Xen Hypervisor 4.11 Released With Many Core Improvements
Today's release of the Xen 4.11 hypervisor introduces:
- XPTI as their performance-optimized equivalent to Kernel Page Table Isolation (KPTI). XPTI is only needed for classic PV guests as HVM/PVH guests can't exploit the hypervisor via the Meltdown vulnerability.
- Xen 4.11 with x86 CPUs now has a new microcode framework for Spectre mitigations and also supporting Retpolines for Spectre V2 mitigation. There is also SSBD (Speculative Store Bypass Disable) support for Spectre V4 mitigation, among other mitigation work to these side-channel attack vectors.
- Experimental PVH Dom0 support.
- PCI configuration space emulation within Xen rather than QEMU.
- Initial support for running unmodified legacy PV-only guests within PVH mode under Xen.
- Scheduler optimizations.
- Emulator enhancements around AVX/AVX2 and other instructions.
- Memory Bandwidth Allocation support for Intel Skylake CPUs and newer.
For those unfamiliar with Xen PVH's focus, "PVH guests are lightweight HVM guests which use Hardware virtualization support for memory and privileged instructions, PV drivers for I/O and native operating system interfaces for everything else. PVH also does not require QEMU." Moving past Xen 4.11, they are working on allowing PVH Dom0 to become fully supported and to also support PCI passthrough in this context.
More details on today's Xen 4.11 release can be found via XenProject.org.