Xen Hypervisor 4.11 is now available, after 1206 commits from 406 patches. What's inside?
The full official Xen blog post can be read here.
You're probably aware of the Meltdown and Spectre vulnerabilities. Xen 4.11 was focused on finding solutions to mitigate them. "XPTI" and "Branch Predictor Hardening" are the main solutions implemented in this release.
PVH is a virtualization mode that offers the best of both "HVM" and "PV" modes. This is not new, but it's not straightforward to develop. Xen 4.11 adds PVH support for Dom0, although it's experimental. However it's going in the right direction, and we should see even more support in future releases. In short PVH is faster, lightweight, and removes some dependencies (QEMU), therefore reducing the attack surface.
Various optimizations have been added for the CPU scheduler, along with more instruction support (AVX2…) and some ARM stuff.