9pfs: fix off-by-one error in PDU free list

The server can handle MAX_REQ - 1 PDUs at a time and the virtio-9p
device has a MAX_REQ sized virtqueue. If the client manages to fill
up the virtqueue, pdu_alloc() will fail and the request won't be
processed without any notice to the client (it actually causes the
linux 9p client to hang).

This has been there since the beginning (commit 9f10751365b2 "virtio-9p:
Add a virtio 9p device to qemu"), but it needs an agressive workload to
run in the guest to show up.

We actually allocate MAX_REQ PDUs and I see no reason not to link them
all into the free list, so let's fix the init loop.

Reported-by: Tuomas Tynkkynen <tuomas@tuxera.com>
Suggested-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Greg Kurz <groug@kaod.org>
(cherry picked from commit 0d78289c3dca3de8e614a551a3d4a9415168ace0)

Conflicts:
	hw/9pfs/9p.c

* drop context dep on 583f21f8

Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 68725b7a1c970cbe7978ccb608b70ee7ea3e54bb..e71a3e849169bcd7664312a8942ae7441057ac74 100644 (file)
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3450,7 +3450,7 @@ int v9fs_device_realize_common(V9fsState *s, Error **errp)
     /* initialize pdu allocator */
     QLIST_INIT(&s->free_list);
     QLIST_INIT(&s->active_list);
-    for (i = 0; i < (MAX_REQ - 1); i++) {
+    for (i = 0; i < MAX_REQ; i++) {
         QLIST_INSERT_HEAD(&s->free_list, &v->pdus[i], next);
         v->pdus[i].s = s;
         v->pdus[i].idx = i;