[ANNOUNCE] Jailhouse 0.12 released

From: Jan Kiszka
Date: Tue Feb 04 2020 - 09:49:35 EST


This release is an important milestone for Jailhouse because it comes with a reworked inter-cell communication device with better driver support and even an experimental virtio transport model for this.

While this shared memory device model is still in discussion with virtio and QEMU communities, thus may undergo some further smaller changes, it was important to move forward with it because there is an increasing demand for it on the Jailhouse side. We now support multi-peer connection, have a secure (unprivileged) and efficient UIO driver and can even start working on virtio integration - without having to touch the hypervisor any further. More information also in [1].

The release has another important new, and that is SMMUv3 for ARM64 target, as well as the TI-specific MPU-like Peripheral Virtualization Unit (PVU). SMMUv2 support is unfortunately still waiting in some NXP downstream branch for being pushed upstream.

Note that there are several changes to the configuration format that require adjustments of own configs. Please study related changes in our reference configurations or, on x86, re-generate the system configuration.

Due to all these significant changes, statistics for this release look about more heavyweight than usual:
195 files changed, 7185 insertions(+), 2612 deletions(-)

- New targets:
- Texas Instruments J721E-EVM
- Raspberry Pi 4 Model B
- Cross-arch changes:
- rework of ivshmem inter-cell communication device
- fix hugepage splitting in paging_destroy
- allow to disable hugepage creation
(to statically mitigate CVE-2018-12207)
- ARM / ARM64:
- SMMUv3 support
- TI PVU support
- fix race several conditions in IRQ injection
- add support for PCI in bare-metal inmates
- x86:
- model PIO access via whitelist regions, rather than bitmaps
- vtd: Protect against invalid IQT register values
- fix 1024x768 mode of EFI framebuffer
- permit root cell to enable CR4.UMIP

You can download the new release from

https://github.com/siemens/jailhouse/archive/v0.12.tar.gz

then follow the README.md for first steps on recommended evaluation
platforms and check the tutorial session from ELC-E 2016 [2][3]. To try
out Jailhouse in a virtual environment or on a few reference boards,
there is an image generator available [4]. It will soon be updated to
the new release as well. Drop us a note on the mailing list if you run
into trouble.

A quick forecast of what is being worked on: One of the next major changes will be a rework of the CPU selection in configs (selection by stable physical IDs), along with support for L2 CAT on Intel processors. There is also ongoing discussion to extend sub-page memory regions with access bitmaps, on byte or even register bit-level. That will make access control more scalable, e.g. to pass pinmux registers to different cells.

Last but not least: We are starting a port of Jailhouse to RISC-V, first against QEMU, then against an FPGA model that will be developed within the EU-funded SELENE project. Stay tuned, there will be more behind it!

Thanks to all the contributors and supporters!

Jan

[1] https://static.sched.com/hosted_files/kvmforum2019/4b/KVM-Forum19_ivshmem2.pdf
[2] https://events.static.linuxfound.org/sites/events/files/slides/ELCE2016-Jailhouse-Tutorial.pdf
[3] https://youtu.be/7fiJbwmhnRw?list=PLbzoR-pLrL6pRFP6SOywVJWdEHlmQE51q
[4] https://github.com/siemens/jailhouse-images

--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux