CVE-2014-5146 CVE-2014-5149
http://xenbits.xen.org/xsa/advisory-97.html
Long latency virtual-mmu operations are not preemptible
Some MMU virtualization operations on HVM guests must process every page assigned to a guest. For larger guests, this can tie up a vcpu for a significant amount of time, as the operations are not preemptible.
MMU相关的操作会花费大量的时间,由于该类操作是不可抢占的,所以很可能造成DoS攻击。
long operation not preemptible
http://xenbits.xen.org/xsa/xsa97-hap-4.4.patch
x86/paging: make log-dirty operations preemptible
Both the freeing and the inspection of the bitmap get done in (nested) loops which have the number of non-trivial iterations they need to perform (indirectly) controllable by both the guest they are for and any domain controlling the guest (including the one running qemu for it).
从patch来看,用了一些原子性操作(e.g., lock, etc.),来使得某些操作变为可抢占。
A malicious HVM guest with a large allocation of shadow/p2m RAM can mount a denial of service attack affecting the whole system.
DoS