[PATCH] x86/pmstat: Check size of PMSTAT_get_pxstat buffers

[Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>]

Check that the total number of states passed in and hence the size of
buffers is sufficient to avoid writing more than the caller has
allocated.

The interface is not explicit about whether getpx.total is expected to
be set by the caller in this case but since it is always set in
libxenctrl it seems reasonable to check it.

Signed-off-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>
Fixes: c06a7db0c547 ("X86 and IA64: Update cpufreq statistic logic for 
supporting both x86 and ia64")
---
 xen/drivers/acpi/pmstat.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/xen/drivers/acpi/pmstat.c b/xen/drivers/acpi/pmstat.c
index c51b9ca358c2..c388b1e9a17a 100644
--- a/xen/drivers/acpi/pmstat.c
+++ b/xen/drivers/acpi/pmstat.c
@@ -104,6 +104,14 @@ int do_get_pm_info(struct xen_sysctl_get_pmstat *op)
         cpufreq_residency_update(op->cpuid, pxpt->u.cur);
 
         ct = pmpt->perf.state_count;
+
+        if ( op->u.getpx.total < ct )
+        {
+            spin_unlock(cpufreq_statistic_lock);
+            ret = -ENOSPC;
+            break;
+        }
+
         if ( copy_to_guest(op->u.getpx.trans_pt, pxpt->u.trans_pt, ct*ct) )
         {
             spin_unlock(cpufreq_statistic_lock);
-- 
2.49.0