From: Jan Beulich <JBeulich@suse.com>
Date: Tue, 1 Dec 2020 14:33:57 +0000 (+0100)
Subject: x86/DMI: fix SMBIOS pointer range check
X-Git-Tag: archive/raspbian/4.14.0+88-g1d1d1f5391-2+rpi1^2~86^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=8e6c236c3ef39d68bc3f0d170a1023c4c6914dce;p=xen.git

x86/DMI: fix SMBIOS pointer range check

Forever since its introduction this has been using an inverted relation
operator.

Fixes: 54057a28f22b ("x86: support SMBIOS v3")
Signed-off-by: Jan Beulich <JBeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
master commit: 6befe598706218673b14710d90d00ce90763b372
master date: 2020-11-24 11:25:29 +0100
---

diff --git a/xen/arch/x86/dmi_scan.c b/xen/arch/x86/dmi_scan.c
index d24da1c53a..e5930d27ea 100644
--- a/xen/arch/x86/dmi_scan.c
+++ b/xen/arch/x86/dmi_scan.c
@@ -357,7 +357,7 @@ static int __init dmi_iterate(void (*decode)(struct dmi_header *))
 			memcpy_fromio(&smbios3, q, sizeof(smbios3));
 			if (memcmp(smbios3.anchor, "_SM3_", 5) ||
 			    smbios3.length < sizeof(smbios3) ||
-			    q < p + 0x10000 - smbios3.length ||
+			    q > p + 0x10000 - smbios3.length ||
 			    !dmi_checksum(q, smbios3.length))
 				smbios3.length = 0;
 		}