Software-update: Xen 4.15.3

Xen is een baremetal-hypervisor voor het x86- en ARMv7/v8-platform, en laat diverse besturingssystemen gelijktijdig op één systeem draaien zonder de prestaties drastisch te beïnvloeden. Voor meer informatie over Xen en de bijbehorende community verwijzen we naar deze en deze pagina. Op dit moment worden alleen Linux, NetBSD en FreeBSD als hostsystemen ondersteund, maar men is druk bezig om ook andere besturingssystemen volledig te ondersteunen. De ontwikkelaars hebben versie 4.15.3 uitgebracht, met de volgende aankondiging:


We are pleased to announce the release of Xen 4.15.3. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.15 (tag RELEASE-4.15.3) or from this download page.

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:
  • update Xen version to 4.15.3
  • x86/spec-ctrl: Add spec-ctrl=unpriv-mmio
  • x86/spec-ctrl: Enumeration for MMIO Stale Data controls
  • x86/spec-ctrl: Make VERW flushing runtime conditional
  • x86/mm: account for PGT_pae_xen_l2 in recently added assertion
  • x86/pv: Track and flush non-coherent mappings of RAM
  • x86/amd: Work around CLFLUSH ordering on older parts
  • x86: Split cache_flush() out of cache_writeback()
  • x86: Don't change the cacheability of the directmap
  • x86/page: Introduce _PAGE_* constants for memory types
  • x86/pv: Fix ABAC cmpxchg() race in _get_page_type()
  • x86/pv: Clean up _get_page_type()
  • PCI: don't allow "pci-phantom=" to mark real devices as phantom functions
  • ns16550: use poll mode if INTERRUPT_LINE is 0xff
  • build: silence GNU ld warning about executable stacks
  • build: suppress GNU ld warning about RWX load segments
  • xen: io: Fix race between sending an I/O and domain shutdown
  • linker/lld: do not generate quoted section names
  • kconfig: detect LD implementation
  • x86/msr: handle reads to MSR_P5_MC_{ADDR,TYPE}
  • IOMMU/x86: disallow device assignment to PoD guests
  • IOMMU: make domctl handler tolerate NULL domain
  • xen/iommu: cleanup iommu related domctl handling
  • tools/libs/light: don't set errno to a negative value
  • tools/libs/guest: don't set errno to a negative value
  • tools/libs/ctrl: don't set errno to a negative value
  • tools/libs/evtchn: don't set errno to negative values
  • xen/build: Fix dependency for the MAP rule
  • x86/mm: avoid inadvertently degrading a TLB flush to local only
  • VT-d: refuse to use IOMMU with reserved CAP.ND value
  • xen: fix XEN_DOMCTL_gdbsx_guestmemio crash
  • x86/irq: skip unmap_domain_pirq XSM during destruction
  • livepatch: avoid relocations referencing ignored section symbols
  • livepatch: do not ignore sections with 0 size
  • vPCI: fix MSI-X PBA read/write gprintk()s
  • x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies
  • VT-d: avoid infinite recursion on domain_context_mapping_one() error path
  • VT-d: avoid NULL deref on domain_context_mapping_one() error paths
  • VT-d: don't needlessly look up DID
  • tools/firmware: do not add a section
  • tools/firmware: force -fcf-protection=none
  • libxl: Re-scope usage
  • libxl: Don't segfault on soft-reset failure
  • xl: Fix global pci options
  • tools/libs/light: set video_mem for PVH guests
  • IOMMU/x86: use per-device page tables for quarantining
  • AMD/IOMMU: abstract maximum number of page table levels
  • IOMMU/x86: drop TLB flushes from quarantine_init() hooks
  • IOMMU/x86: maintain a per-device pseudo domain ID
  • VT-d: prepare for per-device quarantine page tables (part II)
  • VT-d: prepare for per-device quarantine page tables (part I)
  • AMD/IOMMU: re-assign devices directly
  • VT-d: re-assign devices directly
  • VT-d: drop ownership checking from domain_context_mapping_one()
  • IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter
  • VT-d: fix add/remove ordering when RMRRs are in use
  • VT-d: fix (de)assign ordering when RMRRs are in use
  • VT-d: correct ordering of operations in cleanup_domid_map()
  • x86/hap: do not switch on log dirty for VRAM tracking
  • livepatch: account for patch offset when applying NOP patch
  • vpci/msix: fix PBA accesses
  • livepatch: resolve old address before function verification
  • x86/cet: Remove XEN_SHSTK's dependency on EXPERT
  • xen/x86: Livepatch: support patching CET-enhanced functions
  • x86/cet: Remove writeable mapping of the BSPs shadow stack
  • x86/cet: Clear IST supervisor token busy bits on S3 resume
  • x86/kexec: Fix kexec-reboot with CET active
  • x86/spec-ctrl: Disable retpolines with CET-IBT
  • x86/CET: Fix S3 resume with shadow stacks active
  • x86: Enable CET Indirect Branch Tracking
  • x86/EFI: Disable CET-IBT around Runtime Services calls
  • x86/setup: Rework MSR_S_CET handling for CET-IBT
  • x86/entry: Make IDT entrypoints CET-IBT compatible
  • x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible
  • x86/emul: Update emulation stubs to be CET-IBT compatible
  • x86: Introduce helpers/checks for endbr64 instructions
  • x86/traps: Rework write_stub_trampoline() to not hardcode the jmp
  • x86/alternatives: Clear CR4.CET when clearing CR0.WP
  • x86/setup: Read CR4 earlier in __start_xen()
  • x86: Introduce support for CET-IBT
  • xz: validate the value before assigning it to an enum variable
  • xz: avoid overlapping memcpy() with invalid input with in-place decompression
  • tools/libxl: don't allow IOMMU usage with PoD
  • x86/console: process softirqs between warning prints
  • x86/spec-ctrl: Cease using thunk=lfence on AMD
  • xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3
  • xen/arm: Add Spectre BHB handling
  • xen/arm: Add ECBHB and CLEARBHB ID fields
  • xen/arm: move errata CSV2 check earlier
  • xen/arm: Introduce new Arm processors
  • x86emul: fix VPBLENDMW with mask and memory operand
  • tools/libs: Fix build dependencies
  • tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL
  • libxl: force netback to wait for hotplug execution before connecting
  • tools/libxl: Correctly align the ACPI tables
  • update Xen version to 4.15.3-pre
  • x86/spec-ctrl: Support Intel PSFD for guests
  • x86/cpuid: Infrastructure for cpuid word 7:2.edx
  • x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R
  • x86/tsx: Move has_rtm_always_abort to an outer scope
  • x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling
  • x86/cpuid: Infrastructure for leaf 7:1.ebx
  • x86/cpuid: Disentangle logic for new feature leaves
  • x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default
  • x86/msr: AMD MSR_SPEC_CTRL infrastructure
  • x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL
  • x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD
  • x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL
  • x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3
  • x86/spec-ctrl: Introduce new has_spec_ctrl boolean
  • x86/spec-ctrl: Drop use_spec_ctrl boolean
  • x86/cpuid: Advertise SSB_NO to guests by default
  • x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL
  • x86/vmx: Drop spec_ctrl load in VMEntry path
  • x86/cpuid: support LFENCE always serialising CPUID bit
  • x86/amd: split LFENCE dispatch serializing setup logic into helper
  • MAINTAINERS: Anthony is stable branch tools maintainer
In addition, this release also contains the following fixes to qemu-traditional:

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.15.2 and qemu-xen-4.15.3).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.
  • XSA-396
  • XSA-397
  • XSA-398
  • XSA-399
  • XSA-400
  • XSA-401
  • XSA-402
  • XSA-404
See for details related to Xen Project security advisories.

We recommend all users of the 4.15 stable series to update to this latest point release.
Versienummer 4.15.3
Releasestatus Final
Besturingssystemen Linux, BSD
Website Xen Project
Licentietype Voorwaarden (GNU/BSD/etc.)

Door Japke Rosink


06-07-2022 • 01:19

0 Linkedin

Bron: Xen Project


21-11 Xen 4.15.4 15
06-07 Xen 4.15.3 0
04-'21 Xen 4.15.0 5
11-'20 Xen 4.13.2 / 4.12.4 0
01-'20 Xen 4.12.2 3
04-'19 Xen 4.12.0 14
03-'19 Xen 4.10.3 / 4.9.4 0
12-'18 Xen 4.11.1 / 4.8.5 7
09-'18 Xen 4.10.2 / 4.9.3 3
07-'18 Xen 4.8.4 9
Meer historie


Wijzig sortering

Er zijn nog geen reacties geplaatst

Op dit item kan niet meer gereageerd worden.

Tweakers maakt gebruik van cookies

Tweakers plaatst functionele en analytische cookies voor het functioneren van de website en het verbeteren van de website-ervaring. Deze cookies zijn noodzakelijk. Om op Tweakers relevantere advertenties te tonen en om ingesloten content van derden te tonen (bijvoorbeeld video's), vragen we je toestemming. Via ingesloten content kunnen derde partijen diensten leveren en verbeteren, bezoekersstatistieken bijhouden, gepersonaliseerde content tonen, gerichte advertenties tonen en gebruikersprofielen opbouwen. Hiervoor worden apparaatgegevens, IP-adres, geolocatie en surfgedrag vastgelegd.

Meer informatie vind je in ons cookiebeleid.


Toestemming beheren

Hieronder kun je per doeleinde of partij toestemming geven of intrekken. Meer informatie vind je in ons cookiebeleid.

Functioneel en analytisch

Deze cookies zijn noodzakelijk voor het functioneren van de website en het verbeteren van de website-ervaring. Klik op het informatie-icoon voor meer informatie. Meer details


    Relevantere advertenties

    Dit beperkt het aantal keer dat dezelfde advertentie getoond wordt (frequency capping) en maakt het mogelijk om binnen Tweakers contextuele advertenties te tonen op basis van pagina's die je hebt bezocht. Meer details

    Tweakers genereert een willekeurige unieke code als identifier. Deze data wordt niet gedeeld met adverteerders of andere derde partijen en je kunt niet buiten Tweakers gevolgd worden. Indien je bent ingelogd, wordt deze identifier gekoppeld aan je account. Indien je niet bent ingelogd, wordt deze identifier gekoppeld aan je sessie die maximaal 4 maanden actief blijft. Je kunt deze toestemming te allen tijde intrekken.

    Ingesloten content van derden

    Deze cookies kunnen door derde partijen geplaatst worden via ingesloten content. Klik op het informatie-icoon voor meer informatie over de verwerkingsdoeleinden. Meer details