The Xen project has released another upgrade to its open source hypervisor.
Development of this new cut – version 4.15 – proved a little trickier than expected, with initial plans for three release candidates and a March 23rd release stretching to five release candidates and release today, April 8th.
Was it worth the wait? Xen’s feature list highlights the new ability to export Intel Processor Trace data from guests to tools in dom0, which means tools like Intel’s kernel fuzzer have more to work with and thus a better chance of spotting code nasties.
Packaging has been improved too, with the inclusion of unified boot images that allows creation of an image bundling together files needed for Xen to boot into a single EFI binary. This change makes it possible to boot a functional Xen system directly from the EFI boot manager, rather than having to grub about with grub. Xen tells us the packages can include “a hypervisor, dom0 kernel, dom0 initrd, Xen KConfig, XSM configuration, and a device tree.”
Speaking of devices, the new release includes a new tech preview that allows the Arm version of the code to run device models in dom0, as it allows arbitrary devices to be emulated for Arm guests. Doing so takes device emulation out of user space and into the more privileged space of dom0.
To secure such emulation, support for Arm’s SMMUv3 register interfaces have been added, also as a tech preview.
Xen is also pleased that “PV Shim” mode, a tool for supporting legacy paravirtualized guests on hardware virtual machine-only systems, “continues to be improved” in this new release by “further factoring out HVM-specific code” in ways that “reduce the size and security of any PV-only build of the hypervisor.”
Xen Project officially ports its hypervisor to Raspberry Pi 4
Coming up – Xen on RISC-V and other plans
The Xen Project has also offered a progress report on some new efforts. One that caught The Register’s eye is called “Hyperlaunch”.
“’Dom0less’ pioneered the ability to configure Xen to launch a static set of virtual machines by Xen at boot time,” stated Xen’s announcement. “But configuration for these domains was very basic, and focused on embedded use cases. ‘Hyperlaunch’ is a new initiative that intends to make this configuration far more flexible by generalizing it and introducing a ‘boot domain’ (domB).”
Hyperlaunch is at an early stage, but a working group has been convened to turn draft design documents into a proper plan.
There’s also news of efforts to port Xen to RISC-V, an effort being led by the backers of the XCP-NG project that recreated Citrix’s Xen Server in open source. That team has already worked on host and guest virtual memory management code, plus “internal architecture-specific code to conform to Xen common APIs.”
No timeframe for Xen-on-Risc-V’s arrival has been offered.
The Project also writes that it is “Moving towards enabling PCIe virtualization support for Xen on Arm,” thanks to collaboration between Xilinx, Arm, EPAM and Renesas.