Prerequisites – Introduction to Virtualization, Machine Reference Model of Virtualization
Xen is an open source hypervisor based on paravirtualization. It is the most popular application of paravirtualization. Xen has been extended to compatible with full virtualization using hardware-assisted virtualization. It enables high performance to execute guest operating system. This is probably done by removing the performance loss while executing the instructions requiring significant handling and by modifying portion of the guest operating system executed by Xen, with reference to the execution of such instructions. Hence this especially support x86, which is the most used architecture on commodity machines and servers.
Above figure describes the Xen Architecture and its mapping onto a classic x86 privilege model. A Xen based system is handled by Xen hypervisor, which is executed in the most privileged mode and maintains the access of guest operating system to the basic hardware. Guest operating system are run between domains, which represents virtual machine instances.
In addition, particular control software, which has privileged access to the host and handles all other guest OS, runs in a special domain called Domain 0. This the only one loaded once the virtual machine manager has fully booted, and hosts an HTTP server that delivers requests for virtual machine creation, configuration, and termination. This component establishes the primary version of a shared virtual machine manager (VMM), which is a necessary part of Cloud computing system delivering Infrastructure-as-a-Service (IaaS) solution.
Various x86 implementation support four distinct security levels, termed as rings, i.e.,
Ring 0, Ring 1, Ring 2, Ring 3
Here, Ring 0 represents the level having most privilege and Ring 3 represents the level having least privilege. Almost all the frequently used Operating system, except for OS/2, uses only two levels i.e. Ring 0 for the Kernel code and Ring 3 for user application and non-privilege OS program. This provides a chance to the Xen to implement paravirtualization. This enables Xen to control unchanged the Application Binary Interface (ABI) thus allowing a simple shift to Xen-virtualized solutions, from an application perspective.
Due to the structure of x86 instruction set, some instructions allow code execution in Ring 3 to switch to Ring 0 (Kernel mode). Such an operation is done at hardware level, and hence between a virtualized environment, it will lead to a TRAP or a silent fault, thus preventing the general operation of the guest OS as it is now running in Ring 1.
This condition is basically occurred by a subset of system calls. To eliminate this situation, implementation in operating system requires a modification and all the sensitive system calls needs re-implementation with hypercalls. Here, hypercalls are the particular calls revealed by the virtual machine (VM) interface of Xen and by use of it, Xen hypervisor tends to catch the execution of all the sensitive instructions, manage them, and return the control to the guest OS with the help of supplied handler.
Paravirtualization demands the OS codebase to be changed, and hence all operating systems can not be referred as guest OS in a Xen-based environment. This condition holds where hardware-assisted virtualization can not be free, which enables to run the hypervisor in Ring 1 and the guest OS in Ring 0. Hence, Xen shows some limitations in terms of legacy hardware and in terms of legacy OS.
In fact, these are not possible to modify to be run in Ring 1 safely as their codebase is not reachable, and concurrently, the primary hardware hasn’t any support to execute the in a more privileged mode than Ring 0. Open source OS like Linux can be simply modified as its code is openly available, and Xen delivers full support to virtualization, while components of Windows are basically not compatible with Xen, unless hardware-assisted virtualization is available. As new releases of OS are designed to be virtualized, the problem is getting resolved and new hardware supports x86 virtualization.