Skip to main content


Xen Project 4.17.1

We are pleased to announce the release of Xen 4.17.1. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.17 (tag RELEASE-4.17.1) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 0880df6f5f: update Xen version to 4.17.1 [Jan Beulich]
  • 8b5be1fe93: x86/shadow: restore dropped check in sh_unshadow_for_p2m_change() [Roger Pau Monné]
  • 208dd44299: automation: Remove installation of packages from test scripts [Michal Orzel]
  • aa80e0afaa: xen/ELF: Fix ELF32 PRI formatters [Andrew Cooper]
  • 55d24a7ad6: x86/livepatch: Fix livepatch application when CET is active [Andrew Cooper]
  • fa3b9c2aa8: x86/hvm: Disallow disabling paging in 64bit mode [Andrew Cooper]
  • c4b0556a55: x86emul: pull permission check ahead for REP INS/OUTS [Jan Beulich]
  • bc5ecfbbc2: tools/xenstore: fix quota check in transaction_fix_domains() [Juergen Gross]
  • e4a5fb9227: CI: Remove llvm-8 from the Debian Stretch container [Andrew Cooper]
  • 435a1e5e8f: automation: Remove non-debug x86_32 build jobs [Anthony PERARD]
  • 8c414bab30: automation: Remove CentOS 7.2 containers and builds [Anthony PERARD]
  • e3b23da4a1: automation: Switch arm32 cross builds to run on arm64 [Michal Orzel]
  • 4c0d792675: CI: Drop automation/configs/ [Andrew Cooper]
  • 7758cd57e0: ns16550: correct name/value pair parsing for PCI port/bridge [Jan Beulich]
  • 85100ed78c: vpci/msix: handle accesses adjacent to the MSI-X table [Roger Pau Monné]
  • 3506935824: include: don't mention stub headers more than once in a make rule [Jan Beulich]
  • 7f55774489: x86/ucode: Fix error paths control_thread_fn() [Andrew Cooper]
  • f6a3e93b37: x86/vmx: Don't spuriously crash the domain when INIT is received [Andrew Cooper]
  • 11c8ef59b9: x86/shadow: Fix build with no PG_log_dirty [Andrew Cooper]
  • 00aa5c93d1: x86/nospec: Fix evaluate_nospec() code generation under Clang [Andrew Cooper]
  • 6f2d89d681: x86/shadow: fix and improve sh_page_has_multiple_shadows() [Jan Beulich]
  • 33b1c8cd86: VT-d: fix iommu=no-igfx if the IOMMU scope contains fake device(s) [Marek Marczykowski-Górecki]
  • 3c85fb7b65: AMD/IOMMU: without XT, x2APIC needs to be forced into physical mode [Jan Beulich]
  • 3eac216e6e: libacpi: fix PCI hotplug AML [David Woodhouse]
  • 7082d656ae: bunzip: work around gcc13 warning [Jan Beulich]
  • f971f5c531: VT-d: constrain IGD check [Jan Beulich]
  • d84612ecab: x86/altp2m: help gcc13 to avoid it emitting a warning [Jan Beulich]
  • b5409f4e4d: core-parking: fix build with gcc12 and NR_CPUS=1 [Jan Beulich]
  • b4dad09bb2: x86/spec-ctrl: Add BHI controls to userspace components [Andrew Cooper]
  • 244d39fb13: tools/xenmon: Fix for with python3.x [Bernhard Kaindl]
  • 651ffe2c78: tools/python: change 's#' size type for Python >= 3.10 [Marek Marczykowski-Górecki]
  • b745ff3011: x86/vmx: implement Notify VM Exit [Roger Pau Monné]
  • 27abea1ba6: x86/vmx: introduce helper to set VMX_INTR_SHADOW_NMI [Roger Pau Monné]
  • 83f12e4eaf: x86/vmx: implement VMExit based guest Bus Lock detection [Roger Pau Monné]
  • a730e4d119: x86/spec-ctrl: Defer CR4_PV32_RESTORE on the cstar_enter path [Andrew Cooper]
  • a2a915b396: x86/HVM: serialize pinned cache attribute list manipulation [Jan Beulich]
  • d0cb66d59a: x86/HVM: bound number of pinned cache attribute regions [Jan Beulich]
  • f8f8f07880: x86/shadow: account for log-dirty mode when pre-allocating [Jan Beulich]
  • ec5b058d2a: x86/ucode/AMD: late load the patch on every logical thread [Sergey Dyasli]
  • fa8250f192: libs/guest: Fix leak on realloc failure in backup_ptes() [Edwin Török]
  • 01f85d835b: libs/guest: Fix resource leaks in xc_core_arch_map_p2m_tree_rw() [Andrew Cooper]
  • 53bd16bcc0: tools: Use PKG_CONFIG_FILE instead of PKG_CONFIG variable [Bertrand Marquis]
  • b10cf1561a: xen: Fix Clang -Wunicode diagnostic when building asm-macros [Andrew Cooper]
  • 837bdc6eb2: xen: Work around Clang-IAS macro \@ expansion bug [Andrew Cooper]
  • e8f28e129d: x86: perform mem_sharing teardown before paging teardown [Tamas K Lengyel]
  • e9a7942f6c: x86/ucode/AMD: apply the patch early on every logical thread [Sergey Dyasli]
  • 46c104cce0: build: make FILE symbol paths consistent [Ross Lagerwall]
  • 74b76704fd: credit2: respect credit2_runqueue=all when arranging runqueues [Marek Marczykowski-Górecki]
  • 8202b9cf84: x86/shskt: Disable CET-SS on parts susceptible to fractured updates [Andrew Cooper]
  • cdc23d47ad: x86/cpuid: Infrastructure for leaves 7:1{ecx,edx} [Andrew Cooper]
  • c622b8ace9: libs/util: Fix parallel build between flex/bison and CC rules [Anthony PERARD]
  • aaf74a532c: automation: Remove clang-8 from Debian unstable container [Anthony PERARD]
  • 3685e754e6: x86/spec-ctrl: Mitigate Cross-Thread Return Address Predictions [Andrew Cooper]
  • 587823eca1: tools/ocaml/libs: Fix memory/resource leaks with caml_alloc_custom() [Andrew Cooper]
  • bf935b1ff7: tools/ocaml/xc: Don't reference Abstract_Tag objects with the GC lock released [Andrew Cooper]
  • afdcc10856: tools/ocaml/xc: Fix binding for xc_domain_assign_device() [Edwin Török]
  • 021b82cc0c: tools/ocaml/evtchn: Don't reference Custom objects with the GC lock released [Edwin Török]
  • 5797b798a5: tools/ocaml/libs: Allocate the correct amount of memory for Abstract_tag [Andrew Cooper]
  • 2c21e1bee6: tools/ocaml/libs: Don't declare stubs as taking void [Edwin Török]
  • e74d868b48: tools/oxenstored: validate config file before live update [Edwin Török]
  • f0e653fb4a: tools/ocaml/xb: Drop Xs_ring.write [Edwin Török]
  • 7d516fc876: tools/ocaml/xb,mmap: Use Data_abstract_val wrapper [Edwin Török]
  • 5d8f9cfa16: tools/ocaml/xenctrl: Use larger chunksize in domain_getinfolist [Edwin Török]
  • 03f545b6cf: tools/ocaml/xenctrl: Make domain_getinfolist tail recursive [Edwin Török]
  • 3dae50283d: libxl: fix guest kexec – skip cpuid policy [Jason Andryuk]
  • d012788137: ns16550: fix an incorrect assignment to uart->io_size [Ayan Kumar Halder]
  • 819a5d4ed8: build: fix building flask headers before descending in flask/ss/ [Anthony PERARD]
  • 2d74e7035b: x86/shadow: fix PAE check for top-level table unshadowing [Jan Beulich]
  • e904d8ae01: x86/vmx: Support for CPUs without model-specific LBR [Andrew Cooper]
  • 5e3250258a: x86/vmx: Calculate model-specific LBRs once at start of day [Andrew Cooper]
  • c871e05e13: include/compat: produce stubs for headers not otherwise generated [Jan Beulich]
  • 1d7a388e7b: tools: Fix build with recent QEMU, use "–enable-trace-backends" [Anthony PERARD]
  • a470a83c36: x86/S3: Restore Xen's MSR_PAT value on S3 resume [Andrew Cooper]
  • 2f8851c37f: Revert "tools/xenstore: simplify loop handling connection I/O" [Jason Andryuk]
  • c4972a4272: tools/oxenstored: Render backtraces more nicely in Syslog [Andrew Cooper]
  • 91a9ac6e9b: tools/oxenstored/syslog: Avoid potential NULL dereference [Edwin Török]
  • e13a9a2146: tools/oxenstored: Set uncaught exception handler [Edwin Török]
  • 991b512f5f: tools/oxenstored: Log live update issues at warning level [Edwin Török]
  • f02171b663: tools/oxenstored: Keep /dev/xen/evtchn open across live update [Edwin Török]
  • 4b418768ef: tools/oxenstored: Rework Domain evtchn handling to use port_pair [Andrew Cooper]
  • a20daa7ffd: tools/oxenstored: Implement Domain.rebind_evtchn [Andrew Cooper]
  • fd0d9b0597: tools/oxenstored: Rename some 'port' variables to 'remote_port' [Andrew Cooper]
  • bc5cc00868: tools/oxenstored: Bind the DOM_EXC VIRQ in in Event.init() [Andrew Cooper]
  • 0929960173: tools/oxenstored: Style fixes to Domain [Andrew Cooper]
  • c7cf603836: tools/ocaml/evtchn: Extend the init() binding with a cloexec flag [Edwin Török]
  • 24d9dc2ae2: tools/ocaml/evtchn: Add binding for xenevtchn_fdopen() [Edwin Török]
  • d11528a993: tools/ocaml/evtchn: OCaml 5 support, fix potential resource leak [Edwin Török]
  • 2e8d7a08bc: tools/oxenstored: Fix incorrect scope after an if statement [Andrew Cooper]
  • a7a26da0b5: x86/time: prevent overflow with high frequency TSCs [Neowutran]
  • 1dcc9b6dfe: EFI: relocate the ESRT when booting via multiboot2 [Demi Marie Obenour]
  • c3e37c60fb: ioreq_broadcast(): accept partial broadcast success [Per Bilse]
  • 26f39b3d70: x86/HVM: don't mark evtchn upcall vector as pending when vLAPIC is disabled [Jan Beulich]
  • 5810edc049: x86/Viridian: don't mark IRQ vectors as pending when vLAPIC is disabled [Jan Beulich]
  • 54bb56e128: x86/HVM: don't mark external IRQs as pending when vLAPIC is disabled [Jan Beulich]
  • b7b34bd66a: x86/pvh: do not forward MADT Local APIC NMI structures to dom0 [Roger Pau Monné]
  • 9cbc04a95f: x86/irq: do not release irq until all cleanup is done [Roger Pau Monné]
  • 0b999fa2ea: update Xen version to 4.17.1-pre [Jan Beulich]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.17.0 and qemu-xen-4.17.1).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-425 Applied N/A N/A
XSA-426 Applied N/A N/A
XSA-427 Applied N/A N/A
XSA-428 Applied N/A N/A
XSA-429 Applied N/A N/A
XSA-430 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.17 stable series to update to this latest point release.