Data Centre


Xen Project says new version 4.10 has found balance between security and novelty

Splendid isolation for VMs, and a hand for ARM servers

By Simon Sharwood


The Xen Project has released version 4.10 of its hypervisor.

Maintainer boss Julien Grail wrote that "As in Xen 4.9, we took a security-first approach for Xen 4.10 and spent a lot of energy to improve code quality and harden security."

"This inevitably slowed down the acceptance of new features somewhat and also delayed the release. However, we believe that we reached a meaningful balance between mature security practices and innovation."

So what's new? The Reg likes the new ability to run a VM on a chosen CPU and better ways to "express placement preference of vcpus on processors, which improves cache and memory performance when configured appropriately."

VM introspection's been enhanced, notably with "A software page table walker was added to VMI on ARM, which lays the groundwork to alt2pm for ARM CPUs."

A new UI lets users do things like "modify certain boot parameters without the need to reboot Xen."

"Guest types are now selected using the type option in the configuration file, where users can select a PV, PVH or HVM guest," according to the Project's announcement of the new release.

Support for system-on-chips (SoCs) has been enhanced weith support for the 64-bit Armv8-A architecture from Qualcomm Centriq 2400 and Cavium ThunderX. As both are server architectures, Xen's made sure it's ready if the market decides Arm-powered servers are a thing.

The new release has also, however, added support for the L2 Cache Allocation Technology (CAT) that runs on some micro-servers using Intel CPUs. So let's not assume that Xen's gone all-in on ARM.

Full release notes are here and notes on how to access and build the new release are here.

Those who have noted that the United States National Security Agency has tossed plenty of code into Xen will be pleased to see that it's again name-checked as a contributor. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Countdown starts for new Xen hypervisor release

RC1 for Xen 4.10 is upon us, so get testing, hyper-hipsters

Xen turns it up to 4.11 and shrinks itself to contain containers

New version turns Meltdown mitigation into a feature

Xen 4.11 debuts new ‘PVH’ guest type, for the sake of security

Take some paravirtualization, add hardware extensions and – voila – QEMU flies away

Using Docker and Windows Server Containers? There's a patch for that

Remote code execution vuln found lurking in Microsoft's open-sourced shim

Xen Project patches Intel’s Lazy FPU flaw, VMware doesn't need to

UPDATE Guest register states are readable, but the patch cavalry has arrived

VM-container chimera Kata Containers emerges from lab

1.0 milestone signals readiness for something

Save £100s on DevOps, Containers, Agile and Continuous Delivery NOW

CLL19 blind bird ticket offer expires soon

40 reasons to save big with CD/CI, DevOps, and Containers

Events CLL19 Blind Bird offer expires soon

KVM? Us? Amazon erases new hypervisor from AWS EC2 FAQ

We've fro-Xen page to preserve evidence of NVMe servers and Xen's stay of execution

Xen 4.11 is over a month late and its devs are mostly cool with that

Hardware hassles mean rc7 was needed, spark discussion about release cadence