From 0daa1be3f3af70880e0ba67905d87b9766b689e0 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 16 Oct 2018 16:05:58 +0200
Subject: [PATCH] 4.18-stable patches

added patches:
	i2c-i2c-scmi-fix-for-i2c_smbus_write_block_data.patch
---
 ...i-fix-for-i2c_smbus_write_block_data.patch | 60 +++++++++++++++++++
 queue-4.18/series                             |  1 +
 2 files changed, 61 insertions(+)
 create mode 100644 queue-4.18/i2c-i2c-scmi-fix-for-i2c_smbus_write_block_data.patch

diff --git a/queue-4.18/i2c-i2c-scmi-fix-for-i2c_smbus_write_block_data.patch b/queue-4.18/i2c-i2c-scmi-fix-for-i2c_smbus_write_block_data.patch
new file mode 100644
index 00000000000..3c444d77a3e
--- /dev/null
+++ b/queue-4.18/i2c-i2c-scmi-fix-for-i2c_smbus_write_block_data.patch
@@ -0,0 +1,60 @@
+From 08d9db00fe0e300d6df976e6c294f974988226dd Mon Sep 17 00:00:00 2001
+From: Edgar Cherkasov <echerkasov@dev.rtsoft.ru>
+Date: Thu, 27 Sep 2018 11:56:03 +0300
+Subject: i2c: i2c-scmi: fix for i2c_smbus_write_block_data
+
+From: Edgar Cherkasov <echerkasov@dev.rtsoft.ru>
+
+commit 08d9db00fe0e300d6df976e6c294f974988226dd upstream.
+
+The i2c-scmi driver crashes when the SMBus Write Block transaction is
+executed:
+
+WARNING: CPU: 9 PID: 2194 at mm/page_alloc.c:3931 __alloc_pages_slowpath+0x9db/0xec0
+ Call Trace:
+  ? get_page_from_freelist+0x49d/0x11f0
+  ? alloc_pages_current+0x6a/0xe0
+  ? new_slab+0x499/0x690
+  __alloc_pages_nodemask+0x265/0x280
+  alloc_pages_current+0x6a/0xe0
+  kmalloc_order+0x18/0x40
+  kmalloc_order_trace+0x24/0xb0
+  ? acpi_ut_allocate_object_desc_dbg+0x62/0x10c
+  __kmalloc+0x203/0x220
+  acpi_os_allocate_zeroed+0x34/0x36
+  acpi_ut_copy_eobject_to_iobject+0x266/0x31e
+  acpi_evaluate_object+0x166/0x3b2
+  acpi_smbus_cmi_access+0x144/0x530 [i2c_scmi]
+  i2c_smbus_xfer+0xda/0x370
+  i2cdev_ioctl_smbus+0x1bd/0x270
+  i2cdev_ioctl+0xaa/0x250
+  do_vfs_ioctl+0xa4/0x600
+  SyS_ioctl+0x79/0x90
+  do_syscall_64+0x73/0x130
+  entry_SYSCALL_64_after_hwframe+0x3d/0xa2
+ACPI Error: Evaluating _SBW: 4 (20170831/smbus_cmi-185)
+
+This problem occurs because the length of ACPI Buffer object is not
+defined/initialized in the code before a corresponding ACPI method is
+called. The obvious patch below fixes this issue.
+
+Signed-off-by: Edgar Cherkasov <echerkasov@dev.rtsoft.ru>
+Acked-by: Viktor Krasnov <vkrasnov@dev.rtsoft.ru>
+Acked-by: Michael Brunner <Michael.Brunner@kontron.com>
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/i2c/busses/i2c-scmi.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/i2c/busses/i2c-scmi.c
++++ b/drivers/i2c/busses/i2c-scmi.c
+@@ -152,6 +152,7 @@ acpi_smbus_cmi_access(struct i2c_adapter
+ 			mt_params[3].type = ACPI_TYPE_INTEGER;
+ 			mt_params[3].integer.value = len;
+ 			mt_params[4].type = ACPI_TYPE_BUFFER;
++			mt_params[4].buffer.length = len;
+ 			mt_params[4].buffer.pointer = data->block + 1;
+ 		}
+ 		break;
diff --git a/queue-4.18/series b/queue-4.18/series
index e5851bb0e8b..0fba4f69374 100644
--- a/queue-4.18/series
+++ b/queue-4.18/series
@@ -132,3 +132,4 @@ mm-mmap.c-don-t-clobber-partially-overlapping-vma-with-map_fixed_noreplace.patch
 mm-thp-fix-call-to-mmu_notifier-in-set_pmd_migration_entry-v2.patch
 filesystem-dax-fix-dax_layout_busy_page-livelock.patch
 mm-preserve-_page_devmap-across-mprotect-calls.patch
+i2c-i2c-scmi-fix-for-i2c_smbus_write_block_data.patch
-- 
2.47.2