vilvo
commented
1 year ago Given the know issues with Linux PIDs http://catern.com/process.html for VM IDs,
study pidfd usage - https://lwn.net/Articles/794707/
Open vilvo opened 1 year ago
vilvo
commented
1 year ago Given the know issues with Linux PIDs http://catern.com/process.html for VM IDs,
study pidfd usage - https://lwn.net/Articles/794707/
juliuskoskela
commented
1 year ago In our API we need a method of identifying a virtual machine. The ID should preferably be an integer which is passed as part of a path vm/info/{id}. We prefer a stateless approach where we don't store any VM state on the vmd server or have persistently stored VM identifiers outside host kernel or VMMs launching the VMs. A VmId will be valid for the lifecycle of the VM but not across restarts.
Process IDs or PIDs have problems summarized in http://catern.com/process.html more broadly. What is of specific interest to us is how to uniquely identify processes (representing virtual machines) on the system, which in turn relates to the following statement in the linked article:
Rather than use secure identifiers for processes (such as a file descriptor), global process identifiers (pids) separate names from authority, making it possible to confuse one process for another.
Furthermore using file descriptors as identifiers doesn't work because a child process could inherit it's parent's file descriptor.
In the linked article the proposed solution is a rather new kernel feature called pidfd.
This solution should give us the required identifier and is thus proposed as the solution for creating a VmId in the vmd system.
juliuskoskela
commented
1 year ago Rust standard library has an unstable nightly feature for working with pidfd's https://doc.rust-lang.org/std/os/linux/process/struct.PidFd.html
_Originally posted by @vilvo in https://github.com/tiiuae/vmd/pull/24#discussion_r1145953192_