redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity

vfio-ccw: Don't assume there are more ccws after a TIC 

When trying to calculate the length of a ccw chain, we assume
there are ccws after a TIC. This can lead to overcounting and
copying garbage data from guest memory.

Signed-off-by: Farhan Ali <alifm@linux.ibm.com>
Message-Id: <d63748c1f1b03147bcbf401596638627a5e35ef7.1548082107.git.alifm@linux.ibm.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
hifive-unleashed-5.1
Farhan Ali 2019-01-21 09:54:08 -05:00 committed by Cornelia Huck
parent 7dd541a3fb
commit 405d566f98
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/s390/cio/vfio_ccw_cp.c
View File

@ -392,7 +392,7 @@ static int ccwchain_calc_length(u64 iova, struct channel_program *cp)
return -EOPNOTSUPP;
}
if ((!ccw_is_chain(ccw)) && (!ccw_is_tic(ccw)))
if (!ccw_is_chain(ccw))
break;
ccw++;