Support for VMGenID device on x86 microVMs #4487
Merged
Commits on Apr 9, 2024
-
refactor: avoid clones of GuestMemoryMmap when restoring MMIO devices
Use a reference to the GuestMemoryMmap rather than the object itself when restoring MMIO devices. This will avoid us a few clone() operations later on when we add support for restoring VMGenID, where we will need to pass information about the memory as well. Signed-off-by: Babis Chalios <bchalios@amazon.es>
-
acpi: add VMGenID support for x86_64
Add support for the Virtual Machine Generation ID (VMGenID) device that allows notifying the guest about snapshot resume events. The device itself allocates one page of guest memory and an IRQ line. It stores a 16 bytes cryptographically random number (generation ID) at the beginning of this page. Once the microVM resumes from a snapshot, it writes a new 16-byte generation ID and sends an interrupt to the device. Also add support for the Generic Event Device, an ACPI device which handles IRQ lines allocated to ACPI devices and routes them as ACPI notifications to the devices the belong to. VMGenID state is saved in Firecracker snapshots. This renders the current snapshot format incompatible with all previous snapshot versions. Bump snapshot version to 2.0.0 to reflect that. Signed-off-by: Babis Chalios <bchalios@amazon.es>
-
fix(test): set max device to 18 in test_max_devices
We now reserve one IRQ for the VMGenID device, so we have one less IRQ available for VirtIO devices. Signed-off-by: Babis Chalios <bchalios@amazon.es>
-
test: allow using 6.1 kernel in selected tests
At the moment, we filter out 6.1 guest kernel in all tests apart from PTP on Graviton. Add a new filter that allows select any kernel that exists in our CI artifacts folder and use it to create a pytest fixture for guest kernel 6.1, which works independently of the platform we run on. Signed-off-by: Babis Chalios <bchalios@amazon.es>
-
test(vmgenid): integration test for VMGenID kernel notification
Add an integration test that launches a microVM, snapshots it repeatedly and checks for the existence of the message that the kernel emits every time it receives the VMGenID notification. Signed-off-by: Babis Chalios <bchalios@amazon.es>
-
fix(test): wait for microVM to boot before snapshotting
In test_vulnerabilities.py we have various tests that check whether a condition holds after resuming from a snapshot. These checks seem to consistently fail if we take a snapshot before letting the guest kernel boot. Introduce an ssh command to ensure that the guest has booted before taking the snapshot so that we avoid the issue. Signed-off-by: Babis Chalios <bchalios@amazon.es>
-
acpi: add documentation about VMGenID
Extend our current documentation for snapshotting and entropy recommendations with context about VMGenID. Mention the available VMGenID features depending on Linux version and also provide recommendations for entropy on VM clones based on VMGenID availability. Also, add CHANGELOG entry for VMGenID support. Signed-off-by: Babis Chalios <bchalios@amazon.es>
-
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.