Supported Xen Project 4.7 Series

Categories

Xen Project 4.7.0

Release Information

The Xen Project 4.7 release incorporates many new features and improvements to existing features.

Documentation

For Xen Project 4.7 documentation see

Contribution Acknowledgements

For a breakdown of contributions to Xen 4.7 check out the Xen Project 4.7 Acknowledgements.

Xen Project 4.7.1

We are pleased to announce the release of Xen 4.7.1. This is available immediately from its git repository 

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.7 (tag RELEASE-4.7.1) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 86f912c: update Xen version to 4.7.1 [Jan Beulich]
  • 5bcf70d: x86: MISALIGNSSE feature depends on SSE [Jan Beulich]
  • 013bced: vscsiif.h: replace PAGE_SIZE with VSCSIIF_PAGE_SIZE [Stefano Stabellini]
  • ebb883c: usbif.h: replace PAGE_SIZE with USBIF_RING_SIZE [Stefano Stabellini]
  • 37fd694: x86/Viridian: don't depend on undefined register state [Jan Beulich]
  • 7bbea96: x86emul: fix pushing of selector registers [Jan Beulich]
  • a91344a: x86/hvm: Clobber %cs.L when LME becomes set [Andrew Cooper]
  • 2b593c9: xen/trace: Fix trace metadata page count calculation (revert fbf96e6) [George Dunlap]
  • 4b323ed: x86: defer not-present segment checks [Jan Beulich]
  • c26fc22: xen: credit1: return the 'time remaining to the limit' as next timeslice. [Dario Faggioli]
  • 3903db1: x86emul: honor guest CR0.TS and CR0.EM [Jan Beulich]
  • 506182e: x86/AMD: apply erratum 665 workaround [Emanuel Czirai]
  • 33c4ba9: x86emul: don't allow null selector for LTR [Jan Beulich]
  • ccae454: x86emul: correct loading of %ss [Jan Beulich]
  • dc57c17: x86/Intel: hide CPUID faulting capability from guests [Jan Beulich]
  • 2d939ee: xen: credit2: properly schedule migration of a running vcpu. [Dario Faggioli]
  • 24a1b18: xen: credit1: fix mask to be used for tickling in Credit1 [Dario Faggioli]
  • 1983d58: x86/domctl: Fix migration of guests which are not using xsave [Andrew Cooper]
  • d515e86: x86/domctl: Fix TOCTOU race with the use of XEN_DOMCTL_getvcpuextstate [Andrew Cooper]
  • a7edbdc: QEMU_TAG update [Ian Jackson]
  • 317eb71: libxl: do not assume Dom0 backend while getting nic info [Marek Marczykowski-Górecki]
  • 7e17174: tools/migrate: Prevent PTE truncation from being fatal duing the live phase [Andrew Cooper]
  • 0e22f29: libxl: fix libxl_device_usbdev_list() [Juergen Gross]
  • b549cbd: libxc: correct max_pfn calculation for saving domain [Juergen Gross]
  • 038aadd: Revert "x86/hvm: Perform a user instruction fetch for a FEP in userspace" [Jan Beulich]
  • 5c816c7: x86/segment: Bounds check accesses to emulation ctxt->seg_reg[] [Andrew Cooper]
  • 129099b: x86/hvm: Perform a user instruction fetch for a FEP in userspace [Andrew Cooper]
  • f515565: hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary [Andrew Cooper]
  • c01565b: VMX: correct feature checks for MPX and XSAVES [Jan Beulich]
  • 0c9b942: x86/shadow: Avoid overflowing sh_ctxt->seg_reg[] [Andrew Cooper]
  • cb3397a: x86/emulate: Correct boundary interactions of emulated instructions [Andrew Cooper]
  • 6825f37: x86/32on64: don't allow recursive page tables from L3 [Jan Beulich]
  • dbeb5da: memory: fix compat handling of XENMEM_access_op [Jan Beulich]
  • 9d2ede8: x86/PV: make PMU MSR handling consistent [Jan Beulich]
  • ba1f4a4: x86: correct PT_NOTE file position [Jan Beulich]
  • 4f610f2: credit1: fix a race when picking initial pCPU for a vCPU [Dario Faggioli]
  • 7743e91: x86/32on64: misc adjustments to call gate emulation [Jan Beulich]
  • 93429d2: x86/levelling: Provide architectural OSXSAVE handling to masked native CPUID [Andrew Cooper]
  • b80d7eb: x86/levelling: Pass a vcpu rather than a domain to ctxt_switch_levelling() [Andrew Cooper]
  • fb87d02: x86/levelling: Restrict non-architectural OSXSAVE handling to emulated CPUID [Andrew Cooper]
  • ed48c80: passthrough: fix a BUG_ON issue [Feng Wu]
  • dbaf2c8: x86/HVM: add guarding logic for VMX specific code [Suravee Suthikulpanit]
  • 80bc435: xen/physmap: Do not permit a guest to populate PoD pages for itself [Andrew Cooper]
  • fd7306f: x86/EFI: don't apply relocations to l{2,3}_bootmap [Jan Beulich]
  • 5b5abe1: page-alloc/x86: don't restrict DMA heap to node 0 [Jan Beulich]
  • 8224649: libxl: return any serial tty path in libxl_console_get_tty [Bob Liu]
  • de781b4: tools/libxc: Properly increment ApicIdCoreSize field on AMD [Boris Ostrovsky]
  • ab75cdf: libxenstat: honour XEN_RUN_DIR [Wei Liu]
  • 78a3010: xl: correct xl cpupool-numa-split with vcpu limited dom0 [Juergen Gross]
  • f2160ba: x86/mmcfg: Fix initalisation of variables in pci_mmcfg_nvidia_mcp55() [Andrew Cooper]
  • 471a151: xen: Remove buggy initial placement algorithm [George Dunlap]
  • c732d3c: xen: Have schedulers revise initial placement [George Dunlap]
  • d37c2b9: x86/EFI + Live Patch: avoid symbol address truncation [Jan Beulich]
  • 899495b: x86/entry: Avoid SMAP violation in compat_create_bounce_frame() [Andrew Cooper]
  • b1ba8c0: x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath [Andrew Cooper]
  • a492556: MAINTAINERS: name stable tree maintainers [Jan Beulich]
  • 22ec349: sched: use default scheduler upon an invalid "sched=" [Dario Faggioli]
  • df39cfa: nested vmx: Validate host VMX MSRs before accessing them [Euan Harris]
  • 11e3c4a: update Xen version to 4.7.1-pre [Jan Beulich]
  • 78c7331: README: Update version to 4.7 (from 4.7.0) [Ian Jackson]

In addition, this release also contains the following fixes to qemu-traditional:

  • 8111145: virtio: error out if guest exceeds virtqueue size [P J P]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.7.0 and qemu-xen-4.7.1).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes. 

XSA Xen qemu-traditional qemu-upstream 
XSA-182 Applied N/A N/A
XSA-183 Applied N/A N/A
XSA-184 N/A Applied Applied
XSA-185 Applied N/A N/A
XSA-186 Applied N/A N/A
XSA-187 Applied N/A N/A
XSA-188 N/A (Xen 4.7 not vulnerable) ... ...
XSA-189 N/A (Unused XSA number) ... ...
XSA-190 Applied N/A N/A


See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.7 stable series to update to this latest point release.

Xen Project 4.7.2

We are pleased to announce the release of Xen 4.7.2. This is available immediately from its git repository 

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.7 (tag RELEASE-4.7.2) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 3905d1e: update Xen version to 4.7.2 [Jan Beulich]
  • 8550b69: xen: fix a (latent) cpupool-related race during domain destroy [Dario Faggioli]
  • 500efc8: QEMU_TAG update [Ian Jackson]
  • 8a9dfe3: VMX: fix VMCS race on context-switch paths [Jan Beulich]
  • 19d4e55: xen/p2m: Fix p2m_flush_table for non-nested cases [George Dunlap]
  • ad19a51: x86/ept: allow write-combining on !mfn_valid() MMIO mappings again [David Woodhouse]
  • 19addfa: xen: credit2: never consider CPUs outside of our cpupool. [Dario Faggioli]
  • d9dec41: x86/VT-x: Dump VMCS on VMLAUNCH/VMRESUME failure [Andrew Cooper]
  • 7583782: IOMMU: always call teardown callback [Oleksandr Tyshchenko]
  • d31a0a2: x86/emulate: don't assume that addr_size == 32 implies protected mode [George Dunlap]
  • 5bc9c62: xen: credit2: fix shutdown/suspend when playing with cpupools. [Dario Faggioli]
  • 1f2fe76: xen: credit2: use the correct scratch cpumask. [Dario Faggioli]
  • 386acdb: x86/hvm: do not set msr_tsc_adjust on hvm_set_guest_tsc_fixed [Joao Martins]
  • 5cadc66: x86: segment attribute handling adjustments [Jan Beulich]
  • 67d0d5e: x86emul: LOCK check adjustments [Jan Beulich]
  • ae3fa02: x86emul: VEX.B is ignored in compatibility mode [Jan Beulich]
  • 88ca94a: x86/xstate: Fix array overrun on hardware with LWP [Andrew Cooper]
  • dc309dd: tools/libxl: libxl_set_memory_target: Fix compile error in backport [Ian Jackson]
  • 013ee59: libxl: fix libxl_set_memory_target [Wei Liu]
  • 5f65c8d: init/FreeBSD: fix incorrect usage of $rc_pids in xendriverdomain [Roger Pau Monne]
  • d2fd4ab: init/FreeBSD: add rc control variables [Roger Pau Monne]
  • 71d99ec: init/FreeBSD: fix xencommons so it can only be launched by Dom0 [Roger Pau Monne]
  • 5cb968a: init/FreeBSD: remove xendriverdomain_precmd [Roger Pau Monne]
  • 8f4b369: init/FreeBSD: set correct PATH for xl devd [Roger Pau Monne]
  • 5da121c: xen/arm: gic-v3: Make sure read from ICC_IAR1_EL1 is visible on the redistributor [Julien Grall]
  • 24dc627: x86/emul: Correct the return value handling of VMFUNC [Andrew Cooper]
  • 6d0af98: x86emul: CMPXCHG16B requires an aligned operand [Jan Beulich]
  • 93daaf9: VT-d: correct dma_msi_set_affinity() [Jan Beulich]
  • 7829149: x86emul: MOVNTI does not allow REP prefixes [Jan Beulich]
  • f4dc0d2: x86/VPMU: clear the overflow status of which counter happened to overflow [Luwei Kang]
  • ff555d5: x86emul: correct PUSHF/POPF [Jan Beulich]
  • fd869a6: libelf: section index 0 is special [Jan Beulich]
  • dca0501: x86emul: CMOVcc always writes its destination [Jan Beulich]
  • 7524025: x86/emul: Don't deliver #UD with an error code [Andrew Cooper]
  • 6d55b3a: x86/SVM: don't deliver #GP without error code [Jan Beulich]
  • 149eb6b: x86/EFI: meet further spec requirements for runtime calls [Jan Beulich]
  • ba5bfeb: x86/svm: Fix svm_nextrip_insn_length() when crossing the virtual boundary to 0 [Andrew Cooper]
  • a94f6d5: x86/traps: Don't call hvm_hypervisor_cpuid_leaf() for PV guests [Andrew Cooper]
  • d651253: x86/vmx: Correct the long mode check in vmx_cpuid_intercept() [Andrew Cooper]
  • 792dda0: x86/svm: Don't clobber eax and edx if an RDMSR intercept fails [Andrew Cooper]
  • dd65186: x86emul: {L,S}{G,I}DT ignore operand size overrides in 64-bit mode [Jan Beulich]
  • 0ad7781: x86/emul: Reject LGDT/LIDT attempts with non-canonical base addresses [Andrew Cooper]
  • 6ddc1f3: x86/emul: Correct the decoding of SReg3 operands [Andrew Cooper]
  • 9f3c555: x86/HVM: add missing NULL check before using VMFUNC hook [Jan Beulich]
  • c2a7cc9: x86: force EFLAGS.IF on when exiting to PV guests [Jan Beulich]
  • c5feb91: x86/emul: Correct the handling of eflags with SYSCALL [Andrew Cooper]
  • 7a71cea: pvgrub: fix crash when booting kernel with p2m list outside kernel mapping [Juergen Gross]
  • e0ea04d: x86emul: CMPXCHG8B ignores operand size prefix [Jan Beulich]
  • 4be57d3: QEMU_TAG update [Ian Jackson]
  • e144f21: QEMU_TAG update [Ian Jackson]
  • 0726cb5: arm32: handle async aborts delivered while at HYP [Wei Chen]
  • 32282af: arm: crash the guest when it traps on external abort [Wei Chen]
  • cf21f0c: arm64: handle async aborts delivered while at EL2 [Wei Chen]
  • a2d232d: arm64: handle guest-generated EL1 asynchronous abort [Wei Chen]
  • 206fc70: pygrub: Properly quote results, when returning them to the caller: [Ian Jackson]
  • a6b0650: x86/svm: fix injection of software interrupts [Andrew Cooper]
  • 98eaf9c: x86/emul: correct the IDT entry calculation in inject_swint() [Andrew Cooper]
  • 1b65a34: x86emul: fix huge bit offset handling [Jan Beulich]
  • 8ce2238: libelf: fix stack memory leak when loading 32 bit symbol tables [Roger Pau Monné]
  • 2cd9fa0: x86/PV: writes of %fs and %gs base MSRs require canonical addresses [Jan Beulich]
  • 42bc34b: x86/HVM: don't load LDTR with VM86 mode attrs during task switch [Jan Beulich]
  • e98e17e: x86/hvm: Fix the handling of non-present segments [Andrew Cooper]
  • 0561a33: update Xen version to 4.7.2-pre [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:

  • 0d5d265: cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo [Gerd Hoffmann]
  • a20cf3a: cirrus: fix oob access issue (CVE-2017-2615) [Li Qiang]
  • 18858e2: qemu: ioport_read, ioport_write: be defensive about 32-bit addresses [Ian Jackson]
  • 02a1797: xen: fix ioreq handling [Jan Beulich]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.7.1 and qemu-xen-4.7.2).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes. 

XSA Xen qemu-traditional qemu-upstream 
XSA-191 Applied N/A N/A
XSA-192 Applied N/A N/A
XSA-193 Applied N/A N/A
XSA-194 Applied N/A N/A
XSA-195 Applied N/A N/A
XSA-196 Applied N/A N/A
XSA-197 N/A Applied Applied
XSA-198 Applied N/A N/A
XSA-199 N/A Applied N/A
XSA-200 Applied N/A N/A
XSA-201 Applied N/A N/A
XSA-202 Applied N/A N/A
XSA-203 Applied N/A N/A
XSA-204 Applied N/A N/A
XSA-205 N/A (Unused XSA number) ... ...
XSA-206 N/A (Reserved XSA number) ... ...
XSA-207 Applied N/A N/A
XSA-208 N/A Applied Applied
XSA-209 N/A Applied Applied


See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.7 stable series to update to this latest point release.