[Oraclevm-errata] OVMSA-2018-0218 Important: Oracle VM 3.4 xen security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Tue May 22 16:47:52 PDT 2018
Oracle VM Security Advisory OVMSA-2018-0218
The following updated rpms for Oracle VM 3.4 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.4.4-105.0.45.el6.x86_64.rpm
xen-tools-4.4.4-105.0.45.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-105.0.45.el6.src.rpm
Description of changes:
[4.4.4-105.0.45.el6]
- BUILDINFO: xen commit=dc770041d983843c860c06d405054c0e01a4fd98
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Red-tape: Update the repo with CVE XSA-262 (Boris Ostrovsky) [Orabug:
27948886] {CVE-2018-10981}
- Red-tape: Update the repo with CVE XSA-261 (Boris Ostrovsky) [Orabug:
27948879] {CVE-2018-10982}
- x86/HVM: guard against emulator driving ioreq state in weird ways (Jan
Beulich) [Orabug: 27948886]
- x86/vpt: add support for IO-APIC routed interrupts (Xen Project
Security Team) [Orabug: 27948879]
[4.4.4-105.0.44.el6]
- BUILDINFO: xen commit=509b72c59322d8418db1ba59773a7c05eaf52369
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/paging: don't unconditionally BUG() on finding SHARED_M2P_ENTRY
(Jan Beulich) [Orabug: 27185385] {CVE-2017-17565}
- x86/mm: don't wrongly set page ownership (Jan Beulich) [Orabug:
27185991] {CVE-2017-17566}
- misc/xenmicrocode: Upload /lib/firmware/<some blob> to the hypervisor
(Konrad Rzeszutek Wilk) [Orabug: 27957829]
[4.4.4-105.0.43.el6]
- BUILDINFO: xen commit=0d94c746fadb8e3ff435220db9079279b22fa56b
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/traps: Fix handling of #DB exceptions in hypervisor context
(Andrew Cooper) [Orabug: 27923234] {CVE-2018-8897}
- x86/traps: Use an Interrupt Stack Table for #DB (Andrew Cooper)
[Orabug: 27923234] {CVE-2018-8897}
- x86/pv: Move exception injection into {,compat_}test_all_events()
(Andrew Cooper) [Orabug: 27923234] {CVE-2018-8897}
- x86/traps: Fix %dr6 handing in #DB handler (Andrew Cooper) [Orabug:
27923234] {CVE-2018-8897}
- x86/traps: Misc non-functional improvements to set_debugreg() (Andrew
Cooper) [Orabug: 27923234] {CVE-2018-8897}
- x86/pv: Several bugs in set_debugreg() (Ross Philipson) [Orabug:
27923234] {CVE-2018-8897}
- x86/pv: The do_get_debugreg CR4.DE condition is inverted. (Ross
Philipson) [Orabug: 27923234] {CVE-2018-8897}
[4.4.4-105.0.42.el6]
- BUILDINFO: xen commit=962d0381b8ffca399a909a6fac965dfce87b6bb1
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xenstore: add assertion in database dumping code (Wei Liu) [Orabug:
27791950]
- xenstore: send error earlier in do_mkdir (Wei Liu) [Orabug: 27791950]
- xenstore: add memory allocation debugging capability (Juergen Gross)
[Orabug: 27791950]
- xenstore: use temporary memory context for firing watches (Juergen
Gross) [Orabug: 27791950]
- xenstore: add explicit memory context parameter to get_node() (Juergen
Gross) [Orabug: 27791950]
- xenstore: add explicit memory context parameter to read_node()
(Juergen Gross) [Orabug: 27791950]
- xenstore: add explicit memory context parameter to get_parent()
(Juergen Gross) [Orabug: 27791950]
- xenstore: call each xenstored command function with temporary context
(Juergen Gross) [Orabug: 27791950]
- cxenstored: document a bunch of short options in help string (Wei Liu)
[Orabug: 27791950]
[4.4.4-105.0.41.el6]
- BUILDINFO: xen commit=8ecebf1da3cf4be39839524720931fa7e2f1b8c4
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- hvmloader: Initialize a variable before we use it (Patrick Colp)
[Orabug: 27751151]
- x86/spectre: Make retpoline code match upstream version (Patrick Colp)
[Orabug: 27694491] [Orabug: 27751440]
- x86/traps/spectre: Fix IO emulation stub code (Boris Ostrovsky)
[Orabug: 27693422] [Orabug: 27751440] {CVE-2017-5715}
- xen/x86: Make sure identify_cpu() is called with traps enabled (Joao
Martins) [Orabug: 27629051] [Orabug: 27751440]
[4.4.4-105.0.40.el6]
- BUILDINFO: xen commit=512b3c7aa50283f7d07e5e76deeee3ac807e3465
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Revert "xen/x86: Make sure identify_cpu() is called with traps
enabled" (Boris Ostrovsky) [Orabug: 27751412]
- Revert "x86/traps/spectre: Fix IO emulation stub code" (Boris
Ostrovsky) [Orabug: 27751412]
- Revert "x86/spectre: Make retpoline code match upstream version"
(Boris Ostrovsky) [Orabug: 27751412]
[4.4.4-105.0.39.el6]
- BUILDINFO: xen commit=b17b052a21808773d5cd9d0bae884dcc50bd9390
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Fix a wrong check in DO_SPEC_CTRL_EXIT_TO_XEN (Zhenzhong Duan)
[Orabug: 27738732] {CVE-2017-5715}
[4.4.4-105.0.38.el6]
- BUILDINFO: xen commit=dfa6e8b715a473ba60fc7da1022d16fe7255f846
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spectre: Make retpoline code match upstream version (Patrick Colp)
[Orabug: 27694491]
- x86/traps/spectre: Fix IO emulation stub code (Boris Ostrovsky)
[Orabug: 27693422] {CVE-2017-5715}
[4.4.4-105.0.37.el6]
- BUILDINFO: xen commit=2ace6a819e1454ea43a8bea4c8f4aea2db4caa95
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen/x86: Make sure identify_cpu() is called with traps enabled (Joao
Martins) [Orabug: 27629051]
[4.4.4-105.0.36.el6]
- BUILDINFO: xen commit=b2a6db11ced11291a472bc1bda20ce329eda4d66
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- gnttab: don't blindly free status pages upon version change (Andrew
Cooper) [Orabug: 27571750] {CVE-2018-7541}
- memory: don't implicitly unpin for decrease-reservation (Andrew
Cooper) [Orabug: 27571737] {CVE-2018-7540}
[4.4.4-105.0.35.el6]
- BUILDINFO: xen commit=873b8236e886daa3c26dae28d0c1c53d88447dc0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: if secure boot is enabled dont write pci config space (Elena
Ufimtseva) [Orabug: 27533309]
[4.4.4-105.0.34.el6]
- BUILDINFO: xen commit=81602116e75b6bbc519366b242c71888aa1b1673
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST
(Andrew Cooper) [Orabug: 27553376] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86: allow easier disabling of BTI mitigations (Zhenzhong Duan)
[Orabug: 27553376] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Make alternative patching NMI-safe (Andrew Cooper) [Orabug:
27553376] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- xen/cmdline: Fix parse_boolean() for unadorned values (Andrew Cooper)
[Orabug: 27553376] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- Optimize the context switch code a bit (Zhenzhong Duan) [Orabug:
27553376] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- Update init_speculation_mitigations() to upstream's (Zhenzhong Duan)
[Orabug: 27553376] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Avoid using alternatives in NMI/#MC paths (Andrew Cooper)
[Orabug: 27553376] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- Update RSB related implementation to upstream ones (Zhenzhong Duan)
[Orabug: 27553376] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
[4.4.4-105.0.33.el6]
- BUILDINFO: xen commit=c6a2fe8d72a3eba01b22cbe495e60cb6837fe8d0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (redux)
(Konrad Rzeszutek Wilk) [Orabug: 27445678]
[4.4.4-105.0.32.el6]
- BUILDINFO: xen commit=9657d91fcbf49798d2c5135866e1947113d536dc
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/Spectre: Set thunk to THUNK_NONE if compiler support is not
available (Boris Ostrovsky) [Orabug: 27375688]
[4.4.4-105.0.31.el6]
- BUILDINFO: xen commit=4e5826dfcb56d3a868a9934646989f8483f03b3c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen: No dependencies on dracut and microcode_ctl RPMs (Boris
Ostrovsky) [Orabug: 27409718]
[4.4.4-105.0.30.el6]
- BUILDINFO: xen commit=f3bdcc393d14e344f2743148845fe14c5e81b1e0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: Always print info about speculative mitigation facilities (Boris
Ostrovsky) [Orabug: 27352392] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86: Don't use retpoline if CONFIG_INDIRECT_THUNK is not set (Boris
Ostrovsky) [Orabug: 27352392] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
[4.4.4-105.0.29.el6]
- BUILDINFO: xen commit=ab650877a21f81203326b5a2c26f7e9382c9cbf9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- rpm: Add microcode_ctl dependency (Boris Ostrovsky) - x86: cpuint.
Move the detection of CPU capabilities (Konrad Rzeszutek Wilk) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- migration: Set the CPUID _before_ XEN_DOMCTL_sethvmcontext (Konrad
Rzeszutek Wilk) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86/xen: Make cpu_has_[stibp,ibrsp,etc] work. (Konrad Rzeszutek Wilk)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (Konrad
Rzeszutek Wilk) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86/idle: Clear SPEC_CTRL while idle (Andrew Cooper) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/cpuid: Offer Indirect Branch Controls to guests (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/ctxt: Issue a speculation barrier between vcpu contexts (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Clobber the Return Stack Buffer on entry to Xen (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Calculate the most appropriate BTI mitigation to use (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Use MSR_SPEC_CTRL at each entry/exit point (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Protect unaware domains from meddling hyperthreads (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: Permit guests direct access to MSR_{SPEC_CTRL,PRED_CMD}
(Andrew Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86/migrate: Move MSR_SPEC_CTRL on migrate (Andrew Cooper) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/msr: Emulation of MSR_{SPEC_CTRL,PRED_CMD} for guests (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce a common cpuid_policy_updated() (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce framework for cpuid policy updates (Boris Ostrovsky)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce cpuid_policy (Boris Ostrovsky) [Orabug: 27343845]
{CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/msr: introduce struct msr_vcpu_policy (Sergey Dyasli) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/cmdline: Introduce a command line option to disable IBRS/IBPB,
STIBP and IBPB (Andrew Cooper) [Orabug: 27343845] {CVE-2017-5753}
{CVE-2017-5715} {CVE-2017-5754}
- xen: add an optional string end parameter to parse_bool() (Juergen
Gross) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/feature: Definitions for Indirect Branch Controls (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce alternative indirect thunks (Andrew Cooper) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Backport setup_force_cpu_cap (Boris Ostrovsky) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/amd: Try to set lfence as being Dispatch Serialising (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Report details of speculative mitigations (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Support indirect thunks from assembly code (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- common/wait: Clarifications to wait infrastructure (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Support compiling with indirect branch thunks (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Erase guest GPR state on entry to Xen (Andrew Cooper)
[Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/pv: Move hypercall handling up into C (Andrew Cooper) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: Use SAVE_ALL to construct the cpu_user_regs frame after
VMExit (Andrew Cooper) [Orabug: 27343845] {CVE-2017-5753}
{CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Rearrange RESTORE_ALL to restore register in stack order
(Andrew Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86/entry: Remove support for partial cpu_user_regs frames (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/alt: Introduce ALTERNATIVE{,_2} macros (Andrew Cooper) [Orabug:
27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/alt: Break out alternative-asm into a separate header file (Andrew
Cooper) [Orabug: 27343845] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: assert that we we saved a sane number of MSRs. (Tim Deegan)
[Orabug: 27338225]
- x86: Avoid corruption on migrate for vcpus using CPUID Faulting
(Andrew Cooper) [Orabug: 27338225]
- x86/hvm: Don't corrupt the HVM context stream when writing the MSR
record (Andrew Cooper) [Orabug: 27338225]
- x86: generic MSRs save/restore (Jan Beulich) [Orabug: 27338225]
- x86/msr: introduce guest_wrmsr() (Sergey Dyasli) [Orabug: 27338225]
- x86/msr: introduce guest_rdmsr() (Sergey Dyasli) [Orabug: 27338225]
- x86/msr: introduce struct msr_domain_policy (Sergey Dyasli) [Orabug:
27338225]
- microcode: Always scan the initramfs for microcode (Konrad Rzeszutek
Wilk) [Orabug: 27338228]
- x86: Move microcode loading earlier (Konrad Rzeszutek Wilk) [Orabug:
27338228]
- livepatch: Alternative backport compile issues under Xen 4.4 (Konrad
Rzeszutek Wilk) [Orabug: 27338227]
- x86: support 2- and 3-way alternatives (Jan Beulich) [Orabug: 27338227]
- xen/x86/alternatives: Do not use sync_core() to serialize I$ (Borislav
Petkov) [Orabug: 27338227]
- livepatch: NOP if func->new_addr is zero. (Konrad Rzeszutek Wilk)
[Orabug: 27338227]
- alternatives: x86 rename and change parameters on ARM (Konrad
Rzeszutek Wilk) [Orabug: 27338227]
- x86/arm64: Expose the ALT_[ORIG|REPL]_PTR macros to header files.
(Konrad Rzeszutek Wilk) [Orabug: 27338227]
- xsplice: Add support for alternatives (Ross Lagerwall) [Orabug: 27338227]
- x86: Alter nmi_callback_t typedef (Konrad Rzeszutek Wilk) [Orabug:
27338227]
- x86/alternatives: correct near branch check (Jan Beulich) [Orabug:
27338227]
- x86: disable CR0.WP while applying alternatives (Andrew Cooper)
[Orabug: 27338227]
- work around Clang generating .data.rel.ro section for init-only files
(Andrew Cooper) [Orabug: 27338227]
- x86: move alternative.c data fully into .init.* (Jan Beulich)
[Orabug: 27338227]
- x86: port the basic alternative mechanism from Linux to Xen (Feng Wu)
[Orabug: 27338227]
- x86: add definitions for NOP operation (Feng Wu) [Orabug: 27338227]
[4.4.4-105.0.28.el6]
- BUILDINFO: xen commit=5ef31ddcecd6b7d07ada4eea3e14a3ebe54a5726
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend/python: Add 'enclosure-type' (Konrad Rzeszutek Wilk) [Orabug:
27220728]
- xend/python: Expand the list of parameters that can be changed to
include all (Konrad Rzeszutek Wilk) - xend/python: Export DMI asset-tag
and platform to guests. (Konrad Rzeszutek Wilk) [Orabug: 27220728]
More information about the Oraclevm-errata
mailing list