Fetching contributors…
Cannot retrieve contributors at this time
95 lines (85 sloc) 3.65 KB

Things to be addressed, at some point, or at least before releasing version 1.0 (tagged with [v1.0]). Otherwise unsorted, unprioritized, likely incomplete.

x86 support

  • AMD interrupt remapping support
  • power management [v1.0]
    • block
    • allow per cell (managing inter-core/inter-cell impacts)
  • NMI control/status port - moderation or emulation required? [v1.0]
  • whitelist-based MSR access [v1.0]
  • CAT enhancements
    • add support for CDP (code/data L3 partitioning)
    • add support for L2 partitioning (-> Apollo Lake), including accurate modeling of the partitioning scope (affected CPUs)

ARM support

  • v7 (32-bit)
    • analyze cp15 system control registers access, trap critical ones
  • v8 (64-bit)
    • check if we need arch_inject_dabt
    • analyze system constrol registers access, specifically regarding cache maintenance and side effects on neighboring cores
    • GICv3 support
  • common (v7 and v8)
    • System MMU support
    • runtime selection of GICv2 vs. v3
    • re-evaluate IRQ priorities for GIC emulation and possibly add support
    • properly reset interrupts on cell reset or reassignment
    • support for big endian? (depends on relevant targets)
      • infrastructure to support BE architectures (byte-swapping services)
      • usage of that infrastructure in generic subsystems
      • specific BE support for first target


  • review of format, rework of textual representation
  • refactor config generator
    • better internal structure, also to prepare non-x86 support
    • move into Python module, for reuse by multiple helper scripts
  • enhance config generator
    • confine the created root cell config to the essentially required resources (e.g. PCI BARs)
    • generate non-root cell configs
    • add knowledge base about resource access rules that need manual review or configurations that are known to be problematic (e.g. INTx sharing between cells)

Setup validation

  • check integrity of configurations
  • check integrity of runtime environment (hypervisor core & page_pool, probably just excluding volatile Linux-related state variables)
    • pure software solution (without security requirements)
    • Intel TXT support? [WIP: master thesis]
    • secure boot?
  • check for execution inside hypervisor, allow only when enabled in config
  • clear memory regions before reassignment to prevent information leaks?

Inter-cell communication

  • finalize and specify shared memory device [v1.0]
    • 3 types of regions (r/w both, r/w local, r/o local)
    • unprivileged MMIO register region (UIO-suitable)
    • fast-path for checking remote state (vmexit-free)
    • clarify: "ivshmem 2.0" or own device (with own IDs)
  • specify virtual Ethernet protocol [v1.0]
  • specify and implements virtual console protocol
  • upstream Linux drivers


  • unit tests
  • system tests, also in QEMU/KVM, maybe using Lava + Fuego


  • reusable runtime environment for cell inmates
    • skeleton in separate directory
    • inter-cell communication library
  • port free small-footprint RTOS to Jailhouse bare-metal environment
    • RTEMS upstream support
    • Zephyr?
  • upstream Linux support
    • x86 patches
    • removable generic PCI host controller
    • discuss remaining patches (export __boot_cpu_mode, CONFIG_PCI_DOMAINS)

Hardware error handling

  • MCE processing + managed forwarding [v1.0]
  • APEI
  • Thermal
  • ...


  • report error-triggering devices behind IOMMUs via sysfs
  • cell software watchdog via comm region messages -> time out pending comm region messages and kill failing cells (includes timeouts of unanswered shutdown requests)