scsi: storvsc: Fix a bug in copy_from_bounce_buffer()

commit 8de580742fee8bc34d116f57a20b22b9a5f08403 upstream.

We may exit this function without properly freeing up the maapings
we may have acquired. Fix the bug.

Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Long Li <longli@microsoft.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Zefan Li <lizefan@huawei.com>

diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
index a0df0fbf2db999b726a9adbcb2ec315b0c835f77..4ae776995e2adacbbf12a07f779ea309afc6e226 100644 (file)
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -610,21 +610,22 @@ static unsigned int copy_to_bounce_buffer(struct scatterlist *orig_sgl,
                        if (bounce_sgl[j].length == PAGE_SIZE) {
                                /* full..move to next entry */
                                sg_kunmap_atomic(bounce_addr);
+                               bounce_addr = 0;
                                j++;
+                       }
 
-                               /* if we need to use another bounce buffer */
-                               if (srclen || i != orig_sgl_count - 1)
-                                       bounce_addr = sg_kmap_atomic(bounce_sgl,j);
+                       /* if we need to use another bounce buffer */
+                       if (srclen && bounce_addr == 0)
+                               bounce_addr = sg_kmap_atomic(bounce_sgl, j);
 
-                       } else if (srclen == 0 && i == orig_sgl_count - 1) {
-                               /* unmap the last bounce that is < PAGE_SIZE */
-                               sg_kunmap_atomic(bounce_addr);
-                       }
                }
 
                sg_kunmap_atomic(src_addr - orig_sgl[i].offset);
        }
 
+       if (bounce_addr)
+               sg_kunmap_atomic(bounce_addr);
+
        local_irq_restore(flags);
 
        return total_copied;