[Qemu-devel] [PULL 26/30] spapr_vty: lookup should only return valid VTY objects

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Alexander Graf <agraf@suse.de>
To: qemu-ppc@nongnu.org
Cc: peter.maydell@linaro.org, Greg Kurz <gkurz@linux.vnet.ibm.com>,
	qemu-devel@nongnu.org, David Gibson <david@gibson.dropbear.id.au>
Subject: [Qemu-devel] [PULL 26/30] spapr_vty: lookup should only return valid VTY objects
Date: Tue,  7 Jul 2015 17:49:38 +0200	[thread overview]
Message-ID: <1436284182-5063-27-git-send-email-agraf@suse.de> (raw)
In-Reply-To: <1436284182-5063-1-git-send-email-agraf@suse.de>

From: David Gibson <david@gibson.dropbear.id.au>

If a guest passes the reg property of a valid VIO object that is not a VTY
to either H_GET_TERM_CHAR or H_PUT_TERM_CHAR, QEMU hits a dynamic cast
assertion and aborts.

PAPR+ says "Hypervisor checks the termno parameter for validity against the
Vterm IOA unit addresses assigned to the partition, else return H_Parameter."

This patch adds a type check to ensure vty_lookup() either returns a pointer
to a valid VTY object or NULL.  H_GET_TERM_CHAR and H_PUT_TERM_CHAR will
now return H_PARAMETER to the guest instead of crashing.

The patch has no effect on the reg == 0 hack used to implement the RTAS call
display-character.

Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
 hw/char/spapr_vty.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/char/spapr_vty.c b/hw/char/spapr_vty.c
index 1d53035..2d532af 100644
--- a/hw/char/spapr_vty.c
+++ b/hw/char/spapr_vty.c
@@ -228,6 +228,10 @@ VIOsPAPRDevice *vty_lookup(sPAPRMachineState *spapr, target_ulong reg)
         return spapr_vty_get_default(spapr->vio_bus);
     }
 
+    if (!object_dynamic_cast(OBJECT(sdev), TYPE_VIO_SPAPR_VTY_DEVICE)) {
+        return NULL;
+    }
+
     return sdev;
 }
 
-- 
1.8.1.4

next prev parent reply	other threads:[~2015-07-07 15:49 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-07-07 15:49 [Qemu-devel] [PULL 00/30] ppc patch queue 2015-07-07 for 2.4 Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 01/30] linux-user, ppc: mftbl can be used by user application Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 02/30] macio: remove nonexistent interrupt on pin 1 Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 03/30] target-ppc: fix hugepage support when using memory-backend-file Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 04/30] spapr: ensure we have at least one XICS server Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 05/30] pseries: Update SLOF firmware image to qemu-slof-20150429 Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 06/30] spapr: Merge sPAPREnvironment into sPAPRMachineState Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 07/30] spapr: Remove obsolete ram_limit field from sPAPRMachineState Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 08/30] spapr: Remove obsolete entry_point " Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 09/30] spapr: Add sPAPRMachineClass Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 10/30] spapr_pci: encode missing 64-bit memory address space Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 11/30] spapr_pci: encode class code including Prog IF register Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 12/30] spapr_pci: set device node unit address as hex Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 13/30] spapr_iommu: drop erroneous check in h_put_tce_indirect() Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 14/30] spapr_iommu: translate sPAPRTCEAccess to IOMMUAccessFlags Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 15/30] Revert "hw/ppc/spapr_pci.c: Avoid functions not in glib 2.12 (g_hash_table_iter_*)" Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 16/30] spapr: Consider max_cpus during xics initialization Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 17/30] spapr: Support ibm, lrdr-capacity device tree property Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 18/30] cpus: Add a macro to walk CPUs in reverse Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 19/30] spapr: Reorganize CPU dt generation code Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 20/30] spapr: Consolidate cpu init code into a routine Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 21/30] ppc: Update cpu_model in MachineState Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 22/30] xics_kvm: Don't enable KVM_CAP_IRQ_XICS if already enabled Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 23/30] spapr_pci: enumerate and add PCI device tree Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 24/30] spapr_pci: populate ibm,loc-code Alexander Graf
2021-08-09  9:57   ` Peter Maydell
2021-08-10  4:29     ` David Gibson
2021-08-10  5:07       ` Philippe Mathieu-Daudé
2021-08-13 15:17       ` Peter Maydell
2021-08-15 14:36         ` Philippe Mathieu-Daudé
2021-08-16  4:37           ` David Gibson
2021-08-16  9:07             ` Peter Maydell
2021-08-17  3:02               ` David Gibson
2021-08-17  8:42             ` Philippe Mathieu-Daudé
2015-07-07 15:49 ` [Qemu-devel] [PULL 25/30] spapr_pci: drop redundant args in spapr_[populate, create]_pci_child_dt Alexander Graf
2015-07-07 15:49 ` Alexander Graf [this message]
2015-07-07 15:49 ` [Qemu-devel] [PULL 27/30] spapr-vty: Use TYPE_ definition instead of hardcoding Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 28/30] sPAPR: Don't enable EEH on emulated PCI devices Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 29/30] sPAPR: Reenable EEH functionality on reboot Alexander Graf
2015-07-07 15:49 ` [Qemu-devel] [PULL 30/30] sPAPR: Clear stale MSIx table during EEH reset Alexander Graf
2015-07-07 22:16 ` [Qemu-devel] [PULL 00/30] ppc patch queue 2015-07-07 for 2.4 Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1d53035 dfblob:2d532af )
 OR (
bs:"[Qemu-devel] [PULL 26/30] spapr_vty: lookup should only return valid VTY objects" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1436284182-5063-27-git-send-email-agraf@suse.de \
    --to=agraf@suse.de \
    --cc=david@gibson.dropbear.id.au \
    --cc=gkurz@linux.vnet.ibm.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-ppc@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).