| Age | Commit message (Collapse) | Author | Lines | 
|---|
|  | Read/writes IOs should be page aligned as fuse server
might need to copy data to another buffer otherwise in
order to fulfill network or device storage requirements.
Simple reproducer is example/passthrough*
and opening a file with O_DIRECT - without this change
writing to that file failed with -EINVAL if the underlying
file system was using ext4 (for passthrough_hp the
'passthrough' feature has to be disabled).
The mis-alignment from fuse kernel is not ideal, but we can handle
it by allocation one page more than needed and then using a buffer
that is set up to compensate for kernel misalignment.
This also only set se->buf_reallocable to true when called
by a libfuse internal caller - we do not know what
external callers are doing with the buffer - update to
commit 0e0f43b79b9b | 
|  | Note that name hashes and using paths as parameters
makes it very hard to support
anonymous files in the high level API.
Known Issues:
- tests have to bail out when O_TMPFILE is not supported.
This will always be the case with high level passthrough implementations.
- test_create_and_link_tmpfile has to be skipped
due to unidentified problems with github runner | 
|  | When allocating as an array of char only alignment of 1 is guaranteed but
the structure needs an alignment of 8. Specify alignment explicitly | 
|  | A previous PR supported extended max writes (eg write requests larger than 1 MB)
by initializing the fuse session buffer size to use the max_pages_limit set in
/proc/sys/fs/fuse. However, this is a huge problem for machines where multiple
fuse servers may be running but only one server needs large writes. In this case,
a lot of memory will be wasted and will lead to OOM issues.
This PR does a reallocation of the session buffer transparently if the server set
 "se->conn.max_write" to a value larger than 1 MiB. This is only for buffers that
are "owned" by libfuse - if the server wishes to provide its own allocated buffer
for receiving/processing requests, then it should ensure that buffer is allocated
to the proper size from the start.
Local testing showed:
echo 65535 | sudo tee /proc/sys/fs/fuse/max_pages_limit
dd if=/dev/urandom of=hello_file bs=6M count=2
write requests:
write request size is 5242880
write request size is 1048576
write request size is 5242880
write request size is 1048576 | 
|  | No functional changes. | 
|  | This should stop some more xfstest test failures. | 
|  | Simplify setting feature flags a bit by adding a helper
function.
Also move the check for valid flags into a funtion we can re-use
in a later patch. | 
|  |  | 
|  | Add a wrapper around strtol for more rigorous error checking
and convert uses of atoi and strtol to use this instead. | 
|  | Updating the mtab on Android fails due to differences in toybox's mount
command. Setting IGNORE_MTAB avoids that issue.
Signed-off-by: Daniel Rosenberg <drosen@google.com> | 
|  | max_write can be limited by se->op.init() and by the buffer size,
we use the minimum of these two.
Required se->bufsize is then set according to the determined
max_write. The current thread will have the old buffer size,
though, as it already had to the allocation to handle the
FUSE_INIT call (unless splice is used and ths variable
and related buffer is not used at all).
The given bufsize is just a hint for minimum size, allocation
could be actually larger (for example to get huge pages). | 
|  | The further these lines are separated from each other the harder
it is to read the code.
There shouldn't be any code change behavior here. | 
|  | A recent upstream patch [1] changed FUSE_MAX_MAX_PAGES to
FUSE_DEFAULT_MAX_PAGES_LIMIT.
Update libfuse to use FUSE_DEFAULT_MAX_PAGES_LIMIT as well
instead of FUSE_MAX_MAX_PAGES.
[1] https://lore.kernel.org/linux-fsdevel/20240923171311.1561917-1-joannelkoong@gmail.com/T/#t | 
|  | Currently in libfuse, the buffer size for a fuse session is
capped at 1 MiB on a 4k page system. A recent patch
upstream [1] was merged that allows the max number of pages
per fuse request to be dynamically configurable through the
/proc/sys interface (/proc/sys/fs/fuse/max_pages_limit).
This commit adds support for this on the libfuse side to set
the fuse session buffer to take into account the max pages
limit set in /proc/sys/fs/fuse/max_pages_limit. If this
sysctl does not exist (eg older kernels), it will default to
old behavior (using FUSE_MAX_MAX_PAGES (256) as the max pages
limit). This allows for things like bigger write buffers per
request.
[1] https://lore.kernel.org/linux-fsdevel/20240923171311.1561917-1-joannelkoong@gmail.com/T/#t | 
|  | The option to the path of the binary had been accidentally removed
in the scripts that can parse backtraces.
The dump_stack() function had left over debug messages. | 
|  | This option is handled in VFS.
Added in Linux 5.10
dab741e0e02bd3c4f5e2e97be74b39df2523fc6e
Signed-off-by: Tyler Hall <tylerwhall@gmail.com> | 
|  | execinfo.h is unnecessary if HAVE_BACKTRACE is not defined.
This increases portability for systems without execinfo.h | 
|  |  | 
|  | I see random ENOTCONN failures in xfstest generic/013 and generic/014
in my branch, but earliest on the 2nd run - takes ~12hours to get
the issue, but then there are no further information logged.
ENOTCONN points to a daemon crash - I need backtraces and a core dump.
This adds optional handling of fatal signals to print a core dump
and optional syslog logging with these new public functions:
fuse_set_fail_signal_handlers()
    In addition to the existing fuse_set_signal_handlers(). This is not
    enabled together with fuse_set_signal_handlers(), as it is change
    in behavior and file systems might already have their own fatal
    handlers.
fuse_log_enable_syslog
    Print logs to syslog instead of stderr
fuse_log_close_syslog
    Close syslog (for now just does closelog())
Code in fuse_signals.c is also updated, to be an array of signals,
and setting signal handlers is now down with a for-loop instead
of one hand coded set_one_signal_handler() per signal. | 
|  | dmask: umask applied to directories
fmask: umask applied to non-directories
to get "typical" permission bits for regular files (0644) and directories (0755), a single
umask option is not sufficient (or well, it isn't the way fuse implements it)
there is precident for separate umask and dmask options in other
filesystems (see for example fat: https://github.com/torvalds/linux/tree/master/fs/fat)
this addition should not affect backward-compatibility; the original
umask option retains the same meaning, but non-zero fmask or
dmask will override it. | 
|  | The pointer did not have any sanity check.
Addresses https://github.com/libfuse/libfuse/issues/979 | 
|  | After reading the file /proc/$PID/task/$PID/status the buffer wasn't
terminated with a null character.  This could theoretically lead to buffer
overrun by the subsequent strstr() call.
Since the contents of the proc file are guaranteed to contain the pattern
that strstr is looking for, this doesn't happen in normal situations.
Add null termination for robustness.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> | 
|  | The code `fuse_init_intr_signal` in `_fuse_new_317` is useless
since commit 8ee553dac ("fuse_new(): don't accept options that
don't make sense for end-users") has remove the conf.intr option
for end-users. The conf.intr is always zero (i.e., disabled) here.
Move `fuse_init_intr_signal` after the user-defined `init()` function,
so that conf.intr and conf.intr_signal has been configured by the user. | 
|  | ref_cnt should make the intention of this variable more clear. | 
|  | The variable is not modified exclusively with locks since commit
cef8c8b24902 ("Add support for no_interrupt") anymore.
That commit is safe, but might be error prone to future updates.
Changing it to a C11 _Atomic should avoid issues. | 
|  | The function fuse_session_process_buf_int() would do much things
for FUSE_INTERRUPT requests, even there are no FUSE_INTERRUPT requests:
1. check every non-FUSE_INTERRUPT request and add these requests to the
linked list(se->list) under a big lock(se->lock).
2. the function fuse_free_req() frees every request and remove them from
the linked list(se->list) under a bing lock(se->lock).
These operations are not meaningful when there are no FUSE_INTERRUPT requests,
and have a great impact on the performance of fuse filesystem because the big
lock for each request.
In some cases, FUSE_INTERRUPT requests are infrequent, even none at all.
Besides, the user-defined filesystem may do nothing for FUSE_INTERRUPT requests.
And the kernel side has the option "no_interrupt" in struct fuse_conn. This kernel option
can be enabled by return ENOSYS in libfuse for the reply of FUSE_INTERRUPT request.
But I don't find the code to enable the "no_interrupt" kernel option in libfuse.
So add the no_interrupt support, and when this operaion is enabled:
1. remove the useless locking operaions and list operations.
2. return ENOSYS for the reply of FUSE_INTERRUPT request to inform the kernel to disable
FUSE_INTERRUPT request. | 
|  | Fixes: 73cd124d0408 ("Add clone_fd to custom IO (#927)")
Signed-off-by: Xiaoguang Wang <lege.wang@jaguarmicro.com> | 
|  | compat.c is supposed to be standalone to provide compat ABI symbols.
Including fuse header files can cause conflicts - just the opposite
of what compat.c was made for. | 
|  | Add support for filesystem passthrough read/write of files.
When the FUSE_PASSTHROUGH capability is enabled, the FUSE server may
decide, while handling the "open" or "create" requests, if the given
file can be accessed by that process in "passthrough" mode, meaning that
all the further read and write operations would be forwarded by the
kernel directly to the backing file rather than to the FUSE server.
All requests other than read or write are still handled by the server.
This allows for an improved performance on reads and writes, especially
in the case of reads at random offsets, for which no (readahead)
caching mechanism would help, reducing the performance gap between FUSE
and native filesystem access.
Extend also the passthrough_hp example with the new passthrough feature.
This example opens a kernel backing file per FUSE inode on the first
FUSE file open of that inode and closes the backing file on the release
of the last FUSE file on that inode.
All opens of the same inode passthrough to the same backing file.
A combination of fi->direct_io and fi->passthrough is allowed.
It means that read/write operations go directly to the server, but mmap
is done on the backing file.
This allows to open some fds of the inode in passthrough mode and some
fd of the same inode in direct_io/passthrough_mmap mode.
Signed-off-by: Alessio Balsini <balsini@android.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com> | 
|  | The API stays the same, the libfuse version comes from
inlined functions, which are defined fuse_lowlevel.h
and fuse.h. As these inlined functions are defined in the header
files they get added into the application, similar as if these
were preprocessor macros.
Macro vs inlined function is then just a style issue - I personally
prefer the latter.
fuse_session_new() -> static inlinei, in the application
_fuse_session_new -> inside of libfuse
fuse_new() -> static inline, in the application
_fuse_new() -> inside of libfuse
Note: Entirely untested is the fuse 30 api - we need a test
for it. And we do not have any ABI tests at all.
Signed-off-by: Bernd Schubert <bernd.schubert@fastmail.fm> | 
|  | If the file system doesn't provide a ->open or an ->opendir, and the
kernel supports FUSE_CAP_NO_OPEN_SUPPORT or FUSE_CAP_NO_OPENDIR_SUPPORT,
allow the implementation to set FUSE_CAP_NO_OPEN*_SUPPORT on conn->want
in order to automatically get this behavior.  Expand the documentation
to be more explicit about the behavior of libfuse in the different cases
WRT this capability.
Signed-off-by: Josef Bacik <josef@toxicpanda.com> | 
|  | All credits to Miklos Szeredi <miklos@szeredi.hu> for spotting
this.
Signed-off-by: Bernd Schubert <bernd.schubert@fastmail.fm> | 
|  | Despite the creation of the header file fuse_config.h during LibFUSE
version 3.16.2's Meson build process, the BSD mount_bsd.c file continues to reference config.h. Consequently, this discrepancy results in compilation failures.
FIX : Point the mount_bsd.c to correct header. | 
|  | Define a new clone_fd() helper for fuse_custom_io, users
can implement their own clone fd logic.
Signed-off-by: Xiaoguang Wang <lege.wang@jaguarmicro.com> | 
|  | If user updates conn->max_write in fuse_lowlevel_ops' init() method, do_init()
will miss the "conn.max_write > bufsize - FUSE_BUFFER_HEADER_SIZE" judgment,
and ->init method will be called after it, which obviously is a bug.
Signed-off-by: Xiaoguang Wang <lege.wang@jaguarmicro.com>
Co-authored-by: Xiaoguang Wang <lege.wang@jaguarmicro.com> | 
|  | This just adds in the basic handler, but does not
use it yet in examples. | 
|  | fixes #235
In fill_dir_plus(), there's a lookup for caching dirent attributes.
However, when offset = 0 the cache metadata from the lookup is lost
as only the entry attributes are passed when added to the list. Kernel
doesn't cache the attributes since .ino = 0.
This change moves the entry lookup to happen just before the relevant
fuse_add_direntry_plus() calls | 
|  | User may still need to mount same fuse filesystem after umounting
it(In this case, the userspace filesystem server needs to keep live),
and after handling FUSE_DESTROY message, new FUSE_INIT message may come,
so need to reset got_init to be zero.
Signed-off-by: Xiaoguang Wang <lege.wang@jaguarmicro.com> | 
|  | It is very hard to see in github tests what is actually failing
with signals - add the gnu-libc backtrace handler. | 
|  | - This adds a wrapper function for the call sequence
of posix_spawn and posix_spawnp.
- Replaces perror() with fuse_log - the latter
can be redirected through the file system log function
and gives better end user friendly output
- other minor changes, like variable renames
- no functional change | 
|  | Client code might allocate a lot of memory before starting the mount.
Fork is slow for processes that are using a lot of memory.  But
posix_spawn fixes that.
Another issue with fork is if the process is also doing RDMA - this
might lead to data corruption, as least if memory used for RDMA
is not marked with MADV_DONTFORK.  At least with linux kernels
before 5.12.
Also see https://blog.nelhage.com/post/a-cursed-bug/ for more details
Change by Bernd:
This also prepares the new fusermount option "--comm-fd", but keeps
the previous way to pass the parameter as env variable. In a future
release (exact data to be determined) we are going to remove usage
of the env variable and will switch to the new parameter. | 
|  | This implements #651, tested with bindfs.
"x-*" options are comments meant to be interpreted by userspace.
#651 is about some 3rd party mount options like 'x-gvfs-notrash'.
This also removes the test if /etc/mtab is a symlink.
This test was added in commit 5f28cd15ab43c741f6d116be4d3a9aa5d82ab385
and the corresponding ChangeLog entry in this commit points to mount
issues for read-only mtab.
However, in all recent Linux distributions /etc/mtab is a symlink to
/proc/self/mounts and never writable. In fact, util-linux 2.39
(libmount) entirely removed support for a writable mtab.
At least since util-linux 2.19 (10-Feb-2011) /run/mount/utab is used
as replacement for userspace mount entries.. | 
|  |  | 
|  |  | 
|  | 'FUSE_CAP_HANDLE_KILLPRIV' is not enabled by default anymore, as that
would be a sudden security issue introduced by a new ABI and API
compatible libfuse version. | 
|  | Allowing parallel dir operations could result in a crash in a filesystem
implementation that is not prepared for this.
To be safe keep this flag off by default (this is not a regression, since
there was no public release where this flag wasn't ignored).
If the filesystem wants better performance, then it should set this flag
explicitly.
Fixes: c9905341ea34 ("Pass FUSE_PARALLEL_DIROPS to kernel (#861)")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> | 
|  | This is not called FUSE_CAP_DIRECT_IO_RELAX, as the kernel flag
FUSE_DIRECT_IO_RELAX is supposed to be renamed to
FUSE_DIRECT_IO_ALLOW_MMAP. The corresponding kernel patches just
did not land yet. | 
|  | This tells the kernel that parallel lookup/readdir operations are
supported. This is enabled by default but was not passed to the kernel
so you always get the synchronized version. | 
|  | Since open(2) has been called with O_CLOEXEC flag if defined.
Signed-off-by: Xiaoguang Wang <lege.wang@jaguarmicro.com>
Co-authored-by: Xiaoguang Wang <lege.wang@jaguarmicro.com> | 
|  | Instead of hardcoding the value to check against, use a more dynamic method to verify the error number before passing it to the kernel. |