github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-11 21:02:34 +00:00
Code Issues Projects Releases Wiki Activity

hypervisors: Confidential Guests do not support Memory hotplug

Browse Source 
Similarly to VCPUs and Device hotplug, Confidential Guests also do not
support Memory hotplug.

Let's make it clear in the documentation and guard the code on both QEMU
and Cloud Hypervisor side to ensure we don't advertise Memory hotplug as
being supported when running Confidential Guests.

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
This commit is contained in:
Fabiano Fidêncio 2022-02-24 21:39:54 +01:00
parent df8ffecde0
commit f50ff9f798
5 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/runtime/config/configuration-clh.toml.in
View File

@ -25,6 +25,7 @@ image = "@IMAGEPATH@"
# * Does not work by design: # * Does not work by design:
# - CPU Hotplug # - CPU Hotplug
# - Device Hotplug # - Device Hotplug
# - Memory Hotplug
# #
# Default false # Default false
# confidential_guest = true # confidential_guest = true

1
src/runtime/config/configuration-qemu.toml.in
View File

@ -26,6 +26,7 @@ machine_type = "@MACHINETYPE@"
# * Does not work by design: # * Does not work by design:
# - CPU Hotplug # - CPU Hotplug
# - Device Hotplug # - Device Hotplug
# - Memory Hotplug
# #
# Default false # Default false
# confidential_guest = true # confidential_guest = true

2
src/runtime/virtcontainers/clh.go
View File

@ -258,12 +258,14 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net
clh.vmconfig.Memory.Shared = func(b bool) *bool { return &b }(true) clh.vmconfig.Memory.Shared = func(b bool) *bool { return &b }(true)
// Enable hugepages if needed // Enable hugepages if needed
clh.vmconfig.Memory.Hugepages = func(b bool) *bool { return &b }(clh.config.HugePages) clh.vmconfig.Memory.Hugepages = func(b bool) *bool { return &b }(clh.config.HugePages)
if !clh.config.ConfidentialGuest {
hostMemKb, err := GetHostMemorySizeKb(procMemInfo) hostMemKb, err := GetHostMemorySizeKb(procMemInfo)
if err != nil { if err != nil {
return nil return nil
} }
// OpenAPI only supports int64 values // OpenAPI only supports int64 values
clh.vmconfig.Memory.HotplugSize = func(i int64) *int64 { return &i }(int64((utils.MemUnit(hostMemKb) * utils.KiB).ToBytes())) clh.vmconfig.Memory.HotplugSize = func(i int64) *int64 { return &i }(int64((utils.MemUnit(hostMemKb) * utils.KiB).ToBytes()))
}
// Set initial amount of cpu's for the virtual machine // Set initial amount of cpu's for the virtual machine
clh.vmconfig.Cpus = chclient.NewCpusConfig(int32(clh.config.NumVCPUs), int32(clh.config.DefaultMaxVCPUs)) clh.vmconfig.Cpus = chclient.NewCpusConfig(int32(clh.config.NumVCPUs), int32(clh.config.DefaultMaxVCPUs))

6
src/runtime/virtcontainers/qemu_amd64.go
View File

@ -189,7 +189,11 @@ func (q *qemuAmd64) memoryTopology(memoryMb, hostMemoryMb uint64, slots uint8) g
// Is Memory Hotplug supported by this architecture/machine type combination? // Is Memory Hotplug supported by this architecture/machine type combination?
func (q *qemuAmd64) supportGuestMemoryHotplug() bool { func (q *qemuAmd64) supportGuestMemoryHotplug() bool {
// true for all amd64 machine types except for microvm. // true for all amd64 machine types except for microvm.
return q.qemuMachine.Type != govmmQemu.MachineTypeMicrovm if q.qemuMachine.Type == govmmQemu.MachineTypeMicrovm {
return false
}
return q.protection == noneProtection
} }
func (q *qemuAmd64) appendImage(ctx context.Context, devices []govmmQemu.Device, path string) ([]govmmQemu.Device, error) { func (q *qemuAmd64) appendImage(ctx context.Context, devices []govmmQemu.Device, path string) ([]govmmQemu.Device, error) {

2
src/runtime/virtcontainers/qemu_arch_base.go
View File

@ -692,7 +692,7 @@ func (q *qemuArchBase) handleImagePath(config HypervisorConfig) {
} }
func (q *qemuArchBase) supportGuestMemoryHotplug() bool { func (q *qemuArchBase) supportGuestMemoryHotplug() bool {
return true return q.protection == noneProtection
} }
func (q *qemuArchBase) setIgnoreSharedMemoryMigrationCaps(ctx context.Context, qmp *govmmQemu.QMP) error { func (q *qemuArchBase) setIgnoreSharedMemoryMigrationCaps(ctx context.Context, qmp *govmmQemu.QMP) error {