patches are merged

18 files changed, 0 insertions, 1016 deletions

diff --git a/abort-file_remove_privs-for-non-reg.-files.patch b/abort-file_remove_privs-for-non-reg.-files.patch
deleted file mode 100644
index 19003b5..0000000
--- a/abort-file_remove_privs-for-non-reg.-files.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From f69e749a49353d96af1a293f56b5b56de59c668a Mon Sep 17 00:00:00 2001
-From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
-Date: Fri, 14 Dec 2018 11:55:52 +0100
-Subject: Abort file_remove_privs() for non-reg. files
-
-From: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
-
-commit f69e749a49353d96af1a293f56b5b56de59c668a upstream.
-
-file_remove_privs() might be called for non-regular files, e.g.
-blkdev inode. There is no reason to do its job on things
-like blkdev inodes, pipes, or cdevs. Hence, abort if
-file does not refer to a regular inode.
-
-AV: more to the point, for devices there might be any number of
-inodes refering to given device.  Which one to strip the permissions
-from, even if that made any sense in the first place?  All of them
-will be observed with contents modified, after all.
-
-Found by LockDoc (Alexander Lochmann, Horst Schirmeier and Olaf
-Spinczyk)
-
-Reviewed-by: Jan Kara <jack@suse.cz>
-Signed-off-by: Alexander Lochmann <alexander.lochmann@tu-dortmund.de>
-Signed-off-by: Horst Schirmeier <horst.schirmeier@tu-dortmund.de>
-Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-Cc: Zubin Mithra <zsm@chromium.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/inode.c |    9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
---- a/fs/inode.c
-+++ b/fs/inode.c
-@@ -1643,8 +1643,13 @@ int file_remove_suid(struct file *file)
- 	int killpriv;
- 	int error = 0;
- 
--	/* Fast path for nothing security related */
--	if (IS_NOSEC(inode))
-+	/*
-+	 * Fast path for nothing security related.
-+	 * As well for non-regular files, e.g. blkdev inodes.
-+	 * For example, blkdev_write_iter() might get here
-+	 * trying to remove privs which it is not allowed to.
-+	 */
-+	if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode))
- 		return 0;
- 
- 	killsuid = should_remove_suid(dentry);
diff --git a/apparmor-enforce-nullbyte-at-end-of-tag-string.patch b/apparmor-enforce-nullbyte-at-end-of-tag-string.patch
deleted file mode 100644
index 2f047c6..0000000
--- a/apparmor-enforce-nullbyte-at-end-of-tag-string.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 8404d7a674c49278607d19726e0acc0cae299357 Mon Sep 17 00:00:00 2001
-From: Jann Horn <jannh@google.com>
-Date: Tue, 28 May 2019 17:32:26 +0200
-Subject: apparmor: enforce nullbyte at end of tag string
-
-From: Jann Horn <jannh@google.com>
-
-commit 8404d7a674c49278607d19726e0acc0cae299357 upstream.
-
-A packed AppArmor policy contains null-terminated tag strings that are read
-by unpack_nameX(). However, unpack_nameX() uses string functions on them
-without ensuring that they are actually null-terminated, potentially
-leading to out-of-bounds accesses.
-
-Make sure that the tag string is null-terminated before passing it to
-strcmp().
-
-Cc: stable@vger.kernel.org
-Fixes: 736ec752d95e ("AppArmor: policy routines for loading and unpacking policy")
-Signed-off-by: Jann Horn <jannh@google.com>
-Signed-off-by: John Johansen <john.johansen@canonical.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- security/apparmor/policy_unpack.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/security/apparmor/policy_unpack.c
-+++ b/security/apparmor/policy_unpack.c
-@@ -177,7 +177,7 @@ static bool unpack_nameX(struct aa_ext *
- 		char *tag = NULL;
- 		size_t size = unpack_u16_chunk(e, &tag);
- 		/* if a name is specified it must match. otherwise skip tag */
--		if (name && (!size || strcmp(name, tag)))
-+		if (name && (!size || tag[size-1] != '\0' || strcmp(name, tag)))
- 			goto fail;
- 	} else if (name) {
- 		/* if a name is specified and there is no name tag fail */
diff --git a/bluetooth-align-minimum-encryption-key-size-for-le-and-br-edr-connections.patch b/bluetooth-align-minimum-encryption-key-size-for-le-and-br-edr-connections.patch
deleted file mode 100644
index 2d54197..0000000
--- a/bluetooth-align-minimum-encryption-key-size-for-le-and-br-edr-connections.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From d5bb334a8e171b262e48f378bd2096c0ea458265 Mon Sep 17 00:00:00 2001
-From: Marcel Holtmann <marcel@holtmann.org>
-Date: Wed, 24 Apr 2019 22:19:17 +0200
-Subject: Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
-
-From: Marcel Holtmann <marcel@holtmann.org>
-
-commit d5bb334a8e171b262e48f378bd2096c0ea458265 upstream.
-
-The minimum encryption key size for LE connections is 56 bits and to
-align LE with BR/EDR, enforce 56 bits of minimum encryption key size for
-BR/EDR connections as well.
-
-Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
-Cc: stable@vger.kernel.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- include/net/bluetooth/hci_core.h |    3 +++
- net/bluetooth/hci_conn.c         |    8 ++++++++
- 2 files changed, 11 insertions(+)
-
---- a/include/net/bluetooth/hci_core.h
-+++ b/include/net/bluetooth/hci_core.h
-@@ -145,6 +145,9 @@ struct oob_data {
- 
- #define HCI_MAX_SHORT_NAME_LENGTH	10
- 
-+/* Min encryption key size to match with SMP */
-+#define HCI_MIN_ENC_KEY_SIZE		7
-+
- /* Default LE RPA expiry time, 15 minutes */
- #define HCI_DEFAULT_RPA_TIMEOUT		(15 * 60)
- 
---- a/net/bluetooth/hci_conn.c
-+++ b/net/bluetooth/hci_conn.c
-@@ -932,6 +932,14 @@ int hci_conn_check_link_mode(struct hci_
- 	    !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
- 		return 0;
- 
-+	/* The minimum encryption key size needs to be enforced by the
-+	 * host stack before establishing any L2CAP connections. The
-+	 * specification in theory allows a minimum of 1, but to align
-+	 * BR/EDR and LE transports, a minimum of 7 is chosen.
-+	 */
-+	if (conn->enc_key_size < HCI_MIN_ENC_KEY_SIZE)
-+		return 0;
-+
- 	return 1;
- }
- 
diff --git a/bluetooth-fix-regression-with-minimum-encryption-key-size-alignment.patch b/bluetooth-fix-regression-with-minimum-encryption-key-size-alignment.patch
deleted file mode 100644
index 0f7bb19..0000000
--- a/bluetooth-fix-regression-with-minimum-encryption-key-size-alignment.patch
+++ /dev/null
@@ -1,148 +0,0 @@
-From 693cd8ce3f882524a5d06f7800dd8492411877b3 Mon Sep 17 00:00:00 2001
-From: Marcel Holtmann <marcel@holtmann.org>
-Date: Sat, 22 Jun 2019 15:47:01 +0200
-Subject: Bluetooth: Fix regression with minimum encryption key size alignment
-
-From: Marcel Holtmann <marcel@holtmann.org>
-
-commit 693cd8ce3f882524a5d06f7800dd8492411877b3 upstream.
-
-When trying to align the minimum encryption key size requirement for
-Bluetooth connections, it turns out doing this in a central location in
-the HCI connection handling code is not possible.
-
-Original Bluetooth version up to 2.0 used a security model where the
-L2CAP service would enforce authentication and encryption.  Starting
-with Bluetooth 2.1 and Secure Simple Pairing that model has changed into
-that the connection initiator is responsible for providing an encrypted
-ACL link before any L2CAP communication can happen.
-
-Now connecting Bluetooth 2.1 or later devices with Bluetooth 2.0 and
-before devices are causing a regression.  The encryption key size check
-needs to be moved out of the HCI connection handling into the L2CAP
-channel setup.
-
-To achieve this, the current check inside hci_conn_security() has been
-moved into l2cap_check_enc_key_size() helper function and then called
-from four decisions point inside L2CAP to cover all combinations of
-Secure Simple Pairing enabled devices and device using legacy pairing
-and legacy service security model.
-
-Fixes: d5bb334a8e17 ("Bluetooth: Align minimum encryption key size for LE and BR/EDR connections")
-Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=203643
-Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
-Cc: stable@vger.kernel.org
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- net/bluetooth/hci_conn.c   |   18 +++++++++---------
- net/bluetooth/l2cap_core.c |   33 ++++++++++++++++++++++++++++-----
- 2 files changed, 37 insertions(+), 14 deletions(-)
-
---- a/net/bluetooth/hci_conn.c
-+++ b/net/bluetooth/hci_conn.c
-@@ -932,14 +932,6 @@ int hci_conn_check_link_mode(struct hci_
- 	    !test_bit(HCI_CONN_ENCRYPT, &conn->flags))
- 		return 0;
- 
--	/* The minimum encryption key size needs to be enforced by the
--	 * host stack before establishing any L2CAP connections. The
--	 * specification in theory allows a minimum of 1, but to align
--	 * BR/EDR and LE transports, a minimum of 7 is chosen.
--	 */
--	if (conn->enc_key_size < HCI_MIN_ENC_KEY_SIZE)
--		return 0;
--
- 	return 1;
- }
- 
-@@ -1056,8 +1048,16 @@ auth:
- 		return 0;
- 
- encrypt:
--	if (test_bit(HCI_CONN_ENCRYPT, &conn->flags))
-+	if (test_bit(HCI_CONN_ENCRYPT, &conn->flags)) {
-+		/* Ensure that the encryption key size has been read,
-+		 * otherwise stall the upper layer responses.
-+		 */
-+		if (!conn->enc_key_size)
-+			return 0;
-+
-+		/* Nothing else needed, all requirements are met */
- 		return 1;
-+	}
- 
- 	hci_conn_encrypt(conn);
- 	return 0;
---- a/net/bluetooth/l2cap_core.c
-+++ b/net/bluetooth/l2cap_core.c
-@@ -1301,6 +1301,21 @@ static void l2cap_request_info(struct l2
- 		       sizeof(req), &req);
- }
- 
-+static bool l2cap_check_enc_key_size(struct hci_conn *hcon)
-+{
-+	/* The minimum encryption key size needs to be enforced by the
-+	 * host stack before establishing any L2CAP connections. The
-+	 * specification in theory allows a minimum of 1, but to align
-+	 * BR/EDR and LE transports, a minimum of 7 is chosen.
-+	 *
-+	 * This check might also be called for unencrypted connections
-+	 * that have no key size requirements. Ensure that the link is
-+	 * actually encrypted before enforcing a key size.
-+	 */
-+	return (!test_bit(HCI_CONN_ENCRYPT, &hcon->flags) ||
-+		hcon->enc_key_size > HCI_MIN_ENC_KEY_SIZE);
-+}
-+
- static void l2cap_do_start(struct l2cap_chan *chan)
- {
- 	struct l2cap_conn *conn = chan->conn;
-@@ -1318,9 +1333,14 @@ static void l2cap_do_start(struct l2cap_
- 	if (!(conn->info_state & L2CAP_INFO_FEAT_MASK_REQ_DONE))
- 		return;
- 
--	if (l2cap_chan_check_security(chan, true) &&
--	    __l2cap_no_conn_pending(chan))
-+	if (!l2cap_chan_check_security(chan, true) ||
-+	    !__l2cap_no_conn_pending(chan))
-+		return;
-+
-+	if (l2cap_check_enc_key_size(conn->hcon))
- 		l2cap_start_connection(chan);
-+	else
-+		__set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
- }
- 
- static inline int l2cap_mode_supported(__u8 mode, __u32 feat_mask)
-@@ -1399,7 +1419,10 @@ static void l2cap_conn_start(struct l2ca
- 				continue;
- 			}
- 
--			l2cap_start_connection(chan);
-+			if (l2cap_check_enc_key_size(conn->hcon))
-+				l2cap_start_connection(chan);
-+			else
-+				l2cap_chan_close(chan, ECONNREFUSED);
- 
- 		} else if (chan->state == BT_CONNECT2) {
- 			struct l2cap_conn_rsp rsp;
-@@ -7355,7 +7378,7 @@ int l2cap_security_cfm(struct hci_conn *
- 		}
- 
- 		if (chan->state == BT_CONNECT) {
--			if (!status)
-+			if (!status && l2cap_check_enc_key_size(hcon))
- 				l2cap_start_connection(chan);
- 			else
- 				__set_chan_timer(chan, L2CAP_DISC_TIMEOUT);
-@@ -7363,7 +7386,7 @@ int l2cap_security_cfm(struct hci_conn *
- 			struct l2cap_conn_rsp rsp;
- 			__u16 res, stat;
- 
--			if (!status) {
-+			if (!status && l2cap_check_enc_key_size(hcon)) {
- 				if (test_bit(FLAG_DEFER_SETUP, &chan->flags)) {
- 					res = L2CAP_CR_PEND;
- 					stat = L2CAP_CS_AUTHOR_PEND;
diff --git a/bonding-always-enable-vlan-tx-offload.patch b/bonding-always-enable-vlan-tx-offload.patch
deleted file mode 100644
index 36d05e3..0000000
--- a/bonding-always-enable-vlan-tx-offload.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From foo@baz Tue 02 Jul 2019 06:20:09 AM CEST
-From: YueHaibing <yuehaibing@huawei.com>
-Date: Wed, 26 Jun 2019 16:08:44 +0800
-Subject: bonding: Always enable vlan tx offload
-
-From: YueHaibing <yuehaibing@huawei.com>
-
-[ Upstream commit 30d8177e8ac776d89d387fad547af6a0f599210e ]
-
-We build vlan on top of bonding interface, which vlan offload
-is off, bond mode is 802.3ad (LACP) and xmit_hash_policy is
-BOND_XMIT_POLICY_ENCAP34.
-
-Because vlan tx offload is off, vlan tci is cleared and skb push
-the vlan header in validate_xmit_vlan() while sending from vlan
-devices. Then in bond_xmit_hash, __skb_flow_dissect() fails to
-get information from protocol headers encapsulated within vlan,
-because 'nhoff' is points to IP header, so bond hashing is based
-on layer 2 info, which fails to distribute packets across slaves.
-
-This patch always enable bonding's vlan tx offload, pass the vlan
-packets to the slave devices with vlan tci, let them to handle
-vlan implementation.
-
-Fixes: 278339a42a1b ("bonding: propogate vlan_features to bonding master")
-Suggested-by: Jiri Pirko <jiri@resnulli.us>
-Signed-off-by: YueHaibing <yuehaibing@huawei.com>
-Acked-by: Jiri Pirko <jiri@mellanox.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- drivers/net/bonding/bond_main.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/net/bonding/bond_main.c
-+++ b/drivers/net/bonding/bond_main.c
-@@ -4039,13 +4039,13 @@ void bond_setup(struct net_device *bond_
- 	bond_dev->features |= NETIF_F_NETNS_LOCAL;
- 
- 	bond_dev->hw_features = BOND_VLAN_FEATURES |
--				NETIF_F_HW_VLAN_CTAG_TX |
- 				NETIF_F_HW_VLAN_CTAG_RX |
- 				NETIF_F_HW_VLAN_CTAG_FILTER;
- 
- 	bond_dev->hw_features &= ~(NETIF_F_ALL_CSUM & ~NETIF_F_HW_CSUM);
- 	bond_dev->hw_features |= NETIF_F_GSO_UDP_TUNNEL;
- 	bond_dev->features |= bond_dev->hw_features;
-+	bond_dev->features |= NETIF_F_HW_VLAN_CTAG_TX;
- }
- 
- /* Destroy a bonding device.
diff --git a/btrfs-fix-race-between-readahead-and-device-replace-removal.patch b/btrfs-fix-race-between-readahead-and-device-replace-removal.patch
deleted file mode 100644
index 68eeea0..0000000
--- a/btrfs-fix-race-between-readahead-and-device-replace-removal.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From ce7791ffee1e1ee9f97193b817c7dd1fa6746aad Mon Sep 17 00:00:00 2001
-From: Filipe Manana <fdmanana@suse.com>
-Date: Fri, 20 May 2016 01:57:20 +0100
-Subject: Btrfs: fix race between readahead and device replace/removal
-
-From: Filipe Manana <fdmanana@suse.com>
-
-commit ce7791ffee1e1ee9f97193b817c7dd1fa6746aad upstream.
-
-The list of devices is protected by the device_list_mutex and the device
-replace code, in its finishing phase correctly takes that mutex before
-removing the source device from that list. However the readahead code was
-iterating that list without acquiring the respective mutex leading to
-crashes later on due to invalid memory accesses:
-
-[125671.831036] general protection fault: 0000 [#1] PREEMPT SMP
-[125671.832129] Modules linked in: btrfs dm_flakey dm_mod crc32c_generic xor raid6_pq acpi_cpufreq tpm_tis tpm ppdev evdev parport_pc psmouse sg parport
-processor ser
-[125671.834973] CPU: 10 PID: 19603 Comm: kworker/u32:19 Tainted: G        W       4.6.0-rc7-btrfs-next-29+ #1
-[125671.834973] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS by qemu-project.org 04/01/2014
-[125671.834973] Workqueue: btrfs-readahead btrfs_readahead_helper [btrfs]
-[125671.834973] task: ffff8801ac520540 ti: ffff8801ac918000 task.ti: ffff8801ac918000
-[125671.834973] RIP: 0010:[<ffffffff81270479>]  [<ffffffff81270479>] __radix_tree_lookup+0x6a/0x105
-[125671.834973] RSP: 0018:ffff8801ac91bc28  EFLAGS: 00010206
-[125671.834973] RAX: 0000000000000000 RBX: 6b6b6b6b6b6b6b6a RCX: 0000000000000000
-[125671.834973] RDX: 0000000000000000 RSI: 00000000000c1bff RDI: ffff88002ebd62a8
-[125671.834973] RBP: ffff8801ac91bc70 R08: 0000000000000001 R09: 0000000000000000
-[125671.834973] R10: ffff8801ac91bc70 R11: 0000000000000000 R12: ffff88002ebd62a8
-[125671.834973] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000000c1bff
-[125671.834973] FS:  0000000000000000(0000) GS:ffff88023fd40000(0000) knlGS:0000000000000000
-[125671.834973] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-[125671.834973] CR2: 000000000073cae4 CR3: 00000000b7723000 CR4: 00000000000006e0
-[125671.834973] Stack:
-[125671.834973]  0000000000000000 ffff8801422d5600 ffff8802286bbc00 0000000000000000
-[125671.834973]  0000000000000001 ffff8802286bbc00 00000000000c1bff 0000000000000000
-[125671.834973]  ffff88002e639eb8 ffff8801ac91bc80 ffffffff81270541 ffff8801ac91bcb0
-[125671.834973] Call Trace:
-[125671.834973]  [<ffffffff81270541>] radix_tree_lookup+0xd/0xf
-[125671.834973]  [<ffffffffa04ae6a6>] reada_peer_zones_set_lock+0x3e/0x60 [btrfs]
-[125671.834973]  [<ffffffffa04ae8b9>] reada_pick_zone+0x29/0x103 [btrfs]
-[125671.834973]  [<ffffffffa04af42f>] reada_start_machine_worker+0x129/0x2d3 [btrfs]
-[125671.834973]  [<ffffffffa04880be>] btrfs_scrubparity_helper+0x185/0x3aa [btrfs]
-[125671.834973]  [<ffffffffa0488341>] btrfs_readahead_helper+0xe/0x10 [btrfs]
-[125671.834973]  [<ffffffff81069691>] process_one_work+0x271/0x4e9
-[125671.834973]  [<ffffffff81069dda>] worker_thread+0x1eb/0x2c9
-[125671.834973]  [<ffffffff81069bef>] ? rescuer_thread+0x2b3/0x2b3
-[125671.834973]  [<ffffffff8106f403>] kthread+0xd4/0xdc
-[125671.834973]  [<ffffffff8149e242>] ret_from_fork+0x22/0x40
-[125671.834973]  [<ffffffff8106f32f>] ? kthread_stop+0x286/0x286
-
-So fix this by taking the device_list_mutex in the readahead code. We
-can't use here the lighter approach of using a rcu_read_lock() and
-rcu_read_unlock() pair together with a list_for_each_entry_rcu() call
-because we end up doing calls to sleeping functions (kzalloc()) in the
-respective code path.
-
-Signed-off-by: Filipe Manana <fdmanana@suse.com>
-Reviewed-by: Josef Bacik <jbacik@fb.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/btrfs/reada.c |    2 ++
- 1 file changed, 2 insertions(+)
-
---- a/fs/btrfs/reada.c
-+++ b/fs/btrfs/reada.c
-@@ -766,12 +766,14 @@ static void __reada_start_machine(struct
- 
- 	do {
- 		enqueued = 0;
-+		mutex_lock(&fs_devices->device_list_mutex);
- 		list_for_each_entry(device, &fs_devices->devices, dev_list) {
- 			if (atomic_read(&device->reada_in_flight) <
- 			    MAX_IN_FLIGHT)
- 				enqueued += reada_start_machine_dev(fs_info,
- 								    device);
- 		}
-+		mutex_unlock(&fs_devices->device_list_mutex);
- 		total += enqueued;
- 	} while (enqueued && total < 10000);
- 
diff --git a/btrfs-start-readahead-also-in-seed-devices.patch b/btrfs-start-readahead-also-in-seed-devices.patch
deleted file mode 100644
index 402e253..0000000
--- a/btrfs-start-readahead-also-in-seed-devices.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From c4e0540d0ad49c8ceab06cceed1de27c4fe29f6e Mon Sep 17 00:00:00 2001
-From: Naohiro Aota <naohiro.aota@wdc.com>
-Date: Thu, 6 Jun 2019 16:54:44 +0900
-Subject: btrfs: start readahead also in seed devices
-
-From: Naohiro Aota <naohiro.aota@wdc.com>
-
-commit c4e0540d0ad49c8ceab06cceed1de27c4fe29f6e upstream.
-
-Currently, btrfs does not consult seed devices to start readahead. As a
-result, if readahead zone is added to the seed devices, btrfs_reada_wait()
-indefinitely wait for the reada_ctl to finish.
-
-You can reproduce the hung by modifying btrfs/163 to have larger initial
-file size (e.g. xfs_io pwrite 4M instead of current 256K).
-
-Fixes: 7414a03fbf9e ("btrfs: initial readahead code and prototypes")
-Cc: stable@vger.kernel.org # 3.2+: ce7791ffee1e: Btrfs: fix race between readahead and device replace/removal
-Cc: stable@vger.kernel.org # 3.2+
-Reviewed-by: Filipe Manana <fdmanana@suse.com>
-Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
-Signed-off-by: David Sterba <dsterba@suse.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/btrfs/reada.c |    5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/fs/btrfs/reada.c
-+++ b/fs/btrfs/reada.c
-@@ -764,6 +764,7 @@ static void __reada_start_machine(struct
- 	u64 total = 0;
- 	int i;
- 
-+again:
- 	do {
- 		enqueued = 0;
- 		mutex_lock(&fs_devices->device_list_mutex);
-@@ -776,6 +777,10 @@ static void __reada_start_machine(struct
- 		mutex_unlock(&fs_devices->device_list_mutex);
- 		total += enqueued;
- 	} while (enqueued && total < 10000);
-+	if (fs_devices->seed) {
-+		fs_devices = fs_devices->seed;
-+		goto again;
-+	}
- 
- 	if (enqueued == 0)
- 		return;
diff --git a/can-purge-socket-error-queue-on-sock-destruct.patch b/can-purge-socket-error-queue-on-sock-destruct.patch
deleted file mode 100644
index 21e97d3..0000000
--- a/can-purge-socket-error-queue-on-sock-destruct.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From fd704bd5ee749d560e86c4f1fd2ef486d8abf7cf Mon Sep 17 00:00:00 2001
-From: Willem de Bruijn <willemb@google.com>
-Date: Fri, 7 Jun 2019 16:46:07 -0400
-Subject: can: purge socket error queue on sock destruct
-
-From: Willem de Bruijn <willemb@google.com>
-
-commit fd704bd5ee749d560e86c4f1fd2ef486d8abf7cf upstream.
-
-CAN supports software tx timestamps as of the below commit. Purge
-any queued timestamp packets on socket destroy.
-
-Fixes: 51f31cabe3ce ("ip: support for TX timestamps on UDP and RAW sockets")
-Reported-by: syzbot+a90604060cb40f5bdd16@syzkaller.appspotmail.com
-Signed-off-by: Willem de Bruijn <willemb@google.com>
-Cc: linux-stable <stable@vger.kernel.org>
-Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- net/can/af_can.c |    1 +
- 1 file changed, 1 insertion(+)
-
---- a/net/can/af_can.c
-+++ b/net/can/af_can.c
-@@ -114,6 +114,7 @@ EXPORT_SYMBOL(can_ioctl);
- static void can_sock_destruct(struct sock *sk)
- {
- 	skb_queue_purge(&sk->sk_receive_queue);
-+	skb_queue_purge(&sk->sk_error_queue);
- }
- 
- static const struct can_proto *can_get_proto(int protocol)
diff --git a/cfg80211-fix-memory-leak-of-wiphy-device-name.patch b/cfg80211-fix-memory-leak-of-wiphy-device-name.patch
deleted file mode 100644
index b125b5c..0000000
--- a/cfg80211-fix-memory-leak-of-wiphy-device-name.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 4f488fbca2a86cc7714a128952eead92cac279ab Mon Sep 17 00:00:00 2001
-From: Eric Biggers <ebiggers@google.com>
-Date: Mon, 10 Jun 2019 13:02:19 -0700
-Subject: cfg80211: fix memory leak of wiphy device name
-
-From: Eric Biggers <ebiggers@google.com>
-
-commit 4f488fbca2a86cc7714a128952eead92cac279ab upstream.
-
-In wiphy_new_nm(), if an error occurs after dev_set_name() and
-device_initialize() have already been called, it's necessary to call
-put_device() (via wiphy_free()) to avoid a memory leak.
-
-Reported-by: syzbot+7fddca22578bc67c3fe4@syzkaller.appspotmail.com
-Fixes: 1f87f7d3a3b4 ("cfg80211: add rfkill support")
-Cc: stable@vger.kernel.org
-Signed-off-by: Eric Biggers <ebiggers@google.com>
-Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- net/wireless/core.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/net/wireless/core.c
-+++ b/net/wireless/core.c
-@@ -437,7 +437,7 @@ use_default_name:
- 				   &rdev->rfkill_ops, rdev);
- 
- 	if (!rdev->rfkill) {
--		kfree(rdev);
-+		wiphy_free(&rdev->wiphy);
- 		return NULL;
- 	}
- 
diff --git a/fs-binfmt_flat.c-make-load_flat_shared_library-work.patch b/fs-binfmt_flat.c-make-load_flat_shared_library-work.patch
deleted file mode 100644
index d3240f0..0000000
--- a/fs-binfmt_flat.c-make-load_flat_shared_library-work.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 867bfa4a5fcee66f2b25639acae718e8b28b25a5 Mon Sep 17 00:00:00 2001
-From: Jann Horn <jannh@google.com>
-Date: Fri, 28 Jun 2019 12:06:46 -0700
-Subject: fs/binfmt_flat.c: make load_flat_shared_library() work
-
-From: Jann Horn <jannh@google.com>
-
-commit 867bfa4a5fcee66f2b25639acae718e8b28b25a5 upstream.
-
-load_flat_shared_library() is broken: It only calls load_flat_file() if
-prepare_binprm() returns zero, but prepare_binprm() returns the number of
-bytes read - so this only happens if the file is empty.
-
-Instead, call into load_flat_file() if the number of bytes read is
-non-negative. (Even if the number of bytes is zero - in that case,
-load_flat_file() will see nullbytes and return a nice -ENOEXEC.)
-
-In addition, remove the code related to bprm creds and stop using
-prepare_binprm() - this code is loading a library, not a main executable,
-and it only actually uses the members "buf", "file" and "filename" of the
-linux_binprm struct. Instead, call kernel_read() directly.
-
-Link: http://lkml.kernel.org/r/20190524201817.16509-1-jannh@google.com
-Fixes: 287980e49ffc ("remove lots of IS_ERR_VALUE abuses")
-Signed-off-by: Jann Horn <jannh@google.com>
-Cc: Alexander Viro <viro@zeniv.linux.org.uk>
-Cc: Kees Cook <keescook@chromium.org>
-Cc: Nicolas Pitre <nicolas.pitre@linaro.org>
-Cc: Arnd Bergmann <arnd@arndb.de>
-Cc: Geert Uytterhoeven <geert@linux-m68k.org>
-Cc: Russell King <linux@armlinux.org.uk>
-Cc: Greg Ungerer <gerg@linux-m68k.org>
-Cc: <stable@vger.kernel.org>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/binfmt_flat.c |   24 +++++++-----------------
- 1 file changed, 7 insertions(+), 17 deletions(-)
-
---- a/fs/binfmt_flat.c
-+++ b/fs/binfmt_flat.c
-@@ -808,9 +808,14 @@ err:
- 
- static int load_flat_shared_library(int id, struct lib_info *libs)
- {
-+	/*
-+	 * This is a fake bprm struct; only the members "buf", "file" and
-+	 * "filename" are actually used.
-+	 */
- 	struct linux_binprm bprm;
- 	int res;
- 	char buf[16];
-+	loff_t pos = 0;
- 
- 	memset(&bprm, 0, sizeof(bprm));
- 
-@@ -824,25 +829,10 @@ static int load_flat_shared_library(int
- 	if (IS_ERR(bprm.file))
- 		return res;
- 
--	bprm.cred = prepare_exec_creds();
--	res = -ENOMEM;
--	if (!bprm.cred)
--		goto out;
--
--	/* We don't really care about recalculating credentials at this point
--	 * as we're past the point of no return and are dealing with shared
--	 * libraries.
--	 */
--	bprm.cred_prepared = 1;
--
--	res = prepare_binprm(&bprm);
--
--	if (!IS_ERR_VALUE(res))
-+	res = kernel_read(bprm.file, bprm.buf, BINPRM_BUF_SIZE, &pos);
-+	if (res >= 0)
- 		res = load_flat_file(&bprm, libs, id, NULL);
- 
--	abort_creds(bprm.cred);
--
--out:
- 	allow_write_access(bprm.file);
- 	fput(bprm.file);
- 
diff --git a/input-uinput-add-compat-ioctl-number-translation-for-ui_-_ff_upload.patch b/input-uinput-add-compat-ioctl-number-translation-for-ui_-_ff_upload.patch
deleted file mode 100644
index e66d48f..0000000
--- a/input-uinput-add-compat-ioctl-number-translation-for-ui_-_ff_upload.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 7c7da40da1640ce6814dab1e8031b44e19e5a3f6 Mon Sep 17 00:00:00 2001
-From: Andrey Smirnov <andrew.smirnov@gmail.com>
-Date: Thu, 23 May 2019 12:55:26 -0700
-Subject: Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
-
-From: Andrey Smirnov <andrew.smirnov@gmail.com>
-
-commit 7c7da40da1640ce6814dab1e8031b44e19e5a3f6 upstream.
-
-In the case of compat syscall ioctl numbers for UI_BEGIN_FF_UPLOAD and
-UI_END_FF_UPLOAD need to be adjusted before being passed on
-uinput_ioctl_handler() since code built with -m32 will be passing
-slightly different values. Extend the code already covering
-UI_SET_PHYS to cover UI_BEGIN_FF_UPLOAD and UI_END_FF_UPLOAD as well.
-
-Reported-by: Pierre-Loup A. Griffais <pgriffais@valvesoftware.com>
-Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
-Cc: stable@vger.kernel.org
-Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/input/misc/uinput.c |   22 ++++++++++++++++++++--
- 1 file changed, 20 insertions(+), 2 deletions(-)
-
---- a/drivers/input/misc/uinput.c
-+++ b/drivers/input/misc/uinput.c
-@@ -896,13 +896,31 @@ static long uinput_ioctl(struct file *fi
- 
- #ifdef CONFIG_COMPAT
- 
--#define UI_SET_PHYS_COMPAT	_IOW(UINPUT_IOCTL_BASE, 108, compat_uptr_t)
-+/*
-+ * These IOCTLs change their size and thus their numbers between
-+ * 32 and 64 bits.
-+ */
-+#define UI_SET_PHYS_COMPAT		\
-+	_IOW(UINPUT_IOCTL_BASE, 108, compat_uptr_t)
-+#define UI_BEGIN_FF_UPLOAD_COMPAT	\
-+	_IOWR(UINPUT_IOCTL_BASE, 200, struct uinput_ff_upload_compat)
-+#define UI_END_FF_UPLOAD_COMPAT		\
-+	_IOW(UINPUT_IOCTL_BASE, 201, struct uinput_ff_upload_compat)
- 
- static long uinput_compat_ioctl(struct file *file,
- 				unsigned int cmd, unsigned long arg)
- {
--	if (cmd == UI_SET_PHYS_COMPAT)
-+	switch (cmd) {
-+	case UI_SET_PHYS_COMPAT:
- 		cmd = UI_SET_PHYS;
-+		break;
-+	case UI_BEGIN_FF_UPLOAD_COMPAT:
-+		cmd = UI_BEGIN_FF_UPLOAD;
-+		break;
-+	case UI_END_FF_UPLOAD_COMPAT:
-+		cmd = UI_END_FF_UPLOAD;
-+		break;
-+	}
- 
- 	return uinput_ioctl_handler(file, cmd, arg, compat_ptr(arg));
- }
diff --git a/ipv4-use-return-value-of-inet_iif-for-__raw_v4_lookup-in-the-while-loop.patch b/ipv4-use-return-value-of-inet_iif-for-__raw_v4_lookup-in-the-while-loop.patch
deleted file mode 100644
index d3107a7..0000000
--- a/ipv4-use-return-value-of-inet_iif-for-__raw_v4_lookup-in-the-while-loop.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From foo@baz Tue 02 Jul 2019 06:26:14 AM CEST
-From: Stephen Suryaputra <ssuryaextr@gmail.com>
-Date: Mon, 24 Jun 2019 20:14:06 -0400
-Subject: ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
-
-From: Stephen Suryaputra <ssuryaextr@gmail.com>
-
-[ Upstream commit 38c73529de13e1e10914de7030b659a2f8b01c3b ]
-
-In commit 19e4e768064a8 ("ipv4: Fix raw socket lookup for local
-traffic"), the dif argument to __raw_v4_lookup() is coming from the
-returned value of inet_iif() but the change was done only for the first
-lookup. Subsequent lookups in the while loop still use skb->dev->ifIndex.
-
-Fixes: 19e4e768064a8 ("ipv4: Fix raw socket lookup for local traffic")
-Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
-Reviewed-by: David Ahern <dsahern@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/ipv4/raw.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/net/ipv4/raw.c
-+++ b/net/ipv4/raw.c
-@@ -186,7 +186,7 @@ static int raw_v4_input(struct sk_buff *
- 		}
- 		sk = __raw_v4_lookup(net, sk_next(sk), iph->protocol,
- 				     iph->saddr, iph->daddr,
--				     skb->dev->ifindex);
-+				     dif);
- 	}
- out:
- 	read_unlock(&raw_v4_hashinfo.lock);
diff --git a/perf-help-remove-needless-use-of-strncpy.patch b/perf-help-remove-needless-use-of-strncpy.patch
deleted file mode 100644
index 7bb7345..0000000
--- a/perf-help-remove-needless-use-of-strncpy.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From b6313899f4ed2e76b8375cf8069556f5b94fbff0 Mon Sep 17 00:00:00 2001
-From: Arnaldo Carvalho de Melo <acme@redhat.com>
-Date: Thu, 6 Dec 2018 11:20:21 -0300
-Subject: perf help: Remove needless use of strncpy()
-
-From: Arnaldo Carvalho de Melo <acme@redhat.com>
-
-commit b6313899f4ed2e76b8375cf8069556f5b94fbff0 upstream.
-
-Since we make sure the destination buffer has at least strlen(orig) + 1,
-no need to do a strncpy(dest, orig, strlen(orig)), just use strcpy(dest,
-orig).
-
-This silences this gcc 8.2 warning on Alpine Linux:
-
-  In function 'add_man_viewer',
-      inlined from 'perf_help_config' at builtin-help.c:284:3:
-  builtin-help.c:192:2: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
-    strncpy((*p)->name, name, len);
-    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-  builtin-help.c: In function 'perf_help_config':
-  builtin-help.c:187:15: note: length computed here
-    size_t len = strlen(name);
-                 ^~~~~~~~~~~~
-
-Cc: Adrian Hunter <adrian.hunter@intel.com>
-Cc: Jiri Olsa <jolsa@kernel.org>
-Cc: Namhyung Kim <namhyung@kernel.org>
-Fixes: 078006012401 ("perf_counter tools: add in basic glue from Git")
-Link: https://lkml.kernel.org/n/tip-2f69l7drca427ob4km8i7kvo@git.kernel.org
-Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- tools/perf/builtin-help.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/tools/perf/builtin-help.c
-+++ b/tools/perf/builtin-help.c
-@@ -179,7 +179,7 @@ static void add_man_viewer(const char *n
- 	while (*p)
- 		p = &((*p)->next);
- 	*p = zalloc(sizeof(**p) + len + 1);
--	strncpy((*p)->name, name, len);
-+	strcpy((*p)->name, name);
- }
- 
- static int supported_man_viewer(const char *name, size_t len)
diff --git a/sctp-change-to-hold-sk-after-auth-shkey-is-created-successfully.patch b/sctp-change-to-hold-sk-after-auth-shkey-is-created-successfully.patch
deleted file mode 100644
index 7bd5fe6..0000000
--- a/sctp-change-to-hold-sk-after-auth-shkey-is-created-successfully.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From foo@baz Tue 02 Jul 2019 06:37:32 AM CEST
-From: Xin Long <lucien.xin@gmail.com>
-Date: Tue, 25 Jun 2019 00:21:45 +0800
-Subject: sctp: change to hold sk after auth shkey is created successfully
-
-From: Xin Long <lucien.xin@gmail.com>
-
-[ Upstream commit 25bff6d5478b2a02368097015b7d8eb727c87e16 ]
-
-Now in sctp_endpoint_init(), it holds the sk then creates auth
-shkey. But when the creation fails, it doesn't release the sk,
-which causes a sk defcnf leak,
-
-Here to fix it by only holding the sk when auth shkey is created
-successfully.
-
-Fixes: a29a5bd4f5c3 ("[SCTP]: Implement SCTP-AUTH initializations.")
-Reported-by: syzbot+afabda3890cc2f765041@syzkaller.appspotmail.com
-Reported-by: syzbot+276ca1c77a19977c0130@syzkaller.appspotmail.com
-Signed-off-by: Xin Long <lucien.xin@gmail.com>
-Acked-by: Neil Horman <nhorman@redhat.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/sctp/endpointola.c |    8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
---- a/net/sctp/endpointola.c
-+++ b/net/sctp/endpointola.c
-@@ -126,10 +126,6 @@ static struct sctp_endpoint *sctp_endpoi
- 	/* Initialize the bind addr area */
- 	sctp_bind_addr_init(&ep->base.bind_addr, 0);
- 
--	/* Remember who we are attached to.  */
--	ep->base.sk = sk;
--	sock_hold(ep->base.sk);
--
- 	/* Create the lists of associations.  */
- 	INIT_LIST_HEAD(&ep->asocs);
- 
-@@ -165,6 +161,10 @@ static struct sctp_endpoint *sctp_endpoi
- 	ep->auth_hmacs_list = auth_hmacs;
- 	ep->auth_chunk_list = auth_chunks;
- 
-+	/* Remember who we are attached to.  */
-+	ep->base.sk = sk;
-+	sock_hold(ep->base.sk);
-+
- 	return ep;
- 
- nomem_hmacs:
diff --git a/series b/series
index 3f34300..e69de29 100644
--- a/series
+++ b/series
@@ -1,21 +0,0 @@
-fs-binfmt_flat.c-make-load_flat_shared_library-work.patch
-tracing-silence-gcc-9-array-bounds-warning.patch
-input-uinput-add-compat-ioctl-number-translation-for-ui_-_ff_upload.patch
-apparmor-enforce-nullbyte-at-end-of-tag-string.patch
-btrfs-fix-race-between-readahead-and-device-replace-removal.patch
-btrfs-start-readahead-also-in-seed-devices.patch
-can-purge-socket-error-queue-on-sock-destruct.patch
-bluetooth-align-minimum-encryption-key-size-for-le-and-br-edr-connections.patch
-bluetooth-fix-regression-with-minimum-encryption-key-size-alignment.patch
-smb3-retry-on-status_insufficient_resources-instead-of-failing-write.patch
-cfg80211-fix-memory-leak-of-wiphy-device-name.patch
-perf-help-remove-needless-use-of-strncpy.patch
-abort-file_remove_privs-for-non-reg.-files.patch
-sctp-change-to-hold-sk-after-auth-shkey-is-created-successfully.patch
-team-always-enable-vlan-tx-offload.patch
-ipv4-use-return-value-of-inet_iif-for-__raw_v4_lookup-in-the-while-loop.patch
-bonding-always-enable-vlan-tx-offload.patch
-bluetooth-fix-faulty-expression-for-minimum-encryption-key-size-check.patch
-crypto-user-prevent-operating-on-larval-algorithms.patch
-alsa-seq-fix-incorrect-order-of-dest_client-dest_ports-arguments.patch
-lib-mpi-fix-karactx-leak-in-mpi_powm.patch
diff --git a/smb3-retry-on-status_insufficient_resources-instead-of-failing-write.patch b/smb3-retry-on-status_insufficient_resources-instead-of-failing-write.patch
deleted file mode 100644
index f1d9b94..0000000
--- a/smb3-retry-on-status_insufficient_resources-instead-of-failing-write.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 8d526d62db907e786fd88948c75d1833d82bd80e Mon Sep 17 00:00:00 2001
-From: Steve French <stfrench@microsoft.com>
-Date: Mon, 17 Jun 2019 14:49:07 -0500
-Subject: SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
-
-From: Steve French <stfrench@microsoft.com>
-
-commit 8d526d62db907e786fd88948c75d1833d82bd80e upstream.
-
-Some servers such as Windows 10 will return STATUS_INSUFFICIENT_RESOURCES
-as the number of simultaneous SMB3 requests grows (even though the client
-has sufficient credits).  Return EAGAIN on STATUS_INSUFFICIENT_RESOURCES
-so that we can retry writes which fail with this status code.
-
-This (for example) fixes large file copies to Windows 10 on fast networks.
-
-Signed-off-by: Steve French <stfrench@microsoft.com>
-CC: Stable <stable@vger.kernel.org>
-Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
-Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/cifs/smb2maperror.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/fs/cifs/smb2maperror.c
-+++ b/fs/cifs/smb2maperror.c
-@@ -455,7 +455,7 @@ static const struct status_to_posix_erro
- 	{STATUS_FILE_INVALID, -EIO, "STATUS_FILE_INVALID"},
- 	{STATUS_ALLOTTED_SPACE_EXCEEDED, -EIO,
- 	"STATUS_ALLOTTED_SPACE_EXCEEDED"},
--	{STATUS_INSUFFICIENT_RESOURCES, -EREMOTEIO,
-+	{STATUS_INSUFFICIENT_RESOURCES, -EAGAIN,
- 				"STATUS_INSUFFICIENT_RESOURCES"},
- 	{STATUS_DFS_EXIT_PATH_FOUND, -EIO, "STATUS_DFS_EXIT_PATH_FOUND"},
- 	{STATUS_DEVICE_DATA_ERROR, -EIO, "STATUS_DEVICE_DATA_ERROR"},
diff --git a/team-always-enable-vlan-tx-offload.patch b/team-always-enable-vlan-tx-offload.patch
deleted file mode 100644
index c7e765d..0000000
--- a/team-always-enable-vlan-tx-offload.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From foo@baz Tue 02 Jul 2019 06:20:09 AM CEST
-From: YueHaibing <yuehaibing@huawei.com>
-Date: Thu, 27 Jun 2019 00:03:39 +0800
-Subject: team: Always enable vlan tx offload
-
-From: YueHaibing <yuehaibing@huawei.com>
-
-[ Upstream commit ee4297420d56a0033a8593e80b33fcc93fda8509 ]
-
-We should rather have vlan_tci filled all the way down
-to the transmitting netdevice and let it do the hw/sw
-vlan implementation.
-
-Suggested-by: Jiri Pirko <jiri@resnulli.us>
-Signed-off-by: YueHaibing <yuehaibing@huawei.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- drivers/net/team/team.c |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/net/team/team.c
-+++ b/drivers/net/team/team.c
-@@ -2079,12 +2079,12 @@ static void team_setup(struct net_device
- 	dev->features |= NETIF_F_NETNS_LOCAL;
- 
- 	dev->hw_features = TEAM_VLAN_FEATURES |
--			   NETIF_F_HW_VLAN_CTAG_TX |
- 			   NETIF_F_HW_VLAN_CTAG_RX |
- 			   NETIF_F_HW_VLAN_CTAG_FILTER;
- 
- 	dev->hw_features &= ~(NETIF_F_ALL_CSUM & ~NETIF_F_HW_CSUM);
- 	dev->features |= dev->hw_features;
-+	dev->features |= NETIF_F_HW_VLAN_CTAG_TX;
- }
- 
- static int team_newlink(struct net *src_net, struct net_device *dev,
diff --git a/tracing-silence-gcc-9-array-bounds-warning.patch b/tracing-silence-gcc-9-array-bounds-warning.patch
deleted file mode 100644
index 0a590a8..0000000
--- a/tracing-silence-gcc-9-array-bounds-warning.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From 0c97bf863efce63d6ab7971dad811601e6171d2f Mon Sep 17 00:00:00 2001
-From: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
-Date: Thu, 23 May 2019 14:45:35 +0200
-Subject: tracing: Silence GCC 9 array bounds warning
-
-From: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
-
-commit 0c97bf863efce63d6ab7971dad811601e6171d2f upstream.
-
-Starting with GCC 9, -Warray-bounds detects cases when memset is called
-starting on a member of a struct but the size to be cleared ends up
-writing over further members.
-
-Such a call happens in the trace code to clear, at once, all members
-after and including `seq` on struct trace_iterator:
-
-    In function 'memset',
-        inlined from 'ftrace_dump' at kernel/trace/trace.c:8914:3:
-    ./include/linux/string.h:344:9: warning: '__builtin_memset' offset
-    [8505, 8560] from the object at 'iter' is out of the bounds of
-    referenced subobject 'seq' with type 'struct trace_seq' at offset
-    4368 [-Warray-bounds]
-      344 |  return __builtin_memset(p, c, size);
-          |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-In order to avoid GCC complaining about it, we compute the address
-ourselves by adding the offsetof distance instead of referring
-directly to the member.
-
-Since there are two places doing this clear (trace.c and trace_kdb.c),
-take the chance to move the workaround into a single place in
-the internal header.
-
-Link: http://lkml.kernel.org/r/20190523124535.GA12931@gmail.com
-
-Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
-[ Removed unnecessary parenthesis around "iter" ]
-Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- kernel/trace/trace.c     |    6 +-----
- kernel/trace/trace.h     |   18 ++++++++++++++++++
- kernel/trace/trace_kdb.c |    6 +-----
- 3 files changed, 20 insertions(+), 10 deletions(-)
-
---- a/kernel/trace/trace.c
-+++ b/kernel/trace/trace.c
-@@ -6896,12 +6896,8 @@ void ftrace_dump(enum ftrace_dump_mode o
- 
- 		cnt++;
- 
--		/* reset all but tr, trace, and overruns */
--		memset(&iter.seq, 0,
--		       sizeof(struct trace_iterator) -
--		       offsetof(struct trace_iterator, seq));
-+		trace_iterator_reset(&iter);
- 		iter.iter_flags |= TRACE_FILE_LAT_FMT;
--		iter.pos = -1;
- 
- 		if (trace_find_next_entry_inc(&iter) != NULL) {
- 			int ret;
---- a/kernel/trace/trace.h
-+++ b/kernel/trace/trace.h
-@@ -1325,4 +1325,22 @@ static inline void __init trace_event_in
- #endif
- 
- 
-+/*
-+ * Reset the state of the trace_iterator so that it can read consumed data.
-+ * Normally, the trace_iterator is used for reading the data when it is not
-+ * consumed, and must retain state.
-+ */
-+static __always_inline void trace_iterator_reset(struct trace_iterator *iter)
-+{
-+	const size_t offset = offsetof(struct trace_iterator, seq);
-+
-+	/*
-+	 * Keep gcc from complaining about overwriting more than just one
-+	 * member in the structure.
-+	 */
-+	memset((char *)iter + offset, 0, sizeof(struct trace_iterator) - offset);
-+
-+	iter->pos = -1;
-+}
-+
- #endif /* _LINUX_KERNEL_TRACE_H */
---- a/kernel/trace/trace_kdb.c
-+++ b/kernel/trace/trace_kdb.c
-@@ -36,12 +36,8 @@ static void ftrace_dump_buf(int skip_lin
- 
- 	kdb_printf("Dumping ftrace buffer:\n");
- 
--	/* reset all but tr, trace, and overruns */
--	memset(&iter.seq, 0,
--		   sizeof(struct trace_iterator) -
--		   offsetof(struct trace_iterator, seq));
-+	trace_iterator_reset(&iter);
- 	iter.iter_flags |= TRACE_FILE_LAT_FMT;
--	iter.pos = -1;
- 
- 	if (cpu_file == RING_BUFFER_ALL_CPUS) {
- 		for_each_tracing_cpu(cpu) {