From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rusty Russell Subject: [PATCH] virtio: fix oops on OOM Date: Fri, 23 Jul 2010 15:48:37 +0930 Message-ID: <201007231548.38037.rusty__14089.5436671146$1279866056$gmane$org@rustcorp.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: virtualization-bounces@lists.linux-foundation.org Errors-To: virtualization-bounces@lists.linux-foundation.org To: Linus Torvalds Cc: "Michael S. Tsirkin" , linux-kernel@vger.kernel.org, Chris Mason , virtualization@lists.linux-foundation.org List-Id: virtualization@lists.linuxfoundation.org From: "Michael S. Tsirkin" virtio ring was changed to return an error code on OOM, but one caller was missed and still checks for vq->vring.num. The fix is just to check for <0 error code. Long term it might make sense to change goto add_head to just return an error on oom instead, but let's apply a minimal fix for 2.6.35. Reported-by: Chris Mason Signed-off-by: Michael S. Tsirkin Signed-off-by: Rusty Russell Tested-by: Chris Mason --- diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c index dd35b34..bffec32 100644 --- a/drivers/virtio/virtio_ring.c +++ b/drivers/virtio/virtio_ring.c @@ -164,7 +164,8 @@ int virtqueue_add_buf_gfp(struct virtqueue *_vq, gfp_t gfp) { struct vring_virtqueue *vq = to_vvq(_vq); - unsigned int i, avail, head, uninitialized_var(prev); + unsigned int i, avail, uninitialized_var(prev); + int head; START_USE(vq); @@ -174,8 +175,8 @@ int virtqueue_add_buf_gfp(struct virtqueue *_vq, * buffers, then go indirect. FIXME: tune this threshold */ if (vq->indirect && (out + in) > 1 && vq->num_free) { head = vring_add_indirect(vq, sg, out, in, gfp); - if (head != vq->vring.num) + if (likely(head >= 0)) goto add_head; } BUG_ON(out + in > vq->vring.num);