Permalink
Fetching contributors…
Cannot retrieve contributors at this time
95 lines (85 sloc) 3.65 KB

Things to be addressed, at some point, or at least before releasing version 1.0 (tagged with [v1.0]). Otherwise unsorted, unprioritized, likely incomplete.

x86 support

  • AMD interrupt remapping support
  • power management [v1.0]
    • block
    • allow per cell (managing inter-core/inter-cell impacts)
  • NMI control/status port - moderation or emulation required? [v1.0]
  • whitelist-based MSR access [v1.0]
  • CAT enhancements
    • add support for CDP (code/data L3 partitioning)
    • add support for L2 partitioning (-> Apollo Lake), including accurate modeling of the partitioning scope (affected CPUs)

ARM support

  • v7 (32-bit)
    • analyze cp15 system control registers access, trap critical ones
  • v8 (64-bit)
    • check if we need arch_inject_dabt
    • analyze system constrol registers access, specifically regarding cache maintenance and side effects on neighboring cores
    • GICv3 support
  • common (v7 and v8)
    • System MMU support
    • runtime selection of GICv2 vs. v3
    • re-evaluate IRQ priorities for GIC emulation and possibly add support
    • properly reset interrupts on cell reset or reassignment
    • support for big endian? (depends on relevant targets)
      • infrastructure to support BE architectures (byte-swapping services)
      • usage of that infrastructure in generic subsystems
      • specific BE support for first target

Configuration

  • review of format, rework of textual representation
  • refactor config generator
    • better internal structure, also to prepare non-x86 support
    • move into Python module, for reuse by multiple helper scripts
  • enhance config generator
    • confine the created root cell config to the essentially required resources (e.g. PCI BARs)
    • generate non-root cell configs
    • add knowledge base about resource access rules that need manual review or configurations that are known to be problematic (e.g. INTx sharing between cells)

Setup validation

  • check integrity of configurations
  • check integrity of runtime environment (hypervisor core & page_pool, probably just excluding volatile Linux-related state variables)
    • pure software solution (without security requirements)
    • Intel TXT support? [WIP: master thesis]
    • secure boot?
  • check for execution inside hypervisor, allow only when enabled in config
  • clear memory regions before reassignment to prevent information leaks?

Inter-cell communication

  • finalize and specify shared memory device [v1.0]
    • 3 types of regions (r/w both, r/w local, r/o local)
    • unprivileged MMIO register region (UIO-suitable)
    • fast-path for checking remote state (vmexit-free)
    • clarify: "ivshmem 2.0" or own device (with own IDs)
  • specify virtual Ethernet protocol [v1.0]
  • specify and implements virtual console protocol
  • upstream Linux drivers

Testing

  • unit tests
  • system tests, also in QEMU/KVM, maybe using Lava + Fuego

Inmates

  • reusable runtime environment for cell inmates
    • skeleton in separate directory
    • inter-cell communication library
  • port free small-footprint RTOS to Jailhouse bare-metal environment
    • RTEMS upstream support
    • Zephyr?
  • upstream Linux support
    • x86 patches
    • removable generic PCI host controller
    • discuss remaining patches (export __boot_cpu_mode, CONFIG_PCI_DOMAINS)

Hardware error handling

  • MCE processing + managed forwarding [v1.0]
  • PCI AER
  • APEI
  • Thermal
  • ...

Monitoring

  • report error-triggering devices behind IOMMUs via sysfs
  • cell software watchdog via comm region messages -> time out pending comm region messages and kill failing cells (includes timeouts of unanswered shutdown requests)