vfio: ccw: fix bad ptr math for TIC cda translation
authorJason J. Herne <jjherne@linux.vnet.ibm.com>
Fri, 21 Jul 2017 01:14:36 +0000 (03:14 +0200)
committerCornelia Huck <cohuck@redhat.com>
Mon, 24 Jul 2017 07:54:37 +0000 (09:54 +0200)
commitc389377c01bf2d6e2a178e86aef8535931bfbd75
tree0d8a78e41190e41a9d38ca16b114b351abaea7ae
parent97ca7bfc19605bc08e9183441b8b8545e84032d6
vfio: ccw: fix bad ptr math for TIC cda translation

When we are translating channel data addresses from guest to host
address space for TIC instructions we are getting incorrect
addresses because of a pointer arithmetic error.

We currently calculate the offset of the TIC's cda from the start
of the channel program chain (ccw->cda - ccw_head). We then add
that to the address of the ccw chain in host memory (iter->ch_ccw).
The problem is that iter->ch_ccw is a pointer to struct ccw1 so
when we increment it we are actually incrementing by the size of
struct ccw1 which is 8 bytes. The intent was to increment by
n-bytes, not n*8.

The fix: cast iter->ch_ccw to char* so it will be incremented by
n*1.

Reviewed-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Signed-off-by: Jason J. Herne <jjherne@linux.vnet.ibm.com>
Signed-off-by: Dong Jia Shi <bjsdjshi@linux.vnet.ibm.com>
Message-Id: <20170721011436.76112-1-bjsdjshi@linux.vnet.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
drivers/s390/cio/vfio_ccw_cp.c