2018-09-24 13:08:30

by Jan Kiszka

[permalink] [raw]
Subject: [ANNOUNCE] Jailhouse 0.10 released

O'zapft is, so better release before going to the Wiesn: We are happy to
announce a new version of the partitioning hypervisor Jailhouse.

There is a similar amount of changes again, though some are more fundamental,
namely the changes around per-cpu page tables: 174 commits, 248 files changed,
4013 insertions, 8548 deletions. The code reduction is primarily related to the
removal of the vexpress target from CI as well as internal code reuse in the
Python tool extension.

- Removed targets:
- VExpress (virtual ARMv7 target)
- Cross-arch changes:
- use per-cpu page tables to hide private information of other cells
while running in the hypervisor (AKA generic and fast Spectre/L1TF
mitigation)
- support for EFI framebuffer as UART alternative
- removal of VGA support (substituted by EFI framebuffer)
- provide pyjailhouse module, so far as internal Python API to
Jailhouse functionality (will be extended step-wise to public API)
- "jailhouse hardware check" no longer requires a system config
- inmates: convert all build-time configurations into cell configs
and runtime parameters (AKA comm region also for ARM)
- plug race between guest-controlled relocation of intercepted MMIO
regions and their access
- fix split-up of hughpages a higher addresses
- fix write to MSI-X registers during PCI device hand-over
- ARM / ARM64:
- basic SMCCC moderation
- fix GICv3 registers dispatching
- support for more than 8 CPUs with GICv3
- fix unreliable startup on ARM64 due to missing cache flush
- fix for printk() of long long variables
- proper GICv2 shutdown after setup error
- inmates: save/restore registers in interrupt handlers
- x86:
- harden non-present mappings against L1TF
- CPU startup fix for slower targets
- do no trap on writes to read-only APIC LVT bits
- inmates: report SMI counter changes in apic-demo

You can download the new release from

https://github.com/siemens/jailhouse/archive/v0.10.tar.gz

then follow the README.md for first steps on recommended evaluation
platforms and check the tutorial session from ELC-E 2016 [1][2]. To try
out Jailhouse in a virtual environment or on a few reference boards,
there is an image generator available [3]. It will soon be updated to
the new release as well. Drop us a note on the mailing list if you run
into trouble.

What's (probably) next? First of all, we are looking forward to a couple of
IOMMU implementations for ARM64 targets. Still on my to-do list is enabling of
the Ultra96 board that Xilinx kindly provided (primarily a jailhouse-images
topic, but all preconditions are finally fulfilled). And the topic of inter-cell
communication standardization is also not forgotten. The plan is now virtio over
share memory transports, "just" needs a prototype and virtio spec extension
proposals.

Thanks to all the contributors and supporters!

Jan

[1]
https://events.linuxfoundation.org/sites/events/files/slides/ELCE2016-Jailhouse-Tutorial.pdf
[2] https://youtu.be/7fiJbwmhnRw?list=PLbzoR-pLrL6pRFP6SOywVJWdEHlmQE51q
[3] https://github.com/siemens/jailhouse-images

--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux