Skip to content
This repository has been archived by the owner on Jun 28, 2024. It is now read-only.

block device should be set rw before hotplug test if qemu version above 5.1 #3002

Closed
jongwu opened this issue Oct 22, 2020 · 2 comments · Fixed by #3003
Closed

block device should be set rw before hotplug test if qemu version above 5.1 #3002

jongwu opened this issue Oct 22, 2020 · 2 comments · Fixed by #3003
Labels
bug Incorrect behaviour needs-review Needs to be assessed by the team.

Comments

@jongwu
Copy link
Contributor

jongwu commented Oct 22, 2020

using qemu 5.1+
docker run --rm --runtime kata-runtime --device /dev/loop0 ubuntu ls

error log:
docker: Error response from daemon: OCI runtime create failed: QMP command failed: 649: The device is not writable: Permission denied: unknown.
also refer to http://jenkins.katacontainers.io/job/kata-containers-runtime-ARM-18.04-PR/1845/consoleFull
test case:
[docker run --cidfile /tmp/cid416376284/NJtkQ8Id9H5gAEftsXIlRx7IDoshP1 --runtime kata-runtime --device /dev/loop2 --device /dev/loop3 --device /dev/loop4 --device /dev/loop5 --device /dev/loop6 --device /dev/loop7 --device /dev/loop8 --device /dev/loop9 --device /dev/loop10 --device /dev/loop11 --rm --name NJtkQ8Id9H5gAEftsXIlRx7IDoshP1 busybox stat /dev/loop2 /dev/loop3 /dev/loop4 /dev/loop5 /dev/loop6 /dev/loop7 /dev/loop8 /dev/loop9 /dev/loop10 /dev/loop11]

error log:
docker: Error response from daemon: OCI runtime create failed: rpc error: code = DeadlineExceeded desc = Timeout reached after 3s waiting for device 0:0:0:0/block: unknown.
@jongwu jongwu added bug Incorrect behaviour needs-review Needs to be assessed by the team. labels Oct 22, 2020
jongwu added a commit to jongwu/tests that referenced this issue Oct 22, 2020
@jongwu
docker: set rw on block device before hotplug test.
d5196ee 
rw check on block device is enhanced in qemu 5.1. So block device should be
set to rw using blockdev before hotplug test in docker.
If not, block device hotplug test will fail.

test case:
docker run --rm --runtime kata-runtime --device /dev/loop0 ubuntu ls

more info see https://patchew.org/QEMU/[email protected]/[email protected]/

Fixes: kata-containers#3002
Signed-off-by: Jianyong Wu <[email protected]>
@jongwu jongwu mentioned this issue Oct 22, 2020
Merged
jongwu added a commit to jongwu/tests that referenced this issue Oct 22, 2020
@jongwu
docker: set rw on block device before hotplug test.
435370c 
rw check on block device is enhanced in qemu 5.1. So block device should be
set to rw using blockdev before hotplug test in docker.
If not, block device hotplug test will fail.

test case:
docker run --rm --runtime kata-runtime --device /dev/loop0 ubuntu ls

more info see https://patchew.org/QEMU/[email protected]/[email protected]/

Fixes: kata-containers#3002
Signed-off-by: Jianyong Wu <[email protected]>
@fighterhit
Copy link

fighterhit commented Feb 22, 2022
edited
Loading

when I use the kubevirt-gpu-device-plugin to pass through NVIDIA GPU to the kata container, it seems also report the similar error.

 Error: failed to create containerd task: failed to create shim: QMP command failed: The device is not writable: Permission denied: unknown

But I have checked that the device plugin code has set the file to rw mode.

https://github.com/NVIDIA/kubevirt-gpu-device-plugin/blob/531e81bb28738507315249ba5b27847ddadceeed/pkg/device_plugin/generic_device_plugin.go#L258

https://github.com/NVIDIA/kubevirt-gpu-device-plugin/blob/531e81bb28738507315249ba5b27847ddadceeed/pkg/device_plugin/generic_device_plugin.go#L263

@fighterhit fighterhit mentioned this issue Feb 23, 2022
Closed
@fighterhit
Copy link

when I use the kubevirt-gpu-device-plugin to pass through NVIDIA GPU to the kata container, it seems also report the similar error.

 Error: failed to create containerd task: failed to create shim: QMP command failed: The device is not writable: Permission denied: unknown

But I have checked that the device plugin code has set the file to rw mode.

https://github.com/NVIDIA/kubevirt-gpu-device-plugin/blob/531e81bb28738507315249ba5b27847ddadceeed/pkg/device_plugin/generic_device_plugin.go#L258

https://github.com/NVIDIA/kubevirt-gpu-device-plugin/blob/531e81bb28738507315249ba5b27847ddadceeed/pkg/device_plugin/generic_device_plugin.go#L263

I found it's failure when I set privileged is true but normal when I add ALL capabilities,that's is

//failure
securityContext:
  privileged: true


//success
securityContext:
  capabilities:
    add:
    - ALL

@AkihiroSuda AkihiroSuda mentioned this issue Aug 1, 2022
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Incorrect behaviour needs-review Needs to be assessed by the team.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docker: set rw on block device before hotplug test. jongwu/tests
2 participants
@fighterhit @jongwu