mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-04-10 22:12:35 +00:00
504101d77a
Implement GPU passthrough for runtime-rs by cold-plugging VFIO devices into the QEMU command line before the VM boots. When cold_plug_vfio is enabled, the sandbox queries the kubelet Pod Resources API to discover which GPU devices have been assigned to the pod, resolves their host PCI addresses and IOMMU groups through sysfs, and passes them to QEMU as vfio-pci devices on dedicated PCIe root ports. The implementation adds a full VFIO device driver (discovery, topology placement, QEMU parameter generation, and QMP integration), extends the PCIe topology to allocate root ports for cold-plugged devices, and wires CDI device specs from the container runtime through the resource manager into the hypervisor layer. This also adapts the dragonball VFIO DMA mapping calls to the current vfio-ioctls API signatures, and handles iommufd cdev paths alongside legacy VFIO group paths for CDI compatibility. Signed-off-by: Alex Lyn <alex.lyn@antgroup.com> Co-authored-by: Fabiano Fidêncio <ffidencio@nvidia.com> Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
195 lines
6.0 KiB
TOML
195 lines
6.0 KiB
TOML
[workspace.package]
|
|
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
|
|
edition = "2018"
|
|
license = "Apache-2.0"
|
|
rust-version = "1.88"
|
|
|
|
[workspace]
|
|
members = [
|
|
# libs
|
|
"src/libs/kata-sys-util",
|
|
"src/libs/kata-types",
|
|
"src/libs/logging",
|
|
"src/libs/mem-agent",
|
|
"src/libs/pod-resources-rs",
|
|
"src/libs/protocols",
|
|
"src/libs/runtime-spec",
|
|
"src/libs/safe-path",
|
|
"src/libs/shim-interface",
|
|
"src/libs/test-utils",
|
|
|
|
# kata-agent
|
|
"src/agent",
|
|
"src/agent/rustjail",
|
|
"src/agent/policy",
|
|
"src/agent/vsock-exporter",
|
|
|
|
# Dragonball
|
|
"src/dragonball",
|
|
"src/dragonball/dbs_acpi",
|
|
"src/dragonball/dbs_address_space",
|
|
"src/dragonball/dbs_allocator",
|
|
"src/dragonball/dbs_arch",
|
|
"src/dragonball/dbs_boot",
|
|
"src/dragonball/dbs_device",
|
|
"src/dragonball/dbs_interrupt",
|
|
"src/dragonball/dbs_legacy_devices",
|
|
"src/dragonball/dbs_pci",
|
|
"src/dragonball/dbs_tdx",
|
|
"src/dragonball/dbs_upcall",
|
|
"src/dragonball/dbs_utils",
|
|
"src/dragonball/dbs_virtio_devices",
|
|
|
|
# genpolicy
|
|
"src/tools/genpolicy",
|
|
|
|
# kata-deploy (Kubernetes installer binary)
|
|
"tools/packaging/kata-deploy/binary",
|
|
|
|
# runtime-rs
|
|
"src/runtime-rs",
|
|
"src/runtime-rs/crates/agent",
|
|
"src/runtime-rs/crates/hypervisor",
|
|
"src/runtime-rs/crates/persist",
|
|
"src/runtime-rs/crates/resource",
|
|
"src/runtime-rs/crates/runtimes",
|
|
"src/runtime-rs/crates/service",
|
|
"src/runtime-rs/crates/shim",
|
|
"src/runtime-rs/crates/shim-ctl",
|
|
"src/runtime-rs/tests/utils",
|
|
]
|
|
resolver = "2"
|
|
|
|
# TODO: Add all excluded crates to root workspace
|
|
exclude = [
|
|
"src/tools",
|
|
|
|
# We are cloning and building rust packages under
|
|
# "tools/packaging/kata-deploy/local-build/build" folder, which may mislead
|
|
# those packages to think they are part of the kata root workspace
|
|
"tools/packaging/kata-deploy/local-build/build",
|
|
]
|
|
|
|
[workspace.dependencies]
|
|
# Rust-VMM crates
|
|
event-manager = "0.4.0"
|
|
kvm-bindings = "0.14.0"
|
|
kvm-ioctls = "0.24.0"
|
|
linux-loader = "0.13.0"
|
|
seccompiler = "0.5.0"
|
|
vfio-bindings = "0.6.2"
|
|
vfio-ioctls = "0.6.0"
|
|
virtio-bindings = "0.2.0"
|
|
virtio-queue = "0.17.0"
|
|
vm-fdt = "0.3.0"
|
|
vm-memory = "=0.17.1"
|
|
vm-superio = "0.8.0"
|
|
vmm-sys-util = "0.15.0"
|
|
|
|
# Local dependencies from Dragonball Sandbox crates
|
|
dragonball = { path = "src/dragonball" }
|
|
dbs-acpi = { path = "src/dragonball/dbs_acpi" }
|
|
dbs-address-space = { path = "src/dragonball/dbs_address_space" }
|
|
dbs-allocator = { path = "src/dragonball/dbs_allocator" }
|
|
dbs-arch = { path = "src/dragonball/dbs_arch" }
|
|
dbs-boot = { path = "src/dragonball/dbs_boot" }
|
|
dbs-device = { path = "src/dragonball/dbs_device" }
|
|
dbs-interrupt = { path = "src/dragonball/dbs_interrupt" }
|
|
dbs-legacy-devices = { path = "src/dragonball/dbs_legacy_devices" }
|
|
dbs-pci = { path = "src/dragonball/dbs_pci" }
|
|
dbs-tdx = { path = "src/dragonball/dbs_tdx" }
|
|
dbs-upcall = { path = "src/dragonball/dbs_upcall" }
|
|
dbs-utils = { path = "src/dragonball/dbs_utils" }
|
|
dbs-virtio-devices = { path = "src/dragonball/dbs_virtio_devices" }
|
|
|
|
# Local dependencies from runtime-rs
|
|
agent = { path = "src/runtime-rs/crates/agent" }
|
|
hypervisor = { path = "src/runtime-rs/crates/hypervisor" }
|
|
persist = { path = "src/runtime-rs/crates/persist" }
|
|
resource = { path = "src/runtime-rs/crates/resource" }
|
|
runtimes = { path = "src/runtime-rs/crates/runtimes" }
|
|
service = { path = "src/runtime-rs/crates/service" }
|
|
tests_utils = { path = "src/runtime-rs/tests/utils" }
|
|
ch-config = { path = "src/runtime-rs/crates/hypervisor/ch-config" }
|
|
common = { path = "src/runtime-rs/crates/runtimes/common" }
|
|
linux_container = { path = "src/runtime-rs/crates/runtimes/linux_container" }
|
|
virt_container = { path = "src/runtime-rs/crates/runtimes/virt_container" }
|
|
wasm_container = { path = "src/runtime-rs/crates/runtimes/wasm_container" }
|
|
|
|
# Local dependencies from `src/lib`
|
|
kata-sys-util = { path = "src/libs/kata-sys-util" }
|
|
pod-resources-rs = { path = "src/libs/pod-resources-rs" }
|
|
kata-types = { path = "src/libs/kata-types", features = ["safe-path"] }
|
|
logging = { path = "src/libs/logging" }
|
|
mem-agent = { path = "src/libs/mem-agent" }
|
|
protocols = { path = "src/libs/protocols", features = ["async"] }
|
|
runtime-spec = { path = "src/libs/runtime-spec" }
|
|
safe-path = { path = "src/libs/safe-path" }
|
|
shim-interface = { path = "src/libs/shim-interface" }
|
|
test-utils = { path = "src/libs/test-utils" }
|
|
|
|
# Local dependencies from `src/agent`
|
|
kata-agent-policy = { path = "src/agent/policy" }
|
|
rustjail = { path = "src/agent/rustjail" }
|
|
vsock-exporter = { path = "src/agent/vsock-exporter" }
|
|
|
|
# Outside dependencies
|
|
actix-rt = "2.7.0"
|
|
anyhow = "1.0"
|
|
async-recursion = "0.3.2"
|
|
async-trait = "0.1.48"
|
|
capctl = "0.2.0"
|
|
cfg-if = "1.0.0"
|
|
cgroups = { package = "cgroups-rs", git = "https://github.com/kata-containers/cgroups-rs", rev = "v0.3.5" }
|
|
clap = { version = "4.5.40", features = ["derive"] }
|
|
const_format = "0.2.30"
|
|
containerd-shim = { version = "0.10.0", features = ["async"] }
|
|
containerd-shim-protos = { version = "0.10.0", features = ["async"] }
|
|
derivative = "2.2.0"
|
|
futures = "0.3.30"
|
|
go-flag = "0.1.0"
|
|
hyper = "0.14.20"
|
|
hyperlocal = "0.8.0"
|
|
ipnetwork = "0.17.0"
|
|
lazy_static = "1.4"
|
|
libc = "0.2.94"
|
|
log = "0.4.14"
|
|
netlink-packet-core = "0.7.0"
|
|
netlink-packet-route = "0.19.0"
|
|
netlink-sys = { version = "0.7.0", features = ["tokio_socket"] }
|
|
netns-rs = "0.1.0"
|
|
# Note: nix needs to stay sync'd with libs versions
|
|
nix = "0.26.4"
|
|
oci-spec = { version = "0.8.1", features = ["runtime"] }
|
|
opentelemetry = { version = "0.17.0", features = ["rt-tokio"] }
|
|
procfs = "0.12.0"
|
|
prometheus = { version = "0.14.0", features = ["process"] }
|
|
protobuf = "3.7.2"
|
|
rand = "0.8.4"
|
|
regex = "1.10.5"
|
|
rstest = "0.18.0"
|
|
rtnetlink = "0.14.0"
|
|
scan_fmt = "0.2.6"
|
|
scopeguard = "1.0.0"
|
|
serde = { version = "1.0.145", features = ["derive"] }
|
|
serde_json = "1.0.91"
|
|
serial_test = "0.10.0"
|
|
sha2 = "0.10.9"
|
|
slog = "2.5.2"
|
|
slog-scope = "4.4.0"
|
|
slog-stdlog = "4.0.0"
|
|
slog-term = "2.9.0"
|
|
strum = { version = "0.24.0", features = ["derive"] }
|
|
strum_macros = "0.26.2"
|
|
tempfile = "3.19.1"
|
|
thiserror = "1.0.26"
|
|
tokio = "1.46.1"
|
|
tokio-vsock = "0.3.4"
|
|
toml = "0.5.8"
|
|
tracing = "0.1.41"
|
|
tracing-opentelemetry = "0.18.0"
|
|
tracing-subscriber = "0.3.20"
|
|
ttrpc = "0.8.4"
|
|
url = "2.5.4"
|
|
which = "4.3.0"
|