git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1ea590d)
scsi: storvsc: Fix a bug in copy_from_bounce_buffer()
authorK. Y. Srinivasan <kys@microsoft.com>
Fri, 27 Mar 2015 07:27:18 +0000 (00:27 -0700)
committerBen Hutchings <ben@decadent.org.uk>
Thu, 6 Aug 2015 23:32:03 +0000 (00:32 +0100)
commit 8de580742fee8bc34d116f57a20b22b9a5f08403 upstream.

We may exit this function without properly freeing up the maapings
we may have acquired. Fix the bug.

Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Long Li <longli@microsoft.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
[bwh: Backported to 3.2:
 - Adjust filename
 - Keep using kmap_atomic()/kunmap_atomic(), not the sg_-prefixed functions]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
drivers/staging/hv/storvsc_drv.c patch | blob | history

diff --git a/drivers/staging/hv/storvsc_drv.c b/drivers/staging/hv/storvsc_drv.c
index c43a9e8..54ef3d4 100644 (file)
--- a/drivers/staging/hv/storvsc_drv.c
+++ b/drivers/staging/hv/storvsc_drv.c
@@ -940,23 +940,24 @@ static unsigned int copy_to_bounce_buffer(struct scatterlist *orig_sgl,
                        if (bounce_sgl[j].length == PAGE_SIZE) {
                                /* full..move to next entry */
                                kunmap_atomic((void *)bounce_addr, KM_IRQ0);
+                               bounce_addr = 0;
                                j++;
+                       }
 
-                               /* if we need to use another bounce buffer */
-                               if (srclen || i != orig_sgl_count - 1)
-                                       bounce_addr =
+                       /* if we need to use another bounce buffer */
+                       if (srclen && bounce_addr == 0)
+                               bounce_addr =
                                        (unsigned long)kmap_atomic(
                                        sg_page((&bounce_sgl[j])), KM_IRQ0);
 
-                       } else if (srclen == 0 && i == orig_sgl_count - 1) {
-                               /* unmap the last bounce that is < PAGE_SIZE */
-                               kunmap_atomic((void *)bounce_addr, KM_IRQ0);
-                       }
                }
 
                kunmap_atomic((void *)(src_addr - orig_sgl[i].offset), KM_IRQ0);
        }
 
+       if (bounce_addr)
+               kunmap_atomic((void *)bounce_addr, KM_IRQ0);
+
        local_irq_restore(flags);
 
        return total_copied;
Pandora Kernel Repository