Skip to main content


Xen Project 4.12.1

We are pleased to announce the release of Xen 4.12.1. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.12 (tag RELEASE-4.12.1) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • ba62d9e360: update Xen version to 4.12.1 [Jan Beulich]
  • dcc0bf5dec: libxl: fix pci device re-assigning after domain reboot [Juergen Gross]
  • 604ee1116d: passthrough/vtd: Don’t DMA to the stack in queue_invalidate_wait() [Andrew Cooper]
  • 57a735da3c: x86/crash: fix kexec transition breakage [Igor Druzhinin]
  • 35c7fbdf67: AMD/IOMMU: process softirqs while dumping IRTs [Jan Beulich]
  • 491edac2cb: AMD/IOMMU: free more memory when cleaning up after error [Jan Beulich]
  • d7aeafe7c8: argo: suppress select logging messages [Nicholas Tsirakis]
  • 46262b87eb: argo: correctly report pending message length [Nicholas Tsirakis]
  • 478a0ecb1a: argo: warn sendv() caller when ring is full [Nicholas Tsirakis]
  • e5122c6c4a: x86/ctxt-switch: Document and improve GDT handling [Andrew Cooper]
  • 122f18afbe: x86: make loading of GDT at context switch more modular [Juergen Gross]
  • 78165d6191: x86/svm: Fix svm_vmcb_dump() when used in current context [Andrew Cooper]
  • d0a7bbe8de: x86/clear_page: Update clear_page_sse2() after dropping 32bit Xen [Andrew Cooper]
  • 125b038ac6: x86/altp2m: cleanup p2m_altp2m_lazy_copy [Tamas K Lengyel]
  • 31f1bab3fe: x86/boot: Don’t leak the module_map allocation in __start_xen() [Andrew Cooper]
  • 09e745bf8b: x86/hvm: Fix altp2m_op hypercall continuations [Andrew Cooper]
  • 3be3d9da40: x86/msr: Fix handling of MSR_AMD_PATCHLEVEL/MSR_IA32_UCODE_REV [Andrew Cooper]
  • 3d7177d270: x86/altp2m: treat view 0 as the hostp2m in p2m_get_mem_access() [Razvan Cojocaru]
  • 658cd63002: tools: re-sync CPUID leaf 7 tables [Jan Beulich]
  • f7f54f39ee: x86/xstate: Don’t special case feature collection [Andrew Cooper]
  • 7f2df4b622: x86/msi: fix loop termination condition in pci_msi_conf_write_intercept() [Paul Durrant]
  • a5680b1904: x86/vvmx: set CR4 before CR0 [Sergey Dyasli]
  • 675ccffbb2: x86/cpuid: leak OSXSAVE only when XSAVE is not clear in policy [Igor Druzhinin]
  • a0ab0db67e: x86/SMP: don’t try to stop already stopped CPUs [Jan Beulich]
  • 353ed67cd6: x86/AMD: limit C1E disable family range [Jan Beulich]
  • 3fa73d4acf: x86/AMD: correct certain Fam17 checks [Jan Beulich]
  • ec3d131d9d: x86/pv: Fix undefined behaviour in check_descriptor() [Andrew Cooper]
  • 4c3eb3a6ba: x86/irq: Fix undefined behaviour in irq_move_cleanup_interrupt() [Andrew Cooper]
  • 8b162b0ffc: x86/spec-ctrl: Knights Landing/Mill are retpoline-safe [Andrew Cooper]
  • 6922d07ada: x86/vhpet: avoid ‘small’ time diff test on resume [Paul Durrant]
  • f41dbf33e7: xen/arm: grant-table: Protect gnttab_clear_flag against guest misbehavior [Julien Grall]
  • f8c866a1a3: xen/arm: Add performance counters in guest atomic helpers [Julien Grall]
  • 497f924b20: xen: Use guest atomics helpers when modifying atomically guest memory [Julien Grall]
  • 0fdad3c474: xen/cmpxchg: Provide helper to safely modify guest memory atomically [Julien Grall]
  • 28d636da7f: xen/bitops: Provide helpers to safely modify guest memory atomically [Julien Grall]
  • 6fabde3aaf: xen/arm: Turn on SILO mode by default on Arm [Julien Grall]
  • ee4fc79513: xen/arm: cmpxchg: Provide a new helper that can timeout [Julien Grall]
  • 9d78383ab4: xen/arm: bitops: Implement a new set of helpers that can timeout [Julien Grall]
  • 4f13fc21c2: xen/arm32: cmpxchg: Simplify the cmpxchg implementation [Julien Grall]
  • 99934ee44d: xen/arm64: cmpxchg: Simplify the cmpxchg implementation [Julien Grall]
  • b44db0b3ba: xen/arm: bitops: Consolidate prototypes in one place [Julien Grall]
  • a18450caab: xen/arm32: bitops: Rewrite bitop helpers in C [Julien Grall]
  • 1625ff3ea8: xen/arm64: bitops: Rewrite bitop helpers in C [Julien Grall]
  • 1cc454114e: xen/grant_table: Rework the prototype of _set_status* for lisibility [Julien Grall]
  • af3c381ca4: xen/arm: Add an isb() before reading CNTPCT_EL0 to prevent re-ordering [Julien Grall]
  • ac839e956b: common: avoid atomic read-modify-write accesses in map_vcpu_info() [Jan Beulich]
  • 427a8bad4b: events: drop arch_evtchn_inject() [Jan Beulich]
  • 967627141b: libacpi: report PCI slots as enabled only for hotpluggable devices [Igor Druzhinin]
  • c6ac10c8c4: x86/IO-APIC: fix build with gcc9 [Jan Beulich]
  • a324e9c460: xen/sched: fix csched2_deinit_pdata() [Juergen Gross]
  • b89fe9fdbc: x86emul: add support for missing {,V}PMADDWD insns [Jan Beulich]
  • 1e6ab8e2d4: x86/IRQ: avoid UB (or worse) in trace_irq_mask() [Jan Beulich]
  • 69325e736d: x86/boot: Fix latent memory corruption with early_boot_opts_t [Andrew Cooper]
  • 136d10fe4d: x86/svm: Fix handling of ICEBP intercepts [Andrew Cooper]
  • 86a2e13cbe: drivers/video: drop framebuffer size constraints [Marek Marczykowski-Górecki]
  • 33f128df08: bitmap: fix bitmap_fill with zero-sized bitmap [Marek Marczykowski-Górecki]
  • 0f4974e5be: x86/vmx: correctly gather gs_shadow value for current vCPU [Tamas K Lengyel]
  • d0d1dfb481: x86/mtrr: recalculate P2M type for domains with iocaps [Igor Druzhinin]
  • b02bca1543: AMD/IOMMU: disable previously enabled IOMMUs upon init failure [Jan Beulich]
  • 0dcd945a67: trace: fix build with gcc9 [Jan Beulich]
  • b4f291b0ca: xl: handle PVH type in apply_global_affinity_masks again [Wei Liu]
  • c59579d831: tools/xl: use libxl_domain_info to get domain type for vcpu-pin [Igor Druzhinin]
  • 4ed6c8b95c: x86: fix build race when generating temporary object files [Jan Beulich]
  • fa9d5b8beb: VT-d: posted interrupts require interrupt remapping [Jan Beulich]
  • 8457c15b98: x86/vmx: Fixup removals of MSR load/save list entries [Igor Druzhinin]
  • 0bd5e03cb7: xen/timers: Fix memory leak with cpu unplug/plug [Andrew Cooper]
  • 8e18dca58a: x86emul: don’t read mask register on AVX512F-incapable platforms [Jan Beulich]
  • 9d2a3128dc: vm_event: fix XEN_VM_EVENT_RESUME domctl [Petre Pircalabu]
  • 11ffc5a3c5: x86emul: suppress general register update upon AVX gather failures [Jan Beulich]
  • b8ed146895: xen/sched: fix credit2 smt idle handling [Juergen Gross]
  • 714207b3fa: x86/spec-ctrl: Introduce options to control VERW flushing [Andrew Cooper]
  • 45d570e301: x86/spec-ctrl: Infrastructure to use VERW to flush pipeline buffers [Andrew Cooper]
  • 0a317c5162: x86/spec-ctrl: CPUID/MSR definitions for Microarchitectural Data Sampling [Andrew Cooper]
  • fe1ba9dea4: x86/spec-ctrl: Misc non-functional cleanup [Andrew Cooper]
  • 6d8f5e3521: x86/boot: Detect the firmware SMT setting correctly on Intel hardware [Andrew Cooper]
  • 944b400dc4: x86/msr: Definitions for MSR_INTEL_CORE_THREAD_COUNT [Andrew Cooper]
  • 143712dc2b: x86/spec-ctrl: Reposition the XPTI command line parsing logic [Andrew Cooper]
  • fd2a34c965: x86/spec-ctrl: Extend repoline safey calcuations for eIBRS and Atom parts [Andrew Cooper]
  • e25d1338e1: x86/msr: Shorten ARCH_CAPABILITIES_* constants [Andrew Cooper]
  • 7cf6fbc635: x86/hvm: finish IOREQs correctly on completion path [Igor Druzhinin]
  • 7f53be2ab5: x86/hvm: split all linear reads and writes at page boundary [Igor Druzhinin]
  • eb905217d1: x86/e820: fix build with gcc9 [Jan Beulich]
  • c75d5fe57f: x86/pv: Fix construction of 32bit dom0’s [Andrew Cooper]
  • e3a1ebee98: x86/tsx: Implement controls for RTM force-abort mode [Andrew Cooper]
  • 70d613d8b9: x86/vtd: Don’t include control register state in the table pointers [Andrew Cooper]
  • 8593e79d76: x86/HVM: don’t crash guest in hvmemul_find_mmio_cache() [Jan Beulich]
  • a6c708dc22: iommu: leave IOMMU enabled by default during kexec crash transition [Igor Druzhinin]
  • 36f04634ce: Arm/atomic: correct asm() constraints in build_add_sized() [Jan Beulich]
  • c4b1a75d7c: Fix release notes link [Ian Jackson]
  • 18f6fb990c: xen/Makefile: Set version to 4.12.1-pre for stable branch [Ian Jackson]

In addition, this release contains no fixes to qemu-traditional. However, this release contains numerous changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.12.0 and qemu-xen-4.12.1).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes. 

XSA Xen qemu-traditional qemu-upstream 
XSA-295 Applied
XSA-297 Applied
XSA-300 Linux only

See for details related to Xen Project security advisories.

We recommend all users of the 4.12 stable series to update to this latest point release.