From: Greg Kroah-Hartman Date: Sat, 10 Nov 2018 16:35:16 +0000 (-0800) Subject: 4.18-stable patches X-Git-Tag: v4.19.2~83 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4025bb4e5f0fbcbcc7438ad3c366c50fe38d8f5c;p=thirdparty%2Fkernel%2Fstable-queue.git 4.18-stable patches added patches: acpi-osl-use-jiffies-as-the-time-bassis-for-acpi_os_get_timer.patch acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch acpica-aml-parser-fix-parse-loop-to-correctly-skip-erroneous-extended-opcodes.patch bcache-correct-dirty-data-statistics.patch bcache-fix-miss-key-refill-end-in-writeback.patch bcache-trace-missed-reading-by-cache_missed.patch block-don-t-deal-with-discard-limit-in-blkdev_issue_discard.patch block-make-sure-discard-bio-is-aligned-with-logical-block-size.patch block-make-sure-writesame-bio-is-aligned-with-logical-block-size.patch block-setup-bounce-bio_sets-properly.patch cpufreq-conservative-take-limits-changes-into-account-properly.patch dma-mapping-fix-panic-caused-by-passing-empty-cma-command-line-argument.patch hwmon-pmbus-fix-page-count-auto-detection.patch ipmi-fix-timer-race-with-module-unload.patch jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch kprobes-x86-use-preempt_enable-in-optimized_callback.patch mailbox-pcc-handle-parse-error.patch mtd-rawnand-marvell-fix-the-irq-handler-complete-condition.patch mtd-spi-nor-fsl-quadspi-don-t-let-einval-on-the-bus.patch mtd-spi-nor-fsl-quadspi-fix-read-error-for-flash-size-larger-than-16mb.patch mtd-spi-nor-intel-spi-add-support-for-intel-ice-lake-spi-serial-flash.patch pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch spi-bcm-qspi-fix-calculation-of-address-length.patch spi-bcm-qspi-switch-back-to-reading-flash-using-smaller-chunks.patch spi-spi-mem-adjust-op-len-based-on-message-transfer-size-limitations.patch --- diff --git a/queue-4.18/acpi-osl-use-jiffies-as-the-time-bassis-for-acpi_os_get_timer.patch b/queue-4.18/acpi-osl-use-jiffies-as-the-time-bassis-for-acpi_os_get_timer.patch new file mode 100644 index 00000000000..2fae78301a3 --- /dev/null +++ b/queue-4.18/acpi-osl-use-jiffies-as-the-time-bassis-for-acpi_os_get_timer.patch @@ -0,0 +1,83 @@ +From 83b2348e2755db48fa8f40fdb791f366fabc0ba0 Mon Sep 17 00:00:00 2001 +From: Bart Van Assche +Date: Wed, 17 Oct 2018 13:24:56 -0700 +Subject: ACPI / OSL: Use 'jiffies' as the time bassis for acpi_os_get_timer() + +From: Bart Van Assche + +commit 83b2348e2755db48fa8f40fdb791f366fabc0ba0 upstream. + +Since acpi_os_get_timer() may be called after the timer subsystem has +been suspended, use the jiffies counter instead of ktime_get(). This +patch avoids that the following warning is reported during hibernation: + +WARNING: CPU: 0 PID: 612 at kernel/time/timekeeping.c:751 ktime_get+0x116/0x120 +RIP: 0010:ktime_get+0x116/0x120 +Call Trace: + acpi_os_get_timer+0xe/0x30 + acpi_ds_exec_begin_control_op+0x175/0x1de + acpi_ds_exec_begin_op+0x2c7/0x39a + acpi_ps_create_op+0x573/0x5e4 + acpi_ps_parse_loop+0x349/0x1220 + acpi_ps_parse_aml+0x25b/0x6da + acpi_ps_execute_method+0x327/0x41b + acpi_ns_evaluate+0x4e9/0x6f5 + acpi_ut_evaluate_object+0xd9/0x2f2 + acpi_rs_get_method_data+0x8f/0x114 + acpi_walk_resources+0x122/0x1b6 + acpi_pci_link_get_current.isra.2+0x157/0x280 + acpi_pci_link_set+0x32f/0x4a0 + irqrouter_resume+0x58/0x80 + syscore_resume+0x84/0x380 + hibernation_snapshot+0x20c/0x4f0 + hibernate+0x22d/0x3a6 + state_store+0x99/0xa0 + kobj_attr_store+0x37/0x50 + sysfs_kf_write+0x87/0xa0 + kernfs_fop_write+0x1a5/0x240 + __vfs_write+0xd2/0x410 + vfs_write+0x101/0x250 + ksys_write+0xab/0x120 + __x64_sys_write+0x43/0x50 + do_syscall_64+0x71/0x220 + entry_SYSCALL_64_after_hwframe+0x49/0xbe + +Fixes: 164a08cee135 (ACPICA: Dispatcher: Introduce timeout mechanism for infinite loop detection) +Reported-by: Fengguang Wu +References: https://lists.01.org/pipermail/lkp/2018-April/008406.html +Signed-off-by: Bart Van Assche +Cc: 4.16+ # 4.16+ +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/osl.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +--- a/drivers/acpi/osl.c ++++ b/drivers/acpi/osl.c +@@ -617,15 +617,18 @@ void acpi_os_stall(u32 us) + } + + /* +- * Support ACPI 3.0 AML Timer operand +- * Returns 64-bit free-running, monotonically increasing timer +- * with 100ns granularity ++ * Support ACPI 3.0 AML Timer operand. Returns a 64-bit free-running, ++ * monotonically increasing timer with 100ns granularity. Do not use ++ * ktime_get() to implement this function because this function may get ++ * called after timekeeping has been suspended. Note: calling this function ++ * after timekeeping has been suspended may lead to unexpected results ++ * because when timekeeping is suspended the jiffies counter is not ++ * incremented. See also timekeeping_suspend(). + */ + u64 acpi_os_get_timer(void) + { +- u64 time_ns = ktime_to_ns(ktime_get()); +- do_div(time_ns, 100); +- return time_ns; ++ return (get_jiffies_64() - INITIAL_JIFFIES) * ++ (ACPI_100NSEC_PER_SEC / HZ); + } + + acpi_status acpi_os_read_port(acpi_io_address port, u32 * value, u32 width) diff --git a/queue-4.18/acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch b/queue-4.18/acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch new file mode 100644 index 00000000000..e8637246cbe --- /dev/null +++ b/queue-4.18/acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch @@ -0,0 +1,45 @@ +From 4abb951b73ff0a8a979113ef185651aa3c8da19b Mon Sep 17 00:00:00 2001 +From: Erik Schmauss +Date: Wed, 17 Oct 2018 14:09:35 -0700 +Subject: ACPICA: AML interpreter: add region addresses in global list during initialization + +From: Erik Schmauss + +commit 4abb951b73ff0a8a979113ef185651aa3c8da19b upstream. + +The table load process omitted adding the operation region address +range to the global list. This omission is problematic because the OS +queries the global list to check for address range conflicts before +deciding which drivers to load. This commit may result in warning +messages that look like the following: + +[ 7.871761] ACPI Warning: system_IO range 0x00000428-0x0000042F conflicts with op_region 0x00000400-0x0000047F (\PMIO) (20180531/utaddress-213) +[ 7.871769] ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver + +However, these messages do not signify regressions. It is a result of +properly adding address ranges within the global address list. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=200011 +Tested-by: Jean-Marc Lenoir +Signed-off-by: Erik Schmauss +Cc: All applicable +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/acpica/dsopcode.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/acpi/acpica/dsopcode.c ++++ b/drivers/acpi/acpica/dsopcode.c +@@ -417,6 +417,10 @@ acpi_ds_eval_region_operands(struct acpi + ACPI_FORMAT_UINT64(obj_desc->region.address), + obj_desc->region.length)); + ++ status = acpi_ut_add_address_range(obj_desc->region.space_id, ++ obj_desc->region.address, ++ obj_desc->region.length, node); ++ + /* Now the address and length are valid for this opregion */ + + obj_desc->region.flags |= AOPOBJ_DATA_VALID; diff --git a/queue-4.18/acpica-aml-parser-fix-parse-loop-to-correctly-skip-erroneous-extended-opcodes.patch b/queue-4.18/acpica-aml-parser-fix-parse-loop-to-correctly-skip-erroneous-extended-opcodes.patch new file mode 100644 index 00000000000..964e6f53944 --- /dev/null +++ b/queue-4.18/acpica-aml-parser-fix-parse-loop-to-correctly-skip-erroneous-extended-opcodes.patch @@ -0,0 +1,57 @@ +From c64baa3a6fa207d112706bc5e7fd645cd8a8663f Mon Sep 17 00:00:00 2001 +From: Erik Schmauss +Date: Wed, 17 Oct 2018 14:20:51 -0700 +Subject: ACPICA: AML Parser: fix parse loop to correctly skip erroneous extended opcodes + +From: Erik Schmauss + +commit c64baa3a6fa207d112706bc5e7fd645cd8a8663f upstream. + +AML opcodes come in two lengths: 1-byte opcodes and 2-byte, extended opcodes. +If an error occurs due to illegal opcodes during table load, the AML parser +needs to continue loading the table. In order to do this, it needs to skip +parsing of the offending opcode and operands associated with that opcode. + +This change fixes the AML parse loop to correctly skip parsing of incorrect +extended opcodes. Previously, only the short opcodes were skipped correctly. + +Signed-off-by: Erik Schmauss +Cc: All applicable +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/acpica/psloop.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +--- a/drivers/acpi/acpica/psloop.c ++++ b/drivers/acpi/acpica/psloop.c +@@ -417,6 +417,7 @@ acpi_status acpi_ps_parse_loop(struct ac + union acpi_parse_object *op = NULL; /* current op */ + struct acpi_parse_state *parser_state; + u8 *aml_op_start = NULL; ++ u8 opcode_length; + + ACPI_FUNCTION_TRACE_PTR(ps_parse_loop, walk_state); + +@@ -540,8 +541,19 @@ acpi_status acpi_ps_parse_loop(struct ac + "Skip parsing opcode %s", + acpi_ps_get_opcode_name + (walk_state->opcode))); ++ ++ /* ++ * Determine the opcode length before skipping the opcode. ++ * An opcode can be 1 byte or 2 bytes in length. ++ */ ++ opcode_length = 1; ++ if ((walk_state->opcode & 0xFF00) == ++ AML_EXTENDED_OPCODE) { ++ opcode_length = 2; ++ } + walk_state->parser_state.aml = +- walk_state->aml + 1; ++ walk_state->aml + opcode_length; ++ + walk_state->parser_state.aml = + acpi_ps_get_next_package_end + (&walk_state->parser_state); diff --git a/queue-4.18/bcache-correct-dirty-data-statistics.patch b/queue-4.18/bcache-correct-dirty-data-statistics.patch new file mode 100644 index 00000000000..02bf415533c --- /dev/null +++ b/queue-4.18/bcache-correct-dirty-data-statistics.patch @@ -0,0 +1,40 @@ +From 2e17a262a2371d38d2ec03614a2675a32cef9912 Mon Sep 17 00:00:00 2001 +From: Tang Junhui +Date: Mon, 8 Oct 2018 20:41:12 +0800 +Subject: bcache: correct dirty data statistics + +From: Tang Junhui + +commit 2e17a262a2371d38d2ec03614a2675a32cef9912 upstream. + +When bcache device is clean, dirty keys may still exist after +journal replay, so we need to count these dirty keys even +device in clean status, otherwise after writeback, the amount +of dirty data would be incorrect. + +Signed-off-by: Tang Junhui +Cc: stable@vger.kernel.org +Signed-off-by: Coly Li +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/bcache/super.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -1131,11 +1131,12 @@ int bch_cached_dev_attach(struct cached_ + } + + if (BDEV_STATE(&dc->sb) == BDEV_STATE_DIRTY) { +- bch_sectors_dirty_init(&dc->disk); + atomic_set(&dc->has_dirty, 1); + bch_writeback_queue(dc); + } + ++ bch_sectors_dirty_init(&dc->disk); ++ + bch_cached_dev_run(dc); + bcache_device_link(&dc->disk, c, "bdev"); + diff --git a/queue-4.18/bcache-fix-miss-key-refill-end-in-writeback.patch b/queue-4.18/bcache-fix-miss-key-refill-end-in-writeback.patch new file mode 100644 index 00000000000..da3602ad9e6 --- /dev/null +++ b/queue-4.18/bcache-fix-miss-key-refill-end-in-writeback.patch @@ -0,0 +1,43 @@ +From 2d6cb6edd2c7fb4f40998895bda45006281b1ac5 Mon Sep 17 00:00:00 2001 +From: Tang Junhui +Date: Mon, 8 Oct 2018 20:41:14 +0800 +Subject: bcache: fix miss key refill->end in writeback + +From: Tang Junhui + +commit 2d6cb6edd2c7fb4f40998895bda45006281b1ac5 upstream. + +refill->end record the last key of writeback, for example, at the first +time, keys (1,128K) to (1,1024K) are flush to the backend device, but +the end key (1,1024K) is not included, since the bellow code: + if (bkey_cmp(k, refill->end) >= 0) { + ret = MAP_DONE; + goto out; + } +And in the next time when we refill writeback keybuf again, we searched +key start from (1,1024K), and got a key bigger than it, so the key +(1,1024K) missed. +This patch modify the above code, and let the end key to be included to +the writeback key buffer. + +Signed-off-by: Tang Junhui +Cc: stable@vger.kernel.org +Signed-off-by: Coly Li +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/bcache/btree.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -2380,7 +2380,7 @@ static int refill_keybuf_fn(struct btree + struct keybuf *buf = refill->buf; + int ret = MAP_CONTINUE; + +- if (bkey_cmp(k, refill->end) >= 0) { ++ if (bkey_cmp(k, refill->end) > 0) { + ret = MAP_DONE; + goto out; + } diff --git a/queue-4.18/bcache-trace-missed-reading-by-cache_missed.patch b/queue-4.18/bcache-trace-missed-reading-by-cache_missed.patch new file mode 100644 index 00000000000..fa5747a6749 --- /dev/null +++ b/queue-4.18/bcache-trace-missed-reading-by-cache_missed.patch @@ -0,0 +1,34 @@ +From 502b291568fc7faf1ebdb2c2590f12851db0ff76 Mon Sep 17 00:00:00 2001 +From: Tang Junhui +Date: Mon, 8 Oct 2018 20:41:08 +0800 +Subject: bcache: trace missed reading by cache_missed + +From: Tang Junhui + +commit 502b291568fc7faf1ebdb2c2590f12851db0ff76 upstream. + +Missed reading IOs are identified by s->cache_missed, not the +s->cache_miss, so in trace_bcache_read() using trace_bcache_read +to identify whether the IO is missed or not. + +Signed-off-by: Tang Junhui +Cc: stable@vger.kernel.org +Signed-off-by: Coly Li +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/bcache/request.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/bcache/request.c ++++ b/drivers/md/bcache/request.c +@@ -843,7 +843,7 @@ static void cached_dev_read_done_bh(stru + + bch_mark_cache_accounting(s->iop.c, s->d, + !s->cache_missed, s->iop.bypass); +- trace_bcache_read(s->orig_bio, !s->cache_miss, s->iop.bypass); ++ trace_bcache_read(s->orig_bio, !s->cache_missed, s->iop.bypass); + + if (s->iop.status) + continue_at_nobarrier(cl, cached_dev_read_error, bcache_wq); diff --git a/queue-4.18/block-don-t-deal-with-discard-limit-in-blkdev_issue_discard.patch b/queue-4.18/block-don-t-deal-with-discard-limit-in-blkdev_issue_discard.patch new file mode 100644 index 00000000000..5383158ff22 --- /dev/null +++ b/queue-4.18/block-don-t-deal-with-discard-limit-in-blkdev_issue_discard.patch @@ -0,0 +1,85 @@ +From 744889b7cbb56a64f957e65ade7cb65fe3f35714 Mon Sep 17 00:00:00 2001 +From: Ming Lei +Date: Fri, 12 Oct 2018 15:53:10 +0800 +Subject: block: don't deal with discard limit in blkdev_issue_discard() + +From: Ming Lei + +commit 744889b7cbb56a64f957e65ade7cb65fe3f35714 upstream. + +blk_queue_split() does respect this limit via bio splitting, so no +need to do that in blkdev_issue_discard(), then we can align to +normal bio submit(bio_add_page() & submit_bio()). + +More importantly, this patch fixes one issue introduced in a22c4d7e34402cc +("block: re-add discard_granularity and alignment checks"), in which +zero discard bio may be generated in case of zero alignment. + +Fixes: a22c4d7e34402ccdf3 ("block: re-add discard_granularity and alignment checks") +Cc: stable@vger.kernel.org +Cc: Ming Lin +Cc: Mike Snitzer +Cc: Christoph Hellwig +Cc: Xiao Ni +Tested-by: Mariusz Dabrowski +Signed-off-by: Ming Lei +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + block/blk-lib.c | 28 ++-------------------------- + 1 file changed, 2 insertions(+), 26 deletions(-) + +--- a/block/blk-lib.c ++++ b/block/blk-lib.c +@@ -29,9 +29,7 @@ int __blkdev_issue_discard(struct block_ + { + struct request_queue *q = bdev_get_queue(bdev); + struct bio *bio = *biop; +- unsigned int granularity; + unsigned int op; +- int alignment; + sector_t bs_mask; + + if (!q) +@@ -54,38 +52,16 @@ int __blkdev_issue_discard(struct block_ + if ((sector | nr_sects) & bs_mask) + return -EINVAL; + +- /* Zero-sector (unknown) and one-sector granularities are the same. */ +- granularity = max(q->limits.discard_granularity >> 9, 1U); +- alignment = (bdev_discard_alignment(bdev) >> 9) % granularity; +- + while (nr_sects) { +- unsigned int req_sects; +- sector_t end_sect, tmp; ++ unsigned int req_sects = nr_sects; ++ sector_t end_sect; + +- /* +- * Issue in chunks of the user defined max discard setting, +- * ensuring that bi_size doesn't overflow +- */ +- req_sects = min_t(sector_t, nr_sects, +- q->limits.max_discard_sectors); + if (!req_sects) + goto fail; + if (req_sects > UINT_MAX >> 9) + req_sects = UINT_MAX >> 9; + +- /* +- * If splitting a request, and the next starting sector would be +- * misaligned, stop the discard at the previous aligned sector. +- */ + end_sect = sector + req_sects; +- tmp = end_sect; +- if (req_sects < nr_sects && +- sector_div(tmp, granularity) != alignment) { +- end_sect = end_sect - alignment; +- sector_div(end_sect, granularity); +- end_sect = end_sect * granularity + alignment; +- req_sects = end_sect - sector; +- } + + bio = next_bio(bio, 0, gfp_mask); + bio->bi_iter.bi_sector = sector; diff --git a/queue-4.18/block-make-sure-discard-bio-is-aligned-with-logical-block-size.patch b/queue-4.18/block-make-sure-discard-bio-is-aligned-with-logical-block-size.patch new file mode 100644 index 00000000000..32abe1b3cdd --- /dev/null +++ b/queue-4.18/block-make-sure-discard-bio-is-aligned-with-logical-block-size.patch @@ -0,0 +1,76 @@ +From 1adfc5e4136f5967d591c399aff95b3b035f16b7 Mon Sep 17 00:00:00 2001 +From: Ming Lei +Date: Mon, 29 Oct 2018 20:57:17 +0800 +Subject: block: make sure discard bio is aligned with logical block size + +From: Ming Lei + +commit 1adfc5e4136f5967d591c399aff95b3b035f16b7 upstream. + +Obviously the created discard bio has to be aligned with logical block size. + +This patch introduces the helper of bio_allowed_max_sectors() for +this purpose. + +Cc: stable@vger.kernel.org +Cc: Mike Snitzer +Cc: Christoph Hellwig +Cc: Xiao Ni +Cc: Mariusz Dabrowski +Fixes: 744889b7cbb56a6 ("block: don't deal with discard limit in blkdev_issue_discard()") +Fixes: a22c4d7e34402cc ("block: re-add discard_granularity and alignment checks") +Reported-by: Rui Salvaterra +Tested-by: Rui Salvaterra +Signed-off-by: Ming Lei +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + block/blk-lib.c | 3 +-- + block/blk-merge.c | 3 ++- + block/blk.h | 10 ++++++++++ + 3 files changed, 13 insertions(+), 3 deletions(-) + +--- a/block/blk-lib.c ++++ b/block/blk-lib.c +@@ -58,8 +58,7 @@ int __blkdev_issue_discard(struct block_ + + if (!req_sects) + goto fail; +- if (req_sects > UINT_MAX >> 9) +- req_sects = UINT_MAX >> 9; ++ req_sects = min(req_sects, bio_allowed_max_sectors(q)); + + end_sect = sector + req_sects; + +--- a/block/blk-merge.c ++++ b/block/blk-merge.c +@@ -27,7 +27,8 @@ static struct bio *blk_bio_discard_split + /* Zero-sector (unknown) and one-sector granularities are the same. */ + granularity = max(q->limits.discard_granularity >> 9, 1U); + +- max_discard_sectors = min(q->limits.max_discard_sectors, UINT_MAX >> 9); ++ max_discard_sectors = min(q->limits.max_discard_sectors, ++ bio_allowed_max_sectors(q)); + max_discard_sectors -= max_discard_sectors % granularity; + + if (unlikely(!max_discard_sectors)) { +--- a/block/blk.h ++++ b/block/blk.h +@@ -327,6 +327,16 @@ static inline unsigned long blk_rq_deadl + } + + /* ++ * The max size one bio can handle is UINT_MAX becasue bvec_iter.bi_size ++ * is defined as 'unsigned int', meantime it has to aligned to with logical ++ * block size which is the minimum accepted unit by hardware. ++ */ ++static inline unsigned int bio_allowed_max_sectors(struct request_queue *q) ++{ ++ return round_down(UINT_MAX, queue_logical_block_size(q)) >> 9; ++} ++ ++/* + * Internal io_context interface + */ + void get_io_context(struct io_context *ioc); diff --git a/queue-4.18/block-make-sure-writesame-bio-is-aligned-with-logical-block-size.patch b/queue-4.18/block-make-sure-writesame-bio-is-aligned-with-logical-block-size.patch new file mode 100644 index 00000000000..f8bcf547ad3 --- /dev/null +++ b/queue-4.18/block-make-sure-writesame-bio-is-aligned-with-logical-block-size.patch @@ -0,0 +1,38 @@ +From 34ffec60b27aa81d04e274e71e4c6ef740f75fc7 Mon Sep 17 00:00:00 2001 +From: Ming Lei +Date: Mon, 29 Oct 2018 20:57:19 +0800 +Subject: block: make sure writesame bio is aligned with logical block size + +From: Ming Lei + +commit 34ffec60b27aa81d04e274e71e4c6ef740f75fc7 upstream. + +Obviously the created writesame bio has to be aligned with logical block +size, and use bio_allowed_max_sectors() to retrieve this number. + +Cc: stable@vger.kernel.org +Cc: Mike Snitzer +Cc: Christoph Hellwig +Cc: Xiao Ni +Cc: Mariusz Dabrowski +Fixes: b49a0871be31a745b2ef ("block: remove split code in blkdev_issue_{discard,write_same}") +Tested-by: Rui Salvaterra +Signed-off-by: Ming Lei +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + block/blk-lib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/block/blk-lib.c ++++ b/block/blk-lib.c +@@ -161,7 +161,7 @@ static int __blkdev_issue_write_same(str + return -EOPNOTSUPP; + + /* Ensure that max_write_same_sectors doesn't overflow bi_size */ +- max_write_same_sectors = UINT_MAX >> 9; ++ max_write_same_sectors = bio_allowed_max_sectors(q); + + while (nr_sects) { + bio = next_bio(bio, 1, gfp_mask); diff --git a/queue-4.18/block-setup-bounce-bio_sets-properly.patch b/queue-4.18/block-setup-bounce-bio_sets-properly.patch new file mode 100644 index 00000000000..926e7895348 --- /dev/null +++ b/queue-4.18/block-setup-bounce-bio_sets-properly.patch @@ -0,0 +1,101 @@ +From 52990a5fb0c991ecafebdab43138b5ed41376852 Mon Sep 17 00:00:00 2001 +From: Jens Axboe +Date: Sun, 21 Oct 2018 12:02:36 -0600 +Subject: block: setup bounce bio_sets properly + +From: Jens Axboe + +commit 52990a5fb0c991ecafebdab43138b5ed41376852 upstream. + +We're only setting up the bounce bio sets if we happen +to need bouncing for regular HIGHMEM, not if we only need +it for ISA devices. + +Protect the ISA bounce setup with a mutex, since it's +being invoked from driver init functions and can thus be +called in parallel. + +Cc: stable@vger.kernel.org +Reported-by: Ondrej Zary +Tested-by: Ondrej Zary +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + block/bounce.c | 37 ++++++++++++++++++++++++++++--------- + 1 file changed, 28 insertions(+), 9 deletions(-) + +--- a/block/bounce.c ++++ b/block/bounce.c +@@ -31,6 +31,24 @@ + static struct bio_set bounce_bio_set, bounce_bio_split; + static mempool_t page_pool, isa_page_pool; + ++static void init_bounce_bioset(void) ++{ ++ static bool bounce_bs_setup; ++ int ret; ++ ++ if (bounce_bs_setup) ++ return; ++ ++ ret = bioset_init(&bounce_bio_set, BIO_POOL_SIZE, 0, BIOSET_NEED_BVECS); ++ BUG_ON(ret); ++ if (bioset_integrity_create(&bounce_bio_set, BIO_POOL_SIZE)) ++ BUG_ON(1); ++ ++ ret = bioset_init(&bounce_bio_split, BIO_POOL_SIZE, 0, 0); ++ BUG_ON(ret); ++ bounce_bs_setup = true; ++} ++ + #if defined(CONFIG_HIGHMEM) + static __init int init_emergency_pool(void) + { +@@ -44,14 +62,7 @@ static __init int init_emergency_pool(vo + BUG_ON(ret); + pr_info("pool size: %d pages\n", POOL_SIZE); + +- ret = bioset_init(&bounce_bio_set, BIO_POOL_SIZE, 0, BIOSET_NEED_BVECS); +- BUG_ON(ret); +- if (bioset_integrity_create(&bounce_bio_set, BIO_POOL_SIZE)) +- BUG_ON(1); +- +- ret = bioset_init(&bounce_bio_split, BIO_POOL_SIZE, 0, 0); +- BUG_ON(ret); +- ++ init_bounce_bioset(); + return 0; + } + +@@ -86,6 +97,8 @@ static void *mempool_alloc_pages_isa(gfp + return mempool_alloc_pages(gfp_mask | GFP_DMA, data); + } + ++static DEFINE_MUTEX(isa_mutex); ++ + /* + * gets called "every" time someone init's a queue with BLK_BOUNCE_ISA + * as the max address, so check if the pool has already been created. +@@ -94,14 +107,20 @@ int init_emergency_isa_pool(void) + { + int ret; + +- if (mempool_initialized(&isa_page_pool)) ++ mutex_lock(&isa_mutex); ++ ++ if (mempool_initialized(&isa_page_pool)) { ++ mutex_unlock(&isa_mutex); + return 0; ++ } + + ret = mempool_init(&isa_page_pool, ISA_POOL_SIZE, mempool_alloc_pages_isa, + mempool_free_pages, (void *) 0); + BUG_ON(ret); + + pr_info("isa pool size: %d pages\n", ISA_POOL_SIZE); ++ init_bounce_bioset(); ++ mutex_unlock(&isa_mutex); + return 0; + } + diff --git a/queue-4.18/cpufreq-conservative-take-limits-changes-into-account-properly.patch b/queue-4.18/cpufreq-conservative-take-limits-changes-into-account-properly.patch new file mode 100644 index 00000000000..4bd5e57038e --- /dev/null +++ b/queue-4.18/cpufreq-conservative-take-limits-changes-into-account-properly.patch @@ -0,0 +1,58 @@ +From da5e79bc70b84971d2b3a55fb252e34e51d81d48 Mon Sep 17 00:00:00 2001 +From: "Rafael J. Wysocki" +Date: Mon, 15 Oct 2018 23:21:05 +0200 +Subject: cpufreq: conservative: Take limits changes into account properly + +From: Rafael J. Wysocki + +commit da5e79bc70b84971d2b3a55fb252e34e51d81d48 upstream. + +If the policy limits change between invocations of cs_dbs_update(), +the requested frequency value stored in dbs_info may not be updated +and the function may use a stale value of it next time. Moreover, if +idle periods are takem into account by cs_dbs_update(), the requested +frequency value stored in dbs_info may be below the min policy limit, +which is incorrect. + +To fix these problems, always update the requested frequency value +in dbs_info along with the local copy of it when the previous +requested frequency is beyond the policy limits and avoid decreasing +the requested frequency below the min policy limit when taking +idle periods into account. + +Fixes: abb6627910a1 (cpufreq: conservative: Fix next frequency selection) +Fixes: 00bfe05889e9 (cpufreq: conservative: Decrease frequency faster for deferred updates) +Reported-by: Waldemar Rymarkiewicz +Cc: All applicable +Signed-off-by: Rafael J. Wysocki +Acked-by: Waldemar Rymarkiewicz +Acked-by: Viresh Kumar +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/cpufreq/cpufreq_conservative.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/cpufreq/cpufreq_conservative.c ++++ b/drivers/cpufreq/cpufreq_conservative.c +@@ -80,8 +80,10 @@ static unsigned int cs_dbs_update(struct + * changed in the meantime, so fall back to current frequency in that + * case. + */ +- if (requested_freq > policy->max || requested_freq < policy->min) ++ if (requested_freq > policy->max || requested_freq < policy->min) { + requested_freq = policy->cur; ++ dbs_info->requested_freq = requested_freq; ++ } + + freq_step = get_freq_step(cs_tuners, policy); + +@@ -92,7 +94,7 @@ static unsigned int cs_dbs_update(struct + if (policy_dbs->idle_periods < UINT_MAX) { + unsigned int freq_steps = policy_dbs->idle_periods * freq_step; + +- if (requested_freq > freq_steps) ++ if (requested_freq > policy->min + freq_steps) + requested_freq -= freq_steps; + else + requested_freq = policy->min; diff --git a/queue-4.18/dma-mapping-fix-panic-caused-by-passing-empty-cma-command-line-argument.patch b/queue-4.18/dma-mapping-fix-panic-caused-by-passing-empty-cma-command-line-argument.patch new file mode 100644 index 00000000000..53d73f5708f --- /dev/null +++ b/queue-4.18/dma-mapping-fix-panic-caused-by-passing-empty-cma-command-line-argument.patch @@ -0,0 +1,60 @@ +From a3ceed87b07769fb80ce9dc6b604e515dba14c4b Mon Sep 17 00:00:00 2001 +From: He Zhe +Date: Mon, 17 Sep 2018 11:24:20 +0800 +Subject: dma-mapping: fix panic caused by passing empty cma command line argument + +From: He Zhe + +commit a3ceed87b07769fb80ce9dc6b604e515dba14c4b upstream. + +early_cma does not check input argument before passing it to +simple_strtoull. The argument would be a NULL pointer if "cma", without +its value, is set in command line and thus causes the following panic. + +PANIC: early exception 0xe3 IP 10:ffffffffa3e9db8d error 0 cr2 0x0 +[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc3-yocto-standard+ #7 +[ 0.000000] RIP: 0010:_parse_integer_fixup_radix+0xd/0x70 +... +[ 0.000000] Call Trace: +[ 0.000000] simple_strtoull+0x29/0x70 +[ 0.000000] memparse+0x26/0x90 +[ 0.000000] early_cma+0x17/0x6a +[ 0.000000] do_early_param+0x57/0x8e +[ 0.000000] parse_args+0x208/0x320 +[ 0.000000] ? rdinit_setup+0x30/0x30 +[ 0.000000] parse_early_options+0x29/0x2d +[ 0.000000] ? rdinit_setup+0x30/0x30 +[ 0.000000] parse_early_param+0x36/0x4d +[ 0.000000] setup_arch+0x336/0x99e +[ 0.000000] start_kernel+0x6f/0x4e6 +[ 0.000000] x86_64_start_reservations+0x24/0x26 +[ 0.000000] x86_64_start_kernel+0x6f/0x72 +[ 0.000000] secondary_startup_64+0xa4/0xb0 + +This patch adds a check to prevent the panic. + +Signed-off-by: He Zhe +Reviewed-by: Marek Szyprowski +Cc: stable@vger.kernel.org +Signed-off-by: Christoph Hellwig +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/dma/contiguous.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/kernel/dma/contiguous.c ++++ b/kernel/dma/contiguous.c +@@ -49,7 +49,11 @@ static phys_addr_t limit_cmdline; + + static int __init early_cma(char *p) + { +- pr_debug("%s(%s)\n", __func__, p); ++ if (!p) { ++ pr_err("Config string not provided\n"); ++ return -EINVAL; ++ } ++ + size_cmdline = memparse(p, &p); + if (*p != '@') + return 0; diff --git a/queue-4.18/hwmon-pmbus-fix-page-count-auto-detection.patch b/queue-4.18/hwmon-pmbus-fix-page-count-auto-detection.patch new file mode 100644 index 00000000000..9ba4961470e --- /dev/null +++ b/queue-4.18/hwmon-pmbus-fix-page-count-auto-detection.patch @@ -0,0 +1,54 @@ +From e7c6a55606b5c46b449d76588968b4d8caae903f Mon Sep 17 00:00:00 2001 +From: Dmitry Bazhenov +Date: Mon, 15 Oct 2018 14:21:22 +0500 +Subject: hwmon: (pmbus) Fix page count auto-detection. + +From: Dmitry Bazhenov + +commit e7c6a55606b5c46b449d76588968b4d8caae903f upstream. + +Devices with compatible="pmbus" field have zero initial page count, +and pmbus_clear_faults() being called before the page count auto- +detection does not actually clear faults because it depends on the +page count. Non-cleared faults in its turn may fail the subsequent +page count auto-detection. + +This patch fixes this problem by calling pmbus_clear_fault_page() +for currently set page and calling pmbus_clear_faults() after the +page count was detected. + +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Bazhenov +Signed-off-by: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hwmon/pmbus/pmbus.c | 2 ++ + drivers/hwmon/pmbus/pmbus_core.c | 5 ++++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +--- a/drivers/hwmon/pmbus/pmbus.c ++++ b/drivers/hwmon/pmbus/pmbus.c +@@ -118,6 +118,8 @@ static int pmbus_identify(struct i2c_cli + } else { + info->pages = 1; + } ++ ++ pmbus_clear_faults(client); + } + + if (pmbus_check_byte_register(client, 0, PMBUS_VOUT_MODE)) { +--- a/drivers/hwmon/pmbus/pmbus_core.c ++++ b/drivers/hwmon/pmbus/pmbus_core.c +@@ -2015,7 +2015,10 @@ static int pmbus_init_common(struct i2c_ + if (ret >= 0 && (ret & PB_CAPABILITY_ERROR_CHECK)) + client->flags |= I2C_CLIENT_PEC; + +- pmbus_clear_faults(client); ++ if (data->info->pages) ++ pmbus_clear_faults(client); ++ else ++ pmbus_clear_fault_page(client, -1); + + if (info->identify) { + ret = (*info->identify)(client, info); diff --git a/queue-4.18/ipmi-fix-timer-race-with-module-unload.patch b/queue-4.18/ipmi-fix-timer-race-with-module-unload.patch new file mode 100644 index 00000000000..61266482bd5 --- /dev/null +++ b/queue-4.18/ipmi-fix-timer-race-with-module-unload.patch @@ -0,0 +1,111 @@ +From 0711e8c1b4572d076264e71b0002d223f2666ed7 Mon Sep 17 00:00:00 2001 +From: Jan Glauber +Date: Thu, 11 Oct 2018 12:13:01 +0200 +Subject: ipmi: Fix timer race with module unload + +From: Jan Glauber + +commit 0711e8c1b4572d076264e71b0002d223f2666ed7 upstream. + +Please note that below oops is from an older kernel, but the same +race seems to be present in the upstream kernel too. + +---8<--- + +The following panic was encountered during removing the ipmi_ssif +module: + +[ 526.352555] Unable to handle kernel paging request at virtual address ffff000006923090 +[ 526.360464] Mem abort info: +[ 526.363257] ESR = 0x86000007 +[ 526.366304] Exception class = IABT (current EL), IL = 32 bits +[ 526.372221] SET = 0, FnV = 0 +[ 526.375269] EA = 0, S1PTW = 0 +[ 526.378405] swapper pgtable: 4k pages, 48-bit VAs, pgd = 000000008ae60416 +[ 526.385185] [ffff000006923090] *pgd=000000bffcffe803, *pud=000000bffcffd803, *pmd=0000009f4731a003, *pte=0000000000000000 +[ 526.396141] Internal error: Oops: 86000007 [#1] SMP +[ 526.401008] Modules linked in: nls_iso8859_1 ipmi_devintf joydev input_leds ipmi_msghandler shpchp sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear i2c_smbus hid_generic usbhid uas hid usb_storage ast aes_ce_blk i2c_algo_bit aes_ce_cipher qede ttm crc32_ce ptp crct10dif_ce drm_kms_helper ghash_ce syscopyarea sha2_ce sysfillrect sysimgblt pps_core fb_sys_fops sha256_arm64 sha1_ce mpt3sas qed drm raid_class ahci scsi_transport_sas libahci gpio_xlp i2c_xlp9xx aes_neon_bs aes_neon_blk crypto_simd cryptd aes_arm64 [last unloaded: ipmi_ssif] +[ 526.468085] CPU: 125 PID: 0 Comm: swapper/125 Not tainted 4.15.0-35-generic #38~lp1775396+build.1 +[ 526.476942] Hardware name: To be filled by O.E.M. Saber/Saber, BIOS 0ACKL022 08/14/2018 +[ 526.484932] pstate: 00400009 (nzcv daif +PAN -UAO) +[ 526.489713] pc : 0xffff000006923090 +[ 526.493198] lr : call_timer_fn+0x34/0x178 +[ 526.497194] sp : ffff000009b0bdd0 +[ 526.500496] x29: ffff000009b0bdd0 x28: 0000000000000082 +[ 526.505796] x27: 0000000000000002 x26: ffff000009515188 +[ 526.511096] x25: ffff000009515180 x24: ffff0000090f1018 +[ 526.516396] x23: ffff000009519660 x22: dead000000000200 +[ 526.521696] x21: ffff000006923090 x20: 0000000000000100 +[ 526.526995] x19: ffff809eeb466a40 x18: 0000000000000000 +[ 526.532295] x17: 000000000000000e x16: 0000000000000007 +[ 526.537594] x15: 0000000000000000 x14: 071c71c71c71c71c +[ 526.542894] x13: 0000000000000000 x12: 0000000000000000 +[ 526.548193] x11: 0000000000000001 x10: ffff000009b0be88 +[ 526.553493] x9 : 0000000000000000 x8 : 0000000000000005 +[ 526.558793] x7 : ffff80befc1f8528 x6 : 0000000000000020 +[ 526.564092] x5 : 0000000000000040 x4 : 0000000020001b20 +[ 526.569392] x3 : 0000000000000000 x2 : ffff809eeb466a40 +[ 526.574692] x1 : ffff000006923090 x0 : ffff809eeb466a40 +[ 526.579992] Process swapper/125 (pid: 0, stack limit = 0x000000002eb50acc) +[ 526.586854] Call trace: +[ 526.589289] 0xffff000006923090 +[ 526.592419] expire_timers+0xc8/0x130 +[ 526.596070] run_timer_softirq+0xec/0x1b0 +[ 526.600070] __do_softirq+0x134/0x328 +[ 526.603726] irq_exit+0xc8/0xe0 +[ 526.606857] __handle_domain_irq+0x6c/0xc0 +[ 526.610941] gic_handle_irq+0x84/0x188 +[ 526.614679] el1_irq+0xe8/0x180 +[ 526.617822] cpuidle_enter_state+0xa0/0x328 +[ 526.621993] cpuidle_enter+0x34/0x48 +[ 526.625564] call_cpuidle+0x44/0x70 +[ 526.629040] do_idle+0x1b8/0x1f0 +[ 526.632256] cpu_startup_entry+0x2c/0x30 +[ 526.636174] secondary_start_kernel+0x11c/0x130 +[ 526.640694] Code: bad PC value +[ 526.643800] ---[ end trace d020b0b8417c2498 ]--- +[ 526.648404] Kernel panic - not syncing: Fatal exception in interrupt +[ 526.654778] SMP: stopping secondary CPUs +[ 526.658734] Kernel Offset: disabled +[ 526.662211] CPU features: 0x5800c38 +[ 526.665688] Memory Limit: none +[ 526.668768] ---[ end Kernel panic - not syncing: Fatal exception in interrupt + +Prevent mod_timer from arming a timer that was already removed by +del_timer during module unload. + +Signed-off-by: Jan Glauber +Cc: # 3.19 +Signed-off-by: Corey Minyard +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/ipmi/ipmi_ssif.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/drivers/char/ipmi/ipmi_ssif.c ++++ b/drivers/char/ipmi/ipmi_ssif.c +@@ -606,8 +606,9 @@ static void msg_done_handler(struct ssif + flags = ipmi_ssif_lock_cond(ssif_info, &oflags); + ssif_info->waiting_alert = true; + ssif_info->rtc_us_timer = SSIF_MSG_USEC; +- mod_timer(&ssif_info->retry_timer, +- jiffies + SSIF_MSG_JIFFIES); ++ if (!ssif_info->stopping) ++ mod_timer(&ssif_info->retry_timer, ++ jiffies + SSIF_MSG_JIFFIES); + ipmi_ssif_unlock_cond(ssif_info, flags); + return; + } +@@ -939,8 +940,9 @@ static void msg_written_handler(struct s + ssif_info->waiting_alert = true; + ssif_info->retries_left = SSIF_RECV_RETRIES; + ssif_info->rtc_us_timer = SSIF_MSG_PART_USEC; +- mod_timer(&ssif_info->retry_timer, +- jiffies + SSIF_MSG_PART_JIFFIES); ++ if (!ssif_info->stopping) ++ mod_timer(&ssif_info->retry_timer, ++ jiffies + SSIF_MSG_PART_JIFFIES); + ipmi_ssif_unlock_cond(ssif_info, flags); + } + } diff --git a/queue-4.18/jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch b/queue-4.18/jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch new file mode 100644 index 00000000000..09a3e48188b --- /dev/null +++ b/queue-4.18/jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch @@ -0,0 +1,41 @@ +From 92e2921f7eee63450a5f953f4b15dc6210219430 Mon Sep 17 00:00:00 2001 +From: Hou Tao +Date: Sat, 6 Oct 2018 17:09:35 +0800 +Subject: jffs2: free jffs2_sb_info through jffs2_kill_sb() + +From: Hou Tao + +commit 92e2921f7eee63450a5f953f4b15dc6210219430 upstream. + +When an invalid mount option is passed to jffs2, jffs2_parse_options() +will fail and jffs2_sb_info will be freed, but then jffs2_sb_info will +be used (use-after-free) and freeed (double-free) in jffs2_kill_sb(). + +Fix it by removing the buggy invocation of kfree() when getting invalid +mount options. + +Fixes: 92abc475d8de ("jffs2: implement mount option parsing and compression overriding") +Cc: stable@kernel.org +Signed-off-by: Hou Tao +Reviewed-by: Richard Weinberger +Signed-off-by: Boris Brezillon +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jffs2/super.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/fs/jffs2/super.c ++++ b/fs/jffs2/super.c +@@ -285,10 +285,8 @@ static int jffs2_fill_super(struct super + sb->s_fs_info = c; + + ret = jffs2_parse_options(c, data); +- if (ret) { +- kfree(c); ++ if (ret) + return -EINVAL; +- } + + /* Initialize JFFS2 superblock locks, the further initialization will + * be done later */ diff --git a/queue-4.18/kprobes-x86-use-preempt_enable-in-optimized_callback.patch b/queue-4.18/kprobes-x86-use-preempt_enable-in-optimized_callback.patch new file mode 100644 index 00000000000..fbc642a06f7 --- /dev/null +++ b/queue-4.18/kprobes-x86-use-preempt_enable-in-optimized_callback.patch @@ -0,0 +1,55 @@ +From 2e62024c265aa69315ed02835623740030435380 Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Sat, 20 Oct 2018 18:47:53 +0900 +Subject: kprobes/x86: Use preempt_enable() in optimized_callback() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Masami Hiramatsu + +commit 2e62024c265aa69315ed02835623740030435380 upstream. + +The following commit: + + a19b2e3d7839 ("kprobes/x86: Remove IRQ disabling from ftrace-based/optimized kprobes”) + +removed local_irq_save/restore() from optimized_callback(), the handler +might be interrupted by the rescheduling interrupt and might be +rescheduled - so we must not use the preempt_enable_no_resched() macro. + +Use preempt_enable() instead, to not lose preemption events. + +[ mingo: Improved the changelog. ] + +Reported-by: Nadav Amit +Signed-off-by: Masami Hiramatsu +Acked-by: Peter Zijlstra (Intel) +Cc: +Cc: Alexei Starovoitov +Cc: Andy Lutomirski +Cc: Borislav Petkov +Cc: Linus Torvalds +Cc: Oleg Nesterov +Cc: Thomas Gleixner +Cc: dwmw@amazon.co.uk +Fixes: a19b2e3d7839 ("kprobes/x86: Remove IRQ disabling from ftrace-based/optimized kprobes”) +Link: http://lkml.kernel.org/r/154002887331.7627.10194920925792947001.stgit@devbox +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/kprobes/opt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/kernel/kprobes/opt.c ++++ b/arch/x86/kernel/kprobes/opt.c +@@ -179,7 +179,7 @@ optimized_callback(struct optimized_kpro + opt_pre_handler(&op->kp, regs); + __this_cpu_write(current_kprobe, NULL); + } +- preempt_enable_no_resched(); ++ preempt_enable(); + } + NOKPROBE_SYMBOL(optimized_callback); + diff --git a/queue-4.18/mailbox-pcc-handle-parse-error.patch b/queue-4.18/mailbox-pcc-handle-parse-error.patch new file mode 100644 index 00000000000..2ac71b5d7c4 --- /dev/null +++ b/queue-4.18/mailbox-pcc-handle-parse-error.patch @@ -0,0 +1,43 @@ +From afd0b1fb22269f48d68fdf269891c653818c8047 Mon Sep 17 00:00:00 2001 +From: David Arcari +Date: Mon, 27 Aug 2018 15:19:08 -0400 +Subject: mailbox: PCC: handle parse error + +From: David Arcari + +commit afd0b1fb22269f48d68fdf269891c653818c8047 upstream. + +acpi_pcc_probe() calls acpi_table_parse_entries_array() but fails +to check for an error return. This in turn can result in calling +kcalloc() with a negative count as well as emitting the following +misleading erorr message: + +[ 2.642015] Could not allocate space for PCC mbox channels + +Fixes: 8f8027c5f935 (mailbox: PCC: erroneous error message when parsing ACPI PCCT) +Signed-off-by: David Arcari +Reviewed-by: Al Stone +Cc: 4.18+ # 4.18+ +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mailbox/pcc.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/drivers/mailbox/pcc.c ++++ b/drivers/mailbox/pcc.c +@@ -461,8 +461,11 @@ static int __init acpi_pcc_probe(void) + count = acpi_table_parse_entries_array(ACPI_SIG_PCCT, + sizeof(struct acpi_table_pcct), proc, + ACPI_PCCT_TYPE_RESERVED, MAX_PCC_SUBSPACES); +- if (count == 0 || count > MAX_PCC_SUBSPACES) { +- pr_warn("Invalid PCCT: %d PCC subspaces\n", count); ++ if (count <= 0 || count > MAX_PCC_SUBSPACES) { ++ if (count < 0) ++ pr_warn("Error parsing PCC subspaces from PCCT\n"); ++ else ++ pr_warn("Invalid PCCT: %d PCC subspaces\n", count); + return -EINVAL; + } + diff --git a/queue-4.18/mtd-rawnand-marvell-fix-the-irq-handler-complete-condition.patch b/queue-4.18/mtd-rawnand-marvell-fix-the-irq-handler-complete-condition.patch new file mode 100644 index 00000000000..2c9c1e6718a --- /dev/null +++ b/queue-4.18/mtd-rawnand-marvell-fix-the-irq-handler-complete-condition.patch @@ -0,0 +1,45 @@ +From 53c83b59759c1ee213f5ffa194909daee8902a28 Mon Sep 17 00:00:00 2001 +From: Miquel Raynal +Date: Wed, 3 Oct 2018 11:05:04 +0200 +Subject: mtd: rawnand: marvell: fix the IRQ handler complete() condition + +From: Miquel Raynal + +commit 53c83b59759c1ee213f5ffa194909daee8902a28 upstream. + +With the current implementation, the complete() in the IRQ handler is +supposed to be called only if the register status has one or the other +RDY bit set. Other events might trigger an interrupt as well if +enabled, but should not end-up with a complete() call. + +For this purpose, the code was checking if the other bits were set, in +this case complete() was not called. This is wrong as two events might +happen in a very tight time-frame and if the NDSR status read reports +two bits set (eg. RDY(0) and RDDREQ) at the same time, complete() was +not called. + +This logic would lead to timeouts in marvell_nfc_wait_op() and has +been observed on PXA boards (NFCv1) in the Hamming write path. + +Fixes: 02f26ecf8c77 ("mtd: nand: add reworked Marvell NAND controller driver") +Cc: stable@vger.kernel.org +Reported-by: Daniel Mack +Signed-off-by: Miquel Raynal +Tested-by: Daniel Mack +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/nand/raw/marvell_nand.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/mtd/nand/raw/marvell_nand.c ++++ b/drivers/mtd/nand/raw/marvell_nand.c +@@ -691,7 +691,7 @@ static irqreturn_t marvell_nfc_isr(int i + + marvell_nfc_disable_int(nfc, st & NDCR_ALL_INT); + +- if (!(st & (NDSR_RDDREQ | NDSR_WRDREQ | NDSR_WRCMDREQ))) ++ if (st & (NDSR_RDY(0) | NDSR_RDY(1))) + complete(&nfc->complete); + + return IRQ_HANDLED; diff --git a/queue-4.18/mtd-spi-nor-fsl-quadspi-don-t-let-einval-on-the-bus.patch b/queue-4.18/mtd-spi-nor-fsl-quadspi-don-t-let-einval-on-the-bus.patch new file mode 100644 index 00000000000..138ba334570 --- /dev/null +++ b/queue-4.18/mtd-spi-nor-fsl-quadspi-don-t-let-einval-on-the-bus.patch @@ -0,0 +1,77 @@ +From 000412276370a9bcfec73b3752ceefd9a927f1db Mon Sep 17 00:00:00 2001 +From: Ahmad Fatoum +Date: Fri, 21 Sep 2018 11:32:53 +0200 +Subject: mtd: spi-nor: fsl-quadspi: Don't let -EINVAL on the bus + +From: Ahmad Fatoum + +commit 000412276370a9bcfec73b3752ceefd9a927f1db upstream. + +fsl_qspi_get_seqid() may return -EINVAL, but fsl_qspi_init_ahb_read() +doesn't check for error codes with the result that -EINVAL could find +itself signalled over the bus. + +In conjunction with the LS1046A SoC's A-009283 errata +("Illegal accesses to SPI flash memory can result in a system hang") +this illegal access to SPI flash memory results in a system hang +if userspace attempts reading later on. + +Avoid this by always checking fsl_qspi_get_seqid()'s return value +and bail out otherwise. + +Fixes: e46ecda764dc ("mtd: spi-nor: Add Freescale QuadSPI driver") +Cc: stable@vger.kernel.org +Signed-off-by: Ahmad Fatoum +Signed-off-by: Boris Brezillon +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/spi-nor/fsl-quadspi.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/drivers/mtd/spi-nor/fsl-quadspi.c ++++ b/drivers/mtd/spi-nor/fsl-quadspi.c +@@ -544,6 +544,9 @@ fsl_qspi_runcmd(struct fsl_qspi *q, u8 c + + /* trigger the LUT now */ + seqid = fsl_qspi_get_seqid(q, cmd); ++ if (seqid < 0) ++ return seqid; ++ + qspi_writel(q, (seqid << QUADSPI_IPCR_SEQID_SHIFT) | len, + base + QUADSPI_IPCR); + +@@ -672,7 +675,7 @@ static void fsl_qspi_set_map_addr(struct + * causes the controller to clear the buffer, and use the sequence pointed + * by the QUADSPI_BFGENCR[SEQID] to initiate a read from the flash. + */ +-static void fsl_qspi_init_ahb_read(struct fsl_qspi *q) ++static int fsl_qspi_init_ahb_read(struct fsl_qspi *q) + { + void __iomem *base = q->iobase; + int seqid; +@@ -697,8 +700,13 @@ static void fsl_qspi_init_ahb_read(struc + + /* Set the default lut sequence for AHB Read. */ + seqid = fsl_qspi_get_seqid(q, q->nor[0].read_opcode); ++ if (seqid < 0) ++ return seqid; ++ + qspi_writel(q, seqid << QUADSPI_BFGENCR_SEQID_SHIFT, + q->iobase + QUADSPI_BFGENCR); ++ ++ return 0; + } + + /* This function was used to prepare and enable QSPI clock */ +@@ -806,9 +814,7 @@ static int fsl_qspi_nor_setup_last(struc + fsl_qspi_init_lut(q); + + /* Init for AHB read */ +- fsl_qspi_init_ahb_read(q); +- +- return 0; ++ return fsl_qspi_init_ahb_read(q); + } + + static const struct of_device_id fsl_qspi_dt_ids[] = { diff --git a/queue-4.18/mtd-spi-nor-fsl-quadspi-fix-read-error-for-flash-size-larger-than-16mb.patch b/queue-4.18/mtd-spi-nor-fsl-quadspi-fix-read-error-for-flash-size-larger-than-16mb.patch new file mode 100644 index 00000000000..2a0a994064d --- /dev/null +++ b/queue-4.18/mtd-spi-nor-fsl-quadspi-fix-read-error-for-flash-size-larger-than-16mb.patch @@ -0,0 +1,34 @@ +From 41fe242979e463d6ad251077ded01b825a330b7e Mon Sep 17 00:00:00 2001 +From: Liu Xiang +Date: Tue, 28 Aug 2018 22:32:57 +0800 +Subject: mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB + +From: Liu Xiang + +commit 41fe242979e463d6ad251077ded01b825a330b7e upstream. + +If the size of spi-nor flash is larger than 16MB, the read_opcode +is set to SPINOR_OP_READ_1_1_4_4B, and fsl_qspi_get_seqid() will +return -EINVAL when cmd is SPINOR_OP_READ_1_1_4_4B. This can +cause read operation fail. + +Fixes: e46ecda764dc ("mtd: spi-nor: Add Freescale QuadSPI driver") +Cc: +Signed-off-by: Liu Xiang +Signed-off-by: Boris Brezillon +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/spi-nor/fsl-quadspi.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/mtd/spi-nor/fsl-quadspi.c ++++ b/drivers/mtd/spi-nor/fsl-quadspi.c +@@ -478,6 +478,7 @@ static int fsl_qspi_get_seqid(struct fsl + { + switch (cmd) { + case SPINOR_OP_READ_1_1_4: ++ case SPINOR_OP_READ_1_1_4_4B: + return SEQID_READ; + case SPINOR_OP_WREN: + return SEQID_WREN; diff --git a/queue-4.18/mtd-spi-nor-intel-spi-add-support-for-intel-ice-lake-spi-serial-flash.patch b/queue-4.18/mtd-spi-nor-intel-spi-add-support-for-intel-ice-lake-spi-serial-flash.patch new file mode 100644 index 00000000000..1795f06f825 --- /dev/null +++ b/queue-4.18/mtd-spi-nor-intel-spi-add-support-for-intel-ice-lake-spi-serial-flash.patch @@ -0,0 +1,33 @@ +From 42460c31ae96cbad5ae226ee6c10bd8d70d764ae Mon Sep 17 00:00:00 2001 +From: Mika Westerberg +Date: Thu, 30 Aug 2018 11:42:57 +0300 +Subject: mtd: spi-nor: intel-spi: Add support for Intel Ice Lake SPI serial flash + +From: Mika Westerberg + +commit 42460c31ae96cbad5ae226ee6c10bd8d70d764ae upstream. + +Intel Ice Lake exposes the SPI serial flash controller as a PCI device +in the same way than Intel Denverton. Add Ice Lake SPI serial flash PCI +ID to the driver list of supported devices. + +Signed-off-by: Mika Westerberg +Acked-by: Marek Vasut +Cc: stable@vger.kernel.org +Signed-off-by: Boris Brezillon +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/spi-nor/intel-spi-pci.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/mtd/spi-nor/intel-spi-pci.c ++++ b/drivers/mtd/spi-nor/intel-spi-pci.c +@@ -65,6 +65,7 @@ static void intel_spi_pci_remove(struct + static const struct pci_device_id intel_spi_pci_ids[] = { + { PCI_VDEVICE(INTEL, 0x18e0), (unsigned long)&bxt_info }, + { PCI_VDEVICE(INTEL, 0x19e0), (unsigned long)&bxt_info }, ++ { PCI_VDEVICE(INTEL, 0x34a4), (unsigned long)&bxt_info }, + { PCI_VDEVICE(INTEL, 0xa1a4), (unsigned long)&bxt_info }, + { PCI_VDEVICE(INTEL, 0xa224), (unsigned long)&bxt_info }, + { }, diff --git a/queue-4.18/pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch b/queue-4.18/pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch new file mode 100644 index 00000000000..776d04223d5 --- /dev/null +++ b/queue-4.18/pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch @@ -0,0 +1,108 @@ +From 95691e3eddc41da2d1cd3cca51fecdfb46bd85bc Mon Sep 17 00:00:00 2001 +From: "Maciej S. Szmigiero" +Date: Sun, 9 Sep 2018 01:21:06 +0200 +Subject: pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges + +From: Maciej S. Szmigiero + +commit 95691e3eddc41da2d1cd3cca51fecdfb46bd85bc upstream. + +Currently, "disable_clkrun" yenta_socket module parameter is only +implemented for TI CardBus bridges. +Add also an implementation for Ricoh bridges that have the necessary +setting documented in publicly available datasheets. + +Tested on a RL5C476II with a Sunrich C-160 CardBus NIC that doesn't work +correctly unless the CLKRUN protocol is disabled. + +Let's also make it clear in its description that the "disable_clkrun" +module parameter only works on these two previously mentioned brands of +CardBus bridges. + +Signed-off-by: Maciej S. Szmigiero +Cc: stable@vger.kernel.org +Signed-off-by: Dominik Brodowski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pcmcia/ricoh.h | 35 +++++++++++++++++++++++++++++++++++ + drivers/pcmcia/yenta_socket.c | 3 ++- + 2 files changed, 37 insertions(+), 1 deletion(-) + +--- a/drivers/pcmcia/ricoh.h ++++ b/drivers/pcmcia/ricoh.h +@@ -119,6 +119,10 @@ + #define RL5C4XX_MISC_CONTROL 0x2F /* 8 bit */ + #define RL5C4XX_ZV_ENABLE 0x08 + ++/* Misc Control 3 Register */ ++#define RL5C4XX_MISC3 0x00A2 /* 16 bit */ ++#define RL5C47X_MISC3_CB_CLKRUN_DIS BIT(1) ++ + #ifdef __YENTA_H + + #define rl_misc(socket) ((socket)->private[0]) +@@ -156,6 +160,35 @@ static void ricoh_set_zv(struct yenta_so + } + } + ++static void ricoh_set_clkrun(struct yenta_socket *socket, bool quiet) ++{ ++ u16 misc3; ++ ++ /* ++ * RL5C475II likely has this setting, too, however no datasheet ++ * is publicly available for this chip ++ */ ++ if (socket->dev->device != PCI_DEVICE_ID_RICOH_RL5C476 && ++ socket->dev->device != PCI_DEVICE_ID_RICOH_RL5C478) ++ return; ++ ++ if (socket->dev->revision < 0x80) ++ return; ++ ++ misc3 = config_readw(socket, RL5C4XX_MISC3); ++ if (misc3 & RL5C47X_MISC3_CB_CLKRUN_DIS) { ++ if (!quiet) ++ dev_dbg(&socket->dev->dev, ++ "CLKRUN feature already disabled\n"); ++ } else if (disable_clkrun) { ++ if (!quiet) ++ dev_info(&socket->dev->dev, ++ "Disabling CLKRUN feature\n"); ++ misc3 |= RL5C47X_MISC3_CB_CLKRUN_DIS; ++ config_writew(socket, RL5C4XX_MISC3, misc3); ++ } ++} ++ + static void ricoh_save_state(struct yenta_socket *socket) + { + rl_misc(socket) = config_readw(socket, RL5C4XX_MISC); +@@ -172,6 +205,7 @@ static void ricoh_restore_state(struct y + config_writew(socket, RL5C4XX_16BIT_IO_0, rl_io(socket)); + config_writew(socket, RL5C4XX_16BIT_MEM_0, rl_mem(socket)); + config_writew(socket, RL5C4XX_CONFIG, rl_config(socket)); ++ ricoh_set_clkrun(socket, true); + } + + +@@ -197,6 +231,7 @@ static int ricoh_override(struct yenta_s + config_writew(socket, RL5C4XX_CONFIG, config); + + ricoh_set_zv(socket); ++ ricoh_set_clkrun(socket, false); + + return 0; + } +--- a/drivers/pcmcia/yenta_socket.c ++++ b/drivers/pcmcia/yenta_socket.c +@@ -26,7 +26,8 @@ + + static bool disable_clkrun; + module_param(disable_clkrun, bool, 0444); +-MODULE_PARM_DESC(disable_clkrun, "If PC card doesn't function properly, please try this option"); ++MODULE_PARM_DESC(disable_clkrun, ++ "If PC card doesn't function properly, please try this option (TI and Ricoh bridges only)"); + + static bool isa_probe = 1; + module_param(isa_probe, bool, 0444); diff --git a/queue-4.18/spi-bcm-qspi-fix-calculation-of-address-length.patch b/queue-4.18/spi-bcm-qspi-fix-calculation-of-address-length.patch new file mode 100644 index 00000000000..2392e3285ba --- /dev/null +++ b/queue-4.18/spi-bcm-qspi-fix-calculation-of-address-length.patch @@ -0,0 +1,38 @@ +From 0976eda7915507fe94e07870c19d717c9994b57a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Thu, 11 Oct 2018 09:40:22 +0200 +Subject: spi: bcm-qspi: fix calculation of address length +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Rafał Miłecki + +commit 0976eda7915507fe94e07870c19d717c9994b57a upstream. + +During implementation of the new API bcm_qspi_bspi_set_flex_mode() has +been modified breaking calculation of address length. An unnecessary +multiplication was added breaking flash reads. + +Fixes: 5f195ee7d830 ("spi: bcm-qspi: Implement the spi_mem interface") +Signed-off-by: Rafał Miłecki +Reviewed-by: Boris Brezillon +Signed-off-by: Mark Brown +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/spi/spi-bcm-qspi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/spi/spi-bcm-qspi.c ++++ b/drivers/spi/spi-bcm-qspi.c +@@ -355,7 +355,7 @@ static int bcm_qspi_bspi_set_flex_mode(s + int bpc = 0, bpp = 0; + u8 command = op->cmd.opcode; + int width = op->cmd.buswidth ? op->cmd.buswidth : SPI_NBITS_SINGLE; +- int addrlen = op->addr.nbytes * 8; ++ int addrlen = op->addr.nbytes; + int flex_mode = 1; + + dev_dbg(&qspi->pdev->dev, "set flex mode w %x addrlen %x hp %d\n", diff --git a/queue-4.18/spi-bcm-qspi-switch-back-to-reading-flash-using-smaller-chunks.patch b/queue-4.18/spi-bcm-qspi-switch-back-to-reading-flash-using-smaller-chunks.patch new file mode 100644 index 00000000000..a27997298cc --- /dev/null +++ b/queue-4.18/spi-bcm-qspi-switch-back-to-reading-flash-using-smaller-chunks.patch @@ -0,0 +1,49 @@ +From 940ec770c295682993d1cccce3081fd7c74fece8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Thu, 11 Oct 2018 09:42:17 +0200 +Subject: spi: bcm-qspi: switch back to reading flash using smaller chunks +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Rafał Miłecki + +commit 940ec770c295682993d1cccce3081fd7c74fece8 upstream. + +Fixing/optimizing bcm_qspi_bspi_read() performance introduced two +changes: +1) It added a loop to read all requested data using multiple BSPI ops. +2) It bumped max size of a single BSPI block request from 256 to 512 B. + +The later change resulted in occasional BSPI timeouts causing a +regression. + +For some unknown reason hardware doesn't always handle reads as expected +when using 512 B chunks. In such cases it may happen that BSPI returns +amount of requested bytes without the last 1-3 ones. It provides the +remaining bytes later but doesn't raise an interrupt until another LR +start. + +Switching back to 256 B reads fixes that problem and regression. + +Fixes: 345309fa7c0c ("spi: bcm-qspi: Fix bcm_qspi_bspi_read() performance") +Signed-off-by: Rafał Miłecki +Signed-off-by: Mark Brown +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/spi/spi-bcm-qspi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/spi/spi-bcm-qspi.c ++++ b/drivers/spi/spi-bcm-qspi.c +@@ -89,7 +89,7 @@ + #define BSPI_BPP_MODE_SELECT_MASK BIT(8) + #define BSPI_BPP_ADDR_SELECT_MASK BIT(16) + +-#define BSPI_READ_LENGTH 512 ++#define BSPI_READ_LENGTH 256 + + /* MSPI register offsets */ + #define MSPI_SPCR0_LSB 0x000 diff --git a/queue-4.18/spi-spi-mem-adjust-op-len-based-on-message-transfer-size-limitations.patch b/queue-4.18/spi-spi-mem-adjust-op-len-based-on-message-transfer-size-limitations.patch new file mode 100644 index 00000000000..8dbf7bab2c1 --- /dev/null +++ b/queue-4.18/spi-spi-mem-adjust-op-len-based-on-message-transfer-size-limitations.patch @@ -0,0 +1,51 @@ +From e757996cafbeb6b71234a17130674bcd8f44c59e Mon Sep 17 00:00:00 2001 +From: Chuanhua Han +Date: Thu, 30 Aug 2018 16:43:24 +0800 +Subject: spi: spi-mem: Adjust op len based on message/transfer size limitations + +From: Chuanhua Han + +commit e757996cafbeb6b71234a17130674bcd8f44c59e upstream. + +We need that to adjust the len of the 2nd transfer (called data in +spi-mem) if it's too long to fit in a SPI message or SPI transfer. + +Fixes: c36ff266dc82 ("spi: Extend the core to ease integration of SPI memory controllers") +Cc: +Signed-off-by: Chuanhua Han +Reviewed-by: Boris Brezillon +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/spi/spi-mem.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +--- a/drivers/spi/spi-mem.c ++++ b/drivers/spi/spi-mem.c +@@ -328,10 +328,25 @@ EXPORT_SYMBOL_GPL(spi_mem_exec_op); + int spi_mem_adjust_op_size(struct spi_mem *mem, struct spi_mem_op *op) + { + struct spi_controller *ctlr = mem->spi->controller; ++ size_t len; ++ ++ len = sizeof(op->cmd.opcode) + op->addr.nbytes + op->dummy.nbytes; + + if (ctlr->mem_ops && ctlr->mem_ops->adjust_op_size) + return ctlr->mem_ops->adjust_op_size(mem, op); + ++ if (!ctlr->mem_ops || !ctlr->mem_ops->exec_op) { ++ if (len > spi_max_transfer_size(mem->spi)) ++ return -EINVAL; ++ ++ op->data.nbytes = min3((size_t)op->data.nbytes, ++ spi_max_transfer_size(mem->spi), ++ spi_max_message_size(mem->spi) - ++ len); ++ if (!op->data.nbytes) ++ return -EINVAL; ++ } ++ + return 0; + } + EXPORT_SYMBOL_GPL(spi_mem_adjust_op_size);