IJailhouse yi-Linux-based partitioning hypervisor (iphuhliswe njengeprojekthi yesoftware ye-GPLv2 yasimahla). Ngaba ekwaziyo ukuqhuba izicelo ezipheleleyo okanye iinkqubo zokusebenza (ilungisiwe) ukongeza kwiLinux. Ngenxa yale njongo, cQwalasela iqonga le-CPU kunye neempawu zokubonwa kwesixhobo hardware ukwenzela ukuba kungabikho nanye kwezi ndawo, ezibizwa ngokuba "ziiseli", ezinokuphazamisana ngendlela engamkelekanga.
Oku kuthetha ukuba I-Jailhouse ayilinganisi izixhobo ongenazo. Ngokulula yahlula i-hardware kwiindawo ezizimeleyo ezibizwa ngokuba "iiseli" ezizinikele ngokupheleleyo kwiinkqubo zeendwendwe ezibizwa ngokuba “ngamabanjwa”.
Malunga neJailhouse
IJailhouse ilungiselelwe ukwenza lula endaweni yokubonakalisa ubutyebi. Ngokungafaniyo ne-hypervisors esekwe kwiLinux egcweleyo njenge-KVM okanye iXen, I-Jailhouse ayikuxhasi ukugqithiswa kwezibonelelo ezifana CPU, RAM okanye izixhobo. Ayenzi naluphi na udweliso lwenkqubo kwaye ijonga kuphela ezo zixhobo kwisoftware, eyimfuneko kwiqonga kwaye ayinako ukwahlulwa kwihardware.
Nje ukuba i-Jailhouse isebenze, iqhuba ngokupheleleyo, oku kuthetha ukuba ithatha ulawulo olupheleleyo kwi-hardware kwaye ayifuni nkxaso yangaphandle.
Ihypervisor iphunyezwe njengemodyuli yeLinux kernel kwaye ibonelela nge-kernel-level virtualization. Amacandelo ondwendwe sele ebandakanyiwe kwi-Linux kernel engundoqo.
Ukulawula ukuhlukaniswa, iindlela ze-hardware virtualization zisetyenziswa ibonelelwa zii-CPU zanamhlanje. Iimpawu ezahlukileyo zeJailhouse kukuphunyezwa kwayo okulula kunye nokuqhelaniswa kwayo nokudibanisa oomatshini benyani kwi-CPU esisigxina, indawo ye-RAM kunye nezixhobo zehardware. Le ndlela ivumela ukusebenza kweendawo ezininzi ezizimeleyo ezizimeleyo kwiseva ye-multiprocessor ebonakalayo, nganye eyabelwe undoqo wayo weprosesa.
Ngekhonkco eliqinileyo kwi-CPU, i-overhead ye-hypervisor operation iyancitshiswa kwaye ukuphunyezwa kwayo kwenziwa lula kakhulu, kuba akukho mfuneko yokwenza umcwangcisi wolwabiwo lwezixhobo ezintsonkothileyo: ulwabiwo lwesiseko se-CPU esahlukileyo siqinisekisa ukuba akukho kwenza eminye imisebenzi kule nto. ICPU.
Inzuzo yale ndlela kukukwazi ukubonelela ukufikelela okuqinisekisiweyo kwizibonelelo kunye nokusebenza okuqikelelweyo, okwenza i-Jailhouse isisombululo esifanelekileyo sokudala imisebenzi eyenziwa ngexesha langempela. I-downside yi-scalability elinganiselwe, esekelwe kwinani le-CPU cores.
Malunga nenguqulelo entsha yeJailhouse 0.12
Okwangoku, iJailhouse ikwinguqulo 0.12 kwaye iqaqambisa i Inkxaso yeRaspberry Pi 4 Model B kunye neTexas Instruments J721E-EVM.
Ukongeza kwisixhobo ivshmem isetyenziselwa ukucwangcisa intsebenziswano phakathi kweeseli, yenziwe ngokutsha kwaye inokuphumeza ezothutho kwi-VIRTIO.
Kuphunyezwe ukukwazi ukukhubaza ukudalwa kwamaphepha amakhulu ememori (iphepha elikhulu) ukuvala ubuthathaka be-CVE-2018-12207 kwi-Intel processors, evumela umhlaseli ongelolungelo ukuba aqalise ukukhanyela inkonzo, ekhokelela ekumiseni kwenkqubo kwinkqubo. chaza "Impazamo yokuqinisekisa umatshini".
Kwiinkqubo ezine-ARM64 processors, i-SMMUv3 iyaxhaswa (Iyunithi yoLawulo lweMemori yeSistim) kunye ne-TI PVU (iYunithi ye-Peripheral Virtualization). Kwiindawo ezizimeleyo ezisebenza ngaphezulu kwekhompyuter, inkxaso yePCI yongeziwe.
Kwiisistim ze-x86 kuyenzeka ukwenza imo ye-CR4.UMIP isebenze (Uthintelo loMyalelo weNdlela yoMsebenzisi) olunikezelwe ngabaqhubekekisi be-Intel, ekuvumela ukuba uthintele ukwenziwa kwemiyalelo ethile kwindawo yomsebenzisi, njenge-SGDT, SLDT, SIDT, SMSW kunye ne-STR, enokusetyenziswa kuhlaselo olujolise ekwandiseni amalungelo inkqubo.
Fumana iJailhouse
I-Jailhouse ixhasa ukusebenza kwiinkqubo ze-x86_64 ngeVMX + EPT okanye SVM + NPT (AMD-V) izandiso, ngokunjalo nakwiiprosesa I-ARMv7 kunye ne-ARMv8/ARM64 kunye nezandiso ze-virtualization.
Nangona Ngokwahlukileyo, i generator yemifanekiso iyaphuhliswa esekwe kwiipakethe zeDebian zezixhobo ezihambelanayo.
Unokufumana imiyalelo yokwakha kunye nofakelo, kunye nolunye ulwazi Kule khonkco ilandelayo.