This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-users] who comes from kvm?

To: Bhasker C V <bhasker@xxxxxxxxxxxxx>
Subject: Re: [Xen-users] who comes from kvm?
From: Steve Sapovits <steves06@xxxxxxxxxxx>
Date: Sun, 13 Feb 2011 15:22:56 -0500
Cc: xen-users@xxxxxxxxxxxxxxxxxxx, Javier Guerra Giraldez <javier@xxxxxxxxxxx>
Delivery-date: Sun, 13 Feb 2011 12:24:17 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <alpine.DEB.1.10.1102122242400.12308@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <AANLkTingMyaA5sLcbTM3NWW3NwAtVc6=fcwzEiw=znMA@xxxxxxxxxxxxxx> <4D5570CE.4090608@xxxxxxxxxxx> <AANLkTi=c=EVPojcNR35N5GL_PD0stV397DWETJ9F_O6O@xxxxxxxxxxxxxx> <alpine.DEB.1.10.1102122242400.12308@xxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7
On 2/12/2011 5:45 PM, Bhasker C V wrote:

> that's not exact since KVM doesn't run 'on top of' the Linux kernel;
> it's part of the Linux kernel. as such, it has the same 'bare metal'
> access to hardware as the rest of the kernel or the Xen hypervisor.

One differing factor is paravirtualization.  To clarify my comments
regarding KVM: I meant it runs *in* the kernel.  So, yes -- when
accessing hardware without paravirtualization, making a Linux kernel
call versus making a Xen hypervisor/micorkernel call is probably half
a dozen of one/6 of the other.  However, when running paravirtualized
guests, the dedicated nature of the Xen approach can offer better
performance.  Here's a good paper on the subject:


KVM has more limited paravirtualization -- only specific network and
IO drivers I believe (someone can clarify this perhaps).

Does it matter?  Probably not for most people.  I've considered using
KVM again and may use it on another box at some point.

Theoretically, the separation of the VMs in a dedicated hypervisor like
Xen *should* also offer better security:  The assumption being that the
more general purpose Linux kernel is more susceptible to security attacks
than the specific purpose Xen kernel.

I have, however, seen nothing that indicates any real world issues in
the security area.

Steve Sapovits  steves06@xxxxxxxxxxx 

Xen-users mailing list