UniqAI/nvidia-container-toolkit
1
0
Fork 0
mirror of https://github.com/NVIDIA/nvidia-container-toolkit synced 2025-06-26 18:18:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge 5d55813fb8 into 2aadbbf22d

Browse Source
This commit is contained in:
Evan Lezar 2024-09-23 14:53:20 +02:00 committed by GitHub
commit 90614051db
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
28 changed files with 513 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/nvidia-ctk/cdi/generate/generate.go
View File

@ -60,6 +60,11 @@ type options struct {
files cli.StringSlice
ignorePatterns cli.StringSlice
}
// spec represents the CDI spec options.
spec struct {
allowAdditionalGIDs bool
}
}
// NewCommand constructs a generate-cdi command with the specified logger
@ -169,6 +174,11 @@ func (m command) build() *cli.Command {
Usage: "Specify a pattern the CSV mount specifications.",
Destination: &opts.csv.ignorePatterns,
},
&cli.BoolFlag{
Name: "--allow-additional-gids",
Usage: "Allow the use of the additionalGIDs field for generated CDI specifications. Note this will generate a v0.7.0 CDI specification.",
Destination: &opts.spec.allowAdditionalGIDs,
},
}
return &c
@ -273,6 +283,7 @@ func (m command) generateSpec(opts *options) (spec.Interface, error) {
nvcdi.WithLibrarySearchPaths(opts.librarySearchPaths.Value()),
nvcdi.WithCSVFiles(opts.csv.files.Value()),
nvcdi.WithCSVIgnorePatterns(opts.csv.ignorePatterns.Value()),
nvcdi.WithAllowAdditionalGIDs(opts.spec.allowAdditionalGIDs),
)
if err != nil {
return nil, fmt.Errorf("failed to create CDI library: %v", err)

49
internal/config/features.go
View File

@ -17,12 +17,17 @@
package config
type featureName string
type feature bool
const (
FeatureGDS = featureName("gds")
FeatureMOFED = featureName("mofed")
FeatureNVSWITCH = featureName("nvswitch")
FeatureGDRCopy = featureName("gdrcopy")
FeatureAllowAdditionalGIDs = featureName("allow-additional-gids")
FeatureGDRCopy = featureName("gdrcopy")
FeatureGDS = featureName("gds")
FeatureMOFED = featureName("mofed")
FeatureNVSWITCH = featureName("nvswitch")
featureEnabled feature = true
featureDisabled feature = false
)
// features specifies a set of named features.
@ -31,19 +36,23 @@ type features struct {
MOFED *feature `toml:"mofed,omitempty"`
NVSWITCH *feature `toml:"nvswitch,omitempty"`
GDRCopy *feature `toml:"gdrcopy,omitempty"`
// AllowAdditionalGIDs triggers the additionalGIDs field in internal CDI
// specifications to be populated if required. This can be useful when
// running the container as a user id that may not have access to device
// nodes.
AllowAdditionalGIDs *feature `toml:"allow-additional-gids,omitempty"`
}
type feature bool
// IsEnabled checks whether a specified named feature is enabled.
// An optional list of environments to check for feature-specific environment
// variables can also be supplied.
func (fs features) IsEnabled(n featureName, in ...getenver) bool {
featureEnvvars := map[featureName]string{
FeatureGDS: "NVIDIA_GDS",
FeatureMOFED: "NVIDIA_MOFED",
FeatureNVSWITCH: "NVIDIA_NVSWITCH",
FeatureGDRCopy: "NVIDIA_GDRCOPY",
FeatureGDS: "NVIDIA_GDS",
FeatureMOFED: "NVIDIA_MOFED",
FeatureNVSWITCH: "NVIDIA_NVSWITCH",
FeatureGDRCopy: "NVIDIA_GDRCOPY",
FeatureAllowAdditionalGIDs: "NVIDIA_ALLOW_ADDITIONAL_GIDS",
}
envvar := featureEnvvars[n]
@ -56,6 +65,8 @@ func (fs features) IsEnabled(n featureName, in ...getenver) bool {
return fs.NVSWITCH.isEnabled(envvar, in...)
case FeatureGDRCopy:
return fs.GDRCopy.isEnabled(envvar, in...)
case FeatureAllowAdditionalGIDs:
return fs.AllowAdditionalGIDs.isEnabled(envvar, in...)
default:
return false
}
@ -66,17 +77,19 @@ func (fs features) IsEnabled(n featureName, in ...getenver) bool {
// associated envvar is checked in the specified getenver for the string "enabled"
// A CUDA container / image can be passed here.
func (f *feature) isEnabled(envvar string, ins ...getenver) bool {
if envvar != "" {
for _, in := range ins {
switch in.Getenv(envvar) {
case "enabled", "true":
return true
case "disabled", "false":
return false
}
}
}
if f != nil {
return bool(*f)
}
if envvar == "" {
return false
}
for _, in := range ins {
if in.Getenv(envvar) == "enabled" {
return true
}
}
return false
}

150
internal/config/features_test.go Normal file
View File

@ -0,0 +1,150 @@
/**
# Copyright 2024 NVIDIA CORPORATION
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
**/
package config
import (
"testing"
"github.com/stretchr/testify/require"
)
func TestFeatures(t *testing.T) {
testCases := []struct {
description string
features features
expected map[featureName]bool
envs []getenver
}{
{
description: "empty features",
expected: map[featureName]bool{
FeatureAllowAdditionalGIDs: false,
FeatureGDRCopy: false,
FeatureGDS: false,
FeatureMOFED: false,
FeatureNVSWITCH: false,
},
},
{
description: "envvar sets features if enabled",
expected: map[featureName]bool{
FeatureAllowAdditionalGIDs: true,
FeatureGDRCopy: false,
FeatureGDS: false,
FeatureMOFED: false,
FeatureNVSWITCH: false,
},
envs: []getenver{
mockEnver{
"NVIDIA_ALLOW_ADDITIONAL_GIDS": "enabled",
},
},
},
{
description: "envvar sets features if true",
expected: map[featureName]bool{
FeatureAllowAdditionalGIDs: true,
FeatureGDRCopy: false,
FeatureGDS: false,
FeatureMOFED: false,
FeatureNVSWITCH: false,
},
envs: []getenver{
mockEnver{
"NVIDIA_ALLOW_ADDITIONAL_GIDS": "true",
},
},
},
{
description: "feature sets feature",
features: features{
AllowAdditionalGIDs: ptr(featureEnabled),
},
},
}
for _, tc := range testCases {
t.Run(tc.description, func(t *testing.T) {
for n, v := range tc.expected {
t.Run(tc.description+"-"+string(n), func(t *testing.T) {
require.EqualValues(t, v, tc.features.IsEnabled(n, tc.envs...))
})
}
})
}
}
func TestFeature(t *testing.T) {
testCases := []struct {
description string
feature *feature
envvar string
envs []getenver
expected bool
}{
{
description: "nil feature is false",
feature: nil,
expected: false,
},
{
description: "feature enables",
feature: ptr(featureEnabled),
expected: true,
},
{
description: "feature disabled",
feature: ptr(featureDisabled),
expected: false,
},
{
description: "envvar overrides feature disabled",
feature: ptr(featureDisabled),
envvar: "FEATURE",
envs: []getenver{
mockEnver{"FEATURE": "enabled"},
},
expected: true,
},
{
description: "envvar overrides feature enabled",
feature: ptr(featureEnabled),
envvar: "FEATURE",
envs: []getenver{
mockEnver{"FEATURE": "disabled"},
},
expected: false,
},
}
for _, tc := range testCases {
t.Run(tc.description, func(t *testing.T) {
require.EqualValues(t, tc.expected, tc.feature.isEnabled(tc.envvar, tc.envs...))
})
}
}
type mockEnver map[string]string
func (m mockEnver) Getenv(k string) string {
return m[k]
}
func ptr[T any](x T) *T {
return &x
}

29
internal/edits/api.go Normal file
View File

@ -0,0 +1,29 @@
/**
# Copyright 2024 NVIDIA CORPORATION
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
**/
package edits
import (
"tags.cncf.io/container-device-interface/pkg/cdi"
"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
"github.com/NVIDIA/nvidia-container-toolkit/internal/oci"
)
type Interface interface {
EditsFromDiscoverer(discover.Discover) (*cdi.ContainerEdits, error)
SpecModifierFromDiscoverer(discover.Discover) (oci.SpecModifier, error)
}

42
internal/edits/device.go
View File

@ -17,6 +17,9 @@
package edits
import (
"os"
"golang.org/x/sys/unix"
"tags.cncf.io/container-device-interface/pkg/cdi"
"tags.cncf.io/container-device-interface/specs-go"
@ -26,15 +29,23 @@ import (
type device discover.Device
// toEdits converts a discovered device to CDI Container Edits.
func (d device) toEdits() (*cdi.ContainerEdits, error) {
func (d device) toEdits(allowAdditionalGIDs bool) (*cdi.ContainerEdits, error) {
deviceNode, err := d.toSpec()
if err != nil {
return nil, err
}
var additionalGIDs []uint32
if allowAdditionalGIDs {
if requiredGID := d.getRequiredGID(); requiredGID != 0 {
additionalGIDs = append(additionalGIDs, requiredGID)
}
}
e := cdi.ContainerEdits{
ContainerEdits: &specs.ContainerEdits{
DeviceNodes: []*specs.DeviceNode{deviceNode},
DeviceNodes: []*specs.DeviceNode{deviceNode},
AdditionalGIDs: additionalGIDs,
},
}
return &e, nil
@ -52,6 +63,7 @@ func (d device) toSpec() (*specs.DeviceNode, error) {
if hostPath == d.Path {
hostPath = ""
}
s := specs.DeviceNode{
HostPath: hostPath,
Path: d.Path,
@ -59,3 +71,29 @@ func (d device) toSpec() (*specs.DeviceNode, error) {
return &s, nil
}
// getRequiredGID returns the group id of the device if the device is not world read/writable.
// If the information cannot be extracted or an error occurs, 0 is returned.
func (d device) getRequiredGID() uint32 {
path := d.HostPath
if path == "" {
path = d.Path
}
if path == "" {
return 0
}
var stat unix.Stat_t
if err := unix.Lstat(path, &stat); err != nil {
return 0
}
// This is only supported for char devices
if stat.Mode&unix.S_IFMT != unix.S_IFCHR {
return 0
}
if permissionsForOther := os.FileMode(stat.Mode).Perm(); permissionsForOther&06 == 0 {
return stat.Gid
}
return 0
}

56
internal/edits/edits.go
View File

@ -17,15 +17,11 @@
package edits
import (
"fmt"
ociSpecs "github.com/opencontainers/runtime-spec/specs-go"
"tags.cncf.io/container-device-interface/pkg/cdi"
"tags.cncf.io/container-device-interface/specs-go"
"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
"github.com/NVIDIA/nvidia-container-toolkit/internal/oci"
)
type edits struct {
@ -33,58 +29,6 @@ type edits struct {
logger logger.Interface
}
// NewSpecEdits creates a SpecModifier that defines the required OCI spec edits (as CDI ContainerEdits) from the specified
// discoverer.
func NewSpecEdits(logger logger.Interface, d discover.Discover) (oci.SpecModifier, error) {
c, err := FromDiscoverer(d)
if err != nil {
return nil, fmt.Errorf("error constructing container edits: %v", err)
}
e := edits{
ContainerEdits: *c,
logger: logger,
}
return &e, nil
}
// FromDiscoverer creates CDI container edits for the specified discoverer.
func FromDiscoverer(d discover.Discover) (*cdi.ContainerEdits, error) {
devices, err := d.Devices()
if err != nil {
return nil, fmt.Errorf("failed to discover devices: %v", err)
}
mounts, err := d.Mounts()
if err != nil {
return nil, fmt.Errorf("failed to discover mounts: %v", err)
}
hooks, err := d.Hooks()
if err != nil {
return nil, fmt.Errorf("failed to discover hooks: %v", err)
}
c := NewContainerEdits()
for _, d := range devices {
edits, err := device(d).toEdits()
if err != nil {
return nil, fmt.Errorf("failed to created container edits for device: %v", err)
}
c.Append(edits)
}
for _, m := range mounts {
c.Append(mount(m).toEdits())
}
for _, h := range hooks {
c.Append(hook(h).toEdits())
}
return c, nil
}
// NewContainerEdits is a utility function to create a CDI ContainerEdits struct.
func NewContainerEdits() *cdi.ContainerEdits {
c := cdi.ContainerEdits{

2
internal/edits/edits_test.go
View File

@ -25,7 +25,7 @@ import (
)
func TestFromDiscovererAllowsMountsToIterate(t *testing.T) {
edits, err := FromDiscoverer(discover.None{})
edits, err := New().EditsFromDiscoverer(discover.None{})
require.NoError(t, err)
require.Empty(t, edits.Mounts)

92
internal/edits/lib.go Normal file
View File

@ -0,0 +1,92 @@
/**
# Copyright 2024 NVIDIA CORPORATION
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
**/
package edits
import (
"fmt"
"tags.cncf.io/container-device-interface/pkg/cdi"
"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
"github.com/NVIDIA/nvidia-container-toolkit/internal/oci"
)
// New creates an Interface from the supplied options.
func New(opts ...Option) Interface {
o := &options{}
for _, opt := range opts {
opt(o)
}
if o.logger == nil {
o.logger = logger.New()
}
return o
}
// EditsFromDiscoverer creates CDI container edits for the specified discoverer.
func (o *options) EditsFromDiscoverer(d discover.Discover) (*cdi.ContainerEdits, error) {
devices, err := d.Devices()
if err != nil {
return nil, fmt.Errorf("failed to discover devices: %w", err)
}
mounts, err := d.Mounts()
if err != nil {
return nil, fmt.Errorf("failed to discover mounts: %w", err)
}
hooks, err := d.Hooks()
if err != nil {
return nil, fmt.Errorf("failed to discover hooks: %w", err)
}
c := NewContainerEdits()
for _, d := range devices {
edits, err := device(d).toEdits(o.allowAdditionalGIDs)
if err != nil {
return nil, fmt.Errorf("failed to create container edits for device: %w", err)
}
c.Append(edits)
}
for _, m := range mounts {
c.Append(mount(m).toEdits())
}
for _, h := range hooks {
c.Append(hook(h).toEdits())
}
return c, nil
}
// SpecModifierFromDiscoverer creates a SpecModifier that defines the required OCI spec edits (as CDI ContainerEdits) from the specified
// discoverer.
func (o *options) SpecModifierFromDiscoverer(d discover.Discover) (oci.SpecModifier, error) {
c, err := o.EditsFromDiscoverer(d)
if err != nil {
return nil, fmt.Errorf("error constructing container edits: %w", err)
}
e := edits{
ContainerEdits: *c,
logger: o.logger,
}
return &e, nil
}

38
internal/edits/options.go Normal file
View File

@ -0,0 +1,38 @@
/**
# Copyright 2024 NVIDIA CORPORATION
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
**/
package edits
import "github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
type options struct {
logger logger.Interface
allowAdditionalGIDs bool
}
type Option func(*options)
func WithLogger(logger logger.Interface) Option {
return func(o *options) {
o.logger = logger
}
}
func WithAllowAdditionalGIDs(allowAdditionalGIDs bool) Option {
return func(o *options) {
o.allowAdditionalGIDs = allowAdditionalGIDs
}
}

30
internal/edits/resource.go Normal file
View File

@ -0,0 +1,30 @@
/**
# Copyright 2024 NVIDIA CORPORATION
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
**/
package edits
import (
"tags.cncf.io/container-device-interface/pkg/cdi"
"tags.cncf.io/container-device-interface/specs-go"
)
// NewResource creates a CDI resource (Device) with the specified name.
func NewResource(name string, edits *cdi.ContainerEdits) specs.Device {
return specs.Device{
Name: name,
ContainerEdits: *edits.ContainerEdits,
}
}

19
internal/modifier/discover.go
View File

@ -28,16 +28,18 @@ import (
)
type discoverModifier struct {
logger logger.Interface
discoverer discover.Discover
logger logger.Interface
discoverer discover.Discover
allowAdditionalGIDs bool
}
// NewModifierFromDiscoverer creates a modifier that applies the discovered
// modifications to an OCI spec if required by the runtime wrapper.
func NewModifierFromDiscoverer(logger logger.Interface, d discover.Discover) (oci.SpecModifier, error) {
func NewModifierFromDiscoverer(logger logger.Interface, d discover.Discover, allowAdditionalGIDs bool) (oci.SpecModifier, error) {
m := discoverModifier{
logger: logger,
discoverer: d,
logger: logger,
discoverer: d,
allowAdditionalGIDs: allowAdditionalGIDs,
}
return &m, nil
}
@ -45,7 +47,12 @@ func NewModifierFromDiscoverer(logger logger.Interface, d discover.Discover) (oc
// Modify applies the modifications required by discoverer to the incomming OCI spec.
// These modifications are applied in-place.
func (m discoverModifier) Modify(spec *specs.Spec) error {
specEdits, err := edits.NewSpecEdits(m.logger, m.discoverer)
e := edits.New(
edits.WithLogger(m.logger),
edits.WithAllowAdditionalGIDs(m.allowAdditionalGIDs),
)
specEdits, err := e.SpecModifierFromDiscoverer(m.discoverer)
if err != nil {
return fmt.Errorf("failed to get required container edits: %v", err)
}

2
internal/modifier/discover_test.go
View File

@ -132,7 +132,7 @@ func TestDiscoverModifier(t *testing.T) {
for _, tc := range testCases {
t.Run(tc.description, func(t *testing.T) {
m, err := NewModifierFromDiscoverer(logger, tc.discover)
m, err := NewModifierFromDiscoverer(logger, tc.discover, true)
require.NoError(t, err)
err = m.Modify(tc.spec)

4
internal/modifier/gated.go
View File

@ -78,5 +78,7 @@ func NewFeatureGatedModifier(logger logger.Interface, cfg *config.Config, image
discoverers = append(discoverers, d)
}
return NewModifierFromDiscoverer(logger, discover.Merge(discoverers...))
allowAdditionalGIDs := !cfg.Features.IsEnabled(config.FeatureAllowAdditionalGIDs, image)
return NewModifierFromDiscoverer(logger, discover.Merge(discoverers...), allowAdditionalGIDs)
}

4
internal/modifier/graphics.go
View File

@ -62,7 +62,9 @@ func NewGraphicsModifier(logger logger.Interface, cfg *config.Config, image imag
drmNodes,
mounts,
)
return NewModifierFromDiscoverer(logger, d)
allowAdditionalGIDs := cfg.Features.IsEnabled(config.FeatureAllowAdditionalGIDs, image)
return NewModifierFromDiscoverer(logger, d, allowAdditionalGIDs)
}
// requiresGraphicsModifier determines whether a graphics modifier is required.

3
internal/oci/spec_mock.go
View File

@ -4,9 +4,8 @@
package oci
import (
"sync"
"github.com/opencontainers/runtime-spec/specs-go"
"sync"
)
// Ensure, that SpecMock does implement Spec.

14
pkg/nvcdi/full-gpu-nvml.go
View File

@ -30,7 +30,7 @@ import (
// GetGPUDeviceSpecs returns the CDI device specs for the full GPU represented by 'device'.
func (l *nvmllib) GetGPUDeviceSpecs(i int, d device.Device) ([]specs.Device, error) {
edits, err := l.GetGPUDeviceEdits(d)
e, err := l.GetGPUDeviceEdits(d)
if err != nil {
return nil, fmt.Errorf("failed to get edits for device: %v", err)
}
@ -41,10 +41,7 @@ func (l *nvmllib) GetGPUDeviceSpecs(i int, d device.Device) ([]specs.Device, err
return nil, fmt.Errorf("failed to get device name: %v", err)
}
for _, name := range names {
spec := specs.Device{
Name: name,
ContainerEdits: *edits.ContainerEdits,
}
spec := edits.NewResource(name, e)
deviceSpecs = append(deviceSpecs, spec)
}
@ -58,12 +55,7 @@ func (l *nvmllib) GetGPUDeviceEdits(d device.Device) (*cdi.ContainerEdits, error
return nil, fmt.Errorf("failed to create device discoverer: %v", err)
}
editsForDevice, err := edits.FromDiscoverer(device)
if err != nil {
return nil, fmt.Errorf("failed to create container edits for device: %v", err)
}
return editsForDevice, nil
return (*nvcdilib)(l).editsFromDiscoverer(device)
}
// newFullGPUDiscoverer creates a discoverer for the full GPU defined by the specified device.

9
pkg/nvcdi/gds.go
View File

@ -38,22 +38,19 @@ func (l *gdslib) GetAllDeviceSpecs() ([]specs.Device, error) {
if err != nil {
return nil, fmt.Errorf("failed to create GPUDirect Storage discoverer: %v", err)
}
edits, err := edits.FromDiscoverer(discoverer)
e, err := (*nvcdilib)(l).editsFromDiscoverer(discoverer)
if err != nil {
return nil, fmt.Errorf("failed to create container edits for GPUDirect Storage: %v", err)
}
deviceSpec := specs.Device{
Name: "all",
ContainerEdits: *edits.ContainerEdits,
}
deviceSpec := edits.NewResource("all", e)
return []specs.Device{deviceSpec}, nil
}
// GetCommonEdits generates a CDI specification that can be used for ANY devices
func (l *gdslib) GetCommonEdits() (*cdi.ContainerEdits, error) {
return edits.FromDiscoverer(discover.None{})
return edits.NewContainerEdits(), nil
}
// GetSpec is unsppported for the gdslib specs.

11
pkg/nvcdi/lib-csv.go
View File

@ -23,7 +23,6 @@ import (
"tags.cncf.io/container-device-interface/pkg/cdi"
"tags.cncf.io/container-device-interface/specs-go"
"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
"github.com/NVIDIA/nvidia-container-toolkit/internal/platform-support/tegra"
"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
@ -53,7 +52,7 @@ func (l *csvlib) GetAllDeviceSpecs() ([]specs.Device, error) {
if err != nil {
return nil, fmt.Errorf("failed to create discoverer for CSV files: %v", err)
}
e, err := edits.FromDiscoverer(d)
e, err := (*nvcdilib)(l).editsFromDiscoverer(d)
if err != nil {
return nil, fmt.Errorf("failed to create container edits for CSV files: %v", err)
}
@ -64,10 +63,7 @@ func (l *csvlib) GetAllDeviceSpecs() ([]specs.Device, error) {
}
var deviceSpecs []specs.Device
for _, name := range names {
deviceSpec := specs.Device{
Name: name,
ContainerEdits: *e.ContainerEdits,
}
deviceSpec := edits.NewResource(name, e)
deviceSpecs = append(deviceSpecs, deviceSpec)
}
@ -76,8 +72,7 @@ func (l *csvlib) GetAllDeviceSpecs() ([]specs.Device, error) {
// GetCommonEdits generates a CDI specification that can be used for ANY devices
func (l *csvlib) GetCommonEdits() (*cdi.ContainerEdits, error) {
d := discover.None{}
return edits.FromDiscoverer(d)
return edits.NewContainerEdits(), nil
}
// GetGPUDeviceEdits generates a CDI specification that can be used for GPU devices

3
pkg/nvcdi/lib-nvml.go
View File

@ -26,7 +26,6 @@ import (
"tags.cncf.io/container-device-interface/pkg/cdi"
"tags.cncf.io/container-device-interface/specs-go"
"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
"github.com/NVIDIA/nvidia-container-toolkit/pkg/nvcdi/spec"
)
@ -74,7 +73,7 @@ func (l *nvmllib) GetCommonEdits() (*cdi.ContainerEdits, error) {
return nil, fmt.Errorf("failed to create discoverer for common entities: %v", err)
}
return edits.FromDiscoverer(common)
return (*nvcdilib)(l).editsFromDiscoverer(common)
}
// GetDeviceSpecsByID returns the CDI device specs for the GPU(s) represented by

9
pkg/nvcdi/lib-wsl.go
View File

@ -39,15 +39,12 @@ func (l *wsllib) GetSpec() (spec.Interface, error) {
// GetAllDeviceSpecs returns the device specs for all available devices.
func (l *wsllib) GetAllDeviceSpecs() ([]specs.Device, error) {
device := newDXGDeviceDiscoverer(l.logger, l.devRoot)
deviceEdits, err := edits.FromDiscoverer(device)
e, err := (*nvcdilib)(l).editsFromDiscoverer(device)
if err != nil {
return nil, fmt.Errorf("failed to create container edits for DXG device: %v", err)
}
deviceSpec := specs.Device{
Name: "all",
ContainerEdits: *deviceEdits.ContainerEdits,
}
deviceSpec := edits.NewResource("all", e)
return []specs.Device{deviceSpec}, nil
}
@ -59,7 +56,7 @@ func (l *wsllib) GetCommonEdits() (*cdi.ContainerEdits, error) {
return nil, fmt.Errorf("failed to create discoverer for WSL driver: %v", err)
}
return edits.FromDiscoverer(driver)
return (*nvcdilib)(l).editsFromDiscoverer(driver)
}
// GetGPUDeviceEdits generates a CDI specification that can be used for GPU devices

13
pkg/nvcdi/lib.go
View File

@ -24,6 +24,8 @@ import (
"github.com/NVIDIA/go-nvml/pkg/nvml"
"tags.cncf.io/container-device-interface/pkg/cdi"
"github.com/NVIDIA/nvidia-container-toolkit/internal/discover"
"github.com/NVIDIA/nvidia-container-toolkit/internal/edits"
"github.com/NVIDIA/nvidia-container-toolkit/internal/logger"
"github.com/NVIDIA/nvidia-container-toolkit/internal/lookup/root"
"github.com/NVIDIA/nvidia-container-toolkit/internal/platform-support/tegra/csv"
@ -63,6 +65,8 @@ type nvcdilib struct {
infolib info.Interface
mergedDeviceOptions []transform.MergedDeviceOption
allowAdditionalGIDs bool
}
// New creates a new nvcdi library
@ -190,6 +194,15 @@ func (m *wrapper) GetCommonEdits() (*cdi.ContainerEdits, error) {
return edits, nil
}
// editsFromDiscoverer
func (l *nvcdilib) editsFromDiscoverer(d discover.Discover) (*cdi.ContainerEdits, error) {
e := edits.New(
edits.WithLogger(l.logger),
edits.WithAllowAdditionalGIDs(l.allowAdditionalGIDs),
)
return e.EditsFromDiscoverer(d)
}
// resolveMode resolves the mode for CDI spec generation based on the current system.
func (l *nvcdilib) resolveMode() (rmode string) {
if l.mode != ModeAuto {

11
pkg/nvcdi/management.go
View File

@ -43,19 +43,16 @@ func (m *managementlib) GetAllDeviceSpecs() ([]specs.Device, error) {
return nil, fmt.Errorf("failed to create device discoverer: %v", err)
}
edits, err := edits.FromDiscoverer(devices)
e, err := (*nvcdilib)(m).editsFromDiscoverer(devices)
if err != nil {
return nil, fmt.Errorf("failed to create edits from discoverer: %v", err)
}
if len(edits.DeviceNodes) == 0 {
if len(e.DeviceNodes) == 0 {
return nil, fmt.Errorf("no NVIDIA device nodes found")
}
device := specs.Device{
Name: "all",
ContainerEdits: *edits.ContainerEdits,
}
device := edits.NewResource("all", e)
return []specs.Device{device}, nil
}
@ -71,7 +68,7 @@ func (m *managementlib) GetCommonEdits() (*cdi.ContainerEdits, error) {
return nil, fmt.Errorf("failed to create driver library discoverer: %v", err)
}
edits, err := edits.FromDiscoverer(driver)
edits, err := (*nvcdilib)(m).editsFromDiscoverer(driver)
if err != nil {
return nil, fmt.Errorf("failed to create edits from discoverer: %v", err)
}

9
pkg/nvcdi/mig-device-nvml.go
View File

@ -29,7 +29,7 @@ import (
// GetMIGDeviceSpecs returns the CDI device specs for the full GPU represented by 'device'.
func (l *nvmllib) GetMIGDeviceSpecs(i int, d device.Device, j int, mig device.MigDevice) ([]specs.Device, error) {
edits, err := l.GetMIGDeviceEdits(d, mig)
e, err := l.GetMIGDeviceEdits(d, mig)
if err != nil {
return nil, fmt.Errorf("failed to get edits for device: %v", err)
}
@ -40,10 +40,7 @@ func (l *nvmllib) GetMIGDeviceSpecs(i int, d device.Device, j int, mig device.Mi
}
var deviceSpecs []specs.Device
for _, name := range names {
spec := specs.Device{
Name: name,
ContainerEdits: *edits.ContainerEdits,
}
spec := edits.NewResource(name, e)
deviceSpecs = append(deviceSpecs, spec)
}
return deviceSpecs, nil
@ -60,7 +57,7 @@ func (l *nvmllib) GetMIGDeviceEdits(parent device.Device, mig device.MigDevice)
return nil, fmt.Errorf("failed to create device discoverer: %v", err)
}
editsForDevice, err := edits.FromDiscoverer(deviceNodes)
editsForDevice, err := (*nvcdilib)(l).editsFromDiscoverer(deviceNodes)
if err != nil {
return nil, fmt.Errorf("failed to create container edits for Compute Instance: %v", err)
}

9
pkg/nvcdi/mofed.go
View File

@ -38,22 +38,19 @@ func (l *mofedlib) GetAllDeviceSpecs() ([]specs.Device, error) {
if err != nil {
return nil, fmt.Errorf("failed to create MOFED discoverer: %v", err)
}
edits, err := edits.FromDiscoverer(discoverer)
e, err := (*nvcdilib)(l).editsFromDiscoverer(discoverer)
if err != nil {
return nil, fmt.Errorf("failed to create container edits for MOFED devices: %v", err)
}
deviceSpec := specs.Device{
Name: "all",
ContainerEdits: *edits.ContainerEdits,
}
deviceSpec := edits.NewResource("all", e)
return []specs.Device{deviceSpec}, nil
}
// GetCommonEdits generates a CDI specification that can be used for ANY devices
func (l *mofedlib) GetCommonEdits() (*cdi.ContainerEdits, error) {
return edits.FromDiscoverer(discover.None{})
return edits.NewContainerEdits(), nil
}
// GetSpec is unsppported for the mofedlib specs.

3
pkg/nvcdi/namer_nvml_mock.go
View File

@ -4,9 +4,8 @@
package nvcdi
import (
"sync"
"github.com/NVIDIA/go-nvml/pkg/nvml"
"sync"
)
// Ensure, that nvmlUUIDerMock does implement nvmlUUIDer.

8
pkg/nvcdi/options.go
View File

@ -155,3 +155,11 @@ func WithLibrarySearchPaths(paths []string) Option {
o.librarySearchPaths = paths
}
}
// WithAllowAdditionalGIDs specifies whether a generated CDI spec can contain
// the additionaGIDs field.
func WithAllowAdditionalGIDs(allowAdditionalGIDs bool) Option {
return func(o *nvcdilib) {
o.allowAdditionalGIDs = allowAdditionalGIDs
}
}

24
pkg/nvcdi/transform/deduplicate.go
View File

@ -17,6 +17,8 @@
package transform
import (
"slices"
"tags.cncf.io/container-device-interface/specs-go"
)
@ -50,6 +52,12 @@ func (d dedupe) Transform(spec *specs.Spec) error {
}
func (d dedupe) transformEdits(edits *specs.ContainerEdits) error {
additionalGIDs, err := d.deduplicateAdditionalGIDs(edits.AdditionalGIDs)
if err != nil {
return err
}
edits.AdditionalGIDs = additionalGIDs
deviceNodes, err := d.deduplicateDeviceNodes(edits.DeviceNodes)
if err != nil {
return err
@ -150,3 +158,19 @@ func (d dedupe) deduplicateMounts(entities []*specs.Mount) ([]*specs.Mount, erro
}
return mounts, nil
}
func (d dedupe) deduplicateAdditionalGIDs(entities []uint32) ([]uint32, error) {
seen := make(map[uint32]bool)
var additionalGIDs []uint32
for _, e := range entities {
if seen[e] {
continue
}
seen[e] = true
additionalGIDs = append(additionalGIDs, e)
}
slices.Sort(additionalGIDs)
return additionalGIDs, nil
}

6
pkg/nvcdi/transform/merged-device.go
View File

@ -109,7 +109,6 @@ func mergeDeviceSpecs(deviceSpecs []specs.Device, mergedDeviceName string) (*spe
}
mergedEdits := edits.NewContainerEdits()
for _, d := range deviceSpecs {
d := d
edit := cdi.ContainerEdits{
@ -118,9 +117,6 @@ func mergeDeviceSpecs(deviceSpecs []specs.Device, mergedDeviceName string) (*spe
mergedEdits.Append(&edit)
}
merged := specs.Device{
Name: mergedDeviceName,
ContainerEdits: *mergedEdits.ContainerEdits,
}
merged := edits.NewResource(mergedDeviceName, mergedEdits)
return &merged, nil
}