CCv0: Merge main into CCv0 branch

Merge remote-tracking branch 'upstream/main' into CCv0

Fixes: #5696
Signed-off-by: Georgina Kinge <georgina.kinge@ibm.com>

src/runtime/pkg/containerd-shim-v2/shim_management.go

@@ -11,7 +11,6 @@ import (
 	"expvar"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"net/http/pprof"
 	"net/url"
@@ -173,7 +172,7 @@ func (s *service) serveVolumeStats(w http.ResponseWriter, r *http.Request) {
 }
 
 func (s *service) serveVolumeResize(w http.ResponseWriter, r *http.Request) {
-	body, err := ioutil.ReadAll(r.Body)
+	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		shimMgtLog.WithError(err).Error("failed to read request body")
 		w.WriteHeader(http.StatusInternalServerError)
@@ -212,7 +211,7 @@ func (s *service) genericIPTablesHandler(w http.ResponseWriter, r *http.Request,
 
 	switch r.Method {
 	case http.MethodPut:
-		body, err := ioutil.ReadAll(r.Body)
+		body, err := io.ReadAll(r.Body)
 		if err != nil {
 			logger.WithError(err).Error("failed to read request body")
 			w.WriteHeader(http.StatusInternalServerError)

src/runtime/pkg/direct-volume/utils.go

@@ -10,7 +10,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 )
@@ -75,7 +74,7 @@ func Add(volumePath string, mountInfo string) error {
 		return err
 	}
 
-	return ioutil.WriteFile(filepath.Join(volumeDir, mountInfoFileName), []byte(mountInfo), 0600)
+	return os.WriteFile(filepath.Join(volumeDir, mountInfoFileName), []byte(mountInfo), 0600)
 }
 
 // Remove deletes the direct volume path including all the files inside it.
@@ -89,7 +88,7 @@ func VolumeMountInfo(volumePath string) (*MountInfo, error) {
 	if _, err := os.Stat(mountInfoFilePath); err != nil {
 		return nil, err
 	}
-	buf, err := ioutil.ReadFile(mountInfoFilePath)
+	buf, err := os.ReadFile(mountInfoFilePath)
 	if err != nil {
 		return nil, err
 	}
@@ -108,11 +107,11 @@ func RecordSandboxId(sandboxId string, volumePath string) error {
 		return err
 	}
 
-	return ioutil.WriteFile(filepath.Join(kataDirectVolumeRootPath, encodedPath, sandboxId), []byte(""), 0600)
+	return os.WriteFile(filepath.Join(kataDirectVolumeRootPath, encodedPath, sandboxId), []byte(""), 0600)
 }
 
 func GetSandboxIdForVolume(volumePath string) (string, error) {
-	files, err := ioutil.ReadDir(filepath.Join(kataDirectVolumeRootPath, b64.URLEncoding.EncodeToString([]byte(volumePath))))
+	files, err := os.ReadDir(filepath.Join(kataDirectVolumeRootPath, b64.URLEncoding.EncodeToString([]byte(volumePath))))
 	if err != nil {
 		return "", err
 	}

src/runtime/pkg/govmm/qemu/image.go

@@ -8,7 +8,6 @@ package qemu
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path"
@@ -44,12 +43,12 @@ func CreateCloudInitISO(ctx context.Context, scratchDir, isoPath string,
 			dataDirPath, err)
 	}
 
-	err = ioutil.WriteFile(metaDataPath, metaData, 0644)
+	err = os.WriteFile(metaDataPath, metaData, 0644)
 	if err != nil {
 		return fmt.Errorf("unable to create %s : %v", metaDataPath, err)
 	}
 
-	err = ioutil.WriteFile(userDataPath, userData, 0644)
+	err = os.WriteFile(userDataPath, userData, 0644)
 	if err != nil {
 		return fmt.Errorf("unable to create %s : %v", userDataPath, err)
 	}

src/runtime/pkg/govmm/qemu/qemu_test.go

@@ -7,7 +7,6 @@ package qemu
 
 import (
 	"fmt"
-	"io/ioutil"
 	"os"
 	"reflect"
 	"strings"
@@ -186,8 +185,8 @@ func TestAppendDeviceNetwork(t *testing.T) {
 }
 
 func TestAppendDeviceNetworkMq(t *testing.T) {
-	foo, _ := ioutil.TempFile(os.TempDir(), "govmm-qemu-test")
-	bar, _ := ioutil.TempFile(os.TempDir(), "govmm-qemu-test")
+	foo, _ := os.CreateTemp(os.TempDir(), "govmm-qemu-test")
+	bar, _ := os.CreateTemp(os.TempDir(), "govmm-qemu-test")
 
 	defer func() {
 		_ = foo.Close()

src/runtime/pkg/govmm/vmm_arm64.go

@@ -6,11 +6,11 @@
 
 package govmm
 
-//In qemu, maximum number of vCPUs depends on the GIC version, or on how
-//many redistributors we can fit into the memory map.
-//related codes are under github.com/qemu/qemu/hw/arm/virt.c(Line 135 and 1306 in stable-2.11)
-//for now, qemu only supports v2 and v3, we treat v4 as v3 based on
-//backward compatibility.
+// In qemu, maximum number of vCPUs depends on the GIC version, or on how
+// many redistributors we can fit into the memory map.
+// related codes are under github.com/qemu/qemu/hw/arm/virt.c(Line 135 and 1306 in stable-2.11)
+// for now, qemu only supports v2 and v3, we treat v4 as v3 based on
+// backward compatibility.
 var gicList = map[uint32]uint32{
 	uint32(2): uint32(8),
 	uint32(3): uint32(123),

src/runtime/pkg/katatestutils/constraints.go

@@ -87,15 +87,16 @@ func getKernelVersion() (string, error) {
 // Examples of actual kernel versions which can be made into valid semver
 // format by calling this function:
 //
-//   centos: 3.10.0-957.12.1.el7.x86_64
-//   fedora: 5.0.9-200.fc29.x86_64
+//	centos: 3.10.0-957.12.1.el7.x86_64
+//	fedora: 5.0.9-200.fc29.x86_64
 //
 // For some self compiled kernel, the kernel version will be with "+" as its suffix
 // For example:
-//   5.12.0-rc4+
+//
+//	5.12.0-rc4+
+//
 // These kernel version can't be parsed by the current lib and lead to panic
 // therefore the '+' should be removed.
-//
 func fixKernelVersion(version string) string {
 	version = strings.Replace(version, "_", "-", -1)
 	return strings.Replace(version, "+", "", -1)

src/runtime/pkg/katatestutils/constraints_api.go

@@ -84,12 +84,12 @@ func NewTestConstraint(debug bool) TestConstraint {
 //
 // Notes:
 //
-// - Constraints are applied in the order specified.
-// - A constraint type (user, kernel) can only be specified once.
-// - If the function fails to determine whether it can check the constraints,
-//   it will panic. Since this is facility is used for testing, this seems like
-//   the best approach as it unburdens the caller from checking for an error
-//   (which should never be ignored).
+//   - Constraints are applied in the order specified.
+//   - A constraint type (user, kernel) can only be specified once.
+//   - If the function fails to determine whether it can check the constraints,
+//     it will panic. Since this is facility is used for testing, this seems like
+//     the best approach as it unburdens the caller from checking for an error
+//     (which should never be ignored).
 func (tc *TestConstraint) NotValid(constraints ...Constraint) bool {
 	if len(constraints) == 0 {
 		panic("need atleast one constraint")

src/runtime/pkg/katautils/config.go

@@ -10,7 +10,6 @@ package katautils
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -38,11 +37,11 @@ const (
 // tables). The names of these tables are in dotted ("nested table")
 // form:
 //
-//   [<component>.<type>]
+//	[<component>.<type>]
 //
 // The components are hypervisor, and agent. For example,
 //
-//   [agent.kata]
+//	[agent.kata]
 //
 // The currently supported types are listed below:
 const (
@@ -166,6 +165,7 @@ type hypervisor struct {
 	DisableSeLinux                 bool     `toml:"disable_selinux"`
 	LegacySerial                   bool     `toml:"use_legacy_serial"`
 	GuestPreAttestation            bool     `toml:"guest_pre_attestation"`
+	EnableVCPUsPinning             bool     `toml:"enable_vcpus_pinning"`
 }
 
 type runtime struct {
@@ -851,6 +851,7 @@ func newQemuHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) {
 		GuestPreAttestationSecretType: h.GuestPreAttestationSecretType,
 		SEVGuestPolicy:                h.SEVGuestPolicy,
 		SEVCertChainPath:              h.SEVCertChainPath,
+		EnableVCPUsPinning:            h.EnableVCPUsPinning,
 	}, nil
 }
 
@@ -1448,7 +1449,7 @@ func decodeDropIns(mainConfigPath string, tomlConf *tomlConfig) error {
 	configDir := filepath.Dir(mainConfigPath)
 	dropInDir := filepath.Join(configDir, "config.d")
 
-	files, err := ioutil.ReadDir(dropInDir)
+	files, err := os.ReadDir(dropInDir)
 	if err != nil {
 		if !os.IsNotExist(err) {
 			return fmt.Errorf("error reading %q directory: %s", dropInDir, err)

src/runtime/pkg/oci/utils.go

@@ -654,6 +654,12 @@ func addHypervisorCPUOverrides(ocispec specs.Spec, sbConfig *vc.SandboxConfig) e
 		return err
 	}
 
+	if err := newAnnotationConfiguration(ocispec, vcAnnotations.EnableVCPUsPinning).setBool(func(enableVCPUsPinning bool) {
+		sbConfig.HypervisorConfig.EnableVCPUsPinning = enableVCPUsPinning
+	}); err != nil {
+		return err
+	}
+
 	return newAnnotationConfiguration(ocispec, vcAnnotations.DefaultMaxVCPUs).setUintWithCheck(func(maxVCPUs uint64) error {
 		max := uint32(maxVCPUs)
 

src/runtime/pkg/types/types_test.go

@@ -1,7 +1,6 @@
 // Copyright (c) 2020 Ant Group
 //
 // SPDX-License-Identifier: Apache-2.0
-//
 package types
 
 import (

src/runtime/pkg/utils/shimclient/shim_management_client.go

@@ -9,7 +9,6 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"time"
@@ -91,7 +90,7 @@ func DoPut(sandboxID string, timeoutInSeconds time.Duration, urlPath, contentTyp
 	}()
 
 	if resp.StatusCode != http.StatusOK {
-		data, _ := ioutil.ReadAll(resp.Body)
+		data, _ := io.ReadAll(resp.Body)
 		return fmt.Errorf("error sending put: url: %s, status code: %d, response data: %s", urlPath, resp.StatusCode, string(data))
 	}
 
@@ -117,7 +116,7 @@ func DoPost(sandboxID string, timeoutInSeconds time.Duration, urlPath, contentTy
 	}()
 
 	if resp.StatusCode != http.StatusOK {
-		data, _ := ioutil.ReadAll(resp.Body)
+		data, _ := io.ReadAll(resp.Body)
 		return fmt.Errorf("error sending post: url: %s, status code: %d, response data: %s", urlPath, resp.StatusCode, string(data))
 	}