x86/HVM: fix boundary check in hvmemul_insn_fetch() (again)

Commit 5a992b670b ("x86/hvm: Fix boundary check in
hvmemul_insn_fetch()") went a little too far in its correction to
commit 0943a03037 ("x86/hvm: Fixes to hvmemul_insn_fetch()"): Keep the
start offset check, but restore the original end offset one.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Paul Durrant <paul.durrant@citrix.com>

diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c
index 087425f8359f87a2f65e2a129e4d2932cceca712..64454c7825f82e36edb8f6f15d484776a77c8812 100644 (file)
--- a/xen/arch/x86/hvm/emulate.c
+++ b/xen/arch/x86/hvm/emulate.c
@@ -959,7 +959,7 @@ int hvmemul_insn_fetch(
              * which means something went wrong with instruction decoding...
              */
             if ( insn_off >= sizeof(hvmemul_ctxt->insn_buf) ||
-                 (insn_off + bytes) >= sizeof(hvmemul_ctxt->insn_buf) )
+                 insn_off + bytes > sizeof(hvmemul_ctxt->insn_buf) )
             {
                 ASSERT_UNREACHABLE();
                 return X86EMUL_UNHANDLEABLE;