Xen Project Releases Version 4.18 with New Security, Performance, and Architecture Enhancements for AI/ML Applications

SAN FRANCISCO, Nov. 20, 2023 — The Xen Project, an open source hypervisor hosted at the Linux Foundation, today announced the release of Xen Project Hypervisor 4.18 with architecture enhancements for High Performance Computing (HPC) and Machine Learning (ML) applications, as well as higher security and performance features.

As always, a loyal and very active Xen Project community with developers from many organizations and many parts of the world contributed to this release.

“This version provides new enterprise security and high-performance features, but also prepares architectures for HPC and AI/ML applications, which require very large quantities of data processing,” said Kelly Choi, community manager, Xen Project. “We would like to thank the industry leaders and innovators who contributed to the release.”

Notable Features

• Arm
  • The Scalable Vector Extension (SVE) is now merged in upstream Xen as a tech preview.
  • The Arm Firmware Framework for Arm A-profile (FF-A) framework support is now merged in upstream Xen as a tech preview.
  • The memory subsystem in Xen on Arm64 is now more compliant with the Arm architecture.
• x86
  • On all Intel systems, MSR_ARCH_CAPS is now visible in guests, and controllable from the VM’s config file. For CPUs from 2019 onwards, this allows guest kernels to see details about hardware fixes for speculative mitigations.
  • Support for features new in 4^th Gen AMD EPYC Processors:
    • CPUID_USER_DIS (CPUID Faulting) used by Xen to control PV guest’s view of CPUID data
  • Support for features new in Intel Sapphire Rapids CPUs:
    • PKS (Protection Key Supervisor) available to HVM/PVH guests
    • VM-Notify used by Xen to mitigate certain micro-architectural pipeline livelocks, instead of crashing the entire server
    • Bus-lock detection, used by Xen to mitigate (by rate-limiting) the systemwide impact of a guest misusing atomic instructions
  • Support for features new in Intel Granite Rapids CPUs:
    • AVX512-FP16
  • Add Intel Hardware P-States (HWP) cpufreq driver
  • Support for enforcing system-wide operation in Data Operand Independent Timing Mode
• RISC-V and PowerPC
  • Upstream Xen GitLab CI has been set up with full Xen build and a message printed from Xen early printk
• Security
  • 20 XSAs has been published, enhancing the security of the project to keep it safe from common vulnerabilities
• MISRA-C
  • The project has officially adopted more MISRA-C rules, from four directives and 24 rules in 4.17 to 6 directives and 65 rules of MISRA-C

Other Improvements

• xl/libxl can customize SMBIOS strings for HVM guests
• On Arm, experimental support for dynamic addition/removal of Xen device tree nodes using a device tree overlay binary (.dtbo)
• Introduced two new hypercalls to map the vCPU runstate and time areas by physical rather than linear/virtual addresses

Open Community Initiative Updates

• On Arm, the upstream MPU (memory protection unit) support and PCI-passthrough work is ongoing, including some refactoring and improvements of the existing code. Support for both will be included in the next few releases.
• On RISC-V, some refactoring and improvements of the existing code have been done. BUG/WARN macros, temporary printk, and decode_cause() functions to print the reason for a trap have been introduced. In the next few releases, identity mapping, full Xen build, and trap handling will be introduced.
• On PowerPC, initial support for the ppc64le architecture was added to Xen, specifically targeting Power ISA 3.0B and later. As of 4.18, an early-stage Xen image can be built that boots on bare metal PowerNV systems. Current ongoing work focuses on handling printing to the OPAL serial console, as well as some basic Radix MMU page table initialization.

“AMD looks forward to embracing the further improvements in this latest version of the Xen hypervisor,” said Kris Chaplin, senior manager, Technical Marketing, AMD. “Further MISRA-C rules and developments in dom0less configurations, along with progress on real-time systems help path the way to a future in safety certified environments and enhance the benefits of Xen for our communities, partners and customers.”

Additional Resources

Visit these pages for Release Info and Downloads.

About the Xen Project

The Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Xen Project has more than a decade of development and is being used by more than 10 million users. A project of the Linux Foundation, the Xen Project community is focused on advancing virtualization in commercial and open source applications, including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industries and open source community leaders among its members, including Amazon Web Services, Arm, Bitdefender, Citrix, EPAM Systems, and AMD. For more information and to participate, visit XenProject.org.

Source: Xen Project