Xen Project says new version 4.10 has found balance between security and novelty

Splendid isolation for VMs, and a hand for ARM servers

By Simon Sharwood, APAC Editor

Posted in Virtualization, 15th December 2017 04:04 GMT

The Xen Project has released version 4.10 of its hypervisor.

Maintainer boss Julien Grail wrote that "As in Xen 4.9, we took a security-first approach for Xen 4.10 and spent a lot of energy to improve code quality and harden security."

"This inevitably slowed down the acceptance of new features somewhat and also delayed the release. However, we believe that we reached a meaningful balance between mature security practices and innovation."

So what's new? The Reg likes the new ability to run a VM on a chosen CPU and better ways to "express placement preference of vcpus on processors, which improves cache and memory performance when configured appropriately."

VM introspection's been enhanced, notably with "A software page table walker was added to VMI on ARM, which lays the groundwork to alt2pm for ARM CPUs."

A new UI lets users do things like "modify certain boot parameters without the need to reboot Xen."

"Guest types are now selected using the type option in the configuration file, where users can select a PV, PVH or HVM guest," according to the Project's announcement of the new release.

Support for system-on-chips (SoCs) has been enhanced weith support for the 64-bit Armv8-A architecture from Qualcomm Centriq 2400 and Cavium ThunderX. As both are server architectures, Xen's made sure it's ready if the market decides Arm-powered servers are a thing.

The new release has also, however, added support for the L2 Cache Allocation Technology (CAT) that runs on some micro-servers using Intel CPUs. So let's not assume that Xen's gone all-in on ARM.

Full release notes are here and notes on how to access and build the new release are here.

Those who have noted that the United States National Security Agency has tossed plenty of code into Xen will be pleased to see that it's again name-checked as a contributor. ®

Sign up to our NewsletterGet IT in your inbox daily

4 Comments

More from The Register

Xen Project's plan after AWS goes KVM: Talk up embedded future

UPDATE AWS changes its tune, multi-hypervisor plan is its future

KVM? Us? Amazon erases new hypervisor from AWS EC2 FAQ

We've fro-Xen page to preserve evidence of NVMe servers and Xen's stay of execution

AWS adopts home-brewed KVM as new hypervisor

Out with Xen, in with 'core KVM technology' for new C5 instances and future VMs too

Countdown starts for new Xen hypervisor release

RC1 for Xen 4.10 is upon us, so get testing, hyper-hipsters

Xen warns of nine embargo-worthy bugs

We won't know what they are for a fortnight, but clouds are warning of VM reboots

Xen fixes guest privilege escape and plenty more

Crashes, data leaks and foul corruption also fixed

Google Cloud kicked QEMU to the kerb to harden KVM

Alphabet subsidiary decided hardware emulator that's plagued Xen had to go

Secure microkernel in a KVM switch offers spy-grade app virtualization

CSIRO and Data61 have a way to get a few air-gapped apps on one screen

Patch Qubes to prevent pwnage via Xen bug

Death knell sounded for paravirtualisation, here's why

Release the hounds! Xen 4.9's first RC is out and wants testing

Early June looks like being hypervisor happy time