Category Archives: Uncategorized

Announcing the Xen Project 4.11 RC and Test Day Schedules

On Tuesday, we created Xen 4.11 RC1 and will release a new release candidate every FRIDAY, until we declare a release candidate as the final candidate and cut the Xen 4.11 release. We will also hold a Test Day every TUESDAY for the release candidate that was released the week prior to the Test Day starting from RC1. Note that RC’s are announced on the following mailing lists: xen-announce, xen-devel and xen-users. This means we will have Test Days on April 24th, May 1st, 8th, 15th and 22nd. Your testing is still valuable on other days, so please feel free to send Test Reports as outlined below at any time.

Getting, Building and Installing a Release Candidate

Release candidates are available from our git repository at

git://xenbits.xenproject.org/xen.git (tag 4.11.0-<rc>)

where <rc> is rc1, rc2, rc3, etc. and as tarball from

https://downloads.xenproject.org/release/xen/4.11.0-<rc>/xen-4.11.0-<rc>.tar.gz
https://downloads.xenproject.org/release/xen/4.11.0-<rc>/xen-4.11.0-<rc>.tar.gz.sig

Detailed build and Install instructions can be found on the Test Day Wiki. Make sure you check the known issues section of the instructions before trying to download an RC.

Testing new Features, Test and Bug Reports

You can find Test Instructions for new features on our Test Day Wiki and instructions for general tests on Testing Xen. The following pages provide information on how to report successful tests and how to report bugs and issues.

Happy Testing!

Xen Project Contributor Spotlight: Yurii Konovalenko

The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project, and how the Xen Project technology bolsters their business.

contemporary-1850469_1920

Name: Yurii Konovalenko
Title: Project Manager
Company: GlobalLogic

When did you start contributing to the Xen Project?
GlobalLogic started to contribute to the Xen Project in 2013. Since that time, we have done a significant job to improve the overall functionality of the Xen Project with respect to the embedded world. For example, we brought to life R_CAR platform support from Renesas.

How does contributing to the Xen Project benefit your company?
There are many benefits of contributing to the Xen Project, a few of the most important ones for us, include:

  • Simplified community support of the features GlobalLogic has contributed.
  • Promotion and advertising of GlobalLogic expertise to the world.
  • Extension of internal GlobalLogic experience by connecting to experts in different domains.
  • Possibility to develop internal knowledge and find new bright ideas about different challenges due to being an active member of the OSS community.

How does the Xen Project’s technology help your business?
Most of GlobalLogic projects in the automotive area are based on the Xen Project hypervisor. It is extremely flexible and able to satisfy the requirements of all our customers. Nowadays, GlobalLogic is a leading player in this domain. A lot of OEMS and Tier 1 companies are currently looking into hypervisor solutions. The Xen Project hypervisor is a perfect platform for such solutions and taking into account a collaboration between GlobalLogic and the Xen Project, a lot of potential customer contact GlobalLogic with different requests in this area. All of it leads to constant GlobalLogic business growth in the area of the hypervisor (and the Xen Project hypervisor in particular).

What are some of the major changes you see with virtualization and the transition to cloud native computing?
Nowadays, redistributed cloud-based solutions is really a trend. It is one of the additional advantages of using Xen Project technologies. Based on this platform, it is easy to build these systems. For example, microservice architecture provides very powerful and flexible tools for building scalable and reliable cloud-based solutions.

In addition, we are seeing the following trends unfold:

  • Less computing is done on board, more in cloud.
  • Platform agnostic systems become more widespread.
  • Embedded systems are gaining higher capabilities.

What advice would you give someone considering contributing to the Xen Project?
Don’t hesitate to reach out for consultation with domain owners before submitting feature implementations or new platform support. They can recommend the best way to satisfy the requirements with minimum efforts.

What excites you most about the future of Xen?
As for now, we see the following exciting challenges:

  • Safety certification for automotive industries.
  • Internal communication security (IPC, RPC, Rtrast Zone etc.).
  • Support of extensions from ARM.
  • Intel embedded systems support.

Xen Project Spectre/Meltdown FAQ

Updated to v3 on Dec 12th!

Google’s Project Zero announced several information leak vulnerabilities affecting all modern superscalar processors. Details can be found on their blog, and in the Xen Project Advisory 254. To help our users understand the impact and our next steps forward, we put together the following FAQ.

Note that we will update the FAQ as new information surfaces.

Changes since the initial publication:

  • v3: Added information related to Comet mitigation for Variant 3 (Meltdown) – for now Xen 4.10 only
  • v2: Added information related to Vixen mitigation for Variant 3 (Meltdown) – see Are there any patches for the vulnerability?
  • v2: Replaced SPx with Variant x to be in line with the terminology used elsewhere vulnerability?

Is Xen impacted by Meltdown and Spectre?

There are two angles to consider for this question:

  • Can an untrusted guest attack the hypervisor using Meltdown or Spectre?
  • Can a guest user-space program attack a guest kernel using Meltdown or Spectre?

Systems running Xen, like all operating systems and hypervisors, are potentially affected by Spectre (referred to as Variant 1 and 2 in Advisory 254). For Arm Processors information, you can find which processors are impacted here.  In general, both the hypervisor and a guest kernel are vulnerable to attack via Variant 1 and 2.

Only Intel processors are impacted by Meltdown (referred to as Variant 3 in Advisory 254). On Intel processors, only 64-bit PV mode guests can attack Xen using Variant 3. Guests running in 32-bit PV mode, HVM mode, and PVH mode (both v1 and v2) cannot attack the hypervisor using Variant 3. However, in 32-bit PV mode, HVM mode, and PVH mode (both v1 and v2), guest userspaces can attack guest kernels using Variant 3; so updating guest kernels is advisable.

Interestingly, guest kernels running in 64-bit PV mode are not vulnerable to attack using Variant 3, because 64-bit PV guests already run in a KPTI-like mode.

However, keep in mind that a successful attack on the hypervisor can still be used to recover information about the same guest from physical memory.

Is there any risk of privilege escalation?

Meltdown and Spectre are, by themselves, only information leaks. There is no suggestion that speculative execution can be used to modify memory or cause a system to do anything it might not have done already.

Where can I find more information?

We will update this blog post and Advisory 254 as new information becomes available. Updates will also be published on xen-announce@.

We will also maintain a technical FAQ on our wiki for answers to more detailed technical questions that emerge on xen-devel@ (and in particular this e-mail thread) and other communication channels.

Are there any patches for the vulnerability?

We have published a mitigation for Meltdown on Intel CPUs: please refer to Advisory 254. The published solutions are labelled Vixen and Comet (also see README.which-shim). Alternative solutions are being worked on.

A Mitigation for Variant 2/CVE-2017-5715 is available on the xen-devel@ mailing list, but has not yet undergone rigorous enough review to be published as an official patch.

As information related to Meltdown and Spectre is now public, development will continue in public on xen-devel@ and patches will be posted and attached to Advisory 254 as they become available in the next few days.

Can Variant 1/Variant 2 be fixed at all? What plans are there to mitigate them?

Variant 2 can be mitigated in two ways, both of which essentially prevent speculative execution of indirect branches. The first is to flush the branch prediction logic on entry into the hypervisor. This requires microcode updates, which Intel and AMD are in the process of preparing, as well as patches to the hypervisor which are also in process and should be available soon.

The second is to do indirect jumps in a way which is not subject to speculative execution. This requires the hypervisor to be recompiled with a compiler that contains special new features. These new compiler features are also in the process of being prepared for both gcc and clang, and should be available soon.

Variant 1 is much more difficult to mitigate. We have some ideas we’re exploring, but they’re still at the design stage at this point.

Does Xen have any equivalent to Linux’s KPTI series?

Linux’s KPTI series is designed to address Variant 3 only. For Xen guests, only 64-bit PV guests are able to execute a Variant 3 attack against the hypervisor. A KPTI-like approach was explored initially, but required significant ABI changes.  Instead we’ve decided to go with an alternate approach, which is less disruptive and less complex to implement. The chosen approach runs PV guests in a PVH container, which ensures that PV guests continue to behave as before, while providing the isolation that protects the hypervisor from Variant 3. This works well for Xen 4.8 to Xen 4.10, which is currently our priority.

For Xen 4.6 and 4.7, we are evaluating several options, but we have not yet finalized the best solution.

Devicemodel stub domains run in PV mode, so is it still more safe to run device models in a stub domain than in domain 0?

The short answer is, yes, it is still safer to run stub domains than otherwise.

If an attacker can gain control of the device model running in a stub domain, it can indeed attempt to use these processor vulnerabilities to read information from Xen.

However, if an attacker can gain control of a device model running in domain 0 without deprivileging, the attacker can gain control of the entire system.  Even with qemu deprivileging, the qemu process may be able to execute speculative execution attacks against the hypervisor.

So although XSA-254 does affect device model stub domains, they are still safer than not running with a stub domain.

What is the Xen Project’s plan going forward?

The Xen Project is working on finalizing solutions for Variant 3 and Variant 2 and evaluating options for Variant 1. If you would like to stay abreast on our progress, please sign up to xen-announce@. We will update this FAQ as soon as we have more news and updated information. Answers to more detailed technical questions will be maintained in a technical FAQ on our wiki. Thank you for your patience.

How can I ask further questions?

Please respond to this e-mail thread on xen-devel@ or xen-users@.

Xen Project Contributor Spotlight: Irby Thompson

The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.

contemporary-1850469_1920

Name: Irby Thompson
Title: Founder & CEO
Company: Star Lab Corp.

When did you start contributing to the Xen Project?
The Star Lab team started contributing to the Xen Project in 2015. At that time, our team had completed an extensive trade study of existing open-source and proprietary hypervisors, and determined that the Xen Project codebase and community offered the best security, stability, features, and performance available in the virtualization marketplace.

How does contributing to the Xen Project benefit your company?
Our contributions to the Xen Project help make the ecosystem stronger, while also enabling the entire community to adopt and benefit from our patches. For example, our team upstreamed kconfig support into Xen in 2016 in order to make the core hypervisor codebase more modular, and thus more adaptable across a wide range of industries. Likewise, Star Lab directly benefits from the many Xen Project developers who add new features, review source code, perform security and performance testing, and share lessons learned.

How does the Xen Project’s technology help your business?
The Xen Project hypervisor provides a robust foundation upon which industry-specific solutions can be built. Star Lab is primarily in the business of developing and deploying Crucible, a Xen-based secure embedded virtualization platform for security-critical operational environments, including aerospace & defense, industrial, transportation, and telecommunications. By leveraging Xen as the foundation for Crucible, our team has been able to focus attention on addressing customer-specific needs.

What are some of the major changes you see with virtualization and the transition to cloud native computing?
Virtualization is quickly displacing both hardware (below) and operating systems (above) as the framework upon which modern systems are built. The smart abstractions made possible by virtualization reduce dependencies and make software applications easier to deploy, secure, and maintain. The future will see a merger of traditional virtualization with DevOps-style containerization to get the best qualities of both worlds and enable run-anywhere computing.

What advice would you give someone considering contributing to the Xen Project?
The ecosystem around Xen Project is full of interesting subprojects like MirageOS / unikernels, disaggregation / subdomains, tooling, and Arm support, all places where more development help is needed. Many volunteers make light work, so jump in and get involved!

What excites you most about the future of Xen?
The Xen Project continues to evolve from traditional server virtualization into other markets such as the embedded / IoT space, where the benefits of virtualization are just beginning to be realized. For example, Xen Project has the potential to be viable in safety-critical environments where a type-1 hypervisor can provide strong isolation and independence guarantees. Xen-based virtualization drives innovation in these industries and leads to significant cost savings over legacy architectures. At Star Lab, we are excited to be involved in driving the future of Xen Project!

Xen Project Contributor Spotlight: Mike Latimer

The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.

contemporary-1850469_1920

Name: Mike Latimer
Title: Senior Engineering Manager, Virtualization Team
Company: SUSE

When did you start contributing to the Xen Project?
I first started working with the Xen Project in 2006 as a backline support engineer for SUSE. That role required working closely with SUSE’s virtualization development team to identify, debug and resolve Xen related issues our customers encountered. At that time, I was a silent contributor to the project as I leveraged the various Xen Project community mailing lists to increase my understanding of the project and contributed back through my engagements with our internal Xen developers. Some years later, I moved to engineering and worked directly with the Xen Project and related tooling. I now manage SUSE’s Virtualization Team and contribute through my own coding and QA related efforts, and also by ensuring our engineers have the resources they need to be active in the Xen Project.

How does contributing to the Xen Project benefit your company?
The Xen Project is an example of a very complex project which is successful due to a thriving and diverse community. Our membership in this community provides engineers an incredible opportunity to increase their own skills through peer review of their code, and directly observing how other engineers approach and resolve problems. This interaction between highly skilled engineers results in better engineers and better engineered products. In other words, it’s a win all around. SUSE benefits both by having a quality product we can offer to our customers and by the continual improvement our engineers experience.

How does the Xen Project’s technology help your business?
Internally, SUSE (and our parent company Micro Focus) relies on all forms of virtualization to provide many critical infrastructure components. Key services such as dns/dhcp servers, web servers, and various applications servers are commonly ran in Xen VMs. Additionally, Xen is an important part of the tooling used to build our distributions. For example, the well known Open Build Service infrastructure (which performs automated building of RPMs) uses Xen VMs for a portion of the builds.

SUSE prides itself on providing quality products that our customers need to resolve real-world challenges. Xen was doing this when we first included it in SUSE Linux Enterprise 10 (in 2006), and continues to do this today as Xen will be included in SUSE Linux Enterprise 15 (to be released in 2018). Xen has been an important differentiating factor with our distribution, and customer feedback has verified the value that they see in this offering.

What are some of the major changes you see with virtualization and the transition to cloud native computing?
In my opinion, the death of the hypervisor has been greatly exaggerated. While it is true that cloud computing has taken users one step away from the hypervisor, the role of the hypervisor has never been more important. As more and more applications move to cloud-based services, the underlying hypervisor will be expected to “just work” with everything required by those applications. This means that advanced functionality like device-passthrough, NUMA optimizations, and support for the latest CPU instructions will be expected to be available in cloud environments.

Of course, security is of paramount importance, and performance can’t be sacrificed either. Meeting these expectations, while continuing to provide core functionality (such as live migration, save/restore, snapshots, etc.) will be challenging, but the architecture of the Xen Project provides the stable foundation for today’s requirements, and the flexibility to adapt to new requirements as the cloud world continues to evolve.

What advice would you give someone considering contributing to the Xen Project?
I would encourage anyone working with the Xen Project to become an _active_ member of the community. Start by following the mailing lists and joining in the conversation. It may seem intimidating to begin working with such a technically complex project, but the community is accepting and interested in what anyone has to say. Even if your contribution are simply ACK’ing patches, or providing test reports, all input is appreciated.

If you are considering submitting code to the project, my advice is to submit early and submit often! Engage with the community early in the development process to allow time for the community to feel joint ownership for the success of your code. Don’t be afraid of criticism, and don’t be afraid of standing up for your point of view. The Xen Project thrives with these discussions, and the outcome should never be viewed as a win/lose proposition. Everyone benefits when the most correct solution wins.

What excites you most about the future of Xen?
I’m most interested in seeing Xen continue to differentiate itself from other hypervisor offerings. The Xen architecture is ideal for environments which require high security and performance, so I’m particularly interested in advances in this area. The convergence of PV

and HVM guest models (into PVH and PVHVM) has been an exciting recent change, and there should be further advances which ensure both guest models are as performant as possible. I’m also looking forward to increases in fault tolerance through such things as a restartable dom0, and better support for driver stub domains. By continuing to improve in these areas, Xen will remain a strong choice in the ever changing field of virtualization.

 

Automotive, Security and the Future of the Xen Project at The Xen Project Developer and Design Summit

The Xen Developer and Design Summit schedule is now live! This conference combines the formats of the Xen Project Developer Summits with the Xen Project Hackathons. If you are part of the Xen Project’s community of developers and power users, come join us in Budapest, Hungary, July 11 – 13 for this must-attend event!

pandas-656890_1920

The conference will cover many different topic areas including community, embedded/automotive, performance, tooling, hardware, security and more. The format will include traditional panels and presentation, as well as design and problem solving sessions.

Design and problem solving session proposals will be accepted until July 7. This is a great way to meet other developers face-to-face to:

  • Discuss and advance the design and architecture of future functionality
  • Coordinate and plan upcoming features
  • Discuss and share best practices and ideas on how to improve community collaboration
  • Hear interactive sessions covering lessons learned from contributors, users and vendor

Submit your design and problem solving ideas here.

Keynotes this year are coming from Lars Kurth, Xen Project Chairperson and Director of Open Source Solutions at Citrix; Oleksandr Andrushchenko, Lead Software Engineer at EPAM Systems; Stefano Stabellini, Virtualization Architect at Aporeto; and Wei Liu, Senior Software Engineer at Citrix.

Here’s a small sampling of other speaking sessions during the conference:

Automotive

  • Dedicated Secure Domain as an Approach for Certification of Automotive Sector Solutions from Iurii Mykhalskyi of GlobalLogic
  • Harmony of CPU Scheduling Between RT Guest OS and Rich Guest OS in Automotive Virtualization from Sangyun Lee of LG Electronics

Security

  • Hypervisor-Based Security: Bringing Virtualized Exceptions Into the Game from Mihai Dontu of Bitdefender
  • Uniprof: Transparent Unikernel Performance Profiling and Debugging from Florian Schmidt of NEC

Future of Xen

  • Intel GVT-g: From Production to Upstream from Zhi Wang of Intel
  • Recent and Ongoing Xen Related Work in the Linux Kernel from Jürgen Groß of SUSE

General Hypervisor

  • Bring up PCI Passthrough on ARM from Julien Grall of ARM
  • EFI Secure Boot, Shim and Xen: Current Status of Developments from Daniel Kiper of Oracle

You can view the entire schedule here. Early bird specials for tickets (price is $250) are available until May 31st.

A special thank you to our Diamond Sponsor Citrix and Gold sponsors ARM, Intel and Superfluidity. We look forward to seeing you at the event in July, and please stay informed on Xen Project updates by following us on social (Twitter and Facebook) and registering to our xen-announce mailing list.