Software Update: Xen 4.11.1 / 4.8.5

Xen is a baremetal hypervisor for the x86 and ARMv7/v8 platforms, allowing multiple operating systems to run simultaneously on a single system without drastically impacting performance. For more information about Xen and its community, please refer to this one and this one page. Currently, only Linux, NetBSD, and FreeBSD are supported as host systems, but work is underway to fully support other operating systems as well. The developers have released versions 4.11.1 and 4.8.5 with the following announcements:

XenProject 4.11.1

We are pleased to announce the release of Xen 4.11.1. This is available immediately from its git repository or from this download page. This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

• update Xen version to 4.11.1
• x86/dom0: Avoid using 1G superpages if shadowing may be necessary
• x86/shadow: shrink struct page_info’s shadow_flags to 16 bits
• x86/shadow: move OOS flag bit positions
• x86/mm: Don’t perform flush after failing to update a guests L1e
• x86/mm: Put the gfn on all paths after get_gfn_query()
• x86/hvm/ioreq: use ref-counted target-assigned shared pages
• x86/hvm/ioreq: fix page referencing
• AMD/IOMMU: suppress PTE merging after initial table creation
• amd/iommu: fix flush checks
• stubdom/vtpm: fix memcmp in TPM_ChangeAuthAsymFinish
• x86: work around HLE host lockup erratum
• x86: extend get_platform_badpages() interface
• Release: add release note link to SUPPORT.md
• x86/pv: Fix crash when using `xl set-parameter pcid=…`
• tools/dombuilder: Initialize vcpu debug registers correctly
• x86/domain: Initialize vcpu debug registers correctly
• x86/boot: Initialize the debug registers correctly
• x86/boot: enable NMIs after traps init
• vtd: add missing check for shared EPT…
• x86: fix “xpti=” and “pv-l1tf=” yet again
• x86: split opt_pv_l1tf
• x86: split opt_xpti
• x86: silence false log messages for plain “xpti” / “pv-l1tf”
• x86/vvmx: Disallow the use of VT-x instructions when nested virt is disabled
• stubdom/grub.patches: Drop docs changes, for licensing reasons
• tools/tests: fix an xs-test.c issue
• x86/boot: Allocate one extra module slot for Xen image placement
• xen: sched/Credit2: fix bug when moving CPUs between two Credit2 cpupools
• x86/hvm/emulate: make sure rep I/O emulation does not cross GFN boundaries
• x86/efi: split compiler vs linker support
• x86/efi: move the logic to detect PE build support
• x86/shutdown: use ACPI reboot method for Dell PowerEdge R540
• x86: assorted array_index_nospec() insertions
• VT-d/dmar: iommu mem leak fix
• rangeset: make inquiry functions tolerate NULL inputs
• x86/setup: Avoid OoB E820 lookup when calculating the L1TF safe address
• x86/hvm/ioreq: MMIO range checking completely ignores direction flag
• x86/vlapic: Bugfixes and improvements to vlapic_{read,write}()
• x86/vmx: Avoid hitting BUG_ON() after EPTP-related domain_crash()
• libxl: start pvqemu when 9pfs is requested
• x86: write to correct variable in parse_pv_l1tf()
• xl.conf: Add global affinity masks
• x86: Make “spec-ctrl=no” a global disable of all mitigations
• x86/spec-ctrl: Introduce an option to control L1D_FLUSH for HVM HAP guests
• x86/msr: Virtualise MSR_FLUSH_CMD for guests
• x86/spec-ctrl: CPUID/MSR definitions for L1D_FLUSH
• x86/pv: Force a guest into shadow mode when it writes an L1TF-vulnerable PTE
• x86/mm: Plumbing to allow any PTE update to fail with -ERESTART
• x86/shadow: Infrastructure to force a PV guest into shadow mode
• x86/spec-ctrl: Introduce an option to control L1TF mitigation for PV guests
• x86/spec-ctrl: Calculate safe PTE addresses for L1TF mitigations
• tools/oxenstored: Make evaluation order explicit
• x86/vtx: Fix the checking for unknown/invalid MSR_DEBUGCTL bits
• ARM: disable grant table v2
• VMX: fix vmx_{find,del}_msr() build
• x86/vmx: Support load-only guest MSR list entries
• x86/vmx: Pass an MSR value into vmx_msr_add()
• x86/vmx: Improvements to LBR MSR handling
• x86/vmx: Support remote access to the MSR lists
• x86/vmx: Factor locate_msr_entry() out of vmx_find_msr() and vmx_add_msr()
• x86/vmx: Internal cleanup for MSR load/save infrastructure
• x86/vmx: API improvements for MSR load/save infrastructure
• x86/vmx: Defer vmx_vmcs_exit() as long as possible in construct_vmcs()
• x86/vmx: Fix handing of MSR_DEBUGCTL on VMExit
• x86/spec-ctrl: Yet more fixes for xpti= parsing
• x86/spec-ctrl: Fix the parsing of xpti= on fixed Intel hardware
• x86/hvm: Disallow unknown MSR_EFER bits
• x86/xstate: Make errors in xstate calculations more obvious by crashing the domain
• x86/xstate: Use a guests CPUID policy, rather than allowing all features
• x86/vmx: Don’t clobber %dr6 while debugging state is lazy
• x86: command line option to avoid use of secondary hyper-threads
• x86: possibly bring up all CPUs even if not all are supposed to be used
• x86: distinguish CPU offline from CPU removal
• x86/AMD: distinguish compute units from hyper-threads
• cpupools: fix state when downing a CPU failed
• x86/svm Fixes and cleanup to svm_inject_event()
• allow cpu_down() to be called earlier
• mm/page_alloc: correct first_dirty calculations during block merging
• xen: oprofile/nmi_int.c: Drop unwanted sexual reference
• x86/spec-ctrl: command line handling adjustments
• x86: correctly set nonlazy_xstate_used when loading full state
• xen: Port the array_index_nospec() infrastructure from Linux
• xen/Makefile: Bump version to 4.11.1-pre for ongoing 4.11 stable branch
• This release contains NO fixes to qemu-traditional.

XenProject 4.8.5

We are pleased to announce the release of Xen 4.8.5. This is available immediately from its git repository or from this download page. This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

• update Xen version to 4.8.5
• VMX: allow migration of guests with SSBD enabled
• x86/dom0: Fix shadowing of PV guests with 2M superpages
• x86/dom0: Avoid using 1G superpages if shadowing may be necessary
• x86/shadow: shrink struct page_info’s shadow_flags to 16 bits
• x86/shadow: move OOS flag bit positions
• x86/mm: Don’t perform flush after failing to update a guests L1e
• AMD/IOMMU: suppress PTE merging after initial table creation
• amd/iommu: fix flush checks
• stubdom/vtpm: fix memcmp in TPM_ChangeAuthAsymFinish
• x86: work around HLE host lockup erratum
• x86: extend get_platform_badpages() interface
• tools/dombuilder: Initialize vcpu debug registers correctly
• x86/domain: Initialize vcpu debug registers correctly
• x86/boot: Initialize the debug registers correctly
• x86/boot: enable NMIs after traps init
• vtd: add missing check for shared EPT…
• x86: fix “xpti=” and “pv-l1tf=” yet again
• x86: split opt_pv_l1tf
• x86: split opt_xpti
• x86: silence false log messages for plain “xpti” / “pv-l1tf”
• stubdom/grub.patches: Drop docs changes, for licensing reasons
• x86/hvm/emulate: make sure rep I/O emulation does not cross GFN boundaries
• x86/shutdown: use ACPI reboot method for Dell PowerEdge R540
• x86/shutdown: use ACPI reboot method for Dell PowerEdge R740
• x86: assorted array_index_nospec() insertions
• VT-d/dmar: iommu mem leak fix
• rangeset: make inquiry functions tolerate NULL inputs
• x86/setup: Avoid OoB E820 lookup when calculating the L1TF safe address
• x86/hvm/ioreq: MMIO range checking completely ignores direction flag
• x86/vlapic: Bugfixes and improvements to vlapic_{read,write}()
• x86/vmx: Avoid hitting BUG_ON() after EPTP-related domain_crash()
• x86: write to correct variable in parse_pv_l1tf()
• xl.conf: Add global affinity masks
• x86: Make “spec-ctrl=no” a global disable of all mitigations
• x86/spec-ctrl: Introduce an option to control L1D_FLUSH for HVM HAP guests
• x86/msr: Virtualise MSR_FLUSH_CMD for guests
• x86/spec-ctrl: CPUID/MSR definitions for L1D_FLUSH
• x86/pv: Force a guest into shadow mode when it writes an L1TF-vulnerable PTE
• x86/mm: Plumbing to allow any PTE update to fail with -ERESTART
• x86/shadow: Infrastructure to force a PV guest into shadow mode
• x86/spec-ctrl: Introduce an option to control L1TF mitigation for PV guests
• x86/spec-ctrl: Calculate safe PTE addresses for L1TF mitigations
• tools/oxenstored: Make evaluation order explicit
• x86/vtx: Fix the checking for unknown/invalid MSR_DEBUGCTL bits
• ARM: disable grant table v2
• common/gnttab: Introduce command line feature controls
• VMX: fix vmx_{find,del}_msr() build
• x86/vmx: Support load-only guest MSR list entries
• x86/vmx: Pass an MSR value into vmx_msr_add()
• x86/vmx: Improvements to LBR MSR handling
• x86/vmx: Support remote access to the MSR lists
• x86/vmx: Factor locate_msr_entry() out of vmx_find_msr() and vmx_add_msr()
• x86/vmx: Internal cleanup for MSR load/save infrastructure
• x86/vmx: API improvements for MSR load/save infrastructure
• x86/vmx: Defer vmx_vmcs_exit() as long as possible in construct_vmcs()
• x86/vmx: Fix handing of MSR_DEBUGCTL on VMExit
• x86/spec-ctrl: Yet more fixes for xpti= parsing
• x86/spec-ctrl: Fix the parsing of xpti= on fixed Intel hardware
• x86/hvm: Disallow unknown MSR_EFER bits
• x86/xstate: Make errors in xstate calculations more obvious by crashing the domain
• x86/xstate: Use a guests CPUID policy, rather than allowing all features
• x86/vmx: Don’t clobber %dr6 while debugging state is lazy
• x86: command line option to avoid use of secondary hyper-threads
• x86: possibly bring up all CPUs even if not all are supposed to be used
• x86: distinguish CPU offline from CPU removal
• x86/AMD: distinguish compute units from hyper-threads
• cpupools: fix state when downing a CPU failed
• allow cpu_down() to be called earlier
• xen: oprofile/nmi_int.c: Drop unwanted sexual reference
• x86/spec-ctrl: command line handling adjustments
• x86: correctly set nonlazy_xstate_used when loading full state
• xen: Port the array_index_nospec() infrastructure from Linux
• cmdline: fix parse_boolean() for NULL incoming end pointer
• update Xen version to 4.8.5-pre
• This release also contains NO fixes to qemu-traditional.