From 6e8087a4fae41ae1518babbf1ef46f105d702bfd Mon Sep 17 00:00:00 2001 From: "K. Y. Srinivasan" Date: Wed, 7 Dec 2011 07:15:52 -0800 Subject: [PATCH] Staging: hv: storvsc: Fix a bug in create_bounce_buffer() Set the length field of the scatter gather elements correctly when we create the bounce buffer. When we use the bounce buffer for a "write" operation, the act of copying to the bounce buffer, correctly deals with this issue. However, on the "read" side, the current code was not correctly setting the buffer length. Fix this bug. Note that when we copy from the bounce buffer (for the read case), the amount we copy is controlled by the original scatter gather list given to the driver. Signed-off-by: K. Y. Srinivasan Signed-off-by: Haiyang Zhang Reported-by: Dadok Milan Signed-off-by: Greg Kroah-Hartman --- drivers/staging/hv/storvsc_drv.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/staging/hv/storvsc_drv.c b/drivers/staging/hv/storvsc_drv.c index 18f8771769be..eb853f71089a 100644 --- a/drivers/staging/hv/storvsc_drv.c +++ b/drivers/staging/hv/storvsc_drv.c @@ -893,12 +893,14 @@ static int do_bounce_buffer(struct scatterlist *sgl, unsigned int sg_count) static struct scatterlist *create_bounce_buffer(struct scatterlist *sgl, unsigned int sg_count, - unsigned int len) + unsigned int len, + int write) { int i; int num_pages; struct scatterlist *bounce_sgl; struct page *page_buf; + unsigned int buf_len = ((write == WRITE_TYPE) ? 0 : PAGE_SIZE); num_pages = ALIGN(len, PAGE_SIZE) >> PAGE_SHIFT; @@ -910,7 +912,7 @@ static struct scatterlist *create_bounce_buffer(struct scatterlist *sgl, page_buf = alloc_page(GFP_ATOMIC); if (!page_buf) goto cleanup; - sg_set_page(&bounce_sgl[i], page_buf, 0, 0); + sg_set_page(&bounce_sgl[i], page_buf, buf_len, 0); } return bounce_sgl; @@ -1348,7 +1350,8 @@ static int storvsc_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *scmnd) if (do_bounce_buffer(sgl, scsi_sg_count(scmnd)) != -1) { cmd_request->bounce_sgl = create_bounce_buffer(sgl, scsi_sg_count(scmnd), - scsi_bufflen(scmnd)); + scsi_bufflen(scmnd), + vm_srb->data_in); if (!cmd_request->bounce_sgl) { scmnd->host_scribble = NULL; mempool_free(cmd_request, -- 2.20.1