aboutsummaryrefslogtreecommitdiff
path: root/hw/s390x
diff options
context:
space:
mode:
authorYi Min Zhao <zyimin@linux.vnet.ibm.com>2016-05-04 15:56:53 +0800
committerCornelia Huck <cornelia.huck@de.ibm.com>2016-05-17 15:50:29 +0200
commit3b40ea2957683bc7bea1a358f25045e6184077cf (patch)
tree24a3b5a447226423cf8617dd64816b87dde53a5a /hw/s390x
parenta6d9d4f26afc2c2fcfe6a89f0766371a60143d5a (diff)
s390x/pci: add length checking for pci sclp handlers
The configure/deconfigure sclp commands need a SCCB with a length of at least 16. Indicate in the response code if this is not fulfilled. Signed-off-by: Yi Min Zhao <zyimin@linux.vnet.ibm.com> Reviewed-by: Pierre Morel <pmorel@linux.vnet.ibm.com> Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Diffstat (limited to 'hw/s390x')
-rw-r--r--hw/s390x/s390-pci-bus.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index b2cd31c15f..a77c10ce9e 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -113,6 +113,11 @@ void s390_pci_sclp_configure(SCCB *sccb)
S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(be32_to_cpu(psccb->aid));
uint16_t rc;
+ if (be16_to_cpu(sccb->h.length) < 16) {
+ rc = SCLP_RC_INSUFFICIENT_SCCB_LENGTH;
+ goto out;
+ }
+
if (pbdev) {
if (pbdev->configured) {
rc = SCLP_RC_NO_ACTION_REQUIRED;
@@ -124,7 +129,7 @@ void s390_pci_sclp_configure(SCCB *sccb)
DPRINTF("sclp config no dev found\n");
rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
}
-
+out:
psccb->header.response_code = cpu_to_be16(rc);
}
@@ -134,6 +139,11 @@ void s390_pci_sclp_deconfigure(SCCB *sccb)
S390PCIBusDevice *pbdev = s390_pci_find_dev_by_fid(be32_to_cpu(psccb->aid));
uint16_t rc;
+ if (be16_to_cpu(sccb->h.length) < 16) {
+ rc = SCLP_RC_INSUFFICIENT_SCCB_LENGTH;
+ goto out;
+ }
+
if (pbdev) {
if (!pbdev->configured) {
rc = SCLP_RC_NO_ACTION_REQUIRED;
@@ -151,7 +161,7 @@ void s390_pci_sclp_deconfigure(SCCB *sccb)
DPRINTF("sclp deconfig no dev found\n");
rc = SCLP_RC_ADAPTER_ID_NOT_RECOGNIZED;
}
-
+out:
psccb->header.response_code = cpu_to_be16(rc);
}