Xen Project 4.5.2

We are pleased to announce the release of Xen 4.5.2. This is available immediately from its git repository

http://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.5 (tag RELEASE-4.5.2) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • e0a36c0: update Xen version to 4.5.2 [Jan Beulich]
  • 423d2cd: libxl: adjust PoD target by memory fudge, too [Ian Jackson]
  • d3063bb: x86: rate-limit logging in do_xen{oprof,pmu}_op() [Jan Beulich]
  • 8dbbba7: xenoprof: free domain's vcpu array [Jan Beulich]
  • 0b12f70: x86/PoD: Eager sweep for zeroed pages [Andrew Cooper]
  • fd4d3cf: free domain's vcpu array [Jan Beulich]
  • d2fa0ee: x86: guard against undue super page PTE creation [Jan Beulich]
  • b6ee626: arm: handle races between relinquish_memory and free_domheap_pages [Ian Campbell]
  • 659e934: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP. [Ian Campbell]
  • 41dd3b8: arm: Support hypercall_create_continuation for multicall [Julien Grall]
  • 47db4b0: Revert "libxl: use correct command line for arm guests." [Ian Jackson]
  • a5d0480: tools/libxc: arm: Check the index before accessing the bank [Julien Grall]
  • 9befcd3: libxl: use correct command line for arm guests. [Ian Campbell]
  • 53c11b0: x86/NUMA: fix SRAT table processor entry parsing and consumption [Jan Beulich]
  • 0368463: x86: hide MWAITX from PV domains [Jan Beulich]
  • a262a89: VT-d: don't suppress invalidation address write when it is zero [Jan Beulich]
  • 80e9f56: docs: xl.cfg: permissive option is not PV only. [Ian Campbell]
  • 5461ad2: tools: libxl: allow permissive qemu-upstream pci passthrough. [Ian Campbell]
  • db0f474: x86/p2m-pt: tighten conditions of IOMMU mapping updates [Jan Beulich]
  • 2b58d7b: credit1: fix tickling when it happens from a remote pCPU [Dario Faggioli]
  • 887da2b: x86/p2m-pt: ignore pt-share flag for shadow mode guests [Jan Beulich]
  • e4e18ec: x86/p2m-pt: delay freeing of intermediate page tables [Jan Beulich]
  • dde2414: x86/EPT: tighten conditions of IOMMU mapping updates [Jan Beulich]
  • b6e40c9: vt-d: fix IM bit mask and unmask of Fault Event Control Register [Quan Xu]
  • d3d476f: xen/xsm: Make p->policyvers be a local variable (ver) to shut up GCC 5.1.1 warnings. [Konrad Rzeszutek Wilk]
  • 0297baf: xen/arm: vgic-v2: Map the GIC virtual CPU interface with the correct size [Julien Grall]
  • 9b147f9: xen/arm: vgic: Correctly emulate write when byte is used [Julien Grall]
  • f72ab69: xen: arm: bootfdt: Avoid reading off the front of *_cells array [Ian Campbell]
  • c562986: xen: arm: always omit guest user stack in vcpu_show_execution_state [Ian Campbell]
  • 12cc60d: xen: arm: handle accesses to CNTP_CVAL_EL0 [Ian Campbell]
  • 2b0d371: xen: arm: correctly handle vtimer traps from userspace [Ian Campbell]
  • 9bed918: x86/sysctl: don't clobber memory if NCAPINTS > ARRAY_SIZE(pi->hw_cap) [Andrew Cooper]
  • bda02ca: x86/MSI: fail if no hardware support [Jan Beulich]
  • 33562a4: x86/p2m: fix mismatched unlock [Jan Beulich]
  • fe84222: x86/hvm: fix saved pmtimer and hpet values [Kouya Shimura]
  • bfa874d: efi: introduce efi_arch_flush_dcache_area [Stefano Stabellini]
  • 0619913: libxl: handle read-only drives with qemu-xen [Stefano Stabellini]
  • bbbd29a: libxl: Increase device model startup timeout to 1min. [Anthony PERARD]
  • ffb4e63: xl: correct handling of extra_config in main_cpupoolcreate [Wei Liu]
  • 2049db3: QEMU_TAG update [Ian Jackson]
  • 0b6e02b: x86/NUMA: make init_node_heap() respect Xen heap limit [Jan Beulich]
  • ef372ac: x86/NUMA: don't account hotplug regions [Jan Beulich]
  • 8bdfe14: x86/NUMA: fix setup_node() [Jan Beulich]
  • 8933ed4: IOMMU: skip domains without page tables when dumping [Jan Beulich]
  • d461923: x86/IO-APIC: don't create pIRQ mapping from masked RTE [Jan Beulich]
  • 5b71988: x86, amd_ucode: skip microcode updates for final levels [Aravind Gopalakrishnan]
  • fabd2cf: mm: populate_physmap: validate correctly the gfn for direct mapped domain [Julien Grall]
  • 9e6379e: x86/mm: Make {hap, shadow}_teardown() preemptible [Anshul Makkar]
  • 12afed3: x86/gdt: Drop write-only, xalloc()'d array from set_gdt() [Andrew Cooper]
  • ef89dc8: xen/arm: mm: Do not dump the p2m when mapping a foreign gfn [Julien Grall]
  • 7f7642f: libxl: poll: Avoid fd deregistration race POLLNVAL crash [Ian Jackson]
  • 9f6f513: libxl: poll: Use poller_get and poller_put for poller_app [Ian Jackson]
  • 8c40913: libxl: poll: Make libxl__poller_get have only one success return path [Ian Jackson]
  • 9a4c625: tools: libxl: Handle failure to create qemu dm logfile [Ian Campbell]
  • 6040b3a: xl: Sane handling of extra config file arguments [Ian Jackson]
  • 7ac1a26: QEMU_TAG update [Ian Jackson]
  • 07249f4: Config.mk: update in-tree OVMF changeset [Wei Liu]
  • 666b80f: dmar: device scope mem leak fix [Elena Ufimtseva]
  • aa885a0: make rangeset_report_ranges() report all ranges [Jan Beulich]
  • cf423e9: xen: earlycpio: Pull in latest linux earlycpio.[ch] [Ian Campbell]
  • 8c16642: x86/hvmloader: avoid data corruption with xenstore reads/writes [Andrew Cooper]
  • 7b1a3be: credit1: properly deal with pCPUs not in any cpupool [Dario Faggioli]
  • de8b550: x86 / cpupool: clear the proper cpu_valid bit on pCPU teardown [Dario Faggioli]
  • 4b0782f: x86/p2m-ept: don't unmap the EPT pagetable while it is still in use [Andrew Cooper]
  • 96289ee: nested EPT: fix the handling of nested EPT [Liang Li]
  • 36a7c54: x86/traps: avoid using current too early on boot [Andrew Cooper]
  • d906add: x86: avoid tripping watchdog when constructing dom0 [Ross Lagerwall]
  • 4ef8635: x86/EFI: adjust EFI_MEMORY_WP handling for spec version 2.5 [Jan Beulich]
  • b30aee4: kexec: add more pages to v1 environment [Jan Beulich]
  • b92d571: x86/debugger: use copy_to/from_guest() in dbg_rw_guest_mem() [Andrew Cooper]
  • 3e7e487: passthrough/amd: avoid reading an uninitialized variable [Tim Deegan]
  • c4d7b91: x86/traps: identify the vcpu in context when dumping registers [Andrew Cooper]
  • e3bd3ce: QEMU_TAG update [Ian Jackson]
  • 031ab7f: update Xen version to 4.5.2-pre [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:

  • dfe880e: vnc: limit client_cut_text msg payload size [Peter Lieven]
  • 327319a: ide: Clear DRQ after handling all expected accesses [Kevin Wolf]
  • 8ded5f4: ide: Check array bounds before writing to io_buffer (CVE-2015-5154) [Kevin Wolf]
  • 9f94419: pcnet: force the buffer access to be in bounds during tx [Petr Matousek]
  • bb42407: pcnet: fix Negative array index read [Gonglei]

This release also contains the security fixes for XSA-137XSA-138XSA-141 to XSA-153. XSA-139 and XSA-140 only apply to QEMU Upstream and are fixed from versions 2.3.1 and 2.4.0 of QEMU. The qemu portion of XSA-135 has also been applied to qemu-traditional.

See http://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.5 stable series to update to this first point release.

Hardware related Security Risks:

For CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) we are told that the workaround is now completely implemented for server CPUs/chipsets (thanks to newer CPUs/chipsets addressing the underlying hardware issue). For all desktop and mobile CPUs/chipsets which are currently known to be affected by XSA-59 the necessary workaround has been implemented. However, we expect to extend the workaround for upcoming hardware variants where the underlying hardware issue is not yet addressed.

XSA-124 documents security risks of non-standard PCI device functionality that cannot be addressed in software.

Documents

Created Date Wednesday, 04 November 2015
Modified Date Friday, 07 April 2017

Xen Project Hypervisor 4.5.2

Created Date Wednesday, 04 November 2015
Modified Date Friday, 07 April 2017

Xen Project Hypervisor 4.5.2 Signature