diff options
| author | Cornelia Huck <cornelia.huck@de.ibm.com> | 2013-03-26 17:32:44 +0100 |
|---|---|---|
| committer | Michael Roth <mdroth@linux.vnet.ibm.com> | 2013-04-02 11:30:51 -0500 |
| commit | 3c3de7c6b4cc78bf312e45402c60ce2a8e8a39ed (patch) | |
| tree | 924ebcc13fa7e0794da4fd6da13ed2e074a20bd9 | |
| parent | b0da310a69a4516dd49597e73b812747d8da05e9 (diff) | |
| download | qemu-3c3de7c6b4cc78bf312e45402c60ce2a8e8a39ed.tar.gz | |
virtio-ccw: Queue sanity check for notify hypercall.
Verify that the virtio-ccw notify hypercall passed a reasonable
value for queue.
Cc: qemu-stable@nongnu.org
Reported-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
(cherry picked from commit b57ed9bf075e33cdd2f9eb545ff555301dd57221)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
| -rw-r--r-- | hw/s390x/s390-virtio-ccw.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c index 6549211820..f90b5e4476 100644 --- a/hw/s390x/s390-virtio-ccw.c +++ b/hw/s390x/s390-virtio-ccw.c @@ -31,6 +31,9 @@ static int virtio_ccw_hcall_notify(const uint64_t *args) if (!sch || !css_subch_visible(sch)) { return -EINVAL; } + if (queue >= VIRTIO_PCI_QUEUE_MAX) { + return -EINVAL; + } virtio_queue_notify(virtio_ccw_get_vdev(sch), queue); return 0; |