Changes:
f5debc4 build(deps): bump libssh2-sys from 0.2.16 to 0.2.17
37dfb4c build(deps): bump hermit-abi from 0.1.11 to 0.1.12
e1a07ce vmm: vm: Unpark the threads before shutdown when the current state is paused
1df38da vmm, tests: Make specifying a size optional for virtio-pmem
7481e4d vmm: config: Validate that shared memory is enabled if using vhost-user
2ac6971 vmm: MemoryManager: Cleanup the usage of std::ffi/io/result
3f42f86 vmm: Add the 'shared' and 'hugepages' controls to MemoryConfig
d6aa717 build(deps): bump syn from 1.0.17 to 1.0.18
3eaeba4 vm-virtio: Fix FS_IO callback for virtio-fs
df14a68 build(deps): bump smallvec from 1.3.0 to 1.4.0
e685854 gh: Separate the build and release jobs
c790bba tests: Migrate from Ubuntu Eoan to Focal
e525af7 build(deps): bump ryu from 1.0.3 to 1.0.4
3e8a6ba ci: Ignore test_snapshot_restore
9ebf052 build(deps): bump cc from 1.0.51 to 1.0.52
f6b150a ci: Add integration test for VM migration
9f08f53 build(deps): bump pin-utils from 0.1.0-alpha.4 to 0.1.0
9c7215d docs: Add the vhost-user-blk test doc
3574437 build(deps): bump cc from 1.0.50 to 1.0.51
4fc75cf vm-virtio: Implement Snapshottable trait for Console
d41ce90 vm-virtio: Implement Snapshottable trait for Pmem
f626bd6 build(deps): bump parking_lot_core from 0.7.1 to 0.7.2
5a380a6 vmm: memory_manager: Support non-power-of-2 block sizes
f8ee89a build(deps): bump arc-swap from 0.4.5 to 0.4.6
49322c5 vm-virtio: Implement the Snapshottable trait for Net
24c2b67 vm-virtio: Improve virtio-net rx queue processing
03dd249 vm-virtio: Restore queues based on used index
cf707da vm-virtio: Extend Queue helpers
c22fd39 vmm: Remove virtio device's userspace mapping on hot-unplug
0a97c25 vmm: Extend MemoryManager to remove userspace mappings
b2de1cd vm-virtio: Implement shutdown() for virtio-fs
fbcf3a7 vm-virtio: Implement userspace_mappings() for virtio-pmem
b035399 vm-virtio: Implement userspace_mappings() for virtio-fs
3fb0a02 vm-virtio: Get userspace mappings from VirtioDevice
8b823e5 build(deps): bump backtrace-sys from 0.1.35 to 0.1.36
c23b488 ci: Factorize virtio-fs hotplug integration tests
f68b08b tests: add integration tests for vm.add-fs route
18f7789 vmm: Add hotplugged virtio devices to the DeviceManager list
c2abadc vmm: Add ability to add virtio-fs device post-boot
bb2139a vmm/api: Add vm.add-fs route
d35e775 vmm: Update KVM userspace mapping when PCI BAR remapping
49cc73a vm-virtio: pci: Make sure to return the correct list of BARs
187b1ee vm-virtio: Implement the Snapshottable trait for Block
a484aa7 vm-virtio: Implement the Snapshottable trait for Rng
ac7178e vmm: Keep migratable devices list as a Vec
b6fdbf7 vm-virtio: Implement Snapshottable trait for MmioDevice
12fec55 vm-virtio: Add helpers to update queue indexes
fd45e94 vm-virtio: Add the ability to serialize a Queue
b7faf4f vhost_user_fs: Add the WRITE_KILL_PRIV write flag.
0870028 vhost_user_fs: Add the IOCTL_COMPAT_32 flag
592cfba vhost_user_fs: Add the EXPLICIT_INVAL_DATA capability flag
621ea83 vhost_user_fs: Add the ZERO_MESSAGE_OPENDIR capability flag
a2830da vhost_user_fs: Add the CACHE_SYMLINKS flag
926a414 vhost_user_fs: Add support for MAX_PAGES
747f31d vhost_user_fs: Add the ABORT_ERROR flag
5eb903a vhost_user_fs: Add support for FOPEN_CACHE_DIR
97e2d5d vhost_user_fs: Add support for CopyFileRange
b8cfdab pci: configuration: Use correct algorithm for BAR size reporting
9bd5ec8 pci, vfio, vm-virtio: Specify a PCI revision ID of 1 for virtio-pci
e7e0e8a vmm, devices: Add firmware debug port device
82d0cdf vhost_user_net: Simplify match values for handle_event()
a517be4 vhost_user_blk: Add multithreaded multiqueue support
13c8283 vhost_user_blk: Make everything private when possible
a31f5f8 vhost_user_blk: Move disk initialization to VhostUserBlkBackend
e78e34b vhost_user_blk: Make DiskFile sharable across threads
808586e vhost_user_blk: Simplify the code by removing VringWorker
ea82632 tests: Enhance test_pmem_hotplug to also unplug device
6389418 tests: Enhance test_disk_hotplug to also unplug device
f9a0445 vmm: vm: Remove device from configuration after unplug
444e5c2 vmm: device_manager: Generalise NoAvailableVfioDeviceName
5bab9c3 vmm: device_manager: Assign ids to pmem/net/disk devices if absent
514491a vmm: device_manager: Support unplugging virtio-pci devices
2fa652a vm-virtio: pci: Add virtio_device() accessor
476e4ce vmm: device_manager: Add virtio-pci devices into id to BDF map
b38470d vmm: config: Add "id" parameter to {Net, Disk, Pmem}Config
1beb62e vmm: vm: Don't panic on kernel load error
Fixes: kata-containers/runtime#2609
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Runtime must setup the network before moving itself into the cgroup, otherwise
it won't be able to get the vhost/net queues file descriptors for the
hypervisor.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Update sandbox's device cgroup before hotpluggin a device and after it has
been removed from the VM, this way the device cgroup in the host is
fully honoured and the hypervisor will have access only to the devices needed
for the sandbox, improving the security.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
All the code related to HasCRIContainerType is useless and no longer needed
since the CRIContainerType annotation is not considered for constraining or
not the sandbox
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Kata relies on the cgroup parent created and configured by the container
engine, but sometimes the sandbox cgroup is not configured and the container
may have access to all the resources, hence the runtime must constrain the
sandbox and update the list of devices with the devices hotplugged in the
hypervisor.
Fixes: kata-containers/runtime#2605
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
The hypervisor needs access to `/dev/vfio/vfio` to use VFIO devices.
Remove all devicemapper devices from the allowed list, the device cgroup
must be updated when before hotpluggin any device.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
add `AddDevice` and `RemoveDevice` to cgroup manager to allow adding
and removing devices from the device cgroup
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Add functions to convert a host device to a cgroup device or linux device,
the first one is used to update the device cgroup and the second one to
update the resources in the OCI spec.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
`GetHostPath()` method returns the device path in the host, this way the
runtime can get the device information for updating the sandbox's device
cgroup.
Signed-off-by: Julio Montes <julio.montes@intel.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Hardcode the Cargo.lock file to prevent dependencies
change which would cause some compatible issues.
Fixes: #230
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Since the ttrpc upgraded with async supported, which isn't
compatible with current agent, thus it's better to change
the dependency to a stable branch.
Fixes: #229
Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
Cloud hypervisor uses vsock, without this patch CI
for cloud hypervisor is not stable.
Patch information:
```
There was a race condition between bind() and listen() that was hit very
rarely when using Kata Containers and Cloud-Hypervisor. It's been
identified the problem is really coming from the virtio-vsock driver,
which is fixed by those new kernel patches uploaded for each version of
the kernels used by Kata Containers.
```
Update:
Fixed to make it build with kernel 5.6
Fixes#932
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
CRI has a v2 schema that seems to be the default in a lot of
containerd installations. It uses a "long" form for the plugin
id in the TOML config file.
Fixes#881
Signed-off-by: Dave Syer <dsyer@pivotal.io>
Debian 10 has been broken for a while but CI started
to detected recently.
Remove package until find a way to build it.
Fixes: #1052
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
This remains the original aarch64-softmmu *explicit* default config. And
borrows the tuned configuration from i386-softmmu except the board specific
ones.
Fixes: #1044
Signed-off-by: Jia He <justin.he@arm.com>
Capstone is a disassembly framework which is not required for Kata.
Disabling it in configure can reduce ~6M bytes on arm64.
-rwxr-xr-x 71977368 May 8 09:32 qemu-system-aarch64.with.capstone*
-rwxr-xr-x 65676640 May 8 09:39 qemu-system-aarch64.without.capstone*
Fixes: #1044
Signed-off-by: Jia He <justin.he@arm.com>
There are three different types for the RTC clock: host, rt and vm.
Add `rt` to the list of RTC clocks.
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
This PR adds the documentation repository for the update-repository-version
verification.
Fixes#1027
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Rename directory name from release_pieline to release_pipeline
Fixes: #1034
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
Enable the Travis CI configuration to perform static CI checks
on PRs to this repo.
Fixes: #1031
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
Whilst enabling the static CI checks for this repo, it picked up
a spelling mistake. We'll need to fix that before we can enable
the CI.
Signed-off-by: Graham Whaley <graham.whaley@intel.com>
