From: Cornelia Huck <cohuck@redhat.com>
To: Thomas Huth <thuth@redhat.com>
Cc: Collin Walling <walling@linux.ibm.com>,
frankja@linux.ibm.com, mst@redhat.com, david@redhat.com,
qemu-devel@nongnu.org, pasic@linux.ibm.com,
borntraeger@de.ibm.com, qemu-s390x@nongnu.org,
pbonzini@redhat.com, sumanthk@linux.ibm.com,
mihajlov@linux.ibm.com, rth@twiddle.net
Subject: Re: [PATCH v5 2/8] s390/sclp: rework sclp boundary checks
Date: Fri, 11 Sep 2020 12:24:24 +0200 [thread overview]
Message-ID: <20200911122424.582340f4.cohuck@redhat.com> (raw)
In-Reply-To: <4c495858-c7aa-2e12-ef2b-26952019e8ef@redhat.com>
On Thu, 10 Sep 2020 19:45:01 +0200
Thomas Huth <thuth@redhat.com> wrote:
> On 10/09/2020 11.36, Collin Walling wrote:
> > Rework the SCLP boundary check to account for different SCLP commands
> > (eventually) allowing different boundary sizes.
> >
> > Signed-off-by: Collin Walling <walling@linux.ibm.com>
> > Acked-by: Janosch Frank <frankja@linux.ibm.com>
> > Reviewed-by: Cornelia Huck <cohuck@redhat.com>
> > ---
> > hw/s390x/sclp.c | 19 ++++++++++++++++++-
> > 1 file changed, 18 insertions(+), 1 deletion(-)
> >
> > diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
> > index 28b973de8f..69a8724dc7 100644
> > --- a/hw/s390x/sclp.c
> > +++ b/hw/s390x/sclp.c
> > @@ -49,6 +49,18 @@ static inline bool sclp_command_code_valid(uint32_t code)
> > return false;
> > }
> >
> > +static bool sccb_verify_boundary(uint64_t sccb_addr, uint16_t len)
>
> Maybe it would be good to add a comment in front of the function to say
> that len must be big endian?
What about renaming it to sccb_h_len or so? That would make it more
clear that the parameter is not just some random length.
>
> Thomas
>
> > +{
> > + uint64_t sccb_max_addr = sccb_addr + be16_to_cpu(len) - 1;
> > + uint64_t sccb_boundary = (sccb_addr & PAGE_MASK) + PAGE_SIZE;
> > +
> > + if (sccb_max_addr < sccb_boundary) {
> > + return true;
> > + }
> > +
> > + return false;
> > +}
> > +
> > static void prepare_cpu_entries(MachineState *ms, CPUEntry *entry, int *count)
> > {
> > uint8_t features[SCCB_CPU_FEATURE_LEN] = { 0 };
> > @@ -229,6 +241,11 @@ int sclp_service_call_protected(CPUS390XState *env, uint64_t sccb,
> > goto out_write;
> > }
> >
> > + if (!sccb_verify_boundary(sccb, work_sccb.h.length)) {
...name inspired by the 'h' in here.
> > + work_sccb.h.response_code = cpu_to_be16(SCLP_RC_SCCB_BOUNDARY_VIOLATION);
> > + goto out_write;
> > + }
> > +
> > sclp_c->execute(sclp, &work_sccb, code);
> > out_write:
> > s390_cpu_pv_mem_write(env_archcpu(env), 0, &work_sccb,
> > @@ -274,7 +291,7 @@ int sclp_service_call(CPUS390XState *env, uint64_t sccb, uint32_t code)
> > goto out_write;
> > }
> >
> > - if ((sccb + be16_to_cpu(work_sccb.h.length)) > ((sccb & PAGE_MASK) + PAGE_SIZE)) {
> > + if (!sccb_verify_boundary(sccb, work_sccb.h.length)) {
> > work_sccb.h.response_code = cpu_to_be16(SCLP_RC_SCCB_BOUNDARY_VIOLATION);
> > goto out_write;
> > }
> >
>
next prev parent reply other threads:[~2020-09-11 10:25 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-10 9:36 [PATCH v5 0/8] s390: Extended-Length SCCB & DIAGNOSE 0x318 Collin Walling
2020-09-10 9:36 ` [PATCH v5 1/8] s390/sclp: get machine once during read scp/cpu info Collin Walling
2020-09-10 9:36 ` [PATCH v5 2/8] s390/sclp: rework sclp boundary checks Collin Walling
2020-09-10 17:45 ` Thomas Huth
2020-09-11 10:24 ` Cornelia Huck [this message]
2020-09-11 14:50 ` Collin Walling
2020-09-10 9:36 ` [PATCH v5 3/8] s390/sclp: read sccb from mem based on provided length Collin Walling
2020-09-10 17:50 ` Thomas Huth
2020-09-10 17:56 ` Collin Walling
2020-09-11 18:16 ` Collin Walling
2020-09-12 6:28 ` Thomas Huth
2020-09-15 14:27 ` Collin Walling
2020-09-10 9:36 ` [PATCH v5 4/8] s390/sclp: check sccb len before filling in data Collin Walling
2020-09-10 9:36 ` [PATCH v5 5/8] s390/sclp: use cpu offset to locate cpu entries Collin Walling
2020-09-11 4:33 ` Thomas Huth
2020-09-11 10:36 ` Cornelia Huck
2020-09-10 9:36 ` [PATCH v5 6/8] s390/sclp: add extended-length sccb support for kvm guest Collin Walling
2020-09-11 10:47 ` Cornelia Huck
2020-09-11 13:41 ` Thomas Huth
2020-09-11 13:54 ` Thomas Huth
2020-09-11 14:52 ` Collin Walling
2020-09-10 9:36 ` [PATCH v5 7/8] s390/kvm: header sync for diag318 Collin Walling
2020-09-10 11:09 ` Cornelia Huck
2020-09-10 9:36 ` [PATCH v5 8/8] s390: guest support for diagnose 0x318 Collin Walling
2020-09-11 15:08 ` Thomas Huth
2020-09-11 15:14 ` Thomas Huth
2020-09-15 14:57 ` Collin Walling
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200911122424.582340f4.cohuck@redhat.com \
--to=cohuck@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=david@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=mihajlov@linux.ibm.com \
--cc=mst@redhat.com \
--cc=pasic@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=rth@twiddle.net \
--cc=sumanthk@linux.ibm.com \
--cc=thuth@redhat.com \
--cc=walling@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.