hvc特权指令
在看jailhouse代码的时候,看到了hvc特权指令,这里详细研究一下
cstatic inline __jh_arg jailhouse_call_arg2(__jh_arg num, __jh_arg arg1,
__jh_arg arg2)
{
register __jh_arg num_result asm(JAILHOUSE_CALL_NUM_RESULT) = num;
register __jh_arg __arg1 asm(JAILHOUSE_CALL_ARG1) = arg1;
register __jh_arg __arg2 asm(JAILHOUSE_CALL_ARG2) = arg2;
asm volatile(
JAILHOUSE_CALL_INS
: "+r" (num_result), "+r" (__arg1), "+r" (__arg2)
: : "memory", JAILHOUSE_CALL_CLOBBERED);
return num_result;
}
#define JAILHOUSE_CALL_INS "hvc #0x4a48"
#define JAILHOUSE_CALL_NUM_RESULT "x0"
#define JAILHOUSE_CALL_ARG1 "x1"
#define JAILHOUSE_CALL_ARG2 "x2"
#define JAILHOUSE_CALL_CLOBBERED "x3"
解析内联汇编
asm asm-qualifiers ( AssemblerTemplate : OutputOperands : InputOperands : Clobbers : GotoLabels)
对于上文中的内联汇编,宏扩展后伪代码如下
asm volatile( hvc #0x4a48 : "+r" (x0), "+r" (x1), "+r" (x2) : : "memory", x3);
操作数参数':'
冒号作为操作数参数的分隔符
Extended asm syntax uses colons (‘:’) to delimit the operand parameters after the assembler template:
限定符volatile
禁用gcc的优化(move code out of loops)
GCC’s optimizers sometimes discard asm statements if they determine there is no need for the output variables. Also, the optimizers may move code out of loops if they believe that the code will always return the same result (i.e. none of its input values change between calls). Using the volatile qualifier disables these optimizations. asm statements that have no output operands and asm goto statements, are implicitly volatile.
约束'+r/memory'
对于'+',代表操作数是可读可写的
Means that this operand is both read and written by the instruction.
对于'r',代表寄存器是一个通用寄存器
A register operand is allowed provided that it is in a general register.
对于'memory',代表告诉编译器这个内存可能被读写,不要被优化。等于内存屏障
The "memory" clobber tells the compiler that the assembly code performs memory reads or writes to items other than those listed in the input and output operands (for example, accessing the memory pointed to by one of the input parameters). To ensure memory contains correct values, GCC may need to flush specific register values to memory before executing the asm. Further, the compiler does not assume that any values read from memory before an asm remain unchanged after that asm; it reloads them as needed. Using the "memory" clobber effectively forms a read/write memory barrier for the compiler.
通用寄存器'x0/x1/x2'
x1和x2是通用寄存器用于传递参数,x0作为函数的返回值。
hvc
hvc指令会进入hyp模式,cpsr的值会保存到hyp模式的spsr中并执行hvc向量(指向hypervisor call的异常处理程序的入口地址) 但是imm立即数会被处理器忽略,但是在入口函数可以检索到imm的值,从而确定是什么服务
HVC #imm imm is an expression evaluating to an integer in the range 0-65535. In a processor that implements the Virtualization Extensions, the HVC instruction causes a Hypervisor Call exception. This means that the processor enters Hyp mode, the CPSR value is saved to the Hyp mode SPSR, and execution branches to the HVC vector. imm is ignored by the processor. However, it can be retrieved by the exception handler to determine what service is being requested.
总体解释
Instruction: hvc #0x4a48 Hypercall code: x0 1. argument: x1 2. argument: x2 Return code: x0
这里使用虚拟化指令hvc调用立即数#0x4a48,立即数0x4a48只是用作指明是什么服务(jailhouse),参数为x1,x2返回值为x0.如x1,x2不存在则缺省.这里x0先是hypervisor调用的code,然后作为返回值提供返回出去,x1,x2是传入参数,用作根据根据x0的code入口函数的传参,最后的'memory, JAILHOUSE_CALL_CLOBBERED'用作缺省,如入口函数不需要多个参数,这里声明x1,x2,x3带有memory作为暂存寄存器.
While the compiler is aware of changes to entries listed in the output operands, the inline asm code may modify more than just the outputs. For example, calculations may require additional registers, or the processor may overwrite a register as a side effect of a particular assembler instruction. In order to inform the compiler of these changes, list them in the clobber list. Clobber list items are either register names or the special clobbers (listed below). Each clobber list item is a string constant enclosed in double quotes and separated by commas
上面意思是计算可能需要额外寄存器,或者处理器对特殊汇编指令可能会覆写这些寄存器,为了让编译器知道这种情况,可以把这些寄存器放在clobber列表作为暂存寄存器。
相关调用
#define JAILHOUSE_HC_DISABLE 0 #define JAILHOUSE_HC_CELL_CREATE 1 #define JAILHOUSE_HC_CELL_START 2 #define JAILHOUSE_HC_CELL_SET_LOADABLE 3 #define JAILHOUSE_HC_CELL_DESTROY 4 #define JAILHOUSE_HC_HYPERVISOR_GET_INFO 5 #define JAILHOUSE_HC_CELL_GET_STATE 6 #define JAILHOUSE_HC_CPU_GET_INFO 7 #define JAILHOUSE_HC_DEBUG_CONSOLE_PUTC 8 /* Hypervisor information type */ #define JAILHOUSE_INFO_MEM_POOL_SIZE 0 #define JAILHOUSE_INFO_MEM_POOL_USED 1 #define JAILHOUSE_INFO_REMAP_POOL_SIZE 2 #define JAILHOUSE_INFO_REMAP_POOL_USED 3 #define JAILHOUSE_INFO_NUM_CELLS 4 /* Hypervisor information type */ #define JAILHOUSE_CPU_INFO_STATE 0 #define JAILHOUSE_CPU_INFO_STAT_BASE 1000 /* CPU state */ #define JAILHOUSE_CPU_RUNNING 0 #define JAILHOUSE_CPU_FAILED 2 /* terminal state */ /* CPU statistics */ #define JAILHOUSE_CPU_STAT_VMEXITS_TOTAL 0 #define JAILHOUSE_CPU_STAT_VMEXITS_MMIO 1 #define JAILHOUSE_CPU_STAT_VMEXITS_MANAGEMENT 2 #define JAILHOUSE_CPU_STAT_VMEXITS_HYPERCALL 3 #define JAILHOUSE_GENERIC_CPU_STATS 4
上面调用作为x0传入hypervisor call,从而发送hyc #0x4a48来管理虚拟机。 举个例子如下
Cerr = jailhouse_call(JAILHOUSE_HC_DISABLE);
static inline __jh_arg jailhouse_call(__jh_arg num)
{
register __jh_arg num_result asm(JAILHOUSE_CALL_NUM_RESULT) = num;
asm volatile(
JAILHOUSE_CALL_INS
: "+r" (num_result)
: : "memory", JAILHOUSE_CALL_ARG1, JAILHOUSE_CALL_ARG2,
JAILHOUSE_CALL_CLOBBERED);
return num_result;
}
至此,关于hyc的汇编理解清楚了,接下来继续跟踪jailhouse驱动源码
参考链接
Jailhouse启动分析
jailhouse的ko已经编译出来了,这里主要开始从代码分析jailhouse的加载过程
init
初始化主要如下几个步骤
- jailhouse_sysfs_init
- misc_register
- jailhouse_pci_register
- register_reboot_notifier
sysfs
对于sysfs的创建,如下解释:
/sys/devices/jailhouse |- console - hypervisor console (see [1]) |- enabled - 1 if Jailhouse is enabled, 0 otherwise |- mem_pool_size - number of pages in hypervisor memory pool |- mem_pool_used - used pages of hypervisor memory pool |- remap_pool_size - number of pages in hypervisor remapping pool |- remap_pool_used - used pages of hypervisor remapping pool `- cells |- <id> - unique numerical ID | |- name - cell name | |- state - "running", "running/locked", "shut down", or | | "failed" | |- cpus_assigned - bitmask of assigned logical CPUs | |- cpus_assigned_list - human readable list of assigned logical CPUs | |- cpus_failed - bitmask of logical CPUs that caused a failure | |- cpus_failed_list - human readable list of logical CPUs that | | caused a failure | `- statistics | |- cpu<n> | | |- vmexits_total - Total number of VM exits on CPU <n> | | `- vmexits_<reason> - VM exits due to <reason> on CPU <n> | |- vmexits_total - Total number of VM exits on all cell CPUs | `- vmexits_<reason> - VM exits due to <reason> on all cell CPUs `- ...
在目录/sys/devices/jailhouse下
Cstatic struct attribute *jailhouse_sysfs_entries[] = {
&dev_attr_console.attr,
&dev_attr_enabled.attr,
&dev_attr_mem_pool_size.attr,
&dev_attr_mem_pool_used.attr,
&dev_attr_remap_pool_size.attr,
&dev_attr_remap_pool_used.attr,
NULL
};
kobject_create_and_add("cells", &dev->kobj);
主要文件如下:
- console 虚拟机状态信息
- enabled jailhouse使能信息
- mem_pool_size 虚拟机内存池大小
- mem_pool_used 虚拟机内存池使用量
- remap_pool_size 虚拟机内存映射大小
- remap_pool_used 虚拟机内存映射使用量
- cell目录
对于cell目录的内容,如下
Ckobject_init_and_add(&cell->kobj, &cell_type, cells_dir, "%d",
cell->id);
可见cell目录下只存在id目录,在cell的enable和create的过程中,会主动创建,模块加载时并不会创建
对于id目录内的内容,如下
Cstatic struct attribute *cell_attrs[] = {
&cell_name_attr.attr,
&cell_state_attr.attr,
&cell_cpus_assigned_attr.attr,
&cell_cpus_assigned_list_attr.attr,
&cell_cpus_failed_attr.attr,
&cell_cpus_failed_list_attr.attr,
NULL,
};
kobject_init_and_add(&cell->stats_kobj, &cell_stats_type,
&cell->kobj, "%s", "statistics");
主要文件如下:
- name cell的名字
- state cell的状态
- cpus_assigned cpumask信息,以%*pb显示,例如ffff
- cpus_assigned_list cpumask信息,以%*pbl显示,例如0-7
- cpus_failed 失败的cpumask信息,以%*pb显示
- cpus_failed_list 失败的cpumask信息,以%*pbl显示
- statistics目录
对于statistics目录,主要内容如下
Cstatic struct attribute *cell_stats_attrs[] = {
&vmexits_total_cell_attr.kattr.attr,
&vmexits_mmio_cell_attr.kattr.attr,
&vmexits_management_cell_attr.kattr.attr,
&vmexits_hypercall_cell_attr.kattr.attr,
&vmexits_maintenance_cell_attr.kattr.attr,
&vmexits_virt_irq_cell_attr.kattr.attr,
&vmexits_virt_sgi_cell_attr.kattr.attr,
&vmexits_psci_cell_attr.kattr.attr,
&vmexits_smccc_cell_attr.kattr.attr,
NULL
};
kobject_init_and_add(&cell_cpu->kobj, &cell_cpu_type, &cell->stats_kobj, "cpu%u", cpu);
主要文件如下:
- vmexits_total 虚拟机退出个数
- vmexits_mmio (Memory mapping I/O)
- vmexits_management (Memory management)
- vmexits_hypercall (Hypercall)
- vmexits_maintenance (Cache Maintenance)
- vmexits_virt_irq (IRQ)
- vmexits_virt_sgi (Software Generated Interrupt)
- vmexits_psci (Power State Coordination Interface)
- vmexits_smccc (SMC Calling Convention SMC调用约定)
- cpu%u cpu目录
对于cpu%u目录,主要内容如下:
Cstatic struct attribute *cpu_stats_attrs[] = {
&vmexits_total_cpu_attr.kattr.attr,
&vmexits_mmio_cpu_attr.kattr.attr,
&vmexits_management_cpu_attr.kattr.attr,
&vmexits_hypercall_cpu_attr.kattr.attr,
&vmexits_maintenance_cpu_attr.kattr.attr,
&vmexits_virt_irq_cpu_attr.kattr.attr,
&vmexits_virt_sgi_cpu_attr.kattr.attr,
&vmexits_psci_cpu_attr.kattr.attr,
&vmexits_smccc_cpu_attr.kattr.attr,
NULL
};
对于文件如下:
- vmexits_total
- vmexits_mmio
- vmexits_management
- vmexits_hypercall
- vmexits_maintenance
- vmexits_virt_irq
- vmexits_virt_sgi
- vmexits_psci
- vmexits_smccc
这里需要留意的是如下:
C asm volatile(
JAILHOUSE_CALL_INS
: "+r" (num_result), "+r" (__arg1), "+r" (__arg2)
:
: "memory", JAILHOUSE_CALL_CLOBBERED);
#define JAILHOUSE_CALL_INS "hvc #0x4a48"
#define JAILHOUSE_CALL_NUM_RESULT "x0"
#define JAILHOUSE_CALL_ARG1 "x1"
#define JAILHOUSE_CALL_ARG2 "x2"
#define JAILHOUSE_CALL_CLOBBERED "x3"
misc
对于misc设备,就是往/dev下创建jailhouse文件。主要如下:
Cstatic const struct file_operations jailhouse_fops = {
.owner = THIS_MODULE,
.unlocked_ioctl = jailhouse_ioctl,
.compat_ioctl = jailhouse_ioctl,
.llseek = noop_llseek,
.open = jailhouse_console_open,
.release = jailhouse_console_release,
.read = jailhouse_console_read,
};
static struct miscdevice jailhouse_misc_dev = {
.minor = MISC_DYNAMIC_MINOR,
.name = "jailhouse",
.fops = &jailhouse_fops,
};
关于ioctl,主要提供如下
JAILHOUSE_ENABLE JAILHOUSE_DISABLE JAILHOUSE_CELL_CREATE JAILHOUSE_CELL_LOAD JAILHOUSE_CELL_START JAILHOUSE_CELL_DESTROY
这些ioctl提供了jailhouse的基本使能,禁用,创建,加载,开始,销毁的能力。
对于open release read三个file operations
- open 提供console_state结构体
- release 销毁console_state结构体
- read 向dump 虚拟机状态console信息
关于在jailhouse enable的ioctl中做的事情,后续再分析
pci
注册一个pci驱动,在probe中遍历并打印宣传在no root cell的pci设备
C list_for_each_entry(claimed_dev, &claimed_devs, list) {
if (claimed_dev->dev == dev) {
dev_info(&dev->dev,
"claimed for use in non-root cell\n");
ret = 0;
break;
}
}
关于在jailhouse enable的ioctl中做的事情,后续再分析
notifier
这里只是简单的在reboot的时候,给jailhouse发送disable的cmd
Cstatic int jailhouse_shutdown_notify(struct notifier_block *unused1,
unsigned long unused2, void *unused3)
{
int err;
err = jailhouse_cmd_disable();
if (err && err != -EINVAL)
pr_emerg("jailhouse: ordered shutdown failed!\n");
return NOTIFY_DONE;
}
总结
至此,jailhouse驱动的加载过程完成了,接下来就是给jailhouse发送enable的ioctl的流程了
wsl2使用vhdx虚拟磁盘
windwos的wsl如果直接使用windows的盘符来存储文件可以发现速度非常的慢。如下
dd if=/dev/zero of=test.img status=progress 4970496 bytes (5.0 MB, 4.7 MiB) copied, 1 s, 5.0 MB/s^C 16147+0 records in 16147+0 records out 8267264 bytes (8.3 MB, 7.9 MiB) copied, 1.66701 s, 5.0 MB/s
可以发现速度为5m/s,这个是不可忍受的。为了使得wsl使用更快,有两种方式
- wsl直接挂载ext4的img格式
- wsl挂载虚拟磁盘vhdx
ext4的img挂载
- 制作ext4分区
dd if=/dev/zero of=wsl_code.img count=10240
此时会产生5.12M的wsl_code.img 此时格式化分区为ext4,并扩大分区为100G
mkfs.ext4 wsl_code.img resize2fs wsl_code.img 100G
此时对于wsl来说,开机挂载这个img即可,如下
mount /mnt/k/wsl_code.img ~/wsl_code/
vhdx在wsl的挂载
对于wsl官方文档,推荐使用vhdx的格式,主要方法如下:
- 计算机管理--->磁盘管理--->操作--->创建VHD--->位置--->虚拟硬盘大小--->VHDX
- 计算机管理--->磁盘管理--->操作--->附加VHD--->位置--->确定
这样vhdx格式的虚拟磁盘已经创建好,接下来挂载在wsl上
1. PowerShell以管理员权限打开 2. 输入命令: GET-CimInstance -query "SELECT * from Win32_DiskDrive" PS C:> GET-CimInstance -query "SELECT * from Win32_DiskDrive" DeviceID Caption Partitions Size Model -------- ------- ---------- ---- ----- \\.\PHYSICALDRIVE1 UNITEK USB3.0 TO SATA SCSI Disk Device 1 1000202273280 UNITEK USB3.0 TO SATA SCSI Disk D... \\.\PHYSICALDRIVE0 KIOXIA-EXCERIA SSD 4 500105249280 KIOXIA-EXCERIA SSD \\.\PHYSICALDRIVE2 Microsoft 虚拟磁盘 1 966363471360 Microsoft 虚拟磁盘 找到自己创建的虚拟磁盘的Windows磁盘标号: \\.\PHYSICALDRIVE2 3. 关闭wsl wsl --shutdown 4. 挂载虚拟磁盘 wsl --mount \\.\PHYSICALDRIVE2 --bare 5. 启动wsl 6. 创建文件系统格式 mkfs.ext4 /dev/sdc1 7. 挂载文件系统格式 mount /dev/sdc1 wsl_code/ 8. 设置label e2label /dev/sdc1 wsl_code 9. 自动挂载 vim /etc/fstab LABEL=wsl_code /root/wsl_code ext4 defaults,nofail 0 1 10. 卸载wsl上的虚拟磁盘 wsl --unmount \\.\PHYSICALDRIVE2
至此,就可以愉快的使用wsl的虚拟磁盘的内容啦
root@kylin:~/wsl_code# dd if=/dev/zero of=test.img status=progress 2114826752 bytes (2.1 GB, 2.0 GiB) copied, 4 s, 529 MB/s
windows开放端口
windows电脑自带防火墙,防火墙默认打开的,很多服务需要配置防火墙规则,但是对于自己开发而言,每次配开一个端口开一个端口,真的挺累的。自己弄又不是企业弄,别人也攻击不到自己。这里说明一下windows开端口,方便自己在windows上使用其他端口
配置方法
按照下面方法配置即可
- windows设置
- 更新和安全
- windows安全中心
- 防火墙和网络保护
- 高级设置
- 提权
- 入站规则(端口进入,本机服务提供端口)
- 出站规则(端口出去,本机服务访问端口)
- 右击新建规则
- 端口
- TCP和特定端口
完事
注意
注意配过之后,小心别人攻击你。
[Jailhouse编译]
开始编译jailhouse驱动和内核了。
环境准备
- 具有能编译内核的环境
- 具有能编译jailhouse模块的环境
如下:
apt install checkinstall build-essential qemu python3-mako export ARCH=arm64 export PATH=$PATH:/root/sdk/linux-x86/aarch64/gcc-arm-10.3-2021.07-x86_64-aarch64-none-linux-gnu/bin export CROSS_COMPILE=aarch64-none-linux-gnu-
合入jailhouse需要的补丁
平台为RK3588,内核版本如下:
VERSION = 5 PATCHLEVEL = 10 SUBLEVEL = 160
补丁如下
0001-jailhouse-config-jailhouse.ko-need-those-config.patch 0025-jailhouse-ivshmem-net-Improve-identification-of-reso.patch 0002-jailhouse-Add-simple-debug-console-via-the-hyperviso.patch 0026-jailhouse-ivshmem-net-Switch-to-reset-state-on-each-.patch 0003-jailhouse-arm-Export-__boot_cpu_mode-for-use-in-Jail.patch 0027-jailhouse-ivshmem-net-Add-ethtool-register-dump.patch 0004-jailhouse-mm-Re-export-ioremap_page_range.patch 0028-jailhouse-ivshmem-net-Fix-stuck-state-machine-during.patch 0005-jailhouse-arm-arm64-export-__hyp_stub_vectors.patch 0029-jailhouse-ivshmem-net-Switch-to-relative-descriptor-.patch 0006-jailhouse-uio-Enable-read-only-mappings.patch 0030-jailhouse-ivshmem-net-Switch-to-pci_alloc_irq_vector.patch 0007-jailhouse-ivshmem-Add-header-file.patch 0031-jailhouse-ivshmem-net-fill-in-and-check-used-descrip.patch 0008-jailhouse-uio-Add-driver-for-inter-VM-shared-memory-.patch 0032-jailhouse-ivshmem-net-slightly-improve-debug-output.patch 0009-Revert-jailhouse-ivshmem-Add-header-file.patch 0033-jailhouse-ivshmem-net-set-and-check-descriptor-flags.patch 0010-jailhouse-ivshmem-Add-header-file.patch 0034-jailhouse-ivshmem-net-add-MAC-changing-interface.patch 0011-jailhouse-WIP-virtio-Add-virtio-over-ivshmem-transpo.patch 0035-jailhouse-ivshmem-net-Silence-compiler-warning.patch 0012-jailhouse-virtio-ivshmem-check-peer_state-early.patch 0036-jailhouse-ivshmem-net-Fix-bogus-transition-to-RESET-.patch 0013-jailhouse-WIP-tools-Add-virtio-ivshmem-console-demo.patch 0037-jailhouse-ivshmem-net-Refactor-and-comment.patch 0014-jailhouse-WIP-tools-Add-virtio-ivshmem-block-demo.patch 0038-jailhouse-ivshmem-net-Switch-to-netdev_xmit_more-hel.patch 0015-jailhouse-mm-vmalloc-Export-__get_vm_area_caller.patch 0039-jailhouse-ivshmem-net-Adjust-to-reworked-version-of-.patch 0016-jailhouse-x86-Export-lapic_timer_period.patch 0040-jailhouse-ivshmem-net-Fix-and-rework-MTU-configurati.patch 0017-jailhouse-arm64-dts-marvell-armada-37xx-Set-pci-doma.patch 0041-jailhouse-ivshmem-net-Mark-vring_used_event-access-R.patch 0018-jailhouse-arm64-dts-marvell-armada-8030-mcbin-Set-pc.patch 0042-jailhouse-ivshmem-net-Simplify-interface-of-ivshm_ne.patch 0019-jailhouse-PCI-portdrv-Do-not-setup-up-IRQs-if-there-.patch 0043-jailhouse-ivshmem-net-Fix-TX-queue-locking-and-plug-.patch 0020-jailhouse-ivshmem-net-virtual-network-device-for-Jai.patch 0044-ivshmem-net-Synchronize-ivshm_net_state_change-again.patch 0021-jailhouse-ivshmem-net-Map-shmem-region-as-RAM.patch 0045-jailhouse-ivshmem-net-Fix-and-rework-carrier-managem.patch 0022-jailhouse-ivshmem-net-fix-race-in-state-machine.patch 0046-jailhouse-Revert-mm-vmalloc-Export-__get_vm_area_cal.patch 0023-jailhouse-ivshmem-net-Remove-unused-variable.patch 0047-jailhouse-config-open-jailhouse-feature.patch 0024-jailhouse-ivshmem-net-Enable-INTx.patch
合入补丁:
for i in jailhouse-patch/* ; do patch -p1 < $i ; done
主要修改文件如下:
modified: arch/arm64/kernel/hyp-stub.S modified: drivers/net/Kconfig modified: drivers/net/Makefile modified: drivers/pci/pcie/portdrv_core.c modified: drivers/uio/Kconfig modified: drivers/uio/Makefile modified: drivers/uio/uio.c modified: drivers/virt/Kconfig modified: drivers/virt/Makefile modified: drivers/virtio/Kconfig modified: drivers/virtio/Makefile modified: include/linux/pci_ids.h modified: include/linux/uio_driver.h modified: mm/ioremap.c modified: tools/virtio/Makefile drivers/net/ivshmem-net.c drivers/uio/uio_ivshmem.c drivers/virt/jailhouse_dbgcon.c drivers/virtio/virtio_ivshmem.c include/linux/ivshmem.h tools/virtio/virtio-ivshmem-block.c tools/virtio/virtio-ivshmem-console.c
编译内核
make ARCH=arm64 -j24
需要打开的配置
CONFIG_KALLSYMS_ALL=y CONFIG_KPROBES=y CONFIG_IVSHMEM_NET=y CONFIG_UIO_IVSHMEM=y CONFIG_JAILHOUSE_DBGCON=y CONFIG_VIRTIO_IVSHMEM=y
编译jailhouse模块
合入补丁
0001-driver-main-add-kprobe-for-kallsyms_lookup_name.patch
编译
make KDIR=../kernel/ DESTDIR=jailhouse-bin install
目标机
scp -r ./jailhouse-bin root@172.25.80.124:/ scp -r ./tools/jailhouse-bin root@172.25.80.124:/ scp -r ../kernel/jailhouse-bin/ root@172.25.80.124:/
运行
modprobe jailhouse
至此jailhouse移植完成了。
