firecracker-microvm · ShadowCurse · Dec 11, 2024 · Nov 25, 2024 · Nov 28, 2024 · Nov 28, 2024
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -9,6 +9,7 @@ resolver = "2"
 
 [workspace.lints.rust]
 missing_debug_implementations = "warn"
+unexpected_cfgs = { level = "warn", check-cfg = ['cfg(kani)'] }
 
 [workspace.lints.clippy]
 ptr_as_ptr = "warn"

@@ -60,11 +60,10 @@ minimal required device model to the guest operating system while excluding
 non-essential functionality (only 6 emulated devices are available: virtio-net,
 virtio-balloon, virtio-block, virtio-vsock, serial console, and a minimal
 keyboard controller used only to stop the microVM). This, along with a
-streamlined kernel loading process enables a \< 125 ms startup time and a \< 5
-MiB memory footprint. The Firecracker process also provides a RESTful control
-API, handles resource rate limiting for microVMs, and provides a microVM
-metadata service to enable the sharing of configuration data between the host
-and guest.
+streamlined kernel loading process enables a < 125 ms startup time and a < 5 MiB
+memory footprint. The Firecracker process also provides a RESTful control API,
+handles resource rate limiting for microVMs, and provides a microVM metadata
+service to enable the sharing of configuration data between the host and guest.
 
 ### What operating systems are supported by Firecracker?
 

@@ -116,7 +116,7 @@ The **API endpoint** can be used to:
 - Add a [entropy device](docs/entropy.md) to the microVM.
 - Start the microVM using a given kernel image, root file system, and boot
   arguments.
-- \[x86_64 only\] Stop the microVM.
+- [x86_64 only] Stop the microVM.
 
 **Built-in Capabilities**:
 
@@ -130,14 +130,14 @@ The **API endpoint** can be used to:
 
 We test all combinations of:
 
-| Instance  | Host OS & Kernel  | Guest Rootfs | Guest Kernel |
-| :-------- | :---------------- | :----------- | :----------- |
-| c5n.metal | al2    linux_5.10 | ubuntu 24.04 | linux_5.10   |
-| m5n.metal | al2023 linux_6.1  |              | linux_6.1    |
-| m6i.metal |                   |              |              |
-| m6a.metal |                   |              |              |
-| m6g.metal |                   |              |              |
-| m7g.metal |                   |              |              |
+| Instance  | Host OS & Kernel | Guest Rootfs | Guest Kernel |
+| :-------- | :--------------- | :----------- | :----------- |
+| c5n.metal | al2 linux_5.10   | ubuntu 24.04 | linux_5.10   |
+| m5n.metal | al2023 linux_6.1 |              | linux_6.1    |
+| m6i.metal |                  |              |              |
+| m6a.metal |                  |              |              |
+| m6g.metal |                  |              |              |
+| m7g.metal |                  |              |              |
 
 ## Known issues and Limitations
 

@@ -31,7 +31,7 @@ curl --unix-socket /tmp/firecracker.socket -i \
     -d '{ "action_type": "FlushMetrics" }'
 ```
 
-## \[Intel and AMD only\] SendCtrlAltDel
+## [Intel and AMD only] SendCtrlAltDel
 
 This action will send the CTRL+ALT+DEL key sequence to the microVM. By
 convention, this sequence has been used to trigger a soft reboot and, as such,

@@ -6,7 +6,7 @@ system calls.
 
 Firecracker 1.0.0 adds support for an asynchronous block device IO engine.
 
-> \[!WARNING\]
+> [!WARNING]
 >
 > Support is currently in **developer preview**. See
 > [this section](#developer-preview-status) for more info.

@@ -1,6 +1,6 @@
 # Vhost-user block device
 
-> \[!WARNING\]
+> [!WARNING]
 >
 > Support is currently in **developer preview**. See
 > [this section](../RELEASE_POLICY.md#developer-preview-features) for more info.

diff --git a/docs/formal-verification.md b/docs/formal-verification.md
@@ -143,45 +143,40 @@ Verification Time: 0.19135727s
 ## FAQ
 
 **Q:** What is the Kani verifier?\
-**A:** The
-[Kani Rust Verifier](https://github.com/model-checking/kani) is a bit-precise
-model checker for Rust. Kani is particularly useful for verifying unsafe code
-blocks in Rust, where the
+**A:** The [Kani Rust Verifier](https://github.com/model-checking/kani) is a
+bit-precise model checker for Rust. Kani is particularly useful for verifying
+unsafe code blocks in Rust, where the
 “[unsafe superpowers](https://doc.rust-lang.org/stable/book/ch19-01-unsafe-rust.html#unsafe-superpowers)"
 are unchecked by the compiler.
 
 **Q:** What safety properties does Kani verify?\
-**A:** Kani verifies memory
-safety properties (e.g., invalid-pointer dereferences, out-of-bounds array
-access), user-specified assertions (i.e., `assert!(...)`), the absence of
-`panic!()`s (e.g., `unwrap()` on `None` values), and the absence of some types
-of unexpected behavior (e.g., arithmetic overflows). For a full overview, see
-the
+**A:** Kani verifies memory safety properties (e.g., invalid-pointer
+dereferences, out-of-bounds array access), user-specified assertions (i.e.,
+`assert!(...)`), the absence of `panic!()`s (e.g., `unwrap()` on `None` values),
+and the absence of some types of unexpected behavior (e.g., arithmetic
+overflows). For a full overview, see the
 [Kani documentation](https://model-checking.github.io/kani/tutorial-kinds-of-failure.html).
 
 **Q:** Do we expect all contributors to write harnesses for newly introduced
 code?\
-**A:** No. Kani is complementary to unit testing, and we do not have
-target for “proof coverage”. We employ formal verification in especially
-critical code areas. Generally we do not expect someone who might not be
-familiar with formal tools to contribute harnesses. We do expect all contributed
-code to pass verification though, just like we expect it to pass unit test!
+**A:** No. Kani is complementary to unit testing, and we do not have target for
+“proof coverage”. We employ formal verification in especially critical code
+areas. Generally we do not expect someone who might not be familiar with formal
+tools to contribute harnesses. We do expect all contributed code to pass
+verification though, just like we expect it to pass unit test!
 
 **Q:** How should I report issues related to any Firecracker harnesses?\
-**A:**
-Our Kani harnesses verify safety critical invariants. If you discover a flaw in
-a harness, please report it using the
+**A:** Our Kani harnesses verify safety critical invariants. If you discover a
+flaw in a harness, please report it using the
 [security issue disclosure process](https://github.com/firecracker-microvm/firecracker/blob/main/SECURITY.md).
 
-**Q:** How do I know which properties I should prove in the Kani
-harness?\
-**A:** Generally, these are given by some sort of specification. This
-can either be the function contract described in its document (e.g. what
-relation between input and output do callers expect?), or even something formal
-such as the TCP/IP standard. Don't forget to mention the specification in your
-proof harness!
+**Q:** How do I know which properties I should prove in the Kani harness?\
+**A:** Generally, these are given by some sort of specification. This can either
+be the function contract described in its document (e.g. what relation between
+input and output do callers expect?), or even something formal such as the
+TCP/IP standard. Don't forget to mention the specification in your proof
+harness!
 
 **Q:** Where do I debug a broken proof?\
-**A:** Check out the Kani book section
-on
+**A:** Check out the Kani book section on
 [debugging verification failures](https://model-checking.github.io/kani/debugging-verification-failures.html).
diff --git a/docs/hugepages.md b/docs/hugepages.md
@@ -1,6 +1,6 @@
 # Backing Guest Memory by Huge Pages
 
-> \[!WARNING\]
+> [!WARNING]
 >
 > Support is currently in **developer preview**. See
 > [this section](RELEASE_POLICY.md#developer-preview-features) for more info.

@@ -254,18 +254,18 @@ echo "swap partitions present (Recommendation: no swap)" \
 
 ### Mitigating hardware vulnerabilities
 
-> \[!CAUTION\]
+> [!CAUTION]
 >
 > Firecracker is not able to mitigate host's hardware vulnerabilities. Adequate
 > mitigations need to be put in place when configuring the host.
 
-> \[!CAUTION\]
+> [!CAUTION]
 >
 > Firecracker is designed to provide isolation boundaries between microVMs
 > running in different Firecracker processes. It is strongly recommended that
 > each Firecracker process corresponds to a workload of a single tenant.
 
-> \[!CAUTION\]
+> [!CAUTION]
 >
 > For security and stability reasons it is highly recommended to load updated
 > microcode as soon as possible. Aside from keeping the system firmware
@@ -328,7 +328,7 @@ For vendor-specific recommendations, please consult the resources below:
 - ARM:
   [Speculative Processor Vulnerability](https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability)
 
-##### \[ARM only\] Physical counter directly passed through to the guest
+##### [ARM only] Physical counter directly passed through to the guest
 
 On ARM, the physical counter (i.e `CNTPCT`) it is returning the
 [actual EL1 physical counter value of the host][1]. From the discussions before

@@ -3,7 +3,7 @@
 This document presents a strategy to ensure continued network connectivity for
 multiple clones created from a single Firecracker microVM snapshot.
 
-> \[!CAUTION\]
+> [!CAUTION]
 >
 > This should be considered as just an example to get you started, and we don't
 > claim this is a performant or secure setup.

@@ -37,7 +37,7 @@ workload at that particular point in time.
 
 ### Supported platforms
 
-> \[!WARNING\]
+> [!WARNING]
 >
 > The Firecracker snapshot feature is in
 > [developer preview](../RELEASE_POLICY.md) on all CPU micro-architectures

diff --git a/rust-toolchain.toml b/rust-toolchain.toml
@@ -11,7 +11,7 @@
 # allowlisted using a toolchain that requires it, causing the A/B-test to
 # always fail.
 [toolchain]
-channel = "1.79.0"
+channel = "1.83.0"
 targets = ["x86_64-unknown-linux-musl", "aarch64-unknown-linux-musl"]
 profile = "minimal"
 
diff --git a/src/acpi-tables/src/aml.rs b/src/acpi-tables/src/aml.rs
@@ -180,7 +180,7 @@ pub struct Package<'a> {
     children: Vec<&'a dyn Aml>,
 }
 
-impl<'a> Aml for Package<'a> {
+impl Aml for Package<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         let mut tmp = vec![self.children.len().try_into().unwrap()];
         for child in &self.children {
@@ -336,7 +336,7 @@ pub struct ResourceTemplate<'a> {
     children: Vec<&'a dyn Aml>,
 }
 
-impl<'a> Aml for ResourceTemplate<'a> {
+impl Aml for ResourceTemplate<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         let mut tmp = Vec::new();
         // Add buffer data
@@ -607,7 +607,7 @@ pub struct Device<'a> {
     children: Vec<&'a dyn Aml>,
 }
 
-impl<'a> Aml for Device<'a> {
+impl Aml for Device<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         let mut tmp = Vec::new();
         self.path.append_aml_bytes(&mut tmp)?;
@@ -637,7 +637,7 @@ pub struct Scope<'a> {
     children: Vec<&'a dyn Aml>,
 }
 
-impl<'a> Aml for Scope<'a> {
+impl Aml for Scope<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         let mut tmp = Vec::new();
         self.path.append_aml_bytes(&mut tmp)?;
@@ -678,7 +678,7 @@ impl<'a> Method<'a> {
     }
 }
 
-impl<'a> Aml for Method<'a> {
+impl Aml for Method<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         let mut tmp = Vec::new();
         self.path.append_aml_bytes(&mut tmp)?;
@@ -707,7 +707,7 @@ impl<'a> Return<'a> {
     }
 }
 
-impl<'a> Aml for Return<'a> {
+impl Aml for Return<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         bytes.push(0xa4); // ReturnOp
         self.value.append_aml_bytes(bytes)?;
@@ -850,7 +850,7 @@ impl<'a> If<'a> {
     }
 }
 
-impl<'a> Aml for If<'a> {
+impl Aml for If<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         let mut tmp = Vec::new();
         self.predicate.append_aml_bytes(&mut tmp)?;
@@ -878,7 +878,7 @@ impl<'a> Equal<'a> {
     }
 }
 
-impl<'a> Aml for Equal<'a> {
+impl Aml for Equal<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         bytes.push(0x93); // LEqualOp
         self.left.append_aml_bytes(bytes)?;
@@ -898,7 +898,7 @@ impl<'a> LessThan<'a> {
     }
 }
 
-impl<'a> Aml for LessThan<'a> {
+impl Aml for LessThan<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         bytes.push(0x95); // LLessOp
         self.left.append_aml_bytes(bytes)?;
@@ -942,7 +942,7 @@ impl<'a> Store<'a> {
     }
 }
 
-impl<'a> Aml for Store<'a> {
+impl Aml for Store<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         bytes.push(0x70); // StoreOp
         self.value.append_aml_bytes(bytes)?;
@@ -1023,7 +1023,7 @@ impl<'a> Notify<'a> {
     }
 }
 
-impl<'a> Aml for Notify<'a> {
+impl Aml for Notify<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         bytes.push(0x86); // NotifyOp
         self.object.append_aml_bytes(bytes)?;
@@ -1046,7 +1046,7 @@ impl<'a> While<'a> {
     }
 }
 
-impl<'a> Aml for While<'a> {
+impl Aml for While<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         let mut tmp = Vec::new();
         self.predicate.append_aml_bytes(&mut tmp)?;
@@ -1116,7 +1116,7 @@ impl<'a> MethodCall<'a> {
     }
 }
 
-impl<'a> Aml for MethodCall<'a> {
+impl Aml for MethodCall<'_> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         self.name.append_aml_bytes(bytes)?;
         for arg in self.args.iter() {
@@ -1169,7 +1169,7 @@ impl<'a, T> CreateField<'a, T> {
     }
 }
 
-impl<'a> Aml for CreateField<'a, u64> {
+impl Aml for CreateField<'_, u64> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         bytes.push(0x8f); // CreateQWordFieldOp
         self.buffer.append_aml_bytes(bytes)?;
@@ -1178,7 +1178,7 @@ impl<'a> Aml for CreateField<'a, u64> {
     }
 }
 
-impl<'a> Aml for CreateField<'a, u32> {
+impl Aml for CreateField<'_, u32> {
     fn append_aml_bytes(&self, bytes: &mut Vec<u8>) -> Result<(), AmlError> {
         bytes.push(0x8a); // CreateDWordFieldOp
         self.buffer.append_aml_bytes(bytes)?;

diff --git a/src/clippy-tracing/src/main.rs b/src/clippy-tracing/src/main.rs
@@ -1,8 +1,6 @@
 // Copyright 2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-#![warn(clippy::pedantic)]
-
 //! A tool to add, remove and check for `tracing::instrument` in large projects where it is
 //! infeasible to manually add it to thousands of functions.
 

diff --git a/src/firecracker/src/api_server/request/actions.rs b/src/firecracker/src/api_server/request/actions.rs
@@ -30,9 +30,8 @@ struct ActionBody {
 
 pub(crate) fn parse_put_actions(body: &Body) -> Result<ParsedRequest, RequestError> {
     METRICS.put_api_requests.actions_count.inc();
-    let action_body = serde_json::from_slice::<ActionBody>(body.raw()).map_err(|err| {
+    let action_body = serde_json::from_slice::<ActionBody>(body.raw()).inspect_err(|_| {
         METRICS.put_api_requests.actions_fails.inc();
-        err
     })?;
 
     match action_body.action_type {