← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1671760] Re: Xen HVM guests running linux 4.10 fail to boot on Intel hosts

 

This bug was fixed in the package xen - 4.6.5-0ubuntu1

---------------
xen (4.6.5-0ubuntu1) xenial; urgency=medium

  * Rebasing to upstream stable release 4.6.5 (LP: #1671864)
    https://www.xenproject.org/downloads/xen-archives/xen-46-series.html
    - Includes fix for booting 4.10 Linux kernels in HVM guests on Intel
      hosts which support the TSC_ADJUST MSR (LP: #1671760)
    - Additional security relevant changes:
      * CVE-2013-2076 / XSA-052 (update)
        - Information leak on XSAVE/XRSTOR capable AMD CPUs
      * CVE-2016-7093 / XSA-186 (4.6.3 became vulnerable)
        - x86: Mishandling of instruction pointer truncation during emulation
      * XSA-207
        - memory leak when destroying guest without PT devices
    - Replacing the following security fixes with the versions from the
      stable update:
      * CVE-2015-7812 / XSA-145
        - arm: Host crash when preempting a multicall
      * CVE-2015-7813 / XSA-146
        - arm: various unimplemented hypercalls log without rate limiting
      * CVE-2015-7814 / XSA-147
        - arm: Race between domain destruction and memory allocation decrease
      * CVE-2015-7835 / XSA-148
        - x86: Uncontrolled creation of large page mappings by PV guests
      * CVE-2015-7969 / XSA-149, XSA-151
        - leak of main per-domain vcpu pointer array
        - x86: leak of per-domain profiling-related vcpu pointer array
      * CVE-2015-7970 / XSA-150
        - x86: Long latency populate-on-demand operation is not preemptible
      * CVE-2015-7971 / XSA-152
        - x86: some pmu and profiling hypercalls log without rate limiting
      * CVE-2015-7972 / XSA-153
        - x86: populate-on-demand balloon size inaccuracy can crash guests
      * CVE-2016-2270 / XSA-154
        - x86: inconsistent cachability flags on guest mappings
      * CVE-2015-8550 / XSA-155
        - paravirtualized drivers incautious about shared memory contents
      * CVE-2015-5307, CVE-2015-8104 / XSA-156
        - x86: CPU lockup during exception delivery
      * CVE-2015-8338 / XSA-158
        - long running memory operations on ARM
      * CVE-2015-8339, CVE-2015-8340 / XSA-159
        XENMEM_exchange error handling issues
      * CVE-2015-8341 / XSA-160
        - libxl leak of pv kernel and initrd on error
      * CVE-2015-8555 / XSA-165
        - information leak in legacy x86 FPU/XMM initialization
      * XSA-166
        - ioreq handling possibly susceptible to multiple read issue
      * CVE-2016-1570 / XSA-167
        - PV superpage functionality missing sanity checks
      * CVE-2016-1571 / XSA-168
        - VMX: intercept issue with INVLPG on non-canonical address
      * CVE-2015-8615 / XSA-169
        - x86: unintentional logging upon guest changing callback method
      * CVE-2016-2271 / XSA-170
        - VMX: guest user mode may crash guest with non-canonical RIP
      * CVE-2016-3158, CVE-2016-3159 / XSA-172
        - broken AMD FPU FIP/FDP/FOP leak workaround
      * CVE-2016-3960 / XSA-173
        - x86 shadow pagetables: address width overflow
      * CVE-2016-4962 / XSA-175
        - Unsanitised guest input in libxl device handling code
      * CVE-2016-4480 / XSA-176
        - x86 software guest page walk PS bit handling flaw
      * CVE-2016-4963 / XSA-178
        - Unsanitised driver domain input in libxl device handling
      * CVE-2016-5242 / XSA-181
        - arm: Host crash caused by VMID exhaustion
      * CVE-2016-6258 / XSA-182
        - x86: Privilege escalation in PV guests
      * CVE-2016-6259 / XSA-183
        - x86: Missing SMAP whitelisting in 32-bit exception / event delivery
      * CVE-2016-7092 / XSA-185
        - x86: Disallow L3 recursive pagetable for 32-bit PV guests
      * CVE-2016-7094 / XSA-187
        - x86 HVM: Overflow of sh_ctxt->seg_reg[]
      * CVE-2016-7777 / XSA-190
        - CR0.TS and CR0.EM not always honored for x86 HVM guests
      * CVE-2016-9386 / XSA-191
        - x86 null segments not always treated as unusable
      * CVE-2016-9382 / XSA-192
        - x86 task switch to VM86 mode mis-handled
      * CVE-2016-9385 / XSA-193
        - x86 segment base write emulation lacking canonical address checks
      * CVE-2016-9383 / XSA-195
        - x86 64-bit bit test instruction emulation broken
      * CVE-2016-9377, CVE-2016-9378 / XSA-196
        - x86 software interrupt injection mis-handled
      * CVE-2016-9379, CVE-2016-9380 / XSA-198
        - delimiter injection vulnerabilities in pygrub
      * CVE-2016-9932 / XSA-200
        - x86 CMPXCHG8B emulation fails to ignore operand size override
      * CVE-2016-9815, CVE-2016-9816, CVE-2016-9817, CVE-2016-9818 / XSA-201
        - ARM guests may induce host asynchronous abort
      * CVE-2016-10024 / XSA-202
        - x86 PV guests may be able to mask interrupts
      * CVE-2016-10025 / XSA-203
        - x86: missing NULL pointer check in VMFUNC emulation
      * CVE-2016-10013 / XSA-204
        - x86: Mishandling of SYSCALL singlestep during emulation

 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>  Tue, 14 Mar 2017 16:08:39
+0100

** Changed in: xen (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2076

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-5307

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7812

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7813

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7814

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7835

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7969

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7970

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7971

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7972

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8104

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8338

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8339

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8340

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8341

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8550

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8555

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8615

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-10013

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-10024

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-10025

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1570

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1571

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2270

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2271

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3158

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3159

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3960

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4480

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4962

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4963

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5242

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6258

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6259

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7092

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7093

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7094

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-7777

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9377

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9378

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9379

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9380

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9382

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9383

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9385

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9386

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9815

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9816

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9817

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9818

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9932

** Changed in: xen (Ubuntu Yakkety)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-9384

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1671760

Title:
  Xen HVM guests running linux 4.10 fail to boot on Intel hosts

Status in linux package in Ubuntu:
  Won't Fix
Status in xen package in Ubuntu:
  Fix Released
Status in linux source package in Trusty:
  Invalid
Status in xen source package in Trusty:
  Fix Released
Status in linux source package in Xenial:
  Invalid
Status in xen source package in Xenial:
  Fix Released
Status in linux source package in Yakkety:
  Invalid
Status in xen source package in Yakkety:
  Fix Released
Status in linux source package in Zesty:
  Won't Fix
Status in xen source package in Zesty:
  Fix Released

Bug description:
  Starting with Linux kernel 4.10, the kernel does some sanity checking
  on the TSC_ADJUST MSR. Xen has implemented some support for that MSR
  in the hypervisor (Xen 4.3 and later) for HVM guests. But boot and
  secondary vCPUs are set up inconsistently. This causes the boot of a
  4.10 HVM guest to hang early on boot.

  This was fixed in the hypervisor by:

    commit 98297f09bd07bb63407909aae1d309d8adeb572e
    x86/hvm: do not set msr_tsc_adjust on hvm_set_guest_tsc_fixed

  That fix would be contained in 4.6.5 and 4.7.2 and would be in 4.8.1
  (not released, yet) which mean that Ubuntu 14.04/16.04/16.10 and 17.04
  currently are affected.

  ---

  SRU Justification:

  Impact: Without the TSC_ADJUST MSR fix, 4.10 and later kernels will
  get stuck at boot when running as (PV)HVM guests on Xen 4.3 and later.

  Fix: Above fix either individually applied or as part of Xen stable
  stream (for Xen 4.7.x and 4.6.x) resolves the issue.

  Testcase:
  - Requires Intel based host which supports the TSC_ADJUST MSR
  - Configured as Xen host
  - HVM guest running Zesty/17.04
  - Stuck at boot before, normal booting OS after

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1671760/+subscriptions