From 40d3c3b9b028d408e975a0292bd4f614ff4bd65a Mon Sep 17 00:00:00 2001
From: Wolfgang Pross <wolfgang.pross@intel.com>
Date: Tue, 26 Sep 2023 10:19:33 +0000
Subject: [PATCH] Add Intel RDT support

Add --rdt-class=COS to the create and run command to enable the
assignment of a container to a Class of Service (COS). The COS
represents a part of the cache based on the Cache Allocation Technology
(CAT) feature that is part of Intel's Resource Director Technology
(Intel RDT) feature set. By assigning a container to a COS, all PID's of
the container have only access to the cache space defined for this COS.
The COS has to be pre-configured based on the resctrl kernel driver.
cat_l2 and cat_l3 flags in /proc/cpuinfo represent CAT support for cache
level 2 and 3 respectively.

Signed-off-by: Wolfgang Pross <wolfgang.pross@intel.com>
---
 cmd/podman/common/create.go        | 8 ++++++++
 libpod/container_inspect.go        | 7 +++++++
 libpod/define/container_inspect.go | 1 +
 pkg/domain/entities/pods.go        | 1 +
 pkg/specgen/generate/oci_linux.go  | 6 ++++++
 pkg/specgen/specgen.go             | 4 ++++
 pkg/specgenutil/specgen.go         | 6 ++++++
 7 files changed, 33 insertions(+)

diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go
index 5c4d903c7e..3af1f1f15c 100644
--- a/cmd/podman/common/create.go
+++ b/cmd/podman/common/create.go
@@ -370,6 +370,14 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 			"quiet", "q", false,
 			"Suppress output information when pulling images",
 		)
+		rdtClassFlagName := "rdt-class"
+		createFlags.StringVar(
+			&cf.IntelRdtClosID,
+			rdtClassFlagName, cf.IntelRdtClosID,
+			"Class of Service (COS) that the container should be assigned to",
+		)
+		_ = cmd.RegisterFlagCompletionFunc(rdtClassFlagName, AutocompletePullOption)
+
 		createFlags.BoolVar(
 			&cf.ReadOnly,
 			"read-only", podmanConfig.ContainersConfDefaultsRO.Containers.ReadOnly,
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index bb6fc7f543..736c191466 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -198,6 +198,13 @@ func (c *Container) getContainerInspectData(size bool, driverData *define.Driver
 		}
 	}
 
+	if ctrSpec.Linux.IntelRdt != nil {
+		if ctrSpec.Linux.IntelRdt.ClosID != "" {
+			// container is assigned to a ClosID
+			data.State.IntelRdtClosID = ctrSpec.Linux.IntelRdt.ClosID
+		}
+	}
+
 	networkConfig, err := c.getContainerNetworkInfo()
 	if err != nil {
 		return nil, err
diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go
index de4f700fa4..78b3a2aeda 100644
--- a/libpod/define/container_inspect.go
+++ b/libpod/define/container_inspect.go
@@ -229,6 +229,7 @@ type InspectContainerState struct {
 	RestoreLog     string             `json:"RestoreLog,omitempty"`
 	Restored       bool               `json:"Restored,omitempty"`
 	StoppedByUser  bool               `json:"StoppedByUser,omitempty"`
+	IntelRdtClosID string             `json:"IntelRdtClosID,omitempty"`
 }
 
 // Healthcheck returns the HealthCheckResults. This is used for old podman compat
diff --git a/pkg/domain/entities/pods.go b/pkg/domain/entities/pods.go
index 5c882a5ed3..c6bdc0f553 100644
--- a/pkg/domain/entities/pods.go
+++ b/pkg/domain/entities/pods.go
@@ -224,6 +224,7 @@ type ContainerCreateOptions struct {
 	Init               bool
 	InitContainerType  string
 	InitPath           string
+	IntelRdtClosID     string
 	Interactive        bool
 	IPC                string
 	Label              []string
diff --git a/pkg/specgen/generate/oci_linux.go b/pkg/specgen/generate/oci_linux.go
index 6dc1dc28bb..fa8cd4c24d 100644
--- a/pkg/specgen/generate/oci_linux.go
+++ b/pkg/specgen/generate/oci_linux.go
@@ -216,6 +216,12 @@ func SpecGenToOCI(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.Runt
 		g.AddAnnotation(key, val)
 	}
 
+	if s.IntelRdt != nil {
+		if s.IntelRdt.ClosID != "" {
+			g.SetLinuxIntelRdtClosID(s.IntelRdt.ClosID)
+		}
+	}
+
 	if s.ResourceLimits != nil {
 		out, err := json.Marshal(s.ResourceLimits)
 		if err != nil {
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index eca9a9bcc3..9568ddc048 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -514,6 +514,10 @@ type ContainerNetworkConfig struct {
 
 // ContainerResourceConfig contains information on container resource limits.
 type ContainerResourceConfig struct {
+	// IntelRdt defines the Intel RDT CAT Class of Service (COS) that all processes
+	// of the container should run in.
+	// Optional.
+	IntelRdt *spec.LinuxIntelRdt `json:"intelRdt,omitempty"`
 	// ResourceLimits are resource limits to apply to the container.,
 	// Can only be set as root on cgroups v1 systems, but can be set as
 	// rootless as well for cgroups v2.
diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go
index 3f6475a7e4..ea4fc4ca91 100644
--- a/pkg/specgenutil/specgen.go
+++ b/pkg/specgenutil/specgen.go
@@ -491,6 +491,12 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 		s.Labels = labels
 	}
 
+	// Intel RDT CAT
+	s.IntelRdt = &specs.LinuxIntelRdt{}
+	if c.IntelRdtClosID != "" {
+		s.IntelRdt.ClosID = c.IntelRdtClosID
+	}
+
 	// ANNOTATIONS
 	annotations := make(map[string]string)