> -----Original Message-----
> From: xen-users-bounces@lists.xensource.com
> [mailto:xen-users-bounces@lists.xensource.com] On Behalf Of
> Dave Cameron
> Sent: 15 August 2006 22:33
> To: xen-users@lists.xensource.com
> Subject: Re: [Xen-users] Minimal Hypervisor Size?
>
> > What about hardware support, you''d still need some way to
emulate
> > hardware or it wouldn''t be a whole lot of use. You''d
have
> to rip a whole
> > chunk of code out of Linux or BSD.
> >
> > On Tue, 2006-08-15 at 16:13 -0500, dfeustel@mindspring.com wrote:
> > > How large would a hypervisor be if it were constructed
> > > as the smallest program supporting the virtualization of
> > > unmodified operating systems only (i.e. no linux-specific
> > > features, no para-virtualization)?
>
> Would not the hardware support need to be OS-independent in order
> to work with the (unspecified) unmodified operating systems?
Xen itself doesn''t know anything about hardware - so you _MUST_ have a
Dom0 to support the actual hardware accesses for full virtualization.
Thus, you must also have para-virtualization... Note that this is fully
intentional: Drivers for hardware support is hard work to implement,
which is why using a regular, already exisiting set of drivers in an
existing OS is the smart thing to do. Further to that, it keeps the Xen
hypervisor itself small, and thus more easily managed and maintained,
more secure [since there is generally X bugs per Y lines of code - more
lines -> more bugs, some of which will have security implications] -
also smaller amount of code is possible to code-review for security more
easily than, say, a full Linux that has millions of lines of code.
Although, in theory, it would be possible to remove reliance on
para-virtual Dom0, and use a fully-virtualized Dom0 that has full access
to hardware. It would still need to have some special functionality to
communicate hardware accesses by other (DomU) guests via Xen to Dom0 -
so there is still a need for a fair amount of the code used by
Para-virtualization to support the DomU to Dom0 communication.
Much of the code in Xen is to deal with the management of page-tables,
which of course will still be needed for fully-virtualized guests -
although some small amount may be changed if there is no need to support
more than one mode of page-tables - although that''s unlikely to make a
HUGE impact on the size of the code...
N.B. I haven''t actually analyzed exactly how much code is in what
portion of Xen - this is just by having worked with Xen for over a year
and implemented some of the SVM (Hardware virtual support) in Xen.
--
Mats
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users