github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-16 18:57:26 +00:00
Code Issues Projects Releases Wiki Activity

Doc: Grammatical edits to the 1.4 Release Notes.

Browse Source 
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
This commit is contained in:
Deb Taylor 2019-11-11 11:43:49 -05:00 committed by deb-intel
parent c1470c8a02
commit bb3befa306
1 changed files with 32 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
doc/release_notes/release_notes_1.4.rst
View File

@ -5,8 +5,8 @@ ACRN v1.4 (Oct 2019)
We are pleased to announce the release of ACRN version 1.4. We are pleased to announce the release of ACRN version 1.4.
ACRN is a flexible, lightweight reference hypervisor, built with ACRN is a flexible, lightweight reference hypervisor that is built with
real-time and safety-criticality in mind, optimized to streamline embedded real-time and safety-criticality in mind. It is optimized to streamline embedded
development through an open source platform. Check out the :ref:`introduction` for more information. development through an open source platform. Check out the :ref:`introduction` for more information.
All project ACRN source code is maintained in the https://github.com/projectacrn/acrn-hypervisor All project ACRN source code is maintained in the https://github.com/projectacrn/acrn-hypervisor
repository and includes folders for the ACRN hypervisor, the ACRN device repository and includes folders for the ACRN hypervisor, the ACRN device
@ -22,7 +22,7 @@ or use Git clone and checkout commands::
The project's online technical documentation is also tagged to correspond The project's online technical documentation is also tagged to correspond
with a specific release: generated v1.4 documents can be found at https://projectacrn.github.io/1.4/. with a specific release: generated v1.4 documents can be found at https://projectacrn.github.io/1.4/.
Documentation for the latest (master) branch is found at https://projectacrn.github.io/latest/. Documentation for the latest (master) branch is found at https://projectacrn.github.io/latest/.
ACRN v1.4 requires Clear Linux* OS version 31520. Please follow the ACRN v1.4 requires Clear Linux* OS version 31520. Follow the
instructions in the :ref:`rt_industry_setup`. instructions in the :ref:`rt_industry_setup`.
Version 1.4 major features Version 1.4 major features
@ -30,59 +30,58 @@ Version 1.4 major features
What's New in v1.4 What's New in v1.4
================== ==================
* ACRN is now conformant to Microsoft(r) Hypervisor Top Level Functional Specification(TLFS). * ACRN now conforms to the Microsoft* Hypervisor Top-Level Functional Specification (TLFS).
* Added basic CPU sharing capabilities. * Basic CPU sharing capabilities have been added.
* Improved WaaG (Windows as a guest) stability and performance. * WaaG (Windows as a guest) stability and performance has been improved.
* Improved Realtime performance of RTVM (preempt-RT kernel based). * Realtime performance of the RTVM (preempt-RT kernel-based) has been improved.
Document updates Document updates
================ ================
We have many new `reference documents available <https://projectacrn.github.io>`_, including: Many new `reference documents <https://projectacrn.github.io>`_ are available, including:
* [to be update once pr merge]:enable-s5 * :ref:`enable-s5`
* :ref:`enable_laag_secure_boot` * :ref:`enable_laag_secure_boot`
* :ref:`How-to-enable-secure-boot-for-windows` * :ref:`How-to-enable-secure-boot-for-windows`
* [to be update once pr merge]:asa * :ref:`asa`
Security Vulnerabilities Security Vulnerabilities
************************ ************************
We recommend all developers upgrade to this v1.4 release, which addresses these security We recommend that all developers upgrade to this v1.4 release, which
issues discovered in earlier releases: addresses the following security issues that were discovered in previous releases:
AP Trampoline Is Accessible to Service VM AP Trampoline Is Accessible to the Service VM
This vulnerability is triggered when validating the memory isolation between This vulnerability is triggered when validating the memory isolation between the VM and hypervisor. The AP Trampoline code exists in the LOW_RAM region in the hypervisor but is
VM and hypervisor. AP Trampoline code exists in LOW_RAM region in hypervisor but is potentially accessible to the Service VM. This could be used by an attacker to mount DoS
potentially accessible to service VM. This could be used by an attacker to mount DoS attacks on the hypervisor if the Service VM is compromised.
attacks on the hypervisor if service VM is compromised.
Improper Usage Of ``LIST_FOREACH()`` macro Improper Usage Of the ``LIST_FOREACH()`` Macro
Testing discovered that the MACRO ``LIST_FOREACH()`` was incorrectly used for some cases Testing discovered that the MACRO ``LIST_FOREACH()`` was incorrectly used in some cases
which may induce a "wild pointer" and cause ACRN Device Model crash. An attacker which could induce a "wild pointer" and cause the ACRN Device Model to crash. Attackers
could use this issue to cause a denial of service (DoS). can potentially use this issue to cause denial of service (DoS) attacks.
Hypervisor Crashed When Fuzzing HC_SET_CALLBACK_VECTOR Hypervisor Crashed When Fuzzing HC_SET_CALLBACK_VECTOR
This vulnerability was reported by Fuzzing tool for debug version of ACRN. When software fails This vulnerability was reported by the Fuzzing tool for the debug version of ACRN. When the software fails
to validate input properly, an attacker is able to craft the input in a form that is to validate input properly, an attacker is able to craft the input in a form that is
not expected by the rest of the application. This can lead to parts of the system not expected by the rest of the application. This can lead to parts of the system
receiving unintended input, which may result in altered control flow, arbitrary control receiving unintended inputs, which may result in an altered control flow, arbitrary control
of a resource, or arbitrary code execution. of a resource, or arbitrary code execution.
FILE Pointer Is Not Closed After Using FILE Pointer Is Not Closed After Using
This vulnerability was reported by Fuzzing tool. Leaving the file unclosed will cause This vulnerability was reported by the Fuzzing tool. Leaving the file unclosed will cause a
leaking file descriptor and may cause unexpected errors in Device Model program. leaking file descriptor and may cause unexpected errors in the Device Model program.
Descriptor of Directory Stream Is Referenced After Release Descriptor of Directory Stream Is Referenced After Release
This vulnerability was reported by Fuzzing tool. A successful call to ``closedir(DIR *dirp)`` This vulnerability was reported by the Fuzzing tool. A successful call to ``closedir(DIR *dirp)``
also closes the underlying file descriptor associated with ``dirp``. Access to the released also closes the underlying file descriptor associated with ``dirp``. Access to the released
descriptor may point to some arbitrary memory location or cause undefined behavior. descriptor may point to some arbitrary memory location or cause undefined behavior.
Mutex Is Potentially Kept in Locked State Forever Mutex Is Potentially Kept in a Locked State Forever
This vulnerability was reported by Fuzzing tool. pthread_mutex_lock/unlock pairing was not This vulnerability was reported by the Fuzzing tool. Here, ``pthread_mutex_lock/unlock`` pairing was not
always done. Leaving a mutex in a locked state forever can cause program deadlock, always done. Leaving a mutex in a locked state forever can cause program deadlock,
depending on the usage scenario. depending on the usage scenario.
We recommend all developers upgrade to ACRN release v1.4. We recommend that all developers upgrade to ACRN release v1.4.
New Features Details New Features Details
******************** ********************