aboutsummaryrefslogtreecommitdiff
path: root/hw/s390x
diff options
context:
space:
mode:
authorThomas Huth <thuth@linux.vnet.ibm.com>2014-01-13 09:26:49 +0100
committerChristian Borntraeger <borntraeger@de.ibm.com>2014-02-27 09:51:25 +0100
commitf2c55d1735175ab37ab9f69854460087112d2756 (patch)
tree5e14a0e7a610e52dab8cfa72f8d5dd0ad102ec71 /hw/s390x
parent0788082a4b3f41cb453b654d1a66f87adfa794a9 (diff)
downloadqemu-f2c55d1735175ab37ab9f69854460087112d2756.zip
qemu-f2c55d1735175ab37ab9f69854460087112d2756.tar.gz
qemu-f2c55d1735175ab37ab9f69854460087112d2756.tar.bz2
s390x/virtio-hcall: Add range check for hypervisor call
The handler for diag 500 did not check whether the requested function was in the supported range, so illegal values could crash QEMU in the worst case. Signed-off-by: Thomas Huth <thuth@linux.vnet.ibm.com> Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> CC: qemu-stable@nongnu.org
Diffstat (limited to 'hw/s390x')
-rw-r--r--hw/s390x/s390-virtio-hcall.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/hw/s390x/s390-virtio-hcall.c b/hw/s390x/s390-virtio-hcall.c
index ee62649..0e328d8 100644
--- a/hw/s390x/s390-virtio-hcall.c
+++ b/hw/s390x/s390-virtio-hcall.c
@@ -26,11 +26,14 @@ void s390_register_virtio_hypercall(uint64_t code, s390_virtio_fn fn)
int s390_virtio_hypercall(CPUS390XState *env)
{
- s390_virtio_fn fn = s390_diag500_table[env->regs[1]];
+ s390_virtio_fn fn;
- if (!fn) {
- return -EINVAL;
+ if (env->regs[1] < MAX_DIAG_SUBCODES) {
+ fn = s390_diag500_table[env->regs[1]];
+ if (fn) {
+ return fn(&env->regs[2]);
+ }
}
- return fn(&env->regs[2]);
+ return -EINVAL;
}