XSA-43

CVE-2013-0231

问题描述

http://xenbits.xen.org/xsa/advisory-43.html

Linux pciback DoS via not rate limited log messages.

Xen’s PCI backend drivers in Linux allow a guest with assigned PCI device(s) to cause a DoS through a flood of kernel messages, potentially affecting other domains in the system.

resource abuse (unlimited log rate)

Patch描述

http://xenbits.xen.org/xsa/xsa43-classic.patch

ciback: rate limit error message from pcibackenablemsi()

… as being guest triggerable (e.g. by invoking XENPCIOPenablemsi on a device not being MSI capable).

--- a/drivers/xen/pciback/conf_space_capability_msi.c
+++ b/drivers/xen/pciback/conf_space_capability_msi.c
@@ -11,13 +11,12 @@
 int pciback_enable_msi(struct pciback_device *pdev,
        struct pci_dev *dev, struct xen_pci_op *op)
 {
-   int otherend = pdev->xdev->otherend_id;
-   int status;
-
-   status = pci_enable_msi(dev);
+   int status = pci_enable_msi(dev);
 
    if (status) {
-       printk("error enable msi for guest %x status %x\n", otherend, status);
+       if (printk_ratelimit())
+           printk("error enabling MSI for guest %u status %d\n",
+                  pdev->xdev->otherend_id, status);
        op->value = 0;
        return XEN_PCI_ERR_op_failed;
    }

Consequence

A malicious guest can mount a DoS affecting the entire system.

DoS