[ port from runtime commit c5f97b24d7a1eaac216f144b2c5429feb3451553 ]
With this patch, the container image can be shared from host with guest
as a block device when the 'devicemapper' is used as the storage driver
for docker. Note: The 'block_device_driver="virtio-blk"' entry is
required in the hypervisor config file to work properly.
Signed-off-by: Bo Chen <chen.bo@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
It should iter the shells to find the existing shell
command instead of return an error directly when it
meet an absent shell command.
Fixes: #354
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
[ port from runtime commit 7b269ff7aa2d62fe12593ff7040798e6c9bd5d65 ]
If we take one of the error paths from setupVirtiofsd() after
opening the fd variable, the fd.Close() function is not called.
Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime commit 882a82393305a4b11a77744b5fc77b98e42d15b9 ]
Send virtiofsd logs to syslog in the same way that qemu implementation
does. This requires not to wait for messages from virtiofsd stdout. This
takes the qemu implementation approach. Give the socket fd to virtiofsd.
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime commit 86f581068eb9dc4b6862c7415cdc912e111177dd ]
This exits out of polling for OOM events if the getOOMEvent
method is unimplemented.
Signed-off-by: Alex Price <aprice@atlassian.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime commit b4833a48c81132e5a6b1c25a764cd0ebbdc6afff ]
fix tests and nit
Signed-off-by: Alex Price <aprice@atlassian.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime commit 6aff077901021d9a0075c446dfe281b2487e1487 ]
With the addition of support to govmm for multiple transports (intel/govmm#111)
and microvm (intel/govmm#121) we can now enable support for the 'microvm'
machine type in kata-runtime.
Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime commit 86686b56a2bf7f6dd62f620278ae289564da51d0 ]
This adds support for the getOOMEvent agent endpoint to retrieve OOM
events from the agent.
Signed-off-by: Alex Price <aprice@atlassian.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime commit 86686b56a2bf7f6dd62f620278ae289564da51d0 ]
This adds support for the getOOMEvent agent endpoint to retrieve OOM
events from the agent.
Signed-off-by: Alex Price <aprice@atlassian.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime commit ee985a608015d81772901c1d9999190495fc9a0a ]
After removing dectect of host gic version, we need to limit the max vCPU
in different cases.
Given that in most cases, Kata is running on gicv3 host, set it as default
value. If the user really want to run Kata on gicv2 host, he/she need to
set default_maxvcpus in toml file to 8 instead of 0.
In summary, If the user uses host gicv3 gicv4, everything is fine
If the user uses host gicv2, set default_maxvcpus=8
Signed-off-by: Jia He <justin.he@arm.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime commit c4b5922df2 ]
Most of the description fields have capitalized text,
some of those that don't are then converted on this
change.
Fixed spelling of 'required'.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime repository commit 4d4a153af5cb145215cb6e6e386eac2bcb8c3e32 ]
Commit b4385901da ("qemu/arm64: Detect host GIC version to configure guest
GIC") reads /proc/interrupts to detect the host gic version.
But on a ThunderX2 host with 224 cpus, the /proc/interrupts is ~762K bytes.
Hence it will costs ~900K bytes memory overhead.
From the go tool pprof results:
flat flat% sum% cum cum%
976.89kB 100% 100% 976.89kB 100% github.com/kata-containers/runtime/virtcontainers.getHostGICVersion
Although the allocated memory will be freed, seems it worthy removing that
for speed up the runtime.
As per [1], there is no perfect way to detect the gic version on host.
At qemu side, if we use "gic-version=host", qemu will automatically detect
the verion by kvm ioctl. So we'd better let qemu determine the gic version.
If the user really want to start vm with gic-verion=2, he/she can set it
in machine_accelerators option.
[1]https://lists.cs.columbia.edu/pipermail/kvmarm/2014-October/011690.html
Signed-off-by: Jia He <justin.he@arm.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime repository commit e36389e25e ]
After backporting patch series of enabling memory hot remove on aarch64
to v5.4.x, we finally could enable nvdimm/dax on aarch64.
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
[ port from runtime repository commit 7e47046111 ]
If major version matches max supported major, we continue comparing the minor version.
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Removing code that existed as a workaround for a bug in
how shared process namespaces were handled in the agent.
That has been long fixed in the agent.
With this, sharedPidNs will now work with shimv2.
Fixes#337
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Define a set of functions that support the standard rules (build,
install, test, *etc*). Then simply add new components and tools to the
appropriate variable to support all the standard build semantics.
Fixes#331.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Changed the name of the rule that runs the tests to "test" for
consistency, but retained `check` for backwards compatibility
for now.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
The qemuPaths field in qemuArchBase maps from machine type to the default
qemu path. But, by the time we construct it, we already know the machine
type, so that entry ends up being the only one we care about.
So, collapse the map into a single path. As a bonus, the qemuPath()
method can no longer fail.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The supportedQemuMachines array in qemuArchBase has a list of all the
qemu machine types supported for the architecture, with the options
for each. But, the machineType field already tells us which of the
machine types we're actually using, and that's the only entry we
actually care about.
So, drop the table, and just have a single value with the machine type
we're actually using. As a bonus that means the machine() method can
no longer fail, so no longer needs an error return.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Currently, newQemuArch() doesn't return an error. So, if passed an invalid
machine type, it will return a technically valid, but unusable qemuArch
object, which will probably fail with other errors shortly down the track.
Change this, to more cleanly fail the newQemuArch itself, letting us
detect a bad machine type earlier.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
The last stanza of TestQemuAmd64Bridges is rather odd. It tries to create
a qemu instance with a machine type of (QemuQ35 + QemuPC), or in other
words "q35pc", which isn't a thing.
What it's asserting about this is that the returned bridges list is empty
despite asking for bridges, so it looks like what this is really trying to
test is for sane behaviour when given a bad machine type.
So, split this out into a separate test, and make it explicit for clarity.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Implement tc-based tx rate limiter to control network I/O outbound traffic
on VM level for hypervisors which don't support built-in rate limiter.
We take different actions, based on various inter-networking models.
For tcfilters as inter-networking model, we simply apply htb
qdisc discipline on the virtual netpair.
For other inter-networking models, such as macvtap, we resort to ifb,
by redirecting interface ingress traffic to ifb egress, and then apply htb
to ifb egress.
Fixes: #250
Signed-off-by: Penny Zheng <penny.zheng@arm.com>
