Code to handle copy operations on transitive grants has built in retry
logic, involving a function reinvoking itself with unchanged
parameters. Such use assumes that the compiler would also translate
this to a so called "tail call" when generating machine code.
Empirically, this is not commonly the case, allowing for theoretically
unbounded nesting of such function calls.
A malicious or buggy guest may be able to crash Xen. Privilege
escalation and information leaks cannot be ruled out.
All versions of Xen are vulnerable.
There is no known mitigation.
Name: the Xen project
Upstream: Jan Beulich (SUSE)
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1481765]