1% Support statement for this release
2
3This document describes the support status
4and in particular the security support status of the Xen branch
5within which you find it.
6
7See the bottom of the file
8for the definitions of the support status levels etc.
9
10# Release Support
11
12    Xen-Version: 4.14
13    Initial-Release: 2020-07-24
14    Supported-Until: 2022-01-24
15    Security-Support-Until: 2023-07-24
16
17Release Notes
18: <a href="https://wiki.xenproject.org/wiki/Xen_Project_4.14_Release_Notes">RN</a>
19
20# Feature Support
21
22## Kconfig
23
24EXPERT and DEBUG Kconfig options are not security supported. Other
25Kconfig options are supported, if the related features are marked as
26supported in this document.
27
28## Host Architecture
29
30### x86-64
31
32    Status: Supported
33
34### ARM v7 + Virtualization Extensions
35
36    Status: Supported
37
38### ARM v8
39
40    Status: Supported
41
42## Host hardware support
43
44### Physical CPU Hotplug
45
46    Status, x86: Supported
47
48### Physical Memory Hotplug
49
50    Status, x86: Supported
51
52### Host ACPI (via Domain 0)
53
54    Status, x86 PV: Supported
55    Status, ARM: Experimental
56
57### x86/Intel Platform QoS Technologies
58
59    Status: Tech Preview
60
61### IOMMU
62
63    Status, AMD IOMMU: Supported
64    Status, Intel VT-d: Supported
65    Status, ARM SMMUv1: Supported
66    Status, ARM SMMUv2: Supported
67    Status, Renesas IPMMU-VMSA: Tech Preview
68
69### ARM/GICv3 ITS
70
71Extension to the GICv3 interrupt controller to support MSI.
72
73    Status: Experimental
74
75## Guest Type
76
77### x86/PV
78
79Traditional Xen PV guest
80
81No hardware requirements
82
83    Status: Supported
84
85### x86/HVM
86
87Fully virtualised guest using hardware virtualisation extensions
88
89Requires hardware virtualisation support (Intel VMX / AMD SVM)
90
91    Status, domU: Supported
92
93### x86/PVH
94
95PVH is a next-generation paravirtualized mode
96designed to take advantage of hardware virtualization support when possible.
97During development this was sometimes called HVMLite or PVHv2.
98
99Requires hardware virtualisation support (Intel VMX / AMD SVM).
100
101Dom0 support requires an IOMMU (Intel VT-d / AMD IOMMU).
102
103    Status, domU: Supported
104    Status, dom0: Experimental
105
106### ARM
107
108ARM only has one guest type at the moment
109
110    Status: Supported
111
112## Hypervisor file system
113
114### Build info
115
116    Status: Supported
117
118### Hypervisor config
119
120    Status: Supported
121
122### Runtime parameters
123
124    Status: Supported
125
126## Toolstack
127
128### xl
129
130    Status: Supported
131
132### Direct-boot kernel image format
133
134Format which the toolstack accepts for direct-boot kernels
135
136    Supported, x86: bzImage, ELF
137    Supported, ARM32: zImage
138    Supported, ARM64: Image
139
140### Dom0 init support for xl
141
142    Status, SysV: Supported
143    Status, systemd: Supported
144    Status, BSD-style: Supported
145
146### JSON output support for xl
147
148Output of information in machine-parseable JSON format
149
150    Status: Experimental
151
152### Open vSwitch integration for xl
153
154    Status, Linux: Supported
155
156### Virtual cpu hotplug
157
158    Status: Supported
159
160### QEMU backend hotplugging for xl
161
162    Status: Supported
163
164### xenlight Go package
165
166Go (golang) bindings for libxl
167
168    Status: Experimental
169
170### Linux device model stubdomains
171
172Support for running qemu-xen device model in a linux stubdomain.
173
174    Status: Tech Preview
175
176## Toolstack/3rd party
177
178### libvirt driver for xl
179
180    Status: Supported, Security support external
181
182## Debugging, analysis, and crash post-mortem
183
184### Host serial console
185
186    Status, NS16550: Supported
187    Status, EHCI: Supported
188    Status, Cadence UART (ARM): Supported
189    Status, PL011 UART (ARM): Supported
190    Status, Exynos 4210 UART (ARM): Supported
191    Status, OMAP UART (ARM): Supported
192    Status, SCI(F) UART: Supported
193
194### Hypervisor 'debug keys'
195
196These are functions triggered either from the host serial console,
197or via the xl 'debug-keys' command,
198which cause Xen to dump various hypervisor state to the console.
199
200    Status: Supported, not security supported
201
202### Hypervisor synchronous console output (sync_console)
203
204Xen command-line flag to force synchronous console output.
205
206    Status: Supported, not security supported
207
208Useful for debugging, but not suitable for production environments
209due to incurred overhead.
210
211### gdbsx
212
213    Status, x86: Supported, not security supported
214
215Debugger to debug ELF guests
216
217### Soft-reset for PV guests
218
219Soft-reset allows a new kernel to start 'from scratch' with a fresh VM state,
220but with all the memory from the previous state of the VM intact.
221This is primarily designed to allow "crash kernels",
222which can do core dumps of memory to help with debugging in the event of a crash.
223
224    Status: Supported
225
226### xentrace
227
228Tool to capture Xen trace buffer data
229
230    Status, x86: Supported
231
232### gcov
233
234Export hypervisor coverage data suitable for analysis by gcov or lcov.
235
236    Status: Supported, Not security supported
237
238## Memory Management
239
240### Dynamic memory control
241
242Allows a guest to add or remove memory after boot-time.
243This is typically done by a guest kernel agent known as a "balloon driver".
244
245    Status: Supported
246
247### Populate-on-demand memory
248
249This is a mechanism that allows normal operating systems with only a balloon driver
250to boot with memory < maxmem.
251
252    Status, x86 HVM: Supported
253
254### Memory Sharing
255
256Allow sharing of identical pages between guests
257
258    Status, x86 HVM: Experimental
259
260### Memory Paging
261
262Allow pages belonging to guests to be paged to disk
263
264    Status, x86 HVM: Experimental
265
266### Alternative p2m
267
268Alternative p2m (altp2m) allows external monitoring of guest memory
269by maintaining multiple physical to machine (p2m) memory mappings.
270
271    Status, x86 HVM: Tech Preview
272    Status, ARM: Tech Preview
273
274## Resource Management
275
276### CPU Pools
277
278Groups physical cpus into distinct groups called "cpupools",
279with each pool having the capability
280of using different schedulers and scheduling properties.
281
282    Status: Supported
283
284### Core Scheduling
285
286Allows to group virtual cpus into virtual cores which are scheduled on the
287physical cores. This results in never running different guests at the same
288time on the same physical core.
289
290    Status, x86: Experimental
291
292### Credit Scheduler
293
294A weighted proportional fair share virtual CPU scheduler.
295This is the default scheduler.
296
297    Status: Supported
298
299### Credit2 Scheduler
300
301A general purpose scheduler for Xen,
302designed with particular focus on fairness, responsiveness, and scalability
303
304    Status: Supported
305
306### RTDS based Scheduler
307
308A soft real-time CPU scheduler
309built to provide guaranteed CPU capacity to guest VMs on SMP hosts
310
311    Status: Experimental
312
313### ARINC653 Scheduler
314
315A periodically repeating fixed timeslice scheduler.
316
317    Status: Supported
318
319Currently only single-vcpu domains are supported.
320
321### Null Scheduler
322
323A very simple, very static scheduling policy
324that always schedules the same vCPU(s) on the same pCPU(s).
325It is designed for maximum determinism and minimum overhead
326on embedded platforms.
327
328    Status: Experimental
329
330### NUMA scheduler affinity
331
332Enables NUMA aware scheduling in Xen
333
334    Status, x86: Supported
335
336## Scalability
337
338### Super page support
339
340NB that this refers to the ability of guests
341to have higher-level page table entries point directly to memory,
342improving TLB performance.
343On ARM, and on x86 in HAP mode,
344the guest has whatever support is enabled by the hardware.
345
346This feature is independent
347of the ARM "page granularity" feature (see below).
348
349    Status, x86 HVM/PVH, HAP: Supported
350    Status, x86 HVM/PVH, Shadow, 2MiB: Supported
351    Status, ARM: Supported
352
353On x86 in shadow mode, only 2MiB (L2) superpages are available;
354furthermore, they do not have the performance characteristics
355of hardware superpages.
356
357### x86/PVHVM
358
359This is a useful label for a set of hypervisor features
360which add paravirtualized functionality to HVM guests
361for improved performance and scalability.
362This includes exposing event channels to HVM guests.
363
364    Status: Supported
365
366## High Availability and Fault Tolerance
367
368### Remus Fault Tolerance
369
370    Status: Experimental
371
372### COLO Manager
373
374    Status: Experimental
375
376### x86/vMCE
377
378Forward Machine Check Exceptions to appropriate guests
379
380    Status: Supported
381
382## Virtual driver support, guest side
383
384### Blkfront
385
386Guest-side driver capable of speaking the Xen PV block protocol
387
388    Status, Linux: Supported
389    Status, FreeBSD: Supported, Security support external
390    Status, NetBSD: Supported, Security support external
391    Status, OpenBSD: Supported, Security support external
392    Status, Windows: Supported
393
394### Netfront
395
396Guest-side driver capable of speaking the Xen PV networking protocol
397
398    Status, Linux: Supported
399    Status, FreeBSD: Supported, Security support external
400    Status, NetBSD: Supported, Security support external
401    Status, OpenBSD: Supported, Security support external
402    Status, Windows: Supported
403
404### PV Framebuffer (frontend)
405
406Guest-side driver capable of speaking the Xen PV Framebuffer protocol
407
408    Status, Linux (xen-fbfront): Supported
409
410### PV display (frontend)
411
412Guest-side driver capable of speaking the Xen PV display protocol
413
414    Status, Linux: Supported
415
416### PV Console (frontend)
417
418Guest-side driver capable of speaking the Xen PV console protocol
419
420    Status, Linux (hvc_xen): Supported
421    Status, FreeBSD: Supported, Security support external
422    Status, NetBSD: Supported, Security support external
423    Status, Windows: Supported
424
425### PV keyboard (frontend)
426
427Guest-side driver capable of speaking the Xen PV keyboard protocol.
428Note that the "keyboard protocol" includes mouse / pointer /
429multi-touch support as well.
430
431    Status, Linux (xen-kbdfront): Supported
432
433### PV USB (frontend)
434
435    Status, Linux: Supported
436
437### PV SCSI protocol (frontend)
438
439    Status, Linux: Supported, with caveats
440
441NB that while the PV SCSI frontend is in Linux and tested regularly,
442there is currently no xl support.
443
444### PV TPM (frontend)
445
446Guest-side driver capable of speaking the Xen PV TPM protocol
447
448    Status, Linux (xen-tpmfront): Tech Preview
449
450### PV 9pfs frontend
451
452Guest-side driver capable of speaking the Xen 9pfs protocol
453
454    Status, Linux: Tech Preview
455
456### PVCalls (frontend)
457
458Guest-side driver capable of making pv system calls
459
460    Status, Linux: Tech Preview
461
462### PV sound (frontend)
463
464Guest-side driver capable of speaking the Xen PV sound protocol
465
466    Status, Linux: Supported
467
468## Virtual device support, host side
469
470For host-side virtual device support,
471"Supported" and "Tech preview" include xl/libxl support
472unless otherwise noted.
473
474### Blkback
475
476Host-side implementations of the Xen PV block protocol.
477
478    Status, Linux (xen-blkback): Supported
479    Status, QEMU (xen_disk), raw format: Supported
480    Status, QEMU (xen_disk), qcow format: Supported
481    Status, QEMU (xen_disk), qcow2 format: Supported
482    Status, QEMU (xen_disk), vhd format: Supported
483    Status, FreeBSD (blkback): Supported, Security support external
484    Status, NetBSD (xbdback): Supported, security support external
485    Status, Blktap2, raw format: Deprecated
486    Status, Blktap2, vhd format: Deprecated
487
488Backends only support raw format unless otherwise specified.
489
490### Netback
491
492Host-side implementations of Xen PV network protocol
493
494    Status, Linux (xen-netback): Supported
495    Status, FreeBSD (netback): Supported, Security support external
496    Status, NetBSD (xennetback): Supported, Security support external
497
498### PV Framebuffer (backend)
499
500Host-side implementation of the Xen PV framebuffer protocol
501
502    Status, QEMU: Supported
503
504### PV Console (xenconsoled)
505
506Host-side implementation of the Xen PV console protocol
507
508    Status: Supported
509
510### PV keyboard (backend)
511
512Host-side implementation of the Xen PV keyboard protocol.
513Note that the "keyboard protocol" includes mouse / pointer support as well.
514
515    Status, QEMU: Supported
516
517### PV USB (backend)
518
519Host-side implementation of the Xen PV USB protocol
520
521    Status, QEMU: Supported
522
523### PV SCSI protocol (backend)
524
525    Status, Linux: Experimental
526
527NB that while the PV SCSI backend is in Linux and tested regularly,
528there is currently no xl support.
529
530### PV TPM (backend)
531
532    Status: Tech Preview
533
534### PV 9pfs (backend)
535
536    Status, QEMU: Tech Preview
537
538### PVCalls (backend)
539
540    Status, Linux: Experimental
541
542PVCalls backend has been checked into Linux,
543but has no xl support.
544
545### Online resize of virtual disks
546
547    Status: Supported
548
549## Security
550
551### Driver Domains
552
553"Driver domains" means allowing non-Domain 0 domains
554with access to physical devices to act as back-ends.
555
556    Status: Supported, with caveats
557
558See the appropriate "Device Passthrough" section
559for more information about security support.
560
561### Device Model Stub Domains
562
563    Status: Supported, with caveats
564
565Vulnerabilities of a device model stub domain
566to a hostile driver domain (either compromised or untrusted)
567are excluded from security support.
568
569### Device Model Deprivileging
570
571    Status, Linux dom0: Tech Preview, with limited support
572
573This means adding extra restrictions to a device model in order to
574prevent a compromised device model from attacking the rest of the
575domain it's running in (normally dom0).
576
577"Tech preview with limited support" means we will not issue XSAs for
578the _additional_ functionality provided by the feature; but we will
579issue XSAs in the event that enabling this feature opens up a security
580hole that would not be present without the feature disabled.
581
582For example, while this is classified as tech preview, a bug in libxl
583which failed to change the user ID of QEMU would not receive an XSA,
584since without this feature the user ID wouldn't be changed. But a
585change which made it possible for a compromised guest to read
586arbitrary files on the host filesystem without compromising QEMU would
587be issued an XSA, since that does weaken security.
588
589### KCONFIG Expert
590
591    Status: Experimental
592
593### Live Patching
594
595    Status, x86: Supported
596    Status, ARM: Experimental
597
598Compile time disabled for ARM by default.
599
600### Virtual Machine Introspection
601
602    Status, x86: Supported, not security supported
603
604### XSM & FLASK
605
606    Status: Experimental
607
608Compile time disabled by default.
609
610Also note that using XSM
611to delegate various domain control hypercalls
612to particular other domains, rather than only permitting use by dom0,
613is also specifically excluded from security support for many hypercalls.
614Please see XSA-77 for more details.
615
616### FLASK default policy
617
618    Status: Experimental
619
620The default policy includes FLASK labels and roles for a "typical" Xen-based system
621with dom0, driver domains, stub domains, domUs, and so on.
622
623## Virtual Hardware, Hypervisor
624
625### x86/Nested PV
626
627This means running a Xen hypervisor inside an HVM domain on a Xen system,
628with support for PV L2 guests only
629(i.e., hardware virtualization extensions not provided
630to the guest).
631
632    Status, x86 Xen HVM: Tech Preview
633
634This works, but has performance limitations
635because the L1 dom0 can only access emulated L1 devices.
636
637Xen may also run inside other hypervisors (KVM, Hyper-V, VMWare),
638but nobody has reported on performance.
639
640### x86/Nested HVM
641
642This means providing hardware virtulization support to guest VMs
643allowing, for instance, a nested Xen to support both PV and HVM guests.
644It also implies support for other hypervisors,
645such as KVM, Hyper-V, Bromium, and so on as guests.
646
647    Status, x86 HVM: Experimental
648
649### vPMU
650
651Virtual Performance Management Unit for HVM guests
652
653    Status, x86: Supported, Not security supported
654
655Disabled by default (enable with hypervisor command line option).
656This feature is not security supported: see https://xenbits.xen.org/xsa/advisory-163.html
657
658### Argo: Inter-domain message delivery by hypercall
659
660    Status: Experimental
661
662### x86/PCI Device Passthrough
663
664    Status, x86 PV: Supported, with caveats
665    Status, x86 HVM: Supported, with caveats
666
667Only systems using IOMMUs are supported.
668
669Not compatible with migration, populate-on-demand, altp2m,
670introspection, memory sharing, or memory paging.
671
672Because of hardware limitations
673(affecting any operating system or hypervisor),
674it is generally not safe to use this feature
675to expose a physical device to completely untrusted guests.
676However, this feature can still confer significant security benefit
677when used to remove drivers and backends from domain 0
678(i.e., Driver Domains).
679
680### x86/Multiple IOREQ servers
681
682An IOREQ server provides emulated devices to HVM and PVH guests.
683QEMU is normally the only IOREQ server,
684but Xen has support for multiple IOREQ servers.
685This allows for custom or proprietary device emulators
686to be used in addition to QEMU.
687
688	Status: Experimental
689
690### ARM/Non-PCI device passthrough
691
692    Status: Supported, not security supported
693
694Note that this still requires an IOMMU
695that covers the DMA of the device to be passed through.
696
697### ARM: 16K and 64K page granularity in guests
698
699    Status: Supported, with caveats
700
701No support for QEMU backends in a 16K or 64K domain.
702
703### ARM: Guest Device Tree support
704
705    Status: Supported
706
707### ARM: Guest ACPI support
708
709    Status: Supported
710
711### Arm: OP-TEE Mediator
712
713    Status: Tech Preview
714
715## Virtual Hardware, QEMU
716
717This section describes supported devices available in HVM mode using a
718qemu devicemodel (the default).
719
720    Status: Support scope restricted
721
722Note that other devices are available but not security supported.
723
724### x86/Emulated platform devices (QEMU):
725
726    Status, piix3: Supported
727
728### x86/Emulated network (QEMU):
729
730    Status, e1000: Supported
731    Status, rtl8193: Supported
732    Status, virtio-net: Supported
733
734### x86/Emulated storage (QEMU):
735
736    Status, piix3 ide: Supported
737    Status, ahci: Supported
738
739See the section **Blkback** for image formats supported by QEMU.
740
741### x86/Emulated graphics (QEMU):
742
743    Status, cirrus-vga: Supported
744    Status, stdvga: Supported
745
746### x86/Emulated audio (QEMU):
747
748    Status, sb16: Supported
749    Status, es1370: Supported
750    Status, ac97: Supported
751
752### x86/Emulated input (QEMU):
753
754    Status, usbmouse: Supported
755    Status, usbtablet: Supported
756    Status, ps/2 keyboard: Supported
757    Status, ps/2 mouse: Supported
758
759### x86/Emulated serial card (QEMU):
760
761    Status, UART 16550A: Supported
762
763### x86/Host USB passthrough (QEMU):
764
765    Status: Supported, not security supported
766
767### qemu-xen-traditional ###
768
769The Xen Project provides an old version of qemu with modifications
770which enable use as a device model stub domain.  The old version is
771normally selected by default only in a stub dm configuration, but it
772can be requested explicitly in other configurations, for example in
773`xl` with `device_model_version="QEMU_XEN_TRADITIONAL"`.
774
775    Status, Device Model Stub Domains: Supported, with caveats
776    Status, as host process device model: No security support, not recommended
777
778qemu-xen-traditional is security supported only for those available
779devices which are supported for mainstream QEMU (see above), with
780trusted driver domains (see Device Model Stub Domains).
781
782## Virtual Firmware
783
784### x86/HVM iPXE
785
786Booting a guest via PXE.
787
788    Status: Supported, with caveats
789
790PXE inherently places full trust of the guest in the network,
791and so should only be used
792when the guest network is under the same administrative control
793as the guest itself.
794
795### x86/HVM BIOS
796
797Booting a guest via guest BIOS firmware
798
799    Status, SeaBIOS (qemu-xen): Supported
800    Status, ROMBIOS (qemu-xen-traditional): Supported
801
802### x86/HVM OVMF
803
804OVMF firmware implements the UEFI boot protocol.
805
806    Status, qemu-xen: Supported
807
808# Format and definitions
809
810This file contains prose, and machine-readable fragments.
811The data in a machine-readable fragment relate to
812the section and subsection in which it is found.
813
814The file is in markdown format.
815The machine-readable fragments are markdown literals
816containing RFC-822-like (deb822-like) data.
817
818In each case, descriptions which expand on the name of a feature as
819provided in the section heading, precede the Status indications.
820Any paragraphs which follow the Status indication are caveats or
821qualifications of the information provided in Status fields.
822
823## Keys found in the Feature Support subsections
824
825### Status
826
827This gives the overall status of the feature,
828including security support status, functional completeness, etc.
829Refer to the detailed definitions below.
830
831If support differs based on implementation
832(for instance, x86 / ARM, Linux / QEMU / FreeBSD),
833one line for each set of implementations will be listed.
834
835## Definition of Status labels
836
837Each Status value corresponds to levels of security support,
838testing, stability, etc., as follows:
839
840### Experimental
841
842    Functional completeness: No
843    Functional stability: Here be dragons
844    Interface stability: Not stable
845    Security supported: No
846
847### Tech Preview
848
849    Functional completeness: Yes
850    Functional stability: Quirky
851    Interface stability: Provisionally stable
852    Security supported: No
853
854#### Supported
855
856    Functional completeness: Yes
857    Functional stability: Normal
858    Interface stability: Yes
859    Security supported: Yes
860
861#### Deprecated
862
863    Functional completeness: Yes
864    Functional stability: Quirky
865    Interface stability: No (as in, may disappear the next release)
866    Security supported: Yes
867
868All of these may appear in modified form.
869There are several interfaces, for instance,
870which are officially declared as not stable;
871in such a case this feature may be described as "Stable / Interface not stable".
872
873## Definition of the status label interpretation tags
874
875### Functionally complete
876
877Does it behave like a fully functional feature?
878Does it work on all expected platforms,
879or does it only work for a very specific sub-case?
880Does it have a sensible UI,
881or do you have to have a deep understanding of the internals
882to get it to work properly?
883
884### Functional stability
885
886What is the risk of it exhibiting bugs?
887
888General answers to the above:
889
890  * **Here be dragons**
891
892    Pretty likely to still crash / fail to work.
893    Not recommended unless you like life on the bleeding edge.
894
895  * **Quirky**
896
897    Mostly works but may have odd behavior here and there.
898    Recommended for playing around or for non-production use cases.
899
900  * **Normal**
901
902    Ready for production use
903
904### Interface stability
905
906If I build a system based on the current interfaces,
907will they still work when I upgrade to the next version?
908
909  * **Not stable**
910
911    Interface is still in the early stages and
912    still fairly likely to be broken in future updates.
913
914  * **Provisionally stable**
915
916    We're not yet promising backwards compatibility,
917    but we think this is probably the final form of the interface.
918    It may still require some tweaks.
919
920  * **Stable**
921
922    We will try very hard to avoid breaking backwards  compatibility,
923    and to fix any regressions that are reported.
924
925### Security supported
926
927Will XSAs be issued if security-related bugs are discovered
928in the functionality?
929
930If "no",
931anyone who finds a security-related bug in the feature
932will be advised to
933post it publicly to the Xen Project mailing lists
934(or contact another security response team,
935if a relevant one exists).
936
937Bugs found after the end of **Security-Support-Until**
938in the Release Support section will receive an XSA
939if they also affect newer, security-supported, versions of Xen.
940However, the Xen Project will not provide official fixes
941for non-security-supported versions.
942
943Three common 'diversions' from the 'Supported' category
944are given the following labels:
945
946  * **Supported, Not security supported**
947
948    Functionally complete, normal stability,
949    interface stable, but no security support
950
951  * **Supported, Security support external**
952
953    This feature is security supported
954    by a different organization (not the XenProject).
955    See **External security support** below.
956
957  * **Supported, with caveats**
958
959    This feature is security supported only under certain conditions,
960    or support is given only for certain aspects of the feature,
961    or the feature should be used with care
962    because it is easy to use insecurely without knowing it.
963    Additional details will be given in the description.
964
965### Interaction with other features
966
967Not all features interact well with all other features.
968Some features are only for HVM guests; some don't work with migration, &c.
969
970### External security support
971
972The XenProject security team
973provides security support for XenProject projects.
974
975We also provide security support for Xen-related code in Linux,
976which is an external project but doesn't have its own security process.
977
978External projects that provide their own security support for Xen-related features are listed below.
979
980  * QEMU https://wiki.qemu.org/index.php/SecurityProcess
981
982  * Libvirt https://libvirt.org/securityprocess.html
983
984  * FreeBSD https://www.freebsd.org/security/
985
986  * NetBSD http://www.netbsd.org/support/security/
987
988  * OpenBSD https://www.openbsd.org/security.html
989