# HG changeset patch
# Parent 4f92bdf3370c4fe5ed0f00cdeaf8156e4818ecb5
xen: Fix off-by-one error when parsing command line arguments

As Xen currently stands, it will attempt to interpret the first few bytes of the
initcall section as a struct kernel_param.

This can be verified as

         for ( param = &__setup_start; param <= &__setup_end; param++ )
         {
+            if ( (unsigned long)param == (unsigned long)&__initcall_start )
+                BUG();

causes Xen to BUG() during early boot.

The reason that this not caused problems is because in the overflow case,
param->name is actually a function pointer to the first initcall, and
intepreting it as string is very unlikely to match an ASCII command line
parameter name.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

diff -r 4f92bdf3370c xen/common/kernel.c
--- a/xen/common/kernel.c
+++ b/xen/common/kernel.c
@@ -90,7 +90,7 @@ void __init cmdline_parse(const char *cm
         if ( !bool_assert )
             optkey += 3;
 
-        for ( param = &__setup_start; param <= &__setup_end; param++ )
+        for ( param = &__setup_start; param < &__setup_end; param++ )
         {
             if ( strcmp(param->name, optkey) )
                 continue;