From e698f4ab05a710e4463317ea978d426d43107e27 Mon Sep 17 00:00:00 2001 From: Julien Grall Date: Mon, 19 Jan 2015 14:01:09 +0000 Subject: [PATCH 1/2] xen/arm: vgic-v3: message in the emulation code should be rate-limited printk by default is not rate-limited by default. Therefore a malicious guest may be able to flood the Xen console. If we use gdprintk, unnecessary information will be printed such as the filename and the line. Instead use XENLOG_G_{ERR,DEBUG} combine with %pv. Also remove the vGICv3 prefix which is not neccessary and update some message which were wrong. Signed-off-by: Julien Grall --- xen/arch/arm/vgic-v3.c | 109 +++++++++++++++++++++++++++---------------------- 1 file changed, 61 insertions(+), 48 deletions(-) diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c index ae4482c..bece189 100644 --- a/xen/arch/arm/vgic-v3.c +++ b/xen/arch/arm/vgic-v3.c @@ -168,13 +168,14 @@ static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info, /* Reserved0 */ goto read_as_zero; default: - printk("vGICv3: vGICR: read r%d offset %#08x\n not found", - dabt.reg, gicr_reg); + printk(XENLOG_G_ERR + "%pv: vGICR: read r%d offset %#08x\n not found", + v, dabt.reg, gicr_reg); return 0; } bad_width: - printk("vGICv3: vGICR: bad read width %d r%d offset %#08x\n", - dabt.size, dabt.reg, gicr_reg); + printk(XENLOG_G_ERR "%pv vGICR: bad read width %d r%d offset %#08x\n", + v, dabt.size, dabt.reg, gicr_reg); domain_crash_synchronous(); return 0; @@ -244,12 +245,14 @@ static int __vgic_v3_rdistr_rd_mmio_write(struct vcpu *v, mmio_info_t *info, /* RO */ goto write_ignore; default: - printk("vGICR: write r%d offset %#08x\n not found", dabt.reg, gicr_reg); + printk(XENLOG_G_ERR "%pv: vGICR: write r%d offset %#08x\n not found", + v, dabt.reg, gicr_reg); return 0; } bad_width: - printk("vGICR: bad write width %d r%d=%"PRIregister" offset %#08x\n", - dabt.size, dabt.reg, *r, gicr_reg); + printk(XENLOG_G_ERR + "%pv: vGICR: bad write width %d r%d=%"PRIregister" offset %#08x\n", + v, dabt.size, dabt.reg, *r, gicr_reg); domain_crash_synchronous(); return 0; @@ -345,15 +348,16 @@ static int __vgic_v3_distr_common_mmio_read(struct vcpu *v, mmio_info_t *info, vgic_unlock_rank(v, rank, flags); return 1; default: - printk("vGICv3: vGICD/vGICR: unhandled read r%d offset %#08x\n", - dabt.reg, reg); + printk(XENLOG_G_ERR + "%pv: vGICD/vGICR: unhandled read r%d offset %#08x\n", + v, dabt.reg, reg); return 0; } bad_width: - dprintk(XENLOG_ERR, - "vGICv3: vGICD/vGICR: bad read width %d r%d offset %#08x\n", - dabt.size, dabt.reg, reg); + printk(XENLOG_G_ERR + "%pv: vGICD/vGICR: bad read width %d r%d offset %#08x\n", + v, dabt.size, dabt.reg, reg); domain_crash_synchronous(); return 0; @@ -458,15 +462,16 @@ static int __vgic_v3_distr_common_mmio_write(struct vcpu *v, mmio_info_t *info, vgic_unlock_rank(v, rank, flags); return 1; default: - printk("vGICv3: vGICD/vGICR: unhandled write r%d " - "=%"PRIregister" offset %#08x\n", dabt.reg, *r, reg); + printk(XENLOG_G_ERR + "%pv: vGICD/vGICR: unhandled write r%d=%"PRIregister" offset %#08x\n", + v, dabt.reg, *r, reg); return 0; } bad_width: - dprintk(XENLOG_ERR, - "vGICv3: vGICD/vGICR: bad write width %d r%d=%"PRIregister" " - "offset %#08x\n", dabt.size, dabt.reg, *r, reg); + printk(XENLOG_G_ERR + "%pv: vGICD/vGICR: bad write width %d r%d=%"PRIregister" offset %#08x\n", + v, dabt.size, dabt.reg, *r, reg); domain_crash_synchronous(); return 0; @@ -521,13 +526,14 @@ static int vgic_v3_rdistr_sgi_mmio_read(struct vcpu *v, mmio_info_t *info, if ( dabt.size != DABT_WORD ) goto bad_width; return 1; default: - printk("vGICv3: vGICR: read r%d offset %#08x\n not found", - dabt.reg, gicr_reg); + printk(XENLOG_G_ERR + "%pv: vGICR: SGI: read r%d offset %#08x\n not found", + v, dabt.reg, gicr_reg); return 0; } bad_width: - printk("vGICv3: vGICR: bad read width %d r%d offset %#08x\n", - dabt.size, dabt.reg, gicr_reg); + printk(XENLOG_G_ERR "%pv: vGICR: SGI: bad read width %d r%d offset %#08x\n", + v, dabt.size, dabt.reg, gicr_reg); domain_crash_synchronous(); return 0; @@ -585,14 +591,16 @@ static int vgic_v3_rdistr_sgi_mmio_write(struct vcpu *v, mmio_info_t *info, /* We do not implement security extensions for guests, write ignore */ goto write_ignore; default: - printk("vGICv3: vGICR SGI: write r%d offset %#08x\n not found", - dabt.reg, gicr_reg); + printk(XENLOG_G_ERR + "%pv: vGICR: SGI: write r%d offset %#08x\n not found", + v, dabt.reg, gicr_reg); return 0; } bad_width: - printk("vGICR SGI: bad write width %d r%d=%"PRIregister" offset %#08x\n", - dabt.size, dabt.reg, *r, gicr_reg); + printk(XENLOG_G_ERR + "%pv: vGICR: SGI: bad write width %d r%d=%"PRIregister" offset %#08x\n", + v, dabt.size, dabt.reg, *r, gicr_reg); domain_crash_synchronous(); return 0; @@ -618,9 +626,9 @@ static int vgic_v3_rdistr_mmio_read(struct vcpu *v, mmio_info_t *info) else if ( (offset >= SZ_64K) && (offset < 2 * SZ_64K) ) return vgic_v3_rdistr_sgi_mmio_read(v, info, (offset - SZ_64K)); else - gdprintk(XENLOG_WARNING, - "vGICv3: vGICR: unknown gpa read address %"PRIpaddr"\n", - info->gpa); + printk(XENLOG_G_WARNING + "%pv: vGICR: unknown gpa read address %"PRIpaddr"\n", + v, info->gpa); return 0; } @@ -642,9 +650,9 @@ static int vgic_v3_rdistr_mmio_write(struct vcpu *v, mmio_info_t *info) else if ( (offset >= SZ_64K) && (offset < 2 * SZ_64K) ) return vgic_v3_rdistr_sgi_mmio_write(v, info, (offset - SZ_64K)); else - gdprintk(XENLOG_WARNING, - "vGICV3: vGICR: unknown gpa write address %"PRIpaddr"\n", - info->gpa); + printk(XENLOG_G_WARNING + "%pv: vGICR: unknown gpa write address %"PRIpaddr"\n", + v, info->gpa); return 0; } @@ -770,18 +778,19 @@ static int vgic_v3_distr_mmio_read(struct vcpu *v, mmio_info_t *info) case 0xf30 ... 0x5fcc: case 0x8000 ... 0xbfcc: /* These are reserved register addresses */ - printk("vGICv3: vGICD: read unknown 0x00c .. 0xfcc r%d offset %#08x\n", - dabt.reg, gicd_reg); + printk(XENLOG_G_DEBUG + "%pv: vGICD: RAZ on reserved register offset %#08x\n", + v, gicd_reg); goto read_as_zero; default: - printk("vGICv3: vGICD: unhandled read r%d offset %#08x\n", - dabt.reg, gicd_reg); + printk(XENLOG_G_ERR "%pv: vGICD: unhandled read r%d offset %#08x\n", + v, dabt.reg, gicd_reg); return 0; } bad_width: - dprintk(XENLOG_ERR, "vGICv3: vGICD: bad read width %d r%d offset %#08x\n", - dabt.size, dabt.reg, gicd_reg); + printk(XENLOG_G_ERR "%pv: vGICD: bad read width %d r%d offset %#08x\n", + v, dabt.size, dabt.reg, gicd_reg); domain_crash_synchronous(); return 0; @@ -840,8 +849,9 @@ static int vgic_v3_distr_mmio_write(struct vcpu *v, mmio_info_t *info) case 0x020 ... 0x03c: case 0xc000 ... 0xffcc: /* Implementation defined -- write ignored */ - printk("vGICv3: vGICD: write unknown 0x020 - 0x03c r%d offset %#08x\n", - dabt.reg, gicd_reg); + printk(XENLOG_G_DEBUG + "%pv: vGICD: WI on implementation defined register offset %#08x\n", + v, gicd_reg); goto write_ignore; case GICD_IGROUPR ... GICD_IGROUPRN: case GICD_ISENABLER ... GICD_ISENABLERN: @@ -885,8 +895,9 @@ static int vgic_v3_distr_mmio_write(struct vcpu *v, mmio_info_t *info) new_target = new_irouter & MPIDR_AFF0_MASK; if ( new_target >= v->domain->max_vcpus ) { - printk("vGICv3: vGICD: wrong irouter at offset %#08x\n val 0x%lx vcpu %x", - gicd_reg, new_target, v->domain->max_vcpus); + printk(XENLOG_G_DEBUG + "%pv: vGICD: wrong irouter at offset %#08x\n val 0x%lx vcpu %x", + v, gicd_reg, new_target, v->domain->max_vcpus); vgic_unlock_rank(v, rank, flags); return 0; } @@ -926,19 +937,21 @@ static int vgic_v3_distr_mmio_write(struct vcpu *v, mmio_info_t *info) case 0xf30 ... 0x5fcc: case 0x8000 ... 0xbfcc: /* Reserved register addresses */ - printk("vGICv3: vGICD: write unknown 0x00c 0xfcc r%d offset %#08x\n", - dabt.reg, gicd_reg); + printk(XENLOG_G_DEBUG + "%pv: vGICD: write unknown 0x00c 0xfcc r%d offset %#08x\n", + v, dabt.reg, gicd_reg); goto write_ignore; default: - printk("vGICv3: vGICD: unhandled write r%d=%"PRIregister" " - "offset %#08x\n", dabt.reg, *r, gicd_reg); + printk(XENLOG_G_ERR + "%pv: vGICD: unhandled write r%d=%"PRIregister" offset %#08x\n", + v, dabt.reg, *r, gicd_reg); return 0; } bad_width: - dprintk(XENLOG_ERR, - "VGICv3: vGICD: bad write width %d r%d=%"PRIregister" " - "offset %#08x\n", dabt.size, dabt.reg, *r, gicd_reg); + printk(XENLOG_G_ERR + "%pv: vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n", + v, dabt.size, dabt.reg, *r, gicd_reg); domain_crash_synchronous(); return 0; -- 2.1.4