diff --git a/src/runtime/go.mod b/src/runtime/go.mod index ad48d8b1a..d74e69024 100644 --- a/src/runtime/go.mod +++ b/src/runtime/go.mod @@ -24,7 +24,7 @@ require ( github.com/gogo/protobuf v1.3.2 github.com/hashicorp/go-multierror v1.0.0 github.com/intel-go/cpuid v0.0.0-20210602155658-5747e5cec0d9 - github.com/kata-containers/govmm v0.0.0-20210804035756-3c64244cbb48 + github.com/kata-containers/govmm v0.0.0-20210831124834-2f8e417bb2c4 github.com/mdlayher/vsock v0.0.0-20191108225356-d9c65923cb8f github.com/opencontainers/runc v1.0.1 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 diff --git a/src/runtime/go.sum b/src/runtime/go.sum index ddf1eefa5..d89d807df 100644 --- a/src/runtime/go.sum +++ b/src/runtime/go.sum @@ -361,8 +361,8 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/kata-containers/govmm v0.0.0-20210804035756-3c64244cbb48 h1:+tb5btBYMjZ1C5zBqK7ygCb03yqZtC5Mz0W6riq6T5k= -github.com/kata-containers/govmm v0.0.0-20210804035756-3c64244cbb48/go.mod h1:A6QaNB6N6PRQ9mTRpFtUxiF5T5CJpzLALjxBrUQPlFI= +github.com/kata-containers/govmm v0.0.0-20210831124834-2f8e417bb2c4 h1:F+/U5Vfep00pjh5oZFrVyDnVoQg8Wu7ZtXGGkaN5Glg= +github.com/kata-containers/govmm v0.0.0-20210831124834-2f8e417bb2c4/go.mod h1:A6QaNB6N6PRQ9mTRpFtUxiF5T5CJpzLALjxBrUQPlFI= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= diff --git a/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qemu.go b/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qemu.go index c4aada81e..ee814a9c6 100644 --- a/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qemu.go +++ b/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qemu.go @@ -1435,6 +1435,9 @@ func (vhostuserDev VhostUserDevice) QemuFSParams(config *Config) []string { deviceParams = append(deviceParams, "versiontable=/dev/shm/fuse_shared_versions") } if vhostuserDev.Transport.isVirtioCCW(config) { + if config.Knobs.IOMMUPlatform { + deviceParams = append(deviceParams, "iommu_platform=on") + } deviceParams = append(deviceParams, fmt.Sprintf("devno=%s", vhostuserDev.DevNo)) } if vhostuserDev.Transport.isVirtioPCI(config) && vhostuserDev.ROMFile != "" { @@ -2439,6 +2442,13 @@ type Config struct { // Ctx is the context used when launching qemu. Ctx context.Context + // User ID. + Uid uint32 + // Group ID. + Gid uint32 + // Supplementary group IDs. + Groups []uint32 + // Name is the qemu guest name Name string @@ -2898,8 +2908,15 @@ func LaunchQemu(config Config, logger QMPLog) (string, error) { ctx = context.Background() } + attr := syscall.SysProcAttr{} + attr.Credential = &syscall.Credential{ + Uid: config.Uid, + Gid: config.Gid, + Groups: config.Groups, + } + return LaunchCustomQemu(ctx, config.Path, config.qemuParams, - config.fds, nil, logger) + config.fds, &attr, logger) } // LaunchCustomQemu can be used to launch a new qemu instance. diff --git a/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qmp.go b/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qmp.go index 229a2e206..f8a33334c 100644 --- a/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qmp.go +++ b/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qmp.go @@ -772,14 +772,14 @@ func (q *QMP) ExecuteQuit(ctx context.Context) error { return q.executeCommand(ctx, "quit", nil, nil) } -func (q *QMP) blockdevAddBaseArgs(device, blockdevID string, ro bool) (map[string]interface{}, map[string]interface{}) { +func (q *QMP) blockdevAddBaseArgs(driver, device, blockdevID string, ro bool) (map[string]interface{}, map[string]interface{}) { var args map[string]interface{} blockdevArgs := map[string]interface{}{ "driver": "raw", "read-only": ro, "file": map[string]interface{}{ - "driver": "host_device", + "driver": driver, "filename": device, }, } @@ -795,7 +795,7 @@ func (q *QMP) blockdevAddBaseArgs(device, blockdevID string, ro bool) (map[strin // used to name the device. As this identifier will be passed directly to QMP, // it must obey QMP's naming rules, e,g., it must start with a letter. func (q *QMP) ExecuteBlockdevAdd(ctx context.Context, device, blockdevID string, ro bool) error { - args, _ := q.blockdevAddBaseArgs(device, blockdevID, ro) + args, _ := q.blockdevAddBaseArgs("host_device", device, blockdevID, ro) return q.executeCommand(ctx, "blockdev-add", args, nil) } @@ -808,7 +808,21 @@ func (q *QMP) ExecuteBlockdevAdd(ctx context.Context, device, blockdevID string, // is enabled. noFlush denotes whether flush requests for the device are // ignored. func (q *QMP) ExecuteBlockdevAddWithCache(ctx context.Context, device, blockdevID string, direct, noFlush, ro bool) error { - args, blockdevArgs := q.blockdevAddBaseArgs(device, blockdevID, ro) + args, blockdevArgs := q.blockdevAddBaseArgs("host_device", device, blockdevID, ro) + + blockdevArgs["cache"] = map[string]interface{}{ + "direct": direct, + "no-flush": noFlush, + } + + return q.executeCommand(ctx, "blockdev-add", args, nil) +} + +// ExecuteBlockdevAddWithDriverCache has three one parameter driver +// than ExecuteBlockdevAddWithCache. +// Parameter driver can set the driver of block device. +func (q *QMP) ExecuteBlockdevAddWithDriverCache(ctx context.Context, driver, device, blockdevID string, direct, noFlush, ro bool) error { + args, blockdevArgs := q.blockdevAddBaseArgs(driver, device, blockdevID, ro) blockdevArgs["cache"] = map[string]interface{}{ "direct": direct, diff --git a/src/runtime/vendor/modules.txt b/src/runtime/vendor/modules.txt index a7ad31104..17bcc5993 100644 --- a/src/runtime/vendor/modules.txt +++ b/src/runtime/vendor/modules.txt @@ -192,7 +192,7 @@ github.com/hashicorp/go-multierror # github.com/intel-go/cpuid v0.0.0-20210602155658-5747e5cec0d9 ## explicit github.com/intel-go/cpuid -# github.com/kata-containers/govmm v0.0.0-20210804035756-3c64244cbb48 +# github.com/kata-containers/govmm v0.0.0-20210831124834-2f8e417bb2c4 ## explicit github.com/kata-containers/govmm/qemu # github.com/mailru/easyjson v0.7.0