diff options
author | Yi Min Zhao <zyimin@linux.vnet.ibm.com> | 2016-05-04 15:56:53 +0800 |
---|---|---|
committer | Cornelia Huck <cornelia.huck@de.ibm.com> | 2016-05-17 15:50:29 +0200 |
commit | 3b40ea2957683bc7bea1a358f25045e6184077cf (patch) | |
tree | 24a3b5a447226423cf8617dd64816b87dde53a5a /hw/s390x/s390-pci-bus.c | |
parent | a6d9d4f26afc2c2fcfe6a89f0766371a60143d5a (diff) |
s390x/pci: add length checking for pci sclp handlers
The configure/deconfigure sclp commands need a SCCB with a length of
at least 16. Indicate in the response code if this is not fulfilled.
Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Diffstat (limited to 'hw/s390x/s390-pci-bus.c')
-rw-r--r-- | hw/s390x/s390-pci-bus.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c index b2cd31c15f..a77c10ce9e 100644 --- a/hw/s390x/s390-pci-bus.c +++ b/hw/s390x/s390-pci-bus.c @@ -113,6 +113,11 @@ void s390_pci_sclp_configure(SCCB *sccb) S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(be32_to_cpu(psccb->aid)); uint16_t rc; + if (be16_to_cpu(sccb->h.length) < 16) { + rc = SCLP_RC_INSUFFICIENT_SCCB_LENGTH; + goto out; + } + if (pbdev) { if (pbdev->configured) { rc = SCLP_RC_NO_ACTION_REQUIRED; @@ -124,7 +129,7 @@ void s390_pci_sclp_configure(SCCB *sccb) DPRINTF("sclp config no dev found\n"); rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED; } - +out: psccb->header.response_code = cpu_to_be16(rc); } @@ -134,6 +139,11 @@ void s390_pci_sclp_deconfigure(SCCB *sccb) S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(be32_to_cpu(psccb->aid)); uint16_t rc; + if (be16_to_cpu(sccb->h.length) < 16) { + rc = SCLP_RC_INSUFFICIENT_SCCB_LENGTH; + goto out; + } + if (pbdev) { if (!pbdev->configured) { rc = SCLP_RC_NO_ACTION_REQUIRED; @@ -151,7 +161,7 @@ void s390_pci_sclp_deconfigure(SCCB *sccb) DPRINTF("sclp deconfig no dev found\n"); rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED; } - +out: psccb->header.response_code = cpu_to_be16(rc); } |