Merge pull request #6275 from amshinde/stable-3.0-backports

stable-3.0: Stable 3.0 backports
2025-08-02 08:17:01 +00:00 · 2023-02-14 14:28:04 -08:00 · 2023-02-14 14:28:04 -08:00 · 69e681961a
commit 69e681961a
parent e299c6bd4b 178ee3d7e3
9 changed files with 36 additions and 10 deletions
--- a/src/agent/Cargo.lock
+++ b/src/agent/Cargo.lock
@ -686,6 +686,7 @@ dependencies = [
 "tracing-subscriber",
 "ttrpc",
 "vsock-exporter",
+ "which",
 ]

 [[package]]
@ -2172,13 +2173,13 @@ checksum = "6a89911bd99e5f3659ec4acf9c4d93b0a90fe4a2a11f15328472058edc5261be"

 [[package]]
 name = "which"
-version = "4.2.5"
+version = "4.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c4fb54e6113b6a8772ee41c3404fb0301ac79604489467e0a9ce1f3e97c24ae"
+checksum = "1c831fbbee9e129a8cf93e7747a82da9d95ba8e16621cae60ec2cdc849bacb7b"
 dependencies = [
 "either",
- "lazy_static",
 "libc",
+ "once_cell",
 ]

 [[package]]
--- a/src/agent/Cargo.toml
+++ b/src/agent/Cargo.toml
@ -69,6 +69,7 @@ clap = { version = "3.0.1", features = ["derive"] }
 [dev-dependencies]
 tempfile = "3.1.0"
 test-utils = { path = "../libs/test-utils" }
+which = "4.3.0"

 [workspace]
 members = [
--- a/src/agent/src/rpc.rs
+++ b/src/agent/src/rpc.rs
@ -2032,6 +2032,11 @@ mod tests {
    use tempfile::{tempdir, TempDir};
    use test_utils::{assert_result, skip_if_not_root};
    use ttrpc::{r#async::TtrpcContext, MessageHeader};
+    use which::which;
+
+    fn check_command(cmd: &str) -> bool {
+        which(cmd).is_ok()
+    }

    fn mk_ttrpc_context() -> TtrpcContext {
        TtrpcContext {
@ -2751,6 +2756,18 @@ OtherField:other
    async fn test_ip_tables() {
        skip_if_not_root!();

+        if !check_command(IPTABLES_SAVE)
+            || !check_command(IPTABLES_RESTORE)
+            || !check_command(IP6TABLES_SAVE)
+            || !check_command(IP6TABLES_RESTORE)
+        {
+            warn!(
+                sl!(),
+                "one or more commands for ip tables test are missing, skip it"
+            );
+            return;
+        }
+
        let logger = slog::Logger::root(slog::Discard, o!());
        let sandbox = Sandbox::new(&logger).unwrap();
        let agent_service = Box::new(AgentService {
--- a/src/libs/kata-types/src/config/hypervisor/mod.rs
+++ b/src/libs/kata-types/src/config/hypervisor/mod.rs
@ -32,7 +32,7 @@ use regex::RegexSet;

 use super::{default, ConfigOps, ConfigPlugin, TomlConfig};
 use crate::annotations::KATA_ANNO_CFG_HYPERVISOR_PREFIX;
-use crate::{eother, resolve_path, validate_path};
+use crate::{eother, resolve_path, sl, validate_path};

 mod dragonball;
 pub use self::dragonball::{DragonballConfig, HYPERVISOR_NAME_DRAGONBALL};
@ -830,6 +830,10 @@ impl SharedFsInfo {
        if self.virtio_fs_cache.is_empty() {
            self.virtio_fs_cache = default::DEFAULT_VIRTIO_FS_CACHE_MODE.to_string();
        }
+        if self.virtio_fs_cache == *"none" {
+            warn!(sl!(), "virtio-fs cache mode `none` is deprecated since Kata Containers 2.5.0 and will be removed in the future release, please use `never` instead. For more details please refer to https://github.com/kata-containers/kata-containers/issues/4234.");
+            self.virtio_fs_cache = default::DEFAULT_VIRTIO_FS_CACHE_MODE.to_string();
+        }
        if self.virtio_fs_is_dax && self.virtio_fs_cache_size == 0 {
            self.virtio_fs_cache_size = default::DEFAULT_VIRTIO_FS_DAX_SIZE_MB;
        }
--- a/src/runtime/pkg/containerd-shim-v2/wait.go
+++ b/src/runtime/pkg/containerd-shim-v2/wait.go
@ -120,10 +120,12 @@ func watchSandbox(ctx context.Context, s *service) {
 	if err == nil {
 		return
 	}
-	s.monitor = nil

 	s.mu.Lock()
 	defer s.mu.Unlock()
+
+	s.monitor = nil
+
 	// sandbox malfunctioning, cleanup as much as we can
 	shimLog.WithError(err).Warn("sandbox stopped unexpectedly")
 	err = s.sandbox.Stop(ctx, true)
--- a/src/runtime/virtcontainers/clh.go
+++ b/src/runtime/virtcontainers/clh.go
@ -651,9 +651,6 @@ func (clh *cloudHypervisor) StartVM(ctx context.Context, timeout int) error {
 	span, _ := katatrace.Trace(ctx, clh.Logger(), "StartVM", clhTracingTags, map[string]string{"sandbox_id": clh.id})
 	defer span.End()

-	ctx, cancel := context.WithTimeout(context.Background(), clh.getClhAPITimeout()*time.Second)
-	defer cancel()
-
 	clh.Logger().WithField("function", "StartVM").Info("starting Sandbox")

 	vmPath := filepath.Join(clh.config.VMStorePath, clh.id)
@ -692,6 +689,9 @@ func (clh *cloudHypervisor) StartVM(ctx context.Context, timeout int) error {
 	}
 	clh.state.PID = pid

+	ctx, cancel := context.WithTimeout(ctx, clh.getClhAPITimeout()*time.Second)
+	defer cancel()
+
 	if err := clh.bootVM(ctx); err != nil {
 		return err
 	}
--- a/src/runtime/virtcontainers/qemu_amd64.go
+++ b/src/runtime/virtcontainers/qemu_amd64.go
@ -261,7 +261,7 @@ func (q *qemuAmd64) appendProtectionDevice(devices []govmmQemu.Device, firmware,
 				Debug:           false,
 				File:            firmware,
 				CBitPos:         cpuid.AMDMemEncrypt.CBitPosition,
-				ReducedPhysBits: cpuid.AMDMemEncrypt.PhysAddrReduction,
+				ReducedPhysBits: 1,
 			}), "", nil
 	case noneProtection:
 		return devices, firmware, nil
--- a/src/runtime/virtcontainers/qemu_amd64_test.go
+++ b/src/runtime/virtcontainers/qemu_amd64_test.go
@ -287,7 +287,7 @@ func TestQemuAmd64AppendProtectionDevice(t *testing.T) {
 			Debug:           false,
 			File:            firmware,
 			CBitPos:         cpuid.AMDMemEncrypt.CBitPosition,
-			ReducedPhysBits: cpuid.AMDMemEncrypt.PhysAddrReduction,
+			ReducedPhysBits: 1,
 		},
 	}

--- a/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh
+++ b/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh
@ -57,6 +57,7 @@ init_env() {
       LIBC="gnu"
       ARCH="powerpc64le"
       ARCH_LIBC=${ARCH}-linux-${LIBC}
+       extra_rust_flags=""
     ;;
     "s390x")
       LIBC="gnu"