The Asterinas community is happy to announce a new version of Asterinas, 0.18.0!

The headline of this release is a major step toward running Asterinas as the guest OS for VM-based Kata Containers and Confidential Containers (CoCo). Getting there requires a host of new building blocks, and this release delivers many of them: namespaces (the IPC and cgroup namespaces, plus nsfs at /proc/[pid]/ns), cgroups (the PID sub-controller and a partial CPU sub-controller), virtio-fs for sharing a filesystem with the host, virtio-rng (/dev/hwrng) for hardware entropy, and a fully reimplemented vsock for host–guest communication.

Userspace debugging comes to Asterinas in this release. We implement the ptrace syscall along with its core operations—PTRACE_SETOPTIONS, PTRACE_SYSCALL, and PTRACE_PEEK/POKE—which together enable popular debugging tools such as GDB and strace to run on Asterinas, complete with verified-usage documentation and CI coverage.

This release also substantially modernizes the storage stack. The ext2 filesystem has been reimplemented, a new NVMe driver joins the block layer, and the VFS gains a new Dentry revalidate mechanism alongside a refactored page cache. The result is a more reliable and capable storage stack.

Finally, Asterinas NixOS dramatically expands its coverage of real-world software, with over 100 popular packages now verified—including Codex, QEMU, and Firefox. To keep this growing catalog working, we have integrated a range of new test suites, including kselftest, xfstests, and the standard unit-test suites of Go, Python, and JDK.

Asterinas NixOS

We have made the following key changes to Asterinas NixOS:

• Add a framework for Asterinas NixOS test suites
• Add documentation for more verified applications
• Add tests for popular applications
• Add Go std test on Asterinas NixOS
• Add JDK test on Asterinas NixOS
• Add Python regression tests on Asterinas NixOS
• Add QEMU test for virtualization applications
• Support ARCH_GET_GS/ARCH_SET_GS to enable Firefox

Asterinas Kernel

We have made the following key changes to the Asterinas kernel:

• Process management
  • Refactor PidFile and add the pidfd_getfd syscall, add the pidfd_send_signal syscall, and align PidFile semantics with POSIX
  • Fix buggy behavior when loading corrupted ELF files
• Ptrace
  • Add the ptrace syscall
  • Support debugging with ptrace
  • Add PTRACE_SETOPTIONS, PTRACE_SYSCALL, and PTRACE_PEEK/POKE_TEXT/DATA
  • Add (kernel-side) patches, verified-usage docs, and CI for GDB and strace
  • Support force-write via /proc/[pid]/mem
  • Add the Yama ptrace scope
• Signals and IPC
  • Correct sigsuspend and fix various other signal behaviors
  • Fix lots of bugs in System V semaphores
• Memory management
  • Respect mmap address hints
  • Fix many wrong error codes and other buggy behavior in various MM syscalls
• File systems
  • VFS
    • Add the pseudo Path
    • Introduce the Dentry revalidate mechanism
    • Refactor the page cache implementation and fix a page cache bug that leaks uninitialized memory to userspace
    • Implement the pivot_root syscall
    • Implement O_TMPFILE support for open/openat
    • Refactor Metadata’s fields and fix pseudo-filesystems’ Device ID
  • virtio-fs
    • Support virtio-fs in Asterinas
  • Ext2
    • Rewrite the ext2 filesystem
  • Procfs
    • Add /proc/mounts, /proc/[pid]/auxv, /proc/[tid], more entries in /proc/[pid]/maps, and mountstats
• Sockets and networking
  • Rewrite vsock
  • Add initial IPv6 support
  • Reject binding to privileged ports without CAP_NET_BIND_SERVICE
  • Fix some UDP problems
• Namespaces and cgroups
  • Support nsfs (/proc/[pid]/ns)
  • Support the IPC namespace
  • Support the cgroup namespace
  • Implement the cgroup PID sub-controller
  • Add a partial cgroup CPU sub-controller, providing cpu.stat statistics and dummy cpu.weight/cpu.max limit files
  • Bind mount namespace files
• Security
  • Implement capabilities and execution of programs by root
  • Implement capability bounding set support
  • Fix credentials-related system calls and clean them up
  • Add the initial LSM framework
• Devices
  • Block and NVMe
    • Add the NVMe driver
  • PCI
    • Improve PCI device enumeration and detection
    • Get the PCI bus range from FDT/ACPI and add support for PCI ECAM on x86
  • TTY and console
    • Support multiple TTYs
    • Support the NS16550A UART console, /dev/ttyS0, and console=ttyS0
    • Keyboard enhancements
  • VirtIO
    • Support virtio-rng and expose it as /dev/hwrng
    • Model virtqueue as untrusted and use fallible allocation in aster-virtio
  • TDX
    • Add TSM-MR (measurement register) sysfs support
• Tests
  • Add Linux kselftest test suite
  • Add the xfstests test suite
• Misc
  • Add a generic syscall table
  • Introduce the kernel parameter framework

Asterinas OSTD & OSDK

We have made the following key changes to OSTD and/or OSDK:

• OSTD
  • Replace the log crate with OSTD’s own logging API
  • Refactor Pod with zerocopy
  • Refactor the DMA APIs
  • Add a Memcpy/Memset trait framework for typed memory copies
• Misc
  • Add a Docker development environment on ARM (aarch64)

Asterinas Book

We have made the following key changes to the Book:

• Add coding guidelines
• Add OSTD soundness analysis
• Add Kata Containers documentation
• Add Confidential Containers (CoCo) documentation

Contributors

This release was made possible by contributions from 36 individuals. Thank you for your amazing work!

• Ruihan Li (191 commits)
• jiangjianfeng (92 commits)
• Wang Siyuan (72 commits)
• Qingsong Chen (64 commits)
• Chen Chengjun (59 commits)
• Tate, Hongliang Tian (52 commits)
• Tao Su (46 commits)
• Zhang Junyang (36 commits)
• zjp (26 commits)
• li041 (23 commits)
• Xinyi Yu (23 commits)
• Marsman1996 (18 commits)
• wyt8 (17 commits)
• Aaron Chen (9 commits)
• zzj-5341 (9 commits)
• Chaoqun Zheng (8 commits)
• Hsy-Intel (7 commits)
• Cautreoxit (4 commits)
• Chao Liu (4 commits)
• Junrui Luo (4 commits)
• Ray Lee (4 commits)
• rikosellic (4 commits)
• TankTechnology (4 commits)
• Zhenchen Wang (4 commits)
• Yuke Peng (3 commits)
• Zhihang Shao (3 commits)
• yyda (3 commits)
• Arthur Paulino (1 commit)
• Jakob Hellermann (1 commit)
• Linermao (1 commit)
• lxh (1 commit)
• Shen Bowen (1 commit)
• Wei Zhang (1 commit)
• wrj97 (1 commit)
• YanLien (1 commit)
• zzjrabbit (1 commit)