sameo

Create a guest VM

The VM is created, but not booted

#!/bin/bash

curl --unix-socket $1 -i \
     -X PUT 'http://localhost/api/v1/vm.create' \
     -H 'Accept: application/json'           \

sameo

With VFIO

               330      page-faults                                                 
        30,895,933      cache-misses                                                
         1,337,144      dTLB-load-misses                                            
         1,102,595      iTLB-load-misses                                            

      40.134168086 seconds time elapsed

sameo

VFIO

Not KVM bound. The VFIO API deconstructs a device into regions, irqs, etc. The userspace application (QEMU, cloud-hypervisor, etc..) is responsible for reconstructing it into a device for e.g. a guest VM to consume.

Boot with intel_iommu=on.

IOMMU groups

Devices are bound together for isolation, IOMMU capabilities and platform topology reasons. It is not configurable.

sameo

Measuring Firecracker boot time

Firecracker comes with an internal way of logging a timestamp that measures time elapsed between the very start of the guest VM and the moment a specific IO port has been written to.

That allows for marking specific moment along the boot process by having code writing to this port.

Artifacts build

Here we're going to measure the time it takes for a Firecracker guest VM to reach userspace. To do so we're going to build 3 components:

sameo

Configuration address space

On PCI, a 256 bytes configuration address space, made of 64x32 bits registers, is used to configure PCI devices.

The PCI configuration space contains the function's vendor and device IDs, but also the memory mapped regions description (BAR) the function will be able to use.

Access methods

I/O ports

This is the legacy method. Both PCI and PCI-e must support it.

sameo

Summary

• All legacy devices are BusDevices.
• A virtio MMIO or PCI device are BusDevicess. The BusDevice trait is used for BAR, config space.
• A virtio MMIO or PCI device encapsulate an actual virtio device (net, block, etc)

BusDevice

sameo

MmapRegion

MmapRegion is an mmap'ed memory region backed by volatile memory (RAM).

pub struct MmapRegion {
    addr: *mut u8,
    size: usize,
}

sameo

gometalinter --exclude="vendor/.*" --tests --exclude=".*\.pb\.go" --disable-all --enable=gofmt --concur
rency=2 --enable=misspell --enable=vet --enable=ineffassign --enable=gocyclo --cyclo-over=15 --enable=gol
int --deadline=600s --enable=structcheck --enable=unused --enable=staticcheck --enable=maligned --enable=
varcheck --enable=unconvert virtcontainers

sameo

Table Of Contents

• Kata Containers Storage
• Terminology
• Kata Containers Storage Architecture
• Containerd and CRI-O Storage Architecture
• Problem Statement For Kata Containers
• Proposed Solutions

Kata Containers Storage

sameo

• Sandbox Create
• Sandbox Start
• Sandbox Run
• Container Create
• Container Start

Sandbox Create

CreateSandbox