diff options
| author | Cornelia Huck <cornelia.huck@de.ibm.com> | 2013-03-26 17:32:44 +0100 |
|---|---|---|
| committer | Cornelia Huck <cornelia.huck@de.ibm.com> | 2013-03-26 18:04:24 +0100 |
| commit | b57ed9bf075e33cdd2f9eb545ff555301dd57221 (patch) | |
| tree | 6d09ebd2d0fcd28465d9838452ae680b05b92699 /hw/s390x | |
| parent | e769bdc26ded6d7681cddd9f67c5f87a4b5ba53c (diff) | |
| download | qemu-b57ed9bf075e33cdd2f9eb545ff555301dd57221.tar.gz qemu-b57ed9bf075e33cdd2f9eb545ff555301dd57221.tar.bz2 qemu-b57ed9bf075e33cdd2f9eb545ff555301dd57221.zip | |
virtio-ccw: Queue sanity check for notify hypercall.
Verify that the virtio-ccw notify hypercall passed a reasonable
value for queue.
Cc: qemu-stable@nongnu.org
Reported-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Diffstat (limited to 'hw/s390x')
| -rw-r--r-- | hw/s390x/s390-virtio-ccw.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c index d4364143ea..76b63e2ca6 100644 --- a/hw/s390x/s390-virtio-ccw.c +++ b/hw/s390x/s390-virtio-ccw.c @@ -31,6 +31,9 @@ static int virtio_ccw_hcall_notify(const uint64_t *args) if (!sch || !css_subch_visible(sch)) { return -EINVAL; } + if (queue >= VIRTIO_PCI_QUEUE_MAX) { + return -EINVAL; + } virtio_queue_notify(virtio_ccw_get_vdev(sch), queue); return 0; |