Comment by bonzini - Hacker Neue

bonzini Apr 28, 2017 parent

In China KVM is probably more common than Xen; Aliyun and Tencent use it, and Huawei is transitioning from Xen to KVM (with QEMU). KVM is probably more common among whoever uses OpenStack.

Xen also requires a hardware emulator to run HVM guests (including, but not limited to, Windows VMs). I don't know about now, but it definitely used to be QEMU for AWS.

QEMU can do emulation, but with KVM you use the hypervisor to run code at full speed until it has to interact with the emulated hardware.

Oldhand2017 Apr 28, 2017

Aliyun and Tencent use Xen, too. They are both on Xen's pre-disclosure list. I don't know it now, but Aliyun was at least Xen-only at one point. Huawei offers products both with KVM and Xen. This doesn't necessarily invalidate your speculation though.

The OpenStack aspect is true. Xen lacks support there.

A new Xen guest mode called PVH will remove QEMU when running Linux -- it is basically HVM without QEMU. Windows still requires QEMU.

j_s Apr 28, 2017

Thanks for the follow-up! I'll settle for "no tier-1 US provider publicly admits to using QEMU". :)

I didn't dig too far into the AWS vulnerability list to try to find QEMU; XEN shows up right away! Ok: QEMU is last mentioned July 2015, and in none of the mentions is AWS vulnerable.

https://www.google.com/?q=site:https://aws.amazon.com/securi...

bonzini OP Apr 28, 2017

> and in none of the mentions is AWS vulnerable.

Yep, that's because most bugs are found in legacy devices that are never found in production. The big exception was a buffer overflow in the floppy device emulation (the "VENOM" vulnerability).

A lot of AWS security bulletins say "AWS customers' data and instances are not affected by these issues". I read it as "we knew about it a couple weeks in advance and have done a rolling upgrade". :)

This item has no comments currently.