x86/pmstat: correct PMSTAT_get_pxstat buffer size checking

author Jan Beulich <jbeulich@suse.com>

Wed, 18 Jun 2025 07:25:09 +0000 (09:25 +0200)

committer Jan Beulich <jbeulich@suse.com>

Wed, 18 Jun 2025 07:25:09 +0000 (09:25 +0200)
author Jan Beulich <jbeulich@suse.com>
Wed, 18 Jun 2025 07:25:09 +0000 (09:25 +0200)
committer Jan Beulich <jbeulich@suse.com>
Wed, 18 Jun 2025 07:25:09 +0000 (09:25 +0200)
diff --git a/xen/drivers/acpi/pmstat.c b/xen/drivers/acpi/pmstat.c

index 2a1f5493fa10c47c54a484df2d12f49ac44e88ec..80dc121e143b1f2abb3c63c50bdf1de30655d2d5 100644 (file)
--- a/xen/drivers/acpi/pmstat.c
+++ b/xen/drivers/acpi/pmstat.c
@@ -272,11 +272,14 @@ int do_get_pm_info(struct xen_sysctl_get_pmstat *op)
  
          cpufreq_residency_update(op->cpuid, pxpt->u.cur);
  
-        ct = min(pmpt->perf.state_count, op->u.getpx.total + 0U);
-
-        /* Avoid partial copying of 2-D array */
-        if ( ct == op->u.getpx.total &&
-             copy_to_guest(op->u.getpx.trans_pt, pxpt->u.trans_pt, ct * ct) )
+        /*
+         * Avoid partial copying of 2-D array, whereas partial copying of a
+         * simple vector (further down) is deemed okay.
+         */
+        ct = pmpt->perf.state_count;
+        if ( ct > op->u.getpx.total )
+            ct = op->u.getpx.total;
+        else if ( copy_to_guest(op->u.getpx.trans_pt, pxpt->u.trans_pt, ct * ct) )
          {
              spin_unlock(cpufreq_statistic_lock);
              ret = -EFAULT;
author	Jan Beulich <jbeulich@suse.com>
	Wed, 18 Jun 2025 07:25:09 +0000 (09:25 +0200)
committer	Jan Beulich <jbeulich@suse.com>
	Wed, 18 Jun 2025 07:25:09 +0000 (09:25 +0200)