From fc90bf11d42f2da9d6172aafa35d90c536ceae2d Mon Sep 17 00:00:00 2001
From: Keir Fraser <keir.fraser@citrix.com>
Date: Tue, 30 Mar 2010 13:27:25 +0100
Subject: [PATCH] Fix off-by-one error in do_memory_op()'s start_extent range
 check

Signed-off-by: Jan Beulich <jbeulich@novell.com>
---
 xen/common/memory.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/common/memory.c b/xen/common/memory.c
index b1db5f5888..c7caa074c0 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -525,7 +525,7 @@ long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE(void) arg)
         if ( reservation.nr_extents > (ULONG_MAX >> MEMOP_EXTENT_SHIFT) )
             return start_extent;
 
-        if ( unlikely(start_extent > reservation.nr_extents) )
+        if ( unlikely(start_extent >= reservation.nr_extents) )
             return start_extent;
 
         args.extent_list  = reservation.extent_start;
-- 
2.39.5