Skip to main content


Xen Project 4.15.4

We are pleased to announce the release of Xen 4.15.4. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.15 (tag RELEASE-4.15.4) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • a056387c53: update Xen version to 4.15.4 [Jan Beulich]
  • 625efe28ab: xen/sched: migrate timers to correct cpus after suspend [Juergen Gross]
  • 201552c5ca: tools/xenstore: call remove_domid_from_perm() for special nodes [Juergen Gross]
  • 32445f23fe: x86/spec-ctrl: Mitigate IBPB not flushing the RSB/RAS [Andrew Cooper]
  • 07be0fe497: x86/spec-ctrl: Enumeration for IBPB_RET [Andrew Cooper]
  • e818f4f0da: tools/xenstore: harden transaction finalization against errors [Juergen Gross]
  • 2d3476effe: tools/xenstore: fix deleting node in transaction [Juergen Gross]
  • d3649d33e1: tools/ocaml: Ensure packet size is never negative [Edwin Török]
  • b9ede0950b: tools/ocaml/xenstored: Fix quota bypass on domain shutdown [Edwin Török]
  • bc3921135c: docs: enhance xenstore.txt with permissions description [Juergen Gross]
  • 4269999ece: tools/xenstore: make the internal memory data base the default [Juergen Gross]
  • da87661d05: tools/xenstore: remove nodes owned by destroyed domain [Juergen Gross]
  • 84674f2067: tools/xenstore: use treewalk for creating node records [Juergen Gross]
  • 9ead584503: tools/xenstore: use treewalk for deleting nodes [Juergen Gross]
  • a95277ee36: tools/xenstore: use treewalk for check_store() [Juergen Gross]
  • 4096512a70: tools/xenstore: simplify check_store() [Juergen Gross]
  • 83b6c511a5: tools/xenstore: add generic treewalk function [Juergen Gross]
  • b9a005b0b4: tools/xenstore: don't let remove_child_entry() call corrupt() [Juergen Gross]
  • 62755d0a90: tools/xenstore: remove recursion from construct_node() [Juergen Gross]
  • 8012324cb9: tools/xenstore: fix checking node permissions [Juergen Gross]
  • 607e186fe0: tools/xenstore: don't use conn->in as context for temporary allocations [Juergen Gross]
  • 26faa6b558: clarify support of untrusted driver domains with oxenstored [Juergen Gross]
  • 64048b4c21: tools/ocaml: Limit maximum in-flight requests / outstanding replies [Edwin Török]
  • 9e5290daf9: tools/ocaml/xb: Add BoundedQueue [Edwin Török]
  • fccdca83a4: tools/ocaml: Change Xb.input to return Packet.t option [Edwin Török]
  • bbb4ceab25: tools/ocaml/libs/xb: hide type of Xb.t [Edwin Török]
  • 9f89883fab: tools/ocaml: GC parameter tuning [Edwin Török]
  • 45816222bb: tools/ocaml/xenstored: Check for maxrequests before performing operations [Edwin Török]
  • 8fabb963e6: tools/ocaml/xenstored: Synchronise defaults with [Edwin Török]
  • 4d30175fda: tools/xenstore: add control command for setting and showing quota [Juergen Gross]
  • 1fc3ecc9bf: tools/xenstore: add exports for quota variables [Juergen Gross]
  • 32efe29a00: tools/xenstore: add memory accounting for nodes [Juergen Gross]
  • 9c2e71fe06: tools/xenstore: add memory accounting for watches [Juergen Gross]
  • 0113aacb3d: tools/xenstore: add memory accounting for responses [Juergen Gross]
  • aa29eb6247: tools/xenstore: add infrastructure to keep track of per domain memory usage [Juergen Gross]
  • ccef72b6a8: tools/xenstore: move the call of setup_structure() to dom0 introduction [Juergen Gross]
  • 1035371fee: tools/xenstore: limit max number of nodes accessed in a transaction [Juergen Gross]
  • 8ee7ed7c1e: tools/xenstore: simplify and fix per domain node accounting [Juergen Gross]
  • 3e51699fcc: tools/xenstore: fix connection->id usage [Juergen Gross]
  • 97c251f953: tools/xenstore: don't buffer multiple identical watch events [Juergen Gross]
  • 56300e8e17: tools/xenstore: limit outstanding requests [Juergen Gross]
  • 53a77b8271: tools/xenstore: let unread watch events time out [Juergen Gross]
  • 8999db805e: tools/xenstore: reduce number of watch events [Juergen Gross]
  • b322923894: tools/xenstore: add helpers to free struct buffered_data [Juergen Gross]
  • 0d8bea403d: tools/xenstore: split up send_reply() [Juergen Gross]
  • 579e7334b9: tools/xenstore: Fail a transaction if it is not possible to create a node [Julien Grall]
  • ee03d9b56e: tools/xenstore: create_node: Don't defer work to undo any changes on failure [Julien Grall]
  • ddab5b1e00: x86/pv-shim: correct ballooning down for compat guests [Igor Druzhinin]
  • b68e3fda8a: x86/pv-shim: correct ballooning up for compat guests [Igor Druzhinin]
  • a46f01fad1: x86/pv-shim: correctly ignore empty onlining requests [Igor Druzhinin]
  • 317894fa6a: common: map_vcpu_info() wants to unshare the underlying page [Jan Beulich]
  • 9b8b65c827: x86: also zap secondary time area handles during soft reset [Jan Beulich]
  • bff4c44579: vpci/msix: remove from table list on detach [Roger Pau Monné]
  • 6b035f4f58: vpci: don't assume that vpci per-device data exists unconditionally [Roger Pau Monné]
  • 08bc78b4ee: x86/shadow: drop (replace) bogus assertions [Jan Beulich]
  • 9c5114696c: xen/sched: fix restore_vcpu_affinity() by removing it [Juergen Gross]
  • 1f679f084f: xen/sched: fix race in RTDS scheduler [Juergen Gross]
  • b833014293: EFI: don't convert memory marked for runtime use to ordinary RAM [Jan Beulich]
  • 916668baf9: argo: Remove reachable ASSERT_UNREACHABLE [Jason Andryuk]
  • 3885fa4234: VMX: correct error handling in vmx_create_vmcs() [Jan Beulich]
  • f8915cd5db: xen/arm: p2m: Populate pages for GICv2 mapping in p2m_init() [Henry Wang]
  • 6f948fd192: arm/p2m: Rework p2m_init() [Andrew Cooper]
  • 816580afdd: libxl/Arm: correct xc_shadow_control() invocation to fix build [Jan Beulich]
  • 0d233924d4: tools/tests: fix wrong backport of upstream commit 52daa6a8483e4 [Juergen Gross]
  • 9690bb261d: x86/vpmu: Fix race-condition in vpmu_load [Tamas K Lengyel]
  • 62e534d17c: x86: wire up VCPUOP_register_vcpu_time_memory_area for 32-bit guests [Jan Beulich]
  • 3ac64b3751: xen/gnttab: fix gnttab_acquire_resource() [Juergen Gross]
  • 182f8bb503: tools/xenstore: minor fix of the migration stream doc [Juergen Gross]
  • 19cf28b515: correct PIE-related option(s) in EMBEDDED_EXTRA_CFLAGS [Jan Beulich]
  • d17680808b: xen/sched: fix cpu hotplug [Juergen Gross]
  • d638c2085f: xen/sched: carve out memory allocation and freeing from schedule_cpu_rm() [Juergen Gross]
  • 735b108444: xen/sched: introduce cpupool_update_node_affinity() [Juergen Gross]
  • 7923ea47e5: x86/CPUID: surface suitable value in EBX of XSTATE subleaf 1 [Jan Beulich]
  • d65ebacb78: tools/libxl: Replace deprecated -soundhw on QEMU command line [Anthony PERARD]
  • bb43a10fef: gnttab: correct locking on transitive grant copy error path [Jan Beulich]
  • 7ad38a39f0: xen/arm: Allocate and free P2M pages from the P2M pool [Henry Wang]
  • c521504457: xen/arm, libxl: Implement XEN_DOMCTL_shadow_op for Arm [Henry Wang]
  • 45336d8f88: xen/arm: Construct the P2M pages pool for guests [Henry Wang]
  • 0c0680d6e7: libxl, docs: Use arch-specific default paging memory [Henry Wang]
  • b03074bb47: xen/x86: p2m: Add preemption in p2m_teardown() [Julien Grall]
  • 686c920fa9: x86/p2m: free the paging memory pool preemptively [Roger Pau Monné]
  • 7f055b011a: x86/p2m: truly free paging pool memory for dying domains [Roger Pau Monné]
  • 4f9b535194: x86/p2m: refuse new allocations for dying domains [Roger Pau Monné]
  • 1e26afa846: x86/shadow: tolerate failure in shadow_prealloc() [Roger Pau Monné]
  • 95f6d555ec: x86/shadow: tolerate failure of sh_set_toplevel_shadow() [Jan Beulich]
  • d24a10a91d: x86/HAP: adjust monitor table related error handling [Jan Beulich]
  • 0f3eab90f3: x86/p2m: add option to skip root pagetable removal in p2m_teardown() [Roger Pau Monné]
  • 0d805f9fba: xen/arm: p2m: Handle preemption when freeing intermediate page tables [Julien Grall]
  • 09fc590c15: xen/arm: p2m: Prevent adding mapping when domain is dying [Julien Grall]
  • 9acedc3c58: PCI: simplify (and thus correct) pci_get_pdev{,_by_domain}() [Jan Beulich]
  • a075900cf7: build/x86: suppress GNU ld 2.39 warning about RWX load segments [Jan Beulich]
  • 104a54a307: x86/amd: only call setup_force_cpu_cap for boot CPU [Ross Lagerwall]
  • fba0c22e79: x86/spec-ctrl: Enumeration for PBRSB_NO [Andrew Cooper]
  • c373ad3d08: tools/libxl: Replace deprecated -sdl option on QEMU command line [Anthony PERARD]
  • 1e31848cdd: xen/sched: setup dom0 vCPUs affinity only once [Dario Faggioli]
  • 5efcae1eb3: x86: Expose more MSR_ARCH_CAPS to hwdom [Jason Andryuk]
  • 8ae0b4d133: x86/spec-ctrl: Use IST RSB protection for !SVM systems [Andrew Cooper]
  • df3395f6b2: x86/msr: fix X2APIC_LAST [Edwin Török]
  • 1b9845dcf9: tools/libxl: env variable to signal whether disk/nic backend is trusted [Roger Pau Monné]
  • b64f1c9e3e: common/memory: Fix ifdefs for ptdom_max_order [Luca Fancellu]
  • 30d3de4c61: x86: also suppress use of MMX insns [Jan Beulich]
  • 4799a202a9: x86emul: add memory operand low bits checks for ENQCMD{,S} [Jan Beulich]
  • a095c6cde8: x86: deal with gcc12 release build issues [Jan Beulich]
  • 5f1d0179e1: x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR [Jan Beulich]
  • c37099426e: xl: move freemem()'s "credit expired" loop exit [Jan Beulich]
  • a2684d9cbb: tools/init-xenstore-domain: fix memory map for PVH stubdom [Juergen Gross]
  • 2173d9c8be: xl: relax freemem()'s retry calculation [Jan Beulich]
  • 3859f3ee7e: x86/mm: correct TLB flush condition in _get_page_type() [Jan Beulich]
  • 35bf91d30f: x86/spec-ctrl: Mitigate Branch Type Confusion when possible [Andrew Cooper]
  • 409976bed9: x86/spec-ctrl: Enable Zen2 chickenbit [Andrew Cooper]
  • 2b29ac476f: x86/cpuid: Enumeration for BTC_NO [Andrew Cooper]
  • f0d78e0c11: x86/spec-ctrl: Support IBPB-on-entry [Andrew Cooper]
  • d7f5fb1e2a: x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST [Andrew Cooper]
  • c707015bf1: x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch [Andrew Cooper]
  • 2cfbca32b9: x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr [Andrew Cooper]
  • 156ab77576: x86/spec-ctrl: Rework spec_ctrl_flags context switching [Andrew Cooper]
  • 505771bb1d: update Xen version to 4.15.4-pre [Jan Beulich]
  • d470a54087: libxl: check return value of libxl__xs_directory in name2bdf [Anthony PERARD]
  • f241cc48da: tools/helpers: fix build of xen-init-dom0 with -Werror [Anthony PERARD]
  • 08bfd4d011: x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives [Andrew Cooper]
  • ae41770687: xen/cmdline: Extend parse_boolean() to signal a name match [Andrew Cooper]
  • 5be1f46f43: x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option [Andrew Cooper]
  • 77deab4233: libxc: fix compilation error with gcc13 [Charles Arnold]
  • cd5081e8c3: x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint [Andrew Cooper]
  • 799a8d4923: x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS [Andrew Cooper]
  • 7fe638c28f: tools/xenstored: Harden corrupt() [Julien Grall]
  • b53df5b434: ehci-dbgp: fix selecting n-th ehci controller [Marek Marczykowski-Górecki]
  • b89b932cfe: IOMMU/x86: work around bogus gcc12 warning in hvm_gsi_eoi() [Jan Beulich]
  • f6e26ce7d9: build: fix exported variable name CFLAGS_stack_boundary [Anthony PERARD]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.15.3 and qemu-xen-4.15.4).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-326 Applied N/A N/A
XSA-403 Applied N/A N/A
XSA-405 N/A (Linux only) N/A N/A
XSA-406 N/A (Linux only) N/A N/A
XSA-407 Applied N/A N/A
XSA-408 Applied N/A N/A
XSA-409 Applied N/A N/A
XSA-410 Applied N/A N/A
XSA-411 Applied N/A N/A
XSA-412 N/A (Version not vulnerable) N/A N/A
XSA-413 N/A (Xapi only) N/A N/A
XSA-414 Applied N/A N/A
XSA-415 Applied N/A N/A
XSA-416 Applied N/A N/A
XSA-417 Applied N/A N/A
XSA-418 Applied N/A N/A
XSA-419 Applied N/A N/A
XSA-420 Applied N/A N/A
XSA-421 Applied N/A N/A
XSA-422 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.15 stable series to update to this latest point release.