Xen Project says new version 4.10 has found balance between security and novelty
Splendid isolation for VMs, and a hand for ARM servers
The Xen Project has released version 4.10 of its hypervisor.
Maintainer boss Julien Grail wrote that "As in Xen 4.9, we took a security-first approach for Xen 4.10 and spent a lot of energy to improve code quality and harden security."
"This inevitably slowed down the acceptance of new features somewhat and also delayed the release. However, we believe that we reached a meaningful balance between mature security practices and innovation."
So what's new? The Reg likes the new ability to run a VM on a chosen CPU and better ways to "express placement preference of vcpus on processors, which improves cache and memory performance when configured appropriately."
VM introspection's been enhanced, notably with "A software page table walker was added to VMI on ARM, which lays the groundwork to alt2pm for ARM CPUs."
A new UI lets users do things like "modify certain boot parameters without the need to reboot Xen."
"Guest types are now selected using the type option in the configuration file, where users can select a PV, PVH or HVM guest," according to the Project's announcement of the new release.
Support for system-on-chips (SoCs) has been enhanced weith support for the 64-bit Armv8-A architecture from Qualcomm Centriq 2400 and Cavium ThunderX. As both are server architectures, Xen's made sure it's ready if the market decides Arm-powered servers are a thing.
The new release has also, however, added support for the L2 Cache Allocation Technology (CAT) that runs on some micro-servers using Intel CPUs. So let's not assume that Xen's gone all-in on ARM.
Those who have noted that the United States National Security Agency has tossed plenty of code into Xen will be pleased to see that it's again name-checked as a contributor. ®
Sponsored: Becoming a Pragmatic Security Leader