[XENOPROF] Fix limit-check overflow.

Fix code limiting XENOPROF_get_buffer and XENOPROF_set_passive
argument max_samples so that no more than MAX_OPROF_SHARED_PAGES are
used.

Signed-off-by: Markus Armbruster <armbru@redhat.com>

1 files changed, 7 insertions, 8 deletions

diff --git a/xen/arch/x86/oprofile/xenoprof.c b/xen/arch/x86/oprofile/xenoprof.c
index 4379d1223b..0eaa0f71a1 100644
--- a/xen/arch/x86/oprofile/xenoprof.c
+++ b/xen/arch/x86/oprofile/xenoprof.c
@@ -122,6 +122,7 @@ int alloc_xenoprof_struct(struct domain *d, int max_samples, int is_passive)
 {
     struct vcpu *v;
     int nvcpu, npages, bufsize, max_bufsize;
+    unsigned max_max_samples;
     int i;
 
     d->xenoprof = xmalloc(struct xenoprof);
@@ -139,17 +140,15 @@ int alloc_xenoprof_struct(struct domain *d, int max_samples, int is_passive)
     for_each_vcpu ( d, v )
         nvcpu++;
 
-    /* reduce buffer size if necessary to limit pages allocated */
-    bufsize = sizeof(struct xenoprof_buf) +
-        (max_samples - 1) * sizeof(struct event_log);
+    /* reduce max_samples if necessary to limit pages allocated */
     max_bufsize = (MAX_OPROF_SHARED_PAGES * PAGE_SIZE) / nvcpu;
-    if ( bufsize > max_bufsize )
-    {
-        bufsize = max_bufsize;
-        max_samples = ( (max_bufsize - sizeof(struct xenoprof_buf)) /
+    max_max_samples = ( (max_bufsize - sizeof(struct xenoprof_buf)) /
                         sizeof(struct event_log) ) + 1;
-    }
+    if ( (unsigned)max_samples > max_max_samples )
+        max_samples = max_max_samples;
 
+    bufsize = sizeof(struct xenoprof_buf) +
+        (max_samples - 1) * sizeof(struct event_log);
     npages = (nvcpu * bufsize - 1) / PAGE_SIZE + 1;
     
     d->xenoprof->rawbuf = alloc_xenoprof_buf(is_passive ? dom0 : d, npages);