We are pleased to announce the release of Xen 4.16.4. This is available immediately from its git repository

https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.16 (tag RELEASE-4.16.4) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

• 7251cea957: update Xen version to 4.16.4 [Jan Beulich]
• 6f6526ac7e: automation: Remove installation of packages from test scripts [Michal Orzel]
• 7f2df63f72: xen/ELF: Fix ELF32 PRI formatters [Andrew Cooper]
• aae4235bfe: x86/livepatch: Fix livepatch application when CET is active [Andrew Cooper]
• 8dbb7df069: x86/hvm: Disallow disabling paging in 64bit mode [Andrew Cooper]
• eff203e185: x86emul: pull permission check ahead for REP INS/OUTS [Jan Beulich]
• 1df1a2acab: tools/xenstore: fix quota check in transaction_fix_domains() [Juergen Gross]
• 31627a059c: CI: Remove llvm-8 from the Debian Stretch container [Andrew Cooper]
• 27974fde92: automation: Remove non-debug x86_32 build jobs [Anthony PERARD]
• a4d901580b: automation: Remove CentOS 7.2 containers and builds [Anthony PERARD]
• 37800cf8ab: automation: Switch arm32 cross builds to run on arm64 [Michal Orzel]
• 657dc5f5f6: CI: Drop automation/configs/ [Andrew Cooper]
• 2a4d327387: bump default SeaBIOS version to 1.16.0 [Jan Beulich]
• 06264af090: ns16550: correct name/value pair parsing for PCI port/bridge [Jan Beulich]
• d080287c2a: vpci/msix: handle accesses adjacent to the MSI-X table [Roger Pau Monné]
• 0f81c5a2c8: x86/ucode: Fix error paths control_thread_fn() [Andrew Cooper]
• b1022b65de: x86/vmx: Don't spuriously crash the domain when INIT is received [Andrew Cooper]
• 7e1fe95c79: x86/shadow: Fix build with no PG_log_dirty [Andrew Cooper]
• 90320fd059: x86/nospec: Fix evaluate_nospec() code generation under Clang [Andrew Cooper]
• cab866ee62: x86/shadow: fix and improve sh_page_has_multiple_shadows() [Jan Beulich]
• 07e8f5b3d1: VT-d: fix iommu=no-igfx if the IOMMU scope contains fake device(s) [Marek Marczykowski-Górecki]
• 8e9690a225: AMD/IOMMU: without XT, x2APIC needs to be forced into physical mode [Jan Beulich]
• 54102e428b: libacpi: fix PCI hotplug AML [David Woodhouse]
• 49116b2101: bunzip: work around gcc13 warning [Jan Beulich]
• 4d42cc4d25: VT-d: constrain IGD check [Jan Beulich]
• cdde3171a2: x86/altp2m: help gcc13 to avoid it emitting a warning [Jan Beulich]
• 4a6bedefe5: core-parking: fix build with gcc12 and NR_CPUS=1 [Jan Beulich]
• 5ce8d2aef8: tools/xenmon: Fix xenmon.py for with python3.x [Bernhard Kaindl]
• 0cbffc6099: tools/python: change 's#' size type for Python >= 3.10 [Marek Marczykowski-Górecki]
• 3c924fe46b: x86/spec-ctrl: Defer CR4_PV32_RESTORE on the cstar_enter path [Andrew Cooper]
• 564de020d2: x86/HVM: serialize pinned cache attribute list manipulation [Jan Beulich]
• 2fe1517a00: x86/HVM: bound number of pinned cache attribute regions [Jan Beulich]
• b0d6684ee5: x86/shadow: account for log-dirty mode when pre-allocating [Jan Beulich]
• 84dfe7a56f: x86/ucode/AMD: late load the patch on every logical thread [Sergey Dyasli]
• 25d103f2eb: libs/guest: Fix leak on realloc failure in backup_ptes() [Edwin Török]
• b181a3a553: libs/guest: Fix resource leaks in xc_core_arch_map_p2m_tree_rw() [Andrew Cooper]
• a2adc7fcc2: tools: Use PKG_CONFIG_FILE instead of PKG_CONFIG variable [Bertrand Marquis]
• f073db0a07: xen: Fix Clang -Wunicode diagnostic when building asm-macros [Andrew Cooper]
• 2b8f72a6b4: xen: Work around Clang-IAS macro \@ expansion bug [Andrew Cooper]
• 700320a792: x86: perform mem_sharing teardown before paging teardown [Tamas K Lengyel]
• d1c6934b41: x86/ucode/AMD: apply the patch early on every logical thread [Sergey Dyasli]
• 366693226c: credit2: respect credit2_runqueue=all when arranging runqueues [Marek Marczykowski-Górecki]
• 5857cc632b: x86/shskt: Disable CET-SS on parts susceptible to fractured updates [Andrew Cooper]
• 2094f834b8: x86/cpuid: Infrastructure for leaves 7:1{ecx,edx} [Andrew Cooper]
• e4b5dff3d0: libs/util: Fix parallel build between flex/bison and CC rules [Anthony PERARD]
• 0802504627: automation: Remove clang-8 from Debian unstable container [Anthony PERARD]
• d4e286db89: x86/spec-ctrl: Mitigate Cross-Thread Return Address Predictions [Andrew Cooper]
• 1b6acdeeb2: tools/ocaml/libs: Fix memory/resource leaks with caml_alloc_custom() [Andrew Cooper]
• 1fdff77e26: tools/ocaml/xc: Don't reference Abstract_Tag objects with the GC lock released [Andrew Cooper]
• 854013084e: tools/ocaml/xc: Fix binding for xc_domain_assign_device() [Edwin Török]
• e18faeb91e: tools/ocaml/evtchn: Don't reference Custom objects with the GC lock released [Edwin Török]
• 6d66fb984c: tools/ocaml/libs: Allocate the correct amount of memory for Abstract_tag [Andrew Cooper]
• 552e5f28d4: tools/ocaml/libs: Don't declare stubs as taking void [Edwin Török]
• fd1c70442d: tools/oxenstored: validate config file before live update [Edwin Török]
• f7c4fab9b5: tools/ocaml/xb: Drop Xs_ring.write [Edwin Török]
• 049d16c8ce: tools/ocaml/xb,mmap: Use Data_abstract_val wrapper [Edwin Török]
• 8c66a2d88a: tools/ocaml/xenctrl: Use larger chunksize in domain_getinfolist [Edwin Török]
• c6a3d14df0: tools/ocaml/xenctrl: Make domain_getinfolist tail recursive [Edwin Török]
• 6e081438bf: libxl: fix guest kexec – skip cpuid policy [Jason Andryuk]
• 0fd9ad2b9c: ns16550: fix an incorrect assignment to uart->io_size [Ayan Kumar Halder]
• 1550835b38: x86/shadow: fix PAE check for top-level table unshadowing [Jan Beulich]
• 9f425039ca: x86/vmx: Support for CPUs without model-specific LBR [Andrew Cooper]
• 401e9e33a0: x86/vmx: Calculate model-specific LBRs once at start of day [Andrew Cooper]
• 998c03b2ab: tools: Fix build with recent QEMU, use "–enable-trace-backends" [Anthony PERARD]
• 7b1b9849e8: x86/S3: Restore Xen's MSR_PAT value on S3 resume [Andrew Cooper]
• 65bf12135f: x86/time: prevent overflow with high frequency TSCs [Neowutran]
• f2edbd79f5: ioreq_broadcast(): accept partial broadcast success [Per Bilse]
• e3396cd8be: update Xen version to 4.16.4-pre [Jan Beulich]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check https://xenbits.xenproject.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.16.3 and qemu-xen-4.16.4).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

See https://xenbits.xenproject.org/xsa/ for details related to Xen Project security advisories.

We recommend all users of the 4.16 stable series to update to this latest point release.