Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1272529 - (CVE-2015-7970, xsa150) CVE-2015-7970 xen: Long latency populate-on-demand operation is not preemptible on x86
CVE-2015-7970 xen: Long latency populate-on-demand operation is not preemptib...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20151029,repor...
: Security
Depends On: 1276344
Blocks: 1272534
  Show dependency treegraph
 
Reported: 2015-10-16 12:07 EDT by Adam Mariš
Modified: 2018-03-07 05:05 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-03-07 05:05:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Adam Mariš 2015-10-16 12:07:21 EDT 
When running an HVM domain in Populate-on-Demand mode, Xen would sometimes search the domain for memory to reclaim, in response to demands for population of other pages in the same domain. This search runs without preemption. The guest can, by suitable arrangement of its memory contents, create a situation where this search is a time-consuming linear scan of the guest's address space. The scan might be triggered by the guest's own actions, or by toolstack operations such as migration.

A malicious administrator of a suitable guest can cause a denial of service. Specifically, such a guest can prevent use of a physical CPU for a significant period. If the host watchdog is in use, this can lead to a watchdog timeout and consequently a host reboot (for example).

The vulnerability is exposed to any HVM guest which has been constructed in Populate-on-Demand mode (ie, with memory < maxmem). Such a configuration is usual when the host administrator intends to oversubscribe system RAM. ARM is not vulnerable. x86 PV VMs are not vulnerable. x86 HVM domains without PoD (ie started with memory==maxmem) are not vulnerable.

Mitigation:

Running only PV guests will avoid this issue. Running HVM guest without enabling Populate-on-Demand mode (so, ensuring that maxmem==memory) will avoid this issue.
Comment 3 Martin Prpič 2015-10-29 09:36:22 EDT 
External References:

http://xenbits.xen.org/xsa/advisory-150.html
Comment 4 Martin Prpič 2015-10-29 09:51:08 EDT 
Created xen tracking bugs for this issue:

Affects: fedora-all [bug 1276344]
Comment 5 Fedora Update System 2015-11-08 17:20:45 EST 
xen-4.5.1-14.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2015-11-09 19:21:59 EST 
xen-4.5.1-14.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2015-11-09 19:50:06 EST 
xen-4.4.3-7.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.