Conditionally compile virtio/net only when feature 'net' is enabled

The feature is disabled by default. You can set enviroment variable NET=1 when compiling using the Makefile to enable it. Signed-off-by: Matej Hrica <[email protected]>
containers · Oct 4, 2023 · 941f1d9 · 941f1d9
1 parent 7ad949e
commit 941f1d9
Show file tree

Hide file tree

Showing 9 changed files with 42 additions and 8 deletions.
diff --git a/Makefile b/Makefile
@@ -23,6 +23,9 @@ ifeq ($(SEV),1)
     INIT_DEFS += $(SEV_LD_FLAGS)
     INIT_SRC += $(SNP_INIT_SRC)
 endif
+ifeq ($(NET),1)
+    FEATURE_FLAGS += --features net
+endif
 
 ifeq ($(ROSETTA),1)
     INIT_DEFS += -D__ROSETTA__

diff --git a/src/devices/Cargo.toml b/src/devices/Cargo.toml
@@ -7,6 +7,7 @@ edition = "2021"
 [features]
 tee = []
 amd-sev = ["tee"]
+net = []
 
 [dependencies]
 bitflags = "1.2.0"

diff --git a/src/devices/src/virtio/mod.rs b/src/devices/src/virtio/mod.rs
@@ -21,6 +21,7 @@ pub mod fs;
 #[cfg(target_os = "macos")]
 pub mod linux_errno;
 mod mmio;
+#[cfg(feature = "net")]
 pub mod net;
 mod queue;
 #[cfg(not(feature = "tee"))]
@@ -36,6 +37,7 @@ pub use self::device::*;
 #[cfg(not(feature = "tee"))]
 pub use self::fs::*;
 pub use self::mmio::*;
+#[cfg(feature = "net")]
 pub use self::net::*;
 pub use self::queue::*;
 #[cfg(not(feature = "tee"))]

diff --git a/src/libkrun/Cargo.toml b/src/libkrun/Cargo.toml
@@ -8,6 +8,7 @@ build = "build.rs"
 [features]
 tee = []
 amd-sev = [ "tee" ]
+net = []
 
 [dependencies]
 env_logger = "0.9.0"

diff --git a/src/libkrun/src/lib.rs b/src/libkrun/src/lib.rs
@@ -8,6 +8,7 @@ use std::env;
 use std::ffi::CStr;
 #[cfg(target_os = "linux")]
 use std::ffi::CString;
+#[cfg(feature = "net")]
 use std::os::fd::RawFd;
 #[cfg(not(feature = "tee"))]
 use std::path::Path;
@@ -33,6 +34,7 @@ use vmm::vmm_config::kernel_bundle::KernelBundle;
 #[cfg(feature = "tee")]
 use vmm::vmm_config::kernel_bundle::{InitrdBundle, QbootBundle};
 use vmm::vmm_config::machine_config::VmConfig;
+#[cfg(feature = "net")]
 use vmm::vmm_config::net::NetworkInterfaceConfig;
 use vmm::vmm_config::vsock::VsockDeviceConfig;
 
@@ -51,12 +53,14 @@ struct TsiConfig {
     port_map: Option<HashMap<u16, u16>>,
 }
 
+#[cfg(feature = "net")]
 struct PasstConfig {
     fd: RawFd,
 }
 
 enum NetworkConfig {
     Tsi(TsiConfig),
+    #[cfg(feature = "net")]
     Passt(PasstConfig),
 }
 
@@ -172,6 +176,7 @@ impl ContextConfig {
         self.data_block_cfg.clone()
     }
 
+    #[cfg(feature = "net")]
     fn set_net_cfg(&mut self, net_cfg: NetworkConfig) {
         self.net_cfg = net_cfg;
     }
@@ -182,6 +187,7 @@ impl ContextConfig {
                 tsi_config.port_map.replace(new_port_map);
                 Ok(())
             }
+            #[cfg(feature = "net")]
             NetworkConfig::Passt(_) => Err(()),
         }
     }
@@ -494,15 +500,24 @@ pub unsafe extern "C" fn krun_set_passt_fd(ctx_id: u32, fd: c_int) -> i32 {
         return -libc::EINVAL;
     }
 
-    match CTX_MAP.lock().unwrap().entry(ctx_id) {
-        Entry::Occupied(mut ctx_cfg) => {
-            let cfg = ctx_cfg.get_mut();
-            cfg.set_net_cfg(NetworkConfig::Passt(PasstConfig { fd }));
-        }
-        Entry::Vacant(_) => return -libc::ENOENT,
+    #[cfg(not(feature = "net"))]
+    {
+        let _ = ctx_id;
+        let _ = fd;
+        -libc::ENOTSUP
     }
 
-    KRUN_SUCCESS
+    #[cfg(feature = "net")]
+    {
+        match CTX_MAP.lock().unwrap().entry(ctx_id) {
+            Entry::Occupied(mut ctx_cfg) => {
+                let cfg = ctx_cfg.get_mut();
+                cfg.set_net_cfg(NetworkConfig::Passt(PasstConfig { fd }));
+            }
+            Entry::Vacant(_) => return -libc::ENOENT,
+        }
+        KRUN_SUCCESS
+    }
 }
 
 #[allow(clippy::missing_safety_doc)]
@@ -820,6 +835,7 @@ pub extern "C" fn krun_start_enter(ctx_id: u32) -> i32 {
             };
             ctx_cfg.vmr.set_vsock_device(vsock_device_config).unwrap();
         }
+        #[cfg(feature = "net")]
         NetworkConfig::Passt(passt_cfg) => {
             let network_interface_config = NetworkInterfaceConfig {
                 iface_id: "eth0".to_string(),

diff --git a/src/vmm/Cargo.toml b/src/vmm/Cargo.toml
@@ -7,6 +7,7 @@ edition = "2021"
 [features]
 tee = []
 amd-sev = [ "tee", "codicon", "kbs-types", "procfs", "serde", "serde_json", "sev", "curl" ]
+net = []
 
 [dependencies]
 crossbeam-channel = "0.5"

diff --git a/src/vmm/src/builder.rs b/src/vmm/src/builder.rs
@@ -17,9 +17,11 @@ use crate::device_manager::legacy::PortIODeviceManager;
 use crate::device_manager::mmio::MMIODeviceManager;
 use devices::legacy::Gic;
 use devices::legacy::Serial;
+#[cfg(feature = "net")]
+use devices::virtio::Net;
 #[cfg(not(feature = "tee"))]
 use devices::virtio::VirtioShmRegion;
-use devices::virtio::{MmioTransport, Net, Vsock};
+use devices::virtio::{MmioTransport, Vsock};
 
 #[cfg(feature = "tee")]
 use kbs_types::Tee;
@@ -586,6 +588,8 @@ pub fn build_microvm(
         attach_unixsock_vsock_device(&mut vmm, vsock, event_manager, intc)?;
         vmm.kernel_cmdline.insert_str("tsi_hijack")?;
     }
+
+    #[cfg(feature = "net")]
     attach_net_devices(&mut vmm, vm_resources.net_builder.iter(), event_manager)?;
 
     if let Some(s) = &vm_resources.boot_config.kernel_cmdline_epilog {
@@ -1115,6 +1119,7 @@ fn attach_console_devices(
     Ok(())
 }
 
+#[cfg(feature = "net")]
 fn attach_net_devices<'a>(
     vmm: &mut Vmm,
     net_devices: impl Iterator<Item = &'a Arc<Mutex<Net>>>,

diff --git a/src/vmm/src/resources.rs b/src/vmm/src/resources.rs
@@ -25,6 +25,7 @@ use crate::vmm_config::fs::*;
 use crate::vmm_config::kernel_bundle::{InitrdBundle, QbootBundle, QbootBundleError};
 use crate::vmm_config::kernel_bundle::{KernelBundle, KernelBundleError};
 use crate::vmm_config::machine_config::{VmConfig, VmConfigError};
+#[cfg(feature = "net")]
 use crate::vmm_config::net::{NetBuilder, NetworkInterfaceConfig, NetworkInterfaceError};
 use crate::vmm_config::vsock::*;
 use crate::vstate::VcpuConfig;
@@ -103,6 +104,7 @@ pub struct VmResources {
     #[cfg(feature = "tee")]
     pub block: BlockBuilder,
     /// The network devices builder.
+    #[cfg(feature = "net")]
     pub net_builder: NetBuilder,
     /// TEE configuration
     #[cfg(feature = "tee")]
@@ -241,6 +243,7 @@ impl VmResources {
     }
 
     /// Sets a network device to be attached when the VM starts.
+    #[cfg(feature = "net")]
     pub fn add_network_interface(
         &mut self,
         config: NetworkInterfaceConfig,
@@ -299,6 +302,7 @@ mod tests {
             kernel_bundle: Default::default(),
             fs: Default::default(),
             vsock: Default::default(),
+            #[cfg(feature = "net")]
             net_builder: Default::default(),
         }
     }

diff --git a/src/vmm/src/vmm_config/mod.rs b/src/vmm/src/vmm_config/mod.rs
@@ -25,4 +25,5 @@ pub mod machine_config;
 pub mod vsock;
 
 /// Wrapper for configuring the network devices attached to the microVM.
+#[cfg(feature = "net")]
 pub mod net;