Don't panic on KVM init if no memory for new vCPU.

konstantin-s-bogom · gvisor-bot · commit fb6b3cd38519 · 2025-05-16T16:52:16.000-07:00
This should be an indication to the user to set greater memory limits, a clean
exit with an error should do that.

PiperOrigin-RevId: 759294902
diff --git a/pkg/sentry/platform/kvm/machine.go b/pkg/sentry/platform/kvm/machine.go
@@ -227,11 +227,11 @@ type dieState struct {
 // createVCPU creates and returns a new vCPU.
 //
 // Precondition: mu must be held.
-func (m *machine) createVCPU(id int) *vCPU {
+func (m *machine) createVCPU(id int) (*vCPU, error) {
 	// Create the vCPU.
 	fd, errno := hostsyscall.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), KVM_CREATE_VCPU, uintptr(id))
 	if errno != 0 {
-		panic(fmt.Sprintf("error creating new vCPU(id=%d): %v", id, errno))
+		return nil, fmt.Errorf("error creating new vCPU(id=%d): %w", id, errno)
 	}
 
 	c := &vCPU{
@@ -259,7 +259,7 @@ func (m *machine) createVCPU(id int) *vCPU {
 		panic(fmt.Sprintf("error initializing vCPU(id=%d) state: %v", id, err))
 	}
 
-	return c // Done.
+	return c, nil // Done.
 }
 
 // forceMappingEntireAddressSpace forces mapping the entire process address
diff --git a/pkg/sentry/platform/kvm/machine_amd64.go b/pkg/sentry/platform/kvm/machine_amd64.go
@@ -50,10 +50,12 @@ func (m *machine) initArchState() error {
 
 	// Initialize all vCPUs to minimize kvm ioctl-s allowed by seccomp filters.
 	m.mu.Lock()
+	defer m.mu.Unlock()
 	for i := 0; i < m.maxVCPUs; i++ {
-		m.createVCPU(i)
+		if _, err := m.createVCPU(i); err != nil {
+			return err
+		}
 	}
-	m.mu.Unlock()
 
 	return nil
 }
diff --git a/pkg/sentry/platform/kvm/machine_arm64_unsafe.go b/pkg/sentry/platform/kvm/machine_arm64_unsafe.go
@@ -49,15 +49,19 @@ func (m *machine) initArchState() error {
 		panic(fmt.Sprintf("error setting KVM_ARM_PREFERRED_TARGET failed: %v", errno))
 	}
 
-	// Initialize all vCPUs on ARM64, while this does not happen on x86_64.
-	// The reason for the difference is that ARM64 and x86_64 have different KVM timer mechanisms.
-	// If we create vCPU dynamically on ARM64, the timer for vCPU would mess up for a short time.
+	// Initialize all vCPUs on ARM64 (we also do this on x86_64, but for
+	// ARM64 it is especially important as it has a different KVM timer
+	// mechanism).
+	// If we create vCPU dynamically on ARM64, the timer for vCPU would mess
+	// up for a short time.
 	// For more detail, please refer to https://github.com/google/gvisor/issues/5739
 	m.mu.Lock()
+	defer m.mu.Unlock()
 	for i := 0; i < m.maxVCPUs; i++ {
-		m.createVCPU(i)
+		if _, err := m.createVCPU(i); err != nil {
+			return err
+		}
 	}
-	m.mu.Unlock()
 	return nil
 }
 

Original file line number	Diff line number	Diff line change
`@@ -227,11 +227,11 @@ type dieState struct {`
`227`	`227`	`// createVCPU creates and returns a new vCPU.`
`228`	`228`	`//`
`229`	`229`	`// Precondition: mu must be held.`
`230`		`-func (m machine) createVCPU(id int) vCPU {`
	`230`	`+func (m machine) createVCPU(id int) (vCPU, error) {`
`231`	`231`	`// Create the vCPU.`
`232`	`232`	`fd, errno := hostsyscall.RawSyscall(unix.SYS_IOCTL, uintptr(m.fd), KVM_CREATE_VCPU, uintptr(id))`
`233`	`233`	`if errno != 0 {`
`234`		`- panic(fmt.Sprintf("error creating new vCPU(id=%d): %v", id, errno))`
	`234`	`+ return nil, fmt.Errorf("error creating new vCPU(id=%d): %w", id, errno)`
`235`	`235`	`}`
`236`	`236`
`237`	`237`	`c := &vCPU{`
`@@ -259,7 +259,7 @@ func (m machine) createVCPU(id int) vCPU {`
`259`	`259`	`panic(fmt.Sprintf("error initializing vCPU(id=%d) state: %v", id, err))`
`260`	`260`	`}`
`261`	`261`
`262`		`- return c // Done.`
	`262`	`+ return c, nil // Done.`
`263`	`263`	`}`
`264`	`264`
`265`	`265`	`// forceMappingEntireAddressSpace forces mapping the entire process address`
Original file line number	Diff line number	Diff line change
`@@ -50,10 +50,12 @@ func (m *machine) initArchState() error {`
`50`	`50`
`51`	`51`	`// Initialize all vCPUs to minimize kvm ioctl-s allowed by seccomp filters.`
`52`	`52`	`m.mu.Lock()`
	`53`	`+ defer m.mu.Unlock()`
`53`	`54`	`for i := 0; i < m.maxVCPUs; i++ {`
`54`		`- m.createVCPU(i)`
	`55`	`+ if _, err := m.createVCPU(i); err != nil {`
	`56`	`+ return err`
	`57`	`+ }`
`55`	`58`	`}`
`56`		`- m.mu.Unlock()`
`57`	`59`
`58`	`60`	`return nil`
`59`	`61`	`}`