summaryrefslogtreecommitdiffstats
path: root/drivers/s390
diff options
context:
space:
mode:
authorFarhan Ali <alifm@linux.ibm.com>2019-01-21 15:54:08 +0100
committerCornelia Huck <cohuck@redhat.com>2019-02-04 16:41:04 +0100
commit405d566f98ae19ccf624b31b6eccd6039d9cbc39 (patch)
tree19808a2a066326cebd9d7224105bbb78f5e76206 /drivers/s390
parents390: no need to check return value of debugfs_create functions (diff)
downloadlinux-405d566f98ae19ccf624b31b6eccd6039d9cbc39.tar.xz
linux-405d566f98ae19ccf624b31b6eccd6039d9cbc39.zip
vfio-ccw: Don't assume there are more ccws after a TIC
When trying to calculate the length of a ccw chain, we assume there are ccws after a TIC. This can lead to overcounting and copying garbage data from guest memory. Signed-off-by: Farhan Ali <alifm@linux.ibm.com> Message-Id: <d63748c1f1b03147bcbf401596638627a5e35ef7.1548082107.git.alifm@linux.ibm.com> Reviewed-by: Halil Pasic <pasic@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Diffstat (limited to 'drivers/s390')
-rw-r--r--drivers/s390/cio/vfio_ccw_cp.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/s390/cio/vfio_ccw_cp.c b/drivers/s390/cio/vfio_ccw_cp.c
index 70a006ba4d05..ba08fe137c2e 100644
--- a/drivers/s390/cio/vfio_ccw_cp.c
+++ b/drivers/s390/cio/vfio_ccw_cp.c
@@ -392,7 +392,7 @@ static int ccwchain_calc_length(u64 iova, struct channel_program *cp)
return -EOPNOTSUPP;
}
- if ((!ccw_is_chain(ccw)) && (!ccw_is_tic(ccw)))
+ if (!ccw_is_chain(ccw))
break;
ccw++;