[Oraclevm-errata] OVMSA-2020-0039 important: Oracle VM 3.4 xen security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Thu Aug 27 09:46:01 PDT 2020
Oracle VM Security Advisory OVMSA-2020-0039
The following updated rpms for Oracle VM 3.4 have been uploaded to the
Unbreakable Linux Network:
x86_64:
xen-4.4.4-155.0.90.el6.x86_64.rpm
xen-tools-4.4.4-155.0.90.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/xen-4.4.4-155.0.90.el6.src.rpm
Description of changes:
[4.4.4-155.0.90.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=82e56ba4d2b293cc180a5d9d754634e8f5e314fd
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=cf459aa4ae4ff6b7bfc208006b47c9992642c4cf
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- redtape: QEMU-traditional: usb: fix setup_len init (CVE-2020-14364)
(Patrick Colp) [Orabug: 31799204] {CVE-2020-14364}
- usb: fix setup_len init (CVE-2020-14364) (Gerd Hoffmann) [Orabug:
31780712] {CVE-2020-14364} {CVE-2020-14364}
[4.4.4-155.0.89.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=7d90472ebcf07d79c77be489fc35024ceb347065
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=6e676a4ba6bbd437a2a8dbfc3c6e591d920b013b
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: skip further initialization for idle domains (Joe Jin) [Orabug:
31543204]
[4.4.4-155.0.88.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=a3a6cc7be97a396b2972e8c810b133d1eb1dbd90
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=6e676a4ba6bbd437a2a8dbfc3c6e591d920b013b
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/ept: flush cache when modifying PTEs and sharing page tables
(Roger Pau Monné) [Orabug: 31644060] {CVE-2020-15565}
- vtd: optimize CPU cache sync (Roger Pau Monné) [Orabug: 31644060]
{CVE-2020-15565}
- CLFLUSHOPT and CLWB features are missing (Elena Ufimtseva) [Orabug:
31644060]
- x86/alternative: introduce alternative_2 (Roger Pau Monné) [Orabug:
31644060] {CVE-2020-15565}
- vtd: don't assume addresses are aligned in sync_cache (Roger Pau
Monné) [Orabug: 31644060] {CVE-2020-15565}
- x86/iommu: introduce a cache sync hook (Roger Pau Monné) [Orabug:
31644060] {CVE-2020-15565}
- td: prune (and rename) cache flush functions (Roger Pau Monné)
[Orabug: 31644060] {CVE-2020-15565}
- vtd: improve IOMMU TLB flush (Jan Beulich) [Orabug: 31644060]
{CVE-2020-15565}
- x86/ept: atomically modify entries in ept_next_level (Roger Pau Monné)
[Orabug: 31644053] {CVE-2020-15567}
- x86/EPT: ept_set_middle_entry() related adjustments (Jan Beulich)
[Orabug: 31644053] {CVE-2020-15567}
[4.4.4-155.0.87.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=05e8af748d1de87fba77fbba955325d5b41aaddd
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=6e676a4ba6bbd437a2a8dbfc3c6e591d920b013b
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/vtd: Hide superpage support for SandyBridge IOMMUs (Andrew Cooper)
[Orabug: 31567563] {CVE-2018-12207} {CVE-2018-12207}
[4.4.4-155.0.86.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=5c4ea926c351a02b515af45abbdc9c1bf41993d0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=6e676a4ba6bbd437a2a8dbfc3c6e591d920b013b
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec-ctrl: Allow the RDRAND/RDSEED features to be hidden (Andrew
Cooper) [Orabug: 31470701] {CVE-2020-0543} {CVE-2020-0543}
- cirrus: handle negative pitch in cirrus_invalidate_region() (Wolfgang
Bumiller) [Orabug: 31476272] {CVE-2017-18030}
- cirrus: fix oob access in mode4and5 write functions (Gerd Hoffmann)
[Orabug: 31476272] {CVE-2017-15289}
[4.4.4-155.0.85.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=ad2cb327aceb61f34b94761b5f4990b0619b5f25
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling
sidechannel (Andrew Cooper) [Orabug: 31470701] {CVE-2020-0543}
{CVE-2020-0543}
- x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data
Sampling (Andrew Cooper) [Orabug: 31470701] {CVE-2020-0543} {CVE-2020-0543}
[4.4.4-155.0.84.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=ae740391f7ca5996d87d06a45765f71549f635d4
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/crash: force unlock console before printing on kexec crash (Igor
Druzhinin) [Orabug: 31196809]
[4.4.4-155.0.83.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=23561b6d0cb1f14980fb9a8df20340d9a340e037
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- redtape: x86/tsx: TAA regressions (Patrick Colp) [Orabug: 31227376]
[4.4.4-155.0.82.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=a357ab4a5c8edd29859894e42a406b7b8676cbae
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/tsx: Mask out ARCH_CAPS_TSX_CTRL (Patrick Colp) - x86/tsx: When
the CPU has MSR_TSX_CTRL, ebx is accidentally being cleared (Patrick Colp)
[4.4.4-155.0.81.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=743a21b71e656409636e1c38b93cc8c1e46d21f6
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/vmx: always sync PIR to IRR before vmentry (Roger Pau Monné)
[Orabug: 31003920]
- Revert "msix: set vlapic IRR flag when msix vector been updated" (Joe
Jin) [Orabug: 31003920]
[4.4.4-155.0.80.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=89404b5a22a68c51499523a1fc886b7ccfd44746
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Xend: Add reconfigureDevice CDROM code back (Joe Jin) [Orabug: 31132127]
[4.4.4-155.0.79.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=4676564bfe9bda02bb78874bd1597dfc6f3e6825
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vNUMA: disable vNUMA and restart when construction fails (Elena
Ufimtseva) [Orabug: 30986071]
- xen-tools: return correct error code (Elena Ufimtseva) [Orabug: 30986071]
[4.4.4-155.0.78.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=38935d5c87db04b12453ddc11a7d2389300ff900
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vNUMA: misc fixs (Elena Ufimtseva) [Orabug: 30304959]
- vNUMA: make best effort to dont use dom0 cpus (Elena Ufimtseva)
[Orabug: 30304959]
- xend: add use_dom0_cpus to control pinning to dom0 pcpus. (Elena
Ufimtseva) [Orabug: 30304966]
- dom0: select smt threads for dom0 numa pinning (Elena Ufimtseva)
[Orabug: 30304971]
[4.4.4-155.0.77.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=00a0f240d4e8a69def4b9f1d64ea1f127184d2b4
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen: adopt AER handling code to quarantined devices (Elena Ufimtseva)
[Orabug: 30718187]
- IOMMU: default to always quarantining PCI devices (Jan Beulich)
[Orabug: 30718187] {CVE-2019-19579}
- passthrough: quarantine PCI devices (Paul Durrant) [Orabug: 30718187]
{CVE-2019-18424}
- IOMMU: add missing HVM check (Jan Beulich) [Orabug: 30718187]
{CVE-2019-18424}
- x86/mm: Clean up trailing whitespace (George Dunlap) [Orabug: 30718187]
[4.4.4-155.0.76.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=a147dc7b1d1f860c98537b1a9c693ac6534eff07
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec-ctrl: Mitigate the TSX Asynchronous Abort sidechannel (Andrew
Cooper) [Orabug: 30604160] {CVE-2019-11135} {CVE-2019-11135}
- x86/tsx: Introduce tsx= to use MSR_TSX_CTRL when available (Andrew
Cooper) [Orabug: 30604160] {CVE-2019-11135} {CVE-2019-11135}
- AMD/IOMMU: Cease using a dynamic height for the IOMMU pagetables
(Andrew Cooper) [Orabug: 30604059] {CVE-2019-19577}
- AMD/IOMMU: don't needlessly trigger errors/crashes when unmapping a
page (Jan Beulich) [Orabug: 30604059]
- x86/vtx: Work around SingleStep + STI/MovSS VMEntry failures (Andrew
Cooper) [Orabug: 30604094] {CVE-2019-19583}
- x86/hvm/emulate: block speculative out-of-bound accesses (Norbert
Manthey) [Orabug: 29185971] {CVE-2017-5753} {CVE-2018-3620} {CVE-2018-3646}
- grant_table: harden version dependent accesses (Norbert Manthey)
[Orabug: 29185971] {CVE-2017-5753} {CVE-2018-3620} {CVE-2018-3646}
- grant_table: harden bound accesses (Norbert Manthey) [Orabug:
29185971] {CVE-2017-5753} {CVE-2018-3620} {CVE-2018-3646}
- common/grant_table: harden helpers (Norbert Manthey) [Orabug:
29185971] {CVE-2017-5753} {CVE-2018-3620} {CVE-2018-3646}
- common/domain: block speculative out-of-bound accesses (Norbert
Manthey) {CVE-2017-5753} {CVE-2018-3620} {CVE-2018-3646}
- x86/hvm: add nospec to hvmop param (Norbert Manthey) {CVE-2017-5753}
{CVE-2018-3620} {CVE-2018-3646}
- common/memory: block speculative out-of-bound accesses (Norbert
Manthey) {CVE-2017-5753} {CVE-2018-3620} {CVE-2018-3646}
- is_hvm/pv_domain: block speculation (Norbert Manthey) {CVE-2017-5753}
{CVE-2018-3620} {CVE-2018-3646}
- is_control_domain: block speculation (Norbert Manthey) [Orabug:
29185971] {CVE-2017-5753} {CVE-2018-3620} {CVE-2018-3646}
- nospec: introduce evaluate_nospec (Norbert Manthey) {CVE-2017-5753}
{CVE-2018-3620} {CVE-2018-3646}
- spec: add l1tf-barrier (Norbert Manthey) {CVE-2017-5753}
{CVE-2018-3620} {CVE-2018-3646}
- x86/vioapic: block speculative out-of-bound accesses (Norbert Manthey)
{CVE-2017-5753} {CVE-2018-3620} {CVE-2018-3646}
- evtchn: block speculative out-of-bound accesses (Norbert Manthey)
{CVE-2017-5753} {CVE-2018-3620} {CVE-2018-3646}
- x86/hvm: block speculative out-of-bound accesses (Norbert Manthey)
{CVE-2017-5753} {CVE-2018-3620} {CVE-2018-3646}
- x86/hvm/hpet: block speculative out-of-bound accesses (Norbert
Manthey) {CVE-2017-5753} {CVE-2018-3620} {CVE-2018-3646}
- xen/sched: Introduce domain_vcpu() helper (Andrew Cooper) - x86/mtrr:
introduce mask to get VCNT from MTRRcap MSR (Roger Pau Monné)
[4.4.4-155.0.75.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=a3ec6768f487946b7316364bc9bd17ce4d752af5
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/vtx ept-shatter ... (Andrew Cooper) [Orabug: 30522238]
{CVE-2018-12207}
- x86: rename public functions in p2m-pt.c (Mukesh Rathor) [Orabug:
30522238]
- Rename "set_p2m_entry" to "p2m_set_entry" (Mukesh Rathor) [Orabug:
30522238]
- x86/mm: add information about faulted page's presence to npfec
structure (Boris Ostrovsky) [Orabug: 30522238]
- relocate struct npfec definition into common (Tamas K Lengyel)
[Orabug: 30522238]
- EPT: utilize GLA->GPA translation known for certain faults (Jan
Beulich) [Orabug: 30522238]
- x86/mem_event: deliver gla fault EPT violation information (Tamas K
Lengyel) [Orabug: 30522238]
- x86: consolidate boolean inputs in hvm and p2m into a shared bitmap
(Tamas K Lengyel) [Orabug: 30522238]
[4.4.4-155.0.74.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=407dfd634e345d4ab14bf7eabb372ba3ebdded4c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- msix: set vlapic IRR flag when msix vector been updated (Joe Jin)
[Orabug: 30131722]
[4.4.4-155.0.73.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=c6a53175dec7e46a9ee81572d0e70a6818cc89a0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Commit a020f11d51 "Xend: Close race condition between python threads
during kexec" removed restart_in_progress = False in constructDomain(),
which prevents guest to be destroyed under some conditions. Set the flag
to False after guest unpaused will avoid it. (root) [Orabug: 29851288]
[4.4.4-155.0.72.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=a897949c11deda48b3b7e7e41d8a62a90b81e96a
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/HVM: don't give the wrong impression of WRMSR succeeding (root)
[Orabug: 29554247]
- Red-tape: Update repo with new CVE for XSA-297 (Patrick Colp) [Orabug:
29725308] {CVE-2019-11091}
[4.4.4-155.0.71.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=04eacc1e0105409f9bdf022245675ad73da42a4f
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec-ctl: Expose X86_FEATURE_MD_CLEAR to guests (Patrick Colp)
[Orabug: 29677170] {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130}
- x86/spec-ctrl: Introduce options to control VERW flushing (Andrew
Cooper) [Orabug: 2977170] {CVE-2018-12126} {CVE-2018-12127}
{CVE-2018-12130} {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130}
- x86/spec-ctrl: Infrastructure to use VERW to flush pipeline buffers
(Andrew Cooper) [Orabug: 29677170] {CVE-2018-12126} {CVE-2018-12127}
{CVE-2018-12130} {CVE-2018-12126} {CVE-2018-12127} {CVE-2018-12130}
- x86/spec-ctrl: CPUID/MSR definitions for Microarchitectural Data
Sampling (Andrew Cooper) [Orabug: 29677170] {CVE-2018-12126}
{CVE-2018-12127} {CVE-2018-12130} {CVE-2018-12126} {CVE-2018-12127}
{CVE-2018-12130}
[4.4.4-155.0.70.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=fe6aeea547601bf272e1da031d52c5182917e992
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Config: Update git links to use linux-git.us.oracle.com (Patrick Colp)
[Orabug: 29558670]
- gnttab: set page refcount for copy-on-grant-transfer (Jan Beulich)
[Orabug: 29442731]
[4.4.4-155.0.69.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=9137bf771e8bec498e90f908de1e37595ebb8b7f
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec-ctrl: Add option to intercept SPEC_CTRL MSR if we have EIBRS
(Patrick Colp) [Orabug: 29554078]
[4.4.4-155.0.68.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=1b24fac537efe5f5480fc77f771edb11bd308de1
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- tools/libxc: Expose X86_FEATURE_ARCH_CAPS to guests (Patrick Colp)
[Orabug: 29292333]
- x86/spec-ctrl: Don't frob SPEC_CTRL MSR on idle if we have EIBRS
(Patrick Colp) [Orabug: 29292333]
- x86/spec-ctrl: Enable enhanced IBRS and make it the default (Patrick
Colp) [Orabug: 29292333]
- x86/spec-ctrl: Add functions for supporting enhanced IBRS (Patrick
Colp) [Orabug: 29292333]
[4.4.4-155.0.67.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=c7a51043fd200a42af231cb82f19a2bd804731e4
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- retpoline: disable jump tables (Norbert Manthey) [Orabug: 29193117]
{CVE-2017-5753}
- x86: assorted array_index_nospec() insertions (Jan Beulich) [Orabug:
29193117] {CVE-2017-5753}
- xen: Port the array_index_nospec() infrastructure from Linux (Andrew
Cooper) [Orabug: 29193117] {CVE-2017-5753}
[4.4.4-155.0.66.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=8dccdd881e21695aeb33913094061c9497546950
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec-ctrl: Don't mask off CPUID7.edx[31] (SSBD bit) (Boris
Ostrovsky) [Orabug: 29139206]
[4.4.4-155.0.65.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=71ee395559ac03701ac2f090e82c928b6c2ce794
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Red-tape: Update the repo with CVE for XSA-280 (Patrick Colp) [Orabug:
28945152] {CVE-2018-19966}
- Red-tape: Update the repo with CVE for XSA-279 (Patrick Colp) [Orabug:
28945119] {CVE-2018-19965}
- Red-tape: Update the repo with CVE for XSA-275 (Elena Ufimtseva)
[Orabug: 28951148] {CVE-2018-19961}
- Red-tape: Update the repo with CVE XSA-282 (Ross Philipson) [Orabug:
28924128] {CVE-2018-19967}
[4.4.4-155.0.64.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=da5606738509aab67eb02e13b15c975ae2425b43
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- AMD/IOMMU: suppress PTE merging after initial table creation (Jan
Beulich) [Orabug: 28951148]
- amd/iommu: fix flush checks (Roger Pau Monné) [Orabug: 28951148]
- xen: Fix determining when domain creation is complete (Andrew Cooper)
- x86/shadow: shrink struct page_info's shadow_flags to 16 bits (Jan
Beulich) [Orabug: 28945152]
- x86/shadow: move OOS flag bit positions (Jan Beulich) [Orabug: 28945152]
- x86/mm: Don't perform flush after failing to update a guests L1e
(Andrew Cooper) [Orabug: 28945119]
[4.4.4-155.0.63.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=a294b50358698ed212dc8f1bdbb7f5cf3351cb44
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: work around HLE host lockup erratum (Jan Beulich) [Orabug: 28924128]
- x86: extend get_platform_badpages() interface (Jan Beulich) [Orabug:
28924128]
[4.4.4-155.0.62.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=159d3f21f493caa64718b0f43b9591cb3079009c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- rebuild with new secureboot key [Orabug: 28900807]
[4.4.4-155.0.61.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=159d3f21f493caa64718b0f43b9591cb3079009c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: remove extraneous waitForDevices() call in soft_reset (Eric
DeVolder) [Orabug: 28783430]
- xend: detect and correct race condition in DevController hotplug (Eric
DeVolder) [Orabug: 28783430]
[4.4.4-155.0.60.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=67eb9ea16555eb3a827fa1bbfc7297115eed8bf5
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: use DevController waitFor() methods for non-hotplug devices
(Eric DeVolder) - xend: mark appropriate DevController subclasses as not
hotplug (Eric DeVolder) [Orabug: 28838569]
[4.4.4-155.0.59.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=3048fd22c26d095de82291de9018134b4c68294f
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: prevent scrubbing stall during kexec soft_reset (Eric DeVolder)
[Orabug: 28817482]
[4.4.4-155.0.58.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=8b7eb64047256b59d5fd3fdb3a05e2c989352082
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: Properly wait for hot plug devices to complete (Eric DeVolder)
[Orabug: 27338786] [Orabug: 27927358]
- xend: Mark vfb and vkbd devices as not hot plug (Eric DeVolder)
[4.4.4-155.0.57.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=4b6b4867ac0a5d97bfbd6cf4dde94c31e8a50f42
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- one-off build
[4.4.4-155.0.56.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=4b6b4867ac0a5d97bfbd6cf4dde94c31e8a50f42
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: do not raise an exception if xc_domain_setsmt fails (Eric
DeVolder) [Orabug: 28717409]
[4.4.4-155.0.55.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=687c20b5e9067641e09f7870fa248ab392386012
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/EFI: further correct FPU state handling around runtime calls (Jan
Beulich) [Orabug: 28735776]
- x86/EFI: fix FPU state handling around runtime calls (Jan Beulich)
[Orabug: 28735776]
[4.4.4-155.0.54.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=a020f11d51785a57ee70b8273b7da392e8cffd08
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Xend: Close race condition between python threads during kexec (Eric
DeVolder) [Orabug: 28440062] [Orabug: 28748880]
[4.4.4-155.0.53.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=6b233578f5ce09d4beec9e97754321d5f13da836
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: fix exceptions thrown in setTopology() (Eric DeVolder) [Orabug:
28717409]
- Revert "x86/EFI: fix FPU state handling around runtime calls" (Ross
Philipson) [Orabug: 28735776]
- Revert "x86/EFI: further correct FPU state handling around runtime
calls" (Ross Philipson) [Orabug: 28735776]
[4.4.4-155.0.52.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=a65957cb5342221720e7a6dd89a081631db75289
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vnuma: check cpus option is suitable for vnuma (Elena Ufimtseva)
[Orabug: 28632335]
[4.4.4-155.0.51.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=962c2c7bd087f5fa6ed3971e59c3b34b761ba105
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec-ctrl: command line handling adjustments (Jan Beulich)
[Orabug: 28696342]
- x86/HVM: don't cause #NM to be raised in Xen (Jan Beulich) [Orabug:
28696342]
- x86/EFI: further correct FPU state handling around runtime calls (Jan
Beulich) [Orabug: 28696342]
- x86/EFI: fix FPU state handling around runtime calls (Jan Beulich)
[Orabug: 28696342]
[4.4.4-155.0.50.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=47eb65bf41acb5de51b26ac7149fb2ffaf8cf26c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Xend: Add support for changing backend vbd device (Bhavesh Davda)
[Orabug: 28688170]
[4.4.4-155.0.49.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=deddf994efb7b742ed9bc83478892163448c0623
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vnuma: dont fail guest creation when cpus are defined incorrectly
(Elena Ufimtseva) [Orabug: 28632335]
- xend: fix migration code path for XendDomainInfo memory leakage
(Manjunath Patil) [Orabug: 28294063]
- xend: fix memory leak of XendDomainInfo attributes (Manjunath Patil)
[4.4.4-155.0.48.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=9876b869fa5d650b4352a161d9956e43d8a2c2ca
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- intel/microcode: Synchronize update signature (Boris Ostrovsky)
[Orabug: 28610312]
[4.4.4-155.0.47.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=6cb2b10c6652066e87dedba104a963189b8f5705
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/vtx: Fix the checking for unknown/invalid MSR_DEBUGCTL bits
(Andrew Cooper) [Orabug: 28432092] {CVE-2018-15468}
[4.4.4-155.0.46.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=37c139ca51ded61f1aa064d0718643054cdb852a
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spectre: Fix SPEC_CTRL_ENTRY_FROM_INTR_IST macro (Boris Ostrovsky)
[Orabug: 28537443]
[4.4.4-155.0.45.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=016c69c5931e1e93ee2271fc6ba83f274023ad6c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/microcode: Synchronize late microcode loading (Boris Ostrovsky)
[Orabug: 28526227]
- Revert "microcode: pin the sibling while updating microcode on a core"
(Boris Ostrovsky) [Orabug: 28526227]
[4.4.4-155.0.44.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=6b194035640b39c1a49372c0412f92d6ccfe2071
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- microcode: pin the sibling while updating microcode on a core (Boris
Ostrovsky) [Orabug: 28518195]
[4.4.4-155.0.43.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=f6f0fa8e504788ce420685594a84cee34b261d94
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Revert "xend: fix memory leak of XendConfig.XendConfig object" (Konrad
Rzeszutek Wilk) [Orabug: 28506640]
[4.4.4-155.0.42.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=12e30bfbcf4aef7e74fcfc4664195d5265dc47a6
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- l1tf: Utility to offline/online SMT siblings. (Ross Philipson)
[Orabug: 28487044] {CVE-2018-3646}
- x86/spec-ctrl: Introduce an option to control L1D_FLUSH for HVM guests
(Andrew Cooper) [Orabug: 28487044] {CVE-2018-3620} {CVE-2018-3646}
- x86/msr: Virtualise MSR_FLUSH_CMD for guests (Andrew Cooper) [Orabug:
28487044] {CVE-2018-3646} {CVE-2018-3646}
- x86/spec-ctrl: CPUID/MSR definitions for L1D_FLUSH (Andrew Cooper)
[Orabug: 28487044] {CVE-2018-3646} {CVE-2018-3646}
- x86/spec-ctrl: Calculate safe PTE addresses for L1TF mitigations
(Andrew Cooper) [Orabug: 28487044] {CVE-2018-3620} {CVE-2018-3646}
- x86: command line option to avoid use of secondary hyper-threads (Jan
Beulich) [Orabug: 28487044] {CVE-2018-3646}
- cpupools: fix state when downing a CPU failed (Jan Beulich) [Orabug:
28487044] {CVE-2018-3646}
[4.4.4-155.0.41.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=0619cea90227fb2dc5db9822591a4273f5060ab9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: fix memory leak of XendConfig.XendConfig object (Manjunath
Patil) [Orabug: 28223463]
[4.4.4-155.0.40.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=734e463deda25ae779a152766b9be590fb800d5c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/HVM: Restart ioreq processing state machine (Boris Ostrovsky)
[Orabug: 28200421]
[4.4.4-155.0.39.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=5a4a49d0bc7ef092187eb79cc959adac247b2404
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- svm: fix incorrect TSC scaling (Haozhong Zhang) [Orabug: 27182906]
[4.4.4-155.0.38.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=c4b1894da52a61cf37268707ec7c8823e966fcf2
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec-ctrl: Mitigations for LazyFPU (Andrew Cooper) [Orabug:
28135193] {CVE-2018-3665}
- x86: Support fully eager FPU context switching (Andrew Cooper)
[Orabug: 28135193] {CVE-2018-3665}
[4.4.4-155.0.37.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=3719b968b9b0a7db5c1fa40fc2994ec1dd959837
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- [xenmicrocode] Fix error reporting on successful return from tool
(Ross Philipson) [Orabug: 28128749]
- x86: correct default_xen_spec_ctrl calculation (Jan Beulich) [Orabug:
28034994]
- x86/msr: Virtualise MSR_SPEC_CTRL.SSBD for guests to use (Andrew
Cooper) [Orabug: 28034994] {CVE-2018-3639}
- x86/Intel: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew
Cooper) [Orabug: 28034994] {CVE-2018-3639}
- x86/AMD: Mitigations for GPZ SP4 - Speculative Store Bypass (Andrew
Cooper) [Orabug: 28034994] {CVE-2018-3639}
- x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to
replace `bti=` (Andrew Cooper) [Orabug: 28034994] {CVE-2018-3639}
- x86/cpuid: Improvements to guest policies for speculative sidechannel
features (Andrew Cooper) [Orabug: 28034994] {CVE-2018-3639}
- x86/spec_ctrl: Explicitly set Xen's default MSR_SPEC_CTRL value
(Andrew Cooper) [Orabug: 28034994] {CVE-2018-3639}
- x86/spec_ctrl: Split X86_FEATURE_SC_MSR into PV and HVM variants
(Andrew Cooper) [Orabug: 28034994] {CVE-2018-3639}
- x86/spec_ctrl: Elide MSR_SPEC_CTRL handling in idle context when
possible (Andrew Cooper) [Orabug: 28034994] {CVE-2018-3639}
- x86/spec_ctrl: Rename bits of infrastructure to avoid NATIVE and
VMEXIT (Andrew Cooper) [Orabug: 28034994] {CVE-2018-3639}
- x86/spec_ctrl: Fold the XEN_IBRS_{SET,CLEAR} ALTERNATIVES together
(Andrew Cooper) [Orabug: 28034994] {CVE-2018-3639}
- x86/spec_ctrl: Merge bti_ist_info and use_shadow_spec_ctrl into
spec_ctrl_flags (Andrew Cooper) [Orabug: 28034994] {CVE-2018-3639}
- x86/spec_ctrl: Express Xen's choice of MSR_SPEC_CTRL value as a
variable (Andrew Cooper) [Orabug: 28034994] {CVE-2018-3639}
- x86/spec_ctrl: Read MSR_ARCH_CAPABILITIES only once (Andrew Cooper)
[Orabug: 28034994] {CVE-2018-3639}
- x86/spec_ctrl: Assume that STIBP feature is always available (Boris
Ostrovsky) [Orabug: 28034994] {CVE-2018-3639}
- x86/spec_ctrl: Updates to retpoline-safety decision making (Andrew
Cooper) [Orabug: 28034994] {CVE-2018-3639}
- Revert "x86/boot: Disable IBRS in intr/nmi exit path at bootup stage"
(Boris Ostrovsky) [Orabug: 28034994] {CVE-2018-3639}
[4.4.4-155.0.36.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=5ee0a217664a1fde547afa506e92e4998ed26699
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Red-tape: Update the repo with CVE XSA-262 (Boris Ostrovsky) [Orabug:
27948889] {CVE-2018-10981}
- Red-tape: Update the repo with CVE XSA-261 (Boris Ostrovsky) [Orabug:
27948864] {CVE-2018-10982}
[4.4.4-155.0.35.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=a20dadee84429112c3b5f245180f72d990063d20
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/HVM: guard against emulator driving ioreq state in weird ways (Jan
Beulich) [Orabug: 27948889]
- x86/vpt: add support for IO-APIC routed interrupts (Xen Project
Security Team) [Orabug: 27948864]
[4.4.4-155.0.34.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=c6b30b4f49430b1314928a4d98a5e9e754895e4d
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vnuma: unset smt even if vnuma is off (Elena Ufimtseva) [Orabug: 27950640]
- x86/paging: don't unconditionally BUG() on finding SHARED_M2P_ENTRY
(Jan Beulich) [Orabug: 27965254] {CVE-2017-17565}
- x86/mm: don't wrongly set page ownership (Jan Beulich) [Orabug:
27965236] {CVE-2017-17566}
- misc/xenmicrocode: Upload /lib/firmware/<some blob> to the hypervisor
(Konrad Rzeszutek Wilk) [Orabug: 27957822]
[4.4.4-155.0.33.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=75ac5267506600d4587b80daae6bb694099e2c03
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/traps: Fix handling of #DB exceptions in hypervisor context
(Andrew Cooper) [Orabug: 27963989] {CVE-2018-8897}
- x86/traps: Use an Interrupt Stack Table for #DB (Andrew Cooper)
[Orabug: 27963989] {CVE-2018-8897}
- x86/pv: Move exception injection into {,compat_}test_all_events()
(Andrew Cooper) [Orabug: 27963989] {CVE-2018-8897}
- x86/traps: Fix %dr6 handing in #DB handler (Andrew Cooper) [Orabug:
27963989] {CVE-2018-8897}
- x86/traps: Misc non-functional improvements to set_debugreg() (Andrew
Cooper) [Orabug: 27963989] {CVE-2018-8897}
- x86/pv: Several bugs in set_debugreg() (Ross Philipson) [Orabug:
27963989] {CVE-2018-8897}
- x86/pv: The do_get_debugreg CR4.DE condition is inverted. (Ross
Philipson) [Orabug: 27963989] {CVE-2018-8897}
[4.4.4-155.0.32.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=d787e7a9d35cc2880b525f1d7a35f27969590f4c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vnuma: dont turn on smt for odd number of vcpus (Elena Ufimtseva)
[Orabug: 27950640]
[4.4.4-155.0.31.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=b68fb6eb2d74ac16bb1e733c5fe5c9d9622b0838
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vnuma: dont fail guest creation if vnuma cannot be set (Elena
Ufimtseva) [Orabug: 27734123]
[4.4.4-155.0.30.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=2446bf402a359332c21fe3f74d81a4c31191752f
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/vMSI-X: honor all mask requests (Jan Beulich) [Orabug: 27805894]
[4.4.4-155.0.29.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=b16b37d1e358a490d4cf930fe8efe1432d4723ef
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- remove bogus file in the branch. (Elena Ufimtseva)
[4.4.4-155.0.28.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=e1d84ac130fa17bafc394684ae9ba0eedfdca9a9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/shadow: fix ref-counting error handling (Jan Beulich) [Orabug:
27803798] {CVE-2017-17564}
- x86/shadow: fix refcount overflow check (Jan Beulich) [Orabug:
27803801] {CVE-2017-17563}
[4.4.4-155.0.27.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=bf523bc61677448cb7bb79980d6969896d005bd5
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- hvmloader: Initialize a variable before we use it (Patrick Colp)
[Orabug: 27751146]
- x86/hvm: indicate avaliability of HW support of APIC virtualization to
HVM guests (Boris Ostrovsky) [Orabug: 27739755]
- x86/boot: Disable IBRS in intr/nmi exit path at bootup stage
(Zhenzhong Duan) [Orabug: 27411047]
- Fix a wrong check in DO_SPEC_CTRL_EXIT_TO_XEN (Zhenzhong Duan)
[Orabug: 27738692] {CVE-2017-5715}
[4.4.4-155.0.26.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=eb6d0ea26496051c6ab876e4037fca0b9cf079d9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xenstore: add assertion in database dumping code (Wei Liu) [Orabug:
27608242]
- xenstore: send error earlier in do_mkdir (Wei Liu) [Orabug: 27608242]
- xenstore: add memory allocation debugging capability (Juergen Gross)
[Orabug: 27608242]
- xenstore: use temporary memory context for firing watches (Juergen
Gross) [Orabug: 27608242]
- xenstore: add explicit memory context parameter to get_node() (Juergen
Gross) [Orabug: 27608242]
- xenstore: add explicit memory context parameter to read_node()
(Juergen Gross) [Orabug: 27608242]
- xenstore: add explicit memory context parameter to get_parent()
(Juergen Gross) [Orabug: 27608242]
- xenstore: call each xenstored command function with temporary context
(Juergen Gross) [Orabug: 27608242]
- cxenstored: document a bunch of short options in help string (Wei Liu)
[Orabug: 27608242]
[4.4.4-155.0.25.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=18c714d6839a3fd0d42a5400de940c5b5e788a8c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spectre: Make retpoline code match upstream version (Patrick Colp)
- xenbaked.c: Avoid divide by zero issue (Joe Jin) [Orabug: 27687906]
- xen/trace: Fix trace metadata page count calculation (revert fbf96e6)
(George Dunlap) [Orabug: 27602524]
- x86/traps/spectre: Fix IO emulation stub code (Boris Ostrovsky)
[Orabug: 27693394] {CVE-2017-5715}
[4.4.4-155.0.24.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=fa171d3584f49dae46fcea63516b25465473a83b
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: use vcpus variable in log.warn (Elena Ufimtseva) - xend: turn
off smt if vcpus are not multiple of threads (Elena Ufimtseva) [Orabug:
27648711]
- xend: fix preserving smt across reboot (Elena Ufimtseva) [Orabug:
27648711]
- xend: fix is_vnuma_off function (Elena Ufimtseva)
[4.4.4-155.0.23.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=131bef465d7329311ec1d9d8f8011a1ceb8d32fe
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- mm, sysctl, xend: only create when there's enough scrubbed memory
(Joao Martins) [Orabug: 27450131]
[4.4.4-155.0.22.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=9ccc143584e12027a8db854d19ce8a120d22cfac
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- gnttab: don't blindly free status pages upon version change (Andrew
Cooper) [Orabug: 27614581] {CVE-2018-7541}
- memory: don't implicitly unpin for decrease-reservation (Andrew
Cooper) [Orabug: 27614605] {CVE-2018-7540}
- xend: allow setting topology if smt is off in bios (Elena Ufimtseva)
[Orabug: 27615667]
- x86/svm: clear CPUID IBPB when feature is not supported (Elena
Ufimtseva) [Orabug: 27416699]
- x86/domain: Move hvm_vcpu_initialize() before cpuid_policy_changed()
(Elena Ufimtseva) [Orabug: 27416699]
- x86, amd_ucode: support multiple container files appended together
(Aravind Gopalakrishnan) [Orabug: 27416699]
- x86/intel: change default governor to performance (Joao Martins)
[Orabug: 27614625]
- x86/cpuidle: Disable deep C-states due to erratum AAJ72 (Joao Martins)
[Orabug: 27614625]
- Revert "set max cstate to 1" (Joao Martins) [Orabug: 27614625]
- x86/cpuidle: add new CPU families (Jan Beulich) [Orabug: 27614625]
- x86/Intel: Broadwell doesn't have PKG_C{8,9,10}_RESIDENCY MSRs (Jan
Beulich) [Orabug: 27614625]
- x86: support newer Intel CPU models (Jan Beulich) [Orabug: 27614625]
- mwait-idle: add KBL support (Len Brown) [Orabug: 27614625]
- mwait-idle: add SKX support (Len Brown) [Orabug: 27614625]
- mwait_idle: Skylake Client Support (Len Brown) [Orabug: 27614625]
- x86: support newer Intel CPU models (Jan Beulich) [Orabug: 27614625]
- x86/idle: update to include further package/core residency MSRs (Jan
Beulich) [Orabug: 27614625]
- mwait-idle: support additional Broadwell model (Len Brown) [Orabug:
27614625]
- x86/mwait-idle: Broadwell support (Len Brown) [Orabug: 27614625]
- x86/mwait-idle: disable Baytrail Core and Module C6 auto-demotion (Len
Brown) [Orabug: 27614625]
- mwait-idle: add CPU model 54 (Atom N2000 series) (Jan Kiszka) [Orabug:
27614625]
- mwait-idle: support Bay Trail (Len Brown) [Orabug: 27614625]
- mwait-idle: allow sparse sub-state numbering, for Bay Trail (Len
Brown) [Orabug: 27614625]
[4.4.4-155.0.21.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=c837c35e1c04791a50f930926ba815ca5b4d3661
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: restore smt parameter on guest reboot (Elena Ufimtseva) [Orabug:
27574191]
[4.4.4-155.0.20.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=f36f7903ae0886ab4ef7e3e01c83c9dba819537b
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST
(Andrew Cooper) [Orabug: 27553369] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86: allow easier disabling of BTI mitigations (Zhenzhong Duan)
[Orabug: 27553369] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Make alternative patching NMI-safe (Andrew Cooper) [Orabug:
27553369] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- xen/cmdline: Fix parse_boolean() for unadorned values (Andrew Cooper)
[Orabug: 27553369] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- Optimize the context switch code a bit (Zhenzhong Duan) [Orabug:
27553369] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- Update init_speculation_mitigations() to upstream's (Zhenzhong Duan)
[Orabug: 27553369] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Avoid using alternatives in NMI/#MC paths (Andrew Cooper)
[Orabug: 27553369] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- Update RSB related implementation to upstream ones (Zhenzhong Duan)
[Orabug: 27553369] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
[4.4.4-155.0.19.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=bdecffda647e17f8aaeb4057bd1064236075bc9c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: if secure boot is enabled dont write pci config space (Elena
Ufimtseva) [Orabug: 27533309]
[4.4.4-155.0.18.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=46aa4f995b266e9dc0bce98b448423c5fdc79fde
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- hvmloader: Correct nr_vnodes when init_vnuma_info() fails (Annie Li)
[Orabug: 27502337]
[4.4.4-155.0.17.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=1fb819ca1b801af1f59983f34776501336a57979
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Fail migration if destination does not allow pv guest running (Annie
Li) [Orabug: 27465310]
[4.4.4-155.0.16.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=dfc241a5b6a952bde385b1d68ef42acf8f80302c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (redux)
(Konrad Rzeszutek Wilk) [Orabug: 27445667]
[4.4.4-155.0.15.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=d5afa57c42732dc35a572582099c67ee3c397434
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Enable creating pv guest on OVM3.4.4 by default (Annie Li) [Orabug:
27424482]
[4.4.4-155.0.14.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=619dd3aa6aac97dbc9f23fdae3d6fd6dfab8a0da
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen/x86: Make sure identify_cpu() is called with traps enabled (Joao
Martins) [Orabug: 27393237]
- xend: disallow pv guests to run (Joao Martins) [Orabug: 27370330]
- hvmloader, x86/hvm, domctl: enumerate apicid based on vcpu_to_vnode
(Joao Martins) [Orabug: 27119689]
- xend: conditionally use dom0 vcpus for vnuma auto (Joao Martins)
[Orabug: 27119689]
- x86/Spectre: Set thunk to THUNK_NONE if compiler support is not
available (Boris Ostrovsky) [Orabug: 27375704]
[4.4.4-155.0.13.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=1d2270f50ef2b1b22b8f6ee7a9b571ea96f7f37b
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen: No dependencies on dracut and microcode_ctl RPMs (Boris
Ostrovsky) [Orabug: 27409734]
[4.4.4-155.0.12.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=bd770ecc2d0647c0cf5498391e3392e4dff5c5f9
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: Always print info about speculative mitigation facilities (Boris
Ostrovsky) [Orabug: 27352414] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86: Don't use retpoline if CONFIG_INDIRECT_THUNK is not set (Boris
Ostrovsky) [Orabug: 27352414] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
[4.4.4-155.0.11.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=e08ec4a5cb232f5a153c716f5519e5fbb52584cd
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- rpm: Add microcode_ctl dependency (Boris Ostrovsky) - x86: cpuint.
Move the detection of CPU capabilities (Konrad Rzeszutek Wilk) [Orabug:
27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- migration: Set the CPUID _before_ XEN_DOMCTL_sethvmcontext (Konrad
Rzeszutek Wilk) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86/xen: Make cpu_has_[stibp,ibrsp,etc] work. (Konrad Rzeszutek Wilk)
[Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Expose CPUID.7, EDX.26->27 and CPUID.0x80000008, EBX.12 (Konrad
Rzeszutek Wilk) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86/idle: Clear SPEC_CTRL while idle (Andrew Cooper) [Orabug:
27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/cpuid: Offer Indirect Branch Controls to guests (Andrew Cooper)
[Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/ctxt: Issue a speculation barrier between vcpu contexts (Andrew
Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Clobber the Return Stack Buffer on entry to Xen (Andrew
Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Calculate the most appropriate BTI mitigation to use (Andrew
Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Use MSR_SPEC_CTRL at each entry/exit point (Andrew Cooper)
[Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Protect unaware domains from meddling hyperthreads (Andrew
Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: Permit guests direct access to MSR_{SPEC_CTRL,PRED_CMD}
(Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86/migrate: Move MSR_SPEC_CTRL on migrate (Andrew Cooper) [Orabug:
27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/msr: Emulation of MSR_{SPEC_CTRL,PRED_CMD} for guests (Andrew
Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce a common cpuid_policy_updated() (Andrew Cooper)
[Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce framework for cpuid policy updates (Boris Ostrovsky)
[Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce cpuid_policy (Boris Ostrovsky) [Orabug: 27344753]
{CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/msr: introduce struct msr_vcpu_policy (Sergey Dyasli) [Orabug:
27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/cmdline: Introduce a command line option to disable IBRS/IBPB,
STIBP and IBPB (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753}
{CVE-2017-5715} {CVE-2017-5754}
- xen: add an optional string end parameter to parse_bool() (Juergen
Gross) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/feature: Definitions for Indirect Branch Controls (Andrew Cooper)
[Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Introduce alternative indirect thunks (Andrew Cooper) [Orabug:
27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Backport setup_force_cpu_cap (Boris Ostrovsky) [Orabug: 27344753]
{CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/amd: Try to set lfence as being Dispatch Serialising (Andrew
Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/boot: Report details of speculative mitigations (Andrew Cooper)
[Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Support indirect thunks from assembly code (Andrew Cooper)
[Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- common/wait: Clarifications to wait infrastructure (Andrew Cooper)
[Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86: Support compiling with indirect branch thunks (Andrew Cooper)
[Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Erase guest GPR state on entry to Xen (Andrew Cooper)
[Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/pv: Move hypercall handling up into C (Andrew Cooper) [Orabug:
27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: Use SAVE_ALL to construct the cpu_user_regs frame after
VMExit (Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753}
{CVE-2017-5715} {CVE-2017-5754}
- x86/entry: Rearrange RESTORE_ALL to restore register in stack order
(Andrew Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715}
{CVE-2017-5754}
- x86/entry: Remove support for partial cpu_user_regs frames (Andrew
Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/alt: Introduce ALTERNATIVE{,_2} macros (Andrew Cooper) [Orabug:
27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/alt: Break out alternative-asm into a separate header file (Andrew
Cooper) [Orabug: 27344753] {CVE-2017-5753} {CVE-2017-5715} {CVE-2017-5754}
- x86/hvm: assert that we we saved a sane number of MSRs. (Tim Deegan)
[Orabug: 27338201]
- x86: Avoid corruption on migrate for vcpus using CPUID Faulting
(Andrew Cooper) [Orabug: 27338201]
- x86/hvm: Don't corrupt the HVM context stream when writing the MSR
record (Andrew Cooper) [Orabug: 27338201]
- x86: generic MSRs save/restore (Jan Beulich) [Orabug: 27338201]
- x86/msr: introduce guest_wrmsr() (Sergey Dyasli) [Orabug: 27338201]
- x86/msr: introduce guest_rdmsr() (Sergey Dyasli) [Orabug: 27338201]
- x86/msr: introduce struct msr_domain_policy (Sergey Dyasli) [Orabug:
27338201]
- microcode: Always scan the initramfs for microcode (Konrad Rzeszutek
Wilk) [Orabug: 27338209]
- x86: Move microcode loading earlier (Konrad Rzeszutek Wilk) [Orabug:
27338209]
- livepatch: Alternative backport compile issues under Xen 4.4 (Konrad
Rzeszutek Wilk) [Orabug: 27338204]
- x86: support 2- and 3-way alternatives (Jan Beulich) [Orabug: 27338204]
- xen/x86/alternatives: Do not use sync_core() to serialize I$ (Borislav
Petkov) [Orabug: 27338204]
- livepatch: NOP if func->new_addr is zero. (Konrad Rzeszutek Wilk)
[Orabug: 27338204]
- alternatives: x86 rename and change parameters on ARM (Konrad
Rzeszutek Wilk) [Orabug: 27338204]
- x86/arm64: Expose the ALT_[ORIG|REPL]_PTR macros to header files.
(Konrad Rzeszutek Wilk) [Orabug: 27338204]
- xsplice: Add support for alternatives (Ross Lagerwall) [Orabug: 27338204]
- x86: Alter nmi_callback_t typedef (Konrad Rzeszutek Wilk) [Orabug:
27338204]
- x86/alternatives: correct near branch check (Jan Beulich) [Orabug:
27338204]
- x86: disable CR0.WP while applying alternatives (Andrew Cooper)
[Orabug: 27338204]
- work around Clang generating .data.rel.ro section for init-only files
(Andrew Cooper) [Orabug: 27338204]
- x86: move alternative.c data fully into .init.* (Jan Beulich) [Orabug:
27338204]
- x86: port the basic alternative mechanism from Linux to Xen (Feng Wu)
[Orabug: 27338204]
- x86: add definitions for NOP operation (Feng Wu) [Orabug: 27338204]
[4.4.4-155.0.10.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=32639222bb19e981f5500fcef435fce2c1c6eef0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen.spec: Add sbsignxen to sign xen.efi binary. (Srinivas Maturi)
[Orabug: 27261277]
[4.4.4-155.0.9.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=73f85f0b6808e91db01457ff5f6fa74a6e1fa4f5
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/setup: do not relocate modules and crashkernel region over the Xen
image (Daniel Kiper) [Orabug: 27248005]
- x86/boot: add missing branch to the dom0 kernel data acquisition
(Daniel Kiper) [Orabug: 27234709]
- xen/x86: do not put .efi.pe.header section into LOAD segment (Daniel
Kiper) [Orabug: 27248005]
- xen/x86: do not relocate below the end of current Xen image placement
(Daniel Kiper) [Orabug: 27248005]
- xen/x86: do not relocate the Xen image if the bootloader did the work
for us (Daniel Kiper) [Orabug: 27248005]
- xen/x86: Build xen.mb.efi directly from xen-syms (Daniel Kiper)
[Orabug: 27180757]
- xen/x86/efi: Verify dom0 kernel with SHIM_LOCK protocol in
efi_multiboot2() (Daniel Kiper) [Orabug: 27180757]
- efi: split out efi_shim_lock() (Daniel Kiper) [Orabug: 27180757]
- xen/x86: Add some addresses to the Multiboot2 header (Daniel Kiper)
[Orabug: 27180757]
- xen/x86: Add some addresses to the Multiboot header (Daniel Kiper)
[Orabug: 27180757]
- xen/x86: Manually build PE header (Daniel Kiper) [Orabug: 27180757]
- xen: Introduce XEN_COMPILE_POSIX_TIME (Daniel Kiper) [Orabug: 27180757]
- xen/x86/boot: Align the stack as UEFI spec requires (Daniel Kiper)
[Orabug: 27180757]
[4.4.4-155.0.8.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=667086f56694d9e4e1f45b3ac9126bb8d8ceff26
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Fix dom0_vcpus_pin regression (Konrad Rzeszutek Wilk) [Orabug: 27234748]
- xend/python: Add 'enclosure-type' (Konrad Rzeszutek Wilk) [Orabug:
27220742]
- xend/python: Expand the list of parameters that can be changed to
include all (Konrad Rzeszutek Wilk) - xend/python: Export DMI asset-tag
and platform to guests. (Konrad Rzeszutek Wilk) [Orabug: 27220742]
- vNUMA: fix the selection of correct number of cores (Elena Ufimtseva)
[Orabug: 27222930]
[4.4.4-155.0.7.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=b90f0a4fa66aea67e743c393ba307612a2fec379
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- p2m: Check return value of p2m_set_entry() when decreasing reservation
(George Dunlap) [Orabug: 27216264] {CVE-2017-17045}
- p2m: Always check to see if removing a p2m entry actually worked
(George Dunlap) [Orabug: 27216264] {CVE-2017-17045}
- x86/pod: prevent infinite loop when shattering large pages (Julien
Grall) [Orabug: 27216261] {CVE-2017-17044}
- xen/physmap: Do not permit a guest to populate PoD pages for itself
(Elena Ufimtseva) [Orabug: 27216261] {CVE-2017-17044}
- xend/pxm: Include pxm in XenStore when hotplugging PCI devices (Konrad
Rzeszutek Wilk) [Orabug: 27206706]
[4.4.4-155.0.6.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=2f4972e50ebd2a470b19bfdb1fc6ce91e77614e0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vNUMA: assign vcpus to nodes by interleaving (Elena Ufimtseva)
[Orabug: 27091937]
[4.4.4-155.0.5.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=c9c2df2dc87e18c9dcf584aedf859ab50b62883a
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vNUMA: disable vNUMA if fail to find vcpus for pinning (Elena
Ufimtseva) [Orabug: 27091931]
[4.4.4-155.0.4.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=fe4d54f49f8cf07f9e9d8077b7c85d287fb5c90c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/shadow: correct SH_LINEAR mapping detection in sh_guess_wrmap()
(Andrew Cooper) [Orabug: 27148184] {CVE-2017-15592} {CVE-2017-15592}
- x86: don't wrongly trigger linear page table assertion (Jan Beulich)
[Orabug: 27148179] {CVE-2017-15595}
[4.4.4-155.0.3.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=b67a2d04c74002cceabfa76612a27fd1cf3f2b29
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- vNUMA: fix cpus assignment in manual vNUMA mode. (Elena Ufimtseva)
[Orabug: 26828896]
[4.4.4-155.0.2.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=41067cbb7a1ecab6aa2ca0d8d40a4c9f36c5e76e
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/cpu: fix IST handling during PCPU bringup (Andrew Cooper) [Orabug:
26901421] {CVE-2017-15594}
- x86/shadow: Don't create self-linear shadow mappings for 4-level
translated guests (Andrew Cooper) [Orabug: 26901413] {CVE-2017-15592}
- x86: Disable the use of auto-translated PV guests (Andrew Cooper)
[Orabug: 26901413] {CVE-2017-15592}
- x86: don't allow page_unlock() to drop the last type reference (Jan
Beulich) [Orabug: 26901401] {CVE-2017-15593}
- x86: don't store possibly stale TLB flush time stamp (Jan Beulich)
[Orabug: 26901391] {CVE-2017-15588}
- x86/mm: Disable PV linear pagetables by default (George Dunlap)
[Orabug: 26901363] {CVE-2017-15595}
- x86: limit linear page table use to a single level (Jan Beulich)
[Orabug: 26901363] {CVE-2017-15595}
- x86/HVM: prefill partially used variable on emulation paths (Jan
Beulich) [Orabug: 26901338] {CVE-2017-15589}
- x86/FLASK: fix unmap-domain-IRQ XSM hook (Jan Beulich) [Orabug:
26901311] {CVE-2017-15590}
- x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
paths (Jan Beulich) [Orabug: 26901311] {CVE-2017-15590}
- x86/MSI: disallow redundant enabling (Jan Beulich) [Orabug: 26901311]
{CVE-2017-15590}
- x86: enforce proper privilege when (un)mapping pIRQ-s (Jan Beulich)
[Orabug: 26901311] {CVE-2017-15590}
- x86: don't allow MSI pIRQ mapping on unowned device (Jan Beulich)
[Orabug: 26901311] {CVE-2017-15590}
- gnttab: fix pin count / page reference race (Jan Beulich) [Orabug:
26901277] {CVE-2017-15597}
[4.4.4-155.0.1.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=7590623eeb64d8a8f733c24eb80818f86eb870f0
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- gnttab: also validate PTE permissions upon destroy/replace (Jan
Beulich) [Orabug: 26733715] {CVE-2017-14319}
- tools/xenstore: dont unlink connection object twice (Juergen Gross)
[Orabug: 26739949] {CVE-2017-14317}
- xen/mm: make sure node is less than MAX_NUMNODES (George Dunlap)
[Orabug: 26733665] {CVE-2017-14316}
[4.4.4-155.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=a093e86f85280e92c41b1782a409c3029c53c61b
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- grant_table: Set max grant table version to 2 (Boris Ostrovsky)
[Orabug: 26564064]
[4.4.4-154.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=453e4fd031596351200e96224f89789e29d9bddc
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- gnttab: correct pin status fixup for copy (Jan Beulich) [Orabug: 26591253]
- gnttab: split maptrack lock to make it fulfill its purpose again (Jan
Beulich) [Orabug: 26564140] {CVE-2017-12136}
- x86/grant: Disallow misaligned PTEs (Andrew Cooper) [Orabug: 26564118]
{CVE-2017-12137}
- grant_table: Default to v1, and disallow transitive grants (Andrew
Cooper) [Orabug: 26564064] {CVE-2017-12135}
[4.4.4-153.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=610401e026e333a31402c4e47107e2d51f40e88e
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/apic/x2apic: Share IRQ vector between cluster members only when
cpumask is specified (Boris Ostrovsky) [Orabug: 26360629]
[4.4.4-152.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=4ff73534ac66685dc3aec163572119979d3bd4c5
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: ignore non-vNUMA VMs in nodeload if vm config has no "cpus"
(Elena Ufimtseva) [Orabug: 26498675]
- xend: fix vcpu_to_vnuma mask construction (Elena Ufimtseva) [Orabug:
26533429]
[4.4.4-151.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=4fb62266d3b7ebca86cee661e1fbb77ffb9ece38
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- use more fixed strings to build the hypervisor (Olaf Hering) - xen:
elfloader: increase limit on number of sections in module (Vegard Nossum)
[4.4.4-150.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=cc2b44e080fb2685d2141acee704f7e360366653
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: disable vNUMA on per-guest basis (Elena Ufimtseva)
[4.4.4-149.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=0f91c081f9a8c9c8645151ce6172358644477040
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: add support for asymmetrical manual vNUMA (Elena Ufimtseva)
[Orabug: 26521752]
- xend: fix vNUMA construction in manual mode (Elena Ufimtseva) [Orabug:
26521752]
- xend: make vNUMA vcpus assignment balanced (Elena Ufimtseva) [Orabug:
26520165]
- xend: move code into function (Elena Ufimtseva)
[4.4.4-148.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=9b9f328f2102af405153eb336c405255dfd65eee
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Red-tape: Update the repo with CVEs for XSA-[217,218,219,221,222,224]
(Konrad Rzeszutek Wilk) [Orabug: 26520525] {CVE-2017-10920}
{CVE-2017-10921} {CVE-2017-10922} {CVE-2017-10915} {CVE-2017-10912}
{CVE-2017-10918} {CVE-2017-10917} {CVE-2017-10913} {CVE-2017-10914}
[4.4.4-147.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=63efdff9b21596d716586c3123db52a66baacaee
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: vNUMA 8 numa node support for low-performance VMs (Elena Ufimtseva)
[4.4.4-146.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=6bcdf6da713b4950da61e612b4e3dda1f4b17ce6
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: hvm guest keeps using original maxmem and memory after xend
restart (Annie Li) [Orabug: 26396728]
- xend: change error message when no cpus found for pinning (Elena
Ufimtseva) - xen: allow to construct vNUMA guests with even number of
vCPUs. (Elena Ufimtseva) [Orabug: 26377715] [Orabug: 26377675]
- xend: allow vNUMA VMs with multiple of sockets vcpus (Elena Ufimtseva)
[Orabug: 26377715] [Orabug: 26377675]
[4.4.4-145.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=a7bfce28689fe284396d5c4a91b8746398e1e1bb
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- gitignore: add tools/misc/xen-diag to .gitignore (Dongli Zhang)
[Orabug: 26391286]
- tools: utility to dump guest grant table info (Dongli Zhang) [Orabug:
26391286]
- tools/libxc: add interface for GNTTABOP_query_size (Dongli Zhang)
[Orabug: 26391286]
[4.4.4-144.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=8e9c6a5b7652717317fe7c6f5b7c251f67c4a018
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend/vnuma: Don't try allocating or finding memory for a kdump guest.
(Konrad Rzeszutek Wilk) [Orabug: 26354498]
- xend/python: Fix vNUMA: disable memory relocation if ib_pfs or pci are
present (Konrad Rzeszutek Wilk) [Orabug: 26413649]
[4.4.4-143.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=69549b08eb9bd3a525c07a97d952673a3d02c76a
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen: increase default max grant frames and max maptrack frames (Annie Li)
[4.4.4-142.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=4a781c6460724a28668ff2d1e9a800d0cf0fb5ae
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: change the error message if vcpus and 'cpus' dont match (Elena
Ufimtseva) - xend: fix vNUMA on xm reboot (Elena Ufimtseva) [Orabug:
26354498]
[4.4.4-141.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=9dfba034e66bc55a9e03d1921fdbf697f55d7768
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen: Increase default max grant frames and PIRQs numbers (Annie Li)
[Orabug: 26338166]
[4.4.4-140.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=4f5e03612105ed392c82bc58a88e0fc59f0b3c3f
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- gnttab: __gnttab_unmap_common_complete() is all-or-nothing (Jan
Beulich) [Orabug: 26199373]
- gnttab: correct logic to get page references during map requests
(George Dunlap) [Orabug: 26199373]
- gnttab: never create host mapping unless asked to (Jan Beulich)
[Orabug: 26199373]
- gnttab: Fix handling of dev_bus_addr during unmap (George Dunlap)
[Orabug: 26199373]
- x86/shadow: Hold references for the duration of emulated writes
(Andrew Cooper) [Orabug: 26199131]
- x86/mm: disallow page stealing from HVM domains (Jan Beulich) [Orabug:
26199019]
- guest_physmap_remove_page() needs its return value checked (Jan
Beulich) [Orabug: 26199335]
- xen/memory: Fix return value handing of guest_remove_page() (Andrew
Cooper) [Orabug: 26199335]
- evtchn: avoid NULL derefs (Jan Beulich) [Orabug: 26199287]
- gnttab: correct maptrack table accesses (Jan Beulich) [Orabug: 26199098]
- gnttab: Avoid potential double-put of maptrack entry (George Dunlap)
[Orabug: 26199098]
- gnttab: fix unmap pin accounting race (Jan Beulich) [Orabug: 26199098]
- IOMMU: handle IOMMU mapping and unmapping failures (Quan Xu) [Orabug:
26199098]
- xend: override memory relocation disable (Elena Ufimtseva) [Orabug:
26046538]
- vNUMA: disable memory relocation if ib_pfs or pci are present (Elena
Ufimtseva) [Orabug: 26046538]
- xend: vNUMA make all memory units in KBytes. (Elena Ufimtseva)
[Orabug: 26046538]
- xc/python: use common paths to parse vnuma topology (Elena Ufimtseva)
[Orabug: 26046538]
[4.4.4-139.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=2b1e5d98846bdf4a2df85fa75ad6af70717a2203
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- OVMF: build against specific ovmf.git commit instead of master
(Zhigang Wang) [Orabug: 26248846]
[4.4.4-138.el6]
- BUILDINFO: OVMF commit=173bf5c847e3ca8b42c11796ce048d8e2e916ff8
- BUILDINFO: xen commit=74a643c566912da76d71e9a7bde14fffb8e0057c
- BUILDINFO: QEMU upstream commit=8bff6989bd0bafcc0ddf859c23ce6a2ff21a80ff
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Add 'bios' option to xend/xm toolstack for HVM guests (Bhavesh Davda)
- xen.spec: enable OVMF (Zhigang Wang) [Orabug: 26248846]
- xen/disk: don't leak stack data via response ring (Jan Beulich)
[Orabug: 26198945]
[4.4.4-137.el6]
- BUILDINFO: xen commit=03fbb2dedc86fb742f1066ffaef76e1c68edccd3
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- python/vnuma: Use memmax_mb value when constructing node_memsz (Konrad
Rzeszutek Wilk) - python/vNUMA: When creating a list of cores (and
siblings) account for all CPUs. (Konrad Rzeszutek Wilk) [Orabug: 26223159]
- python/vNUMA: Creation of nodeload would only pick first CPU of a NODE
(Konrad Rzeszutek Wilk) - Partial revert "xend: use dom0 vcpus for vnuma
guests" (Konrad Rzeszutek Wilk) [Orabug: 26223159]
- vNUMA: propagate topology down to domain memory allocation (Elena
Ufimtseva) [Orabug: 26037786]
- xc: move code around to reuse common parts (Elena Ufimtseva) [Orabug:
26037786]
- xc: use xc_hvm_build_args for memory config passing (Elena Ufimtseva)
[Orabug: 26037786]
[4.4.4-136.el6]
- BUILDINFO: xen commit=901fe4364deb69a6a803f540f03c1d8cf418dbc0
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xen-numa: Add a heatmap. (Konrad Rzeszutek Wilk) [Orabug: 26037786]
- xen-numa: Diagnostic tool to figure out NUMA issues. (Konrad Rzeszutek
Wilk) [Orabug: 26037786]
- libxc: Add xc_list_numa (Konrad Rzeszutek Wilk) [Orabug: 26037786]
- x86:domctl: Add XEN_DOMCTL_get_numa_ranges (Konrad Rzeszutek Wilk)
[Orabug: 26037786]
- xen-mceinj: Loop around xc_get_pfn_list (Konrad Rzeszutek Wilk)
[Orabug: 26037786]
- libxc: libxc: Use XENDOMCTL_get_memlist properly (Konrad Rzeszutek
Wilk) [Orabug: 26037786]
- xen/x86: XENDOMCTL_get_memlist: Make it work (Konrad Rzeszutek Wilk)
[Orabug: 26037786]
- dom0_vcpus_pin/numa: Consider the rest of left-over CPUs. (Konrad
Rzeszutek Wilk) [Orabug: 26089036]
- python/vnuma: Take into account paused (or not yet running) vCPUs of
guests (Konrad Rzeszutek Wilk) [Orabug: 26250117]
[4.4.4-135.el6]
- BUILDINFO: xen commit=5ba391cfacd7fa7a0629ce6055269a2b301c7d2f
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- python/xc: When getting CPU topology get more than 255 CPUs. (Konrad
Rzeszutek Wilk) [Orabug: 26261494]
[4.4.4-134.el6]
- BUILDINFO: xen commit=6fad8c911499ad80dfb73859744fa65111735a07
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- livepatch: Wrong usage of spinlock on debug console. (Konrad Rzeszutek
Wilk) [Orabug: 26248274]
- xend/vNUMA: Fix error when NUMA node has no memory. (Konrad Rzeszutek
Wilk) [Orabug: 26188839]
[4.4.4-133.el6]
- BUILDINFO: xen commit=f6b6f9a4e9d69dfafa7ad54badcb0475f72d64f0
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- acpi: enlarge NUM_FIXMAP_ACPI_PAGES to support larger scale boards
(Zhang Bo)
[4.4.4-132.el6]
- BUILDINFO: xen commit=3e2d7e037d96d790fdef7855e8a9b11b7a74c1e2
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: use dom0 vcpus for vnuma guests (Elena Ufimtseva) [Orabug: 26223159]
- xend: vnuma: fix vcpus number check (Elena Ufimtseva) [Orabug: 26224064]
- xend: fix exceptions format for vNUMA errors (Elena Ufimtseva)
[Orabug: 26033122]
[4.4.4-131.el6]
- BUILDINFO: xen commit=f32f152497dfa82a6107ef0d964584043dd3db93
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: Make dom0_numa_cpu_init opt_dom0_vcpus_pin_setup be __init
(Konrad Rzeszutek Wilk) - xend: raise exceptions if vNUMA guest cannot
be constructed (Elena Ufimtseva) - xen: check if vNUMA topology is
correct (Elena Ufimtseva) [Orabug: 26109642]
- xend: make vNUMA warnings a bit more relevant (Elena Ufimtseva) -
xend: relax vcpus number checks if smt is off (Elena Ufimtseva) - xend:
fix apicid layout on vnuma failure (Elena Ufimtseva) [Orabug: 26109642]
[4.4.4-130.el6]
- BUILDINFO: xen commit=650b285e661e78d321071b83b6f64ee277b50f85
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: add "vnuma" global config value. (Konrad Rzeszutek Wilk)
[Orabug: 26089036]
- xend/pci: Respect PCI devices taking their time to do FLR (Konrad
Rzeszutek Wilk) [Orabug: 26032540]
- dom0_vcpus_pin=[cpu-cpu],[cpu] support. (Konrad Rzeszutek Wilk)
[Orabug: 25559771]
- dom0_vcpus_pin: Include 'numa' support. (Konrad Rzeszutek Wilk)
[Orabug: 25559771]
[4.4.4-129.el6]
- BUILDINFO: xen commit=c33f380b06b3a3c2abb2cdde4a9e0d046c9beb27
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Merge branch 'ksplice-ovm-3.4' of git://ca-git/ovm-devel into
ovm-3.4.4 (Konrad Rzeszutek Wilk) [Orabug: 25752156]
[4.4.4-128.el6]
- BUILDINFO: xen commit=8ccc41054b882d014b487613a0ed699e9cc2cc00
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Increase VM suspend timeout in xend from 60 to 300 seconds to
accommodate Windows guests. Log a message every 10 seconds instead of
every second while waiting for a suspending VM. (Alexandre Khodakovski)
[Orabug: 25801187]
[4.4.4-127.el6]
- BUILDINFO: xen commit=822938f96e56d45dcc27fcba939bd94e95a28eb7
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Merge branch 'ovm-3.4.4-ksplice' of
git://ca-git.us.oracle.com/ovm-devel into ovm-3.4.4 (Konrad Rzeszutek
Wilk) [Orabug: 25752156]
- x86/do_invalid_op() should use is_active_kernel_text() rather than
having its (Konrad Rzeszutek Wilk) - xen: arch/x86/bug: don't encode
line number into displacements. (Jamie Iles) [Orabug: 25752156]
- KSPLICE: xen: add ssize_t type. (Gregory Herrero) [Orabug: 25752156]
- KSPLICE: xen: module: add module_refcount() function. (Gregory
Herrero) [Orabug: 25752156]
- KSPLICE: xen: module: helper to find module containing address in
.text only. (Gregory Herrero) [Orabug: 25752156]
- KSPLICE: support -ffunction-sections and -fdata-sections (Blaise
Boscaccy) [Orabug: 25752156]
- KSPLICE: Makefile: add rules to dump C/LD/AFLAGS. (Quentin Casasnovas)
[Orabug: 25752156]
- xen: stop_machine: fill fn_result only in case of error. (Gregory
Herrero) [Orabug: 25752156]
- xen/tests: module parameter tester. (Gregory Herrero) [Orabug: 25752156]
- xen: module: parse module parameters. (Gregory Herrero) [Orabug: 25752156]
- xen: module: add parameters code from Linux v4.9. (Gregory Herrero)
[Orabug: 25752156]
- xen: string: add few helpers from kernel side. (Gregory Herrero)
[Orabug: 25752156]
- xen: module: rm module usage on failure. (Gregory Herrero) [Orabug:
25752156]
- xen: module: register symbol_lookup callback. (Gregory Herrero)
[Orabug: 25752156]
- xen: module: implement is_module(). (Jamie Iles) [Orabug: 25752156]
- xen: add support for attributes. (Jamie Iles) [Orabug: 25752156]
- xen: module: rework try_module_get() so it can be used on vanished
modules. (Quentin Casasnovas) [Orabug: 25752156]
- xen: build: modules: add symbol lookup test. (Gregory Herrero)
[Orabug: 25752156]
- xen: module: check for duplicate global symbols. (Gregory Herrero)
[Orabug: 25752156]
- xen: module: add possiblity to lookup symbol in loaded modules.
(Gregory Herrero) [Orabug: 25752156]
- xen: module: track module dependencies. (Gregory Herrero) [Orabug:
25752156]
- xen: elfloader: look symbols in caller specified callback. (Gregory
Herrero) [Orabug: 25752156]
- xen: module: add a test for exception table entries in modules. (Jamie
Iles) [Orabug: 25752156]
- xen: module: add a test for bug frames in modules. (Jamie Iles)
[Orabug: 25752156]
- xen: module: register a virtual region, ex_table, bug frames +
alternatives. (Jamie Iles) [Orabug: 25752156]
- xen: tools: xen-lsmod: initial commit. (Quentin Casasnovas) [Orabug:
25752156]
- xen: tools: xen-rmmod: initial commit. (Quentin Casasnovas) [Orabug:
25752156]
- xen: tools: xen-insmod: initial commit. (Quentin Casasnovas) [Orabug:
25752156]
- xen: build: strip obj-y when checking if it is empty. (Quentin
Casasnovas) [Orabug: 25752156]
- xen: build: modules: add build infrastructure to build modules.
(Quentin Casasnovas) [Orabug: 25752156]
- xen: build: allow custom C/AFLAGS per compilation unit. (Quentin
Casasnovas) [Orabug: 25752156]
- xen: module: handle empty modules gracefully (Vegard Nossum) [Orabug:
25752156]
- xen: module: add generic module loading sysctl interface. (Quentin
Casasnovas) [Orabug: 25752156]
- xen: elfloader: relocate sections into segments. (Quentin Casasnovas)
[Orabug: 25752156]
- xen: elfloader: initialize vmalloc space so we can map modules.
(Quentin Casasnovas) [Orabug: 25752156]
- xen: elfloader: ignore the _GLOBAL_OFFSET_TABLE_ when resolving
symbols. (Quentin Casasnovas) [Orabug: 25752156]
- xen: arch/x86/symbols: record all symbols with CONFIG_ELFLOADER.
(Quentin Casasnovas) [Orabug: 25752156]
- xen: elfloader: don't refuse OSABI_LINUX. (Quentin Casasnovas)
[Orabug: 25752156]
- xen: elfloader: support absolute 32bits signed and unsigned
relocations. (Quentin Casasnovas) [Orabug: 25752156]
- xen: elfloader: decouple from live patching infrastructure. (Quentin
Casasnovas) [Orabug: 25752156]
- stdarg: add va_copy definition. (Blaise Boscaccy) [Orabug: 25752156]
- xen: stdbool.h: use typedef to define bool. (Gregory Herrero) [Orabug:
25752156]
- x86/stack: avoid peeking into unmapped guard pages when dumping Xens
stack (Andrew Cooper) [Orabug: 25752156]
- xen: guestcopy: Provide an helper to safely copy string from guest
(Julien Grall) [Orabug: 25752156]
[4.4.4-126.el6]
- BUILDINFO: xen commit=ffde49660a0b4695fb522fbfd0a2a78c7c916494
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/time: extend "tsc" param with "stable:socket" (Joao Martins)
[Orabug: 23585649]
- x86/time: implement PVCLOCK_TSC_STABLE_BIT (Joao Martins) [Orabug:
23585649]
- x86/time: implement tsc as clocksource (Joao Martins) [Orabug: 23585649]
- x86/time: refactor read_platform_stime() (Joao Martins) [Orabug: 23585649]
- x86/time: refactor init_platform_time() (Joao Martins) [Orabug: 23585649]
- public/xen.h: add flags field to vcpu_time_info (Joao Martins)
[Orabug: 23585649]
- x86/time: always count s_time from Xen boot (Tim Deegan) [Orabug:
23585649]
- xen/x86: introduce nr_sockets (Joao Martins) [Orabug: 23585649]
[4.4.4-125.el6]
- BUILDINFO: xen commit=5d6782af3a4e24942c5f1d1bfa0c136825cb8e61
- BUILDINFO: QEMU upstream commit=44c5f0a55d9a73e592426c33ce5705c969681955
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: Don't expose 'pxm' entries if vnuma is not set. (Konrad
Rzeszutek Wilk) - xm: Print device topology with "info -n". (Karl
Heubaum) [Orabug: 25368257]
- python/xc: dev_to_node support for topologyinfo(). (Karl Heubaum)
[Orabug: 25368257]
- xl: "info -n" should omit invalid NUMA nodes. (Karl Heubaum) - libxl:
Correctly check the return value from malloc(). (Karl Heubaum) - libxl:
Support 'pxm' on pci guest config override. (Konrad Rzeszutek Wilk)
[Orabug: 25368257]
- libxl: Expose pxm-X on 'pci' XenBus entries. (Konrad Rzeszutek Wilk)
[Orabug: 25368257]
- xend: Don't run the watch if there is nothing in the aerWatch (Konrad
Rzeszutek Wilk) - xend: Support 'pxm' on pci guest config override.
(Konrad Rzeszutek Wilk) [Orabug: 25368257]
- xend: Expose pxm-X on 'pci' XenBus entries. (Konrad Rzeszutek Wilk)
[Orabug: 25368257]
- xend, libxl, x86/topology: remove 2 * APIC_ID with smt (Joao Martins)
[Orabug: 25853596]
- xend, libxl: account for vnodes when smt=1 (Joao Martins) [Orabug:
25853596]
- x86/hvm, hvmloader: fix apicid layout for smt (Joao Martins) [Orabug:
25853596]
- xm: add support for vNUMA (Elena Ufimtseva) [Orabug: 25368257]
- xc: parse and prepare to set vNUMA (Elena Ufimtseva) [Orabug: 25368257]
- xc: add xc_domain_initvnuma to support xend vNUMA (Elena Ufimtseva)
[Orabug: 25368257]
- libxc: fill lowmem_end and and highmem for xc_hvm_build_args (Elena
Ufimtseva) [Orabug: 25741411]
- libxc: unify handling of vNUMA layout (Wei Liu) [Orabug: 25741411]
- handle XENMEM_get_vnumainfo in compat_memory_op (Wei Liu) [Orabug:
25741411]
- libxl: copy function for builtin types (Wei Liu) [Orabug: 25741411]
- xl: handle empty vnuma configuration (Wei Liu) [Orabug: 25741411]
- libxc: introduce xc_domain_getvnuma (Wei Liu) [Orabug: 25741411]
- libxc: fix vNUMA memory allocation (Wei Liu) [Orabug: 25741411]
- xl: error out if vNUMA specifies more vcpus than pcpus (Wei Liu)
[Orabug: 25741411]
- xl: fix vNUMA vdistance parsing (Wei Liu) [Orabug: 25741411]
- libxc: allow empty memory nodes in vNUMA (Boris Ostrovsky) [Orabug:
25741411]
- xl: fix vcpus to vnode assignement in config file (Dario Faggioli)
[Orabug: 25741411]
- libxlu: introduce new APIs (Wei Liu) [Orabug: 25741411]
- libxlu: record location when parsing values (Wei Liu) [Orabug: 25741411]
- libxlu: nested list support (Wei Liu) [Orabug: 25741411]
- libxlu: don't crash on empty lists (Jan Beulich) [Orabug: 25741411]
- libxlu: rework internal representation of setting (Wei Liu) [Orabug:
25741411]
- libxl: fix HVM vNUMA (Wei Liu) [Orabug: 25741411]
- libxc: rework vnuma bits in setup_guest (Wei Liu) [Orabug: 25741411]
- libxc/libxl: fill xc_hvm_build_args in libxl (Wei Liu) [Orabug: 25741411]
- make dumping vcpu info look better (Dario Faggioli) [Orabug: 25741411]
- make two memory hypercalls vNUMA-aware (Wei Liu) [Orabug: 25741411]
- factor out construct_memop_from_reservation (Wei Liu) [Orabug: 25741411]
- libxlu: avoid having two definitions of XLU_ConfigList (Wei Liu)
[Orabug: 25741411]
- xl: vNUMA support (Wei Liu) [Orabug: 25741411]
- libxlu: introduce new APIs (Wei Liu) [Orabug: 25741411]
- libxlu: rework internal representation of setting (Wei Liu) [Orabug:
25741411]
- xl: introduce xcalloc (Wei Liu) [Orabug: 25741411]
- libxl: define LIBXL_HAVE_VNUMA (Wei Liu) [Orabug: 25741411]
- libxl: disallow memory relocation when vNUMA is enabled (Wei Liu)
[Orabug: 25741411]
- libxl: build, check and pass vNUMA info to Xen for HVM guest (Wei Liu)
[Orabug: 25741411]
- libxc: allocate memory with vNUMA information for PV guest (Wei Liu)
[Orabug: 25741411]
- libxc: allocate memory with vNUMA information for HVM guest (Wei Liu)
[Orabug: 25741411]
- libxc: indentation change to xc_hvm_build_x86.c (Wei Liu) [Orabug:
25741411]
- libxl: build, check and pass vNUMA info to Xen for PV guest (Wei Liu)
[Orabug: 25741411]
- libxl: functions to build vmemranges for PV guest (Wei Liu) [Orabug:
25741411]
- libxl: x86: factor out e820_host_sanitize (Wei Liu) [Orabug: 25741411]
- libxl: introduce libxl__vnuma_config_check (Wei Liu) [Orabug: 25741411]
- libxl: add vmemrange to libxl__domain_build_state (Wei Liu) [Orabug:
25741411]
- libxl: introduce vNUMA types (Wei Liu) [Orabug: 25741411]
- libxc: add p2m_size to xc_dom_image (Wei Liu) [Orabug: 25741411]
- libxc: duplicate snippet to allocate p2m_host array (Wei Liu) [Orabug:
25741411]
- vNUMA: validate XEN_DOMCTL_setvnumainfo input (Jan Beulich) [Orabug:
25741411]
- hvmloader: construct SLIT (Wei Liu) [Orabug: 25741411]
- hvmloader: construct SRAT (Wei Liu) [Orabug: 25741411]
- hvmloader: retrieve vNUMA information from hypervisor (Wei Liu)
[Orabug: 25741411]
- x86: dump vNUMA information with debug key 'u' (Elena Ufimsteva)
[Orabug: 25741411]
- vNUMA: rename interface structures (Jan Beulich) [Orabug: 25741411]
- tools/xl: Call init function for libxl_bitmap (Uma Sharma) [Orabug:
25741411]
- move XENMEM_get_vnumainfo out of tools-only section of public/memory.h
(Jan Beulich) [Orabug: 25741411]
- xl: add 'trim' and 'split_string_into_pair' functions (David Scott)
[Orabug: 25741411]
- xl: add 'xstrdup' next to 'xrealloc' (David Scott) [Orabug: 25741411]
- libxc: Introduce xc_domain_setvnuma to set vNUMA (Elena Ufimtseva)
[Orabug: 25741411]
- xen: vnuma topology and subop hypercalls (Elena Ufimtseva) [Orabug:
25741411]
- libxl: Change default for b_info->{cpu, node}map to "not allocated"
(Dario Faggioli) [Orabug: 25741411]
- hvmloader: add helper functions to get/set HVM params (David Vrabel)
[Orabug: 25741411]
- derive NUMA node affinity from hard and soft CPU affinity (Dario
Faggioli) [Orabug: 25741411]
- sched: introduce soft-affinity and use it instead d->node-affinity
(Dario Faggioli) [Orabug: 25741411]
- sched: rename v->cpu_affinity into v->cpu_hard_affinity (Dario
Faggioli) [Orabug: 25741411]
- libxl_internal.h: move / add some libxl defbool #define here (Wei Liu)
[Orabug: 25741411]
- libxl: fix memory leak in libxl_cpuid_dispose (Wei Liu) [Orabug: 25741411]
- add the facility to limit ranges per rangeset (Paul Durrant) [Orabug:
25741411]
- libxl: bail from placement on non-NUMA boxes (Dario Faggioli) [Orabug:
25741411]
- tools/libxl: Introduce libxl__malloc() (Andrew Cooper) [Orabug: 25741411]
- tools/libxl: Correct libxl__zalloc() to take an unsigned number of
bytes (Andrew Cooper) [Orabug: 25741411]
- x86: correct create_bounce_frame (tagged with CVE number) (Boris
Ostrovsky) [Orabug: 25918367] {CVE-2017-8905}
- x86: discard type information when stealing pages (tagged with CVE
number) (Boris Ostrovsky) [Orabug: 25918337] {CVE-2017-8904}
- multicall: deal with early exit conditions (tagged with CVE number)
(Boris Ostrovsky) [Orabug: 25918274] {CVE-2017-8903}
[4.4.4-124.el6]
- BUILDINFO: xen commit=72204c60101d0381c0724eb53e756eb3d01f89c4
- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Merge branch 'ovm-3.4.4' of git://ca-git.us.oracle.com/xen into
ovm-3.4.4 (build) - tools/libxc: Set max_elem to zero in
xc_lockprof_query_number() (Boris Ostrovsky) [Orabug: 20492963]
[4.4.4-123.el6]
- BUILDINFO: xen commit=483b9ffd198554342e13e8c982132374fd20a3b2
- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86: correct create_bounce_frame (Boris Ostrovsky) [Orabug: 25918367]
- x86: discard type information when stealing pages (Boris Ostrovsky)
[Orabug: 25918337]
- multicall: deal with early exit conditions (Boris Ostrovsky) [Orabug:
25918274]
[4.4.4-122.el6]
- BUILDINFO: xen commit=c4eaaf85366633a90bf7c7f9cfa486dd9b2c4502
- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- Xend DevController: Read hotplug-status value busy if provided by
block back driver (Niranjan Patil) [Orabug: 25498155]
- Xend: add option for discard support in xm disk configuration
(Niranjan Patil)
[4.4.4-121.el6]
- BUILDINFO: xen commit=dd9d9cf5f2c1084876e085fb2361b2d44f7805e6
- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- kexec: Add spinlock for the whole hypercall. (Konrad Rzeszutek Wilk)
[Orabug: 25527136]
- kexec: clear kexec_image slot when unloading kexec image (Bhavesh
Davda) [Orabug: 25527136]
[4.4.4-120.el6]
- BUILDINFO: xen commit=269c39d2a24a9f59d55fbea6289407e14bc84b00
- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (Gerd
Hoffmann) [Orabug: 25533541] {CVE-2017-2620} {CVE-2017-2620}
- cirrus: fix oob access issue (CVE-2017-2615) (Li Qiang) [Orabug:
25533433] {CVE-2017-2615} {CVE-2017-2615}
- cirrus/vnc: zap drop bitblit support from console code. (Gerd
Hoffmann) [Orabug: 25718334] {CVE-2016-9603}
- display: cirrus: ignore source pitch value as needed in blit_is_unsafe
(Bruce Rogers) [Orabug: 25533541] {CVE-2017-2620}
- oxenstored: trim history in the frequent_ops function (Thomas Sanders)
[Orabug: 25798837]
- oxenstored transaction conflicts: improve logging (Thomas Sanders)
[Orabug: 25798837]
- oxenstored: don't wake to issue no conflict-credit (Thomas Sanders)
[Orabug: 25798837]
- oxenstored: do not commit read-only transactions (Thomas Sanders)
[Orabug: 25798837]
- oxenstored: allow self-conflicts (Thomas Sanders) [Orabug: 25798837]
- oxenstored: blame the connection that caused a transaction conflict
(Jonathan Davies) [Orabug: 25798837]
- oxenstored: track commit history (Jonathan Davies) [Orabug: 25798837]
- oxenstored: discard old commit-history on txn end (Thomas Sanders)
[Orabug: 25798837]
- oxenstored: only record operations with side-effects in history
(Jonathan Davies) [Orabug: 25798837]
- oxenstored: support commit history tracking (Jonathan Davies) [Orabug:
25798837]
- oxenstored: add transaction info relevant to history-tracking
(Jonathan Davies) [Orabug: 25798837]
- oxenstored: ignore domains with no conflict-credit (Thomas Sanders)
[Orabug: 25798837]
- oxenstored: handling of domain conflict-credit (Thomas Sanders)
[Orabug: 25798837]
- oxenstored: comments explaining some variables (Thomas Sanders)
[Orabug: 25798837]
- oxenstored: allow compilation prior to OCaml 3.12.0 (Jonathan Davies)
[Orabug: 25798837]
- oxenstored: log request and response during transaction replay
(Jonathan Davies) [Orabug: 25798837]
- oxenstored: replay transaction upon conflict (Jonathan Davies)
[Orabug: 25798837]
- oxenstored: move functions that process simple operations (Jonathan
Davies) [Orabug: 25798837]
- oxenstored: keep track of each transaction's operations (Jonathan
Davies) [Orabug: 25798837]
- oxenstored: refactor request processing (Jonathan Davies) [Orabug:
25798837]
- oxenstored: remove some unused parameters (Jonathan Davies) [Orabug:
25798837]
- oxenstored: refactor putting response on wire (Jonathan Davies)
[Orabug: 25798837]
- oxenstored: add a safe net mechanism for existing ill-behaved clients
(Zheng Li) [Orabug: 25798837]
- oxenstored: only process domain connections that notify us by events
(Zheng Li) [Orabug: 25798837]
- oxenstored: enable domain connection indexing based on eventchn port
(Zheng Li) [Orabug: 25798837]
- oxenstored: use hash table to store socket connections (Zheng Li)
[Orabug: 25798837]
- oxenstored: catch the error when a connection is already deleted
(Zheng Li) [Orabug: 25798837]
- oxenstored: perform a 3-way merge of the quota after a transaction
(Jerome Maloberti) [Orabug: 25798837]
- oxenstored: exempt dom0 from domU node quotas (Vincent Bernardoff)
[Orabug: 25798837]
- mm: Don't check for waiters when scrubbing (Boris Ostrovsky) [Orabug:
25860374]
[4.4.4-119.el6]
- BUILDINFO: xen commit=a2154a806f302e82a88d720bf29e70b94250b955
- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- memory: properly check guest memory ranges in XENMEM_exchange handling
(Boris Ostrovsky) [Orabug: 25799098] {CVE-2017-7228}
- xenstored: Log when the write transaction rate limit bites (Ian
Jackson) [Orabug: 25798837]
- xenstored: apply a write transaction rate limit (Ian Jackson) [Orabug:
25798837]
[4.4.4-118.el6]
- BUILDINFO: xen commit=4a87a4ad87b19713948976a2e12bc080fd6ff370
- BUILDINFO: QEMU upstream commit=fcd17fdf18b95a9e408acc84f6d2b37cf3fc0335
- BUILDINFO: QEMU traditional
commit=346fdd7edd73f8287d0d0a2bab9c67b71bc6b8ba
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: do not acquire vm running lock at start after soft_reset
(Zhigang Wang) [Orabug: 25729452]
[4.4.4-117.el6]
- BUILDINFO: xen commit=195df020b96c2b8b22f57c9f2a60044cc99aa11d
- BUILDINFO: QEMU upstream commit=2e4e0a805aeb448242b43399e0853b851bccde4e
- BUILDINFO: QEMU traditional
commit=d9ba4c53b14ebf9a0613b5638f90d95489622f0c
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xend: fix vif device ID allocation (Zhigang Wang) [Orabug: 25692157]
[4.4.4-116.el6]
- BUILDINFO: xen commit=c250840c771113c9cf15f03d453b3c6a6e58091a
- BUILDINFO: QEMU upstream commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO: QEMU traditional
commit=d9ba4c53b14ebf9a0613b5638f90d95489622f0c
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- xm: Fix the error message displayed by 'xm create ...' (Venu
Busireddy) [Orabug: 25667536]
- xm: expand pci hidden devices tools (Venu Busireddy) [Orabug: 25576024]
- xend: fix waitForSuspend (Zhigang Wang) [Orabug: 25638583]
- xen: Bump max number of processors to 2048 (Boris Ostrovsky) [Orabug:
24288531]
- acpi: switch to dynamic mapping at SYS_STATE_boot (Boris Ostrovsky)
[Orabug: 24288531]
[4.4.4-115.el6]
- BUILDINFO: xen commit=ba16f81e80d451cae3ebff05b45753a74f9eecff
- BUILDINFO: QEMU upstream commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO: QEMU traditional
commit=bc33fbc6f9a004dc11dcc18f1c5c755a60b65b73
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- IOMMU: always call teardown callback (Oleksandr Tyshchenko) [Orabug:
25481896]
[4.4.4-114.el6]
- BUILDINFO: xen commit=8c4c94925bdc97113fe59b633637bbb9c3316ea4
- BUILDINFO: QEMU upstream commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO: QEMU traditional
commit=bc33fbc6f9a004dc11dcc18f1c5c755a60b65b73
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- libxl: return any serial tty path in libxl_console_get_tty (Bob Liu)
[Orabug: 24943293]
- xl: Accept a list for serial in config file (White, Edmund H) [Orabug:
24943293]
- libxl: Allow multiple serial ports on HVM domain creation (White,
Edmund H) [Orabug: 24943293]
- x86/hvm: do not set msr_tsc_adjust on hvm_set_guest_tsc_fixed (Joao
Martins)
[4.4.4-113.el6]
- BUILDINFO: xen commit=57171bcec8e3e91deda9658a4465fce37dcc8c65
- BUILDINFO: QEMU upstream commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO: QEMU traditional
commit=bc33fbc6f9a004dc11dcc18f1c5c755a60b65b73
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86emul: CMPXCHG8B ignores operand size prefix (Jan Beulich) [Orabug:
25180218]
[4.4.4-112.el6]
- BUILDINFO: xen commit=a66faa9f75c2cb194f91cadba3de0501420c29bf
- BUILDINFO: QEMU upstream commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO: QEMU traditional
commit=bc33fbc6f9a004dc11dcc18f1c5c755a60b65b73
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- mm: Make scrubbing a low-priority task (Dongli Zhang) [Orabug: 20816669]
[4.4.4-111.el6]
- BUILDINFO: xen commit=f76fb71aee8f5b145060baef9005302e6be189b9
- BUILDINFO: QEMU upstream commit=f663d3dd4e968756d33e29cb2c2c956cabbdd4ca
- BUILDINFO: QEMU traditional
commit=bc33fbc6f9a004dc11dcc18f1c5c755a60b65b73
- BUILDINFO: IPXE commit=9a93db3f0947484e30e753bbd61a10b17336e20e
- BUILDINFO: SeaBIOS commit=7d9cbe613694924921ed1a6f8947d711c5832eee
- x86/emul: Correct the handling of eflags with SYSCALL (Andrew Cooper)
[Orabug: 25291677] {CVE-2016-10013}
- x86: force EFLAGS.IF on when exiting to PV guests (Jan Beulich)
[Orabug: 25235002] {CVE-2016-10024}
[4.4.4-110.el6]
- BUILDINFO: commit=fb8035420d57b6a66825024803198117d0143ab1
- Rombios: large disk support for LBA48 to L-CHS translation (Bhavesh Davda)
[4.4.4-109.el6]
- BUILDINFO: commit=2bf7de2bdebe4231d3c04ca0b4ceca4c00767f4e
- pygrub: Properly quote results, when returning them to the caller:
(Ian Jackson) [Orabug: 25064245]
- x86emul: fix huge bit offset handling (Jan Beulich) [Orabug: 25064081]
- x86/PV: writes of %fs and %gs base MSRs require canonical addresses
(Jan Beulich) [Orabug: 25063963]
- x86/HVM: don't load LDTR with VM86 mode attrs during task switch (Jan
Beulich) [Orabug: 25063885]
- x86/hvm: Fix the handling of non-present segments (Andrew Cooper)
[Orabug: 25063804]
[4.4.4-108.el6]
- BUILDINFO: commit=92415590fb4ac8d69585aa50b4830ccd82084da3
- libxl: Remove redundant setting of phyical-device (George Dunlap)
[Orabug: 24478760]
[4.4.4-107.el6]
- BUILDINFO: commit=631b03738b1e5e8c39593426fc9a07f350eb1735
- x86/hvm: extend HVM cpuid leaf with vcpu id (Paul Durrant) - x86/hvm:
add HVM-specific hypervisor CPUID leaf (Boris Ostrovsky) - xend:
soft_reset support. (Konrad Rzeszutek Wilk) - (lib)xl: soft reset
support (Vitaly Kuznetsov) - tools/libxl: Save and restore
EMULATOR_XENSTORE_DATA content (Andrew Cooper) [Orabug: 19807079]
- libxl: introduce libxl__device_model_xs_path (Wei Liu) - libxl: add
LIBXL_DEVICE_MODEL_SAVE_FILE (Vitaly Kuznetsov) - libxc: support
XEN_DOMCTL_soft_reset operation (Vitaly Kuznetsov) - arch-specific hooks
for domain_soft_reset() (Vitaly Kuznetsov) - flask: DOMCTL_soft_reset
support (Vitaly Kuznetsov) - introduce XEN_DOMCTL_soft_reset (Vitaly
Kuznetsov) - evtchn: make evtchn_reset() ready for soft reset (Vitaly
Kuznetsov) - evtchn: make EVTCHNOP_reset suitable for kexec (Vitaly
Kuznetsov) - xl: introduce enum domain_restart_type (Vitaly Kuznetsov) -
libxl: support SHUTDOWN_soft_reset shutdown reason (Vitaly Kuznetsov) -
introduce SHUTDOWN_soft_reset shutdown reason (Vitaly Kuznetsov)
[4.4.4-106.el6]
- BUILDINFO: commit=3fefc8c56b039e14da79f5626c2d395fdd2389cb
- support 'tera' suffixes for size parameters (Andrew Cooper) [Orabug:
24804879]
- x86emul: honor guest CR0.TS and CR0.EM (Jan Beulich) [Orabug:
24696565] {CVE-2016-7777}
- Revert "86emul: honor guest CR0.TS and CR0.EM" (Boris Ostrovsky) -
move TLB-flush filtering out into populate_physmap during vm creation
(Dongli Zhang) [Orabug: 24738858]
- replace tlbflush check and operation with inline functions (Dongli
Zhang) [Orabug: 24738858]
- 86emul: honor guest CR0.TS and CR0.EM (Jan Beulich) [Orabug: 24696565]
[4.4.4-105.el6]
- BUILDINFO: commit=617712bfc04e04aba1606f61e1ef6bac7b557464
- evtchn-fifo: prevent use after free (Boris Ostrovsky) [Orabug: 24581056]
[4.4.4-104.el6]
- BUILDINFO: commit=cce4d21467237fd4f1ba47cd4ac1aa51277c440e
- x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
(Andrew Cooper) [Orabug: 24561443]
- x86/shadow: Avoid overflowing sh_ctxt->seg_reg[] (Andrew Cooper)
[Orabug: 24561443]
- x86/32on64: don't allow recursive page tables from L3 (Jan Beulich)
[Orabug: 24561413]
[4.4.4-103.el6]
- BUILDINFO: commit=3bbc1e4f4cd8ad473365f4d4abca4f542020bad5
- x86/hvm: don't intercept #UD exceptions in general (Konrad Rzeszutek
Wilk) [Orabug: 24385487]
[4.4.4-102.el6]
- BUILDINFO: commit=3e694971b628b4178dbdc907f0090ba0dc99fc6d
- tools/hotplug/Linux/block: handle the missing $XENBUS_PATH/params case
(Zhigang Wang) [Orabug: 24482311]
[4.4.4-101.el6]
- BUILDINFO: commit=e63aa9e8d75ca5700bf3433264b1306f23f84ccb
- libxl, hotplug/Linux: default to phy backend for raw format file, take
2 (Wei Liu) [Orabug: 24476310]
[4.4.4-100.el6]
- BUILDINFO: commit=e6b6846226827439d26ebe65712e750744bfb1b8
- libxc/x86: set PAGE1GB back for intel policy (Joao Martins) [Orabug:
24446405]
[4.4.4-99.el6]
- BUILDINFO: commit=f137fcbd11547c112bc12ca5bad9824b271f697e
- xen/PCI: Allow MMCONFIG above 4GB for SGI UX 300RL (Boris Ostrovsky)
[Orabug: 24288531]
[4.4.4-98.el6]
- BUILDINFO: commit=6e8721d563734d913e90054dcefa900ea370ee3d
- xend/netif: Add handle to xenstore to avoid inconsistent vif state
(Joe Jin) [Orabug: 22954873]
- xend/bootloader: Fix unclosed quotation string lead duplicate xend
process (Joe Jin) [Orabug: 24371183]
[4.4.4-97.el6]
- BUILDINFO: commit=458d1c9daca0626a845fa3f5f3b284f9a111cb19
- livepatch: template and irq_stats. (Konrad Rzeszutek Wilk)
[4.4.4-96.el6]
- BUILDINFO: commit=9bb0ea920c40ee32ec47980578cab87b72f1b460
- xend/xm: hide pci device and xm pci-unhide command (Elena Ufimtseva)
[Orabug: 23749204]
- xen: add support for hiding and unhiding pcie passthrough devices
(Elena Ufimtseva) [Orabug: 23749204]
[4.4.4-95.el6]
- BUILDINFO: commit=b3df47a903ca08308ad42034d82545e102d50319
- Config.mk: Rev up to 'stable-4.4' in qemu-xen (Konrad Rzeszutek Wilk)
{CVE-2016-3712} {CVE-2014-3672}
- Fix in network configuration scripts to allow addition/removal of
disconnected links to/from a bridge. (Sergei Garbuzov) [Orabug: 23072548]
[4.4.4-94.el6]
- BUILDINFO: commit=48707e53f2a790e8154e854061079ee0677983b0
- Remove unsafe bits from the mod_l?_entry() fastpath (Andrew Cooper)
{CVE-2016-6258}
[4.4.4-93.el6]
- BUILDINFO: commit=9e86d3fb58d555ebd0f1a0025c8dba07450759f1
- build: disable downloading ipxe tarball from xen.org (Zhigang Wang)
[4.4.4-92.el6]
- BUILDINFO: commit=252a0338d28c144778b51432adfef1546e1703ba
- mm: Don't try to scrub memory if another CPU from the same node is
already scrubbing (Boris Ostrovsky)
[4.4.4-91.el6]
- BUILDINFO: commit=ba994e0aaa5c7de49dd7af52b2d1ec675e968ce5
- symbols: Generate an xen-sym.map file similar to Linux's (Konrad
Rzeszutek Wilk)
[4.4.4-90.el6]
- BUILDINFO: commit=2094fc64091690c97d17065021041c34d6bd1497
- xm: introduce smt option (Joao Martins) [Orabug: 21784986]
- xend: add "smt" global option for default (Joao Martins) [Orabug:
21784986]
- libxl, xl: add "smt" global option for default (Joao Martins) [Orabug:
21784986]
- xl: introduce smt option (Joao Martins) [Orabug: 21784986]
- libxl: introduce smt field (Joao Martins) [Orabug: 21784986]
- libxl: cpuid: add guest topology support (Joao Martins) [Orabug: 21784986]
- libxl: cpuid: add intel extended topology (Joao Martins) [Orabug:
21784986]
- libxl: cpuid: add intel cache core count support (Joao Martins)
[Orabug: 21784986]
- libxl: remove whitespace on libxl_types.idl (Joao Martins) - libxc:
avoid clear leaf 0xB on xc_cpuid_set (Joao Martins) [Orabug: 21784986]
- tools/libxc: Improve efficiency of xc_cpuid_apply_policy() (Andrew
Cooper) [Orabug: 21784986]
- xc_cpuid_x86.c: Simplify masking conditions and remove redundant work
(Zhuo Song) [Orabug: 21784986]
[4.4.4-89.el6]
- BUILDINFO: commit=605b78ce48349cbf99f7758bd14689d7ab6ac8ef
- x86/boot: create *.lnk files with linker script (Daniel Kiper)
[4.4.4-88.el6]
- BUILDINFO: commit=b5bb10cfec3354f29008c30fe680e1f0aeaa0244
- xen.spec: Build with support for 512 CPUs. (Konrad Rzeszutek Wilk)
[Orabug: 23550196]
[4.4.4-87.el6]
- BUILDINFO: commit=a99f96b3c7e5eb823712a17b800cd3c2d621b589
- xend: Provide loglevel_max_bytes config parameter (Konrad Rzeszutek
Wilk) - hvmloader, pci: Don't try to relocate memory if 64-bit BAR is
bigger than 4GB (Konrad Rzeszutek Wilk) [Orabug: 23702847]
- hvmloader: don't use AML operations on 64-bit fields (Jan Beulich)
[Orabug: 23702847]
- hvmloader: fix build with certain iasl versions (Jan Beulich) [Orabug:
23702847]
- hvmloader: PA range 0xfc000000-0xffffffff should be UC (Jan Beulich)
[Orabug: 23702847]
- hvmloader: also cover PCI MMIO ranges above 4G with UC MTRR ranges
(Jan Beulich) [Orabug: 23702847]
- Config.mk: Fix qemu-traditional working with 64-bit PCI-devices.
(Konrad Rzeszutek Wilk)
[4.4.4-86.el6]
- BUILDINFO: commit=0fd5ef3908e55a9cff8a689b42f999230af54315
- Merge remote-tracking branch 'origin/stable-4.4' into ovm-3.4.2
(Konrad Rzeszutek Wilk)
[4.4.4-85.el6]
- BUILDINFO: commit=76114b1c3f5abc6a3b35c0dd5ed68feae172855e
- domctl: max_mfn_bars parameter to disable or tweak preemption. (Konrad
Rzeszutek Wilk) - domctl: lower loglevel of XEN_DOMCTL_memory_mapping
(Tiejun Chen)
[4.4.4-84.el6]
- BUILDINFO: commit=f5b9021352e8e94a9f0026676496688f40ed8faa
- x86/VPMU: support only versions 2 through 4 of architectural
performance monitoring (Boris Ostrovsky) - Makefile: Copy
compile.h.replace instead of generating one (Konrad Rzeszutek Wilk)
[4.4.4-83.el6]
- BUILDINFO: commit=858ff6d5c7a175fd54f8140ae2a0ec7eb06d6bda
- xen.spec: Include compile.h in xen-debuginfo (Konrad Rzeszutek Wilk) -
xend: Support 64-bit BARs. (Bhavesh Davda) [Orabug: 23620232]
[4.4.4-82.el6]
- BUILDINFO: commit=c23418e66faf2c89f9ac4a360622a589c0f7b1cc
- x86/xsave: enable support for new ISA extensions (Jan Beulich)
[Orabug: 23550196]
[4.4.4-81.el6]
- BUILDINFO: branch=ovm-3.4.2, cmt=54cb863522140da4271316ebd40a4a8b0a0316a0
- docs/livepatch: Update URL to livepatch-build-tools.git (Konrad
Rzeszutek Wilk) - libxenvchan: Change license of header from Lesser GPL
v2.1 to BSD (Konrad Rzeszutek Wilk) - xen: Rename of xSplice to
livepatch. (Konrad Rzeszutek Wilk) - pygrub: handle rbd file paths (Joao
Martins) [Orabug: 23271810]
[4.4.4-80.el6]
- p2m: convert p2m rwlock to percpu rwlock (Malcolm Crossley) -
grant_table: convert grant table rwlock to percpu rwlock (Malcolm
Crossley) - rwlock: add per-cpu reader-writer lock infrastructure
(Malcolm Crossley) - grant_table: implement
grant_table_warn_active_grants() (Vitaly Kuznetsov) - gnttab: clean up
gnttab_set_version() (Jan Beulich) - gnttab: don't silently truncate
frame numbers in gnttab_set_version() (Jan Beulich) - gnttab: fix out of
range shift count (Jan Beulich) - gnttab: don't flush the TLB on grant
ops for auto-translated guests (Roger Pau Monné) - complete conversion
set_bit() -> __cpumask_set_cpu() by 4aaca0e9cd (Jan Beulich) - introduce
and use relaxed cpumask bitops (Jan Beulich) - x86/HVM: batch vCPU
wakeups (Jan Beulich) - x86: suppress event check IPI to MWAITing CPUs
(Jan Beulich) - gnttab: steal maptrack entries from other VCPUs (David
Vrabel) - gnttab: use per-VCPU maptrack free lists (Malcolm Crossley) -
gnttab: make struct grant_mapping private (Jan Beulich) - gnttab:
fix/adjust gnttab_transfer() (Jan Beulich) - gnttab: simplify page
copying/clearing (Jan Beulich) - gnttab: simplify shared entry v1 vs v2
handling (Jan Beulich) - gnttab: limit mapcount() looping (Jan Beulich)
- gnttab: eliminate several explicit version checks (Jan Beulich) -
gnttab: make the grant table lock a read-write lock (David Vrabel) -
gnttab: introduce maptrack lock (David Vrabel) - gnttab: per-active
entry locking (David Vrabel) - adjust assertion in alloc_heap_pages()
(Jan Beulich) - allow domain heap allocations to specify more than one
NUMA node (Jan Beulich) - gnttab: fix a printk() format specifier (Jan
Beulich) - grant-table: defer releasing pages acquired in a grant copy
(David Vrabel) - grant-table: refactor grant copy to reduce duplicate
code (David Vrabel) - grant-table: use uint16_t consistently for grant
copy offset and length (David Vrabel) - xen/grant-table: backport
gnttab_need_iommu_mapping() (Joao Martins) - xen/common: grant-table:
only call IOMMU if paging mode translate is disabled (Julien Grall) -
introduce gnttab_max_frames and gnttab_max_maptrack_frames command line
options (Stefano Stabellini)
[4.4.4-79.el6]
- xen.spec: Also build the hypervisor as debug=y (Konrad Rzeszutek Wilk)
- x86/hvm: add per-vcpu evtchn upcalls (Paul Durrant) [Orabug: 22916310]
[4.4.4-78.el6]
- x86/mtrr: include asm/atomic.h (David Vrabel) - x86: reintroduce
read_unlock() optimization (David Vrabel) - x86,arm: remove
asm/spinlock.h from all architectures (David Vrabel) - use ticket locks
for spin locks (David Vrabel) - x86: provide arch_fetch_and_add() (David
Vrabel) - x86: provide add_sized() (David Vrabel)
[4.4.4-77.el6]
- xen.spec: Unset CFLAGS for hypervisor built. (Konrad Rzeszutek Wilk)
[4.4.4-76.el6]
- tools/hotplug/Linux/block: sort losetup -a result with sort -g
(Zhigang Wang) [Orabug: 22875089]
- tools/xenstat: handle network interface name in uppercase. (Zhigang
Wang) - tools/hotplug: fix ocn bridge parsing (Zhigang Wang) [Orabug:
22904955]
[4.4.4-75.el6]
- x86/VMX: sanitize rIP before re-entering guest (Jan Beulich) [Orabug:
22697334]
[4.4.4-74.el6]
- xl/xend: error out if pcnet emulated driver model is used. (Chuck
Anderson)
[4.4.4-73.el6]
- disable vif-switch (Zhigang Wang)
[4.4.4-72.el6]
- Merge remote-tracking branch 'remotes/xen/staging-4.4' (Zhigang Wang)
- update Xen version to 4.4.4 (Jan Beulich) - x86/vmx: Fix injection of
#DB traps following XSA-156 (Andrew Cooper) - x86/VMX: prevent INVVPID
failure due to non-canonical guest address (Jan Beulich) {CVE-2016-1571}
- x86/mm: PV superpage handling lacks sanity checks (Jan Beulich)
{CVE-2016-1570}
[4.4.4-71.el6]
- kexec/relocate: Check the kdump location first. (Konrad Rzeszutek Wilk)
[4.4.4-70.el6]
- Rebuilt
[4.4.4-69.el6]
- libvchan: Read prod/cons only once. (Konrad Rzeszutek Wilk)
{CVE-2015-8550}
- blktap2: Use RING_COPY_REQUEST (Konrad Rzeszutek Wilk) {CVE-2015-8550}
- xen: Add RING_COPY_REQUEST() (David Vrabel) {CVE-2015-8550}
[4.4.4-68.el6]
- kexec/relocate: Change kexec location if relocation is in the way. (Konrad
Rzeszutek Wilk)
[4.4.4-67.el6]
- xen/kexec: Find out whether an kexec type is loaded. (Konrad Rzeszutek
Wilk)
[4.4.4-66.el6]
- Add support for cloudnet connections (Adnan Misherfi)
[4.4.4-65.el6]
- xend/image: Don't throw VMException when using backend domains for disks.
(Zhigang Wang)
[4.4.4-64.el6]
- libxl: adjust PoD target by memory fudge, too (Ian Jackson) - x86:
rate-limit logging in do_xen{oprof,pmu}_op() (Jan Beulich) {CVE-2015-7971}
- xenoprof: free domain's vcpu array (Jan Beulich) {CVE-2015-7969}
- x86/PoD: Eager sweep for zeroed pages (Andrew Cooper) {CVE-2015-7970}
- free domain's vcpu array (Jan Beulich) {CVE-2015-7969}
- xen: common: Use unbounded array for symbols_offset. (Ian Campbell) -
x86: guard against undue super page PTE creation (Jan Beulich)
{CVE-2015-7835}
- arm: handle races between relinquish_memory and free_domheap_pages
(Ian Campbell) {CVE-2015-7814}
- arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP. (Ian
Campbell) {CVE-2015-7813}
- arm: Support hypercall_create_continuation for multicall (Julien
Grall) {CVE-2015-7812}
- docs: xl.cfg: permissive option is not PV only. (Ian Campbell) -
tools: libxl: allow permissive qemu-upstream pci passthrough. (Ian
Campbell) - tools/console: xenconsole tolerate tty errors (Ian Jackson)
[4.4.4-63.el6]
- x86/kexec: fix kexec on systems which boot in x2apic mode (Andrew Cooper)
[Orabug: 21550616]
[4.4.4-62.el6]
- x86/NUMA: make init_node_heap() respect Xen heap limit (Jan Beulich) -
make fls() and ffs() consistent across architectures (Jan Beulich)
[4.4.3-61.el6]
- xen.spec: chkconfig services should associated with xen-tools RPM (Zhigang
Wang) [Orabug: 21884079]
[4.4.3-60.el6]
- hotplug/Linux: ignore unknown key errors while disabling netfilter on
bridges
(Adnan Misherfi)
[4.4.3-59.el6]
- mm/scrub: clear is_scrubbing flag outside ASSERT() (Boris Ostrovsky)
[Orabug:
21819046]
[4.4.3-58.el6]
- python/xc: add missing Py_DECREF() to fix a memory leak (Zhigang Wang)
[4.4.3-57.el6]
- x86/HVM: use fixed TSC value when saving or restoring domain (Boris
Ostrovsky) - x86/svm: enable TSC scaling (Boris Ostrovsky)
[4.4.3-56.el6]
- x86/irq: limit the maximum number of domain PIRQs (Andrew Cooper)
[Orabug: 21578153]
- have architectures specify the number of PIRQs a hardware domain gets
(Jan Beulich) [Orabug: 21578153]
- libxl: explicitly allocate BUFIOREQ event channel (Joao Martins)
[Orabug: 21694010]
- xend: fix xm list introducing memory_actual R/O field (Joao Martins)
[Orabug: 14553104]
- Revert "xend: Fix xm list bug reporting incorrect memory size" (Joao
Martins) [Orabug: 21304222]
- Revert "Xend: Fix 3M memory get increased when rebooting hvm guest"
(Joao Martins) - efi: rename efi_platform to efi_enabled to sync with
upstream (Zhigang Wang) - libxl: poll: Avoid fd deregistration race
POLLNVAL crash (Ian Jackson) - libxl: poll: Use poller_get and
poller_put for poller_app (Ian Jackson) - libxl: poll: Make
libxl__poller_get have only one success return path (Ian Jackson) -
tools: libxl: Handle failure to create qemu dm logfile (Ian Campbell) -
libxl: In libxl_set_vcpuonline check for maximum number of VCPUs against
the cpumap. (Konrad Rzeszutek Wilk) - docs: workaround markdown parser
error in xen-command-line.markdown (Ian Campbell) - xl: Sane handling of
extra config file arguments (Ian Jackson) - QEMU_TAG update (Ian
Jackson) - dmar: device scope mem leak fix (Elena Ufimtseva) - make
rangeset_report_ranges() report all ranges (Jan Beulich) - xen:
earlycpio: Pull in latest linux earlycpio.[ch] (Ian Campbell) -
x86/hvmloader: avoid data corruption with xenstore reads/writes (Andrew
Cooper) - credit1: properly deal with pCPUs not in any cpupool (Dario
Faggioli) - x86 / cpupool: clear the proper cpu_valid bit on pCPU
teardown (Dario Faggioli) - x86/p2m-ept: don't unmap the EPT pagetable
while it is still in use (Andrew Cooper) - nested EPT: fix the handling
of nested EPT (Liang Li) - x86/traps: avoid using current too early on
boot (Andrew Cooper) - x86: avoid tripping watchdog when constructing
dom0 (Ross Lagerwall) - x86/EFI: adjust EFI_MEMORY_WP handling for spec
version 2.5 (Jan Beulich) - kexec: add more pages to v1 environment (Jan
Beulich) - passthrough/amd: avoid reading an uninitialized variable (Tim
Deegan) - x86/traps: identify the vcpu in context when dumping registers
(Andrew Cooper) - update Xen version to 4.4.3-rc1 (Jan Beulich) -
tools/libxc: Fix build of 32bit toolstacks on CentOS 5.x following
XSA-125 (Andrew Cooper) - Revert "tools/libxc: Fix build of 32bit
toolstacks on CentOS 5.x following XSA-125" (Ian Jackson) - libxl: event
handling: ao_inprogress does waits while reports outstanding (Ian
Jackson) - libxl: event handling: Break out ao_work_outstanding (Ian
Jackson) - tools/libxc: Fix build of 32bit toolstacks on CentOS 5.x
following XSA-125 (Andrew Cooper) - tools/xenconsoled: Increase file
descriptor limit (Andrew Cooper) - ocaml/xenctrl: Fix
stub_xc_readconsolering() (Andrew Cooper) - ocaml/xenctrl: Make
failwith_xc() thread safe (Andrew Cooper) - ocaml/xenctrl: Check return
values from hypercalls (Andrew Cooper) - libxl: In domain death search,
start search at first domid we want (Ian Jackson) - QEMU_TAG update (Ian
Jackson) - xen/arm: Call context_saved() with interrupts enabled during
context switch (denys drozdov) - cpupool: fix shutdown with cpupools
with different schedulers (Dario Faggioli) - libelf: fix
elf_parse_bsdsyms call (Roger Pau Monné) - VT-d: extend quirks to newer
desktop chipsets (Jan Beulich) - EFI: support default attributes to map
Runtime service areas with none given (Konrad Rzeszutek Wilk) -
EFI/early: add /mapbs to map EfiBootServices{Code,Data} (Konrad
Rzeszutek Wilk) - x86/EFI: fix EFI_MEMORY_WP handling (Jan Beulich) -
efi: avoid calling boot services after ExitBootServices() (Ross
Lagerwall) - x86/VPMU: add lost Intel processor (Alan Robinson) -
x86/crash: don't use set_fixmap() in the crash path (Andrew Cooper) -
x86/apic: Disable the LAPIC later in smp_send_stop() (Andrew Cooper) -
efi: fix allocation problems if ExitBootServices() fails (Ross
Lagerwall) - x86: don't crash when mapping a page using EFI runtime page
tables (Ross Lagerwall) - x86/pvh: disable posted interrupts (Roger Pau
Monné) - x86: don't unconditionally touch the hvm_domain union during
domain construction (Andrew Cooper) - x86/EFI: keep EFI runtime services
top level page tables up-to-date (Jan Beulich) - cpupools: avoid
crashing if shutting down with free CPUs (Dario Faggioli) - cpupool:
assigning a CPU to a pool can fail (Dario Faggioli) - x86/traps: loop in
the correct direction in compat_iret() (Andrew Cooper) {CVE-2015-4164}
- gnttab: add missing version check to GNTTABOP_swap_grant_ref handling
(Jan Beulich) {CVE-2015-4163}
- QEMU_TAG update (Ian Jackson) - QEMU_TAG update (Ian Jackson) - x86:
don't clear high 32 bits of RAX on sub-word guest I/O port reads (Jan
Beulich) - x86_emulate: fix EFLAGS setting of CMPXCHG emulation (Eugene
Korenevsky) - x86/efi: reserve SMBIOS table region when EFI booting
(Ross Lagerwall) - x86: don't change affinity with interrupt unmasked
(Jan Beulich)
[4.4.3-55.el6]
- efi: fix allocation problems if ExitBootServices() fails (Daniel Kiper)
[Orabug: 21438871]
[4.4.3-54.el6]
- xen.spec: add efi files to xen RPM (Daniel Kiper) [Orabug: 21091614]
- tools: link executables with libtinfo explicitly (Daniel Kiper)
[Orabug: 21091614]
[4.4.3-53.el6]
- Fixed data corruption after storage migration (Cathy Avery)
[4.4.3-52.el6]
- xen.spec: bump version to 4.4.3 (Zhigang Wang) - x86_emulate: split
the {reg,mem} union in struct operand (Tim Deegan) - VT-d: improve fault
info logging (Jan Beulich) - x86/MSI: fix error handling (Jan Beulich) -
LZ4 : fix the data abort issue (JeHyeon Yeon) - hvmloader: don't treat
ROM BAR like other BARs (Jan Beulich) - QEMU_UPSTREAM_REVISION = master
again (Stefano Stabellini) - domctl/sysctl: don't leak hypervisor stack
to toolstacks (Andrew Cooper) {CVE-2015-3340}
- domctl: don't allow a toolstack domain to call domain_pause() on
itself (Andrew Cooper) {CVE-2015-2751}
- Limit XEN_DOMCTL_memory_mapping hypercall to only process up to 64
GFNs (or less) (Konrad Rzeszutek Wilk) {CVE-2015-2752}
- QEMU_TAG update (Ian Jackson) - x86: don't apply reboot quirks if
reboot set by user (Ross Lagerwall) - Revert "cpupools: update domU's
node-affinity on the cpupool_unassign_cpu() path" (Jan Beulich) -
x86/EFI: allow reboot= overrides when running under EFI (Konrad
Rzeszutek Wilk) - EFI: fix getting EFI variable list on some systems
(Ross Lagerwall) - VT-d: print_vtd_entries() should cope with superpages
(Jan Beulich) - honor MEMF_no_refcount in alloc_heap_pages() (Jan
Beulich) - update Xen version to 4.4.3-pre (Jan Beulich)
[4.4.2-51.el6]
- x86: make Xen early boot code relocatable (Daniel Kiper) [Orabug:
17586566]
[4.4.2-50.el6]
- x86: add multiboot2 protocol support for EFI platforms (Daniel Kiper)
[Orabug: 17586566]
- efi: create efi_exit_boot() (Daniel Kiper) [Orabug: 17586566]
- efi: create efi_set_gop_mode() (Daniel Kiper) [Orabug: 17586566]
- efi: create efi_variables() (Daniel Kiper) [Orabug: 17586566]
- efi: create efi_tables() (Daniel Kiper) [Orabug: 17586566]
- efi: create efi_edd() (Daniel Kiper) [Orabug: 17586566]
- efi: create efi_find_gop_mode() (Daniel Kiper) [Orabug: 17586566]
- efi: create efi_get_gop() (Daniel Kiper) [Orabug: 17586566]
- efi: create efi_console_info_init() (Daniel Kiper) [Orabug: 17586566]
- efi: create efi_console_set_mode() (Daniel Kiper) [Orabug: 17586566]
- efi: create efi_init() (Daniel Kiper) [Orabug: 17586566]
- x86/efi: create new early memory allocator (Daniel Kiper) [Orabug:
17586566]
- efi: build xen.gz with EFI code (Daniel Kiper) [Orabug: 17586566]
- efi: split efi_enabled to efi_platform and efi_loader (Daniel Kiper)
[Orabug: 17586566]
- xen/x86: add multiboot2 protocol support (Daniel Kiper) [Orabug: 17586566]
- x86/boot: use %ecx instead of %eax (Daniel Kiper) [Orabug: 17586566]
- x86/boot/reloc: create generic alloc and copy functions (Daniel Kiper)
[Orabug: 17586566]
- x86/boot/reloc: drop MBI_BOOTDEV from mbi flags (Daniel Kiper)
[Orabug: 17586566]
- x86/boot: add memory to clobber list in reloc_mbi_struct() (Daniel
Kiper) [Orabug: 17586566]
- x86/boot: use constant in head.S instead of hardcoded value (Daniel
Kiper) [Orabug: 17586566]
- x86/boot: fix reloc.S build dependencies (Daniel Kiper) [Orabug: 17586566]
- x86: define cmdline_cook() loader_name argument as a const (Daniel
Kiper) [Orabug: 17586566]
- clean target should remove xen.efi binary (Daniel Kiper) [Orabug:
17586566]
- x86/boot/reloc: remove redundant blank characters and reformat
comments a bit (Daniel Kiper) [Orabug: 17586566]
- x86: use constant as multiboot protocol identifier (Daniel Kiper)
[Orabug: 17586566]
- x86: define e820 entries counter as unsigned int (Daniel Kiper)
[Orabug: 17586566]
- x86/EFI: Add newline to the end of graphics mode error message (Daniel
Kiper) [Orabug: 17586566]
- console: increase initial conring size (Daniel Kiper) [Orabug: 17586566]
[4.4.2-49.el6]
- Added support for OVS storage migration (Cathy Avery)
[4.4.2-48.el6]
- xend: disable vbd discard feature for file type backend (Zhigang Wang)
[Orabug: 20888341]
[4.4.2-47.el6]
- Limit XEN_DOMCTL_memory_mapping hypercall to only process up to 64
GFNs (or less) (Konrad Rzeszutek Wilk) [Orabug: 19976760] {CVE-2015-2752}
- xen.spec: align rpm version with xen version (Zhigang Wang) [Orabug:
20781181]
[4.4.2-46.el6]
- Limit XEN_DOMCTL_memory_mapping hypercall to only process up to 64
GFNs (or less) (Konrad Rzeszutek Wilk) [Orabug: 19976760] {CVE-2015-2752}
- xen.spec: align rpm version with xen version (Zhigang Wang) [Orabug:
20781181]
[4.4.2-45.el6]
- Limit XEN_DOMCTL_memory_mapping hypercall to only process up to 64
GFNs (or less) (Konrad Rzeszutek Wilk) [Orabug: 19976760] {CVE-2015-2752}
- xen.spec: align rpm version with xen version (Zhigang Wang) [Orabug:
20781181]
[4.4.2-44.el6]
- Limit XEN_DOMCTL_memory_mapping hypercall to only process up to 64
GFNs (or less) (Konrad Rzeszutek Wilk) [Orabug: 19976760] {CVE-2015-2752}
- xen.spec: align rpm version with xen version (Zhigang Wang) [Orabug:
20781181]
[4.4.2-43.el6]
- xen.spec: align rpm version with xen version (Zhigang Wang) [Orabug:
20781181]
[4.4.2-42.el6]
- xen.spec: align rpm version with xen version (Zhigang Wang) [Orabug:
20781181]
[4.4.0-41.el6]
- update Xen version to 4.4.2 (Jan Beulich) - xen: arm: correct arm64
version of gva_to_ma_par (Ian Campbell) - tools: libxl: Explicitly
disable graphics backends on qemu cmdline (Ian Campbell) {CVE-2015-2152}
- x86/tboot: invalidate FIX_TBOOT_MAP_ADDRESS mapping after use (Jan
Beulich) - x86emul: fully ignore segment override for register-only
operations (Jan Beulich) {CVE-2015-2151}
- pre-fill structures for certain HYPERVISOR_xen_version sub-ops (Aaron
Adams) {CVE-2015-2045}
- x86/HVM: return all ones on wrong-sized reads of system device I/O
ports (Jan Beulich) {CVE-2015-2044}
- update Xen version to 4.4.2-rc2 (Jan Beulich) - pygrub: Fix regression
from c/s d1b93ea, attempt 2 (Boris Ostrovsky) - pygrub: fix
non-interactive parsing of grub1 config files (Simon Rowe) -
tools/pygrub: Make pygrub understand default entry in string format
(Boris Ostrovsky) - tools/pygrub: Fix extlinux when /boot is a separate
partition from / (Andrew Cooper) - x86/nmi: fix shootdown of pcpus
running in VMX non-root mode (Andrew Cooper) - x86/traps: export the
exception_table[] function pointer table to C (Andrew Cooper) -
x86/VPMU: disable when NMI watchdog is on (Boris Ostrovsky) - QEMU_TAG
update (Ian Jackson) - bunzip2: off by one in get_next_block() (Dan
Carpenter) - docs/commandline: correct information for 'x2apic_phys'
parameter (Andrew Cooper) - x86: vcpu_destroy_pagetables() must not
return -EINTR (Konrad Rzeszutek Wilk) - x86: correctly check for
sub-leaf zero of leaf 7 in pv_cpuid() (Jan Beulich) - x86: don't expose
XSAVES capability to PV guests (Jan Beulich) - xsm/evtchn: never pretend
to have successfully created a Xen event channel (Andrew Cooper) -
common/memory: fix an XSM error path (Jan Beulich) - x86emul: tighten
CLFLUSH emulation (Jan Beulich) - x86/VPMU: Clear last_vcpu when
destroying VPMU (Boris Ostrovsky) - VT-d: don't crash when PTE bits 52
and up are non-zero (Jan Beulich) - domctl: fix IRQ permission
granting/revocation (Jan Beulich) - xen/arm: vgic: message in the
emulation code should be rate-limited (Julien Grall) - update Xen
version to 4.4.2-rc1 (Jan Beulich) - dt-uart: use ':' as separator
between path and options (Ian Campbell) - libxl: Don't ignore error when
we fail to give access to ioport/irq/iomem (Julien Grall)
[4.4.0-40.el6]
- xend: fix python fork and log consume %100 cpu issue (Zhigang Wang)
[Orabug:
20751982]
[4.4.0-39.el6]
- libxc: Expose the 1GB pages cpuid flag to guest (Liang Li) [Orabug:
17299364]
[4.4.0-38.el6]
- Xen: Fix pvhvm migration issue from ovm3.2.8 to ovm3.4 (Annie Li) [Orabug:
19218595]
[4.4.0-37.el6]
- rc/xendomains: 'stop' - also take care of stuck guests. (Konrad
Rzeszutek Wilk) [Orabug: 20577442]
- xend: Fix race between shutdown and cleanup. (Konrad Rzeszutek Wilk)
[Orabug: 20577442]
[4.4.0-36.el6]
- Use AUTO_PHP_SLOT as virtual devfn for rebooted pvhvm guest (Zhenzhong
Duan)
[4.4.0-35.el6]
- Xend: Remove code change related with restore about 3M memory issue
(Annie Li)
[Orabug: 20439696]
[4.4.0-34.el6]
- Xend: Fix 3M memory get increased when rebooting hvm guest (Annie Li)
[4.4.0-33.el6]
- tools: libxl: do not leak diskpath during local disk attach (Ian
Campbell) - tools: libxl: do not overrun input buffer in
libxl__parse_mac (Ian Campbell) - libxc: check return values on mmap()
and madvise() on xc_alloc_hypercall_buffer() (Luis R. Rodriguez) -
x86/HVM: prevent use-after-free when destroying a domain (Mihai Donțu)
{CVE-2015-0361}
- xen/arm: dump guest stack even if not the current VCPU (Frediano
Ziglio) - xen/arm: Handle platforms with edge-triggered virtual timer
(Julien Grall) - call vgic_en/disable_irqs holding the rank_lock
(Stefano Stabellini) - xen/arm: domain_vgic_init: Avoid double free on
shared_irqs (Julien Grall) - x86/HVM: don't crash guest upon problems
occurring in user mode (Jan Beulich) - x86/cpuidle: don't count C1
multiple times (Jan Beulich) - EFI: allow retry of ExitBootServices()
call (Jan Beulich) - x86: (allow to) override LIST_POISON* (Jan Beulich)
- adjust number of domains in cpupools when destroying domain (Juergen
Gross) - switch to write-biased r/w locks (Keir Fraser) {CVE-2014-9065}
- x86/HVM: confine internally handled MMIO to solitary regions (Jan
Beulich) {CVE-2014-8867}
- x86: limit checks in hypercall_xlat_continuation() to actual arguments
(Jan Beulich) {CVE-2014-8866}
- x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE (Andrew
Cooper) - x86emul: enforce privilege level restrictions when loading CS
(Jan Beulich) {CVE-2014-8595}
- x86: don't allow page table updates on non-PV page tables in
do_mmu_update() (Jan Beulich) {CVE-2014-8594}
- x86/PVH: replace bogus assertion with conditional (Jan Beulich) -
process softirqs while dumping domains (Andrew Cooper) - x86/HVM: only
kill guest when unknown VM exit occurred in guest kernel mode (Jan
Beulich) - VMX: values written to MSR_IA32_SYSENTER_E[IS]P should be
canonical (Jan Beulich) - x86/HVM: sanity check xsave area when
migrating or restoring from older Xen versions (Don Koch) - EFI: allow
to suppress the use of runtime services (Jan Beulich) - x86: tolerate
running on EFI runtime services page tables in map_domain_page() (Jan
Beulich) - hvm/load: correct length checks for zeroextended records
(Andrew Cooper) - vmx: fix save/restore issue with apicv (Yang Zhang) -
fix listing of vcpus when domains lacking any vcpus exist (Andrew
Cooper) - x86/paging: make log-dirty operations preemptible (Jan
Beulich) {CVE-2014-5146}
- AMD/guest_iommu: properly disable guest iommu support (Andrew Cooper)
- don't allow Dom0 access to IOMMUs' MMIO pages (Jan Beulich) - x86:
restore reserving of IO-APIC pages in XENMEM_machine_memory_map output
(Jan Beulich) - x86/MSI: fix MSI-X case of freeing IRQ (Jan Beulich) -
x86/EFI: fix freeing of uninitialized pointer (Roy Franz) - VMX: don't
unintentionally leave x2APIC MSR intercepts disabled (Jan Beulich) -
x86, idle: add barriers to CLFLUSH workaround (H. Peter Anvin) - VT-d:
suppress UR signaling for further desktop chipsets (Jan Beulich)
{CVE-2013-3495}
- x86/NMI: allow processing unknown NMIs when watchdog is enabled (Ross
Lagerwall) - x86/ats: Disable Address Translation Services by default
(Andrew Cooper) - x86/irq: process softirqs in irq keyhandlers (Andrew
Cooper) - VMX: fix DebugCtl MSR clearing (Jan Beulich) - x86/HVM:
properly bound x2APIC MSR range (Jan Beulich) {CVE-2014-7188}
- x86emul: only emulate software interrupt injection for real mode (Jan
Beulich) - x86/emulate: check cpl for all privileged instructions
(Andrew Cooper) - x86/shadow: fix race condition sampling the dirty vram
state (Andrew Cooper)
[4.4.0-32.el6]
- update qemu-xen-testing git tree revision (Zhigang Wang)
[4.4.0-31.el6]
- Rebuilt
[4.4.0-30.el6]
- x86/paging: make log-dirty operations preemptible (Jan Beulich)
[Orabug: 20141124] {CVE-2014-5146}
- switch internal hypercall restart indication from -EAGAIN to -ERESTART
(Jan Beulich) [Orabug: 20141124]
[4.4.0-29.el6]
- libxl/sysctl/ionuma: Make 'xl info -n' print device topology (Boris
Ostrovsky) [Orabug: 19580678]
- pci: Manage NUMA information for PCI devices (Boris Ostrovsky)
[Orabug: 19580678]
[4.4.0-28]
- xend: disable sslv3 due to CVE-2014-3566
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Kurt Hackel <kurt.hackel at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 19831385]
[4.4.0-27]
- tools/python: expose xc_getcpuinfo()
This API can be used to get per physical CPU utilization.
Testing:
>>> import xen.lowlevel.xc
>>> xc = xen.lowlevel.xc.xc()
>>> xc.getcpuinfo()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: Required argument 'max_cpus' (pos 1) not found
>>> xc.getcpuinfo(4)
[{'idletime': 109322086128854}, {'idletime': 109336447648802},
{'idletime': 109069270544960}, {'idletime': 109065612611363}]
>>> xc.getcpuinfo(100)
[{'idletime': 109639015806078}, {'idletime': 109654551195681},
{'idletime': 109382107891193}, {'idletime': 109382057541119}]
>>> xc.getcpuinfo(1)
[{'idletime': 109682068418798}]
>>> xc.getcpuinfo(2)
[{'idletime': 109711311201330}, {'idletime': 109728458214729}]
>>> xc.getcpuinfo(max_cpus=4)
[{'idletime': 109747116214638}, {'idletime': 109764982453261},
{'idletime': 109491373228931}, {'idletime': 109489858724432}]
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Acked-by: Ian Campbell <ian.campbell at citrix.com>
Upsteam commit: a9958947e49644c917c2349a567b2005b08e7c1f
[4.4.0-26]
- spread boot time page scrubbing across all available CPU's
The page scrubbing is done in 128MB chunks in lockstep across all the
non-SMT CPU's. This allows for the boot CPU to hold the heap_lock whilst
each
chunk is being scrubbed and then release the heap_lock when the CPU's are
finished scrubing their individual chunk. This allows for the heap_lock to
not be held continously and for pending softirqs are to be serviced
periodically across the CPU's.
The page scrub memory chunks are allocated to the CPU's in a NUMA aware
fashion to reduce socket interconnect overhead and improve performance.
Specifically in the first phase we scrub at the same time on all the
NUMA nodes that have CPUs - we also weed out the SMT threads so that
we only use cores (that gives a 50% boost). The second phase is for NUMA
nodes that have no CPUs - for that we use the closest NUMA node's CPUs
(non-SMT again) to do the job.
This patch reduces the boot page scrub time on a 128GB 64 core AMD Opteron
6386 machine from 49 seconds to 3 seconds.
On a IvyBridge-EX 8 socket box with 1.5TB it cuts it down from 15 minutes
to 63 seconds.
Signed-off-by: Malcolm Crossley <malcolm.crossley at citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
Reviewed-by: Tim Deegan <tim at xen.org>
Reviewed-by: Andrew Cooper <andrew.cooper3 at citrix.com>
(cherry picked from commit 7430a86de0c9bd126b441570e459f6e06413cbf6)
[bug 14829299]
[4.4.0-25]
- Reduce domain destroy time by delay page scrubbing
Bug 18415476 - XM DESTROY OF 1TB MEMORY GUEST TAKES LONG TIME
Because of page scrubbing, it's very slow to destroy a domain with large
memory.
This patch introduced a "PGC_need_scrub" flag, pages with this flag means it
need to be scrubbed before use.
During domain destory, pages are marked as "PGC_need_scrub" and be added
to free
heap list, so that xl can return quickly. The real scrub is delayed to the
allocation path if a page with "PGC_need_scrub" is allocated.
Besides that, trigger all idle vcpus to do the scrub job in parallel before
them enter sleep.
In order to get rid of heavy lock contention, a percpu list is used:
- Delist a batch of pages to a percpu list from "scrub" free page list.
- Scrub pages on this percpu list.
- Return those clean pages to normal "heap" free page list, merge with other
chunks if needed.
On a ~500GB guest, shutdown took slightly over one minute compared with
over 6
minutes if without this patch.
Signed-off-by: Bob Liu <bob.liu at oracle.com>
Acked-by: Adnan Misherfi <adnan.misherfi at oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com> [bug 18415476]
[4.4.0-24]
- iommu: set correct IOMMU entries when !iommu_hap_pt_share
If the memory map is not shared between HAP and IOMMU we fail to set
correct IOMMU mappings for memory types other than p2m_ram_rw.
This patchs adds IOMMU support for the following memory types:
p2m_grant_map_rw, p2m_map_foreign, p2m_ram_ro, p2m_grant_map_ro and
p2m_ram_logdirty.
Signed-off-by: Roger Pau Monn?195?169 <roger.pau at citrix.com>
Reviewed-by: Jan Beulich <jbeulich at suse.com>
Reviewed-by: Tim Deegan <tim at xen.org>
Tested-by: David Zhuang <david.zhuang at oracle.com>
(cherry picked from commit 203746bc36b41443d0eec78819f153fb59bc68d1)
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
Conflicts:
xen/arch/x86/mm/p2m-pt.c
[Easily resolved - We don't have commit
561e1dc85e6176c3d5b0a665b8ed4ff9e33cef1f
"x86/p2m: error code propagation" which changes 'ret' to 'rv'] [bug
18730424]
[4.4.0-23]
- pvh dom0: introduce p2m_map_foreign
In this patch, a new type p2m_map_foreign is introduced for pages
that toolstack on an auto translated dom0 or a control domain maps
from foreign domains that its creating or supporting during its
run time.
Signed-off-by: Mukesh Rathor <mukesh.rathor at oracle.com>
Acked-by: Tim Deegan <tim at xen.org>
(cherry picked from commit 243cebb3dfa1f94ec7c2b040e8fd15ae4d81cc5a)
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com> [bug 18730424]
[4.4.0-22]
- x86/EPT: simplification and cleanup
- drop rsvd*_ prefixes from fields not really reserved anymore
- replace odd uses of <expr> ? 1 : 0
- drop pointless variables from ept_set_entry()
- streamline IOMMU mirroring code in ept_set_entry()
- don't open code is_epte_valid() (and properly use it when dumping)
- streamline entry cloning in ept_split_super_page()
- compact dumping code and output
Signed-off-by: Jan Beulich <jbeulich at suse.com>
Reviewed-by: Tim Deegan <tim at xen.org>
(cherry picked from commit 3d8d2bd048773ababfa65cc8781b9ab3f5cf0eb0)
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com> [bug 18730424]
[4.4.0-21]
- tasklet: Introduce per-cpu tasklet for softirq (v5)
This implements a lockless per-cpu tasklet mechanism.
The existing tasklet mechanism has a single global
spinlock that is taken every-time the global list
is touched. And we use this lock quite a lot - when
we call do_tasklet_work which is called via an softirq
and from the idle loop. We take the lock on any
operation on the tasklet_list.
The problem we are facing is that there are quite a lot of
tasklets scheduled. The most common one that is invoked is
the one injecting the VIRQ_TIMER in the guest. Guests
are not insane and don't set the one-shot or periodic
clocks to be in sub 1ms intervals (causing said tasklet
to be scheduled for such small intervalls).
The problem appears when PCI passthrough devices are used
over many sockets and we have an mix of heavy-interrupt
guests and idle guests. The idle guests end up seeing
1/10 of its RUNNING timeslice eaten by the hypervisor
(and 40% steal time).
The mechanism by which we inject PCI interrupts is by
hvm_do_IRQ_dpci which schedules the hvm_dirq_assist
tasklet every time an interrupt is received.
The callchain is:
_asm_vmexit_handler
-> vmx_vmexit_handler
->vmx_do_extint
-> do_IRQ
-> __do_IRQ_guest
-> hvm_do_IRQ_dpci
tasklet_schedule(&dpci->dirq_tasklet);
[takes lock to put the tasklet on]
[later on the schedule_tail is invoked which is 'vmx_do_resume']
vmx_do_resume
-> vmx_asm_do_vmentry
-> call vmx_intr_assist
-> vmx_process_softirqs
-> do_softirq
[executes the tasklet function, takes the
lock again]
While on other CPUs they might be sitting in a idle loop
and invoked to deliver an VIRQ_TIMER, which also ends
up taking the lock twice: first to schedule the
v->arch.hvm_vcpu.assert_evtchn_irq_tasklet (accounted to
the guests' BLOCKED_state); then to execute it - which is
accounted for in the guest's RUNTIME_state.
The end result is that on a 8 socket machine with
PCI passthrough, where four sockets are busy with interrupts,
and the other sockets have idle guests - we end up with
the idle guests having around 40% steal time and 1/10
of its timeslice (3ms out of 30 ms) being tied up
taking the lock. The latency of the PCI interrupts delieved
to guest is also hindered.
With this patch the problem disappears completly.
That is removing the lock for the PCI passthrough use-case
(the 'hvm_dirq_assist' case).
As such this patch introduces the code to setup
softirq per-cpu tasklets and only modifies the PCI
passthrough cases instead of doing it wholesale. This
is done because:
- We want to easily bisect it if things break.
- We modify the code one section at a time to
make it easier to review this core code.
Now on the code itself. The Linux code (softirq.c)
has an per-cpu implementation of tasklets on which
this was based on. However there are differences:
- This patch executes one tasklet at a time - similar
to how the existing implementation does it.
- We use a double-linked list instead of a single linked
list. We could use a single-linked list but folks are
more familiar with 'list_*' type macros.
- This patch does not have the cross-CPU feeders
implemented. That code is in the patch
titled: tasklet: Add cross CPU feeding of per-cpu
tasklets. This is done to support:
"tasklet_schedule_on_cpu"
- We add an temporary 'TASKLET_SOFTIRQ_PERCPU' which
is can co-exist with the TASKLET_SOFTIRQ. It will be
replaced in 'tasklet: Remove the old-softirq
implementation."
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
Acked-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 18239385]
[4.4.0-20]
- Add libibverbs and librdmacm support [bug 19466188]
[4.4.0-19]
- xen: Only allocating the xenstore event channel earlier
This patch allocates xenstore event channel earlier to fix the migration
issue from ovm3.2.8 to 3.3.1, and also reverts the change for console
event channel to avoid it is set to none after allocation.
Signed-off-by: Annie Li <annie.li at oracle.com>
Acked-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 19218595]
[4.4.0-18]
- Increase xen max_phys_cpus to support hardware with 384 CPUs
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 19475535]
[4.4.0-17]
- fix domain destroy after reboot
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Joe Jin <joe.jin at oracle.com>
Signed-off-by: Iain MacDonnell <iain.macdonnell at oracle.com> [bug 19557379]
[4.4.0-16]
- update to 4.4.1
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com>
[4.4.0-15]
- xend: don't start blktapctrl as it's disabled by default
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
[4.4.0-14]
- xend: remove deprecation
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
[4.4.0-13]
- xend: fix xm list bug reporting incorrect memory size
This change allows xend to double-check the xcinfo info (which
hypercall it had already do) and use the up-to-date contents.
'xl' already does this by using the xcinfo.
Signed-off-by: Marcos Matsunaga <Marcos.Matsunaga at oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com> [bug 14553104]
- disable restore domains
Signed-off-by: Firas Azar <firas.azar at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com>
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com> [bug 18048615]
[bug 18560587]
[4.4.0-12]
- xend ssl migration reject weak cipher
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com>
Signed-off-by: Cathy Avery <cathy.avery at oracle.com>
Signed-off-by: Carson Hovey <carson.hovey at oracle.com> [bug 16721961]
[bug 16721654
- check xend service status
Signed-off-by: Firas Azar <firas.azar at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 17892410]
- reduce xend minimum vm restart time to 10 seconds
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com>
[4.4.0-11]
- Expose host uuid to guest via xenstore.
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Kurt Hackel <kurt.hackel at oracle.com>
- Revert change set 22315 because it breaks live migration:
Do not wait for memory teardown when live migrate
When trying to live migrate guest with great memory (e.g. 20 GB),
there's delay caused by destroying source copy of domain. To speed up
this process we can close socket before starting guest destroy, as
source guest is not running anymore.
Signed-off-by: Miroslav Rezanina <mrezanin at redhat.com>
Signed-off-by: Ian Jackson <ian.jackson at eu.citrix.com> [bug 13808326]
[bug 13874471]
- Put back the patch that prevents older guests that use kudzu from
hanging on reboot. Fixed the patch to prevent excessive watcher writes
which causes xend, xenstored to run at a 100% cpu usage. Now the watch
is written only if the console in Initialising, InitWait, Initialised
states which happen once at boot time.
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 13523487]
[4.4.0-10]
- Fix xm create vcpu_avail exceeds XMLRPC int limits.
If maxvcpus = vcpus = 40, (1<<40 -1) will exceed XMLRPC int limit.
Changing it to str will work. Then in the xend side, it will be
converted back to int.
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 14473041]
- Fix bootloader hang/crash xend on wrong bootargs.
When dom0 under heavy pressure, the pipe read in xen bootloader may
return -EAGAIN. This may result in no data read or partial data read.
With this patch, bootloader will read again when that happens.
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com>
Signed-off-by: Steve Prochniak <steve.prochniak at oracle.com> [bug 14195864]
[bug 14325570] [bug 14268749] [bug 14527250]
- Remove unnecessary balloon retries on vm creation.
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 14143327]
[4.4.0-9]
- Disable network-script.
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
- Fix xm reboot wait exception.
For VM reboot, the VM will first shutdown and then xend will recreate
it. This bug is caused by: when we do server.xend.domains(), the VM is
live; when we do server.xend.domain.getRestartCount(), the VM is dead,
thus raise an exception.
We can ignore this exception and just continue: this domain will be
handled in the next loop (it will not in the live vm list).
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com>
Signed-off-by: Jingjie Jiang <jingjie.jiang at oracle.com>
Signed-off-by: Junjie Wei <junjie.wei at oracle.com> [bug 14836200]
- xend: disable SCSI device discover during xend start.
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 14538564]
[4.4.0-8]
- Avoid ballooning when dom0-min-mem is set and enable-dom0-ballooning is
enabled.
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Kurt Hackel <kurt.hackel at oracle.com> [bug 12404026]
- Enable Xend SSL relocation server.
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Kurt Hackel <kurt.hackel at oracle.com>
- Disable ballooning of dom0. [bug 8604766] [bug 9485681]
[4.4.0-7]
- Add domain running lock callout hook.
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Junjie Wei <junjie.wei at oracle.com> [bug 17936558] [bug
18328751]
- Avoid concurrent calls to destory() for the same domain.
Signed-off-by: Joe Jin <joe.jin at oracle.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
Reviewed-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 16098765]
- Fix file descriptor leak in SSL migration.
Signed-off-by: Steve Prochniak <steve.prochniak at oracle.com
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com>
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com> [bug 16706361]
[4.4.0-6]
- dom0-mem backward compatibility
If a maximum reservation for dom0 is not explictly given (i.e., no
dom0_mem=max:MMM command line option), then set the maximum
reservation to the initial number of pages. This is what most people
seem to expect when they specify dom0_mem=512M (i.e., exactly 512 MB
and no more).
This change means that with Linux 3.0.5 and later kernels,
dom0_mem=512M has the same result as older, 'classic Xen' kernels. The
older kernels used the initial number of pages to set the maximum
number of pages and did not query the hypervisor for the maximum
reservation.
It is still possible to have a larger reservation by explicitly
specifying dom0_mem=max:MMM.
Signed-off-by: David Vrabel <david.vrabel at citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
NOTE: This behaviour should also be implemented in the Linux kernel.
[bug 13860516] [bug 18552768]
- fix panic on HP DL580 Gen8
Signed-off-by: Konrad Wilk <konrad.wilk at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 19189825]
- In bootloader(), domains_lock is first released to avoid a stunk
bootloder from denying service to the other xend clients. It is
re-acquired before returning to domain creation to cover the changes
to be made. But if something goes wrong and domains_lock is not
re-acquired, we may hit an error when releasing it one more time.
This patch makes sure that the released domains_lock is re-acquired
before returning.
Signed-off-by: Junjie Wei <junjie.wei at oracle.com>
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 14407719]
[4.4.0-5]
- restore C xenstored and put tdb to tmpfs
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
- fix a crash in guests 2.6.32 when PLE is enabled
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com>
- fix hvm migration 32 vcpus limit
When we migrate an HVM guest, by default our shared_info can
only hold up to 32 CPUs. As such the hypercall
VCPUOP_register_vcpu_info was introduced which allowed us to
setup per-page areas for VCPUs. This means we can boot PVHVM
guest with more than 32 VCPUs. During migration the per-cpu
structure is allocated fresh by the hypervisor (vcpu_info_mfn
is set to INVALID_MFN) so that the newly migrated guest
can do make the VCPUOP_register_vcpu_info hypercall.
Unfortunatly we end up triggering this condition:
/* Run this command on yourself or on other offline VCPUS. */
if ( (v != current) && !test_bit(_VPF_down, &v->pause_flags) )
which means we are unable to setup the per-cpu VCPU structures
for running vCPUS. The Linux PV code paths make this work by
iterating over every vCPU with:
1) is target CPU up (VCPUOP_is_up hypercall?)
2) if yes, then VCPUOP_down to pause it.
3) VCPUOP_register_vcpu_info
4) if it was down, then VCPUOP_up to bring it back up
But since VCPUOP_down, VCPUOP_is_up, and VCPUOP_up are
not allowed on HVM guests we can't do this. This patch
enables this.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com> [bug 18552539]
[4.4.0-4]
- Add support for openvswitch
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 15886237]
[bug 17885201]
- Disable netfilter on bridges.
Also disable bridge multicast_snooping: Linux bridge can not forward
packets to
its ports and it is not needed.
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 15871028]
[bug 18007687] [bug 16746299]
- Add "allowhugepage" flag as a synonym for "allowsuperpage"
for compatibility with previous releases.
Signed-off-by: Dave McCracken <dave.mccracken at oracle.com>
Acked-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com>
Acked-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 13821795]
[4.4.0-3]
- Disable iptables when adding a VIF to a Bridge.
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com> [bug 14611657]
- Create a loop device node if it does not exist on VM start.
After this patch, kernel max_loop could be 8.
Signed-off-by: Zhigang Wang <zhigang.x.wang at oracle.com>
Signed-off-by: Adnan Misherfi <adnan.misherfi at oracle.com>
Signed-off-by: Kurt Hackel <kurt.hackel at oracle.com>
[4.4.0-2]
- Set max cstate to 1.
Signed-off-by: Joe Jin <joe.jin at oracle.com> [bug 13703504]
- xen: increase default max grant frames from 32 to 64.
We advertise as being able to launch 32VIFs and 8 VBDs.
But currently the amount of frames that a guest uses is
based on this simple algebra:
So if we have 31VIFs we cannot have any more VBDs nor any
more VIFs. By increasing the value to 64 we have some extra
headroom _and_ we can have at least 8VBDs (or more).
Acked-by: Adnan Misherfi <adnan.misherfi at oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk at oracle.com> [bug 16039922]
- Add "OVM" to version information. This is visible through
smbios/dmidecode information for HVM guests. [bug 11792774]
[4.4.0-1]
- rebuild for 4.4.0
More information about the Oraclevm-errata
mailing list