From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:37134) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TGTis-0001tH-U4 for qemu-devel@nongnu.org; Tue, 25 Sep 2012 07:54:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TGTir-00028e-B1 for qemu-devel@nongnu.org; Tue, 25 Sep 2012 07:54:42 -0400 Received: from mx1.redhat.com ([209.132.183.28]:63085) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TGTir-00027k-2z for qemu-devel@nongnu.org; Tue, 25 Sep 2012 07:54:41 -0400 Date: Tue, 25 Sep 2012 13:12:45 +0200 From: "Michael S. Tsirkin" Message-ID: <04c6fcdf939e7984ca9d92f41e3a4b1a6136a25b.1348571185.git.mst@redhat.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: [Qemu-devel] [PATCHv2 10/14] virtio: don't mark unaccessed memory as dirty List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org, Jason Wang , Anthony Liguori , stefanha@linux.vnet.ibm.com, aurelien@aurel32.net offset of accessed buffer is calculated using iov_length, so it can exceed accessed len. If that happens math in len - offset wraps around, and size becomes wrong. As real value is 0, so this is harmless but unnecessary. Signed-off-by: Michael S. Tsirkin --- hw/virtio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/virtio.c b/hw/virtio.c index 209c763..b5764bb 100644 --- a/hw/virtio.c +++ b/hw/virtio.c @@ -241,7 +241,7 @@ void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem, elem->in_sg[i].iov_len, 1, size); - offset += elem->in_sg[i].iov_len; + offset += size; } for (i = 0; i < elem->out_num; i++) -- MST