rust: fs: also allow file systems backed by a block device

We are introducing a new `NewSuperBlock` typestate because file system
implementations need to initialise the block size (`blocksize_bits`)
before they can call `bread`, and they may have to call `bread` before
they can initialise the per-superblock data. IOW, the new typestate
allows the following sequence: enable-bread -> bread -> init data.

Signed-off-by: Wedson Almeida Filho <walmeida@microsoft.com>

Author: wedsonaf

rust/helpers.c

@@ -21,6 +21,7 @@
  */
 
 #include <kunit/test-bug.h>
+#include <linux/blkdev.h>
 #include <linux/buffer_head.h>
 #include <linux/bug.h>
 #include <linux/build_bug.h>
@@ -235,6 +236,13 @@ unsigned int rust_helper_MKDEV(unsigned int major, unsigned int minor)
 EXPORT_SYMBOL_GPL(rust_helper_MKDEV);
 
 #ifdef CONFIG_BUFFER_HEAD
+struct buffer_head *rust_helper_sb_bread(struct super_block *sb,
+		sector_t block)
+{
+	return sb_bread(sb, block);
+}
+EXPORT_SYMBOL_GPL(rust_helper_sb_bread);
+
 void rust_helper_get_bh(struct buffer_head *bh)
 {
 	get_bh(bh);
@@ -248,6 +256,12 @@ void rust_helper_put_bh(struct buffer_head *bh)
 EXPORT_SYMBOL_GPL(rust_helper_put_bh);
 #endif
 
+sector_t rust_helper_bdev_nr_sectors(struct block_device *bdev)
+{
+	return bdev_nr_sectors(bdev);
+}
+EXPORT_SYMBOL_GPL(rust_helper_bdev_nr_sectors);
+
 /*
  * `bindgen` binds the C `size_t` type as the Rust `usize` type, so we can
  * use it in contexts where Rust expects a `usize` like slice (array) indices.

rust/kernel/fs.rs

@@ -21,6 +21,17 @@ pub mod buffer;
 /// Maximum size of an inode.
 pub const MAX_LFS_FILESIZE: i64 = bindings::MAX_LFS_FILESIZE;
 
+/// Type of superblock keying.
+///
+/// It determines how C's `fs_context_operations::get_tree` is implemented.
+pub enum Super {
+    /// Multiple independent superblocks may exist.
+    Independent,
+
+    /// Uses a block device.
+    BlockDev,
+}
+
 /// A file system type.
 pub trait FileSystem {
     /// Data associated with each file system instance (super-block).
@@ -29,6 +40,9 @@ pub trait FileSystem {
     /// The name of the file system type.
     const NAME: &'static CStr;
 
+    /// Determines how superblocks for this file system type are keyed.
+    const SUPER_TYPE: Super = Super::Independent;
+
     /// Initialises a super block for this file system type.
     fn fill_super(sb: NewSuperBlock<'_, Self>) -> Result<&SuperBlock<Self>>;
 
@@ -175,7 +189,9 @@ impl Registration {
                 fs.name = T::NAME.as_char_ptr();
                 fs.init_fs_context = Some(Self::init_fs_context_callback::<T>);
                 fs.kill_sb = Some(Self::kill_sb_callback::<T>);
-                fs.fs_flags = 0;
+                fs.fs_flags = if let Super::BlockDev = T::SUPER_TYPE {
+                    bindings::FS_REQUIRES_DEV as i32
+                } else { 0 };
 
                 // SAFETY: Pointers stored in `fs` are static so will live for as long as the
                 // registration is active (it is undone in `drop`).
@@ -198,9 +214,16 @@ impl Registration {
     unsafe extern "C" fn kill_sb_callback<T: FileSystem + ?Sized>(
         sb_ptr: *mut bindings::super_block,
     ) {
-        // SAFETY: In `get_tree_callback` we always call `get_tree_nodev`, so `kill_anon_super` is
-        // the appropriate function to call for cleanup.
-        unsafe { bindings::kill_anon_super(sb_ptr) };
+        match T::SUPER_TYPE {
+            // SAFETY: In `get_tree_callback` we always call `get_tree_bdev` for
+            // `Super::BlockDev`, so `kill_block_super` is the appropriate function to call
+            // for cleanup.
+            Super::BlockDev => unsafe { bindings::kill_block_super(sb_ptr) },
+            // SAFETY: In `get_tree_callback` we always call `get_tree_nodev` for
+            // `Super::Independent`, so `kill_anon_super` is the appropriate function to call
+            // for cleanup.
+            Super::Independent => unsafe { bindings::kill_anon_super(sb_ptr) },
+        }
 
         // SAFETY: The C API contract guarantees that `sb_ptr` is valid for read.
         let ptr = unsafe { (*sb_ptr).s_fs_info };
@@ -473,12 +496,86 @@ impl<T: FileSystem + ?Sized> SuperBlock<T> {
             })))
         }
     }
+
+    /// Reads a block from the block device.
+    #[cfg(CONFIG_BUFFER_HEAD)]
+    pub fn bread(&self, block: u64) -> Result<ARef<buffer::Head>> {
+        // Fail requests for non-blockdev file systems. This is a compile-time check.
+        match T::SUPER_TYPE {
+            Super::BlockDev => {}
+            _ => return Err(EIO),
+        }
+
+        // SAFETY: This function is only valid after the `NeedsInit` typestate, so the block size
+        // is known and the superblock can be used to read blocks.
+        let ptr =
+            ptr::NonNull::new(unsafe { bindings::sb_bread(self.0.get(), block) }).ok_or(EIO)?;
+        // SAFETY: `sb_bread` returns a referenced buffer head. Ownership of the increment is
+        // passed to the `ARef` instance.
+        Ok(unsafe { ARef::from_raw(ptr.cast()) })
+    }
+
+    /// Reads `size` bytes starting from `offset` bytes.
+    ///
+    /// Returns an iterator that returns slices based on blocks.
+    #[cfg(CONFIG_BUFFER_HEAD)]
+    pub fn read(
+        &self,
+        offset: u64,
+        size: u64,
+    ) -> Result<impl Iterator<Item = Result<buffer::View>> + '_> {
+        struct BlockIter<'a, T: FileSystem + ?Sized> {
+            sb: &'a SuperBlock<T>,
+            next_offset: u64,
+            end: u64,
+        }
+        impl<'a, T: FileSystem + ?Sized> Iterator for BlockIter<'a, T> {
+            type Item = Result<buffer::View>;
+
+            fn next(&mut self) -> Option<Self::Item> {
+                if self.next_offset >= self.end {
+                    return None;
+                }
+
+                // SAFETY: The superblock is valid and has had its block size initialised.
+                let block_size = unsafe { (*self.sb.0.get()).s_blocksize };
+                let bh = match self.sb.bread(self.next_offset / block_size) {
+                    Ok(bh) => bh,
+                    Err(e) => return Some(Err(e)),
+                };
+                let boffset = self.next_offset & (block_size - 1);
+                let bsize = core::cmp::min(self.end - self.next_offset, block_size - boffset);
+                self.next_offset += bsize;
+                Some(Ok(buffer::View::new(bh, boffset as usize, bsize as usize)))
+            }
+        }
+        Ok(BlockIter {
+            sb: self,
+            next_offset: offset,
+            end: offset.checked_add(size).ok_or(ERANGE)?,
+        })
+    }
+
+    /// Returns the number of sectors in the underlying block device.
+    pub fn sector_count(&self) -> Result<u64> {
+        // Fail requests for non-blockdev file systems. This is a compile-time check.
+        match T::SUPER_TYPE {
+            // The superblock is valid and given that it's a blockdev superblock it must have a
+            // valid `s_bdev`.
+            Super::BlockDev => Ok(unsafe { bindings::bdev_nr_sectors((*self.0.get()).s_bdev) }),
+            _ => Err(EIO),
+        }
+    }
 }
 
 /// State of [`NewSuperBlock`] that indicates that [`NewSuperBlock::init`] needs to be called
 /// eventually.
 pub struct NeedsInit;
 
+/// State of [`NewSuperBlock`] that indicates that [`NewSuperBlock::init_data`] needs to be called
+/// eventually.
+pub struct NeedsData;
+
 /// State of [`NewSuperBlock`] that indicates that [`NewSuperBlock::init_root`] needs to be called
 /// eventually.
 pub struct NeedsRoot;
@@ -532,11 +629,7 @@ impl<'a, T: FileSystem + ?Sized> NewSuperBlock<'a, T, NeedsInit> {
     }
 
     /// Initialises the superblock.
-    pub fn init(
-        self,
-        params: &SuperParams,
-        data: T::Data,
-    ) -> Result<NewSuperBlock<'a, T, NeedsRoot>> {
+    pub fn init(self, params: &SuperParams) -> Result<NewSuperBlock<'a, T, NeedsData>> {
         // SAFETY: Since this is a new super block, we hold the only reference to it.
         let sb = unsafe { &mut *self.sb.0.get() };
 
@@ -553,16 +646,38 @@ impl<'a, T: FileSystem + ?Sized> NewSuperBlock<'a, T, NeedsInit> {
         sb.s_blocksize = 1 << sb.s_blocksize_bits;
         sb.s_flags |= bindings::SB_RDONLY;
 
-        // No failures are allowed beyond this point, otherwise we'll leak `data`.
-        sb.s_fs_info = data.into_foreign().cast_mut();
-
         Ok(NewSuperBlock {
             sb: self.sb,
             _p: PhantomData,
         })
     }
 }
 
+impl<'a, T: FileSystem + ?Sized> NewSuperBlock<'a, T, NeedsData> {
+    /// Initialises the superblock data.
+    pub fn init_data(self, data: T::Data) -> NewSuperBlock<'a, T, NeedsRoot> {
+        // SAFETY: Since this is a new superblock, we hold the only reference to it.
+        let sb = unsafe { &mut *self.sb.0.get() };
+        sb.s_fs_info = data.into_foreign().cast_mut();
+
+        NewSuperBlock {
+            sb: self.sb,
+            _p: PhantomData,
+        }
+    }
+
+    /// Reads a block from the block device.
+    #[cfg(CONFIG_BUFFER_HEAD)]
+    pub fn bread(&self, block: u64) -> Result<ARef<buffer::Head>> {
+        self.sb.bread(block)
+    }
+
+    /// Returns the number of sectors in the underlying block device.
+    pub fn sector_count(&self) -> Result<u64> {
+        self.sb.sector_count()
+    }
+}
+
 impl<'a, T: FileSystem + ?Sized> NewSuperBlock<'a, T, NeedsRoot> {
     /// Initialises the root of the superblock.
     pub fn init_root(self, inode: ARef<INode<T>>) -> Result<&'a SuperBlock<T>> {
@@ -608,9 +723,18 @@ impl<T: FileSystem + ?Sized> Tables<T> {
     };
 
     unsafe extern "C" fn get_tree_callback(fc: *mut bindings::fs_context) -> core::ffi::c_int {
-        // SAFETY: `fc` is valid per the callback contract. `fill_super_callback` also has
-        // the right type and is a valid callback.
-        unsafe { bindings::get_tree_nodev(fc, Some(Self::fill_super_callback)) }
+        match T::SUPER_TYPE {
+            // SAFETY: `fc` is valid per the callback contract. `fill_super_callback` also has
+            // the right type and is a valid callback.
+            Super::BlockDev => unsafe {
+                bindings::get_tree_bdev(fc, Some(Self::fill_super_callback))
+            },
+            // SAFETY: `fc` is valid per the callback contract. `fill_super_callback` also has
+            // the right type and is a valid callback.
+            Super::Independent => unsafe {
+                bindings::get_tree_nodev(fc, Some(Self::fill_super_callback))
+            },
+        }
     }
 
     unsafe extern "C" fn fill_super_callback(

rust/kernel/fs/buffer.rs

@@ -49,7 +49,6 @@ pub struct View {
 }
 
 impl View {
-    #[allow(dead_code)]
     pub(crate) fn new(head: ARef<Head>, offset: usize, size: usize) -> Self {
         Self { head, size, offset }
     }

samples/rust/rust_rofs.rs

@@ -56,15 +56,14 @@ impl fs::FileSystem for RoFs {
     const NAME: &'static CStr = c_str!("rust-fs");
 
     fn fill_super(sb: NewSuperBlock<'_, Self>) -> Result<&SuperBlock<Self>> {
-        let sb = sb.init(
-            &SuperParams {
+        let sb = sb
+            .init(&SuperParams {
                 magic: 0x52555354,
                 blocksize_bits: 12,
                 maxbytes: fs::MAX_LFS_FILESIZE,
                 time_gran: 1,
-            },
-            (),
-        )?;
+            })?
+            .init_data(());
         let root = match sb.get_or_create_inode(1)? {
             Either::Left(existing) => existing,
             Either::Right(new) => new.init(INodeParams {