This release also continues the fundamental shift for Xen, which was outlined in version 4.13. In other words to make it increasingly resistant to side-channel attacks and hardware issues.
George Dunlap, Xen Project Advisory Board Chair, said:
Xen Project Hypervisor 4.14 is a clear example of important investments from companies and community members to move the project forward. We continue to see broad participation from many companies, which is validation of the important role Xen plays in the open-source virtualization space: a project focused solely on virtualization, with a mature code base and community.
Support for Xen running under Hyper-V
Xen will now run as a guest under Hyper-V, the hypervisor developed by Microsoft which runs Microsoft’s Azure cloud. Running Xen inside a cloud allows the same VM control stack to be used on-premise as in a cloud. This allowing virtual machines to be moved freely between on-prem and cloud, or even between clouds.
As Hyper-V powers Azure, the change means it’s now possible to manage Xen VMs in Azure. Of course, with the tools you use to manage Xen VMs elsewhere.
Hypervisor FS support
Similar to Linux’s sysfs, Hypervisor FS allows Xen to expose internal data. Also to control knobs in a structured way without the previous requirement of parsing log data or writing custom hypercalls to transport the data, and custom code to read it.
Raspberry Pi 4 and AMD EPYC support
Support for Raspberry Pi 4 has been extended. So, now all versions of the RPI4, including the popular ones with 4GB and 8GB of RAM, work on Xen. Additionally, version 4.14 will support the next generation AMD EPYC™ processor, codenamed “Milan”, when it is available to the public.
Key updates and improvements
- Linux Stubdomains that can run the newest device models, allowing users to take advantage of one of Xen’s unique security features while still having the latest emulated hardware.
- Lightweight VM fork for fuzzing / introspection. Allows very fast introspection “experimentation”, for analyzing malware or finding bugs on systems with Intel EPT support.
- New livepatch features allow for a wider range of security fixes to be live patched while providing extra safety mechanisms to prevent users from applying patches in the wrong order.
Ongoing work on upcoming features
- Secret-free Xen– As side channel attacks continue to be risk, Secret free Xen will prevent memory from being mapped which will allow for mitigations to be turned off, increasing performance and erasing the data that was being sought after to begin with.
- Golang bindings significantly expanded – This upcoming feature will make it easier to develop customer code on top of Xen using the language, Go.
- Live migration without need for guest cooperation – Current users must have functioning Xen drivers in the guest to live migrate. This upcoming feature allows users to migrate VMs with no drivers or broken drivers.
