rsi: fix nommu_map_sg overflow kernel panic

			   u32 content_size)

{

	struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops;

	struct bl_header bl_hdr;

	struct bl_header *bl_hdr;

	u32 write_addr, write_len;

	int status;

	bl_hdr.flags = 0;

	bl_hdr.image_no = cpu_to_le32(adapter->priv->coex_mode);

	bl_hdr.check_sum = cpu_to_le32(

				*(u32 *)&flash_content[CHECK_SUM_OFFSET]);

	bl_hdr.flash_start_address = cpu_to_le32(

					*(u32 *)&flash_content[ADDR_OFFSET]);

	bl_hdr.flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]);

	bl_hdr = kzalloc(sizeof(*bl_hdr), GFP_KERNEL);

	if (!bl_hdr)

		return -ENOMEM;

	bl_hdr->flags = 0;

	bl_hdr->image_no = cpu_to_le32(adapter->priv->coex_mode);

	bl_hdr->check_sum =

		cpu_to_le32(*(u32 *)&flash_content[CHECK_SUM_OFFSET]);

	bl_hdr->flash_start_address =

		cpu_to_le32(*(u32 *)&flash_content[ADDR_OFFSET]);

	bl_hdr->flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]);

	write_len = sizeof(struct bl_header);

	if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) {

		write_addr = PING_BUFFER_ADDRESS;

		status = hif_ops->write_reg_multiple(adapter, write_addr,

						 (u8 *)&bl_hdr, write_len);

						 (u8 *)bl_hdr, write_len);

		if (status < 0) {

			rsi_dbg(ERR_ZONE,

				"%s: Failed to load Version/CRC structure\n",

				__func__);

			return status;

			goto fail;

		}

	} else {

		write_addr = PING_BUFFER_ADDRESS >> 16;

			rsi_dbg(ERR_ZONE,

				"%s: Unable to set ms word to common reg\n",

				__func__);

			return status;

			goto fail;

		}

		write_addr = RSI_SD_REQUEST_MASTER |

			     (PING_BUFFER_ADDRESS & 0xFFFF);

		status = hif_ops->write_reg_multiple(adapter, write_addr,

						 (u8 *)&bl_hdr, write_len);

						 (u8 *)bl_hdr, write_len);

		if (status < 0) {

			rsi_dbg(ERR_ZONE,

				"%s: Failed to load Version/CRC structure\n",

				__func__);

			return status;

			goto fail;

		}

	}

	return 0;

	status = 0;

fail:

	kfree(bl_hdr);

	return status;

}

static u32 read_flash_capacity(struct rsi_hw *adapter)

/*This function resets and re-initializes the chip.*/

static void rsi_reset_chip(struct rsi_hw *adapter)

{

	__le32 data;

	u8 *data;

	u8 sdio_interrupt_status = 0;

	u8 request = 1;

	int ret;

	data = kzalloc(sizeof(u32), GFP_KERNEL);

	if (!data)

		return;

	rsi_dbg(INFO_ZONE, "Writing disable to wakeup register\n");

	ret =  rsi_sdio_write_register(adapter, 0, SDIO_WAKEUP_REG, &request);

	if (ret < 0) {

		rsi_dbg(ERR_ZONE,

			"%s: Failed to write SDIO wakeup register\n", __func__);

		return;

		goto err;

	}

	msleep(20);

	ret =  rsi_sdio_read_register(adapter, RSI_FN1_INT_REGISTER,

	if (ret < 0) {

		rsi_dbg(ERR_ZONE, "%s: Failed to Read Intr Status Register\n",

			__func__);

		return;

		goto err;

	}

	rsi_dbg(INFO_ZONE, "%s: Intr Status Register value = %d\n",

		__func__, sdio_interrupt_status);

		rsi_dbg(ERR_ZONE,

			"%s: Unable to set ms word to common reg\n",

			__func__);

		return;

		goto err;

	}

	data = TA_HOLD_THREAD_VALUE;

	put_unaligned_le32(TA_HOLD_THREAD_VALUE, data);

	if (rsi_sdio_write_register_multiple(adapter, TA_HOLD_THREAD_REG |

					     RSI_SD_REQUEST_MASTER,

					     (u8 *)&data, 4)) {

					     data, 4)) {

		rsi_dbg(ERR_ZONE,

			"%s: Unable to hold Thread-Arch processor threads\n",

			__func__);

		return;

		goto err;

	}

	/* This msleep will ensure Thread-Arch processor to go to hold

	 * read write operations to complete for chip reset.

	 */

	msleep(500);

err:

	kfree(data);

	return;

}

/**

#define TA_SOFT_RST_CLR              0

#define TA_SOFT_RST_SET              BIT(0)

#define TA_PC_ZERO                   0

#define TA_HOLD_THREAD_VALUE         cpu_to_le32(0xF)

#define TA_HOLD_THREAD_VALUE         0xF

#define TA_RELEASE_THREAD_VALUE      cpu_to_le32(0xF)

#define TA_BASE_ADDR                 0x2200

#define MISC_CFG_BASE_ADDR           0x4105