fix: Avoid reallocating fd table during snapshot restore

[roypat]

Linux maintains a per-process file descriptor table. By default, this table has size 64. Whenever space in this table runs out, the file descriptor table gets reallocated, with its size increased to the next power of two.

Firecracker creates a lot of eventfds and timerfds for its devices. These are created in the hot path of snapshot restore. For medium to large microVMs, firecracker uses more than 64 file descriptors, meaning we reallocate the file descriptor table on the hot path. However, this reallocation uses a RCU, meaning the kernel needs to hold a lock. To acquire this lock, it needs to wait for all other accesses to the file descriptors to cease, which introduces a severe latency to snapshot-restore times (between 30ms and 70ms).

This commit avoids that latency by ensuring the file descriptor table is large enough to hold the jailer-defined limit of file descriptors at process start already. This avoids reallocating the file descriptor table at runtime (and the memory overhead is negligable, as each entry in the fdtable is simply a pointer).

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following
Developer Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

• If a specific issue led to this PR, this PR closes the issue.
• The description of changes is clear and encompassing.
• Any required documentation changes (code and docs) are included in this PR.
• API changes follow the Runbook for Firecracker API changes.
• User-facing changes are mentioned in CHANGELOG.md.
• All added/changed functionality is tested.
• New TODOs link to an issue.
• Commits meet contribution quality standards.

---

• This functionality cannot be added in rust-vmm.

[codecov]

Codecov Report

Patch coverage has no change and project coverage change: -0.09% ⚠️

Comparison is base (eb38da7) 82.34% compared to head (0be2b96) 82.26%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4107      +/-   ##
==========================================
- Coverage   82.34%   82.26%   -0.09%     
==========================================
  Files         225      225              
  Lines       28445    28474      +29     
==========================================
  Hits        23424    23424              
- Misses       5021     5050      +29     

Flag	Coverage Δ
4.14-c7g.metal	77.66% <0.00%> (-0.10%)	⬇️
4.14-m5d.metal	79.56% <0.00%> (-0.10%)	⬇️
4.14-m6a.metal	78.66% <0.00%> (-0.10%)	⬇️
4.14-m6g.metal	77.66% <0.00%> (-0.10%)	⬇️
4.14-m6i.metal	79.54% <0.00%> (-0.10%)	⬇️
5.10-c7g.metal	80.58% <0.00%> (-0.10%)	⬇️
5.10-m5d.metal	82.22% <0.00%> (-0.10%)	⬇️
5.10-m6a.metal	81.44% <0.00%> (-0.11%)	⬇️
5.10-m6g.metal	80.58% <0.00%> (-0.10%)	⬇️
5.10-m6i.metal	82.21% <0.00%> (-0.10%)	⬇️
6.1-c7g.metal	80.58% <0.00%> (-0.10%)	⬇️
6.1-m5d.metal	82.23% <0.00%> (-0.10%)	⬇️
6.1-m6a.metal	81.44% <0.00%> (-0.11%)	⬇️
6.1-m6g.metal	80.58% <0.00%> (?)
6.1-m6i.metal	82.21% <0.00%> (-0.10%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
src/firecracker/src/main.rs	0.21% <0.00%> (-0.02%)	⬇️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[bchalios]

🚢