--- wikisrc/ports/xen/howto.mdwn 2019/12/17 20:36:16 1.166 +++ wikisrc/ports/xen/howto.mdwn 2020/11/13 20:40:04 1.176 @@ -8,21 +8,29 @@ systems which operate in an unprivileged from the domU systems are forwarded by the Xen hypervisor to the dom0 to be fulfilled. -Xen supports different styles of guest: +Xen supports different styles of guests; see [PV on HVM](https://wiki.xen.org/wiki/PV_on_HVM) and [PVH(v2)](https://wiki.xenproject.org/wiki/PVH_(v2)_Domu) for upstream documentation. [[!table data=""" Style of guest |Supported by NetBSD PV |Yes (dom0, domU) HVM |Yes (domU) -PVHVM |No -PVH |No +PVHVM |current-only (domU) +PVHv2 |current-only (domU, dom0 not yet) """]] In Para-Virtualized (PV) mode, the guest OS does not attempt to access hardware directly, but instead makes hypercalls to the hypervisor; PV -guests must be specifically coded for Xen. In HVM mode, no guest -modification is required; however, hardware support is required, such -as VT-x on Intel CPUs and SVM on AMD CPUs. +guests must be specifically coded for Xen. + +In HVM mode, no guest modification is required; however, hardware +support is required, such as VT-x on Intel CPUs and SVM on AMD CPUs. + +In PVHVM mode, the guest runs as HVM, but additionally can use PV +drivers for efficiency. + +In PVHv2H mode, operation is similar to PVHVM, except that qemu is not +run and thus the PV interfaces for console, disks, networking are the +only way to access these resources. At boot, the dom0 kernel is loaded as a module with Xen as the kernel. The dom0 can start one or more domUs. (Booting is explained in detail @@ -35,7 +43,7 @@ website](http://www.xenproject.org/). [[!toc]] -#Versions and Support +# Versions and Support In NetBSD, Xen is provided in pkgsrc, via matching pairs of packages xenkernel and xentools. We will refer only to the kernel versions, @@ -46,11 +54,8 @@ Versions available in pkgsrc: [[!table data=""" Xen Version |Package Name |Xen CPU Support |xm? |EOL'ed By Upstream -4.2 |xenkernel42 |32bit, 64bit |yes |Yes -4.5 |xenkernel45 |64bit | |Yes -4.6 |xenkernel46 |64bit | |Yes -4.8 |xenkernel48 |64bit | |Yes -4.11 |xenkernel411 |64bit | |No +4.11 |xenkernel411 |x86_64 | |No +4.13 |xenkernel413 |x86_64 | |No """]] See also the [Xen Security Advisory page](http://xenbits.xen.org/xsa/). @@ -63,30 +68,22 @@ dom0 |No domU |Yes """]] -Note: NetBSD support is called XEN3. However, it does support Xen 4, +Note: NetBSD support is called XEN3. However, it does support Xen 4, because the hypercall interface has remained identical. Older Xen had a python-based management tool called xm, now replaced -by xl. xm is obsolete, but 4.2 remains in pkgsrc because migrating -from xm to xl is not always trivial, and because 4.2 is the last -version to run on an i386 dom0. +by xl. Architecture ------------ -Xen itself runs on x86_64 hardware. +Xen 4.5 and later runs on x86_64 hardware (the NetBSD amd64 port). +There is a concept of Xen running on ARM, but there are no reports of this working with NetBSD. -The dom0 system, plus each domU, can be either i386PAE or amd64. -i386 without PAE is not supported. +The dom0 system should be amd64. (Instructions for i386PAE dom0 have been removed from the HOWTO.) -The standard approach is to use NetBSD/amd64 for the dom0. - -To use an i386PAE dom0, one must build or obtain a 64bit Xen kernel and -install it on the system. - -For domUs, i386PAE is considered as -[faster](https://lists.xen.org/archives/html/xen-devel/2012-07/msg00085.html) -than amd64. +The domU can be i386PAE or amd64. +i386PAE at one point was considered as [faster](https://lists.xen.org/archives/html/xen-devel/2012-07/msg00085.html) than amd64. # Creating a dom0 @@ -335,7 +332,7 @@ will trigger controlled shutdowns of all CPU and memory -------------- -A domain is provided with some number of vcpus, less than the number +A domain is provided with some number of vcpus, up to the number of CPUs seen by the hypervisor. For a domU, it is controlled from the config file by the "vcpus = N" directive. @@ -628,7 +625,14 @@ note that only the "xpci" lines are unus cd* at scsibus? target ? lun ? # SCSI CD-ROM drives -#NetBSD as a domU in a VPS +# Specific Issues + +## domU + +[NetBSD 5 is known to panic.](http://mail-index.netbsd.org/port-xen/2018/04/17/msg009181.html) +(However, NetBSD 5 systems should be updated to a supported version.) + +# NetBSD as a domU in a VPS The bulk of the HOWTO is about using NetBSD as a dom0 on your own hardware. This section explains how to deal with Xen in a domU as a @@ -655,14 +659,6 @@ A second issue is multiple CPUs. With N multiple vcpus, and it is typical for VPS providers to enable multiple CPUs for NetBSD domUs. -pygrub -------- - -pygrub runs in the dom0 and looks into the domU file system. This -implies that the domU must have a kernel in a file system in a format -known to pygrub. As of 2014, pygrub seems to be of mostly historical -interest. - pvgrub ------ @@ -689,6 +685,21 @@ partition for the kernel with the intent which leads to /netbsd not being the actual kernel. One must remember to update the special boot partition. +pygrub +------- + +pygrub runs in the dom0 and looks into the domU file system. This +implies that the domU must have a kernel in a file system in a format +known to pygrub. + +pygrub doesn't seem to work to load Linux images under NetBSD dom0, +and is inherently less secure than pvgrub due to running inside dom0. For both these +reasons, pygrub should not be used, and is only still present so that +historical DomU images using it still work. + +As of 2014, pygrub seems to be of mostly historical +interest. New DomUs should use pvgrub. + Amazon ------