Re: [stable request 3.4] xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}()

Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> · Fri, 7 Jun 2013 12:24:17 -0400

On Tue, Jun 04, 2013 at 10:08:12PM -0700, Greg KH wrote:
> On Tue, Jun 04, 2013 at 02:02:50PM -0700, Vinson Lee wrote:
> > Hi,
> > 
> > This patch, which addresses CVE-2013-0231 and originally backported to
> > 3.7.10, seems to have been missed for the 3.4 kernel. This patch is
> > already in 3.7.5.z and 3.2.y.
> > 
> > commit 51ac8893a7a51b196501164e645583bf78138699
> > Author: Jan Beulich <jbeulich@xxxxxxxx>
> > Date:   Wed Feb 6 10:30:38 2013 -0500
> > 
> >     xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}()
> > 
> >     ... as being guest triggerable (e.g. by invoking
> >     XEN_PCI_OP_enable_msi{,x} on a device not being MSI/MSI-X capable).
> > 
> >     This is CVE-2013-0231 / XSA-43.
> > 
> >     Also make the two messages uniform in both their wording and severity.
> > 
> >     Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
> >     Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> >     Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
> 
> It breaks the build on 3.4, so I can't apply it.  Can someone please
> backport it (and TEST IT) and send it so that I can apply it?

Here it is (And yes, tested as well)

>From 54b2ca57244ced30190fbdaeed9514bda63032eb Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Wed, 6 Feb 2013 10:30:38 -0500
Subject: [PATCH] xen-pciback: rate limit error messages from
 xen_pcibk_enable_msi{,x}()

... as being guest triggerable (e.g. by invoking
XEN_PCI_OP_enable_msi{,x} on a device not being MSI/MSI-X capable).

This is CVE-2013-0231 / XSA-43.

Also make the two messages uniform in both their wording and severity.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
[stable tree: Added two extra #include files]
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
---
 drivers/xen/xen-pciback/pciback_ops.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/drivers/xen/xen-pciback/pciback_ops.c b/drivers/xen/xen-pciback/pciback_ops.c
index b6df20a..d52703c 100644
--- a/drivers/xen/xen-pciback/pciback_ops.c
+++ b/drivers/xen/xen-pciback/pciback_ops.c
@@ -9,6 +9,8 @@
 #include <xen/events.h>
 #include <linux/sched.h>
 #include "pciback.h"
+#include <linux/ratelimit.h>
+#include <linux/printk.h>
 
 int verbose_request;
 module_param(verbose_request, int, 0644);
@@ -136,7 +138,6 @@ int xen_pcibk_enable_msi(struct xen_pcibk_device *pdev,
 			 struct pci_dev *dev, struct xen_pci_op *op)
 {
 	struct xen_pcibk_dev_data *dev_data;
-	int otherend = pdev->xdev->otherend_id;
 	int status;
 
 	if (unlikely(verbose_request))
@@ -145,8 +146,9 @@ int xen_pcibk_enable_msi(struct xen_pcibk_device *pdev,
 	status = pci_enable_msi(dev);
 
 	if (status) {
-		printk(KERN_ERR "error enable msi for guest %x status %x\n",
-			otherend, status);
+		pr_warn_ratelimited(DRV_NAME ": %s: error enabling MSI for guest %u: err %d\n",
+				    pci_name(dev), pdev->xdev->otherend_id,
+				    status);
 		op->value = 0;
 		return XEN_PCI_ERR_op_failed;
 	}
@@ -224,10 +226,10 @@ int xen_pcibk_enable_msix(struct xen_pcibk_device *pdev,
 						pci_name(dev), i,
 						op->msix_entries[i].vector);
 		}
-	} else {
-		printk(KERN_WARNING DRV_NAME ": %s: failed to enable MSI-X: err %d!\n",
-			pci_name(dev), result);
-	}
+	} else
+		pr_warn_ratelimited(DRV_NAME ": %s: error enabling MSI-X for guest %u: err %d!\n",
+				    pci_name(dev), pdev->xdev->otherend_id,
+				    result);
 	kfree(entries);
 
 	op->value = result;
-- 
1.8.1.4

--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







