virtio-pmem: fixes and improvements

[ShadowCurse]

Changes

• Validate descriptors len field to be 4 since the code expects this
• Cache msync result for better efficiency in case multiple flush requests are presented at once
• Add rate-limiter support

Reason

Edge case handling and addition of missing features

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

• I have read and understand CONTRIBUTING.md.
• I have run tools/devtool checkbuild --all to verify that the PR passes
  build checks on all supported architectures.
• I have run tools/devtool checkstyle to verify that the PR passes the
  automated style checks.
• I have described what is done in these changes, why they are needed, and
  how they are solving the problem in a clear and encompassing way.
• I have updated any relevant documentation (both in code and in the docs)
  in the PR.
• I have mentioned all user-facing changes in CHANGELOG.md.
• If a specific issue led to this PR, this PR closes the issue.
• When making API changes, I have followed the
  Runbook for Firecracker API changes.
• I have tested all new and changed functionalities in unit tests and/or
  integration tests.
• I have linked an issue to every new TODO.

---

• This functionality cannot be added in rust-vmm.

[codecov]

Codecov Report

❌ Patch coverage is 39.70588% with 82 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.88%. Comparing base (054b647) to head (90f29cf).

Files with missing lines	Patch %	Lines
src/vmm/src/devices/virtio/pmem/device.rs	46.15%	35 Missing ⚠️
src/vmm/src/rpc_interface.rs	0.00%	18 Missing ⚠️
src/vmm/src/lib.rs	0.00%	12 Missing ⚠️
src/firecracker/src/api_server/request/pmem.rs	60.86%	9 Missing ⚠️
src/vmm/src/devices/virtio/pmem/event_handler.rs	0.00%	8 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5789      +/-   ##
==========================================
- Coverage   83.07%   82.88%   -0.20%     
==========================================
  Files         275      275              
  Lines       29462    29586     +124     
==========================================
+ Hits        24476    24522      +46     
- Misses       4986     5064      +78     

Flag	Coverage Δ
5.10-m5n.metal	83.19% <39.70%> (-0.23%)	⬇️
5.10-m6a.metal	82.52% <39.70%> (-0.23%)	⬇️
5.10-m6g.metal	79.77% <39.70%> (-0.21%)	⬇️
5.10-m6i.metal	83.19% <39.70%> (-0.22%)	⬇️
5.10-m7a.metal-48xl	82.50% <39.70%> (-0.23%)	⬇️
5.10-m7g.metal	79.78% <39.70%> (-0.21%)	⬇️
5.10-m7i.metal-24xl	83.16% <39.70%> (-0.23%)	⬇️
5.10-m7i.metal-48xl	83.16% <39.70%> (-0.23%)	⬇️
5.10-m8g.metal-24xl	79.77% <39.70%> (-0.21%)	⬇️
5.10-m8g.metal-48xl	79.77% <39.70%> (-0.21%)	⬇️
5.10-m8i.metal-48xl	83.16% <39.70%> (-0.22%)	⬇️
5.10-m8i.metal-96xl	83.17% <39.70%> (-0.22%)	⬇️
6.1-m5n.metal	83.22% <39.70%> (-0.21%)	⬇️
6.1-m6a.metal	82.54% <39.70%> (-0.24%)	⬇️
6.1-m6g.metal	79.77% <39.70%> (-0.21%)	⬇️
6.1-m6i.metal	83.21% <39.70%> (-0.22%)	⬇️
6.1-m7a.metal-48xl	82.53% <39.70%> (-0.22%)	⬇️
6.1-m7g.metal	79.77% <39.70%> (-0.21%)	⬇️
6.1-m7i.metal-24xl	83.23% <39.70%> (-0.22%)	⬇️
6.1-m7i.metal-48xl	83.23% <39.70%> (-0.22%)	⬇️
6.1-m8g.metal-24xl	79.77% <39.70%> (-0.21%)	⬇️
6.1-m8g.metal-48xl	79.77% <39.70%> (-0.21%)	⬇️
6.1-m8i.metal-48xl	83.23% <39.70%> (-0.22%)	⬇️
6.1-m8i.metal-96xl	83.23% <39.70%> (-0.22%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Manciukic]

the very first sentence is incorrect as we don't know how much each msync is going to flush. We should make it more clear that it applies the full file size at all times. Maybe we should start with that or not have a bw limiter at all for this.

Maybe more clear would be: "bandwidth — consumes tokens equal to the full backing file size for each msync call, effectively limiting how often dirty pages can be flushed to disk."

[ShadowCurse]

Updated the first sentence a bit.

[kalyazin]

what value does bandwidth actually add to the users (compared to ops) if it's imprecise? How would users know how to configure it properly?

[kalyazin]

ok, I saw the guidance we give in the doc, but still not entirely convinced bandwidth adds a value

[ShadowCurse]

our default rate-limiter configuration scheme is to give ability to set both (e.g. we use RateLimiterConfig everywhere) so at least for consistency it makes sense. Also I think bandwidth maybe makes more sense since figuring out how much requests guest sends (for any device at this point) is a questionable business, but bandwidth is something people is more used to thinking about.

[kalyazin]

Yes, uniformity here is an argument for me. Users can choose whatever they are more comfortable with.

[Manciukic]

we're consuming tokens before even knowing if there's an item in the queue to process

[ShadowCurse]

Considering there is only one valid type of request, I think this is fine. Valid guests will only notify if there is something for us to process.

[Manciukic]

FC notifies on resume irrespectively on whether there's a request or not in the queue

[ShadowCurse]

ok, moved these checks past the queue processing step, before the notification.

[kalyazin]

does it mean that users can't remove the rate limiter later on? Other devices seem to allow that.

[ShadowCurse]

What do you mean? The description here seems to be same as for other devices. Pmem logic for updating rate-limiter is same as for other devices.

[kalyazin]

What I mean is, for example, block doesn't make rate limiter required:

  PartialDrive:
    type: object
    required:
      - drive_id
    properties:
      drive_id:
        type: string
      path_on_host:
        type: string
        description:
          Host level path for the guest drive.
          This field is optional for virtio-block config and should be omitted for vhost-user-block configuration.
      rate_limiter:
        $ref: "#/definitions/RateLimiter"

while pmem does:

  PartialPmem:
    type: object
    description:
      Defines a partial pmem device structure, used to update the rate limiter
      for that device, after microvm start.
    required:
      - id
      - rate_limiter <==== here
    properties:
      id:
        type: string
      rate_limiter:
        $ref: "#/definitions/RateLimiter"

[ShadowCurse]

oh, this is simply because rate-limiter is the only thing that can be changed. There is no reason to PATCH it if not to change the rate-limiter. For other devices I was looking at the ...UpdateConfig types and since there are always a couple things that can change there it makes sense to make them optional. Do you think we should allow empty PATCH requests for pmem?

[kalyazin]

I'm just thinking it could be the only way to disable the rate limiter later on. Not sure if it's a common use case though. Would probably make sense to keep it on par with other devices in that sense.

[ShadowCurse]

ok, made it optional

[kalyazin]

we seem to have unittests for parse_put_pmem, but not for parse_patch_pmem

[ShadowCurse]

fixed

[kalyazin]

ok, I saw the guidance we give in the doc, but still not entirely convinced bandwidth adds a value

[kalyazin]

s/devie/device/

[ShadowCurse]

fixed