Siemens tuam txhab pub dawb hypervisor tso tawm . Lub hypervisor txhawb nqa x86_64 systems nrog VMX + EPT lossis SVM + NPT (AMD-V) txuas ntxiv, nrog rau ARMv7 thiab ARMv8 / ARM64 processors nrog virtualization txuas ntxiv. Cais duab generator rau Jailhouse hypervisor, tsim los ntawm Debian pob khoom rau cov khoom siv txhawb nqa. Qhov project code muaj ntawv tso cai raws li GPLv2.
Lub hypervisor yog siv los ua ib qho module rau Linux ntsiav thiab muab virtualization ntawm qib kernel. Cheebtsam rau cov qhua tshuab tau suav nrog hauv lub ntsiab Linux ntsiav. Txhawm rau tswj kev sib cais, cov cuab yeej kho vajtse virtualization muab los ntawm CPUs niaj hnub siv. Cov yam ntxwv tshwj xeeb ntawm Jailhouse yog nws qhov kev siv lub teeb yuag thiab tsom mus rau kev khi cov tshuab virtual rau lub CPU ruaj khov, RAM cheeb tsam thiab cov khoom siv kho vajtse. Txoj hauv kev no tso cai rau ib lub cev multiprocessor server los txhawb kev ua haujlwm ntawm ntau qhov kev ywj pheej virtual ib puag ncig, txhua tus tau muab rau nws tus kheej processor core.
Nrog rau qhov sib txuas nruj rau CPU, cov nyiaj siv ua haujlwm ntawm tus neeg saib xyuas raug txo qis thiab nws qhov kev siv tau yooj yim heev, vim tias tsis tas yuav tsum tau khiav lub sijhawm sib faib cov peev txheej nyuaj - faib cov tub ntxhais CPU cais kom tsis txhob muaj lwm yam dej num raug ua tiav ntawm CPU no. . Qhov kom zoo dua ntawm txoj hauv kev no yog lub peev xwm los muab kev lees paub rau kev nkag mus rau cov peev txheej thiab kev ua haujlwm tau zoo, uas ua rau Jailhouse qhov kev daws teeb meem tsim nyog rau kev tsim cov haujlwm ua tiav hauv lub sijhawm. Lub downside yog txwv scalability, txwv los ntawm tus naj npawb ntawm CPU cores.
Hauv Jailhouse terminology, ib puag ncig virtual hu ua "lub koob yees duab" (cell, hauv cov ntsiab lus hauv tsev kaw neeg). Nyob rau hauv lub koob yees duab, lub kaw lus zoo li ib leeg-processor server uas qhia kev ua tau zoo rau kev ua haujlwm ntawm lub siab CPU core. Lub koob yees duab tuaj yeem khiav ib puag ncig ntawm qhov kev ua haujlwm tsis txaus ntseeg, nrog rau cov chaw ua haujlwm tsis zoo rau kev khiav ib daim ntawv thov lossis npaj tshwj xeeb rau cov ntawv thov tsim los daws cov teeb meem tiag tiag. Lub configuration yog teem rau hauv , uas txiav txim siab CPU, thaj chaw nco, thiab I / O cov chaw nres nkoj faib rau ib puag ncig.
Hauv kev tso tawm tshiab
- Ntxiv kev txhawb nqa rau Raspberry Pi 4 Model B thiab Texas Instruments J721E-EVM platforms;
- ivshmem ntaus ntawv siv los teeb tsa kev sib cuam tshuam ntawm cov hlwb. Nyob rau sab saum toj ntawm ivshmem tshiab, koj tuaj yeem siv kev thauj mus los rau VIRTIO;
- Siv lub peev xwm los lov tes taw tsim cov nplooj ntawv nco loj (hugepage) los thaiv qhov tsis zoo nyob rau hauv Intel processors, uas tso cai rau ib tug unprivileged attacker pib ib tug tsis lees paub ntawm kev pab cuam uas ua rau ib tug system dai nyob rau hauv lub "Machine Check yuam kev" xeev;
- Rau cov tshuab nrog ARM64 processors, kev txhawb nqa rau SMMUv3 (System Memory Management Unit) thiab TI PVU (Peripheral Virtualization Unit) yog siv. Kev them nyiaj yug PCI tau ntxiv rau qhov chaw nyob ib puag ncig uas khiav mus rau sab saum toj ntawm cov khoom siv (liab-hlau);
- Ntawm x86 systems rau cov koob yees duab hauv paus, nws muaj peev xwm ua kom lub CR4.UMIP (User-Mode Instruction Prevention) hom muab los ntawm Intel processors, uas tso cai rau koj txwv tsis pub ua tiav qee cov lus qhia hauv cov neeg siv qhov chaw, xws li SGDT, SLDT, SIDT. , SMSW thiab STR, uas tuaj yeem siv rau hauv kev tawm tsam, tsom rau kev nce cov cai hauv lub cev.
Tau qhov twg los: opennet.ru