A bug was found in the way Xen handles instruction emulation during VM exits. Malicious guest user space process running in SMP guest can trick the emulator into reading different instruction than the one that caused the VM exit. To do so it should run legitimate instruction that causes VM exit in one thread and replace this instruction to another one from second thread. An unprivileged guest user can potentially use this flaw to crash the host. ------------------------------------------------------------- Original name: xen: svvp Disable Enable With IO will reboot the host which CPU is AMD Description of problem: svvp Disable Enable With IO will reboot the host svvp "Disable Enable with IO"'s child job "Driver Verifier -Enable"'s child job "Reboot System Under Test" should only reboot the guest , but when the guest prepare to enter the desktop after reboot , the host (SUT) will reboot . Version-Release number of selected component (if applicable): xen-3.0.3-129.el5 kernel-xen-2.6.18-257.el5 xenpv-win-1.3.4-9.el5 How reproducible: 100% Steps to Reproduce: 1. run the Disable Enable With IO 2. 3. Actual results: host will reboot Expected results: host should not reboot Additional info: Sometimes the guest even do not run the disable and enable jobs ,the host will reboot when I reboot the guest which run the disable and enable job once.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1065.html. Also, only systems running on x86 architecture with AMD processor and SVM virtualization extension enabled are affected.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:1065 https://rhn.redhat.com/errata/RHSA-2011-1065.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5.6.Z - Server Only Via RHSA-2011:1163 https://rhn.redhat.com/errata/RHSA-2011-1163.html