From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46636)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cornelia.huck@de.ibm.com>) id 1YIdE3-0001Tq-Vx
	for qemu-devel@nongnu.org; Tue, 03 Feb 2015 08:09:13 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <cornelia.huck@de.ibm.com>) id 1YIdDz-0005TX-Vu
	for qemu-devel@nongnu.org; Tue, 03 Feb 2015 08:09:07 -0500
Received: from e06smtp15.uk.ibm.com ([195.75.94.111]:46957)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <cornelia.huck@de.ibm.com>) id 1YIdDz-0005TP-LZ
	for qemu-devel@nongnu.org; Tue, 03 Feb 2015 08:09:03 -0500
Received: from /spool/local
	by e06smtp15.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <cornelia.huck@de.ibm.com>;
	Tue, 3 Feb 2015 13:09:02 -0000
Received: from b06cxnps4074.portsmouth.uk.ibm.com
	(d06relay11.portsmouth.uk.ibm.com [9.149.109.196])
	by d06dlp02.portsmouth.uk.ibm.com (Postfix) with ESMTP id D11612190056
	for <qemu-devel@nongnu.org>; Tue,  3 Feb 2015 13:08:56 +0000 (GMT)
Received: from d06av04.portsmouth.uk.ibm.com (d06av04.portsmouth.uk.ibm.com
	[9.149.37.216])
	by b06cxnps4074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id t13D90Ee66912476
	for <qemu-devel@nongnu.org>; Tue, 3 Feb 2015 13:09:00 GMT
Received: from d06av04.portsmouth.uk.ibm.com (localhost [127.0.0.1])
	by d06av04.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with
	ESMTP id t13D8v2g027408
	for <qemu-devel@nongnu.org>; Tue, 3 Feb 2015 06:08:59 -0700
From: Cornelia Huck <cornelia.huck@de.ibm.com>
Date: Tue,  3 Feb 2015 14:08:42 +0100
Message-Id: <1422968928-9710-4-git-send-email-cornelia.huck@de.ibm.com>
In-Reply-To: <1422968928-9710-1-git-send-email-cornelia.huck@de.ibm.com>
References: <1422968928-9710-1-git-send-email-cornelia.huck@de.ibm.com>
Subject: [Qemu-devel] [PULL 3/9] s390x/pci: check for invalid function handle
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: peter.maydell@linaro.org
Cc: Frank Blaschka <blaschka@linux.vnet.ibm.com>, qemu-devel@nongnu.org, agraf@suse.de, borntraeger@de.ibm.com, jfrei@linux.vnet.ibm.com, Cornelia Huck <cornelia.huck@de.ibm.com>

From: Frank Blaschka <blaschka@linux.vnet.ibm.com>

broken guest may provide 0 (invalid) function handle to zpci
instructions. Since we use function handle 0 to indicate an empty
slot in the PHB we have to add an additional check to spot this
kind of error.

Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
---
 hw/s390x/s390-pci-bus.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/s390x/s390-pci-bus.c b/hw/s390x/s390-pci-bus.c
index d25ac74..dc455a2 100644
--- a/hw/s390x/s390-pci-bus.c
+++ b/hw/s390x/s390-pci-bus.c
@@ -170,7 +170,7 @@ S390PCIBusDevice *s390_pci_find_dev_by_fh(uint32_t fh)
     S390pciState *s = S390_PCI_HOST_BRIDGE(
         object_resolve_path(TYPE_S390_PCI_HOST_BRIDGE, NULL));
 
-    if (!s) {
+    if (!s || !fh) {
         return NULL;
     }
 
-- 
1.7.9.5