Skip to main content

Crate lamxfs

Crate lamxfs 

Source
Expand description

lamxfs — a no_std read-only XFS filesystem reader for UEFI bootloaders.

Clean-room implementation written from the public XFS on-disk format (the SGI/Red Hat XFS Algorithms & Data Structures document and the Linux fs/xfs/libxfs on-disk headers — uncopyrightable format facts). No third-party filesystem source is vendored.

§Scope

Read-only. Single data device. The subset of XFS actually present on /boot and / of stock RHEL-family installs: v4 (no-CRC) and v5 (CRC, self- describing) layouts, NREXT64 large extent counts, sparse inodes, ftype directory entries, reflinks (transparent read-pass-through), and meta_uuid. Realtime devices, external/dirty logs, and per-file encryption are rejected with a typed error rather than mis-read. There is no write path and no BlockWrite trait — read-only by construction.

§Shape

The public surface mirrors lambutter::Btrfs so a bootloader’s filesystem adapter is a one-for-one analogue across the read-only-FS family:

let mut fs = Xfs::open(reader, device_size_bytes)?;
let data = fs.read_file(Path::new(b"/boot/vmlinuz-6.1.0"))?;

read_file caps its own allocation at MAX_FILE_BYTES (a hostile inode can declare a multi-GiB size while occupying no extents — the read contract from LamBoot’s fs_backend security audit). read_file_at streams into a caller-sized buffer and is the path the PE loader uses for kernel images.

Structs§

DirEntry
A directory entry. name is the raw on-disk name (not NUL-terminated).
Inode
An inode handle (wraps the AG-encoded XFS inode number).
Metadata
Inode metadata derived from the inode core.
Path
A path within the volume, as raw bytes. Components are /-separated; empty components and . are ignored by the resolver, so /boot//vmlinuz and /boot/vmlinuz resolve identically. lamxfs does not own paths.
Xfs
A mounted, read-only XFS filesystem.

Enums§

EntryKind
The kind of a directory entry / inode.
Error
A read or mount failure.
Location
Where in the structure a Error::Inconsistent was detected.
SuperblockReason
Why a superblock was rejected.

Constants§

MAX_FILE_BYTES
Largest file read_file will allocate up front. A hostile inode can declare a multi-GiB di_size while occupying no extents; this cap refuses the allocation rather than letting it abort the boot (the LamBoot fs_backend read contract; mirrors MAX_BOOT_FILE_BYTES). read_file_at streams into a caller-sized buffer and is unaffected.

Traits§

BlockRead
Block-level reads for a mounted volume.