From 19c5b89d8d582cce9a90335de212cf477fe15b95 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 14 Jul 2017 16:08:29 -0400
Subject: [PATCH] vmci: fix buf_size in case of iovec-based accesses

Both qp_dequeue_locked() and qp_enqueue_locked() use the
buf_size argument to decide how much would be there to copy;
in case of iovec- (== msghdr-)based primitives it's not
iov_size, it's msg_data_left(msg).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 drivers/misc/vmw_vmci/vmci_queue_pair.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/misc/vmw_vmci/vmci_queue_pair.c b/drivers/misc/vmw_vmci/vmci_queue_pair.c
index 8af5c2672f71..7387dedcda67 100644
--- a/drivers/misc/vmw_vmci/vmci_queue_pair.c
+++ b/drivers/misc/vmw_vmci/vmci_queue_pair.c
@@ -3253,7 +3253,7 @@ ssize_t vmci_qpair_enquev(struct vmci_qp *qpair,
 		result = qp_enqueue_locked(qpair->produce_q,
 					   qpair->consume_q,
 					   qpair->produce_q_size,
-					   msg, iov_size,
+					   msg, msg_data_left(msg),
 					   qp_memcpy_to_queue_iov);
 
 		if (result == VMCI_ERROR_QUEUEPAIR_NOT_READY &&
@@ -3295,7 +3295,7 @@ ssize_t vmci_qpair_dequev(struct vmci_qp *qpair,
 		result = qp_dequeue_locked(qpair->produce_q,
 					   qpair->consume_q,
 					   qpair->consume_q_size,
-					   msg, iov_size,
+					   msg, msg_data_left(msg),
 					   qp_memcpy_from_queue_iov,
 					   true);
 
@@ -3339,7 +3339,7 @@ ssize_t vmci_qpair_peekv(struct vmci_qp *qpair,
 		result = qp_dequeue_locked(qpair->produce_q,
 					   qpair->consume_q,
 					   qpair->consume_q_size,
-					   msg, iov_size,
+					   msg, msg_data_left(msg),
 					   qp_memcpy_from_queue_iov,
 					   false);
 
-- 
2.45.2