Occassional coredumps and OOMs observed on shutdown path due to improper
BH handling during aio cleanup in QEMU. Thankfully this has been fixed
in upstream already -- let's carry this patch.
Fixes: #1717
Signed-off-by: Eric Ernst <eric_ernst@apple.com>
- release: Do not git add kata-{deploy,cleanup}.yaml for the tests repo
- kata-deploy: add runtimeclass that includes pod overhead
- release: automatically bump the version of the kata-deploy images
- Refine uevent matching conditions
- docs: update dev-guide to include fixes from 1.x
- virtcontainers: replace newStore by store in Sandbox struct
- agent: log the mount point if it is already mounted
- tools/agent-ctl: Update Cargo.lock
- agent: Rework the debug console
- oci: Update seccomp configuration
- kernel: update experimental kernel to 5.10.x
- kata-deploy: Fix `test-kata.sh` and do some small cleanups / improvements in the kata-deploy script
- github: Fix slash-command-action usage
- rustjail: fix the issue of missing default home env
- Make uevent watching mechanism more flexible
- ci/openshift-ci: Prepare to build on CentOS 8
- docs: update configuration for passing annotations in conatinerd
- Revert "github: Remove kata-deploy-test action"
- runtime: increase dial timeout
- qemu experimental: Move to latest tree on virtio-fs-dev (qemu 6.0 + DAX patches).
- github: Remove kata-deploy-test action
- agent: s390x statfs constants
- kernel: upgrade kernel to 5.10.x for arm64.
- Don't do anything in Pipestream::shutdown
- Fix fsgroup
- agent: Remove many "panic message is not string literal" warnings
- osbuilder: Update QAT Dockerfile with new QAT driver version
- osbuilder: update dockerfiles to utilize IMAGE_REGISTRY
- Only keep one VERSION file
- Dechat deruntime
- runtime: Format auto-generated client code for cloud-hypervisor API
- runtime: use concrete KataAgentConfig instead of interface type
- versions: Update cloud-hypervisor to release v0.14.1
- runtime: import runtime/v2/runc/options to decode request from Docker
- virtcontainers/fc: Upgrade Firecracker to v0.23.1
- docs: Remove ubuntu installation guide
- docs: Update snap install guide
- docs: update how-to-use-k8s-with-cri-containerd-and-kata.md
- Update install docs for Fedora and CentOS
- action: fix missing qemu tag
- Remove installation guides for SLE and openSUSE
- kernel: Enable OVERLAY_FS_{METACOPY,XINO_AUTO}
- versions: kernel 5.10.x
- virtcontainers: Fix missing contexts in s390x
- runtime: makefile allow override DAX value
11897248 release: Do not git add kata-{deploy,cleanup}.yaml for the tests repo
2b5f79d6 release: automatically bump the version of the kata-deploy images
8682d6b7 docs: update dev-guide to include fixes from 1.x
f444adb5 kata-cleanup: Explicitly add tag to the container image
12582c2f kata-deploy: add runtimeclass that includes pod overhead
d75fe956 virtcontainers: replace newStore by store in Sandbox struct
342eb765 tools/agent-ctl: Update Cargo.lock
24b0703f agent: fix test for the debug console
79033257 agent: async the debug console
8ea2ce9a agent/device: Remove legacy uevent matching
5d007743 agent/device: Refine uevent matching for pmem devices
9017e110 agent: start to rework the debug console
a59e07c1 agent/define: Refine uevent matching for virtio-scsi devices
484a3647 agent/device: Rework uevent handling for virtio-blk devices
7873b7a1 github: Fix slash-command-action usage
eda8da1e github: Revert "github: Remove kata-deploy-test action"
a938d903 rustjail: fix the issue of missing default home env
b0e4618e docs: update configuration for passing annotations in conatinerd
d43098ec kata-deploy: Adapt regex for testing kata-deploy
107ceca6 kernel: update experimental kernel to 5.10.x
ca4dccf9 release: Get rid of "master"
c2197cbf release: Use sudo to install hub
49eec920 agent: log the tag and mount point if it is already mounted
16f732fc ci/lib: Use git to clone the tests repository
9281e567 ci/openshift-ci: Add build root dockerfile
1cce9300 github: Remove kata-deploy-test action
0828f9ba agent/uevent: Introduce wait_for_uevent() helper
16ed55e4 agent/device: Use consistent matching for past and future uevents
4b16681d agent/uevent: Put matcher object rather than "device address" in watch list
b8b32248 agent/uevent: Consolidate event matching logic
d2caff6c agent: Re-organize uevent processing
55ed2ddd agent: Store uevent watchers in Vec rather than HashMap
91e0ef5c agent/uevent: Report whole Uevents to device watchers
36420054 agent: Store whole Uevent in map, rather than just /dev name
06162025 agent/device: Move GLOBAL_DEVICE_WATCHER into Sandbox
11ae32e3 agent/device: Fix path matching for PCI devices
4f608804 agent/device: Update test_get_device_name()
ee6a590d agent: add test test_pipestream_shutdown
4a2d4370 agent: don't do anything in Pipestream::shutdown
e3e670c5 agent/device: Forward port test for get_device_name() from Kata 1.x
ed08980f agent: Remove many "panic message is not string literal" warnings
f365bdb7 versions: qemu-experimental: 6.0~rc 470dd6
6491b9d7 qemu: Add support to build static qemu for dev tree
13653e7b runtime: increase dial timeout
935460e5 osbuilder: update dockerfiles to utilize IMAGE_REGISTRY
010d57f4 osbuilder: Update QAT Dockerfile with new QAT driver version
adb866ad kata-deploy: Adapt to the correct tag name
60adc7f0 VERSION: Use the correct form
a4c125a8 trace: move gRPC requests from debug to trace
50fff977 trace: move trace span chatter to trace rather than info
28bd8c11 kernel: upgrade kernel to 5.10.x for arm64.
6fe48329 runtime: use concrete KataAgentConfig instead of interface type
64939425 mount: fix the issue of missing set fsGroup
88e58a4f agent: fix the issue of missing pass fsGroup
572aff53 build: Only keep one VERSION file
0c38d9ec runtime: Fix the format of the client code of cloud-hypervisor APIs
52cacf88 runtime: Format auto-generated client code for cloud-hypervisor API
84b62dc3 versions: Update cloud-hypervisor to release v0.14.1
4a38ff41 docs: Update snap install guide
ede1ab86 docs: Remove ubuntu installation guide
6255cc19 virtcontainers/fc: Upgrade Firecracker to v0.23.1
2c47277c docs: update how-to-use-k8s-with-cri-containerd-and-kata.md
317f55f8 docs: Update minimum version for Fedora
1ce29fc9 docs: Update CentOS install docs
3f90561b docs: Update Fedora install docs
8a1c6c3f action: fix missing qemu tag
a9ff9c87 docs: Remove openSUSE installation guide
2888ceb0 docs: Remove SLE installation guide
09d454ac runtime: import runtime/v2/runc/options to decode request from Docker
0b502d15 runtime: makefile allow override DAX value
a65519b9 versions: keep using kernel 5.4.x for ARM
31ced01e virtcontainers: Fix missing contexts in s390x
52a276fb agent: Fix type for PROC_SUPER_MAGIC on s390x
5b7c8b7d agent: Update cgroups-rs to 0.2.5
c035cdb3 versions: kernel 5.10.x
660b0473 oci: Update seccomp configuration
8c1e0d30 kernel: Enable OVERLAY_FS_{METACOPY,XINO_AUTO}
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Let's teach `update-repository-version.sh` to automatically bump the
version of the kata-deploy images to be used within that release, when
running against the `kata-containers` repo.
Fixes: #1665
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
On commit 60f6315 we've started adding the specific version of the image
to be used, in order to ensure people using our content from a tarball
would be relying on the correct image.
However, later on, @bergwolf figured out it had some undesired side
effects, such as
https://github.com/kata-containers/kata-containers/runs/2235812941?check_suite_focus=true
What happens there is that the regular expression used to point the
image to a testing one doesn't take into consideration the $VERSION, and
that breaks the deployment.
Depends-on: github.com/kata-containers/kata-containers#1641
Fixes: #1632
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Relevant changes for experimental :
42d3e2d04 virtiofs: calculate number of scatter-gather elements accurately
413daa1a3 fuse: connection remove fix
bf109c640 fuse: implement crossmounts
1866d779d fuse: Allow fuse_fill_super_common() for submounts
fcee216be fuse: split fuse_mount off of fuse_conn
8f622e949 fuse: drop fuse_conn parameter where possible
24754db27 fuse: store fuse_conn in fuse_req
c6ff213fe fuse: add submount support to <uapi/linux/fuse.h>
d78092e49 fuse: fix page dereference after free
9a752d18c virtiofs: add logic to free up a memory range
d0cfb9dcb virtiofs: maintain a list of busy elements
6ae330cad virtiofs: serialize truncate/punch_hole and dax fault path
9483e7d58 virtiofs: define dax address space operations
2a9a609a0 virtiofs: add DAX mmap support
c2d0ad00d virtiofs: implement dax read/write operations
ceec02d43 virtiofs: introduce setupmapping/removemapping commands
fd1a1dc6f virtiofs: implement FUSE_INIT map_alignment field
45f2348ec virtiofs: keep a list of free dax memory ranges
1dd539577 virtiofs: add a mount option to enable dax
22f3787e9 virtiofs: set up virtio_fs dax_device
f4fd4ae35 virtiofs: get rid of no_mount_options
b43b7e81e virtiofs: provide a helper function for virtqueue initialization
Fixes: #1639
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
This doesn't make much difference for the automated process we have in
place, but makes a whole lot of difference for those trying to have the
binaries deployed locally.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Update static build scripts to allow build qemu dev tree.
When qemu starts the process for a new version the patch number
from the qemu version is more than 50. Add logic to detect it
and not apply patches fro the base branch.
For example:
Qemu 5.2.50 means the beginning for 6.0 development. After detect a
development version, patches for 5.2.x will not be applied.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
In kernel 5.10.x on arm64 side, When CONFIG_RANDOM_BASE is enabled,
physical base address can be a negative number. It may lead to bug
when a PA is taken as a unsigned number in comparison, as PA is
calculated based on the physical base address. The bug has been fixed
latest code by commit ee7febce051945be2 in memory hotplug zone. We can
eliminate the bug in an easy way by casting the PA as a signed value in
the current code base to avoid lots of backport.
Depends-on: github.com/kata-containers/tests#3388
Fixes: #1596
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Instead of having different VERSION files spread accross the project,
let's always use the one in the topsrcdir and remove all the others,
keeping only a synlink to the topsrcdir one.
Fixes: #1579
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Linux 5.10.x is the new LTS branch, move
kata to a more recent kernel branch.
Fixes: #1288
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Split qemu script to build qemu experimental using
same dockerfile.
Fixes: #1421
Depends-on: github.com/kata-containers/tests#3255
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Let's ensure we use the appropriate tag for the release, even before it
was actually created.
Fixes: #1493
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Add arguments and files as needed, if only of them
changes the build will start from the change and
not from scratch.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Add docker ARG to provide a date to invalid cache, if the date changes
the image will be rebuild. This is required to keep build dependencies
with security fixes, but still take advantage of build qemu faster using
docker cache.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Today we apply patches per base branch. Having
two qemu versions in a similar base version can make
can have problems if one of the trees already has a patch.
If a patch is needed only for one specific tag/commit
add only the patch to that version.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
When kata used multiple repositories, versions file was
downloaded. This is not needed anymore as the file is part
of the same repository.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Fail if not patches directory is found. Help to prevent
build a new qemu version with missing patches.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Some patches has conflicts with old experimental kernel. Move patches to its own specific version.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Currently the the configure-hypervisor.sh doesn't set any optimization flag when
compiling QEMU >= 5.2.0 since the configure script will implicitly set -O2 on Ubuntu. But
on other environments, for example CentOS 7, it won't be set any optimization and this
results on the compiler warn:
# warning _FORTIFY_SOURCE requires compiling with optimization (-O)
To avoid this inconsistent behavior across different build environments, let's explicitly
set the -O2 flag.
Reported-by: Eric Ernst <eric.g.ernst@gmail.com>
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
QEMU 5.2.0 needs ninja-build package installed on the build environment.
The default-configs were copied to $QEMU_SRC/default-configs but that does
take any effect, so instead it is now copied to $QEMU_SRC/default-configs/devices
and the configs for i386 were updated.
Also it had to change some arguments being passed to configure as Meson was failing
due inconsistent paths:
./meson.build:1:0: ERROR: The value of the 'libdir' option is '/usr/lib/qemu' which must be a subdir of the prefix '/snap/kata-containers/current/usr'.
Note that if you pass a relative path, it is assumed to be a subdir of prefix.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
This change the version of QEMU used in the tests and CI.
The scripts/configure-hypervisor.sh was changed so that:
- Passing the `--enable-virtiofsd` flag
- Do not compiling with -O3 to avoid the warning:
Program python3 found: YES (/usr/bin/python3)
../meson.build:104: WARNING: Consider using the built-in optimization level instead of using "-O3".
../meson.build:108: WARNING: Consider using the built-in optimization level instead of using "-O3".
The qemu.blacklist files was changed so that new and uneeded firmware files are removed from the
final tarball. Except for qboot.rom which is new but kept, since it can be used with microvm
machine type (in case we want to enable microvm in the future).
The patches which are applied on QEMU sources:
- 0001-virtiofsd-Allow-to-build-it-without-the-tools.patch
(Build fix for Meson - allows passing `--disable-tools --enable-virtiofsd`)
- 0002-virtiofsd-extract-lo_do_open-from-lo_open.patch
0003-virtiofsd-optionally-return-inode-pointer-from-lo_do.patch
0004-virtiofsd-prevent-opening-of-special-files-CVE-2020-.patch
0005-virtiofsd-Add-_llseek-to-the-seccomp-whitelist.patch
0006-virtiofsd-Add-restart_syscall-to-the-seccomp-whiteli.patch
(Security fixes for virtiofsd)
- 0007-9p-removing-coroutines-of-9p-to-increase-the-I-O-per.patch
(Performance improvement for 9p driver)
- 0008-hw-s390x-fix-build-for-virtio-9p-ccw.patch
(Build fix for virtio-9p-ccw machine type)
Fixes: #1238
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
The scripts/configure-hypervisor.sh split the QEMU and GCC version
in major and minor versions then use those values on shell conditionals
to compare versions. This is error prone, so instead this change the script
to use the `sort -V -C ` command for version comparisons.
Fixes: #1349
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
There's no runtime repo anymore, let's avoid making a reference to it,
which may end up confusing people reading the Release-Process file.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
All the work done on this file, apart from merging the 2.x repo, and now
removing unused lines, comes from Intel.
The reason it's being added is to silent a complaint from the static
checker.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
There's no more NEMU, for some time already. Considering this, let's
just remove any mention to it as part of our project.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
There's no reason to ship qemu & qemu-virtiofs when the former already
includes vitiofs support (and that's the default for 2.x deployments).
In case we will enable experimental qemu DAX support, we should add a
new target, a "qemu-experimental" target, as Carlos has been working on.
Fixes: #1424
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
The docker script has been removed as part of
62cbaf4de4, but references to it were left
behind in the artifact-list.sh, release/kata-deploy-binaries.sh, and
kata-deploy/Dockerfile.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
For Kata Containers 2.x, CRI-O should always be using the
`containerd-shim-kata-v2` binary, and always be configured to use the
"vm" runtime type, developed specifically for the shimv2, instead of the
default "oci" runtime type.
I've taken the liberty to try to simplify the CRI-O script and make it
less error prone. In the future, we can start dropping a configuration
file to /etc/crio/crio.conf.d and just removing it as part of the
cleanup, but that's for the future.
Fixes: #1357
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Factoring those pieces of code to their own functions allows us to
easily re-use them when creating & cleaning up the CRI-O configuration
files, as CRI-O is also affected by the issues that are still opened.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Our list was based on what we used to ship for Kata Containers 1.x, not
even taking into account the shimv2 binary.
Let's update it in order to reflect better what we currently distribute.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
