Consider requiring all kernel configs to provide /proc/config.gz

[jodh-intel]

We need to make the overall system robust to differing environments. Specifically, the agent needs to be able to handle running in differing kernel and userland environments. To facilitate this, we've added a GetGuestDetails() API call. That allows the runtime to query details of the environment and the agent running inside the image before containers are launched in it.

WARNING: Many random ideas ahead 😄 ...

I'm wondering if it might make sense to mandate that all kernel configs provide the /proc/config.gz file [1]:

• https://github.com/torvalds/linux/blob/master/init/Kconfig#L508..L526

When enabled, that option would allow the agent to send back to the runtime all kernel configs enabled in the guest environment. The runtime could then decide how best to proceed.

It's currently very difficult to define what the "minimum Kata kernel" should provide but this would atleast provide us with the raw data to start investigating how to solve this issue.

Benefits

• Would allow easier debug as we could use standard tooling (grep, diff, etc) to compare known "good" environments with experimental / user-created ones that are experiencing issues.
• Would allow the runtime to record more useful logging information (potentially, rather a lot more! :)
• Might allow us to start defining a "minimum" set of functionality versus "add-ons" that should not be necessarily built into the kernel (they could be modules instead) [2].

Costs

• Slightly bigger kernel size

Alternative

Provide the .config file used to build the kernel package in the package itself as:

/usr/share/doc/kata-linux-container/vmlinu{xz}-${version}.container.config.gz

That would be simple enough to do but wouldn't guarantee that

Related

• Create Linux kernel configuration script #8
• Should we provide multiple guest kernel config files? #55
• create script to validate kernel options across architectures #56

/cc @grahamwhaley, @sboeuf, @jcvenegas.

---

[1] - If we really wanted to mandate it, the agent could check for this file and abort if not found 😄

[2] - What would be really neat is if the kernel could go one stage beyond providing /proc/config.gz and allow userland to be able to determine which CONFIG_* options *are currently loaded into the running kernel (in other words, exclude all CONFIG_* options that relate exclusively to kernel modules that are not currently loaded). That would allow us to create a fully modular kernel, run a set of tests that we feel "fully exercises" Kata capabilities and then simply run something like:

$ sudo diff /proc/config.gz /proc/config/loaded.gz

... to identify what minimum set of kernel config options" define a "Kata kernel". At that point, we could make those options builtins (as they are "fastpath") and all other options could either be discarded entirely or made into modules ("slowpath").

[jodh-intel]

If we did require /proc/config.gz, we could also make the kata-collect-data.sh script do something equivalent to extract-ikconfig so that we could add the config to bug reports.

[marcov]

@jodh-intel: is it something a kata-containers uses case having users using their own built kernel?
Do you plan to support* these users?

*: support as help debugging issues.

I think this feature is a nice to have, but could maybe give the users a perception that they could run what kernel they want. I just want to make sure this is something ok or not :)

[jodh-intel]

We provide a default kernel with kata, just like we provide a default guest image. But yes, users should be able to use their own kernel as they may have particular use-cases that require particular kernel config options that we don't want to enable in the default kernel. However, the only way users could reliably create their own kernel would be to either base the config off the default kernel config files in this repo, or build their kernel ensuring it has the "minimal set of Kata kernel config options enabled as we've documented them. The problem is, we haven't done that :) Of course, we really don't want to document every single kernel config option we specify for each architecture and that's what led me to raise #8.

But this isn't just for comparing $user_kernel with $default_kernel, I was also imagining we could potentially compare $some_arch_default_kernelwith$another_arch_default_kernel` too.

Do you plan to support* these users?

*: support as help debugging issues.

Just as if users decide to replace other parts of the system (say by using a custom image), we could only realistically offer some suggestions and advice on a "best-effort" basis since:

• we know the default setup works.
• the user presumably messed with it and somehow broke it and are now asking for help :)

But of course, if it's easy for users to create kernels/images and easy for us to establish the differences between the default provided assets, everyone wins 😄

/cc @egernst, @grahamwhaley.

[marcov]

thanks for explaining @jodh-intel. According to your description, making the /proc/config.gz is surely helpful.

On the other side, a user kernel may not even boot, so having the config in the kernel will not help in this case. #8 looks a possible mitigation to this.
(Or any other way to statically check a built kernel like with nm or gdb? Sorry I don't want to hijack this thread... :-) )

[jodh-intel]

Re unbootable config, see #222 (comment) which mentions extract-ikconfig.

[jodh-intel]

As has been pointed out to me, we could use a bit of kernel build magic to trim down the config files:

• Convert all =y options to =m in .config
• Build the kernel.
• Create a container.
• Run a set of tests designed to exercise as much functionality as possible.
• In the container environment, install the kernel sources used for the guest kernel.
• In the kernel source tree, run make localmodconfig to create a new .config based on the currently loaded modules.
• Diff the two .config files and see what can be dropped from the "official" .config file (or possibly retained as =m if we do decide to enable modules).