libgocryptfs/internal/syscallcompat/sys_common.go

package syscallcompat

import (
	"syscall"

	"golang.org/x/sys/unix"
)

// PATH_MAX is the maximum allowed path length on Linux.
// It is not defined on Darwin, so we use the Linux value.
const PATH_MAX = 4096

// Readlinkat is a convenience wrapper around unix.Readlinkat() that takes
// care of buffer sizing. Implemented like os.Readlink().
func Readlinkat(dirfd int, path string) (string, error) {
	// Allocate the buffer exponentially like os.Readlink does.
	for bufsz := 128; ; bufsz *= 2 {
		buf := make([]byte, bufsz)
		n, err := unix.Readlinkat(dirfd, path, buf)
		if err != nil {
			return "", err
		}
		if n < bufsz {
			return string(buf[0:n]), nil
		}
	}
}

// Openat wraps the Openat syscall.
// Retries on EINTR.
func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
	if flags&syscall.O_CREAT == 0 {
		// If O_CREAT is not used, we should use O_NOFOLLOW
		if flags&syscall.O_NOFOLLOW == 0 {
			flags |= syscall.O_NOFOLLOW
		}
	}
	fd, err = retryEINTR2(func() (int, error) {
		return unix.Openat(dirfd, path, flags, mode)
	})
	return fd, err
}

// Fstatat syscall.
// Retries on EINTR.
func Fstatat(dirfd int, path string, stat *unix.Stat_t, flags int) (err error) {
	// Why would we ever want to call this without AT_SYMLINK_NOFOLLOW?
	if flags&unix.AT_SYMLINK_NOFOLLOW == 0 {
		flags |= unix.AT_SYMLINK_NOFOLLOW
	}
	err = retryEINTR(func() error {
		return unix.Fstatat(dirfd, path, stat, flags)
	})
	return err
}

// Fstatat2 is a more convenient version of Fstatat. It allocates a Stat_t
// for you and also handles the Unix2syscall conversion.
// Retries on EINTR.
func Fstatat2(dirfd int, path string, flags int) (*syscall.Stat_t, error) {
	var stUnix unix.Stat_t
	err := Fstatat(dirfd, path, &stUnix, flags)
	if err != nil {
		return nil, err
	}
	st := Unix2syscall(stUnix)
	return &st, nil
}

const XATTR_SIZE_MAX = 65536

// Make the buffer 1kB bigger so we can detect overflows. Unfortunately,
// slices larger than 64kB are always allocated on the heap.
const XATTR_BUFSZ = XATTR_SIZE_MAX + 1024

// We try with a small buffer first - this one can be allocated on the stack.
const XATTR_BUFSZ_SMALL = 500
syscallcompat: add Readlinkat We need readlinkat to implement Readlink symlink-race-free. 2017-12-06 21:07:24 +01:00			`package syscallcompat`

			`import (`
syscallcompat: add Faccessat Add faccessat(2) with a hack for symlink, because the kernel does not actually looks at the passed flags. From man 2 faccessat: C library/kernel differences The raw faccessat() system call takes only the first three argu‐ ments. The AT_EACCESS and AT_SYMLINK_NOFOLLOW flags are actually implemented within the glibc wrapper function for faccessat(). 2017-12-07 00:05:28 +01:00			`"syscall"`

syscallcompat: add Readlinkat We need readlinkat to implement Readlink symlink-race-free. 2017-12-06 21:07:24 +01:00			`"golang.org/x/sys/unix"`
			`)`

Fix three golint warnings We are clean again. Warnings were: internal/fusefrontend/fs.go:443:14: should omit type string from declaration of var cTarget; it will be inferred from the right-hand side internal/fusefrontend/xattr.go:26:1: comment on exported method FS.GetXAttr should be of the form "GetXAttr ..." internal/syscallcompat/sys_common.go:9:7: exported const PATH_MAX should have comment or be unexported 2018-06-19 20:13:56 +02:00			`// PATH_MAX is the maximum allowed path length on Linux.`
			`// It is not defined on Darwin, so we use the Linux value.`
			`const PATH_MAX = 4096`
darwin does not have PATH_MAX Define our own, with the value from Linux. 2018-06-08 00:47:48 +02:00
fusefrontend: make Readlink() symlink-safe Now symlink-safe through Readlinkat(). 2018-11-04 22:01:18 +01:00			`// Readlinkat is a convenience wrapper around unix.Readlinkat() that takes`
			`// care of buffer sizing. Implemented like os.Readlink().`
syscallcompat: add Readlinkat We need readlinkat to implement Readlink symlink-race-free. 2017-12-06 21:07:24 +01:00			`func Readlinkat(dirfd int, path string) (string, error) {`
			`// Allocate the buffer exponentially like os.Readlink does.`
			`for bufsz := 128; ; bufsz *= 2 {`
			`buf := make([]byte, bufsz)`
			`n, err := unix.Readlinkat(dirfd, path, buf)`
			`if err != nil {`
			`return "", err`
			`}`
			`if n < bufsz {`
			`return string(buf[0:n]), nil`
			`}`
			`}`
			`}`
syscallcompat: add Faccessat Add faccessat(2) with a hack for symlink, because the kernel does not actually looks at the passed flags. From man 2 faccessat: C library/kernel differences The raw faccessat() system call takes only the first three argu‐ ments. The AT_EACCESS and AT_SYMLINK_NOFOLLOW flags are actually implemented within the glibc wrapper function for faccessat(). 2017-12-07 00:05:28 +01:00
syscallcompat: retry ops on EINTR Retry operations that have been shown to throw EINTR errors on CIFS. Todo: Solution for this pain in the back: warning: unix.Getdents returned errno 2 in the middle of data rm: cannot remove 'linux-3.0.old3/Documentation/ABI/removed': Input/output error Progress towards fixing https://github.com/rfjakob/gocryptfs/issues/483 . 2020-10-14 00:35:16 +02:00			`// Openat wraps the Openat syscall.`
			`// Retries on EINTR.`
syscallcompat: Drop Openat emulation on macOS. 2019-01-14 02:32:28 +01:00			`func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {`
Genesis patch 2021-06-08 21:25:50 +02:00			`if flags&syscall.O_CREAT == 0 {`
syscallcompat: Drop Openat emulation on macOS. 2019-01-14 02:32:28 +01:00			`// If O_CREAT is not used, we should use O_NOFOLLOW`
			`if flags&syscall.O_NOFOLLOW == 0 {`
			`flags \|= syscall.O_NOFOLLOW`
			`}`
			`}`
syscallcompat: retry ops on EINTR Retry operations that have been shown to throw EINTR errors on CIFS. Todo: Solution for this pain in the back: warning: unix.Getdents returned errno 2 in the middle of data rm: cannot remove 'linux-3.0.old3/Documentation/ABI/removed': Input/output error Progress towards fixing https://github.com/rfjakob/gocryptfs/issues/483 . 2020-10-14 00:35:16 +02:00			`fd, err = retryEINTR2(func() (int, error) {`
			`return unix.Openat(dirfd, path, flags, mode)`
			`})`
			`return fd, err`
syscallcompat: Drop Openat emulation on macOS. 2019-01-14 02:32:28 +01:00			`}`

syscallcompat: Drop Fstatat emulation on macOS. 2019-01-14 03:00:49 +01:00			`// Fstatat syscall.`
syscallcompat: retry ops on EINTR Retry operations that have been shown to throw EINTR errors on CIFS. Todo: Solution for this pain in the back: warning: unix.Getdents returned errno 2 in the middle of data rm: cannot remove 'linux-3.0.old3/Documentation/ABI/removed': Input/output error Progress towards fixing https://github.com/rfjakob/gocryptfs/issues/483 . 2020-10-14 00:35:16 +02:00			`// Retries on EINTR.`
syscallcompat: Drop Fstatat emulation on macOS. 2019-01-14 03:00:49 +01:00			`func Fstatat(dirfd int, path string, stat *unix.Stat_t, flags int) (err error) {`
			`// Why would we ever want to call this without AT_SYMLINK_NOFOLLOW?`
			`if flags&unix.AT_SYMLINK_NOFOLLOW == 0 {`
			`flags \|= unix.AT_SYMLINK_NOFOLLOW`
			`}`
syscallcompat: retry ops on EINTR Retry operations that have been shown to throw EINTR errors on CIFS. Todo: Solution for this pain in the back: warning: unix.Getdents returned errno 2 in the middle of data rm: cannot remove 'linux-3.0.old3/Documentation/ABI/removed': Input/output error Progress towards fixing https://github.com/rfjakob/gocryptfs/issues/483 . 2020-10-14 00:35:16 +02:00			`err = retryEINTR(func() error {`
			`return unix.Fstatat(dirfd, path, stat, flags)`
			`})`
			`return err`
syscallcompat: Drop Fstatat emulation on macOS. 2019-01-14 03:00:49 +01:00			`}`

v2api: implement Lookup() Compiles, but untested otherwise. No caching. 2020-06-11 23:39:27 +02:00			`// Fstatat2 is a more convenient version of Fstatat. It allocates a Stat_t`
			`// for you and also handles the Unix2syscall conversion.`
syscallcompat: retry ops on EINTR Retry operations that have been shown to throw EINTR errors on CIFS. Todo: Solution for this pain in the back: warning: unix.Getdents returned errno 2 in the middle of data rm: cannot remove 'linux-3.0.old3/Documentation/ABI/removed': Input/output error Progress towards fixing https://github.com/rfjakob/gocryptfs/issues/483 . 2020-10-14 00:35:16 +02:00			`// Retries on EINTR.`
v2api: implement Lookup() Compiles, but untested otherwise. No caching. 2020-06-11 23:39:27 +02:00			`func Fstatat2(dirfd int, path string, flags int) (*syscall.Stat_t, error) {`
			`var stUnix unix.Stat_t`
			`err := Fstatat(dirfd, path, &stUnix, flags)`
			`if err != nil {`
			`return nil, err`
			`}`
			`st := Unix2syscall(stUnix)`
			`return &st, nil`
			`}`

syscallcompat: add Fgetxattr / Fsetxattr wrappers These take care of buffer sizing and parsing. 2019-01-02 16:56:23 +01:00			`const XATTR_SIZE_MAX = 65536`

syscallcompat: add getxattr fastpaths The allocations from Lgetxattr were #1 in the tar extract allocation profile (caused by security.capability lookups). No more! $ benchstat old.txt new.txt name old time/op new time/op delta Lgetxattr-4 15.2µs ± 0% 1.8µs ± 0% ~ (p=1.000 n=1+1) $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.H8p: gocryptfs v2.0-beta1-4-g95ea738-dirty; go-fuse v2.0.4-0.20200908172753-0b6cbc515082 => github.com/rfjakob/go-fuse/v2 v2.0.4-0.20201015204057-88b12c99f8af; 2020-10-18 go1.15.3 linux/amd64 /tmp/benchmark.bash.H8p.mnt is a mountpoint WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,520109 s, 504 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,255672 s, 1,0 GB/s UNTAR: 30,238 MD5: 12,721 LS: 10,038 RM: 16,536 2020-10-18 00:25:42 +02:00			`// Make the buffer 1kB bigger so we can detect overflows. Unfortunately,`
			`// slices larger than 64kB are always allocated on the heap.`
syscallcompat: add Fgetxattr / Fsetxattr wrappers These take care of buffer sizing and parsing. 2019-01-02 16:56:23 +01:00			`const XATTR_BUFSZ = XATTR_SIZE_MAX + 1024`

syscallcompat: add getxattr fastpaths The allocations from Lgetxattr were #1 in the tar extract allocation profile (caused by security.capability lookups). No more! $ benchstat old.txt new.txt name old time/op new time/op delta Lgetxattr-4 15.2µs ± 0% 1.8µs ± 0% ~ (p=1.000 n=1+1) $ ./benchmark.bash Testing gocryptfs at /tmp/benchmark.bash.H8p: gocryptfs v2.0-beta1-4-g95ea738-dirty; go-fuse v2.0.4-0.20200908172753-0b6cbc515082 => github.com/rfjakob/go-fuse/v2 v2.0.4-0.20201015204057-88b12c99f8af; 2020-10-18 go1.15.3 linux/amd64 /tmp/benchmark.bash.H8p.mnt is a mountpoint WRITE: 262144000 bytes (262 MB, 250 MiB) copied, 0,520109 s, 504 MB/s READ: 262144000 bytes (262 MB, 250 MiB) copied, 0,255672 s, 1,0 GB/s UNTAR: 30,238 MD5: 12,721 LS: 10,038 RM: 16,536 2020-10-18 00:25:42 +02:00			`// We try with a small buffer first - this one can be allocated on the stack.`
			`const XATTR_BUFSZ_SMALL = 500`