diff options
author | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2006-10-15 09:52:33 +0100 |
---|---|---|
committer | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2006-10-15 09:52:33 +0100 |
commit | 3d7a1b3149641465ba88a6f09051fb83a1482d93 (patch) | |
tree | 18bbd70db3d0850e3adbee10174330750e68c228 | |
parent | bb4aa56a7196e58937a32be6163516f617287f4e (diff) | |
download | xen-3d7a1b3149641465ba88a6f09051fb83a1482d93.tar.gz xen-3d7a1b3149641465ba88a6f09051fb83a1482d93.tar.bz2 xen-3d7a1b3149641465ba88a6f09051fb83a1482d93.zip |
[XENOPROF] Fix limit-check overflow.
Fix code limiting XENOPROF_get_buffer and XENOPROF_set_passive
argument max_samples so that no more than MAX_OPROF_SHARED_PAGES are
used.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
-rw-r--r-- | xen/arch/x86/oprofile/xenoprof.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/xen/arch/x86/oprofile/xenoprof.c b/xen/arch/x86/oprofile/xenoprof.c index 4379d1223b..0eaa0f71a1 100644 --- a/xen/arch/x86/oprofile/xenoprof.c +++ b/xen/arch/x86/oprofile/xenoprof.c @@ -122,6 +122,7 @@ int alloc_xenoprof_struct(struct domain *d, int max_samples, int is_passive) { struct vcpu *v; int nvcpu, npages, bufsize, max_bufsize; + unsigned max_max_samples; int i; d->xenoprof = xmalloc(struct xenoprof); @@ -139,17 +140,15 @@ int alloc_xenoprof_struct(struct domain *d, int max_samples, int is_passive) for_each_vcpu ( d, v ) nvcpu++; - /* reduce buffer size if necessary to limit pages allocated */ - bufsize = sizeof(struct xenoprof_buf) + - (max_samples - 1) * sizeof(struct event_log); + /* reduce max_samples if necessary to limit pages allocated */ max_bufsize = (MAX_OPROF_SHARED_PAGES * PAGE_SIZE) / nvcpu; - if ( bufsize > max_bufsize ) - { - bufsize = max_bufsize; - max_samples = ( (max_bufsize - sizeof(struct xenoprof_buf)) / + max_max_samples = ( (max_bufsize - sizeof(struct xenoprof_buf)) / sizeof(struct event_log) ) + 1; - } + if ( (unsigned)max_samples > max_max_samples ) + max_samples = max_max_samples; + bufsize = sizeof(struct xenoprof_buf) + + (max_samples - 1) * sizeof(struct event_log); npages = (nvcpu * bufsize - 1) / PAGE_SIZE + 1; d->xenoprof->rawbuf = alloc_xenoprof_buf(is_passive ? dom0 : d, npages); |