add kernel config for gpu#938
Conversation
Jimmy-Xu
force-pushed
the
kernel-support-gpu
branch
from
1937954 to
6bfb355
Compare
Jimmy-Xu
force-pushed
the
kernel-support-gpu
branch
2 times, most recently
from
f3503b8 to
673c94a
Compare
|
/test |
|
@Jimmy-Xu CI is not happy |
Jimmy-Xu
force-pushed
the
kernel-support-gpu
branch
2 times, most recently
from
f078453 to
b292ee3
Compare
|
/test |
|
/AzurePipelines run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
/AzurePipelines run |
|
Commenter does not have sufficient privileges for PR 938 in repo kata-containers/packaging |
|
@grahamwhaley, @jcvenegas - any idea what's up with Azure? ^^ |
|
/AzurePipelines run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
Let's try from me - it may be a perms/group thing.... that we can fix if we see that is true. |
|
Sooo, @jcvenegas @chavafg - how does the Azure pipe check user perms - @Jimmy-Xu is in the kata org, I guess maybe he would need to be in one of the teams as well? |
|
@jcvenegas should know more, but I see the next note in the "Controlling the CI" wiki page Note: Only works if you are a member of the packaging team and the phrase is the only text in the comment! |
|
I see @Jimmy-Xu is already part of the packaging team, so not sure what else is missing. |
Jimmy-Xu
force-pushed
the
kernel-support-gpu
branch
2 times, most recently
from
bae6d24 to
d4f4319
Compare
|
/test |
| # Support to load driver module | ||
| CONFIG_MODULES=y | ||
| CONFIG_MODULE_UNLOAD=y | ||
| CONFIG_MODULE_SIG=y |
There was a problem hiding this comment.
cc @grahamwhaley @devimc Dont remember if we ran into issues with CONFIG_MODULE_SIG in the past.
There was a problem hiding this comment.
I was wondering about this..... in theory I think MODULE_SIG is probably a good thing, as then you can only load modules actually built for your kernel.... but, it will add some overhead I think.
I was also thinking it would probably hard-tie the exact nvidia module used to the exact kernel you are loading... which, I'm not sure is the intention, or exactly what you don't want.
@Jimmy-Xu - can you tell us why you enabled it?
There was a problem hiding this comment.
I don't remember, @Jimmy-Xu is this option really needed?
There was a problem hiding this comment.
@grahamwhaley @devimc
There is a parameter CONFIG_CRYPTO_FIPS in kernel/configs/fragments/common/crypto.conf.
It depends on CRYPTO [=y] && (CRYPTO_ANSI_CPRNG [=y] || CRYPTO_DRBG [=n]) && !CRYPTO_MANAGER_DISABLE_TESTS [=n] && (MODULE_SIG [=n] || !MODULES [=y])
Therefore, if CONFIG_MODULES is enabled, CONFIG_MODULE_SIG is also required.
If CONFIG_CRYPTO_FIPS is removed, CONFIG_MODULE_SIG can also be removed.
I ran a test and after removing these two parameters the Nvidia GPU worked fine in a kata container.
Is the CONFIG_CRYPTO_FIPS really needed?
On the other hand, I think it's safer to use CONFIG_MODULE_SIG.
There was a problem hiding this comment.
Oh, I remember now .... @amshinde added FIPS, which is somewhat entangled with MODULE. There is a conversation over at #891 (comment) where I dug into it...
There was a problem hiding this comment.
@grahamwhaley No wonder that config looked familiar :) Now that I see the comments on the related issue, I am fine with having CONFIG_MODULE_SIG.
Jimmy-Xu
force-pushed
the
kernel-support-gpu
branch
from
d4f4319 to
88f48d4
Compare
Jimmy-Xu
force-pushed
the
kernel-support-gpu
branch
from
88f48d4 to
5680e62
Compare
|
@devimc Ah, I see. |
|
/test |
|
/AzurePipelines run |
|
Azure Pipelines could not run because the pipeline triggers exclude this branch/path. |
|
/AzurePipelines run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
@sameo |
|
I'm going to stick a DNM label on here whilst we do a little bit of review.... |
grahamwhaley
left a comment
grahamwhaley
left a comment
There was a problem hiding this comment.
overall, looking very good @Jimmy-Xu :-)
A few minor comments.
I think we should probably add some documentation in https://github.com/kata-containers/packaging/blob/master/kernel/README.md about the command line arguments though - something we have been missing so far, but now I think with the addition of the gpu item, it is more important we have them.
/cc @jcvenegas
| kernel_config_path="" | ||
| #Force generate config when setup | ||
| force_setup_generate_config="false" | ||
| #Nvidia kernel support |
There was a problem hiding this comment.
Is this Nvidia specific, or does it also work for other GPUs?
We should either fix the comment, or change the variable name I suspect.
There was a problem hiding this comment.
I think GPU kernel support sounds more generic
There was a problem hiding this comment.
updated. support Intel and Nvidia GPU, -g intel, -g nvidia
| info "kernel path does not exist, will download kernel" | ||
| download_kernel="true" | ||
| [ -n "$kernel_version" ] || die "failed to get kernel version: Kernel version is emtpy" | ||
| if [[ "${force_setup_generate_config}" != "true" ]];then |
There was a problem hiding this comment.
nit: I would have added the 'force build' and 'bash debug' bits as separate commits in this PR, just to make it clearer for the reviewers ;-)
| vmlinuz="vmlinuz-${kernel_version}-${config_version}" | ||
| vmlinux="vmlinux-${kernel_version}-${config_version}" | ||
|
|
||
| sufix="" |
There was a problem hiding this comment.
nit - I think you inherited this, but - s/sufix/suffix/
| kernel_config_path="${OPTARG}" | ||
| ;; | ||
| d) | ||
| PS4=' Line ${LINENO}: ' |
There was a problem hiding this comment.
The PS4 defined the $LINENO. So I used PS4 here.
|
thanks @Jimmy-Xu , just a couple of comments/questions and we could merge this |
Add option '-g' in build-kernel.sh to build a guest kernel that supports Intel/Nvidia GPU Fixes: kata-containers#979 Signed-off-by: Jimmy Xu <junming.xjm@antfin.com>
Add option '-d' in build-kernel.sh to enable bash debug. Signed-off-by: Jimmy Xu <junming.xjm@antfin.com>
Add option '-f' in build-kernel.sh to force the generation of .config Signed-off-by: Jimmy Xu <junming.xjm@antfin.com> n 请为您的变更输入提交说明。以 '#' 开始的行将被忽略,而一个空的提交
Jimmy-Xu
force-pushed
the
kernel-support-gpu
branch
from
5680e62 to
0a875ff
Compare
Add usage of build-kernel.sh to the readme Signed-off-by: Jimmy Xu <junming.xjm@antfin.com>
Jimmy-Xu
force-pushed
the
kernel-support-gpu
branch
from
0a875ff to
12d351d
Compare
|
/test |
|
/AzurePipelines run |
|
Azure Pipelines successfully started running 2 pipeline(s). |
|
Hi @Jimmy-Xu - when you are happy, please remove the |
|
@jodh-intel |
Related: kata-containers/packaging#938 Fixes kata-containers#616 Signed-off-by: Jimmy Xu <junming.xjm@antfin.com>
Related: kata-containers/packaging#938 Fixes kata-containers#616 Signed-off-by: Jimmy Xu <junming.xjm@antfin.com>
Related: kata-containers/packaging#938 Fixes kata-containers#616 Signed-off-by: Jimmy Xu <junming.xjm@antfin.com>
9 participants
To support VFIO passthrough GPU (for example Nvidia Tesla P100)
Usage example:
Output guest kernel:
To build NVIDIA Driver in kata container,
kernel-develis required:Output RPMs: