From: Jan Beulich <jbeulich@suse.com>
Date: Wed, 3 Jan 2018 10:03:56 +0000 (+0100)
Subject: x86/E820: don't overrun array
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~871
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=0036c9dbcd8b52316aeebb475929d3a36cf5e514;p=xen.git

x86/E820: don't overrun array

The bounds check needs to be done after the increment, not before, or
else it needs to use a one lower immediate. Also use word operations
rather than byte ones for both the increment and the compare (allowing
E820_BIOS_MAX to be more easily bumped, should the need ever arise).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/arch/x86/boot/mem.S b/xen/arch/x86/boot/mem.S
index 4b1fa4dae9..ca90db0a5d 100644
--- a/xen/arch/x86/boot/mem.S
+++ b/xen/arch/x86/boot/mem.S
@@ -22,11 +22,10 @@ get_memory_map:
         cmpl    $SMAP,%eax                      # check the return is `SMAP'
         jne     .Lmem88
 
-        movb    bootsym(e820nr),%al             # up to 128 entries
-        cmpb    $E820_BIOS_MAX,%al
+        incw    bootsym(e820nr)
+        cmpw    $E820_BIOS_MAX,bootsym(e820nr)  # up to this many entries
         jae     .Lmem88
 
-        incb    bootsym(e820nr)
         movw    %di,%ax
         addw    $20,%ax
         movw    %ax,%di