diff --git a/src/runtime/go.mod b/src/runtime/go.mod index 0294ab3d30..694715986b 100644 --- a/src/runtime/go.mod +++ b/src/runtime/go.mod @@ -24,7 +24,7 @@ require ( github.com/gogo/protobuf v1.3.2 github.com/hashicorp/go-multierror v1.0.0 github.com/intel-go/cpuid v0.0.0-20210602155658-5747e5cec0d9 - github.com/kata-containers/govmm v0.0.0-20210722115311-0173713ea912 + github.com/kata-containers/govmm v0.0.0-20210804035756-3c64244cbb48 github.com/mdlayher/vsock v0.0.0-20191108225356-d9c65923cb8f github.com/opencontainers/runc v1.0.1 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 diff --git a/src/runtime/go.sum b/src/runtime/go.sum index 50502ecde8..35a76c3a0f 100644 --- a/src/runtime/go.sum +++ b/src/runtime/go.sum @@ -364,8 +364,8 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/kata-containers/govmm v0.0.0-20210722115311-0173713ea912 h1:Ejn4L5OXYbdgnh1ghmlKvTPEC1b415PQDsNhzA2kWLQ= -github.com/kata-containers/govmm v0.0.0-20210722115311-0173713ea912/go.mod h1:A6QaNB6N6PRQ9mTRpFtUxiF5T5CJpzLALjxBrUQPlFI= +github.com/kata-containers/govmm v0.0.0-20210804035756-3c64244cbb48 h1:+tb5btBYMjZ1C5zBqK7ygCb03yqZtC5Mz0W6riq6T5k= +github.com/kata-containers/govmm v0.0.0-20210804035756-3c64244cbb48/go.mod h1:A6QaNB6N6PRQ9mTRpFtUxiF5T5CJpzLALjxBrUQPlFI= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= diff --git a/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qemu.go b/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qemu.go index 2ebd6e4826..c4aada81e5 100644 --- a/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qemu.go +++ b/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qemu.go @@ -2448,6 +2448,9 @@ type Config struct { // CPUModel is the CPU model to be used by qemu. CPUModel string + // SeccompSandbox is the qemu function which enables the seccomp feature + SeccompSandbox string + // Machine Machine Machine @@ -2524,6 +2527,13 @@ func (config *Config) appendFDs(fds []*os.File) []int { return fdInts } +func (config *Config) appendSeccompSandbox() { + if config.SeccompSandbox != "" { + config.qemuParams = append(config.qemuParams, "-sandbox") + config.qemuParams = append(config.qemuParams, config.SeccompSandbox) + } +} + func (config *Config) appendName() { if config.Name != "" { config.qemuParams = append(config.qemuParams, "-name") @@ -2877,6 +2887,7 @@ func LaunchQemu(config Config, logger QMPLog) (string, error) { config.appendPidFile() config.appendLogFile() config.appendFwCfg(logger) + config.appendSeccompSandbox() if err := config.appendCPUs(); err != nil { return "", err diff --git a/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qmp.go b/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qmp.go index 23c288dc7d..229a2e206b 100644 --- a/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qmp.go +++ b/src/runtime/vendor/github.com/kata-containers/govmm/qemu/qmp.go @@ -719,6 +719,10 @@ func QMPStart(ctx context.Context, socket string, cfg QMPConfig, disconnectedCh } } + if q.version.Major < 5 { + return nil, nil, fmt.Errorf("govmm requires qemu version 5.0 or later, this is qemu (%d.%d)", q.version.Major, q.version.Minor) + } + return q, q.version, nil } @@ -775,20 +779,13 @@ func (q *QMP) blockdevAddBaseArgs(device, blockdevID string, ro bool) (map[strin "driver": "raw", "read-only": ro, "file": map[string]interface{}{ - "driver": "file", + "driver": "host_device", "filename": device, }, } - if q.version.Major > 2 || (q.version.Major == 2 && q.version.Minor >= 8) { - blockdevArgs["node-name"] = blockdevID - args = blockdevArgs - } else { - blockdevArgs["id"] = blockdevID - args = map[string]interface{}{ - "options": blockdevArgs, - } - } + blockdevArgs["node-name"] = blockdevID + args = blockdevArgs return args, blockdevArgs } @@ -813,11 +810,6 @@ func (q *QMP) ExecuteBlockdevAdd(ctx context.Context, device, blockdevID string, func (q *QMP) ExecuteBlockdevAddWithCache(ctx context.Context, device, blockdevID string, direct, noFlush, ro bool) error { args, blockdevArgs := q.blockdevAddBaseArgs(device, blockdevID, ro) - if q.version.Major < 2 || (q.version.Major == 2 && q.version.Minor < 9) { - return fmt.Errorf("versions of qemu (%d.%d) older than 2.9 do not support set cache-related options for block devices", - q.version.Major, q.version.Minor) - } - blockdevArgs["cache"] = map[string]interface{}{ "direct": direct, "no-flush": noFlush, @@ -850,7 +842,7 @@ func (q *QMP) ExecuteDeviceAdd(ctx context.Context, blockdevID, devID, driver, b args["bus"] = bus } - if shared && (q.version.Major > 2 || (q.version.Major == 2 && q.version.Minor >= 10)) { + if shared { args["share-rw"] = "on" } if transport.isVirtioPCI(nil) { @@ -904,32 +896,22 @@ func (q *QMP) ExecuteSCSIDeviceAdd(ctx context.Context, blockdevID, devID, drive if lun >= 0 { args["lun"] = lun } - if shared && (q.version.Major > 2 || (q.version.Major == 2 && q.version.Minor >= 10)) { + if shared { args["share-rw"] = "on" } return q.executeCommand(ctx, "device_add", args, nil) } -// ExecuteBlockdevDel deletes a block device by sending a x-blockdev-del command -// for qemu versions < 2.9. It sends the updated blockdev-del command for qemu>=2.9. -// blockdevID is the id of the block device to be deleted. Typically, this will -// match the id passed to ExecuteBlockdevAdd. It must be a valid QMP id. +// ExecuteBlockdevDel deletes a block device by sending blockdev-del +// command. blockdevID is the id of the block device to be deleted. +// Typically, this will match the id passed to ExecuteBlockdevAdd. It +// must be a valid QMP id. func (q *QMP) ExecuteBlockdevDel(ctx context.Context, blockdevID string) error { args := map[string]interface{}{} - if q.version.Major > 2 || (q.version.Major == 2 && q.version.Minor >= 9) { - args["node-name"] = blockdevID - return q.executeCommand(ctx, "blockdev-del", args, nil) - } - - if q.version.Major == 2 && q.version.Minor == 8 { - args["node-name"] = blockdevID - } else { - args["id"] = blockdevID - } - - return q.executeCommand(ctx, "x-blockdev-del", args, nil) + args["node-name"] = blockdevID + return q.executeCommand(ctx, "blockdev-del", args, nil) } // ExecuteChardevDel deletes a char device by sending a chardev-remove command. @@ -1104,7 +1086,7 @@ func (q *QMP) ExecutePCIDeviceAdd(ctx context.Context, blockdevID, devID, driver if bus != "" { args["bus"] = bus } - if shared && (q.version.Major > 2 || (q.version.Major == 2 && q.version.Minor >= 10)) { + if shared { args["share-rw"] = "on" } if queues > 0 { @@ -1240,10 +1222,7 @@ func isThreadIDSupported(driver string) bool { // isDieIDSupported returns if the cpu driver and the qemu version support the die id option func (q *QMP) isDieIDSupported(driver string) bool { - if (q.version.Major > 4 || (q.version.Major == 4 && q.version.Minor >= 1)) && driver == "host-x86_64-cpu" { - return true - } - return false + return driver == "host-x86_64-cpu" } // ExecuteCPUDeviceAdd adds a CPU to a QEMU instance using the device_add command. @@ -1387,17 +1366,16 @@ func (q *QMP) ExecQueryCpusFast(ctx context.Context) ([]CPUInfoFast, error) { // ExecMemdevAdd adds size of MiB memory device to the guest func (q *QMP) ExecMemdevAdd(ctx context.Context, qomtype, id, mempath string, size int, share bool, driver, driverID, addr, bus string) error { - props := map[string]interface{}{"size": uint64(size) << 20} args := map[string]interface{}{ "qom-type": qomtype, "id": id, - "props": props, + "size": uint64(size) << 20, } if mempath != "" { - props["mem-path"] = mempath + args["mem-path"] = mempath } if share { - props["share"] = true + args["share"] = true } err := q.executeCommand(ctx, "object-add", args, nil) if err != nil { @@ -1447,18 +1425,13 @@ func (q *QMP) ExecuteNVDIMMDeviceAdd(ctx context.Context, id, mempath string, si args := map[string]interface{}{ "qom-type": "memory-backend-file", "id": "nvdimmbackmem" + id, - "props": map[string]interface{}{ - "mem-path": mempath, - "size": size, - "share": true, - }, + "mem-path": mempath, + "size": size, + "share": true, } - if q.version.Major > 4 || (q.version.Major == 4 && q.version.Minor >= 1) { - if pmem != nil { - props := args["props"].(map[string]interface{}) - props["pmem"] = *pmem - } + if pmem != nil { + args["pmem"] = *pmem } err := q.executeCommand(ctx, "object-add", args, nil) diff --git a/src/runtime/vendor/modules.txt b/src/runtime/vendor/modules.txt index 16345f8c6b..982c6cb40d 100644 --- a/src/runtime/vendor/modules.txt +++ b/src/runtime/vendor/modules.txt @@ -249,7 +249,7 @@ github.com/imdario/mergo # github.com/intel-go/cpuid v0.0.0-20210602155658-5747e5cec0d9 ## explicit github.com/intel-go/cpuid -# github.com/kata-containers/govmm v0.0.0-20210722115311-0173713ea912 +# github.com/kata-containers/govmm v0.0.0-20210804035756-3c64244cbb48 ## explicit github.com/kata-containers/govmm/qemu # github.com/klauspost/compress v1.11.13