Re: [kvm-devel] [PATCH 2/2] kvm: pr_guest: don't let guest invoke printk() on host

Avi Kivity wrote: > Rusty Russell wrote: > >> On Tue, 2007-07-24 at 15:19 +0300, Avi Kivity wrote: >> >> >>> They don't rhyme anyway. >>> >>> >> Let's NOT start that here. >> >> Is this patch now clear? It's less ambitious I fear. >> >> >> > > Patch applied, Rusty d

Re: [kvm-devel] [PATCH 2/2] kvm: pr_guest: don't let guest invoke printk() on host

Rusty Russell wrote: > On Tue, 2007-07-24 at 15:19 +0300, Avi Kivity wrote: > >> They don't rhyme anyway. >> > > Let's NOT start that here. > > Is this patch now clear? It's less ambitious I fear. > > Patch applied, Rusty dear. -- Do not meddle in the internals of kernels, for they

Re: [kvm-devel] [PATCH 2/2] kvm: pr_guest: don't let guest invoke printk() on host

On Tue, 2007-07-24 at 15:19 +0300, Avi Kivity wrote: > They don't rhyme anyway. Let's NOT start that here. Is this patch now clear? It's less ambitious I fear. Cheer, Rusty. === Add and use pr_unimpl for standard formatting of unimplemented features. All guest-invokable printks should be rate

Re: [kvm-devel] [PATCH 2/2] kvm: pr_guest: don't let guest invoke printk() on host

Rusty Russell wrote: > On Tue, 2007-07-24 at 14:01 +0300, Avi Kivity wrote: > >> Rusty Russell wrote: >> >>> KVM *will* be used to run malicious guests. That's going to be hard to >>> lock down later, so I figure we should start now. >>> >> There's no reason to make this KERN_WARN.

Re: [kvm-devel] [PATCH 2/2] kvm: pr_guest: don't let guest invoke printk() on host

On Tue, 2007-07-24 at 14:01 +0300, Avi Kivity wrote: > Rusty Russell wrote: > > KVM *will* be used to run malicious guests. That's going to be hard to > > lock down later, so I figure we should start now. > > There's no reason to make this KERN_WARN. There's nothing wrong with > the host, and t

Re: [kvm-devel] [PATCH 2/2] kvm: pr_guest: don't let guest invoke printk() on host

Rusty Russell wrote: > On Tue, 2007-07-24 at 13:19 +0300, Avi Kivity wrote: > >> Rusty Russell wrote: >> >>> diff -r 3f158ee9df43 drivers/kvm/kvm_main.c >>> --- a/drivers/kvm/kvm_main.cTue Jul 24 16:22:39 2007 +1000 >>> +++ b/drivers/kvm/kvm_main.cTue Jul 24 16:28:33 2007 +1

Re: [kvm-devel] [PATCH 2/2] kvm: pr_guest: don't let guest invoke printk() on host

On Tue, 2007-07-24 at 13:19 +0300, Avi Kivity wrote: > Rusty Russell wrote: > > diff -r 3f158ee9df43 drivers/kvm/kvm_main.c > > --- a/drivers/kvm/kvm_main.cTue Jul 24 16:22:39 2007 +1000 > > +++ b/drivers/kvm/kvm_main.cTue Jul 24 16:28:33 2007 +1000 > > @@ -425,8 +425,8 @@ inject_gp

Re: [kvm-devel] [PATCH 2/2] kvm: pr_guest: don't let guest invoke printk() on host

Rusty Russell wrote: > If the guest can invoke a printk(), it can potentially flood the logs, > causing a host DoS. We should also indicate *which* guest we're > talking about. > > This patch adds pr_guest (analogous to pr_debug) which ratelimits. > Not all printk's were replaced: some are only pr

[kvm-devel] [PATCH 2/2] kvm: pr_guest: don't let guest invoke printk() on host

If the guest can invoke a printk(), it can potentially flood the logs, causing a host DoS. We should also indicate *which* guest we're talking about. This patch adds pr_guest (analogous to pr_debug) which ratelimits. Not all printk's were replaced: some are only printed once and others should pro