Am Thu, 10 Nov 2016 09:29:05 +0000 schrieb "Koehrer Mathias (ETAS/ESW5)" <mathias.koeh...@etas.com>:
> Viele Grüße > > Mathias > > Hi Henning, > > > > A general questions on the root cell configuration: > > > If I understand this correctly, this configuration has to reflect > > > the full resources of the PC it is running on. > > > Even if the goal is to get exactly one non-root cell having > > > access to one PCI device I have to provide the full list of PCI > > > devices, memory regions etc. in the root cell configuration? Or > > > is it possible to reduce the root cell configuration to resources > > > that are actually to be relevant? I.e. in my example the CPU, the > > > RAM and the relevant PCI device is relevant only but nothing > > > else. > > > > If you want resources not assigned to any cell you can just remove > > them from the root-cell config. I would do that step by step. > > Taking resources away from Linux you might have to "tell" Linux not > > to use/expect them anymore. In practice that means unloading driver > > modules, unbinding drivers or changing the kernel config to disable > > these drivers. If Linux is still trying to use a resource that the > > hypervisor does not allow, the root cell will get an access > > violation and will be stopped. That is the reason why the generated > > config will just assign all resources to Linux. > OK got it. To make Linux running as usually (apart from missing CPU > cores...), it must have the full list of resources. > Is it somehow possible to provide a "negative" list instead of a > "positive" list to the root cell? Something like: Everything can be > accesses but not this resource? Or is this in contrast to the > mechanisms that are provided by the hypervisor? (I am not an > hypervisor expert at all...). You could probably have a dummy non-root cell, one you maybe never load/start but create. I just tried it, jailhouse lets you create a cell with no CPUs. And also with no memory assigned. However i am not sure whether that is a feature you can rely on. In the case of no CPU load and start work, but nothing is actually happening. In the case of no memory load fails with EINVAL. Would it make sense to return an error on the start on 0 cpus? Mathias, what exactly is your use-case for parking resources? Seems to make sense as a measure of interference avoidance. > Regards > > Mathias > > -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to jailhouse-dev+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
