Skip to main content
search

Downloads

Xen Project 4.14.6

Xen Project 4.14.6

We are pleased to announce the release of Xen 4.14.6. This is available immediately from its git repository

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.14 (tag RELEASE-4.14.6) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 297fce96e1: Update Xen to version 4.14.6 [Andrew Cooper]
  • 050abf9e97: x86/spec-ctrl: Mitigate Gather Data Sampling [Andrew Cooper]
  • e138318362: x86/spec-ctrl: Enumerations for Gather Data Sampling [Andrew Cooper]
  • 5792b92fd9: x86/cpu-policy: Hide CLWB by default on SKX/CLX/CPX [Andrew Cooper]
  • e8db771a17: x86/spec-ctrl: Mitigate Speculative Return Stack Overflow [Andrew Cooper]
  • 6a2df62a98: x86/spec-ctrl: Enumerations for Speculative Return Stack Overflow [Andrew Cooper]
  • 0ac679428a: x86/spec-ctrl: Rework ibpb_calculations() [Andrew Cooper]
  • 49fbb552c4: x86/cpu-policy: Advertise MSR_ARCH_CAPS to guests by default [Andrew Cooper]
  • 7e10b39d9d: libxl: allow building with old gcc again [Jan Beulich]
  • 26a5e35fd8: libxl: avoid shadowing of index() [Jan Beulich]
  • f1652ccc90: libxl: add support for parsing MSR features [Roger Pau Monne]
  • 1299ea8d76: libxl: use the cpuid feature names from cpufeatureset.h [Roger Pau Monne]
  • 548ac09051: libxl: split logic to parse user provided CPUID features [Roger Pau Monne]
  • 53307f5c5d: libxl: introduce MSR data in libxl_cpuid_policy [Roger Pau Monne]
  • 9f6f7e07d0: libxl: change the type of libxl_cpuid_policy_list [Roger Pau Monne]
  • 44fde35fdd: libs/guest: introduce support for setting guest MSRs [Roger Pau Monne]
  • 1e082c9eca: libxl: don't ignore the return value from xc_cpuid_apply_policy [Roger Pau Monne]
  • cf02b6efed: x86/cpu-policy: Derive RSBA/RRSBA for guest policies [Andrew Cooper]
  • 5059ff1349: x86/spec-ctrl: Fix up the RSBA/RRSBA bits as appropriate [Andrew Cooper]
  • 927a168c39: x86/spec-ctrl: Rename retpoline_safe() to retpoline_calculations() [Andrew Cooper]
  • efc4bdd2c9: x86/spec-ctrl: Use a taint for CET without MSR_SPEC_CTRL [Andrew Cooper]
  • 18e759cb87: x86/spec-ctrl: Fix the rendering of FB_CLEAR [Andrew Cooper]
  • 5619a526ea: x86/cpu-policy: Rearrange guest_common_default_feature_adjustments() [Andrew Cooper]
  • 06a2b62145: x86/spec-ctrl: Update hardware hints [Andrew Cooper]
  • dc89d1f6f3: x86/spec-ctrl: Remove opencoded MSR_ARCH_CAPS check [Andrew Cooper]
  • ad084937fa: x86/tsx: Remove opencoded MSR_ARCH_CAPS check [Andrew Cooper]
  • 7320e9aa80: x86/vtx: Remove opencoded MSR_ARCH_CAPS check [Andrew Cooper]
  • 834fd82b8e: x86/boot: Expose MSR_ARCH_CAPS data in guest max policies [Andrew Cooper]
  • 12f895ef39: x86/boot: Record MSR_ARCH_CAPS for the Raw and Host CPU policy [Andrew Cooper]
  • 1ba3e81d73: x86/cpu-policy: MSR_ARCH_CAPS feature names [Andrew Cooper]
  • eed3654bee: x86/cpu-policy: Infrastructure for MSR_ARCH_CAPS [Andrew Cooper]
  • 775b544ebe: x86/boot: Adjust MSR_ARCH_CAPS handling for the Host policy [Andrew Cooper]
  • 5d624f0fb7: x86/boot: Rework dom0 feature configuration [Andrew Cooper]
  • f5b0f486dc: x86: Remove temporary {cpuid,msr}_policy defines [Andrew Cooper]
  • c1adeb4779: libx86: Update library API for cpu_policy [Andrew Cooper]
  • 738d89d31f: tools/fuzz: Rework afl-policy-fuzzer [Andrew Cooper]
  • 72895c4e97: x86/emul: Switch x86_emulate_ctxt to cpu_policy [Andrew Cooper]
  • 4e093cb460: x86/boot: Merge CPUID policy initialisation logic into cpu-policy.c [Andrew Cooper]
  • 279c1fb626: x86/boot: Move MSR policy initialisation logic into cpu-policy.c [Andrew Cooper]
  • 4ff61b27a3: x86: Out-of-inline the policy<->featureset convertors [Andrew Cooper]
  • bdcc1765f1: x86: Drop struct old_cpu_policy [Andrew Cooper]
  • cfcf833350: x86: Merge xc_cpu_policy's cpuid and msr objects [Andrew Cooper]
  • 99d01e3729: x86: Merge a domain's {cpuid,msr} policy objects [Andrew Cooper]
  • 83a720e912: x86: Merge the system {cpuid,msr} policy objects [Andrew Cooper]
  • 63e4aa3d3b: x86: Merge struct msr_policy into struct cpu_policy [Andrew Cooper]
  • 2e54fb9fec: x86: Rename struct cpuid_policy to struct cpu_policy [Andrew Cooper]
  • 3747c51a68: x86: Rename {domctl,sysctl}.cpu_policy.{cpuid,msr}_policy fields [Andrew Cooper]
  • edc64afe17: x86: Rename struct cpu_policy to struct old_cpuid_policy [Andrew Cooper]
  • 0307a3f68e: x86/sysctl: Retrofit XEN_SYSCTL_cpu_featureset_{pv,hvm}_max [Andrew Cooper]
  • 25eb98c93c: tools/xen-cpuid: Rework the handling of dynamic featuresets [Andrew Cooper]
  • 3690ddda21: x86/cpuid: Introduce dom0-cpuid command line option [Andrew Cooper]
  • 6a3b0205d5: x86/cpuid: Factor common parsing out of parse_xen_cpuid() [Andrew Cooper]
  • ceea0ecc3e: x86/cpuid: Split dom0 handling out of init_domain_cpuid_policy() [Andrew Cooper]
  • 1814dd3df7: x86/CPUID: move some static masks into .init [Jan Beulich]
  • 0eafe6ac6a: x86/cpuid: Drop special_features[] [Andrew Cooper]
  • 56c68aec53: x86/cpuid: Infrastructure for leaves 7:1{ecx,edx} [Andrew Cooper]
  • f99038fe4f: x86/cpuid: Calculate FEATURESET_NR_ENTRIES more helpfully [Andrew Cooper]
  • c47bfc94c0: x86/spec-ctrl: Enumeration for PBRSB_NO [Andrew Cooper]
  • 155d38c76c: x86: Expose more MSR_ARCH_CAPS to hwdom [Jason Andryuk]
  • 62549f8186: x86/msr: Expose MSR_ARCH_CAPS in the raw and host policies [Andrew Cooper]
  • 602ee4c295: x86/amd: Fix DE_CFG truncation in amd_check_zenbleed() [Andrew Cooper]
  • 64b40594f5: x86/amd: Mitigations for Zenbleed [Andrew Cooper]
  • 98ec8ad2ee: automation: Remove installation of packages from test scripts [Michal Orzel]
  • 622675cdbc: CI: Remove llvm-8 from the Debian Stretch container [Andrew Cooper]
  • b13f939a76: automation: Remove non-debug x86_32 build jobs [Anthony PERARD]
  • ce5c9feadf: automation: Remove CentOS 7.2 containers and builds [Anthony PERARD]
  • 4fcd2f59a7: CI: Drop automation/configs/ [Andrew Cooper]
  • 62406f6fbd: bump default SeaBIOS version to 1.16.0 [Jan Beulich]
  • d76c89122b: build: add –full to version.sh to guess $(XEN_FULLVERSION) [Anthony PERARD]
  • eccd4d0d75: CI: Drop TravisCI [Andrew Cooper]
  • b5e3e6294f: tools: Drop gettext as a build dependency [Andrew Cooper]
  • e49571868d: x86/spec-ctrl: Defer CR4_PV32_RESTORE on the cstar_enter path [Andrew Cooper]
  • 99e9afaeb0: x86/HVM: serialize pinned cache attribute list manipulation [Jan Beulich]
  • 71b3449555: x86/HVM: bound number of pinned cache attribute regions [Jan Beulich]
  • 254663bec2: x86/shadow: account for log-dirty mode when pre-allocating [Jan Beulich]
  • c267abfaf2: automation: Remove clang-8 from Debian unstable container [Anthony PERARD]
  • 46040a5fe6: x86/spec-ctrl: Mitigate IBPB not flushing the RSB/RAS [Andrew Cooper]
  • 013a27047c: x86/spec-ctrl: Enumeration for IBPB_RET [Andrew Cooper]
  • 6222bb8bd7: x86/shadow: drop (replace) bogus assertions [Jan Beulich]
  • 1c354767d5: tools/xenstore: harden transaction finalization against errors [Juergen Gross]
  • fd44be9ccb: tools/xenstore: fix deleting node in transaction [Juergen Gross]
  • ecbfb3bd49: tools/ocaml: Ensure packet size is never negative [Edwin Török]
  • 0cd209a7e3: tools/ocaml/xenstored: Fix quota bypass on domain shutdown [Edwin Török]
  • 7036cb93e3: docs: enhance xenstore.txt with permissions description [Juergen Gross]
  • 39254879e3: tools/xenstore: make the internal memory data base the default [Juergen Gross]
  • e5bdcec53a: tools/xenstore: remove nodes owned by destroyed domain [Juergen Gross]
  • baa5f58a69: tools/xenstore: use treewalk for deleting nodes [Juergen Gross]
  • 7f969f391e: tools/xenstore: use treewalk for check_store() [Juergen Gross]
  • 1de79dcf1b: tools/xenstore: simplify check_store() [Juergen Gross]
  • 4e1974248e: tools/xenstore: add generic treewalk function [Juergen Gross]
  • 7d4c2dea43: tools/xenstore: don't let remove_child_entry() call corrupt() [Juergen Gross]
  • 4d2fe1d32c: tools/xenstore: remove recursion from construct_node() [Juergen Gross]
  • 2761f00a40: tools/xenstore: fix checking node permissions [Juergen Gross]
  • 55e23bf410: tools/xenstore: don't use conn->in as context for temporary allocations [Juergen Gross]
  • 2cf1372141: SUPPORT.md: clarify support of untrusted driver domains with oxenstored [Juergen Gross]
  • 8db5e6f48e: tools/ocaml: Limit maximum in-flight requests / outstanding replies [Edwin Török]
  • b8b3734996: tools/ocaml/xb: Add BoundedQueue [Edwin Török]
  • 7f5d36df7c: tools/ocaml: Change Xb.input to return Packet.t option [Edwin Török]
  • 3a67865614: tools/ocaml/libs/xb: hide type of Xb.t [Edwin Török]
  • 276908c6c1: tools/ocaml: GC parameter tuning [Edwin Török]
  • f6a5a1d2e3: tools/ocaml/xenstored: Check for maxrequests before performing operations [Edwin Török]
  • 0bc44ec825: tools/ocaml/xenstored: Synchronise defaults with oxenstore.conf.in [Edwin Török]
  • 7c5316d7c7: tools/xenstore: add control command for setting and showing quota [Juergen Gross]
  • 0cc9d66691: tools/xenstore: add exports for quota variables [Juergen Gross]
  • 36812ae518: tools/xenstore: add memory accounting for nodes [Juergen Gross]
  • 3a7c46a944: tools/xenstore: add memory accounting for watches [Juergen Gross]
  • cc289061d9: tools/xenstore: add memory accounting for responses [Juergen Gross]
  • 03889b6716: tools/xenstore: add infrastructure to keep track of per domain memory usage [Juergen Gross]
  • 0406917f36: tools/xenstore: move the call of setup_structure() to dom0 introduction [Juergen Gross]
  • 93a9c3a066: tools/xenstore: limit max number of nodes accessed in a transaction [Juergen Gross]
  • 82dfb67578: tools/xenstore: simplify and fix per domain node accounting [Juergen Gross]
  • 9ad9fde555: tools/xenstore: fix connection->id usage [Juergen Gross]
  • 83b9da9282: tools/xenstore: don't buffer multiple identical watch events [Juergen Gross]
  • 3dafa5a774: tools/xenstore: limit outstanding requests [Juergen Gross]
  • 36ed7fe5da: tools/xenstore: let unread watch events time out [Juergen Gross]
  • a03e2a386e: tools/xenstore: reduce number of watch events [Juergen Gross]
  • 3530aa6aca: tools/xenstore: add helpers to free struct buffered_data [Juergen Gross]
  • 00240cfc5e: tools/xenstore: split up send_reply() [Juergen Gross]
  • bd50953ef3: tools/xenstore: Fail a transaction if it is not possible to create a node [Julien Grall]
  • d0dd461bfc: tools/xenstore: create_node: Don't defer work to undo any changes on failure [Julien Grall]
  • 96220aec3e: xen/arm: p2m: Populate pages for GICv2 mapping in p2m_init() [Henry Wang]
  • f25c377285: arm/p2m: Rework p2m_init() [Andrew Cooper]
  • 016de62747: libxl/Arm: correct xc_shadow_control() invocation to fix build [Jan Beulich]
  • 6e5608d1c5: gnttab: correct locking on transitive grant copy error path [Jan Beulich]
  • 7d64fb52a5: xen/arm: Allocate and free P2M pages from the P2M pool [Henry Wang]
  • 4220eac379: xen/arm, libxl: Implement XEN_DOMCTL_shadow_op for Arm [Henry Wang]
  • fd688b06a5: xen/arm: Construct the P2M pages pool for guests [Henry Wang]
  • e3b66e5cba: libxl, docs: Use arch-specific default paging memory [Henry Wang]
  • 804f83bfba: xen/x86: p2m: Add preemption in p2m_teardown() [Julien Grall]
  • f90615ce03: x86/p2m: free the paging memory pool preemptively [Roger Pau Monné]
  • fc10984718: x86/p2m: truly free paging pool memory for dying domains [Roger Pau Monné]
  • 9b5a7fd916: x86/p2m: refuse new allocations for dying domains [Roger Pau Monné]
  • b8f4a5de68: x86/shadow: tolerate failure in shadow_prealloc() [Roger Pau Monné]
  • 0bab3abf73: x86/shadow: tolerate failure of sh_set_toplevel_shadow() [Jan Beulich]
  • 3163e34f6a: x86/HAP: adjust monitor table related error handling [Jan Beulich]
  • 54b6eab0e4: x86/p2m: add option to skip root pagetable removal in p2m_teardown() [Roger Pau Monné]
  • 9c975e636e: xen/arm: p2m: Handle preemption when freeing intermediate page tables [Julien Grall]
  • 7a7406ba1d: xen/arm: p2m: Prevent adding mapping when domain is dying [Julien Grall]
  • 4ed063a71b: x86/amd: only call setup_force_cpu_cap for boot CPU [Ross Lagerwall]
  • 261b882f77: tools/libxl: env variable to signal whether disk/nic backend is trusted [Roger Pau Monné]
  • ef571a5a11: x86/mm: correct TLB flush condition in _get_page_type() [Jan Beulich]
  • 87d90d511c: x86/spec-ctrl: Mitigate Branch Type Confusion when possible [Andrew Cooper]
  • 5bccfbb68d: x86/spec-ctrl: Enable Zen2 chickenbit [Andrew Cooper]
  • 318d7bc36a: x86/cpuid: Enumeration for BTC_NO [Andrew Cooper]
  • 0a6561b20f: x86/spec-ctrl: Support IBPB-on-entry [Andrew Cooper]
  • d2f0cf7827: x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST [Andrew Cooper]
  • 51e812af8b: x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch [Andrew Cooper]
  • 73465a7fa1: x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr [Andrew Cooper]
  • b60c995d67: x86/spec-ctrl: Rework spec_ctrl_flags context switching [Andrew Cooper]
  • e5fd5081e0: x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives [Andrew Cooper]
  • 2d316660e5: xen/cmdline: Extend parse_boolean() to signal a name match [Andrew Cooper]
  • f1786895f1: x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint [Andrew Cooper]
  • a556377de5: x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS [Andrew Cooper]
  • 104dd4618e: x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option [Andrew Cooper]
  • c5f774eaee: x86/spec-ctrl: Add spec-ctrl=unpriv-mmio [Andrew Cooper]
  • 9f07848283: x86/spec-ctrl: Enumeration for MMIO Stale Data controls [Andrew Cooper]
  • 878e684e15: x86/spec-ctrl: Make VERW flushing runtime conditional [Andrew Cooper]
  • d7ebe3dfe3: x86/mm: account for PGT_pae_xen_l2 in recently added assertion [Jan Beulich]
  • 82ba97ec6b: x86/pv: Track and flush non-coherent mappings of RAM [Andrew Cooper]
  • 25c7adeefa: x86/amd: Work around CLFLUSH ordering on older parts [Andrew Cooper]
  • 204d4f1650: x86: Split cache_flush() out of cache_writeback() [Andrew Cooper]
  • 07fbed8758: x86: Don't change the cacheability of the directmap [Andrew Cooper]
  • a72146db9e: x86/page: Introduce _PAGE_* constants for memory types [Andrew Cooper]
  • 758f40d7fa: x86/pv: Fix ABAC cmpxchg() race in _get_page_type() [Andrew Cooper]
  • c70071eb6c: x86/pv: Clean up _get_page_type() [Andrew Cooper]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.14.5 and qemu-xen-4.14.6).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-326 Applied N/A N/A
XSA-401 Applied N/A N/A
XSA-402 Applied N/A N/A
XSA-403 Applied* (*Not patch 2 — see advisory) N/A N/A
XSA-404 Applied N/A N/A
XSA-405 N/A (Linux only) N/A N/A
XSA-406 N/A (Linux only) N/A N/A
XSA-407 Applied N/A N/A
XSA-408 Applied N/A N/A
XSA-409 Applied N/A N/A
XSA-410 Applied N/A N/A
XSA-411 Applied N/A N/A
XSA-412 N/A (Version not vulnerable) N/A N/A
XSA-413 N/A (Xapi only) N/A N/A
XSA-414 Applied N/A N/A
XSA-415 Applied N/A N/A
XSA-416 Applied N/A N/A
XSA-417 Applied N/A N/A
XSA-418 Applied N/A N/A
XSA-419 Applied N/A N/A
XSA-420 Applied N/A N/A
XSA-421 Applied N/A N/A
XSA-422 Applied N/A N/A
XSA-423 N/A (Linux only) N/A N/A
XSA-424 N/A (Linux only) N/A N/A
XSA-425 N/A (Version not vulnerable) N/A N/A
XSA-426 N/A (Version not vulnerable) N/A N/A
XSA-427 Applied N/A N/A
XSA-428 Applied N/A N/A
XSA-429 Applied N/A N/A
XSA-430 N/A (Version not vulnerable) N/A N/A
XSA-431 N/A (Version not vulnerable) N/A N/A
XSA-432 N/A (Linux only) N/A N/A
XSA-433 Applied N/A N/A
XSA-434 Applied N/A N/A
XSA-435 Applied N/A N/A
XSA-436 N/A (No patch supplied for just-out-of-support tree) N/A N/A

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.14 stable series to update to this latest point release.

Close Menu