Downloads

Xen Project 4.10.3

We are pleased to announce the release of Xen 4.10.3. This is available immediately from its git repository 

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.10 (tag RELEASE-4.10.3) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • a016b8f207: update Xen version to 4.10.3 [Jan Beulich]
  • e21c79fe4f: libxl: correctly dispose of dominfo list in libxl_name_to_domid [Wei Liu]
  • 0a9cc37996: libxl: don’t set gnttab limits in soft reset case [Juergen Gross]
  • 80c2955777: x86emul/test: fix build after “x86emul: fix 3-operand IMUL” [Jan Beulich]
  • 0695e67102: correct release note link in SUPPORT.md [Juergen Gross]
  • d5513db9c3: x86/hvm: Fix bit checking for CR4 and MSR_EFER [Andrew Cooper]
  • ed944f28c8: x86/AMD: flush TLB after ucode update [Jan Beulich]
  • 948eb03751: xen/cmdline: Fix buggy strncmp(s, LITERAL, ss – s) construct [Andrew Cooper]
  • 8774be8a40: mm/page_alloc: fix MEMF_no_dma allocations for single NUMA [Sergey Dyasli]
  • 7baf4f08e1: x86emul: work around SandyBridge errata [Jan Beulich]
  • 500ceac0a2: x86emul: fix 3-operand IMUL [Jan Beulich]
  • 5f428061a5: x86/hvm: Corrections to RDTSCP intercept handling [Andrew Cooper]
  • d616c1b18d: x86/VT-x: Don’t activate VMCS Shadowing outside of nested vmx mode [Andrew Cooper]
  • c119267f25: x86/shadow: don’t enable shadow mode with too small a shadow allocation [Jan Beulich]
  • 95e2f57788: ns16550/PCI: fix skipping of devices [Jan Beulich]
  • cb10bb82a5: x86/soft-reset: Drop gfn reference after calling get_gfn_query() [Andrew Cooper]
  • 223fe48409: x86/mem-sharing: Don’t leave the altp2m lock held when nominating a page [Andrew Cooper]
  • 70e728bd44: x86/HVM: __hvm_copy() should not write to p2m_ioreq_server pages [Jan Beulich]
  • 16888c3c84: VMX: fix vmx_handle_eoi() [Jan Beulich]
  • 316e4426a1: xen/arm: vgic-v3: Don’t create empty re-distributor regions [Julien Grall]
  • 278e9f511e: xen/arm: vgic-v3: Delay the initialization of the domain information [Julien Grall]
  • 0b18340cf6: xen/arm: check for multiboot nodes only under /chosen [Stefano Stabellini]
  • 892675b79f: xen/arm: gic: Ensure ordering between read of INTACK and shared data [Julien Grall]
  • 8f144ee4a3: xen/arm: gic: Ensure we have an ISB between ack and do_IRQ() [Julien Grall]
  • e00dc325bd: xen/arm: smccc-1.1: Handle function result as parameters [Marc Zyngier]
  • cbe5b1910b: xen/arm: smccc-1.1: Make return values unsigned long [Marc Zyngier]
  • b6e203bc80: x86/dom0: Avoid using 1G superpages if shadowing may be necessary [Andrew Cooper]
  • 8b1efc9bf4: x86/shadow: shrink struct page_info’s shadow_flags to 16 bits [Jan Beulich]
  • 2f5a67cfea: x86/shadow: move OOS flag bit positions [Jan Beulich]
  • c1fd0703f3: x86/mm: Don’t perform flush after failing to update a guests L1e [Andrew Cooper]
  • d5d8074405: AMD/IOMMU: suppress PTE merging after initial table creation [Jan Beulich]
  • 421aada55f: amd/iommu: fix flush checks [Roger Pau Monné]
  • e907460fd6: stubdom/vtpm: fix memcmp in TPM_ChangeAuthAsymFinish [Olaf Hering]
  • ba6ac89d1d: x86: work around HLE host lockup erratum [Jan Beulich]
  • 4c7cd94808: x86: extend get_platform_badpages() interface [Jan Beulich]
  • c841c82a53: Release: add release note link to SUPPORT.md [Juergen Gross]
  • 5b15c049b5: x86/pv: Fix crash when using `xl set-parameter pcid=…` [Andrew Cooper]
  • 6e3650dc20: tools/dombuilder: Initialise vcpu debug registers correctly [Andrew Cooper]
  • 4d5a0f2ffb: x86/domain: Initialise vcpu debug registers correctly [Andrew Cooper]
  • b0f1b24663: x86/boot: Initialise the debug registers correctly [Andrew Cooper]
  • aa05c39678: x86/boot: enable NMIs after traps init [Sergey Dyasli]
  • c504397642: vtd: add missing check for shared EPT… [Paul Durrant]
  • 1639352133: x86: fix “xpti=” and “pv-l1tf=” yet again [Jan Beulich]
  • b79ac2746c: x86: split opt_pv_l1tf [Jan Beulich]
  • 5822be6a6a: x86: split opt_xpti [Jan Beulich]
  • 225fbd2e25: x86: silence false log messages for plain “xpti” / “pv-l1tf” [Jan Beulich]
  • 73788eb585: x86/vvmx: Disallow the use of VT-x instructions when nested virt is disabled [Andrew Cooper]
  • ed024ef538: stubdom/grub.patches: Drop docs changes, for licensing reasons [Ian Jackson]
  • 9f8eff39ea: sched-if.h: include xen/err.h [Jan Beulich]
  • 788948bebc: tools/tests: fix an xs-test.c issue [Wei Liu]
  • 61dc0159b6: x86/boot: Allocate one extra module slot for Xen image placement [Daniel Kiper]
  • d86c9aeae6: xen: sched/Credit2: fix bug when moving CPUs between two Credit2 cpupools [Dario Faggioli]
  • 45197905fc: x86/hvm/emulate: make sure rep I/O emulation does not cross GFN boundaries [Paul Durrant]
  • 5483835318: x86/cpuidle: don’t init stats lock more than once [Jan Beulich]
  • 518726dc1d: x86/efi: split compiler vs linker support [Roger Pau Monné]
  • d091a49f89: x86/efi: move the logic to detect PE build support [Roger Pau Monné]
  • 923af25a47: x86/shutdown: use ACPI reboot method for Dell PowerEdge R540 [Ross Lagerwall]
  • 5ba0bb072a: x86/shutdown: use ACPI reboot method for Dell PowerEdge R740 [Ross Lagerwall]
  • 173c338006: update Xen version to 4.10.3-pre [Jan Beulich]

This release contains NO changes to qemu-traditional and NO changes to qemu-upstream.

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes. 

XSA Xen qemu-traditional qemu-upstream 
XSA-275 Applied N/A N/A
XSA-276 Only Xen 4.11 or newer are impacted
XSA-277 Only Xen 4.11 or newer are impacted
XSA-278 Applied N/A N/A
XSA-279 Applied N/A N/A
XSA-280 Applied N/A N/A
XSA-281 Unused XSA number
XSA-282 Applied N/A N/A
XSA-283 Widthdrawn XSA
XSA-284 – XSA-288 Under embargo at time of release
XSA-289 Not applied, see TECHNICAL DETAILS of XSA 289

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.10 stable series to update to this latest point release.