From 93e02944fab87eb66a79c0187bf03d57a7e736f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Sat, 9 May 2026 11:10:10 +0200 Subject: [PATCH] image-builder/nvidia: skip DAX header for virtio-blk-pci images MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The DAX header (2 MiB of NVDIMM metadata + a duplicate MBR) is unconditionally prepended to every image by set_dax_header(). NVIDIA images use virtio-blk-pci with disable_image_nvdimm=true, so the kernel reads MBR #1 directly and never touches the DAX metadata -- it is dead weight. Add a SKIP_DAX_HEADER environment variable (default "no") that, when set to "yes", skips the DAX header entirely: - Removes the 2 MiB DAX overhead from image size calculations in both the erofs and ext4 paths - Skips the set_dax_header() call, avoiding compilation and execution of the nsdax tool - Passes the variable through to containerised builds Enable SKIP_DAX_HEADER=yes for both install_image_nvidia_gpu() and install_image_nvidia_gpu_confidential() in the build pipeline. All other image builds are unaffected (default remains "no"). Signed-off-by: Fabiano FidĂȘncio --- .../osbuilder/image-builder/image_builder.sh | 32 ++++++++++++++----- .../local-build/kata-deploy-binaries.sh | 2 ++ 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/tools/osbuilder/image-builder/image_builder.sh b/tools/osbuilder/image-builder/image_builder.sh index fddb9326d6..5d98c98aff 100755 --- a/tools/osbuilder/image-builder/image_builder.sh +++ b/tools/osbuilder/image-builder/image_builder.sh @@ -79,6 +79,9 @@ Extra environment variables: BLOCK_SIZE: Use to specify the size of blocks in bytes. DEFAULT: 4096 IMAGE_REGISTRY: Hostname for the image registry used to pull down the rootfs build image. NSDAX_BIN: Use to specify path to pre-compiled 'nsdax' tool. + SKIP_DAX_HEADER: If set to "yes", skip the DAX/NVDIMM header. Use for + virtio-blk-pci images that never use NVDIMM. + DEFAULT: "no" USE_DOCKER: If set will build image in a Docker Container (requries docker) DEFAULT: not set USE_PODMAN: If set and USE_DOCKER not set, will build image in a Podman Container (requries podman) @@ -163,7 +166,7 @@ build_with_container() { #Make sure we use a compatible runtime to build rootfs # In case Clear Containers Runtime is installed we dont want to hit issue: #https://github.com/clearcontainers/runtime/issues/828 - # shellcheck disable=SC2086 + # shellcheck disable=SC2086,SC2154 "${container_engine}" run \ --rm \ --runtime "${DOCKER_RUNTIME}" \ @@ -174,6 +177,7 @@ build_with_container() { --env BLOCK_SIZE="${block_size}" \ --env ROOT_FREE_SPACE="${root_free_space}" \ --env NSDAX_BIN="${nsdax_bin}" \ + --env SKIP_DAX_HEADER="${SKIP_DAX_HEADER}" \ --env MEASURED_ROOTFS="${MEASURED_ROOTFS}" \ --env SELINUX="${SELINUX}" \ --env DEBUG="${DEBUG}" \ @@ -316,8 +320,11 @@ calculate_img_size() { local fs_type="$3" local block_size="$4" - # rootfs start + DAX header size + rootfs end - local reserved_size_mb=$((rootfs_start + dax_header_sz + rootfs_end)) + local dax_overhead=0 + if [[ "${SKIP_DAX_HEADER:-no}" != "yes" ]]; then + dax_overhead="${dax_header_sz}" + fi + local reserved_size_mb=$((rootfs_start + dax_overhead + rootfs_end)) disk_size="$(calculate_required_disk_size "${rootfs}" "${fs_type}" "${block_size}")" @@ -712,25 +719,34 @@ main() { die "Invalid rootfs" fi + local skip_dax="${SKIP_DAX_HEADER:-no}" + local dax_overhead=0 + if [[ "${skip_dax}" != "yes" ]]; then + dax_overhead="${dax_header_sz}" + fi + if [[ "${fs_type}" == 'erofs' ]]; then # mkfs.erofs accepts an src root dir directory as an input # rather than some device, so no need to guess the device dest size first. create_erofs_rootfs_image "${rootfs}" "${image}" \ "${block_size}" "${agent_bin}" rootfs_img_size="${erofs_img_size_mb}" - img_size=$((rootfs_img_size + dax_header_sz)) + img_size=$((rootfs_img_size + dax_overhead)) else img_size=$(calculate_img_size "${rootfs}" "${root_free_space}" \ "${fs_type}" "${block_size}") # the first 2M are for the first MBR + NVDIMM metadata and were already - # consider in calculate_img_size - rootfs_img_size=$((img_size - dax_header_sz)) + # considered in calculate_img_size + rootfs_img_size=$((img_size - dax_overhead)) create_rootfs_image "${rootfs}" "${image}" "${rootfs_img_size}" \ "${fs_type}" "${block_size}" "${agent_bin}" fi - # insert at the beginning of the image the MBR + DAX header - set_dax_header "${image}" "${img_size}" "${fs_type}" "${nsdax_bin}" + + if [[ "${skip_dax}" != "yes" ]]; then + # insert at the beginning of the image the MBR + DAX header + set_dax_header "${image}" "${img_size}" "${fs_type}" "${nsdax_bin}" + fi # shellcheck disable=SC2154 chown "${USER}:${GROUP}" "${image}" diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 4634c46dfd..b2f1046299 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -661,6 +661,7 @@ install_image_nvidia_gpu() { export AGENT_POLICY export MEASURED_ROOTFS="yes" export FS_TYPE="erofs" + export SKIP_DAX_HEADER="yes" local version version=$(get_latest_nvidia_driver_version) EXTRA_PKGS="apt curl ${EXTRA_PKGS}" @@ -674,6 +675,7 @@ install_image_nvidia_gpu_confidential() { export AGENT_POLICY export MEASURED_ROOTFS="yes" export FS_TYPE="erofs" + export SKIP_DAX_HEADER="yes" local version version=$(get_latest_nvidia_driver_version) EXTRA_PKGS="apt curl ${EXTRA_PKGS}"