From: Cornelia Huck <cornelia.huck@de.ibm.com>
Date: Tue, 23 Apr 2013 15:15:19 +0000 (+0200)
Subject: virtio-ccw: Check indicators location.
X-Git-Tag: v1.4.2~21
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5613bda4ac3e93b0ea7c4fd3e02ab8590ee34cca;p=thirdparty%2Fqemu.git

virtio-ccw: Check indicators location.

If a guest neglected to register (secondary) indicators but still runs
with notifications enabled, we might end up writing to guest zero;
avoid this by checking for valid indicators and only writing to the
guest and generating an interrupt if indicators have been setup.

Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
(cherry picked from commit 7c4869761d7f2e0a3f806a5359eea5d2473ec5d5)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---

diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index d92e42735cf..627d11d7623 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -662,10 +662,16 @@ static void virtio_ccw_notify(DeviceState *d, uint16_t vector)
     }
 
     if (vector < VIRTIO_PCI_QUEUE_MAX) {
+        if (!dev->indicators) {
+            return;
+        }
         indicators = ldq_phys(dev->indicators);
         indicators |= 1ULL << vector;
         stq_phys(dev->indicators, indicators);
     } else {
+        if (!dev->indicators2) {
+            return;
+        }
         vector = 0;
         indicators = ldq_phys(dev->indicators2);
         indicators |= 1ULL << vector;