[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 19/20] s390x/pci: add length checking for pci sclp ha
From: |
Cornelia Huck |
Subject: |
[Qemu-devel] [PULL 19/20] s390x/pci: add length checking for pci sclp handlers |
Date: |
Tue, 17 May 2016 16:46:16 +0200 |
From: Yi Min Zhao <address@hidden>
The configure/deconfigure sclp commands need a SCCB with a length of
at least 16. Indicate in the response code if this is not fulfilled.
Signed-off-by: Yi Min Zhao <address@hidden>
Reviewed-by: Pierre Morel <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
---
hw/s390x/s390-pci-bus.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index b2cd31c..a77c10c 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -113,6 +113,11 @@ void s390_pci_sclp_configure(SCCB *sccb)
S390PCIBusDevice *pbdev =
s390_pci_find_dev_by_fid(be32_to_cpu(psccb->aid));
uint16_t rc;
+ if (be16_to_cpu(sccb->h.length) < 16) {
+ rc = SCLP_RC_INSUFFICIENT_SCCB_LENGTH;
+ goto out;
+ }
+
if (pbdev) {
if (pbdev->configured) {
rc = SCLP_RC_NO_ACTION_REQUIRED;
@@ -124,7 +129,7 @@ void s390_pci_sclp_configure(SCCB *sccb)
DPRINTF("sclp config no dev found\n");
rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
}
-
+out:
psccb->header.response_code = cpu_to_be16(rc);
}
@@ -134,6 +139,11 @@ void s390_pci_sclp_deconfigure(SCCB *sccb)
S390PCIBusDevice *pbdev =
s390_pci_find_dev_by_fid(be32_to_cpu(psccb->aid));
uint16_t rc;
+ if (be16_to_cpu(sccb->h.length) < 16) {
+ rc = SCLP_RC_INSUFFICIENT_SCCB_LENGTH;
+ goto out;
+ }
+
if (pbdev) {
if (!pbdev->configured) {
rc = SCLP_RC_NO_ACTION_REQUIRED;
@@ -151,7 +161,7 @@ void s390_pci_sclp_deconfigure(SCCB *sccb)
DPRINTF("sclp deconfig no dev found\n");
rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
}
-
+out:
psccb->header.response_code = cpu_to_be16(rc);
}
--
2.8.2
- [Qemu-devel] [PULL 00/20] First round of s390x patches for 2.7, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 12/20] s390x/pci: fix reg_irqs(), Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 04/20] s390x/ipl: Add type and length checks for IplParameterBlock values, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 01/20] s390x: add compat machine for 2.7, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 13/20] s390x/pci: separate s390_sclp_configure function, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 14/20] s390x/pci: separate s390_pcihost_iommu_configure function, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 07/20] pc-bios/s390-ccw: Get device address via diag 308/6, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 18/20] s390x/pci: enhance mpcifc_service_call, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 19/20] s390x/pci: add length checking for pci sclp handlers,
Cornelia Huck <=
- [Qemu-devel] [PULL 05/20] s390x/ipl: Provide ipl parameter block, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 20/20] s390x/pci: remove whitespace, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 06/20] s390x/ipl: Add ssid field to IplParameterBlock, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 10/20] hw/char: QOM'ify sclpconsole-lm.c, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 15/20] s390x/pci: export pci_dereg_ioat and pci_dereg_irqs, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 09/20] s390x/ipl: Remove redundant usage of gr7, Cornelia Huck, 2016/05/17
- [Qemu-devel] [PULL 02/20] s390x: enable runtime instrumentation, Cornelia Huck, 2016/05/17