From: K. Y. Srinivasan Date: Thu, 1 Dec 2011 12:59:19 +0000 (-0800) Subject: Staging: hv: storvsc: Fix a bug in copy_from_bounce_buffer() X-Git-Tag: firefly_0821_release~3680^2~3804^2~101^2~102 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=10c43dd4c4403d35fc6477d547aa3a38b466b310;p=firefly-linux-kernel-4.4.55.git Staging: hv: storvsc: Fix a bug in copy_from_bounce_buffer() Fix a bug in copy_from_bounce_buffer(). Signed-off-by: K. Y. Srinivasan Signed-off-by: Haiyang Zhang Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/hv/storvsc_drv.c b/drivers/staging/hv/storvsc_drv.c index 8dafe52e9a69..c22de062dc49 100644 --- a/drivers/staging/hv/storvsc_drv.c +++ b/drivers/staging/hv/storvsc_drv.c @@ -880,7 +880,8 @@ cleanup: /* Assume the original sgl has enough room */ static unsigned int copy_from_bounce_buffer(struct scatterlist *orig_sgl, struct scatterlist *bounce_sgl, - unsigned int orig_sgl_count) + unsigned int orig_sgl_count, + unsigned int bounce_sgl_count) { int i; int j = 0; @@ -921,6 +922,24 @@ static unsigned int copy_from_bounce_buffer(struct scatterlist *orig_sgl, kunmap_atomic((void *)bounce_addr, KM_IRQ0); j++; + /* + * It is possible that the number of elements + * in the bounce buffer may not be equal to + * the number of elements in the original + * scatter list. Handle this correctly. + */ + + if (j == bounce_sgl_count) { + /* + * We are done; cleanup and return. + */ + kunmap_atomic((void *)(dest_addr - + orig_sgl[i].offset), + KM_IRQ0); + local_irq_restore(flags); + return total_copied; + } + /* if we need to use another bounce buffer */ if (destlen || i != orig_sgl_count - 1) bounce_addr = @@ -1126,7 +1145,8 @@ static void storvsc_command_completion(struct hv_storvsc_request *request) if (vm_srb->data_in == READ_TYPE) copy_from_bounce_buffer(scsi_sglist(scmnd), cmd_request->bounce_sgl, - scsi_sg_count(scmnd)); + scsi_sg_count(scmnd), + cmd_request->bounce_sgl_count); destroy_bounce_buffer(cmd_request->bounce_sgl, cmd_request->bounce_sgl_count); }