Recently the Linux Foundation unveiled through a post that blog qthat Intel has assigned all rights to the Cloud Hypervisor, which is a hypervisor optimized for the cloud and which will now be under the auspices of the Linux Foundation, whose infrastructure and services will be used in future development.
Features of the Cloud Hypervisor project include hot plugging of CPUs, memory and peripherals, support for Windows and Linux guests, offloading devices with vhost-user, and a minimal and compact footprint.
With this move by Intel, This hypervisor will pass under the wing of the Linux Foundation and will relieve the project of dependency on a separate commercial company. and facilitate collaboration with external stakeholders. Companies such as Alibaba, ARM, ByteDance and Microsoft have already announced their support for the project, whose representatives, along with developers from Intel, formed a board that oversees the project.
For those unfamiliar with Cloud Hypervisor, you should know that it provides a virtual machine monitor (VMM) that runs on top of KVM and MSHV, written in the Rust language and built on the components of the joint Rust-VMM project, which will help you allows you to create hypervisors for specific tasks.
"Cloud Hypervisor has grown to the point of being under the neutral governance of the Linux Foundation," says Arjan van de Ven, a fellow at Intel and a founding technical sponsor of the project. »We built the project to provide a more secure and up-to-date VMM (Virtual Machine Manager) to optimize modern cloud workloads. With fewer device models and a modern, more secure language. "
The project allows to run guest systems (Linux,Windows) using paravirtualized virtio-based devices, emulation usage is minimized. Among the key tasks mentioned are: high responsiveness, low memory consumption, high performance, simplification of configuration and reduction of possible attack vectors. There is support for migrating virtual machines between servers and hot-plug virtual machines with CPU, memory, and PCI devices. The x86-64 and AArch64 architectures are supported.
"Modern cloud workloads require increased security, and the cloud hypervisor project is intentionally designed to focus on this critical area," said Mike Dolan, senior vice president and general manager of projects, Linux Foundation. "We look forward to supporting this project community, both as it begins to build and as we put in place the right governance structures to sustain it for years to come."
The project is supported by Alibaba, ARM, ByteDance, Intel and Microsoft and is represented by the founding membersincluding Mr. van de Ven and KY Srinivasan, Microsoft Vice President, Michael Zhao, ARM Engineer Gerry Liu, Alibaba Senior Engineer, and Felix Zhang, ByteDance Senior Engineer. The Cloud Hypervisor project will initially focus on modern cloud performance and security.
Finally, it should be noted that Cloud Hypervisor is on its version 20.0 and in which the following changes were made:
- For the x86_64 and aarch64 architectures, up to 16 PCI segments are now allowed, increasing the total number of allowed PCI devices from 31 to 496.
- Support for binding virtual CPUs to physical CPU cores (CPU pinning) has been implemented. For each virtual CPU, you can now define a limited set of host CPUs that can be run, which can be useful when mirroring host and guest resources directly (1: 1) or when starting a virtual machine on a NUMA node specific.
- Improved I / O virtualization support. Each VFIO region can now be mapped to memory, reducing the number of virtual machine logoffs and allowing better performance of the forwarding devices to the virtual machine.
- In the Rust code, work has been done to replace insecure sections with alternate implementations that run in safe mode. For the rest of the insecure sections, detailed comments have been added explaining why insecure code left behind can be considered safe.
Source: https://www.linuxfoundation.org/