Overview

File 5a4caa8c-x86-E820-don-t-overrun-array.patch of Package xen.7317

# Commit 0036c9dbcd8b52316aeebb475929d3a36cf5e514
# Date 2018-01-03 11:03:56 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/E820: don't overrun array

The bounds check needs to be done after the increment, not before, or
else it needs to use a one lower immediate. Also use word operations
rather than byte ones for both the increment and the compare (allowing
E820_BIOS_MAX to be more easily bumped, should the need ever arise).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

--- a/xen/arch/x86/boot/mem.S
+++ b/xen/arch/x86/boot/mem.S
@@ -22,11 +22,10 @@ get_memory_map:
         cmpl    $SMAP,%eax                      # check the return is `SMAP'
         jne     .Lmem88
 
-        movb    bootsym(e820nr),%al             # up to 128 entries
-        cmpb    $E820MAX,%al
+        incw    bootsym(e820nr)
+        cmpw    $E820MAX,bootsym(e820nr)        # up to this many entries
         jae     .Lmem88
 
-        incb    bootsym(e820nr)
         movw    %di,%ax
         addw    $20,%ax
         movw    %ax,%di
openSUSE Build Service is sponsored by
Places