Ayush Ranjan

icon indicating a website link https://ayushr.com/ icon indicating an email [email protected]

icon company @google icon location Sunnyvale icon location Software Engineer at Google. Working on gVisor. UIUC alumnus.

Results 167 comments of Ayush Ranjan

starting container with gvisor and NVIDIA gpu is getting hanged.

> Unfortunately, sudo nvidia-ctk runtime configure assumes that runc is being used. I found the nvidia-container-toolkit pointers for this: - `nvidia-ctk runtime configure` [invokes `engine.Interface.AddRuntime()`](https://github.com/NVIDIA/nvidia-container-toolkit/blob/8a6c1944a5423cf1be0c72d60a63544a78159870/cmd/nvidia-ctk/runtime/configure/configure.go#L278-L282). - For containerd, [`nvidia-container-toolkit/pkg/config/engine/containerd/config_v2.go:AddRuntime()`](https://github.com/NVIDIA/nvidia-container-toolkit/blob/8a6c1944a5423cf1be0c72d60a63544a78159870/pkg/config/engine/containerd/config_v2.go#L48C100-L48C112) sets`plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia:runtime_type`...

starting container with gvisor and NVIDIA gpu is getting hanged.

Ah I see what's going on. In my setup, I am also passing `--nvproxy-docker` flag. This is deprecated flag, which (for backward compatibility) forces the [nvidia prestart hook](https://github.com/opencontainers/runtime-spec/blob/main/config.md#prestart) to be...

starting container with gvisor and NVIDIA gpu is getting hanged.

Okay I figured it out. `nvidia-ctk runtime configure` adds the following lines: ``` [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia.options] BinaryName = "/usr/bin/nvidia-container-runtime" ``` This is to instruct the runtime shim to invoke `/usr/bin/nvidia-container-runtime` instead of...

starting container with gvisor and NVIDIA gpu is getting hanged.

Yeah, You can have multiple toml config files for runsc. Here is how you could set up containerd: ``` version = 2 [plugins] [plugins."io.containerd.grpc.v1.cri"] [plugins."io.containerd.grpc.v1.cri".containerd] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.nvidia] runtime_type = "io.containerd.runsc.v1"...

Running filebench in gVisor

IIUC ASLR in gVisor is implemented here: https://github.com/google/gvisor/blob/b050c045d16d222a977f982be8de2c1a1052228a/pkg/sentry/arch/arch_amd64.go#L232-L256 We don't have a way to disable that as of right now.

strace sendmsg(): errno=22 (invalid argument)

The EINVAL is coming from https://github.com/google/gvisor/blob/f45c79e15a27236e4f0dd76a346a32b7873ae5fb/pkg/sentry/syscalls/linux/sys_socket.go#L976-L979 Here, we consider `MSG_CMSG_CLOEXEC = 0x40000000` as unsupported. We need to add support for that.

Incorrect "mount" in config.json is either silently ignored or crashes runsc

When the mount type is not specified, gVisor just ignores the mount: https://github.com/google/gvisor/blob/d30c58e5b8a4ead573d82eba3c8c240eafa21af2/runsc/boot/vfs.go#L929-L931 In this case, runc attempts to mount it and fails with: ``` WARN[0000] freezer not supported: openat2...

Incorrect "mount" in config.json is either silently ignored or crashes runsc

> diagnostics IMO could be improved I agree. It is because of `util.Fatalf()` usages in `runsc/cmd/gofer.go`. It causes gofer to exit and the sandbox fails with: ``` FATAL ERROR: Error...

Gvisor pod cannot be terminated properly

> I'm quite sure it's a containerd vs gvisor-shim problem. > Given how many breaking changes containerd v2 introduced in that space: @SISheogorath @smira I saw that containerd v2.0.1 was...

pkg/tcpip: impl json.Marshaler/Unmarshaler for StatCounter to Marshal/Unmarshal *Stats

This doesn't have any usages in gVisor codebase. If you are using the netstack package, maybe just define this in the client code? `StatCounter` is an exported type.