aboutsummaryrefslogtreecommitdiff
path: root/internal
AgeCommit message (Collapse)Author
2021-06-06fusefronted: report plaintext size on symlink creationJakob Unterwurzacher
gocryptfs 2.0 introduced the regression that the size reported at symlink creation was the ciphertext size, which is wrong. Report the plaintext size. Fixes https://github.com/rfjakob/gocryptfs/issues/574
2021-06-05syscallcompat: drop obsolete wrappersJakob Unterwurzacher
These are now available cross-platform in the unix package.
2021-06-03fido2: quote argument strings in debug outputJakob Unterwurzacher
Tested using gocryptfs -init -debug -fido2 "hello world" cipherdir Output before: callFidoCommand: executing "/usr/bin/fido2-cred" with args [fido2-cred -M -h -v hello world] After: callFidoCommand: executing "/usr/bin/fido2-cred" with args ["fido2-cred" "-M" "-h" "-v" "hello world"] Related: https://github.com/rfjakob/gocryptfs/issues/571
2021-06-02fusefrontend: run acl Setxattr in user contextJakob Unterwurzacher
The result of setting an acl depends on who runs the operation! Fixes fuse-xfstests generic/375 (see https://github.com/rfjakob/fuse-xfstests/wiki/results_2021-05-19)
2021-06-02fusefrontend: catch ReadAt integer overflowJakob Unterwurzacher
Discovered by xfstests generic/564 . Failure was: generic/564 - output mismatch (see /opt/fuse-xfstests/results//generic/564.out.bad) --- tests/generic/564.out 2021-05-08 21:11:05.307395966 +0200 +++ /opt/fuse-xfstests/results//generic/564.out.bad 2021-05-19 19:01:16.912888879 +0200 @@ -31,7 +31,7 @@ source range beyond 8TiB returns 0 destination range beyond 8TiB returns EFBIG -copy_range: File too large +copy_range: Function not implemented
2021-06-02nametransform: check name validity on encryptionJakob Unterwurzacher
xfstests generic/523 discovered that we allowed to set xattrs with "/" in the name, but did not allow to read them later. With this change we do not allow to set them in the first place.
2021-05-29fusefrontend: list "." and ".." in dir entriesJakob Unterwurzacher
Fixes xfstests generic/401
2021-05-29fusefrontend: rewrite Lseek SEEK_DATA / SEEK_HOLEJakob Unterwurzacher
In response to the discussion of the xfstests mailing list [1], I looked at the Lseek implementation, which was naive and did not handle all cases correctly. The new implementation aligns the returned values to 4096 bytes as most callers expect. A lot of tests are added to verify that we handle all cases correctly now. [1]: https://www.spinics.net/lists/fstests/msg16554.html
2021-05-26contentenc: add PlainOffToCipherOff helperJakob Unterwurzacher
Will be used for improving Lseek()
2021-05-26contentenc: fix CipherSizeToPlainSize non-monoticityJakob Unterwurzacher
For an illegal cipherSize, pretend we have an additional 1-byte block. See code comment for details.
2021-05-26contentenc: update commentsJakob Unterwurzacher
Also, replace one open-coded calculation with a helper function.
2021-05-26tests: contentenc: add TestSizeToSizeJakob Unterwurzacher
TestSizeToSize tests CipherSizeToPlainSize and PlainSizeToCipherSize. Fails at the moment due to CipherSizeToPlainSize non-moniticity.
2021-05-26syscallcompat: add GetdentsSpecial()Jakob Unterwurzacher
GetdentsSpecial calls then Getdents syscall, with normal entries and "." / ".." split into two slices.
2021-05-26stupidgcm: prefer Go stdlib over OpenSSL on Apple M1Jakob Unterwurzacher
https://github.com/rfjakob/gocryptfs/issues/556
2021-05-22syscallcompat: also refactor MkdiratUser on GOOS=darwinJakob Unterwurzacher
Breakage was: +GOOS=darwin +GOARCH=amd64 +go build -tags without_openssl internal/fusefrontend/node_dir_ops.go:45:34: cannot use context (type *fuse.Context) as type *fuse.Caller in argument to syscallcompat.MkdiratUser internal/fusefrontend/node_dir_ops.go:83:35: cannot use context (type *fuse.Context) as type *fuse.Caller in argument to syscallcompat.MkdiratUser
2021-05-22syscallcompat: refactor MkdiratUser to take fuse.ContextJakob Unterwurzacher
Let's have MkdiratUser take fuse.Context like everybody else.
2021-05-22syscallcompat: deduplicate OpenatUser/MknodatUser/SymlinkatUser/MkdiratUserJakob Unterwurzacher
Turns out the whole euid switching logic can be shared when wrapping the syscall in a closure.
2021-05-18fsck: redirect go-fuse noise to syslogJakob Unterwurzacher
2021-05-18-speed: note that XChaCha20 is not selectableJakob Unterwurzacher
This is unclear to users, as seen on https://github.com/rfjakob/gocryptfs/issues/452#issuecomment-828836651
2021-05-15fusefrontend: fix RENAME_NOREPLACE darwin build failureJakob Unterwurzacher
Error was: internal/fusefrontend/node.go:371:2: duplicate case syscallcompat.RENAME_NOREPLACE (value 0) in switch previous case at internal/fusefrontend/node.go:368:7 Rewrite using "if"s instead.
2021-05-08fusefrontend: avoid duplicate const definitionJakob Unterwurzacher
RENAME_NOREPLACE is already defined in syscallcompat.
2021-05-08fusefrontend: reject broken RENAME_EXCHANGE and RENAME_WHITEOUTJakob Unterwurzacher
Discovered by xfstests generic/013: or implementation for RENAME_EXCHANGE and RENAME_WHITEOUT is incomplete. Reject the flags so that the caller retries with regular rename.
2021-04-07fusefrontend: make dirCache work for "node itself"Jakob Unterwurzacher
"node itself" can be converted to node + child by ascending one level. Performance gains are spectacular, as will be seen in the next commit.
2021-04-05fusefrontend: print dirCache stats after unmountJakob Unterwurzacher
2021-04-04fs: more idiomatic dirCache struct namingJakob Unterwurzacher
2021-04-03fs: add initial dirfd cachingJakob Unterwurzacher
dirfd caching was temporarily removed when moving to the v2api. Add it back to gain back some lost speed.
2021-04-03tests: fusefronted: fix TestOpenBackingDirJakob Unterwurzacher
This test only worked accidentially, and would break once dirfd caching is added. fs.Mkdir(..., "dir1/dir2", ...) is illegal (child name cannot contain slashes).
2021-04-03fusefronted: replace last rn.openBackingDir() callsJakob Unterwurzacher
Use the n.prepareAtSyscall() wrapper instead. Prepares for adding caching into n.prepareAtSyscall().
2021-03-21fusefronted: move Create() and Open() to new fileJakob Unterwurzacher
And deduplicate the code a little.
2021-03-21fusefrontend: -sharedstorage: fix TestRmwRace failureJakob Unterwurzacher
The Open() and Create() paths used different inode numbers, which broke openfiletable locking against concurred readers.
2021-03-14syscallcompat: getdents: link to #483Jakob Unterwurzacher
Give a user receiving the Getdents warning some background info.
2021-03-07v2api: -sharestorage: disable hard link tracking & add testsJakob Unterwurzacher
Hard link tracking was not correctly disabled since the migration to the go-fuse v2 api. Add a test to ensure it stays off. Fixes https://github.com/rfjakob/gocryptfs/issues/525
2021-02-07fusefrontend: do not encrypt ACLsJakob Unterwurzacher
Pass through system.posix_acl_access and system.posix_acl_default unencrypted to fix "cp -a" problems. "cp -a" uses "setxattr" even to set normal permissions, see https://www.spinics.net/lists/linux-nfs/msg63986.html . Fixes https://github.com/rfjakob/gocryptfs/issues/543
2021-02-06syscallcompat: MknodatUser: work around changed syscall.Setgroups semanticsJakob Unterwurzacher
Since go1.16beta1 (commit d1b1145cace8b968307f9311ff611e4bb810710c , https://go-review.googlesource.com/c/go/+/210639 ) syscall.{Setgroups,Setregid,Setreuid} affects all threads, which is exactly what we not want. We now use unix.{Setgroups,Setregid,Setreuid} instead. Workarounds https://github.com/golang/go/issues/1435 .
2021-01-10nametransform: make `gocryptfs.diriv` and `gocryptfs.xxx.name` files ↵Jakob Unterwurzacher
world-readable Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier when mounting via fstab. Having the files follow chmod/chown of their parent does not seem to be worth the hassle. The content of the diriv files is not secret, and both diriv and name files are protected by the perms of the parent dir. Fixes https://github.com/rfjakob/gocryptfs/issues/539
2021-01-10nametransform: move permission constants to perms.goJakob Unterwurzacher
Prep for https://github.com/rfjakob/gocryptfs/issues/539
2020-12-20main: add "-kernel_cache" flaggmd20
This option is similar to fuse(8) kernel_cache Verified using vmtouch. Without -kernel_cache: $ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo 10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0,0242321 s, 433 MB/s Files: 1 Directories: 0 Touched Pages: 2560 (10M) Elapsed: 0.011159 seconds Files: 1 Directories: 0 Resident Pages: 0/2560 0/10M 0% Elapsed: 0.000993 seconds With -kernel_cache: $ dd if=/dev/zero of=foo bs=1M count=10 ; vmtouch -t foo ; vmtouch foo 10+0 records in 10+0 records out 10485760 bytes (10 MB, 10 MiB) copied, 0,0244015 s, 430 MB/s Files: 1 Directories: 0 Touched Pages: 2560 (10M) Elapsed: 0.011564 seconds Files: 1 Directories: 0 Resident Pages: 2560/2560 10M/10M 100% Elapsed: 0.000369 seconds
2020-11-10fusefrontend_reverse: fix GETATTR panicJakob Unterwurzacher
We don't implement Getattr(), so don't try to call it. Reported at https://github.com/rfjakob/gocryptfs/issues/519#issuecomment-718790790 : 15:22:53.414101 rx 3344: READ n2565 {Fh 7 [42143744 +131072) L 0 RDONLY,0x8000} 15:22:53.414274 rx 3342: READ n2565 {Fh 7 [42012672 +131072) L 0 RDONLY,0x8000} 15:22:53.414787 rx 3346: READ n2565 {Fh 7 [42274816 +131072) L 0 RDONLY,0x8000} 15:22:53.414806 tx 3336: OK, 131072b data "\xcb\xd3<\"!-\xa7\xc4"... 15:22:53.414874 rx 3348: GETATTR n1446 {Fh 0} panic: interface conversion: *fusefrontend_reverse.File is not fs.FileGetattrer: missing method Getattr goroutine 451 [running]: github.com/rfjakob/gocryptfs/internal/fusefrontend_reverse.(*Node).Getattr(0xc00034c880, 0x5620579784c0, 0xc000593e60, 0x562057939800, 0xc000218050, 0xc0000fc108, 0x0) github.com/rfjakob/gocryptfs/internal/fusefrontend_reverse/node.go:69 +0x273 github.com/hanwen/go-fuse/v2/fs.(*rawBridge).getattr(0xc00011e000, 0x5620579784c0, 0xc000593e60, 0xc00034c880, 0x562057939800, 0xc000218050, 0xc0000fc108, 0xbfded1ef58ba7b13) github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fs/bridge.go:500 +0x2d4 github.com/hanwen/go-fuse/v2/fs.(*rawBridge).GetAttr(0xc00011e000, 0xc0000e0000, 0xc0000fc198, 0xc0000fc108, 0x0) github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fs/bridge.go:488 +0x11c github.com/hanwen/go-fuse/v2/fuse.doGetAttr(0xc000120000, 0xc0000fc000) github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fuse/opcode.go:287 +0x6f github.com/hanwen/go-fuse/v2/fuse.(*Server).handleRequest(0xc000120000, 0xc0000fc000, 0xc000000000) github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fuse/server.go:472 +0x2c1 github.com/hanwen/go-fuse/v2/fuse.(*Server).loop(0xc000120000, 0xc000288001) github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fuse/server.go:445 +0x18c created by github.com/hanwen/go-fuse/v2/fuse.(*Server).readRequest github.com/hanwen/go-fuse/v2@v2.0.4-0.20200908172753-0b6cbc515082/fuse/server.go:312 +0x419
2020-10-19Drop two more generated filesJakob Unterwurzacher
These were committed by mistake.
2020-10-19Drop generated filesJakob Unterwurzacher
These were committed by mistake.
2020-10-18fusefronted: reject GETXATTR "security.capability"Jakob Unterwurzacher
Unless we are mounted with -suid, we can reject these requests, and gain back some lost speed. Closes https://github.com/rfjakob/gocryptfs/issues/515
2020-10-18syscallcompat: add getxattr fastpathsJakob Unterwurzacher
The allocations from Lgetxattr were #1 in the tar extract allocation profile (caused by security.capability lookups). No more! $ benchstat old.txt new.txt name old time/op new time/op delta Lgetxattr-4 15.2µs ± 0% 1.8µs ± 0% ~ (p=1.000 n=1+1) $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.H8p: gocryptfs v2.0-beta1-4-g95ea738-dirty; go-fuse v2.0.4-0.20200908172753-0b6cbc515082 => github.com/rfjakob/go-fuse/v2 v2.0.4-0.20201015204057-88b12c99f8af; 2020-10-18 go1.15.3 linux/amd64 /tmp/benchmark.bash.H8p.mnt is a mountpoint WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,520109 s, 504 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,255672 s, 1,0 GB/s UNTAR: 30,238 MD5: 12,721 LS: 10,038 RM: 16,536
2020-10-16syscallcompat: add Lgetxattr benchmarkJakob Unterwurzacher
2020-10-15v2pai: delete fusefrontend_reverse_v1apiJakob Unterwurzacher
Served its mission a copy-paste source but can now be deleted.
2020-10-14syscallcompat: don't retry Close()Jakob Unterwurzacher
After Close() returns, the fd is dead, even if we received EINTR. Don't retry, we could shoot down an unrelated fd that received the same fd number.
2020-10-14syscallcompat: retry ops on EINTRJakob Unterwurzacher
Retry operations that have been shown to throw EINTR errors on CIFS. Todo: Solution for this pain in the back: warning: unix.Getdents returned errno 2 in the middle of data rm: cannot remove 'linux-3.0.old3/Documentation/ABI/removed': Input/output error Progress towards fixing https://github.com/rfjakob/gocryptfs/issues/483 .
2020-10-11syscallcompat: Openat: retry on EINTRJakob Unterwurzacher
Towards fixing https://github.com/rfjakob/gocryptfs/issues/507
2020-09-12Add support for FIDO2 tokensPavol Rusnak
2020-09-09v2api: add Darwin xattr supportJakob Unterwurzacher
2020-09-09syscallcompat: add Renameat2 for DarwinJakob Unterwurzacher