Download Xen 4.8.4

Xen is a baremetal hypervisor for the x86 and ARMv7/v8 platforms, allowing multiple operating systems to run simultaneously on a single system without drastically impacting performance. For more information about Xen and its community, please refer to this one and this one page. Currently, only Linux, NetBSD, and FreeBSD are supported as host systems, but work is underway to fully support other operating systems as well. The developers have released version 4.8.4 with the following announcement:

Xen Project 4.8.4

We are pleased to announce the release of Xen 4.8.4. This is available immediately from its git repository (tag RELEASE-4.8.4) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

• update Xen version to 4.8.4
• x86/HVM: don’t cause #NM to be raised in Xen
• libxl: restore passing “readonly=” to qemu for SCSI disks
• libxl: qemu_disk_scsi_drive_string: Break out common parts of disk config
• x86: Refine checks in #DB handler for faulting conditions
• x86/mm: don’t bypass preemption checks
• x86/EFI: further correct FPU state handling around runtime calls
• x86/EFI: fix FPU state handling around runtime calls
• x86: correct default_xen_spec_ctrl calculation
• libxc/x86/PV: don’t hand through CPUID leaf 0x80000008 as is
• x86/spec-ctrl: Mitigations for LazyFPU
• x86: Support fully eager FPU context switching
• x86: don’t enable XPTI on idle domain
• x86: re-enable XPTI/PCID as needed in switch_native()
• xen/x86: use PCID feature
• xen/x86: add some cr3 helpers
• xen/x86: convert pv_guest_cr4_to_real_cr4() to a function
• xen/x86: use flag byte for decision whether xen_cr3 is valid
• xen/x86: disable global pages for domains with XPTI active
• xen/x86: use invpcid for flushing the TLB
• xen/x86: support per-domain flag for xpti
• xen/x86: add a function for modifying cr3
• x86/xpti: avoid copying L4 page table contents when possible
• x86: invpcid support
• x86: move invocations of hvm_flush_guest_tlbs()
• x86/XPTI: fix S3 resume (and CPU offlining in general)
• x86/msr: Virtualise MSR_SPEC_CTRL.SSBD for guests to use
• x86/Intel: Mitigations for GPZ SP4 – Speculative Store Bypass
• x86/AMD: Mitigations for GPZ SP4 – Speculative Store Bypass
• x86/spec_ctrl: Introduce a new `spec-ctrl=` command line argument to replace `bti=`
• x86/cpuid: Improvements to guest policies for speculative sidechannel features
• x86/spec_ctrl: Explicitly set Xen’s default MSR_SPEC_CTRL value
• x86/spec_ctrl: Split X86_FEATURE_SC_MSR into PV and HVM variants
• x86/spec_ctrl: Elide MSR_SPEC_CTRL handling in idle context when possible
• x86/spec_ctrl: Rename bits of infrastructure to avoid NATIVE and VMEXIT
• x86/spec_ctrl: Fold the XEN_IBRS_{SET,CLEAR} ALTERNATIVES together
• x86/spec_ctrl: Merge bti_ist_info and use_shadow_spec_ctrl into spec_ctrl_flags
• x86/spec_ctrl: Express Xen’s choice of MSR_SPEC_CTRL value as a variable
• x86/spec_ctrl: Read MSR_ARCH_CAPABILITIES only once
• x86: Fix “x86: further CPUID handling adjustments”
• libacpi: fixes for iasl >= 20180427
• xen/schedule: Fix races in vcpu migration
• xen: Introduce vcpu_sleep_nosync_locked()
• x86/cpuidle: don’t init stats lock more than once
• x86/SVM: Fix intercepted {RD,WR}MSR for the SYS{CALL,ENTER} MSRs
• xpti: fix bug in double fault handling
• x86/HVM: never retain emulated insn cache when exiting back to guest
• x86/HPET: fix race triggering ASSERT(cpu < nr_cpu_ids)
• x86/spec_ctrl: Updates to retpoline-safety decision making
• x86: suppress BTI mitigations around S3 suspend/resume
• x86: correct ordering of operations during S3 resume
• x86/cpuid: fix raw FEATURESET_7d0 reporting
• x86/emul: Fix emulator test harness build following a backport of 7c508612
• x86/emul: Fix emulator test harness build following a91b2ec337a
• x86/HVM: guard against emulator driving ioreq state in weird ways
• x86/vpt: add support for IO-APIC routed interrupts
• x86/traps: Fix handling of #DB exceptions in hypervisor context
• x86/traps: Use an Interrupt Stack Table for #DB
• x86/pv: Move exception injection into {,compat_}test_all_events()
• x86/traps: Fix %dr6 handing in #DB handler
• x86: fix slow int80 path after XPTI additions
• libxl: Specify format of inserted cdrom
• x86/msr: Correct the emulation behavior of MSR_PRED_CMD
• x86/VT-x: Fix determination of EFER.LMA in vmcs_dump_vcpu()
• x86/HVM: suppress I/O completion for port output
• x86/pv: Fix up erroneous segments for 32bit syscall entry
• x86/XPTI: reduce .text.entry
• x86: log XPTI enabled status
• x86: disable XPTI when RDCL_NO
• x86/pv: Fix the handing of writes to %dr7
• x86: further CPUID handling adjustments
• x86/emul: Fix backport of “x86/emul: Fix the decoding of segment overrides in 64bit mode”
• x86/PV: also cover Dom0 in SPEC_CTRL / PRED_CMD emulation
• x86: Move microcode loading earlier
• x86/vlapic: clear TMR bit upon acceptance of edge-triggered interrupt to IRR
• cpufreq/ondemand: fix race while offlining CPU
• x86: remove CR reads from exit-to-guest path
• x86: slightly reduce Meltdown band-aid overhead
• x86/xpti: don’t map stack guard pages
• x86/xpti: Hide almost all of .text and all .data/.rodata/.bss mappings
• x86/apicv: fix wrong IPI suppression during posted interrupt delivery
• x86: ignore guest microcode loading attempts
• libxl/arm: Fix build on arm64 + acpi
• x86/HVM: don’t give the wrong impression of WRMSR succeeding
• x86/PV: fix off-by-one in I/O bitmap limit check
• grant: Release domain lock on ‘map’ path in cache_flush
• x86/pv: Avoid leaking other guests’ MSR_TSC_AUX values ​​into PV context
• x86/nmi: start NMI watchdog on CPU0 after SMP bootstrap
• x86/srat: fix end calculation in nodes_cover_memory()
• x86/entry: Use 32bit xors rater than 64bit xors for clearing GPRs
• x86/emul: Fix the decoding of segment overrides in 64bit mode
• x86/spec_ctrl: Fix several bugs in SPEC_CTRL_ENTRY_FROM_INTR_IST
• x86/srat: fix the end pfn check in valid_numa_range()
• x86: reduce Meltdown band-aid IPI overhead
• x86/NMI: invert condition in nmi_show_execution_state()
• x86/emul: Fix the emulation of invlpga
• xen/arm: Flush TLBs before turning on the MMU to avoid stale entries
• xen/arm: vgic: Make sure the number of SPIs is a multiple of 32
• tools/libxc: Fix restoration of PV MSRs after migrate
• tools/libxc: Avoid generating inappropriate zero-content records
• x86/hvm: Disallow the creation of HVM domains without Local APIC emulation
• gnttab: don’t blindly free status pages upon version change
• gnttab/ARM: don’t corrupt shared GFN array
• memory: don’t implicitly unpin for decrease-reservation
• x86/PV: correctly count MSRs to migrate
• xen/arm: cpuerrata: Actually check errata on non-boot CPUs
• tools/kdd: don’t use a pointer to an unaligned field.
• x86/idle: Clear SPEC_CTRL while idle
• x86/cpuid: Offer Indirect Branch Controls to guests
• x86/ctxt: Issue a speculation barrier between vcpu contexts
• x86/boot: Calculate the most appropriate BTI mitigation to use
• x86/entry: Avoid using alternatives in NMI/#MC paths
• x86/entry: Organize the clobbering of the RSB/RAS on entry to Xen
• x86/entry: Organize the use of MSR_SPEC_CTRL at each entry/exit point
• x86/hvm: Permit guests direct access to MSR_{SPEC_CTRL,PRED_CMD}
• x86/migrate: Move MSR_SPEC_CTRL on migrate
• x86/msr: Emulation of MSR_{SPEC_CTRL,PRED_CMD} for guests
• x86/cpuid: Handling of IBRS/IBPB, STIBP and IBRS for guests
• x86: fix GET_STACK_END
• x86/acpi: process softirqs while printing CPU ACPI data
• x86/cmdline: Introduce a command line option to disable IBRS/IBPB, STIBP and IPBB
• x86/feature: Definitions for Indirect Branch Controls
• x86: Introduce alternative indirect thunks
• x86/amd: Try to set lfence as being Dispatch Serializing
• x86/boot: Report details of speculative mitigations
• x86: Support indirectly thunks from assembly code
• x86: Support compiling with indirect branch thunks
• common/wait: Clarifications to wait infrastructure
• x86/entry: Erase guest GPR state on entry to Xen
• x86/hvm: Use SAVE_ALL to construct the cpu_user_regs frame after VMExit
• x86/entry: Rearrange RESTORE_ALL to restore register in stack order
• x86: Introduce a common cpuid_policy_updated()
• x86/hvm: Rename update_guest_vendor() callback to cpuid_policy_changed()
• x86/alt: Introduce ALTERNATIVE{,_2} macros
• update Xen version to 4.8.4-pre
• x86/alt: Break out alternative-asm into a separate header file
• x86: Avoid corruption on migrate for vcpus using CPUID Faulting
• xen/arm32: entry: Document the purpose of r11 in the traps handler
• xen/arm32: Invalidate icache on guest exist for Cortex-A15
• xen/arm32: Invalidate BTB on guest exit for Cortex A17 and 12
• xen/arm32: Add skeleton to harden branch predictor aliasing attacks
• xen/arm32: entry: Add missing trap_reset entry
• xen/arm32: Add missing MIDR values ​​for Cortex-A17 and A12
• xen/arm32: entry: Consolidate DEFINE_TRAP_ENTRY_* macros
• xen/arm64: Implement branch predictor hardening for affected Cortex-A CPUs
• xen/arm64: Add skeleton to harden the branch predictor aliasing attacks
• xen/arm: cpuerrata: Add MIDR_ALL_VERSIONS
• xen/arm64: Add missing MIDR values ​​for Cortex-A72, A73 and A75
• xen/arm: Introduce enable callback to enable a capabilities on each online CPU

This release contains no fixes to fixes to qemu-traditional or qemu-upstream.