[Oraclevm-errata] OVMSA-2018-0218 Important: Oracle VM 3.4 xen security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Tue May 22 16:47:52 PDT 2018


Oracle VM Security Advisory OVMSA-2018-0218

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
xen-4.4.4-105.0.45.el6.x86_64.rpm
xen-tools-4.4.4-105.0.45.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-105.0.45.el6.src.rpm



Description of changes:

[4.4.4-105.0.45.el6]
- BUILDINFO: xen commit=dc770041d983843c860c06d405054c0e01a4fd98
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Red-tape: Update the repo with CVE XSA-262 (Boris Ostrovsky)  [Orabug: 
27948886]  {CVE-2018-10981}
- Red-tape: Update the repo with CVE XSA-261 (Boris Ostrovsky)  [Orabug: 
27948879]  {CVE-2018-10982}
- x86/HVM: guard against emulator driving ioreq state in weird ways (Jan 
Beulich)  [Orabug: 27948886]
- x86/vpt: add support for IO-APIC routed interrupts (Xen Project 
Security Team)  [Orabug: 27948879]

[4.4.4-105.0.44.el6]
- BUILDINFO: xen commit=509b72c59322d8418db1ba59773a7c05eaf52369
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/paging: don't unconditionally BUG() on finding SHARED_M2P_ENTRY 
(Jan Beulich)  [Orabug: 27185385]  {CVE-2017-17565}
- x86/mm: don't wrongly set page ownership (Jan Beulich)  [Orabug: 
27185991]  {CVE-2017-17566}
- misc/xenmicrocode: Upload /lib/firmware/<some blob> to the hypervisor 
(Konrad Rzeszutek Wilk)  [Orabug: 27957829]

[4.4.4-105.0.43.el6]
- BUILDINFO: xen commit=0d94c746fadb8e3ff435220db9079279b22fa56b
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/traps: Fix handling of #DB exceptions in hypervisor context 
(Andrew Cooper)  [Orabug: 27923234]  {CVE-2018-8897}
- x86/traps: Use an Interrupt Stack Table for #DB (Andrew Cooper) 
[Orabug: 27923234]  {CVE-2018-8897}
- x86/pv: Move exception injection into {,compat_}test_all_events() 
(Andrew Cooper)  [Orabug: 27923234]  {CVE-2018-8897}
- x86/traps: Fix %dr6 handing in #DB handler (Andrew Cooper)  [Orabug: 
27923234]  {CVE-2018-8897}
- x86/traps: Misc non-functional improvements to set_debugreg() (Andrew 
Cooper)  [Orabug: 27923234]  {CVE-2018-8897}
- x86/pv: Several bugs in set_debugreg() (Ross Philipson)  [Orabug: 
27923234]  {CVE-2018-8897}
- x86/pv: The do_get_debugreg CR4.DE condition is inverted. (Ross 
Philipson)  [Orabug: 27923234]  {CVE-2018-8897}

[4.4.4-105.0.42.el6]
- BUILDINFO: xen commit=962d0381b8ffca399a909a6fac965dfce87b6bb1
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xenstore: add assertion in database dumping code (Wei Liu)  [Orabug: 
27791950]
- xenstore: send error earlier in do_mkdir (Wei Liu)  [Orabug: 27791950]
- xenstore: add memory allocation debugging capability (Juergen Gross) 
[Orabug: 27791950]
- xenstore: use temporary memory context for firing watches (Juergen 
Gross)  [Orabug: 27791950]
- xenstore: add explicit memory context parameter to get_node() (Juergen 
Gross)  [Orabug: 27791950]
- xenstore: add explicit memory context parameter to read_node() 
(Juergen Gross)  [Orabug: 27791950]
- xenstore: add explicit memory context parameter to get_parent() 
(Juergen Gross)  [Orabug: 27791950]
- xenstore: call each xenstored command function with temporary context 
(Juergen Gross)  [Orabug: 27791950]
- cxenstored: document a bunch of short options in help string (Wei Liu) 
  [Orabug: 27791950]

[4.4.4-105.0.41.el6]
- BUILDINFO: xen commit=8ecebf1da3cf4be39839524720931fa7e2f1b8c4
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- hvmloader: Initialize a variable before we use it (Patrick Colp) 
[Orabug: 27751151]
- x86/spectre: Make retpoline code match upstream version (Patrick Colp) 
  [Orabug: 27694491] [Orabug: 27751440]
- x86/traps/spectre: Fix IO emulation stub code (Boris Ostrovsky) 
[Orabug: 27693422] [Orabug: 27751440]  {CVE-2017-5715}
- xen/x86: Make sure identify_cpu() is called with traps enabled (Joao 
Martins)  [Orabug: 27629051] [Orabug: 27751440]

[4.4.4-105.0.40.el6]
- BUILDINFO: xen commit=512b3c7aa50283f7d07e5e76deeee3ac807e3465
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Revert "xen/x86: Make sure identify_cpu() is called with traps 
enabled" (Boris Ostrovsky)  [Orabug: 27751412]
- Revert "x86/traps/spectre: Fix IO emulation stub code" (Boris 
Ostrovsky)  [Orabug: 27751412]
- Revert "x86/spectre: Make retpoline code match upstream version" 
(Boris Ostrovsky)  [Orabug: 27751412]

[4.4.4-105.0.39.el6]
- BUILDINFO: xen commit=b17b052a21808773d5cd9d0bae884dcc50bd9390
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Fix a wrong check in DO_SPEC_CTRL_EXIT_TO_XEN (Zhenzhong Duan) 
[Orabug: 27738732]  {CVE-2017-5715}

[4.4.4-105.0.38.el6]
- BUILDINFO: xen commit=dfa6e8b715a473ba60fc7da1022d16fe7255f846
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spectre: Make retpoline code match upstream version (Patrick Colp) 
  [Orabug: 27694491]
- x86/traps/spectre: Fix IO emulation stub code (Boris Ostrovsky) 
[Orabug: 27693422]  {CVE-2017-5715}

[4.4.4-105.0.37.el6]
- BUILDINFO: xen commit=2ace6a819e1454ea43a8bea4c8f4aea2db4caa95
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen/x86: Make sure identify_cpu() is called with traps enabled (Joao 
Martins)  [Orabug: 27629051]

[4.4.4-105.0.36.el6]
- BUILDINFO: xen commit=b2a6db11ced11291a472bc1bda20ce329eda4d66
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- gnttab: don't blindly free status pages upon version change (Andrew 
Cooper)  [Orabug: 27571750]  {CVE-2018-7541}
- memory: don't implicitly unpin for decrease-reservation (Andrew 
Cooper)  [Orabug: 27571737]  {CVE-2018-7540}

[4.4.4-105.0.35.el6]
- BUILDINFO: xen commit=873b8236e886daa3c26dae28d0c1c53d88447dc0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: if secure boot is enabled dont write pci config space (Elena 
Ufimtseva)  [Orabug: 27533309]

[4.4.4-105.0.34.el6]
- BUILDINFO: xen commit=81602116e75b6bbc519366b242c71888aa1b1673
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST 
(Andrew Cooper)  [Orabug: 27553376]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}
- x86: allow easier disabling of BTI mitigations (Zhenzhong Duan) 
[Orabug: 27553376]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Make alternative patching NMI-safe (Andrew Cooper)  [Orabug: 
27553376]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- xen/cmdline: Fix parse_boolean() for unadorned values (Andrew Cooper) 
[Orabug: 27553376]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- Optimize the context switch code a bit (Zhenzhong Duan)  [Orabug: 
27553376]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- Update init_speculation_mitigations() to upstream's (Zhenzhong Duan) 
[Orabug: 27553376]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Avoid using alternatives in NMI/#MC paths (Andrew Cooper) 
[Orabug: 27553376]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- Update RSB related implementation to upstream ones (Zhenzhong Duan) 
[Orabug: 27553376]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}

[4.4.4-105.0.33.el6]
- BUILDINFO: xen commit=c6a2fe8d72a3eba01b22cbe495e60cb6837fe8d0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (redux) 
(Konrad Rzeszutek Wilk)  [Orabug: 27445678]

[4.4.4-105.0.32.el6]
- BUILDINFO: xen commit=9657d91fcbf49798d2c5135866e1947113d536dc
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/Spectre: Set thunk to THUNK_NONE if compiler support is not 
available (Boris Ostrovsky)  [Orabug: 27375688]

[4.4.4-105.0.31.el6]
- BUILDINFO: xen commit=4e5826dfcb56d3a868a9934646989f8483f03b3c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen: No dependencies on dracut and microcode_ctl RPMs (Boris 
Ostrovsky)  [Orabug: 27409718]

[4.4.4-105.0.30.el6]
- BUILDINFO: xen commit=f3bdcc393d14e344f2743148845fe14c5e81b1e0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: Always print info about speculative mitigation facilities (Boris 
Ostrovsky)  [Orabug: 27352392]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}
- x86: Don't use retpoline if CONFIG_INDIRECT_THUNK is not set (Boris 
Ostrovsky)  [Orabug: 27352392]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}

[4.4.4-105.0.29.el6]
- BUILDINFO: xen commit=ab650877a21f81203326b5a2c26f7e9382c9cbf9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- rpm: Add microcode_ctl dependency (Boris Ostrovsky) - x86: cpuint. 
Move the detection of CPU capabilities (Konrad Rzeszutek Wilk)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- migration: Set the CPUID _before_ XEN_DOMCTL_sethvmcontext (Konrad 
Rzeszutek Wilk)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}
- x86/xen: Make cpu_has_[stibp,ibrsp,etc] work. (Konrad Rzeszutek Wilk) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (Konrad 
Rzeszutek Wilk)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}
- x86/idle: Clear SPEC_CTRL while idle (Andrew Cooper)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/cpuid: Offer Indirect Branch Controls to guests (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/ctxt: Issue a speculation barrier between vcpu contexts (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Clobber the Return Stack Buffer on entry to Xen (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Calculate the most appropriate BTI mitigation to use (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Use MSR_SPEC_CTRL at each entry/exit point (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Protect unaware domains from meddling hyperthreads (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: Permit guests direct access to MSR_{SPEC_CTRL,PRED_CMD} 
(Andrew Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}
- x86/migrate: Move MSR_SPEC_CTRL on migrate (Andrew Cooper)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/msr: Emulation of MSR_{SPEC_CTRL,PRED_CMD} for guests (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce a common cpuid_policy_updated() (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce framework for cpuid policy updates (Boris Ostrovsky) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce cpuid_policy (Boris Ostrovsky)  [Orabug: 27343845] 
{CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/msr: introduce struct msr_vcpu_policy (Sergey Dyasli)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/cmdline: Introduce a command line option to disable IBRS/IBPB, 
STIBP and IBPB (Andrew Cooper)  [Orabug: 27343845]  {CVE-2017-5753} 
{CVE-2017-5715} {CVE-2017-5754}
- xen: add an optional string end parameter to parse_bool() (Juergen 
Gross)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/feature: Definitions for Indirect Branch Controls (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce alternative indirect thunks (Andrew Cooper)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Backport setup_force_cpu_cap (Boris Ostrovsky)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/amd: Try to set lfence as being Dispatch Serialising (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Report details of speculative mitigations (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Support indirect thunks from assembly code (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- common/wait: Clarifications to wait infrastructure (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Support compiling with indirect branch thunks (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Erase guest GPR state on entry to Xen (Andrew Cooper) 
[Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/pv: Move hypercall handling up into C (Andrew Cooper)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: Use SAVE_ALL to construct the cpu_user_regs frame after 
VMExit (Andrew Cooper)  [Orabug: 27343845]  {CVE-2017-5753} 
{CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Rearrange RESTORE_ALL to restore register in stack order 
(Andrew Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} 
{CVE-2017-5754}
- x86/entry: Remove support for partial cpu_user_regs frames (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/alt: Introduce ALTERNATIVE{,_2} macros (Andrew Cooper)  [Orabug: 
27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/alt: Break out alternative-asm into a separate header file (Andrew 
Cooper)  [Orabug: 27343845]  {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: assert that we we saved a sane number of MSRs. (Tim Deegan) 
[Orabug: 27338225]
- x86: Avoid corruption on migrate for vcpus using CPUID Faulting 
(Andrew Cooper)  [Orabug: 27338225]
- x86/hvm: Don't corrupt the HVM context stream when writing the MSR 
record (Andrew Cooper)  [Orabug: 27338225]
- x86: generic MSRs save/restore (Jan Beulich)  [Orabug: 27338225]
- x86/msr: introduce guest_wrmsr() (Sergey Dyasli)  [Orabug: 27338225]
- x86/msr: introduce guest_rdmsr() (Sergey Dyasli)  [Orabug: 27338225]
- x86/msr: introduce struct msr_domain_policy (Sergey Dyasli)  [Orabug: 
27338225]
- microcode: Always scan the initramfs for microcode (Konrad Rzeszutek 
Wilk)  [Orabug: 27338228]
- x86: Move microcode loading earlier (Konrad Rzeszutek Wilk)  [Orabug: 
27338228]
- livepatch: Alternative backport compile issues under Xen 4.4 (Konrad 
Rzeszutek Wilk)  [Orabug: 27338227]
- x86: support 2- and 3-way alternatives (Jan Beulich)  [Orabug: 27338227]
- xen/x86/alternatives: Do not use sync_core() to serialize I$ (Borislav 
Petkov)  [Orabug: 27338227]
- livepatch: NOP if func->new_addr is zero. (Konrad Rzeszutek Wilk) 
[Orabug: 27338227]
- alternatives: x86 rename and change parameters on ARM (Konrad 
Rzeszutek Wilk)  [Orabug: 27338227]
- x86/arm64: Expose the ALT_[ORIG|REPL]_PTR macros to header files. 
(Konrad Rzeszutek Wilk)  [Orabug: 27338227]
- xsplice: Add support for alternatives (Ross Lagerwall)  [Orabug: 27338227]
- x86: Alter nmi_callback_t typedef (Konrad Rzeszutek Wilk)  [Orabug: 
27338227]
- x86/alternatives: correct near branch check (Jan Beulich)  [Orabug: 
27338227]
- x86: disable CR0.WP while applying alternatives (Andrew Cooper) 
[Orabug: 27338227]
- work around Clang generating .data.rel.ro section for init-only files 
(Andrew Cooper)  [Orabug: 27338227]
- x86: move alternative.c data fully into .init.* (Jan Beulich) 
[Orabug: 27338227]
- x86: port the basic alternative mechanism from Linux to Xen (Feng Wu) 
[Orabug: 27338227]
- x86: add definitions for NOP operation (Feng Wu)  [Orabug: 27338227]

[4.4.4-105.0.28.el6]
- BUILDINFO: xen commit=5ef31ddcecd6b7d07ada4eea3e14a3ebe54a5726
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional 
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend/python: Add 'enclosure-type' (Konrad Rzeszutek Wilk)  [Orabug: 
27220728]
- xend/python: Expand the list of parameters that can be changed to 
include all (Konrad Rzeszutek Wilk) - xend/python: Export DMI asset-tag 
and platform to guests. (Konrad Rzeszutek Wilk)  [Orabug: 27220728]




More information about the Oraclevm-errata mailing list