Skip to content

small fixes for secret hiding CI patches #5243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: feature/secret-hiding
Choose a base branch
from
Draft

small fixes for secret hiding CI patches #5243

wants to merge 2 commits into from

Conversation

roypat
Copy link
Contributor

@roypat roypat commented Jun 3, 2025

  • workaround for kvm-clock
  • correctly clear private flag from free'd folios

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

  • I have read and understand CONTRIBUTING.md.
  • I have run tools/devtool checkstyle to verify that the PR passes the
    automated style checks.
  • I have described what is done in these changes, why they are needed, and
    how they are solving the problem in a clear and encompassing way.
  • I have updated any relevant documentation (both in code and in the docs)
    in the PR.
  • I have mentioned all user-facing changes in CHANGELOG.md.
  • If a specific issue led to this PR, this PR closes the issue.
  • When making API changes, I have followed the
    Runbook for Firecracker API changes.
  • I have tested all new and changed functionalities in unit tests and/or
    integration tests.
  • I have linked an issue to every new TODO.
  • This functionality cannot be added in rust-vmm.

@roypat
temporary workaround for secret-hidden kvm-clock
7f78d60 
Modify the kernel to do all kvm-clock related guest memory accesses
through userspace addreses, and drop various workarounds from
firecracker related to disabled kvm-clock.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat roypat marked this pull request as draft June 3, 2025 13:15
@codecov Codecov
Copy link

codecov bot commented Jun 3, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 1 line in your changes missing coverage. Please review.

Project coverage is 82.40%. Comparing base (00ac2f3) to head (650f256).

Files with missing lines Patch % Lines
src/vmm/src/builder.rs 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@                    Coverage Diff                    @@
##           feature/secret-hiding    #5243      +/-   ##
=========================================================
- Coverage                  82.52%   82.40%   -0.12%     
=========================================================
  Files                        250      250              
  Lines                      27386    27384       -2     
=========================================================
- Hits                       22599    22565      -34     
- Misses                      4787     4819      +32
Flag Coverage Δ
5.10-c5n.metal 82.77% <0.00%> (-0.14%) ⬇️
5.10-m5n.metal 82.77% <0.00%> (-0.13%) ⬇️
5.10-m6a.metal 82.10% <0.00%> (+<0.01%) ⬆️
5.10-m6g.metal 78.70% <ø> (ø)
5.10-m6i.metal 82.77% <0.00%> (-0.13%) ⬇️
5.10-m7a.metal-48xl 82.08% <0.00%> (ø)
5.10-m7g.metal 78.70% <ø> (ø)
5.10-m7i.metal-24xl 82.72% <0.00%> (-0.14%) ⬇️
5.10-m7i.metal-48xl 82.73% <0.00%> (-0.13%) ⬇️
5.10-m8g.metal-24xl 78.69% <ø> (ø)
5.10-m8g.metal-48xl 78.69% <ø> (ø)
6.1-c5n.metal 82.82% <0.00%> (-0.14%) ⬇️
6.1-m5n.metal 82.82% <0.00%> (-0.14%) ⬇️
6.1-m6a.metal 82.14% <0.00%> (ø)
6.1-m6g.metal 78.70% <ø> (ø)
6.1-m6i.metal 82.81% <0.00%> (-0.14%) ⬇️
6.1-m7a.metal-48xl 82.13% <0.00%> (ø)
6.1-m7g.metal 78.70% <ø> (ø)
6.1-m7i.metal-24xl 82.83% <0.00%> (-0.14%) ⬇️
6.1-m7i.metal-48xl 82.83% <0.00%> (-0.13%) ⬇️
6.1-m8g.metal-24xl 78.69% <ø> (ø)
6.1-m8g.metal-48xl 78.69% <ø> (ø)
6.14-c5n.metal 82.79% <0.00%> (-0.13%) ⬇️
6.14-m5n.metal 82.79% <0.00%> (-0.14%) ⬇️
6.14-m6a.metal 82.11% <0.00%> (ø)
6.14-m6g.metal 78.65% <ø> (ø)
6.14-m6i.metal 82.78% <0.00%> (-0.14%) ⬇️
6.14-m7a.metal-48xl 82.10% <0.00%> (ø)
6.14-m7g.metal 78.65% <ø> (-0.01%) ⬇️
6.14-m7i.metal-24xl 82.79% <0.00%> (-0.14%) ⬇️
6.14-m7i.metal-48xl 82.79% <0.00%> (-0.14%) ⬇️
6.14-m8g.metal-24xl 78.64% <ø> (-0.01%) ⬇️
6.14-m8g.metal-48xl 78.64% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@roypat roypat force-pushed the secret-free-clock branch 2 times, most recently from f0dd8e8 to c46b622 Compare June 3, 2025 13:58
@roypat
fix: clear private flag after freeing gmem folio
650f256 
Not clearing the private flag causes it to stick around after freeing,
potentially confusing subsequent users of the folio that assign meaning
to the private flag.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat roypat force-pushed the secret-free-clock branch from c46b622 to 650f256 Compare June 3, 2025 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@roypat