Permalink
Browse files

Jailhouse public release

Baseline for first public release.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
  • Loading branch information...
jan-kiszka committed Oct 20, 2013
0 parents commit c690fb976081ac4b1f7f57fc2b64a757f963723b
Showing with 8,024 additions and 0 deletions.
  1. +13 −0 .gitignore
  2. +346 −0 COPYING
  3. +32 −0 Makefile
  4. +91 −0 README
  5. +26 −0 config/Makefile
  6. +56 −0 config/chromebook.c
  7. +151 −0 config/h700-8G.c
  8. +132 −0 config/h87i.c
  9. +65 −0 config/minimal.c
  10. +125 −0 config/qemu-vm.c
  11. +41 −0 hypervisor/Makefile
  12. +45 −0 hypervisor/acpi.c
  13. +18 −0 hypervisor/arch/arm/Makefile
  14. +26 −0 hypervisor/arch/arm/entry.S
  15. +55 −0 hypervisor/arch/arm/include/asm/bitops.h
  16. +34 −0 hypervisor/arch/arm/include/asm/cell.h
  17. +112 −0 hypervisor/arch/arm/include/asm/jailhouse.h
  18. +197 −0 hypervisor/arch/arm/include/asm/paging.h
  19. +76 −0 hypervisor/arch/arm/include/asm/percpu.h
  20. +31 −0 hypervisor/arch/arm/include/asm/processor.h
  21. +32 −0 hypervisor/arch/arm/include/asm/spinlock.h
  22. +57 −0 hypervisor/arch/arm/include/asm/types.h
  23. +55 −0 hypervisor/arch/arm/setup.c
  24. +16 −0 hypervisor/arch/x86/Makefile
  25. +439 −0 hypervisor/arch/x86/apic.c
  26. +27 −0 hypervisor/arch/x86/control.c
  27. +57 −0 hypervisor/arch/x86/dbg-write.c
  28. +190 −0 hypervisor/arch/x86/entry.S
  29. +57 −0 hypervisor/arch/x86/fault.c
  30. +76 −0 hypervisor/arch/x86/include/asm/apic.h
  31. +100 −0 hypervisor/arch/x86/include/asm/bitops.h
  32. +41 −0 hypervisor/arch/x86/include/asm/cell.h
  33. +20 −0 hypervisor/arch/x86/include/asm/fault.h
  34. +25 −0 hypervisor/arch/x86/include/asm/io.h
  35. +78 −0 hypervisor/arch/x86/include/asm/jailhouse.h
  36. +210 −0 hypervisor/arch/x86/include/asm/paging.h
  37. +99 −0 hypervisor/arch/x86/include/asm/percpu.h
  38. +217 −0 hypervisor/arch/x86/include/asm/processor.h
  39. +32 −0 hypervisor/arch/x86/include/asm/spinlock.h
  40. +62 −0 hypervisor/arch/x86/include/asm/types.h
  41. +289 −0 hypervisor/arch/x86/include/asm/vmx.h
  42. +145 −0 hypervisor/arch/x86/mmio.c
  43. +213 −0 hypervisor/arch/x86/setup.c
  44. +990 −0 hypervisor/arch/x86/vmx.c
  45. +283 −0 hypervisor/control.c
  46. +49 −0 hypervisor/hypervisor.lds.S
  47. +28 −0 hypervisor/include/jailhouse/acpi.h
  48. +96 −0 hypervisor/include/jailhouse/cell-config.h
  49. +48 −0 hypervisor/include/jailhouse/control.h
  50. +46 −0 hypervisor/include/jailhouse/entry.h
  51. +30 −0 hypervisor/include/jailhouse/header.h
  52. +17 −0 hypervisor/include/jailhouse/hypercall.h
  53. +42 −0 hypervisor/include/jailhouse/mmio.h
  54. +62 −0 hypervisor/include/jailhouse/paging.h
  55. +23 −0 hypervisor/include/jailhouse/printk.h
  56. +15 −0 hypervisor/include/jailhouse/processor.h
  57. +14 −0 hypervisor/include/jailhouse/string.h
  58. +23 −0 hypervisor/lib.c
  59. +390 −0 hypervisor/paging.c
  60. +199 −0 hypervisor/printk-core.c
  61. +54 −0 hypervisor/printk.c
  62. +178 −0 hypervisor/setup.c
  63. +51 −0 inmate/Makefile
  64. +125 −0 inmate/apic-demo.c
  65. +122 −0 inmate/header.S
  66. +68 −0 inmate/inmate.h
  67. +48 −0 inmate/inmate.lds
  68. +53 −0 inmate/pm-timer.c
  69. +51 −0 inmate/printk.c
  70. +35 −0 inmate/tiny-demo.c
  71. +34 −0 jailhouse.h
  72. +397 −0 main.c
  73. +22 −0 tools/Makefile
  74. +222 −0 tools/jailhouse.c
@@ -0,0 +1,13 @@
+*.o
+*.mod.[co]
+*.cmd
+.tmp_versions
+Module.symvers
+modules.order
+jailhouse.ko
+hypervisor/include/jailhouse/config.h
+hypervisor/hypervisor.lds
+hypervisor/jailhouse.bin
+tools/jailhouse
+config/*.cell
+inmate/*.bin
346 COPYING

Large diffs are not rendered by default.

Oops, something went wrong.
@@ -0,0 +1,32 @@
+#
+# Jailhouse, a Linux-based partitioning hypervisor
+#
+# Copyright (c) Siemens AG, 2013
+#
+# Authors:
+# Jan Kiszka <jan.kiszka@siemens.com>
+#
+# This work is licensed under the terms of the GNU GPL, version 2. See
+# the COPYING file in the top-level directory.
+#
+
+subdir-y := hypervisor config inmate
+
+obj-m := jailhouse.o
+
+ccflags-y := -I$(src)/hypervisor/arch/$(SRCARCH)/include \
+ -I$(src)/hypervisor/include
+
+jailhouse-y := main.o
+
+# out-of-tree build
+
+KERNELDIR = /lib/modules/`uname -r`/build
+
+modules modules_install clean:
+ $(MAKE) -C $(KERNELDIR) SUBDIRS=`pwd` $@
+
+install: modules_install
+ depmod -aq
+
+.PHONY: modules_install install clean
91 README
@@ -0,0 +1,91 @@
+JAILHOUSE
+=========
+
+Jailhouse is a partitioning Hypervisor based on Linux. It is able to run
+bare-metal applications or (adapted) operating systems besides Linux. For this
+purpose it configures CPU and device virtualization features of the hardware
+platform in a way that none of these domains, called "cells" here, can
+interfere with each other in an unacceptable way.
+
+Jailhouse is optimized for simplicity rather than feature richness. Once
+activated, it runs bare-metal, i.e. it takes full control over the hardware
+and need no external support. However, in contrast to other bare-metal
+hypervisors, it is loaded and configured by a normal Linux system. Its
+management interface is based on Linux infrastructure. So you boot Linux
+first, then you enable Jailhouse and finally you split off parts of the
+system's resources and assign them to additional cells.
+
+
+WARNING: This is work in progress! Don't expect things to be complete in any
+dimension. Use at your own risk. And keep the reset button in reach.
+
+
+Requirements (preliminary)
+--------------------------
+
+currently:
+ - Intel x86 processor with VMX support, more precisely
+ - EPT (extended page tables)
+ - unrestricted guest mode
+ - at least 2 logical CPUs
+
+upcoming:
+ - Intel IOMMU with interrupt remapping support
+
+
+Build
+-----
+
+Simply run make, optionally specifying the target kernel directory:
+
+ make [KERNELDIR=/path/to/kernel/objects]
+
+Note that the command line tool "jailhouse" requires a separate make run from
+within the tools/ directory.
+
+
+Configuration
+-------------
+
+Jailhouse requires one configuration file for the complete system and one for
+each additional cell beside Linux. The configuration is currently being
+defined manually by filling C structures. To study the structure, use
+config/qemu-vm.c for a system configuration and config/minimal.c for a cell
+configuration as reference. The build system will pick up every .c file from
+the config/ directory and generate a corresponding .cell file. .cell files can
+then be passed to the jailhouse command line tool for enabling the hypervisor
+and creating new cells.
+
+
+Demonstration in QEMU/KVM
+-------------------------
+
+The included system configuration qemu-vm.c can be used to run Jailhouse in
+QEMU/KVM virtual machine on Intel x86 hosts. Currently it requires kvm.git,
+next branch on the host (in order to get support for nested unrestricted guest
+mode). 3.13 is expected to include all necessary feature for this test. You
+also need a Linux guest image with a recent kernel (tested with >= 3.9) and
+the ability to build a module for this kernel. Make sure the kvm-intel module
+was loaded with nested=1 to enable nested VMX support. Start the virtual
+machine as follows:
+
+ qemu-system-x86_64 LinuxInstallation.img -m 1G -enable-kvm -serial stdio \
+ -cpu kvm64,-kvm_pv_eoi,-kvm_steal_time,-kvm_asyncpf,-kvmclock,+vmx,+x2apic \
+ -smp 4
+
+Inside the VM, make sure that jailhouse.bin, generated by the build process,
+is available for firmware loading (typically /lib/firmware). Load jailhouse.ko
+and then enable Jailhouse like this:
+
+ jailhouse enable /path/to/qemu-vm.cell
+
+Next you can create a cell with a demonstration application as follows:
+
+ jailhouse cell create /path/to/minimal.cell /path/to/apic-demo.bin \
+ -l 0xf0000
+
+apic-demo.bin is left by the built process in the inmate/ directory. This
+application will program the APIC timer interrupt to fire at 10 Hz, measuring
+the jitter against the PM timer and displaying the result on the
+console. Given that this demonstration runs in a virtual machine, obviously
+no decent latencies should be expected.
@@ -0,0 +1,26 @@
+#
+# Jailhouse, a Linux-based partitioning hypervisor
+#
+# Copyright (c) Siemens AG, 2013
+#
+# Authors:
+# Jan Kiszka <jan.kiszka@siemens.com>
+#
+# This work is licensed under the terms of the GNU GPL, version 2. See
+# the COPYING file in the top-level directory.
+#
+
+ccflags-y := -I$(src)/../hypervisor/include
+
+OBJCOPYFLAGS := -O binary
+
+CONFIGS = $(shell cd $(src); ls *.c)
+
+always := $(CONFIGS:.c=.cell)
+
+targets += $(CONFIGS:.c=.o) $(CONFIGS:.c=.cell)
+
+dummy: $(addprefix $(obj)/,$(CONFIGS:.c=.o))
+
+$(obj)/%.cell: $(obj)/%.o
+ $(call if_changed,objcopy)
@@ -0,0 +1,56 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Test configuration for Samsung Chromebook, 2 GB RAM, 64 MB hypervisor
+ *
+ * Copyright (c) Siemens AG, 2013
+ *
+ * Authors:
+ * Jan Kiszka <jan.kiszka@siemens.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <linux/types.h>
+#include <jailhouse/cell-config.h>
+
+#define ALIGN __attribute__((aligned(1)))
+#define ARRAY_SIZE(a) sizeof(a) / sizeof(a[0])
+
+struct {
+ struct jailhouse_system ALIGN header;
+ __u64 ALIGN cpus[1];
+ struct jailhouse_memory ALIGN mem_regions[1];
+} ALIGN config = {
+ .header = {
+ .hypervisor_memory = {
+ .phys_start = 0xbc000000,
+ .size = 0x4000000,
+ },
+ .system = {
+ .name = "Samsung Chromebook",
+
+ .cpu_set_size = sizeof(config.cpus),
+ .num_memory_regions = ARRAY_SIZE(config.mem_regions),
+ .num_irq_lines = 0,
+ .pio_bitmap_size = 0,
+
+ .num_pci_devices = 0,
+ },
+ },
+
+ .cpus = {
+ 0xf,
+ },
+
+ .mem_regions = {
+ /* RAM */ {
+ .phys_start = 0x0,
+ .virt_start = 0x0,
+ .size = 0x3c000000,
+ .access_flags = JAILHOUSE_MEM_READ |
+ JAILHOUSE_MEM_WRITE | JAILHOUSE_MEM_EXECUTE,
+ },
+ },
+};
@@ -0,0 +1,151 @@
+/*
+ * Jailhouse, a Linux-based partitioning hypervisor
+ *
+ * Test configuration for Celsius H700, 8 GB RAM, 64 MB hypervisor
+ *
+ * Copyright (c) Siemens AG, 2013
+ *
+ * Authors:
+ * Jan Kiszka <jan.kiszka@siemens.com>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the COPYING file in the top-level directory.
+ */
+
+#include <linux/types.h>
+#include <jailhouse/cell-config.h>
+
+#define ALIGN __attribute__((aligned(1)))
+#define ARRAY_SIZE(a) sizeof(a) / sizeof(a[0])
+
+struct {
+ struct jailhouse_system ALIGN header;
+ __u64 ALIGN cpus[1];
+ struct jailhouse_memory ALIGN mem_regions[9];
+ __u8 ALIGN pio_bitmap[0x2000];
+} ALIGN config = {
+ .header = {
+ .hypervisor_memory = {
+ .phys_start = 0x3c000000,
+ .size = 0x4000000,
+ },
+ .config_memory = {
+ .phys_start = 0xbf7de000,
+ .size = 0x21000,
+ },
+ .system = {
+ .name = "Celsius H700",
+
+ .cpu_set_size = sizeof(config.cpus),
+ .num_memory_regions = ARRAY_SIZE(config.mem_regions),
+ .num_irq_lines = 0,
+ .pio_bitmap_size = ARRAY_SIZE(config.pio_bitmap),
+
+ .num_pci_devices = 0,
+ },
+ },
+
+ .cpus = {
+ 0xf,
+ },
+
+ .mem_regions = {
+ /* RAM */ {
+ .phys_start = 0x0,
+ .virt_start = 0x0,
+ .size = 0x3c000000,
+ .access_flags = JAILHOUSE_MEM_READ |
+ JAILHOUSE_MEM_WRITE | JAILHOUSE_MEM_EXECUTE |
+ JAILHOUSE_MEM_DMA,
+ },
+ /* RAM */ {
+ .phys_start = 0x40000000,
+ .virt_start = 0x40000000,
+ .size = 0x7f7de000,
+ .access_flags = JAILHOUSE_MEM_READ |
+ JAILHOUSE_MEM_WRITE | JAILHOUSE_MEM_EXECUTE |
+ JAILHOUSE_MEM_DMA,
+ },
+ /* ACPI */ {
+ .phys_start = 0xbf7de000,
+ .virt_start = 0xbf7de000,
+ .size = 0x21000,
+ .access_flags = JAILHOUSE_MEM_READ,
+ },
+ /* RAM */ {
+ .phys_start = 0xbf7ff000,
+ .virt_start = 0xbf7ff000,
+ .size = 0x801000,
+ .access_flags = JAILHOUSE_MEM_READ |
+ JAILHOUSE_MEM_WRITE | JAILHOUSE_MEM_EXECUTE |
+ JAILHOUSE_MEM_DMA,
+ },
+ /* PCI */ {
+ .phys_start = 0xc0000000,
+ .virt_start = 0xc0000000,
+ .size = 0x3eb00000,
+ .access_flags = JAILHOUSE_MEM_READ |
+ JAILHOUSE_MEM_WRITE,
+ },
+ /* yeah, that's not really safe... */
+ /* IOAPIC */ {
+ .phys_start = 0xfec00000,
+ .virt_start = 0xfec00000,
+ .size = 0x1000,
+ .access_flags = JAILHOUSE_MEM_READ |
+ JAILHOUSE_MEM_WRITE,
+ },
+ /* the same here until we catch MSIs via interrupt remapping */
+ /* HPET */ {
+ .phys_start = 0xfed00000,
+ .virt_start = 0xfed00000,
+ .size = 0x1000,
+ .access_flags = JAILHOUSE_MEM_READ |
+ JAILHOUSE_MEM_WRITE,
+ },
+ /* RAM */ {
+ .phys_start = 0x100000000,
+ .virt_start = 0x100000000,
+ .size = 0xfc000000,
+ .access_flags = JAILHOUSE_MEM_READ |
+ JAILHOUSE_MEM_WRITE | JAILHOUSE_MEM_EXECUTE |
+ JAILHOUSE_MEM_DMA,
+ },
+ /* RAM */ {
+ .phys_start = 0x200000000,
+ .virt_start = 0x200000000,
+ .size = 0x3c000000,
+ .access_flags = JAILHOUSE_MEM_READ |
+ JAILHOUSE_MEM_WRITE | JAILHOUSE_MEM_EXECUTE |
+ JAILHOUSE_MEM_DMA,
+ },
+ },
+
+ .pio_bitmap = {
+ [ 0/8 ... 0x1f/8] = -1,
+ [ 0x20/8 ... 0x27/8] = 0xfc, /* HACK: PIC */
+ [ 0x28/8 ... 0x3f/8] = -1,
+ [ 0x40/8 ... 0x47/8] = 0xf0, /* PIT */
+ [ 0x48/8 ... 0x5f/8] = -1,
+ [ 0x60/8 ... 0x67/8] = 0x0, /* HACK: 8042, and more? */
+ [ 0x68/8 ... 0x6f/8] = -1,
+ [ 0x70/8 ... 0x77/8] = 0xfc, /* rtc */
+ [ 0x78/8 ... 0x7f/8] = -1,
+ [ 0x80/8 ... 0x8f/8] = 0, /* dma */
+ [ 0x90/8 ... 0x16f/8] = -1,
+ [ 0x170/8 ... 0x177/8] = 0, /* ide */
+ [ 0x178/8 ... 0x1ef/8] = -1,
+ [ 0x1f0/8 ... 0x1f7/8] = 0, /* ide */
+ [ 0x1f8/8 ... 0x2f7/8] = -1,
+ [ 0x2f8/8 ... 0x2ff/8] = 0, /* serial2 */
+ [ 0x300/8 ... 0x36f/8] = -1,
+ [ 0x370/8 ... 0x377/8] = 0xbf, /* ide */
+ [ 0x378/8 ... 0x3af/8] = -1,
+ [ 0x3b0/8 ... 0x3df/8] = 0, /* VGA */
+ [ 0x3e0/8 ... 0x3f7/8] = -1,
+ [ 0x3f8/8 ... 0x3ff/8] = 0, /* serial 1 */
+ [ 0x400/8 ... 0x47f/8] = 0, /* ACPI...? */
+ [ 0x480/8 ... 0xcf7/8] = -1,
+ [ 0xcf8/8 ... 0xffff/8] = 0, /* HACK: full PCI */
+ },
+};
Oops, something went wrong.

0 comments on commit c690fb9

Please sign in to comment.