Skip to main content


Xen Project 4.14.1

We are pleased to announce the release of Xen 4.14.1. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.14 (tag RELEASE-4.14.1) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • ad844aa352: update Xen version to 4.14.1 [Jan Beulich]
  • d17a5d5d27: evtchn/FIFO: add 2nd smp_rmb() to evtchn_fifo_word_from_port() [Jan Beulich]
  • 9872981ddd: evtchn/FIFO: re-order and synchronize (with) map_control_block() [Jan Beulich]
  • d785e076b3: x86/irq: fix infinite loop in irq_move_cleanup_interrupt [Roger Pau Monné]
  • d8f08a44bc: x86: avoid calling {svm,vmx}_do_resume() [Jan Beulich]
  • 5174e4202e: x86: fold guest_idle_loop() into idle_loop() [Jan Beulich]
  • bfc99c310f: x86: replace reset_stack_and_jump_nolp() [Jan Beulich]
  • 13268c50c0: tools/ocaml/xenstored: only Dom0 can change node owner [Edwin Török]
  • de822c4a2c: tools/ocaml/xenstored: delete watch from trie too when resetting watches [Edwin Török]
  • 57bbcd069b: tools/xenstore: Preserve bad client until they are destroyed [Harsha Shamsundara Havanur]
  • 7214cc7457: tools/xenstore: drop watch event messages exceeding maximum size [Juergen Gross]
  • 49ed711a95: tools/ocaml/xenstored: Fix path length validation [Edwin Török]
  • dc871dda66: tools/ocaml/xenstored: clean up permissions for dead domains [Edwin Török]
  • b1c5e402c4: tools/xenstore: revoke access rights for removed domains [Juergen Gross]
  • 61d386343a: tools/ocaml/xenstored: add xenstored.conf flag to turn off watch permission checks [Edwin Török]
  • 9e53440c36: tools/ocaml/xenstored: avoid watch events for nodes without access [Edwin Török]
  • 335ef5b2b4: tools/ocaml/xenstored: introduce permissions for special watches [Edwin Török]
  • 6fa3e05ff5: tools/ocaml/xenstored: unify watch firing [Edwin Török]
  • f4405b67aa: tools/ocaml/xenstored: check privilege for XS_IS_DOMAIN_INTRODUCED [Edwin Török]
  • 228e5621eb: tools/ocaml/xenstored: ignore transaction id for [un]watch [Edwin Török]
  • 0a79a1b1d8: tools/xenstore: avoid watch events for nodes without access [Juergen Gross]
  • 5073c6b169: tools/xenstore: allow special watches for privileged callers only [Juergen Gross]
  • 52593586d5: tools/xenstore: introduce node_perms structure [Juergen Gross]
  • 3d0e1a15b3: tools/xenstore: fire watches only when removing a specific node [Juergen Gross]
  • 117521e9c0: tools/xenstore: rework node removal [Juergen Gross]
  • 91992c72ed: tools/xenstore: check privilege for XS_IS_DOMAIN_INTRODUCED [Juergen Gross]
  • 4e298fa407: tools/xenstore: simplify and rename check_event_node() [Juergen Gross]
  • 3beffb3ed0: tools/xenstore: fix node accounting after failed node creation [Juergen Gross]
  • da67712173: tools/xenstore: ignore transaction id for [un]watch [Juergen Gross]
  • 9c898a82b8: tools/xenstore: allow removing child of a node exceeding quota [Juergen Gross]
  • f130d5f013: tools/ocaml/xenstored: do permission checks on xenstore root [Edwin Török]
  • 1d1d1f5391: x86/vioapic: fix usage of index in place of GSI in vioapic_write_redirent [Roger Pau Monné]
  • 72bd989f51: xen/events: rework fifo queue locking [Juergen Gross]
  • 8e6c236c3e: x86/DMI: fix SMBIOS pointer range check [Jan Beulich]
  • 1cfb9b1c5b: xen/events: access last_priority and last_vcpu_id together [Juergen Gross]
  • 7c6ee4ee23: x86/vpt: fix build with old gcc [Jan Beulich]
  • d11d977551: xen/evtchn: revert 52e1fc47abc3a0123 [Juergen Gross]
  • 1ad177370d: xen/evtchn: rework per event channel lock [Juergen Gross]
  • 0057b1f8fa: memory: fix off-by-one in XSA-346 change [Jan Beulich]
  • d101b417b7: x86/msr: Disallow guest access to the RAPL MSRs [Andrew Cooper]
  • d95f45073c: x86/msr: fix handling of MSR_IA32_PERF_{STATUS/CTL} [Roger Pau Monné]
  • 73a09279de: xen/arm: Always trap AMU system registers [Julien Grall]
  • a38060ece6: tools/libs/stat: use memcpy instead of strncpy in getBridge [Bertrand Marquis]
  • 78a53f0ee0: tool/libs/light: Fix libxenlight gcc warning [Bertrand Marquis]
  • 89ae1b185a: tools/libxc: report malloc errors in writev_exact [Olaf Hering]
  • 7398a44e86: tools/libs/stat: fix broken build [Juergen Gross]
  • 59b83663f9: tools/xenstore: Do not abort xenstore-ls if a node disappears while iterating [David Woodhouse]
  • 1f9f1cb3a0: tools/xenpmd: Fix gcc10 snprintf warning [Bertrand Marquis]
  • f728b2d69f: libxl: fix -Werror=stringop-truncation in libxl__prepare_sockaddr_un [Marek Marczykowski-Górecki]
  • 71a12a9798: libxl: workaround gcc 10.2 maybe-uninitialized warning [Marek Marczykowski-Górecki]
  • 0c96e4297d: SUPPORT: Add linux device model stubdom to Toolstack [Jason Andryuk]
  • 29b48aa27d: arm,smmu: match start level of page table walk with P2M [Laurentiu Tudor]
  • d131310e60: xen/arm: sched: Ensure the vCPU context is seen before vcpu_pause() returns [Julien Grall]
  • 7d2b21fd36: xen/arm: bootfdt: Ignore empty memory bank [Julien Grall]
  • f61c5d0ca7: xen/arm64: force gcc 10+ to always inline generic atomics helpers [Jan Beulich]
  • fc8fab1bb4: x86emul: fix PINSRW and adjust other {,V}PINSR* [Jan Beulich]
  • 898864c373: pci: cleanup MSI interrupts before removing device from IOMMU [Roger Pau Monné]
  • 9f954ae7fb: build: use if_changed more consistently (and correctly) for prelink*.o [Jan Beulich]
  • 5784d1e942: Desupport qemu trad except stub dm [Ian Jackson]
  • 10bb63c203: x86/pv: Flush TLB in response to paging structure changes [Andrew Cooper]
  • 941f69a428: x86/pv: Drop FLUSH_TLB_GLOBAL in do_mmu_update() for XPTI [Andrew Cooper]
  • 7b1e587f25: hvmloader: flip "ACPI data" to "ACPI NVS" type for ACPI table region [Igor Druzhinin]
  • ee47e8e8d9: x86/smpboot: Don't unconditionally call memguard_guard_stack() in cpu_smpboot_alloc() [Andrew Cooper]
  • 4ba3fb0b4d: x86/traps: 'Fix' safety of read_registers() in #DF path [Andrew Cooper]
  • d2ba323eaa: x86/mwait-idle: customize IceLake server support [Chen Yu]
  • b081a5f14c: x86: fix resource leaks on arch_vcpu_create() error path [Jan Beulich]
  • e936515191: x86/vLAPIC: don't leak regs page from vlapic_init() upon error [Jan Beulich]
  • 9c1cc643ac: x86/S3: Restore CR4 earlier during resume [Andrew Cooper]
  • 829dbe2cfb: xen/domain: check IOMMU options doesn't contain unknown bits set [Roger Pau Monné]
  • 8d148003fd: evtchn/fifo: use stable fields when recording "last queue" information [Jan Beulich]
  • 0521dc918e: x86/S3: fix shadow stack resume path [Marek Marczykowski-Górecki]
  • 64c39517b5: x86/pv: Don't deliver #GP for a SYSENTER with NT set [Andrew Cooper]
  • 0974e0085d: x86/pv: Don't clobber NT on return-to-guest [Andrew Cooper]
  • a279fcbb4f: AMD/IOMMU: ensure suitable ordering of DTE modifications [Jan Beulich]
  • f7ab0c1a8c: AMD/IOMMU: update live PTEs atomically [Jan Beulich]
  • 7339975f55: AMD/IOMMU: convert amd_iommu_pte from struct to union [Jan Beulich]
  • 94c157f2e3: IOMMU: hold page ref until after deferred TLB flush [Jan Beulich]
  • 79f17015e7: IOMMU: suppress "iommu_dont_flush_iotlb" when about to free a page [Jan Beulich]
  • 9e757fcdbb: x86/mm: Prevent some races in hypervisor mapping updates [Hongyan Xia]
  • 809a70b161: x86/mm: Refactor modify_xen_mappings to have one exit path [Wei Liu]
  • b4271092f2: x86/mm: Refactor map_pages_to_xen to have only a single exit path [Wei Liu]
  • c93b520a41: evtchn/Flask: pre-allocate node on send path [Jan Beulich]
  • f37a1cf023: x86/HVM: more consistently set I/O completion [Jan Beulich]
  • 54789343ce: xen/hypfs: fix writing of custom parameter [Juergen Gross]
  • 43eceee913: hvmloader: indicate ACPI tables with "ACPI data" type in e820 [Igor Druzhinin]
  • 03019c20b5: evtchn: arrange for preemption in evtchn_reset() [Jan Beulich]
  • 66cdf34142: evtchn: arrange for preemption in evtchn_destroy() [Jan Beulich]
  • ecc6428b7e: evtchn: address races with evtchn_reset() [Jan Beulich]
  • 2ee270e126: evtchn: convert per-channel lock to be IRQ-safe [Jan Beulich]
  • 9b9fc8e391: evtchn: evtchn_reset() shouldn't succeed with still-open ports [Jan Beulich]
  • b8c2efbe7b: evtchn/x86: enforce correct upper limit for 32-bit guests [Jan Beulich]
  • f5469067ee: xen/evtchn: Add missing barriers when accessing/allocating an event channel [Julien Grall]
  • eb4a543a47: x86/pv: Avoid double exception injection [Andrew Cooper]
  • e417504feb: evtchn: relax port_is_valid() [Jan Beulich]
  • 0bc4177e6b: x86/MSI-X: restrict reading of table/PBA bases from BARs [Jan Beulich]
  • 5ad31525c9: x86/msi: get rid of read_msi_msg [Roger Pau Monné]
  • fc8200a6ad: x86/vpt: fix race when migrating timers between vCPUs [Roger Pau Monné]
  • 5eab5f0543: xen/memory: Don't skip the RCU unlock path in acquire_resource() [Andrew Cooper]
  • b04d6731ee: x86/pv: Handle the Intel-specific MSR_MISC_ENABLE correctly [Andrew Cooper]
  • 28855ebcdb: xen/arm: cmpxchg: Add missing memory barriers in __cmpxchg_mb_timeout() [Julien Grall]
  • 174be04403: xen/arm: Missing N1/A76/A75 FP registers in vCPU context switch [Wei Chen]
  • 158c3bdc49: xen/arm: Update silicon-errata.txt with the Neovers AT erratum [Julien Grall]
  • 3535f2325f: xen/arm: Enable CPU Erratum 1165522 for Neoverse [Bertrand Marquis]
  • de7e543685: arm: Add Neoverse N1 processor identification [Bertrand Marquis]
  • 483b43c457: x86/pv: Rewrite segment context switching from scratch [Andrew Cooper]
  • 431d52afd9: x86/pv: Fix consistency of 64bit segment bases [Andrew Cooper]
  • ceafff707c: x86/pv: Fix multiple bugs with SEGBASE_GS_USER_SEL [Andrew Cooper]
  • 369e7a35bf: x86/intel: Expose MSR_ARCH_CAPS to dom0 [Andrew Cooper]
  • 98aa6ea751: x86: Begin to introduce support for MSR_ARCH_CAPS [Andrew Cooper]
  • 80dec06f6a: x86: use constant flags for section .init.rodata [Roger Pau Monné]
  • 5482c2887d: build: work around bash issue [Jan Beulich]
  • edf5b8627f: x86/tsc: Fix diagnostics for TSC frequency [Andrew Cooper]
  • eca6d5e914: x86/ioapic: Fix fixmap error path logic in ioapic_init_mappings() [Andrew Cooper]
  • c3a0fc22af: x86: comment update after "drop high compat r/o M2P table address range" [Jan Beulich]
  • 864d5701ec: x86/hvm: set 'ipat' in EPT for special pages [Paul Durrant]
  • afed8e4365: x86emul: replace UB shifts [Jan Beulich]
  • a5dab0a245: x86/cpuid: Fix APIC bit clearing [Fam Zheng]
  • b8c3e33a4f: x86/S3: put data segment registers into known state upon resume [Jan Beulich]
  • f836759a7b: update Xen version to 4.14.1-pre [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.14.0 and qemu-xen-4.14.1).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-115 Applied N/A N/A
XSA-286 Applied N/A N/A
XSA-322 Applied N/A N/A
XSA-323 Applied N/A N/A
XSA-324 Applied N/A N/A
XSA-325 Applied N/A N/A
XSA-330 Applied N/A N/A
XSA-331 N/A (Linux only) N/A N/A
XSA-332 N/A (Linux only) N/A N/A
XSA-333 Applied N/A N/A
XSA-334 Applied N/A N/A
XSA-335 N/A Applied Applied
XSA-336 Applied N/A N/A
XSA-337 Applied N/A N/A
XSA-338 Applied N/A N/A
XSA-339 Applied N/A N/A
XSA-340 Applied N/A N/A
XSA-341 N/A (Unused Number) N/A N/A
XSA-342 Applied N/A N/A
XSA-343 Applied N/A N/A
XSA-344 Applied N/A N/A
XSA-345 Applied N/A N/A
XSA-346 Applied N/A N/A
XSA-347 Applied N/A N/A
XSA-348 Applied N/A N/A
XSA-349 N/A (Linux only) N/A N/A
XSA-350 N/A (Linux only) N/A N/A
XSA-351 Applied N/A N/A
XSA-352 Applied N/A N/A
XSA-353 Applied N/A N/A
XSA-354 N/A (xenopsd only) N/A N/A
XSA-355 Applied N/A N/A
XSA-356 Applied N/A N/A
XSA-358 Applied N/A N/A
XSA-359 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.14 stable series to update to this latest point release.