x86: rate-limit logging in do_xen{oprof,pmu}_op()

Some of the sub-ops are acessible to all guests, and hence should be
rate-limited. In the xenoprof case, just like for XSA-146, include them
only in debug builds. Since the vPMU code is rather new, allow them to
be always present, but downgrade them to (rate limited) guest messages.

This is CVE-2015-7971 / XSA-152.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
master commit: 95e7415843b94c346e5ba8682665f508f220e04b
master date: 2015-10-29 13:37:19 +0100

diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c
index 4703142114ec91a91a69b056b2d38c0f053d24a0..abcb947f30528408d4fae59f1069ff8658f2a604 100644 (file)
--- a/xen/common/xenoprof.c
+++ b/xen/common/xenoprof.c
@@ -670,15 +670,13 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg)
     
     if ( (op < 0) || (op > XENOPROF_last_op) )
     {
-        printk("xenoprof: invalid operation %d for domain %d\n",
-               op, current->domain->domain_id);
+        gdprintk(XENLOG_DEBUG, "invalid operation %d\n", op);
         return -EINVAL;
     }
 
     if ( !NONPRIV_OP(op) && (current->domain != xenoprof_primary_profiler) )
     {
-        printk("xenoprof: dom %d denied privileged operation %d\n",
-               current->domain->domain_id, op);
+        gdprintk(XENLOG_DEBUG, "denied privileged operation %d\n", op);
         return -EPERM;
     }
 
@@ -901,8 +899,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg)
     spin_unlock(&xenoprof_lock);
 
     if ( ret < 0 )
-        printk("xenoprof: operation %d failed for dom %d (status : %d)\n",
-               op, current->domain->domain_id, ret);
+        gdprintk(XENLOG_DEBUG, "operation %d failed: %d\n", op, ret);
 
     return ret;
 }