> -Original Message-
> From: Jan Beulich [mailto:jbeul...@suse.com]
> Sent: 10 August 2017 08:28
> To: xen-devel
> Cc: Andrew Cooper ; Paul Durrant
>
> Subject: [PATCH] x86/HVM: fix boundary check in hvmemul_insn_fetch()
> (again)
>
> Commit 5a992b670b ("x86/hvm: Fix boundary check in
>
Commit 5a992b670b ("x86/hvm: Fix boundary check in
hvmemul_insn_fetch()") went a little too far in its correction to
commit 0943a03037 ("x86/hvm: Fixes to hvmemul_insn_fetch()"): Keep the
start offset check, but restore the original end offset one.
Signed-off-by: Jan Beulich
--- a/xen/arch/x86/h
>>> Andrew Cooper 07/25/17 8:55 PM >>>
>--- a/xen/arch/x86/hvm/emulate.c
>+++ b/xen/arch/x86/hvm/emulate.c
>@@ -958,8 +958,8 @@ int hvmemul_insn_fetch(
>* Will we overflow insn_buf[]? This shouldn't be able to happen,
>* which means something went wrong with instruction decoding...
>*/
>- if ( in
> -Original Message-
> From: Andrew Cooper [mailto:andrew.coop...@citrix.com]
> Sent: 25 July 2017 19:56
> To: Xen-devel
> Cc: Andrew Cooper ; Jan Beulich
> ; Paul Durrant
> Subject: [PATCH] x86/hvm: Fix boundary check in hvmemul_insn_fetch()
>
> c/s 0943a03037 added some extra protectio
c/s 0943a03037 added some extra protection for overflowing the emulation
instruction cache, but Coverity points out that boundary condition is off by
one when memcpy()'ing out of the buffer.
Signed-off-by: Andrew Cooper
---
CC: Jan Beulich
CC: Paul Durrant
---
xen/arch/x86/hvm/emulate.c | 4 ++
