Bug 221239

Summary: Use of domain_crash_synchronous in illegal contexts
Product: Red Hat Enterprise Linux 5 Reporter: Herbert Xu <herbert.xu>
Component: kernel-xenAssignee: Herbert Xu <herbert.xu>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 5.0CC: dzickus, security-response-team, xen-maint
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important,source=redhat,reported=20070103,public=20070103
Fixed In Version: 5.0.0 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-01-26 21:30:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 222058    
Attachments:
Description Flags
[XEN] Get rid of many uses of domain_crash_synchronous().
none
Replace inappropriate calls to domain_crash_synchronous none

Description Herbert Xu 2007-01-03 06:07:49 UTC 
Using domain_crash_synchronous with IRQs disabled or spin locks held (or other
contexts where clean-up is required) can render the hypervisor inoperative. 
This patch from upstream fixes the offenders.
Comment 1 Herbert Xu 2007-01-03 06:07:49 UTC 
Created attachment 144684 [details]
[XEN] Get rid of many uses of domain_crash_synchronous().
Comment 2 Rik van Riel 2007-01-03 06:56:01 UTC 
Justification: security bug, HVM guests could shut down the host by performing
illegal operations.

The patch has already been posted to virtualist@ and rhkernel-list@.

Don, please apply the patch once it has received the ACKs required.
Comment 4 Jay Turner 2007-01-03 20:09:25 UTC 
QE ack for RHEL5.
Comment 5 Rik van Riel 2007-01-10 17:42:32 UTC 
While trying to reproduce bug 222058 here, I unwittingly kept reproducing this
bug instead.  Highly annoying to have the host crash 3 times in a row :)
Comment 6 Brian Stein 2007-01-10 19:34:28 UTC 
Herbert - 

Please quantify the security implications here for not having this in RC.
Comment 7 Herbert Xu 2007-01-10 20:40:33 UTC 
Rik, do you have a crash dump for this?

Brian, I've done an audit of all the domain_crash_synchronous() calls in RHEL5.
 As a result we only need a subset of this patch.  However, there are a number
of other similar patches which we need to pull instead.

I'll post them today.
Comment 9 Herbert Xu 2007-01-11 11:33:09 UTC 
Created attachment 145332 [details]
Replace inappropriate calls to domain_crash_synchronous
Comment 10 Jay Turner 2007-01-12 12:53:18 UTC 
QE ack for RHEL5.
Comment 11 Don Zickus 2007-01-12 20:17:38 UTC 
in 2.6.18-1.3014.el5
Comment 12 Jay Turner 2007-01-26 21:30:52 UTC 
2.6.9-7.el5 included in 20070125.0.