On Fri, Jan 17, 2020 at 10:15:52AM +0100, Greg Kurz wrote: > Most of the option vector helpers have assertions to check their > arguments aren't null. The guest can provide an arbitrary address > for the CAS structure that would result in such null arguments. > Fail CAS with H_PARAMETER and print a warning instead of aborting > QEMU. > > Signed-off-by: Greg Kurz <gr...@kaod.org> > Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com>
Applied to ppc-for-5.0, thanks.
> ---
> v3: - drop ov_table check
> v2: - print warnings
> ---
> hw/ppc/spapr_hcall.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/hw/ppc/spapr_hcall.c b/hw/ppc/spapr_hcall.c
> index f1799b1b707d..ffb14641f9d3 100644
> --- a/hw/ppc/spapr_hcall.c
> +++ b/hw/ppc/spapr_hcall.c
> @@ -1703,7 +1703,15 @@ static target_ulong
> h_client_architecture_support(PowerPCCPU *cpu,
> ov_table = addr;
>
> ov1_guest = spapr_ovec_parse_vector(ov_table, 1);
> + if (!ov1_guest) {
> + warn_report("guest didn't provide option vector 1");
> + return H_PARAMETER;
> + }
> ov5_guest = spapr_ovec_parse_vector(ov_table, 5);
> + if (!ov5_guest) {
> + warn_report("guest didn't provide option vector 5");
> + return H_PARAMETER;
> + }
> if (spapr_ovec_test(ov5_guest, OV5_MMU_BOTH)) {
> error_report("guest requested hash and radix MMU, which is
> invalid.");
> exit(EXIT_FAILURE);
>
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
