Xen Project ships version 4.15 with Focus on Broader Accessibility, Performance, and Security

April 13, 2021 Off By David

The Xen Project, an open source hypervisor hosted at the Linux Foundation, announced the release of Xen Project Hypervisor 4.15, which introduces a variety of features allowing for improved performance, security and device pass-through reliability. The Xen Project community continues to be active and engaged, with a wide range of developers from many companies and organizations contributing to this latest release. Additionally, community-wide initiatives, including Functional Safety, VirtIO for Xen and Xen RISC-V port, continue to make valuable progress.

“Xen Project continues to be a mature, open source hypervisor well suited for enterprise use cases that require security and high levels of performance. In addition to the incredible work that went into this release, I’m also pleased with the multiple community initiatives the Xen Project continues to drive forward and contribute to.”

Notable Features

  • Arm now allows running device models in dom0 (tech preview), allowing arbitrary devices to be emulated for Arm guests. Arm also now has SMMUv3 support (also tech preview), which will improve security and reliability of device pass-through on Arm systems.
  • Xen can now export Intel Processor Trace (IPT) data from guests to tools in dom0, enabling tools like VMI Kernel Fuzzer for Xen Project or DRAKVUF Sandbox.
  • Xen now supports Viridian enlightenments for guests with more than 64 vcpus.
  • Xenstored and oxenstored both now support LiveUpdate (tech preview), allowing security fixes to be applied without having to restart the entire host.
  • “PV Shim” mode, for supporting legacy PV guests on HVM-only systems, continues to be improved; its size was reduced by further factoring out HVM-specific code. This will also help reduce the size and security of any PV-only build of the hypervisor.
  • Unified boot images: It is now possible to create an image bundling together files needed for Xen to boot into a single EFI binary; making it now possible to boot a functional Xen system directly from the EFI boot manager, rather than having to go through grub multiboot. Files that can be bundled include a hypervisor, dom0 kernel, dom0 initrd, Xen KConfig, XSM configuration, and a device tree.

Community Initiative Updates

Functional Safety Update

Progress continues to be made within the Functional Safety SIG. Specifications are becoming more concrete and the group is working with other communities to establish standards. Additionally, Xen is working with other projects to converge best practices across communities.

Updates include:

  • Progress on MISRA-C rules tailored for Xen in collaboration with Zephyr. MISRA-C is a set of coding guidelines for the language for safety. The SIG now has a shortlist of MISRA-C rules that apply to our project and we are currently evaluating static analyzers for each of them.
  • Progress on tracking and maintaining safety requirements including collaboration with Zephyr to build a Doxygen-based infrastructure that generates safety requirements documents from in-code comments and text files. It will allow proper maintenance of safety-related artifacts next to the code under git and keep them up to date easily in the community.

Additionally, the Xen Project will be presenting, “Safety certification in the open: How the Xen project is making progress to achieve certification,” at Embedded IoT World on April 28 at 3:00 pm PT.

VirtIO drivers for Xen:

Progress includes:

  • Developed IOREQ server in Xen on Arm for further enablement of VirtIO protocols as a generic and standardized solution for I/O virtualization.
  • Reference implementation of VirtIO block device for Xen on Arm – collaboration between Arm, EPAM and Linaro’s project STRATOS.
  • Moving towards enabling PCIe virtualization support for Xen on Arm – collaboration between Xilinx, Arm, EPAM and Renesas.
  • Ability to expose a VirtIO block device to a Xen on Arm guest.

“Hyperlaunch”

“Dom0less” pioneered the ability to configure Xen to launch a static set of virtual machines by Xen at boot time.  But configuration for these domains was very basic, and focused on embedded use cases.  “Hyperlaunch” is a new initiative that intends to make this configuration far more flexible by generalizing it and introducing a “boot domain” (domB).  Draft design documents have been posted, and a working group has been formed to form a plan to complete iron out the details.

RISC-V Port:

RISC-V, an open standard instruction set architecture (ISA) based on established reduced instruction set computer (RISC) principles, is a free and open ISA enabling hardware designers to design simpler chips with a royalty-free ISA. The Xen community, led by sub-project XCP.ng, is working on a RISC-V Port for Xen.

Progress includes:

  • Development of host and guest virtual memory management code, one of the key components necessary for supporting guest virtualization.
  • Development of the internal architecture-specific code to conform to Xen common APIs.

Community Quotes

AMD

“With the 4.15 release, The Xen Project Hypervisor builds on long history of innovative open-source engineering. Xen support is an important part of the AMD EPYC processor software ecosystem. With support for the 3rd Gen AMD EPYC processors, Xen users can access the latest innovations in performance and scalability. We congratulate the Xen Project on their continued progress.” – Robert Gomer, Director, Global Software Alliances, AMD

Citrix

“The Xen project sits at the core of Citrix Hypervisor, and 4.15 will offer us the ability to continue to support modern processor architectures and deliver improved performance and stability to our customers,” said  Ben Chalmers, Manager 2, Engineering at Citrix.

EPAM

“The Xen Project continues to make great progress in areas of documentation systematization, implementation of defensive programming guidelines, such as MISRA, and support of VirtIO on Arm as a standardized I/O virtualization framework,” said Alex Agizim, CTO, Automotive & Embedded, EPAM Systems. “Leveraging the open source Xen-based framework, EPAM’s automotive team is helping design safety-focused solutions for our clients. Further, as one of the leaders in Xen’s FuSa SiG, we’re excited to see what the future brings, as vehicles become more seamlessly integrated with the connected services ecosystem.”

SUSE

“Our collaboration in the Xen hypervisor community project continues to deliver a featureful and reliable base for our products, said Claudio Fontana, Engineering Manager Virtualization, SUSE Labs Core. “With this new release we are happy to see new Enterprise features becoming available, like the Xenstore Live Update we spearheaded, which is another step in addressing single points of failure in host maintenance, but we also recognize the excellent constant, meticulous work of the community to increase code quality, and thus prepare for exciting and sustainable feature development in the future.”

Vates

“As an Open Source company using Xen at the core of its products, Vates is really happy to see this new release available. Our increasing collaboration with the Xen Project through XCP-ng and Xen Orchestra is bringing new exciting initiatives including Xen port to RISC-V and VirtIO drivers for Xen, but also sharing benefits now of an improved code base on a mature platform that we can trust in terms of security and stability,” said Olivier Lambert, co-founder and Vates CEO

Adds Charles Schulz, Chief Strategy Officer at Vates, “Xen is ideally suited for the broadest range of use cases. It provides performance, security, isolation and portability to datacenters, embedded and edge-of-the-network workloads alike. As such it is the ideal virtualization stack for hybrid cloud, cybersecurity and edge use case. Vates is committed to a long-term contribution and support of the Xen Project and looks forward to its growth and renewed adoption across the ecosystem.”

Xilinx

Xilinx continues to believe that the Xen Project is a key component of our long-term strategy in the Automotive market segment. With Xilinx’s leadership on the Xen Project Functional Safety Special Interest Group, Xen Project is addressing key areas of concern for functional safety customers. The Xen FuSa SIG has identified the MISRA-C rules that apply to the Xen Project as well as best practices for performing static analysis of relevant violations. There is also progress on automated generation of documentation safety artifacts and cross-linking into the Xen Project codebase. These enhancements will make customers with functional safety requirements more productive and allow them to bring their solutions to market sooner.