On 2021/10/18 13:41, Jan Kiszka wrote:
> On 18.10.21 06:24, Zheng Chuan wrote:
>> Hi, Jan.
>>
>> On 2021/10/14 17:34, Jan Kiszka wrote:
>>> On 12.10.21 13:57, Zheng Chuan wrote:
>>>> Hi all,
>>>>
>>>> After reading the code of jailhouse, I have a few questions.
>>>> 1.Once Jailhouse is activated, the boot Linux will run as a VM. If it is
>>>> possible to run VM by KVM(nested mode) in the root cell?
>>>>
>>>
>>> Nope, but you can find traces of an attempt in
>>> https://github.com/siemens/jailhouse/commits/wip/kvm
>>>
>> OK. I'll look into it.
>>
>>>> 2.I wonder why the root cell need to runs in guest mode? Whether jailhouse
>>>> can run root cell in host mode, create KVM VM inside
>>>> root cell. So jailhouse can support both partition and VM.
>>>
>>> Two main reasons:
>>>
>>> - security/safety: If you leave the root Linux running in host mode, it
>>> becomes part of the trusted code base, increasing it by a "few"
>>> orders of magnitude
>>> - functionality: only by intercepting certain I/O accesses, Jailhouse
>>> is able to emulate the ivshmem devices
>>>
>> OK, I got it
>>>>
>>>> 3.When create a non-root cell, the jailhouse driver executes cpu_down() to
>>>> offline CPUs, but the offline CPU seems to be running
>>>> and respond to interruptions. And the hypervisor seems to have done
>>>> nothing to wake up the CPUs(assigned to non-root cell),
>>>> or did I miss the important part of the code?
>>>
>>> The offlined and then "stolen" CPUs of the non-root cell are first
>>> parked and then finally started again at (amost) architectural reset
>>> state when doing "jailhouse cell start". On x86, you can see the SIPIs
>>> being injected for that in the Jailhouse log.
>>>
>> Yes. However, I am still a little confused about the status of "offline" cpu.
>> i. On x86, is it at real mode or protected mode after we do cpu_down()
>> within vmlanuch?
>> ii. is that different from cpu_down() of host?
>> iii. on x86,does it conflict with the bootstrap of linux guest since the
>> kernel will do transform from real mode to protected mode?
>
> We hand over the CPUs in real-mode, as architecturally defined. The only
> differences are:
>
> - reset address can be configured to be different to 0xFFFFFFF0
> - all CPUs are started at once in a new cell, not just a single boot-
> strap processor
>
> You can study that by looking at inmates/lib/x86/header-{32,64}.S. This
> is the code run first after cell start when using our own inmates.
>
> Jan
>
OK, Let me list the initialization of non-root cell in my mind.
1. When we do cell_create, the cpus we wanted are "offline" by the root cell
module. now the "offline" cpus are in real-mode with vmlanuch.
2. The jailhouse sends nmi, and the wanted cpus do vm-exits into jailhouse
(well, i am not sure can cpu response the nmi in real-mode?)
3. The jailhouse will park them and point the rip into parking_code, and then
the cpus will do hlt code after vm-entry
4. When we do cell_start, the jailhouse sends nmi again, the wanted cpus do
vm-exits into jailhouse.
5. The jailhouse will reset the rip into 0xFFFFFFF0, and the cpus will do
vm-entry after arch_reset_cpu().
6. ok, the /lib/x86/header-{32,64}.S turns on, and also the jailhouse will work
while the inmates sends the sint and sipi.
Is that right?
--
Regards.
Chuan
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jailhouse-dev/1ff4c02a-d29f-98de-907d-0954bd3ae3b1%40huawei.com.
