2018-06-04 10:55:42

by Jan Kiszka

[permalink] [raw]
Subject: [ANNOUNCE] Jailhouse 0.9 released

We are happy to have completed a new version of the partitioning
hypervisor Jailhouse. The release got delayed a couple of times,
primarily due to the introduction of MMU support to ARM demo inmates.
But now it's done and working.

Code changes are fewer than for the previous release, but the number of
commits is almost this same: 171 commits, 240 files changed, 4458
insertions, 1925 deletions.

- New targets:
- emtrion emCON-RZ/G1H
- NXP MCIMX8M-EVK
- NVIDIA Jetson TX2
- Cross-arch changes:
- introduce unit infrastructure to hypervisor, simplifying build-time
additions of complex features
- unify command line section of demo inmates to be at 0x1000 (check
your scripts!)
- improve Linux loader command with better control over kernel vs.
initramfs distance (can resolve non-root Linux startup issues)
- versioning for communication region with evaluation in inmates
- work around potentially missing EXPORT_SYMBOLs for driver via
kallsyms lookup
- per-architecture configs/ folders (make sure your custom configs
are moved as well!)
- first steps to create comprehensive man pages
- Xilinx ZynqMP Ultrascale+ bring-up README
- ARM / ARM64:
- run demo inmates with MMU and caches enabled (ensures ivshmem &
comm region coherency, improves average latencies)
- GICv3: emulate GICR_TYPER_Last correctly
- GICv2: correctly emulate SGI sender ID
- add compressed image support for ARM64 Linux loader
- fixes and improvements of vPCI DT overlay setup
- stable vPCI controller domain via linux,pci-domain node
- x86:
- various MMIO instruction emulator fixes and enhancements
- unit test for MMIO instruction emulator
- intercept all AMD SVM instructions for safety/security reasons
- fix hypercall instruction selection in demo inmates

You can download the new release from

https://github.com/siemens/jailhouse/archive/v0.9.tar.gz

then follow the README.md for first steps on recommended evaluation
platforms and check the tutorial session from ELC-E 2016 [1][2]. To try
out Jailhouse in a virtual environment, there is no an image generator
available [3]. It will soon be updated to the new release as well. Drop
us a note on the mailing list if you run into trouble.

Meanwhile, more guest-side patches for Jailhouse are making it into
upstream. The x86-specific side is now done, and now there are several
patches for ARM lined up, namely hot-plugging the generic PCI host
controller. After that only a few smaller bits and - see also below -
the inter-cell communication interface are missing.

There are now a couple of important post-release changes in the make,
some fairly advanced, others still requiring more work:

- Per-CPU hypervisor page tables, both making the core agnostic against
known Spectre attacks and simplifying the per-cpu data accesses.
Patches are ready, just waiting for this release - and some update of
the internal documentation.

- Rework of demo inmates, adding SMP support on ARM/ARM64, likely also
restructuring the library further.

- Proper, reusable Python binding for the management interface. Will
help with internal Python code reuse and open up new external use
cases.

- Finalizing the inter-cell communication interface, exploiting virtio
more extensively without compromising hypervisor simplicity. There
has been some significant progress on the concept recently, the
keyword is "Virtio shared-memory transport". But more on this soon.

Thanks to all the contributors and supporters! We are happy to see the
ecosystem growing steadily.

Jan

[1] https://events.linuxfoundation.org/sites/events/files/slides/ELCE2016-Jailhouse-Tutorial.pdf
[2] https://youtu.be/7fiJbwmhnRw?list=PLbzoR-pLrL6pRFP6SOywVJWdEHlmQE51q
[3] https://github.com/siemens/jailhouse-images

--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux