Re: [Xen-devel] Re: [GIT PULL] Xen APIC hooks (with io_apic_ops)
From: Jeremy Fitzhardinge
Date: Wed May 27 2009 - 20:49:27 EST
Ingo Molnar wrote:
I also find it pretty telling that you cut out the most important
point of Avi's reply:
I think the Xen design has merit if it can truly make dom0 a
guest -- that is, if it can survive dom0 failure. Until then,
you're just taking a large interdependent codebase and splitting
it at some random point, but you don't get any stability or
security in return.
that crucial question really has to be answered honestly and
Xen, the hypervisor itself, doesn't require any services from dom0. From
its perspective, dom0 is just another guest domain, though with enough
privileges to access hardware. Dom0's job is to provide device access
to other less privileged domains.
There is currently some system-wide information which is stored in a
usermode daemon in dom0. Recovering from its loss is hard, but there is
a prototype to pull that daemon out into its own special-purpose
domain. At that point, dom0 can reboot without affecting any of the
other domains or Xen itself.
If dom0 goes away, the other domains will get a disconnect and
temporarily lose access to their devices, but they can cope with that.
From their perspective, it would look like they'd just been
save/restored or migrated to another machine. When dom0 comes back,
they'll reconnect and carry on.
The disaggregation of dom0's functions is something that the Xen
development community is actively perusing.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/