virtio: allow mapping up to max queue size

It's a loop from i < num_sg and the array is VIRTQUEUE_MAX_SIZE - so it's OK if the value read is VIRTQUEUE_MAX_SIZE. Not a big problem in practice as people don't use such big queues, but it's inelegant. Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2014-05-12 12:04:20 +03:00 · 2014-05-12 12:04:20 +03:00 · 9372514080
commit 9372514080
parent 06b4f00d53
1 changed files with 1 additions and 1 deletions
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@ -430,7 +430,7 @@ void virtqueue_map_sg(struct iovec *sg, hwaddr *addr,
    unsigned int i;
    hwaddr len;

-    if (num_sg >= VIRTQUEUE_MAX_SIZE) {
+    if (num_sg > VIRTQUEUE_MAX_SIZE) {
        error_report("virtio: map attempt out of bounds: %zd > %d",
                     num_sg, VIRTQUEUE_MAX_SIZE);
        exit(1);