Skip to main content


Xen Project 4.12.4

We are pleased to announce the release of Xen 4.12.4. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.12 (tag RELEASE-4.12.4) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 97b7b5567f: update Xen version to 4.12.4 [Jan Beulich]
  • 4100d463db: x86/pv: Flush TLB in response to paging structure changes [Andrew Cooper]
  • b1d6f37aa5: x86/pv: Drop FLUSH_TLB_GLOBAL in do_mmu_update() for XPTI [Andrew Cooper]
  • 0108b011e1: hvmloader: flip “ACPI data” to “ACPI NVS” type for ACPI table region [Igor Druzhinin]
  • 5d49509a66: x86/mwait-idle: customize IceLake server support [Chen Yu]
  • f49fff9072: x86: fix resource leaks on arch_vcpu_create() error path [Jan Beulich]
  • 7488b405b4: x86/vLAPIC: don’t leak regs page from vlapic_init() upon error [Jan Beulich]
  • a9382052b8: evtchn/fifo: use stable fields when recording “last queue” information [Jan Beulich]
  • 68ff540de1: x86/pv: Don’t deliver #GP for a SYSENTER with NT set [Andrew Cooper]
  • 1833c60701: x86/pv: Don’t clobber NT on return-to-guest [Andrew Cooper]
  • 14b0a080c1: AMD/IOMMU: ensure suitable ordering of DTE modifications [Jan Beulich]
  • 97f9defe96: AMD/IOMMU: update live PTEs atomically [Jan Beulich]
  • b402e2a14b: IOMMU: hold page ref until after deferred TLB flush [Jan Beulich]
  • 37f45de908: IOMMU: suppress “iommu_dont_flush_iotlb” when about to free a page [Jan Beulich]
  • e461318da3: x86/mm: Prevent some races in hypervisor mapping updates [Hongyan Xia]
  • 1cec2531fb: x86/mm: Refactor modify_xen_mappings to have one exit path [Wei Liu]
  • 03926de91c: x86/mm: Refactor map_pages_to_xen to have only a single exit path [Wei Liu]
  • 6888017392: evtchn/Flask: pre-allocate node on send path [Jan Beulich]
  • 0186e76a62: x86/HVM: more consistently set I/O completion [Jan Beulich]
  • 0ca821f197: hvmloader: indicate ACPI tables with “ACPI data” type in e820 [Igor Druzhinin]
  • cfd61e688f: evtchn: arrange for preemption in evtchn_reset() [Jan Beulich]
  • 2aa4864b8a: evtchn: arrange for preemption in evtchn_destroy() [Jan Beulich]
  • 8e25d522a3: evtchn: address races with evtchn_reset() [Jan Beulich]
  • 9c2a02740f: evtchn: convert per-channel lock to be IRQ-safe [Jan Beulich]
  • 9dda47cb70: evtchn: evtchn_reset() shouldn’t succeed with still-open ports [Jan Beulich]
  • b8c9776986: evtchn/x86: enforce correct upper limit for 32-bit guests [Jan Beulich]
  • 253a1e64d3: xen/evtchn: Add missing barriers when accessing/allocating an event channel [Julien Grall]
  • 3e039e12ec: x86/pv: Avoid double exception injection [Andrew Cooper]
  • b2db00754f: evtchn: relax port_is_valid() [Jan Beulich]
  • 1dfd2e2f65: x86/MSI-X: restrict reading of table/PBA bases from BARs [Jan Beulich]
  • 76a0760f6c: x86/msi: get rid of read_msi_msg [Roger Pau Monné]
  • d28c52ee2a: x86/vpt: fix race when migrating timers between vCPUs [Roger Pau Monné]
  • 8b8fff26f5: xen/memory: Don’t skip the RCU unlock path in acquire_resource() [Andrew Cooper]
  • 320e7a7369: x86/pv: Handle the Intel-specific MSR_MISC_ENABLE correctly [Andrew Cooper]
  • 0446e3db13: xen/arm: cmpxchg: Add missing memory barriers in __cmpxchg_mb_timeout() [Julien Grall]
  • a81e6557b9: xen/arm: Missing N1/A76/A75 FP registers in vCPU context switch [Wei Chen]
  • caebaf3751: xen/arm: Update silicon-errata.txt with the Neovers AT erratum [Julien Grall]
  • 76d934929b: xen/arm: Enable CPU Erratum 1165522 for Neoverse [Bertrand Marquis]
  • 81564c40ea: arm: Add Neoverse N1 processor identification [Bertrand Marquis]
  • ff79981ecb: x86/pv: Rewrite segment context switching from scratch [Andrew Cooper]
  • 3186568505: x86/pv: Fix consistency of 64bit segment bases [Andrew Cooper]
  • 40e0cf8108: x86/pv: Fix multiple bugs with SEGBASE_GS_USER_SEL [Andrew Cooper]
  • fbf016f2b2: x86/intel: Expose MSR_ARCH_CAPS to dom0 [Andrew Cooper]
  • 8c1c3e7d25: x86: Begin to introduce support for MSR_ARCH_CAPS [Andrew Cooper]
  • 5bd49ca50e: x86: use constant flags for section .init.rodata [Roger Pau Monné]
  • e0bd8996b4: x86/ioapic: Fix fixmap error path logic in ioapic_init_mappings() [Andrew Cooper]
  • c481b9f32d: libx86: introduce a helper to deserialise msr_policy objects [Sergey Dyasli]
  • 1336ca1774: x86/hvm: set ‘ipat’ in EPT for special pages [Paul Durrant]
  • dca9cc7db6: x86emul: replace UB shifts [Jan Beulich]
  • 07fd5d3598: x86/cpuid: Fix APIC bit clearing [Fam Zheng]
  • 85ce36d12b: x86/S3: put data segment registers into known state upon resume [Jan Beulich]
  • df9a0ad1f8: x86/spec-ctrl: Protect against CALL/JMP straight-line speculation [Andrew Cooper]
  • 7cce3f25a1: mm: fix public declaration of struct xen_mem_acquire_resource [Roger Pau Monné]
  • 43258cec14: x86/msr: Disallow access to Processor Trace MSRs [Andrew Cooper]
  • a1aae54189: x86/acpi: use FADT flags to determine the PMTMR width [Grzegorz Uriasz]
  • df11056150: x86/vmx: use P2M_ALLOC in vmx_load_pdptrs instead of P2M_UNSHARE [Tamas K Lengyel]
  • 19e0bbb4eb: xen: Check the alignment of the offset pased via VCPUOP_register_vcpu_info [Julien Grall]
  • d96c0f1ed5: x86/ept: flush cache when modifying PTEs and sharing page tables [Roger Pau Monné]
  • 653811e2d2: vtd: optimize CPU cache sync [Roger Pau Monné]
  • 26072a508d: x86/alternative: introduce alternative_2 [Roger Pau Monné]
  • b292255ea2: vtd: don’t assume addresses are aligned in sync_cache [Roger Pau Monné]
  • 38dc269ea4: x86/iommu: introduce a cache sync hook [Roger Pau Monné]
  • 5733de6b88: vtd: prune (and rename) cache flush functions [Roger Pau Monné]
  • d69f3058d8: vtd: improve IOMMU TLB flush [Jan Beulich]
  • 8faa45e25e: x86/ept: atomically modify entries in ept_next_level [Roger Pau Monné]
  • 731bdaf416: x86/EPT: ept_set_middle_entry() related adjustments [Jan Beulich]
  • ec57b9af27: x86/shadow: correct an inverted conditional in dirty VRAM tracking [Jan Beulich]
  • a634229ecf: xen/common: event_channel: Don’t ignore error in get_free_port() [Julien Grall]
  • 050fe48dc9: libacpi: widen TPM detection [Jason Andryuk]
  • 436ec68ea2: ioreq: handle pending emulation racing with ioreq server destruction [Paul Durrant]
  • 96e8abab83: x86/Intel: insert Ice Lake and Comet Lake model numbers [Jan Beulich]
  • 7cdc0cff95: build: fix dependency tracking for preprocessed files [Jan Beulich]
  • d937532ff5: x86/svm: do not try to handle recalc NPT faults immediately [Igor Druzhinin]
  • 7641573b33: build32: don’t discard .shstrtab in linker script [Roger Pau Monné]
  • 7eed533a8b: x86/mm: do not attempt to convert _PAGE_GNTTAB to a boolean [Roger Pau Monné]
  • 74a1230224: x86emul: rework CMP and TEST emulation [Jan Beulich]
  • 946113a444: x86emul: address x86_insn_is_mem_{access,write}() omissions [Jan Beulich]
  • 6182e5dd89: x86/hvm: Improve error information in handle_pio() [Andrew Cooper]
  • ad20170c71: VT-x: extend LBR Broadwell errata coverage [Jan Beulich]
  • 218a19b911: x86/boot: Fix load_system_tables() to be NMI/#MC-safe [Andrew Cooper]
  • aca68b9ca9: x86: clear RDRAND CPUID bit on AMD family 15h/16h [Jan Beulich]
  • 1f581f966a: x86/idle: Extend ISR/C6 erratum workaround to Haswell [Andrew Cooper]
  • 4969f34b49: x86/idle: prevent entering C3/C6 on some Intel CPUs due to errata [Roger Pau Monné]
  • ed44947e18: x86/idle: prevent entering C6 with in service interrupts on Intel [Roger Pau Monné]
  • 2eb277ec76: x86/idle: rework C6 EOI workaround [Roger Pau Monné]
  • b3af150fd4: x86: determine MXCSR mask in all cases [Jan Beulich]
  • f769c99f92: x86/hvm: Fix shifting in stdvga_mem_read() [Andrew Cooper]
  • bcdaffc589: x86/build: Unilaterally disable -fcf-protection [Andrew Cooper]
  • 2b10a3238a: x86/build: move -fno-asynchronous-unwind-tables into EMBEDDED_EXTRA_CFLAGS [Andrew Cooper]
  • a022f3679a: x86/build32: Discard all orphaned sections [Andrew Cooper]
  • dd49ddf0eb: x86/guest: Fix assembler warnings with newer binutils [Andrew Cooper]
  • bc775d06d0: x86/cpuidle: correct Cannon Lake residency MSRs [Jan Beulich]
  • be5c240252: update Xen version to 4.12.4-pre [Jan Beulich]
  • 06760c2bf3: tools/libxl: Fix memory leak in libxl_cpuid_set() [Andrew Cooper]
  • d58c48df8c: x86/spec-ctrl: Allow the RDRAND/RDSEED features to be hidden [Andrew Cooper]
  • 199ae1f158: x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel [Andrew Cooper]
  • 9dc2842940: x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data Sampling [Andrew Cooper]

In addition, this release also contains the following fixes to qemu-traditional:

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.12.3 and qemu-xen-4.12.4).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes. 

XSA Xen qemu-traditional qemu-upstream 
XSA-286 Applied N/A N/A
XSA-317 Applied N/A N/A
XSA-319 Applied N/A N/A
XSA-320 Applied N/A N/A
XSA-321 Applied N/A N/A
XSA-327 Applied N/A N/A
XSA-328 Applied N/A N/A
XSA-329 N/A (Linux only)
XSA-331 N/A (Linux only)
XSA-332 N/A (Linux only)
XSA-333 Applied N/A N/A
XSA-334 Applied N/A N/A
XSA-335 Applied N/A N/A
XSA-336 Applied N/A N/A
XSA-337 Applied N/A N/A
XSA-338 Applied N/A N/A
XSA-339 Applied N/A N/A
XSA-340 Applied N/A N/A
XSA-341 N/A (Unused number)
XSA-342 Applied N/A N/A
XSA-343 Applied N/A N/A
XSA-344 Applied N/A N/A
XSA-345 Applied N/A N/A
XSA-346 Applied N/A N/A
XSA-347 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.12 stable series to update to this latest point release.