From 59ed19e8b20315697d166c34bf418a2517a8e086 Mon Sep 17 00:00:00 2001
From: Xuewei Niu <niuxuewei.nxw@antgroup.com>
Date: Wed, 11 Dec 2024 00:50:36 +0800
Subject: [PATCH 1/2] runtime-rs: Fix the issues with bind volumes

This path fixes the logic of getting the type of volume: when the type of
OCI mount is Some("none") and the options have "bind" or "rbind", the
type will be considered as "bind".

Fixes: #10642

Signed-off-by: Xuewei Niu <niuxuewei.nxw@antgroup.com>
---
 src/libs/kata-sys-util/src/mount.rs             | 17 +++++++++++++++--
 .../src/share_fs/virtio_fs_share_mount.rs       |  2 +-
 .../crates/resource/src/volume/direct_volume.rs |  2 +-
 .../src/volume/direct_volumes/spdk_volume.rs    |  2 +-
 .../src/volume/direct_volumes/vfio_volume.rs    |  2 +-
 .../resource/src/volume/share_fs_volume.rs      |  4 ++--
 .../crates/resource/src/volume/shm_volume.rs    |  2 +-
 7 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/src/libs/kata-sys-util/src/mount.rs b/src/libs/kata-sys-util/src/mount.rs
index ae9cee0a3a..6972836054 100644
--- a/src/libs/kata-sys-util/src/mount.rs
+++ b/src/libs/kata-sys-util/src/mount.rs
@@ -53,6 +53,7 @@ use std::time::Instant;
 use lazy_static::lazy_static;
 use nix::mount::{mount, MntFlags, MsFlags};
 use nix::{unistd, NixPath};
+use oci_spec::runtime as oci;
 
 use crate::fs::is_symlink;
 use crate::sl;
@@ -799,8 +800,20 @@ pub fn get_mount_options(options: &Option<Vec<String>>) -> Vec<String> {
     }
 }
 
-pub fn get_mount_type(typ: &Option<String>) -> String {
-    typ.clone().unwrap_or("bind".to_string())
+pub fn get_mount_type(m: &oci::Mount) -> String {
+    m.typ()
+        .clone()
+        .map(|typ| {
+            if typ.as_str() == "none" {
+                if let Some(opts) = m.options() {
+                    if opts.iter().any(|opt| opt == "bind" || opt == "rbind") {
+                        return "bind".to_string();
+                    }
+                }
+            }
+            typ
+        })
+        .unwrap_or("bind".to_string())
 }
 
 #[cfg(test)]
diff --git a/src/runtime-rs/crates/resource/src/share_fs/virtio_fs_share_mount.rs b/src/runtime-rs/crates/resource/src/share_fs/virtio_fs_share_mount.rs
index c213c2d053..74943d4b9e 100644
--- a/src/runtime-rs/crates/resource/src/share_fs/virtio_fs_share_mount.rs
+++ b/src/runtime-rs/crates/resource/src/share_fs/virtio_fs_share_mount.rs
@@ -120,7 +120,7 @@ impl ShareFsMount for VirtiofsShareMount {
                 guest_path,
                 storages,
             });
-        } else if get_mount_type(config.mount.typ()).as_str() == mount::KATA_EPHEMERAL_VOLUME_TYPE {
+        } else if get_mount_type(&config.mount).as_str() == mount::KATA_EPHEMERAL_VOLUME_TYPE {
             // refer to the golang `handleEphemeralStorage` code at
             // https://github.com/kata-containers/kata-containers/blob/9516286f6dd5cfd6b138810e5d7c9e01cf6fc043/src/runtime/virtcontainers/kata_agent.go#L1354
 
diff --git a/src/runtime-rs/crates/resource/src/volume/direct_volume.rs b/src/runtime-rs/crates/resource/src/volume/direct_volume.rs
index e4888f17d1..f20e2ffb90 100644
--- a/src/runtime-rs/crates/resource/src/volume/direct_volume.rs
+++ b/src/runtime-rs/crates/resource/src/volume/direct_volume.rs
@@ -98,7 +98,7 @@ pub(crate) async fn handle_direct_volume(
 }
 
 pub(crate) fn is_direct_volume(m: &oci::Mount) -> Result<bool> {
-    let mnt_type = get_mount_type(m.typ());
+    let mnt_type = get_mount_type(m);
     let mount_type = mnt_type.as_str();
 
     // Filter the non-bind volume and non-direct-vol volume
diff --git a/src/runtime-rs/crates/resource/src/volume/direct_volumes/spdk_volume.rs b/src/runtime-rs/crates/resource/src/volume/direct_volumes/spdk_volume.rs
index ad6ab800ff..bb771e1bed 100644
--- a/src/runtime-rs/crates/resource/src/volume/direct_volumes/spdk_volume.rs
+++ b/src/runtime-rs/crates/resource/src/volume/direct_volumes/spdk_volume.rs
@@ -125,7 +125,7 @@ impl SPDKVolume {
             .context("generate host-guest shared path failed")?;
         storage.mount_point = guest_path.clone();
 
-        if get_mount_type(m.typ()).as_str() != "bind" {
+        if get_mount_type(m).as_str() != "bind" {
             storage.fs_type = mount_info.fs_type.clone();
         } else {
             storage.fs_type = DEFAULT_VOLUME_FS_TYPE.to_string();
diff --git a/src/runtime-rs/crates/resource/src/volume/direct_volumes/vfio_volume.rs b/src/runtime-rs/crates/resource/src/volume/direct_volumes/vfio_volume.rs
index ae28c32605..a12a3a3ee0 100644
--- a/src/runtime-rs/crates/resource/src/volume/direct_volumes/vfio_volume.rs
+++ b/src/runtime-rs/crates/resource/src/volume/direct_volumes/vfio_volume.rs
@@ -80,7 +80,7 @@ impl VfioVolume {
             .context("generate host-guest shared path failed")?;
         storage.mount_point = guest_path.clone();
 
-        if get_mount_type(m.typ()).as_str() != "bind" {
+        if get_mount_type(m).as_str() != "bind" {
             storage.fs_type = mount_info.fs_type.clone();
         } else {
             storage.fs_type = DEFAULT_VOLUME_FS_TYPE.to_string();
diff --git a/src/runtime-rs/crates/resource/src/volume/share_fs_volume.rs b/src/runtime-rs/crates/resource/src/volume/share_fs_volume.rs
index 732e550d5a..7aa30c52b1 100644
--- a/src/runtime-rs/crates/resource/src/volume/share_fs_volume.rs
+++ b/src/runtime-rs/crates/resource/src/volume/share_fs_volume.rs
@@ -308,8 +308,8 @@ impl Volume for ShareFsVolume {
 }
 
 pub(crate) fn is_share_fs_volume(m: &oci::Mount) -> bool {
-    (get_mount_type(m.typ()).as_str() == "bind"
-        || get_mount_type(m.typ()).as_str() == mount::KATA_EPHEMERAL_VOLUME_TYPE)
+    let mount_type = get_mount_type(m);
+    (mount_type == "bind" || mount_type == mount::KATA_EPHEMERAL_VOLUME_TYPE)
         && !is_host_device(&get_mount_path(&Some(m.destination().clone())))
         && !is_system_mount(&get_mount_path(m.source()))
 }
diff --git a/src/runtime-rs/crates/resource/src/volume/shm_volume.rs b/src/runtime-rs/crates/resource/src/volume/shm_volume.rs
index d2cf9470a0..54b99e5186 100644
--- a/src/runtime-rs/crates/resource/src/volume/shm_volume.rs
+++ b/src/runtime-rs/crates/resource/src/volume/shm_volume.rs
@@ -115,5 +115,5 @@ impl Volume for ShmVolume {
 
 pub(crate) fn is_shm_volume(m: &oci::Mount) -> bool {
     get_mount_path(&Some(m.destination().clone())).as_str() == "/dev/shm"
-        && get_mount_type(m.typ()).as_str() != KATA_EPHEMERAL_DEV_TYPE
+        && get_mount_type(m).as_str() != KATA_EPHEMERAL_DEV_TYPE
 }

From 3fb91dd631bb111e4dbc89177087e6a8f0a99c71 Mon Sep 17 00:00:00 2001
From: Xuewei Niu <niuxuewei.nxw@antgroup.com>
Date: Wed, 11 Dec 2024 00:51:32 +0800
Subject: [PATCH 2/2] agent: Fix the issues with bind volumes

The mount type should be considered as empty if the value is
`Some("none")`.

Fixes: #10642

Signed-off-by: Xuewei Niu <niuxuewei.nxw@antgroup.com>
---
 src/agent/rustjail/src/mount.rs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/agent/rustjail/src/mount.rs b/src/agent/rustjail/src/mount.rs
index 14e3d95608..d02aabeedc 100644
--- a/src/agent/rustjail/src/mount.rs
+++ b/src/agent/rustjail/src/mount.rs
@@ -233,7 +233,7 @@ pub fn init_rootfs(
         // bind may be only specified in the oci spec options -> flags update r#type
         let m = &{
             let mut mbind = m.clone();
-            if mbind.typ().is_none() && flags & MsFlags::MS_BIND == MsFlags::MS_BIND {
+            if is_none_mount_type(mbind.typ()) && flags & MsFlags::MS_BIND == MsFlags::MS_BIND {
                 mbind.set_typ(Some("bind".to_string()));
             }
             mbind
@@ -397,6 +397,13 @@ fn mount_cgroups_v2(cfd_log: RawFd, m: &Mount, rootfs: &str, flags: MsFlags) ->
     Ok(())
 }
 
+fn is_none_mount_type(typ: &Option<String>) -> bool {
+    match typ {
+        Some(t) => t == "none",
+        None => true,
+    }
+}
+
 fn mount_cgroups(
     cfd_log: RawFd,
     m: &Mount,