Downloads

Xen Project 4.8.5

We are pleased to announce the release of Xen 4.8.5. This is available immediately from its git repository

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.8 (tag RELEASE-4.8.5) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 908e768fae: update Xen version to 4.8.5 [Jan Beulich]
  • 090d47c927: VMX: allow migration of guests with SSBD enabled [Jan Beulich]
  • 70294dbe2a: x86/dom0: Fix shadowing of PV guests with 2M superpages [Andrew Cooper]
  • 88d77da676: x86/dom0: Avoid using 1G superpages if shadowing may be necessary [Andrew Cooper]
  • 92f31182e0: x86/shadow: shrink struct page_info’s shadow_flags to 16 bits [Jan Beulich]
  • 4be61c4d9b: x86/shadow: move OOS flag bit positions [Jan Beulich]
  • 538c7c754a: x86/mm: Don’t perform flush after failing to update a guests L1e [Andrew Cooper]
  • 14854d08a8: AMD/IOMMU: suppress PTE merging after initial table creation [Jan Beulich]
  • f030ad0753: amd/iommu: fix flush checks [Roger Pau Monné]
  • d6798ce357: stubdom/vtpm: fix memcmp in TPM_ChangeAuthAsymFinish [Olaf Hering]
  • d792e577dc: x86: work around HLE host lockup erratum [Jan Beulich]
  • ba4eb85319: x86: extend get_platform_badpages() interface [Jan Beulich]
  • 88b5e368ce: tools/dombuilder: Initialise vcpu debug registers correctly [Andrew Cooper]
  • 64fd42fbcb: x86/domain: Initialise vcpu debug registers correctly [Andrew Cooper]
  • 86cba9b023: x86/boot: Initialise the debug registers correctly [Andrew Cooper]
  • 49f74ea609: x86/boot: enable NMIs after traps init [Sergey Dyasli]
  • 5b6fb33d8f: vtd: add missing check for shared EPT… [Paul Durrant]
  • 8d1afd1cef: x86: fix “xpti=” and “pv-l1tf=” yet again [Jan Beulich]
  • 0dbe6acef0: x86: split opt_pv_l1tf [Jan Beulich]
  • 38a7dded19: x86: split opt_xpti [Jan Beulich]
  • bd89569fb5: x86: silence false log messages for plain “xpti” / “pv-l1tf” [Jan Beulich]
  • dee5937802: stubdom/grub.patches: Drop docs changes, for licensing reasons [Ian Jackson]
  • 5670039606: x86/hvm/emulate: make sure rep I/O emulation does not cross GFN boundaries [Paul Durrant]
  • 53dfcb0f6e: x86/shutdown: use ACPI reboot method for Dell PowerEdge R540 [Ross Lagerwall]
  • d4f07fb1a8: x86/shutdown: use ACPI reboot method for Dell PowerEdge R740 [Ross Lagerwall]
  • 005df911f6: x86: assorted array_index_nospec() insertions [Jan Beulich]
  • 8bfab2b5b6: VT-d/dmar: iommu mem leak fix [Zhenzhong Duan]
  • dc814e1920: rangeset: make inquiry functions tolerate NULL inputs [Jan Beulich]
  • 5e8697735b: x86/setup: Avoid OoB E820 lookup when calculating the L1TF safe address [Andrew Cooper]
  • d1a5936d63: x86/hvm/ioreq: MMIO range checking completely ignores direction flag [Paul Durrant]
  • c9fc6b388e: x86/vlapic: Bugfixes and improvements to vlapic_{read,write}() [Andrew Cooper]
  • 21ac6c8e44: x86/vmx: Avoid hitting BUG_ON() after EPTP-related domain_crash() [Andrew Cooper]
  • e52ec4b787: x86: write to correct variable in parse_pv_l1tf() [Jan Beulich]
  • d95b5bb31e: xl.conf: Add global affinity masks [Wei Liu]
  • 565de91ac7: x86: Make “spec-ctrl=no” a global disable of all mitigations [Jan Beulich]
  • 1c6c2def1c: x86/spec-ctrl: Introduce an option to control L1D_FLUSH for HVM HAP guests [Andrew Cooper]
  • 1f56fba486: x86/msr: Virtualise MSR_FLUSH_CMD for guests [Andrew Cooper]
  • 5464d5f0c9: x86/spec-ctrl: CPUID/MSR definitions for L1D_FLUSH [Andrew Cooper]
  • 9e7d5e266a: x86/pv: Force a guest into shadow mode when it writes an L1TF-vulnerable PTE [Juergen Gross]
  • 7849d13d45: x86/mm: Plumbing to allow any PTE update to fail with -ERESTART [Andrew Cooper]
  • e819108a41: x86/shadow: Infrastructure to force a PV guest into shadow mode [Juergen Gross]
  • fe78829480: x86/spec-ctrl: Introduce an option to control L1TF mitigation for PV guests [Andrew Cooper]
  • 28fc483f3d: x86/spec-ctrl: Calculate safe PTE addresses for L1TF mitigations [Andrew Cooper]
  • 712082daee: tools/oxenstored: Make evaluation order explicit [Christian Lindig]
  • ed6fcdb902: x86/vtx: Fix the checking for unknown/invalid MSR_DEBUGCTL bits [Andrew Cooper]
  • 04061641b6: ARM: disable grant table v2 [Stefano Stabellini]
  • e3d0ce38c2: common/gnttab: Introduce command line feature controls [Andrew Cooper]
  • c00fabcd79: VMX: fix vmx_{find,del}_msr() build [Jan Beulich]
  • 3478439f98: x86/vmx: Support load-only guest MSR list entries [Andrew Cooper]
  • b81b74aa1b: x86/vmx: Pass an MSR value into vmx_msr_add() [Andrew Cooper]
  • b289403527: x86/vmx: Improvements to LBR MSR handling [Andrew Cooper]
  • 47fbc6e025: x86/vmx: Support remote access to the MSR lists [Andrew Cooper]
  • ee7bceaf20: x86/vmx: Factor locate_msr_entry() out of vmx_find_msr() and vmx_add_msr() [Andrew Cooper]
  • df5bbf7a4a: x86/vmx: Internal cleanup for MSR load/save infrastructure [Andrew Cooper]
  • d96893fe44: x86/vmx: API improvements for MSR load/save infrastructure [Andrew Cooper]
  • 15508b33a5: x86/vmx: Defer vmx_vmcs_exit() as long as possible in construct_vmcs() [Andrew Cooper]
  • 790ed1521e: x86/vmx: Fix handing of MSR_DEBUGCTL on VMExit [Andrew Cooper]
  • d8389572d4: x86/spec-ctrl: Yet more fixes for xpti= parsing [Andrew Cooper]
  • aa450153f2: x86/spec-ctrl: Fix the parsing of xpti= on fixed Intel hardware [Andrew Cooper]
  • b149b06b1e: x86/hvm: Disallow unknown MSR_EFER bits [Andrew Cooper]
  • c117d09fe3: x86/xstate: Make errors in xstate calculations more obvious by crashing the domain [Andrew Cooper]
  • e343ee80be: x86/xstate: Use a guests CPUID policy, rather than allowing all features [Andrew Cooper]
  • 5566272d5a: x86/vmx: Don’t clobber %dr6 while debugging state is lazy [Andrew Cooper]
  • f049cd67a9: x86: command line option to avoid use of secondary hyper-threads [Jan Beulich]
  • 6dc0bc5881: x86: possibly bring up all CPUs even if not all are supposed to be used [Jan Beulich]
  • 37a1b4aa4c: x86: distinguish CPU offlining from CPU removal [Jan Beulich]
  • f6a31ed471: x86/AMD: distinguish compute units from hyper-threads [Jan Beulich]
  • 08eda978c2: cpupools: fix state when downing a CPU failed [Jan Beulich]
  • 96bf2dbc8d: allow cpu_down() to be called earlier [Jan Beulich]
  • 23975f5137: xen: oprofile/nmi_int.c: Drop unwanted sexual reference [Ian Jackson]
  • f3b0cdb49f: x86/spec-ctrl: command line handling adjustments [Jan Beulich]
  • f5ef10dd01: x86: correctly set nonlazy_xstate_used when loading full state [Jan Beulich]
  • de172b0ff6: xen: Port the array_index_nospec() infrastructure from Linux [Andrew Cooper]
  • 3686d0963e: cmdline: fix parse_boolean() for NULL incoming end pointer [Jan Beulich]
  • 4aec0c7ff5: update Xen version to 4.8.5-pre [Jan Beulich]

This release also contains NO fixes to qemu-traditional.

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.8.4 and qemu-xen-4.8.5).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-268 Applied Applied Applied
XSA-269 Applied Applied Applied
XSA-270 N/A (Linux only)
XSA-271 N/A (XAPI only)
XSA-272 Applied Applied Applied
XSA-273 Applied Applied Applied
XSA-274 N/A (Linux only)
XSA-275 Applied Applied Applied
XSA-276 N/A (Xen 4.11+ only)
XSA-277 N/A (Xen 4.11+ only)
XSA-278 Applied Applied Applied
XSA-279 Applied Applied Applied
XSA-280 Applied Applied Applied
XSA-281 N/A (Unused number)
XSA-282 Applied Applied Applied

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.8 stable series to update to this latest point release.