compat.c is supposed to be standalone to provide compat ABI symbols.
Including fuse header files can cause conflicts - just the opposite
of what compat.c was made for.
This is direct copy of <linux>/.clang-format as
this project was initiated with linux style. Some
lines that were auto-generated are removed
("# Taken from:...).
Some files like example/passthrough_hp.cc use
a different style - these files probably should
be cleaned up when major changes are done to them.
Add support for filesystem passthrough read/write of files.
When the FUSE_PASSTHROUGH capability is enabled, the FUSE server may
decide, while handling the "open" or "create" requests, if the given
file can be accessed by that process in "passthrough" mode, meaning that
all the further read and write operations would be forwarded by the
kernel directly to the backing file rather than to the FUSE server.
All requests other than read or write are still handled by the server.
This allows for an improved performance on reads and writes, especially
in the case of reads at random offsets, for which no (readahead)
caching mechanism would help, reducing the performance gap between FUSE
and native filesystem access.
Extend also the passthrough_hp example with the new passthrough feature.
This example opens a kernel backing file per FUSE inode on the first
FUSE file open of that inode and closes the backing file on the release
of the last FUSE file on that inode.
All opens of the same inode passthrough to the same backing file.
A combination of fi->direct_io and fi->passthrough is allowed.
It means that read/write operations go directly to the server, but mmap
is done on the backing file.
This allows to open some fds of the inode in passthrough mode and some
fd of the same inode in direct_io/passthrough_mmap mode.
Signed-off-by: Alessio Balsini <balsini@android.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
The API stays the same, the libfuse version comes from
inlined functions, which are defined fuse_lowlevel.h
and fuse.h. As these inlined functions are defined in the header
files they get added into the application, similar as if these
were preprocessor macros.
Macro vs inlined function is then just a style issue - I personally
prefer the latter.
fuse_session_new() -> static inlinei, in the application
_fuse_session_new -> inside of libfuse
fuse_new() -> static inline, in the application
_fuse_new() -> inside of libfuse
Note: Entirely untested is the fuse 30 api - we need a test
for it. And we do not have any ABI tests at all.
Signed-off-by: Bernd Schubert <bernd.schubert@fastmail.fm>
If the file system doesn't provide a ->open or an ->opendir, and the
kernel supports FUSE_CAP_NO_OPEN_SUPPORT or FUSE_CAP_NO_OPENDIR_SUPPORT,
allow the implementation to set FUSE_CAP_NO_OPEN*_SUPPORT on conn->want
in order to automatically get this behavior. Expand the documentation
to be more explicit about the behavior of libfuse in the different cases
WRT this capability.
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
We already have some C11 pieces like Static_assert and we are likely
going to add more - tell meson to use C11.
Plain C11 does not work as there are several language extension,
like typeof - part of C23 only. We might be able to fix/workaround
such extensions with compiler ifdef, but then I prefer gnu11 over
checking which compiler is used (example gcc has __typeof vs
clangs __typeof++). And compiler extension would also defeat pedantic.
Despite the creation of the header file fuse_config.h during LibFUSE
version 3.16.2's Meson build process, the BSD mount_bsd.c file continues to reference config.h. Consequently, this discrepancy results in compilation failures.
FIX : Point the mount_bsd.c to correct header.
* Use single place to define the version
Defining the version in fuse_common.h, is removed, it is defined
through meson and provided by "libfuse_config.h". I.e. it avoids
to define the version twice - once in meson and once in
fuse_common.h.
Ideal would be to set integers in the meson file and create the version
string from these integers. However, meson requires that "project"
is the first meson.build keyword - with that it requires to
set the version from a string and then major/minor/hotfix integers
are created from string split.
Signed-off-by: Bernd Schubert <bernd.schubert@fastmail.fm>
* Increase the version to 3.17.0
This is to prepare the branch for the next release.
Signed-off-by: Bernd Schubert <bernd.schubert@fastmail.fm>
---------
Signed-off-by: Bernd Schubert <bernd.schubert@fastmail.fm>
By virtio-fs and libfuse fuse_custom_io, passthrough_ll could be
a virtio filesystem device backend, this bug was found when doing
mount, fsstress and umount repeatedly.
Signed-off-by: Xiaoguang Wang <lege.wang@jaguarmicro.com>
Co-authored-by: Xiaoguang Wang <lege.wang@jaguarmicro.com>
Define a new clone_fd() helper for fuse_custom_io, users
can implement their own clone fd logic.
Signed-off-by: Xiaoguang Wang <lege.wang@jaguarmicro.com>
If user updates conn->max_write in fuse_lowlevel_ops' init() method, do_init()
will miss the "conn.max_write > bufsize - FUSE_BUFFER_HEADER_SIZE" judgment,
and ->init method will be called after it, which obviously is a bug.
Signed-off-by: Xiaoguang Wang <lege.wang@jaguarmicro.com>
Co-authored-by: Xiaoguang Wang <lege.wang@jaguarmicro.com>
Add more documentation for FUSE_CAP_EXPORT_SUPPORT
Also remove the flag from passthrough_ll.c and passthrough_hp.cc
as these implementations do _not_ handle that flag. They just
cast fuse_ino_t to an inode and cause a heap buffer overflow
for unknown objects (simplest reproducer are the examples
in "man 2 open_by_handle_at", but to unmount/mount the file
system after name_to_handle_at and before open_by_handle_at).
Fixes https://github.com/libfuse/libfuse/issues/838
---------
Co-authored-by: Nikolaus Rath <Nikolaus@rath.org>
fixes#235
In fill_dir_plus(), there's a lookup for caching dirent attributes.
However, when offset = 0 the cache metadata from the lookup is lost
as only the entry attributes are passed when added to the list. Kernel
doesn't cache the attributes since .ino = 0.
This change moves the entry lookup to happen just before the relevant
fuse_add_direntry_plus() calls
User may still need to mount same fuse filesystem after umounting
it(In this case, the userspace filesystem server needs to keep live),
and after handling FUSE_DESTROY message, new FUSE_INIT message may come,
so need to reset got_init to be zero.
Signed-off-by: Xiaoguang Wang <lege.wang@jaguarmicro.com>
In order to use the fuse_fill_dir_t function in a C++ program, add the enum item:
FUSE_FILL_DIR_DEFAULTS
Without this change g++ compilation failed with
example/hello.c:94:35: error: invalid conversion from ‘int’ to ‘fuse_fill_dir_flags’ [-fpermissive]
94 | filler(buf, ".", NULL, 0, 0);
| ^
| |
| int
Similar issue as fixed in commit
3c7ba570 "examples/notify_store_retrieve: Add a clean shutdown".
Basically a clean shutdown was missing, but even with clean
shutdown it does not work, as kernel side releases inodes before
sending FUSE_DESTROY - the intervaled thread then gets
-ENOENT.
Co-authored-by: Bernd Schubert <bschubert@ddn.com>
This reconfigure is recommended to ensure the build system
(ninja/cmake/...) get the updated meson config. They
typically do, but it depends on file time stamps - is
a potential random error source.
Commit b1cdc497 ("ci-build.sh: Run ASAN and UBSAN at the same time")
also accidentally removed the test for versioned symbols.
Also export clang/clang++ to make sure new shells get it.
This was stalling - easier to check what happens
when it fails fast. And in general, sanitized
builds are faster than valgrind and detect almost
as much errors as valgrind (same level would be
achieved with MSAN, but that is hard to use),
so failures can be detected faster whan sanitizers
run first.
As noticed by valgrind in issue #907 example/poll.c
triggers a use-after-free
==85200== Thread 2:
==85200== Invalid read of size 4
==85200== at 0x485E54A: send_notify_iov (fuse_lowlevel.c:2267)
==85200== by 0x485E54A: fuse_lowlevel_notify_poll (fuse_lowlevel.c:2289)
==85200== by 0x1096F2: fsel_producer (poll.c:245)
==85200== by 0x4897EA6: start_thread (pthread_create.c:477)
==85200== by 0x49ADA6E: clone (clone.S:95)
==85200== Address 0x5291d68 is 392 bytes inside a block of size 920 free'd
==85200== at 0x48399AB: free (vg_replace_malloc.c:538)
==85200== by 0x485A12C: fuse_destroy (fuse.c:5103)
==85200== by 0x486220F: fuse_main_real (helper.c:389)
==85200== by 0x1091D6: main (poll.c:288)
==85200== Block was alloc'd at
==85200== at 0x483AB65: calloc (vg_replace_malloc.c:760)
==85200== by 0x485BAA0: fuse_session_new (fuse_lowlevel.c:3036)
==85200== by 0x4859AF2: fuse_new@@FUSE_3.1 (fuse.c:4966)
==85200== by 0x4862129: fuse_main_real (helper.c:345)
==85200== by 0x1091D6: main (poll.c:288)
Issue is that the "fsel_producer" thread is still active after
fuse_destroy - it gets destructed too late.
Tests were failing because mount dir was missing.
Unclear to me why this became only recently an issue
(github internal - out of the sudden tests were hanging).
We want to see errors - reduce allowed errors.
With --maxfail=99 tests out of the sudden started to hang
in github, without a change in libfuse (I had actually tested
to previous release tags). With --maxfail=1 pytest aborts
and we see failing github.
Also increase python log level to NOTSET - NOTSET should print
all messages.
Also use "pytest" has wrapper for "python3 -m"
As per pull #898, fusermount3 had a severe issue that
should have been detected by ASAN. I guess tests used
the system default and not the sanitized binary.
Order of execution of fusermount3 is to try
1) full install path
if that fails
2) just fusermount3
So tests should be fixed by installing libfuse, setting the s-bit
on fusermount3 and then to run the tests.
- This adds a wrapper function for the call sequence
of posix_spawn and posix_spawnp.
- Replaces perror() with fuse_log - the latter
can be redirected through the file system log function
and gives better end user friendly output
- other minor changes, like variable renames
- no functional change
Client code might allocate a lot of memory before starting the mount.
Fork is slow for processes that are using a lot of memory. But
posix_spawn fixes that.
Another issue with fork is if the process is also doing RDMA - this
might lead to data corruption, as least if memory used for RDMA
is not marked with MADV_DONTFORK. At least with linux kernels
before 5.12.
Also see https://blog.nelhage.com/post/a-cursed-bug/ for more details
Change by Bernd:
This also prepares the new fusermount option "--comm-fd", but keeps
the previous way to pass the parameter as env variable. In a future
release (exact data to be determined) we are going to remove usage
of the env variable and will switch to the new parameter.
Commit 74b1df2e introduced a heap-buffer-overflow, as
allocated memory was not initialized and extract_x_options
was also not checking for the remaining buffer size.
Fix is to initialize the buffer and to also not exceed the buffer
size. Actually not exceeding buffer size is rather complex with C
and introduced quite some code changes.
Also fixed is a memory leak of allocated buffers in the commit
mentioned above.
This test was racy, the lookup counter must only be increased once
kernel side has lookup completed and knows about the inode.
However, this is still racy as
app thread
(python script) kernel-side libfuse thread kernel
----------------------------------------------------------------------
open file
lookup req
wait
handle req
reply
wake app thread
return
new_inode()
<continue file open>
So actually on libfuse side even after returning from kernel side
it is not ensured that the kernel has created the inode. I.e.
using lookup_cnt in the test is still racy.
A new variabled 'open_cnt' is added that is only increased in open
Using open_cnt should be safe to use as kernel side (with atomic-open)
first does lookup, from that data creates the inode and only then sends
an open request. I.e. update_fs_loop() must only call
fuse_lowlevel_notify_store() once it is absolutely sure kernel side has
created the inode (open_cnt) and when it is sure the kernel inode still
exists (lookup_cnt).
Not really nice, but we actually need to accept some errors, as
these still come up at umount time. Typically it is hard to hit,
but tests in github actually frequently get it. Actually, it can be
easily reproduced by commenting out the sleep line in
update_fs_loop(). Underlying issue is that kernel side is
sending ->destroy() only when it already internally released all
inodes - too late for this test. The errors I run into are ENOENT
and EBADFD, but I added back in ENODEV for safety.
In order to avoid any other kind races mutex lock is also introduced.
This test could fail whenever a something (kernel, userspace) decides
to flush in between of two 2048B writes. These two writes are supposed
to be merged into a single 4906 byte write by the kernel writeback cache,
but _sometimes_ the test fails because 2048 byte writes get through.
Fixes#882
Solution here is a modification how the test works - instead
of requiring an exact aggregation of 2x2048B into 4096B,
it now writes 64x2048B and requires in write-back modes
the number of received writes requests is lower than 64 - we
can expect that at least some writes get aggregated, but we do
know how many.
Co-authored-by: Bernd Schubert <bschubert@ddn.com>
