From: Anthony PERARD <anthony.perard@citrix.com>
Date: Wed, 10 Feb 2016 13:46:45 +0000 (+0100)
Subject: hvmloader: fix scratch_alloc to avoid overlaps
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~1789
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=4ab3ac074cb1f101f42e02103fa263a1f4f422b5;p=xen.git

hvmloader: fix scratch_alloc to avoid overlaps

scratch_alloc() set scratch_start to the last byte of the current
allocation.  The value of scratch_start is then reused as is (if it is
already aligned) in the next allocation.  This result in a potential reuse
of the last byte of the previous allocation.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/tools/firmware/hvmloader/util.c b/tools/firmware/hvmloader/util.c
index d779fd75b6..938270964c 100644
--- a/tools/firmware/hvmloader/util.c
+++ b/tools/firmware/hvmloader/util.c
@@ -478,7 +478,7 @@ void *scratch_alloc(uint32_t size, uint32_t align)
     if ( align < 16 )
         align = 16;
 
-    s = (scratch_start + align - 1) & ~(align - 1);
+    s = (scratch_start + align) & ~(align - 1);
     e = s + size - 1;
 
     BUG_ON(e < s);