Add CPU template helper tool with CPU config dump feature #3586
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zulinx86
force-pushed
the
dump
branch
25 times, most recently
from
16d6f58
to
0439893
Compare
zulinx86
force-pushed
the
dump
branch
3 times, most recently
from
dda6c36
to
c242d29
Compare
In the previous commit, `KvmVcpu::dump_cpu_config()` for x86_64 was added for `VcpuEvent::DumpCpuConfig`. This commit adds one for aarch64. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
When ECX contains an invalid subleaf for leaf 0x4, EAX/EBX/ECX/EDX return 0. For invalid subleaves, the firecracker's modification should not be applied. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
Add a helper tool that make it easy to create and maintain custom CPU templates. Custom CPU template needs to be crafted carefully, because they give customers a great ability to modify CPU features exposed to guests that can result in guest crashes or undefined behaviors. As firecracker relies on KVM largely and does not have runtime checks for given custom CPU templates, customers have the responsiblity of their custom CPU templates. To allow customers to create and maintain as easily as possible, a helper tool is added as a separate binary from firecracker. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
Add a feature to dump CPU configuration exposed to guests in the custom CPU template JSON format. To create a custom CPU template, customers need to check and comprehend what CPU configuration are exposed to guests by default. Even after custom CPU template creation is done, it is required to monitor if the default CPU configuration has not been changed since its creation. By storing the dumped CPU configuration at the time of CPU template creation as a metadata and comparing it with the current one, customers can make sure that it has not been changed. The CPU configuration dump feature takes a config file same as firecracker, builds a microVM based on it by using `build_microvm_for_boot()` function from vmm crate, and sends `VcpuEvent::DumpCpuConfig` events to vCPUs to obtain CPU configuration. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
In the previous commit, the shared part of the CPU config dump command was added. This commit replaces a placeholder with the implementation of conversion from `&CpuConfiguration` to `CustomCpuTemplate`. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
The previous commit added the implementation of conversion from `&CpuConfiguration` to `CustomCpuTemplate` for x86_64. This commit adds one for aarch64. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
force-pushed
the
dump
branch
6 times, most recently
from
4115805
to
fe8fd04
Compare
Add a test that compares dumped CPU config and actual one (CPUID and MSRs) in order to check the CPU config dump feature of the helper tool works correctly. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
Firecracker / KVM changes can cause changes of CPU configs exposed to guests by default. To check our static CPU templates is still valid and avoid unintended firecracker behavioral changes, the new test verify the CPU configs has not changed since we gather baselines at the specific timing. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
Change pytest.approx() to semantically mean that `target - delta <= result <= target + delta`. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
Improve the baseline values for snapshot serialization / deserialization benchmark. The improvement comes from the reduction of zeroed empty CPUID entries. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
kalyazin
approved these changes
Apr 21, 2023
pb8o
approved these changes
Apr 24, 2023
zulinx86
merged commit 9893992
into
firecracker-microvm:feature/cpu-templates
1 check passed
4 tasks
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
May 30, 2023
Since the kernel 4.14.312 or older has a bug on KVM_GET_ONE_REG, we added a temporary mitigation to dump the right aarch64 core registers in PR firecracker-microvm#3586. Now that our CI is using 4.14.314 and there is enough time for users to update their kernel version until firecracker 1.5 release, this commit removes the temporary mitigation. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
5 tasks
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
May 30, 2023
Since the kernel 4.14.312 or older has a bug on KVM_GET_ONE_REG, we added a temporary mitigation to dump the right aarch64 core registers in PR firecracker-microvm#3586. Now that our CI is using 4.14.314 and there is enough time for users to update their kernel version until firecracker 1.5 release, this commit removes the temporary mitigation. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
May 30, 2023
Since the kernel 4.14.312 or older has a bug on KVM_GET_ONE_REG, we added a temporary mitigation to dump the right aarch64 core registers in PR firecracker-microvm#3586. Now that our CI is using 4.14.314 and there is enough time for users to update their kernel version until firecracker 1.5 release, this commit removes the temporary mitigation. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
added a commit
that referenced
this pull request
May 31, 2023
Since the kernel 4.14.312 or older has a bug on KVM_GET_ONE_REG, we added a temporary mitigation to dump the right aarch64 core registers in PR #3586. Now that our CI is using 4.14.314 and there is enough time for users to update their kernel version until firecracker 1.5 release, this commit removes the temporary mitigation. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
sladyn98
pushed a commit
to sladyn98/firecracker
that referenced
this pull request
Jun 19, 2023
Since the kernel 4.14.312 or older has a bug on KVM_GET_ONE_REG, we added a temporary mitigation to dump the right aarch64 core registers in PR firecracker-microvm#3586. Now that our CI is using 4.14.314 and there is enough time for users to update their kernel version until firecracker 1.5 release, this commit removes the temporary mitigation. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
ShadowCurse
pushed a commit
to ShadowCurse/firecracker
that referenced
this pull request
Jul 26, 2023
Since the kernel 4.14.312 or older has a bug on KVM_GET_ONE_REG, we added a temporary mitigation to dump the right aarch64 core registers in PR firecracker-microvm#3586. Now that our CI is using 4.14.314 and there is enough time for users to update their kernel version until firecracker 1.5 release, this commit removes the temporary mitigation. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
Reason
Custom CPU template feature brings customers an ability to define their own CPU templates. With the freedom (flexibility) comes responsibility to create and maintain CPU templates by themselves. A tool to help customers in the custom CPU template creation and maintenance process would be helpful.
A feature to dump CPU configuration exposed to guests is helpful for customers in the following two reasons. In the creation process, customers need to comprehend what CPU configuration is exposed to guests by default before deciding which CPU features to enable or disable with custom CPU templates. And in the maintenance process, as firecracker/KVM/BIOS updates might introduce changes of exposed CPU configuration, verifying the custom CPU templates are continuously working is important in the maintenance process and this can be done by checking whether CPU configuration has not been changed since the template creation.
License Acceptance
By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following
Developer Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.PR Checklist
[ ] If a specific issue led to this PR, this PR closes the issue.[ ] Any required documentation changes (code and docs) are included in this PR.=> Writing public documentation for the helper tool will be done in a follow-up PR.[ ] API changes follow the Runbook for Firecracker API changes.[ ] User-facing changes are mentioned in=> Will add descriptions for the helper tool in a follow-up PR.CHANGELOG.md.TODOs link to an issue.[ ] This functionality cannot be added inrust-vmm.