fstool 0.0.4

Build disk images and filesystems (ext2/3/4, MBR, GPT) from a directory tree and TOML spec, in the spirit of genext2fs.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324

//! qcow2 refcount table + refcount blocks.
//!
//! The refcount table is an array of u64 BE pointers to refcount
//! *blocks*. Each refcount block carries an array of refcount entries
//! — one per physical cluster in the backing file. fstool only supports
//! `refcount_order = 4`, i.e. 16-bit refcounts (`cluster_size / 2`
//! entries per block).
//!
//! Allocation strategy (modify path):
//!
//! 1. Scan existing refcount blocks for a free entry (`refcount == 0`)
//!    starting at a hint cursor.
//! 2. If nothing free, grow the file: pick the next cluster past EOF,
//!    set its refcount to 1, and return it. If the refcount block that
//!    would track the new cluster doesn't exist yet, allocate THE
//!    refcount block at that same range (it tracks itself).
//!
//! The strategy assumes the refcount table itself never needs to grow.
//! That holds for any realistic image size: 64 KiB clusters give
//! 8192 table entries × 32768 cluster-refcounts per block = 256 M
//! clusters = 16 PiB of addressable storage.

use std::collections::HashMap;
use std::io::{Read, Seek, SeekFrom, Write};

use crate::Result;

use super::header::Header;

/// Bytes per refcount entry (we only support `refcount_order=4` → u16).
pub const REFCOUNT_ENTRY_BYTES: u64 = 2;

/// In-memory refcount management state.
pub struct Refcount {
    pub cluster_size: u64,
    pub table_offset: u64,
    pub table_clusters: u32,
    /// Pointers to refcount blocks (BE u64 on disk, native u64 here).
    /// `table.len() = table_clusters * cluster_size / 8`.
    pub table: Vec<u64>,
    /// Cached refcount blocks, keyed by physical block offset.
    pub block_cache: HashMap<u64, RefcountBlock>,
    pub block_cache_cap: usize,
    /// Hint: start the free-cluster scan from this cluster index.
    pub next_free_hint: u64,
    pub table_dirty: bool,
}

pub struct RefcountBlock {
    pub entries: Vec<u16>,
    pub dirty: bool,
}

impl Refcount {
    /// Entries per refcount block (`cluster_size / 2` for 16-bit refs).
    pub fn entries_per_block(&self) -> u64 {
        self.cluster_size / REFCOUNT_ENTRY_BYTES
    }

    /// Total table capacity (`table_clusters × cluster_size / 8`).
    pub fn table_capacity(&self) -> u64 {
        self.table_clusters as u64 * self.cluster_size / 8
    }

    /// Load the refcount table from disk. The refcount blocks themselves
    /// are loaded lazily on demand.
    pub fn load<F: Read + Seek>(file: &mut F, header: &Header) -> Result<Self> {
        let cluster_size = header.cluster_size();
        let table_entries = (header.refcount_table_clusters as u64 * cluster_size / 8) as usize;
        let mut raw = vec![0u8; table_entries * 8];
        file.seek(SeekFrom::Start(header.refcount_table_offset))?;
        file.read_exact(&mut raw)?;
        let table: Vec<u64> = raw
            .chunks_exact(8)
            .map(|c| u64::from_be_bytes(c.try_into().unwrap()))
            .collect();
        Ok(Self {
            cluster_size,
            table_offset: header.refcount_table_offset,
            table_clusters: header.refcount_table_clusters,
            table,
            block_cache: HashMap::new(),
            block_cache_cap: 32,
            next_free_hint: 0,
            table_dirty: false,
        })
    }

    /// Build a fresh in-memory refcount state for a brand-new image.
    /// The table and the (single, empty) refcount block exist only in
    /// memory; the caller writes them to disk at format time.
    ///
    /// `initial_clusters` is the set of physical cluster indices that
    /// should start with refcount=1 — i.e. the header / refcount table /
    /// refcount block / L1 clusters that the new image's layout uses.
    pub fn new_fresh(
        cluster_size: u64,
        table_offset: u64,
        first_refcount_block_offset: u64,
        initial_clusters: &[u64],
    ) -> Self {
        let table_capacity = cluster_size / 8;
        let mut table = vec![0u64; table_capacity as usize];
        table[0] = first_refcount_block_offset;
        let entries_per_block = cluster_size / REFCOUNT_ENTRY_BYTES;
        let mut entries = vec![0u16; entries_per_block as usize];
        for &c in initial_clusters {
            entries[c as usize] = 1;
        }
        let mut block_cache = HashMap::new();
        block_cache.insert(
            first_refcount_block_offset,
            RefcountBlock {
                entries,
                dirty: true,
            },
        );
        Self {
            cluster_size,
            table_offset,
            table_clusters: 1,
            table,
            block_cache,
            block_cache_cap: 32,
            next_free_hint: initial_clusters.iter().copied().max().unwrap_or(0) + 1,
            table_dirty: true,
        }
    }

    fn load_block<F: Read + Seek>(
        &mut self,
        file: &mut F,
        block_off: u64,
    ) -> Result<&mut RefcountBlock> {
        if !self.block_cache.contains_key(&block_off) {
            file.seek(SeekFrom::Start(block_off))?;
            let mut raw = vec![0u8; self.cluster_size as usize];
            file.read_exact(&mut raw)?;
            let entries: Vec<u16> = raw
                .chunks_exact(2)
                .map(|c| u16::from_be_bytes(c.try_into().unwrap()))
                .collect();
            // Drop a non-dirty cache entry if we're at the cap.
            if self.block_cache.len() >= self.block_cache_cap
                && let Some(k) = self
                    .block_cache
                    .iter()
                    .find(|(_, v)| !v.dirty)
                    .map(|(k, _)| *k)
            {
                self.block_cache.remove(&k);
            }
            self.block_cache.insert(
                block_off,
                RefcountBlock {
                    entries,
                    dirty: false,
                },
            );
        }
        Ok(self.block_cache.get_mut(&block_off).unwrap())
    }

    /// Allocate one physical cluster: find a free entry in an existing
    /// refcount block, bump it to 1, and return the cluster index. If no
    /// existing block has space, extend the file by allocating the next
    /// cluster past EOF (and a new refcount block for it if needed).
    /// Updates `file_len` to reflect any growth.
    pub fn alloc_cluster<F: Read + Write + Seek>(
        &mut self,
        file: &mut F,
        file_len: &mut u64,
    ) -> Result<u64> {
        // Pass 1: scan existing refcount blocks for refcount==0.
        let hint_block = self.next_free_hint / self.entries_per_block();
        let table_len = self.table.len();
        for sweep in 0..2 {
            // sweep 0: from hint to end; sweep 1: from 0 to hint.
            let (lo, hi) = if sweep == 0 {
                (hint_block as usize, table_len)
            } else {
                (0, hint_block as usize)
            };
            for block_idx in lo..hi {
                let block_off = self.table[block_idx];
                if block_off == 0 {
                    continue;
                }
                let entries_per_block = self.entries_per_block();
                let _block = self.load_block(file, block_off)?;
                // Scan starting from the hint within this block.
                let start_in_block = if sweep == 0 && block_idx == hint_block as usize {
                    (self.next_free_hint % entries_per_block) as usize
                } else {
                    0
                };
                let block = self.block_cache.get_mut(&block_off).unwrap();
                for (i, slot) in block.entries.iter_mut().enumerate().skip(start_in_block) {
                    if *slot == 0 {
                        *slot = 1;
                        block.dirty = true;
                        let cluster = block_idx as u64 * entries_per_block + i as u64;
                        self.next_free_hint = cluster + 1;
                        return Ok(cluster);
                    }
                }
            }
        }
        // Pass 2: grow the file. Pick the cluster right past current EOF.
        let new_cluster = *file_len / self.cluster_size;
        let entries_per_block = self.entries_per_block();
        let block_idx = (new_cluster / entries_per_block) as usize;
        if block_idx >= table_len {
            return Err(crate::Error::Unsupported(
                "qcow2: refcount table is full (image would exceed 16 PiB at default cluster size)"
                    .into(),
            ));
        }
        let block_off = self.table[block_idx];
        if block_off == 0 {
            // Need to allocate a new refcount block. It lives at the
            // next cluster past EOF (`new_cluster`), tracks itself, and
            // also tracks the data cluster we're handing out
            // (`new_cluster + 1`).
            let rcb_cluster = new_cluster;
            let data_cluster = new_cluster + 1;
            let next_block_idx = (data_cluster / entries_per_block) as usize;
            if next_block_idx != block_idx {
                // The data cluster falls into the next refcount block —
                // an unlikely edge at 2 GiB boundaries that we don't
                // handle in v1.
                return Err(crate::Error::Unsupported(
                    "qcow2: allocation across refcount-block boundary not implemented".into(),
                ));
            }
            let rcb_off = rcb_cluster * self.cluster_size;
            let data_off = data_cluster * self.cluster_size;
            let mut entries = vec![0u16; entries_per_block as usize];
            entries[(rcb_cluster % entries_per_block) as usize] = 1;
            entries[(data_cluster % entries_per_block) as usize] = 1;
            self.block_cache.insert(
                rcb_off,
                RefcountBlock {
                    entries,
                    dirty: true,
                },
            );
            self.table[block_idx] = rcb_off;
            self.table_dirty = true;
            *file_len = data_off + self.cluster_size;
            self.next_free_hint = data_cluster + 1;
            return Ok(data_cluster);
        }
        // Existing refcount block; just bump the new cluster's entry.
        let _block = self.load_block(file, block_off)?;
        let block = self.block_cache.get_mut(&block_off).unwrap();
        let idx = (new_cluster % entries_per_block) as usize;
        block.entries[idx] = 1;
        block.dirty = true;
        *file_len = (new_cluster + 1) * self.cluster_size;
        self.next_free_hint = new_cluster + 1;
        Ok(new_cluster)
    }

    /// Write every dirty refcount block back, then the refcount table.
    pub fn flush<F: Write + Seek>(&mut self, file: &mut F) -> Result<()> {
        for (&off, block) in self.block_cache.iter_mut() {
            if !block.dirty {
                continue;
            }
            let mut raw = vec![0u8; self.cluster_size as usize];
            for (i, &e) in block.entries.iter().enumerate() {
                raw[i * 2..i * 2 + 2].copy_from_slice(&e.to_be_bytes());
            }
            file.seek(SeekFrom::Start(off))?;
            file.write_all(&raw)?;
            block.dirty = false;
        }
        if self.table_dirty {
            let mut raw = vec![0u8; self.table.len() * 8];
            for (i, &e) in self.table.iter().enumerate() {
                raw[i * 8..i * 8 + 8].copy_from_slice(&e.to_be_bytes());
            }
            file.seek(SeekFrom::Start(self.table_offset))?;
            file.write_all(&raw)?;
            self.table_dirty = false;
        }
        Ok(())
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::io::Cursor;

    #[test]
    fn fresh_state_marks_initial_clusters() {
        // Pretend cluster_size=512 to keep the test tiny; we just check
        // the bookkeeping. Initial clusters [0,1,2,3] are reserved.
        let r = Refcount::new_fresh(512, 512, 1024, &[0, 1, 2, 3]);
        assert_eq!(r.table[0], 1024);
        let block = r.block_cache.get(&1024).unwrap();
        assert_eq!(block.entries[0], 1);
        assert_eq!(block.entries[1], 1);
        assert_eq!(block.entries[2], 1);
        assert_eq!(block.entries[3], 1);
        assert_eq!(block.entries[4], 0);
        assert_eq!(r.next_free_hint, 4);
    }

    #[test]
    fn alloc_picks_first_free_in_existing_block() {
        let mut r = Refcount::new_fresh(512, 512, 1024, &[0, 1, 2, 3]);
        let mut file_len = 4 * 512;
        // No real I/O needed since the block is already in cache.
        let mut buf: Vec<u8> = Vec::new();
        let mut cur = Cursor::new(&mut buf);
        let c = r.alloc_cluster(&mut cur, &mut file_len).unwrap();
        assert_eq!(c, 4);
        let block = r.block_cache.get(&1024).unwrap();
        assert_eq!(block.entries[4], 1);
    }
}