vmci: fix buf_size in case of iovec-based accesses

Both qp_dequeue_locked() and qp_enqueue_locked() use the
buf_size argument to decide how much would be there to copy;
in case of iovec- (== msghdr-)based primitives it's not
iov_size, it's msg_data_left(msg).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/drivers/misc/vmw_vmci/vmci_queue_pair.c b/drivers/misc/vmw_vmci/vmci_queue_pair.c
index 8af5c2672f71cec186af5daf4dc50008fe771c7a..7387dedcda676b0038efffd79408706420abbddb 100644 (file)
--- a/drivers/misc/vmw_vmci/vmci_queue_pair.c
+++ b/drivers/misc/vmw_vmci/vmci_queue_pair.c
@@ -3253,7 +3253,7 @@ ssize_t vmci_qpair_enquev(struct vmci_qp *qpair,
                result = qp_enqueue_locked(qpair->produce_q,
                                           qpair->consume_q,
                                           qpair->produce_q_size,
-                                          msg, iov_size,
+                                          msg, msg_data_left(msg),
                                           qp_memcpy_to_queue_iov);
 
                if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY &&
@@ -3295,7 +3295,7 @@ ssize_t vmci_qpair_dequev(struct vmci_qp *qpair,
                result = qp_dequeue_locked(qpair->produce_q,
                                           qpair->consume_q,
                                           qpair->consume_q_size,
-                                          msg, iov_size,
+                                          msg, msg_data_left(msg),
                                           qp_memcpy_from_queue_iov,
                                           true);
 
@@ -3339,7 +3339,7 @@ ssize_t vmci_qpair_peekv(struct vmci_qp *qpair,
                result = qp_dequeue_locked(qpair->produce_q,
                                           qpair->consume_q,
                                           qpair->consume_q_size,
-                                          msg, iov_size,
+                                          msg, msg_data_left(msg),
                                           qp_memcpy_from_queue_iov,
                                           false);