rust: fs: allow the icache lookup and creation of inodes

wedsonaf · wedsonaf · commit d2489f39d690 · 2023-09-29T18:46:15.000-03:00
For now we only support directory inodes, but more will be added in
subsequent commits.

We now require the root inode to be specified when initialising a new
super block (instead of crafting one ourselves).

The `NewINode` type ensures that a new inode is properly initialised
before it is marked so. It also facilitates error paths by automatically
marking inodes as failed if they're not properly initialised.

Signed-off-by: Wedson Almeida Filho &lt;walmeida@microsoft.com&gt;
diff --git a/rust/helpers.c b/rust/helpers.c
@@ -145,6 +145,18 @@ struct kunit *rust_helper_kunit_get_current_test(void)
 }
 EXPORT_SYMBOL_GPL(rust_helper_kunit_get_current_test);
 
+void rust_helper_i_uid_write(struct inode *inode, uid_t uid)
+{
+	i_uid_write(inode, uid);
+}
+EXPORT_SYMBOL_GPL(rust_helper_i_uid_write);
+
+void rust_helper_i_gid_write(struct inode *inode, gid_t gid)
+{
+	i_gid_write(inode, gid);
+}
+EXPORT_SYMBOL_GPL(rust_helper_i_gid_write);
+
 off_t rust_helper_i_size_read(const struct inode *inode)
 {
 	return i_size_read(inode);
diff --git a/rust/kernel/fs.rs b/rust/kernel/fs.rs
@@ -12,9 +12,9 @@ pub const MAX_LFS_FILESIZE: i64 = bindings::MAX_LFS_FILESIZE;
 /// Read-only file systems.
 pub mod ro {
     use crate::error::{code::*, from_result, to_result, Error, Result};
-    use crate::types::{AlwaysRefCounted, Opaque};
-    use crate::{bindings, init::PinInit, str::CStr, try_pin_init, ThisModule};
-    use core::{marker::PhantomData, marker::PhantomPinned, pin::Pin, ptr};
+    use crate::types::{ARef, AlwaysRefCounted, Either, Opaque};
+    use crate::{bindings, init::PinInit, str::CStr, time::Time, try_pin_init, ThisModule};
+    use core::{marker::PhantomData, marker::PhantomPinned, mem::ManuallyDrop, pin::Pin, ptr};
     use macros::{pin_data, pinned_drop};
 
     /// A read-only file system type.
@@ -137,12 +137,138 @@ pub mod ro {
         }
     }
 
+    /// An inode that is locked and hasn't been initialised yet.
+    #[repr(transparent)]
+    pub struct NewINode<T: Type + ?Sized>(ARef<INode<T>>);
+
+    impl<T: Type + ?Sized> NewINode<T> {
+        /// Initialises the new inode with the given parameters.
+        pub fn init(self, params: INodeParams) -> Result<ARef<INode<T>>> {
+            // SAFETY: This is a new inode, so it's safe to manipulate it mutably.
+            let inode = unsafe { &mut *self.0 .0.get() };
+
+            let mode = match params.typ {
+                INodeType::Dir => {
+                    // SAFETY: `simple_dir_operations` never changes, it's safe to reference it.
+                    inode.__bindgen_anon_3.i_fop = unsafe { &bindings::simple_dir_operations };
+
+                    // SAFETY: `simple_dir_inode_operations` never changes, it's safe to reference it.
+                    inode.i_op = unsafe { &bindings::simple_dir_inode_operations };
+                    bindings::S_IFDIR
+                }
+            };
+
+            inode.i_mode = (params.mode & 0o777) | u16::try_from(mode)?;
+            inode.i_size = params.size;
+            inode.i_blocks = params.blocks;
+
+            inode.__i_ctime = params.ctime.into();
+            inode.i_mtime = params.mtime.into();
+            inode.i_atime = params.atime.into();
+
+            // SAFETY: inode is a new inode, so it is valid for write.
+            unsafe {
+                bindings::set_nlink(inode, params.nlink);
+                bindings::i_uid_write(inode, params.uid);
+                bindings::i_gid_write(inode, params.gid);
+                bindings::unlock_new_inode(inode);
+            }
+
+            // SAFETY: We are manually destructuring `self` and preventing `drop` from being
+            // called.
+            Ok(unsafe { (&ManuallyDrop::new(self).0 as *const ARef<INode<T>>).read() })
+        }
+    }
+
+    impl<T: Type + ?Sized> Drop for NewINode<T> {
+        fn drop(&mut self) {
+            // SAFETY: The new inode failed to be turned into an initialised inode, so it's safe
+            // (and in fact required) to call `iget_failed` on it.
+            unsafe { bindings::iget_failed(self.0 .0.get()) };
+        }
+    }
+
+    /// The type of the inode.
+    #[derive(Copy, Clone)]
+    pub enum INodeType {
+        /// Directory type.
+        Dir,
+    }
+
+    /// Required inode parameters.
+    ///
+    /// This is used when creating new inodes.
+    pub struct INodeParams {
+        /// The access mode. It's a mask that grants execute (1), write (2) and read (4) access to
+        /// everyone, the owner group, and the owner.
+        pub mode: u16,
+
+        /// Type of inode.
+        ///
+        /// Also carries additional per-type data.
+        pub typ: INodeType,
+
+        /// Size of the contents of the inode.
+        ///
+        /// Its maximum value is [`super::MAX_LFS_FILESIZE`].
+        pub size: i64,
+
+        /// Number of blocks.
+        pub blocks: u64,
+
+        /// Number of links to the inode.
+        pub nlink: u32,
+
+        /// User id.
+        pub uid: u32,
+
+        /// Group id.
+        pub gid: u32,
+
+        /// Creation time.
+        pub ctime: Time,
+
+        /// Last modification time.
+        pub mtime: Time,
+
+        /// Last access time.
+        pub atime: Time,
+    }
+
     /// A file system super block.
     ///
     /// Wraps the kernel's `struct super_block`.
     #[repr(transparent)]
     pub struct SuperBlock<T: Type + ?Sized>(Opaque<bindings::super_block>, PhantomData<T>);
 
+    impl<T: Type + ?Sized> SuperBlock<T> {
+        /// Tries to get an existing inode or create a new one if it doesn't exist yet.
+        pub fn get_or_create_inode(&self, ino: u64) -> Result<Either<ARef<INode<T>>, NewINode<T>>> {
+            // SAFETY: The only initialisation missing from the superblock is the root, and this
+            // function is needed to create the root, so it's safe to call it.
+            let inode = ptr::NonNull::new(unsafe { bindings::iget_locked(self.0.get(), ino) })
+                .ok_or(ENOMEM)?;
+
+            // SAFETY: `inode` is valid for read, but there could be concurrent writers (e.g., if
+            // it's an already-initialised inode), so we use `read_volatile` to read its current
+            // state.
+            let state = unsafe { ptr::read_volatile(ptr::addr_of!((*inode.as_ptr()).i_state)) };
+            if state & u64::from(bindings::I_NEW) == 0 {
+                // The inode is cached. Just return it.
+                //
+                // SAFETY: `inode` had its refcount incremented by `iget_locked`; this increment is
+                // now owned by `ARef`.
+                Ok(Either::Left(unsafe { ARef::from_raw(inode.cast()) }))
+            } else {
+                // SAFETY: The new inode is valid but not fully initialised yet, so it's ok to
+                // create a `NewINode`.
+                Ok(Either::Right(NewINode(unsafe {
+                    ARef::from_raw(inode.cast())
+                })))
+            }
+        }
+    }
+
     /// Required superblock parameters.
     ///
     /// This is used in [`NewSuperBlock::init`].
@@ -191,7 +317,7 @@ pub mod ro {
         }
 
         /// Initialises the superblock.
-        pub fn init(self, params: &SuperParams) -> Result<&'a SuperBlock<T>> {
+        pub fn init(self, params: &SuperParams, root: ARef<INode<T>>) -> Result<&'a SuperBlock<T>> {
             // SAFETY: Since this is a new super block, we hold the only reference to it.
             let sb = unsafe { &mut *self.sb.0.get() };
 
@@ -207,35 +333,16 @@ pub mod ro {
             sb.s_blocksize = 1 << sb.s_blocksize_bits;
             sb.s_flags |= bindings::SB_RDONLY;
 
-            // The following is scaffolding code that will be removed in a subsequent patch. It is
-            // needed to build a root dentry, otherwise core code will BUG().
-            let inode = unsafe { bindings::new_inode(sb) };
-            if inode.is_null() {
-                return Err(ENOMEM);
-            }
-
-            // SAFETY: `inode` is valid for write.
-            unsafe { bindings::set_nlink(inode, 2) };
-
-            {
-                // SAFETY: This is a newly-created inode. No other references to it exist, so it is
-                // safe to mutably dereference it.
-                let inode = unsafe { &mut *inode };
-                inode.i_ino = 1;
-                inode.i_mode = (bindings::S_IFDIR | 0o755) as _;
-
-                // SAFETY: `simple_dir_operations` never changes, it's safe to reference it.
-                inode.__bindgen_anon_3.i_fop = unsafe { &bindings::simple_dir_operations };
-
-                // SAFETY: `simple_dir_inode_operations` never changes, it's safe to reference it.
-                inode.i_op = unsafe { &bindings::simple_dir_inode_operations };
+            // Reject root inode if it belongs to a different superblock.
+            if !ptr::eq(root.super_block(), self.sb) {
+                return Err(EINVAL);
             }
 
             // SAFETY: `d_make_root` requires that `inode` be valid and referenced, which is the
             // case for this call.
             //
             // It takes over the inode, even on failure, so we don't need to clean it up.
-            let dentry = unsafe { bindings::d_make_root(inode) };
+            let dentry = unsafe { bindings::d_make_root(ManuallyDrop::new(root).0.get()) };
             if dentry.is_null() {
                 return Err(ENOMEM);
             }
@@ -246,6 +353,14 @@ pub mod ro {
         }
     }
 
+    impl<T: Type + ?Sized> core::ops::Deref for NewSuperBlock<'_, T> {
+        type Target = SuperBlock<T>;
+
+        fn deref(&self) -> &Self::Target {
+            self.sb
+        }
+    }
+
     struct Tables<T: Type + ?Sized>(T);
     impl<T: Type + ?Sized> Tables<T> {
         const CONTEXT: bindings::fs_context_operations = bindings::fs_context_operations {
diff --git a/samples/rust/rust_rofs.rs b/samples/rust/rust_rofs.rs
@@ -2,9 +2,9 @@
 
 //! Rust read-only file system sample.
 
-use kernel::fs::ro::{NewSuperBlock, SuperBlock, SuperParams};
+use kernel::fs::ro::{INodeParams, INodeType, NewSuperBlock, SuperBlock, SuperParams};
 use kernel::prelude::*;
-use kernel::{c_str, fs};
+use kernel::{c_str, fs, time::UNIX_EPOCH, types::Either};
 
 kernel::module_ro_fs! {
     type: RoFs,
@@ -19,11 +19,29 @@ impl fs::ro::Type for RoFs {
     const NAME: &'static CStr = c_str!("rust-fs");
 
     fn fill_super(sb: NewSuperBlock<'_, Self>) -> Result<&SuperBlock<Self>> {
-        sb.init(&SuperParams {
-            magic: 0x52555354,
-            blocksize_bits: 12,
-            maxbytes: fs::MAX_LFS_FILESIZE,
-            time_gran: 1,
-        })
+        let root = match sb.get_or_create_inode(1)? {
+            Either::Left(existing) => existing,
+            Either::Right(new) => new.init(INodeParams {
+                typ: INodeType::Dir,
+                mode: 0o555,
+                size: 1,
+                blocks: 1,
+                nlink: 2,
+                uid: 0,
+                gid: 0,
+                atime: UNIX_EPOCH,
+                ctime: UNIX_EPOCH,
+                mtime: UNIX_EPOCH,
+            })?,
+        };
+        sb.init(
+            &SuperParams {
+                magic: 0x52555354,
+                blocksize_bits: 12,
+                maxbytes: fs::MAX_LFS_FILESIZE,
+                time_gran: 1,
+            },
+            root,
+        )
     }
 }
