Xen Project 4.4.4

We are pleased to announce the release of Xen 4.4.4. This is available immediately from its git repository 

http://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.4 (tag RELEASE-4.4.4) or from this download page

This release contains the following bug-fixes and improvements in the Xen Project hypervisor:

  • a611ed5: update Xen version to 4.4.4 [Jan Beulich]
  • 425f7f7: x86/vmx: Fix injection of #DB traps following XSA-156 [Andrew Cooper]
  • f8aad02: x86/VMX: prevent INVVPID failure due to non-canonical guest address [Jan Beulich]
  • 12fe363: x86/mm: PV superpage handling lacks sanity checks [Jan Beulich]
  • 6d2c41d: Config.mk: update OVMF changeset [Wei Liu]
  • e003d42: blktap: Fix two 'maybe uninitialized' variables [Dario Faggioli]
  • dfc955e: QEMU_TAG update [Ian Jackson]
  • a436917: libxl: Fix building libxlu_cfg_y.y with bison 3.0 [Ed Swierk]
  • 4df657b: libxl: Rerun bison and flex [Ian Jackson]
  • fd4db04: QEMU_TAG update [Ian Jackson]
  • 4dacb5d: x86/HVM: avoid reading ioreq state more than once [Jan Beulich]
  • 52a5c0b: x86: don't leak ST(n)/XMMn values to domains first using them [Jan Beulich]
  • d0b73c9: x86/time: fix domain type check in tsc_set_info() [Haozhong Zhang]
  • c3049fa: evtchn: don't reuse ports that are still "busy" [David Vrabel]
  • 2f287a7: x86/boot: check for not allowed sections before linking [Daniel Kiper]
  • f089991: x86/vPMU: document as unsupported [Jan Beulich]
  • f70eaf9: VMX: fix/adjust trap injection [Jan Beulich]
  • 52f7217: sched: fix locking for insert_vcpu() in credit1 and RTDS [Dario Faggioli]
  • 6e2cca2: x86/HVM: don't inject #DB with error code [Jan Beulich]
  • 1b6738a: x86/vmx: improvements to vmentry failure handling [Andrew Cooper]
  • ee4d573: x86/PoD: Make p2m_pod_empty_cache() restartable [Andrew Cooper]
  • dff1010: x86/NUMA: fix SRAT table processor entry parsing and consumption [Jan Beulich]
  • cc28516: x86: hide MWAITX from PV domains [Jan Beulich]
  • 1db34a4: VT-d: don't suppress invalidation address write when it is zero [Jan Beulich]
  • 8fc45c1: memory: fix XSA-158 fix [Jan Beulich]
  • 5202998: QEMU_TAG update [Ian Jackson]
  • 62dc4c1: libxl: Fix bootloader-related virtual memory leak on pv build failure [Ian Jackson]
  • 2432628: memory: fix XENMEM_exchange error handling [Jan Beulich]
  • dcbb31d: memory: split and tighten maximum order permitted in memops [Jan Beulich]
  • 602506b: Config: Switch to unified qemu trees. [Ian Campbell]
  • 26b09fa: x86/HVM: always intercept #AC and #DB [Jan Beulich]
  • 73b70e3: libxl: adjust PoD target by memory fudge, too [Ian Jackson]
  • 0613780: x86: rate-limit logging in do_xen{oprof,pmu}_op() [Jan Beulich]
  • 76782e0: xenoprof: free domain's vcpu array [Jan Beulich]
  • 3638ff0: x86/PoD: Eager sweep for zeroed pages [Andrew Cooper]
  • 63c4744: free domain's vcpu array [Jan Beulich]
  • 477bc9b: xen: common: Use unbounded array for symbols_offset. [Ian Campbell]
  • a6646a5: x86: guard against undue super page PTE creation [Jan Beulich]
  • d889704: arm: handle races between relinquish_memory and free_domheap_pages [Ian Campbell]
  • e6e24d7: arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP. [Ian Campbell]
  • 16486fc: arm: Support hypercall_create_continuation for multicall [Julien Grall]
  • e321898: docs: xl.cfg: permissive option is not PV only. [Ian Campbell]
  • de3e45c: tools: libxl: allow permissive qemu-upstream pci passthrough. [Ian Campbell]
  • 7b161be: tools/console: xenconsole tolerate tty errors [Ian Jackson]
  • 5c94f96: x86/p2m-pt: correct condition of IOMMU mapping updates [Jan Beulich]
  • 5967073: credit1: fix tickling when it happens from a remote pCPU [Dario Faggioli]
  • 03f29a8: x86/p2m-pt: ignore pt-share flag for shadow mode guests [Jan Beulich]
  • 7d17ce9: x86/p2m-pt: delay freeing of intermediate page tables [Jan Beulich]
  • 2327dad: vt-d: fix IM bit mask and unmask of Fault Event Control Register [Quan Xu]
  • 964150b: xen/xsm: Make p->policyvers be a local variable (ver) to shut up GCC 5.1.1 warnings. [Konrad Rzeszutek Wilk]
  • ef632a2: x86/sysctl: don't clobber memory if NCAPINTS > ARRAY_SIZE(pi->hw_cap) [Andrew Cooper]
  • 55d6263: x86/MSI: fail if no hardware support [Jan Beulich]
  • c4af95f: x86/p2m: fix mismatched unlock [Jan Beulich]
  • fbb3881: x86/hvm: fix saved pmtimer and hpet values [Kouya Shimura]
  • 4d99a76: libxl: handle read-only drives with qemu-xen [Stefano Stabellini]
  • fe66a76: libxl: Increase device model startup timeout to 1min. [Anthony PERARD]
  • 213e243: xl: correct handling of extra_config in main_cpupoolcreate [Wei Liu]
  • 515d2e3: QEMU_TAG update [Ian Jackson]
  • dbded55: x86/NUMA: make init_node_heap() respect Xen heap limit [Jan Beulich]
  • e554ae4: mm: populate_physmap: validate correctly the gfn for direct mapped domain [Julien Grall]
  • e19042f: x86/mm: Make {hap, shadow}_teardown() preemptible [Anshul Makkar]
  • cfb5d20: x86/NUMA: don't account hotplug regions [Jan Beulich]
  • 8bea719: x86/NUMA: fix setup_node() [Jan Beulich]
  • 181ebad: IOMMU: skip domains without page tables when dumping [Jan Beulich]
  • 9a00f96: x86/IO-APIC: don't create pIRQ mapping from masked RTE [Jan Beulich]
  • 6657f1b: x86, amd_ucode: skip microcode updates for final levels [Aravind Gopalakrishnan]
  • 23c1322: x86/gdt: Drop write-only, xalloc()'d array from set_gdt() [Andrew Cooper]
  • ff9758b: Config.mk: update in-tree OVMF changeset [Wei Liu]
  • 339f574: xen/arm: mm: Do not dump the p2m when mapping a foreign gfn [Julien Grall]
  • 5b6f360: update Xen version to 4.4.4-pre [Jan Beulich]

In addition, this release also contains the following fixes to qemu-traditional:

  • 2bbe494: MSI-X: avoid array overrun upon MSI-X table writes [Jan Beulich]
  • c51f20b: blkif: Avoid double access to src->nr_segments [Stefano Stabellini]
  • bc468fe: xenfb: avoid reading twice the same fields from the shared page [Stefano Stabellini]
  • 6425f5d: net: pcnet: add check to validate receive data size(CVE-2015-7504) [Ian Jackson]
  • 5ae0569: vnc: limit client_cut_text msg payload size [Peter Lieven]

This release also contains changes to qemu-upstream, whose changelogs we do not list here as it contains many changes that are not directly releated to the Xen Project Hypervisor and thus this release. However, you can check http://xenbits.xen.org/gitweb/?p=qemu-xen.git;a=shortlog (between tags qemu-xen-4.4.3 and qemu-xen-4.4.4).

The fixes listed above also include security fixes for XSA-141 to XSA-142, XSA-145 to XSA 153, partial fixes to XSA-155 (please check XSA-155 for all patches), and XSA-156 to XSA-169. Note that XSA-143, XSA-144 and XSA-154 refer to unused XSA numbers or XSA numbers that may be pre-disclosed in future. Also note that XSA-162 has only been applied to qemu-traditional, but has not yet been applied to qemu-upstream.

We recommend all users of the 4.4 stable series to update to this latest point release.


Created Date Thursday, 28 January 2016
Modified Date Friday, 07 April 2017

Xen Project Hypervisor 4.4.4

Created Date Thursday, 28 January 2016
Modified Date Friday, 07 April 2017

Xen Project Hypervisor 4.4.4 Signature