9pfs: fix off-by-one error in PDU free list

The server can handle MAX_REQ - 1 PDUs at a time and the virtio-9p
device has a MAX_REQ sized virtqueue. If the client manages to fill
up the virtqueue, pdu_alloc() will fail and the request won't be
processed without any notice to the client (it actually causes the
linux 9p client to hang).

This has been there since the beginning (commit 9f10751365b2 "virtio-9p:
Add a virtio 9p device to qemu"), but it needs an agressive workload to
run in the guest to show up.

We actually allocate MAX_REQ PDUs and I see no reason not to link them
all into the free list, so let's fix the init loop.

Reported-by: Tuomas Tynkkynen <tuomas@tuxera.com>
Suggested-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Greg Kurz <groug@kaod.org>
(cherry picked from commit 0d78289c3dca3de8e614a551a3d4a9415168ace0)

Conflicts:
	hw/9pfs/9p.c

* drop context dep on 583f21f8

Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index 68725b7a1c..e71a3e8491 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -3450,7 +3450,7 @@ int v9fs_device_realize_common(V9fsState *s, Error **errp)
     /* initialize pdu allocator */
     QLIST_INIT(&s->free_list);
     QLIST_INIT(&s->active_list);
-    for (i = 0; i < (MAX_REQ - 1); i++) {
+    for (i = 0; i < MAX_REQ; i++) {
         QLIST_INSERT_HEAD(&s->free_list, &v->pdus[i], next);
         v->pdus[i].s = s;
         v->pdus[i].idx = i;