diff options
| author | Halil Pasic <pasic@linux.vnet.ibm.com> | 2017-07-26 00:44:42 +0200 |
|---|---|---|
| committer | Cornelia Huck <cohuck@redhat.com> | 2017-07-28 10:06:25 +0200 |
| commit | 4add0da64942d83e0564147c0876b01074bde9cb (patch) | |
| tree | f24a3558b915fdae78a9bb322e98fb4be426b710 /hw/s390x | |
| parent | 198c0d1f9df8c429502cb744fc26b6ba6e71db74 (diff) | |
| download | qemu-4add0da64942d83e0564147c0876b01074bde9cb.zip qemu-4add0da64942d83e0564147c0876b01074bde9cb.tar.gz qemu-4add0da64942d83e0564147c0876b01074bde9cb.tar.bz2 | |
s390x/css: fix bits must be zero check for TIC
According to the PoP bit positions 0-3 and 8-32 of the format-1 CCW must
contain zeros. Bits 0-3 are already covered by cmd_code validity
checking, and bit 32 is covered by the CCW address checking.
Bits 8-31 correspond to CCW1.flags and CCW1.count. Currently we only
check for the absence of certain flags. Let's fix this.
Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
Message-Id: <20170725224442.13383-3-pasic@linux.vnet.ibm.com>
Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
[CH: tweaked comment]
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Diffstat (limited to 'hw/s390x')
| -rw-r--r-- | hw/s390x/css.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/hw/s390x/css.c b/hw/s390x/css.c index 177cbfc..1880b1a 100644 --- a/hw/s390x/css.c +++ b/hw/s390x/css.c @@ -885,7 +885,8 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr, ret = -EINVAL; break; } - if (ccw.flags & (CCW_FLAG_CC | CCW_FLAG_DC)) { + if (ccw.flags || ccw.count) { + /* We have already sanitized these if converted from fmt 0. */ ret = -EINVAL; break; } |