From 232db2d9061e6b0d419f0290c04cfb7ce18bcf9a Mon Sep 17 00:00:00 2001 From: cncal Date: Sun, 12 May 2024 13:42:28 +0800 Subject: [PATCH] runtime: fix duplicated devices requested to the agent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit By default, when a container is created with the `--privileged` flag, all devices in `/dev` from the host are mounted into the guest. If there is a block device(e.g. `/dev/dm`) followed by a generic device(e.g. `/dev/null`),two identical block devices(`/dev/dm`) would be requested to the kata agent causing the agent to exit with error: > Conflicting device updates for /dev/dm-2 As the generic device type does not hit any cases defined in `switch`, the variable `kataDevice` which is defined outside of the loop is still the value of the previous block device rather than `nil`. Defining `kataDevice` in the loop fixes this bug. Signed-off-by: cncal --- src/runtime/virtcontainers/kata_agent.go | 7 +++--- src/runtime/virtcontainers/kata_agent_test.go | 23 ++++++++++++++----- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/src/runtime/virtcontainers/kata_agent.go b/src/runtime/virtcontainers/kata_agent.go index 34e4b39700..245366f12b 100644 --- a/src/runtime/virtcontainers/kata_agent.go +++ b/src/runtime/virtcontainers/kata_agent.go @@ -6,6 +6,7 @@ package virtcontainers import ( + "context" b64 "encoding/base64" "encoding/json" "errors" @@ -34,8 +35,6 @@ import ( "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/types" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/utils" - "context" - ctrAnnotations "github.com/containerd/containerd/pkg/cri/annotations" podmanAnnotations "github.com/containers/podman/v4/pkg/annotations" "github.com/opencontainers/runtime-spec/specs-go" @@ -1200,8 +1199,6 @@ func (k *kataAgent) appendVfioDevice(dev ContainerDevice, device api.Device, c * } func (k *kataAgent) appendDevices(deviceList []*grpc.Device, c *Container) []*grpc.Device { - var kataDevice *grpc.Device - for _, dev := range c.devices { device := c.sandbox.devManager.GetDeviceByID(dev.ID) if device == nil { @@ -1213,6 +1210,8 @@ func (k *kataAgent) appendDevices(deviceList []*grpc.Device, c *Container) []*gr continue } + var kataDevice *grpc.Device + switch device.DeviceType() { case config.DeviceBlock: kataDevice = k.appendBlockDevice(dev, device, c) diff --git a/src/runtime/virtcontainers/kata_agent_test.go b/src/runtime/virtcontainers/kata_agent_test.go index 12d5cdc2b8..679d71b7f3 100644 --- a/src/runtime/virtcontainers/kata_agent_test.go +++ b/src/runtime/virtcontainers/kata_agent_test.go @@ -479,16 +479,21 @@ func TestAppendDevicesEmptyContainerDeviceList(t *testing.T) { func TestAppendDevices(t *testing.T) { k := kataAgent{} - id := "test-append-block" + testBlockDeviceID := "test-block-device" + testCharacterDeviceId := "test-character-device" + ctrDevices := []api.Device{ &drivers.BlockDevice{ GenericDevice: &drivers.GenericDevice{ - ID: id, + ID: testBlockDeviceID, }, BlockDrive: &config.BlockDrive{ PCIPath: testPCIPath, }, }, + &drivers.GenericDevice{ + ID: testCharacterDeviceId, + }, } sandboxConfig := &SandboxConfig{ @@ -503,10 +508,16 @@ func TestAppendDevices(t *testing.T) { config: sandboxConfig, }, } - c.devices = append(c.devices, ContainerDevice{ - ID: id, - ContainerPath: testBlockDeviceCtrPath, - }) + c.devices = append( + c.devices, + ContainerDevice{ + ID: testBlockDeviceID, + ContainerPath: testBlockDeviceCtrPath, + }, + ContainerDevice{ + ID: testCharacterDeviceId, + }, + ) devList := []*pb.Device{} expected := []*pb.Device{