Last commit made on 2017-10-16
Get this branch:
git clone -b ubuntu/xenial-updates https://git.launchpad.net/ubuntu/+source/xen
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

f8c5d73... by Stefan Bader on 2017-10-11

Import patches-unapplied version 4.6.5-0ubuntu1.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: df210c12545da79963d30a055d2c876199f1dc2c

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2017-14316 / XSA-231
      - xen/mm: make sure node is less than MAX_NUMNODES
    - CVE-2017-14318 / XSA-232
      - grant_table: fix GNTTABOP_cache_flush handling
    - CVE-2017-14317 / XSA-233
      - tools/xenstore: dont unlink connection object twice
    - CVE-2017-14319 / XSA-234
      - gnttab: also validate PTE permissions upon destroy/replace
    - XSA-235
      - arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths
    - XSA-237
      - x86: don't allow MSI pIRQ mapping on unowned device
      - x86: enforce proper privilege when (un)mapping pIRQ-s
      - x86/MSI: disallow redundant enabling
      - x86/IRQ: conditionally preserve irq <-> pirq mapping on map error
      - x86/FLASK: fix unmap-domain-IRQ XSM hook
    - XSA-238
      - x86/ioreq server: correctly handle bogus
        XEN_DMOP_{,un}map_io_range_to_ioreq_server arguments
    - XSA-239
      - x86/HVM: prefill partially used variable on emulation paths
    - XSA-240
      - x86: limit linear page table use to a single level
      - x86/mm: Disable PV linear pagetables by default
    - XSA-241
      - x86: don't store possibly stale TLB flush time stamp
    - XSA-242
      - x86: don't allow page_unlock() to drop the last type reference
    - XSA-243
      - x86: Disable the use of auto-translated PV guestsx86: Disable the use
        of auto-translated PV guests
      - x86/shadow: Don't create self-linear shadow mappings for 4-level
        translated guests
    - XSA-244
      - x86/cpu: Fix IST handling during PCPU bringup
    - XSA-245
      - xen/page_alloc: Cover memory unreserved after boot in first_valid_mfn
      - xen/arm: Correctly report the memory region in the dummy NUMA helpers
  * Applying Xen Security Advisories:
    - XSA-226 / CVE-2017-12135
      - gnttab: don't use possibly unbounded tail calls
      - gnttab: fix transitive grant handling
    - XSA-227 / CVE-2017-12137
      - x86/grant: Disallow misaligned PTEs
    - XSA-228 / CVE-2017-12136
      - gnttab: split maptrack lock to make it fulfill its purpose again
    - XSA-230 / CVE-2017-12855
      - gnttab: correct pin status fixup for copy

df210c1... by Stefan Bader on 2017-07-04

Import patches-unapplied version 4.6.5-0ubuntu1.2 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 4d3111443b2c83f8bb7971826419583f1b1a0ba2

New changelog entries:
  * Applying Xen Security Advisories:
    - XSA-217
      - x86/mm: disallow page stealing from HVM domains
    - XSA-218
      - IOMMU: handle IOMMU mapping and unmapping failures
      - gnttab: fix unmap pin accounting race
      - gnttab: Avoid potential double-put of maptrack entry
      - gnttab: correct maptrack table accesses
    - XSA-219
      - 86/shadow: Hold references for the duration of emulated writes
    - XSA-220
      - x86: avoid leaking PKRU and BND* between vCPU-s
    - XSA-221
      - evtchn: avoid NULL derefs
    - XSA-222
      - xen/memory: Fix return value handing of guest_remove_page()
      - guest_physmap_remove_page() needs its return value checked
    - XSA-223
      - arm: vgic: Don't update the LR when the IRQ is not enabled
    - XSA-224
      - gnttab: Fix handling of dev_bus_addr during unmap
      - gnttab: never create host mapping unless asked to
      - gnttab: correct logic to get page references during map requests
      - gnttab: __gnttab_unmap_common_complete() is all-or-nothing
    - XSA-225
      - xen/arm: vgic: Sanitize target mask used to send SGI

4d31114... by Stefan Bader on 2017-05-09

Import patches-unapplied version 4.6.5-0ubuntu1.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: b70fb8310f627198008120d02e921a935d856348

New changelog entries:
  * Applying Xen Security Advisories:
    - XSA-206
      * xenstored: apply a write transaction rate limit
      * xenstored: Log when the write transaction rate limit bites
      * oxenstored: refactor putting response on wire
      * oxenstored: remove some unused parameters
      * oxenstored: refactor request processing
      * oxenstored: keep track of each transaction's operations
      * oxenstored: move functions that process simple operations
      * oxenstored: replay transaction upon conflict
      * oxenstored: log request and response during transaction replay
      * oxenstored: allow compilation prior to OCaml 3.12.0
      * oxenstored: comments explaining some variables
      * oxenstored: handling of domain conflict-credit
      * oxenstored: ignore domains with no conflict-credit
      * oxenstored: add transaction info relevant to history-tracking
      * oxenstored: support commit history tracking
      * oxenstored: only record operations with side-effects in history
      * oxenstored: discard old commit-history on txn end
      * oxenstored: track commit history
      * oxenstored: blame the connection that caused a transaction conflict
      * oxenstored: allow self-conflicts
      * oxenstored: do not commit read-only transactions
      * oxenstored: don't wake to issue no conflict-credit
      * oxenstored transaction conflicts: improve logging
      * oxenstored: trim history in the frequent_ops function
    - CVE-2017-7228 / XSA-212
      * memory: properly check guest memory ranges in XENMEM_exchange handling
    - XSA-213
      * multicall: deal with early exit conditions
    - XSA-214
      * x86: discard type information when stealing pages
    - XSA-215
      * x86: correct create_bounce_frame

b70fb83... by Stefan Bader on 2017-03-14

Import patches-unapplied version 4.6.5-0ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: d64bb210dd9e23bc1dfe6b428b581a9c136fd8fc

New changelog entries:
  * Rebasing to upstream stable release 4.6.5 (LP: #1671864)
    - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
      hosts which support the TSC_ADJUST MSR (LP: #1671760)
    - Additional security relevant changes:
      * CVE-2013-2076 / XSA-052 (update)
        - Information leak on XSAVE/XRSTOR capable AMD CPUs
      * CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable)
        - x86: Mishandling of instruction pointer truncation during emulation
      * XSA-207
        - memory leak when destroying guest without PT devices
    - Replacing the following security fixes with the versions from the
      stable update:
      * CVE-2015-7812 / XSA-145
        - arm: Host crash when preempting a multicall
      * CVE-2015-7813 / XSA-146
        - arm: various unimplemented hypercalls log without rate limiting
      * CVE-2015-7814 / XSA-147
        - arm: Race between domain destruction and memory allocation decrease
      * CVE-2015-7835 / XSA-148
        - x86: Uncontrolled creation of large page mappings by PV guests
      * CVE-2015-7969 / XSA-149, XSA-151
        - leak of main per-domain vcpu pointer array
        - x86: leak of per-domain profiling-related vcpu pointer array
      * CVE-2015-7970 / XSA-150
        - x86: Long latency populate-on-demand operation is not preemptible
      * CVE-2015-7971 / XSA-152
        - x86: some pmu and profiling hypercalls log without rate limiting
      * CVE-2015-7972 / XSA-153
        - x86: populate-on-demand balloon size inaccuracy can crash guests
      * CVE-2016-2270 / XSA-154
        - x86: inconsistent cachability flags on guest mappings
      * CVE-2015-8550 / XSA-155
        - paravirtualized drivers incautious about shared memory contents
      * CVE-2015-5307, CVE-2015-8104 / XSA-156
        - x86: CPU lockup during exception delivery
      * CVE-2015-8338 / XSA-158
        - long running memory operations on ARM
      * CVE-2015-8339, CVE-2015-8340 / XSA-159
        XENMEM_exchange error handling issues
      * CVE-2015-8341 / XSA-160
        - libxl leak of pv kernel and initrd on error
      * CVE-2015-8555 / XSA-165
        - information leak in legacy x86 FPU/XMM initialization
      * XSA-166
        - ioreq handling possibly susceptible to multiple read issue
      * CVE-2016-1570 / XSA-167
        - PV superpage functionality missing sanity checks
      * CVE-2016-1571 / XSA-168
        - VMX: intercept issue with INVLPG on non-canonical address
      * CVE-2015-8615 / XSA-169
        - x86: unintentional logging upon guest changing callback method
      * CVE-2016-2271 / XSA-170
        - VMX: guest user mode may crash guest with non-canonical RIP
      * CVE-2016-3158, CVE-2016-3159 / XSA-172
        - broken AMD FPU FIP/FDP/FOP leak workaround
      * CVE-2016-3960 / XSA-173
        - x86 shadow pagetables: address width overflow
      * CVE-2016-4962 / XSA-175
        - Unsanitised guest input in libxl device handling code
      * CVE-2016-4480 / XSA-176
        - x86 software guest page walk PS bit handling flaw
      * CVE-2016-4963 / XSA-178
        - Unsanitised driver domain input in libxl device handling
      * CVE-2016-5242 / XSA-181
        - arm: Host crash caused by VMID exhaustion
      * CVE-2016-6258 / XSA-182
        - x86: Privilege escalation in PV guests
      * CVE-2016-6259 / XSA-183
        - x86: Missing SMAP whitelisting in 32-bit exception / event delivery
      * CVE-2016-7092 / XSA-185
        - x86: Disallow L3 recursive pagetable for 32-bit PV guests
      * CVE-2016-7094 / XSA-187
        - x86 HVM: Overflow of sh_ctxt->seg_reg[]
      * CVE-2016-7777 / XSA-190
        - CR0.TS and CR0.EM not always honored for x86 HVM guests
      * CVE-2016-9386 / XSA-191
        - x86 null segments not always treated as unusable
      * CVE-2016-9382 / XSA-192
        - x86 task switch to VM86 mode mis-handled
      * CVE-2016-9385 / XSA-193
        - x86 segment base write emulation lacking canonical address checks
      * CVE-2016-9383 / XSA-195
        - x86 64-bit bit test instruction emulation broken
      * CVE-2016-9377, CVE-2016-9378 / XSA-196
        - x86 software interrupt injection mis-handled
      * CVE-2016-9379, CVE-2016-9380 / XSA-198
        - delimiter injection vulnerabilities in pygrub
      * CVE-2016-9932 / XSA-200
        - x86 CMPXCHG8B emulation fails to ignore operand size override
      * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
        - ARM guests may induce host asynchronous abort
      * CVE-2016-10024 / XSA-202
        - x86 PV guests may be able to mask interrupts
      * CVE-2016-10025 / XSA-203
        - x86: missing NULL pointer check in VMFUNC emulation
      * CVE-2016-10013 / XSA-204
        - x86: Mishandling of SYSCALL singlestep during emulation

d64bb21... by Stefan Bader on 2017-01-10

Import patches-unapplied version 4.6.0-1ubuntu4.3 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: da7c3addbfd4e3ec26581d74e6d0f42953712adf

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-9386 / XSA-191
      * x86/hvm: Fix the handling of non-present segments
    - CVE-2016-9382 / XSA-192
      * x86/HVM: don't load LDTR with VM86 mode attrs during task switch
    - CVE-2016-9385 / XSA-193
      * x86/PV: writes of %fs and %gs base MSRs require canonical addresses
    - CVE-2016-9383 / XSA-195
      * x86emul: fix huge bit offset handling
    - CVE-2016-9377, CVE-2016-9378 / XSA-196
      * x86/emul: Correct the IDT entry calculation in inject_swint()
      * x86/svm: Fix injection of software interrupts
    - CVE-2016-9379, CVE-2016-9380 / XSA-198
      * pygrub: Properly quote results, when returning them to the caller
    - CVE-2016-9932 / XSA-200
      * x86emul: CMPXCHG8B ignores operand size prefix
    - CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA.201
      * arm64: handle guest-generated EL1 asynchronous abort
      * arm64: handle async aborts delivered while at EL2
      * arm: crash the guest when it traps on external abort
      * arm32: handle async aborts delivered while at HYP
    - CVE-2016-10024 / XSA-202
      * x86: force EFLAGS.IF on when exiting to PV guests
    - CVE-2016-10025 / XSA-203
      * x86/HVM: add missing NULL check before using VMFUNC hook
    - CVE-2016-10013 / XSA-204
      * x86/emul: Correct the handling of eflags with SYSCALL

da7c3ad... by Stefan Bader on 2016-10-06

Import patches-unapplied version 4.6.0-1ubuntu4.2 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 1d8b6d8a77b9ec0a5b7eef91890dca58b027fc35

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-6258 / XSA-182
      * x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath
    - CVE-2016-6259 / XSA-183
      * x86/entry: Avoid SMAP violation in compat_create_bounce_frame()
    - CVE-2016-7092 / XSA-185
      * x86/32on64: don't allow recursive page tables from L3
    - CVE-2016-7094 / XSA-187
      * x86/shadow: Avoid overflowing sh_ctxt->seg_reg[]
      * x86/segment: Bounds check accesses to emulation ctxt->seg_reg[]
    - CVE-2016-7777 / XSA-190
      * x86emul: honor guest CR0.TS and CR0.EM

1d8b6d8... by Stefan Bader on 2016-06-01

Import patches-unapplied version 4.6.0-1ubuntu4.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 4f6f3f06b6f05f4685ea98d661adda4076a4c690

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2016-3158, CVE-2016-3159 / XSA-172
      * x86: fix information leak on AMD CPUs
    - CVE-2016-3960 / XSA-173
      * x86: limit GFNs to 32 bits for shadowed superpages.
    - CVE-2016-4962 / XSA-175
      * libxl: Record backend/frontend paths in /libxl/$DOMID
      * libxl: Provide libxl__backendpath_parse_domid
      * libxl: Do not trust frontend in libxl__devices_destroy
      * libxl: Do not trust frontend in libxl__device_nextid
      * libxl: Do not trust frontend for disk eject event
      * libxl: Do not trust frontend for disk in getinfo
      * libxl: Do not trust frontend for vtpm list
      * libxl: Do not trust frontend for vtpm in getinfo
      * libxl: Do not trust frontend for nic in libxl_devid_to_device_nic
      * libxl: Do not trust frontend for nic in getinfo
      * libxl: Do not trust frontend for channel in list
      * libxl: Do not trust frontend for channel in getinfo
      * libxl: Cleanup: Have libxl__alloc_vdev use /libxl
      * libxl: Document ~/serial/ correctly
    - CVE-2016-4480 / XSA-176
      * x86/mm: fully honor PS bits in guest page table walks
    - CVE-2016-4963 / XSA-178
      * libxl: Make copy of every xs backend in /libxl in _generic_add
      * libxl: Do not trust backend in libxl__device_exists
      * libxl: Do not trust backend for vtpm in getinfo (except uuid)
      * libxl: Do not trust backend for vtpm in getinfo (uuid)
      * libxl: cdrom eject and insert: write to /libxl
      * libxl: Do not trust backend for disk eject vdev
      * libxl: Do not trust backend for disk; fix driver domain disks list
      * libxl: Do not trust backend for disk in getinfo
      * libxl: Do not trust backend for cdrom insert
      * libxl: Do not trust backend for channel in getinfo
      * libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore
      * libxl: Rename READ_BACKEND to READ_LIBXLDEV
      * libxl: Have READ_LIBXLDEV use libxl_path rather than be_path
      * libxl: Do not trust backend in nic getinfo
      * libxl: Do not trust backend for nic in devid_to_device
      * libxl: Do not trust backend for nic in list
      * libxl: Do not trust backend in channel list
      * libxl: Cleanup: use libxl__backendpath_parse_domid in
      * libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename
    - CVE-2016-5242 / XSA-181
      * xen/arm: Don't free p2m->first_level in p2m_teardown() before
                 it has been allocated

4f6f3f0... by Stefan Bader on 2016-02-19

Import patches-unapplied version 4.6.0-1ubuntu4 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 0aa143bef8b524653fe52394e567d89c9998b6d8

New changelog entries:
  * d/rules.real: Set LANG=C.UTF-8 for the builds to avoid a grep bug.

0aa143b... by Stefan Bader on 2016-02-18

Import patches-unapplied version 4.6.0-1ubuntu3 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: dad92aad29a970af607632527cc507280e588eb0

New changelog entries:
  * Fix unmount error message on shutdown and init script ordering issues:
    - d/xen-utils-common.xenstored.init: Introduce new init script which only
      starts xenstored (but also shuts it down on stop). Prevent this one to
      be run on upgrade.
    - d/xen-utils-common.xen.init:
      * Add X-Start-Before/X-Stop-After dependencies on libvirt-bin
      * Remove xenstored related code
  * d/scripts/xen-init-list: Revert back to unmodified version from Debian.
    With the ordering fixed, libvirt guests should be handled by its own
    script before xendomains is run.
  * d/control, d/libxen-dev.install and d/rules.real:
    Add xenlight.pc and xlutil.pc to be packaged as part of libxen-dev in
    multi-arch suitable location. Also declare libxen-dev as multi-arch
  * Additional Security Patches:
    - CVE-2016-2270 / XSA-154
      * x86: enforce consistent cachability of MMIO mappings
    - CVE-2016-1570 / XSA-167
      * x86/mm: PV superpage handling lacks sanity checks
    - CVE-2016-1571 / XSA-168
      * x86/VMX: prevent INVVPID failure due to non-canonical guest address
    - CVE-2015-8615 / XSA-169
      * x86: make debug output consistent in hvm_set_callback_via
    - CVE-2016-2271 / XSA-170
      * x86/VMX: sanitize rIP before re-entering guest

dad92aa... by Stefan Bader on 2015-12-16

Import patches-unapplied version 4.6.0-1ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 3f0fe2fcbed9581091618261e5f580b05e563d3e

New changelog entries:
  * Applying Xen Security Advisories:
    - CVE-2015-8550 / XSA-155
      * xen: Add RING_COPY_REQUEST()
      * blktap2: Use RING_COPY_REQUEST
      * libvchan: Read prod/cons only once.
    - CVE-2015-8338 / XSA-158
      * memory: split and tighten maximum order permitted in memops
    - CVE-2015-8339, CVE-2015-8340 / XSA-159
      * memory: fix XENMEM_exchange error handling
    - CVE-2015-8341 / XSA-160
      * libxl: Fix bootloader-related virtual memory leak on pv
        build failure
    - CVE-2015-8555 / XSA-165
      * x86: don't leak ST(n)/XMMn values to domains first using them
    - CVE-2015-???? / XSA-166
      * x86/HVM: avoid reading ioreq state more than once