Skip to main content


Xen Project 4.11.1

We are pleased to announce the release of Xen 4.11.1. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.11 (tag RELEASE-4.11.1) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 96cbd0893f: update Xen version to 4.11.1 [Jan Beulich]
  • 49caabf258: x86/dom0: Avoid using 1G superpages if shadowing may be necessary [Andrew Cooper]
  • bbe48b5b67: x86/shadow: shrink struct page_info’s shadow_flags to 16 bits [Jan Beulich]
  • 93177f1f0f: x86/shadow: move OOS flag bit positions [Jan Beulich]
  • e738850aaf: x86/mm: Don’t perform flush after failing to update a guests L1e [Andrew Cooper]
  • eb6830a1c8: x86/mm: Put the gfn on all paths after get_gfn_query() [Andrew Cooper]
  • b88ccb3ae7: x86/hvm/ioreq: use ref-counted target-assigned shared pages [Paul Durrant]
  • 3b2a779ccb: x86/hvm/ioreq: fix page referencing [Paul Durrant]
  • 946f345547: AMD/IOMMU: suppress PTE merging after initial table creation [Jan Beulich]
  • 086a9dded2: amd/iommu: fix flush checks [Roger Pau Monné]
  • dea9fc0e02: stubdom/vtpm: fix memcmp in TPM_ChangeAuthAsymFinish [Olaf Hering]
  • ff9f8730a9: x86: work around HLE host lockup erratum [Jan Beulich]
  • 0f0ad146b5: x86: extend get_platform_badpages() interface [Jan Beulich]
  • 8ad462a34f: Release: add release note link to [Juergen Gross]
  • d67b849d22: x86/pv: Fix crash when using `xl set-parameter pcid=…` [Andrew Cooper]
  • 8f3f58c1c0: tools/dombuilder: Initialise vcpu debug registers correctly [Andrew Cooper]
  • 06a50b02d5: x86/domain: Initialise vcpu debug registers correctly [Andrew Cooper]
  • fe10c229a4: x86/boot: Initialise the debug registers correctly [Andrew Cooper]
  • e2436396ed: x86/boot: enable NMIs after traps init [Sergey Dyasli]
  • f0b4b6995c: vtd: add missing check for shared EPT… [Paul Durrant]
  • d34471f144: x86: fix “xpti=” and “pv-l1tf=” yet again [Jan Beulich]
  • 26feeb5647: x86: split opt_pv_l1tf [Jan Beulich]
  • 221acbf429: x86: split opt_xpti [Jan Beulich]
  • 8bed7285f1: x86: silence false log messages for plain “xpti” / “pv-l1tf” [Jan Beulich]
  • 18b5947648: x86/vvmx: Disallow the use of VT-x instructions when nested virt is disabled [Andrew Cooper]
  • 94fba9f438: stubdom/grub.patches: Drop docs changes, for licensing reasons [Ian Jackson]
  • 33664f9a05: tools/tests: fix an xs-test.c issue [Wei Liu]
  • a2e35a7592: x86/boot: Allocate one extra module slot for Xen image placement [Daniel Kiper]
  • 451f9c8e02: xen: sched/Credit2: fix bug when moving CPUs between two Credit2 cpupools [Dario Faggioli]
  • d7cbb4b5c9: x86/hvm/emulate: make sure rep I/O emulation does not cross GFN boundaries [Paul Durrant]
  • bb6d070c16: x86/efi: split compiler vs linker support [Roger Pau Monné]
  • b1a47ef063: x86/efi: move the logic to detect PE build support [Roger Pau Monné]
  • 5b1592d188: x86/shutdown: use ACPI reboot method for Dell PowerEdge R540 [Ross Lagerwall]
  • 0719a5ff7e: x86: assorted array_index_nospec() insertions [Jan Beulich]
  • 03fd745154: VT-d/dmar: iommu mem leak fix [Zhenzhong Duan]
  • d1caf6ee72: rangeset: make inquiry functions tolerate NULL inputs [Jan Beulich]
  • a07f444502: x86/setup: Avoid OoB E820 lookup when calculating the L1TF safe address [Andrew Cooper]
  • 74fee1b6d3: x86/hvm/ioreq: MMIO range checking completely ignores direction flag [Paul Durrant]
  • 2004a914b6: x86/vlapic: Bugfixes and improvements to vlapic_{read,write}() [Andrew Cooper]
  • 8c8b3cb17e: x86/vmx: Avoid hitting BUG_ON() after EPTP-related domain_crash() [Andrew Cooper]
  • 5acdd26fdc: libxl: start pvqemu when 9pfs is requested [Stefano Stabellini]
  • 733450b39b: x86: write to correct variable in parse_pv_l1tf() [Jan Beulich]
  • d757c29ffe: xl.conf: Add global affinity masks [Wei Liu]
  • 6c7d074a4b: x86: Make “spec-ctrl=no” a global disable of all mitigations [Jan Beulich]
  • 2a47c75509: x86/spec-ctrl: Introduce an option to control L1D_FLUSH for HVM HAP guests [Andrew Cooper]
  • 007752fb9b: x86/msr: Virtualise MSR_FLUSH_CMD for guests [Andrew Cooper]
  • fb78137bb8: x86/spec-ctrl: CPUID/MSR definitions for L1D_FLUSH [Andrew Cooper]
  • 665e7685b4: x86/pv: Force a guest into shadow mode when it writes an L1TF-vulnerable PTE [Juergen Gross]
  • f4a049ede7: x86/mm: Plumbing to allow any PTE update to fail with -ERESTART [Andrew Cooper]
  • 02d2c66093: x86/shadow: Infrastructure to force a PV guest into shadow mode [Juergen Gross]
  • 57483c09ef: x86/spec-ctrl: Introduce an option to control L1TF mitigation for PV guests [Andrew Cooper]
  • d044f6cc59: x86/spec-ctrl: Calculate safe PTE addresses for L1TF mitigations [Andrew Cooper]
  • e6441a804b: tools/oxenstored: Make evaluation order explicit [Christian Lindig]
  • 48fb482ef6: x86/vtx: Fix the checking for unknown/invalid MSR_DEBUGCTL bits [Andrew Cooper]
  • fa79f9e762: ARM: disable grant table v2 [Stefano Stabellini]
  • 1d32c21975: VMX: fix vmx_{find,del}_msr() build [Jan Beulich]
  • 7b420e8a82: x86/vmx: Support load-only guest MSR list entries [Andrew Cooper]
  • 8b35b978a2: x86/vmx: Pass an MSR value into vmx_msr_add() [Andrew Cooper]
  • cfdd4e846a: x86/vmx: Improvements to LBR MSR handling [Andrew Cooper]
  • 218d403ad9: x86/vmx: Support remote access to the MSR lists [Andrew Cooper]
  • b52017c904: x86/vmx: Factor locate_msr_entry() out of vmx_find_msr() and vmx_add_msr() [Andrew Cooper]
  • 52b8f9ae22: x86/vmx: Internal cleanup for MSR load/save infrastructure [Andrew Cooper]
  • 935e9c4047: x86/vmx: API improvements for MSR load/save infrastructure [Andrew Cooper]
  • 61cc8769a9: x86/vmx: Defer vmx_vmcs_exit() as long as possible in construct_vmcs() [Andrew Cooper]
  • 4254e98740: x86/vmx: Fix handing of MSR_DEBUGCTL on VMExit [Andrew Cooper]
  • 6fe9726aeb: x86/spec-ctrl: Yet more fixes for xpti= parsing [Andrew Cooper]
  • 33ced725e1: x86/spec-ctrl: Fix the parsing of xpti= on fixed Intel hardware [Andrew Cooper]
  • 7de2155573: x86/hvm: Disallow unknown MSR_EFER bits [Andrew Cooper]
  • 06d2a763d0: x86/xstate: Make errors in xstate calculations more obvious by crashing the domain [Andrew Cooper]
  • 543027c984: x86/xstate: Use a guests CPUID policy, rather than allowing all features [Andrew Cooper]
  • 037fe82cf5: x86/vmx: Don’t clobber %dr6 while debugging state is lazy [Andrew Cooper]
  • 353edf12c8: x86: command line option to avoid use of secondary hyper-threads [Jan Beulich]
  • 75313e478e: x86: possibly bring up all CPUs even if not all are supposed to be used [Jan Beulich]
  • 5908b4866b: x86: distinguish CPU offlining from CPU removal [Jan Beulich]
  • bd51a64242: x86/AMD: distinguish compute units from hyper-threads [Jan Beulich]
  • 0a2016ca2f: cpupools: fix state when downing a CPU failed [Jan Beulich]
  • b53e0defce: x86/svm Fixes and cleanup to svm_inject_event() [Andrew Cooper]
  • a44cf0c872: allow cpu_down() to be called earlier [Jan Beulich]
  • ac35e050b6: mm/page_alloc: correct first_dirty calculations during block merging [Sergey Dyasli]
  • 10c548215b: xen: oprofile/nmi_int.c: Drop unwanted sexual reference [Ian Jackson]
  • 4bdeedbd61: x86/spec-ctrl: command line handling adjustments [Jan Beulich]
  • da33530ab3: x86: correctly set nonlazy_xstate_used when loading full state [Jan Beulich]
  • e932371d6a: xen: Port the array_index_nospec() infrastructure from Linux [Andrew Cooper]
  • 1fd87ba1cd: xen/Makefile: Bump version to 4.11.1-pre for ongoing 4.11 stable branch [Ian Jackson]

This release contains NO fixes to qemu-traditional.

    This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.11.0 and qemu-xen-4.11.1).

    This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes. 

    XSA Xen qemu-traditional qemu-upstream 
    XSA-268 Applied Applied Applied
    XSA-269 Applied Applied Applied
    XSA-270 N/A (Linux only)
    XSA-271 N/A (XAPI only)
    XSA-272 Applied Applied Applied
    XSA-273 Applied Applied Applied
    XSA-274 N/A (Linux only)
    XSA-275 Applied Applied Applied
    XSA-276 Applied Applied Applied
    XSA-277 Applied Applied Applied
    XSA-278 Applied Applied Applied
    XSA-279 Applied Applied Applied
    XSA-280 Applied Applied Applied
    XSA-281 N/A (Unused number)
    XSA-282 Applied Applied Applied

    See for details related to Xen Project security advisories.

    We recommend all users of the 4.11 stable series to update to this latest point release.