From: Henry Martin <bsdhenryma@tencent.com>

If copy_to_iter(&hdr, sizeof(hdr), &fixup) fails, the descriptor is not
reclaimed via vhost_discard_vq_desc(), leading to potential resource
leaks.

Fix it by explicitly calling vhost_discard_vq_desc() on failure.

Fixes: 4c5a84421c7d ("vhost: cleanup iterator update logic")
Reported-by: TCS Robot <tcs_robot@tencent.com>
Signed-off-by: Henry Martin <bsdhenryma@tencent.com>
---
 drivers/vhost/net.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
index 6edac0c1ba9b..7b4be344b8af 100644
--- a/drivers/vhost/net.c
+++ b/drivers/vhost/net.c
@@ -1238,6 +1238,7 @@ static void handle_rx(struct vhost_net *net)
 					 &fixup) != sizeof(hdr)) {
 				vq_err(vq, "Unable to write vnet_hdr "
 				       "at addr %p\n", vq->iov->iov_base);
+				vhost_discard_vq_desc(vq, headcount);
 				goto out;
 			}
 		} else {
-- 
2.41.3