ia64/xen-unstable

changeset 11832:d30ed0e261ae

[XENOPROF] Fix limit-check overflow.

Fix code limiting XENOPROF_get_buffer and XENOPROF_set_passive
argument max_samples so that no more than MAX_OPROF_SHARED_PAGES are
used.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
author kfraser@localhost.localdomain
date Sun Oct 15 09:52:33 2006 +0100 (2006-10-15)
parents 8631433e5195
children 6ed4368b4a9e
files xen/arch/x86/oprofile/xenoprof.c
line diff
     1.1 --- a/xen/arch/x86/oprofile/xenoprof.c	Sun Oct 15 09:21:49 2006 +0100
     1.2 +++ b/xen/arch/x86/oprofile/xenoprof.c	Sun Oct 15 09:52:33 2006 +0100
     1.3 @@ -122,6 +122,7 @@ int alloc_xenoprof_struct(struct domain 
     1.4  {
     1.5      struct vcpu *v;
     1.6      int nvcpu, npages, bufsize, max_bufsize;
     1.7 +    unsigned max_max_samples;
     1.8      int i;
     1.9  
    1.10      d->xenoprof = xmalloc(struct xenoprof);
    1.11 @@ -139,17 +140,15 @@ int alloc_xenoprof_struct(struct domain 
    1.12      for_each_vcpu ( d, v )
    1.13          nvcpu++;
    1.14  
    1.15 -    /* reduce buffer size if necessary to limit pages allocated */
    1.16 +    /* reduce max_samples if necessary to limit pages allocated */
    1.17 +    max_bufsize = (MAX_OPROF_SHARED_PAGES * PAGE_SIZE) / nvcpu;
    1.18 +    max_max_samples = ( (max_bufsize - sizeof(struct xenoprof_buf)) /
    1.19 +                        sizeof(struct event_log) ) + 1;
    1.20 +    if ( (unsigned)max_samples > max_max_samples )
    1.21 +        max_samples = max_max_samples;
    1.22 +
    1.23      bufsize = sizeof(struct xenoprof_buf) +
    1.24          (max_samples - 1) * sizeof(struct event_log);
    1.25 -    max_bufsize = (MAX_OPROF_SHARED_PAGES * PAGE_SIZE) / nvcpu;
    1.26 -    if ( bufsize > max_bufsize )
    1.27 -    {
    1.28 -        bufsize = max_bufsize;
    1.29 -        max_samples = ( (max_bufsize - sizeof(struct xenoprof_buf)) /
    1.30 -                        sizeof(struct event_log) ) + 1;
    1.31 -    }
    1.32 -
    1.33      npages = (nvcpu * bufsize - 1) / PAGE_SIZE + 1;
    1.34      
    1.35      d->xenoprof->rawbuf = alloc_xenoprof_buf(is_passive ? dom0 : d, npages);