Skip to content

Flox35/jailhouse

 
 

Repository files navigation

JAILHOUSE
=========

Jailhouse is a partitioning Hypervisor based on Linux. It is able to run
bare-metal applications or (adapted) operating systems besides Linux. For this
purpose it configures CPU and device virtualization features of the hardware
platform in a way that none of these domains, called "cells" here, can
interfere with each other in an unacceptable way.

Jailhouse is optimized for simplicity rather than feature richness. Unlike
full-featured Linux-based hypervisors like KVM or Xen, Jailhouse does not
support overcommitment of resources like CPUs, RAM or devices. It performs no
scheduling and only virtualizes those resources in software, that are essential
for a platform and cannot be partitioned in hardware.

Once Jailhouse is activated, it runs bare-metal, i.e. it takes full control
over the hardware and needs no external support. However, in contrast to other
bare-metal hypervisors, it is loaded and configured by a normal Linux system.
Its management interface is based on Linux infrastructure. So you boot Linux
first, then you enable Jailhouse and finally you split off parts of the
system's resources and assign them to additional cells.


WARNING: This is work in progress! Don't expect things to be complete in any
dimension. Use at your own risk. And keep the reset button in reach.


Community
---------

Project home:   https://github.com/siemens/jailhouse

git:            https://github.com/siemens/jailhouse.git
                git@github.com:siemens/jailhouse.git

Mailing list:   jailhouse-dev@googlegroups.com
 Subscription:  jailhouse-dev+subscribe@googlegroups.com
                https://groups.google.com/forum/#!forum/jailhouse-dev/join
 Archives:      http://news.gmane.org/gmane.linux.jailhouse


Requirements (preliminary)
--------------------------

currently:
 - Intel x86 processor with support for 64-bit and VMX, more precisely
    - EPT (extended page tables)
    - unrestricted guest mode
    - preemption timer
 - Intel IOMMU (VT-d) with interrupt remapping support
   (except when running inside QEMU)
 - at least 2 logical CPUs
 - x86-64 Linux kernel (tested against >= 3.9)
    - VT-d IOMMU usage (DMAR) has to be disabled in the Linux kernel, e.g. via
      the command line parameter:

          intel_iommu=off

    - To exploit the faster x2APIC, interrupt remapping needs to be on in the
      kernel (check for CONFIG_IRQ_REMAP)


Build & Installation
--------------------

Simply run make, optionally specifying the target kernel directory:

    make [KERNELDIR=/path/to/kernel/objects]

The command line tool "jailhouse" requires a separate make run from within the
tools/ directory.

Except for the hypervisor image jailhouse.bin that has to be available in the
firmware search path (invoke "make firmware_install" for this), you can run
Jailhouse from the build directory. Alternatively, install everything on the
target machine by calling "make install" both from the top-level directory and
the tools directory.


Configuration
-------------

Jailhouse requires one configuration file for the complete system and one for
each additional cell beside Linux. The configuration is currently being
defined manually by filling C structures. To study the structure, use
configs/qemu-vm.c for a system configuration and configs/apic-demo.c for a cell
configuration as reference. The build system will pick up every .c file from
the configs/ directory and generate a corresponding .cell file. .cell files can
then be passed to the jailhouse command line tool for enabling the hypervisor
and creating new cells.


Demonstration in QEMU/KVM
-------------------------

The included system configuration qemu-vm.c can be used to run Jailhouse in
QEMU/KVM virtual machine on Intel x86 hosts. Currently it requires kvm.git,
next branch on the host. 3.17 is expected to include all necessary features
for this setup. QEMU is required in a recent version (2.1) as well if you want
to use the configuration file included in the source tree.

You also need a Linux guest image with a recent kernel (tested with >= 3.9) and
the ability to build a module for this kernel. Make sure the kvm-intel module
was loaded with nested=1 to enable nested VMX support. Start the virtual
machine as follows:

    qemu-system-x86_64 -machine q35 -m 1G -enable-kvm -smp 4 \
        -cpu kvm64,-kvm_pv_eoi,-kvm_steal_time,-kvm_asyncpf,-kvmclock,+vmx,+x2apic \
        -drive file=LinuxInstallation.img,id=disk,if=none \
        -device ide-hd,drive=disk -serial stdio -serial vc \
        -device intel-hda,addr=1b.0 -device hda-duplex

Inside the VM, make sure that jailhouse.bin, generated by the build process,
is available for firmware loading (typically /lib/firmware), see above for
installation steps.

The hypervisor requires a contiguous piece of RAM for itself and each
additional cell. This currently has to be pre-allocated during boot-up. So you
need to add

    memmap=66M$0x3b000000

as parameter to the command line of the virtual machine's kernel. Reboot the
guest and load jailhouse.ko. Then enable Jailhouse like this:

    jailhouse enable /path/to/qemu-vm.cell

Next you can create a cell with a demonstration application as follows:

    jailhouse cell create /path/to/apic-demo.cell
    jailhouse cell load apic-demo /path/to/apic-demo.bin -a 0xf0000
    jailhouse cell start apic-demo

apic-demo.bin is left by the built process in the inmates/demos/x86 directory.
This application will program the APIC timer interrupt to fire at 10 Hz,
measuring the jitter against the PM timer and displaying the result on the
console. Given that this demonstration runs in a virtual machine, obviously
no decent latencies should be expected.

After creation, cells are addressed via the command line tool by providing
their names or their runtime-assigned IDs. You can obtain information about
active cells this way:

    jailhouse cell list

Cell destruction is performed by specifying the configuration file of the
desired cell. This command will destroy the apic-demo:

    jailhouse cell destroy apic-demo

Note that the first destruction or shutdown request on the apic-demo cell will
fail. The reason is that this cell contains logic to demonstrate an ordered
shutdown as well as the ability of a cell to reject shutdown requests.

The apic-demo cell has another special property for demonstration purposes: As
long as it is running, no cell reconfigurations can be performed - the
apic-demo locks the hypervisor in this regard. In order to destroy another cell
or create an additional one, shut down the apic-demo first.

    jailhouse cell shutdown apic-demo  # call again if error is returned

To demonstrate the execution of a second, non-Linux cell, issue the following
commands:

    jailhouse cell create /path/to/pci-demo.cell
    jailhouse cell load pci-demo /path/to/pci-demo.bin -a 0xf0000
    jailhouse cell start pci-demo

The pci-demo will use the second serial port provided by QEMU. You will find
its output in a virtual console of the QEMU window. The purpose of this demo is
to show basic PCI device configuration and MSI handling.

While cell configurations are locked, it is still possible, though, to reload
the content of existing cell (provided they accept their shutdown first). To
reload and restart the tiny-demo, issue the following commands:

    jailhouse cell start apic-demo
    jailhouse cell load pci-demo /path/to/pci-demo.bin -a 0xf0000
    jailhouse cell start pci-demo

Finally, Jailhouse is can be stopped completely again:

    jailhouse disable  # call again on error due to running apic-demo

All non-Linux cells running at that point will be destroyed, and resources
will be returned to Linux.

About

Linux-based partitioning hypervisor

Resources

License

Stars

Watchers

Forks

Packages

No packages published