Provide the `/proc/config.gz` file in guest kernels that allow the guest
to determine the kernel configuration used to build the running kernel.
Note that since `gunzip` expects to rename the gzip'ed file it operates
on, to use this feature you need to run something like the following in
the container environment:
```bash
# cat /proc/config.gz|gunzip -c
```
Fixes: #3445.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Pull #2795 recently added support for a closer-to-OCI behaviour for
VFIO devices, in which they appear to the container as VFIO devices,
rather than being interpreted by the guest kernel. However, in order
to use this, the Kata guest kernel needs to include the VFIO PCI
driver, along with dependencies like the Intel IOMMU driver.
The kernel as built by the scripts within Kata don't currently include
those, so this patch adds them.
fixes#2913
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The guest kernel configuration suggested for Kata, and which is used by the
CI didn't include CONFIG_PCI_MMCONFIG. That's kind of weird, MMCONFIG is
the modern normal way of handling configuration cycles.
In addition, due to a complex set of interactions through the ACPI code,
disabling MMCONFIG means that SHPC hotplug doesn't work: the driver is
included in the guest kernel, but will fail to probe on PCI to PCI bridges,
meaning it won't actually be activated.
Enable MMCONFIG so that we suggest and testa more typical guest kernel
configuration.
fixes#2288
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Optional build types are common for early adoption.
Lets add a flag to build and optional config.
e.g.
kernel-build.sh -b experimental
In the future instead of add more flags just add a new build type.
Signed-off-by: Carlos Venegas <jose.carlos.venegas.munoz@intel.com>
After 5.11-rc4, memory hotplug alignment size is reduced to 128M for 4K
page.
It works better for memory hotplug and nvdimm plug in kata on arm.
without this patch, memory hotplug will fail for the current memory
hotplug alignment is 1G but the nvdimm size align with 128M in kata.
After port it here, we can avoid a fix in qemu side.
Note: if you change the page size to other size than 4K, memory hotplug
will has no effect.
Fixes: #2707
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
This work patched the 4.19, 5.4 and 5.10 kernels, and now ptp_kvm can work
correctly when the host and guest use different kernel versions..
Fixes: #2123
Signed-off-by: Damon Kwok <damon-kwok@outlook.com>
Removed all TOCs now that GitHub auto-generates them.
Also updated the documentation requirements doc removing the requirement
to add a TOC.
Fixes: #2022.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Use the yq installed in the env. Needed
to build kata from docker. The container builder
has not an initial Go env.
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
Add `CONFIG_PROTECTED_VIRTUALIZATION_GUEST=y` to s390's guest kernel
config, which enables running with a secure image (as generated by
s390-tools' `genprotimg`).
Fixes: #2106
Signed-off-by: Jakob Naucke <jakob.naucke@ibm.com>
This PR updates the proper url for breaking compatibility for
kata 2.x
Fixes#2031
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
This config is not selected for ppc64le. It is
only supported on PPC32 for now. Moved it to
respective arch base.conf.
Signed-off-by: Amulyam24 <amulmek1@in.ibm.com>
Build kernel shell setup with -f, don't find patches directory path,
because patches_path is none, so fix this error.
Fixes: #1768
Signed-off-by: zyt312074545 <zyt312074545@hotmail.com>
Relevant changes for experimental :
42d3e2d04 virtiofs: calculate number of scatter-gather elements accurately
413daa1a3 fuse: connection remove fix
bf109c640 fuse: implement crossmounts
1866d779d fuse: Allow fuse_fill_super_common() for submounts
fcee216be fuse: split fuse_mount off of fuse_conn
8f622e949 fuse: drop fuse_conn parameter where possible
24754db27 fuse: store fuse_conn in fuse_req
c6ff213fe fuse: add submount support to <uapi/linux/fuse.h>
d78092e49 fuse: fix page dereference after free
9a752d18c virtiofs: add logic to free up a memory range
d0cfb9dcb virtiofs: maintain a list of busy elements
6ae330cad virtiofs: serialize truncate/punch_hole and dax fault path
9483e7d58 virtiofs: define dax address space operations
2a9a609a0 virtiofs: add DAX mmap support
c2d0ad00d virtiofs: implement dax read/write operations
ceec02d43 virtiofs: introduce setupmapping/removemapping commands
fd1a1dc6f virtiofs: implement FUSE_INIT map_alignment field
45f2348ec virtiofs: keep a list of free dax memory ranges
1dd539577 virtiofs: add a mount option to enable dax
22f3787e9 virtiofs: set up virtio_fs dax_device
f4fd4ae35 virtiofs: get rid of no_mount_options
b43b7e81e virtiofs: provide a helper function for virtqueue initialization
Fixes: #1639
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
In kernel 5.10.x on arm64 side, When CONFIG_RANDOM_BASE is enabled,
physical base address can be a negative number. It may lead to bug
when a PA is taken as a unsigned number in comparison, as PA is
calculated based on the physical base address. The bug has been fixed
latest code by commit ee7febce051945be2 in memory hotplug zone. We can
eliminate the bug in an easy way by casting the PA as a signed value in
the current code base to avoid lots of backport.
Depends-on: github.com/kata-containers/tests#3388
Fixes: #1596
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Linux 5.10.x is the new LTS branch, move
kata to a more recent kernel branch.
Fixes: #1288
Signed-off-by: Carlos Venegas <jos.c.venegas.munoz@intel.com>
* CONFIG_OVERLAY_FS_METACOPY is needed to have reasonable performance
for chmod and similar calls;
* CONFIG_OVERLAY_FS_XINO_AUTO is recommended for POSIX compliance.
Fixes: #1075
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
This directory has been automatically removed as there's no files inside
it, as part of d3c9862059
Let's improve the logic in the scripts to avoid failing in case the
"experimental" dir is not present.
Fixes: #1328
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Installing the built uncompressed vmlinux kernel will not work on s390x,
QEMU will complain:
Linux kernel boot failure: An attempt to boot a vmlinux ELF image
failed.
This image does not contain all parts necessary for starting up. Use
bzImage or arch/s390/boot/compressed/vmlinux instead.
Hence, use that kernel image on s390x.
Fixes: #1264
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
acpi is enabled for kata 1.x, port and rebase code for 2.x
including:
runtime: enable pflash;
agent: add acpi support for pci bus path;
packaging: enable CONFIG_RTC_DRV_EFI;
Fixes: #1317
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
Calls apply-patches.sh in kernel/build-kernel.sh to apply the
kernel patches.
Fixes#1014
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Basic virtio-fs support has made it upstream in the Linux kernel, as
well as in QEMU and Cloud Hypervisor. Let's go ahead and add it to the
standard configuration.
Since the device driver / DAX handling is still in progress for
upstream, we will want to still build a seperate experimental kernel for
those who are comfortable trading off bleeding edge stability/kernel
updates for improved FIO numbers.
Fixes: #963
Signed-off-by: Eric Ernst <eric.g.ernst@gmail.com>
Update the build kata containers kernel document for 2.0 release. Fixed
the 1.x release project paths and urls, using the kata-containers
project file paths and urls.
Fixes: #929
Signed-off-by: Ychau Wang <wangyongchao.bj@inspur.com>
These patches are causing compilation issues while building on x86.
Remove these while we fix the issue.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Since we always build musl kata-agent, there is no need to build
it inside a musl container. We can just build on the host and then
copy the binary to the target rootfs.
There are still a lot to clean up and it should be made so for ALL
target distros instead of just alpine. But this is at least working
for alpine first.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
We do not need to clone packaging repository, nor apply
virtio_vsock as virtio-fs-dev has already included that fix.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Add vfio-ap.conf to the s390 kernel config fragments, which includes
the necessary flags for passing an IBM Adjunct Processor (AP) device
over VFIO.
Fixes: #567
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
Reviewed-by: alicefr <afrosi@redhat.com>
Moved CONFIG_GENERIC_MSI_IRQ_DOMAIN in arch base.conf.
The config is not selected for s390x
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
Some kernel configs need additional dependencies:
- CONFIG_NO_HZ depends on
CONFIG_GENERIC_CLOCKEVENTS
- CONFIG_CGROUP_PERF depends on
CONFIG_PERF_EVENTS
CONFIG_HAVE_PERF_EVENTS
- CONFIG_BLK_DEV_LOOP depends on
CONFIG_BLK_DEV
CONFIG_BLOCK
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
Moved CONFIG_ PARAVIRT to each arch base.conf.
CONFIG_ PARAVIRT only defined in x86, arm64, arm in arch/$arch/Kconfig.
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
Moved CONFIG_NO_HZ_FULL config to each arch base.conf.
The config CONFIG_NO_HZ_FULL depends on CONFIG_HAVE_CONTEXT_TRACKING.
See https://github.com/torvalds/linux/blob/
a811c1fa0a02c062555b54651065899437bacdbe/kernel/time/Kconfig#L96
The context tracking is not supported on s390x yet.
See https://github.com/torvalds/linux/blob/
a811c1fa0a02c062555b54651065899437bacdbe/Documentation/features/time/
context-tracking/arch-support.txt#L27
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
Moved:
---
CONFIG_HOTPLUG_PCI_ACPI=y
CONFIG_PNPACPI=y
---
from hotplug to acpi.
In this way, it is possible to skip these config if the acpi feature is
not supported.
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
For certain kernel version CONFIG_PCI_MSI_IRQ_DOMAIN is only supported
on x86 and arm64.
See https://github.com/torvalds/linux/blob/
219d54332a09e8d8741c1e1982f5eae56099de85/drivers/pci/Kconfig#L55
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
The option CONFIG_VIRTIO_PMEM is not supported on s390x.
It requires nvdimm support.
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
The kernel config CONFIG_HAVE_NET_DSA is not supported on s390x.
See https://github.com/torvalds/linux/blob/master/net/dsa/Kconfig#L4.
Config moved to arch directory.
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
Add !s390x tag to skip these group of fragments for s390x.
Signed-off-by: Alice Frosi <afrosi@de.ibm.com>
Signed-off-by: Jakob-Naucke <jakob.naucke@ibm.com>
Add usage instructions for -a option in script and README,
currently supported architecture are aarch64/ppc64le/s390x/x86_64.
Fixes: #534
Signed-off-by: zhanghj <zhanghj.lc@inspur.com>
This PR updates the versions for the virtiofs kernel branch and
as there is a tag based in kernel 5.6 move patches to uses the tag name.
This PR is needed to enable CLH CI for kata 2.0. This PR is backporting
kata-containers/runtime#2843 and kata-containers/packaging#1098.
Fixes#532
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Now, cloud-hypervisor is capable to work on arm64. it's time to
enable it in kata for arm64.
as cloud-hypervisor can only use virtio-fs, a new patch should be
applied to kernel for virtiofs and some config should be removed
temporarily.
Fixes: #446
Signed-off-by: Jianyong Wu <jianyong.wu@arm.com>
