From: Keir Fraser <keir.fraser@citrix.com>
Date: Fri, 28 May 2010 09:54:07 +0000 (+0100)
Subject: x86: Fix guest-pointer-array memmove in __pirq_guest_unbind().
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~12051
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d26b5750702e4977002921da8b238e1832f4bdbe;p=xen.git

x86: Fix guest-pointer-array memmove in __pirq_guest_unbind().

Thanks to Alex Zefefrt for finding this.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
---

diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c
index b18316e7da..a2e3e5d0ec 100644
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -1243,7 +1243,8 @@ static irq_guest_action_t *__pirq_guest_unbind(
     for ( i = 0; (i < action->nr_guests) && (action->guest[i] != d); i++ )
         continue;
     BUG_ON(i == action->nr_guests);
-    memmove(&action->guest[i], &action->guest[i+1], IRQ_MAX_GUESTS-i-1);
+    memmove(&action->guest[i], &action->guest[i+1],
+            (action->nr_guests-i-1) * sizeof(action->guest[0]));
     action->nr_guests--;
 
     switch ( action->ack_type )