Skip to main content


Xen Project 4.4.4

We are pleased to announce the release of Xen 4.4.4. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.4 (tag RELEASE-4.4.4) or from this download page
This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • a611ed5: update Xen version to 4.4.4 [Jan Beulich]
  • 425f7f7: x86/vmx: Fix injection of #DB traps following XSA-156 [Andrew Cooper]
  • f8aad02: x86/VMX: prevent INVVPID failure due to non-canonical guest address [Jan Beulich]
  • 12fe363: x86/mm: PV superpage handling lacks sanity checks [Jan Beulich]
  • 6d2c41d: update OVMF changeset [Wei Liu]
  • e003d42: blktap: Fix two ‘maybe uninitialized’ variables [Dario Faggioli]
  • dfc955e: QEMU_TAG update [Ian Jackson]
  • a436917: libxl: Fix building libxlu_cfg_y.y with bison 3.0 [Ed Swierk]
  • 4df657b: libxl: Rerun bison and flex [Ian Jackson]
  • fd4db04: QEMU_TAG update [Ian Jackson]
  • 4dacb5d: x86/HVM: avoid reading ioreq state more than once [Jan Beulich]
  • 52a5c0b: x86: don’t leak ST(n)/XMMn values to domains first using them [Jan Beulich]
  • d0b73c9: x86/time: fix domain type check in tsc_set_info() [Haozhong Zhang]
  • c3049fa: evtchn: don’t reuse ports that are still “busy” [David Vrabel]
  • 2f287a7: x86/boot: check for not allowed sections before linking [Daniel Kiper]
  • f089991: x86/vPMU: document as unsupported [Jan Beulich]
  • f70eaf9: VMX: fix/adjust trap injection [Jan Beulich]
  • 52f7217: sched: fix locking for insert_vcpu() in credit1 and RTDS [Dario Faggioli]
  • 6e2cca2: x86/HVM: don’t inject #DB with error code [Jan Beulich]
  • 1b6738a: x86/vmx: improvements to vmentry failure handling [Andrew Cooper]
  • ee4d573: x86/PoD: Make p2m_pod_empty_cache() restartable [Andrew Cooper]
  • dff1010: x86/NUMA: fix SRAT table processor entry parsing and consumption [Jan Beulich]
  • cc28516: x86: hide MWAITX from PV domains [Jan Beulich]
  • 1db34a4: VT-d: don’t suppress invalidation address write when it is zero [Jan Beulich]
  • 8fc45c1: memory: fix XSA-158 fix [Jan Beulich]
  • 5202998: QEMU_TAG update [Ian Jackson]
  • 62dc4c1: libxl: Fix bootloader-related virtual memory leak on pv build failure [Ian Jackson]
  • 2432628: memory: fix XENMEM_exchange error handling [Jan Beulich]
  • dcbb31d: memory: split and tighten maximum order permitted in memops [Jan Beulich]
  • 602506b: Config: Switch to unified qemu trees. [Ian Campbell]
  • 26b09fa: x86/HVM: always intercept #AC and #DB [Jan Beulich]
  • 73b70e3: libxl: adjust PoD target by memory fudge, too [Ian Jackson]
  • 0613780: x86: rate-limit logging in do_xen{oprof,pmu}_op() [Jan Beulich]
  • 76782e0: xenoprof: free domain’s vcpu array [Jan Beulich]
  • 3638ff0: x86/PoD: Eager sweep for zeroed pages [Andrew Cooper]
  • 63c4744: free domain’s vcpu array [Jan Beulich]
  • 477bc9b: xen: common: Use unbounded array for symbols_offset. [Ian Campbell]
  • a6646a5: x86: guard against undue super page PTE creation [Jan Beulich]
  • d889704: arm: handle races between relinquish_memory and free_domheap_pages [Ian Campbell]
  • e6e24d7: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP. [Ian Campbell]
  • 16486fc: arm: Support hypercall_create_continuation for multicall [Julien Grall]
  • e321898: docs: xl.cfg: permissive option is not PV only. [Ian Campbell]
  • de3e45c: tools: libxl: allow permissive qemu-upstream pci passthrough. [Ian Campbell]
  • 7b161be: tools/console: xenconsole tolerate tty errors [Ian Jackson]
  • 5c94f96: x86/p2m-pt: correct condition of IOMMU mapping updates [Jan Beulich]
  • 5967073: credit1: fix tickling when it happens from a remote pCPU [Dario Faggioli]
  • 03f29a8: x86/p2m-pt: ignore pt-share flag for shadow mode guests [Jan Beulich]
  • 7d17ce9: x86/p2m-pt: delay freeing of intermediate page tables [Jan Beulich]
  • 2327dad: vt-d: fix IM bit mask and unmask of Fault Event Control Register [Quan Xu]
  • 964150b: xen/xsm: Make p->policyvers be a local variable (ver) to shut up GCC 5.1.1 warnings. [Konrad Rzeszutek Wilk]
  • ef632a2: x86/sysctl: don’t clobber memory if NCAPINTS > ARRAY_SIZE(pi->hw_cap) [Andrew Cooper]
  • 55d6263: x86/MSI: fail if no hardware support [Jan Beulich]
  • c4af95f: x86/p2m: fix mismatched unlock [Jan Beulich]
  • fbb3881: x86/hvm: fix saved pmtimer and hpet values [Kouya Shimura]
  • 4d99a76: libxl: handle read-only drives with qemu-xen [Stefano Stabellini]
  • fe66a76: libxl: Increase device model startup timeout to 1min. [Anthony PERARD]
  • 213e243: xl: correct handling of extra_config in main_cpupoolcreate [Wei Liu]
  • 515d2e3: QEMU_TAG update [Ian Jackson]
  • dbded55: x86/NUMA: make init_node_heap() respect Xen heap limit [Jan Beulich]
  • e554ae4: mm: populate_physmap: validate correctly the gfn for direct mapped domain [Julien Grall]
  • e19042f: x86/mm: Make {hap, shadow}_teardown() preemptible [Anshul Makkar]
  • cfb5d20: x86/NUMA: don’t account hotplug regions [Jan Beulich]
  • 8bea719: x86/NUMA: fix setup_node() [Jan Beulich]
  • 181ebad: IOMMU: skip domains without page tables when dumping [Jan Beulich]
  • 9a00f96: x86/IO-APIC: don’t create pIRQ mapping from masked RTE [Jan Beulich]
  • 6657f1b: x86, amd_ucode: skip microcode updates for final levels [Aravind Gopalakrishnan]
  • 23c1322: x86/gdt: Drop write-only, xalloc()’d array from set_gdt() [Andrew Cooper]
  • ff9758b: update in-tree OVMF changeset [Wei Liu]
  • 339f574: xen/arm: mm: Do not dump the p2m when mapping a foreign gfn [Julien Grall]
  • 5b6f360: update Xen version to 4.4.4-pre [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:

  • 2bbe494: MSI-X: avoid array overrun upon MSI-X table writes [Jan Beulich]
  • c51f20b: blkif: Avoid double access to src->nr_segments [Stefano Stabellini]
  • bc468fe: xenfb: avoid reading twice the same fields from the shared page [Stefano Stabellini]
  • 6425f5d: net: pcnet: add check to validate receive data size(CVE-2015-7504) [Ian Jackson]
  • 5ae0569: vnc: limit client_cut_text msg payload size [Peter Lieven]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.4.3 and qemu-xen-4.4.4).
The fixes listed above also include security fixes for XSA-141 to XSA-142, XSA-145 to XSA 153, partial fixes to XSA-155 (please check XSA-155 for all patches), and XSA-156 to XSA-169. Note that XSA-143, XSA-144 and XSA-154 refer to unused XSA numbers or XSA numbers that may be pre-disclosed in future. Also note that XSA-162 has only been applied to qemu-traditional, but has not yet been applied to qemu-upstream.
We recommend all users of the 4.4 stable series to update to this latest point release.