aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2025-12-21 08:14:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,569 Commits 30 Branches 115 Tags
patch-1
Commit Graph

3879 Commits

Author SHA1 Message Date
Tim Zhang
427b29454a Merge pull request #4709 from liubin/fix/4708-unwrap-error 
rustjail: check result to let it return early
 2022-07-25 15:05:20 +08:00
Quanwei Zhou
c825065b27 runtime-rs: fix tc filter setup failed 
Fix bug using tc filter and protocol needs to use network byte order.

Fixes: #4726
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-25 11:16:33 +08:00
Quanwei Zhou
e0194dcb5e runtime-rs: update route destination with prefix 
Update route destination with prefix.

Fixes: #4726
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-25 11:16:22 +08:00
Wainer Moschetta
0b4a91ec1a Merge pull request #4644 from bookinabox/optimize-get-paths 
cgroups: remove unnecessary get_paths()
 2022-07-22 17:01:01 -03:00
Ji-Xinyou
896478c92b runtime-rs: add functionalities support for macvlan and vlan endpoints 
Add macvlan and vlan support to runtime-rs code and corresponding unit
tests.

Fixes: #4701
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
 2022-07-22 10:09:11 +08:00
Tim Zhang
912641509e agent: fix fd-double-close problem in ut test_do_write_stream 
The fd will closed on struct Process's dropping, so don't
close it again manually.

Fixes: #4598

Signed-off-by: Tim Zhang <tim@hyper.sh>
 2022-07-21 19:37:15 +08:00
Zhongtao Hu
43045be8d1 runtime-rs: handle default_vcpus greator than default_maxvcpu 
when the default_vcpus is greater than the default_maxvcpus, the default
vcpu number should be set equal to the default_maxvcpus.

Fixes: #4712
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-07-21 16:37:56 +08:00
liubin
0d7cb7eb16 agent: delete agent-type property in announce 
Since there is only one type of agent now, the
agent-type is not needed anymore.

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-07-21 14:53:01 +08:00
liubin
eec9ac81ef rustjail: check result to let it return early. 
check the result to let it return early if there are some errors

Fixes: #4708

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-07-21 14:51:30 +08:00
Quanwei Zhou
54f53d57ef runtime-rs: support disable_guest_seccomp 
support disable_guest_seccomp

Fixes: #4691
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-21 07:46:28 +08:00
Bin Liu
540303880e Merge pull request #4688 from quanweiZhou/fix_sandbox_cgroup_false 
runtime-rs: fix sandbox_cgroup_only=false panic
 2022-07-19 20:38:57 +08:00
Peng Tao
7c146a5d95 Merge pull request #4684 from quanweiZhou/fix-ctr-exit-error 
runtime-rs: fix ctr exit failed
 2022-07-19 16:02:20 +08:00
Peng Tao
4c3bd6b1d1 Merge pull request #4656 from openanolis/runtime-rs-ipvlan 
runtime-rs: support functionalities of ipvlan endpoint
 2022-07-19 11:15:31 +08:00
Bin Liu
960f2a7f70 Merge pull request #4678 from Tim-0731-Hzt/runtime-rs-makefile-2 
runtime-rs: remove the value of hypervisor path in DB config
 2022-07-19 09:34:45 +08:00
Quanwei Zhou
e9988f0c68 runtime-rs: fix sandbox_cgroup_only=false panic 
When run with configuration `sandbox_cgroup_only=false`, we will call
`gen_overhead_path()` as the overhead path. The `cgroup-rs` will push
the path with the subsystem prefix by `PathBuf::push()`. When the path
has prefix “/” it will act as root path, such as
```
let mut path = PathBuf::from("/tmp");
path.push("/etc");
assert_eq!(path, PathBuf::from("/etc"));
```
So we shoud not set overhead path with prefix "/".

Fixes: #4687
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-19 08:30:34 +08:00
Quanwei Zhou
cebbebbe8a runtime-rs: fix ctr exit failed 
During use, there will be cases where the container is in the stop state
and get another stop. In this case, the second stop needs to be ignored.

Fixes: #4683
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-19 07:43:22 +08:00
Bin Liu
758cc47b32 Merge pull request #4671 from liubin/4670-upgrade-nix 
kata-sys-util: upgrade nix version
 2022-07-18 23:31:07 +08:00
Ji-Xinyou
62182db645 runtime-rs: add unit test for ipvlan endpoint 
Add unit test to check the integrity of IPVlanEndpoint::new(...)

Fixes: #4655
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
 2022-07-18 15:56:06 +08:00
xuejun-xj
99654ce694 runtime-rs: update dbs-xxx dependencies 
Update dbs-xxx commit ID for aarch64 in runtime-rs/Cargo.toml file to add
dependencies for aarch64.

Fixes: #4676

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
 2022-07-18 13:46:46 +08:00
xuejun-xj
f4c3adf596 runtime-rs: Add compile option file 
Add file aarch64-options.mk for compiling on aarch64 architectures.

Fixes: #4676

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
 2022-07-18 13:46:46 +08:00
xuejun-xj
545ae3f0ee runtime-rs: fix warning 
Module anyhow::anyhow is only used on x86_64 architecture in
crates/hypervisor/src/device/vfio.rs file.

Fixes: #4676

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
 2022-07-18 13:46:39 +08:00
Zhongtao Hu
19eca71cd9 runtime-rs: remove the value of hypervisor path in DB config 
As a built in VMM, Path, jailer path, ctlpath are not needed for
Dragonball. So we don't generate those value in Makefile.

Fixes: #4677
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-07-18 13:37:51 +08:00
Ji-Xinyou
d8920b00cd runtime-rs: support functionalities of ipvlan endpoint 
Add support for ipvlan endpoint

Fixes: #4655
Signed-off-by: Ji-Xinyou <jerryji0414@outlook.com>
 2022-07-18 11:34:03 +08:00
xuejun-xj
2b01e9ba40 dragonball: fix warning 
Add map_err for vcpu_manager.set_reset_event_fd() function.

Fixes: #4676

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
 2022-07-18 09:52:13 +08:00
liubin
996a6b80bc kata-sys-util: upgrade nix version 
New nix is supporting UMOUNT_NOFOLLOW, upgrade nix
version to use this flag instead of the self-defined flag.

Fixes: #4670

Signed-off-by: liubin <liubin0329@gmail.com>
 2022-07-15 17:38:15 +08:00
Fupan Li
d93e4b939d container: kill all of the processes in this container 
When a container terminated, we should make sure there's no processes
left after destroying the container.

Before this commit, kata-agent depended on the kernel's pidns
to destroy all of the process in a container after the 1 process
exit in a container. This is true for those container using a
separated pidns, but for the case of shared pidns within the
sandbox, the container exit wouldn't trigger the pidns terminated,
and there would be some daemon process left in this container, this
wasn't expected.

Fixes: #4663

Signed-off-by: Fupan Li <fupan.lfp@antgroup.com>
 2022-07-14 16:39:49 +08:00
Bin Liu
575b5eb5f5 Merge pull request #4506 from cyyzero/runk-exec 
runk: Support `exec` sub-command
 2022-07-14 14:22:24 +08:00
Quanwei Zhou
3c989521b1 dragonball: update for review 
update for review

Fixes: #3785
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
 2022-07-14 10:43:59 +08:00
wllenyj
274598ae56 kata-runtime: add dragonball config check support. 
add dragonball config check support.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-07-14 10:43:50 +08:00
Chao Wu
1befbe6738 runtime-rs: Cargo lock for fix version problem 
Cargo lock for fix version problem

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-14 08:49:39 +08:00
Quanwei Zhou
3d6156f6ec runtime-rs: support dragonball and runtime-binary 
Fixes: #3785
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-07-14 08:49:30 +08:00
Zhongtao Hu
3f6123b4dd libs: update configuration and annotations 
1. support annotation for runtime.name, hypervisor_name, agent_name.
2. fix parse memory from annotation

Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-07-14 08:49:17 +08:00
Derek Lee
9ae2a45b38 cgroups: remove unnecessary get_paths() 
Change get_mounts to get paths from a borrowed argument rather than
calling get_paths a second time.

Fixes #3768

Signed-off-by: Derek Lee <derlee@redhat.com>
 2022-07-13 09:17:14 -07:00
Fabiano Fidêncio
be31207f6e clh: Don't crash if no network device is set by the upper layer 
`ctr` doesn't set a network device when creating the sandbox, which
leads to Cloud Hypervisor's driver crashing, see the log below:
```
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x55641c23b248]
goroutine 32 [running]:
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.glob..func1(0xc000397900)
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:163 +0x128
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*cloudHypervisor).vmAddNetPut(...)
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:1348
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*cloudHypervisor).bootVM(0xc000397900, {0x55641c76dfc0, 0xc000454ae0})
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:1378 +0x5a2
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*cloudHypervisor).StartVM(0xc000397900, {0x55641c76dff8, 0xc00044c240},
0x55641b8016fd)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:659 +0x7ee
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*Sandbox).startVM.func2()
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/sandbox.go:1219 +0x190
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*LinuxNetwork).Run.func1({0xc0004a8910, 0x3b})
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/network_linux.go:319 +0x1b
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.doNetNS({0xc000048440, 0xc00044c240}, 0xc0005d5b38)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/network_linux.go:1045 +0x163
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*LinuxNetwork).Run(0xc000150c80, {0x55641c76dff8, 0xc00044c240}, 0xc00014e4e0)
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/network_linux.go:318 +0x105
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*Sandbox).startVM(0xc000107d40, {0x55641c76dff8, 0xc0005529f0})
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/sandbox.go:1205 +0x65f
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.createSandboxFromConfig({_, _}, {{0x0, 0x0, 0x0}, {0xc000385a00, 0x1, 0x1},
{0x55641d033260, 0x0, ...}, ...}, ...)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/api.go:91 +0x346
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.CreateSandbox({_, _}, {{0x0, 0x0, 0x0}, {0xc000385a00, 0x1, 0x1},
{0x55641d033260, 0x0, ...}, ...}, ...)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/api.go:51 +0x150
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*VCImpl).CreateSandbox(_, {_, _}, {{0x0, 0x0, 0x0}, {0xc000385a00, 0x1, 0x1},
{0x55641d033260, ...}, ...})
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/implementation.go:35 +0x74
github.com/kata-containers/kata-containers/src/runtime/pkg/katautils.CreateSandbox({_, _}, {_, _}, {{0xc0004806c0, 0x9}, 0xc000140110, 0xc00000f7a0,
{0x0, 0x0}, ...}, ...)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/create.go:175 +0x8b6
github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2.create({0x55641c76dff8, 0xc0004129f0}, 0xc00034a000, 0xc00036a000)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2/create.go:147 +0xdea
github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2.(*service).Create.func2()
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2/service.go:401 +0x32
created by github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2.(*service).Create
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2/service.go:400 +0x534
```

This bug has been introduced as part of the
https://github.com/kata-containers/kata-containers/pull/4312 PR, which
changed how we add the network device.

In order to avoid the crash, let's simply check whether we have a device
to be added before iterating the list of network devices.

Fixes: #4618

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-07-13 10:40:21 +02:00
Fabiano Fidêncio
dc3b6f6592 versions: Update Cloud Hypervisor to v25.0 
Cloud Hypervisor v25.0 has been released on July 7th, 2022, and brings
the following changes:

**ch-remote Improvements**
The ch-remote command has gained support for creating the VM from a JSON
config and support for booting and deleting the VM from the VMM.

**VM "Coredump" Support**
Under the guest_debug feature flag it is now possible to extract the memory
of the guest for use in debugging with e.g. the crash utility.
(https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4012)

**Notable Bug Fixes**
* Always restore console mode on exit
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4249,
   https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4248)
* Restore vCPUs in numerical order which fixes aarch64 snapshot/restore
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4244)
* Don't try and configure IFF_RUNNING on TAP devices
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4279)
* Propagate configured queue size through to vhost-user backend
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4286)
* Always Program vCPU CPUID before running the vCPU to fix running on Linux
  5.16
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4156)
* Enable ACPI MADT "Online Capable" flag for hotpluggable vCPUs to fix newer
  Linux guest

**Removals**
The following functionality has been removed:

* The mergeable option from the virtio-pmem support has been removed
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/3968)
* The dax option from the virtio-fs support has been removed
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/3889)

Fixes: #4641

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-07-12 14:47:58 +00:00
Bin Liu
f3335c99ce Merge pull request #4614 from Tim-0731-Hzt/runtime-rs-merge-main 
Runtime-rs merge main
 2022-07-12 19:25:11 +08:00
xuejun-xj
d2584991eb dragonball: fix dependency unused warning 
Fix the warning "unused import: `dbs_arch::gic::Error as GICError`" and
"unused import: `dbs_arch::gic::GICDevice`" in file src/vm/mod.rs when
compiling.

Fixes: #4544

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
 2022-07-11 17:55:04 +08:00
xuejun-xj
458f6f42f6 dragonball: use const string for legacy device type 
As string "com1", "com2" and "rtc" are used in two files
(device_manager/mod.rs and device_manager/legacy.rs), we use public
const variables COM1, COM2 and RTC to replace them respectively.

Fixes: #4544

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
 2022-07-11 17:46:10 +08:00
Zhongtao Hu
0826a2157d Merge remote-tracking branch 'origin/main' into runtime-rs-1 
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-07-11 09:47:23 +08:00
xuejun-xj
f6f96b8fee dragonball: add legacy device support for aarch64 
Implement RTC device for aarch64.

Fixes: #4544

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
 2022-07-10 17:35:30 +08:00
xuejun-xj
7a4183980e dragonball: add device info support for aarch64 
Implement generate_virtio_device_info() and
get_virtio_mmio_device_info() functions su support the mmio_device_info
member, which is used by FDT.

Fixes: #4544

Signed-off-by: xuejun-xj <jiyunxue@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
 2022-07-10 17:09:59 +08:00
Chao Wu
9cee52153b fmt: do cargo fmt and add a dependency for blk_dev 
fmt: do cargo fmt and add a dependency for blk_dev

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
47a4142e0d fs: change vhostuser and virtio into const 
change fs mode vhostuser and virtio into const.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
e14e98bbeb cpu_topo: add handle_cpu_topology function 
add handle_cpu_topology funciton to make it easier to understand the
set_vm_configuration function.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
5d3b53ee7b downtime: add downtime support 
add downtime support in `resume_all_vcpus_with_downtime`

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
6a1fe85f10 vfio: add vfio as TODO 
We add vfio as TODO in this commit and create a github issue for this.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
5ea35ddcdc refractor: remove redundant by_id 
remove redundant by_id in get_vm_by_id_mut and get_vm_by_id. They are
optimized to get_vm_mut and get_vm.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
b646d7cb37 config: remove ht_enabled 
Since cpu topology could tell whether hyper thread is enabled or not, we
removed ht_enabled config from VmConfigInfo

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
cb54ac6c6e memory: remove reserve_memory_bytes 
This is currently an unsupported feature and we will remove it from the
current code.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
bde6609b93 hotplug: add room for other hotplug solution 
Add room in the code for other hotplug solution without upcall

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00