Software update: Xen 4.10.1

Spread the love

Xen is a baremetal hypervisor for the x86 and ARMv7 / v8 platform, and allows several operating systems to run simultaneously on one system without drastically affecting performance. For more information about Xen and its community, we refer to this and this page. At the moment only Linux, NetBSD and FreeBSD are supported as host systems, but they are busy also fully supporting other operating systems. The developers have released version 4.10.1 with the following announcement:

Xen Project 4.10.1
We are pleased to announce the release of Xen 4.10.1. This is available immediately from its git repository https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.10 (tag RELEASE-4.10.1) or from this download page. This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 99e50001be: update Xen version to 4.10.1
  • c30ab3d97c: SUPPORT.md: Add missing support lifetime information
  • 5f6000a985: adapt SUPPORT.md to match 4.11
  • f9e1bddbc8: SUPPORT.md: Fix a typo
  • 3614c7d949: SUPPORT.md: Document the new text ordering rule
  • 6f8e8bae87: SUPPORT.md: Move descriptions up before Status info
  • 2e02212848: docs / Makefile: Format SUPPORT.md into the toplevel
  • 73c8c2c211 : docs / Makefile: Introduce GENERATE_PANDOC_RULE_RAW
  • c07d2195b0: docs / gen-html-index: Support documents at the top level
  • 0609dd1c5e: docs / gen-html-index: Extract titles from HTML documents
  • a3459c741e: SUPPORT. md: Syntax: Provide a title rather than a spurious empty section
  • de3ccf0790: SUPPORT.md: Syntax: Fix a typo “States”
  • f7a7eeac29: SUPPORT.md: Syntax: Fix some bullet lists
  • cba8690ea8: x86: fix slow int80 path after XPTI additions
  • d27de97cd1: libxl: Specify format of inserted c drom
  • 656c14780c: x86 / msr: Correct the emulation behavior or MSR_PRED_CMD
  • 8d37ee1d10: x86 / VT-x: Fix determination of EFER.LMA in vmcs_dump_vcpu ()
  • 696b24dfe1: x86 / HVM: suppress I / O completion for port output
  • 41015e7945: x86 / pv: Fix up erroneous segments for 32bit syscall entry
  • 4f12a18bc2: x86 / XPTI: reduce .text.entry
  • 649e617335: x86: log XPTI enabled status
  • bd26592fdf : x86: disable XPTI when RDCL_NO
  • afece29fe9: x86 / pv: Fix the handing of writes to% dr7
  • 2e34343fb2: xen / arm: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
  • d9756ca980: xen / arm: vpsci: Rework the logic to start AArch32 vCPU in Thumb mode
  • e2ee191d3d: xen / arm: vpsci: Introduce and use PSCI_INVALID_ADDRESS
  • 2efc116c68: xen / arm: psci: Consolidate PSCI version print
  • 51742fbc08: xen / arm: vpsci: Remove parameter ‘ver’ from do_common_cpu
  • 4fcd9d14b1: xen / arm64: Kill PSCI_GET_VERSION as a variant-2 workaround [19659005] 1ef0574d3b: xen / arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
  • ee109adca7: xen / arm: smccc: Implement SMCCC v1.1 inline primitive
  • b2682eddc2: xen / arm: psci: Detect SMCCC version
  • 9746779afb: xen / arm: smccc: Add macros SMCCC_VERSION, SMCCC_VERSION_ {MINOR, MAJOR}
  • 1d99ad5b35: xen / arm64: Print a per-CPU message with the BP hardening method used
  • 9beb8a4461: xen / arm64: Implement a fast path for handling SMCCC_ARCH_WORKAROUND_1
  • ef4b4d7ab0: xen / arm: Adapt smccc.h to be able to use it in assembly code
  • df71252060: xen / arm: vsmc: Implement SMCCC_ARCH_WORKAROUND_1 BP hardening support
  • 7f9ebebcec: xen / arm: vsmc: Implement SMCCC 1.1
  • 4eb96e3eda: xen / arm: vpsci: Add support for PSCI 1.1
  • 3087ba8278: xen / arm: psci: Rework the PSCI definitions
  • 76a6dddcf8: xen / arm: vpsci: Move PSCI function dispatching from vsmc.c to vpsci.c
  • 0f92968bcf: x86 / vlapic: clear TMR bit upon acceptance or edge -triggered interrupt to IRR
  • 9e9185f661: SUPPORT.md: Specify support for various image formats
  • e87e798673: SUPPORT.md: Clarify that the PV keyboard protocol includes mouse support
  • 6131a2c0ed: cpufreq / ondemand: fix race while offlining CPU
  • 47621a4ed1: x86: remove CR reads from exit-to-guest path
  • 489cfbc1b9: x86: slightly reduced Meltdown band-aid overhead
  • 860f470ba1: x86 / xpti: do not map stack guard pages [19659005] 8462c575d9: x86 / xpti: Hide almost all of .text and all .data / .rodata / .bss mappings
  • cee48d83cb: x86: ignore guest microcode loading attempts
  • 20db434e90: ocaml: fix arm build
  • 0d2f9c89f7: Merge branch ‘merge-comet-staging-4.10-v1’ into staging-4.10
  • a1189f93ef: libxl / pvh: force PVH guests to use the xen store shutdown
  • c37114cbf8: x86 / HVM: do not give the wrong impression of WRMSR succeeding
  • 5ede9f9600: x86 / PV: fix off-by-one in I / O bitmap limit check
  • 7e0796d3fe: grant: Release domain lock on ‘map’ path in cache_flush
  • b9aa790d31: x86 / pv: Avoid leaking other guests’ MSR_TSC_AUX values ​​into PV context
  • 4867afbc95: x86 / nmi: start NMI watchdog on CPU0 after SMP bootstrap
  • 3deb58f832 : x86 / srat: fix end calculation in nodes_cover_memory ()
  • 3376822f15: x86 / hvm / dmop: only copy what is needed to / from the guest
  • 37dd90787e: x86 / entry: Use 32bit xors rater than 64bit xors for clearing GPRs
  • 296705818c: x86 / emul: Fix the decoding or segment overrides in 64bit mode
  • 0857b09aae: x86 / spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST
  • 4195d40e31: x86 / srat: fix the end pfn check in valid_numa_range ()
  • ab62fc3171: x86: reduce Meltdown band-aid IPI overhead
  • 0e10f28586: x86 / NMI: invert condition in nmi_show_execution_state ()
  • a05fc8e5be: x86 / emul: Fix the emulation of invlpga
  • 083bd83354: ignores: update .hgignore
  • b0e975c822: ignores: update list of git ig nored files
  • def29407de: firmware / shim: better filtering or intermediate files during Xen tree setup
  • 8c3bbc7c2b: firmware / shim: better filtering or dependency files during Xen tree setup
  • cee8bb62ff: build: remove shim related targets [19659005] 08a941bdac: shim: allow building or just the shim with build-ID-incapable linker
  • 7dc817b750: firmware / shim: avoid mkdir error during Xen tree setup
  • 21080841ae: firmware / shim: correctly handle errors during Xen tree setup
  • dc4a23b115: firmware / shim: update Makefile
  • da7543dd32: x86 / shim: do not use 32-bit compare on boolean variable
  • 9fd27db52a: xen / pvshim: fix GNTTABOP_query_size hypercall forwarding with SMAP
  • 6d9b6bf418: Revert “x86 / boat: Map more than the first 16MB”
  • 79f04299ca: x86: relocate pvh_info
  • 9ce99ad413: xen / shim: stash RSDP address for ACPI driver
  • 186c2f57bd: libxl: lower shim related message to level DEBUG
  • 357bf02e49: x86 / sh im: use credit scheduler
  • 81306edf86: x86 / guest: clean up guest / xen.h
  • 14e1a434f4: libxl: remove whitespaces in 62982da926
  • b869742c99: xen / pvshim: switch shim.c to use typesafe mfn_to_page and virt_to_mfn
  • d691e41793: xen / pvshim: fix coding style issues
  • ee478f4737: xen / pvshim: re-order replace_va_mapping code
  • f05a7c5148: xen / pvshim: identity pin shim vCPUs to pCPUs
  • 7027acfc1f: tools : fix arm build after bdf693ee61b48
  • bc513e82ed: Do not build xen-shim for 32 bit build host
  • af63193017: Revert “x86 / guest: use the vcpu_info area from shared_info”
  • a44e83b712: x86 / shim: commit shim.config changes for 4.10 branch
  • da3a46d017: Merge tag ‘4.10.0-shim-comet-3’ into staging-4.10
  • b6a6458b13: xen / arm: Flush TLBs before turning on the MMU to avoid stale entries
  • e3dfd5d1dd: xen / arm: vgic: Make sure the number of SPIs is a multiple of 32
  • a6780c122b: x86 / hvm: Disallow the creation of HVM domains without Local APIC emulation
  • 16edf98e95: gnttab: do not blindly free status pages upon version change
  • e2ceb2ed66: gnttab / ARM: do not corrupt shared GFN array
  • 1b1c059099: memory: don ‘ t implicitly unpin for decrease-reservation
  • 5e91fc4d3b: xen / arm: cpuerrata: Actually check errata on non-boot CPUs
  • 3921128fcb: xen / arm: vsmc: Do not implement function IDs that do not exist [19659005] cd2e1436b1: xen / arm: vpsci: Removing dummy MIGRATE and MIGRATE_INFO_UP_CPU
  • 3181472a5c: x86 / idle: Clear SPEC_CTRL while idle
  • 5644514050: x86 / cpuid: Offer Indirect Branch Controls to guests
  • db12743f2d: x86 / ctxt : Issue a speculation barrier between vcpu contexts
  • bc0e599a83: x86 / boat: Calculate the most appropriate BTI mitigation to use
  • fc81946cea: x86 / entry: Avoid using alternatives in NMI / # MC paths
  • ce7d7c0168: x86 / entry: Organize the clobbering of the RSB / RAS on entry to Xen
  • a695f8dce7: x 86 / entry: Organize the use of MSR_SPEC_CTRL at each entry / exit point
  • 92efbe8658: x86 / hvm: Permit guests direct access to MSR_ {SPEC_CTRL, PRED_CMD}
  • 8baba874d6: x86 / migrate: Move MSR_SPEC_CTRL on migrate [19659005] 79891ef944: x86 / msr: Emulation or MSR_ {SPEC_CTRL, PRED_CMD} for guests
  • 641c11ef29: x86 / cpuid: Handling of IBRS / IBPB, STIBP and IBRS for guests
  • 05eba93a0a: x86: fix GET_STACK_END
  • a69cfdf0c1 : x86 / acpi: process softirqs while printing CPU ACPI data
  • 0f4be6e2c4: xen / x86: report domain id on cpuid
  • 0a7e6b50e0: x86 / svm: Offer CPUID Faulting to AMD HVM guests as well
  • 65ee6e043a: x86 / cmdline: Introduce a command line option to disable IBRS / IBPB, STIBP and IBPB
  • 129880dd8f: x86 / feature: Definitions for Indirect Branch Controls
  • c513244d8e: x86: Introduce alternative indirect thunks
  • 0e12c2c881: x86 / amd : Try to set lfence as being Dispatch Serialising
  • 6aaf353f2e: x86 / boot: Report details o f speculative mitigations
  • 32babfc19a: x86: Support indirect thunks from assembly code
  • 47bbcb2dd1: x86: Support compiling with indirect branch thunks
  • 8743fc2ef7: common / wait: clarifications to wait infrastructure
  • 1830b20b6b: x86 / entry : Erase guest GPR state on entry to Xen
  • ab95cb0d94: x86 / hvm: Use SAVE_ALL to construct the cpu_user_regs frame after VMExit
  • d02ef3d274: x86 / entry: Rearrange RESTORE_ALL to restore register in stack order
  • e32f814160: x86 : Introduce a common cpuid_policy_updated ()
  • c534ab4e94: x86 / hvm: Rename update_guest_vendor () callback to cpuid_policy_changed ()
  • be3138b6f6: x86 / alt: Introduce ALTERNATIVE {, _ 2} macros
  • 79012ead93: x86 / alt: Break out alternative-asm into a separate header file [bd093c503:xen/arm32:entry:Documentthepurposeofr11inthetrapshandler
  • a69a8b5fdc: xen / arm32: Invalidate icache on guest exist for Cortex-A15 [19659005] f167ebf6b3: xen / arm32: Invalidate BTB on guest exit for Cortex A17 and 12
  • c4c0187839: xen / arm32: Add skeleton to harden branch predictor aliasing attacks
  • 19ad8a7287: xen / arm32: entry: Add missing trap_reset entry
  • 3caf32c470: xen / arm32 : Add missing MIDR values ​​for Cortex-A17 and A12
  • df7be94f26: xen / arm32: entry: Consolidate DEFINE_TRAP_ENTRY_ * macros
  • f379b70609: SUPPORT.md: Fix version and Initial-Release
  • 728fadb586: xen / arm: cpuerrata: Remove percpu.h include
  • 928112900e: xen / arm64: Implement branch predictor hardening for affected Cortex-A CPUs
  • cae6e1572f: xen / arm64: Add skeleton to harden the branch predictor aliasing attacks
  • d1f4283a1d: xen / arm: cpuerrata: Add MIDR_ALL_VERSIONS
  • 0f7a4faafb: xen / arm64: Add missing MIDR values ​​for Cortex-A72, A73 and A75
  • b829d42829: xen / arm: Introduce enable callback to enable a capabilities on each CPU [19659005] fa23f2aaa2: xen / pvh: place the trampoline at page 0x1 [19659005] 79f797c3f4: firmware / shim: fix build process to use POSIX find options
  • 69f4d872e5: x86 / guest: use the vcpu_info area from shared_info
  • 7cccd6f748: x86: allow Meltdown band-aid to be disabled
  • 234f481337 : x86: Meltdown band-aid against malicious 64-bit PV guests
  • 57dc197cf0: x86 / mm: Always set _PAGE_ACCESSED on L4e updates
  • 7209b8bf08: x86: Do not use potentially incorrectly CPUID values ​​for topology information
  • 910dd005da: x86 / entry: Remove support for partial cpu_user_regs frames
  • 50d24b9530: x86 / upcall: inject a spurious event after setting upcall vector
  • c89c622b89: x86 / E820: do not overrun array
  • 3b8d88d4fa: x86 / IRQ: conditionally preserve access permission on map error paths
  • 6f1979c8e4: -xen-attach is needed for pvh boat with qemu-xen
  • 0a515eeb96: xen / pvshim: map vcpu_info earlier for APs
  • 0e2d64ae8f: xl: pvshim : Provide and document xl config
  • ab9e3854dd: libxl: pvshim: Intr Преперать пользовательные производственная пользовательное пользовательное пользовательное пользовательное пользовательное продукты пользовательное
  • abdde49edc: libxl: pvshim: Provide first-class config settings to enable shim mode
  • 321ef983a0: or reboot in shim mode
  • b5be9c817d: xen / pvshim: use default position for the m2p mappings
  • 9d60bc96be: xen / shim: modify shim_mem parameter behavior
  • 29dd3142bf: xen / pvshim: memory hotplug
  • 5b6c3ffa1d: xen / pvshim: support vCPU hotplug
  • 004646a1dd: xen / pvshim: set max_pages to the value or tot_pages
  • 7dcc20e0c8: xen / pvshim: add shim_mem cmdline parameter
  • 83c838c9f8: xen / pvshim: add migration support [19659005] cc7d96b98c: x86 / pv-shim: shadow PV console’s page for L2 DomU
  • 7f5eb7d04e: xen / pvshim: add grant table operations
  • bbad376ab1: xen / pvshim: forward evtchn ops between L0 Xen and L2 DomU
  • da4518c559: xen / pvshim: set correctly domid value
  • 1cd703979f: xen / pvshim: modify D om0 builder in order to build a DomU
  • 60dd95357c: xen: mark xenstore / console pages as RAM
  • 0ba5d8c275: xen / pvshim: skip Dom0-only domain builder parts
  • 4ba6447e7d: xen / pvh: do not mark the low 1MB axis IO mem
  • 2b8a95a296: xen / x86: make VGA support selectable
  • cdb1fb4921: xen / arm: bootfdt: Use proper default for # address-cells and # size-cells
  • a40186478c: xen / arm: gic-v3: Bail out if gicv3_cpu_init fail
  • 3784256866: tools / firmware: Build and install xen-shim
  • b5ead1fad3: x86 / shim: Kconfig and command line options
  • aa96a59dc2: x86 / guest: use PV console for Xen / Dom0 I / O
  • 7477359b9a: x86 / guest: add PV console code
  • cb5dc94ba7: x86 / guest: setup event channel upcall vector
  • 3b058a3eab: x86: do not swallow the first command line item in guest mode
  • 5a543c6f39: x86: read wallclock from Xen when running in pvh mode
  • 949eb11d58: x86: APIC timer calibration when running as a guest [19659005] f5ca36927e: x86: xen pv clock time source
  • 68e7a08436: x86 / guest: folder per-cpu vcpu_info area.
  • d2df09c92b: xen / guest: fetch vCPU ID from Xen
  • efa15c993b: x86 / guest: map shared_info page
  • 83186a8e69: xen / pvshim: keep track of used PFN ranges
  • 1fa5444834: xen: introduce rangeset_claim_range
  • 10128f33aa: xen / console: Introduce console = xen
  • 2f5a012143: x86 / pvh: Retrieve memory map from Xen
  • 9752c7422b: x86 / shutdown: Support for using SCHEDOP_ {shutdown, reboot}
  • b38cc15b2f: x86 / guest: Hypercall support
  • 3d1afab1f6: x86 / entry: Probe for Xen early during boot
  • 31b664a93f: x86 / boat: Map more than the first 16MB
  • db65173fe7: x86 / entry: Early PVH boot code
  • 51f937a39b: x86: produce a binary that can be booted as PVH
  • 887c705600: x86: introduce ELFNOTE macro
  • f575701f3c: x86 / link: Relocate program headers
  • af2f50b2b6: x86 / Kconfig: Options for Xen and PVH support [19659005] b538a13a68: x86: Common cpuid faulting support
  • 57dc22b80d: x86 / fixmap: Modify fix_to_virt () to return a void pointer
  • 48811d481c: tools / ocaml: Extend domain_create () to take arch_domainconfig
  • 78898c9d1b: tools / ocaml: Expose arch_config in domaininfo
  • e7c8187b91: xen / domctl: Return arch_config via getdomaininfo
  • 9e46ae12ed: ACPICA: Make ACPI Power Management Timer (PM Timer) optional.
  • ff1fb8fe53: x86 / link: Introduce and use SECTION_ALIGN
  • 92a6295c30: x86 / time: Print a more helpful error when a platform timer can not be found
  • 78e9cc3488: xen / common: Widen the guest logging buffer slightly
  • 667275050d: tools / libxc: Multi modules support
  • 4621c10f48: tools / libelf: fix eleven notes check for PVH guest
  • 40938b5d56: tools / libxc: remove extraneous newline in xc_dom_load_acpi
  • 5840f40e88: xen / x86: report domain id on cpuid
  • caff7f9b59: x86 / svm: Offer CPUID Faulting to AMD HVM guests as well [1 9659005] 69e302e59c: x86 / upcall: inject a spurious event after setting upcall vector
  • a87ec4833a: x86 / msr: Free msr_vcpu_policy during vcpu destruction
  • 9dc5eda576: x86 / vmx: Do not use hvm_inject_hw_exception () in long_mode_do_msr_write ()
  • 135b67e9bd: xen / efi: Fix build with clang-5.0
  • 682a9d8d37: gnttab: improve GNTTABOP_cache_flush locking
  • 19dcd8e47d: gnttab: correct GNTTABOP_cache_flush empty batch handling
  • e5364c32c6: x86 / microcode: Add support for fam17h microcode loading
  • e2dc7b584f: x86 / mm: drop bogus paging mode assertion
  • c8f4f45e04: x86 / mb2: avoid Xen image when looking for module / crash kernel position
  • 4150501b71: x86 / vvmx: do not enable vmcs shadowing for nested guests
  • ab7be6ce4a: xen / pv: Construct d0v0s GDT properly
  • f3fb6673d8: update Xen version to 4.10.1-pre

This release contains no fixes to qemu-traditional or qemu-upstream. This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes
XSA-252, XSA-253, XSA-254, XSA-255, XSA-256, XSA-257, XSA -258, XSA-259

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories. We recommend all users of the 4.10 stable series to update this latest point release.

 

You might also like