Re: [PATCH 2/2] kvm: pr_guest: don't let guest invoke printk() on host

[Rusty Russell <rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>]

On Tue, 2007-07-24 at 15:19 +0300, Avi Kivity wrote:
> They don't rhyme anyway.

Let's NOT start that here.

Is this patch now clear?  It's less ambitious I fear. 

Cheer,
Rusty.
===
Add and use pr_unimpl for standard formatting of unimplemented features.

All guest-invokable printks should be ratelimited to prevent malicious
guests from flooding logs.  This is a start.

Signed-off-by: Rusty Russell <rusty-8n+1lVoiYb80n/F98K4Iww@public.gmane.org>

diff -r 5266830ac99d drivers/kvm/kvm.h
--- a/drivers/kvm/kvm.h	Tue Jul 24 16:22:15 2007 +1000
+++ b/drivers/kvm/kvm.h	Wed Jul 25 09:52:33 2007 +1000
@@ -503,6 +503,14 @@ struct kvm_arch_ops {
 
 extern struct kvm_arch_ops *kvm_arch_ops;
 
+/* The guest did something we don't support. */
+#define pr_unimpl(vcpu, fmt, ...)					\
+ do {									\
+	if (printk_ratelimit())						\
+		printk(KERN_ERR "kvm: %i: cpu%i " fmt,			\
+		       current->tgid, (vcpu)->vcpu_id , ## __VA_ARGS__); \
+ } while(0)
+
 #define kvm_printf(kvm, fmt ...) printk(KERN_DEBUG fmt)
 #define vcpu_printf(vcpu, fmt...) kvm_printf(vcpu->kvm, fmt)
 
diff -r 5266830ac99d drivers/kvm/kvm_main.c
--- a/drivers/kvm/kvm_main.c	Tue Jul 24 16:22:15 2007 +1000
+++ b/drivers/kvm/kvm_main.c	Wed Jul 25 09:55:26 2007 +1000
@@ -1001,8 +1001,8 @@ static int emulator_write_std(unsigned l
 			      unsigned int bytes,
 			      struct x86_emulate_ctxt *ctxt)
 {
-	printk(KERN_ERR "emulator_write_std: addr %lx n %d\n",
-	       addr, bytes);
+	pr_unimpl(ctxt->vcpu, "emulator_write_std: addr %lx n %d\n",
+		  addr, bytes);
 	return X86EMUL_UNHANDLEABLE;
 }
 
@@ -1529,7 +1529,7 @@ int kvm_get_msr_common(struct kvm_vcpu *
 		break;
 #endif
 	default:
-		printk(KERN_ERR "kvm: unhandled rdmsr: 0x%x\n", msr);
+		pr_unimpl(vcpu, "unhandled rdmsr: 0x%x\n", msr);
 		return 1;
 	}
 	*pdata = data;
@@ -1608,7 +1608,7 @@ int kvm_set_msr_common(struct kvm_vcpu *
 		return vcpu_register_para(vcpu, data);
 
 	default:
-		printk(KERN_ERR "kvm: unhandled wrmsr: 0x%x\n", msr);
+		pr_unimpl(vcpu, "unhandled wrmsr: 0x%x\n", msr);
 		return 1;
 	}
 	return 0;
@@ -1862,7 +1862,7 @@ int kvm_setup_pio(struct kvm_vcpu *vcpu,
 		/*
 		 * String I/O in reverse.  Yuck.  Kill the guest, fix later.
 		 */
-		printk(KERN_ERR "kvm: guest string pio down\n");
+		pr_unimpl(vcpu, "guest string pio down\n");
 		inject_gp(vcpu);
 		return 1;
 	}
@@ -1893,7 +1893,7 @@ int kvm_setup_pio(struct kvm_vcpu *vcpu,
 				ret = 1;
 		}
 	} else if (pio_dev)
-		printk(KERN_ERR "no string pio read support yet, "
+		pr_unimpl(vcpu, "no string pio read support yet, "
 		       "port %x size %d count %ld\n",
 			port, size, count);
 
diff -r 5266830ac99d drivers/kvm/svm.c
--- a/drivers/kvm/svm.c	Tue Jul 24 16:22:15 2007 +1000
+++ b/drivers/kvm/svm.c	Wed Jul 25 10:16:11 2007 +1000
@@ -1132,7 +1132,7 @@ static int invalid_op_interception(struc
 
 static int task_switch_interception(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
 {
-	printk(KERN_DEBUG "%s: task swiche is unsupported\n", __FUNCTION__);
+	pr_unimpl(vcpu, "%s: task swiche is unsupported\n", __FUNCTION__);
 	kvm_run->exit_reason = KVM_EXIT_UNKNOWN;
 	return 0;
 }
diff -r 5266830ac99d drivers/kvm/vmx.c
--- a/drivers/kvm/vmx.c	Tue Jul 24 16:22:15 2007 +1000
+++ b/drivers/kvm/vmx.c	Wed Jul 25 09:59:50 2007 +1000
@@ -1807,7 +1807,7 @@ static int handle_cr(struct kvm_vcpu *vc
 		break;
 	}
 	kvm_run->exit_reason = 0;
-	printk(KERN_ERR "kvm: unhandled control register: op %d cr %d\n",
+	pr_unimpl(vcpu, "unhandled control register: op %d cr %d\n",
 	       (int)(exit_qualification >> 4) & 3, cr);
 	return 0;
 }




-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/