If a guest neglected to register (secondary) indicators but still runs with notifications enabled, we might end up writing to guest zero; avoid this by checking for valid indicators and only writing to the guest and generating an interrupt if indicators have been setup.
Cc: qemu-sta...@nongnu.org Signed-off-by: Cornelia Huck <cornelia.h...@de.ibm.com> --- hw/s390x/virtio-ccw.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c index 56539d3..1c6bd21 100644 --- a/hw/s390x/virtio-ccw.c +++ b/hw/s390x/virtio-ccw.c @@ -752,10 +752,16 @@ static void virtio_ccw_notify(DeviceState *d, uint16_t vector) } if (vector < VIRTIO_PCI_QUEUE_MAX) { + if (!dev->indicators) { + return; + } indicators = ldq_phys(dev->indicators); indicators |= 1ULL << vector; stq_phys(dev->indicators, indicators); } else { + if (!dev->indicators2) { + return; + } vector = 0; indicators = ldq_phys(dev->indicators2); indicators |= 1ULL << vector; -- 1.7.9.5