Merge pull request #3055 from amshinde/stable-1.11-backports

Stable 1.11 backports

.gitignore

@@ -11,6 +11,7 @@
 /cli/config/configuration-qemu-virtiofs.toml
 /cli/config/configuration-clh.toml
 /cli/config-generated.go
+/cli/containerd-shim-kata-v2/config-generated.go
 /cli/coverage.html
 /containerd-shim-kata-v2
 /data/kata-collect-data.sh

cli/delete.go

@@ -10,6 +10,7 @@ import (
 	"context"
 	"fmt"
 	"os"
+	"syscall"
 
 	"github.com/kata-containers/runtime/pkg/katautils"
 	vc "github.com/kata-containers/runtime/virtcontainers"
@@ -75,6 +76,11 @@ func delete(ctx context.Context, containerID string, force bool) error {
 			kataLog.Warnf("Failed to get container, force will not fail: %s", err)
 			return nil
 		}
+		if err.Error() == syscall.ENOENT.Error() {
+			kataLog.WithField("container", containerID).Info("skipping delete as container does not exist")
+			katautils.DelContainerIDMapping(ctx, containerID)
+			return nil
+		}
 		return err
 	}
 

cli/kill.go

@@ -108,8 +108,11 @@ func kill(ctx context.Context, containerID, signal string, all bool) error {
 
 	// Checks the MUST and MUST NOT from OCI runtime specification
 	status, sandboxID, err := getExistingContainerInfo(ctx, containerID)
-
 	if err != nil {
+		if err.Error() == syscall.ENOENT.Error() {
+			kataLog.WithField("container", containerID).Info("skipping kill as container does not exist")
+			return nil
+		}
 		return err
 	}
 

virtcontainers/hypervisor.go

@@ -578,11 +578,6 @@ func (conf *HypervisorConfig) HypervisorCtlAssetPath() (string, error) {
 	return conf.assetPath(types.HypervisorCtlAsset)
 }
 
-// JailerAssetPath returns the VM Jailer path
-func (conf *HypervisorConfig) JailerAssetPath() (string, error) {
-	return conf.assetPath(types.JailerAsset)
-}
-
 // CustomHypervisorAsset returns true if the hypervisor asset is a custom one, false otherwise.
 func (conf *HypervisorConfig) CustomHypervisorAsset() bool {
 	return conf.isCustomAsset(types.HypervisorAsset)
@@ -593,11 +588,6 @@ func (conf *HypervisorConfig) FirmwareAssetPath() (string, error) {
 	return conf.assetPath(types.FirmwareAsset)
 }
 
-// CustomFirmwareAsset returns true if the firmware asset is a custom one, false otherwise.
-func (conf *HypervisorConfig) CustomFirmwareAsset() bool {
-	return conf.isCustomAsset(types.FirmwareAsset)
-}
-
 func appendParam(params []Param, parameter string, value string) []Param {
 	return append(params, Param{parameter, value})
 }

virtcontainers/hypervisor_test.go

@@ -456,3 +456,41 @@ func TestGenerateVMSocket(t *testing.T) {
 	assert.NotZero(vsock.ContextID)
 	assert.NotZero(vsock.Port)
 }
+
+func TestAssetPath(t *testing.T) {
+	assert := assert.New(t)
+
+	// Minimal config containing values for all asset annotation options.
+	// The values are "paths" (start with a slash), but end with the
+	// annotation name.
+	cfg := HypervisorConfig{
+		HypervisorPath:    "/" + "io.katacontainers.config.hypervisor.path",
+		HypervisorCtlPath: "/" + "io.katacontainers.config.hypervisor.ctlpath",
+
+		KernelPath: "/" + "io.katacontainers.config.hypervisor.kernel",
+
+		ImagePath:  "/" + "io.katacontainers.config.hypervisor.image",
+		InitrdPath: "/" + "io.katacontainers.config.hypervisor.initrd",
+
+		FirmwarePath: "/" + "io.katacontainers.config.hypervisor.firmware",
+		JailerPath:   "/" + "io.katacontainers.config.hypervisor.jailer_path",
+	}
+
+	for _, asset := range types.AssetTypes() {
+		msg := fmt.Sprintf("asset: %v", asset)
+
+		annoPath, annoHash, err := asset.Annotations()
+		assert.NoError(err, msg)
+
+		msg += fmt.Sprintf(", annotation path: %v, annotation hash: %v", annoPath, annoHash)
+
+		p, err := cfg.assetPath(asset)
+		assert.NoError(err, msg)
+
+		assert.NotEqual(p, annoPath, msg)
+		assert.NotEqual(p, annoHash, msg)
+
+		expected := fmt.Sprintf("/%s", annoPath)
+		assert.Equal(expected, p, msg)
+	}
+}

virtcontainers/pkg/annotations/annotations.go

@@ -41,6 +41,9 @@ const (
 	// HypervisorPath is a sandbox annotation for passing a per container path pointing at the hypervisor that will run the container VM.
 	HypervisorPath = kataAnnotHypervisorPrefix + "path"
 
+	// HypervisorCtlPath is a sandbox annotation for passing a per container path pointing at the hypervisor control binary that will run the container VM.
+	HypervisorCtlPath = kataAnnotHypervisorPrefix + "ctlpath"
+
 	// JailerPath is a sandbox annotation for passing a per container path pointing at the jailer that will constrain the container VM.
 	JailerPath = kataAnnotHypervisorPrefix + "jailer_path"
 
@@ -59,6 +62,9 @@ const (
 	// HypervisorHash is an sandbox annotation for passing a container hypervisor binary SHA-512 hash value.
 	HypervisorHash = kataAnnotHypervisorPrefix + "hypervisor_hash"
 
+	// HypervisorCtlHash is a sandbox annotation for passing a container hypervisor control binary SHA-512 hash value.
+	HypervisorCtlHash = kataAnnotHypervisorPrefix + "hypervisorctl_hash"
+
 	// JailerHash is an sandbox annotation for passing a jailer binary SHA-512 hash value.
 	JailerHash = kataAnnotHypervisorPrefix + "jailer_hash"
 

virtcontainers/pkg/oci/utils.go

@@ -335,7 +335,11 @@ func SandboxID(spec specs.Spec) (string, error) {
 }
 
 func addAnnotations(ocispec specs.Spec, config *vc.SandboxConfig) error {
-	addAssetAnnotations(ocispec, config)
+	err := addAssetAnnotations(ocispec, config)
+	if err != nil {
+		return err
+	}
+
 	if err := addHypervisorConfigOverrides(ocispec, config); err != nil {
 		return err
 	}
@@ -350,17 +354,10 @@ func addAnnotations(ocispec specs.Spec, config *vc.SandboxConfig) error {
 	return nil
 }
 
-func addAssetAnnotations(ocispec specs.Spec, config *vc.SandboxConfig) {
-	assetAnnotations := []string{
-		vcAnnotations.KernelPath,
-		vcAnnotations.ImagePath,
-		vcAnnotations.InitrdPath,
-		vcAnnotations.FirmwarePath,
-		vcAnnotations.KernelHash,
-		vcAnnotations.ImageHash,
-		vcAnnotations.InitrdHash,
-		vcAnnotations.FirmwareHash,
-		vcAnnotations.AssetHashType,
+func addAssetAnnotations(ocispec specs.Spec, config *vc.SandboxConfig) error {
+	assetAnnotations, err := types.AssetAnnotations()
+	if err != nil {
+		return err
 	}
 
 	for _, a := range assetAnnotations {
@@ -371,6 +368,8 @@ func addAssetAnnotations(ocispec specs.Spec, config *vc.SandboxConfig) {
 
 		config.Annotations[a] = value
 	}
+
+	return nil
 }
 
 func addHypervisorConfigOverrides(ocispec specs.Spec, config *vc.SandboxConfig) error {

virtcontainers/pkg/oci/utils_test.go

@@ -665,12 +665,26 @@ func TestAddAssetAnnotations(t *testing.T) {
 	assert := assert.New(t)
 
 	expectedAnnotations := map[string]string{
-		vcAnnotations.KernelPath:    "/abc/rgb/kernel",
-		vcAnnotations.ImagePath:     "/abc/rgb/image",
-		vcAnnotations.InitrdPath:    "/abc/rgb/initrd",
-		vcAnnotations.KernelHash:    "3l2353we871g",
-		vcAnnotations.ImageHash:     "52ss2550983",
-		vcAnnotations.AssetHashType: "sha",
+		vcAnnotations.FirmwarePath: "/some/where",
+		vcAnnotations.FirmwareHash: "ffff",
+
+		vcAnnotations.HypervisorPath: "/some/where",
+		vcAnnotations.HypervisorHash: "bbbbb",
+
+		vcAnnotations.HypervisorCtlPath: "/some/where/else",
+		vcAnnotations.HypervisorCtlHash: "cc",
+
+		vcAnnotations.ImagePath: "/abc/rgb/image",
+		vcAnnotations.ImageHash: "52ss2550983",
+
+		vcAnnotations.InitrdPath: "/abc/rgb/initrd",
+		vcAnnotations.InitrdHash: "aaaa",
+
+		vcAnnotations.JailerPath: "/foo/bar",
+		vcAnnotations.JailerHash: "dddd",
+
+		vcAnnotations.KernelPath: "/abc/rgb/kernel",
+		vcAnnotations.KernelHash: "3l2353we871g",
 	}
 
 	config := vc.SandboxConfig{

virtcontainers/qemu.go

@@ -1965,7 +1965,7 @@ func genericBridges(number uint32, machineType string) []types.Bridge {
 	case QemuPC:
 		bt = types.PCI
 	case QemuVirt:
-		bt = types.PCIE
+		bt = types.PCI
 	case QemuPseries:
 		bt = types.PCI
 	case QemuCCWVirtio:

virtcontainers/qemu_arm64_test.go

@@ -119,7 +119,7 @@ func TestQemuArm64AppendBridges(t *testing.T) {
 
 	expectedOut := []govmmQemu.Device{
 		govmmQemu.BridgeDevice{
-			Type:    govmmQemu.PCIEBridge,
+			Type:    govmmQemu.PCIBridge,
 			Bus:     defaultBridgeBus,
 			ID:      bridges[0].ID,
 			Chassis: 1,

virtcontainers/sandbox.go

@@ -416,31 +416,24 @@ func createAssets(ctx context.Context, sandboxConfig *SandboxConfig) error {
 	span, _ := trace(ctx, "createAssets")
 	defer span.Finish()
 
-	kernel, err := types.NewAsset(sandboxConfig.Annotations, types.KernelAsset)
-	if err != nil {
-		return err
-	}
+	for _, name := range types.AssetTypes() {
+		a, err := types.NewAsset(sandboxConfig.Annotations, name)
+		if err != nil {
+			return err
+		}
 
-	image, err := types.NewAsset(sandboxConfig.Annotations, types.ImageAsset)
-	if err != nil {
-		return err
+		if err := sandboxConfig.HypervisorConfig.addCustomAsset(a); err != nil {
+			return err
+		}
 	}
 
-	initrd, err := types.NewAsset(sandboxConfig.Annotations, types.InitrdAsset)
-	if err != nil {
-		return err
-	}
+	_, imageErr := sandboxConfig.HypervisorConfig.assetPath(types.ImageAsset)
+	_, initrdErr := sandboxConfig.HypervisorConfig.assetPath(types.InitrdAsset)
 
-	if image != nil && initrd != nil {
+	if imageErr != nil && initrdErr != nil {
 		return fmt.Errorf("%s and %s cannot be both set", types.ImageAsset, types.InitrdAsset)
 	}
 
-	for _, a := range []*types.Asset{kernel, image, initrd} {
-		if err := sandboxConfig.HypervisorConfig.addCustomAsset(a); err != nil {
-			return err
-		}
-	}
-
 	return nil
 }