long latency MMIO mapping operations are not preemptible

The XEN_DOMCTL_memory_mapping hypercall allows long running operations without implementing preemption.

This hypercall is used by the device model as part of the emulation associated with configuration of PCI devices passed through to HVM guests and is therefore indirectly exposed to those guests.

This can cause a physical CPU to become busy for a significant period, leading to a host denial of service in some cases.

If a host denial of service is not triggered then it may instead be possible to deny service to the domain running the device model, e.g. domain 0.

XEN_DOMCTL_memory_mapping hypercall会花很长时间,同时不会被抢占,因此会造成host或者dom0的DoS攻击

long operation no preemptible



Said hypercall for large BARs can take quite a while. As such we can require that the hypercall MUST break up the request in smaller values.

Another approach is to add preemption to it - whether we do the preemption using hypercall_create_continuation or returning EAGAIN to userspace (and have it re-invocate the call)


The vulnerability is exposed via HVM guests which have a PCI device assigned to them. A malicious HVM guest in such a configuration can mount a denial of service attack affecting the whole system via its associated device model (qemu-dm).

A guest is able to trigger this hypercall via operations which it is legitimately expected to perform.

DoS: host or dom0