1.. SPDX-License-Identifier: CC-BY-4.0
2
3Glossary
4========
5
6.. Terms should appear in alphabetical order
7
8.. glossary::
9
10   control domain
11     A :term:`domain`, commonly dom0, with the permission and responsibility
12     to create and manage other domains on the system.
13
14   domain
15     A domain is Xen's unit of resource ownership, and generally has at the
16     minimum some RAM and virtual CPUs.
17
18     The terms :term:`domain` and :term:`guest` are commonly used
19     interchangeably, but they mean subtly different things.
20
21     A guest is a single, end user, virtual machine.
22
23     In some cases, e.g. during live migration, one guest will be comprised of
24     two domains for a period of time, while it is in transit.
25
26   domid
27     The numeric identifier of a running :term:`domain`.  It is unique to a
28     single instance of Xen, used as the identifier in various APIs, and is
29     typically allocated sequentially from 0.
30
31   CET
32     Control-flow Enforcement Technology is a facility in x86 CPUs for
33     defending against memory safety vulnerabilities.  It is formed of two
34     independent features:
35
36     * CET-SS, Shadow Stacks, are designed to protect against Return Oriented
37       Programming (ROP) attacks.
38
39     * CET-IBT, Indirect Branch Tracking, is designed to protect against Call
40       or Jump Oriented Programming (COP/JOP) attacks.
41
42     Intel support CET-SS and CET-IBT from the Tiger Lake (Client, 2020) and
43     Sapphire Rapids (Server, 2023) CPUs.  AMD support only CET-SS, starting
44     with Zen3 (Both client and server, 2020) CPUs.
45
46   guest
47     The term 'guest' has two different meanings, depending on context, and
48     should not be confused with :term:`domain`.
49
50     When discussing a Xen system as a whole, a 'guest' refer to a virtual
51     machine which is the "useful output" of running the system in the first
52     place (e.g. an end-user VM).  Virtual machines providing system services,
53     (e.g. the control and/or hardware domains), are not considered guests in
54     this context.
55
56     In the code, "guest context" and "guest state" is considered in terms of
57     the CPU architecture, and contrasted against hypervisor context/state.
58     In this case, it refers to all code running lower privilege privilege
59     level the hypervisor.  As such, it covers all domains, including ones
60     providing system services.
61
62   hardware domain
63     A :term:`domain`, commonly dom0, which shares responsibility with Xen
64     about the system as a whole.
65
66     By default it gets all devices, including all disks and network cards, so
67     is responsible for multiplexing guest I/O.
68