Skip to main content

What’s in the patch

vendor/firecracker-patches/0001-podflare-vsock-uds-override.patch adds two optional fields to LoadSnapshotConfig: 
pub struct LoadSnapshotConfig {
    // ... existing fields ...

    /// [podflare] Override the vsock UDS path from the snapshot.
    pub vsock_uds_path_override: Option<String>,
    /// [podflare] Override block device paths on restore.
    pub drive_overrides: Vec<DriveOverride>,
}
At restore time, before Firecracker builds the VMM from the snapshot state, we patch microvm_state.device_states.mmio_state:
  • vsock_device.device_state.backend.uds_pathvsock_uds_path_override
  • block_devices[i].disk_path ← matching drive_overrides[*].path_on_host
Patch size: 22 lines of additions across 5 files (+ 2 lines of pub on formerly-private VirtioBlockState fields). We also expose a 0-line change to use the existing snapshot_type: "Diff" flow.

Why we need this

Every fork(n=5) restores 5 Firecracker microVMs from a single snapshot. Each child must bind its own host-side vsock UDS (because they’re all concurrent) and use its own rootfs file (because writes must be CoW-isolated). Upstream Firecracker hardcodes those paths from the snapshot state; there’s no post-load-pre-resume API to patch them. Without this patch, multiple concurrent restores would collide — second child errors because the UDS already exists, or worse, overlaps on the rootfs file and corrupts it.

Build

bash scripts/build-firecracker.sh
# produces /usr/local/bin/podflare-firecracker
# and    /usr/local/bin/podflare-rebase-snap
The script clones upstream at a pinned tag (v1.15.1), applies every patch in vendor/firecracker-patches/ in lexical order, builds, and installs.

Rebase policy

Firecracker releases every ~6 weeks. When we bump the pin: 
cd vendor/firecracker
git fetch --depth 1 origin refs/tags/vX.Y.Z:refs/tags/vX.Y.Z
git checkout -f vX.Y.Z

# apply existing patches, resolve conflicts
for p in /root/podflare/vendor/firecracker-patches/*.patch; do
  git apply --3way "$p"
done

# regenerate the .patch file(s)
git diff > /root/podflare/vendor/firecracker-patches/0001-podflare-vsock-uds-override.patch
50-LoC patch against a stable subsystem rebases in about 15 minutes.

Upstreaming

The vsock override is a small, reasonable feature. We may submit it upstream. If accepted, the patch file disappears and build-firecracker.sh stops applying it — no Podflare-side changes needed.