From: K. Y. Srinivasan Date: Wed, 7 Dec 2011 15:15:52 +0000 (-0800) Subject: Staging: hv: storvsc: Fix a bug in create_bounce_buffer() X-Git-Tag: firefly_0821_release~3680^2~3804^2~101^2~24 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=6e8087a4fae41ae1518babbf1ef46f105d702bfd;p=firefly-linux-kernel-4.4.55.git Staging: hv: storvsc: Fix a bug in create_bounce_buffer() Set the length field of the scatter gather elements correctly when we create the bounce buffer. When we use the bounce buffer for a "write" operation, the act of copying to the bounce buffer, correctly deals with this issue. However, on the "read" side, the current code was not correctly setting the buffer length. Fix this bug. Note that when we copy from the bounce buffer (for the read case), the amount we copy is controlled by the original scatter gather list given to the driver. Signed-off-by: K. Y. Srinivasan Signed-off-by: Haiyang Zhang Reported-by: Dadok Milan Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/hv/storvsc_drv.c b/drivers/staging/hv/storvsc_drv.c index 18f8771769be..eb853f71089a 100644 --- a/drivers/staging/hv/storvsc_drv.c +++ b/drivers/staging/hv/storvsc_drv.c @@ -893,12 +893,14 @@ static int do_bounce_buffer(struct scatterlist *sgl, unsigned int sg_count) static struct scatterlist *create_bounce_buffer(struct scatterlist *sgl, unsigned int sg_count, - unsigned int len) + unsigned int len, + int write) { int i; int num_pages; struct scatterlist *bounce_sgl; struct page *page_buf; + unsigned int buf_len = ((write == WRITE_TYPE) ? 0 : PAGE_SIZE); num_pages = ALIGN(len, PAGE_SIZE) >> PAGE_SHIFT; @@ -910,7 +912,7 @@ static struct scatterlist *create_bounce_buffer(struct scatterlist *sgl, page_buf = alloc_page(GFP_ATOMIC); if (!page_buf) goto cleanup; - sg_set_page(&bounce_sgl[i], page_buf, 0, 0); + sg_set_page(&bounce_sgl[i], page_buf, buf_len, 0); } return bounce_sgl; @@ -1348,7 +1350,8 @@ static int storvsc_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *scmnd) if (do_bounce_buffer(sgl, scsi_sg_count(scmnd)) != -1) { cmd_request->bounce_sgl = create_bounce_buffer(sgl, scsi_sg_count(scmnd), - scsi_bufflen(scmnd)); + scsi_bufflen(scmnd), + vm_srb->data_in); if (!cmd_request->bounce_sgl) { scmnd->host_scribble = NULL; mempool_free(cmd_request,