CDI: Add support Edit Container Mount for kata/runtime-rs using direct volume

Try to use CDI to 'patch up' the Container Mount for kata/runtime-rs
using direct volume in K8S/CSI scenario.

related issue and PR as below:
CDI issue: cncf-tags/container-device-interface#162
CDI Mount PR: cncf-tags/container-device-interface#169

Fixes: containerd#9203

Signed-off-by: alex.lyn <[email protected]>

Author: Apokleos

pkg/cri/opts/spec_linux.go

@@ -18,6 +18,7 @@ package opts
 
 import (
 	"context"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"os"
@@ -175,3 +176,37 @@ func WithCDI(annotations map[string]string, CDIDevices []*runtime.CDIDevice) oci
 		return oci.WithCDIDevices(devices...)(ctx, client, c, s)
 	}
 }
+
+func GenerateCDIDevicesOpts(containerMounts []*runtime.Mount) []*runtime.CDIDevice {
+	// OCI Spec default Mounts
+	defaultSpecMounts := []string{"/proc", "/run", "/dev", "/dev/pts", "/dev/shm", "/dev/mqueue", "/sys"}
+
+	// Default Mount skip.
+	isDefaultSpecMount := func(defaultMnts []string, m *runtime.Mount) bool {
+		for _, mntPath := range defaultMnts {
+			if filepath.Clean(m.ContainerPath) == filepath.Clean(mntPath) {
+				return true
+			}
+		}
+		return false
+	}
+
+	CDIDevices := []*runtime.CDIDevice{}
+	for _, mount := range containerMounts {
+		// Filter the default Mounts
+		if isDefaultSpecMount(defaultSpecMounts, mount) {
+			continue
+		}
+
+		// Encoded Mount host path
+		encodedHostPath := base64.URLEncoding.EncodeToString([]byte(mount.GetHostPath()))
+		mntName := "kata.direct.volume/direct-volume=" + encodedHostPath
+		cdiDevice := runtime.CDIDevice{
+			Name: mntName,
+		}
+
+		CDIDevices = append(CDIDevices, &cdiDevice)
+	}
+
+	return CDIDevices
+}

pkg/cri/sbserver/container_create_linux.go

@@ -106,7 +106,10 @@ func (c *criService) containerSpecOpts(config *runtime.ContainerConfig, imageCon
 		specOpts = append(specOpts, seccompSpecOpts)
 	}
 	if c.config.EnableCDI {
-		specOpts = append(specOpts, customopts.WithCDI(config.Annotations, config.CDIDevices))
+		CDIDevices := config.CDIDevices
+		devices := customopts.GenerateCDIDevicesOpts(config.GetMounts())
+		CDIDevices = append(CDIDevices, devices...)
+		specOpts = append(specOpts, customopts.WithCDI(config.Annotations, CDIDevices))
 	}
 	return specOpts, nil
 }

pkg/cri/server/container_create_linux.go

@@ -436,9 +436,14 @@ func (c *criService) containerSpecOpts(config *runtime.ContainerConfig, imageCon
 	if seccompSpecOpts != nil {
 		specOpts = append(specOpts, seccompSpecOpts)
 	}
+
 	if c.config.EnableCDI {
-		specOpts = append(specOpts, customopts.WithCDI(config.Annotations, config.CDIDevices))
+		CDIDevices := config.CDIDevices
+		devices := customopts.GenerateCDIDevicesOpts(config.GetMounts())
+		CDIDevices = append(CDIDevices, devices...)
+		specOpts = append(specOpts, customopts.WithCDI(config.Annotations, CDIDevices))
 	}
+
 	return specOpts, nil
 }