From d26b5750702e4977002921da8b238e1832f4bdbe Mon Sep 17 00:00:00 2001
From: Keir Fraser <keir.fraser@citrix.com>
Date: Fri, 28 May 2010 10:54:07 +0100
Subject: [PATCH] x86: Fix guest-pointer-array memmove in
 __pirq_guest_unbind().

Thanks to Alex Zefefrt for finding this.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
---
 xen/arch/x86/irq.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c
index b18316e7da..a2e3e5d0ec 100644
--- a/xen/arch/x86/irq.c
+++ b/xen/arch/x86/irq.c
@@ -1243,7 +1243,8 @@ static irq_guest_action_t *__pirq_guest_unbind(
     for ( i = 0; (i < action->nr_guests) && (action->guest[i] != d); i++ )
         continue;
     BUG_ON(i == action->nr_guests);
-    memmove(&action->guest[i], &action->guest[i+1], IRQ_MAX_GUESTS-i-1);
+    memmove(&action->guest[i], &action->guest[i+1],
+            (action->nr_guests-i-1) * sizeof(action->guest[0]));
     action->nr_guests--;
 
     switch ( action->ack_type )
-- 
2.30.2