We currently use containerd v1.3.0, but this version has an
issue when running the containerd/cri tests with go 1.13.
This commit: 3a4acfbc99aa976849f51a8edd4af20ead51d8d7 from
branch release/1.3 contains the fix to be able to run the
tests with go 1.13.
Depends-on: github.com/kata-containers/tests#2415
Fixes: #2562.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
vfio devices hotplugged in the VM are expected to be handled by the kernel
driver in the guest, hence the char vfio devices shouldn't appear in the
container under /dev/vfio/.
fixes#2539
Signed-off-by: Julio Montes <julio.montes@intel.com>
Instead of iterate in a loop dividing bytes by 1024, use right shift
to convert Bytes to GBytes and check if that number is greater than 4G
Signed-off-by: Julio Montes <julio.montes@intel.com>
Make sure the number of columns in the PCI resource file is greater
or equal to 2, since the first two columns are used to calculate
the PCI bar space.
Add unit test for `isLargeBarSpace()`.
fixes#2542
Signed-off-by: Julio Montes <julio.montes@intel.com>
It is in fact a container specific info not sandbox level info.
We are assuming that all containers use the same snapshotter
but it may not be the fact in reality.
Fixes: #2532
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Some changes in Firecracker v0.21.1 is incompatible with the old versions.
So we need to update the minimum supported FC version to v0.21.1
Fixes: #2504
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
When sandbox id is too long, it will incur error of overlong firecracker
API unix socket.
In Linux, sun_path could maximumly contains 108 bytes in size.
http://man7.org/linux/man-pages/man7/unix.7.html
So here we try to truncate FC id to only keep the size of UUID(128bit).
Fixes: #2504
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Firecracker has changed default API socket path to `/run/firecracker.socket`.
This path also applies when running with the jailer.
Related PR: https://github.com/firecracker-microvm/firecracker/pull/1500
kata is letting jailer automatically create API socket, so we need to
change api socket path from `/api.socket` to `/run/firecracker.socket` accordingly.
Fixes: #2504
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Firecracker has removed redundant `--seccomp-level` jailer parameter
since it can be simply forwarded to the Firecracker executable using
"end of command options" convention.
Related PR: https://github.com/firecracker-microvm/firecracker/pull/1491
Since kata is just using default seccomp level for firecracker, here
then we just removed the setting for jailer.
Fixes: #2504
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Firecracker has removed `memory.dirty_pages` metric and `logger.options`
configuration.
Related PR: https://github.com/firecracker-microvm/firecracker/pull/1532.
We need to remove according setting in kata-containers.
Fixes: #2504
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
hotplug as NVDIMM devices the block drives that can be used as pmem devices
(`Pmem=true`), the host path to such devices is a raw file that contains
the PFN signature.
Signed-off-by: Julio Montes <julio.montes@intel.com>
A `BlockDrive` can be used as pmem device, since they both are similar and
can be mounted in the same way in the guest. The `Pmem` attribute helps kata
to identify a pmem device and how it has to be hotplugged in the guest.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Implement function to get the pmem `DeviceInfo` from a volume.
`PmemDeviceInfo` return a new `DeviceInfo` object if a volume has a loop device
as backend and the backing file for such loop device contains the PFN signature,
needed to enable DAX in the guest.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Implement function the get the backing file from a loop device.
The backing file can be used as backend file for a NVDIMM device in the guest
Signed-off-by: Julio Montes <julio.montes@intel.com>
`GetDevicePathAndFsType` is a function to get the path and filesystem type
of a mount point from `/proc/mounts`.
Move `GetDevicePathAndFsType` to utils_linux since it's linux specific
and that way it can be used in other subpackages.
Signed-off-by: Julio Montes <julio.montes@intel.com>
To make easier to know what a method of API is expected to do without go
to cloud-hypervisor documentation.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
If try to kill with an not valid PID the thread goes to panic, check
to allow return a valid error from the runtime.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Move to master tip to get support for vfio hotplug.
Changes:
df79499 net: Do not check multiqueue for new interface
7d75b1f build(deps): bump quote from 1.0.2 to 1.0.3
841bf89 build(deps): bump failure from 0.1.6 to 0.1.7
86acdb9 build(deps): bump failure_derive from 0.1.6 to 0.1.7
4b32863 docs: Update api.md for VFIO hotplug
e518098 scripts: Make integration tests fail if some important commands fail
be6f91d tests: Refactoring vhost_user_net test cases
6341736 vhost_user_net: Provide tap option for vhost_user_net backend
e0419e9 build: Don't cancel older master builds
f0a3e7c build: Bump linux-loader and vm-memory dependencies
6539d4a vfio: handle case for missing iommu_group
cfbebd8 build(deps): bump micro_http from `88011bd` to `02def92`
4214806 tests: Remove further use of sudo subshells
2baf5ab tests: Simplfy the shm region check
97affbe tests: Re-enable the virtio-fs tests and make them work with virtio-mmio
7b1d5c1 tests: Remove entropy check from vhost-user-block test
a4cca5f tests: sha1sums --check can take a list of hashes
689415e build(deps): bump libssh2-sys from 0.2.15 to 0.2.16
09829c4 vmm: Remove IO bus strong reference from Vm
2dbb376 vmm: Remove all Weak references from DeviceManager
9e915a0 vmm: Remove all Weak references from CpuManager
49268bf pci: Remove all Weak references from PciBus
ca426cf devices: Make Bus hold a list of Weak BusDevice references
7773812 vmm: Store the list of BusDevice devices from DeviceManager
d0820cc vmm: Make add_vfio_device mutable
948f808 vm: Rename DeviceManager field in Vm structure
aa638ea build(deps): bump backtrace from 0.3.44 to 0.3.45
1152b1a ci: Add VFIO hotplug integration test
d47f733 vmm: Break the cyclic dependency between DeviceManager and IO bus
c1af13e vmm: Update VmConfig when adding new device
a86f436 vmm: Add VFIO PCI device hotplug support
320fea0 vmm: Factorize VFIO PCI device creation
00716f9 vmm: Store virtio-iommu device from DeviceManager
5902dfa vmm: Store VFIO KVM device from DeviceManager
d9c1b43 vmm: Store MSI InterruptManager from DeviceManager
02adc40 vmm: Store PciBus from DeviceManager
3f396d8 resources: Enable ACPI PCI hotplug in the kernel config
d0218e9 vmm: Trigger hotplug notification to the guest
0e58741 vmm: api: Introduce new "add-device" HTTP endpoint
0f1396a vmm: Insert PCI device hotplug operation region on IO bus
65774e8 vmm: Implement BusDevice for DeviceManager
2eb26d4 devices: acpi: Update GED to support PCI devices hotplug
8dbc843 vmm: acpi: Add PCNT method to invoke DVNT
c62db97 vmm: acpi: Add _EJ0 to each PCI device slot
4dc2a39 vmm: acpi: Create PHPR container
c3a0685 vmm: acpi: Add notification method for PCI device slots
5a68d5b vmm: acpi: Create PCI device slots
ead86bb build(deps): bump micro_http from `9945928` to `88011bd`
22dd49d tests: Test virtio-fs with virtio-mmio
642b890 vm-virtio: mmio: Enable reporting of SHM regions via config fields
0223cf8 ci: Update ClearLinux image
ed396b4 build(deps): bump vm-memory from `2099f41` to `a84a7b8`
81c2294 vhost_rs: remove unused crate
5200bf3 Cargo: switch vhost_rs to external crate
65a38e6 vm-virtio: vhost_user: Fix blk device configuration space offset value
d6e6901 vmm/api: Fix vm.info response definition
8f37200 build(deps): bump micro_http from `3eb926c` to `9945928`
cc2d03d build(deps): bump regex-syntax from 0.6.15 to 0.6.16
f5b37e3 build(deps): bump regex-syntax from 0.6.14 to 0.6.15
009f4d2 build(deps): bump micro_http from `8d48e73` to `3eb926c`
5ade9d4 tests: Remove unnecessary sleeps and kill on clean shutdown tests
c98949b tests: Wait for VMM to exit in test_serial_file/test_console_file
2f58fb8 tests: Test rebooting works for block self spawn test
e817aa6 tests: Improve VM shutdown behaviour
559b70c tests: Make output capture optional
dae7608 tests: Remove duplicated network configuration
6466ad2 tests: Remove duplicated disk configuration
9f1ac24 tests: Make the GuestCommand take a reference to the guest
49e70c6 tests: Port integration tests over to GuestCommand
67a5882 tests: Introduce new GuestCommand to handle launching the guest
8142c82 vmm: Move DeviceManager into an Arc<Mutex<>>
531f4ff vhost_user_fs: Remove an unneeded unwrap in handle_event
e52129e vhost_user_fs: Process events from HIPRIO queue
0c5c470 build(deps): bump micro_http from `b85757e` to `8d48e73`
5b96dd5 ci: Don't give special capabilities to Rust vhost-user-fs backend
d8d790b vhost_rs: Don't check for SLAVE_SEND_FD on SET_SLAVE_REQ_FD
1c5562b vhost_user_fs: Add support for EVENT_IDX
eae4f1d vhost_user_fs: Add support for indirect descriptors
ea0bc24 vhost_user_fs: Be honest about protocol supported features
42937c9 vm-virtio: Add support for indirect descriptors
d7b0b98 tests: Move integration tests to their own directory
3cb4513 vhost_rs: control SlaveFsCacheReq with vhost-user-slave feature
9de3ace devices: implement Aml trait for GED device
b77fdeb msi/msi-x: Prevent from losing masked interrupts
8423c08 build(deps): bump proc-macro2 from 1.0.8 to 1.0.9
6315f16 build(deps): bump syn from 1.0.15 to 1.0.16
4cf89d3 pci: handle extended configuration space properly
f6b9445 pci: fix pci MMCONFIG address parsing
77ee331 resources: Enable KASLR in kernel config
bba5ef3 vmm: Remove deprecated CPU syntax
374ac77 main, vmm: Remove deprecated --vhost-user-net
ffd816e main, vmm: Remove deprecated --vhost-user-blk
d04e0dc build(deps): bump crossbeam-utils from 0.7.0 to 0.7.2
7da5b53 build(deps): bump ssh2 from 0.7.1 to 0.8.0
109c7f7 build(deps): bump hermit-abi from 0.1.7 to 0.1.8
812a6b9 build(deps): bump syn from 1.0.14 to 1.0.15
ad30791 build(deps): bump memchr from 2.3.2 to 2.3.3
94f2fc3 release-notes: Update for v0.5.1 bug fix release
f190cb0 build(deps): bump libc from 0.2.66 to 0.2.67
299eb28 build(deps): bump micro_http from `6fd1545` to `b85757e`
d2f1749 vmm: config: Add poll_queue property to DiskConfig
378dd81 vmm: openapi: Add missing "direct" knob to DiskConfig
056f548 vmm: openapi: Fix "readonly" and "wce" defaults in DiskConfig
4ebf01b vhost_user_backend: Don't report out socket broken errors
b5755e9 vhost_rs: vhost_user: Return error when connection broken
c49e31a vmm: api: Return a resize error when resize fails
ebc6391 vmm: api: Fix resize command typos
9de7553 vmm: openapi: Update DiskConfig
ed1e781 vmm: Workaround double reboot triggered by the kernel
5c06b7f vhost_user_block: Implement optional static polling
0e4e27e vhost_user_block: Make use of the EVENT_IDX feature
1ef6996 vhost_user_backend: Add helpers for EVENT_IDX
d17fa78 vm-virtio: Implement support for EVENT_IDX
793d4e7 vmm: Move codebase to GuestMemoryAtomic from vm-memory
ddf6caf ci: Improve test_memory_mergeable_on stability
af621be build(deps): bump micro_http from `57ac9df` to `6fd1545`
4970e2f vhost-user-fs: add dax tests for vhost_user_fs rust daemon
59958f0 vhost_user_fs: add the ability to set slave req fd
3f09eff vhost_user_fs: add fs cache request operations
956a84f vhost_user_fs: add necessary structs for map/unmap requests
269d660 vhost_user_fs: add SlaveFsCacheReq to handle map/unmap
be78c6d vhost_rs: Fix unit test race condition
f7378bc tests: Add self spawning vhost-user-block test
1f6cbad vmm: Add support for spawning vhost-user-block backend
4d60ef5 vm-virtio: vhost_user: block: On shutdown() drop the socket
7fabca3 ci: Don't run unit tests in a privileged container
2724716 build(deps): bump micro_http from `4827569` to `57ac9df`
08a68f2 build: Run unit tests on worker node
f21cd31 scripts: dev_cli: Add more privileges for the integration tests
a94887e build: Use dev container for integration tests
3edc2bd vmm: Prevent memory overcommitment through virtio-fs shared regions
968c90a build(deps): bump hermit-abi from 0.1.6 to 0.1.7
7485a0c Revert "build: Don't fail build on test_vfio failure"
cbc0ac3 build(deps): bump micro_http from `7a23e54` to `4827569`
7fdb5ae build(deps): bump vm-memory from `eb2fc0b` to `f615b19`
0d748c5 build(deps): bump scopeguard from 1.0.0 to 1.1.0
6692fa6 build(deps): bump thiserror from 1.0.10 to 1.0.11
f03602a tests: Add self spawning vhost-user-net test
bc75c1b vmm: Add support for spawning vhost-user-net backend
d054ddd vm-virtio: Retry connections to vhost-user backends
b04eb47 vmm: Follow the "exe" symlink from the PID directory in /proc
5038878 vm-virtio: vhost_user: net: On shutdown() drop the socket
7c9e8b1 vmm: device_manager: Shutdown all virtio devices
545ea9e vm-virtio: Add shutdown method to VirtioDevice trait
ebd8369 main: Display git commit hash with the '--version' option
bdb92f9 build(deps): bump micro_http from `7fb2e46` to `7a23e54`
2061f0d tests: Always create shared VFIO directory from scratch
e8e4f43 tests: Use hugepages for test_vfio
296ada9 scripts: dev_cli: Fix post build permissions for the whole tree
287897d tests: Run test_vfio with PCI binary
1661444 build(deps): bump serde_json from 1.0.47 to 1.0.48
96479da build(deps): bump vm-memory from `f3d1c27` to `eb2fc0b`
88c1683 build(deps): bump memchr from 2.3.1 to 2.3.2
8d3e4f9 build(deps): bump micro_http from `c9e900c` to `7fb2e46`
53481aa docs: Update documentation related to multiqueue network
4dd16c2 vm-virtio: Detect if a tap interface supports multiqueue
8627656 net_util: Provide more accurate error messages
6e5338d build(deps): bump memchr from 2.3.0 to 2.3.1
014844d build: Don't fail build on test_vfio failure
779cbfe build(deps): bump backtrace from 0.3.43 to 0.3.44
700df9e vhost_user_net: Port to new exit event strategy
c33c38b vhost_user_block: Port to new exit event strategy
da7f31d bin: vhost_user_fs: Port to new exit event strategy
759a0be vhost_user_backend: Add support for handling exiting of worker thread
b17bafb build(deps): bump micro_http from `1de6f32` to `c9e900c`
7ca691f vhost_user_block: Implement and use worker shutdown
e619fe6 vhost_user_net: Remove "Clone" implementation
613f254 vhost_user_backend: Wait on the worker thread
97ab767 vhost_user_net: Shutdown worker thread on exit
7f032c8 bin: vhost_user_fs: Shutdown worker thread on exit
99cb8dc bin: vhost_user_fs use error! macro logging for consistency
710394b vhost_user_block: Forward the error from unexpected event
4f4c3d3 vhost_user_block: Make Error behave like net and fs versions
f1e19d6 vhost_user_backend: Forward the error from main thread
80c9dc2 Revert "vhost-user-backend: Correct error handling in run"
c706ca1 scripts: dev_cli: Simplify the build command exit path
0a1d6e1 scripts: dev_cli: Fix build directory permisions
c8fa809 scripts: dev_cli: Run unprivileged containers as the host user
26d8cae build(deps): bump micro_http from `ae15e75` to `1de6f32`
572aaa7 build(deps): bump serde_json from 1.0.46 to 1.0.47
04cb35e scripts: Make dev_cli.sh exit on test error
9bf100c build: Run worker and master build in parallel
bfbca59 scripts: Don't use interactive & terminal mode for docker
6e6eb5b build: Do cargo tests, unit tests and OpenAPI check on master
a5b053f scripts: dev_cli: Use a tmpfs mount for /tmp
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Add support to hotplug vfio devices.
Use hypervisor API to attach devices via hotplug.
Fixes: #2496
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
The default chrootBaseDir "/run/vc" in many distributions is mounted
with `noexec` flag, which will bring 'permission denied' error
when running kata-containers with jailer.
Therefore, we decided to remount the jailerRoot dir with exec when setting
up a new firecracker sandbox and umount it when cleaning up.
Fixes: #2511
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
originally, we forcefully set any bind-mount with `private` propagation
type, and it's not applied for all scenarios. e.g. we need to provide
`slave` or `shared` propagation type for bind-mounts in setting up jail
house.
Here, we add another parameter `pgtype` in func bindMount for providing
customized propagation parameters.
Fixes: #2511
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Our CLH driver in kata defines its own constant variable 'maxClhVcpus'
which can conflict with the maximum number of vCPUs specified from the
kata configuration file 'clh.config.DefaultMaxVCPUs'. As the value from
kata configuration file is preferred anyway and the code on 'maxClhVcpus'
is not being used. We'd better remove it for better readability and
avoiding further confusions.
Fixes: #2528
Signed-off-by: Bo Chen <chen.bo@intel.com>
Kata-runtime can append vhost-user-blk device to the
device list of a container. And handle volumes who is
a block device and in VhostUserBlk type.
The vhost-user-blk device will be identified by its
PCI address by Kata-agent inside VM.
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
Reserved number of Linux device number 241 and 242
are used to identify vhost-user-blk and vhost-user-scsi
devices.
for example, after command:
mknod <Vhost-User-Dir>/block/devices/vhost-dev0 b 241 0
this node will be recognized as vhost-user-blk device.
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
Two parameters are used to set in toml file:
1. Set "enable_vhost_user_store = true" to indicate
that vhost-user storage device feature is enabled.
2. Set "vhost_user_store_path = <Vhost-User-Dir>".
vhost-user socket files will be under
"<Vhost-User-Dir>/block/sockets/"; and device node
for vhost-user device will be under
"<Vhost-User-Dir>/block/devices/"
The default value of "vhost_user_store_path" is
"/var/run/kata-containers/vhost-user/".
Fixes: #2380
Signed-off-by: Liu Xiaodong <xiaodong.liu@intel.com>
set rootfstype=ext4 to make kernel not do print errros like:
```
Mount option "data=ordered" incompatible with ext2
```
Depends-on: github.com/kata-containers/tests#2377
Fixes: #2524
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This adds the `agent.container_pipe_size` annotation which allows
configuration of the size of the pipes for stdout/stderr for containers
inside the guest.
fixes#2467
Signed-off-by: Alex Price <aprice@atlassian.com>
