Skip to main content


Xen Project 4.8.2

We are pleased to announce the release of Xen 4.8.2. This is available immediately from its git repository;a=shortlog;h=refs/heads/stable-4.8 (tag RELEASE-4.8.2) or from this download page
This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • 5e4598106e: update Xen version to 4.8.2 [Jan Beulich]
  • ffb73c1406: gnttab: avoid spurious maptrack handle allocation failures [Jan Beulich]
  • 300529d6b5: cpufreq: only stop ondemand governor if already started [Christopher Clark]
  • c1751e204a: VT-d PI: disable VT-d PI when CPU-side PI isn’t enabled [Chao Gao]
  • f914884320: VT-d: don’t panic/warn on iommu=no-igfx [Rusty Bird]
  • ed6e5d5bab: docs: replace xm with xl in xen-tscmode [Olaf Hering]
  • 7818599594: x86/hvm: Fixes to hvmemul_insn_fetch() [Andrew Cooper]
  • ecb701f38c: rombios: prevent building with PIC/PIE [Olaf Hering]
  • 3ef997c8be: xen/livepatch: Don’t crash on encountering STN_UNDEF relocations [Andrew Cooper]
  • 68c4ef23e9: xen/livepatch: Use zeroed memory allocations for arrays [Andrew Cooper]
  • df8c4fa0e0: arm/mm: release grant lock on xenmem_add_to_physmap_one() error paths [Jan Beulich]
  • c3c2df8d32: travis: install ghostscript [Wei Liu]
  • 236263f459: gnttab: fix “don’t use possibly unbounded tail calls” [Jan Beulich]
  • 5c10e0e4b0: gnttab: fix transitive grant handling [Jan Beulich]
  • 5afb94cac0: gnttab: don’t use possibly unbounded tail calls [Jan Beulich]
  • f5211ce758: gnttab: correct pin status fixup for copy [Jan Beulich]
  • 877591cc28: gnttab: split maptrack lock to make it fulfill its purpose again [Jan Beulich]
  • 460cd3b117: x86/grant: disallow misaligned PTEs [Andrew Cooper]
  • 1e6c88fafc: arm: p2m: Prevent redundant icache flushes [Punit Agrawal]
  • 55cf609c40: Allow control of icache invalidations when calling flush_page_to_ram() [Punit Agrawal]
  • 079550e0a0: xen/arm: Properly map the FDT in the boot page table [Julien Grall]
  • f6f543fee9: xen/arm: Check if the FDT passed by the bootloader is valid [Julien Grall]
  • a332ac1f5b: xen/arm: Move the code to map FDT in the boot tables from assembly to C [Julien Grall]
  • 1a147b5359: xen/arm: mm: Move create_mappings function earlier in the file [Julien Grall]
  • 86529087ab: memory: don’t suppress P2M update in populate_physmap() [Jan Beulich]
  • 1e40f87dbb: livepatch: Wrong usage of spinlock on debug console. [Konrad Rzeszutek Wilk]
  • 7dd85eb372: Revert “x86/hvm: disable pkeys for guests in non-paging mode” [Andrew Cooper]
  • 24809e04e7: x86/pv: Fix the handling of `int $x` for vectors which alias exceptions [Andrew Cooper]
  • 8d3dafb43f: xen/test/Makefile: Fix clean target, broken by pattern rule [Ian Jackson]
  • aedaa82c2f: x86: avoid leaking PKRU and BND* between vCPU-s [Jan Beulich]
  • a75d7ad053: xen/arm: vgic: Sanitize target mask used to send SGI [Julien Grall]
  • 125a3a9d6a: gnttab: __gnttab_unmap_common_complete() is all-or-nothing [Jan Beulich]
  • b859653b7c: gnttab: correct logic to get page references during map requests [George Dunlap]
  • 429ad0d3f2: gnttab: never create host mapping unless asked to [Jan Beulich]
  • 1959b49f35: gnttab: fix handling of dev_bus_addr during unmap [George Dunlap]
  • 670bb9dd9e: arm: vgic: Don’t update the LR when the IRQ is not enabled [Julien Grall]
  • 270b9f8f64: guest_physmap_remove_page() needs its return value checked [Jan Beulich]
  • 50ee10e22c: memory: fix return value handing of guest_remove_page() [Andrew Cooper]
  • e5da3ccafd: evtchn: avoid NULL derefs [Jan Beulich]
  • 982d477b56: x86/shadow: hold references for the duration of emulated writes [Andrew Cooper]
  • ca71eb31d6: gnttab: correct maptrack table accesses [Jan Beulich]
  • c7dab25933: gnttab: Avoid potential double-put of maptrack entry [George Dunlap]
  • ca974091c8: gnttab: fix unmap pin accounting race [Jan Beulich]
  • a4bca7c309: x86/mm: disallow page stealing from HVM domains [Jan Beulich]
  • fe5bbfda64: Makefile: Provide way to ship livepatch test files [Ian Jackson]
  • cb99078ef9: xen/test/livepatch: Add xen_nop.livepatch to .gitignore [Ian Jackson]
  • e1bcfb12d7: xen/test/livepatch: Regularise Makefiles [Ian Jackson]
  • 2d37e90cc7: xen/test/livepatch/Makefile: Install in DESTDIR/usr/lib/debug/xen-livepatch [Ian Jackson]
  • c427a81dee: xen/arm: p2m: Fix incorrect mapping of superpages [Julien Grall]
  • 125e4d4a8d: vgic: refuse irq migration when one is already in progress [Stefano Stabellini]
  • 9e6b2ddf33: arm: remove irq from inflight, then change physical affinity [Stefano Stabellini]
  • 52d83809fa: xen/arm: Survive unknown traps from guests [Julien Grall]
  • 5026eb5ed0: xen/arm: do_trap_hypervisor: Separate hypervisor and guest traps [Julien Grall]
  • e5ec23efcf: xen/arm: Save ESR_EL2 to avoid using mismatched value in syndrome check [Wei Chen]
  • 79d2d5c343: stop_machine: fill fn_result only in case of error [Gregory Herrero]
  • b7d2c0f2f5: hvmloader: avoid tests when they would clobber used memory [Jan Beulich]
  • d5841446b9: arm: fix build with gcc 7 [Jan Beulich]
  • d721af1f6e: x86: fix build with gcc 7 [Jan Beulich]
  • 72808a8717: x86/mm: fix incorrect unmapping of 2MB and 1GB pages [Igor Druzhinin]
  • 173eb93195: x86/pv: Align %rsp before pushing the failsafe stack frame [Andrew Cooper]
  • d29cb493e0: x86/pv: Fix bugs with the handling of int80_bounce [Andrew Cooper]
  • 98cefccaee: x86/vpmu_intel: fix hypervisor crash by masking PC bit in MSR_P6_EVNTSEL [Mohit Gambhir]
  • e91a24cf64: hvm: fix hypervisor crash in hvm_save_one() [Jan Beulich]
  • de1318bb00: x86/32on64: properly honor add-to-physmap-batch’s size [Jan Beulich]
  • 4057c6ea80: tools: ocaml: In configure, check for ocamlopt [Ian Jackson]
  • 834ea870c5: tools/libxc: Tolerate specific zero-content records in migration v2 streams [Andrew Cooper]
  • efd2ff999d: libxc: fix segfault on uninitialized xch->fmem [Seraphime Kirkovski]
  • 19ad7c08a8: x86/mce: always re-initialize ‘severity_cpu’ in mcheck_cmn_handler() [Haozhong Zhang]
  • 1780c265f7: x86/mce: make ‘severity_cpu’ private to its users [Haozhong Zhang]
  • 8f6d1f9abf: memory: don’t hand MFN info to translated guests [Jan Beulich]
  • 957dc0e249: memory: exit early from memory_exchange() upon write-back error [Jan Beulich]
  • 12b1425fdc: kexec: clear kexec_image slot when unloading kexec image [Bhavesh Davda]
  • a782d9d421: update Xen version to 4.8.2-pre [Jan Beulich]
  • 16ed8dd289: x86: discard type information when stealing pages [Jan Beulich]
  • 17051bdb86: multicall: deal with early exit conditions [Jan Beulich]
  • 98e05a3abc: Merge branch ‘staging-4.8’ of into staging-4.8 [Jan Beulich]
  • c2a541500d: setup vwfi correctly on cpu0 [Stefano Stabellini]

This release contains no fixes to qemu-traditional.
This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check;a=shortlog (between tags qemu-xen-4.8.1 and qemu-xen-4.8.2).
This release, which includes source code for qemu-traditional and qemu-upstream, contains the following security fixes.

XSA-215 N/A (Xen 4.8 not affected)......
XSA-226Applied (fix, not work-around, via xsa226-4.9/*.patch)N/AN/A
XSA-229N/A (Linux only)......
XSA-231N/A (Pre-released, but embargoed, at the time of this release)......
XSA-232N/A (Pre-released, but embargoed, at the time of this release)......
XSA-233N/A (Pre-released, but embargoed, at the time of this release)......
XSA-234N/A (Pre-released, but embargoed, at the time of this release)......

See for details related to Xen Project security advisories.
We recommend all users of the 4.8 stable series to update to this latest point release.