Skip to main content


Xen Project 4.10.4

We are pleased to announce the release of Xen 4.10.4. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.10 (tag RELEASE-4.10.4) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 3131bf956a: update Xen version to 4.10.4 [Jan Beulich]
  • 29fd403ef5: x86: drop arch_evtchn_inject() [Jan Beulich]
  • f77cedca53: XSM: adjust Kconfig names [Jan Beulich]
  • 7d5123001e: xen/arm: time: cycles_t should be an uint64_t and not unsigned long [Julien Grall]
  • 6197b859ec: xen/arm: grant-table: Protect gnttab_clear_flag against guest misbehavior [Julien Grall]
  • 71de67694b: xen/arm: Add performance counters in guest atomic helpers [Julien Grall]
  • 3f9140b881: xen: Use guest atomics helpers when modifying atomically guest memory [Julien Grall]
  • 7236d3cea1: xen/cmpxchg: Provide helper to safely modify guest memory atomically [Julien Grall]
  • c18015eb74: xen/bitops: Provide helpers to safely modify guest memory atomically [Julien Grall]
  • 2869167894: xen/arm: Turn on SILO mode by default on Arm [Julien Grall]
  • fc1f82152b: xen/xsm: Add new SILO mode for XSM [Xin Li]
  • 0976945af3: xen/xsm: Introduce new boot parameter xsm [Xin Li]
  • c69ae56a57: xen/xsm: remove unnecessary #define [Xin Li]
  • b8036fed1d: xen/arm: cmpxchg: Provide a new helper that can timeout [Julien Grall]
  • 89ac7f19e4: xen/arm: bitops: Implement a new set of helpers that can timeout [Julien Grall]
  • 8ae42e93d3: xen/arm32: cmpxchg: Simplify the cmpxchg implementation [Julien Grall]
  • 9fa3da615d: xen/arm64: cmpxchg: Simplify the cmpxchg implementation [Julien Grall]
  • 7484d020f0: xen/arm: bitops: Consolidate prototypes in one place [Julien Grall]
  • 21441ed527: xen/arm32: bitops: Rewrite bitop helpers in C [Julien Grall]
  • 1bbbfc0e4a: xen/arm64: bitops: Rewrite bitop helpers in C [Julien Grall]
  • 3f10c53b3e: xen/grant_table: Rework the prototype of _set_status* for lisibility [Julien Grall]
  • 702c9146c0: xen/arm: Add an isb() before reading CNTPCT_EL0 to prevent re-ordering [Julien Grall]
  • 52220b5f43: common: avoid atomic read-modify-write accesses in map_vcpu_info() [Jan Beulich]
  • c11933bda1: events: drop arch_evtchn_inject() [Jan Beulich]
  • adf037bba1: libacpi: report PCI slots as enabled only for hotpluggable devices [Igor Druzhinin]
  • 2b6ec0c156: x86/IO-APIC: fix build with gcc9 [Jan Beulich]
  • d93beccffe: xen/sched: fix csched2_deinit_pdata() [Juergen Gross]
  • 357238b326: x86emul: add support for missing {,V}PMADDWD insns [Jan Beulich]
  • 9c04e56d31: x86/IRQ: avoid UB (or worse) in trace_irq_mask() [Jan Beulich]
  • 2518d92b0e: x86/boot: Fix latent memory corruption with early_boot_opts_t [Andrew Cooper]
  • 69d7bed4e3: drivers/video: drop framebuffer size constraints [Marek Marczykowski-Górecki]
  • af62f4b1b6: bitmap: fix bitmap_fill with zero-sized bitmap [Marek Marczykowski-Górecki]
  • 446155d3d1: x86/vmx: correctly gather gs_shadow value for current vCPU [Tamas K Lengyel]
  • f947752439: x86/mtrr: recalculate P2M type for domains with iocaps [Igor Druzhinin]
  • 5a5b1286bd: AMD/IOMMU: disable previously enabled IOMMUs upon init failure [Jan Beulich]
  • 3c89988d55: trace: fix build with gcc9 [Jan Beulich]
  • ac516e8940: oxenstored: Don’t re-open a xenctrl handle for every domain introduction [Andrew Cooper]
  • 94b82d8e30: xl: handle PVH type in apply_global_affinity_masks again [Wei Liu]
  • 617a1e7829: tools/libxc: Fix issues with libxc and Xen having different featureset lengths [Andrew Cooper]
  • d5e3494e31: tools/xl: use libxl_domain_info to get domain type for vcpu-pin [Igor Druzhinin]
  • 2cdf1b6be9: tools/libxl: correct vcpu affinity output with sparse physical cpu map [Juergen Gross]
  • 5cfbc0ffd5: tools/ocaml: Dup2 /dev/null to stdin in daemonize() [Christian Lindig]
  • c1c95c4d38: tools/misc/xenpm: fix getting info when some CPUs are offline [Marek Marczykowski-Górecki]
  • 48bd9061a2: x86: fix build race when generating temporary object files [Jan Beulich]
  • 6556cce977: VT-d: posted interrupts require interrupt remapping [Jan Beulich]
  • f6cc822fe2: vm_event: fix XEN_VM_EVENT_RESUME domctl [Petre Pircalabu]
  • ff0959644e: xen/timers: Fix memory leak with cpu unplug/plug [Andrew Cooper]
  • 2abefc36ae: xen/sched: fix credit2 smt idle handling [Juergen Gross]
  • ab261f5ac4: x86/spec-ctrl: Introduce options to control VERW flushing [Andrew Cooper]
  • 71f4a763b6: x86/spec-ctrl: Infrastructure to use VERW to flush pipeline buffers [Andrew Cooper]
  • b32dde342c: x86/spec-ctrl: CPUID/MSR definitions for Microarchitectural Data Sampling [Andrew Cooper]
  • 0771bb653d: x86/spec-ctrl: Misc non-functional cleanup [Andrew Cooper]
  • 4852a150f7: x86/boot: Detect the firmware SMT setting correctly on Intel hardware [Andrew Cooper]
  • 0fe82c188c: x86/msr: Definitions for MSR_INTEL_CORE_THREAD_COUNT [Andrew Cooper]
  • 8f0b53ca9f: x86/spec-ctrl: Reposition the XPTI command line parsing logic [Andrew Cooper]
  • aa6978c268: x86/spec-ctrl: Extend repoline safey calcuations for eIBRS and Atom parts [Andrew Cooper]
  • 923d4e8736: x86/msr: Shorten ARCH_CAPABILITIES_* constants [Andrew Cooper]
  • 7ddfc2af15: x86/e820: fix build with gcc9 [Jan Beulich]
  • f72572115b: x86/pv: Fix construction of 32bit dom0’s [Andrew Cooper]
  • 7dfea782b8: x86/tsx: Implement controls for RTM force-abort mode [Andrew Cooper]
  • f0c5805b64: x86/vtd: Don’t include control register state in the table pointers [Andrew Cooper]
  • 3f5490d7e4: x86/HVM: don’t crash guest in hvmemul_find_mmio_cache() [Jan Beulich]
  • d06f5613e5: iommu: leave IOMMU enabled by default during kexec crash transition [Igor Druzhinin]
  • 92fc0b635c: x86/vmx: Properly flush the TLB when an altp2m is modified [Andrew Cooper]
  • b8071f348b: x86/cpuid: add missing PCLMULQDQ dependency [Jan Beulich]
  • 5200791dfb: x86/mm: fix #GP(0) in switch_cr3_cr4() [Jan Beulich]
  • 3b0eebb1ca: xen: Fix backport of “xen/cmdline: Fix buggy strncmp(s, LITERAL, ss – s) construct” [Andrew Cooper]
  • 5a81de4c6b: tools/firmware: update OVMF Makefile, when necessary [Wei Liu]
  • b2bbd34257: Arm/atomic: correct asm() constraints in build_add_sized() [Jan Beulich]
  • 7842419a6b: x86/pv: _toggle_guest_pt() may not skip TLB flush for shadow mode guests [Jan Beulich]
  • 9f663d2ab1: x86/pv: Don’t have %cr4.fsgsbase active behind a guest kernels back [Andrew Cooper]
  • d176cd6194: x86/pv: Rewrite guest %cr4 handling from scratch [Andrew Cooper]
  • a595111d0c: x86/mm: properly flush TLB in switch_cr3_cr4() [Jan Beulich]
  • aae0d1882a: x86/mm: don’t retain page type reference when IOMMU operation fails [Jan Beulich]
  • 631b90239d: x86/mm: add explicit preemption checks to L3 (un)validation [Jan Beulich]
  • f6f1e94887: x86/mm: also allow L2 (un)validation to be fully preemptible [Jan Beulich]
  • b450b2007d: xen: Make coherent PV IOMMU discipline [George Dunlap]
  • dfc7e3ce9d: steal_page: Get rid of bogus struct page states [George Dunlap]
  • 382e4a62da: IOMMU/x86: fix type ref-counting race upon IOMMU page table construction [Jan Beulich]
  • edbc9b02eb: gnttab: set page refcount for copy-on-grant-transfer [Jan Beulich]
  • edb80d287b: update Xen version to 4.10.4-pre [Jan Beulich]

This release contains NO fixes to qemu-traditional. It contains the following changes to qemu-upstream:

  • 8acabec966: xen_disk: Disable file locking for the PV disk backend [Anthony PERARD]
  • 04a43f76e2: gluster: the glfs_io_cbk callback function pointer adds pre/post stat args [Niels de Vos]
  • c84fdba657: gluster: Handle changed glfs_ftruncate signature [Prasanna Kumar Kalever]
  • f60c3e6db1: xen-mapcache: use MAP_FIXED flag so the mmap address hint is always honored [Roger Pau Monne]
  • dc33057be1: mmap(2) returns MAP_FAILED, not NULL, on failure [Michael McConville]
  • 985e9a769d: net: drop too large packet early [Jason Wang]
  • 91c37190ff: net: ignore packet size greater than INT_MAX [Jason Wang]
  • a776fab3fa: 9p: fix QEMU crash when renaming files [Greg Kurz]
  • bbdf89c1b6: nvme: fix out-of-bounds access to the CMB [Paolo Bonzini]
  • fc98458a06: 9p: take write lock on fid path updates (CVE-2018-19364) [Greg Kurz]
  • 93971e6e48: vga: fix region calculation [Gerd Hoffmann]
  • 1c458b7e43: vga: add ram_addr_t cast [Gerd Hoffmann]
  • d2283aa233: vga: check the validation of memory addr when draw text [linzhecheng]
  • 8a0df40718: gtk: Don’t vte_terminal_set_encoding() on new VTE versions [Kevin Wolf]

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes. 

XSA Xen qemu-traditional qemu-upstream 
XSA-283 Advisory withdrawn
XSA-284 Applied N/A N/A
XSA-285 Applied N/A N/A
XSA-286 Applied N/A N/A
XSA-287 Applied N/A N/A
XSA-288 Applied N/A N/A
XSA-289 Not Applied, see Technical Details.
XSA-290 Applied N/A N/A
XSA-291 Applied N/A N/A
XSA-292 Applied N/A N/A
XSA-293 Applied N/A N/A
XSA-294 Applied N/A N/A
XSA-295 Applied N/A N/A
XSA-296 Applied N/A N/A
XSA-297 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.10 stable series to update to this latest point release.