From 38ee07aa0dc84b81f15beb731a4fc33e7c337105 Mon Sep 17 00:00:00 2001
From: Julio Montes <julio.montes@intel.com>
Date: Wed, 8 Aug 2018 11:08:14 -0500
Subject: [PATCH 1/2] agent: enable memory hierarchical account

Memory cgroup requires setting use_hierarchy to 1 on the root.

fixes #318

Signed-off-by: Julio Montes <julio.montes@intel.com>
---
 agent.go | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/agent.go b/agent.go
index b00df4d1ff..631785ccd0 100644
--- a/agent.go
+++ b/agent.go
@@ -44,8 +44,11 @@ const (
 
 var (
 	// cgroup fs is mounted at /sys/fs when systemd is the init process
-	cgroupPath       = "/sys/fs/cgroup"
-	cgroupCpusetPath = cgroupPath + "/cpuset"
+	cgroupPath                   = "/sys/fs/cgroup"
+	cgroupCpusetPath             = cgroupPath + "/cpuset"
+	cgroupMemoryPath             = cgroupPath + "/memory"
+	cgroupMemoryUseHierarchyPath = cgroupMemoryPath + "/memory.use_hierarchy"
+	cgroupMemoryUseHierarchyMode = os.FileMode(0400)
 )
 
 var initRootfsMounts = []initMount{
@@ -859,7 +862,10 @@ func cgroupsMount() error {
 			return err
 		}
 	}
-	return nil
+
+	// Enable memory hierarchical account.
+	// For more information see https://www.kernel.org/doc/Documentation/cgroup-v1/memory.txt
+	return ioutil.WriteFile(cgroupMemoryUseHierarchyPath, []byte{'1'}, cgroupMemoryUseHierarchyMode)
 }
 
 // initAgentAsInit will do the initializations such as setting up the rootfs

From ae3d9c33c32322fe7b47f69cf45171490b579b4a Mon Sep 17 00:00:00 2001
From: Julio Montes <julio.montes@intel.com>
Date: Thu, 16 Aug 2018 14:17:33 -0500
Subject: [PATCH 2/2] protocols: increase dial timeout

Run containers that use vsock as communication channel inside VMs
(nested environments) randomly fails with following error:

```
Stderr: docker: Error response from daemon: OCI runtime create failed:
Failed to check if grpc server is working: context deadline exceeded: unknown.
```

Sometimes the connection with the container's vsock is slow because of
kata-runtime disables modern (don't rely on fast MMIO) on some devices
including vsocks. This issue can be fixed by increasing the dial timeout.

fixes #324

Signed-off-by: Julio Montes <julio.montes@intel.com>
---
 protocols/client/client.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/protocols/client/client.go b/protocols/client/client.go
index 8a11618820..4145ddd4e8 100644
--- a/protocols/client/client.go
+++ b/protocols/client/client.go
@@ -28,7 +28,7 @@ const (
 	vsockSocketScheme = "vsock"
 )
 
-var defaultDialTimeout = 5 * time.Second
+var defaultDialTimeout = 15 * time.Second
 
 // AgentClient is an agent gRPC client connection wrapper for agentgrpc.AgentServiceClient
 type AgentClient struct {