[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 05/19] s390/sclp: check sccb len before filling in data
From: |
Cornelia Huck |
Subject: |
[PULL 05/19] s390/sclp: check sccb len before filling in data |
Date: |
Fri, 2 Oct 2020 14:11:04 +0200 |
From: Collin Walling <walling@linux.ibm.com>
The SCCB must be checked for a sufficient length before it is filled
with any data. If the length is insufficient, then the SCLP command
is suppressed and the proper response code is set in the SCCB header.
While we're at it, let's cleanup the length check by placing the
calculation inside a macro.
Fixes: 832be0d8a3bb ("s390x: sclp: Report insufficient SCCB length")
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Message-Id: <20200915194416.107460-5-walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
---
hw/s390x/sclp.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 4ae6fb400b40..0d54075309d5 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -78,6 +78,8 @@ static void prepare_cpu_entries(MachineState *ms, CPUEntry
*entry, int *count)
}
}
+#define SCCB_REQ_LEN(s, max_cpus) (sizeof(s) + max_cpus * sizeof(CPUEntry))
+
/* Provide information about the configuration, CPUs and storage */
static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb)
{
@@ -86,6 +88,12 @@ static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb)
int cpu_count;
int rnsize, rnmax;
IplParameterBlock *ipib = s390_ipl_get_iplb();
+ int required_len = SCCB_REQ_LEN(ReadInfo, machine->possible_cpus->len);
+
+ if (be16_to_cpu(sccb->h.length) < required_len) {
+ sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
+ return;
+ }
/* CPU information */
prepare_cpu_entries(machine, read_info->entries, &cpu_count);
@@ -95,12 +103,6 @@ static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb)
read_info->ibc_val = cpu_to_be32(s390_get_ibc_val());
- if (be16_to_cpu(sccb->h.length) <
- (sizeof(ReadInfo) + cpu_count * sizeof(CPUEntry))) {
- sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
- return;
- }
-
/* Configuration Characteristic (Extension) */
s390_get_feat_block(S390_FEAT_TYPE_SCLP_CONF_CHAR,
read_info->conf_char);
@@ -146,18 +148,18 @@ static void sclp_read_cpu_info(SCLPDevice *sclp, SCCB
*sccb)
MachineState *machine = MACHINE(qdev_get_machine());
ReadCpuInfo *cpu_info = (ReadCpuInfo *) sccb;
int cpu_count;
+ int required_len = SCCB_REQ_LEN(ReadCpuInfo, machine->possible_cpus->len);
+
+ if (be16_to_cpu(sccb->h.length) < required_len) {
+ sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
+ return;
+ }
prepare_cpu_entries(machine, cpu_info->entries, &cpu_count);
cpu_info->nr_configured = cpu_to_be16(cpu_count);
cpu_info->offset_configured = cpu_to_be16(offsetof(ReadCpuInfo, entries));
cpu_info->nr_standby = cpu_to_be16(0);
- if (be16_to_cpu(sccb->h.length) <
- (sizeof(ReadCpuInfo) + cpu_count * sizeof(CPUEntry))) {
- sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
- return;
- }
-
/* The standby offset is 16-byte for each CPU */
cpu_info->offset_standby = cpu_to_be16(cpu_info->offset_configured
+ cpu_info->nr_configured*sizeof(CPUEntry));
--
2.25.4
- [PULL 00/19] s390x changes, Cornelia Huck, 2020/10/02
- [PULL 02/19] s390/sclp: get machine once during read scp/cpu info, Cornelia Huck, 2020/10/02
- [PULL 03/19] s390/sclp: rework sclp boundary checks, Cornelia Huck, 2020/10/02
- [PULL 01/19] hw/s390x/css: Remove double initialization, Cornelia Huck, 2020/10/02
- [PULL 05/19] s390/sclp: check sccb len before filling in data,
Cornelia Huck <=
- [PULL 04/19] s390/sclp: read sccb from mem based on provided length, Cornelia Huck, 2020/10/02
- [PULL 07/19] s390/sclp: add extended-length sccb support for kvm guest, Cornelia Huck, 2020/10/02
- [PULL 06/19] s390/sclp: use cpu offset to locate cpu entries, Cornelia Huck, 2020/10/02
- [PULL 08/19] s390: guest support for diagnose 0x318, Cornelia Huck, 2020/10/02
- [PULL 10/19] vfio-ccw: plug memory leak while getting region info, Cornelia Huck, 2020/10/02
- [PULL 11/19] s390x/cpumodel: S390_FEAT_MISC_INSTRUCTION_EXT -> S390_FEAT_MISC_INSTRUCTION_EXT2, Cornelia Huck, 2020/10/02
- [PULL 09/19] s390x/tcg: Implement MONITOR CALL, Cornelia Huck, 2020/10/02
- [PULL 13/19] s390x/tcg: Implement SUBTRACT HALFWORD (SGH), Cornelia Huck, 2020/10/02
- [PULL 12/19] s390x/tcg: Implement ADD HALFWORD (AGH), Cornelia Huck, 2020/10/02
- [PULL 14/19] s390x/tcg: Implement MULTIPLY (MG, MGRK), Cornelia Huck, 2020/10/02