From a6c89ee595ff102be856fa1f85c0d84837b3abfe Mon Sep 17 00:00:00 2001
From: "kfraser@localhost.localdomain" <kfraser@localhost.localdomain>
Date: Wed, 20 Dec 2006 10:06:33 +0000
Subject: [PATCH] [LIBXC] Fix iteration over GDT in save/restore code. Bug
 spotted by Tim Wood. Signed-off-by: Keir Fraser <keir@xensource.com>

---
 tools/libxc/xc_linux_restore.c |  2 +-
 tools/libxc/xc_linux_save.c    | 17 ++++++-----------
 2 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/tools/libxc/xc_linux_restore.c b/tools/libxc/xc_linux_restore.c
index 1d28226bd6..827c45693e 100644
--- a/tools/libxc/xc_linux_restore.c
+++ b/tools/libxc/xc_linux_restore.c
@@ -709,7 +709,7 @@ int xc_linux_restore(int xc_handle, int io_fd,
         goto out;
     }
 
-    for (i = 0; i < ctxt.gdt_ents; i += 512) {
+    for (i = 0; (512*i) < ctxt.gdt_ents; i++) {
         pfn = ctxt.gdt_frames[i];
         if ((pfn >= max_pfn) || (pfn_type[pfn] != XEN_DOMCTL_PFINFO_NOTAB)) {
             ERROR("GDT frame number is bad");
diff --git a/tools/libxc/xc_linux_save.c b/tools/libxc/xc_linux_save.c
index a38f80c7fe..5364710d10 100644
--- a/tools/libxc/xc_linux_save.c
+++ b/tools/libxc/xc_linux_save.c
@@ -1052,7 +1052,7 @@ int xc_linux_save(int xc_handle, int io_fd, uint32_t dom, uint32_t max_iters,
             DPRINTF("(of which %ld were fixups)\n", needed_to_fix  );
         }
 
-        if (last_iter && debug){
+        if (last_iter && debug) {
             int minusone = -1;
             memset(to_send, 0xff, BITMAP_SIZE);
             debug = 0;
@@ -1068,17 +1068,14 @@ int xc_linux_save(int xc_handle, int io_fd, uint32_t dom, uint32_t max_iters,
             continue;
         }
 
-        if (last_iter) break;
+        if (last_iter)
+            break;
 
         if (live) {
-
-
-            if(
-                ((sent_this_iter > sent_last_iter) && RATE_IS_MAX()) ||
+            if (((sent_this_iter > sent_last_iter) && RATE_IS_MAX()) ||
                 (iter >= max_iters) ||
                 (sent_this_iter+skip_this_iter < 50) ||
-                (total_sent > max_pfn*max_factor) ) {
-
+                (total_sent > max_pfn*max_factor)) {
                 DPRINTF("Start last iteration\n");
                 last_iter = 1;
 
@@ -1106,8 +1103,6 @@ int xc_linux_save(int xc_handle, int io_fd, uint32_t dom, uint32_t max_iters,
             print_stats(xc_handle, dom, sent_this_iter, &stats, 1);
 
         }
-
-
     } /* end of while 1 */
 
     DPRINTF("All memory is saved\n");
@@ -1159,7 +1154,7 @@ int xc_linux_save(int xc_handle, int io_fd, uint32_t dom, uint32_t max_iters,
     }
 
     /* Canonicalise each GDT frame number. */
-    for ( i = 0; i < ctxt.gdt_ents; i += 512 ) {
+    for ( i = 0; (512*i) < ctxt.gdt_ents; i++ ) {
         if ( !translate_mfn_to_pfn(&ctxt.gdt_frames[i]) ) {
             ERROR("GDT frame is not in range of pseudophys map");
             goto out;
-- 
2.30.2