From patchwork Tue May 14 21:53:02 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Roth <mdroth@linux.vnet.ibm.com>
X-Patchwork-Id: 243841
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id A47812C0077
	for <incoming@patchwork.ozlabs.org>;
	Wed, 15 May 2013 07:58:20 +1000 (EST)
Received: from localhost ([::1]:33754 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1UcNEg-0002LX-Un
	for incoming@patchwork.ozlabs.org; Tue, 14 May 2013 17:58:18 -0400
Received: from eggs.gnu.org ([208.118.235.92]:48157)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <flukshun@gmail.com>) id 1UcNC8-0006ya-Qa
	for qemu-devel@nongnu.org; Tue, 14 May 2013 17:55:42 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <flukshun@gmail.com>) id 1UcNC7-0003rw-An
	for qemu-devel@nongnu.org; Tue, 14 May 2013 17:55:40 -0400
Received: from mail-ia0-x22f.google.com ([2607:f8b0:4001:c02::22f]:32996)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <flukshun@gmail.com>)
	id 1UcNC7-0003rn-4p; Tue, 14 May 2013 17:55:39 -0400
Received: by mail-ia0-f175.google.com with SMTP id m10so1285138iam.34
	for <multiple recipients>; Tue, 14 May 2013 14:55:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=x-received:sender:from:to:cc:subject:date:message-id:x-mailer
	:in-reply-to:references;
	bh=F0BrIqP80kA37lw1UmSQXBtqtyr5K2ZkwR74XJy6Yac=;
	b=JluFjiQLCAjxbvxsl3bVRzOqWyARtLS3yn+h+2C1wsNdP3eFeZp71ed0RLUlRy8MNc
	Z9afwZH0LtZnkoadNqAMRKjeAnlY4I+mE33umkWUfUFhEjcd5C6RkFH61Djl1BcRE6Ce
	kq3vmfk12KN69HL2+0n+j4cBSAVUuRGESQe+6UCVR9RvHt80pktxqDNL481Zz00bLilI
	sjblkVEgmkFl5xaSGkvqnx9E0Pkg6ubiTtYYzJS7UJ0kIQ0nmEhL9yUwD/nUVHmuD8Qs
	XCdZKep1z9156uv1tKdfhfVnDTMJtNCggkdYicq1pqL7RpzI3WkWeVlUfSmpX3srLioT
	2ilA==
X-Received: by 10.50.8.39 with SMTP id o7mr3561223iga.98.1368568538451;
	Tue, 14 May 2013 14:55:38 -0700 (PDT)
Received: from localhost (cpe-72-177-121-217.austin.res.rr.com.
	[72.177.121.217]) by mx.google.com with ESMTPSA id
	kc10sm26219843igb.0.2013.05.14.14.55.37 for <multiple recipients>
	(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
	Tue, 14 May 2013 14:55:37 -0700 (PDT)
From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Date: Tue, 14 May 2013 16:53:02 -0500
Message-Id: <1368568392-2127-6-git-send-email-mdroth@linux.vnet.ibm.com>
X-Mailer: git-send-email 1.7.9.5
In-Reply-To: <1368568392-2127-1-git-send-email-mdroth@linux.vnet.ibm.com>
References: <1368568392-2127-1-git-send-email-mdroth@linux.vnet.ibm.com>
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2607:f8b0:4001:c02::22f
Cc: aliguori@us.ibm.com, qemu-stable@nongnu.org
Subject: [Qemu-devel] [PATCH 05/15] virtio-ccw: Check indicators location.
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

From: Cornelia Huck <cornelia.huck@de.ibm.com>

If a guest neglected to register (secondary) indicators but still runs
with notifications enabled, we might end up writing to guest zero;
avoid this by checking for valid indicators and only writing to the
guest and generating an interrupt if indicators have been setup.

Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
(cherry picked from commit 7c4869761d7f2e0a3f806a5359eea5d2473ec5d5)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/s390x/virtio-ccw.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index d92e427..627d11d 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -662,10 +662,16 @@ static void virtio_ccw_notify(DeviceState *d, uint16_t vector)
     }
 
     if (vector < VIRTIO_PCI_QUEUE_MAX) {
+        if (!dev->indicators) {
+            return;
+        }
         indicators = ldq_phys(dev->indicators);
         indicators |= 1ULL << vector;
         stq_phys(dev->indicators, indicators);
     } else {
+        if (!dev->indicators2) {
+            return;
+        }
         vector = 0;
         indicators = ldq_phys(dev->indicators2);
         indicators |= 1ULL << vector;