All of lore.kernel.org
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH] target-s390x: Only access allocated storage keys
@ 2015-06-03 22:52 Alexander Graf
  2015-06-04  5:14 ` Aurelien Jarno
  0 siblings, 1 reply; 2+ messages in thread
From: Alexander Graf @ 2015-06-03 22:52 UTC (permalink / raw)
  To: qemu-devel; +Cc: aurelien, rth

We allocate ram_size / PAGE_SIZE storage keys, so we need to make sure that
we only access that many. Unfortunately the code can overrun this array by
one, potentially overwriting unrelated memory.

Fix it by limiting storage keys to their scope.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 target-s390x/mmu_helper.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target-s390x/mmu_helper.c b/target-s390x/mmu_helper.c
index e8dcd0c..815ff42 100644
--- a/target-s390x/mmu_helper.c
+++ b/target-s390x/mmu_helper.c
@@ -358,7 +358,7 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
     /* Convert real address -> absolute address */
     *raddr = mmu_real2abs(env, *raddr);
 
-    if (*raddr <= ram_size) {
+    if (*raddr < ram_size) {
         sk = &env->storage_keys[*raddr / TARGET_PAGE_SIZE];
         if (*flags & PAGE_READ) {
             *sk |= SK_R;
-- 
2.2.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH] target-s390x: Only access allocated storage keys
  2015-06-03 22:52 [Qemu-devel] [PATCH] target-s390x: Only access allocated storage keys Alexander Graf
@ 2015-06-04  5:14 ` Aurelien Jarno
  0 siblings, 0 replies; 2+ messages in thread
From: Aurelien Jarno @ 2015-06-04  5:14 UTC (permalink / raw)
  To: Alexander Graf; +Cc: qemu-devel, rth

On 2015-06-04 00:52, Alexander Graf wrote:
> We allocate ram_size / PAGE_SIZE storage keys, so we need to make sure that
> we only access that many. Unfortunately the code can overrun this array by
> one, potentially overwriting unrelated memory.
> 
> Fix it by limiting storage keys to their scope.
> 
> Signed-off-by: Alexander Graf <agraf@suse.de>
> ---
>  target-s390x/mmu_helper.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/target-s390x/mmu_helper.c b/target-s390x/mmu_helper.c
> index e8dcd0c..815ff42 100644
> --- a/target-s390x/mmu_helper.c
> +++ b/target-s390x/mmu_helper.c
> @@ -358,7 +358,7 @@ int mmu_translate(CPUS390XState *env, target_ulong vaddr, int rw, uint64_t asc,
>      /* Convert real address -> absolute address */
>      *raddr = mmu_real2abs(env, *raddr);
>  
> -    if (*raddr <= ram_size) {
> +    if (*raddr < ram_size) {
>          sk = &env->storage_keys[*raddr / TARGET_PAGE_SIZE];
>          if (*flags & PAGE_READ) {
>              *sk |= SK_R;

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-06-04  5:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-06-03 22:52 [Qemu-devel] [PATCH] target-s390x: Only access allocated storage keys Alexander Graf
2015-06-04  5:14 ` Aurelien Jarno

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.