Merge pull request #1323 from giuseppe/intel-rdt

Intel RDT support
containers · Oct 12, 2023 · 8af8ee2 · 8af8ee2 · packit-as-a-service · Oct 12, 2023
2 parents 75009ce + bdb95d6
commit 8af8ee2
Show file tree

Hide file tree

Showing 14 changed files with 770 additions and 20 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -54,6 +54,7 @@ libcrun_SOURCES = src/libcrun/utils.c \
 		src/libcrun/handlers/wasmedge.c \
 		src/libcrun/handlers/wasmer.c \
 		src/libcrun/handlers/wasmtime.c \
+		src/libcrun/intelrdt.c \
 		src/libcrun/io_priority.c \
 		src/libcrun/linux.c \
 		src/libcrun/mount_flags.c \
@@ -147,12 +148,13 @@ EXTRA_DIST = COPYING COPYING.libcrun README.md NEWS SECURITY.md rpm/crun.spec au
 	src/libcrun/custom-handler.h src/libcrun/io_priority.h \
 	src/libcrun/handlers/handler-utils.h \
 	src/libcrun/linux.h src/libcrun/utils.h src/libcrun/error.h src/libcrun/criu.h \
-	src/libcrun/scheduler.h src/libcrun/status.h src/libcrun/terminal.h src/libcrun/mount_flags.h \
+	src/libcrun/scheduler.h src/libcrun/status.h src/libcrun/terminal.h \
+	src/libcrun/mount_flags.h src/libcrun/intelrdt.h \
 	crun.1.md crun.1 libcrun.lds \
 	krun.1.md krun.1 \
 	lua/luacrun.rockspec
 
-UNIT_TESTS = tests/tests_libcrun_utils tests/tests_libcrun_errors
+UNIT_TESTS = tests/tests_libcrun_utils tests/tests_libcrun_errors tests/tests_libcrun_intelrdt
 
 if ENABLE_CRUN
 bin_PROGRAMS = crun
@@ -174,6 +176,11 @@ tests_tests_libcrun_utils_SOURCES = tests/tests_libcrun_utils.c
 tests_tests_libcrun_utils_LDADD = $(TESTS_LDADD)
 tests_tests_libcrun_utils_LDFLAGS = $(crun_LDFLAGS)
 
+tests_tests_libcrun_intelrdt_CFLAGS = -I $(abs_top_builddir)/libocispec/src -I $(abs_top_srcdir)/libocispec/src -I $(abs_top_builddir)/src -I $(abs_top_srcdir)/src
+tests_tests_libcrun_intelrdt_SOURCES = tests/tests_libcrun_intelrdt.c
+tests_tests_libcrun_intelrdt_LDADD = $(TESTS_LDADD)
+tests_tests_libcrun_intelrdt_LDFLAGS = $(crun_LDFLAGS)
+
 tests_tests_libcrun_fuzzer_CFLAGS = -I $(abs_top_builddir)/libocispec/src -I $(abs_top_srcdir)/libocispec/src -I $(abs_top_builddir)/src -I $(abs_top_srcdir)/src
 tests_tests_libcrun_fuzzer_SOURCES = tests/tests_libcrun_fuzzer.c
 tests_tests_libcrun_fuzzer_LDADD = $(TESTS_LDADD) libocispec/libocispec.la $(maybe_libyajl.la)

diff --git a/src/libcrun/container.c b/src/libcrun/container.c
@@ -1696,6 +1696,13 @@ container_delete_internal (libcrun_context_t *context, runtime_spec_schema_confi
         }
     }
 
+  if (! is_empty_string (status.intelrdt))
+    {
+      ret = libcrun_destroy_intelrdt (status.intelrdt, err);
+      if (UNLIKELY (ret < 0))
+        crun_error_write_warning_and_release (context->output_handler_arg, &err);
+    }
+
   if (status.cgroup_path)
     {
       ret = libcrun_cgroup_destroy (cgroup_status, err);
@@ -1766,15 +1773,32 @@ write_container_status (libcrun_container_t *container, libcrun_context_t *conte
 {
   cleanup_free char *cwd = getcwd (NULL, 0);
   cleanup_free char *owner = get_user_name (geteuid ());
+  cleanup_free char *intelrdt = NULL;
   char *external_descriptors = libcrun_get_external_descriptors (container);
   char *rootfs = container->container_def->root ? container->container_def->root->path : "";
   char created[35];
+
+  if (container_has_intelrdt (container))
+    {
+      bool explicit = false;
+      const char *tmp;
+
+      tmp = libcrun_get_intelrdt_name (context->id, container, &explicit);
+      if (tmp == NULL)
+        return crun_make_error (err, 0, "internal error: cannot get intelrdt name");
+      /* It is stored in the status only for cleanup purposes.  Delete the group only
+         if it was not explicitly set.  */
+      if (! explicit)
+        intelrdt = xstrdup (tmp);
+    }
+
   libcrun_container_status_t status = {
     .pid = pid,
     .rootfs = rootfs,
     .bundle = cwd,
     .created = created,
     .owner = owner,
+    .intelrdt = intelrdt,
     .systemd_cgroup = context->systemd_cgroup,
     .detached = context->detach,
     .external_descriptors = external_descriptors,
@@ -2437,6 +2461,10 @@ libcrun_container_run_internal (libcrun_container_t *container, libcrun_context_
   if (UNLIKELY (ret < 0))
     goto fail;
 
+  ret = libcrun_apply_intelrdt (context->id, container, pid, LIBCRUN_INTELRDT_CREATE_UPDATE_MOVE, err);
+  if (UNLIKELY (ret < 0))
+    goto fail;
+
   /* sync send own pid.  */
   ret = TEMP_FAILURE_RETRY (write (sync_socket, &pid, sizeof (pid)));
   if (UNLIKELY (ret != sizeof (pid)))
@@ -3094,7 +3122,7 @@ libcrun_container_state (libcrun_context_t *context, const char *id, FILE *out,
 
     ret = append_paths (&config_file, err, dir, "config.json", NULL);
     if (UNLIKELY (ret < 0))
-      return ret;
+      goto exit;
 
     container = libcrun_container_load_from_file (config_file, err);
     if (UNLIKELY (container == NULL))
@@ -3540,7 +3568,7 @@ libcrun_container_exec_with_options (libcrun_context_t *context, const char *id,
   if (UNLIKELY (ret < 0))
     return crun_make_error (err, errno, "prctl (PR_SET_DUMPABLE)");
 
-  pid = libcrun_join_process (container, status.pid, &status, opts->cgroup, context->detach,
+  pid = libcrun_join_process (context, container, status.pid, &status, opts->cgroup, context->detach,
                               process, process->terminal ? &terminal_fd : NULL, err);
   if (UNLIKELY (pid < 0))
     return pid;
@@ -3925,6 +3953,8 @@ libcrun_container_get_features (libcrun_context_t *context, struct features_info
   (*info)->linux.apparmor.enabled = true;
   (*info)->linux.selinux.enabled = true;
 
+  (*info)->linux.intel_rdt.enabled = true;
+
   // Put the values for mount extensions
   (*info)->linux.mount_ext.idmap.enabled = true;
 
@@ -4267,3 +4297,26 @@ libcrun_write_json_containers_list (libcrun_context_t *context, FILE *out, libcr
 
   return ret;
 }
+
+int
+libcrun_container_update_intel_rdt (libcrun_context_t *context, const char *id, struct libcrun_intel_rdt_update *update, libcrun_error_t *err)
+{
+  cleanup_container libcrun_container_t *container = NULL;
+  cleanup_free char *config_file = NULL;
+  cleanup_free char *dir = NULL;
+  int ret;
+
+  dir = libcrun_get_state_directory (context->state_root, id);
+  if (UNLIKELY (dir == NULL))
+    return crun_make_error (err, 0, "cannot get state directory");
+
+  ret = append_paths (&config_file, err, dir, "config.json", NULL);
+  if (UNLIKELY (ret < 0))
+    return ret;
+
+  container = libcrun_container_load_from_file (config_file, err);
+  if (UNLIKELY (container == NULL))
+    return crun_make_error (err, 0, "error loading config.json");
+
+  return libcrun_update_intel_rdt (id, container, update->l3_cache_schema, update->mem_bw_schema, err);
+}
diff --git a/src/libcrun/container.h b/src/libcrun/container.h
@@ -126,6 +126,11 @@ struct idmap_info_s
   bool enabled;
 };
 
+struct intel_rdt_s
+{
+  bool enabled;
+};
+
 struct mount_ext_info_s
 {
   struct idmap_info_s idmap;
@@ -140,6 +145,7 @@ struct linux_info_s
   struct apparmor_info_s apparmor;
   struct selinux_info_s selinux;
   struct mount_ext_info_s mount_ext;
+  struct intel_rdt_s intel_rdt;
 };
 
 struct annotations_info_s
@@ -249,6 +255,15 @@ LIBCRUN_PUBLIC int libcrun_container_update_from_values (libcrun_context_t *cont
                                                          struct libcrun_update_value_s *values, size_t len,
                                                          libcrun_error_t *err);
 
+struct libcrun_intel_rdt_update
+{
+  const char *l3_cache_schema;
+  const char *mem_bw_schema;
+};
+
+LIBCRUN_PUBLIC int libcrun_container_update_intel_rdt (libcrun_context_t *context, const char *id,
+                                                       struct libcrun_intel_rdt_update *update, libcrun_error_t *err);
+
 LIBCRUN_PUBLIC int libcrun_container_get_features (libcrun_context_t *context, struct features_info_s **info,
                                                    libcrun_error_t *err);