Skip to main content


Xen Project 4.14.3

We are pleased to announce the release of Xen 4.14.3. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.14 (tag RELEASE-4.14.3) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 9f2b6c5ec2: update Xen version to 4.14.3 [Jan Beulich]
  • ef6455a370: gnttab: deal with status frame mapping race [Jan Beulich]
  • 4ff1d3b86f: x86/p2m-pt: fix p2m_flags_to_access() [Jan Beulich]
  • 7bcd5478cc: x86/P2M: relax guarding of MMIO entries [Jan Beulich]
  • 0cfccfd7fe: x86/PVH: de-duplicate mappings for first Mb of Dom0 memory [Jan Beulich]
  • 76c7755ed5: gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() [Jan Beulich]
  • 74e9307182: tools/firmware/ovmf: Use OvmfXen platform file is exist [Anthony PERARD]
  • 301ea7a89d: AMD/IOMMU: don’t leave page table mapped when unmapping … [Jan Beulich]
  • da72547388: xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume [Juergen Gross]
  • 26b885cbdd: VT-d: Tylersburg errata apply to further steppings [Jan Beulich]
  • a9d7c25414: x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} [Andrew Cooper]
  • 58570591db: credit2: avoid picking a spurious idle unit when caps are used [Dario Faggioli]
  • 8df03ef746: xen/lib: Fix strcmp() and strncmp() [Jane Malalane]
  • 2255511a4f: x86/hvm: Propagate real error information up through hvm_load() [Andrew Cooper]
  • c439f5e97b: xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate [Julien Grall]
  • 66f5e867c6: gnttab: fix array capacity check in gnttab_get_status_frames() [Jan Beulich]
  • b81187fc40: gnttab: replace mapkind() [Jan Beulich]
  • 29aeeda345: gnttab: add preemption check to gnttab_release_mappings() [Jan Beulich]
  • 98bcd536c2: x86/mm: widen locked region in xenmem_add_to_physmap_one() [Jan Beulich]
  • 6f4c214689: x86/p2m: guard (in particular) identity mapping entries [Jan Beulich]
  • 968526568c: x86/p2m: introduce p2m_is_special() [Jan Beulich]
  • e4c23845c2: AMD/IOMMU: re-arrange exclusion range and unity map recording [Jan Beulich]
  • 19587584f2: AMD/IOMMU: re-arrange/complete re-assignment handling [Jan Beulich]
  • fe6da097d4: IOMMU: generalize VT-d’s tracking of mapped RMRR regions [Jan Beulich]
  • 4a244516f6: IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() [Jan Beulich]
  • 100b2e2d5e: AMD/IOMMU: correct device unity map handling [Jan Beulich]
  • 8da14912d2: AMD/IOMMU: correct global exclusion range extending [Jan Beulich]
  • f7a9730316: x86: work around build issue with GNU ld 2.37 [Jan Beulich]
  • 61f28060d5: libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl [Jan Beulich]
  • 49299c4813: xen/arm: bootfdt: Always sort memory banks [Oleksandr Tyshchenko]
  • b46af13fa1: arm: Modify type of actlr to register_t [Michal Orzel]
  • e32e184d02: Arm32: MSR to SPSR needs qualification [Jan Beulich]
  • bb731fdb76: xen/arm32: SPSR_hyp/SPSR [Stefano Stabellini]
  • c3cc6e206f: tools/libxenstat: fix populating vbd.rd_sect [Richard Kojedzinszky]
  • bb9377a205: tools/python: fix Python3.4 TypeError in format string [Olaf Hering]
  • f6aec84fe7: tools/python: handle properly in convert-legacy-stream [Olaf Hering]
  • 23d5e3d42c: tools: use integer division in convert-legacy-stream [Olaf Hering]
  • 3cfccd7099: x86/mem-sharing: ensure consistent lock order in get_two_gfns() [Jan Beulich]
  • 1ed3661879: build: fix %.s: %.S rule [Anthony PERARD]
  • 645fcf8a96: IOMMU/PCI: don’t let domain cleanup continue when device de-assignment failed [Jan Beulich]
  • 86c223c981: VT-d: don’t lose errors when flushing TLBs on multiple IOMMUs [Jan Beulich]
  • 79774e0df8: VT-d: clear_fault_bits() should clear all fault bits [Jan Beulich]
  • e06d0c113e: VT-d: adjust domid map updating when unmapping context [Jan Beulich]
  • 1dae9fd19f: VT-d: undo device mappings upon error [Jan Beulich]
  • 64d93d6d41: libs/foreignmemory: Fix osdep_xenforeignmemory_map prototype [Anthony PERARD]
  • 3ae25fc2b0: x86/vpt: fully init timers before putting onto list [Jan Beulich]
  • 665024b4f4: xen: credit2: fix per-entity load tracking when continuing running [Dario Faggioli]
  • ecd6b1770f: credit2: make sure we pick a runnable unit from the runq if there is one [Dario Faggioli]
  • c6ee6d4ec3: Un-shimmed 32-bit PV guests are no longer supported [George Dunlap]
  • b6a8c4f72d: golang/xenlight: fix code generation for python 2.6 [Nick Rosbrook]
  • 45710c0256: x86/tsx: Cope with TSX deprecation on SKL/KBL/CFL/WHL [Andrew Cooper]
  • ee5425c0d5: x86/cpuid: Fix HLE and RTM handling (again) [Andrew Cooper]
  • 4b4ee05a70: x86/tsx: Deprecate vpmu=rtm-abort and use tsx=<bool> instead [Andrew Cooper]
  • 768138cde8: x86/tsx: Minor cleanup and improvements [Andrew Cooper]
  • 0ff7f9c5aa: x86/spec-ctrl: Mitigate TAA after S3 resume [Andrew Cooper]
  • fcf98eff73: x86/spec-ctrl: Protect against Speculative Code Store Bypass [Andrew Cooper]
  • 51278ce831: AMD/IOMMU: drop command completion timeout [Jan Beulich]
  • 766b1f4473: AMD/IOMMU: wait for command slot to be available [Jan Beulich]
  • e5bce3a74b: VT-d: eliminate flush related timeouts [Jan Beulich]
  • 46ff2453de: AMD/IOMMU: size command buffer dynamically [Jan Beulich]
  • 2665d9785e: VT-d: size qinval queue dynamically [Jan Beulich]
  • 7053c8ea5d: xen/arm: Boot modules should always be scrubbed if bootscrub={on, idle} [Julien Grall]
  • 5caa690ea7: xen/arm: Create dom0less domUs earlier [Julien Grall]
  • b046e05736: x86: fix build race when generating temporary object files (take 2) [Jan Beulich]
  • 3f8549386b: x86/cpuid: Rework HLE and RTM handling [Andrew Cooper]
  • ac507e078e: x86: make hypervisor build with gcc11 [Jan Beulich]
  • ebfdf0c7eb: x86emul: fix test harness build for gas 2.36 [Jan Beulich]
  • 9d963a7169: x86/vhpet: fix RTC special casing [Roger Pau Monné]
  • b15c24a70c: x86/intel: insert Ice Lake-SP and Ice Lake-D model numbers [Igor Druzhinin]
  • f23cb474e8: x86/vtx: add LBR_SELECT to the list of LBR MSRs [Igor Druzhinin]
  • c2f78b4905: VT-d: Don’t assume register-based invalidation is always supported [Chao Gao]
  • a351751d88: update Xen version to 4.14.3-pre [Jan Beulich]
  • 02f9760498: x86/Intel: insert Tiger Lake model numbers [Jan Beulich]
  • 10f0b2d493: Document speculative attacks status of non-shim 32-bit PV [Ian Jackson]

In addition, this release also contains the following fixes to qemu-traditional:

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.14.2 and qemu-xen-4.14.3).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-357 N/A (Unused Number) N/A N/A
XSA-370 N/A (Version not vulnerable) N/A N/A
XSA-372 Applied N/A N/A
XSA-373 Applied N/A N/A
XSA-374 N/A (Linux only) N/A N/A
XSA-375 Applied N/A N/A
XSA-377 Applied N/A N/A
XSA-378 Applied N/A N/A
XSA-379 Applied N/A N/A
XSA-380 Applied N/A N/A
XSA-382 Applied N/A N/A
XSA-383 Applied N/A N/A
XSA-384 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.14 stable series to update to this latest point release.