runtime: use virtio-blk for the guest image

Use virtio-blk for the guest rootfs image by default, because on the current AKS hosts the entire image gets copied into guest MAP_PRIVATE memory pages when using cloud-hypervisor's "--pmem discard_writes=on".
microsoft · Dec 27, 2024 · b7b6f45 · b7b6f45
1 parent dae5080
commit b7b6f45
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 2 deletions.
diff --git a/src/runtime/config/configuration-clh.toml.in b/src/runtime/config/configuration-clh.toml.in
@@ -298,6 +298,12 @@ block_device_driver = "virtio-blk"
 # set to a non zero value.
 #disk_rate_limiter_ops_one_time_burst = 0
 
+# If false and nvdimm is supported, use nvdimm device to plug guest image.
+# Otherwise virtio-block device is used.
+#
+# Default is false
+disable_image_nvdimm = true
+
 [agent.@PROJECT_TYPE@]
 # If enabled, make the agent display debug-level messages.
 # (default: disabled)

diff --git a/src/runtime/pkg/katautils/config.go b/src/runtime/pkg/katautils/config.go
@@ -1121,6 +1121,7 @@ func newClhHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) {
 		FileBackedMemRootList:          h.FileBackedMemRootList,
 		Debug:                          h.Debug,
 		DisableNestingChecks:           h.DisableNestingChecks,
+		DisableImageNvdimm:             h.DisableImageNvdimm,
 		BlockDeviceDriver:              blockDriver,
 		BlockDeviceCacheSet:            h.BlockDeviceCacheSet,
 		BlockDeviceCacheDirect:         h.BlockDeviceCacheDirect,

diff --git a/src/runtime/virtcontainers/clh.go b/src/runtime/virtcontainers/clh.go
@@ -492,6 +492,11 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net
 	clh.ctx = newCtx
 	defer span.End()
 
+	clh.Logger().
+		WithField("DisableImageNvdimm", hypervisorConfig.DisableImageNvdimm).
+		WithField("ConfidentialGuest", hypervisorConfig.ConfidentialGuest).
+		Info("CreateVM")
+
 	if err := clh.setConfig(hypervisorConfig); err != nil {
 		return err
 	}
@@ -578,7 +583,9 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net
 	// Set initial amount of cpu's for the virtual machine
 	clh.vmconfig.Cpus = chclient.NewCpusConfig(int32(clh.config.NumVCPUs()), int32(clh.config.DefaultMaxVCPUs))
 
-	params, err := GetKernelRootParams(hypervisorConfig.RootfsType, clh.config.ConfidentialGuest, false)
+	disableNvdimm := (clh.config.DisableImageNvdimm || clh.config.ConfidentialGuest)
+	enableDax := false
+	params, err := GetKernelRootParams(hypervisorConfig.RootfsType, disableNvdimm, enableDax)
 	if err != nil {
 		return err
 	}
@@ -621,7 +628,7 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net
 	}
 
 	if assetType == types.ImageAsset {
-		if clh.config.ConfidentialGuest {
+		if disableNvdimm {
 			disk := chclient.NewDiskConfig(assetPath)
 			disk.SetReadonly(true)