Hi, Jan. On 2021/10/14 17:34, Jan Kiszka wrote: > On 12.10.21 13:57, Zheng Chuan wrote: >> Hi all, >> >> After reading the code of jailhouse, I have a few questions. >> 1.Once Jailhouse is activated, the boot Linux will run as a VM. If it is >> possible to run VM by KVM(nested mode) in the root cell? >> > > Nope, but you can find traces of an attempt in > https://github.com/siemens/jailhouse/commits/wip/kvm > OK. I'll look into it.
>> 2.I wonder why the root cell need to runs in guest mode? Whether jailhouse >> can run root cell in host mode, create KVM VM inside >> root cell. So jailhouse can support both partition and VM. > > Two main reasons: > > - security/safety: If you leave the root Linux running in host mode, it > becomes part of the trusted code base, increasing it by a "few" > orders of magnitude > - functionality: only by intercepting certain I/O accesses, Jailhouse > is able to emulate the ivshmem devices > OK, I got it >> >> 3.When create a non-root cell, the jailhouse driver executes cpu_down() to >> offline CPUs, but the offline CPU seems to be running >> and respond to interruptions. And the hypervisor seems to have done nothing >> to wake up the CPUs(assigned to non-root cell), >> or did I miss the important part of the code? > > The offlined and then "stolen" CPUs of the non-root cell are first > parked and then finally started again at (amost) architectural reset > state when doing "jailhouse cell start". On x86, you can see the SIPIs > being injected for that in the Jailhouse log. > Yes. However, I am still a little confused about the status of "offline" cpu. i. On x86, is it at real mode or protected mode after we do cpu_down() within vmlanuch? ii. is that different from cpu_down() of host? iii. on x86,does it conflict with the bootstrap of linux guest since the kernel will do transform from real mode to protected mode? > Jan > -- Regards. Chuan -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/ff1a563e-1e41-dd4d-9899-67f8de4d11bf%40huawei.com.
