Siemens kampani kumasulidwa kwaulere kwa hypervisor . Hypervisor imathandizira machitidwe a x86_64 okhala ndi VMX + EPT kapena SVM + NPT (AMD-V) zowonjezera, komanso ma processor a ARMv7 ndi ARMv8/ARM64 okhala ndi zowonjezera zowonjezera. Payokha jenereta yazithunzi ya Jailhouse hypervisor, yopangidwa kutengera phukusi la Debian la zida zothandizira. Project kodi zololedwa pansi pa GPLv2.
Hypervisor imayikidwa ngati gawo la Linux kernel ndipo imapereka virtualization pamlingo wa kernel. Zida zamakina a alendo zaphatikizidwa kale mu Linux kernel. Kuwongolera kudzipatula, njira zogwiritsira ntchito hardware zoperekedwa ndi ma CPU amakono zimagwiritsidwa ntchito. Zodziwika bwino za Jailhouse ndikukhazikitsa kwake kopepuka komanso kuyang'ana kwambiri kumangiriza makina okhazikika ku CPU yokhazikika, dera la RAM ndi zida za Hardware. Njirayi imalola seva imodzi yamagulu ambiri kuti ithandizire kugwira ntchito kwa malo angapo odziyimira pawokha, omwe amaperekedwa pachimake chake cha purosesa.
Ndi cholumikizira cholimba ku CPU, kuwongolera kwa hypervisor kumachepetsedwa ndipo kukhazikitsidwa kwake kumakhala kosavuta, chifukwa palibe chifukwa choyendetsera dongosolo logawa zinthu - kugawa gawo lapadera la CPU kumatsimikizira kuti palibe ntchito zina zomwe zimachitidwa pa CPU iyi. . Ubwino wa njirayi ndi kuthekera kopereka mwayi wotsimikizika wazinthu ndi magwiridwe antchito odziwikiratu, zomwe zimapangitsa Jailhouse kukhala yankho loyenera popanga ntchito zomwe zimachitika munthawi yeniyeni. Chotsitsacho ndikuchepa kwapang'onopang'ono, kocheperako ndi kuchuluka kwa ma CPU cores.
Mu terminology ya Jailhouse, malo enieni amatchedwa "makamera" (selo, m'malo andende). Mkati mwa kamera, makinawa amawoneka ngati seva ya processor imodzi yomwe ikuwonetsa magwiridwe antchito ku magwiridwe antchito a CPU odzipereka. Kamera imatha kuyendetsa chilengedwe cha makina ogwiritsira ntchito mosasamala, komanso malo ochotsedwa kuti agwiritse ntchito pulogalamu imodzi kapena mapulogalamu okonzekera mwapadera omwe amapangidwira kuthetsa mavuto enieni. Kukonzekera kwakhazikitsidwa , zomwe zimatsimikizira CPU, zigawo zokumbukira, ndi madoko a I/O operekedwa ku chilengedwe.
Mu kumasulidwa kwatsopano
- Thandizo lowonjezera la Raspberry Pi 4 Model B ndi Texas Instruments J721E-EVM nsanja;
- chipangizo cha ivshmem chomwe chimagwiritsidwa ntchito kukonza kulumikizana pakati pa ma cell. Pamwamba pa ivshmem yatsopano, mutha kugwiritsa ntchito zoyendera VIRTIO;
- Yakhazikitsa kuthekera koletsa kupanga masamba akulu okumbukira (tsamba lalikulu) kuti aletse chiwopsezo. mu ma processor a Intel, omwe amalola woukira wopanda mwayi kuyambitsa kukana ntchito zomwe zimapangitsa kuti dongosolo likhale mu "Machine Check Error";
- Kwa makina okhala ndi ma processor a ARM64, chithandizo cha SMMUv3 (System Memory Management Unit) ndi TI PVU (Peripheral Virtualization Unit) chimakhazikitsidwa. Thandizo la PCI lawonjezedwa kumadera akutali omwe akuyenda pamwamba pa zida (zopanda zitsulo);
- Pa machitidwe a x86 a makamera a mizu, ndizotheka kuthandizira njira ya CR4.UMIP (User-Mode Instruction Prevention) yoperekedwa ndi Intel processors, yomwe imakupatsani mwayi woletsa kuphedwa pamalo ogwiritsira ntchito malangizo ena, monga SGDT, SLDT, SIDT. , SMSW ndi STR, zomwe zingagwiritsidwe ntchito kuukira , cholinga chowonjezera mwayi mu dongosolo.
Source: opennet.ru