Skip to main content


Xen Project 4.15.5

We are pleased to announce the release of Xen 4.15.5. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.15 (tag RELEASE-4.15.5) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • da7f151a63: Update Xen to version 4.15.5 [Andrew Cooper]
  • 1c5c12d3b3: x86/spec-ctrl: Mitigate Gather Data Sampling [Andrew Cooper]
  • abdfd73286: x86/spec-ctrl: Enumerations for Gather Data Sampling [Andrew Cooper]
  • dab61d18df: x86/cpu-policy: Hide CLWB by default on SKX/CLX/CPX [Andrew Cooper]
  • b066b60cf0: x86/spec-ctrl: Mitigate Speculative Return Stack Overflow [Andrew Cooper]
  • 30de2397d2: x86/spec-ctrl: Enumerations for Speculative Return Stack Overflow [Andrew Cooper]
  • 42105f5435: x86/spec-ctrl: Rework ibpb_calculations() [Andrew Cooper]
  • a91eebbd60: x86/cpu-policy: Advertise MSR_ARCH_CAPS to guests by default [Andrew Cooper]
  • 8550519acc: libxl: allow building with old gcc again [Jan Beulich]
  • a5c8d2b3a9: libxl: avoid shadowing of index() [Jan Beulich]
  • d7895a7bde: libxl: add support for parsing MSR features [Roger Pau Monne]
  • fcd4f8387f: libxl: use the cpuid feature names from cpufeatureset.h [Roger Pau Monne]
  • bfcf0def25: libxl: split logic to parse user provided CPUID features [Roger Pau Monne]
  • aaa97b4128: libxl: introduce MSR data in libxl_cpuid_policy [Roger Pau Monne]
  • 748cb881d8: libxl: change the type of libxl_cpuid_policy_list [Roger Pau Monne]
  • bec019cea6: libs/guest: introduce support for setting guest MSRs [Roger Pau Monne]
  • 15107a80b2: libxl: don't ignore the return value from xc_cpuid_apply_policy [Roger Pau Monne]
  • 6a90287045: x86/cpu-policy: Derive RSBA/RRSBA for guest policies [Andrew Cooper]
  • 945db71023: x86/spec-ctrl: Fix up the RSBA/RRSBA bits as appropriate [Andrew Cooper]
  • 78a4031ed9: x86/spec-ctrl: Rename retpoline_safe() to retpoline_calculations() [Andrew Cooper]
  • 3ac6887c3e: x86/spec-ctrl: Use a taint for CET without MSR_SPEC_CTRL [Andrew Cooper]
  • 43f362f6af: x86/spec-ctrl: Fix the rendering of FB_CLEAR [Andrew Cooper]
  • ecbb75a6f8: x86/cpu-policy: Rearrange guest_common_default_feature_adjustments() [Andrew Cooper]
  • daa4414aeb: x86/spec-ctrl: Update hardware hints [Andrew Cooper]
  • ce01f8d153: x86/spec-ctrl: Remove opencoded MSR_ARCH_CAPS check [Andrew Cooper]
  • 164d83f4e8: x86/tsx: Remove opencoded MSR_ARCH_CAPS check [Andrew Cooper]
  • 290a645bfd: x86/vtx: Remove opencoded MSR_ARCH_CAPS check [Andrew Cooper]
  • 541dfe378a: x86/boot: Expose MSR_ARCH_CAPS data in guest max policies [Andrew Cooper]
  • 137800ea82: x86/boot: Record MSR_ARCH_CAPS for the Raw and Host CPU policy [Andrew Cooper]
  • 31e95de559: x86/cpu-policy: MSR_ARCH_CAPS feature names [Andrew Cooper]
  • 6993afc387: x86/cpu-policy: Infrastructure for MSR_ARCH_CAPS [Andrew Cooper]
  • 5b0464b0c9: x86/boot: Adjust MSR_ARCH_CAPS handling for the Host policy [Andrew Cooper]
  • d1043f381d: x86/boot: Rework dom0 feature configuration [Andrew Cooper]
  • af9e2f87bc: x86: Remove temporary {cpuid,msr}_policy defines [Andrew Cooper]
  • c68a43c3a2: libx86: Update library API for cpu_policy [Andrew Cooper]
  • 3d7662aa2f: tools/fuzz: Rework afl-policy-fuzzer [Andrew Cooper]
  • de3fd64b64: x86/emul: Switch x86_emulate_ctxt to cpu_policy [Andrew Cooper]
  • dda1a3f13a: x86/boot: Merge CPUID policy initialisation logic into cpu-policy.c [Andrew Cooper]
  • f274ccdc4f: x86/boot: Move MSR policy initialisation logic into cpu-policy.c [Andrew Cooper]
  • 1d9db6d6a3: x86: Out-of-inline the policy<->featureset convertors [Andrew Cooper]
  • 698827b874: x86: Drop struct old_cpu_policy [Andrew Cooper]
  • af24f29e78: x86: Merge xc_cpu_policy's cpuid and msr objects [Andrew Cooper]
  • ad3ee30bcb: x86: Merge a domain's {cpuid,msr} policy objects [Andrew Cooper]
  • 48d296b57b: x86: Merge the system {cpuid,msr} policy objects [Andrew Cooper]
  • cb24798cac: x86: Merge struct msr_policy into struct cpu_policy [Andrew Cooper]
  • 8b5a89b503: x86: Rename struct cpuid_policy to struct cpu_policy [Andrew Cooper]
  • 5a69f12533: x86: Rename {domctl,sysctl}.cpu_policy.{cpuid,msr}_policy fields [Andrew Cooper]
  • 18bd78af8d: x86: Rename struct cpu_policy to struct old_cpuid_policy [Andrew Cooper]
  • fc1497c51e: x86/sysctl: Retrofit XEN_SYSCTL_cpu_featureset_{pv,hvm}_max [Andrew Cooper]
  • 186ece0292: tools/xen-cpuid: Rework the handling of dynamic featuresets [Andrew Cooper]
  • 067a890347: x86/cpuid: Introduce dom0-cpuid command line option [Andrew Cooper]
  • 054a7ee1e6: x86/cpuid: Factor common parsing out of parse_xen_cpuid() [Andrew Cooper]
  • 11dd3480a8: x86/cpuid: Split dom0 handling out of init_domain_cpuid_policy() [Andrew Cooper]
  • e1184eb922: x86/CPUID: move some static masks into .init [Jan Beulich]
  • 2e1c9a210c: x86/cpuid: Drop special_features[] [Andrew Cooper]
  • e3acf0ab00: x86/msr: Expose MSR_ARCH_CAPS in the raw and host policies [Andrew Cooper]
  • 8bd381185b: x86/cpuid: Infrastructure for leaves 7:1{ecx,edx} [Andrew Cooper]
  • 68cc80cff6: x86/cpuid: Calculate FEATURESET_NR_ENTRIES more helpfully [Andrew Cooper]
  • 87eaa43b30: xen/arm: Add Cortex-A77 erratum 1508412 handling [Luca Fancellu]
  • e05a0e65b0: x86/amd: Fix DE_CFG truncation in amd_check_zenbleed() [Andrew Cooper]
  • faa4e2b1cf: x86/amd: Mitigations for Zenbleed [Andrew Cooper]
  • 87cb0fd875: automation: Remove installation of packages from test scripts [Michal Orzel]
  • 7963cdbf91: CI: Remove llvm-8 from the Debian Stretch container [Andrew Cooper]
  • 7fa798d861: automation: Remove non-debug x86_32 build jobs [Anthony PERARD]
  • c1367de50a: automation: Remove CentOS 7.2 containers and builds [Anthony PERARD]
  • 8455998e32: CI: Drop automation/configs/ [Andrew Cooper]
  • b11fc96b1e: bump default SeaBIOS version to 1.16.0 [Jan Beulich]
  • b461db64b3: build: add –full to to guess $(XEN_FULLVERSION) [Anthony PERARD]
  • e006948dd2: CI: Drop TravisCI [Andrew Cooper]
  • 708b0d75e7: tools: Drop gettext as a build dependency [Andrew Cooper]
  • 11193e13e5: x86/spec-ctrl: Defer CR4_PV32_RESTORE on the cstar_enter path [Andrew Cooper]
  • fc7dfd9443: x86/HVM: serialize pinned cache attribute list manipulation [Jan Beulich]
  • 887ba097cf: x86/HVM: bound number of pinned cache attribute regions [Jan Beulich]
  • 3a0b7fb38a: x86/shadow: account for log-dirty mode when pre-allocating [Jan Beulich]
  • fa875574b7: automation: Remove clang-8 from Debian unstable container [Anthony PERARD]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.15.4 and qemu-xen-4.15.5).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-423 N/A (Linux only) N/A N/A
XSA-424 N/A (Linux only) N/A N/A
XSA-425 N/A (Version not vulnerable) N/A N/A
XSA-426 N/A (Version not vulnerable) N/A N/A
XSA-427 Applied N/A N/A
XSA-428 Applied N/A N/A
XSA-429 Applied N/A N/A
XSA-430 N/A (Version not vulnerable) N/A N/A
XSA-431 N/A (Version not vulnerable) N/A N/A
XSA-432 N/A (Linux only) N/A N/A
XSA-433 Applied N/A N/A
XSA-434 Applied N/A N/A
XSA-435 Applied N/A N/A
XSA-436 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.15 stable series to update to this latest point release.