Re: apt-get install xen-tools recursion

[Elliott Mitchell <ehem+xen@xxxxxxx>]

On Tue, Apr 15, 2025 at 11:35:45AM +0200, Manfred Haertel, DB3HM wrote:
> Elliott Mitchell schrieb:
> 
> > > I should have mentioned that I'm testing the installation procedure using 
> > > a
> > > VirtualBox virtual machine.
> > 
> > As David Hill asked first, are you sure you really want to do *this*?
> > 
> > While running a hypervisor on a hypervisor is possible in theory, x86
> > makes this *extremely* difficult.
> 
> Recursive virtualization is actually supported under Xen and it works with
> some possible glitches. I am running Xen under Xen and I once did run Xen
> under VMware workstation and after solving the glitches without problems.

Proper hypervisor on hypervisor should be indistinguishable from
hypervisor on "bare metal".  Similarly an OS running on a hypervisor
*shouldn't* be able to tell the hypervisor is there.  x86 makes this
extremely difficult since many instructions behave differently in the
different modes.  Certainly there are workarounds, but those glitches
shouldn't be present in the first place.

Compare PowerPC which has a very carefully designed model and full
virtualization is easy.  You still want psuedo-devices which don't behave
anything like actual storage devices, but you can readily hide the
processor bits of virtualization.

ARM is a bit in-between.  It doesn't have all the hard to simulate quirks
of x86, but does have hard borders between EL0-EL2.  As such there are
information leaks, but not nearly as many as x86.


-- 
(\___(\___(\______          --=> 8-) EHM <=--          ______/)___/)___/)
 \BS (    |         ehem+sigmsg@xxxxxxx  PGP 87145445         |    )   /
  \_CS\   |  _____  -O #include <stddisclaimer.h> O-   _____  |   /  _/
8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445