[Snaps] #snapsafe support via VMGenID on ACPI

[raduweiss]

Feature Tracker

This is a feature tracking issue for the work to enable Firecracker users to safely and efficiently use snapshots [1] by adding VMGenId counter as a back-end to SysGenID [2].

Describe the desired solution

We are starting by researching how to implement VMGenID via ACPI but without adding PCI support to Firecracker.

Describe possible alternatives

We will look at other options if VMGenId via ACPI is not feasible for some reason.

If we don't implement this, Linux guests can still drive SysGenId from users-space, though this may not work for all use cases, and induces latency upon snapshot restore.

Additional context

See [1] and [2].

Checks

• Have you searched the Firecracker Issues database for similar requests?
• Have you read all the existing relevant Firecracker documentation?
• Have you read and understood Firecracker's core tenets?

[1] https://github.com/firecracker-microvm/firecracker/blob/master/docs/snapshotting/snapshot-support.md#snapshot-security-and-uniqueness
[2] https://www.spinics.net/lists/kernel/msg3842154.html; https://www.spinics.net/lists/kernel/msg3842155.html; https://www.spinics.net/lists/kernel/msg3842157.html

[bchalios]

After long discussions, we are focusing into supporting #snapsafety through an extension on the virtio-rng device[1] which will allow VMM to report snapshot-related events to guests.

We have in-flight an RFC patch for supporting this in the Linux kernel [2] which is currently under discussion with the community and a PoC[3] that implements this in Firecracker.

[1] https://www.mail-archive.com/virtio-dev@lists.oasis-open.org/msg09016.html
[2] https://lore.kernel.org/lkml/20230131145543.86369-1-bchalios@amazon.es/
[3] https://github.com/bchalios/firecracker/tree/feat_snapsafety

[JonathanWoollett-Light]

We are still working on it, re-opening to indicate this.

[zulinx86]

ACPI support may solve issue #1601.