| Age | Commit message (Collapse) | Author |
|---|
|
From the feedback received on LKML, it would be better to have multiple
ioctls, than a single ioctl the behavior of which depends on the data
that is passed (e.g., with an enum).
Introduce the new FUSE_PASSTHROUGH_OPEN ioctl which only gets the fd of
the lower file system.
Bug: 175195837
Test: CtsScopedStorageDeviceOnlyTest with android-mainline kernel \
implementing the new FUSE_PASSTHROUGH_OPEN ioctl
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: Iecb677722ca9630ce89b8a8fb5f486216ecd89cc
|
|
The interface for FUSE passthrough is still under discussion upstream,
thus this change fixes the issue of being able to support multiple
interfaces for passthrough, depending on what the kernel provides.
This implementation tries to explore the different FUSE passthrough
interface implementation and updates an index to the one that has
been found working.
Bug: 167695973
Test: Manual read/write of passthrough files with extra printks
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I74e0e6c0691b37160a00af77fb18eda5342630f5
|
|
Add support for filesystem passthrough read/write of files.
When the FUSE_PASSTHROUGH capability is enabled, the FUSE daemon may
decide while handling the "open" or "create" operation, if the given
file can be accessed by that process in "passthrough" mode, meaning that
all the further read and write operations would be forwarded by the
kernel directly to the lower filesystem rather than to the FUSE daemon.
All requests that aren't read or write are still handled by the
userspace code.
This allows for an improved performance on reads and writes, especially
in the case of reads at random offsets, for which no (readahead)
caching mechanism would help, reducing the performance gap between FUSE
and native filesystem access.
Extend also the passthrough_hp example with the new passthrough feature.
Bug: 168023149
Test: atest ScopedStorageTest
Signed-off-by: Alessio Balsini <balsini@android.com>
Change-Id: I38aff0cf7198b7cd92eccc97547d47f4e1132b00
|
|
The bluecross kernel introduced a change,
4fb542f2aa1414cea5686efcf72a411b7213c375 that breaks responses to
canonical paths.
The patch above tried to guarantee that the canonical path
returned from the FUSE daemon is null terminated. It does this by
replacing the last character in the path returned from the FUSE daemon
with '\0'.
Since the size of the response returned from the FUSE daemon is gotten
from strlen which doesn't take into account the null terminating
character. This means that the kernel fix above will break the file
path returned from userspace. Effectively replacing
/storage/emulated/0 with /storage/emulated/.
It is unclear how this breaks inotify on the root path but not inotify
on Download/ for instance since that too is replaced by
/storage/emulated/Downloa.
One thing I've noticed is that in the case of Download, being
replaced with Downloa, there is an error generated, since Downloa
doesn't exist, but in the case of /storage/emulated/0, there is no
error since /storage/emulated/ exists.
In any case, this cl returns a buffer size including the '\0' to the
kernel and seems right given that the actual size of the buffer
returned to the kernel is now correct.
Test: Manual tests with inotify and Documents UI detecting changes on
/sdcard on both taimen and crosshatch
Bug: 152035889
Change-Id: Ia4b9adec09dd501ec0c5327b9ea9577412cea6a2
|
|
FUSE_CANONICAL_PATH opcode, (2016) was added in some Android
kernels to support inotify. Add canonical path handlers in libfuse and
create a patch file to easily apply this patch on top of updates.
Test: inotify - /sdcard on Taimen
Test: atest FileObserver
Bug: 147482155
Change-Id: I97a2c4247aa3e4a70af697569b56662a0755f72b
|
|
The latest release allows a custom logger
Bug: 135341433
Test: adb shell ls /sdcard with persist.sys.fuse
Change-Id: Iaa8a2bb7b6da3f364fba41b443527a998a26549f
|
|
ae757e65a9 am: 7eff99c4b7 am: 26f560b643
am: 3d406b8575
Change-Id: I49119cf3733b0495ced4b8bdb5148a8f3c61e0dd
|
|
on failure to set the pipe size, set it to the maximum allowed by the
kernel.
If the first request required more than the maximum allowed, the
can_grow flag would be reset thus preventing any further resize.
Grow the pipe to the maximum allowed to increase the likelihood of
using splice for successive requests instead of falling back to
read/write.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Make compile on Android
|
|
Starting with kernel version 4.20 fuse supports a new property
'max_pages' which is the maximum number of pages that can be used per
request. This can be set via an argument during initialization.
This new property allows writes to be larger than 128k.
This patch sets the property if the matching capability is set
(FUSE_MAX_PAGES). It will also set max_write to 1MiB. Filesystems have
the possibility to decrease this size by setting max_write to a smaller
size. The max_pages and bufsize fields are adjusted accordingly.
Cc: Constantine Shulyupin <const@MakeLinux.com>
Signed-off-by: Markus Pargmann <scosu@quobyte.com>
|
|
The pointer operand to the binary `+` operator must be to a complete
object type. Since we are working with byte sizes, use `char *` instead.
|
|
This is a constraint violation in ISO C[0].
[0] http://port70.net/~nsz/c/c11/n1570.html#6.8.6.4p1
|
|
This is a GNU C extension.
|
|
|
|
|
|
Fixes: #394.
|
|
This constant is not defined in the kernel, so it will be lost when
fuse_kernel.h is not synchronized. Instead, the kernel just passes a
flag value of "1", so for now we also use a literal in userspace.
|
|
Instead of the Posix ioctl(2) command, Linux uses its own variant of ioctl()
in which the commands are requested as "unsigned long" and truncated to
32 bits by the fuse kernel module. Transmitting the commands to user space
file systems as "unsigned int" is a workaround for processing ioctl()
commands which do not fit into a signed int.
|
|
|
|
|
|
Fixes: #360
|
|
70e25ea74e("Fix build on non-Linux") broke build on DragonFly BSD,
or likely anything other than FreeBSD and NetBSD that is not Linux.
Signed-off-by: Tomohiro Kusumi <kusumi.tomohiro@gmail.com>
|
|
|
|
The passthrough example filesystem can be used for validating the API
and the implementation in the FUSE kernel module.
|
|
Add support for the relatively new copy_file_range() syscall. Backend
filesystems can now implement an efficient way of cloning/duplicating
data ranges within files. See 'man 2 copy_file_range' for more details.
|
|
Currently, mounting on FreeBSD fails like this:
mount_fusefs: ZZZZ<snip> on /mountpoint: No such file or directory
This happens because right after doing argv[a++] = fdnam it's
getting freed before calling execvp().
So move this free() call after execvp(). Also, when asprintf()
fails for fdnam, close device fd before calling exit().
|
|
* Update meson.build to add mount_util.c to libfuse_sources
unconditionally, it's non Linux-only
* FreeBSD, like NetBSD, doesn't have mntent.h, so don't include
that and define IGNORE_MTAB for both
* FreeBSD, like NetBSD, has no umount2() sysctl, so similarly define
it to unmount()
|
|
This reverts commit 161983e2416bc6e26bbbe89664fff62c48c70858,
because this causes resource leaks when threads are terminated
by pthread_cancel().
Fixes: #313.
|
|
The unprivileged option allows to run the FUSE file system process
without privileges by dropping capabilities and preventing them from
being re-acquired via setuid / fscaps etc. To accomplish this,
mount.fuse sets up the `/dev/fuse` file descriptor and mount itself
and passes the file descriptor via the `/dev/fd/%u` mountpoint syntax
to the FUSE file system.
|
|
This adds support for a mode of operation in which a privileged parent
process opens `/dev/fuse` and takes care of mounting. The FUSE file
system daemon can then run as an unprivileged child that merely
processes requests on the FUSE file descriptor, which get passed using
the special `/dev/fd/%u` syntax for the mountpoint parameter.
The main benefit is that no privileged operations need to be performed
by the FUSE file system daemon itself directly or indirectly, so the
FUSE process can run with fully unprivileged and mechanisms like
securebits and no_new_privs can be used to prevent subprocesses from
re-acquiring privilege via setuid, fscaps, etc. This reduces risk in
case the FUSE file system gets exploited by malicious file system
data.
Below is an example that illustrates this. Note that I'm using shell
for presentation purposes, the expectation is that the parent process
will implement the equivalent of the `mount -i` and `capsh` commands.
```
\# example/hello can mount successfully with privilege
$ sudo sh -c "LD_LIBRARY_PATH=build/lib ./example/hello /mnt/tmp"
$ sudo cat /mnt/tmp/hello
Hello World!
$ sudo umount /mnt/tmp
\# example/hello fails to mount without privilege
$ sudo capsh --drop=all --secbits=0x2f -- -c 'LD_LIBRARY_PATH=build/lib ./example/hello -f /mnt/tmp'
fusermount3: mount failed: Operation not permitted
\# Passing FUSE file descriptor via /dev/fd/%u allows example/hello to work without privilege
$ sudo sh -c '
exec 17<>/dev/fuse
mount -i -o nodev,nosuid,noexec,fd=17,rootmode=40000,user_id=0,group_id=0 -t fuse hello /mnt/tmp
capsh --drop=all --secbits=0x2f -- -c "LD_LIBRARY_PATH=build/lib example/hello /dev/fd/17"
'
$ sudo cat /mnt/tmp/hello
Hello World!
$ sudo umount /mnt/tmp
```
|
|
|
|
This is only used in fuse_do_work(), so we can put it on
the stack.
|
|
Return different error codes from fuse_main()
|
|
|
|
|
|
Multiple meson build scripts improvements including:
* Bump meson requirement to 0.40.1 (0.40 already required)
* Declare a dependency object for main library
* Stop using add_global_arguments()
* Various minor style fixes
|
|
|
|
The bug occurs when a filesystem client reads a directory until the end,
seeks using seekdir() to some valid non-zero position and calls
readdir(). A valid 'struct dirent *' is expected, but NULL is returned
instead. Pseudocode demonstrating the bug:
DIR *dp = opendir("some_dir");
struct dirent *de = readdir(dp);
/* Get offset of the second entry */
long offset = telldir(dp);
/* Read directory until the end */
while (de)
de = readdir(de);
seekdir(dp, offset);
de = readdir(dp);
/* de must contain the second entry, but NULL is returned instead */
The reason of the bug is that when the end of directory is reached, the
kernel calls FUSE_READDIR op with an offset at the end of directory, so
the filesystem's .readdir callback never calls the filler function, and
we end up with dh->filled set to 1. After seekdir(), FUSE_READDIR is
called again with a new offset, but this time the filesystem's .readdir
callback is never called, and an empty reply is returned.
Fix by setting dh->filled to 1 only when zero offsets are given to
filler function.
|
|
Fix conditionals as per maintainer's request.
|
|
Linux performs the dir loop check (rename(a, a/b/c)
or rename(a/b/c, a), etc.) in kernel. Unfortunately
other systems do not perform this check (e.g. FreeBSD).
This results in a deadlock in get_path2, because libfuse
did not expect to handle such cases.
We add a check_dir_loop function that performs the dir
loop check in user mode and enable it on systems that
need it.
|
|
`int sig` is acutually used, so `(void) sig;` is unneeded.
|
|
Ensure that conf is always zero before it's read from to prevent
sporadic failure at startup if higher layers were build against
version 3.0
Signed-off-by: Ashley Pittman <ashley.m.pittman@intel.com>
|
|
Fix spelling errors
|
|
This change is bogus. fuse_module_factory_t is already a pointer
type. Additionally, if dlsym returns NULL, then you will be
dereferencing it causing a segfault. In my testing, a segfault will
happen even if dlsym returns successfully.
Thanks to Michael Theall for spotting!
|
|
dlsym() resolves the location of the loaded symbol,
therefore dlsym() returns the type (fuse_module_factory_t *), not (fuse_module_factory_t).
Added pinter dereferencing to correctly refer the factory function.
|
|
This was detected by using clang's undefined behavior sanitizer, but
didn't seem to cause problems in practice.
|
|
Fixes: #207.
|
|
|
|
The old versions of these symbols were defined with version
tag FUSE_3.0, so this is what we have to use in the .symver
directive.
|
|
According to "How to Write Shared Libraries" by Ulrich Drepper
(https://www.akkadia.org/drepper/dsohowto.pdf), the version script
should contain the exported name of the versioned symbol once in each
tag for which it has been defined by .symver.
|
