[PATCH 3.2.y 3.3.y] staging:rts_pstor:Fix possible panic by NULL pointer dereference

From: wwang <wei_wang <at> realsil.com.cn>

commit 0d05568ac79bfc595f1eadc3e0fd7a20a45f7b69 upstream.

rtsx_transport.c (rtsx_transfer_sglist_adma_partial):
pointer struct scatterlist *sg, which is mapped in dma_map_sg,
is used as an iterator in later transfer operation. It is corrupted and
passed to dma_unmap_sg, thus causing fatal unmap of some erroneous address.
Fix it by duplicating *sg_ptr for iterating.

Signed-off-by: wwang <wei_wang <at> realsil.com.cn>
Signed-off-by: Greg Kroah-Hartman <gregkh <at> linuxfoundation.org>
Signed-off-by: Keng-Yu Lin <kengyu <at> canonical.com>
---
 drivers/staging/rts_pstor/rtsx_transport.c |   11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/drivers/staging/rts_pstor/rtsx_transport.c b/drivers/staging/rts_pstor/rtsx_transport.c
index 4e3d2c1..9b2e5c9 100644
--- a/drivers/staging/rts_pstor/rtsx_transport.c
+++ b/drivers/staging/rts_pstor/rtsx_transport.c
 <at>  <at>  -335,6 +335,7  <at>  <at>  static int rtsx_transfer_sglist_adma_partial(struct rtsx_chip *chip, u8 card,
 	int sg_cnt, i, resid;
 	int err = 0;
 	long timeleft;
+	struct scatterlist *sg_ptr;
 	u32 val = TRIG_DMA;

 	if ((sg == NULL) || (num_sg <= 0) || !offset || !index)
 <at>  <at>  -371,7 +372,7  <at>  <at>  static int rtsx_transfer_sglist_adma_partial(struct rtsx_chip *chip, u8 card,