After eight months of development free hypervisor release . Companies such as Alibaba, Amazon, AMD, Arm, Bitdefender, Citrix, EPAM Systems, Huawei and Intel participated in the development of the new release. The release of updates for the Xen 4.14 branch will last until January 24, 2022, and the publication of vulnerability fixes until July 24, 2023.
Key in Xen 4.14:
- Added support for new device model , which allows you to organize execution under a separate unprivileged user, separating the components for device emulation from Dom0. Previously, only the "qemu-traditional" device model could be used in stubdomain mode, which limited the range of emulated hardware. New model was developed by the QUBES OS project and supports the use of emulation drivers from the latest releases of QEMU, as well as related guest features available in QEMU.
- For Intel EPT-enabled systems, support for creating lightweight forks (forks) of virtual machines is implemented for quick introspection, for example, for malware analysis, or fuzzing testing. These forks use memory sharing and do not clone the device model.
- Binding to hypervisor build IDs and order of application of patches has been added to the live patching system to avoid patching for the wrong build or in the wrong order.
- Added support for CET (Intel Control-flow Enforcement Technology) extensions to protect against the execution of exploits built using return-oriented programming (ROP, Return-Oriented Programming).
- Added CONFIG_PV32 setting to disable hypervisor support for 32-bit paravirtualized (PV) guests while maintaining support for 64-bit guests.
- Added support for Hypervisor FS, a sysfs-style pseudo-FS for structured access to internal data and hypervisor settings that does not require parsing logs or writing hypercalls.
- The ability to run Xen as a guest system under the control of the Hyper-V hypervisor used in the Microsoft Azure cloud platform has been provided. Running Xen inside Hyper-V allows you to use the familiar virtualization stack in Azure cloud environments and makes it possible to move virtual machines between different cloud systems.
- Added the ability to generate a random guest ID (previously IDs were generated sequentially). Identifiers can also now be persisted between save, restore, and migration of VM state.
- Provided automatic generation of bindings for the Go language based on libxl structures.
- For Windows 7, 8.x and 10, support has been added for KDD, a utility for interacting with the WinDbg debugger (Windows Debugger), which allows you to debug Windows environments without enabling debugging in the guest OS.
- Added support for all Raspberry Pi 4 board variants shipped with 4GB and 8GB of RAM.
- Added support for AMD EPYC processors codenamed "Milan".
- Performance has been improved for nested virtualization, which runs Xen inside Xen or Viridian-based guests.
- In emulation mode, support for AVX512_BF16 instructions is implemented.
- Hypervisor build switched to using Kbuild.
Source: opennet.ru