What makes Jailhouse different from previous kernel isolation attempts?
23 views
Skip to first unread message
Benjamin Lindqvist
Apr 27, 2017, 5:33:45 PM4/27/17
to Jailhouse
I've been looking at Jailhouse for running Linux and a RTOS on the same device. While doing some research on the subject, I found two other projects that attempts to do something very similar (i.e. complete resource isolation), namely the "offline scheduler" (https://lwn.net/Articles/350123/) and "CPU isolation extensions" (https://lwn.net/Articles/268711/).
Neither of these projects seem to be currently maintained and interest seems to be pretty low. But when Jailhouse was announced, the reactions seemed incredibly positive. I'm wondering if anyone can explain/point me to a reference explaining the fundamental upsides in using Jailhouse as opposed to something based on cpu affinity + irq disabling?
Jan Kiszka
Apr 28, 2017, 2:25:21 AM4/28/17
to Benjamin Lindqvist, Jailhouse
On 2017-04-27 23:33, Benjamin Lindqvist wrote:
> I've been looking at Jailhouse for running Linux and a RTOS on the same device. While doing some research on the subject, I found two other projects that attempts to do something very similar (i.e. complete resource isolation), namely the "offline scheduler" (https://lwn.net/Articles/350123/) and "CPU isolation extensions" (https://lwn.net/Articles/268711/).
>
> Neither of these projects seem to be currently maintained and interest seems to be pretty low. But when Jailhouse was announced, the reactions seemed incredibly positive. I'm wondering if anyone can explain/point me to a reference explaining the fundamental upsides in using Jailhouse as opposed to something based on cpu affinity + irq disabling?
>
The approaches you cite above depend on the Linux kernel during runtime.
> I've been looking at Jailhouse for running Linux and a RTOS on the same device. While doing some research on the subject, I found two other projects that attempts to do something very similar (i.e. complete resource isolation), namely the "offline scheduler" (https://lwn.net/Articles/350123/) and "CPU isolation extensions" (https://lwn.net/Articles/268711/).
>
> Neither of these projects seem to be currently maintained and interest seems to be pretty low. But when Jailhouse was announced, the reactions seemed incredibly positive. I'm wondering if anyone can explain/point me to a reference explaining the fundamental upsides in using Jailhouse as opposed to something based on cpu affinity + irq disabling?
>
Jailhouse only uses Linux as a bootloader but isolates the CPUs and I/O
resources independently of Linux while in operational mode. That allows
for stricter isolation and a much smaller trusted code base, which
specifically useful safety critical scenarios. It also enable asymmetric
architectures where the isolated cores run something else than Linux
(e.g. in legacy migration scenarios).
Jan
--
Siemens AG, Corporate Technology, CT RDA ITP SES-DE
Corporate Competence Center Embedded Linux
Reply all
Reply to author
Forward
0 new messages