rpm/xen
SHA256
1
0
Fork 0
forked from pool/xen
Code Pull Requests Activity
xen/xsa152.patch
Charles Arnold 9e9b5acb9c - Upstream patches from Jan 
5604f239-x86-PV-properly-populate-descriptor-tables.patch
  561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-0.patch
  561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch
  561d20a0-x86-hide-MWAITX-from-PV-domains.patch
  561e3283-x86-NUMA-fix-SRAT-table-processor-entry-handling.patch

- bsc#951845 - VUL-0: CVE-2015-7972: xen: x86: populate-on-demand
  balloon size inaccuracy can crash guests (XSA-153)
  xsa153-libxl.patch

- bsc#950703 - VUL-1: CVE-2015-7969: xen: leak of main per-domain
  vcpu pointer array (DoS) (XSA-149)
  xsa149.patch
- bsc#950705 - VUL-1: CVE-2015-7969: xen: x86: leak of per-domain
  profiling-related vcpu pointer array (DoS) (XSA-151)
  xsa151.patch
- bsc#950706 - VUL-0: CVE-2015-7971: xen: x86: some pmu and
  profiling hypercalls log without rate limiting (XSA-152)
  xsa152.patch
- Dropped
  55dc7937-x86-IO-APIC-don-t-create-pIRQ-mapping-from-masked-RTE.patch
  5604f239-x86-PV-properly-populate-descriptor-tables.patch

- bsc#932267 - VUL-1: CVE-2015-4037: qemu,kvm,xen: insecure
  temporary file use in /net/slirp.c
  CVE-2015-4037-qemuu-smb-config-dir-name.patch
  CVE-2015-4037-qemut-smb-config-dir-name.patch
- bsc#877642 - VUL-0: CVE-2014-0222: qemu: qcow1: validate L2 table
  size to avoid integer overflows

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=382
2015-10-29 22:28:05 +00:00

44 lines
1.6 KiB
Diff
Raw Blame History

x86: rate-limit logging in do_xen{oprof,pmu}_op()
Some of the sub-ops are acessible to all guests, and hence should be
rate-limited. In the xenoprof case, just like for XSA-146, include them
only in debug builds. Since the vPMU code is rather new, allow them to
be always present, but downgrade them to (rate limited) guest messages.
This is XSA-152.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Index: xen-4.5.1-testing/xen/common/xenoprof.c
===================================================================
--- xen-4.5.1-testing.orig/xen/common/xenoprof.c
+++ xen-4.5.1-testing/xen/common/xenoprof.c
@@ -676,15 +676,13 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H
if ( (op < 0) || (op > XENOPROF_last_op) )
{
- printk("xenoprof: invalid operation %d for domain %d\n",
- op, current->domain->domain_id);
+ gdprintk(XENLOG_DEBUG, "invalid operation %d\n", op);
return -EINVAL;
}
if ( !NONPRIV_OP(op) && (current->domain != xenoprof_primary_profiler) )
{
- printk("xenoprof: dom %d denied privileged operation %d\n",
- current->domain->domain_id, op);
+ gdprintk(XENLOG_DEBUG, "denied privileged operation %d\n", op);
return -EPERM;
}
@@ -907,8 +905,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H
spin_unlock(&xenoprof_lock);
if ( ret < 0 )
- printk("xenoprof: operation %d failed for dom %d (status : %d)\n",
- op, current->domain->domain_id, ret);
+ gdprintk(XENLOG_DEBUG, "operation %d failed: %d\n", op, ret);
return ret;
}
View Git Blame Copy Permalink