Downloads

Xen Project 4.10.1

We are pleased to announce the release of Xen 4.10.1. This is available immediately from its git repository
https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.10 (tag RELEASE-4.10.1) or from this download page.

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 99e50001be: update Xen version to 4.10.1 [Jan Beulich]
  • c30ab3d97c: SUPPORT.md: Add missing support lifetime information [Ian Jackson]
  • 5f6000a985: adapt SUPPORT.md to match 4.11 [Juergen Gross]
  • f9e1bddbc8: SUPPORT.md: Fix a typo [Ian Jackson]
  • 3614c7d949: SUPPORT.md: Document the new text ordering rule [Ian Jackson]
  • 6f8e8bae87: SUPPORT.md: Move descriptions up before Status info [Ian Jackson]
  • 2e02212848: docs/Makefile: Format SUPPORT.md into the toplevel [Ian Jackson]
  • 73c8c2c211: docs/Makefile: Introduce GENERATE_PANDOC_RULE_RAW [Ian Jackson]
  • c07d2195b0: docs/gen-html-index: Support documents at the toplevel [Ian Jackson]
  • 0609dd1c5e: docs/gen-html-index: Extract titles from HTML documents [Ian Jackson]
  • a3459c741e: SUPPORT.md: Syntax: Provide a title rather than a spurious empty section [Ian Jackson]
  • de3ccf0790: SUPPORT.md: Syntax: Fix a typo “States” [Ian Jackson]
  • f7a7eeac29: SUPPORT.md: Syntax: Fix some bullet lists [Ian Jackson]
  • cba8690ea8: x86: fix slow int80 path after XPTI additions [Jan Beulich]
  • d27de97cd1: libxl: Specify format of inserted cdrom [Anthony PERARD]
  • 656c14780c: x86/msr: Correct the emulation behaviour of MSR_PRED_CMD [Andrew Cooper]
  • 8d37ee1d10: x86/VT-x: Fix determination of EFER.LMA in vmcs_dump_vcpu() [Andrew Cooper]
  • 696b24dfe1: x86/HVM: suppress I/O completion for port output [Jan Beulich]
  • 41015e7945: x86/pv: Fix up erroneous segments for 32bit syscall entry [Andrew Cooper]
  • 4f12a18bc2: x86/XPTI: reduce .text.entry [Jan Beulich]
  • 649e617335: x86: log XPTI enabled status [Jan Beulich]
  • bd26592fdf: x86: disable XPTI when RDCL_NO [Jan Beulich]
  • afece29fe9: x86/pv: Fix the handing of writes to %dr7 [Andrew Cooper]
  • 2e34343fb2: xen/arm: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery [Julien Grall]
  • d9756ca980: xen/arm: vpsci: Rework the logic to start AArch32 vCPU in Thumb mode [Julien Grall]
  • e2ee191d3d: xen/arm: vpsci: Introduce and use PSCI_INVALID_ADDRESS [Julien Grall]
  • 2efc116c68: xen/arm: psci: Consolidate PSCI version print [Julien Grall]
  • 51742fbc08: xen/arm: vpsci: Remove parameter ‘ver’ from do_common_cpu [Julien Grall]
  • 4fcd9d14b1: xen/arm64: Kill PSCI_GET_VERSION as a variant-2 workaround [Julien Grall]
  • 1ef0574d3b: xen/arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support [Julien Grall]
  • ee109adca7: xen/arm: smccc: Implement SMCCC v1.1 inline primitive [Julien Grall]
  • b2682eddc2: xen/arm: psci: Detect SMCCC version [Julien Grall]
  • 9746779afb: xen/arm: smccc: Add macros SMCCC_VERSION, SMCCC_VERSION_{MINOR, MAJOR} [Julien Grall]
  • 1d99ad5b35: xen/arm64: Print a per-CPU message with the BP hardening method used [Julien Grall]
  • 9beb8a4461: xen/arm64: Implement a fast path for handling SMCCC_ARCH_WORKAROUND_1 [Julien Grall]
  • ef4b4d7ab0: xen/arm: Adapt smccc.h to be able to use it in assembly code [Julien Grall]
  • df71252060: xen/arm: vsmc: Implement SMCCC_ARCH_WORKAROUND_1 BP hardening support [Julien Grall]
  • 7f9ebebcec: xen/arm: vsmc: Implement SMCCC 1.1 [Julien Grall]
  • 4eb96e3eda: xen/arm: vpsci: Add support for PSCI 1.1 [Julien Grall]
  • 3087ba8278: xen/arm: psci: Rework the PSCI definitions [Julien Grall]
  • 76a6dddcf8: xen/arm: vpsci: Move PSCI function dispatching from vsmc.c to vpsci.c [Julien Grall]
  • 0f92968bcf: x86/vlapic: clear TMR bit upon acceptance of edge-triggered interrupt to IRR [Liran Alon]
  • 9e9185f661: SUPPORT.md: Specify support for various image formats [George Dunlap]
  • e87e798673: SUPPORT.md: Clarify that the PV keyboard protocol includes mouse support [George Dunlap]
  • 6131a2c0ed: cpufreq/ondemand: fix race while offlining CPU [Jan Beulich]
  • 47621a4ed1: x86: remove CR reads from exit-to-guest path [Jan Beulich]
  • 489cfbc1b9: x86: slightly reduce Meltdown band-aid overhead [Jan Beulich]
  • 860f470ba1: x86/xpti: don’t map stack guard pages [Jan Beulich]
  • 8462c575d9: x86/xpti: Hide almost all of .text and all .data/.rodata/.bss mappings [Andrew Cooper]
  • cee48d83cb: x86: ignore guest microcode loading attempts [Jan Beulich]
  • 20db434e90: ocaml: fix arm build [Wei Liu]
  • 0d2f9c89f7: Merge branch ‘merge-comet-staging-4.10-v1’ into staging-4.10 [Wei Liu]
  • a1189f93ef: libxl/pvh: force PVH guests to use the xenstore shutdown [Roger Pau Monne]
  • c37114cbf8: x86/HVM: don’t give the wrong impression of WRMSR succeeding [Jan Beulich]
  • 5ede9f9600: x86/PV: fix off-by-one in I/O bitmap limit check [Jan Beulich]
  • 7e0796d3fe: grant: Release domain lock on ‘map’ path in cache_flush [George Dunlap]
  • b9aa790d31: x86/pv: Avoid leaking other guests’ MSR_TSC_AUX values into PV context [Andrew Cooper]
  • 4867afbc95: x86/nmi: start NMI watchdog on CPU0 after SMP bootstrap [Igor Druzhinin]
  • 3deb58f832: x86/srat: fix end calculation in nodes_cover_memory() [Jan Beulich]
  • 3376822f15: x86/hvm/dmop: only copy what is needed to/from the guest [Ross Lagerwall]
  • 37dd90787e: x86/entry: Use 32bit xors rater than 64bit xors for clearing GPRs [Andrew Cooper]
  • 296705818c: x86/emul: Fix the decoding of segment overrides in 64bit mode [Andrew Cooper]
  • 0857b09aae: x86/spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST [Andrew Cooper]
  • 4195d40e31: x86/srat: fix the end pfn check in valid_numa_range() [Haozhong Zhang]
  • ab62fc3171: x86: reduce Meltdown band-aid IPI overhead [Jan Beulich]
  • 0e10f28586: x86/NMI: invert condition in nmi_show_execution_state() [Jan Beulich]
  • a05fc8e5be: x86/emul: Fix the emulation of invlpga [Andrew Cooper]
  • 083bd83354: ignores: update .hgignore [Roger Pau Monné]
  • b0e975c822: ignores: update list of git ignored files [Roger Pau Monné]
  • def29407de: firmware/shim: better filtering of intermediate files during Xen tree setup [Jan Beulich]
  • 8c3bbc7c2b: firmware/shim: better filtering of dependency files during Xen tree setup [Jan Beulich]
  • cee8bb62ff: build: remove shim related targets [Roger Pau Monné]
  • 08a941bdac: shim: allow building of just the shim with build-ID-incapable linker [Jan Beulich]
  • 7dc817b750: firmware/shim: avoid mkdir error during Xen tree setup [Jan Beulich]
  • 21080841ae: firmware/shim: correctly handle errors during Xen tree setup [Jan Beulich]
  • dc4a23b115: firmware/shim: update Makefile [Wei Liu]
  • da7543dd32: x86/shim: don’t use 32-bit compare on boolean variable [Jan Beulich]
  • 9fd27db52a: xen/pvshim: fix GNTTABOP_query_size hypercall forwarding with SMAP [Roger Pau Monne]
  • 6d9b6bf418: Revert “x86/boot: Map more than the first 16MB” [Wei Liu]
  • 79f04299ca: x86: relocate pvh_info [Wei Liu]
  • 9ce99ad413: xen/shim: stash RSDP address for ACPI driver [Wei Liu]
  • 186c2f57bd: libxl: lower shim related message to level DEBUG [Wei Liu]
  • 357bf02e49: x86/shim: use credit scheduler [Wei Liu]
  • 81306edf86: x86/guest: clean up guest/xen.h [Wei Liu]
  • 14e1a434f4: libxl: remove whitespaces introduced in 62982da926 [Wei Liu]
  • b869742c99: xen/pvshim: switch shim.c to use typesafe mfn_to_page and virt_to_mfn [Roger Pau Monne]
  • d691e41793: xen/pvshim: fix coding style issues [Roger Pau Monne]
  • ee478f4737: xen/pvshim: re-order replace_va_mapping code [Roger Pau Monne]
  • f05a7c5148: xen/pvshim: identity pin shim vCPUs to pCPUs [Roger Pau Monne]
  • 7027acfc1f: tools: fix arm build after bdf693ee61b48 [Wei Liu]
  • bc513e82ed: Don’t build xen-shim for 32 bit build host [Wei Liu]
  • af63193017: Revert “x86/guest: use the vcpu_info area from shared_info” [Wei Liu]
  • a44e83b712: x86/shim: commit shim.config changes for 4.10 branch [Wei Liu]
  • da3a46d017: Merge tag ‘4.10.0-shim-comet-3’ into staging-4.10 [Wei Liu]
  • b6a6458b13: xen/arm: Flush TLBs before turning on the MMU to avoid stale entries [Julien Grall]
  • e3dfd5d1dd: xen/arm: vgic: Make sure the number of SPIs is a multiple of 32 [Julien Grall]
  • a6780c122b: x86/hvm: Disallow the creation of HVM domains without Local APIC emulation [Andrew Cooper]
  • 16edf98e95: gnttab: don’t blindly free status pages upon version change [Jan Beulich]
  • e2ceb2ed66: gnttab/ARM: don’t corrupt shared GFN array [Jan Beulich]
  • 1b1c059099: memory: don’t implicitly unpin for decrease-reservation [Jan Beulich]
  • 5e91fc4d3b: xen/arm: cpuerrata: Actually check errata on non-boot CPUs [Julien Grall]
  • 3921128fcb: xen/arm: vsmc: Don’t implement function IDs that don’t exist [Julien Grall]
  • cd2e1436b1: xen/arm: vpsci: Removing dummy MIGRATE and MIGRATE_INFO_UP_CPU [Julien Grall]
  • 3181472a5c: x86/idle: Clear SPEC_CTRL while idle [Andrew Cooper]
  • 5644514050: x86/cpuid: Offer Indirect Branch Controls to guests [Andrew Cooper]
  • db12743f2d: x86/ctxt: Issue a speculation barrier between vcpu contexts [Andrew Cooper]
  • bc0e599a83: x86/boot: Calculate the most appropriate BTI mitigation to use [Andrew Cooper]
  • fc81946cea: x86/entry: Avoid using alternatives in NMI/#MC paths [Andrew Cooper]
  • ce7d7c0168: x86/entry: Organise the clobbering of the RSB/RAS on entry to Xen [Andrew Cooper]
  • a695f8dce7: x86/entry: Organise the use of MSR_SPEC_CTRL at each entry/exit point [Andrew Cooper]
  • 92efbe8658: x86/hvm: Permit guests direct access to MSR_{SPEC_CTRL,PRED_CMD} [Andrew Cooper]
  • 8baba874d6: x86/migrate: Move MSR_SPEC_CTRL on migrate [Andrew Cooper]
  • 79891ef944: x86/msr: Emulation of MSR_{SPEC_CTRL,PRED_CMD} for guests [Andrew Cooper]
  • 641c11ef29: x86/cpuid: Handling of IBRS/IBPB, STIBP and IBRS for guests [Andrew Cooper]
  • 05eba93a0a: x86: fix GET_STACK_END [Wei Liu]
  • a69cfdf0c1: x86/acpi: process softirqs while printing CPU ACPI data [Roger Pau Monné]
  • 0f4be6e2c4: xen/x86: report domain id on cpuid [Roger Pau Monné]
  • 0a7e6b50e0: x86/svm: Offer CPUID Faulting to AMD HVM guests as well [Andrew Cooper]
  • 65ee6e043a: x86/cmdline: Introduce a command line option to disable IBRS/IBPB, STIBP and IBPB [Andrew Cooper]
  • 129880dd8f: x86/feature: Definitions for Indirect Branch Controls [Andrew Cooper]
  • c513244d8e: x86: Introduce alternative indirect thunks [Andrew Cooper]
  • 0e12c2c881: x86/amd: Try to set lfence as being Dispatch Serialising [Andrew Cooper]
  • 6aaf353f2e: x86/boot: Report details of speculative mitigations [Andrew Cooper]
  • 32babfc19a: x86: Support indirect thunks from assembly code [Andrew Cooper]
  • 47bbcb2dd1: x86: Support compiling with indirect branch thunks [Andrew Cooper]
  • 8743fc2ef7: common/wait: Clarifications to wait infrastructure [Andrew Cooper]
  • 1830b20b6b: x86/entry: Erase guest GPR state on entry to Xen [Andrew Cooper]
  • ab95cb0d94: x86/hvm: Use SAVE_ALL to construct the cpu_user_regs frame after VMExit [Andrew Cooper]
  • d02ef3d274: x86/entry: Rearrange RESTORE_ALL to restore register in stack order [Andrew Cooper]
  • e32f814160: x86: Introduce a common cpuid_policy_updated() [Andrew Cooper]
  • c534ab4e94: x86/hvm: Rename update_guest_vendor() callback to cpuid_policy_changed() [Andrew Cooper]
  • be3138b6f6: x86/alt: Introduce ALTERNATIVE{,_2} macros [Andrew Cooper]
  • 79012ead93: x86/alt: Break out alternative-asm into a separate header file [Andrew Cooper]
  • bbd093c503: xen/arm32: entry: Document the purpose of r11 in the traps handler [Julien Grall]
  • a69a8b5fdc: xen/arm32: Invalidate icache on guest exist for Cortex-A15 [Julien Grall]
  • f167ebf6b3: xen/arm32: Invalidate BTB on guest exit for Cortex A17 and 12 [Julien Grall]
  • c4c0187839: xen/arm32: Add skeleton to harden branch predictor aliasing attacks [Julien Grall]
  • 19ad8a7287: xen/arm32: entry: Add missing trap_reset entry [Julien Grall]
  • 3caf32c470: xen/arm32: Add missing MIDR values for Cortex-A17 and A12 [Julien Grall]
  • df7be94f26: xen/arm32: entry: Consolidate DEFINE_TRAP_ENTRY_* macros [Julien Grall]
  • f379b70609: SUPPORT.md: Fix version and Initial-Release [Ian Jackson]
  • 728fadb586: xen/arm: cpuerrata: Remove percpu.h include [Julien Grall]
  • 928112900e: xen/arm64: Implement branch predictor hardening for affected Cortex-A CPUs [Julien Grall]
  • cae6e1572f: xen/arm64: Add skeleton to harden the branch predictor aliasing attacks [Julien Grall]
  • d1f4283a1d: xen/arm: cpuerrata: Add MIDR_ALL_VERSIONS [Julien Grall]
  • 0f7a4faafb: xen/arm64: Add missing MIDR values for Cortex-A72, A73 and A75 [Julien Grall]
  • b829d42829: xen/arm: Introduce enable callback to enable a capabilities on each online CPU [Julien Grall]
  • fa23f2aaa2: xen/pvh: place the trampoline at page 0x1 [Roger Pau Monne]
  • 79f797c3f4: firmware/shim: fix build process to use POSIX find options [Roger Pau Monne]
  • 69f4d872e5: x86/guest: use the vcpu_info area from shared_info [Roger Pau Monne]
  • 7cccd6f748: x86: allow Meltdown band-aid to be disabled [Jan Beulich]
  • 234f481337: x86: Meltdown band-aid against malicious 64-bit PV guests [Jan Beulich]
  • 57dc197cf0: x86/mm: Always set _PAGE_ACCESSED on L4e updates [Andrew Cooper]
  • 7209b8bf08: x86: Don’t use potentially incorrect CPUID values for topology information [Jan H. Schönherr]
  • 910dd005da: x86/entry: Remove support for partial cpu_user_regs frames [Andrew Cooper]
  • 50d24b9530: x86/upcall: inject a spurious event after setting upcall vector [Roger Pau Monné]
  • c89c622b89: x86/E820: don’t overrun array [Jan Beulich]
  • 3b8d88d4fa: x86/IRQ: conditionally preserve access permission on map error paths [Jan Beulich]
  • 6f1979c8e4: -xen-attach is needed for pvh boot with qemu-xen [Michael Young]
  • 0a515eeb96: xen/pvshim: map vcpu_info earlier for APs [Roger Pau Monne]
  • 0e2d64ae8f: xl: pvshim: Provide and document xl config [Ian Jackson]
  • ab9e3854dd: libxl: pvshim: Introduce pvshim_extra [Ian Jackson]
  • abdde49edc: libxl: pvshim: Provide first-class config settings to enable shim mode [Ian Jackson]
  • 321ef983a0: xen/shim: allow DomU to have as many vcpus as available [Roger Pau Monne]
  • c9083de0ae: xen/shim: crash instead of reboot in shim mode [Roger Pau Monne]
  • b5be9c817d: xen/pvshim: use default position for the m2p mappings [Roger Pau Monne]
  • 9d60bc96be: xen/shim: modify shim_mem parameter behaviour [Roger Pau Monne]
  • 29dd3142bf: xen/pvshim: memory hotplug [Roger Pau Monne]
  • 5b6c3ffa1d: xen/pvshim: support vCPU hotplug [Roger Pau Monne]
  • 004646a1dd: xen/pvshim: set max_pages to the value of tot_pages [Roger Pau Monne]
  • 7dcc20e0c8: xen/pvshim: add shim_mem cmdline parameter [Sergey Dyasli]
  • 83c838c9f8: xen/pvshim: add migration support [Roger Pau Monne]
  • cc7d96b98c: x86/pv-shim: shadow PV console’s page for L2 DomU [Sergey Dyasli]
  • 7f5eb7d04e: xen/pvshim: add grant table operations [Roger Pau Monne]
  • bbad376ab1: xen/pvshim: forward evtchn ops between L0 Xen and L2 DomU [Roger Pau Monne]
  • da4518c559: xen/pvshim: set correct domid value [Roger Pau Monne]
  • 1cd703979f: xen/pvshim: modify Dom0 builder in order to build a DomU [Roger Pau Monne]
  • 60dd95357c: xen: mark xenstore/console pages as RAM [Roger Pau Monne]
  • 0ba5d8c275: xen/pvshim: skip Dom0-only domain builder parts [Roger Pau Monne]
  • 4ba6447e7d: xen/pvh: do not mark the low 1MB as IO mem [Roger Pau Monne]
  • 2b8a95a296: xen/x86: make VGA support selectable [Roger Pau Monne]
  • cdb1fb4921: xen/arm: bootfdt: Use proper default for #address-cells and #size-cells [Julien Grall]
  • a40186478c: xen/arm: gic-v3: Bail out if gicv3_cpu_init fail [Julien Grall]
  • 3784256866: tools/firmware: Build and install xen-shim [Andrew Cooper]
  • b5ead1fad3: x86/shim: Kconfig and command line options [Andrew Cooper]
  • aa96a59dc2: x86/guest: use PV console for Xen/Dom0 I/O [Sergey Dyasli]
  • 7477359b9a: x86/guest: add PV console code [Sergey Dyasli]
  • cb5dc94ba7: x86/guest: setup event channel upcall vector [Roger Pau Monne]
  • 3b058a3eab: x86: don’t swallow the first command line item in guest mode [Wei Liu]
  • 5a543c6f39: x86: read wallclock from Xen when running in pvh mode [Wei Liu]
  • 949eb11d58: x86: APIC timer calibration when running as a guest [Wei Liu]
  • f5ca36927e: x86: xen pv clock time source [Wei Liu]
  • 68e7a08436: x86/guest: map per-cpu vcpu_info area. [Roger Pau Monne]
  • d2df09c92b: xen/guest: fetch vCPU ID from Xen [Roger Pau Monne]
  • efa15c993b: x86/guest: map shared_info page [Roger Pau Monne]
  • 83186a8e69: xen/pvshim: keep track of used PFN ranges [Wei Liu]
  • 1fa5444834: xen: introduce rangeset_claim_range [Wei Liu]
  • 10128f33aa: xen/console: Introduce console=xen [Wei Liu]
  • 2f5a012143: x86/pvh: Retrieve memory map from Xen [Wei Liu]
  • 9752c7422b: x86/shutdown: Support for using SCHEDOP_{shutdown,reboot} [Andrew Cooper]
  • b38cc15b2f: x86/guest: Hypercall support [Andrew Cooper]
  • 3d1afab1f6: x86/entry: Probe for Xen early during boot [Andrew Cooper]
  • 31b664a93f: x86/boot: Map more than the first 16MB [Andrew Cooper]
  • db65173fe7: x86/entry: Early PVH boot code [Wei Liu]
  • 51f937a39b: x86: produce a binary that can be booted as PVH [Wei Liu]
  • 887c705600: x86: introduce ELFNOTE macro [Wei Liu]
  • f575701f3c: x86/link: Relocate program headers [Andrew Cooper]
  • af2f50b2b6: x86/Kconfig: Options for Xen and PVH support [Andrew Cooper]
  • b538a13a68: x86: Common cpuid faulting support [Andrew Cooper]
  • 57dc22b80d: x86/fixmap: Modify fix_to_virt() to return a void pointer [Andrew Cooper]
  • 48811d481c: tools/ocaml: Extend domain_create() to take arch_domainconfig [Jon Ludlam]
  • 78898c9d1b: tools/ocaml: Expose arch_config in domaininfo [Andrew Cooper]
  • e7c8187b91: xen/domctl: Return arch_config via getdomaininfo [Andrew Cooper]
  • 9e46ae12ed: ACPICA: Make ACPI Power Management Timer (PM Timer) optional. [Bob Moore]
  • ff1fb8fe53: x86/link: Introduce and use SECTION_ALIGN [Andrew Cooper]
  • 92a6295c30: x86/time: Print a more helpful error when a platform timer can’t be found [Andrew Cooper]
  • 78e9cc3488: xen/common: Widen the guest logging buffer slightly [Andrew Cooper]
  • 667275050d: tools/libxc: Multi modules support [Jonathan Ludlam]
  • 4621c10f48: tools/libelf: fix elf notes check for PVH guest [Wei Liu]
  • 40938b5d56: tools/libxc: remove extraneous newline in xc_dom_load_acpi [Wei Liu]
  • 5840f40e88: xen/x86: report domain id on cpuid [Roger Pau Monne]
  • caff7f9b59: x86/svm: Offer CPUID Faulting to AMD HVM guests as well [Andrew Cooper]
  • 69e302e59c: x86/upcall: inject a spurious event after setting upcall vector [Roger Pau Monné]
  • a87ec4833a: x86/msr: Free msr_vcpu_policy during vcpu destruction [Andrew Cooper]
  • 9dc5eda576: x86/vmx: Don’t use hvm_inject_hw_exception() in long_mode_do_msr_write() [Andrew Cooper]
  • 135b67e9bd: xen/efi: Fix build with clang-5.0 [Andrew Cooper]
  • 682a9d8d37: gnttab: improve GNTTABOP_cache_flush locking [Jan Beulich]
  • 19dcd8e47d: gnttab: correct GNTTABOP_cache_flush empty batch handling [Jan Beulich]
  • e5364c32c6: x86/microcode: Add support for fam17h microcode loading [Tom Lendacky]
  • e2dc7b584f: x86/mm: drop bogus paging mode assertion [Jan Beulich]
  • c8f4f45e04: x86/mb2: avoid Xen image when looking for module/crashkernel position [Daniel Kiper]
  • 4150501b71: x86/vvmx: don’t enable vmcs shadowing for nested guests [Sergey Dyasli]
  • ab7be6ce4a: xen/pv: Construct d0v0’s GDT properly [Andrew Cooper]
  • f3fb6673d8: update Xen version to 4.10.1-pre [Jan Beulich]

This release contains no fixes to qemu-traditional or qemu-upstream.

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSAXenqemu-traditionalqemu-upstream
XSA-252AppliedN/AN/A
XSA-253AppliedN/AN/A
XSA-254Applied (XPTI for Variant 3)N/AN/A
XSA-255AppliedN/AN/A
XSA-256AppliedN/AN/A
XSA-257Unused number......
XSA-258AppliedN/AN/A
XSA-259AppliedN/AN/A

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.10 stable series to update to this latest point release.