From ffab9b7eee884b8a3b0666fd2e9dd560beb97f4f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Tue, 7 Apr 2026 16:58:17 +0200 Subject: [PATCH] runtime: qemu: Enable static sandbox resource management on ARM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit runtime-rs lacks several features needed for CPU hotplug on ARM: pflash/UEFI firmware passthrough, SMP topology in -smp, nr_cpus kernel parameter, and QMP vCPU add handling for the virt machine type (which requires core-id only placement with socket/thread/die set to -1). Without static sandbox resource management, these gaps cause failures in tests like k8s-memory.bats where the VM is not correctly sized for the workload. Enable static_sandbox_resource_mgmt for aarch64 in the QEMU runtime-rs configuration so the VM is pre-sized at creation time, sidestepping the need for hotplug entirely. Together with this we're aligning the go runtime to the very same behaviour. Fixes: #10928 Signed-off-by: Fabiano FidĂȘncio Made-with: Cursor --- src/runtime-rs/Makefile | 4 ++++ src/runtime/Makefile | 5 +++++ src/runtime/config/configuration-qemu.toml.in | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/runtime-rs/Makefile b/src/runtime-rs/Makefile index 121a89a23f..b4e9b40fb5 100644 --- a/src/runtime-rs/Makefile +++ b/src/runtime-rs/Makefile @@ -389,6 +389,10 @@ else ifeq ($(ARCH), aarch64) # so we use virtio-blk-pci instead. VMROOTFSDRIVER_QEMU := virtio-blk-pci DEFBLOCKSTORAGEDRIVER_QEMU := virtio-scsi + # runtime-rs lacks ARM CPU hotplug support (pflash/UEFI, SMP topology, + # QMP vCPU add for virt machine type). Use static sandbox resource + # management to size the VM upfront instead. + DEFSTATICRESOURCEMGMT_QEMU := true else VMROOTFSDRIVER_QEMU := virtio-pmem DEFBLOCKSTORAGEDRIVER_QEMU := virtio-scsi diff --git a/src/runtime/Makefile b/src/runtime/Makefile index 4eacb1e287..f4d9ccf03a 100644 --- a/src/runtime/Makefile +++ b/src/runtime/Makefile @@ -292,6 +292,10 @@ DEFVFIOMODE := guest-kernel DEFSANDBOXCGROUPONLY ?= false DEFSTATICRESOURCEMGMT ?= false +DEFSTATICRESOURCEMGMT_QEMU ?= false +ifeq ($(ARCH),arm64) + DEFSTATICRESOURCEMGMT_QEMU = true +endif DEFSTATICRESOURCEMGMT_TEE = true DEFSTATICRESOURCEMGMT_NV = true @@ -791,6 +795,7 @@ USER_VARS += DEFENTROPYSOURCE USER_VARS += DEFVALIDENTROPYSOURCES USER_VARS += DEFSANDBOXCGROUPONLY USER_VARS += DEFSTATICRESOURCEMGMT +USER_VARS += DEFSTATICRESOURCEMGMT_QEMU USER_VARS += DEFSTATICRESOURCEMGMT_CLH USER_VARS += DEFSTATICRESOURCEMGMT_FC USER_VARS += DEFSTATICRESOURCEMGMT_STRATOVIRT diff --git a/src/runtime/config/configuration-qemu.toml.in b/src/runtime/config/configuration-qemu.toml.in index 7f05088170..811884a088 100644 --- a/src/runtime/config/configuration-qemu.toml.in +++ b/src/runtime/config/configuration-qemu.toml.in @@ -672,7 +672,7 @@ sandbox_cgroup_only = @DEFSANDBOXCGROUPONLY@ # - When running with pods, sandbox sizing information will only be available if using Kubernetes >= 1.23 and containerd >= 1.6. CRI-O # does not yet support sandbox sizing annotations. # - When running single containers using a tool like ctr, container sizing information will be available. -static_sandbox_resource_mgmt = @DEFSTATICRESOURCEMGMT@ +static_sandbox_resource_mgmt = @DEFSTATICRESOURCEMGMT_QEMU@ # If specified, sandbox_bind_mounts identifieds host paths to be mounted (ro) into the sandboxes shared path. # This is only valid if filesystem sharing is utilized. The provided path(s) will be bindmounted into the shared fs directory.