Skip to main content


Xen Project 4.15.1

We are pleased to announce the release of Xen 4.15.1. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.15 (tag RELEASE-4.15.1) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 84fa99099b: update Xen version to 4.15.1 [Jan Beulich]
  • 6f92f38419: gnttab: deal with status frame mapping race [Jan Beulich]
  • 60d5c31d99: x86/p2m-pt: fix p2m_flags_to_access() [Jan Beulich]
  • b6a2e26cd9: x86/P2M: relax guarding of MMIO entries [Jan Beulich]
  • 5a8b51e1cc: x86/PVH: de-duplicate mappings for first Mb of Dom0 memory [Jan Beulich]
  • c0832c7531: xen/domain: Fix label position in domain_teardown() [Andrew Cooper]
  • e58edae768: gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() [Jan Beulich]
  • 91bb9e9b0c: tools/firmware/ovmf: Use OvmfXen platform file is exist [Anthony PERARD]
  • 96894c14ca: AMD/IOMMU: don’t leave page table mapped when unmapping … [Jan Beulich]
  • b654bb2ed2: xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume [Juergen Gross]
  • 9e027b88d9: VT-d: Tylersburg errata apply to further steppings [Jan Beulich]
  • 45cf6ad5e5: x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} [Andrew Cooper]
  • b11a694067: credit2: avoid picking a spurious idle unit when caps are used [Dario Faggioli]
  • 8c3a80b14e: xen/lib: Fix strcmp() and strncmp() [Jane Malalane]
  • 2a4ca6dda1: x86/hvm: Propagate real error information up through hvm_load() [Andrew Cooper]
  • 9ab1714708: x86/AMD: expose SYSCFG, TOM, TOM2, and IORRs to Dom0 [Jan Beulich]
  • 9bc2a68127: xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate [Julien Grall]
  • 8a8b16c44e: gnttab: fix array capacity check in gnttab_get_status_frames() [Jan Beulich]
  • 2f6ebcec02: gnttab: replace mapkind() [Jan Beulich]
  • 9bfbde40bc: gnttab: add preemption check to gnttab_release_mappings() [Jan Beulich]
  • d40287a000: x86/mm: widen locked region in xenmem_add_to_physmap_one() [Jan Beulich]
  • 7850fe53a5: x86/p2m: guard (in particular) identity mapping entries [Jan Beulich]
  • 9f44ed133f: x86/p2m: introduce p2m_is_special() [Jan Beulich]
  • 27bc41d712: AMD/IOMMU: re-arrange exclusion range and unity map recording [Jan Beulich]
  • d39756f053: AMD/IOMMU: re-arrange/complete re-assignment handling [Jan Beulich]
  • 711aeb1106: IOMMU: generalize VT-d’s tracking of mapped RMRR regions [Jan Beulich]
  • 34d141e27e: IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() [Jan Beulich]
  • 29a6cf118c: AMD/IOMMU: correct device unity map handling [Jan Beulich]
  • 92c8b9274d: AMD/IOMMU: correct global exclusion range extending [Jan Beulich]
  • 1beb196dec: x86: work around build issue with GNU ld 2.37 [Jan Beulich]
  • 6bbdcefd20: libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl [Jan Beulich]
  • abfbb29830: libxc: use multicall for memory-op on Linux (and Solaris) [Jan Beulich]
  • c3cf33b071: libxencall: Bump SONAME following new functionality [Andrew Cooper]
  • e0da171fc1: libxencall: introduce variant of xencall2() returning long [Jan Beulich]
  • c773053bdb: libxencall: osdep_hypercall() should return long [Jan Beulich]
  • 0f1002d406: x86/HVM: wire up multicalls [Jan Beulich]
  • 00bd594d6c: libxl: Fix QEMU cmdline for scsi device [Anthony PERARD]
  • 0e419e446f: libxl: Replace short-form boolean for QEMU’s -vnc [Anthony PERARD]
  • e3f5318546: libxl: Replace QMP command “change” by “blockdev-change-media” [Anthony PERARD]
  • 4b60715241: libxl: Use `id` with the “eject” QMP command [Anthony PERARD]
  • e949445ce9: libxl: Export libxl__qmp_ev_qemu_compare_version [Anthony PERARD]
  • 9cb597a545: libxl: Assert qmp_ev’s state in qmp_ev_qemu_compare_version [Anthony PERARD]
  • 6165dcfe7e: libxl: Use -device for cd-rom drives [Anthony PERARD]
  • da659f61c7: libxl: Replace deprecated “cpu-add” QMP command by “device_add” [Anthony PERARD]
  • 17dca162e0: libxl: Replace QEMU’s command line short-form boolean option [Anthony PERARD]
  • 99633c514d: libxl: Replace deprecated QMP command by “query-cpus-fast” [Anthony PERARD]
  • 2b23bb664f: tools/libs/ctrl: fix xc_core_arch_map_p2m() to support linear p2m table [Juergen Gross]
  • dba774896f: xen/arm: bootfdt: Always sort memory banks [Oleksandr Tyshchenko]
  • e98cacfaaf: arm: Modify type of actlr to register_t [Michal Orzel]
  • 0e1407fc43: Arm32: MSR to SPSR needs qualification [Jan Beulich]
  • 61dea454ba: xen/arm32: SPSR_hyp/SPSR [Stefano Stabellini]
  • 429b0a5c62: tools/libxenstat: fix populating vbd.rd_sect [Richard Kojedzinszky]
  • 41f0903e16: tools/python: fix Python3.4 TypeError in format string [Olaf Hering]
  • 67f798942c: tools/python: handle properly in convert-legacy-stream [Olaf Hering]
  • e9709a8349: tools: use integer division in convert-legacy-stream [Olaf Hering]
  • 1a6824957d: build: clean “lib.a” [Anthony PERARD]
  • e6d098e4cd: x86/mem-sharing: ensure consistent lock order in get_two_gfns() [Jan Beulich]
  • 16d2641ddf: build: fix %.s: %.S rule [Anthony PERARD]
  • 7b658fd273: IOMMU/PCI: don’t let domain cleanup continue when device de-assignment failed [Jan Beulich]
  • 6ba107c3be: VT-d: don’t lose errors when flushing TLBs on multiple IOMMUs [Jan Beulich]
  • 2ba0d81beb: VT-d: clear_fault_bits() should clear all fault bits [Jan Beulich]
  • 3581714729: VT-d: adjust domid map updating when unmapping context [Jan Beulich]
  • 0b80b344b0: VT-d: undo device mappings upon error [Jan Beulich]
  • d8a530ebc3: libs/foreignmemory: Fix osdep_xenforeignmemory_map prototype [Anthony PERARD]
  • 9892901047: x86/vpt: fully init timers before putting onto list [Jan Beulich]
  • 3556dc6bfb: xen: credit2: fix per-entity load tracking when continuing running [Dario Faggioli]
  • 13ea8afded: credit2: make sure we pick a runnable unit from the runq if there is one [Dario Faggioli]
  • 77069ea825: Un-shimmed 32-bit PV guests are no longer supported [George Dunlap]
  • ec457ac2a2: x86/tsx: Cope with TSX deprecation on SKL/KBL/CFL/WHL [Andrew Cooper]
  • 4586e6443a: x86/cpuid: Fix HLE and RTM handling (again) [Andrew Cooper]
  • 796d405669: x86/tsx: Deprecate vpmu=rtm-abort and use tsx=<bool> instead [Andrew Cooper]
  • 0aabeb9293: x86/tsx: Minor cleanup and improvements [Andrew Cooper]
  • a339ceaa8f: AMD/IOMMU: drop command completion timeout [Jan Beulich]
  • 874dac9b27: AMD/IOMMU: wait for command slot to be available [Jan Beulich]
  • f034c96e88: x86/spec-ctrl: Mitigate TAA after S3 resume [Andrew Cooper]
  • 894636d192: x86/spec-ctrl: Protect against Speculative Code Store Bypass [Andrew Cooper]
  • 12ebf0f819: VT-d: eliminate flush related timeouts [Jan Beulich]
  • 35b583686c: AMD/IOMMU: size command buffer dynamically [Jan Beulich]
  • 8368f214f9: VT-d: size qinval queue dynamically [Jan Beulich]
  • 7044184607: xen/arm: Boot modules should always be scrubbed if bootscrub={on, idle} [Julien Grall]
  • 0a64b182db: xen/arm: Create dom0less domUs earlier [Julien Grall]
  • eae0dfac89: x86: fix build race when generating temporary object files (take 2) [Jan Beulich]
  • 89c6e84f6d: x86/cpuid: Rework HLE and RTM handling [Andrew Cooper]
  • 7c3c98497f: x86: make hypervisor build with gcc11 [Jan Beulich]
  • 6a7e21a135: firmware/shim: update linkfarm exclusions [Jan Beulich]
  • ee2b1d616e: x86emul: fix test harness build for gas 2.36 [Jan Beulich]
  • edeaa04ab8: x86/vhpet: fix RTC special casing [Roger Pau Monné]
  • cacad0cdfc: x86/intel: insert Ice Lake-SP and Ice Lake-D model numbers [Igor Druzhinin]
  • 3e6c1b6ccc: x86/vtx: add LBR_SELECT to the list of LBR MSRs [Igor Druzhinin]
  • 78a7c3b1f2: VT-d: Don’t assume register-based invalidation is always supported [Chao Gao]
  • 280d472f4f: Document speculative attacks status of non-shim 32-bit PV [Ian Jackson]
  • eb1f325186: x86/hpet: Don’t enable legacy replacement mode unconditionally [Jan Beulich]
  • dfcce093f1: x86/hpet: Factor hpet_enable_legacy_replacement_mode() out of hpet_setup() [Andrew Cooper]
  • c129b5fd14: Revert “x86/HPET: don’t enable legacy replacement mode unconditionally” [Andrew Cooper]
  • e2e80ff86f: x86/vpt: do not take pt_migrate rwlock in some cases [Boris Ostrovsky]
  • 5788a7e611: fix for_each_cpu() again for NR_CPUS=1 [Jan Beulich]
  • bb071ce80d: VT-d: restore flush hooks when disabling qinval [Jan Beulich]
  • 92dd3b56a7: VT-d: re-order register restoring in vtd_resume() [Jan Beulich]
  • baa6957c3a: VT-d: leave FECTL write to vtd_resume() [Jan Beulich]
  • c86d8ec3b8: MAINTAINERS: Add stable information, remove checkin policy [Ian Jackson]
  • e72bf725eb: post 4.15: Updaate version [Ian Jackson]

In addition, this release also contains the following fixes to qemu-traditional:

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.15.0 and qemu-xen-4.15.1).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-357 N/A (Unused Number) N/A N/A
XSA-370 N/A (Version not vulnerable) N/A N/A
XSA-372 Applied N/A N/A
XSA-373 Applied N/A N/A
XSA-374 N/A (Linux only) N/A N/A
XSA-375 Applied N/A N/A
XSA-377 Applied N/A N/A
XSA-378 Applied N/A N/A
XSA-379 Applied N/A N/A
XSA-380 Applied N/A N/A
XSA-382 Applied N/A N/A
XSA-383 Applied N/A N/A
XSA-384 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.15 stable series to update to this latest point release.