Xen 4.11 debuts new ‘PVH’ guest type, for the sake of security
Take some paravirtualization, add hardware extensions and – voila – QEMU flies away
The Xen Project has released version 4.11 of its hypervisor.
As we reported last week, it’s more than a month late, but the projects leaders thinks it is worth the wait because this release delivers on an ambition to “create a cleaner architecture for core technology, less code and a smaller computing base for security and performance.”
A big part of delivering on that is increased use of PVH – a type of virtualization that Xen reckons blends the best of paravirtualization (PV) and Hardware Virtual Machines (HVM). PV virtualizes hardware so a guest can offer kit not found on its host, but doesn’t use virtualization extensions in silicon. HVM can use those extensions and therefore offers each VM isolated emulated hardware.
Xen says its PVH guests “are lightweight HVM guests which use Hardware virtualization support for memory and privileged instructions, PV drivers for I/O and native operating system interfaces for everything else” and reckons that’s the best of both worlds. Oh and they also don’t need QEMU to go about their business, so there’s fewer dependencies to worry about.
Xen likes PVH so much it’s added an experimental version of PVH Dom0 and signalled it will be supported in future releases.
Dom0 is Xen’s host layer, so this shows that Xen is betting pretty big on PVH.
Here’s how the project places PVH guests in the continuum of VM possibilities.
Other notables in the new release include lots of speculative execution mitigation, moving PCI configuration space from QEMU to the hypervisor and a pretty substantial re-write of Xen for Arm processors.
Sponsored: Becoming a Pragmatic Security Leader