--- /dev/null
+From 4febced15ac8ddb9cf3e603edb111842e4863d9a Mon Sep 17 00:00:00 2001
+From: Jerome Brunet <jbrunet@baylibre.com>
+Date: Wed, 27 Jun 2018 17:36:38 +0200
+Subject: ASoC: dpcm: don't merge format from invalid codec dai
+
+From: Jerome Brunet <jbrunet@baylibre.com>
+
+commit 4febced15ac8ddb9cf3e603edb111842e4863d9a upstream.
+
+When merging codec formats, dpcm_runtime_base_format() should skip
+the codecs which are not supporting the current stream direction.
+
+At the moment, if a BE link has more than one codec, and only one
+of these codecs has no capture DAI, it becomes impossible to start
+a capture stream because the merged format would be 0.
+
+Skipping invalid codec DAI solves the problem.
+
+Fixes: b073ed4e2126 ("ASoC: soc-pcm: DPCM cares BE format")
+Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/soc-pcm.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/sound/soc/soc-pcm.c
++++ b/sound/soc/soc-pcm.c
+@@ -1621,6 +1621,14 @@ static u64 dpcm_runtime_base_format(stru
+ int i;
+
+ for (i = 0; i < be->num_codecs; i++) {
++ /*
++ * Skip CODECs which don't support the current stream
++ * type. See soc_pcm_init_runtime_hw() for more details
++ */
++ if (!snd_soc_dai_stream_valid(be->codec_dais[i],
++ stream))
++ continue;
++
+ codec_dai_drv = be->codec_dais[i]->driver;
+ if (stream == SNDRV_PCM_STREAM_PLAYBACK)
+ codec_stream = &codec_dai_drv->playback;
--- /dev/null
+From ae1c696a480c67c45fb23b35162183f72c6be0e1 Mon Sep 17 00:00:00 2001
+From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
+Date: Thu, 26 Jul 2018 15:49:10 -0500
+Subject: ASoC: sirf: Fix potential NULL pointer dereference
+
+From: Gustavo A. R. Silva <gustavo@embeddedor.com>
+
+commit ae1c696a480c67c45fb23b35162183f72c6be0e1 upstream.
+
+There is a potential execution path in which function
+platform_get_resource() returns NULL. If this happens,
+we will end up having a NULL pointer dereference.
+
+Fix this by replacing devm_ioremap with devm_ioremap_resource,
+which has the NULL check and the memory region request.
+
+This code was detected with the help of Coccinelle.
+
+Cc: stable@vger.kernel.org
+Fixes: 2bd8d1d5cf89 ("ASoC: sirf: Add audio usp interface driver")
+Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/sirf/sirf-usp.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/sound/soc/sirf/sirf-usp.c
++++ b/sound/soc/sirf/sirf-usp.c
+@@ -367,10 +367,9 @@ static int sirf_usp_pcm_probe(struct pla
+ platform_set_drvdata(pdev, usp);
+
+ mem_res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+- base = devm_ioremap(&pdev->dev, mem_res->start,
+- resource_size(mem_res));
+- if (base == NULL)
+- return -ENOMEM;
++ base = devm_ioremap_resource(&pdev->dev, mem_res);
++ if (IS_ERR(base))
++ return PTR_ERR(base);
+ usp->regmap = devm_regmap_init_mmio(&pdev->dev, base,
+ &sirf_usp_regmap_config);
+ if (IS_ERR(usp->regmap))
--- /dev/null
+From 2aa650d1950fce94f696ebd7db30b8830c2c946f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20B=C3=BCsch?= <m@bues.ch>
+Date: Tue, 31 Jul 2018 21:14:04 +0200
+Subject: b43/leds: Ensure NUL-termination of LED name string
+
+From: Michael Buesch <m@bues.ch>
+
+commit 2aa650d1950fce94f696ebd7db30b8830c2c946f upstream.
+
+strncpy might not NUL-terminate the string, if the name equals the buffer size.
+Use strlcpy instead.
+
+Signed-off-by: Michael Buesch <m@bues.ch>
+Cc: stable@vger.kernel.org
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/broadcom/b43/leds.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/broadcom/b43/leds.c
++++ b/drivers/net/wireless/broadcom/b43/leds.c
+@@ -131,7 +131,7 @@ static int b43_register_led(struct b43_w
+ led->wl = dev->wl;
+ led->index = led_index;
+ led->activelow = activelow;
+- strncpy(led->name, name, sizeof(led->name));
++ strlcpy(led->name, name, sizeof(led->name));
+ atomic_set(&led->state, 0);
+
+ led->led_dev.name = led->name;
--- /dev/null
+From 4d77a89e3924b12f4a5628b21237e57ab4703866 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michael=20B=C3=BCsch?= <m@bues.ch>
+Date: Tue, 31 Jul 2018 21:14:16 +0200
+Subject: b43legacy/leds: Ensure NUL-termination of LED name string
+
+From: Michael Buesch <m@bues.ch>
+
+commit 4d77a89e3924b12f4a5628b21237e57ab4703866 upstream.
+
+strncpy might not NUL-terminate the string, if the name equals the buffer size.
+Use strlcpy instead.
+
+Signed-off-by: Michael Buesch <m@bues.ch>
+Cc: stable@vger.kernel.org
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/broadcom/b43legacy/leds.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/broadcom/b43legacy/leds.c
++++ b/drivers/net/wireless/broadcom/b43legacy/leds.c
+@@ -101,7 +101,7 @@ static int b43legacy_register_led(struct
+ led->dev = dev;
+ led->index = led_index;
+ led->activelow = activelow;
+- strncpy(led->name, name, sizeof(led->name));
++ strlcpy(led->name, name, sizeof(led->name));
+
+ led->led_dev.name = led->name;
+ led->led_dev.default_trigger = default_trigger;
+++ /dev/null
-From 44883f01fe6ae436a8604c47d8435276fef369b0 Mon Sep 17 00:00:00 2001
-From: Paolo Bonzini <pbonzini@redhat.com>
-Date: Thu, 26 Jul 2018 13:01:52 +0200
-Subject: KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd
-
-From: Paolo Bonzini <pbonzini@redhat.com>
-
-commit 44883f01fe6ae436a8604c47d8435276fef369b0 upstream.
-
-Some of the MSRs returned by GET_MSR_INDEX_LIST currently cannot be sent back
-to KVM_GET_MSR and/or KVM_SET_MSR; either they can never be sent back, or you
-they are only accepted under special conditions. This makes the API a pain to
-use.
-
-To avoid this pain, this patch makes it so that the result of the get-list
-ioctl can always be used for host-initiated get and set. Since we don't have
-a separate way to check for read-only MSRs, this means some Hyper-V MSRs are
-ignored when written. Arguably they should not even be in the result of
-GET_MSR_INDEX_LIST, but I am leaving there in case userspace is using the
-outcome of GET_MSR_INDEX_LIST to derive the support for the corresponding
-Hyper-V feature.
-
-Cc: stable@vger.kernel.org
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/x86/kvm/hyperv.c | 27 ++++++++++++++++++++-------
- arch/x86/kvm/hyperv.h | 2 +-
- arch/x86/kvm/x86.c | 15 +++++++++------
- 3 files changed, 30 insertions(+), 14 deletions(-)
-
---- a/arch/x86/kvm/hyperv.c
-+++ b/arch/x86/kvm/hyperv.c
-@@ -199,7 +199,7 @@ static int synic_set_msr(struct kvm_vcpu
- struct kvm_vcpu *vcpu = synic_to_vcpu(synic);
- int ret;
-
-- if (!synic->active)
-+ if (!synic->active && !host)
- return 1;
-
- trace_kvm_hv_synic_set_msr(vcpu->vcpu_id, msr, data, host);
-@@ -257,11 +257,12 @@ static int synic_set_msr(struct kvm_vcpu
- return ret;
- }
-
--static int synic_get_msr(struct kvm_vcpu_hv_synic *synic, u32 msr, u64 *pdata)
-+static int synic_get_msr(struct kvm_vcpu_hv_synic *synic, u32 msr, u64 *pdata,
-+ bool host)
- {
- int ret;
-
-- if (!synic->active)
-+ if (!synic->active && !host)
- return 1;
-
- ret = 0;
-@@ -947,6 +948,11 @@ static int kvm_hv_set_msr_pw(struct kvm_
- kvm_make_request(KVM_REQ_HV_RESET, vcpu);
- }
- break;
-+ case HV_X64_MSR_TIME_REF_COUNT:
-+ /* read-only, but still ignore it if host-initiated */
-+ if (!host)
-+ return 1;
-+ break;
- default:
- vcpu_unimpl(vcpu, "Hyper-V uhandled wrmsr: 0x%x data 0x%llx\n",
- msr, data);
-@@ -1028,6 +1034,12 @@ static int kvm_hv_set_msr(struct kvm_vcp
- return stimer_set_count(vcpu_to_stimer(vcpu, timer_index),
- data, host);
- }
-+ case HV_X64_MSR_TSC_FREQUENCY:
-+ case HV_X64_MSR_APIC_FREQUENCY:
-+ /* read-only, but still ignore it if host-initiated */
-+ if (!host)
-+ return 1;
-+ break;
- default:
- vcpu_unimpl(vcpu, "Hyper-V uhandled wrmsr: 0x%x data 0x%llx\n",
- msr, data);
-@@ -1074,7 +1086,8 @@ static int kvm_hv_get_msr_pw(struct kvm_
- return 0;
- }
-
--static int kvm_hv_get_msr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
-+static int kvm_hv_get_msr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata,
-+ bool host)
- {
- u64 data = 0;
- struct kvm_vcpu_hv *hv = &vcpu->arch.hyperv;
-@@ -1110,7 +1123,7 @@ static int kvm_hv_get_msr(struct kvm_vcp
- case HV_X64_MSR_SIMP:
- case HV_X64_MSR_EOM:
- case HV_X64_MSR_SINT0 ... HV_X64_MSR_SINT15:
-- return synic_get_msr(vcpu_to_synic(vcpu), msr, pdata);
-+ return synic_get_msr(vcpu_to_synic(vcpu), msr, pdata, host);
- case HV_X64_MSR_STIMER0_CONFIG:
- case HV_X64_MSR_STIMER1_CONFIG:
- case HV_X64_MSR_STIMER2_CONFIG:
-@@ -1150,7 +1163,7 @@ int kvm_hv_set_msr_common(struct kvm_vcp
- return kvm_hv_set_msr(vcpu, msr, data, host);
- }
-
--int kvm_hv_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
-+int kvm_hv_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata, bool host)
- {
- if (kvm_hv_msr_partition_wide(msr)) {
- int r;
-@@ -1160,7 +1173,7 @@ int kvm_hv_get_msr_common(struct kvm_vcp
- mutex_unlock(&vcpu->kvm->lock);
- return r;
- } else
-- return kvm_hv_get_msr(vcpu, msr, pdata);
-+ return kvm_hv_get_msr(vcpu, msr, pdata, host);
- }
-
- bool kvm_hv_hypercall_enabled(struct kvm *kvm)
---- a/arch/x86/kvm/hyperv.h
-+++ b/arch/x86/kvm/hyperv.h
-@@ -48,7 +48,7 @@ static inline struct kvm_vcpu *synic_to_
- }
-
- int kvm_hv_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data, bool host);
--int kvm_hv_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata);
-+int kvm_hv_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata, bool host);
-
- bool kvm_hv_hypercall_enabled(struct kvm *kvm);
- int kvm_hv_hypercall(struct kvm_vcpu *vcpu);
---- a/arch/x86/kvm/x86.c
-+++ b/arch/x86/kvm/x86.c
-@@ -2058,10 +2058,11 @@ static int set_msr_mce(struct kvm_vcpu *
- vcpu->arch.mcg_status = data;
- break;
- case MSR_IA32_MCG_CTL:
-- if (!(mcg_cap & MCG_CTL_P))
-+ if (!(mcg_cap & MCG_CTL_P) &&
-+ (data || !msr_info->host_initiated))
- return 1;
- if (data != 0 && data != ~(u64)0)
-- return -1;
-+ return 1;
- vcpu->arch.mcg_ctl = data;
- break;
- default:
-@@ -2405,7 +2406,7 @@ int kvm_get_msr(struct kvm_vcpu *vcpu, s
- }
- EXPORT_SYMBOL_GPL(kvm_get_msr);
-
--static int get_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata)
-+static int get_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata, bool host)
- {
- u64 data;
- u64 mcg_cap = vcpu->arch.mcg_cap;
-@@ -2420,7 +2421,7 @@ static int get_msr_mce(struct kvm_vcpu *
- data = vcpu->arch.mcg_cap;
- break;
- case MSR_IA32_MCG_CTL:
-- if (!(mcg_cap & MCG_CTL_P))
-+ if (!(mcg_cap & MCG_CTL_P) && !host)
- return 1;
- data = vcpu->arch.mcg_ctl;
- break;
-@@ -2545,7 +2546,8 @@ int kvm_get_msr_common(struct kvm_vcpu *
- case MSR_IA32_MCG_CTL:
- case MSR_IA32_MCG_STATUS:
- case MSR_IA32_MC0_CTL ... MSR_IA32_MCx_CTL(KVM_MAX_MCE_BANKS) - 1:
-- return get_msr_mce(vcpu, msr_info->index, &msr_info->data);
-+ return get_msr_mce(vcpu, msr_info->index, &msr_info->data,
-+ msr_info->host_initiated);
- case MSR_K7_CLK_CTL:
- /*
- * Provide expected ramp-up count for K7. All other
-@@ -2563,7 +2565,8 @@ int kvm_get_msr_common(struct kvm_vcpu *
- case HV_X64_MSR_CRASH_CTL:
- case HV_X64_MSR_STIMER0_CONFIG ... HV_X64_MSR_STIMER3_COUNT:
- return kvm_hv_get_msr_common(vcpu,
-- msr_info->index, &msr_info->data);
-+ msr_info->index, &msr_info->data,
-+ msr_info->host_initiated);
- break;
- case MSR_IA32_BBL_CR_CTL3:
- /* This legacy MSR exists but isn't fully documented in current
--- /dev/null
+From 19da44cd33a3a6ff7c97fff0189999ff15b241e4 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 13 Jul 2018 17:55:15 +0300
+Subject: pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 19da44cd33a3a6ff7c97fff0189999ff15b241e4 upstream.
+
+The info->groups[] array is allocated in imx1_pinctrl_parse_dt(). It
+has info->ngroups elements. Thus the > here should be >= to prevent
+reading one element beyond the end of the array.
+
+Cc: stable@vger.kernel.org
+Fixes: 30612cd90005 ("pinctrl: imx1 core driver")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Uwe Kleine-König <u.kleine-könig@pengutronix.de>
+Acked-by: Dong Aisheng <Aisheng.dong@nxp.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pinctrl/freescale/pinctrl-imx1-core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/pinctrl/freescale/pinctrl-imx1-core.c
++++ b/drivers/pinctrl/freescale/pinctrl-imx1-core.c
+@@ -433,7 +433,7 @@ static void imx1_pinconf_group_dbg_show(
+ const char *name;
+ int i, ret;
+
+- if (group > info->ngroups)
++ if (group >= info->ngroups)
+ return;
+
+ seq_puts(s, "\n");
x86-speculation-l1tf-fix-off-by-one-error-when-warning-that-system-has-too-much-ram.patch
x86-speculation-l1tf-suggest-what-to-do-on-systems-with-too-much-ram.patch
x86-process-re-export-start_thread.patch
-kvm-x86-ensure-all-msrs-can-always-be-kvm_get-set_msr-d.patch
kvm-x86-svm-call-x86_spec_ctrl_set_guest-host-with-interrupts-disabled.patch
x86-kvm-vmx-remove-duplicate-l1d-flush-definitions.patch
fuse-don-t-access-pipe-buffers-without-pipe_lock.patch
fuse-umount-should-wait-for-all-requests.patch
fuse-fix-oops-at-process_init_reply.patch
fuse-add-missed-unlock_page-to-fuse_readpages_fill.patch
+udl-kms-change-down_interruptible-to-down.patch
+udl-kms-handle-allocation-failure.patch
+udl-kms-fix-crash-due-to-uninitialized-memory.patch
+b43legacy-leds-ensure-nul-termination-of-led-name-string.patch
+b43-leds-ensure-nul-termination-of-led-name-string.patch
+asoc-dpcm-don-t-merge-format-from-invalid-codec-dai.patch
+asoc-sirf-fix-potential-null-pointer-dereference.patch
+pinctrl-freescale-off-by-one-in-imx1_pinconf_group_dbg_show.patch
--- /dev/null
+From 8456b99c16d193c4c3b7df305cf431e027f0189c Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Sun, 3 Jun 2018 16:40:55 +0200
+Subject: udl-kms: change down_interruptible to down
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit 8456b99c16d193c4c3b7df305cf431e027f0189c upstream.
+
+If we leave urbs around, it causes not only leak, but also memory
+corruption. This patch fixes the function udl_free_urb_list, so that it
+always waits for all urbs that are in progress.
+
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/udl/udl_main.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+--- a/drivers/gpu/drm/udl/udl_main.c
++++ b/drivers/gpu/drm/udl/udl_main.c
+@@ -169,18 +169,13 @@ static void udl_free_urb_list(struct drm
+ struct list_head *node;
+ struct urb_node *unode;
+ struct urb *urb;
+- int ret;
+ unsigned long flags;
+
+ DRM_DEBUG("Waiting for completes and freeing all render urbs\n");
+
+ /* keep waiting and freeing, until we've got 'em all */
+ while (count--) {
+-
+- /* Getting interrupted means a leak, but ok at shutdown*/
+- ret = down_interruptible(&udl->urbs.limit_sem);
+- if (ret)
+- break;
++ down(&udl->urbs.limit_sem);
+
+ spin_lock_irqsave(&udl->urbs.lock, flags);
+
--- /dev/null
+From 09a00abe3a9941c2715ca83eb88172cd2f54d8fd Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Sun, 3 Jun 2018 16:40:57 +0200
+Subject: udl-kms: fix crash due to uninitialized memory
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit 09a00abe3a9941c2715ca83eb88172cd2f54d8fd upstream.
+
+We must use kzalloc when allocating the fb_deferred_io structure.
+Otherwise, the field first_io is undefined and it causes a crash.
+
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/udl/udl_fb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/udl/udl_fb.c
++++ b/drivers/gpu/drm/udl/udl_fb.c
+@@ -217,7 +217,7 @@ static int udl_fb_open(struct fb_info *i
+
+ struct fb_deferred_io *fbdefio;
+
+- fbdefio = kmalloc(sizeof(struct fb_deferred_io), GFP_KERNEL);
++ fbdefio = kzalloc(sizeof(struct fb_deferred_io), GFP_KERNEL);
+
+ if (fbdefio) {
+ fbdefio->delay = DL_DEFIO_WRITE_DELAY;
--- /dev/null
+From 542bb9788a1f485eb1a2229178f665d8ea166156 Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Sun, 3 Jun 2018 16:40:56 +0200
+Subject: udl-kms: handle allocation failure
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit 542bb9788a1f485eb1a2229178f665d8ea166156 upstream.
+
+Allocations larger than PAGE_ALLOC_COSTLY_ORDER are unreliable and they
+may fail anytime. This patch fixes the udl kms driver so that when a large
+alloactions fails, it tries to do multiple smaller allocations.
+
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/udl/udl_main.c | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+--- a/drivers/gpu/drm/udl/udl_main.c
++++ b/drivers/gpu/drm/udl/udl_main.c
+@@ -199,17 +199,22 @@ static void udl_free_urb_list(struct drm
+ static int udl_alloc_urb_list(struct drm_device *dev, int count, size_t size)
+ {
+ struct udl_device *udl = dev->dev_private;
+- int i = 0;
+ struct urb *urb;
+ struct urb_node *unode;
+ char *buf;
++ size_t wanted_size = count * size;
+
+ spin_lock_init(&udl->urbs.lock);
+
++retry:
+ udl->urbs.size = size;
+ INIT_LIST_HEAD(&udl->urbs.list);
+
+- while (i < count) {
++ sema_init(&udl->urbs.limit_sem, 0);
++ udl->urbs.count = 0;
++ udl->urbs.available = 0;
++
++ while (udl->urbs.count * size < wanted_size) {
+ unode = kzalloc(sizeof(struct urb_node), GFP_KERNEL);
+ if (!unode)
+ break;
+@@ -225,11 +230,16 @@ static int udl_alloc_urb_list(struct drm
+ }
+ unode->urb = urb;
+
+- buf = usb_alloc_coherent(udl->udev, MAX_TRANSFER, GFP_KERNEL,
++ buf = usb_alloc_coherent(udl->udev, size, GFP_KERNEL,
+ &urb->transfer_dma);
+ if (!buf) {
+ kfree(unode);
+ usb_free_urb(urb);
++ if (size > PAGE_SIZE) {
++ size /= 2;
++ udl_free_urb_list(dev);
++ goto retry;
++ }
+ break;
+ }
+
+@@ -240,16 +250,14 @@ static int udl_alloc_urb_list(struct drm
+
+ list_add_tail(&unode->entry, &udl->urbs.list);
+
+- i++;
++ up(&udl->urbs.limit_sem);
++ udl->urbs.count++;
++ udl->urbs.available++;
+ }
+
+- sema_init(&udl->urbs.limit_sem, i);
+- udl->urbs.count = i;
+- udl->urbs.available = i;
+-
+- DRM_DEBUG("allocated %d %d byte urbs\n", i, (int) size);
++ DRM_DEBUG("allocated %d %d byte urbs\n", udl->urbs.count, (int) size);
+
+- return i;
++ return udl->urbs.count;
+ }
+
+ struct urb *udl_get_urb(struct drm_device *dev)
projects / thirdparty / kernel / stable-queue.git / commitdiff
