CCv0: Merge main into CCv0 branch

Merge remote-tracking branch 'upstream/main' into CCv0 Fixes: #5824 Signed-off-by: stevenhorsman <steven@uk.ibm.com>
2026-01-18 05:44:24 +01:00 · 2022-12-02 16:15:39 +00:00
parent d910a79a3f 8246de821f
commit 578ee62da2
105 changed files with 4977 additions and 562 deletions
--- a/src/runtime/Makefile
+++ b/src/runtime/Makefile
@@ -817,6 +817,8 @@ handle_vendor:
 vendor: handle_vendor
 	./hack/tree_status.sh

+static-checks-build: $(GENERATED_FILES)
+
 clean:
 	$(QUIET_CLEAN)rm -f \
 		$(CONFIGS) \
--- a/src/runtime/cmd/containerd-shim-kata-v2/main.go
+++ b/src/runtime/cmd/containerd-shim-kata-v2/main.go
@@ -24,7 +24,7 @@ func shimConfig(config *shimapi.Config) {
 func main() {

 	if len(os.Args) == 2 && os.Args[1] == "--version" {
-		fmt.Printf("%s containerd shim: id: %q, version: %s, commit: %v\n", katautils.PROJECT, types.DefaultKataRuntimeName, katautils.VERSION, katautils.COMMIT)
+		fmt.Printf("%s containerd shim (Golang): id: %q, version: %s, commit: %v\n", katautils.PROJECT, types.DefaultKataRuntimeName, katautils.VERSION, katautils.COMMIT)
 		os.Exit(0)
 	}

--- a/src/runtime/cmd/kata-runtime/kata-check_generic_test.go
+++ b/src/runtime/cmd/kata-runtime/kata-check_generic_test.go
@@ -4,7 +4,6 @@
 //

 //go:build arm64 || ppc64le
-// +build arm64 ppc64le

 package main

--- a/src/runtime/cmd/kata-runtime/kata-env_generic_test.go
+++ b/src/runtime/cmd/kata-runtime/kata-env_generic_test.go
@@ -4,7 +4,6 @@
 //

 //go:build arm64 || ppc64le
-// +build arm64 ppc64le

 package main

--- a/src/runtime/go.mod
+++ b/src/runtime/go.mod
@@ -50,7 +50,6 @@ require (
 	go.opentelemetry.io/otel/exporters/jaeger v1.0.0
 	go.opentelemetry.io/otel/sdk v1.3.0
 	go.opentelemetry.io/otel/trace v1.3.0
-	golang.org/x/net v0.0.0-20220722155237-a158d28d115b
 	golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2
 	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f
 	google.golang.org/grpc v1.47.0
@@ -100,6 +99,7 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	go.mongodb.org/mongo-driver v1.7.5 // indirect
 	go.opencensus.io v0.23.0 // indirect
+	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
 	golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect
 	golang.org/x/text v0.3.7 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
--- a/src/runtime/pkg/govmm/qemu/qemu_arch_base_test.go
+++ b/src/runtime/pkg/govmm/qemu/qemu_arch_base_test.go
@@ -1,5 +1,4 @@
 //go:build !s390x
-// +build !s390x

 // Copyright contributors to the Virtual Machine Manager for Go project
 //
--- a/src/runtime/pkg/resourcecontrol/cgroups.go
+++ b/src/runtime/pkg/resourcecontrol/cgroups.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2021-2022 Apple Inc.
 //
--- a/src/runtime/virtcontainers/acrn.go
+++ b/src/runtime/virtcontainers/acrn.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2019 Intel Corporation
 //
--- a/src/runtime/virtcontainers/acrn_arch_base.go
+++ b/src/runtime/virtcontainers/acrn_arch_base.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2019 Intel Corporation
 //
--- a/src/runtime/virtcontainers/acrn_test.go
+++ b/src/runtime/virtcontainers/acrn_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2019 Intel Corporation
 //
--- a/src/runtime/virtcontainers/agent.go
+++ b/src/runtime/virtcontainers/agent.go
@@ -9,13 +9,13 @@ import (
 	"syscall"
 	"time"

+	"context"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/image"
 	persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api"
 	pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"golang.org/x/net/context"
 )

 type newAgentFuncKey struct{}
--- a/src/runtime/virtcontainers/clh.go
+++ b/src/runtime/virtcontainers/clh.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2019 Ericsson Eurolab Deutschland GmbH
 //
--- a/src/runtime/virtcontainers/clh_test.go
+++ b/src/runtime/virtcontainers/clh_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2019 Ericsson Eurolab Deutschland G.m.b.H.
 //
--- a/src/runtime/virtcontainers/fc.go
+++ b/src/runtime/virtcontainers/fc.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/fc_metrics.go
+++ b/src/runtime/virtcontainers/fc_metrics.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2020 Ant Group
 //
--- a/src/runtime/virtcontainers/fc_test.go
+++ b/src/runtime/virtcontainers/fc_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2019 Intel Corporation
 //
--- a/src/runtime/virtcontainers/ipvlan_endpoint.go
+++ b/src/runtime/virtcontainers/ipvlan_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/ipvlan_endpoint_test.go
+++ b/src/runtime/virtcontainers/ipvlan_endpoint_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/kata_agent.go
+++ b/src/runtime/virtcontainers/kata_agent.go
@@ -23,7 +23,6 @@ import (
 	"github.com/kata-containers/kata-containers/src/runtime/pkg/device/config"
 	volume "github.com/kata-containers/kata-containers/src/runtime/pkg/direct-volume"
 	"github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/katatrace"
-	resCtrl "github.com/kata-containers/kata-containers/src/runtime/pkg/resourcecontrol"
 	"github.com/kata-containers/kata-containers/src/runtime/pkg/uuid"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/image"
 	persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api"
@@ -35,10 +34,10 @@ import (
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils"

+	"context"
 	"github.com/gogo/protobuf/proto"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
-	"golang.org/x/net/context"
 	"golang.org/x/sys/unix"
 	"google.golang.org/grpc/codes"
 	grpcStatus "google.golang.org/grpc/status"
@@ -938,18 +937,19 @@ func (k *kataAgent) constrainGRPCSpec(grpcSpec *grpc.Spec, passSeccomp bool, str
 		grpcSpec.Linux.Resources.CPU.Mems = ""
 	}

+	// We need agent systemd cgroup now.
 	// There are three main reasons to do not apply systemd cgroups in the VM
 	// - Initrd image doesn't have systemd.
 	// - Nobody will be able to modify the resources of a specific container by using systemctl set-property.
 	// - docker is not running in the VM.
-	if resCtrl.IsSystemdCgroup(grpcSpec.Linux.CgroupsPath) {
-		// Convert systemd cgroup to cgroupfs
-		slice := strings.Split(grpcSpec.Linux.CgroupsPath, ":")
-		// 0 - slice: system.slice
-		// 1 - prefix: docker
-		// 2 - name: abc123
-		grpcSpec.Linux.CgroupsPath = filepath.Join("/", slice[1], slice[2])
-	}
+	// if resCtrl.IsSystemdCgroup(grpcSpec.Linux.CgroupsPath) {
+	// 	// Convert systemd cgroup to cgroupfs
+	// 	slice := strings.Split(grpcSpec.Linux.CgroupsPath, ":")
+	// 	// 0 - slice: system.slice
+	// 	// 1 - prefix: docker
+	// 	// 2 - name: abc123
+	// 	grpcSpec.Linux.CgroupsPath = filepath.Join("/", slice[1], slice[2])
+	// }

 	// Disable network namespace since it is already handled on the host by
 	// virtcontainers. The network is a complex part which cannot be simply
--- a/src/runtime/virtcontainers/kata_agent_test.go
+++ b/src/runtime/virtcontainers/kata_agent_test.go
@@ -573,7 +573,7 @@ func TestAppendVhostUserBlkDevices(t *testing.T) {

 func TestConstrainGRPCSpec(t *testing.T) {
 	assert := assert.New(t)
-	expectedCgroupPath := "/foo/bar"
+	expectedCgroupPath := "system.slice:foo:bar"

 	g := &pb.Spec{
 		Hooks: &pb.Hooks{},
--- a/src/runtime/virtcontainers/macvlan_endpoint.go
+++ b/src/runtime/virtcontainers/macvlan_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/macvlan_endpoint_test.go
+++ b/src/runtime/virtcontainers/macvlan_endpoint_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/macvtap_endpoint.go
+++ b/src/runtime/virtcontainers/macvtap_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/macvtap_endpoint_test.go
+++ b/src/runtime/virtcontainers/macvtap_endpoint_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/mock_agent.go
+++ b/src/runtime/virtcontainers/mock_agent.go
@@ -9,13 +9,13 @@ import (
 	"syscall"
 	"time"

+	"context"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/image"
 	persistapi "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/persist/api"
 	pbTypes "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/agent/protocols/grpc"
 	"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
-	"golang.org/x/net/context"
 )

 // mockAgent is an empty Agent implementation, for testing and
--- a/src/runtime/virtcontainers/physical_endpoint.go
+++ b/src/runtime/virtcontainers/physical_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/physical_endpoint_test.go
+++ b/src/runtime/virtcontainers/physical_endpoint_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu.go
+++ b/src/runtime/virtcontainers/qemu.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2016 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu_amd64.go
+++ b/src/runtime/virtcontainers/qemu_amd64.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu_amd64_test.go
+++ b/src/runtime/virtcontainers/qemu_amd64_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu_arch_base.go
+++ b/src/runtime/virtcontainers/qemu_arch_base.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu_arch_base_test.go
+++ b/src/runtime/virtcontainers/qemu_arch_base_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu_arm64.go
+++ b/src/runtime/virtcontainers/qemu_arm64.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/qemu_arm64_test.go
+++ b/src/runtime/virtcontainers/qemu_arm64_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 IBM
 //
--- a/src/runtime/virtcontainers/qemu_ppc64le.go
+++ b/src/runtime/virtcontainers/qemu_ppc64le.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 IBM
 //
--- a/src/runtime/virtcontainers/qemu_ppc64le_test.go
+++ b/src/runtime/virtcontainers/qemu_ppc64le_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 IBM
 //
--- a/src/runtime/virtcontainers/qemu_s390x.go
+++ b/src/runtime/virtcontainers/qemu_s390x.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 IBM
 //
--- a/src/runtime/virtcontainers/qemu_s390x_test.go
+++ b/src/runtime/virtcontainers/qemu_s390x_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 IBM
 //
--- a/src/runtime/virtcontainers/qemu_test.go
+++ b/src/runtime/virtcontainers/qemu_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2016 Intel Corporation
 //
--- a/src/runtime/virtcontainers/tap_endpoint.go
+++ b/src/runtime/virtcontainers/tap_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Huawei Corporation
 //
--- a/src/runtime/virtcontainers/tuntap_endpoint.go
+++ b/src/runtime/virtcontainers/tuntap_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Huawei Corporation
 // Copyright (c) 2019 Intel Corporation
--- a/src/runtime/virtcontainers/utils/utils.go
+++ b/src/runtime/virtcontainers/utils/utils.go
@@ -399,7 +399,7 @@ func MkdirAllWithInheritedOwner(path string, perm os.FileMode) error {
 		info, err := os.Stat(curPath)

 		if err != nil {
-			if err = os.Mkdir(curPath, perm); err != nil {
+			if err = os.MkdirAll(curPath, perm); err != nil {
 				return fmt.Errorf("mkdir call failed: %v", err.Error())
 			}
 			if err = syscall.Chown(curPath, uid, gid); err != nil {
--- a/src/runtime/virtcontainers/utils/utils_linux_generic.go
+++ b/src/runtime/virtcontainers/utils/utils_linux_generic.go
@@ -1,5 +1,4 @@
 //go:build amd64 || arm64 || s390x || !ppc64le
-// +build amd64 arm64 s390x !ppc64le

 // Copyright (c) 2019 IBM
 //
--- a/src/runtime/virtcontainers/veth_endpoint.go
+++ b/src/runtime/virtcontainers/veth_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/veth_endpoint_test.go
+++ b/src/runtime/virtcontainers/veth_endpoint_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/vhostuser_endpoint.go
+++ b/src/runtime/virtcontainers/vhostuser_endpoint.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //
--- a/src/runtime/virtcontainers/vhostuser_endpoint_test.go
+++ b/src/runtime/virtcontainers/vhostuser_endpoint_test.go
@@ -1,5 +1,4 @@
 //go:build linux
-// +build linux

 // Copyright (c) 2018 Intel Corporation
 //