From f4bf55550a101487db0705b899c0bfa57106dd67 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 30 Jan 2025 21:07:21 +0100
Subject: [PATCH] pkg/api: honor cdi devices from the hostconfig

pass down the devices specifies in the resources block so that CDI
devices in the compose file are honored.

Tested manually with the following compose file:

services:
  testgpupodman_count:
    image: ubuntu:latest
    command: ["nvidia-smi"]
    profiles: [gpu]
    deploy:
      resources:
        reservations:
          devices:
          - driver: nvidia
            count: 1
            capabilities: [gpu]
  testgpupodman_deviceid:
      image: docker.io/ubuntu:latest
      command: ["nvidia-smi"]
      deploy:
        resources:
          reservations:
            devices:
            - driver: cdi
              device_ids: ['nvidia.com/gpu=all']
              capabilities: [gpu]

Closes: https://github.com/containers/podman/issues/19338

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/api/handlers/compat/containers_create.go |  5 +++++
 test/compose/cdi_device/README.md            |  9 +++++++++
 test/compose/cdi_device/device.json          | 14 ++++++++++++++
 test/compose/cdi_device/docker-compose.yml   | 11 +++++++++++
 test/compose/cdi_device/setup.sh             |  9 +++++++++
 test/compose/cdi_device/teardown.sh          |  4 ++++
 test/compose/cdi_device/tests.sh             |  5 +++++
 7 files changed, 57 insertions(+)
 create mode 100644 test/compose/cdi_device/README.md
 create mode 100644 test/compose/cdi_device/device.json
 create mode 100644 test/compose/cdi_device/docker-compose.yml
 create mode 100644 test/compose/cdi_device/setup.sh
 create mode 100644 test/compose/cdi_device/teardown.sh
 create mode 100644 test/compose/cdi_device/tests.sh

diff --git a/pkg/api/handlers/compat/containers_create.go b/pkg/api/handlers/compat/containers_create.go
index 14b37804f3..02253b9b2a 100644
--- a/pkg/api/handlers/compat/containers_create.go
+++ b/pkg/api/handlers/compat/containers_create.go
@@ -163,6 +163,11 @@ func cliOpts(cc handlers.CreateContainerConfig, rtc *config.Config) (*entities.C
 	for _, dev := range cc.HostConfig.Devices {
 		devices = append(devices, fmt.Sprintf("%s:%s:%s", dev.PathOnHost, dev.PathInContainer, dev.CgroupPermissions))
 	}
+	for _, r := range cc.HostConfig.Resources.DeviceRequests {
+		if r.Driver == "cdi" {
+			devices = append(devices, r.DeviceIDs...)
+		}
+	}
 
 	// iterate blkreaddevicebps
 	readBps := make([]string, 0, len(cc.HostConfig.BlkioDeviceReadBps))
diff --git a/test/compose/cdi_device/README.md b/test/compose/cdi_device/README.md
new file mode 100644
index 0000000000..571659ef48
--- /dev/null
+++ b/test/compose/cdi_device/README.md
@@ -0,0 +1,9 @@
+cdi devices
+===========
+
+This test copies a CDI device file on a tmpfs mounted on /etc/cdi, then checks that the CDI device in the compose file is present in a container.  When running as rootless, the mount is created inside the rootless mount namespasce.
+
+Validation
+------------
+
+* The CDI device is present in the container.
diff --git a/test/compose/cdi_device/device.json b/test/compose/cdi_device/device.json
new file mode 100644
index 0000000000..d489906914
--- /dev/null
+++ b/test/compose/cdi_device/device.json
@@ -0,0 +1,14 @@
+{
+  "cdiVersion": "0.3.0",
+  "kind": "vendor.com/device",
+  "devices": [
+    {
+      "name": "myKmsg",
+      "containerEdits": {
+        "mounts": [
+          {"hostPath": "/dev/kmsg", "containerPath": "/dev/kmsg1", "options": ["rw", "rprivate", "rbind"]}
+        ]
+      }
+    }
+  ]
+}
diff --git a/test/compose/cdi_device/docker-compose.yml b/test/compose/cdi_device/docker-compose.yml
new file mode 100644
index 0000000000..84d9d41a4c
--- /dev/null
+++ b/test/compose/cdi_device/docker-compose.yml
@@ -0,0 +1,11 @@
+services:
+  test:
+    image: alpine
+    command: ["top"]
+    deploy:
+      resources:
+        reservations:
+          devices:
+          - driver: cdi
+            device_ids: ['vendor.com/device=myKmsg']
+            capabilities: []
\ No newline at end of file
diff --git a/test/compose/cdi_device/setup.sh b/test/compose/cdi_device/setup.sh
new file mode 100644
index 0000000000..224caa5443
--- /dev/null
+++ b/test/compose/cdi_device/setup.sh
@@ -0,0 +1,9 @@
+if is_rootless; then
+    reason=" - can't write to /etc/cdi"
+    _show_ok skip "$testname # skip$reason"
+    exit 0
+fi
+
+mkdir -p /etc/cdi
+mount -t tmpfs tmpfs /etc/cdi
+cp device.json /etc/cdi
diff --git a/test/compose/cdi_device/teardown.sh b/test/compose/cdi_device/teardown.sh
new file mode 100644
index 0000000000..e4d82aac1d
--- /dev/null
+++ b/test/compose/cdi_device/teardown.sh
@@ -0,0 +1,4 @@
+if ! is_rootless; then
+    umount /etc/cdi
+    rmdir /etc/cdi || true # do not return an error if the directory is non-empty
+fi
diff --git a/test/compose/cdi_device/tests.sh b/test/compose/cdi_device/tests.sh
new file mode 100644
index 0000000000..ae24aeabb3
--- /dev/null
+++ b/test/compose/cdi_device/tests.sh
@@ -0,0 +1,5 @@
+# -*- bash -*-
+
+ctr_name="cdi_device-test-1"
+
+podman exec "$ctr_name" sh -c 'test /dev/ksmg1'