Siemens free hypervisor release . The hypervisor supports x86_64 systems with VMX+EPT or SVM+NPT (AMD-V) extensions, as well as ARMv7 and ARMv8/ARM64 processors with virtualization extensions. Separately image generator for the Jailhouse hypervisor based on Debian packages for supported devices. Project code licensed under GPLv2.
The hypervisor is implemented as a module for the Linux kernel and provides virtualization at the kernel level. Components for guest systems are already included in the main Linux kernel. Isolation management uses hardware virtualization mechanisms provided by modern CPUs. Jailhouse's hallmarks are its lightweight implementation and focus on tying virtual machines to a fixed CPU, RAM area, and hardware devices. This approach allows one physical multiprocessor server to ensure the operation of several independent virtual environments, each of which is assigned to its own processor core.
With a hard binding to the CPU, the overhead of the hypervisor is minimized and its implementation is greatly simplified, since there is no need to execute a complex resource allocation scheduler - the allocation of a separate CPU core ensures that no other tasks are performed on this CPU. The advantage of this approach is the ability to provide guaranteed access to resources and predictable performance, which makes Jailhouse a suitable solution for creating real-time tasks. The downside is limited scalability, limited by the number of CPU cores.
In Jailhouse terminology, virtual environments are referred to as "cameras" (cells, in the context of jailhouse). Inside the camera, the system looks like a single-socket server, showing performance to the performance of a dedicated CPU core. The camera can run an arbitrary operating system environment, as well as truncated environments for running one application or specially prepared individual applications designed to solve real-time tasks. The configuration is set in , which determine the CPU allocated to the environment, memory regions and I / O ports.
In the new release
- Added support for Marvell MACCHIATObin, Xilinx Ultra96,
Microsys miriac SBC-LS1046A and Texas Instruments AM654 IDK; - Added statistics for each CPU core;
- Reset of PCI-devices at camera shutdown is provided;
- The Device Tree structure has been adapted for the latest releases of the Linux kernel;
- Added protection against Specter v64 attacks for ARM and ARM2 platforms. The qemu-arm64 settings take into account changes from the latest QEMU releases. Fixed PSCI flashing issues on Orange Pi Zero boards.
- For the x86 platform, when running demo environments (inmates), the use of SSE and AVX instructions has been enabled, and an exception report has been added.
Of the plans for the future, there is a long-awaited support for IOMMUv3, an increase in the efficiency of using the processor cache (), fixing APIC issues on AMD Ryzen processors, redesigning the ivshmem device, and pushing drivers into the main kernel.
Source: opennet.ru