ArmoredGate/volt-vmm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Volt VMM (Neutron Stardust): source-available under AGPSL v5.0

Browse Source 
KVM-based microVMM for the Volt platform:
- Sub-second VM boot times
- Minimal memory footprint
- Landlock LSM + seccomp security
- Virtio device support
- Custom kernel management

Copyright (c) Armored Gates LLC. All rights reserved.
Licensed under AGPSL v5.0
This commit is contained in:
Karl Clinger
2026-03-21 01:04:35 -05:00
commit 40ed108dd5
143 changed files with 50300 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

188
docs/benchmark-volt-updated.md Normal file
View File

@@ -0,0 +1,188 @@
# Volt VMM Benchmark Results (Updated)
**Date:** 2026-03-08 (updated with security stack + volt-init)
**Version:** Volt v0.1.0 (with CPUID + Seccomp-BPF + Capability dropping + Landlock + i8042 + volt-init)
**Host:** Intel Xeon Silver 4210R @ 2.40GHz (2 sockets × 10 cores, 40 threads)
**Host Kernel:** Linux 6.1.0-42-amd64 (Debian)
**Guest Kernel:** Linux 4.14.174 (vmlinux ELF format, 21,441,304 bytes)
---
## Summary
| Metric | Previous | Current | Change |
|--------|----------|---------|--------|
| Binary size | 3.10 MB | 3.45 MB | +354 KB (+11%) |
| Cold boot to userspace | N/A | **548 ms** | New capability |
| Cold boot to kernel panic (median) | 1,723 ms | **1,338 ms** | 385 ms (22%) |
| VMM init time (TRACE) | 88.9 ms | **85.0 ms** | 3.9 ms (4%) |
| VMM init time (wall-clock median) | 110 ms | **91 ms** | 19 ms (17%) |
| Memory overhead (128M guest) | 6.6 MB | **9.3 MB** | +2.7 MB |
| Security layers | 1 (CPUID) | **4** | +3 layers |
| Security overhead | — | **<1 ms** | Negligible |
| Init system | None | **volt-init (509 KB)** | New |
---
## 1. Binary & Component Sizes
| Component | Size | Format |
|-----------|------|--------|
| volt-vmm VMM | 3,612,896 bytes (3.45 MB) | ELF 64-bit, dynamic, stripped |
| volt-init | 520,784 bytes (509 KB) | ELF 64-bit, static-pie musl, stripped |
| initramfs.cpio.gz | 265,912 bytes (260 KB) | gzipped cpio archive |
| **Total deployable** | **~3.71 MB** | |
Dynamic dependencies (volt-vmm): libc, libm, libgcc_s
---
## 2. Cold Boot to Userspace (10 iterations)
Process start → "VOLT VM READY" banner displayed. 128M RAM, 1 vCPU, initramfs with volt-init.
| Iteration | Time (ms) |
|-----------|-----------|
| 1 | 505 |
| 2 | 556 |
| 3 | 555 |
| 4 | 561 |
| 5 | 548 |
| 6 | 564 |
| 7 | 553 |
| 8 | 544 |
| 9 | 559 |
| 10 | 535 |
| Stat | Value |
|------|-------|
| **Minimum** | 505 ms |
| **Median** | **548 ms** |
| **Maximum** | 564 ms |
| **Spread** | 59 ms (10.8%) |
Kernel internal uptime at shell prompt: **~320ms** (from volt-init output).
---
## 3. Cold Boot to Kernel Panic (10 iterations)
Process start → "Rebooting in" message. No initramfs, no rootfs. 128M RAM, 1 vCPU.
| Iteration | Time (ms) |
|-----------|-----------|
| 1 | 1,322 |
| 2 | 1,332 |
| 3 | 1,345 |
| 4 | 1,358 |
| 5 | 1,338 |
| 6 | 1,340 |
| 7 | 1,322 |
| 8 | 1,347 |
| 9 | 1,313 |
| 10 | 1,319 |
| Stat | Value |
|------|-------|
| **Minimum** | 1,313 ms |
| **Median** | **1,338 ms** |
| **Maximum** | 1,358 ms |
| **Spread** | 45 ms (3.4%) |
Improvement: **385 ms (22%)** from previous (1,723 ms). The i8042 device emulation eliminated the ~500ms keyboard controller probe timeout.
---
## 4. VMM Initialization Breakdown (TRACE-level)
| Δ from start (ms) | Duration (ms) | Phase |
|---|---|---|
| +0.000 | — | Program start |
| +0.110 | 0.1 | KVM initialized |
| +35.444 | 35.3 | CPUID configured (46 entries) |
| +69.791 | 34.3 | Guest memory allocated (128 MB) |
| +69.805 | 0.0 | VM created |
| +69.812 | 0.0 | Devices initialized (serial + i8042) |
| +83.812 | 14.0 | Kernel loaded (21 MB ELF) |
| +84.145 | 0.3 | vCPU configured |
| +84.217 | 0.1 | Landlock sandbox applied |
| +84.476 | 0.3 | Capabilities dropped |
| +85.026 | 0.5 | Seccomp-BPF installed (72 syscalls, 365 BPF instructions) |
| +85.038 | — | **VM running** |
| Phase | Duration (ms) | % |
|-------|--------------|---|
| KVM init | 0.1 | 0.1% |
| CPUID configuration | 35.3 | 41.5% |
| Memory allocation | 34.3 | 40.4% |
| Kernel loading | 14.0 | 16.5% |
| Device + vCPU setup | 0.4 | 0.5% |
| Security hardening | 0.9 | 1.1% |
| **Total** | **85.0** | **100%** |
### Wall-clock VMM Init (5 iterations)
| Iteration | Time (ms) |
|-----------|-----------|
| 1 | 91 |
| 2 | 115 |
| 3 | 84 |
| 4 | 91 |
| 5 | 84 |
Median: **91 ms** (previous: 110 ms, **17%**)
---
## 5. Memory Overhead
RSS measured 2 seconds after VM boot:
| Guest Memory | RSS (KB) | VSZ (KB) | Overhead (KB) | Overhead (MB) |
|-------------|----------|----------|---------------|---------------|
| 128 MB | 140,388 | 2,910,232 | 9,316 | **9.3** |
| 256 MB | 269,500 | 3,041,304 | 7,356 | **7.2** |
| 512 MB | 535,540 | 3,303,452 | 11,252 | **11.0** |
Average VMM overhead: **~9.2 MB** (slight increase from previous 6.6 MB due to security structures, i8042 device state, and initramfs buffering).
---
## 6. Security Stack
### Layers
| Layer | Details |
|-------|---------|
| **CPUID filtering** | 46 entries; strips VMX, TSX, MPX, MONITOR, thermal, perf |
| **Seccomp-BPF** | 72 syscalls allowed, all others → KILL_PROCESS (365 BPF instructions) |
| **Capability dropping** | All 64 Linux capabilities cleared |
| **Landlock** | Filesystem sandboxed to kernel/initrd files + /dev/kvm |
| **NO_NEW_PRIVS** | Set via prctl (enforced by Landlock) |
### Security Overhead
| Mode | VMM Init (median, ms) |
|------|----------------------|
| All security ON | 90 |
| Security OFF (--no-seccomp --no-landlock) | 91 |
| **Overhead** | **<1 ms** |
Security is effectively free from a performance perspective.
---
## 7. Devices
| Device | I/O Address | IRQ | Notes |
|--------|-------------|-----|-------|
| Serial (ttyS0) | 0x3f8 | IRQ 4 | 16550 UART with IRQ injection |
| i8042 | 0x60, 0x64 | IRQ 1/12 | Keyboard controller (responds to probes) |
| IOAPIC | 0xfec00000 | — | Interrupt routing |
| Local APIC | 0xfee00000 | — | Per-CPU interrupt controller |
The i8042 device is the key improvement — it responds to keyboard controller probes immediately, eliminating the ~500ms timeout that plagued the previous version and Firecracker's default configuration.
---
*Generated by automated benchmark suite, 2026-03-08*