Signed-off-by: George Dunlap <george.dunlap@citrix.com> --- CC: Olaf Hering <olaf@aepfle.de> CC: Ian Jackson <iwj@xenproject.org> --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8964bacf73..f7ce6682b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,6 +22,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - CI loop: Add dom0less aarch64 smoke test - x86: Allow domains to use AVX-VNNI instructions - Factored out HVM-specific shadow code, improving code clarity and reducing the size of PV-only hypervisor builds + - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts + ### Removed / support downgraded -- 2.30.2
Signed-off-by: George Dunlap <george.dunlap@citrix.com> --- CC: Paul Durrant <paul@xen.org> CC: Ian Jackson <ian.jackson@citrix.com> CC: Wei Liu <wl@xen.org> --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7ce6682b9..086a0e50d0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Switched MSR accesses to deny by default policy. - Intel Processor Trace support (Tech Preview) - Named PCI devices for xl/libxl + - Improved documentation for xl PCI configuration format - Support for zstd-compressed dom0 (x86) and domU kernels - Library improvements from NetBSD ports upstreamed - CI loop: Add Alpine Linux, Ubuntu Focal targets; drop CentOS 6 @@ -23,7 +24,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - x86: Allow domains to use AVX-VNNI instructions - Factored out HVM-specific shadow code, improving code clarity and reducing the size of PV-only hypervisor builds - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts - + - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend ### Removed / support downgraded -- 2.30.2
Signed-off-by: George Dunlap <george.dunlap@citrix.com> Signed-off-by: Ian Jackson <ian.jackson@citrix.com> --- CC: Ian Jackson <ian.jackson@citrix.com> --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 086a0e50d0..a12dab1c33 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Factored out HVM-specific shadow code, improving code clarity and reducing the size of PV-only hypervisor builds - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend + - Some additional affordances in various xl subcommands. ### Removed / support downgraded -- 2.30.2
Signed-off-by: George Dunlap <george.dunlap@citrix.com> --- CC: Ian Jackson <ian.jackson@citrix.com> CC: Stefano Stabellini <sstabellini@kernel.org> CC: Julien Grall <julien@xen.org> --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a12dab1c33..b3325a8371 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend - Some additional affordances in various xl subcommands. + - Added the following ARM errata: Cortex A53 #843419, Cortex A55 #1530923, Cortex A72 #853709, Cortex A73 #858921, Cortex A76 #1286807, Neoverse-N1 #1165522 ### Removed / support downgraded -- 2.30.2
...Grouped mostly by submitter / maintainer Signed-off-by: George Dunlap <george.dunlap@citrix.com> --- CC: Ian Jackson <ian.jackson@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> CC: Jan Beulich <jbeulich@suse.com> CC: Roger Pau Monne <roger.pau@citrix.com> --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b3325a8371..2f26cd5c87 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Named PCI devices for xl/libxl - Improved documentation for xl PCI configuration format - Support for zstd-compressed dom0 (x86) and domU kernels + - EFI: Enable booting unified hypervisor/kernel/initrd/DT images + - Reduce ACPI verbosity by default + - Add ucode=allow-same option to test late microcode loading path - Library improvements from NetBSD ports upstreamed - CI loop: Add Alpine Linux, Ubuntu Focal targets; drop CentOS 6 - CI loop: Add qemu-based dom0 / domU test for ARM -- 2.30.2
...grouped by submitters / maintainers Signed-off-by: George Dunlap <george.dunlap@citrix.com> --- CC: Juergen Gross <jgross@suse.com> CC: Jan Beulich <jbeulich@suse.com> CC: Ian Jackson <ian.jackson@citrix.com> --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f26cd5c87..9c272a0113 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,8 +28,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Factored out HVM-specific shadow code, improving code clarity and reducing the size of PV-only hypervisor builds - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend + - Fix permissions for watches on @introduceDomain and @releaseDomain: By default, only privileged domains can set watches; but specific domains can be given permission in order to allow disaggregation. + - xenstore can now be live-updated on a running system. - Some additional affordances in various xl subcommands. - Added the following ARM errata: Cortex A53 #843419, Cortex A55 #1530923, Cortex A72 #853709, Cortex A73 #858921, Cortex A76 #1286807, Neoverse-N1 #1165522 + - On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging ### Removed / support downgraded -- 2.30.2
Signed-off-by: George Dunlap <george.dunlap@citrix.com> --- CC: Igor Druzhinin <igor.druzhinin@citrix.com> CC: Jan Beulich <jbeulich@suse.com> CC: Ian Jackson <ian.jackson@citrix.com> --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c272a0113..7237b0a020 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -33,6 +33,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) - Some additional affordances in various xl subcommands. - Added the following ARM errata: Cortex A53 #843419, Cortex A55 #1530923, Cortex A72 #853709, Cortex A73 #858921, Cortex A76 #1286807, Neoverse-N1 #1165522 - On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging + - Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests ### Removed / support downgraded -- 2.30.2
[-- Attachment #1.1.1: Type: text/plain, Size: 207 bytes --] On 01.04.21 15:38, George Dunlap wrote: > ...grouped by submitters / maintainers > > Signed-off-by: George Dunlap <george.dunlap@citrix.com> Reviewed-by: Juergen Gross <jgross@suse.com> Juergen [-- Attachment #1.1.2: OpenPGP_0xB0DE9DD628BF132F.asc --] [-- Type: application/pgp-keys, Size: 3135 bytes --] [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 495 bytes --]
On 01/04/2021 14:38, George Dunlap wrote: > ...grouped by submitters / maintainers > > Signed-off-by: George Dunlap <george.dunlap@citrix.com> > --- > CC: Juergen Gross <jgross@suse.com> > CC: Jan Beulich <jbeulich@suse.com> > CC: Ian Jackson <ian.jackson@citrix.com> > --- > CHANGELOG.md | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/CHANGELOG.md b/CHANGELOG.md > index 2f26cd5c87..9c272a0113 100644 > --- a/CHANGELOG.md > +++ b/CHANGELOG.md > @@ -28,8 +28,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) > - Factored out HVM-specific shadow code, improving code clarity and reducing the size of PV-only hypervisor builds > - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts > - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend > + - Fix permissions for watches on @introduceDomain and @releaseDomain: By default, only privileged domains can set watches; but specific domains can be given permission in order to allow disaggregation. This is XSA-115, and isn't something new in 4.15 vs 4.14. (I think?) > + - xenstore can now be live-updated on a running system. This needs to be very clear that it is tech preview. It does not currently work cleanly if a malicious VM deliberately holds a transaction open. ~Andrew
On 01.04.2021 15:38, George Dunlap wrote:
> --- a/CHANGELOG.md
> +++ b/CHANGELOG.md
> @@ -26,6 +26,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
> - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts
> - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend
> - Some additional affordances in various xl subcommands.
> + - Added the following ARM errata: Cortex A53 #843419, Cortex A55 #1530923, Cortex A72 #853709, Cortex A73 #858921, Cortex A76 #1286807, Neoverse-N1 #1165522
May I suggest "Added workarounds for ..."?
Jan
> On Apr 1, 2021, at 3:00 PM, Andrew Cooper <andrew.cooper3@citrix.com> wrote: > > On 01/04/2021 14:38, George Dunlap wrote: >> ...grouped by submitters / maintainers >> >> Signed-off-by: George Dunlap <george.dunlap@citrix.com> >> --- >> CC: Juergen Gross <jgross@suse.com> >> CC: Jan Beulich <jbeulich@suse.com> >> CC: Ian Jackson <ian.jackson@citrix.com> >> --- >> CHANGELOG.md | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/CHANGELOG.md b/CHANGELOG.md >> index 2f26cd5c87..9c272a0113 100644 >> --- a/CHANGELOG.md >> +++ b/CHANGELOG.md >> @@ -28,8 +28,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) >> - Factored out HVM-specific shadow code, improving code clarity and reducing the size of PV-only hypervisor builds >> - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts >> - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend >> + - Fix permissions for watches on @introduceDomain and @releaseDomain: By default, only privileged domains can set watches; but specific domains can be given permission in order to allow disaggregation. > > This is XSA-115, and isn't something new in 4.15 vs 4.14. (I think?) XSA-115 went public during the 4.15 development window. So on the one hand, it’s certainly effort that happened during the window, which it would be good to highlight. On the other hand, it was backported to all security supported trees (?), so it’s not something you need to update to 4.15 to get. Honestly not sure the best thing to suggest here. > >> + - xenstore can now be live-updated on a running system. > > This needs to be very clear that it is tech preview. It does not > currently work cleanly if a malicious VM deliberately holds a > transaction open. OK, I’ll add (tech preview) at the end. Thanks, -George
On 01.04.2021 15:38, George Dunlap wrote:
> ...Grouped mostly by submitter / maintainer
>
> Signed-off-by: George Dunlap <george.dunlap@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
On 01/04/2021 15:13, George Dunlap wrote: > >> On Apr 1, 2021, at 3:00 PM, Andrew Cooper <andrew.cooper3@citrix.com> wrote: >> >> On 01/04/2021 14:38, George Dunlap wrote: >>> ...grouped by submitters / maintainers >>> >>> Signed-off-by: George Dunlap <george.dunlap@citrix.com> >>> --- >>> CC: Juergen Gross <jgross@suse.com> >>> CC: Jan Beulich <jbeulich@suse.com> >>> CC: Ian Jackson <ian.jackson@citrix.com> >>> --- >>> CHANGELOG.md | 3 +++ >>> 1 file changed, 3 insertions(+) >>> >>> diff --git a/CHANGELOG.md b/CHANGELOG.md >>> index 2f26cd5c87..9c272a0113 100644 >>> --- a/CHANGELOG.md >>> +++ b/CHANGELOG.md >>> @@ -28,8 +28,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) >>> - Factored out HVM-specific shadow code, improving code clarity and reducing the size of PV-only hypervisor builds >>> - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts >>> - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend >>> + - Fix permissions for watches on @introduceDomain and @releaseDomain: By default, only privileged domains can set watches; but specific domains can be given permission in order to allow disaggregation. >> This is XSA-115, and isn't something new in 4.15 vs 4.14. (I think?) > XSA-115 went public during the 4.15 development window. > > So on the one hand, it’s certainly effort that happened during the window, which it would be good to highlight. On the other hand, it was backported to all security supported trees (?), so it’s not something you need to update to 4.15 to get. > > Honestly not sure the best thing to suggest here. We either want all XSAs discussed, or none of them. Possibly as simple as "the following XSAs {...} where developed and released" ? I recall Lars making this part of the release notes in the past. > >>> + - xenstore can now be live-updated on a running system. >> This needs to be very clear that it is tech preview. It does not >> currently work cleanly if a malicious VM deliberately holds a >> transaction open. > OK, I’ll add (tech preview) at the end. SGTM. ~Andrew
On 01.04.2021 15:38, George Dunlap wrote:
> --- a/CHANGELOG.md
> +++ b/CHANGELOG.md
> @@ -33,6 +33,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
> - Some additional affordances in various xl subcommands.
> - Added the following ARM errata: Cortex A53 #843419, Cortex A55 #1530923, Cortex A72 #853709, Cortex A73 #858921, Cortex A76 #1286807, Neoverse-N1 #1165522
> - On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging
> + - Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests
Acked-by: Jan Beulich <jbeulich@suse.com>
albeit I again wonder if this isn't too small / niche a change to warrant an
entry here.
Jan
> On Apr 1, 2021, at 3:16 PM, Andrew Cooper <andrew.cooper3@citrix.com> wrote: > > On 01/04/2021 15:13, George Dunlap wrote: >> >>> On Apr 1, 2021, at 3:00 PM, Andrew Cooper <andrew.cooper3@citrix.com> wrote: >>> >>> On 01/04/2021 14:38, George Dunlap wrote: >>>> ...grouped by submitters / maintainers >>>> >>>> Signed-off-by: George Dunlap <george.dunlap@citrix.com> >>>> --- >>>> CC: Juergen Gross <jgross@suse.com> >>>> CC: Jan Beulich <jbeulich@suse.com> >>>> CC: Ian Jackson <ian.jackson@citrix.com> >>>> --- >>>> CHANGELOG.md | 3 +++ >>>> 1 file changed, 3 insertions(+) >>>> >>>> diff --git a/CHANGELOG.md b/CHANGELOG.md >>>> index 2f26cd5c87..9c272a0113 100644 >>>> --- a/CHANGELOG.md >>>> +++ b/CHANGELOG.md >>>> @@ -28,8 +28,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) >>>> - Factored out HVM-specific shadow code, improving code clarity and reducing the size of PV-only hypervisor builds >>>> - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts >>>> - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend >>>> + - Fix permissions for watches on @introduceDomain and @releaseDomain: By default, only privileged domains can set watches; but specific domains can be given permission in order to allow disaggregation. >>> This is XSA-115, and isn't something new in 4.15 vs 4.14. (I think?) >> XSA-115 went public during the 4.15 development window. >> >> So on the one hand, it’s certainly effort that happened during the window, which it would be good to highlight. On the other hand, it was backported to all security supported trees (?), so it’s not something you need to update to 4.15 to get. >> >> Honestly not sure the best thing to suggest here. > > We either want all XSAs discussed, or none of them. Possibly as simple > as "the following XSAs {...} where developed and released" ? I don’t think that’s true. The vast majority of our XSAs are, “Make it work the way everyone already thought it worked”. This is a user-visible change in behavior. Like I said, I do see your point; not sure what I think the best thing is to do. > I recall Lars making this part of the release notes in the past. Lars included an XSA report on the xenproject.org download page for point releases, not full releases; something I’ve carried on doing. e.g.: https://xenproject.org/downloads/xen-project-archives/xen-project-4-13-series/xen-project-4-13-3/ -George
> On Apr 1, 2021, at 3:17 PM, Jan Beulich <jbeulich@suse.com> wrote:
>
> On 01.04.2021 15:38, George Dunlap wrote:
>> --- a/CHANGELOG.md
>> +++ b/CHANGELOG.md
>> @@ -33,6 +33,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
>> - Some additional affordances in various xl subcommands.
>> - Added the following ARM errata: Cortex A53 #843419, Cortex A55 #1530923, Cortex A72 #853709, Cortex A73 #858921, Cortex A76 #1286807, Neoverse-N1 #1165522
>> - On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging
>> + - Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests
>
> Acked-by: Jan Beulich <jbeulich@suse.com>
> albeit I again wonder if this isn't too small / niche a change to warrant an
> entry here.
At least it’s a user-visible change this time. :-)
It was in a list of potential items passed to my by Ian; at any rate I’ll let him have the final say (when he comes back Tuesday).
-George
On 01/04/2021 14:38, George Dunlap wrote: > Signed-off-by: George Dunlap <george.dunlap@citrix.com> > --- > CC: Paul Durrant <paul@xen.org> > CC: Ian Jackson <ian.jackson@citrix.com> > CC: Wei Liu <wl@xen.org> Reviewed-by: Paul Durrant <paul@xen.org> > --- > CHANGELOG.md | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/CHANGELOG.md b/CHANGELOG.md > index f7ce6682b9..086a0e50d0 100644 > --- a/CHANGELOG.md > +++ b/CHANGELOG.md > @@ -15,6 +15,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) > - Switched MSR accesses to deny by default policy. > - Intel Processor Trace support (Tech Preview) > - Named PCI devices for xl/libxl > + - Improved documentation for xl PCI configuration format > - Support for zstd-compressed dom0 (x86) and domU kernels > - Library improvements from NetBSD ports upstreamed > - CI loop: Add Alpine Linux, Ubuntu Focal targets; drop CentOS 6 > @@ -23,7 +24,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) > - x86: Allow domains to use AVX-VNNI instructions > - Factored out HVM-specific shadow code, improving code clarity and reducing the size of PV-only hypervisor builds > - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts > - > + - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend > > ### Removed / support downgraded > >
Hi, On 01/04/2021 15:13, Jan Beulich wrote: > On 01.04.2021 15:38, George Dunlap wrote: >> --- a/CHANGELOG.md >> +++ b/CHANGELOG.md >> @@ -26,6 +26,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) >> - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts >> - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend >> - Some additional affordances in various xl subcommands. >> + - Added the following ARM errata: Cortex A53 #843419, Cortex A55 #1530923, Cortex A72 #853709, Cortex A73 #858921, Cortex A76 #1286807, Neoverse-N1 #1165522 > > May I suggest "Added workarounds for ..."? +1 With that: Acked-by: Julien Grall <jgrall@amazon.com> > > Jan > -- Julien Grall
George Dunlap writes ("[PATCH for-4.15 1/7] CHANGELOG.md: Mention XEN_SCRIPT_DIR"):
> Signed-off-by: George Dunlap <george.dunlap@citrix.com>
Reviewed-by: Ian Jackson <iwj@xenproject.org>