On 16.05.20 00:20, Collin Walling wrote: > The SCCB must be checked for a sufficient length before it is filled > with any data. If the length is insufficient, then the SCLP command > is suppressed and the proper response code is set in the SCCB header. > > Fixes: 832be0d8a3bb ("s390x: sclp: Report insufficient SCCB length") > Signed-off-by: Collin Walling <wall...@linux.ibm.com> > --- > hw/s390x/sclp.c | 22 ++++++++++------------ > 1 file changed, 10 insertions(+), 12 deletions(-) > > diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c > index 61e2e2839c..2bd618515e 100644 > --- a/hw/s390x/sclp.c > +++ b/hw/s390x/sclp.c > @@ -75,6 +75,11 @@ static void read_SCP_info(SCLPDevice *sclp, SCCB *sccb) > int rnsize, rnmax; > IplParameterBlock *ipib = s390_ipl_get_iplb(); > > + if (be16_to_cpu(sccb->h.length) < (sizeof(ReadInfo) + cpu_count * > sizeof(CPUEntry))) { > + sccb->h.response_code = > cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH); > + return; > + } > +
(replied to v1 by mistake) Lines too long. Please run scripts/checkpatch.pl before submitting. -- Thanks, David / dhildenb