New CI artifacts #3896
Merged
New CI artifacts #3896
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pb8o
added
the
Status: Awaiting author
pb8o
force-pushed
the
new-ci-artifacts
branch
3 times, most recently
from
d73c668 to
c299a6c
Compare
roypat
reviewed
Jul 7, 2023
pb8o
force-pushed
the
new-ci-artifacts
branch
23 times, most recently
from
105cb5a to
6d07d64
Compare
Add some abstractions and functions around the snapshotting process. This is something that otherwise gets repeated over and over in integration tests, and makes debugging tests hard. Cleaning up existing tests is left over to the next changes in the series. Signed-off-by: Pablo Barbáchano <[email protected]>
Add a new script to regenerate the CI artifacts. This includes: - Latest stable Linux kernels - Latest rootfs (Ubuntu 22.04) Signed-off-by: Pablo Barbáchano <[email protected]>
When running with an Ubuntu 22.04 rootfs, vsock_helper can hang and never exit. Fixed it by also closing STDERR when daemonizing. Signed-off-by: Pablo Barbáchano <[email protected]>
These options are needed for testing virtio-rng support. Signed-off-by: Pablo Barbáchano <[email protected]>
Also save a copy of the kernel config. Signed-off-by: Pablo Barbáchano <[email protected]>
microvm capabilities was an interesting idea that is not used in practice. The tests now assume all data is local. To ensure that we fetch all files that could be needed from S3 before running the tests. Also, update to use new artifacts. - Changes to paths since we are moving some custom binaries and scripts. - Changes due to the new rootfs being read-only (squashfs) Changes due to migrating from Ubuntu 18.04 to Ubuntu 22.04, like cpuid output differences. Signed-off-by: Pablo Barbáchano <[email protected]>
All the functionality has been moved to the Microvm class and fixtures. Signed-off-by: Pablo Barbáchano <[email protected]>
Firecracker releases up to 1.3.3 do not pass CPU information in a way that can cause a crash in the Ubuntu 22.04 rootfs. This was fixed in 8dab78b, but not released in the 1.2 branch. Skip the test as 1.2 will be out of support soon. Signed-off-by: Pablo Barbáchano <[email protected]>
This does not mean the guest is vulnerable, just that we don't give
enough information to the guest to tell if it is vulnerable ot not. The
docs[1] say that
'Vulnerable: Clear CPU buffers attempted, no microcode':
The processor is vulnerable, but microcode is not updated. The
mitigation is enabled on a best effort basis.
We may not want to pass-through the microcode to the guest, as that
could be leveraged by an attacker.
[1]: https://www.kernel.org/doc/html/next/admin-guide/hw-vuln/processor_mmio_stale_data.html
Signed-off-by: Pablo Barbáchano <[email protected]>
This is a temporary measure until we can migrate the tests that don't pass with the new artifacts. Signed-off-by: Pablo Barbáchano <[email protected]>
Looks like the text_offset was changes in recent stable kernel versions, and that is reflected in the PC register prior to booting the VM. Signed-off-by: Pablo Barbáchano <[email protected]>
Due to the new guest kernel versions, the MSRs seen by the guest are different. The only difference is MSR_IA32_SPEC_CTRL[1], which passes IBRS information in bit 0 now. [1]: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/cpuid-enumeration-and-architectural-msrs.html Signed-off-by: Pablo Barbáchano <[email protected]>
That way to take new baselines we can just take them from a failed run rather than having to manually launch instances to run a single command. Signed-off-by: Pablo Barbáchano <[email protected]>
These destructors get called when the instance gets out of lexical scope, which makes some issues tricky to debug. We will cleanup at test teardown instead, and anyway everything gets deleted after the container exits. Signed-off-by: Pablo Barbáchano <[email protected]>
Add the source of the binary since it was missing, and include it in our rootfs images. This avoids the need for a separate initrd image. Signed-off-by: Pablo Barbáchano <[email protected]>
Get the data with the same command for host and guest, and avoid a file in the rootfs. Signed-off-by: Pablo Barbáchano <[email protected]>
Use busybox instead of a full Alpine image. This results in a much smaller image. In addition, we leverage `busybox devmem` command to write the magic boot value into MMIO, removing the need for `init.c`. Signed-off-by: Pablo Barbáchano <[email protected]>
The script will set up a TMPDIR and will copy the test artifacts to /srv so they can be hardlinked to save space and IO. Signed-off-by: Pablo Barbáchano <[email protected]>
Currently /srv is a Docker volume backed by an overlay filesystem on top of whatever the rootfs block device. The overlay filesystem is slow, so rather than having tests opt-in to using a ramfs, do this by default for all tests. This also simplifies the ramfs logic. Signed-off-by: Pablo Barbáchano <[email protected]>
We cannot just use the guest_kernel_4_14 fixture as st_core already depends on guest_kernel. Use indirect parametrization for the guest fixture as a workaround. Signed-off-by: Pablo Barbáchano <[email protected]>
zulinx86
force-pushed
the
new-ci-artifacts
branch
from
dcb6f4b to
934bdc9
Compare
|
pushed my change to pb8o/new-ci-artifacts with rebasing on top of HEAD of main. |
zulinx86
approved these changes
Aug 11, 2023
roypat
approved these changes
Aug 11, 2023
4 tasks
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
Refresh CI artifacts and adapt tests to work with the new kernels/rootfs
Reason
Our current rootfs is Ubuntu 18.04, which is EOL.
I don't understand how GitHub is doing the diffstat, but in my workspace it is:
License Acceptance
By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following
Developer Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.PR Checklist
CHANGELOG.md.TODOs link to an issue.rust-vmm.