ShuriZma
/
xqemu
mirror of https://github.com/xqemu/xqemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xqemu/include
History
Cornelia Huck 882b3b9769 s390x/css: handle cssid 255 correctly 
The cssid 255 is reserved but still valid from an architectural
point of view. However, feeding a bogus schid of 0xffffffff into
the virtio hypercall will lead to a crash:

Stack trace of thread 138363:
        #0  0x00000000100d168c css_find_subch (qemu-system-s390x)
        #1  0x00000000100d3290 virtio_ccw_hcall_notify
        #2  0x00000000100cbf60 s390_virtio_hypercall
        #3  0x000000001010ff7a handle_hypercall
        #4  0x0000000010079ed4 kvm_cpu_exec (qemu-system-s390x)
        #5  0x00000000100609b4 qemu_kvm_cpu_thread_fn
        #6  0x000003ff8b887bb4 start_thread (libpthread.so.0)
        #7  0x000003ff8b78df0a thread_start (libc.so.6)

This is because the css array was only allocated for 0..254
instead of 0..255.

Let's fix this by bumping MAX_CSSID to 255 and fencing off the
reserved cssid of 255 during css image allocation.

Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
 		2016-09-05 15:15:16 +02:00
..
block block: fix deadlock in bdrv_co_flush 2016-08-18 14:36:49 +01:00
crypto crypto: add support for querying parameters for block encryption 2016-07-26 17:46:37 +02:00
disas disas: Fix ATTRIBUTE_UNUSED define clash with ALSA headers 2016-07-19 16:40:39 +01:00
exec tcg: Reorg TCGOp chaining 2016-08-05 21:44:18 +05:30
fpu softfloat: Fix warn about implicit conversion from int to int8_t 2016-08-15 16:15:38 +01:00
hw s390x/css: handle cssid 255 correctly 2016-09-05 15:15:16 +02:00
io Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
libdecnumber Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
migration Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
monitor monitor: fix crash when leaving qemu with spice audio 2016-08-08 14:16:11 +02:00
net net: Use correct type for bool flag 2016-07-19 20:18:27 +02:00
qapi blockjob: Update description of the 'id' field 2016-07-13 13:26:02 +02:00
qemu atomic: strip "const" from variables declared with typeof 2016-08-09 22:57:36 +02:00
qom exec: Set cpu_index only if it's not been explictly set 2016-07-26 15:32:01 -03:00
standard-headers linux-headers: update 2016-06-14 13:34:50 +02:00
sysemu char: add chr_wait_connected callback 2016-07-29 00:33:48 +03:00
ui clang: Fix warning reg. expansion to 'defined' 2016-08-09 22:57:36 +02:00
elf.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
glib-compat.h glib: add compatibility implementation for g_dir_make_tmp() 2016-08-19 12:42:40 +01:00
qemu-common.h Update ancient copyright string in -version output 2016-08-11 16:24:53 +01:00
qemu-io.h qemu-io: Use BlockBackend 2015-02-16 15:07:19 +00:00
trace-tcg.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
trace.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00