Xen Project 4.14.1
We are pleased to announce the release of Xen 4.14.1. This is available immediately from its git repository
https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.14 (tag RELEASE-4.14.1) or from this download page
This release contains the following bug-fixes and improvements in the Xen Project hypervisor:
- ad844aa352: update Xen version to 4.14.1 [Jan Beulich]
- d17a5d5d27: evtchn/FIFO: add 2nd smp_rmb() to evtchn_fifo_word_from_port() [Jan Beulich]
- 9872981ddd: evtchn/FIFO: re-order and synchronize (with) map_control_block() [Jan Beulich]
- d785e076b3: x86/irq: fix infinite loop in irq_move_cleanup_interrupt [Roger Pau Monné]
- d8f08a44bc: x86: avoid calling {svm,vmx}_do_resume() [Jan Beulich]
- 5174e4202e: x86: fold guest_idle_loop() into idle_loop() [Jan Beulich]
- bfc99c310f: x86: replace reset_stack_and_jump_nolp() [Jan Beulich]
- 13268c50c0: tools/ocaml/xenstored: only Dom0 can change node owner [Edwin Török]
- de822c4a2c: tools/ocaml/xenstored: delete watch from trie too when resetting watches [Edwin Török]
- 57bbcd069b: tools/xenstore: Preserve bad client until they are destroyed [Harsha Shamsundara Havanur]
- 7214cc7457: tools/xenstore: drop watch event messages exceeding maximum size [Juergen Gross]
- 49ed711a95: tools/ocaml/xenstored: Fix path length validation [Edwin Török]
- dc871dda66: tools/ocaml/xenstored: clean up permissions for dead domains [Edwin Török]
- b1c5e402c4: tools/xenstore: revoke access rights for removed domains [Juergen Gross]
- 61d386343a: tools/ocaml/xenstored: add xenstored.conf flag to turn off watch permission checks [Edwin Török]
- 9e53440c36: tools/ocaml/xenstored: avoid watch events for nodes without access [Edwin Török]
- 335ef5b2b4: tools/ocaml/xenstored: introduce permissions for special watches [Edwin Török]
- 6fa3e05ff5: tools/ocaml/xenstored: unify watch firing [Edwin Török]
- f4405b67aa: tools/ocaml/xenstored: check privilege for XS_IS_DOMAIN_INTRODUCED [Edwin Török]
- 228e5621eb: tools/ocaml/xenstored: ignore transaction id for [un]watch [Edwin Török]
- 0a79a1b1d8: tools/xenstore: avoid watch events for nodes without access [Juergen Gross]
- 5073c6b169: tools/xenstore: allow special watches for privileged callers only [Juergen Gross]
- 52593586d5: tools/xenstore: introduce node_perms structure [Juergen Gross]
- 3d0e1a15b3: tools/xenstore: fire watches only when removing a specific node [Juergen Gross]
- 117521e9c0: tools/xenstore: rework node removal [Juergen Gross]
- 91992c72ed: tools/xenstore: check privilege for XS_IS_DOMAIN_INTRODUCED [Juergen Gross]
- 4e298fa407: tools/xenstore: simplify and rename check_event_node() [Juergen Gross]
- 3beffb3ed0: tools/xenstore: fix node accounting after failed node creation [Juergen Gross]
- da67712173: tools/xenstore: ignore transaction id for [un]watch [Juergen Gross]
- 9c898a82b8: tools/xenstore: allow removing child of a node exceeding quota [Juergen Gross]
- f130d5f013: tools/ocaml/xenstored: do permission checks on xenstore root [Edwin Török]
- 1d1d1f5391: x86/vioapic: fix usage of index in place of GSI in vioapic_write_redirent [Roger Pau Monné]
- 72bd989f51: xen/events: rework fifo queue locking [Juergen Gross]
- 8e6c236c3e: x86/DMI: fix SMBIOS pointer range check [Jan Beulich]
- 1cfb9b1c5b: xen/events: access last_priority and last_vcpu_id together [Juergen Gross]
- 7c6ee4ee23: x86/vpt: fix build with old gcc [Jan Beulich]
- d11d977551: xen/evtchn: revert 52e1fc47abc3a0123 [Juergen Gross]
- 1ad177370d: xen/evtchn: rework per event channel lock [Juergen Gross]
- 0057b1f8fa: memory: fix off-by-one in XSA-346 change [Jan Beulich]
- d101b417b7: x86/msr: Disallow guest access to the RAPL MSRs [Andrew Cooper]
- d95f45073c: x86/msr: fix handling of MSR_IA32_PERF_{STATUS/CTL} [Roger Pau Monné]
- 73a09279de: xen/arm: Always trap AMU system registers [Julien Grall]
- a38060ece6: tools/libs/stat: use memcpy instead of strncpy in getBridge [Bertrand Marquis]
- 78a53f0ee0: tool/libs/light: Fix libxenlight gcc warning [Bertrand Marquis]
- 89ae1b185a: tools/libxc: report malloc errors in writev_exact [Olaf Hering]
- 7398a44e86: tools/libs/stat: fix broken build [Juergen Gross]
- 59b83663f9: tools/xenstore: Do not abort xenstore-ls if a node disappears while iterating [David Woodhouse]
- 1f9f1cb3a0: tools/xenpmd: Fix gcc10 snprintf warning [Bertrand Marquis]
- f728b2d69f: libxl: fix -Werror=stringop-truncation in libxl__prepare_sockaddr_un [Marek Marczykowski-Górecki]
- 71a12a9798: libxl: workaround gcc 10.2 maybe-uninitialized warning [Marek Marczykowski-Górecki]
- 0c96e4297d: SUPPORT: Add linux device model stubdom to Toolstack [Jason Andryuk]
- 29b48aa27d: arm,smmu: match start level of page table walk with P2M [Laurentiu Tudor]
- d131310e60: xen/arm: sched: Ensure the vCPU context is seen before vcpu_pause() returns [Julien Grall]
- 7d2b21fd36: xen/arm: bootfdt: Ignore empty memory bank [Julien Grall]
- f61c5d0ca7: xen/arm64: force gcc 10+ to always inline generic atomics helpers [Jan Beulich]
- fc8fab1bb4: x86emul: fix PINSRW and adjust other {,V}PINSR* [Jan Beulich]
- 898864c373: pci: cleanup MSI interrupts before removing device from IOMMU [Roger Pau Monné]
- 9f954ae7fb: build: use if_changed more consistently (and correctly) for prelink*.o [Jan Beulich]
- 5784d1e942: SUPPORT.md: Desupport qemu trad except stub dm [Ian Jackson]
- 10bb63c203: x86/pv: Flush TLB in response to paging structure changes [Andrew Cooper]
- 941f69a428: x86/pv: Drop FLUSH_TLB_GLOBAL in do_mmu_update() for XPTI [Andrew Cooper]
- 7b1e587f25: hvmloader: flip "ACPI data" to "ACPI NVS" type for ACPI table region [Igor Druzhinin]
- ee47e8e8d9: x86/smpboot: Don't unconditionally call memguard_guard_stack() in cpu_smpboot_alloc() [Andrew Cooper]
- 4ba3fb0b4d: x86/traps: 'Fix' safety of read_registers() in #DF path [Andrew Cooper]
- d2ba323eaa: x86/mwait-idle: customize IceLake server support [Chen Yu]
- b081a5f14c: x86: fix resource leaks on arch_vcpu_create() error path [Jan Beulich]
- e936515191: x86/vLAPIC: don't leak regs page from vlapic_init() upon error [Jan Beulich]
- 9c1cc643ac: x86/S3: Restore CR4 earlier during resume [Andrew Cooper]
- 829dbe2cfb: xen/domain: check IOMMU options doesn't contain unknown bits set [Roger Pau Monné]
- 8d148003fd: evtchn/fifo: use stable fields when recording "last queue" information [Jan Beulich]
- 0521dc918e: x86/S3: fix shadow stack resume path [Marek Marczykowski-Górecki]
- 64c39517b5: x86/pv: Don't deliver #GP for a SYSENTER with NT set [Andrew Cooper]
- 0974e0085d: x86/pv: Don't clobber NT on return-to-guest [Andrew Cooper]
- a279fcbb4f: AMD/IOMMU: ensure suitable ordering of DTE modifications [Jan Beulich]
- f7ab0c1a8c: AMD/IOMMU: update live PTEs atomically [Jan Beulich]
- 7339975f55: AMD/IOMMU: convert amd_iommu_pte from struct to union [Jan Beulich]
- 94c157f2e3: IOMMU: hold page ref until after deferred TLB flush [Jan Beulich]
- 79f17015e7: IOMMU: suppress "iommu_dont_flush_iotlb" when about to free a page [Jan Beulich]
- 9e757fcdbb: x86/mm: Prevent some races in hypervisor mapping updates [Hongyan Xia]
- 809a70b161: x86/mm: Refactor modify_xen_mappings to have one exit path [Wei Liu]
- b4271092f2: x86/mm: Refactor map_pages_to_xen to have only a single exit path [Wei Liu]
- c93b520a41: evtchn/Flask: pre-allocate node on send path [Jan Beulich]
- f37a1cf023: x86/HVM: more consistently set I/O completion [Jan Beulich]
- 54789343ce: xen/hypfs: fix writing of custom parameter [Juergen Gross]
- 43eceee913: hvmloader: indicate ACPI tables with "ACPI data" type in e820 [Igor Druzhinin]
- 03019c20b5: evtchn: arrange for preemption in evtchn_reset() [Jan Beulich]
- 66cdf34142: evtchn: arrange for preemption in evtchn_destroy() [Jan Beulich]
- ecc6428b7e: evtchn: address races with evtchn_reset() [Jan Beulich]
- 2ee270e126: evtchn: convert per-channel lock to be IRQ-safe [Jan Beulich]
- 9b9fc8e391: evtchn: evtchn_reset() shouldn't succeed with still-open ports [Jan Beulich]
- b8c2efbe7b: evtchn/x86: enforce correct upper limit for 32-bit guests [Jan Beulich]
- f5469067ee: xen/evtchn: Add missing barriers when accessing/allocating an event channel [Julien Grall]
- eb4a543a47: x86/pv: Avoid double exception injection [Andrew Cooper]
- e417504feb: evtchn: relax port_is_valid() [Jan Beulich]
- 0bc4177e6b: x86/MSI-X: restrict reading of table/PBA bases from BARs [Jan Beulich]
- 5ad31525c9: x86/msi: get rid of read_msi_msg [Roger Pau Monné]
- fc8200a6ad: x86/vpt: fix race when migrating timers between vCPUs [Roger Pau Monné]
- 5eab5f0543: xen/memory: Don't skip the RCU unlock path in acquire_resource() [Andrew Cooper]
- b04d6731ee: x86/pv: Handle the Intel-specific MSR_MISC_ENABLE correctly [Andrew Cooper]
- 28855ebcdb: xen/arm: cmpxchg: Add missing memory barriers in __cmpxchg_mb_timeout() [Julien Grall]
- 174be04403: xen/arm: Missing N1/A76/A75 FP registers in vCPU context switch [Wei Chen]
- 158c3bdc49: xen/arm: Update silicon-errata.txt with the Neovers AT erratum [Julien Grall]
- 3535f2325f: xen/arm: Enable CPU Erratum 1165522 for Neoverse [Bertrand Marquis]
- de7e543685: arm: Add Neoverse N1 processor identification [Bertrand Marquis]
- 483b43c457: x86/pv: Rewrite segment context switching from scratch [Andrew Cooper]
- 431d52afd9: x86/pv: Fix consistency of 64bit segment bases [Andrew Cooper]
- ceafff707c: x86/pv: Fix multiple bugs with SEGBASE_GS_USER_SEL [Andrew Cooper]
- 369e7a35bf: x86/intel: Expose MSR_ARCH_CAPS to dom0 [Andrew Cooper]
- 98aa6ea751: x86: Begin to introduce support for MSR_ARCH_CAPS [Andrew Cooper]
- 80dec06f6a: x86: use constant flags for section .init.rodata [Roger Pau Monné]
- 5482c2887d: build: work around bash issue [Jan Beulich]
- edf5b8627f: x86/tsc: Fix diagnostics for TSC frequency [Andrew Cooper]
- eca6d5e914: x86/ioapic: Fix fixmap error path logic in ioapic_init_mappings() [Andrew Cooper]
- c3a0fc22af: x86: comment update after "drop high compat r/o M2P table address range" [Jan Beulich]
- 864d5701ec: x86/hvm: set 'ipat' in EPT for special pages [Paul Durrant]
- afed8e4365: x86emul: replace UB shifts [Jan Beulich]
- a5dab0a245: x86/cpuid: Fix APIC bit clearing [Fam Zheng]
- b8c3e33a4f: x86/S3: put data segment registers into known state upon resume [Jan Beulich]
- f836759a7b: update Xen version to 4.14.1-pre [Jan Beulich]
In addition, this release also contains the following fixes to qemu-traditional:
This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.14.0 and qemu-xen-4.14.1).
This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.
XSA | Xen | qemu-traditional | qemu-upstream |
XSA-115 | Applied | N/A | N/A |
XSA-286 | Applied | N/A | N/A |
XSA-322 | Applied | N/A | N/A |
XSA-323 | Applied | N/A | N/A |
XSA-324 | Applied | N/A | N/A |
XSA-325 | Applied | N/A | N/A |
XSA-330 | Applied | N/A | N/A |
XSA-331 | N/A (Linux only) | N/A | N/A |
XSA-332 | N/A (Linux only) | N/A | N/A |
XSA-333 | Applied | N/A | N/A |
XSA-334 | Applied | N/A | N/A |
XSA-335 | N/A | Applied | Applied |
XSA-336 | Applied | N/A | N/A |
XSA-337 | Applied | N/A | N/A |
XSA-338 | Applied | N/A | N/A |
XSA-339 | Applied | N/A | N/A |
XSA-340 | Applied | N/A | N/A |
XSA-341 | N/A (Unused Number) | N/A | N/A |
XSA-342 | Applied | N/A | N/A |
XSA-343 | Applied | N/A | N/A |
XSA-344 | Applied | N/A | N/A |
XSA-345 | Applied | N/A | N/A |
XSA-346 | Applied | N/A | N/A |
XSA-347 | Applied | N/A | N/A |
XSA-348 | Applied | N/A | N/A |
XSA-349 | N/A (Linux only) | N/A | N/A |
XSA-350 | N/A (Linux only) | N/A | N/A |
XSA-351 | Applied | N/A | N/A |
XSA-352 | Applied | N/A | N/A |
XSA-353 | Applied | N/A | N/A |
XSA-354 | N/A (xenopsd only) | N/A | N/A |
XSA-355 | Applied | N/A | N/A |
XSA-356 | Applied | N/A | N/A |
XSA-358 | Applied | N/A | N/A |
XSA-359 | Applied | N/A | N/A |
See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.
We recommend all users of the 4.14 stable series to update to this latest point release.