Skip to content

Use mincore(2) to create diff snapshots without dirty page tracking #5274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Jul 16, 2025
Merged

Use mincore(2) to create diff snapshots without dirty page tracking #5274

merged 17 commits into from
Jul 16, 2025
+310 −287

Conversation

roypat
Copy link
Contributor

@roypat roypat commented Jun 19, 2025

Currently, Firecracker only supports creation of diff snapshots if dirty
page tracking is explicitly enabled. Allow creation of diff snapshots
even if it is not enabled, through the use of mincore(2). The mincore(2)
syscalls determines which pages of a VMA are "in core". For anonymous
mappings (as used by booted VMs without vhost-user devices), this refers
to all pages that are currently faulted in. For memfd (as used by booted
vms with vhost-user devices), this means all
pages that have been allocated into the memfd, regardless of whether
they were allocated through the VMA on which mincore(2) was called
(meaning creation of mincore-diff-snapshots will correctly account for
pages that were only touched by the vhost-user backend, but not by
Firecracker or KVM). For restored VMs, this means all pages of the
underlying snapshot file that have been faulted in.

Note that this only works if swap has been disabled, as pages currently
swapped to disk do not count as "in-core", yet obviously should be
included in a diff snapshot. If swap is used, dirty page tracking MUST
be enabled for diff snapshots to work correctly.

Compared to diff snapshots based on dirty page tracking, mincore-based
diff snapshots will be slightly larger. This is because dirty page
tracked diff snapshots only include pages that were actually written to,
while mincore-based snapshots will contain all pages that were accessed
at all, e.g. even if only for reading.

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

  • I have read and understand CONTRIBUTING.md.
  • I have run tools/devtool checkstyle to verify that the PR passes the
    automated style checks.
  • I have described what is done in these changes, why they are needed, and
    how they are solving the problem in a clear and encompassing way.
  • I have updated any relevant documentation (both in code and in the docs)
    in the PR.
  • I have mentioned all user-facing changes in CHANGELOG.md.
  • If a specific issue led to this PR, this PR closes the issue.
  • When making API changes, I have followed the
    Runbook for Firecracker API changes.
  • I have tested all new and changed functionalities in unit tests and/or
    integration tests.
  • I have linked an issue to every new TODO.
  • This functionality cannot be added in rust-vmm.

@roypat roypat force-pushed the mincore-diff-snapshots branch 5 times, most recently from 0622764 to 7379503 Compare June 19, 2025 14:29
@codecov Codecov
Copy link

codecov bot commented Jun 19, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 98.11321% with 1 line in your changes missing coverage. Please review.

Project coverage is 83.00%. Comparing base (4d11998) to head (be938eb).
Report is 14 commits behind head on main.

Files with missing lines Patch % Lines
src/vmm/src/vstate/vm.rs 97.87% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5274      +/-   ##
==========================================
+ Coverage   82.92%   83.00%   +0.08%     
==========================================
  Files         250      250              
  Lines       26844    26879      +35     
==========================================
+ Hits        22260    22312      +52     
+ Misses       4584     4567      -17
Flag Coverage Δ
5.10-c5n.metal 83.45% <98.11%> (+0.03%) ⬆️
5.10-m5n.metal 83.44% <98.11%> (+0.03%) ⬆️
5.10-m6a.metal 82.66% <98.11%> (+0.03%) ⬆️
5.10-m6g.metal 79.12% <30.18%> (-0.12%) ⬇️
5.10-m6i.metal 83.44% <98.11%> (+0.03%) ⬆️
5.10-m7a.metal-48xl 82.65% <98.11%> (?)
5.10-m7g.metal 79.12% <30.18%> (-0.12%) ⬇️
5.10-m7i.metal-24xl 83.41% <98.11%> (?)
5.10-m7i.metal-48xl 83.41% <98.11%> (?)
5.10-m8g.metal-24xl 79.12% <30.18%> (?)
5.10-m8g.metal-48xl 79.12% <30.18%> (?)
6.1-c5n.metal 83.50% <98.11%> (+0.03%) ⬆️
6.1-m5n.metal 83.50% <98.11%> (+0.03%) ⬆️
6.1-m6a.metal 82.72% <98.11%> (+0.04%) ⬆️
6.1-m6g.metal 79.12% <30.18%> (-0.11%) ⬇️
6.1-m6i.metal 83.49% <98.11%> (+0.03%) ⬆️
6.1-m7a.metal-48xl 82.70% <98.11%> (?)
6.1-m7g.metal 79.12% <30.18%> (-0.12%) ⬇️
6.1-m7i.metal-24xl 83.51% <98.11%> (?)
6.1-m7i.metal-48xl 83.51% <98.11%> (?)
6.1-m8g.metal-24xl 79.12% <30.18%> (?)
6.1-m8g.metal-48xl 79.12% <30.18%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@roypat roypat force-pushed the mincore-diff-snapshots branch 9 times, most recently from 65690d4 to 9429bc6 Compare June 25, 2025 06:53
@roypat roypat added the Status: Awaiting review Indicates that a pull request is ready to be reviewed label Jul 2, 2025
@roypat roypat force-pushed the mincore-diff-snapshots branch from 20e2ca8 to 2fe1ba9 Compare July 2, 2025 10:40
@roypat roypat marked this pull request as ready for review July 2, 2025 12:49
@roypat roypat moved this to Coming Soon in Firecracker Roadmap Jul 2, 2025
@roypat roypat added the Roadmap: Tracked Items tracked on the roadmap project. label Jul 2, 2025
Manciukic
Manciukic reviewed Jul 8, 2025
View reviewed changes
Manciukic
Manciukic reviewed Jul 8, 2025
View reviewed changes
@roypat roypat force-pushed the mincore-diff-snapshots branch 2 times, most recently from c5a6f74 to fbb2e4d Compare July 8, 2025 13:42
@zulinx86 zulinx86 self-requested a review July 10, 2025 08:46
@roypat roypat force-pushed the mincore-diff-snapshots branch from f20dff0 to 31e6169 Compare July 11, 2025 09:30
@roypat roypat requested a review from Manciukic July 11, 2025 09:33
@roypat roypat force-pushed the mincore-diff-snapshots branch from 31e6169 to 5199aa0 Compare July 11, 2025 09:43
zulinx86
zulinx86 reviewed Jul 14, 2025
View reviewed changes
zulinx86
zulinx86 reviewed Jul 14, 2025
View reviewed changes
@roypat roypat force-pushed the mincore-diff-snapshots branch from f61fb5b to 658de5a Compare July 14, 2025 09:36
roypat added 14 commits July 14, 2025 10:36
@roypat
doc: specify that diff snapshots produce sparse files
9999d13 
Include a sentence about diff snapshots producing sparse files in our
snapshot documentation.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
doc: remove rebase-snap instructions from documentation
5447fa5 
The rebase-snap tool is deprecated and snapshot-editor should be used.
Since the two ways of merging snapshot files are completely equivalent,
let's remove the rebase-snap instructions and only keep the
snapshot-editor ones, to avoid people using deprecated tools.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
Use mincore(2) to create diff snapshots without dirty page tracking
0cda1c6 
Currently, Firecracker only supports creation of diff snapshots if dirty
page tracking is explicitly enabled. Allow creation of diff snapshots
even if it is not enabled, through the use of mincore(2). The mincore(2)
syscalls determines which pages of a VMA are "in core". For anonymous
mappings (as used by booted VMs without vhost-user devices), this refers
to all pages that are currently faulted in. For memfd (as used by booted
vms with vhost-user devices), this means all
pages that have been allocated into the memfd, regardless of whether
they were allocated through the VMA on which mincore(2) was called
(meaning creation of mincore-diff-snapshots will correctly account for
pages that were only touched by the vhost-user backend, but not by
Firecracker or KVM). For restored VMs, this means all pages of the
underlying snapshot file that have been faulted in.

Note that this only works if swap has been disabled, as pages currently
swapped to disk do not count as "in-core", yet obviously should be
included in a diff snapshot. If swap is used, dirty page tracking MUST
be enabled for diff snapshots to work correctly.

Compared to diff snapshots based on dirty page tracking, mincore-based
diff snapshots will be slightly larger. This is because dirty page
tracked diff snapshots only include pages that were actually written to,
while mincore-based snapshots will contain all pages that were accessed
at all, e.g. even if only for reading.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
rename enable_diff_snapshots API paramter to track_dirty_pages
270bc5b 
We have two different API parameters that do the same thing in two
different APIs: For booted VMs, we enable KVM dirty page tracking by
setting track_dirty_pages to true in /machine-config. For resumed VMs,
we enable KVM dirty page tracking by setting enable_diff_snapshots to
true in /snapshot/load. Apart from being inconsistent for no reason, one
of these is very badly named: With support for diff snapshots without
dirty page tracking, enable_diff_snapshots is a misnomer, because
setting it to false will still allow us to do diff snapshots, it'll just
fall back to mincore.

Rename enable_diff_snapshots to track_dirty_pages, so we're consistent
and also so that the parameter reflects what is actually happening. Go
through the whole deprecation cycle of deprecating enable_diff_snapshots
and adding the new track_dirty_pages parameter at the same time. We will
need to remove enable_diff_snapshots in 2.0

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
doc: document mincore-based diff snapshots
fd3076e 
Document that diff snapshots can work even without dirty page tracking,
and what the drawbacks of this are (bigger snapshots, no swap support).

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
refactor(test): Eliminate Snapshot.is_diff
4b74c7c 
We were using this property as a proxy for two things: "Does this
snapshot rebase rebasing before resumptions?" and "do I need to enable
dirty page tracking to create another snapshot of this type?". With
mincore-snapshots, these two questions are no longer equivalent (mincore
snapshots need rebase, but do _not_ need dirty page tracking), so
untangle this property into two properties.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
refactor(test): Stop SnapshotType being a str enum
7d0e51f 
With support for "mincore diff snapshots", we'll have two snapshot types
that map to "diff" in the firecracker API, so the enum can no longer be
string based. Instead just have a property that translates to
Firecracker API types.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
refactor(test): stop accepting string in make_snapshot
3309ef5 
Just always demand the enum. The internal conversion from str to enum
now doesnt work anymore with the enum no longer being str-based.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
fix(test): clean up some open coded == SnapshotType.DIFF comparisons
0b1cf86 
Have them use the correct needs_rebase/needs_dirty_tracking helpers
instead.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
test: run all parametrized snapshot tests with mincore snapshots
969446c 
Now that the test framework correctly differentiates between the need
for rebase and the need for dirty page tracking, start running tests
with mincore snapshots.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
test: unify hugepage snapshot testing
1d412e5 
Just have a single test that is parametrized by snapshot type. This will
then automatically also test mincore diff snapshots.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
fix(doc): Improve accurancy of snapshot documentation
288e5db 
Fix various minor errors:
- Drop some specifics on the cgroups v1 disclaimer, because all
  supported host kernel versions are "5.4+"
- Do not claim that creating a snapshot has no effect on the running
  VM, because that's not true.
- Cut down on some repeated and confusing information / examples near
  the end.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
doc: include interaction of dirty page tracking with hugepages
49e1d53 
Extend the limitation section of the huge pages docs to include a note
about how dirty page tracking negates the benefits of huge pages.

Also add a cross-reference to the diff snapshot docs.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat
fix(doc): do not claim guest memory is always fd based
4cdcc76 
At the time of writing the docs, that was temporarily the case in
v1.6.0, but was reverted in scenarios where no vhost-user devices are
attached due to performance regressions.

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@roypat roypat force-pushed the mincore-diff-snapshots branch from 658de5a to 4cdcc76 Compare July 14, 2025 09:36
zulinx86
zulinx86 approved these changes Jul 14, 2025
View reviewed changes
Copy link
Contributor

@zulinx86 zulinx86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@roypat roypat enabled auto-merge (rebase) July 15, 2025 13:25
@roypat roypat merged commit ea87024 into firecracker-microvm:main Jul 16, 2025
7 checks passed
@github-project-automation github-project-automation bot moved this from Coming Soon to Shipped in Firecracker Roadmap Jul 16, 2025
@roypat roypat moved this from Shipped to Coming Soon in Firecracker Roadmap Jul 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Manciukic Manciukic Manciukic approved these changes

@zulinx86 zulinx86 zulinx86 approved these changes

@xmarcalx xmarcalx Awaiting requested review from xmarcalx xmarcalx is a code owner

@kalyazin kalyazin Awaiting requested review from kalyazin kalyazin is a code owner

@pb8o pb8o Awaiting requested review from pb8o pb8o is a code owner

Assignees
No one assigned
Labels
Roadmap: Tracked Items tracked on the roadmap project. Status: Awaiting review Indicates that a pull request is ready to be reviewed
Projects
Firecracker Roadmap
Status: Coming Soon
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@roypat @zulinx86 @Manciukic