[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 004/156] s390x/virtio-hcall: Add range check for hy
From: |
Michael Roth |
Subject: |
[Qemu-stable] [PATCH 004/156] s390x/virtio-hcall: Add range check for hypervisor call |
Date: |
Tue, 8 Jul 2014 12:16:35 -0500 |
From: Thomas Huth <address@hidden>
The handler for diag 500 did not check whether the requested function
was in the supported range, so illegal values could crash QEMU in the
worst case.
Signed-off-by: Thomas Huth <address@hidden>
Reviewed-by: Cornelia Huck <address@hidden>
Signed-off-by: Christian Borntraeger <address@hidden>
CC: address@hidden
(cherry picked from commit f2c55d1735175ab37ab9f69854460087112d2756)
Signed-off-by: Michael Roth <address@hidden>
---
hw/s390x/s390-virtio-hcall.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/hw/s390x/s390-virtio-hcall.c b/hw/s390x/s390-virtio-hcall.c
index ee62649..0e328d8 100644
--- a/hw/s390x/s390-virtio-hcall.c
+++ b/hw/s390x/s390-virtio-hcall.c
@@ -26,11 +26,14 @@ void s390_register_virtio_hypercall(uint64_t code,
s390_virtio_fn fn)
int s390_virtio_hypercall(CPUS390XState *env)
{
- s390_virtio_fn fn = s390_diag500_table[env->regs[1]];
+ s390_virtio_fn fn;
- if (!fn) {
- return -EINVAL;
+ if (env->regs[1] < MAX_DIAG_SUBCODES) {
+ fn = s390_diag500_table[env->regs[1]];
+ if (fn) {
+ return fn(&env->regs[2]);
+ }
}
- return fn(&env->regs[2]);
+ return -EINVAL;
}
--
1.9.1
- [Qemu-stable] Patch Round-up for stable 1.7.2, freeze on 2014-07-14, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 002/156] scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 001/156] char: restore read callback on a reattached (hotplug) chardev, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 005/156] target-i386: Fix CC_OP_CLR vs PF, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 004/156] s390x/virtio-hcall: Add range check for hypervisor call,
Michael Roth <=
- [Qemu-stable] [PATCH 021/156] arm: translate.c: Fix smlald Instruction, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 020/156] megasas: Implement LD_LIST_QUERY, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 018/156] block-commit: speed is an optional parameter, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 013/156] mirror: fix early wake from sleep due to aio, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 022/156] block: Prevent coroutine stack overflow when recursing in bdrv_open_backing_file., Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 025/156] s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 024/156] s390x/helper: Added format control bit to MMU translation, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 003/156] block/iscsi: fix deadlock on scsi check condition, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 023/156] block: Use BDRV_O_NO_BACKING where appropriate, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 029/156] vmxnet3: validate queues configuration coming from guest, Michael Roth, 2014/07/08