runtime: added cloud hypervisor driver

Initial release of cloud hypervisor driver for kata-runtime

Fixes: #2046

Signed-off-by: Johan Kuijpers <johan.kuijpers@ericsson.com>

Makefile

@@ -79,6 +79,7 @@ endif
 PREFIXDEPS    := $(PREFIX)
 BINDIR        := $(EXEC_PREFIX)/bin
 QEMUBINDIR    := $(PREFIXDEPS)/bin
+CLHBINDIR    := $(PREFIXDEPS)/bin
 FCBINDIR      := $(PREFIXDEPS)/bin
 ACRNBINDIR    := $(PREFIXDEPS)/bin
 VIRTIOFSDBINDIR := $(PREFIXDEPS)/bin
@@ -117,18 +118,21 @@ HYPERVISOR_ACRN = acrn
 HYPERVISOR_FC = firecracker
 JAILER_FC = jailer
 HYPERVISOR_QEMU = qemu
+HYPERVISOR_CLH = cloud-hypervisor
 HYPERVISOR_QEMU_VIRTIOFS = qemu-virtiofs
 
 # Determines which hypervisor is specified in $(CONFIG_FILE).
 DEFAULT_HYPERVISOR = $(HYPERVISOR_QEMU)
 
 # List of hypervisors this build system can generate configuration for.
-HYPERVISORS := $(HYPERVISOR_ACRN) $(HYPERVISOR_FC) $(HYPERVISOR_QEMU) $(HYPERVISOR_QEMU_VIRTIOFS)
+HYPERVISORS := $(HYPERVISOR_ACRN) $(HYPERVISOR_FC) $(HYPERVISOR_QEMU) $(HYPERVISOR_QEMU_VIRTIOFS) $(HYPERVISOR_CLH)
 
 QEMUPATH := $(QEMUBINDIR)/$(QEMUCMD)
 
 QEMUVIRTIOFSPATH := $(QEMUBINDIR)/$(QEMUVIRTIOFSCMD)
 
+CLHPATH := $(CLHBINDIR)/$(CLHCMD)
+
 FCPATH = $(FCBINDIR)/$(FCCMD)
 FCJAILERPATH = $(FCBINDIR)/$(FCJAILERCMD)
 
@@ -258,6 +262,30 @@ ifneq (,$(QEMUVIRTIOFSCMD))
 	KERNELVIRTIOFSPATH = $(KERNELDIR)/$(KERNELNAMEVIRTIOFS)
 endif
 
+ifneq (,$(CLHCMD))
+    KNOWN_HYPERVISORS += $(HYPERVISOR_CLH)
+
+    CONFIG_FILE_CLH = configuration-clh.toml
+    CONFIG_CLH = $(CLI_DIR)/config/$(CONFIG_FILE_CLH)
+    CONFIG_CLH_IN = $(CONFIG_CLH).in
+
+    CONFIG_PATH_CLH = $(abspath $(CONFDIR)/$(CONFIG_FILE_CLH))
+    CONFIG_PATHS += $(CONFIG_PATH_CLH)
+
+    SYSCONFIG_CLH = $(abspath $(SYSCONFDIR)/$(CONFIG_FILE_CLH))
+    SYSCONFIG_PATHS += $(SYSCONFIG_CLH)
+
+    CONFIGS += $(CONFIG_CLH)
+
+    # CLH-specific options (all should be suffixed by "_CLH")
+    # currently, huge pages are required for virtiofsd support
+    DEFENABLEHUGEPAGES_CLH := true
+    DEFNETWORKMODEL_CLH := tcfilter
+    KERNELTYPE_CLH = uncompressed
+    KERNEL_NAME_CLH = $(call MAKE_KERNEL_NAME,$(KERNELTYPE_CLH))
+    KERNELPATH_CLH = $(KERNELDIR)/$(KERNEL_NAME_CLH)
+endif
+
 ifneq (,$(FCCMD))
     KNOWN_HYPERVISORS += $(HYPERVISOR_FC)
 
@@ -332,6 +360,10 @@ ifeq ($(DEFAULT_HYPERVISOR),$(HYPERVISOR_ACRN))
     DEFAULT_HYPERVISOR_CONFIG = $(CONFIG_FILE_ACRN)
 endif
 
+ifeq ($(DEFAULT_HYPERVISOR),$(HYPERVISOR_CLH))
+    DEFAULT_HYPERVISOR_CONFIG = $(CONFIG_FILE_CLH)
+endif
+
 CONFDIR := $(DEFAULTSDIR)/$(PROJECT_DIR)
 SYSCONFDIR := $(SYSCONFDIR)/$(PROJECT_DIR)
 
@@ -367,8 +399,10 @@ USER_VARS += KERNELDIR
 USER_VARS += KERNELTYPE
 USER_VARS += KERNELTYPE_FC
 USER_VARS += KERNELTYPE_ACRN
+USER_VARS += KERNELTYPE_CLH
 USER_VARS += FIRMWAREPATH
 USER_VARS += MACHINEACCELERATORS
+USER_VARS += DEFMACHINETYPE_CLH
 USER_VARS += KERNELPARAMS
 USER_VARS += LIBEXECDIR
 USER_VARS += LOCALSTATEDIR
@@ -519,21 +553,26 @@ $(GENERATED_FILES): %: %.in $(MAKEFILE_LIST) VERSION .git-commit
 		-e "s|@CONFIG_ACRN_IN@|$(CONFIG_ACRN_IN)|g" \
 		-e "s|@CONFIG_QEMU_IN@|$(CONFIG_QEMU_IN)|g" \
 		-e "s|@CONFIG_QEMU_VIRTIOFS_IN@|$(CONFIG_QEMU_VIRTIOFS_IN)|g" \
+		-e "s|@CONFIG_CLH_IN@|$(CONFIG_CLH_IN)|g" \
 		-e "s|@CONFIG_FC_IN@|$(CONFIG_FC_IN)|g" \
 		-e "s|@CONFIG_PATH@|$(CONFIG_PATH)|g" \
 		-e "s|@FCPATH@|$(FCPATH)|g" \
 		-e "s|@FCJAILERPATH@|$(FCJAILERPATH)|g" \
 		-e "s|@ACRNPATH@|$(ACRNPATH)|g" \
 		-e "s|@ACRNCTLPATH@|$(ACRNCTLPATH)|g" \
+		-e "s|@CLHPATH@|$(CLHPATH)|g" \
 		-e "s|@SYSCONFIG@|$(SYSCONFIG)|g" \
 		-e "s|@IMAGEPATH@|$(IMAGEPATH)|g" \
 		-e "s|@KERNELPATH_ACRN@|$(KERNELPATH_ACRN)|g" \
 		-e "s|@KERNELPATH_FC@|$(KERNELPATH_FC)|g" \
+		-e "s|@KERNELPATH_CLH@|$(KERNELPATH_CLH)|g" \
 		-e "s|@KERNELPATH@|$(KERNELPATH)|g" \
 		-e "s|@KERNELVIRTIOFSPATH@|$(KERNELVIRTIOFSPATH)|g" \
 		-e "s|@INITRDPATH@|$(INITRDPATH)|g" \
 		-e "s|@FIRMWAREPATH@|$(FIRMWAREPATH)|g" \
 		-e "s|@MACHINEACCELERATORS@|$(MACHINEACCELERATORS)|g" \
+		-e "s|@FIRMWAREPATH_CLH@|$(FIRMWAREPATH_CLH)|g" \
+		-e "s|@DEFMACHINETYPE_CLH@|$(DEFMACHINETYPE_CLH)|g" \
 		-e "s|@KERNELPARAMS@|$(KERNELPARAMS)|g" \
 		-e "s|@LOCALSTATEDIR@|$(LOCALSTATEDIR)|g" \
 		-e "s|@PKGLIBEXECDIR@|$(PKGLIBEXECDIR)|g" \
@@ -557,6 +596,7 @@ $(GENERATED_FILES): %: %.in $(MAKEFILE_LIST) VERSION .git-commit
 		-e "s|@DEFMEMSLOTS@|$(DEFMEMSLOTS)|g" \
 		-e "s|@DEFBRIDGES@|$(DEFBRIDGES)|g" \
 		-e "s|@DEFNETWORKMODEL_ACRN@|$(DEFNETWORKMODEL_ACRN)|g" \
+		-e "s|@DEFNETWORKMODEL_CLH@|$(DEFNETWORKMODEL_CLH)|g" \
 		-e "s|@DEFNETWORKMODEL_FC@|$(DEFNETWORKMODEL_FC)|g" \
 		-e "s|@DEFNETWORKMODEL_QEMU@|$(DEFNETWORKMODEL_QEMU)|g" \
 		-e "s|@DEFDISABLEGUESTSECCOMP@|$(DEFDISABLEGUESTSECCOMP)|g" \
@@ -729,6 +769,9 @@ endif
 ifneq (,$(findstring $(HYPERVISOR_QEMU_VIRTIOFS),$(KNOWN_HYPERVISORS)))
 	@printf "\t$(HYPERVISOR_QEMU_VIRTIOFS) hypervisor path (QEMUVIRTIOFSPATH) : %s\n" $(abspath $(QEMUVIRTIOFSPATH))
 endif
+ifneq (,$(findstring $(HYPERVISOR_CLH),$(KNOWN_HYPERVISORS)))
+	@printf "\t$(HYPERVISOR_CLH) hypervisor path (CLHPATH) : %s\n" $(abspath $(CLHPATH))
+endif
 ifneq (,$(findstring $(HYPERVISOR_FC),$(KNOWN_HYPERVISORS)))
 	@printf "\t$(HYPERVISOR_FC) hypervisor path (FCPATH) : %s\n" $(abspath $(FCPATH))
 endif

arch/amd64-options.mk

@@ -22,3 +22,6 @@ FCJAILERCMD := jailer
 #ACRN binary name
 ACRNCMD := acrn-dm
 ACRNCTLCMD := acrnctl
+
+# cloud-hypervisor binary name
+CLHCMD := cloud-hypervisor

cli/config/configuration-clh.toml.in

@@ -0,0 +1,212 @@
+# Copyright (c) 2019 Ericsson Eurolab Deutschland GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# XXX: WARNING: this file is auto-generated.
+# XXX:
+# XXX: Source file: "@CONFIG_CLH_IN@"
+# XXX: Project:
+# XXX:   Name: @PROJECT_NAME@
+# XXX:   Type: @PROJECT_TYPE@
+
+[hypervisor.clh]
+path = "@CLHPATH@"
+kernel = "@KERNELPATH_CLH@"
+image = "@IMAGEPATH@"
+
+# Optional space-separated list of options to pass to the guest kernel.
+# For example, use `kernel_params = "vsyscall=emulate"` if you are having
+# trouble running pre-2.15 glibc.
+#
+# WARNING: - any parameter specified here will take priority over the default
+# parameter value of the same name used to start the virtual machine.
+# Do not set values here unless you understand the impact of doing so as you
+# may stop the virtual machine from booting.
+# To see the list of default parameters, enable hypervisor debug, create a
+# container and look for 'default-kernel-parameters' log entries.
+kernel_params = "@KERNELPARAMS@"
+
+# Default number of vCPUs per SB/VM:
+# unspecified or 0                --> will be set to @DEFVCPUS@
+# < 0                             --> will be set to the actual number of physical cores
+# > 0 <= number of physical cores --> will be set to the specified number
+# > number of physical cores      --> will be set to the actual number of physical cores
+default_vcpus = 1
+
+# Default maximum number of vCPUs per SB/VM:
+# unspecified or == 0             --> will be set to the actual number of physical cores or to the maximum number
+#                                     of vCPUs supported by KVM if that number is exceeded
+# > 0 <= number of physical cores --> will be set to the specified number
+# > number of physical cores      --> will be set to the actual number of physical cores or to the maximum number
+#                                     of vCPUs supported by KVM if that number is exceeded
+# WARNING: Depending of the architecture, the maximum number of vCPUs supported by KVM is used when
+# the actual number of physical cores is greater than it.
+# WARNING: Be aware that this value impacts the virtual machine's memory footprint and CPU
+# the hotplug functionality. For example, `default_maxvcpus = 240` specifies that until 240 vCPUs
+# can be added to a SB/VM, but the memory footprint will be big. Another example, with
+# `default_maxvcpus = 8` the memory footprint will be small, but 8 will be the maximum number of
+# vCPUs supported by the SB/VM. In general, we recommend that you do not edit this variable,
+# unless you know what are you doing.
+default_maxvcpus = @DEFMAXVCPUS@
+
+# Default memory size in MiB for SB/VM.
+# If unspecified then it will be set @DEFMEMSZ@ MiB.
+default_memory = @DEFMEMSZ@
+
+# Default memory slots per SB/VM.
+# If unspecified then it will be set @DEFMEMSLOTS@.
+# This is will determine the times that memory will be hotadded to sandbox/VM.
+#memory_slots = @DEFMEMSLOTS@
+
+# Path to vhost-user-fs daemon.
+virtio_fs_daemon = "@DEFVIRTIOFSDAEMON@"
+
+# cloud-hypervisor prefers virtiofs caching (dax) for performance reasons
+virtio_fs_cache = "always"
+
+# This option changes the default hypervisor and kernel parameters
+# to enable debug output where available. This extra output is added
+# to the proxy logs, but only when proxy debug is also enabled.
+# 
+# Default false
+# enable_debug = true
+
+[proxy.@PROJECT_TYPE@]
+path = "@PROXYPATH@"
+
+# If enabled, proxy messages will be sent to the system log
+# (default: disabled)
+#enable_debug = true
+
+[shim.@PROJECT_TYPE@]
+path = "@SHIMPATH@"
+
+# If enabled, shim messages will be sent to the system log
+# (default: disabled)
+#enable_debug = true
+
+# If enabled, the shim will create opentracing.io traces and spans.
+# (See https://www.jaegertracing.io/docs/getting-started).
+#
+# Note: By default, the shim runs in a separate network namespace. Therefore,
+# to allow it to send trace details to the Jaeger agent running on the host,
+# it is necessary to set 'disable_new_netns=true' so that it runs in the host
+# network namespace.
+#
+# (default: disabled)
+#enable_tracing = true
+
+
+[agent.@PROJECT_TYPE@]
+# If enabled, make the agent display debug-level messages.
+# (default: disabled)
+#enable_debug = true
+
+# Enable agent tracing.
+#
+# If enabled, the default trace mode is "dynamic" and the
+# default trace type is "isolated". The trace mode and type are set
+# explicity with the `trace_type=` and `trace_mode=` options.
+#
+# Notes:
+#
+# - Tracing is ONLY enabled when `enable_tracing` is set: explicitly
+#   setting `trace_mode=` and/or `trace_type=` without setting `enable_tracing`
+#   will NOT activate agent tracing.
+#
+# - See https://github.com/kata-containers/agent/blob/master/TRACING.md for
+#   full details.
+#
+# (default: disabled)
+#enable_tracing = true
+#
+#trace_mode = "dynamic"
+#trace_type = "isolated"
+
+
+[netmon]
+# If enabled, the network monitoring process gets started when the
+# sandbox is created. This allows for the detection of some additional
+# network being added to the existing network namespace, after the
+# sandbox has been created.
+# (default: disabled)
+#enable_netmon = true
+
+# Specify the path to the netmon binary.
+path = "@NETMONPATH@"
+
+# If enabled, netmon messages will be sent to the system log
+# (default: disabled)
+#enable_debug = true
+
+
+[runtime]
+# If enabled, the runtime will log additional debug messages to the
+# system log
+# (default: disabled)
+#enable_debug = true
+#
+# Internetworking model
+# Determines how the VM should be connected to the
+# the container network interface
+# Options:
+#
+#   - bridged (Deprecated)
+#     Uses a linux bridge to interconnect the container interface to
+#     the VM. Works for most cases except macvlan and ipvlan.
+#     ***NOTE: This feature has been deprecated with plans to remove this
+#     feature in the future. Please use other network models listed below.
+#
+#
+#   - macvtap
+#     Used when the Container network interface can be bridged using
+#     macvtap.
+#
+#   - none
+#     Used when customize network. Only creates a tap device. No veth pair.
+#
+#   - tcfilter
+#     Uses tc filter rules to redirect traffic from the network interface
+#     provided by plugin to a tap interface connected to the VM.
+#
+internetworking_model="@DEFNETWORKMODEL_CLH@"
+
+# disable guest seccomp
+# Determines whether container seccomp profiles are passed to the virtual
+# machine and applied by the kata agent. If set to true, seccomp is not applied
+# within the guest
+# (default: true)
+disable_guest_seccomp=@DEFDISABLEGUESTSECCOMP@
+
+# If enabled, the runtime will create opentracing.io traces and spans.
+# (See https://www.jaegertracing.io/docs/getting-started).
+# (default: disabled)
+#enable_tracing = true
+
+# If enabled, the runtime will not create a network namespace for shim and hypervisor processes.
+# This option may have some potential impacts to your host. It should only be used when you know what you're doing.
+# `disable_new_netns` conflicts with `enable_netmon`
+# `disable_new_netns` conflicts with `internetworking_model=bridged` and `internetworking_model=macvtap`. It works only
+# with `internetworking_model=none`. The tap device will be in the host network namespace and can connect to a bridge
+# (like OVS) directly.
+# If you are using docker, `disable_new_netns` only works with `docker run --net=none`
+# (default: false)
+#disable_new_netns = true
+
+# if enabled, the runtime will add all the kata processes inside one dedicated cgroup.
+# The container cgroups in the host are not created, just one single cgroup per sandbox.
+# The sandbox cgroup is not constrained by the runtime
+# The runtime caller is free to restrict or collect cgroup stats of the overall Kata sandbox.
+# The sandbox cgroup path is the parent cgroup of a container with the PodSandbox annotation.
+# See: https://godoc.org/github.com/kata-containers/runtime/virtcontainers#ContainerType
+sandbox_cgroup_only=@DEFSANDBOXCGROUPONLY@
+
+# Enabled experimental feature list, format: ["a", "b"].
+# Experimental features are features not stable enough for production,
+# They may break compatibility, and are prepared for a big version bump.
+# Supported experimental features:
+# 1. "newstore": new persist storage driver which breaks backward compatibility,
+#				expected to move out of experimental in 2.0.0.
+# (default: [])
+experimental=@DEFAULTEXPFEATURES@

cli/kata-check_amd64.go

@@ -107,6 +107,8 @@ func setCPUtype(hypervisorType vc.HypervisorType) error {
 		switch hypervisorType {
 		case "firecracker":
 			fallthrough
+		case "clh":
+			fallthrough
 		case "qemu":
 			archRequiredCPUFlags = map[string]string{
 				cpuFlagVMX:    "Virtualization support",
@@ -291,6 +293,8 @@ func archHostCanCreateVMContainer(hypervisorType vc.HypervisorType) error {
 	switch hypervisorType {
 	case "qemu":
 		fallthrough
+	case "clh":
+		fallthrough
 	case "firecracker":
 		return kvmIsUsable()
 	case "acrn":

pkg/katautils/config.go

@@ -49,6 +49,7 @@ var (
 const (
 	// supported hypervisor component types
 	firecrackerHypervisorTableType = "firecracker"
+	clhHypervisorTableType         = "clh"
 	qemuHypervisorTableType        = "qemu"
 	acrnHypervisorTableType        = "acrn"
 
@@ -701,6 +702,92 @@ func newAcrnHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) {
 	}, nil
 }
 
+func newClhHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) {
+	hypervisor, err := h.path()
+	if err != nil {
+		return vc.HypervisorConfig{}, err
+	}
+
+	kernel, err := h.kernel()
+	if err != nil {
+		return vc.HypervisorConfig{}, err
+	}
+
+	initrd, image, err := h.getInitrdAndImage()
+	if err != nil {
+		return vc.HypervisorConfig{}, err
+	}
+
+	if initrd != "" {
+		return vc.HypervisorConfig{},
+			errors.New("having an initrd defined in the configuration file is not supported")
+	}
+
+	if image == "" {
+		return vc.HypervisorConfig{},
+			errors.New("image must be defined in the configuration file")
+	}
+
+	firmware, err := h.firmware()
+	if err != nil {
+		return vc.HypervisorConfig{}, err
+	}
+
+	machineAccelerators := h.machineAccelerators()
+	kernelParams := h.kernelParams()
+	machineType := h.machineType()
+
+	blockDriver, err := h.blockDeviceDriver()
+	if err != nil {
+		return vc.HypervisorConfig{}, err
+	}
+
+	sharedFS := config.VirtioFS
+
+	if h.VirtioFSDaemon == "" {
+		return vc.HypervisorConfig{},
+			errors.New("virtio-fs daemon path is missing in configuration file")
+	}
+
+	return vc.HypervisorConfig{
+		HypervisorPath:          hypervisor,
+		KernelPath:              kernel,
+		InitrdPath:              initrd,
+		ImagePath:               image,
+		FirmwarePath:            firmware,
+		MachineAccelerators:     machineAccelerators,
+		KernelParams:            vc.DeserializeParams(strings.Fields(kernelParams)),
+		HypervisorMachineType:   machineType,
+		NumVCPUs:                h.defaultVCPUs(),
+		DefaultMaxVCPUs:         h.defaultMaxVCPUs(),
+		MemorySize:              h.defaultMemSz(),
+		MemSlots:                h.defaultMemSlots(),
+		MemOffset:               h.defaultMemOffset(),
+		EntropySource:           h.GetEntropySource(),
+		DefaultBridges:          h.defaultBridges(),
+		DisableBlockDeviceUse:   h.DisableBlockDeviceUse,
+		SharedFS:                sharedFS,
+		VirtioFSDaemon:          h.VirtioFSDaemon,
+		VirtioFSCacheSize:       h.VirtioFSCacheSize,
+		VirtioFSCache:           h.VirtioFSCache,
+		MemPrealloc:             h.MemPrealloc,
+		HugePages:               h.HugePages,
+		FileBackedMemRootDir:    h.FileBackedMemRootDir,
+		Mlock:                   !h.Swap,
+		Debug:                   h.Debug,
+		DisableNestingChecks:    h.DisableNestingChecks,
+		BlockDeviceDriver:       blockDriver,
+		BlockDeviceCacheSet:     h.BlockDeviceCacheSet,
+		BlockDeviceCacheDirect:  h.BlockDeviceCacheDirect,
+		BlockDeviceCacheNoflush: h.BlockDeviceCacheNoflush,
+		EnableIOThreads:         h.EnableIOThreads,
+		Msize9p:                 h.msize9p(),
+		HotplugVFIOOnRootBus:    h.HotplugVFIOOnRootBus,
+		DisableVhostNet:         true,
+		UseVSock:                true,
+	}, nil
+}
+
 func newFactoryConfig(f factory) (oci.FactoryConfig, error) {
 	if f.TemplatePath == "" {
 		f.TemplatePath = defaultTemplatePath
@@ -744,6 +831,9 @@ func updateRuntimeConfigHypervisor(configPath string, tomlConf tomlConfig, confi
 		case acrnHypervisorTableType:
 			config.HypervisorType = vc.AcrnHypervisor
 			hConfig, err = newAcrnHypervisorConfig(hypervisor)
+		case clhHypervisorTableType:
+			config.HypervisorType = vc.ClhHypervisor
+			hConfig, err = newClhHypervisorConfig(hypervisor)
 		}
 
 		if err != nil {

pkg/katautils/config_test.go

@@ -885,6 +885,66 @@ func TestNewQemuHypervisorConfigImageAndInitrd(t *testing.T) {
 	assert.Error(err)
 }
 
+func TestNewClhHypervisorConfig(t *testing.T) {
+
+	assert := assert.New(t)
+
+	tmpdir, err := ioutil.TempDir(testDir, "")
+	assert.NoError(err)
+	defer os.RemoveAll(tmpdir)
+
+	hypervisorPath := path.Join(tmpdir, "hypervisor")
+	kernelPath := path.Join(tmpdir, "kernel")
+	imagePath := path.Join(tmpdir, "image")
+	virtioFsDaemon := path.Join(tmpdir, "virtiofsd")
+
+	for _, file := range []string{imagePath, hypervisorPath, kernelPath, virtioFsDaemon} {
+		err = createEmptyFile(file)
+		assert.NoError(err)
+	}
+
+	hypervisor := hypervisor{
+		Path:           hypervisorPath,
+		Kernel:         kernelPath,
+		Image:          imagePath,
+		VirtioFSDaemon: virtioFsDaemon,
+		VirtioFSCache:  "always",
+	}
+	config, err := newClhHypervisorConfig(hypervisor)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if config.HypervisorPath != hypervisor.Path {
+		t.Errorf("Expected hypervisor path %v, got %v", hypervisor.Path, config.HypervisorPath)
+	}
+
+	if config.KernelPath != hypervisor.Kernel {
+		t.Errorf("Expected kernel path %v, got %v", hypervisor.Kernel, config.KernelPath)
+	}
+
+	if config.ImagePath != hypervisor.Image {
+		t.Errorf("Expected image path %v, got %v", hypervisor.Image, config.ImagePath)
+	}
+
+	if config.ImagePath != hypervisor.Image {
+		t.Errorf("Expected image path %v, got %v", hypervisor.Image, config.ImagePath)
+	}
+
+	if config.UseVSock != true {
+		t.Errorf("Expected UseVSock %v, got %v", true, config.UseVSock)
+	}
+
+	if config.DisableVhostNet != true {
+		t.Errorf("Expected DisableVhostNet %v, got %v", true, config.DisableVhostNet)
+	}
+
+	if config.VirtioFSCache != "always" {
+		t.Errorf("Expected VirtioFSCache %v, got %v", true, config.VirtioFSCache)
+	}
+
+}
+
 func TestNewShimConfig(t *testing.T) {
 	dir, err := ioutil.TempDir(testDir, "shim-config-")
 	if err != nil {

virtcontainers/hypervisor.go

@@ -42,6 +42,9 @@ const (
 	// AcrnHypervisor is the ACRN hypervisor.
 	AcrnHypervisor HypervisorType = "acrn"
 
+	// ClhHypervisor is the ICH hypervisor.
+	ClhHypervisor HypervisorType = "clh"
+
 	// MockHypervisor is a mock hypervisor for testing purposes
 	MockHypervisor HypervisorType = "mock"
 )
@@ -152,6 +155,9 @@ func (hType *HypervisorType) Set(value string) error {
 	case "acrn":
 		*hType = AcrnHypervisor
 		return nil
+	case "clh":
+		*hType = ClhHypervisor
+		return nil
 	case "mock":
 		*hType = MockHypervisor
 		return nil
@@ -169,6 +175,8 @@ func (hType *HypervisorType) String() string {
 		return string(FirecrackerHypervisor)
 	case AcrnHypervisor:
 		return string(AcrnHypervisor)
+	case ClhHypervisor:
+		return string(ClhHypervisor)
 	case MockHypervisor:
 		return string(MockHypervisor)
 	default:
@@ -185,6 +193,8 @@ func newHypervisor(hType HypervisorType) (hypervisor, error) {
 		return &firecracker{}, nil
 	case AcrnHypervisor:
 		return &Acrn{}, nil
+	case ClhHypervisor:
+		return &cloudHypervisor{}, nil
 	case MockHypervisor:
 		return &mockHypervisor{}, nil
 	default:

virtcontainers/virtcontainers_test.go

@@ -46,6 +46,7 @@ var testAcrnKernelPath = ""
 var testAcrnImagePath = ""
 var testAcrnPath = ""
 var testAcrnCtlPath = ""
+
 var testHyperstartCtlSocket = ""
 var testHyperstartTtySocket = ""