Skip to main content

Downloads

Xen Project 4.15.3

We are pleased to announce the release of Xen 4.15.3. This is available immediately from its git repository

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.15 (tag RELEASE-4.15.3) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • cc3329fbfb: update Xen version to 4.15.3 [Jan Beulich]
  • a3faf63260: x86/spec-ctrl: Add spec-ctrl=unpriv-mmio [Andrew Cooper]
  • 680c6f4d6b: x86/spec-ctrl: Enumeration for MMIO Stale Data controls [Andrew Cooper]
  • 1a377949ce: x86/spec-ctrl: Make VERW flushing runtime conditional [Andrew Cooper]
  • 0d12261727: x86/mm: account for PGT_pae_xen_l2 in recently added assertion [Jan Beulich]
  • a851dbce68: x86/pv: Track and flush non-coherent mappings of RAM [Andrew Cooper]
  • 890efc0d2e: x86/amd: Work around CLFLUSH ordering on older parts [Andrew Cooper]
  • 78fd76e188: x86: Split cache_flush() out of cache_writeback() [Andrew Cooper]
  • 9b1e1e74a6: x86: Don't change the cacheability of the directmap [Andrew Cooper]
  • 887b5ff293: x86/page: Introduce _PAGE_* constants for memory types [Andrew Cooper]
  • 82a94a179c: x86/pv: Fix ABAC cmpxchg() race in _get_page_type() [Andrew Cooper]
  • cc74ff8823: x86/pv: Clean up _get_page_type() [Andrew Cooper]
  • 64249afeb6: PCI: don't allow "pci-phantom=" to mark real devices as phantom functions [Jan Beulich]
  • c7f9e0e30d: ns16550: use poll mode if INTERRUPT_LINE is 0xff [Marek Marczykowski-Górecki]
  • f6594c3f05: build: silence GNU ld warning about executable stacks [Jan Beulich]
  • fcbee61b21: build: suppress GNU ld warning about RWX load segments [Jan Beulich]
  • c6e560b903: xen: io: Fix race between sending an I/O and domain shutdown [Julien Grall]
  • 0a7f20c0df: linker/lld: do not generate quoted section names [Roger Pau Monné]
  • c92c99fdfa: kconfig: detect LD implementation [Roger Pau Monné]
  • 30c9ec31b3: x86/msr: handle reads to MSR_P5_MC_{ADDR,TYPE} [Roger Pau Monné]
  • 9e818d4edc: IOMMU/x86: disallow device assignment to PoD guests [Jan Beulich]
  • dc798302e7: IOMMU: make domctl handler tolerate NULL domain [Jan Beulich]
  • 3b1031b3b4: xen/iommu: cleanup iommu related domctl handling [Juergen Gross]
  • 2e6062aa82: tools/libs/light: don't set errno to a negative value [Juergen Gross]
  • b8a3edba1f: tools/libs/guest: don't set errno to a negative value [Juergen Gross]
  • f151bb7ce4: tools/libs/ctrl: don't set errno to a negative value [Juergen Gross]
  • defa8807bf: tools/libs/evtchn: don't set errno to negative values [Juergen Gross]
  • 3b154fdda9: xen/build: Fix dependency for the MAP rule [Andrew Cooper]
  • fc371c9f4f: x86/mm: avoid inadvertently degrading a TLB flush to local only [David Vrabel]
  • e73ab4e84b: VT-d: refuse to use IOMMU with reserved CAP.ND value [Jan Beulich]
  • 94b4745948: xen: fix XEN_DOMCTL_gdbsx_guestmemio crash [Juergen Gross]
  • ef1df2a144: x86/irq: skip unmap_domain_pirq XSM during destruction [Jason Andryuk]
  • d9e73f6320: livepatch: avoid relocations referencing ignored section symbols [Roger Pau Monné]
  • cf395f82c9: livepatch: do not ignore sections with 0 size [Roger Pau Monné]
  • 2119c91edb: vPCI: fix MSI-X PBA read/write gprintk()s [Jan Beulich]
  • d32c347edb: x86/cpuid: Clobber CPUID leaves 0x800000{1d..20} in policies [Andrew Cooper]
  • b3ee746000: VT-d: avoid infinite recursion on domain_context_mapping_one() error path [Jan Beulich]
  • 3ecdd44f28: VT-d: avoid NULL deref on domain_context_mapping_one() error paths [Jan Beulich]
  • a5b52c357c: VT-d: don't needlessly look up DID [Jan Beulich]
  • 10cd51d5bf: tools/firmware: do not add a .note.gnu.property section [Roger Pau Monné]
  • 9fbd91a388: tools/firmware: force -fcf-protection=none [Roger Pau Monné]
  • 7b181e559a: libxl: Re-scope qmp_proxy_spawn.ao usage [Jason Andryuk]
  • d9b39c308d: libxl: Don't segfault on soft-reset failure [Jason Andryuk]
  • 00535c8a74: xl: Fix global pci options [Jason Andryuk]
  • 3dc39cfd72: tools/libs/light: set video_mem for PVH guests [Juergen Gross]
  • aaa6102880: IOMMU/x86: use per-device page tables for quarantining [Jan Beulich]
  • ed84ea00e0: AMD/IOMMU: abstract maximum number of page table levels [Jan Beulich]
  • 0bd3ff2551: IOMMU/x86: drop TLB flushes from quarantine_init() hooks [Jan Beulich]
  • 46cfaece2f: IOMMU/x86: maintain a per-device pseudo domain ID [Jan Beulich]
  • ffb18f98e1: VT-d: prepare for per-device quarantine page tables (part II) [Jan Beulich]
  • 067f9ddc17: VT-d: prepare for per-device quarantine page tables (part I) [Jan Beulich]
  • 754cabadc9: AMD/IOMMU: re-assign devices directly [Jan Beulich]
  • d67a72c655: VT-d: re-assign devices directly [Jan Beulich]
  • 7bbcacec42: VT-d: drop ownership checking from domain_context_mapping_one() [Jan Beulich]
  • 74b8d7c04d: IOMMU/x86: tighten iommu_alloc_pgtable()'s parameter [Jan Beulich]
  • 3d65d2fa8b: VT-d: fix add/remove ordering when RMRRs are in use [Jan Beulich]
  • 1427c846e4: VT-d: fix (de)assign ordering when RMRRs are in use [Jan Beulich]
  • aafd4f1df0: VT-d: correct ordering of operations in cleanup_domid_map() [Jan Beulich]
  • e717e74fcd: x86/hap: do not switch on log dirty for VRAM tracking [Roger Pau Monné]
  • e11d98d6fc: livepatch: account for patch offset when applying NOP patch [Jan Beulich]
  • dd79dcc9f1: vpci/msix: fix PBA accesses [Roger Pau Monné]
  • bb43e0e1ca: livepatch: resolve old address before function verification [Bjoern Doebel]
  • 3c8e7395e2: x86/cet: Remove XEN_SHSTK's dependency on EXPERT [Andrew Cooper]
  • be9facf323: xen/x86: Livepatch: support patching CET-enhanced functions [Bjoern Doebel]
  • 74aeb55574: x86/cet: Remove writeable mapping of the BSPs shadow stack [Andrew Cooper]
  • c3407c77a0: x86/cet: Clear IST supervisor token busy bits on S3 resume [Andrew Cooper]
  • c0b7bbed60: x86/kexec: Fix kexec-reboot with CET active [Andrew Cooper]
  • 67fa16fbc2: x86/spec-ctrl: Disable retpolines with CET-IBT [Andrew Cooper]
  • 82fc152856: x86/CET: Fix S3 resume with shadow stacks active [Andrew Cooper]
  • 7f35c1f34b: x86: Enable CET Indirect Branch Tracking [Andrew Cooper]
  • cf7bd0919f: x86/EFI: Disable CET-IBT around Runtime Services calls [Andrew Cooper]
  • 368cffb5be: x86/setup: Rework MSR_S_CET handling for CET-IBT [Andrew Cooper]
  • c3fed31049: x86/entry: Make IDT entrypoints CET-IBT compatible [Andrew Cooper]
  • b75e78f1ec: x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible [Andrew Cooper]
  • ddeebb5f09: x86/emul: Update emulation stubs to be CET-IBT compatible [Andrew Cooper]
  • 86a3a18552: x86: Introduce helpers/checks for endbr64 instructions [Andrew Cooper]
  • c887960197: x86/traps: Rework write_stub_trampoline() to not hardcode the jmp [Andrew Cooper]
  • aa53c1299b: x86/alternatives: Clear CR4.CET when clearing CR0.WP [Andrew Cooper]
  • 473f7cb1a1: x86/setup: Read CR4 earlier in __start_xen() [Andrew Cooper]
  • 96233cf87b: x86: Introduce support for CET-IBT [Andrew Cooper]
  • cd751c09a5: xz: validate the value before assigning it to an enum variable [Lasse Collin]
  • a12402e4d0: xz: avoid overlapping memcpy() with invalid input with in-place decompression [Lasse Collin]
  • ef27037d43: tools/libxl: don't allow IOMMU usage with PoD [Roger Pau Monné]
  • b4632c9cf5: x86/console: process softirqs between warning prints [Roger Pau Monné]
  • 1b50f41b3b: x86/spec-ctrl: Cease using thunk=lfence on AMD [Andrew Cooper]
  • 65110f4953: xen/arm: Allow to discover and use SMCCC_ARCH_WORKAROUND_3 [Bertrand Marquis]
  • eed4a84a83: xen/arm: Add Spectre BHB handling [Rahul Singh]
  • 7259e87984: xen/arm: Add ECBHB and CLEARBHB ID fields [Bertrand Marquis]
  • 9a4a4abb59: xen/arm: move errata CSV2 check earlier [Bertrand Marquis]
  • 5f097af94e: xen/arm: Introduce new Arm processors [Bertrand Marquis]
  • 084bf6b19a: x86emul: fix VPBLENDMW with mask and memory operand [Jan Beulich]
  • 3bf48e5325: tools/libs: Fix build dependencies [Anthony PERARD]
  • ef47070bbb: tools/libs/light: don't touch nr_vcpus_out if listing vcpus and returning NULL [Dario Faggioli]
  • 59a5fbd6fe: libxl: force netback to wait for hotplug execution before connecting [Roger Pau Monné]
  • 11eedbb0bb: tools/libxl: Correctly align the ACPI tables [Kevin Stefanov]
  • 124b801333: update Xen version to 4.15.3-pre [Jan Beulich]
  • 1ec097c35c: x86/spec-ctrl: Support Intel PSFD for guests [Andrew Cooper]
  • 96c17e7caf: x86/cpuid: Infrastructure for cpuid word 7:2.edx [Andrew Cooper]
  • d5d7a8f7e6: x86/tsx: Cope with TSX deprecation on WHL-R/CFL-R [Andrew Cooper]
  • 8ae80402a2: x86/tsx: Move has_rtm_always_abort to an outer scope [Andrew Cooper]
  • fdd61d3c05: x86/spec-ctrl: Clean up MSR_MCU_OPT_CTRL handling [Andrew Cooper]
  • ff1215c25f: x86/cpuid: Infrastructure for leaf 7:1.ebx [Jan Beulich]
  • 0facadbbf7: x86/cpuid: Disentangle logic for new feature leaves [Andrew Cooper]
  • 7f3b726c6a: x86/cpuid: Enable MSR_SPEC_CTRL in SVM guests by default [Andrew Cooper]
  • a7d7136673: x86/msr: AMD MSR_SPEC_CTRL infrastructure [Andrew Cooper]
  • 5a76649547: x86/svm: VMEntry/Exit logic for MSR_SPEC_CTRL [Andrew Cooper]
  • b21f5076bb: x86/spec-ctrl: Use common MSR_SPEC_CTRL logic for AMD [Andrew Cooper]
  • 73b4e89746: x86/spec-ctrl: Record the last write to MSR_SPEC_CTRL [Andrew Cooper]
  • 21dd4ef9a6: x86/spec-ctrl: Don't use spec_ctrl_{enter,exit}_idle() for S3 [Andrew Cooper]
  • 3bc15a1a64: x86/spec-ctrl: Introduce new has_spec_ctrl boolean [Andrew Cooper]
  • ca3fcbde25: x86/spec-ctrl: Drop use_spec_ctrl boolean [Andrew Cooper]
  • 82b2033090: x86/cpuid: Advertise SSB_NO to guests by default [Andrew Cooper]
  • beb522fc03: x86/msr: Fix migration compatibility issue with MSR_SPEC_CTRL [Andrew Cooper]
  • 0bec5b0c6e: x86/vmx: Drop spec_ctrl load in VMEntry path [Andrew Cooper]
  • 0d89d04f63: x86/cpuid: support LFENCE always serialising CPUID bit [Roger Pau Monné]
  • 576218ea82: x86/amd: split LFENCE dispatch serializing setup logic into helper [Roger Pau Monné]
  • 3a9450fe5e: MAINTAINERS: Anthony is stable branch tools maintainer [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:

    FIXME

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.15.2 and qemu-xen-4.15.3).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-396 N/A (Linux Only) N/A N/A
XSA-397 Applied N/A N/A
XSA-398 Applied N/A N/A
XSA-399 Applied N/A N/A
XSA-400 Applied N/A N/A
XSA-401 Applied N/A N/A
XSA-402 Applied N/A N/A
XSA-404 Applied N/A N/A

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.15 stable series to update to this latest point release.