ec2-audit: add EC2/Nitro portability audit app#71
Open
gburd wants to merge 1 commit into
Open
Conversation
New C app that probes the hardware/OS features OSv should expose on AWS EC2 (CPU vendor/arch, memory sizing, monotonic/realtime clock, MAP_HUGETLB, network interfaces, block devices, io_uring opcodes, IMDSv2 reachability) across Intel, AMD, and arm64. Each probe cross-checks independent sources and reports ok/degraded/fail/unknown rather than assuming success. Serves the findings as JSON over HTTP (GET /all plus per-probe endpoints /cpu, /memory, /clock, /hugepages, /net, /block, /io_uring, /imds); --once prints the full report to the console and exits.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
ec2-audit, a small defensive C app that probes the hardware and OS features OSv should expose when running on AWS EC2/Nitro, and serves the findings as JSON over HTTP.Probes: CPU (vendor/features via CPUID on x86_64, uname on arm64), memory (
/proc/meminfocross-checked againstsysconf), block devices, networking (interfaces/addresses), clock (monotonic vs realtime sanity), hugepages, io_uring availability, and the EC2 Instance Metadata Service (IMDS).Each probe is skeptical by design: it cross-checks independent sources, bounds all I/O, and reports
unknown/degraded/failrather than assuming success. The intent is a single artifact you can boot on a candidate instance type to confirm OSv's platform bring-up before qualifying a real workload.Files:
ec2-audit.c— the probes and JSON/HTTP serverMakefile— builds a PIE with-std=gnu99module.py— runs/ec2-auditusr.manifest,.gitignoreTest plan
scripts/build fs=ramfs image=ec2-audit).run.py -kare test-harness artifacts (the-kPVH path drops--rootfs=ramfsso/procisn't mounted), not app or OSv defects — on a full boot the probes reportok.