Lock order reversal between page_alloc_lock and mm_rwlock

ISSUE DESCRIPTION

The locks page_alloc_lock and mm_rwlock are not always taken in the same order. This raises the possibility of deadlock.
The incorrect order occurs only in the implementation of the deprecated domctl hypercall XEN_DOMCTL_getmemlist.

IMPACT

A malicious guest administrator may be able to deny service to the entire host.

VULNERABLE SYSTEMS

Xen 3.4.x and later are vulnerable. Xen 3.3.x and earlier are not vulnerable.
Only systems where a privileged domain frequently or predictably uses XEN_DOMCTL_getmemlist are vulnerable. (Its use by manually invoked debugging and stress testing tools is not a security problem.)
We are not aware of any toolstack software which has relevant (and hence vulnerable) uses of this hypercall. xend, libxl, xapi and libvirt are known not to do so.
We are therefore not aware of any deployed Xen-based systems which are vulnerable. We are issuing this advisory primarily for the benefit of any Xen-derived systems using unusual toolstack software.