Add FUSE remap_file_range support for FICLONE/FICLONERANGE

.config/nextest.toml

@@ -42,23 +42,36 @@ retries = 0
 [test-groups.stress-tests]
 max-threads = 1
 
+# Snapshot tests limited to 3 concurrent (each snapshot is ~5.6GB on disk)
+[test-groups.snapshot-tests]
+max-threads = 3
+
 # VM tests run at full parallelism (num-cpus)
-# Previously limited to 16 threads due to namespace holder process deaths,
-# but root cause was rootless tests running under sudo. Now that privileged
-# tests filter out rootless tests (-E '!test(/rootless/)'), full parallelism works.
 [test-groups.vm-tests]
 max-threads = "num-cpus"
 
 [[profile.default.overrides]]
 filter = "package(fcvm) & test(/stress_100/)"
 test-group = "stress-tests"
-slow-timeout = { period = "300s", terminate-after = 1 }
+slow-timeout = { period = "600s", terminate-after = 1 }
+
+# Snapshot tests: limited to 3 concurrent (each creates ~5.6GB snapshot on disk)
+[[profile.default.overrides]]
+filter = "package(fcvm) & (test(/snapshot/) | test(/clone/))"
+test-group = "snapshot-tests"
+slow-timeout = { period = "600s", terminate-after = 1 }
+
+# VM tests get 10 minute timeout (non-snapshot tests)
+[[profile.default.overrides]]
+filter = "package(fcvm) & test(/test_/) & !test(/stress_100/) & !test(/pjdfstest_vm/) & !test(/snapshot/) & !test(/clone/)"
+test-group = "vm-tests"
+slow-timeout = { period = "600s", terminate-after = 1 }
 
-# VM tests run with limited parallelism to avoid resource exhaustion
+# In-VM pjdfstest needs 15 minutes (image import via FUSE over vsock is slow)
 [[profile.default.overrides]]
-filter = "package(fcvm) & test(/test_/) & !test(/stress_100/)"
+filter = "package(fcvm) & test(/pjdfstest_vm/)"
 test-group = "vm-tests"
-slow-timeout = { period = "300s", terminate-after = 1 }
+slow-timeout = { period = "900s", terminate-after = 1 }
 
 # fuse-pipe tests can run with full parallelism
 [[profile.default.overrides]]

.github/workflows/ci.yml

@@ -1,20 +1,28 @@
 name: CI
 
 on:
+  workflow_dispatch:
   pull_request:
     branches: [main]
   push:
     branches: [main]
 
+# Cancel in-progress runs when a new revision is pushed
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 env:
   CARGO_TERM_COLOR: always
   FUSE_BACKEND_RS: ${{ github.workspace }}/fuse-backend-rs
   FUSER: ${{ github.workspace }}/fuser
   CONTAINER_ARCH: x86_64
 
 jobs:
-  container-rootless:
-    name: Container (rootless)
+  # Runner 0: Lint (default GitHub runner, no KVM needed)
+  # Fast checks: fmt, clippy, audit, deny
+  lint:
+    name: Lint
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -30,12 +38,34 @@ jobs:
           repository: ejc3/fuser
           ref: master
           path: fuser
-      - name: make ci-container-rootless
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: rustfmt, clippy
+      - uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: fcvm -> target
+      - name: Install build dependencies
+        run: sudo apt-get update && sudo apt-get install -y libfuse3-dev libclang-dev clang
+      - name: Install cargo tools
+        run: cargo install cargo-audit cargo-deny --locked
+      - name: Check formatting
+        working-directory: fcvm
+        run: cargo fmt --all --check
+      - name: Clippy
+        working-directory: fcvm
+        run: cargo clippy --all-targets -- -D warnings
+      - name: Audit
+        working-directory: fcvm
+        run: cargo audit
+      - name: Deny
         working-directory: fcvm
-        run: make ci-container-rootless
+        run: cargo deny check
 
-  container-sudo:
-    name: Container (sudo)
+  # Runner 0b: Packaging (default GitHub runner, no KVM needed)
+  # Verifies cargo install works without source tree access
+  packaging:
+    name: Packaging
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -51,12 +81,24 @@ jobs:
           repository: ejc3/fuser
           ref: master
           path: fuser
-      - name: make ci-container-sudo
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+      - uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: fcvm -> target
+      - name: Install build dependencies
+        run: sudo apt-get update && sudo apt-get install -y libfuse3-dev libclang-dev clang
+      - name: Build release
+        working-directory: fcvm
+        run: cargo build --release -p fcvm
+      - name: Test packaging
         working-directory: fcvm
-        run: make ci-container-sudo
+        run: ./scripts/test-packaging.sh ./target/release/fcvm
 
-  vm:
-    name: Host (sudo+rootless)
+  # Runner 1: Host (bare metal with KVM)
+  # Runs: test-unit → test-fast → test-root (sequential)
+  host:
+    name: Host
     runs-on: buildjet-32vcpu-ubuntu-2204
     steps:
       - uses: actions/checkout@v4
@@ -72,6 +114,34 @@ jobs:
           repository: ejc3/fuser
           ref: master
           path: fuser
+      - name: Install Rust
+        run: |
+          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+      - uses: Swatinem/rust-cache@v2
+        with:
+          cache-provider: buildjet
+          workspaces: fcvm -> target
+          cache-on-failure: "true"
+      - name: Install dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y fuse3 libfuse3-dev libclang-dev clang musl-tools \
+            iproute2 iptables slirp4netns dnsmasq qemu-utils e2fsprogs parted \
+            podman skopeo busybox-static cpio zstd autoconf automake libtool
+      - name: Install Firecracker
+        run: |
+          curl -L -o /tmp/firecracker.tgz \
+            https://github.com/firecracker-microvm/firecracker/releases/download/v1.14.0/firecracker-v1.14.0-x86_64.tgz
+          sudo tar -xzf /tmp/firecracker.tgz -C /usr/local/bin --strip-components=1 \
+            release-v1.14.0-x86_64/firecracker-v1.14.0-x86_64 \
+            release-v1.14.0-x86_64/jailer-v1.14.0-x86_64
+          sudo mv /usr/local/bin/firecracker-v1.14.0-x86_64 /usr/local/bin/firecracker
+          sudo mv /usr/local/bin/jailer-v1.14.0-x86_64 /usr/local/bin/jailer
+      - name: Install cargo tools
+        # cargo-audit >= 0.22.0 required for CVSS 4.0 support
+        # Use --force to override any stale cached versions
+        run: cargo install cargo-nextest@0.9.115 cargo-audit@0.22.0 cargo-deny@0.18.9 --locked --force
       - name: Setup KVM and networking
         run: |
           sudo chmod 666 /dev/kvm
@@ -83,6 +153,99 @@ jobs:
           fi
           sudo chmod 666 /dev/userfaultfd
           sudo sysctl -w vm.unprivileged_userfaultfd=1
-      - name: make container-test-vm
+          # Enable FUSE allow_other for tests
+          echo "user_allow_other" | sudo tee /etc/fuse.conf
+      - name: Create test log directory
+        run: mkdir -p /tmp/fcvm-test-logs
+      - name: test-unit
+        working-directory: fcvm
+        run: make test-unit
+      - name: setup-fcvm
+        working-directory: fcvm
+        run: make setup-fcvm
+      - name: test-fast
+        working-directory: fcvm
+        run: make test-fast
+      - name: test-root
+        working-directory: fcvm
+        run: make test-root
+      - name: Capture kernel logs
+        if: always()
+        run: |
+          # Filter dmesg for UFFD/memory/VM related messages only
+          sudo dmesg | grep -iE 'userfault|uffd|kvm|firecracker|oom|killed|segfault|page.fault' > /tmp/fcvm-test-logs/dmesg-filtered.log || true
+      - name: Upload test logs
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: test-logs-host
+          path: /tmp/fcvm-test-logs/
+          if-no-files-found: ignore
+          retention-days: 7
+
+  # Runner 2: Container (podman)
+  # Runs same tests as Host but inside a container
+  # Needs KVM for VM tests (container mounts /dev/kvm)
+  container:
+    name: Container
+    runs-on: buildjet-32vcpu-ubuntu-2204
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: fcvm
+      - uses: actions/checkout@v4
+        with:
+          repository: ejc3/fuse-backend-rs
+          ref: master
+          path: fuse-backend-rs
+      - uses: actions/checkout@v4
+        with:
+          repository: ejc3/fuser
+          ref: master
+          path: fuser
+      - name: Setup KVM and rootless podman
+        run: |
+          sudo chmod 666 /dev/kvm
+          # Enable userfaultfd syscall for snapshot cloning
+          sudo sysctl -w vm.unprivileged_userfaultfd=1
+          # Configure rootless podman to use cgroupfs (no systemd session on CI)
+          mkdir -p ~/.config/containers
+          printf '[engine]\ncgroup_manager = "cgroupfs"\nevents_logger = "file"\n' > ~/.config/containers/containers.conf
+          # Create cargo cache directory for container
+          mkdir -p ${{ github.workspace }}/cargo-cache/registry ${{ github.workspace }}/cargo-cache/target
+      - name: Cache container cargo
+        uses: actions/cache@v4
+        with:
+          path: ${{ github.workspace }}/cargo-cache
+          key: container-cargo-${{ hashFiles('fcvm/Cargo.lock') }}
+          restore-keys: container-cargo-
+      - name: Create test log directory
+        run: mkdir -p /tmp/fcvm-test-logs
+      - name: container-test-unit
+        env:
+          CARGO_CACHE_DIR: ${{ github.workspace }}/cargo-cache
+        working-directory: fcvm
+        run: make container-test-unit
+      - name: container-setup-fcvm
+        env:
+          CARGO_CACHE_DIR: ${{ github.workspace }}/cargo-cache
+        working-directory: fcvm
+        run: make container-setup-fcvm
+      - name: container-test
+        env:
+          CARGO_CACHE_DIR: ${{ github.workspace }}/cargo-cache
         working-directory: fcvm
-        run: make container-test-vm
+        run: make container-test
+      - name: Capture kernel logs
+        if: always()
+        run: |
+          # Filter dmesg for UFFD/memory/VM related messages only
+          sudo dmesg | grep -iE 'userfault|uffd|kvm|firecracker|oom|killed|segfault|page.fault' > /tmp/fcvm-test-logs/dmesg-filtered.log || true
+      - name: Upload test logs
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: test-logs-container
+          path: /tmp/fcvm-test-logs/
+          if-no-files-found: ignore
+          retention-days: 7

.gitignore

@@ -8,3 +8,5 @@ sync-test/
 # Local settings (machine-specific)
 *.local.*
 *.local
+cargo-home/
+.local/

CONTRIBUTING.md

@@ -40,12 +40,16 @@ Have an idea? [Open an issue](https://github.com/ejc3/fcvm/issues/new) describin
 # Build everything
 make build
 
+# First-time setup (downloads kernel + creates rootfs, ~5-10 min)
+make setup-btrfs
+fcvm setup
+
 # Run lints (must pass before PR)
 make lint
 
 # Run tests
 make test              # fuse-pipe tests
-make test-vm           # VM integration tests (requires KVM)
+make test-root         # VM tests (requires sudo + KVM)
 
 # Format code
 make fmt