diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2015-03-30 22:55:51 +0100 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2015-03-30 22:55:51 +0100 |
| commit | d4892d935b035c2220827145524d0cf0573d1fea (patch) | |
| tree | 99f6cb08298023bdb24d0cdea19fe78375fc92ee | |
| parent | 627f91b1f80fecc73d00727181a9ddb6162cc30e (diff) | |
| parent | fa92e218df1d7fcc01e1e5d8bbd77acdaf53c18b (diff) | |
| download | qemu-d4892d935b035c2220827145524d0cf0573d1fea.tar.gz | |
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20150330' into staging
s390x fixes:
- virtqueue index issues in virtio-ccw
- cleanup and sign extension fix for the ipl device
# gpg: Signature made Mon Mar 30 08:52:54 2015 BST using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <huckc@linux.vnet.ibm.com>"
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>"
* remotes/cohuck/tags/s390x-20150330:
s390x/ipl: avoid sign extension
s390x: do not include ram_addr.h
virtio-ccw: range check in READ_VQ_CONF
virtio-ccw: fix range check for SET_VQ
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | hw/s390x/ipl.c | 3 | ||||
| -rw-r--r-- | hw/s390x/virtio-ccw.c | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c index 54d0835f0a..2e26d2aa2c 100644 --- a/hw/s390x/ipl.c +++ b/hw/s390x/ipl.c @@ -14,7 +14,6 @@ #include "sysemu/sysemu.h" #include "cpu.h" #include "elf.h" -#include "exec/ram_addr.h" #include "hw/loader.h" #include "hw/sysbus.h" #include "hw/s390x/virtio-ccw.h" @@ -219,7 +218,7 @@ static Property s390_ipl_properties[] = { * - -1 if no valid boot device was found * - ccw id of the boot device otherwise */ -static uint64_t s390_update_iplstate(CPUS390XState *env, S390IPLState *ipl) +static uint32_t s390_update_iplstate(CPUS390XState *env, S390IPLState *ipl) { DeviceState *dev_st; diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c index 130535cdc3..d32ecafe98 100644 --- a/hw/s390x/virtio-ccw.c +++ b/hw/s390x/virtio-ccw.c @@ -266,7 +266,7 @@ static int virtio_ccw_set_vqs(SubchDev *sch, uint64_t addr, uint32_t align, { VirtIODevice *vdev = virtio_ccw_get_vdev(sch); - if (index > VIRTIO_PCI_QUEUE_MAX) { + if (index >= VIRTIO_PCI_QUEUE_MAX) { return -EINVAL; } @@ -549,6 +549,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) ret = -EFAULT; } else { vq_config.index = lduw_be_phys(&address_space_memory, ccw.cda); + if (vq_config.index >= VIRTIO_PCI_QUEUE_MAX) { + ret = -EINVAL; + break; + } vq_config.num_max = virtio_queue_get_num(vdev, vq_config.index); stw_be_phys(&address_space_memory, |