbbd7b48 100644
--- a/blacklist.conf
+++ b/blacklist.conf
@@ -954,3 +954,4 @@ b1ab5fa309e6c49e4e06270ec67dd7b3e9971d04 # Just a cleanup
4ea899ead2786a30aaa8181fefa81a3df4ad28f6 # Not applicable to SLE15
967d1dc144b50ad005e5eecdfadfbcfb399ffff6 # Just a cleanup
0a42e99b58a208839626465af194cfe640ef9493 # Just a cleanup
+9b3fa47d4a76b1d606a396455f9bbeee083ef008 # Fixes code not present in SLE15
diff --git a/patches.drivers/cw1200-Fix-concurrency-use-after-free-bugs-in-cw1200.patch b/patches.drivers/cw1200-Fix-concurrency-use-after-free-bugs-in-cw1200.patch
new file mode 100644
index 0000000000..cda3805ec6
--- /dev/null
+++ b/patches.drivers/cw1200-Fix-concurrency-use-after-free-bugs-in-cw1200.patch
@@ -0,0 +1,83 @@
+From 4f68ef64cd7feb1220232bd8f501d8aad340a099 Mon Sep 17 00:00:00 2001
+From: Jia-Ju Bai <baijiaju1990@gmail.com>
+Date: Fri, 14 Dec 2018 11:55:21 +0800
+Subject: [PATCH] cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
+Git-commit: 4f68ef64cd7feb1220232bd8f501d8aad340a099
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+The function cw1200_bss_info_changed() and cw1200_hw_scan() can be
+concurrently executed.
+The two functions both access a possible shared variable "frame.skb".
+
+This shared variable is freed by dev_kfree_skb() in cw1200_upload_beacon(),
+which is called by cw1200_bss_info_changed(). The free operation is
+protected by a mutex lock "priv->conf_mutex" in cw1200_bss_info_changed().
+
+In cw1200_hw_scan(), this shared variable is accessed without the
+protection of the mutex lock "priv->conf_mutex".
+Thus, concurrency use-after-free bugs may occur.
+
+To fix these bugs, the original calls to mutex_lock(&priv->conf_mutex) and
+mutex_unlock(&priv->conf_mutex) are moved to the places, which can
+protect the accesses to the shared variable.
+
+Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/net/wireless/st/cw1200/scan.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/net/wireless/st/cw1200/scan.c b/drivers/net/wireless/st/cw1200/scan.c
+index 67213f11acbd..0a9eac93dd01 100644
+--- a/drivers/net/wireless/st/cw1200/scan.c
++++ b/drivers/net/wireless/st/cw1200/scan.c
+@@ -78,6 +78,10 @@ int cw1200_hw_scan(struct ieee80211_hw *hw,
+ if (req->n_ssids > WSM_SCAN_MAX_NUM_OF_SSIDS)
+ return -EINVAL;
+
++ /* will be unlocked in cw1200_scan_work() */
++ down(&priv->scan.lock);
++ mutex_lock(&priv->conf_mutex);
++
+ frame.skb = ieee80211_probereq_get(hw, priv->vif->addr, NULL, 0,
+ req->ie_len);
+ if (!frame.skb)
+@@ -86,19 +90,15 @@ int cw1200_hw_scan(struct ieee80211_hw *hw,
+ if (req->ie_len)
+ skb_put_data(frame.skb, req->ie, req->ie_len);
+
+- /* will be unlocked in cw1200_scan_work() */
+- down(&priv->scan.lock);
+- mutex_lock(&priv->conf_mutex);
+-
+ ret = wsm_set_template_frame(priv, &frame);
+ if (!ret) {
+ /* Host want to be the probe responder. */
+ ret = wsm_set_probe_responder(priv, true);
+ }
+ if (ret) {
++ dev_kfree_skb(frame.skb);
+ mutex_unlock(&priv->conf_mutex);
+ up(&priv->scan.lock);
+- dev_kfree_skb(frame.skb);
+ return ret;
+ }
+
+@@ -120,10 +120,9 @@ int cw1200_hw_scan(struct ieee80211_hw *hw,
+ ++priv->scan.n_ssids;
+ }
+
+- mutex_unlock(&priv->conf_mutex);
+-
+ if (frame.skb)
+ dev_kfree_skb(frame.skb);
++ mutex_unlock(&priv->conf_mutex);
+ queue_work(priv->workqueue, &priv->scan.work);
+ return 0;
+ }
+--
+2.16.4
+
diff --git a/patches.drivers/dmaengine-stm32-dma-fix-incomplete-configuration-in-.patch b/patches.drivers/dmaengine-stm32-dma-fix-incomplete-configuration-in-.patch
new file mode 100644
index 0000000000..aab949d959
--- /dev/null
+++ b/patches.drivers/dmaengine-stm32-dma-fix-incomplete-configuration-in-.patch
@@ -0,0 +1,57 @@
+From e57cb3b3f10d005410f09d4598cc6d62b833f2b0 Mon Sep 17 00:00:00 2001
+From: Pierre Yves MORDRET <pierre-yves.mordret@st.com>
+Date: Tue, 13 Mar 2018 17:42:06 +0100
+Subject: [PATCH] dmaengine: stm32-dma: fix incomplete configuration in cyclic mode
+Git-commit: e57cb3b3f10d005410f09d4598cc6d62b833f2b0
+Patch-mainline: v4.17-rc1
+References: bsc#1051510
+
+When in cyclic mode, the configuration is updated after having started the
+DMA hardware (STM32_DMA_SCR_EN) leading to incomplete configuration of
+SMxAR registers.
+
+Signed-off-by: Pierre-Yves MORDRET <pierre-yves.mordret@st.com>
+Signed-off-by: Hugues Fruchet <hugues.fruchet@st.com>
+Signed-off-by: Vinod Koul <vinod.koul@intel.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/dma/stm32-dma.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/dma/stm32-dma.c b/drivers/dma/stm32-dma.c
+index 4099948b6914..fae7de54f00a 100644
+--- a/drivers/dma/stm32-dma.c
++++ b/drivers/dma/stm32-dma.c
+@@ -441,6 +441,8 @@ static void stm32_dma_dump_reg(struct stm32_dma_chan *chan)
+ dev_dbg(chan2dev(chan), "SFCR: 0x%08x\n", sfcr);
+ }
+
++static void stm32_dma_configure_next_sg(struct stm32_dma_chan *chan);
++
+ static void stm32_dma_start_transfer(struct stm32_dma_chan *chan)
+ {
+ struct stm32_dma_device *dmadev = stm32_dma_get_dev(chan);
+@@ -483,6 +485,9 @@ static void stm32_dma_start_transfer(struct stm32_dma_chan *chan)
+ if (status)
+ stm32_dma_irq_clear(chan, status);
+
++ if (chan->desc->cyclic)
++ stm32_dma_configure_next_sg(chan);
++
+ stm32_dma_dump_reg(chan);
+
+ /* Start DMA */
+@@ -576,8 +581,7 @@ static void stm32_dma_issue_pending(struct dma_chan *c)
+ if (vchan_issue_pending(&chan->vchan) && !chan->desc && !chan->busy) {
+ dev_dbg(chan2dev(chan), "vchan %p: issued\n", &chan->vchan);
+ stm32_dma_start_transfer(chan);
+- if (chan->desc->cyclic)
+- stm32_dma_configure_next_sg(chan);
++
+ }
+ spin_unlock_irqrestore(&chan->vchan.lock, flags);
+ }
+--
+2.16.4
+
diff --git a/patches.drivers/hwmon-lm80-Fix-missing-unlock-on-error-in-set_fan_di.patch b/patches.drivers/hwmon-lm80-Fix-missing-unlock-on-error-in-set_fan_di.patch
new file mode 100644
index 0000000000..0bccce65f8
--- /dev/null
+++ b/patches.drivers/hwmon-lm80-Fix-missing-unlock-on-error-in-set_fan_di.patch
@@ -0,0 +1,39 @@
+From 07bd14ccc3049f9c0147a91a4227a571f981601a Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Wed, 26 Dec 2018 11:28:24 +0000
+Subject: [PATCH] hwmon: (lm80) Fix missing unlock on error in set_fan_div()
+Git-commit: 07bd14ccc3049f9c0147a91a4227a571f981601a
+Patch-mainline: v5.0-rc3
+References: bsc#1051510
+
+Add the missing unlock before return from function set_fan_div()
+in the error handling case.
+
+Fixes: c9c63915519b ("hwmon: (lm80) fix a missing check of the status of SMBus read")
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/hwmon/lm80.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/hwmon/lm80.c b/drivers/hwmon/lm80.c
+index 0e30fa00204c..f9b8e3e23a8e 100644
+--- a/drivers/hwmon/lm80.c
++++ b/drivers/hwmon/lm80.c
+@@ -393,8 +393,10 @@ static ssize_t set_fan_div(struct device *dev, struct device_attribute *attr,
+ }
+
+ rv = lm80_read_value(client, LM80_REG_FANDIV);
+- if (rv < 0)
++ if (rv < 0) {
++ mutex_unlock(&data->update_lock);
+ return rv;
++ }
+ reg = (rv & ~(3 << (2 * (nr + 1))))
+ | (data->fan_div[nr] << (2 * (nr + 1)));
+ lm80_write_value(client, LM80_REG_FANDIV, reg);
+--
+2.16.4
+
diff --git a/patches.drivers/hwmon-lm80-fix-a-missing-check-of-bus-read-in-lm80-p.patch b/patches.drivers/hwmon-lm80-fix-a-missing-check-of-bus-read-in-lm80-p.patch
new file mode 100644
index 0000000000..30ac8fc199
--- /dev/null
+++ b/patches.drivers/hwmon-lm80-fix-a-missing-check-of-bus-read-in-lm80-p.patch
@@ -0,0 +1,55 @@
+From 9aa3aa15f4c2f74f47afd6c5db4b420fadf3f315 Mon Sep 17 00:00:00 2001
+From: Kangjie Lu <kjlu@umn.edu>
+Date: Fri, 21 Dec 2018 13:10:39 -0600
+Subject: [PATCH] hwmon: (lm80) fix a missing check of bus read in lm80 probe
+Git-commit: 9aa3aa15f4c2f74f47afd6c5db4b420fadf3f315
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+In lm80_probe(), if lm80_read_value() fails, it returns a negative
+error number which is stored to data->fan[f_min] and will be further
+used. We should avoid using the data if the read fails.
+
+The fix checks if lm80_read_value() fails, and if so, returns with the
+error number.
+
+Signed-off-by: Kangjie Lu <kjlu@umn.edu>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/hwmon/lm80.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/hwmon/lm80.c b/drivers/hwmon/lm80.c
+index 04f9df0d2341..0e30fa00204c 100644
+--- a/drivers/hwmon/lm80.c
++++ b/drivers/hwmon/lm80.c
+@@ -628,6 +628,7 @@ static int lm80_probe(struct i2c_client *client,
+ struct device *dev = &client->dev;
+ struct device *hwmon_dev;
+ struct lm80_data *data;
++ int rv;
+
+ data = devm_kzalloc(dev, sizeof(struct lm80_data), GFP_KERNEL);
+ if (!data)
+@@ -640,8 +641,14 @@ static int lm80_probe(struct i2c_client *client,
+ lm80_init_client(client);
+
+ /* A few vars need to be filled upon startup */
+- data->fan[f_min][0] = lm80_read_value(client, LM80_REG_FAN_MIN(1));
+- data->fan[f_min][1] = lm80_read_value(client, LM80_REG_FAN_MIN(2));
++ rv = lm80_read_value(client, LM80_REG_FAN_MIN(1));
++ if (rv < 0)
++ return rv;
++ data->fan[f_min][0] = rv;
++ rv = lm80_read_value(client, LM80_REG_FAN_MIN(2));
++ if (rv < 0)
++ return rv;
++ data->fan[f_min][1] = rv;
+
+ hwmon_dev = devm_hwmon_device_register_with_groups(dev, client->name,
+ data, lm80_groups);
+--
+2.16.4
+
diff --git a/patches.drivers/hwmon-lm80-fix-a-missing-check-of-the-status-of-SMBu.patch b/patches.drivers/hwmon-lm80-fix-a-missing-check-of-the-status-of-SMBu.patch
new file mode 100644
index 0000000000..73cc3da3ec
--- /dev/null
+++ b/patches.drivers/hwmon-lm80-fix-a-missing-check-of-the-status-of-SMBu.patch
@@ -0,0 +1,60 @@
+From c9c63915519b1def7043b184680f33c24cd49d7b Mon Sep 17 00:00:00 2001
+From: Kangjie Lu <kjlu@umn.edu>
+Date: Fri, 21 Dec 2018 13:01:33 -0600
+Subject: [PATCH] hwmon: (lm80) fix a missing check of the status of SMBus read
+Git-commit: c9c63915519b1def7043b184680f33c24cd49d7b
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+If lm80_read_value() fails, it returns a negative number instead of the
+correct read data. Therefore, we should avoid using the data if it
+fails.
+
+The fix checks if lm80_read_value() fails, and if so, returns with the
+error number.
+
+Signed-off-by: Kangjie Lu <kjlu@umn.edu>
+[groeck: One variable for return values is enough]
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/hwmon/lm80.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/hwmon/lm80.c b/drivers/hwmon/lm80.c
+index 08e3945a6fbf..04f9df0d2341 100644
+--- a/drivers/hwmon/lm80.c
++++ b/drivers/hwmon/lm80.c
+@@ -360,9 +360,11 @@ static ssize_t set_fan_div(struct device *dev, struct device_attribute *attr,
+ struct i2c_client *client = data->client;
+ unsigned long min, val;
+ u8 reg;
+- int err = kstrtoul(buf, 10, &val);
+- if (err < 0)
+- return err;
++ int rv;
++
++ rv = kstrtoul(buf, 10, &val);
++ if (rv < 0)
++ return rv;
+
+ /* Save fan_min */
+ mutex_lock(&data->update_lock);
+@@ -390,8 +392,11 @@ static ssize_t set_fan_div(struct device *dev, struct device_attribute *attr,
+ return -EINVAL;
+ }
+
+- reg = (lm80_read_value(client, LM80_REG_FANDIV) &
+- ~(3 << (2 * (nr + 1)))) | (data->fan_div[nr] << (2 * (nr + 1)));
++ rv = lm80_read_value(client, LM80_REG_FANDIV);
++ if (rv < 0)
++ return rv;
++ reg = (rv & ~(3 << (2 * (nr + 1))))
++ | (data->fan_div[nr] << (2 * (nr + 1)));
+ lm80_write_value(client, LM80_REG_FANDIV, reg);
+
+ /* Restore fan_min */
+--
+2.16.4
+
diff --git a/patches.drivers/pinctrl-meson-fix-pull-enable-register-calculation.patch b/patches.drivers/pinctrl-meson-fix-pull-enable-register-calculation.patch
new file mode 100644
index 0000000000..84d63fdd44
--- /dev/null
+++ b/patches.drivers/pinctrl-meson-fix-pull-enable-register-calculation.patch
@@ -0,0 +1,44 @@
+From 614b1868a125a0ba24be08f3a7fa832ddcde6bca Mon Sep 17 00:00:00 2001
+From: Jerome Brunet <jbrunet@baylibre.com>
+Date: Tue, 13 Nov 2018 11:55:36 +0100
+Subject: [PATCH] pinctrl: meson: fix pull enable register calculation
+Git-commit: 614b1868a125a0ba24be08f3a7fa832ddcde6bca
+Patch-mainline: v4.20-rc7
+References: bsc#1051510
+
+We just changed the code so we apply bias disable on the correct
+register but forgot to align the register calculation. The result
+is that we apply the change on the correct register, but possibly
+at the incorrect offset/bit
+
+This went undetected because offsets tends to be the same between
+REG_PULL and REG_PULLEN for a given pin the EE controller. This
+is not true for the AO controller.
+
+Fixes: e39f9dd8206a ("pinctrl: meson: fix pinconf bias disable")
+Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
+Acked-by: Neil Armstrong <narmstrong@baylibre.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/pinctrl/meson/pinctrl-meson.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/pinctrl/meson/pinctrl-meson.c b/drivers/pinctrl/meson/pinctrl-meson.c
+index 53d449076dee..ea87d739f534 100644
+--- a/drivers/pinctrl/meson/pinctrl-meson.c
++++ b/drivers/pinctrl/meson/pinctrl-meson.c
+@@ -191,7 +191,8 @@ static int meson_pinconf_set(struct pinctrl_dev *pcdev, unsigned int pin,
+ case PIN_CONFIG_BIAS_DISABLE:
+ dev_dbg(pc->dev, "pin %u: disable bias\n", pin);
+
+- meson_calc_reg_and_bit(bank, pin, REG_PULL, &reg, &bit);
++ meson_calc_reg_and_bit(bank, pin, REG_PULLEN, &reg,
++ &bit);
+ ret = regmap_update_bits(pc->reg_pullen, reg,
+ BIT(bit), 0);
+ if (ret)
+--
+2.16.4
+
diff --git a/patches.drivers/pinctrl-meson-meson8-fix-the-GPIO-function-for-the-G.patch b/patches.drivers/pinctrl-meson-meson8-fix-the-GPIO-function-for-the-G.patch
new file mode 100644
index 0000000000..7a30d4f9b4
--- /dev/null
+++ b/patches.drivers/pinctrl-meson-meson8-fix-the-GPIO-function-for-the-G.patch
@@ -0,0 +1,51 @@
+From 42f9b48cc5402be11d2364275eb18c257d2a79e8 Mon Sep 17 00:00:00 2001
+From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Date: Sun, 9 Dec 2018 20:50:50 +0100
+Subject: [PATCH] pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins
+Git-commit: 42f9b48cc5402be11d2364275eb18c257d2a79e8
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+The GPIOAO pins (as well as the two exotic GPIO_BSD_EN and GPIO_TEST_N)
+only belong to the pin controller in the AO domain. With the current
+definition these pins cannot be referred to in .dts files as group
+(which is possible on GXBB and GXL for example).
+
+Add a separate "gpio_aobus" function to fix the mapping between the pin
+controller and the GPIO pins in the AO domain. This is similar to how
+the GXBB and GXL drivers implement this functionality.
+
+Fixes: 9dab1868ec0db4 ("pinctrl: amlogic: Make driver independent from two-domain configuration")
+Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/pinctrl/meson/pinctrl-meson8.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/pinctrl/meson/pinctrl-meson8.c b/drivers/pinctrl/meson/pinctrl-meson8.c
+index c6d79315218f..8863841d0dba 100644
+--- a/drivers/pinctrl/meson/pinctrl-meson8.c
++++ b/drivers/pinctrl/meson/pinctrl-meson8.c
+@@ -807,7 +807,9 @@ static const char * const gpio_groups[] = {
+ "BOOT_5", "BOOT_6", "BOOT_7", "BOOT_8", "BOOT_9",
+ "BOOT_10", "BOOT_11", "BOOT_12", "BOOT_13", "BOOT_14",
+ "BOOT_15", "BOOT_16", "BOOT_17", "BOOT_18",
++};
+
++static const char * const gpio_aobus_groups[] = {
+ "GPIOAO_0", "GPIOAO_1", "GPIOAO_2", "GPIOAO_3",
+ "GPIOAO_4", "GPIOAO_5", "GPIOAO_6", "GPIOAO_7",
+ "GPIOAO_8", "GPIOAO_9", "GPIOAO_10", "GPIOAO_11",
+@@ -1030,6 +1032,7 @@ static struct meson_pmx_func meson8_cbus_functions[] = {
+ };
+
+ static struct meson_pmx_func meson8_aobus_functions[] = {
++ FUNCTION(gpio_aobus),
+ FUNCTION(uart_ao),
+ FUNCTION(remote),
+ FUNCTION(i2c_slave_ao),
+--
+2.16.4
+
diff --git a/patches.drivers/pinctrl-meson-meson8b-fix-the-GPIO-function-for-the-.patch b/patches.drivers/pinctrl-meson-meson8b-fix-the-GPIO-function-for-the-.patch
new file mode 100644
index 0000000000..cd460397e8
--- /dev/null
+++ b/patches.drivers/pinctrl-meson-meson8b-fix-the-GPIO-function-for-the-.patch
@@ -0,0 +1,65 @@
+From 2b745ac3cceb8fc1d9985990c8241a821ea97e53 Mon Sep 17 00:00:00 2001
+From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Date: Sun, 9 Dec 2018 20:50:51 +0100
+Subject: [PATCH] pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins
+Git-commit: 2b745ac3cceb8fc1d9985990c8241a821ea97e53
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+The GPIOAO pins (as well as the two exotic GPIO_BSD_EN and GPIO_TEST_N)
+only belong to the pin controller in the AO domain. With the current
+definition these pins cannot be referred to in .dts files as group
+(which is possible on GXBB and GXL for example).
+
+Add a separate "gpio_aobus" function to fix the mapping between the pin
+controller and the GPIO pins in the AO domain. This is similar to how
+the GXBB and GXL drivers implement this functionality.
+
+Fixes: 9dab1868ec0db4 ("pinctrl: amlogic: Make driver independent from two-domain configuration")
+Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/pinctrl/meson/pinctrl-meson8b.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/pinctrl/meson/pinctrl-meson8b.c b/drivers/pinctrl/meson/pinctrl-meson8b.c
+index bb2a30964fc6..27ddedf47115 100644
+--- a/drivers/pinctrl/meson/pinctrl-meson8b.c
++++ b/drivers/pinctrl/meson/pinctrl-meson8b.c
+@@ -646,16 +646,18 @@ static const char * const gpio_groups[] = {
+ "BOOT_10", "BOOT_11", "BOOT_12", "BOOT_13", "BOOT_14",
+ "BOOT_15", "BOOT_16", "BOOT_17", "BOOT_18",
+
+- "GPIOAO_0", "GPIOAO_1", "GPIOAO_2", "GPIOAO_3",
+- "GPIOAO_4", "GPIOAO_5", "GPIOAO_6", "GPIOAO_7",
+- "GPIOAO_8", "GPIOAO_9", "GPIOAO_10", "GPIOAO_11",
+- "GPIOAO_12", "GPIOAO_13", "GPIO_BSD_EN", "GPIO_TEST_N",
+-
+ "DIF_0_P", "DIF_0_N", "DIF_1_P", "DIF_1_N",
+ "DIF_2_P", "DIF_2_N", "DIF_3_P", "DIF_3_N",
+ "DIF_4_P", "DIF_4_N"
+ };
+
++static const char * const gpio_aobus_groups[] = {
++ "GPIOAO_0", "GPIOAO_1", "GPIOAO_2", "GPIOAO_3",
++ "GPIOAO_4", "GPIOAO_5", "GPIOAO_6", "GPIOAO_7",
++ "GPIOAO_8", "GPIOAO_9", "GPIOAO_10", "GPIOAO_11",
++ "GPIOAO_12", "GPIOAO_13", "GPIO_BSD_EN", "GPIO_TEST_N"
++};
++
+ static const char * const sd_a_groups[] = {
+ "sd_d0_a", "sd_d1_a", "sd_d2_a", "sd_d3_a", "sd_clk_a",
+ "sd_cmd_a"
+@@ -871,6 +873,7 @@ static struct meson_pmx_func meson8b_cbus_functions[] = {
+ };
+
+ static struct meson_pmx_func meson8b_aobus_functions[] = {
++ FUNCTION(gpio_aobus),
+ FUNCTION(uart_ao),
+ FUNCTION(uart_ao_b),
+ FUNCTION(i2c_slave_ao),
+--
+2.16.4
+
diff --git a/patches.drivers/pinctrl-sunxi-a64-Rename-function-csi0-to-csi.patch b/patches.drivers/pinctrl-sunxi-a64-Rename-function-csi0-to-csi.patch
new file mode 100644
index 0000000000..80cf283400
--- /dev/null
+++ b/patches.drivers/pinctrl-sunxi-a64-Rename-function-csi0-to-csi.patch
@@ -0,0 +1,116 @@
+From 3504caa17b596c8ec62d923b2ed7d4a19d56d816 Mon Sep 17 00:00:00 2001
+From: Chen-Yu Tsai <wens@csie.org>
+Date: Mon, 3 Dec 2018 23:40:59 +0800
+Subject: [PATCH] pinctrl: sunxi: a64: Rename function csi0 to csi
+Git-commit: 3504caa17b596c8ec62d923b2ed7d4a19d56d816
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+The A64 only has one CSI (camera sensor interface) controller. The
+datasheet also lists the function as CSI_XXX instead of CSI0_XXX.
+
+Rename the function names now before any there are any users.
+
+Fixes: 96851d391d02 ("drivers: pinctrl: add driver for Allwinner A64 SoC")
+Signed-off-by: Chen-Yu Tsai <wens@csie.org>
+Acked-by: Maxime Ripard <maxime.ripard@bootlin.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/pinctrl/sunxi/pinctrl-sun50i-a64.c | 28 ++++++++++++++--------------
+ 1 file changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/drivers/pinctrl/sunxi/pinctrl-sun50i-a64.c b/drivers/pinctrl/sunxi/pinctrl-sun50i-a64.c
+index f5f77432ce6f..8b974b2a2486 100644
+--- a/drivers/pinctrl/sunxi/pinctrl-sun50i-a64.c
++++ b/drivers/pinctrl/sunxi/pinctrl-sun50i-a64.c
+@@ -323,71 +323,71 @@ static const struct sunxi_desc_pin a64_pins[] = {
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 0),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0"), /* PCK */
++ SUNXI_FUNCTION(0x2, "csi"), /* PCK */
+ SUNXI_FUNCTION(0x4, "ts0")), /* CLK */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 1),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0"), /* CK */
++ SUNXI_FUNCTION(0x2, "csi"), /* CK */
+ SUNXI_FUNCTION(0x4, "ts0")), /* ERR */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 2),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0"), /* HSYNC */
++ SUNXI_FUNCTION(0x2, "csi"), /* HSYNC */
+ SUNXI_FUNCTION(0x4, "ts0")), /* SYNC */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 3),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0"), /* VSYNC */
++ SUNXI_FUNCTION(0x2, "csi"), /* VSYNC */
+ SUNXI_FUNCTION(0x4, "ts0")), /* DVLD */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 4),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0"), /* D0 */
++ SUNXI_FUNCTION(0x2, "csi"), /* D0 */
+ SUNXI_FUNCTION(0x4, "ts0")), /* D0 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 5),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0"), /* D1 */
++ SUNXI_FUNCTION(0x2, "csi"), /* D1 */
+ SUNXI_FUNCTION(0x4, "ts0")), /* D1 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 6),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0"), /* D2 */
++ SUNXI_FUNCTION(0x2, "csi"), /* D2 */
+ SUNXI_FUNCTION(0x4, "ts0")), /* D2 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 7),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0"), /* D3 */
++ SUNXI_FUNCTION(0x2, "csi"), /* D3 */
+ SUNXI_FUNCTION(0x4, "ts0")), /* D3 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 8),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0"), /* D4 */
++ SUNXI_FUNCTION(0x2, "csi"), /* D4 */
+ SUNXI_FUNCTION(0x4, "ts0")), /* D4 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 9),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0"), /* D5 */
++ SUNXI_FUNCTION(0x2, "csi"), /* D5 */
+ SUNXI_FUNCTION(0x4, "ts0")), /* D5 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 10),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0"), /* D6 */
++ SUNXI_FUNCTION(0x2, "csi"), /* D6 */
+ SUNXI_FUNCTION(0x4, "ts0")), /* D6 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 11),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0"), /* D7 */
++ SUNXI_FUNCTION(0x2, "csi"), /* D7 */
+ SUNXI_FUNCTION(0x4, "ts0")), /* D7 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 12),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0")), /* SCK */
++ SUNXI_FUNCTION(0x2, "csi")), /* SCK */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 13),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION(0x2, "csi0")), /* SDA */
++ SUNXI_FUNCTION(0x2, "csi")), /* SDA */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 14),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+--
+2.16.4
+
diff --git a/patches.drivers/pinctrl-sunxi-a64-Rename-function-ts0-to-ts.patch b/patches.drivers/pinctrl-sunxi-a64-Rename-function-ts0-to-ts.patch
new file mode 100644
index 0000000000..ac9d32effa
--- /dev/null
+++ b/patches.drivers/pinctrl-sunxi-a64-Rename-function-ts0-to-ts.patch
@@ -0,0 +1,105 @@
+From 4f45f45b081eb37b9f8b627cc14cff67838968ab Mon Sep 17 00:00:00 2001
+From: Chen-Yu Tsai <wens@csie.org>
+Date: Mon, 3 Dec 2018 23:41:00 +0800
+Subject: [PATCH] pinctrl: sunxi: a64: Rename function ts0 to ts
+Git-commit: 4f45f45b081eb37b9f8b627cc14cff67838968ab
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+The A64 only has one TS (transport stream) controller. The datasheet
+also lists the function as TS_XXX instead of TS0_XXX.
+
+Rename the function names now before any there are any users.
+
+Fixes: 96851d391d02 ("drivers: pinctrl: add driver for Allwinner A64 SoC")
+Signed-off-by: Chen-Yu Tsai <wens@csie.org>
+Acked-by: Maxime Ripard <maxime.ripard@bootlin.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/pinctrl/sunxi/pinctrl-sun50i-a64.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/drivers/pinctrl/sunxi/pinctrl-sun50i-a64.c b/drivers/pinctrl/sunxi/pinctrl-sun50i-a64.c
+index 8b974b2a2486..7b83d3755a0e 100644
+--- a/drivers/pinctrl/sunxi/pinctrl-sun50i-a64.c
++++ b/drivers/pinctrl/sunxi/pinctrl-sun50i-a64.c
+@@ -324,62 +324,62 @@ static const struct sunxi_desc_pin a64_pins[] = {
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+ SUNXI_FUNCTION(0x2, "csi"), /* PCK */
+- SUNXI_FUNCTION(0x4, "ts0")), /* CLK */
++ SUNXI_FUNCTION(0x4, "ts")), /* CLK */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 1),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+ SUNXI_FUNCTION(0x2, "csi"), /* CK */
+- SUNXI_FUNCTION(0x4, "ts0")), /* ERR */
++ SUNXI_FUNCTION(0x4, "ts")), /* ERR */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 2),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+ SUNXI_FUNCTION(0x2, "csi"), /* HSYNC */
+- SUNXI_FUNCTION(0x4, "ts0")), /* SYNC */
++ SUNXI_FUNCTION(0x4, "ts")), /* SYNC */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 3),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+ SUNXI_FUNCTION(0x2, "csi"), /* VSYNC */
+- SUNXI_FUNCTION(0x4, "ts0")), /* DVLD */
++ SUNXI_FUNCTION(0x4, "ts")), /* DVLD */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 4),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+ SUNXI_FUNCTION(0x2, "csi"), /* D0 */
+- SUNXI_FUNCTION(0x4, "ts0")), /* D0 */
++ SUNXI_FUNCTION(0x4, "ts")), /* D0 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 5),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+ SUNXI_FUNCTION(0x2, "csi"), /* D1 */
+- SUNXI_FUNCTION(0x4, "ts0")), /* D1 */
++ SUNXI_FUNCTION(0x4, "ts")), /* D1 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 6),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+ SUNXI_FUNCTION(0x2, "csi"), /* D2 */
+- SUNXI_FUNCTION(0x4, "ts0")), /* D2 */
++ SUNXI_FUNCTION(0x4, "ts")), /* D2 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 7),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+ SUNXI_FUNCTION(0x2, "csi"), /* D3 */
+- SUNXI_FUNCTION(0x4, "ts0")), /* D3 */
++ SUNXI_FUNCTION(0x4, "ts")), /* D3 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 8),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+ SUNXI_FUNCTION(0x2, "csi"), /* D4 */
+- SUNXI_FUNCTION(0x4, "ts0")), /* D4 */
++ SUNXI_FUNCTION(0x4, "ts")), /* D4 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 9),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+ SUNXI_FUNCTION(0x2, "csi"), /* D5 */
+- SUNXI_FUNCTION(0x4, "ts0")), /* D5 */
++ SUNXI_FUNCTION(0x4, "ts")), /* D5 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 10),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+ SUNXI_FUNCTION(0x2, "csi"), /* D6 */
+- SUNXI_FUNCTION(0x4, "ts0")), /* D6 */
++ SUNXI_FUNCTION(0x4, "ts")), /* D6 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 11),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+ SUNXI_FUNCTION(0x2, "csi"), /* D7 */
+- SUNXI_FUNCTION(0x4, "ts0")), /* D7 */
++ SUNXI_FUNCTION(0x4, "ts")), /* D7 */
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(E, 12),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+--
+2.16.4
+
diff --git a/patches.drivers/pinctrl-sunxi-a83t-Fix-IRQ-offset-typo-for-PH11.patch b/patches.drivers/pinctrl-sunxi-a83t-Fix-IRQ-offset-typo-for-PH11.patch
new file mode 100644
index 0000000000..279c7ecde0
--- /dev/null
+++ b/patches.drivers/pinctrl-sunxi-a83t-Fix-IRQ-offset-typo-for-PH11.patch
@@ -0,0 +1,41 @@
+From 478b6767ad26ab86d9ecc341027dd09a87b1f997 Mon Sep 17 00:00:00 2001
+From: Chen-Yu Tsai <wens@csie.org>
+Date: Tue, 4 Dec 2018 17:04:57 +0800
+Subject: [PATCH] pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
+Git-commit: 478b6767ad26ab86d9ecc341027dd09a87b1f997
+Patch-mainline: v4.20-rc7
+References: bsc#1051510
+
+Pin PH11 is used on various A83T board to detect a change in the OTG
+port's ID pin, as in when an OTG host cable is plugged in.
+
+The incorrect offset meant the gpiochip/irqchip was activating the wrong
+pin for interrupts.
+
+Fixes: 4730f33f0d82 ("pinctrl: sunxi: add allwinner A83T PIO controller support")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Chen-Yu Tsai <wens@csie.org>
+Acked-by: Maxime Ripard <maxime.ripard@bootlin.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/pinctrl/sunxi/pinctrl-sun8i-a83t.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/pinctrl/sunxi/pinctrl-sun8i-a83t.c b/drivers/pinctrl/sunxi/pinctrl-sun8i-a83t.c
+index 6624499eae72..4ada80317a3b 100644
+--- a/drivers/pinctrl/sunxi/pinctrl-sun8i-a83t.c
++++ b/drivers/pinctrl/sunxi/pinctrl-sun8i-a83t.c
+@@ -568,7 +568,7 @@ static const struct sunxi_desc_pin sun8i_a83t_pins[] = {
+ SUNXI_PIN(SUNXI_PINCTRL_PIN(H, 11),
+ SUNXI_FUNCTION(0x0, "gpio_in"),
+ SUNXI_FUNCTION(0x1, "gpio_out"),
+- SUNXI_FUNCTION_IRQ_BANK(0x6, 2, 1)), /* PH_EINT11 */
++ SUNXI_FUNCTION_IRQ_BANK(0x6, 2, 11)), /* PH_EINT11 */
+ };
+
+ static const struct sunxi_pinctrl_desc sun8i_a83t_pinctrl_data = {
+--
+2.16.4
+
diff --git a/patches.drivers/pinctrl-sx150x-handle-failure-case-of-devm_kstrdup.patch b/patches.drivers/pinctrl-sx150x-handle-failure-case-of-devm_kstrdup.patch
new file mode 100644
index 0000000000..0c5638c045
--- /dev/null
+++ b/patches.drivers/pinctrl-sx150x-handle-failure-case-of-devm_kstrdup.patch
@@ -0,0 +1,66 @@
+From a9d9f6b83f1bb05da849b3540e6d1f70ef1c2343 Mon Sep 17 00:00:00 2001
+From: Nicholas Mc Guire <hofrat@osadl.org>
+Date: Sun, 2 Dec 2018 11:04:17 +0100
+Subject: [PATCH] pinctrl: sx150x: handle failure case of devm_kstrdup
+Git-commit: a9d9f6b83f1bb05da849b3540e6d1f70ef1c2343
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+devm_kstrdup() may return NULL if internal allocation failed.
+Thus using label, name is unsafe without checking. Therefor
+in the unlikely case of allocation failure, sx150x_probe() simply
+returns -ENOMEM.
+
+Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
+Fixes: 9e80f9064e73 ("pinctrl: Add SX150X GPIO Extender Pinctrl Driver")
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/pinctrl/pinctrl-sx150x.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/pinctrl/pinctrl-sx150x.c b/drivers/pinctrl/pinctrl-sx150x.c
+index cbf58a10113d..4d87d75b9c6e 100644
+--- a/drivers/pinctrl/pinctrl-sx150x.c
++++ b/drivers/pinctrl/pinctrl-sx150x.c
+@@ -1166,7 +1166,6 @@ static int sx150x_probe(struct i2c_client *client,
+ }
+
+ /* Register GPIO controller */
+- pctl->gpio.label = devm_kstrdup(dev, client->name, GFP_KERNEL);
+ pctl->gpio.base = -1;
+ pctl->gpio.ngpio = pctl->data->npins;
+ pctl->gpio.get_direction = sx150x_gpio_get_direction;
+@@ -1180,6 +1179,10 @@ static int sx150x_probe(struct i2c_client *client,
+ pctl->gpio.of_node = dev->of_node;
+ #endif
+ pctl->gpio.can_sleep = true;
++ pctl->gpio.label = devm_kstrdup(dev, client->name, GFP_KERNEL);
++ if (!pctl->gpio.label)
++ return -ENOMEM;
++
+ /*
+ * Setting multiple pins is not safe when all pins are not
+ * handled by the same regmap register. The oscio pin (present
+@@ -1200,13 +1203,15 @@ static int sx150x_probe(struct i2c_client *client,
+
+ /* Add Interrupt support if an irq is specified */
+ if (client->irq > 0) {
+- pctl->irq_chip.name = devm_kstrdup(dev, client->name,
+- GFP_KERNEL);
+ pctl->irq_chip.irq_mask = sx150x_irq_mask;
+ pctl->irq_chip.irq_unmask = sx150x_irq_unmask;
+ pctl->irq_chip.irq_set_type = sx150x_irq_set_type;
+ pctl->irq_chip.irq_bus_lock = sx150x_irq_bus_lock;
+ pctl->irq_chip.irq_bus_sync_unlock = sx150x_irq_bus_sync_unlock;
++ pctl->irq_chip.name = devm_kstrdup(dev, client->name,
++ GFP_KERNEL);
++ if (!pctl->irq_chip.name)
++ return -ENOMEM;
+
+ pctl->irq.masked = ~0;
+ pctl->irq.sense = 0;
+--
+2.16.4
+
diff --git a/patches.fixes/earlycon-Initialize-port-uartclk-based-on-clock-freq.patch b/patches.fixes/earlycon-Initialize-port-uartclk-based-on-clock-freq.patch
new file mode 100644
index 0000000000..edb6d08dba
--- /dev/null
+++ b/patches.fixes/earlycon-Initialize-port-uartclk-based-on-clock-freq.patch
@@ -0,0 +1,37 @@
+From 814453adea7d081ad8917aa0f32d6a14165a3563 Mon Sep 17 00:00:00 2001
+From: Michal Simek <michal.simek@xilinx.com>
+Date: Tue, 10 Apr 2018 15:32:28 +0200
+Subject: [PATCH] earlycon: Initialize port->uartclk based on clock-frequency property
+Git-commit: 814453adea7d081ad8917aa0f32d6a14165a3563
+Patch-mainline: v4.18-rc1
+References: bsc#1051510
+
+On DT based platforms when current-speed property is present baudrate
+is setup. Also port->uartclk is initialized to bogus BASE_BAUD * 16
+value. Drivers like uartps/ns16550 contain logic when baudrate and
+uartclk is used for baudrate calculation.
+
+The patch is reading optional clock-frequency property to replace bogus
+BASE_BAUD * 16 calculation to have proper baudrate calculation.
+
+Signed-off-by: Michal Simek <michal.simek@xilinx.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/tty/serial/earlycon.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/tty/serial/earlycon.c
++++ b/drivers/tty/serial/earlycon.c
+@@ -285,6 +285,10 @@ int __init of_setup_earlycon(const struc
+ }
+ }
+
++ val = of_get_flat_dt_prop(node, "clock-frequency", NULL);
++ if (val)
++ port->uartclk = be32_to_cpu(*val);
++
+ if (options) {
+ strlcpy(early_console_dev.options, options,
+ sizeof(early_console_dev.options));
diff --git a/patches.fixes/earlycon-Remove-hardcoded-port-uartclk-initializatio.patch b/patches.fixes/earlycon-Remove-hardcoded-port-uartclk-initializatio.patch
new file mode 100644
index 0000000000..8c40d9a09b
--- /dev/null
+++ b/patches.fixes/earlycon-Remove-hardcoded-port-uartclk-initializatio.patch
@@ -0,0 +1,35 @@
+From 182ead3e418a20328b73152b8e81fc8b4cac3b0b Mon Sep 17 00:00:00 2001
+From: Michal Simek <michal.simek@xilinx.com>
+Date: Wed, 25 Apr 2018 15:48:42 +0200
+Subject: [PATCH] earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon
+Git-commit: 182ead3e418a20328b73152b8e81fc8b4cac3b0b
+Patch-mainline: v4.18-rc1
+References: bsc#1051510
+
+There is no reason to initialize uartclk to BASE_BAUD * 16 for DT based
+systems.
+
+Signed-off-by: Michal Simek <michal.simek@xilinx.com>
+Tested-by: Matt Redfearn <matt.redfearn@mips.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/tty/serial/earlycon.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/drivers/tty/serial/earlycon.c b/drivers/tty/serial/earlycon.c
+index 149d0d0da65e..c14873b67803 100644
+--- a/drivers/tty/serial/earlycon.c
++++ b/drivers/tty/serial/earlycon.c
+@@ -246,7 +246,6 @@ int __init of_setup_earlycon(const struct earlycon_id *match,
+ return -ENXIO;
+ }
+ port->mapbase = addr;
+- port->uartclk = BASE_BAUD * 16;
+
+ val = of_get_flat_dt_prop(node, "reg-offset", NULL);
+ if (val)
+--
+2.16.4
+
diff --git a/patches.fixes/esp-Fix-locking-on-page-fragment-allocation.patch b/patches.fixes/esp-Fix-locking-on-page-fragment-allocation.patch
new file mode 100644
index 0000000000..1e1b0536f3
--- /dev/null
+++ b/patches.fixes/esp-Fix-locking-on-page-fragment-allocation.patch
@@ -0,0 +1,73 @@
+From 36ff0dd39f9b88ca83e1733b735e9f22b7be893b Mon Sep 17 00:00:00 2001
+From: Steffen Klassert <steffen.klassert@secunet.com>
+Date: Fri, 25 Aug 2017 07:16:07 +0200
+Subject: [PATCH] esp: Fix locking on page fragment allocation
+Git-commit: 36ff0dd39f9b88ca83e1733b735e9f22b7be893b
+Patch-mainline: v4.13
+References: bsc#1051510
+
+We allocate the page fragment for the ESP trailer inside
+a spinlock, but consume it outside of the lock. This
+is racy as some other cou could get the same page fragment
+then. Fix this by consuming the page fragment inside the
+lock too.
+
+Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible")
+Fixes: 03e2a30f6a27 ("esp6: Avoid skb_cow_data whenever possible")
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ net/ipv4/esp4.c | 5 +++--
+ net/ipv6/esp6.c | 5 +++--
+ 2 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
+index dbb31a942dfa..a8ddb95e7f06 100644
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -292,8 +292,6 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+
+ kunmap_atomic(vaddr);
+
+- spin_unlock_bh(&x->lock);
+-
+ nfrags = skb_shinfo(skb)->nr_frags;
+
+ __skb_fill_page_desc(skb, nfrags, page, pfrag->offset,
+@@ -301,6 +299,9 @@ int esp_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+ skb_shinfo(skb)->nr_frags = ++nfrags;
+
+ pfrag->offset = pfrag->offset + allocsize;
++
++ spin_unlock_bh(&x->lock);
++
+ nfrags++;
+
+ skb->len += tailen;
+diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
+index 392def1fcf21..4e3fdc888943 100644
+--- a/net/ipv6/esp6.c
++++ b/net/ipv6/esp6.c
+@@ -260,8 +260,6 @@ int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+
+ kunmap_atomic(vaddr);
+
+- spin_unlock_bh(&x->lock);
+-
+ nfrags = skb_shinfo(skb)->nr_frags;
+
+ __skb_fill_page_desc(skb, nfrags, page, pfrag->offset,
+@@ -269,6 +267,9 @@ int esp6_output_head(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+ skb_shinfo(skb)->nr_frags = ++nfrags;
+
+ pfrag->offset = pfrag->offset + allocsize;
++
++ spin_unlock_bh(&x->lock);
++
+ nfrags++;
+
+ skb->len += tailen;
+--
+2.16.4
+
diff --git a/patches.fixes/esp-Fix-memleaks-on-error-paths.patch b/patches.fixes/esp-Fix-memleaks-on-error-paths.patch
new file mode 100644
index 0000000000..c617629049
--- /dev/null
+++ b/patches.fixes/esp-Fix-memleaks-on-error-paths.patch
@@ -0,0 +1,121 @@
+From e6194923237f3952b955c343b65b211f36bce01c Mon Sep 17 00:00:00 2001
+From: Steffen Klassert <steffen.klassert@secunet.com>
+Date: Thu, 13 Jul 2017 09:13:30 +0200
+Subject: [PATCH] esp: Fix memleaks on error paths.
+Git-commit: e6194923237f3952b955c343b65b211f36bce01c
+Patch-mainline: v4.13
+References: bsc#1051510
+
+We leak the temporary allocated resources in error paths,
+fix this by freeing them.
+
+Fixes: fca11ebde3f ("esp4: Reorganize esp_output")
+Fixes: 383d0350f2c ("esp6: Reorganize esp_output")
+Fixes: 3f29770723f ("ipsec: check return value of skb_to_sgvec always")
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ net/ipv4/esp4.c | 13 ++++++++-----
+ net/ipv6/esp6.c | 9 +++++----
+ 2 files changed, 13 insertions(+), 9 deletions(-)
+
+diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
+index 0cbee0a666ff..dbb31a942dfa 100644
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -381,7 +381,7 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+ (unsigned char *)esph - skb->data,
+ assoclen + ivlen + esp->clen + alen);
+ if (unlikely(err < 0))
+- goto error;
++ goto error_free;
+
+ if (!esp->inplace) {
+ int allocsize;
+@@ -392,7 +392,7 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+ spin_lock_bh(&x->lock);
+ if (unlikely(!skb_page_frag_refill(allocsize, pfrag, GFP_ATOMIC))) {
+ spin_unlock_bh(&x->lock);
+- goto error;
++ goto error_free;
+ }
+
+ skb_shinfo(skb)->nr_frags = 1;
+@@ -409,7 +409,7 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+ (unsigned char *)esph - skb->data,
+ assoclen + ivlen + esp->clen + alen);
+ if (unlikely(err < 0))
+- goto error;
++ goto error_free;
+ }
+
+ if ((x->props.flags & XFRM_STATE_ESN))
+@@ -442,8 +442,9 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+
+ if (sg != dsg)
+ esp_ssg_unref(x, tmp);
+- kfree(tmp);
+
++error_free:
++ kfree(tmp);
+ error:
+ return err;
+ }
+@@ -695,8 +696,10 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
+
+ sg_init_table(sg, nfrags);
+ err = skb_to_sgvec(skb, sg, 0, skb->len);
+- if (unlikely(err < 0))
++ if (unlikely(err < 0)) {
++ kfree(tmp);
+ goto out;
++ }
+
+ skb->ip_summed = CHECKSUM_NONE;
+
+diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
+index 9ed35473dcb5..392def1fcf21 100644
+--- a/net/ipv6/esp6.c
++++ b/net/ipv6/esp6.c
+@@ -345,7 +345,7 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+ (unsigned char *)esph - skb->data,
+ assoclen + ivlen + esp->clen + alen);
+ if (unlikely(err < 0))
+- goto error;
++ goto error_free;
+
+ if (!esp->inplace) {
+ int allocsize;
+@@ -356,7 +356,7 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+ spin_lock_bh(&x->lock);
+ if (unlikely(!skb_page_frag_refill(allocsize, pfrag, GFP_ATOMIC))) {
+ spin_unlock_bh(&x->lock);
+- goto error;
++ goto error_free;
+ }
+
+ skb_shinfo(skb)->nr_frags = 1;
+@@ -373,7 +373,7 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+ (unsigned char *)esph - skb->data,
+ assoclen + ivlen + esp->clen + alen);
+ if (unlikely(err < 0))
+- goto error;
++ goto error_free;
+ }
+
+ if ((x->props.flags & XFRM_STATE_ESN))
+@@ -406,8 +406,9 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+
+ if (sg != dsg)
+ esp_ssg_unref(x, tmp);
+- kfree(tmp);
+
++error_free:
++ kfree(tmp);
+ error:
+ return err;
+ }
+--
+2.16.4
+
diff --git a/patches.fixes/esp-Fix-skb-tailroom-calculation.patch b/patches.fixes/esp-Fix-skb-tailroom-calculation.patch
new file mode 100644
index 0000000000..22a99190d3
--- /dev/null
+++ b/patches.fixes/esp-Fix-skb-tailroom-calculation.patch
@@ -0,0 +1,47 @@
+From 54ffd790792898f05e215dce5aa593473e80e92f Mon Sep 17 00:00:00 2001
+From: Steffen Klassert <steffen.klassert@secunet.com>
+Date: Fri, 25 Aug 2017 07:34:35 +0200
+Subject: [PATCH] esp: Fix skb tailroom calculation
+Git-commit: 54ffd790792898f05e215dce5aa593473e80e92f
+Patch-mainline: v4.13
+References: bsc#1051510
+
+We use skb_availroom to calculate the skb tailroom for the
+ESP trailer. skb_availroom calculates the tailroom and
+subtracts this value by reserved_tailroom. However
+reserved_tailroom is a union with the skb mark. This means
+that we subtract the tailroom by the skb mark if set.
+Fix this by using skb_tailroom instead.
+
+Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible")
+Fixes: 03e2a30f6a27 ("esp6: Avoid skb_cow_data whenever possible")
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ net/ipv4/esp4.c | 2 +-
+ net/ipv6/esp6.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -258,7 +258,7 @@ int esp_output_head(struct xfrm_state *x
+ esp_output_udp_encap(x, skb, esp);
+
+ if (!skb_cloned(skb)) {
+- if (tailen <= skb_availroom(skb)) {
++ if (tailen <= skb_tailroom(skb)) {
+ nfrags = 1;
+ trailer = skb;
+ tail = skb_tail_pointer(trailer);
+--- a/net/ipv6/esp6.c
++++ b/net/ipv6/esp6.c
+@@ -231,7 +231,7 @@ int esp6_output_head(struct xfrm_state *
+ esph = ip_esp_hdr(skb);
+
+ if (!skb_cloned(skb)) {
+- if (tailen <= skb_availroom(skb)) {
++ if (tailen <= skb_tailroom(skb)) {
+ nfrags = 1;
+ trailer = skb;
+ tail = skb_tail_pointer(trailer);
diff --git a/patches.fixes/esp6-fix-memleak-on-error-path-in-esp6_input.patch b/patches.fixes/esp6-fix-memleak-on-error-path-in-esp6_input.patch
new file mode 100644
index 0000000000..1493d84b5c
--- /dev/null
+++ b/patches.fixes/esp6-fix-memleak-on-error-path-in-esp6_input.patch
@@ -0,0 +1,41 @@
+From 7284fdf39a912322ce97de2d30def3c6068a418c Mon Sep 17 00:00:00 2001
+From: Zhen Lei <thunder.leizhen@huawei.com>
+Date: Wed, 27 Jun 2018 11:49:28 +0800
+Subject: [PATCH] esp6: fix memleak on error path in esp6_input
+Git-commit: 7284fdf39a912322ce97de2d30def3c6068a418c
+Patch-mainline: v4.18-rc8
+References: bsc#1051510
+
+This ought to be an omission in e6194923237 ("esp: Fix memleaks on error
+paths."). The memleak on error path in esp6_input is similar to esp_input
+of esp4.
+
+Fixes: e6194923237 ("esp: Fix memleaks on error paths.")
+Fixes: 3f29770723f ("ipsec: check return value of skb_to_sgvec always")
+Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ net/ipv6/esp6.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
+index 97513f35bcc5..88a7579c23bd 100644
+--- a/net/ipv6/esp6.c
++++ b/net/ipv6/esp6.c
+@@ -669,8 +669,10 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
+
+ sg_init_table(sg, nfrags);
+ ret = skb_to_sgvec(skb, sg, 0, skb->len);
+- if (unlikely(ret < 0))
++ if (unlikely(ret < 0)) {
++ kfree(tmp);
+ goto out;
++ }
+
+ skb->ip_summed = CHECKSUM_NONE;
+
+--
+2.16.4
+
diff --git a/patches.fixes/genwqe-Fix-size-check.patch b/patches.fixes/genwqe-Fix-size-check.patch
new file mode 100644
index 0000000000..fce9f379ca
--- /dev/null
+++ b/patches.fixes/genwqe-Fix-size-check.patch
@@ -0,0 +1,70 @@
+From fdd669684655c07dacbdb0d753fd13833de69a33 Mon Sep 17 00:00:00 2001
+From: Christian Borntraeger <borntraeger@de.ibm.com>
+Date: Wed, 12 Dec 2018 14:45:18 +0100
+Subject: [PATCH] genwqe: Fix size check
+Git-commit: fdd669684655c07dacbdb0d753fd13833de69a33
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+Calling the test program genwqe_cksum with the default buffer size of
+2MB triggers the following kernel warning on s390:
+
+Warning: CPU: 30 PID: 9311 at mm/page_alloc.c:3189 __alloc_pages_nodemask+0x45c/0xbe0
+Cpu: 30 PID: 9311 Comm: genwqe_cksum Kdump: loaded Not tainted 3.10.0-957.el7.s390x #1
+Task: 00000005e5d13980 ti: 00000005e7c6c000 task.ti: 00000005e7c6c000
+Krnl PSW : 0704c00180000000 00000000002780ac (__alloc_pages_nodemask+0x45c/0xbe0)
+ R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 EA:3
+Krnl GPRS: 00000000002932b8 0000000000b73d7c 0000000000000010 0000000000000009
+ 0000000000000041 00000005e7c6f9b8 0000000000000001 00000000000080d0
+ 0000000000000000 0000000000b70500 0000000000000001 0000000000000000
+ 0000000000b70528 00000000007682c0 0000000000277df2 00000005e7c6f9a0
+Krnl Code: 000000000027809e: de7195001000 ed 1280(114,%r9),0(%r1)
+ 00000000002780a4: a774fead brc 7,277dfe
+ #00000000002780a8: a7f40001 brc 15,2780aa
+ >00000000002780ac: 92011000 mvi 0(%r1),1
+ 00000000002780b0: a7f4fea7 brc 15,277dfe
+ 00000000002780b4: 9101c6b6 tm 1718(%r12),1
+ 00000000002780b8: a784ff3a brc 8,277f2c
+ 00000000002780bc: a7f4fe2e brc 15,277d18
+Call Trace:
+([<0000000000277df2>] __alloc_pages_nodemask+0x1a2/0xbe0)
+ [<000000000013afae>] s390_dma_alloc+0xfe/0x310
+ [<000003ff8065f362>] __genwqe_alloc_consistent+0xfa/0x148 [genwqe_card]
+ [<000003ff80658f7a>] genwqe_mmap+0xca/0x248 [genwqe_card]
+ [<00000000002b2712>] mmap_region+0x4e2/0x778
+ [<00000000002b2c54>] do_mmap+0x2ac/0x3e0
+ [<0000000000292d7e>] vm_mmap_pgoff+0xd6/0x118
+ [<00000000002b081c>] SyS_mmap_pgoff+0xdc/0x268
+ [<00000000002b0a34>] SyS_old_mmap+0x8c/0xb0
+ [<000000000074e518>] sysc_tracego+0x14/0x1e
+ [<000003ffacf87dc6>] 0x3ffacf87dc6
+
+turns out the check in __genwqe_alloc_consistent uses "> MAX_ORDER"
+while the mm code uses ">= MAX_ORDER". Fix genwqe.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Frank Haverkamp <haver@linux.vnet.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/misc/genwqe/card_utils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/misc/genwqe/card_utils.c b/drivers/misc/genwqe/card_utils.c
+index 3fcb9a2fe1c9..efe2fb72d54b 100644
+--- a/drivers/misc/genwqe/card_utils.c
++++ b/drivers/misc/genwqe/card_utils.c
+@@ -215,7 +215,7 @@ u32 genwqe_crc32(u8 *buff, size_t len, u32 init)
+ void *__genwqe_alloc_consistent(struct genwqe_dev *cd, size_t size,
+ dma_addr_t *dma_handle)
+ {
+- if (get_order(size) > MAX_ORDER)
++ if (get_order(size) >= MAX_ORDER)
+ return NULL;
+
+ return dma_zalloc_coherent(&cd->pci_dev->dev, size, dma_handle,
+--
+2.16.4
+
diff --git a/patches.fixes/gianfar-Fix-Rx-byte-accounting-for-ndev-stats.patch b/patches.fixes/gianfar-Fix-Rx-byte-accounting-for-ndev-stats.patch
new file mode 100644
index 0000000000..7b3b28f491
--- /dev/null
+++ b/patches.fixes/gianfar-Fix-Rx-byte-accounting-for-ndev-stats.patch
@@ -0,0 +1,60 @@
+From 590399ddf9561f2ed0839311c8ae1be21597ba68 Mon Sep 17 00:00:00 2001
+From: Claudiu Manoil <claudiu.manoil@nxp.com>
+Date: Tue, 27 Feb 2018 17:33:10 +0200
+Subject: [PATCH] gianfar: Fix Rx byte accounting for ndev stats
+Git-commit: 590399ddf9561f2ed0839311c8ae1be21597ba68
+Patch-mainline: v4.16-rc5
+References: bsc#1051510
+
+Don't include in the Rx bytecount of the packet sent up the stack:
+the FCB (frame control block), and the padding bytes inserted by
+the controller into the frame payload, nor the FCS. All these are
+being pulled out of the skb by gfar_process_frame().
+This issue is old, likely from the driver's beginnings, however
+it was amplified by recent:
+commit d903ec77118c ("gianfar: simplify FCS handling and fix memory leak")
+which basically added the FCS to the Rx bytecount, and so brought
+this to my attention.
+
+Signed-off-by: Claudiu Manoil <claudiu.manoil@nxp.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/net/ethernet/freescale/gianfar.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c
+index f5c87bd35fa1..f27f9bae1a4a 100644
+--- a/drivers/net/ethernet/freescale/gianfar.c
++++ b/drivers/net/ethernet/freescale/gianfar.c
+@@ -3063,9 +3063,6 @@ static void gfar_process_frame(struct net_device *ndev, struct sk_buff *skb)
+ if (ndev->features & NETIF_F_RXCSUM)
+ gfar_rx_checksum(skb, fcb);
+
+- /* Tell the skb what kind of packet this is */
+- skb->protocol = eth_type_trans(skb, ndev);
+-
+ /* There's need to check for NETIF_F_HW_VLAN_CTAG_RX here.
+ * Even if vlan rx accel is disabled, on some chips
+ * RXFCB_VLN is pseudo randomly set.
+@@ -3136,13 +3133,15 @@ int gfar_clean_rx_ring(struct gfar_priv_rx_q *rx_queue, int rx_work_limit)
+ continue;
+ }
+
++ gfar_process_frame(ndev, skb);
++
+ /* Increment the number of packets */
+ total_pkts++;
+ total_bytes += skb->len;
+
+ skb_record_rx_queue(skb, rx_queue->qindex);
+
+- gfar_process_frame(ndev, skb);
++ skb->protocol = eth_type_trans(skb, ndev);
+
+ /* Send the packet up the stack */
+ napi_gro_receive(&rx_queue->grp->napi_rx, skb);
+--
+2.16.4
+
diff --git a/patches.fixes/gianfar-fix-a-flooded-alignment-reports-because-of-p.patch b/patches.fixes/gianfar-fix-a-flooded-alignment-reports-because-of-p.patch
new file mode 100644
index 0000000000..e15c5cd517
--- /dev/null
+++ b/patches.fixes/gianfar-fix-a-flooded-alignment-reports-because-of-p.patch
@@ -0,0 +1,84 @@
+From 58117672943734715bbe7565ac9f062effa524f0 Mon Sep 17 00:00:00 2001
+From: Zumeng Chen <zumeng.chen@gmail.com>
+Date: Mon, 4 Dec 2017 11:22:02 +0800
+Subject: [PATCH] gianfar: fix a flooded alignment reports because of padding issue.
+Git-commit: 58117672943734715bbe7565ac9f062effa524f0
+Patch-mainline: v4.15-rc3
+References: bsc#1051510
+
+According to LS1021A RM, the value of PAL can be set so that the start of the
+IP header in the receive data buffer is aligned to a 32-bit boundary. Normally,
+setting PAL = 2 provides minimal padding to ensure such alignment of the IP
+header.
+
+However every incoming packet's 8-byte time stamp will be inserted into the
+packet data buffer as padding alignment bytes when hardware time stamping is
+enabled.
+
+So we set the padding 8+2 here to avoid the flooded alignment faults:
+
+root@128:~# cat /proc/cpu/alignment
+User: 0
+System: 17539 (inet_gro_receive+0x114/0x2c0)
+Skipped: 0
+Half: 0
+Word: 0
+Dword: 0
+Multi: 17539
+User faults: 2 (fixup)
+
+Also shown when exception report enablement
+
+Cpu: 0 PID: 161 Comm: irq/66-eth1_g0_ Not tainted 4.1.21-rt13-WR8.0.0.0_preempt-rt #16
+Hardware name: Freescale LS1021A
+[<8001b420>] (unwind_backtrace) from [<8001476c>] (show_stack+0x20/0x24)
+[<8001476c>] (show_stack) from [<807cfb48>] (dump_stack+0x94/0xac)
+[<807cfb48>] (dump_stack) from [<80025d70>] (do_alignment+0x720/0x958)
+[<80025d70>] (do_alignment) from [<80009224>] (do_DataAbort+0x40/0xbc)
+[<80009224>] (do_DataAbort) from [<80015398>] (__dabt_svc+0x38/0x60)
+Exception stack(0x86ad1cc0 to 0x86ad1d08)
+1cc0: f9b3e080 86b3d072 2d78d287 00000000 866816c0 86b3d05e 86e785d0 00000000
+1ce0: 00000011 0000000e 80840ab0 86ad1d3c 86ad1d08 86ad1d08 806d7fc0 806d806c
+1d00: 40070013 ffffffff
+[<80015398>] (__dabt_svc) from [<806d806c>] (inet_gro_receive+0x114/0x2c0)
+[<806d806c>] (inet_gro_receive) from [<80660eec>] (dev_gro_receive+0x21c/0x3c0)
+[<80660eec>] (dev_gro_receive) from [<8066133c>] (napi_gro_receive+0x44/0x17c)
+[<8066133c>] (napi_gro_receive) from [<804f0538>] (gfar_clean_rx_ring+0x39c/0x7d4)
+[<804f0538>] (gfar_clean_rx_ring) from [<804f0bf4>] (gfar_poll_rx_sq+0x58/0xe0)
+[<804f0bf4>] (gfar_poll_rx_sq) from [<80660b10>] (net_rx_action+0x27c/0x43c)
+[<80660b10>] (net_rx_action) from [<80033638>] (do_current_softirqs+0x1e0/0x3dc)
+[<80033638>] (do_current_softirqs) from [<800338c4>] (__local_bh_enable+0x90/0xa8)
+[<800338c4>] (__local_bh_enable) from [<8008025c>] (irq_forced_thread_fn+0x70/0x84)
+[<8008025c>] (irq_forced_thread_fn) from [<800805e8>] (irq_thread+0x16c/0x244)
+[<800805e8>] (irq_thread) from [<8004e490>] (kthread+0xe8/0x104)
+[<8004e490>] (kthread) from [<8000fda8>] (ret_from_fork+0x14/0x2c)
+
+Signed-off-by: Zumeng Chen <zumeng.chen@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/net/ethernet/freescale/gianfar.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c
+index 5be52d89b182..81a73af0df31 100644
+--- a/drivers/net/ethernet/freescale/gianfar.c
++++ b/drivers/net/ethernet/freescale/gianfar.c
+@@ -1378,9 +1378,11 @@ static int gfar_probe(struct platform_device *ofdev)
+
+ gfar_init_addr_hash_table(priv);
+
+- /* Insert receive time stamps into padding alignment bytes */
++ /* Insert receive time stamps into padding alignment bytes, and
++ * plus 2 bytes padding to ensure the cpu alignment.
++ */
+ if (priv->device_flags & FSL_GIANFAR_DEV_HAS_TIMER)
+- priv->padding = 8;
++ priv->padding = 8 + DEFAULT_PADDING;
+
+ if (dev->features & NETIF_F_IP_CSUM ||
+ priv->device_flags & FSL_GIANFAR_DEV_HAS_TIMER)
+--
+2.16.4
+
diff --git a/patches.fixes/gianfar-prevent-integer-wrapping-in-the-rx-handler.patch b/patches.fixes/gianfar-prevent-integer-wrapping-in-the-rx-handler.patch
new file mode 100644
index 0000000000..1745f98503
--- /dev/null
+++ b/patches.fixes/gianfar-prevent-integer-wrapping-in-the-rx-handler.patch
@@ -0,0 +1,87 @@
+From 202a0a70e445caee1d0ec7aae814e64b1189fa4d Mon Sep 17 00:00:00 2001
+From: Andy Spencer <aspencer@spacex.com>
+Date: Thu, 25 Jan 2018 19:37:50 -0800
+Subject: [PATCH] gianfar: prevent integer wrapping in the rx handler
+Git-commit: 202a0a70e445caee1d0ec7aae814e64b1189fa4d
+Patch-mainline: v4.16-rc1
+References: bsc#1051510
+
+When the frame check sequence (FCS) is split across the last two frames
+of a fragmented packet, part of the FCS gets counted twice, once when
+subtracting the FCS, and again when subtracting the previously received
+data.
+
+For example, if 1602 bytes are received, and the first fragment contains
+the first 1600 bytes (including the first two bytes of the FCS), and the
+second fragment contains the last two bytes of the FCS:
+
+ 'skb->len == 1600' from the first fragment
+
+ size = lstatus & BD_LENGTH_MASK; # 1602
+ size -= ETH_FCS_LEN; # 1598
+ size -= skb->len; # -2
+
+Since the size is unsigned, it wraps around and causes a BUG later in
+the packet handling, as shown below:
+
+ kernel BUG at ./include/linux/skbuff.h:2068!
+ Oops: Exception in kernel mode, sig: 5 [#1]
+ ...
+ NIP [c021ec60] skb_pull+0x24/0x44
+ LR [c01e2fbc] gfar_clean_rx_ring+0x498/0x690
+ Call Trace:
+ [df7edeb0] [c01e2c1c] gfar_clean_rx_ring+0xf8/0x690 (unreliable)
+ [df7edf20] [c01e33a8] gfar_poll_rx_sq+0x3c/0x9c
+ [df7edf40] [c023352c] net_rx_action+0x21c/0x274
+ [df7edf90] [c0329000] __do_softirq+0xd8/0x240
+ [df7edff0] [c000c108] call_do_irq+0x24/0x3c
+ [c0597e90] [c00041dc] do_IRQ+0x64/0xc4
+ [c0597eb0] [c000d920] ret_from_except+0x0/0x18
+ --- interrupt: 501 at arch_cpu_idle+0x24/0x5c
+
+Change the size to a signed integer and then trim off any part of the
+FCS that was received prior to the last fragment.
+
+Fixes: 6c389fc931bc ("gianfar: fix size of scatter-gathered frames")
+Signed-off-by: Andy Spencer <aspencer@spacex.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/net/ethernet/freescale/gianfar.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c
+index 7f837006bb6a..3bdeb295514b 100644
+--- a/drivers/net/ethernet/freescale/gianfar.c
++++ b/drivers/net/ethernet/freescale/gianfar.c
+@@ -2932,7 +2932,7 @@ static irqreturn_t gfar_transmit(int irq, void *grp_id)
+ static bool gfar_add_rx_frag(struct gfar_rx_buff *rxb, u32 lstatus,
+ struct sk_buff *skb, bool first)
+ {
+- unsigned int size = lstatus & BD_LENGTH_MASK;
++ int size = lstatus & BD_LENGTH_MASK;
+ struct page *page = rxb->page;
+ bool last = !!(lstatus & BD_LFLAG(RXBD_LAST));
+
+@@ -2947,11 +2947,16 @@ static bool gfar_add_rx_frag(struct gfar_rx_buff *rxb, u32 lstatus,
+ if (last)
+ size -= skb->len;
+
+- /* in case the last fragment consisted only of the FCS */
++ /* Add the last fragment if it contains something other than
++ * the FCS, otherwise drop it and trim off any part of the FCS
++ * that was already received.
++ */
+ if (size > 0)
+ skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags, page,
+ rxb->page_offset + RXBUF_ALIGNMENT,
+ size, GFAR_RXB_TRUESIZE);
++ else if (size < 0)
++ pskb_trim(skb, skb->len + size);
+ }
+
+ /* try reuse page */
+--
+2.16.4
+
diff --git a/patches.fixes/hvc_opal-don-t-set-tb_ticks_per_usec-in-udbg_init_op.patch b/patches.fixes/hvc_opal-don-t-set-tb_ticks_per_usec-in-udbg_init_op.patch
new file mode 100644
index 0000000000..8004eb76c0
--- /dev/null
+++ b/patches.fixes/hvc_opal-don-t-set-tb_ticks_per_usec-in-udbg_init_op.patch
@@ -0,0 +1,50 @@
+From 447808bf500a7cc92173266a59f8a494e132b122 Mon Sep 17 00:00:00 2001
+From: Stewart Smith <stewart@linux.ibm.com>
+Date: Thu, 29 Mar 2018 17:02:46 +1100
+Subject: [PATCH] hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
+Git-commit: 447808bf500a7cc92173266a59f8a494e132b122
+Patch-mainline: v4.18-rc1
+References: bsc#1051510
+
+time_init() will set up tb_ticks_per_usec based on reality.
+time_init() is called *after* udbg_init_opal_common() during boot.
+
+from arch/powerpc/kernel/time.c:
+ unsigned long tb_ticks_per_usec = 100; /* sane default */
+
+Currently, all powernv systems have a timebase frequency of 512mhz
+(512000000/1000000 == 0x200) - although there's nothing written
+down anywhere that I can find saying that we couldn't make that
+different based on the requirements in the ISA.
+
+So, we've been (accidentally) thwacking the (currently) correct
+(for powernv at least) value for tb_ticks_per_usec earlier than
+we otherwise would have.
+
+The "sane default" seems to be adequate for our purposes between
+udbg_init_opal_common() and time_init() being called, and if it isn't,
+then we should probably be setting it somewhere that isn't hvc_opal.c!
+
+Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/tty/hvc/hvc_opal.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/drivers/tty/hvc/hvc_opal.c b/drivers/tty/hvc/hvc_opal.c
+index 2ed07ca6389e..9645c0062a90 100644
+--- a/drivers/tty/hvc/hvc_opal.c
++++ b/drivers/tty/hvc/hvc_opal.c
+@@ -318,7 +318,6 @@ static void udbg_init_opal_common(void)
+ udbg_putc = udbg_opal_putc;
+ udbg_getc = udbg_opal_getc;
+ udbg_getc_poll = udbg_opal_getc_poll;
+- tb_ticks_per_usec = 0x200; /* Make udelay not suck */
+ }
+
+ void __init hvc_opal_init_early(void)
+--
+2.16.4
+
diff --git a/patches.fixes/ipsec-check-return-value-of-skb_to_sgvec-always.patch b/patches.fixes/ipsec-check-return-value-of-skb_to_sgvec-always.patch
new file mode 100644
index 0000000000..3e658bac34
--- /dev/null
+++ b/patches.fixes/ipsec-check-return-value-of-skb_to_sgvec-always.patch
@@ -0,0 +1,167 @@
+From 3f29770723fe498a5c5f57c3a31a996ebdde03e1 Mon Sep 17 00:00:00 2001
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Sun, 4 Jun 2017 04:16:23 +0200
+Subject: [PATCH] ipsec: check return value of skb_to_sgvec always
+Git-commit: 3f29770723fe498a5c5f57c3a31a996ebdde03e1
+Patch-mainline: v4.13-rc1
+References: bsc#1051510
+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Cc: Steffen Klassert <steffen.klassert@secunet.com>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Cc: "David S. Miller" <davem@davemloft.net>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ net/ipv4/ah4.c | 8 ++++++--
+ net/ipv4/esp4.c | 20 +++++++++++++-------
+ net/ipv6/ah6.c | 8 ++++++--
+ net/ipv6/esp6.c | 20 +++++++++++++-------
+ 4 files changed, 38 insertions(+), 18 deletions(-)
+
+diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
+index 22377c8ff14b..e8f862358518 100644
+--- a/net/ipv4/ah4.c
++++ b/net/ipv4/ah4.c
+@@ -220,7 +220,9 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
+ ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);
+
+ sg_init_table(sg, nfrags + sglists);
+- skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ err = skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ if (unlikely(err < 0))
++ goto out_free;
+
+ if (x->props.flags & XFRM_STATE_ESN) {
+ /* Attach seqhi sg right after packet payload */
+@@ -393,7 +395,9 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
+ skb_push(skb, ihl);
+
+ sg_init_table(sg, nfrags + sglists);
+- skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ err = skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ if (unlikely(err < 0))
++ goto out_free;
+
+ if (x->props.flags & XFRM_STATE_ESN) {
+ /* Attach seqhi sg right after packet payload */
+diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
+index 93322f895eab..d815d1755473 100644
+--- a/net/ipv4/esp4.c
++++ b/net/ipv4/esp4.c
+@@ -377,9 +377,11 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+ esp->esph = esph;
+
+ sg_init_table(sg, esp->nfrags);
+- skb_to_sgvec(skb, sg,
+- (unsigned char *)esph - skb->data,
+- assoclen + ivlen + esp->clen + alen);
++ err = skb_to_sgvec(skb, sg,
++ (unsigned char *)esph - skb->data,
++ assoclen + ivlen + esp->clen + alen);
++ if (unlikely(err < 0))
++ goto error;
+
+ if (!esp->inplace) {
+ int allocsize;
+@@ -403,9 +405,11 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
+ spin_unlock_bh(&x->lock);
+
+ sg_init_table(dsg, skb_shinfo(skb)->nr_frags + 1);
+- skb_to_sgvec(skb, dsg,
+- (unsigned char *)esph - skb->data,
+- assoclen + ivlen + esp->clen + alen);
++ err = skb_to_sgvec(skb, dsg,
++ (unsigned char *)esph - skb->data,
++ assoclen + ivlen + esp->clen + alen);
++ if (unlikely(err < 0))
++ goto error;
+ }
+
+ if ((x->props.flags & XFRM_STATE_ESN))
+@@ -690,7 +694,9 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
+ esp_input_set_header(skb, seqhi);
+
+ sg_init_table(sg, nfrags);
+- skb_to_sgvec(skb, sg, 0, skb->len);
++ err = skb_to_sgvec(skb, sg, 0, skb->len);
++ if (unlikely(err < 0))
++ goto out;
+
+ skb->ip_summed = CHECKSUM_NONE;
+
+diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
+index dda6035e3b84..755f38271dd5 100644
+--- a/net/ipv6/ah6.c
++++ b/net/ipv6/ah6.c
+@@ -423,7 +423,9 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb)
+ ah->seq_no = htonl(XFRM_SKB_CB(skb)->seq.output.low);
+
+ sg_init_table(sg, nfrags + sglists);
+- skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ err = skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ if (unlikely(err < 0))
++ goto out_free;
+
+ if (x->props.flags & XFRM_STATE_ESN) {
+ /* Attach seqhi sg right after packet payload */
+@@ -606,7 +608,9 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb)
+ ip6h->hop_limit = 0;
+
+ sg_init_table(sg, nfrags + sglists);
+- skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ err = skb_to_sgvec_nomark(skb, sg, 0, skb->len);
++ if (unlikely(err < 0))
++ goto out_free;
+
+ if (x->props.flags & XFRM_STATE_ESN) {
+ /* Attach seqhi sg right after packet payload */
+diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
+index 1fe99ba8066c..2ede4e459c4e 100644
+--- a/net/ipv6/esp6.c
++++ b/net/ipv6/esp6.c
+@@ -346,9 +346,11 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+ esph = esp_output_set_esn(skb, x, ip_esp_hdr(skb), seqhi);
+
+ sg_init_table(sg, esp->nfrags);
+- skb_to_sgvec(skb, sg,
+- (unsigned char *)esph - skb->data,
+- assoclen + ivlen + esp->clen + alen);
++ err = skb_to_sgvec(skb, sg,
++ (unsigned char *)esph - skb->data,
++ assoclen + ivlen + esp->clen + alen);
++ if (unlikely(err < 0))
++ goto error;
+
+ if (!esp->inplace) {
+ int allocsize;
+@@ -372,9 +374,11 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
+ spin_unlock_bh(&x->lock);
+
+ sg_init_table(dsg, skb_shinfo(skb)->nr_frags + 1);
+- skb_to_sgvec(skb, dsg,
+- (unsigned char *)esph - skb->data,
+- assoclen + ivlen + esp->clen + alen);
++ err = skb_to_sgvec(skb, dsg,
++ (unsigned char *)esph - skb->data,
++ assoclen + ivlen + esp->clen + alen);
++ if (unlikely(err < 0))
++ goto error;
+ }
+
+ if ((x->props.flags & XFRM_STATE_ESN))
+@@ -618,7 +622,9 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
+ esp_input_set_header(skb, seqhi);
+
+ sg_init_table(sg, nfrags);
+- skb_to_sgvec(skb, sg, 0, skb->len);
++ ret = skb_to_sgvec(skb, sg, 0, skb->len);
++ if (unlikely(ret < 0))
++ goto out;
+
+ skb->ip_summed = CHECKSUM_NONE;
+
+--
+2.16.4
+
diff --git a/patches.fixes/ipv4-speedup-ipv6-tunnels-dismantle.patch b/patches.fixes/ipv4-speedup-ipv6-tunnels-dismantle.patch
new file mode 100644
index 0000000000..300be82840
--- /dev/null
+++ b/patches.fixes/ipv4-speedup-ipv6-tunnels-dismantle.patch
@@ -0,0 +1,172 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 19 Sep 2017 16:27:09 -0700
+Subject: ipv4: speedup ipv6 tunnels dismantle
+Patch-mainline: v4.15-rc1
+Git-commit: 64bc17811b72758753e2b64cd8f2a63812c61fe1
+References: bsc#1122982
+
+Implement exit_batch() method to dismantle more devices
+per round.
+
+(rtnl_lock() ...
+ unregister_netdevice_many() ...
+ rtnl_unlock())
+
+Tested:
+$ cat add_del_unshare.sh
+for i in `seq 1 40`
+do
+ (for j in `seq 1 100` ; do unshare -n /bin/true >/dev/null ; done) &
+done
+wait ; grep net_namespace /proc/slabinfo
+
+Before patch :
+$ time ./add_del_unshare.sh
+net_namespace 126 282 5504 1 2 : tunables 8 4 0 : slabdata 126 282 0
+
+real 1m38.965s
+user 0m0.688s
+sys 0m37.017s
+
+After patch:
+$ time ./add_del_unshare.sh
+net_namespace 135 291 5504 1 2 : tunables 8 4 0 : slabdata 135 291 0
+
+real 0m22.117s
+user 0m0.728s
+sys 0m35.328s
+
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+
+---
+ include/net/ip_tunnels.h | 3 ++-
+ net/ipv4/ip_gre.c | 14 ++++++--------
+ net/ipv4/ip_tunnel.c | 12 +++++++++---
+ net/ipv4/ip_vti.c | 7 +++----
+ net/ipv4/ipip.c | 7 +++----
+ 5 files changed, 23 insertions(+), 20 deletions(-)
+
+--- a/include/net/ip_tunnels.h
++++ b/include/net/ip_tunnels.h
+@@ -253,7 +253,8 @@ int ip_tunnel_get_iflink(const struct net_device *dev);
+ int ip_tunnel_init_net(struct net *net, unsigned int ip_tnl_net_id,
+ struct rtnl_link_ops *ops, char *devname);
+
+-void ip_tunnel_delete_net(struct ip_tunnel_net *itn, struct rtnl_link_ops *ops);
++void ip_tunnel_delete_nets(struct list_head *list_net, unsigned int id,
++ struct rtnl_link_ops *ops);
+
+ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
+ const struct iphdr *tnl_params, const u8 protocol);
+--- a/net/ipv4/ip_gre.c
++++ b/net/ipv4/ip_gre.c
+@@ -763,15 +763,14 @@ static int __net_init ipgre_init_net(struct net *net)
+ return ip_tunnel_init_net(net, ipgre_net_id, &ipgre_link_ops, NULL);
+ }
+
+-static void __net_exit ipgre_exit_net(struct net *net)
++static void __net_exit ipgre_exit_batch_net(struct list_head *list_net)
+ {
+- struct ip_tunnel_net *itn = net_generic(net, ipgre_net_id);
+- ip_tunnel_delete_net(itn, &ipgre_link_ops);
++ ip_tunnel_delete_nets(list_net, ipgre_net_id, &ipgre_link_ops);
+ }
+
+ static struct pernet_operations ipgre_net_ops = {
+ .init = ipgre_init_net,
+- .exit = ipgre_exit_net,
++ .exit_batch = ipgre_exit_batch_net,
+ .id = &ipgre_net_id,
+ .size = sizeof(struct ip_tunnel_net),
+ };
+@@ -1185,15 +1184,14 @@ static int __net_init ipgre_tap_init_net(struct net *net)
+ return ip_tunnel_init_net(net, gre_tap_net_id, &ipgre_tap_ops, "gretap0");
+ }
+
+-static void __net_exit ipgre_tap_exit_net(struct net *net)
++static void __net_exit ipgre_tap_exit_batch_net(struct list_head *list_net)
+ {
+- struct ip_tunnel_net *itn = net_generic(net, gre_tap_net_id);
+- ip_tunnel_delete_net(itn, &ipgre_tap_ops);
++ ip_tunnel_delete_nets(list_net, gre_tap_net_id, &ipgre_tap_ops);
+ }
+
+ static struct pernet_operations ipgre_tap_net_ops = {
+ .init = ipgre_tap_init_net,
+- .exit = ipgre_tap_exit_net,
++ .exit_batch = ipgre_tap_exit_batch_net,
+ .id = &gre_tap_net_id,
+ .size = sizeof(struct ip_tunnel_net),
+ };
+--- a/net/ipv4/ip_tunnel.c
++++ b/net/ipv4/ip_tunnel.c
+@@ -1071,16 +1071,22 @@ static void ip_tunnel_destroy(struct ip_tunnel_net *itn, struct list_head *head,
+ }
+ }
+
+-void ip_tunnel_delete_net(struct ip_tunnel_net *itn, struct rtnl_link_ops *ops)
++void ip_tunnel_delete_nets(struct list_head *net_list, unsigned int id,
++ struct rtnl_link_ops *ops)
+ {
++ struct ip_tunnel_net *itn;
++ struct net *net;
+ LIST_HEAD(list);
+
+ rtnl_lock();
+- ip_tunnel_destroy(itn, &list, ops);
++ list_for_each_entry(net, net_list, exit_list) {
++ itn = net_generic(net, id);
++ ip_tunnel_destroy(itn, &list, ops);
++ }
+ unregister_netdevice_many(&list);
+ rtnl_unlock();
+ }
+-EXPORT_SYMBOL_GPL(ip_tunnel_delete_net);
++EXPORT_SYMBOL_GPL(ip_tunnel_delete_nets);
+
+ int ip_tunnel_newlink(struct net_device *dev, struct nlattr *tb[],
+ struct ip_tunnel_parm *p, __u32 fwmark)
+--- a/net/ipv4/ip_vti.c
++++ b/net/ipv4/ip_vti.c
+@@ -452,15 +452,14 @@ static int __net_init vti_init_net(struct net *net)
+ return 0;
+ }
+
+-static void __net_exit vti_exit_net(struct net *net)
++static void __net_exit vti_exit_batch_net(struct list_head *list_net)
+ {
+- struct ip_tunnel_net *itn = net_generic(net, vti_net_id);
+- ip_tunnel_delete_net(itn, &vti_link_ops);
++ ip_tunnel_delete_nets(list_net, vti_net_id, &vti_link_ops);
+ }
+
+ static struct pernet_operations vti_net_ops = {
+ .init = vti_init_net,
+- .exit = vti_exit_net,
++ .exit_batch = vti_exit_batch_net,
+ .id = &vti_net_id,
+ .size = sizeof(struct ip_tunnel_net),
+ };
+--- a/net/ipv4/ipip.c
++++ b/net/ipv4/ipip.c
+@@ -658,15 +658,14 @@ static int __net_init ipip_init_net(struct net *net)
+ return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
+ }
+
+-static void __net_exit ipip_exit_net(struct net *net)
++static void __net_exit ipip_exit_batch_net(struct list_head *list_net)
+ {
+- struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
+- ip_tunnel_delete_net(itn, &ipip_link_ops);
++ ip_tunnel_delete_nets(list_net, ipip_net_id, &ipip_link_ops);
+ }
+
+ static struct pernet_operations ipip_net_ops = {
+ .init = ipip_init_net,
+- .exit = ipip_exit_net,
++ .exit_batch = ipip_exit_batch_net,
+ .id = &ipip_net_id,
+ .size = sizeof(struct ip_tunnel_net),
+ };
diff --git a/patches.fixes/ipv6-addrlabel-per-netns-list.patch b/patches.fixes/ipv6-addrlabel-per-netns-list.patch
new file mode 100644
index 0000000000..ed392deb47
--- /dev/null
+++ b/patches.fixes/ipv6-addrlabel-per-netns-list.patch
@@ -0,0 +1,279 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 19 Sep 2017 16:27:06 -0700
+Subject: ipv6: addrlabel: per netns list
+Patch-mainline: v4.15-rc1
+Git-commit: a90c9347e90ed1e9323d71402ed18023bc910cd8
+References: bsc#1122982
+
+Having a global list of labels do not scale to thousands of
+netns in the cloud era. This causes quadratic behavior on
+netns creation and deletion.
+
+This is time having a per netns list of ~10 labels.
+
+Tested:
+
+$ time perf record (for f in `seq 1 3000` ; do ip netns add tast$f; done)
+[ perf record: Woken up 1 times to write data ]
+[ perf record: Captured and wrote 3.637 MB perf.data (~158898 samples) ]
+
+real 0m20.837s # instead of 0m24.227s
+user 0m0.328s
+sys 0m20.338s # instead of 0m23.753s
+
+ 16.17% ip [kernel.kallsyms] [k] netlink_broadcast_filtered
+ 12.30% ip [kernel.kallsyms] [k] netlink_has_listeners
+ 6.76% ip [kernel.kallsyms] [k] _raw_spin_lock_irqsave
+ 5.78% ip [kernel.kallsyms] [k] memset_erms
+ 5.77% ip [kernel.kallsyms] [k] kobject_uevent_env
+ 5.18% ip [kernel.kallsyms] [k] refcount_sub_and_test
+ 4.96% ip [kernel.kallsyms] [k] _raw_read_lock
+ 3.82% ip [kernel.kallsyms] [k] refcount_inc_not_zero
+ 3.33% ip [kernel.kallsyms] [k] _raw_spin_unlock_irqrestore
+ 2.11% ip [kernel.kallsyms] [k] unmap_page_range
+ 1.77% ip [kernel.kallsyms] [k] __wake_up
+ 1.69% ip [kernel.kallsyms] [k] strlen
+ 1.17% ip [kernel.kallsyms] [k] __wake_up_common
+ 1.09% ip [kernel.kallsyms] [k] insert_header
+ 1.04% ip [kernel.kallsyms] [k] page_remove_rmap
+ 1.01% ip [kernel.kallsyms] [k] consume_skb
+ 0.98% ip [kernel.kallsyms] [k] netlink_trim
+ 0.51% ip [kernel.kallsyms] [k] kernfs_link_sibling
+ 0.51% ip [kernel.kallsyms] [k] filemap_map_pages
+ 0.46% ip [kernel.kallsyms] [k] memcpy_erms
+
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+
+---
+ include/net/netns/ipv6.h | 5 +++
+ net/ipv6/addrlabel.c | 81 +++++++++++++++-------------------------
+ 2 files changed, 35 insertions(+), 51 deletions(-)
+
+--- a/include/net/netns/ipv6.h
++++ b/include/net/netns/ipv6.h
+@@ -86,6 +86,11 @@ struct netns_ipv6 {
+ atomic_t dev_addr_genid;
+ atomic_t fib6_sernum;
+ struct seg6_pernet_data *seg6_data;
++ struct {
++ struct hlist_head head;
++ spinlock_t lock;
++ u32 seq;
++ } ip6addrlbl_table;
+ };
+
+ #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
+--- a/net/ipv6/addrlabel.c
++++ b/net/ipv6/addrlabel.c
+@@ -29,7 +29,6 @@
+ * Policy Table
+ */
+ struct ip6addrlbl_entry {
+- possible_net_t lbl_net;
+ struct in6_addr prefix;
+ int prefixlen;
+ int ifindex;
+@@ -40,19 +39,6 @@ struct ip6addrlbl_entry {
+ struct rcu_head rcu;
+ };
+
+-static struct ip6addrlbl_table
+-{
+- struct hlist_head head;
+- spinlock_t lock;
+- u32 seq;
+-} ip6addrlbl_table;
+-
+-static inline
+-struct net *ip6addrlbl_net(const struct ip6addrlbl_entry *lbl)
+-{
+- return read_pnet(&lbl->lbl_net);
+-}
+-
+ /*
+ * Default policy table (RFC6724 + extensions)
+ *
+@@ -147,13 +133,10 @@ static inline void ip6addrlbl_put(struct ip6addrlbl_entry *p)
+ }
+
+ /* Find label */
+-static bool __ip6addrlbl_match(struct net *net,
+- const struct ip6addrlbl_entry *p,
++static bool __ip6addrlbl_match(const struct ip6addrlbl_entry *p,
+ const struct in6_addr *addr,
+ int addrtype, int ifindex)
+ {
+- if (!net_eq(ip6addrlbl_net(p), net))
+- return false;
+ if (p->ifindex && p->ifindex != ifindex)
+ return false;
+ if (p->addrtype && p->addrtype != addrtype)
+@@ -168,8 +151,9 @@ static struct ip6addrlbl_entry *__ipv6_addr_label(struct net *net,
+ int type, int ifindex)
+ {
+ struct ip6addrlbl_entry *p;
+- hlist_for_each_entry_rcu(p, &ip6addrlbl_table.head, list) {
+- if (__ip6addrlbl_match(net, p, addr, type, ifindex))
++
++ hlist_for_each_entry_rcu(p, &net->ipv6.ip6addrlbl_table.head, list) {
++ if (__ip6addrlbl_match(p, addr, type, ifindex))
+ return p;
+ }
+ return NULL;
+@@ -195,8 +179,7 @@ u32 ipv6_addr_label(struct net *net,
+ }
+
+ /* allocate one entry */
+-static struct ip6addrlbl_entry *ip6addrlbl_alloc(struct net *net,
+- const struct in6_addr *prefix,
++static struct ip6addrlbl_entry *ip6addrlbl_alloc(const struct in6_addr *prefix,
+ int prefixlen, int ifindex,
+ u32 label)
+ {
+@@ -235,24 +218,23 @@ static struct ip6addrlbl_entry *ip6addrlbl_alloc(struct net *net,
+ newp->addrtype = addrtype;
+ newp->label = label;
+ INIT_HLIST_NODE(&newp->list);
+- write_pnet(&newp->lbl_net, net);
+ atomic_set(&newp->refcnt, 1);
+ return newp;
+ }
+
+ /* add a label */
+-static int __ip6addrlbl_add(struct ip6addrlbl_entry *newp, int replace)
++static int __ip6addrlbl_add(struct net *net, struct ip6addrlbl_entry *newp,
++ int replace)
+ {
+- struct hlist_node *n;
+ struct ip6addrlbl_entry *last = NULL, *p = NULL;
++ struct hlist_node *n;
+ int ret = 0;
+
+ ADDRLABEL(KERN_DEBUG "%s(newp=%p, replace=%d)\n", __func__, newp,
+ replace);
+
+- hlist_for_each_entry_safe(p, n, &ip6addrlbl_table.head, list) {
++ hlist_for_each_entry_safe(p, n, &net->ipv6.ip6addrlbl_table.head, list) {
+ if (p->prefixlen == newp->prefixlen &&
+- net_eq(ip6addrlbl_net(p), ip6addrlbl_net(newp)) &&
+ p->ifindex == newp->ifindex &&
+ ipv6_addr_equal(&p->prefix, &newp->prefix)) {
+ if (!replace) {
+@@ -272,10 +254,10 @@ static int __ip6addrlbl_add(struct ip6addrlbl_entry *newp, int replace)
+ if (last)
+ hlist_add_behind_rcu(&newp->list, &last->list);
+ else
+- hlist_add_head_rcu(&newp->list, &ip6addrlbl_table.head);
++ hlist_add_head_rcu(&newp->list, &net->ipv6.ip6addrlbl_table.head);
+ out:
+ if (!ret)
+- ip6addrlbl_table.seq++;
++ net->ipv6.ip6addrlbl_table.seq++;
+ return ret;
+ }
+
+@@ -291,12 +273,12 @@ static int ip6addrlbl_add(struct net *net,
+ __func__, prefix, prefixlen, ifindex, (unsigned int)label,
+ replace);
+
+- newp = ip6addrlbl_alloc(net, prefix, prefixlen, ifindex, label);
++ newp = ip6addrlbl_alloc(prefix, prefixlen, ifindex, label);
+ if (IS_ERR(newp))
+ return PTR_ERR(newp);
+- spin_lock(&ip6addrlbl_table.lock);
+- ret = __ip6addrlbl_add(newp, replace);
+- spin_unlock(&ip6addrlbl_table.lock);
++ spin_lock(&net->ipv6.ip6addrlbl_table.lock);
++ ret = __ip6addrlbl_add(net, newp, replace);
++ spin_unlock(&net->ipv6.ip6addrlbl_table.lock);
+ if (ret)
+ ip6addrlbl_free(newp);
+ return ret;
+@@ -314,9 +296,8 @@ static int __ip6addrlbl_del(struct net *net,
+ ADDRLABEL(KERN_DEBUG "%s(prefix=%pI6, prefixlen=%d, ifindex=%d)\n",
+ __func__, prefix, prefixlen, ifindex);
+
+- hlist_for_each_entry_safe(p, n, &ip6addrlbl_table.head, list) {
++ hlist_for_each_entry_safe(p, n, &net->ipv6.ip6addrlbl_table.head, list) {
+ if (p->prefixlen == prefixlen &&
+- net_eq(ip6addrlbl_net(p), net) &&
+ p->ifindex == ifindex &&
+ ipv6_addr_equal(&p->prefix, prefix)) {
+ hlist_del_rcu(&p->list);
+@@ -339,9 +320,9 @@ static int ip6addrlbl_del(struct net *net,
+ __func__, prefix, prefixlen, ifindex);
+
+ ipv6_addr_prefix(&prefix_buf, prefix, prefixlen);
+- spin_lock(&ip6addrlbl_table.lock);
++ spin_lock(&net->ipv6.ip6addrlbl_table.lock);
+ ret = __ip6addrlbl_del(net, &prefix_buf, prefixlen, ifindex);
+- spin_unlock(&ip6addrlbl_table.lock);
++ spin_unlock(&net->ipv6.ip6addrlbl_table.lock);
+ return ret;
+ }
+
+@@ -353,6 +334,9 @@ static int __net_init ip6addrlbl_net_init(struct net *net)
+
+ ADDRLABEL(KERN_DEBUG "%s\n", __func__);
+
++ spin_lock_init(&net->ipv6.ip6addrlbl_table.lock);
++ INIT_HLIST_HEAD(&net->ipv6.ip6addrlbl_table.head);
++
+ for (i = 0; i < ARRAY_SIZE(ip6addrlbl_init_table); i++) {
+ int ret = ip6addrlbl_add(net,
+ ip6addrlbl_init_table[i].prefix,
+@@ -372,14 +356,12 @@ static void __net_exit ip6addrlbl_net_exit(struct net *net)
+ struct hlist_node *n;
+
+ /* Remove all labels belonging to the exiting net */
+- spin_lock(&ip6addrlbl_table.lock);
+- hlist_for_each_entry_safe(p, n, &ip6addrlbl_table.head, list) {
+- if (net_eq(ip6addrlbl_net(p), net)) {
+- hlist_del_rcu(&p->list);
+- ip6addrlbl_put(p);
+- }
++ spin_lock(&net->ipv6.ip6addrlbl_table.lock);
++ hlist_for_each_entry_safe(p, n, &net->ipv6.ip6addrlbl_table.head, list) {
++ hlist_del_rcu(&p->list);
++ ip6addrlbl_put(p);
+ }
+- spin_unlock(&ip6addrlbl_table.lock);
++ spin_unlock(&net->ipv6.ip6addrlbl_table.lock);
+ }
+
+ static struct pernet_operations ipv6_addr_label_ops = {
+@@ -389,8 +371,6 @@ static struct pernet_operations ipv6_addr_label_ops = {
+
+ int __init ipv6_addr_label_init(void)
+ {
+- spin_lock_init(&ip6addrlbl_table.lock);
+-
+ return register_pernet_subsys(&ipv6_addr_label_ops);
+ }
+
+@@ -497,11 +477,10 @@ static int ip6addrlbl_dump(struct sk_buff *skb, struct netlink_callback *cb)
+ int err;
+
+ rcu_read_lock();
+- hlist_for_each_entry_rcu(p, &ip6addrlbl_table.head, list) {
+- if (idx >= s_idx &&
+- net_eq(ip6addrlbl_net(p), net)) {
++ hlist_for_each_entry_rcu(p, &net->ipv6.ip6addrlbl_table.head, list) {
++ if (idx >= s_idx) {
+ err = ip6addrlbl_fill(skb, p,
+- ip6addrlbl_table.seq,
++ net->ipv6.ip6addrlbl_table.seq,
+ NETLINK_CB(cb->skb).portid,
+ cb->nlh->nlmsg_seq,
+ RTM_NEWADDRLABEL,
+@@ -558,7 +537,7 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
+ p = __ipv6_addr_label(net, addr, ipv6_addr_type(addr), ifal->ifal_index);
+ if (p && !ip6addrlbl_hold(p))
+ p = NULL;
+- lseq = ip6addrlbl_table.seq;
++ lseq = net->ipv6.ip6addrlbl_table.seq;
+ rcu_read_unlock();
+
+ if (!p) {
diff --git a/patches.fixes/ipv6-speedup-ipv6-tunnels-dismantle.patch b/patches.fixes/ipv6-speedup-ipv6-tunnels-dismantle.patch
new file mode 100644
index 0000000000..a109ea03b0
--- /dev/null
+++ b/patches.fixes/ipv6-speedup-ipv6-tunnels-dismantle.patch
@@ -0,0 +1,225 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 19 Sep 2017 16:27:08 -0700
+Subject: ipv6: speedup ipv6 tunnels dismantle
+Patch-mainline: v4.15-rc1
+Git-commit: bb401caefe9d2c65e0c0fa23b21deecfbfa473fe
+References: bsc#1122982
+
+Implement exit_batch() method to dismantle more devices
+per round.
+
+(rtnl_lock() ...
+ unregister_netdevice_many() ...
+ rtnl_unlock())
+
+Tested:
+$ cat add_del_unshare.sh
+for i in `seq 1 40`
+do
+ (for j in `seq 1 100` ; do unshare -n /bin/true >/dev/null ; done) &
+done
+wait ; grep net_namespace /proc/slabinfo
+
+Before patch :
+$ time ./add_del_unshare.sh
+net_namespace 110 267 5504 1 2 : tunables 8 4 0 : slabdata 110 267 0
+
+real 3m25.292s
+user 0m0.644s
+sys 0m40.153s
+
+After patch:
+
+$ time ./add_del_unshare.sh
+net_namespace 126 282 5504 1 2 : tunables 8 4 0 : slabdata 126 282 0
+
+real 1m38.965s
+user 0m0.688s
+sys 0m37.017s
+
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+
+---
+ net/ipv6/ip6_gre.c | 8 +++++---
+ net/ipv6/ip6_tunnel.c | 20 +++++++++++---------
+ net/ipv6/ip6_vti.c | 23 ++++++++++++++---------
+ net/ipv6/sit.c | 9 ++++++---
+ 4 files changed, 36 insertions(+), 24 deletions(-)
+
+--- a/net/ipv6/ip6_gre.c
++++ b/net/ipv6/ip6_gre.c
+@@ -1199,19 +1199,21 @@ static int __net_init ip6gre_init_net(struct net *net)
+ return err;
+ }
+
+-static void __net_exit ip6gre_exit_net(struct net *net)
++static void __net_exit ip6gre_exit_batch_net(struct list_head *net_list)
+ {
++ struct net *net;
+ LIST_HEAD(list);
+
+ rtnl_lock();
+- ip6gre_destroy_tunnels(net, &list);
++ list_for_each_entry(net, net_list, exit_list)
++ ip6gre_destroy_tunnels(net, &list);
+ unregister_netdevice_many(&list);
+ rtnl_unlock();
+ }
+
+ static struct pernet_operations ip6gre_net_ops = {
+ .init = ip6gre_init_net,
+- .exit = ip6gre_exit_net,
++ .exit_batch = ip6gre_exit_batch_net,
+ .id = &ip6gre_net_id,
+ .size = sizeof(struct ip6gre_net),
+ };
+--- a/net/ipv6/ip6_tunnel.c
++++ b/net/ipv6/ip6_tunnel.c
+@@ -2184,17 +2184,16 @@ static struct xfrm6_tunnel ip6ip6_handler __read_mostly = {
+ .priority = 1,
+ };
+
+-static void __net_exit ip6_tnl_destroy_tunnels(struct net *net)
++static void __net_exit ip6_tnl_destroy_tunnels(struct net *net, struct list_head *list)
+ {
+ struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
+ struct net_device *dev, *aux;
+ int h;
+ struct ip6_tnl *t;
+- LIST_HEAD(list);
+
+ for_each_netdev_safe(net, dev, aux)
+ if (dev->rtnl_link_ops == &ip6_link_ops)
+- unregister_netdevice_queue(dev, &list);
++ unregister_netdevice_queue(dev, list);
+
+ for (h = 0; h < IP6_TUNNEL_HASH_SIZE; h++) {
+ t = rtnl_dereference(ip6n->tnls_r_l[h]);
+@@ -2203,12 +2202,10 @@ static void __net_exit ip6_tnl_destroy_tunnels(struct net *net)
+ * been added to the list by the previous loop.
+ */
+ if (!net_eq(dev_net(t->dev), net))
+- unregister_netdevice_queue(t->dev, &list);
++ unregister_netdevice_queue(t->dev, list);
+ t = rtnl_dereference(t->next);
+ }
+ }
+-
+- unregister_netdevice_many(&list);
+ }
+
+ static int __net_init ip6_tnl_init_net(struct net *net)
+@@ -2252,16 +2249,21 @@ static int __net_init ip6_tnl_init_net(struct net *net)
+ return err;
+ }
+
+-static void __net_exit ip6_tnl_exit_net(struct net *net)
++static void __net_exit ip6_tnl_exit_batch_net(struct list_head *net_list)
+ {
++ struct net *net;
++ LIST_HEAD(list);
++
+ rtnl_lock();
+- ip6_tnl_destroy_tunnels(net);
++ list_for_each_entry(net, net_list, exit_list)
++ ip6_tnl_destroy_tunnels(net, &list);
++ unregister_netdevice_many(&list);
+ rtnl_unlock();
+ }
+
+ static struct pernet_operations ip6_tnl_net_ops = {
+ .init = ip6_tnl_init_net,
+- .exit = ip6_tnl_exit_net,
++ .exit_batch = ip6_tnl_exit_batch_net,
+ .id = &ip6_tnl_net_id,
+ .size = sizeof(struct ip6_tnl_net),
+ };
+--- a/net/ipv6/ip6_vti.c
++++ b/net/ipv6/ip6_vti.c
+@@ -1086,23 +1086,22 @@ static struct rtnl_link_ops vti6_link_ops __read_mostly = {
+ .get_link_net = ip6_tnl_get_link_net,
+ };
+
+-static void __net_exit vti6_destroy_tunnels(struct vti6_net *ip6n)
++static void __net_exit vti6_destroy_tunnels(struct vti6_net *ip6n,
++ struct list_head *list)
+ {
+ int h;
+ struct ip6_tnl *t;
+- LIST_HEAD(list);
+
+ for (h = 0; h < IP6_VTI_HASH_SIZE; h++) {
+ t = rtnl_dereference(ip6n->tnls_r_l[h]);
+ while (t) {
+- unregister_netdevice_queue(t->dev, &list);
++ unregister_netdevice_queue(t->dev, list);
+ t = rtnl_dereference(t->next);
+ }
+ }
+
+ t = rtnl_dereference(ip6n->tnls_wc[0]);
+- unregister_netdevice_queue(t->dev, &list);
+- unregister_netdevice_many(&list);
++ unregister_netdevice_queue(t->dev, list);
+ }
+
+ static int __net_init vti6_init_net(struct net *net)
+@@ -1142,18 +1141,24 @@ static int __net_init vti6_init_net(struct net *net)
+ return err;
+ }
+
+-static void __net_exit vti6_exit_net(struct net *net)
++static void __net_exit vti6_exit_batch_net(struct list_head *net_list)
+ {
+- struct vti6_net *ip6n = net_generic(net, vti6_net_id);
++ struct vti6_net *ip6n;
++ struct net *net;
++ LIST_HEAD(list);
+
+ rtnl_lock();
+- vti6_destroy_tunnels(ip6n);
++ list_for_each_entry(net, net_list, exit_list) {
++ ip6n = net_generic(net, vti6_net_id);
++ vti6_destroy_tunnels(ip6n, &list);
++ }
++ unregister_netdevice_many(&list);
+ rtnl_unlock();
+ }
+
+ static struct pernet_operations vti6_net_ops = {
+ .init = vti6_init_net,
+- .exit = vti6_exit_net,
++ .exit_batch = vti6_exit_batch_net,
+ .id = &vti6_net_id,
+ .size = sizeof(struct vti6_net),
+ };
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -1850,19 +1850,22 @@ static int __net_init sit_init_net(struct net *net)
+ return err;
+ }
+
+-static void __net_exit sit_exit_net(struct net *net)
++static void __net_exit sit_exit_batch_net(struct list_head *net_list)
+ {
+ LIST_HEAD(list);
++ struct net *net;
+
+ rtnl_lock();
+- sit_destroy_tunnels(net, &list);
++ list_for_each_entry(net, net_list, exit_list)
++ sit_destroy_tunnels(net, &list);
++
+ unregister_netdevice_many(&list);
+ rtnl_unlock();
+ }
+
+ static struct pernet_operations sit_net_ops = {
+ .init = sit_init_net,
+- .exit = sit_exit_net,
++ .exit_batch = sit_exit_batch_net,
+ .id = &sit_net_id,
+ .size = sizeof(struct sit_net),
+ };
diff --git a/patches.fixes/kconfig-fix-file-name-and-line-number-of-warn_ignore.patch b/patches.fixes/kconfig-fix-file-name-and-line-number-of-warn_ignore.patch
new file mode 100644
index 0000000000..56beb751b0
--- /dev/null
+++ b/patches.fixes/kconfig-fix-file-name-and-line-number-of-warn_ignore.patch
@@ -0,0 +1,60 @@
+From 77c1c0fa8b1477c5799bdad65026ea5ff676da44 Mon Sep 17 00:00:00 2001
+From: Masahiro Yamada <yamada.masahiro@socionext.com>
+Date: Tue, 11 Dec 2018 20:00:44 +0900
+Subject: [PATCH] kconfig: fix file name and line number of warn_ignored_character()
+Git-commit: 77c1c0fa8b1477c5799bdad65026ea5ff676da44
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+Currently, warn_ignore_character() displays invalid file name and
+line number.
+
+The lexer should use current_file->name and yylineno, while the parser
+should use zconf_curname() and zconf_lineno().
+
+This difference comes from that the lexer is always going ahead
+of the parser. The parser needs to look ahead one token to make a
+shift/reduce decision, so the lexer is requested to scan more text
+from the input file.
+
+This commit fixes the warning message from warn_ignored_character().
+
+[Test Code]
+
+ ----(Kconfig begin)----
+ /
+ -----(Kconfig end)-----
+
+[Output]
+
+ Before the fix:
+
+ <none>:0:warning: ignoring unsupported character '/'
+
+ After the fix:
+
+ Kconfig:1:warning: ignoring unsupported character '/'
+
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ scripts/kconfig/zconf.l | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scripts/kconfig/zconf.l b/scripts/kconfig/zconf.l
+index 25bd2b89fe3f..eeac64ccc730 100644
+--- a/scripts/kconfig/zconf.l
++++ b/scripts/kconfig/zconf.l
+@@ -73,7 +73,7 @@ static void warn_ignored_character(char chr)
+ {
+ fprintf(stderr,
+ "%s:%d:warning: ignoring unsupported character '%c'\n",
+- zconf_curname(), zconf_lineno(), chr);
++ current_file->name, yylineno, chr);
+ }
+ %}
+
+--
+2.16.4
+
diff --git a/patches.fixes/kconfig-fix-line-numbers-for-if-entries-in-menu-tree.patch b/patches.fixes/kconfig-fix-line-numbers-for-if-entries-in-menu-tree.patch
new file mode 100644
index 0000000000..c71f706b8c
--- /dev/null
+++ b/patches.fixes/kconfig-fix-line-numbers-for-if-entries-in-menu-tree.patch
@@ -0,0 +1,71 @@
+From b2d00d7c61c84edd150310af3f556f8a3c6e2e67 Mon Sep 17 00:00:00 2001
+From: Dirk Gouders <dirk@gouders.net>
+Date: Thu, 21 Jun 2018 15:30:54 +0200
+Subject: [PATCH] kconfig: fix line numbers for if-entries in menu tree
+Git-commit: b2d00d7c61c84edd150310af3f556f8a3c6e2e67
+Patch-mainline: v4.18-rc3
+References: bsc#1051510
+
+The line numers for if-entries in the menu tree are off by one or more
+lines which is confusing when debugging for correctness of unrelated changes.
+
+According to the git log, commit a02f0570ae201c49 (kconfig: improve
+error handling in the parser) was the last one that changed that part
+of the parser and replaced
+
+ "if_entry: T_IF expr T_EOL"
+by
+ "if_entry: T_IF expr nl"
+
+but the commit message does not state why this has been done.
+
+When reverting that part of the commit, only the line numers are
+corrected (checked with cdebug = DEBUG_PARSE in zconf.y), otherwise
+the menu tree remains unchanged (checked with zconfdump() enabled in
+conf.c).
+
+An example for the corrected line numbers:
+
+drivers/soc/Kconfig:15:source drivers/soc/tegra/Kconfig
+drivers/soc/tegra/Kconfig:4:if
+drivers/soc/tegra/Kconfig:6:if
+
+changes to:
+
+drivers/soc/Kconfig:15:source drivers/soc/tegra/Kconfig
+drivers/soc/tegra/Kconfig:1:if
+drivers/soc/tegra/Kconfig:4:if
+
+Signed-off-by: Dirk Gouders <dirk@gouders.net>
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ scripts/kconfig/zconf.y | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/kconfig/zconf.y b/scripts/kconfig/zconf.y
+index 6f9b0aa32a82..ed84d4a8e288 100644
+--- a/scripts/kconfig/zconf.y
++++ b/scripts/kconfig/zconf.y
+@@ -31,7 +31,7 @@ struct symbol *symbol_hash[SYMBOL_HASHSIZE];
+ static struct menu *current_menu, *current_entry;
+
+ %}
+-%expect 32
++%expect 31
+
+ %union
+ {
+@@ -337,7 +337,7 @@ choice_block:
+
+ /* if entry */
+
+-if_entry: T_IF expr nl
++if_entry: T_IF expr T_EOL
+ {
+ printd(DEBUG_PARSE, "%s:%d:if\n", zconf_curname(), zconf_lineno());
+ menu_add_entry(NULL);
+--
+2.16.4
+
diff --git a/patches.fixes/kconfig-fix-memory-leak-when-EOF-is-encountered-in-q.patch b/patches.fixes/kconfig-fix-memory-leak-when-EOF-is-encountered-in-q.patch
new file mode 100644
index 0000000000..0d33c1ef00
--- /dev/null
+++ b/patches.fixes/kconfig-fix-memory-leak-when-EOF-is-encountered-in-q.patch
@@ -0,0 +1,69 @@
+From fbac5977d81cb2b2b7e37b11c459055d9585273c Mon Sep 17 00:00:00 2001
+From: Masahiro Yamada <yamada.masahiro@socionext.com>
+Date: Tue, 11 Dec 2018 20:00:45 +0900
+Subject: [PATCH] kconfig: fix memory leak when EOF is encountered in quotation
+Git-commit: fbac5977d81cb2b2b7e37b11c459055d9585273c
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+An unterminated string literal followed by new line is passed to the
+parser (with "multi-line strings not supported" warning shown), then
+handled properly there.
+
+On the other hand, an unterminated string literal at end of file is
+never passed to the parser, then results in memory leak.
+
+[Test Code]
+
+ ----------(Kconfig begin)----------
+ source "Kconfig.inc"
+
+ config A
+ bool "a"
+ -----------(Kconfig end)-----------
+
+ --------(Kconfig.inc begin)--------
+ config B
+ bool "b\No new line at end of file
+ ---------(Kconfig.inc end)---------
+
+[Summary from Valgrind]
+
+ Before the fix:
+
+ LEAK SUMMARY:
+ definitely lost: 16 bytes in 1 blocks
+ ...
+
+ After the fix:
+
+ LEAK SUMMARY:
+ definitely lost: 0 bytes in 0 blocks
+ ...
+
+Eliminate the memory leak path by handling this case. Of course, such
+a Kconfig file is wrong already, so I will add an error message later.
+
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ scripts/kconfig/zconf.l | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/scripts/kconfig/zconf.l b/scripts/kconfig/zconf.l
+index eeac64ccc730..c2f577d71964 100644
+--- a/scripts/kconfig/zconf.l
++++ b/scripts/kconfig/zconf.l
+@@ -221,6 +221,8 @@ n [A-Za-z0-9_-]
+ }
+ <<EOF>> {
+ BEGIN(INITIAL);
++ yylval.string = text;
++ return T_WORD_QUOTE;
+ }
+ }
+
+--
+2.16.4
+
diff --git a/patches.fixes/kconfig-fix-the-rule-of-mainmenu_stmt-symbol.patch b/patches.fixes/kconfig-fix-the-rule-of-mainmenu_stmt-symbol.patch
new file mode 100644
index 0000000000..a617cd8d0b
--- /dev/null
+++ b/patches.fixes/kconfig-fix-the-rule-of-mainmenu_stmt-symbol.patch
@@ -0,0 +1,48 @@
+From 56869d45e364244a721de34ce9c5dc9ed022779e Mon Sep 17 00:00:00 2001
+From: Masahiro Yamada <yamada.masahiro@socionext.com>
+Date: Thu, 9 Aug 2018 15:47:06 +0900
+Subject: [PATCH] kconfig: fix the rule of mainmenu_stmt symbol
+Git-commit: 56869d45e364244a721de34ce9c5dc9ed022779e
+Patch-mainline: v4.19-rc1
+References: bsc#1051510
+
+The rule of mainmenu_stmt does not have debug print of zconf_lineno(),
+but if it had, it would print a wrong line number for the same reason
+as commit b2d00d7c61c8 ("kconfig: fix line numbers for if-entries in
+menu tree").
+
+The mainmenu_stmt does not need to eat following empty lines because
+they are reduced to common_stmt.
+
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ scripts/kconfig/zconf.y | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/kconfig/zconf.y b/scripts/kconfig/zconf.y
+index 96081aa0fef0..22fceb264cf5 100644
+--- a/scripts/kconfig/zconf.y
++++ b/scripts/kconfig/zconf.y
+@@ -31,7 +31,7 @@ struct symbol *symbol_hash[SYMBOL_HASHSIZE];
+ static struct menu *current_menu, *current_entry;
+
+ %}
+-%expect 31
++%expect 30
+
+ %union
+ {
+@@ -117,7 +117,7 @@ start: mainmenu_stmt stmt_list | stmt_list;
+
+ /* mainmenu entry */
+
+-mainmenu_stmt: T_MAINMENU prompt nl
++mainmenu_stmt: T_MAINMENU prompt T_EOL
+ {
+ menu_add_prompt(P_MENU, $2, NULL);
+ };
+--
+2.16.4
+
diff --git a/patches.fixes/kgdboc-Fix-restrict-error.patch b/patches.fixes/kgdboc-Fix-restrict-error.patch
new file mode 100644
index 0000000000..02eb006cc8
--- /dev/null
+++ b/patches.fixes/kgdboc-Fix-restrict-error.patch
@@ -0,0 +1,57 @@
+From 2dd453168643d9475028cd867c57e65956a0f7f9 Mon Sep 17 00:00:00 2001
+From: Laura Abbott <labbott@redhat.com>
+Date: Mon, 10 Sep 2018 16:20:14 -0700
+Subject: [PATCH] kgdboc: Fix restrict error
+Mime-version: 1.0
+Content-type: text/plain; charset=UTF-8
+Content-transfer-encoding: 8bit
+Git-commit: 2dd453168643d9475028cd867c57e65956a0f7f9
+Patch-mainline: v4.20-rc1
+References: bsc#1051510
+
+There's an error when compiled with restrict:
+
+Drivers/tty/serial/kgdboc.c: In function ‘configure_kgdboc’:
+drivers/tty/serial/kgdboc.c:137:2: error: ‘strcpy’ source argument is the same
+as destination [-Werror=restrict]
+ strcpy(config, opt);
+ ^~~~~~~~~~~~~~~~~~~
+
+As the error implies, this is from trying to use config as both source and
+destination. Drop the call to the function where config is the argument
+since nothing else happens in the function.
+
+Signed-off-by: Laura Abbott <labbott@redhat.com>
+Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/tty/serial/kgdboc.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c
+index 371357d5e216..e9a83bb5bee5 100644
+--- a/drivers/tty/serial/kgdboc.c
++++ b/drivers/tty/serial/kgdboc.c
+@@ -162,15 +162,13 @@ static int configure_kgdboc(void)
+ {
+ struct tty_driver *p;
+ int tty_line = 0;
+- int err;
++ int err = -ENODEV;
+ char *cptr = config;
+ struct console *cons;
+
+- err = kgdboc_option_setup(config);
+- if (err || !strlen(config) || isspace(config[0]))
++ if (!strlen(config) || isspace(config[0]))
+ goto noconfig;
+
+- err = -ENODEV;
+ kgdboc_io_ops.is_console = 0;
+ kgdb_tty_driver = NULL;
+
+--
+2.16.4
+
diff --git a/patches.fixes/kgdboc-Fix-warning-with-module-build.patch b/patches.fixes/kgdboc-Fix-warning-with-module-build.patch
new file mode 100644
index 0000000000..d51c59ab3d
--- /dev/null
+++ b/patches.fixes/kgdboc-Fix-warning-with-module-build.patch
@@ -0,0 +1,81 @@
+From 1cd25cbb2fedbc777f3a8c3cb1ba69b645aeaa64 Mon Sep 17 00:00:00 2001
+From: Laura Abbott <labbott@redhat.com>
+Date: Wed, 19 Sep 2018 18:59:01 -0700
+Subject: [PATCH] kgdboc: Fix warning with module build
+Git-commit: 1cd25cbb2fedbc777f3a8c3cb1ba69b645aeaa64
+Patch-mainline: v4.20-rc1
+References: bsc#1051510
+
+After 2dd453168643 ("kgdboc: Fix restrict error"), kgdboc_option_setup is
+now only used when built in, resulting in a warning when compiled as a
+Module:
+
+drivers/tty/serial/kgdboc.c:134:12: warning: 'kgdboc_option_setup' defined but not used [-Wunused-function]
+ static int kgdboc_option_setup(char *opt)
+ ^~~~~~~~~~~~~~~~~~~
+
+Move the function under the appropriate ifdef for builtin only.
+
+Fixes: 2dd453168643 ("kgdboc: Fix restrict error")
+Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
+Signed-off-by: Laura Abbott <labbott@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/tty/serial/kgdboc.c | 37 +++++++++++++++++++------------------
+ 1 file changed, 19 insertions(+), 18 deletions(-)
+
+--- a/drivers/tty/serial/kgdboc.c
++++ b/drivers/tty/serial/kgdboc.c
+@@ -131,24 +131,6 @@ static void kgdboc_unregister_kbd(void)
+ #define kgdboc_restore_input()
+ #endif /* ! CONFIG_KDB_KEYBOARD */
+
+-static int kgdboc_option_setup(char *opt)
+-{
+- if (!opt) {
+- pr_err("kgdboc: config string not provided\n");
+- return -EINVAL;
+- }
+-
+- if (strlen(opt) >= MAX_CONFIG_LEN) {
+- printk(KERN_ERR "kgdboc: config string too long\n");
+- return -ENOSPC;
+- }
+- strcpy(config, opt);
+-
+- return 0;
+-}
+-
+-__setup("kgdboc=", kgdboc_option_setup);
+-
+ static void cleanup_kgdboc(void)
+ {
+ if (kgdb_unregister_nmi_console())
+@@ -316,6 +298,25 @@ static struct kgdb_io kgdboc_io_ops = {
+ };
+
+ #ifdef CONFIG_KGDB_SERIAL_CONSOLE
++static int kgdboc_option_setup(char *opt)
++{
++ if (!opt) {
++ pr_err("config string not provided\n");
++ return -EINVAL;
++ }
++
++ if (strlen(opt) >= MAX_CONFIG_LEN) {
++ pr_err("config string too long\n");
++ return -ENOSPC;
++ }
++ strcpy(config, opt);
++
++ return 0;
++}
++
++__setup("kgdboc=", kgdboc_option_setup);
++
++
+ /* This is only available if kgdboc is a built in for early debugging */
+ static int __init kgdboc_early_init(char *opt)
+ {
diff --git a/patches.fixes/kgdboc-fix-KASAN-global-out-of-bounds-bug-in-param_s.patch b/patches.fixes/kgdboc-fix-KASAN-global-out-of-bounds-bug-in-param_s.patch
new file mode 100644
index 0000000000..fb61be62c9
--- /dev/null
+++ b/patches.fixes/kgdboc-fix-KASAN-global-out-of-bounds-bug-in-param_s.patch
@@ -0,0 +1,81 @@
+From dada6a43b0402eba438a17ac86fdc64ac56a4607 Mon Sep 17 00:00:00 2001
+From: Macpaul Lin <macpaul@gmail.com>
+Date: Wed, 17 Oct 2018 23:08:38 +0800
+Subject: [PATCH] kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var()
+Git-commit: dada6a43b0402eba438a17ac86fdc64ac56a4607
+Patch-mainline: v4.20-rc6
+References: bsc#1051510
+
+This patch is trying to fix KE issue due to
+"bug: KASAN: global-out-of-bounds in param_set_kgdboc_var+0x194/0x198"
+reported by Syzkaller scan."
+
+[26364:syz-executor0][name:report8t]BUG: KASAN: global-out-of-bounds in param_set_kgdboc_var+0x194/0x198
+[26364:syz-executor0][name:report&]Read of size 1 at addr ffffff900e44f95f by task syz-executor0/26364
+[26364:syz-executor0][name:report&]
+[26364:syz-executor0]CPU: 7 PID: 26364 Comm: syz-executor0 Tainted: G W 0
+[26364:syz-executor0]Call trace:
+[26364:syz-executor0][<ffffff9008095cf8>] dump_bacIctrace+Ox0/0x470
+[26364:syz-executor0][<ffffff9008096de0>] show_stack+0x20/0x30
+[26364:syz-executor0][<ffffff90089cc9c8>] dump_stack+Oxd8/0x128
+[26364:syz-executor0][<ffffff90084edb38>] print_address_description +0x80/0x4a8
+[26364:syz-executor0][<ffffff90084ee270>] kasan_report+Ox178/0x390
+[26364:syz-executor0][<ffffff90084ee4a0>] _asan_report_loadi_noabort+Ox18/0x20
+[26364:syz-executor0][<ffffff9008b092ac>] param_set_kgdboc_var+Ox194/0x198
+[26364:syz-executor0][<ffffff900813af64>] param_attr_store+Ox14c/0x270
+[26364:syz-executor0][<ffffff90081394c8>] module_attr_store+0x60/0x90
+[26364:syz-executor0][<ffffff90086690c0>] sysfs_kl_write+Ox100/0x158
+[26364:syz-executor0][<ffffff9008666d84>] kernfs_fop_write+0x27c/0x3a8
+[26364:syz-executor0][<ffffff9008508264>] do_loop_readv_writev+0x114/0x1b0
+[26364:syz-executor0][<ffffff9008509ac8>] do_readv_writev+0x4f8/0x5e0
+[26364:syz-executor0][<ffffff9008509ce4>] vfs_writev+0x7c/Oxb8
+[26364:syz-executor0][<ffffff900850ba64>] SyS_writev+Oxcc/0x208
+[26364:syz-executor0][<ffffff90080883f0>] elO_svc_naked +0x24/0x28
+[26364:syz-executor0][name:report&]
+[26364:syz-executor0][name:report&]The buggy address belongs to the variable:
+[26364:syz-executor0][name:report&] kgdb_tty_line+Ox3f/0x40
+[26364:syz-executor0][name:report&]
+[26364:syz-executor0][name:report&]Memory state around the buggy address:
+[26364:syz-executor0] ffffff900e44f800: 00 00 00 00 00 04 fa fa fa fa fa fa 00 fa fa fa
+[26364:syz-executor0] ffffff900e44f880: fa fa fa fa 00 fa fa fa fa fa fa fa 00 fa fa fa
+[26364:syz-executor0]> ffffff900e44f900: fa fa fa fa 04 fa fa fa fa fa fa fa 00 00 00 00
+[26364:syz-executor0][name:report&] ^
+[26364:syz-executor0] ffffff900e44f980: 00 fa fa fa fa fa fa fa 04 fa fa fa fa fa fa fa
+[26364:syz-executor0] ffffff900e44fa00: 04 fa fa fa fa fa fa fa 00 fa fa fa fa fa fa fa
+[26364:syz-executor0][name:report&]
+[26364:syz-executor0][name:panic&]Disabling lock debugging due to kernel taint
+[26364:syz-executor0]------------[cut here]------------
+
+After checking the source code, we've found there might be an out-of-bounds
+access to "config[len - 1]" array when the variable "len" is zero.
+
+Signed-off-by: Macpaul Lin <macpaul@gmail.com>
+Acked-by: Daniel Thompson <daniel.thompson@linaro.org>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/tty/serial/kgdboc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/tty/serial/kgdboc.c
++++ b/drivers/tty/serial/kgdboc.c
+@@ -250,7 +250,7 @@ static void kgdboc_put_char(u8 chr)
+
+ static int param_set_kgdboc_var(const char *kmessage, struct kernel_param *kp)
+ {
+- int len = strlen(kmessage);
++ size_t len = strlen(kmessage);
+
+ if (len >= MAX_CONFIG_LEN) {
+ printk(KERN_ERR "kgdboc: config string too long\n");
+@@ -272,7 +272,7 @@ static int param_set_kgdboc_var(const ch
+
+ strcpy(config, kmessage);
+ /* Chop out \n char as a result of echo */
+- if (config[len - 1] == '\n')
++ if (len && config[len - 1] == '\n')
+ config[len - 1] = '\0';
+
+ if (configured == 1)
diff --git a/patches.fixes/kobject-add-kobject_uevent_net_broadcast.patch b/patches.fixes/kobject-add-kobject_uevent_net_broadcast.patch
new file mode 100644
index 0000000000..b1aefbc3c5
--- /dev/null
+++ b/patches.fixes/kobject-add-kobject_uevent_net_broadcast.patch
@@ -0,0 +1,136 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 19 Sep 2017 16:27:03 -0700
+Subject: kobject: add kobject_uevent_net_broadcast()
+Patch-mainline: v4.15-rc1
+Git-commit: 16dff336b33d87c15d9cbe933cfd275aae2a8251
+References: bsc#1122982
+
+This removes some #ifdef pollution and will ease follow up patches.
+
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+
+---
+ lib/kobject_uevent.c | 96 ++++++++++++++++++++++++--------------------
+ 1 file changed, 53 insertions(+), 43 deletions(-)
+
+--- a/lib/kobject_uevent.c
++++ b/lib/kobject_uevent.c
+@@ -151,6 +151,57 @@ static void cleanup_uevent_env(struct subprocess_info *info)
+ }
+ #endif
+
++static int kobject_uevent_net_broadcast(struct kobject *kobj,
++ struct kobj_uevent_env *env,
++ const char *action_string,
++ const char *devpath)
++{
++ int retval = 0;
++#if defined(CONFIG_NET)
++ struct uevent_sock *ue_sk;
++
++ /* send netlink message */
++ list_for_each_entry(ue_sk, &uevent_sock_list, list) {
++ struct sock *uevent_sock = ue_sk->sk;
++ struct sk_buff *skb;
++ size_t len;
++
++ if (!netlink_has_listeners(uevent_sock, 1))
++ continue;
++
++ /* allocate message with the maximum possible size */
++ len = strlen(action_string) + strlen(devpath) + 2;
++ skb = alloc_skb(len + env->buflen, GFP_KERNEL);
++ if (skb) {
++ char *scratch;
++ int i;
++
++ /* add header */
++ scratch = skb_put(skb, len);
++ sprintf(scratch, "%s@%s", action_string, devpath);
++
++ /* copy keys to our continuous event payload buffer */
++ for (i = 0; i < env->envp_idx; i++) {
++ len = strlen(env->envp[i]) + 1;
++ scratch = skb_put(skb, len);
++ strcpy(scratch, env->envp[i]);
++ }
++
++ NETLINK_CB(skb).dst_group = 1;
++ retval = netlink_broadcast_filtered(uevent_sock, skb,
++ 0, 1, GFP_KERNEL,
++ kobj_bcast_filter,
++ kobj);
++ /* ENOBUFS should be handled in userspace */
++ if (retval == -ENOBUFS || retval == -ESRCH)
++ retval = 0;
++ } else
++ retval = -ENOMEM;
++ }
++#endif
++ return retval;
++}
++
+ /**
+ * kobject_uevent_env - send an uevent with environmental data
+ *
+@@ -173,9 +224,6 @@ int kobject_uevent_env(struct kobject *kobj, enum kobject_action action,
+ const struct kset_uevent_ops *uevent_ops;
+ int i = 0;
+ int retval = 0;
+-#ifdef CONFIG_NET
+- struct uevent_sock *ue_sk;
+-#endif
+
+ pr_debug("kobject: '%s' (%p): %s\n",
+ kobject_name(kobj), kobj, __func__);
+@@ -284,46 +332,8 @@ int kobject_uevent_env(struct kobject *kobj, enum kobject_action action,
+ mutex_unlock(&uevent_sock_mutex);
+ goto exit;
+ }
+-
+-#if defined(CONFIG_NET)
+- /* send netlink message */
+- list_for_each_entry(ue_sk, &uevent_sock_list, list) {
+- struct sock *uevent_sock = ue_sk->sk;
+- struct sk_buff *skb;
+- size_t len;
+-
+- if (!netlink_has_listeners(uevent_sock, 1))
+- continue;
+-
+- /* allocate message with the maximum possible size */
+- len = strlen(action_string) + strlen(devpath) + 2;
+- skb = alloc_skb(len + env->buflen, GFP_KERNEL);
+- if (skb) {
+- char *scratch;
+-
+- /* add header */
+- scratch = skb_put(skb, len);
+- sprintf(scratch, "%s@%s", action_string, devpath);
+-
+- /* copy keys to our continuous event payload buffer */
+- for (i = 0; i < env->envp_idx; i++) {
+- len = strlen(env->envp[i]) + 1;
+- scratch = skb_put(skb, len);
+- strcpy(scratch, env->envp[i]);
+- }
+-
+- NETLINK_CB(skb).dst_group = 1;
+- retval = netlink_broadcast_filtered(uevent_sock, skb,
+- 0, 1, GFP_KERNEL,
+- kobj_bcast_filter,
+- kobj);
+- /* ENOBUFS should be handled in userspace */
+- if (retval == -ENOBUFS || retval == -ESRCH)
+- retval = 0;
+- } else
+- retval = -ENOMEM;
+- }
+-#endif
++ retval = kobject_uevent_net_broadcast(kobj, env, action_string,
++ devpath);
+ mutex_unlock(&uevent_sock_mutex);
+
+ #ifdef CONFIG_UEVENT_HELPER
diff --git a/patches.fixes/kobject-copy-env-blob-in-one-go.patch b/patches.fixes/kobject-copy-env-blob-in-one-go.patch
new file mode 100644
index 0000000000..28dcbb3061
--- /dev/null
+++ b/patches.fixes/kobject-copy-env-blob-in-one-go.patch
@@ -0,0 +1,70 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 19 Sep 2017 16:27:04 -0700
+Subject: kobject: copy env blob in one go
+Patch-mainline: v4.15-rc1
+Git-commit: 4a336a23d619e96aef37d4d054cfadcdd1b581ba
+References: bsc#1122982
+
+No need to iterate over strings, just copy in one efficient memcpy() call.
+
+Tested:
+time perf record "(for f in `seq 1 3000` ; do ip netns add tast$f; done)"
+[ perf record: Woken up 10 times to write data ]
+[ perf record: Captured and wrote 8.224 MB perf.data (~359301 samples) ]
+
+real 0m52.554s # instead of 1m7.492s
+user 0m0.309s
+sys 0m51.375s # instead of 1m6.875s
+
+ 9.88% ip [kernel.kallsyms] [k] netlink_broadcast_filtered
+ 8.86% ip [kernel.kallsyms] [k] string
+ 7.37% ip [kernel.kallsyms] [k] __ip6addrlbl_add
+ 5.68% ip [kernel.kallsyms] [k] netlink_has_listeners
+ 5.52% ip [kernel.kallsyms] [k] memcpy_erms
+ 4.76% ip [kernel.kallsyms] [k] __alloc_skb
+ 4.54% ip [kernel.kallsyms] [k] vsnprintf
+ 3.94% ip [kernel.kallsyms] [k] format_decode
+ 3.80% ip [kernel.kallsyms] [k] kmem_cache_alloc_node_trace
+ 3.71% ip [kernel.kallsyms] [k] kmem_cache_alloc_node
+ 3.66% ip [kernel.kallsyms] [k] kobject_uevent_env
+ 3.38% ip [kernel.kallsyms] [k] strlen
+ 2.65% ip [kernel.kallsyms] [k] _raw_spin_lock_irqsave
+ 2.20% ip [kernel.kallsyms] [k] kfree
+ 2.09% ip [kernel.kallsyms] [k] memset_erms
+ 2.07% ip [kernel.kallsyms] [k] ___cache_free
+ 1.95% ip [kernel.kallsyms] [k] kmem_cache_free
+ 1.91% ip [kernel.kallsyms] [k] _raw_read_lock
+ 1.45% ip [kernel.kallsyms] [k] ksize
+ 1.25% ip [kernel.kallsyms] [k] _raw_spin_unlock_irqrestore
+ 1.00% ip [kernel.kallsyms] [k] widen_string
+
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+
+---
+ lib/kobject_uevent.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+--- a/lib/kobject_uevent.c
++++ b/lib/kobject_uevent.c
+@@ -174,18 +174,12 @@ static int kobject_uevent_net_broadcast(struct kobject *kobj,
+ skb = alloc_skb(len + env->buflen, GFP_KERNEL);
+ if (skb) {
+ char *scratch;
+- int i;
+
+ /* add header */
+ scratch = skb_put(skb, len);
+ sprintf(scratch, "%s@%s", action_string, devpath);
+
+- /* copy keys to our continuous event payload buffer */
+- for (i = 0; i < env->envp_idx; i++) {
+- len = strlen(env->envp[i]) + 1;
+- scratch = skb_put(skb, len);
+- strcpy(scratch, env->envp[i]);
+- }
++ skb_put_data(skb, env->buf, env->buflen);
+
+ NETLINK_CB(skb).dst_group = 1;
+ retval = netlink_broadcast_filtered(uevent_sock, skb,
diff --git a/patches.fixes/kobject-factorize-skb-setup-in-kobject_uevent_net_br.patch b/patches.fixes/kobject-factorize-skb-setup-in-kobject_uevent_net_br.patch
new file mode 100644
index 0000000000..b118ebb061
--- /dev/null
+++ b/patches.fixes/kobject-factorize-skb-setup-in-kobject_uevent_net_br.patch
@@ -0,0 +1,110 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 19 Sep 2017 16:27:05 -0700
+Subject: kobject: factorize skb setup in kobject_uevent_net_broadcast()
+Patch-mainline: v4.15-rc1
+Git-commit: d464e84eed02993d40ad55fdc19f4523e4deee5b
+References: bsc#1122982
+
+We can build one skb and let it be cloned in netlink.
+
+This is much faster, and use less memory (all clones will
+share the same skb->head)
+
+Tested:
+
+time perf record (for f in `seq 1 3000` ; do ip netns add tast$f; done)
+[ perf record: Woken up 1 times to write data ]
+[ perf record: Captured and wrote 4.110 MB perf.data (~179584 samples) ]
+
+real 0m24.227s # instead of 0m52.554s
+user 0m0.329s
+sys 0m23.753s # instead of 0m51.375s
+
+ 14.77% ip [kernel.kallsyms] [k] __ip6addrlbl_add
+ 14.56% ip [kernel.kallsyms] [k] netlink_broadcast_filtered
+ 11.65% ip [kernel.kallsyms] [k] netlink_has_listeners
+ 6.19% ip [kernel.kallsyms] [k] _raw_spin_lock_irqsave
+ 5.66% ip [kernel.kallsyms] [k] kobject_uevent_env
+ 4.97% ip [kernel.kallsyms] [k] memset_erms
+ 4.67% ip [kernel.kallsyms] [k] refcount_sub_and_test
+ 4.41% ip [kernel.kallsyms] [k] _raw_read_lock
+ 3.59% ip [kernel.kallsyms] [k] refcount_inc_not_zero
+ 3.13% ip [kernel.kallsyms] [k] _raw_spin_unlock_irqrestore
+ 1.55% ip [kernel.kallsyms] [k] __wake_up
+ 1.20% ip [kernel.kallsyms] [k] strlen
+ 1.03% ip [kernel.kallsyms] [k] __wake_up_common
+ 0.93% ip [kernel.kallsyms] [k] consume_skb
+ 0.92% ip [kernel.kallsyms] [k] netlink_trim
+ 0.87% ip [kernel.kallsyms] [k] insert_header
+ 0.63% ip [kernel.kallsyms] [k] unmap_page_range
+
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+
+---
+ lib/kobject_uevent.c | 34 +++++++++++++++++++---------------
+ 1 file changed, 19 insertions(+), 15 deletions(-)
+
+--- a/lib/kobject_uevent.c
++++ b/lib/kobject_uevent.c
+@@ -158,23 +158,26 @@ static int kobject_uevent_net_broadcast(struct kobject *kobj,
+ {
+ int retval = 0;
+ #if defined(CONFIG_NET)
++ struct sk_buff *skb = NULL;
+ struct uevent_sock *ue_sk;
+
+ /* send netlink message */
+ list_for_each_entry(ue_sk, &uevent_sock_list, list) {
+ struct sock *uevent_sock = ue_sk->sk;
+- struct sk_buff *skb;
+- size_t len;
+
+ if (!netlink_has_listeners(uevent_sock, 1))
+ continue;
+
+- /* allocate message with the maximum possible size */
+- len = strlen(action_string) + strlen(devpath) + 2;
+- skb = alloc_skb(len + env->buflen, GFP_KERNEL);
+- if (skb) {
++ if (!skb) {
++ /* allocate message with the maximum possible size */
++ size_t len = strlen(action_string) + strlen(devpath) + 2;
+ char *scratch;
+
++ retval = -ENOMEM;
++ skb = alloc_skb(len + env->buflen, GFP_KERNEL);
++ if (!skb)
++ continue;
++
+ /* add header */
+ scratch = skb_put(skb, len);
+ sprintf(scratch, "%s@%s", action_string, devpath);
+@@ -182,16 +185,17 @@ static int kobject_uevent_net_broadcast(struct kobject *kobj,
+ skb_put_data(skb, env->buf, env->buflen);
+
+ NETLINK_CB(skb).dst_group = 1;
+- retval = netlink_broadcast_filtered(uevent_sock, skb,
+- 0, 1, GFP_KERNEL,
+- kobj_bcast_filter,
+- kobj);
+- /* ENOBUFS should be handled in userspace */
+- if (retval == -ENOBUFS || retval == -ESRCH)
+- retval = 0;
+- } else
+- retval = -ENOMEM;
++ }
++
++ retval = netlink_broadcast_filtered(uevent_sock, skb_get(skb),
++ 0, 1, GFP_KERNEL,
++ kobj_bcast_filter,
++ kobj);
++ /* ENOBUFS should be handled in userspace */
++ if (retval == -ENOBUFS || retval == -ESRCH)
++ retval = 0;
+ }
++ consume_skb(skb);
+ #endif
+ return retval;
+ }
diff --git a/patches.fixes/kprobes-Return-error-if-we-fail-to-reuse-kprobe-inst.patch b/patches.fixes/kprobes-Return-error-if-we-fail-to-reuse-kprobe-inst.patch
new file mode 100644
index 0000000000..235ec99390
--- /dev/null
+++ b/patches.fixes/kprobes-Return-error-if-we-fail-to-reuse-kprobe-inst.patch
@@ -0,0 +1,90 @@
+From 819319fc93461c07b9cdb3064f154bd8cfd48172 Mon Sep 17 00:00:00 2001
+From: Masami Hiramatsu <mhiramat@kernel.org>
+Date: Tue, 11 Sep 2018 19:20:40 +0900
+Subject: [PATCH] kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
+Git-commit: 819319fc93461c07b9cdb3064f154bd8cfd48172
+Patch-mainline: v4.20-rc1
+References: bsc#1051510
+
+Make reuse_unused_kprobe() to return error code if
+it fails to reuse unused kprobe for optprobe instead
+of calling BUG_ON().
+
+Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
+Cc: David S . Miller <davem@davemloft.net>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Naveen N . Rao <naveen.n.rao@linux.vnet.ibm.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Link: http://lkml.kernel.org/r/153666124040.21306.14150398706331307654.stgit@devbox
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ kernel/kprobes.c | 27 ++++++++++++++++++++-------
+ 1 file changed, 20 insertions(+), 7 deletions(-)
+
+--- a/kernel/kprobes.c
++++ b/kernel/kprobes.c
+@@ -697,9 +697,10 @@ static void unoptimize_kprobe(struct kpr
+ }
+
+ /* Cancel unoptimizing for reusing */
+-static void reuse_unused_kprobe(struct kprobe *ap)
++static int reuse_unused_kprobe(struct kprobe *ap)
+ {
+ struct optimized_kprobe *op;
++ int ret;
+
+ BUG_ON(!kprobe_unused(ap));
+ /*
+@@ -713,8 +714,12 @@ static void reuse_unused_kprobe(struct k
+ /* Enable the probe again */
+ ap->flags &= ~KPROBE_FLAG_DISABLED;
+ /* Optimize it again (remove from op->list) */
+- BUG_ON(!kprobe_optready(ap));
++ ret = kprobe_optready(ap);
++ if (ret)
++ return ret;
++
+ optimize_kprobe(ap);
++ return 0;
+ }
+
+ /* Remove optimized instructions */
+@@ -933,11 +938,16 @@ static void __disarm_kprobe(struct kprob
+ #define kprobe_disarmed(p) kprobe_disabled(p)
+ #define wait_for_kprobe_optimizer() do {} while (0)
+
+-/* There should be no unused kprobes can be reused without optimization */
+-static void reuse_unused_kprobe(struct kprobe *ap)
++static int reuse_unused_kprobe(struct kprobe *ap)
+ {
++ /*
++ * If the optimized kprobe is NOT supported, the aggr kprobe is
++ * released at the same time that the last aggregated kprobe is
++ * unregistered.
++ * Thus there should be no chance to reuse unused kprobe.
++ */
+ printk(KERN_ERR "Error: There should be no unused kprobe here.\n");
+- BUG_ON(kprobe_unused(ap));
++ return -EINVAL;
+ }
+
+ static void free_aggr_kprobe(struct kprobe *p)
+@@ -1315,9 +1325,12 @@ static int register_aggr_kprobe(struct k
+ goto out;
+ }
+ init_aggr_kprobe(ap, orig_p);
+- } else if (kprobe_unused(ap))
++ } else if (kprobe_unused(ap)) {
+ /* This probe is going to die. Rescue it */
+- reuse_unused_kprobe(ap);
++ ret = reuse_unused_kprobe(ap);
++ if (ret)
++ goto out;
++ }
+
+ if (kprobe_gone(ap)) {
+ /*
diff --git a/patches.fixes/net-add-uevent-socket-member.patch b/patches.fixes/net-add-uevent-socket-member.patch
new file mode 100644
index 0000000000..39e382a21c
--- /dev/null
+++ b/patches.fixes/net-add-uevent-socket-member.patch
@@ -0,0 +1,90 @@
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Mon, 19 Mar 2018 13:17:30 +0100
+Subject: net: add uevent socket member
+Patch-mainline: v4.17-rc1
+Git-commit: 94e5e3087a67c765be98592b36d8d187566478d5
+References: bsc#1122982
+
+This commit adds struct uevent_sock to struct net. Since struct uevent_sock
+records the position of the uevent socket in the uevent socket list we can
+trivially remove it from the uevent socket list during cleanup. This speeds
+up the old removal codepath.
+Note, list_del() will hit __list_del_entry_valid() in its call chain which
+will validate that the element is a member of the list. If it isn't it will
+take care that the list is not modified.
+
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+
+---
+ include/net/net_namespace.h | 4 +++-
+ lib/kobject_uevent.c | 17 +++++++----------
+ 2 files changed, 10 insertions(+), 11 deletions(-)
+
+--- a/include/net/net_namespace.h
++++ b/include/net/net_namespace.h
+@@ -38,7 +38,7 @@ struct net_device;
+ struct sock;
+ struct ctl_table_header;
+ struct net_generic;
+-struct sock;
++struct uevent_sock;
+ struct netns_ipvs;
+
+
+@@ -77,6 +77,8 @@ struct net {
+ struct sock *rtnl; /* rtnetlink socket */
+ struct sock *genl_sock;
+
++ struct uevent_sock *uevent_sock; /* uevent socket */
++
+ struct list_head dev_base_head;
+ struct hlist_head *dev_name_head;
+ struct hlist_head *dev_index_head;
+--- a/lib/kobject_uevent.c
++++ b/lib/kobject_uevent.c
+@@ -31,11 +31,13 @@ u64 uevent_seqnum;
+ #ifdef CONFIG_UEVENT_HELPER
+ char uevent_helper[UEVENT_HELPER_PATH_LEN] = CONFIG_UEVENT_HELPER_PATH;
+ #endif
+-#ifdef CONFIG_NET
++
+ struct uevent_sock {
+ struct list_head list;
+ struct sock *sk;
+ };
++
++#ifdef CONFIG_NET
+ static LIST_HEAD(uevent_sock_list);
+ #endif
+
+@@ -438,6 +440,9 @@ static int uevent_net_init(struct net *net)
+ kfree(ue_sk);
+ return -ENODEV;
+ }
++
++ net->uevent_sock = ue_sk;
++
+ mutex_lock(&uevent_sock_mutex);
+ list_add_tail(&ue_sk->list, &uevent_sock_list);
+ mutex_unlock(&uevent_sock_mutex);
+@@ -446,17 +451,9 @@ static int uevent_net_init(struct net *net)
+
+ static void uevent_net_exit(struct net *net)
+ {
+- struct uevent_sock *ue_sk;
++ struct uevent_sock *ue_sk = net->uevent_sock;
+
+ mutex_lock(&uevent_sock_mutex);
+- list_for_each_entry(ue_sk, &uevent_sock_list, list) {
+- if (sock_net(ue_sk->sk) == net)
+- goto found;
+- }
+- mutex_unlock(&uevent_sock_mutex);
+- return;
+-
+-found:
+ list_del(&ue_sk->list);
+ mutex_unlock(&uevent_sock_mutex);
+
diff --git a/patches.fixes/netns-restrict-uevents.patch b/patches.fixes/netns-restrict-uevents.patch
new file mode 100644
index 0000000000..d2e4dfcd1b
--- /dev/null
+++ b/patches.fixes/netns-restrict-uevents.patch
@@ -0,0 +1,310 @@
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Sun, 29 Apr 2018 12:44:12 +0200
+Subject: netns: restrict uevents
+Patch-mainline: v4.18-rc1
+Git-commit: a3498436b3a0f8ec289e6847e1de40b4123e1639
+References: bsc#1122982
+
+commit 07e98962fa77 ("kobject: Send hotplug events in all network namespaces")
+
+enabled sending hotplug events into all network namespaces back in 2010.
+Over time the set of uevents that get sent into all network namespaces has
+shrunk. We have now reached the point where hotplug events for all devices
+that carry a namespace tag are filtered according to that namespace.
+Specifically, they are filtered whenever the namespace tag of the kobject
+does not match the namespace tag of the netlink socket.
+Currently, only network devices carry namespace tags (i.e. network
+namespace tags). Hence, uevents for network devices only show up in the
+network namespace such devices are created in or moved to.
+
+However, any uevent for a kobject that does not have a namespace tag
+associated with it will not be filtered and we will broadcast it into all
+network namespaces. This behavior stopped making sense when user namespaces
+were introduced.
+
+This patch simplifies and fixes couple of things:
+- Split codepath for sending uevents by kobject namespace tags:
+ 1. Untagged kobjects - uevent_net_broadcast_untagged():
+ Untagged kobjects will be broadcast into all uevent sockets recorded
+ in uevent_sock_list, i.e. into all network namespacs owned by the
+ intial user namespace.
+ 2. Tagged kobjects - uevent_net_broadcast_tagged():
+ Tagged kobjects will only be broadcast into the network namespace they
+ were tagged with.
+ Handling of tagged kobjects in 2. does not cause any semantic changes.
+ This is just splitting out the filtering logic that was handled by
+ kobj_bcast_filter() before.
+ Handling of untagged kobjects in 1. will cause a semantic change. The
+ reasons why this is needed and ok have been discussed in [1]. Here is a
+ short summary:
+ - Userspace ignores uevents from network namespaces that are not owned by
+ the intial user namespace:
+ Uevents are filtered by userspace in a user namespace because the
+ received uid != 0. Instead the uid associated with the event will be
+ 65534 == "nobody" because the global root uid is not mapped.
+ This means we can safely and without introducing regressions modify the
+ kernel to not send uevents into all network namespaces whose owning
+ user namespace is not the initial user namespace because we know that
+ userspace will ignore the message because of the uid anyway.
+ I have a) verified that is is true for every udev implementation out
+ there b) that this behavior has been present in all udev
+ implementations from the very beginning.
+ - Thundering herd:
+ Broadcasting uevents into all network namespaces introduces significant
+ overhead.
+ All processes that listen to uevents running in non-initial user
+ namespaces will end up responding to uevents that will be meaningless
+ to them. Mainly, because non-initial user namespaces cannot easily
+ manage devices unless they have a privileged host-process helping them
+ out. This means that there will be a thundering herd of activity when
+ there shouldn't be any.
+ - Removing needless overhead/Increasing performance:
+ Currently, the uevent socket for each network namespace is added to the
+ global variable uevent_sock_list. The list itself needs to be protected
+ by a mutex. So everytime a uevent is generated the mutex is taken on
+ the list. The mutex is held *from the creation of the uevent (memory
+ allocation, string creation etc. until all uevent sockets have been
+ handled*. This is aggravated by the fact that for each uevent socket
+ that has listeners the mc_list must be walked as well which means we're
+ talking O(n^2) here. Given that a standard Linux workload usually has
+ quite a lot of network namespaces and - in the face of containers - a
+ lot of user namespaces this quickly becomes a performance problem (see
+ "Thundering herd" above). By just recording uevent sockets of network
+ namespaces that are owned by the initial user namespace we
+ significantly increase performance in this codepath.
+ - Injecting uevents:
+ There's a valid argument that containers might be interested in
+ receiving device events especially if they are delegated to them by a
+ privileged userspace process. One prime example are SR-IOV enabled
+ devices that are explicitly designed to be handed of to other users
+ such as VMs or containers.
+ This use-case can now be correctly handled since
+ commit 692ec06d7c92 ("netns: send uevent messages"). This commit
+ introduced the ability to send uevents from userspace. As such we can
+ let a sufficiently privileged (CAP_SYS_ADMIN in the owning user
+ namespace of the network namespace of the netlink socket) userspace
+ process make a decision what uevents should be sent. This removes the
+ need to blindly broadcast uevents into all user namespaces and provides
+ a performant and safe solution to this problem.
+ - Filtering logic:
+ This patch filters by *owning user namespace of the network namespace a
+ given task resides in* and not by user namespace of the task per se.
+ This means if the user namespace of a given task is unshared but the
+ network namespace is kept and is owned by the initial user namespace a
+ listener that is opening the uevent socket in that network namespace
+ can still listen to uevents.
+- Fix permission for tagged kobjects:
+ Network devices that are created or moved into a network namespace that
+ is owned by a non-initial user namespace currently are send with
+ INVALID_{G,U}ID in their credentials. This means that all current udev
+ implementations in userspace will ignore the uevent they receive for
+ them. This has lead to weird bugs whereby new devices showing up in such
+ network namespaces were not recognized and did not get IPs assigned etc.
+ This patch adjusts the permission to the appropriate {g,u}id in the
+ respective user namespace. This way udevd is able to correctly handle
+ such devices.
+- Simplify filtering logic:
+ do_one_broadcast() already ensures that only listeners in mc_list receive
+ uevents that have the same network namespace as the uevent socket itself.
+ So the filtering logic in kobj_bcast_filter is not needed (see [3]). This
+ patch therefore removes kobj_bcast_filter() and replaces
+ netlink_broadcast_filtered() with the simpler netlink_broadcast()
+ everywhere.
+
+[1]: https://lkml.org/lkml/2018/4/4/739
+[2]: https://lkml.org/lkml/2018/4/26/767
+[3]: https://lkml.org/lkml/2018/4/26/738
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+
+---
+ lib/kobject_uevent.c | 137 ++++++++++++++++++++++++++++++-------------
+ 1 file changed, 95 insertions(+), 42 deletions(-)
+
+--- a/lib/kobject_uevent.c
++++ b/lib/kobject_uevent.c
+@@ -89,30 +89,6 @@ int kobject_action_type(const char *buf, size_t count,
+ return ret;
+ }
+
+-#ifdef CONFIG_NET
+-static int kobj_bcast_filter(struct sock *dsk, struct sk_buff *skb, void *data)
+-{
+- struct kobject *kobj = data, *ksobj;
+- const struct kobj_ns_type_operations *ops;
+-
+- ops = kobj_ns_ops(kobj);
+- if (!ops && kobj->kset) {
+- ksobj = &kobj->kset->kobj;
+- if (ksobj->parent != NULL)
+- ops = kobj_ns_ops(ksobj->parent);
+- }
+-
+- if (ops && ops->netlink_ns && kobj->ktype->namespace) {
+- const void *sock_ns, *ns;
+- ns = kobj->ktype->namespace(kobj);
+- sock_ns = ops->netlink_ns(dsk);
+- return sock_ns != ns;
+- }
+-
+- return 0;
+-}
+-#endif
+-
+ #ifdef CONFIG_UEVENT_HELPER
+ static int kobj_usermode_filter(struct kobject *kobj)
+ {
+@@ -184,17 +160,14 @@ static struct sk_buff *alloc_uevent_skb(struct kobj_uevent_env *env,
+
+ return skb;
+ }
+-#endif
+
+-static int kobject_uevent_net_broadcast(struct kobject *kobj,
+- struct kobj_uevent_env *env,
+- const char *action_string,
+- const char *devpath)
++static int uevent_net_broadcast_untagged(struct kobj_uevent_env *env,
++ const char *action_string,
++ const char *devpath)
+ {
+- int retval = 0;
+-#if defined(CONFIG_NET)
+ struct sk_buff *skb = NULL;
+ struct uevent_sock *ue_sk;
++ int retval = 0;
+
+ /* send netlink message */
+ list_for_each_entry(ue_sk, &uevent_sock_list, list) {
+@@ -210,19 +183,93 @@ static int kobject_uevent_net_broadcast(struct kobject *kobj,
+ continue;
+ }
+
+- retval = netlink_broadcast_filtered(uevent_sock, skb_get(skb),
+- 0, 1, GFP_KERNEL,
+- kobj_bcast_filter,
+- kobj);
++ retval = netlink_broadcast(uevent_sock, skb_get(skb), 0, 1,
++ GFP_KERNEL);
+ /* ENOBUFS should be handled in userspace */
+ if (retval == -ENOBUFS || retval == -ESRCH)
+ retval = 0;
+ }
+ consume_skb(skb);
+-#endif
++
+ return retval;
+ }
+
++static int uevent_net_broadcast_tagged(struct sock *usk,
++ struct kobj_uevent_env *env,
++ const char *action_string,
++ const char *devpath)
++{
++ struct user_namespace *owning_user_ns = sock_net(usk)->user_ns;
++ struct sk_buff *skb = NULL;
++ int ret = 0;
++
++ skb = alloc_uevent_skb(env, action_string, devpath);
++ if (!skb)
++ return -ENOMEM;
++
++ /* fix credentials */
++ if (owning_user_ns != &init_user_ns) {
++ struct netlink_skb_parms *parms = &NETLINK_CB(skb);
++ kuid_t root_uid;
++ kgid_t root_gid;
++
++ /* fix uid */
++ root_uid = make_kuid(owning_user_ns, 0);
++ if (uid_valid(root_uid))
++ parms->creds.uid = root_uid;
++
++ /* fix gid */
++ root_gid = make_kgid(owning_user_ns, 0);
++ if (gid_valid(root_gid))
++ parms->creds.gid = root_gid;
++ }
++
++ ret = netlink_broadcast(usk, skb, 0, 1, GFP_KERNEL);
++ /* ENOBUFS should be handled in userspace */
++ if (ret == -ENOBUFS || ret == -ESRCH)
++ ret = 0;
++
++ return ret;
++}
++#endif
++
++static int kobject_uevent_net_broadcast(struct kobject *kobj,
++ struct kobj_uevent_env *env,
++ const char *action_string,
++ const char *devpath)
++{
++ int ret = 0;
++
++#ifdef CONFIG_NET
++ const struct kobj_ns_type_operations *ops;
++ const struct net *net = NULL;
++
++ ops = kobj_ns_ops(kobj);
++ if (!ops && kobj->kset) {
++ struct kobject *ksobj = &kobj->kset->kobj;
++ if (ksobj->parent != NULL)
++ ops = kobj_ns_ops(ksobj->parent);
++ }
++
++ /* kobjects currently only carry network namespace tags and they
++ * are the only tag relevant here since we want to decide which
++ * network namespaces to broadcast the uevent into.
++ */
++ if (ops && ops->netlink_ns && kobj->ktype->namespace)
++ if (ops->type == KOBJ_NS_TYPE_NET)
++ net = kobj->ktype->namespace(kobj);
++
++ if (!net)
++ ret = uevent_net_broadcast_untagged(env, action_string,
++ devpath);
++ else
++ ret = uevent_net_broadcast_tagged(net->uevent_sock->sk, env,
++ action_string, devpath);
++#endif
++
++ return ret;
++}
++
+ /**
+ * kobject_uevent_env - send an uevent with environmental data
+ *
+@@ -464,9 +511,13 @@ static int uevent_net_init(struct net *net)
+
+ net->uevent_sock = ue_sk;
+
+- mutex_lock(&uevent_sock_mutex);
+- list_add_tail(&ue_sk->list, &uevent_sock_list);
+- mutex_unlock(&uevent_sock_mutex);
++ /* Restrict uevents to initial user namespace. */
++ if (sock_net(ue_sk->sk)->user_ns == &init_user_ns) {
++ mutex_lock(&uevent_sock_mutex);
++ list_add_tail(&ue_sk->list, &uevent_sock_list);
++ mutex_unlock(&uevent_sock_mutex);
++ }
++
+ return 0;
+ }
+
+@@ -474,9 +525,11 @@ static void uevent_net_exit(struct net *net)
+ {
+ struct uevent_sock *ue_sk = net->uevent_sock;
+
+- mutex_lock(&uevent_sock_mutex);
+- list_del(&ue_sk->list);
+- mutex_unlock(&uevent_sock_mutex);
++ if (sock_net(ue_sk->sk)->user_ns == &init_user_ns) {
++ mutex_lock(&uevent_sock_mutex);
++ list_del(&ue_sk->list);
++ mutex_unlock(&uevent_sock_mutex);
++ }
+
+ netlink_kernel_release(ue_sk->sk);
+ kfree(ue_sk);
diff --git a/patches.fixes/ptp-Fix-pass-zero-to-ERR_PTR-in-ptp_clock_register.patch b/patches.fixes/ptp-Fix-pass-zero-to-ERR_PTR-in-ptp_clock_register.patch
new file mode 100644
index 0000000000..47e2bd36f8
--- /dev/null
+++ b/patches.fixes/ptp-Fix-pass-zero-to-ERR_PTR-in-ptp_clock_register.patch
@@ -0,0 +1,53 @@
+From aea0a897af9e44c258e8ab9296fad417f1bc063a Mon Sep 17 00:00:00 2001
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Fri, 23 Nov 2018 09:54:55 +0800
+Subject: [PATCH] ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
+Git-commit: aea0a897af9e44c258e8ab9296fad417f1bc063a
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+Fix smatch warning:
+
+drivers/ptp/ptp_clock.c:298 ptp_clock_register() warn:
+ passing zero to 'ERR_PTR'
+
+'err' should be set while device_create_with_groups and
+pps_register_source fails
+
+Fixes: 85a66e550195 ("ptp: create "pins" together with the rest of attributes")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Acked-by: Richard Cochran <richardcochran@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/ptp/ptp_clock.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c
+index 40fda23e4b05..8a81eecc0ecd 100644
+--- a/drivers/ptp/ptp_clock.c
++++ b/drivers/ptp/ptp_clock.c
+@@ -252,8 +252,10 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
+ ptp->dev = device_create_with_groups(ptp_class, parent, ptp->devid,
+ ptp, ptp->pin_attr_groups,
+ "ptp%d", ptp->index);
+- if (IS_ERR(ptp->dev))
++ if (IS_ERR(ptp->dev)) {
++ err = PTR_ERR(ptp->dev);
+ goto no_device;
++ }
+
+ /* Register a new PPS source. */
+ if (info->pps) {
+@@ -264,6 +266,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
+ pps.owner = info->owner;
+ ptp->pps_source = pps_register_source(&pps, PTP_PPS_DEFAULTS);
+ if (!ptp->pps_source) {
++ err = -EINVAL;
+ pr_err("failed to register pps source\n");
+ goto no_pps;
+ }
+--
+2.16.4
+
diff --git a/patches.fixes/ptp-check-gettime64-return-code-in-PTP_SYS_OFFSET-io.patch b/patches.fixes/ptp-check-gettime64-return-code-in-PTP_SYS_OFFSET-io.patch
new file mode 100644
index 0000000000..edceb381e0
--- /dev/null
+++ b/patches.fixes/ptp-check-gettime64-return-code-in-PTP_SYS_OFFSET-io.patch
@@ -0,0 +1,47 @@
+From 83d0bdc7390b890905634186baaa294475cd6a06 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Fri, 9 Nov 2018 11:14:43 +0100
+Subject: [PATCH] ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
+Git-commit: 83d0bdc7390b890905634186baaa294475cd6a06
+Patch-mainline: v5.0-rc1
+References: bsc#1051510
+
+If a gettime64 call fails, return the error and avoid copying data back
+to user.
+
+Cc: Richard Cochran <richardcochran@gmail.com>
+Cc: Jacob Keller <jacob.e.keller@intel.com>
+Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/ptp/ptp_chardev.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/ptp/ptp_chardev.c b/drivers/ptp/ptp_chardev.c
+index b54b8158ff8a..3c681bed5703 100644
+--- a/drivers/ptp/ptp_chardev.c
++++ b/drivers/ptp/ptp_chardev.c
+@@ -228,7 +228,9 @@ long ptp_ioctl(struct posix_clock *pc, unsigned int cmd, unsigned long arg)
+ pct->sec = ts.tv_sec;
+ pct->nsec = ts.tv_nsec;
+ pct++;
+- ptp->info->gettime64(ptp->info, &ts);
++ err = ptp->info->gettime64(ptp->info, &ts);
++ if (err)
++ goto out;
+ pct->sec = ts.tv_sec;
+ pct->nsec = ts.tv_nsec;
+ pct++;
+@@ -281,6 +283,7 @@ long ptp_ioctl(struct posix_clock *pc, unsigned int cmd, unsigned long arg)
+ break;
+ }
+
++out:
+ kfree(sysoff);
+ return err;
+ }
+--
+2.16.4
+
diff --git a/patches.fixes/sd-disable-logical-block-provisioning-if-lbpme-is-no.patch b/patches.fixes/sd-disable-logical-block-provisioning-if-lbpme-is-no.patch
new file mode 100644
index 0000000000..9e158b8b53
--- /dev/null
+++ b/patches.fixes/sd-disable-logical-block-provisioning-if-lbpme-is-no.patch
@@ -0,0 +1,45 @@
+From: Hannes Reinecke <hare@suse.de>
+Date: Fri, 20 Apr 2018 15:44:40 +0200
+Subject: [PATCH] sd: disable logical block provisioning if 'lbpme' is not set
+Patch-Mainline: submitted linux-scsi 2018/10/03
+References: bsc#1086095 bsc#1078355
+
+When evaluating the 'block limits' VPD page we need to check if
+the 'lbpme' (logical block provisioning management enable) bit
+is set in the READ CAPACITY (16) output.
+If it isn't we can safely assume that we cannot use DISCARD on
+this device.
+
+Signed-off-by: Hannes Reinecke <hare@suse.com>
+---
+ drivers/scsi/sd.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -411,6 +411,13 @@ provisioning_mode_store(struct device *d
+ if (mode < 0)
+ return -EINVAL;
+
++ /*
++ * If logical block provisioning isn't enabled we can only
++ * select 'disable' here.
++ */
++ if (!sdkp->lbpme && mode != SD_LBP_DISABLE)
++ return -EINVAL;
++
+ sd_config_discard(sdkp, mode);
+
+ return count;
+@@ -2942,8 +2949,10 @@ static void sd_read_block_limits(struct
+
+ sdkp->max_ws_blocks = (u32)get_unaligned_be64(&buffer[36]);
+
+- if (!sdkp->lbpme)
++ if (!sdkp->lbpme) {
++ sd_config_discard(sdkp, SD_LBP_DISABLE);
+ goto out;
++ }
+
+ lba_count = get_unaligned_be32(&buffer[20]);
+ desc_count = get_unaligned_be32(&buffer[24]);
diff --git a/patches.fixes/tcp-batch-tcp_net_metrics_exit.patch b/patches.fixes/tcp-batch-tcp_net_metrics_exit.patch
new file mode 100644
index 0000000000..68723e0b3a
--- /dev/null
+++ b/patches.fixes/tcp-batch-tcp_net_metrics_exit.patch
@@ -0,0 +1,55 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 19 Sep 2017 16:27:07 -0700
+Subject: tcp: batch tcp_net_metrics_exit
+Patch-mainline: v4.15-rc1
+Git-commit: 789e6ddb0b2fb5d5024b760b178a47876e4de7a6
+References: bsc#1122982
+
+When dealing with a list of dismantling netns, we can scan
+tcp_metrics once, saving cpu cycles.
+
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+
+---
+ net/ipv4/tcp_metrics.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+--- a/net/ipv4/tcp_metrics.c
++++ b/net/ipv4/tcp_metrics.c
+@@ -892,10 +892,14 @@ static void tcp_metrics_flush_all(struct net *net)
+
+ for (row = 0; row < max_rows; row++, hb++) {
+ struct tcp_metrics_block __rcu **pp;
++ bool match;
++
+ spin_lock_bh(&tcp_metrics_lock);
+ pp = &hb->chain;
+ for (tm = deref_locked(*pp); tm; tm = deref_locked(*pp)) {
+- if (net_eq(tm_net(tm), net)) {
++ match = net ? net_eq(tm_net(tm), net) :
++ !atomic_read(&tm_net(tm)->count);
++ if (match) {
+ *pp = tm->tcpm_next;
+ kfree_rcu(tm, rcu_head);
+ } else {
+@@ -1018,14 +1022,14 @@ static int __net_init tcp_net_metrics_init(struct net *net)
+ return 0;
+ }
+
+-static void __net_exit tcp_net_metrics_exit(struct net *net)
++static void __net_exit tcp_net_metrics_exit_batch(struct list_head *net_exit_list)
+ {
+- tcp_metrics_flush_all(net);
++ tcp_metrics_flush_all(NULL);
+ }
+
+ static __net_initdata struct pernet_operations tcp_net_metrics_ops = {
+- .init = tcp_net_metrics_init,
+- .exit = tcp_net_metrics_exit,
++ .init = tcp_net_metrics_init,
++ .exit_batch = tcp_net_metrics_exit_batch,
+ };
+
+ void __init tcp_metrics_init(void)
diff --git a/patches.fixes/uevent-add-alloc_uevent_skb-helper.patch b/patches.fixes/uevent-add-alloc_uevent_skb-helper.patch
new file mode 100644
index 0000000000..369d2bba39
--- /dev/null
+++ b/patches.fixes/uevent-add-alloc_uevent_skb-helper.patch
@@ -0,0 +1,90 @@
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Sun, 29 Apr 2018 12:44:11 +0200
+Subject: uevent: add alloc_uevent_skb() helper
+Patch-mainline: v4.18-rc1
+Git-commit: 26045a7b14bc7a5455e411d820110f66557d6589
+References: bsc#1122982
+
+This patch adds alloc_uevent_skb() in preparation for follow up patches.
+
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Acked-by: Michal Kubecek <mkubecek@suse.cz>
+
+---
+ lib/kobject_uevent.c | 47 ++++++++++++++++++++++++++++++++------------
+ 1 file changed, 34 insertions(+), 13 deletions(-)
+
+--- a/lib/kobject_uevent.c
++++ b/lib/kobject_uevent.c
+@@ -23,6 +23,7 @@
+ #include <linux/socket.h>
+ #include <linux/skbuff.h>
+ #include <linux/netlink.h>
++#include <linux/uidgid.h>
+ #include <net/sock.h>
+ #include <net/net_namespace.h>
+
+@@ -153,6 +154,38 @@ static void cleanup_uevent_env(struct subprocess_info *info)
+ }
+ #endif
+
++#ifdef CONFIG_NET
++static struct sk_buff *alloc_uevent_skb(struct kobj_uevent_env *env,
++ const char *action_string,
++ const char *devpath)
++{
++ struct netlink_skb_parms *parms;
++ struct sk_buff *skb = NULL;
++ char *scratch;
++ size_t len;
++
++ /* allocate message with maximum possible size */
++ len = strlen(action_string) + strlen(devpath) + 2;
++ skb = alloc_skb(len + env->buflen, GFP_KERNEL);
++ if (!skb)
++ return NULL;
++
++ /* add header */
++ scratch = skb_put(skb, len);
++ sprintf(scratch, "%s@%s", action_string, devpath);
++
++ skb_put_data(skb, env->buf, env->buflen);
++
++ parms = &NETLINK_CB(skb);
++ parms->creds.uid = GLOBAL_ROOT_UID;
++ parms->creds.gid = GLOBAL_ROOT_GID;
++ parms->dst_group = 1;
++ parms->portid = 0;
++
++ return skb;
++}
++#endif
++
+ static int kobject_uevent_net_broadcast(struct kobject *kobj,
+ struct kobj_uevent_env *env,
+ const char *action_string,
+@@ -171,22 +204,10 @@ static int kobject_uevent_net_broadcast(struct kobject *kobj,
+ continue;
+
+ if (!skb) {
+- /* allocate message with the maximum possible size */
+- size_t len = strlen(action_string) + strlen(devpath) + 2;
+- char *scratch;
+-
+ retval = -ENOMEM;
+- skb = alloc_skb(len + env->buflen, GFP_KERNEL);
++ skb = alloc_uevent_skb(env, action_string, devpath);
+ if (!skb)
+ continue;
+-
+- /* add header */
+- scratch = skb_put(skb, len);
+- sprintf(scratch, "%s@%s", action_string, devpath);
+-
+- skb_put_data(skb, env->buf, env->buflen);
+-
+- NETLINK_CB(skb).dst_group = 1;
+ }
+
+ retval = netlink_broadcast_filtered(uevent_sock, skb_get(skb),
diff --git a/patches.kabi/kabi-handle-addition-of-ip6addrlbl_table-into-struct.patch b/patches.kabi/kabi-handle-addition-of-ip6addrlbl_table-into-struct.patch
new file mode 100644
index 0000000000..e5fb6267b5
--- /dev/null
+++ b/patches.kabi/kabi-handle-addition-of-ip6addrlbl_table-into-struct.patch
@@ -0,0 +1,164 @@
+From: Michal Kubecek <mkubecek@suse.cz>
+Date: Thu, 14 Feb 2019 13:24:03 +0100
+Subject: kabi: handle addition of ip6addrlbl_table into struct netns_ipv6
+Patch-mainline: Never, kabi workaround
+References: bsc#1122982
+
+Backport of mainline commit a90c9347e90e ("ipv6: addrlabel: per netns
+list") adds ip6addrlbl_table member into struct netns_ipv6 which is
+embedded into struct net. Move this structure at the end of struct net
+itself and hide it from genksyms. This is safe as struct net should never
+be allocated directly or embedded in other structure or array.
+
+Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
+---
+ include/net/net_namespace.h | 7 +++++++
+ include/net/netns/ipv6.h | 5 -----
+ net/ipv6/addrlabel.c | 34 +++++++++++++++++-----------------
+ 3 files changed, 24 insertions(+), 22 deletions(-)
+
+--- a/include/net/net_namespace.h
++++ b/include/net/net_namespace.h
+@@ -149,6 +149,13 @@ struct net {
+ #endif
+ struct sock *diag_nlsk;
+ atomic_t fnhe_genid;
++#ifndef __GENKSYMS__
++ struct {
++ struct hlist_head head;
++ spinlock_t lock;
++ u32 seq;
++ } ip6addrlbl_table;
++#endif
+ };
+
+ #include <linux/seq_file_net.h>
+--- a/include/net/netns/ipv6.h
++++ b/include/net/netns/ipv6.h
+@@ -86,11 +86,6 @@ struct netns_ipv6 {
+ atomic_t dev_addr_genid;
+ atomic_t fib6_sernum;
+ struct seg6_pernet_data *seg6_data;
+- struct {
+- struct hlist_head head;
+- spinlock_t lock;
+- u32 seq;
+- } ip6addrlbl_table;
+ };
+
+ #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
+--- a/net/ipv6/addrlabel.c
++++ b/net/ipv6/addrlabel.c
+@@ -152,7 +152,7 @@ static struct ip6addrlbl_entry *__ipv6_addr_label(struct net *net,
+ {
+ struct ip6addrlbl_entry *p;
+
+- hlist_for_each_entry_rcu(p, &net->ipv6.ip6addrlbl_table.head, list) {
++ hlist_for_each_entry_rcu(p, &net->ip6addrlbl_table.head, list) {
+ if (__ip6addrlbl_match(p, addr, type, ifindex))
+ return p;
+ }
+@@ -233,7 +233,7 @@ static int __ip6addrlbl_add(struct net *net, struct ip6addrlbl_entry *newp,
+ ADDRLABEL(KERN_DEBUG "%s(newp=%p, replace=%d)\n", __func__, newp,
+ replace);
+
+- hlist_for_each_entry_safe(p, n, &net->ipv6.ip6addrlbl_table.head, list) {
++ hlist_for_each_entry_safe(p, n, &net->ip6addrlbl_table.head, list) {
+ if (p->prefixlen == newp->prefixlen &&
+ p->ifindex == newp->ifindex &&
+ ipv6_addr_equal(&p->prefix, &newp->prefix)) {
+@@ -254,10 +254,10 @@ static int __ip6addrlbl_add(struct net *net, struct ip6addrlbl_entry *newp,
+ if (last)
+ hlist_add_behind_rcu(&newp->list, &last->list);
+ else
+- hlist_add_head_rcu(&newp->list, &net->ipv6.ip6addrlbl_table.head);
++ hlist_add_head_rcu(&newp->list, &net->ip6addrlbl_table.head);
+ out:
+ if (!ret)
+- net->ipv6.ip6addrlbl_table.seq++;
++ net->ip6addrlbl_table.seq++;
+ return ret;
+ }
+
+@@ -276,9 +276,9 @@ static int ip6addrlbl_add(struct net *net,
+ newp = ip6addrlbl_alloc(prefix, prefixlen, ifindex, label);
+ if (IS_ERR(newp))
+ return PTR_ERR(newp);
+- spin_lock(&net->ipv6.ip6addrlbl_table.lock);
++ spin_lock(&net->ip6addrlbl_table.lock);
+ ret = __ip6addrlbl_add(net, newp, replace);
+- spin_unlock(&net->ipv6.ip6addrlbl_table.lock);
++ spin_unlock(&net->ip6addrlbl_table.lock);
+ if (ret)
+ ip6addrlbl_free(newp);
+ return ret;
+@@ -296,7 +296,7 @@ static int __ip6addrlbl_del(struct net *net,
+ ADDRLABEL(KERN_DEBUG "%s(prefix=%pI6, prefixlen=%d, ifindex=%d)\n",
+ __func__, prefix, prefixlen, ifindex);
+
+- hlist_for_each_entry_safe(p, n, &net->ipv6.ip6addrlbl_table.head, list) {
++ hlist_for_each_entry_safe(p, n, &net->ip6addrlbl_table.head, list) {
+ if (p->prefixlen == prefixlen &&
+ p->ifindex == ifindex &&
+ ipv6_addr_equal(&p->prefix, prefix)) {
+@@ -320,9 +320,9 @@ static int ip6addrlbl_del(struct net *net,
+ __func__, prefix, prefixlen, ifindex);
+
+ ipv6_addr_prefix(&prefix_buf, prefix, prefixlen);
+- spin_lock(&net->ipv6.ip6addrlbl_table.lock);
++ spin_lock(&net->ip6addrlbl_table.lock);
+ ret = __ip6addrlbl_del(net, &prefix_buf, prefixlen, ifindex);
+- spin_unlock(&net->ipv6.ip6addrlbl_table.lock);
++ spin_unlock(&net->ip6addrlbl_table.lock);
+ return ret;
+ }
+
+@@ -334,8 +334,8 @@ static int __net_init ip6addrlbl_net_init(struct net *net)
+
+ ADDRLABEL(KERN_DEBUG "%s\n", __func__);
+
+- spin_lock_init(&net->ipv6.ip6addrlbl_table.lock);
+- INIT_HLIST_HEAD(&net->ipv6.ip6addrlbl_table.head);
++ spin_lock_init(&net->ip6addrlbl_table.lock);
++ INIT_HLIST_HEAD(&net->ip6addrlbl_table.head);
+
+ for (i = 0; i < ARRAY_SIZE(ip6addrlbl_init_table); i++) {
+ int ret = ip6addrlbl_add(net,
+@@ -356,12 +356,12 @@ static void __net_exit ip6addrlbl_net_exit(struct net *net)
+ struct hlist_node *n;
+
+ /* Remove all labels belonging to the exiting net */
+- spin_lock(&net->ipv6.ip6addrlbl_table.lock);
+- hlist_for_each_entry_safe(p, n, &net->ipv6.ip6addrlbl_table.head, list) {
++ spin_lock(&net->ip6addrlbl_table.lock);
++ hlist_for_each_entry_safe(p, n, &net->ip6addrlbl_table.head, list) {
+ hlist_del_rcu(&p->list);
+ ip6addrlbl_put(p);
+ }
+- spin_unlock(&net->ipv6.ip6addrlbl_table.lock);
++ spin_unlock(&net->ip6addrlbl_table.lock);
+ }
+
+ static struct pernet_operations ipv6_addr_label_ops = {
+@@ -477,10 +477,10 @@ static int ip6addrlbl_dump(struct sk_buff *skb, struct netlink_callback *cb)
+ int err;
+
+ rcu_read_lock();
+- hlist_for_each_entry_rcu(p, &net->ipv6.ip6addrlbl_table.head, list) {
++ hlist_for_each_entry_rcu(p, &net->ip6addrlbl_table.head, list) {
+ if (idx >= s_idx) {
+ err = ip6addrlbl_fill(skb, p,
+- net->ipv6.ip6addrlbl_table.seq,
++ net->ip6addrlbl_table.seq,
+ NETLINK_CB(cb->skb).portid,
+ cb->nlh->nlmsg_seq,
+ RTM_NEWADDRLABEL,
+@@ -537,7 +537,7 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr *nlh,
+ p = __ipv6_addr_label(net, addr, ipv6_addr_type(addr), ifal->ifal_index);
+ if (p && !ip6addrlbl_hold(p))
+ p = NULL;
+- lseq = net->ipv6.ip6addrlbl_table.seq;
++ lseq = net->ip6addrlbl_table.seq;
+ rcu_read_unlock();
+
+ if (!p) {
diff --git a/patches.kabi/kabi-handle-addition-of-uevent_sock-into-struct-net.patch b/patches.kabi/kabi-handle-addition-of-uevent_sock-into-struct-net.patch
new file mode 100644
index 0000000000..5081b74479
--- /dev/null
+++ b/patches.kabi/kabi-handle-addition-of-uevent_sock-into-struct-net.patch
@@ -0,0 +1,35 @@
+From: Michal Kubecek <mkubecek@suse.cz>
+Date: Thu, 14 Feb 2019 13:30:26 +0100
+Subject: kabi: handle addition of uevent_sock into struct net
+Patch-mainline: Never, kabi workaround
+References: bsc#1122982
+
+Backport of mainline commit 94e5e3087a67 ("net: add uevent socket member")
+adds uevent_sock member into struct net. Move this new member at the end of
+the structure and hide it from genksyms. This is safe as struct net should
+never be allocated directly or embedded in other structure or array.
+
+Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
+---
+ include/net/net_namespace.h | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/include/net/net_namespace.h
++++ b/include/net/net_namespace.h
+@@ -77,8 +77,6 @@ struct net {
+ struct sock *rtnl; /* rtnetlink socket */
+ struct sock *genl_sock;
+
+- struct uevent_sock *uevent_sock; /* uevent socket */
+-
+ struct list_head dev_base_head;
+ struct hlist_head *dev_name_head;
+ struct hlist_head *dev_index_head;
+@@ -155,6 +153,7 @@ struct net {
+ spinlock_t lock;
+ u32 seq;
+ } ip6addrlbl_table;
++ struct uevent_sock *uevent_sock; /* uevent socket */
+ #endif
+ };
+
diff --git a/patches.kabi/kabi-restore-ip_tunnel_delete_net.patch b/patches.kabi/kabi-restore-ip_tunnel_delete_net.patch
new file mode 100644
index 0000000000..1e0caae38a
--- /dev/null
+++ b/patches.kabi/kabi-restore-ip_tunnel_delete_net.patch
@@ -0,0 +1,48 @@
+From: Michal Kubecek <mkubecek@suse.cz>
+Date: Thu, 14 Feb 2019 13:38:05 +0100
+Subject: kabi: restore ip_tunnel_delete_net()
+Patch-mainline: Never, kabi workaround
+References: bsc#1122982
+
+Backport of mainline commit 64bc17811b72 ("ipv4: speedup ipv6 tunnels
+dismantle") replaces exported function ip_tunnel_delete_net() deleting
+tunnels in one network namespace by function ip_tunnel_delete_nets()
+deleting tunnels in multiple network namespaces. Restore the old function
+to preserve kabi.
+
+Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
+---
+ include/net/ip_tunnels.h | 1 +
+ net/ipv4/ip_tunnel.c | 11 +++++++++++
+ 2 files changed, 12 insertions(+)
+
+--- a/include/net/ip_tunnels.h
++++ b/include/net/ip_tunnels.h
+@@ -253,6 +253,7 @@ int ip_tunnel_get_iflink(const struct net_device *dev);
+ int ip_tunnel_init_net(struct net *net, unsigned int ip_tnl_net_id,
+ struct rtnl_link_ops *ops, char *devname);
+
++void ip_tunnel_delete_net(struct ip_tunnel_net *itn, struct rtnl_link_ops *ops);
+ void ip_tunnel_delete_nets(struct list_head *list_net, unsigned int id,
+ struct rtnl_link_ops *ops);
+
+--- a/net/ipv4/ip_tunnel.c
++++ b/net/ipv4/ip_tunnel.c
+@@ -1062,6 +1062,17 @@ static void ip_tunnel_destroy(struct ip_tunnel_net *itn, struct list_head *head,
+ }
+ }
+
++void ip_tunnel_delete_net(struct ip_tunnel_net *itn, struct rtnl_link_ops *ops)
++{
++ LIST_HEAD(list);
++
++ rtnl_lock();
++ ip_tunnel_destroy(itn, &list, ops);
++ unregister_netdevice_many(&list);
++ rtnl_unlock();
++}
++EXPORT_SYMBOL_GPL(ip_tunnel_delete_net);
++
+ void ip_tunnel_delete_nets(struct list_head *net_list, unsigned int id,
+ struct rtnl_link_ops *ops)
+ {
diff --git a/patches.suse/0001-btrfs-qgroup-Make-qgroup-async-transaction-commit-mo.patch b/patches.suse/0001-btrfs-qgroup-Make-qgroup-async-transaction-commit-mo.patch
new file mode 100644
index 0000000000..9ee0d0d3b3
--- /dev/null
+++ b/patches.suse/0001-btrfs-qgroup-Make-qgroup-async-transaction-commit-mo.patch
@@ -0,0 +1,119 @@
+From 7b6d148a1b7de1c9452467cd883ddcf8680a14d3 Mon Sep 17 00:00:00 2001
+From: Qu Wenruo <wqu@suse.com>
+Date: Fri, 25 Jan 2019 07:55:27 +0800
+Patch-mainline: Submitted, for v5.1
+References: bsc#1113042
+Subject: [PATCH] btrfs: qgroup: Make qgroup async transaction commit more
+ aggressive
+
+[BUG]
+Btrfs qgroup will still hit EDQUOT under the following case:
+
+ #!/bin/bash
+
+ dev=/dev/test/test
+ mnt=/mnt/btrfs
+ umount $mnt &> /dev/null
+ umount $dev &> /dev/null
+
+ mkfs.btrfs -f $dev
+ mount $dev $mnt -o nospace_cache
+
+ btrfs subv create $mnt/subv
+ btrfs quota enable $mnt
+ btrfs quota rescan -w $mnt
+ btrfs qgroup limit -e 1G $mnt/subv
+
+ fallocate -l 900M $mnt/subv/padding
+ sync
+
+ rm $mnt/subv/padding
+
+ # Hit EDQUOT
+ xfs_io -f -c "pwrite 0 512M" $mnt/subv/real_file
+
+[CAUSE]
+Since commit a514d63882c3 ("btrfs: qgroup: Commit transaction in advance
+to reduce early EDQUOT"), btrfs is not forced to commit transaction to
+reclaim more quota space.
+
+Instead, we just check pertrans metadata reservation against some
+threshold and try to do asynchronously transaction commit.
+
+However in above case, the pertrans metadata reservation is pretty small
+thus it will never trigger asynchronous transaction commit.
+
+[FIX]
+Instead of only accounting pertrans metadata reservation, we calculate
+how much free space we have, and if there isn't much free space left,
+commit transaction asynchronously to try to free some space.
+
+This may slow down the fs when we have less than 32M free qgroup space,
+but should reduce a lot of false EDQUOT, so the cost should be
+acceptable.
+
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+---
+ fs/btrfs/qgroup.c | 29 ++++++++++++++++-------------
+ 1 file changed, 16 insertions(+), 13 deletions(-)
+
+diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
+index 4e473a998219..f0b7425bf289 100644
+--- a/fs/btrfs/qgroup.c
++++ b/fs/btrfs/qgroup.c
+@@ -2843,15 +2843,15 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid,
+ * Two limits to commit transaction in advance.
+ *
+ * For RATIO, it will be 1/RATIO of the remaining limit
+- * (excluding data and prealloc meta) as threshold.
++ * as threshold.
+ * For SIZE, it will be in byte unit as threshold.
+ */
+-#define QGROUP_PERTRANS_RATIO 32
+-#define QGROUP_PERTRANS_SIZE SZ_32M
++#define QGROUP_FREE_RATIO 32
++#define QGROUP_FREE_SIZE SZ_32M
+ static bool qgroup_check_limits(struct btrfs_fs_info *fs_info,
+ const struct btrfs_qgroup *qg, u64 num_bytes)
+ {
+- u64 limit;
++ u64 free;
+ u64 threshold;
+
+ if ((qg->lim_flags & BTRFS_QGROUP_LIMIT_MAX_RFER) &&
+@@ -2870,20 +2870,23 @@ static bool qgroup_check_limits(struct btrfs_fs_info *fs_info,
+ */
+ if ((qg->lim_flags & (BTRFS_QGROUP_LIMIT_MAX_RFER |
+ BTRFS_QGROUP_LIMIT_MAX_EXCL))) {
+- if (qg->lim_flags & BTRFS_QGROUP_LIMIT_MAX_EXCL)
+- limit = qg->max_excl;
+- else
+- limit = qg->max_rfer;
+- threshold = (limit - qg->rsv.values[BTRFS_QGROUP_RSV_DATA] -
+- qg->rsv.values[BTRFS_QGROUP_RSV_META_PREALLOC]) /
+- QGROUP_PERTRANS_RATIO;
+- threshold = min_t(u64, threshold, QGROUP_PERTRANS_SIZE);
++ if (qg->lim_flags & BTRFS_QGROUP_LIMIT_MAX_EXCL) {
++ free = (qg->max_excl - qgroup_rsv_total(qg) -
++ qg->excl);
++ threshold = min_t(u64, qg->max_excl / QGROUP_FREE_RATIO,
++ QGROUP_FREE_SIZE);
++ } else {
++ free = (qg->max_rfer - qgroup_rsv_total(qg) -
++ qg->rfer);
++ threshold = min_t(u64, qg->max_rfer / QGROUP_FREE_RATIO,
++ QGROUP_FREE_SIZE);
++ }
+
+ /*
+ * Use transaction_kthread to commit transaction, so we no
+ * longer need to bother nested transaction nor lock context.
+ */
+- if (qg->rsv.values[BTRFS_QGROUP_RSV_META_PERTRANS] > threshold)
++ if (free < threshold)
+ btrfs_commit_transaction_locksafe(fs_info);
+ }
+
+--
+2.20.1
+
diff --git a/patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch b/patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch
index 2c083f41a6..7f9bdd71dc 100644
--- a/patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch
+++ b/patches.suse/ip6_vti-fix-a-null-pointer-deference-when-destroy-vt.patch
@@ -50,18 +50,18 @@ Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
- net/ipv6/ip6_vti.c | 3 ++-
+ net/ipv6/ip6_vti.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
-@@ -1101,7 +1101,8 @@ static void __net_exit vti6_destroy_tunn
+@@ -1101,7 +1101,8 @@ static void __net_exit vti6_destroy_tunnels(struct vti6_net *ip6n,
}
t = rtnl_dereference(ip6n->tnls_wc[0]);
-- unregister_netdevice_queue(t->dev, &list);
+- unregister_netdevice_queue(t->dev, list);
+ if (t)
-+ unregister_netdevice_queue(t->dev, &list);
- unregister_netdevice_many(&list);
++ unregister_netdevice_queue(t->dev, list);
}
+ static int __net_init vti6_init_net(struct net *net)
diff --git a/series.conf b/series.conf
index 32fa568462..750ee96746 100644
--- a/series.conf
+++ b/series.conf
@@ -1734,6 +1734,7 @@
patches.drivers/netxen-remove-writeq-readq-function-definitions.patch
patches.drivers/neigh-Really-delete-an-arp-neigh-entry-on-ip-neigh-d.patch
patches.arch/00-perf-bpf-add-bpf-support-to-all-perf_event-types.patch
+ patches.fixes/ipsec-check-return-value-of-skb_to_sgvec-always.patch
patches.drivers/qed-Add-bitmaps-for-VF-CIDs.patch
patches.drivers/qed-Create-L2-queue-database.patch
patches.drivers/qed-L2-interface-to-use-the-SB-structures-directly.patch
@@ -4404,6 +4405,7 @@
patches.suse/0001-dm-fix-printk-rate-limiting-code.patch
patches.drivers/nvme-rdma-default-MR-page-size-to-4k.patch
patches.drivers/nvme-pci-use-dma-memory-for-the-host-memory-buffer-d.patch
+ patches.fixes/esp-Fix-memleaks-on-error-paths.patch
patches.fixes/esp-Fix-error-handling-on-layer-2-xmit.patch
patches.fixes/tipc-remove-subscription-references-only-for-pending.patch
patches.drivers/net-sched-fix-use-after-free-when-tcf_chain_destroy-.patch
@@ -4431,6 +4433,8 @@
patches.drivers/nfp-fix-supported-key-layers-calculation.patch
patches.drivers/nfp-remove-incorrect-mask-check-for-vlan-matching.patch
patches.fixes/net-xfrm-don-t-double-hold-dst-when-sk_policy-in-use.patch
+ patches.fixes/esp-Fix-locking-on-page-fragment-allocation.patch
+ patches.fixes/esp-Fix-skb-tailroom-calculation.patch
patches.fixes/xfrm_user-fix-info-leak-in-copy_user_offload.patch
patches.fixes/xfrm_user-fix-info-leak-in-xfrm_notify_sa.patch
patches.fixes/xfrm_user-fix-info-leak-in-build_aevent.patch
@@ -8761,6 +8765,13 @@
patches.arch/s390-qeth-translate-SETVLAN-DELVLAN-errors.patch
patches.drivers/net-mvpp2-remove-useless-goto.patch
patches.fixes/bpf-Implement-map_delete_elem-for-BPF_MAP_TYPE_LPM_T.patch
+ patches.fixes/kobject-add-kobject_uevent_net_broadcast.patch
+ patches.fixes/kobject-copy-env-blob-in-one-go.patch
+ patches.fixes/kobject-factorize-skb-setup-in-kobject_uevent_net_br.patch
+ patches.fixes/ipv6-addrlabel-per-netns-list.patch
+ patches.fixes/tcp-batch-tcp_net_metrics_exit.patch
+ patches.fixes/ipv6-speedup-ipv6-tunnels-dismantle.patch
+ patches.fixes/ipv4-speedup-ipv6-tunnels-dismantle.patch
patches.drivers/cxgb4-add-new-T5-pci-device-id-s-34929cb4.patch
patches.drivers/drivers-net-e1000e-use-setup_timer-helper.patch
patches.drivers/drivers-net-bnxt-use-setup_timer-helper.patch
@@ -10684,6 +10695,7 @@
patches.drivers/media-dvb-i2c-transfers-over-usb-cannot-be-done-from-2
patches.fixes/Revert-tcp-must-block-bh-in-__inet_twsk_hashdance.patch
patches.drivers/nfp-fix-port-stats-for-mac-representors.patch
+ patches.fixes/gianfar-fix-a-flooded-alignment-reports-because-of-p.patch
patches.drivers/net_sched-red-Avoid-devision-by-zero.patch
patches.drivers/net_sched-red-Avoid-illegal-values.patch
patches.suse/tipc-fix-memory-leak-in-tipc_accept_from_sock.patch
@@ -12462,6 +12474,7 @@
patches.fixes/tap-fix-use-after-free.patch
patches.suse/0001-net-ethernet-cavium-Correct-Cavium-Thunderx-NIC-driv.patch
patches.suse/vhost_net-stop-device-during-reset-owner.patch
+ patches.fixes/gianfar-prevent-integer-wrapping-in-the-rx-handler.patch
patches.fixes/net-ipv6-send-unsolicited-NA-after-DAD.patch
patches.drivers/i40e-i40evf-Update-DESC_NEEDED-value-to-reflect-larg.patch
patches.drivers/net_sched-gen_estimator-fix-lockdep-splat.patch
@@ -13897,6 +13910,7 @@
patches.drivers/Bluetooth-btusb-Use-DMI-matching-for-QCA-reset_resum
patches.suse/net-ipv4-don-t-allow-setting-net.ipv4.route.min_pmtu.patch
patches.fixes/ip_gre-fix-IFLA_MTU-ignored-on-NEWLINK.patch
+ patches.fixes/gianfar-Fix-Rx-byte-accounting-for-ndev-stats.patch
patches.suse/s390-qeth-fix-overestimated-count-of-buffer-elements.patch
patches.arch/s390-qeth-fix-ip-removal-on-offline-cards.patch
patches.arch/s390-qeth-fix-double-free-on-ip-add-remove-race.patch
@@ -14607,6 +14621,7 @@
patches.drivers/i40e-Prevent-setting-link-speed-on-I40E_DEV_ID_25G_B.patch
patches.drivers/i40evf-remove-flags-that-are-never-used.patch
patches.drivers/i40e-Fix-the-polling-mechanism-of-GLGEN_RSTAT.DEVSTA.patch
+ patches.fixes/net-add-uevent-socket-member.patch
patches.drivers/cxgb4-Adds-CPL-support-for-Shared-Receive-Queues.patch
patches.drivers/cxgb4-Add-support-to-initialise-read-SRQ-entries.patch
patches.drivers/cxgb4-Add-support-to-query-HW-SRQ-parameters.patch
@@ -15369,6 +15384,7 @@
patches.drivers/dmaengine-pl330-fix-a-race-condition-in-case-of-thre
patches.drivers/dmaengine-qcom-bam_dma-get-num-channels-and-num-ees-
patches.drivers/dmaengine-rcar-dmac-Check-the-done-lists-in-rcar_dma
+ patches.drivers/dmaengine-stm32-dma-fix-incomplete-configuration-in-.patch
patches.drivers/platform-x86-fujitsu-laptop-Support-Lifebook-U7x7-ho
patches.fixes/ceph-keep-consistent-semantic-in-fscache-related-option-combination.patch
patches.fixes/libceph-ceph-change-permission-for-readonly-debugfs-entries.patch
@@ -16361,8 +16377,10 @@
patches.drivers/vmw_balloon-fixing-double-free-when-batching-mode-is
patches.drivers/driver-core-Don-t-ignore-class_dir_create_and_add-fa
patches.drivers/firmware-add-firmware_request_nowarn-load-firmware-without-warnings.patch
+ patches.fixes/earlycon-Initialize-port-uartclk-based-on-clock-freq.patch
patches.drivers/sc16is7xx-Check-for-an-error-when-the-clock-is-enabl
patches.drivers/tty-pl011-Avoid-spuriously-stuck-off-interrupts
+ patches.fixes/earlycon-Remove-hardcoded-port-uartclk-initializatio.patch
patches.drivers/serial-samsung-fix-maxburst-parameter-for-DMA-transa
patches.drivers/tty-serial-atmel-use-port-name-as-name-in-request_ir
patches.drivers/serial-sh-sci-Use-spin_-try-lock_irqsave-instead-of-
@@ -16500,6 +16518,8 @@
patches.drivers/i40evf-Fix-turning-TSO-GSO-and-GRO-on-after.patch
patches.drivers/i40e-Fix-multiple-issues-with-UDP-tunnel-offload-fil.patch
patches.drivers/i40e-avoid-overflow-in-i40e_ptp_adjfreq.patch
+ patches.fixes/uevent-add-alloc_uevent_skb-helper.patch
+ patches.fixes/netns-restrict-uevents.patch
patches.drivers/net-hns3-Remove-error-log-when-getting-pfc-stats-fai.patch
patches.drivers/net-hns3-fix-to-correctly-fetch-l4-protocol-outer-he.patch
patches.drivers/net-hns3-Fixes-the-out-of-bounds-access-in-hclge_map.patch
@@ -16758,6 +16778,7 @@
patches.arch/powerpc-pkeys-Drop-private-VM_PKEY-definitions.patch
patches.arch/powerpc-64s-Fix-compiler-store-ordering-to-SLB-shado.patch
patches.fixes/4.4.139-043-powerpc-mm-hash-Add-missing-isync-prior-to-ke.patch
+ patches.fixes/hvc_opal-don-t-set-tb_ticks_per_usec-in-udbg_init_op.patch
patches.arch/powerpc-64s-Add-barrier_nospec.patch
patches.arch/powerpc-64s-Add-support-for-ori-barrier_nospec-patch.patch
patches.arch/powerpc-64s-Patch-barrier_nospec-in-modules.patch
@@ -17353,6 +17374,7 @@
patches.suse/0001-block-Fix-cloning-of-requests-with-a-special-payload.patch
patches.suse/0001-drbd-Fix-drbd_request_prepare-discard-handling.patch
patches.arch/x86-efi-fix-efi_call_phys_epilog-with-config_x86_5level-y
+ patches.fixes/kconfig-fix-line-numbers-for-if-entries-in-menu-tree.patch
patches.fixes/ARM-davinci-board-da850-evm-fix-WP-pin-polarity-for-.patch
patches.drivers/usb-dwc3-pci-add-support-for-Intel-IceLake.patch
patches.drivers/usb-dwc2-gadget-Fix-issue-in-dwc2_gadget_start_isoc.patch
@@ -17690,6 +17712,7 @@
patches.suse/net-fix-amd-xgbe-flow-control-issue.patch
patches.suse/net-ena-Fix-use-of-uninitialized-DMA-address-bits-fi.patch
patches.fixes/vti6-fix-PMTU-caching-and-reporting-on-xmit.patch
+ patches.fixes/esp6-fix-memleak-on-error-path-in-esp6_input.patch
patches.fixes/0001-net-lan78xx-fix-rx-handling-before-first-packet-is-s.patch
patches.drivers/enic-handle-mtu-change-for-vf-properly.patch
patches.suse/ipv4-remove-BUG_ON-from-fib_compute_spec_dst.patch
@@ -18000,6 +18023,7 @@
patches.fixes/audit-Fix-extended-comparison-of-GID-EGID.patch
patches.drivers/audit-fix-use-after-free-in-audit_add_watch.patch
patches.fixes/kbuild-verify-that-depmod-is-installed.patch
+ patches.fixes/kconfig-fix-the-rule-of-mainmenu_stmt-symbol.patch
patches.arch/x86-i8259-add-missing-include-file
patches.drivers/net-usb-r8152-use-irqsave-in-USB-s-complete-callback.patch
patches.drivers/net-hns3-rename-the-interface-for-init_client_instan.patch
@@ -19104,6 +19128,7 @@
patches.drivers/mailbox-PCC-handle-parse-error.patch
patches.fixes/0001-xen-swiotlb-use-actually-allocated-size-on-check-phy.patch
patches.arch/s390-sthyi-fix-machine-name-validity-indication
+ patches.fixes/kprobes-Return-error-if-we-fail-to-reuse-kprobe-inst.patch
patches.suse/sched-numa-remove-unused-code-from-update_numa_stats.patch
patches.suse/sched-numa-remove-unused-nr_running-field.patch
patches.arch/x86-corruption-check-fix-panic-in-memory_corruption_check-when-boot-option-without-value-is-provided
@@ -19438,8 +19463,10 @@
patches.drivers/iio-ad5064-Fix-regulator-handling.patch
patches.drivers/staging-comedi-ni_mio_common-protect-register-write-.patch
patches.drivers/kgdboc-Passing-ekgdboc-to-command-line-causes-panic.patch
+ patches.fixes/kgdboc-Fix-restrict-error.patch
patches.drivers/serial-8250-Fix-clearing-FIFOs-in-RS485-mode-again.patch
patches.drivers/sc16is7xx-Fix-for-multi-channel-stall.patch
+ patches.fixes/kgdboc-Fix-warning-with-module-build.patch
patches.drivers/tty-wipe-buffer.patch
patches.drivers/tty-wipe-buffer-if-not-echoing-data.patch
patches.drivers/tty-check-name-length-in-tty_find_polling_driver.patch
@@ -19886,6 +19913,7 @@
patches.drivers/xhci-Prevent-U1-U2-link-pm-states-if-exit-latency-is.patch
patches.drivers/tty-do-not-set-TTY_IO_ERROR-flag-if-console-port.patch
patches.drivers/tty-serial-8250_mtk-always-resume-the-device-in-prob.patch
+ patches.fixes/kgdboc-fix-KASAN-global-out-of-bounds-bug-in-param_s.patch
patches.drivers/staging-rtl8712-Fix-possible-buffer-overrun.patch
patches.drivers/Revert-commit-ef9209b642f-staging-rtl8723bs-Fix-inde.patch
patches.arch/x86-build-Fix-compiler-support-check-for-CONFIG_RETP.patch
@@ -19931,6 +19959,8 @@
patches.drm/Revert-drm-rockchip-Allow-driver-to-be-shutdown-on-r.patch
patches.drm/0001-drm-amdgpu-update-SMC-firmware-image-for-polaris10-v.patch
patches.drm/0001-drm-nouveau-kms-Fix-memory-leak-in-nv50_mstm_del.patch
+ patches.drivers/pinctrl-meson-fix-pull-enable-register-calculation.patch
+ patches.drivers/pinctrl-sunxi-a83t-Fix-IRQ-offset-typo-for-PH11.patch
patches.arch/powerpc-boot-Fix-build-failures-with-j-1.patch
patches.fixes/0011-arm64-dma-mapping-Fix-FORCE_CONTIGUOUS-buffer-cleari.patch
patches.fixes/aio-fix-spectre-gadget-in-lookup_ioctx.patch
@@ -20071,7 +20101,9 @@
patches.fixes/pstore-ram-Avoid-NULL-deref-in-ftrace-merging-failur.patch
patches.fixes/selinux-always-allow-mounting-submounts.patch
patches.fixes/e1000e-allow-non-monotonic-SYSTIM-readings.patch
+ patches.fixes/ptp-check-gettime64-return-code-in-PTP_SYS_OFFSET-io.patch
patches.drivers/usbnet-smsc95xx-fix-rx-packet-alignment.patch
+ patches.fixes/ptp-Fix-pass-zero-to-ERR_PTR-in-ptp_clock_register.patch
patches.drivers/can-flexcan-flexcan_irq-fix-indention.patch
patches.drivers/wlcore-Fix-the-return-value-in-case-of-error-in-wlco.patch
patches.drivers/rtl8xxxu-Fix-missing-break-in-switch.patch
@@ -20085,6 +20117,7 @@
patches.drivers/b43-Fix-error-in-cordic-routine.patch
patches.fixes/mac80211-fix-radiotap-vendor-presence-bitmap-handlin.patch
patches.drivers/Bluetooth-Fix-unnecessary-error-message-for-HCI-requ.patch
+ patches.drivers/cw1200-Fix-concurrency-use-after-free-bugs-in-cw1200.patch
patches.drivers/ath6kl-Only-use-match-sets-when-firmware-supports-it.patch
patches.suse/net-core-Fix-Spectre-v1-vulnerability.patch
patches.suse/phonet-af_phonet-Fix-Spectre-v1-vulnerability.patch
@@ -20166,6 +20199,8 @@
patches.fixes/mm-migrate-lock-buffers-before-migrate_page_move_map.patch
patches.fixes/mm-migrate-provide-buffer_migrate_page_norefs.patch
patches.fixes/blkdev-avoid-migration-stalls-for-blkdev-pages.patch
+ patches.drivers/hwmon-lm80-fix-a-missing-check-of-the-status-of-SMBu.patch
+ patches.drivers/hwmon-lm80-fix-a-missing-check-of-bus-read-in-lm80-p.patch
patches.drivers/gpio-pl061-Move-irq_chip-definition-inside-struct-pl.patch
patches.drivers/gpiolib-Fix-return-value-of-gpio_to_desc-stub-if-GPI.patch
patches.drivers/power-supply-olpc_battery-correct-the-temperature-un.patch
@@ -20201,13 +20236,21 @@
patches.drivers/driver-core-Move-async_synchronize_full-call.patch
patches.fixes/sysfs-Disable-lockdep-for-driver-bind-unbind-files.patch
patches.drivers/misc-vexpress-Off-by-one-in-vexpress_syscfg_exec.patch
+ patches.fixes/genwqe-Fix-size-check.patch
patches.drivers/intel_th-msu-Fix-an-off-by-one-in-attribute-store.patch
+ patches.fixes/kconfig-fix-file-name-and-line-number-of-warn_ignore.patch
+ patches.fixes/kconfig-fix-memory-leak-when-EOF-is-encountered-in-q.patch
patches.suse/sched-fair-Fix-infinite-loop-in-update_blocked_averages-by-reverting-a9e7f6544b9c.patch
patches.fixes/seq_buf-Make-seq_buf_puts-null-terminate-the-buffer.patch
patches.drivers/soc-bcm-brcmstb-Don-t-leak-device-tree-node-referenc.patch
patches.drivers/soc-tegra-Don-t-leak-device-tree-node-reference.patch
patches.drivers/watchdog-w83627hf_wdt-support-Inves.patch
patches.fixes/watchdog-docs-kernel-api-don-t-reference-removed-fun.patch
+ patches.drivers/pinctrl-sx150x-handle-failure-case-of-devm_kstrdup.patch
+ patches.drivers/pinctrl-sunxi-a64-Rename-function-csi0-to-csi.patch
+ patches.drivers/pinctrl-sunxi-a64-Rename-function-ts0-to-ts.patch
+ patches.drivers/pinctrl-meson-meson8-fix-the-GPIO-function-for-the-G.patch
+ patches.drivers/pinctrl-meson-meson8b-fix-the-GPIO-function-for-the-.patch
patches.drivers/pinctrl-sh-pfc-r8a7740-Add-missing-REF125CK-pin-to-g.patch
patches.drivers/pinctrl-sh-pfc-r8a7740-Add-missing-LCD0-marks-to-lcd.patch
patches.drivers/pinctrl-sh-pfc-r8a7791-Remove-bogus-ctrl-marks-from-.patch
@@ -20305,6 +20348,7 @@
patches.fixes/selinux-fix-GPF-on-invalid-policy.patch
patches.fixes/Yama-Check-for-pid-death-before-checking-ancestry.patch
patches.fixes/LSM-Check-for-NULL-cred-security-on-free.patch
+ patches.drivers/hwmon-lm80-Fix-missing-unlock-on-error-in-set_fan_di.patch
patches.drm/0001-drm-i915-gvt-Fix-mmap-range-check.patch
patches.drm/0002-omap2fb-Fix-stack-memory-disclosure.patch
patches.drivers/crypto-authenc-fix-parsing-key-with-misaligned-rta_l.patch
@@ -20693,6 +20737,7 @@
patches.suse/btrfs-use-spinlock-to-protect--caching_block_groups-list.patch
patches.suse/btrfs-qgroups-fix-rescan-worker-running-races.patch
patches.suse/btrfs-suspend-qgroups-during-relocation-recovery.patch
+ patches.suse/0001-btrfs-qgroup-Make-qgroup-async-transaction-commit-mo.patch
patches.suse/reiserfs-mark-read-write-mode-unsupported.patch
patches.fixes/get_fs_type-Validate-fs-type-string-argument.patch
@@ -20752,6 +20797,7 @@
patches.suse/scsi-sr-workaround-VMware-ESXi-cdrom-emulation-bug.patch
patches.kabi/target-se_dev_attrib.emulate_pr-ABI-stability.patch
+ patches.fixes/sd-disable-logical-block-provisioning-if-lbpme-is-no.patch
########################################################
# DRM/Video
@@ -20791,6 +20837,9 @@
patches.kabi/ip-drop-IPSTATS_MIB_REASM_OVERLAPS.patch
patches.fixes/irda-Fix-memory-leak-caused-by-repeated-binds-of-ird.patch
patches.fixes/irda-Only-insert-new-objects-into-the-global-databas.patch
+ patches.kabi/kabi-handle-addition-of-ip6addrlbl_table-into-struct.patch
+ patches.kabi/kabi-restore-ip_tunnel_delete_net.patch
+ patches.kabi/kabi-handle-addition-of-uevent_sock-into-struct-net.patch
########################################################
# Netfilter