mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-01 22:50:54 +00:00
Make cpuTopology() NUMA-aware by accepting a numNUMANodes parameter. When multiple NUMA nodes are configured, restructure the SMP topology so that Sockets=numNUMA and Cores=ceil(maxvcpus/numNUMA), grouping vCPUs by socket per NUMA node. Use ceiling division so that uneven vCPU counts (e.g. the +1 VMM overhead vCPU that Kata adds) produce a QEMU-valid SMP topology where MaxCPUs == Sockets * Cores * Threads. When numNUMANodes <= 1, the existing flat topology (Sockets=maxvcpus, Cores=1) is preserved. Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com> Signed-off-by: Zvonko Kaiser <zkaiser@nvidia.com>
72 lines
1.9 KiB
Go
72 lines
1.9 KiB
Go
// Copyright (c) 2022 Apple Inc.
|
|
//
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
//
|
|
|
|
package virtcontainers
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/kata-containers/kata-containers/src/runtime/pkg/device/config"
|
|
)
|
|
|
|
func validateHypervisorConfig(conf *HypervisorConfig) error {
|
|
|
|
if conf.RemoteHypervisorSocket != "" {
|
|
return nil
|
|
}
|
|
|
|
if conf.KernelPath == "" {
|
|
return fmt.Errorf("Missing kernel path")
|
|
}
|
|
|
|
if conf.ConfidentialGuest && conf.HypervisorMachineType == QemuCCWVirtio {
|
|
if conf.ImagePath != "" || conf.InitrdPath != "" {
|
|
fmt.Println("yes, failing")
|
|
return fmt.Errorf("Neither the image or initrd path may be set for Secure Execution")
|
|
}
|
|
} else if conf.ImagePath == "" && conf.InitrdPath == "" {
|
|
return fmt.Errorf("Missing image and initrd path")
|
|
} else if conf.ImagePath != "" && conf.InitrdPath != "" {
|
|
return fmt.Errorf("Image and initrd path cannot be both set")
|
|
}
|
|
|
|
if err := conf.CheckTemplateConfig(); err != nil {
|
|
return err
|
|
}
|
|
|
|
if conf.NumVCPUsF == 0 {
|
|
conf.NumVCPUsF = defaultVCPUs
|
|
}
|
|
|
|
if conf.MemorySize == 0 {
|
|
conf.MemorySize = defaultMemSzMiB
|
|
}
|
|
|
|
if conf.DefaultBridges == 0 {
|
|
conf.DefaultBridges = defaultBridges
|
|
}
|
|
|
|
if conf.BlockDeviceDriver == "" {
|
|
conf.BlockDeviceDriver = defaultBlockDriver
|
|
} else if conf.BlockDeviceDriver == config.VirtioBlock && conf.HypervisorMachineType == QemuCCWVirtio {
|
|
conf.BlockDeviceDriver = config.VirtioBlockCCW
|
|
}
|
|
|
|
// CoCo guest hardening: virtio-mmio is not hardened for confidential computing.
|
|
if conf.ConfidentialGuest && conf.BlockDeviceDriver == config.VirtioMmio {
|
|
return fmt.Errorf("confidential guests must not use virtio-mmio (use virtio-blk-pci); virtio-mmio is not hardened for CoCo")
|
|
}
|
|
|
|
if conf.DefaultMaxVCPUs == 0 || conf.DefaultMaxVCPUs > defaultMaxVCPUs {
|
|
conf.DefaultMaxVCPUs = defaultMaxVCPUs
|
|
}
|
|
|
|
if conf.Msize9p == 0 && conf.SharedFS != config.VirtioFS {
|
|
conf.Msize9p = defaultMsize9p
|
|
}
|
|
|
|
return nil
|
|
}
|