File 563212ff-x86-rate-limit-logging-in-do_xen-oprof... of Package xen.1589

Overview Repositories Revisions Requests Users Attributes Meta

File 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch of Package xen.1589

References: bsc#950706 CVE-2015-7971 XSA-152

# Commit 95e7415843b94c346e5ba8682665f508f220e04b
# Date 2015-10-29 13:37:19 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86: rate-limit logging in do_xen{oprof,pmu}_op()

Some of the sub-ops are acessible to all guests, and hence should be
rate-limited. In the xenoprof case, just like for XSA-146, include them
only in debug builds. Since the vPMU code is rather new, allow them to
be always present, but downgrade them to (rate limited) guest messages.

This is CVE-2015-7971 / XSA-152.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>

--- a/xen/common/xenoprof.c
+++ b/xen/common/xenoprof.c
@@ -670,15 +670,13 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H
     
     if ( (op < 0) || (op > XENOPROF_last_op) )
     {
-        printk("xenoprof: invalid operation %d for domain %d\n",
-               op, current->domain->domain_id);
+        gdprintk(XENLOG_DEBUG, "invalid operation %d\n", op);
         return -EINVAL;
     }
 
     if ( !NONPRIV_OP(op) && (current->domain != xenoprof_primary_profiler) )
     {
-        printk("xenoprof: dom %d denied privileged operation %d\n",
-               current->domain->domain_id, op);
+        gdprintk(XENLOG_DEBUG, "denied privileged operation %d\n", op);
         return -EPERM;
     }
 
@@ -901,8 +899,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H
     spin_unlock(&xenoprof_lock);
 
     if ( ret < 0 )
-        printk("xenoprof: operation %d failed for dom %d (status : %d)\n",
-               op, current->domain->domain_id, ret);
+        gdprintk(XENLOG_DEBUG, "operation %d failed: %d\n", op, ret);
 
     return ret;
 }

Places

File 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch of Package xen.1589

Places