Adds sanity check to iovec setup. In theory this should never ever trigger. In practice guest driver bugs can make it trigger. This patch avoids qemu burning cpu in a endless loop, instead we'll print a message and abort. Not sure whenever there is a more graceful way to handle the situation ...
Signed-off-by: Gerd Hoffmann <kra...@redhat.com> --- server/red_worker.c | 10 ++++++++-- 1 files changed, 8 insertions(+), 2 deletions(-) diff --git a/server/red_worker.c b/server/red_worker.c index a39df12..b8afff5 100644 --- a/server/red_worker.c +++ b/server/red_worker.c @@ -6670,7 +6670,7 @@ static inline uint32_t __fill_iovec(RedWorker *worker, BufDescriptor *buf, int s static inline void fill_iovec(RedChannel *channel, struct iovec *vec, int *vec_size) { - int vec_index = 0; + int rc, vec_index = 0; uint32_t pos = channel->send_data.pos; ASSERT(channel->send_data.size != pos && channel->send_data.size > pos); @@ -6681,7 +6681,13 @@ static inline void fill_iovec(RedChannel *channel, struct iovec *vec, int *vec_s buf = find_buf(channel, pos, &buf_offset); ASSERT(buf); - pos += __fill_iovec(channel->worker, buf, buf_offset, vec, &vec_index); + rc = __fill_iovec(channel->worker, buf, buf_offset, vec, &vec_index); + if (rc == 0) { + fprintf(stderr, "%s: got only %d of %d bytes\n", __FUNCTION__, + pos, channel->send_data.size); + abort(); + } + pos += rc; } while (vec_index < MAX_SEND_VEC && pos != channel->send_data.size); *vec_size = vec_index; } -- 1.6.6.1 _______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/spice-devel