[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v1 2/8] s390/sclp: check sccb len before filling in data
|
From: |
Collin Walling |
|
Subject: |
[PATCH v1 2/8] s390/sclp: check sccb len before filling in data |
|
Date: |
Fri, 8 May 2020 19:08:17 -0400 |
The SCCB must be checked for a sufficient length before it is filled
with any data. If the length is insufficient, then the SCLP command
is suppressed and the proper response code is set in the SCCB header.
Signed-off-by: Collin Walling <address@hidden>
---
hw/s390x/sclp.c | 22 ++++++++++------------
smp.max_cpus | 0
2 files changed, 10 insertions(+), 12 deletions(-)
create mode 100644 smp.max_cpus
diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
index 156ffe3223..d08a291e40 100644
--- a/hw/s390x/sclp.c
+++ b/hw/s390x/sclp.c
@@ -76,6 +76,11 @@ static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb)
int rnsize, rnmax;
IplParameterBlock *ipib = s390_ipl_get_iplb();
+ if (be16_to_cpu(sccb->h.length) < (sizeof(ReadInfo) + cpu_count *
sizeof(CPUEntry))) {
+ sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
+ return;
+ }
+
/* CPU information */
prepare_cpu_entries(read_info->entries, &cpu_count);
read_info->entries_cpu = cpu_to_be16(cpu_count);
@@ -84,12 +89,6 @@ static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb)
read_info->ibc_val = cpu_to_be32(s390_get_ibc_val());
- if (be16_to_cpu(sccb->h.length) <
- (sizeof(ReadInfo) + cpu_count * sizeof(CPUEntry))) {
- sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
- return;
- }
-
/* Configuration Characteristic (Extension) */
s390_get_feat_block(S390_FEAT_TYPE_SCLP_CONF_CHAR,
read_info->conf_char);
@@ -135,17 +134,16 @@ static void sclp_read_cpu_info(SCLPDevice *sclp, SCCB
*sccb)
ReadCpuInfo *cpu_info = (ReadCpuInfo *) sccb;
int cpu_count;
+ if (be16_to_cpu(sccb->h.length) < (sizeof(ReadCpuInfo) + cpu_count *
sizeof(CPUEntry))) {
+ sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
+ return;
+ }
+
prepare_cpu_entries(cpu_info->entries, &cpu_count);
cpu_info->nr_configured = cpu_to_be16(cpu_count);
cpu_info->offset_configured = cpu_to_be16(offsetof(ReadCpuInfo, entries));
cpu_info->nr_standby = cpu_to_be16(0);
- if (be16_to_cpu(sccb->h.length) <
- (sizeof(ReadCpuInfo) + cpu_count * sizeof(CPUEntry))) {
- sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
- return;
- }
-
/* The standby offset is 16-byte for each CPU */
cpu_info->offset_standby = cpu_to_be16(cpu_info->offset_configured
+ cpu_info->nr_configured*sizeof(CPUEntry));
diff --git a/smp.max_cpus b/smp.max_cpus
new file mode 100644
index 0000000000..e69de29bb2
--
2.21.1
- Re: [PATCH v1 4/8] s390/sclp: read sccb from mem based on sccb length, (continued)
[PATCH v1 7/8] s390/kvm: header sync for diag318, Collin Walling, 2020/05/08
[PATCH v1 2/8] s390/sclp: check sccb len before filling in data,
Collin Walling <=
- Re: [PATCH v1 2/8] s390/sclp: check sccb len before filling in data, Janosch Frank, 2020/05/11
- Re: [PATCH v1 2/8] s390/sclp: check sccb len before filling in data, David Hildenbrand, 2020/05/11
- Re: [PATCH v1 2/8] s390/sclp: check sccb len before filling in data, Collin Walling, 2020/05/11
- Re: [PATCH v1 2/8] s390/sclp: check sccb len before filling in data, Janosch Frank, 2020/05/11
- Re: [PATCH v1 2/8] s390/sclp: check sccb len before filling in data, David Hildenbrand, 2020/05/11
- Re: [PATCH v1 2/8] s390/sclp: check sccb len before filling in data, Cornelia Huck, 2020/05/12
- Re: [PATCH v1 2/8] s390/sclp: check sccb len before filling in data, Collin Walling, 2020/05/12
- Re: [PATCH v1 2/8] s390/sclp: check sccb len before filling in data, Cornelia Huck, 2020/05/12
- Re: [PATCH v1 2/8] s390/sclp: check sccb len before filling in data, Collin Walling, 2020/05/12
Re: [PATCH v1 2/8] s390/sclp: check sccb len before filling in data, Janosch Frank, 2020/05/13