Skip to main content


Xen Project 4.18.1

We are pleased to announce the release of Xen 4.18.1. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.18 (tag RELEASE-4.18.1) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • ea82c8cdbf: update Xen version to 4.18.1 [Jan Beulich]
  • 4da8ca9cb9: x86: protect conditional lock taking from speculative execution [Roger Pau Monné]
  • e107a8ece7: x86/mm: add speculation barriers to open coded locks [Roger Pau Monné]
  • 9de8a52b0e: locking: attempt to ensure lock wrappers are always inline [Roger Pau Monné]
  • 5a13c81542: percpu-rwlock: introduce support for blocking speculation into critical regions [Roger Pau Monné]
  • e7f0f11c88: rwlock: introduce support for blocking speculation into critical regions [Roger Pau Monné]
  • 1932973ac9: x86/spinlock: introduce support for blocking speculation into critical regions [Roger Pau Monné]
  • bdda600406: xen: Swap order of actions in the FREE*() macros [Andrew Cooper]
  • 908cbd1893: x86/spec-ctrl: Mitigation Register File Data Sampling [Andrew Cooper]
  • fb85a8fc91: x86/spec-ctrl: VERW-handling adjustments [Andrew Cooper]
  • b7205fc1cb: x86/spec-ctrl: Rename VERW related options [Andrew Cooper]
  • 95dd34fdbe: x86/spec-ctrl: Perform VERW flushing later in exit paths [Andrew Cooper]
  • 9f89ec65fb: x86/vmx: Perform VERW flushing later in the VMExit path [Andrew Cooper]
  • b91c253e81: x86: Resync intel-family.h from Linux [Andrew Cooper]
  • fe1869a569: x86/entry: Introduce EFRAME_* constants [Andrew Cooper]
  • a96d2d4355: x86/mm: fix detection of last L1 entry in modify_xen_mappings_lite() [Roger Pau Monné]
  • 4c84fa6cb6: hvmloader/PCI: skip huge BARs in certain calculations [Jan Beulich]
  • fd7cb7a1d0: x86/cpu-policy: Allow for levelling of VERW side effects [Andrew Cooper]
  • 75221fb0f8: x86/altcall: always use a temporary parameter stashing variable [Roger Pau Monné]
  • 267845a838: libxl: Fix segfault in device_model_spawn_outcome [Jason Andryuk]
  • e9516b73e7: xen/livepatch: properly build the noapply and norevert tests [Roger Pau Monné]
  • d81bfc7ff8: xen/livepatch: fix norevert test attempt to open-code revert [Roger Pau Monné]
  • 50a8f74df7: xen/livepatch: search for symbols in all loaded payloads [Roger Pau Monné]
  • 5382a6a79c: xen/livepatch: register livepatch regions when loaded [Roger Pau Monné]
  • 7404c25efd: x86/spec: do not print thunk option selection if not built-in [Roger Pau Monné]
  • 09b9db0413: x86/spec: fix INDIRECT_THUNK option to only be set when build-enabled [Roger Pau Monné]
  • b7f9168878: x86/spec: print the built-in SPECULATIVE_HARDEN_* options [Roger Pau Monné]
  • 57f1370536: xen/sched: Fix UB shift in compat_set_timer_op() [Andrew Cooper]
  • 3e383bb413: x86/HVM: hide SVM/VMX when their enabling is prohibited by firmware [Jan Beulich]
  • 498b3624d0: xen/arm: Fix UBSAN failure in start_xen() [Michal Orzel]
  • 58bb811510: x86: account for shadow stack in exception-from-stub recovery [Jan Beulich]
  • 4d47dca20d: x86/spec: fix BRANCH_HARDEN option to only be set when build-enabled [Roger Pau Monné]
  • 19fd9ff998: x86/altcall: use a union as register type for function parameters on clang [Roger Pau Monné]
  • f6e5ab5fa7: xen/cmdline: fix printf format specifier in no_config_param() [Roger Pau Monné]
  • 33a0368d3b: xen/livepatch: fix norevert test hook setup typo [Roger Pau Monné]
  • a751d1321f: x86emul: add missing EVEX.R' checks [Jan Beulich]
  • 5fda826414: build: make sure build fails when running kconfig fails [Jan Beulich]
  • 489c2b9ba1: libxl: Disable relocating memory for qemu-xen in stubdomain too [Marek Marczykowski-Górecki]
  • 006764b871: build: Replace `which` with `command -v` [Anthony PERARD]
  • 59e6ad6597: x86/HVM: tidy state on hvmemul_map_linear_addr()'s error path [Jan Beulich]
  • b51fd78aed: x86/hvm: Fix fast singlestep state persistence [Petr Beneš]
  • 16475909ba: block-common: Fix same_vm for no targets [Jason Andryuk]
  • fa9950a527: amd-vi: fix IVMD memory type checks [Roger Pau Monné]
  • 184d723e7a: tools/xentop: fix sorting bug for some columns [Cyril Rébert (zithro)]
  • b1fdd7d0e4: x86/ucode: Fix stability of the raw CPU Policy rescan [Andrew Cooper]
  • 295ab8060d: x86/p2m-pt: fix off by one in entry check assert [Roger Pau Monné]
  • 579a622eb4: lib{fdt,elf}: move lib{fdt,elf}-temp.o and their deps to $(targets) [Michal Orzel]
  • 00550e808c: x86/vmx: Disallow the use of inactivity states [Andrew Cooper]
  • 4cc0f88c42: x86/vmx: Fix IRQ handling for EXIT_REASON_INIT [Andrew Cooper]
  • 6ccf064b0c: x86/intel: ensure Global Performance Counter Control is setup correctly [Roger Pau Monné]
  • b26c30a408: CirrusCI: drop FreeBSD 12 [Roger Pau Monné]
  • 62b3d7f8e4: x86/amd: Extend CPU erratum #1474 fix to more affected models [Roger Pau Monné]
  • c7ac596a57: VT-d: Fix "else" vs "#endif" misplacement [Andrew Cooper]
  • 637da04812: pci: fail device assignment if phantom functions cannot be assigned [Roger Pau Monné]
  • 1792d1723b: x86/x2apic: introduce a mixed physical/cluster mode [Roger Pau Monné]
  • a4f3f5a62c: xen/arm: page: Avoid pointer overflow on cache clean & invalidate [Michal Orzel]
  • 48eb9e9199: xen/sched: fix sched_move_domain() [Juergen Gross]
  • a56d598e13: Only compile the hypervisor with -Wdeclaration-after-statement [Julien Grall]
  • 25b7f9ed0f: xen/domain: fix error path in domain_create() [Stewart Hildebrand]
  • 5ac87c8afd: xen/sched: fix adding offline cpu to cpupool [Juergen Gross]
  • 18f900b77b: x86emul: avoid triggering event related assertions [Jan Beulich]
  • 3af9d1cbb6: tools/xg: Fix potential memory leak in cpu policy getters/setters [Alejandro Vallejo]
  • 61d032e322: xen/x86: In x2APIC mode, derive LDR from APIC ID [Alejandro Vallejo]
  • 480168fcb3: livepatch: do not use .livepatch.funcs section to store internal state [Roger Pau Monné]
  • 90a6d82175: x86/mem_sharing: Release domain if we are not able to enable memory sharing [Frediano Ziglio]
  • 3f9390fea5: xen/sched: fix sched_move_domain() [Juergen Gross]
  • 40bfa9dd57: x86/spec-ctrl: Add SRSO whitepaper URL [Andrew Cooper]
  • fcb1016bbd: x86/i8259: do not assume interrupts always target CPU0 [Roger Pau Monné]
  • 9e8edd4c75: x86/x2apic: remove usage of ACPI_FADT_APIC_CLUSTER [Roger Pau Monné]
  • 880e06fdea: x86/pv-shim: fix grant table operations for 32-bit guests [David Woodhouse]
  • 52be29df79: x86/mem_sharing: add missing m2p entry when mapping shared_info page [Tamas K Lengyel]
  • 02f8d0adfb: update Xen version to 4.18.1-pre [Jan Beulich]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.18.0 and qemu-xen-4.18.1).

This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditional qemu-upstream
XSA-447 Applied N/A N/A
XSA-448 N/A (Linux only) N/A N/A
XSA-449 Applied N/A N/A
XSA-450 Applied N/A N/A
XSA-451 Applied N/A N/A
XSA-452 Applied N/A N/A
XSA-453 Applied N/A N/A

See for details related to Xen Project security advisories.

We recommend all users of the 4.18 stable series to update to this latest point release.