gpu: Build and Ship an GPU enabled Kernel

With each release make sure we ship a GPU and TEE enabled kernel Fixes: #6553 Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
2025-04-28 19:54:35 +00:00 · 2023-04-03 10:10:47 +00:00 · 2023-04-03 10:10:47 +00:00 · aca6ff7289
commit aca6ff7289
parent e4b3b08871
8 changed files with 84 additions and 7 deletions
--- a/.github/workflows/build-kata-static-tarball-amd64.yaml
+++ b/.github/workflows/build-kata-static-tarball-amd64.yaml
@ -21,6 +21,8 @@ jobs:
          - kernel
          - kernel-dragonball-experimental
          - kernel-tdx-experimental
+          - kernel-gpu-snp
+          - kernel-gpu-tdx
          - nydus
          - qemu
          - qemu-tdx-experimental
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@ -92,7 +92,7 @@ jobs:
          tarball="kata-containers-$tag-vendor.tar.gz"
          pushd $GITHUB_WORKSPACE
          bash -c "tools/packaging/release/generate_vendor.sh ${tarball}"
-          GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}" 
+          GITHUB_TOKEN=${{ secrets.GIT_UPLOAD_TOKEN }} hub release edit -m "" -a "${tarball}" "${tag}"
          popd

  upload-libseccomp-tarball:
--- a/tools/packaging/kata-deploy/local-build/Makefile
+++ b/tools/packaging/kata-deploy/local-build/Makefile
@ -26,6 +26,8 @@ all: serial-targets \
 	kernel-tarball \
 	kernel-dragonball-experimental-tarball \
 	kernel-tdx-experimental-tarball \
+	kernel-gpu-snp-tarball \
+	kernel-gpu-tdx-tarball \
 	nydus-tarball \
 	qemu-tarball \
 	qemu-tdx-experimental-tarball \
@ -54,6 +56,12 @@ kernel-tarball:
 kernel-dragonball-experimental-tarball:
 	${MAKE} $@-build

+kernel-gpu-snp-tarball:
+	${MAKE} $@-build
+
+kernel-gpu-tdx-tarball:
+	${MAKE} $@-build
+
 kernel-experimental-tarball:
 	${MAKE} $@-build

--- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
+++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh
@ -82,6 +82,8 @@ options:
 	kernel-dragonball-experimental
 	kernel-experimental
 	kernel-tdx-experimental
+	kernel-gpu-snp
+	kernel-gpu-tdx
 	nydus
 	qemu
 	qemu-tdx-experimental
@ -213,6 +215,26 @@ install_kernel_dragonball_experimental() {
 		"-e -t dragonball"
 }

+#Install GPU and SNP enabled kernel asset
+install_kernel_gpu_snp() {
+	local kernel_url="$(get_from_kata_deps assets.kernel.snp.url)"
+
+	install_kernel_helper \
+		"assets.kernel.snp.version" \
+		"kernel-gpu-snp" \
+		"-x snp -g nvidia -u ${kernel_url} -H deb"
+}
+
+#Install GPU and TDX enabled kernel asset
+install_kernel_gpu_tdx() {
+	local kernel_url="$(get_from_kata_deps assets.kernel-tdx-experimental.url)"
+
+	install_kernel_helper \
+		"assets.kernel-tdx-experimental.version" \
+		"kernel-gpu-tdx" \
+		"-x tdx -g nvidia -u ${kernel_url} -H deb"
+}
+
 #Install experimental kernel asset
 install_kernel_experimental() {
 	install_kernel_helper \
@ -448,6 +470,10 @@ handle_build() {

 	kernel-tdx-experimental) install_kernel_tdx_experimental ;;

+	kernel-gpu-snp) install_kernel_gpu_snp;;
+
+	kernel-gpu-tdx) install_kernel_gpu_tdx;;
+
 	qemu) install_qemu ;;

 	qemu-tdx-experimental) install_qemu_tdx_experimental ;;
--- a/tools/packaging/kernel/build-kernel.sh
+++ b/tools/packaging/kernel/build-kernel.sh
@ -61,6 +61,8 @@ DESTDIR="${DESTDIR:-/}"
 PREFIX="${PREFIX:-/usr}"
 #Kernel URL
 kernel_url=""
+#Linux headers for GPU guest fs module building
+linux_headers=""

 packaging_scripts_dir="${script_dir}/../scripts"
 source "${packaging_scripts_dir}/lib.sh"
@ -239,6 +241,8 @@ get_kernel_frag_path() {

 	if [[ "${gpu_vendor}" != "" ]];then
 		info "Add kernel config for GPU due to '-g ${gpu_vendor}'"
+		local gpu_configs="$(ls ${gpu_path}/${gpu_vendor}.conf)"
+		all_configs="${all_configs} ${gpu_configs}"
 		# If conf_guest is set we need to update the CONFIG_LOCALVERSION
 		# to match the suffix created in install_kata
 		# -nvidia-gpu-{snp|tdx}, the linux headers will be named the very
@ -430,6 +434,24 @@ build_kernel() {
 	popd >>/dev/null
 }

+build_kernel_headers() {
+	local kernel_path=${1:-}
+	[ -n "${kernel_path}" ] || die "kernel_path not provided"
+	[ -d "${kernel_path}" ] || die "path to kernel does not exist, use ${script_name} setup"
+	[ -n "${arch_target}" ] || arch_target="$(uname -m)"
+	arch_target=$(arch_to_kernel "${arch_target}")
+	pushd "${kernel_path}" >>/dev/null
+
+	if [ "$linux_headers" == "deb" ]; then
+		make -j $(nproc ${CI:+--ignore 1}) deb-pkg ARCH="${arch_target}"
+	fi
+	if [ "$linux_headers" == "rpm" ]; then
+		make -j $(nproc ${CI:+--ignore 1}) rpm-pkg ARCH="${arch_target}"
+	fi
+
+	popd >>/dev/null
+}
+
 install_kata() {
 	local kernel_path=${1:-}
 	[ -n "${kernel_path}" ] || die "kernel_path not provided"
@ -445,14 +467,15 @@ install_kata() {
 	if [[ ${build_type} != "" ]]; then
 		suffix="-${build_type}"
 	fi
-	if [[ ${gpu_vendor} != "" ]];then
-		suffix="-${gpu_vendor}-gpu${suffix}"
-	fi

 	if [[ ${conf_guest} != "" ]];then
 		suffix="-${conf_guest}${suffix}"
 	fi

+	if [[ ${gpu_vendor} != "" ]];then
+		suffix="-${gpu_vendor}-gpu${suffix}"
+	fi
+
 	vmlinuz="vmlinuz-${kernel_version}-${config_version}${suffix}"
 	vmlinux="vmlinux-${kernel_version}-${config_version}${suffix}"

@ -487,10 +510,12 @@ install_kata() {
 	ls -la "${install_path}/vmlinux${suffix}.container"
 	ls -la "${install_path}/vmlinuz${suffix}.container"
 	popd >>/dev/null
+
+	set +x
 }

 main() {
-	while getopts "a:b:c:deEfg:hk:p:t:u:v:x:" opt; do
+	while getopts "a:b:c:deEfg:hH:k:p:t:u:v:x:" opt; do
 		case "$opt" in
 			a)
 				arch_target="${OPTARG}"
@ -521,6 +546,9 @@ main() {
 			h)
 				usage 0
 				;;
+			H)
+				linux_headers="${OPTARG}"
+				;;
 			k)
 				kernel_path="$(realpath ${OPTARG})"
 				;;
@ -609,6 +637,9 @@ main() {
 		build)
 			build_kernel "${kernel_path}"
 			;;
+		build-headers)
+			build_kernel_headers "${kernel_path}"
+			;;
 		install)
 			install_kata "${kernel_path}"
 			;;
--- a/tools/packaging/kernel/kata_config_version
+++ b/tools/packaging/kernel/kata_config_version
@ -1 +1 @@
-104
+105
--- a/tools/packaging/static-build/kernel/Dockerfile
+++ b/tools/packaging/static-build/kernel/Dockerfile
@ -2,7 +2,7 @@
 #
 # SPDX-License-Identifier: Apache-2.0

-FROM ubuntu:20.04
+FROM ubuntu:22.04
 ENV DEBIAN_FRONTEND=noninteractive

 # kernel deps
@ -18,6 +18,10 @@ RUN apt-get update && \
 	    iptables \
 	    kmod \
 	    libelf-dev \
+	    libssl-dev \
+	    gettext \
+	    rsync \
+	    cpio \
 	    patch && \
    if [ "$(uname -m)" = "s390x" ]; then apt-get install -y --no-install-recommends libssl-dev; fi && \
    apt-get clean && rm -rf /var/lib/lists/
--- a/tools/packaging/static-build/kernel/build.sh
+++ b/tools/packaging/static-build/kernel/build.sh
@ -38,3 +38,9 @@ sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
 	--env DESTDIR="${DESTDIR}" --env PREFIX="${PREFIX}" \
 	"${container_image}" \
 	bash -c "${kernel_builder} $* install"
+
+sudo docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \
+	-w "${PWD}" \
+	--env DESTDIR="${DESTDIR}" --env PREFIX="${PREFIX}" \
+	"${container_image}" \
+	bash -c "${kernel_builder} $* build-headers"