1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
From 172cf0489b504b35c7c1666fb7d015006976c4e7 Mon Sep 17 00:00:00 2001
From: Julien Grall <julien.grall@linaro.org>
Date: Mon, 19 Jan 2015 12:59:42 +0000
Subject: [PATCH] xen/arm: vgic: message in the emulation code should be
rate-limited
printk is not rated-limited by default. Therefore a malicious guest may
be able to flood the Xen console.
If we use gdprintk, unecessary information will be printed such as the
filename and the line. Instead use XENLOG_G_ERR combine with %pv.
Signed-off-by: Julien Grall <julien.grall@linaro.org>
---
xen/arch/arm/vgic.c | 40 +++++++++++++++++++++++-----------------
1 file changed, 23 insertions(+), 17 deletions(-)
diff --git a/xen/arch/arm/vgic.c b/xen/arch/arm/vgic.c
index 8d1b79e..b2262c6 100644
--- a/xen/arch/arm/vgic.c
+++ b/xen/arch/arm/vgic.c
@@ -332,7 +332,7 @@ static int vgic_distr_mmio_read(struct vcpu *v, mmio_info_t *info)
case GICD_ICPIDR2:
if ( dabt.size != 2 ) goto bad_width;
- printk("vGICD: unhandled read from ICPIDR2\n");
+ printk(XENLOG_G_ERR "%pv: vGICD: unhandled read from ICPIDR2\n", v);
return 0;
/* Implementation defined -- read as zero */
@@ -349,14 +349,14 @@ static int vgic_distr_mmio_read(struct vcpu *v, mmio_info_t *info)
goto read_as_zero;
default:
- printk("vGICD: unhandled read r%d offset %#08x\n",
- dabt.reg, offset);
+ printk(XENLOG_G_ERR "%pv: vGICD: unhandled read r%d offset %#08x\n",
+ v, dabt.reg, offset);
return 0;
}
bad_width:
- printk("vGICD: bad read width %d r%d offset %#08x\n",
- dabt.size, dabt.reg, offset);
+ printk(XENLOG_G_ERR "%pv: vGICD: bad read width %d r%d offset %#08x\n",
+ v, dabt.size, dabt.reg, offset);
domain_crash_synchronous();
return 0;
@@ -523,14 +523,16 @@ static int vgic_distr_mmio_write(struct vcpu *v, mmio_info_t *info)
case GICD_ISPENDR ... GICD_ISPENDRN:
if ( dabt.size != 0 && dabt.size != 2 ) goto bad_width;
- printk("vGICD: unhandled %s write %#"PRIregister" to ISPENDR%d\n",
- dabt.size ? "word" : "byte", *r, gicd_reg - GICD_ISPENDR);
+ printk(XENLOG_G_ERR
+ "%pv: vGICD: unhandled %s write %#"PRIregister" to ISPENDR%d\n",
+ v, dabt.size ? "word" : "byte", *r, gicd_reg - GICD_ISPENDR);
return 0;
case GICD_ICPENDR ... GICD_ICPENDRN:
if ( dabt.size != 0 && dabt.size != 2 ) goto bad_width;
- printk("vGICD: unhandled %s write %#"PRIregister" to ICPENDR%d\n",
- dabt.size ? "word" : "byte", *r, gicd_reg - GICD_ICPENDR);
+ printk(XENLOG_G_ERR
+ "%pv: vGICD: unhandled %s write %#"PRIregister" to ICPENDR%d\n",
+ v, dabt.size ? "word" : "byte", *r, gicd_reg - GICD_ICPENDR);
return 0;
case GICD_ISACTIVER ... GICD_ISACTIVERN:
@@ -606,14 +608,16 @@ static int vgic_distr_mmio_write(struct vcpu *v, mmio_info_t *info)
case GICD_CPENDSGIR ... GICD_CPENDSGIRN:
if ( dabt.size != 0 && dabt.size != 2 ) goto bad_width;
- printk("vGICD: unhandled %s write %#"PRIregister" to ICPENDSGIR%d\n",
- dabt.size ? "word" : "byte", *r, gicd_reg - GICD_CPENDSGIR);
+ printk(XENLOG_G_ERR
+ "%pv: vGICD: unhandled %s write %#"PRIregister" to ICPENDSGIR%d\n",
+ v, dabt.size ? "word" : "byte", *r, gicd_reg - GICD_CPENDSGIR);
return 0;
case GICD_SPENDSGIR ... GICD_SPENDSGIRN:
if ( dabt.size != 0 && dabt.size != 2 ) goto bad_width;
- printk("vGICD: unhandled %s write %#"PRIregister" to ISPENDSGIR%d\n",
- dabt.size ? "word" : "byte", *r, gicd_reg - GICD_SPENDSGIR);
+ printk(XENLOG_G_ERR
+ "%pv: vGICD: unhandled %s write %#"PRIregister" to ISPENDSGIR%d\n",
+ v, dabt.size ? "word" : "byte", *r, gicd_reg - GICD_SPENDSGIR);
return 0;
/* Implementation defined -- write ignored */
@@ -638,14 +642,16 @@ static int vgic_distr_mmio_write(struct vcpu *v, mmio_info_t *info)
goto write_ignore;
default:
- printk("vGICD: unhandled write r%d=%"PRIregister" offset %#08x\n",
- dabt.reg, *r, offset);
+ printk(XENLOG_G_ERR
+ "%pv: vGICD: unhandled write r%d=%"PRIregister" offset %#08x\n",
+ v, dabt.reg, *r, offset);
return 0;
}
bad_width:
- printk("vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n",
- dabt.size, dabt.reg, *r, offset);
+ printk(XENLOG_G_ERR
+ "%pv: vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n",
+ v, dabt.size, dabt.reg, *r, offset);
domain_crash_synchronous();
return 0;
--
2.1.4
|
