From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marcelo Tosatti <mtosatti@redhat.com>
Subject: Re: [PATCHv2] kvm-s390: fix potential array overrun in intercept
 handling
Date: Thu, 21 Jan 2010 15:36:56 -0200
Message-ID: <20100121173656.GF3750@amt.cnet>
References: <201001211156.03669.borntraeger@de.ibm.com>
 <4B5833C3.8070908@redhat.com>
 <201001211219.07628.borntraeger@de.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: Avi Kivity <avi@redhat.com>, kvm@vger.kernel.org,
	Martin Schwidefsky <schwidefsky@de.ibm.com>,
	Heiko Carstens <heiko.carstens@de.ibm.com>, cotte@de.ibm.com
To: Christian Borntraeger <borntraeger@de.ibm.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:16651 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754046Ab0AUSEH (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 21 Jan 2010 13:04:07 -0500
Content-Disposition: inline
In-Reply-To: <201001211219.07628.borntraeger@de.ibm.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Thu, Jan 21, 2010 at 12:19:07PM +0100, Christian Borntraeger wrote:
> v2: apply Avis suggestions about ARRAY_SIZE.
> 
> kvm_handle_sie_intercept uses a jump table to get the intercept handler
> for a SIE intercept. Static code analysis revealed a potential problem:
> the intercept_funcs jump table was defined to contain (0x48 >> 2) entries,
> but we only checked for code > 0x48 which would cause an off-by-one
> array overflow if code == 0x48.
> 
> Use the compiler and ARRAY_SIZE to automatically set the limits.
> 
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>

Applied and queued for .33, CC: stable, thanks.