Skip to main content


Xen Project 4.5.5

We are pleased to announce the release of Xen 4.5.5. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.5 (tag RELEASE-4.5.5) or from this download page
This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • e4ae4b0: update Xen version to 4.5.5 [Jan Beulich]
  • 22857ab: update Xen version to 4.5.4 [Jan Beulich]
  • c18dfbb: Revert “x86/hvm: Perform a user instruction fetch for a FEP in userspace” [Jan Beulich]
  • 9edce7c: x86/segment: Bounds check accesses to emulation ctxt->seg_reg[] [Andrew Cooper]
  • 9555949: x86/hvm: Perform a user instruction fetch for a FEP in userspace [Andrew Cooper]
  • 57e7172: hvm/fep: Allow testing of instructions crossing the -1 -> 0 virtual boundary [Andrew Cooper]
  • 11c0462: VMX: correct feature checks for MPX [Jan Beulich]
  • 433ebca: x86/shadow: Avoid overflowing sh_ctxt->seg_reg[] [Andrew Cooper]
  • bc9f72b: x86/emulate: Correct boundary interactions of emulated instructions [Andrew Cooper]
  • ec88876: x86/32on64: don’t allow recursive page tables from L3 [Jan Beulich]
  • d50078b: memory: fix compat handling of XENMEM_access_op [Jan Beulich]
  • 42ea059: credit1: fix a race when picking initial pCPU for a vCPU [Dario Faggioli]
  • 9e06b02: x86/32on64: misc adjustments to call gate emulation [Jan Beulich]
  • e824aae: xen: Remove buggy initial placement algorithm [George Dunlap]
  • 2e56416: xen: Have schedulers revise initial placement [George Dunlap]
  • cda8e7e: sched: better handle (not) inserting idle vCPUs in runqueues [Dario Faggioli]
  • 462f714: xen/physmap: Do not permit a guest to populate PoD pages for itself [Andrew Cooper]
  • de1d9ea: page-alloc/x86: don’t restrict DMA heap to node 0 [Jan Beulich]
  • 2ad058e: libxl: return any serial tty path in libxl_console_get_tty [Bob Liu]
  • 50a4501: tools/libxc: Properly increment ApicIdCoreSize field on AMD [Boris Ostrovsky]
  • 8ca7cf8: libxenvchan: Change license of header from Lesser GPL v2.1 to BSD [Konrad Rzeszutek Wilk]
  • 9eb11dc: xl: correct xl cpupool-numa-split with vcpu limited dom0 [Juergen Gross]
  • e86a6fb: configure: Fix when no libsystemd compat lib are available [Anthony PERARD]
  • 08313b4: Revert “xen: Have schedulers revise initial placement” [Jan Beulich]
  • 0fc8aab: Revert “xen: Remove buggy initial placement algorithm” [Jan Beulich]
  • c18c145: x86/mmcfg: Fix initalisation of variables in pci_mmcfg_nvidia_mcp55() [Andrew Cooper]
  • 505ad3a: xen: Remove buggy initial placement algorithm [George Dunlap]
  • c421378: xen: Have schedulers revise initial placement [George Dunlap]
  • b1f4e86: nested vmx: Validate host VMX MSRs before accessing them [Euan Harris]
  • cfcdeea: serial: fix incorrect length of strncmp for dtuart [Jiandi An]
  • c4c0312: x86/entry: Avoid SMAP violation in compat_create_bounce_frame() [Andrew Cooper]
  • 467f77d: x86/pv: Remove unsafe bits from the mod_l?_entry() fastpath [Andrew Cooper]
  • eadd663: QEMU_UPSTREAM_REVISION update [Ian Jackson]
  • 818d58d: public: typo: use ‘ as apostrophe in grant_table.h [Dario Faggioli]
  • 071d2e3: QEMU_TAG update [Ian Jackson]
  • 44a703d: libxl: set XEN_QEMU_CONSOLE_LIMIT for QEMU [Wei Liu]
  • 6d27298: libxl: Fix NULL pointer due to XSA-178 fix wrong XS nodename [Ian Jackson]
  • 6338746: QEMU_TAG update [Ian Jackson]
  • df9c5c4: libxl: keep PoD target adjustment by memory fudge after reload_domain_config() [Vitaly Kuznetsov]
  • d8ac67e: libxl: Document ~/serial/ correctly [Ian Jackson]
  • 509ae90: libxl: Cleanup: use libxl__backendpath_parse_domid in libxl__device_disk_from_xs_be [Ian Jackson]
  • 3675172: libxl: Cleanup: Have libxl__alloc_vdev use /libxl [Ian Jackson]
  • 8df6d98: libxl: Do not trust backend in channel list [Ian Jackson]
  • 1a75ae1: libxl: Do not trust backend for nic in list [Ian Jackson]
  • 6925b22: libxl: Do not trust backend for nic in devid_to_device [Ian Jackson]
  • 517d1d8: libxl: Do not trust backend in nic getinfo [Ian Jackson]
  • 31be4b9: libxl: Have READ_LIBXLDEV use libxl_path rather than be_path [Ian Jackson]
  • bbbe635: libxl: Rename READ_BACKEND to READ_LIBXLDEV [Ian Jackson]
  • 382ed2f: libxl: Rename libxl__device_{nic,channel}_from_xs_be to _from_xenstore [Ian Jackson]
  • c9b8314: libxl: Do not trust backend for channel in getinfo [Ian Jackson]
  • 3a3c8b2: libxl: Do not trust backend for cdrom insert [Ian Jackson]
  • 2614f9a: libxl: Do not trust backend for disk in getinfo [Ian Jackson]
  • a81a94d: libxl: Do not trust backend for disk; fix driver domain disks list [Ian Jackson]
  • c7e9c4b: libxl: Do not trust backend for disk eject vdev [Ian Jackson]
  • 2388be0: libxl: cdrom eject and insert: write to /libxl [Ian Jackson]
  • 2cd66e8: libxl: Do not trust backend for vtpm in getinfo (uuid) [Ian Jackson]
  • eaf75a3: libxl: Do not trust backend for vtpm in getinfo (except uuid) [Ian Jackson]
  • 840a49a: libxl: Do not trust backend in libxl__device_exists [Ian Jackson]
  • 27874bc: libxl: Make copy of every xs backend in /libxl in _generic_add [Ian Jackson]
  • 6265a6f: libxl: Do not trust frontend for channel in getinfo [Ian Jackson]
  • e08efef: libxl: Do not trust frontend for channel in list [Ian Jackson]
  • 1c44339: libxl: Do not trust frontend for nic in getinfo [Ian Jackson]
  • a848f24: libxl: Do not trust frontend for nic in libxl_devid_to_device_nic [Ian Jackson]
  • ec5591d: libxl: Do not trust frontend for vtpm in getinfo [Ian Jackson]
  • cc0376e: libxl: Do not trust frontend for vtpm list [Ian Jackson]
  • f9d0a2c: libxl: Do not trust frontend for disk in getinfo [Ian Jackson]
  • f058444: libxl: Do not trust frontend for disk eject event [Ian Jackson]
  • 24f5f12: libxl: Do not trust frontend in libxl__device_nextid [Ian Jackson]
  • 16cb1fb: libxl: Do not trust frontend in libxl__devices_destroy [Ian Jackson]
  • 2aef428: libxl: Provide libxl__backendpath_parse_domid [Ian Jackson]
  • 2978e1a: libxl: Record backend/frontend paths in /libxl/$DOMID [Ian Jackson]
  • 8c4b403: xen/arm: Don’t free p2m->root in p2m_teardown() before it has been allocated [Andrew Cooper]
  • 524a93d: sched: avoid races on time values read from NOW() [Dario Faggioli]
  • 8549385: x86emul: suppress writeback upon unsuccessful MMX/SSE/AVX insn emulation [Jan Beulich]
  • b1c94bd: xen/nested_p2m: Don’t walk EPT tables with a regular PT walker [Andrew Cooper]
  • 644aa81: x86/PoD: skip eager reclaim when possible [Jan Beulich]
  • e5fa482: IOMMU/x86: per-domain control structure is not HVM-specific [Jan Beulich]
  • 8d1e559: x86: use optimal NOPs to fill the SMEP/SMAP placeholders [Jan Beulich]
  • f332597: x86: suppress SMEP and SMAP while running 32-bit PV guest code [Jan Beulich]
  • c790220: x86: move cached CR4 value to struct cpu_info [Jan Beulich]
  • 49fe83a: x86/alternatives: correct near branch check [Jan Beulich]
  • a67e0f1: x86/P2M: consolidate handling of types not requiring a valid MFN [Jan Beulich]
  • ffda547: xen/arm: p2m: Release the p2m lock before undoing the mappings [Julien Grall]
  • d4d3739: xen/arm: p2m: apply_p2m_changes: Do not undo more than necessary [Julien Grall]
  • facf156: libxl: fix old style declarations [Wei Liu]
  • 62e8902: x86/mm: fully honor PS bits in guest page table walks [Jan Beulich]
  • 4065709: xen/arm64: ensure that the correct SP is used for exceptions [Kyle J. Temkin]
  • d19f941: arm: Fix asynchronous aborts (SError exceptions) due to bogus PTEs [Vikram Sethi]
  • c0bb033: xen/arm: Force broadcast of TLB and instruction cache maintenance instructions [Julien Grall]
  • 1334fa9: Update QEMU_UPSTREAM_REVISION [Ian Jackson]
  • 478ad3f: QEMU_TAG update [Ian Jackson]
  • 2c438f8: QEMU_TAG update [Ian Jackson]
  • 2bc9bd9: libxc: fix usage of uninitialized variable [Roger Pau Monne]
  • 350eb39: libxl: handle error from libxl__need_xenpv_qemu() correctly [Juergen Gross]
  • 065b134: x86/shadow: account for ioreq server pages before complaining about not found mapping [Jan Beulich]
  • f9cc40e: x86/time: fix gtime_to_gtsc for vtsc=1 PV guests [Jan Beulich]
  • becb125a: unmodified_drivers: enable use of register_oldmem_pfn_is_ram() API [Mike Meyer Mon Apr 4 15:02:59 2016 +0200]
  • 0aabc28: x86/HVM: fix forwarding of internally cached requests [Jan Beulich]
  • 12acca5: x86/fpu: improve check for XSAVE* not writing FIP/FDP fields [David Vrabel]
  • 9945f62: x86/hvm: add HVM_PARAM_X87_FIP_WIDTH [David Vrabel]
  • 38eee32: x86/fpu: add a per-domain field to set the width of FIP/FDP [David Vrabel]
  • c70ab64: x86: limit GFNs to 32 bits for shadowed superpages. [Tim Deegan]
  • 1f92bdb: x86: fix information leak on AMD CPUs [Jan Beulich]
  • 7eb2fae: update Xen version to 4.5.4-pre [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:

  • 28c2138: main loop: Big hammer to fix logfile disk DoS in Xen setups [Ian Jackson]
  • e11b0e3: Fix build with newer version of GNUTLS [Wei Liu]
  • f1cfdc3: rtl8139: check TCP Data Offset field [Stefan Hajnoczi]
  • ebb3779: rtl8139: skip offload on short TCP header [Stefan Hajnoczi]
  • dbc7093: rtl8139: check IP Total Length field [Stefan Hajnoczi]
  • a9e97f6: rtl8139: check IP Header Length field [Stefan Hajnoczi]
  • 354c70a: rtl8139: skip offload on short Ethernet/IP header [Stefan Hajnoczi]
  • e10db6a: rtl8139: drop tautologous if (ip) {…} statement [Stefan Hajnoczi]
  • 6a9ffb9: rtl8139: avoid nested ifs in IP header parsing [Stefan Hajnoczi]
  • 6fe8ced: vga: make sure vga register setup for vbe stays intact (CVE-2016-3712). [Gerd Hoffmann]
  • 4cdbfab: vga: update vga register setup on vbe changes [Gerd Hoffmann]
  • ee152b7: vga: factor out vga register setup [Gerd Hoffmann]
  • 3040124: vga: add vbe_enabled() helper [Gerd Hoffmann]
  • 0c035e0: vga: fix banked access bounds checking (CVE-2016-3710) [Gerd Hoffmann]
  • 6e39ebb: CVE-2014-3615: vbe: rework sanity checks [Andrew Cooper]
  • f37beb1: CVE-2014-7815: vnc: sanitize bits_per_pixel from the client [Andrew Cooper]
  • 1c7a501: CVE-2014-8106: cirrus: fix blit region check [Andrew Cooper]
  • cb6319f: usb-linux.c: fix buffer overflow [Jim Paris]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.5.3 and qemu-xen-4.5.5).
This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSAXenqemu-traditional qemu-upstream
XSA-172N/A (XSA applies to Linux only)......
XSA-172Applied N/A N/A
XSA-173Applied N/A N/A
XSA-174N/A (XSA applies to Linux only)......
XSA-175Applied N/A N/A
XSA-176Applied N/A N/A
XSA-177N/A(unused XSA number)......
XSA-178Applied N/A N/A
XSA-179N/A AppliedApplied
XSA-180N/A AppliedApplied, however only to qemu-xen.git, which is shipped with this release. The fix is not in
XSA-181Applied N/A N/A
XSA-182Applied N/A N/A
XSA-183Applied N/A N/A
XSA-184N/A This XSA has not been applied due to an oversight. The XSA is a minor issue that does not affect default configurations.Applied
XSA-185Applied N/A N/A
XSA-186Applied N/A N/A
XSA-187Applied N/A N/A
XSA-188N/A (Xen 4.5 not vulnerable)......

See for details related to Xen Project security advisories.
We recommend all users of the 4.5 stable series to update to this latest point release.