In function vring_add_indirect, there is no limiti
about free entry in vring. If vring is full,
vq->num_free will be less than zero, and
the address of vq->vring.desc becomes illegal.
Signed-off-by: Ting Wang <kathy.wangt...@huawei.com>
---
NetKVM/NDIS5/VirtIO/VirtIORing.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/NetKVM/NDIS5/VirtIO/VirtIORing.c b/NetKVM/NDIS5/VirtIO/VirtIORing.c
index 90ace4c..0f3783c 100644
--- a/NetKVM/NDIS5/VirtIO/VirtIORing.c
+++ b/NetKVM/NDIS5/VirtIO/VirtIORing.c
@@ -150,7 +150,7 @@ static int vring_add_buf(struct virtqueue *_vq,
return -1;
}
- if (va_indirect)
+ if (va_indirect && (out + in) > 1 && vq->num_free)
{
int ret = vring_add_indirect(_vq, sg, out, in, va_indirect,
phys_indirect);
if (ret >= 0)
--
1.8.5
