2017-12-06 21:07:24 +01:00
|
|
|
package syscallcompat
|
|
|
|
|
|
|
|
import (
|
2019-01-02 16:56:23 +01:00
|
|
|
"bytes"
|
2017-12-07 00:05:28 +01:00
|
|
|
"syscall"
|
|
|
|
|
2017-12-06 21:07:24 +01:00
|
|
|
"golang.org/x/sys/unix"
|
2019-01-14 02:32:28 +01:00
|
|
|
|
|
|
|
"github.com/rfjakob/gocryptfs/internal/tlog"
|
2017-12-06 21:07:24 +01:00
|
|
|
)
|
|
|
|
|
2018-06-19 20:13:56 +02:00
|
|
|
// PATH_MAX is the maximum allowed path length on Linux.
|
|
|
|
// It is not defined on Darwin, so we use the Linux value.
|
|
|
|
const PATH_MAX = 4096
|
2018-06-08 00:47:48 +02:00
|
|
|
|
2018-11-04 22:01:18 +01:00
|
|
|
// Readlinkat is a convenience wrapper around unix.Readlinkat() that takes
|
|
|
|
// care of buffer sizing. Implemented like os.Readlink().
|
2017-12-06 21:07:24 +01:00
|
|
|
func Readlinkat(dirfd int, path string) (string, error) {
|
|
|
|
// Allocate the buffer exponentially like os.Readlink does.
|
|
|
|
for bufsz := 128; ; bufsz *= 2 {
|
|
|
|
buf := make([]byte, bufsz)
|
|
|
|
n, err := unix.Readlinkat(dirfd, path, buf)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
if n < bufsz {
|
|
|
|
return string(buf[0:n]), nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2017-12-07 00:05:28 +01:00
|
|
|
|
2019-01-20 13:10:59 +01:00
|
|
|
// Faccessat exists both in Linux and in MacOS 10.10+, but the Linux version
|
|
|
|
// DOES NOT support any flags. Emulate AT_SYMLINK_NOFOLLOW like glibc does.
|
|
|
|
func Faccessat(dirfd int, path string, mode uint32) error {
|
|
|
|
var st unix.Stat_t
|
|
|
|
err := Fstatat(dirfd, path, &st, unix.AT_SYMLINK_NOFOLLOW)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if st.Mode&syscall.S_IFMT == syscall.S_IFLNK {
|
|
|
|
// Pretend that a symlink is always accessible
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return unix.Faccessat(dirfd, path, mode, 0)
|
|
|
|
}
|
|
|
|
|
2020-10-14 00:35:16 +02:00
|
|
|
// Openat wraps the Openat syscall.
|
|
|
|
// Retries on EINTR.
|
2019-01-14 02:32:28 +01:00
|
|
|
func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
|
|
|
|
if flags&syscall.O_CREAT != 0 {
|
|
|
|
// O_CREAT should be used with O_EXCL. O_NOFOLLOW has no effect with O_EXCL.
|
|
|
|
if flags&syscall.O_EXCL == 0 {
|
|
|
|
tlog.Warn.Printf("Openat: O_CREAT without O_EXCL: flags = %#x", flags)
|
|
|
|
flags |= syscall.O_EXCL
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
// If O_CREAT is not used, we should use O_NOFOLLOW
|
|
|
|
if flags&syscall.O_NOFOLLOW == 0 {
|
|
|
|
tlog.Warn.Printf("Openat: O_NOFOLLOW missing: flags = %#x", flags)
|
|
|
|
flags |= syscall.O_NOFOLLOW
|
|
|
|
}
|
|
|
|
}
|
2020-10-14 00:35:16 +02:00
|
|
|
fd, err = retryEINTR2(func() (int, error) {
|
|
|
|
return unix.Openat(dirfd, path, flags, mode)
|
|
|
|
})
|
|
|
|
return fd, err
|
2019-01-14 02:32:28 +01:00
|
|
|
}
|
|
|
|
|
2019-01-14 02:35:46 +01:00
|
|
|
// Renameat wraps the Renameat syscall.
|
2020-10-14 00:35:16 +02:00
|
|
|
// Retries on EINTR.
|
2019-01-14 02:35:46 +01:00
|
|
|
func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
|
2020-10-14 00:35:16 +02:00
|
|
|
err = retryEINTR(func() error {
|
|
|
|
return unix.Renameat(olddirfd, oldpath, newdirfd, newpath)
|
|
|
|
})
|
|
|
|
return err
|
2019-01-14 02:35:46 +01:00
|
|
|
}
|
|
|
|
|
2019-01-14 02:38:34 +01:00
|
|
|
// Unlinkat syscall.
|
2020-10-14 00:35:16 +02:00
|
|
|
// Retries on EINTR.
|
2019-01-14 02:38:34 +01:00
|
|
|
func Unlinkat(dirfd int, path string, flags int) (err error) {
|
2020-10-14 00:35:16 +02:00
|
|
|
err = retryEINTR(func() error {
|
|
|
|
return unix.Unlinkat(dirfd, path, flags)
|
|
|
|
})
|
|
|
|
return err
|
2019-01-14 02:38:34 +01:00
|
|
|
}
|
|
|
|
|
2019-01-14 02:49:11 +01:00
|
|
|
// Fchownat syscall.
|
|
|
|
func Fchownat(dirfd int, path string, uid int, gid int, flags int) (err error) {
|
|
|
|
// Why would we ever want to call this without AT_SYMLINK_NOFOLLOW?
|
|
|
|
if flags&unix.AT_SYMLINK_NOFOLLOW == 0 {
|
|
|
|
tlog.Warn.Printf("Fchownat: adding missing AT_SYMLINK_NOFOLLOW flag")
|
|
|
|
flags |= unix.AT_SYMLINK_NOFOLLOW
|
|
|
|
}
|
|
|
|
return unix.Fchownat(dirfd, path, uid, gid, flags)
|
|
|
|
}
|
|
|
|
|
2017-12-12 14:42:49 +01:00
|
|
|
// Linkat exists both in Linux and in MacOS 10.10+.
|
|
|
|
func Linkat(olddirfd int, oldpath string, newdirfd int, newpath string, flags int) (err error) {
|
|
|
|
return unix.Linkat(olddirfd, oldpath, newdirfd, newpath, flags)
|
|
|
|
}
|
2019-01-02 16:56:23 +01:00
|
|
|
|
2019-01-14 02:51:50 +01:00
|
|
|
// Symlinkat syscall.
|
|
|
|
func Symlinkat(oldpath string, newdirfd int, newpath string) (err error) {
|
|
|
|
return unix.Symlinkat(oldpath, newdirfd, newpath)
|
|
|
|
}
|
|
|
|
|
2019-01-14 02:56:06 +01:00
|
|
|
// Mkdirat syscall.
|
|
|
|
func Mkdirat(dirfd int, path string, mode uint32) (err error) {
|
|
|
|
return unix.Mkdirat(dirfd, path, mode)
|
|
|
|
}
|
|
|
|
|
2019-01-14 03:00:49 +01:00
|
|
|
// Fstatat syscall.
|
2020-10-14 00:35:16 +02:00
|
|
|
// Retries on EINTR.
|
2019-01-14 03:00:49 +01:00
|
|
|
func Fstatat(dirfd int, path string, stat *unix.Stat_t, flags int) (err error) {
|
|
|
|
// Why would we ever want to call this without AT_SYMLINK_NOFOLLOW?
|
|
|
|
if flags&unix.AT_SYMLINK_NOFOLLOW == 0 {
|
|
|
|
tlog.Warn.Printf("Fstatat: adding missing AT_SYMLINK_NOFOLLOW flag")
|
|
|
|
flags |= unix.AT_SYMLINK_NOFOLLOW
|
|
|
|
}
|
2020-10-14 00:35:16 +02:00
|
|
|
err = retryEINTR(func() error {
|
|
|
|
return unix.Fstatat(dirfd, path, stat, flags)
|
|
|
|
})
|
|
|
|
return err
|
2019-01-14 03:00:49 +01:00
|
|
|
}
|
|
|
|
|
2020-06-11 23:39:27 +02:00
|
|
|
// Fstatat2 is a more convenient version of Fstatat. It allocates a Stat_t
|
|
|
|
// for you and also handles the Unix2syscall conversion.
|
2020-10-14 00:35:16 +02:00
|
|
|
// Retries on EINTR.
|
2020-06-11 23:39:27 +02:00
|
|
|
func Fstatat2(dirfd int, path string, flags int) (*syscall.Stat_t, error) {
|
|
|
|
var stUnix unix.Stat_t
|
|
|
|
err := Fstatat(dirfd, path, &stUnix, flags)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
st := Unix2syscall(stUnix)
|
|
|
|
return &st, nil
|
|
|
|
}
|
|
|
|
|
2019-01-02 16:56:23 +01:00
|
|
|
const XATTR_SIZE_MAX = 65536
|
|
|
|
|
syscallcompat: add getxattr fastpaths
The allocations from Lgetxattr were #1 in the tar extract
allocation profile (caused by security.capability lookups).
No more!
$ benchstat old.txt new.txt
name old time/op new time/op delta
Lgetxattr-4 15.2µs ± 0% 1.8µs ± 0% ~ (p=1.000 n=1+1)
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.H8p: gocryptfs v2.0-beta1-4-g95ea738-dirty; go-fuse v2.0.4-0.20200908172753-0b6cbc515082 => github.com/rfjakob/go-fuse/v2 v2.0.4-0.20201015204057-88b12c99f8af; 2020-10-18 go1.15.3 linux/amd64
/tmp/benchmark.bash.H8p.mnt is a mountpoint
WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,520109 s, 504 MB/s
READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,255672 s, 1,0 GB/s
UNTAR: 30,238
MD5: 12,721
LS: 10,038
RM: 16,536
2020-10-18 00:25:42 +02:00
|
|
|
// Make the buffer 1kB bigger so we can detect overflows. Unfortunately,
|
|
|
|
// slices larger than 64kB are always allocated on the heap.
|
2019-01-02 16:56:23 +01:00
|
|
|
const XATTR_BUFSZ = XATTR_SIZE_MAX + 1024
|
|
|
|
|
syscallcompat: add getxattr fastpaths
The allocations from Lgetxattr were #1 in the tar extract
allocation profile (caused by security.capability lookups).
No more!
$ benchstat old.txt new.txt
name old time/op new time/op delta
Lgetxattr-4 15.2µs ± 0% 1.8µs ± 0% ~ (p=1.000 n=1+1)
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.H8p: gocryptfs v2.0-beta1-4-g95ea738-dirty; go-fuse v2.0.4-0.20200908172753-0b6cbc515082 => github.com/rfjakob/go-fuse/v2 v2.0.4-0.20201015204057-88b12c99f8af; 2020-10-18 go1.15.3 linux/amd64
/tmp/benchmark.bash.H8p.mnt is a mountpoint
WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,520109 s, 504 MB/s
READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,255672 s, 1,0 GB/s
UNTAR: 30,238
MD5: 12,721
LS: 10,038
RM: 16,536
2020-10-18 00:25:42 +02:00
|
|
|
// We try with a small buffer first - this one can be allocated on the stack.
|
|
|
|
const XATTR_BUFSZ_SMALL = 500
|
|
|
|
|
2019-01-02 16:56:23 +01:00
|
|
|
// Fgetxattr is a wrapper around unix.Fgetxattr that handles the buffer sizing.
|
|
|
|
func Fgetxattr(fd int, attr string) (val []byte, err error) {
|
syscallcompat: add getxattr fastpaths
The allocations from Lgetxattr were #1 in the tar extract
allocation profile (caused by security.capability lookups).
No more!
$ benchstat old.txt new.txt
name old time/op new time/op delta
Lgetxattr-4 15.2µs ± 0% 1.8µs ± 0% ~ (p=1.000 n=1+1)
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.H8p: gocryptfs v2.0-beta1-4-g95ea738-dirty; go-fuse v2.0.4-0.20200908172753-0b6cbc515082 => github.com/rfjakob/go-fuse/v2 v2.0.4-0.20201015204057-88b12c99f8af; 2020-10-18 go1.15.3 linux/amd64
/tmp/benchmark.bash.H8p.mnt is a mountpoint
WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,520109 s, 504 MB/s
READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,255672 s, 1,0 GB/s
UNTAR: 30,238
MD5: 12,721
LS: 10,038
RM: 16,536
2020-10-18 00:25:42 +02:00
|
|
|
fn := func(buf []byte) (int, error) {
|
|
|
|
return unix.Fgetxattr(fd, attr, buf)
|
|
|
|
}
|
|
|
|
return getxattrSmartBuf(fn)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Lgetxattr is a wrapper around unix.Lgetxattr that handles the buffer sizing.
|
|
|
|
func Lgetxattr(path string, attr string) (val []byte, err error) {
|
|
|
|
fn := func(buf []byte) (int, error) {
|
|
|
|
return unix.Lgetxattr(path, attr, buf)
|
|
|
|
}
|
|
|
|
return getxattrSmartBuf(fn)
|
|
|
|
}
|
|
|
|
|
|
|
|
func getxattrSmartBuf(fn func(buf []byte) (int, error)) ([]byte, error) {
|
|
|
|
// Fastpaths. Important for security.capabilities, which gets queried a lot.
|
|
|
|
buf := make([]byte, XATTR_BUFSZ_SMALL)
|
|
|
|
sz, err := fn(buf)
|
|
|
|
// Non-existing xattr
|
|
|
|
if err == unix.ENODATA {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
// Underlying fs does not support security.capabilities (example: tmpfs)
|
|
|
|
if err == unix.EOPNOTSUPP {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
// Small xattr
|
|
|
|
if err == nil && sz < len(buf) {
|
|
|
|
goto out
|
|
|
|
}
|
|
|
|
// Generic slowpath
|
|
|
|
//
|
2019-01-02 16:56:23 +01:00
|
|
|
// If the buffer is too small to fit the value, Linux and MacOS react
|
|
|
|
// differently:
|
|
|
|
// Linux: returns an ERANGE error and "-1" bytes.
|
|
|
|
// MacOS: truncates the value and returns "size" bytes.
|
|
|
|
//
|
|
|
|
// We choose the simple approach of buffer that is bigger than the limit on
|
|
|
|
// Linux, and return an error for everything that is bigger (which can
|
|
|
|
// only happen on MacOS).
|
syscallcompat: add getxattr fastpaths
The allocations from Lgetxattr were #1 in the tar extract
allocation profile (caused by security.capability lookups).
No more!
$ benchstat old.txt new.txt
name old time/op new time/op delta
Lgetxattr-4 15.2µs ± 0% 1.8µs ± 0% ~ (p=1.000 n=1+1)
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.H8p: gocryptfs v2.0-beta1-4-g95ea738-dirty; go-fuse v2.0.4-0.20200908172753-0b6cbc515082 => github.com/rfjakob/go-fuse/v2 v2.0.4-0.20201015204057-88b12c99f8af; 2020-10-18 go1.15.3 linux/amd64
/tmp/benchmark.bash.H8p.mnt is a mountpoint
WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,520109 s, 504 MB/s
READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,255672 s, 1,0 GB/s
UNTAR: 30,238
MD5: 12,721
LS: 10,038
RM: 16,536
2020-10-18 00:25:42 +02:00
|
|
|
buf = make([]byte, XATTR_BUFSZ)
|
|
|
|
sz, err = fn(buf)
|
2019-01-05 04:33:50 +01:00
|
|
|
if err == syscall.ERANGE {
|
|
|
|
// Do NOT return ERANGE - the user might retry ad inifinitum!
|
|
|
|
return nil, syscall.EOVERFLOW
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if sz >= XATTR_SIZE_MAX {
|
|
|
|
return nil, syscall.EOVERFLOW
|
|
|
|
}
|
syscallcompat: add getxattr fastpaths
The allocations from Lgetxattr were #1 in the tar extract
allocation profile (caused by security.capability lookups).
No more!
$ benchstat old.txt new.txt
name old time/op new time/op delta
Lgetxattr-4 15.2µs ± 0% 1.8µs ± 0% ~ (p=1.000 n=1+1)
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.H8p: gocryptfs v2.0-beta1-4-g95ea738-dirty; go-fuse v2.0.4-0.20200908172753-0b6cbc515082 => github.com/rfjakob/go-fuse/v2 v2.0.4-0.20201015204057-88b12c99f8af; 2020-10-18 go1.15.3 linux/amd64
/tmp/benchmark.bash.H8p.mnt is a mountpoint
WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,520109 s, 504 MB/s
READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,255672 s, 1,0 GB/s
UNTAR: 30,238
MD5: 12,721
LS: 10,038
RM: 16,536
2020-10-18 00:25:42 +02:00
|
|
|
out:
|
2019-01-05 04:33:50 +01:00
|
|
|
// Copy only the actually used bytes to a new (smaller) buffer
|
|
|
|
// so "buf" never leaves the function and can be allocated on the stack.
|
syscallcompat: add getxattr fastpaths
The allocations from Lgetxattr were #1 in the tar extract
allocation profile (caused by security.capability lookups).
No more!
$ benchstat old.txt new.txt
name old time/op new time/op delta
Lgetxattr-4 15.2µs ± 0% 1.8µs ± 0% ~ (p=1.000 n=1+1)
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.H8p: gocryptfs v2.0-beta1-4-g95ea738-dirty; go-fuse v2.0.4-0.20200908172753-0b6cbc515082 => github.com/rfjakob/go-fuse/v2 v2.0.4-0.20201015204057-88b12c99f8af; 2020-10-18 go1.15.3 linux/amd64
/tmp/benchmark.bash.H8p.mnt is a mountpoint
WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,520109 s, 504 MB/s
READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,255672 s, 1,0 GB/s
UNTAR: 30,238
MD5: 12,721
LS: 10,038
RM: 16,536
2020-10-18 00:25:42 +02:00
|
|
|
val := make([]byte, sz)
|
2019-01-05 04:33:50 +01:00
|
|
|
copy(val, buf)
|
|
|
|
return val, nil
|
|
|
|
}
|
|
|
|
|
2019-01-02 20:48:46 +01:00
|
|
|
// Flistxattr is a wrapper for unix.Flistxattr that handles buffer sizing and
|
2019-01-02 16:56:23 +01:00
|
|
|
// parsing the returned blob to a string slice.
|
|
|
|
func Flistxattr(fd int) (attrs []string, err error) {
|
syscallcompat: add getxattr fastpaths
The allocations from Lgetxattr were #1 in the tar extract
allocation profile (caused by security.capability lookups).
No more!
$ benchstat old.txt new.txt
name old time/op new time/op delta
Lgetxattr-4 15.2µs ± 0% 1.8µs ± 0% ~ (p=1.000 n=1+1)
$ ./benchmark.bash
Testing gocryptfs at /tmp/benchmark.bash.H8p: gocryptfs v2.0-beta1-4-g95ea738-dirty; go-fuse v2.0.4-0.20200908172753-0b6cbc515082 => github.com/rfjakob/go-fuse/v2 v2.0.4-0.20201015204057-88b12c99f8af; 2020-10-18 go1.15.3 linux/amd64
/tmp/benchmark.bash.H8p.mnt is a mountpoint
WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,520109 s, 504 MB/s
READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,255672 s, 1,0 GB/s
UNTAR: 30,238
MD5: 12,721
LS: 10,038
RM: 16,536
2020-10-18 00:25:42 +02:00
|
|
|
// See the buffer sizing comments in getxattrSmartBuf.
|
2019-01-02 20:48:46 +01:00
|
|
|
// TODO: smarter buffer sizing?
|
2019-01-02 16:56:23 +01:00
|
|
|
buf := make([]byte, XATTR_BUFSZ)
|
|
|
|
sz, err := unix.Flistxattr(fd, buf)
|
|
|
|
if err == syscall.ERANGE {
|
|
|
|
// Do NOT return ERANGE - the user might retry ad inifinitum!
|
|
|
|
return nil, syscall.EOVERFLOW
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if sz >= XATTR_SIZE_MAX {
|
|
|
|
return nil, syscall.EOVERFLOW
|
|
|
|
}
|
2019-01-02 20:48:46 +01:00
|
|
|
attrs = parseListxattrBlob(buf[:sz])
|
|
|
|
return attrs, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Llistxattr is a wrapper for unix.Llistxattr that handles buffer sizing and
|
|
|
|
// parsing the returned blob to a string slice.
|
|
|
|
func Llistxattr(path string) (attrs []string, err error) {
|
|
|
|
// TODO: smarter buffer sizing?
|
|
|
|
buf := make([]byte, XATTR_BUFSZ)
|
|
|
|
sz, err := unix.Llistxattr(path, buf)
|
|
|
|
if err == syscall.ERANGE {
|
|
|
|
// Do NOT return ERANGE - the user might retry ad inifinitum!
|
|
|
|
return nil, syscall.EOVERFLOW
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if sz >= XATTR_SIZE_MAX {
|
|
|
|
return nil, syscall.EOVERFLOW
|
|
|
|
}
|
|
|
|
attrs = parseListxattrBlob(buf[:sz])
|
|
|
|
return attrs, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func parseListxattrBlob(buf []byte) (attrs []string) {
|
2019-01-02 16:56:23 +01:00
|
|
|
parts := bytes.Split(buf, []byte{0})
|
|
|
|
for _, part := range parts {
|
|
|
|
if len(part) == 0 {
|
|
|
|
// Last part is empty, ignore
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
attrs = append(attrs, string(part))
|
|
|
|
}
|
2019-01-02 20:48:46 +01:00
|
|
|
return attrs
|
2019-01-02 16:56:23 +01:00
|
|
|
}
|