Inkampani yakwa-Siemens
I-hypervisor isetshenziswa njengemojula ye-Linux kernel futhi inikeza i-virtualization ezingeni le-kernel. Izingxenye zezinhlelo zezivakashi sezivele zifakiwe ku-Linux kernel eyinhloko. Ukuphatha ukuhlukaniswa, izindlela zokwenza izinto ezibonakalayo ezinikezwe ama-CPU esimanje ziyasetshenziswa. Izici ezihlukile ze-Jailhouse ukusetshenziswa kwayo okungasindi futhi igxile ekubopheni imishini ebonakalayo ku-CPU engashintshi, indawo ye-RAM namadivayisi wehadiwe. Le ndlela ivumela iseva eyodwa ye-multiprocessor ngokomzimba ukuthi isekele ukusebenza kwezindawo ezimbalwa ezizimele ezizimele, ngayinye eyabelwe umgogodla wayo wokucubungula.
Ngesixhumanisi esiqinile ku-CPU, i-overhead ye-hypervisor iyancishiswa futhi ukuqaliswa kwayo kwenziwa lula kakhulu, njengoba asikho isidingo sokusebenzisa ukuhlelwa kwezinsiza eziyinkimbinkimbi - ukwaba umgogodla we-CPU ohlukile kuqinisekisa ukuthi ayikho eminye imisebenzi eyenziwa kule CPU. . Inzuzo yale ndlela yikhono lokunikeza ukufinyelela okuqinisekisiwe kwezinsiza nokusebenza okubikezelwayo, okwenza i-Jailhouse ibe yisixazululo esifanelekile sokudala imisebenzi eyenziwa ngesikhathi sangempela. Okubi ukukala okukhawulelwe, kukhawulwe ngenani lama-CPU cores.
Kumatemu e-Jailhouse, izindawo ezibonakalayo zibizwa ngokuthi βamakhameraβ (iseli, kumongo wendlu yejele). Ngaphakathi kwekhamera, uhlelo lubukeka njengeseva yephrosesa eyodwa ebonisa ukusebenza
Ekukhululweni okusha
- Ukwesekwa okwengeziwe kwamapulatifomu e-Raspberry Pi 4 Model B kanye ne-Texas Instruments J721E-EVM;
-
Kusetshenzwe kabusha ivshmem idivayisi esetshenziselwa ukuhlela ukusebenzisana phakathi kwamaseli. Ngaphezulu kwe-ivshmem entsha, ungasebenzisa ezokuthutha ze-VIRTIO; - Kusetshenziswe ikhono lokukhubaza ukudalwa kwamakhasi enkumbulo amakhulu (ikhasi elikhulu) ukuze kuvinjwe ukuba sengozini
I-CVE-2018-12207 kuma-Intel processors, avumela umhlaseli ongenalo ilungelo ukuthi aqale ukunqatshelwa kwesevisi okuholela ekutheni uhlelo lulengiswe kusimo sokuthi βIphutha Lokuhlola Umshiniβ; - Kumasistimu anamaphrosesa e-ARM64, usekelo lwe-SMMUv3 (Iyunithi Yokulawula Inkumbulo Yesistimu) kanye ne-TI PVU (Iyunithi Ye-Peripheral Virtualization) iyasetshenziswa. Ukusekelwa kwe-PCI kwengezwe ezindaweni ezingazodwa ezisebenza phezu kwe-hardware (insimbi engenalutho);
- Kuzinhlelo ze-x86 zamakhamera ezimpande, kuyenzeka ukunika amandla imodi ye-CR4.UMIP (User-Mode Instruction Prevention) ehlinzekwa ama-Intel processors, akuvumela ukuthi uvimbele ukwenziwa endaweni yomsebenzisi kwemiyalelo ethile, njenge-SGDT, SLDT, SIDT , SMSW kanye STR, engasetshenziswa ekuhlaselweni , okuhloswe ngayo ukwandisa amalungelo ohlelweni.
Source: opennet.ru