From 92f3b11c944f2ec0d9589b5d7cae0842a9fd1240 Mon Sep 17 00:00:00 2001 From: ls <335814617@qq.com> Date: Mon, 16 Jan 2023 14:45:37 +0800 Subject: [PATCH 1/6] runtime:all APIs are hang in the service.mu When the vmm process exits abnormally, a goroutine sets s.monitor to null in the 'watchSandbox' function without getting service.mu, This will cause another goroutine to block when sending a message to s.monitor, and it holds service.mu, which leads to a deadlock. For example, the wait function in the file .../pkg/containerd-shim-v2/wait.go will send a message to s.monitor after obtaining service.mu, but s.monitor may be null at this time Fixes: #6059 Signed-off-by: ls <335814617@qq.com> (cherry picked from commit 69fc8de7123156477717803bbb30df19264975d9) --- src/runtime/pkg/containerd-shim-v2/wait.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/runtime/pkg/containerd-shim-v2/wait.go b/src/runtime/pkg/containerd-shim-v2/wait.go index ebb742790d..ecf75b8c34 100644 --- a/src/runtime/pkg/containerd-shim-v2/wait.go +++ b/src/runtime/pkg/containerd-shim-v2/wait.go @@ -120,10 +120,12 @@ func watchSandbox(ctx context.Context, s *service) { if err == nil { return } - s.monitor = nil s.mu.Lock() defer s.mu.Unlock() + + s.monitor = nil + // sandbox malfunctioning, cleanup as much as we can shimLog.WithError(err).Warn("sandbox stopped unexpectedly") err = s.sandbox.Stop(ctx, true) From 960f089d3c52b7e54e288304a9887454723a148b Mon Sep 17 00:00:00 2001 From: Archana Shinde Date: Mon, 13 Feb 2023 15:38:06 -0800 Subject: [PATCH 2/6] virtiofsd: fix the build on ppc64le link-self-contained is not supported on ppc64le rust target. Hence, do not pass it while building virtiofsd. Fixes: #6195 Backport of #856ab66871 Signed-off-by: Amulyam24 Signed-off-by: Archana Shinde --- tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh b/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh index 8b0a048264..e13e9b7381 100755 --- a/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh +++ b/tools/packaging/static-build/virtiofsd/build-static-virtiofsd.sh @@ -57,6 +57,7 @@ init_env() { LIBC="gnu" ARCH="powerpc64le" ARCH_LIBC=${ARCH}-linux-${LIBC} + extra_rust_flags="" ;; "s390x") LIBC="gnu" From 98f60c100c794f64130f13e6227516db2295309c Mon Sep 17 00:00:00 2001 From: Alexandru Matei Date: Tue, 7 Feb 2023 17:04:37 +0200 Subject: [PATCH 3/6] clh: Enforce API timeout only for vm.boot request launchClh already has a timeout of 10seconds for launching clh, e.g. if launchClh or setupVirtiofsDaemon takes a few seconds the context's deadline will already be expired by the time it reaches bootVM Fixes #6240 Signed-off-by: Alexandru Matei (cherry picked from commit ac64b021a6817296ea8240755abcff22fa9a1b80) --- src/runtime/virtcontainers/clh.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/runtime/virtcontainers/clh.go b/src/runtime/virtcontainers/clh.go index 69cfe7917e..555e9b3ecf 100644 --- a/src/runtime/virtcontainers/clh.go +++ b/src/runtime/virtcontainers/clh.go @@ -651,9 +651,6 @@ func (clh *cloudHypervisor) StartVM(ctx context.Context, timeout int) error { span, _ := katatrace.Trace(ctx, clh.Logger(), "StartVM", clhTracingTags, map[string]string{"sandbox_id": clh.id}) defer span.End() - ctx, cancel := context.WithTimeout(context.Background(), clh.getClhAPITimeout()*time.Second) - defer cancel() - clh.Logger().WithField("function", "StartVM").Info("starting Sandbox") vmPath := filepath.Join(clh.config.VMStorePath, clh.id) @@ -692,6 +689,9 @@ func (clh *cloudHypervisor) StartVM(ctx context.Context, timeout int) error { } clh.state.PID = pid + ctx, cancel := context.WithTimeout(ctx, clh.getClhAPITimeout()*time.Second) + defer cancel() + if err := clh.bootVM(ctx); err != nil { return err } From 123c867172cecbcfe64decd5f8aae62b07c3b5a4 Mon Sep 17 00:00:00 2001 From: Larry Dewey Date: Thu, 25 Aug 2022 13:43:05 -0500 Subject: [PATCH 4/6] SEV: Update ReducedPhysBits Updating this field, as `cpuid` provides host level data, which is not what a guest would expect for Reduced Phsycial Bits. In almost all cases, we should be using `1` for the value here. Amend: Adding unit test change. Fixes: #5006 Signed-off-by: Larry Dewey (cherry picked from commit 67b8f0773fb8ee6b9aeae02e5feaaa9a3b9825a0) --- src/runtime/virtcontainers/qemu_amd64.go | 2 +- src/runtime/virtcontainers/qemu_amd64_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/runtime/virtcontainers/qemu_amd64.go b/src/runtime/virtcontainers/qemu_amd64.go index b7680a3180..b45e26a783 100644 --- a/src/runtime/virtcontainers/qemu_amd64.go +++ b/src/runtime/virtcontainers/qemu_amd64.go @@ -261,7 +261,7 @@ func (q *qemuAmd64) appendProtectionDevice(devices []govmmQemu.Device, firmware, Debug: false, File: firmware, CBitPos: cpuid.AMDMemEncrypt.CBitPosition, - ReducedPhysBits: cpuid.AMDMemEncrypt.PhysAddrReduction, + ReducedPhysBits: 1, }), "", nil case noneProtection: return devices, firmware, nil diff --git a/src/runtime/virtcontainers/qemu_amd64_test.go b/src/runtime/virtcontainers/qemu_amd64_test.go index 740cb6460b..5735b96a55 100644 --- a/src/runtime/virtcontainers/qemu_amd64_test.go +++ b/src/runtime/virtcontainers/qemu_amd64_test.go @@ -287,7 +287,7 @@ func TestQemuAmd64AppendProtectionDevice(t *testing.T) { Debug: false, File: firmware, CBitPos: cpuid.AMDMemEncrypt.CBitPosition, - ReducedPhysBits: cpuid.AMDMemEncrypt.PhysAddrReduction, + ReducedPhysBits: 1, }, } From 7461bcd760616d402357b5133e36adc76524cba2 Mon Sep 17 00:00:00 2001 From: Zhongtao Hu Date: Tue, 10 Jan 2023 20:23:49 +0800 Subject: [PATCH 5/6] runtime-rs: change cache mode use never as the cache mode if none is configured Fixes:#6020 Signed-off-by: Zhongtao Hu (cherry picked from commit 6199b69178e892c1e09b688d02ef3e49581c9ff8) --- src/libs/kata-types/src/config/hypervisor/mod.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/libs/kata-types/src/config/hypervisor/mod.rs b/src/libs/kata-types/src/config/hypervisor/mod.rs index 0df6693226..edabff23bc 100644 --- a/src/libs/kata-types/src/config/hypervisor/mod.rs +++ b/src/libs/kata-types/src/config/hypervisor/mod.rs @@ -32,7 +32,7 @@ use regex::RegexSet; use super::{default, ConfigOps, ConfigPlugin, TomlConfig}; use crate::annotations::KATA_ANNO_CFG_HYPERVISOR_PREFIX; -use crate::{eother, resolve_path, validate_path}; +use crate::{eother, resolve_path, sl, validate_path}; mod dragonball; pub use self::dragonball::{DragonballConfig, HYPERVISOR_NAME_DRAGONBALL}; @@ -830,6 +830,10 @@ impl SharedFsInfo { if self.virtio_fs_cache.is_empty() { self.virtio_fs_cache = default::DEFAULT_VIRTIO_FS_CACHE_MODE.to_string(); } + if self.virtio_fs_cache == *"none" { + warn!(sl!(), "virtio-fs cache mode `none` is deprecated since Kata Containers 2.5.0 and will be removed in the future release, please use `never` instead. For more details please refer to https://github.com/kata-containers/kata-containers/issues/4234."); + self.virtio_fs_cache = default::DEFAULT_VIRTIO_FS_CACHE_MODE.to_string(); + } if self.virtio_fs_is_dax && self.virtio_fs_cache_size == 0 { self.virtio_fs_cache_size = default::DEFAULT_VIRTIO_FS_DAX_SIZE_MB; } From 178ee3d7e39f807813dbbcce43865393566507bc Mon Sep 17 00:00:00 2001 From: Jianyong Wu Date: Fri, 18 Nov 2022 13:40:01 +0800 Subject: [PATCH 6/6] agent: check command before do test_ip_tables test_ip_tables test depends on iptables tools. But we can't ensure these tools are exist. it's better to skip the test if there is no such tools. Fixes: #5697 Signed-off-by: Jianyong Wu (cherry picked from commit b53171b605c680d5d78bc426343f9e66a63ec82b) --- src/agent/Cargo.lock | 7 ++++--- src/agent/Cargo.toml | 1 + src/agent/src/rpc.rs | 17 +++++++++++++++++ 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/src/agent/Cargo.lock b/src/agent/Cargo.lock index 4f6ccd9582..d70a4dd7aa 100644 --- a/src/agent/Cargo.lock +++ b/src/agent/Cargo.lock @@ -686,6 +686,7 @@ dependencies = [ "tracing-subscriber", "ttrpc", "vsock-exporter", + "which", ] [[package]] @@ -2172,13 +2173,13 @@ checksum = "6a89911bd99e5f3659ec4acf9c4d93b0a90fe4a2a11f15328472058edc5261be" [[package]] name = "which" -version = "4.2.5" +version = "4.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c4fb54e6113b6a8772ee41c3404fb0301ac79604489467e0a9ce1f3e97c24ae" +checksum = "1c831fbbee9e129a8cf93e7747a82da9d95ba8e16621cae60ec2cdc849bacb7b" dependencies = [ "either", - "lazy_static", "libc", + "once_cell", ] [[package]] diff --git a/src/agent/Cargo.toml b/src/agent/Cargo.toml index b0e2ec8cce..54a2f1f33d 100644 --- a/src/agent/Cargo.toml +++ b/src/agent/Cargo.toml @@ -69,6 +69,7 @@ clap = { version = "3.0.1", features = ["derive"] } [dev-dependencies] tempfile = "3.1.0" test-utils = { path = "../libs/test-utils" } +which = "4.3.0" [workspace] members = [ diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index bf6420e9b7..58d571a363 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -2032,6 +2032,11 @@ mod tests { use tempfile::{tempdir, TempDir}; use test_utils::{assert_result, skip_if_not_root}; use ttrpc::{r#async::TtrpcContext, MessageHeader}; + use which::which; + + fn check_command(cmd: &str) -> bool { + which(cmd).is_ok() + } fn mk_ttrpc_context() -> TtrpcContext { TtrpcContext { @@ -2751,6 +2756,18 @@ OtherField:other async fn test_ip_tables() { skip_if_not_root!(); + if !check_command(IPTABLES_SAVE) + || !check_command(IPTABLES_RESTORE) + || !check_command(IP6TABLES_SAVE) + || !check_command(IP6TABLES_RESTORE) + { + warn!( + sl!(), + "one or more commands for ip tables test are missing, skip it" + ); + return; + } + let logger = slog::Logger::root(slog::Discard, o!()); let sandbox = Sandbox::new(&logger).unwrap(); let agent_service = Box::new(AgentService {