Skip to main content


Xen Project 4.7.3

We are pleased to announce the release of Xen 4.7.3. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.7 (tag RELEASE-4.7.3) or from this download page
This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 4fbfa34b1a: update Xen version to 4.7.3 [Jan Beulich]
  • e146b7e3ea: memory: don’t suppress P2M update in populate_physmap() [Jan Beulich]
  • a0ced5abef: livepatch: Wrong usage of spinlock on debug console. [Konrad Rzeszutek Wilk]
  • a2e3d27df7: Revert “x86/hvm: disable pkeys for guests in non-paging mode” [Andrew Cooper]
  • db2a8fe8b2: xen/arm: vgic: Sanitize target mask used to send SGI [Julien Grall]
  • 4a79c29f67: gnttab: __gnttab_unmap_common_complete() is all-or-nothing [Jan Beulich]
  • 00f67ee347: gnttab: correct logic to get page references during map requests [George Dunlap]
  • 3b4fdddf55: gnttab: never create host mapping unless asked to [Jan Beulich]
  • 283668d146: gnttab: fix handling of dev_bus_addr during unmap [George Dunlap]
  • 9c28648200: arm: vgic: Don’t update the LR when the IRQ is not enabled [Julien Grall]
  • eeba17403e: guest_physmap_remove_page() needs its return value checked [Jan Beulich]
  • ba78feae36: memory: fix return value handing of guest_remove_page() [Andrew Cooper]
  • 310cd975d8: evtchn: avoid NULL derefs [Jan Beulich]
  • d6ce30d2fa: x86: avoid leaking PKRU and BND* between vCPU-s [Jan Beulich]
  • 5d6ab83a2d: x86/shadow: hold references for the duration of emulated writes [Andrew Cooper]
  • 865d5bb4b3: gnttab: correct maptrack table accesses [Jan Beulich]
  • c4ad29d35a: gnttab: Avoid potential double-put of maptrack entry [George Dunlap]
  • 0d6d54542f: gnttab: fix unmap pin accounting race [Jan Beulich]
  • 15f428ae7a: IOMMU: handle IOMMU mapping and unmapping failures [Quan Xu]
  • 1de45b3f9b: x86/mm: disallow page stealing from HVM domains [Jan Beulich]
  • 84cd8d3fbd: Revert “hvmloader: avoid tests when they would clobber used memory” [Jan Beulich]
  • aadb70a471: Revert “hvmloader: don’t include non-existing header” [Jan Beulich]
  • f1f2df22bf: vgic: refuse irq migration when one is already in progress [Stefano Stabellini]
  • 9e601e6783: arm: remove irq from inflight, then change physical affinity [Stefano Stabellini]
  • f945e7a23c: xen/arm: Survive unknown traps from guests [Julien Grall]
  • 6c9a9b6d5c: xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps [Julien Grall]
  • 0ce60dbffd: xen/arm: Save ESR_EL2 to avoid using mismatched value in syndrome check [Wei Chen]
  • cb799f1947: xen/arm: flush icache as well when XEN_DOMCTL_cacheflush is issued [Tamas K Lengyel]
  • de2c7e3913: xen/arm32: Add an helper to invalidate all instruction caches [Konrad Rzeszutek Wilk]
  • c185c150b2: xen/arm64: Add an helper to invalidate all instruction caches [Julien Grall]
  • 0aa86168ee: hvmloader: don’t include non-existing header [Jan Beulich]
  • 50d0512337: stop_machine: fill fn_result only in case of error [Gregory Herrero]
  • 164c34dd23: hvmloader: avoid tests when they would clobber used memory [Jan Beulich]
  • da743dc82a: arm: fix build with gcc 7 [Jan Beulich]
  • 94a8a0e933: x86: fix build with gcc 7 [Jan Beulich]
  • a5f47620f7: x86/mm: fix incorrect unmapping of 2MB and 1GB pages [Igor Druzhinin]
  • c2792a222c: x86/pv: Align %rsp before pushing the failsafe stack frame [Andrew Cooper]
  • 1404c6ac87: x86/pv: Fix bugs with the handling of int80_bounce [Andrew Cooper]
  • 0883fe2d72: x86/vpmu_intel: fix hypervisor crash by masking PC bit in MSR_P6_EVNTSEL [Mohit Gambhir]
  • d8b8a10025: hvm: fix hypervisor crash in hvm_save_one() [Jan Beulich]
  • 6ac5b35ef4: x86/32on64: properly honor add-to-physmap-batch’s size [Jan Beulich]
  • 7a0bf3eef7: tools: ocaml: In configure, check for ocamlopt [Ian Jackson]
  • 1956c9e91d: tools/libxc: Tolerate specific zero-content records in migration v2 streams [Andrew Cooper]
  • 6a689975c6: libxc: fix segfault on uninitialized xch->fmem [Seraphime Kirkovski]
  • 74ad8abe49: x86/mce: always re-initialize ‘severity_cpu’ in mcheck_cmn_handler() [Haozhong Zhang]
  • 1599424843: x86/mce: make ‘severity_cpu’ private to its users [Haozhong Zhang]
  • 16f34b7a19: memory: don’t hand MFN info to translated guests [Jan Beulich]
  • 4ed8558576: memory: exit early from memory_exchange() upon write-back error [Jan Beulich]
  • 0cc3268428: kexec: clear kexec_image slot when unloading kexec image [Bhavesh Davda]
  • a7f041aa8a: x86: discard type information when stealing pages [Jan Beulich]
  • c99967f18b: multicall: deal with early exit conditions [Jan Beulich]
  • 469fc7e9b6: setup vwfi correctly on cpu0 [Stefano Stabellini]
  • 6cf0da5951: oxenstored: trim history in the frequent_ops function [Thomas Sanders]
  • c93ec9a485: oxenstored transaction conflicts: improve logging [Thomas Sanders]
  • e2141f1a57: oxenstored: don’t wake to issue no conflict-credit [Thomas Sanders]
  • 75ce43b86e: oxenstored: do not commit read-only transactions [Thomas Sanders]
  • a7f74db8dc: oxenstored: allow self-conflicts [Thomas Sanders]
  • 8106372fdf: oxenstored: blame the connection that caused a transaction conflict [Jonathan Davies]
  • 5029638296: oxenstored: track commit history [Jonathan Davies]
  • 4a48e47405: oxenstored: discard old commit-history on txn end [Thomas Sanders]
  • 167d9890c1: oxenstored: only record operations with side-effects in history [Jonathan Davies]
  • 42ca46bcdc: oxenstored: support commit history tracking [Jonathan Davies]
  • d431ba30ba: oxenstored: add transaction info relevant to history-tracking [Jonathan Davies]
  • 51833a2428: oxenstored: ignore domains with no conflict-credit [Thomas Sanders]
  • 9e82ebf1ed: oxenstored: handling of domain conflict-credit [Thomas Sanders]
  • fb79c3a3e8: oxenstored: comments explaining some variables [Thomas Sanders]
  • 1df3d6c34b: xenstored: Log when the write transaction rate limit bites [Ian Jackson]
  • 8b77a2c05e: xenstored: apply a write transaction rate limit [Ian Jackson]
  • b5c7deaaf2: tools/libxenctrl: fix error check after opening libxenforeignmemory [Paul Durrant]
  • e0b9499697: libxl: correct xenstore entry for empty cdrom [Juergen Gross]
  • ada9e109d7: x86: use 64 bit mask when masking away mfn bits [Juergen Gross]
  • 4bd66bc3bb: memory: properly check guest memory ranges in XENMEM_exchange handling [Jan Beulich]
  • 47ba140217: xen: sched: don’t call hooks of the wrong scheduler via VCPU2OP [Dario Faggioli]
  • 4a1dc280b8: x86/EFI: avoid Xen image when looking for module/kexec position [Jan Beulich]
  • 5466c7766f: x86/EFI: avoid IOMMU faults on [_end,__2M_rwdata_end) [Jan Beulich]
  • 25f3d9531b: x86/EFI: avoid overrunning mb_modules[] [Jan Beulich]
  • e5e7f352fb: build/clang: fix XSM dummy policy when using clang 4.0 [Roger Pau Monné]
  • 683b886519: x86: drop unneeded __packed attributes [Roger Pau Monné]
  • 9f2540d997: QEMU_TAG update [Ian Jackson]
  • 9d9be1eaaa: arm: read/write rank->vcpu atomically [Stefano Stabellini]
  • ac8d90e10e: xen/arm: p2m: Perform local TLB invalidation on vCPU migration [Julien Grall]
  • bc868a21e6: xen/arm: Introduce INVALID_VCPU_ID [Julien Grall]
  • d5f9489f0f: xen/arm: Set nr_cpu_ids to available number of cpus [Vijaya Kumar K]
  • b2a180e8f2: xen/arm: fix GIC_INVALID_LR [Stefano Stabellini]
  • 01abcc0dc8: fix out of bound access to mode_strings [Stefano Stabellini]
  • 9c404dfc08: missing vgic_unlock_rank in gic_remove_irq_from_guest [Stefano Stabellini]
  • ddc0cfe9b7: xen/arm: Fix macro for ARM Jazelle CPU feature identification [Artem Mygaiev]
  • 9a54dcdca3: xen/arm: traps: Emulate ICC_SRE_EL1 as RAZ/WI [Julien Grall]
  • 4351611fad: xen/arm: Fix misplaced parentheses for PSCI version check [Artem Mygaiev]
  • c782e61edf: arm/irq: Reorder check when the IRQ is already used by someone [Oleksandr Tyshchenko]
  • d166f07e0e: Don’t clear HCR_VM bit when updating VTTBR. [Jun Sun]
  • 099f67b7a1: x86/emul: Correct the decoding of mov to/from cr/dr [Andrew Cooper]
  • d756bf1d04: xen: credit2: don’t miss accounting while doing a credit reset. [Dario Faggioli]
  • 10debc0583: xen: credit2: always mark a tickled pCPU as… tickled! [Dario Faggioli]
  • 461dba20c2: x86/layout: Correct Xen’s idea of its own memory layout [Andrew Cooper]
  • 188809f33b: x86/vmx: Don’t leak host syscall MSR state into HVM guests [Andrew Cooper]
  • 3daa62a302: update Xen version to 4.7.3-pre [Jan Beulich]
  • 8b7ab1eac8: xen/arm: fix affected memory range by dcache clean functions [Stefano Stabellini]
  • 069ba09c61: xen/arm: introduce vwfi parameter [Stefano Stabellini]

In addition, this release also contains the following fixes to qemu-traditional:

  • 73e8fa3f: cirrus/vnc: zap drop bitblit support from console code. [Gerd Hoffmann]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.7.2 and qemu-xen-4.7.3).
This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA Xen qemu-traditionalqemu-upstream
(reserved at time of 4.7.3 release )
XSA-207 to 209Applied in 4.7.3......
XSA-210N/A (4.8 only)......
XSA-216N/AN/A (upstream only)Applied

See for details related to Xen Project security advisories.
We recommend all users of the 4.7 stable series to update to this latest point release.