From 3d7a1b3149641465ba88a6f09051fb83a1482d93 Mon Sep 17 00:00:00 2001 From: "kfraser@localhost.localdomain" Date: Sun, 15 Oct 2006 09:52:33 +0100 Subject: [PATCH] [XENOPROF] Fix limit-check overflow. Fix code limiting XENOPROF_get_buffer and XENOPROF_set_passive argument max_samples so that no more than MAX_OPROF_SHARED_PAGES are used. Signed-off-by: Markus Armbruster --- xen/arch/x86/oprofile/xenoprof.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/oprofile/xenoprof.c b/xen/arch/x86/oprofile/xenoprof.c index 4379d1223b..0eaa0f71a1 100644 --- a/xen/arch/x86/oprofile/xenoprof.c +++ b/xen/arch/x86/oprofile/xenoprof.c @@ -122,6 +122,7 @@ int alloc_xenoprof_struct(struct domain *d, int max_samples, int is_passive) { struct vcpu *v; int nvcpu, npages, bufsize, max_bufsize; + unsigned max_max_samples; int i; d->xenoprof = xmalloc(struct xenoprof); @@ -139,17 +140,15 @@ int alloc_xenoprof_struct(struct domain *d, int max_samples, int is_passive) for_each_vcpu ( d, v ) nvcpu++; - /* reduce buffer size if necessary to limit pages allocated */ - bufsize = sizeof(struct xenoprof_buf) + - (max_samples - 1) * sizeof(struct event_log); + /* reduce max_samples if necessary to limit pages allocated */ max_bufsize = (MAX_OPROF_SHARED_PAGES * PAGE_SIZE) / nvcpu; - if ( bufsize > max_bufsize ) - { - bufsize = max_bufsize; - max_samples = ( (max_bufsize - sizeof(struct xenoprof_buf)) / + max_max_samples = ( (max_bufsize - sizeof(struct xenoprof_buf)) / sizeof(struct event_log) ) + 1; - } + if ( (unsigned)max_samples > max_max_samples ) + max_samples = max_max_samples; + bufsize = sizeof(struct xenoprof_buf) + + (max_samples - 1) * sizeof(struct event_log); npages = (nvcpu * bufsize - 1) / PAGE_SIZE + 1; d->xenoprof->rawbuf = alloc_xenoprof_buf(is_passive ? dom0 : d, npages); -- 2.30.2