开源软件名称(OpenSource Name):siemens/jailhouse开源软件地址(OpenSource Url):https://github.com/siemens/jailhouse开源编程语言(OpenSource Language):C 87.9%开源软件介绍(OpenSource Introduction):JAILHOUSEIntroductionJailhouse is a partitioning Hypervisor based on Linux. It is able to run bare-metal applications or (adapted) operating systems besides Linux. For this purpose, it configures CPU and device virtualization features of the hardware platform in a way that none of these domains, called "cells" here, can interfere with each other in an unacceptable way. Jailhouse is optimized for simplicity rather than feature richness. Unlike full-featured Linux-based hypervisors like KVM or Xen, Jailhouse does not support overcommitment of resources like CPUs, RAM or devices. It performs no scheduling and only virtualizes those resources in software, that are essential for a platform and cannot be partitioned in hardware. Once Jailhouse is activated, it runs bare-metal, i.e. it takes full control over the hardware and needs no external support. However, in contrast to other bare-metal hypervisors, it is loaded and configured by a normal Linux system. Its management interface is based on Linux infrastructure. So you boot Linux first, then you enable Jailhouse and finally you split off parts of the system's resources and assign them to additional cells. Community ResourcesProject home: Source code:
Demo and testing images: Frequently Asked Questions (FAQ):
IRC channel: Mailing list:
Continuous integration:
Static code analysis:
See the contribution documentation for details on how to write Jailhouse patches and propose them for upstream integration. Hardware requirements (preliminary)x86 architecture:
ARM architecture:
Software requirementsx86 architecture:
ARM architecture:
Build & InstallationSimply run
InstallationIt is recommended to install all of Jailhouse on your target machine. That will take care of a kernel module, the firmware, tools etc. Just call
from the top-level directory. The traditional Linux cross-compilation (i.e. Running without InstallationExcept for the hypervisor image
ConfigurationJailhouse requires one configuration file for the complete system and one for each additional cell besides the primary Linux. These .cell files have to be passed to the jailhouse command line tool for enabling the hypervisor or creating new cells. On x86, the required hardware capabilities can be validated by running
A system configuration can be created on an x86 target system by running the following command:
In order to translate this into the required binary form, place this file in the configs/x86/ directory. The build system will pick up every .c file from there and generate a corresponding .cell file. Currently, there is no config generator for the ARM architecture; therefore the config file must be manually written by starting from the reference examples and checking hardware-specific datasheets, DTS and /proc entries. Depending on the target system, the C structures may require some adjustments to make Jailhouse work properly or to reduce the desired access rights of the Linux root cell. Configurations for additional (non-root) cells currently require manual creation. To study the structures, use one of the demo cell configurations files as reference, e.g. configs/x86/apic-demo.c or configs/x86/e1000-demo.c. x86 Demonstration in QEMU/KVMNOTE: You can also build and execute the following demo steps with the help of the jailhouse-images side project at https://github.com/siemens/jailhouse-images. The included system configuration qemu-x86.c can be used to run Jailhouse in QEMU/KVM virtual machine on x86 hosts (Intel and AMD are supported). Currently it requires Linux 4.4 or newer on the host side. QEMU version 2.8 or newer is required. You also need a Linux guest image with a recent kernel (tested with >= 3.9) and the ability to build a module for this kernel. Further steps depend on the type of CPU you have on your system. For Intel CPUs: Make sure the kvm-intel module was loaded with nested=1 to enable nested VMX support. Start the virtual machine as follows:
For AMD CPUs: Make sure the kvm-amd module was loaded with nested=1 to enable nested SVM support. Start the virtual machine as follows:
Inside the VM, make sure that The Jailhouse QEMU cell config will block use of the serial port by the guest OS, so make sure that the guest kernel command line does NOT have its console set to log to the serial port (ie remove any 'console=ttyS0' arguments from the grub config). Reboot the guest and load jailhouse.ko. Then enable Jailhouse like this:
Next you can create a cell with a demonstration application as follows:
apic-demo.bin is left by the built process in the inmates/demos/x86 directory. This application will program the APIC timer interrupt to fire at 10 Hz, measuring the jitter against the PM timer and displaying the result on the console. Given that this demonstration runs in a virtual machine, obviously no decent latencies should be expected. After creation, cells are addressed via the command line tool by providing their names or their runtime-assigned IDs. You can obtain information about active cells this way:
Cell destruction is performed by specifying the configuration file of the desired cell. This command will destroy the apic-demo:
Note that the first destruction or shutdown request on the apic-demo cell will fail. The reason is that this cell contains logic to demonstrate an ordered shutdown as well as the ability of a cell to reject shutdown requests. The apic-demo cell has another special property for demonstration purposes: As long as it is running, no cell reconfigurations can be performed - the apic-demo locks the hypervisor in this regard. In order to destroy another cell or create an additional one, shut down the apic-demo first.
To demonstrate the execution of a second, non-Linux cell, issue the following commands:
The pci-demo will use the second serial port provided by QEMU. You will find its output in a virtual console of the QEMU window. The purpose of this demo is to show basic PCI device configuration and MSI handling. While cell configurations are locked, it is still possible, though, to reload the content of existing cell (provided they accept their shutdown first). To reload and restart the tiny-demo, issue the following commands:
Finally, Jailhouse is can be stopped completely again:
All non-Linux cells running at that point will be destroyed, and resources will be returned to Linux. ARM64 Demonstration in QEMUSimilarly like x86, Jailhouse can be tried out in a completely emulated ARM64 (aarch64) environment under QEMU. QEMU version 3.0 or later is required. Start the QEMU machine like this:
Jailhouse can be started after loading its kernel module. Run:
The corresponding test to apic-demo on x86 is the gic-demo:
|
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论