github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-28 19:54:35 +00:00
Code Issues Projects Releases Wiki Activity

runtime: Add parameter to constrainGRPCSpec to control VFIO handling

Browse Source 
Currently constrainGRPCSpec always removes VFIO devices from the OCI
container spec which will be used for the inner container.  For
upcoming support for VFIO devices in DPDK usecases we'll need to not
do that.

As a preliminary to that, add an extra parameter to the function to
control whether or not it will remove the VFIO devices from the spec.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
David Gibson 2021-10-08 17:03:59 +11:00
parent d9e2e9edb2
commit 68696e051d
2 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/runtime/virtcontainers/kata_agent.go
View File

@ -995,7 +995,7 @@ func (k *kataAgent) replaceOCIMountsForStorages(spec *specs.Spec, volumeStorages
return nil return nil
} }
func (k *kataAgent) constrainGRPCSpec(grpcSpec *grpc.Spec, passSeccomp bool) { func (k *kataAgent) constrainGRPCSpec(grpcSpec *grpc.Spec, passSeccomp bool, stripVfio bool) {
// Disable Hooks since they have been handled on the host and there is // Disable Hooks since they have been handled on the host and there is
// no reason to send them to the agent. It would make no sense to try // no reason to send them to the agent. It would make no sense to try
// to apply them on the guest. // to apply them on the guest.
@ -1058,17 +1058,21 @@ func (k *kataAgent) constrainGRPCSpec(grpcSpec *grpc.Spec, passSeccomp bool) {
} }
grpcSpec.Linux.Namespaces = tmpNamespaces grpcSpec.Linux.Namespaces = tmpNamespaces
// VFIO char device shouldn't not appear in the guest, if stripVfio {
// the device driver should handle it and determinate its group. // VFIO char device shouldn't appear in the guest
var linuxDevices []grpc.LinuxDevice // (because the VM device driver will do something
for _, dev := range grpcSpec.Linux.Devices { // with it rather than just presenting it to the
if dev.Type == "c" && strings.HasPrefix(dev.Path, vfioPath) { // container unmodified)
k.Logger().WithField("vfio-dev", dev.Path).Debug("removing vfio device from grpcSpec") var linuxDevices []grpc.LinuxDevice
continue for _, dev := range grpcSpec.Linux.Devices {
if dev.Type == "c" && strings.HasPrefix(dev.Path, vfioPath) {
k.Logger().WithField("vfio-dev", dev.Path).Debug("removing vfio device from grpcSpec")
continue
}
linuxDevices = append(linuxDevices, dev)
} }
linuxDevices = append(linuxDevices, dev) grpcSpec.Linux.Devices = linuxDevices
} }
grpcSpec.Linux.Devices = linuxDevices
} }
func (k *kataAgent) handleShm(mounts []specs.Mount, sandbox *Sandbox) { func (k *kataAgent) handleShm(mounts []specs.Mount, sandbox *Sandbox) {
@ -1413,7 +1417,7 @@ func (k *kataAgent) createContainer(ctx context.Context, sandbox *Sandbox, c *Co
// We need to constrain the spec to make sure we're not // We need to constrain the spec to make sure we're not
// passing irrelevant information to the agent. // passing irrelevant information to the agent.
k.constrainGRPCSpec(grpcSpec, passSeccomp) k.constrainGRPCSpec(grpcSpec, passSeccomp, true)
req := &grpc.CreateContainerRequest{ req := &grpc.CreateContainerRequest{
ContainerId: c.id, ContainerId: c.id,

2
src/runtime/virtcontainers/kata_agent_test.go
View File

@ -589,7 +589,7 @@ func TestConstrainGRPCSpec(t *testing.T) {
} }
k := kataAgent{} k := kataAgent{}
k.constrainGRPCSpec(g, true) k.constrainGRPCSpec(g, true, true)
// check nil fields // check nil fields
assert.Nil(g.Hooks) assert.Nil(g.Hooks)