Protect muvm-server, spawn one as root and monitor available host memory#89
Merged
slp merged 3 commits intoAsahiLinux:mainfrom Oct 31, 2024
Merged
Protect muvm-server, spawn one as root and monitor available host memory#89slp merged 3 commits intoAsahiLinux:mainfrom
slp merged 3 commits intoAsahiLinux:mainfrom
Conversation
slp
requested review from
alyssarosenzweig,
hoshinolina and
teohhanhui
as code owners
teohhanhui
reviewed
Oct 16, 2024
teohhanhui
reviewed
Oct 16, 2024
teohhanhui
reviewed
Oct 16, 2024
teohhanhui
reviewed
Oct 16, 2024
teohhanhui
reviewed
Oct 16, 2024
slp
force-pushed
the
muvm-root-server
branch
3 times, most recently
from
158d03a to
3567018
Compare
alyssarosenzweig
approved these changes
Oct 29, 2024
Member
alyssarosenzweig
left a comment
alyssarosenzweig
left a comment
There was a problem hiding this comment.
lgtm, but probably should get review/testing from someone more rust-brained
Collaborator
|
Will take another look... 🙇 |
teohhanhui
reviewed
Oct 30, 2024
teohhanhui
reviewed
Oct 30, 2024
teohhanhui
reviewed
Oct 30, 2024
While our threat model targets single user systems, let's at least protect muvm-server with an authentication cookie, so only the user creating the microVM (and root) can access it. The cookie is stored in the lockfile, instead of the server port (this was useless in practice and generated confusion as could override the command line). The lockfile is located in XDG_RUNTIME_DIR, which in properly configured systems is only accessible to its owner. Signed-off-by: Sergio Lopez <slp@redhat.com>
Being able to run commands as root comes handy to debug the guest and will also be used to tune the virtual memory parameters on demand. Signed-off-by: Sergio Lopez <slp@redhat.com>
This monitor checks the ratio of memory available on the host and, if needed, contacts the VM (through muvm-server) to adjust /proc/sys/vm/watermark_scale_factor and, if the situation is critical, to request it to drop its caches. Signed-off-by: Sergio Lopez <slp@redhat.com>
teohhanhui
approved these changes
Oct 31, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The goal of this PR is to enable muvm to request the guest to adjust its file system cache goals accordingly to the amount of available memory on the host.
The first two commits just set the infrastructure, first by adding some minimal protection to muvm-server, and then spawning a second instance of it as root (we need this to operate in "/proc/sys/vm", but surely will come handy for many other things).
The latter implements the monitor and the ability to request the guest to adjust watermark_scale_factor as needed, or even to drop its pagecache if the situation is critical.