device: Update PCIDEVICE_ environment variables for the guest

In commit 78dff468bf1 we introduced logic to rewrite PCIDEVICE_ environment variables for the container so that they contain correct addresses for the Kata VM rather than for the host. Unfortunately, we never actually invoked the function to do this. It turns out we need to do this not only at container creation time, but also for environment variables supplied to processes exec-ed into the container after creation (e.g. with crictl exec). Add calls to make both those updates. fixes #3634 Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2025-06-24 22:43:05 +00:00 · 2022-02-11 12:29:43 +11:00 · 2022-02-11 12:29:43 +11:00 · 9590874d9c
commit 9590874d9c
parent 7b7f426a3f
2 changed files with 14 additions and 3 deletions
--- a/src/agent/src/device.rs
+++ b/src/agent/src/device.rs
@ -596,7 +596,10 @@ fn update_spec_devices(spec: &mut Spec, mut updates: HashMap<&str, DevUpdate>) -
 // variables to be correct for the VM instead of the host.  It is
 // given a map of (host address => guest address)
 #[instrument]
-fn update_env_pci(env: &mut [String], pcimap: &HashMap<pci::Address, pci::Address>) -> Result<()> {
+pub fn update_env_pci(
+    env: &mut [String],
+    pcimap: &HashMap<pci::Address, pci::Address>,
+) -> Result<()> {
    for envvar in env {
        let eqpos = envvar
            .find('=')
@ -793,6 +796,9 @@ pub async fn add_devices(
        }
    }

+    if let Some(process) = spec.process.as_mut() {
+        update_env_pci(&mut process.env, &sandbox.lock().await.pcimap)?
+    }
    update_spec_devices(spec, dev_updates)
 }

--- a/src/agent/src/rpc.rs
+++ b/src/agent/src/rpc.rs
@ -43,7 +43,9 @@ use nix::sys::stat;
 use nix::unistd::{self, Pid};
 use rustjail::process::ProcessOperations;

-use crate::device::{add_devices, get_virtio_blk_pci_device_name, update_device_cgroup};
+use crate::device::{
+    add_devices, get_virtio_blk_pci_device_name, update_device_cgroup, update_env_pci,
+};
 use crate::linux_abi::*;
 use crate::metrics::get_metrics;
 use crate::mount::{add_storages, baremount, remove_mounts, STORAGE_HANDLER_LIST};
@ -359,11 +361,14 @@ impl AgentService {
        let s = self.sandbox.clone();
        let mut sandbox = s.lock().await;

-        let process = req
+        let mut process = req
            .process
            .into_option()
            .ok_or_else(|| anyhow!(nix::Error::EINVAL))?;

+        // Apply any necessary corrections for PCI addresses
+        update_env_pci(&mut process.Env, &sandbox.pcimap)?;
+
        let pipe_size = AGENT_CONFIG.read().await.container_pipe_size;
        let ocip = rustjail::process_grpc_to_oci(&process);
        let p = Process::new(&sl!(), &ocip, exec_id.as_str(), false, pipe_size)?;