runtime: Instantiate/pass vfio-ap device to ociSpec

This commit adds the missing step of passing an attached vfio-ap device to a container via ociSpec. It instantiates and passes a vfio-ap device (e.g. a Z crypto device). A device at `/dev/z90crypt` covers all use cases at the time of writing. Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
2025-09-16 14:28:35 +00:00 · 2024-05-29 14:07:15 +02:00
parent f0187ff969
commit 99690ab202
2 changed files with 6 additions and 1 deletions
--- a/src/agent/src/device.rs
+++ b/src/agent/src/device.rs
@@ -933,7 +933,11 @@ async fn vfio_ap_device_handler(
    for apqn in device.options.iter() {
        wait_for_ap_device(sandbox, ap::Address::from_str(apqn)?).await?;
    }
-    Ok(Default::default())
+    let dev_update = Some(DevUpdate::new(Z9_CRYPT_DEV_PATH, Z9_CRYPT_DEV_PATH)?);
+    Ok(SpecUpdate {
+        dev: dev_update,
+        pci: Vec::new(),
+    })
 }

 #[cfg(not(target_arch = "s390x"))]
--- a/src/agent/src/linux_abi.rs
+++ b/src/agent/src/linux_abi.rs
@@ -71,6 +71,7 @@ cfg_if! {
        pub const CCW_ROOT_BUS_PATH: &str = "/devices/css0";
        pub const AP_ROOT_BUS_PATH: &str = "/devices/ap";
        pub const AP_SCANS_PATH: &str = "/sys/bus/ap/scans";
+        pub const Z9_CRYPT_DEV_PATH: &str = "/dev/z90crypt";
    }
 }