- buf_to_iov() does not use buflen parameter, allow out of bound read.
- if seek argument > 0, buf_to_iov() leaks memory.
- iov_to_buf() don't need to reallocate buffer for every segment.
- there is no point to use size_t for iov counts, int is more then enough.
- some iov function arguments can be constified.
- pci_vtscsi_request_handle() used truncate_iov() incorrectly, allowing getting out of buffer and possibly corrupting data.
- pci_vtscsi_controlq_notify() leaked one buffer per event.