qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 19/20] s390x/pci: add length checking for pci sclp ha


From: Cornelia Huck
Subject: [Qemu-devel] [PULL 19/20] s390x/pci: add length checking for pci sclp handlers
Date: Tue, 17 May 2016 16:46:16 +0200

From: Yi Min Zhao <address@hidden>

The configure/deconfigure sclp commands need a SCCB with a length of
at least 16. Indicate in the response code if this is not fulfilled.

Signed-off-by: Yi Min Zhao <address@hidden>
Reviewed-by: Pierre Morel <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
---
 hw/s390x/s390-pci-bus.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index b2cd31c..a77c10c 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -113,6 +113,11 @@ void s390_pci_sclp_configure(SCCB *sccb)
     S390PCIBusDevice *pbdev = 
s390_pci_find_dev_by_fid(be32_to_cpu(psccb->aid));
     uint16_t rc;
 
+    if (be16_to_cpu(sccb->h.length) < 16) {
+        rc = SCLP_RC_INSUFFICIENT_SCCB_LENGTH;
+        goto out;
+    }
+
     if (pbdev) {
         if (pbdev->configured) {
             rc = SCLP_RC_NO_ACTION_REQUIRED;
@@ -124,7 +129,7 @@ void s390_pci_sclp_configure(SCCB *sccb)
         DPRINTF("sclp config no dev found\n");
         rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
     }
-
+out:
     psccb->header.response_code = cpu_to_be16(rc);
 }
 
@@ -134,6 +139,11 @@ void s390_pci_sclp_deconfigure(SCCB *sccb)
     S390PCIBusDevice *pbdev = 
s390_pci_find_dev_by_fid(be32_to_cpu(psccb->aid));
     uint16_t rc;
 
+    if (be16_to_cpu(sccb->h.length) < 16) {
+        rc = SCLP_RC_INSUFFICIENT_SCCB_LENGTH;
+        goto out;
+    }
+
     if (pbdev) {
         if (!pbdev->configured) {
             rc = SCLP_RC_NO_ACTION_REQUIRED;
@@ -151,7 +161,7 @@ void s390_pci_sclp_deconfigure(SCCB *sccb)
         DPRINTF("sclp deconfig no dev found\n");
         rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
     }
-
+out:
     psccb->header.response_code = cpu_to_be16(rc);
 }
 
-- 
2.8.2




reply via email to

[Prev in Thread] Current Thread [Next in Thread]