Skip to main content


Xen Project 4.15.3

We are pleased to announce the release of Xen 4.15.3. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.15 (tag RELEASE-4.15.3) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • cc3329fbfb: update Xen version to 4.15.3 [Jan Beulich]
  • a3faf63260: x86/spec-ctrl: Add spec-ctrl=unpriv-mmio [Andrew Cooper]
  • 680c6f4d6b: x86/spec-ctrl: Enumeration for MMIO Stale Data controls [Andrew Cooper]
  • 1a377949ce: x86/spec-ctrl: Make VERW flushing runtime conditional [Andrew Cooper]
  • 0d12261727: x86/mm: account for PGT_pae_xen_l2 in recently added assertion [Jan Beulich]
  • a851dbce68: x86/pv: Track and flush non-coherent mappings of RAM [Andrew Cooper]
  • 890efc0d2e: x86/amd: Work around CLFLUSH ordering on older parts [Andrew Cooper]
  • 78fd76e188: x86: Split cache_flush() out of cache_writeback() [Andrew Cooper]
  • 9b1e1e74a6: x86: Don't change the cacheability of the directmap [Andrew Cooper]
  • 887b5ff293: x86/page: Introduce _PAGE_* constants for memory types [Andrew Cooper]
  • 82a94a179c: x86/pv: Fix ABAC cmpxchg() race in _get_page_type() [Andrew Cooper]
  • cc74ff8823: x86/pv: Clean up _get_page_type() [Andrew Cooper]
  • 64249afeb6: PCI: don't allow "pci-phantom=" to mark real devices as phantom functions [Jan Beulich]
  • c7f9e0e30d: ns16550: use poll mode if INTERRUPT_LINE is 0xff [Marek Marczykowski-Górecki]
  • f6594c3f05: build: silence GNU ld warning about executable stacks [Jan Beulich]
  • fcbee61b21: build: suppress GNU ld warning about RWX load segments [Jan Beulich]
  • c6e560b903: xen: io: Fix race between sending an I/O and domain shutdown [Julien Grall]
  • 0a7f20c0df: linker/lld: do not generate quoted section names [Roger Pau Monné]
  • c92c99fdfa: kconfig: detect LD implementation [Roger Pau Monné]
  • 30c9ec31b3: x86/msr: handle reads to MSR_P5_MC_{ADDR,TYPE} [Roger Pau Monné]
  • 9e818d4edc: IOMMU/x86: disallow device assignment to PoD guests [Jan Beulich]
  • dc798302e7: IOMMU: make domctl handler tolerate NULL domain [Jan Beulich]
  • 3b1031b3b4: xen/iommu: cleanup iommu related domctl handling [Juergen Gross]
  • 2e6062aa82: tools/libs/light: don't set errno to a negative value [Juergen Gross]
  • b8a3edba1f: tools/libs/guest: don't set errno to a negative value [Juergen Gross]
  • f151bb7ce4: tools/libs/ctrl: don't set errno to a negative value [Juergen Gross]
  • defa8807bf: tools/libs/evtchn: don't set errno to negative values [Juergen Gross]
  • 3b154fdda9: xen/build: Fix dependency for the MAP rule [Andrew Cooper]
  • fc371c9f4f: x86/mm: avoid inadvertently degrading a TLB flush to local only [David Vrabel]
  • e73ab4e84b: VT-d: refuse to use IOMMU with reserved CAP.ND value [Jan Beulich]
  • 94b4745948: xen: fix XEN_DOMCTL_gdbsx_guestmemio crash [Juergen Gross]
  • ef1df2a144: x86/irq: skip unmap_domain_pirq XSM during destruction [Jason Andryuk]
  • d9e73f6320: livepatch: avoid relocations referencing ignored section symbols [Roger Pau Monné]
  • cf395f82c9: livepatch: do not ignore sections with 0 size [Roger Pau Monné]
  • 2119c91edb: vPCI: fix MSI-X PBA read/write gprintk()s [Jan Beulich]
  • d32c347edb: x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies [Andrew Cooper]
  • b3ee746000: VT-d: avoid infinite recursion on domain_context_mapping_one() error path [Jan Beulich]
  • 3ecdd44f28: VT-d: avoid NULL deref on domain_context_mapping_one() error paths [Jan Beulich]
  • a5b52c357c: VT-d: don't needlessly look up DID [Jan Beulich]
  • 10cd51d5bf: tools/firmware: do not add a section [Roger Pau Monné]
  • 9fbd91a388: tools/firmware: force -fcf-protection=none [Roger Pau Monné]
  • 7b181e559a: libxl: Re-scope usage [Jason Andryuk]
  • d9b39c308d: libxl: Don't segfault on soft-reset failure [Jason Andryuk]
  • 00535c8a74: xl: Fix global pci options [Jason Andryuk]
  • 3dc39cfd72: tools/libs/light: set video_mem for PVH guests [Juergen Gross]
  • aaa6102880: IOMMU/x86: use per-device page tables for quarantining [Jan Beulich]
  • ed84ea00e0: AMD/IOMMU: abstract maximum number of page table levels [Jan Beulich]
  • 0bd3ff2551: IOMMU/x86: drop TLB flushes from quarantine_init() hooks [Jan Beulich]
  • 46cfaece2f: IOMMU/x86: maintain a per-device pseudo domain ID [Jan Beulich]
  • ffb18f98e1: VT-d: prepare for per-device quarantine page tables (part II) [Jan Beulich]
  • 067f9ddc17: VT-d: prepare for per-device quarantine page tables (part I) [Jan Beulich]
  • 754cabadc9: AMD/IOMMU: re-assign devices directly [Jan Beulich]
  • d67a72c655: VT-d: re-assign devices directly [Jan Beulich]
  • 7bbcacec42: VT-d: drop ownership checking from domain_context_mapping_one() [Jan Beulich]
  • 74b8d7c04d: IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter [Jan Beulich]
  • 3d65d2fa8b: VT-d: fix add/remove ordering when RMRRs are in use [Jan Beulich]
  • 1427c846e4: VT-d: fix (de)assign ordering when RMRRs are in use [Jan Beulich]
  • aafd4f1df0: VT-d: correct ordering of operations in cleanup_domid_map() [Jan Beulich]
  • e717e74fcd: x86/hap: do not switch on log dirty for VRAM tracking [Roger Pau Monné]
  • e11d98d6fc: livepatch: account for patch offset when applying NOP patch [Jan Beulich]
  • dd79dcc9f1: vpci/msix: fix PBA accesses [Roger Pau Monné]
  • bb43e0e1ca: livepatch: resolve old address before function verification [Bjoern Doebel]
  • 3c8e7395e2: x86/cet: Remove XEN_SHSTK's dependency on EXPERT [Andrew Cooper]
  • be9facf323: xen/x86: Livepatch: support patching CET-enhanced functions [Bjoern Doebel]
  • 74aeb55574: x86/cet: Remove writeable mapping of the BSPs shadow stack [Andrew Cooper]
  • c3407c77a0: x86/cet: Clear IST supervisor token busy bits on S3 resume [Andrew Cooper]
  • c0b7bbed60: x86/kexec: Fix kexec-reboot with CET active [Andrew Cooper]
  • 67fa16fbc2: x86/spec-ctrl: Disable retpolines with CET-IBT [Andrew Cooper]
  • 82fc152856: x86/CET: Fix S3 resume with shadow stacks active [Andrew Cooper]
  • 7f35c1f34b: x86: Enable CET Indirect Branch Tracking [Andrew Cooper]
  • cf7bd0919f: x86/EFI: Disable CET-IBT around Runtime Services calls [Andrew Cooper]
  • 368cffb5be: x86/setup: Rework MSR_S_CET handling for CET-IBT [Andrew Cooper]
  • c3fed31049: x86/entry: Make IDT entrypoints CET-IBT compatible [Andrew Cooper]
  • b75e78f1ec: x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible [Andrew Cooper]
  • ddeebb5f09: x86/emul: Update emulation stubs to be CET-IBT compatible [Andrew Cooper]
  • 86a3a18552: x86: Introduce helpers/checks for endbr64 instructions [Andrew Cooper]
  • c887960197: x86/traps: Rework write_stub_trampoline() to not hardcode the jmp [Andrew Cooper]
  • aa53c1299b: x86/alternatives: Clear CR4.CET when clearing CR0.WP [Andrew Cooper]
  • 473f7cb1a1: x86/setup: Read CR4 earlier in __start_xen() [Andrew Cooper]
  • 96233cf87b: x86: Introduce support for CET-IBT [Andrew Cooper]
  • cd751c09a5: xz: validate the value before assigning it to an enum variable [Lasse Collin]
  • a12402e4d0: xz: avoid overlapping memcpy() with invalid input with in-place decompression [Lasse Collin]
  • ef27037d43: tools/libxl: don't allow IOMMU usage with PoD [Roger Pau Monné]
  • b4632c9cf5: x86/console: process softirqs between warning prints [Roger Pau Monné]
  • 1b50f41b3b: x86/spec-ctrl: Cease using thunk=lfence on AMD [Andrew Cooper]
  • 65110f4953: xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 [Bertrand Marquis]
  • eed4a84a83: xen/arm: Add Spectre BHB handling [Rahul Singh]
  • 7259e87984: xen/arm: Add ECBHB and CLEARBHB ID fields [Bertrand Marquis]
  • 9a4a4abb59: xen/arm: move errata CSV2 check earlier [Bertrand Marquis]
  • 5f097af94e: xen/arm: Introduce new Arm processors [Bertrand Marquis]
  • 084bf6b19a: x86emul: fix VPBLENDMW with mask and memory operand [Jan Beulich]
  • 3bf48e5325: tools/libs: Fix build dependencies [Anthony PERARD]
  • ef47070bbb: tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL [Dario Faggioli]
  • 59a5fbd6fe: libxl: force netback to wait for hotplug execution before connecting [Roger Pau Monné]
  • 11eedbb0bb: tools/libxl: Correctly align the ACPI tables [Kevin Stefanov]
  • 124b801333: update Xen version to 4.15.3-pre [Jan Beulich]
  • 1ec097c35c: x86/spec-ctrl: Support Intel PSFD for guests [Andrew Cooper]
  • 96c17e7caf: x86/cpuid: Infrastructure for cpuid word 7:2.edx [Andrew Cooper]
  • d5d7a8f7e6: x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R [Andrew Cooper]
  • 8ae80402a2: x86/tsx: Move has_rtm_always_abort to an outer scope [Andrew Cooper]
  • fdd61d3c05: x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling [Andrew Cooper]
  • ff1215c25f: x86/cpuid: Infrastructure for leaf 7:1.ebx [Jan Beulich]
  • 0facadbbf7: x86/cpuid: Disentangle logic for new feature leaves [Andrew Cooper]
  • 7f3b726c6a: x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default [Andrew Cooper]
  • a7d7136673: x86/msr: AMD MSR_SPEC_CTRL infrastructure [Andrew Cooper]
  • 5a76649547: x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL [Andrew Cooper]
  • b21f5076bb: x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD [Andrew Cooper]
  • 73b4e89746: x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL [Andrew Cooper]
  • 21dd4ef9a6: x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 [Andrew Cooper]
  • 3bc15a1a64: x86/spec-ctrl: Introduce new has_spec_ctrl boolean [Andrew Cooper]
  • ca3fcbde25: x86/spec-ctrl: Drop use_spec_ctrl boolean [Andrew Cooper]
  • 82b2033090: x86/cpuid: Advertise SSB_NO to guests by default [Andrew Cooper]
  • beb522fc03: x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL [Andrew Cooper]
  • 0bec5b0c6e: x86/vmx: Drop spec_ctrl load in VMEntry path [Andrew Cooper]
  • 0d89d04f63: x86/cpuid: support LFENCE always serialising CPUID bit [Roger Pau Monné]
  • 576218ea82: x86/amd: split LFENCE dispatch serializing setup logic into helper [Roger Pau Monné]
  • 3a9450fe5e: MAINTAINERS: Anthony is stable branch tools maintainer [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:


This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.15.2 and qemu-xen-4.15.3).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-396 N/A (Linux Only) N/A N/A
XSA-397 Applied N/A N/A
XSA-398 Applied N/A N/A
XSA-399 Applied N/A N/A
XSA-400 Applied N/A N/A
XSA-401 Applied N/A N/A
XSA-402 Applied N/A N/A
XSA-404 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.15 stable series to update to this latest point release.