github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-08-15 06:34:03 +00:00
Code Issues Projects Releases Wiki Activity
16,599 Commits 52 Branches 136 Tags 343 MiB
runtime-rs-debug-cidev
Commit Graph

16599 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
alex.lyn
57645c0786 runtime-rs: Add support for block device AIO 
In this commit, three block device aio modes are introduced and the
"iouring" is set the default.

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
 2025-07-24 11:57:00 +08:00
alex.lyn
40e6aacc34 runtime-rs: Introduce scsi_addr within BlockConfig for SCSI devices 
It's used to help discover scsi devices inside guest and also add a
new const value `KATA_SCSI_DEV_TYPE` to help pass information.

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
 2025-07-24 11:57:00 +08:00
alex.lyn
125383e53c runtime-rs: Add support for configurable block device aio 
AIO is the I/O mechanism used by qemu with options:
- threads
  Pthread based disk I/O.
- native
  Native Linux I/O.
- io_uring (default mode)
  Linux io_uring API. This provides the fastest I/O operations on

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
 2025-07-24 11:56:52 +08:00
dependabot[bot]
ef9d960763
build(deps): bump the openssl group across 4 directories with 1 update 
Bumps the openssl group with 1 update in the /src/dragonball directory: [openssl](https://github.com/sfackler/rust-openssl).
Bumps the openssl group with 1 update in the /src/runtime-rs directory: [openssl](https://github.com/sfackler/rust-openssl).
Bumps the openssl group with 1 update in the /src/tools/genpolicy directory: [openssl](https://github.com/sfackler/rust-openssl).
Bumps the openssl group with 1 update in the /src/tools/kata-ctl directory: [openssl](https://github.com/sfackler/rust-openssl).


Updates `openssl` from 0.10.72 to 0.10.73
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.72...openssl-v0.10.73)

Updates `openssl` from 0.10.72 to 0.10.73
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.72...openssl-v0.10.73)

Updates `openssl` from 0.10.72 to 0.10.73
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.72...openssl-v0.10.73)

Updates `openssl` from 0.10.72 to 0.10.73
- [Release notes](https://github.com/sfackler/rust-openssl/releases)
- [Commits](https://github.com/sfackler/rust-openssl/compare/openssl-v0.10.72...openssl-v0.10.73)

---
updated-dependencies:
- dependency-name: openssl
  dependency-version: 0.10.73
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: openssl
- dependency-name: openssl
  dependency-version: 0.10.73
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: openssl
- dependency-name: openssl
  dependency-version: 0.10.73
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: openssl
- dependency-name: openssl
  dependency-version: 0.10.73
  dependency-type: indirect
  update-type: version-update:semver-patch
  dependency-group: openssl
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-23 15:17:12 +00:00
Fabiano Fidêncio
58925714d2
Merge pull request #11579 from Apokleos/fix-hotplug-blk 
runtime-rs: Support hotplugging host block devices within qemu-rs
 2025-07-23 11:10:04 +02:00
alex.lyn
a12ae58431 runtime-rs: Support hotplugging host block devices within qemu-rs 
Although Previous implementation of hotplugging block device via QMP
can successfully hot-plug the regular file based block device, but it
fails when the backend is /dev/xxx(e.g. /dev/loop0). With analysis about
it, we can know that it lacks the ablility to hotplug host block devices.

This commit will fill the gap, and make it work well for host block
devices.

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
 2025-07-22 15:40:03 +08:00
Fabiano Fidêncio
acae4480ac
Merge pull request #11604 from fidencio/release/3.19.1 
release: Bump version to 3.19.1
 2025-07-22 09:00:15 +02:00
Fabiano Fidêncio
0220b4d661 release: Bump version to 3.19.1 
As there were a few moderate security vulnerability fixes missed as part
of the 3.19.0 release.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-07-21 20:09:21 +02:00
Steve Horsman
09efcfbd86
Merge pull request #11606 from kata-containers/dependabot/cargo/src/tools/genpolicy/zerocopy-0.6.6 
build(deps): bump zerocopy from 0.6.1 to 0.6.6 in /src/tools/genpolicy
 2025-07-21 18:58:56 +01:00
Steve Horsman
9f04d8e121
Merge pull request #11605 from kata-containers/dependabot/cargo/src/tools/kata-ctl/unsafe-libyaml-0.2.11 
build(deps): bump unsafe-libyaml from 0.2.9 to 0.2.11 in /src/tools/kata-ctl
 2025-07-21 18:50:01 +01:00
dependabot[bot]
a9c8377073
build(deps): bump zerocopy from 0.6.1 to 0.6.6 in /src/tools/genpolicy 
---
updated-dependencies:
- dependency-name: zerocopy
  dependency-version: 0.6.6
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-21 12:50:38 +00:00
dependabot[bot]
0b4c434ece
build(deps): bump unsafe-libyaml in /src/tools/kata-ctl 
Bumps [unsafe-libyaml](https://github.com/dtolnay/unsafe-libyaml) from 0.2.9 to 0.2.11.
- [Release notes](https://github.com/dtolnay/unsafe-libyaml/releases)
- [Commits](https://github.com/dtolnay/unsafe-libyaml/compare/0.2.9...0.2.11)

---
updated-dependencies:
- dependency-name: unsafe-libyaml
  dependency-version: 0.2.11
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-21 12:46:27 +00:00
Fabiano Fidêncio
35629d0690
Merge pull request #11603 from stevenhorsman/security-updates-21-jul 
dependencies: More crate bumps to resolve security issues
 2025-07-21 14:33:07 +02:00
stevenhorsman
162ba19b85 agent-ctl: Bump rusttls 
Bump rusttls to >=0.23.18 to remediate RUSTSEC-2024-0399

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-07-21 10:41:59 +01:00
stevenhorsman
42339e9cdf dragonball: Update url crate 
Update url to 2.5.4 to bump idna to 1.0.3 and remediate
RUSTSEC-2024-0421

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-07-21 10:35:05 +01:00
stevenhorsman
1795361589 runk: Update rustjail 
Update the rustjail crate to pull in the latest security fixes

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-07-21 10:31:18 +01:00
stevenhorsman
28929f5b3e runtime: Bump promethus 
Bump this crate to remove the old version of protobuf
and remediate RUSTSEC-2024-0437

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-07-21 10:29:57 +01:00
stevenhorsman
e66aa1ef8c runtime: Bump promethus and ttrpc-codegen 
Bump these crates to remove the old version of protobuf
and remediate RUSTSEC-2024-0437

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-07-21 10:29:39 +01:00
Fabiano Fidêncio
d60513ece9
Merge pull request #11597 from kata-containers/topic/fix-release-static-tarball-content 
release: Copy the VERSION file to the tarball
 2025-07-20 21:06:40 +02:00
Fabiano Fidêncio
55aae75ed7 shellcheck: Fix issues on kata-deploy-merge-builds.sh 
As we're already touching the file, let's get those fixed.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-07-20 09:33:50 +02:00
Fabiano Fidêncio
aaeb3b3221 release: Copy the VERSION file to the tarball 
For the release itself, let's simply copy the VERSION file to the
tarball.

To do so, we had to change the logic that merges the build, as at that
point the tag is not yet pushed to the repo.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-07-20 00:06:14 +02:00
Fabiano Fidêncio
21ccaf4a80
Merge pull request #11596 from fidencio/release/v3.19.0 
release: Bump version to 3.19.0
 2025-07-19 18:27:36 +02:00
Fabiano Fidêncio
60f312b4ae release: Bump version to 3.19.0 
Bump VERSION and helm-chart versions

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-07-19 09:11:30 +02:00
Fabiano Fidêncio
1351ccb2de
Merge pull request #11576 from Tim-Zhang/update-protobuf-to-fix-CVE-2025-53605 
chore: Update protobuf to fix CVE-2025-53605
 2025-07-19 07:43:13 +02:00
Fabiano Fidêncio
7f5f032aca runtime-rs: Update containerd-shim / containerd-shim-protos 
Let's bump those to their 0.10.0 releases, which contain fixes for the
CVE-2025-53605.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-07-19 00:18:01 +02:00
Fabiano Fidêncio
6dc4c0faae
Merge pull request #11589 from fidencio/topic/fix-tdx-qemu-path-for-non-gpu 
qemu: tdx: Fix binary path for non-gpu TDX
 2025-07-18 17:24:00 +02:00
Tim Zhang
2fe9df16cc gent-ctl: update Cargo.lock to fix CVE-2025-53605 
Fixes: https://github.com/kata-containers/kata-containers/security/dependabot/392
Fixes: #11570

Signed-off-by: Tim Zhang <tim@hyper.sh>
Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-07-18 16:13:25 +02:00
Tim Zhang
45b44742de genpolicy: update Cargo.lock to fix CVE-2025-53605 
Fixes: https://github.com/kata-containers/kata-containers/security/dependabot/394
Fixes: #11570

Signed-off-by: Tim Zhang <tim@hyper.sh>
Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-07-18 16:10:52 +02:00
Tim Zhang
fa9ff1b299 kata-ctl: update prometheus/protobuf to fix CVE-2025-53605 
Fixes: https://github.com/kata-containers/kata-containers/security/dependabot/395
Fixes: #11570

Signed-off-by: Tim Zhang <tim@hyper.sh>
Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-07-18 16:05:13 +02:00
Tim Zhang
d0e7a51f7b dragonball: update prometheus/protobuf to fix CVE-2025-53605 
Fixes: https://github.com/kata-containers/kata-containers/security/dependabot/396
Fixes: #11570

Signed-off-by: Tim Zhang <tim@hyper.sh>
 2025-07-18 16:02:29 +02:00
Tim Zhang
222393375a agent: update ttrpc-codegen to remove dependency on protobuf v2 
To fix CVE-2025-53605.

Fixes: https://github.com/kata-containers/kata-containers/security/dependabot/397
Fixes: #11570

Signed-off-by: Tim Zhang <tim@hyper.sh>
Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-07-18 16:02:07 +02:00
Fabiano Fidêncio
60c3d89767
Merge pull request #11558 from gmintoco/feature/helm-nodeSelector 
helm: add nodeSelector support to kata-deploy chart
 2025-07-18 15:52:19 +02:00
Fabiano Fidêncio
3143787f69 qemu: tdx: Fix binary path for non-gpu TDX 
On commit 90bc749a19, we've changed the
QEMUTDXPATH in order to get it to work with GPUs, but the change broke
the non-GPU TDX use-case, which depends on the distro binary.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-07-18 15:26:27 +02:00
Fabiano Fidêncio
497a3620c2 tests: Remove references to qemu-sev 
As it's been removed from our codebase.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-07-18 12:49:54 +02:00
Fabiano Fidêncio
17ce44083c runtime: Remove reference to sev package 
Otherwise it'll just break static checks.

Signed-off-by: Fabiano Fidêncio <fidencio@northflank.com>
 2025-07-18 12:49:54 +02:00
Gus Minto-Cowcher
3b5cd2aad6 helm: remove qemu-sev references 
qemu-sev support has been removed, but those bits were left behind by
mistake.

Signed-off-by: Gus Minto-Cowcher <gus@basecamp-research.com>
 2025-07-18 12:49:54 +02:00
Gus Minto-Cowcher
41d41d51f7 helm: add nodeSelector support to kata-deploy chart 
- Add nodeSelector configuration to values.yaml with empty default
- Update DaemonSet template to conditionally include nodeSelector
- Add documentation and examples for nodeSelector usage in README
- Allows users to restrict kata-containers deployment to specific nodes by labeling them

Signed-off-by: Gus Minto-Cowcher <gus@basecamp-research.com>
 2025-07-18 12:49:54 +02:00
Fabiano Fidêncio
7d709a0759
Merge pull request #11493 from stevenhorsman/agent-ctl-tag-cache 
ci: cache: Tag agent-ctl cache
 2025-07-18 12:12:46 +02:00
Fabiano Fidêncio
4a6c718f23
Merge pull request #11584 from zvonkok/fix-kernel-debug-enabled 
kernel: fix enable kernel debug
 2025-07-18 11:38:36 +02:00
Sumedh Alok Sharma
47184e82f5
Merge pull request #11313 from Ankita13-code/ankitapareek/exec-id-agent-fix 
agent: update the processes hashmap to use exec_id as primary key
 2025-07-18 14:07:15 +05:30
Fabiano Fidêncio
d9daddce28
Merge pull request #11578 from justxuewei/vsock-async 
runtime-rs: Fix the issue of blocking socket with Tokio
 2025-07-18 10:13:03 +02:00
Xuewei Niu
629c942d4b runtime-rs: Fix the issue of blocking socket with Tokio 
According to the issue [1], Tokio will panic when we are giving a blocking
socket to Tokio's `from_std()` method, the information is as follows:

```
A panic occurred at crates/agent/src/sock/vsock.rs:59: Registering a
blocking socket with the tokio runtime is unsupported. If you wish to do
anyways, please add `--cfg tokio_allow_from_blocking_fd` to your RUSTFLAGS.
```

A workaround is to set the socket to non-blocking.

1: https://github.com/tokio-rs/tokio/issues/7172

Signed-off-by: Xuewei Niu <niuxuewei.nxw@antgroup.com>
 2025-07-18 10:55:48 +08:00
Xuewei Niu
1508e6f0f5 agent: Bump Tokio to v1.46.1 
Tokio now has a newer version, let us bump it.

Signed-off-by: Xuewei Niu <niuxuewei.nxw@antgroup.com>
 2025-07-18 10:55:48 +08:00
Xuewei Niu
5a4050660a runtime-rs: Bump Tokio to v1.46.1 
Tokio now has a newer version, let us bump it.

Signed-off-by: Xuewei Niu <niuxuewei.nxw@antgroup.com>
 2025-07-18 10:55:48 +08:00
Zvonko Kaiser
a786dc48b0 kernel: fix enable kernel debug 
The KERNEL_DEBUG_ENABLED was missing in the outer shell script
so overrides via make were not possible.

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
 2025-07-18 02:24:19 +00:00
Fabiano Fidêncio
eb2bfbf7ac
Merge pull request #11572 from stevenhorsman/RUSTSEC-2024-0384-remediate 
More crate bumps for security remediations
 2025-07-17 22:35:05 +02:00
Zvonko Kaiser
cef9485634
Merge pull request #11450 from kata-containers/dependabot/cargo/src/agent/nix-0.27.1 
build(deps): bump nix to 0.26.4 in agent, libs, runtime-rs
 2025-07-17 14:22:40 -04:00
stevenhorsman
41a608e5ce tools: Bump borsh, liboci-cli and oci-spec 
Bump these crates to remove the unmaintained dependency
proc-macro-error and remediate RUSTSEC-2024-0370

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-07-17 18:23:19 +01:00
stevenhorsman
e56f493191 deps: Bump zbus, serial_test & async-std 
Bump these crates across various components to remove the
dependency on unmaintained instant crate and remediate
RUSTSEC-2024-0384

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-07-17 18:23:19 +01:00
stevenhorsman
bb820714cb agent-ctl: Update borsh 
- Update borsh to remove the unmaintained dependency
proc-macro-error and remediate RUSTSEC-2024-0370

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
 2025-07-17 18:23:19 +01:00