Skip to main content


Xen Project 4.14.2

We are pleased to announce the release of Xen 4.14.2. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.14 (tag RELEASE-4.14.2) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 207c70c5b6: update Xen version to 4.14.2 [Jan Beulich]
  • b14d8345e5: x86/hpet: Don't enable legacy replacement mode unconditionally [Jan Beulich]
  • 440e6d402d: x86/hpet: Factor hpet_enable_legacy_replacement_mode() out of hpet_setup() [Andrew Cooper]
  • a67f981352: x86/vpt: do not take pt_migrate rwlock in some cases [Boris Ostrovsky]
  • 2b5de80828: fix for_each_cpu() again for NR_CPUS=1 [Jan Beulich]
  • da4733a23c: VT-d: restore flush hooks when disabling qinval [Jan Beulich]
  • 732cf387c9: VT-d: re-order register restoring in vtd_resume() [Jan Beulich]
  • e9f10a9add: VT-d: leave FECTL write to vtd_resume() [Jan Beulich]
  • 0c4caea34a: VT-d: correct off-by-1 in number-of-IOMMUs check [Jan Beulich]
  • 1ebc077a56: MAINTAINERS: Belatedly update for this being a stable branch [Ian Jackson]
  • ddb39ba714: SUPPORT.MD: Clarify the support state for the Arm SMMUv{1, 2} drivers [Julien Grall]
  • 6799072011: xen/vgic: Implement write to ISPENDR in vGICv{2, 3} [Julien Grall]
  • b22b824f2e: xen/arm: mm: Remove ; at the end of mm_printk() [Julien Grall]
  • a8a6736c97: xen/arm: Add workaround for Cortex-A53 erratum #843419 [Luca Fancellu]
  • 8d6755fb44: xen/arm: Add workaround for Cortex-A55 erratum #1530923 [Bertrand Marquis]
  • 2c46385e5a: xen/arm: Add Cortex-A73 erratum 858921 workaround [Penny Zheng]
  • f43374f8c3: xen/arm: Document the erratum #853709 related to Cortex A72 [Michal Orzel]
  • 93fbbb3b10: x86/ucode/amd: Fix microcode payload size for Fam19 processors [Andrew Cooper]
  • 048af4453c: tools/oxenstored: mkdir conflicts were sometimes missed [Edwin Török]
  • d5ed41d3b0: tools/oxenstored: Reject invalid watch paths early [Edwin Török]
  • 004be86c81: tools/oxenstored: Fix quota calculation for mkdir EEXIST [Edwin Török]
  • bcd9d2ee06: tools/oxenstored: Trim txhistory on xenbus reconnect [Edwin Török]
  • 78a22dee01: tools/ocaml/libs/xb: Do not crash after xenbus is unmapped [Edwin Török]
  • 9503a6df19: oxenstored: fix ABI breakage introduced in Xen 4.9.0 [Edwin Török]
  • b0d7739f10: libxl: Fix domain soft reset state handling [Anthony PERARD]
  • 1d6fa27b6b: xen: fix for_each_cpu when NR_CPUS=1 [Dario Faggioli]
  • 57ced58d26: vtd: make sure QI/IR are disabled before initialisation [Igor Druzhinin]
  • e765471690: x86/shadow: suppress "fast fault path" optimization without reserved bits [Jan Beulich]
  • 576844d1b6: crypto: adjust rijndaelEncrypt() prototype for gcc11 [Jan Beulich]
  • a1dab05393: x86/dmop: Properly fail for PV guests [Andrew Cooper]
  • 3eee522824: xen/sched: Add missing memory barrier in vcpu_block() [Julien Grall]
  • 97c0a5c05b: x86/EFI: suppress GNU ld 2.36'es creation of base relocs [Jan Beulich]
  • 9b6054a63e: gnttab: bypass IOMMU (un)mapping when a domain is (un)mapping its own grant [Jan Beulich]
  • 4a505ed5c4: gnttab: never permit mapping transitive grants [Jan Beulich]
  • 605e1d92ef: xen/iommu: Check if the IOMMU was initialized before tearing down [Julien Grall]
  • 865eba02a1: x86emul: fix SYSENTER/SYSCALL switching into 64-bit mode [Jan Beulich]
  • daa4149647: x86/ucode/amd: Fix OoB read in cpu_request_microcode() [Andrew Cooper]
  • 73a269624b: x86/EFI: work around GNU ld 2.36 issue [Jan Beulich]
  • c354bd7468: x86/efi: enable MS ABI attribute on clang [Roger Pau Monné]
  • 72fc75d707: x86/string: correct memmove()'s forwarding to memcpy() [Jan Beulich]
  • ec003beb5c: x86/debug: fix page-overflow bug in dbg_rw_guest_mem [Tamas K Lengyel]
  • 3d09a43f75: x86/HVM: re-order error path of hvm_domain_initialise() [Jan Beulich]
  • 17810630a0: memory: bail from page scrubbing when CPU is no longer online [Jan Beulich]
  • f6f787de98: x86/timer: Fix boot on Intel systems using ITSSPRC static PIT clock gating [Andrew Cooper]
  • a473bdd81b: xen/include: compat/xlat.h may change with .config changes [Jan Beulich]
  • 761995ee29: x86/vioapic: check IRR before attempting to inject interrupt after EOI [Roger Pau Monné]
  • b0b734a8b3: xen/arm: fix gnttab_need_iommu_mapping [Stefano Stabellini]
  • 9f357fe3e4: xen/page_alloc: Only flush the page to RAM once we know they are scrubbed [Julien Grall]
  • 4170218cb9: x86/dpci: do not remove pirqs from domain tree on unbind [Roger Pau Monné]
  • 9028fd493a: x86/mem_sharing: fix uninitialized 'preempted' variable [Tamas K Lengyel]
  • 7f99c05ded: xen/memory: Fix compat XENMEM_acquire_resource for size requests [Andrew Cooper]
  • cad784fb8f: x86/ACPI: don't overwrite FADT [Jan Beulich]
  • e44321d94f: x86/hypercall: fix gnttab hypercall args conditional build on pvshim [Roger Pau Monné]
  • a3509dcd0f: x86/dpci: EOI interrupt regardless of its masking status [Roger Pau Monné]
  • 5f9b0f90ee: x86/vPCI: tolerate (un)masking a disabled MSI-X entry [Jan Beulich]
  • a514c5ef5b: x86/hpet: Fix return value of hpet_setup() [Andrew Cooper]
  • 1b09f3dcd4: update Xen version to 4.14.2-pre [Jan Beulich]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.14.1 and qemu-xen-4.14.2).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-360 Applied N/A N/A
XSA-361 N/A (Linux only) N/A N/A
XSA-362 N/A (Linux only) N/A N/A
XSA-363 N/A (Version not vulnerable) N/A N/A
XSA-364 Applied N/A N/A
XSA-365 N/A (Linux only) N/A N/A
XSA-366 N/A (Version not vulnerable) N/A N/A
XSA-367 N/A (Linux only) N/A N/A
XSA-368 Applied N/A N/A
XSA-369 N/A (Linux only) N/A N/A
XSA-371 N/A (Linux only) N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.14 stable series to update to this latest point release.