Xen Project says new version 4.10 has found balance between security and novelty

Splendid isolation for VMs, and a hand for ARM servers

By Simon Sharwood, APAC Editor

Posted in Virtualization, 15th December 2017 04:04 GMT

The Xen Project has released version 4.10 of its hypervisor.

Maintainer boss Julien Grail wrote that "As in Xen 4.9, we took a security-first approach for Xen 4.10 and spent a lot of energy to improve code quality and harden security."

"This inevitably slowed down the acceptance of new features somewhat and also delayed the release. However, we believe that we reached a meaningful balance between mature security practices and innovation."

So what's new? The Reg likes the new ability to run a VM on a chosen CPU and better ways to "express placement preference of vcpus on processors, which improves cache and memory performance when configured appropriately."

VM introspection's been enhanced, notably with "A software page table walker was added to VMI on ARM, which lays the groundwork to alt2pm for ARM CPUs."

A new UI lets users do things like "modify certain boot parameters without the need to reboot Xen."

"Guest types are now selected using the type option in the configuration file, where users can select a PV, PVH or HVM guest," according to the Project's announcement of the new release.

Support for system-on-chips (SoCs) has been enhanced weith support for the 64-bit Armv8-A architecture from Qualcomm Centriq 2400 and Cavium ThunderX. As both are server architectures, Xen's made sure it's ready if the market decides Arm-powered servers are a thing.

The new release has also, however, added support for the L2 Cache Allocation Technology (CAT) that runs on some micro-servers using Intel CPUs. So let's not assume that Xen's gone all-in on ARM.

Full release notes are here and notes on how to access and build the new release are here.

Those who have noted that the United States National Security Agency has tossed plenty of code into Xen will be pleased to see that it's again name-checked as a contributor. ®

Sign up to our NewsletterGet IT in your inbox daily

4 Comments

More from The Register

KVM? Us? Amazon erases new hypervisor from AWS EC2 FAQ

We've fro-Xen page to preserve evidence of NVMe servers and Xen's stay of execution

Xen Project's plan after AWS goes KVM: Talk up embedded future

Update AWS changes its tune, multi-hypervisor plan is its future

Countdown starts for new Xen hypervisor release

RC1 for Xen 4.10 is upon us, so get testing, hyper-hipsters

Xen turns it up to 4.11 and shrinks itself to contain containers

New version turns Meltdown mitigation into a feature

AWS adopts home-brewed KVM as new hypervisor

Out with Xen, in with 'core KVM technology' for new C5 instances and future VMs too

Using Docker and Windows Server Containers? There's a patch for that

Remote code execution vuln found lurking in Microsoft's open-sourced shim

Linux Foundation backs new ‘ACRN’ hypervisor for embedded and IoT

UPDATED Intel tosses in code because data centre hypervisors are too bloated

Citrix snuffs Xen and NetScaler brands

Arise, ‘Citrix Hypervisor’ and ‘ Citrix SD-WAN’

KVM plans big boosts to storage and nested virtualization

Project maintainer Paolo Bonzini details open source hypervisor's future directions

Xen warns of nine embargo-worthy bugs

We won't know what they are for a fortnight, but clouds are warning of VM reboots