1# Changelog
2
3Notable changes to Xen will be documented in this file.
4
5The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
6
7## [4.19.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=staging) - 2024-07-29
8
9### Changed
10 - Changed flexible array definitions in public I/O interface headers to not
11   use "1" as the number of array elements.
12 - The minimum supported OCaml toolchain version is now 4.05
13 - On x86:
14   - HVM PIRQs are disabled by default.
15   - Reduce IOMMU setup time for hardware domain.
16   - Allow HVM/PVH domains to map foreign pages.
17   - Declare PVH dom0 supported with caveats.
18 - xl/libxl configures vkb=[] for HVM domains with priority over vkb_device.
19 - Increase the maximum number of CPUs Xen can be built for from 4095 to
20   16383.
21 - When building with Systemd support (./configure --enable-systemd), remove
22   libsystemd as a build dependency.  Systemd Notify support is retained, now
23   using a standalone library implementation.
24 - xenalyze no longer requires `--svm-mode` when analyzing traces
25   generated on AMD CPUs
26 - Code symbol annotations and MISRA compliance improvements.
27 - CI updates:
28   - Minimum fixes to rebuild the containers, following the HEREDOC problems.
29   - Rebuild containers to have testing with up-to-date LTS distros.
30   - Few build system checks, and strip the obsolete contents of
31     the build containers.
32
33### Added
34 - On x86:
35   - Introduce a new x2APIC driver that uses Cluster Logical addressing mode
36     for IPIs and Physical addressing mode for external interrupts.
37 - On Arm:
38   - FF-A notification support.
39   - Introduction of dynamic node programming using overlay dtbo.
40 - Add a new 9pfs backend running as a daemon in dom0. First user is
41   Xenstore-stubdom now being able to support full Xenstore trace capability.
42 - libxl support for backendtype=tap with tapback.
43
44### Removed
45 - caml-stubdom.  It hasn't built since 2014, was pinned to Ocaml 4.02, and has
46   been superseded by the MirageOS/SOLO5 projects.
47 - /usr/bin/pygrub symlink.  This was deprecated in Xen 4.2 (2012) but left for
48   compatibility reasons.  VMs configured with bootloader="/usr/bin/pygrub"
49   should be updated to just bootloader="pygrub".
50 - The Xen gdbstub on x86.
51 - xentrace_format has been removed; use xenalyze instead.
52
53## [4.18.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.18.0) - 2023-11-16
54
55### Changed
56 - Repurpose command line gnttab_max_{maptrack_,}frames options so they don't
57   cap toolstack provided values.
58 - Ignore VCPUOP_set_singleshot_timer's VCPU_SSHOTTMR_future flag. The only
59   known user doesn't use it properly, leading to in-guest breakage.
60 - The "dom0" option is now supported on Arm and "sve=" sub-option can be used
61   to enable dom0 guest to use SVE/SVE2 instructions.
62 - Physical CPU Hotplug downgraded to Experimental and renamed "ACPI CPU
63   Hotplug" for clarity
64
65### Added
66 - On x86:
67   - On all Intel systems, MSR_ARCH_CAPS is now visible in guests, and
68     controllable from the VM's config file.  For CPUs from ~2019 onwards,
69     this allows guest kernels to see details about hardware fixes for
70     speculative mitigations.  (Backported as XSA-435 to older releases).
71   - xl/libxl can customize SMBIOS strings for HVM guests.
72   - Support for enforcing system-wide operation in Data Operand Independent
73     Timing Mode.
74   - Add Intel Hardware P-States (HWP) cpufreq driver.
75   - Support for features new in AMD Genoa CPUs:
76     - CPUID_USER_DIS (CPUID Faulting) used by Xen to control PV guest's view
77       of CPUID data.
78   - Support for features new in Intel Sapphire Rapids CPUs:
79     - PKS (Protection Key Supervisor) available to HVM/PVH guests.
80     - VM-Notify used by Xen to mitigate certain micro-architectural pipeline
81       livelocks, instead of crashing the entire server.
82     - Bus-lock detection, used by Xen to mitigate (by rate-limiting) the
83       system wide impact of a guest misusing atomic instructions.
84   - Support for features new in Intel Granite Rapids CPUs:
85     - AVX512-FP16.
86 - On Arm:
87   - Xen supports guests running SVE/SVE2 instructions. (Tech Preview)
88   - Add suport for Firmware Framework for Arm A-profile (FF-A) Mediator (Tech
89     Preview)
90   - Experimental support for dynamic addition/removal of Xen device tree
91     nodes using a device tree overlay binary (.dtbo).
92 - Introduce two new hypercalls to map the vCPU runstate and time areas by
93   physical rather than linear/virtual addresses.
94 - The project has now officially adopted 6 directives and 65 rules of MISRA-C.
95
96### Removed
97 - On x86, the "pku" command line option has been removed.  It has never
98   behaved precisely as described, and was redundant with the unsupported
99   "cpuid=no-pku".  Visibility of PKU to guests should be via its vm.cfg file.
100 - xenpvnetboot removed as unable to convert to Python 3.
101
102## [4.17.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.17.0) - 2022-12-12
103
104### Changed
105 - On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that
106   this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen.
107 - The "gnttab" option now has a new command line sub-option for disabling the
108   GNTTABOP_transfer functionality.
109 - The x86 MCE command line option info is now updated.
110
111### Added / support upgraded
112 - Out-of-tree builds for the hypervisor now supported.
113 - __ro_after_init support, for marking data as immutable after boot.
114 - The project has officially adopted 4 directives and 24 rules of MISRA-C,
115   added MISRA-C checker build integration, and defined how to document
116   deviations.
117 - IOMMU superpage support on x86, affecting PV guests as well as HVM/PVH ones
118   when they don't share page tables with the CPU (HAP / EPT / NPT).
119 - Support for VIRT_SSBD and MSR_SPEC_CTRL for HVM guests on AMD.
120 - Improved TSC, CPU, and APIC clock frequency calibration on x86.
121 - Support for Xen using x86 Control Flow Enforcement technology for its own
122   protection. Both Shadow Stacks (ROP protection) and Indirect Branch
123   Tracking (COP/JOP protection).
124 - Add mwait-idle support for SPR and ADL on x86.
125 - Extend security support for hosts to 12 TiB of memory on x86.
126 - Add command line option to set cpuid parameters for dom0 at boot time on x86.
127 - Improved static configuration options on Arm.
128 - cpupools can be specified at boot using device tree on Arm.
129 - It is possible to use PV drivers with dom0less guests, allowing statically
130   booted dom0less guests with PV devices.
131 - On Arm, p2m structures are now allocated out of a pool of memory set aside at
132   domain creation.
133 - Improved mitigations against Spectre-BHB on Arm.
134 - Support VirtIO-MMIO devices device-tree binding creation in toolstack on Arm.
135 - Allow setting the number of CPUs to activate at runtime from command line
136   option on Arm.
137 - Grant-table support on Arm was improved and hardened by implementing
138   "simplified M2P-like approach for the xenheap pages"
139 - Add Renesas R-Car Gen4 IPMMU-VMSA support on Arm.
140 - Add i.MX lpuart and i.MX8QM support on Arm.
141 - Improved toolstack build system.
142 - Add Xue - console over USB 3 Debug Capability.
143 - gitlab-ci automation: Fixes and improvements together with new tests.
144
145### Removed / support downgraded
146 - dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options
147
148## [4.16.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.16.0) - 2021-12-02
149
150### Removed
151 - XENSTORED_ROOTDIR environment variable from configuartion files and
152   initscripts, due to being unused.
153
154### Changed
155 - Quarantining of passed-through PCI devices no longer defaults to directing I/O to a scratch
156   page, matching original post-XSA-302 behavior (albeit the change was also backported, first
157   appearing in 4.12.2 and 4.11.4). Prior (4.13...4.15-like) behavior can be arranged for
158   either by enabling the IOMMU_QUARANTINE_SCRATCH_PAGE setting at build (configuration) time
159   or by passing "iommu=quarantine=scratch-page" on the hypervisor command line.
160 - pv-grub stubdoms will no longer be built per default. In order to be able to use pv-grub
161   configure needs to be called with "--enable-pv-grub" as parameter.
162 - qemu-traditional based device models (both, qemu-traditional and ioemu-stubdom) will
163   no longer be built per default. In order to be able to use those, configure needs to
164   be called with "--enable-qemu-traditional" as parameter.
165 - Fixes for credit2 scheduler stability in corner case conditions.
166 - Ongoing improvements in the hypervisor build system.
167 - vtpmmgr miscellaneous fixes in preparation for TPM 2.0 support.
168 - 32bit PV guests only supported in shim mode.
169 - Improved PVH dom0 debug key handling.
170 - Fix booting on some Intel systems without a PIT (i8254).
171 - Cleanup of the xenstore library interface.
172 - Fix truncation of return value from xencall2 by introducing a new helper
173   that returns a long instead.
174 - Fix system register accesses on Arm to use the proper 32/64bit access size.
175 - Various fixes for Arm OP-TEE mediator.
176 - Switch to domheap for Xen page tables.
177
178### Added
179 - 32bit Arm builds to the gitlab-ci automated tests.
180 - x86 full system tests to the gitlab-ci automated tests.
181 - Arm limited vPMU support for guests.
182 - Static physical memory allocation for dom0less on arm64.
183 - dom0less EFI support on arm64.
184 - GICD_ICPENDR register handling in vGIC emulation to support Zephyr OS.
185 - CPU feature leveling on arm64 platform with heterogeneous cores.
186 - Report unpopulated memory regions safe to use for external mappings, Arm and
187   device tree only.
188 - Support of generic DT IOMMU bindings for Arm SMMU v2.
189 - Limit grant table version on a per-domain basis.
190
191## [4.15.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.15.0) - 2021-04-08
192
193### Added / support upgraded
194 - ARM IOREQ servers (device emulation etc.) (Tech Preview)
195 - Renesas IPMMU-VMSA (Supported, not security supported; was Tech Preview)
196 - ARM SMMUv3 (Tech Preview)
197 - Switched MSR accesses to deny by default policy.
198 - Intel Processor Trace support (Tech Preview)
199 - Named PCI devices for xl/libxl
200 - Improved documentation for xl PCI configuration format
201 - Support for zstd-compressed dom0 (x86) and domU kernels
202 - EFI: Enable booting unified hypervisor/kernel/initrd/DT images
203 - Reduce ACPI verbosity by default
204 - Add ucode=allow-same option to test late microcode loading path
205 - Library improvements from NetBSD ports upstreamed
206 - CI loop: Add Alpine Linux, Ubuntu Focal targets; drop CentOS 6
207 - CI loop: Add qemu-based dom0 / domU test for ARM
208 - CI loop: Add dom0less aarch64 smoke test
209 - x86: Allow domains to use AVX-VNNI instructions
210 - Factored out HVM-specific shadow code, improving code clarity and reducing the size of PV-only hypervisor builds
211 - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts
212 - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend
213 - xenstore can now be live-updated on a running system. (Tech preview)
214 - Some additional affordances in various xl subcommands.
215 - Added workarounds for the following ARM errata: Cortex A53 #843419, Cortex A55 #1530923, Cortex A72 #853709, Cortex A73 #858921, Cortex A76 #1286807, Neoverse-N1 #1165522
216 - On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging
217 - Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests
218
219### Removed / support downgraded
220
221 - qemu-xen-traditional as host process device model, now "No security
222   support, not recommended".  (Use as stub domain device model is still
223   supported - see SUPPORT.md.)
224
225## [4.14.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.14.0) - 2020-07-23
226
227### Added
228 - This file and MAINTAINERS entry.
229 - Use x2APIC mode whenever available, regardless of interrupt remapping
230   support.
231 - Performance improvements to guest assisted TLB flushes, either when using
232   the Xen hypercall interface or the viridian one.
233 - Assorted pvshim performance and scalability improvements plus some bug
234   fixes.
235 - Hypervisor framework to ease porting Xen to run on hypervisors.
236 - Initial support to run on Hyper-V.
237 - Initial hypervisor file system (hypfs) support.
238 - libxl support for running qemu-xen device model in a linux stubdomain.
239 - New 'domid_policy', allowing domain-ids to be randomly chosen.
240 - Option to preserve domain-id across migrate or save+restore.
241 - Support in kdd for initial KD protocol handshake for Win 7, 8 and 10 (64 bit).
242 - Tech preview support for Control-flow Execution Technology, with Xen using
243   Supervisor Shadow Stacks for its own protection.
244
245### Changed
246 - The CPUID data seen by a guest on boot is now moved in the migration
247   stream.  A guest migrating between non-identical hardware will now no
248   longer observe details such as Family/Model/Stepping, Cache, etc changing.
249   An administrator still needs to take care to ensure the features visible to
250   the guest at boot are compatible with anywhere it might migrate.
251
252## [4.13.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.13.0) - 2019-12-17
253
254> Pointer to release from which CHANGELOG tracking starts
255