lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 16 Nov 2017 08:26:42 +0100
From:   Jan Kiszka <jan.kiszka@...mens.com>
To:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H . Peter Anvin" <hpa@...or.com>
Cc:     x86@...nel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        jailhouse-dev@...glegroups.com
Subject: [PATCH 00/10] x86: Add support for running as secondary Jailhouse guest

This series paves the way to run Linux in so-called non-root cells
(guest partitions) of the Jailhouse hypervisor.

Jailhouse [1] was started 4 years ago as an open-source (GPL) leight-
weight hypervisor that statically partitions SMP systems. It's unique in
that it uses one Linux instance, the root cell, as boot loader and
management console. Jailhouse targets use cases for hard real-time and
safety-critical systems that KVM cannot cater due to its inherent
complexity.

Jaihouse can run bare-metal, free and closed-source RTOSes as secondary
guests and, with this series, also x86 Linux instances. While ARM and
ARM64 non-root Linux guests are feasible without extra patches, thanks
to the high configurability via device trees, x86 requires special
platform support, mostly to step away from non-existing resources in a
non-root Jailhouse cell.

This series ensures that Linux can boot in a non-root cell, including
SMP cells, has working timekeeping and can use the platform UARTs and
PCI devices as assigned to it. In follow-up series, we will propose
optimizations and enhancements for the PCI support, a simplistic debug
console, and some improvement for Linux guests on ARM.

What is not yet in upstream-ready state is a driver for inter-cell
communication. The current implementation of virtual peer-to-peer
network [2] uses an enhanced version of the QEMU ivshmem shared memory
device. However we still need to finish the evaluation of virtio /
vhost-pci options prior to settling over the final interface.

This patch series is also available at

git://git.kiszka.org/linux.git d0036688b2da

Jan

[1] http://jailhouse-project.org
[2] http://git.kiszka.org/?p=linux.git;a=shortlog;h=refs/heads/queues/jailhouse

Jan Kiszka (10):
  x86/apic: Install an empty physflat_init_apic_ldr
  x86: jailhouse: Add infrastructure for running in non-root cell
  x86: jailhouse: Enable APIC and SMP support
  x86: jailhouse: Enable PMTIMER
  x86: jailhouse: Set up timekeeping
  x86: jailhouse: Avoid access of unsupported platform resources
  x86: jailhouse: Silence ACPI warning
  x86: jailhouse: Halt instead of failing to restart
  x86: jailhouse: Wire up IOAPIC for legacy UART ports
  x86: jailhouse: Initialize PCI support

 arch/x86/Kconfig                      |  13 ++
 arch/x86/include/asm/hypervisor.h     |   1 +
 arch/x86/include/asm/jailhouse_para.h |  27 ++++
 arch/x86/include/asm/tsc.h            |   3 +
 arch/x86/kernel/Makefile              |   2 +
 arch/x86/kernel/apic/apic_flat_64.c   |  12 +-
 arch/x86/kernel/cpu/hypervisor.c      |   4 +
 arch/x86/kernel/jailhouse.c           | 252 ++++++++++++++++++++++++++++++++++
 arch/x86/kernel/smpboot.c             |   7 +-
 arch/x86/kernel/tsc.c                 |  14 +-
 drivers/acpi/Kconfig                  |  32 ++---
 11 files changed, 339 insertions(+), 28 deletions(-)
 create mode 100644 arch/x86/include/asm/jailhouse_para.h
 create mode 100644 arch/x86/kernel/jailhouse.c

-- 
2.12.3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ