Bug#698831: pre-approval: xen/4.1.4-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi
I'd like to update xen to 4.1.4. It contains mostly fixes on the
hypervisor and some smaller ones on the tools.
The hypervisor gets a lot of fixes. This includes fixes for
- ignored (like CVE-2012-3497) and low impact security issues, usage of
non-canonical addresses and off-by-one errors in access checks,
- support and fixes for new hardware,
- workarounds for CPU errata and other spec fixes and
- race conditions.
Some changes are also done to the userspace tools. This includes
- fixes for pvscsi support in xend (not usable in Debian),
- pygrub (python grub2 config parser) argument handling and
- fixes to bundled qemu, MSI setup and proper default caching of backend
devices.
The complete update can go through unstable.
The diff is a bit large for my taste, but it is better to pick the whole
then picking half of the fixes. The diffstat for the effective diff
(between both patched trees) looks like this:
| .hg_archival.txt | 4
| .hgsigs | 3
| .hgtags | 3
| Config.mk | 6
| MAINTAINERS | 27 +++
| docs/man/xmdomain.cfg.pod.5 | 6
| qemu/hw/pass-through.c | 3
| qemu/hw/pt-msi.c | 14 -
| qemu/hw/xen_machine_fv.c | 7
| qemu/xenstore.c | 2
| tools/blktap2/control/tap-ctl-list.c | 12 -
| tools/blktap2/control/tap-ctl.h | 2
| tools/firmware/hvmloader/xenbus.c | 6
| tools/hotplug/Linux/network-nat | 2
| tools/libxc/xc_cpufeature.h | 2
| tools/libxc/xc_cpuid_x86.c | 1
| tools/libxc/xc_hvm_build.c | 35 ++--
| tools/libxl/libxl_blktap2.c | 36 +++-
| tools/libxl/libxl_device.c | 2
| tools/libxl/libxl_internal.h | 6
| tools/libxl/libxl_noblktap2.c | 4
| tools/pygrub/src/pygrub | 8
| tools/python/xen/util/vscsi_util.py | 32 ++-
| tools/python/xen/xend/XendStateStore.py | 2
| tools/xenballoon/xenballoond.init | 2
| xen/Makefile | 2
| xen/arch/x86/boot/cmdline.S | 6
| xen/arch/x86/boot/edd.S | 6
| xen/arch/x86/cpu/amd.c | 28 ++-
| xen/arch/x86/cpu/centaur.c | 3
| xen/arch/x86/cpu/common.c | 5
| xen/arch/x86/cpu/cyrix.c | 4
| xen/arch/x86/cpu/intel.c | 5
| xen/arch/x86/cpu/mtrr/main.c | 42 ----
| xen/arch/x86/domain.c | 27 +++
| xen/arch/x86/domctl.c | 63 ++++++-
| xen/arch/x86/hpet.c | 18 +-
| xen/arch/x86/hvm/hvm.c | 33 +++
| xen/arch/x86/hvm/mtrr.c | 24 --
| xen/arch/x86/hvm/svm/svm.c | 24 ++
| xen/arch/x86/hvm/vmx/vmx.c | 30 +++
| xen/arch/x86/io_apic.c | 18 --
| xen/arch/x86/mm.c | 28 ++-
| xen/arch/x86/mm/hap/hap.c | 3
| xen/arch/x86/mm/hap/p2m-ept.c | 8
| xen/arch/x86/mm/p2m.c | 38 ++--
| xen/arch/x86/mm/paging.c | 3
| xen/arch/x86/mm/shadow/multi.c | 2
| xen/arch/x86/msi.c | 7
| xen/arch/x86/oprofile/xenoprof.c | 21 +-
| xen/arch/x86/physdev.c | 24 +-
| xen/arch/x86/setup.c | 25 +-
| xen/arch/x86/traps.c | 7
| xen/arch/x86/x86_32/entry.S | 3
| xen/arch/x86/x86_64/compat/entry.S | 3
| xen/arch/x86/x86_64/entry.S | 3
| xen/arch/x86/x86_64/mmconfig_64.c | 17 +
| xen/common/compat/xenoprof.c | 1
| xen/common/cpupool.c | 8
| xen/common/domain.c | 28 +--
| xen/common/domctl.c | 7
| xen/common/grant_table.c | 113 ++++++------
| xen/common/kexec.c | 4
| xen/common/memory.c | 31 ---
| xen/common/page_alloc.c | 23 +-
| xen/common/schedule.c | 4
| xen/common/tmem.c | 235 +++++++++++++++------------
| xen/common/tmem_xen.c | 104 ++++++++---
| xen/common/xenoprof.c | 5
| xen/drivers/acpi/pmstat.c | 21 --
| xen/drivers/passthrough/amd/iommu_init.c | 23 ++
| xen/drivers/passthrough/pci.c | 1
| xen/drivers/passthrough/vtd/iommu.c | 14 +
| xen/include/asm-x86/amd.h | 2
| xen/include/asm-x86/cpufeature.h | 2
| xen/include/asm-x86/hvm/hvm.h | 6
| xen/include/asm-x86/hvm/svm/amd-iommu-defs.h | 2
| xen/include/asm-x86/hypercall.h | 12 -
| xen/include/asm-x86/p2m.h | 8
| xen/include/asm-x86/x86_64/uaccess.h | 2
| xen/include/xen/err.h | 57 ++++++
| xen/include/xen/hypercall.h | 2
| xen/include/xen/mm.h | 3
| xen/include/xen/tmem_xen.h | 23 +-
| 84 files changed, 964 insertions(+), 534 deletions(-)
The changes in tmem.c and tmem_xen.c are all for CVE-2012-3497.
Bastian
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.7-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: