diff --git a/hw/s390x/ipl.c b/hw/s390x/ipl.c
index 54d0835f0ad1492964dff96ed06af5869d95e7c7..2e26d2aa2c4c3f1c711283058795e3d711386091 100644
--- a/hw/s390x/ipl.c
+++ b/hw/s390x/ipl.c
@@ -14,7 +14,6 @@
 #include "sysemu/sysemu.h"
 #include "cpu.h"
 #include "elf.h"
-#include "exec/ram_addr.h"
 #include "hw/loader.h"
 #include "hw/sysbus.h"
 #include "hw/s390x/virtio-ccw.h"
@@ -219,7 +218,7 @@ static Property s390_ipl_properties[] = {
  * - -1 if no valid boot device was found
  * - ccw id of the boot device otherwise
  */
-static uint64_t s390_update_iplstate(CPUS390XState *env, S390IPLState *ipl)
+static uint32_t s390_update_iplstate(CPUS390XState *env, S390IPLState *ipl)
 {
     DeviceState *dev_st;
 
diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c
index 130535cdc311bf9d6633268dc138fa01e374c1a2..d32ecafe9811c22c41a7ebbff171c57db62f3041 100644
--- a/hw/s390x/virtio-ccw.c
+++ b/hw/s390x/virtio-ccw.c
@@ -266,7 +266,7 @@ static int virtio_ccw_set_vqs(SubchDev *sch, uint64_t addr, uint32_t align,
 {
     VirtIODevice *vdev = virtio_ccw_get_vdev(sch);
 
-    if (index > VIRTIO_PCI_QUEUE_MAX) {
+    if (index >= VIRTIO_PCI_QUEUE_MAX) {
         return -EINVAL;
     }
 
@@ -549,6 +549,10 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw)
             ret = -EFAULT;
         } else {
             vq_config.index = lduw_be_phys(&address_space_memory, ccw.cda);
+            if (vq_config.index >= VIRTIO_PCI_QUEUE_MAX) {
+                ret = -EINVAL;
+                break;
+            }
             vq_config.num_max = virtio_queue_get_num(vdev,
                                                      vq_config.index);
             stw_be_phys(&address_space_memory,