Architecture & Domain Roles

Quick ref

xl list list running domains

xl create cfg start a domU from config

xl console dom attach to guest console

xl info host + hypervisor facts

xl top live per-domain CPU/mem

xl migrate d host live migrate a guest

xenstore-ls browse the xenstore tree

Architecture & Domain Roles

Xen is a type-1 (bare-metal) hypervisor: it owns CPU, memory, and interrupts, while all device access lives in privileged guest domains rather than the hypervisor itself.

hypervisor

Thin layer scheduling vCPUs and arbitrating memory; carries no native device drivers.

dom0

First, privileged domain hosting toolstack, backend drivers, and xenstore.

domU

Unprivileged guest; consumes virtual devices via frontend drivers.

driver domain

Deprivileged dom that owns real hardware and serves backends, shrinking dom0's TCB.

stub domain

Per-guest mini-VM running QEMU device model, isolating emulation from dom0.

toolstack (xl/libxl)

Control plane in dom0 that builds, configures, and tears down domains.

Note Disaggregation is the design intent: dom0 is a privileged guest, not the kernel. Move backends into driver/stub domains to limit blast radius.

Execution Modes

Mode	Privilege/MMU	Device I/O	Use
`PV`	Paravirtualized; hypercalls, no HW virt needed	PV split drivers only	Legacy, no VT-x; now waning
`HVM`	Full virt via VT-x/AMD-V + EPT/NPT	Emulated (QEMU) + PV drivers	Unmodified OSes, Windows
`PVH`	HW virt for CPU/MMU, no emulated platform	PV drivers, no QEMU	Modern default; lean & fast

HVM guests typically boot emulated then switch to PV drivers (PVHVM) for fast disk/net while keeping hardware page tables.

Warning Classic 64-bit PV guests share a security-sensitive code path; PVH is the recommended replacement and the future of paravirtualization in Xen.

CPU Scheduling

credit2

Default weight/cap fair-share scheduler optimized for latency and load balance.

null

Static 1:1 vCPU-to-pCPU pinning, zero overhead for NFV/real-time.

xl sched-credit2 -d dom -w 512

Set a domain's scheduling weight (relative CPU share).

xl vcpu-pin dom 0 2

Pin vCPU0 to physical CPU 2.

xl cpupool-list

Partition pCPUs into pools with independent schedulers.

vcpus= / maxvcpus=

Config: boot vCPUs vs. hot-pluggable ceiling.

Memory: Translation & Ballooning

Address layers

Guest-virtual → guest-physical (PFN) → machine/host (MFN). HVM/PVH use EPT/NPT for hardware nested translation; PV guests previously used direct/shadow page tables managed via hypercalls.

Reclaim & share

The balloon driver grows/shrinks a guest's footprint cooperatively; tmem and page-sharing/dedup let the host reclaim or pool memory beyond static assignment.

xl mem-set dom 2048

Balloon a guest's current target to 2 GiB.

xl mem-max dom 4096

Set the hard ceiling the guest can balloon up to.

maxmem= / memory=

Config: ceiling vs. startup allocation.

Warning Don't shrink dom0 below a safe floor (dom0_mem=); over-ballooning starves backend buffers and can wedge guest I/O.

Split I/O: Frontends, Backends & Plumbing

Virtual I/O uses a frontend in domU and a backend in dom0/driver domain, connected by three primitives that together form a ring channel.

blkfront / blkback

Virtual block device split driver pair.

netfront / netback

Virtual NIC split driver pair.

grant references

Permission tokens letting a backend map/copy specific guest pages — the shared-memory mechanism.

event channels

Lightweight virtual IRQs signaling "ring has work" between domains.

I/O rings

Shared producer/consumer descriptor ring living in granted pages.

xenstore handshake

Frontend/backend exchange ring-ref + evtchn here to connect.

XenStore

A small hierarchical key/value database in dom0 used for configuration, device discovery, and control signaling — not a data path.

xenstore-ls /local/domain/5

Inspect a domain's tree (devices, state nodes).

xenstore-read path

Read a single key value.

xenstore-write path val

Set a key; drives state transitions.

xenstore-watch path

Block on change notifications (how drivers react).