Skip to main content


Xen Project 4.16.2

We are pleased to announce the release of Xen 4.16.2. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.16 (tag RELEASE-4.16.2) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • cea5ed49bb: update Xen version to 4.16.2 [Jan Beulich]
  • 2abe83f9d9: PCI: simplify (and thus correct) pci_get_pdev{,_by_domain}() [Jan Beulich]
  • 3fd9a7d595: build/x86: suppress GNU ld 2.39 warning about RWX load segments [Jan Beulich]
  • 9123e60c0b: x86/amd: only call setup_force_cpu_cap for boot CPU [Ross Lagerwall]
  • 940fc00e02: x86/spec-ctrl: Enumeration for PBRSB_NO [Andrew Cooper]
  • e6a760b8b1: tools/libxl: Replace deprecated -sdl option on QEMU command line [Anthony PERARD]
  • 0f7eff5e03: xen/sched: setup dom0 vCPUs affinity only once [Dario Faggioli]
  • 2a362668cb: x86: Expose more MSR_ARCH_CAPS to hwdom [Jason Andryuk]
  • 4e351880f6: x86/spec-ctrl: Use IST RSB protection for !SVM systems [Andrew Cooper]
  • 48b6765174: xen: arm: Don't use stop_cpu() in halt_this_cpu() [Dmytro Semenets]
  • a0b823dca2: xen/arm: Advertise workaround 1 if we apply 3 [Bertrand Marquis]
  • 48e7440ec6: xen/arm: avoid overflow when setting vtimer in context switch [Jiamei Xie]
  • 3050769a17: arm/vgic-v3: fix virq offset in the rank when storing irouter [Hongda Deng]
  • 0d362e5ed3: xen/arm: head: Add missing isb after writing to SCTLR_EL2/HSCTLR [Julien Grall]
  • 6f65040081: xen/arm: traps: Fix reference to invalid erratum ID [Michal Orzel]
  • 048185188f: xen/arm: Avoid overflow using MIDR_IMPLEMENTOR_MASK [Michal Orzel]
  • fe02a5342d: xen/arm: p2m don't fall over on FEAT_LPA enabled hw [Alex Bennée]
  • 271e9e860b: arm/its: enable LPIs before mapping the collection table [Rahul Singh]
  • 89fe6d0ede: x86/msr: fix X2APIC_LAST [Edwin Török]
  • 6689cab2bc: tools/libxl: env variable to signal whether disk/nic backend is trusted [Roger Pau Monné]
  • d77bb6e537: common/memory: Fix ifdefs for ptdom_max_order [Luca Fancellu]
  • 5e3a9b45c7: x86: also suppress use of MMX insns [Jan Beulich]
  • a5361f912c: x86emul: add memory operand low bits checks for ENQCMD{,S} [Jan Beulich]
  • d09c4272de: x86: deal with gcc12 release build issues [Jan Beulich]
  • 9ab8e95d8f: x86/spec-ctrl: correct per-guest-type reporting of MD_CLEAR [Jan Beulich]
  • bfbcae445c: xl: move freemem()'s "credit expired" loop exit [Jan Beulich]
  • 6e542a835d: tools/init-xenstore-domain: fix memory map for PVH stubdom [Juergen Gross]
  • 6f814c377b: xl: relax freemem()'s retry calculation [Jan Beulich]
  • 221f6a97b5: x86/mm: correct TLB flush condition in _get_page_type() [Jan Beulich]
  • 0a5387a011: x86/spec-ctrl: Mitigate Branch Type Confusion when possible [Andrew Cooper]
  • 5457a6870e: x86/spec-ctrl: Enable Zen2 chickenbit [Andrew Cooper]
  • 0826c7596d: x86/cpuid: Enumeration for BTC_NO [Andrew Cooper]
  • 76c5fcee90: x86/spec-ctrl: Support IBPB-on-entry [Andrew Cooper]
  • 2a9e690a0a: x86/spec-ctrl: Rework SPEC_CTRL_ENTRY_FROM_INTR_IST [Andrew Cooper]
  • e7671561c8: x86/spec-ctrl: Rename opt_ibpb to opt_ibpb_ctxt_switch [Andrew Cooper]
  • 31aa2a20bf: x86/spec-ctrl: Rename SCF_ist_wrmsr to SCF_ist_sc_msr [Andrew Cooper]
  • 3a280cbae7: x86/spec-ctrl: Rework spec_ctrl_flags context switching [Andrew Cooper]
  • 744accad1b: libxl: check return value of libxl__xs_directory in name2bdf [Anthony PERARD]
  • 14fd97e3de: tools/helpers: fix build of xen-init-dom0 with -Werror [Anthony PERARD]
  • f066c8bb3e: x86/spec-ctrl: Add fine-grained cmdline suboptions for primitives [Andrew Cooper]
  • eec5b02403: xen/cmdline: Extend parse_boolean() to signal a name match [Andrew Cooper]
  • 61b9c2ceeb: x86/spec-ctrl: Honour spec-ctrl=0 for unpriv-mmio sub-option [Andrew Cooper]
  • cd3d6b4cd4: libxc: fix compilation error with gcc13 [Charles Arnold]
  • db6ca8176c: x86/spec-ctrl: Knobs for STIBP and PSFD, and follow hardware STIBP hint [Andrew Cooper]
  • 09d533f4c8: x86/spec-ctrl: Only adjust MSR_SPEC_CTRL for idle with legacy IBRS [Andrew Cooper]
  • 81ee3d0835: tools/xenstored: Harden corrupt() [Julien Grall]
  • 5cb8142076: ehci-dbgp: fix selecting n-th ehci controller [Marek Marczykowski-Górecki]
  • 460b08d6c6: IOMMU/x86: work around bogus gcc12 warning in hvm_gsi_eoi() [Jan Beulich]
  • 2e82446cb2: x86/spec-ctrl: Add spec-ctrl=unpriv-mmio [Andrew Cooper]
  • a83108736d: x86/spec-ctrl: Enumeration for MMIO Stale Data controls [Andrew Cooper]
  • 0e80f9f611: x86/spec-ctrl: Make VERW flushing runtime conditional [Andrew Cooper]
  • 0b4e62847c: x86/mm: account for PGT_pae_xen_l2 in recently added assertion [Jan Beulich]
  • dc020d8d1b: x86/pv: Track and flush non-coherent mappings of RAM [Andrew Cooper]
  • c4815be949: x86/amd: Work around CLFLUSH ordering on older parts [Andrew Cooper]
  • 8eafa2d871: x86: Split cache_flush() out of cache_writeback() [Andrew Cooper]
  • 74193f4292: x86: Don't change the cacheability of the directmap [Andrew Cooper]
  • 9cfd796ae0: x86/page: Introduce _PAGE_* constants for memory types [Andrew Cooper]
  • 8dab3f79b1: x86/pv: Fix ABAC cmpxchg() race in _get_page_type() [Andrew Cooper]
  • b152dfbc3a: x86/pv: Clean up _get_page_type() [Andrew Cooper]
  • 8e11ec8fbf: PCI: don't allow "pci-phantom=" to mark real devices as phantom functions [Jan Beulich]
  • f1be0b62a0: ns16550: use poll mode if INTERRUPT_LINE is 0xff [Marek Marczykowski-Górecki]
  • 1bc669a568: build: silence GNU ld warning about executable stacks [Jan Beulich]
  • 4890031d22: build: suppress GNU ld warning about RWX load segments [Jan Beulich]
  • 982a314bd3: xen: io: Fix race between sending an I/O and domain shutdown [Julien Grall]
  • 88b653f739: linker/lld: do not generate quoted section names [Roger Pau Monné]
  • 3754bd128d: kconfig: detect LD implementation [Roger Pau Monné]
  • 9ebe2ba836: x86/msr: handle reads to MSR_P5_MC_{ADDR,TYPE} [Roger Pau Monné]
  • 838f6c211f: IOMMU/x86: disallow device assignment to PoD guests [Jan Beulich]
  • 4cf9a7c7bd: IOMMU: make domctl handler tolerate NULL domain [Jan Beulich]
  • a6c32abd14: xen/iommu: cleanup iommu related domctl handling [Juergen Gross]
  • 15391de8e2: tools/libs/light: don't set errno to a negative value [Juergen Gross]
  • a2cf30eec0: tools/libs/guest: don't set errno to a negative value [Juergen Gross]
  • ba62afdbc3: tools/libs/ctrl: don't set errno to a negative value [Juergen Gross]
  • 13a29f3756: tools/libs/evtchn: don't set errno to negative values [Juergen Gross]
  • 4bb8c34ba4: xen/build: Fix dependency for the MAP rule [Andrew Cooper]
  • 7c003ab4a3: x86/mm: avoid inadvertently degrading a TLB flush to local only [David Vrabel]
  • b378ee56c7: VT-d: refuse to use IOMMU with reserved CAP.ND value [Jan Beulich]
  • 6c6bbfdff9: xen: fix XEN_DOMCTL_gdbsx_guestmemio crash [Juergen Gross]
  • b58fb6e81b: x86/irq: skip unmap_domain_pirq XSM during destruction [Jason Andryuk]
  • 5be9edb482: update Xen version to 4.16.2-pre [Jan Beulich]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.16.1 and qemu-xen-4.16.2).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-401 Applied N/A N/A
XSA-402 Applied N/A N/A
XSA-403 Applied N/A N/A
XSA-404 Applied N/A N/A
XSA-405 N/A (Linux only) N/A N/A
XSA-406 N/A (Linux only) N/A N/A
XSA-407 Applied N/A N/A
XSA-408 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.16 stable series to update to this latest point release.