Skip to main content


Xen Project 4.13.2

We are pleased to announce the release of Xen 4.13.2. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.13 (tag RELEASE-4.13.2) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 0060ac29bc: update Xen version to 4.13.2 [Jan Beulich]
  • 28b7817127: x86/pv: Flush TLB in response to paging structure changes [Andrew Cooper]
  • c10b2931bf: x86/pv: Drop FLUSH_TLB_GLOBAL in do_mmu_update() for XPTI [Andrew Cooper]
  • dc38c1103c: hvmloader: flip “ACPI data” to “ACPI NVS” type for ACPI table region [Igor Druzhinin]
  • b05fe1533b: x86/mwait-idle: customize IceLake server support [Chen Yu]
  • 82a28743da: x86: fix resource leaks on arch_vcpu_create() error path [Jan Beulich]
  • c32e9be04a: x86/vLAPIC: don’t leak regs page from vlapic_init() upon error [Jan Beulich]
  • fa9e1f73bf: xen/domain: check IOMMU options doesn’t contain unknown bits set [Roger Pau Monné]
  • ca95985a64: evtchn/fifo: use stable fields when recording “last queue” information [Jan Beulich]
  • 055a5d540b: x86/pv: Don’t deliver #GP for a SYSENTER with NT set [Andrew Cooper]
  • ff1fd42f0d: x86/pv: Don’t clobber NT on return-to-guest [Andrew Cooper]
  • e891c288cc: AMD/IOMMU: ensure suitable ordering of DTE modifications [Jan Beulich]
  • 3009e4d6b4: AMD/IOMMU: update live PTEs atomically [Jan Beulich]
  • 1c86c83030: AMD/IOMMU: convert amd_iommu_pte from struct to union [Jan Beulich]
  • 745652fec9: IOMMU: hold page ref until after deferred TLB flush [Jan Beulich]
  • 6e237b6160: IOMMU: suppress “iommu_dont_flush_iotlb” when about to free a page [Jan Beulich]
  • 98ec9711e5: x86/mm: Prevent some races in hypervisor mapping updates [Hongyan Xia]
  • 7f5d6760b6: x86/mm: Refactor modify_xen_mappings to have one exit path [Wei Liu]
  • a2c0c91b3e: x86/mm: Refactor map_pages_to_xen to have only a single exit path [Wei Liu]
  • 8e7e5857a2: evtchn/Flask: pre-allocate node on send path [Jan Beulich]
  • 88f5b414ac: x86/HVM: more consistently set I/O completion [Jan Beulich]
  • f63b20a213: hvmloader: indicate ACPI tables with “ACPI data” type in e820 [Igor Druzhinin]
  • b015fbe509: evtchn: arrange for preemption in evtchn_reset() [Jan Beulich]
  • 54becf611d: evtchn: arrange for preemption in evtchn_destroy() [Jan Beulich]
  • 43572a4cd9: evtchn: address races with evtchn_reset() [Jan Beulich]
  • 21054297bf: evtchn: convert per-channel lock to be IRQ-safe [Jan Beulich]
  • a8122e991d: evtchn: evtchn_reset() shouldn’t succeed with still-open ports [Jan Beulich]
  • e1364e05f9: evtchn/x86: enforce correct upper limit for 32-bit guests [Jan Beulich]
  • 5867a14ac1: xen/evtchn: Add missing barriers when accessing/allocating an event channel [Julien Grall]
  • 0537543cc1: x86/pv: Avoid double exception injection [Andrew Cooper]
  • ae922b9fc2: evtchn: relax port_is_valid() [Jan Beulich]
  • f27980a330: x86/MSI-X: restrict reading of table/PBA bases from BARs [Jan Beulich]
  • b7fcbe0150: x86/msi: get rid of read_msi_msg [Roger Pau Monné]
  • 42fcdd4232: x86/vpt: fix race when migrating timers between vCPUs [Roger Pau Monné]
  • 286b3539b7: xen/memory: Don’t skip the RCU unlock path in acquire_resource() [Andrew Cooper]
  • b98031951d: x86/pv: Handle the Intel-specific MSR_MISC_ENABLE correctly [Andrew Cooper]
  • aa1d9a7dbf: xen/arm: cmpxchg: Add missing memory barriers in __cmpxchg_mb_timeout() [Julien Grall]
  • bd63ab538b: xen/arm: Missing N1/A76/A75 FP registers in vCPU context switch [Wei Chen]
  • 4fb1ad782d: xen/arm: Update silicon-errata.txt with the Neovers AT erratum [Julien Grall]
  • 4a0c174c17: xen/arm: Enable CPU Erratum 1165522 for Neoverse [Bertrand Marquis]
  • 6ef4daddc7: arm: Add Neoverse N1 processor identification [Bertrand Marquis]
  • c663fa577b: x86/pv: Rewrite segment context switching from scratch [Andrew Cooper]
  • 761e8df102: x86/pv: Fix consistency of 64bit segment bases [Andrew Cooper]
  • 64690393a8: x86/pv: Fix multiple bugs with SEGBASE_GS_USER_SEL [Andrew Cooper]
  • b9083432f1: x86/intel: Expose MSR_ARCH_CAPS to dom0 [Andrew Cooper]
  • ac4ec487e0: x86: Begin to introduce support for MSR_ARCH_CAPS [Andrew Cooper]
  • a7f0434093: x86: use constant flags for section .init.rodata [Roger Pau Monné]
  • 0861885b5f: x86/ioapic: Fix fixmap error path logic in ioapic_init_mappings() [Andrew Cooper]
  • 9b367b2b0b: x86/hvm: set ‘ipat’ in EPT for special pages [Paul Durrant]
  • e1829658a0: x86emul: replace UB shifts [Jan Beulich]
  • befa216803: x86/cpuid: Fix APIC bit clearing [Fam Zheng]
  • e9e72fb157: x86/S3: put data segment registers into known state upon resume [Jan Beulich]
  • b67bb90a6b: x86: restore pv_rtc_handler() invocation [Jan Beulich]
  • fff1874b61: x86/spec-ctrl: Protect against CALL/JMP straight-line speculation [Andrew Cooper]
  • ec972cb418: mm: fix public declaration of struct xen_mem_acquire_resource [Roger Pau Monné]
  • d967a2bcd3: x86/msr: Disallow access to Processor Trace MSRs [Andrew Cooper]
  • 665f5c1271: x86/acpi: use FADT flags to determine the PMTMR width [Grzegorz Uriasz]
  • ddb6fd3f9c: x86/vmx: use P2M_ALLOC in vmx_load_pdptrs instead of P2M_UNSHARE [Tamas K Lengyel]
  • 378321bb1f: xen: Check the alignment of the offset pased via VCPUOP_register_vcpu_info [Julien Grall]
  • 572e349de1: x86/ept: flush cache when modifying PTEs and sharing page tables [Roger Pau Monné]
  • 0c8c10d12e: vtd: optimize CPU cache sync [Roger Pau Monné]
  • 493e143a82: x86/alternative: introduce alternative_2 [Roger Pau Monné]
  • 8b9be8f415: vtd: don’t assume addresses are aligned in sync_cache [Roger Pau Monné]
  • f1055a202d: x86/iommu: introduce a cache sync hook [Roger Pau Monné]
  • 005d5eaa45: vtd: prune (and rename) cache flush functions [Roger Pau Monné]
  • 1c7a98cab9: vtd: improve IOMMU TLB flush [Jan Beulich]
  • 2b34d8cd73: x86/ept: atomically modify entries in ept_next_level [Roger Pau Monné]
  • 56e117f504: x86/EPT: ept_set_middle_entry() related adjustments [Jan Beulich]
  • 7a76deb101: x86/shadow: correct an inverted conditional in dirty VRAM tracking [Jan Beulich]
  • 3e41b727f7: xen/common: event_channel: Don’t ignore error in get_free_port() [Julien Grall]
  • 9f7e8bac4c: libacpi: widen TPM detection [Jason Andryuk]
  • cdd8f958d6: x86/passthrough: introduce a flag for GSIs not requiring an EOI or unmask [Roger Pau Monné]
  • a9d46ba332: x86/passthrough: do not assert edge triggered GSIs for PVH dom0 [Roger Pau Monné]
  • 05ba427181: ioreq: handle pending emulation racing with ioreq server destruction [Paul Durrant]
  • 780d3761f1: x86/Intel: insert Ice Lake and Comet Lake model numbers [Jan Beulich]
  • 31c5d84c51: x86/rtc: provide mediated access to RTC for PVH dom0 [Roger Pau Monné]
  • 27d4f1ac67: build: fix dependency tracking for preprocessed files [Jan Beulich]
  • 11ea967c99: x86/svm: do not try to handle recalc NPT faults immediately [Igor Druzhinin]
  • 53bafb59e9: x86/ucode: Fix errors with start/end_update() [Andrew Cooper]
  • b4afe058c6: x86/boot: Fix load_system_tables() to be NMI/#MC-safe [Andrew Cooper]
  • 74ce65c012: build32: don’t discard .shstrtab in linker script [Roger Pau Monné]
  • 0243559f45: x86/mm: do not attempt to convert _PAGE_GNTTAB to a boolean [Roger Pau Monné]
  • 8ad99de837: x86emul: rework CMP and TEST emulation [Jan Beulich]
  • ea7e8d2aa9: x86emul: address x86_insn_is_mem_{access,write}() omissions [Jan Beulich]
  • 350aaca679: x86/hvm: Improve error information in handle_pio() [Andrew Cooper]
  • c3eea2cfc8: VT-x: extend LBR Broadwell errata coverage [Jan Beulich]
  • 05232254ba: x86: clear RDRAND CPUID bit on AMD family 15h/16h [Jan Beulich]
  • 672976cfbb: xen/trace: Don’t dump offline CPUs in debugtrace_dump_worker() [Andrew Cooper]
  • a6f2080523: x86/idle: Extend ISR/C6 erratum workaround to Haswell [Andrew Cooper]
  • c437e06ba2: x86/idle: prevent entering C3/C6 on some Intel CPUs due to errata [Roger Pau Monné]
  • 0a85f84e65: x86/idle: prevent entering C6 with in service interrupts on Intel [Roger Pau Monné]
  • 85ac008352: x86/idle: rework C6 EOI workaround [Roger Pau Monné]
  • 7f6b66d71f: x86: determine MXCSR mask in all cases [Jan Beulich]
  • 04aedf4048: x86/hvm: Fix shifting in stdvga_mem_read() [Andrew Cooper]
  • f2ad77ba78: sched: allow rcu work to happen when syncing cpus in core scheduling [Juergen Gross]
  • d61fef6c41: x86/PVH: PHYSDEVOP_pci_mmcfg_reserved should not blindly register a region [Jan Beulich]
  • eccc242b59: x86/build: Unilaterally disable -fcf-protection [Andrew Cooper]
  • 6bfb364c3c: x86/build: move -fno-asynchronous-unwind-tables into EMBEDDED_EXTRA_CFLAGS [Andrew Cooper]
  • bdddd33ff2: x86/build32: Discard all orphaned sections [Andrew Cooper]
  • 7d57caa9a2: x86/guest: Fix assembler warnings with newer binutils [Andrew Cooper]
  • d74eb10956: sched: always modify vcpu pause flags atomically [Juergen Gross]
  • 9eec3eecad: cpupool: fix removing cpu from a cpupool [Juergen Gross]
  • d112db32c6: x86/cpuidle: correct Cannon Lake residency MSRs [Jan Beulich]
  • 333519f5a8: update Xen version to 4.13.2-pre [Jan Beulich]
  • c54de7d9df: tools/libxl: Fix memory leak in libxl_cpuid_set() [Andrew Cooper]
  • d8e1053bfa: x86/spec-ctrl: Update docs with SRBDS workaround [Andrew Cooper]
  • 67958a166f: x86/spec-ctrl: Mitigate the Special Register Buffer Data Sampling sidechannel [Andrew Cooper]
  • 9aefa01f45: x86/spec-ctrl: CPUID/MSR definitions for Special Register Buffer Data Sampling [Andrew Cooper]

In addition, this release also contains the following fixes to qemu-traditional:

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.13.1 and qemu-xen-4.13.2).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes. 

XSA Xen qemu-traditional qemu-upstream 
XSA-286 Applied N/A N/A
XSA-317 Applied N/A N/A
XSA-319 Applied N/A N/A
XSA-320 Applied N/A N/A
XSA-321 Applied N/A N/A
XSA-327 Applied N/A N/A
XSA-328 Applied N/A N/A
XSA-329 N/A (Linux only)
XSA-331 N/A (Linux only)
XSA-332 N/A (Linux only)
XSA-333 Applied N/A N/A
XSA-334 Applied N/A N/A
XSA-335 Applied N/A N/A
XSA-336 Applied N/A N/A
XSA-337 Applied N/A N/A
XSA-338 Applied N/A N/A
XSA-339 Applied N/A N/A
XSA-340 Applied N/A N/A
XSA-341 N/A (Unused number) …o
XSA-342 Applied N/A N/A
XSA-343 Applied N/A N/A
XSA-344 Applied N/A N/A
XSA-345 Applied N/A N/A
XSA-346 Applied N/A N/A
XSA-347 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.13 stable series to update to this latest point release.