Rust now integrated into bcachefs binary

Rust is now required for building the bcachefs tool, and rust code is
now fully integrated with the C codebase - meaning it is possible to
call back and forth.

The mount helper is now a subcommand, 'mount.bcachefs' is now a small
shell wrapper that invokes 'bcachefs mount'.

This will make it easier to start rewriting other subcommands in rust,
and eventually the whole command line interface.

Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>

4 files changed, 473 insertions, 0 deletions

diff --git a/rust-src/src/cmd_mount.rs b/rust-src/src/cmd_mount.rs
new file mode 100644
index 00000000..7748b199
--- /dev/null
+++ b/rust-src/src/cmd_mount.rs
@@ -0,0 +1,99 @@
+use bch_bindgen::{error, info};
+use clap::Parser;
+use colored::Colorize;
+use atty::Stream;
+use uuid::Uuid;
+use crate::filesystem;
+use crate::key;
+use crate::key::KeyLoc;
+
+fn parse_fstab_uuid(uuid_raw: &str) -> Result<Uuid, uuid::Error> {
+    let mut uuid = String::from(uuid_raw);
+    if uuid.starts_with("UUID=") {
+        uuid = uuid.replacen("UUID=", "", 1);
+    }
+    return Uuid::parse_str(&uuid);
+}
+
+fn stdout_isatty() -> &'static str {
+    if atty::is(Stream::Stdout) {
+        "true"
+    } else {
+        "false"
+    }
+}
+
+/// Mount a bcachefs filesystem by its UUID.
+#[derive(Parser, Debug)]
+#[command(author, version, about, long_about = None)]
+pub struct Cli {
+    /// Where the password would be loaded from.
+    ///
+    /// Possible values are:
+    /// "fail" - don't ask for password, fail if filesystem is encrypted;
+    /// "wait" - wait for password to become available before mounting;
+    /// "ask" -  prompt the user for password;
+    #[arg(short, long, default_value = "", verbatim_doc_comment)]
+    pub key_location: KeyLoc,
+
+    /// External UUID of the bcachefs filesystem
+    ///
+    /// Accepts the UUID as is or as fstab style UUID=<UUID>
+    #[arg(value_parser = parse_fstab_uuid)]
+    pub uuid: uuid::Uuid,
+
+    /// Where the filesystem should be mounted. If not set, then the filesystem
+    /// won't actually be mounted. But all steps preceeding mounting the
+    /// filesystem (e.g. asking for passphrase) will still be performed.
+    pub mountpoint: Option<std::path::PathBuf>,
+
+    /// Mount options
+    #[arg(short, default_value = "")]
+    pub options: String,
+
+    /// Force color on/off. Default: autodetect tty
+    #[arg(short, long, action = clap::ArgAction::Set, default_value=stdout_isatty())]
+    pub colorize: bool,
+
+    #[arg(short = 'v', long, action = clap::ArgAction::Count)]
+    pub verbose: u8,
+}
+
+pub fn cmd_mount_inner(opt: Cli) -> anyhow::Result<()> {
+    unsafe {
+        libc::setvbuf(filesystem::stdout, std::ptr::null_mut(), libc::_IONBF, 0);
+    }
+
+    let fss = filesystem::probe_filesystems()?;
+    let fs = fss
+        .get(&opt.uuid)
+        .ok_or_else(|| anyhow::anyhow!("filesystem was not found"))?;
+
+    info!("found filesystem {}", fs);
+    if fs.encrypted() {
+        let key = opt
+            .key_location
+            .0
+            .ok_or_else(|| anyhow::anyhow!("no keyoption specified for locked filesystem"))?;
+
+        key::prepare_key(&fs, key)?;
+    }
+
+    let mountpoint = opt
+        .mountpoint
+        .ok_or_else(|| anyhow::anyhow!("mountpoint option was not specified"))?;
+
+    fs.mount(&mountpoint, &opt.options)?;
+
+    Ok(())
+}
+
+#[no_mangle]
+pub extern "C" fn cmd_mount() {
+    let opt = Cli::parse();
+    bch_bindgen::log::set_verbose_level(opt.verbose + bch_bindgen::log::ERROR);
+    colored::control::set_override(opt.colorize);
+    if let Err(e) = cmd_mount_inner(opt) {
+        error!("Fatal error: {}", e);
+    }
+}
diff --git a/rust-src/src/filesystem.rs b/rust-src/src/filesystem.rs
new file mode 100644
index 00000000..28a2ab9e
--- /dev/null
+++ b/rust-src/src/filesystem.rs
@@ -0,0 +1,217 @@
+extern "C" {
+    pub static stdout: *mut libc::FILE;
+}
+use bch_bindgen::{debug, info};
+use colored::Colorize;
+use getset::{CopyGetters, Getters};
+use std::path::PathBuf;
+#[derive(Getters, CopyGetters)]
+pub struct FileSystem {
+    /// External UUID of the bcachefs
+    #[getset(get = "pub")]
+    uuid: uuid::Uuid,
+    /// Whether filesystem is encrypted
+    #[getset(get_copy = "pub")]
+    encrypted: bool,
+    /// Super block
+    #[getset(get = "pub")]
+    sb: bcachefs::bch_sb_handle,
+    /// Member devices for this filesystem
+    #[getset(get = "pub")]
+    devices: Vec<PathBuf>,
+}
+impl std::fmt::Debug for FileSystem {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_struct("FileSystem")
+            .field("uuid", &self.uuid)
+            .field("encrypted", &self.encrypted)
+            .field("devices", &self.device_string())
+            .finish()
+    }
+}
+use std::fmt;
+impl std::fmt::Display for FileSystem {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        let devs = self.device_string();
+        write!(
+            f,
+            "{:?}: locked?={lock} ({}) ",
+            self.uuid,
+            devs,
+            lock = self.encrypted
+        )
+    }
+}
+
+impl FileSystem {
+    pub(crate) fn new(sb: bcachefs::bch_sb_handle) -> Self {
+        Self {
+            uuid: sb.sb().uuid(),
+            encrypted: sb.sb().crypt().is_some(),
+            sb: sb,
+            devices: Vec::new(),
+        }
+    }
+
+    pub fn device_string(&self) -> String {
+        use itertools::Itertools;
+        self.devices.iter().map(|d| d.display()).join(":")
+    }
+
+    pub fn mount(
+        &self,
+        target: impl AsRef<std::path::Path>,
+        options: impl AsRef<str>,
+    ) -> anyhow::Result<()> {
+        let src = self.device_string();
+        let (data, mountflags) = parse_mount_options(options);
+
+        info!(
+            "mounting bcachefs filesystem, {}",
+            target.as_ref().display()
+        );
+        mount_inner(src, target, "bcachefs", mountflags, data)
+    }
+}
+
+fn mount_inner(
+    src: String,
+    target: impl AsRef<std::path::Path>,
+    fstype: &str,
+    mountflags: u64,
+    data: Option<String>,
+) -> anyhow::Result<()> {
+    use std::{
+        ffi::{c_void, CString},
+        os::{raw::c_char, unix::ffi::OsStrExt},
+    };
+
+    // bind the CStrings to keep them alive
+    let src = CString::new(src)?;
+    let target = CString::new(target.as_ref().as_os_str().as_bytes())?;
+    let data = data.map(CString::new).transpose()?;
+    let fstype = CString::new(fstype)?;
+
+    // convert to pointers for ffi
+    let src = src.as_c_str().to_bytes_with_nul().as_ptr() as *const c_char;
+    let target = target.as_c_str().to_bytes_with_nul().as_ptr() as *const c_char;
+    let data = data.as_ref().map_or(std::ptr::null(), |data| {
+        data.as_c_str().to_bytes_with_nul().as_ptr() as *const c_void
+    });
+    let fstype = fstype.as_c_str().to_bytes_with_nul().as_ptr() as *const c_char;
+
+    let ret = {
+        info!("mounting filesystem");
+        // REQUIRES: CAP_SYS_ADMIN
+        unsafe { libc::mount(src, target, fstype, mountflags, data) }
+    };
+    match ret {
+        0 => Ok(()),
+        _ => Err(crate::ErrnoError(errno::errno()).into()),
+    }
+}
+
+/// Parse a comma-separated mount options and split out mountflags and filesystem
+/// specific options.
+fn parse_mount_options(options: impl AsRef<str>) -> (Option<String>, u64) {
+    use either::Either::*;
+    debug!("parsing mount options: {}", options.as_ref());
+    let (opts, flags) = options
+        .as_ref()
+        .split(",")
+        .map(|o| match o {
+            "dirsync" => Left(libc::MS_DIRSYNC),
+            "lazytime" => Left(1 << 25), // MS_LAZYTIME
+            "mand" => Left(libc::MS_MANDLOCK),
+            "noatime" => Left(libc::MS_NOATIME),
+            "nodev" => Left(libc::MS_NODEV),
+            "nodiratime" => Left(libc::MS_NODIRATIME),
+            "noexec" => Left(libc::MS_NOEXEC),
+            "nosuid" => Left(libc::MS_NOSUID),
+            "relatime" => Left(libc::MS_RELATIME),
+            "remount" => Left(libc::MS_REMOUNT),
+            "ro" => Left(libc::MS_RDONLY),
+            "rw" => Left(0),
+            "strictatime" => Left(libc::MS_STRICTATIME),
+            "sync" => Left(libc::MS_SYNCHRONOUS),
+            "" => Left(0),
+            o @ _ => Right(o),
+        })
+        .fold((Vec::new(), 0), |(mut opts, flags), next| match next {
+            Left(f) => (opts, flags | f),
+            Right(o) => {
+                opts.push(o);
+                (opts, flags)
+            }
+        });
+
+    use itertools::Itertools;
+    (
+        if opts.len() == 0 {
+            None
+        } else {
+            Some(opts.iter().join(","))
+        },
+        flags,
+    )
+}
+
+use bch_bindgen::bcachefs;
+use std::collections::HashMap;
+use uuid::Uuid;
+
+pub fn probe_filesystems() -> anyhow::Result<HashMap<Uuid, FileSystem>> {
+    debug!("enumerating udev devices");
+    let mut udev = udev::Enumerator::new()?;
+
+    udev.match_subsystem("block")?; // find kernel block devices
+
+    let mut fs_map = HashMap::new();
+    let devresults = udev
+        .scan_devices()?
+        .into_iter()
+        .filter_map(|dev| dev.devnode().map(ToOwned::to_owned));
+
+    for pathbuf in devresults {
+        match get_super_block_uuid(&pathbuf)? {
+            Ok((uuid_key, superblock)) => {
+                let fs = fs_map.entry(uuid_key).or_insert_with(|| {
+                    info!("found bcachefs pool: {}", uuid_key);
+                    FileSystem::new(superblock)
+                });
+
+                fs.devices.push(pathbuf);
+            }
+
+            Err(e) => {
+                debug!("{}", e);
+            }
+        }
+    }
+
+    info!("found {} filesystems", fs_map.len());
+    Ok(fs_map)
+}
+
+// #[tracing_attributes::instrument(skip(dev, fs_map))]
+fn get_super_block_uuid(
+    path: &std::path::Path,
+) -> std::io::Result<std::io::Result<(Uuid, bcachefs::bch_sb_handle)>> {
+    use gag::BufferRedirect;
+    // Stop libbcachefs from spamming the output
+    let gag = BufferRedirect::stdout().unwrap();
+
+    let sb = bch_bindgen::rs::read_super(&path)?;
+    let super_block = match sb {
+        Err(e) => {
+            return Ok(Err(e));
+        }
+        Ok(sb) => sb,
+    };
+    drop(gag);
+
+    let uuid = (&super_block).sb().uuid();
+    debug!("bcachefs superblock path={} uuid={}", path.display(), uuid);
+
+    Ok(Ok((uuid, super_block)))
+}
diff --git a/rust-src/src/key.rs b/rust-src/src/key.rs
new file mode 100644
index 00000000..e2d0e4c0
--- /dev/null
+++ b/rust-src/src/key.rs
@@ -0,0 +1,124 @@
+use bch_bindgen::info;
+use colored::Colorize;
+use crate::c_str;
+use anyhow::anyhow;
+
+#[derive(Clone, Debug)]
+pub enum KeyLocation {
+    Fail,
+    Wait,
+    Ask,
+}
+
+#[derive(Clone, Debug)]
+pub struct KeyLoc(pub Option<KeyLocation>);
+impl std::ops::Deref for KeyLoc {
+    type Target = Option<KeyLocation>;
+    fn deref(&self) -> &Self::Target {
+        &self.0
+    }
+}
+
+impl std::str::FromStr for KeyLoc {
+    type Err = anyhow::Error;
+    fn from_str(s: &str) -> anyhow::Result<Self> {
+        match s {
+            "" => Ok(KeyLoc(None)),
+            "fail" => Ok(KeyLoc(Some(KeyLocation::Fail))),
+            "wait" => Ok(KeyLoc(Some(KeyLocation::Wait))),
+            "ask" => Ok(KeyLoc(Some(KeyLocation::Ask))),
+            _ => Err(anyhow!("invalid password option")),
+        }
+    }
+}
+
+fn check_for_key(key_name: &std::ffi::CStr) -> anyhow::Result<bool> {
+    use bch_bindgen::keyutils::{self, keyctl_search};
+    let key_name = key_name.to_bytes_with_nul().as_ptr() as *const _;
+    let key_type = c_str!("logon");
+
+    let key_id = unsafe { keyctl_search(keyutils::KEY_SPEC_USER_KEYRING, key_type, key_name, 0) };
+    if key_id > 0 {
+        info!("Key has became available");
+        Ok(true)
+    } else if errno::errno().0 != libc::ENOKEY {
+        Err(crate::ErrnoError(errno::errno()).into())
+    } else {
+        Ok(false)
+    }
+}
+
+fn wait_for_key(uuid: &uuid::Uuid) -> anyhow::Result<()> {
+    let key_name = std::ffi::CString::new(format!("bcachefs:{}", uuid)).unwrap();
+    loop {
+        if check_for_key(&key_name)? {
+            break Ok(());
+        }
+
+        std::thread::sleep(std::time::Duration::from_secs(1));
+    }
+}
+
+const BCH_KEY_MAGIC: &str = "bch**key";
+use crate::filesystem::FileSystem;
+fn ask_for_key(fs: &FileSystem) -> anyhow::Result<()> {
+    use bch_bindgen::bcachefs::{self, bch2_chacha_encrypt_key, bch_encrypted_key, bch_key};
+    use byteorder::{LittleEndian, ReadBytesExt};
+    use std::os::raw::c_char;
+
+    let key_name = std::ffi::CString::new(format!("bcachefs:{}", fs.uuid())).unwrap();
+    if check_for_key(&key_name)? {
+        return Ok(());
+    }
+
+    let bch_key_magic = BCH_KEY_MAGIC.as_bytes().read_u64::<LittleEndian>().unwrap();
+    let crypt = fs.sb().sb().crypt().unwrap();
+    let pass = rpassword::read_password_from_tty(Some("Enter passphrase: "))?;
+    let pass = std::ffi::CString::new(pass.trim_end())?; // bind to keep the CString alive
+    let mut output: bch_key = unsafe {
+        bcachefs::derive_passphrase(
+            crypt as *const _ as *mut _,
+            pass.as_c_str().to_bytes_with_nul().as_ptr() as *const _,
+        )
+    };
+
+    let mut key = crypt.key().clone();
+    let ret = unsafe {
+        bch2_chacha_encrypt_key(
+            &mut output as *mut _,
+            fs.sb().sb().nonce(),
+            &mut key as *mut _ as *mut _,
+            std::mem::size_of::<bch_encrypted_key>() as usize,
+        )
+    };
+    if ret != 0 {
+        Err(anyhow!("chacha decryption failure"))
+    } else if key.magic != bch_key_magic {
+        Err(anyhow!("failed to verify the password"))
+    } else {
+        let key_type = c_str!("logon");
+        let ret = unsafe {
+            bch_bindgen::keyutils::add_key(
+                key_type,
+                key_name.as_c_str().to_bytes_with_nul() as *const _ as *const c_char,
+                &output as *const _ as *const _,
+                std::mem::size_of::<bch_key>() as usize,
+                bch_bindgen::keyutils::KEY_SPEC_USER_KEYRING,
+            )
+        };
+        if ret == -1 {
+            Err(anyhow!("failed to add key to keyring: {}", errno::errno()))
+        } else {
+            Ok(())
+        }
+    }
+}
+
+pub fn prepare_key(fs: &FileSystem, password: KeyLocation) -> anyhow::Result<()> {
+    info!("checking if key exists for filesystem {}", fs.uuid());
+    match password {
+        KeyLocation::Fail => Err(anyhow!("no key available")),
+        KeyLocation::Wait => Ok(wait_for_key(fs.uuid())?),
+        KeyLocation::Ask => ask_for_key(fs),
+    }
+}
diff --git a/rust-src/src/lib.rs b/rust-src/src/lib.rs
new file mode 100644
index 00000000..b2f0aaa7
--- /dev/null
+++ b/rust-src/src/lib.rs
@@ -0,0 +1,33 @@
+pub mod filesystem;
+pub mod key;
+pub mod cmd_mount;
+
+pub mod err {
+    pub enum GError {
+        Unknown {
+            message: std::borrow::Cow<'static, String>,
+        },
+    }
+    pub type GResult<T, E, OE> = ::core::result::Result<::core::result::Result<T, E>, OE>;
+    pub type Result<T, E> = GResult<T, E, GError>;
+}
+
+#[macro_export]
+macro_rules! c_str {
+    ($lit:expr) => {
+        unsafe {
+            std::ffi::CStr::from_ptr(concat!($lit, "\0").as_ptr() as *const std::os::raw::c_char)
+                .to_bytes_with_nul()
+                .as_ptr() as *const std::os::raw::c_char
+        }
+    };
+}
+
+#[derive(Debug)]
+struct ErrnoError(errno::Errno);
+impl std::fmt::Display for ErrnoError {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
+        self.0.fmt(f)
+    }
+}
+impl std::error::Error for ErrnoError {}