cloud-hypervisor VS crosvm

There is no mention of cloud-hypervisor[1] (also in the rust-vmm ecosystem) in the article. It has the memory reclamation feature they require. It also support VFIO and virtiofs.

[1] <https://github.com/cloud-hypervisor/cloud-hypervisor>

https://github.com/tandasat/Hypervisor-101-in-Rust is there to help

https://github.com/cloud-hypervisor/cloud-hypervisor isn't educational necessarily but is one of the most technically progressive fastest developing highest funded vm projects ever, and there are oodles of tech talks on it. I am not qualified to make any specific recommendations, but there's tons of stuff here.

> The goal of the Cloud Hypervisor project differs from the aforementioned projects in that it aims to be a general purpose VMM for Cloud Workloads and not limited to container/serverless or client workloads.

Firecracker is such a great piece of technology. I'm amazed that AWS actually open-sourced it. All kudos to them. We're using Firecracker at our company to allow API companies build interactive demos like this one we built for Prisma [1].

[0] https://github.com/cloud-hypervisor/cloud-hypervisor

[1] https://playground.prisma.io

Relatively new project 'Cloud Hypervisor' https://github.com/cloud-hypervisor/cloud-hypervisor seems to launch images faster.

The Chrome OS hypervisor was then evolved/forked into Firecracker and Intel's Cloud Hypervisor, with the latter supporting both Linux and Windows. Perhaps Cloud Hypervisor would serve as a good backbone for sandboxing, with its Rust implementation and focus on security?

GitHub - cloud-hypervisor/cloud-hypervisor: A Virtual Machine Monitor for modern Cloud workloads. Features include CPU, memory and device hotplug, support for running Windows and Linux guests, device offload with vhost-user and a minimal compact footprint. Written in Rust with a strong focus on security.

Did you guys think about live migrations? https://github.com/cloud-hypervisor/cloud-hypervisor seems to support it and it shares a good amount of code with firecracker.

Virtink is a Kubernetes add-on for running Cloud Hypervisor virtual machines. By using Cloud Hypervisor as the underlying hypervisor, Virtink enables a lightweight and secure way to run fully virtualized workloads in a canonical Kubernetes cluster.

The Linux kernel has a huge attack surface, and privilege escalation vulnerabilities abound. This is why https://gvisor.dev/ exists - it's a memory-safe proxy for Linux syscalls. This is also why Chrome OS runs its Linux environment in a custom hypervisor written in Rust instead of containers.

Same protocol, but the implementation is at the discretion of whoever writes the server code.

For example I went to check and in crosvm we use a BTreeMap already for Fids for our p9 implementation (thankfully): https://github.com/google/crosvm/blob/main/common/p9/src/ser...

I'm not sure, but maybe because it started as a fork of crosvm[0]?

[0]: https://github.com/google/crosvm

However i think what you're looking for is rather backend stuff, maybe take a look at here.

I've also been looking into shipping apps as VM images with a minimal kernel. Do you know if WHPX requires the user to have admin rights? On the host side, Windows and Mac ports of crosvm [1] could be useful. crosvm seems to have all the necessary virtio device types, but a greater focus on security than QEMU.

[1]: https://google.github.io/crosvm/