From c1db53a5910f988eeb32f031c53a50f3373fd824 Mon Sep 17 00:00:00 2001
From: Collin Walling
Date: Tue, 15 Sep 2020 15:44:11 -0400
Subject: s390/sclp: read sccb from mem based on provided length

The header contained within the SCCB passed to the SCLP service call
contains the actual length of the SCCB. Instead of allocating a static
4K size for the work sccb, let's allow for a variable size determined
by the value in the header. The proper checks are already in place to
ensure the SCCB length is sufficent to store a full response and that
the length does not cross any explicitly-set boundaries.

Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Message-Id: <20200915194416.107460-4-walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
---
 include/hw/s390x/sclp.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include/hw/s390x')

diff --git a/include/hw/s390x/sclp.h b/include/hw/s390x/sclp.h
index cd730772f9..374ea83e78 100644
--- a/include/hw/s390x/sclp.h
+++ b/include/hw/s390x/sclp.h
@@ -178,7 +178,7 @@ typedef struct IoaCfgSccb {
 
 typedef struct SCCB {
     SCCBHeader h;
-    char data[SCCB_DATA_LEN];
+    char data[];
  } QEMU_PACKED SCCB;
 
 #define TYPE_SCLP "sclp"
-- 
cgit v1.2.3-55-g7522