What’s New with Xen Project Hypervisor 4.8?

I’m pleased to announce the release of the Xen Project Hypervisor 4.8. As always, we focused on improving code quality, security hardening as well as enabling new features. One area of interest and particular focus is new feature support for ARM servers. Over the last few months, we’ve seen a surge of patches from various ARM vendors that have collaborated on a wide range of updates from new drivers to architecture to security.

We are also pleased to announce that Julien Grall will be the next release manager for Xen Project Hypervisor 4.9. Julien has been an active developer for the past few years, making significant code contributions to advance Xen on ARM. He is a software virtualization engineer at ARM and co-maintainer of Xen on ARM with Stefano Stabellini.

This release also marks the start of our first 6-month release cycle. Despite the shorter timeframe and putting more thorough security processes in place, we have maintained development momentum for Xen Project Hypervisor.

We’ve also worked with the Debian community to bring Xen Project Hypervisor 4.8 to the upcoming release (codename “Stretch”).

Here are the categories with updates to highlight in 4.8

  • Hypervisor General
  • Hypervisor x86
  • Hypervisor ARM
  • Toolstack
  • Xen Project Test Lab
  • Misc.

Hypervisor General

  • Credit2 scheduler is now supported: Compared to the default Credit scheduler, the Credit2 scheduler is more scalable and better at supporting latency sensitive workloads such as VDI, video and sound delivery, as well as unikernel applications. Credit2 is still based on a general purpose, weighted fair share, scheduling algorithm unlike some of the more specialized Xen Project schedulers such as RTDS and ARINC653.
  • Domain creation time optimisation: An optimisation to TLB flush is introduced to greatly reduce the number of flushes needed during domain creation. This has lead to the reduction of domain creation time for very large domains (with hundreds of gigabytes of RAM) from a few minutes to tens of seconds.
  • XSM policy is refactored and cleaned up: XSM policy files are refactored and cleaned up so that they are better organised and easier to understand. If configured, we can also now attach the in-tree default policy to Xen binary, so there is no need to load the default policy via boot loader.
  • Live Patching hook support: Live Patching is now able to look for the “hooks” section in the payload and execute code from there. This update gives the patch author more control in modifying data and code.

Hypervisor x86

  • CPUID faulting emulation: This makes CPUID fault in HVM userspace program without hardware support.
  • PVCLOCK_TSC_STABLE_BIT support: This greatly improves user space performance for time related syscalls.
  • Intel AVX-512 instructions support: These instructions offer higher performance for the most demanding computational tasks. They represent a significant leap to 512-bit SIMD support. This enables processing of twice the number of data elements that AVX/AVX2 can process with a single instruction and four times that of SSE.
  • PVH v2 DomU ABI is stabilised: The DomU guest ABI for PVH v2, without PCI passthrough support, is stabilised. Guest operating system developers can start porting OSes to this mode, which is simpler and gives them all the goodies that hardware and software provide.

Hypervisor ARM

  • Xen Project 4.8 ARM DomU ACPI support is now able to build ARM64 guests with ACPI support, such as Red Hat Enterprise Linux Server for ARM Development Preview (available via Partner Early Access Program). It can also run unmodified Xen on ARM.
  • Alternative patching support: This enables the hypervisor to apply workarounds for erratas affecting the processor and to apply optimizations specific to a CPU.
  • Live Patching initial support: Live Patching now supports both ARM32 and ARM64 platforms.
  • Support for Xilinx® Zynq® UltraScale+™ MPSoC: Xen Project Hypervisor 4.8 comes with support for the Xilinx Zynq UltraScale+ MPSoC making it much easier for Xilinx customers to integrate Xen into their solution.

Toolstack

  • Split out and re-license libacpi: The code inside hvmloader to construct guest ACPI tables is split out as a separate library libacpi, which is now shared across x86 and ARM. The code is re-licensed from GPL to LGPL.
  • HVM USB passthrough: It is now possible to passthrough USB devices to HVM guests with the help of QEMU.
  • Load BIOS via libxl: It is now possible to provide arbitrary BIOS binary to the guest making it easier to integrate and test Xen.
  • Libxl device handling framework: The device handling code inside libxl is reworked so that it is more extensible and easier to maintain.

Xen Project Test Lab

  • XTF is integrated into OSSTest: XTF is a micro-VM based test framework. It is now integrated into OSSTest and gates pushing patches to all supported Xen branches. This would help the project identify functional and security regressions more easily and quickly.

Misc.

  • Mini-OS ported to PVH v2: With the stabilization of PVH v2 DomU ABI, we are now confident to port mini-os to that mode. This would serve as an example to port guest OSes to PVH v2, as well as a foundation to more interesting micro-VM based work like building stub domains. The latter (stub domains) is a differentiator to other hypervisors, and could greatly enhance the security and scalability of Xen Project Hypervisor.
  • Mini-OS now supports ballooning up: Ideally, a service domain would need to dynamically adjust the memory it consumes, either voluntarily or via obeying command from hypervisor. This is an important feature to make Mini-OS based service domains more flexible in terms of memory consumption, which is one step towards that goal. Support for ballooning down Mini-OS is under development.

Summary

Despite the shorter release cycle, the community developed several major features, and found and fixed many more bugs. It is also rather impressive to see multiple vendors collaborate on the Xen Project Hypervisor to drive multiple projects forward. Major contributions for this release come from ARM, BitDefender, Bosch, Citrix, Freescale, Intel, Linaro, Oracle, Qualcomm, SUSE, Star Lab, the US National Security Agency, Xilinx, Zentific, and a number of universities and individuals.

Over the last year, contributors with strong security and embedded backgrounds have joined the Xen Project allowing us to  continue to focus on performance and flexibility without sacrificing security and reliability. Xen Project Hypervisor continues to move forward thanks to amazing efforts from companies developing products based on the hypervisor, such as XenServer 7 and Bitdefender Hypervisor Introspection, and novel new developments with Live Patching and Virtual Machine Introspection.

In this release, we took a security-first approach and spent a lot of energy to improve code quality and harden security. This inevitably slowed down the acceptance of new features a bit, but not enough to reach meaningful balance between mature security practice and innovation.

On behalf of the Xen Project Hypervisor team, I would like to thank everyone for their contributions (either in the form of patches, bug reports or packaging efforts) to the Xen Project. Please check our acknowledgement page, which recognizes all those who helped make this release happen.

The source can be located in the http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.8 tree (tag RELEASE-4.8.0) or can be downloaded as tarball from our website. More information can be found at

Please Welcome Our New Release Manager

Dear community members,

I’m pleased to announce that Julien Grall <julien.grall@arm.com> will be the Release Manager for the next Xen release.

The appointment was voted by the Committers and the vote passed.

Julien has done excellent jobs in many aspects. He has been an active  developer for the past few years and contributed a lot of code for Xen on ARM. He has been doing a good job in co-maintaining Xen on ARM with Stefano Stabellini. Particularly in 4.8 release, he showed his ability to make balanced decisions and influence other contributors to move various projects forward. He also expressed desire to work with greater Xen community and make bigger impact.

All in all, we believe Julien will do a good job in managing the next release. Thanks Julien for stepping up.

Regards,
Wei Liu (on behalf of the Xen Project Hypervisor team)

What You Need to Know about Recent Xen Project Security Advisories

Today the Xen Project announced eight security advisories: XSA-191 to XSA-198. The bulk of these security advisories were discovered and fixed during the hardening phase of the Xen Project Hypervisor 4.8 release (expected to come out in early December). The Xen Project has implemented a security-first approach when publishing new releases.

In order to increase the security of future releases, members of the Xen Project Security Team and key contributors to the Xen Project, actively search and fix security bugs in code areas where vulnerability were found in past releases. The contributors use techniques such as code inspections, static code analysis, and additional testing using fuzzers such as American Fuzzy Lop. These fixes are then backported to older Xen Project releases with security support and published in bulk to make it easier for downstreams consumers to apply security fixes.

Before we declare a new Xen Project feature as supported, we perform a security assessment (see declare the Credit2 scheduler as supported). In addition, the contributors focused on security have started crafting tests for each vulnerability and integrated them into our automated regression testing system run regularly on all maintained versions of Xen. This ensures that the patch will be applied to every version which is vulnerable, and also ensures that no bug is accidentally reintroduced as development continues to go forward.

The Xen Project’s mature and robust security response process is optimized for cloud environments and downstream Xen Project consumers to maximize fairness, effectiveness and transparency. This includes not publicly discussing any details with security implications during our embargo period. This encourages anyone to report bugs they find to the Xen Project Security team, and allows the Xen Project Security team to assess, respond, and prepare patches, before before public disclosure and broad compromise occurs.

During the embargo period, the Xen Project does not publicly discuss any details with security implications except:

  • when co-opting technical assistance from other parties;
  • when issuing a Xen Project Security Advisory (XSA). This is pre-disclosed to only members on the Xen Project Pre-Disclosure List (see www.xenproject.org/security-policy.html); and
  • when necessary to coordinate with other projects affected

The Xen Project security team will assign and publicly release numbers for vulnerabilities. This is the only information that is shared publicly during the embargo period. See this url for “XSA Advisories, Publicly Released or Pre-Released”: xenbits.xen.org/xsa.

Xen’s latest XSA-191, XSA-192, XSA-193, XSA-194, XSA-195, XSA-196, XSA-197 and XSA-198 Advisory can all be found here:
xenbits.xen.org/xsa

Any Xen-based public cloud is eligible to be on our “pre-disclosure” list. Cloud providers on the list were notified of the vulnerability and provided a patch two weeks before the public announcement in order to make sure they all had time to apply the patch to their servers.

Distributions and other major software vendors of Xen Project software were also given the patch in advance to make sure they had updated packages ready to download as soon as the vulnerability was announced. Private clouds and individuals are urged to apply the patch or update their packages as soon as possible.

All of the above XSAs that affect the hypervisor can be deployed using the Xen Project LivePatching functionality, which enables re-boot free deployment of security patches to minimize disruption and downtime during security upgrades for system administrators and DevOps practitioners. The Xen Project encourages its users to download these patches.

More information about the Xen Project’s Security Vulnerability Process, including the embargo and disclosure schedule, policies around embargoed information, information sharing among pre-disclosed list members, a list of pre-disclosure list members, and the application process to join the list, can be found at: www.xenproject.org/security-policy.html

Xen Project Maintenance Releases Available (Versions 4.6.4 and 4.7.1)

I am pleased to announce the release of Xen 4.6.4 and 4.7.1. Xen Project Maintenance releases are released in line with our Maintenance Release Policy. We recommend that all users of the 4.6 and 4.7 stable series update to the latest point release.

Xen 4.6.4

Xen 4.6.4 is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.6
(tag RELEASE-4.6.4) or from the Xen Project download page http://www.xenproject.org/downloads/xen-archives/supported-xen-46-series/xen-464.html

Xen 4.7.1

Xen 4.7.1 is available immediately from its git repository http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.7
(tag RELEASE-4.7.1) or from the Xen Project download page http://www.xenproject.org/downloads/xen-archives/supported-xen-47-series/xen-471.html

These releases contain many bug fixes and improvements. For a complete list of changes, please check the lists of changes on the download pages.

Announcing Xen Project 4.8 RC and Test Day Schedule

On Monday, we created Xen 4.8 RC1 and will release a new release candidate every week, until we declare a release candidate as the final candidate and cut the Xen 4.8 release. We will also hold a Test Day every Friday for the release candidate that was released the week prior to the Test Day. Note that RC’s are announced on the following mailing lists: xen-announce, xen-devel and xen-users. This means we will have Test Days on October 7th, 14th, 21st and 28th.

Your testing is still valuable on other days, so please feel free to send Test Reports as outlined below at any time.

Getting, Building and Installing a Release Candidate

Release candidates are available from our git repository at

git://xenbits.xenproject.org/xen.git (tag 4.8.0-<rc>)

where <rc> is rc1, rc2, rc3, etc. and as tarball from

https://downloads.xenproject.org/release/xen/4.8.0-<rc>/xen-4.8.0-<rc>.tar.gz
https://downloads.xenproject.org/release/xen/4.8.0-<rc>/xen-4.8.0-<rc>.tar.gz.sig

Detailed build and Install instructions can be found on the Test Day Wiki.

Testing new Features, Test and Bug Reports

You can find Test Instructions for new features on our Test Day Wiki and instructions for general tests on Testing Xen. The following pages provide information on how to report successful tests and how to report bugs and issues.

Happy Testing!

A Recap of the Xen Project Developer Summit 2016

The Xen Project descended on Toronto, Canada in late August for its annual Xen Project Developer Summit. The Summit is an opportunity for developers and software engineers to collaborate and discuss the latest advancements of the Xen Project software. It also gives developers a chance to better understand new trends and deployments in the community and from power enterprise users.

From community growth to new emerging use cases, the Summit covered a lot of ground. Developments within core technologies such as security, graphics support and hardware support were discussed. We also covered emerging technologies such as automotive, embedded and IoT. All sessions were recorded and are available here and also on slideshare (follow this link for summit presentations).

Below is a summary of a few videos that feature technology that has been recently introduced into the Xen Project hypervisor as well as emerging technologies that are being built with Xen Project technology.

New Feature Technologies from Xen Project Community and Power Users

In Xen Project 4.7, we introduced Live Patching as a technology preview. Live Patching gives system administrators and DevOps practitioners the ability to update the Xen Project hypervisor without the need for a reboot. Konrad Wilk, software development manager of Oracle and Ross Lagerwall, software enggineer at Citrix, provide insight into how it works, what the difficulties were to implement, and how it compares to other technologies for patching (kGraft, kPatch, kSplice, Linux hot-patching).



Dimitri Stilliadis, CEO of Aporeto, provides a great overview of the benefits of using Xen Project software to provide an execution environment for Docker apps. This approach allows VM-like isolations for security measures without having to sacrifice performance. The presentation introduces a new paravirtualized protocol to virtualise IP sockets and provides the design and implementation details.


Data breaches are happening all the time, and there are many ways that organisations are trying to stop this through detection, pattern matching and behavioural analysis. However, Neil Sikka, founder and CEO of A1LOGIC, provides a new way of looking at this problem and solving this problem by using the Xen Project hypervisor to enforce data loss prevention. It doesn’t use any type of detection, heuristics, pattern matching or behavioural analysis, but rather a strictly algorithmic approach rooted in hardware.

Embedded Projects and Xen Project Software

Members from the Xen Project sister community OpenXT, an open-source development toolkit for hardware-assisted security research and appliance integration, were present to provide some insights into how Xen Project is working within the embedded space and best practices for embedding Xen Project on mobile and tablet devices.

If this is an area that you are interested in, check out Christopher Clark (consultant and interoperability architect at BAE Systems) overview of the OpenXT Project, which has begun to attract new users and contributors. We also recommend Chris Patterson’s and Kyle Temkin’s step-by-step guide on the challenges and lessons to get Xen Project software started on phones and tablets. Chris is a advising computer engineer for AIS and Kyle is researcher for AIS.


Emerging Technologies

Xen Project is consistently becoming more common within automotive and aviation. Xen Project 4.7 introduced the ability to remove core Xen Hypervisor features at compile time via KCONFIG. This allows a more lightweight hypervisor, which is perfect for IoT scenarios and better for security-first environments, like automotive.

Sangyun Lee, senior embedded software engineer of LG Electronics, presents on the real-time GPU scheduling of XenGT in Automotive Embedded systems. It introduces the real-time GPU schedule of XenGT running on automotive embedded systems and explains why this should be used for an automotive system.


Xen Project is consistently being used within embedded systems for automotive. Earlier this year at CES, GlobalLogic showcased its technology behind Nautilus, which is the company’s virtualisation solution that enables multiple domains to share the GPU hardware with no more than a 5 percent overall in performance changes. More on this technology and how it uses Xen Project here.

The summit was a huge success with many interesting conversations. The Xen Project thanks everyone who attended and presented as well as the sponsors of the event Citrix, Huawei and Intel.