Skip to main content


Xen Project 4.6.6

We are pleased to announce the release of Xen 4.6.6. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.6 (tag RELEASE-4.6.6) or from this download page
This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • d708b695a3: update Xen version to 4.6.6 [Jan Beulich]
  • f7ad92a74f: memory: don’t suppress P2M update in populate_physmap() [Jan Beulich]
  • 4efd74db51: xen/arm: vgic: Sanitize target mask used to send SGI [Julien Grall]
  • ac3a1ba5a5: gnttab: __gnttab_unmap_common_complete() is all-or-nothing [Jan Beulich]
  • 0ce04603c7: gnttab: correct logic to get page references during map requests [George Dunlap]
  • af6c8e9227: gnttab: never create host mapping unless asked to [Jan Beulich]
  • 3a3aa4f136: gnttab: fix handling of dev_bus_addr during unmap [George Dunlap]
  • 9dd5de08d2: arm: vgic: Don’t update the LR when the IRQ is not enabled [Julien Grall]
  • 398b60f171: guest_physmap_remove_page() needs its return value checked [Jan Beulich]
  • d23eb82c8a: memory: fix return value handing of guest_remove_page() [Andrew Cooper]
  • d7a42bb64a: evtchn: avoid NULL derefs [Jan Beulich]
  • 86f4ece7c6: x86: avoid leaking BND* between vCPU-s [Jan Beulich]
  • 4d13019cb0: x86/shadow: hold references for the duration of emulated writes [Andrew Cooper]
  • 87e0e5d577: gnttab: correct maptrack table accesses [Jan Beulich]
  • 819044abe4: gnttab: Avoid potential double-put of maptrack entry [George Dunlap]
  • 8083370aef: gnttab: fix unmap pin accounting race [Jan Beulich]
  • a6f0e7cce5: IOMMU: handle IOMMU mapping and unmapping failures [Quan Xu]
  • c921a02fda: x86/mm: disallow page stealing from HVM domains [Jan Beulich]
  • 2893fce1b7: arm: remove irq from inflight, then change physical affinity [Stefano Stabellini]
  • 16cfd7d754: xen/arm: Survive unknown traps from guests [Julien Grall]
  • 8ea4c4766a: xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps [Julien Grall]
  • d459aa6c85: xen/arm: Save ESR_EL2 to avoid using mismatched value in syndrome check [Wei Chen]
  • 9e469a5f8e: xen/arm: flush icache as well when XEN_DOMCTL_cacheflush is issued [Stefano Stabellini]
  • 7c5a9573af: xen/arm32: Add an helper to invalidate all instruction caches [Konrad Rzeszutek Wilk]
  • 59c54aa744: xen/arm64: Add an helper to invalidate all instruction caches [Julien Grall]
  • 314915cb4a: stop_machine: fill fn_result only in case of error [Gregory Herrero]
  • 866b2b274d: arm: fix build with gcc 7 [Jan Beulich]
  • 7a46badcf4: x86: fix build with gcc 7 [Jan Beulich]
  • 38e8ab9e1c: x86/mm: fix incorrect unmapping of 2MB and 1GB pages [Igor Druzhinin]
  • 13e84e665d: x86/pv: Align %rsp before pushing the failsafe stack frame [Andrew Cooper]
  • ff3f674fa2: x86/pv: Fix bugs with the handling of int80_bounce [Andrew Cooper]
  • 267bf9f3ae: x86/vpmu_intel: fix hypervisor crash by masking PC bit in MSR_P6_EVNTSEL [Mohit Gambhir]
  • 6fe723ef8c: hvm: fix hypervisor crash in hvm_save_one() [Jan Beulich]
  • d48df03309: x86/32on64: properly honor add-to-physmap-batch’s size [Jan Beulich]
  • 7496924db2: tools/libxc: Tolerate specific zero-content records in migration v2 streams [Andrew Cooper]
  • 24f5900a08: libxc: fix segfault on uninitialized xch->fmem [Seraphime Kirkovski]
  • 4f29090966: x86/mce: always re-initialize ‘severity_cpu’ in mcheck_cmn_handler() [Haozhong Zhang]
  • 2b0bb908f7: x86/mce: make ‘severity_cpu’ private to its users [Haozhong Zhang]
  • c4c37506fa: memory: don’t hand MFN info to translated guests [Jan Beulich]
  • 7622465448: memory: exit early from memory_exchange() upon write-back error [Jan Beulich]
  • 68fa691190: kexec: clear kexec_image slot when unloading kexec image [Bhavesh Davda]
  • eb9a3bfd87: x86: correct create_bounce_frame [Jan Beulich]
  • dcef165527: x86: discard type information when stealing pages [Jan Beulich]
  • fc7839698c: multicall: deal with early exit conditions [Jan Beulich]
  • cf35a354ef: setup vwfi correctly on cpu0 [Stefano Stabellini]
  • 97462479d2: oxenstored: trim history in the frequent_ops function [Thomas Sanders]
  • f0f3d439b1: oxenstored transaction conflicts: improve logging [Thomas Sanders]
  • d9c4094f97: oxenstored: don’t wake to issue no conflict-credit [Thomas Sanders]
  • 66cb2ebf92: oxenstored: do not commit read-only transactions [Thomas Sanders]
  • 3d1affc787: oxenstored: allow self-conflicts [Thomas Sanders]
  • 4eff891f1b: oxenstored: blame the connection that caused a transaction conflict [Jonathan Davies]
  • 05ccb713b2: oxenstored: track commit history [Jonathan Davies]
  • 1eebd16fd5: oxenstored: discard old commit-history on txn end [Thomas Sanders]
  • f4d16c9b70: oxenstored: only record operations with side-effects in history [Jonathan Davies]
  • 9050a970c8: oxenstored: support commit history tracking [Jonathan Davies]
  • 5c609c8780: oxenstored: add transaction info relevant to history-tracking [Jonathan Davies]
  • 4d69c19cf6: oxenstored: ignore domains with no conflict-credit [Thomas Sanders]
  • ab889fb948: oxenstored: handling of domain conflict-credit [Thomas Sanders]
  • 307357318a: oxenstored: comments explaining some variables [Thomas Sanders]
  • bf22c39e4b: oxenstored: allow compilation prior to OCaml 3.12.0 [Jonathan Davies]
  • 898b7c4977: oxenstored: log request and response during transaction replay [Jonathan Davies]
  • 159a61072d: oxenstored: replay transaction upon conflict [Jonathan Davies]
  • 39726290e9: oxenstored: move functions that process simple operations [Jonathan Davies]
  • ebb5a34e85: oxenstored: keep track of each transaction’s operations [Jonathan Davies]
  • a991af7901: oxenstored: refactor request processing [Jonathan Davies]
  • 06222e5b48: oxenstored: remove some unused parameters [Jonathan Davies]
  • a57a99ae0f: oxenstored: refactor putting response on wire [Jonathan Davies]
  • 400063dcdf: xenstored: Log when the write transaction rate limit bites [Ian Jackson]
  • f6d08885c3: xenstored: apply a write transaction rate limit [Ian Jackson]
  • bb92bb77bc: x86: use 64 bit mask when masking away mfn bits [Juergen Gross]
  • ef63a62b3a: memory: properly check guest memory ranges in XENMEM_exchange handling [Jan Beulich]
  • f96efeb0c6: Revert “xen: sched: don’t call hooks of the wrong scheduler via VCPU2OP” [Jan Beulich]
  • 7ff6d9fc19: xen: sched: don’t call hooks of the wrong scheduler via VCPU2OP [Dario Faggioli]
  • 7017321d9b: x86/EFI: avoid Xen image when looking for module/kexec position [Jan Beulich]
  • 541ad61a92: x86/EFI: avoid overrunning mb_modules[] [Jan Beulich]
  • 4f9617120b: build/clang: fix XSM dummy policy when using clang 4.0 [Roger Pau Monné]
  • 9eb0aa2f47: x86: drop unneeded __packed attributes [Roger Pau Monné]
  • ac4c5d4ddf: QEMU_TAG update [Ian Jackson]
  • 18949dc6e1: x86/emul: Correct the decoding of mov to/from cr/dr [Andrew Cooper]
  • eea0742f3b: xen: credit2: don’t miss accounting while doing a credit reset. [Dario Faggioli]
  • 90ae9a76e3: xen: credit2: always mark a tickled pCPU as… tickled! [Dario Faggioli]
  • ef5eb08944: x86/vmx: Don’t leak host syscall MSR state into HVM guests [Andrew Cooper]
  • 48c3bd0e28: update Xen version to 4.6.6-pre [Jan Beulich]
  • b0577dd0c6: xen/arm: fix affected memory range by dcache clean functions [Stefano Stabellini]
  • 82fde4fa36: xen/arm: introduce vwfi parameter [Stefano Stabellini]</li?

In addition, this release also contains the following fixes to qemu-traditional:

  • 57ca3f4a: cirrus/vnc: zap drop bitblit support from console code. [Gerd Hoffmann]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.6.5 and qemu-xen-4.6.6).
This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

(reserved at time of 4.6.5 release )
XSA-207 to 209Applied in 4.6.5......
XSA-210N/A (4.8 only)......
XSA-216N/AN/A (upstream only)Applied

See for details related to Xen Project security advisories.
We recommend all users of the 4.6 stable series to update to this latest point release.