kernel-uvm-micro: Update config to be able to start kata pod#16415
Merged
kernel-uvm-micro: Update config to be able to start kata pod#16415
Conversation
37b3132 to
d2a37cf
Compare
Contributor
Author
|
todo: test full kata pod bring up without pmem configs enabled (pmem support should not be needed) |
WIP: This was a minimal config I arrived with by trying to start a kata pod. Roughly: - see error when starting kata pod: [\"Error from API\",\"The VM could not boot\",\"Kernel lacks PVH header\"]" - enable CONFIG_PVH and config dependencies needed to enable that: CONFIG_HAVE_STATIC_CALL=y CONFIG_HAVE_STATIC_CALL_INLINE=y CONFIG_HYPERVISOR_GUEST=y CONFIG_PARAVIRT=y CONFIG_PARAVIRT_SPINLOCKS=y CONFIG_X86_HV_CALLBACK_VECTOR=y CONFIG_KVM_GUEST=y CONFIG_ARCH_CPUIDLE_HALTPOLL=y CONFIG_PVH=y - see error when booting UVM manually: VFS: Cannot open root device "/dev/pmem0p1" or unknown-block(0,0): error -19 Please append a correct "root=" boot option; here are the available partitions: List of all bdev filesystems: fuseblk - enable configs related to pmem: scripts/config --file .config \ -e LIBNVDIMM \ -e BLK_DEV_PMEM \ -e DAX \ -e EXT4_FS \ -e JBD2 \ -e FS_MBCACHE \ -e PARTITION_ADVANCED \ -e MSDOS_PARTITION \ -e EFI_PARTITION \ -e VIRTIO_PMEM Now it boots manually but not with kata. - see error when starting kata pod: level=error msg="Cannot start VM" error="rpc error: code = Internal desc = setup persistent IPC namespace\n\nCaused by:\n No such file or directory (os error 2)" - enable configs related to IPC: scripts/config --file .config \ -e SYSVIPC \ -e IPC_NS \ -e POSIX_MQUEUE kata pod now boots successfully. Enabling these configs grew vmlinux.bin form 16M to 18M (ls -lh) We probably don't need all of these to achieve the goal, but we can trim from here/ Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
d2a37cf to
2ed3828
Compare
romoh
reviewed
Apr 13, 2026
| CONFIG_PARAVIRT=y | ||
| CONFIG_X86_HV_CALLBACK_VECTOR=y | ||
| # CONFIG_XEN is not set | ||
| CONFIG_KVM_GUEST=y |
Contributor
There was a problem hiding this comment.
Highly doubt this is needed.
romoh
reviewed
Apr 13, 2026
| # CONFIG_BINFMT_MISC is not set | ||
| # CONFIG_COREDUMP is not set | ||
| CONFIG_COREDUMP=y | ||
| # end of Executable file formats |
Contributor
There was a problem hiding this comment.
I would argue we can remove this coredump config too
romoh
reviewed
Apr 13, 2026
| # CONFIG_NET_EMATCH_META is not set | ||
| # CONFIG_NET_EMATCH_TEXT is not set | ||
| # CONFIG_NET_CLS_ACT is not set | ||
| # CONFIG_NET_SCH_FIFO is not set |
Contributor
There was a problem hiding this comment.
My understanding is that if you don't specify those as not set, they may be added automatically.
Contributor
Author
There was a problem hiding this comment.
the bb passed and this config check ran https://github.com/microsoft/azurelinux/blob/3.0/SPECS-EXTENDED/kernel-uvm-micro/kernel-uvm-micro.spec#L112 , so no new config should have been added automatically
romoh
approved these changes
Apr 13, 2026
Contributor
romoh
left a comment
There was a problem hiding this comment.
We can merge and review comments in a subsequent iteration
archana25-ms
pushed a commit
to azurelinux-security/azurelinux
that referenced
this pull request
Apr 17, 2026
…ft#16415) Signed-off-by: Saul Paredes <saulparedes@microsoft.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This was a minimal config I arrived with by trying to start a kata pod.
Steps:
see error when starting kata pod: ["Error from API","The VM could not boot","Kernel lacks PVH header"]"
enable CONFIG_PVH and config dependencies needed to enable that: CONFIG_HAVE_STATIC_CALL=y
CONFIG_HAVE_STATIC_CALL_INLINE=y
CONFIG_HYPERVISOR_GUEST=y
CONFIG_PARAVIRT=y
CONFIG_PARAVIRT_SPINLOCKS=y
CONFIG_X86_HV_CALLBACK_VECTOR=y
CONFIG_KVM_GUEST=y
CONFIG_ARCH_CPUIDLE_HALTPOLL=y
CONFIG_PVH=y
see error when booting UVM manually: VFS: Cannot open root device "/dev/pmem0p1" or unknown-block(0,0): error -19 Please append a correct "root=" boot option; here are the available partitions: List of all bdev filesystems:
fuseblk
enable configs related to pmem: scripts/config --file .config
-e LIBNVDIMM \ -e BLK_DEV_PMEM \ -e DAX \ -e EXT4_FS \ -e JBD2 \ -e FS_MBCACHE \ -e PARTITION_ADVANCED \ -e MSDOS_PARTITION \ -e EFI_PARTITION \ -e VIRTIO_PMEM
Now it boots manually but not with kata.
scripts/config --file .config
-e SYSVIPC
-e IPC_NS
-e POSIX_MQUEUE
Enabling these configs grew vmlinux.bin form 16M to 18M (ls -lh)
We probably don't need all of these to achieve the goal, but we can trim from here
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-staticsubpackages, etc.) have had theirReleasetag incremented../cgmanifest.json,./toolkit/scripts/toolchain/cgmanifest.json,.github/workflows/cgmanifest.json)./LICENSES-AND-NOTICES/SPECS/data/licenses.json,./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md,./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)*.signatures.jsonfilessudo make go-tidy-allandsudo make go-test-coveragepassSummary
What does the PR accomplish, why was it needed?
kernel-uvm-micro: Update config to be able to start kata pod
Change Log
Does this affect the toolchain?
NO
Test Methodology