fusefrontend_reverse: use inomap for inode number translation

Gets rid of static inode number value limitations.

Fixes https://github.com/rfjakob/gocryptfs/issues/457

3 files changed, 41 insertions, 44 deletions

diff --git a/internal/fusefrontend_reverse/reverse_longnames.go b/internal/fusefrontend_reverse/reverse_longnames.go
index f07e413..199356b 100644
--- a/internal/fusefrontend_reverse/reverse_longnames.go
+++ b/internal/fusefrontend_reverse/reverse_longnames.go
@@ -122,5 +122,5 @@ func (rfs *ReverseFS) newNameFile(relPath string) (nodefs.File, fuse.Status) {
 	}
 	content := []byte(rfs.nameTransform.EncryptName(pName, dirIV))
 	parentFile := filepath.Join(pDir, pName)
-	return rfs.newVirtualFile(content, rfs.args.Cipherdir, parentFile, inoBaseNameFile)
+	return rfs.newVirtualFile(content, rfs.args.Cipherdir, parentFile, inoTagNameFile)
 }
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index 49ce0a1..6bbdfb5 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -15,6 +15,7 @@ import (
 	"github.com/rfjakob/gocryptfs/internal/contentenc"
 	"github.com/rfjakob/gocryptfs/internal/cryptocore"
 	"github.com/rfjakob/gocryptfs/internal/fusefrontend"
+	"github.com/rfjakob/gocryptfs/internal/inomap"
 	"github.com/rfjakob/gocryptfs/internal/nametransform"
 	"github.com/rfjakob/gocryptfs/internal/pathiv"
 	"github.com/rfjakob/gocryptfs/internal/syscallcompat"
@@ -38,6 +39,9 @@ type ReverseFS struct {
 	contentEnc *contentenc.ContentEnc
 	// Tests wheter a path is excluded (hiden) from the user. Used by -exclude.
 	excluder ignore.IgnoreParser
+	// inoMap translates inode numbers from different devices to unique inode
+	// numbers.
+	inoMap *inomap.InoMap
 }
 
 var _ pathfs.FileSystem = &ReverseFS{}
@@ -54,6 +58,7 @@ func NewFS(args fusefrontend.Args, c *contentenc.ContentEnc, n nametransform.Nam
 		args:          args,
 		nameTransform: n,
 		contentEnc:    c,
+		inoMap:        inomap.New(),
 	}
 	fs.prepareExcluder(args)
 	return fs
@@ -180,6 +185,7 @@ func (rfs *ReverseFS) GetAttr(relPath string, context *fuse.Context) (*fuse.Attr
 		if err != nil {
 			return nil, fuse.ToStatus(err)
 		}
+		rfs.inoMap.TranslateStat(&st)
 		var a fuse.Attr
 		a.FromStat(&st)
 		if rfs.args.ForceOwner != nil {
@@ -211,26 +217,25 @@ func (rfs *ReverseFS) GetAttr(relPath string, context *fuse.Context) (*fuse.Attr
 		}
 		return &a, status
 	}
+	// Normal file / directory
 	dirfd, name, err := rfs.openBackingDir(pPath)
 	if err != nil {
 		return nil, fuse.ToStatus(err)
 	}
 	// Stat the backing file/dir using Fstatat
-	var st unix.Stat_t
-	err = syscallcompat.Fstatat(dirfd, name, &st, unix.AT_SYMLINK_NOFOLLOW)
-	syscall.Close(dirfd)
-	if err != nil {
-		return nil, fuse.ToStatus(err)
-	}
-	// Instead of risking an inode number collision, we return an error.
-	if st.Ino > inoBaseMin {
-		tlog.Warn.Printf("GetAttr %q: backing file inode number %d crosses reserved space, max=%d. Returning EOVERFLOW.",
-			relPath, st.Ino, inoBaseMin)
-		return nil, fuse.ToStatus(syscall.EOVERFLOW)
+	var st syscall.Stat_t
+	{
+		var st2 unix.Stat_t
+		err = syscallcompat.Fstatat(dirfd, name, &st2, unix.AT_SYMLINK_NOFOLLOW)
+		syscall.Close(dirfd)
+		if err != nil {
+			return nil, fuse.ToStatus(err)
+		}
+		st = syscallcompat.Unix2syscall(st2)
 	}
+	rfs.inoMap.TranslateStat(&st)
 	var a fuse.Attr
-	st2 := syscallcompat.Unix2syscall(st)
-	a.FromStat(&st2)
+	a.FromStat(&st)
 	// Calculate encrypted file size
 	if a.IsRegular() {
 		a.Size = rfs.contentEnc.PlainSizeToCipherSize(a.Size)
diff --git a/internal/fusefrontend_reverse/virtualfile.go b/internal/fusefrontend_reverse/virtualfile.go
index 963c801..7d1c18c 100644
--- a/internal/fusefrontend_reverse/virtualfile.go
+++ b/internal/fusefrontend_reverse/virtualfile.go
@@ -10,6 +10,7 @@ import (
 	"github.com/hanwen/go-fuse/fuse"
 	"github.com/hanwen/go-fuse/fuse/nodefs"
 
+	"github.com/rfjakob/gocryptfs/internal/inomap"
 	"github.com/rfjakob/gocryptfs/internal/nametransform"
 	"github.com/rfjakob/gocryptfs/internal/pathiv"
 	"github.com/rfjakob/gocryptfs/internal/syscallcompat"
@@ -20,19 +21,10 @@ const (
 	// virtualFileMode is the mode to use for virtual files (gocryptfs.diriv and
 	// *.name). They are always readable, as stated in func Access
 	virtualFileMode = syscall.S_IFREG | 0444
-	// inoBaseDirIV is the start of the inode number range that is used
-	// for virtual gocryptfs.diriv files. inoBaseNameFile is the thing for
-	// *.name files.
-	// The value 10^19 is just below 2^60. A power of 10 has been chosen so the
-	// "ls -li" output (which is base-10) is easy to read.
-	// 10^19 is the largest power of 10 that is smaller than
-	// INT64_MAX (=UINT64_MAX/2). This avoids signedness issues.
-	inoBaseDirIV    = uint64(1000000000000000000)
-	inoBaseNameFile = uint64(2000000000000000000)
-	// inoBaseMin marks the start of the inode number space that is
-	// reserved for virtual files. It is the lowest of the inoBaseXXX values
-	// above.
-	inoBaseMin = inoBaseDirIV
+	// We use inomap's `Tag` feature to generate unique inode numbers for
+	// virtual files. These are the tags we use.
+	inoTagDirIV    = 1
+	inoTagNameFile = 2
 )
 
 func (rfs *ReverseFS) newDirIVFile(cRelPath string) (nodefs.File, fuse.Status) {
@@ -42,20 +34,23 @@ func (rfs *ReverseFS) newDirIVFile(cRelPath string) (nodefs.File, fuse.Status) {
 		return nil, fuse.ToStatus(err)
 	}
 	iv := pathiv.Derive(cDir, pathiv.PurposeDirIV)
-	return rfs.newVirtualFile(iv, rfs.args.Cipherdir, dir, inoBaseDirIV)
+	return rfs.newVirtualFile(iv, rfs.args.Cipherdir, dir, inoTagDirIV)
 }
 
 type virtualFile struct {
 	// Embed nodefs.defaultFile for a ENOSYS implementation of all methods
 	nodefs.File
+	// pointer to parent filesystem
+	rfs *ReverseFS
 	// file content
 	content []byte
 	// backing directory
 	cipherdir string
 	// path to a parent file (relative to cipherdir)
 	parentFile string
-	// inode number of a virtual file is inode of parent file plus inoBase
-	inoBase uint64
+	// inomap `Tag`.
+	// Depending on the file type, either `inoTagDirIV` or `inoTagNameFile`.
+	inoTag uint8
 }
 
 // newVirtualFile creates a new in-memory file that does not have a representation
@@ -63,16 +58,17 @@ type virtualFile struct {
 // from "parentFile" (plaintext path relative to "cipherdir").
 // For a "gocryptfs.diriv" file, you would use the parent directory as
 // "parentFile".
-func (rfs *ReverseFS) newVirtualFile(content []byte, cipherdir string, parentFile string, inoBase uint64) (nodefs.File, fuse.Status) {
-	if inoBase < inoBaseMin {
-		log.Panicf("BUG: virtual inode number base %d is below reserved space", inoBase)
+func (rfs *ReverseFS) newVirtualFile(content []byte, cipherdir string, parentFile string, inoTag uint8) (nodefs.File, fuse.Status) {
+	if inoTag == 0 {
+		log.Panicf("BUG: inoTag for virtual file is zero - this will cause ino collisions!")
 	}
 	return &virtualFile{
 		File:       nodefs.NewDefaultFile(),
+		rfs:        rfs,
 		content:    content,
 		cipherdir:  cipherdir,
 		parentFile: parentFile,
-		inoBase:    inoBase,
+		inoTag:     inoTag,
 	}, fuse.OK
 }
 
@@ -97,22 +93,18 @@ func (f *virtualFile) GetAttr(a *fuse.Attr) fuse.Status {
 	}
 	defer syscall.Close(dirfd)
 	name := filepath.Base(f.parentFile)
-	var st unix.Stat_t
-	err = syscallcompat.Fstatat(dirfd, name, &st, unix.AT_SYMLINK_NOFOLLOW)
+	var st2 unix.Stat_t
+	err = syscallcompat.Fstatat(dirfd, name, &st2, unix.AT_SYMLINK_NOFOLLOW)
 	if err != nil {
 		tlog.Debug.Printf("GetAttr: Fstatat %q: %v\n", f.parentFile, err)
 		return fuse.ToStatus(err)
 	}
-	if st.Ino > inoBaseMin {
-		tlog.Warn.Printf("virtualFile.GetAttr: parent file inode number %d crosses reserved space, max=%d. Returning EOVERFLOW.",
-			st.Ino, inoBaseMin)
-		return fuse.ToStatus(syscall.EOVERFLOW)
-	}
-	st.Ino = st.Ino + f.inoBase
+	st := syscallcompat.Unix2syscall(st2)
+	q := inomap.NewQIno(uint64(st.Dev), f.inoTag, uint64(st.Ino))
+	st.Ino = f.rfs.inoMap.Translate(q)
 	st.Size = int64(len(f.content))
 	st.Mode = virtualFileMode
 	st.Nlink = 1
-	st2 := syscallcompat.Unix2syscall(st)
-	a.FromStat(&st2)
+	a.FromStat(&st)
 	return fuse.OK
 }