fix

Signed-off-by: Aurélien Bombo <abombo@microsoft.com>

.github/workflows/ci-coco-stability.yaml

@@ -26,8 +26,8 @@ jobs:
       target-branch: ${{ github.ref_name }}
     secrets:
       AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
-      AZ_APPID: ${{ secrets.AZ_APPID }}
-      AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
-      AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+      AZ_APPID2: ${{ secrets.AZ_APPID2 }}
+      AZ_TENANT_ID2: ${{ secrets.AZ_TENANT_ID2 }}
+      AZ_SUBSCRIPTION_ID2: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
       QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}
       KBUILD_SIGN_PIN: ${{ secrets.KBUILD_SIGN_PIN }}

.github/workflows/ci-devel.yaml

@@ -21,9 +21,9 @@ jobs:
 
     secrets:
       AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
-      AZ_APPID: ${{ secrets.AZ_APPID }}
-      AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
-      AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+      AZ_APPID2: ${{ secrets.AZ_APPID2 }}
+      AZ_TENANT_ID2: ${{ secrets.AZ_TENANT_ID2 }}
+      AZ_SUBSCRIPTION_ID2: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
       CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
       ITA_KEY: ${{ secrets.ITA_KEY }}
       QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

.github/workflows/ci-nightly.yaml

@@ -25,9 +25,9 @@ jobs:
       extensive-matrix-autogenerated-policy: "yes"
     secrets:
       AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
-      AZ_APPID: ${{ secrets.AZ_APPID }}
-      AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
-      AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+      AZ_APPID2: ${{ secrets.AZ_APPID2 }}
+      AZ_TENANT_ID2: ${{ secrets.AZ_TENANT_ID2 }}
+      AZ_SUBSCRIPTION_ID2: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
       CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
       ITA_KEY: ${{ secrets.ITA_KEY }}
       QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

.github/workflows/ci-on-push.yaml

@@ -44,9 +44,9 @@ jobs:
       skip-test: ${{ needs.skipper.outputs.skip_test }}
     secrets:
       AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
-      AZ_APPID: ${{ secrets.AZ_APPID }}
-      AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
-      AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+      AZ_APPID2: ${{ secrets.AZ_APPID2 }}
+      AZ_TENANT_ID2: ${{ secrets.AZ_TENANT_ID2 }}
+      AZ_SUBSCRIPTION_ID2: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
       CI_HKD_PATH: ${{ secrets.CI_HKD_PATH }}
       ITA_KEY: ${{ secrets.ITA_KEY }}
       QUAY_DEPLOYER_PASSWORD: ${{ secrets.QUAY_DEPLOYER_PASSWORD }}

.github/workflows/ci-weekly.yaml

@@ -19,11 +19,11 @@ on:
       AUTHENTICATED_IMAGE_PASSWORD:
         required: true
 
-      AZ_APPID:
+      AZ_APPID2:
         required: true
-      AZ_TENANT_ID:
+      AZ_TENANT_ID2:
        required: true
-      AZ_SUBSCRIPTION_ID:
+      AZ_SUBSCRIPTION_ID2:
         required: true
       QUAY_DEPLOYER_PASSWORD:
         required: true
@@ -120,9 +120,9 @@ jobs:
       tarball-suffix: -${{ inputs.tag }}
     secrets:
       AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
-      AZ_APPID: ${{ secrets.AZ_APPID }}
-      AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
-      AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+      AZ_APPID2: ${{ secrets.AZ_APPID2 }}
+      AZ_TENANT_ID2: ${{ secrets.AZ_TENANT_ID2 }}
+      AZ_SUBSCRIPTION_ID2: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
     permissions:
       contents: read
       id-token: write

.github/workflows/ci.yaml

@@ -27,11 +27,11 @@ on:
       AUTHENTICATED_IMAGE_PASSWORD:
         required: true
 
-      AZ_APPID:
+      AZ_APPID2:
         required: true
-      AZ_TENANT_ID:
+      AZ_TENANT_ID2:
        required: true
-      AZ_SUBSCRIPTION_ID:
+      AZ_SUBSCRIPTION_ID2:
         required: true
       CI_HKD_PATH:
         required: true
@@ -242,9 +242,9 @@ jobs:
       pr-number: ${{ inputs.pr-number }}
       target-branch: ${{ inputs.target-branch }}
     secrets:
-      AZ_APPID: ${{ secrets.AZ_APPID }}
-      AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
-      AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+      AZ_APPID2: ${{ secrets.AZ_APPID2 }}
+      AZ_TENANT_ID2: ${{ secrets.AZ_TENANT_ID2 }}
+      AZ_SUBSCRIPTION_ID2: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
 
   run-k8s-tests-on-free-runner:
     if: ${{ inputs.skip-test != 'yes' }}
@@ -309,9 +309,9 @@ jobs:
       extensive-matrix-autogenerated-policy: ${{ inputs.extensive-matrix-autogenerated-policy }}
     secrets:
       AUTHENTICATED_IMAGE_PASSWORD: ${{ secrets.AUTHENTICATED_IMAGE_PASSWORD }}
-      AZ_APPID: ${{ secrets.AZ_APPID }}
-      AZ_TENANT_ID: ${{ secrets.AZ_TENANT_ID }}
-      AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+      AZ_APPID2: ${{ secrets.AZ_APPID2 }}
+      AZ_TENANT_ID2: ${{ secrets.AZ_TENANT_ID2 }}
+      AZ_SUBSCRIPTION_ID2: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
       ITA_KEY: ${{ secrets.ITA_KEY }}
 
   run-k8s-tests-on-zvsi:

.github/workflows/cleanup-resources.yaml

@@ -23,9 +23,9 @@ jobs:
       - name: Log into Azure
         uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
         with:
-          client-id: ${{ secrets.AZ_APPID }}
-          tenant-id: ${{ secrets.AZ_TENANT_ID }}
-          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+          client-id: ${{ secrets.AZ_APPID2 }}
+          tenant-id: ${{ secrets.AZ_TENANT_ID2 }}
+          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
 
       - name: Install Python dependencies
         run: |
@@ -35,6 +35,6 @@ jobs:
 
       - name: Cleanup resources
         env:
-          AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+          AZ_SUBSCRIPTION_ID: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
           CLEANUP_AFTER_HOURS: 24 # Clean up resources created more than this many hours ago.
         run: python3 tests/cleanup_resources.py

.github/workflows/run-k8s-tests-on-aks.yaml

@@ -26,11 +26,11 @@ on:
         default: ""
     secrets:
 
-      AZ_APPID:
+      AZ_APPID2:
         required: true
-      AZ_TENANT_ID:
+      AZ_TENANT_ID2:
        required: true
-      AZ_SUBSCRIPTION_ID:
+      AZ_SUBSCRIPTION_ID2:
         required: true
 
 
@@ -102,9 +102,9 @@ jobs:
       - name: Log into the Azure account
         uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
         with:
-          client-id: ${{ secrets.AZ_APPID }}
-          tenant-id: ${{ secrets.AZ_TENANT_ID }}
-          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+          client-id: ${{ secrets.AZ_APPID2 }}
+          tenant-id: ${{ secrets.AZ_TENANT_ID2 }}
+          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
 
       - name: Create AKS cluster
         uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
@@ -142,9 +142,9 @@ jobs:
         if: always()
         uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
         with:
-          client-id: ${{ secrets.AZ_APPID }}
-          tenant-id: ${{ secrets.AZ_TENANT_ID }}
-          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+          client-id: ${{ secrets.AZ_APPID2 }}
+          tenant-id: ${{ secrets.AZ_TENANT_ID2 }}
+          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
 
       - name: Delete AKS cluster
         if: always()

.github/workflows/run-kata-coco-stability-tests.yaml

@@ -26,11 +26,11 @@ on:
         type: string
     secrets:
 
-      AZ_APPID:
+      AZ_APPID2:
         required: true
-      AZ_TENANT_ID:
+      AZ_TENANT_ID2:
        required: true
-      AZ_SUBSCRIPTION_ID:
+      AZ_SUBSCRIPTION_ID2:
         required: true
       AUTHENTICATED_IMAGE_PASSWORD:
         required: true
@@ -98,9 +98,9 @@ jobs:
       - name: Log into the Azure account
         uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
         with:
-          client-id: ${{ secrets.AZ_APPID }}
-          tenant-id: ${{ secrets.AZ_TENANT_ID }}
-          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+          client-id: ${{ secrets.AZ_APPID2 }}
+          tenant-id: ${{ secrets.AZ_TENANT_ID2 }}
+          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
 
       - name: Create AKS cluster
         uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
@@ -150,9 +150,9 @@ jobs:
         if: always()
         uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
         with:
-          client-id: ${{ secrets.AZ_APPID }}
-          tenant-id: ${{ secrets.AZ_TENANT_ID }}
-          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+          client-id: ${{ secrets.AZ_APPID2 }}
+          tenant-id: ${{ secrets.AZ_TENANT_ID2 }}
+          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
 
       - name: Delete AKS cluster
         if: always()

.github/workflows/run-kata-coco-tests.yaml

@@ -31,11 +31,11 @@ on:
     secrets:
       AUTHENTICATED_IMAGE_PASSWORD:
         required: true
-      AZ_APPID:
+      AZ_APPID2:
         required: true
-      AZ_TENANT_ID:
+      AZ_TENANT_ID2:
        required: true
-      AZ_SUBSCRIPTION_ID:
+      AZ_SUBSCRIPTION_ID2:
         required: true
       ITA_KEY:
         required: true

.github/workflows/run-kata-deploy-tests-on-aks.yaml

@@ -22,11 +22,11 @@ on:
         type: string
         default: ""
     secrets:
-      AZ_APPID:
+      AZ_APPID2:
         required: true
-      AZ_TENANT_ID:
+      AZ_TENANT_ID2:
        required: true
-      AZ_SUBSCRIPTION_ID:
+      AZ_SUBSCRIPTION_ID2:
         required: true
 
 permissions: {}
@@ -77,9 +77,9 @@ jobs:
       - name: Log into the Azure account
         uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
         with:
-          client-id: ${{ secrets.AZ_APPID }}
-          tenant-id: ${{ secrets.AZ_TENANT_ID }}
-          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+          client-id: ${{ secrets.AZ_APPID2 }}
+          tenant-id: ${{ secrets.AZ_TENANT_ID2 }}
+          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
 
       - name: Create AKS cluster
         uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
@@ -112,9 +112,9 @@ jobs:
         if: always()
         uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
         with:
-          client-id: ${{ secrets.AZ_APPID }}
-          tenant-id: ${{ secrets.AZ_TENANT_ID }}
-          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID }}
+          client-id: ${{ secrets.AZ_APPID2 }}
+          tenant-id: ${{ secrets.AZ_TENANT_ID2 }}
+          subscription-id: ${{ secrets.AZ_SUBSCRIPTION_ID2 }}
 
       - name: Delete AKS cluster
         if: always()

src/agent/src/config.rs

@@ -25,7 +25,6 @@ const HOTPLUG_TIMOUT_OPTION: &str = "agent.hotplug_timeout";
 const CDH_API_TIMOUT_OPTION: &str = "agent.cdh_api_timeout";
 const CDH_IMAGE_PULL_TIMEOUT_OPTION: &str = "agent.image_pull_timeout";
 const CDI_TIMEOUT_OPTION: &str = "agent.cdi_timeout";
-const LAUNCH_PROCESS_TIMEOUT_OPTION: &str = "agent.launch_process_timeout";
 const DEBUG_CONSOLE_VPORT_OPTION: &str = "agent.debug_console_vport";
 const LOG_VPORT_OPTION: &str = "agent.log_vport";
 const CONTAINER_PIPE_SIZE_OPTION: &str = "agent.container_pipe_size";
@@ -67,7 +66,6 @@ const DEFAULT_HOTPLUG_TIMEOUT: time::Duration = time::Duration::from_secs(3);
 const DEFAULT_CDH_API_TIMEOUT: time::Duration = time::Duration::from_secs(50);
 const DEFAULT_IMAGE_PULL_TIMEOUT: time::Duration = time::Duration::from_secs(1200);
 const DEFAULT_CDI_TIMEOUT: time::Duration = time::Duration::from_secs(100);
-const DEFAULT_LAUNCH_PROCESS_TIMEOUT: time::Duration = time::Duration::from_secs(6);
 const DEFAULT_CONTAINER_PIPE_SIZE: i32 = 0;
 const VSOCK_ADDR: &str = "vsock://-1";
 
@@ -132,7 +130,6 @@ pub struct AgentConfig {
     pub cdh_api_timeout: time::Duration,
     pub image_pull_timeout: time::Duration,
     pub cdi_timeout: time::Duration,
-    pub launch_process_timeout: time::Duration,
     pub debug_console_vport: i32,
     pub log_vport: i32,
     pub container_pipe_size: i32,
@@ -166,7 +163,6 @@ pub struct AgentConfigBuilder {
     pub cdh_api_timeout: Option<time::Duration>,
     pub image_pull_timeout: Option<time::Duration>,
     pub cdi_timeout: Option<time::Duration>,
-    pub launch_process_timeout: Option<time::Duration>,
     pub debug_console_vport: Option<i32>,
     pub log_vport: Option<i32>,
     pub container_pipe_size: Option<i32>,
@@ -261,7 +257,6 @@ impl Default for AgentConfig {
             cdh_api_timeout: DEFAULT_CDH_API_TIMEOUT,
             image_pull_timeout: DEFAULT_IMAGE_PULL_TIMEOUT,
             cdi_timeout: DEFAULT_CDI_TIMEOUT,
-            launch_process_timeout: DEFAULT_LAUNCH_PROCESS_TIMEOUT,
             debug_console_vport: 0,
             log_vport: 0,
             container_pipe_size: DEFAULT_CONTAINER_PIPE_SIZE,
@@ -303,7 +298,6 @@ impl FromStr for AgentConfig {
         config_override!(agent_config_builder, agent_config, cdh_api_timeout);
         config_override!(agent_config_builder, agent_config, image_pull_timeout);
         config_override!(agent_config_builder, agent_config, cdi_timeout);
-        config_override!(agent_config_builder, agent_config, launch_process_timeout);
         config_override!(agent_config_builder, agent_config, debug_console_vport);
         config_override!(agent_config_builder, agent_config, log_vport);
         config_override!(agent_config_builder, agent_config, container_pipe_size);
@@ -487,14 +481,6 @@ impl AgentConfig {
                 |cdi_timeout: &time::Duration| cdi_timeout.as_secs() > 0
             );
 
-            parse_cmdline_param!(
-                param,
-                LAUNCH_PROCESS_TIMEOUT_OPTION,
-                config.launch_process_timeout,
-                get_timeout,
-                |launch_process_timeout: &time::Duration| launch_process_timeout.as_secs() > 0
-            );
-
             // vsock port should be positive values
             parse_cmdline_param!(
                 param,
@@ -756,7 +742,6 @@ fn get_timeout(param: &str) -> Result<time::Duration> {
                 | CDH_API_TIMOUT_OPTION
                 | CDH_IMAGE_PULL_TIMEOUT_OPTION
                 | CDI_TIMEOUT_OPTION
-                | LAUNCH_PROCESS_TIMEOUT_OPTION
         ),
         ERR_INVALID_TIMEOUT_KEY
     );
@@ -1645,7 +1630,6 @@ Caused by:
     #[case("agent.cdh_api_timeout=600", Ok(time::Duration::from_secs(600)))]
     #[case("agent.image_pull_timeout=1200", Ok(time::Duration::from_secs(1200)))]
     #[case("agent.cdi_timeout=320", Ok(time::Duration::from_secs(320)))]
-    #[case("agent.launch_process_timeout=60", Ok(time::Duration::from_secs(60)))]
     fn test_timeout(#[case] param: &str, #[case] expected: Result<time::Duration>) {
         let result = get_timeout(param);
         let msg = format!("expected: {expected:?}, result: {result:?}");

src/agent/src/main.rs

@@ -111,6 +111,8 @@ const API_SERVER_PATH: &str = "/usr/local/bin/api-server-rest";
 /// TODO: remove this when we move the launch of CDH out of the kata-agent.
 const OCICRYPT_CONFIG_PATH: &str = "/etc/ocicrypt_config.json";
 
+const DEFAULT_LAUNCH_PROCESS_TIMEOUT: i32 = 6;
+
 lazy_static! {
     static ref AGENT_CONFIG: AgentConfig =
         // Note: We can't do AgentOpts.parse() here to send through the processed arguments to AgentConfig
@@ -503,7 +505,7 @@ async fn launch_guest_component_procs(
         aa_args,
         Some(AA_CONFIG_PATH),
         AA_ATTESTATION_SOCKET,
-        config.launch_process_timeout.as_secs(),
+        DEFAULT_LAUNCH_PROCESS_TIMEOUT,
         &[],
     )
     .await
@@ -525,7 +527,7 @@ async fn launch_guest_component_procs(
         vec![],
         Some(CDH_CONFIG_PATH),
         CDH_SOCKET,
-        config.launch_process_timeout.as_secs(),
+        DEFAULT_LAUNCH_PROCESS_TIMEOUT,
         &[("OCICRYPT_KEYPROVIDER_CONFIG", OCICRYPT_CONFIG_PATH)],
     )
     .await
@@ -585,7 +587,7 @@ async fn init_attestation_components(
     Ok(())
 }
 
-async fn wait_for_path_to_exist(logger: &Logger, path: &str, timeout_secs: u64) -> Result<()> {
+async fn wait_for_path_to_exist(logger: &Logger, path: &str, timeout_secs: i32) -> Result<()> {
     let p = Path::new(path);
     let mut attempts = 0;
     loop {
@@ -612,7 +614,7 @@ async fn launch_process(
     mut args: Vec<&str>,
     config: Option<&str>,
     unix_socket_path: &str,
-    timeout_secs: u64,
+    timeout_secs: i32,
     envs: &[(&str, &str)],
 ) -> Result<()> {
     if !Path::new(path).exists() {

src/libs/kata-types/src/annotations/mod.rs

@@ -284,20 +284,6 @@ pub const KATA_ANNO_CFG_HYPERVISOR_DEFAULT_GPUS: &str =
 pub const KATA_ANNO_CFG_HYPERVISOR_DEFAULT_GPU_MODEL: &str =
     "io.katacontainers.config.hypervisor.default_gpu_model";
 
-/// A sandbox annotation that specifies the logical sector size reported by block devices to the
-/// guest, in bytes. Common values are 512 and 4096. Set to 0 to use the hypervisor default.
-/// NOTE: the annotation key uses "blk_logical_sector_size" rather than
-/// "block_device_logical_sector_size" because Kubernetes enforces a 63-character limit on
-/// annotation name segments.
-pub const KATA_ANNO_CFG_HYPERVISOR_BLK_LOGICAL_SECTOR_SIZE: &str =
-    "io.katacontainers.config.hypervisor.blk_logical_sector_size";
-/// A sandbox annotation that specifies the physical sector size reported by block devices to the
-/// guest, in bytes. Common values are 512 and 4096. Set to 0 to use the hypervisor default.
-/// NOTE: the annotation key uses "blk_physical_sector_size" rather than
-/// "block_device_physical_sector_size" because Kubernetes enforces a 63-character limit on
-/// annotation name segments.
-pub const KATA_ANNO_CFG_HYPERVISOR_BLK_PHYSICAL_SECTOR_SIZE: &str =
-    "io.katacontainers.config.hypervisor.blk_physical_sector_size";
 /// Block device specific annotation for num_queues
 pub const KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_NUM_QUEUES: &str =
     "io.katacontainers.config.hypervisor.block_device_num_queues";
@@ -987,48 +973,6 @@ impl Annotation {
                             hv.shared_fs.virtio_fs_extra_args.push(arg.to_string());
                         }
                     }
-                    KATA_ANNO_CFG_HYPERVISOR_BLK_LOGICAL_SECTOR_SIZE => {
-                        match self.get_value::<u32>(key) {
-                            Ok(v) => {
-                                let size = v.unwrap_or_default();
-                                if let Err(e) =
-                                    crate::config::hypervisor::validate_block_device_sector_size(
-                                        size,
-                                    )
-                                {
-                                    return Err(io::Error::new(
-                                        io::ErrorKind::InvalidData,
-                                        e.to_string(),
-                                    ));
-                                }
-                                hv.blockdev_info.block_device_logical_sector_size = size;
-                            }
-                            Err(_e) => {
-                                return Err(u32_err);
-                            }
-                        }
-                    }
-                    KATA_ANNO_CFG_HYPERVISOR_BLK_PHYSICAL_SECTOR_SIZE => {
-                        match self.get_value::<u32>(key) {
-                            Ok(v) => {
-                                let size = v.unwrap_or_default();
-                                if let Err(e) =
-                                    crate::config::hypervisor::validate_block_device_sector_size(
-                                        size,
-                                    )
-                                {
-                                    return Err(io::Error::new(
-                                        io::ErrorKind::InvalidData,
-                                        e.to_string(),
-                                    ));
-                                }
-                                hv.blockdev_info.block_device_physical_sector_size = size;
-                            }
-                            Err(_e) => {
-                                return Err(u32_err);
-                            }
-                        }
-                    }
                     KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_NUM_QUEUES => {
                         match self.get_value::<usize>(key) {
                             Ok(v) => {
@@ -1179,18 +1123,6 @@ impl Annotation {
             }
         }
 
-        // Validate cross-field constraint: logical sector size must not exceed physical.
-        // Individual sizes are validated inside the loop, but the cross-field check must
-        // run after both annotations have been applied.
-        let logical = hv.blockdev_info.block_device_logical_sector_size;
-        let physical = hv.blockdev_info.block_device_physical_sector_size;
-        if logical != 0 && physical != 0 && logical > physical {
-            return Err(io::Error::new(
-                io::ErrorKind::InvalidData,
-                format!("invalid sector sizes: logical ({logical}) must not be larger than physical ({physical})"),
-            ));
-        }
-
         config.adjust_config()?;
 
         Ok(())

src/libs/kata-types/src/config/agent.rs

@@ -146,11 +146,6 @@ pub struct Agent {
     #[serde(default)]
     pub container_pipe_size: u32,
 
-    /// Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-    /// to create their Unix sockets after being spawned by the agent.
-    #[serde(default)]
-    pub launch_process_timeout: u32,
-
     /// Memory agent configuration
     #[serde(default)]
     pub mem_agent: MemAgent,
@@ -185,7 +180,6 @@ impl std::default::Default for Agent {
             health_check_request_timeout_ms: 90_000,
             kernel_modules: Default::default(),
             container_pipe_size: 0,
-            launch_process_timeout: 0,
             mem_agent: MemAgent::default(),
             policy: Default::default(),
         }

src/libs/kata-types/src/config/hypervisor/mod.rs

@@ -271,18 +271,6 @@ pub struct BlockDeviceInfo {
     #[serde(default)]
     pub block_device_cache_noflush: bool,
 
-    /// Specifies the logical sector size, in bytes, reported by block devices to the guest.
-    /// Common values are 512 and 4096. Set to 0 to use the hypervisor default.
-    /// Must be 0 or a power of 2 between 512 and 65536.
-    #[serde(default)]
-    pub block_device_logical_sector_size: u32,
-
-    /// Specifies the physical sector size, in bytes, reported by block devices to the guest.
-    /// Common values are 512 and 4096. Set to 0 to use the hypervisor default.
-    /// Must be 0 or a power of 2 between 512 and 65536.
-    #[serde(default)]
-    pub block_device_physical_sector_size: u32,
-
     /// If false and nvdimm is supported, use nvdimm device to plug guest image.
     #[serde(default)]
     pub disable_image_nvdimm: bool,
@@ -412,16 +400,6 @@ impl BlockDeviceInfo {
             "Invalid vhost-user-store-path {}: {}"
         )?;
 
-        validate_block_device_sector_size(self.block_device_logical_sector_size)?;
-        validate_block_device_sector_size(self.block_device_physical_sector_size)?;
-        let logical = self.block_device_logical_sector_size;
-        let physical = self.block_device_physical_sector_size;
-        if logical != 0 && physical != 0 && logical > physical {
-            return Err(std::io::Error::other(format!(
-                "invalid sector sizes: logical ({logical}) must not be larger than physical ({physical})"
-            )));
-        }
-
         Ok(())
     }
 
@@ -431,19 +409,6 @@ impl BlockDeviceInfo {
     }
 }
 
-/// Validate that a block device sector size is 0 or a power of 2 in [512, 65536].
-pub fn validate_block_device_sector_size(size: u32) -> Result<()> {
-    if size == 0 {
-        return Ok(());
-    }
-    if !(512..=65536).contains(&size) || (size & (size - 1)) != 0 {
-        return Err(std::io::Error::other(format!(
-            "invalid sector size {size}: must be 0 or a power of 2 between 512 and 65536"
-        )));
-    }
-    Ok(())
-}
-
 /// Guest kernel boot information.
 #[derive(Clone, Debug, Default, Deserialize, Serialize)]
 pub struct BootInfo {
@@ -2107,83 +2072,4 @@ mod tests {
             expected_error_msg
         );
     }
-
-    #[test]
-    fn test_validate_block_device_sector_size_valid() {
-        for size in [0, 512, 1024, 2048, 4096, 8192, 16384, 32768, 65536] {
-            assert!(
-                validate_block_device_sector_size(size).is_ok(),
-                "expected size {} to be accepted",
-                size
-            );
-        }
-    }
-
-    #[test]
-    fn test_validate_block_device_sector_size_not_power_of_two() {
-        for size in [3, 100, 1000, 3000, 5000] {
-            assert!(
-                validate_block_device_sector_size(size).is_err(),
-                "expected non-power-of-2 size {} to be rejected",
-                size
-            );
-        }
-    }
-
-    #[test]
-    fn test_validate_block_device_sector_size_below_minimum() {
-        for size in [1, 256] {
-            assert!(
-                validate_block_device_sector_size(size).is_err(),
-                "expected below-minimum size {} to be rejected",
-                size
-            );
-        }
-    }
-
-    #[test]
-    fn test_validate_block_device_sector_size_above_maximum() {
-        for size in [131072, 1048576] {
-            assert!(
-                validate_block_device_sector_size(size).is_err(),
-                "expected above-maximum size {} to be rejected",
-                size
-            );
-        }
-    }
-
-    fn blockdev_info_with_sectors(logical: u32, physical: u32) -> BlockDeviceInfo {
-        BlockDeviceInfo {
-            block_device_driver: VIRTIO_BLK_PCI.to_string(),
-            block_device_logical_sector_size: logical,
-            block_device_physical_sector_size: physical,
-            ..Default::default()
-        }
-    }
-
-    #[test]
-    fn test_validate_block_device_sector_sizes_valid() {
-        assert!(blockdev_info_with_sectors(0, 0).validate().is_ok());
-        assert!(blockdev_info_with_sectors(512, 0).validate().is_ok());
-        assert!(blockdev_info_with_sectors(0, 4096).validate().is_ok());
-        assert!(blockdev_info_with_sectors(512, 4096).validate().is_ok());
-        assert!(blockdev_info_with_sectors(4096, 4096).validate().is_ok());
-        assert!(blockdev_info_with_sectors(512, 512).validate().is_ok());
-    }
-
-    #[test]
-    fn test_validate_block_device_sector_sizes_logical_exceeds_physical() {
-        assert!(
-            blockdev_info_with_sectors(4096, 512).validate().is_err(),
-            "logical > physical should be rejected"
-        );
-        assert!(
-            blockdev_info_with_sectors(4096, 1024).validate().is_err(),
-            "logical > physical should be rejected"
-        );
-        assert!(
-            blockdev_info_with_sectors(65536, 512).validate().is_err(),
-            "logical > physical should be rejected"
-        );
-    }
 }

src/libs/kata-types/src/config/mod.rs

@@ -54,8 +54,6 @@ pub const DEBUG_CONSOLE_VPORT_OPTION: &str = "agent.debug_console_vport";
 pub const LOG_VPORT_OPTION: &str = "agent.log_vport";
 /// Option of setting the container's pipe size
 pub const CONTAINER_PIPE_SIZE_OPTION: &str = "agent.container_pipe_size";
-/// Option of setting the guest component launch process timeout
-pub const LAUNCH_PROCESS_TIMEOUT_OPTION: &str = "agent.launch_process_timeout";
 /// Option of setting the fd passthrough io listener port
 pub const PASSFD_LISTENER_PORT: &str = "agent.passfd_listener_port";
 
@@ -221,13 +219,6 @@ impl TomlConfig {
                 let container_pipe_size = cfg.container_pipe_size.to_string();
                 kv.insert(CONTAINER_PIPE_SIZE_OPTION.to_string(), container_pipe_size);
             }
-            if cfg.launch_process_timeout > 0 {
-                let launch_process_timeout = cfg.launch_process_timeout.to_string();
-                kv.insert(
-                    LAUNCH_PROCESS_TIMEOUT_OPTION.to_string(),
-                    launch_process_timeout,
-                );
-            }
             if cfg.debug_console_enabled {
                 kv.insert(DEBUG_CONSOLE_FLAG.to_string(), "".to_string());
                 kv.insert(
@@ -488,7 +479,6 @@ mod tests {
             enable_tracing: true,
             container_pipe_size: 20,
             debug_console_enabled: true,
-            launch_process_timeout: 60,
             ..Default::default()
         };
         let agent_name = "test_agent";
@@ -501,6 +491,5 @@ mod tests {
         assert_eq!(kv.get("agent.container_pipe_size").unwrap(), "20");
         kv.get("agent.debug_console").unwrap();
         assert_eq!(kv.get("agent.debug_console_vport").unwrap(), "1026"); // 1026 is the default port
-        assert_eq!(kv.get("agent.launch_process_timeout").unwrap(), "60");
     }
 }

src/libs/kata-types/tests/test_config.rs

@@ -7,9 +7,7 @@ mod tests {
     use kata_types::annotations::{
         Annotation, KATA_ANNO_CFG_AGENT_CONTAINER_PIPE_SIZE, KATA_ANNO_CFG_AGENT_TRACE,
         KATA_ANNO_CFG_DISABLE_GUEST_SECCOMP, KATA_ANNO_CFG_ENABLE_PPROF,
-        KATA_ANNO_CFG_EXPERIMENTAL, KATA_ANNO_CFG_HYPERVISOR_BLK_LOGICAL_SECTOR_SIZE,
-        KATA_ANNO_CFG_HYPERVISOR_BLK_PHYSICAL_SECTOR_SIZE,
-        KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_CACHE_NOFLUSH,
+        KATA_ANNO_CFG_EXPERIMENTAL, KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_CACHE_NOFLUSH,
         KATA_ANNO_CFG_HYPERVISOR_BLOCK_DEV_DRIVER, KATA_ANNO_CFG_HYPERVISOR_DEFAULT_MEMORY,
         KATA_ANNO_CFG_HYPERVISOR_DEFAULT_VCPUS, KATA_ANNO_CFG_HYPERVISOR_ENABLE_GUEST_SWAP,
         KATA_ANNO_CFG_HYPERVISOR_ENABLE_HUGEPAGES, KATA_ANNO_CFG_HYPERVISOR_ENABLE_IO_THREADS,
@@ -481,111 +479,4 @@ mod tests {
         let mut config = TomlConfig::load(content).unwrap();
         assert!(anno.update_config_by_annotation(&mut config).is_err());
     }
-
-    #[test]
-    fn test_block_device_sector_size_annotations_valid() {
-        let content = include_str!("texture/configuration-anno-0.toml");
-
-        let qemu = QemuConfig::new();
-        qemu.register();
-
-        // Valid: 512 logical, 4096 physical
-        let config = TomlConfig::load(content).unwrap();
-        KataConfig::set_active_config(Some(config), "qemu", "agent0");
-
-        let mut anno_hash = HashMap::new();
-        anno_hash.insert(
-            KATA_ANNO_CFG_HYPERVISOR_BLK_LOGICAL_SECTOR_SIZE.to_string(),
-            "512".to_string(),
-        );
-        anno_hash.insert(
-            KATA_ANNO_CFG_HYPERVISOR_BLK_PHYSICAL_SECTOR_SIZE.to_string(),
-            "4096".to_string(),
-        );
-        let anno = Annotation::new(anno_hash);
-        let mut config = TomlConfig::load(content).unwrap();
-        assert!(anno.update_config_by_annotation(&mut config).is_ok());
-        if let Some(hv) = config.hypervisor.get("qemu") {
-            assert_eq!(hv.blockdev_info.block_device_logical_sector_size, 512);
-            assert_eq!(hv.blockdev_info.block_device_physical_sector_size, 4096);
-        }
-
-        // Valid: 0 means hypervisor default
-        let mut anno_hash = HashMap::new();
-        anno_hash.insert(
-            KATA_ANNO_CFG_HYPERVISOR_BLK_LOGICAL_SECTOR_SIZE.to_string(),
-            "0".to_string(),
-        );
-        anno_hash.insert(
-            KATA_ANNO_CFG_HYPERVISOR_BLK_PHYSICAL_SECTOR_SIZE.to_string(),
-            "0".to_string(),
-        );
-        let anno = Annotation::new(anno_hash);
-        let mut config = TomlConfig::load(content).unwrap();
-        assert!(anno.update_config_by_annotation(&mut config).is_ok());
-        if let Some(hv) = config.hypervisor.get("qemu") {
-            assert_eq!(hv.blockdev_info.block_device_logical_sector_size, 0);
-            assert_eq!(hv.blockdev_info.block_device_physical_sector_size, 0);
-        }
-    }
-
-    #[test]
-    fn test_block_device_sector_size_annotation_invalid_not_power_of_two() {
-        let content = include_str!("texture/configuration-anno-0.toml");
-
-        let qemu = QemuConfig::new();
-        qemu.register();
-
-        let config = TomlConfig::load(content).unwrap();
-        KataConfig::set_active_config(Some(config), "qemu", "agent0");
-
-        let mut anno_hash = HashMap::new();
-        anno_hash.insert(
-            KATA_ANNO_CFG_HYPERVISOR_BLK_LOGICAL_SECTOR_SIZE.to_string(),
-            "1000".to_string(),
-        );
-        let anno = Annotation::new(anno_hash);
-        let mut config = TomlConfig::load(content).unwrap();
-        assert!(anno.update_config_by_annotation(&mut config).is_err());
-    }
-
-    #[test]
-    fn test_block_device_sector_size_annotation_invalid_below_minimum() {
-        let content = include_str!("texture/configuration-anno-0.toml");
-
-        let qemu = QemuConfig::new();
-        qemu.register();
-
-        let config = TomlConfig::load(content).unwrap();
-        KataConfig::set_active_config(Some(config), "qemu", "agent0");
-
-        let mut anno_hash = HashMap::new();
-        anno_hash.insert(
-            KATA_ANNO_CFG_HYPERVISOR_BLK_PHYSICAL_SECTOR_SIZE.to_string(),
-            "256".to_string(),
-        );
-        let anno = Annotation::new(anno_hash);
-        let mut config = TomlConfig::load(content).unwrap();
-        assert!(anno.update_config_by_annotation(&mut config).is_err());
-    }
-
-    #[test]
-    fn test_block_device_sector_size_annotation_invalid_above_maximum() {
-        let content = include_str!("texture/configuration-anno-0.toml");
-
-        let qemu = QemuConfig::new();
-        qemu.register();
-
-        let config = TomlConfig::load(content).unwrap();
-        KataConfig::set_active_config(Some(config), "qemu", "agent0");
-
-        let mut anno_hash = HashMap::new();
-        anno_hash.insert(
-            KATA_ANNO_CFG_HYPERVISOR_BLK_LOGICAL_SECTOR_SIZE.to_string(),
-            "131072".to_string(),
-        );
-        let anno = Annotation::new(anno_hash);
-        let mut config = TomlConfig::load(content).unwrap();
-        assert!(anno.update_config_by_annotation(&mut config).is_err());
-    }
 }

src/libs/kata-types/tests/texture/configuration-anno-0.toml

@@ -19,7 +19,7 @@ default_maxvcpus = 64
 machine_type = "q35"
 confidential_guest = true
 rootless = true
-enable_annotations = ["shared_fs","path", "ctlpath","jailer_path","enable_iothreads","default_memory","memory_slots","enable_mem_prealloc","enable_hugepages","file_mem_backend","enable_virtio_mem","enable_guest_swap","default_vcpus","virtio_fs_extra_args","block_device_driver","vhost_user_store_path","kernel","guest_hook_path","block_device_cache_noflush","virtio_fs_daemon","blk_logical_sector_size","blk_physical_sector_size"]
+enable_annotations = ["shared_fs","path", "ctlpath","jailer_path","enable_iothreads","default_memory","memory_slots","enable_mem_prealloc","enable_hugepages","file_mem_backend","enable_virtio_mem","enable_guest_swap","default_vcpus","virtio_fs_extra_args","block_device_driver","vhost_user_store_path","kernel","guest_hook_path","block_device_cache_noflush","virtio_fs_daemon"]
 machine_accelerators="noapic"
 default_bridges = 2
 default_memory = 128

src/runtime-rs/config/configuration-qemu-coco-dev-runtime-rs.toml.in

@@ -255,16 +255,6 @@ block_device_cache_direct = false
 # Default false
 block_device_cache_noflush = false
 
-# Specifies the logical sector size, in bytes, reported by block devices to the guest.
-# Common values are 512 and 4096. Set to 0 to use the QEMU/hypervisor default.
-# Default 0
-block_device_logical_sector_size = 0
-
-# Specifies the physical sector size, in bytes, reported by block devices to the guest.
-# Common values are 512 and 4096. Set to 0 to use the QEMU/hypervisor default.
-# Default 0
-block_device_physical_sector_size = 0
-
 # Enable iothreads (data-plane) to be used. This causes IO to be
 # handled in a separate IO thread. This is currently only implemented
 # for SCSI.
@@ -551,11 +541,6 @@ dial_timeout_ms = 10
 # (default: 3000)
 reconnect_timeout_ms = 3000
 
-# Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-# to create their Unix sockets after being spawned by the agent.
-# (agent default when unset: 6)
-launch_process_timeout = 6
-
 # Create Container Request Timeout
 # This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest.
 # It's also used to ensure that workloads, especially those involving large image pulls within the guest,

src/runtime-rs/config/configuration-qemu-runtime-rs.toml.in

@@ -245,16 +245,6 @@ block_device_cache_direct = false
 # Default false
 block_device_cache_noflush = false
 
-# Specifies the logical sector size, in bytes, reported by block devices to the guest.
-# Common values are 512 and 4096. Set to 0 to use the QEMU/hypervisor default.
-# Default 0
-block_device_logical_sector_size = 0
-
-# Specifies the physical sector size, in bytes, reported by block devices to the guest.
-# Common values are 512 and 4096. Set to 0 to use the QEMU/hypervisor default.
-# Default 0
-block_device_physical_sector_size = 0
-
 # Enable iothreads (data-plane) to be used. This causes IO to be
 # handled in a separate IO thread. This is currently only implemented
 # for SCSI.

src/runtime-rs/config/configuration-qemu-se-runtime-rs.toml.in

@@ -244,16 +244,6 @@ block_device_cache_direct = false
 # Default false
 block_device_cache_noflush = false
 
-# Specifies the logical sector size, in bytes, reported by block devices to the guest.
-# Common values are 512 and 4096. Set to 0 to use the QEMU/hypervisor default.
-# Default 0
-block_device_logical_sector_size = 0
-
-# Specifies the physical sector size, in bytes, reported by block devices to the guest.
-# Common values are 512 and 4096. Set to 0 to use the QEMU/hypervisor default.
-# Default 0
-block_device_physical_sector_size = 0
-
 # Enable iothreads (data-plane) to be used. This causes IO to be
 # handled in a separate IO thread. This is currently only implemented
 # for SCSI.
@@ -533,11 +523,6 @@ dial_timeout_ms = 90
 # (default: 3000)
 reconnect_timeout_ms = 5000
 
-# Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-# to create their Unix sockets after being spawned by the agent.
-# (agent default when unset: 6)
-launch_process_timeout = 6
-
 # Create Container Request Timeout
 # This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest.
 # It's also used to ensure that workloads, especially those involving large image pulls within the guest,

src/runtime-rs/config/configuration-qemu-snp-runtime-rs.toml.in

@@ -281,16 +281,6 @@ block_device_cache_direct = false
 # Default false
 block_device_cache_noflush = false
 
-# Specifies the logical sector size, in bytes, reported by block devices to the guest.
-# Common values are 512 and 4096. Set to 0 to use the QEMU/hypervisor default.
-# Default 0
-block_device_logical_sector_size = 0
-
-# Specifies the physical sector size, in bytes, reported by block devices to the guest.
-# Common values are 512 and 4096. Set to 0 to use the QEMU/hypervisor default.
-# Default 0
-block_device_physical_sector_size = 0
-
 # Enable iothreads (data-plane) to be used. This causes IO to be
 # handled in a separate IO thread. This is currently only implemented
 # for SCSI.
@@ -575,11 +565,6 @@ dial_timeout_ms = 10
 # (default: 3000)
 reconnect_timeout_ms = 3000
 
-# Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-# to create their Unix sockets after being spawned by the agent.
-# (agent default when unset: 6)
-launch_process_timeout = 6
-
 # Create Container Request Timeout
 # This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest.
 # It's also used to ensure that workloads, especially those involving large image pulls within the guest,

src/runtime-rs/config/configuration-qemu-tdx-runtime-rs.toml.in

@@ -256,16 +256,6 @@ block_device_cache_direct = false
 # Default false
 block_device_cache_noflush = false
 
-# Specifies the logical sector size, in bytes, reported by block devices to the guest.
-# Common values are 512 and 4096. Set to 0 to use the QEMU/hypervisor default.
-# Default 0
-block_device_logical_sector_size = 0
-
-# Specifies the physical sector size, in bytes, reported by block devices to the guest.
-# Common values are 512 and 4096. Set to 0 to use the QEMU/hypervisor default.
-# Default 0
-block_device_physical_sector_size = 0
-
 # Enable iothreads (data-plane) to be used. This causes IO to be
 # handled in a separate IO thread. This is currently implemented
 # for virtio-scsi and virtio-blk.
@@ -551,11 +541,6 @@ dial_timeout_ms = 10
 # (default: 3000)
 reconnect_timeout_ms = 3000
 
-# Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-# to create their Unix sockets after being spawned by the agent.
-# (agent default when unset: 6)
-launch_process_timeout = 6
-
 # Create Container Request Timeout
 # This timeout value is used to set the maximum duration for the agent to process a CreateContainerRequest.
 # It's also used to ensure that workloads, especially those involving large image pulls within the guest,

src/runtime-rs/crates/hypervisor/src/device/driver/virtio_blk.rs

@@ -112,12 +112,6 @@ pub struct BlockConfig {
 
     /// block device multi-queue
     pub num_queues: usize,
-
-    /// Logical sector size in bytes reported to the guest. 0 means use hypervisor default.
-    pub logical_sector_size: u32,
-
-    /// Physical sector size in bytes reported to the guest. 0 means use hypervisor default.
-    pub physical_sector_size: u32,
 }
 
 #[derive(Debug, Clone, Default)]

src/runtime-rs/crates/hypervisor/src/qemu/inner.rs

@@ -866,8 +866,6 @@ impl QemuInner {
                         ),
                         block_device.config.is_readonly,
                         block_device.config.no_drop,
-                        block_device.config.logical_sector_size,
-                        block_device.config.physical_sector_size,
                     )
                     .context("hotplug block device")?;
 

src/runtime-rs/crates/hypervisor/src/qemu/qmp.rs

@@ -642,8 +642,6 @@ impl Qmp {
         is_direct: Option<bool>,
         is_readonly: bool,
         no_drop: bool,
-        logical_block_size: u32,
-        physical_block_size: u32,
     ) -> Result<(Option<PciPath>, Option<String>)> {
         // `blockdev-add`
         let node_name = format!("drive-{index}");
@@ -721,13 +719,6 @@ impl Qmp {
         let mut blkdev_add_args = Dictionary::new();
         blkdev_add_args.insert("drive".to_owned(), node_name.clone().into());
 
-        if logical_block_size > 0 {
-            blkdev_add_args.insert("logical_block_size".to_owned(), logical_block_size.into());
-        }
-        if physical_block_size > 0 {
-            blkdev_add_args.insert("physical_block_size".to_owned(), physical_block_size.into());
-        }
-
         if block_driver == VIRTIO_SCSI {
             // Helper closure to decode a flattened u16 SCSI index into an (ID, LUN) pair.
             let get_scsi_id_lun = |index_u16: u16| -> Result<(u8, u8)> {

src/runtime-rs/crates/resource/src/manager_inner.rs

@@ -422,8 +422,6 @@ impl ResourceManagerInner {
                         blkdev_aio: BlockDeviceAio::new(&blkdev_info.block_device_aio),
                         num_queues: blkdev_info.num_queues,
                         queue_size: blkdev_info.queue_size,
-                        logical_sector_size: blkdev_info.block_device_logical_sector_size,
-                        physical_sector_size: blkdev_info.block_device_physical_sector_size,
                         ..Default::default()
                     });
 

src/runtime-rs/crates/resource/src/volume/block_volume.rs

@@ -49,8 +49,6 @@ impl BlockVolume {
             blkdev_aio: BlockDeviceAio::new(&blkdev_info.block_device_aio),
             num_queues: blkdev_info.num_queues,
             queue_size: blkdev_info.queue_size,
-            logical_sector_size: blkdev_info.block_device_logical_sector_size,
-            physical_sector_size: blkdev_info.block_device_physical_sector_size,
             ..Default::default()
         };
 

src/runtime-rs/crates/resource/src/volume/direct_volumes/rawblock_volume.rs

@@ -64,8 +64,6 @@ impl RawblockVolume {
             blkdev_aio: BlockDeviceAio::new(&blkdev_info.block_device_aio),
             num_queues: blkdev_info.num_queues,
             queue_size: blkdev_info.queue_size,
-            logical_sector_size: blkdev_info.block_device_logical_sector_size,
-            physical_sector_size: blkdev_info.block_device_physical_sector_size,
             ..Default::default()
         };
 

src/runtime/Makefile

@@ -491,7 +491,6 @@ ifneq (,$(QEMUCMD))
     DEFAULTVCPUS_NV = 1
     DEFAULTMEMORY_NV = 8192
     DEFAULTTIMEOUT_NV = 1200
-    DEFAULTLAUNCHPROCESSTIMEOUT_NV = 15
     DEFAULTVFIOPORT_NV = root-port
     DEFAULTPCIEROOTPORT_NV = 8
 
@@ -507,8 +506,6 @@ ifneq (,$(QEMUCMD))
     # Best practice for production is to set this to true
     DEFSANDBOXCGROUPONLY_NV = true
 
-    DEFENABLEVCPUPINNING_NV = true
-
     ifneq (,$(QEMUFW))
         FIRMWAREPATH := $(PREFIXDEPS)/share/$(EDK2_NAME)/$(QEMUFW)
     endif
@@ -681,9 +678,7 @@ USER_VARS += KERNELPARAMS_CONFIDENTIAL_NV
 USER_VARS += KERNELVERITYPARAMS_NV
 USER_VARS += KERNELVERITYPARAMS_CONFIDENTIAL_NV
 USER_VARS += DEFAULTTIMEOUT_NV
-USER_VARS += DEFAULTLAUNCHPROCESSTIMEOUT_NV
 USER_VARS += DEFSANDBOXCGROUPONLY_NV
-USER_VARS += DEFENABLEVCPUPINNING_NV
 USER_VARS += DEFROOTFSTYPE
 USER_VARS += MACHINETYPE
 USER_VARS += KERNELDIR

src/runtime/config/configuration-qemu-cca.toml.in

@@ -537,11 +537,6 @@ debug_console_enabled = false
 # (default: 90)
 dial_timeout = 90
 
-# Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-# to create their Unix sockets after being spawned by the agent.
-# (agent default when unset: 6)
-launch_process_timeout = 6
-
 [runtime]
 # If enabled, the runtime will log additional debug messages to the
 # system log

src/runtime/config/configuration-qemu-coco-dev.toml.in

@@ -595,11 +595,6 @@ dial_timeout = 45
 # (default: 50)
 cdh_api_timeout = 50
 
-# Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-# to create their Unix sockets after being spawned by the agent.
-# (agent default when unset: 6)
-launch_process_timeout = 6
-
 [runtime]
 # If enabled, the runtime will log additional debug messages to the
 # system log

src/runtime/config/configuration-qemu-nvidia-gpu-snp.toml.in

@@ -611,13 +611,6 @@ debug_console_enabled = false
 # (default: 90)
 dial_timeout = @DEFAULTTIMEOUT_NV@
 
-# Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-# to create their Unix sockets after being spawned by the agent.
-# With NVIDIA GPUs and NVSwitches, the attestation-agent needs extra time
-# to collect evidence during initialization.
-# (agent default when unset: 6)
-launch_process_timeout = @DEFAULTLAUNCHPROCESSTIMEOUT_NV@
-
 [runtime]
 # If enabled, the runtime will log additional debug messages to the
 # system log
@@ -652,7 +645,7 @@ disable_guest_seccomp = @DEFDISABLEGUESTSECCOMP@
 # vCPUs pinning settings
 # if enabled, each vCPU thread will be scheduled to a fixed CPU
 # qualified condition: num(vCPU threads) == num(CPUs in sandbox's CPUSet)
-enable_vcpus_pinning = @DEFENABLEVCPUPINNING_NV@
+enable_vcpus_pinning = false
 
 # Apply a custom SELinux security policy to the container process inside the VM.
 # This is used when you want to apply a type other than the default `container_t`,

src/runtime/config/configuration-qemu-nvidia-gpu-tdx.toml.in

@@ -588,13 +588,6 @@ debug_console_enabled = false
 # (default: 90)
 dial_timeout = @DEFAULTTIMEOUT_NV@
 
-# Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-# to create their Unix sockets after being spawned by the agent.
-# With NVIDIA GPUs and NVSwitches, the attestation-agent needs extra time
-# to collect evidence during initialization.
-# (agent default when unset: 6)
-launch_process_timeout = @DEFAULTLAUNCHPROCESSTIMEOUT_NV@
-
 [runtime]
 # If enabled, the runtime will log additional debug messages to the
 # system log
@@ -629,7 +622,7 @@ disable_guest_seccomp = @DEFDISABLEGUESTSECCOMP@
 # vCPUs pinning settings
 # if enabled, each vCPU thread will be scheduled to a fixed CPU
 # qualified condition: num(vCPU threads) == num(CPUs in sandbox's CPUSet)
-enable_vcpus_pinning = @DEFENABLEVCPUPINNING_NV@
+enable_vcpus_pinning = false
 
 # Apply a custom SELinux security policy to the container process inside the VM.
 # This is used when you want to apply a type other than the default `container_t`,

src/runtime/config/configuration-qemu-nvidia-gpu.toml.in

@@ -590,13 +590,6 @@ debug_console_enabled = false
 # (default: 90)
 dial_timeout = @DEFAULTTIMEOUT_NV@
 
-# Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-# to create their Unix sockets after being spawned by the agent.
-# With NVIDIA GPUs and NVSwitches, the attestation-agent needs extra time
-# to collect evidence during initialization.
-# (agent default when unset: 6)
-launch_process_timeout = @DEFAULTLAUNCHPROCESSTIMEOUT_NV@
-
 [runtime]
 # If enabled, the runtime will log additional debug messages to the
 # system log
@@ -631,7 +624,7 @@ disable_guest_seccomp = @DEFDISABLEGUESTSECCOMP@
 # vCPUs pinning settings
 # if enabled, each vCPU thread will be scheduled to a fixed CPU
 # qualified condition: num(vCPU threads) == num(CPUs in sandbox's CPUSet)
-enable_vcpus_pinning = @DEFENABLEVCPUPINNING_NV@
+enable_vcpus_pinning = false
 
 # Apply a custom SELinux security policy to the container process inside the VM.
 # This is used when you want to apply a type other than the default `container_t`,

src/runtime/config/configuration-qemu-se.toml.in

@@ -573,11 +573,6 @@ debug_console_enabled = false
 # (default: 30)
 dial_timeout = 90
 
-# Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-# to create their Unix sockets after being spawned by the agent.
-# (agent default when unset: 6)
-launch_process_timeout = 6
-
 [runtime]
 # If enabled, the runtime will log additional debug messages to the
 # system log

src/runtime/config/configuration-qemu-snp.toml.in

@@ -603,11 +603,6 @@ debug_console_enabled = false
 # (default: 90)
 dial_timeout = 90
 
-# Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-# to create their Unix sockets after being spawned by the agent.
-# (agent default when unset: 6)
-launch_process_timeout = 6
-
 [runtime]
 # If enabled, the runtime will log additional debug messages to the
 # system log

src/runtime/config/configuration-qemu-tdx.toml.in

@@ -580,11 +580,6 @@ debug_console_enabled = false
 # (default: 60)
 dial_timeout = 60
 
-# Timeout in seconds for guest components (attestation-agent, confidential-data-hub)
-# to create their Unix sockets after being spawned by the agent.
-# (agent default when unset: 6)
-launch_process_timeout = 6
-
 [runtime]
 # If enabled, the runtime will log additional debug messages to the
 # system log

src/runtime/pkg/katautils/config.go

@@ -224,13 +224,12 @@ func (r runtime) emptyDirMode() (string, error) {
 }
 
 type agent struct {
-	KernelModules        []string `toml:"kernel_modules"`
-	Debug                bool     `toml:"enable_debug"`
-	Tracing              bool     `toml:"enable_tracing"`
-	DebugConsoleEnabled  bool     `toml:"debug_console_enabled"`
-	DialTimeout          uint32   `toml:"dial_timeout"`
-	CdhApiTimeout        uint32   `toml:"cdh_api_timeout"`
-	LaunchProcessTimeout uint32   `toml:"launch_process_timeout"`
+	KernelModules       []string `toml:"kernel_modules"`
+	Debug               bool     `toml:"enable_debug"`
+	Tracing             bool     `toml:"enable_tracing"`
+	DebugConsoleEnabled bool     `toml:"debug_console_enabled"`
+	DialTimeout         uint32   `toml:"dial_timeout"`
+	CdhApiTimeout       uint32   `toml:"cdh_api_timeout"`
 }
 
 func (orig *tomlConfig) Clone() tomlConfig {
@@ -799,10 +798,6 @@ func (a agent) cdhApiTimout() uint32 {
 	return a.CdhApiTimeout
 }
 
-func (a agent) launchProcessTimeout() uint32 {
-	return a.LaunchProcessTimeout
-}
-
 func (a agent) debug() bool {
 	return a.Debug
 }
@@ -1469,14 +1464,13 @@ func updateRuntimeConfigHypervisor(configPath string, tomlConf tomlConfig, confi
 func updateRuntimeConfigAgent(configPath string, tomlConf tomlConfig, config *oci.RuntimeConfig) error {
 	for _, agent := range tomlConf.Agent {
 		config.AgentConfig = vc.KataAgentConfig{
-			LongLiveConn:         true,
-			Debug:                agent.debug(),
-			Trace:                agent.trace(),
-			KernelModules:        agent.kernelModules(),
-			EnableDebugConsole:   agent.debugConsoleEnabled(),
-			DialTimeout:          agent.dialTimout(),
-			CdhApiTimeout:        agent.cdhApiTimout(),
-			LaunchProcessTimeout: agent.launchProcessTimeout(),
+			LongLiveConn:       true,
+			Debug:              agent.debug(),
+			Trace:              agent.trace(),
+			KernelModules:      agent.kernelModules(),
+			EnableDebugConsole: agent.debugConsoleEnabled(),
+			DialTimeout:        agent.dialTimout(),
+			CdhApiTimeout:      agent.cdhApiTimout(),
 		}
 	}
 

src/runtime/virtcontainers/kata_agent.go

@@ -292,16 +292,15 @@ func ephemeralPath() string {
 // KataAgentConfig is a structure storing information needed
 // to reach the Kata Containers agent.
 type KataAgentConfig struct {
-	KernelModules        []string
-	ContainerPipeSize    uint32
-	DialTimeout          uint32
-	CdhApiTimeout        uint32
-	LaunchProcessTimeout uint32
-	LongLiveConn         bool
-	Debug                bool
-	Trace                bool
-	EnableDebugConsole   bool
-	Policy               string
+	KernelModules      []string
+	ContainerPipeSize  uint32
+	DialTimeout        uint32
+	CdhApiTimeout      uint32
+	LongLiveConn       bool
+	Debug              bool
+	Trace              bool
+	EnableDebugConsole bool
+	Policy             string
 }
 
 // KataAgentState is the structure describing the data stored from this
@@ -367,11 +366,6 @@ func KataAgentKernelParams(config KataAgentConfig) []Param {
 		params = append(params, Param{Key: vcAnnotations.CdhApiTimeoutKernelParam, Value: cdhApiTimeout})
 	}
 
-	if config.LaunchProcessTimeout > 0 {
-		launchProcessTimeout := strconv.FormatUint(uint64(config.LaunchProcessTimeout), 10)
-		params = append(params, Param{Key: vcAnnotations.LaunchProcessTimeoutKernelParam, Value: launchProcessTimeout})
-	}
-
 	return params
 }
 

src/runtime/virtcontainers/kata_agent_test.go

@@ -1083,56 +1083,47 @@ func TestKataAgentKernelParams(t *testing.T) {
 
 	// nolint: govet
 	type testData struct {
-		debug                bool
-		trace                bool
-		containerPipeSize    uint32
-		launchProcessTimeout uint32
-		expectedParams       []Param
+		debug             bool
+		trace             bool
+		containerPipeSize uint32
+		expectedParams    []Param
 	}
 
 	debugParam := Param{Key: "agent.log", Value: "debug"}
 	traceParam := Param{Key: "agent.trace", Value: "true"}
 
 	containerPipeSizeParam := Param{Key: vcAnnotations.ContainerPipeSizeKernelParam, Value: "2097152"}
-	launchProcessTimeoutParam := Param{Key: vcAnnotations.LaunchProcessTimeoutKernelParam, Value: "60"}
 
 	data := []testData{
-		{false, false, 0, 0, []Param{}},
+		{false, false, 0, []Param{}},
 
 		// Debug
-		{true, false, 0, 0, []Param{debugParam}},
+		{true, false, 0, []Param{debugParam}},
 
 		// Tracing
-		{false, true, 0, 0, []Param{traceParam}},
+		{false, true, 0, []Param{traceParam}},
 
 		// Debug + Tracing
-		{true, true, 0, 0, []Param{debugParam, traceParam}},
+		{true, true, 0, []Param{debugParam, traceParam}},
 
 		// pipesize
-		{false, false, 2097152, 0, []Param{containerPipeSizeParam}},
+		{false, false, 2097152, []Param{containerPipeSizeParam}},
 
 		// Debug + pipesize
-		{true, false, 2097152, 0, []Param{debugParam, containerPipeSizeParam}},
+		{true, false, 2097152, []Param{debugParam, containerPipeSizeParam}},
 
 		// Tracing + pipesize
-		{false, true, 2097152, 0, []Param{traceParam, containerPipeSizeParam}},
+		{false, true, 2097152, []Param{traceParam, containerPipeSizeParam}},
 
 		// Debug + Tracing + pipesize
-		{true, true, 2097152, 0, []Param{debugParam, traceParam, containerPipeSizeParam}},
-
-		// LaunchProcessTimeout
-		{false, false, 0, 60, []Param{launchProcessTimeoutParam}},
-
-		// Debug + LaunchProcessTimeout
-		{true, false, 0, 60, []Param{debugParam, launchProcessTimeoutParam}},
+		{true, true, 2097152, []Param{debugParam, traceParam, containerPipeSizeParam}},
 	}
 
 	for i, d := range data {
 		config := KataAgentConfig{
-			Debug:                d.debug,
-			Trace:                d.trace,
-			ContainerPipeSize:    d.containerPipeSize,
-			LaunchProcessTimeout: d.launchProcessTimeout,
+			Debug:             d.debug,
+			Trace:             d.trace,
+			ContainerPipeSize: d.containerPipeSize,
 		}
 
 		count := len(d.expectedParams)

src/runtime/virtcontainers/pkg/agent/protocols/grpc/agent.pb.go

@@ -3411,7 +3411,7 @@ type Storage struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Driver is used to define the way the storage is passed through the
-	// virtual machine. It can be "blk", or something else, but for
+	// virtual machine. It can be "9p", "blk", or something else, but for
 	// all cases, this will define if some extra steps are required before
 	// this storage gets mounted into the container.
 	Driver string `protobuf:"bytes,1,opt,name=driver,proto3" json:"driver,omitempty"`
@@ -3427,7 +3427,7 @@ type Storage struct {
 	Source string `protobuf:"bytes,3,opt,name=source,proto3" json:"source,omitempty"`
 	// Fstype represents the filesystem that needs to be used to mount the
 	// storage inside the VM. For instance, it could be "xfs" for block
-	// device, or "tmpfs" for shared /dev/shm.
+	// device, "9p" for shared filesystem, or "tmpfs" for shared /dev/shm.
 	Fstype string `protobuf:"bytes,4,opt,name=fstype,proto3" json:"fstype,omitempty"`
 	// Options describes the additional options that might be needed to
 	// mount properly the storage filesystem.

src/runtime/virtcontainers/pkg/annotations/annotations.go

@@ -334,13 +334,11 @@ const (
 	AgentTrace = kataAnnotAgentPrefix + "enable_tracing"
 
 	// AgentContainerPipeSize is an annotation to specify the size of the pipes created for containers
-	AgentContainerPipeSize          = kataAnnotAgentPrefix + ContainerPipeSizeOption
-	ContainerPipeSizeOption         = "container_pipe_size"
-	ContainerPipeSizeKernelParam    = "agent." + ContainerPipeSizeOption
-	CdhApiTimeoutOption             = "cdh_api_timeout"
-	CdhApiTimeoutKernelParam        = "agent." + CdhApiTimeoutOption
-	LaunchProcessTimeoutOption      = "launch_process_timeout"
-	LaunchProcessTimeoutKernelParam = "agent." + LaunchProcessTimeoutOption
+	AgentContainerPipeSize       = kataAnnotAgentPrefix + ContainerPipeSizeOption
+	ContainerPipeSizeOption      = "container_pipe_size"
+	ContainerPipeSizeKernelParam = "agent." + ContainerPipeSizeOption
+	CdhApiTimeoutOption          = "cdh_api_timeout"
+	CdhApiTimeoutKernelParam     = "agent." + CdhApiTimeoutOption
 
 	// Policy is an annotation containing the contents of an agent policy file, base64 encoded.
 	Policy = kataAnnotAgentPrefix + "policy"

src/tools/agent-ctl/Cargo.toml

@@ -41,7 +41,7 @@ serde = { version = "1.0.131", features = ["derive"] }
 serde_json = "1.0.73"
 
 # Image pull/unpack
-image-rs = { git = "https://github.com/confidential-containers/guest-components", rev = "de3f6ff62aa736619b80d99dfca5bc3d2c9a799d", features = [
+image-rs = { git = "https://github.com/confidential-containers/guest-components", tag = "v0.18.0", features = [
     "oci-client-rustls",
     "signature-cosign-rustls",
 ] }

versions.yaml

@@ -292,7 +292,7 @@ externals:
   coco-guest-components:
     description: "Provides attested key unwrapping for image decryption"
     url: "https://github.com/confidential-containers/guest-components/"
-    version: "de3f6ff62aa736619b80d99dfca5bc3d2c9a799d"
+    version: "30b552e7841b10e656fa28cf643ed25b9d45e33f"
     toolchain: "1.90.0"
 
   coco-trustee: