MFC the new fusefs driver


MFC the new fusefs driver

MFC r350665, r350990, r350992, r351039, r351042, r351061, r351066, r351113, r351560, r351961, r351963, r352021, r352025, r352230

fusefs: merge from projects/fuse2

This commit imports the new fusefs driver. It raises the protocol level
from 7.8 to 7.23, fixes many bugs, adds a test suite for the driver, and
adds many new features. New features include:

  • Optional kernel-side permissions checks (-o default_permissions)
  • Allow interrupting FUSE operations
  • Support named pipes and unix-domain sockets in fusefs file systems
  • Forward UTIME_NOW during utimensat(2) to the daemon
  • kqueue support for /dev/fuse
  • Allow updating mounts with "mount -u"
  • Allow exporting fusefs file systems over NFS
  • Server-initiated invalidation of the name cache or data cache
  • Respect RLIMIT_FSIZE
  • Try to support servers as old as protocol 7.4

Performance enhancements include:

  • Cache file attributes
  • Cache lookup entries, both positive and negative
  • Server-selectable cache modes: writethrough, writeback, or uncached
  • Write clustering
  • Readahead
  • Use counter(9) for statistical reporting

PR: 199934 216391 233783 234581 235773 235774 235775
PR: 236226 236231 236236 236291 236329 236381 236405
PR: 236327 236466 236472 236473 236474 236530 236557
PR: 236560 236844 237052 237181 237588 238565
Reviewed by: bcr (man pages)
Reviewed by: cem, ngie, rpokala, glebius, kib, bde, emaste (post-commit

		review on project branch)

Relnotes: yes
Sponsored by: The FreeBSD Foundation
Pull Request: https://reviews.freebsd.org/D21110

fusefs: add SVN Keywords to the test files

Reported by: SVN pre-commit hooks
MFC-With: r350665
Sponsored by: The FreeBSD Foundation

fusefs: skip some tests when unsafe aio is disabled

MFC-With: r350665
Sponsored by: The FreeBSD Foundation

fusefs: fix intermittency in the default_permissions.Unlink.ok test

The test needs to expect a FUSE_FORGET operation. Most of the time the test
would pass anyway, because by chance FUSE_FORGET would arrive after the

MFC-With: 350665
Sponsored by: The FreeBSD Foundation

fusefs: Fix the size of fuse_getattr_in

In FUSE protocol 7.9, the size of the FUSE_GETATTR request has increased.
However, the fusefs driver is currently not sending the additional fields.
In our implementation, the additional fields are always zero, so I there
haven't been any test failures until now. But fusefs-lkl requires the
request's length to be correct.

Fix this bug, and also enhance the test suite to catch similar bugs.

PR: 239830
MFC-With: 350665
Sponsored by: The FreeBSD Foundation

fusefs: fix the 32-bit build after 351042

Reported by: jhb
MFC-With: 351042
Sponsored by: The FreeBSD Foundation

fusefs: fix conditional from r351061

The entirety of r351061 was a copy/paste error. I'm sorry I've been
comitting so hastily.

Reported by: rpokala
Reviewed by: rpokala
MFC-With: 351061
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21265

fusefs: don't send the namespace during listextattr

The FUSE_LISTXATTR operation always returns the full list of a file's
extended attributes, in all namespaces. There's no way to filter the list
server-side. However, currently FreeBSD's fusefs driver sends a namespace
string with the FUSE_LISTXATTR request. That behavior was probably copied
from fuse_vnop_getextattr, which has an attribute name argument. It's
been there ever since extended attribute support was added in r324620. This
commit removes it.

Reviewed by: cem
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21280

fusefs: Fix some bugs regarding the size of the LISTXATTR list

  • A small error in r338152 let to the returned size always being exactly eight bytes too large.
  • The FUSE_LISTXATTR operation works like Linux's listxattr(2): if the caller does not provide enough space, then the server should return ERANGE rather than return a truncated list. That's true even though in FUSE's case the kernel doesn't provide space to the client at all; it simply requests a maximum size for the list. We previously weren't handling the case where the server returns ERANGE even though the kernel requested as much size as the server had told us it needs; that can happen due to a race.
  • We also need to ensure that a pathological server that always returns ERANGE no matter what size we request in FUSE_LISTXATTR won't cause an infinite loop in the kernel. As of this commit, it will instead cause an infinite loop that exits and enters the kernel on each iteration, allowing signals to be processed.

Reviewed by: cem
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21287

Coverity fixes in fusefs(5)

CID 1404532 fixes a signed vs unsigned comparison error in fuse_vnop_bmap.
It could potentially have resulted in VOP_BMAP reporting too many
consecutive blocks.

CID 1404364 is much worse. It was an array access by an untrusted,
user-provided variable. It could potentially have resulted in a malicious
file system crashing the kernel or worse.

Reported by: Coverity
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21466

fusefs: coverity cleanup in the tests

Address the following defects reported by Coverity:

  • Structurally dead code (CID 1404366): set m_quit before FAIL, not after
  • Unchecked return value of sysctlbyname (CID 1404321)
  • Unchecked return value of stat(2) (CID 1404471)
  • Unchecked return value of open(2) (CID 1404402, 1404529)
  • Unchecked return value of dup(2) (CID 1404478)
  • Buffer overflows. These are all false positives caused by the fact that Coverity thinks I'm using a buffer to store strings, when in fact I'm really just using it to store a byte array that happens to be initialized with a string. I'm changing the type from char to uint8_t in the hopes that it will placate Coverity. (CID 1404338, 1404350, 1404367, 1404376, 1404379, 1404381, 1404388, 1404403, 1404425, 1404433, 1404434, 1404474, 1404480, 1404484, 1404503, 1404505)
  • False positive file descriptor leak. I'm going to try to fix this with Coverity modeling, but I'll also change an EXPECT to ASSERT so we don't perform meaningless assertions after the failure. (CID 1404320, 1404324, 1404440, 1404445).
  • Unannotated file descriptor leak. This will be followed up by a Coverity modeling change. (CID 1404326, 1404334, 1404336, 1404357, 1404361, 1404372, 1404391, 1404395, 1404409, 1404430, 1404448, 1404451, 1404455, 1404457, 1404458, 1404460)
  • Uninitialized variables in C++ constructors (CID 1404327, 1404346). In the case of m_maxphys, this actually led to part of the FUSE_INIT's response being set to stack garbage during the WriteCluster::clustering test.
  • Uninitialized sun_len field in struct sockaddr_un (CID 1404330, 1404371, 1404429).

Reported by: Coverity
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21457

fusefs: suppress some Coverity resource leak CIDs in the tests

The fusefs tests deliberately leak file descriptors. To do otherwise would
add extra complications to the tests' mock FUSE server. This annotation
should hopefully convince Coverity to shut up about the leaks.

Reviewed by: uqs
Sponsored by: The FreeBSD Foundation

mount_fusefs: fix a segfault on memory allocation failure

Reported by: Coverity
Coverity CID: 1354188
Sponsored by: The FreeBSD Foundation

fusefs: Fix iosize for FUSE_WRITE in 7.8 compat mode

When communicating with a FUSE server that implements version 7.8 (or older)
of the FUSE protocol, the FUSE_WRITE request structure is 16 bytes shorter
than normal. The protocol version check wasn't applied universally, leading
to an extra 16 bytes being sent to such servers. The extra bytes were
allocated and bzero()d, so there was no information disclosure.

Reviewed by: emaste
MFC-With: r350665
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D21557


asomersAuthored on
Differential Revision
D21265: fusefs: fix conditional from r351061
rS352350: rangelock: add rangelock_cookie_assert