From: Daniel Gomez <[email protected]> dma_blk_cb() submits dbs->iov to io_func() in one shot, so callers must keep dbs->iov.niov below IOV_MAX or the host preadv()/pwritev() rejects the call.
Break the accumulation loop when niov reaches IOV_MAX. The existing re-entry path resumes mapping and submits a follow-up chunk under the same AIOCB, so callers no longer carry that constraint. Suggested-by: Klaus Jensen <[email protected]> Signed-off-by: Daniel Gomez <[email protected]> --- system/dma-helpers.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/system/dma-helpers.c b/system/dma-helpers.c index 0d592f64680..c7c0d7aa1b5 100644 --- a/system/dma-helpers.c +++ b/system/dma-helpers.c @@ -156,8 +156,9 @@ static void dma_blk_cb(void *opaque, int ret) } } } - if (!mem) + if (!mem || dbs->iov.niov >= IOV_MAX) { break; + } qemu_iovec_add(&dbs->iov, mem, cur_len); dbs->sg_cur_byte += cur_len; if (dbs->sg_cur_byte == dbs->sg->sg[dbs->sg_cur_index].len) { -- 2.53.0
