From 9590874d9caac7537c5f3a13f797a2fbf5a7553b Mon Sep 17 00:00:00 2001 From: David Gibson Date: Fri, 11 Feb 2022 12:29:43 +1100 Subject: [PATCH] device: Update PCIDEVICE_ environment variables for the guest In commit 78dff468bf1 we introduced logic to rewrite PCIDEVICE_ environment variables for the container so that they contain correct addresses for the Kata VM rather than for the host. Unfortunately, we never actually invoked the function to do this. It turns out we need to do this not only at container creation time, but also for environment variables supplied to processes exec-ed into the container after creation (e.g. with crictl exec). Add calls to make both those updates. fixes #3634 Signed-off-by: David Gibson --- src/agent/src/device.rs | 8 +++++++- src/agent/src/rpc.rs | 9 +++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/agent/src/device.rs b/src/agent/src/device.rs index ad181141cd..31c5c120bc 100644 --- a/src/agent/src/device.rs +++ b/src/agent/src/device.rs @@ -596,7 +596,10 @@ fn update_spec_devices(spec: &mut Spec, mut updates: HashMap<&str, DevUpdate>) - // variables to be correct for the VM instead of the host. It is // given a map of (host address => guest address) #[instrument] -fn update_env_pci(env: &mut [String], pcimap: &HashMap) -> Result<()> { +pub fn update_env_pci( + env: &mut [String], + pcimap: &HashMap, +) -> Result<()> { for envvar in env { let eqpos = envvar .find('=') @@ -793,6 +796,9 @@ pub async fn add_devices( } } + if let Some(process) = spec.process.as_mut() { + update_env_pci(&mut process.env, &sandbox.lock().await.pcimap)? + } update_spec_devices(spec, dev_updates) } diff --git a/src/agent/src/rpc.rs b/src/agent/src/rpc.rs index 444be723cf..276746b9fe 100644 --- a/src/agent/src/rpc.rs +++ b/src/agent/src/rpc.rs @@ -43,7 +43,9 @@ use nix::sys::stat; use nix::unistd::{self, Pid}; use rustjail::process::ProcessOperations; -use crate::device::{add_devices, get_virtio_blk_pci_device_name, update_device_cgroup}; +use crate::device::{ + add_devices, get_virtio_blk_pci_device_name, update_device_cgroup, update_env_pci, +}; use crate::linux_abi::*; use crate::metrics::get_metrics; use crate::mount::{add_storages, baremount, remove_mounts, STORAGE_HANDLER_LIST}; @@ -359,11 +361,14 @@ impl AgentService { let s = self.sandbox.clone(); let mut sandbox = s.lock().await; - let process = req + let mut process = req .process .into_option() .ok_or_else(|| anyhow!(nix::Error::EINVAL))?; + // Apply any necessary corrections for PCI addresses + update_env_pci(&mut process.Env, &sandbox.pcimap)?; + let pipe_size = AGENT_CONFIG.read().await.container_pipe_size; let ocip = rustjail::process_grpc_to_oci(&process); let p = Process::new(&sl!(), &ocip, exec_id.as_str(), false, pipe_size)?;