Downloads

Xen Project 4.15.1

We are pleased to announce the release of Xen 4.15.1. This is available immediately from its git repository

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.15 (tag RELEASE-4.15.1) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 84fa99099b: update Xen version to 4.15.1 [Jan Beulich]
  • 6f92f38419: gnttab: deal with status frame mapping race [Jan Beulich]
  • 60d5c31d99: x86/p2m-pt: fix p2m_flags_to_access() [Jan Beulich]
  • b6a2e26cd9: x86/P2M: relax guarding of MMIO entries [Jan Beulich]
  • 5a8b51e1cc: x86/PVH: de-duplicate mappings for first Mb of Dom0 memory [Jan Beulich]
  • c0832c7531: xen/domain: Fix label position in domain_teardown() [Andrew Cooper]
  • e58edae768: gnttab: avoid triggering assertion in radix_tree_ulong_to_ptr() [Jan Beulich]
  • 91bb9e9b0c: tools/firmware/ovmf: Use OvmfXen platform file is exist [Anthony PERARD]
  • 96894c14ca: AMD/IOMMU: don’t leave page table mapped when unmapping … [Jan Beulich]
  • b654bb2ed2: xen/sched: fix get_cpu_idle_time() for smt=0 suspend/resume [Juergen Gross]
  • 9e027b88d9: VT-d: Tylersburg errata apply to further steppings [Jan Beulich]
  • 45cf6ad5e5: x86/cet: Fix shskt manipulation error with BUGFRAME_{warn,run_fn} [Andrew Cooper]
  • b11a694067: credit2: avoid picking a spurious idle unit when caps are used [Dario Faggioli]
  • 8c3a80b14e: xen/lib: Fix strcmp() and strncmp() [Jane Malalane]
  • 2a4ca6dda1: x86/hvm: Propagate real error information up through hvm_load() [Andrew Cooper]
  • 9ab1714708: x86/AMD: expose SYSCFG, TOM, TOM2, and IORRs to Dom0 [Jan Beulich]
  • 9bc2a68127: xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate [Julien Grall]
  • 8a8b16c44e: gnttab: fix array capacity check in gnttab_get_status_frames() [Jan Beulich]
  • 2f6ebcec02: gnttab: replace mapkind() [Jan Beulich]
  • 9bfbde40bc: gnttab: add preemption check to gnttab_release_mappings() [Jan Beulich]
  • d40287a000: x86/mm: widen locked region in xenmem_add_to_physmap_one() [Jan Beulich]
  • 7850fe53a5: x86/p2m: guard (in particular) identity mapping entries [Jan Beulich]
  • 9f44ed133f: x86/p2m: introduce p2m_is_special() [Jan Beulich]
  • 27bc41d712: AMD/IOMMU: re-arrange exclusion range and unity map recording [Jan Beulich]
  • d39756f053: AMD/IOMMU: re-arrange/complete re-assignment handling [Jan Beulich]
  • 711aeb1106: IOMMU: generalize VT-d’s tracking of mapped RMRR regions [Jan Beulich]
  • 34d141e27e: IOMMU: also pass p2m_access_t to p2m_get_iommu_flags() [Jan Beulich]
  • 29a6cf118c: AMD/IOMMU: correct device unity map handling [Jan Beulich]
  • 92c8b9274d: AMD/IOMMU: correct global exclusion range extending [Jan Beulich]
  • 1beb196dec: x86: work around build issue with GNU ld 2.37 [Jan Beulich]
  • 6bbdcefd20: libxl/x86: check return value of SHADOW_OP_SET_ALLOCATION domctl [Jan Beulich]
  • abfbb29830: libxc: use multicall for memory-op on Linux (and Solaris) [Jan Beulich]
  • c3cf33b071: libxencall: Bump SONAME following new functionality [Andrew Cooper]
  • e0da171fc1: libxencall: introduce variant of xencall2() returning long [Jan Beulich]
  • c773053bdb: libxencall: osdep_hypercall() should return long [Jan Beulich]
  • 0f1002d406: x86/HVM: wire up multicalls [Jan Beulich]
  • 00bd594d6c: libxl: Fix QEMU cmdline for scsi device [Anthony PERARD]
  • 0e419e446f: libxl: Replace short-form boolean for QEMU’s -vnc [Anthony PERARD]
  • e3f5318546: libxl: Replace QMP command “change” by “blockdev-change-media” [Anthony PERARD]
  • 4b60715241: libxl: Use `id` with the “eject” QMP command [Anthony PERARD]
  • e949445ce9: libxl: Export libxl__qmp_ev_qemu_compare_version [Anthony PERARD]
  • 9cb597a545: libxl: Assert qmp_ev’s state in qmp_ev_qemu_compare_version [Anthony PERARD]
  • 6165dcfe7e: libxl: Use -device for cd-rom drives [Anthony PERARD]
  • da659f61c7: libxl: Replace deprecated “cpu-add” QMP command by “device_add” [Anthony PERARD]
  • 17dca162e0: libxl: Replace QEMU’s command line short-form boolean option [Anthony PERARD]
  • 99633c514d: libxl: Replace deprecated QMP command by “query-cpus-fast” [Anthony PERARD]
  • 2b23bb664f: tools/libs/ctrl: fix xc_core_arch_map_p2m() to support linear p2m table [Juergen Gross]
  • dba774896f: xen/arm: bootfdt: Always sort memory banks [Oleksandr Tyshchenko]
  • e98cacfaaf: arm: Modify type of actlr to register_t [Michal Orzel]
  • 0e1407fc43: Arm32: MSR to SPSR needs qualification [Jan Beulich]
  • 61dea454ba: xen/arm32: SPSR_hyp/SPSR [Stefano Stabellini]
  • 429b0a5c62: tools/libxenstat: fix populating vbd.rd_sect [Richard Kojedzinszky]
  • 41f0903e16: tools/python: fix Python3.4 TypeError in format string [Olaf Hering]
  • 67f798942c: tools/python: handle libxl__physmap_info.name properly in convert-legacy-stream [Olaf Hering]
  • e9709a8349: tools: use integer division in convert-legacy-stream [Olaf Hering]
  • 1a6824957d: build: clean “lib.a” [Anthony PERARD]
  • e6d098e4cd: x86/mem-sharing: ensure consistent lock order in get_two_gfns() [Jan Beulich]
  • 16d2641ddf: build: fix %.s: %.S rule [Anthony PERARD]
  • 7b658fd273: IOMMU/PCI: don’t let domain cleanup continue when device de-assignment failed [Jan Beulich]
  • 6ba107c3be: VT-d: don’t lose errors when flushing TLBs on multiple IOMMUs [Jan Beulich]
  • 2ba0d81beb: VT-d: clear_fault_bits() should clear all fault bits [Jan Beulich]
  • 3581714729: VT-d: adjust domid map updating when unmapping context [Jan Beulich]
  • 0b80b344b0: VT-d: undo device mappings upon error [Jan Beulich]
  • d8a530ebc3: libs/foreignmemory: Fix osdep_xenforeignmemory_map prototype [Anthony PERARD]
  • 9892901047: x86/vpt: fully init timers before putting onto list [Jan Beulich]
  • 3556dc6bfb: xen: credit2: fix per-entity load tracking when continuing running [Dario Faggioli]
  • 13ea8afded: credit2: make sure we pick a runnable unit from the runq if there is one [Dario Faggioli]
  • 77069ea825: SUPPORT.md: Un-shimmed 32-bit PV guests are no longer supported [George Dunlap]
  • ec457ac2a2: x86/tsx: Cope with TSX deprecation on SKL/KBL/CFL/WHL [Andrew Cooper]
  • 4586e6443a: x86/cpuid: Fix HLE and RTM handling (again) [Andrew Cooper]
  • 796d405669: x86/tsx: Deprecate vpmu=rtm-abort and use tsx=<bool> instead [Andrew Cooper]
  • 0aabeb9293: x86/tsx: Minor cleanup and improvements [Andrew Cooper]
  • a339ceaa8f: AMD/IOMMU: drop command completion timeout [Jan Beulich]
  • 874dac9b27: AMD/IOMMU: wait for command slot to be available [Jan Beulich]
  • f034c96e88: x86/spec-ctrl: Mitigate TAA after S3 resume [Andrew Cooper]
  • 894636d192: x86/spec-ctrl: Protect against Speculative Code Store Bypass [Andrew Cooper]
  • 12ebf0f819: VT-d: eliminate flush related timeouts [Jan Beulich]
  • 35b583686c: AMD/IOMMU: size command buffer dynamically [Jan Beulich]
  • 8368f214f9: VT-d: size qinval queue dynamically [Jan Beulich]
  • 7044184607: xen/arm: Boot modules should always be scrubbed if bootscrub={on, idle} [Julien Grall]
  • 0a64b182db: xen/arm: Create dom0less domUs earlier [Julien Grall]
  • eae0dfac89: x86: fix build race when generating temporary object files (take 2) [Jan Beulich]
  • 89c6e84f6d: x86/cpuid: Rework HLE and RTM handling [Andrew Cooper]
  • 7c3c98497f: x86: make hypervisor build with gcc11 [Jan Beulich]
  • 6a7e21a135: firmware/shim: update linkfarm exclusions [Jan Beulich]
  • ee2b1d616e: x86emul: fix test harness build for gas 2.36 [Jan Beulich]
  • edeaa04ab8: x86/vhpet: fix RTC special casing [Roger Pau Monné]
  • cacad0cdfc: x86/intel: insert Ice Lake-SP and Ice Lake-D model numbers [Igor Druzhinin]
  • 3e6c1b6ccc: x86/vtx: add LBR_SELECT to the list of LBR MSRs [Igor Druzhinin]
  • 78a7c3b1f2: VT-d: Don’t assume register-based invalidation is always supported [Chao Gao]
  • 280d472f4f: SUPPORT.md: Document speculative attacks status of non-shim 32-bit PV [Ian Jackson]
  • eb1f325186: x86/hpet: Don’t enable legacy replacement mode unconditionally [Jan Beulich]
  • dfcce093f1: x86/hpet: Factor hpet_enable_legacy_replacement_mode() out of hpet_setup() [Andrew Cooper]
  • c129b5fd14: Revert “x86/HPET: don’t enable legacy replacement mode unconditionally” [Andrew Cooper]
  • e2e80ff86f: x86/vpt: do not take pt_migrate rwlock in some cases [Boris Ostrovsky]
  • 5788a7e611: fix for_each_cpu() again for NR_CPUS=1 [Jan Beulich]
  • bb071ce80d: VT-d: restore flush hooks when disabling qinval [Jan Beulich]
  • 92dd3b56a7: VT-d: re-order register restoring in vtd_resume() [Jan Beulich]
  • baa6957c3a: VT-d: leave FECTL write to vtd_resume() [Jan Beulich]
  • c86d8ec3b8: MAINTAINERS: Add stable information, remove checkin policy [Ian Jackson]
  • e72bf725eb: post 4.15: Updaate version [Ian Jackson]

In addition, this release also contains the following fixes to qemu-traditional:

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.15.0 and qemu-xen-4.15.1).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-357 N/A (Unused Number) N/A N/A
XSA-370 N/A (Version not vulnerable) N/A N/A
XSA-372 Applied N/A N/A
XSA-373 Applied N/A N/A
XSA-374 N/A (Linux only) N/A N/A
XSA-375 Applied N/A N/A
XSA-377 Applied N/A N/A
XSA-378 Applied N/A N/A
XSA-379 Applied N/A N/A
XSA-380 Applied N/A N/A
XSA-382 Applied N/A N/A
XSA-383 Applied N/A N/A
XSA-384 Applied N/A N/A

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.15 stable series to update to this latest point release.