libgocryptfs/internal/fusefrontend/file_holes.go

package fusefrontend

// Helper functions for sparse files (files with holes)

import (
	"context"
	"runtime"
	"syscall"

	"github.com/hanwen/go-fuse/v2/fs"

	"github.com/rfjakob/gocryptfs/v2/internal/tlog"
)

// Will a write to plaintext offset "targetOff" create a file hole in the
// ciphertext? If yes, zero-pad the last ciphertext block.
func (f *File) writePadHole(targetOff int64) syscall.Errno {
	// Get the current file size.
	fi, err := f.fd.Stat()
	if err != nil {
		tlog.Warn.Printf("checkAndPadHole: Fstat failed: %v", err)
		return fs.ToErrno(err)
	}
	plainSize := f.contentEnc.CipherSizeToPlainSize(uint64(fi.Size()))
	// Appending a single byte to the file (equivalent to writing to
	// offset=plainSize) would write to "nextBlock".
	nextBlock := f.contentEnc.PlainOffToBlockNo(plainSize)
	// targetBlock is the block the user wants to write to.
	targetBlock := f.contentEnc.PlainOffToBlockNo(uint64(targetOff))
	// The write goes into an existing block or (if the last block was full)
	// starts a new one directly after the last block. Nothing to do.
	if targetBlock <= nextBlock {
		return 0
	}
	// The write goes past the next block. nextBlock has
	// to be zero-padded to the block boundary and (at least) nextBlock+1
	// will contain a file hole in the ciphertext.
	errno := f.zeroPad(plainSize)
	if errno != 0 {
		return errno
	}
	return 0
}

// Zero-pad the file of size plainSize to the next block boundary. This is a no-op
// if the file is already block-aligned.
func (f *File) zeroPad(plainSize uint64) syscall.Errno {
	lastBlockLen := plainSize % f.contentEnc.PlainBS()
	if lastBlockLen == 0 {
		// Already block-aligned
		return 0
	}
	missing := f.contentEnc.PlainBS() - lastBlockLen
	pad := make([]byte, missing)
	tlog.Debug.Printf("zeroPad: Writing %d bytes\n", missing)
	_, errno := f.doWrite(pad, int64(plainSize))
	return errno
}

// Lseek - FUSE call.
//
// Looking at
// fuse_file_llseek @ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/fs/fuse/file.c?h=v5.12.7#n2634
// this function is only called for SEEK_HOLE & SEEK_DATA.
func (f *File) Lseek(ctx context.Context, off uint64, whence uint32) (uint64, syscall.Errno) {
	const (
		SEEK_DATA = 3 // find next data segment at or above `off`
		SEEK_HOLE = 4 // find next hole at or above `off`

		// On error, we return -1 as the offset as per man lseek.
		MinusOne = ^uint64(0)
	)
	if whence != SEEK_DATA && whence != SEEK_HOLE {
		tlog.Warn.Printf("BUG: Lseek was called with whence=%d. This is not supported!", whence)
		return 0, syscall.EINVAL
	}
	if runtime.GOOS != "linux" {
		// MacOS has broken (different?) SEEK_DATA / SEEK_HOLE semantics, see
		// https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00051.html
		tlog.Warn.Printf("buggy on non-linux platforms, disabling SEEK_DATA & SEEK_HOLE")
		return MinusOne, syscall.ENOSYS
	}

	// We will need the file size
	var st syscall.Stat_t
	err := syscall.Fstat(f.intFd(), &st)
	if err != nil {
		return 0, fs.ToErrno(err)
	}
	fileSize := st.Size
	// Better safe than sorry. The logic is only tested for 4k blocks.
	if st.Blksize != 4096 {
		tlog.Warn.Printf("unsupported block size of %d bytes, disabling SEEK_DATA & SEEK_HOLE", st.Blksize)
		return MinusOne, syscall.ENOSYS
	}

	// man lseek: offset beyond end of file -> ENXIO
	if f.rootNode.contentEnc.PlainOffToCipherOff(off) >= uint64(fileSize) {
		return MinusOne, syscall.ENXIO
	}

	// Round down to start of block:
	cipherOff := f.rootNode.contentEnc.BlockNoToCipherOff(f.rootNode.contentEnc.PlainOffToBlockNo(off))
	newCipherOff, err := syscall.Seek(f.intFd(), int64(cipherOff), int(whence))
	if err != nil {
		return MinusOne, fs.ToErrno(err)
	}
	// already in data/hole => return original offset
	if newCipherOff == int64(cipherOff) {
		return off, 0
	}
	// If there is no further hole, SEEK_HOLE returns the file size
	// (SEEK_DATA returns ENXIO in this case).
	if whence == SEEK_HOLE {
		fi, err := f.fd.Stat()
		if err != nil {
			return MinusOne, fs.ToErrno(err)
		}
		if newCipherOff == fi.Size() {
			return f.rootNode.contentEnc.CipherSizeToPlainSize(uint64(newCipherOff)), 0
		}
	}
	// syscall.Seek gave us the beginning of the next ext4 data/hole section.
	// The next gocryptfs data/hole block starts at the next block boundary,
	// so we have to round up:
	newBlockNo := f.rootNode.contentEnc.CipherOffToBlockNo(uint64(newCipherOff) + f.rootNode.contentEnc.CipherBS() - 1)
	return f.rootNode.contentEnc.BlockNoToPlainOff(newBlockNo), 0
}
v2api: implement Create 2020-06-21 13:25:12 +02:00			`package fusefrontend`

			`// Helper functions for sparse files (files with holes)`

			`import (`
v2api: implement Lseek This also fixes the last remaining tests/fsck failure. 2020-07-23 22:55:07 +02:00			`"context"`
fusefrontend: rewrite Lseek SEEK_DATA / SEEK_HOLE In response to the discussion of the xfstests mailing list [1], I looked at the Lseek implementation, which was naive and did not handle all cases correctly. The new implementation aligns the returned values to 4096 bytes as most callers expect. A lot of tests are added to verify that we handle all cases correctly now. [1]: https://www.spinics.net/lists/fstests/msg16554.html 2021-05-29 16:05:36 +02:00			`"runtime"`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`"syscall"`

v2api: File2: implement Release, Read, Write, Fsync, Flush, Allocate Fortunately, this just means fixing up the function signatures. 2020-07-12 12:59:01 +02:00			`"github.com/hanwen/go-fuse/v2/fs"`
v2api: implement Create 2020-06-21 13:25:12 +02:00
go mod: declare module version v2 Our git version is v2+ for some time now, but go.mod still declared v1. Hopefully making both match makes https://pkg.go.dev/github.com/rfjakob/gocryptfs/v2 work. All the import paths have been fixed like this: find . -name \*.go \| xargs sed -i s%github.com/rfjakob/gocryptfs/%github.com/rfjakob/gocryptfs/v2/% 2021-08-23 15:05:15 +02:00			`"github.com/rfjakob/gocryptfs/v2/internal/tlog"`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`)`

			`// Will a write to plaintext offset "targetOff" create a file hole in the`
			`// ciphertext? If yes, zero-pad the last ciphertext block.`
v2api: rename "File2" to just "File" Rename the symbols and the files. 2020-08-16 12:48:16 +02:00			`func (f *File) writePadHole(targetOff int64) syscall.Errno {`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`// Get the current file size.`
			`fi, err := f.fd.Stat()`
			`if err != nil {`
			`tlog.Warn.Printf("checkAndPadHole: Fstat failed: %v", err)`
v2api: File2: implement Release, Read, Write, Fsync, Flush, Allocate Fortunately, this just means fixing up the function signatures. 2020-07-12 12:59:01 +02:00			`return fs.ToErrno(err)`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`}`
			`plainSize := f.contentEnc.CipherSizeToPlainSize(uint64(fi.Size()))`
			`// Appending a single byte to the file (equivalent to writing to`
			`// offset=plainSize) would write to "nextBlock".`
			`nextBlock := f.contentEnc.PlainOffToBlockNo(plainSize)`
			`// targetBlock is the block the user wants to write to.`
			`targetBlock := f.contentEnc.PlainOffToBlockNo(uint64(targetOff))`
			`// The write goes into an existing block or (if the last block was full)`
			`// starts a new one directly after the last block. Nothing to do.`
			`if targetBlock <= nextBlock {`
v2api: File2: implement Release, Read, Write, Fsync, Flush, Allocate Fortunately, this just means fixing up the function signatures. 2020-07-12 12:59:01 +02:00			`return 0`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`}`
			`// The write goes past the next block. nextBlock has`
			`// to be zero-padded to the block boundary and (at least) nextBlock+1`
			`// will contain a file hole in the ciphertext.`
v2api: File2: implement Release, Read, Write, Fsync, Flush, Allocate Fortunately, this just means fixing up the function signatures. 2020-07-12 12:59:01 +02:00			`errno := f.zeroPad(plainSize)`
			`if errno != 0 {`
			`return errno`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`}`
v2api: File2: implement Release, Read, Write, Fsync, Flush, Allocate Fortunately, this just means fixing up the function signatures. 2020-07-12 12:59:01 +02:00			`return 0`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`}`

			`// Zero-pad the file of size plainSize to the next block boundary. This is a no-op`
			`// if the file is already block-aligned.`
v2api: rename "File2" to just "File" Rename the symbols and the files. 2020-08-16 12:48:16 +02:00			`func (f *File) zeroPad(plainSize uint64) syscall.Errno {`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`lastBlockLen := plainSize % f.contentEnc.PlainBS()`
			`if lastBlockLen == 0 {`
			`// Already block-aligned`
v2api: File2: implement Release, Read, Write, Fsync, Flush, Allocate Fortunately, this just means fixing up the function signatures. 2020-07-12 12:59:01 +02:00			`return 0`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`}`
			`missing := f.contentEnc.PlainBS() - lastBlockLen`
			`pad := make([]byte, missing)`
			`tlog.Debug.Printf("zeroPad: Writing %d bytes\n", missing)`
v2api: File2: implement Release, Read, Write, Fsync, Flush, Allocate Fortunately, this just means fixing up the function signatures. 2020-07-12 12:59:01 +02:00			`_, errno := f.doWrite(pad, int64(plainSize))`
			`return errno`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`}`

v2api: implement Lseek This also fixes the last remaining tests/fsck failure. 2020-07-23 22:55:07 +02:00			`// Lseek - FUSE call.`
fusefrontend: rewrite Lseek SEEK_DATA / SEEK_HOLE In response to the discussion of the xfstests mailing list [1], I looked at the Lseek implementation, which was naive and did not handle all cases correctly. The new implementation aligns the returned values to 4096 bytes as most callers expect. A lot of tests are added to verify that we handle all cases correctly now. [1]: https://www.spinics.net/lists/fstests/msg16554.html 2021-05-29 16:05:36 +02:00			`//`
			`// Looking at`
			`// fuse_file_llseek @ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/fs/fuse/file.c?h=v5.12.7#n2634`
			`// this function is only called for SEEK_HOLE & SEEK_DATA.`
v2api: rename "File2" to just "File" Rename the symbols and the files. 2020-08-16 12:48:16 +02:00			`func (f *File) Lseek(ctx context.Context, off uint64, whence uint32) (uint64, syscall.Errno) {`
fusefrontend: rewrite Lseek SEEK_DATA / SEEK_HOLE In response to the discussion of the xfstests mailing list [1], I looked at the Lseek implementation, which was naive and did not handle all cases correctly. The new implementation aligns the returned values to 4096 bytes as most callers expect. A lot of tests are added to verify that we handle all cases correctly now. [1]: https://www.spinics.net/lists/fstests/msg16554.html 2021-05-29 16:05:36 +02:00			`const (`
			SEEK_DATA = 3 // find next data segment at or above `off`
			SEEK_HOLE = 4 // find next hole at or above `off`

			`// On error, we return -1 as the offset as per man lseek.`
			`MinusOne = ^uint64(0)`
			`)`
			`if whence != SEEK_DATA && whence != SEEK_HOLE {`
			`tlog.Warn.Printf("BUG: Lseek was called with whence=%d. This is not supported!", whence)`
			`return 0, syscall.EINVAL`
			`}`
			`if runtime.GOOS != "linux" {`
			`// MacOS has broken (different?) SEEK_DATA / SEEK_HOLE semantics, see`
			`// https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00051.html`
			`tlog.Warn.Printf("buggy on non-linux platforms, disabling SEEK_DATA & SEEK_HOLE")`
			`return MinusOne, syscall.ENOSYS`
			`}`

			`// We will need the file size`
			`var st syscall.Stat_t`
			`err := syscall.Fstat(f.intFd(), &st)`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`if err != nil {`
v2api/reverse: implement Lseek 2020-08-16 19:58:47 +02:00			`return 0, fs.ToErrno(err)`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`}`
fusefrontend: rewrite Lseek SEEK_DATA / SEEK_HOLE In response to the discussion of the xfstests mailing list [1], I looked at the Lseek implementation, which was naive and did not handle all cases correctly. The new implementation aligns the returned values to 4096 bytes as most callers expect. A lot of tests are added to verify that we handle all cases correctly now. [1]: https://www.spinics.net/lists/fstests/msg16554.html 2021-05-29 16:05:36 +02:00			`fileSize := st.Size`
			`// Better safe than sorry. The logic is only tested for 4k blocks.`
			`if st.Blksize != 4096 {`
			`tlog.Warn.Printf("unsupported block size of %d bytes, disabling SEEK_DATA & SEEK_HOLE", st.Blksize)`
			`return MinusOne, syscall.ENOSYS`
			`}`

			`// man lseek: offset beyond end of file -> ENXIO`
			`if f.rootNode.contentEnc.PlainOffToCipherOff(off) >= uint64(fileSize) {`
			`return MinusOne, syscall.ENXIO`
			`}`

			`// Round down to start of block:`
			`cipherOff := f.rootNode.contentEnc.BlockNoToCipherOff(f.rootNode.contentEnc.PlainOffToBlockNo(off))`
			`newCipherOff, err := syscall.Seek(f.intFd(), int64(cipherOff), int(whence))`
			`if err != nil {`
			`return MinusOne, fs.ToErrno(err)`
			`}`
			`// already in data/hole => return original offset`
			`if newCipherOff == int64(cipherOff) {`
			`return off, 0`
			`}`
			`// If there is no further hole, SEEK_HOLE returns the file size`
			`// (SEEK_DATA returns ENXIO in this case).`
			`if whence == SEEK_HOLE {`
			`fi, err := f.fd.Stat()`
			`if err != nil {`
			`return MinusOne, fs.ToErrno(err)`
			`}`
			`if newCipherOff == fi.Size() {`
			`return f.rootNode.contentEnc.CipherSizeToPlainSize(uint64(newCipherOff)), 0`
			`}`
			`}`
			`// syscall.Seek gave us the beginning of the next ext4 data/hole section.`
			`// The next gocryptfs data/hole block starts at the next block boundary,`
			`// so we have to round up:`
			`newBlockNo := f.rootNode.contentEnc.CipherOffToBlockNo(uint64(newCipherOff) + f.rootNode.contentEnc.CipherBS() - 1)`
			`return f.rootNode.contentEnc.BlockNoToPlainOff(newBlockNo), 0`
v2api: implement Create 2020-06-21 13:25:12 +02:00			`}`