zlacker

Show HN: microvm – a minimalist machine type for QEMU inspired by Firecracker

submitted by slpnix+(OP) on 2019-11-06 12:09:11 | 145 points 20 comments
[view article] [source] [go to bottom]

NOTE: showing posts with links only show all posts
◧◩
6. slpnix+eb3[view] [source] [discussion] 2019-11-07 15:19:57
>>maxmcd+Q63
That's correct. The initial versions of the microvm patch series did require KVM, but the one that got upstreamed does work with TCG [1], thanks to the QEMU's maintainers feedback.

That said, I'm not sure for which kind of use cases it would be useful to run it this way, as the performance won't be amazing. I find TCG acceleration mainly useful for debugging and foreign systems emulation.

[1] https://wiki.qemu.org/Documentation/TCG

◧◩◪
9. rrdhar+Jm3[view] [source] [discussion] 2019-11-07 16:30:23
>>slpnix+hX2
> QEMU... has a pretty good security record

That's an interesting and I would argue, contrarian take?

https://www.theregister.co.uk/2017/01/30/google_cloud_kicked...

"QEMU has a long track record of security bugs, such as VENOM, and it's unclear what vulnerabilities may still be lurking in the code."

◧◩◪
10. mato+6n3[view] [source] [discussion] 2019-11-07 16:33:06
>>slpnix+hX2
> In the end, KVM userspace VMMs (Virtual Machine Monitors) are learning from each other, giving users more options to choose from. Everybody wins.

Indeed. Nice to see that the cross-pollination is happening.

For folks interested in what can be accomplished with userspace VMMs, a very minimalist example is the Solo5 project (https://github.com/Solo5/solo5), specifically the 'hvt' tender.

◧◩◪◨
11. slpnix+kD3[view] [source] [discussion] 2019-11-07 18:11:31
>>rrdhar+Jm3
I think the slide 14 from the talk "Reports of my Bloat Have Been Greatly Exaggerated" [1] presented by Paolo Bonzini at KVM Forum 2019 gives some good perspective about QEMU's security track:

"Of the top 100 vulnerabilities reported for QEMU:

- 65 were not guest exploitable

- 3 were not in QEMU :)

- 5 did not affect x86 KVM guests

- 3 were not related to the C language

- Only 6 affected devices normally used for IaaS

The most recent of these 6 was reported in 2016"

The rest of this talk was also very interesting. I encourage everyone with 10 minutes to spare and an interest in VMMs to take a look at the slides.

[1] https://static.sched.com/hosted_files/kvmforum2019/c6/kvmfor...

◧◩◪◨⬒
18. stock_+dt4[view] [source] [discussion] 2019-11-08 00:15:11
>>voltag+Ae4
The zfs man pages (at least on FreeBSD) are actually pretty decent for finding command usage. The FreeBSD handbook[1] covers some typical usages.

[1]: https://www.freebsd.org/doc/handbook/zfs.html

◧◩◪◨⬒
19. gigate+jy5[view] [source] [discussion] 2019-11-08 15:29:06
>>voltag+Ae4
To be fair -- the docs for ZFS via the manpage are great but I found a lot of help also from forums of likeminded folks -- ServeTheHome (https://servethehome.com) is where I got hooked.

And then there are countless GitHub projects where the README.md file, which is usually first thing I read, that is super well documented and written for the noob (imo). The best example of that so far, especially for someone like me just getting started with the framework, is the gin Golang http framework: (https://github.com/gin-gonic/gin) -- that readme is full of useful examples.

◧◩◪
20. antpls+pD7[view] [source] [discussion] 2019-11-09 12:11:13
>>bloope+D23
Google does something similar: https://developers.google.com/season-of-docs/docs
[go to top]