[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 05/17] s390x/virtio-hcall: Add range check for hype
From: |
Christian Borntraeger |
Subject: |
[Qemu-stable] [PATCH 05/17] s390x/virtio-hcall: Add range check for hypervisor call |
Date: |
Tue, 25 Feb 2014 11:05:23 +0100 |
From: Thomas Huth <address@hidden>
The handler for diag 500 did not check whether the requested function
was in the supported range, so illegal values could crash QEMU in the
worst case.
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Cornelia Huck <address@hidden>
Signed-off-by: Christian Borntraeger <address@hidden>
CC: address@hidden
---
hw/s390x/s390-virtio-hcall.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/hw/s390x/s390-virtio-hcall.c b/hw/s390x/s390-virtio-hcall.c
index ee62649..0e328d8 100644
--- a/hw/s390x/s390-virtio-hcall.c
+++ b/hw/s390x/s390-virtio-hcall.c
@@ -26,11 +26,14 @@ void s390_register_virtio_hypercall(uint64_t code,
s390_virtio_fn fn)
int s390_virtio_hypercall(CPUS390XState *env)
{
- s390_virtio_fn fn = s390_diag500_table[env->regs[1]];
+ s390_virtio_fn fn;
- if (!fn) {
- return -EINVAL;
+ if (env->regs[1] < MAX_DIAG_SUBCODES) {
+ fn = s390_diag500_table[env->regs[1]];
+ if (fn) {
+ return fn(&env->regs[2]);
+ }
}
- return fn(&env->regs[2]);
+ return -EINVAL;
}
--
1.8.4.2
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-stable] [PATCH 05/17] s390x/virtio-hcall: Add range check for hypervisor call,
Christian Borntraeger <=