Xen 4.6 发布,增强安全性和 Intel 支持
Xen 是一个开放源代码虚拟机监视器,由剑桥大学开发。它打算在单个计算机上运行多达100个满特征的操作系统。操作系统必须进行显式地修改(“移植”)以在Xen上运行(但是提供对用户应用的兼容性)。这使得Xen无需特殊硬件支持,就能达到高性能的虚拟化。
Xen 4.6 发布,此版本专注于提高代码质量,安全加固,安全设备的启用,以及发布周期可预测性,主要更新内容分以下几方面:
-
Hypervisor
-
Toolstack
-
Xen Project Test Lab
-
Linux, FreeBSD and other OSes that utilise the new features
-
Greater Ecosystem
详情请看发行说明。
General Hypervisor Updates
-
The memory event subsystem has been reworked and extended to a new VM event subsystem. The new VM event subsystems supports both the ARM and x86 architectures. It can be used to intercept all sorts of VM events, such as memory access, register access and more. This enables security applications such as zero-footprint guest introspection, host-wide monitoring and many others. Have a look at Tamas’s presentations and Steve’s presentations on this topic to get more insights.
-
The Xen Security Modules (XSM) now have a default policy that is regularly tested in the Xen Project Test Lab to make sure it is not broken by mistake. This will enable us to switch on XSM by default in the future.
-
vTPM 2.0 support has been contributed by Intel and the US National Security Agency. To learn more about how to use vTPM and how it can make your host more secure, go to our wiki.
-
Grant table scalability has been improvement significantly by using finer-grained locks in grant tables. In some scenarios aggregate intrahost network throughput has been shown to improve by 100%. Other I/O drivers in Xen should potentially show significant performance improvements as well.
-
We introduced ticket lock to improve fairness, which provides better support of massive workloads from up to hundreds or thousands of VMs on a single host.
-
The unused SEDF scheduler has been removed from the hypervisor and toolstack. The Xen Project is committed to actively remove unused code to keep the code base small and to minimize security risks.
-
We removed Mini-OS from the Xen code base into its own tree. Mini-OS started as a demonstration OS, but received significant contributions in recent years (e.g. it is used by many Unikernels). We decide to treat it as a separately maintained independent project with it’s own mailing list and code tree to make it easier to consume. We hope this will help unikernel communities to more easily consume and contribute to Mini-OS, while reducing the Xen Project Hypervisor footprint.
x86-specific Hypervisor Updates
-
The Intel alternate P2M framework is a new capability for VM Introspection, Security and Privacy in Xen that gives Xen the ability to host up to 10 alternate guest to physical memory domains mappings for a specific guest-domain. It is one of the key technologies to enable zero-footprint VM introspection. It can also help Xen to implement faster NFV applications.
-
Intel Page Modification Logging Technology offloads the page dirty logging duty to hardware. Microbenchmark shows about 7% improvement in SPECJbb and should be particularly beneficial for Live Migration.
-
Intel Cache Allocation Technology allows system administrators to assign more L3 cache capacity to individual VMs, resulting in lower latency and higher performance for high-priority workloads such as NFV, real-time and video-on-demand applications.
-
Intel Memory Bandwidth Monitoring allows system administrators to identify memory bandwidth saturation on a Xen host that may be caused by several memory-intensive VMs running on the same host. Taking corrective actions, such as migrating VMs to a different Xen host, increases scalability and performance in the data center.
-
Intel Reserve Memory Region reporting provides a mechanism to report and reserve memory regions for legacy devices to allow for safe device passthrough.
-
Virtual Performance Monitoring Unit support makes it possible to profile the Xen Project Hypervisor with the Linux perf tool. Note that some work still needs to be completed within Linux to make perf fully functional.
-
Virtual NUMA for HVM guest is a continuation of the NUMA work performed in Xen 4.5 and previous releases. In this release, we exposed the functionality through the XL toolstack and added firmware changes to make the feature fully functional.
ARM-specific Hypervisor Updates
-
The supported number of VCPUs has been increased from 8 to 128 VCPUs on ARM64 platforms.
-
Passthrough for non-PCI devices allows users to passthrough devices via partial device trees. Full support for PCI device passthrough is currently being worked on.
-
ARM GICv2 on GICv3 support.
-
32 bit userspace in 64 bit guest support.
-
OVMF for ARM contributed by Linaro.
-
64K page ARM guest support.
-
Support for the following new Hardware Platforms has been added: Renesas R-Car Gen2, Thunder X, Huawei hip04-d04 and Xilinx ZynqMP SoC.
Toolstack Updates
-
Live Migration support in libxc / libxl and has been replaced with a completely new implementation (Migration v2). The new version respects different layers in the Xen Software stack and has been designed to be more robust and extensible to better support next-generation infrastructures and work planned in subsequent hypervisor releases.
-
Remus – our High Availability solution – has been reworked and is now based on Migration v2.
-
Libxl asynchronous operations can now be cancelled. This allows libxl users to cancel long-running asynchronous operations and benefits tool stacks such as libvirt and is beneficial for integration with cloud orchestration stacks.
-
Improved SPICE/QXL support.
-
AHCI disk controller support.
-
A new host I/O topology query interface gives upper layer in the software stack the ability to identify the I/O topology of underlying hardware platform.
-
Addition of Xenalyze, which is a tool for analyzing Hypervisor trace buffers and can be used for debugging and optimization, has been added to the Xen Project codebase as a maintained feature.
Xen Project Test Lab Updates
During the Xen 4.6 release cycle, the Xen Project created an Advisory Board funded Continuous Integration Test Lab. It currently has 24 hosts and is going to expanded in the future. This has led to significant improvements in Xen code quality and has allowed the project to expand automated test coverage. The number of test cases doubled during the 4.6 cycle. Some interesting new test cases that have been added are:
-
XSM
-
VM migration using libvirt between two hosts is now tested.
-
Live Migration between hosts of different Xen versions is now tested and will help identify any breakage in our migration code or specification.
-
Test with different disk formats such as QCOW2, VHD and raw format.
More test cases are in the pipeline, including test case for OpenStack’s devstack, performance and scalability tests, FreeBSD Dom0 etc.
Linux, FreeBSD and other OSes
During the Xen 4.6 release cycle, we made significant improvements to major operating systems we rely on to improve interoperability. Some highlights on Linux kernel development spanning from Linux 3.18 to 4.3 were:
-
Xen blkfront multiqueue and multipage ring support.
-
Xen SCSI frontend and backend support.
-
VPMU kernel support.
-
Performance improvement in mmap call.
-
P2M in PV guest can address 512GB or more.
For FreeBSD there were these improvements:
-
Experimental PVH Dom0/DomU support.
-
Removal of classic i386 PV port by FreeBSD developer John Baldwin.
-
Blkfront indirect descriptor support by FreeBSD developer Colin Percival.
-
Removal of broken FreeBSD specific blkfront/back extensions.
-
ARM32 and ARM64 guest support are underway.
Greater Ecosystem
-
Project Raisin provides an easier way to build and package Xen. It also includes a basic test suite for developer to test their changes.
-
Our OpenStack CI loop is up and running and is testing OpenStack changes against the Xen Project Hypervisor
-
Xen Hypervisor support moved from quality group C to group B in OpenStack.