Inkampani yeSiemens ukukhululwa kwe-hypervisor yamahhala . I-hypervisor isekela iinkqubo ze-x86_64 kunye ne-VMX + EPT okanye i-SVM + NPT (AMD-V) izandiso, kunye ne-ARMv7 kunye ne-ARMv8 / ARM64 iprosesa kunye nezandiso ze-virtualization. Ngokwahlukileyo Umvelisi womfanekiso we-hypervisor weJailhouse osekelwe kwiipakethi Debian kwizixhobo ezixhaswayo. Ikhowudi yeprojekthi ilayisenisi phantsi kwe-GPLv2.
I-hypervisor isetyenziswa njengemodyuli ye-kernel Linux kwaye ibonelela nge-virtualization kwinqanaba le-kernel. Izixhobo zeenkqubo zeendwendwe sele zifakiwe kwi-kernel ephambili. LinuxI-Jailhouse isebenzisa iindlela zokubona izinto kwi-hardware ezibonelelwa zii-CPU zanamhlanje ukulawula ukwahlulwahlulwa. Iimpawu ezikhethekileyo ze-Jailhouse ziquka ukuphunyezwa kwayo okulula kunye nokugxila ekubopheni oomatshini ababonakalayo kwi-CPU esisigxina, i-RAM, kunye nezixhobo ze-hardware. Le ndlela ivumela iindawo ezininzi ezizimeleyo ze-virtual, nganye inikwe isiseko sayo seprosesa, ukuba zisebenze kwiseva enye ye-multiprocessor ebonakalayo.
Ngekhonkco eliqinileyo kwi-CPU, i-overhead ye-hypervisor iyancitshiswa kwaye ukuphunyezwa kwayo kwenziwa lula kakhulu, kuba akukho mfuneko yokuqhuba umcwangcisi wolwabiwo lwezixhobo ezintsonkothileyo - ukwabiwa kwe-CPU engundoqo iqinisekisa ukuba akukho minye imisebenzi eyenziwa kule CPU. . Inzuzo yale ndlela kukukwazi ukubonelela ukufikelela okuqinisekisiweyo kwizibonelelo kunye nokusebenza okuqikelelweyo, okwenza i-Jailhouse ibe isisombululo esifanelekileyo sokudala imisebenzi eyenziwa ngexesha langempela. Icala elisezantsi lilinganiselwe, lilinganiselwe linani le-CPU cores.
Kwisigama seJailhouse, iimeko ezingqongileyo ezibonakalayo zibizwa ngokuba “ziikhamera” (iseli, kumxholo wentolongo). Ngaphakathi kwekhamera, inkqubo ibonakala ngathi yiseva yeprosesa enye ebonisa ukusebenza ekusebenzeni kondoqo we-CPU ozinikeleyo. Ikhamera inokuqhuba imo engqongileyo yenkqubo yokusebenza engafanelekanga, kunye neendawo ezichithwayo zokusebenzisa isicelo esinye okanye izicelo ezilungiselelwe ngokukodwa ezenzelwe ukuxazulula iingxaki zexesha langempela. Ubumbeko lusetwe ngaphakathi , emisela i-CPU, imimandla yenkumbulo, kunye nezibuko ze-I/O ezabelwe imo engqongileyo.
Kukhululo olutsha
- Inkxaso eyongeziweyo ye-Raspberry Pi 4 Model B kunye ne-Texas Instruments ii-platforms ze-J721E-EVM;
- ivshmem isixhobo esisetyenziselwa ukuququzelela intsebenziswano phakathi kweeseli. Ngaphezulu kwe-ivshmem entsha, unokuphumeza isithuthi se-VIRTIO;
- Kuphunyezwe ukukwazi ukukhubaza ukuyilwa kwamaphepha enkumbulo amakhulu (iphepha elikhulu) ukubhloka ukuba sesichengeni. kwi-Intel processors, evumela umhlaseli ongekho sikweni ukuba aqalise ukwaliwa kwenkonzo okukhokelela ekubeni inkqubo ixhonywe kwindawo ethi "Khangela impazamo yoMtshini";
- Kwiinkqubo ezine-ARM64 processors, inkxaso ye-SMMUv3 (Iyunithi yoLawulo lweMemori yeSistim) kunye ne-TI PVU (i-Peripheral Virtualization Unit) iphunyeziwe. Inkxaso ye-PCI yongezwe kwiindawo ezizimeleyo ezisebenza phezu kwe-hardware (intsimbi engenanto);
- Kwiinkqubo ze-x86 zeekhamera zeengcambu, kunokwenzeka ukuba wenze imo ye-CR4.UMIP (i-User-Mode Instruction Prevention) imowudi enikezelwa yi-Intel processors, ekuvumela ukuba uthintele ukuphunyezwa kwindawo yomsebenzisi wemiyalelo ethile, njenge-SGDT, SLDT, SIDT , I-SMSW kunye ne-STR, enokusetyenziswa ekuhlaselweni , ejolise ekwandiseni amalungelo kwinkqubo.
umthombo: opennet.ru
