Skip to content

secret_freedom: Use fixed size bounce buffer for loading kernel #5203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 8, 2025
Merged

secret_freedom: Use fixed size bounce buffer for loading kernel #5203

merged 1 commit into from
May 8, 2025

Conversation

roypat
Copy link
Contributor

@roypat roypat commented May 7, 2025

By using a MaybeBounce with N=0 we are allocating a bounce buffer that matches exactly the number of bytes that need to be copied into guest memory, e.g. the size of the kernel file. This is fairly expensive performance wise, and the spike in memory usage from the firecracker process is also unwanted. Thus, just use a 4096 byte fixed size buffer through which we repeatedly read+memcpy. This has slightly better performance (10ms faster for cold boots) and makes Firecracker's memory usage during InstanceStart go back into its O(1) bound.

Changes

...

Reason

...

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

  • I have read and understand CONTRIBUTING.md.
  • I have run tools/devtool checkstyle to verify that the PR passes the
    automated style checks.
  • I have described what is done in these changes, why they are needed, and
    how they are solving the problem in a clear and encompassing way.
  • I have updated any relevant documentation (both in code and in the docs)
    in the PR.
  • I have mentioned all user-facing changes in CHANGELOG.md.
  • If a specific issue led to this PR, this PR closes the issue.
  • When making API changes, I have followed the
    Runbook for Firecracker API changes.
  • I have tested all new and changed functionalities in unit tests and/or
    integration tests.
  • I have linked an issue to every new TODO.
  • This functionality cannot be added in rust-vmm.

@roypat
secret_freedom: Use fixed size bounce buffer for loading kernel
6383d04 
By using a MaybeBounce with N=0 we are allocating a bounce buffer that
matches exactly the number of bytes that need to be copied into guest
memory, e.g. the size of the kernel file. This is fairly expensive
performance wise, and the spike in memory usage from the firecracker
process is also unwanted. Thus, just use a 4096 byte fixed size buffer
through which we repeatedly read+memcpy.

Signed-off-by: Patrick Roy <[email protected]>
@roypat roypat requested review from kalyazin and JackThomson2 May 8, 2025 08:48
@roypat roypat merged commit c5eea10 into firecracker-microvm:feature/secret-hiding May 8, 2025
6 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kalyazin kalyazin kalyazin approved these changes

@JackThomson2 JackThomson2 JackThomson2 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@roypat @kalyazin @JackThomson2