Support statement for this release

This document describes the support status and in particular the security support status of the Xen branch within which you find it.

See the bottom of the file for the definitions of the support status levels etc.

Release Support

Xen-Version: 4.10-unstable
Initial-Release: n/a
Supported-Until: TBD
Security-Support-Until: Unreleased - not yet security-supported

Feature Support

Host Architecture

x86-64

Status: Supported

[XXX Are there any restrictions (e.g. unsupported HW platforms that were not out at the time we released a version of Xen)?]

ARM v7 + Virtualization Extensions

Status: Supported

[XXX Are there any restrictions (e.g. unsupported HW platforms that were not out at the time we released a version of Xen)?]

ARM v8

Status: Supported

[XXX Are there any restrictions (e.g. unsupported HW platforms that were not out at the time we released a version of Xen)?]

Guest Type

x86/PV

Status: Supported

Traditional Xen Project PV guest

x86/HVM

Status: Supported

Fully virtualised guest using hardware virtualisation extensions

Requires hardware virtualisation support

x86/PV-on-HVM

Status: Supported

Fully virtualised guest using PV extensions/drivers for improved performance

Requires hardware virtualisation support

x86/PVH

Status: Experimental

PVHv2

Requires hardware virtualisation support

[XXX Downgraded in 4.9 from preview to experimental when PVHv1 was removed and PVHv2 was added.]

ARM

Status: Supported

Limits/Host

x86/CPUs

Limit-Security: 4095
Limit: 4095

May not work/boot ... but still should provide security support

x86/RAM

Limit-Security: 16TB
Limit: 16TB

ACTION: Andy to suggest what this should say

ARM/CPUs

Limit-Security: 8 for 32bit; 128 for 64bit
Limit: 8 for 32bit; 128 for 64bit

ARM/RAM

Limit-Security: 16GB for 32bit, 5TB for 64bit
Limit: 16GB for 32bit, 5TB for 64bit

Limits/Guest

x86/PV/Virtual CPUs

Limit-Security: 512
Limit: 512

x86/PV/Virtual RAM

Limit-Security: >1TB
Limit: >1TB

x86/HVM/Virtual CPUs

Limit-Security: 128
Limit: 128

x86/HVM/Virtual RAM

Limit-Security: 1TB
Limit: 1TB

ARM/Virtual CPUs

Limit-Security: 8 for 32bit; 128 for 64bit
Limit: 8 for 32bit; 128 for 64bit

ARM/Virtual RAM

Limit-Security: 1TB
Limit: 1TB

[XXX Limited by supported host memory]

Event Channels

Limit-Security: 131072
Limit: 131072

Toolstack

xl

Status: Supported

[XXX For man pages, see http://xenbits.xen.org/docs/unstable/man/xl.1.html]

Qemu based disk backend (qdisk) for xl

Status: Supported

[XXX Used as a fallback if blkback and/or blktap2 are not available]

Open vSwitch integration for xl

Status: Supported

[XXX See https://wiki.xenproject.org/wiki/XenNetworking#OpenvSwitch]

systemd support for xl

Status: Supported

JSON support for xl

Status: Preview

AHCI support for xl

Status: Supported

PVUSB support for xl

Status: Supported

HVM USB passthrough for xl

Status: Supported

QEMU backend hotplugging for xl

Status: Supported

Soft-reset for xl

Status: Supported

Toolstack/3rd party

libvirt driver for xl

Status: Supported

[XXX No security support for the xl libvirt driver from the Xen Project. For security support see https://libvirt.org/securityprocess.html]

Tooling

gdbsx

Status: Supported

Debugger to debug ELF guests

[XXX Not yet supported on ARM.

Should there be security support?]

vPMU

Status: Supported

Virtual Performance Management Unit for HVM guests

[XXX Not yet supported on ARM. Disabled by default (enable with hypervisor command line option). This feature is not security supported: see http://xenbits.xen.org/xsa/advisory-163.html]

Serial Console

Status: Supported

Logs key hypervisor and Dom0 kernel events to a file

[XXX Should there be security support?]

xentrace

Status: Supported

Tool to capture Xen trace buffer data

[XXX Should there be security support?]

gcov

Status: Supported

[XXX Should there be security support?]

Memory Management

Memory Ballooning

Status: Supported

Memory Sharing

Status: Preview

Allow sharing of identical pages between HVM guests

Memory Paging

Status: Preview

Allow pages belonging to HVM guests to be paged to disk

Transcendent Memory

Status: Experimental

Alternative 2pm

Status: Preview

Allows external monitoring of hypervisor memory using Intel EPT by allowing to maintain multiple physical memory to machine physical mappings

[XXX Should there be security support?]

Resource Management

CPU Pools

Status: Supported

Groups physical cpus into distinct groups called "cpupools", with each pool having the capability of using different schedulers and scheduling properties.

Credit Scheduler

Status: Supported

The default scheduler, which is a weighted proportional fair share virtual CPU scheduler.

Credit2 Scheduler

Status: Supported

Credit2 is a general purpose scheduler for Xen, designed with particular focus on fairness, responsiveness and scalability

RTDS based Scheduler

Status: Experimental

A soft real-time CPU scheduler built to provide guaranteed CPU capacity to guest VMs on SMP hosts

ARINC653 Scheduler

Status: Supported

A periodically repeating fixed timeslice scheduler. Multicore support is not yet implemented.

[XXX Multicore support is not yet implemented.]

Null Scheduler

Status: Experimental

A very simple, very static scheduling posicy that always schedules the same vCPU(s) on the same pCPU(s). It is designed for maximum determinism and minimum overhead on embedded platforms.

Numa scheduler affinity

Status: Supported

Enables Numa aware scheduling in Xen

[XXX Not yet supported on ARM.]

Scalability

1GB/2MB super page support

Status: Supported

Deliver events to PVHVM guests using Xen event channels

Status: Supported

Fair locks (ticket-locks)

Status: Supported

High Availability and Fault Tolerance

Live Migration, Save & Restore

Status: Supported

Remus Fault Tolerance

Status: Experimental

COLO Manager

Status: Experimental

x86/vMCE

Status: Supported

Forward Machine Check Exceptions to Appropriate guests

Network and Storage

NetFront/NetBack

Status: Supported

BlkFront/BlkBack

Status: Supported

Blktap2

Status: Obsolete

QEMU BlckBackend, and others

Status: Supported

Online resize of virtual disks

Status: Supported

Security

Driver Domains

Status: Supported

Device Model Stub Domains

Status: Supported

Vulnerabilities of a device model stub domain to a hostile driver domain are excluded from security support.

KCONFIG Expert

Status: Experimental

Live Patching

Status: Supported

For x86 only

[XXX Compile time disabled]

Virtual Machine Introspection

Status: Supported

XSM & FLASK

Status: Experimental

[XXX Compile time disabled]

XSM & FLASK support for IS_PRIV

Status: Experimental

[XXX Compile time disabled]

vTPM Support

Status: Supported

Intel/TXT ???

Status: ???

TXT-based integrity system for the Linux kernel and Xen hypervisor

Hardware

x86/Nested Virtualization

Status: Experimental

Running a hypervisor inside an HVM guest

x86/HVM iPXE

Status: Insecure

[XXX Via iPXE]

x86/Physical CPU Hotplug

Status: Supported

x86/Physical Memory Hotplug

Status: Supported

x86/Support for PV kernels in bzImage format

Status: Supported

x86/PCI Passthrough PV

Status: Insecure

[XXX Security support?]

x86/PCI Passthrough HVM

Status: Supported

x86/Advanced Vector eXtension

Status: Supported

Intel Platform QoS Technologies

Status: Preview

Format and definitions

This file contains prose, and machine-readable fragments. The data in a machine-readable fragment relate to the section and subection in which it is fine.

The file is in markdown format. The machine-readable fragments are markdown literals containing RFC-822-like (deb822-like) data.

Keys found in the Feature Support subsections

Status

This gives the overall status of the feature, including security support status, functional completeness, etc. Refer to the detailed definitions below.

Restrictions

This is a summary of any restrictions which apply, particularly to functional or security support.

Full details of restrictions may be provided in the prose section of the feature entry, if a Restrictions tag is present.

Limit-Security

For size limits. This figure shows the largest configuration which will receive security support. This does not mean that such a configuration will actually work.

Limit

This figure shows a theoretical size limit. This does not mean that such a large configuration will actually work.

Definition of Status labels

Each Status value corresponds to levels of security support, testing, stability, etc., as follows:

Experimental

Functional completeness: No
Functional stability: Here be dragons
Interface stability: Not stable
Security supported: No

Tech Preview

Functional completeness: Yes
Functional stability: Quirky
Interface stability: Provisionally stable
Security supported: No

Supported

Functional completeness: Yes
Functional stability: Normal
Interface stability: Yes
Security supported: Yes

Deprecated

Functional completeness: Yes
Functional stability: Quirky
Interface stability: No (as in, may disappear the next release)
Security supported: Yes

All of these may appear in modified form. There are several interfaces, for instance, which are officially declared as not stable; in such a case this feature may be described as "Stable / Interface not stable".

Definition of the status label interpretation tags

Functionally complete

Does it behave like a fully functional feature? Does it work on all expected platforms, or does it only work for a very specific sub-case? Does it have a sensible UI, or do you have to have a deep understanding of the internals to get it to work properly?

Functional stability

What is the risk of it exhibiting bugs?

General answers to the above:

• Here be dragons

  Pretty likely to still crash / fail to work. Not recommended unless you like life on the bleeding edge.

• Quirky

  Mostly works but may have odd behavior here and there. Recommended for playing around or for non-production use cases.

• Normal

  Ready for production use

Interface stability

If I build a system based on the current interfaces, will they still work when I upgrade to the next version?

• Not stable

  Interface is still in the early stages and still fairly likely to be broken in future updates.

• Provisionally stable

  We're not yet promising backwards compatibility, but we think this is probably the final form of the interface. It may still require some tweaks.

• Stable

  We will try very hard to avoid breaking backwards compatibility, and to fix any regressions that are reported.

Security supported

Will XSAs be issued if security-related bugs are discovered in the functionality?

If "no", anyone who finds a security-related bug in the feature will be advised to post it publicly to the Xen Project mailing lists (or contact another security response team, if a relevant one exists).

Bugs found after the end of Security-Support-Until in the Release Support section will receive an XSA if they also affect newer, security-supported, versions of Xen. However, the Xen Project will not provide official fixes for non-security-supported versions.

Interaction with other features

Not all features interact well with all other features. Some features are only for HVM guests; some don't work with migration, &c.