| Age | Commit message (Collapse) | Author | Lines |
|---|
|
Applications may wish to call fuse_log() for unified logging. This way
they don't need to define their own wrappers to invoke the log message
handler function installed by fuse_set_log_func().
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Introduce an API for custom log handler functions. This allows libfuse
applications to send messages to syslog(3) or other logging systems.
See include/fuse_log.h for details.
Convert libfuse from fprintf(stderr, ...) to log_fuse(level, ...). Most
messages are error messages with FUSE_LOG_ERR log level. There are also
some debug messages which now use the FUSE_LOG_DEBUG log level.
Note that lib/mount_util.c is used by both libfuse and fusermount3.
Since fusermount3 does not link against libfuse, we cannot call
fuse_log() from lib/mount_util.c. This file will continue to use
fprintf(stderr, ...) until someone figures out how to split it up.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Recent GCC releases have warnings related to common strncpy(3) bugs.
These warnings can be avoided by explicitly NUL-terminating the buffer
or using memcpy(3) when the intention is to copy just the characters
without the NUL terminator.
This commit fixes the following warnings:
[1/27] Compiling C object 'test/9f86d08@@test_syscalls@exe/test_syscalls.c.o'.
In function ‘test_socket’,
inlined from ‘main’ at ../test/test_syscalls.c:1899:9:
../test/test_syscalls.c:1760:2: warning: ‘strncpy’ output may be truncated copying 108 bytes from a string of length 1023 [-Wstringop-truncation]
1760 | strncpy(su.sun_path, testsock, sizeof(su.sun_path));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[2/27] Compiling C object 'lib/76b5a35@@fuse3@sha/fuse.c.o'.
../lib/fuse.c: In function ‘add_name’:
../lib/fuse.c:968:2: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
968 | strncpy(s, name, len);
| ^~~~~~~~~~~~~~~~~~~~~
../lib/fuse.c:944:15: note: length computed here
944 | size_t len = strlen(name);
| ^~~~~~~~~~~~
[3/27] Compiling C object 'lib/76b5a35@@fuse3@sha/fuse_lowlevel.c.o'.
../lib/fuse_lowlevel.c: In function ‘fuse_add_direntry’:
../lib/fuse_lowlevel.c:288:2: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
288 | strncpy(dirent->name, name, namelen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/fuse_lowlevel.c:276:12: note: length computed here
276 | namelen = strlen(name);
| ^~~~~~~~~~~~
../lib/fuse_lowlevel.c: In function ‘fuse_add_direntry_plus’:
../lib/fuse_lowlevel.c:381:2: warning: ‘strncpy’ output truncated before terminating nul copying as many bytes from a string as its length [-Wstringop-truncation]
381 | strncpy(dirent->name, name, namelen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/fuse_lowlevel.c:366:12: note: length computed here
366 | namelen = strlen(name);
| ^~~~~~~~~~~~
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
on failure to set the pipe size, set it to the maximum allowed by the
kernel.
If the first request required more than the maximum allowed, the
can_grow flag would be reset thus preventing any further resize.
Grow the pipe to the maximum allowed to increase the likelihood of
using splice for successive requests instead of falling back to
read/write.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
Starting with kernel version 4.20 fuse supports a new property
'max_pages' which is the maximum number of pages that can be used per
request. This can be set via an argument during initialization.
This new property allows writes to be larger than 128k.
This patch sets the property if the matching capability is set
(FUSE_MAX_PAGES). It will also set max_write to 1MiB. Filesystems have
the possibility to decrease this size by setting max_write to a smaller
size. The max_pages and bufsize fields are adjusted accordingly.
Cc: Constantine Shulyupin <const@MakeLinux.com>
Signed-off-by: Markus Pargmann <scosu@quobyte.com>
|
|
The pointer operand to the binary `+` operator must be to a complete
object type. Since we are working with byte sizes, use `char *` instead.
|
|
This is a constraint violation in ISO C[0].
[0] http://port70.net/~nsz/c/c11/n1570.html#6.8.6.4p1
|
|
This is a GNU C extension.
|
|
|
|
|
|
Fixes: #394.
|
|
This constant is not defined in the kernel, so it will be lost when
fuse_kernel.h is not synchronized. Instead, the kernel just passes a
flag value of "1", so for now we also use a literal in userspace.
|
|
Instead of the Posix ioctl(2) command, Linux uses its own variant of ioctl()
in which the commands are requested as "unsigned long" and truncated to
32 bits by the fuse kernel module. Transmitting the commands to user space
file systems as "unsigned int" is a workaround for processing ioctl()
commands which do not fit into a signed int.
|
|
|
|
|
|
Fixes: #360
|
|
70e25ea74e("Fix build on non-Linux") broke build on DragonFly BSD,
or likely anything other than FreeBSD and NetBSD that is not Linux.
Signed-off-by: Tomohiro Kusumi <kusumi.tomohiro@gmail.com>
|
|
|
|
The passthrough example filesystem can be used for validating the API
and the implementation in the FUSE kernel module.
|
|
Add support for the relatively new copy_file_range() syscall. Backend
filesystems can now implement an efficient way of cloning/duplicating
data ranges within files. See 'man 2 copy_file_range' for more details.
|
|
Currently, mounting on FreeBSD fails like this:
mount_fusefs: ZZZZ<snip> on /mountpoint: No such file or directory
This happens because right after doing argv[a++] = fdnam it's
getting freed before calling execvp().
So move this free() call after execvp(). Also, when asprintf()
fails for fdnam, close device fd before calling exit().
|
|
* Update meson.build to add mount_util.c to libfuse_sources
unconditionally, it's non Linux-only
* FreeBSD, like NetBSD, doesn't have mntent.h, so don't include
that and define IGNORE_MTAB for both
* FreeBSD, like NetBSD, has no umount2() sysctl, so similarly define
it to unmount()
|
|
This reverts commit 161983e2416bc6e26bbbe89664fff62c48c70858,
because this causes resource leaks when threads are terminated
by pthread_cancel().
Fixes: #313.
|
|
The unprivileged option allows to run the FUSE file system process
without privileges by dropping capabilities and preventing them from
being re-acquired via setuid / fscaps etc. To accomplish this,
mount.fuse sets up the `/dev/fuse` file descriptor and mount itself
and passes the file descriptor via the `/dev/fd/%u` mountpoint syntax
to the FUSE file system.
|
|
This adds support for a mode of operation in which a privileged parent
process opens `/dev/fuse` and takes care of mounting. The FUSE file
system daemon can then run as an unprivileged child that merely
processes requests on the FUSE file descriptor, which get passed using
the special `/dev/fd/%u` syntax for the mountpoint parameter.
The main benefit is that no privileged operations need to be performed
by the FUSE file system daemon itself directly or indirectly, so the
FUSE process can run with fully unprivileged and mechanisms like
securebits and no_new_privs can be used to prevent subprocesses from
re-acquiring privilege via setuid, fscaps, etc. This reduces risk in
case the FUSE file system gets exploited by malicious file system
data.
Below is an example that illustrates this. Note that I'm using shell
for presentation purposes, the expectation is that the parent process
will implement the equivalent of the `mount -i` and `capsh` commands.
```
\# example/hello can mount successfully with privilege
$ sudo sh -c "LD_LIBRARY_PATH=build/lib ./example/hello /mnt/tmp"
$ sudo cat /mnt/tmp/hello
Hello World!
$ sudo umount /mnt/tmp
\# example/hello fails to mount without privilege
$ sudo capsh --drop=all --secbits=0x2f -- -c 'LD_LIBRARY_PATH=build/lib ./example/hello -f /mnt/tmp'
fusermount3: mount failed: Operation not permitted
\# Passing FUSE file descriptor via /dev/fd/%u allows example/hello to work without privilege
$ sudo sh -c '
exec 17<>/dev/fuse
mount -i -o nodev,nosuid,noexec,fd=17,rootmode=40000,user_id=0,group_id=0 -t fuse hello /mnt/tmp
capsh --drop=all --secbits=0x2f -- -c "LD_LIBRARY_PATH=build/lib example/hello /dev/fd/17"
'
$ sudo cat /mnt/tmp/hello
Hello World!
$ sudo umount /mnt/tmp
```
|
|
|
|
This is only used in fuse_do_work(), so we can put it on
the stack.
|
|
Return different error codes from fuse_main()
|
|
|
|
|
|
Multiple meson build scripts improvements including:
* Bump meson requirement to 0.40.1 (0.40 already required)
* Declare a dependency object for main library
* Stop using add_global_arguments()
* Various minor style fixes
|
|
|
|
The bug occurs when a filesystem client reads a directory until the end,
seeks using seekdir() to some valid non-zero position and calls
readdir(). A valid 'struct dirent *' is expected, but NULL is returned
instead. Pseudocode demonstrating the bug:
DIR *dp = opendir("some_dir");
struct dirent *de = readdir(dp);
/* Get offset of the second entry */
long offset = telldir(dp);
/* Read directory until the end */
while (de)
de = readdir(de);
seekdir(dp, offset);
de = readdir(dp);
/* de must contain the second entry, but NULL is returned instead */
The reason of the bug is that when the end of directory is reached, the
kernel calls FUSE_READDIR op with an offset at the end of directory, so
the filesystem's .readdir callback never calls the filler function, and
we end up with dh->filled set to 1. After seekdir(), FUSE_READDIR is
called again with a new offset, but this time the filesystem's .readdir
callback is never called, and an empty reply is returned.
Fix by setting dh->filled to 1 only when zero offsets are given to
filler function.
|
|
Fix conditionals as per maintainer's request.
|
|
Linux performs the dir loop check (rename(a, a/b/c)
or rename(a/b/c, a), etc.) in kernel. Unfortunately
other systems do not perform this check (e.g. FreeBSD).
This results in a deadlock in get_path2, because libfuse
did not expect to handle such cases.
We add a check_dir_loop function that performs the dir
loop check in user mode and enable it on systems that
need it.
|
|
`int sig` is acutually used, so `(void) sig;` is unneeded.
|
|
Ensure that conf is always zero before it's read from to prevent
sporadic failure at startup if higher layers were build against
version 3.0
Signed-off-by: Ashley Pittman <ashley.m.pittman@intel.com>
|
|
Fix spelling errors
|
|
This change is bogus. fuse_module_factory_t is already a pointer
type. Additionally, if dlsym returns NULL, then you will be
dereferencing it causing a segfault. In my testing, a segfault will
happen even if dlsym returns successfully.
Thanks to Michael Theall for spotting!
|
|
dlsym() resolves the location of the loaded symbol,
therefore dlsym() returns the type (fuse_module_factory_t *), not (fuse_module_factory_t).
Added pinter dereferencing to correctly refer the factory function.
|
|
This was detected by using clang's undefined behavior sanitizer, but
didn't seem to cause problems in practice.
|
|
Fixes: #207.
|
|
|
|
The old versions of these symbols were defined with version
tag FUSE_3.0, so this is what we have to use in the .symver
directive.
|
|
According to "How to Write Shared Libraries" by Ulrich Drepper
(https://www.akkadia.org/drepper/dsohowto.pdf), the version script
should contain the exported name of the versioned symbol once in each
tag for which it has been defined by .symver.
|
|
The fuse_session_loop_mt() and fuse_loop_mt() symbols are only visible
when linking against the shared object. The code in lib/, however, is
compiled *into* the shared object and should thus use the internal
names of these functions.
Surprisingly enough, the code still worked before - but only when link
time optimization was disabled.
Unfortunately, we still can't compile with LTO because it seems that
enabling LTO somehow makes the tagged symbols vanish.
Without lto, we have:
$ nm lib/libfuse3.so | grep fuse_new
0000000000011070 T fuse_new_30
0000000000010a00 t fuse_new_31
0000000000011070 T fuse_new@FUSE_3.0
0000000000010a00 T fuse_new@@FUSE_3.1
and with LTO:
$ nm lib/libfuse3.so | grep fuse_new
0000000000019a70 T fuse_new_30
0000000000019270 t fuse_new_31
See also issue #198.
|
|
This is what the Linux version does, and it fixes a
timeout under FreeBSD when the kernel sends a FUSE_DESTROY
request that is never answered.
|
|
|
|
It's just too much pain to keep it working.
|
|
|
