firecracker-microvm / firecracker Goto Github PK
View Code? Open in Web Editor NEWSecure and fast microVMs for serverless computing.
Home Page: http://firecracker-microvm.io
License: Apache License 2.0
Secure and fast microVMs for serverless computing.
Home Page: http://firecracker-microvm.io
License: Apache License 2.0
create VM with KVM & assign memory;
do interrupt emulation;
boot a basic guest Kernel image + qboot;
fake a serial console.
Add a virtual socket implementation for host - guest communication. VirtIO/VSOCK is a first option for this.
The current polling mechanism is poll() which has the following disadvantages:
We should use epoll to overcome these problems.
Definition of done:
Currently the access modifier of the 'size' member of a virtqueue could lead to the maximum size becoming smaller than its actual size which would in turn invalidate the queue (effect: unlimited number of error messages).
Explicitly check that the size does not exceed max_size before setting it.
We should also put a limit on the number of messages displayed in case queue becomes invalid. See is_valid function from virtio/queue.rs.
Use uncompressed kernel image.
No device emulation.
Currently, as part of the x86 configuration prior to booting the kernel, the floating point registers gets set up by calling KVM_GET_FPU and KVM_SET_FPU. After trying to alter the mxcsr and fcw registers, the only one that gets set is the fcw. Only when the order of the mxcsr in the kvm structure is changed by bringing it closer to fcw, its value gets set.
As per the virtio 1.0 specification, the maximum queue size has to be a power of 2 and be less then 32768 (see chapter 2.4 Virtqueues). Insert a check when creating a new queue that makes sure the specification is followed.
Currently the device manager starts off with a memory base address which gets incremented with every mmio device registration. There is no limit enforcement on the space the device manager could use for that. Investigate and possibly fix if memory overlaps are possible.
Emulate "Symmetric Multiprocessing" to support multiple CPUs.
Remove memory allocation and code not related to kvm kernel module interface from the crate.
Understand the required initializations for a vm to boot (kernel offset in guest memory, registry initialization, ..)
We need to better understand the BIOS emulation purpose and its boot time impact.
https://github.com/bonzini/qboot
We will afterwards decide if we need a bios to boot or not.
Via our CI system, ensure that PR/Merge actions are preceded by:
To begin with, customers will expect to boot their current Amazon Linux images (or a modified version there-of).
Time sys calls used by Lambda:
When running a VM, Firecracker must be an unprivileged, contained process. If it's started as root, it should drop privileges and jail it's self as soon as possible.
Implement VirtIO storage virtualization, based off the crosVM implementation.
Done when the guest OS can see & use a block storage device
Prints output to stdout.
We need a minimal device model, and emulate:
Currently for setting the lapic state registers we use std::mem::transmute. Based on the documentation: 'transmute is incredibly unsafe. There are a vast number of ways to cause undefined behavior with this function. transmute should be the absolute last resort'. Moreover, when trying to set the APIC_LVT0 register inside a zeroed out array, rust-gdb does not show any change in the registers array.
We will need network and storage rate limiting since we don't trust the guests (CPU is handled by c-groups).
The crosvm device model uses one control thread per each VIRTIO device. We want to move this logic to a single thread, which handles all devices.
The minimal Linux kernel config we have been using so far does not have the relevant VIRTIO options enabled. Moreover, simply adding these options does not lead to a successful boot for a simple filesystem image created with deboostrap.
The boot process completes successfully for a larger config file (such as the one created by make defconfig + VIRTIO options), but we would like to disable all unnecessary features (or as many of them as possible).
The current fallback clocksource of the kernel is 'tsc' which counts the number of cycles since reset. As a consequence, 'busybox date' is incorrect (constant). By enabling kvm clock we should obtain a synchronized date with the host.
Should be MiB instead of MB.
Currently there is no mechanism for checking that the number of memory slots does not exceed the maximum allowed (from kvm api documentation, this can be done with KVM_CAP_NR_MEMSLOTS).
Emulate the "Advanced Configuration and Power Interface" to support power management features.
This is owned by the AL Distro team, but we may need to do work here. Current potential work items:
Implement VirtIO network virtualization, based off the crosVM implementation.
Done when the guest OS can see & use a network device.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.