[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 06/34] spapr: Fail CAS if option vector table cannot be parsed
|
From: |
David Gibson |
|
Subject: |
[PULL 06/34] spapr: Fail CAS if option vector table cannot be parsed |
|
Date: |
Fri, 31 Jan 2020 17:08:56 +1100 |
From: Greg Kurz <address@hidden>
Most of the option vector helpers have assertions to check their
arguments aren't null. The guest can provide an arbitrary address
for the CAS structure that would result in such null arguments.
Fail CAS with H_PARAMETER and print a warning instead of aborting
QEMU.
Signed-off-by: Greg Kurz <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: David Gibson <address@hidden>
---
hw/ppc/spapr_hcall.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
index f1799b1b70..ffb14641f9 100644
--- a/hw/ppc/spapr_hcall.c
+++ b/hw/ppc/spapr_hcall.c
@@ -1703,7 +1703,15 @@ static target_ulong
h_client_architecture_support(PowerPCCPU *cpu,
ov_table = addr;
ov1_guest = spapr_ovec_parse_vector(ov_table, 1);
+ if (!ov1_guest) {
+ warn_report("guest didn't provide option vector 1");
+ return H_PARAMETER;
+ }
ov5_guest = spapr_ovec_parse_vector(ov_table, 5);
+ if (!ov5_guest) {
+ warn_report("guest didn't provide option vector 5");
+ return H_PARAMETER;
+ }
if (spapr_ovec_test(ov5_guest, OV5_MMU_BOTH)) {
error_report("guest requested hash and radix MMU, which is invalid.");
exit(EXIT_FAILURE);
--
2.24.1
- [PULL 02/34] ppc/pnv: improve error logging when a PNOR update fails, (continued)
- [PULL 02/34] ppc/pnv: improve error logging when a PNOR update fails, David Gibson, 2020/01/31
- [PULL 03/34] ppc:virtex_ml507: remove unused arguments, David Gibson, 2020/01/31
- [PULL 01/34] ppc/pnv: use QEMU unit definition MiB, David Gibson, 2020/01/31
- [PULL 11/34] ppc/pnv: remove useless "core-pir" property alias., David Gibson, 2020/01/31
- [PULL 08/34] target/ppc: add support for Hypervisor Facility Unavailable Exception, David Gibson, 2020/01/31
- [PULL 05/34] target/ppc: Clarify the meaning of return values in kvm_handle_debug, David Gibson, 2020/01/31
- [PULL 07/34] target/ppc: Add privileged message send facilities, David Gibson, 2020/01/31
- [PULL 09/34] spapr: Don't allow multiple active vCPUs at CAS, David Gibson, 2020/01/31
- [PULL 10/34] ppc/pnv: Add support for HRMOR on Radix host, David Gibson, 2020/01/31
- [PULL 12/34] ppc/pnv: Add support for "hostboot" mode, David Gibson, 2020/01/31
- [PULL 06/34] spapr: Fail CAS if option vector table cannot be parsed,
David Gibson <=
- [PULL 13/34] tpm: Move tpm_tis_show_buffer to tpm_util.c, David Gibson, 2020/01/31
- [PULL 16/34] tpm_spapr: Support suspend and resume, David Gibson, 2020/01/31
- [PULL 22/34] spapr: Enable DD2.3 accelerated count cache flush in pseries-5.0 machine, David Gibson, 2020/01/31
- [PULL 15/34] tpm_spapr: Support TPM for ppc64 using CRQ based interface, David Gibson, 2020/01/31
- [PULL 24/34] Wrapper function to wait on condition for the main loop mutex, David Gibson, 2020/01/31
- [PULL 25/34] ppc: spapr: Introduce FWNMI capability, David Gibson, 2020/01/31
- [PULL 21/34] ppc/pnv: change the PowerNV machine devices to be non user creatable, David Gibson, 2020/01/31
- [PULL 27/34] target/ppc: Build rtas error log upon an MCE, David Gibson, 2020/01/31
- [PULL 14/34] spapr: Implement get_dt_compatible() callback, David Gibson, 2020/01/31
- [PULL 17/34] hw/ppc/Kconfig: Enable TPM_SPAPR as part of PSERIES config, David Gibson, 2020/01/31