[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL for-2.3 1/4] virtio-ccw: fix range check for SET_VQ
From: |
Cornelia Huck |
Subject: |
[Qemu-devel] [PULL for-2.3 1/4] virtio-ccw: fix range check for SET_VQ |
Date: |
Mon, 30 Mar 2015 10:02:24 +0200 |
VIRTIO_PCI_QUEUE_MAX is already too big; a malicious guest would be
able to trigger a write beyond the VirtQueue structure.
Cc: address@hidden
Reviewed-by: David Hildenbrand <address@hidden>
Acked-by: Christian Borntraeger <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
---
hw/s390x/virtio-ccw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index 130535c..ceb6a45 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -266,7 +266,7 @@ static int virtio_ccw_set_vqs(SubchDev *sch, uint64_t addr,
uint32_t align,
{
VirtIODevice *vdev = virtio_ccw_get_vdev(sch);
- if (index > VIRTIO_PCI_QUEUE_MAX) {
+ if (index >= VIRTIO_PCI_QUEUE_MAX) {
return -EINVAL;
}
--
2.3.4