After eight months of development it became known the launch of the new version of xen 4.14, which in the development participated in companies such as Alibaba, Amazon, AMD, Arm, Bitdefender, Citrix, EPAM Systems, Huawei and Intel.
For those unfamiliar with Xen, you should know that is an open source virtual machine monitor developed by the University of Cambridge. The design goal is to be able to run fully functional instances of operating systems in a fully functional way on a single computer.
Xen provides secure isolation, resource control, quality of service guarantees and hot virtual machine migration. Operating systems can be explicitly modified to run Xen (while maintaining compatibility with user applications).
This enables Xen to achieve high-performance virtualization. without special hardware support. Intel has made a number of contributions to Xen that have added support for its VT-X Vanderpool architecture extensions.
This technology allows unmodified operating systems to act as hosts within virtual machines Xen, as long as the physical server supports the Intel VT or AMD Pacifica extensions.
Xen 1.14 Main New Features
In this new installment one of the main novelties is the new support for new stubdomain Linux device model, who allows to organize execution under a separate user without privileges, separating the components for the Dom0 device emulation.
Previously, only the "qemu-traditional" device model could be used in stubdomain mode, which limited the range of emulated hardware. The new modelor from Linux stubomains was developed by the QUBES OS project and supports the use of emulation drivers from the latest versions of QEMU, as well as the related guest capabilities available in QEMU.
For systems with Intel EPT support, support for creating Lightweight virtual machine lightweights for fast introspection, for example, for malware analysis or fuzzing tests. Branches like this use shared memory and do not clone the device model.
The live patching system added links to the hypervisor assembly ids and took into account the order of patching to avoid overlapping patches for the wrong assembly or in the wrong order.
Another important change is in the support for CET extensions (Intel Control-flow Enforcement Technology) to protect against the execution of exploits constructed using Return-Oriented Programming (ROP) techniques.
Configuration added CONFIG_PV32 to disable hypervisor support for para-virtualized guests (PV) 32-bit while maintaining 64-bit support.
Added support for Hypervisor FS, a sysf-style pseudo-FSs for structured access to internal data and settings of hypervisor that do not require parsing records or writing hypercalls.
As well added the ability to run Xen as a guest running the Hyper-V hypervisor used on the Microsoft Azure cloud platform. Running Xen inside Hyper-V allows you to use the familiar virtualization stack in Azure cloud environments and makes it possible to move virtual machines between different cloud systems.
Of the other changes:
- Added the ability to generate a random guest system identifier (the above identifiers were generated sequentially).
- IDs can now also persist between save, restore, and VM state migrations.
- Automatic generation of Go links based on libxl structures.
- For Windows 7, 8.x and 10, support was added for KDD, a utility to interact with the WinDbg (Windows Debugger) debugger, which allows you to debug Windows environments without enabling debugging in the guest operating system.
- Added support for all Raspberry Pi 4 board variants that come with 4GB and 8GB of RAM.
- Added support for AMD EPYC processors codenamed "Milan".
- Nested virtualization performance where Xen runs inside Xen- or Viridian-based guests has been improved.
- In emulation mode, support for AVX512_BF16 instructions is implemented.
If you want to know more about it, you can consult the details in the following link.
The release of updates for the Xen 4.14 branch will last until January 24, 2022, and the release of vulnerability fixes until July 24, 2023.