aljaz/kata-containers
1
0
Fork 0
mirror of https://github.com/aljazceru/kata-containers.git synced 2026-01-23 08:14:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,257 Commits 30 Branches 115 Tags
c19cebfa801ef4c9baff9cceb0d18a7bbbef2cbd
Commit Graph

3398 Commits

Author SHA1 Message Date
Zhongtao Hu
3f6123b4dd libs: update configuration and annotations 
1. support annotation for runtime.name, hypervisor_name, agent_name.
2. fix parse memory from annotation

Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-07-14 08:49:17 +08:00
Derek Lee
9ae2a45b38 cgroups: remove unnecessary get_paths() 
Change get_mounts to get paths from a borrowed argument rather than
calling get_paths a second time.

Fixes #3768

Signed-off-by: Derek Lee <derlee@redhat.com>
 2022-07-13 09:17:14 -07:00
Fabiano Fidêncio
be31207f6e clh: Don't crash if no network device is set by the upper layer 
`ctr` doesn't set a network device when creating the sandbox, which
leads to Cloud Hypervisor's driver crashing, see the log below:
```
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x55641c23b248]
goroutine 32 [running]:
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.glob..func1(0xc000397900)
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:163 +0x128
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*cloudHypervisor).vmAddNetPut(...)
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:1348
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*cloudHypervisor).bootVM(0xc000397900, {0x55641c76dfc0, 0xc000454ae0})
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:1378 +0x5a2
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*cloudHypervisor).StartVM(0xc000397900, {0x55641c76dff8, 0xc00044c240},
0x55641b8016fd)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/clh.go:659 +0x7ee
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*Sandbox).startVM.func2()
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/sandbox.go:1219 +0x190
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*LinuxNetwork).Run.func1({0xc0004a8910, 0x3b})
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/network_linux.go:319 +0x1b
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.doNetNS({0xc000048440, 0xc00044c240}, 0xc0005d5b38)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/network_linux.go:1045 +0x163
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*LinuxNetwork).Run(0xc000150c80, {0x55641c76dff8, 0xc00044c240}, 0xc00014e4e0)
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/network_linux.go:318 +0x105
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*Sandbox).startVM(0xc000107d40, {0x55641c76dff8, 0xc0005529f0})
	/home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/sandbox.go:1205 +0x65f
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.createSandboxFromConfig({_, _}, {{0x0, 0x0, 0x0}, {0xc000385a00, 0x1, 0x1},
{0x55641d033260, 0x0, ...}, ...}, ...)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/api.go:91 +0x346
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.CreateSandbox({_, _}, {{0x0, 0x0, 0x0}, {0xc000385a00, 0x1, 0x1},
{0x55641d033260, 0x0, ...}, ...}, ...)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/api.go:51 +0x150
github.com/kata-containers/kata-containers/src/runtime/virtcontainers.(*VCImpl).CreateSandbox(_, {_, _}, {{0x0, 0x0, 0x0}, {0xc000385a00, 0x1, 0x1},
{0x55641d033260, ...}, ...})
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/virtcontainers/implementation.go:35 +0x74
github.com/kata-containers/kata-containers/src/runtime/pkg/katautils.CreateSandbox({_, _}, {_, _}, {{0xc0004806c0, 0x9}, 0xc000140110, 0xc00000f7a0,
{0x0, 0x0}, ...}, ...)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/create.go:175 +0x8b6
github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2.create({0x55641c76dff8, 0xc0004129f0}, 0xc00034a000, 0xc00036a000)
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2/create.go:147 +0xdea
github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2.(*service).Create.func2()
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2/service.go:401 +0x32
created by github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2.(*service).Create
        /home/ubuntu/go/src/github.com/kata-containers/kata-containers/src/runtime/pkg/containerd-shim-v2/service.go:400 +0x534
```

This bug has been introduced as part of the
https://github.com/kata-containers/kata-containers/pull/4312 PR, which
changed how we add the network device.

In order to avoid the crash, let's simply check whether we have a device
to be added before iterating the list of network devices.

Fixes: #4618

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-07-13 10:40:21 +02:00
Fabiano Fidêncio
dc3b6f6592 versions: Update Cloud Hypervisor to v25.0 
Cloud Hypervisor v25.0 has been released on July 7th, 2022, and brings
the following changes:

**ch-remote Improvements**
The ch-remote command has gained support for creating the VM from a JSON
config and support for booting and deleting the VM from the VMM.

**VM "Coredump" Support**
Under the guest_debug feature flag it is now possible to extract the memory
of the guest for use in debugging with e.g. the crash utility.
(https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4012)

**Notable Bug Fixes**
* Always restore console mode on exit
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4249,
   https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4248)
* Restore vCPUs in numerical order which fixes aarch64 snapshot/restore
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4244)
* Don't try and configure IFF_RUNNING on TAP devices
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4279)
* Propagate configured queue size through to vhost-user backend
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4286)
* Always Program vCPU CPUID before running the vCPU to fix running on Linux
  5.16
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/4156)
* Enable ACPI MADT "Online Capable" flag for hotpluggable vCPUs to fix newer
  Linux guest

**Removals**
The following functionality has been removed:

* The mergeable option from the virtio-pmem support has been removed
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/3968)
* The dax option from the virtio-fs support has been removed
  (https://github.com/cloud-hypervisor/cloud-hypervisor/issues/3889)

Fixes: #4641

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
 2022-07-12 14:47:58 +00:00
Bin Liu
f3335c99ce Merge pull request #4614 from Tim-0731-Hzt/runtime-rs-merge-main 
Runtime-rs merge main
 2022-07-12 19:25:11 +08:00
xuejun-xj
d2584991eb dragonball: fix dependency unused warning 
Fix the warning "unused import: `dbs_arch::gic::Error as GICError`" and
"unused import: `dbs_arch::gic::GICDevice`" in file src/vm/mod.rs when
compiling.

Fixes: #4544

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
 2022-07-11 17:55:04 +08:00
xuejun-xj
458f6f42f6 dragonball: use const string for legacy device type 
As string "com1", "com2" and "rtc" are used in two files
(device_manager/mod.rs and device_manager/legacy.rs), we use public
const variables COM1, COM2 and RTC to replace them respectively.

Fixes: #4544

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
 2022-07-11 17:46:10 +08:00
Zhongtao Hu
0826a2157d Merge remote-tracking branch 'origin/main' into runtime-rs-1 
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
 2022-07-11 09:47:23 +08:00
xuejun-xj
f6f96b8fee dragonball: add legacy device support for aarch64 
Implement RTC device for aarch64.

Fixes: #4544

Signed-off-by: xuejun-xj <jiyunxue@alibaba.linux.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
 2022-07-10 17:35:30 +08:00
xuejun-xj
7a4183980e dragonball: add device info support for aarch64 
Implement generate_virtio_device_info() and
get_virtio_mmio_device_info() functions su support the mmio_device_info
member, which is used by FDT.

Fixes: #4544

Signed-off-by: xuejun-xj <jiyunxue@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
 2022-07-10 17:09:59 +08:00
Chao Wu
9cee52153b fmt: do cargo fmt and add a dependency for blk_dev 
fmt: do cargo fmt and add a dependency for blk_dev

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
47a4142e0d fs: change vhostuser and virtio into const 
change fs mode vhostuser and virtio into const.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
e14e98bbeb cpu_topo: add handle_cpu_topology function 
add handle_cpu_topology funciton to make it easier to understand the
set_vm_configuration function.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
5d3b53ee7b downtime: add downtime support 
add downtime support in `resume_all_vcpus_with_downtime`

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
6a1fe85f10 vfio: add vfio as TODO 
We add vfio as TODO in this commit and create a github issue for this.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
5ea35ddcdc refractor: remove redundant by_id 
remove redundant by_id in get_vm_by_id_mut and get_vm_by_id. They are
optimized to get_vm_mut and get_vm.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
b646d7cb37 config: remove ht_enabled 
Since cpu topology could tell whether hyper thread is enabled or not, we
removed ht_enabled config from VmConfigInfo

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
cb54ac6c6e memory: remove reserve_memory_bytes 
This is currently an unsupported feature and we will remove it from the
current code.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
bde6609b93 hotplug: add room for other hotplug solution 
Add room in the code for other hotplug solution without upcall

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
wllenyj
d88b1bf01c dragonball: update vsock dependency 
1. fix vsock device init failed
2. fix VsockDeviceConfigInfo not found

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
dd003ebe0e Dragonball: change error name and fix compile error 
Change error name from `StartMicrovm` to `StartMicroVm`,
`StartMicrovmError` to `StartMicroVmError`.

Besides, we fix a compile error in config_manager.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
38957fe00b UT: fix compile error in unit tests 
fix compile error in unit tests for DummyConfigInfo.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
wllenyj
11b3f95140 dragonball: add virtio-fs device support 
Virtio-fs devices are supported.

Fixes: #4257

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
wllenyj
948381bdbe dragonball: add virtio-net device support 
Virtio-net devices are supported.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
wllenyj
3d20387a25 dragonball: add virtio-blk device support 
Virtio-blk devices are supported.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-07-07 10:32:35 +08:00
Chao Wu
87d38ae49f Doc: add document for Dragonball API 
add detailed explanation for Dragonball API

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-07 10:32:26 +08:00
Chen Yiyang
f59939a31f runk: Support exec sub-command 
`exec` will execute a command inside a container which exists and is not
frozon or stopped. *Inside* means that the new process share namespaces
and cgroup with the container init process. Command can be specified by
`--process` parameter to read from a file, or from other parameters such
as arg, env, etc. In order to be compatible with `create`/`run`
commands, I refactor libcontainer. `Container` in builder.rs is divided
into `InitContainer` and `ActivatedContainer`. `InitContainer` is used
for `create`/`run` command. It will load spec from given bundle path.
`ActivatedContainer` is used by `exec` command, and will read the
container's status file, which stores the spec and `CreateOpt` for
creating the rustjail::LinuxContainer. Adapt the spec by replacing the
process with given options and updating the namesapces with some paths
to join the container. I also rename the `ContainerContext` as
`ContainerLauncher`, which is only used to spawn process now. It uses
the `LinuxContaier` in rustjail as the runner. For `create`/`run`, the
`launch` method will create a new container and run the first process.
For `exec`, the `launch` method will spawn a process which joins a
container.

Fixes #4363

Signed-off-by: Chen Yiyang <cyyzero@qq.com>
 2022-07-06 21:11:30 +08:00
Manabu Sugimoto
4d89476c91 runtime: Fix DisableSelinux config 
Enable Kata runtime to handle `disable_selinux` flag properly in order
to be able to change the status by the runtime configuration whether the
runtime applies the SELinux label to VMM process.

Fixes: #4599
Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
 2022-07-06 15:50:28 +09:00
wllenyj
090de2dae2 dragonball: fix the clippy errors. 
fix clippy errors  and do fmt in this PR.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-07-06 11:29:49 +08:00
wllenyj
a1593322bd dragonball: add vsock api to api server 
Enables vsock to use the api for device configuration.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-07-06 11:29:49 +08:00
wllenyj
89b9ba8603 dragonball: add set_vm_configuration api 
Set virtual machine configuration configurations.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-07-06 11:29:49 +08:00
wllenyj
95fa0c70c3 dragonball: add start microvm support 
We add microvm start related support in thie pull request.

Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-06 11:29:49 +08:00
wllenyj
5c1ccc376b dragonball: add Vmm struct 
The Vmm struct is global coordinator to manage API servers, virtual
machines etc.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-07-06 11:29:49 +08:00
Jiang Liu
4d234f5742 dragonball: refactor code layout 
Refactored some code layout.

Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
 2022-07-06 11:29:49 +08:00
wllenyj
cfd5dae47c dragonball: add vm struct 
The vm struct to manage resources and control states of an virtual
machine instance.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
 2022-07-06 11:29:46 +08:00
wllenyj
527b73a8e5 dragonball: remove unused feature in AddressSpaceMgr 
log_dirty_pages is useless now and will be redesigned to support live
migration in the future.

Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
 2022-07-06 11:28:32 +08:00
Fabiano Fidêncio
071dd4c790 Merge pull request #4109 from pmores/drop-in-cfg-files-support 
Drop in cfg files support
 2022-07-05 22:21:24 +02:00
Peng Tao
514b4e7235 Merge pull request #4543 from openanolis/anolis/add_vcpu_configure_aarch64 
runtime-rs: Dragonball sandbox - add Vcpu::configure() function for aarch64
 2022-07-05 17:47:40 +08:00
Bin Liu
d9e868f44e Merge pull request #4479 from quanweiZhou/enhance-get-handled-signal 
agent: enhance get handled signal
 2022-07-05 15:18:21 +08:00
Bin Liu
b33ad7e57a Merge pull request #4574 from jelipo/fix-serde-serializing 
oci: fix serde skip serializing condition
 2022-07-05 13:51:43 +08:00
Bin Liu
0189738283 Merge pull request #4576 from ManaSugi/fix/oci-poststart-hook 
agent: Run OCI poststart hooks after a container is launched
 2022-07-05 11:08:49 +08:00
Peng Tao
cd2d8c6fe2 Merge pull request #4580 from ManaSugi/fix/replace-libc-with-nix 
agent: Replace some libc functions with nix ones
 2022-07-05 10:53:42 +08:00
Peng Tao
a1de394e51 Merge pull request #4550 from liubin/fix/4548-overwrite-mount-type-for-bind-mount 
runtime: overwrite mount type to bind for bind mounts
 2022-07-04 19:56:26 +08:00
haining.cao
0ddb34a38d oci: fix serde skip serializing condition 
There is an extra space on the serde serialization condition.

Fixes: #4578

Signed-off-by: haining.cao <haining.cao@daocloud.io>
 2022-07-04 16:16:04 +08:00
xuejun-xj
7120afe4ed dragonball: add vcpu test function for aarch64 
add create_vcpu() function in vcpu test unit for aarch64

Fixes: #4445

Signed-off-by: xuejun-xj <jiyunxue@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
 2022-07-04 15:23:43 +08:00
xuejun-xj
648d285a24 dragonball: add vcpu support for aarch64 
add configure() function for aarch64 vcpu

Fixes: #4543

Signed-off-by: xuejun-xj <jiyunxue@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
 2022-07-04 15:23:37 +08:00
xuejun-xj
7dad7c89f3 dragonball: update dbs-xxx dependency 
change to up-to-date commit ID

Fixes: #4543

Signed-off-by: xuejun-xj <jiyunxue@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
 2022-07-04 15:23:11 +08:00
Manabu Sugimoto
fbb2e9bce9 agent: Replace some libc functions with nix ones 
Replace `libc::setgroups()`, `libc::fchown()`, and `libc::sethostname()`
functions with nix crate ones for safety and maintainability.

Fixes: #4579

Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
 2022-07-04 14:49:38 +09:00
Manabu Sugimoto
acd3302bef agent: Run OCI poststart hooks after a container is launched 
Run the OCI `poststart` hooks must be called after the
user-specified process is executed but before the `start`
operation returns in accordance with OCI runtime spec.

Fixes: #4575

Signed-off-by: Manabu Sugimoto <Manabu.Sugimoto@sony.com>
 2022-07-03 18:03:51 +09:00
James O. D. Hunt
59cab9e835 Merge pull request #4380 from Tim-0731-Hzt/rund/makefile 
runtime-rs: makefile for dragonball
 2022-07-01 09:12:38 +01:00