BT

Xen Hypervisor 4.10 Focuses on Security and Better ARM Support

| by Hrishikesh Barua Follow 7 Followers on Jan 01, 2018. Estimated reading time: 2 minutes |

A note to our readers: As per your request we have developed a set of features that allow you to reduce the noise, while not losing sight of anything that is important. Get email and web notifications by choosing the topics you are interested in.

The Xen Project released version 4.10 of their hypervisor with an improved architecture for x86, support for ARM processor hardware updates, and changes to schedulers and the user interface.

Xen is an open source hypervisor. Amazon Web Services (AWS) has been using Xen, which is a Linux Foundation project, as its primary hypervisor. It’s also used by other cloud providers like Tencent, Alibaba Cloud, Oracle Cloud and IBM SoftLayer. The 4.10 release was a short one with code quality and hardened security as the focus areas. Xen has seen security issues in the past that affected cloud provider services.

The x86 core of the hypervisor has been re-architected to support the PVHv2 mode. Guest operating systems running on PVHv2 have a smaller Trusted Computing Base (TCB). The TCB is a collective acronym for hardware and software that are critical to a system’s security, e.g., the kernel and some utilities in an operating system. Reducing the TCB in turn reduces the attack surface of the system. Xen uses QEMU, the open source emulator, to support hardware virtualization to take full advantage of underlying hardware capabilities. In both versions 4.9 and 4.10 of Xen, the interface between Xen and QEMU was reworked to restrict the impact that security vulnerabilities in QEMU can have on guest operating systems running on Xen.

The 4.10 release also saw support for newer ARM hardware features. ARM processors are commonly used in portable and embedded devices. Xen on ARM architectures supports a single kind of guest, unlike for x86, which supports both paravirtualization and hardware virtualization. The former type of virtualization requires changes to the operating system’s code whereas the latter does not. ARM processors have a number of virtualization extensions which are supported by Xen. The 4.10 release adds support for latest System-on-Chip (SOC) technology, UART emulation and Interrupt Translation Services (ITS). UART is a chip that can manage computer peripheral devices which require timing control like serial ports and disk drive interrupts. This release also added GRUB2 support on ARM architectures.

The Credit 2 scheduler can allow specifying running a VM on a specific CPU. Xen 4.10 adds support for this, and also for allowing users to set a the maximum amount of CPU that a VM can use. This can be useful to prevent runaway processes in VMs consuming all of the host’s CPU. Updates to the "null" scheduler guarantee lesser scheduling overhead and lower latency, since this scheduler always schedules the same virtual CPU (in the guest VM) on the same underlying physical CPU (in the host running the hypervisor).

Support for User-Mode Instruction Prevention (UMIP) is a security feature that is present in new Intel processors. It can prevent the execution of certain instructions if the based on privilege levels when the feature is enabled. Xen 4.10 exposes UMIP to virtual machines to take advantage of this feature. The hypervisor’s user interface also underwent changes. It is now possible to modify certain boot parameters without rebooting the hypervisor. Guest types (paravirtualized or hardware) can be selected using a type option in the configuration file. The support documentation has been revamped, with a machine readable file which describes support related information.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT