Tag Archives: CES

Xen 4.2.0 Released

Xen.org is pleased to announce the release of Xen 4.2.0. The release is available from the download page:

This release is the culmination of 18 months and almost 2900 commits and almost 300K lines of code of development effort, by 124 individuals from 43 organizations.

New Features

The release incorporates many new features and improvements to existing features. There are improvements across the board including to Security, Scalability, Performance and Documentation.

XL is now the default toolstack: Significant effort has gone in to the XL tool toolstack in this release and it is now feature complete and robust enough that we have made it the default. This toolstack can now replace xend in the majority of deployments, see XL vs Xend Feature Comparison. As well as improving XL the underlying libxl library has been significantly improved and supports the majority of the most common toolstack features. In addition the API has been declared stable which should make it even easier for external toolstack such as libvirt and XCP’s xapi to make full use of this functionality in the future.

Large Systems: Following on from the improvements made in 4.1 Xen now supports even larger systems, with up to 4095 host CPUs and up to 512 guest CPUs. In addition toolstack feature like the ability to automatically create a CPUPOOL per NUMA node and more intelligent placement of guest VCPUs on NUMA nodes have further improved the Xen experience on large systems. Other new features, such as multiple PCI segment support have also made a positive impact on such systems.

Continue reading

Xen on ARM with virtualisation extensions progress.

There’s been a lot of good progress in the Xen on ARM with virtualisation extensions port since I first blogged about it here.

Thanks to some recent work, mainly by Stefano Stabellini, we are now able to start our first guest domain, including paravirtual console disk and network devices!

The main implementation work here has been to implement support for the core pieces of infrastructure will underpins the PV drivers, primarily that is event channels and grant tables all of which Stefano has implemented recently. One of our key design goals with this port of Xen was to make good use of the hardware virtualisation extensions, and at the same time implement paravirtualisation where it offers obvious benefits. For example we wanted to use paravirtualised device drivers for I/O as they provide significant performance benefits compared to emulated devices.

Sadly this has come too late for the 4.2 release (which has been frozen for a while and is now in the release candidate stage). Therefore I have created a git branch of Xen to track the ARM patches which are destined for 4.3. You can find it on xenbits and read more in the announcement mail.

Continue reading

The Intel SYSRET privilege escalation

The Xen Security team recently disclosed a vulnerability, Xen Security Advisory 7 (CVE-2012-0217), which would allow guest administrators to escalate to hypervisor-level privileges. The impact is much wider than Xen; many other operating systems seem to have the same vulnerability, including NetBSD, FreeBSD, some versions of Microsoft Windows (including Windows 7).

So what was the vulnerability? It has to do with a subtle difference in the way in which Intel processors implement error handling in their version of AMD’s SYSRET instruction. The SYSRET instruction is part of the x86-64 standard defined by AMD. If an operating system is written according to AMD’s spec, but run on Intel hardware, the difference in implementation can be exploited by an attacker to write to arbitrary addresses in the operating system’s memory. This blog will explore the technical details of the vulnerability.
Continue reading

Video: Intro to Virtualization, Xen, XCP, and the Cloud

This is a guest blog post by Patrick F. Wilbur, a long-time Xen user and active member of the Xen community.

You might know me from Xen Day and Xen training events in the past, or perhaps from the Running Xen book. I recently taught a lesson in an operating systems lab class on both personal virtualization and enterprise-grade virtualization, where the latter portion focused on Xen, Xen Cloud Platform (XCP), and even a little bit of the XenAPI (XAPI). I decided to share the video recording of the lab with the community. While by no means comprehensive of all relevant topics, it serves as a brief, high-level introduction to Xen and XCP. I hope you enjoy it!

In the full lesson, we begin by introducing virtualization in general and Type 2 personal virtualization solutions (e.g. VirtualBox), and their usefulness for sandboxing, testing, and checkpointing. Where the video (above) picks up, we then contrast those solutions with Xen (a Type 1 hypervisor), and boot XCP out-of-the-box to demonstrate a convenient and fully-featured way to get an enterprise-grade virtualization solution up and running. We conclude with a simple XenAPI scripting example coded in Python, and briefly discuss how such a fully-featured API makes Xen ready for your cloud computing needs.

The virtual machine disk images that were used in this video are available online for download. The example Python script is also available.

Much of the material is taken from the 2011 Xen Day Boston complete slides, which go into much more detail and are available online at xen.org.

Oracle hosted Xen Hackathon

I am pleased to announce the next Xen Hackathon. The Hackathon will be hosted by Oracle and takes place March 6-8, 2012 at the Oracle Campus in Santa Clara, CA, USA. If you want to attend, save the date and add yourself to the wiki. I wanted to thank Oracle and in particular Konrad Rzeszutek Wilk for making the Hackathon happen.

The aim of the Hackathon is to give developers the opportunity to meet face to face to discuss development, coordinate, write code and collaborate with other developers as well as allowing everyone to put names with faces. People working on documentation and other aspects of Xen, XCP, XenARM and related projects are also welcome.

There is no registration fee. However as an attendee you will need to cover your own travel, accommodation and other costs such as evening meals etc. More details will follow and will be communicated in due course on the blog, mailing lists and via the wiki page.

See you there!