Xen Project 4.6.1

We are pleased to announce the release of Xen 4.6.1. This is available immediately from its git repository 

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.6 (tag RELEASE-4.6.1) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • d77bac5c06: update Xen version to 4.6.1 [Jan Beulich]
  • 19fc53a923: x86/shadow: Fix missing newline in dprintk() [Andrew Cooper]
  • ffb237937a: x86/VPMU: don't allow any non-zero writes to MSR_IA32_PEBS_ENABLE [Boris Ostrovsky]
  • 39d7fde885: x86/VPMU: check more carefully which bits are allowed to be written to MSRs [Boris Ostrovsky]
  • 2b62a5d83b: x86/VPMU: support only versions 2 through 4 of architectural performance monitoring [Boris Ostrovsky]
  • 18593631f2: x86/hvm: make sure stdvga cache cannot be re-enabled [Paul Durrant]
  • 19563a5b9e: xen/arm: Add r1p12 to the list of supported Cadence UARTs [Edgar E. Iglesias]
  • 70ed1226d2: xen/arm: vgic-v2: Implement correctly ITARGETSR0 - ITARGETSR7 read-only [Julien Grall]
  • 93f67ce718: xen/arm: vgic-v2: Report the correct GICC size to the guest [Julien Grall]
  • 00fa9ac155: xen/device-tree: Print the DT path on error in dt_for_each_range [Julien Grall]
  • 1fd615aa01: VT-d: use proper error codes in iommu_enable_x2apic_IR() [Jan Beulich]
  • 5929e25d98: docs: correct descriptions of gnttab_max_{, maptrack}_frames [Ian Campbell]
  • a929bee0e6: x86/vmx: Fix injection of #DB traps following XSA-156 [Andrew Cooper]
  • ef7e1565b7: IOMMU: unhide messages useful for diagnostics [Jan Beulich]
  • 208643f3b7: VT-d: unhide messages needed for diagnosing firmware issues [Jan Beulich]
  • 99e0fb590f: x86/VMX: prevent INVVPID failure due to non-canonical guest address [Jan Beulich]
  • fa109ca507: x86/mm: PV superpage handling lacks sanity checks [Jan Beulich]
  • 6150df9f3f: tools/ocaml/xb: Correct calculations of data/space the ring [Andrew Cooper]
  • ba391da2e7: oxenstored: Quota.merge: don't assume domain already exists [Jonathan Davies]
  • 1d3cc6e62c: Config.mk: update OVMF changeset [Wei Liu]
  • 6c3c6ff9ec: Config.mk: update OVMF changeset [Wei Liu]
  • 828ac175e5: QEMU_TAG update [Ian Jackson]
  • eb32a519f5: x86: make debug output consistent in hvm_set_callback_via [Malcolm Crossley]
  • cdd96b9be5: QEMU_TAG update [Ian Jackson]
  • 33708eee8f: x86/HVM: avoid reading ioreq state more than once [Jan Beulich]
  • 82c5c64eaa: x86: don't leak ST(n)/XMMn values to domains first using them [Jan Beulich]
  • fea8dbb3c3: x86/time: fix domain type check in tsc_set_info() [Haozhong Zhang]
  • 3d2d3d86a8: x86: refine nr_sockets calculation [Jan Beulich]
  • 1a448f836e: VT-d: drop unneeded Ivybridge quirk workaround [Jan Beulich]
  • 8e07a0dc58: evtchn: don't reuse ports that are still "busy" [David Vrabel]
  • 6e59151b50: x86/ept: remove unnecessary sync after resolving misconfigured entries [David Vrabel]
  • d60b3a5d6c: x86/boot: check for not allowed sections before linking [Daniel Kiper]
  • 57817d09bf: x86/VPMU: return correct fixed PMC count [Brendan Gregg]
  • 7dcd82d1aa: x86/VPMU: Initialize VPMU's lvtpc vector [Boris Ostrovsky]
  • 499886c800: x86/vPMU: document as unsupported [Jan Beulich]
  • 880b5f3012: sched: fix locking for insert_vcpu() in credit1 and RTDS [Dario Faggioli]
  • b56ae5b48c: VMX: fix/adjust trap injection [Jan Beulich]
  • 850bcd0f42: memory: fix XSA-158 fix [Jan Beulich]
  • 564c79d48c: QEMU_TAG update [Ian Jackson]
  • 59543a7cc2: libxl: Fix bootloader-related virtual memory leak on pv build failure [Ian Jackson]
  • 2633d57c3a: memory: fix XENMEM_exchange error handling [Jan Beulich]
  • 2ce580f21f: memory: split and tighten maximum order permitted in memops [Jan Beulich]
  • 78833c0425: Config: Switch to unified qemu trees. [Ian Campbell]
  • e3b0c81ba1: x86/HVM: always intercept #AC and #DB [Jan Beulich]
  • a01d1c7ce2: x86/vmx: improvements to vmentry failure handling [Andrew Cooper]
  • 97549e503a: x86/PoD: Make p2m_pod_empty_cache() restartable [Andrew Cooper]
  • 40d7a74548: QEMU_TAG update [Ian Jackson]
  • 56fb5fd623: libxl: adjust PoD target by memory fudge, too [Ian Jackson]
  • bdc9fdf9d4: x86: rate-limit logging in do_xen{oprof,pmu}_op() [Jan Beulich]
  • 429f0cd270: xenoprof: free domain's vcpu array [Jan Beulich]
  • 4a32fbd95a: x86/PoD: Eager sweep for zeroed pages [Andrew Cooper]
  • 2c57108c36: free domain's vcpu array [Jan Beulich]
  • 2d094bd870: x86: guard against undue super page PTE creation [Jan Beulich]
  • df6fa37086: arm: handle races between relinquish_memory and free_domheap_pages [Ian Campbell]
  • b18d995ca3: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP. [Ian Campbell]
  • ea95ecb8bf: arm: Support hypercall_create_continuation for multicall [Julien Grall]
  • 566bfb1a00: x86/PV: don't zero-map LDT [Jan Beulich]
  • e4a1dcbfae: docs: xl.cfg: permissive option is not PV only. [Ian Campbell]
  • 2a5921e557: arm: reduce power use by contented spin locks with WFE/SEV [David Vrabel]
  • 83bd6ba0b5: x86/NUMA: fix SRAT table processor entry parsing and consumption [Jan Beulich]
  • 674c1f884b: x86: hide MWAITX from PV domains [Jan Beulich]
  • 62d9e74a59: build: don't shadow debug with "@debug@" in tools build [Wei Liu]
  • 9aab62a8ad: VT-d: don't suppress invalidation address write when it is zero [Jan Beulich]
  • 60a4665590: x86/PV: properly populate descriptor tables [Jan Beulich]
  • 193aaaaff3: xen/xsm: Make p->policyvers be a local variable (ver) to shut up GCC 5.1.1 warnings. [Konrad Rzeszutek Wilk]
  • be6ce1e2b8: update Xen version to 4.6.1-pre [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:

  • 7457f4be: MSI-X: avoid array overrun upon MSI-X table writes [Jan Beulich]
  • 6ff95ee2: blkif: Avoid double access to src->nr_segments [Stefano Stabellini]
  • 86f50580: xenfb: avoid reading twice the same fields from the shared page [Stefano Stabellini]
  • aaaf657c: net: pcnet: add check to validate receive data size(CVE-2015-7504) [Ian Jackson]
  • bc00cad7: block-vvfat: fix resource leaks in read_directory() [Yunlei Ding]
  • 734b9a8f: block-raw-posix: Fix memory leak in posix_aio_init() [Yunlei Ding]
  • 50c84619: block-nbd: close sock in nbd_open() error path [Yunlei Ding]
  • a979f2dc: ide: don't leak irq array in pci_cmd646_ide_init() [Yunlei Ding]
  • 9da9f805: net: initialize parameters before use in net_socket_fd_init_dgram() [Yunlei Ding]
  • 4fd8feea: virtio-blk: correctly link new request in virtio_blk_load() [Yunlei Ding]
  • 1f9e474f: block-vvfat: fix memory leak in check_directory_consistency() [Kaifeng Zhu]
  • b8b1c0d8: block-vvfat: fix memory/handle leaks in commit_one_file() [Kaifeng Zhu]
  • 6b2a35d2: net: Fix memory/handle leaks in net_socket_listen_init() [Kaifeng Zhu]
  • b1b6594b: net: don't leak an fd after an error [Kaifeng Zhu]
  • 18cb4bf3: hw/ide: fix memory leak from qemu_allocate_irqs() [Kaifeng Zhu]
  • e6af340b: qemu-char: fix memory leak in qemu_char_open_pty() [Kaifeng Zhu]
  • 2c69a0bb: hw/device-hotplug: fix test of drive_add() return [Kaifeng Zhu]
  • ec5080d5: console: Avoid overrunning the dmask arrays [Kaifeng Zhu]
  • 04ffc2f6: block-cow: don't close cow_fd twice on error [Kaifeng Zhu]
  • 1b10783f: readline: fix memory corruption when adding history [Kaifeng Zhu]
  • a4d48935: hw/msmouse.c: Fix deref_after_free and double free [Yunlei Ding]
  • 9b81761b: signal: Don't use uninitalised sival_ptr [Andrew Cooper]
  • c36a4e52: pic: Don't allocate irq buffers [Andrew Cooper]
  • b1f89c26: smbios: Don't allocate smbus eeprom buffer [Andrew Cooper]
  • 79398a27: cmdline: Parse -pciemulation before trying to use it [Kaifeng Zhu]
  • 9589b7b6: dma: fix incorrect bh scheduling [Chunjie Zhu]
  • 56464b49: ide: cancel dma operations on command abort or error [Chunjie Zhu]
  • fd7c9bfa: cirrus_vga: fix division by 0 for color expansion rop [Aurelien Jarno]
  • 8a1e383d: CVE-2014-3615: vbe: rework sanity checks [Andrew Cooper]
  • 3b050c69: CVE-2014-7815: vnc: sanitize bits_per_pixel from the client [Andrew Cooper]
  • 5e4ed9cd: CVE-2014-8106: cirrus: fix blit region check [Andrew Cooper]
  • 3c1e883f: usb-linux.c: fix buffer overflow [Jim Paris]
  • af9e6207: block-vvfat: fix fat_chksum() buffer overrun warning [Andrew Cooper]
  • fb9ee2e1: lm832x: don't overrun file buffer on save/restore [Andrew Cooper]
  • c615d81a: cirrus_vga: default all I/O port reads to 0xff [Andrew Cooper]
  • 835928ed: virtio-blk: initialise unused blkcfg.size_max field [Yunlei Ding]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check http://xenbits.xen.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.6.0 and qemu-xen-4.6.1).

The fixes listed above also include security fixes for XSA-141 to XSA-142, XSA-145 to XSA 153, partial fixes to XSA-155 (please check XSA-155 for all patches), and XSA-156 to XSA-169. Note that XSA-143, XSA-144 and XSA-154 refer to unused XSA numbers or XSA numbers that may be pre-disclosed in future. Also note that XSA-162 has only been applied to qemu-traditional, but has not yet been applied to qemu-upstream.

See http://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.6 stable series to update to this latest point release.


Created Date Friday, 12 February 2016
Modified Date Friday, 07 April 2017

Xen Project Hypervisor 4.6.1

Created Date Friday, 12 February 2016
Modified Date Friday, 07 April 2017

Xen Project Hypervisor 4.6.1 Signature