From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44884) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XybiK-0005p2-EZ for qemu-devel@nongnu.org; Wed, 10 Dec 2014 02:29:41 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XybiF-0000bw-KI for qemu-devel@nongnu.org; Wed, 10 Dec 2014 02:29:36 -0500 Received: from szxga01-in.huawei.com ([119.145.14.64]:46621) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XybiE-0000as-OR for qemu-devel@nongnu.org; Wed, 10 Dec 2014 02:29:31 -0500 From: Ting Wang Date: Wed, 10 Dec 2014 15:28:58 +0800 Message-ID: <1418196538-44904-1-git-send-email-kathy.wangting@huawei.com> MIME-Version: 1.0 Content-Type: text/plain Subject: [Qemu-devel] [PATCH] NetKVM: fix for indirectc mode when vring is full List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: yvugenfi@redhat.com, qemu-devel@nongnu.org Cc: boby.chen@huawei.com, wu.wubin@huawei.com, Ting Wang In function vring_add_indirect, there is no limiti about free entry in vring. If vring is full, vq->num_free will be less than zero, and the address of vq->vring.desc becomes illegal. Signed-off-by: Ting Wang --- NetKVM/NDIS5/VirtIO/VirtIORing.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NetKVM/NDIS5/VirtIO/VirtIORing.c b/NetKVM/NDIS5/VirtIO/VirtIORing.c index 90ace4c..0f3783c 100644 --- a/NetKVM/NDIS5/VirtIO/VirtIORing.c +++ b/NetKVM/NDIS5/VirtIO/VirtIORing.c @@ -150,7 +150,7 @@ static int vring_add_buf(struct virtqueue *_vq, return -1; } - if (va_indirect) + if (va_indirect && (out + in) > 1 && vq->num_free) { int ret = vring_add_indirect(_vq, sg, out, in, va_indirect, phys_indirect); if (ret >= 0) -- 1.8.5