Inkampani yeSiemens ukukhululwa kwe-hypervisor yamahhala . I-hypervisor isekela iinkqubo ze-x86_64 kunye ne-VMX + EPT okanye i-SVM + NPT (AMD-V) izandiso, kunye ne-ARMv7 kunye ne-ARMv8 / ARM64 iprosesa kunye nezandiso ze-virtualization. Ngokwahlukileyo ijenereyitha yomfanekiso weJailhouse hypervisor, eveliswe ngokusekwe kwipakethe yeDebian yezixhobo ezixhaswayo. Ikhowudi yeprojekthi ilayisenisi phantsi kwe-GPLv2.
I-hypervisor iphunyezwa njengemodyuli ye-Linux kernel kwaye ibonelela ngokubonakalayo kwinqanaba le-kernel. Amacandelo eenkqubo zeendwendwe sele ebandakanyiwe kwi-Linux kernel engundoqo. Ukulawula ukubekwa wedwa, iindlela ze-hardware ze-virtualization ezibonelelwa zii-CPU zanamhlanje ziyasetyenziswa. Iimpawu ezahlukileyo zeJailhouse kukuphunyezwa kwayo okukhaphukhaphu kwaye kugxininise ekubopheleleni koomatshini ababonakalayo kwi-CPU esisigxina, indawo ye-RAM kunye nezixhobo zehardware. Le ndlela ivumela umncedisi omnye we-multiprosesa womzimba ukuba axhase ukusebenza kweendawo ezininzi ezizimeleyo ezizimeleyo, nganye kuzo yabelwe undoqo wayo weprosesa.
Ngekhonkco eliqinileyo kwi-CPU, i-overhead ye-hypervisor iyancitshiswa kwaye ukuphunyezwa kwayo kwenziwa lula kakhulu, kuba akukho mfuneko yokuqhuba umcwangcisi wolwabiwo lwezixhobo ezintsonkothileyo - ukwabiwa kwe-CPU engundoqo iqinisekisa ukuba akukho minye imisebenzi eyenziwa kule CPU. . Inzuzo yale ndlela kukukwazi ukubonelela ukufikelela okuqinisekisiweyo kwizibonelelo kunye nokusebenza okuqikelelweyo, okwenza i-Jailhouse ibe isisombululo esifanelekileyo sokudala imisebenzi eyenziwa ngexesha langempela. Icala elisezantsi lilinganiselwe, lilinganiselwe linani le-CPU cores.
Kwisigama seJailhouse, iimeko ezingqongileyo ezibonakalayo zibizwa ngokuba βziikhameraβ (iseli, kumxholo wentolongo). Ngaphakathi kwekhamera, inkqubo ibonakala ngathi yiseva yeprosesa enye ebonisa ukusebenza ekusebenzeni kondoqo we-CPU ozinikeleyo. Ikhamera inokuqhuba imo engqongileyo yenkqubo yokusebenza engafanelekanga, kunye neendawo ezichithwayo zokusebenzisa isicelo esinye okanye izicelo ezilungiselelwe ngokukodwa ezenzelwe ukuxazulula iingxaki zexesha langempela. Ubumbeko lusetwe ngaphakathi , emisela i-CPU, imimandla yenkumbulo, kunye nezibuko ze-I/O ezabelwe imo engqongileyo.
Kukhululo olutsha
- Inkxaso eyongeziweyo ye-Raspberry Pi 4 Model B kunye ne-Texas Instruments ii-platforms ze-J721E-EVM;
- ivshmem isixhobo esisetyenziselwa ukuququzelela intsebenziswano phakathi kweeseli. Ngaphezulu kwe-ivshmem entsha, unokuphumeza isithuthi se-VIRTIO;
- Kuphunyezwe ukukwazi ukukhubaza ukuyilwa kwamaphepha enkumbulo amakhulu (iphepha elikhulu) ukubhloka ukuba sesichengeni. kwi-Intel processors, evumela umhlaseli ongekho sikweni ukuba aqalise ukwaliwa kwenkonzo okukhokelela ekubeni inkqubo ixhonywe kwindawo ethi "Khangela impazamo yoMtshini";
- Kwiinkqubo ezine-ARM64 processors, inkxaso ye-SMMUv3 (Iyunithi yoLawulo lweMemori yeSistim) kunye ne-TI PVU (i-Peripheral Virtualization Unit) iphunyeziwe. Inkxaso ye-PCI yongezwe kwiindawo ezizimeleyo ezisebenza phezu kwe-hardware (intsimbi engenanto);
- Kwiinkqubo ze-x86 zeekhamera zeengcambu, kunokwenzeka ukuba wenze imo ye-CR4.UMIP (i-User-Mode Instruction Prevention) imowudi enikezelwa yi-Intel processors, ekuvumela ukuba uthintele ukuphunyezwa kwindawo yomsebenzisi wemiyalelo ethile, njenge-SGDT, SLDT, SIDT , I-SMSW kunye ne-STR, enokusetyenziswa ekuhlaselweni , ejolise ekwandiseni amalungelo kwinkqubo.
umthombo: opennet.ru