Downloads

Xen Project 4.12.4

We are pleased to announce the release of Xen 4.12.4. This is available immediately from its git repository 

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.12 (tag RELEASE-4.12.4) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 97b7b5567f: update Xen version to 4.12.4 [Jan Beulich]
  • 4100d463db: x86/pv: Flush TLB in response to paging structure changes [Andrew Cooper]
  • b1d6f37aa5: x86/pv: Drop FLUSH_TLB_GLOBAL in do_mmu_update() for XPTI [Andrew Cooper]
  • 0108b011e1: hvmloader: flip “ACPI data” to “ACPI NVS” type for ACPI table region [Igor Druzhinin]
  • 5d49509a66: x86/mwait-idle: customize IceLake server support [Chen Yu]
  • f49fff9072: x86: fix resource leaks on arch_vcpu_create() error path [Jan Beulich]
  • 7488b405b4: x86/vLAPIC: don’t leak regs page from vlapic_init() upon error [Jan Beulich]
  • a9382052b8: evtchn/fifo: use stable fields when recording “last queue” information [Jan Beulich]
  • 68ff540de1: x86/pv: Don’t deliver #GP for a SYSENTER with NT set [Andrew Cooper]
  • 1833c60701: x86/pv: Don’t clobber NT on return-to-guest [Andrew Cooper]
  • 14b0a080c1: AMD/IOMMU: ensure suitable ordering of DTE modifications [Jan Beulich]
  • 97f9defe96: AMD/IOMMU: update live PTEs atomically [Jan Beulich]
  • b402e2a14b: IOMMU: hold page ref until after deferred TLB flush [Jan Beulich]
  • 37f45de908: IOMMU: suppress “iommu_dont_flush_iotlb” when about to free a page [Jan Beulich]
  • e461318da3: x86/mm: Prevent some races in hypervisor mapping updates [Hongyan Xia]
  • 1cec2531fb: x86/mm: Refactor modify_xen_mappings to have one exit path [Wei Liu]
  • 03926de91c: x86/mm: Refactor map_pages_to_xen to have only a single exit path [Wei Liu]
  • 6888017392: evtchn/Flask: pre-allocate node on send path [Jan Beulich]
  • 0186e76a62: x86/HVM: more consistently set I/O completion [Jan Beulich]
  • 0ca821f197: hvmloader: indicate ACPI tables with “ACPI data” type in e820 [Igor Druzhinin]
  • cfd61e688f: evtchn: arrange for preemption in evtchn_reset() [Jan Beulich]
  • 2aa4864b8a: evtchn: arrange for preemption in evtchn_destroy() [Jan Beulich]
  • 8e25d522a3: evtchn: address races with evtchn_reset() [Jan Beulich]
  • 9c2a02740f: evtchn: convert per-channel lock to be IRQ-safe [Jan Beulich]
  • 9dda47cb70: evtchn: evtchn_reset() shouldn’t succeed with still-open ports [Jan Beulich]
  • b8c9776986: evtchn/x86: enforce correct upper limit for 32-bit guests [Jan Beulich]
  • 253a1e64d3: xen/evtchn: Add missing barriers when accessing/allocating an event channel [Julien Grall]
  • 3e039e12ec: x86/pv: Avoid double exception injection [Andrew Cooper]
  • b2db00754f: evtchn: relax port_is_valid() [Jan Beulich]
  • 1dfd2e2f65: x86/MSI-X: restrict reading of table/PBA bases from BARs [Jan Beulich]
  • 76a0760f6c: x86/msi: get rid of read_msi_msg [Roger Pau Monné]
  • d28c52ee2a: x86/vpt: fix race when migrating timers between vCPUs [Roger Pau Monné]
  • 8b8fff26f5: xen/memory: Don’t skip the RCU unlock path in acquire_resource() [Andrew Cooper]
  • 320e7a7369: x86/pv: Handle the Intel-specific MSR_MISC_ENABLE correctly [Andrew Cooper]
  • 0446e3db13: xen/arm: cmpxchg: Add missing memory barriers in __cmpxchg_mb_timeout() [Julien Grall]
  • a81e6557b9: xen/arm: Missing N1/A76/A75 FP registers in vCPU context switch [Wei Chen]
  • caebaf3751: xen/arm: Update silicon-errata.txt with the Neovers AT erratum [Julien Grall]
  • 76d934929b: xen/arm: Enable CPU Erratum 1165522 for Neoverse [Bertrand Marquis]
  • 81564c40ea: arm: Add Neoverse N1 processor identification [Bertrand Marquis]
  • ff79981ecb: x86/pv: Rewrite segment context switching from scratch [Andrew Cooper]
  • 3186568505: x86/pv: Fix consistency of 64bit segment bases [Andrew Cooper]
  • 40e0cf8108: x86/pv: Fix multiple bugs with SEGBASE_GS_USER_SEL [Andrew Cooper]
  • fbf016f2b2: x86/intel: Expose MSR_ARCH_CAPS to dom0 [Andrew Cooper]
  • 8c1c3e7d25: x86: Begin to introduce support for MSR_ARCH_CAPS [Andrew Cooper]
  • 5bd49ca50e: x86: use constant flags for section .init.rodata [Roger Pau Monné]
  • e0bd8996b4: x86/ioapic: Fix fixmap error path logic in ioapic_init_mappings() [Andrew Cooper]
  • c481b9f32d: libx86: introduce a helper to deserialise msr_policy objects [Sergey Dyasli]
  • 1336ca1774: x86/hvm: set ‘ipat’ in EPT for special pages [Paul Durrant]
  • dca9cc7db6: x86emul: replace UB shifts [Jan Beulich]
  • 07fd5d3598: x86/cpuid: Fix APIC bit clearing [Fam Zheng]
  • 85ce36d12b: x86/S3: put data segment registers into known state upon resume [Jan Beulich]
  • df9a0ad1f8: x86/spec-ctrl: Protect against CALL/JMP straight-line speculation [Andrew Cooper]
  • 7cce3f25a1: mm: fix public declaration of struct xen_mem_acquire_resource [Roger Pau Monné]
  • 43258cec14: x86/msr: Disallow access to Processor Trace MSRs [Andrew Cooper]
  • a1aae54189: x86/acpi: use FADT flags to determine the PMTMR width [Grzegorz Uriasz]
  • df11056150: x86/vmx: use P2M_ALLOC in vmx_load_pdptrs instead of P2M_UNSHARE [Tamas K Lengyel]
  • 19e0bbb4eb: xen: Check the alignment of the offset pased via VCPUOP_register_vcpu_info [Julien Grall]
  • d96c0f1ed5: x86/ept: flush cache when modifying PTEs and sharing page tables [Roger Pau Monné]
  • 653811e2d2: vtd: optimize CPU cache sync [Roger Pau Monné]
  • 26072a508d: x86/alternative: introduce alternative_2 [Roger Pau Monné]
  • b292255ea2: vtd: don’t assume addresses are aligned in sync_cache [Roger Pau Monné]
  • 38dc269ea4: x86/iommu: introduce a cache sync hook [Roger Pau Monné]
  • 5733de6b88: vtd: prune (and rename) cache flush functions [Roger Pau Monné]
  • d69f3058d8: vtd: improve IOMMU TLB flush [Jan Beulich]
  • 8faa45e25e: x86/ept: atomically modify entries in ept_next_level [Roger Pau Monné]
  • 731bdaf416: x86/EPT: ept_set_middle_entry() related adjustments [Jan Beulich]
  • ec57b9af27: x86/shadow: correct an inverted conditional in dirty VRAM tracking [Jan Beulich]
  • a634229ecf: xen/common: event_channel: Don’t ignore error in get_free_port() [Julien Grall]
  • 050fe48dc9: libacpi: widen TPM detection [Jason Andryuk]
  • 436ec68ea2: ioreq: handle pending emulation racing with ioreq server destruction [Paul Durrant]
  • 96e8abab83: x86/Intel: insert Ice Lake and Comet Lake model numbers [Jan Beulich]
  • 7cdc0cff95: build: fix dependency tracking for preprocessed files [Jan Beulich]
  • d937532ff5: x86/svm: do not try to handle recalc NPT faults immediately [Igor Druzhinin]
  • 7641573b33: build32: don’t discard .shstrtab in linker script [Roger Pau Monné]
  • 7eed533a8b: x86/mm: do not attempt to convert _PAGE_GNTTAB to a boolean [Roger Pau Monné]
  • 74a1230224: x86emul: rework CMP and TEST emulation [Jan Beulich]
  • 946113a444: x86emul: address x86_insn_is_mem_{access,write}() omissions [Jan Beulich]
  • 6182e5dd89: x86/hvm: Improve error information in handle_pio() [Andrew Cooper]
  • ad20170c71: VT-x: extend LBR Broadwell errata coverage [Jan Beulich]
  • 218a19b911: x86/boot: Fix load_system_tables() to be NMI/#MC-safe [Andrew Cooper]
  • aca68b9ca9: x86: clear RDRAND CPUID bit on AMD family 15h/16h [Jan Beulich]
  • 1f581f966a: x86/idle: Extend ISR/C6 erratum workaround to Haswell [Andrew Cooper]
  • 4969f34b49: x86/idle: prevent entering C3/C6 on some Intel CPUs due to errata [Roger Pau Monné]
  • ed44947e18: x86/idle: prevent entering C6 with in service interrupts on Intel [Roger Pau Monné]
  • 2eb277ec76: x86/idle: rework C6 EOI workaround [Roger Pau Monné]
  • b3af150fd4: x86: determine MXCSR mask in all cases [Jan Beulich]
  • f769c99f92: x86/hvm: Fix shifting in stdvga_mem_read() [Andrew Cooper]
  • bcdaffc589: x86/build: Unilaterally disable -fcf-protection [Andrew Cooper]
  • 2b10a3238a: x86/build: move -fno-asynchronous-unwind-tables into EMBEDDED_EXTRA_CFLAGS [Andrew Cooper]
  • a022f3679a: x86/build32: Discard all orphaned sections [Andrew Cooper]
  • dd49ddf0eb: x86/guest: Fix assembler warnings with newer binutils [Andrew Cooper]
  • bc775d06d0: x86/cpuidle: correct Cannon Lake residency MSRs [Jan Beulich]
  • be5c240252: update Xen version to 4.12.4-pre [Jan Beulich]
  • 06760c2bf3: tools/libxl: Fix memory leak in libxl_cpuid_set() [Andrew Cooper]
  • d58c48df8c: x86/spec-ctrl: Allow the RDRAND/RDSEED features to be hidden [Andrew Cooper]
  • 199ae1f158: x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel [Andrew Cooper]
  • 9dc2842940: x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data Sampling [Andrew Cooper]

In addition, this release also contains the following fixes to qemu-traditional:

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.12.3 and qemu-xen-4.12.4).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes. 

XSA Xen qemu-traditional qemu-upstream 
XSA-286 Applied N/A N/A
XSA-317 Applied N/A N/A
XSA-319 Applied N/A N/A
XSA-320 Applied N/A N/A
XSA-321 Applied N/A N/A
XSA-327 Applied N/A N/A
XSA-328 Applied N/A N/A
XSA-329 N/A (Linux only)
XSA-331 N/A (Linux only)
XSA-332 N/A (Linux only)
XSA-333 Applied N/A N/A
XSA-334 Applied N/A N/A
XSA-335 Applied N/A N/A
XSA-336 Applied N/A N/A
XSA-337 Applied N/A N/A
XSA-338 Applied N/A N/A
XSA-339 Applied N/A N/A
XSA-340 Applied N/A N/A
XSA-341 N/A (Unused number)
XSA-342 Applied N/A N/A
XSA-343 Applied N/A N/A
XSA-344 Applied N/A N/A
XSA-345 Applied N/A N/A
XSA-346 Applied N/A N/A
XSA-347 Applied N/A N/A

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.12 stable series to update to this latest point release.