qemu/hw
Cornelia Huck 882b3b9769 s390x/css: handle cssid 255 correctly
The cssid 255 is reserved but still valid from an architectural
point of view. However, feeding a bogus schid of 0xffffffff into
the virtio hypercall will lead to a crash:

Stack trace of thread 138363:
        #0  0x00000000100d168c css_find_subch (qemu-system-s390x)
        #1  0x00000000100d3290 virtio_ccw_hcall_notify
        #2  0x00000000100cbf60 s390_virtio_hypercall
        #3  0x000000001010ff7a handle_hypercall
        #4  0x0000000010079ed4 kvm_cpu_exec (qemu-system-s390x)
        #5  0x00000000100609b4 qemu_kvm_cpu_thread_fn
        #6  0x000003ff8b887bb4 start_thread (libpthread.so.0)
        #7  0x000003ff8b78df0a thread_start (libc.so.6)

This is because the css array was only allocated for 0..254
instead of 0..255.

Let's fix this by bumping MAX_CSSID to 255 and fencing off the
reserved cssid of 255 during css image allocation.

Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
2016-09-05 15:15:16 +02:00
..
9pfs 9pfs: handle walk of ".." in the root directory 2016-08-30 19:23:00 +01:00
acpi trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
alpha trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
arm trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
audio trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
block trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
bt hw/bt: Don't use cpu_to_*w() and *_to_cpup() 2016-07-12 15:08:53 +01:00
char trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
core block/qdev: Let 'drive' property fall back to node name 2016-08-08 13:05:43 +02:00
cpu cpu: Abstract CPU core type 2016-06-17 16:33:48 +10:00
cris cris: Fix broken header guard in hw/cris/boot.h 2016-07-12 16:20:46 +02:00
display trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
dma trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
gpio hw/gpio: QOM'ify zaurus.c 2016-06-14 15:59:13 +01:00
i2c i2c: fix migration regression introduced by broadcast support 2016-08-03 18:44:56 +02:00
i386 trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
ide atapi: fix halted DMA reset 2016-08-09 11:47:23 -04:00
input trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
intc s390x: wrap flic savevm calls into vmstate 2016-09-05 15:15:16 +02:00
ipack ipack: Update e-mail address 2016-05-18 15:04:27 +03:00
ipmi hw/ipmi: fix spelling 2016-06-07 18:02:48 +03:00
isa trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
lm32 Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
m68k hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
mem nvdimm: fix memory leak in error code path 2016-07-20 19:30:26 +03:00
microblaze Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
mips error: Strip trailing '\n' from error string arguments (again) 2016-08-08 09:00:44 +02:00
misc trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
moxie hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
net e1000e: remove internal interrupt flag 2016-08-22 16:06:08 +08:00
nvram trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
openrisc hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
pci trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
pci-bridge hw/pci-bridge: Convert pxb initialization functions to Error 2016-07-29 00:07:09 +03:00
pci-host apb: convert init to realize 2016-07-29 00:07:09 +03:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc ppc patch queue for 2016-08-15 2016-08-15 21:48:03 +01:00
s390x s390x/css: handle cssid 255 correctly 2016-09-05 15:15:16 +02:00
scsi trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
sd trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
sh4 Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
smbios ipmi: Add SMBIOS table entry 2016-06-24 05:13:57 +03:00
sparc trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
sparc64 util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
ssi ast2400: pretend DMAs are done for U-boot 2016-07-14 16:51:38 +01:00
timer trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
tpm Clean up header guards that don't match their file name 2016-07-12 16:19:16 +02:00
tricore hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
unicore32 hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
usb trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
vfio trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
virtio virtio: fixes 2016-08-24 17:21:03 +01:00
watchdog nmi: remove x86 specific nmi handling 2016-05-23 16:53:46 +02:00
xen Xen: fix converity warning of xen_pt_config_init() 2016-08-12 16:38:18 -07:00
xenpv xen: use a common function for pv and hvm guest backend register calls 2016-08-03 14:52:11 +02:00
xtensa target-xtensa: xtfpga: fix FLASH interface width 2016-07-14 13:59:44 +03:00
Makefile.objs Add a base IPMI interface 2015-12-22 18:39:19 +02:00