From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Thu, 16 Aug 2018 15:26:22 +0000 (+0100)
Subject: x86/setup: Avoid OoB E820 lookup when calculating the L1TF safe address
X-Git-Tag: archive/raspbian/4.14.0+80-gd101b417b7-1+rpi1^2~63^2~3457
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3e4ec07e14bce81f6ae22c31ff1302d1f297a226;p=xen.git

x86/setup: Avoid OoB E820 lookup when calculating the L1TF safe address

A number of corner cases (most obviously, no-real-mode and no Multiboot memory
map) can end up with e820_raw.nr_map being 0, at which point the L1TF
calculation will underflow.

Spotted by Coverity.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
---

diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c
index 727dad4dc3..8d0f6f14e3 100644
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -913,7 +913,7 @@ void __init noreturn __start_xen(unsigned long mbi_p)
     /* Sanitise the raw E820 map to produce a final clean version. */
     max_page = raw_max_page = init_e820(memmap_type, &e820_raw);
 
-    if ( !efi_enabled(EFI_BOOT) )
+    if ( !efi_enabled(EFI_BOOT) && e820_raw.nr_map >= 1 )
     {
         /*
          * Supplement the heuristics in l1tf_calculations() by assuming that