We should use size of descriptor chain to check the maximum
number of consumed descriptors in indirect case. And the
statistical counts should also be reset to zero each time
we get an indirect descriptor.
Fixes: f87d0fbb5798 ("vringh: host-side implementation of virtio rings.")
Signed-off-by: Xie Yongji <xieyongji@xxxxxxxxxxxxx>
Signed-off-by: Fam Zheng <fam.zheng@xxxxxxxxxxxxx>
---
drivers/vhost/vringh.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
index 14e2043d7685..c1810b77a05e 100644
--- a/drivers/vhost/vringh.c
+++ b/drivers/vhost/vringh.c
@@ -344,12 +344,13 @@ __vringh_iov(struct vringh *vrh, u16 i,
addr = (void *)(long)(a + range.offset);
err = move_to_indirect(vrh, &up_next, &i, addr, &desc,
&descs, &desc_max);
+ count = 0;
if (err)
goto fail;
continue;
}
- if (count++ == vrh->vring.num) {
+ if (count++ == desc_max) {
vringh_bad("Descriptor loop in %p", descs);
err = -ELOOP;
goto fail;
@@ -410,6 +411,7 @@ __vringh_iov(struct vringh *vrh, u16 i,
if (unlikely(up_next > 0)) {
i = return_from_indirect(vrh, &up_next,
&descs, &desc_max);
+ count = 0;
slow = false;
} else
break;
--
2.20.1
