kata-containers: sync 2203 patches to 2203-Next

Signed-off-by: holyfei <yangfeiyu20092010@163.com> Signed-off-by: Vanient <xiadanni1@huawei.com>
2022-09-03 16:48:04 +08:00 · 2022-09-03 16:48:04 +08:00 · 3d7d4b6434
commit 3d7d4b6434
parent b61a6879e1
5 changed files with 195 additions and 1 deletions
--- a/kata-containers.spec
+++ b/kata-containers.spec
@ -2,7 +2,7 @@
 %global debug_package %{nil}

 %define VERSION 1.11.1
-%define RELEASE 19
+%define RELEASE 23

 Name:           kata-containers
 Version:        %{VERSION}
@ -61,6 +61,11 @@ make proxy
 make shim
 make initrd
 cp -f ./runtime/containerd-shim-kata-v2 ./build/
+%ifarch %{ix86} x86_64
+sed -i 's/^hypervisor_params.*$/hypervisor_params = \"\"/' ./runtime/cli/config/configuration-qemu.toml
+%else
+sed -i 's/^hypervisor_params.*$/hypervisor_params = \"kvm-pit.lost_tick_policy=discard pcie-root-port.x-speed=16 pcie-root-port.x-width=32\"/' ./runtime/cli/config/configuration-qemu.toml
+%endif

 %install
 mkdir -p -m 755  %{buildroot}/var/lib/kata
@ -93,6 +98,30 @@ install -p -m 640 -D ./runtime/cli/config/configuration-qemu.toml %{buildroot}/u
 %doc

 %changelog
+* Thu Mar 3 2022 yangfeiyu <yangfeiyu2@huawei.com> - 1.11.1-23
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:modify runtime build flags
+
+* Mon Feb 28 2022 yangfeiyu <yangfeiyu2@huawei.com> - 1.11.1-22
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:use host_device drive when call blockdev-add
+
+* Fri Feb 25 2022 yangfeiyu <yangfeiyu2@huawei.com> - 1.11.1-21
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:modify hypervisor parameters in config file
+
+* Mon Feb 21 2022 yangfeiyu <yangfeiyu2@huawei.com> - 1.11.1-20
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:check file size before add nic
+
 * Fri Jan 7 2022 yangfeiyu <yangfeiyu2@huawei.com> - 1.11.1-19
 - Type:bugfix
 - ID:NA
--- a/runtime/patches/0076-kata-containers-check-file-size-before-creating-cont.patch
+++ b/runtime/patches/0076-kata-containers-check-file-size-before-creating-cont.patch
@ -0,0 +1,91 @@
+From e0fdf20e84cf8c31eab33c562cefd943a6656215 Mon Sep 17 00:00:00 2001
+From: holyfei <yangfeiyu20092010@163.com>
+Date: Mon, 21 Feb 2022 09:58:04 +0800
+Subject: [PATCH] kata-runtime: check file size before creating container and
+ doing network operation
+
+reason: check file size before creating container and doing network operation
+
+Signed-off-by: holyfei <yangfeiyu20092010@163.com>
+---
+ cli/network.go                | 9 +++++++++
+ pkg/katautils/config.go       | 9 +++++++++
+ virtcontainers/utils/utils.go | 3 +++
+ 3 files changed, 21 insertions(+)
+
+diff --git a/cli/network.go b/cli/network.go
+index 7dce052..9d3a6dc 100644
+--- a/cli/network.go
+++ b/cli/network.go
+@@ -8,11 +8,13 @@ package main
+ import (
+ 	"context"
+ 	"encoding/json"
+	"errors"
+ 	"fmt"
+ 	"os"
+ 
+ 	vcTypes "github.com/kata-containers/runtime/virtcontainers/pkg/types"
+ 	"github.com/kata-containers/runtime/virtcontainers/types"
+	"github.com/kata-containers/runtime/virtcontainers/utils"
+ 	"github.com/sirupsen/logrus"
+ 	"github.com/urfave/cli"
+ )
+@@ -261,6 +263,13 @@ func networkModifyCommand(ctx context.Context, containerID, input string, opType
+ 	if input == "-" {
+ 		f = os.Stdin
+ 	} else {
+		st, err := os.Lstat(input)
+		if err != nil {
+			return err
+		}
+		if st.Size() > utils.MaxFileSize {
+			return errors.New("network file too big")
+		}
+ 		f, err = os.Open(input)
+ 		if err != nil {
+ 			return err
+diff --git a/pkg/katautils/config.go b/pkg/katautils/config.go
+index fd7f5eb..b0d8f71 100644
+--- a/pkg/katautils/config.go
+++ b/pkg/katautils/config.go
+@@ -10,6 +10,7 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"io/ioutil"
+	"os"
+ 	"path/filepath"
+ 	"strings"
+ 
+@@ -1291,6 +1292,14 @@ func decodeConfig(configPath string) (tomlConfig, string, error) {
+ 		return tomlConf, "", fmt.Errorf("Cannot find usable config file (%v)", err)
+ 	}
+ 
+	st, err := os.Lstat(resolved)
+	if err != nil {
+		return tomlConf, resolved, err
+	}
+	if st.Size() > utils.MaxFileSize {
+		return tomlConf, resolved, errors.New("config file too big")
+	}
+
+ 	configData, err := ioutil.ReadFile(resolved)
+ 	if err != nil {
+ 		return tomlConf, resolved, err
+diff --git a/virtcontainers/utils/utils.go b/virtcontainers/utils/utils.go
+index d4dad40..04b6bce 100644
+--- a/virtcontainers/utils/utils.go
+++ b/virtcontainers/utils/utils.go
+@@ -41,6 +41,9 @@ const (
+ 	// Max support memory size in the Kata VM
+ 	MaxMemorySizeInMB   = 512 * 1024
+ 	MaxMemorySizeInByte = MaxMemorySizeInMB << MibToBytesShift
+
+	// Max file size for config and network json file
+	MaxFileSize = 1 * 1024 * 1024
+ )
+ 
+ // MaxSocketPathLen is the effective maximum Unix domain socket length.
+-- 
+2.27.0
+
--- a/runtime/patches/0077-kata-containers-use-host_device-drive-when-call-bloc.patch
+++ b/runtime/patches/0077-kata-containers-use-host_device-drive-when-call-bloc.patch
@ -0,0 +1,41 @@
+From 17cb805ec270d069f46e4138fc039d714cb381f1 Mon Sep 17 00:00:00 2001
+From: holyfei <yangfeiyu20092010@163.com>
+Date: Mon, 28 Feb 2022 10:22:40 +0800
+Subject: [PATCH] kata-containers: use host_device drive when call blockdev-add
+
+reason: use host_device drive when call blockdev-add
+
+Signed-off-by: holyfei <yangfeiyu20092010@163.com>
+---
+ vendor/github.com/intel/govmm/qemu/qmp.go | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/vendor/github.com/intel/govmm/qemu/qmp.go b/vendor/github.com/intel/govmm/qemu/qmp.go
+index 0cb82ff..1d6d9c6 100644
+--- a/vendor/github.com/intel/govmm/qemu/qmp.go
+++ b/vendor/github.com/intel/govmm/qemu/qmp.go
+@@ -781,7 +781,7 @@ func (q *QMP) blockdevAddBaseArgs(device, blockdevID string) (map[string]interfa
+ 	blockdevArgs := map[string]interface{}{
+ 		"driver": "raw",
+ 		"file": map[string]interface{}{
+-			"driver":   "file",
+			"driver":   "host_device",
+ 			"filename": device,
+ 		},
+ 	}
+@@ -972,9 +972,9 @@ func (q *QMP) ExecuteNetdevAdd(ctx context.Context, netdevType, netdevID, ifname
+ // Must be valid QMP identifier.
+ func (q *QMP) ExecuteNetdevChardevAdd(ctx context.Context, netdevType, netdevID, chardev string, vhostforce bool, queues int) error {
+ 	args := map[string]interface{}{
+-		"type":    netdevType,
+-		"id":      netdevID,
+-		"chardev": chardev,
+		"type":       netdevType,
+		"id":         netdevID,
+		"chardev":    chardev,
+ 		"vhostforce": vhostforce,
+ 	}
+ 	if queues > 1 {
+-- 
+2.27.0
+
--- a/runtime/patches/0078-kata-runtime-modify-build-flags-for-containerd-kata-.patch
+++ b/runtime/patches/0078-kata-runtime-modify-build-flags-for-containerd-kata-.patch
@ -0,0 +1,30 @@
+From a6e9215b77ee3e6d912b47dd70c219c0f5547ea2 Mon Sep 17 00:00:00 2001
+From: holyfei <yangfeiyu20092010@163.com>
+Date: Thu, 3 Mar 2022 14:36:23 +0800
+Subject: [PATCH] kata-runtime: modify build flags for containerd-kata-shimv2
+
+Signed-off-by: holyfei <yangfeiyu20092010@163.com>
+---
+ Makefile | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 9957db9..b71abbf 100644
+--- a/Makefile
+++ b/Makefile
+@@ -571,7 +571,11 @@ $(TARGET_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary
+ 	go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ -ldflags "-linkmode=external" .)
+ 
+ $(SHIMV2_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST)
+-	$(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && go build $(KATA_LDFLAGS) -i -o $@ .)
+	$(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && \
+	CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+	CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \
+	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+	go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ -ldflags "-linkmode=external" .)
+ 
+ .PHONY: \
+ 	check \
+-- 
+1.8.3.1
+
--- a/runtime/series.conf
+++ b/runtime/series.conf
@ -73,3 +73,6 @@
 0073-write-exit-code-in-integer-byte-order.patch
 0074-add-timeout-for-grpcWaitProcessRequest.patch
 0075-move-waitProcess-timeout-to-stop-process.patch
+0076-kata-containers-check-file-size-before-creating-cont.patch
+0077-kata-containers-use-host_device-drive-when-call-bloc.patch
+0078-kata-runtime-modify-build-flags-for-containerd-kata-.patch