Skip to main content


Xen Project 4.15.2

We are pleased to announce the release of Xen 4.15.2. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.15 (tag RELEASE-4.15.2) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 32dcef072f: update Xen version to 4.15.2 [Jan Beulich]
  • 2a0c6e79da: x86/pvh: fix population of the low 1MB for dom0 [Roger Pau Monné]
  • b57b8cb350: x86: Fix build with the get/set_reg() infrastructure [Andrew Cooper]
  • bd20d6c876: x86/spec-ctrl: Fix NMI race condition with VT-x MSR_SPEC_CTRL handling [Andrew Cooper]
  • bffdcc0dc4: x86/spec-ctrl: Drop SPEC_CTRL_{ENTRY_FROM,EXIT_TO}_HVM [Andrew Cooper]
  • 2e4507eb35: x86/msr: Split MSR_SPEC_CTRL handling [Andrew Cooper]
  • ff2ce10869: x86/guest: Introduce {get,set}_reg() infrastructure [Andrew Cooper]
  • 7ca8706ad5: libxl/PCI: Fix PV hotplug & stubdom coldplug [Jason Andryuk]
  • ac71fdd9ec: x86/time: improve TSC / CPU freq calibration accuracy [Jan Beulich]
  • 793d5ca89f: x86/time: use relative counts in calibration loops [Jan Beulich]
  • 13e7fe4c93: passthrough/x86: stop pirq iteration immediately in case of error [Julien Grall]
  • 2700abffa5: xen/grant-table: Only decrement the refcounter when grant is fully unmapped [Julien Grall]
  • 53220c4f9d: xen/arm: p2m: Always clear the P2M entry when the mapping is removed [Julien Grall]
  • a763f8f158: x86/spec-ctrl: Fix default calculation of opt_srb_lock [Andrew Cooper]
  • 467f98a0e0: revert "hvmloader: PA range 0xfc000000-0xffffffff should be UC" [Jan Beulich]
  • c8260b3d38: x86/cpuid: Fix TSXLDTRK definition [Andrew Cooper]
  • 2204d51e31: x86/HVM: permit CLFLUSH{,OPT} on execute-only code segments [Jan Beulich]
  • 12c6ce12a1: x86: avoid wrong use of all-but-self IPI shorthand [Jan Beulich]
  • 78b3827480: x86/HVM: fail virt-to-linear conversion for insn fetches from non-code segments [Jan Beulich]
  • bf3beeeb5a: x86/Viridian: fix error code use [Jan Beulich]
  • c84755bb6c: VT-d: don't leak domid mapping on error path [Jan Beulich]
  • e3de2e8975: VT-d: split domid map cleanup check into a function [Jan Beulich]
  • 71dfb814b5: efi: fix alignment of function parameters in compat mode [Roger Pau Monné]
  • aba22c67ef: xen/arm: Do not invalidate the P2M when the PT is shared with the IOMMU [Stefano Stabellini]
  • c623a84c2a: MAINTAINERS: Resign from tools stable branch maintainership [Ian Jackson]
  • 544e547a63: x86/P2M: deal with partial success of p2m_set_entry() [Jan Beulich]
  • 4429ca0b29: x86/PoD: handle intermediate page orders in p2m_pod_cache_add() [Jan Beulich]
  • 1da54becd5: x86/PoD: deal with misaligned GFNs [Jan Beulich]
  • d02631a215: xen/page_alloc: Harden assign_pages() [Julien Grall]
  • 963ab606b1: VT-d: fix reduced page table levels support when sharing tables [Jan Beulich]
  • 2a19ee2ba6: public/gnttab: relax v2 recommendation [Jan Beulich]
  • 2fb9c599d0: x86/APIC: avoid iommu_supports_x2apic() on error path [Jan Beulich]
  • 567a8e9996: x86/IOMMU: mark IOMMU / intremap not in use when ACPI tables are missing [Jan Beulich]
  • 03b2a5920f: x86/xstate: reset cached register values on resume [Marek Marczykowski-Górecki]
  • 541ae91207: x86/traps: Fix typo in do_entry_CP() [Andrew Cooper]
  • c61cd82e01: x86/shstk: Fix use of shadow stacks with XPTI active [Andrew Cooper]
  • 751efc5882: update system time immediately when VCPUOP_register_vcpu_info [Dongli Zhang]
  • cae4b7b129: x86/paging: restrict physical address width reported to guests [Jan Beulich]
  • b033a41572: x86/PV: make '0' debug key dump Dom0's stacks again [Jan Beulich]
  • e8a4448174: x86/AMD: make HT range dynamic for Fam17 and up [Jan Beulich]
  • d23e96ede2: x86emul: de-duplicate scatters to the same linear address [Jan Beulich]
  • 93f9c29a2a: x86/HVM: correct cleanup after failed viridian_vcpu_init() [Jan Beulich]
  • 7eaf2a39c4: build: fix dependencies in arch/x86/boot [Anthony PERARD]
  • f90cea9c55: CHANGELOG: set Xen 4.15 release date [Roger Pau Monné]
  • f50ef17c98: x86/PV32: fix physdev_op_compat handling [Jan Beulich]
  • b79615bd7e: AMD/IOMMU: consider hidden devices when flushing device I/O TLBs [Jan Beulich]
  • ad70a247e1: x86/HVM: fix xsm_op for 32-bit guests [Jan Beulich]
  • a2a17eec77: x86/build: suppress EFI-related tool chain checks upon local $(MAKE) recursion [Jan Beulich]
  • d4f39cf717: pci: fix handling of PCI bridges with subordinate bus number 0xff [Igor Druzhinin]
  • a82a0a8900: VT-d: PCI segment numbers are up to 16 bits wide [Jan Beulich]
  • 0950b18ae4: VT-d: consider hidden devices when unmapping [Jan Beulich]
  • c67f652339: x86: quote section names when defining them in linker script [Roger Pau Monné]
  • c3c9a7c890: sched: fix sched_move_domain() for domain without vcpus [Juergen Gross]
  • 8f5a16cdc9: tools/libacpi: Use 64-byte alignment for FACS [Kevin Stefanov]
  • b482e969db: x86/spec-ctrl: Print all AMD speculative hints/features [Andrew Cooper]
  • cb7d7aa4c1: x86/amd: Use newer SSBD mechanisms if they exist [Andrew Cooper]
  • 932ff4385a: x86/amd: Enumeration for speculative features/hints [Andrew Cooper]
  • c554188a0c: x86/spec-ctrl: Split the "Hardware features" diagnostic line [Andrew Cooper]
  • 05df87bc73: build: set policy filename on make command line [Anthony PERARD]
  • 7799c8a026: update Xen version to 4.15.2-pre [Jan Beulich]
  • 3b98d9f35a: VT-d: fix deassign of device with RMRR [Jan Beulich]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.15.1 and qemu-xen-4.15.2).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-376 N/A (Version not vulnerable) N/A N/A
XSA-385 Applied N/A N/A
XSA-386 Applied N/A N/A
XSA-387 Applied N/A N/A
XSA-388 Applied N/A N/A
XSA-389 Applied N/A N/A
XSA-390 Applied N/A N/A
XSA-391 N/A (Linux only) N/A N/A
XSA-392 N/A (Linux only) N/A N/A
XSA-393 Applied N/A N/A
XSA-394 Applied N/A N/A
XSA-395 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.15 stable series to update to this latest point release.