Skip to main content


Xen Project 4.17.3

We are pleased to announce the release of Xen 4.17.3. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.17 (tag RELEASE-4.17.3) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 949a4aad41: update Xen version to 4.17.3 [Jan Beulich]
  • 958706fd2e: xen/arm: page: Avoid pointer overflow on cache clean & invalidate [Michal Orzel]
  • e2caee491a: xen/sched: fix sched_move_domain() [Juergen Gross]
  • 4000522008: Only compile the hypervisor with -Wdeclaration-after-statement [Julien Grall]
  • 83ae677d2a: x86/x2apic: introduce a mixed physical/cluster mode [Roger Pau Monné]
  • 6eb98dda5c: xen/domain: fix error path in domain_create() [Stewart Hildebrand]
  • 5d01aa7ad5: xen/sched: fix adding offline cpu to cpupool [Juergen Gross]
  • 7d8bd64e11: x86emul: avoid triggering event related assertions [Jan Beulich]
  • 4923450c0e: tools/xg: Fix potential memory leak in cpu policy getters/setters [Alejandro Vallejo]
  • eac655d6be: xen/x86: In x2APIC mode, derive LDR from APIC ID [Alejandro Vallejo]
  • e3c1ffb2a3: livepatch: do not use .livepatch.funcs section to store internal state [Roger Pau Monné]
  • 32c3403e4c: x86/mem_sharing: Release domain if we are not able to enable memory sharing [Frediano Ziglio]
  • e1f9cb16e2: xen/sched: fix sched_move_domain() [Juergen Gross]
  • 28f44b603f: xen/grant: Fix build in PV_SHIM [Andrew Cooper]
  • 0527bab090: x86/spec-ctrl: Add SRSO whitepaper URL [Andrew Cooper]
  • c635c17fde: x86/i8259: do not assume interrupts always target CPU0 [Roger Pau Monné]
  • d10db37b78: x86/x2apic: remove usage of ACPI_FADT_APIC_CLUSTER [Roger Pau Monné]
  • 267ac3c592: x86/pv-shim: fix grant table operations for 32-bit guests [David Woodhouse]
  • 4bd2c8c8b9: x86/mem_sharing: add missing m2p entry when mapping shared_info page [Tamas K Lengyel]
  • 011d20a69c: docs: Fix IOMMU command line docs some more [Andrew Cooper]
  • bb13e63143: x86: support data operand independent timing mode [Jan Beulich]
  • 40685f9283: iommu/vt-d: fix SAGAW capability parsing [Roger Pau Monné]
  • ee4ce01198: iommu: fix quarantine mode command line documentation [Roger Pau Monné]
  • f6996645d2: x86/pvh: fix identity mapping of low 1MB [Roger Pau Monné]
  • e1275e58c7: x86/amd: Address AMD erratum #1485 [Alejandro Vallejo]
  • 1a94fc132a: x86: Add bit definitions for Automatic IBRS [Alejandro Vallejo]
  • 7eb2a4eba1: tools/pygrub: Fix pygrub's –entry flag for python3 [Alejandro Vallejo]
  • 65e1f3d289: cxenstored: wait until after reset to notify dom0less domains [George Dunlap]
  • 6384cdf0c3: x86: Clarify that only 5 hypercall parameters are supported [Michal Orzel]
  • 2e87f3a03a: docs/sphinx: Switch hypercall-abi.rst to named footnotes [Andrew Cooper]
  • 4f43614a89: x86/amd: do not expose HWCR.TscFreqSel to guests [Roger Pau Monné]
  • 0311ff4a2c: x86/spec-ctrl: Remove conditional IRQs-on-ness for INT $0x80/0x82 paths [Andrew Cooper]
  • b7a1e10539: iommu/amd-vi: use correct level for quarantine domain page tables [Roger Pau Monne]
  • 0b56bed864: x86/pv: Correct the auditing of guest breakpoint addresses [Andrew Cooper]
  • 3f8b444072: x86/svm: Fix asymmetry with AMD DR MASK context switching [Andrew Cooper]
  • 46d00dbf4c: libxl: limit bootloader execution in restricted mode [Roger Pau Monne]
  • 42bf49d74b: libxl: add support for running bootloader in restricted mode [Roger Pau Monne]
  • f5e211654e: tools/pygrub: Deprivilege pygrub [Alejandro Vallejo]
  • 8ee19246ad: tools/libfsimage: Export a new function to preload all plugins [Alejandro Vallejo]
  • 3797742067: tools/pygrub: Open the output files earlier [Alejandro Vallejo]
  • e7059f16f7: tools/pygrub: Small refactors [Alejandro Vallejo]
  • 8a584126ea: tools/pygrub: Remove unnecessary hypercall [Alejandro Vallejo]
  • eb4efdac4c: libfsimage/xfs: Add compile-time check to libfsimage [Alejandro Vallejo]
  • 78143c5336: libfsimage/xfs: Sanity-check the superblock during mounts [Alejandro Vallejo]
  • f1cd620cc3: libfsimage/xfs: Amend mask32lo() to allow the value 32 [Alejandro Vallejo]
  • d665c6690e: libfsimage/xfs: Remove dead code [Alejandro Vallejo]
  • 0d8f9f7f27: iommu/amd-vi: flush IOMMU TLB when flushing the DTE [Roger Pau Monne]
  • c4e05c97f5: tools/xenstored: domain_entry_fix(): Handle conflicting transaction [Julien Grall]
  • 90c540c589: x86/shadow: defer releasing of PV's top-level shadow reference [Jan Beulich]
  • 9ac2f49f5f: x86/spec-ctrl: Mitigate the Zen1 DIV leakage [Andrew Cooper]
  • 19ee1e1faa: x86/amd: Introduce is_zen{1,2}_uarch() predicates [Andrew Cooper]
  • 2e2c3efcfc: x86/spec-ctrl: Issue VERW during IST exit to Xen [Andrew Cooper]
  • e4a71bc0da: x86/entry: Track the IST-ness of an entry for the exit paths [Andrew Cooper]
  • 5f7efd47c8: x86/entry: Adjust restore_all_xen to hold stack_end in %r14 [Andrew Cooper]
  • ba023e93d0: x86/spec-ctrl: Improve all SPEC_CTRL_{ENTER,EXIT}_* comments [Andrew Cooper]
  • 3952c73bdb: x86/spec-ctrl: Turn the remaining SPEC_CTRL_{ENTRY,EXIT}_* into asm macros [Andrew Cooper]
  • 84690fb82c: x86/spec-ctrl: Fold DO_SPEC_CTRL_EXIT_TO_XEN into it's single user [Andrew Cooper]
  • dc28aba565: x86/spec-ctrl: Fix confusion between SPEC_CTRL_EXIT_TO_XEN{,_IST} [Andrew Cooper]
  • d2d2dcae87: x86/AMD: extend Zenbleed check to models "good" ucode isn't known for [Jan Beulich]
  • d31e5b2a9c: xen/arm: page: Handle cache flush of an element at the top of the address space [Stefano Stabellini]
  • 699de51274: x86/irq: fix reporting of spurious i8259 interrupts [Roger Pau Monné]
  • 8be85d8c0d: x86/vmx: Revert "x86/VMX: sanitize rIP before re-entering guest" [Andrew Cooper]
  • a939e953cd: x86/svm: Fix valid condition in svm_get_pending_event() [Jinoh Kang]
  • 7ca58fbef4: tboot: Disable CET at shutdown [Jason Andryuk]
  • 0429822978: libxl: slightly correct JSON generation of CPU policy [Jan Beulich]
  • ba360fbb64: build: correct gas –noexecstack check [Jan Beulich]
  • 5116fe12d8: x86/iommu: pass full IO-APIC RTE for remapping table update [Roger Pau Monné]
  • e08e7330c5: iommu/vtd: rename io_apic_read_remap_rte() local variable [Roger Pau Monné]
  • 1bd4523d69: x86/ioapic: RTE modifications must use ioapic_write_entry [Roger Pau Monné]
  • a885649098: x86/ioapic: add a raw field to RTE struct [Roger Pau Monné]
  • d0cdd34dd8: x86/ioapic: sanitize IO-APIC pins before enabling lapic LVTERR/ESR [Roger Pau Monné]
  • f04295dd80: xenalyze: Handle start-of-day ->RUNNING transitions [George Dunlap]
  • e5f9987d5f: x86/head: check base address alignment [Roger Pau Monné]
  • 7b5155a79e: xen/vcpu: ignore VCPU_SSHOTTMR_future [Roger Pau Monné]
  • 052a8d24bc: tools/vchan: Fix -Wsingle-bit-bitfield-constant-conversion [Andrew Cooper]
  • f00d563095: CI: Resync FreeBSD config with staging [Andrew Cooper]
  • e418a77295: rombios: Remove the use of egrep [Andrew Cooper]
  • 24487fec3b: rombios: Avoid using K&R function syntax [Andrew Cooper]
  • ae1045c429: rombios: Work around GCC issue 99578 [Andrew Cooper]
  • 37f1d68fa3: x86emul: rework wrapping of libc functions in test and fuzzing harnesses [Jan Beulich]
  • 476d2624ec: evaluate XEN_COMPILE_ARCH and XEN_OS immediately [Anthony PERARD]
  • a1f68fb567: build: evaluate XEN_BUILD_* and XEN_DOMAIN immediately [Anthony PERARD]
  • 36e84ea02e: build: remove TARGET_ARCH, a duplicate of SRCARCH [Anthony PERARD]
  • 56076ef445: build: remove TARGET_SUBARCH, a duplicate of ARCH [Anthony PERARD]
  • 1c3927f8f6: build: define ARCH and SRCARCH later [Anthony PERARD]
  • 8d84be5b55: libxl: Use XEN_LIB_DIR to store bootloader from pygrub [Anthony PERARD]
  • 7d88979849: x86: fix build with old gcc after CPU policy changes [Jan Beulich]
  • 2f337a04bf: update Xen version to 4.17.3-pre [Jan Beulich]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.17.2 and qemu-xen-4.17.3).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

<tdApplied (in-tree)

XSA Xen qemu-traditional qemu-upstream
XSA-432 N/A (Linux only) N/A N/A
XSA-434 N/A (in 4.17.2) N/A N/A
XSA-435 N/A (in 4.17.2) N/A N/A
XSA-437 Applied N/A N/A
XSA-438 Applied N/A N/A
XSA-439 N/A N/A
XSA-440 Applied N/A N/A
XSA-441 N/A (Linux only) N/A N/A
XSA-442 Applied N/A N/A
XSA-443 Applied N/A N/A
XSA-444 Applied N/A N/A
XSA-445 Applied N/A N/A
XSA-446 Applied N/A N/A
XSA-447 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.17 stable series to update to this latest point release.