github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2026-02-22 06:43:41 +00:00
Code Issues Projects Releases Wiki Activity

Revert "arm64: Do not use DAX with the rootfs image"

Browse Source 
This reverts commit 2acb94ef2d, as we have
a kernel patch approved fixing the issue.

Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
This commit is contained in:
Fabiano Fidêncio
2026-01-16 11:47:59 +01:00
parent fe15f2fa47
commit 33b1f0786e
6 changed files with 19 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
src/runtime-rs/crates/hypervisor/src/kernel_param.rs
View File

@@ -74,43 +74,21 @@ impl KernelParams {
pub(crate) fn new_rootfs_kernel_params(rootfs_driver: &str, rootfs_type: &str) -> Result<Self> { pub(crate) fn new_rootfs_kernel_params(rootfs_driver: &str, rootfs_type: &str) -> Result<Self> {
let mut params = vec![]; let mut params = vec![];
// DAX is disabled on aarch64 due to kernel panic in dax_disassociate_entry
// with virtio-pmem on kernel 6.18.x
#[cfg(target_arch = "aarch64")]
let use_dax = false;
#[cfg(not(target_arch = "aarch64"))]
let use_dax = true;
match rootfs_driver { match rootfs_driver {
VM_ROOTFS_DRIVER_PMEM => { VM_ROOTFS_DRIVER_PMEM => {
params.push(Param::new("root", VM_ROOTFS_ROOT_PMEM)); params.push(Param::new("root", VM_ROOTFS_ROOT_PMEM));
match rootfs_type { match rootfs_type {
VM_ROOTFS_FILESYSTEM_EXT4 => { VM_ROOTFS_FILESYSTEM_EXT4 => {
if use_dax { params.push(Param::new(
params.push(Param::new( "rootflags",
"rootflags", "dax,data=ordered,errors=remount-ro ro",
"dax,data=ordered,errors=remount-ro ro", ));
));
} else {
params.push(Param::new(
"rootflags",
"data=ordered,errors=remount-ro ro",
));
}
} }
VM_ROOTFS_FILESYSTEM_XFS => { VM_ROOTFS_FILESYSTEM_XFS => {
if use_dax { params.push(Param::new("rootflags", "dax ro"));
params.push(Param::new("rootflags", "dax ro"));
} else {
params.push(Param::new("rootflags", "ro"));
}
} }
VM_ROOTFS_FILESYSTEM_EROFS => { VM_ROOTFS_FILESYSTEM_EROFS => {
if use_dax { params.push(Param::new("rootflags", "dax ro"));
params.push(Param::new("rootflags", "dax ro"));
} else {
params.push(Param::new("rootflags", "ro"));
}
} }
_ => { _ => {
return Err(anyhow!("Unsupported rootfs type {}", rootfs_type)); return Err(anyhow!("Unsupported rootfs type {}", rootfs_type));
@@ -255,22 +233,6 @@ mod tests {
#[test] #[test]
fn test_rootfs_kernel_params() { fn test_rootfs_kernel_params() {
// DAX is disabled on aarch64
#[cfg(target_arch = "aarch64")]
let ext4_pmem_rootflags = "data=ordered,errors=remount-ro ro";
#[cfg(not(target_arch = "aarch64"))]
let ext4_pmem_rootflags = "dax,data=ordered,errors=remount-ro ro";
#[cfg(target_arch = "aarch64")]
let xfs_pmem_rootflags = "ro";
#[cfg(not(target_arch = "aarch64"))]
let xfs_pmem_rootflags = "dax ro";
#[cfg(target_arch = "aarch64")]
let erofs_pmem_rootflags = "ro";
#[cfg(not(target_arch = "aarch64"))]
let erofs_pmem_rootflags = "dax ro";
let tests = &[ let tests = &[
// EXT4 // EXT4
TestData { TestData {
@@ -279,7 +241,7 @@ mod tests {
expect_params: KernelParams { expect_params: KernelParams {
params: [ params: [
Param::new("root", VM_ROOTFS_ROOT_PMEM), Param::new("root", VM_ROOTFS_ROOT_PMEM),
Param::new("rootflags", ext4_pmem_rootflags), Param::new("rootflags", "dax,data=ordered,errors=remount-ro ro"),
Param::new("rootfstype", VM_ROOTFS_FILESYSTEM_EXT4), Param::new("rootfstype", VM_ROOTFS_FILESYSTEM_EXT4),
] ]
.to_vec(), .to_vec(),
@@ -306,7 +268,7 @@ mod tests {
expect_params: KernelParams { expect_params: KernelParams {
params: [ params: [
Param::new("root", VM_ROOTFS_ROOT_PMEM), Param::new("root", VM_ROOTFS_ROOT_PMEM),
Param::new("rootflags", xfs_pmem_rootflags), Param::new("rootflags", "dax ro"),
Param::new("rootfstype", VM_ROOTFS_FILESYSTEM_XFS), Param::new("rootfstype", VM_ROOTFS_FILESYSTEM_XFS),
] ]
.to_vec(), .to_vec(),
@@ -333,7 +295,7 @@ mod tests {
expect_params: KernelParams { expect_params: KernelParams {
params: [ params: [
Param::new("root", VM_ROOTFS_ROOT_PMEM), Param::new("root", VM_ROOTFS_ROOT_PMEM),
Param::new("rootflags", erofs_pmem_rootflags), Param::new("rootflags", "dax ro"),
Param::new("rootfstype", VM_ROOTFS_FILESYSTEM_EROFS), Param::new("rootfstype", VM_ROOTFS_FILESYSTEM_EROFS),
] ]
.to_vec(), .to_vec(),

4
src/runtime/virtcontainers/clh.go
View File

@@ -585,9 +585,7 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net
clh.vmconfig.Cpus = chclient.NewCpusConfig(int32(clh.config.NumVCPUs()), int32(clh.config.DefaultMaxVCPUs)) clh.vmconfig.Cpus = chclient.NewCpusConfig(int32(clh.config.NumVCPUs()), int32(clh.config.DefaultMaxVCPUs))
disableNvdimm := (clh.config.DisableImageNvdimm || clh.config.ConfidentialGuest) disableNvdimm := (clh.config.DisableImageNvdimm || clh.config.ConfidentialGuest)
// DAX is disabled on aarch64 due to kernel panic in dax_disassociate_entry enableDax := !disableNvdimm
// with virtio-pmem on kernel 6.18.x
enableDax := !disableNvdimm && runtime.GOARCH != "arm64"
params, err := getNonUserDefinedKernelParams(hypervisorConfig.RootfsType, disableNvdimm, enableDax, clh.config.Debug, clh.config.ConfidentialGuest, clh.config.IOMMU) params, err := getNonUserDefinedKernelParams(hypervisorConfig.RootfsType, disableNvdimm, enableDax, clh.config.Debug, clh.config.ConfidentialGuest, clh.config.IOMMU)
if err != nil { if err != nil {

8
src/runtime/virtcontainers/qemu_arm64.go
View File

@@ -69,11 +69,9 @@ func newQemuArch(config HypervisorConfig) (qemuArch, error) {
kernelParamsDebug: kernelParamsDebug, kernelParamsDebug: kernelParamsDebug,
kernelParams: kernelParams, kernelParams: kernelParams,
disableNvdimm: config.DisableImageNvdimm, disableNvdimm: config.DisableImageNvdimm,
// DAX is disabled on aarch64 due to kernel panic in dax_disassociate_entry dax: true,
// with virtio-pmem on kernel 6.18.x protection: noneProtection,
dax: false, legacySerial: config.LegacySerial,
protection: noneProtection,
legacySerial: config.LegacySerial,
}, },
measurementAlgo: config.MeasurementAlgo, measurementAlgo: config.MeasurementAlgo,
} }

29
tools/osbuilder/image-builder/image_builder.sh
View File

@@ -74,8 +74,6 @@ Extra environment variables:
AGENT_BIN: Use it to change the expected agent binary name AGENT_BIN: Use it to change the expected agent binary name
AGENT_INIT: Use kata agent as init process AGENT_INIT: Use kata agent as init process
BLOCK_SIZE: Use to specify the size of blocks in bytes. DEFAULT: 4096 BLOCK_SIZE: Use to specify the size of blocks in bytes. DEFAULT: 4096
DAX_DISABLE: If set to "yes", skip DAX metadata header (for kernels without FS_DAX support).
DEFAULT: not set
IMAGE_REGISTRY: Hostname for the image registry used to pull down the rootfs build image. IMAGE_REGISTRY: Hostname for the image registry used to pull down the rootfs build image.
NSDAX_BIN: Use to specify path to pre-compiled 'nsdax' tool. NSDAX_BIN: Use to specify path to pre-compiled 'nsdax' tool.
USE_DOCKER: If set will build image in a Docker Container (requries docker) USE_DOCKER: If set will build image in a Docker Container (requries docker)
@@ -171,7 +169,6 @@ build_with_container() {
--env BLOCK_SIZE="${block_size}" \ --env BLOCK_SIZE="${block_size}" \
--env ROOT_FREE_SPACE="${root_free_space}" \ --env ROOT_FREE_SPACE="${root_free_space}" \
--env NSDAX_BIN="${nsdax_bin}" \ --env NSDAX_BIN="${nsdax_bin}" \
--env DAX_DISABLE="${DAX_DISABLE:-no}" \
--env MEASURED_ROOTFS="${MEASURED_ROOTFS}" \ --env MEASURED_ROOTFS="${MEASURED_ROOTFS}" \
--env SELINUX="${SELINUX}" \ --env SELINUX="${SELINUX}" \
--env DEBUG="${DEBUG}" \ --env DEBUG="${DEBUG}" \
@@ -307,12 +304,8 @@ calculate_img_size() {
local fs_type="$3" local fs_type="$3"
local block_size="$4" local block_size="$4"
# rootfs start + DAX header size (if enabled) + rootfs end # rootfs start + DAX header size + rootfs end
local dax_sz=0 local reserved_size_mb=$((rootfs_start + dax_header_sz + rootfs_end))
if [ "${DAX_DISABLE:-no}" != "yes" ]; then
dax_sz="${dax_header_sz}"
fi
local reserved_size_mb=$((rootfs_start + dax_sz + rootfs_end))
disk_size="$(calculate_required_disk_size "${rootfs}" "${fs_type}" "${block_size}")" disk_size="$(calculate_required_disk_size "${rootfs}" "${fs_type}" "${block_size}")"
@@ -631,35 +624,25 @@ main() {
die "Invalid rootfs" die "Invalid rootfs"
fi fi
# Determine DAX header size based on DAX_DISABLE setting
local dax_sz=0
if [ "${DAX_DISABLE:-no}" != "yes" ]; then
dax_sz="${dax_header_sz}"
fi
if [ "${fs_type}" == 'erofs' ]; then if [ "${fs_type}" == 'erofs' ]; then
# mkfs.erofs accepts an src root dir directory as an input # mkfs.erofs accepts an src root dir directory as an input
# rather than some device, so no need to guess the device dest size first. # rather than some device, so no need to guess the device dest size first.
create_erofs_rootfs_image "${rootfs}" "${image}" \ create_erofs_rootfs_image "${rootfs}" "${image}" \
"${block_size}" "${agent_bin}" "${block_size}" "${agent_bin}"
rootfs_img_size=$? rootfs_img_size=$?
img_size=$((rootfs_img_size + dax_sz)) img_size=$((rootfs_img_size + dax_header_sz))
else else
img_size=$(calculate_img_size "${rootfs}" "${root_free_space}" \ img_size=$(calculate_img_size "${rootfs}" "${root_free_space}" \
"${fs_type}" "${block_size}") "${fs_type}" "${block_size}")
# the first 2M are for the first MBR + NVDIMM metadata and were already # the first 2M are for the first MBR + NVDIMM metadata and were already
# consider in calculate_img_size (if DAX is enabled) # consider in calculate_img_size
rootfs_img_size=$((img_size - dax_sz)) rootfs_img_size=$((img_size - dax_header_sz))
create_rootfs_image "${rootfs}" "${image}" "${rootfs_img_size}" \ create_rootfs_image "${rootfs}" "${image}" "${rootfs_img_size}" \
"${fs_type}" "${block_size}" "${agent_bin}" "${fs_type}" "${block_size}" "${agent_bin}"
fi fi
# insert at the beginning of the image the MBR + DAX header # insert at the beginning of the image the MBR + DAX header
if [ "${DAX_DISABLE:-no}" != "yes" ]; then set_dax_header "${image}" "${img_size}" "${fs_type}" "${nsdax_bin}"
set_dax_header "${image}" "${img_size}" "${fs_type}" "${nsdax_bin}"
else
info "Skipping DAX header (DAX_DISABLE=yes)"
fi
chown "${USER}:${GROUP}" "${image}" chown "${USER}:${GROUP}" "${image}"
} }

2
tools/packaging/kata-deploy/local-build/kata-deploy-binaries-in-docker.sh
View File

@@ -114,7 +114,6 @@ RUNTIME_CHOICE="${RUNTIME_CHOICE:-both}"
IMAGE_SIZE_ALIGNMENT_MB=${IMAGE_SIZE_ALIGNMENT_MB:-} IMAGE_SIZE_ALIGNMENT_MB=${IMAGE_SIZE_ALIGNMENT_MB:-}
KERNEL_DEBUG_ENABLED="${KERNEL_DEBUG_ENABLED:-}" KERNEL_DEBUG_ENABLED="${KERNEL_DEBUG_ENABLED:-}"
INIT_DATA="${INIT_DATA:-yes}" INIT_DATA="${INIT_DATA:-yes}"
DAX_DISABLE="${DAX_DISABLE:-no}"
docker run \ docker run \
-v $HOME/.docker:/root/.docker \ -v $HOME/.docker:/root/.docker \
@@ -161,7 +160,6 @@ docker run \
--env CROSS_BUILD="${CROSS_BUILD}" \ --env CROSS_BUILD="${CROSS_BUILD}" \
--env TARGET_ARCH="${TARGET_ARCH}" \ --env TARGET_ARCH="${TARGET_ARCH}" \
--env ARCH="${ARCH}" \ --env ARCH="${ARCH}" \
--env DAX_DISABLE="${DAX_DISABLE}" \
--rm \ --rm \
-w ${script_dir} \ -w ${script_dir} \
build-kata-deploy "${kata_deploy_create}" "$@" build-kata-deploy "${kata_deploy_create}" "$@"

6
tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
View File

@@ -468,12 +468,6 @@ install_image() {
export REPO_COMPONENTS export REPO_COMPONENTS
fi fi
# Disable DAX for ARM64 due to kernel panic in dax_disassociate_entry
# with virtio-pmem on kernel 6.18.x
if [ "${ARCH}" == "aarch64" ]; then
export DAX_DISABLE=yes
fi
"${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}" "${rootfs_builder}" --osname="${os_name}" --osversion="${os_version}" --imagetype=image --prefix="${prefix}" --destdir="${destdir}" --image_initrd_suffix="${variant}"
} }