Xen Project 4.11 Series


Xen Project 4.11.0

Release Information

The Xen Project 4.11 release incorporates many new features and improvements to existing features.


For Xen Project 4.11 documentation see

Contribution Acknowledgements

For a breakdown of contributions to Xen 4.11 check out the Xen Project 4.11 Acknowledgements.

Xen Project 4.11.1

We are pleased to announce the release of Xen 4.11.1. This is available immediately from its git repository 

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.11 (tag RELEASE-4.11.1) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 96cbd0893f: update Xen version to 4.11.1 [Jan Beulich]
  • 49caabf258: x86/dom0: Avoid using 1G superpages if shadowing may be necessary [Andrew Cooper]
  • bbe48b5b67: x86/shadow: shrink struct page_info's shadow_flags to 16 bits [Jan Beulich]
  • 93177f1f0f: x86/shadow: move OOS flag bit positions [Jan Beulich]
  • e738850aaf: x86/mm: Don't perform flush after failing to update a guests L1e [Andrew Cooper]
  • eb6830a1c8: x86/mm: Put the gfn on all paths after get_gfn_query() [Andrew Cooper]
  • b88ccb3ae7: x86/hvm/ioreq: use ref-counted target-assigned shared pages [Paul Durrant]
  • 3b2a779ccb: x86/hvm/ioreq: fix page referencing [Paul Durrant]
  • 946f345547: AMD/IOMMU: suppress PTE merging after initial table creation [Jan Beulich]
  • 086a9dded2: amd/iommu: fix flush checks [Roger Pau Monné]
  • dea9fc0e02: stubdom/vtpm: fix memcmp in TPM_ChangeAuthAsymFinish [Olaf Hering]
  • ff9f8730a9: x86: work around HLE host lockup erratum [Jan Beulich]
  • 0f0ad146b5: x86: extend get_platform_badpages() interface [Jan Beulich]
  • 8ad462a34f: Release: add release note link to SUPPORT.md [Juergen Gross]
  • d67b849d22: x86/pv: Fix crash when using `xl set-parameter pcid=...` [Andrew Cooper]
  • 8f3f58c1c0: tools/dombuilder: Initialise vcpu debug registers correctly [Andrew Cooper]
  • 06a50b02d5: x86/domain: Initialise vcpu debug registers correctly [Andrew Cooper]
  • fe10c229a4: x86/boot: Initialise the debug registers correctly [Andrew Cooper]
  • e2436396ed: x86/boot: enable NMIs after traps init [Sergey Dyasli]
  • f0b4b6995c: vtd: add missing check for shared EPT... [Paul Durrant]
  • d34471f144: x86: fix "xpti=" and "pv-l1tf=" yet again [Jan Beulich]
  • 26feeb5647: x86: split opt_pv_l1tf [Jan Beulich]
  • 221acbf429: x86: split opt_xpti [Jan Beulich]
  • 8bed7285f1: x86: silence false log messages for plain "xpti" / "pv-l1tf" [Jan Beulich]
  • 18b5947648: x86/vvmx: Disallow the use of VT-x instructions when nested virt is disabled [Andrew Cooper]
  • 94fba9f438: stubdom/grub.patches: Drop docs changes, for licensing reasons [Ian Jackson]
  • 33664f9a05: tools/tests: fix an xs-test.c issue [Wei Liu]
  • a2e35a7592: x86/boot: Allocate one extra module slot for Xen image placement [Daniel Kiper]
  • 451f9c8e02: xen: sched/Credit2: fix bug when moving CPUs between two Credit2 cpupools [Dario Faggioli]
  • d7cbb4b5c9: x86/hvm/emulate: make sure rep I/O emulation does not cross GFN boundaries [Paul Durrant]
  • bb6d070c16: x86/efi: split compiler vs linker support [Roger Pau Monné]
  • b1a47ef063: x86/efi: move the logic to detect PE build support [Roger Pau Monné]
  • 5b1592d188: x86/shutdown: use ACPI reboot method for Dell PowerEdge R540 [Ross Lagerwall]
  • 0719a5ff7e: x86: assorted array_index_nospec() insertions [Jan Beulich]
  • 03fd745154: VT-d/dmar: iommu mem leak fix [Zhenzhong Duan]
  • d1caf6ee72: rangeset: make inquiry functions tolerate NULL inputs [Jan Beulich]
  • a07f444502: x86/setup: Avoid OoB E820 lookup when calculating the L1TF safe address [Andrew Cooper]
  • 74fee1b6d3: x86/hvm/ioreq: MMIO range checking completely ignores direction flag [Paul Durrant]
  • 2004a914b6: x86/vlapic: Bugfixes and improvements to vlapic_{read,write}() [Andrew Cooper]
  • 8c8b3cb17e: x86/vmx: Avoid hitting BUG_ON() after EPTP-related domain_crash() [Andrew Cooper]
  • 5acdd26fdc: libxl: start pvqemu when 9pfs is requested [Stefano Stabellini]
  • 733450b39b: x86: write to correct variable in parse_pv_l1tf() [Jan Beulich]
  • d757c29ffe: xl.conf: Add global affinity masks [Wei Liu]
  • 6c7d074a4b: x86: Make "spec-ctrl=no" a global disable of all mitigations [Jan Beulich]
  • 2a47c75509: x86/spec-ctrl: Introduce an option to control L1D_FLUSH for HVM HAP guests [Andrew Cooper]
  • 007752fb9b: x86/msr: Virtualise MSR_FLUSH_CMD for guests [Andrew Cooper]
  • fb78137bb8: x86/spec-ctrl: CPUID/MSR definitions for L1D_FLUSH [Andrew Cooper]
  • 665e7685b4: x86/pv: Force a guest into shadow mode when it writes an L1TF-vulnerable PTE [Juergen Gross]
  • f4a049ede7: x86/mm: Plumbing to allow any PTE update to fail with -ERESTART [Andrew Cooper]
  • 02d2c66093: x86/shadow: Infrastructure to force a PV guest into shadow mode [Juergen Gross]
  • 57483c09ef: x86/spec-ctrl: Introduce an option to control L1TF mitigation for PV guests [Andrew Cooper]
  • d044f6cc59: x86/spec-ctrl: Calculate safe PTE addresses for L1TF mitigations [Andrew Cooper]
  • e6441a804b: tools/oxenstored: Make evaluation order explicit [Christian Lindig]
  • 48fb482ef6: x86/vtx: Fix the checking for unknown/invalid MSR_DEBUGCTL bits [Andrew Cooper]
  • fa79f9e762: ARM: disable grant table v2 [Stefano Stabellini]
  • 1d32c21975: VMX: fix vmx_{find,del}_msr() build [Jan Beulich]
  • 7b420e8a82: x86/vmx: Support load-only guest MSR list entries [Andrew Cooper]
  • 8b35b978a2: x86/vmx: Pass an MSR value into vmx_msr_add() [Andrew Cooper]
  • cfdd4e846a: x86/vmx: Improvements to LBR MSR handling [Andrew Cooper]
  • 218d403ad9: x86/vmx: Support remote access to the MSR lists [Andrew Cooper]
  • b52017c904: x86/vmx: Factor locate_msr_entry() out of vmx_find_msr() and vmx_add_msr() [Andrew Cooper]
  • 52b8f9ae22: x86/vmx: Internal cleanup for MSR load/save infrastructure [Andrew Cooper]
  • 935e9c4047: x86/vmx: API improvements for MSR load/save infrastructure [Andrew Cooper]
  • 61cc8769a9: x86/vmx: Defer vmx_vmcs_exit() as long as possible in construct_vmcs() [Andrew Cooper]
  • 4254e98740: x86/vmx: Fix handing of MSR_DEBUGCTL on VMExit [Andrew Cooper]
  • 6fe9726aeb: x86/spec-ctrl: Yet more fixes for xpti= parsing [Andrew Cooper]
  • 33ced725e1: x86/spec-ctrl: Fix the parsing of xpti= on fixed Intel hardware [Andrew Cooper]
  • 7de2155573: x86/hvm: Disallow unknown MSR_EFER bits [Andrew Cooper]
  • 06d2a763d0: x86/xstate: Make errors in xstate calculations more obvious by crashing the domain [Andrew Cooper]
  • 543027c984: x86/xstate: Use a guests CPUID policy, rather than allowing all features [Andrew Cooper]
  • 037fe82cf5: x86/vmx: Don't clobber %dr6 while debugging state is lazy [Andrew Cooper]
  • 353edf12c8: x86: command line option to avoid use of secondary hyper-threads [Jan Beulich]
  • 75313e478e: x86: possibly bring up all CPUs even if not all are supposed to be used [Jan Beulich]
  • 5908b4866b: x86: distinguish CPU offlining from CPU removal [Jan Beulich]
  • bd51a64242: x86/AMD: distinguish compute units from hyper-threads [Jan Beulich]
  • 0a2016ca2f: cpupools: fix state when downing a CPU failed [Jan Beulich]
  • b53e0defce: x86/svm Fixes and cleanup to svm_inject_event() [Andrew Cooper]
  • a44cf0c872: allow cpu_down() to be called earlier [Jan Beulich]
  • ac35e050b6: mm/page_alloc: correct first_dirty calculations during block merging [Sergey Dyasli]
  • 10c548215b: xen: oprofile/nmi_int.c: Drop unwanted sexual reference [Ian Jackson]
  • 4bdeedbd61: x86/spec-ctrl: command line handling adjustments [Jan Beulich]
  • da33530ab3: x86: correctly set nonlazy_xstate_used when loading full state [Jan Beulich]
  • e932371d6a: xen: Port the array_index_nospec() infrastructure from Linux [Andrew Cooper]
  • 1fd87ba1cd: xen/Makefile: Bump version to 4.11.1-pre for ongoing 4.11 stable branch [Ian Jackson]

This release contains NO fixes to qemu-traditional.

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.11.0 and qemu-xen-4.11.1).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes. 

XSA Xen qemu-traditional qemu-upstream 
XSA-268 Applied Applied Applied
XSA-269 Applied Applied Applied
XSA-270 N/A (Linux only) ... ...
XSA-271 N/A (XAPI only) ... ...
XSA-272 Applied Applied Applied
XSA-273 Applied Applied Applied
XSA-274 N/A (Linux only) ... ...
XSA-275 Applied Applied Applied
XSA-276 Applied Applied Applied
XSA-277 Applied Applied Applied
XSA-278 Applied Applied Applied
XSA-279 Applied Applied Applied
XSA-280 Applied Applied Applied
XSA-281 N/A (Unused number) ... ...
XSA-282 Applied Applied Applied

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.11 stable series to update to this latest point release.