A new Xen version was released yesterday, and I wanted to write something to explain why it's important news.
What's inside this new release
It's already been a year since 4.16. So what about 4.17? As a very capable hypervisor with a very interesting design, Xen is used widely, even outside the datacenter. Thanks to Arm and Xilinx (now AMD) as important contributors, one can expect to find a lot of new stuff targeting the embedded world. If you want to take a look at that, feel free to check the official announcement:
Related to the x86 world
This new release also brings interesting stuff related to x86, our main area here with XCP-ng. Security related, there's now an improved speculative mitigation support, so you can know and control which mitigations are performed by Xen and others by your VM.
There's also interesting improvements on the PCI passthrough side, thanks to IOMMU superpage support (regardless of HVM or PV mode). Also, VMs can now used up to 12TiB or RAM without any security problems.
In the long run
We'll keep an eye on the "VirtIO-Grant" project, providing a de facto standard (which is virtio) support in Xen while keeping it secure thanks to Xen grants. If you forgot what grants are, you are lucky, go read this article:
There's also various changes that will help to build new features, but you'll know more about these in the coming months 😉
It's also the first release where we've been directly involved. We are committed to do more and more inside the Xen Project. XCP-ng isn't meant to "just" be an integrated virtualization solution, but more than that. You can read about our existing contributions in the project tracking side here:
But we obviously have a LOT more to come in the Xen code base, that will be in the next release. We are working on the RISC-V Xen port, modernizing the Xen metrics (using Open Metrics), working on DPU integration through a VFIO equivalent, and many other things!
Also, we have big announcements to make early in 2023 regarding the Xen Project, so stay tuned!