- Intel x86 processor with support for 64-bit and VMX, more precisely
- EPT (extended page tables)
- unrestricted guest mode
+ - preemption timer
+ - Intel IOMMU (VT-d) with interrupt remapping support
+ (except when running inside QEMU)
- at least 2 logical CPUs
- x86-64 Linux kernel (tested against >= 3.9)
- VT-d usage has to be disabled in the Linux kernel, e.g. via command
intel_iommu=off intremap=off
-upcoming:
- - Intel IOMMU with interrupt remapping support
-
Build
-----
The included system configuration qemu-vm.c can be used to run Jailhouse in
QEMU/KVM virtual machine on Intel x86 hosts. Currently it requires kvm.git,
-next branch on the host (in order to get support for guest activity state HLT).
-3.14 is expected to include all necessary features for this setup. You also
-need a Linux guest image with a recent kernel (tested with >= 3.9) and the
-ability to build a module for this kernel. Make sure the kvm-intel module was
-loaded with nested=1 to enable nested VMX support. Start the virtual machine as
-follows:
-
- qemu-system-x86_64 LinuxInstallation.img -m 1G -enable-kvm -smp 4 \
+next branch on the host. 3.17 is expected to include all necessary features
+for this setup. QEMU is required in a recent version (2.1) as well if you want
+to use the configuration file included in the source tree.
+
+You also need a Linux guest image with a recent kernel (tested with >= 3.9) and
+the ability to build a module for this kernel. Make sure the kvm-intel module
+was loaded with nested=1 to enable nested VMX support. Start the virtual
+machine as follows:
+
+ qemu-system-x86_64 -machine q35 -m 1G -enable-kvm -smp 4 \
-cpu kvm64,-kvm_pv_eoi,-kvm_steal_time,-kvm_asyncpf,-kvmclock,+vmx,+x2apic \
- -serial stdio -serial vc
+ -drive file=LinuxInstallation.img,id=disk,if=none \
+ -device ide-hd,drive=disk -serial stdio -serial vc
Inside the VM, make sure that jailhouse.bin, generated by the build process,
is available for firmware loading (typically /lib/firmware).
/*
* Jailhouse, a Linux-based partitioning hypervisor
*
- * Test configuration for QEMU VM, 1 GB RAM, 64 MB hypervisor (-8 K ACPI)
+ * Test configuration for QEMU Q35 VM, 1 GB RAM, 64 MB hypervisor (-192K ACPI)
* Command line:
- * qemu-system-x86_64 /path/to/image -m 1G -enable-kvm -smp 4 \
+ * qemu-system-x86_64 -machine q35 -m 1G -enable-kvm -smp 4 \
+ * -drive file=/path/to/image,id=disk,if=none -device ide-hd,drive=disk \
* -virtfs local,path=/local/path,security_model=passthrough,mount_tag=host \
* -cpu kvm64,-kvm_pv_eoi,-kvm_steal_time,-kvm_asyncpf,-kvmclock,+vmx,+x2apic
*
struct jailhouse_memory mem_regions[5];
struct jailhouse_irqchip irqchips[1];
__u8 pio_bitmap[0x2000];
- struct jailhouse_pci_device pci_devices[9];
+ struct jailhouse_pci_device pci_devices[6];
struct jailhouse_pci_capability pci_caps[3];
} __attribute__((packed)) config = {
.header = {
[ 0x70/8 ... 0x77/8] = 0xfc, /* rtc */
[ 0x78/8 ... 0x7f/8] = -1,
[ 0x80/8 ... 0x87/8] = 0xfe, /* port 80 (delays) */
- [ 0x88/8 ... 0x16f/8] = -1,
- [ 0x170/8 ... 0x177/8] = 0, /* ide */
- [ 0x178/8 ... 0x1ef/8] = -1,
- [ 0x1f0/8 ... 0x1f7/8] = 0, /* ide */
- [ 0x1f8/8 ... 0x2f7/8] = -1,
+ [ 0x88/8 ... 0x2f7/8] = -1,
[ 0x2f8/8 ... 0x2ff/8] = 0, /* serial2 */
- [ 0x300/8 ... 0x36f/8] = -1,
- [ 0x370/8 ... 0x377/8] = 0xbf, /* ide */
- [ 0x378/8 ... 0x3af/8] = -1,
+ [ 0x300/8 ... 0x3af/8] = -1,
[ 0x3b0/8 ... 0x3df/8] = 0, /* VGA */
- [ 0x3e0/8 ... 0x3ef/8] = -1,
- [ 0x3f0/8 ... 0x3f7/8] = 0xbf, /* ide */
- [ 0x3f8/8 ... 0x5657/8] = -1,
+ [ 0x3e0/8 ... 0x5657/8] = -1,
[0x5658/8 ... 0x565f/8] = 0xf0, /* vmport */
[0x5660/8 ... 0xbfff/8] = -1,
[0xc000/8 ... 0xc0ff/8] = 0, /* PCI devices */
},
.pci_devices = {
- { /* 440fx: ISA bridge, q35: VGA */
+ { /* VGA */
.type = JAILHOUSE_PCI_TYPE_DEVICE,
.domain = 0x0000,
.bdf = 0x0008,
},
- { /* 440fx: IDE */
- .type = JAILHOUSE_PCI_TYPE_DEVICE,
- .domain = 0x0000,
- .bdf = 0x0009,
- },
- { /* 440fx: SMBus */
- .type = JAILHOUSE_PCI_TYPE_DEVICE,
- .domain = 0x0000,
- .bdf = 0x000b,
- },
- { /* 440fx: VGA, q35: e1000 */
+ { /* e1000 */
.type = JAILHOUSE_PCI_TYPE_DEVICE,
.domain = 0x0000,
.bdf = 0x0010,
},
- { /* 44fx: e1000, q35: virtio-9p-pci */
+ { /* virtio-9p-pci */
.type = JAILHOUSE_PCI_TYPE_DEVICE,
.domain = 0x0000,
.bdf = 0x0018,
- .caps_start = 0, /* for q35 */
- .num_caps = 1,
- },
- { /* 440fx: virtio-9p-pci */
- .type = JAILHOUSE_PCI_TYPE_DEVICE,
- .domain = 0x0000,
- .bdf = 0x0020,
.caps_start = 0,
.num_caps = 1,
},
- { /* q35: ISA bridge */
+ { /* ISA bridge */
.type = JAILHOUSE_PCI_TYPE_DEVICE,
.domain = 0x0000,
.bdf = 0x00f8,
},
- { /* q35: AHCI */
+ { /* AHCI */
.type = JAILHOUSE_PCI_TYPE_DEVICE,
.domain = 0x0000,
.bdf = 0x00fa,
.caps_start = 2,
.num_caps = 2,
},
- { /* q35: SMBus */
+ { /* SMBus */
.type = JAILHOUSE_PCI_TYPE_DEVICE,
.domain = 0x0000,
.bdf = 0x00fb,
projects / jailhouse.git / commitdiff