rust: fs: also allow file systems backed by a block device

We are introducing a new `NewSuperBlock` typestate because file system
implementations need to initialise the block size (`blocksize_bits`)
before they can call `bread`, and they may have to call `bread` before
they can initialise the per-superblock data. IOW, the new typestate
allows the following sequence: enable-bread -> bread -> init data.

Signed-off-by: Wedson Almeida Filho <[email protected]>

Author: wedsonaf

rust/helpers.c

@@ -21,6 +21,7 @@
  */
 
 #include <kunit/test-bug.h>
+#include <linux/blkdev.h>
 #include <linux/buffer_head.h>
 #include <linux/bug.h>
 #include <linux/build_bug.h>
@@ -234,6 +235,13 @@ unsigned int rust_helper_MKDEV(unsigned int major, unsigned int minor)
 }
 EXPORT_SYMBOL_GPL(rust_helper_MKDEV);
 
+struct buffer_head *rust_helper_sb_bread(struct super_block *sb,
+		sector_t block)
+{
+	return sb_bread(sb, block);
+}
+EXPORT_SYMBOL_GPL(rust_helper_sb_bread);
+
 void rust_helper_get_bh(struct buffer_head *bh)
 {
 	get_bh(bh);
@@ -246,6 +254,12 @@ void rust_helper_put_bh(struct buffer_head *bh)
 }
 EXPORT_SYMBOL_GPL(rust_helper_put_bh);
 
+sector_t rust_helper_bdev_nr_sectors(struct block_device *bdev)
+{
+	return bdev_nr_sectors(bdev);
+}
+EXPORT_SYMBOL_GPL(rust_helper_bdev_nr_sectors);
+
 /*
  * `bindgen` binds the C `size_t` type as the Rust `usize` type, so we can
  * use it in contexts where Rust expects a `usize` like slice (array) indices.

rust/kernel/fs.rs

@@ -22,6 +22,17 @@ pub mod ro {
     use core::{marker::PhantomData, marker::PhantomPinned, mem::ManuallyDrop, pin::Pin, ptr};
     use macros::{pin_data, pinned_drop};
 
+    /// Type of superblock keying.
+    ///
+    /// It determines how C's `fs_context_operations::get_tree` is implemented.
+    pub enum Super {
+        /// Multiple independent superblocks may exist.
+        Independent,
+
+        /// Uses a block device.
+        BlockDev,
+    }
+
     /// A read-only file system type.
     pub trait Type {
         /// Data associated with each file system instance (super-block).
@@ -30,6 +41,9 @@ pub mod ro {
         /// The name of the file system type.
         const NAME: &'static CStr;
 
+        /// Determines how superblocks for this file system type are keyed.
+        const SUPER_TYPE: Super = Super::Independent;
+
         /// Initialises a super block for this file system type.
         fn fill_super(sb: NewSuperBlock<'_, Self>) -> Result<&SuperBlock<Self>>;
 
@@ -184,7 +198,9 @@ pub mod ro {
                     fs.name = T::NAME.as_char_ptr();
                     fs.init_fs_context = Some(Self::init_fs_context_callback::<T>);
                     fs.kill_sb = Some(Self::kill_sb_callback::<T>);
-                    fs.fs_flags = 0;
+                    fs.fs_flags = if let Super::BlockDev = T::SUPER_TYPE {
+                        bindings::FS_REQUIRES_DEV as i32
+                    } else { 0 };
 
                     // SAFETY: Pointers stored in `fs` are static so will live for as long as the
                     // registration is active (it is undone in `drop`).
@@ -207,9 +223,16 @@ pub mod ro {
         unsafe extern "C" fn kill_sb_callback<T: Type + ?Sized>(
             sb_ptr: *mut bindings::super_block,
         ) {
-            // SAFETY: In `get_tree_callback` we always call `get_tree_nodev`, so `kill_anon_super`
-            // is the appropriate function to call for cleanup.
-            unsafe { bindings::kill_anon_super(sb_ptr) };
+            match T::SUPER_TYPE {
+                // SAFETY: In `get_tree_callback` we always call `get_tree_bdev` for
+                // `Super::BlockDev`, so `kill_block_super` is the appropriate function to call
+                // for cleanup.
+                Super::BlockDev => unsafe { bindings::kill_block_super(sb_ptr) },
+                // SAFETY: In `get_tree_callback` we always call `get_tree_nodev` for
+                // `Super::Independent`, so `kill_anon_super` is the appropriate function to call
+                // for cleanup.
+                Super::Independent => unsafe { bindings::kill_anon_super(sb_ptr) },
+            }
 
             // SAFETY: The C api contract guarantees that `sb_ptr` is valid for read.
             let ptr = unsafe { (*sb_ptr).s_fs_info };
@@ -480,12 +503,88 @@ pub mod ro {
                 })))
             }
         }
+
+        /// Reads a block from the block device.
+        pub fn bread(&self, block: u64) -> Result<ARef<super::buffer::Head>> {
+            // Fail requests for non-blockdev file systems. This is a compile-time check.
+            match T::SUPER_TYPE {
+                Super::BlockDev => {}
+                _ => return Err(EIO),
+            }
+
+            // SAFET: This function is only valid after the `NeedsInit` typestate, so the block
+            // size is known and the superblock can be used to read blocks.
+            let ptr =
+                ptr::NonNull::new(unsafe { bindings::sb_bread(self.0.get(), block) }).ok_or(EIO)?;
+            // SAFETY: `sb_bread` returns a referenced buffer head. Ownership of the increment is
+            // passed to the `ARef` instance.
+            Ok(unsafe { ARef::from_raw(ptr.cast()) })
+        }
+
+        /// Reads `size` bytes starting from `offset` bytes.
+        ///
+        /// Returns an iterator that returns slices based on blocks.
+        pub fn read(
+            &self,
+            offset: u64,
+            size: u64,
+        ) -> Result<impl Iterator<Item = Result<super::buffer::View>> + '_> {
+            struct BlockIter<'a, T: Type + ?Sized> {
+                sb: &'a SuperBlock<T>,
+                next_offset: u64,
+                end: u64,
+            }
+            impl<'a, T: Type + ?Sized> Iterator for BlockIter<'a, T> {
+                type Item = Result<super::buffer::View>;
+
+                fn next(&mut self) -> Option<Self::Item> {
+                    if self.next_offset >= self.end {
+                        return None;
+                    }
+
+                    // SAFETY: The superblock is valid and has had its block size initialised.
+                    let block_size = unsafe { (*self.sb.0.get()).s_blocksize };
+                    let bh = match self.sb.bread(self.next_offset / block_size) {
+                        Ok(bh) => bh,
+                        Err(e) => return Some(Err(e)),
+                    };
+                    let boffset = self.next_offset & (block_size - 1);
+                    let bsize = core::cmp::min(self.end - self.next_offset, block_size - boffset);
+                    self.next_offset += bsize;
+                    Some(Ok(super::buffer::View::new(
+                        bh,
+                        boffset as usize,
+                        bsize as usize,
+                    )))
+                }
+            }
+            Ok(BlockIter {
+                sb: self,
+                next_offset: offset,
+                end: offset.checked_add(size).ok_or(ERANGE)?,
+            })
+        }
+
+        /// Returns the number of sectors in the underlying block device.
+        pub fn sector_count(&self) -> Result<u64> {
+            // Fail requests for non-blockdev file systems. This is a compile-time check.
+            match T::SUPER_TYPE {
+                // The superblock is valid and given that it's a blockdev superblock it must have a
+                // valid `s_bdev`.
+                Super::BlockDev => Ok(unsafe { bindings::bdev_nr_sectors((*self.0.get()).s_bdev) }),
+                _ => Err(EIO),
+            }
+        }
     }
 
     /// State of [`NewSuperBlock`] that indicates that [`NewSuperBlock::init`] needs to be called
     /// eventually.
     pub struct NeedsInit;
 
+    /// State of [`NewSuperBlock`] that indicates that [`NewSuperBlock::init_data`] needs to be
+    /// called eventually.
+    pub struct NeedsData;
+
     /// State of [`NewSuperBlock`] that indicates that [`NewSuperBlock::init_root`] needs to be
     /// called eventually.
     pub struct NeedsRoot;
@@ -540,11 +639,7 @@ pub mod ro {
         }
 
         /// Initialises the superblock.
-        pub fn init(
-            self,
-            params: &SuperParams,
-            data: T::Data,
-        ) -> Result<NewSuperBlock<'a, T, NeedsRoot>> {
+        pub fn init(self, params: &SuperParams) -> Result<NewSuperBlock<'a, T, NeedsData>> {
             // SAFETY: Since this is a new super block, we hold the only reference to it.
             let sb = unsafe { &mut *self.sb.0.get() };
 
@@ -561,16 +656,37 @@ pub mod ro {
             sb.s_blocksize = 1 << sb.s_blocksize_bits;
             sb.s_flags |= bindings::SB_RDONLY;
 
-            // No failures are allowed beyond this point, otherwise we'll leak `data`.
-            sb.s_fs_info = data.into_foreign().cast_mut();
-
             Ok(NewSuperBlock {
                 sb: self.sb,
                 _p: PhantomData,
             })
         }
     }
 
+    impl<'a, T: Type + ?Sized> NewSuperBlock<'a, T, NeedsData> {
+        /// Initialises the superblock data.
+        pub fn init_data(self, data: T::Data) -> NewSuperBlock<'a, T, NeedsRoot> {
+            // SAFETY: Since this is a new superblock, we hold the only reference to it.
+            let sb = unsafe { &mut *self.sb.0.get() };
+            sb.s_fs_info = data.into_foreign().cast_mut();
+
+            NewSuperBlock {
+                sb: self.sb,
+                _p: PhantomData,
+            }
+        }
+
+        /// Reads a block from the block device.
+        pub fn bread(&self, block: u64) -> Result<ARef<super::buffer::Head>> {
+            self.sb.bread(block)
+        }
+
+        /// Returns the number of sectors in the underlying block device.
+        pub fn sector_count(&self) -> Result<u64> {
+            self.sb.sector_count()
+        }
+    }
+
     impl<'a, T: Type + ?Sized> NewSuperBlock<'a, T, NeedsRoot> {
         /// Initialises the root of the superblock.
         pub fn init_root(self, inode: ARef<INode<T>>) -> Result<&'a SuperBlock<T>> {
@@ -615,9 +731,18 @@ pub mod ro {
         };
 
         unsafe extern "C" fn get_tree_callback(fc: *mut bindings::fs_context) -> core::ffi::c_int {
-            // SAFETY: `fc` is valid per the callback contract. `fill_super_callback` also has
-            // the right type and is a valid callback.
-            unsafe { bindings::get_tree_nodev(fc, Some(Self::fill_super_callback)) }
+            match T::SUPER_TYPE {
+                // SAFETY: `fc` is valid per the callback contract. `fill_super_callback` also has
+                // the right type and is a valid callback.
+                Super::BlockDev => unsafe {
+                    bindings::get_tree_bdev(fc, Some(Self::fill_super_callback))
+                },
+                // SAFETY: `fc` is valid per the callback contract. `fill_super_callback` also has
+                // the right type and is a valid callback.
+                Super::Independent => unsafe {
+                    bindings::get_tree_nodev(fc, Some(Self::fill_super_callback))
+                },
+            }
         }
 
         unsafe extern "C" fn fill_super_callback(

rust/kernel/fs/buffer.rs

@@ -49,7 +49,6 @@ pub struct View {
 }
 
 impl View {
-    #[allow(dead_code)]
     pub(crate) fn new(head: ARef<Head>, offset: usize, size: usize) -> Self {
         Self { head, size, offset }
     }

samples/rust/rust_rofs.rs

@@ -56,15 +56,14 @@ impl fs::ro::Type for RoFs {
     const NAME: &'static CStr = c_str!("rust-fs");
 
     fn fill_super(sb: NewSuperBlock<'_, Self>) -> Result<&SuperBlock<Self>> {
-        let sb = sb.init(
-            &SuperParams {
+        let sb = sb
+            .init(&SuperParams {
                 magic: 0x52555354,
                 blocksize_bits: 12,
                 maxbytes: fs::MAX_LFS_FILESIZE,
                 time_gran: 1,
-            },
-            (),
-        )?;
+            })?
+            .init_data(());
         let root = match sb.get_or_create_inode(1)? {
             Either::Left(existing) => existing,
             Either::Right(new) => new.init(INodeParams {