Xen Project 4.14.4
We are pleased to announce the release of Xen 4.14.4. This is available immediately from its git repository
https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.14 (tag RELEASE-4.14.4) or from this download page
This release contains the following bug-fixes and improvements in the Xen Project hypervisor:
- b636efa6cc: update Xen version to 4.14.4 [Jan Beulich]
- 689734d05d: x86/pvh: fix population of the low 1MB for dom0 [Roger Pau Monné]
- bdf197d840: x86: Fix build with the get/set_reg() infrastructure [Andrew Cooper]
- 50935b88b4: x86/spec-ctrl: Fix NMI race condition with VT-x MSR_SPEC_CTRL handling [Andrew Cooper]
- dbfc6ba03a: x86/spec-ctrl: Drop SPEC_CTRL_{ENTRY_FROM,EXIT_TO}_HVM [Andrew Cooper]
- 4e25a788d0: x86/msr: Split MSR_SPEC_CTRL handling [Andrew Cooper]
- c45c2c2e09: x86/guest: Introduce {get,set}_reg() infrastructure [Andrew Cooper]
- 0f88870898: x86/time: improve TSC / CPU freq calibration accuracy [Jan Beulich]
- 6b776749ff: x86/time: use relative counts in calibration loops [Jan Beulich]
- 5af939d96a: passthrough/x86: stop pirq iteration immediately in case of error [Julien Grall]
- dbd85c0a82: xen/grant-table: Only decrement the refcounter when grant is fully unmapped [Julien Grall]
- 861e27398c: xen/arm: p2m: Always clear the P2M entry when the mapping is removed [Julien Grall]
- 45299b3cc8: x86/spec-ctrl: Fix default calculation of opt_srb_lock [Andrew Cooper]
- 1c30c97bd8: revert "hvmloader: PA range 0xfc000000-0xffffffff should be UC" [Jan Beulich]
- cc645375f6: x86/cpuid: Fix TSXLDTRK definition [Andrew Cooper]
- 4ebd423a52: x86/HVM: permit CLFLUSH{,OPT} on execute-only code segments [Jan Beulich]
- 160bddfafb: x86: avoid wrong use of all-but-self IPI shorthand [Jan Beulich]
- d8cf50574b: x86/HVM: fail virt-to-linear conversion for insn fetches from non-code segments [Jan Beulich]
- fb91773853: VT-d: don't leak domid mapping on error path [Jan Beulich]
- 992ba6df20: VT-d: split domid map cleanup check into a function [Jan Beulich]
- a51f2df5dc: efi: fix alignment of function parameters in compat mode [Roger Pau Monné]
- cbadf67bca: xen/arm: Do not invalidate the P2M when the PT is shared with the IOMMU [Stefano Stabellini]
- c4cf538865: MAINTAINERS: Resign from tools stable branch maintainership [Ian Jackson]
- 9de3671772: x86/P2M: deal with partial success of p2m_set_entry() [Jan Beulich]
- 3ae94651cf: x86/PoD: handle intermediate page orders in p2m_pod_cache_add() [Jan Beulich]
- 7f654ea88e: x86/PoD: deal with misaligned GFNs [Jan Beulich]
- 497bd4aadf: xen/page_alloc: Harden assign_pages() [Julien Grall]
- eb59f97eea: public/gnttab: relax v2 recommendation [Jan Beulich]
- 006897dd72: x86/APIC: avoid iommu_supports_x2apic() on error path [Jan Beulich]
- cdcdc28b2a: x86/IOMMU: mark IOMMU / intremap not in use when ACPI tables are missing [Jan Beulich]
- 3d031d9e79: x86/xstate: reset cached register values on resume [Marek Marczykowski-Górecki]
- 9d3bac49a5: x86/traps: Fix typo in do_entry_CP() [Andrew Cooper]
- 2b83810875: x86/shstk: Fix use of shadow stacks with XPTI active [Andrew Cooper]
- c3f2590369: update system time immediately when VCPUOP_register_vcpu_info [Dongli Zhang]
- 81e3fd1f3c: x86/paging: restrict physical address width reported to guests [Jan Beulich]
- 0c3fde7b7e: x86/AMD: make HT range dynamic for Fam17 and up [Jan Beulich]
- 7c957ea612: x86emul: de-duplicate scatters to the same linear address [Jan Beulich]
- f240f9c3c6: x86/HVM: correct cleanup after failed viridian_vcpu_init() [Jan Beulich]
- d204a14950: build: fix dependencies in arch/x86/boot [Anthony PERARD]
- 99cbe2031a: x86/PV32: fix physdev_op_compat handling [Jan Beulich]
- 49b0aef3f9: AMD/IOMMU: consider hidden devices when flushing device I/O TLBs [Jan Beulich]
- 37ea2893e9: x86/HVM: fix xsm_op for 32-bit guests [Jan Beulich]
- b1ac7bb7f7: x86/build: suppress EFI-related tool chain checks upon local $(MAKE) recursion [Jan Beulich]
- 28a28fa819: pci: fix handling of PCI bridges with subordinate bus number 0xff [Igor Druzhinin]
- d53afcdcb3: VT-d: PCI segment numbers are up to 16 bits wide [Jan Beulich]
- d8c60e68fb: VT-d: consider hidden devices when unmapping [Jan Beulich]
- b4926b6c40: x86: quote section names when defining them in linker script [Roger Pau Monné]
- 410f5d02b6: tools/libacpi: Use 64-byte alignment for FACS [Kevin Stefanov]
- 9d32c26cfe: x86/spec-ctrl: Print all AMD speculative hints/features [Andrew Cooper]
- e0a8ffd498: x86/amd: Use newer SSBD mechanisms if they exist [Andrew Cooper]
- 15734a72d7: x86/amd: Enumeration for speculative features/hints [Andrew Cooper]
- b7afc6b455: x86/spec-ctrl: Split the "Hardware features" diagnostic line [Andrew Cooper]
- 76f2b04c90: build: set policy filename on make command line [Anthony PERARD]
- 6124f6c189: update Xen version to 4.14.4-pre [Jan Beulich]
- ba45e99aa4: VT-d: fix deassign of device with RMRR [Jan Beulich]
This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.14.3 and qemu-xen-4.14.4).
This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.
XSA | Xen | qemu-traditional | qemu-upstream |
XSA-376 | N/A (Version not vulnerable) | N/A | N/A |
XSA-385 | Applied | N/A | N/A |
XSA-386 | Applied | N/A | N/A |
XSA-387 | Applied | N/A | N/A |
XSA-388 | Applied | N/A | N/A |
XSA-389 | Applied | N/A | N/A |
XSA-390 | N/A (Version not vulnerable) | N/A | N/A |
XSA-391 | N/A (Linux only) | N/A | N/A |
XSA-392 | N/A (Linux only) | N/A | N/A |
XSA-393 | Applied | N/A | N/A |
XSA-394 | Applied | N/A | N/A |
XSA-395 | Applied | N/A | N/A |
See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.
We recommend all users of the 4.14 stable series to update to this latest point release.