add multi-pod tmpfs support

Signed-off-by: Hamza El-Saawy <[email protected]>

Author: helsaawy

internal/guest/runtime/hcsv2/uvm.go

@@ -322,8 +322,7 @@ func setupSandboxMountsPath(id string) (err error) {
 	return storage.MountRShared(mountPath)
 }
 
-func setupSandboxTmpfsMountsPath(id string) error {
-	var err error
+func setupSandboxTmpfsMountsPath(id string) (err error) {
 	tmpfsDir := specGuest.SandboxTmpfsMountsDir(id)
 	if err := os.MkdirAll(tmpfsDir, 0755); err != nil {
 		return errors.Wrapf(err, "failed to create sandbox tmpfs mounts dir in sandbox %v", id)
@@ -473,16 +472,13 @@ func (h *Host) CreateContainer(ctx context.Context, id string, settings *prot.VM
 
 			if isVirtualPod {
 				// For virtual pods, create virtual pod specific paths
-				err = setupVirtualPodMountsPath(virtualPodID, id)
-				if err != nil {
+				if err = setupVirtualPodMountsPath(virtualPodID); err != nil {
 					return nil, err
 				}
-				// Create hugepages path for virtual pod
-				mountPath := specGuest.VirtualPodHugePagesMountsDir(virtualPodID)
-				if err := os.MkdirAll(mountPath, 0755); err != nil {
-					return nil, errors.Wrapf(err, "failed to create virtual pod hugepage mounts dir %v", virtualPodID)
+				if err = setupVirtualPodTmpfsMountsPath(virtualPodID); err != nil {
+					return nil, err
 				}
-				if err := storage.MountRShared(mountPath); err != nil {
+				if err = setupVirtualPodHugePageMountsPath(virtualPodID); err != nil {
 					return nil, err
 				}
 			} else {
@@ -1556,11 +1552,11 @@ func (h *Host) cleanupVirtualPod(virtualSandboxID string) {
 }
 
 // setupVirtualPodMountsPath creates mount directories for virtual pods
-func setupVirtualPodMountsPath(virtualSandboxID, masterSandboxID string) (err error) {
+func setupVirtualPodMountsPath(virtualSandboxID string) (err error) {
 	// Create virtual pod specific mount path using the new path generation functions
 	mountPath := specGuest.VirtualPodMountsDir(virtualSandboxID)
 	if err := os.MkdirAll(mountPath, 0755); err != nil {
-		return errors.Wrapf(err, "failed to create virtual pod sandboxMounts dir %v", virtualSandboxID)
+		return errors.Wrapf(err, "failed to create virtual pod mounts dir in sandbox %v", virtualSandboxID)
 	}
 	defer func() {
 		if err != nil {
@@ -1570,3 +1566,34 @@ func setupVirtualPodMountsPath(virtualSandboxID, masterSandboxID string) (err er
 
 	return storage.MountRShared(mountPath)
 }
+
+func setupVirtualPodTmpfsMountsPath(virtualSandboxID string) (err error) {
+	tmpfsDir := specGuest.VirtualPodTmpfsMountsDir(virtualSandboxID)
+	if err := os.MkdirAll(tmpfsDir, 0755); err != nil {
+		return errors.Wrapf(err, "failed to create virtual pod tmpfs mounts dir in sandbox %v", virtualSandboxID)
+	}
+
+	defer func() {
+		if err != nil {
+			_ = os.RemoveAll(tmpfsDir)
+		}
+	}()
+
+	// mount a tmpfs at the tmpfsDir
+	// this ensures that the tmpfsDir is a mount point and not just a directory
+	// we don't care if it is already mounted, so ignore EBUSY
+	if err := unix.Mount("tmpfs", tmpfsDir, "tmpfs", 0, ""); err != nil && !errors.Is(err, unix.EBUSY) {
+		return errors.Wrapf(err, "failed to mount tmpfs at %s", tmpfsDir)
+	}
+
+	return storage.MountRShared(tmpfsDir)
+}
+
+func setupVirtualPodHugePageMountsPath(virtualSandboxID string) error {
+	mountPath := specGuest.VirtualPodHugePagesMountsDir(virtualSandboxID)
+	if err := os.MkdirAll(mountPath, 0755); err != nil {
+		return errors.Wrapf(err, "failed to create virtual pod hugepage mounts dir %v", virtualSandboxID)
+	}
+
+	return storage.MountRShared(mountPath)
+}

internal/guest/runtime/hcsv2/workload_container.go

@@ -45,13 +45,15 @@ func updateSandboxMounts(sbid string, spec *oci.Spec) error {
 		var sandboxSource string
 		// if using `sandbox-tmp://` prefix, we mount a tmpfs in sandboxTmpfsMountsDir
 		if strings.HasPrefix(m.Source, guestpath.SandboxTmpfsMountPrefix) {
-			sandboxSource = specGuest.SandboxTmpfsMountSource(sbid, m.Source)
+			// Use virtual pod aware mount source
+			sandboxSource = specGuest.VirtualPodAwareSandboxTmpfsMountSource(sbid, virtualSandboxID, m.Source)
+			expectedMountsDir := specGuest.VirtualPodAwareSandboxTmpfsMountsDir(sbid, virtualSandboxID)
+
 			// filepath.Join cleans the resulting path before returning, so it would resolve the relative path if one was given.
 			// Hence, we need to ensure that the resolved path is still under the correct directory
-			if !strings.HasPrefix(sandboxSource, specGuest.SandboxTmpfsMountsDir(sbid)) {
-				return errors.Errorf("mount path %v for mount %v is not within sandboxTmpfsMountsDir", sandboxSource, m.Source)
+			if !strings.HasPrefix(sandboxSource, expectedMountsDir) {
+				return errors.Errorf("mount path %v for mount %v is not within sandbox's tmpfs mounts dir", sandboxSource, m.Source)
 			}
-
 		} else {
 			// Use virtual pod aware mount source
 			sandboxSource = specGuest.VirtualPodAwareSandboxMountSource(sbid, virtualSandboxID, m.Source)
@@ -81,29 +83,31 @@ func updateHugePageMounts(sbid string, spec *oci.Spec) error {
 	virtualSandboxID := spec.Annotations[annotations.VirtualPodID]
 
 	for i, m := range spec.Mounts {
-		if strings.HasPrefix(m.Source, guestpath.HugePagesMountPrefix) {
-			// Use virtual pod aware hugepages directory
-			mountsDir := specGuest.VirtualPodAwareHugePagesMountsDir(sbid, virtualSandboxID)
-			subPath := strings.TrimPrefix(m.Source, guestpath.HugePagesMountPrefix)
-			pageSize := strings.Split(subPath, string(os.PathSeparator))[0]
-			hugePageMountSource := filepath.Join(mountsDir, subPath)
-
-			// filepath.Join cleans the resulting path before returning so it would resolve the relative path if one was given.
-			// Hence, we need to ensure that the resolved path is still under the correct directory
-			if !strings.HasPrefix(hugePageMountSource, mountsDir) {
-				return errors.Errorf("mount path %v for mount %v is not within hugepages's mounts dir", hugePageMountSource, m.Source)
-			}
+		if !strings.HasPrefix(m.Source, guestpath.HugePagesMountPrefix) {
+			continue
+		}
+
+		// Use virtual pod aware hugepages directory
+		mountsDir := specGuest.VirtualPodAwareHugePagesMountsDir(sbid, virtualSandboxID)
+		subPath := strings.TrimPrefix(m.Source, guestpath.HugePagesMountPrefix)
+		pageSize := strings.Split(subPath, string(os.PathSeparator))[0]
+		hugePageMountSource := filepath.Join(mountsDir, subPath)
+
+		// filepath.Join cleans the resulting path before returning so it would resolve the relative path if one was given.
+		// Hence, we need to ensure that the resolved path is still under the correct directory
+		if !strings.HasPrefix(hugePageMountSource, mountsDir) {
+			return errors.Errorf("mount path %v for mount %v is not within hugepages's mounts dir", hugePageMountSource, m.Source)
+		}
 
-			spec.Mounts[i].Source = hugePageMountSource
+		spec.Mounts[i].Source = hugePageMountSource
 
-			_, err := os.Stat(hugePageMountSource)
-			if os.IsNotExist(err) {
-				if err := mkdirAllModePerm(hugePageMountSource); err != nil {
-					return err
-				}
-				if err := unix.Mount("none", hugePageMountSource, "hugetlbfs", 0, "pagesize="+pageSize); err != nil {
-					return errors.Errorf("mount operation failed for %v failed with error %v", hugePageMountSource, err)
-				}
+		_, err := os.Stat(hugePageMountSource)
+		if os.IsNotExist(err) {
+			if err := mkdirAllModePerm(hugePageMountSource); err != nil {
+				return err
+			}
+			if err := unix.Mount("none", hugePageMountSource, "hugetlbfs", 0, "pagesize="+pageSize); err != nil {
+				return errors.Errorf("mount operation failed for %v failed with error %v", hugePageMountSource, err)
 			}
 		}
 	}

internal/guest/spec/spec.go

@@ -122,6 +122,19 @@ func SandboxTmpfsMountsDir(sandboxID string) string {
 	return filepath.Join(SandboxRootDir(sandboxID), "sandboxTmpfsMounts")
 }
 
+// VirtualPodTmpfsMountsDir returns virtual pod tmpfs mounts directory inside UVM/host.
+func VirtualPodTmpfsMountsDir(virtualSandboxID string) string {
+	return filepath.Join(VirtualPodRootDir(virtualSandboxID), "sandboxTmpfsMounts")
+}
+
+// VirtualPodAwareSandboxMountsDir returns the appropriate tmpfs mounts directory
+func VirtualPodAwareSandboxTmpfsMountsDir(sandboxID, virtualSandboxID string) string {
+	if virtualSandboxID != "" {
+		return VirtualPodTmpfsMountsDir(virtualSandboxID)
+	}
+	return SandboxTmpfsMountsDir(sandboxID)
+}
+
 // HugePagesMountsDir returns hugepages mounts directory inside UVM.
 func HugePagesMountsDir(sandboxID string) string {
 	return filepath.Join(SandboxRootDir(sandboxID), "hugepages")
@@ -164,6 +177,16 @@ func SandboxTmpfsMountSource(sandboxID, path string) string {
 	return filepath.Join(tmpfsMountDir, subPath)
 }
 
+// VirtualPodAwareSandboxTmpfsMountSource returns tmpfs mount source path for virtual pod aware containers
+func VirtualPodAwareSandboxTmpfsMountSource(sandboxID, virtualSandboxID, path string) string {
+	if virtualSandboxID != "" {
+		mountsDir := VirtualPodTmpfsMountsDir(virtualSandboxID)
+		subPath := strings.TrimPrefix(path, guestpath.SandboxTmpfsMountPrefix)
+		return filepath.Join(mountsDir, subPath)
+	}
+	return SandboxTmpfsMountSource(sandboxID, path)
+}
+
 // HugePagesMountSource returns hugepages mount path inside UVM
 func HugePagesMountSource(sandboxID, path string) string {
 	mountsDir := HugePagesMountsDir(sandboxID)