[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Questions about PVH in Xen 4.3 unstable



I read the blog posts and watched the video of Mukesh's prasentation. And now I want to try to summer up the existing guest/domain-types and stubdom-types to verify I understood them:

Guest/Domain-Types

PV: A PV guest is a guest where the kernel is so modified that it knows that it is a virtualized system (no priviliged instructions, special drivers and so on).

HVM: This guests are guest which can not be modified or need to run because of other reasons with the original code base. This guests run with the VT-x/AMD-V implementations in the modern CPUs. They need QEmu and can use ioemu stubdoms

PVHVM: This guests are HVM guests for which special drivers exists for the qemu devices, which makes it possible to shrink the need of emulation because the guest knows that the devices are virtual.

PVH: This guests are PV guests which can use the hardware virtualization technologies of the CPUs to do special things. About this I have still two questions: I found out that a few tasks are faster in HVM Mode so is it a try to make PV guests faster? And does PVH makes it easier to implement PV in an operating system kernels?

Stubdoms:

PV-GRUB: This is a stubdom where GRUB is compiled against Mini-OS to get all features of GRUB and doesn't need to use PyGRUB within Dom0.

ioemu: This stubdom is a QEmu version which is compiled against Mini-OS and it isolates the qemu process of a HVM DomU.

xenstore: This stubdom contains the xenstore service which holds a database about resources and domains. So it stores informations about which resource is attached to which domain and so on.

Would this description be right or does I think wrong?

Best Regards


2013/1/30 Jan Beulich <JBeulich@xxxxxxxx>
>>> On 30.01.13 at 12:04, George Dunlap <George.Dunlap@xxxxxxxxxxxxx> wrote:
> On Wed, Jan 30, 2013 at 10:52 AM, tech mailinglists <
> mailinglists.tech@xxxxxxxxx> wrote:
>
>> I thought that stubdoms for HVMs are great for security. Can it still be
>> used for PV-on-HVM for security? Can only Linux run as PVH and Windows and
>> so on still run as HVM?
>>
>
> Stubdoms increase security by isolating the qemu process, so that it's not
> running in domain 0.  PV domains (and by extension PVH domains) don't have
> a qemu process, and are therefore are secure without needing a stubdom.

That's not generally true - PV domains (including Dom0 itself) can
have a qemu e.g. for providing a block backend drivers for certain
disk types.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.