diff options
author | Cornelia Huck <cornelia.huck@de.ibm.com> | 2013-04-23 17:15:19 +0200 |
---|---|---|
committer | Cornelia Huck <cornelia.huck@de.ibm.com> | 2013-04-25 10:43:30 +0200 |
commit | 7c4869761d7f2e0a3f806a5359eea5d2473ec5d5 (patch) | |
tree | ef3fb08a4797eb454ae3ac037f25592e5d3f1c2d /hw/s390x | |
parent | 9953f8822cc316eec9962f0a2858c3439a80adec (diff) |
virtio-ccw: Check indicators location.
If a guest neglected to register (secondary) indicators but still runs
with notifications enabled, we might end up writing to guest zero;
avoid this by checking for valid indicators and only writing to the
guest and generating an interrupt if indicators have been setup.
Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Diffstat (limited to 'hw/s390x')
-rw-r--r-- | hw/s390x/virtio-ccw.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c index 56e4872e11..b857413fa4 100644 --- a/hw/s390x/virtio-ccw.c +++ b/hw/s390x/virtio-ccw.c @@ -742,10 +742,16 @@ static void virtio_ccw_notify(DeviceState *d, uint16_t vector) } if (vector < VIRTIO_PCI_QUEUE_MAX) { + if (!dev->indicators) { + return; + } indicators = ldq_phys(dev->indicators); indicators |= 1ULL << vector; stq_phys(dev->indicators, indicators); } else { + if (!dev->indicators2) { + return; + } vector = 0; indicators = ldq_phys(dev->indicators2); indicators |= 1ULL << vector; |