CVE-2014-2915
http://xenbits.xen.org/xsa/advisory-93.html
Hardware features unintentionally exposed to guests on ARM
When running on an ARM platform Xen was not correctly configuring the hardware virtualisation platform and therefore did not prevent guests from accessing various hardware features including cache control, coprocessors, debug registers and various processor specific registers.
xen没有对guest VM使用哪些硬件特性进行限制,容易造成host crash。
privilege uncheck (resource abuse)
http://xenbits.xen.org/xsa/xsa93-4.4-06.patch
Debug and performance registers are not properly switched by Xen.
Trap them and inject an undefined instruction, except for those registers which might be unconditionally accessed which we implement as RAZ/WI.
加一些trap的handler。
By accessing these hardware facilities a malicious or buggy guest may be able to cause various issues, including crashing the host, crashing other guests (including control domains) and data corruption.
DoS, data corruption