Home Home > GIT Browse > openSUSE-15.0
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKernel Build Daemon <kbuild@suse.de>2019-07-14 07:13:50 +0200
committerKernel Build Daemon <kbuild@suse.de>2019-07-14 07:13:50 +0200
commitd0fd2d5248e720ee4348e20138c0645fe9ecb08d (patch)
tree5d231d637279121d7c35f07acba3b46264582b1c
parent06384565f9e0b42eb6c5ead757c250c9e1cd7edd (diff)
parent246a0234f16ca8347266d973c432593fe7579f27 (diff)
Merge branch 'SLE15' into openSUSE-15.0
-rw-r--r--patches.drivers/usb-gadget-fusb300_udc-Fix-memory-leak-of-fusb300-ep.patch53
-rw-r--r--patches.drivers/usb-gadget-udc-lpc32xx-allocate-descriptor-with-GFP_.patch41
-rw-r--r--patches.fixes/0001-media-cpia2_usb-first-wake-up-then-free-in-disconnec.patch42
-rw-r--r--patches.fixes/0005-mm-memory_hotplug-be-more-verbose-for-memory-offline.patch12
-rw-r--r--patches.fixes/bpf-x64-fix-stack-layout-of-JITed-bpf-code.patch142
-rw-r--r--patches.fixes/bpf-x64-save-5-bytes-in-prologue-when-ebpf-insns-cam.patch75
-rw-r--r--patches.fixes/kvm-mmu-Fix-overflow-on-kvm-mmu-page-limit-calculati.patch151
-rw-r--r--patches.fixes/mm-page_alloc-fix-has_unmovable_pages-for-HugePages.patch79
-rw-r--r--patches.kabi/kabi-kvm-mmu-Fix-overflow-on-kvm-mmu-page-limit-calculati.patch36
-rw-r--r--patches.suse/bonding-fix-arp_validate-toggling-in-active-backup-m.patch76
-rw-r--r--patches.suse/bridge-Fix-error-path-for-kobject_init_and_add.patch62
-rw-r--r--patches.suse/dasd_fba-Display-00000000-for-zero-page-when-dumping.patch80
-rw-r--r--patches.suse/dpaa_eth-fix-SG-frame-cleanup.patch30
-rw-r--r--patches.suse/ipv4-Fix-raw-socket-lookup-for-local-traffic.patch44
-rw-r--r--patches.suse/ipv4-Use-return-value-of-inet_iif-for-__raw_v4_looku.patch33
-rw-r--r--patches.suse/kbuild-use-flive-patching-when-config_livepatch-is-enabled.patch44
-rw-r--r--patches.suse/livepatch-remove-duplicate-warning-about-missing-reliable-stacktrace-support.patch37
-rw-r--r--patches.suse/livepatch-use-static-buffer-for-debugging-messages-under-rq-lock.patch45
-rw-r--r--patches.suse/net-avoid-weird-emergency-message.patch36
-rw-r--r--patches.suse/net-mlx4_core-Change-the-error-print-to-info-print.patch30
-rw-r--r--patches.suse/net-seeq-fix-crash-caused-by-not-set-dev.parent.patch28
-rw-r--r--patches.suse/net-usb-qmi_wwan-add-Telit-0x1260-and-0x1261-composi.patch31
-rw-r--r--patches.suse/packet-Fix-error-path-in-packet_init.patch85
-rw-r--r--patches.suse/ppp-deflate-Fix-possible-crash-in-deflate_init.patch84
-rw-r--r--patches.suse/revert-livepatch-remove-reliable-stacktrace-check-in-klp_try_switch_task.patch44
-rw-r--r--patches.suse/rtnetlink-always-put-IFLA_LINK-for-links-with-a-link.patch77
-rw-r--r--patches.suse/tuntap-synchronize-through-tfiles-array-instead-of-t.patch53
-rw-r--r--patches.suse/vrf-sit-mtu-should-not-be-updated-when-vrf-netdev-is.patch32
-rw-r--r--patches.suse/vsock-virtio-free-packets-during-the-socket-release.patch40
-rw-r--r--series.conf28
30 files changed, 1644 insertions, 6 deletions
diff --git a/patches.drivers/usb-gadget-fusb300_udc-Fix-memory-leak-of-fusb300-ep.patch b/patches.drivers/usb-gadget-fusb300_udc-Fix-memory-leak-of-fusb300-ep.patch
new file mode 100644
index 0000000000..197d0559c7
--- /dev/null
+++ b/patches.drivers/usb-gadget-fusb300_udc-Fix-memory-leak-of-fusb300-ep.patch
@@ -0,0 +1,53 @@
+From 62fd0e0a24abeebe2c19fce49dd5716d9b62042d Mon Sep 17 00:00:00 2001
+From: Young Xiao <92siuyang@gmail.com>
+Date: Tue, 28 May 2019 20:17:54 +0800
+Subject: [PATCH] usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
+Git-commit: 62fd0e0a24abeebe2c19fce49dd5716d9b62042d
+Patch-mainline: v5.2-rc5
+References: bsc#1051510
+
+There is no deallocation of fusb300->ep[i] elements, allocated at
+fusb300_probe.
+
+The patch adds deallocation of fusb300->ep array elements.
+
+Signed-off-by: Young Xiao <92siuyang@gmail.com>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/usb/gadget/udc/fusb300_udc.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/drivers/usb/gadget/udc/fusb300_udc.c b/drivers/usb/gadget/udc/fusb300_udc.c
+index 263804d154a7..00e3f66836a9 100644
+--- a/drivers/usb/gadget/udc/fusb300_udc.c
++++ b/drivers/usb/gadget/udc/fusb300_udc.c
+@@ -1342,12 +1342,15 @@ static const struct usb_gadget_ops fusb300_gadget_ops = {
+ static int fusb300_remove(struct platform_device *pdev)
+ {
+ struct fusb300 *fusb300 = platform_get_drvdata(pdev);
++ int i;
+
+ usb_del_gadget_udc(&fusb300->gadget);
+ iounmap(fusb300->reg);
+ free_irq(platform_get_irq(pdev, 0), fusb300);
+
+ fusb300_free_request(&fusb300->ep[0]->ep, fusb300->ep0_req);
++ for (i = 0; i < FUSB300_MAX_NUM_EP; i++)
++ kfree(fusb300->ep[i]);
+ kfree(fusb300);
+
+ return 0;
+@@ -1491,6 +1494,8 @@ static int fusb300_probe(struct platform_device *pdev)
+ if (fusb300->ep0_req)
+ fusb300_free_request(&fusb300->ep[0]->ep,
+ fusb300->ep0_req);
++ for (i = 0; i < FUSB300_MAX_NUM_EP; i++)
++ kfree(fusb300->ep[i]);
+ kfree(fusb300);
+ }
+ if (reg)
+--
+2.16.4
+
diff --git a/patches.drivers/usb-gadget-udc-lpc32xx-allocate-descriptor-with-GFP_.patch b/patches.drivers/usb-gadget-udc-lpc32xx-allocate-descriptor-with-GFP_.patch
new file mode 100644
index 0000000000..aad10c96ee
--- /dev/null
+++ b/patches.drivers/usb-gadget-udc-lpc32xx-allocate-descriptor-with-GFP_.patch
@@ -0,0 +1,41 @@
+From fbc318afadd6e7ae2252d6158cf7d0c5a2132f7d Mon Sep 17 00:00:00 2001
+From: Alexandre Belloni <alexandre.belloni@bootlin.com>
+Date: Wed, 22 May 2019 14:07:36 +0200
+Subject: [PATCH] usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
+Git-commit: fbc318afadd6e7ae2252d6158cf7d0c5a2132f7d
+Patch-mainline: v5.2-rc5
+References: bsc#1051510
+
+Gadget drivers may queue request in interrupt context. This would lead to
+a descriptor allocation in that context. In that case we would hit
+BUG_ON(in_interrupt()) in __get_vm_area_node.
+
+Also remove the unnecessary cast.
+
+Acked-by: Sylvain Lemieux <slemieux.tyco@gmail.com>
+Tested-by: James Grant <jamesg@zaltys.org>
+Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Acked-by: Takashi Iwai <tiwai@suse.de>
+
+---
+ drivers/usb/gadget/udc/lpc32xx_udc.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/drivers/usb/gadget/udc/lpc32xx_udc.c b/drivers/usb/gadget/udc/lpc32xx_udc.c
+index d8f1c60793ed..2719194ebf42 100644
+--- a/drivers/usb/gadget/udc/lpc32xx_udc.c
++++ b/drivers/usb/gadget/udc/lpc32xx_udc.c
+@@ -937,8 +937,7 @@ static struct lpc32xx_usbd_dd_gad *udc_dd_alloc(struct lpc32xx_udc *udc)
+ dma_addr_t dma;
+ struct lpc32xx_usbd_dd_gad *dd;
+
+- dd = (struct lpc32xx_usbd_dd_gad *) dma_pool_alloc(
+- udc->dd_cache, (GFP_KERNEL | GFP_DMA), &dma);
++ dd = dma_pool_alloc(udc->dd_cache, GFP_ATOMIC | GFP_DMA, &dma);
+ if (dd)
+ dd->this_dma = dma;
+
+--
+2.16.4
+
diff --git a/patches.fixes/0001-media-cpia2_usb-first-wake-up-then-free-in-disconnec.patch b/patches.fixes/0001-media-cpia2_usb-first-wake-up-then-free-in-disconnec.patch
new file mode 100644
index 0000000000..af2452c696
--- /dev/null
+++ b/patches.fixes/0001-media-cpia2_usb-first-wake-up-then-free-in-disconnec.patch
@@ -0,0 +1,42 @@
+From eff73de2b1600ad8230692f00bc0ab49b166512a Mon Sep 17 00:00:00 2001
+From: Oliver Neukum <oneukum@suse.com>
+Date: Thu, 9 May 2019 04:57:09 -0400
+Subject: [PATCH] media: cpia2_usb: first wake up, then free in disconnect
+Git-commit: eff73de2b1600ad8230692f00bc0ab49b166512a
+Patch-mainline: v5.2
+References: bsc#1135642
+
+
+Kasan reported a use after free in cpia2_usb_disconnect()
+It first freed everything and then woke up those waiting.
+The reverse order is correct.
+
+Fixes: 6c493f8b28c67 ("[media] cpia2: major overhaul to get it in a working state again")
+
+Signed-off-by: Oliver Neukum <oneukum@suse.com>
+Reported-by: syzbot+0c90fc937c84f97d0aa6@syzkaller.appspotmail.com
+Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+---
+ drivers/media/usb/cpia2/cpia2_usb.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/media/usb/cpia2/cpia2_usb.c
++++ b/drivers/media/usb/cpia2/cpia2_usb.c
+@@ -901,7 +901,6 @@ static void cpia2_usb_disconnect(struct
+ cpia2_unregister_camera(cam);
+ v4l2_device_disconnect(&cam->v4l2_dev);
+ mutex_unlock(&cam->v4l2_lock);
+- v4l2_device_put(&cam->v4l2_dev);
+
+ if(cam->buffers) {
+ DBG("Wakeup waiting processes\n");
+@@ -913,6 +912,8 @@ static void cpia2_usb_disconnect(struct
+ DBG("Releasing interface\n");
+ usb_driver_release_interface(&cpia2_driver, intf);
+
++ v4l2_device_put(&cam->v4l2_dev);
++
+ LOG("CPiA2 camera disconnected.\n");
+ }
+
diff --git a/patches.fixes/0005-mm-memory_hotplug-be-more-verbose-for-memory-offline.patch b/patches.fixes/0005-mm-memory_hotplug-be-more-verbose-for-memory-offline.patch
index 0b54f7d754..cbcafc2ecd 100644
--- a/patches.fixes/0005-mm-memory_hotplug-be-more-verbose-for-memory-offline.patch
+++ b/patches.fixes/0005-mm-memory_hotplug-be-more-verbose-for-memory-offline.patch
@@ -64,16 +64,16 @@ Signed-off-by: Michal Hocko <mhocko@suse.com>
return ret;
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
-@@ -7449,7 +7449,7 @@ bool has_unmovable_pages(struct zone *zo
- if (PageHuge(page)) {
+@@ -7426,7 +7426,7 @@ bool has_unmovable_pages(struct zone *zo
+ unsigned int skip_pages;
- if (!hugepage_migration_supported(page_hstate(page)))
+ if (!hugepage_migration_supported(page_hstate(head)))
- return true;
+ goto unmovable;
- iter = round_up(iter + 1, 1<<compound_order(page)) - 1;
- continue;
-@@ -7493,9 +7493,12 @@ bool has_unmovable_pages(struct zone *zo
+ skip_pages = (1 << compound_order(head)) - (page - head);
+ iter += skip_pages - 1;
+@@ -7471,9 +7471,12 @@ bool has_unmovable_pages(struct zone *zo
* page at boot.
*/
if (found > count)
diff --git a/patches.fixes/bpf-x64-fix-stack-layout-of-JITed-bpf-code.patch b/patches.fixes/bpf-x64-fix-stack-layout-of-JITed-bpf-code.patch
new file mode 100644
index 0000000000..78f6d49e82
--- /dev/null
+++ b/patches.fixes/bpf-x64-fix-stack-layout-of-JITed-bpf-code.patch
@@ -0,0 +1,142 @@
+From: Alexei Starovoitov <ast@kernel.org>
+Date: Fri, 14 Jun 2019 15:43:28 -0700
+Subject: bpf, x64: fix stack layout of JITed bpf code
+Patch-mainline: Queued in subsystem maintainer repository
+Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
+Git-commit: fe8d9571dc50232b569242fac7ea6332a654f186
+References: bsc#1083647
+
+Since commit 177366bf7ceb the %rbp stopped pointing to %rbp of the
+previous stack frame. That broke frame pointer based stack unwinding.
+This commit is a partial revert of it.
+Note that the location of tail_call_cnt is fixed, since the verifier
+enforces MAX_BPF_STACK stack size for programs with tail calls.
+
+Fixes: 177366bf7ceb ("bpf: change x86 JITed program stack layout")
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Acked-by: Gary Lin <glin@suse.com>
+---
+ arch/x86/net/bpf_jit_comp.c | 83 +++++++++++---------------------------------
+ 1 file changed, 21 insertions(+), 62 deletions(-)
+
+--- a/arch/x86/net/bpf_jit_comp.c
++++ b/arch/x86/net/bpf_jit_comp.c
+@@ -200,11 +200,7 @@ struct jit_context {
+ #define BPF_MAX_INSN_SIZE 128
+ #define BPF_INSN_SAFETY 64
+
+-#define AUX_STACK_SPACE \
+- (32 /* space for rbx, r13, r14, r15 */ + \
+- 8 /* space for skb_copy_bits() buffer */)
+-
+-#define PROLOGUE_SIZE 37
++#define PROLOGUE_SIZE 20
+
+ /* emit x64 prologue code for BPF program and check it's size.
+ * bpf_tail_call helper will skip it while jumping into another program
+@@ -214,51 +210,19 @@ static void emit_prologue(u8 **pprog, u3
+ u8 *prog = *pprog;
+ int cnt = 0;
+
+- EMIT1(0x55); /* push rbp */
+- EMIT3(0x48, 0x89, 0xE5); /* mov rbp,rsp */
+-
+- /* sub rsp, rounded_stack_depth + AUX_STACK_SPACE */
+- EMIT3_off32(0x48, 0x81, 0xEC,
+- round_up(stack_depth, 8) + AUX_STACK_SPACE);
+-
+- /* sub rbp, AUX_STACK_SPACE */
+- EMIT4(0x48, 0x83, 0xED, AUX_STACK_SPACE);
+-
+- /* all classic BPF filters use R6(rbx) save it */
+-
+- /* mov qword ptr [rbp+0],rbx */
+- EMIT4(0x48, 0x89, 0x5D, 0);
+-
+- /* bpf_convert_filter() maps classic BPF register X to R7 and uses R8
+- * as temporary, so all tcpdump filters need to spill/fill R7(r13) and
+- * R8(r14). R9(r15) spill could be made conditional, but there is only
+- * one 'bpf_error' return path out of helper functions inside bpf_jit.S
+- * The overhead of extra spill is negligible for any filter other
+- * than synthetic ones. Therefore not worth adding complexity.
+- */
+-
+- /* mov qword ptr [rbp+8],r13 */
+- EMIT4(0x4C, 0x89, 0x6D, 8);
+- /* mov qword ptr [rbp+16],r14 */
+- EMIT4(0x4C, 0x89, 0x75, 16);
+- /* mov qword ptr [rbp+24],r15 */
+- EMIT4(0x4C, 0x89, 0x7D, 24);
+-
++ EMIT1(0x55); /* push rbp */
++ EMIT3(0x48, 0x89, 0xE5); /* mov rbp, rsp */
++ /* sub rsp, rounded_stack_depth */
++ EMIT3_off32(0x48, 0x81, 0xEC, round_up(stack_depth, 8));
++ EMIT1(0x53); /* push rbx */
++ EMIT2(0x41, 0x55); /* push r13 */
++ EMIT2(0x41, 0x56); /* push r14 */
++ EMIT2(0x41, 0x57); /* push r15 */
+ if (!ebpf_from_cbpf) {
+- /* Clear the tail call counter (tail_call_cnt): for eBPF tail
+- * calls we need to reset the counter to 0. It's done in two
+- * instructions, resetting rax register to 0, and moving it
+- * to the counter location.
+- */
+-
+- /* xor eax, eax */
+- EMIT2(0x31, 0xc0);
+- /* mov qword ptr [rbp+32], rax */
+- EMIT4(0x48, 0x89, 0x45, 32);
+-
++ /* zero init tail_call_cnt */
++ EMIT2(0x6a, 0x00);
+ BUILD_BUG_ON(cnt != PROLOGUE_SIZE);
+ }
+-
+ *pprog = prog;
+ }
+
+@@ -298,13 +262,13 @@ static void emit_bpf_tail_call(u8 **ppro
+ /* if (tail_call_cnt > MAX_TAIL_CALL_CNT)
+ * goto out;
+ */
+- EMIT2_off32(0x8B, 0x85, 36); /* mov eax, dword ptr [rbp + 36] */
++ EMIT2_off32(0x8B, 0x85, -36 - MAX_BPF_STACK); /* mov eax, dword ptr [rbp - 548] */
+ EMIT3(0x83, 0xF8, MAX_TAIL_CALL_CNT); /* cmp eax, MAX_TAIL_CALL_CNT */
+ #define OFFSET2 (30 + RETPOLINE_RAX_BPF_JIT_SIZE)
+ EMIT2(X86_JA, OFFSET2); /* ja out */
+ label2 = cnt;
+ EMIT3(0x83, 0xC0, 0x01); /* add eax, 1 */
+- EMIT2_off32(0x89, 0x85, 36); /* mov dword ptr [rbp + 36], eax */
++ EMIT2_off32(0x89, 0x85, -36 - MAX_BPF_STACK); /* mov dword ptr [rbp -548], eax */
+
+ /* prog = array->ptrs[index]; */
+ EMIT4_off32(0x48, 0x8B, 0x84, 0xD6, /* mov rax, [rsi + rdx * 8 + offsetof(...)] */
+@@ -1069,19 +1033,14 @@ common_load:
+ seen_exit = true;
+ /* update cleanup_addr */
+ ctx->cleanup_addr = proglen;
+- /* mov rbx, qword ptr [rbp+0] */
+- EMIT4(0x48, 0x8B, 0x5D, 0);
+- /* mov r13, qword ptr [rbp+8] */
+- EMIT4(0x4C, 0x8B, 0x6D, 8);
+- /* mov r14, qword ptr [rbp+16] */
+- EMIT4(0x4C, 0x8B, 0x75, 16);
+- /* mov r15, qword ptr [rbp+24] */
+- EMIT4(0x4C, 0x8B, 0x7D, 24);
+-
+- /* add rbp, AUX_STACK_SPACE */
+- EMIT4(0x48, 0x83, 0xC5, AUX_STACK_SPACE);
+- EMIT1(0xC9); /* leave */
+- EMIT1(0xC3); /* ret */
++ if (!bpf_prog_was_classic(bpf_prog))
++ EMIT1(0x5B); /* get rid of tail_call_cnt */
++ EMIT2(0x41, 0x5F); /* pop r15 */
++ EMIT2(0x41, 0x5E); /* pop r14 */
++ EMIT2(0x41, 0x5D); /* pop r13 */
++ EMIT1(0x5B); /* pop rbx */
++ EMIT1(0xC9); /* leave */
++ EMIT1(0xC3); /* ret */
+ break;
+
+ default:
diff --git a/patches.fixes/bpf-x64-save-5-bytes-in-prologue-when-ebpf-insns-cam.patch b/patches.fixes/bpf-x64-save-5-bytes-in-prologue-when-ebpf-insns-cam.patch
new file mode 100644
index 0000000000..a70f8ccf9c
--- /dev/null
+++ b/patches.fixes/bpf-x64-save-5-bytes-in-prologue-when-ebpf-insns-cam.patch
@@ -0,0 +1,75 @@
+From: Daniel Borkmann <daniel@iogearbox.net>
+Date: Sat, 24 Feb 2018 01:08:02 +0100
+Subject: bpf, x64: save 5 bytes in prologue when ebpf insns came from cbpf
+Patch-mainline: v4.17-rc1
+Git-commit: 0869175220b339b81de48872c8198c3ed75782e3
+References: bsc#1083647
+
+While it's rather cumbersome to reduce prologue for cBPF->eBPF
+migrations wrt spill/fill for r15 which is callee saved register
+due to bpf_error path in bpf_jit.S that is both used by migrations
+as well as native eBPF, we can still trivially save 5 bytes in
+prologue for the former since tail calls can never be used there.
+cBPF->eBPF migrations also have their own custom prologue in BPF
+asm that xors A and X reg anyway, so it's fine we skip this here.
+
+Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Acked-by: Gary Lin <glin@suse.com>
+---
+ arch/x86/net/bpf_jit_comp.c | 28 ++++++++++++++++------------
+ 1 file changed, 16 insertions(+), 12 deletions(-)
+
+--- a/arch/x86/net/bpf_jit_comp.c
++++ b/arch/x86/net/bpf_jit_comp.c
+@@ -209,7 +209,7 @@ struct jit_context {
+ /* emit x64 prologue code for BPF program and check it's size.
+ * bpf_tail_call helper will skip it while jumping into another program
+ */
+-static void emit_prologue(u8 **pprog, u32 stack_depth)
++static void emit_prologue(u8 **pprog, u32 stack_depth, bool ebpf_from_cbpf)
+ {
+ u8 *prog = *pprog;
+ int cnt = 0;
+@@ -244,18 +244,21 @@ static void emit_prologue(u8 **pprog, u3
+ /* mov qword ptr [rbp+24],r15 */
+ EMIT4(0x4C, 0x89, 0x7D, 24);
+
+- /* Clear the tail call counter (tail_call_cnt): for eBPF tail calls
+- * we need to reset the counter to 0. It's done in two instructions,
+- * resetting rax register to 0 (xor on eax gets 0 extended), and
+- * moving it to the counter location.
+- */
++ if (!ebpf_from_cbpf) {
++ /* Clear the tail call counter (tail_call_cnt): for eBPF tail
++ * calls we need to reset the counter to 0. It's done in two
++ * instructions, resetting rax register to 0, and moving it
++ * to the counter location.
++ */
++
++ /* xor eax, eax */
++ EMIT2(0x31, 0xc0);
++ /* mov qword ptr [rbp+32], rax */
++ EMIT4(0x48, 0x89, 0x45, 32);
+
+- /* xor eax, eax */
+- EMIT2(0x31, 0xc0);
+- /* mov qword ptr [rbp+32], rax */
+- EMIT4(0x48, 0x89, 0x45, 32);
++ BUILD_BUG_ON(cnt != PROLOGUE_SIZE);
++ }
+
+- BUILD_BUG_ON(cnt != PROLOGUE_SIZE);
+ *pprog = prog;
+ }
+
+@@ -366,7 +369,8 @@ static int do_jit(struct bpf_prog *bpf_p
+ int proglen = 0;
+ u8 *prog = temp;
+
+- emit_prologue(&prog, bpf_prog->aux->stack_depth);
++ emit_prologue(&prog, bpf_prog->aux->stack_depth,
++ bpf_prog_was_classic(bpf_prog));
+
+ if (seen_ld_abs)
+ emit_load_skb_data_hlen(&prog);
diff --git a/patches.fixes/kvm-mmu-Fix-overflow-on-kvm-mmu-page-limit-calculati.patch b/patches.fixes/kvm-mmu-Fix-overflow-on-kvm-mmu-page-limit-calculati.patch
new file mode 100644
index 0000000000..53c9295ced
--- /dev/null
+++ b/patches.fixes/kvm-mmu-Fix-overflow-on-kvm-mmu-page-limit-calculati.patch
@@ -0,0 +1,151 @@
+From 7c88e3ff28c77db7ee83f02229ea12844e0105bc Mon Sep 17 00:00:00 2001
+From: Ben Gardon <bgardon@google.com>
+Date: Mon, 8 Apr 2019 11:07:30 -0700
+Subject: [PATCH] kvm: mmu: Fix overflow on kvm mmu page limit calculation
+Patch-mainline: v5.1-rc6
+Git-commit: bc8a3d8925a8fa09fa550e0da115d95851ce33c6
+References: bsc#1135335
+
+KVM bases its memory usage limits on the total number of guest pages
+across all memslots. However, those limits, and the calculations to
+produce them, use 32 bit unsigned integers. This can result in overflow
+if a VM has more guest pages that can be represented by a u32. As a
+result of this overflow, KVM can use a low limit on the number of MMU
+pages it will allocate. This makes KVM unable to map all of guest memory
+at once, prompting spurious faults.
+
+Tested: Ran all kvm-unit-tests on an Intel Haswell machine. This patch
+ introduced no new failures.
+
+Signed-off-by: Ben Gardon <bgardon@google.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Acked-by: Liang Yan <lyan@suse.com>
+---
+ arch/x86/include/asm/kvm_host.h | 12 ++++++------
+ arch/x86/kvm/mmu.c | 13 ++++++-------
+ arch/x86/kvm/mmu.h | 2 +-
+ arch/x86/kvm/x86.c | 4 ++--
+ 4 files changed, 15 insertions(+), 16 deletions(-)
+
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
+index ae76bb2db0bb..bdc0385eadc4 100644
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -113,7 +113,7 @@ static inline gfn_t gfn_to_index(gfn_t gfn, gfn_t base_gfn, int level)
+ }
+
+ #define KVM_PERMILLE_MMU_PAGES 20
+-#define KVM_MIN_ALLOC_MMU_PAGES 64
++#define KVM_MIN_ALLOC_MMU_PAGES 64UL
+ #define KVM_MMU_HASH_SHIFT 12
+ #define KVM_NUM_MMU_PAGES (1 << KVM_MMU_HASH_SHIFT)
+ #define KVM_MIN_FREE_MMU_PAGES 5
+@@ -778,9 +778,9 @@ struct kvm_sev_info {
+ };
+
+ struct kvm_arch {
+- unsigned int n_used_mmu_pages;
+- unsigned int n_requested_mmu_pages;
+- unsigned int n_max_mmu_pages;
++ unsigned long n_used_mmu_pages;
++ unsigned long n_requested_mmu_pages;
++ unsigned long n_max_mmu_pages;
+ unsigned int indirect_shadow_pages;
+ unsigned long mmu_valid_gen;
+ struct hlist_head mmu_page_hash[KVM_NUM_MMU_PAGES];
+@@ -1165,8 +1165,8 @@ void kvm_mmu_clear_dirty_pt_masked(struct kvm *kvm,
+ gfn_t gfn_offset, unsigned long mask);
+ void kvm_mmu_zap_all(struct kvm *kvm);
+ void kvm_mmu_invalidate_mmio_sptes(struct kvm *kvm, u64 gen);
+-unsigned int kvm_mmu_calculate_mmu_pages(struct kvm *kvm);
+-void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages);
++unsigned long kvm_mmu_calculate_mmu_pages(struct kvm *kvm);
++void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned long kvm_nr_mmu_pages);
+
+ int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3);
+ bool pdptrs_changed(struct kvm_vcpu *vcpu);
+diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
+index 64bcf60e9393..42cca05f05dc 100644
+--- a/arch/x86/kvm/mmu.c
++++ b/arch/x86/kvm/mmu.c
+@@ -1941,7 +1941,7 @@ static int is_empty_shadow_page(u64 *spt)
+ * aggregate version in order to make the slab shrinker
+ * faster
+ */
+-static inline void kvm_mod_used_mmu_pages(struct kvm *kvm, int nr)
++static inline void kvm_mod_used_mmu_pages(struct kvm *kvm, unsigned long nr)
+ {
+ kvm->arch.n_used_mmu_pages += nr;
+ percpu_counter_add(&kvm_total_used_mmu_pages, nr);
+@@ -2681,7 +2681,7 @@ static bool prepare_zap_oldest_mmu_page(struct kvm *kvm,
+ * Changing the number of mmu pages allocated to the vm
+ * Note: if goal_nr_mmu_pages is too small, you will get dead lock
+ */
+-void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int goal_nr_mmu_pages)
++void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned long goal_nr_mmu_pages)
+ {
+ LIST_HEAD(invalid_list);
+
+@@ -5592,10 +5592,10 @@ int kvm_mmu_module_init(void)
+ /*
+ * Caculate mmu pages needed for kvm.
+ */
+-unsigned int kvm_mmu_calculate_mmu_pages(struct kvm *kvm)
++unsigned long kvm_mmu_calculate_mmu_pages(struct kvm *kvm)
+ {
+- unsigned int nr_mmu_pages;
+- unsigned int nr_pages = 0;
++ unsigned long nr_mmu_pages;
++ unsigned long nr_pages = 0;
+ struct kvm_memslots *slots;
+ struct kvm_memory_slot *memslot;
+ int i;
+@@ -5608,8 +5608,7 @@ unsigned int kvm_mmu_calculate_mmu_pages(struct kvm *kvm)
+ }
+
+ nr_mmu_pages = nr_pages * KVM_PERMILLE_MMU_PAGES / 1000;
+- nr_mmu_pages = max(nr_mmu_pages,
+- (unsigned int) KVM_MIN_ALLOC_MMU_PAGES);
++ nr_mmu_pages = max(nr_mmu_pages, KVM_MIN_ALLOC_MMU_PAGES);
+
+ return nr_mmu_pages;
+ }
+diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h
+index 1092302aa16a..de14d69901cc 100644
+--- a/arch/x86/kvm/mmu.h
++++ b/arch/x86/kvm/mmu.h
+@@ -67,7 +67,7 @@ bool kvm_can_do_async_pf(struct kvm_vcpu *vcpu);
+ int kvm_handle_page_fault(struct kvm_vcpu *vcpu, u64 error_code,
+ u64 fault_address, char *insn, int insn_len);
+
+-static inline unsigned int kvm_mmu_available_pages(struct kvm *kvm)
++static inline unsigned long kvm_mmu_available_pages(struct kvm *kvm)
+ {
+ if (kvm->arch.n_max_mmu_pages > kvm->arch.n_used_mmu_pages)
+ return kvm->arch.n_max_mmu_pages -
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index af84f3022d31..203616020144 100644
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -3879,7 +3879,7 @@ static int kvm_vm_ioctl_set_identity_map_addr(struct kvm *kvm,
+ }
+
+ static int kvm_vm_ioctl_set_nr_mmu_pages(struct kvm *kvm,
+- u32 kvm_nr_mmu_pages)
++ unsigned long kvm_nr_mmu_pages)
+ {
+ if (kvm_nr_mmu_pages < KVM_MIN_ALLOC_MMU_PAGES)
+ return -EINVAL;
+@@ -3893,7 +3893,7 @@ static int kvm_vm_ioctl_set_nr_mmu_pages(struct kvm *kvm,
+ return 0;
+ }
+
+-static int kvm_vm_ioctl_get_nr_mmu_pages(struct kvm *kvm)
++static unsigned long kvm_vm_ioctl_get_nr_mmu_pages(struct kvm *kvm)
+ {
+ return kvm->arch.n_max_mmu_pages;
+ }
+--
+2.21.0
+
diff --git a/patches.fixes/mm-page_alloc-fix-has_unmovable_pages-for-HugePages.patch b/patches.fixes/mm-page_alloc-fix-has_unmovable_pages-for-HugePages.patch
new file mode 100644
index 0000000000..e495c10613
--- /dev/null
+++ b/patches.fixes/mm-page_alloc-fix-has_unmovable_pages-for-HugePages.patch
@@ -0,0 +1,79 @@
+From 17e2e7d7e1b83fa324b3f099bfe426659aa3c2a4 Mon Sep 17 00:00:00 2001
+From: Oscar Salvador <osalvador@suse.de>
+Date: Fri, 21 Dec 2018 14:31:00 -0800
+Subject: [PATCH] mm, page_alloc: fix has_unmovable_pages for HugePages
+Patch-mainline: v4.20
+Git-commit: 17e2e7d7e1b83fa324b3f099bfe426659aa3c2a4
+References: bsc#1127034
+
+While playing with gigantic hugepages and memory_hotplug, I triggered
+the following #PF when "cat memoryX/removable":
+
+ BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
+ #PF error: [normal kernel read fault]
+ PGD 0 P4D 0
+ Oops: 0000 [#1] SMP PTI
+ CPU: 1 PID: 1481 Comm: cat Tainted: G E 4.20.0-rc6-mm1-1-default+ #18
+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
+ RIP: 0010:has_unmovable_pages+0x154/0x210
+ Call Trace:
+ is_mem_section_removable+0x7d/0x100
+ removable_show+0x90/0xb0
+ dev_attr_show+0x1c/0x50
+ sysfs_kf_seq_show+0xca/0x1b0
+ seq_read+0x133/0x380
+ __vfs_read+0x26/0x180
+ vfs_read+0x89/0x140
+ ksys_read+0x42/0x90
+ do_syscall_64+0x5b/0x180
+ entry_SYSCALL_64_after_hwframe+0x44/0xa9
+
+The reason is we do not pass the Head to page_hstate(), and so, the call
+to compound_order() in page_hstate() returns 0, so we end up checking
+all hstates's size to match PAGE_SIZE.
+
+Obviously, we do not find any hstate matching that size, and we return
+NULL. Then, we dereference that NULL pointer in
+hugepage_migration_supported() and we got the #PF from above.
+
+Fix that by getting the head page before calling page_hstate().
+
+Also, since gigantic pages span several pageblocks, re-adjust the logic
+for skipping pages. While are it, we can also get rid of the
+round_up().
+
+[osalvador@suse.de: remove round_up(), adjust skip pages logic per Michal]
+ Link: http://lkml.kernel.org/r/20181221062809.31771-1-osalvador@suse.de
+Link: http://lkml.kernel.org/r/20181217225113.17864-1-osalvador@suse.de
+Signed-off-by: Oscar Salvador <osalvador@suse.de>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Cc: Vlastimil Babka <vbabka@suse.cz>
+Cc: Pavel Tatashin <pavel.tatashin@microsoft.com>
+Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ mm/page_alloc.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -7422,11 +7422,14 @@ bool has_unmovable_pages(struct zone *zo
+ * handle each tail page individually in migration.
+ */
+ if (PageHuge(page)) {
++ struct page *head = compound_head(page);
++ unsigned int skip_pages;
+
+- if (!hugepage_migration_supported(page_hstate(page)))
++ if (!hugepage_migration_supported(page_hstate(head)))
+ return true;
+
+- iter = round_up(iter + 1, 1<<compound_order(page)) - 1;
++ skip_pages = (1 << compound_order(head)) - (page - head);
++ iter += skip_pages - 1;
+ continue;
+ }
+
diff --git a/patches.kabi/kabi-kvm-mmu-Fix-overflow-on-kvm-mmu-page-limit-calculati.patch b/patches.kabi/kabi-kvm-mmu-Fix-overflow-on-kvm-mmu-page-limit-calculati.patch
new file mode 100644
index 0000000000..f0af3d695f
--- /dev/null
+++ b/patches.kabi/kabi-kvm-mmu-Fix-overflow-on-kvm-mmu-page-limit-calculati.patch
@@ -0,0 +1,36 @@
+From: Liang Yan <lyan@suse.com>
+Date: Fri, 12 Jul 2019 09:33:19 -0400
+Subject: [PATCH] kvm/mmu: kABI fix for *_mmu_pages changes in struct kvm_arch
+Patch-mainline: Never, kABI fix
+References: bsc#1135335
+
+Hide the kabi break for type changes of *_mmu_pages in struct kvm_arch.
+Related patch:
+patches.fixes/kvm-mmu-Fix-overflow-on-kvm-mmu-page-limit-calculati.patch
+
+Signed-off-by: Liang Yan <lyan@suse.com>
+---
+ arch/x86/include/asm/kvm_host.h | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -778,9 +778,15 @@ struct kvm_sev_info {
+ };
+
+ struct kvm_arch {
+- unsigned long n_used_mmu_pages;
+- unsigned long n_requested_mmu_pages;
+- unsigned long n_max_mmu_pages;
++#ifndef __GENKSYMS__
++ unsigned long n_used_mmu_pages;
++ unsigned long n_requested_mmu_pages;
++ unsigned long n_max_mmu_pages;
++#else
++ unsigned int n_used_mmu_pages;
++ unsigned int n_requested_mmu_pages;
++ unsigned int n_max_mmu_pages;
++#endif
+ unsigned int indirect_shadow_pages;
+ unsigned long mmu_valid_gen;
+ struct hlist_head mmu_page_hash[KVM_NUM_MMU_PAGES];
diff --git a/patches.suse/bonding-fix-arp_validate-toggling-in-active-backup-m.patch b/patches.suse/bonding-fix-arp_validate-toggling-in-active-backup-m.patch
new file mode 100644
index 0000000000..04a10a351a
--- /dev/null
+++ b/patches.suse/bonding-fix-arp_validate-toggling-in-active-backup-m.patch
@@ -0,0 +1,76 @@
+From: Jarod Wilson <jarod@redhat.com>
+Date: Fri, 10 May 2019 17:57:09 -0400
+Subject: bonding: fix arp_validate toggling in active-backup mode
+Git-commit: a9b8a2b39ce65df45687cf9ef648885c2a99fe75
+Patch-mainline: 5.2-rc1
+References: networking-stable-19_05_14
+
+There's currently a problem with toggling arp_validate on and off with an
+active-backup bond. At the moment, you can start up a bond, like so:
+
+modprobe bonding mode=1 arp_interval=100 arp_validate=0 arp_ip_targets=192.168.1.1
+ip link set bond0 down
+echo "ens4f0" > /sys/class/net/bond0/bonding/slaves
+echo "ens4f1" > /sys/class/net/bond0/bonding/slaves
+ip link set bond0 up
+ip addr add 192.168.1.2/24 dev bond0
+
+Pings to 192.168.1.1 work just fine. Now turn on arp_validate:
+
+echo 1 > /sys/class/net/bond0/bonding/arp_validate
+
+Pings to 192.168.1.1 continue to work just fine. Now when you go to turn
+arp_validate off again, the link falls flat on it's face:
+
+echo 0 > /sys/class/net/bond0/bonding/arp_validate
+dmesg
+...
+[133191.911987] bond0: Setting arp_validate to none (0)
+[133194.257793] bond0: bond_should_notify_peers: slave ens4f0
+[133194.258031] bond0: link status definitely down for interface ens4f0, disabling it
+[133194.259000] bond0: making interface ens4f1 the new active one
+[133197.330130] bond0: link status definitely down for interface ens4f1, disabling it
+[133197.331191] bond0: now running without any active interface!
+
+The problem lies in bond_options.c, where passing in arp_validate=0
+results in bond->recv_probe getting set to NULL. This flies directly in
+the face of commit 3fe68df97c7f, which says we need to set recv_probe =
+bond_arp_recv, even if we're not using arp_validate. Said commit fixed
+this in bond_option_arp_interval_set, but missed that we can get to that
+same state in bond_option_arp_validate_set as well.
+
+One solution would be to universally set recv_probe = bond_arp_recv here
+as well, but I don't think bond_option_arp_validate_set has any business
+touching recv_probe at all, and that should be left to the arp_interval
+code, so we can just make things much tidier here.
+
+Fixes: 3fe68df97c7f ("bonding: always set recv_probe to bond_arp_rcv in arp monitor")
+CC: Jay Vosburgh <j.vosburgh@gmail.com>
+CC: Veaceslav Falico <vfalico@gmail.com>
+CC: Andy Gospodarek <andy@greyhouse.net>
+CC: "David S. Miller" <davem@davemloft.net>
+CC: netdev@vger.kernel.org
+Signed-off-by: Jarod Wilson <jarod@redhat.com>
+Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/net/bonding/bond_options.c | 7 -------
+ 1 file changed, 7 deletions(-)
+
+--- a/drivers/net/bonding/bond_options.c
++++ b/drivers/net/bonding/bond_options.c
+@@ -1070,13 +1070,6 @@ static int bond_option_arp_validate_set(
+ {
+ netdev_info(bond->dev, "Setting arp_validate to %s (%llu)\n",
+ newval->string, newval->value);
+-
+- if (bond->dev->flags & IFF_UP) {
+- if (!newval->value)
+- bond->recv_probe = NULL;
+- else if (bond->params.arp_interval)
+- bond->recv_probe = bond_arp_rcv;
+- }
+ bond->params.arp_validate = newval->value;
+
+ return 0;
diff --git a/patches.suse/bridge-Fix-error-path-for-kobject_init_and_add.patch b/patches.suse/bridge-Fix-error-path-for-kobject_init_and_add.patch
new file mode 100644
index 0000000000..b5d54d4ac7
--- /dev/null
+++ b/patches.suse/bridge-Fix-error-path-for-kobject_init_and_add.patch
@@ -0,0 +1,62 @@
+From: "Tobin C. Harding" <tobin@kernel.org>
+Date: Fri, 10 May 2019 12:52:12 +1000
+Subject: bridge: Fix error path for kobject_init_and_add()
+Git-commit: bdfad5aec1392b93495b77b864d58d7f101dc1c1
+Patch-mainline: 5.2-rc1
+References: networking-stable-19_05_14
+
+Currently error return from kobject_init_and_add() is not followed by a
+call to kobject_put(). This means there is a memory leak. We currently
+set p to NULL so that kfree() may be called on it as a noop, the code is
+arguably clearer if we move the kfree() up closer to where it is
+called (instead of after goto jump).
+
+Remove a goto label 'err1' and jump to call to kobject_put() in error
+return from kobject_init_and_add() fixing the memory leak. Re-name goto
+label 'put_back' to 'err1' now that we don't use err1, following current
+nomenclature (err1, err2 ...). Move call to kfree out of the error
+code at bottom of function up to closer to where memory was allocated.
+Add comment to clarify call to kfree().
+
+Signed-off-by: Tobin C. Harding <tobin@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/bridge/br_if.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+--- a/net/bridge/br_if.c
++++ b/net/bridge/br_if.c
+@@ -518,13 +518,15 @@ int br_add_if(struct net_bridge *br, str
+ call_netdevice_notifiers(NETDEV_JOIN, dev);
+
+ err = dev_set_allmulti(dev, 1);
+- if (err)
+- goto put_back;
++ if (err) {
++ kfree(p); /* kobject not yet init'd, manually free */
++ goto err1;
++ }
+
+ err = kobject_init_and_add(&p->kobj, &brport_ktype, &(dev->dev.kobj),
+ SYSFS_BRIDGE_PORT_ATTR);
+ if (err)
+- goto err1;
++ goto err2;
+
+ err = br_sysfs_addif(p);
+ if (err)
+@@ -607,12 +609,9 @@ err3:
+ sysfs_remove_link(br->ifobj, p->dev->name);
+ err2:
+ kobject_put(&p->kobj);
+- p = NULL; /* kobject_put frees */
+-err1:
+ dev_set_allmulti(dev, -1);
+-put_back:
++err1:
+ dev_put(dev);
+- kfree(p);
+ return err;
+ }
+
diff --git a/patches.suse/dasd_fba-Display-00000000-for-zero-page-when-dumping.patch b/patches.suse/dasd_fba-Display-00000000-for-zero-page-when-dumping.patch
new file mode 100644
index 0000000000..8b5f4aa828
--- /dev/null
+++ b/patches.suse/dasd_fba-Display-00000000-for-zero-page-when-dumping.patch
@@ -0,0 +1,80 @@
+From f1f17dad5582a916a9376a397bc7b6c877ef670a Mon Sep 17 00:00:00 2001
+From: Hannes Reinecke <hare@suse.de>
+Date: Wed, 20 Feb 2019 08:19:13 +0100
+Subject: [PATCH] dasd_fba: Display '00000000' for zero page when dumping sense
+
+References: bsc#11123080
+Patch-mainline: no, test patch for now
+
+When a discard I/O fails, dasd_fba_dump_sense() will crash as it
+tries to print out the CCW, and failing to take into account that
+for discard I/O we have only one data pointer, not one per sg.
+As the data pointer will always point to the zero page this patch
+replaces the data pointer output with '00000000' to avoid the crash.
+
+Signed-off-by: Hannes Reinecke <hare@suse.com>
+[sparschauer: replaced "ccw" with "act", "snprintf" with "sprintf"]
+[sparschauer v2: added missing curly braces to for loops]
+Signed-off-by: Sebastian Parschauer <sparschauer@suse.de>
+---
+ drivers/s390/block/dasd_fba.c | 21 ++++++++++++++++++---
+ 1 file changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/s390/block/dasd_fba.c b/drivers/s390/block/dasd_fba.c
+index 6168ccdb389c..a3f3778cf29f 100644
+--- a/drivers/s390/block/dasd_fba.c
++++ b/drivers/s390/block/dasd_fba.c
+@@ -714,10 +714,15 @@ dasd_fba_dump_sense(struct dasd_device *device, struct dasd_ccw_req * req,
+ " CCW %p: %08X %08X DAT:",
+ act, ((int *) act)[0], ((int *) act)[1]);
+ for (count = 0; count < 32 && count < act->count;
+- count += sizeof(int))
++ count += sizeof(int)) {
++ if (act->flags & CCW_FLAG_SLI) {
++ len += sprintf(page + len, " 00000000");
++ break;
++ }
+ len += sprintf(page + len, " %08X",
+ ((int *) (addr_t) act->cda)
+ [(count>>2)]);
++ }
+ len += sprintf(page + len, "\n");
+ act++;
+ }
+@@ -736,10 +741,15 @@ dasd_fba_dump_sense(struct dasd_device *device, struct dasd_ccw_req * req,
+ " CCW %p: %08X %08X DAT:",
+ act, ((int *) act)[0], ((int *) act)[1]);
+ for (count = 0; count < 32 && count < act->count;
+- count += sizeof(int))
++ count += sizeof(int)) {
++ if (act->flags & CCW_FLAG_SLI) {
++ len += sprintf(page + len, " 00000000");
++ break;
++ }
+ len += sprintf(page + len, " %08X",
+ ((int *) (addr_t) act->cda)
+ [(count>>2)]);
++ }
+ len += sprintf(page + len, "\n");
+ act++;
+ }
+@@ -754,10 +764,15 @@ dasd_fba_dump_sense(struct dasd_device *device, struct dasd_ccw_req * req,
+ " CCW %p: %08X %08X DAT:",
+ act, ((int *) act)[0], ((int *) act)[1]);
+ for (count = 0; count < 32 && count < act->count;
+- count += sizeof(int))
++ count += sizeof(int)) {
++ if (act->flags & CCW_FLAG_SLI) {
++ len += sprintf(page + len, " 00000000");
++ break;
++ }
+ len += sprintf(page + len, " %08X",
+ ((int *) (addr_t) act->cda)
+ [(count>>2)]);
++ }
+ len += sprintf(page + len, "\n");
+ act++;
+ }
+--
+2.22.0
+
diff --git a/patches.suse/dpaa_eth-fix-SG-frame-cleanup.patch b/patches.suse/dpaa_eth-fix-SG-frame-cleanup.patch
new file mode 100644
index 0000000000..9bc3dc08a0
--- /dev/null
+++ b/patches.suse/dpaa_eth-fix-SG-frame-cleanup.patch
@@ -0,0 +1,30 @@
+From: Laurentiu Tudor <laurentiu.tudor@nxp.com>
+Date: Fri, 3 May 2019 16:03:11 +0300
+Subject: dpaa_eth: fix SG frame cleanup
+Git-commit: 17170e6570c082717c142733d9a638bcd20551f8
+Patch-mainline: 5.2-rc1
+References: networking-stable-19_05_14
+
+Fix issue with the entry indexing in the sg frame cleanup code being
+off-by-1. This problem showed up when doing some basic iperf tests and
+manifested in traffic coming to a halt.
+
+Signed-off-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
+Acked-by: Madalin Bucur <madalin.bucur@nxp.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
++++ b/drivers/net/ethernet/freescale/dpaa/dpaa_eth.c
+@@ -1600,7 +1600,7 @@ static struct sk_buff *dpaa_cleanup_tx_f
+ qm_sg_entry_get_len(&sgt[0]), dma_dir);
+
+ /* remaining pages were mapped with skb_frag_dma_map() */
+- for (i = 1; i < nr_frags; i++) {
++ for (i = 1; i <= nr_frags; i++) {
+ WARN_ON(qm_sg_entry_is_ext(&sgt[i]));
+
+ dma_unmap_page(dev, qm_sg_addr(&sgt[i]),
diff --git a/patches.suse/ipv4-Fix-raw-socket-lookup-for-local-traffic.patch b/patches.suse/ipv4-Fix-raw-socket-lookup-for-local-traffic.patch
new file mode 100644
index 0000000000..51eafa1740
--- /dev/null
+++ b/patches.suse/ipv4-Fix-raw-socket-lookup-for-local-traffic.patch
@@ -0,0 +1,44 @@
+From: David Ahern <dsahern@gmail.com>
+Date: Tue, 7 May 2019 20:44:59 -0700
+Subject: ipv4: Fix raw socket lookup for local traffic
+Git-commit: 19e4e768064a87b073a4b4c138b55db70e0cfb9f
+Patch-mainline: 5.2-rc1
+References: networking-stable-19_05_14
+
+inet_iif should be used for the raw socket lookup. inet_iif considers
+rt_iif which handles the case of local traffic.
+
+As it stands, ping to a local address with the '-I <dev>' option fails
+ever since ping was changed to use SO_BINDTODEVICE instead of
+cmsg + IP_PKTINFO.
+
+IPv6 works fine.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: David Ahern <dsahern@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/ipv4/raw.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/ipv4/raw.c
++++ b/net/ipv4/raw.c
+@@ -171,6 +171,7 @@ static int icmp_filter(const struct sock
+ */
+ static int raw_v4_input(struct sk_buff *skb, const struct iphdr *iph, int hash)
+ {
++ int dif = inet_iif(skb);
+ struct sock *sk;
+ struct hlist_head *head;
+ int delivered = 0;
+@@ -183,8 +184,7 @@ static int raw_v4_input(struct sk_buff *
+
+ net = dev_net(skb->dev);
+ sk = __raw_v4_lookup(net, __sk_head(head), iph->protocol,
+- iph->saddr, iph->daddr,
+- skb->dev->ifindex);
++ iph->saddr, iph->daddr, dif);
+
+ while (sk) {
+ delivered = 1;
diff --git a/patches.suse/ipv4-Use-return-value-of-inet_iif-for-__raw_v4_looku.patch b/patches.suse/ipv4-Use-return-value-of-inet_iif-for-__raw_v4_looku.patch
new file mode 100644
index 0000000000..6810a97aad
--- /dev/null
+++ b/patches.suse/ipv4-Use-return-value-of-inet_iif-for-__raw_v4_looku.patch
@@ -0,0 +1,33 @@
+From: Stephen Suryaputra <ssuryaextr@gmail.com>
+Date: Mon, 24 Jun 2019 20:14:06 -0400
+Subject: ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while
+ loop
+Git-commit: 38c73529de13e1e10914de7030b659a2f8b01c3b
+Patch-mainline: 5.2-rc7
+References: git-fixes
+
+In commit 19e4e768064a8 ("ipv4: Fix raw socket lookup for local
+traffic"), the dif argument to __raw_v4_lookup() is coming from the
+returned value of inet_iif() but the change was done only for the first
+lookup. Subsequent lookups in the while loop still use skb->dev->ifIndex.
+
+Fixes: 19e4e768064a8 ("ipv4: Fix raw socket lookup for local traffic")
+Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
+Reviewed-by: David Ahern <dsahern@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/ipv4/raw.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv4/raw.c
++++ b/net/ipv4/raw.c
+@@ -199,7 +199,7 @@ static int raw_v4_input(struct sk_buff *
+ }
+ sk = __raw_v4_lookup(net, sk_next(sk), iph->protocol,
+ iph->saddr, iph->daddr,
+- skb->dev->ifindex);
++ dif);
+ }
+ out:
+ read_unlock(&raw_v4_hashinfo.lock);
diff --git a/patches.suse/kbuild-use-flive-patching-when-config_livepatch-is-enabled.patch b/patches.suse/kbuild-use-flive-patching-when-config_livepatch-is-enabled.patch
new file mode 100644
index 0000000000..f0687528f5
--- /dev/null
+++ b/patches.suse/kbuild-use-flive-patching-when-config_livepatch-is-enabled.patch
@@ -0,0 +1,44 @@
+From: Miroslav Benes <mbenes@suse.cz>
+Date: Thu, 4 Apr 2019 20:44:11 +0200
+Subject: kbuild: use -flive-patching when CONFIG_LIVEPATCH is enabled
+Git-commit: 43bd3a95c98e1a86b8b55d97f745c224ecff02b9
+Patch-mainline: v5.2-rc1
+References: bsc#1071995 fate#323487
+
+GCC 9 introduces a new option, -flive-patching. It disables certain
+optimizations which could make a compilation unsafe for later live
+patching of the running kernel.
+
+The option is used only if CONFIG_LIVEPATCH is enabled and $(CC)
+supports it.
+
+Performance impact of the option was measured on three different
+Intel machines - two bigger NUMA boxes and one smaller UMA box. Kernel
+intensive (IO, scheduling, networking) benchmarks were selected, plus a
+set of HPC workloads from NAS Parallel Benchmark. The tests were done on
+upstream kernel 5.0-rc8 with openSUSE Leap 15.0 userspace.
+
+The majority of the tests is unaffected. The only significant exception
+is the scheduler section which suffers 1-3% degradation.
+
+Evaluated-by: Giovanni Gherdovich <ggherdovich@suse.cz>
+Signed-off-by: Miroslav Benes <mbenes@suse.cz>
+Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Signed-off-by: Petr Mladek <pmladek@suse.com>
+---
+ Makefile | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/Makefile
++++ b/Makefile
+@@ -794,6 +794,10 @@ KBUILD_CFLAGS += $(call cc-option,-ffunc
+ KBUILD_CFLAGS += $(call cc-option,-fdata-sections,)
+ endif
+
++ifdef CONFIG_LIVEPATCH
++KBUILD_CFLAGS += $(call cc-option, -flive-patching=inline-clone)
++endif
++
+ # arch Makefile may override CC so keep this after arch Makefile is included
+ NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include)
+ CHECKFLAGS += $(NOSTDINC_FLAGS)
diff --git a/patches.suse/livepatch-remove-duplicate-warning-about-missing-reliable-stacktrace-support.patch b/patches.suse/livepatch-remove-duplicate-warning-about-missing-reliable-stacktrace-support.patch
new file mode 100644
index 0000000000..b6f666824e
--- /dev/null
+++ b/patches.suse/livepatch-remove-duplicate-warning-about-missing-reliable-stacktrace-support.patch
@@ -0,0 +1,37 @@
+From: Petr Mladek <pmladek@suse.com>
+Date: Tue, 11 Jun 2019 16:13:20 +0200
+Subject: livepatch: Remove duplicate warning about missing reliable stacktrace
+ support
+Git-commit: ac59a471e9371e3184425efd6a2fd8ac5c7e4c2b
+Patch-mainline: v5.3-rc1
+References: bsc#1071995 fate#323487
+
+WARN_ON_ONCE() could not be called safely under rq lock because
+of console deadlock issues. Moreover WARN_ON_ONCE() is superfluous in
+klp_check_stack(), because stack_trace_save_tsk_reliable() cannot return
+-ENOSYS thanks to klp_have_reliable_stack() check in
+klp_try_switch_task().
+
+[ mbenes: changelog edited ]
+[
+ mbenes (backport): the changelog corresponds to upstream. We did not backport
+ tglx's stack tracing changes. The reason for the change is still valid though.
+]
+Signed-off-by: Miroslav Benes <mbenes@suse.cz>
+Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Reviewed-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
+Signed-off-by: Petr Mladek <pmladek@suse.com>
+---
+ kernel/livepatch/transition.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/kernel/livepatch/transition.c
++++ b/kernel/livepatch/transition.c
+@@ -264,7 +264,6 @@ static int klp_check_stack(struct task_s
+ trace.max_entries = MAX_STACK_ENTRIES;
+ trace.entries = entries;
+ ret = save_stack_trace_tsk_reliable(task, &trace);
+- WARN_ON_ONCE(ret == -ENOSYS);
+ if (ret) {
+ snprintf(err_buf, STACK_ERR_BUF_SIZE,
+ "%s: %s:%d has an unreliable stack\n",
diff --git a/patches.suse/livepatch-use-static-buffer-for-debugging-messages-under-rq-lock.patch b/patches.suse/livepatch-use-static-buffer-for-debugging-messages-under-rq-lock.patch
new file mode 100644
index 0000000000..148ae78dbd
--- /dev/null
+++ b/patches.suse/livepatch-use-static-buffer-for-debugging-messages-under-rq-lock.patch
@@ -0,0 +1,45 @@
+From: Petr Mladek <pmladek@suse.com>
+Date: Fri, 31 May 2019 09:41:47 +0200
+Subject: livepatch: Use static buffer for debugging messages under rq lock
+Git-commit: f36e664516b02c7f54bbd3094bab047d54bb5488
+Patch-mainline: v5.3-rc1
+References: bsc#1071995 fate#323487
+
+The err_buf array uses 128 bytes of stack space. Move it off the stack
+by making it static. It's safe to use a shared buffer because
+klp_try_switch_task() is called under klp_mutex.
+
+Acked-by: Miroslav Benes <mbenes@suse.cz>
+Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Reviewed-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
+Signed-off-by: Petr Mladek <pmladek@suse.com>
+---
+ kernel/livepatch/transition.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c
+index c53370d596be..0a3889c4f617 100644
+--- a/kernel/livepatch/transition.c
++++ b/kernel/livepatch/transition.c
+@@ -293,11 +293,11 @@ static int klp_check_stack(struct task_struct *task, char *err_buf)
+ */
+ static bool klp_try_switch_task(struct task_struct *task)
+ {
++ static char err_buf[STACK_ERR_BUF_SIZE];
+ struct rq *rq;
+ struct rq_flags flags;
+ int ret;
+ bool success = false;
+- char err_buf[STACK_ERR_BUF_SIZE];
+
+ err_buf[0] = '\0';
+
+@@ -340,7 +340,6 @@ static bool klp_try_switch_task(struct task_struct *task)
+ pr_debug("%s", err_buf);
+
+ return success;
+-
+ }
+
+ /*
+
diff --git a/patches.suse/net-avoid-weird-emergency-message.patch b/patches.suse/net-avoid-weird-emergency-message.patch
new file mode 100644
index 0000000000..3b879b8766
--- /dev/null
+++ b/patches.suse/net-avoid-weird-emergency-message.patch
@@ -0,0 +1,36 @@
+From: Eric Dumazet <edumazet@google.com>
+Date: Thu, 16 May 2019 08:09:57 -0700
+Subject: net: avoid weird emergency message
+Git-commit: d7c04b05c9ca14c55309eb139430283a45c4c25f
+Patch-mainline: 5.2-rc2
+References: networking-stable-19_05_21
+
+When host is under high stress, it is very possible thread
+running netdev_wait_allrefs() returns from msleep(250)
+10 seconds late.
+
+This leads to these messages in the syslog :
+
+[...] unregister_netdevice: waiting for syz_tun to become free. Usage count = 0
+
+If the device refcount is zero, the wait is over.
+
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/core/dev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -7802,7 +7802,7 @@ static void netdev_wait_allrefs(struct n
+
+ refcnt = netdev_refcnt_read(dev);
+
+- if (time_after(jiffies, warning_time + 10 * HZ)) {
++ if (refcnt && time_after(jiffies, warning_time + 10 * HZ)) {
+ pr_emerg("unregister_netdevice: waiting for %s to become free. Usage count = %d\n",
+ dev->name, refcnt);
+ warning_time = jiffies;
diff --git a/patches.suse/net-mlx4_core-Change-the-error-print-to-info-print.patch b/patches.suse/net-mlx4_core-Change-the-error-print-to-info-print.patch
new file mode 100644
index 0000000000..b184ad0833
--- /dev/null
+++ b/patches.suse/net-mlx4_core-Change-the-error-print-to-info-print.patch
@@ -0,0 +1,30 @@
+From: Yunjian Wang <wangyunjian@huawei.com>
+Date: Tue, 14 May 2019 19:03:19 +0800
+Subject: net/mlx4_core: Change the error print to info print
+Git-commit: 00f9fec48157f3734e52130a119846e67a12314b
+Patch-mainline: 5.2-rc2
+References: networking-stable-19_05_21
+
+The error print within mlx4_flow_steer_promisc_add() should
+be a info print.
+
+Fixes: 592e49dda812 ('net/mlx4: Implement promiscuous mode with device managed flow-steering')
+Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
+Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/net/ethernet/mellanox/mlx4/mcg.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/mellanox/mlx4/mcg.c
++++ b/drivers/net/ethernet/mellanox/mlx4/mcg.c
+@@ -1490,7 +1490,7 @@ int mlx4_flow_steer_promisc_add(struct m
+ rule.port = port;
+ rule.qpn = qpn;
+ INIT_LIST_HEAD(&rule.list);
+- mlx4_err(dev, "going promisc on %x\n", port);
++ mlx4_info(dev, "going promisc on %x\n", port);
+
+ return mlx4_flow_attach(dev, &rule, regid_p);
+ }
diff --git a/patches.suse/net-seeq-fix-crash-caused-by-not-set-dev.parent.patch b/patches.suse/net-seeq-fix-crash-caused-by-not-set-dev.parent.patch
new file mode 100644
index 0000000000..c6dcbbdca3
--- /dev/null
+++ b/patches.suse/net-seeq-fix-crash-caused-by-not-set-dev.parent.patch
@@ -0,0 +1,28 @@
+From: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+Date: Mon, 13 May 2019 13:15:17 +0200
+Subject: net: seeq: fix crash caused by not set dev.parent
+Git-commit: 5afcd14cfc7fed1bcc8abcee2cef82732772bfc2
+Patch-mainline: 5.2-rc1
+References: networking-stable-19_05_14
+
+The old MIPS implementation of dma_cache_sync() didn't use the dev argument,
+but commit c9eb6172c328 ("dma-mapping: turn dma_cache_sync into a
+dma_map_ops method") changed that, so we now need to set dev.parent.
+
+Signed-off-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/net/ethernet/seeq/sgiseeq.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/ethernet/seeq/sgiseeq.c
++++ b/drivers/net/ethernet/seeq/sgiseeq.c
+@@ -734,6 +734,7 @@ static int sgiseeq_probe(struct platform
+ }
+
+ platform_set_drvdata(pdev, dev);
++ SET_NETDEV_DEV(dev, &pdev->dev);
+ sp = netdev_priv(dev);
+
+ /* Make private data page aligned */
diff --git a/patches.suse/net-usb-qmi_wwan-add-Telit-0x1260-and-0x1261-composi.patch b/patches.suse/net-usb-qmi_wwan-add-Telit-0x1260-and-0x1261-composi.patch
new file mode 100644
index 0000000000..557f27af58
--- /dev/null
+++ b/patches.suse/net-usb-qmi_wwan-add-Telit-0x1260-and-0x1261-composi.patch
@@ -0,0 +1,31 @@
+From: Daniele Palmas <dnlplm@gmail.com>
+Date: Wed, 15 May 2019 17:29:43 +0200
+Subject: net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+Git-commit: b4e467c82f8c12af78b6f6fa5730cb7dea7af1b4
+Patch-mainline: 5.2-rc2
+References: networking-stable-19_05_21
+
+Added support for Telit LE910Cx 0x1260 and 0x1261 compositions.
+
+Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
+Acked-by: Bjørn Mork <bjorn@mork.no>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/net/usb/qmi_wwan.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/usb/qmi_wwan.c
++++ b/drivers/net/usb/qmi_wwan.c
+@@ -1249,6 +1249,8 @@ static const struct usb_device_id produc
+ {QMI_FIXED_INTF(0x1bc7, 0x1101, 3)}, /* Telit ME910 dual modem */
+ {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1201, 2)}, /* Telit LE920, LE920A4 */
++ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1260, 2)}, /* Telit LE910Cx */
++ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1261, 2)}, /* Telit LE910Cx */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1900, 1)}, /* Telit LN940 series */
+ {QMI_FIXED_INTF(0x1c9e, 0x9801, 3)}, /* Telewell TW-3G HSPA+ */
+ {QMI_FIXED_INTF(0x1c9e, 0x9803, 4)}, /* Telewell TW-3G HSPA+ */
diff --git a/patches.suse/packet-Fix-error-path-in-packet_init.patch b/patches.suse/packet-Fix-error-path-in-packet_init.patch
new file mode 100644
index 0000000000..e0788eb843
--- /dev/null
+++ b/patches.suse/packet-Fix-error-path-in-packet_init.patch
@@ -0,0 +1,85 @@
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Thu, 9 May 2019 22:52:20 +0800
+Subject: packet: Fix error path in packet_init
+Git-commit: 36096f2f4fa05f7678bc87397665491700bae757
+Patch-mainline: 5.2-rc1
+References: networking-stable-19_05_14
+
+kernel BUG at lib/list_debug.c:47!
+invalid opcode: 0000 [#1
+CPU: 0 PID: 12914 Comm: rmmod Tainted: G W 5.1.0+ #47
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
+RIP: 0010:__list_del_entry_valid+0x53/0x90
+Code: 48 8b 32 48 39 fe 75 35 48 8b 50 08 48 39 f2 75 40 b8 01 00 00 00 5d c3 48
+89 fe 48 89 c2 48 c7 c7 18 75 fe 82 e8 cb 34 78 ff <0f> 0b 48 89 fe 48 c7 c7 50 75 fe 82 e8 ba 34 78 ff 0f 0b 48 89 f2
+RSP: 0018:ffffc90001c2fe40 EFLAGS: 00010286
+RAX: 000000000000004e RBX: ffffffffa0184000 RCX: 0000000000000000
+RDX: 0000000000000000 RSI: ffff888237a17788 RDI: 00000000ffffffff
+RBP: ffffc90001c2fe40 R08: 0000000000000000 R09: 0000000000000000
+R10: ffffc90001c2fe10 R11: 0000000000000000 R12: 0000000000000000
+R13: ffffc90001c2fe50 R14: ffffffffa0184000 R15: 0000000000000000
+FS: 00007f3d83634540(0000) GS:ffff888237a00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 0000555c350ea818 CR3: 0000000231677000 CR4: 00000000000006f0
+Call Trace:
+ unregister_pernet_operations+0x34/0x120
+ unregister_pernet_subsys+0x1c/0x30
+ packet_exit+0x1c/0x369 [af_packet
+ __x64_sys_delete_module+0x156/0x260
+ ? lockdep_hardirqs_on+0x133/0x1b0
+ ? do_syscall_64+0x12/0x1f0
+ do_syscall_64+0x6e/0x1f0
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+When modprobe af_packet, register_pernet_subsys
+fails and does a cleanup, ops->list is set to LIST_POISON1,
+but the module init is considered to success, then while rmmod it,
+BUG() is triggered in __list_del_entry_valid which is called from
+unregister_pernet_subsys. This patch fix error handing path in
+packet_init to avoid possilbe issue if some error occur.
+
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/packet/af_packet.c | 25 ++++++++++++++++++++-----
+ 1 file changed, 20 insertions(+), 5 deletions(-)
+
+--- a/net/packet/af_packet.c
++++ b/net/packet/af_packet.c
+@@ -4634,14 +4634,29 @@ static void __exit packet_exit(void)
+
+ static int __init packet_init(void)
+ {
+- int rc = proto_register(&packet_proto, 0);
++ int rc;
+
+- if (rc != 0)
++ rc = proto_register(&packet_proto, 0);
++ if (rc)
+ goto out;
++ rc = sock_register(&packet_family_ops);
++ if (rc)
++ goto out_proto;
++ rc = register_pernet_subsys(&packet_net_ops);
++ if (rc)
++ goto out_sock;
++ rc = register_netdevice_notifier(&packet_netdev_notifier);
++ if (rc)
++ goto out_pernet;
+
+- sock_register(&packet_family_ops);
+- register_pernet_subsys(&packet_net_ops);
+- register_netdevice_notifier(&packet_netdev_notifier);
++ return 0;
++
++out_pernet:
++ unregister_pernet_subsys(&packet_net_ops);
++out_sock:
++ sock_unregister(PF_PACKET);
++out_proto:
++ proto_unregister(&packet_proto);
+ out:
+ return rc;
+ }
diff --git a/patches.suse/ppp-deflate-Fix-possible-crash-in-deflate_init.patch b/patches.suse/ppp-deflate-Fix-possible-crash-in-deflate_init.patch
new file mode 100644
index 0000000000..2435ece591
--- /dev/null
+++ b/patches.suse/ppp-deflate-Fix-possible-crash-in-deflate_init.patch
@@ -0,0 +1,84 @@
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Tue, 14 May 2019 22:55:32 +0800
+Subject: ppp: deflate: Fix possible crash in deflate_init
+Git-commit: 3ebe1bca58c85325c97a22d4fc3f5b5420752e6f
+Patch-mainline: 5.2-rc2
+References: networking-stable-19_05_21
+
+BUG: unable to handle kernel paging request at ffffffffa018f000
+PGD 3270067 P4D 3270067 PUD 3271063 PMD 2307eb067 PTE 0
+Oops: 0000 [#1] PREEMPT SMP
+CPU: 0 PID: 4138 Comm: modprobe Not tainted 5.1.0-rc7+ #1
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
+rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
+RIP: 0010:ppp_register_compressor+0x3e/0xd0 [ppp_generic]
+Code: 98 4a 3f e2 48 8b 15 c1 67 00 00 41 8b 0c 24 48 81 fa 40 f0 19 a0
+75 0e eb 35 48 8b 12 48 81 fa 40 f0 19 a0 74
+RSP: 0018:ffffc90000d93c68 EFLAGS: 00010287
+RAX: ffffffffa018f000 RBX: ffffffffa01a3000 RCX: 000000000000001a
+RDX: ffff888230c750a0 RSI: 0000000000000000 RDI: ffffffffa019f000
+RBP: ffffc90000d93c80 R08: 0000000000000001 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa0194080
+R13: ffff88822ee1a700 R14: 0000000000000000 R15: ffffc90000d93e78
+FS: 00007f2339557540(0000) GS:ffff888237a00000(0000)
+knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: ffffffffa018f000 CR3: 000000022bde4000 CR4: 00000000000006f0
+Call Trace:
+ ? 0xffffffffa01a3000
+ deflate_init+0x11/0x1000 [ppp_deflate]
+ ? 0xffffffffa01a3000
+ do_one_initcall+0x6c/0x3cc
+ ? kmem_cache_alloc_trace+0x248/0x3b0
+ do_init_module+0x5b/0x1f1
+ load_module+0x1db1/0x2690
+ ? m_show+0x1d0/0x1d0
+ __do_sys_finit_module+0xc5/0xd0
+ __x64_sys_finit_module+0x15/0x20
+ do_syscall_64+0x6b/0x1d0
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+If ppp_deflate fails to register in deflate_init,
+module initialization failed out, however
+ppp_deflate_draft may has been regiestred and not
+unregistered before return.
+Then the seconed modprobe will trigger crash like this.
+
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Acked-by: Guillaume Nault <gnault@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/net/ppp/ppp_deflate.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/ppp/ppp_deflate.c
++++ b/drivers/net/ppp/ppp_deflate.c
+@@ -610,12 +610,20 @@ static struct compressor ppp_deflate_dra
+
+ static int __init deflate_init(void)
+ {
+- int answer = ppp_register_compressor(&ppp_deflate);
+- if (answer == 0)
+- printk(KERN_INFO
+- "PPP Deflate Compression module registered\n");
+- ppp_register_compressor(&ppp_deflate_draft);
+- return answer;
++ int rc;
++
++ rc = ppp_register_compressor(&ppp_deflate);
++ if (rc)
++ return rc;
++
++ rc = ppp_register_compressor(&ppp_deflate_draft);
++ if (rc) {
++ ppp_unregister_compressor(&ppp_deflate);
++ return rc;
++ }
++
++ pr_info("PPP Deflate Compression module registered\n");
++ return 0;
+ }
+
+ static void __exit deflate_cleanup(void)
diff --git a/patches.suse/revert-livepatch-remove-reliable-stacktrace-check-in-klp_try_switch_task.patch b/patches.suse/revert-livepatch-remove-reliable-stacktrace-check-in-klp_try_switch_task.patch
new file mode 100644
index 0000000000..4b7b47d72f
--- /dev/null
+++ b/patches.suse/revert-livepatch-remove-reliable-stacktrace-check-in-klp_try_switch_task.patch
@@ -0,0 +1,44 @@
+From: Miroslav Benes <mbenes@suse.cz>
+Date: Tue, 11 Jun 2019 16:13:19 +0200
+Subject: Revert "livepatch: Remove reliable stacktrace check in
+ klp_try_switch_task()"
+Git-commit: 67059d65f7da537c41513fc52e78eff096092b8c
+Patch-mainline: v5.3-rc1
+References: bsc#1071995 fate#323487
+
+This reverts commit 1d98a69e5cef3aeb68bcefab0e67e342d6bb4dad. Commit
+31adf2308f33 ("livepatch: Convert error about unsupported reliable
+stacktrace into a warning") weakened the enforcement for architectures
+to have reliable stack traces support. The system only warns now about
+it.
+
+It only makes sense to reintroduce the compile time checking in
+klp_try_switch_task() again and bail out early.
+
+Signed-off-by: Miroslav Benes <mbenes@suse.cz>
+Acked-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Reviewed-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
+Signed-off-by: Petr Mladek <pmladek@suse.com>
+---
+ kernel/livepatch/transition.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/kernel/livepatch/transition.c b/kernel/livepatch/transition.c
+index 0a3889c4f617..cb85dae09ce5 100644
+--- a/kernel/livepatch/transition.c
++++ b/kernel/livepatch/transition.c
+@@ -305,6 +305,13 @@ static bool klp_try_switch_task(struct task_struct *task)
+ if (task->patch_state == klp_target_state)
+ return true;
+
++ /*
++ * For arches which don't have reliable stack traces, we have to rely
++ * on other methods (e.g., switching tasks at kernel exit).
++ */
++ if (!klp_have_reliable_stack())
++ return false;
++
+ /*
+ * Now try to check the stack for any to-be-patched or to-be-unpatched
+ * functions. If all goes well, switch the task to the target patch
+
diff --git a/patches.suse/rtnetlink-always-put-IFLA_LINK-for-links-with-a-link.patch b/patches.suse/rtnetlink-always-put-IFLA_LINK-for-links-with-a-link.patch
new file mode 100644
index 0000000000..16dd82d7cc
--- /dev/null
+++ b/patches.suse/rtnetlink-always-put-IFLA_LINK-for-links-with-a-link.patch
@@ -0,0 +1,77 @@
+From: Sabrina Dubroca <sd@queasysnail.net>
+Date: Tue, 14 May 2019 15:12:19 +0200
+Subject: rtnetlink: always put IFLA_LINK for links with a link-netnsid
+Git-commit: feadc4b6cf42a53a8a93c918a569a0b7e62bd350
+Patch-mainline: 5.2-rc2
+References: networking-stable-19_05_21
+
+Currently, nla_put_iflink() doesn't put the IFLA_LINK attribute when
+iflink == ifindex.
+
+In some cases, a device can be created in a different netns with the
+same ifindex as its parent. That device will not dump its IFLA_LINK
+attribute, which can confuse some userspace software that expects it.
+For example, if the last ifindex created in init_net and foo are both
+8, these commands will trigger the issue:
+
+ ip link add parent type dummy # ifindex 9
+ ip link add link parent netns foo type macvlan # ifindex 9 in ns foo
+
+So, in case a device puts the IFLA_LINK_NETNSID attribute in a dump,
+always put the IFLA_LINK attribute as well.
+
+Thanks to Dan Winship for analyzing the original OpenShift bug down to
+the missing netlink attribute.
+
+v2: change Fixes tag, it's been here forever, as Nicolas Dichtel said
+ add Nicolas' ack
+v3: change Fixes tag
+ fix subject typo, spotted by Edward Cree
+
+[js] no inlines for the operations in 4.12. Do it directly in the code.
+
+Analyzed-by: Dan Winship <danw@redhat.com>
+Fixes: d8a5ec672768 ("[NET]: netlink support for moving devices between network namespaces.")
+Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
+Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/core/rtnetlink.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/net/core/rtnetlink.c
++++ b/net/core/rtnetlink.c
+@@ -1340,6 +1340,7 @@ static int rtnl_fill_ifinfo(struct sk_bu
+ struct nlattr *af_spec;
+ struct rtnl_af_ops *af_ops;
+ struct net_device *upper_dev = netdev_master_upper_dev_get(dev);
++ bool put_iflink = false;
+
+ ASSERT_RTNL();
+ nlh = nlmsg_put(skb, pid, seq, type, sizeof(*ifm), flags);
+@@ -1368,8 +1369,6 @@ static int rtnl_fill_ifinfo(struct sk_bu
+ #ifdef CONFIG_RPS
+ nla_put_u32(skb, IFLA_NUM_RX_QUEUES, dev->num_rx_queues) ||
+ #endif
+- (dev->ifindex != dev_get_iflink(dev) &&
+- nla_put_u32(skb, IFLA_LINK, dev_get_iflink(dev))) ||
+ (upper_dev &&
+ nla_put_u32(skb, IFLA_MASTER, upper_dev->ifindex)) ||
+ nla_put_u8(skb, IFLA_CARRIER, netif_carrier_ok(dev)) ||
+@@ -1449,9 +1448,15 @@ static int rtnl_fill_ifinfo(struct sk_bu
+
+ if (nla_put_s32(skb, IFLA_LINK_NETNSID, id))
+ goto nla_put_failure;
++
++ put_iflink = true;
+ }
+ }
+
++ if ((put_iflink || dev->ifindex != dev_get_iflink(dev)) &&
++ nla_put_u32(skb, IFLA_LINK, dev_get_iflink(dev)))
++ goto nla_put_failure;
++
+ if (!(af_spec = nla_nest_start(skb, IFLA_AF_SPEC)))
+ goto nla_put_failure;
+
diff --git a/patches.suse/tuntap-synchronize-through-tfiles-array-instead-of-t.patch b/patches.suse/tuntap-synchronize-through-tfiles-array-instead-of-t.patch
new file mode 100644
index 0000000000..ca23dbd2de
--- /dev/null
+++ b/patches.suse/tuntap-synchronize-through-tfiles-array-instead-of-t.patch
@@ -0,0 +1,53 @@
+From: Jason Wang <jasowang@redhat.com>
+Date: Wed, 8 May 2019 23:20:18 -0400
+Subject: tuntap: synchronize through tfiles array instead of tun->numqueues
+Git-commit: 9871a9e47a2646fe30ae7fd2e67668a8d30912f6
+Patch-mainline: 5.2-rc1
+References: networking-stable-19_05_14
+
+When a queue(tfile) is detached through __tun_detach(), we move the
+last enabled tfile to the position where detached one sit but don't
+NULL out last position. We expect to synchronize the datapath through
+tun->numqueues. Unfortunately, this won't work since we're lacking
+sufficient mechanism to order or synchronize the access to
+tun->numqueues.
+
+To fix this, NULL out the last position during detaching and check
+RCU protected tfile against NULL instead of checking tun->numqueues in
+datapath.
+
+[js] no XDP in TUN in 4.12
+
+Cc: YueHaibing <yuehaibing@huawei.com>
+Cc: Cong Wang <xiyou.wangcong@gmail.com>
+Cc: weiyongjun (A) <weiyongjun1@huawei.com>
+Cc: Eric Dumazet <eric.dumazet@gmail.com>
+Fixes: c8d68e6be1c3b ("tuntap: multiqueue support")
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Reviewed-by: Wei Yongjun <weiyongjun1@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ drivers/net/tun.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/tun.c
++++ b/drivers/net/tun.c
+@@ -551,6 +551,8 @@ static void __tun_detach(struct tun_file
+ tun->tfiles[tun->numqueues - 1]);
+ ntfile = rtnl_dereference(tun->tfiles[index]);
+ ntfile->queue_index = index;
++ rcu_assign_pointer(tun->tfiles[tun->numqueues - 1],
++ NULL);
+
+ --tun->numqueues;
+ if (clean) {
+@@ -866,7 +868,7 @@ static netdev_tx_t tun_net_xmit(struct s
+ numqueues = READ_ONCE(tun->numqueues);
+
+ /* Drop packet if interface is not attached */
+- if (txq >= numqueues)
++ if (!tfile)
+ goto drop;
+
+ #ifdef CONFIG_RPS
diff --git a/patches.suse/vrf-sit-mtu-should-not-be-updated-when-vrf-netdev-is.patch b/patches.suse/vrf-sit-mtu-should-not-be-updated-when-vrf-netdev-is.patch
new file mode 100644
index 0000000000..2d0a0497c9
--- /dev/null
+++ b/patches.suse/vrf-sit-mtu-should-not-be-updated-when-vrf-netdev-is.patch
@@ -0,0 +1,32 @@
+From: Stephen Suryaputra <ssuryaextr@gmail.com>
+Date: Mon, 6 May 2019 15:00:01 -0400
+Subject: vrf: sit mtu should not be updated when vrf netdev is the link
+Git-commit: ff6ab32bd4e073976e4d8797b4d514a172cfe6cb
+Patch-mainline: 5.2-rc1
+References: networking-stable-19_05_14
+
+VRF netdev mtu isn't typically set and have an mtu of 65536. When the
+link of a tunnel is set, the tunnel mtu is changed from 1480 to the link
+mtu minus tunnel header. In the case of VRF netdev is the link, then the
+tunnel mtu becomes 65516. So, fix it by not setting the tunnel mtu in
+this case.
+
+Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
+Reviewed-by: David Ahern <dsahern@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/ipv6/sit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -1073,7 +1073,7 @@ static void ipip6_tunnel_bind_dev(struct
+ if (!tdev && tunnel->parms.link)
+ tdev = __dev_get_by_index(tunnel->net, tunnel->parms.link);
+
+- if (tdev) {
++ if (tdev && !netif_is_l3_master(tdev)) {
+ int t_hlen = tunnel->hlen + sizeof(struct iphdr);
+
+ dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
diff --git a/patches.suse/vsock-virtio-free-packets-during-the-socket-release.patch b/patches.suse/vsock-virtio-free-packets-during-the-socket-release.patch
new file mode 100644
index 0000000000..4161d33a80
--- /dev/null
+++ b/patches.suse/vsock-virtio-free-packets-during-the-socket-release.patch
@@ -0,0 +1,40 @@
+From: Stefano Garzarella <sgarzare@redhat.com>
+Date: Fri, 17 May 2019 16:45:43 +0200
+Subject: vsock/virtio: free packets during the socket release
+Git-commit: ac03046ece2b158ebd204dfc4896fd9f39f0e6c8
+Patch-mainline: 5.2-rc2
+References: networking-stable-19_05_21
+
+When the socket is released, we should free all packets
+queued in the per-socket list in order to avoid a memory
+leak.
+
+Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+---
+ net/vmw_vsock/virtio_transport_common.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/net/vmw_vsock/virtio_transport_common.c
++++ b/net/vmw_vsock/virtio_transport_common.c
+@@ -787,12 +787,19 @@ static bool virtio_transport_close(struc
+
+ void virtio_transport_release(struct vsock_sock *vsk)
+ {
++ struct virtio_vsock_sock *vvs = vsk->trans;
++ struct virtio_vsock_pkt *pkt, *tmp;
+ struct sock *sk = &vsk->sk;
+ bool remove_sock = true;
+
+ lock_sock(sk);
+ if (sk->sk_type == SOCK_STREAM)
+ remove_sock = virtio_transport_close(vsk);
++
++ list_for_each_entry_safe(pkt, tmp, &vvs->rx_queue, list) {
++ list_del(&pkt->list);
++ virtio_transport_free_pkt(pkt);
++ }
+ release_sock(sk);
+
+ if (remove_sock)
diff --git a/series.conf b/series.conf
index 84797bbc8d..2221901a1b 100644
--- a/series.conf
+++ b/series.conf
@@ -14724,6 +14724,7 @@
patches.drivers/ibmvnic-Correct-goto-target-for-tx-irq-initializatio.patch
patches.drivers/ibmvnic-Fix-TX-descriptor-tracking.patch
patches.drivers/ibmvnic-Split-counters-for-scrq-pools-napi.patch
+ patches.fixes/bpf-x64-save-5-bytes-in-prologue-when-ebpf-insns-cam.patch
patches.drivers/ixgbe-remove-redundant-initialization-of-pool.patch
patches.drivers/ixgbe-Avoid-to-write-the-RETA-table-when-unnecessary.patch
patches.drivers/ixgbe-prevent-ptp_rx_hang-from-running-when-in-FILTE.patch
@@ -20623,6 +20624,7 @@
patches.suse/qmi_wwan-Add-support-for-Fibocom-NL678-series.patch
patches.drivers/qmi_wwan-Fix-qmap-header-retrieval-in-qmimux_rx_fixu.patch
patches.drivers/serial-sunsu-fix-refcount-leak.patch
+ patches.fixes/mm-page_alloc-fix-has_unmovable_pages-for-HugePages.patch
patches.fixes/procsysctl-dont-return-ENOMEM-on-lookup-when-a-table-is-unregistering.patch
patches.drivers/platform-x86-asus-wmi-Tell-the-EC-the-OS-will-handle.patch
patches.drivers/platform-x86-asus-nb-wmi-Map-0x35-to-KEY_SCREENLOCK.patch
@@ -22090,6 +22092,7 @@
patches.fixes/mm-add-try_get_page-helper-function.patch
patches.fixes/mm-prevent-get_user_pages-from-overflowing-page-refcount.patch
patches.fixes/fs-prevent-page-refcount-overflow-in-pipe_buf_get.patch
+ patches.fixes/kvm-mmu-Fix-overflow-on-kvm-mmu-page-limit-calculati.patch
patches.arch/revert-svm-fix-avic-incomplete-ipi-emulation
patches.arch/svm-avic-fix-invalidate-logical-apic-id-entry
patches.arch/kvm-x86-svm-make-sure-nmi-is-injected-after-nmi_singlestep
@@ -22247,6 +22250,7 @@
patches.fixes/0001-keys-safe-concurrent-user-session-uid-_keyring-acces.patch
patches.drivers/HID-logitech-hidpp-change-low-battery-level-threshol.patch
patches.drivers/HID-logitech-hidpp-use-RAP-instead-of-FAP-to-get-the.patch
+ patches.suse/kbuild-use-flive-patching-when-config_livepatch-is-enabled.patch
patches.suse/livepatch-convert-error-about-unsupported-reliable-stacktrace-into-a-warning.patch
patches.suse/livepatch-remove-custom-kobject-state-handling.patch
patches.suse/livepatch-remove-duplicated-code-for-early-initialization.patch
@@ -22332,7 +22336,9 @@
patches.drivers/brcm80211-potential-NULL-dereference-in-brcmf_cfg802.patch
patches.drivers/net-ena-fix-return-value-of-ena_com_config_llq_info.patch
patches.suse/neighbor-Call-__ipv4_neigh_lookup_noref-in-neigh_xmi.patch
+ patches.suse/dpaa_eth-fix-SG-frame-cleanup.patch
patches.suse/ipv4-Define-__ipv4_neigh_lookup_noref-when-CONFIG_IN.patch
+ patches.suse/vrf-sit-mtu-should-not-be-updated-when-vrf-netdev-is.patch
patches.fixes/0001-dt-bindings-net-Fix-a-typo-in-the-phy-mode-list-for-.patch
patches.drivers/usb-core-Add-PM-runtime-calls-to-usb_hcd_platform_sh.patch
patches.drivers/usb-storage-Set-virt_boundary_mask-to-avoid-SG-overf.patch
@@ -22432,8 +22438,11 @@
patches.drivers/clk-rockchip-Fix-video-codec-clocks-on-rk3288.patch
patches.drivers/clk-rockchip-Turn-on-aclk_dmac1-for-suspend-on-rk328.patch
patches.drivers/clk-tegra-Fix-PLLM-programming-on-Tegra124-when-PMC-.patch
+ patches.suse/ipv4-Fix-raw-socket-lookup-for-local-traffic.patch
+ patches.suse/tuntap-synchronize-through-tfiles-array-instead-of-t.patch
patches.suse/tipc-fix-hanging-clients-using-poll-with-EPOLLOUT-fl.patch
patches.fixes/vlan-disable-SIOCSHWTSTAMP-in-container.patch
+ patches.suse/packet-Fix-error-path-in-packet_init.patch
patches.arch/powerpc-numa-improve-control-of-topology-updates.patch
patches.arch/powerpc-numa-document-topology_updates_enabled-disab.patch
patches.arch/powerpc-powernv-idle-Restore-IAMR-after-idle.patch
@@ -22466,9 +22475,12 @@
patches.drivers/iommu-vt-d-don-t-request-page-request-irq-under-dmar_global_lock
patches.drivers/iommu-vt-d-set-intel_iommu_gfx_mapped-correctly
patches.drivers/iommu-vt-d-make-kernel-parameter-igfx_off-work-with-viommu
+ patches.suse/bridge-Fix-error-path-for-kobject_init_and_add.patch
patches.drivers/net-ibmvnic-Update-MAC-address-settings-after-adapte.patch
patches.drivers/net-ibmvnic-Update-carrier-state-after-link-state-ch.patch
patches.fixes/0011-netfilter-ebtables-CONFIG_COMPAT-reject-trailing-dat.patch
+ patches.suse/net-seeq-fix-crash-caused-by-not-set-dev.parent.patch
+ patches.suse/bonding-fix-arp_validate-toggling-in-active-backup-m.patch
patches.arch/x86-msr-index-cleanup-bit-defines.patch
patches.arch/x86-speculation-consolidate-cpu-whitelists.patch
patches.arch/x86-speculation-mds-add-basic-bug-infrastructure-for-mds.patch
@@ -22550,8 +22562,14 @@
patches.fixes/ext4-fix-data-corruption-caused-by-overlapping-unali.patch
patches.fixes/ext4-avoid-panic-during-forced-reboot-due-to-aborted.patch
patches.fixes/fs-writeback.c-use-rcu_barrier-to-wait-for-inflight-.patch
+ patches.suse/net-mlx4_core-Change-the-error-print-to-info-print.patch
+ patches.suse/rtnetlink-always-put-IFLA_LINK-for-links-with-a-link.patch
+ patches.suse/ppp-deflate-Fix-possible-crash-in-deflate_init.patch
patches.fixes/bpf-add-map_lookup_elem_sys_only-for-lookups-from-sy.patch
patches.fixes/bpf-lru-avoid-messing-with-eviction-heuristics-upon-.patch
+ patches.suse/net-usb-qmi_wwan-add-Telit-0x1260-and-0x1261-composi.patch
+ patches.suse/net-avoid-weird-emergency-message.patch
+ patches.suse/vsock-virtio-free-packets-during-the-socket-release.patch
patches.fixes/vsock-virtio-Initialize-core-virtio-vsock-before-reg.patch
patches.suse/btrfs-don-t-double-unlock-on-error-in-btrfs_punch_ho.patch
patches.suse/0001-btrfs-extent-tree-Fix-a-bug-that-btrfs-is-unable-to-.patch
@@ -22666,6 +22684,8 @@
patches.drivers/USB-Fix-chipmunk-like-voice-when-using-Logitech-C270.patch
patches.fixes/0001-usb-dwc2-host-Fix-wMaxPacketSize-handling-fix-webcam.patch
patches.drivers/usb-dwc2-Fix-DMA-cache-alignment-issues.patch
+ patches.drivers/usb-gadget-fusb300_udc-Fix-memory-leak-of-fusb300-ep.patch
+ patches.drivers/usb-gadget-udc-lpc32xx-allocate-descriptor-with-GFP_.patch
patches.drivers/USB-serial-option-add-support-for-Simcom-SIM7500-SIM.patch
patches.drivers/USB-serial-pl2303-add-Allied-Telesis-VT-Kit3.patch
patches.drivers/USB-serial-option-add-Telit-0x1260-and-0x1261-compos.patch
@@ -22692,6 +22712,7 @@
patches.drivers/qmi_wwan-add-network-device-usage-statistics-for-qmi.patch
patches.drivers/qmi_wwan-avoid-RCU-stalls-on-device-disconnect-when-.patch
patches.drivers/qmi_wwan-extend-permitted-QMAP-mux_id-value-range.patch
+ patches.fixes/bpf-x64-fix-stack-layout-of-JITed-bpf-code.patch
patches.fixes/ax25-fix-inconsistent-lock-state-in-ax25_destroy_tim.patch
patches.fixes/tcp-limit-payload-size-of-sacked-skbs.patch
patches.fixes/tcp-tcp_fragment-should-apply-sane-memory-limits.patch
@@ -22709,6 +22730,7 @@
patches.drivers/Bluetooth-Fix-regression-with-minimum-encryption-key.patch
patches.drivers/ppp-mppe-Add-softdep-to-arc4.patch
patches.drivers/qmi_wwan-Fix-out-of-bounds-read.patch
+ patches.suse/ipv4-Use-return-value-of-inet_iif-for-__raw_v4_looku.patch
patches.fixes/scsi-vmw_pscsi-Fix-use-after-free-in-pvscsi_queue_lc.patch
patches.fixes/Bluetooth-Fix-faulty-expression-for-minimum-encrypti.patch
patches.suse/ftrace-x86-remove-possible-deadlock-between-register_kprobe-and-ftrace_run_update_code.patch
@@ -22738,6 +22760,7 @@
patches.drivers/iommu-vt-d-handle-pci-bridge-rmrr-device-scopes-in-intel_iommu_get_resv_regions
patches.drivers/iommu-amd-make-iommu_disable-safer
patches.drivers/iommu-use-right-function-to-get-group-for-device
+ patches.fixes/0001-media-cpia2_usb-first-wake-up-then-free-in-disconnec.patch
patches.drivers/ASoC-add-support-for-Conexant-CX2072X-CODEC
patches.drivers/ASoC-Intel-Add-machine-driver-for-Cherrytrail-CX2072
patches.drivers/ASoC-cx2072x-fix-integer-overflow-on-unsigned-int-mu.patch
@@ -22745,6 +22768,9 @@
patches.drivers/ACPI-PM-Allow-transitions-to-D0-to-occur-in-special-.patch
patches.fixes/PCI-Do-not-poll-for-PME-if-the-device-is-in-D3cold.patch
patches.drivers/documentation-dma-api-fix-a-function-name-of-max_mapping_size
+ patches.suse/livepatch-use-static-buffer-for-debugging-messages-under-rq-lock.patch
+ patches.suse/revert-livepatch-remove-reliable-stacktrace-check-in-klp_try_switch_task.patch
+ patches.suse/livepatch-remove-duplicate-warning-about-missing-reliable-stacktrace-support.patch
# powerpc/linux next
patches.arch/powerpc-pseries-dlpar-Fix-a-missing-check-in-dlpar_p.patch
@@ -22803,6 +22829,8 @@
patches.kabi/kabi-drop-LINUX_MIB_TCPWQUEUETOOBIG-snmp-counter.patch
patches.kabi/kabi-move-sysctl_tcp_min_snd_mss-to-preserve-struct-.patch
patches.suse/block-Fix-a-NULL-pointer-dereference-in-generic_make.patch
+ patches.kabi/kabi-kvm-mmu-Fix-overflow-on-kvm-mmu-page-limit-calculati.patch
+ patches.suse/dasd_fba-Display-00000000-for-zero-page-when-dumping.patch
########################################################
# end of sorted patches