New version includes adoption of MISRA-C rules, static allocation and at-boot partitioning, with improved device throughput
SAN FRANCISCO – December 14, 2022 –The Xen Project, an open source hypervisor hosted at the Linux Foundation, today announced the release of Xen Project Hypervisor 4.17, which introduces a variety of features allowing for safety certification, static partitioning of embedded devices, increased performance, enhanced security and improved device pass-through reliability. Thanks to the active Xen Project community, a wide range of developers from many companies and organizations contributed to this latest release.
“We are pleased to see the Xen Project community behind this proven open source hypervisor, making it the ideal choice for enterprise use cases that require advanced security features and high levels of performance,” said George Dunlap, chairman of the Xen Project Advisory Board. “We will continue to expand the community initiatives the Xen Project leads and contributes to, as we work together with industry leaders and innovators.”
MISRA-C integration: The project has officially adopted four directives and 24 rules, added MISRA-C checker build integration, and defined how to document deviations. A number of MISRA-C violations have been fixed.
Static configuration options for ARM: In many embedded environments, we know ahead of time exactly what resources all guests will need at boot time. In constrained resource environments, allocation on use increases the possibility that the allocation will fail at runtime. With static configuration, resources are allocated statically when the hypervisor boots, removing the possibility of runtime failure. Resources which can be statically configured as of 4.17 include event channels, shared memory, and hypervisor heap.
ARM: Add “tech preview” implementation for VirtIO. Xen now includes full support for VirtIO on embedded systems, on ARM, for the virtio-mmio transport, allowing a wide range of VirtIO devices to be supported. This includes front-end support in Linux, toolstack (libxl/xl) and dom0less support, and a userspace backend. Currently, the following stand-alone backends are available and have been tested: virtio-disk, virtio-net, i2c, and gpio.
dom0less / Hyperlaunch: cpupools can be specified at boot using device tree. This allows the use of cpupools in dom0less / Hyperlaunch -style configurations; in particular, it makes it possible to assign different types of CPUs of an ARM big.LITTLE system to different cpupools at boot time.
dom0less / Hyperlaunch: PV frontend / backend connections can now be specified between guests, allowing statically booted guests with PV devices
On ARM, p2m structures are now allocated out of a pool of memory set aside at domain creation; this provides better isolation between guests against memory resource failures
ARM: Mitigations against Spectre-BHB
x86: IOMMU superpage support for all guest types; improving performance of PCI pass-through
x86: Security support hosts with up to 12 TiB of RAM
x86: Can now set cpuid parameters for dom0 at boot time
x86: mwait-idle support: Added SPR and ADL
x86: Improved speculative mitigation support, including VIRT_SSBD and MSR_SPEC_CTRL features to help guests know what speculative mitigations they don’t need to be done (due to mitigations on the hypervisor side), and to control what kind of speculative mitigations the hypervisor performs on their behalf
Out-of-tree builds for the hypervisor now supported
ARM: Since addition of Zephyr RTOS guests support (Xen 4.15, Zephyr 3.1.0), work has been done on making it possible to run Zephyr in dom0 improving boot time, stability and paving the way for future safety certification for Xen-based systems
Community Initiative Updates
VirtIO: VirtIO-Grant is VirtIO drivers using grant operations. In contrast to VirtIO-MMIO, which does direct map, virtio-grant is safer and also supports driver domains. VirtIO-Grant support has been implemented and upstreamed in Linux at the transport level. There are patches to enable it in QEMU backends and in virtio-vhost, but these have not yet been upstreamed, nor is there toolstack support (libxl / xl) yet. Both x86 and ARM will be included in the next few releases.
Hyperlaunch The vision for Hyperlaunch is to enable complete, flexible configuration of a system of running VMs at boot time, suitable for “measured launch.” The first batch of functionality has been implemented, and patches sent to the list; this enables multiple PV domains to be specified, with their images handed to the hypervisor at boot. Everything necessary for these domains to come up, including the Xenstore entries required for PV devices to function, is implemented. Once the patch is upstreamed, we will be adding support for PVH devices and HVM devices for a pure “static configuration” mode (where no new domains can be created after boot), along with support for a “domB” builder domain, capable of setting up arbitrary domain configurations in a fashion suitable for measured boot.
AMD / Xilinx
“AMD looks forward to embracing the further improvements found in the latest release of the Xen hypervisor,” said Kris Chaplin, senior technical marketing manager, AMD. “The MISRA C compliance rules-checking and enhanced support of dom0less configurations in this release help pave the way to a future in safety certified environments and will further the appeal of Xen to our communities, partners, and customers.”
“XenServer (formerly Citrix Hypervisor) is a cost-effective enterprise grade hypervisor used for both Desktop- and Server Virtualization workloads. XenServer inherits its security and performance from the Xen Project hypervisor with the 4.17 release providing increased security and performance for key workloads,” stated Jacus de Beer, general manager, XenServer BU, Cloud Software Group.
“Support of VirtIO on ARM as a standardized I/O virtualization framework and placing a thin Zephyr RTOS in the control domain are important to build portable and safety-compliant computer systems in automotive,” said Alex Agizim, CTO, Automotive & Embedded, EPAM Systems.
“The various security and hardening improvements, as well as the renewed focus on the ARM and RISC V ports are a great step in the right direction and show that the Xen Project continues to innovate much beyond its traditional use cases. We see this as a great potential for future innovation,” added Olivier Lambert, CEO of Vates.
Star Lab Software
“It was critical for Star Lab to support the development of the hyperlaunch capability for Xen.” said Adam Fraser, COO at Star Lab Corp. “We believe this will kickstart more development and help the community reduce the attack surface of Xen, a technology relied on by organizations around world.”
About the Xen Project
Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A project at the Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industries and open source community leaders among its members, including Amazon Web Services, Arm, Bitdefender, Citrix, EPAM Systems, and AMD / Xilinx. For more information about the Xen Project software and to participate, please visit XenProject.org.
AMD, the AMD logo, EPYC, and combinations thereof are trademarks of Advanced Micro Devices, Inc.
Intel, the Intel logo and Xeon are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.
About Linux Foundation Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.
The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.