Description of problem:
Xen 3.1.1 does not prevent modification of the CR4 TSC from
applications, which allows pv guests to cause a denial of service
(crash). (CVE-2007-5907).
Comment 11Chris Lalancette
2008-09-12 14:13:05 UTC
Created attachment 316578[details]
Patch to allow guest kernels to trap CR4 access
This is the current patch I've been testing for this issue. It's pretty close to xen-unstable c/s 16259 + 16333, but has the following modifications:
1) irq_masked() is called in a few different places in the 3.1 codebase, so fix up all of the callers of it.
2) Remove all calls to pge_off and pge_on. Upstream went with a re-written flushing mechanism before this c/s went in, so just make sure to follow the pge_off/pge_on discipline that was there.
Chris Lalancette
Comment 12Chris Lalancette
2008-09-16 09:46:59 UTC
Comment on attachment 316578[details]
Patch to allow guest kernels to trap CR4 access
Since this is the master tracking bug, this patch doesn't belong here. Obsoleting.