aboutsummaryrefslogtreecommitdiff
path: root/internal/fusefrontend
AgeCommit message (Collapse)Author
2019-01-01fusefrontend: fix fd leak in Access()Jakob Unterwurzacher
Thanks @slackner! Fixes https://github.com/rfjakob/gocryptfs/issues/306
2019-01-01fusefrontend: xattr: fix hang on FIFOsJakob Unterwurzacher
An Open() a fifo blocks until it is opened for writing. This meant that xattr operations on FIFOs would block. Pass O_NONBLOCK to fix that, and add a test.
2019-01-01fusefrontend: only compile getBackingPath() on DarwinJakob Unterwurzacher
This function is NOT symlink-safe. Darwin needs it because it lacks fgetxattr(2) and friends.
2019-01-01fusefrontend: make ListXAttr symlink-safe on LinuxJakob Unterwurzacher
Uses /proc/self/fd.
2019-01-01fusefrontend: make RemoveXAttr() symlink-safeJakob Unterwurzacher
Uses /proc/self/fd on Linux.
2019-01-01fusefrontend: make SetXAttr() symlink-safe on LinuxJakob Unterwurzacher
Uses the /proc/self/fd trick.
2019-01-01fusefrontend: make GetXAttr() symlink-safe on LinuxJakob Unterwurzacher
Uses the /proc/self/fd trick, which does not work on Darwin.
2019-01-01fusefrontend: make Utimens symlink-safeJakob Unterwurzacher
unix.UtimesNanoAt now also exists on Darwin, yay!
2019-01-01fusefrontend: fix compile failure on DarwinJakob Unterwurzacher
Failure was: + GOOS=darwin + GOARCH=amd64 + go build -tags without_openssl # github.com/rfjakob/gocryptfs/internal/fusefrontend internal/fusefrontend/fs_dir.go:159:60: cannot use origMode | 448 (type uint16) as type uint32 in argument to syscallcompat.Fchmodat internal/fusefrontend/fs_dir.go:170:33: cannot use origMode (type uint16) as type uint32 in argument to syscallcompat.Fchmodat
2019-01-01fusefrontend: mark Truncate, Unlink, Symlink symlink-safeJakob Unterwurzacher
No changes needed.
2019-01-01fusefrontend: make Rmdir symlink-safeJakob Unterwurzacher
Now uses Unlinkat.
2019-01-01nametransform: rename WriteLongName() -> WriteLongNameAt()Jakob Unterwurzacher
And also rename DeleteLongName() -> DeleteLongNameAt(). The naming follow the names open the openat() etc syscalls.
2019-01-01fusefrontend: make Readlink() symlink-safeJakob Unterwurzacher
Now symlink-safe through Readlinkat().
2019-01-01fusefrontend: make OpenDir() symlink-safeJakob Unterwurzacher
Interestingly, little or no performance impact: $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.39W: gocryptfs v1.6-42-g30c2349-dirty; go-fuse v20170619-66-g6df8ddc; 2018-11-04 go1.11 Downloading linux-3.0.tar.gz /tmp/linux-3.0.tar.gz 100%[=========================================================================>] 92.20M 2.93MB/s in 31s 2018-11-04 21:44:44 URL:https://cdn.kernel.org/pub/linux/kernel/v3.0/linux-3.0.tar.gz [96675825/96675825] -> "/tmp/linux-3.0.tar.gz" [1] WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.1808 s, 222 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 0.866438 s, 303 MB/s UNTAR: 24.745 MD5: 12.050 LS: 3.525 RM: 9.544 Note: kernel has been updated: $ uname -a Linux brikett 4.18.16-200.fc28.x86_64 #1 SMP Sat Oct 20 23:53:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
2019-01-01fusefrontend: mark a few more functions as symlink-safe / unsafeJakob Unterwurzacher
2019-01-01fusefrontend: use openBackingDir in ctlsock interfaceJakob Unterwurzacher
Instead of calling syscall.Open() ourselves, rely on openBackingDir().
2019-01-01fusefrontend: make GetAttr() symlink-safeJakob Unterwurzacher
Use openBackingDir() and Fstatat(). High performance impact, though part of it should be mitigated by adding DirIV caching to the new code paths. $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.Eou: gocryptfs v1.6-37-ge3914b3-dirty; go-fuse v20170619-66-g6df8ddc; 2018-10-14 go1.11 WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.2289 s, 213 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 1.02616 s, 255 MB/s UNTAR: 24.490 MD5: 13.120 LS: 3.368 RM: 9.232
2019-01-01fusefrontend: make openBackingDir() symlink-safeJakob Unterwurzacher
openBackingDir() used encryptPath(), which is not symlink-safe itself. Drop encryptPath() and implement our own directory walk. Adds three seconds to untar and two seconds to rm: $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.MzG: gocryptfs v1.6-36-g8fb3c2f-dirty; go-fuse v20170619-66-g6df8ddc; 2018-10-14 go1.11 WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.25078 s, 210 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 1.0318 s, 254 MB/s UNTAR: 20.941 MD5: 11.568 LS: 1.638 RM: 5.337
2019-01-01fusefrontend: mark symlink-safe FUSE callsJakob Unterwurzacher
Document which FUSE calls are already symlink-safe in the function comment.
2019-01-01fusefrontend: make DecryptPath() symlink-safeJakob Unterwurzacher
DecryptPath is now symlink-safe through the use of *at() functions.
2019-01-01fusefrontend: make Access() symlink-safe.Jakob Unterwurzacher
Make Access() symlink-safe through use of faccessat.
2019-01-01fusefrontend: Fix debug message in doWrite() method.Sebastian Lackner
2019-01-01fusefrontend: Fix order of arguments in debug message for Read() FUSE call.Sebastian Lackner
2018-12-27fusefrontend: Remove unnecessary check in doRead function.Sebastian Lackner
The same condition is already checked a few lines above, and 'err' is not changed inbetween.
2018-12-27fusefrontend: Don't treat Fchownat error as failure in Mkdir.Sebastian Lackner
The directory was already created, so return success even if Fchownat fails. The same error handling is already used if fs.args.PlaintextNames is false.
2018-12-27fusefrontend: Check the correct 'err' variable.Sebastian Lackner
2018-10-17fusefronted: log more details on WriteAt failuresJakob Unterwurzacher
Also log inode number, fd number, offset and length. Maybe help debugging https://github.com/rfjakob/gocryptfs/issues/269 .
2018-10-11Add option for autounmountJesse Dunietz
Even though filesystem notifications aren't implemented for FUSE, I decided to try my hand at implementing the autounmount feature (#128). I based it on the EncFS autounmount code, which records filesystem accesses and checks every X seconds whether it's idled long enough to unmount. I've tested the feature locally, but I haven't added any tests for this flag. I also haven't worked with Go before. So please let me know if there's anything that should be done differently. One particular concern: I worked from the assumption that the open files table is unique per-filesystem. If that's not true, I'll need to add an open file count and associated lock to the Filesystem type instead. https://github.com/rfjakob/gocryptfs/pull/265
2018-09-23fusefrontend: Fix uint16 build failure on DarwinJakob Unterwurzacher
Error was: # github.com/rfjakob/gocryptfs/internal/fusefrontend internal/fusefrontend/fs.go:179: cannot use perms | 256 (type uint16) as type uint32 in argument to syscall.Fchmod internal/fusefrontend/fs.go:185: cannot use perms (type uint16) as type uint32 in argument to syscall.Fchmod
2018-09-23fusefrontend: make Rename() symlink-safeJakob Unterwurzacher
Use Openat() and the openBackingDir() helper so we never follow symlinks.
2018-09-23fusefrontend: make Create() symlink-safeJakob Unterwurzacher
Use Openat() and the openBackingDir() helper so we never follow symlinks.
2018-09-23fusefrontend: Open(): fix dirfd leakJakob Unterwurzacher
Close was missing.
2018-09-23fusefrontend: add named parameters to openBackingDirJakob Unterwurzacher
Named parameters make using the function easier.
2018-09-23fusefrontend: get rid of os.File* wrappingJakob Unterwurzacher
Directly use int file descriptors for the dirfd and get rid of one level of indirection.
2018-09-23fusefrontent: make Open() symlink-safeJakob Unterwurzacher
2018-09-08fusefrontend: use OpenDirNofollow in openBackingDirJakob Unterwurzacher
Rename openBackingPath to openBackingDir and use OpenDirNofollow to be safe against symlink races. Note that openBackingDir is not used in several important code paths like Create(). But it is used in Unlink, and the performance impact in the RM benchmark to be acceptable: Before $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.bYO: gocryptfs v1.6-12-g930c37e-dirty; go-fuse v20170619-49-gb11e293; 2018-09-08 go1.10.3 WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.07979 s, 243 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 0.882413 s, 297 MB/s UNTAR: 16.703 MD5: 7.606 LS: 1.349 RM: 3.237 After $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.jK3: gocryptfs v1.6-13-g84d6faf-dirty; go-fuse v20170619-49-gb11e293; 2018-09-08 go1.10.3 WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 1.06261 s, 247 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 0.947228 s, 277 MB/s UNTAR: 17.197 MD5: 7.540 LS: 1.364 RM: 3.410
2018-08-15fusefrontend: truncateGrowFile: pass zeroPad error to callerJakob Unterwurzacher
Errors from zeroPad were ignored until now, as discovered using xfstests generic/083.
2018-08-11reverse mode: add --exclude optionJakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/235
2018-07-22fusefronted: disallow writes running concurrently with readsJakob Unterwurzacher
As uncovered by xfstests generic/465, concurrent reads and writes could lead to this, doRead 3015532: corrupt block #1039: stupidgcm: message authentication failed, as the read could pick up a block that has not yet been completely written - write() is not atomic! Now writes take ContentLock exclusively, while reads take it shared, meaning that multiple reads can run in parallel with each other, but not with a write. This also simplifies the file header locking.
2018-07-15fusefrontend: doWrite: delete file header if first write failsJakob Unterwurzacher
xfstests generic/083 fills the filesystem almost completely while running fsstress in parallel. In fsck, these would show up: readFileID 2580: incomplete file, got 18 instead of 19 bytes This could happen when writing the file header works, but writing the actual data fails. Now we kill the header again by truncating the file to zero.
2018-07-15fusefrontend: doWrite: no need to take HeaderLock.RLock()Jakob Unterwurzacher
Other writers are blocked by ContentLock already.
2018-07-14fusefrontend: log prealloc failures at Info levelJakob Unterwurzacher
If the underlying filesystem is full, it is normal get ENOSPC here. Log at Info level instead of Warning. Fixes xfstests generic/015 and generic/027, which complained about the extra output.
2018-07-04macos: fix O_DIRECT build failureJakob Unterwurzacher
O_DIRECT has no direct equivalent on MacOS (check out https://github.com/libuv/libuv/issues/1600 for details). Just define it to zero there.
2018-07-02fusefrontend: disallow O_DIRECT and fall back to buffered IOJakob Unterwurzacher
O_DIRECT accesses must be aligned in both offset and length. Due to our crypto header, alignment will be off, even if userspace makes aligned accesses. Running xfstests generic/013 on ext4 used to trigger lots of EINVAL errors due to missing alignment. Just fall back to buffered IO.
2018-07-02fusefronted: downgrade fallocate message severityJakob Unterwurzacher
The message causes output mismatches in xfstests generic/112. Downgrade the severity to Info so it gets disabled when using "-q".
2018-07-01Fix golint warningsJakob Unterwurzacher
2018-07-01fusefrontend: add File.SeekData() functionJakob Unterwurzacher
This function will enable "gocryptfs -fsck" to handle sparse files efficiently.
2018-07-01fusefrontend: export "File" typeJakob Unterwurzacher
"gocryptfs -fsck" will need access to helper functions, and to get that, it will need to cast a gofuse.File to a fusefrontend.File. Make fusefrontend.File exported to make this work.
2018-07-01fsck: rename "CorruptItems" channel to "MitigatedCorruptions"Jakob Unterwurzacher
Make it clear that this channel is only used to report corruptions that are transparently mitigated and do not return an error to the user.
2018-06-19Fix three golint warningsJakob Unterwurzacher
We are clean again. Warnings were: internal/fusefrontend/fs.go:443:14: should omit type string from declaration of var cTarget; it will be inferred from the right-hand side internal/fusefrontend/xattr.go:26:1: comment on exported method FS.GetXAttr should be of the form "GetXAttr ..." internal/syscallcompat/sys_common.go:9:7: exported const PATH_MAX should have comment or be unexported