fork: hardlink snapshot mem-file into snapshot forks#221
Draft
sjmiller609 wants to merge 5 commits into
Draft
Conversation
When a Firecracker fork descends from a Template source, skip copying the snapshot mem-file and hardlink it to the source's instead. Firecracker mmaps the mem-file MAP_PRIVATE on restore, so all forks COW from the same backing inode — no per-fork copy required. Hardlink rather than symlink: firecracker's restore path temporarily aliases the source data dir to the fork data dir while loading the snapshot (withSnapshotSourceDirAlias). A symlink whose target traverses the source dir would resolve back into the fork dir during that window and trip ELOOP; a hardlink resolves by inode so the alias has no effect on it. Hardlinks require both paths on the same filesystem, which holds for our standard data-dir layout. Gated to Firecracker only because other hypervisors (cloud-hypervisor, qemu, vz) don't share MAP_PRIVATE semantics on their snapshot layouts. Restricted to Template sources because they are explicitly promoted as fork-only and can never be restored — sharing the mem-file with a non-Template source would let a later RestoreInstance mutate the file out from under live forks. Stacked on hypeship/template-as-state so the Template state both gates "this snapshot is safe to fan out from" and lets fork counts be derived at read time.
The two TestForkFirecracker* tests invoke forkInstanceFromStoppedOrStandby which needs a hypervisor VM starter — firecracker is linux-only, so these fail on darwin with 'no VM starter for hypervisor type: firecracker'. Split into _linux_test.go; leave the pure-helper TestInstallForkSharedMemFile_* tests cross-platform.
Snapshot forks copy the source guest dir into the fork instance dir; the dominant cost is the multi-GB mem-file. Hardlink it instead and skip the file from the directory walk via CopyOptions.SkipRelPaths (introduced for template forks). This is safe because: - snapshot mem-files are immutable - the hypervisor mmaps them MAP_PRIVATE on restore, so fork writes never reach the underlying file - hardlinks survive snapshot deletion via inode refcount, so a deleted snapshot never strands a running fork Falls back to the regular copy walk when no raw mem-file is present.
sjmiller609
force-pushed
the
hypeship/fork-shared-memfile
branch
from
d46be7a to
7b799f7
Compare
sjmiller609
force-pushed
the
hypeship/snapshot-fork-share-memfile
branch
from
6d875e1 to
06abd04
Compare
sjmiller609
force-pushed
the
hypeship/fork-shared-memfile
branch
from
7b799f7 to
355ad7f
Compare
sjmiller609
force-pushed
the
hypeship/snapshot-fork-share-memfile
branch
from
06abd04 to
13f3003
Compare
sjmiller609
force-pushed
the
hypeship/fork-shared-memfile
branch
from
355ad7f to
a45d471
Compare
sjmiller609
force-pushed
the
hypeship/snapshot-fork-share-memfile
branch
from
13f3003 to
7992660
Compare
sjmiller609
force-pushed
the
hypeship/fork-shared-memfile
branch
from
a45d471 to
8b0000c
Compare
sjmiller609
force-pushed
the
hypeship/snapshot-fork-share-memfile
branch
from
7992660 to
1bfb7a6
Compare
sjmiller609
force-pushed
the
hypeship/fork-shared-memfile
branch
2 times, most recently
from
0f0137b to
ac6bfde
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CopyOptions.SkipRelPaths, thenos.Link'd into place after the copy returns. Dodges the multi-GB sparse copy and the directory-walk overhead in one step.Why this is safe
MAP_PRIVATEon restore, so fork writes never reach the underlying file — all forks of a snapshot can share the same inode.Stack
hypeship/fork-shared-memfile(PR test: verify firecracker fork-from-snapshot CoW isolation #214) because that PR introducedCopyOptions.SkipRelPaths.share_memoryAPI.Test plan
go test ./lib/instances/ -run TestForkSnapshotHardlinksRawMemoryFilego test ./lib/instances/ -run TestForkSnapshotFromCompressedSourceCopiesRawMemorystill passes (compressed source still gets a real raw file in the fork)go test ./lib/forkvm/stat -c %imatches between the source mem-file and the fork's mem-file