runtime-rs: update device pci info for vfio and virtio-blk devices

[amshinde]

runtime-rs: change hypervisor add_device trait to return device copy

Block(virtio-blk) and vfio devices are currently not handled correctly
by the agent as the agent is not provided with correct PCI paths for
these devices.

The PCI paths for these devices can be inferred from the PCI information
provided by the hypervisor when the device is added.
Hence changing the add_device trait function to return a device copy
with PCI info potentially provided by the hypervisor. This can then be
provided to the agent to correctly detect devices within the VM.

This commit includes implementation for PCI info update for
cloud-hupervisor for virtio-blk devices with stubs provided for other
hypervisors.

This PR fixes virtio-block device addition bug. The following works now:

$ sudo ctr run --runtime "io.containerd.kata.v2" --snapshotter devmapper --rm -t quay.io/prometheus/busybox:latest foo-dm /bin/true;echo $?
0

as well as

sudo ctr run --runtime "io.containerd.kata.v2" --device=/dev/block1 --rm -t quay.io/prometheus/busybox:latest foo-dm /bin/true;echo $?
0

The PR also fixes bugs around vfio device addition. End to end vfio device add now works:

sudo ctr run --runtime "io.containerd.kata.v2" --device=/dev/vfio/{vfio_group} --rm -t quay.io/prometheus/busybox:latest foo-dm /bin/true;echo $?
0

Fixes: #8283

[Apokleos]

Hey @amshinde

Nice work on this PR! I'm also working on this feature, and I've submitted a WIP PR as well.

My PR mainly implements the following features:

(1) Due to the different ways that different VMMs handle PCI devices, we hope to provide a general PCIe topology
processing framework that is as compatible as possible with VMMs such as dragonball, cloud-hyperivor, qemu, and fc.
(2) Provide the correct PCI path for PCI devices, including VFIO-PCI devices and virtio-PCI(virtio-blk/vhost-user-blk...) devices.
(3) Fill in the correct correspondence between host path and guest path for kata-agent devices.

Would you be interested in discussing the difference and a merge?
We can compare the pros and cons of both approaches and see if we can come up with a solution that works for everyone.

Let me know what you think.

Thx.

[jodh-intel]

Thanks @amshinde - a few comments.

Also, although this works with the default pmem driver, it doesn't wfm using DM:

$ sudo ctr run --runtime "io.containerd.kata.v2"  --rm -t quay.io/prometheus/busybox:latest foo /bin/true;echo $?
0

$ sudo ctr run --runtime "io.containerd.kata.v2" --snapshotter devmapper --rm -t quay.io/prometheus/busybox:latest foo-dm /bin/true;echo $?
ctr: failed to create shim task: Others("failed to handler message create container\n\nCaused by:\n    0: create\n    1: handler rootfs\n    2: new block rootfs\n    3: do handle device failed.\n    4: failed to add deivce\n    5: Unexpected PCI address \"0000:00:05.0\" for clh device add"): unknown
1

[jodh-intel]

Commented out line.

[jodh-intel]

Can you remove these commented out lines.

[jodh-intel]

If this fails, we'll return the count error, not the original one (line below).

[amshinde]

This is the same as previous behaviour. If we want to change this, lets discuss. It could go as part of a separate change.

[jodh-intel]

/cc @quanweiZhou, @studychao for input on the Hypervisor trait change on this PR.

[amshinde]

Would you be interested in discussing the difference and a merge? We can compare the pros and cons of both approaches and see if we can come up with a solution that works for everyone.

Let me know what you think.

@Apokleos Yes, lets discuss this and figure out a common approach.

[amshinde]

hey @Apokleos I just saw your PR #7932, where you introduce update-device trait with similar idea of the hypervisor providing pcie info. Wanted to discuss with you if we could arrive and agree on a way to do this.

[jodh-intel]

Thanks @amshinde - Tested and wfm.

We still need input from @Apokleos about his PR and also comments on the very minor hypervisor trait tweak on this PR.

lgtm

[jodh-intel]

Nit:

Suggested change

	Ok(__) => Ok(()),
	Ok(_) => Ok(()),

? 😄

[amshinde]

fixed :) It still compiled with that!

[amshinde]

/test

[amshinde]

Also, although this works with the default pmem driver, it doesn't wfm using DM:

This is now fixed with this PR. This PR fixes the device addition bug seen with:

$ sudo ctr run --runtime "io.containerd.kata.v2" --snapshotter devmapper --rm -t quay.io/prometheus/busybox:latest foo-dm /bin/true;echo $?
0

as well as

sudo ctr run --runtime "io.containerd.kata.v2" --device=/dev/block1 --rm -t quay.io/prometheus/busybox:latest foo-dm /bin/true;echo $?
0

[Apokleos]

Hi @amshinde comments as below.
It's mainly for the removed code generate_guest_pci_path.

[Apokleos]

Hi, @amshinde, in case of dragonball, the guest_pci_path is always None, as dragonball doesn't return device info as clh does.
IMO, the None case of hostdev.guest_pci_path needs be handled.

[amshinde]

Done

[Apokleos]

The removed generate_guest_pci_path which will help deduce the correct pci Path, it should be reserved.

[amshinde]

Ok, I guess this would be used by dragonball. I'll add it back.

[amshinde]

@Apokleos I have added generate_guest_pci_path back in case it is usefull for dragonball. Plese take a look.

[Apokleos]

Thx @amshinde

[amshinde]

/test

[amshinde]

@Apokleos I have addressed your comments.

[pmores]

Why this change?

[amshinde]

I have now taken out the Vsock value entirely from the enum. I have added an explanation for it in the commit message. Please take a look at it and let me know if it makes sense.
To summarize, Vsock value was removed as the Vsock device is not really used anywhere nor can it be used in its current state as it does not implement the Device trait. This means that it cannot be attached or detached from the hypervisor. What I can deduce from the code is that one of the reasons is that Vsock does not really implement the Clone trait which looks like a prerequisite for the Device trait, as the async trait functions require Device copies to be passed between them.(Vsock struct currently has a File handle which does not implement Clone, so this would require some rework) This is also the reason that I decided to remove Vsock for now, as the change I am introducing here requires devices to implement Clone.

[bergwolf]

@amshinde Vsock is required for QEMU support. Could you add it back? Or @pmores would need to add it back in his PR. Vsock device is not fully implemented but it does not mean that it is not needed.

[amshinde]

@bergwolf The implementation is still present, I just removed it from the DeviceType enum. With its current implementation it neither supports attach or detach Device traits, meaning it cant really be hotplugged to a hypervisor. @pmores can add it back in the Device list once he adds support for qemu.

[pmores]

@amshinde qemu support is added by PR #8185 which is broken by this change.

[gkurz]

@amshinde It would have been greatly appreciated to hold on a bit, so that @pmores had at least a chance to discuss some more before this change was merged.

[amshinde]

@gkurz Was not aware of this change drastiaclly breaking @pmores PR. Apologies, I was eager to get this landed to unblock folks to get started with implementing a CI for clh which is borked without this change.I had a look at @pmores PR for qemu support and here are my suggestions to handle the conflicts:
Like I mentioned I have removed VsockDevice from the DeviceType enum list. I think these enums should only specify devices that implement the Device trait (attach/detach) and are passed down by the DeviceManager. None of these two are true for VsockDevice. VsockDevice is a special case device that is useful internally for qemu for agent communication(currently) and will never be handled/created by the Device Manager. Nor will the device really need to implement the Device trait with attach and detach since it does not make sense to hotplug/unplug this device. What we really want is initializing code to get the guest cid.

From what I have seen from a quick walkthrough of @pmores PR the breakage is due to the fact that he currently maintains a device vector of type DeviceType and stores the VsockDevice inside it which would not work due to change in my PR (and my argument above for the change). My suggestion would be since we only need Vsock for agent communication(for now), would be to store this as an expicit reference to VsockDevice in the QemuInner struct and not handle this in the device list that is semantically meant to handle devices that can be attached/detached. This can then be used in the get_agent_socket and get_agent_vsock_dev methods. Something like:

#[derive(Debug)]
  pub struct QemuInner {
      /// sandbox id
      id: String,
    
      qemu_process: Option<Child>,
  
      config: HypervisorConfig,
      devices: Vec<DeviceType>,
      vsock: VsockDevice,
  }

[pmores]

Hi @amshinde ! I'm aware that the problem this PR creates in the qemu driver can be solved by special-casing, like just about any problem for that matter. I'm not sure though that this is warranted.

I'm not aware of the close semantic ties in the runtime-rs design and current practice that you describe between DeviceType, the Device trait and DeviceManager. Also from Rust standpoint, DeviceType is an enum so no relations among the variant types are implied. In short, I don't see that a DeviceType variant implies cloneability or attach/detach functionality.

Also, could you explain the specific problem that DeviceType::Vsock causes to you? If add_device() now takes and returns a DeviceType by value, I think you can do that with copyable and non-copyable types just as well.

What do other runtime-rs devs think, @bergwolf , @studychao , @Tim-0731-Hzt perhaps?

[amshinde]

/test

[Apokleos]

Thx @amshinde LGTM!

[amshinde]

/test

[cmaf]

lgtm @amshinde