From 882b3b97697affb36ca3d174f42f846232008979 Mon Sep 17 00:00:00 2001 From: Cornelia Huck Date: Mon, 15 Aug 2016 11:10:28 +0200 Subject: s390x/css: handle cssid 255 correctly The cssid 255 is reserved but still valid from an architectural point of view. However, feeding a bogus schid of 0xffffffff into the virtio hypercall will lead to a crash: Stack trace of thread 138363: #0 0x00000000100d168c css_find_subch (qemu-system-s390x) #1 0x00000000100d3290 virtio_ccw_hcall_notify #2 0x00000000100cbf60 s390_virtio_hypercall #3 0x000000001010ff7a handle_hypercall #4 0x0000000010079ed4 kvm_cpu_exec (qemu-system-s390x) #5 0x00000000100609b4 qemu_kvm_cpu_thread_fn #6 0x000003ff8b887bb4 start_thread (libpthread.so.0) #7 0x000003ff8b78df0a thread_start (libc.so.6) This is because the css array was only allocated for 0..254 instead of 0..255. Let's fix this by bumping MAX_CSSID to 255 and fencing off the reserved cssid of 255 during css image allocation. Reported-by: Christian Borntraeger Tested-by: Christian Borntraeger Cc: qemu-stable@nongnu.org Signed-off-by: Cornelia Huck --- include/hw/s390x/css.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/hw/s390x/css.h') diff --git a/include/hw/s390x/css.h b/include/hw/s390x/css.h index 1da63e361d..c96c862057 100644 --- a/include/hw/s390x/css.h +++ b/include/hw/s390x/css.h @@ -20,7 +20,7 @@ #define MAX_DEVNO 65535 #define MAX_SCHID 65535 #define MAX_SSID 3 -#define MAX_CSSID 254 /* 255 is reserved */ +#define MAX_CSSID 255 #define MAX_CHPID 255 #define MAX_CIWS 62 -- cgit v1.2.3