Xen Project 4.16.3
We are pleased to announce the release of Xen 4.16.3. This is available immediately from its git repository
https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.16 (tag RELEASE-4.16.3) or from this download page
This release contains the following bug-fixes and improvements in the Xen Project hypervisor:
- 556c2e817c: update Xen version to 4.16.3 [Jan Beulich]
- 03a43f548e: tools/oxenstored: Render backtraces more nicely in Syslog [Andrew Cooper]
- 4a8ff8bf1b: tools/oxenstored/syslog: Avoid potential NULL dereference [Edwin Török]
- a41d969353: tools/oxenstored: Set uncaught exception handler [Edwin Török]
- 724d003ecc: tools/oxenstored: Log live update issues at warning level [Edwin Török]
- 8108d3c99c: tools/oxenstored: Keep /dev/xen/evtchn open across live update [Edwin Török]
- e5502f2bbd: tools/oxenstored: Rework Domain evtchn handling to use port_pair [Andrew Cooper]
- 5c11a898e5: tools/oxenstored: Implement Domain.rebind_evtchn [Andrew Cooper]
- 0ce5f6ddf9: tools/oxenstored: Rename some 'port' variables to 'remote_port' [Andrew Cooper]
- cd69a4cf61: tools/oxenstored: Bind the DOM_EXC VIRQ in in Event.init() [Andrew Cooper]
- bb3dcf7bc8: tools/oxenstored: Style fixes to Domain [Andrew Cooper]
- c96f51bc3e: tools/ocaml/evtchn: Extend the init() binding with a cloexec flag [Edwin Török]
- dd3006b1dd: tools/ocaml/evtchn: Add binding for xenevtchn_fdopen() [Edwin Török]
- 5e41efcc50: tools/ocaml/evtchn: OCaml 5 support, fix potential resource leak [Edwin Török]
- 94fbce235e: tools/oxenstored: Fix incorrect scope after an if statement [Andrew Cooper]
- 3774760ae0: tools/ocaml/xenstored/store.ml: fix build error [Edwin Török]
- 8837acbcda: tools/ocaml/xenstored: fix live update exception [Edwin Török]
- dae2ebabf8: tools/oxenstored: Fix Oxenstored Live Update [Andrew Cooper]
- 4ad5975d4e: x86/HVM: don't mark evtchn upcall vector as pending when vLAPIC is disabled [Jan Beulich]
- a61f93d597: x86/Viridian: don't mark IRQ vectors as pending when vLAPIC is disabled [Jan Beulich]
- 07bbac08b5: x86/HVM: don't mark external IRQs as pending when vLAPIC is disabled [Jan Beulich]
- 09849cdd25: x86/pvh: do not forward MADT Local APIC NMI structures to dom0 [Roger Pau Monné]
- b6b3dc8d88: x86/irq: do not release irq until all cleanup is done [Roger Pau Monné]
- 042a5b7024: xen/arm: Correct the p2m pool size calculations [Andrew Cooper]
- 4320b31106: libs/light: Propagate libxl__arch_domain_create() return code [Anthony PERARD]
- 4759d80fd2: efifb: ignore frame buffer with invalid configuration [Roger Pau Monné]
- 43a5ce211b: x86/spec-ctrl: Fill in whitepaper URL [Andrew Cooper]
- 0d39a6d1ae: CHANGELOG: update link for RELEASE-4.16.0 [Henry Wang]
- 1dc6dccb1a: xen/sched: migrate timers to correct cpus after suspend [Juergen Gross]
- a524495aac: tools/xenstore: call remove_domid_from_perm() for special nodes [Juergen Gross]
- c1e196ab49: x86/spec-ctrl: Mitigate IBPB not flushing the RSB/RAS [Andrew Cooper]
- b1a1df345a: x86/spec-ctrl: Enumeration for IBPB_RET [Andrew Cooper]
- 1bdd7c438b: tools/xenstore: harden transaction finalization against errors [Juergen Gross]
- 4305807dfd: tools/xenstore: fix deleting node in transaction [Juergen Gross]
- 635390415f: tools/ocaml: Ensure packet size is never negative [Edwin Török]
- 5b0919f2c0: tools/ocaml/xenstored: Fix quota bypass on domain shutdown [Edwin Török]
- 1f5b394d6e: docs: enhance xenstore.txt with permissions description [Juergen Gross]
- 8b81fc185a: tools/xenstore: make the internal memory data base the default [Juergen Gross]
- 825332daea: tools/xenstore: remove nodes owned by destroyed domain [Juergen Gross]
- 7682de61a4: tools/xenstore: use treewalk for creating node records [Juergen Gross]
- 1514de3a5f: tools/xenstore: use treewalk for deleting nodes [Juergen Gross]
- f5a4c26b2e: tools/xenstore: use treewalk for check_store() [Juergen Gross]
- c5a76df793: tools/xenstore: simplify check_store() [Juergen Gross]
- 01ab491022: tools/xenstore: add generic treewalk function [Juergen Gross]
- 32ff913afe: tools/xenstore: don't let remove_child_entry() call corrupt() [Juergen Gross]
- 074b32e471: tools/xenstore: remove recursion from construct_node() [Juergen Gross]
- 036fa8717b: tools/xenstore: fix checking node permissions [Juergen Gross]
- c758765e46: tools/xenstore: don't use conn->in as context for temporary allocations [Juergen Gross]
- a026fddf89: SUPPORT.md: clarify support of untrusted driver domains with oxenstored [Juergen Gross]
- cec3c52c28: tools/ocaml: Limit maximum in-flight requests / outstanding replies [Edwin Török]
- ea1567893b: tools/ocaml/xb: Add BoundedQueue [Edwin Török]
- 59981b08c8: tools/ocaml: Change Xb.input to return Packet.t option [Edwin Török]
- 8b60ad49b4: tools/ocaml/libs/xb: hide type of Xb.t [Edwin Török]
- a63bbcf531: tools/ocaml: GC parameter tuning [Edwin Török]
- ab21bb1971: tools/ocaml/xenstored: Check for maxrequests before performing operations [Edwin Török]
- b0e95b4512: tools/ocaml/xenstored: Synchronise defaults with oxenstore.conf.in [Edwin Török]
- b584b9b956: tools/xenstore: add control command for setting and showing quota [Juergen Gross]
- 0a67b4eef1: tools/xenstore: add exports for quota variables [Juergen Gross]
- 578d422af0: tools/xenstore: add memory accounting for nodes [Juergen Gross]
- bce985745c: tools/xenstore: add memory accounting for watches [Juergen Gross]
- 30c8e752f6: tools/xenstore: add memory accounting for responses [Juergen Gross]
- 2e406cf5fb: tools/xenstore: add infrastructure to keep track of per domain memory usage [Juergen Gross]
- 2d39cf77d7: tools/xenstore: move the call of setup_structure() to dom0 introduction [Juergen Gross]
- 7017cfefc4: tools/xenstore: limit max number of nodes accessed in a transaction [Juergen Gross]
- 717460e062: tools/xenstore: simplify and fix per domain node accounting [Juergen Gross]
- 787241f552: tools/xenstore: fix connection->id usage [Juergen Gross]
- b270ad4a7e: tools/xenstore: don't buffer multiple identical watch events [Juergen Gross]
- 49344fb86f: tools/xenstore: limit outstanding requests [Juergen Gross]
- d08cdf0b19: tools/xenstore: let unread watch events time out [Juergen Gross]
- e26d6f4d1b: tools/xenstore: reduce number of watch events [Juergen Gross]
- f8af1a27b0: tools/xenstore: add helpers to free struct buffered_data [Juergen Gross]
- ce6aea73f6: tools/xenstore: split up send_reply() [Juergen Gross]
- 427e86b488: tools/xenstore: Fail a transaction if it is not possible to create a node [Julien Grall]
- 28ea39a4eb: tools/xenstore: create_node: Don't defer work to undo any changes on failure [Julien Grall]
- 62e7fb702d: x86/vmx: Revert "VMX: use a single, global APIC access page" [Andrew Cooper]
- c229b16ba3: x86/pv-shim: correct ballooning down for compat guests [Igor Druzhinin]
- 2f75e3654f: x86/pv-shim: correct ballooning up for compat guests [Igor Druzhinin]
- 08f6c88405: x86/pv-shim: correctly ignore empty onlining requests [Igor Druzhinin]
- 426a8346c0: common: map_vcpu_info() wants to unshare the underlying page [Jan Beulich]
- aac1085090: x86: also zap secondary time area handles during soft reset [Jan Beulich]
- 8f3f8f20de: vpci/msix: remove from table list on detach [Roger Pau Monné]
- 96d26f11f5: vpci: don't assume that vpci per-device data exists unconditionally [Roger Pau Monné]
- 9fdb4f1765: x86/shadow: drop (replace) bogus assertions [Jan Beulich]
- 88f2bf5de9: xen/sched: fix restore_vcpu_affinity() by removing it [Juergen Gross]
- 481465f35d: xen/sched: fix race in RTDS scheduler [Juergen Gross]
- 54f8ed80c8: EFI: don't convert memory marked for runtime use to ordinary RAM [Jan Beulich]
- d4a11d6a22: argo: Remove reachable ASSERT_UNREACHABLE [Jason Andryuk]
- 02ab5e97c4: VMX: correct error handling in vmx_create_vmcs() [Jan Beulich]
- 5dae06578c: x86emul: respect NSCB [Jan Beulich]
- e5a5bdeba6: xen/arm: p2m: Populate pages for GICv2 mapping in p2m_init() [Henry Wang]
- 86cb374475: arm/p2m: Rework p2m_init() [Andrew Cooper]
- 1bce7fb1f7: x86/vpmu: Fix race-condition in vpmu_load [Tamas K Lengyel]
- 3f4da85ca8: x86: wire up VCPUOP_register_vcpu_time_memory_area for 32-bit guests [Jan Beulich]
- b956076239: xen/gnttab: fix gnttab_acquire_resource() [Juergen Gross]
- 49510071ee: tools/xenstore: minor fix of the migration stream doc [Juergen Gross]
- 2b694dd293: Config.mk: correct PIE-related option(s) in EMBEDDED_EXTRA_CFLAGS [Jan Beulich]
- 4f3204c2bc: xen/sched: fix cpu hotplug [Juergen Gross]
- c377ceab0a: xen/sched: carve out memory allocation and freeing from schedule_cpu_rm() [Juergen Gross]
- d4e971ad12: xen/sched: introduce cpupool_update_node_affinity() [Juergen Gross]
- e8882bcfe3: x86/CPUID: surface suitable value in EBX of XSTATE subleaf 1 [Jan Beulich]
- e85e2a3c17: tools/libxl: Replace deprecated -soundhw on QEMU command line [Anthony PERARD]
- 32cb81501c: gnttab: correct locking on transitive grant copy error path [Jan Beulich]
- 44e9dcc48b: xen/arm: Allocate and free P2M pages from the P2M pool [Henry Wang]
- 3a16da801e: xen/arm, libxl: Implement XEN_DOMCTL_shadow_op for Arm [Henry Wang]
- 914fc8e8b4: xen/arm: Construct the P2M pages pool for guests [Henry Wang]
- 755a9b5284: libxl, docs: Use arch-specific default paging memory [Henry Wang]
- a603386b42: xen/x86: p2m: Add preemption in p2m_teardown() [Julien Grall]
- f5959ed715: x86/p2m: free the paging memory pool preemptively [Roger Pau Monné]
- 943635d8f8: x86/p2m: truly free paging pool memory for dying domains [Roger Pau Monné]
- 745e0b300d: x86/p2m: refuse new allocations for dying domains [Roger Pau Monné]
- 28d3f677ec: x86/shadow: tolerate failure in shadow_prealloc() [Roger Pau Monné]
- 40e9daf6b5: x86/shadow: tolerate failure of sh_set_toplevel_shadow() [Jan Beulich]
- 3422c19d85: x86/HAP: adjust monitor table related error handling [Jan Beulich]
- 8fc19c143b: x86/p2m: add option to skip root pagetable removal in p2m_teardown() [Roger Pau Monné]
- 937fdbad51: xen/arm: p2m: Handle preemption when freeing intermediate page tables [Julien Grall]
- 8d9531a342: xen/arm: p2m: Prevent adding mapping when domain is dying [Julien Grall]
- 4aa32912eb: update Xen version to 4.16.3-pre [Jan Beulich]
This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.16.2 and qemu-xen-4.16.3).
This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.
XSA | Xen | qemu-traditional | qemu-upstream |
XSA-326 | Applied | N/A | N/A |
XSA-409 | Applied | N/A | N/A |
XSA-410 | Applied | N/A | N/A |
XSA-411 | Applied | N/A | N/A |
XSA-412 | Applied | N/A | N/A |
XSA-413 | N/A (Xapi only) | N/A | N/A |
XSA-414 | Applied | N/A | N/A |
XSA-415 | Applied | N/A | N/A |
XSA-416 | Applied | N/A | N/A |
XSA-417 | Applied | N/A | N/A |
XSA-418 | Applied | N/A | N/A |
XSA-419 | Applied | N/A | N/A |
XSA-420 | Applied | N/A | N/A |
XSA-421 | Applied | N/A | N/A |
XSA-422 | Applied | N/A | N/A |
XSA-423 | N/A (Linux only) | N/A | N/A |
XSA-424 | N/A (Linux only) | N/A | N/A |
See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.
We recommend all users of the 4.16 stable series to update to this latest point release.