Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Subject: Re: [PATCH 00/10] x86: Add support for running as secondary Jailhouse
 guest
To:     "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>
Cc:     x86@kernel.org,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        jailhouse-dev@googlegroups.com
References: <cover.1510817211.git.jan.kiszka@siemens.com>
 <6c61ceb7-e3fe-57a8-de50-e8f573d18cfd@zytor.com>
From:   Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <4fd4a154-4f84-9ee4-a96f-23a84e7bc75c@siemens.com>
Date:   Mon, 20 Nov 2017 08:00:20 +0100
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12)
 Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
In-Reply-To: <6c61ceb7-e3fe-57a8-de50-e8f573d18cfd@zytor.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

On 2017-11-18 22:15, H. Peter Anvin wrote:
> On 11/15/17 23:26, Jan Kiszka wrote:
>> This series paves the way to run Linux in so-called non-root cells
>> (guest partitions) of the Jailhouse hypervisor.
>>
>> Jailhouse [1] was started 4 years ago as an open-source (GPL) leight-
>> weight hypervisor that statically partitions SMP systems. It's unique in
>> that it uses one Linux instance, the root cell, as boot loader and
>> management console. Jailhouse targets use cases for hard real-time and
>> safety-critical systems that KVM cannot cater due to its inherent
>> complexity.
>>
>> Jaihouse can run bare-metal, free and closed-source RTOSes as secondary
>> guests and, with this series, also x86 Linux instances. While ARM and
>> ARM64 non-root Linux guests are feasible without extra patches, thanks
>> to the high configurability via device trees, x86 requires special
>> platform support, mostly to step away from non-existing resources in a
>> non-root Jailhouse cell.
>>
> 
> Could you please write a single summary about the virtualization holes
> in Jailhouse that you are papering over?

Actually, we are not virtualizing any full device in Jailhouse. That is
an architectural decision that allows to keep the critical code base
very small (9200 LOC on Intel right now). So, anything that is not there
multiple times is not exposed or problematic state modifications are
blocked.

That leaves the non-root cells with:
- local CPU resources (processor, LAPIC etc.)
- exclusive memory regions
- exclusive PCI devices (or functions)
- read access to the PM timer (as clocksource)
- exclusively assigned pins on the IOAPIC (if any - it's not
  recommended to partition it)
- virtual shared memory devices for inter-cell communication

Thus, the list of non-existing x86 resources and features:
- LPC with all its legacy devices like PIT, PIC, RTC, SMBus etc.
  (unless you decide to pass one through exclusively)
- HPET
- normal PCI bus topology
- BIOS / UEFI firmware services, including ACPI enumeration (that lacks
  means to describe absence of PC platform devices anyway)
- mass storage or network virtualization - sharing such devices is not
  in the scope of the hypervisor
- no restart interface

Deviations and restrictions:
- CPU start address is configurable, typically set to 0 - but that's
  handled by the boot loader (comes with Jailhouse)
- LAPIC can only be operated in flat mode, and the content of LDR is
  frozen

Jan

-- 
Siemens AG, Corporate Technology, CT RDA ITP SES-DE
Corporate Competence Center Embedded Linux

From 1584466790650109912@xxx Sun Nov 19 04:21:23 +0000 2017
X-GM-THRID: 1584207726806216160
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread