From mboxrd@z Thu Jan  1 00:00:00 1970
From: Anthony PERARD <anthony.perard@citrix.com>
Subject: [RFC PATCH v2 01/16] hvmloader: Fix scratch_alloc to
	avoid overlaps
Date: Mon, 26 Oct 2015 16:03:02 +0000
Message-ID: <1445875397-2846-2-git-send-email-anthony.perard@citrix.com>
References: <1445875397-2846-1-git-send-email-anthony.perard@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1445875397-2846-1-git-send-email-anthony.perard@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: xen-devel@lists.xen.org
Cc: Anthony PERARD <anthony.perard@citrix.com>
List-Id: xen-devel@lists.xenproject.org

scratch_alloc() set scratch_start to the last byte of the current
allocation.  The value of scratch_start is then reused as is (if it is
already aligned) in the next allocation.  This result in a potential reuse
of the last byte of the previous allocation.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
---
 tools/firmware/hvmloader/util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/firmware/hvmloader/util.c b/tools/firmware/hvmloader/util.c
index d779fd7..42e8af4 100644
--- a/tools/firmware/hvmloader/util.c
+++ b/tools/firmware/hvmloader/util.c
@@ -479,7 +479,7 @@ void *scratch_alloc(uint32_t size, uint32_t align)
         align = 16;
 
     s = (scratch_start + align - 1) & ~(align - 1);
-    e = s + size - 1;
+    e = s + size;
 
     BUG_ON(e < s);
 
-- 
Anthony PERARD