s390x/css: fix bits must be zero check for TIC

According to the PoP bit positions 0-3 and 8-32 of the format-1 CCW must contain zeros. Bits 0-3 are already covered by cmd_code validity checking, and bit 32 is covered by the CCW address checking. Bits 8-31 correspond to CCW1.flags and CCW1.count. Currently we only check for the absence of certain flags. Let's fix this. Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com> Message-Id: <20170725224442.13383-3-pasic@linux.vnet.ibm.com> Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com> [CH: tweaked comment] Signed-off-by: Cornelia Huck <cohuck@redhat.com>
author: Halil Pasic <pasic@linux.vnet.ibm.com> 2017-07-26 00:44:42 +0200
committer: Cornelia Huck <cohuck@redhat.com> 2017-07-28 10:06:25 +0200
commit: 4add0da64942d83e0564147c0876b01074bde9cb (patch)
tree: f24a3558b915fdae78a9bb322e98fb4be426b710 /hw
parent: 198c0d1f9df8c429502cb744fc26b6ba6e71db74 (diff)
download: qemu-4add0da64942d83e0564147c0876b01074bde9cb.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/hw/s390x/css.c b/hw/s390x/css.c
index 177cbfc92d..1880b1a0ff 100644
--- a/hw/s390x/css.c
+++ b/hw/s390x/css.c
@@ -885,7 +885,8 @@ static int css_interpret_ccw(SubchDev *sch, hwaddr ccw_addr,
             ret = -EINVAL;
             break;
         }
-        if (ccw.flags & (CCW_FLAG_CC | CCW_FLAG_DC)) {
+        if (ccw.flags || ccw.count) {
+            /* We have already sanitized these if converted from fmt 0. */
             ret = -EINVAL;
             break;
         }
author	Halil Pasic <pasic@linux.vnet.ibm.com>	2017-07-26 00:44:42 +0200
committer	Cornelia Huck <cohuck@redhat.com>	2017-07-28 10:06:25 +0200
commit	4add0da64942d83e0564147c0876b01074bde9cb (patch)
tree	f24a3558b915fdae78a9bb322e98fb4be426b710 /hw
parent	198c0d1f9df8c429502cb744fc26b6ba6e71db74 (diff)
download	qemu-4add0da64942d83e0564147c0876b01074bde9cb.tar.gz