From 8e7fd6f623fb8f6c6eb9b456d9221d4c8226f3d5 Mon Sep 17 00:00:00 2001 From: Xie Yongji Date: Mon, 23 May 2022 16:46:05 +0800 Subject: block/export: Fix incorrect length passed to vu_queue_push() Now the req->size is set to the correct value only when handling VIRTIO_BLK_T_GET_ID request. This patch fixes it. Signed-off-by: Xie Yongji Message-Id: <20220523084611.91-3-xieyongji@bytedance.com> Reviewed-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf --- block/export/vhost-user-blk-server.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'block') diff --git a/block/export/vhost-user-blk-server.c b/block/export/vhost-user-blk-server.c index b2e458ade3..19c6ee51d3 100644 --- a/block/export/vhost-user-blk-server.c +++ b/block/export/vhost-user-blk-server.c @@ -60,8 +60,7 @@ static void vu_blk_req_complete(VuBlkReq *req) { VuDev *vu_dev = &req->server->vu_dev; - /* IO size with 1 extra status byte */ - vu_queue_push(vu_dev, req->vq, &req->elem, req->size + 1); + vu_queue_push(vu_dev, req->vq, &req->elem, req->size); vu_queue_notify(vu_dev, req->vq); free(req); @@ -207,6 +206,7 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque) goto err; } + req->size = iov_size(in_iov, in_num); /* We always touch the last byte, so just see how big in_iov is. */ req->in = (void *)in_iov[in_num - 1].iov_base + in_iov[in_num - 1].iov_len @@ -267,7 +267,6 @@ static void coroutine_fn vu_blk_virtio_process_req(void *opaque) VIRTIO_BLK_ID_BYTES); snprintf(elem->in_sg[0].iov_base, size, "%s", "vhost_user_blk"); req->in->status = VIRTIO_BLK_S_OK; - req->size = elem->in_sg[0].iov_len; break; } case VIRTIO_BLK_T_DISCARD: -- cgit v1.2.3