From: Jan Beulich Date: Thu, 29 Oct 2015 13:28:33 +0000 (+0100) Subject: x86: rate-limit logging in do_xen{oprof,pmu}_op() X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=9f359c61e3927f94bb280ffb200155dd20465fda;p=xen.git x86: rate-limit logging in do_xen{oprof,pmu}_op() Some of the sub-ops are acessible to all guests, and hence should be rate-limited. In the xenoprof case, just like for XSA-146, include them only in debug builds. Since the vPMU code is rather new, allow them to be always present, but downgrade them to (rate limited) guest messages. This is CVE-2015-7971 / XSA-152. Signed-off-by: Jan Beulich Reviewed-by: Ian Campbell master commit: 95e7415843b94c346e5ba8682665f508f220e04b master date: 2015-10-29 13:37:19 +0100 --- diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c index 4703142114..abcb947f30 100644 --- a/xen/common/xenoprof.c +++ b/xen/common/xenoprof.c @@ -670,15 +670,13 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) if ( (op < 0) || (op > XENOPROF_last_op) ) { - printk("xenoprof: invalid operation %d for domain %d\n", - op, current->domain->domain_id); + gdprintk(XENLOG_DEBUG, "invalid operation %d\n", op); return -EINVAL; } if ( !NONPRIV_OP(op) && (current->domain != xenoprof_primary_profiler) ) { - printk("xenoprof: dom %d denied privileged operation %d\n", - current->domain->domain_id, op); + gdprintk(XENLOG_DEBUG, "denied privileged operation %d\n", op); return -EPERM; } @@ -901,8 +899,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_HANDLE_PARAM(void) arg) spin_unlock(&xenoprof_lock); if ( ret < 0 ) - printk("xenoprof: operation %d failed for dom %d (status : %d)\n", - op, current->domain->domain_id, ret); + gdprintk(XENLOG_DEBUG, "operation %d failed: %d\n", op, ret); return ret; }