From d7594d830c0bf2a0c12d8694e4bd3322fd1f85a4 Mon Sep 17 00:00:00 2001
From: "alex.lyn" <alex.lyn@antgroup.com>
Date: Wed, 15 Nov 2023 10:18:08 +0800
Subject: [PATCH 1/2] runtime-rs: correct the path from cid to device_id.

When a direct volume is used by multiple containers in Kata,
Generating many shared paths with cids will cause IO error
as the result of one direct volume mounts more than once.
To correct it, use the device_id instead of cid which
ensures that the guest only mounts the FS once.

Fixes: #8328

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
---
 src/runtime-rs/crates/resource/src/volume/utils.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/runtime-rs/crates/resource/src/volume/utils.rs b/src/runtime-rs/crates/resource/src/volume/utils.rs
index 2121b02c2c..d5f17d44b4 100644
--- a/src/runtime-rs/crates/resource/src/volume/utils.rs
+++ b/src/runtime-rs/crates/resource/src/volume/utils.rs
@@ -57,13 +57,13 @@ pub fn get_file_name<P: AsRef<Path>>(src: P) -> Result<String> {
 pub(crate) async fn generate_shared_path(
     dest: String,
     read_only: bool,
-    cid: &str,
+    device_id: &str,
     sid: &str,
 ) -> Result<String> {
     let file_name = get_file_name(&dest).context("failed to get file name.")?;
-    let mount_name = generate_mount_path(cid, file_name.as_str());
-    let guest_path = do_get_guest_path(&mount_name, cid, true, false);
-    let host_path = do_get_host_path(&mount_name, sid, cid, true, read_only);
+    let mount_name = generate_mount_path(device_id, file_name.as_str());
+    let guest_path = do_get_guest_path(&mount_name, device_id, true, false);
+    let host_path = do_get_host_path(&mount_name, sid, device_id, true, read_only);
 
     if dest.starts_with("/dev") {
         fs::File::create(&host_path).context(format!("failed to create file {:?}", &host_path))?;

From ba632ba82567069f23e24bc2dd24f0d1fca32c78 Mon Sep 17 00:00:00 2001
From: "alex.lyn" <alex.lyn@antgroup.com>
Date: Wed, 15 Nov 2023 10:37:01 +0800
Subject: [PATCH 2/2] runitme-rs: kata with multi-containers sharing one direct
 volume

When multiple containers in a kata pod share one direct volume,
it's important to make sure that the corresponding block device
is only mounted once in the guest. This means that there should
be only one mount entry for the device in the mount information.

Fixes: #8328

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
---
 .../resource/src/volume/block_volume.rs       | 24 +++++++++----------
 .../crates/resource/src/volume/mod.rs         |  2 +-
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/src/runtime-rs/crates/resource/src/volume/block_volume.rs b/src/runtime-rs/crates/resource/src/volume/block_volume.rs
index d0e361b243..fc79183d1e 100644
--- a/src/runtime-rs/crates/resource/src/volume/block_volume.rs
+++ b/src/runtime-rs/crates/resource/src/volume/block_volume.rs
@@ -35,7 +35,6 @@ impl BlockVolume {
         d: &RwLock<DeviceManager>,
         m: &oci::Mount,
         read_only: bool,
-        cid: &str,
         sid: &str,
     ) -> Result<Self> {
         let mnt_src: &str = &m.source;
@@ -97,23 +96,16 @@ impl BlockVolume {
             .await
             .context("do handle device failed.")?;
 
-        // generate host guest shared path
-        let guest_path = generate_shared_path(m.destination.clone(), read_only, cid, sid)
-            .await
-            .context("generate host-guest shared path failed")?;
-
         // storage
         let mut storage = agent::Storage {
-            mount_point: guest_path.clone(),
+            options: if read_only {
+                vec!["ro".to_string()]
+            } else {
+                Vec::new()
+            },
             ..Default::default()
         };
 
-        storage.options = if read_only {
-            vec!["ro".to_string()]
-        } else {
-            Vec::new()
-        };
-
         // As the true Block Device wrapped in DeviceType, we need to
         // get it out from the wrapper, and the device_id will be for
         // BlockVolume.
@@ -127,6 +119,12 @@ impl BlockVolume {
             device_id = device.device_id;
         }
 
+        // generate host guest shared path
+        let guest_path = generate_shared_path(m.destination.clone(), read_only, &device_id, sid)
+            .await
+            .context("generate host-guest shared path failed")?;
+        storage.mount_point = guest_path.clone();
+
         // In some case, dest is device /dev/xxx
         if m.destination.clone().starts_with("/dev") {
             storage.fs_type = "bind".to_string();
diff --git a/src/runtime-rs/crates/resource/src/volume/mod.rs b/src/runtime-rs/crates/resource/src/volume/mod.rs
index 17cf42a1ec..490181a1df 100644
--- a/src/runtime-rs/crates/resource/src/volume/mod.rs
+++ b/src/runtime-rs/crates/resource/src/volume/mod.rs
@@ -77,7 +77,7 @@ impl VolumeResource {
             } else if is_block_volume(m).context("block volume type")? {
                 // handle block volume
                 Arc::new(
-                    block_volume::BlockVolume::new(d, m, read_only, cid, sid)
+                    block_volume::BlockVolume::new(d, m, read_only, sid)
                         .await
                         .with_context(|| format!("new share fs volume {:?}", m))?,
                 )