We are pleased to announce the release of Xen 4.15.4. This is available immediately from its git repository

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.15 (tag RELEASE-4.15.4) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

• a056387c53: update Xen version to 4.15.4 [Jan Beulich]
• 625efe28ab: xen/sched: migrate timers to correct cpus after suspend [Juergen Gross]
• 201552c5ca: tools/xenstore: call remove_domid_from_perm() for special nodes [Juergen Gross]
• 32445f23fe: x86/spec-ctrl: Mitigate IBPB not flushing the RSB/RAS [Andrew Cooper]
• 07be0fe497: x86/spec-ctrl: Enumeration for IBPB_RET [Andrew Cooper]
• e818f4f0da: tools/xenstore: harden transaction finalization against errors [Juergen Gross]
• 2d3476effe: tools/xenstore: fix deleting node in transaction [Juergen Gross]
• d3649d33e1: tools/ocaml: Ensure packet size is never negative [Edwin Török]
• b9ede0950b: tools/ocaml/xenstored: Fix quota bypass on domain shutdown [Edwin Török]
• bc3921135c: docs: enhance xenstore.txt with permissions description [Juergen Gross]
• 4269999ece: tools/xenstore: make the internal memory data base the default [Juergen Gross]
• da87661d05: tools/xenstore: remove nodes owned by destroyed domain [Juergen Gross]
• 84674f2067: tools/xenstore: use treewalk for creating node records [Juergen Gross]
• 9ead584503: tools/xenstore: use treewalk for deleting nodes [Juergen Gross]
• a95277ee36: tools/xenstore: use treewalk for check_store() [Juergen Gross]
• 4096512a70: tools/xenstore: simplify check_store() [Juergen Gross]
• 83b6c511a5: tools/xenstore: add generic treewalk function [Juergen Gross]
• b9a005b0b4: tools/xenstore: don't let remove_child_entry() call corrupt() [Juergen Gross]
• 62755d0a90: tools/xenstore: remove recursion from construct_node() [Juergen Gross]
• 8012324cb9: tools/xenstore: fix checking node permissions [Juergen Gross]
• 607e186fe0: tools/xenstore: don't use conn->in as context for temporary allocations [Juergen Gross]
• 26faa6b558: SUPPORT.md: clarify support of untrusted driver domains with oxenstored [Juergen Gross]
• 64048b4c21: tools/ocaml: Limit maximum in-flight requests / outstanding replies [Edwin Török]
• 9e5290daf9: tools/ocaml/xb: Add BoundedQueue [Edwin Török]
• fccdca83a4: tools/ocaml: Change Xb.input to return Packet.t option [Edwin Török]
• bbb4ceab25: tools/ocaml/libs/xb: hide type of Xb.t [Edwin Török]
• 9f89883fab: tools/ocaml: GC parameter tuning [Edwin Török]
• 45816222bb: tools/ocaml/xenstored: Check for maxrequests before performing operations [Edwin Török]
• 8fabb963e6: tools/ocaml/xenstored: Synchronise defaults with oxenstore.conf.in [Edwin Török]
• 4d30175fda: tools/xenstore: add control command for setting and showing quota [Juergen Gross]
• 1fc3ecc9bf: tools/xenstore: add exports for quota variables [Juergen Gross]
• 32efe29a00: tools/xenstore: add memory accounting for nodes [Juergen Gross]
• 9c2e71fe06: tools/xenstore: add memory accounting for watches [Juergen Gross]
• 0113aacb3d: tools/xenstore: add memory accounting for responses [Juergen Gross]
• aa29eb6247: tools/xenstore: add infrastructure to keep track of per domain memory usage [Juergen Gross]
• ccef72b6a8: tools/xenstore: move the call of setup_structure() to dom0 introduction [Juergen Gross]
• 1035371fee: tools/xenstore: limit max number of nodes accessed in a transaction [Juergen Gross]
• 8ee7ed7c1e: tools/xenstore: simplify and fix per domain node accounting [Juergen Gross]
• 3e51699fcc: tools/xenstore: fix connection->id usage [Juergen Gross]
• 97c251f953: tools/xenstore: don't buffer multiple identical watch events [Juergen Gross]
• 56300e8e17: tools/xenstore: limit outstanding requests [Juergen Gross]
• 53a77b8271: tools/xenstore: let unread watch events time out [Juergen Gross]
• 8999db805e: tools/xenstore: reduce number of watch events [Juergen Gross]
• b322923894: tools/xenstore: add helpers to free struct buffered_data [Juergen Gross]
• 0d8bea403d: tools/xenstore: split up send_reply() [Juergen Gross]
• 579e7334b9: tools/xenstore: Fail a transaction if it is not possible to create a node [Julien Grall]
• ee03d9b56e: tools/xenstore: create_node: Don't defer work to undo any changes on failure [Julien Grall]
• ddab5b1e00: x86/pv-shim: correct ballooning down for compat guests [Igor Druzhinin]
• b68e3fda8a: x86/pv-shim: correct ballooning up for compat guests [Igor Druzhinin]
• a46f01fad1: x86/pv-shim: correctly ignore empty onlining requests [Igor Druzhinin]
• 317894fa6a: common: map_vcpu_info() wants to unshare the underlying page [Jan Beulich]
• 9b8b65c827: x86: also zap secondary time area handles during soft reset [Jan Beulich]
• bff4c44579: vpci/msix: remove from table list on detach [Roger Pau Monné]
• 6b035f4f58: vpci: don't assume that vpci per-device data exists unconditionally [Roger Pau Monné]
• 08bc78b4ee: x86/shadow: drop (replace) bogus assertions [Jan Beulich]
• 9c5114696c: xen/sched: fix restore_vcpu_affinity() by removing it [Juergen Gross]
• 1f679f084f: xen/sched: fix race in RTDS scheduler [Juergen Gross]
• b833014293: EFI: don't convert memory marked for runtime use to ordinary RAM [Jan Beulich]
• 916668baf9: argo: Remove reachable ASSERT_UNREACHABLE [Jason Andryuk]
• 3885fa4234: VMX: correct error handling in vmx_create_vmcs() [Jan Beulich]
• f8915cd5db: xen/arm: p2m: Populate pages for GICv2 mapping in p2m_init() [Henry Wang]
• 6f948fd192: arm/p2m: Rework p2m_init() [Andrew Cooper]
• 816580afdd: libxl/Arm: correct xc_shadow_control() invocation to fix build [Jan Beulich]
• 0d233924d4: tools/tests: fix wrong backport of upstream commit 52daa6a8483e4 [Juergen Gross]
• 9690bb261d: x86/vpmu: Fix race-condition in vpmu_load [Tamas K Lengyel]
• 62e534d17c: x86: wire up VCPUOP_register_vcpu_time_memory_area for 32-bit guests [Jan Beulich]
• 3ac64b3751: xen/gnttab: fix gnttab_acquire_resource() [Juergen Gross]
• 182f8bb503: tools/xenstore: minor fix of the migration stream doc [Juergen Gross]
• 19cf28b515: Config.mk: correct PIE-related option(s) in EMBEDDED_EXTRA_CFLAGS [Jan Beulich]
• d17680808b: xen/sched: fix cpu hotplug [Juergen Gross]
• d638c2085f: xen/sched: carve out memory allocation and freeing from schedule_cpu_rm() [Juergen Gross]
• 735b108444: xen/sched: introduce cpupool_update_node_affinity() [Juergen Gross]
• 7923ea47e5: x86/CPUID: surface suitable value in EBX of XSTATE subleaf 1 [Jan Beulich]
• d65ebacb78: tools/libxl: Replace deprecated -soundhw on QEMU command line [Anthony PERARD]
• bb43a10fef: gnttab: correct locking on transitive grant copy error path [Jan Beulich]
• 7ad38a39f0: xen/arm: Allocate and free P2M pages from the P2M pool [Henry Wang]
• c521504457: xen/arm, libxl: Implement XEN_DOMCTL_shadow_op for Arm [Henry Wang]
• 45336d8f88: xen/arm: Construct the P2M pages pool for guests [Henry Wang]
• 0c0680d6e7: libxl, docs: Use arch-specific default paging memory [Henry Wang]
• b03074bb47: xen/x86: p2m: Add preemption in p2m_teardown() [Julien Grall]
• 686c920fa9: x86/p2m: free the paging memory pool preemptively [Roger Pau Monné]
• 7f055b011a: x86/p2m: truly free paging pool memory for dying domains [Roger Pau Monné]
• 4f9b535194: x86/p2m: refuse new allocations for dying domains [Roger Pau Monné]
• 1e26afa846: x86/shadow: tolerate failure in shadow_prealloc() [Roger Pau Monné]
• 95f6d555ec: x86/shadow: tolerate failure of sh_set_toplevel_shadow() [Jan Beulich]
• d24a10a91d: x86/HAP: adjust monitor table related error handling [Jan Beulich]
• 0f3eab90f3: x86/p2m: add option to skip root pagetable removal in p2m_teardown() [Roger Pau Monné]
• 0d805f9fba: xen/arm: p2m: Handle preemption when freeing intermediate page tables [Julien Grall]
• 09fc590c15: xen/arm: p2m: Prevent adding mapping when domain is dying [Julien Grall]
• 9acedc3c58: PCI: simplify (and thus correct) pci_get_pdev{,_by_domain}() [Jan Beulich]
• a075900cf7: build/x86: suppress GNU ld 2.39 warning about RWX load segments [Jan Beulich]
• 104a54a307: x86/amd: only call setup_force_cpu_cap for boot CPU [Ross Lagerwall]
• fba0c22e79: x86/spec-ctrl: Enumeration for PBRSB_NO [Andrew Cooper]
• c373ad3d08: tools/libxl: Replace deprecated -sdl option on QEMU command line [Anthony PERARD]
• 1e31848cdd: xen/sched: setup dom0 vCPUs affinity only once [Dario Faggioli]
• 5efcae1eb3: x86: Expose more MSR_ARCH_CAPS to hwdom [Jason Andryuk]
• 8ae0b4d133: x86/spec-ctrl: Use IST RSB protection for !SVM systems [Andrew Cooper]
• df3395f6b2: x86/msr: fix X2APIC_LAST [Edwin Török]
• 1b9845dcf9: tools/libxl: env variable to signal whether disk/nic backend is trusted [Roger Pau Monné]
• b64f1c9e3e: common/memory: Fix ifdefs for ptdom_max_order [Luca Fancellu]
• 30d3de4c61: x86: also suppress use of MMX insns [Jan Beulich]
• 4799a202a9: x86emul: add memory operand low bits checks for ENQCMD{,S} [Jan Beulich]
• a095c6cde8: x86: deal with gcc12 release build issues [Jan Beulich]
• 5f1d0179e1: x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR [Jan Beulich]
• c37099426e: xl: move freemem()'s "credit expired" loop exit [Jan Beulich]
• a2684d9cbb: tools/init-xenstore-domain: fix memory map for PVH stubdom [Juergen Gross]
• 2173d9c8be: xl: relax freemem()'s retry calculation [Jan Beulich]
• 3859f3ee7e: x86/mm: correct TLB flush condition in _get_page_type() [Jan Beulich]
• 35bf91d30f: x86/spec-ctrl: Mitigate Branch Type Confusion when possible [Andrew Cooper]
• 409976bed9: x86/spec-ctrl: Enable Zen2 chickenbit [Andrew Cooper]
• 2b29ac476f: x86/cpuid: Enumeration for BTC_NO [Andrew Cooper]
• f0d78e0c11: x86/spec-ctrl: Support IBPB-on-entry [Andrew Cooper]
• d7f5fb1e2a: x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST [Andrew Cooper]
• c707015bf1: x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch [Andrew Cooper]
• 2cfbca32b9: x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr [Andrew Cooper]
• 156ab77576: x86/spec-ctrl: Rework spec_ctrl_flags context switching [Andrew Cooper]
• 505771bb1d: update Xen version to 4.15.4-pre [Jan Beulich]
• d470a54087: libxl: check return value of libxl__xs_directory in name2bdf [Anthony PERARD]
• f241cc48da: tools/helpers: fix build of xen-init-dom0 with -Werror [Anthony PERARD]
• 08bfd4d011: x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives [Andrew Cooper]
• ae41770687: xen/cmdline: Extend parse_boolean() to signal a name match [Andrew Cooper]
• 5be1f46f43: x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option [Andrew Cooper]
• 77deab4233: libxc: fix compilation error with gcc13 [Charles Arnold]
• cd5081e8c3: x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint [Andrew Cooper]
• 799a8d4923: x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS [Andrew Cooper]
• 7fe638c28f: tools/xenstored: Harden corrupt() [Julien Grall]
• b53df5b434: ehci-dbgp: fix selecting n-th ehci controller [Marek Marczykowski-Górecki]
• b89b932cfe: IOMMU/x86: work around bogus gcc12 warning in hvm_gsi_eoi() [Jan Beulich]
• f6e26ce7d9: build: fix exported variable name CFLAGS_stack_boundary [Anthony PERARD]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.15.3 and qemu-xen-4.15.4).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.15 stable series to update to this latest point release.