From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37628) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zf6Ru-0004VL-1W for qemu-devel@nongnu.org; Thu, 24 Sep 2015 09:20:38 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Zf6Rq-0006EP-Ar for qemu-devel@nongnu.org; Thu, 24 Sep 2015 09:20:34 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48698) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zf6Rq-0006EB-4Q for qemu-devel@nongnu.org; Thu, 24 Sep 2015 09:20:30 -0400 Date: Thu, 24 Sep 2015 16:20:26 +0300 From: "Michael S. Tsirkin" Message-ID: <1443100738-14970-9-git-send-email-mst@redhat.com> References: <1443100738-14970-1-git-send-email-mst@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1443100738-14970-1-git-send-email-mst@redhat.com> Subject: [Qemu-devel] [PULL 08/22] virtio-ccw: feature bits > 31 handling List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Peter Maydell , David Hildenbrand , Alexander Graf , Christian Borntraeger , Cornelia Huck , Richard Henderson From: Cornelia Huck We currently switch off the VERSION_1 feature bit if the guest has not negotiated at least revision 1. As no feature bits beyond 31 are valid however unless VERSION_1 has been negotiated, make sure that legacy guests never see a feature bit beyond 31. Reviewed-by: David Hildenbrand Signed-off-by: Cornelia Huck Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/s390x/virtio-ccw.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c index 85e2a5d..eed7b3e 100644 --- a/hw/s390x/virtio-ccw.c +++ b/hw/s390x/virtio-ccw.c @@ -468,15 +468,12 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) NULL); if (features.index == 0) { features.features = (uint32_t)vdev->host_features; - } else if (features.index == 1) { - features.features = (uint32_t)(vdev->host_features >> 32); + } else if ((features.index == 1) && (dev->revision >= 1)) { /* - * Don't offer version 1 to the guest if it did not - * negotiate at least revision 1. + * Only offer feature bits beyond 31 if the guest has + * negotiated at least revision 1. */ - if (dev->revision <= 0) { - features.features &= ~(1 << (VIRTIO_F_VERSION_1 - 32)); - } + features.features = (uint32_t)(vdev->host_features >> 32); } else { /* Return zeroes if the guest supports more feature bits. */ features.features = 0; @@ -515,14 +512,12 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) virtio_set_features(vdev, (vdev->guest_features & 0xffffffff00000000ULL) | features.features); - } else if (features.index == 1) { + } else if ((features.index == 1) && (dev->revision >= 1)) { /* - * The guest should not set version 1 if it didn't - * negotiate a revision >= 1. + * If the guest did not negotiate at least revision 1, + * we did not offer it any feature bits beyond 31. Such a + * guest passing us any bit here is therefore buggy. */ - if (dev->revision <= 0) { - features.features &= ~(1 << (VIRTIO_F_VERSION_1 - 32)); - } virtio_set_features(vdev, (vdev->guest_features & 0x00000000ffffffffULL) | ((uint64_t)features.features << 32)); -- MST