I'm reading an article about Xen, a virtual machine monitor. They say that an operating system requires some modification in order to be able to act as a guest OS on top of Xen. Now, for an OS like Linux, I can understand what a "modification" might mean but in the case of an OS like say, Windows XP, what does it mean? I mean, XP is closed source proprietary OS right?
views:
75answers:
3
+3
A:
It means exactly the same thing. It's just harder because the source is not widely available. Note that the modifications are no longer required when Xen is used in conjunction with hardware virtualization.
Ignacio Vazquez-Abrams
2010-01-22 15:16:56
I'm new to virtualization so sorry if I'm asking a silly question... Here's a line from the original paper: "Windows XP required a surprising number of modifications to its architecture independent OS code because it uses a variety of structures and unions for accesing page-table entries (PTEs)." This is what is confusing me... Or do you mean to say, there are actually two ways of using Xen? Even in that case, what does the sentence actually mean?
Legend
2010-01-22 15:25:15
x86-class architecture has 4 privilege levels, called "Rings" that software can run in numbered 0 through 3. OSes need to use special machine code instructions that can only run in the most privileged ring, "Ring 0". When a hypervisor enters the scene, *it* has to run in Ring 0, and the guests are relegated to Ring 1 (user software runs in Ring 3 usually), which means that they can no longer use those instructions. They need to be rewritten to ask the hypervisor to do the work instead. Hardware virtualization adds a "Ring -1" that the hypervisor runs in instead.
Ignacio Vazquez-Abrams
2010-01-22 15:31:01
I see.. Let me see if I understand it correctly... so software virtualization does require modification of OS source code => Windows XP cannot be run on Xen using software virtualization because there's no way to modify its source code... But if we use hardware virtualization, then Windows XP can be "ported" (meaning run as is) but by adding one additional privilege ring, Ring "-1". Is this correct?
Legend
2010-01-22 15:37:32
Correct. The hypervisor running in Ring -1 means that the OS is free to run in Ring 0, and so it can run the privileged instructions.
Ignacio Vazquez-Abrams
2010-01-22 15:40:26
Thank You. Now its all clear... Also, this paragraph from Wiki adds to the information you provided: "Recent CPUs from Intel and AMD offer x86 virtualization instructions for a hypervisor to control Ring 0 hardware access. Although they are mutually incompatible, both Intel VT (codenamed "Vanderpool") and AMD-V (codenamed "Pacifica") create a new "Ring -1" so that a guest operating system can run Ring 0 operations natively without affecting other guests or the host "
Legend
2010-01-22 15:46:09
This is not true. You can do full-system virtualization on x86 without VT or AMD-V. The problem is that some of the privileged instruction don't trap when you try to run them in ring > 0, which means that the virtualizer has to trace the instruction stream. VMWare does it, VirtualBox does it, QEmu in virtualization mode does it, Microsoft VirtualPC does it. All of those products existed long before VT and AMD-V. The fact that Xen doesn't do tracing and therefore requires either a modified guest or hardware support is a design decision by the Xen developers, not a general limitation.
Jörg W Mittag
2010-01-22 16:08:26
+1, also good to mention that blob of crap in linux-testing that microsoft dumped in and forgot about for hyper-v. Yet, I doubt we'll see a Windows pv_ops between now and the end of the world.
Tim Post
2010-04-04 07:58:43
+1
A:
Xen was originally a university project. As a researcher (or as a government agency tasked with infrastructure security), you can get the Windows sourcecode from Microsoft. You're just not allowed to distribute your own version of Windows.
This is exactly what they did: they had the sourcecode of Windows XP and then they ported XP to Xen, just to show that if Microsoft were ever to officially support Xen, it would be doable.
Jörg W Mittag
2010-01-22 15:34:29
Wow... I never imagined this would be possible in the first place... Oh boy... Just observed that Paul Berham, the primary author of that research paper, seems to be from Microsoft Cambridge... :O Thanks a million... Now things are clear...
Legend
2010-01-22 15:40:02
A:
On the other hand, although para-virtualization cannot provide an end-to-end virtualization solution, it can improve performance.
ZelluX
2010-02-05 08:49:36