Category Archives: Announcements

Announcements affecting the Xen Project community

Celebrating 15 Years of the Xen Project and Our Future

In the 1990s, Xen was a part of a research project to build a public computing infrastructure on the Internet led by Ian Pratt and Keir Fraser at The University of Cambridge Computer Laboratory. The Xen Project is now one of the most popular open source hypervisors and amasses more than 10 million users, and this October marks our 15th anniversary.

From its beginnings, Xen technology focused on building a modular and flexible architecture, a high degree of customizability, and security. This security mindset from the outset led to inclusion of non-core security technologies, which eventually allowed the Xen Project to excel outside of the data center and be a trusted source for security and embedded vendors (ex. Qubes, Bromium, Bitdefender, Star Labs, Zentific, Dornerworks, Bosch, BAE systems), and also
a leading hypervisor contender for the automotive space.

As the Xen Project looks to a future of virtualization everywhere, we reflect back on some of our major achievements over the last 15 years. To celebrate, we’ve created an infographic that captures some of our key milestones share it on social.

A few community members also weighed in on some of their favorite Xen Project moments and what’s to come:

“Xen offers best-in-class isolation and separation while preserving nearly bare-metal performance on x86 and ARM platforms. The growing market for a secure hypervisor ensures Xen will continue to grow in multiple markets to meet users demands.”
– Doug Goldstein, Software Developer V, Hypervisors at Rackspace

“Xen started life at the University of Cambridge Computer Laboratory, as part of the XenoServers research project to build a public computing infrastructure on the Internet. It’s been fantastic to see the impact of Xen, and the role it’s played at the heart of what we now call Infrastructure as a Service Cloud Computing. It’s been an incredible journey from Xen’s early beginnings in the University, to making our first open source release in 2003, to building a strong community of contributors around the project, and then Xen’s growth beyond server virtualization into end-user systems and now embedded devices. Xen is a great example of the power of open source to enable cooperation and drive technological progress.”
– Ian Pratt, Founder and President at Bromium, and Xen Project Founder

“From its beginnings as a research project, able to run just a handful of Linux VMs, through being the foundation of many of the world’s largest clouds, to being the open-source hypervisor of choice for many next-generation industrial, automotive and aeronautical applications, Xen Project has shown its adaptability, flexibility and pioneering spirit for 15 years. Today, at Citrix, Xen remains the core of our Citrix Hypervisor platform, powering the secure delivery of applications and data to organizations across the globe. Xen Project Hypervisor allows our customers to run thousands of virtual desktops per server, many of them using Xen’s ground-breaking GPU virtualization capabilities. Happy birthday, Xen!”
– James Bulpin, Senior Director of Technology at Citrix

“The Xen open source community is a vibrant and diverse platform for collaboration, something which is important to Arm and vital to the ongoing success of our ecosystem. We’ve contributed to the Xen open source hypervisor across a range of markets starting with mobile, moving into the strategic enablement that allowed the deployment of Arm-based cloud servers, and more recently focusing on the embedded space, exploring computing in safety-sensitive environments such as connected vehicles.”
– Mark Hambleton, Vice President of Open Source Software, Arm

“I – like many others – associate cloud computing with Xen. All my cloud-related projects are tied to companies running large deployments of Xen. These days even my weekend binge-watching needs are satisfied by a Xen instance somewhere. With Xen making its way into cars, rocket launch operations and satellites, it’s safe to say the industry at large recognizes it as a solid foundation for building the future, and I’m excited to be a part of it.”
– Mihai Dontu, Chief Linux Officer at Bitdefender

“Xen was the first open source hypervisor for the data center, the very foundation of the cloud as we know it. Later, it pioneered virtualization for embedded and IoT, making its way into set-top boxes and smaller ARM devices. Now, we are discussing automotive, medical and industrial devices. It is incredibly exciting to be part of a ground-breaking project that has been at the forefront of open source innovation since its inception.”
– Stefano Stabellini, Principal Engineer, Tech Lead at Xilinx and Xen on ARM Committer and Maintainer

“Congratulations to the Xen Project on this milestone anniversary. As the first open source data center hypervisor, Xen played a key role in defining what virtualization technology could deliver and has been the foundation for many advancements in the modern data center and cloud computing. Intel has been involved with Xen development since the early days and enjoys strong collaboration with the Xen community, which helped make Xen the first hypervisor to include Intel® Virtualization Technology (VT-x) support, providing a more secure, efficient platform for server workload consolidation and the growth of cloud computing.”
– Susie Li, Director of Open Source Virtualization Engineering, Intel Corp.

“It is amazing how a project that started 15 years ago has not lost any of its original appeal, despite the constant evolution of hardware architectures and new applications that were unimaginable when the Xen Project started. In certain segments, e.g. power management, the pace of innovation in Xen is just accelerating and serves as the ultimate reference for all other virtualization efforts. Happy quinceañera (sweet 15) Xen!”
– Vojin Zivojnovic, CEO and Co-Founder of Aggios

Building the Journey Towards the Next 15 Years; Sneak Peek into Xen Project 4.12
The next Xen Project release is set for March 2019. The release continues to support the Xen Project’s efforts around security with cloud environments and rich features and architectural changes for automotive and embedded use cases. Expect:

  • Deprivileged Device Model: Under tech preview in QEMU 3.0, the feature adds extra restrictions to a device model running in domain 0 in order to prevent a compromised device model to attack the rest of the system.  
  • Capability to compile a PV-only version of Xen giving cloud providers simplified management, reducing the surface of attack, and the ability to build a Xen Project hypervisor configuration with no “classic” PV support at all.
  • Xen to boot multiple domains in parallel on Arm, in addition to dom0 enabling booting of domains in less than 1 second. This is the first step towards a dom0-less Xen, which impacts statically configured embedded systems that require very fast boot times.  
  • Reduction of codesize to 46 KSLOC for safety certification and the first phase of making the codebase MISRA C compliant.
    • MISRA C is a set of software development guidelines for the C programming language developed by the Motor Industry Software Reliability Association with the aim to facilitate code safety, security, portability, and reliability in the context of embedded systems.

Thank you for the last 15 years and for the next 15+ to come!
Lars Kurth, Chairperson of the Xen Project

P.S. If you want more insight on why Xen has been so successful, check out this recent talk from Open Source Summit Europe!

 

Get an Introduction to Working with the Xen Project Hypervisor and More at Open Source Summit #OSSummit

Open Source Summit is the premier event to get introduced to open source and to learn more about the trends that are surrounding this space. This year’s Open Source Summit will be held in Vancouver, BC from August 29 – 31. The event covers a wide range of topics from blockchain to security to virtualization to containers and much more.

We are very excited to have a few members of the Xen Project attending the conference and are extremely excited to host a workshop to help folks learn more about using Xen and its related technologies. If you are looking to go or are attending, below is where we will be. Come by, and say “hi.”

Xen: The Way of the Panda
Lars Kurth, the chairperson of the Xen Project, is hosting a workshop that will guide you through getting started with the Xen Project Hypervisor. Usually, you will use Xen indirectly as part of a commercial product, a distro, a hosting or cloud service and only indirectly use Xen. By following this session you will learn how Xen and virtualization work under the hood. The workshop will cover:

  • The Xen architecture and architecture concepts related to virtualization in general;
  • Storage and Networking in Xen;
  • More practically you will learn how to install Xen, create guests and work with them;
  • A detailed look at virtualization modes, boot process and troubleshooting Xen setups;
  • Memory management (ballooning), virtual CPUs, scheduling, pinning, saving/restoring and migrating VMs;
  • If time permits, we will cover some more advanced topics.

Seating is limited for this session. If you would like to attend, be sure to register asap. The workshop is happening on Wednesday, August 29 from 2:10 – 3:40 pm. Please also follow the preparation guide that is attached to the talk: you will need to download some software packages on your laptop prior to the session to avoid issues with internet bandwidth.

Disclosure Policies in the World of the Cloud: A Look Behind the Scenes

The tech world does not exist in silos and one security vulnerability can impact an entire ecosystem (case in point Meltdown and Spectre). How do open source projects and companies alike ensure that their security disclosure policies are up to standards, especially in the world of cloud computing?

This session, also led by Lars, will introduce different patterns for managing the disclosure of security vulnerabilities in use today and explore their trade-offs and limitations. Come to listen in on the conversation on Wednesday, August 29 from 12:00 – 12:40 pm.

A New Open Source Technology to Secure Containers for IoT

Containers are extremely convenient to package applications and deploy them quickly across the data center. They enable microservices oriented approaches to the development of complex apps. These technologies are benefiting the data center, but are struggling to find their place at the edge.

Embedded developers need the convenience of containers for deployment while retaining real-time capabilities and supporting mixing and matching of applications with different safety and criticality profiles on the same SoC.

A long-time contributor to the Xen Project, Stefano Stabellini, will be presenting on how ViryaOS is aiming to bring the power of containers to the embedded developer. Stefano will be talking through the proof of concept for this new technology on Wednesday, August 29 from 5:40 – 6:20 pm.

We look forward to seeing you at OSS! If you want to connect with us at the conference, please be sure to reach out to Stefano (@stabellinist) or Lars (@lars_kurth) via Twitter. You can also drop us a line in the comments section.

 

Xen Project 4.8.4 is available!

I am pleased to announce the release of the Xen 4.8.4. Xen Project maintenance releases are released in line with our Maintenance Release Policy. We recommend that all users of the 4.8 stable series update to the latest point release.

The release is available from its git repositories

xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.8 (tag RELEASE-4.8.4)

or from the Xen Project download page

www.xenproject.org/downloads/xen-archives/xen-project-48-series/xen-484.html

This release contains many bug fixes and improvements. For a complete list of changes, please check the lists of changes on the download page.

What’s New in the Xen Project Hypervisor 4.11

I am pleased to announce the release of the Xen Project Hypervisor 4.11. One of our long-term development goals since the introduction of Xen Project Hypervisor 4.8 has been to create a cleaner architecture for core technology, less code and a smaller computing base for security and performance. The Xen 4.11 release has followed this approach by delivering more PVH related functionality: PVH Dom0 support is now available as experimental feature and support for running unmodified PV guests in a PVH Container has been added. In addition, significant chunks of the ARM port have been rewritten.

Mitigations against Cache Side-channel Attacks

This release contains mitigations for the Meltdown and Spectre vulnerabilities. It is worth noting that we spent a significant amount of time on completing and optimizing fixes for Meltdown and Spectre vulnerabilities. Xen 4.11 contains the following mitigations.

XPTI

We implemented performance optimized XPTI, Xen’s equivalent to KPTI. It is worth noting that only “classic PV” guests need XPTI whereas HVM and PVH can’t attack the hypervisor via Meltdown.

Branch Predictor Hardening

For x86 CPUs, we added a new framework for Intel and AMD microcode related to Spectre mitigations as well as support for Retpoline. By default, Xen will pick the most appropriate mitigations based on compiled in support, loaded microcode, and hardware details, and will virtualise appropriate mitigations for guests to use. Command line controls via the spec-ctrl command line option are available. SP4 (Speculative Store Bypass) mitigations are also available to enable guest software to protect against within-guest information leaks via spec-ctrl=ssbd. In addition, mitigation for Lazy FP state restore (INTEL-SA-00145) are available via spec-ctrl=eager-fpu.

Arm32: Mitigation for Cortex-A15, Cortex-A12, Cortex-A17 are present in Xen 4.7 and later with some caveats (update on the firmware).

Arm64: A PSCI-based mitigation framework for Spectre type vulnerabilities was introduced including concrete mitigations for Cortex-A57, A72, A73 and A75 CPUs for Xen 4.7 to Xen 4.9. An SMCCC 1.1 based mitigation is available for Cortex-A57, Cortex-A72, Cortex-A72, Cortex-A75 for Xen 4.10 and later.

PVH related Features

A key motivation behind PVH was to combine the best of PV and HVM mode, to simplify the interface between operating systems with Xen Support and the Xen Hypervisor and to reduce the attack surface of Xen. This led to the current implementation of PVH. PVH guests are lightweight HVM guests which use Hardware virtualization support for memory and privileged instructions, PV drivers for I/O and native operating system interfaces for everything else. PVH also does not require QEMU.

PVH Dom0

Xen 4.11 adds experimental PVH Dom0 support by calling Xen via dom0=pvh on the command line. Up to now, the only guest type that was capable running as Dom0, were PV guests. HVM guests require QEMU to run in Dom0 to provide some emulated services to the guest, which makes HVM guests unsuitable to run as Dom0 as QEMU is not running when Dom0 boots. PVH guests, in contrast, require no support from anything other than the hypervisor, so it can boot with no other guests running and can take on the responsibilities of Dom0. Running a PVH Dom0 increases security of Xen based systems by removing approximately 1.5 million lines of QEMU code from Xen’s trusted computing base.

Note that enabling a PVH Dom0 requires a PVH Dom0 capable Linux or FreeBSD. Patches for each operating system have been developed and are currently being upstreamed and should be available in the next Linux and FreeBSD versions.

PCI config space emulation in Xen

In Xen 4.11 support for the PCI configuration space has been moved from QEMU to the Hypervisor. Besides enabling PVH Dom0 support, this code will eventually also be available to HVM guests and PVH guests: however, additional security hardening needs to be performed before exposing such functionality to security supported guest types such as PVH or HVM guests.

PV in PVH container (or short: PVH Shim)

Support to run unmodified legacy PV-only guest to be run in PVH mode has been added in Xen 4.11. This allows cloud providers to support old, PV-only distros while only providing support for a single kind of guest (PVH). This simplifies management, reduces the surface of attack significantly, and eventually allows end-users to build a Xen hypervisor configuration with no “classic” PV support at all.

Next Steps

In subsequent releases, you should expect PVH Dom0 to become a supported feature and for PCI passthrough to be enabled in PVH guests. In addition, we will add the capability to compile PV-only and HVM-only versions of Xen.

Other Features

Scheduler Optimizations: Credit1 and Credit2 scheduling decisions when a vCPU is exclusively pinned to a pCPU or when soft-affinity is used have been performance optimised.

Add DMOPs to allow use of VGA with restricted QEMU (x86): Xen 4.9 introduced the Device Model Operation Hypercall (DMOPs) which significantly limits the capability of a compromised QEMU to attack the hypervisor. In Xen 4.11 we added DMOPs that enable the usage of the VGA console, which was previously restricted.

Enable Memory Bandwidth Allocation in Xen (Intel Skylake or newer): Xen 4.11 adds support for Memory Bandwidth Allocation (MBA), that allows Xen to slow misbehaving VMs by using a credit-based throttling mechanism.

Emulator enhancements (x86): support for previously unsupported Intel AVX and AVX2, and for AMD F16C, FMA4, FMA, XOP and 3DNow! instructions have been added to to the x86 emulator.

Guest resource mapping (x86): support for directly mapping Grant tables and IOREQ server pages have been introduced into Xen to improve performance.

Clean-up and future-proofing (Arm): Xen’s VGIC support has been re-implemented. In addition, stage-2 page table handling, memory subsystems and big.LITTLE support have been refactored to make it easier to maintain and update the code in future.

Support for PSCI 1.1 and SMCCC 1.1 compliance (Arm): Xen has been updated to comply with the latest versions of the Arm® Power State Coordination Interface and Secure Monitor Call Calling Conventions that provides an optimised calling convention and optional, discoverable support for mitigating Spectre Variant 2.

Summary

This release contains 1206 commits from 406 patch series. Contributions for this release of the Xen Project came from Citrix, Suse, ARM, AMD, Intel, Amazon, Gentoo Linux, Google, Invisible Things Lab, Oracle, EPAM Systems, Huawei, DornerWorks, Qualcomm, and a number of universities and individuals.

As in Xen 4.10, we took a security-first approach for Xen 4.11 and spent a lot of energy to improve code quality and harden security. Our efforts are not restricted to the current release, but include Xen 4.6 – 4.10: due to mitigations for side-channel attacks an unusually large number of commits – 765 in total – were back-ported to older releases to ensure that users of these releases are not impacted. Despite the disruption caused by Spectre and Meltdown, the community developed several major features and made significant progress towards completing PVH.

On behalf of the Xen Project Hypervisor team, I would like to thank everyone for their contributions (either in the form of patches, code reviews, bug reports or packaging efforts) to the Xen Project.

Please check our acknowledgement page, which recognises all those who helped make this release happen. The source can be located in the tree (tag RELEASE-4.11.0) or can be downloaded as a tarball from our website.

For detailed download and build instructions check out the guide on building Xen 4.11.

More information can be found at

Xen Project 4.7.6 is available!

I am pleased to announce the release of the Xen 4.7.6. Xen Project maintenance releases are released in line with our Maintenance Release Policy. We recommend that all users of the 4.7 stable series update to the latest point release.

The release is available from its git repositories

xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.7 (tag RELEASE-4.7.6)

or from the Xen Project download page

www.xenproject.org/downloads/xen-archives/xen-project-47-series/xen-476.html

This release contains many bug fixes and improvements. For a complete list of changes, please check the lists of changes on the download page.

Xen Project Announces Schedule for its Annual Developer and Design Summit

Today, we are excited to announce the program and speakers for the Xen Project Developer and Design Summit. The summit brings together developers, engineers, and Xen Project power users for in-person collaboration and educational presentations. The event will take place in Nanjing Jiangning, China from June 20 -22, 2018.

This is the fifth annual Xen Project Summit with presentations and panels focusing on hypervisor performance and development, security, automotive and much more. The conference will kick-off with a weather report from Lars Kurth, chairperson of the Xen Project and director of open source at Citrix.

At last year’s Xen Project Developer Summit in Budapest, Hungary.

A sample of presentations include:

  • Sung-Min Lee, principal engineer at Samsung Electronics, will present a production-ready automotive virtualization solution with Xen.
  • Marek Marczykowski-Górecki, senior systems developer, Invisible Things Lab, will present on linux-based device model stubdomains in Qubes OS.
  • Julien Grall, senior software virtualization engineer at Arm, will share capabilities that were added to the latest revision of the ARmv7-A architectures and how Arm has been improving virtualization support with incremental versions of the Armv8 architecture.
  • Felipe Huici, chief researcher at NEC, and Florian Schmidt, research scientist at NEC, will co-present on Unikraft, a sub-project of the Xen Project aimed at automativing the process of building customized unikernels tailored to a specific applications.
  • Bo Zhang, business analyst at Huawei, will introduce Huawei Cloud’s optimization on the Xen platform to solve regular problems that occur in customer scenarios

You can view the full schedule here.

Beyond panels and presentations, the Xen Project will be running design sessions that share a similar format to Xen Project hackathons. Attendees of the conference have the opportunity to propose design sessions during the conference. Current design topics already include Making Safety Certifications for Xen Easier, From Hobbyist to Maintainer: Why and How and Reworking x86 in Xen (Current and Future Plans).

If you’ve never attended a Xen Project Developer and Design Summit, check out last year’s presentations to get a better feel for the event.

A special thank you Citrix for being a diamond sponsor of the summit.