Skip to main content


Xen Project 4.16.5

We are pleased to announce the release of Xen 4.16.5. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.16 (tag RELEASE-4.16.5) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • b9ad687bfd: Update Xen to version 4.16.5 [Andrew Cooper]
  • 5e90eb43f7: x86/spec-ctrl: Mitigate Gather Data Sampling [Andrew Cooper]
  • 78eb1284a8: x86/spec-ctrl: Enumerations for Gather Data Sampling [Andrew Cooper]
  • 3f9d9b47ef: x86/cpu-policy: Hide CLWB by default on SKX/CLX/CPX [Andrew Cooper]
  • 2bd25cef59: x86/spec-ctrl: Mitigate Speculative Return Stack Overflow [Andrew Cooper]
  • 498945c467: x86/spec-ctrl: Enumerations for Speculative Return Stack Overflow [Andrew Cooper]
  • b274f6878b: x86/spec-ctrl: Rework ibpb_calculations() [Andrew Cooper]
  • 04dee21883: x86/cpu-policy: Advertise MSR_ARCH_CAPS to guests by default [Andrew Cooper]
  • 0d48119c1d: libxl: allow building with old gcc again [Jan Beulich]
  • 7b1336b3eb: libxl: avoid shadowing of index() [Jan Beulich]
  • 902b2aeeb4: libxl: add support for parsing MSR features [Roger Pau Monne]
  • 1157776c51: libxl: use the cpuid feature names from cpufeatureset.h [Roger Pau Monne]
  • d180a3e6f6: libxl: split logic to parse user provided CPUID features [Roger Pau Monne]
  • 2a862681ff: libxl: introduce MSR data in libxl_cpuid_policy [Roger Pau Monne]
  • 22e8f7b45c: libxl: change the type of libxl_cpuid_policy_list [Roger Pau Monne]
  • c5eadfe0d0: libs/guest: introduce support for setting guest MSRs [Roger Pau Monne]
  • 04b7eda221: x86/cpu-policy: Derive RSBA/RRSBA for guest policies [Andrew Cooper]
  • d166c8f109: x86/spec-ctrl: Fix up the RSBA/RRSBA bits as appropriate [Andrew Cooper]
  • 1dba8d38cf: x86/spec-ctrl: Rename retpoline_safe() to retpoline_calculations() [Andrew Cooper]
  • bf67861f78: x86/spec-ctrl: Use a taint for CET without MSR_SPEC_CTRL [Andrew Cooper]
  • 5010f37d96: x86/spec-ctrl: Fix the rendering of FB_CLEAR [Andrew Cooper]
  • d80d4cc42f: x86/cpu-policy: Rearrange guest_common_default_feature_adjustments() [Andrew Cooper]
  • c80112cc03: x86/spec-ctrl: Update hardware hints [Andrew Cooper]
  • 976e4a890e: x86/spec-ctrl: Remove opencoded MSR_ARCH_CAPS check [Andrew Cooper]
  • 7d1d8152c4: x86/tsx: Remove opencoded MSR_ARCH_CAPS check [Andrew Cooper]
  • 6a007c521c: x86/vtx: Remove opencoded MSR_ARCH_CAPS check [Andrew Cooper]
  • 3b7887affa: x86/boot: Expose MSR_ARCH_CAPS data in guest max policies [Andrew Cooper]
  • 66e51e6ba0: x86/boot: Record MSR_ARCH_CAPS for the Raw and Host CPU policy [Andrew Cooper]
  • 259ff08b39: x86/cpu-policy: MSR_ARCH_CAPS feature names [Andrew Cooper]
  • cf2802d822: x86/cpu-policy: Infrastructure for MSR_ARCH_CAPS [Andrew Cooper]
  • a21bfbd10b: x86/boot: Adjust MSR_ARCH_CAPS handling for the Host policy [Andrew Cooper]
  • 17c152e8ce: x86/boot: Rework dom0 feature configuration [Andrew Cooper]
  • f84a604d73: x86/cpuid: Calculate FEATURESET_NR_ENTRIES more helpfully [Andrew Cooper]
  • add9ca7fea: x86: Remove temporary {cpuid,msr}_policy defines [Andrew Cooper]
  • 459dd2f605: libx86: Update library API for cpu_policy [Andrew Cooper]
  • bd89107b3f: tools/fuzz: Rework afl-policy-fuzzer [Andrew Cooper]
  • 348506e8bd: x86/emul: Switch x86_emulate_ctxt to cpu_policy [Andrew Cooper]
  • 6d05849626: x86/boot: Merge CPUID policy initialisation logic into cpu-policy.c [Andrew Cooper]
  • 56b9ce39ce: x86/boot: Move MSR policy initialisation logic into cpu-policy.c [Andrew Cooper]
  • 31bdc9d1b9: x86: Out-of-inline the policy<->featureset convertors [Andrew Cooper]
  • 0b8a347d7b: x86: Drop struct old_cpu_policy [Andrew Cooper]
  • 9fd9906c57: x86: Merge xc_cpu_policy's cpuid and msr objects [Andrew Cooper]
  • 5ff420f3ee: x86: Merge a domain's {cpuid,msr} policy objects [Andrew Cooper]
  • 06241024d0: x86: Merge the system {cpuid,msr} policy objects [Andrew Cooper]
  • 6d642d53d6: x86: Merge struct msr_policy into struct cpu_policy [Andrew Cooper]
  • 9fd987f13d: x86: Rename struct cpuid_policy to struct cpu_policy [Andrew Cooper]
  • 222611c8d2: x86: Rename {domctl,sysctl}.cpu_policy.{cpuid,msr}_policy fields [Andrew Cooper]
  • 232230f27d: x86: Rename struct cpu_policy to struct old_cpuid_policy [Andrew Cooper]
  • 620f413ecf: x86/sysctl: Retrofit XEN_SYSCTL_cpu_featureset_{pv,hvm}_max [Andrew Cooper]
  • 95535c4209: tools/xen-cpuid: Rework the handling of dynamic featuresets [Andrew Cooper]
  • 08e5cf49d9: x86/cpuid: Introduce dom0-cpuid command line option [Andrew Cooper]
  • 3733f126bd: x86/cpuid: Factor common parsing out of parse_xen_cpuid() [Andrew Cooper]
  • 4d0dc655aa: x86/cpuid: Split dom0 handling out of init_domain_cpuid_policy() [Andrew Cooper]
  • 3e23155743: libs/vchan: Fix -Wsingle-bit-bitfield-constant-conversion [Andrew Cooper]
  • 61678abb39: subdom: Fix -Werror=address failure in tmp_emulator [Andrew Cooper]
  • 36191ac79b: tools: drop bogus and obsolete ptyfuncs.m4 [Olaf Hering]
  • ff736d9f2a: arm: Avoid using solaris syntax for .section directive [Khem Raj]
  • 6caa50cb02: amd: disable C6 after 1000 days on Zen2 [Roger Pau Monné]
  • dcba0801cb: tools/xenstore: fix XSA-417 patch [Juergen Gross]
  • 6ede73cab9: x86: fix early boot output [Jan Beulich]
  • 3e357970c9: xen/arm: Add Cortex-A77 erratum 1508412 handling [Luca Fancellu]
  • a910e3f2a4: x86/amd: Fix DE_CFG truncation in amd_check_zenbleed() [Andrew Cooper]
  • 82c5ab6be0: x86/amd: Mitigations for Zenbleed [Andrew Cooper]
  • 78f53920f4: update qemuu tag [Jan Beulich]
  • f5b0de706b: tools: Remove the use of K&R functions [Andrew Cooper]
  • 2b12f64f87: xen/x86: Remove the use of K&R functions [Andrew Cooper]
  • 606331e656: iommu/amd-vi: fix checking for Invalidate All support in amd_iommu_resume() [Roger Pau Monné]
  • d3065bf0a8: x86/microcode: Add missing unlock in microcode_update_helper() [Alejandro Vallejo]
  • c15221e45c: vpci/header: cope with devices not having vpci allocated [Roger Pau Monné]
  • c9c8b20ebc: tools: convert bitfields to unsigned type [Olaf Hering]
  • b0806d84d4: pci: fix pci_get_pdev_by_domain() to always account for the segment [Roger Pau Monné]
  • 4168b4473e: sched/null: avoid crash after failed domU creation [Stewart Hildebrand]
  • d5eda5dfaa: iommu/amd-vi: fix assert comparing boolean to enum [Roger Pau Monné]
  • d6608d571f: docs/man: fix xenstore-write synopsis [Yann Dirson]
  • dbd05c62ed: ns16550: enable memory decoding on MMIO-based PCI console card [Marek Marczykowski-Górecki]
  • de80f09e7d: tools/libs/guest: assist gcc13's realloc analyzer [Olaf Hering]
  • cbbf877545: x86/mm: replace bogus assertion in paging_log_dirty_op() [Jan Beulich]
  • aa2c921c1e: xen/sysctl: fix XEN_SYSCTL_getdomaininfolist handling with XSM [Juergen Gross]
  • 9f0be55cf3: x86/msi: clear initial MSI-X state on boot [Marek Marczykowski-Górecki]
  • 080b3274ae: x86/extable: hide use of negative offset from array start [Jan Beulich]
  • 17b9f1bc0c: update Xen version to 4.16.5-pre [Jan Beulich]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.16.4 and qemu-xen-4.16.5).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-431 N/A (Version not vulnerable) N/A N/A
XSA-432 N/A (Linux only) N/A N/A
XSA-433 Applied N/A N/A
XSA-434 Applied N/A N/A
XSA-435 Applied N/A N/A
XSA-436 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.16 stable series to update to this latest point release.