Introduction to the Xen Virtual Machine

Everyone's talking about Xen, but the code is complex. Here's a starting point.

The Xen Project is an interesting and promising project that received increasing notice over the past year. The code is complex, especially the virtual memory management, the live migration implementation and the grant tables mechanism. This article is an introductory article, however, and does not deal with these topics. I hope, though, that it has provided a starting point to those who want to learn more and delve into the code.

Note: This article refers to Xen-unstable, xen-3.0-devel, which is the basis for Xen-3.0, which should be released soon. The kernel referred to for dom0/domU is a 2.6.* kernel. Whenever the term class is used, it refers to a Python class.

Rami Rosen is a Computer Science graduate of Technion, the Israel Institute of Technology, located in Haifa. He works as a Linux kernel programmer for a networking start-up, and he can be reached at In his spare time he likes running, solving cryptic puzzles and convincing and helping everyone he knows to move to this wonderful operating system, Linux.



Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Hele me please

Anonymous's picture

This is my course work in School.
1. Example applied of Xen & VM (Virtual Machine)
2. Description of relation between VM and OS
3. Example applied of VM now
Hele me please.

Some performace test result

ericzqma's picture

I installed Xen on two of our server. The kernel and xen are the modern versions (The platform information can be found here ). I have done some test on this platform, the result is that the CPU performance is nearly 100% while the memory performance is only 90% compared to the physical machine. Details can also be found here . I am satisfied by the cpu performance. Maybe the 10% memory overhead is a bit large. I am wondering whether there are some mistake in my configuration or how to improve it. -- Eric


Laks's picture

Good article - shown few concepts behind Xen and it's useful for beginners.

is it possible to do the memory copy operation between two VM's?

Anonymous's picture

is it possible to do the memory copy operation between two guest VM's directly through through XEN without involving dom 0?

Inter-Domain Comms

Mr. B's picture


It is a little confusing on how you have described the interaction between XenStore and a domain. How exactly does a Domain interact with Xenstore i.e. TCP ports, sockets, etc...? Since XenStore resides in ring 3 how does it access the hypervisor itself? Thanks.

Mr. B

xen against qemu/bochs

Anonymous's picture

With Xen on x86(_32) running guest OS kernel in ring 1 and guest OS applications in ring 3 carefuly exploited guest OS is wide open door to hijack host OS root applications in ring 3 and this way compromise host OS.

That's something I guess can't happen with qemu/bochs etc. Other words: you trade that for speed.

And at first guess the enhanced CPU architecture will have just tags at descriptors and more complicated descriptor access rules to enable more page tables separated and being loaded simultaneously switched/selected on demand and privileges. But then how can it provide applications/OSes existing in different page tables with similar amount of cpu time to run? Maybe someone can summarize the tech a bit and publish it?

carefuly exploited guest OS

Anonymous's picture

Xen does validation of memory accesses

does xen overhead include OS overhead?

undefined's picture

one clarification that i need is if the 3% overhead of xen includes the overhead of running multiple identical guest kernels. yes, xen adds 3% overhead, but is there also some duplication when running 3 linux kernels, whether in memory or in processing?

i recently investigated viritualization for the purposes of consolidating, yet keeping partitioned, a linux server & desktop. as there is very little difference between my current linux server & desktop kernels, i would prefer not to duplicate the linux kernel, but merely have different userlands. i am currently testing linux vserver as it allows me to run a single linux kernel, but maintain multiple userland "instances", each "instance" with its own ip address and other features.

granted vserver, chroot, etc does not help when a user wants to run different operating systems (linux & windows), and if full separation between userland images, even down to the kernel level (kernel-level exploits, user-visible features like nfsd, etc), is desired, then xen is the proper tool for that job. heck, give the xen livecd a test drive and marvel at xen's accomplishment.

just wanted to share my holiday weekend's research to help save someone else some time.

we tested it recently. yup,

Anonymous's picture

we tested it recently. yup, it involves 3% overhead on simple operations, but overhead is more than 20-30% on disk I/O, network etc.
And sure, memory pressure/requirements you mentioned are rather big.

I would recommend you to take a look at OpenVZ project as well. It is more mature, than vserver. We successfully run 30-50 VPSs on 1GB of RAM with it.

disk/network io

Anonymous's picture

Why not use separate drives for each server slice instead of a file system on a file? Perhaps separate network cards also?

This might mitigate the slow down but perhaps satiating the buses.

Anyone doing that?


disk i/o

Luke Crawford's picture

things run much faster if you give each domU it's own partition. LVM helps a lot here, both to run many small domains on one disk, and to keep track of who owns what partition.

anyone care to write proof of concept exploit?

Anonymous's picture

> (kernel-level exploits,

I guess this may be still issue with xen compared to qemu/bochs. It's not that straight forward but have a look at the access privileges model behind ring. Once you gain ring 1 privileges then the userland of host OS is toast.

windows applications

Anonymous's picture

I am curios, after the VT and Pacifica gets in and you can then run windows on xen directly, could you run games, graphics, etc...
I guess it depends what kind of drivers xen would provide or allow access too. Anyone?
I.e. work on linux and windows in tandem.
For example, applications that can't or have not yet been ported to linux will work on windows (such as games, proprietery...) and the rest would be linux.

Sadly the SMP support is rath

Anonymous's picture

Sadly the SMP support is rather unstable (and therefore currently only in xen unstable. :-) ).

VMware Community Source is nonsense

Anonymous's picture

VMware's "Community Source" program is exactly like open source, only they don't share their software with anyone except their corporate partners, and don't share the contributed code.

Agreed: VMware Community Source is a load...

Anonymous's picture

I've been reading VMware press releases for the last few weeks with zero substance except how they were going to "open" something up. I went to Intel's Developer Forum and spoke with numerous developers from IBM, HP and Intel at and asked them straight up what the deal was. I asked, "Where is the "open code"? They all kind of (quietly) said the same thing. VMware is getting freaked out by Xen and wanted some press. In reality, they may document a few more APIs, but this is just a load...

Author Response

Rami's picture


I had written in this article about the advantages and disadvantages of the Xen and VMWare virtualization solutions.
One of the Xen advantages I pointed out was it was
free and open source project.

I felt it will be unfair not to mention that VMware
started that Community Source program in the beginning
of this August.

In the article I wrote aboout this Community Source program : " will be providing its partners with access to VMware ESX Server source code"; also VMWare news release (to which I gave a link) talks about giving source to ***partners***.

I think your comment should be read considering this and in this light.

Rami Rosen

Where can i read your article?

Anonymous's picture


I was wondering if there is a link or web page where I can read your article about the advantages and disadvantages of Xen and Vmware.

Where can I find it? is it online?



NetBSD doesn't need to get patched

hubertf's picture

NetBSD has native support for Xen for some time in the official releases now, and does NOT need to be patched. See for more information.

- Hubert

no POWER5 support

Hollis Blanchard's picture

I am one of the developers working on the PowerPC port of Xen, and we are supporting the PowerPC 970, not POWER5.

Xen in IBM

Anonymous's picture


Please look here:

It says:
IBM is working on Power5 support...

Are you shure your team is the only one in IBM working on
Xen ?

Yes, I'm positive. The LWN pa

Hollis Blanchard's picture

Yes, I'm positive. The LWN page is also incorrect, though it cites its source so you can see where the information comes from.

Why bother with POWER5 support?

Anonymous's picture

Why would IBM waste resources on POWER5 support? They already have a rock-solid micropartitioning and virtualization environment on the POWER5 that supports Linux, and one that appears to provide even greater protection across partitions then xen does with domains. I'm running my own distribution on one as I write this, and I'm sold. I'd rather manage a SAN-backed POWER5 installation over a blade server any day.

I can see a big advantage for the PPC970, though, given that you can get JS20 blades for their blade center, and the HS20 already.

More on VM and Emulators

moma's picture