diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index 4f6ccd9582..d70a4dd7aa 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -686,6 +686,7 @@ dependencies = [ "tracing-subscriber", "ttrpc", "vsock-exporter", + "which", ] [[package]] @@ -2172,13 +2173,13 @@ checksum = "6a89911bd99e5f3659ec4acf9c4d93b0a90fe4a2a11f15328472058edc5261be" [[package]] name = "which" -version = "4.2.5" +version = "4.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c4fb54e6113b6a8772ee41c3404fb0301ac79604489467e0a9ce1f3e97c24ae" +checksum = "1c831fbbee9e129a8cf93e7747a82da9d95ba8e16621cae60ec2cdc849bacb7b" dependencies = [ "either", - "lazy_static", "libc", + "once_cell", ] [[package]] diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml index b0e2ec8cce..54a2f1f33d 100644 --- a/src/agent/Cargo.toml +++ b/src/agent/Cargo.toml @@ -69,6 +69,7 @@ clap = { version = "3.0.1", features = ["derive"] } [dev-dependencies] tempfile = "3.1.0" test-utils = { path = "../libs/test-utils" } +which = "4.3.0" [workspace] members = [ diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index bf6420e9b7..58d571a363 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -2032,6 +2032,11 @@ mod tests { use tempfile::{tempdir, TempDir}; use test_utils::{assert_result, skip_if_not_root}; use ttrpc::{r#async::TtrpcContext, MessageHeader}; + use which::which; + + fn check_command(cmd: &str) -> bool { + which(cmd).is_ok() + } fn mk_ttrpc_context() -> TtrpcContext { TtrpcContext { @@ -2751,6 +2756,18 @@ OtherField:other async fn test_ip_tables() { skip_if_not_root!(); + if !check_command(IPTABLES_SAVE) + || !check_command(IPTABLES_RESTORE) + || !check_command(IP6TABLES_SAVE) + || !check_command(IP6TABLES_RESTORE) + { + warn!( + sl!(), + "one or more commands for ip tables test are missing, skip it" + ); + return; + } + let logger = slog::Logger::root(slog::Discard, o!()); let sandbox = Sandbox::new(&logger).unwrap(); let agent_service = Box::new(AgentService { diff --git a/src/libs/kata-types/src/config/hypervisor/mod.rs b/src/libs/kata-types/src/config/hypervisor/mod.rs index 0df6693226..edabff23bc 100644 --- a/src/libs/kata-types/src/config/hypervisor/mod.rs +++ b/src/libs/kata-types/src/config/hypervisor/mod.rs @@ -32,7 +32,7 @@ use regex::RegexSet; use super::{default, ConfigOps, ConfigPlugin, TomlConfig}; use crate::annotations::KATA_ANNO_CFG_HYPERVISOR_PREFIX; -use crate::{eother, resolve_path, validate_path}; +use crate::{eother, resolve_path, sl, validate_path}; mod dragonball; pub use self::dragonball::{DragonballConfig, HYPERVISOR_NAME_DRAGONBALL}; @@ -830,6 +830,10 @@ impl SharedFsInfo { if self.virtio_fs_cache.is_empty() { self.virtio_fs_cache = default::DEFAULT_VIRTIO_FS_CACHE_MODE.to_string(); } + if self.virtio_fs_cache == *"none" { + warn!(sl!(), "virtio-fs cache mode `none` is deprecated since Kata Containers 2.5.0 and will be removed in the future release, please use `never` instead. For more details please refer to https://github.com/kata-containers/kata-containers/issues/4234."); + self.virtio_fs_cache = default::DEFAULT_VIRTIO_FS_CACHE_MODE.to_string(); + } if self.virtio_fs_is_dax && self.virtio_fs_cache_size == 0 { self.virtio_fs_cache_size = default::DEFAULT_VIRTIO_FS_DAX_SIZE_MB; } diff --git a/src/runtime/pkg/containerd-shim-v2/wait.go b/src/runtime/pkg/containerd-shim-v2/wait.go index ebb742790d..ecf75b8c34 100644 --- a/src/runtime/pkg/containerd-shim-v2/wait.go +++ b/src/runtime/pkg/containerd-shim-v2/wait.go @@ -120,10 +120,12 @@ func watchSandbox(ctx context.Context, s *service) { if err == nil { return } - s.monitor = nil s.mu.Lock() defer s.mu.Unlock() + + s.monitor = nil + // sandbox malfunctioning, cleanup as much as we can shimLog.WithError(err).Warn("sandbox stopped unexpectedly") err = s.sandbox.Stop(ctx, true) diff --git a/src/runtime/virtcontainers/clh.go b/src/runtime/virtcontainers/clh.go index 69cfe7917e..555e9b3ecf 100644 --- a/src/runtime/virtcontainers/clh.go +++ b/src/runtime/virtcontainers/clh.go @@ -651,9 +651,6 @@ func (clh *cloudHypervisor) StartVM(ctx context.Context, timeout int) error { span, _ := katatrace.Trace(ctx, clh.Logger(), "StartVM", clhTracingTags, map[string]string{"sandbox_id": clh.id}) defer span.End() - ctx, cancel := context.WithTimeout(context.Background(), clh.getClhAPITimeout()*time.Second) - defer cancel() - clh.Logger().WithField("function", "StartVM").Info("starting Sandbox") vmPath := filepath.Join(clh.config.VMStorePath, clh.id) @@ -692,6 +689,9 @@ func (clh *cloudHypervisor) StartVM(ctx context.Context, timeout int) error { } clh.state.PID = pid + ctx, cancel := context.WithTimeout(ctx, clh.getClhAPITimeout()*time.Second) + defer cancel() + if err := clh.bootVM(ctx); err != nil { return err } diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go index b7680a3180..b45e26a783 100644 --- a/src/runtime/virtcontainers/qemu_amd64.go +++ b/src/runtime/virtcontainers/qemu_amd64.go @@ -261,7 +261,7 @@ func (q *qemuAmd64) appendProtectionDevice(devices []govmmQemu.Device, firmware, Debug: false, File: firmware, CBitPos: cpuid.AMDMemEncrypt.CBitPosition, - ReducedPhysBits: cpuid.AMDMemEncrypt.PhysAddrReduction, + ReducedPhysBits: 1, }), "", nil case noneProtection: return devices, firmware, nil diff --git a/src/runtime/virtcontainers/qemu_amd64_test.go b/src/runtime/virtcontainers/qemu_amd64_test.go index 740cb6460b..5735b96a55 100644 --- a/src/runtime/virtcontainers/qemu_amd64_test.go +++ b/src/runtime/virtcontainers/qemu_amd64_test.go @@ -287,7 +287,7 @@ func TestQemuAmd64AppendProtectionDevice(t *testing.T) { Debug: false, File: firmware, CBitPos: cpuid.AMDMemEncrypt.CBitPosition, - ReducedPhysBits: cpuid.AMDMemEncrypt.PhysAddrReduction, + ReducedPhysBits: 1, }, } diff --git a/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh b/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh index 8b0a048264..e13e9b7381 100755 --- a/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh +++ b/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh @@ -57,6 +57,7 @@ init_env() { LIBC="gnu" ARCH="powerpc64le" ARCH_LIBC=${ARCH}-linux-${LIBC} + extra_rust_flags="" ;; "s390x") LIBC="gnu"