1 //go:build windows 2 3 package uvm 4 5 import ( 6 "net" 7 "sync" 8 9 "github.com/Microsoft/go-winio/pkg/guid" 10 "golang.org/x/sys/windows" 11 12 "github.com/Microsoft/hcsshim/internal/gcs" 13 "github.com/Microsoft/hcsshim/internal/hcs" 14 "github.com/Microsoft/hcsshim/internal/hcs/schema1" 15 "github.com/Microsoft/hcsshim/internal/hns" 16 ) 17 18 // | WCOW | LCOW 19 // Container scratch | SCSI | SCSI 20 // Scratch space | ---- | SCSI // For file system utilities. /tmp/scratch 21 // Read-Only Layer | VSMB | VPMEM 22 // Mapped Directory | VSMB | PLAN9 23 24 type nicInfo struct { 25 ID string 26 Endpoint *hns.HNSEndpoint 27 } 28 29 type namespaceInfo struct { 30 nics map[string]*nicInfo 31 } 32 33 // UtilityVM is the object used by clients representing a utility VM 34 type UtilityVM struct { 35 id string // Identifier for the utility VM (user supplied or generated) 36 runtimeID guid.GUID // Hyper-V VM ID 37 owner string // Owner for the utility VM (user supplied or generated) 38 operatingSystem string // "windows" or "linux" 39 hcsSystem *hcs.System // The handle to the compute system 40 gcListener net.Listener // The GCS connection listener 41 gc *gcs.GuestConnection // The GCS connection 42 processorCount int32 43 physicallyBacked bool // If the uvm is backed by physical memory and not virtual memory 44 m sync.Mutex // Lock for adding/removing devices 45 46 exitErr error 47 exitCh chan struct{} 48 49 // devicesPhysicallyBacked indicates if additional devices added to a uvm should be 50 // entirely physically backed 51 devicesPhysicallyBacked bool 52 53 // GCS bridge protocol and capabilities 54 protocol uint32 55 guestCaps schema1.GuestDefinedCapabilities 56 57 // containerCounter is the current number of containers that have been 58 // created. This is never decremented in the life of the UVM. 59 // 60 // NOTE: All accesses to this MUST be done atomically. 61 containerCounter uint64 62 63 // noWritableFileShares disables mounting any writable vSMB or Plan9 shares 64 // on the uVM. This prevents containers in the uVM modifying files and directories 65 // made available via the "mounts" options in the container spec, or shared 66 // to the uVM directly. 67 // This option does not prevent writable SCSI mounts. 68 noWritableFileShares bool 69 70 // VSMB shares that are mapped into a Windows UVM. These are used for read-only 71 // layers and mapped directories. 72 // We maintain two sets of maps, `vsmbDirShares` tracks shares that are 73 // unrestricted mappings of directories. `vsmbFileShares` tracks shares that 74 // are restricted to some subset of files in the directory. This is used as 75 // part of a temporary fix to allow WCOW single-file mapping to function. 76 vsmbDirShares map[string]*VSMBShare 77 vsmbFileShares map[string]*VSMBShare 78 vsmbCounter uint64 // Counter to generate a unique share name for each VSMB share. 79 vsmbNoDirectMap bool // indicates if VSMB devices should be added with the `NoDirectMap` option 80 81 // VPMEM devices that are mapped into a Linux UVM. These are used for read-only layers, or for 82 // booting from VHD. 83 vpmemMaxCount uint32 // The max number of VPMem devices. 84 vpmemMaxSizeBytes uint64 // The max size of the layer in bytes per vPMem device. 85 vpmemMultiMapping bool // Enable mapping multiple VHDs onto a single VPMem device 86 vpmemDevicesDefault [MaxVPMEMCount]*vPMemInfoDefault 87 vpmemDevicesMultiMapped [MaxVPMEMCount]*vPMemInfoMulti 88 89 // SCSI devices that are mapped into a Windows or Linux utility VM 90 scsiLocations [4][64]*SCSIMount // Hyper-V supports 4 controllers, 64 slots per controller. Limited to 1 controller for now though. 91 scsiControllerCount uint32 // Number of SCSI controllers in the utility VM 92 encryptScratch bool // Enable scratch encryption 93 94 vpciDevices map[VPCIDeviceKey]*VPCIDevice // map of device instance id to vpci device 95 96 // Plan9 are directories mapped into a Linux utility VM 97 plan9Counter uint64 // Each newly-added plan9 share has a counter used as its ID in the ResourceURI and for the name 98 99 namespaces map[string]*namespaceInfo 100 101 outputListener net.Listener 102 outputProcessingDone chan struct{} 103 outputHandler OutputHandler 104 105 entropyListener net.Listener 106 107 // Handle to the vmmem process associated with this UVM. Used to look up 108 // memory metrics for the UVM. 109 vmmemProcess windows.Handle 110 // Tracks the error returned when looking up the vmmem process. 111 vmmemErr error 112 // We only need to look up the vmmem process once, then we keep a handle 113 // open. 114 vmmemOnce sync.Once 115 116 // mountCounter is the number of mounts that have been added to the UVM 117 // This is used in generating a unique mount path inside the UVM for every mount. 118 // Access to this variable should be done atomically. 119 mountCounter uint64 120 121 // Location that container process dumps will get written too. 122 processDumpLocation string 123 124 // The CreateOpts used to create this uvm. These can be either of type 125 // uvm.OptionsLCOW or uvm.OptionsWCOW 126 createOpts interface{} 127 128 // Network config proxy client. If nil then this wasn't requested and the 129 // uvms network will be configured locally. 130 ncProxyClientAddress string 131 132 // networkSetup handles the logic for setting up and tearing down any network configuration 133 // for the Utility VM. 134 networkSetup NetworkSetup 135 136 // noInheritHostTimezone specifies whether to not inherit the hosts timezone for the UVM. UTC will be set as the default instead. 137 // This only applies for WCOW. 138 noInheritHostTimezone bool 139 140 // confidentialUVMOptions hold confidential UVM specific options 141 confidentialUVMOptions *ConfidentialOptions 142 } 143