mirrors/qemu
0
0
Fork 0
mirror of https://github.com/qemu/qemu.git synced 2024-12-02 16:23:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

s390x/virtio-hcall: Add range check for hypervisor call

Browse Source 
The handler for diag 500 did not check whether the requested function
was in the supported range, so illegal values could crash QEMU in the
worst case.

Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
CC: qemu-stable@nongnu.org
This commit is contained in:
Thomas Huth 2014-01-13 09:26:49 +01:00 committed by Christian Borntraeger
parent 0788082a4b
commit f2c55d1735
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
hw/s390x/s390-virtio-hcall.c
View File

@ -26,11 +26,14 @@ void s390_register_virtio_hypercall(uint64_t code, s390_virtio_fn fn)
int s390_virtio_hypercall(CPUS390XState *env)
{
s390_virtio_fn fn = s390_diag500_table[env->regs[1]];
s390_virtio_fn fn;
if (!fn) {
return -EINVAL;
if (env->regs[1] < MAX_DIAG_SUBCODES) {
fn = s390_diag500_table[env->regs[1]];
if (fn) {
return fn(&env->regs[2]);
}
}
return fn(&env->regs[2]);
return -EINVAL;
}