github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-05-02 13:44:33 +00:00
Code Issues Projects Releases Wiki Activity

runtime: Validate hypervisor section name in config file

Browse Source 
Previously, if you accidentally modified the name of the hypervisor
section in the config file, the default golang runtime gives a cryptic
error message ("`VM memory cannot be zero`"). This can be demonstrated
using the `kata-runtime` utility program which uses the same golang
config package as the actual runtime (`containerd-shim-kata-v2`):

```bash
$ kata-runtime env >/dev/null; echo $?
0
$ sudo sed -i 's!^\[hypervisor\.qemu\]!\[hypervisor\.foo\]!g' /etc/kata-containers/configuration.toml
$ kata-runtime env >/dev/null; echo $?
VM memory cannot be zero
1
```

The hypervisor name is now validated so that the behaviour becomes:

```bash
$ kata-runtime env >/dev/null; echo $?
0
$ sudo sed -i 's!^\[hypervisor\.qemu\]!\[hypervisor\.foo\]!g' /etc/kata-containers/configuration.toml
$ ./kata-runtime env >/dev/null; echo $?
/etc/kata-containers/configuration.toml: configuration file contains invalid hypervisor section: "foo"
1
```

Fixes: #8212.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This commit is contained in:
James O. D. Hunt 2023-10-12 12:13:53 +01:00
parent 45d28998d9
commit 3e8cf6959c
2 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/runtime/pkg/katautils/config.go
View File

@ -55,6 +55,8 @@ const (
// the maximum amount of PCI bridges that can be cold plugged in a VM // the maximum amount of PCI bridges that can be cold plugged in a VM
maxPCIBridges uint32 = 5 maxPCIBridges uint32 = 5
errInvalidHypervisorPrefix = "configuration file contains invalid hypervisor section"
) )
type tomlConfig struct { type tomlConfig struct {
@ -1175,6 +1177,8 @@ func updateRuntimeConfigHypervisor(configPath string, tomlConf tomlConfig, confi
case dragonballHypervisorTableType: case dragonballHypervisorTableType:
config.HypervisorType = vc.DragonballHypervisor config.HypervisorType = vc.DragonballHypervisor
hConfig, err = newDragonballHypervisorConfig(hypervisor) hConfig, err = newDragonballHypervisorConfig(hypervisor)
default:
err = fmt.Errorf("%s: %+q", errInvalidHypervisorPrefix, k)
} }
if err != nil { if err != nil {

56
src/runtime/pkg/katautils/config_test.go
View File

@ -1735,3 +1735,59 @@ vfio_mode="vfio"
assert.Equal(t, config.Runtime.InterNetworkModel, "macvtap") assert.Equal(t, config.Runtime.InterNetworkModel, "macvtap")
assert.Equal(t, config.Runtime.VfioMode, "vfio") assert.Equal(t, config.Runtime.VfioMode, "vfio")
} }
func TestUpdateRuntimeConfigHypervisor(t *testing.T) {
assert := assert.New(t)
type tableTypeEntry struct {
name string
valid bool
}
configFile := "/some/where/configuration.toml"
// Note: We cannot test acrnHypervisorTableType since
// newAcrnHypervisorConfig() expects ACRN binaries to be
// installed.
var entries = []tableTypeEntry{
{clhHypervisorTableType, true},
{dragonballHypervisorTableType, true},
{firecrackerHypervisorTableType, true},
{qemuHypervisorTableType, true},
{"foo", false},
{"bar", false},
{clhHypervisorTableType + "baz", false},
}
for i, h := range entries {
config := oci.RuntimeConfig{}
tomlConf := tomlConfig{
Hypervisor: map[string]hypervisor{
h.name: {
NumVCPUs: int32(2),
MemorySize: uint32(2048),
Path: "/",
Kernel: "/",
Image: "/",
Firmware: "/",
FirmwareVolume: "/",
SharedFS: "virtio-fs",
VirtioFSDaemon: "/usr/libexec/kata-qemu/virtiofsd",
},
},
}
err := updateRuntimeConfigHypervisor(configFile, tomlConf, &config)
if h.valid {
assert.NoError(err, "test %d (%+v)", i, h)
} else {
assert.Error(err, "test %d (%+v)", i, h)
expectedErr := fmt.Errorf("%v: %v: %+q", configFile, errInvalidHypervisorPrefix, h.name)
assert.Equal(err, expectedErr, "test %d (%+v)", i, h)
}
}
}