"unconfined" annotation was needed to get writes to new_id / bind
to succeed on AppArmor enabled OSes.
However, many things have changed:
* new_id should not be used anymore and it was dropped in the plugin.
* QAT initcontainer has assumed the role of HW initialization.
* vfio-pci is the preferred "dpdkDriver" and starting with QAT Gen4, it
is the only available VF driver so unbind isn't necessary.
* k8s AppArmor is "GA" since 1.30 and the annotation is deprecated.
As of now, the initcontainer will take care of binding QAT VFs to vfio-pci
so the plugin does not neeed to set AppArmor at all.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
setupDeviceIDs() is obsoleted and the preferred approach is driver_override
already implemented in qat-init.sh initcontainer.
The new_id mechanism was added way before we had the initcontainer support in place.
Furthermore, at least for vfio-pci we don't need it at all if the driver uses
ids=8086:<qat VF dev IDs>.
Drop write attemps to new_id in favor of the initcontainer functionality.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
QAT device plugin has some initialization functions that require
special SecurityContext parameters (e.g., setting Apparmor policies
on some OSes).
It's better to move all of the initialization to the privileged
init-container that is already taking care some parts of it.
With this change, we default to vfio-pci "DpdkDrv".
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Plugin used to consider only the value "-1" but there are some
cases when files show "\n" or "\n\x00". This makes plugin to have
wrong status of the device. So, trim the value after \n so only
numerical value can be read.
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
currently, the QAT plugin warns when it finds a PCI ID that is
not an enabled QAT device. This is too verbose so lower the
log priority to "Info".
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The documentation needs clarifications to how QAT Gen4 SW differs from
older platfoms:
- only upstream driver is available and due to this, the -mode parameter
is now deprecated
- the QAT VF services are configurable and thus the resource names
differ
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The string of the sIOV device type exceeds the range of [[alnum]], such as:
# adf_ctl status
Checking status of all devices.
There is 2 QAT acceleration device(s) in the system:
qat_dev0 - type: vqat-adi, inst_id: 0, node_id: 0, bsf: 0000:00:08.0, #accel: 1 #engines: 1 state: up
qat_dev1 - type: vqat-adi, inst_id: 1, node_id: 0, bsf: 0000:00:09.0, #accel: 1 #engines: 1 state: up
default qat.conf file does not exist any more. Update it to make
user create own conf file or use --from-literal instead.
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
In case there are more than 32 devices and there is no config set,
all scanned devices have the same service. So, we increase the
default value of maxNumDevices to 64 from 32.
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
Linux 6.0 adds sysfs-driver-qat entries to read device capabilities:
42e66b1cc3/Documentation/ABI/testing/sysfs-driver-qat
Implement the logic for reading from sysfs and prefer that over debugfs.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Currently, each individual plugin README documents roughly the same
daily development steps to git clone, build, and deploy. Re-purpose
the plugin READMEs more towards cluster admin type of documentation
and start moving all development related documentation to DEVEL.md.
The same is true for e2e testing documentation which is scattered
in places where they don't belong to. Having all day-to-day
development Howtos is good to have in a centralized place.
Finally, the cleanup includes some harmonization to plugins'
table of contents which now follows the pattern:
* [Introduction](#introduction)
(* [Modes and Configuration Options](#modes-and-configuration-options))
* [Installation](#installation)
(* [Prerequisites](#prerequisites))
* [Pre-built Images](#pre-built-images)
* [Verify Plugin Registration](#verify-plugin-registration)
* [Testing and Demos](#testing-and-demos)
* ...
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
QAT_401xx is a derivative of 4xxx. Add support for that device
by including the device IDs (both PF and VF).
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Containers running on QAT Gen4 should be based on qatlib and therefore
kerneldrv is not the right mode. Skip registering 4xxx* devices to
ensure it is not used.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
If the kernel has CONFIG_VFIO_NOIOMMU enabled and the node admin
has explicitly set enable_unsafe_noiommu_mode VFIO parameter,
VFIO taints the kernel and writes "vfio-noiommu" to the IOMMU
group name. If these conditions are true, the /dev/vfio/ devices
are prefixed with "noiommu-".
This use-case is documented for DPDK so we don't want to break
it (as it was before because we added DeviceMounts to
/dev/vfio/<iommugroup> files that did not exist).
See DPDK documentation for further information and warnings.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The new_id based driver binding is failing on kernels 5.11+ when the
QAT VF is not bound to any driver: attempts to write to new_id with
the same device ID repeatedly error with "file exists".
Move the new_id initialization to the beginning of the startup and
write the enabled device IDs only once.
This commit also fixes an issue where VF devices where not correctly detected
in virtual machines where the VF was not bound any driver.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
After a closer review, it was noticed that some of the QAT dpdkdrv
unit tests need updating:
- "Broken igb_uio DPDKdriver..." is actually testing unknown device ID
and we already have tests for it -> drop.
- "igb_uio DPDKdriver with one kernel bound device (not QAT device)" is
testing something impossible: an unknown VF devID is originated from a
QAT PF -> drop.
- creating files for unbind/new_id etc. is unnecessary because
os.WriteFile() creates them during the tests -> drop these lines to
simplify unit tests maintenance.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
To make QAT plugin deployment consistent with the other plugins
we update the default flags and deploy without the flag settings
provided by the ConfigMap.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
- used the same go version as for the project build
- used verbose output
- fixed gofmt check failures
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
The devices enabled by default are different between the
kustomize and operator based deployments.
This change harmonizes the defaults to c6xxvf and 4xxxvf
in both deployment options.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Add govet-fieldalignment to .golangci.yml
Fix errors that come from adding govet-fieldalignment
- by reordering the fields of structs
- by putting nolint:govet annotations
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
