Staging: sst: user pointers in intel_sst_mmap_play_capture()

	int retval, i;

	struct stream_info *stream;

	struct snd_sst_mmap_buff_entry *buf_entry;

	struct snd_sst_mmap_buff_entry *tmp_buf;

	pr_debug("sst:called for str_id %d\n", str_id);

	retval = sst_validate_strid(str_id);

	if (retval)

		return -EINVAL;

	BUG_ON(!mmap_buf);

	stream = &sst_drv_ctx->streams[str_id];

	if (stream->mmapped != true)

	stream->curr_bytes = 0;

	stream->cumm_bytes = 0;

	tmp_buf = kcalloc(mmap_buf->entries, sizeof(*tmp_buf), GFP_KERNEL);

	if (!tmp_buf)

		return -ENOMEM;

	if (copy_from_user(tmp_buf, (void __user *)mmap_buf->buff,

			mmap_buf->entries * sizeof(*tmp_buf))) {

		retval = -EFAULT;

		goto out_free;

	}

	pr_debug("sst:new buffers count %d status %d\n",

			mmap_buf->entries, stream->status);

	buf_entry = mmap_buf->buff;

	buf_entry = tmp_buf;

	for (i = 0; i < mmap_buf->entries; i++) {

		BUG_ON(!buf_entry);

		bufs = kzalloc(sizeof(*bufs), GFP_KERNEL);

		if (!bufs)

			return -ENOMEM;

		if (!bufs) {

			retval = -ENOMEM;

			goto out_free;

		}

		bufs->size = buf_entry->size;

		bufs->offset = buf_entry->offset;

		bufs->addr = sst_drv_ctx->mmap_mem;

			if (sst_play_frame(str_id) < 0) {

				pr_warn("sst: play frames fail\n");

				mutex_unlock(&stream->lock);

				return -EIO;

				retval = -EIO;

				goto out_free;

			}

		} else if (stream->ops == STREAM_OPS_CAPTURE) {

			if (sst_capture_frame(str_id) < 0) {

				pr_warn("sst: capture frame fail\n");

				mutex_unlock(&stream->lock);

				return -EIO;

				retval = -EIO;

				goto out_free;

			}

		}

	}

	if (retval >= 0)

		retval = stream->cumm_bytes;

	pr_debug("sst:end of play/rec ioctl bytes = %d!!\n", retval);

out_free:

	kfree(tmp_buf);

	return retval;

}