ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

s390x/virtio-hcall: Add range check for hypervisor call 

The handler for diag 500 did not check whether the requested function
was in the supported range, so illegal values could crash QEMU in the
worst case.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: qemu-stable@nongnu.org
(cherry picked from commit f2c55d1735)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
This commit is contained in:
Thomas Huth 2014-01-13 09:26:49 +01:00 committed by Michael Roth
parent 0a77a92d74
commit 91ae1d30ec
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
hw/s390x/s390-virtio-hcall.c
View File

@ -26,11 +26,14 @@ void s390_register_virtio_hypercall(uint64_t code, s390_virtio_fn fn)
int s390_virtio_hypercall(CPUS390XState *env)
{
s390_virtio_fn fn = s390_diag500_table[env->regs[1]];
s390_virtio_fn fn;
if (!fn) {
return -EINVAL;
if (env->regs[1] < MAX_DIAG_SUBCODES) {
fn = s390_diag500_table[env->regs[1]];
if (fn) {
return fn(&env->regs[2]);
}
}
return fn(&env->regs[2]);
return -EINVAL;
}