Siemens free hypervisor release . The hypervisor supports x86_64 systems with VMX+EPT or SVM+NPT (AMD-V) extensions, as well as ARMv7 and ARMv8/ARM64 processors with virtualization extensions. Separately Jailhouse hypervisor image generator based on packages Debian for supported devices. Project code licensed under GPLv2.
The hypervisor is implemented as a module for the kernel Linux and provides kernel-level virtualization. Components for guest systems are already included in the main kernel. LinuxJailhouse uses hardware virtualization mechanisms provided by modern CPUs to manage isolation. Jailhouse's distinctive features include its lightweight implementation and focus on binding virtual machines to a fixed CPU, RAM, and hardware devices. This approach allows for multiple independent virtual environments, each assigned to its own processor core, to be run on a single physical multiprocessor server.
With a hard binding to the CPU, the overhead of the hypervisor is minimized and its implementation is greatly simplified, since there is no need to execute a complex resource allocation scheduler - the allocation of a separate CPU core ensures that no other tasks are performed on this CPU. The advantage of this approach is the ability to provide guaranteed access to resources and predictable performance, which makes Jailhouse a suitable solution for creating real-time tasks. The downside is limited scalability, limited by the number of CPU cores.
In Jailhouse terminology, virtual environments are referred to as "cameras" (cells, in the context of jailhouse). Inside the camera, the system looks like a single-socket server, showing performance to the performance of a dedicated CPU core. The camera can run an arbitrary operating system environment, as well as truncated environments for running one application or specially prepared individual applications designed to solve real-time tasks. The configuration is set in , which determine the CPU allocated to the environment, memory regions and I / O ports.
In the new release
- Added support for Marvell MACCHIATObin, Xilinx Ultra96,
Microsys miriac SBC-LS1046A and Texas Instruments AM654 IDK; - Added statistics for each CPU core;
- Reset of PCI-devices at camera shutdown is provided;
- The Device Tree structure has been adapted to the latest kernel releases. Linux;
- Added protection against Specter v64 attacks for ARM and ARM2 platforms. The qemu-arm64 settings take into account changes from the latest QEMU releases. Fixed PSCI flashing issues on Orange Pi Zero boards.
- For the x86 platform, when running demo environments (inmates), the use of SSE and AVX instructions has been enabled, and an exception report has been added.
Of the plans for the future, there is a long-awaited support for IOMMUv3, an increase in the efficiency of using the processor cache (), fixing APIC issues on AMD Ryzen processors, redesigning the ivshmem device, and pushing drivers into the main kernel.
Source: opennet.ru
