Xen Project 4.14.2
We are pleased to announce the release of Xen 4.14.2. This is available immediately from its git repository
https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.14 (tag RELEASE-4.14.2) or from this download page
This release contains the following bug-fixes and improvements in the Xen Project hypervisor:
- 207c70c5b6: update Xen version to 4.14.2 [Jan Beulich]
- b14d8345e5: x86/hpet: Don't enable legacy replacement mode unconditionally [Jan Beulich]
- 440e6d402d: x86/hpet: Factor hpet_enable_legacy_replacement_mode() out of hpet_setup() [Andrew Cooper]
- a67f981352: x86/vpt: do not take pt_migrate rwlock in some cases [Boris Ostrovsky]
- 2b5de80828: fix for_each_cpu() again for NR_CPUS=1 [Jan Beulich]
- da4733a23c: VT-d: restore flush hooks when disabling qinval [Jan Beulich]
- 732cf387c9: VT-d: re-order register restoring in vtd_resume() [Jan Beulich]
- e9f10a9add: VT-d: leave FECTL write to vtd_resume() [Jan Beulich]
- 0c4caea34a: VT-d: correct off-by-1 in number-of-IOMMUs check [Jan Beulich]
- 1ebc077a56: MAINTAINERS: Belatedly update for this being a stable branch [Ian Jackson]
- ddb39ba714: SUPPORT.MD: Clarify the support state for the Arm SMMUv{1, 2} drivers [Julien Grall]
- 6799072011: xen/vgic: Implement write to ISPENDR in vGICv{2, 3} [Julien Grall]
- b22b824f2e: xen/arm: mm: Remove ; at the end of mm_printk() [Julien Grall]
- a8a6736c97: xen/arm: Add workaround for Cortex-A53 erratum #843419 [Luca Fancellu]
- 8d6755fb44: xen/arm: Add workaround for Cortex-A55 erratum #1530923 [Bertrand Marquis]
- 2c46385e5a: xen/arm: Add Cortex-A73 erratum 858921 workaround [Penny Zheng]
- f43374f8c3: xen/arm: Document the erratum #853709 related to Cortex A72 [Michal Orzel]
- 93fbbb3b10: x86/ucode/amd: Fix microcode payload size for Fam19 processors [Andrew Cooper]
- 048af4453c: tools/oxenstored: mkdir conflicts were sometimes missed [Edwin Török]
- d5ed41d3b0: tools/oxenstored: Reject invalid watch paths early [Edwin Török]
- 004be86c81: tools/oxenstored: Fix quota calculation for mkdir EEXIST [Edwin Török]
- bcd9d2ee06: tools/oxenstored: Trim txhistory on xenbus reconnect [Edwin Török]
- 78a22dee01: tools/ocaml/libs/xb: Do not crash after xenbus is unmapped [Edwin Török]
- 9503a6df19: oxenstored: fix ABI breakage introduced in Xen 4.9.0 [Edwin Török]
- b0d7739f10: libxl: Fix domain soft reset state handling [Anthony PERARD]
- 1d6fa27b6b: xen: fix for_each_cpu when NR_CPUS=1 [Dario Faggioli]
- 57ced58d26: vtd: make sure QI/IR are disabled before initialisation [Igor Druzhinin]
- e765471690: x86/shadow: suppress "fast fault path" optimization without reserved bits [Jan Beulich]
- 576844d1b6: crypto: adjust rijndaelEncrypt() prototype for gcc11 [Jan Beulich]
- a1dab05393: x86/dmop: Properly fail for PV guests [Andrew Cooper]
- 3eee522824: xen/sched: Add missing memory barrier in vcpu_block() [Julien Grall]
- 97c0a5c05b: x86/EFI: suppress GNU ld 2.36'es creation of base relocs [Jan Beulich]
- 9b6054a63e: gnttab: bypass IOMMU (un)mapping when a domain is (un)mapping its own grant [Jan Beulich]
- 4a505ed5c4: gnttab: never permit mapping transitive grants [Jan Beulich]
- 605e1d92ef: xen/iommu: Check if the IOMMU was initialized before tearing down [Julien Grall]
- 865eba02a1: x86emul: fix SYSENTER/SYSCALL switching into 64-bit mode [Jan Beulich]
- daa4149647: x86/ucode/amd: Fix OoB read in cpu_request_microcode() [Andrew Cooper]
- 73a269624b: x86/EFI: work around GNU ld 2.36 issue [Jan Beulich]
- c354bd7468: x86/efi: enable MS ABI attribute on clang [Roger Pau Monné]
- 72fc75d707: x86/string: correct memmove()'s forwarding to memcpy() [Jan Beulich]
- ec003beb5c: x86/debug: fix page-overflow bug in dbg_rw_guest_mem [Tamas K Lengyel]
- 3d09a43f75: x86/HVM: re-order error path of hvm_domain_initialise() [Jan Beulich]
- 17810630a0: memory: bail from page scrubbing when CPU is no longer online [Jan Beulich]
- f6f787de98: x86/timer: Fix boot on Intel systems using ITSSPRC static PIT clock gating [Andrew Cooper]
- a473bdd81b: xen/include: compat/xlat.h may change with .config changes [Jan Beulich]
- 761995ee29: x86/vioapic: check IRR before attempting to inject interrupt after EOI [Roger Pau Monné]
- b0b734a8b3: xen/arm: fix gnttab_need_iommu_mapping [Stefano Stabellini]
- 9f357fe3e4: xen/page_alloc: Only flush the page to RAM once we know they are scrubbed [Julien Grall]
- 4170218cb9: x86/dpci: do not remove pirqs from domain tree on unbind [Roger Pau Monné]
- 9028fd493a: x86/mem_sharing: fix uninitialized 'preempted' variable [Tamas K Lengyel]
- 7f99c05ded: xen/memory: Fix compat XENMEM_acquire_resource for size requests [Andrew Cooper]
- cad784fb8f: x86/ACPI: don't overwrite FADT [Jan Beulich]
- e44321d94f: x86/hypercall: fix gnttab hypercall args conditional build on pvshim [Roger Pau Monné]
- a3509dcd0f: x86/dpci: EOI interrupt regardless of its masking status [Roger Pau Monné]
- 5f9b0f90ee: x86/vPCI: tolerate (un)masking a disabled MSI-X entry [Jan Beulich]
- a514c5ef5b: x86/hpet: Fix return value of hpet_setup() [Andrew Cooper]
- 1b09f3dcd4: update Xen version to 4.14.2-pre [Jan Beulich]
This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.14.1 and qemu-xen-4.14.2).
This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.
XSA | Xen | qemu-traditional | qemu-upstream |
XSA-360 | Applied | N/A | N/A |
XSA-361 | N/A (Linux only) | N/A | N/A |
XSA-362 | N/A (Linux only) | N/A | N/A |
XSA-363 | N/A (Version not vulnerable) | N/A | N/A |
XSA-364 | Applied | N/A | N/A |
XSA-365 | N/A (Linux only) | N/A | N/A |
XSA-366 | N/A (Version not vulnerable) | N/A | N/A |
XSA-367 | N/A (Linux only) | N/A | N/A |
XSA-368 | Applied | N/A | N/A |
XSA-369 | N/A (Linux only) | N/A | N/A |
XSA-371 | N/A (Linux only) | N/A | N/A |
See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.
We recommend all users of the 4.14 stable series to update to this latest point release.