[Snaps] #snapsafe support via VMGenID on ACPI

[raduweiss]

Feature Tracker

This is a feature tracking issue for the work to enable Firecracker users to safely and efficiently use snapshots [1] by adding VMGenId counter as a back-end to SysGenID [2].

Describe the desired solution

We are starting by researching how to implement VMGenID via ACPI but without adding PCI support to Firecracker.

Describe possible alternatives

We will look at other options if VMGenId via ACPI is not feasible for some reason.

If we don't implement this, Linux guests can still drive SysGenId from users-space, though this may not work for all use cases, and induces latency upon snapshot restore.

Additional context

See [1] and [2].

Checks

• Have you searched the Firecracker Issues database for similar requests?
• Have you read all the existing relevant Firecracker documentation?
• Have you read and understood Firecracker's core tenets?

[1] https://github.com/firecracker-microvm/firecracker/blob/master/docs/snapshotting/snapshot-support.md#snapshot-security-and-uniqueness
[2] https://www.spinics.net/lists/kernel/msg3842154.html; https://www.spinics.net/lists/kernel/msg3842155.html; https://www.spinics.net/lists/kernel/msg3842157.html

[bchalios]

After long discussions, we are focusing into supporting #snapsafety through an extension on the virtio-rng device[1] which will allow VMM to report snapshot-related events to guests.

We have in-flight an RFC patch for supporting this in the Linux kernel [2] which is currently under discussion with the community and a PoC[3] that implements this in Firecracker.

[1] https://www.mail-archive.com/virtio-dev@lists.oasis-open.org/msg09016.html
[2] https://lore.kernel.org/lkml/20230131145543.86369-1-bchalios@amazon.es/
[3] https://github.com/bchalios/firecracker/tree/feat_snapsafety

[JonathanWoollett-Light]

We are still working on it, re-opening to indicate this.

[zulinx86]

ACPI support may solve issue #1601.

[bchalios]

PRs #4428 and #4487 added support for ACPI and VMGenID, respectively, on x86 platforms. Once we add support for kernel 6.1, Firecracker will officially support VMGenID on x86 platforms.

For Aarch64 systems, we went a different way. Since we already use Device Tree to boot Firecracker microVMs, we sent out a patch set to Linux: https://lore.kernel.org/lkml/20240419224020.780377-1-Jason@zx2c4.com/ that adds device tree bindings for the VMGenID device and extend the driver so that it can probe the device via them. This should land in Linux kernel 6.10.