Kamupani Siemens tu'u fua hypervisor . E lagolagoina e le hypervisor faiga x86_64 faʻatasi ai ma VMX + EPT poʻo SVM + NPT (AMD-V) faʻaopoopoga, faʻapea foʻi ma ARMv7 ma ARMv8 / ARM64 faʻapipiʻi faʻatasi ma faʻaopoopoga virtualization. Tuueseese fa'atupu ata mo le Jailhouse hypervisor, fa'avae i luga o afifi Debian mo masini lagolago. Poloketi code laiseneina ile GPLv2.
O le hypervisor o loʻo faʻatinoina e avea o se module mo le Linux kernel ma tuʻuina atu le virtualization i le kernel level. O vaega mo malo faʻapitoa ua uma ona aofia i totonu ole fatu autu Linux. Ina ia pulea le faʻaesea, o loʻo faʻaogaina meafaigaluega faʻapitoa e saunia e PPU faʻaonaponei. O uiga iloga o le Jailhouse o lona faʻatinoga mama ma taulaʻi i le faʻapipiʻiina o masini komepiuta i se CPU faʻamautu, vaega RAM ma masini masini. O lenei auala e mafai ai e se tasi faʻaumau multiprocessor faaletino ona lagolagoina le faʻaogaina o le tele o siʻosiʻomaga faʻapitoa tutoʻatasi, o ia mea uma e tuʻuina atu i lana lava faʻasologa autu.
Faatasi ai ma se sootaga vavalalata i le PPU, o le pito i luga ole hypervisor e faʻaitiitia ma o lona faʻatinoga e matua faʻafaigofieina, talu ai e leai se manaʻoga e faʻatautaia se faʻatulagaina o punaoa faʻapitoa - tuʻufaʻatasia se eseʻese CPU e mautinoa ai e leai se isi galuega e faia i lenei PPU. . O le lelei o lenei auala o le mafai lea ona tuʻuina atu avanoa faʻamaonia i punaoa ma faʻatinoga faʻatino, lea e avea ai le Jailhouse ma fofo talafeagai mo le fatuina o galuega e faia i le taimi moni. O le pito i lalo e faʻatapulaʻaina le faʻaogaina, faʻatapulaʻaina e le numera o pusa CPU.
I faaupuga a le Falepuipui, o si'osi'omaga mata'utia e ta'ua o “meapueata” (selau, i le tulaga o le falepuipui). I totonu o le meapueata, o le faiga e foliga mai o se 'auʻaunaga faʻapipiʻi tasi e faʻaalia le faʻatinoga i le faʻatinoga o se CPU faʻapitoa. E mafai e le meapu'eata ona fa'atautaia le si'osi'omaga o se faiga fa'agaioia, fa'apea fo'i ma si'osi'omaga e fa'agasolo i lalo mo le fa'agaioia o le tasi talosaga po'o le saunia fa'apitoa o talosaga ta'ito'atasi ua fuafuaina e fo'ia fa'afitauli fa'aletonu. Ua setiina le faatulagaga i totonu , lea e fuafua ai le PPU, itulagi manatua, ma I/O ports e fa'asoa i le si'osi'omaga.
I le fa'asalalauga fou
- Faʻaopoopo le lagolago mo Raspberry Pi 4 Model B ma Texas Instruments J721E-EVM faʻavae;
- ivshmem masini e faʻaogaina e faʻatulaga ai fegalegaleaiga i le va o sela. I luga o le ivshmem fou, e mafai ona e faʻatinoina se felauaiga mo VIRTIO;
- Faʻatinoina le gafatia e faʻamalo ai le fausiaina o itulau manatua tetele (tulaga tele) e poloka ai le faʻafitauli i Intel processors, lea e mafai ai e se tagata osofaʻi e le faʻamaonia ona amataina se faʻafitia o le tautua e mafua ai se faiga e tautau i le "Machine Check Error" setete;
- Mo faiga faʻapipiʻi ARM64, lagolago mo SMMUv3 (System Memory Management Unit) ma TI PVU (Peripheral Virtualization Unit) o loʻo faʻatinoina. O lo'o fa'aopoopoina le lagolago a le PCI mo si'osi'omaga tu'ufua o lo'o tamo'e i luga a'e o masini (uamea-uamea);
- На системах x86 для корневых камер реализована возможность включения предоставляемого процессорами Intel режима CR4.UMIP (User-Mode Instruction Prevention), позволяющего запретить выполнение в пространстве пользователя некоторых инструкций, таких как SGDT, SLDT, SIDT, SMSW и STR, которые могут применяться в атаках, нацеленных на повышение привилегий в системе.
puna: opennet.ru