Xen Project 4.5.5

We are pleased to announce the release of Xen 4.5.5. This is available immediately from its git repository 

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.5 (tag RELEASE-4.5.5) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • e4ae4b0: update Xen version to 4.5.5 [Jan Beulich]
  • 22857ab: update Xen version to 4.5.4 [Jan Beulich]
  • c18dfbb: Revert "x86/hvm: Perform a user instruction fetch for a FEP in userspace" [Jan Beulich]
  • 9edce7c: x86/segment: Bounds check accesses to emulation ctxt->seg_reg[] [Andrew Cooper]
  • 9555949: x86/hvm: Perform a user instruction fetch for a FEP in userspace [Andrew Cooper]
  • 57e7172: hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary [Andrew Cooper]
  • 11c0462: VMX: correct feature checks for MPX [Jan Beulich]
  • 433ebca: x86/shadow: Avoid overflowing sh_ctxt->seg_reg[] [Andrew Cooper]
  • bc9f72b: x86/emulate: Correct boundary interactions of emulated instructions [Andrew Cooper]
  • ec88876: x86/32on64: don't allow recursive page tables from L3 [Jan Beulich]
  • d50078b: memory: fix compat handling of XENMEM_access_op [Jan Beulich]
  • 42ea059: credit1: fix a race when picking initial pCPU for a vCPU [Dario Faggioli]
  • 9e06b02: x86/32on64: misc adjustments to call gate emulation [Jan Beulich]
  • e824aae: xen: Remove buggy initial placement algorithm [George Dunlap]
  • 2e56416: xen: Have schedulers revise initial placement [George Dunlap]
  • cda8e7e: sched: better handle (not) inserting idle vCPUs in runqueues [Dario Faggioli]
  • 462f714: xen/physmap: Do not permit a guest to populate PoD pages for itself [Andrew Cooper]
  • de1d9ea: page-alloc/x86: don't restrict DMA heap to node 0 [Jan Beulich]
  • 2ad058e: libxl: return any serial tty path in libxl_console_get_tty [Bob Liu]
  • 50a4501: tools/libxc: Properly increment ApicIdCoreSize field on AMD [Boris Ostrovsky]
  • 8ca7cf8: libxenvchan: Change license of header from Lesser GPL v2.1 to BSD [Konrad Rzeszutek Wilk]
  • 9eb11dc: xl: correct xl cpupool-numa-split with vcpu limited dom0 [Juergen Gross]
  • e86a6fb: configure: Fix when no libsystemd compat lib are available [Anthony PERARD]
  • 08313b4: Revert "xen: Have schedulers revise initial placement" [Jan Beulich]
  • 0fc8aab: Revert "xen: Remove buggy initial placement algorithm" [Jan Beulich]
  • c18c145: x86/mmcfg: Fix initalisation of variables in pci_mmcfg_nvidia_mcp55() [Andrew Cooper]
  • 505ad3a: xen: Remove buggy initial placement algorithm [George Dunlap]
  • c421378: xen: Have schedulers revise initial placement [George Dunlap]
  • b1f4e86: nested vmx: Validate host VMX MSRs before accessing them [Euan Harris]
  • cfcdeea: serial: fix incorrect length of strncmp for dtuart [Jiandi An]
  • c4c0312: x86/entry: Avoid SMAP violation in compat_create_bounce_frame() [Andrew Cooper]
  • 467f77d: x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath [Andrew Cooper]
  • eadd663: QEMU_UPSTREAM_REVISION update [Ian Jackson]
  • 818d58d: public: typo: use ' as apostrophe in grant_table.h [Dario Faggioli]
  • 071d2e3: QEMU_TAG update [Ian Jackson]
  • 44a703d: libxl: set XEN_QEMU_CONSOLE_LIMIT for QEMU [Wei Liu]
  • 6d27298: libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename [Ian Jackson]
  • 6338746: QEMU_TAG update [Ian Jackson]
  • df9c5c4: libxl: keep PoD target adjustment by memory fudge after reload_domain_config() [Vitaly Kuznetsov]
  • d8ac67e: libxl: Document ~/serial/ correctly [Ian Jackson]
  • 509ae90: libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be [Ian Jackson]
  • 3675172: libxl: Cleanup: Have libxl__alloc_vdev use /libxl [Ian Jackson]
  • 8df6d98: libxl: Do not trust backend in channel list [Ian Jackson]
  • 1a75ae1: libxl: Do not trust backend for nic in list [Ian Jackson]
  • 6925b22: libxl: Do not trust backend for nic in devid_to_device [Ian Jackson]
  • 517d1d8: libxl: Do not trust backend in nic getinfo [Ian Jackson]
  • 31be4b9: libxl: Have READ_LIBXLDEV use libxl_path rather than be_path [Ian Jackson]
  • bbbe635: libxl: Rename READ_BACKEND to READ_LIBXLDEV [Ian Jackson]
  • 382ed2f: libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore [Ian Jackson]
  • c9b8314: libxl: Do not trust backend for channel in getinfo [Ian Jackson]
  • 3a3c8b2: libxl: Do not trust backend for cdrom insert [Ian Jackson]
  • 2614f9a: libxl: Do not trust backend for disk in getinfo [Ian Jackson]
  • a81a94d: libxl: Do not trust backend for disk; fix driver domain disks list [Ian Jackson]
  • c7e9c4b: libxl: Do not trust backend for disk eject vdev [Ian Jackson]
  • 2388be0: libxl: cdrom eject and insert: write to /libxl [Ian Jackson]
  • 2cd66e8: libxl: Do not trust backend for vtpm in getinfo (uuid) [Ian Jackson]
  • eaf75a3: libxl: Do not trust backend for vtpm in getinfo (except uuid) [Ian Jackson]
  • 840a49a: libxl: Do not trust backend in libxl__device_exists [Ian Jackson]
  • 27874bc: libxl: Make copy of every xs backend in /libxl in _generic_add [Ian Jackson]
  • 6265a6f: libxl: Do not trust frontend for channel in getinfo [Ian Jackson]
  • e08efef: libxl: Do not trust frontend for channel in list [Ian Jackson]
  • 1c44339: libxl: Do not trust frontend for nic in getinfo [Ian Jackson]
  • a848f24: libxl: Do not trust frontend for nic in libxl_devid_to_device_nic [Ian Jackson]
  • ec5591d: libxl: Do not trust frontend for vtpm in getinfo [Ian Jackson]
  • cc0376e: libxl: Do not trust frontend for vtpm list [Ian Jackson]
  • f9d0a2c: libxl: Do not trust frontend for disk in getinfo [Ian Jackson]
  • f058444: libxl: Do not trust frontend for disk eject event [Ian Jackson]
  • 24f5f12: libxl: Do not trust frontend in libxl__device_nextid [Ian Jackson]
  • 16cb1fb: libxl: Do not trust frontend in libxl__devices_destroy [Ian Jackson]
  • 2aef428: libxl: Provide libxl__backendpath_parse_domid [Ian Jackson]
  • 2978e1a: libxl: Record backend/frontend paths in /libxl/$DOMID [Ian Jackson]
  • 8c4b403: xen/arm: Don't free p2m->root in p2m_teardown() before it has been allocated [Andrew Cooper]
  • 524a93d: sched: avoid races on time values read from NOW() [Dario Faggioli]
  • 8549385: x86emul: suppress writeback upon unsuccessful MMX/SSE/AVX insn emulation [Jan Beulich]
  • b1c94bd: xen/nested_p2m: Don't walk EPT tables with a regular PT walker [Andrew Cooper]
  • 644aa81: x86/PoD: skip eager reclaim when possible [Jan Beulich]
  • e5fa482: IOMMU/x86: per-domain control structure is not HVM-specific [Jan Beulich]
  • 8d1e559: x86: use optimal NOPs to fill the SMEP/SMAP placeholders [Jan Beulich]
  • f332597: x86: suppress SMEP and SMAP while running 32-bit PV guest code [Jan Beulich]
  • c790220: x86: move cached CR4 value to struct cpu_info [Jan Beulich]
  • 49fe83a: x86/alternatives: correct near branch check [Jan Beulich]
  • a67e0f1: x86/P2M: consolidate handling of types not requiring a valid MFN [Jan Beulich]
  • ffda547: xen/arm: p2m: Release the p2m lock before undoing the mappings [Julien Grall]
  • d4d3739: xen/arm: p2m: apply_p2m_changes: Do not undo more than necessary [Julien Grall]
  • facf156: libxl: fix old style declarations [Wei Liu]
  • 62e8902: x86/mm: fully honor PS bits in guest page table walks [Jan Beulich]
  • 4065709: xen/arm64: ensure that the correct SP is used for exceptions [Kyle J. Temkin]
  • d19f941: arm: Fix asynchronous aborts (SError exceptions) due to bogus PTEs [Vikram Sethi]
  • c0bb033: xen/arm: Force broadcast of TLB and instruction cache maintenance instructions [Julien Grall]
  • 1334fa9: Update QEMU_UPSTREAM_REVISION [Ian Jackson]
  • 478ad3f: QEMU_TAG update [Ian Jackson]
  • 2c438f8: QEMU_TAG update [Ian Jackson]
  • 2bc9bd9: libxc: fix usage of uninitialized variable [Roger Pau Monne]
  • 350eb39: libxl: handle error from libxl__need_xenpv_qemu() correctly [Juergen Gross]
  • 065b134: x86/shadow: account for ioreq server pages before complaining about not found mapping [Jan Beulich]
  • f9cc40e: x86/time: fix gtime_to_gtsc for vtsc=1 PV guests [Jan Beulich]
  • becb125a: unmodified_drivers: enable use of register_oldmem_pfn_is_ram() API [Mike Meyer Mon Apr 4 15:02:59 2016 +0200]
  • 0aabc28: x86/HVM: fix forwarding of internally cached requests [Jan Beulich]
  • 12acca5: x86/fpu: improve check for XSAVE* not writing FIP/FDP fields [David Vrabel]
  • 9945f62: x86/hvm: add HVM_PARAM_X87_FIP_WIDTH [David Vrabel]
  • 38eee32: x86/fpu: add a per-domain field to set the width of FIP/FDP [David Vrabel]
  • c70ab64: x86: limit GFNs to 32 bits for shadowed superpages. [Tim Deegan]
  • 1f92bdb: x86: fix information leak on AMD CPUs [Jan Beulich]
  • 7eb2fae: update Xen version to 4.5.4-pre [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:

  • 28c2138: main loop: Big hammer to fix logfile disk DoS in Xen setups [Ian Jackson]
  • e11b0e3: Fix build with newer version of GNUTLS [Wei Liu]
  • f1cfdc3: rtl8139: check TCP Data Offset field [Stefan Hajnoczi]
  • ebb3779: rtl8139: skip offload on short TCP header [Stefan Hajnoczi]
  • dbc7093: rtl8139: check IP Total Length field [Stefan Hajnoczi]
  • a9e97f6: rtl8139: check IP Header Length field [Stefan Hajnoczi]
  • 354c70a: rtl8139: skip offload on short Ethernet/IP header [Stefan Hajnoczi]
  • e10db6a: rtl8139: drop tautologous if (ip) {...} statement [Stefan Hajnoczi]
  • 6a9ffb9: rtl8139: avoid nested ifs in IP header parsing [Stefan Hajnoczi]
  • 6fe8ced: vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). [Gerd Hoffmann]
  • 4cdbfab: vga: update vga register setup on vbe changes [Gerd Hoffmann]
  • ee152b7: vga: factor out vga register setup [Gerd Hoffmann]
  • 3040124: vga: add vbe_enabled() helper [Gerd Hoffmann]
  • 0c035e0: vga: fix banked access bounds checking (CVE-2016-3710) [Gerd Hoffmann]
  • 6e39ebb: CVE-2014-3615: vbe: rework sanity checks [Andrew Cooper]
  • f37beb1: CVE-2014-7815: vnc: sanitize bits_per_pixel from the client [Andrew Cooper]
  • 1c7a501: CVE-2014-8106: cirrus: fix blit region check [Andrew Cooper]
  • cb6319f: usb-linux.c: fix buffer overflow [Jim Paris]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.5.3 and qemu-xen-4.5.5).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes. 

XSA Xen qemu-traditional qemu-upstream 
XSA-171 N/A (XSA applies to Linux only)......
Applied N/A N/A
XSA-173 Applied N/A N/A
XSA-174 N/A (XSA applies to Linux only)......
XSA-175 Applied N/A N/A
XSA-176 Applied N/A N/A
XSA-177 N/A (unused XSA number)......
XSA-178 Applied N/A N/A
XSA-179 N/A Applied Applied
XSA-180 N/A Applied Applied, however only to qemu-xen.git, which is shipped with this release. The fix is not in git.qemu.org/qemu.git
XSA-181 Applied N/A N/A
XSA-182 Applied N/A N/A
XSA-183 Applied N/A N/A
XSA-184 N/A This XSA has not been applied due to an oversight. The XSA is a minor issue that does not affect default configurations. Applied
XSA-185 Applied N/A N/A
XSA-186 Applied N/A N/A
XSA-187 Applied N/A N/A
XSA-188 N/A (Xen 4.5 not vulnerable)......

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.5 stable series to update to this latest point release.


Created Date Tuesday, 20 September 2016
Modified Date Friday, 07 April 2017

Xen Project Hypervisor 4.5.5 Signature

Created Date Tuesday, 20 September 2016
Modified Date Friday, 07 April 2017

Xen Project Hypervisor 4.5.5