firecracker-microvm / firecracker Goto Github PK

Add a virtual socket implementation for host - guest communication. VirtIO/VSOCK is a first option for this.

Understand the required initializations for a vm to boot (kernel offset in guest memory, registry initialization, ..)

We need to better understand the BIOS emulation purpose and its boot time impact.
https://github.com/bonzini/qboot
We will afterwards decide if we need a bios to boot or not.

Implement VirtIO network virtualization, based off the crosVM implementation.

Done when the guest OS can see & use a network device.

This is owned by the AL Distro team, but we may need to do work here. Current potential work items:

When running a VM, Firecracker must be an unprivileged, contained process. If it's started as root, it should drop privileges and jail it's self as soon as possible.

Emulate "Symmetric Multiprocessing" to support multiple CPUs.

With the unit test coverage tooling complete:

• define coverage targets for all crates, and
• bring unit test coverage up to par in existing crates.
  • #80 VirtIO
  • #85 Legacy devices
  • #86 KVM
  • #87 net_util
  • #95 sys_util

We need a minimal device model, and emulate:

• Real-Time Clock
• Power-Management
• UART, for the serial console (for development purposes, should be turned off in the release)

Time sys calls used by Lambda:

• clock_gettime(CLOCK_REALTIME)
• clock_gettime(CLOCK_MONOTONIC)
• gettimeofday()

Currently there is no mechanism for checking that the number of memory slots does not exceed the maximum allowed (from kvm api documentation, this can be done with KVM_CAP_NR_MEMSLOTS).

Currently, as part of the x86 configuration prior to booting the kernel, the floating point registers gets set up by calling KVM_GET_FPU and KVM_SET_FPU. After trying to alter the mxcsr and fcw registers, the only one that gets set is the fcw. Only when the order of the mxcsr in the kvm structure is changed by bringing it closer to fcw, its value gets set.

Remove memory allocation and code not related to kvm kernel module interface from the crate.

Currently for setting the lapic state registers we use std::mem::transmute. Based on the documentation: 'transmute is incredibly unsafe. There are a vast number of ways to cause undefined behavior with this function. transmute should be the absolute last resort'. Moreover, when trying to set the APIC_LVT0 register inside a zeroed out array, rust-gdb does not show any change in the registers array.

To begin with, customers will expect to boot their current Amazon Linux images (or a modified version there-of).

Should be MiB instead of MB.

As per the virtio 1.0 specification, the maximum queue size has to be a power of 2 and be less then 32768 (see chapter 2.4 Virtqueues). Insert a check when creating a new queue that makes sure the specification is followed.

Use uncompressed kernel image.
No device emulation.

Currently the device manager starts off with a memory base address which gets incremented with every mmio device registration. There is no limit enforcement on the space the device manager could use for that. Investigate and possibly fix if memory overlaps are possible.

• Figure out how to pass file descriptors atomically within the API message.
• Do a short PoC on the mechanism.
• Investigate and PoC the mechanism using RUST.

We will need network and storage rate limiting since we don't trust the guests (CPU is handled by c-groups).

• Change current PoC to use timer_fd as a source for refreshing the token buckets when limiter is at capacity (while not at capacity – when budget is still available – buckets are refreshed without the use of an external timer, it is done in the transaction processing flow). TimerFDs are a linux kernel feature and have a C interface so either use an external rust crate, or implement our own. Will try to find an external crate of high quality that also suits our needs.
• Design and refactor the currently very hacky PoC to end up with proper/clean Block IO rate limiting.
• Block IO rate limiting proper implementation might spill into this week as well.
• Implement Network rate limiting – once we get the current design and code right for Block IO rate-limiting, network implementation should be smooth.

Emulate the "Advanced Configuration and Power Interface" to support power management features.

The current fallback clocksource of the kernel is 'tsc' which counts the number of cycles since reset. As a consequence, 'busybox date' is incorrect (constant). By enabling kvm clock we should obtain a synchronized date with the host.

Currently the access modifier of the 'size' member of a virtqueue could lead to the maximum size becoming smaller than its actual size which would in turn invalidate the queue (effect: unlimited number of error messages).
Explicitly check that the size does not exceed max_size before setting it.
We should also put a limit on the number of messages displayed in case queue becomes invalid. See is_valid function from virtio/queue.rs.

Via our CI system, ensure that PR/Merge actions are preceded by:

• Successful build.
• Unit testing.
• Rust FMT.

Outcome:

• create VM with KVM & assign memory;

• do interrupt emulation;

• boot a basic guest Kernel image + qboot;

• fake a serial console.

• #17

Firecracker is controlled via a RESTful API.

• Figure out how to pass file descriptors atomically within the API message. #14
• Create API definition #4
• Implement the application program interface #15

Implement VirtIO storage virtualization, based off the crosVM implementation.

Done when the guest OS can see & use a block storage device

The minimal Linux kernel config we have been using so far does not have the relevant VIRTIO options enabled. Moreover, simply adding these options does not lead to a successful boot for a simple filesystem image created with deboostrap.

The boot process completes successfully for a larger config file (such as the one created by make defconfig + VIRTIO options), but we would like to disable all unnecessary features (or as many of them as possible).

• Identify API needs and design a model for interacting with firecracker's resources
• Ramp-up on swagger
• Describe the API using swagger (OpenAPI Specification)

The crosvm device model uses one control thread per each VIRTIO device. We want to move this logic to a single thread, which handles all devices.

Prints output to stdout.

The current polling mechanism is poll() which has the following disadvantages:

• copies the used fd set each time poll() is called
• cannot pass private data per fd

We should use epoll to overcome these problems.

Definition of done:

• Have the vmm use epoll() for the async loop.

[ ] #27 BIOS emulation
[ ] #28 Implement the boot protocol for linux kernel compressed images