fusefrontend_reverse: use inomap for inode number translation
Gets rid of static inode number value limitations. Fixes https://github.com/rfjakob/gocryptfs/issues/457
This commit is contained in:
parent
db93a6c54c
commit
518771e4e2
|
@ -122,5 +122,5 @@ func (rfs *ReverseFS) newNameFile(relPath string) (nodefs.File, fuse.Status) {
|
||||||
}
|
}
|
||||||
content := []byte(rfs.nameTransform.EncryptName(pName, dirIV))
|
content := []byte(rfs.nameTransform.EncryptName(pName, dirIV))
|
||||||
parentFile := filepath.Join(pDir, pName)
|
parentFile := filepath.Join(pDir, pName)
|
||||||
return rfs.newVirtualFile(content, rfs.args.Cipherdir, parentFile, inoBaseNameFile)
|
return rfs.newVirtualFile(content, rfs.args.Cipherdir, parentFile, inoTagNameFile)
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,6 +15,7 @@ import (
|
||||||
"github.com/rfjakob/gocryptfs/internal/contentenc"
|
"github.com/rfjakob/gocryptfs/internal/contentenc"
|
||||||
"github.com/rfjakob/gocryptfs/internal/cryptocore"
|
"github.com/rfjakob/gocryptfs/internal/cryptocore"
|
||||||
"github.com/rfjakob/gocryptfs/internal/fusefrontend"
|
"github.com/rfjakob/gocryptfs/internal/fusefrontend"
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/inomap"
|
||||||
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
||||||
"github.com/rfjakob/gocryptfs/internal/pathiv"
|
"github.com/rfjakob/gocryptfs/internal/pathiv"
|
||||||
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
|
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
|
||||||
|
@ -38,6 +39,9 @@ type ReverseFS struct {
|
||||||
contentEnc *contentenc.ContentEnc
|
contentEnc *contentenc.ContentEnc
|
||||||
// Tests wheter a path is excluded (hiden) from the user. Used by -exclude.
|
// Tests wheter a path is excluded (hiden) from the user. Used by -exclude.
|
||||||
excluder ignore.IgnoreParser
|
excluder ignore.IgnoreParser
|
||||||
|
// inoMap translates inode numbers from different devices to unique inode
|
||||||
|
// numbers.
|
||||||
|
inoMap *inomap.InoMap
|
||||||
}
|
}
|
||||||
|
|
||||||
var _ pathfs.FileSystem = &ReverseFS{}
|
var _ pathfs.FileSystem = &ReverseFS{}
|
||||||
|
@ -54,6 +58,7 @@ func NewFS(args fusefrontend.Args, c *contentenc.ContentEnc, n nametransform.Nam
|
||||||
args: args,
|
args: args,
|
||||||
nameTransform: n,
|
nameTransform: n,
|
||||||
contentEnc: c,
|
contentEnc: c,
|
||||||
|
inoMap: inomap.New(),
|
||||||
}
|
}
|
||||||
fs.prepareExcluder(args)
|
fs.prepareExcluder(args)
|
||||||
return fs
|
return fs
|
||||||
|
@ -180,6 +185,7 @@ func (rfs *ReverseFS) GetAttr(relPath string, context *fuse.Context) (*fuse.Attr
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fuse.ToStatus(err)
|
return nil, fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
|
rfs.inoMap.TranslateStat(&st)
|
||||||
var a fuse.Attr
|
var a fuse.Attr
|
||||||
a.FromStat(&st)
|
a.FromStat(&st)
|
||||||
if rfs.args.ForceOwner != nil {
|
if rfs.args.ForceOwner != nil {
|
||||||
|
@ -211,26 +217,25 @@ func (rfs *ReverseFS) GetAttr(relPath string, context *fuse.Context) (*fuse.Attr
|
||||||
}
|
}
|
||||||
return &a, status
|
return &a, status
|
||||||
}
|
}
|
||||||
|
// Normal file / directory
|
||||||
dirfd, name, err := rfs.openBackingDir(pPath)
|
dirfd, name, err := rfs.openBackingDir(pPath)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fuse.ToStatus(err)
|
return nil, fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
// Stat the backing file/dir using Fstatat
|
// Stat the backing file/dir using Fstatat
|
||||||
var st unix.Stat_t
|
var st syscall.Stat_t
|
||||||
err = syscallcompat.Fstatat(dirfd, name, &st, unix.AT_SYMLINK_NOFOLLOW)
|
{
|
||||||
syscall.Close(dirfd)
|
var st2 unix.Stat_t
|
||||||
if err != nil {
|
err = syscallcompat.Fstatat(dirfd, name, &st2, unix.AT_SYMLINK_NOFOLLOW)
|
||||||
return nil, fuse.ToStatus(err)
|
syscall.Close(dirfd)
|
||||||
}
|
if err != nil {
|
||||||
// Instead of risking an inode number collision, we return an error.
|
return nil, fuse.ToStatus(err)
|
||||||
if st.Ino > inoBaseMin {
|
}
|
||||||
tlog.Warn.Printf("GetAttr %q: backing file inode number %d crosses reserved space, max=%d. Returning EOVERFLOW.",
|
st = syscallcompat.Unix2syscall(st2)
|
||||||
relPath, st.Ino, inoBaseMin)
|
|
||||||
return nil, fuse.ToStatus(syscall.EOVERFLOW)
|
|
||||||
}
|
}
|
||||||
|
rfs.inoMap.TranslateStat(&st)
|
||||||
var a fuse.Attr
|
var a fuse.Attr
|
||||||
st2 := syscallcompat.Unix2syscall(st)
|
a.FromStat(&st)
|
||||||
a.FromStat(&st2)
|
|
||||||
// Calculate encrypted file size
|
// Calculate encrypted file size
|
||||||
if a.IsRegular() {
|
if a.IsRegular() {
|
||||||
a.Size = rfs.contentEnc.PlainSizeToCipherSize(a.Size)
|
a.Size = rfs.contentEnc.PlainSizeToCipherSize(a.Size)
|
||||||
|
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"github.com/hanwen/go-fuse/fuse"
|
"github.com/hanwen/go-fuse/fuse"
|
||||||
"github.com/hanwen/go-fuse/fuse/nodefs"
|
"github.com/hanwen/go-fuse/fuse/nodefs"
|
||||||
|
|
||||||
|
"github.com/rfjakob/gocryptfs/internal/inomap"
|
||||||
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
"github.com/rfjakob/gocryptfs/internal/nametransform"
|
||||||
"github.com/rfjakob/gocryptfs/internal/pathiv"
|
"github.com/rfjakob/gocryptfs/internal/pathiv"
|
||||||
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
|
"github.com/rfjakob/gocryptfs/internal/syscallcompat"
|
||||||
|
@ -20,19 +21,10 @@ const (
|
||||||
// virtualFileMode is the mode to use for virtual files (gocryptfs.diriv and
|
// virtualFileMode is the mode to use for virtual files (gocryptfs.diriv and
|
||||||
// *.name). They are always readable, as stated in func Access
|
// *.name). They are always readable, as stated in func Access
|
||||||
virtualFileMode = syscall.S_IFREG | 0444
|
virtualFileMode = syscall.S_IFREG | 0444
|
||||||
// inoBaseDirIV is the start of the inode number range that is used
|
// We use inomap's `Tag` feature to generate unique inode numbers for
|
||||||
// for virtual gocryptfs.diriv files. inoBaseNameFile is the thing for
|
// virtual files. These are the tags we use.
|
||||||
// *.name files.
|
inoTagDirIV = 1
|
||||||
// The value 10^19 is just below 2^60. A power of 10 has been chosen so the
|
inoTagNameFile = 2
|
||||||
// "ls -li" output (which is base-10) is easy to read.
|
|
||||||
// 10^19 is the largest power of 10 that is smaller than
|
|
||||||
// INT64_MAX (=UINT64_MAX/2). This avoids signedness issues.
|
|
||||||
inoBaseDirIV = uint64(1000000000000000000)
|
|
||||||
inoBaseNameFile = uint64(2000000000000000000)
|
|
||||||
// inoBaseMin marks the start of the inode number space that is
|
|
||||||
// reserved for virtual files. It is the lowest of the inoBaseXXX values
|
|
||||||
// above.
|
|
||||||
inoBaseMin = inoBaseDirIV
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func (rfs *ReverseFS) newDirIVFile(cRelPath string) (nodefs.File, fuse.Status) {
|
func (rfs *ReverseFS) newDirIVFile(cRelPath string) (nodefs.File, fuse.Status) {
|
||||||
|
@ -42,20 +34,23 @@ func (rfs *ReverseFS) newDirIVFile(cRelPath string) (nodefs.File, fuse.Status) {
|
||||||
return nil, fuse.ToStatus(err)
|
return nil, fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
iv := pathiv.Derive(cDir, pathiv.PurposeDirIV)
|
iv := pathiv.Derive(cDir, pathiv.PurposeDirIV)
|
||||||
return rfs.newVirtualFile(iv, rfs.args.Cipherdir, dir, inoBaseDirIV)
|
return rfs.newVirtualFile(iv, rfs.args.Cipherdir, dir, inoTagDirIV)
|
||||||
}
|
}
|
||||||
|
|
||||||
type virtualFile struct {
|
type virtualFile struct {
|
||||||
// Embed nodefs.defaultFile for a ENOSYS implementation of all methods
|
// Embed nodefs.defaultFile for a ENOSYS implementation of all methods
|
||||||
nodefs.File
|
nodefs.File
|
||||||
|
// pointer to parent filesystem
|
||||||
|
rfs *ReverseFS
|
||||||
// file content
|
// file content
|
||||||
content []byte
|
content []byte
|
||||||
// backing directory
|
// backing directory
|
||||||
cipherdir string
|
cipherdir string
|
||||||
// path to a parent file (relative to cipherdir)
|
// path to a parent file (relative to cipherdir)
|
||||||
parentFile string
|
parentFile string
|
||||||
// inode number of a virtual file is inode of parent file plus inoBase
|
// inomap `Tag`.
|
||||||
inoBase uint64
|
// Depending on the file type, either `inoTagDirIV` or `inoTagNameFile`.
|
||||||
|
inoTag uint8
|
||||||
}
|
}
|
||||||
|
|
||||||
// newVirtualFile creates a new in-memory file that does not have a representation
|
// newVirtualFile creates a new in-memory file that does not have a representation
|
||||||
|
@ -63,16 +58,17 @@ type virtualFile struct {
|
||||||
// from "parentFile" (plaintext path relative to "cipherdir").
|
// from "parentFile" (plaintext path relative to "cipherdir").
|
||||||
// For a "gocryptfs.diriv" file, you would use the parent directory as
|
// For a "gocryptfs.diriv" file, you would use the parent directory as
|
||||||
// "parentFile".
|
// "parentFile".
|
||||||
func (rfs *ReverseFS) newVirtualFile(content []byte, cipherdir string, parentFile string, inoBase uint64) (nodefs.File, fuse.Status) {
|
func (rfs *ReverseFS) newVirtualFile(content []byte, cipherdir string, parentFile string, inoTag uint8) (nodefs.File, fuse.Status) {
|
||||||
if inoBase < inoBaseMin {
|
if inoTag == 0 {
|
||||||
log.Panicf("BUG: virtual inode number base %d is below reserved space", inoBase)
|
log.Panicf("BUG: inoTag for virtual file is zero - this will cause ino collisions!")
|
||||||
}
|
}
|
||||||
return &virtualFile{
|
return &virtualFile{
|
||||||
File: nodefs.NewDefaultFile(),
|
File: nodefs.NewDefaultFile(),
|
||||||
|
rfs: rfs,
|
||||||
content: content,
|
content: content,
|
||||||
cipherdir: cipherdir,
|
cipherdir: cipherdir,
|
||||||
parentFile: parentFile,
|
parentFile: parentFile,
|
||||||
inoBase: inoBase,
|
inoTag: inoTag,
|
||||||
}, fuse.OK
|
}, fuse.OK
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -97,22 +93,18 @@ func (f *virtualFile) GetAttr(a *fuse.Attr) fuse.Status {
|
||||||
}
|
}
|
||||||
defer syscall.Close(dirfd)
|
defer syscall.Close(dirfd)
|
||||||
name := filepath.Base(f.parentFile)
|
name := filepath.Base(f.parentFile)
|
||||||
var st unix.Stat_t
|
var st2 unix.Stat_t
|
||||||
err = syscallcompat.Fstatat(dirfd, name, &st, unix.AT_SYMLINK_NOFOLLOW)
|
err = syscallcompat.Fstatat(dirfd, name, &st2, unix.AT_SYMLINK_NOFOLLOW)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
tlog.Debug.Printf("GetAttr: Fstatat %q: %v\n", f.parentFile, err)
|
tlog.Debug.Printf("GetAttr: Fstatat %q: %v\n", f.parentFile, err)
|
||||||
return fuse.ToStatus(err)
|
return fuse.ToStatus(err)
|
||||||
}
|
}
|
||||||
if st.Ino > inoBaseMin {
|
st := syscallcompat.Unix2syscall(st2)
|
||||||
tlog.Warn.Printf("virtualFile.GetAttr: parent file inode number %d crosses reserved space, max=%d. Returning EOVERFLOW.",
|
q := inomap.NewQIno(uint64(st.Dev), f.inoTag, uint64(st.Ino))
|
||||||
st.Ino, inoBaseMin)
|
st.Ino = f.rfs.inoMap.Translate(q)
|
||||||
return fuse.ToStatus(syscall.EOVERFLOW)
|
|
||||||
}
|
|
||||||
st.Ino = st.Ino + f.inoBase
|
|
||||||
st.Size = int64(len(f.content))
|
st.Size = int64(len(f.content))
|
||||||
st.Mode = virtualFileMode
|
st.Mode = virtualFileMode
|
||||||
st.Nlink = 1
|
st.Nlink = 1
|
||||||
st2 := syscallcompat.Unix2syscall(st)
|
a.FromStat(&st)
|
||||||
a.FromStat(&st2)
|
|
||||||
return fuse.OK
|
return fuse.OK
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
package inomap
|
package inomap
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"sync"
|
"sync"
|
||||||
"syscall"
|
"syscall"
|
||||||
|
@ -72,23 +73,30 @@ func (m *InoMap) spill(in QIno) (out uint64) {
|
||||||
func (m *InoMap) Translate(in QIno) (out uint64) {
|
func (m *InoMap) Translate(in QIno) (out uint64) {
|
||||||
m.Lock()
|
m.Lock()
|
||||||
defer m.Unlock()
|
defer m.Unlock()
|
||||||
|
defer func() {
|
||||||
|
fmt.Printf("Translate: %v -> %d\n", in, out)
|
||||||
|
}()
|
||||||
|
|
||||||
if in.Ino > maxPassthruIno {
|
if in.Ino > maxPassthruIno {
|
||||||
return m.spill(in)
|
out = m.spill(in)
|
||||||
|
return out
|
||||||
}
|
}
|
||||||
ns, found := m.namespaceMap[in.namespaceData]
|
ns, found := m.namespaceMap[in.namespaceData]
|
||||||
// Use existing namespace
|
// Use existing namespace
|
||||||
if found {
|
if found {
|
||||||
return uint64(ns)<<48 | in.Ino
|
out = uint64(ns)<<48 | in.Ino
|
||||||
|
return out
|
||||||
}
|
}
|
||||||
// No free namespace slots?
|
// No free namespace slots?
|
||||||
if m.namespaceNext >= maxNamespaceId {
|
if m.namespaceNext >= maxNamespaceId {
|
||||||
return m.spill(in)
|
out = m.spill(in)
|
||||||
|
return out
|
||||||
}
|
}
|
||||||
ns = m.namespaceNext
|
ns = m.namespaceNext
|
||||||
m.namespaceNext++
|
m.namespaceNext++
|
||||||
m.namespaceMap[in.namespaceData] = ns
|
m.namespaceMap[in.namespaceData] = ns
|
||||||
return uint64(ns)<<48 | in.Ino
|
out = uint64(ns)<<48 | in.Ino
|
||||||
|
return out
|
||||||
}
|
}
|
||||||
|
|
||||||
// TranslateStat translates the inode number contained in "st" if neccessary.
|
// TranslateStat translates the inode number contained in "st" if neccessary.
|
||||||
|
|
|
@ -106,7 +106,7 @@ func TestUniqueness(t *testing.T) {
|
||||||
var q QIno
|
var q QIno
|
||||||
outMap := make(map[uint64]struct{})
|
outMap := make(map[uint64]struct{})
|
||||||
for q.Dev = 0; q.Dev < 10; q.Dev++ {
|
for q.Dev = 0; q.Dev < 10; q.Dev++ {
|
||||||
for q.Flags = 0; q.Flags < 10; q.Flags++ {
|
for q.Tag = 0; q.Tag < 10; q.Tag++ {
|
||||||
// some go into spill
|
// some go into spill
|
||||||
for q.Ino = maxPassthruIno - 100; q.Ino < maxPassthruIno+100; q.Ino++ {
|
for q.Ino = maxPassthruIno - 100; q.Ino < maxPassthruIno+100; q.Ino++ {
|
||||||
out := m.Translate(q)
|
out := m.Translate(q)
|
||||||
|
|
|
@ -7,9 +7,11 @@ import (
|
||||||
type namespaceData struct {
|
type namespaceData struct {
|
||||||
// Stat_t.Dev is uint64 on 32- and 64-bit Linux
|
// Stat_t.Dev is uint64 on 32- and 64-bit Linux
|
||||||
Dev uint64
|
Dev uint64
|
||||||
// Flags acts like an extension of the Dev field.
|
// Tag acts like an extension of the Dev field.
|
||||||
// It is used by reverse mode for virtual files.
|
// It is used by reverse mode for virtual files.
|
||||||
Flags uint8
|
// Normal (forward) mode does not use it and it
|
||||||
|
// stays always zero there.
|
||||||
|
Tag uint8
|
||||||
}
|
}
|
||||||
|
|
||||||
// QIno = Qualified Inode number.
|
// QIno = Qualified Inode number.
|
||||||
|
@ -21,15 +23,21 @@ type QIno struct {
|
||||||
Ino uint64
|
Ino uint64
|
||||||
}
|
}
|
||||||
|
|
||||||
// QInoFromStat fills a new QIno struct with the passed Stat_t info.
|
// NewQIno returns a filled QIno struct
|
||||||
func QInoFromStat(st *syscall.Stat_t) QIno {
|
func NewQIno(dev uint64, tag uint8, ino uint64) QIno {
|
||||||
return QIno{
|
return QIno{
|
||||||
namespaceData: namespaceData{
|
namespaceData: namespaceData{
|
||||||
// There are some architectures that use 32-bit values here
|
Dev: dev,
|
||||||
// (darwin, freebsd-32, maybe others). Add an explicit cast to make
|
Tag: tag,
|
||||||
// this function work everywhere.
|
|
||||||
Dev: uint64(st.Dev),
|
|
||||||
},
|
},
|
||||||
Ino: uint64(st.Ino),
|
Ino: ino,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// QInoFromStat fills a new QIno struct with the passed Stat_t info.
|
||||||
|
func QInoFromStat(st *syscall.Stat_t) QIno {
|
||||||
|
// There are some architectures that use 32-bit values here
|
||||||
|
// (darwin, freebsd-32, maybe others). Add an explicit cast to make
|
||||||
|
// this function work everywhere.
|
||||||
|
return NewQIno(uint64(st.Dev), 0, uint64(st.Ino))
|
||||||
|
}
|
||||||
|
|
|
@ -128,8 +128,10 @@ func TestVirtualFileIno(t *testing.T) {
|
||||||
if origInos.parent == cipherInos.diriv {
|
if origInos.parent == cipherInos.diriv {
|
||||||
t.Errorf("diriv ino collision: %d == %d", origInos.parent, cipherInos.diriv)
|
t.Errorf("diriv ino collision: %d == %d", origInos.parent, cipherInos.diriv)
|
||||||
}
|
}
|
||||||
if origInos.parent != cipherInos.diriv-1000000000000000000 {
|
// Lower 48 bits should come from the backing file
|
||||||
t.Errorf("diriv ino mismatch: %d != %d", origInos.parent, cipherInos.diriv)
|
const mask = 0xffffffffffff
|
||||||
|
if origInos.parent&mask != cipherInos.diriv&mask {
|
||||||
|
t.Errorf("diriv ino mismatch: %#x vs %#x", origInos.parent, cipherInos.diriv)
|
||||||
}
|
}
|
||||||
if origInos.child != cipherInos.child {
|
if origInos.child != cipherInos.child {
|
||||||
t.Errorf("child ino mismatch: %d vs %d", origInos.child, cipherInos.child)
|
t.Errorf("child ino mismatch: %d vs %d", origInos.child, cipherInos.child)
|
||||||
|
@ -137,7 +139,7 @@ func TestVirtualFileIno(t *testing.T) {
|
||||||
if origInos.child == cipherInos.name {
|
if origInos.child == cipherInos.name {
|
||||||
t.Errorf("name ino collision: %d == %d", origInos.child, cipherInos.name)
|
t.Errorf("name ino collision: %d == %d", origInos.child, cipherInos.name)
|
||||||
}
|
}
|
||||||
if origInos.child != cipherInos.name-2000000000000000000 {
|
if origInos.child&mask != cipherInos.name&mask {
|
||||||
t.Errorf("name ino mismatch: %d vs %d", origInos.child, cipherInos.name)
|
t.Errorf("name ino mismatch: %#x vs %#x", origInos.child, cipherInos.name)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue