drop stuff already there and add 2 new ones
diff --git a/acpi-bus-fix-null-pointer-check-in-acpi_bus_get_private_data.patch b/acpi-bus-fix-null-pointer-check-in-acpi_bus_get_private_data.patch
deleted file mode 100644
index 7711a7e..0000000
--- a/acpi-bus-fix-null-pointer-check-in-acpi_bus_get_private_data.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 627ead724eff33673597216f5020b72118827de4 Mon Sep 17 00:00:00 2001
-From: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
-Date: Thu, 28 Nov 2019 15:58:29 +0530
-Subject: ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
-
-From: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
-
-commit 627ead724eff33673597216f5020b72118827de4 upstream.
-
-kmemleak reported backtrace:
-    [<bbee0454>] kmem_cache_alloc_trace+0x128/0x260
-    [<6677f215>] i2c_acpi_install_space_handler+0x4b/0xe0
-    [<1180f4fc>] i2c_register_adapter+0x186/0x400
-    [<6083baf7>] i2c_add_adapter+0x4e/0x70
-    [<a3ddf966>] intel_gmbus_setup+0x1a2/0x2c0 [i915]
-    [<84cb69ae>] i915_driver_probe+0x8d8/0x13a0 [i915]
-    [<81911d4b>] i915_pci_probe+0x48/0x160 [i915]
-    [<4b159af1>] pci_device_probe+0xdc/0x160
-    [<b3c64704>] really_probe+0x1ee/0x450
-    [<bc029f5a>] driver_probe_device+0x142/0x1b0
-    [<d8829d20>] device_driver_attach+0x49/0x50
-    [<de71f045>] __driver_attach+0xc9/0x150
-    [<df33ac83>] bus_for_each_dev+0x56/0xa0
-    [<80089bba>] driver_attach+0x19/0x20
-    [<cc73f583>] bus_add_driver+0x177/0x220
-    [<7b29d8c7>] driver_register+0x56/0xf0
-
-In i2c_acpi_remove_space_handler(), a leak occurs whenever the
-"data" parameter is initialized to 0 before being passed to
-acpi_bus_get_private_data().
-
-This is because the NULL pointer check in acpi_bus_get_private_data()
-(condition->if(!*data)) returns EINVAL and, in consequence, memory is
-never freed in i2c_acpi_remove_space_handler().
-
-Fix the NULL pointer check in acpi_bus_get_private_data() to follow
-the analogous check in acpi_get_data_full().
-
-Signed-off-by: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
-[ rjw: Subject & changelog ]
-Cc: All applicable <stable@vger.kernel.org>
-Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/acpi/bus.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/acpi/bus.c
-+++ b/drivers/acpi/bus.c
-@@ -158,7 +158,7 @@ int acpi_bus_get_private_data(acpi_handl
- {
- 	acpi_status status;
- 
--	if (!*data)
-+	if (!data)
- 		return -EINVAL;
- 
- 	status = acpi_get_data(handle, acpi_bus_private_data_handler, data);
diff --git a/acpi-pm-avoid-attaching-acpi-pm-domain-to-certain-devices.patch b/acpi-pm-avoid-attaching-acpi-pm-domain-to-certain-devices.patch
deleted file mode 100644
index 7691036..0000000
--- a/acpi-pm-avoid-attaching-acpi-pm-domain-to-certain-devices.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From b9ea0bae260f6aae546db224daa6ac1bd9d94b91 Mon Sep 17 00:00:00 2001
-From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
-Date: Wed, 4 Dec 2019 02:54:27 +0100
-Subject: ACPI: PM: Avoid attaching ACPI PM domain to certain devices
-
-From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-
-commit b9ea0bae260f6aae546db224daa6ac1bd9d94b91 upstream.
-
-Certain ACPI-enumerated devices represented as platform devices in
-Linux, like fans, require special low-level power management handling
-implemented by their drivers that is not in agreement with the ACPI
-PM domain behavior.  That leads to problems with managing ACPI fans
-during system-wide suspend and resume.
-
-For this reason, make acpi_dev_pm_attach() skip the affected devices
-by adding a list of device IDs to avoid to it and putting the IDs of
-the affected devices into that list.
-
-Fixes: e5cc8ef31267 (ACPI / PM: Provide ACPI PM callback routines for subsystems)
-Reported-by: Zhang Rui <rui.zhang@intel.com>
-Tested-by: Todd Brandt <todd.e.brandt@linux.intel.com>
-Cc: 3.10+ <stable@vger.kernel.org> # 3.10+
-Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/acpi/device_pm.c |   12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
---- a/drivers/acpi/device_pm.c
-+++ b/drivers/acpi/device_pm.c
-@@ -1102,9 +1102,19 @@ static void acpi_dev_pm_detach(struct de
-  */
- int acpi_dev_pm_attach(struct device *dev, bool power_on)
- {
-+	/*
-+	 * Skip devices whose ACPI companions match the device IDs below,
-+	 * because they require special power management handling incompatible
-+	 * with the generic ACPI PM domain.
-+	 */
-+	static const struct acpi_device_id special_pm_ids[] = {
-+		{"PNP0C0B", }, /* Generic ACPI fan */
-+		{"INT3404", }, /* Fan */
-+		{}
-+	};
- 	struct acpi_device *adev = ACPI_COMPANION(dev);
- 
--	if (!adev)
-+	if (!adev || !acpi_match_device_ids(adev, special_pm_ids))
- 		return -ENODEV;
- 
- 	if (dev->pm_domain)
diff --git a/ar5523-check-null-before-memcpy-in-ar5523_cmd.patch b/ar5523-check-null-before-memcpy-in-ar5523_cmd.patch
deleted file mode 100644
index f6bdaca..0000000
--- a/ar5523-check-null-before-memcpy-in-ar5523_cmd.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 315cee426f87658a6799815845788fde965ddaad Mon Sep 17 00:00:00 2001
-From: Denis Efremov <efremov@linux.com>
-Date: Mon, 30 Sep 2019 23:31:47 +0300
-Subject: ar5523: check NULL before memcpy() in ar5523_cmd()
-
-From: Denis Efremov <efremov@linux.com>
-
-commit 315cee426f87658a6799815845788fde965ddaad upstream.
-
-memcpy() call with "idata == NULL && ilen == 0" results in undefined
-behavior in ar5523_cmd(). For example, NULL is passed in callchain
-"ar5523_stat_work() -> ar5523_cmd_write() -> ar5523_cmd()". This patch
-adds ilen check before memcpy() call in ar5523_cmd() to prevent an
-undefined behavior.
-
-Cc: Pontus Fuchs <pontus.fuchs@gmail.com>
-Cc: Kalle Valo <kvalo@codeaurora.org>
-Cc: "David S. Miller" <davem@davemloft.net>
-Cc: David Laight <David.Laight@ACULAB.COM>
-Cc: stable@vger.kernel.org
-Signed-off-by: Denis Efremov <efremov@linux.com>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/net/wireless/ath/ar5523/ar5523.c |    3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
---- a/drivers/net/wireless/ath/ar5523/ar5523.c
-+++ b/drivers/net/wireless/ath/ar5523/ar5523.c
-@@ -255,7 +255,8 @@ static int ar5523_cmd(struct ar5523 *ar,
- 
- 	if (flags & AR5523_CMD_FLAG_MAGIC)
- 		hdr->magic = cpu_to_be32(1 << 24);
--	memcpy(hdr + 1, idata, ilen);
-+	if (ilen)
-+		memcpy(hdr + 1, idata, ilen);
- 
- 	cmd->odata = odata;
- 	cmd->olen = olen;
diff --git a/arm-dts-s3c64xx-fix-init-order-of-clock-providers.patch b/arm-dts-s3c64xx-fix-init-order-of-clock-providers.patch
deleted file mode 100644
index ba4d5a4..0000000
--- a/arm-dts-s3c64xx-fix-init-order-of-clock-providers.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From d60d0cff4ab01255b25375425745c3cff69558ad Mon Sep 17 00:00:00 2001
-From: Lihua Yao <ylhuajnu@outlook.com>
-Date: Tue, 10 Sep 2019 13:22:28 +0000
-Subject: ARM: dts: s3c64xx: Fix init order of clock providers
-
-From: Lihua Yao <ylhuajnu@outlook.com>
-
-commit d60d0cff4ab01255b25375425745c3cff69558ad upstream.
-
-fin_pll is the parent of clock-controller@7e00f000, specify
-the dependency to ensure proper initialization order of clock
-providers.
-
-without this patch:
-[    0.000000] S3C6410 clocks: apll = 0, mpll = 0
-[    0.000000]  epll = 0, arm_clk = 0
-
-with this patch:
-[    0.000000] S3C6410 clocks: apll = 532000000, mpll = 532000000
-[    0.000000]  epll = 24000000, arm_clk = 532000000
-
-Cc: <stable@vger.kernel.org>
-Fixes: 3f6d439f2022 ("clk: reverse default clk provider initialization order in of_clk_init()")
-Signed-off-by: Lihua Yao <ylhuajnu@outlook.com>
-Reviewed-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
-Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/arm/boot/dts/s3c6410-mini6410.dts |    4 ++++
- arch/arm/boot/dts/s3c6410-smdk6410.dts |    4 ++++
- 2 files changed, 8 insertions(+)
-
---- a/arch/arm/boot/dts/s3c6410-mini6410.dts
-+++ b/arch/arm/boot/dts/s3c6410-mini6410.dts
-@@ -167,6 +167,10 @@
- 	};
- };
- 
-+&clocks {
-+	clocks = <&fin_pll>;
-+};
-+
- &sdhci0 {
- 	pinctrl-names = "default";
- 	pinctrl-0 = <&sd0_clk>, <&sd0_cmd>, <&sd0_cd>, <&sd0_bus4>;
---- a/arch/arm/boot/dts/s3c6410-smdk6410.dts
-+++ b/arch/arm/boot/dts/s3c6410-smdk6410.dts
-@@ -71,6 +71,10 @@
- 	};
- };
- 
-+&clocks {
-+	clocks = <&fin_pll>;
-+};
-+
- &sdhci0 {
- 	pinctrl-names = "default";
- 	pinctrl-0 = <&sd0_clk>, <&sd0_cmd>, <&sd0_cd>, <&sd0_bus4>;
diff --git a/arm-tegra-fix-flow_ctlr_halt-register-clobbering-by-tegra_resume.patch b/arm-tegra-fix-flow_ctlr_halt-register-clobbering-by-tegra_resume.patch
deleted file mode 100644
index 4c6443e..0000000
--- a/arm-tegra-fix-flow_ctlr_halt-register-clobbering-by-tegra_resume.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From d70f7d31a9e2088e8a507194354d41ea10062994 Mon Sep 17 00:00:00 2001
-From: Dmitry Osipenko <digetx@gmail.com>
-Date: Tue, 30 Jul 2019 20:23:39 +0300
-Subject: ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
-
-From: Dmitry Osipenko <digetx@gmail.com>
-
-commit d70f7d31a9e2088e8a507194354d41ea10062994 upstream.
-
-There is an unfortunate typo in the code that results in writing to
-FLOW_CTLR_HALT instead of FLOW_CTLR_CSR.
-
-Cc: <stable@vger.kernel.org>
-Acked-by: Peter De Schrijver <pdeschrijver@nvidia.com>
-Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
-Signed-off-by: Thierry Reding <treding@nvidia.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/arm/mach-tegra/reset-handler.S |    6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/arch/arm/mach-tegra/reset-handler.S
-+++ b/arch/arm/mach-tegra/reset-handler.S
-@@ -56,16 +56,16 @@ ENTRY(tegra_resume)
- 	cmp	r6, #TEGRA20
- 	beq	1f				@ Yes
- 	/* Clear the flow controller flags for this CPU. */
--	cpu_to_csr_reg r1, r0
-+	cpu_to_csr_reg r3, r0
- 	mov32	r2, TEGRA_FLOW_CTRL_BASE
--	ldr	r1, [r2, r1]
-+	ldr	r1, [r2, r3]
- 	/* Clear event & intr flag */
- 	orr	r1, r1, \
- 		#FLOW_CTRL_CSR_INTR_FLAG | FLOW_CTRL_CSR_EVENT_FLAG
- 	movw	r0, #0x3FFD	@ enable, cluster_switch, immed, bitmaps
- 				@ & ext flags for CPU power mgnt
- 	bic	r1, r1, r0
--	str	r1, [r2]
-+	str	r1, [r2, r3]
- 1:
- 
- 	mov32	r9, 0xc09
diff --git a/asoc-jack-fix-null-pointer-dereference-in-snd_soc_jack_report.patch b/asoc-jack-fix-null-pointer-dereference-in-snd_soc_jack_report.patch
deleted file mode 100644
index 67eb4a3..0000000
--- a/asoc-jack-fix-null-pointer-dereference-in-snd_soc_jack_report.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 8f157d4ff039e03e2ed4cb602eeed2fd4687a58f Mon Sep 17 00:00:00 2001
-From: Pawel Harlozinski <pawel.harlozinski@linux.intel.com>
-Date: Tue, 12 Nov 2019 14:02:36 +0100
-Subject: ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
-
-From: Pawel Harlozinski <pawel.harlozinski@linux.intel.com>
-
-commit 8f157d4ff039e03e2ed4cb602eeed2fd4687a58f upstream.
-
-Check for existance of jack before tracing.
-NULL pointer dereference has been reported by KASAN while unloading
-machine driver (snd_soc_cnl_rt274).
-
-Signed-off-by: Pawel Harlozinski <pawel.harlozinski@linux.intel.com>
-Link: https://lore.kernel.org/r/20191112130237.10141-1-pawel.harlozinski@linux.intel.com
-Signed-off-by: Mark Brown <broonie@kernel.org>
-Cc: stable@vger.kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- sound/soc/soc-jack.c |    3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
---- a/sound/soc/soc-jack.c
-+++ b/sound/soc/soc-jack.c
-@@ -69,10 +69,9 @@ void snd_soc_jack_report(struct snd_soc_
- 	unsigned int sync = 0;
- 	int enable;
- 
--	trace_snd_soc_jack_report(jack, mask, status);
--
- 	if (!jack)
- 		return;
-+	trace_snd_soc_jack_report(jack, mask, status);
- 
- 	codec = jack->codec;
- 	dapm =  &codec->dapm;
diff --git a/cifs-respect-o_sync-and-o_direct-flags-during-reconnect.patch b/cifs-respect-o_sync-and-o_direct-flags-during-reconnect.patch
deleted file mode 100644
index 315ea94..0000000
--- a/cifs-respect-o_sync-and-o_direct-flags-during-reconnect.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 44805b0e62f15e90d233485420e1847133716bdc Mon Sep 17 00:00:00 2001
-From: Pavel Shilovsky <pshilov@microsoft.com>
-Date: Tue, 12 Nov 2019 17:16:35 -0800
-Subject: CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
-
-From: Pavel Shilovsky <pshilov@microsoft.com>
-
-commit 44805b0e62f15e90d233485420e1847133716bdc upstream.
-
-Currently the client translates O_SYNC and O_DIRECT flags
-into corresponding SMB create options when openning a file.
-The problem is that on reconnect when the file is being
-re-opened the client doesn't set those flags and it causes
-a server to reject re-open requests because create options
-don't match. The latter means that any subsequent system
-call against that open file fail until a share is re-mounted.
-
-Fix this by properly setting SMB create options when
-re-openning files after reconnects.
-
-Fixes: 1013e760d10e6: ("SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags")
-Cc: Stable <stable@vger.kernel.org>
-Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
-Signed-off-by: Steve French <stfrench@microsoft.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/cifs/file.c |    7 +++++++
- 1 file changed, 7 insertions(+)
-
---- a/fs/cifs/file.c
-+++ b/fs/cifs/file.c
-@@ -696,6 +696,13 @@ cifs_reopen_file(struct cifsFileInfo *cf
- 	if (backup_cred(cifs_sb))
- 		create_options |= CREATE_OPEN_BACKUP_INTENT;
- 
-+	/* O_SYNC also has bit for O_DSYNC so following check picks up either */
-+	if (cfile->f_flags & O_SYNC)
-+		create_options |= CREATE_WRITE_THROUGH;
-+
-+	if (cfile->f_flags & O_DIRECT)
-+		create_options |= CREATE_NO_BUFFER;
-+
- 	if (server->ops->get_lease_key)
- 		server->ops->get_lease_key(inode, &cfile->fid);
- 
diff --git a/cpuidle-do-not-unset-the-driver-if-it-is-there-already.patch b/cpuidle-do-not-unset-the-driver-if-it-is-there-already.patch
deleted file mode 100644
index 3fc653f..0000000
--- a/cpuidle-do-not-unset-the-driver-if-it-is-there-already.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 918c1fe9fbbe46fcf56837ff21f0ef96424e8b29 Mon Sep 17 00:00:00 2001
-From: Zhenzhong Duan <zhenzhong.duan@oracle.com>
-Date: Wed, 23 Oct 2019 09:57:14 +0800
-Subject: cpuidle: Do not unset the driver if it is there already
-
-From: Zhenzhong Duan <zhenzhong.duan@oracle.com>
-
-commit 918c1fe9fbbe46fcf56837ff21f0ef96424e8b29 upstream.
-
-Fix __cpuidle_set_driver() to check if any of the CPUs in the mask has
-a driver different from drv already and, if so, return -EBUSY before
-updating any cpuidle_drivers per-CPU pointers.
-
-Fixes: 82467a5a885d ("cpuidle: simplify multiple driver support")
-Cc: 3.11+ <stable@vger.kernel.org> # 3.11+
-Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
-[ rjw: Subject & changelog ]
-Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/cpuidle/driver.c |   15 +++++++--------
- 1 file changed, 7 insertions(+), 8 deletions(-)
-
---- a/drivers/cpuidle/driver.c
-+++ b/drivers/cpuidle/driver.c
-@@ -60,24 +60,23 @@ static inline void __cpuidle_unset_drive
-  * __cpuidle_set_driver - set per CPU driver variables for the given driver.
-  * @drv: a valid pointer to a struct cpuidle_driver
-  *
-- * For each CPU in the driver's cpumask, unset the registered driver per CPU
-- * to @drv.
-- *
-- * Returns 0 on success, -EBUSY if the CPUs have driver(s) already.
-+ * Returns 0 on success, -EBUSY if any CPU in the cpumask have a driver
-+ * different from drv already.
-  */
- static inline int __cpuidle_set_driver(struct cpuidle_driver *drv)
- {
- 	int cpu;
- 
- 	for_each_cpu(cpu, drv->cpumask) {
-+		struct cpuidle_driver *old_drv;
- 
--		if (__cpuidle_get_cpu_driver(cpu)) {
--			__cpuidle_unset_driver(drv);
-+		old_drv = __cpuidle_get_cpu_driver(cpu);
-+		if (old_drv && old_drv != drv)
- 			return -EBUSY;
--		}
-+	}
- 
-+	for_each_cpu(cpu, drv->cpumask)
- 		per_cpu(cpuidle_drivers, cpu) = drv;
--	}
- 
- 	return 0;
- }
diff --git a/drm-radeon-fix-r1xx-r2xx-register-checker-for-pot-textures.patch b/drm-radeon-fix-r1xx-r2xx-register-checker-for-pot-textures.patch
deleted file mode 100644
index df4f5a0..0000000
--- a/drm-radeon-fix-r1xx-r2xx-register-checker-for-pot-textures.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 008037d4d972c9c47b273e40e52ae34f9d9e33e7 Mon Sep 17 00:00:00 2001
-From: Alex Deucher <alexander.deucher@amd.com>
-Date: Tue, 26 Nov 2019 09:41:46 -0500
-Subject: drm/radeon: fix r1xx/r2xx register checker for POT textures
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Alex Deucher <alexander.deucher@amd.com>
-
-commit 008037d4d972c9c47b273e40e52ae34f9d9e33e7 upstream.
-
-Shift and mask were reversed.  Noticed by chance.
-
-Tested-by: Meelis Roos <mroos@linux.ee>
-Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
-Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
-Cc: stable@vger.kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/gpu/drm/radeon/r100.c |    4 ++--
- drivers/gpu/drm/radeon/r200.c |    4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
---- a/drivers/gpu/drm/radeon/r100.c
-+++ b/drivers/gpu/drm/radeon/r100.c
-@@ -1826,8 +1826,8 @@ static int r100_packet0_check(struct rad
- 			track->textures[i].use_pitch = 1;
- 		} else {
- 			track->textures[i].use_pitch = 0;
--			track->textures[i].width = 1 << ((idx_value >> RADEON_TXFORMAT_WIDTH_SHIFT) & RADEON_TXFORMAT_WIDTH_MASK);
--			track->textures[i].height = 1 << ((idx_value >> RADEON_TXFORMAT_HEIGHT_SHIFT) & RADEON_TXFORMAT_HEIGHT_MASK);
-+			track->textures[i].width = 1 << ((idx_value & RADEON_TXFORMAT_WIDTH_MASK) >> RADEON_TXFORMAT_WIDTH_SHIFT);
-+			track->textures[i].height = 1 << ((idx_value & RADEON_TXFORMAT_HEIGHT_MASK) >> RADEON_TXFORMAT_HEIGHT_SHIFT);
- 		}
- 		if (idx_value & RADEON_TXFORMAT_CUBIC_MAP_ENABLE)
- 			track->textures[i].tex_coord_type = 2;
---- a/drivers/gpu/drm/radeon/r200.c
-+++ b/drivers/gpu/drm/radeon/r200.c
-@@ -476,8 +476,8 @@ int r200_packet0_check(struct radeon_cs_
- 			track->textures[i].use_pitch = 1;
- 		} else {
- 			track->textures[i].use_pitch = 0;
--			track->textures[i].width = 1 << ((idx_value >> RADEON_TXFORMAT_WIDTH_SHIFT) & RADEON_TXFORMAT_WIDTH_MASK);
--			track->textures[i].height = 1 << ((idx_value >> RADEON_TXFORMAT_HEIGHT_SHIFT) & RADEON_TXFORMAT_HEIGHT_MASK);
-+			track->textures[i].width = 1 << ((idx_value & RADEON_TXFORMAT_WIDTH_MASK) >> RADEON_TXFORMAT_WIDTH_SHIFT);
-+			track->textures[i].height = 1 << ((idx_value & RADEON_TXFORMAT_HEIGHT_MASK) >> RADEON_TXFORMAT_HEIGHT_SHIFT);
- 		}
- 		if (idx_value & R200_TXFORMAT_LOOKUP_DISABLE)
- 			track->textures[i].lookup_disable = true;
diff --git a/ext4-check-for-directory-entries-too-close-to-block-end.patch b/ext4-check-for-directory-entries-too-close-to-block-end.patch
new file mode 100644
index 0000000..9cd4fd4
--- /dev/null
+++ b/ext4-check-for-directory-entries-too-close-to-block-end.patch
@@ -0,0 +1,39 @@
+From 109ba779d6cca2d519c5dd624a3276d03e21948e Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Mon, 2 Dec 2019 18:02:13 +0100
+Subject: ext4: check for directory entries too close to block end
+
+From: Jan Kara <jack@suse.cz>
+
+commit 109ba779d6cca2d519c5dd624a3276d03e21948e upstream.
+
+ext4_check_dir_entry() currently does not catch a case when a directory
+entry ends so close to the block end that the header of the next
+directory entry would not fit in the remaining space. This can lead to
+directory iteration code trying to access address beyond end of current
+buffer head leading to oops.
+
+CC: stable@vger.kernel.org
+Signed-off-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20191202170213.4761-3-jack@suse.cz
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/dir.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/fs/ext4/dir.c
++++ b/fs/ext4/dir.c
+@@ -78,6 +78,11 @@ int __ext4_check_dir_entry(const char *f
+ 		error_msg = "rec_len is too small for name_len";
+ 	else if (unlikely(((char *) de - buf) + rlen > size))
+ 		error_msg = "directory entry overrun";
++	else if (unlikely(((char *) de - buf) + rlen >
++			  size - EXT4_DIR_REC_LEN(1) &&
++			  ((char *) de - buf) + rlen != size)) {
++		error_msg = "directory entry too close to block end";
++	}
+ 	else if (unlikely(le32_to_cpu(de->inode) >
+ 			le32_to_cpu(EXT4_SB(dir->i_sb)->s_es->s_inodes_count)))
+ 		error_msg = "inode out of bounds";
diff --git a/inet-protect-against-too-small-mtu-values.patch b/inet-protect-against-too-small-mtu-values.patch
deleted file mode 100644
index d172ec6..0000000
--- a/inet-protect-against-too-small-mtu-values.patch
+++ /dev/null
@@ -1,176 +0,0 @@
-From foo@baz Tue 17 Dec 2019 09:44:32 PM CET
-From: Eric Dumazet <edumazet@google.com>
-Date: Thu, 5 Dec 2019 20:43:46 -0800
-Subject: inet: protect against too small mtu values.
-
-From: Eric Dumazet <edumazet@google.com>
-
-[ Upstream commit 501a90c945103e8627406763dac418f20f3837b2 ]
-
-syzbot was once again able to crash a host by setting a very small mtu
-on loopback device.
-
-Let's make inetdev_valid_mtu() available in include/net/ip.h,
-and use it in ip_setup_cork(), so that we protect both ip_append_page()
-and __ip_append_data()
-
-Also add a READ_ONCE() when the device mtu is read.
-
-Pairs this lockless read with one WRITE_ONCE() in __dev_set_mtu(),
-even if other code paths might write over this field.
-
-Add a big comment in include/linux/netdevice.h about dev->mtu
-needing READ_ONCE()/WRITE_ONCE() annotations.
-
-Hopefully we will add the missing ones in followup patches.
-
-[1]
-
-refcount_t: saturated; leaking memory.
-WARNING: CPU: 0 PID: 9464 at lib/refcount.c:22 refcount_warn_saturate+0x138/0x1f0 lib/refcount.c:22
-Kernel panic - not syncing: panic_on_warn set ...
-CPU: 0 PID: 9464 Comm: syz-executor850 Not tainted 5.4.0-syzkaller #0
-Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
-Call Trace:
- __dump_stack lib/dump_stack.c:77 [inline]
- dump_stack+0x197/0x210 lib/dump_stack.c:118
- panic+0x2e3/0x75c kernel/panic.c:221
- __warn.cold+0x2f/0x3e kernel/panic.c:582
- report_bug+0x289/0x300 lib/bug.c:195
- fixup_bug arch/x86/kernel/traps.c:174 [inline]
- fixup_bug arch/x86/kernel/traps.c:169 [inline]
- do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267
- do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286
- invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
-RIP: 0010:refcount_warn_saturate+0x138/0x1f0 lib/refcount.c:22
-Code: 06 31 ff 89 de e8 c8 f5 e6 fd 84 db 0f 85 6f ff ff ff e8 7b f4 e6 fd 48 c7 c7 e0 71 4f 88 c6 05 56 a6 a4 06 01 e8 c7 a8 b7 fd <0f> 0b e9 50 ff ff ff e8 5c f4 e6 fd 0f b6 1d 3d a6 a4 06 31 ff 89
-RSP: 0018:ffff88809689f550 EFLAGS: 00010286
-RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
-RDX: 0000000000000000 RSI: ffffffff815e4336 RDI: ffffed1012d13e9c
-RBP: ffff88809689f560 R08: ffff88809c50a3c0 R09: fffffbfff15d31b1
-R10: fffffbfff15d31b0 R11: ffffffff8ae98d87 R12: 0000000000000001
-R13: 0000000000040100 R14: ffff888099041104 R15: ffff888218d96e40
- refcount_add include/linux/refcount.h:193 [inline]
- skb_set_owner_w+0x2b6/0x410 net/core/sock.c:1999
- sock_wmalloc+0xf1/0x120 net/core/sock.c:2096
- ip_append_page+0x7ef/0x1190 net/ipv4/ip_output.c:1383
- udp_sendpage+0x1c7/0x480 net/ipv4/udp.c:1276
- inet_sendpage+0xdb/0x150 net/ipv4/af_inet.c:821
- kernel_sendpage+0x92/0xf0 net/socket.c:3794
- sock_sendpage+0x8b/0xc0 net/socket.c:936
- pipe_to_sendpage+0x2da/0x3c0 fs/splice.c:458
- splice_from_pipe_feed fs/splice.c:512 [inline]
- __splice_from_pipe+0x3ee/0x7c0 fs/splice.c:636
- splice_from_pipe+0x108/0x170 fs/splice.c:671
- generic_splice_sendpage+0x3c/0x50 fs/splice.c:842
- do_splice_from fs/splice.c:861 [inline]
- direct_splice_actor+0x123/0x190 fs/splice.c:1035
- splice_direct_to_actor+0x3b4/0xa30 fs/splice.c:990
- do_splice_direct+0x1da/0x2a0 fs/splice.c:1078
- do_sendfile+0x597/0xd00 fs/read_write.c:1464
- __do_sys_sendfile64 fs/read_write.c:1525 [inline]
- __se_sys_sendfile64 fs/read_write.c:1511 [inline]
- __x64_sys_sendfile64+0x1dd/0x220 fs/read_write.c:1511
- do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
- entry_SYSCALL_64_after_hwframe+0x49/0xbe
-RIP: 0033:0x441409
-Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
-RSP: 002b:00007fffb64c4f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
-RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441409
-RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005
-RBP: 0000000000073b8a R08: 0000000000000010 R09: 0000000000000010
-R10: 0000000000010001 R11: 0000000000000246 R12: 0000000000402180
-R13: 0000000000402210 R14: 0000000000000000 R15: 0000000000000000
-Kernel Offset: disabled
-Rebooting in 86400 seconds..
-
-Fixes: 1470ddf7f8ce ("inet: Remove explicit write references to sk/inet in ip_append_data")
-Signed-off-by: Eric Dumazet <edumazet@google.com>
-Reported-by: syzbot <syzkaller@googlegroups.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- include/linux/netdevice.h |    5 +++++
- include/net/ip.h          |    5 +++++
- net/core/dev.c            |    3 ++-
- net/ipv4/devinet.c        |    5 -----
- net/ipv4/ip_output.c      |   14 +++++++++-----
- 5 files changed, 21 insertions(+), 11 deletions(-)
-
---- a/include/linux/netdevice.h
-+++ b/include/linux/netdevice.h
-@@ -1537,6 +1537,11 @@ struct net_device {
- 	unsigned char		if_port;
- 	unsigned char		dma;
- 
-+	/* Note : dev->mtu is often read without holding a lock.
-+	 * Writers usually hold RTNL.
-+	 * It is recommended to use READ_ONCE() to annotate the reads,
-+	 * and to use WRITE_ONCE() to annotate the writes.
-+	 */
- 	unsigned int		mtu;
- 	unsigned short		type;
- 	unsigned short		hard_header_len;
---- a/include/net/ip.h
-+++ b/include/net/ip.h
-@@ -558,4 +558,9 @@ extern int sysctl_icmp_msgs_burst;
- int ip_misc_proc_init(void);
- #endif
- 
-+static inline bool inetdev_valid_mtu(unsigned int mtu)
-+{
-+	return likely(mtu >= IPV4_MIN_MTU);
-+}
-+
- #endif	/* _IP_H */
---- a/net/core/dev.c
-+++ b/net/core/dev.c
-@@ -5723,7 +5723,8 @@ static int __dev_set_mtu(struct net_devi
- 	if (ops->ndo_change_mtu)
- 		return ops->ndo_change_mtu(dev, new_mtu);
- 
--	dev->mtu = new_mtu;
-+	/* Pairs with all the lockless reads of dev->mtu in the stack */
-+	WRITE_ONCE(dev->mtu, new_mtu);
- 	return 0;
- }
- 
---- a/net/ipv4/devinet.c
-+++ b/net/ipv4/devinet.c
-@@ -1326,11 +1326,6 @@ skip:
- 	}
- }
- 
--static bool inetdev_valid_mtu(unsigned int mtu)
--{
--	return mtu >= IPV4_MIN_MTU;
--}
--
- static void inetdev_send_gratuitous_arp(struct net_device *dev,
- 					struct in_device *in_dev)
- 
---- a/net/ipv4/ip_output.c
-+++ b/net/ipv4/ip_output.c
-@@ -1112,13 +1112,17 @@ static int ip_setup_cork(struct sock *sk
- 	rt = *rtp;
- 	if (unlikely(!rt))
- 		return -EFAULT;
--	/*
--	 * We steal reference to this route, caller should not release it
--	 */
--	*rtp = NULL;
-+
- 	cork->fragsize = ip_sk_use_pmtu(sk) ?
--			 dst_mtu(&rt->dst) : rt->dst.dev->mtu;
-+			 dst_mtu(&rt->dst) : READ_ONCE(rt->dst.dev->mtu);
-+
-+	if (!inetdev_valid_mtu(cork->fragsize))
-+		return -ENETUNREACH;
-+
- 	cork->dst = &rt->dst;
-+	/* We stole this route, caller should not release it. */
-+	*rtp = NULL;
-+
- 	cork->length = 0;
- 	cork->ttl = ipc->ttl;
- 	cork->tos = ipc->tos;
diff --git a/lib-raid6-fix-awk-build-warnings.patch b/lib-raid6-fix-awk-build-warnings.patch
deleted file mode 100644
index 009d71d..0000000
--- a/lib-raid6-fix-awk-build-warnings.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 702600eef73033ddd4eafcefcbb6560f3e3a90f7 Mon Sep 17 00:00:00 2001
-From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Date: Fri, 6 Dec 2019 16:26:00 +0100
-Subject: lib: raid6: fix awk build warnings
-
-From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
-commit 702600eef73033ddd4eafcefcbb6560f3e3a90f7 upstream.
-
-Newer versions of awk spit out these fun warnings:
-	awk: ../lib/raid6/unroll.awk:16: warning: regexp escape sequence `\#' is not a known regexp operator
-
-As commit 700c1018b86d ("x86/insn: Fix awk regexp warnings") showed, it
-turns out that there are a number of awk strings that do not need to be
-escaped and newer versions of awk now warn about this.
-
-Fix the string up so that no warning is produced.  The exact same kernel
-module gets created before and after this patch, showing that it wasn't
-needed.
-
-Link: https://lore.kernel.org/r/20191206152600.GA75093@kroah.com
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- lib/raid6/unroll.awk |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/lib/raid6/unroll.awk
-+++ b/lib/raid6/unroll.awk
-@@ -13,7 +13,7 @@ BEGIN {
- 	for (i = 0; i < rep; ++i) {
- 		tmp = $0
- 		gsub(/\$\$/, i, tmp)
--		gsub(/\$\#/, n, tmp)
-+		gsub(/\$#/, n, tmp)
- 		gsub(/\$\*/, "$", tmp)
- 		print tmp
- 	}
diff --git a/media-radio-wl1273-fix-interrupt-masking-on-release.patch b/media-radio-wl1273-fix-interrupt-masking-on-release.patch
deleted file mode 100644
index 75ef2f1..0000000
--- a/media-radio-wl1273-fix-interrupt-masking-on-release.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 1091eb830627625dcf79958d99353c2391f41708 Mon Sep 17 00:00:00 2001
-From: Johan Hovold <johan@kernel.org>
-Date: Thu, 10 Oct 2019 10:13:32 -0300
-Subject: media: radio: wl1273: fix interrupt masking on release
-
-From: Johan Hovold <johan@kernel.org>
-
-commit 1091eb830627625dcf79958d99353c2391f41708 upstream.
-
-If a process is interrupted while accessing the radio device and the
-core lock is contended, release() could return early and fail to update
-the interrupt mask.
-
-Note that the return value of the v4l2 release file operation is
-ignored.
-
-Fixes: 87d1a50ce451 ("[media] V4L2: WL1273 FM Radio: TI WL1273 FM radio driver")
-Cc: stable <stable@vger.kernel.org>     # 2.6.38
-Cc: Matti Aaltonen <matti.j.aaltonen@nokia.com>
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
-Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/media/radio/radio-wl1273.c |    3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
---- a/drivers/media/radio/radio-wl1273.c
-+++ b/drivers/media/radio/radio-wl1273.c
-@@ -1142,8 +1142,7 @@ static int wl1273_fm_fops_release(struct
- 	if (radio->rds_users > 0) {
- 		radio->rds_users--;
- 		if (radio->rds_users == 0) {
--			if (mutex_lock_interruptible(&core->lock))
--				return -EINTR;
-+			mutex_lock(&core->lock);
- 
- 			radio->irq_flags &= ~WL1273_RDS_EVENT;
- 
diff --git a/mm-shmem.c-cast-the-type-of-unmap_start-to-u64.patch b/mm-shmem.c-cast-the-type-of-unmap_start-to-u64.patch
deleted file mode 100644
index 3f67e3d..0000000
--- a/mm-shmem.c-cast-the-type-of-unmap_start-to-u64.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From aa71ecd8d86500da6081a72da6b0b524007e0627 Mon Sep 17 00:00:00 2001
-From: Chen Jun <chenjun102@huawei.com>
-Date: Sat, 30 Nov 2019 17:58:11 -0800
-Subject: mm/shmem.c: cast the type of unmap_start to u64
-
-From: Chen Jun <chenjun102@huawei.com>
-
-commit aa71ecd8d86500da6081a72da6b0b524007e0627 upstream.
-
-In 64bit system. sb->s_maxbytes of shmem filesystem is MAX_LFS_FILESIZE,
-which equal LLONG_MAX.
-
-If offset > LLONG_MAX - PAGE_SIZE, offset + len < LLONG_MAX in
-shmem_fallocate, which will pass the checking in vfs_fallocate.
-
-	/* Check for wrap through zero too */
-	if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0))
-		return -EFBIG;
-
-loff_t unmap_start = round_up(offset, PAGE_SIZE) in shmem_fallocate
-causes a overflow.
-
-Syzkaller reports a overflow problem in mm/shmem:
-
-  UBSAN: Undefined behaviour in mm/shmem.c:2014:10
-  signed integer overflow: '9223372036854775807 + 1' cannot be represented in type 'long long int'
-  CPU: 0 PID:17076 Comm: syz-executor0 Not tainted 4.1.46+ #1
-  Hardware name: linux, dummy-virt (DT)
-  Call trace:
-     dump_backtrace+0x0/0x2c8 arch/arm64/kernel/traps.c:100
-     show_stack+0x20/0x30 arch/arm64/kernel/traps.c:238
-     __dump_stack lib/dump_stack.c:15 [inline]
-     ubsan_epilogue+0x18/0x70 lib/ubsan.c:164
-     handle_overflow+0x158/0x1b0 lib/ubsan.c:195
-     shmem_fallocate+0x6d0/0x820 mm/shmem.c:2104
-     vfs_fallocate+0x238/0x428 fs/open.c:312
-     SYSC_fallocate fs/open.c:335 [inline]
-     SyS_fallocate+0x54/0xc8 fs/open.c:239
-
-The highest bit of unmap_start will be appended with sign bit 1
-(overflow) when calculate shmem_falloc.start:
-
-    shmem_falloc.start = unmap_start >> PAGE_SHIFT.
-
-Fix it by casting the type of unmap_start to u64, when right shifted.
-
-This bug is found in LTS Linux 4.1.  It also seems to exist in mainline.
-
-Link: http://lkml.kernel.org/r/1573867464-5107-1-git-send-email-chenjun102@huawei.com
-Signed-off-by: Chen Jun <chenjun102@huawei.com>
-Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
-Cc: Hugh Dickins <hughd@google.com>
-Cc: Qian Cai <cai@lca.pw>
-Cc: Kefeng Wang <wangkefeng.wang@huawei.com>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- mm/shmem.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/mm/shmem.c
-+++ b/mm/shmem.c
-@@ -2079,7 +2079,7 @@ static long shmem_fallocate(struct file
- 		}
- 
- 		shmem_falloc.waitq = &shmem_falloc_waitq;
--		shmem_falloc.start = unmap_start >> PAGE_SHIFT;
-+		shmem_falloc.start = (u64)unmap_start >> PAGE_SHIFT;
- 		shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
- 		spin_lock(&inode->i_lock);
- 		inode->i_private = &shmem_falloc;
diff --git a/mtd-spear_smi-fix-write-burst-mode.patch b/mtd-spear_smi-fix-write-burst-mode.patch
deleted file mode 100644
index 12e89ae..0000000
--- a/mtd-spear_smi-fix-write-burst-mode.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 69c7f4618c16b4678f8a4949b6bb5ace259c0033 Mon Sep 17 00:00:00 2001
-From: Miquel Raynal <miquel.raynal@bootlin.com>
-Date: Tue, 22 Oct 2019 16:58:59 +0200
-Subject: mtd: spear_smi: Fix Write Burst mode
-
-From: Miquel Raynal <miquel.raynal@bootlin.com>
-
-commit 69c7f4618c16b4678f8a4949b6bb5ace259c0033 upstream.
-
-Any write with either dd or flashcp to a device driven by the
-spear_smi.c driver will pass through the spear_smi_cpy_toio()
-function. This function will get called for chunks of up to 256 bytes.
-If the amount of data is smaller, we may have a problem if the data
-length is not 4-byte aligned. In this situation, the kernel panics
-during the memcpy:
-
-    # dd if=/dev/urandom bs=1001 count=1 of=/dev/mtd6
-    spear_smi_cpy_toio [620] dest c9070000, src c7be8800, len 256
-    spear_smi_cpy_toio [620] dest c9070100, src c7be8900, len 256
-    spear_smi_cpy_toio [620] dest c9070200, src c7be8a00, len 256
-    spear_smi_cpy_toio [620] dest c9070300, src c7be8b00, len 233
-    Unhandled fault: external abort on non-linefetch (0x808) at 0xc90703e8
-    [...]
-    PC is at memcpy+0xcc/0x330
-
-The above error occurs because the implementation of memcpy_toio()
-tries to optimize the number of I/O by writing 4 bytes at a time as
-much as possible, until there are less than 4 bytes left and then
-switches to word or byte writes.
-
-Unfortunately, the specification states about the Write Burst mode:
-
-        "the next AHB Write request should point to the next
-	incremented address and should have the same size (byte,
-	half-word or word)"
-
-This means ARM architecture implementation of memcpy_toio() cannot
-reliably be used blindly here. Workaround this situation by update the
-write path to stick to byte access when the burst length is not
-multiple of 4.
-
-Fixes: f18dbbb1bfe0 ("mtd: ST SPEAr: Add SMI driver for serial NOR flash")
-Cc: Russell King <linux@armlinux.org.uk>
-Cc: Boris Brezillon <boris.brezillon@collabora.com>
-Cc: stable@vger.kernel.org
-Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
-Reviewed-by: Russell King <rmk+kernel@armlinux.org.uk>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/mtd/devices/spear_smi.c |   38 +++++++++++++++++++++++++++++++++++++-
- 1 file changed, 37 insertions(+), 1 deletion(-)
-
---- a/drivers/mtd/devices/spear_smi.c
-+++ b/drivers/mtd/devices/spear_smi.c
-@@ -595,6 +595,26 @@ static int spear_mtd_read(struct mtd_inf
- 	return 0;
- }
- 
-+/*
-+ * The purpose of this function is to ensure a memcpy_toio() with byte writes
-+ * only. Its structure is inspired from the ARM implementation of _memcpy_toio()
-+ * which also does single byte writes but cannot be used here as this is just an
-+ * implementation detail and not part of the API. Not mentioning the comment
-+ * stating that _memcpy_toio() should be optimized.
-+ */
-+static void spear_smi_memcpy_toio_b(volatile void __iomem *dest,
-+				    const void *src, size_t len)
-+{
-+	const unsigned char *from = src;
-+
-+	while (len) {
-+		len--;
-+		writeb(*from, dest);
-+		from++;
-+		dest++;
-+	}
-+}
-+
- static inline int spear_smi_cpy_toio(struct spear_smi *dev, u32 bank,
- 		void __iomem *dest, const void *src, size_t len)
- {
-@@ -617,7 +637,23 @@ static inline int spear_smi_cpy_toio(str
- 	ctrlreg1 = readl(dev->io_base + SMI_CR1);
- 	writel((ctrlreg1 | WB_MODE) & ~SW_MODE, dev->io_base + SMI_CR1);
- 
--	memcpy_toio(dest, src, len);
-+	/*
-+	 * In Write Burst mode (WB_MODE), the specs states that writes must be:
-+	 * - incremental
-+	 * - of the same size
-+	 * The ARM implementation of memcpy_toio() will optimize the number of
-+	 * I/O by using as much 4-byte writes as possible, surrounded by
-+	 * 2-byte/1-byte access if:
-+	 * - the destination is not 4-byte aligned
-+	 * - the length is not a multiple of 4-byte.
-+	 * Avoid this alternance of write access size by using our own 'byte
-+	 * access' helper if at least one of the two conditions above is true.
-+	 */
-+	if (IS_ALIGNED(len, sizeof(u32)) &&
-+	    IS_ALIGNED((uintptr_t)dest, sizeof(u32)))
-+		memcpy_toio(dest, src, len);
-+	else
-+		spear_smi_memcpy_toio_b(dest, src, len);
- 
- 	writel(ctrlreg1, dev->io_base + SMI_CR1);
- 
diff --git a/net-bridge-deny-dev_set_mac_address-when-unregistering.patch b/net-bridge-deny-dev_set_mac_address-when-unregistering.patch
deleted file mode 100644
index eab9f69..0000000
--- a/net-bridge-deny-dev_set_mac_address-when-unregistering.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From foo@baz Wed 18 Dec 2019 01:37:17 PM CET
-From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
-Date: Tue, 3 Dec 2019 16:48:06 +0200
-Subject: net: bridge: deny dev_set_mac_address() when unregistering
-
-From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
-
-[ Upstream commit c4b4c421857dc7b1cf0dccbd738472360ff2cd70 ]
-
-We have an interesting memory leak in the bridge when it is being
-unregistered and is a slave to a master device which would change the
-mac of its slaves on unregister (e.g. bond, team). This is a very
-unusual setup but we do end up leaking 1 fdb entry because
-dev_set_mac_address() would cause the bridge to insert the new mac address
-into its table after all fdbs are flushed, i.e. after dellink() on the
-bridge has finished and we call NETDEV_UNREGISTER the bond/team would
-release it and will call dev_set_mac_address() to restore its original
-address and that in turn will add an fdb in the bridge.
-One fix is to check for the bridge dev's reg_state in its
-ndo_set_mac_address callback and return an error if the bridge is not in
-NETREG_REGISTERED.
-
-Easy steps to reproduce:
- 1. add bond in mode != A/B
- 2. add any slave to the bond
- 3. add bridge dev as a slave to the bond
- 4. destroy the bridge device
-
-Trace:
- unreferenced object 0xffff888035c4d080 (size 128):
-   comm "ip", pid 4068, jiffies 4296209429 (age 1413.753s)
-   hex dump (first 32 bytes):
-     41 1d c9 36 80 88 ff ff 00 00 00 00 00 00 00 00  A..6............
-     d2 19 c9 5e 3f d7 00 00 00 00 00 00 00 00 00 00  ...^?...........
-   backtrace:
-     [<00000000ddb525dc>] kmem_cache_alloc+0x155/0x26f
-     [<00000000633ff1e0>] fdb_create+0x21/0x486 [bridge]
-     [<0000000092b17e9c>] fdb_insert+0x91/0xdc [bridge]
-     [<00000000f2a0f0ff>] br_fdb_change_mac_address+0xb3/0x175 [bridge]
-     [<000000001de02dbd>] br_stp_change_bridge_id+0xf/0xff [bridge]
-     [<00000000ac0e32b1>] br_set_mac_address+0x76/0x99 [bridge]
-     [<000000006846a77f>] dev_set_mac_address+0x63/0x9b
-     [<00000000d30738fc>] __bond_release_one+0x3f6/0x455 [bonding]
-     [<00000000fc7ec01d>] bond_netdev_event+0x2f2/0x400 [bonding]
-     [<00000000305d7795>] notifier_call_chain+0x38/0x56
-     [<0000000028885d4a>] call_netdevice_notifiers+0x1e/0x23
-     [<000000008279477b>] rollback_registered_many+0x353/0x6a4
-     [<0000000018ef753a>] unregister_netdevice_many+0x17/0x6f
-     [<00000000ba854b7a>] rtnl_delete_link+0x3c/0x43
-     [<00000000adf8618d>] rtnl_dellink+0x1dc/0x20a
-     [<000000009b6395fd>] rtnetlink_rcv_msg+0x23d/0x268
-
-Fixes: 43598813386f ("bridge: add local MAC address to forwarding table (v2)")
-Reported-by: syzbot+2add91c08eb181fea1bf@syzkaller.appspotmail.com
-Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/bridge/br_device.c |    6 ++++++
- 1 file changed, 6 insertions(+)
-
---- a/net/bridge/br_device.c
-+++ b/net/bridge/br_device.c
-@@ -198,6 +198,12 @@ static int br_set_mac_address(struct net
- 	if (!is_valid_ether_addr(addr->sa_data))
- 		return -EADDRNOTAVAIL;
- 
-+	/* dev_set_mac_addr() can be called by a master device on bridge's
-+	 * NETDEV_UNREGISTER, but since it's being destroyed do nothing
-+	 */
-+	if (dev->reg_state != NETREG_REGISTERED)
-+		return -EBUSY;
-+
- 	spin_lock_bh(&br->lock);
- 	if (!ether_addr_equal(dev->dev_addr, addr->sa_data)) {
- 		/* Mac address will be changed in br_stp_change_bridge_id(). */
diff --git a/pci-fix-intel-acs-quirk-updcr-register-address.patch b/pci-fix-intel-acs-quirk-updcr-register-address.patch
deleted file mode 100644
index 8d1866f..0000000
--- a/pci-fix-intel-acs-quirk-updcr-register-address.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From d8558ac8c93d429d65d7490b512a3a67e559d0d4 Mon Sep 17 00:00:00 2001
-From: Steffen Liebergeld <steffen.liebergeld@kernkonzept.com>
-Date: Wed, 18 Sep 2019 15:16:52 +0200
-Subject: PCI: Fix Intel ACS quirk UPDCR register address
-
-From: Steffen Liebergeld <steffen.liebergeld@kernkonzept.com>
-
-commit d8558ac8c93d429d65d7490b512a3a67e559d0d4 upstream.
-
-According to documentation [0] the correct offset for the Upstream Peer
-Decode Configuration Register (UPDCR) is 0x1014.  It was previously defined
-as 0x1114.
-
-d99321b63b1f ("PCI: Enable quirks for PCIe ACS on Intel PCH root ports")
-intended to enforce isolation between PCI devices allowing them to be put
-into separate IOMMU groups.  Due to the wrong register offset the intended
-isolation was not fully enforced.  This is fixed with this patch.
-
-Please note that I did not test this patch because I have no hardware that
-implements this register.
-
-[0] https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/4th-gen-core-family-mobile-i-o-datasheet.pdf (page 325)
-Fixes: d99321b63b1f ("PCI: Enable quirks for PCIe ACS on Intel PCH root ports")
-Link: https://lore.kernel.org/r/7a3505df-79ba-8a28-464c-88b83eefffa6@kernkonzept.com
-Signed-off-by: Steffen Liebergeld <steffen.liebergeld@kernkonzept.com>
-Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
-Reviewed-by: Andrew Murray <andrew.murray@arm.com>
-Acked-by: Ashok Raj <ashok.raj@intel.com>
-Cc: stable@vger.kernel.org	# v3.15+
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/pci/quirks.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/pci/quirks.c
-+++ b/drivers/pci/quirks.c
-@@ -3819,7 +3819,7 @@ int pci_dev_specific_acs_enabled(struct
- #define INTEL_BSPR_REG_BPPD  (1 << 9)
- 
- /* Upstream Peer Decode Configuration Register */
--#define INTEL_UPDCR_REG 0x1114
-+#define INTEL_UPDCR_REG 0x1014
- /* 5:0 Peer Decode Enable bits */
- #define INTEL_UPDCR_REG_MASK 0x3f
- 
diff --git a/pci-msi-fix-incorrect-msi-x-masking-on-resume.patch b/pci-msi-fix-incorrect-msi-x-masking-on-resume.patch
deleted file mode 100644
index aa12d72..0000000
--- a/pci-msi-fix-incorrect-msi-x-masking-on-resume.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From e045fa29e89383c717e308609edd19d2fd29e1be Mon Sep 17 00:00:00 2001
-From: Jian-Hong Pan <jian-hong@endlessm.com>
-Date: Tue, 8 Oct 2019 11:42:39 +0800
-Subject: PCI/MSI: Fix incorrect MSI-X masking on resume
-
-From: Jian-Hong Pan <jian-hong@endlessm.com>
-
-commit e045fa29e89383c717e308609edd19d2fd29e1be upstream.
-
-When a driver enables MSI-X, msix_program_entries() reads the MSI-X Vector
-Control register for each vector and saves it in desc->masked.  Each
-register is 32 bits and bit 0 is the actual Mask bit.
-
-When we restored these registers during resume, we previously set the Mask
-bit if *any* bit in desc->masked was set instead of when the Mask bit
-itself was set:
-
-  pci_restore_state
-    pci_restore_msi_state
-      __pci_restore_msix_state
-        for_each_pci_msi_entry
-          msix_mask_irq(entry, entry->masked)   <-- entire u32 word
-            __pci_msix_desc_mask_irq(desc, flag)
-              mask_bits = desc->masked & ~PCI_MSIX_ENTRY_CTRL_MASKBIT
-              if (flag)       <-- testing entire u32, not just bit 0
-                mask_bits |= PCI_MSIX_ENTRY_CTRL_MASKBIT
-              writel(mask_bits, desc_addr + PCI_MSIX_ENTRY_VECTOR_CTRL)
-
-This means that after resume, MSI-X vectors were masked when they shouldn't
-be, which leads to timeouts like this:
-
-  nvme nvme0: I/O 978 QID 3 timeout, completion polled
-
-On resume, set the Mask bit only when the saved Mask bit from suspend was
-set.
-
-This should remove the need for 19ea025e1d28 ("nvme: Add quirk for Kingston
-NVME SSD running FW E8FK11.T").
-
-[bhelgaas: commit log, move fix to __pci_msix_desc_mask_irq()]
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=204887
-Link: https://lore.kernel.org/r/20191008034238.2503-1-jian-hong@endlessm.com
-Fixes: f2440d9acbe8 ("PCI MSI: Refactor interrupt masking code")
-Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com>
-Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
-Cc: stable@vger.kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/pci/msi.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/pci/msi.c
-+++ b/drivers/pci/msi.c
-@@ -200,7 +200,7 @@ u32 default_msix_mask_irq(struct msi_des
- 	unsigned offset = desc->msi_attrib.entry_nr * PCI_MSIX_ENTRY_SIZE +
- 						PCI_MSIX_ENTRY_VECTOR_CTRL;
- 	mask_bits &= ~PCI_MSIX_ENTRY_CTRL_MASKBIT;
--	if (flag)
-+	if (flag & PCI_MSIX_ENTRY_CTRL_MASKBIT)
- 		mask_bits |= PCI_MSIX_ENTRY_CTRL_MASKBIT;
- 	writel(mask_bits, desc->mask_base + offset);
- 
diff --git a/pinctrl-samsung-fix-device-node-refcount-leaks-in-init-code.patch b/pinctrl-samsung-fix-device-node-refcount-leaks-in-init-code.patch
deleted file mode 100644
index 1f54095..0000000
--- a/pinctrl-samsung-fix-device-node-refcount-leaks-in-init-code.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From a322b3377f4bac32aa25fb1acb9e7afbbbbd0137 Mon Sep 17 00:00:00 2001
-From: Krzysztof Kozlowski <krzk@kernel.org>
-Date: Mon, 5 Aug 2019 18:27:10 +0200
-Subject: pinctrl: samsung: Fix device node refcount leaks in init code
-
-From: Krzysztof Kozlowski <krzk@kernel.org>
-
-commit a322b3377f4bac32aa25fb1acb9e7afbbbbd0137 upstream.
-
-Several functions use for_each_child_of_node() loop with a break to find
-a matching child node.  Although each iteration of
-for_each_child_of_node puts the previous node, but early exit from loop
-misses it.  This leads to leak of device node.
-
-Cc: <stable@vger.kernel.org>
-Fixes: 9a2c1c3b91aa ("pinctrl: samsung: Allow grouping multiple pinmux/pinconf nodes")
-Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/pinctrl/samsung/pinctrl-samsung.c |   10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
---- a/drivers/pinctrl/samsung/pinctrl-samsung.c
-+++ b/drivers/pinctrl/samsung/pinctrl-samsung.c
-@@ -291,6 +291,7 @@ static int samsung_dt_node_to_map(struct
- 						&reserved_maps, num_maps);
- 		if (ret < 0) {
- 			samsung_dt_free_map(pctldev, *map, *num_maps);
-+			of_node_put(np);
- 			return ret;
- 		}
- 	}
-@@ -758,8 +759,10 @@ static struct samsung_pmx_func *samsung_
- 		if (!of_get_child_count(cfg_np)) {
- 			ret = samsung_pinctrl_create_function(dev, drvdata,
- 							cfg_np, func);
--			if (ret < 0)
-+			if (ret < 0) {
-+				of_node_put(cfg_np);
- 				return ERR_PTR(ret);
-+			}
- 			if (ret > 0) {
- 				++func;
- 				++func_cnt;
-@@ -770,8 +773,11 @@ static struct samsung_pmx_func *samsung_
- 		for_each_child_of_node(cfg_np, func_np) {
- 			ret = samsung_pinctrl_create_function(dev, drvdata,
- 						func_np, func);
--			if (ret < 0)
-+			if (ret < 0) {
-+				of_node_put(func_np);
-+				of_node_put(cfg_np);
- 				return ERR_PTR(ret);
-+			}
- 			if (ret > 0) {
- 				++func;
- 				++func_cnt;
diff --git a/powerpc-allow-64bit-vdso-__kernel_sync_dicache-to-work-across-ranges-4gb.patch b/powerpc-allow-64bit-vdso-__kernel_sync_dicache-to-work-across-ranges-4gb.patch
deleted file mode 100644
index c19e240..0000000
--- a/powerpc-allow-64bit-vdso-__kernel_sync_dicache-to-work-across-ranges-4gb.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From f9ec11165301982585e5e5f606739b5bae5331f3 Mon Sep 17 00:00:00 2001
-From: Alastair D'Silva <alastair@d-silva.org>
-Date: Mon, 4 Nov 2019 13:32:54 +1100
-Subject: powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB
-
-From: Alastair D'Silva <alastair@d-silva.org>
-
-commit f9ec11165301982585e5e5f606739b5bae5331f3 upstream.
-
-When calling __kernel_sync_dicache with a size >4GB, we were masking
-off the upper 32 bits, so we would incorrectly flush a range smaller
-than intended.
-
-This patch replaces the 32 bit shifts with 64 bit ones, so that
-the full size is accounted for.
-
-Signed-off-by: Alastair D'Silva <alastair@d-silva.org>
-Cc: stable@vger.kernel.org
-Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
-Link: https://lore.kernel.org/r/20191104023305.9581-3-alastair@au1.ibm.com
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/powerpc/kernel/vdso64/cacheflush.S |    4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/arch/powerpc/kernel/vdso64/cacheflush.S
-+++ b/arch/powerpc/kernel/vdso64/cacheflush.S
-@@ -39,7 +39,7 @@ V_FUNCTION_BEGIN(__kernel_sync_dicache)
- 	subf	r8,r6,r4		/* compute length */
- 	add	r8,r8,r5		/* ensure we get enough */
- 	lwz	r9,CFG_DCACHE_LOGBLOCKSZ(r10)
--	srw.	r8,r8,r9		/* compute line count */
-+	srd.	r8,r8,r9		/* compute line count */
- 	crclr	cr0*4+so
- 	beqlr				/* nothing to do? */
- 	mtctr	r8
-@@ -56,7 +56,7 @@ V_FUNCTION_BEGIN(__kernel_sync_dicache)
- 	subf	r8,r6,r4		/* compute length */
- 	add	r8,r8,r5
- 	lwz	r9,CFG_ICACHE_LOGBLOCKSZ(r10)
--	srw.	r8,r8,r9		/* compute line count */
-+	srd.	r8,r8,r9		/* compute line count */
- 	crclr	cr0*4+so
- 	beqlr				/* nothing to do? */
- 	mtctr	r8
diff --git a/powerpc-irq-fix-stack-overflow-verification.patch b/powerpc-irq-fix-stack-overflow-verification.patch
new file mode 100644
index 0000000..903fcf7
--- /dev/null
+++ b/powerpc-irq-fix-stack-overflow-verification.patch
@@ -0,0 +1,50 @@
+From 099bc4812f09155da77eeb960a983470249c9ce1 Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Mon, 9 Dec 2019 06:19:08 +0000
+Subject: powerpc/irq: fix stack overflow verification
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit 099bc4812f09155da77eeb960a983470249c9ce1 upstream.
+
+Before commit 0366a1c70b89 ("powerpc/irq: Run softirqs off the top of
+the irq stack"), check_stack_overflow() was called by do_IRQ(), before
+switching to the irq stack.
+In that commit, do_IRQ() was renamed __do_irq(), and is now executing
+on the irq stack, so check_stack_overflow() has just become almost
+useless.
+
+Move check_stack_overflow() call in do_IRQ() to do the check while
+still on the current stack.
+
+Fixes: 0366a1c70b89 ("powerpc/irq: Run softirqs off the top of the irq stack")
+Cc: stable@vger.kernel.org
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/e033aa8116ab12b7ca9a9c75189ad0741e3b9b5f.1575872340.git.christophe.leroy@c-s.fr
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/irq.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/powerpc/kernel/irq.c
++++ b/arch/powerpc/kernel/irq.c
+@@ -485,8 +485,6 @@ void __do_irq(struct pt_regs *regs)
+ 
+ 	trace_irq_entry(regs);
+ 
+-	check_stack_overflow();
+-
+ 	/*
+ 	 * Query the platform PIC for the interrupt & ack it.
+ 	 *
+@@ -518,6 +516,8 @@ void do_IRQ(struct pt_regs *regs)
+ 	irqtp = hardirq_ctx[raw_smp_processor_id()];
+ 	sirqtp = softirq_ctx[raw_smp_processor_id()];
+ 
++	check_stack_overflow();
++
+ 	/* Already there ? */
+ 	if (unlikely(curtp == irqtp || curtp == sirqtp)) {
+ 		__do_irq(regs);
diff --git a/quota-check-that-quota-is-not-dirty-before-release.patch b/quota-check-that-quota-is-not-dirty-before-release.patch
deleted file mode 100644
index b313874..0000000
--- a/quota-check-that-quota-is-not-dirty-before-release.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From df4bb5d128e2c44848aeb36b7ceceba3ac85080d Mon Sep 17 00:00:00 2001
-From: Dmitry Monakhov <dmtrmonakhov@yandex-team.ru>
-Date: Thu, 31 Oct 2019 10:39:20 +0000
-Subject: quota: Check that quota is not dirty before release
-
-From: Dmitry Monakhov <dmtrmonakhov@yandex-team.ru>
-
-commit df4bb5d128e2c44848aeb36b7ceceba3ac85080d upstream.
-
-There is a race window where quota was redirted once we drop dq_list_lock inside dqput(),
-but before we grab dquot->dq_lock inside dquot_release()
-
-TASK1                                                       TASK2 (chowner)
-->dqput()
-  we_slept:
-    spin_lock(&dq_list_lock)
-    if (dquot_dirty(dquot)) {
-          spin_unlock(&dq_list_lock);
-          dquot->dq_sb->dq_op->write_dquot(dquot);
-          goto we_slept
-    if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) {
-          spin_unlock(&dq_list_lock);
-          dquot->dq_sb->dq_op->release_dquot(dquot);
-                                                            dqget()
-							    mark_dquot_dirty()
-							    dqput()
-          goto we_slept;
-        }
-So dquot dirty quota will be released by TASK1, but on next we_sleept loop
-we detect this and call ->write_dquot() for it.
-XFSTEST: https://github.com/dmonakhov/xfstests/commit/440a80d4cbb39e9234df4d7240aee1d551c36107
-
-Link: https://lore.kernel.org/r/20191031103920.3919-2-dmonakhov@openvz.org
-CC: stable@vger.kernel.org
-Signed-off-by: Dmitry Monakhov <dmtrmonakhov@yandex-team.ru>
-Signed-off-by: Jan Kara <jack@suse.cz>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/ocfs2/quota_global.c  |    2 +-
- fs/quota/dquot.c         |    2 +-
- include/linux/quotaops.h |   10 ++++++++++
- 3 files changed, 12 insertions(+), 2 deletions(-)
-
---- a/fs/ocfs2/quota_global.c
-+++ b/fs/ocfs2/quota_global.c
-@@ -714,7 +714,7 @@ static int ocfs2_release_dquot(struct dq
- 
- 	mutex_lock(&dquot->dq_lock);
- 	/* Check whether we are not racing with some other dqget() */
--	if (atomic_read(&dquot->dq_count) > 1)
-+	if (dquot_is_busy(dquot))
- 		goto out;
- 	/* Running from downconvert thread? Postpone quota processing to wq */
- 	if (current == osb->dc_task) {
---- a/fs/quota/dquot.c
-+++ b/fs/quota/dquot.c
-@@ -472,7 +472,7 @@ int dquot_release(struct dquot *dquot)
- 
- 	mutex_lock(&dquot->dq_lock);
- 	/* Check whether we are not racing with some other dqget() */
--	if (atomic_read(&dquot->dq_count) > 1)
-+	if (dquot_is_busy(dquot))
- 		goto out_dqlock;
- 	mutex_lock(&dqopt->dqio_mutex);
- 	if (dqopt->ops[dquot->dq_id.type]->release_dqblk) {
---- a/include/linux/quotaops.h
-+++ b/include/linux/quotaops.h
-@@ -54,6 +54,16 @@ static inline struct dquot *dqgrab(struc
- 	atomic_inc(&dquot->dq_count);
- 	return dquot;
- }
-+
-+static inline bool dquot_is_busy(struct dquot *dquot)
-+{
-+	if (test_bit(DQ_MOD_B, &dquot->dq_flags))
-+		return true;
-+	if (atomic_read(&dquot->dq_count) > 1)
-+		return true;
-+	return false;
-+}
-+
- void dqput(struct dquot *dquot);
- int dquot_scan_active(struct super_block *sb,
- 		      int (*fn)(struct dquot *dquot, unsigned long priv),
diff --git a/quota-fix-livelock-in-dquot_writeback_dquots.patch b/quota-fix-livelock-in-dquot_writeback_dquots.patch
deleted file mode 100644
index f9a933e..0000000
--- a/quota-fix-livelock-in-dquot_writeback_dquots.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 6ff33d99fc5c96797103b48b7b0902c296f09c05 Mon Sep 17 00:00:00 2001
-From: Dmitry Monakhov <dmtrmonakhov@yandex-team.ru>
-Date: Thu, 31 Oct 2019 10:39:19 +0000
-Subject: quota: fix livelock in dquot_writeback_dquots
-
-From: Dmitry Monakhov <dmtrmonakhov@yandex-team.ru>
-
-commit 6ff33d99fc5c96797103b48b7b0902c296f09c05 upstream.
-
-Write only quotas which are dirty at entry.
-
-XFSTEST: https://github.com/dmonakhov/xfstests/commit/b10ad23566a5bf75832a6f500e1236084083cddc
-
-Link: https://lore.kernel.org/r/20191031103920.3919-1-dmonakhov@openvz.org
-CC: stable@vger.kernel.org
-Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
-Signed-off-by: Dmitry Monakhov <dmtrmonakhov@yandex-team.ru>
-Signed-off-by: Jan Kara <jack@suse.cz>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/quota/dquot.c |    9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
---- a/fs/quota/dquot.c
-+++ b/fs/quota/dquot.c
-@@ -604,7 +604,7 @@ EXPORT_SYMBOL(dquot_scan_active);
- /* Write all dquot structures to quota files */
- int dquot_writeback_dquots(struct super_block *sb, int type)
- {
--	struct list_head *dirty;
-+	struct list_head dirty;
- 	struct dquot *dquot;
- 	struct quota_info *dqopt = sb_dqopt(sb);
- 	int cnt;
-@@ -617,9 +617,10 @@ int dquot_writeback_dquots(struct super_
- 		if (!sb_has_quota_active(sb, cnt))
- 			continue;
- 		spin_lock(&dq_list_lock);
--		dirty = &dqopt->info[cnt].dqi_dirty_list;
--		while (!list_empty(dirty)) {
--			dquot = list_first_entry(dirty, struct dquot,
-+		/* Move list away to avoid livelock. */
-+		list_replace_init(&dqopt->info[cnt].dqi_dirty_list, &dirty);
-+		while (!list_empty(&dirty)) {
-+			dquot = list_first_entry(&dirty, struct dquot,
- 						 dq_dirty);
- 			/* Dirty and inactive can be only bad dquot... */
- 			if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) {
diff --git a/rtlwifi-rtl8192de-fix-missing-callback-that-tests-for-hw-release-of-buffer.patch b/rtlwifi-rtl8192de-fix-missing-callback-that-tests-for-hw-release-of-buffer.patch
deleted file mode 100644
index fab3fac..0000000
--- a/rtlwifi-rtl8192de-fix-missing-callback-that-tests-for-hw-release-of-buffer.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 3155db7613edea8fb943624062baf1e4f9cfbfd6 Mon Sep 17 00:00:00 2001
-From: Larry Finger <Larry.Finger@lwfinger.net>
-Date: Mon, 11 Nov 2019 13:40:45 -0600
-Subject: rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer
-
-From: Larry Finger <Larry.Finger@lwfinger.net>
-
-commit 3155db7613edea8fb943624062baf1e4f9cfbfd6 upstream.
-
-In commit 38506ecefab9 ("rtlwifi: rtl_pci: Start modification for
-new drivers"), a callback needed to check if the hardware has released
-a buffer indicating that a DMA operation is completed was not added.
-
-Fixes: 38506ecefab9 ("rtlwifi: rtl_pci: Start modification for new drivers")
-Cc: Stable <stable@vger.kernel.org>	# v3.18+
-Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/net/wireless/rtlwifi/rtl8192de/sw.c  |    1 +
- drivers/net/wireless/rtlwifi/rtl8192de/trx.c |   17 +++++++++++++++++
- drivers/net/wireless/rtlwifi/rtl8192de/trx.h |    2 ++
- 3 files changed, 20 insertions(+)
-
---- a/drivers/net/wireless/rtlwifi/rtl8192de/sw.c
-+++ b/drivers/net/wireless/rtlwifi/rtl8192de/sw.c
-@@ -242,6 +242,7 @@ static struct rtl_hal_ops rtl8192de_hal_
- 	.led_control = rtl92de_led_control,
- 	.set_desc = rtl92de_set_desc,
- 	.get_desc = rtl92de_get_desc,
-+	.is_tx_desc_closed = rtl92de_is_tx_desc_closed,
- 	.tx_polling = rtl92de_tx_polling,
- 	.enable_hw_sec = rtl92de_enable_hw_security_config,
- 	.set_key = rtl92de_set_key,
---- a/drivers/net/wireless/rtlwifi/rtl8192de/trx.c
-+++ b/drivers/net/wireless/rtlwifi/rtl8192de/trx.c
-@@ -863,6 +863,23 @@ u32 rtl92de_get_desc(u8 *p_desc, bool is
- 	return ret;
- }
- 
-+bool rtl92de_is_tx_desc_closed(struct ieee80211_hw *hw,
-+			       u8 hw_queue, u16 index)
-+{
-+	struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw));
-+	struct rtl8192_tx_ring *ring = &rtlpci->tx_ring[hw_queue];
-+	u8 *entry = (u8 *)(&ring->desc[ring->idx]);
-+	u8 own = (u8)rtl92de_get_desc(entry, true, HW_DESC_OWN);
-+
-+	/* a beacon packet will only use the first
-+	 * descriptor by defaut, and the own bit may not
-+	 * be cleared by the hardware
-+	 */
-+	if (own)
-+		return false;
-+	return true;
-+}
-+
- void rtl92de_tx_polling(struct ieee80211_hw *hw, u8 hw_queue)
- {
- 	struct rtl_priv *rtlpriv = rtl_priv(hw);
---- a/drivers/net/wireless/rtlwifi/rtl8192de/trx.h
-+++ b/drivers/net/wireless/rtlwifi/rtl8192de/trx.h
-@@ -740,6 +740,8 @@ bool rtl92de_rx_query_desc(struct ieee80
- void rtl92de_set_desc(struct ieee80211_hw *hw, u8 *pdesc, bool istx,
- 		      u8 desc_name, u8 *val);
- u32 rtl92de_get_desc(u8 *pdesc, bool istx, u8 desc_name);
-+bool rtl92de_is_tx_desc_closed(struct ieee80211_hw *hw,
-+			       u8 hw_queue, u16 index);
- void rtl92de_tx_polling(struct ieee80211_hw *hw, u8 hw_queue);
- void rtl92de_tx_fill_cmddesc(struct ieee80211_hw *hw, u8 *pdesc,
- 			     bool b_firstseg, bool b_lastseg,
diff --git a/rtlwifi-rtl8192de-fix-missing-code-to-retrieve-rx-buffer-address.patch b/rtlwifi-rtl8192de-fix-missing-code-to-retrieve-rx-buffer-address.patch
deleted file mode 100644
index ef08301..0000000
--- a/rtlwifi-rtl8192de-fix-missing-code-to-retrieve-rx-buffer-address.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 0e531cc575c4e9e3dd52ad287b49d3c2dc74c810 Mon Sep 17 00:00:00 2001
-From: Larry Finger <Larry.Finger@lwfinger.net>
-Date: Mon, 11 Nov 2019 13:40:44 -0600
-Subject: rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address
-
-From: Larry Finger <Larry.Finger@lwfinger.net>
-
-commit 0e531cc575c4e9e3dd52ad287b49d3c2dc74c810 upstream.
-
-In commit 38506ecefab9 ("rtlwifi: rtl_pci: Start modification for
-new drivers"), a callback to get the RX buffer address was added to
-the PCI driver. Unfortunately, driver rtl8192de was not modified
-appropriately and the code runs into a WARN_ONCE() call. The use
-of an incorrect array is also fixed.
-
-Fixes: 38506ecefab9 ("rtlwifi: rtl_pci: Start modification for new drivers")
-Cc: Stable <stable@vger.kernel.org> # 3.18+
-Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/net/wireless/rtlwifi/rtl8192de/trx.c |    8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
---- a/drivers/net/wireless/rtlwifi/rtl8192de/trx.c
-+++ b/drivers/net/wireless/rtlwifi/rtl8192de/trx.c
-@@ -844,13 +844,15 @@ u32 rtl92de_get_desc(u8 *p_desc, bool is
- 			break;
- 		}
- 	} else {
--		struct rx_desc_92c *pdesc = (struct rx_desc_92c *)p_desc;
- 		switch (desc_name) {
- 		case HW_DESC_OWN:
--			ret = GET_RX_DESC_OWN(pdesc);
-+			ret = GET_RX_DESC_OWN(p_desc);
- 			break;
- 		case HW_DESC_RXPKT_LEN:
--			ret = GET_RX_DESC_PKT_LEN(pdesc);
-+			ret = GET_RX_DESC_PKT_LEN(p_desc);
-+			break;
-+		case HW_DESC_RXBUFF_ADDR:
-+			ret = GET_RX_DESC_BUFF_ADDR(p_desc);
- 			break;
- 		default:
- 			RT_ASSERT(false, "ERR rxdesc :%d not process\n",
diff --git a/rtlwifi-rtl8192de-fix-missing-enable-interrupt-flag.patch b/rtlwifi-rtl8192de-fix-missing-enable-interrupt-flag.patch
deleted file mode 100644
index 1613b53..0000000
--- a/rtlwifi-rtl8192de-fix-missing-enable-interrupt-flag.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 330bb7117101099c687e9c7f13d48068670b9c62 Mon Sep 17 00:00:00 2001
-From: Larry Finger <Larry.Finger@lwfinger.net>
-Date: Mon, 11 Nov 2019 13:40:46 -0600
-Subject: rtlwifi: rtl8192de: Fix missing enable interrupt flag
-
-From: Larry Finger <Larry.Finger@lwfinger.net>
-
-commit 330bb7117101099c687e9c7f13d48068670b9c62 upstream.
-
-In commit 38506ecefab9 ("rtlwifi: rtl_pci: Start modification for
-new drivers"), the flag that indicates that interrupts are enabled was
-never set.
-
-In addition, there are several places when enable/disable interrupts
-were commented out are restored. A sychronize_interrupts() call is
-removed.
-
-Fixes: 38506ecefab9 ("rtlwifi: rtl_pci: Start modification for new drivers")
-Cc: Stable <stable@vger.kernel.org>	# v3.18+
-Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
-Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/net/wireless/rtlwifi/rtl8192de/hw.c |    9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
---- a/drivers/net/wireless/rtlwifi/rtl8192de/hw.c
-+++ b/drivers/net/wireless/rtlwifi/rtl8192de/hw.c
-@@ -1206,6 +1206,7 @@ void rtl92de_enable_interrupt(struct iee
- 
- 	rtl_write_dword(rtlpriv, REG_HIMR, rtlpci->irq_mask[0] & 0xFFFFFFFF);
- 	rtl_write_dword(rtlpriv, REG_HIMRE, rtlpci->irq_mask[1] & 0xFFFFFFFF);
-+	rtlpci->irq_enabled = true;
- }
- 
- void rtl92de_disable_interrupt(struct ieee80211_hw *hw)
-@@ -1215,7 +1216,7 @@ void rtl92de_disable_interrupt(struct ie
- 
- 	rtl_write_dword(rtlpriv, REG_HIMR, IMR8190_DISABLED);
- 	rtl_write_dword(rtlpriv, REG_HIMRE, IMR8190_DISABLED);
--	synchronize_irq(rtlpci->pdev->irq);
-+	rtlpci->irq_enabled = false;
- }
- 
- static void _rtl92de_poweroff_adapter(struct ieee80211_hw *hw)
-@@ -1386,7 +1387,7 @@ void rtl92de_set_beacon_related_register
- 
- 	bcn_interval = mac->beacon_interval;
- 	atim_window = 2;
--	/*rtl92de_disable_interrupt(hw);  */
-+	rtl92de_disable_interrupt(hw);
- 	rtl_write_word(rtlpriv, REG_ATIMWND, atim_window);
- 	rtl_write_word(rtlpriv, REG_BCN_INTERVAL, bcn_interval);
- 	rtl_write_word(rtlpriv, REG_BCNTCFG, 0x660f);
-@@ -1406,9 +1407,9 @@ void rtl92de_set_beacon_interval(struct
- 
- 	RT_TRACE(rtlpriv, COMP_BEACON, DBG_DMESG,
- 		 "beacon_interval:%d\n", bcn_interval);
--	/* rtl92de_disable_interrupt(hw); */
-+	rtl92de_disable_interrupt(hw);
- 	rtl_write_word(rtlpriv, REG_BCN_INTERVAL, bcn_interval);
--	/* rtl92de_enable_interrupt(hw); */
-+	rtl92de_enable_interrupt(hw);
- }
- 
- void rtl92de_update_interrupt_mask(struct ieee80211_hw *hw,
diff --git a/series b/series
index bfbd1ea..8be3282 100644
--- a/series
+++ b/series
@@ -1,42 +1,4 @@
-staging-rtl8188eu-fix-interface-sanity-check.patch
-staging-rtl8712-fix-interface-sanity-check.patch
-staging-gigaset-fix-general-protection-fault-on-probe.patch
-staging-gigaset-fix-illegal-free-on-probe-errors.patch
-staging-gigaset-add-endpoint-type-sanity-check.patch
-xhci-increase-sts_halt-timeout-in-xhci_suspend.patch
-usb-atm-ueagle-atm-add-missing-endpoint-check.patch
-usb-idmouse-fix-interface-sanity-checks.patch
-usb-serial-io_edgeport-fix-epic-endpoint-lookup.patch
-usb-adutux-fix-interface-sanity-check.patch
-usb-core-urb-fix-urb-structure-initialization-function.patch
-usb-mon-fix-a-deadlock-in-usbmon-between-mmap-and-read.patch
-mtd-spear_smi-fix-write-burst-mode.patch
-rtlwifi-rtl8192de-fix-missing-code-to-retrieve-rx-buffer-address.patch
-rtlwifi-rtl8192de-fix-missing-callback-that-tests-for-hw-release-of-buffer.patch
-rtlwifi-rtl8192de-fix-missing-enable-interrupt-flag.patch
-lib-raid6-fix-awk-build-warnings.patch
-asoc-jack-fix-null-pointer-dereference-in-snd_soc_jack_report.patch
-ar5523-check-null-before-memcpy-in-ar5523_cmd.patch
-media-radio-wl1273-fix-interrupt-masking-on-release.patch
-cpuidle-do-not-unset-the-driver-if-it-is-there-already.patch
-acpi-bus-fix-null-pointer-check-in-acpi_bus_get_private_data.patch
-acpi-pm-avoid-attaching-acpi-pm-domain-to-certain-devices.patch
-pinctrl-samsung-fix-device-node-refcount-leaks-in-init-code.patch
-powerpc-allow-64bit-vdso-__kernel_sync_dicache-to-work-across-ranges-4gb.patch
-quota-check-that-quota-is-not-dirty-before-release.patch
-quota-fix-livelock-in-dquot_writeback_dquots.patch
-mm-shmem.c-cast-the-type-of-unmap_start-to-u64.patch
-net-bridge-deny-dev_set_mac_address-when-unregistering.patch
-tcp-md5-fix-potential-overestimation-of-tcp-option-space.patch
-inet-protect-against-too-small-mtu-values.patch
-pci-fix-intel-acs-quirk-updcr-register-address.patch
-pci-msi-fix-incorrect-msi-x-masking-on-resume.patch
-xtensa-fix-tlb-sanity-checker.patch
-cifs-respect-o_sync-and-o_direct-flags-during-reconnect.patch
-arm-dts-s3c64xx-fix-init-order-of-clock-providers.patch
-arm-tegra-fix-flow_ctlr_halt-register-clobbering-by-tegra_resume.patch
 dm-btree-increase-rebalance-threshold-in-__rebalance2.patch
-drm-radeon-fix-r1xx-r2xx-register-checker-for-pot-textures.patch
 
 # newer stuff
 btrfs-do-not-leak-reloc-root-if-we-fail-to-read-the-fs-root.patch
@@ -51,4 +13,6 @@
 sctp-fully-initialize-v4-addr-in-some-functions.patch
 usbip-fix-error-path-of-vhci_recv_ret_submit.patch
 usb-ehci-do-not-return-epipe-when-hub-is-disconnected.patch
+ext4-check-for-directory-entries-too-close-to-block-end.patch
+powerpc-irq-fix-stack-overflow-verification.patch
 
diff --git a/staging-gigaset-add-endpoint-type-sanity-check.patch b/staging-gigaset-add-endpoint-type-sanity-check.patch
deleted file mode 100644
index 3820681..0000000
--- a/staging-gigaset-add-endpoint-type-sanity-check.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From ed9ed5a89acba51b82bdff61144d4e4a4245ec8a Mon Sep 17 00:00:00 2001
-From: Johan Hovold <johan@kernel.org>
-Date: Mon, 2 Dec 2019 09:56:10 +0100
-Subject: staging: gigaset: add endpoint-type sanity check
-
-From: Johan Hovold <johan@kernel.org>
-
-commit ed9ed5a89acba51b82bdff61144d4e4a4245ec8a upstream.
-
-Add missing endpoint-type sanity checks to probe.
-
-This specifically prevents a warning in USB core on URB submission when
-fuzzing USB descriptors.
-
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Cc: stable <stable@vger.kernel.org>
-Link: https://lore.kernel.org/r/20191202085610.12719-4-johan@kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/isdn/gigaset/usb-gigaset.c |   12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
---- a/drivers/isdn/gigaset/usb-gigaset.c
-+++ b/drivers/isdn/gigaset/usb-gigaset.c
-@@ -713,6 +713,12 @@ static int gigaset_probe(struct usb_inte
- 
- 	endpoint = &hostif->endpoint[0].desc;
- 
-+	if (!usb_endpoint_is_bulk_out(endpoint)) {
-+		dev_err(&interface->dev, "missing bulk-out endpoint\n");
-+		retval = -ENODEV;
-+		goto error;
-+	}
-+
- 	buffer_size = le16_to_cpu(endpoint->wMaxPacketSize);
- 	ucs->bulk_out_size = buffer_size;
- 	ucs->bulk_out_epnum = usb_endpoint_num(endpoint);
-@@ -732,6 +738,12 @@ static int gigaset_probe(struct usb_inte
- 
- 	endpoint = &hostif->endpoint[1].desc;
- 
-+	if (!usb_endpoint_is_int_in(endpoint)) {
-+		dev_err(&interface->dev, "missing int-in endpoint\n");
-+		retval = -ENODEV;
-+		goto error;
-+	}
-+
- 	ucs->busy = 0;
- 
- 	ucs->read_urb = usb_alloc_urb(0, GFP_KERNEL);
diff --git a/staging-gigaset-fix-general-protection-fault-on-probe.patch b/staging-gigaset-fix-general-protection-fault-on-probe.patch
deleted file mode 100644
index a83e87d..0000000
--- a/staging-gigaset-fix-general-protection-fault-on-probe.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 53f35a39c3860baac1e5ca80bf052751cfb24a99 Mon Sep 17 00:00:00 2001
-From: Johan Hovold <johan@kernel.org>
-Date: Mon, 2 Dec 2019 09:56:08 +0100
-Subject: staging: gigaset: fix general protection fault on probe
-
-From: Johan Hovold <johan@kernel.org>
-
-commit 53f35a39c3860baac1e5ca80bf052751cfb24a99 upstream.
-
-Fix a general protection fault when accessing the endpoint descriptors
-which could be triggered by a malicious device due to missing sanity
-checks on the number of endpoints.
-
-Reported-by: syzbot+35b1c403a14f5c89eba7@syzkaller.appspotmail.com
-Fixes: 07dc1f9f2f80 ("[PATCH] isdn4linux: Siemens Gigaset drivers - M105 USB DECT adapter")
-Cc: stable <stable@vger.kernel.org>     # 2.6.17
-Cc: Hansjoerg Lipp <hjlipp@web.de>
-Cc: Tilman Schmidt <tilman@imap.cc>
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Link: https://lore.kernel.org/r/20191202085610.12719-2-johan@kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/isdn/gigaset/usb-gigaset.c |    5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/drivers/isdn/gigaset/usb-gigaset.c
-+++ b/drivers/isdn/gigaset/usb-gigaset.c
-@@ -693,6 +693,11 @@ static int gigaset_probe(struct usb_inte
- 		return -ENODEV;
- 	}
- 
-+	if (hostif->desc.bNumEndpoints < 2) {
-+		dev_err(&interface->dev, "missing endpoints\n");
-+		return -ENODEV;
-+	}
-+
- 	dev_info(&udev->dev, "%s: Device matched ... !\n", __func__);
- 
- 	/* allocate memory for our device state and initialize it */
diff --git a/staging-gigaset-fix-illegal-free-on-probe-errors.patch b/staging-gigaset-fix-illegal-free-on-probe-errors.patch
deleted file mode 100644
index f9e9981..0000000
--- a/staging-gigaset-fix-illegal-free-on-probe-errors.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 84f60ca7b326ed8c08582417493982fe2573a9ad Mon Sep 17 00:00:00 2001
-From: Johan Hovold <johan@kernel.org>
-Date: Mon, 2 Dec 2019 09:56:09 +0100
-Subject: staging: gigaset: fix illegal free on probe errors
-
-From: Johan Hovold <johan@kernel.org>
-
-commit 84f60ca7b326ed8c08582417493982fe2573a9ad upstream.
-
-The driver failed to initialise its receive-buffer pointer, something
-which could lead to an illegal free on late probe errors.
-
-Fix this by making sure to clear all driver data at allocation.
-
-Fixes: 2032e2c2309d ("usb_gigaset: code cleanup")
-Cc: stable <stable@vger.kernel.org>     # 2.6.33
-Cc: Tilman Schmidt <tilman@imap.cc>
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Link: https://lore.kernel.org/r/20191202085610.12719-3-johan@kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/isdn/gigaset/usb-gigaset.c |    6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
---- a/drivers/isdn/gigaset/usb-gigaset.c
-+++ b/drivers/isdn/gigaset/usb-gigaset.c
-@@ -579,8 +579,7 @@ static int gigaset_initcshw(struct cards
- {
- 	struct usb_cardstate *ucs;
- 
--	cs->hw.usb = ucs =
--		kmalloc(sizeof(struct usb_cardstate), GFP_KERNEL);
-+	cs->hw.usb = ucs = kzalloc(sizeof(struct usb_cardstate), GFP_KERNEL);
- 	if (!ucs) {
- 		pr_err("out of memory\n");
- 		return -ENOMEM;
-@@ -592,9 +591,6 @@ static int gigaset_initcshw(struct cards
- 	ucs->bchars[3] = 0;
- 	ucs->bchars[4] = 0x11;
- 	ucs->bchars[5] = 0x13;
--	ucs->bulk_out_buffer = NULL;
--	ucs->bulk_out_urb = NULL;
--	ucs->read_urb = NULL;
- 	tasklet_init(&cs->write_tasklet,
- 		     gigaset_modem_fill, (unsigned long) cs);
- 
diff --git a/staging-rtl8188eu-fix-interface-sanity-check.patch b/staging-rtl8188eu-fix-interface-sanity-check.patch
deleted file mode 100644
index 1921cbb..0000000
--- a/staging-rtl8188eu-fix-interface-sanity-check.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 74ca34118a0e05793935d804ccffcedd6eb56596 Mon Sep 17 00:00:00 2001
-From: Johan Hovold <johan@kernel.org>
-Date: Tue, 10 Dec 2019 12:47:50 +0100
-Subject: staging: rtl8188eu: fix interface sanity check
-
-From: Johan Hovold <johan@kernel.org>
-
-commit 74ca34118a0e05793935d804ccffcedd6eb56596 upstream.
-
-Make sure to use the current alternate setting when verifying the
-interface descriptors to avoid binding to an invalid interface.
-
-Failing to do so could cause the driver to misbehave or trigger a WARN()
-in usb_submit_urb() that kernels with panic_on_warn set would choke on.
-
-Fixes: c2478d39076b ("staging: r8188eu: Add files for new driver - part 20")
-Cc: stable <stable@vger.kernel.org>     # 3.12
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Link: https://lore.kernel.org/r/20191210114751.5119-2-johan@kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/staging/rtl8188eu/os_dep/usb_intf.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/staging/rtl8188eu/os_dep/usb_intf.c
-+++ b/drivers/staging/rtl8188eu/os_dep/usb_intf.c
-@@ -86,7 +86,7 @@ static struct dvobj_priv *usb_dvobj_init
- 	phost_conf = pusbd->actconfig;
- 	pconf_desc = &phost_conf->desc;
- 
--	phost_iface = &usb_intf->altsetting[0];
-+	phost_iface = usb_intf->cur_altsetting;
- 	piface_desc = &phost_iface->desc;
- 
- 	pdvobjpriv->NumInterfaces = pconf_desc->bNumInterfaces;
diff --git a/staging-rtl8712-fix-interface-sanity-check.patch b/staging-rtl8712-fix-interface-sanity-check.patch
deleted file mode 100644
index e5b22bc..0000000
--- a/staging-rtl8712-fix-interface-sanity-check.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From c724f776f048538ecfdf53a52b7a522309f5c504 Mon Sep 17 00:00:00 2001
-From: Johan Hovold <johan@kernel.org>
-Date: Tue, 10 Dec 2019 12:47:51 +0100
-Subject: staging: rtl8712: fix interface sanity check
-
-From: Johan Hovold <johan@kernel.org>
-
-commit c724f776f048538ecfdf53a52b7a522309f5c504 upstream.
-
-Make sure to use the current alternate setting when verifying the
-interface descriptors to avoid binding to an invalid interface.
-
-Failing to do so could cause the driver to misbehave or trigger a WARN()
-in usb_submit_urb() that kernels with panic_on_warn set would choke on.
-
-Fixes: 2865d42c78a9 ("staging: r8712u: Add the new driver to the mainline kernel")
-Cc: stable <stable@vger.kernel.org>     # 2.6.37
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Link: https://lore.kernel.org/r/20191210114751.5119-3-johan@kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/staging/rtl8712/usb_intf.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/staging/rtl8712/usb_intf.c
-+++ b/drivers/staging/rtl8712/usb_intf.c
-@@ -268,7 +268,7 @@ static uint r8712_usb_dvobj_init(struct
- 	pdev_desc = &pusbd->descriptor;
- 	phost_conf = pusbd->actconfig;
- 	pconf_desc = &phost_conf->desc;
--	phost_iface = &pintf->altsetting[0];
-+	phost_iface = pintf->cur_altsetting;
- 	piface_desc = &phost_iface->desc;
- 	pdvobjpriv->nr_endpoint = piface_desc->bNumEndpoints;
- 	if (pusbd->speed == USB_SPEED_HIGH) {
diff --git a/tcp-md5-fix-potential-overestimation-of-tcp-option-space.patch b/tcp-md5-fix-potential-overestimation-of-tcp-option-space.patch
deleted file mode 100644
index eadf33d..0000000
--- a/tcp-md5-fix-potential-overestimation-of-tcp-option-space.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From foo@baz Wed 18 Dec 2019 01:37:17 PM CET
-From: Eric Dumazet <edumazet@google.com>
-Date: Thu, 5 Dec 2019 10:10:15 -0800
-Subject: tcp: md5: fix potential overestimation of TCP option space
-
-From: Eric Dumazet <edumazet@google.com>
-
-[ Upstream commit 9424e2e7ad93ffffa88f882c9bc5023570904b55 ]
-
-Back in 2008, Adam Langley fixed the corner case of packets for flows
-having all of the following options : MD5 TS SACK
-
-Since MD5 needs 20 bytes, and TS needs 12 bytes, no sack block
-can be cooked from the remaining 8 bytes.
-
-tcp_established_options() correctly sets opts->num_sack_blocks
-to zero, but returns 36 instead of 32.
-
-This means TCP cooks packets with 4 extra bytes at the end
-of options, containing unitialized bytes.
-
-Fixes: 33ad798c924b ("tcp: options clean up")
-Signed-off-by: Eric Dumazet <edumazet@google.com>
-Reported-by: syzbot <syzkaller@googlegroups.com>
-Acked-by: Neal Cardwell <ncardwell@google.com>
-Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/ipv4/tcp_output.c |    5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
---- a/net/ipv4/tcp_output.c
-+++ b/net/ipv4/tcp_output.c
-@@ -693,8 +693,9 @@ static unsigned int tcp_established_opti
- 			min_t(unsigned int, eff_sacks,
- 			      (remaining - TCPOLEN_SACK_BASE_ALIGNED) /
- 			      TCPOLEN_SACK_PERBLOCK);
--		size += TCPOLEN_SACK_BASE_ALIGNED +
--			opts->num_sack_blocks * TCPOLEN_SACK_PERBLOCK;
-+		if (likely(opts->num_sack_blocks))
-+			size += TCPOLEN_SACK_BASE_ALIGNED +
-+				opts->num_sack_blocks * TCPOLEN_SACK_PERBLOCK;
- 	}
- 
- 	return size;
diff --git a/usb-adutux-fix-interface-sanity-check.patch b/usb-adutux-fix-interface-sanity-check.patch
deleted file mode 100644
index 631b320..0000000
--- a/usb-adutux-fix-interface-sanity-check.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 3c11c4bed02b202e278c0f5c319ae435d7fb9815 Mon Sep 17 00:00:00 2001
-From: Johan Hovold <johan@kernel.org>
-Date: Tue, 10 Dec 2019 12:25:59 +0100
-Subject: USB: adutux: fix interface sanity check
-
-From: Johan Hovold <johan@kernel.org>
-
-commit 3c11c4bed02b202e278c0f5c319ae435d7fb9815 upstream.
-
-Make sure to use the current alternate setting when verifying the
-interface descriptors to avoid binding to an invalid interface.
-
-Failing to do so could cause the driver to misbehave or trigger a WARN()
-in usb_submit_urb() that kernels with panic_on_warn set would choke on.
-
-Fixes: 03270634e242 ("USB: Add ADU support for Ontrak ADU devices")
-Cc: stable <stable@vger.kernel.org>     # 2.6.19
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Link: https://lore.kernel.org/r/20191210112601.3561-3-johan@kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/usb/misc/adutux.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/usb/misc/adutux.c
-+++ b/drivers/usb/misc/adutux.c
-@@ -686,7 +686,7 @@ static int adu_probe(struct usb_interfac
- 	init_waitqueue_head(&dev->read_wait);
- 	init_waitqueue_head(&dev->write_wait);
- 
--	iface_desc = &interface->altsetting[0];
-+	iface_desc = &interface->cur_altsetting[0];
- 
- 	/* set up the endpoint information */
- 	for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
diff --git a/usb-atm-ueagle-atm-add-missing-endpoint-check.patch b/usb-atm-ueagle-atm-add-missing-endpoint-check.patch
deleted file mode 100644
index 8eaeb3e..0000000
--- a/usb-atm-ueagle-atm-add-missing-endpoint-check.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-From 09068c1ad53fb077bdac288869dec2435420bdc4 Mon Sep 17 00:00:00 2001
-From: Johan Hovold <johan@kernel.org>
-Date: Tue, 10 Dec 2019 12:25:58 +0100
-Subject: USB: atm: ueagle-atm: add missing endpoint check
-
-From: Johan Hovold <johan@kernel.org>
-
-commit 09068c1ad53fb077bdac288869dec2435420bdc4 upstream.
-
-Make sure that the interrupt interface has an endpoint before trying to
-access its endpoint descriptors to avoid dereferencing a NULL pointer.
-
-The driver binds to the interrupt interface with interface number 0, but
-must not assume that this interface or its current alternate setting are
-the first entries in the corresponding configuration arrays.
-
-Fixes: b72458a80c75 ("[PATCH] USB: Eagle and ADI 930 usb adsl modem driver")
-Cc: stable <stable@vger.kernel.org>     # 2.6.16
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Link: https://lore.kernel.org/r/20191210112601.3561-2-johan@kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/usb/atm/ueagle-atm.c |   18 ++++++++++++------
- 1 file changed, 12 insertions(+), 6 deletions(-)
-
---- a/drivers/usb/atm/ueagle-atm.c
-+++ b/drivers/usb/atm/ueagle-atm.c
-@@ -2167,10 +2167,11 @@ resubmit:
- /*
-  * Start the modem : init the data and start kernel thread
-  */
--static int uea_boot(struct uea_softc *sc)
-+static int uea_boot(struct uea_softc *sc, struct usb_interface *intf)
- {
--	int ret, size;
- 	struct intr_pkt *intr;
-+	int ret = -ENOMEM;
-+	int size;
- 
- 	uea_enters(INS_TO_USBDEV(sc));
- 
-@@ -2195,6 +2196,11 @@ static int uea_boot(struct uea_softc *sc
- 	if (UEA_CHIP_VERSION(sc) == ADI930)
- 		load_XILINX_firmware(sc);
- 
-+	if (intf->cur_altsetting->desc.bNumEndpoints < 1) {
-+		ret = -ENODEV;
-+		goto err0;
-+	}
-+
- 	intr = kmalloc(size, GFP_KERNEL);
- 	if (!intr) {
- 		uea_err(INS_TO_USBDEV(sc),
-@@ -2211,8 +2217,7 @@ static int uea_boot(struct uea_softc *sc
- 	usb_fill_int_urb(sc->urb_int, sc->usb_dev,
- 			 usb_rcvintpipe(sc->usb_dev, UEA_INTR_PIPE),
- 			 intr, size, uea_intr, sc,
--			 sc->usb_dev->actconfig->interface[0]->altsetting[0].
--			 endpoint[0].desc.bInterval);
-+			 intf->cur_altsetting->endpoint[0].desc.bInterval);
- 
- 	ret = usb_submit_urb(sc->urb_int, GFP_KERNEL);
- 	if (ret < 0) {
-@@ -2227,6 +2232,7 @@ static int uea_boot(struct uea_softc *sc
- 	sc->kthread = kthread_create(uea_kthread, sc, "ueagle-atm");
- 	if (IS_ERR(sc->kthread)) {
- 		uea_err(INS_TO_USBDEV(sc), "failed to create thread\n");
-+		ret = PTR_ERR(sc->kthread);
- 		goto err2;
- 	}
- 
-@@ -2241,7 +2247,7 @@ err1:
- 	kfree(intr);
- err0:
- 	uea_leaves(INS_TO_USBDEV(sc));
--	return -ENOMEM;
-+	return ret;
- }
- 
- /*
-@@ -2604,7 +2610,7 @@ static int uea_bind(struct usbatm_data *
- 	if (ret < 0)
- 		goto error;
- 
--	ret = uea_boot(sc);
-+	ret = uea_boot(sc, intf);
- 	if (ret < 0)
- 		goto error_rm_grp;
- 
diff --git a/usb-core-urb-fix-urb-structure-initialization-function.patch b/usb-core-urb-fix-urb-structure-initialization-function.patch
deleted file mode 100644
index d7e95aa..0000000
--- a/usb-core-urb-fix-urb-structure-initialization-function.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 1cd17f7f0def31e3695501c4f86cd3faf8489840 Mon Sep 17 00:00:00 2001
-From: Emiliano Ingrassia <ingrassia@epigenesys.com>
-Date: Wed, 27 Nov 2019 17:03:55 +0100
-Subject: usb: core: urb: fix URB structure initialization function
-
-From: Emiliano Ingrassia <ingrassia@epigenesys.com>
-
-commit 1cd17f7f0def31e3695501c4f86cd3faf8489840 upstream.
-
-Explicitly initialize URB structure urb_list field in usb_init_urb().
-This field can be potentially accessed uninitialized and its
-initialization is coherent with the usage of list_del_init() in
-usb_hcd_unlink_urb_from_ep() and usb_giveback_urb_bh() and its
-explicit initialization in usb_hcd_submit_urb() error path.
-
-Signed-off-by: Emiliano Ingrassia <ingrassia@epigenesys.com>
-Cc: stable <stable@vger.kernel.org>
-Link: https://lore.kernel.org/r/20191127160355.GA27196@ingrassia.epigenesys.com
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/usb/core/urb.c |    1 +
- 1 file changed, 1 insertion(+)
-
---- a/drivers/usb/core/urb.c
-+++ b/drivers/usb/core/urb.c
-@@ -40,6 +40,7 @@ void usb_init_urb(struct urb *urb)
- 	if (urb) {
- 		memset(urb, 0, sizeof(*urb));
- 		kref_init(&urb->kref);
-+		INIT_LIST_HEAD(&urb->urb_list);
- 		INIT_LIST_HEAD(&urb->anchor_list);
- 	}
- }
diff --git a/usb-idmouse-fix-interface-sanity-checks.patch b/usb-idmouse-fix-interface-sanity-checks.patch
deleted file mode 100644
index b23e015..0000000
--- a/usb-idmouse-fix-interface-sanity-checks.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 59920635b89d74b9207ea803d5e91498d39e8b69 Mon Sep 17 00:00:00 2001
-From: Johan Hovold <johan@kernel.org>
-Date: Tue, 10 Dec 2019 12:26:00 +0100
-Subject: USB: idmouse: fix interface sanity checks
-
-From: Johan Hovold <johan@kernel.org>
-
-commit 59920635b89d74b9207ea803d5e91498d39e8b69 upstream.
-
-Make sure to use the current alternate setting when verifying the
-interface descriptors to avoid binding to an invalid interface.
-
-Failing to do so could cause the driver to misbehave or trigger a WARN()
-in usb_submit_urb() that kernels with panic_on_warn set would choke on.
-
-Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
-Cc: stable <stable@vger.kernel.org>
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Link: https://lore.kernel.org/r/20191210112601.3561-4-johan@kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/usb/misc/idmouse.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/usb/misc/idmouse.c
-+++ b/drivers/usb/misc/idmouse.c
-@@ -342,7 +342,7 @@ static int idmouse_probe(struct usb_inte
- 	int result;
- 
- 	/* check if we have gotten the data or the hid interface */
--	iface_desc = &interface->altsetting[0];
-+	iface_desc = interface->cur_altsetting;
- 	if (iface_desc->desc.bInterfaceClass != 0x0A)
- 		return -ENODEV;
- 
diff --git a/usb-mon-fix-a-deadlock-in-usbmon-between-mmap-and-read.patch b/usb-mon-fix-a-deadlock-in-usbmon-between-mmap-and-read.patch
deleted file mode 100644
index 71f5b14..0000000
--- a/usb-mon-fix-a-deadlock-in-usbmon-between-mmap-and-read.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 19e6317d24c25ee737c65d1ffb7483bdda4bb54a Mon Sep 17 00:00:00 2001
-From: Pete Zaitcev <zaitcev@redhat.com>
-Date: Wed, 4 Dec 2019 20:39:41 -0600
-Subject: usb: mon: Fix a deadlock in usbmon between mmap and read
-
-From: Pete Zaitcev <zaitcev@redhat.com>
-
-commit 19e6317d24c25ee737c65d1ffb7483bdda4bb54a upstream.
-
-The problem arises because our read() function grabs a lock of the
-circular buffer, finds something of interest, then invokes copy_to_user()
-straight from the buffer, which in turn takes mm->mmap_sem. In the same
-time, the callback mon_bin_vma_fault() is invoked under mm->mmap_sem.
-It attempts to take the fetch lock and deadlocks.
-
-This patch does away with protecting of our page list with any
-semaphores, and instead relies on the kernel not close the device
-while mmap is active in a process.
-
-In addition, we prohibit re-sizing of a buffer while mmap is active.
-This way, when (now unlocked) fault is processed, it works with the
-page that is intended to be mapped-in, and not some other random page.
-Note that this may have an ABI impact, but hopefully no legitimate
-program is this wrong.
-
-Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
-Reported-by: syzbot+56f9673bb4cdcbeb0e92@syzkaller.appspotmail.com
-Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
-Fixes: 46eb14a6e158 ("USB: fix usbmon BUG trigger")
-Cc: <stable@vger.kernel.org>
-Link: https://lore.kernel.org/r/20191204203941.3503452b@suzdal.zaitcev.lan
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/usb/mon/mon_bin.c |   32 +++++++++++++++++++++-----------
- 1 file changed, 21 insertions(+), 11 deletions(-)
-
---- a/drivers/usb/mon/mon_bin.c
-+++ b/drivers/usb/mon/mon_bin.c
-@@ -1034,12 +1034,18 @@ static long mon_bin_ioctl(struct file *f
- 
- 		mutex_lock(&rp->fetch_lock);
- 		spin_lock_irqsave(&rp->b_lock, flags);
--		mon_free_buff(rp->b_vec, rp->b_size/CHUNK_SIZE);
--		kfree(rp->b_vec);
--		rp->b_vec  = vec;
--		rp->b_size = size;
--		rp->b_read = rp->b_in = rp->b_out = rp->b_cnt = 0;
--		rp->cnt_lost = 0;
-+		if (rp->mmap_active) {
-+			mon_free_buff(vec, size/CHUNK_SIZE);
-+			kfree(vec);
-+			ret = -EBUSY;
-+		} else {
-+			mon_free_buff(rp->b_vec, rp->b_size/CHUNK_SIZE);
-+			kfree(rp->b_vec);
-+			rp->b_vec  = vec;
-+			rp->b_size = size;
-+			rp->b_read = rp->b_in = rp->b_out = rp->b_cnt = 0;
-+			rp->cnt_lost = 0;
-+		}
- 		spin_unlock_irqrestore(&rp->b_lock, flags);
- 		mutex_unlock(&rp->fetch_lock);
- 		}
-@@ -1211,13 +1217,21 @@ mon_bin_poll(struct file *file, struct p
- static void mon_bin_vma_open(struct vm_area_struct *vma)
- {
- 	struct mon_reader_bin *rp = vma->vm_private_data;
-+	unsigned long flags;
-+
-+	spin_lock_irqsave(&rp->b_lock, flags);
- 	rp->mmap_active++;
-+	spin_unlock_irqrestore(&rp->b_lock, flags);
- }
- 
- static void mon_bin_vma_close(struct vm_area_struct *vma)
- {
-+	unsigned long flags;
-+
- 	struct mon_reader_bin *rp = vma->vm_private_data;
-+	spin_lock_irqsave(&rp->b_lock, flags);
- 	rp->mmap_active--;
-+	spin_unlock_irqrestore(&rp->b_lock, flags);
- }
- 
- /*
-@@ -1229,16 +1243,12 @@ static int mon_bin_vma_fault(struct vm_a
- 	unsigned long offset, chunk_idx;
- 	struct page *pageptr;
- 
--	mutex_lock(&rp->fetch_lock);
- 	offset = vmf->pgoff << PAGE_SHIFT;
--	if (offset >= rp->b_size) {
--		mutex_unlock(&rp->fetch_lock);
-+	if (offset >= rp->b_size)
- 		return VM_FAULT_SIGBUS;
--	}
- 	chunk_idx = offset / CHUNK_SIZE;
- 	pageptr = rp->b_vec[chunk_idx].pg;
- 	get_page(pageptr);
--	mutex_unlock(&rp->fetch_lock);
- 	vmf->page = pageptr;
- 	return 0;
- }
diff --git a/usb-serial-io_edgeport-fix-epic-endpoint-lookup.patch b/usb-serial-io_edgeport-fix-epic-endpoint-lookup.patch
deleted file mode 100644
index 1678c30..0000000
--- a/usb-serial-io_edgeport-fix-epic-endpoint-lookup.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 7c5a2df3367a2c4984f1300261345817d95b71f8 Mon Sep 17 00:00:00 2001
-From: Johan Hovold <johan@kernel.org>
-Date: Tue, 10 Dec 2019 12:26:01 +0100
-Subject: USB: serial: io_edgeport: fix epic endpoint lookup
-
-From: Johan Hovold <johan@kernel.org>
-
-commit 7c5a2df3367a2c4984f1300261345817d95b71f8 upstream.
-
-Make sure to use the current alternate setting when looking up the
-endpoints on epic devices to avoid binding to an invalid interface.
-
-Failing to do so could cause the driver to misbehave or trigger a WARN()
-in usb_submit_urb() that kernels with panic_on_warn set would choke on.
-
-Fixes: 6e8cf7751f9f ("USB: add EPIC support to the io_edgeport driver")
-Cc: stable <stable@vger.kernel.org>     # 2.6.21
-Signed-off-by: Johan Hovold <johan@kernel.org>
-Link: https://lore.kernel.org/r/20191210112601.3561-5-johan@kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/usb/serial/io_edgeport.c |   10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
---- a/drivers/usb/serial/io_edgeport.c
-+++ b/drivers/usb/serial/io_edgeport.c
-@@ -2854,16 +2854,18 @@ static int edge_startup(struct usb_seria
- 	response = 0;
- 
- 	if (edge_serial->is_epic) {
-+		struct usb_host_interface *alt;
-+
-+		alt = serial->interface->cur_altsetting;
-+
- 		/* EPIC thing, set up our interrupt polling now and our read
- 		 * urb, so that the device knows it really is connected. */
- 		interrupt_in_found = bulk_in_found = bulk_out_found = false;
--		for (i = 0; i < serial->interface->altsetting[0]
--						.desc.bNumEndpoints; ++i) {
-+		for (i = 0; i < alt->desc.bNumEndpoints; ++i) {
- 			struct usb_endpoint_descriptor *endpoint;
- 			int buffer_size;
- 
--			endpoint = &serial->interface->altsetting[0].
--							endpoint[i].desc;
-+			endpoint = &alt->endpoint[i].desc;
- 			buffer_size = usb_endpoint_maxp(endpoint);
- 			if (!interrupt_in_found &&
- 			    (usb_endpoint_is_int_in(endpoint))) {
diff --git a/xhci-increase-sts_halt-timeout-in-xhci_suspend.patch b/xhci-increase-sts_halt-timeout-in-xhci_suspend.patch
deleted file mode 100644
index 2be8423..0000000
--- a/xhci-increase-sts_halt-timeout-in-xhci_suspend.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 7c67cf6658cec70d8a43229f2ce74ca1443dc95e Mon Sep 17 00:00:00 2001
-From: Kai-Heng Feng <kai.heng.feng@canonical.com>
-Date: Wed, 11 Dec 2019 16:20:05 +0200
-Subject: xhci: Increase STS_HALT timeout in xhci_suspend()
-
-From: Kai-Heng Feng <kai.heng.feng@canonical.com>
-
-commit 7c67cf6658cec70d8a43229f2ce74ca1443dc95e upstream.
-
-I've recently observed failed xHCI suspend attempt on AMD Raven Ridge
-system:
-kernel: xhci_hcd 0000:04:00.4: WARN: xHC CMD_RUN timeout
-kernel: PM: suspend_common(): xhci_pci_suspend+0x0/0xd0 returns -110
-kernel: PM: pci_pm_suspend(): hcd_pci_suspend+0x0/0x30 returns -110
-kernel: PM: dpm_run_callback(): pci_pm_suspend+0x0/0x150 returns -110
-kernel: PM: Device 0000:04:00.4 failed to suspend async: error -110
-
-Similar to commit ac343366846a ("xhci: Increase STS_SAVE timeout in
-xhci_suspend()") we also need to increase the HALT timeout to make it be
-able to suspend again.
-
-Cc: <stable@vger.kernel.org> # 5.2+
-Fixes: f7fac17ca925 ("xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()")
-Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
-Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
-Link: https://lore.kernel.org/r/20191211142007.8847-5-mathias.nyman@linux.intel.com
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/usb/host/xhci.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/usb/host/xhci.c
-+++ b/drivers/usb/host/xhci.c
-@@ -898,7 +898,7 @@ static void xhci_disable_port_wake_on_bi
- int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup)
- {
- 	int			rc = 0;
--	unsigned int		delay = XHCI_MAX_HALT_USEC;
-+	unsigned int		delay = XHCI_MAX_HALT_USEC * 2;
- 	struct usb_hcd		*hcd = xhci_to_hcd(xhci);
- 	u32			command;
- 
diff --git a/xtensa-fix-tlb-sanity-checker.patch b/xtensa-fix-tlb-sanity-checker.patch
deleted file mode 100644
index ef5ddc7..0000000
--- a/xtensa-fix-tlb-sanity-checker.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 36de10c4788efc6efe6ff9aa10d38cb7eea4c818 Mon Sep 17 00:00:00 2001
-From: Max Filippov <jcmvbkbc@gmail.com>
-Date: Wed, 13 Nov 2019 13:18:31 -0800
-Subject: xtensa: fix TLB sanity checker
-
-From: Max Filippov <jcmvbkbc@gmail.com>
-
-commit 36de10c4788efc6efe6ff9aa10d38cb7eea4c818 upstream.
-
-Virtual and translated addresses retrieved by the xtensa TLB sanity
-checker must be consistent, i.e. correspond to the same state of the
-checked TLB entry. KASAN shadow memory is mapped dynamically using
-auto-refill TLB entries and thus may change TLB state between the
-virtual and translated address retrieval, resulting in false TLB
-insanity report.
-Move read_xtlb_translation close to read_xtlb_virtual to make sure that
-read values are consistent.
-
-Cc: stable@vger.kernel.org
-Fixes: a99e07ee5e88 ("xtensa: check TLB sanity on return to userspace")
-Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/xtensa/mm/tlb.c |    4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/arch/xtensa/mm/tlb.c
-+++ b/arch/xtensa/mm/tlb.c
-@@ -218,6 +218,8 @@ static int check_tlb_entry(unsigned w, u
- 	unsigned tlbidx = w | (e << PAGE_SHIFT);
- 	unsigned r0 = dtlb ?
- 		read_dtlb_virtual(tlbidx) : read_itlb_virtual(tlbidx);
-+	unsigned r1 = dtlb ?
-+		read_dtlb_translation(tlbidx) : read_itlb_translation(tlbidx);
- 	unsigned vpn = (r0 & PAGE_MASK) | (e << PAGE_SHIFT);
- 	unsigned pte = get_pte_for_vaddr(vpn);
- 	unsigned mm_asid = (get_rasid_register() >> 8) & ASID_MASK;
-@@ -233,8 +235,6 @@ static int check_tlb_entry(unsigned w, u
- 	}
- 
- 	if (tlb_asid == mm_asid) {
--		unsigned r1 = dtlb ? read_dtlb_translation(tlbidx) :
--			read_itlb_translation(tlbidx);
- 		if ((pte ^ r1) & PAGE_MASK) {
- 			pr_err("%cTLB: way: %u, entry: %u, mapping: %08x->%08x, PTE: %08x\n",
- 					dtlb ? 'D' : 'I', w, e, r0, r1, pte);