[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 05/22] s390x/virtio-hcall: Add range check for hyperv
From: |
Christian Borntraeger |
Subject: |
[Qemu-devel] [PULL 05/22] s390x/virtio-hcall: Add range check for hypervisor call |
Date: |
Fri, 28 Feb 2014 10:30:49 +0100 |
From: Thomas Huth <address@hidden>
The handler for diag 500 did not check whether the requested function
was in the supported range, so illegal values could crash QEMU in the
worst case.
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Cornelia Huck <address@hidden>
Signed-off-by: Christian Borntraeger <address@hidden>
CC: address@hidden
---
hw/s390x/s390-virtio-hcall.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/hw/s390x/s390-virtio-hcall.c b/hw/s390x/s390-virtio-hcall.c
index ee62649..0e328d8 100644
--- a/hw/s390x/s390-virtio-hcall.c
+++ b/hw/s390x/s390-virtio-hcall.c
@@ -26,11 +26,14 @@ void s390_register_virtio_hypercall(uint64_t code,
s390_virtio_fn fn)
int s390_virtio_hypercall(CPUS390XState *env)
{
- s390_virtio_fn fn = s390_diag500_table[env->regs[1]];
+ s390_virtio_fn fn;
- if (!fn) {
- return -EINVAL;
+ if (env->regs[1] < MAX_DIAG_SUBCODES) {
+ fn = s390_diag500_table[env->regs[1]];
+ if (fn) {
+ return fn(&env->regs[2]);
+ }
}
- return fn(&env->regs[2]);
+ return -EINVAL;
}
--
1.8.4.2
- [Qemu-devel] [PULL 00/22] s390/kvm: features, fixes and cleanups for 2.0, Christian Borntraeger, 2014/02/28
- [Qemu-devel] [PULL 03/22] s390x/async_pf: Check for apf extension and enable pfault, Christian Borntraeger, 2014/02/28
- [Qemu-devel] [PULL 06/22] s390x/virtio-hcall: Specification exception for illegal subcodes, Christian Borntraeger, 2014/02/28
- [Qemu-devel] [PULL 05/22] s390x/virtio-hcall: Add range check for hypervisor call,
Christian Borntraeger <=
- [Qemu-devel] [PULL 09/22] s390x/sclp: Add missing checks to SCLP handler, Christian Borntraeger, 2014/02/28
- [Qemu-devel] [PULL 15/22] s390-ccw.img: Fix sporadic reboot hangs: Initialize next_idx, Christian Borntraeger, 2014/02/28
- [Qemu-devel] [PULL 10/22] s390x/sclp: Fixed setting of condition code register, Christian Borntraeger, 2014/02/28
- [Qemu-devel] [PULL 01/22] update linux headers to kvm/next, Christian Borntraeger, 2014/02/28
- [Qemu-devel] [PULL 08/22] s390x/sclp: Fixed the size of sccb and code parameter, Christian Borntraeger, 2014/02/28
- [Qemu-devel] [PULL 11/22] s390x/event-facility: some renaming, Christian Borntraeger, 2014/02/28
- [Qemu-devel] [PULL 17/22] s390-ccw.img: new binary rom to match latest fixes, Christian Borntraeger, 2014/02/28
- [Qemu-devel] [PULL 12/22] s390x/event-facility: code restructure, Christian Borntraeger, 2014/02/28
- [Qemu-devel] [PULL 16/22] s390-ccw.img: Fix sporadic errors with ccw boot image - initialize css, Christian Borntraeger, 2014/02/28
- [Qemu-devel] [PULL 20/22] s390x/kvm: Add missing SIGP CPU RESET order, Christian Borntraeger, 2014/02/28