Xen Project 4.6.4
We are pleased to announce the release of Xen 4.6.4. This is available immediately from its git repository
https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.6 (tag RELEASE-4.6.4) or from this download page
This release contains the following bug-fixes and improvements in the Xen Project hypervisor:
- fa062b2: update Xen version to 4.6.4 [Jan Beulich]
- 03da413: vscsiif.h: replace PAGE_SIZE with VSCSIIF_PAGE_SIZE [Stefano Stabellini]
- b7b9911: usbif.h: replace PAGE_SIZE with USBIF_RING_SIZE [Stefano Stabellini]
- d60a422: x86/Viridian: don’t depend on undefined register state [Jan Beulich]
- d2b7b92: x86emul: fix pushing of selector registers [Jan Beulich]
- cadd37e: x86/hvm: Clobber %cs.L when LME becomes set [Andrew Cooper]
- ebc5d6e: xen/trace: Fix trace metadata page count calculation (revert fbf96e6) [George Dunlap]
- ce904f6: x86: defer not-present segment checks [Jan Beulich]
- 92848cf: xen: credit1: return the ‘time remaining to the limit’ as next timeslice. [Dario Faggioli]
- 4b41252: x86emul: honor guest CR0.TS and CR0.EM [Jan Beulich]
- ef005cc: x86/AMD: apply erratum 665 workaround [Emanuel Czirai]
- e6f8bfb: x86emul: don’t allow null selector for LTR [Jan Beulich]
- a4badfa: x86emul: correct loading of %ss [Jan Beulich]
- d75fe0d: x86/Intel: hide CPUID faulting capability from guests [Jan Beulich]
- 223835f: xen: credit2: properly schedule migration of a running vcpu. [Dario Faggioli]
- 4511619: xen: credit1: fix mask to be used for tickling in Credit1 [Dario Faggioli]
- 8861999: x86/domctl: Fix TOCTOU race with the use of XEN_DOMCTL_getvcpuextstate [Andrew Cooper]
- 245fa11: QEMU_TAG update [Ian Jackson]
- 57dbc55: libxl: do not assume Dom0 backend while getting nic info [Marek Marczykowski-Górecki]
- cc977b7: tools/migrate: Prevent PTE truncation from being fatal duing the live phase [Andrew Cooper]
- 3cffa34: Revert “x86/hvm: Perform a user instruction fetch for a FEP in userspace” [Jan Beulich]
- 6b5bb50: x86/segment: Bounds check accesses to emulation ctxt->seg_reg[] [Andrew Cooper]
- c3b06b0: x86/hvm: Perform a user instruction fetch for a FEP in userspace [Andrew Cooper]
- 7c86320: hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary [Andrew Cooper]
- 9d819be: VMX: correct feature checks for MPX [Jan Beulich]
- 26352b6: x86/shadow: Avoid overflowing sh_ctxt->seg_reg[] [Andrew Cooper]
- be8c32a: x86/emulate: Correct boundary interactions of emulated instructions [Andrew Cooper]
- f984f6e: x86/32on64: don’t allow recursive page tables from L3 [Jan Beulich]
- 4627e5e: memory: fix compat handling of XENMEM_access_op [Jan Beulich]
- 1663655: x86/PV: make PMU MSR handling consistent [Jan Beulich]
- 5bb458b: credit1: fix a race when picking initial pCPU for a vCPU [Dario Faggioli]
- 40592ed: x86/32on64: misc adjustments to call gate emulation [Jan Beulich]
- 0d9c05d: xen: Remove buggy initial placement algorithm [George Dunlap]
- a149a6e: xen: Have schedulers revise initial placement [George Dunlap]
- 4260eef: sched: better handle (not) inserting idle vCPUs in runqueues [Dario Faggioli]
- a00a0f9: xen/physmap: Do not permit a guest to populate PoD pages for itself [Andrew Cooper]
- 4f78b27: page-alloc/x86: don’t restrict DMA heap to node 0 [Jan Beulich]
- e06d2ba: libxl: return any serial tty path in libxl_console_get_tty [Bob Liu]
- 0e94436: tools/libxc: Properly increment ApicIdCoreSize field on AMD [Boris Ostrovsky]
- 77a9be9: libxenstat: honour XEN_RUN_DIR [Wei Liu]
- 29e5892: libxenvchan: Change license of header from Lesser GPL v2.1 to BSD [Konrad Rzeszutek Wilk]
- f8972b4: xl: correct xl cpupool-numa-split with vcpu limited dom0 [Juergen Gross]
- 2c11229: configure: Fix when no libsystemd compat lib are available [Anthony PERARD]
- 55292d3: update Xen version to 4.6.4-pre [Jan Beulich]
- 83dff39: Revert “xen: Have schedulers revise initial placement” [Jan Beulich]
- 4282362: Revert “xen: Remove buggy initial placement algorithm” [Jan Beulich]
- ff49c27: x86/mmcfg: Fix initalisation of variables in pci_mmcfg_nvidia_mcp55() [Andrew Cooper]
- 715242a: xen: Remove buggy initial placement algorithm [George Dunlap]
- 477080f: xen: Have schedulers revise initial placement [George Dunlap]
- ec712ba: nested vmx: Validate host VMX MSRs before accessing them [Euan Harris]
- 6fd1c8e: nested vmx: intercept guest rdmsr for MSR_IA32_VMX_VMFUNC [Euan Harris]
- 0905c2a: serial: fix incorrect length of strncmp for dtuart [Jiandi An]
- 625c3e4: xen/arm: p2m: Restrict usage of get_page_from_gva to the current vCPU [Julien Grall]
- ad0e68e: xen/arm: p2m: Pass the vCPU in parameter to get_page_from_gva [Julien Grall]
- db42305: xen/arm: system: Use the correct parameter name in local_irq_restore [Julien Grall]
- dfe85d3: x86/entry: Avoid SMAP violation in compat_create_bounce_frame() [Andrew Cooper]
- eac595f: x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath [Andrew Cooper]
In addition, this release also contains the following fixes to qemu-traditional:
- cff044b: virtio: error out if guest exceeds virtqueue size [P J P]
This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.6.3 and qemu-xen-4.6.4).
This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.
| XSA | Xen | qemu-traditional | qemu-upstream |
|---|---|---|---|
| XSA-182 | Applied | N/A | N/A |
| XSA-183 | Applied | N/A | N/A |
| XSA-184 | N/A | Applied | Applied |
| XSA-185 | Applied | N/A | N/A |
| XSA-186 | Applied | N/A | N/A |
| XSA-187 | N/A (Xen 4.6 not vulnerable) | ... | ... |
| XSA-188 | N/A (Unused XSA number) | ... | ... |
| XSA-189 | Applied | N/A | N/A |
| XSA-190 | Applied | N/A | N/A |
We recommend all users of the 4.6 stable series to update to this latest point release.