...against concurrent closes.
The testcase
(set -e; while true; do truncate -s $RANDOM b; done) &
(set -e; while true; do truncate -s $RANDOM b; done) &
uncovered lots of unnecessary RMW failures that were the result
of concurrent closes.
With this patch, the only remaining error is "Truncate on forgotten file"
that is probably caused by a problem in the go-fuse lib
( https://github.com/hanwen/go-fuse/issues/95 )
At the moment, FUSE writes to a single file are serialized by the kernel.
However, it is unclear if this is guaranteed behaviour or may change
in the future.
This patch adds our own per-inode write lock to rule out races regardless
of kernel behavoir.
If an empty directory is overwritten we will always get
ENOTEMPTY as the "empty" directory will still contain gocryptfs.diriv.
Handle that case by removing the target directory and trying again.
Fixes issue #10
This makes sure writing to a file fails early if the underlying
filesystem does not support fallocate. It also prevents partial header
write due to ENOSPC.
Another 3x performance boost for applications that walk the
directory tree.
Excerpt from performance.txt:
VERSION UNTAR LS RM
v0.4 48 1.5 5
v0.5-rc1 56 7 19
v0.5-rc1-1 54 4.1 9
v0.5-rc1-2 45 1.7 3.4 <---- THIS VERSION
Formerly, we called decryptPath for every name.
That resulted in a directory walk that reads in all diriv files
on the way.
Massive improvement for RM and LS (check performance.txt for details)
VERSION UNTAR RM LS
v0.4 48 5 1.5
v0.5-rc1 56 19 7
v0.5-rc1-1 54 9 4.1 <---- THIS VERSION
Move all the intelligence into the new file address_translation.go.
That the calculations were spread out too much became apparent when adding
the file header. This should make the code much easier to modify in the
future.
Format: [ "Version" uint16 big endian ] [ "Id" 16 random bytes ]
Quoting SECURITY.md:
* Every file has a header that contains a 16-byte random *file id*
* Each block uses the file id and its block number as GCM *authentication data*
* This means the position of the blocks is protected as well. The blocks
can not be reordered or copied between different files without
causing an decryption error.
Futimes() only takes microsecond resolution while the FUSE call
Utimens() wants nanosecond precision.
This is why UTIME_OMIT did not work - this change fixes the
xfstests generic/258 test failure.
The go library does not provide a FutimesNano() function which is
why I use UtimesNano() on /proc/self/fd/n.
This is what the Go library does in Futimes().
