From 4ab3ac074cb1f101f42e02103fa263a1f4f422b5 Mon Sep 17 00:00:00 2001
From: Anthony PERARD <anthony.perard@citrix.com>
Date: Wed, 10 Feb 2016 14:46:45 +0100
Subject: [PATCH] hvmloader: fix scratch_alloc to avoid overlaps

scratch_alloc() set scratch_start to the last byte of the current
allocation.  The value of scratch_start is then reused as is (if it is
already aligned) in the next allocation.  This result in a potential reuse
of the last byte of the previous allocation.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
 tools/firmware/hvmloader/util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/firmware/hvmloader/util.c b/tools/firmware/hvmloader/util.c
index d779fd75b6..938270964c 100644
--- a/tools/firmware/hvmloader/util.c
+++ b/tools/firmware/hvmloader/util.c
@@ -478,7 +478,7 @@ void *scratch_alloc(uint32_t size, uint32_t align)
     if ( align < 16 )
         align = 16;
 
-    s = (scratch_start + align - 1) & ~(align - 1);
+    s = (scratch_start + align) & ~(align - 1);
     e = s + size - 1;
 
     BUG_ON(e < s);
-- 
2.30.2