qemu: add cpu_features option

To control whether guest can enable/disable some CPU features. E.g. pmu=off, vmx=off. As discussed in the thread [1], the best approach is to let users specify them. How about adding a new option in the configuration file. Currently this patch only supports this option in qemu,no other vmm. [1] #2559 (comment) Fixes: #2576 Signed-off-by: Jia He <[email protected]>
kata-containers · May 15, 2020 · 0100af1 · 0100af1
1 parent c8bdd58
commit 0100af1
Show file tree

Hide file tree

Showing 10 changed files with 90 additions and 5 deletions.
diff --git a/cli/config/configuration-qemu-virtiofs.toml.in b/cli/config/configuration-qemu-virtiofs.toml.in
@@ -37,6 +37,11 @@ firmware = "@FIRMWAREPATH@"
 # For example, `machine_accelerators = "nosmm,nosmbus,nosata,nopit,static-prt,nofw"`
 machine_accelerators="@MACHINEACCELERATORS@"
 
+# CPU features
+# comma-separated list of cpu features to pass to the cpu
+# For example, `cpu_features = "pmu=off,vmx=off"
+cpu_features="@CPUFEATURES@"
+
 # Default number of vCPUs per SB/VM:
 # unspecified or 0                --> will be set to @DEFVCPUS@
 # < 0                             --> will be set to the actual number of physical cores

diff --git a/cli/config/configuration-qemu.toml.in b/cli/config/configuration-qemu.toml.in
@@ -38,6 +38,11 @@ firmware = "@FIRMWAREPATH@"
 # For example, `machine_accelerators = "nosmm,nosmbus,nosata,nopit,static-prt,nofw"`
 machine_accelerators="@MACHINEACCELERATORS@"
 
+# CPU features
+# comma-separated list of cpu features to pass to the cpu
+# For example, `cpu_features = "pmu=off,vmx=off"
+cpu_features="@CPUFEATURES@"
+
 # Default number of vCPUs per SB/VM:
 # unspecified or 0                --> will be set to @DEFVCPUS@
 # < 0                             --> will be set to the actual number of physical cores

diff --git a/pkg/katautils/config-settings.go.in b/pkg/katautils/config-settings.go.in
@@ -16,6 +16,7 @@ var defaultKernelPath = "/usr/share/kata-containers/vmlinuz.container"
 var defaultInitrdPath = "/usr/share/kata-containers/kata-containers-initrd.img"
 var defaultFirmwarePath = ""
 var defaultMachineAccelerators = ""
+var defaultCPUFeatures = ""
 var defaultShimPath = "/usr/libexec/kata-containers/kata-shim"
 var systemdUnitName = "kata-containers.target"
 

diff --git a/pkg/katautils/config.go b/pkg/katautils/config.go
@@ -93,6 +93,7 @@ type hypervisor struct {
 	Image                   string   `toml:"image"`
 	Firmware                string   `toml:"firmware"`
 	MachineAccelerators     string   `toml:"machine_accelerators"`
+	CPUFeatures             string   `toml:"cpu_features"`
 	KernelParams            string   `toml:"kernel_params"`
 	MachineType             string   `toml:"machine_type"`
 	BlockDeviceDriver       string   `toml:"block_device_driver"`
@@ -241,11 +242,9 @@ func (h hypervisor) firmware() (string, error) {
 
 func (h hypervisor) machineAccelerators() string {
 	var machineAccelerators string
-	accelerators := strings.Split(h.MachineAccelerators, ",")
-	acceleratorsLen := len(accelerators)
-	for i := 0; i < acceleratorsLen; i++ {
-		if accelerators[i] != "" {
-			machineAccelerators += strings.Trim(accelerators[i], "\r\t\n ") + ","
+	for _, accelerator := range strings.Split(h.MachineAccelerators, ",") {
+		if accelerator != "" {
+			machineAccelerators += strings.TrimSpace(accelerator) + ","
 		}
 	}
 
@@ -254,6 +253,19 @@ func (h hypervisor) machineAccelerators() string {
 	return machineAccelerators
 }
 
+func (h hypervisor) cpuFeatures() string {
+	var cpuFeatures string
+	for _, feature := range strings.Split(h.CPUFeatures, ",") {
+		if feature != "" {
+			cpuFeatures += strings.TrimSpace(feature) + ","
+		}
+	}
+
+	cpuFeatures = strings.Trim(cpuFeatures, ",")
+
+	return cpuFeatures
+}
+
 func (h hypervisor) kernelParams() string {
 	if h.KernelParams == "" {
 		return defaultKernelParams
@@ -593,6 +605,7 @@ func newQemuHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) {
 	}
 
 	machineAccelerators := h.machineAccelerators()
+	cpuFeatures := h.cpuFeatures()
 	kernelParams := h.kernelParams()
 	machineType := h.machineType()
 
@@ -636,6 +649,7 @@ func newQemuHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) {
 		ImagePath:               image,
 		FirmwarePath:            firmware,
 		MachineAccelerators:     machineAccelerators,
+		CPUFeatures:             cpuFeatures,
 		KernelParams:            vc.DeserializeParams(strings.Fields(kernelParams)),
 		HypervisorMachineType:   machineType,
 		NumVCPUs:                h.defaultVCPUs(),
@@ -1085,6 +1099,7 @@ func GetDefaultHypervisorConfig() vc.HypervisorConfig {
 		InitrdPath:              defaultInitrdPath,
 		FirmwarePath:            defaultFirmwarePath,
 		MachineAccelerators:     defaultMachineAccelerators,
+		CPUFeatures:             defaultCPUFeatures,
 		HypervisorMachineType:   defaultMachineType,
 		NumVCPUs:                defaultVCPUCount,
 		DefaultMaxVCPUs:         defaultMaxVCPUCount,

diff --git a/pkg/katautils/config_test.go b/pkg/katautils/config_test.go
@@ -1491,6 +1491,53 @@ func TestDefaultMachineAccelerators(t *testing.T) {
 	assert.Equal(machineAccelerators, h.machineAccelerators())
 }
 
+func TestDefaultCPUFeatures(t *testing.T) {
+	assert := assert.New(t)
+	cpuFeatures := "abc,123,rgb"
+	h := hypervisor{CPUFeatures: cpuFeatures}
+	assert.Equal(cpuFeatures, h.cpuFeatures())
+
+	cpuFeatures = ""
+	h.CPUFeatures = cpuFeatures
+	assert.Equal(cpuFeatures, h.cpuFeatures())
+
+	cpuFeatures = "abc"
+	h.CPUFeatures = cpuFeatures
+	assert.Equal(cpuFeatures, h.cpuFeatures())
+
+	cpuFeatures = "abc,123"
+	h.CPUFeatures = "abc,,123"
+	assert.Equal(cpuFeatures, h.cpuFeatures())
+
+	cpuFeatures = "abc,123"
+	h.CPUFeatures = ",,abc,,123,,,"
+	assert.Equal(cpuFeatures, h.cpuFeatures())
+
+	cpuFeatures = "abc,123"
+	h.CPUFeatures = "abc,,123,,,"
+	assert.Equal(cpuFeatures, h.cpuFeatures())
+
+	cpuFeatures = "abc"
+	h.CPUFeatures = ",,abc,"
+	assert.Equal(cpuFeatures, h.cpuFeatures())
+
+	cpuFeatures = "abc"
+	h.CPUFeatures = ", , abc , ,"
+	assert.Equal(cpuFeatures, h.cpuFeatures())
+
+	cpuFeatures = "abc"
+	h.CPUFeatures = " abc "
+	assert.Equal(cpuFeatures, h.cpuFeatures())
+
+	cpuFeatures = "abc,123"
+	h.CPUFeatures = ", abc , 123 ,"
+	assert.Equal(cpuFeatures, h.cpuFeatures())
+
+	cpuFeatures = "abc,123"
+	h.CPUFeatures = ",, abc ,,, 123 ,,"
+	assert.Equal(cpuFeatures, h.cpuFeatures())
+}
+
 func TestUpdateRuntimeConfiguration(t *testing.T) {
 	assert := assert.New(t)
 

diff --git a/virtcontainers/documentation/api/1.0/api.md b/virtcontainers/documentation/api/1.0/api.md
@@ -132,6 +132,9 @@ type HypervisorConfig struct {
 	// MachineAccelerators are machine specific accelerators
 	MachineAccelerators string
 
+	// CPUFeatures are cpu specific features
+	CPUFeatures string
+
 	// HypervisorPath is the hypervisor executable host path.
 	HypervisorPath string
 

diff --git a/virtcontainers/hypervisor.go b/virtcontainers/hypervisor.go
@@ -275,6 +275,9 @@ type HypervisorConfig struct {
 	// MachineAccelerators are machine specific accelerators
 	MachineAccelerators string
 
+	// CPUFeatures are cpu specific features
+	CPUFeatures string
+
 	// HypervisorPath is the hypervisor executable host path.
 	HypervisorPath string
 

diff --git a/virtcontainers/persist.go b/virtcontainers/persist.go
@@ -221,6 +221,7 @@ func (s *Sandbox) dumpConfig(ss *persistapi.SandboxState) {
 		InitrdPath:              sconfig.HypervisorConfig.InitrdPath,
 		FirmwarePath:            sconfig.HypervisorConfig.FirmwarePath,
 		MachineAccelerators:     sconfig.HypervisorConfig.MachineAccelerators,
+		CPUFeatures:             sconfig.HypervisorConfig.CPUFeatures,
 		HypervisorPath:          sconfig.HypervisorConfig.HypervisorPath,
 		HypervisorCtlPath:       sconfig.HypervisorConfig.HypervisorCtlPath,
 		JailerPath:              sconfig.HypervisorConfig.JailerPath,
@@ -510,6 +511,7 @@ func loadSandboxConfig(id string) (*SandboxConfig, error) {
 		InitrdPath:              hconf.InitrdPath,
 		FirmwarePath:            hconf.FirmwarePath,
 		MachineAccelerators:     hconf.MachineAccelerators,
+		CPUFeatures:             hconf.CPUFeatures,
 		HypervisorPath:          hconf.HypervisorPath,
 		HypervisorCtlPath:       hconf.HypervisorCtlPath,
 		JailerPath:              hconf.JailerPath,

diff --git a/virtcontainers/persist/api/config.go b/virtcontainers/persist/api/config.go
@@ -54,6 +54,9 @@ type HypervisorConfig struct {
 	// MachineAccelerators are machine specific accelerators
 	MachineAccelerators string
 
+	// CPUFeatures are cpu specific features
+	CPUFeatures string
+
 	// HypervisorPath is the hypervisor executable host path.
 	HypervisorPath string
 

diff --git a/virtcontainers/qemu.go b/virtcontainers/qemu.go
@@ -552,6 +552,7 @@ func (q *qemu) createSandbox(ctx context.Context, id string, networkNS NetworkNa
 	}
 
 	cpuModel := q.arch.cpuModel()
+	cpuModel += "," + q.config.CPUFeatures
 
 	firmwarePath, err := q.config.FirmwareAssetPath()
 	if err != nil {