When an x86 PV domain has a passed-through PCI device assigned, IOMMU mappings may need to be updated when the type of a particular page changes. Such an IOMMU operation may fail. In the event of failure, while at present the affected guest would be forcibly crashed, the already recorded additional type reference was not dropped again. This causes a bug check to trigger while cleaning up after the crashed guest. Malicious or buggy x86 PV guest kernels can mount a Denial of Service (DoS) attack affecting the whole system. References: https://seclists.org/oss-sec/2019/q1/159
Created xen tracking bugs for this issue: Affects: fedora-all [bug 1685577]