On 18/01/2017 20:10, Michael S. Tsirkin wrote: >> Coverity reports that ARRAY_SIZE(elem->out_sg) (and all the others too) >> is wrong because elem->out_sg is a pointer. >> >> However, the check is not in the right place and the max_size argument >> of virtqueue_map_iovec can be removed. The check on in_num/out_num can >> be moved to qemu_get_virtqueue_element instead, before the call to >> virtqueue_alloc_element. > > I guess the effect of this bug is basically false-positive asserts, correct?
Yes, migration is probably broken in the case where the stream includes VirtQueueElements. Paolo
