From f0b8fc898be09045b26676c8ba761a784b498d9e Mon Sep 17 00:00:00 2001
From: Dan Mihai <dmihai@microsoft.com>
Date: Fri, 27 Dec 2024 23:04:10 +0000
Subject: [PATCH] runtime: virtio-blk root device for AKS-Kata

Use virtio-blk for the AKS-Kata Pod VM root storage device. When using
"--pmem discard_writes=on" the entire Pod VM image gets copied into the
Pod VM memory, thus resulting in higher memory consumption.

AKS-CC was already using virtio-blk (not pmem).

Signed-off-by: Dan Mihai <dmihai@microsoft.com>
---
 src/runtime/config/configuration-clh.toml.in |  6 ++++++
 src/runtime/pkg/katautils/config.go          |  1 +
 src/runtime/virtcontainers/clh.go            | 11 +++++++++--
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/runtime/config/configuration-clh.toml.in b/src/runtime/config/configuration-clh.toml.in
index fde10f5bac99..290ed53cee65 100644
--- a/src/runtime/config/configuration-clh.toml.in
+++ b/src/runtime/config/configuration-clh.toml.in
@@ -298,6 +298,12 @@ block_device_driver = "virtio-blk"
 # set to a non zero value.
 #disk_rate_limiter_ops_one_time_burst = 0
 
+# If false and nvdimm is supported, use nvdimm device to plug guest image.
+# Otherwise virtio-block device is used.
+#
+# Default is false
+disable_image_nvdimm = true
+
 [agent.@PROJECT_TYPE@]
 # If enabled, make the agent display debug-level messages.
 # (default: disabled)
diff --git a/src/runtime/pkg/katautils/config.go b/src/runtime/pkg/katautils/config.go
index 0d7e1f42162d..adfa366b03ed 100644
--- a/src/runtime/pkg/katautils/config.go
+++ b/src/runtime/pkg/katautils/config.go
@@ -1121,6 +1121,7 @@ func newClhHypervisorConfig(h hypervisor) (vc.HypervisorConfig, error) {
 		FileBackedMemRootList:          h.FileBackedMemRootList,
 		Debug:                          h.Debug,
 		DisableNestingChecks:           h.DisableNestingChecks,
+		DisableImageNvdimm:             h.DisableImageNvdimm,
 		BlockDeviceDriver:              blockDriver,
 		BlockDeviceCacheSet:            h.BlockDeviceCacheSet,
 		BlockDeviceCacheDirect:         h.BlockDeviceCacheDirect,
diff --git a/src/runtime/virtcontainers/clh.go b/src/runtime/virtcontainers/clh.go
index 24dc66cec37a..f2c2b311dbb4 100644
--- a/src/runtime/virtcontainers/clh.go
+++ b/src/runtime/virtcontainers/clh.go
@@ -492,6 +492,11 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net
 	clh.ctx = newCtx
 	defer span.End()
 
+	clh.Logger().
+		WithField("DisableImageNvdimm", hypervisorConfig.DisableImageNvdimm).
+		WithField("ConfidentialGuest", hypervisorConfig.ConfidentialGuest).
+		Info("CreateVM")
+
 	if err := clh.setConfig(hypervisorConfig); err != nil {
 		return err
 	}
@@ -578,7 +583,9 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net
 	// Set initial amount of cpu's for the virtual machine
 	clh.vmconfig.Cpus = chclient.NewCpusConfig(int32(clh.config.NumVCPUs()), int32(clh.config.DefaultMaxVCPUs))
 
-	params, err := GetKernelRootParams(hypervisorConfig.RootfsType, clh.config.ConfidentialGuest, false)
+	disableNvdimm := (clh.config.DisableImageNvdimm || clh.config.ConfidentialGuest)
+	enableDax := false
+	params, err := GetKernelRootParams(hypervisorConfig.RootfsType, disableNvdimm, enableDax)
 	if err != nil {
 		return err
 	}
@@ -621,7 +628,7 @@ func (clh *cloudHypervisor) CreateVM(ctx context.Context, id string, network Net
 	}
 
 	if assetType == types.ImageAsset {
-		if clh.config.ConfidentialGuest {
+		if disableNvdimm {
 			disk := chclient.NewDiskConfig(assetPath)
 			disk.SetReadonly(true)