Xen [1,2] is an x86 virtual machine
monitor based on a virtualization technique called paravirtualization [8,1], which has been
introduced to avoid the drawbacks of full virtualization by presenting
a virtual machine abstraction that is similar but not identical to the
underlying hardware. Xen does not require changes to the application
binary interface (ABI), and hence no modifications are required to
guest applications. For full details on the Xen architecture and
features, we refer readers to papers [1,2]. Here, we
only touch on some implementation details of Xen that are important
for our monitoring framework and performance study.
In the initial design [1], Xen itself contained device driver code and provided safe shared virtual device access. The support of a sufficiently wide variety of devices is a tremendous development effort for every OS project. In a later paper [2], the Xen team proposed a new architecture used in the latest release of Xen which allows unmodified device drivers to be hosted and executed in isolated ``driver domains'' which, in essence, are driver-specific virtual machines.
There is an initial domain, called Domain0, that is created at boot time and which is permitted to use the control interface. The control interface provides the ability to create and terminate other domains, control the CPU scheduling parameters and resource allocation policies, etc. Domain0 also may host unmodified Linux device drivers and play the role of a driver domain. In our experimental setup, described in Section 4, we use Domain0 as a driver domain. Devices can be shared among guest operating systems. To make this sharing work, the privileged guest hosting the device driver (e.g. Domain0) and the unprivileged guest domain that wishes to access the device are connected together through virtual device interfaces using device channels [2]. Xen exposes a set of clean and simple device abstractions. I/O data is transferred to and from each domain via Xen, using shared-memory, asynchronous buffer descriptor rings. In order to avoid the overhead of copying I/O data to/from the guest virtual machine, Xen implements the ``page-flipping'' technique, where the memory page containing the I/O data in the driver domain is exchanged with an unused page provided by the guest OS. Our monitoring framework actively exploits this feature to observe I/O communications between the guest domains and the driver domains.