From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 14 Jul 2017 20:08:29 +0000 (-0400)
Subject: vmci: fix buf_size in case of iovec-based accesses
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=19c5b89d8d582cce9a90335de212cf477fe15b95;p=linux.git

vmci: fix buf_size in case of iovec-based accesses

Both qp_dequeue_locked() and qp_enqueue_locked() use the
buf_size argument to decide how much would be there to copy;
in case of iovec- (== msghdr-)based primitives it's not
iov_size, it's msg_data_left(msg).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---

diff --git a/drivers/misc/vmw_vmci/vmci_queue_pair.c b/drivers/misc/vmw_vmci/vmci_queue_pair.c
index 8af5c2672f71c..7387dedcda676 100644
--- a/drivers/misc/vmw_vmci/vmci_queue_pair.c
+++ b/drivers/misc/vmw_vmci/vmci_queue_pair.c
@@ -3253,7 +3253,7 @@ ssize_t vmci_qpair_enquev(struct vmci_qp *qpair,
 		result = qp_enqueue_locked(qpair->produce_q,
 					   qpair->consume_q,
 					   qpair->produce_q_size,
-					   msg, iov_size,
+					   msg, msg_data_left(msg),
 					   qp_memcpy_to_queue_iov);
 
 		if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY &&
@@ -3295,7 +3295,7 @@ ssize_t vmci_qpair_dequev(struct vmci_qp *qpair,
 		result = qp_dequeue_locked(qpair->produce_q,
 					   qpair->consume_q,
 					   qpair->consume_q_size,
-					   msg, iov_size,
+					   msg, msg_data_left(msg),
 					   qp_memcpy_from_queue_iov,
 					   true);
 
@@ -3339,7 +3339,7 @@ ssize_t vmci_qpair_peekv(struct vmci_qp *qpair,
 		result = qp_dequeue_locked(qpair->produce_q,
 					   qpair->consume_q,
 					   qpair->consume_q_size,
-					   msg, iov_size,
+					   msg, msg_data_left(msg),
 					   qp_memcpy_from_queue_iov,
 					   false);