From: Keir Fraser <keir.fraser@citrix.com>
Date: Tue, 30 Mar 2010 12:27:25 +0000 (+0100)
Subject: Fix off-by-one error in do_memory_op()'s start_extent range check
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~12457
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=fc90bf11d42f2da9d6172aafa35d90c536ceae2d;p=xen.git

Fix off-by-one error in do_memory_op()'s start_extent range check

Signed-off-by: Jan Beulich <jbeulich@novell.com>
---

diff --git a/xen/common/memory.c b/xen/common/memory.c
index b1db5f5888..c7caa074c0 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -525,7 +525,7 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE(void) arg)
         if ( reservation.nr_extents > (ULONG_MAX >> MEMOP_EXTENT_SHIFT) )
             return start_extent;
 
-        if ( unlikely(start_extent > reservation.nr_extents) )
+        if ( unlikely(start_extent >= reservation.nr_extents) )
             return start_extent;
 
         args.extent_list  = reservation.extent_start;