Sign in / up

back to article Google Cloud kicked QEMU to the kerb to harden KVM

Google has revealed how it hardened the open source KVM hypervisor to run in its cloud. Removing the QEMU hardware emulation tool looks to be a big part of its efforts. Google Cloud's technical lead manager Andy Honig and senior product manager Nelly Porter write that the company decided it needed to develop its own …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Voland's right hand Silver badge
    Linux

    Security is not the only issue

    QEMU has other issues which used to get in the way of building large and scalable cloud. They had quite a few serialization points in IO as well as extra copies, mallocs "under duress" and other things you do not really want if you want to squeeze every possible CPU cycle out of the machine. There are also quite a few places where Linux has come up with considerably faster modern library calls, but QEMU still uses the POSIX ones in the name of cross-platform compatibility.

    By the way, I thought Google cloud is predominantly containers. Where does kvm come to this?

    3 1 Reply
  2. frank ly

    Historical

    "the company decided it needed to write its own alternative with the following qualities: ................

    No history of security problems. ...."

    That sounds quite easy.

    11 0 Reply
  3. MacroRodent

    Downside of reuse

    QEMU was originally intended to be a full PC hardware emulator, and soon an emulator for many other systems besides the PC. Reusing it for virtualization was convenient, but brought with it a lot of old baggage that is no longer relevant when you just run VMs containing servers. So this really is a case of reusing software that was not quite meant for the new purpose.

    5 0 Reply
  4. jimcurtin

    An evolutionary transition

    We are a VDI company, makers of VERDE, based on KVM. We started using QEMU before it was part of KVM, back in '05, as an alternative to Xen. We had to get off paravirtualization as the constant low level changes in Linux at the time were killing us. When KVM came out we seamlessly switched to that. At the time, the platform to platform translation was very interesting. We were looking at VDI on mainframes and other exotic platforms. Now, not so much. I think this is a case of evolution, literally. We don't need those appendages anymore. Glad to see this and thanks, Google!

    0 0 Reply
  5. jelabarre59

    Bochs it up?

    Hey, if they think Qemu is slow, they should try Bochs...

    1 0 Reply
  6. Anonymous Coward
    Anonymous Coward

    Security through Obscurity

    "No history of security problems. QEMU has a long track record of security bugs, such as VENOM, and it's unclear what vulnerabilities may still be lurking in the code."

    So, they say that their internally developed, _Closed_Source_, solution has less of an history of bugs, and less vulnerabilities lurking in the code. Well, that probably is true, if only because their thing is both younger and smaller than QEMU, but how are we supposed to know/verify without having the code available?

    Without the sources, the above statement can only fall into the 'security through obscurity FUD' category.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon