Diff between std, xen0 and xenU kernel

Diff between std, xen0 and xenU kernel

[Jean-Eric]

Hi,
I installed xen with Fedora devel (tobe FC4) packages without problems. 
Xen is great! Fantastic work guys!

I have a question:
What is the difference between a std Linux kernel and an xen0 one? 
Except that we can run xenU instances in the xen0 one...

And is the xen0 instance different from the xenU instances? Or is it 
just another xenU instance in fact?

And if I run programs in the xen0 instance, will it degrade perf of xenU 
instances? Or render them less secure (in term of isolation)?

Thanks for clarification of these points.
-jec



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

Re: Diff between std, xen0 and xenU kernel

[Anthony Liguori]

Jean-Eric wrote:

> I have a question:
> What is the difference between a std Linux kernel and an xen0 one? 
> Except that we can run xenU instances in the xen0 one...

A standard Linux kernel expects to manage it's own memory, hardware, 
etc.  A xen kernel knows that it's in a hypervisor so it makes 
hypercalls when it needs to deal with those sorts of things.  That's a 
pretty gross simplification but you can check out any number of the 
papers referenced on the Xen homepage for whatever level of detail you want.

> And is the xen0 instance different from the xenU instances? Or is it 
> just another xenU instance in fact?

A little bit.  It mostly has to do with the initrd setup code.  However, 
I think there was a thread on a list where someone said you could in 
fact use a xen0 kernel within xenU if you had the right drivers enabled.

Really, the biggest difference is that xen0 domain has backend device 
drivers and the xenU kernel has the front-end version of those drivers.

> And if I run programs in the xen0 instance, will it degrade perf of 
> xenU instances? Or render them less secure (in term of isolation)?

It shouldn't decrease performance.  Currently, xen0 is pretty much a 
single point of failure though.  If you had a remote comprimise in xen0 
then an attack could bring down every other domain.

Regards,
Anthony Liguori


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

Re: Diff between std, xen0 and xenU kernel

[Mark Williamson]

> > And is the xen0 instance different from the xenU instances? Or is it
> > just another xenU instance in fact?
>
> A little bit.  It mostly has to do with the initrd setup code. 

Is it not the same for both?  What's different?

> However, 
> I think there was a thread on a list where someone said you could in
> fact use a xen0 kernel within xenU if you had the right drivers enabled.

Xen0 kernels will run in an unprivileged domain so long as you have built in 
the frontend drivers (this happens by default in -testing and -stable, I 
think).

> Really, the biggest difference is that xen0 domain has backend device
> drivers and the xenU kernel has the front-end version of those drivers.

The Xen0 kernel also has drivers for "real" hardware, whereas the xenU kernel 
contains only "virtual" drivers.  The xenU kernel is smaller as a result, 
which is the reason we provided.  You don't strictly *need* the xenU kernel 
at all.

> > And if I run programs in the xen0 instance, will it degrade perf of
> > xenU instances? Or render them less secure (in term of isolation)?

It won't matter to performance any more than running applications in the 
unprivileged instances would.

Regarding security you need to keep in mind that an attacker who gains root 
privileges in domain 0 will be able to get root privileges in every domain on 
the machine.  Thus if you're running an internet-facing machine you should 
make sure that domain 0 exposes as few services to the internet as possible.

Cheers,
Mark


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

Re: Diff between std, xen0 and xenU kernel

[Anthony Liguori]

Mark Williamson wrote:

>>>And is the xen0 instance different from the xenU instances? Or is it
>>>just another xenU instance in fact?
>>>      
>>>
>>A little bit.  It mostly has to do with the initrd setup code. 
>>    
>>
>
>Is it not the same for both?  What's different?
>  
>
xen/arch/x86/x86_32/domain_build.c

Looking again though, I think that it's really that Xen behaves a little 
differently constructing domain-0 than when constructing another 
domain.  So just ignore what I said :-)

Regards,
Anthony Liguori


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click

Re: Diff between std, xen0 and xenU kernel

[Jean-Eric Cuendet]

>>>And if I run programs in the xen0 instance, will it degrade perf of
>>>xenU instances? Or render them less secure (in term of isolation)?
> 
> 
> It won't matter to performance any more than running applications in the 
> unprivileged instances would.
> 
> Regarding security you need to keep in mind that an attacker who gains root 
> privileges in domain 0 will be able to get root privileges in every domain on 
> the machine.  Thus if you're running an internet-facing machine you should 
> make sure that domain 0 exposes as few services to the internet as possible.

That means that I should make the domain-0 as small as possible abd run 
only, say, ssh to administer it, but nothing else. And create other 
domains (which are secure and unpriviledged) for real services.

Thanks for all informations.
-jec



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click