fetch_buf already guarantees we exit on a descriptor without a NEXT flag. Add a BUG_ON statement to make sure we don't overflow the buffer in case of a bug. Signed-off-by: Michael S. Tsirkin <mst@xxxxxxxxxx> --- drivers/vhost/vhost.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c index d46c28149f6f..09f594bb069a 100644 --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -2656,6 +2656,8 @@ int vhost_get_vq_desc_batch(struct vhost_virtqueue *vq, break; } + BUG_ON(i >= vq->ndescs); + vq->first_desc = i + 1; return ret; -- MST _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
