In trying to get the tiny-demo send logs to jailhouse debug console I found that:
- inmate lib handling of cmdline is broken
- inmate lib detection whether to use VMCALL (Intel) or VMMCALL (AMD) instructions to do hypercalls is broken

I found fixes but I'd like to discuss how to properly address the issues

I -  cmdline

I.1 - problem

according to inmates/lib/x86/
cmdline is located at offset 0x100 in the running inmate
it contains one byte (a zero).
inmate code starts at 0x101

according to Documentation/
command line parameters are specified using -s <STRING>

lastly, cell_shutdown_load() in tools/jailhouse.c considers "-s <STRING>" as a second image to be loaded

so the command

jailhouse cell load --name tiny-demo inmates/demos/x86/tiny-demo.bin -s "con-type=JAILHOUSE"

has the following effect:

load_image() @ driver/cell.c uses the first available memory_region and copies inmates/demos/x86/tiny-demo.bin
to that location
then load_image() actually uses the same memory_region (same physical start but ioremapped at a different location)
and overwrites the first bytes of inmates/demos/x86/tiny-demo.bin.

Unexpectedly, the string "con-type=JAILHOUSE" happen to correspond to executable code bytes and it does "something" on my system.

I.2 - possible solution

the simplest way to solve this is:
- reserve say the rest of the first page to boot code and command line: a patch can do the job - change jailhouse.c to load the fake image at offset 0x100 (updating target_address) so that driver.c does not override the .boot section

If this is acceptable for now, I can publish patches.


II.1 - problem
hypercall_init() @ checks for X86_FEATURE_VMX to use either VMCALL or VMMCALL. but vcpu_handle_cpuid() @ hypervisor/arch/x86/vcpu.c always clears this bit for non root cell. Thus, hypercalls in non AMD system do not work at all in non-root cells based on inmates demo code!

II.2 - possible solution

Linux as a guest uses a "synthetic" bit, X86_FEATURE_VMMCALL,
to detect proper alternative
ALTERNATIVE(".byte 0x0f,0x01,0xc1", ".byte 0x0f,0x01,0xd9", X86_FEATURE_VMMCALL)

I would suggest the same, adding a bit in cpuid leaf (JAILHOUSE_CPUID_FEATURES).


You received this message because you are subscribed to the Google Groups 
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
For more options, visit

Reply via email to