Description of problem: Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). (CVE-2007-5907).
The official post is here -- there is also patch provided: http://lists.xensource.com/archives/html/xen-devel/2007-10/msg00932.html
Created attachment 316578 [details] Patch to allow guest kernels to trap CR4 access This is the current patch I've been testing for this issue. It's pretty close to xen-unstable c/s 16259 + 16333, but has the following modifications: 1) irq_masked() is called in a few different places in the 3.1 codebase, so fix up all of the callers of it. 2) Remove all calls to pge_off and pge_on. Upstream went with a re-written flushing mechanism before this c/s went in, so just make sure to follow the pge_off/pge_on discipline that was there. Chris Lalancette
Comment on attachment 316578 [details] Patch to allow guest kernels to trap CR4 access Since this is the master tracking bug, this patch doesn't belong here. Obsoleting.