aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Graf <agraf@suse.de>2015-06-04 00:52:44 +0200
committerAlexander Graf <agraf@suse.de>2015-06-05 01:38:00 +0200
commit9814fed0afa73f5c37f04e02ec17c915a5d59303 (patch)
treefa2bb7c8e673f857834cff32be2c3d8f8dadd6d9
parent068593deea6cc61b06243a33c7fcfadb1650b654 (diff)
target-s390x: Only access allocated storage keys
We allocate ram_size / PAGE_SIZE storage keys, so we need to make sure that we only access that many. Unfortunately the code can overrun this array by one, potentially overwriting unrelated memory. Fix it by limiting storage keys to their scope. Signed-off-by: Alexander Graf <agraf@suse.de> Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
-rw-r--r--target-s390x/mmu_helper.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/target-s390x/mmu_helper.c b/target-s390x/mmu_helper.c
index e8dcd0c18f..815ff42dde 100644
--- a/target-s390x/mmu_helper.c
+++ b/target-s390x/mmu_helper.c
@@ -358,7 +358,7 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
/* Convert real address -> absolute address */
*raddr = mmu_real2abs(env, *raddr);
- if (*raddr <= ram_size) {
+ if (*raddr < ram_size) {
sk = &env->storage_keys[*raddr / TARGET_PAGE_SIZE];
if (*flags & PAGE_READ) {
*sk |= SK_R;