From c9ffbaf30dd936845626cdd52f885d2193da5270 Mon Sep 17 00:00:00 2001
From: "alex.lyn" <alex.lyn@antgroup.com>
Date: Sun, 1 Jun 2025 22:01:42 +0800
Subject: [PATCH] runtime-rs: Support handling Kata Virtual Volume in
 handle_rootfs

In CoCo scenarios, there's no image pulling on host side, and it will
disable such operations, that's to say, there's no files sharing between
host and guest, especially for container rootfs.
We introduce Kata Virtual Volume to help handle such cases:
(1) Introduce is_kata_virtual_volume to ensure the volume is kata
virtual volume.
(2) Introduce VirtualVolume Handling logic in handle_rootfs when the
mount is kata virtual volume.

Fixes #10690

Signed-off-by: alex.lyn <alex.lyn@antgroup.com>
---
 .../crates/resource/src/rootfs/mod.rs         | 22 ++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/runtime-rs/crates/resource/src/rootfs/mod.rs b/src/runtime-rs/crates/resource/src/rootfs/mod.rs
index 61317daaa4..e0d34e22ba 100644
--- a/src/runtime-rs/crates/resource/src/rootfs/mod.rs
+++ b/src/runtime-rs/crates/resource/src/rootfs/mod.rs
@@ -12,7 +12,9 @@ use async_trait::async_trait;
 use kata_types::mount::Mount;
 mod block_rootfs;
 pub mod virtual_volume;
+
 use hypervisor::{device::device_manager::DeviceManager, Hypervisor};
+use virtual_volume::{is_kata_virtual_volume, VirtualVolume};
 
 use std::{collections::HashMap, sync::Arc, vec::Vec};
 use tokio::sync::RwLock;
@@ -67,7 +69,7 @@ impl RootFsResource {
         root: &oci::Root,
         bundle_path: &str,
         rootfs_mounts: &[Mount],
-        _annotations: &HashMap<String, String>,
+        annotations: &HashMap<String, String>,
     ) -> Result<Arc<dyn Rootfs>> {
         match rootfs_mounts {
             // if rootfs_mounts is empty
@@ -92,6 +94,17 @@ impl RootFsResource {
                 // Safe as single_layer_rootfs must have one layer
                 let layer = &mounts_vec[0];
                 let mut inner = self.inner.write().await;
+
+                if is_guest_pull_volume(share_fs, layer) {
+                    let mount_options = layer.options.clone();
+                    let virtual_volume: Arc<dyn Rootfs> = Arc::new(
+                        VirtualVolume::new(cid, annotations, mount_options.to_vec())
+                            .await
+                            .context("kata virtual volume failed.")?,
+                    );
+                    return Ok(virtual_volume);
+                }
+
                 let rootfs = if let Some(dev_id) = is_block_rootfs(&layer.source) {
                     // handle block rootfs
                     info!(sl!(), "block device: {}", dev_id);
@@ -160,3 +173,10 @@ impl RootFsResource {
 fn is_single_layer_rootfs(rootfs_mounts: &[Mount]) -> bool {
     rootfs_mounts.len() == 1
 }
+
+pub fn is_guest_pull_volume(
+    share_fs: &Option<Arc<dyn ShareFs>>,
+    m: &kata_types::mount::Mount,
+) -> bool {
+    share_fs.is_none() && is_kata_virtual_volume(m)
+}