The source project of this merge request has been removed.
The comparison against ARRAY_SIZE() needs to be >= in order to avoid overrunning the pages[] array.
This is XSA-355.
Fixes: 5777a374 ("IOMMU: hold page ref until after deferred TLB flush")
Signed-off-by: Jan Beulich jbeulich@suse.com
Reviewed-by: Julien Grall jgrall@amazon.com
Fixes: CVE-2020-29040 (https://security-tracker.debian.org/tracker/CVE-2020-29040)
Fixes: Debian bug #976109 (https://bugs.debian.org/bug=976109)
Fixes: XSA-355 (https://xenbits.xen.org/xsa/advisory-355.html)