[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Patch/RFC 07/16] s390x/virtio-hcall: Add range check for h
From: |
Christian Borntraeger |
Subject: |
[Qemu-devel] [Patch/RFC 07/16] s390x/virtio-hcall: Add range check for hypervisor call |
Date: |
Fri, 7 Feb 2014 18:16:16 +0100 |
From: Thomas Huth <address@hidden>
The handler for diag 500 did not check whether the requested function
was in the supported range, so illegal values could crash QEMU in the
worst case.
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Cornelia Huck <address@hidden>
Signed-off-by: Christian Borntraeger <address@hidden>
---
hw/s390x/s390-virtio-hcall.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/hw/s390x/s390-virtio-hcall.c b/hw/s390x/s390-virtio-hcall.c
index ee62649..0e328d8 100644
--- a/hw/s390x/s390-virtio-hcall.c
+++ b/hw/s390x/s390-virtio-hcall.c
@@ -26,11 +26,14 @@ void s390_register_virtio_hypercall(uint64_t code,
s390_virtio_fn fn)
int s390_virtio_hypercall(CPUS390XState *env)
{
- s390_virtio_fn fn = s390_diag500_table[env->regs[1]];
+ s390_virtio_fn fn;
- if (!fn) {
- return -EINVAL;
+ if (env->regs[1] < MAX_DIAG_SUBCODES) {
+ fn = s390_diag500_table[env->regs[1]];
+ if (fn) {
+ return fn(&env->regs[2]);
+ }
}
- return fn(&env->regs[2]);
+ return -EINVAL;
}
--
1.8.4.2
- [Qemu-devel] [Patch/RFC 00/16] s390x/kvm features and fixes, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 05/16] s390x/kvm: Rework SIGP INITIAL CPU RESET handler, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 09/16] s390x/eventfacility: mask out commands, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 02/16] s390x/kvm: implement floating-interrupt controller device, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 04/16] s390x/kvm: Fixed bad SIGP SET-ARCHITECTURE handler, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 03/16] s390x/async_pf: Check for apf extension and enable pfault, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 07/16] s390x/virtio-hcall: Add range check for hypervisor call,
Christian Borntraeger <=
- [Qemu-devel] [Patch/RFC 11/16] s390x/sclp: Add missing checks to SCLP handler, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 15/16] s390x/event-facility: add support for live migration, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 16/16] s390x/event-facility: exploit realize/unrealize, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 14/16] s390x/event-facility: code restructure, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 10/16] s390x/sclp: Fixed the size of sccb and code parameter, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 13/16] s390x/event-facility: some renaming, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 06/16] s390x/kvm: Add missing SIGP CPU RESET order, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 12/16] s390x/sclp: Fixed setting of condition code register, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 08/16] s390x/virtio-hcall: Specification exception for illegal subcodes, Christian Borntraeger, 2014/02/07
- [Qemu-devel] [Patch/RFC 01/16] update linux headers to kvm/next, Christian Borntraeger, 2014/02/07