The Xen Project, an open source hypervisor hosted at the Linux Foundation, announced the release of Xen Project Hypervisor 4.18 with architecture enhancements for High Performance Computing (HPC) and Machine Learning (ML) applications, as well as higher security and performance features. As always, a loyal and very active Xen Project community with developers from many organizations and many parts of the world contributed to this release.

"This version provides new enterprise security and high-performance features, but also prepares architectures for HPC and AI/ML applications, which require very large quantities of data processing," said Kelly Choi, community manager, Xen Project. "We would like to thank the industry leaders and innovators who contributed to the release."

Notable Features

• Arm
  • The Scalable Vector Extension (SVE) is now merged in upstream Xen as a tech preview.
  • The Arm® Firmware Framework for Arm A-profile (FF-A) framework support is now merged in upstream Xen as a tech preview.
  • The memory subsystem in Xen on Arm64 is now more compliant with the Arm architecture.
• x86
  • On all Intel systems, MSR_ARCH_CAPS is now visible in guests, and controllable from the VM's config file. For CPUs from 2019 onwards, this allows guest kernels to see details about hardware fixes for speculative mitigations.
  • Support for features new in 4^th Gen AMD EPYC Processors:
    • CPUID_USER_DIS (CPUID Faulting) used by Xen to control PV guest's view of CPUID data
  • Support for features new in Intel Sapphire Rapids CPUs:
    • PKS (Protection Key Supervisor) available to HVM/PVH guests
    • VM-Notify used by Xen to mitigate certain micro-architectural pipeline livelocks, instead of crashing the entire server
    • Bus-lock detection, used by Xen to mitigate (by rate-limiting) the systemwide impact of a guest misusing atomic instructions
  • Support for features new in Intel Granite Rapids CPUs:
    • AVX512-FP16
  • Add Intel Hardware P-States (HWP) cpufreq driver
  • Support for enforcing system-wide operation in Data Operand Independent Timing Mode
• RISC-V and PowerPC
  • Upstream Xen GitLab CI has been set up with full Xen build and a message printed from Xen early printk
• Security
  • 20 XSAs has been published, enhancing the security of the project to keep it safe from common vulnerabilities
• MISRA-C
  • The project has officially adopted more MISRA-C rules, from four directives and 24 rules in 4.17 to 6 directives and 65 rules of MISRA-C

Other Improvements

• xl/libxl can customize SMBIOS strings for HVM guests
• On Arm, experimental support for dynamic addition/removal of Xen device tree nodes using a device tree overlay binary (.dtbo)
• Introduced two new hypercalls to map the vCPU runstate and time areas by physical rather than linear/virtual addresses

Open Community Initiative Updates

• On Arm, the upstream MPU (memory protection unit) support and PCI-passthrough work is ongoing, including some refactoring and improvements of the existing code. Support for both will be included in the next few releases.
• On RISC-V, some refactoring and improvements of the existing code have been done. BUG/WARN macros, temporary printk, and decode_cause() functions to print the reason for a trap have been introduced. In the next few releases, identity mapping, full Xen build, and trap handling will be introduced.
• On PowerPC, initial support for the ppc64le architecture was added to Xen, specifically targeting Power ISA 3.0B and later. As of 4.18, an early-stage Xen image can be built that boots on bare metal PowerNV systems. Current ongoing work focuses on handling printing to the OPAL serial console, as well as some basic Radix MMU page table initialization.

Community Quotes

"AMD looks forward to embracing the further improvements in this latest version of the Xen hypervisor," said Kris Chaplin, senior manager, Technical Marketing, AMD. "Further MISRA-C rules and developments in dom0less configurations, along with progress on real-time systems help path the way to a future in safety certified environments and enhance the benefits of Xen for our communities, partners and customers."

"Our ongoing collaboration with the Xen Project is an important aspect of Arm's commitment to the open source software community, including the addition of the Xen Hypervisor in the SOAFEE open source reference implementation," said Andrew Wafaa, fellow and senior director of software communities, Arm. "Xen 4.18 delivers significant enhancements for our extensive developer ecosystem, including the introduction of Arm Firmware Framework for Arm A-profile (FF-A) support, which will enhance security by adding capacity to communicate with more Trusted Execution Environments (TEE) from any Xen guests, and the adoption of more than 60 MISRA rules, illustrating the project's commitment to enabling safety-critical automotive applications in future automotive and industrial use cases."

"The consulting work on MISRA-C compliance we are doing with the Xen community is very promising," stated Abramo Bagnara, CTO at BUGSENG. "As part of our work, we discuss the MISRA coding guidelines and their violations. Applying MISRA-C in an open environment that values code quality above all, which is 100 percent in line with the MISRA philosophy, takes time and effort, but it is an invaluable contribution to Xen and other open-source projects for safety-critical applications."

"EPAM continues to invest in the development of the Xen hypervisor for safety applications in mixed-criticality systems. The 4.18 release marks a decade since we first presented a concept of the Xen hypervisor in the automotive domain at the Xen Developer Summit 2013. Today, Xen continues to be the best option for embedded virtualization platforms," said Alex Agizim, CTO of Automotive & Embedded Systems at EPAM Systems, Inc. "Xen paves the way for generic FOSS, like the Linux kernel, to be safely used in complex automotive, aerospace, and industrial systems alongside mission-critical domains, with faster time-to-market and lower overall development costs."

"The various security improvements, especially around MISRA-C, are helping Xen deliver the secure virtualization technology that the industry needs today," commented Olivier Lambert, CEO of Vates. "This release does not stop there as it continues moving forward with better support of the Arm and RISC-V architectures, two innovative platforms that will become more and more significant in the coming years."

"XenServer is a cost-effective enterprise-grade hypervisor used for both desktop and server virtualization workloads. XenServer inherits its security and performance from the Xen Project hypervisor," said Jacus de Beer, general manager, XenServer BU, Cloud Software Group. "XenServer is looking forward to integrating some of the new x86 features introduced in 4.18 in its upcoming product releases."