From 18e29076f72b514b164b3d52a65412d8421eb783 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 30 Jan 2025 21:07:21 +0100
Subject: [PATCH] pkg/api: honor cdi devices from the hostconfig

pass down the devices specifies in the resources block so that CDI
devices in the compose file are honored.

Tested manually with the following compose file:

services:
  testgpupodman_count:
    image: ubuntu:latest
    command: ["nvidia-smi"]
    profiles: [gpu]
    deploy:
      resources:
        reservations:
          devices:
          - driver: nvidia
            count: 1
            capabilities: [gpu]
  testgpupodman_deviceid:
      image: docker.io/ubuntu:latest
      command: ["nvidia-smi"]
      deploy:
        resources:
          reservations:
            devices:
            - driver: cdi
              device_ids: ['nvidia.com/gpu=all']
              capabilities: [gpu]

Closes: https://github.com/containers/podman/issues/19338

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/api/handlers/compat/containers_create.go |  5 +++++
 test/compose/cdi_device/README.md            |  9 +++++++++
 test/compose/cdi_device/device.json          | 14 ++++++++++++++
 test/compose/cdi_device/docker-compose.yml   | 15 +++++++++++++++
 test/compose/cdi_device/setup.sh             |  9 +++++++++
 test/compose/cdi_device/teardown.sh          |  3 +++
 test/compose/cdi_device/tests.sh             | 11 +++++++++++
 7 files changed, 66 insertions(+)
 create mode 100644 test/compose/cdi_device/README.md
 create mode 100644 test/compose/cdi_device/device.json
 create mode 100644 test/compose/cdi_device/docker-compose.yml
 create mode 100644 test/compose/cdi_device/setup.sh
 create mode 100644 test/compose/cdi_device/teardown.sh
 create mode 100644 test/compose/cdi_device/tests.sh

diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go
index 14b37804f3..02253b9b2a 100644
--- a/pkg/api/handlers/compat/containers_create.go
+++ b/pkg/api/handlers/compat/containers_create.go
@@ -163,6 +163,11 @@ func cliOpts(cc handlers.CreateContainerConfig, rtc *config.Config) (*entities.C
 	for _, dev := range cc.HostConfig.Devices {
 		devices = append(devices, fmt.Sprintf("%s:%s:%s", dev.PathOnHost, dev.PathInContainer, dev.CgroupPermissions))
 	}
+	for _, r := range cc.HostConfig.Resources.DeviceRequests {
+		if r.Driver == "cdi" {
+			devices = append(devices, r.DeviceIDs...)
+		}
+	}
 
 	// iterate blkreaddevicebps
 	readBps := make([]string, 0, len(cc.HostConfig.BlkioDeviceReadBps))
diff --git a/test/compose/cdi_device/README.md b/test/compose/cdi_device/README.md
new file mode 100644
index 0000000000..961af83fc7
--- /dev/null
+++ b/test/compose/cdi_device/README.md
@@ -0,0 +1,9 @@
+cdi devices
+===========
+
+This test copies a CDI device file on a tmpfs mounted on /etc/cdi, then checks that the CDI device in the compose file is present in a container.  The test is skipped when running as rootless.
+
+Validation
+------------
+
+* The CDI device is present in the container.
diff --git a/test/compose/cdi_device/device.json b/test/compose/cdi_device/device.json
new file mode 100644
index 0000000000..d489906914
--- /dev/null
+++ b/test/compose/cdi_device/device.json
@@ -0,0 +1,14 @@
+{
+  "cdiVersion": "0.3.0",
+  "kind": "vendor.com/device",
+  "devices": [
+    {
+      "name": "myKmsg",
+      "containerEdits": {
+        "mounts": [
+          {"hostPath": "/dev/kmsg", "containerPath": "/dev/kmsg1", "options": ["rw", "rprivate", "rbind"]}
+        ]
+      }
+    }
+  ]
+}
diff --git a/test/compose/cdi_device/docker-compose.yml b/test/compose/cdi_device/docker-compose.yml
new file mode 100644
index 0000000000..dfbeb2e906
--- /dev/null
+++ b/test/compose/cdi_device/docker-compose.yml
@@ -0,0 +1,15 @@
+services:
+  test:
+    image: alpine
+    command: ["top"]
+    volumes:
+      - /dev:/dev-host
+    security_opt:
+      - label=disable
+    deploy:
+      resources:
+        reservations:
+          devices:
+          - driver: cdi
+            device_ids: ['vendor.com/device=myKmsg']
+            capabilities: []
diff --git a/test/compose/cdi_device/setup.sh b/test/compose/cdi_device/setup.sh
new file mode 100644
index 0000000000..224caa5443
--- /dev/null
+++ b/test/compose/cdi_device/setup.sh
@@ -0,0 +1,9 @@
+if is_rootless; then
+    reason=" - can't write to /etc/cdi"
+    _show_ok skip "$testname # skip$reason"
+    exit 0
+fi
+
+mkdir -p /etc/cdi
+mount -t tmpfs tmpfs /etc/cdi
+cp device.json /etc/cdi
diff --git a/test/compose/cdi_device/teardown.sh b/test/compose/cdi_device/teardown.sh
new file mode 100644
index 0000000000..770afd1269
--- /dev/null
+++ b/test/compose/cdi_device/teardown.sh
@@ -0,0 +1,3 @@
+if ! is_rootless; then
+    umount -l /etc/cdi
+fi
diff --git a/test/compose/cdi_device/tests.sh b/test/compose/cdi_device/tests.sh
new file mode 100644
index 0000000000..230ad1d10e
--- /dev/null
+++ b/test/compose/cdi_device/tests.sh
@@ -0,0 +1,11 @@
+# -*- bash -*-
+
+ctr_name="cdi_device-test-1"
+
+podman exec "$ctr_name" sh -c 'stat -c "%t:%T" /dev-host/kmsg'
+
+expected=$output
+
+podman exec "$ctr_name" sh -c 'stat -c "%t:%T" /dev/kmsg1'
+
+is "$output" "$expected" "$testname : device /dev/kmsg1 has the same rdev as /dev/kmsg on the host"