Xen Project 4.6.5

We are pleased to announce the release of Xen 4.6.5. This is available immediately from its git repository 

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.6 (tag RELEASE-4.6.5) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • abb5a12: update Xen version to 4.6.5 [Jan Beulich]
  • e9fbb8e: QEMU_TAG update [Ian Jackson]
  • 35d6d7b: VMX: fix VMCS race on context-switch paths [Jan Beulich]
  • 49097f7: xen/p2m: Fix p2m_flush_table for non-nested cases [George Dunlap]
  • 9207463: x86/ept: allow write-combining on !mfn_valid() MMIO mappings again [David Woodhouse]
  • 746dca5: x86/VT-x: Dump VMCS on VMLAUNCH/VMRESUME failure [Andrew Cooper]
  • 8e04cb2: IOMMU: always call teardown callback [Oleksandr Tyshchenko]
  • 576f319: x86/emulate: don't assume that addr_size == 32 implies protected mode [George Dunlap]
  • 163543a: x86/hvm: do not set msr_tsc_adjust on hvm_set_guest_tsc_fixed [Joao Martins]
  • 5c38a2e: x86: segment attribute handling adjustments [Jan Beulich]
  • d3630ca: x86emul: LOCK check adjustments [Jan Beulich]
  • ae02630: x86emul: VEX.B is ignored in compatibility mode [Jan Beulich]
  • 09f521a: libxl: Revert 3658f7a0bdd8 "libxl: fix libxl_set_memory_target" [Ian Jackson]
  • 3658f7a: libxl: fix libxl_set_memory_target [Wei Liu]
  • ccb36fb: init/FreeBSD: fix incorrect usage of $rc_pids in xendriverdomain [Roger Pau Monne]
  • 2109ae6: init/FreeBSD: add rc control variables [Roger Pau Monne]
  • 2f8bdf1: init/FreeBSD: fix xencommons so it can only be launched by Dom0 [Roger Pau Monne]
  • 1d6ced7: init/FreeBSD: remove xendriverdomain_precmd [Roger Pau Monne]
  • de45d24: init/FreeBSD: set correct PATH for xl devd [Roger Pau Monne]
  • 40837a3: xen/arm: gic-v3: Make sure read from ICC_IAR1_EL1 is visible on the redistributor [Julien Grall]
  • 468a313: x86/emul: Correct the return value handling of VMFUNC [Andrew Cooper]
  • b8da9cd: x86emul: CMPXCHG16B requires an aligned operand [Jan Beulich]
  • 70ee582: VT-d: correct dma_msi_set_affinity() [Jan Beulich]
  • 5331244: x86emul: MOVNTI does not allow REP prefixes [Jan Beulich]
  • ce6048f: x86/VPMU: clear the overflow status of which counter happened to overflow [Luwei Kang]
  • 57a09d7: x86emul: correct PUSHF/POPF [Jan Beulich]
  • 23fc18b: libelf: section index 0 is special [Jan Beulich]
  • e1c3fc3: x86emul: CMOVcc always writes its destination [Jan Beulich]
  • 9784802: x86/vmx: Don't deliver #MC with an error code [Andrew Cooper]
  • f7c3199: x86/emul: Don't deliver #UD with an error code [Andrew Cooper]
  • 49e6fcd: x86/SVM: don't deliver #GP without error code [Jan Beulich]
  • 422575d: x86/EFI: meet further spec requirements for runtime calls [Jan Beulich]
  • fbef3be: x86/svm: Fix svm_nextrip_insn_length() when crossing the virtual boundary to 0 [Andrew Cooper]
  • e87481f: x86/traps: Don't call hvm_hypervisor_cpuid_leaf() for PV guests [Andrew Cooper]
  • cebf5ac: x86/vmx: Correct the long mode check in vmx_cpuid_intercept() [Andrew Cooper]
  • 6af399d: x86/svm: Don't clobber eax and edx if an RDMSR intercept fails [Andrew Cooper]
  • 69baa97: x86emul: {L,S}{G,I}DT ignore operand size overrides in 64-bit mode [Jan Beulich]
  • a240dc0: x86/emul: Reject LGDT/LIDT attempts with non-canonical base addresses [Andrew Cooper]
  • 9b401e4: x86/emul: Correct the decoding of SReg3 operands [Andrew Cooper]
  • 2eb074f: x86/HVM: add missing NULL check before using VMFUNC hook [Jan Beulich]
  • c7f06e4: x86: force EFLAGS.IF on when exiting to PV guests [Jan Beulich]
  • aa281a1: x86/emul: Correct the handling of eflags with SYSCALL [Andrew Cooper]
  • ac699ed: x86emul: CMPXCHG8B ignores operand size prefix [Jan Beulich]
  • 57e3ac3: missing vgic_unlock_rank in gic_remove_irq_from_guest [Stefano Stabellini]
  • 7789292: QEMU_TAG update [Ian Jackson]
  • 62add85: arm64: fix incorrect memory region size in TCR_EL2 [Shanker Donthineni]
  • 22f70a3: QEMU_TAG update [Ian Jackson]
  • 0ba9562: arm32: handle async aborts delivered while at HYP [Wei Chen]
  • 7902dba: arm: crash the guest when it traps on external abort [Wei Chen]
  • 5f85ab0: arm64: handle async aborts delivered while at EL2 [Wei Chen]
  • 7bd27ba: arm64: handle guest-generated EL1 asynchronous abort [Wei Chen]
  • 514173d: pygrub: Properly quote results, when returning them to the caller: [Ian Jackson]
  • a4902ca: x86/svm: fix injection of software interrupts [Andrew Cooper]
  • c03035b: x86/emul: correct the IDT entry calculation in inject_swint() [Andrew Cooper]
  • e0fbb85: x86emul: fix huge bit offset handling [Jan Beulich]
  • fcab9d3: x86/PV: writes of %fs and %gs base MSRs require canonical addresses [Jan Beulich]
  • 46529a1: x86/HVM: don't load LDTR with VM86 mode attrs during task switch [Jan Beulich]
  • ffda122: x86/hvm: Fix the handling of non-present segments [Andrew Cooper]
  • 805bb93: update Xen version to 4.6.5-pre [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:

  • b7e9d39: cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo [Gerd Hoffmann]
  • d036019: cirrus: fix oob access issue (CVE-2017-2615) [Li Qiang]
  • a7fd371: qemu: ioport_read, ioport_write: be defensive about 32-bit addresses [Ian Jackson]
  • 470c00e: xen: fix ioreq handling [Jan Beulich]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.6.4 and qemu-xen-4.6.5).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes. 

XSA Xen qemu-traditional qemu-upstream 
XSA-191 Applied N/A N/A
XSA-192 Applied N/A N/A
XSA-193 Applied N/A N/A
XSA-194 N/A (affects Xen 4.7 only) ... ...
XSA-195 Applied N/A N/A
XSA-196 Applied N/A N/A
XSA-197 N/A Applied Applied
XSA-198 Applied N/A N/A
XSA-199 N/A Applied N/A
XSA-200 Applied N/A N/A
XSA-201 Applied N/A N/A
XSA-202 Applied N/A N/A
XSA-203 Applied N/A N/A
XSA-204 Applied N/A N/A
XSA-205 N/A (Unused XSA number) ... ...
XSA-206 N/A (Reserved XSA number) ... ...
XSA-207 Applied N/A N/A
XSA-208 N/A Applied Applied
XSA-209 N/A Applied Applied

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.6 stable series to update to this latest point release.


Created Date Wednesday, 08 March 2017
Modified Date Friday, 07 April 2017

Xen Project 4.6.5

Created Date Wednesday, 08 March 2017
Modified Date Friday, 07 April 2017

Xen Project 4.6.5 Signature