Dear Jan, dear Jailhouse community, We are running Jailhouse on an Intel X86 server-grade processor and use the Jailhouse CAT module to isolate cache usage between cells. This patch series contains several fixes to the CAT module, to ensure the root cell remains isolated from non-root cells. I have tried to explain the grounds for change in each patch, with counter examples where needed.
Jan, I hope to extend the CAT module in the future to allow each cell to change its CBM during run-time, e.g. to distinguish critical and non-critical sections. Now, the module dynamically allocates each cell a COS, and considers any write to MSR_IA32_L3_MASK an illegal VM exit. Disregarding the last patch in this series, each cell had its own unique COS, which might justify a cell changing its own CBM, for example as long as it is a subset of the CBM in the config file. However, in the last patch of the series I drop this behavior due to issues on larger CPUs -- the number of CPUs might outrange the number of COSes available. Allowing a cell to cleanly edit its own CBM, without affecting other cells, is difficult if the COSes are dynamically assigned at cell creation. That is why I am considering to extend the cache-regions in the config file to allow for a statically allocated COS -- and make this a statically partitioned resource just like e.g. memory. What are your thoughts on this? Any reason why you omitted this in the first place, and opted for dynamically allocated COSes? Thanks, Best regards, Bram Hooimeijer Bram Hooimeijer (6): x86/cat.c: Fix type freed_mask x86/cat.c: Fix CBM for non-root cell w/ root COS. x86/cat.c: Fix returning bits upon cell exit x86/cat.c: Fix off-by-one error x86/cat.c: Fix overlap on moving the root COS CBM x86/cat.c: Add COS re-use in cells with same mask. hypervisor/arch/x86/cat.c | 140 ++++++++++++++++++++++++++------------ 1 file changed, 95 insertions(+), 45 deletions(-) -- 2.28.0 -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to jailhouse-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/PA4PR02MB6670EC0868445B5454C42969B6B59%40PA4PR02MB6670.eurprd02.prod.outlook.com.
