This patch enables clh to mount the guest rootfs on a pmem device while
booting, which can reduce the guest memory footprint.
Fixes: #2589
Depends-on: github.com/kata-containers/packaging#1014
Signed-off-by: Bo Chen <chen.bo@intel.com>
Upgrade the version of clh to the upstream master, so that we have can
boot from pmem, and have the support for virtio-blk and virtio-pmem
hotplug.
Changes:
a8ec8f33 build(deps): bump hermit-abi from 0.1.10 to 0.1.11
6cc8248a build(deps): bump num_cpus from 1.12.0 to 1.13.0
8ff36337 vm-virtio: pci: Update the BARs used by the VirtioPciDevice
56207a03 pci: Print out details of the BAR moving upon error
a216c2eb vm-virtio: pci: Implement free_bars() for VirtioPciDevice
72fdfff1 vmm: device_manager: Remove unused "_mmap_regions" member
70ecd6ba vmm, virtio: fs: Move freeing of mappped region into device
0c6706a5 vmm, virtio: pmem: Move freeing of mappped region into device
6565e478 vhost_user_net: Enable multithreaded multiqueue support
1a0a2c01 vhost_user_backend: Provide the thread ID to handle_event()
cfffb7ed vhost_user_backend: Allow for one exit_event per thread
b927dcee vhost_user_net: Prepare for multithreaded support
cd2b03f6 vhost_user_backend: Return a list of vring workers
d9eec0de vhost_user_backend: Add the ability to start multiple threads
40e4dc63 vhost_user_backend: Change handle_event as immutable
8f434df1 vhost_user: Adapt backends to let handle_event be immutable
b1554642 vmm: seccomp: Add missing mremap() syscall
886c0f90 build(deps): bump libc from 0.2.68 to 0.2.69
6c164c76 build(deps): bump thiserror from 1.0.14 to 1.0.15
0071ac8c build(deps): bump parking_lot from 0.10.0 to 0.10.2
2b7fbcb9 build(deps): bump lock_api from 0.3.3 to 0.3.4
d1155c7c build(deps): bump parking_lot_core from 0.7.0 to 0.7.1
28abfa9d vmm: openapi: Mark "initramfs" field nullable
c260640f vmm: config: Use Default::default() value for initramfs field
4617aefd tests: Test initramfs loading with PVH boot
7134f312 vmm: Allow PVH boot with initramfs
0fc39364 arch: Support loading initramfs with PVH boot protocol
b9f19370 build(deps): bump smallvec from 1.2.0 to 1.3.0
2d3f518c vmm: config: Error if both socket and path are specified for a disk
eeb7e252 vmm: config: Move max vCPUs > boot vCPUs check to validate()
12edb246 vmm: config: Validate that serial/console file mode has a path
31928fb1 main: Consistently use eprintln!() for error messages
11dd609f main: Only try and parse VM options on VM boot path
aaf382ee vmm: Move kernel check to VmConfig::validate() method
3b0da2d8 vmm: vm: Validate configuration on API boot
99b2ada4 vmm: Start splitting configuration parsing and validation
0ea706fa vmm: openapi: Update OpenAPI definition with RestoreConfig
8d9d2243 vmm: Add "prefault" option when restoring
a517ca23 vmm: Move restore parameters into common RestoreConfig structure
6712958f vmm: memory: Add prefault option when creating region
b2cdee80 vmm: memory: Restore with Copy-on-Write when possible
d771223b vmm: memory: Extend new() to support external backing files
ee5a041a vmm: memory: Add Copy-on-Write parameter when creating region
be4e1e87 vmm: memory: Use fine grained mmap wrapper
f0ab002e build(deps): bump openssl-sys from 0.9.54 to 0.9.55
b9f9f01f vmm: Extend seccomp filters to allow snapshot/restore
6eb72130 vmm: Enable restore feature
53613319 vmm: Enable snapshot feature
2cd0bc0a vmm: Create initial VM from its snapshot
b55b83c6 vmm: vm: Implement the Transportable trait
1ed357cf vmm: vm: Implement the Snapshottable trait
20ba271b vmm: memory_manager: Implement the Transportable trait
e606112c vmm: memory_manager: Implement the Snapshottable trait
50b3f008 vmm: cpu: Implement the Snapshottable trait
f787c409 vmm: cpu: Factorize vcpu starting code
722f9b66 vmm: cpu: Get and set KVM vCPU state
13756490 vmm: cpu: Track all Vcpus through CpuManager
a0d5dbce vmm: device_manager: Implement the Snapshottable trait
93d3abfd vmm: device_manager: Make serial and ioapic devices migratable
12b036a8 Cargo: Update dependencies for the KVM serialization work
183529d0 vmm: Cleanup warning from build
22958261 main: Print human readable error for command line error
c7dfbd8a vmm: config: Implement fmt::Display for error
d8119fda vmm: config: Remove unused error entries
1a10f16a vmm: config: Consolidate size parsing code
f449486b vmm: config: Make toggle parsing more tolerant
a4e0ce58 vmm: config: Consolidate on/off parsing
c731a943 vmm: config: Port vsock to OptionParser
37264cf2 vmm: config: Add unit testing for vsock
8665898f vmm: config: Port device parsing to OptionParser
a85e2fa7 vmm: config: Add unit test for VFIO device parsing
bed282b8 vmm: config: Add "valueless" options to OptionParser
2ae3392d vmm: config: Port console parsing to OptionParser
143d63c8 vmm: config: Add unit test for console parsing
5ab58e74 vmm: config: Port pmem option to OptionParser
233ad78b vmm: config: Add parsing test for pmem
13dc6373 vmm: config: Port filesystem parsing to OptionParser
7a071c28 vmm: config: Implement unit testing for virtio-fs parsing
e4cd3072 vmm: config: Port RNG options to OptionParser
708dbb97 vmm: config: Add RNG parsing unit test
057e71d2 vmm: config: Accept empty value strings
218c780f vmm: config: Port network parsing to OptionParser
a5747a84 net_util: Implement FromStr for MacAddr
8754720e vmm: config: Add unit test for net parsing
224e3dde vmm: config: Switch disk parsing to OptionParser
9e102447 vmm: config: Add unit test for disk parsing
e40ae627 vmm: config: Port memory option parsing to OptionParser
be32065a vmm: config: Add "ByteSized" type for simplifying parsing of byte sizes
f01bd7d5 vmm: config: Implement FromStr for HotplugMethod
74613803 vmm: config: Add a Toggle type for "on/off" strings
929142bc vmm: config: Add memory parsing unit test
68203ea4 vmm: config: Port CPU parsing to OptionParser
9e6a2825 vmm: config: Add unit test for CPU parsing
9e7231cd vmm: config: Introduce basic OptionParser
1e20b572 build(deps): bump serde_json from 1.0.50 to 1.0.51
baf48500 build(deps): bump serde_derive from 1.0.105 to 1.0.106
00230905 build(deps): bump serde from 1.0.105 to 1.0.106
447af8e7 vmm: vm: Factorize the device and cpu managers creation routine
c73c9b11 vmm: vm: Open kernel and initramfs once all managers are created
0646a906 vmm: cpu: Pass CpusConfig to simplify the new() prototype
b584ec3f vmm: memory_manager: Own the system allocator
ef2b11ee vmm: memory_manager: Pass MemoryConfig to simplify the new() prototype
622f3f8f vmm: vm: Avoid ioapic variable creation
164e8100 vmm: cpu: Move CPUID patching to CpuManager
1a2c1f97 vmm: vm: Factorize the KVM setup code
3eb11069 arch: regs: Rename and export create_msr_entries
c3a34903 arch: regs: Make create_msr_entries more readable
7a50646c vmm: device_manager: Convert migratable_devices to a map
8ba37a98 .gitignore: Add build directory
b3e4111e devices: serial: Implement the Snapshottable trait
98741573 devices: ioapic: Implement the Snapshottable trait
3ef1c00c ch-remote: Fix snapshot and restore subcommands
dc97b67d main: Fix restore CLI
859a9618 ch-remote: Add --restore option
35c0ea6c ch-remote: Add --snapshot option
fe2d8846 main: Support VM restore from the command line
8f300bed vmm: api: Add a /api/v1/vm.restore endpoint
92c73c3b vmm: Add a VmRestore command
39d4f817 vmm: http: Add a /api/v1/vm.snapshot endpoint
cf8f8ce9 vmm: api: Add a Snapshot command
452475c2 vmm: Add migration helpers
1b1a2175 vm-migration: Define the Snapshottable and Transportable traits
2d17f438 vmm: seccomp: Add missing open() syscall
bf135a29 build(deps): bump linux-loader from `2adddce` to `61d95eb`
da4aaee7 build(deps): bump vmm-sys-util from 0.4.0 to 0.5.0
6a934c32 build(deps): bump proc-macro-hack from 0.5.14 to 0.5.15
3b891cd3 build(deps): bump micro_http from `e89ed14` to `0d87a94`
d5199ad9 build(deps): bump anyhow from 1.0.27 to 1.0.28
6a0b4d7a build(deps): bump proc-macro2 from 1.0.9 to 1.0.10
31bbe0e5 build(deps): bump hermit-abi from 0.1.9 to 0.1.10
7f098168 build(deps): bump hermit-abi from 0.1.8 to 0.1.9
00a1eced build(deps): bump thiserror from 1.0.13 to 1.0.14
f24b7424 build(deps): bump serde_json from 1.0.48 to 1.0.50
e4ea8b0b vmm: Add missing syscalls to the seccomp filters
33be24bd vhost-user-fs: return EINVAL if req is out of range in fs_slave_mmap/unmap/sync
78b5cbc6 vhost-user-fs: validate fs_slave_map/unmap/sync request
0c29c2ec ci: Extend VFIO test with memory hotplug
9e181776 vmm: Add memory hotplug support to VFIO PCI devices
cc67131e vmm: Retrieve new memory region when memory is extended
e4a034ae vfio: Add support for memory hotplug
8fc7bf29 vmm: Move to the latest linux-loader
785812d9 vmm: Fallback to legacy boot if PVH is enabled along with initramfs
5157ba10 resources: enable initramfs in kernel config
3b470d4f tests: add support for initramfs
6cce7b95 arch: load initramfs and populate zero page
1f9bc68c openapi: Add initramfs support
4db252b4 main, vmm: add --initramfs cli option
0ce7de3e arch: provide mechanism to get page size
4b110d5b tests: Add integration test for hotplugging network device
f3f4d075 ch-remote: Add support for hotplugging network devices
c73c31b6 docs: Update API documentation to include "vm.add-net"
6244beb9 openapi: Add "vm.add-net" entry point
57c3fa4b vmm: Add "add-net" to the API
f664cdde vmm: Add support for adding network devices to the VM
8f323e61 vmm: Add support to DeviceManager for hotplugging network devices
42a9896f vmm: device_manager: Refactor make_virtio_net_devices
9df601a1 bin, vmm: Centralise the net syntax
41d7b3a3 vmm: memory_manager: Only send the GED notification for the ACPI method
15d9ec01 openapit: Add hotplug_method to MemoryConfig
abbd69ab tests: Add integration test test_virtio_mem
4a7a2cff tests: Add test for hotplug_size and hotplug_method
e63f9818 vmm: device: Add make_virtio_mem_devices
e6b934a5 vmm: Add support for virtio-mem
51d102c7 vm-virtio: Add virtio-mem device
8d05fb86 tests: Add integration test for hotplugging pmem device
0b051010 ch-remote: Add support for hotplugging persistent memory
44aef8f4 docs: Update API documentation to include "vm.add-pmem"
75878dd9 openapi: Add "vm.add-pmem" entry point
f6f4c68f vmm: Add "add-pmem" to the API
15de30f1 vmm: Add support for adding pmem devices to the VM
f7def621 vmm: Add support to DeviceManager for hotplugging pmem devices
8c3ea8cd vmm: device_manager: Refactor make_virtio_pmem_devices
a7296bbb bin, vmm: Centralise the pmem syntax
61e34331 virtio-fs: validate request len in fs_slave_io()
4c9d15d4 vmm: Fix copy and paste error message
96d4f1e3 tests: Add integration test for hotplugging disk device
05ce2dc8 ch-remote: Add support for hotplugging disks
eec1a32d docs: Update API documentation to include "vm.add-disk"
82cad99c openapi: Add "vm.add-disk" entry point
f2151b27 vmm: Add "add-disk" to the API
164ec2b8 vmm: Add support for adding disks to the VM
b3082c19 vmm: Add support to DeviceManager for hotplugging disks
2be703ca vmm: device_manager: Refactor make_virtio_block_devices
66da29d8 bin, vmm: Centralise the disk syntax
ede28878 build(deps): bump micro_http from `e712d6a` to `e89ed14`
Signed-off-by: Bo Chen <chen.bo@intel.com>
To support booting from pmem with cloud-hypervisor, we need to enable
the virtio-pmem in our kernel.
Fixes: #1013
Signed-off-by: Bo Chen <chen.bo@intel.com>
Since we want to start tagging and branching this repo,
create a VERSION file starting with the last version released.
Fixes#246
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
When building kata runtime packagers can simply do something like
`make CONFDIR=/usr/share/kata-containers/defaults` and it'll make
runtime understand that `/usr/share/defaults/kata-containers/` shouldn't
be used as `defaultRuntimeConfiguration` and, instead, runtime will use
whatever as passed to `make` during build time.
This is a quite common approach, mainly for distros, as there's no
perfect agreement on directory layout and whatnot.
Kwowing that, let's also make `containerd-shim-kata-v2`, which reads the
configurations from `pkg/katautils/config-settings.go`, to have a
similar behaviour as `runtime` and respect a "build-time" configured
`defaultRuntimeConfiguration` and `defaultSysConfRuntimeConfiguration`
paths.
Fixes: #2610
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
We only dumped test results for debugging, when tests failed.
we should also delete them for avoiding leaving stale test results
under /tmp.
Fixes: #442
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
As per [1], the default scan mode of scsi is sync.
kata-agent already scans the SCSI buses [2], changing it to none
can reduce the guest boot time.
=Before this patch=
[ 0.113828] [ T1] scsi host0: Virtio SCSI HBA
[ 0.134006] [ T1] tun: Universal TUN/TAP device driver, 1.6
=After this patch=
[ 0.105891] [ T1] scsi host0: Virtio SCSI HBA
[ 0.107868] [ T1] tun: Universal TUN/TAP device driver, 1.6
It reduces about 17ms on arm64 for virtio-scsi.
This patch changes the default kernel parameter:
1. If user specifies the scan mode, use that
2. If user doesn't specify it, and the block device is virtio-scsi, use
"none" by default
[1] https://lwn.net/Articles/201898/
[2] https://github.com/kata-containers/agent/blob/649d44117a/device.go#L322Fixes: #2560
Signed-off-by: Jia He <justin.he@arm.com
We should start maintaining stable branches for the documentation
repo similar to other repos.
Fixes#1007
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
--enable-pie is not compatible with --static option for qemu building.
Without this patch, it will report a configure error during static building:
ERROR: static and pie are mutually incompatible
Fixes: #982
Signed-off-by: Jia He <justin.he@arm.com>
If always using dax, even if virtio_fs_cache is 0, the following error
would happen:
```
[root@f32 runtime]# podman run --security-opt label=disable --runtime=/usr/local/bin/kata-runtime --rm -id fedora sh
Error: rpc error: code = Internal desc = Could not mount kataShared to /run/kata-containers/shared/containers/: invalid argument: OCI runtime error
```
Fixes: #2464
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Although in the earlier stages of development those FUSE client mount
options were needed, when virtiofs got merged the default option values
were baked into virtiofs.ko.
Those options are not only unneeded, but they'd also cause issues when
trying to run recent enough kernels, as shown below:
```
[root@f32 runtime]# podman run --security-opt label=disable --runtime=/usr/local/bin/kata-runtime --rm -id fedora sh
Error: rpc error: code = Internal desc = Could not mount kataShared to /run/kata-containers/shared/containers/: invalid argument: OCI runtime error
```
Fixes: #2464
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
virtio_fs was the name used for the module in the very early stages of
its development.
Fixes: #2462
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
This includes a newer kernel and necessary overlay changes
that fix oustanding issue for running docker in docker using
overlay.
Depends-on: github.com/kata-containers/agent#738
Depends-on: github.com/kata-containers/shim#233
Fixes#2603
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
The container log fifo is opened as `O_WRONLY` now. When the read side
of fifo is closed temporarily such as restarting contaienrd, write to
`tty.Stdout` will get an EPIPE error and finally cause `io.CopyBuffer`
return. Then `ioCopy` closes the tty io and exits. Thus after containerd
restarted, the log fifo can't be reopened. The container will be blocked
forever after stdout/stderr buffer is full.
Opening the log fifo with `RDWR` instead of `WRONLY` avoids the fifo
returning EPIPE when the read side is closed, and keeps the fifo open
until the reader reopening it.
Fixes: #2590
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
Large decrementer was introduced in Power 9 cpus.
Switch it off "cap-large-decr=off" as not all KVM hosts
support it
Fixes: #2599
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
Add containerd and crio versions that support
`privileged_without_host_devices` behaviour.
Fixes#638
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
This will allow lock operations, needed by programs like
`apt-get upgrade`.
Fixes: #2594
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Fix the `build-kernel.sh` script to sort patches correctly. Previously,
it relied on `find(1)` for the ordering. However, `find(1)` does not
guarantee any ordering of files within a directory. Since the ordering
could therefore be "random", it was quite possible for patches to be
applied in the wrong order, resulting in conflicts.
Fixes: #1003.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This PR fixes the opensuse installation guide, it solves the issue of
having an extra empty space at the end of the distro name which is causing
a failure when we want to add the kata containers obs repository as we
are looking for http://download.opensuse.org/repositories/home:/katacontainers:/releases:/x86_64:/master/openSUSE_Leap_15.1%20/
which is non existing and it is giving us an error of Valid metadata not found at specified URL.
This PR replaces the URL for a correct one.
Fixes#635
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Update golang to 1.13.9 in versions.yaml.
In addition, add same golang version to `.travis.yml` and
delete the call to `.ci/install_go.sh` as it started to
cause problems in travis CI.
Fixes: #2592.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
For obs and running the packages testing in Fedora, we need to remove
the performing of doing an update as it is hit by
https://github.com/kata-containers/runtime/issues/2580. This is needed
to unblock the errors in the testing.
Fixes#1001
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
The default k3s containerRuntimeVersion takes the form of:
containerd://1.3.3-k3s2
The awk was stripping away the k3s portion before checking if it was a
k3s containerd.
fixes#996
Signed-off-by: Brandon Wilson <brandon@coil.com>
Since fs sharing is not assumed as supported by default, expose
explicitly that the qemu_ppc64le supports it.
Fixes: #2584
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
We want to launch the KVM launcher tool (qemu?) with an SELinux label, similar
to what we do with libvirt.
Currently when I use kata with Podman, it complains if we specify a label that
kata does not support SELinux labels. What I would like to do is have kata just
use this label to apply to the KVM launcher. Then I will work to generate a new
policy type (container_kvm_t) that will allow the KVM Launcher tool to do its
thing, but prevent breakout.
Fixes: #2501
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
By default, SPDK's setup.sh will bind PCI devices to
userspace from kernel. This may confuse beginners.
So add PCI_WHITELIST="none" to blacklist all PCI devices.
Fixes: #626
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
