Xen Project Releases Version 4.18 with New Security, Performance, and Architecture Enhancements for AI/ML Applications

New release to include updates from AMD, Arm, BUGSENG, EPAM, Vates, XenServer, and other contributors

SAN FRANCISCO--(BUSINESS WIRE)--The Xen Project, an open source hypervisor hosted at the Linux Foundation, today announced the release of Xen Project Hypervisor 4.18 with architecture enhancements for High Performance Computing (HPC) and Machine Learning (ML) applications, as well as higher security and performance features. As always, a loyal and very active Xen Project community with developers from many organizations and many parts of the world contributed to this release.

“We would like to thank the industry leaders and innovators who contributed to the release.”

Notable Features

Arm

• The Scalable Vector Extension (SVE) is now merged in upstream Xen as a tech preview.
• The Arm® Firmware Framework for Arm A-profile (FF-A) framework support is now merged in upstream Xen as a tech preview.
• The memory subsystem in Xen on Arm64 is now more compliant with the Arm architecture.

x86

• On all Intel systems, MSR_ARCH_CAPS is now visible in guests, and controllable from the VM's config file. For CPUs from 2019 onwards, this allows guest kernels to see details about hardware fixes for speculative mitigations.
• Support for features new in 4th Gen AMD EPYC Processors:
• CPUID_USER_DIS (CPUID Faulting) used by Xen to control PV guest's view of CPUID data
• Support for features new in Intel Sapphire Rapids CPUs:
• PKS (Protection Key Supervisor) available to HVM/PVH guests
• VM-Notify used by Xen to mitigate certain micro-architectural pipeline livelocks, instead of crashing the entire server
• Bus-lock detection, used by Xen to mitigate (by rate-limiting) the systemwide impact of a guest misusing atomic instructions
•  Support for features new in Intel Granite Rapids CPUs:
• AVX512-FP16
• Add Intel Hardware P-States (HWP) cpufreq driver
• Support for enforcing system-wide operation in Data Operand Independent Timing Mode
• RISC-V and PowerPC
• Upstream Xen GitLab CI has been set up with full Xen build and a message printed from Xen early printk
• Security
• 20 XSAs has been published, enhancing the security of the project to keep it safe from common vulnerabilities
• MISRA-C
• The project has officially adopted more MISRA-C rules, from four directives and 24 rules in 4.17 to 6 directives and 65 rules of MISRA-C

Other Improvements

• xl/libxl can customize SMBIOS strings for HVM guests
• On Arm, experimental support for dynamic addition/removal of Xen device tree nodes using a device tree overlay binary (.dtbo)
• Introduced two new hypercalls to map the vCPU runstate and time areas by physical rather than linear/virtual addresses

Open Community Initiative Updates

• On Arm, the upstream MPU (memory protection unit) support and PCI-passthrough work is ongoing, including some refactoring and improvements of the existing code. Support for both will be included in the next few releases.
• On RISC-V, some refactoring and improvements of the existing code have been done. BUG/WARN macros, temporary printk, and decode_cause() functions to print the reason for a trap have been introduced. In the next few releases, identity mapping, full Xen build, and trap handling will be introduced.
• On PowerPC, initial support for the ppc64le architecture was added to Xen, specifically targeting Power ISA 3.0B and later. As of 4.18, an early-stage Xen image can be built that boots on bare metal PowerNV systems. Current ongoing work focuses on handling printing to the OPAL serial console, as well as some basic Radix MMU page table initialization.

Community Quotes

“EPAM continues to invest in the development of the Xen hypervisor for safety applications in mixed-criticality systems. The 4.18 release marks a decade since we first presented a concept of the Xen hypervisor in the automotive domain at the Xen Developer Summit 2013. Today, Xen continues to be the best option for embedded virtualization platforms,” said Alex Agizim, CTO of Automotive & Embedded Systems at EPAM Systems, Inc. “Xen paves the way for generic FOSS, like the Linux kernel, to be safely used in complex automotive, aerospace, and industrial systems alongside mission-critical domains, with faster time-to-market and lower overall development costs.” 

“AMD looks forward to embracing the further improvements in this latest version of the Xen hypervisor," said Kris Chaplin, senior manager, Technical Marketing, AMD. “Further MISRA-C rules and developments in dom0less configurations, along with progress on real-time systems help path the way to a future in safety certified environments and enhance the benefits of Xen for our communities, partners and customers.”

“Our ongoing collaboration with the Xen Project is an important aspect of Arm’s commitment to the open source software community, including the addition of the Xen Hypervisor in the SOAFEE open source reference implementation,” said Andrew Wafaa, fellow and senior director of software communities, Arm. “Xen 4.18 delivers significant enhancements for our extensive developer ecosystem, including the introduction of Arm Firmware Framework for Arm A-profile (FF-A) support, which will enhance security by adding capacity to communicate with more Trusted Execution Environments (TEE) from any Xen guests, and the adoption of more than 60 MISRA rules, illustrating the project’s commitment to enabling safety-critical automotive applications in future automotive and industrial use cases.”

“The consulting work on MISRA-C compliance we are doing with the Xen community is very promising,” stated Abramo Bagnara, CTO at BUGSENG. "As part of our work, we discuss the MISRA coding guidelines and their violations. Applying MISRA-C in an open environment that values code quality above all, which is 100 percent in line with the MISRA philosophy, takes time and effort, but it is an invaluable contribution to Xen and other open-source projects for safety-critical applications.”

“The various security improvements, especially around MISRA-C, are helping Xen deliver the secure virtualization technology that the industry needs today," commented Olivier Lambert, CEO of Vates. "This release does not stop there as it continues moving forward with better support of the Arm and RISC-V architectures, two innovative platforms that will become more and more significant in the coming years.”

“XenServer is a cost-effective enterprise-grade hypervisor used for both desktop and server virtualization workloads. XenServer inherits its security and performance from the Xen Project hypervisor,” said Jacus de Beer, general manager, XenServer BU, Cloud Software Group. “XenServer is looking forward to integrating some of the new x86 features introduced in 4.18 in its upcoming product releases.”

Additional Resources

Visit these pages for Release Info and Downloads.

About the Xen Project

The Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Xen Project has more than a decade of development and is being used by more than 10 million users. A project of the Linux Foundation, the Xen Project community is focused on advancing virtualization in commercial and open source applications, including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industries and open source community leaders among its members, including Amazon Web Services, Arm, Bitdefender, Citrix, EPAM Systems, and AMD. For more information and to participate, visit XenProject.org.

AMD, the AMD logo, EPYC, and combinations thereof are trademarks of Advanced Micro Devices, Inc.

Intel, the Intel logo and Xeon are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

About Linux Foundation Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page: https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.