Skip to content

v0.15.0

Choose a tag to compare

View all tags
@clemlesne clemlesne released this 24 Feb 20:13
· 231 commits to main since this release
v0.15.0
6b1463d

Highlights

Custom hardened kernel — Purpose-built Linux kernel with ~360+ unused subsystems disabled, CONFIG_MODULES=n (module loading syscall eliminated), and KSPP hardening enabled. Initramfs shrinks from ~500KB to ~80KB. Nested virtualization blocked on x86_64.

Phased boot pipeline — Boot restructured into staged phases. Ping-ready in ~10ms after guest-agent starts; network and zram deferred to background. Kernel cmdline tuned for fast boot.

Per-operation message routing — Every host↔guest request carries a UUID op_id with its own bounded queue. Eliminates cross-operation message contamination that caused intermittent 30s timeouts.

Performance

  • Bun idle CPU: ~25% → ~0% — Blocking libc.read() via FFI replaces busy-polling stdin reader. GC and heap tuning for tighter RSS.
  • gvproxy verification — UDP DNS probe replaces 6× fork/exec ping on boot path.
  • Orphan VM idle CPU: ~5% → ~1% — Higher backoff ceiling for disconnected guest-agent retry loops.
  • Python cold start — Deferred multiprocessing.pool import saves 30-80ms (warm) / 1-3s (cold). Adds Python 3.14 forkserver compatibility.
  • Balloon tuning — Inflate target 128→160MB, default memory 256→192MB. Resets on failure to prevent sustained CPU burn.

Bug Fixes

  • virtio-serial reconnection race — Probes guest readiness on reconnection to avoid ~50ms window where data was silently dropped, causing 30s timeouts.
  • Overlay pool isolation — PID-scoped pool directories prevent cross-process deletion races on restart.
  • Code validation routing — Invalid code returns ExecutionResult instead of raising exceptions.
  • SIGTERM graceful exit — Programs handling SIGTERM now return actual output and exit code instead of generic timeout.
  • Timeout unification — Centralized GUEST_REQUEST_TIMEOUT_SECONDS constant replaces scattered magic numbers.

Other

  • Warm pool readiness API (wait_until_ready()) replaces fixed sleeps in benchmarks.
  • Structured leveled logging in guest-agent and tiny-init.
  • Build cache invalidates on REPL script changes.
  • Tests skip gracefully without hardware acceleration.
  • README refreshed with current values and missing docs.

Full diff: v0.14.0...v0.15.0 — 58 files changed, +5,400 / -1,887

Assets 26
Loading