Commit Graph

8907 Commits

Author SHA1 Message Date
Zhongtao Hu
2bb1eeaecc docs: further questions related to upcall
add questions and answers for upcall

Fixes:#4193
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
2022-07-07 09:52:50 +08:00
Zhongtao Hu
026aaeeccc docs: add FAQ to the report
1.provide answers for the qeustions will be frequently asked

2.format the document

Fixes:#4193
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
2022-07-07 09:52:50 +08:00
Christophe de Dinechin
fffcb81652 docs: update the content of the report
1. Explain why the current situation is a problem.

2. We are beyond a simple introduction now, it's a real proposal.

3. Explain why you think it is solid, and fix a grammatical error.

4. The Rust rationale does not really belong to the initial paragraph.
   Also, I rephrased it to highlight the contrast with Go and the Kata community's
   past experience switching to Rust for the agent.

Fixes:#4193
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
2022-07-07 09:52:46 +08:00
Zhongtao Hu
42ea854eb6 docs: kata 3.0 Architecture
An introduction for kata 3.0 architecture design

Fixes:#4193
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
Signed-off-by: Quanwei Zhou <quanweiZhou@linux.alibaba.com>
Signed-off-by: Christophe de Dinechin <christophe@dinechin.org>
2022-07-07 09:47:07 +08:00
Peng Tao
514b4e7235
Merge pull request #4543 from openanolis/anolis/add_vcpu_configure_aarch64
runtime-rs: Dragonball sandbox - add Vcpu::configure() function for aarch64
2022-07-05 17:47:40 +08:00
xuejun-xj
7120afe4ed dragonball: add vcpu test function for aarch64
add create_vcpu() function in vcpu test unit for aarch64

Fixes: #4445

Signed-off-by: xuejun-xj <jiyunxue@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
2022-07-04 15:23:43 +08:00
xuejun-xj
648d285a24 dragonball: add vcpu support for aarch64
add configure() function for aarch64 vcpu

Fixes: #4543

Signed-off-by: xuejun-xj <jiyunxue@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
2022-07-04 15:23:37 +08:00
xuejun-xj
7dad7c89f3 dragonball: update dbs-xxx dependency
change to up-to-date commit ID

Fixes: #4543

Signed-off-by: xuejun-xj <jiyunxue@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
2022-07-04 15:23:11 +08:00
James O. D. Hunt
59cab9e835
Merge pull request #4380 from Tim-0731-Hzt/rund/makefile
runtime-rs: makefile for dragonball
2022-07-01 09:12:38 +01:00
Bin Liu
18093251ec
Merge pull request #4527 from Tim-0731-Hzt/rund-new/netlink
runtime-rs:refactor network model with netlink
2022-07-01 11:12:54 +08:00
Zhongtao Hu
07231b2f3f runtime-rs:refactor network model with netlink
add unit test for tcfilter

Fixes: #4289
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
2022-06-29 11:38:23 +08:00
Zhongtao Hu
c8a9052063 build: format files
add Enter at the end of the file

Fixes: #4379
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
2022-06-29 11:19:10 +08:00
Zhongtao Hu
242992e3de build: put install methods in utils.mk
put install methods in utils.mk to avoid duplication

Fixes: #4379
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
2022-06-29 11:19:10 +08:00
Zhongtao Hu
8a697268d0 build: makefile for dragonball config
use makefile to generate dragonball config file

Fixes: #4379
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
2022-06-29 11:19:07 +08:00
Zhongtao Hu
9c526292e7 runtime-rs:refactor network model with netlink
refactor tcfilter with netlink

Fixes: #4289
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
2022-06-29 11:03:29 +08:00
GabyCT
12c1b9e6d6
Merge pull request #4536 from Tim-0731-Hzt/runtime-rs-kata-main
runtime-rs: Merge Main into runtime-rs branch
2022-06-28 10:27:35 -05:00
Zhongtao Hu
f3907aa127 runtime-rs:Merge remote-tracking branch 'origin/main' into runtime-rs-newv
Fixes:#4536
Signed-off-by: Zhongtao Hu <zhongtaohu.tim@linux.alibaba.com>
2022-06-28 20:58:40 +08:00
Bin Liu
badbbcd8be
Merge pull request #4400 from openanolis/anolis/dragonball-2
runtime-rs: built-in Dragonball sandbox part II - vCPU manager
2022-06-28 20:41:36 +08:00
Tim Zhang
916ffb75d7
Merge pull request #4432 from liubin/fix/4420-binary-log
shim: support shim v2 logging plugin
2022-06-28 16:29:07 +08:00
Bin Liu
4e30e11b31 shim: support shim v2 logging plugin
Now kata shim only supports stdout/stderr of fifo from
containerd/CRI-O, but shim v2 supports logging plugins,
and nerdctl default will use the binary schema for logs.

This commit will add the others type of log plugins:

- file
- binary

In case of binary, kata shim will receive a stdout/stderr like:

binary:///nerdctl?_NERDCTL_INTERNAL_LOGGING=/var/lib/nerdctl/1935db59

That means the nerdctl process will handle the logs(stdout/stderr)

Fixes: #4420

Signed-off-by: Bin Liu <bin@hyper.sh>
2022-06-28 13:54:22 +08:00
Chao Wu
71db2dd5b8 hotplug: add room for future acpi hotplug mechanism
In order to support ACPI hotplug in the future with the cooperative work
from the Kata community, we add ACPI feature and dbs-upcall feature to
add room for ACPI hotplug.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
2022-06-27 21:52:36 +08:00
Zizheng Bian
8bb00a3dc8 dragonball: fix a bug when generating kernel boot args
We should refuse to generate boot args when hotplugging, not cold starting.

Signed-off-by: Zizheng Bian <zizheng.bian@linux.alibaba.com>
2022-06-27 18:12:50 +08:00
Chao Wu
2aedd4d12a doc: add document for vCPU, api and device
Create the document for vCPU and api.

Add some detail in the device document.

Fixes: #4257

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
2022-06-27 18:12:50 +08:00
wllenyj
bec22ad01f dragonball: add api module
It is used to define the vmm communication interface.

Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
2022-06-27 18:12:50 +08:00
wllenyj
07f44c3e0a dragonball: add vcpu manager
Manage vcpu related operations.

Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
2022-06-27 18:12:48 +08:00
wllenyj
78c9718752 dragonball: add upcall support
Upcall is a direct communication tool between VMM and guest developed
upon vsock. It is used to implement device hotplug.

Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
Signed-off-by: Zizheng Bian <zizheng.bian@linux.alibaba.com>
2022-06-27 17:04:47 +08:00
wllenyj
7d1953b52e dragonball: add vcpu
Virtual CPU manager for virtual machines.

Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
2022-06-27 17:04:42 +08:00
wllenyj
468c73b3cb dragonball: add kvm context
KVM operation context for virtual machines.

Signed-off-by: Liu Jiang <gerry@linux.alibaba.com>
Signed-off-by: jingshan <jingshan@linux.alibaba.com>
Signed-off-by: Chao Wu <chaowu@linux.alibaba.com>
Signed-off-by: wllenyj <wllenyj@linux.alibaba.com>
2022-06-27 16:02:06 +08:00
Bin Liu
27b1bb5ed9
Merge pull request #4467 from egernst/device-pkg
device package cleanup/refactor
2022-06-27 14:40:53 +08:00
Eric Ernst
e32bf53318 device: deduplicate state structures
Before, we maintained almost identical structures between our persist
API and what we keep for our devices, with the persist API being a
slight subset of device structures.

Let's deduplicate this, now that persist is importing device package.
Json unmarshal of prior persist structure will work fine, since it was
an exact subset of fields.

Fixes: #4468

Signed-off-by: Eric Ernst <eric_ernst@apple.com>
2022-06-26 21:31:29 -07:00
Eric Ernst
f97d9b45c8 runtime: device/persist: drop persist dependency from device pkgs
Rather than have device package depend on persist, let's define the
(almost duplicate) structures within device itself, and have the Kata
Container's persist pkg import these.

This'll help avoid unecessary dependencies within our core packages.

Signed-off-by: Eric Ernst <eric_ernst@apple.com>
2022-06-26 21:31:29 -07:00
Eric Ernst
f9e96c6506 runtime: device: move to top level package
Let's move device package to runtime/pkg instead of being buried under
virtcontainers.

Signed-off-by: Eric Ernst <eric_ernst@apple.com>
2022-06-26 21:31:29 -07:00
Bin Liu
3880e0c077 agent: refactor reading file timing for debugging
In the original code, reads mountstats file and return
the content in the error, but at this time the file maybe
changed, we should return the file content that parsed
line by line to check why there is not a fstype option.

Fixes: #4246

Signed-off-by: Bin Liu <bin@hyper.sh>
2022-06-26 21:27:43 -07:00
Archana Shinde
2488a0f6c0
Merge pull request #4439 from amshinde/update-kernel-to-5.15.46
versions: Update kernel to latest LTS version 5.15.48
2022-06-24 11:03:32 -07:00
Fabiano Fidêncio
083ca5f217
Merge pull request #4505 from yoheiueda/agent-debug-build
agent: Allow BUILD_TYPE=debug
2022-06-24 14:04:23 +02:00
Fabiano Fidêncio
03fca8b459
Merge pull request #4526 from fidencio/topic/fix-clippy-warnings-and-update-agent-vendored-code
Fix clippy warnings and update agent's vendored code
2022-06-24 14:02:28 +02:00
Fabiano Fidêncio
c70d3a2c35 agent: Update the dependencies
Let's run a `cargo update` and ensure the deps are up-to-date before we
cut the "-rc0" release.

Fixes: #4525

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-06-24 11:37:25 +02:00
Fabiano Fidêncio
612fd79bae random: Fix "nonminimal-bool" clippy warning
The error shown below was caught during a dependency bump in the CCv0
branch, but we better fix it here first.
```
error: this boolean expression can be simplified
  --> src/random.rs:85:21
   |
85 |             assert!(!ret.is_ok());
   |                     ^^^^^^^^^^^^ help: try: `ret.is_err()`
   |
   = note: `-D clippy::nonminimal-bool` implied by `-D warnings`
   = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#nonminimal_bool

error: this boolean expression can be simplified
  --> src/random.rs:93:17
   |
93 |         assert!(!ret.is_ok());
   |                 ^^^^^^^^^^^^ help: try: `ret.is_err()`
   |
   = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#nonminimal_bool
```

Fixes: #4523

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-06-24 11:37:05 +02:00
Fabiano Fidêncio
d4417f210e netlink: Fix "or-fun-call" clippy warnings
The error shown below was caught during a dependency bump in the CCv0
branch, but we better fix it here first.
```
error: use of `ok_or` followed by a function call
   --> src/netlink.rs:526:14
    |
526 |             .ok_or(anyhow!(nix::Error::EINVAL))?;
    |              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: try this: `ok_or_else(|| anyhow!(nix::Error::EINVAL))`
    |
    = note: `-D clippy::or-fun-call` implied by `-D warnings`
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#or_fun_call
error: use of `ok_or` followed by a function call
   --> src/netlink.rs:615:49
    |
615 |         let v = u8::from_str_radix(split.next().ok_or(anyhow!(nix::Error::EINVAL))?, 16)?;
    |                                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: try this: `ok_or_else(|| anyhow!(nix::Error::EINVAL))`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#or_fun_call
```

Fixes: #4523

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-06-24 11:37:01 +02:00
Archana Shinde
93874cb3bb packaging: Restrict kernel patches applied to top-level dir
The apply_patches.sh script applies all patches in the patches
directory,  as well as subdirectories. This means if there is a sub-dir
called "experimental" under a major kernel version directory,
experimental patches would be applied to the default kernel supported by
Kata.
We did not come accross this issue earlier as typically the experimental
kernel version was different from the default kernel.
With both the default kernel and the arm-experimental kernel having the
same major kernel version (5.15.x) at this time, trying to update the
kernel patch version revealed that arm-experimental patches were being
applied to the default kernel.

Restricting the patches to be applied to the top level directory will
solve the issue. The apply_patches script should ignore any
sub-directories meant for experimental patches.

Fixes #4520

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
2022-06-23 10:43:52 -07:00
Archana Shinde
07b1367c2b versions: Update kernel to latest LTS version 5.15.48
This brings in a few security fixes.
Removing arm patches related to virtio-mem that are no longer required
as they have been merged.

Fixes #4438

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
2022-06-23 10:43:52 -07:00
Fabiano Fidêncio
133528dd14
Merge pull request #4503 from amshinde/multi-queue-block
block: Leverage multiqueue for virtio-block
2022-06-23 12:17:11 +02:00
Fabiano Fidêncio
f186a52b16
Merge pull request #4511 from fidencio/topic/add-config-efi-to-the-tdx-kernel
kernel: Add CONFIG_EFI=y as part of the TDX fragments
2022-06-23 12:15:30 +02:00
Yohei Ueda
1b7d36fdb0
agent: Allow BUILD_TYPE=debug
The cargo command creates debug build binaries, when the --release
option is not specified. Specifying --debug option causes an error.
This patch specifies --release option when BUILD_TYPE=release,
and does not specify any build type option when BUILD_TYPE=debug.

Fixes #4504

Signed-off-by: Yohei Ueda <yohei@jp.ibm.com>
2022-06-23 13:54:32 +09:00
Fabiano Fidêncio
9ff10c0830 kernel: Add CONFIG_EFI=y as part of the TDX fragments
Otherwise `./build-kernel.sh -x tdx setup` will fail with the following
error:
```
$ ./build-kernel.sh -x tdx setup
INFO: Config version: 92
INFO: Kernel version: tdx-guest-v5.15-4
INFO: kernel path does not exist, will download kernel
INFO: Apply patches from
/home/ffidenci/go/src/github.com/kata-containers/kata-containers/tools/packaging/kernel/patches/tdx-guest-v5.15-4.x
INFO: Found 0 patches
INFO: Enabling config for 'tdx' confidential guest protection
INFO: Constructing config from fragments:
/home/ffidenci/go/src/github.com/kata-containers/kata-containers/tools/packaging/kernel/configs/fragments/x86_64/.config

WARNING: unmet direct dependencies detected for UNACCEPTED_MEMORY
  Depends on [n]: EFI [=n] && EFI_STUB [=n]
  Selected by [y]:
  - INTEL_TDX_GUEST [=y] && HYPERVISOR_GUEST [=y] && X86_64 [=y] &&
    CPU_SUP_INTEL [=y] && PARAVIRT [=y] && SECURITY [=y] &&
     X86_X2APIC[=y]
INFO: Some CONFIG elements failed to make the final .config:
INFO: Value requested for CONFIG_EFI_STUB not in final .config
INFO: Generated config file can be found in
/home/ffidenci/go/src/github.com/kata-containers/kata-containers/tools/packaging/kernel/configs/fragments/x86_64/.config
ERROR: Failed to construct requested .config file
ERROR: failed to find default config
```

Fixes: #4510

Signed-off-by: Fabiano Fidêncio <fabiano.fidencio@intel.com>
2022-06-22 15:21:30 +02:00
Fabiano Fidêncio
78e27de6c3
Merge pull request #4358 from zvonkok/memreserve
runtime: Add heuristic to get the right value(s) for mem-reserve
2022-06-22 13:41:23 +02:00
Archana Shinde
e227b4c404 block: Leverage multiqueue for virtio-block
Similar to network, we can use multiple queues for virtio-block
devices. This can help improve storage performance.
This commit changes the number of queues for block devices to
the number of cpus for cloud-hypervisor and qemu.

Today the default number of cpus a VM starts with is 1.
Hence the queues used will be 1. This change will help
improve performance when the default cold-plugged cpus is greater
than one by changing this in the config file. This may also help
when we use the sandboxing feature with k8s that passes down
the sum of the resources required down to Kata.

Fixes #4502

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
2022-06-21 12:38:53 -07:00
Eric Ernst
72049350ae
Merge pull request #4288 from fengwang666/enable-qemu-sandbox
runtime: enable sandbox feature on qemu
2022-06-21 09:22:26 -07:00
GabyCT
8eac22ac53
Merge pull request #4495 from Amulyam24/snap-fix
snap: fix snap build on ppc64le
2022-06-21 09:21:23 -05:00
Zvonko Kaiser
e7e7dc9dfe runtime: Add heuristic to get the right value(s) for mem-reserve
Fixes: #2938

Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
2022-06-21 03:44:28 -07:00