From: Claudio Imbrenda Date: Fri, 27 Sep 2019 13:33:23 +0000 (+0200) Subject: s390x: sclp: Report insufficient SCCB length X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=832be0d8a3bb7b54d64730f7a37d674f30ca0427;p=qemu.git s390x: sclp: Report insufficient SCCB length Return the correct error code when the SCCB buffer is too small to contain all of the output, for the Read SCP Information and Read CPU Information commands. Signed-off-by: Claudio Imbrenda Reviewed-by: Jason J. Herne Message-Id: <1569591203-15258-5-git-send-email-imbrenda@linux.ibm.com> Reviewed-by: David Hildenbrand Signed-off-by: Christian Borntraeger --- diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c index abb6e5011f..f57ce7b739 100644 --- a/hw/s390x/sclp.c +++ b/hw/s390x/sclp.c @@ -68,6 +68,12 @@ static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb) read_info->ibc_val = cpu_to_be32(s390_get_ibc_val()); + if (be16_to_cpu(sccb->h.length) < + (sizeof(ReadInfo) + cpu_count * sizeof(CPUEntry))) { + sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH); + return; + } + /* Configuration Characteristic (Extension) */ s390_get_feat_block(S390_FEAT_TYPE_SCLP_CONF_CHAR, read_info->conf_char); @@ -118,6 +124,12 @@ static void sclp_read_cpu_info(SCLPDevice *sclp, SCCB *sccb) cpu_info->offset_configured = cpu_to_be16(offsetof(ReadCpuInfo, entries)); cpu_info->nr_standby = cpu_to_be16(0); + if (be16_to_cpu(sccb->h.length) < + (sizeof(ReadCpuInfo) + cpu_count * sizeof(CPUEntry))) { + sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH); + return; + } + /* The standby offset is 16-byte for each CPU */ cpu_info->offset_standby = cpu_to_be16(cpu_info->offset_configured + cpu_info->nr_configured*sizeof(CPUEntry));