[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 34/34] target-s390x: Only access allocated storage ke
From: |
Alexander Graf |
Subject: |
[Qemu-devel] [PULL 34/34] target-s390x: Only access allocated storage keys |
Date: |
Fri, 5 Jun 2015 01:42:04 +0200 |
We allocate ram_size / PAGE_SIZE storage keys, so we need to make sure that
we only access that many. Unfortunately the code can overrun this array by
one, potentially overwriting unrelated memory.
Fix it by limiting storage keys to their scope.
Signed-off-by: Alexander Graf <address@hidden>
Reviewed-by: Aurelien Jarno <address@hidden>
---
target-s390x/mmu_helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/target-s390x/mmu_helper.c b/target-s390x/mmu_helper.c
index e8dcd0c..815ff42 100644
--- a/target-s390x/mmu_helper.c
+++ b/target-s390x/mmu_helper.c
@@ -358,7 +358,7 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr,
int rw, uint64_t asc,
/* Convert real address -> absolute address */
*raddr = mmu_real2abs(env, *raddr);
- if (*raddr <= ram_size) {
+ if (*raddr < ram_size) {
sk = &env->storage_keys[*raddr / TARGET_PAGE_SIZE];
if (*flags & PAGE_READ) {
*sk |= SK_R;
--
1.7.12.4
- [Qemu-devel] [PULL 13/34] target-s390x: define default NaN values, (continued)
- [Qemu-devel] [PULL 13/34] target-s390x: define default NaN values, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 33/34] target-s390x: fix MVC instruction when areas overlap, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 22/34] target-s390x: move SET DFP ROUNDING MODE to the correct facility, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 10/34] target-s390x: fix LOAD MULTIPLE instruction on page boundary, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 18/34] target-s390x: fix exception for invalid operation code, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 27/34] target-s390x: implement miscellaneous-instruction-extensions facility, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 23/34] target-s390x: implement LOAD FP INTEGER instructions, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 21/34] target-s390x: move STORE CLOCK FAST to the correct facility, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 32/34] target-s390x: use softmmu functions for mvcp/mvcs, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 19/34] target-s390x: fix CLGIT instruction, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 34/34] target-s390x: Only access allocated storage keys,
Alexander Graf <=
- [Qemu-devel] [PULL 17/34] target-s390x: implement LAY and LAEY instructions, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 29/34] target-s390x: implement high-word facility, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 26/34] target-s390x: implement LPDFR and LNDFR instructions, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 28/34] target-s390x: implement load-and-trap facility, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 31/34] target-s390x: support non current ASC in s390_cpu_handle_mmu_fault, Alexander Graf, 2015/06/04
- [Qemu-devel] [PULL 25/34] target-s390x: implement TRANSLATE EXTENDED instruction, Alexander Graf, 2015/06/04
- Re: [Qemu-devel] [PULL 00/34] s390 patch queue 2015-06-05, Peter Maydell, 2015/06/05