c608e23838
Turn off building the KMPs now that we are using the pvops kernel xen.spec - Upstream patches from Jan 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch 5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch 563212e4-xenoprof-free-domain-s-vcpu-array.patch 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch - Dropped 55b0a2db-x86-MSI-track-guest-masking.patch - Use upstream variants of block-iscsi and block-nbd - Remove xenalyze.hg, its part of xen-4.6 OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=389
71 lines
2.5 KiB
Diff
71 lines
2.5 KiB
Diff
# Commit 95e7415843b94c346e5ba8682665f508f220e04b
|
|
# Date 2015-10-29 13:37:19 +0100
|
|
# Author Jan Beulich <jbeulich@suse.com>
|
|
# Committer Jan Beulich <jbeulich@suse.com>
|
|
x86: rate-limit logging in do_xen{oprof,pmu}_op()
|
|
|
|
Some of the sub-ops are acessible to all guests, and hence should be
|
|
rate-limited. In the xenoprof case, just like for XSA-146, include them
|
|
only in debug builds. Since the vPMU code is rather new, allow them to
|
|
be always present, but downgrade them to (rate limited) guest messages.
|
|
|
|
This is CVE-2015-7971 / XSA-152.
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
--- a/xen/arch/x86/cpu/vpmu.c
|
|
+++ b/xen/arch/x86/cpu/vpmu.c
|
|
@@ -682,8 +682,8 @@ long do_xenpmu_op(unsigned int op, XEN_G
|
|
vpmu_mode = pmu_params.val;
|
|
else if ( vpmu_mode != pmu_params.val )
|
|
{
|
|
- printk(XENLOG_WARNING
|
|
- "VPMU: Cannot change mode while active VPMUs exist\n");
|
|
+ gprintk(XENLOG_WARNING,
|
|
+ "VPMU: Cannot change mode while active VPMUs exist\n");
|
|
ret = -EBUSY;
|
|
}
|
|
|
|
@@ -714,8 +714,8 @@ long do_xenpmu_op(unsigned int op, XEN_G
|
|
vpmu_features = pmu_params.val;
|
|
else
|
|
{
|
|
- printk(XENLOG_WARNING "VPMU: Cannot change features while"
|
|
- " active VPMUs exist\n");
|
|
+ gprintk(XENLOG_WARNING,
|
|
+ "VPMU: Cannot change features while active VPMUs exist\n");
|
|
ret = -EBUSY;
|
|
}
|
|
|
|
--- a/xen/common/xenoprof.c
|
|
+++ b/xen/common/xenoprof.c
|
|
@@ -676,15 +676,13 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H
|
|
|
|
if ( (op < 0) || (op > XENOPROF_last_op) )
|
|
{
|
|
- printk("xenoprof: invalid operation %d for domain %d\n",
|
|
- op, current->domain->domain_id);
|
|
+ gdprintk(XENLOG_DEBUG, "invalid operation %d\n", op);
|
|
return -EINVAL;
|
|
}
|
|
|
|
if ( !NONPRIV_OP(op) && (current->domain != xenoprof_primary_profiler) )
|
|
{
|
|
- printk("xenoprof: dom %d denied privileged operation %d\n",
|
|
- current->domain->domain_id, op);
|
|
+ gdprintk(XENLOG_DEBUG, "denied privileged operation %d\n", op);
|
|
return -EPERM;
|
|
}
|
|
|
|
@@ -907,8 +905,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H
|
|
spin_unlock(&xenoprof_lock);
|
|
|
|
if ( ret < 0 )
|
|
- printk("xenoprof: operation %d failed for dom %d (status : %d)\n",
|
|
- op, current->domain->domain_id, ret);
|
|
+ gdprintk(XENLOG_DEBUG, "operation %d failed: %d\n", op, ret);
|
|
|
|
return ret;
|
|
}
|