x86: make sure module array is large enough in pvh-boot.c

The relocation code in __start_xen requires one extra element in the
module array. By the looks of it the temporary array is already large
enough. Panic if that's not the case.

While at it, turn an ASSERT to panic() as well.

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/arch/x86/guest/pvh-boot.c b/xen/arch/x86/guest/pvh-boot.c
index 0e9e5bfdf6e3ce959c51d0c57ef3b7415f6849d0..6e81b32b92b04e534072c1a041bcbe6371062e84 100644 (file)
--- a/xen/arch/x86/guest/pvh-boot.c
+++ b/xen/arch/x86/guest/pvh-boot.c
@@ -42,7 +42,17 @@ static void __init convert_pvh_info(void)
     module_t *mod;
     unsigned int i;
 
-    ASSERT(pvh_info->magic == XEN_HVM_START_MAGIC_VALUE);
+    if ( pvh_info->magic != XEN_HVM_START_MAGIC_VALUE )
+        panic("Magic value is wrong: %x\n", pvh_info->magic);
+
+    /*
+     * Temporary module array needs to be at least one element bigger than
+     * required. The extra element is used to aid relocation. See
+     * arch/x86/setup.c:__start_xen().
+     */
+    if ( ARRAY_SIZE(pvh_mbi_mods) <= pvh_info->nr_modules )
+        panic("The module array is too small, size %zu, requested %u\n",
+              ARRAY_SIZE(pvh_mbi_mods), pvh_info->nr_modules);
 
     /*
      * Turn hvm_start_info into mbi. Luckily all modules are placed under 4GB