Xen Project Version 4.17 Released with Enhanced Security and Performance

The Linux Foundation-hosted Xen Project, an open source hypervisor, has released Xen Project Hypervisor 4.17, which adds a number of features enabling safety certification, static partitioning of embedded devices, improved device pass-through reliability, increased performance, and enhanced security. This most recent version was made possible by the vibrant Xen Project community, which included developers from a wide spectrum of businesses and organizations.

George Dunlap, chairman of the Xen Project Advisory Board
“The Xen Project is the ideal choice for enterprise use cases that require advanced security features and high levels of performance,” said George Dunlap, chairman of the Xen Project Advisory Board.

“We are pleased to see the Xen Project community behind this proven open source hypervisor, making it the ideal choice for enterprise use cases that require advanced security features and high levels of performance,” said George Dunlap, chairman of the Xen Project Advisory Board. “We will continue to expand the community initiatives the Xen Project leads and contributes to, as we work together with industry leaders and innovators.”

Xen Project is a popular open-source virtualization platform that allows multiple operating systems (called ‘guests’) to run on a single physical server (called the ‘host’). Some benefits of using Xen Project on a dedicated server would include the following:

Improved resource utilization – By running multiple guests on a single host, you can better utilize the resources of the server, potentially reducing the number of physical servers you need to purchase.

Increased flexibility – Xen Project allows you to easily create, configure, and manage virtual machines, which can be useful for testing new software or creating development environments.

Improved security – Each guest operating system runs in its own isolated environment, which can help to reduce the risk of security breaches or malware infections.

Enhanced performance – Xen Project uses hardware-assisted virtualization to provide near-native performance for guest operating systems, so you can run resource-intensive applications without any loss of performance.

Ease of use – Xen Project includes a user-friendly interface that makes it easy to create, configure, and manage virtual machines.

Notable features in the latest release of Xen Project Hypervisor would include the following:

  • MISRA-C integration – The project has introduced MISRA-C checker build integration, established how to record deviations, and formally approved four directives and 24 rules. Numerous MISRA-C infractions have been corrected.
  • Static configuration options for ARM – In many embedded contexts, we are aware in advance of the precise resources that each guest will require upon booting. Allocation on usage increases the likelihood that the allocation may fail at runtime in resource-constrained scenarios. Static setup eliminates the potential of runtime failure by allocating resources statically when the hypervisor As of 4.17, resources like event channels, shared memory, and hypervisor heap may all be specified statically.
  • ARM – Add ‘tech preview’ implementation for VirtIO. The latest version of Xen would include full support for VirtIO on embedded systems, on ARM, for the virtio-mmio transport, allowing a wide range of VirtIO devices to be supported. This would include front-end support in Linux, toolstack (libxl/xl) and dom0less support, and a userspace backend. Currently, the following stand-alone backends are available and have been tested: virtio-disk, virtio-net, i2c, and gpio.
  • dom0less / Hyperlaunch – cpupools can be specified at boot using device tree. This would allow the use of cpupools in dom0less / Hyperlaunch -style configurations; in particular, it makes it possible to assign different types of CPUs of an ARM big.LITTLE system to different cpupools at boot time.
  • dom0less / Hyperlaunch – PV frontend / backend connections can now be specified between guests, allowing statically booted guests with PV devices.
  • On ARM, p2m structures are now allocated out of a pool of memory set aside at domain creation; this provides better isolation between guests against memory resource failures.
  • ARM – Mitigations against Spectre-BHB.
  • x86 – IOMMU superpage support for all guest types; improving performance of PCI pass-through.
  • x86 – Security support hosts with up to 12 TiB of RAM
  • x86 – Can now set cpuid parameters for dom0 at boot time
  • x86 – mwait-idle support: Added SPR and ADL.
  • x86 – Improved speculative mitigation support, including VIRT SSBD and MSR SPEC CTRL features to assist guests in understanding which speculative mitigations they do not need to perform (as a result of mitigations on the hypervisor side) and to control the types of speculative mitigations the hypervisor undertakes on their behalf.
  • Out-of-tree builds for the hypervisor now supported.
  • ARM – Since addition of Zephyr RTOS guests support (Xen 4.15, Zephyr 3.1.0), work has been done on making it possible to run Zephyr in dom0 improving boot time, stability and paving the way for future safety certification for Xen-based systems

Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. The Project has been in development for more than ten years and is being used by more than ten million people. It was created from the ground up for cloud computing.

The Xen Project community, a Linux Foundation project, is committed to advancing virtualization in a variety of commercial and open source applications, including server virtualization, desktop virtualization, security applications, embedded and hardware appliances, and Infrastructure as a Service (IaaS). Its members span a wide range of sectors and the open source community, including AMD/Xilinx, Citrix, EPAM Systems, Arm, Amazon Web Services (AWS), and Bitdefender.

“AMD looks forward to embracing the further improvements found in the latest release of the Xen hypervisor,” said Kris Chaplin, Senior Technical Marketing Manager at AMD. “The MISRA C compliance rules-checking and enhanced support of dom0less configurations in this release help pave the way to a future in safety certified environments and will further the appeal of Xen to our communities, partners, and customers.”

“XenServer (formerly Citrix Hypervisor) is a cost-effective enterprise grade hypervisor used for both Desktop- and Server Virtualization workloads,” said Jacus de Beer, General Manager, XenServer BU, Cloud Software Group, Citrix. “XenServer inherits its security and performance from the Xen Project hypervisor with the 4.17 release providing increased security and performance for key workloads.”