lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 27 Nov 2017 09:11:42 +0100
From:   Jan Kiszka <jan.kiszka@...mens.com>
To:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H . Peter Anvin" <hpa@...or.com>
Cc:     x86@...nel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        jailhouse-dev@...glegroups.com
Subject: [PATCH v2 00/12] x86: Add support for running as secondary Jailhouse guest

This series paves the way to run Linux in so-called non-root cells
(guest partitions) of the Jailhouse hypervisor.

Jailhouse [1] was started 4 years ago as an open-source (GPL) leight-
weight hypervisor that statically partitions SMP systems. It's unique in
that it uses one Linux instance, the root cell, as boot loader and
management console. Jailhouse targets use cases for hard real-time and
safety-critical systems that KVM cannot cater due to its inherent
complexity.

Jaihouse can run bare-metal, free and closed-source RTOSes as secondary
guests and, with this series, also x86 Linux instances. While ARM and
ARM64 non-root Linux guests are feasible without extra patches, thanks
to the high configurability via device trees, x86 requires special
platform support, mostly to step away from non-existing resources in a
non-root Jailhouse cell. These differences are:

- no legacy devices such as PIC, PIT, RTC/CMOS, i8042
- no HPET
- no ACPI, no other BIOS services; platform information is provided
  from hypervisor config
- APIC and IOAPIC (if any) are available at fixed MMIO addresses and
  the APIC is limited to flat physical mode
- no complete PCI topology
- no restart supported
- use precalibrated TSC and APIC timer frequencies

This series ensures that Linux can boot in a non-root cell, including
SMP cells, has working timekeeping and can use the platform UARTs and
PCI devices as assigned to it. In follow-up series, we will propose
optimizations and enhancements for the PCI support, a simplistic debug
console, and some improvement for Linux guests on ARM.

What is not yet in upstream-ready state is a driver for inter-cell
communication. The current implementation of virtual peer-to-peer
network [2] uses an enhanced version of the QEMU ivshmem shared memory
device. However we still need to finish the evaluation of virtio /
vhost-pci options prior to settling over the final interface.

This patch series is also available at

git://git.kiszka.org/linux.git e8d19494b96b

Changes in v2:
 - removed calibration in favor of static values now passed from boot
   loader
 - refactored hypervisor platform setup according to feedback,
   specifically
    - proper switch to x2APIC ops
    - APIC and IOAPIC registration from x86_init.mpparse.get_smp_config
    - PCI setup from x86_init.pci.arch_init
 - disabled i8042 devices
 - control of warm reset setup via platform feature flag
 - proper walk of setup data linked list
 - decoupled CONFIG_JAILHOUSE from CONFIG_PARAVIRT
 - fixed IOAPIC routing setup for UARTs (trigger and polarity set)
 - symbolic irqflag values in MP config tables

Jan

[1] http://jailhouse-project.org
[2] http://git.kiszka.org/?p=linux.git;a=shortlog;h=refs/heads/queues/jailhouse

Jan Kiszka (12):
  x86/apic: Install an empty physflat_init_apic_ldr
  x86: Control warm reset setup via legacy feature flag
  x86: Introduce and use MP IRQ trigger and polarity defines
  x86/jailhouse: Add infrastructure for running in non-root cell
  x86/jailhouse: Enable APIC and SMP support
  x86/jailhouse: Enable PMTIMER
  x86/jailhouse: Set up timekeeping
  x86/jailhouse: Avoid access of unsupported platform resources
  x86/jailhouse: Silence ACPI warning
  x86/jailhouse: Halt instead of failing to restart
  x86/jailhouse: Wire up IOAPIC for legacy UART ports
  x86/jailhouse: Initialize PCI support

 arch/x86/Kconfig                      |   9 ++
 arch/x86/include/asm/hypervisor.h     |   1 +
 arch/x86/include/asm/jailhouse_para.h |  27 +++++
 arch/x86/include/asm/mpspec_def.h     |  14 ++-
 arch/x86/include/asm/x86_init.h       |   1 +
 arch/x86/include/uapi/asm/bootparam.h |  22 ++++
 arch/x86/kernel/Makefile              |   2 +
 arch/x86/kernel/apic/apic_flat_64.c   |  16 ++-
 arch/x86/kernel/apic/io_apic.c        |  20 ++--
 arch/x86/kernel/apic/x2apic_uv_x.c    |   1 +
 arch/x86/kernel/cpu/hypervisor.c      |   4 +
 arch/x86/kernel/jailhouse.c           | 205 ++++++++++++++++++++++++++++++++++
 arch/x86/kernel/mpparse.c             |  23 ++--
 arch/x86/kernel/platform-quirks.c     |   1 +
 arch/x86/kernel/smpboot.c             |   4 +-
 arch/x86/platform/intel-mid/sfi.c     |   5 +-
 drivers/acpi/Kconfig                  |  32 +++---
 17 files changed, 341 insertions(+), 46 deletions(-)
 create mode 100644 arch/x86/include/asm/jailhouse_para.h
 create mode 100644 arch/x86/kernel/jailhouse.c

-- 
2.12.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ