Skip to main content


Xen Project 4.5.2

We are pleased to announce the release of Xen 4.5.2. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.5 (tag RELEASE-4.5.2) or from this download page
This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • e0a36c0: update Xen version to 4.5.2 [Jan Beulich]
  • 423d2cd: libxl: adjust PoD target by memory fudge, too [Ian Jackson]
  • d3063bb: x86: rate-limit logging in do_xen{oprof,pmu}_op() [Jan Beulich]
  • 8dbbba7: xenoprof: free domain’s vcpu array [Jan Beulich]
  • 0b12f70: x86/PoD: Eager sweep for zeroed pages [Andrew Cooper]
  • fd4d3cf: free domain’s vcpu array [Jan Beulich]
  • d2fa0ee: x86: guard against undue super page PTE creation [Jan Beulich]
  • b6ee626: arm: handle races between relinquish_memory and free_domheap_pages [Ian Campbell]
  • 659e934: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP. [Ian Campbell]
  • 41dd3b8: arm: Support hypercall_create_continuation for multicall [Julien Grall]
  • 47db4b0: Revert “libxl: use correct command line for arm guests.” [Ian Jackson]
  • a5d0480: tools/libxc: arm: Check the index before accessing the bank [Julien Grall]
  • 9befcd3: libxl: use correct command line for arm guests. [Ian Campbell]
  • 53c11b0: x86/NUMA: fix SRAT table processor entry parsing and consumption [Jan Beulich]
  • 0368463: x86: hide MWAITX from PV domains [Jan Beulich]
  • a262a89: VT-d: don’t suppress invalidation address write when it is zero [Jan Beulich]
  • 80e9f56: docs: xl.cfg: permissive option is not PV only. [Ian Campbell]
  • 5461ad2: tools: libxl: allow permissive qemu-upstream pci passthrough. [Ian Campbell]
  • db0f474: x86/p2m-pt: tighten conditions of IOMMU mapping updates [Jan Beulich]
  • 2b58d7b: credit1: fix tickling when it happens from a remote pCPU [Dario Faggioli]
  • 887da2b: x86/p2m-pt: ignore pt-share flag for shadow mode guests [Jan Beulich]
  • e4e18ec: x86/p2m-pt: delay freeing of intermediate page tables [Jan Beulich]
  • dde2414: x86/EPT: tighten conditions of IOMMU mapping updates [Jan Beulich]
  • b6e40c9: vt-d: fix IM bit mask and unmask of Fault Event Control Register [Quan Xu]
  • d3d476f: xen/xsm: Make p->policyvers be a local variable (ver) to shut up GCC 5.1.1 warnings. [Konrad Rzeszutek Wilk]
  • 0297baf: xen/arm: vgic-v2: Map the GIC virtual CPU interface with the correct size [Julien Grall]
  • 9b147f9: xen/arm: vgic: Correctly emulate write when byte is used [Julien Grall]
  • f72ab69: xen: arm: bootfdt: Avoid reading off the front of *_cells array [Ian Campbell]
  • c562986: xen: arm: always omit guest user stack in vcpu_show_execution_state [Ian Campbell]
  • 12cc60d: xen: arm: handle accesses to CNTP_CVAL_EL0 [Ian Campbell]
  • 2b0d371: xen: arm: correctly handle vtimer traps from userspace [Ian Campbell]
  • 9bed918: x86/sysctl: don’t clobber memory if NCAPINTS > ARRAY_SIZE(pi->hw_cap) [Andrew Cooper]
  • bda02ca: x86/MSI: fail if no hardware support [Jan Beulich]
  • 33562a4: x86/p2m: fix mismatched unlock [Jan Beulich]
  • fe84222: x86/hvm: fix saved pmtimer and hpet values [Kouya Shimura]
  • bfa874d: efi: introduce efi_arch_flush_dcache_area [Stefano Stabellini]
  • 0619913: libxl: handle read-only drives with qemu-xen [Stefano Stabellini]
  • bbbd29a: libxl: Increase device model startup timeout to 1min. [Anthony PERARD]
  • ffb4e63: xl: correct handling of extra_config in main_cpupoolcreate [Wei Liu]
  • 2049db3: QEMU_TAG update [Ian Jackson]
  • 0b6e02b: x86/NUMA: make init_node_heap() respect Xen heap limit [Jan Beulich]
  • ef372ac: x86/NUMA: don’t account hotplug regions [Jan Beulich]
  • 8bdfe14: x86/NUMA: fix setup_node() [Jan Beulich]
  • 8933ed4: IOMMU: skip domains without page tables when dumping [Jan Beulich]
  • d461923: x86/IO-APIC: don’t create pIRQ mapping from masked RTE [Jan Beulich]
  • 5b71988: x86, amd_ucode: skip microcode updates for final levels [Aravind Gopalakrishnan]
  • fabd2cf: mm: populate_physmap: validate correctly the gfn for direct mapped domain [Julien Grall]
  • 9e6379e: x86/mm: Make {hap, shadow}_teardown() preemptible [Anshul Makkar]
  • 12afed3: x86/gdt: Drop write-only, xalloc()’d array from set_gdt() [Andrew Cooper]
  • ef89dc8: xen/arm: mm: Do not dump the p2m when mapping a foreign gfn [Julien Grall]
  • 7f7642f: libxl: poll: Avoid fd deregistration race POLLNVAL crash [Ian Jackson]
  • 9f6f513: libxl: poll: Use poller_get and poller_put for poller_app [Ian Jackson]
  • 8c40913: libxl: poll: Make libxl__poller_get have only one success return path [Ian Jackson]
  • 9a4c625: tools: libxl: Handle failure to create qemu dm logfile [Ian Campbell]
  • 6040b3a: xl: Sane handling of extra config file arguments [Ian Jackson]
  • 7ac1a26: QEMU_TAG update [Ian Jackson]
  • 07249f4: update in-tree OVMF changeset [Wei Liu]
  • 666b80f: dmar: device scope mem leak fix [Elena Ufimtseva]
  • aa885a0: make rangeset_report_ranges() report all ranges [Jan Beulich]
  • cf423e9: xen: earlycpio: Pull in latest linux earlycpio.[ch] [Ian Campbell]
  • 8c16642: x86/hvmloader: avoid data corruption with xenstore reads/writes [Andrew Cooper]
  • 7b1a3be: credit1: properly deal with pCPUs not in any cpupool [Dario Faggioli]
  • de8b550: x86 / cpupool: clear the proper cpu_valid bit on pCPU teardown [Dario Faggioli]
  • 4b0782f: x86/p2m-ept: don’t unmap the EPT pagetable while it is still in use [Andrew Cooper]
  • 96289ee: nested EPT: fix the handling of nested EPT [Liang Li]?
  • 36a7c54: x86/traps: avoid using current too early on boot [Andrew Cooper]
  • d906add: x86: avoid tripping watchdog when constructing dom0 [Ross Lagerwall]
  • 4ef8635: x86/EFI: adjust EFI_MEMORY_WP handling for spec version 2.5 [Jan Beulich]
  • b30aee4: kexec: add more pages to v1 environment [Jan Beulich]
  • b92d571: x86/debugger: use copy_to/from_guest() in dbg_rw_guest_mem() [Andrew Cooper]
  • 3e7e487: passthrough/amd: avoid reading an uninitialized variable [Tim Deegan]
  • c4d7b91: x86/traps: identify the vcpu in context when dumping registers [Andrew Cooper]
  • e3bd3ce: QEMU_TAG update [Ian Jackson]
  • 031ab7f: update Xen version to 4.5.2-pre [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:

  • dfe880e: vnc: limit client_cut_text msg payload size [Peter Lieven]
  • 327319a: ide: Clear DRQ after handling all expected accesses [Kevin Wolf]
  • 8ded5f4: ide: Check array bounds before writing to io_buffer (CVE-2015-5154) [Kevin Wolf]
  • 9f94419: pcnet: force the buffer access to be in bounds during tx [Petr Matousek]
  • bb42407: pcnet: fix Negative array index read [Gonglei]

This release also contains the security fixes for XSA-137, XSA-138, XSA-141 to XSA-153. XSA-139 and XSA-140 only apply to QEMU Upstream and are fixed from versions 2.3.1 and 2.4.0 of QEMU. The qemu portion of XSA-135 has also been applied to qemu-traditional.
See for details related to Xen Project security advisories.
We recommend all users of the 4.5 stable series to update to this first point release.
Hardware related Security Risks:

For CVE-2013-3495 / XSA-59 (Intel VT-d Interrupt Remapping engines can be evaded by native NMI interrupts) we are told that the workaround is now completely implemented for server CPUs/chipsets (thanks to newer CPUs/chipsets addressing the underlying hardware issue). For all desktop and mobile CPUs/chipsets which are currently known to be affected by XSA-59 the necessary workaround has been implemented. However, we expect to extend the workaround for upcoming hardware variants where the underlying hardware issue is not yet addressed.
XSA-124 documents security risks of non-standard PCI device functionality that cannot be addressed in software.