Let's define agnostic commonkernelRootParams for all hypervisors,
including qemu, firecracker, etc. for now, it has two scenarios,
one for NVDIMM, one for virtio-blk.
Fixes: #1642
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
A file based memory backend mapped to the host, fot eg: '/dev/shm' will
be used by virtio-fs for performance reasons. This change is a generic
implementation of that for kata. This will be enabled default for
virtio-fs negating the need to enable hugepages in that scenario. This
option can be used without virtio-fs by setting 'file_mem_backend' to
the location in the configuration file. Default value is an empty
string.
Fixes: #1656
Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com>
After previous commit, found that kata-proxy is not quit
when vmcache server is stopped by ctrl-c.
The cause is current kata-proxy is setsid when it exec. It will
not get the signal ctrl-c.
Call vm.Disconnect() when close vm in cache factory to handle
this issue.
Fixes: #1726
Signed-off-by: Hui Zhu <teawater@hyper.sh>
There is an issue that ctrl-c stop vmcache server will stop all
containers that its VM is created by it.
The cause is kata-proxy and vmcache server use same tty, for example:
ps -e | grep kata
3617 pts/5 00:00:00 kata-runtime
3636 pts/5 00:00:00 kata-proxy
Ctrl-c will send signal to both kata-proxy and vmcache server.
Then the containers that its VM is created by this vmcache server will
quit with it.
Set Setsid to true when exec kata-proxy to handle this issue.
Fixes: #1726
Signed-off-by: Hui Zhu <teawater@hyper.sh>
Set qemu major/minor version when
running unit test TestQemuPPC64leMemoryTopology
on ppc64le & execute the unit test accordingly.
Fixes: #1308
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
We should not let shim or proxy read guest console socket if
agent debug console is set. Otherwise when we connect to it with
socat, it reads nothing since all output is read by the shim.
Fixes: #1700
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Fix the test case TestGetShmSizeBindMounted by
setting the right ShmSize for ppc64le.
Fixes: #1702
Signed-off-by: Nitesh Konkar niteshkonkar@in.ibm.com
If virtiofsd fails to initialize and stops unexpected,
qemu might hang forever. We just stop the qemu process.
Resource cleanup will be done by others.
Fixes: #1690
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Make sure the hypervisor is stopped if startSandbox does not succeed, by
calling stopSandbox.
Fixes: #1636
Signed-off-by: Marco Vedovati <mvedovati@suse.com>
If kata containers is using vfio and vhost net,the unbinding
of vfio would be hang. In the scenario, vhost net kernel thread
takes a reference to the qemu's mm, and the reference also includes
the mmap regions on the vfio device file. so vhost kernel thread
would be not released when qemu is killed as the vhost file
descriptor still is opened by shim v2 process, and the vfio device
is not released because there's still a reference to the mmap.
Fixes: #1669
Signed-off-by: Yang, Wei <w90p710@gmail.com>
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
Add a few minimal documents to allow all the documentation in this
repository to be navigated from the top-level README.
Fixes#1681.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Got a defunct kata-proxy after kata quit when VMCache is enabled.
The reason is vmcache server opens kata-proxy but doesn't wait it.
If VMCache is disabled, kata-runtime will quit before kata-proxy.
So it will not meet the issue.
Open a special goroutine do cmd.Wait in kataProxy.start to handle
the isssue.
Fixes: #1678
Signed-off-by: Hui Zhu <teawater@hyper.sh>
We should refine unit test which involves func SupportsVsocks and newly
reconstructed struct kernelModule.
Fixes: #1512
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
QEMU opens /dev/vhost-vsock and this causes vhost_vsock.ko to be
automatically loaded.
So, checking the existence of /dev/vhost-vsock is enough.
Fixes: #1512
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Setup rootfs to be RO both from the VMM point of view and the
VM point of view.
Fixes: #1632
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
When using experimental feature "newstore", we save and load devices
information from `persist.json` instead of `devices.json`, in such case,
file `devices.json` isn't needed anymore, so remove it.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Several cache modes are supported by virtio-fs. They affect the
performance and consistency characteristics of the file system.
For the time being cache="none" is recommended, but the other modes can
be experimented with.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Add VirtioFSCacheSize aka virtio_fs_cache_size option
to set the size (in MiB) of the DAX cache.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Firecracker does not support pci. It also uses kbd to implement reboot/reset.
Fix the kernel boot params to address this.
It also does not have good entropy at startup. Use the hardware random
number generator to support entropy.
Fixes: #1620
Signed-off-by: Manohar Castelino <manohar.r.castelino@intel.com>
This change updates the isSystemMount check for mountSharedDirMounts
when setting up shared directory mounts for the container and uses
the source of the mount instead of the destination for the check.
We want to exclude system mounts from the host side as they
shouldn't be mounted into the container.
We do however want to allow system mounts within the
container as denying them can prevent some containers from
running properly.
Fixes#1591
Signed-off-by: Alex Price <aprice@atlassian.com>
