From: Cornelia Huck <cornelia.huck@de.ibm.com>
Date: Tue, 26 Mar 2013 16:32:44 +0000 (+0100)
Subject: virtio-ccw: Queue sanity check for notify hypercall.
X-Git-Tag: qemu-xen-4.4.0-rc1~6^2~850^2
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=b57ed9bf075e33cdd2f9eb545ff555301dd57221;p=qemu-upstream-4.4-testing.git

virtio-ccw: Queue sanity check for notify hypercall.

Verify that the virtio-ccw notify hypercall passed a reasonable
value for queue.

Cc: qemu-stable@nongnu.org
Reported-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
---

diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index d4364143e..76b63e2ca 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -31,6 +31,9 @@ static int virtio_ccw_hcall_notify(const uint64_t *args)
     if (!sch || !css_subch_visible(sch)) {
         return -EINVAL;
     }
+    if (queue >= VIRTIO_PCI_QUEUE_MAX) {
+        return -EINVAL;
+    }
     virtio_queue_notify(virtio_ccw_get_vdev(sch), queue);
     return 0;