lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <7cbb746a-4141-6b17-269a-ec3e791c4e3f@siemens.com>
Date:   Mon, 4 Jun 2018 12:54:58 +0200
From:   Jan Kiszka <jan.kiszka@...mens.com>
To:     Jailhouse <jailhouse-dev@...glegroups.com>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: [ANNOUNCE] Jailhouse 0.9 released

We are happy to have completed a new version of the partitioning
hypervisor Jailhouse. The release got delayed a couple of times,
primarily due to the introduction of MMU support to ARM demo inmates.
But now it's done and working.

Code changes are fewer than for the previous release, but the number of
commits is almost this same: 171 commits, 240 files changed, 4458
insertions, 1925 deletions.

- New targets:
   - emtrion emCON-RZ/G1H
   - NXP MCIMX8M-EVK
   - NVIDIA Jetson TX2
- Cross-arch changes:
   - introduce unit infrastructure to hypervisor, simplifying build-time
     additions of complex features
   - unify command line section of demo inmates to be at 0x1000 (check
     your scripts!)
   - improve Linux loader command with better control over kernel vs.
     initramfs distance (can resolve non-root Linux startup issues)
   - versioning for communication region with evaluation in inmates
   - work around potentially missing EXPORT_SYMBOLs for driver via
     kallsyms lookup
   - per-architecture configs/ folders (make sure your custom configs
     are moved as well!)
   - first steps to create comprehensive man pages
   - Xilinx ZynqMP Ultrascale+ bring-up README
- ARM / ARM64:
   - run demo inmates with MMU and caches enabled (ensures ivshmem &
     comm region coherency, improves average latencies)
   - GICv3: emulate GICR_TYPER_Last correctly
   - GICv2: correctly emulate SGI sender ID
   - add compressed image support for ARM64 Linux loader
   - fixes and improvements of vPCI DT overlay setup
   - stable vPCI controller domain via linux,pci-domain node
- x86:
   - various MMIO instruction emulator fixes and enhancements
   - unit test for MMIO instruction emulator
   - intercept all AMD SVM instructions for safety/security reasons
   - fix hypercall instruction selection in demo inmates

You can download the new release from

    https://github.com/siemens/jailhouse/archive/v0.9.tar.gz

then follow the README.md for first steps on recommended evaluation
platforms and check the tutorial session from ELC-E 2016 [1][2]. To try
out Jailhouse in a virtual environment, there is no an image generator
available [3]. It will soon be updated to the new release as well. Drop
us a note on the mailing list if you run into trouble.

Meanwhile, more guest-side patches for Jailhouse are making it into
upstream. The x86-specific side is now done, and now there are several
patches for ARM lined up, namely hot-plugging the generic PCI host
controller. After that only a few smaller bits and - see also below -
the inter-cell communication interface are missing.

There are now a couple of important post-release changes in the make,
some fairly advanced, others still requiring more work:

 - Per-CPU hypervisor page tables, both making the core agnostic against
   known Spectre attacks and simplifying the per-cpu data accesses.
   Patches are ready, just waiting for this release - and some update of
   the internal documentation.

 - Rework of demo inmates, adding SMP support on ARM/ARM64, likely also
   restructuring the library further.

 - Proper, reusable Python binding for the management interface. Will
   help with internal Python code reuse and open up new external use
   cases.

 - Finalizing the inter-cell communication interface, exploiting virtio
   more extensively without compromising hypervisor simplicity. There
   has been some significant progress on the concept recently, the
   keyword is "Virtio shared-memory transport". But more on this soon.

Thanks to all the contributors and supporters! We are happy to see the
ecosystem growing steadily.

Jan

[1] https://events.linuxfoundation.org/sites/events/files/slides/ELCE2016-Jailhouse-Tutorial.pdf
[2] https://youtu.be/7fiJbwmhnRw?list=PLbzoR-pLrL6pRFP6SOywVJWdEHlmQE51q
[3] https://github.com/siemens/jailhouse-images

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ