On 18.10.21 06:24, Zheng Chuan wrote:
> Hi, Jan.
>
> On 2021/10/14 17:34, Jan Kiszka wrote:
>> On 12.10.21 13:57, Zheng Chuan wrote:
>>> Hi all,
>>>
>>> After reading the code of jailhouse, I have a few questions.
>>> 1.Once Jailhouse is activated, the boot Linux will run as a VM. If it is
>>> possible to run VM by KVM(nested mode) in the root cell?
>>>
>>
>> Nope, but you can find traces of an attempt in
>> https://github.com/siemens/jailhouse/commits/wip/kvm
>>
> OK. I'll look into it.
>
>>> 2.I wonder why the root cell need to runs in guest mode? Whether jailhouse
>>> can run root cell in host mode, create KVM VM inside
>>> root cell. So jailhouse can support both partition and VM.
>>
>> Two main reasons:
>>
>> - security/safety: If you leave the root Linux running in host mode, it
>> becomes part of the trusted code base, increasing it by a "few"
>> orders of magnitude
>> - functionality: only by intercepting certain I/O accesses, Jailhouse
>> is able to emulate the ivshmem devices
>>
> OK, I got it
>>>
>>> 3.When create a non-root cell, the jailhouse driver executes cpu_down() to
>>> offline CPUs, but the offline CPU seems to be running
>>> and respond to interruptions. And the hypervisor seems to have done nothing
>>> to wake up the CPUs(assigned to non-root cell),
>>> or did I miss the important part of the code?
>>
>> The offlined and then "stolen" CPUs of the non-root cell are first
>> parked and then finally started again at (amost) architectural reset
>> state when doing "jailhouse cell start". On x86, you can see the SIPIs
>> being injected for that in the Jailhouse log.
>>
> Yes. However, I am still a little confused about the status of "offline" cpu.
> i. On x86, is it at real mode or protected mode after we do cpu_down() within
> vmlanuch?
> ii. is that different from cpu_down() of host?
> iii. on x86,does it conflict with the bootstrap of linux guest since the
> kernel will do transform from real mode to protected mode?
We hand over the CPUs in real-mode, as architecturally defined. The only
differences are:
- reset address can be configured to be different to 0xFFFFFFF0
- all CPUs are started at once in a new cell, not just a single boot-
strap processor
You can study that by looking at inmates/lib/x86/header-{32,64}.S. This
is the code run first after cell start when using our own inmates.
Jan
--
Siemens AG, T RDA IOT
Corporate Competence Center Embedded Linux
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jailhouse-dev/1c48728d-c3f1-a30d-3c52-0ae68f11b040%40siemens.com.
