Quick ref
xl list show running domainsxl create cfg start a domUxl console N attach to domain consolexl info host/hypervisor summaryxenstore-ls dump xenstore treexl migrate D host live migrate domainxl dmesg hypervisor ring bufferDomain Topology
Xen is a Type-1 microkernel hypervisor: a thin privileged layer that owns CPU, memory and scheduling, while all rich device logic lives in guest domains.
Xen hypervisorRing -1/EL2 layer; schedules vCPUs, partitions RAM, mediates grants and event channels — no device drivers.
dom0First, privileged guest started at boot; owns hardware, runs toolstack (
xl/libxl) and backend drivers.domUUnprivileged guest; sees virtual devices only, reaches hardware via split drivers in a backend domain.
driver domainDeprivileged domain holding a real device (NIC/disk) so a dom0 driver crash can't sink the host.
stub domainMinimal per-guest domain running QEMU device emulation, isolating the HVM model out of dom0.
xenstored / xenconsoledDom0 daemons providing the config database and serial console multiplexing.
Note Disaggregation (driver + stub domains) shrinks dom0's trusted computing base; a compromised backend then only owns its slice of hardware.
Execution Modes: PV / HVM / PVH
| Mode | CPU virtualization | I/O path | Trade-off |
|---|---|---|---|
PV | Paravirtual; guest uses hypercalls, no VT-x needed | PV split drivers only | Needs Xen-aware kernel; weak isolation of page tables |
HVM | Hardware VT-x/AMD-V + EPT/NPT; QEMU emulates platform | Emulated devices, PV drivers via PVHVM | Runs unmodified OS; emulation overhead |
PVH | Hardware virt for CPU/MMU, no emulated platform | PV drivers + virtual local APIC | Lightweight modern default; needs PVH-capable kernel |
Tip Prefer PVH for new Linux/BSD guests: it drops QEMU's attack surface while keeping hardware-accelerated memory translation. Classic PV is largely legacy post-Meltdown.
CPU Scheduling
Schedulers
credit2 is the default weighted fair-share scheduler; null statically pins vCPUs for latency-critical/NFV workloads; rtds offers a deadline-based real-time policy.
Controls
Tune per-domain weight and cap; bind vCPUs to pCPUs with affinity; isolate domains into cpupools each with its own scheduler.
xl sched-credit2 -d D -w 512Set scheduling weight for a domain.
xl vcpu-pin D vcpu pcpuHard-pin a vCPU to a physical CPU.
xl cpupool-createCarve CPUs into an isolated pool with its own scheduler.
xl vcpu-listShow vCPU→pCPU placement and affinity masks.
Memory: Translation & Ballooning
P2M / M2P tablesMap guest pseudo-physical frames to machine frames and back; HVM/PVH use hardware EPT/NPT for this.
balloon driverIn-guest driver returns/claims pages so the host can overcommit between
maxmem and current target.xl mem-set D 2048Drive the balloon to resize a guest's live allocation.
tmem / claimsTranscendent memory and claim API reduce racey allocation failures under overcommit.
xl mem-max D 4096Set the ceiling the balloon may inflate up to.
NUMA affinityXen places domain memory on the node matching its vCPU affinity to avoid cross-node penalties.
Warning Ballooning below the guest's working set triggers swapping inside the guest, not graceful shrink; never set the target under what the workload actually touches.
Split I/O: Grants, Event Channels, XenStore
Virtual devices are a frontend/backend pair connected through three primitives that together replace emulated hardware.
Grant references
A guest authorizes a specific backend to map or copy specific pages, enabling zero-copy I/O without exposing its whole address space.
Event channels
Lightweight virtual interrupts/IPIs that signal "ring has data" between front and back ends and deliver timer/IPI notifications.
vif / netfront ↔ netbackNetworking split driver; ring buffers in granted pages carry packets.
vbd / blkfront ↔ blkbackBlock storage split driver using indirect grant descriptors.
xenstore-ls /local/domain/NInspect a domain's device tree and negotiated state.
xenstore-read pathRead a key; backends/frontends rendezvous via the XenBus state machine here.
Note XenStore is a small transactional key/value tree for configuration and connection setup — not a data path. Bulk I/O always flows through grant-mapped rings.