mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

virtiofsd: Remove source

Browse Source 
Now remove all the source.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
This commit is contained in:
Dr. David Alan Gilbert 2023-01-18 12:11:51 +00:00
parent 8ab5e8a503
commit e0dc2631ec
19 changed files with 0 additions and 13693 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

403
docs/tools/virtiofsd.rst
View File

@ -1,403 +0,0 @@
QEMU virtio-fs shared file system daemon
========================================
Synopsis
--------
**virtiofsd** [*OPTIONS*]
Description
-----------
Share a host directory tree with a guest through a virtio-fs device. This
program is a vhost-user backend that implements the virtio-fs device. Each
virtio-fs device instance requires its own virtiofsd process.
This program is designed to work with QEMU's ``--device vhost-user-fs-pci``
but should work with any virtual machine monitor (VMM) that supports
vhost-user. See the Examples section below.
This program must be run as the root user. The program drops privileges where
possible during startup although it must be able to create and access files
with any uid/gid:
* The ability to invoke syscalls is limited using seccomp(2).
* Linux capabilities(7) are dropped.
In "namespace" sandbox mode the program switches into a new file system
namespace and invokes pivot_root(2) to make the shared directory tree its root.
A new pid and net namespace is also created to isolate the process.
In "chroot" sandbox mode the program invokes chroot(2) to make the shared
directory tree its root. This mode is intended for container environments where
the container runtime has already set up the namespaces and the program does
not have permission to create namespaces itself.
Both sandbox modes prevent "file system escapes" due to symlinks and other file
system objects that might lead to files outside the shared directory.
Options
-------
.. program:: virtiofsd
.. option:: -h, --help
Print help.
.. option:: -V, --version
Print version.
.. option:: -d
Enable debug output.
.. option:: --syslog
Print log messages to syslog instead of stderr.
.. option:: -o OPTION
* debug -
Enable debug output.
* flock|no_flock -
Enable/disable flock. The default is ``no_flock``.
* modcaps=CAPLIST
Modify the list of capabilities allowed; CAPLIST is a colon separated
list of capabilities, each preceded by either + or -, e.g.
''+sys_admin:-chown''.
* log_level=LEVEL -
Print only log messages matching LEVEL or more severe. LEVEL is one of
``err``, ``warn``, ``info``, or ``debug``. The default is ``info``.
* posix_lock|no_posix_lock -
Enable/disable remote POSIX locks. The default is ``no_posix_lock``.
* readdirplus|no_readdirplus -
Enable/disable readdirplus. The default is ``readdirplus``.
* sandbox=namespace|chroot -
Sandbox mode:
- namespace: Create mount, pid, and net namespaces and pivot_root(2) into
the shared directory.
- chroot: chroot(2) into shared directory (use in containers).
The default is "namespace".
* source=PATH -
Share host directory tree located at PATH. This option is required.
* timeout=TIMEOUT -
I/O timeout in seconds. The default depends on cache= option.
* writeback|no_writeback -
Enable/disable writeback cache. The cache allows the FUSE client to buffer
and merge write requests. The default is ``no_writeback``.
* xattr|no_xattr -
Enable/disable extended attributes (xattr) on files and directories. The
default is ``no_xattr``.
* posix_acl|no_posix_acl -
Enable/disable posix acl support. Posix ACLs are disabled by default.
* security_label|no_security_label -
Enable/disable security label support. Security labels are disabled by
default. This will allow client to send a MAC label of file during
file creation. Typically this is expected to be SELinux security
label. Server will try to set that label on newly created file
atomically wherever possible.
* killpriv_v2|no_killpriv_v2 -
Enable/disable ``FUSE_HANDLE_KILLPRIV_V2`` support. KILLPRIV_V2 is enabled
by default as long as the client supports it. Enabling this option helps
with performance in write path.
.. option:: --socket-path=PATH
Listen on vhost-user UNIX domain socket at PATH.
.. option:: --socket-group=GROUP
Set the vhost-user UNIX domain socket gid to GROUP.
.. option:: --fd=FDNUM
Accept connections from vhost-user UNIX domain socket file descriptor FDNUM.
The file descriptor must already be listening for connections.
.. option:: --thread-pool-size=NUM
Restrict the number of worker threads per request queue to NUM. The default
is 0.
.. option:: --cache=none|auto|always
Select the desired trade-off between coherency and performance. ``none``
forbids the FUSE client from caching to achieve best coherency at the cost of
performance. ``auto`` acts similar to NFS with a 1 second metadata cache
timeout. ``always`` sets a long cache lifetime at the expense of coherency.
The default is ``auto``.
Extended attribute (xattr) mapping
----------------------------------
By default the name of xattr's used by the client are passed through to the server
file system. This can be a problem where either those xattr names are used
by something on the server (e.g. selinux client/server confusion) or if the
``virtiofsd`` is running in a container with restricted privileges where it
cannot access some attributes.
Mapping syntax
~~~~~~~~~~~~~~
A mapping of xattr names can be made using -o xattrmap=mapping where the ``mapping``
string consists of a series of rules.
The first matching rule terminates the mapping.
The set of rules must include a terminating rule to match any remaining attributes
at the end.
Each rule consists of a number of fields separated with a separator that is the
first non-white space character in the rule. This separator must then be used
for the whole rule.
White space may be added before and after each rule.
Using ':' as the separator a rule is of the form:
``:type:scope:key:prepend:``
**scope** is:
- 'client' - match 'key' against a xattr name from the client for
setxattr/getxattr/removexattr
- 'server' - match 'prepend' against a xattr name from the server
for listxattr
- 'all' - can be used to make a single rule where both the server
and client matches are triggered.
**type** is one of:
- 'prefix' - is designed to prepend and strip a prefix; the modified
attributes then being passed on to the client/server.
- 'ok' - Causes the rule set to be terminated when a match is found
while allowing matching xattr's through unchanged.
It is intended both as a way of explicitly terminating
the list of rules, and to allow some xattr's to skip following rules.
- 'bad' - If a client tries to use a name matching 'key' it's
denied using EPERM; when the server passes an attribute
name matching 'prepend' it's hidden. In many ways it's use is very like
'ok' as either an explicit terminator or for special handling of certain
patterns.
- 'unsupported' - If a client tries to use a name matching 'key' it's
denied using ENOTSUP; when the server passes an attribute
name matching 'prepend' it's hidden. In many ways it's use is very like
'ok' as either an explicit terminator or for special handling of certain
patterns.
**key** is a string tested as a prefix on an attribute name originating
on the client. It maybe empty in which case a 'client' rule
will always match on client names.
**prepend** is a string tested as a prefix on an attribute name originating
on the server, and used as a new prefix. It may be empty
in which case a 'server' rule will always match on all names from
the server.
e.g.:
``:prefix:client:trusted.:user.virtiofs.:``
will match 'trusted.' attributes in client calls and prefix them before
passing them to the server.
``:prefix:server::user.virtiofs.:``
will strip 'user.virtiofs.' from all server replies.
``:prefix:all:trusted.:user.virtiofs.:``
combines the previous two cases into a single rule.
``:ok:client:user.::``
will allow get/set xattr for 'user.' xattr's and ignore
following rules.
``:ok:server::security.:``
will pass 'security.' xattr's in listxattr from the server
and ignore following rules.
``:ok:all:::``
will terminate the rule search passing any remaining attributes
in both directions.
``:bad:server::security.:``
would hide 'security.' xattr's in listxattr from the server.
A simpler 'map' type provides a shorter syntax for the common case:
``:map:key:prepend:``
The 'map' type adds a number of separate rules to add **prepend** as a prefix
to the matched **key** (or all attributes if **key** is empty).
There may be at most one 'map' rule and it must be the last rule in the set.
Note: When the 'security.capability' xattr is remapped, the daemon has to do
extra work to remove it during many operations, which the host kernel normally
does itself.
Security considerations
~~~~~~~~~~~~~~~~~~~~~~~
Operating systems typically partition the xattr namespace using
well defined name prefixes. Each partition may have different
access controls applied. For example, on Linux there are multiple
partitions
* ``system.*`` - access varies depending on attribute & filesystem
* ``security.*`` - only processes with CAP_SYS_ADMIN
* ``trusted.*`` - only processes with CAP_SYS_ADMIN
* ``user.*`` - any process granted by file permissions / ownership
While other OS such as FreeBSD have different name prefixes
and access control rules.
When remapping attributes on the host, it is important to
ensure that the remapping does not allow a guest user to
evade the guest access control rules.
Consider if ``trusted.*`` from the guest was remapped to
``user.virtiofs.trusted*`` in the host. An unprivileged
user in a Linux guest has the ability to write to xattrs
under ``user.*``. Thus the user can evade the access
control restriction on ``trusted.*`` by instead writing
to ``user.virtiofs.trusted.*``.
As noted above, the partitions used and access controls
applied, will vary across guest OS, so it is not wise to
try to predict what the guest OS will use.
The simplest way to avoid an insecure configuration is
to remap all xattrs at once, to a given fixed prefix.
This is shown in example (1) below.
If selectively mapping only a subset of xattr prefixes,
then rules must be added to explicitly block direct
access to the target of the remapping. This is shown
in example (2) below.
Mapping examples
~~~~~~~~~~~~~~~~
1) Prefix all attributes with 'user.virtiofs.'
::
-o xattrmap=":prefix:all::user.virtiofs.::bad:all:::"
This uses two rules, using : as the field separator;
the first rule prefixes and strips 'user.virtiofs.',
the second rule hides any non-prefixed attributes that
the host set.
This is equivalent to the 'map' rule:
::
-o xattrmap=":map::user.virtiofs.:"
2) Prefix 'trusted.' attributes, allow others through
::
"/prefix/all/trusted./user.virtiofs./
/bad/server//trusted./
/bad/client/user.virtiofs.//
/ok/all///"
Here there are four rules, using / as the field
separator, and also demonstrating that new lines can
be included between rules.
The first rule is the prefixing of 'trusted.' and
stripping of 'user.virtiofs.'.
The second rule hides unprefixed 'trusted.' attributes
on the host.
The third rule stops a guest from explicitly setting
the 'user.virtiofs.' path directly to prevent access
control bypass on the target of the earlier prefix
remapping.
Finally, the fourth rule lets all remaining attributes
through.
This is equivalent to the 'map' rule:
::
-o xattrmap="/map/trusted./user.virtiofs./"
3) Hide 'security.' attributes, and allow everything else
::
"/bad/all/security./security./
/ok/all///'
The first rule combines what could be separate client and server
rules into a single 'all' rule, matching 'security.' in either
client arguments or lists returned from the host. This stops
the client seeing any 'security.' attributes on the server and
stops it setting any.
SELinux support
---------------
One can enable support for SELinux by running virtiofsd with option
"-o security_label". But this will try to save guest's security context
in xattr security.selinux on host and it might fail if host's SELinux
policy does not permit virtiofsd to do this operation.
Hence, it is preferred to remap guest's "security.selinux" xattr to say
"trusted.virtiofs.security.selinux" on host.
"-o xattrmap=:map:security.selinux:trusted.virtiofs.:"
This will make sure that guest and host's SELinux xattrs on same file
remain separate and not interfere with each other. And will allow both
host and guest to implement their own separate SELinux policies.
Setting trusted xattr on host requires CAP_SYS_ADMIN. So one will need
add this capability to daemon.
"-o modcaps=+sys_admin"
Giving CAP_SYS_ADMIN increases the risk on system. Now virtiofsd is more
powerful and if gets compromised, it can do lot of damage to host system.
So keep this trade-off in my mind while making a decision.
Examples
--------
Export ``/var/lib/fs/vm001/`` on vhost-user UNIX domain socket
``/var/run/vm001-vhost-fs.sock``:
.. parsed-literal::
host# virtiofsd --socket-path=/var/run/vm001-vhost-fs.sock -o source=/var/lib/fs/vm001
host# |qemu_system| \\
-chardev socket,id=char0,path=/var/run/vm001-vhost-fs.sock \\
-device vhost-user-fs-pci,chardev=char0,tag=myfs \\
-object memory-backend-memfd,id=mem,size=4G,share=on \\
-numa node,memdev=mem \\
...
guest# mount -t virtiofs myfs /mnt

350
tools/virtiofsd/buffer.c
View File

@ -1,350 +0,0 @@
/*
* FUSE: Filesystem in Userspace
* Copyright (C) 2010 Miklos Szeredi <miklos@szeredi.hu>
*
* Functions for dealing with `struct fuse_buf` and `struct
* fuse_bufvec`.
*
* This program can be distributed under the terms of the GNU LGPLv2.
* See the file COPYING.LIB
*/
#include "qemu/osdep.h"
#include "fuse_i.h"
#include "fuse_lowlevel.h"
size_t fuse_buf_size(const struct fuse_bufvec *bufv)
{
size_t i;
size_t size = 0;
for (i = 0; i < bufv->count; i++) {
if (bufv->buf[i].size == SIZE_MAX) {
size = SIZE_MAX;
} else {
size += bufv->buf[i].size;
}
}
return size;
}
static ssize_t fuse_buf_writev(struct fuse_buf *out_buf,
struct fuse_bufvec *in_buf)
{
ssize_t res, i, j;
size_t iovcnt = in_buf->count;
struct iovec *iov;
int fd = out_buf->fd;
iov = g_try_new0(struct iovec, iovcnt);
if (!iov) {
return -ENOMEM;
}
for (i = 0, j = 0; i < iovcnt; i++) {
/* Skip the buf with 0 size */
if (in_buf->buf[i].size) {
iov[j].iov_base = in_buf->buf[i].mem;
iov[j].iov_len = in_buf->buf[i].size;
j++;
}
}
if (out_buf->flags & FUSE_BUF_FD_SEEK) {
res = pwritev(fd, iov, iovcnt, out_buf->pos);
} else {
res = writev(fd, iov, iovcnt);
}
if (res == -1) {
res = -errno;
}
g_free(iov);
return res;
}
static size_t min_size(size_t s1, size_t s2)
{
return s1 < s2 ? s1 : s2;
}
static ssize_t fuse_buf_write(const struct fuse_buf *dst, size_t dst_off,
const struct fuse_buf *src, size_t src_off,
size_t len)
{
ssize_t res = 0;
size_t copied = 0;
while (len) {
if (dst->flags & FUSE_BUF_FD_SEEK) {
res = pwrite(dst->fd, (char *)src->mem + src_off, len,
dst->pos + dst_off);
} else {
res = write(dst->fd, (char *)src->mem + src_off, len);
}
if (res == -1) {
if (!copied) {
return -errno;
}
break;
}
if (res == 0) {
break;
}
copied += res;
if (!(dst->flags & FUSE_BUF_FD_RETRY)) {
break;
}
src_off += res;
dst_off += res;
len -= res;
}
return copied;
}
static ssize_t fuse_buf_read(const struct fuse_buf *dst, size_t dst_off,
const struct fuse_buf *src, size_t src_off,
size_t len)
{
ssize_t res = 0;
size_t copied = 0;
while (len) {
if (src->flags & FUSE_BUF_FD_SEEK) {
res = pread(src->fd, (char *)dst->mem + dst_off, len,
src->pos + src_off);
} else {
res = read(src->fd, (char *)dst->mem + dst_off, len);
}
if (res == -1) {
if (!copied) {
return -errno;
}
break;
}
if (res == 0) {
break;
}
copied += res;
if (!(src->flags & FUSE_BUF_FD_RETRY)) {
break;
}
dst_off += res;
src_off += res;
len -= res;
}
return copied;
}
static ssize_t fuse_buf_fd_to_fd(const struct fuse_buf *dst, size_t dst_off,
const struct fuse_buf *src, size_t src_off,
size_t len)
{
char buf[4096];
struct fuse_buf tmp = {
.size = sizeof(buf),
.flags = 0,
};
ssize_t res;
size_t copied = 0;
tmp.mem = buf;
while (len) {
size_t this_len = min_size(tmp.size, len);
size_t read_len;
res = fuse_buf_read(&tmp, 0, src, src_off, this_len);
if (res < 0) {
if (!copied) {
return res;
}
break;
}
if (res == 0) {
break;
}
read_len = res;
res = fuse_buf_write(dst, dst_off, &tmp, 0, read_len);
if (res < 0) {
if (!copied) {
return res;
}
break;
}
if (res == 0) {
break;
}
copied += res;
if (res < this_len) {
break;
}
dst_off += res;
src_off += res;
len -= res;
}
return copied;
}
static ssize_t fuse_buf_copy_one(const struct fuse_buf *dst, size_t dst_off,
const struct fuse_buf *src, size_t src_off,
size_t len)
{
int src_is_fd = src->flags & FUSE_BUF_IS_FD;
int dst_is_fd = dst->flags & FUSE_BUF_IS_FD;
if (!src_is_fd && !dst_is_fd) {
char *dstmem = (char *)dst->mem + dst_off;
char *srcmem = (char *)src->mem + src_off;
if (dstmem != srcmem) {
if (dstmem + len <= srcmem || srcmem + len <= dstmem) {
memcpy(dstmem, srcmem, len);
} else {
memmove(dstmem, srcmem, len);
}
}
return len;
} else if (!src_is_fd) {
return fuse_buf_write(dst, dst_off, src, src_off, len);
} else if (!dst_is_fd) {
return fuse_buf_read(dst, dst_off, src, src_off, len);
} else {
return fuse_buf_fd_to_fd(dst, dst_off, src, src_off, len);
}
}
static const struct fuse_buf *fuse_bufvec_current(struct fuse_bufvec *bufv)
{
if (bufv->idx < bufv->count) {
return &bufv->buf[bufv->idx];
} else {
return NULL;
}
}
static int fuse_bufvec_advance(struct fuse_bufvec *bufv, size_t len)
{
const struct fuse_buf *buf = fuse_bufvec_current(bufv);
if (!buf) {
return 0;
}
bufv->off += len;
assert(bufv->off <= buf->size);
if (bufv->off == buf->size) {
assert(bufv->idx < bufv->count);
bufv->idx++;
if (bufv->idx == bufv->count) {
return 0;
}
bufv->off = 0;
}
return 1;
}
ssize_t fuse_buf_copy(struct fuse_bufvec *dstv, struct fuse_bufvec *srcv)
{
size_t copied = 0, i;
if (dstv == srcv) {
return fuse_buf_size(dstv);
}
/*
* use writev to improve bandwidth when all the
* src buffers already mapped by the daemon
* process
*/
for (i = 0; i < srcv->count; i++) {
if (srcv->buf[i].flags & FUSE_BUF_IS_FD) {
break;
}
}
if ((i == srcv->count) && (dstv->count == 1) &&
(dstv->idx == 0) &&
(dstv->buf[0].flags & FUSE_BUF_IS_FD)) {
dstv->buf[0].pos += dstv->off;
return fuse_buf_writev(&dstv->buf[0], srcv);
}
for (;;) {
const struct fuse_buf *src = fuse_bufvec_current(srcv);
const struct fuse_buf *dst = fuse_bufvec_current(dstv);
size_t src_len;
size_t dst_len;
size_t len;
ssize_t res;
if (src == NULL || dst == NULL) {
break;
}
src_len = src->size - srcv->off;
dst_len = dst->size - dstv->off;
len = min_size(src_len, dst_len);
res = fuse_buf_copy_one(dst, dstv->off, src, srcv->off, len);
if (res < 0) {
if (!copied) {
return res;
}
break;
}
copied += res;
if (!fuse_bufvec_advance(srcv, res) ||
!fuse_bufvec_advance(dstv, res)) {
break;
}
if (res < len) {
break;
}
}
return copied;
}
void *fuse_mbuf_iter_advance(struct fuse_mbuf_iter *iter, size_t len)
{
void *ptr;
if (len > iter->size - iter->pos) {
return NULL;
}
ptr = iter->mem + iter->pos;
iter->pos += len;
return ptr;
}
const char *fuse_mbuf_iter_advance_str(struct fuse_mbuf_iter *iter)
{
const char *str = iter->mem + iter->pos;
size_t remaining = iter->size - iter->pos;
size_t i;
for (i = 0; i < remaining; i++) {
if (str[i] == '\0') {
iter->pos += i + 1;
return str;
}
}
return NULL;
}

837
tools/virtiofsd/fuse_common.h
View File

@ -1,837 +0,0 @@
/*
* FUSE: Filesystem in Userspace
* Copyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu>
*
* This program can be distributed under the terms of the GNU LGPLv2.
* See the file COPYING.LIB.
*/
/** @file */
#if !defined(FUSE_H_) && !defined(FUSE_LOWLEVEL_H_)
#error \
"Never include <fuse_common.h> directly; use <fuse.h> or <fuse_lowlevel.h> instead."
#endif
#ifndef FUSE_COMMON_H_
#define FUSE_COMMON_H_
#include "fuse_log.h"
#include "fuse_opt.h"
/** Major version of FUSE library interface */
#define FUSE_MAJOR_VERSION 3
/** Minor version of FUSE library interface */
#define FUSE_MINOR_VERSION 2
#define FUSE_MAKE_VERSION(maj, min) ((maj) * 10 + (min))
#define FUSE_VERSION FUSE_MAKE_VERSION(FUSE_MAJOR_VERSION, FUSE_MINOR_VERSION)
/**
* Information about an open file.
*
* File Handles are created by the open, opendir, and create methods and closed
* by the release and releasedir methods. Multiple file handles may be
* concurrently open for the same file. Generally, a client will create one
* file handle per file descriptor, though in some cases multiple file
* descriptors can share a single file handle.
*/
struct fuse_file_info {
/** Open flags. Available in open() and release() */
int flags;
/*
* In case of a write operation indicates if this was caused
* by a delayed write from the page cache. If so, then the
* context's pid, uid, and gid fields will not be valid, and
* the *fh* value may not match the *fh* value that would
* have been sent with the corresponding individual write
* requests if write caching had been disabled.
*/
unsigned int writepage:1;
/** Can be filled in by open, to use direct I/O on this file. */
unsigned int direct_io:1;
/*
* Can be filled in by open. It signals the kernel that any
* currently cached file data (ie., data that the filesystem
* provided the last time the file was open) need not be
* invalidated. Has no effect when set in other contexts (in
* particular it does nothing when set by opendir()).
*/
unsigned int keep_cache:1;
/*
* Indicates a flush operation. Set in flush operation, also
* maybe set in highlevel lock operation and lowlevel release
* operation.
*/
unsigned int flush:1;
/*
* Can be filled in by open, to indicate that the file is not
* seekable.
*/
unsigned int nonseekable:1;
/*
* Indicates that flock locks for this file should be
* released. If set, lock_owner shall contain a valid value.
* May only be set in ->release().
*/
unsigned int flock_release:1;
/*
* Can be filled in by opendir. It signals the kernel to
* enable caching of entries returned by readdir(). Has no
* effect when set in other contexts (in particular it does
* nothing when set by open()).
*/
unsigned int cache_readdir:1;
/* Indicates that suid/sgid bits should be removed upon write */
unsigned int kill_priv:1;
/** Padding. Reserved for future use*/
unsigned int padding:24;
unsigned int padding2:32;
/*
* File handle id. May be filled in by filesystem in create,
* open, and opendir(). Available in most other file operations on the
* same file handle.
*/
uint64_t fh;
/** Lock owner id. Available in locking operations and flush */
uint64_t lock_owner;
/*
* Requested poll events. Available in ->poll. Only set on kernels
* which support it. If unsupported, this field is set to zero.
*/
uint32_t poll_events;
};
/*
* Capability bits for 'fuse_conn_info.capable' and 'fuse_conn_info.want'
*/
/**
* Indicates that the filesystem supports asynchronous read requests.
*
* If this capability is not requested/available, the kernel will
* ensure that there is at most one pending read request per
* file-handle at any time, and will attempt to order read requests by
* increasing offset.
*
* This feature is enabled by default when supported by the kernel.
*/
#define FUSE_CAP_ASYNC_READ (1 << 0)
/**
* Indicates that the filesystem supports "remote" locking.
*
* This feature is enabled by default when supported by the kernel,
* and if getlk() and setlk() handlers are implemented.
*/
#define FUSE_CAP_POSIX_LOCKS (1 << 1)
/**
* Indicates that the filesystem supports the O_TRUNC open flag. If
* disabled, and an application specifies O_TRUNC, fuse first calls
* truncate() and then open() with O_TRUNC filtered out.
*
* This feature is enabled by default when supported by the kernel.
*/
#define FUSE_CAP_ATOMIC_O_TRUNC (1 << 3)
/**
* Indicates that the filesystem supports lookups of "." and "..".
*
* This feature is disabled by default.
*/
#define FUSE_CAP_EXPORT_SUPPORT (1 << 4)
/**
* Indicates that the kernel should not apply the umask to the
* file mode on create operations.
*
* This feature is disabled by default.
*/
#define FUSE_CAP_DONT_MASK (1 << 6)
/**
* Indicates that libfuse should try to use splice() when writing to
* the fuse device. This may improve performance.
*
* This feature is disabled by default.
*/
#define FUSE_CAP_SPLICE_WRITE (1 << 7)
/**
* Indicates that libfuse should try to move pages instead of copying when
* writing to / reading from the fuse device. This may improve performance.
*
* This feature is disabled by default.
*/
#define FUSE_CAP_SPLICE_MOVE (1 << 8)
/**
* Indicates that libfuse should try to use splice() when reading from
* the fuse device. This may improve performance.
*
* This feature is enabled by default when supported by the kernel and
* if the filesystem implements a write_buf() handler.
*/
#define FUSE_CAP_SPLICE_READ (1 << 9)
/**
* If set, the calls to flock(2) will be emulated using POSIX locks and must
* then be handled by the filesystem's setlock() handler.
*
* If not set, flock(2) calls will be handled by the FUSE kernel module
* internally (so any access that does not go through the kernel cannot be taken
* into account).
*
* This feature is enabled by default when supported by the kernel and
* if the filesystem implements a flock() handler.
*/
#define FUSE_CAP_FLOCK_LOCKS (1 << 10)
/**
* Indicates that the filesystem supports ioctl's on directories.
*
* This feature is enabled by default when supported by the kernel.
*/
#define FUSE_CAP_IOCTL_DIR (1 << 11)
/**
* Traditionally, while a file is open the FUSE kernel module only
* asks the filesystem for an update of the file's attributes when a
* client attempts to read beyond EOF. This is unsuitable for
* e.g. network filesystems, where the file contents may change
* without the kernel knowing about it.
*
* If this flag is set, FUSE will check the validity of the attributes
* on every read. If the attributes are no longer valid (i.e., if the
* *attr_timeout* passed to fuse_reply_attr() or set in `struct
* fuse_entry_param` has passed), it will first issue a `getattr`
* request. If the new mtime differs from the previous value, any
* cached file *contents* will be invalidated as well.
*
* This flag should always be set when available. If all file changes
* go through the kernel, *attr_timeout* should be set to a very large
* number to avoid unnecessary getattr() calls.
*
* This feature is enabled by default when supported by the kernel.
*/
#define FUSE_CAP_AUTO_INVAL_DATA (1 << 12)
/**
* Indicates that the filesystem supports readdirplus.
*
* This feature is enabled by default when supported by the kernel and if the
* filesystem implements a readdirplus() handler.
*/
#define FUSE_CAP_READDIRPLUS (1 << 13)
/**
* Indicates that the filesystem supports adaptive readdirplus.
*
* If FUSE_CAP_READDIRPLUS is not set, this flag has no effect.
*
* If FUSE_CAP_READDIRPLUS is set and this flag is not set, the kernel
* will always issue readdirplus() requests to retrieve directory
* contents.
*
* If FUSE_CAP_READDIRPLUS is set and this flag is set, the kernel
* will issue both readdir() and readdirplus() requests, depending on
* how much information is expected to be required.
*
* As of Linux 4.20, the algorithm is as follows: when userspace
* starts to read directory entries, issue a READDIRPLUS request to
* the filesystem. If any entry attributes have been looked up by the
* time userspace requests the next batch of entries continue with
* READDIRPLUS, otherwise switch to plain READDIR. This will reasult
* in eg plain "ls" triggering READDIRPLUS first then READDIR after
* that because it doesn't do lookups. "ls -l" should result in all
* READDIRPLUS, except if dentries are already cached.
*
* This feature is enabled by default when supported by the kernel and
* if the filesystem implements both a readdirplus() and a readdir()
* handler.
*/
#define FUSE_CAP_READDIRPLUS_AUTO (1 << 14)
/**
* Indicates that the filesystem supports asynchronous direct I/O submission.
*
* If this capability is not requested/available, the kernel will ensure that
* there is at most one pending read and one pending write request per direct
* I/O file-handle at any time.
*
* This feature is enabled by default when supported by the kernel.
*/
#define FUSE_CAP_ASYNC_DIO (1 << 15)
/**
* Indicates that writeback caching should be enabled. This means that
* individual write request may be buffered and merged in the kernel
* before they are send to the filesystem.
*
* This feature is disabled by default.
*/
#define FUSE_CAP_WRITEBACK_CACHE (1 << 16)
/**
* Indicates support for zero-message opens. If this flag is set in
* the `capable` field of the `fuse_conn_info` structure, then the
* filesystem may return `ENOSYS` from the open() handler to indicate
* success. Further attempts to open files will be handled in the
* kernel. (If this flag is not set, returning ENOSYS will be treated
* as an error and signaled to the caller).
*
* Setting (or unsetting) this flag in the `want` field has *no
* effect*.
*/
#define FUSE_CAP_NO_OPEN_SUPPORT (1 << 17)
/**
* Indicates support for parallel directory operations. If this flag
* is unset, the FUSE kernel module will ensure that lookup() and
* readdir() requests are never issued concurrently for the same
* directory.
*
* This feature is enabled by default when supported by the kernel.
*/
#define FUSE_CAP_PARALLEL_DIROPS (1 << 18)
/**
* Indicates support for POSIX ACLs.
*
* If this feature is enabled, the kernel will cache and have
* responsibility for enforcing ACLs. ACL will be stored as xattrs and
* passed to userspace, which is responsible for updating the ACLs in
* the filesystem, keeping the file mode in sync with the ACL, and
* ensuring inheritance of default ACLs when new filesystem nodes are
* created. Note that this requires that the file system is able to
* parse and interpret the xattr representation of ACLs.
*
* Enabling this feature implicitly turns on the
* ``default_permissions`` mount option (even if it was not passed to
* mount(2)).
*
* This feature is disabled by default.
*/
#define FUSE_CAP_POSIX_ACL (1 << 19)
/**
* Indicates that the filesystem is responsible for unsetting
* setuid and setgid bits when a file is written, truncated, or
* its owner is changed.
*
* This feature is enabled by default when supported by the kernel.
*/
#define FUSE_CAP_HANDLE_KILLPRIV (1 << 20)
/**
* Indicates support for zero-message opendirs. If this flag is set in
* the `capable` field of the `fuse_conn_info` structure, then the filesystem
* may return `ENOSYS` from the opendir() handler to indicate success. Further
* opendir and releasedir messages will be handled in the kernel. (If this
* flag is not set, returning ENOSYS will be treated as an error and signalled
* to the caller.)
*
* Setting (or unsetting) this flag in the `want` field has *no effect*.
*/
#define FUSE_CAP_NO_OPENDIR_SUPPORT (1 << 24)
/**
* Indicates that the kernel supports the FUSE_ATTR_SUBMOUNT flag.
*
* Setting (or unsetting) this flag in the `want` field has *no effect*.
*/
#define FUSE_CAP_SUBMOUNTS (1 << 27)
/**
* Indicates that the filesystem is responsible for clearing
* security.capability xattr and clearing setuid and setgid bits. Following
* are the rules.
* - clear "security.capability" on write, truncate and chown unconditionally
* - clear suid/sgid if following is true. Note, sgid is cleared only if
* group executable bit is set.
* o setattr has FATTR_SIZE and FATTR_KILL_SUIDGID set.
* o setattr has FATTR_UID or FATTR_GID
* o open has O_TRUNC and FUSE_OPEN_KILL_SUIDGID
* o create has O_TRUNC and FUSE_OPEN_KILL_SUIDGID flag set.
* o write has FUSE_WRITE_KILL_SUIDGID
*/
#define FUSE_CAP_HANDLE_KILLPRIV_V2 (1 << 28)
/**
* Indicates that file server supports extended struct fuse_setxattr_in
*/
#define FUSE_CAP_SETXATTR_EXT (1 << 29)
/**
* Indicates that file server supports creating file security context
*/
#define FUSE_CAP_SECURITY_CTX (1ULL << 32)
/**
* Ioctl flags
*
* FUSE_IOCTL_COMPAT: 32bit compat ioctl on 64bit machine
* FUSE_IOCTL_UNRESTRICTED: not restricted to well-formed ioctls, retry allowed
* FUSE_IOCTL_RETRY: retry with new iovecs
* FUSE_IOCTL_DIR: is a directory
*
* FUSE_IOCTL_MAX_IOV: maximum of in_iovecs + out_iovecs
*/
#define FUSE_IOCTL_COMPAT (1 << 0)
#define FUSE_IOCTL_UNRESTRICTED (1 << 1)
#define FUSE_IOCTL_RETRY (1 << 2)
#define FUSE_IOCTL_DIR (1 << 4)
#define FUSE_IOCTL_MAX_IOV 256
/**
* Connection information, passed to the ->init() method
*
* Some of the elements are read-write, these can be changed to
* indicate the value requested by the filesystem. The requested
* value must usually be smaller than the indicated value.
*/
struct fuse_conn_info {
/**
* Major version of the protocol (read-only)
*/
unsigned proto_major;
/**
* Minor version of the protocol (read-only)
*/
unsigned proto_minor;
/**
* Maximum size of the write buffer
*/
unsigned max_write;
/**
* Maximum size of read requests. A value of zero indicates no
* limit. However, even if the filesystem does not specify a
* limit, the maximum size of read requests will still be
* limited by the kernel.
*
* NOTE: For the time being, the maximum size of read requests
* must be set both here *and* passed to fuse_session_new()
* using the ``-o max_read=<n>`` mount option. At some point
* in the future, specifying the mount option will no longer
* be necessary.
*/
unsigned max_read;
/**
* Maximum readahead
*/
unsigned max_readahead;
/**
* Capability flags that the kernel supports (read-only)
*/
uint64_t capable;
/**
* Capability flags that the filesystem wants to enable.
*
* libfuse attempts to initialize this field with
* reasonable default values before calling the init() handler.
*/
uint64_t want;
/**
* Maximum number of pending "background" requests. A
* background request is any type of request for which the
* total number is not limited by other means. As of kernel
* 4.8, only two types of requests fall into this category:
*
* 1. Read-ahead requests
* 2. Asynchronous direct I/O requests
*
* Read-ahead requests are generated (if max_readahead is
* non-zero) by the kernel to preemptively fill its caches
* when it anticipates that userspace will soon read more
* data.
*
* Asynchronous direct I/O requests are generated if
* FUSE_CAP_ASYNC_DIO is enabled and userspace submits a large
* direct I/O request. In this case the kernel will internally
* split it up into multiple smaller requests and submit them
* to the filesystem concurrently.
*
* Note that the following requests are *not* background
* requests: writeback requests (limited by the kernel's
* flusher algorithm), regular (i.e., synchronous and
* buffered) userspace read/write requests (limited to one per
* thread), asynchronous read requests (Linux's io_submit(2)
* call actually blocks, so these are also limited to one per
* thread).
*/
unsigned max_background;
/**
* Kernel congestion threshold parameter. If the number of pending
* background requests exceeds this number, the FUSE kernel module will
* mark the filesystem as "congested". This instructs the kernel to
* expect that queued requests will take some time to complete, and to
* adjust its algorithms accordingly (e.g. by putting a waiting thread
* to sleep instead of using a busy-loop).
*/
unsigned congestion_threshold;
/**
* When FUSE_CAP_WRITEBACK_CACHE is enabled, the kernel is responsible
* for updating mtime and ctime when write requests are received. The
* updated values are passed to the filesystem with setattr() requests.
* However, if the filesystem does not support the full resolution of
* the kernel timestamps (nanoseconds), the mtime and ctime values used
* by kernel and filesystem will differ (and result in an apparent
* change of times after a cache flush).
*
* To prevent this problem, this variable can be used to inform the
* kernel about the timestamp granularity supported by the file-system.
* The value should be power of 10. The default is 1, i.e. full
* nano-second resolution. Filesystems supporting only second resolution
* should set this to 1000000000.
*/
unsigned time_gran;
/**
* For future use.
*/
unsigned reserved[22];
};
struct fuse_session;
struct fuse_pollhandle;
struct fuse_conn_info_opts;
/**
* This function parses several command-line options that can be used
* to override elements of struct fuse_conn_info. The pointer returned
* by this function should be passed to the
* fuse_apply_conn_info_opts() method by the file system's init()
* handler.
*
* Before using this function, think twice if you really want these
* parameters to be adjustable from the command line. In most cases,
* they should be determined by the file system internally.
*
* The following options are recognized:
*
* -o max_write=N sets conn->max_write
* -o max_readahead=N sets conn->max_readahead
* -o max_background=N sets conn->max_background
* -o congestion_threshold=N sets conn->congestion_threshold
* -o async_read sets FUSE_CAP_ASYNC_READ in conn->want
* -o sync_read unsets FUSE_CAP_ASYNC_READ in conn->want
* -o atomic_o_trunc sets FUSE_CAP_ATOMIC_O_TRUNC in conn->want
* -o no_remote_lock Equivalent to -o
*no_remote_flock,no_remote_posix_lock -o no_remote_flock Unsets
*FUSE_CAP_FLOCK_LOCKS in conn->want -o no_remote_posix_lock Unsets
*FUSE_CAP_POSIX_LOCKS in conn->want -o [no_]splice_write (un-)sets
*FUSE_CAP_SPLICE_WRITE in conn->want -o [no_]splice_move (un-)sets
*FUSE_CAP_SPLICE_MOVE in conn->want -o [no_]splice_read (un-)sets
*FUSE_CAP_SPLICE_READ in conn->want -o [no_]auto_inval_data (un-)sets
*FUSE_CAP_AUTO_INVAL_DATA in conn->want -o readdirplus=no unsets
*FUSE_CAP_READDIRPLUS in conn->want -o readdirplus=yes sets
*FUSE_CAP_READDIRPLUS and unsets FUSE_CAP_READDIRPLUS_AUTO in conn->want -o
*readdirplus=auto sets FUSE_CAP_READDIRPLUS and FUSE_CAP_READDIRPLUS_AUTO
*in conn->want -o [no_]async_dio (un-)sets FUSE_CAP_ASYNC_DIO in
*conn->want -o [no_]writeback_cache (un-)sets FUSE_CAP_WRITEBACK_CACHE in
*conn->want -o time_gran=N sets conn->time_gran
*
* Known options will be removed from *args*, unknown options will be
* passed through unchanged.
*
* @param args argument vector (input+output)
* @return parsed options
**/
struct fuse_conn_info_opts *fuse_parse_conn_info_opts(struct fuse_args *args);
/**
* This function applies the (parsed) parameters in *opts* to the
* *conn* pointer. It may modify the following fields: wants,
* max_write, max_readahead, congestion_threshold, max_background,
* time_gran. A field is only set (or unset) if the corresponding
* option has been explicitly set.
*/
void fuse_apply_conn_info_opts(struct fuse_conn_info_opts *opts,
struct fuse_conn_info *conn);
/**
* Go into the background
*
* @param foreground if true, stay in the foreground
* @return 0 on success, -1 on failure
*/
int fuse_daemonize(int foreground);
/**
* Get the version of the library
*
* @return the version
*/
int fuse_version(void);
/**
* Get the full package version string of the library
*
* @return the package version
*/
const char *fuse_pkgversion(void);
/**
* Destroy poll handle
*
* @param ph the poll handle
*/
void fuse_pollhandle_destroy(struct fuse_pollhandle *ph);
/*
* Data buffer
*/
/**
* Buffer flags
*/
enum fuse_buf_flags {
/**
* Buffer contains a file descriptor
*
* If this flag is set, the .fd field is valid, otherwise the
* .mem fields is valid.
*/
FUSE_BUF_IS_FD = (1 << 1),
/**
* Seek on the file descriptor
*
* If this flag is set then the .pos field is valid and is
* used to seek to the given offset before performing
* operation on file descriptor.
*/
FUSE_BUF_FD_SEEK = (1 << 2),
/**
* Retry operation on file descriptor
*
* If this flag is set then retry operation on file descriptor
* until .size bytes have been copied or an error or EOF is
* detected.
*/
FUSE_BUF_FD_RETRY = (1 << 3),
};
/**
* Single data buffer
*
* Generic data buffer for I/O, extended attributes, etc... Data may
* be supplied as a memory pointer or as a file descriptor
*/
struct fuse_buf {
/**
* Size of data in bytes
*/
size_t size;
/**
* Buffer flags
*/
enum fuse_buf_flags flags;
/**
* Memory pointer
*
* Used unless FUSE_BUF_IS_FD flag is set.
*/
void *mem;
/**
* File descriptor
*
* Used if FUSE_BUF_IS_FD flag is set.
*/
int fd;
/**
* File position
*
* Used if FUSE_BUF_FD_SEEK flag is set.
*/
off_t pos;
};
/**
* Data buffer vector
*
* An array of data buffers, each containing a memory pointer or a
* file descriptor.
*
* Allocate dynamically to add more than one buffer.
*/
struct fuse_bufvec {
/**
* Number of buffers in the array
*/
size_t count;
/**
* Index of current buffer within the array
*/
size_t idx;
/**
* Current offset within the current buffer
*/
size_t off;
/**
* Array of buffers
*/
struct fuse_buf buf[1];
};
/* Initialize bufvec with a single buffer of given size */
#define FUSE_BUFVEC_INIT(size__) \
((struct fuse_bufvec){ /* .count= */ 1, \
/* .idx = */ 0, \
/* .off = */ 0, /* .buf = */ \
{ /* [0] = */ { \
/* .size = */ (size__), \
/* .flags = */ (enum fuse_buf_flags)0, \
/* .mem = */ NULL, \
/* .fd = */ -1, \
/* .pos = */ 0, \
} } })
/**
* Get total size of data in a fuse buffer vector
*
* @param bufv buffer vector
* @return size of data
*/
size_t fuse_buf_size(const struct fuse_bufvec *bufv);
/**
* Copy data from one buffer vector to another
*
* @param dst destination buffer vector
* @param src source buffer vector
* @return actual number of bytes copied or -errno on error
*/
ssize_t fuse_buf_copy(struct fuse_bufvec *dst, struct fuse_bufvec *src);
/**
* Memory buffer iterator
*
*/
struct fuse_mbuf_iter {
/**
* Data pointer
*/
void *mem;
/**
* Total length, in bytes
*/
size_t size;
/**
* Offset from start of buffer
*/
size_t pos;
};
/* Initialize memory buffer iterator from a fuse_buf */
#define FUSE_MBUF_ITER_INIT(fbuf) \
((struct fuse_mbuf_iter){ \
.mem = fbuf->mem, \
.size = fbuf->size, \
.pos = 0, \
})
/**
* Consume bytes from a memory buffer iterator
*
* @param iter memory buffer iterator
* @param len number of bytes to consume
* @return pointer to start of consumed bytes or
* NULL if advancing beyond end of buffer
*/
void *fuse_mbuf_iter_advance(struct fuse_mbuf_iter *iter, size_t len);
/**
* Consume a NUL-terminated string from a memory buffer iterator
*
* @param iter memory buffer iterator
* @return pointer to the string or
* NULL if advancing beyond end of buffer or there is no NUL-terminator
*/
const char *fuse_mbuf_iter_advance_str(struct fuse_mbuf_iter *iter);
/*
* Signal handling
*/
/**
* Exit session on HUP, TERM and INT signals and ignore PIPE signal
*
* Stores session in a global variable. May only be called once per
* process until fuse_remove_signal_handlers() is called.
*
* Once either of the POSIX signals arrives, the signal handler calls
* fuse_session_exit().
*
* @param se the session to exit
* @return 0 on success, -1 on failure
*
* See also:
* fuse_remove_signal_handlers()
*/
int fuse_set_signal_handlers(struct fuse_session *se);
/**
* Restore default signal handlers
*
* Resets global session. After this fuse_set_signal_handlers() may
* be called again.
*
* @param se the same session as given in fuse_set_signal_handlers()
*
* See also:
* fuse_set_signal_handlers()
*/
void fuse_remove_signal_handlers(struct fuse_session *se);
/*
* Compatibility stuff
*/
#if !defined(FUSE_USE_VERSION) || FUSE_USE_VERSION < 30
#error only API version 30 or greater is supported
#endif
/*
* This interface uses 64 bit off_t.
*
* On 32bit systems please add -D_FILE_OFFSET_BITS=64 to your compile flags!
*/
QEMU_BUILD_BUG_ON(sizeof(off_t) != 8);
#endif /* FUSE_COMMON_H_ */

107
tools/virtiofsd/fuse_i.h
View File

@ -1,107 +0,0 @@
/*
* FUSE: Filesystem in Userspace
* Copyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu>
*
* This program can be distributed under the terms of the GNU LGPLv2.
* See the file COPYING.LIB
*/
#ifndef FUSE_I_H
#define FUSE_I_H
#define FUSE_USE_VERSION 31
#include "fuse_lowlevel.h"
struct fv_VuDev;
struct fv_QueueInfo;
struct fuse_security_context {
const char *name;
uint32_t ctxlen;
const void *ctx;
};
struct fuse_req {
struct fuse_session *se;
uint64_t unique;
int ctr;
pthread_mutex_t lock;
struct fuse_ctx ctx;
struct fuse_chan *ch;
int interrupted;
unsigned int ioctl_64bit:1;
union {
struct {
uint64_t unique;
} i;
struct {
fuse_interrupt_func_t func;
void *data;
} ni;
} u;
struct fuse_req *next;
struct fuse_req *prev;
struct fuse_security_context secctx;
};
struct fuse_notify_req {
uint64_t unique;
void (*reply)(struct fuse_notify_req *, fuse_req_t, fuse_ino_t,
const void *, const struct fuse_buf *);
struct fuse_notify_req *next;
struct fuse_notify_req *prev;
};
struct fuse_session {
char *mountpoint;
volatile int exited;
int fd;
int debug;
int deny_others;
struct fuse_lowlevel_ops op;
int got_init;
struct cuse_data *cuse_data;
void *userdata;
uid_t owner;
struct fuse_conn_info conn;
struct fuse_req list;
struct fuse_req interrupts;
pthread_mutex_t lock;
pthread_rwlock_t init_rwlock;
int got_destroy;
int broken_splice_nonblock;
uint64_t notify_ctr;
struct fuse_notify_req notify_list;
size_t bufsize;
int error;
char *vu_socket_path;
char *vu_socket_group;
int vu_listen_fd;
int vu_socketfd;
struct fv_VuDev *virtio_dev;
int thread_pool_size;
};
struct fuse_chan {
pthread_mutex_t lock;
int ctr;
int fd;
struct fv_QueueInfo *qi;
};
int fuse_send_reply_iov_nofree(fuse_req_t req, int error, struct iovec *iov,
int count);
void fuse_free_req(fuse_req_t req);
void fuse_session_process_buf_int(struct fuse_session *se,
struct fuse_bufvec *bufv,
struct fuse_chan *ch);
#define FUSE_MAX_MAX_PAGES 256
#define FUSE_DEFAULT_MAX_PAGES_PER_REQ 32
/* room needed in buffer to accommodate header */
#define FUSE_BUFFER_HEADER_SIZE 0x1000
#endif

40
tools/virtiofsd/fuse_log.c
View File

@ -1,40 +0,0 @@
/*
* FUSE: Filesystem in Userspace
* Copyright (C) 2019 Red Hat, Inc.
*
* Logging API.
*
* This program can be distributed under the terms of the GNU LGPLv2.
* See the file COPYING.LIB
*/
#include "qemu/osdep.h"
#include "fuse_log.h"
G_GNUC_PRINTF(2, 0)
static void default_log_func(__attribute__((unused)) enum fuse_log_level level,
const char *fmt, va_list ap)
{
vfprintf(stderr, fmt, ap);
}
static fuse_log_func_t log_func = default_log_func;
void fuse_set_log_func(fuse_log_func_t func)
{
if (!func) {
func = default_log_func;
}
log_func = func;
}
void fuse_log(enum fuse_log_level level, const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
log_func(level, fmt, ap);
va_end(ap);
}

75
tools/virtiofsd/fuse_log.h
View File

@ -1,75 +0,0 @@
/*
* FUSE: Filesystem in Userspace
* Copyright (C) 2019 Red Hat, Inc.
*
* This program can be distributed under the terms of the GNU LGPLv2.
* See the file COPYING.LIB.
*/
#ifndef FUSE_LOG_H_
#define FUSE_LOG_H_
/** @file
*
* This file defines the logging interface of FUSE
*/
/**
* Log severity level
*
* These levels correspond to syslog(2) log levels since they are widely used.
*/
enum fuse_log_level {
FUSE_LOG_EMERG,
FUSE_LOG_ALERT,
FUSE_LOG_CRIT,
FUSE_LOG_ERR,
FUSE_LOG_WARNING,
FUSE_LOG_NOTICE,
FUSE_LOG_INFO,
FUSE_LOG_DEBUG
};
/**
* Log message handler function.
*
* This function must be thread-safe. It may be called from any libfuse
* function, including fuse_parse_cmdline() and other functions invoked before
* a FUSE filesystem is created.
*
* Install a custom log message handler function using fuse_set_log_func().
*
* @param level log severity level
* @param fmt sprintf-style format string including newline
* @param ap format string arguments
*/
typedef void (*fuse_log_func_t)(enum fuse_log_level level, const char *fmt,
va_list ap)
G_GNUC_PRINTF(2, 0);
/**
* Install a custom log handler function.
*
* Log messages are emitted by libfuse functions to report errors and debug
* information. Messages are printed to stderr by default but this can be
* overridden by installing a custom log message handler function.
*
* The log message handler function is global and affects all FUSE filesystems
* created within this process.
*
* @param func a custom log message handler function or NULL to revert to
* the default
*/
void fuse_set_log_func(fuse_log_func_t func);
/**
* Emit a log message
*
* @param level severity level (FUSE_LOG_ERR, FUSE_LOG_DEBUG, etc)
* @param fmt sprintf-style format string including newline
*/
void fuse_log(enum fuse_log_level level, const char *fmt, ...)
G_GNUC_PRINTF(2, 3);
#endif /* FUSE_LOG_H_ */

2732
tools/virtiofsd/fuse_lowlevel.c
View File

File diff suppressed because it is too large Load Diff

1988
tools/virtiofsd/fuse_lowlevel.h
View File

File diff suppressed because it is too large Load Diff

59
tools/virtiofsd/fuse_misc.h
View File

@ -1,59 +0,0 @@
/*
* FUSE: Filesystem in Userspace
* Copyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu>
*
* This program can be distributed under the terms of the GNU LGPLv2.
* See the file COPYING.LIB
*/
#include <pthread.h>
/*
* Versioned symbols cannot be used in some cases because it
* - confuse the dynamic linker in uClibc
* - not supported on MacOSX (in MachO binary format)
*/
#if (!defined(__UCLIBC__) && !defined(__APPLE__))
#define FUSE_SYMVER(x) __asm__(x)
#else
#define FUSE_SYMVER(x)
#endif
#ifndef USE_UCLIBC
#define fuse_mutex_init(mut) pthread_mutex_init(mut, NULL)
#else
/* Is this hack still needed? */
static inline void fuse_mutex_init(pthread_mutex_t *mut)
{
pthread_mutexattr_t attr;
pthread_mutexattr_init(&attr);
pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ADAPTIVE_NP);
pthread_mutex_init(mut, &attr);
pthread_mutexattr_destroy(&attr);
}
#endif
#ifdef HAVE_STRUCT_STAT_ST_ATIM
/* Linux */
#define ST_ATIM_NSEC(stbuf) ((stbuf)->st_atim.tv_nsec)
#define ST_CTIM_NSEC(stbuf) ((stbuf)->st_ctim.tv_nsec)
#define ST_MTIM_NSEC(stbuf) ((stbuf)->st_mtim.tv_nsec)
#define ST_ATIM_NSEC_SET(stbuf, val) (stbuf)->st_atim.tv_nsec = (val)
#define ST_CTIM_NSEC_SET(stbuf, val) (stbuf)->st_ctim.tv_nsec = (val)
#define ST_MTIM_NSEC_SET(stbuf, val) (stbuf)->st_mtim.tv_nsec = (val)
#elif defined(HAVE_STRUCT_STAT_ST_ATIMESPEC)
/* FreeBSD */
#define ST_ATIM_NSEC(stbuf) ((stbuf)->st_atimespec.tv_nsec)
#define ST_CTIM_NSEC(stbuf) ((stbuf)->st_ctimespec.tv_nsec)
#define ST_MTIM_NSEC(stbuf) ((stbuf)->st_mtimespec.tv_nsec)
#define ST_ATIM_NSEC_SET(stbuf, val) (stbuf)->st_atimespec.tv_nsec = (val)
#define ST_CTIM_NSEC_SET(stbuf, val) (stbuf)->st_ctimespec.tv_nsec = (val)
#define ST_MTIM_NSEC_SET(stbuf, val) (stbuf)->st_mtimespec.tv_nsec = (val)
#else
#define ST_ATIM_NSEC(stbuf) 0
#define ST_CTIM_NSEC(stbuf) 0
#define ST_MTIM_NSEC(stbuf) 0
#define ST_ATIM_NSEC_SET(stbuf, val) do { } while (0)
#define ST_CTIM_NSEC_SET(stbuf, val) do { } while (0)
#define ST_MTIM_NSEC_SET(stbuf, val) do { } while (0)
#endif

446
tools/virtiofsd/fuse_opt.c
View File

@ -1,446 +0,0 @@
/*
* FUSE: Filesystem in Userspace
* Copyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu>
*
* Implementation of option parsing routines (dealing with `struct
* fuse_args`).
*
* This program can be distributed under the terms of the GNU LGPLv2.
* See the file COPYING.LIB
*/
#include "qemu/osdep.h"
#include "fuse_opt.h"
#include "fuse_i.h"
#include "fuse_misc.h"
struct fuse_opt_context {
void *data;
const struct fuse_opt *opt;
fuse_opt_proc_t proc;
int argctr;
int argc;
char **argv;
struct fuse_args outargs;
char *opts;
int nonopt;
};
void fuse_opt_free_args(struct fuse_args *args)
{
if (args) {
if (args->argv && args->allocated) {
int i;
for (i = 0; i < args->argc; i++) {
free(args->argv[i]);
}
free(args->argv);
}
args->argc = 0;
args->argv = NULL;
args->allocated = 0;
}
}
static int alloc_failed(void)
{
fuse_log(FUSE_LOG_ERR, "fuse: memory allocation failed\n");
return -1;
}
int fuse_opt_add_arg(struct fuse_args *args, const char *arg)
{
char **newargv;
char *newarg;
assert(!args->argv || args->allocated);
newarg = strdup(arg);
if (!newarg) {
return alloc_failed();
}
newargv = realloc(args->argv, (args->argc + 2) * sizeof(char *));
if (!newargv) {
free(newarg);
return alloc_failed();
}
args->argv = newargv;
args->allocated = 1;
args->argv[args->argc++] = newarg;
args->argv[args->argc] = NULL;
return 0;
}
static int fuse_opt_insert_arg_common(struct fuse_args *args, int pos,
const char *arg)
{
assert(pos <= args->argc);
if (fuse_opt_add_arg(args, arg) == -1) {
return -1;
}
if (pos != args->argc - 1) {
char *newarg = args->argv[args->argc - 1];
memmove(&args->argv[pos + 1], &args->argv[pos],
sizeof(char *) * (args->argc - pos - 1));
args->argv[pos] = newarg;
}
return 0;
}
int fuse_opt_insert_arg(struct fuse_args *args, int pos, const char *arg)
{
return fuse_opt_insert_arg_common(args, pos, arg);
}
static int next_arg(struct fuse_opt_context *ctx, const char *opt)
{
if (ctx->argctr + 1 >= ctx->argc) {
fuse_log(FUSE_LOG_ERR, "fuse: missing argument after `%s'\n", opt);
return -1;
}
ctx->argctr++;
return 0;
}
static int add_arg(struct fuse_opt_context *ctx, const char *arg)
{
return fuse_opt_add_arg(&ctx->outargs, arg);
}
static int add_opt_common(char **opts, const char *opt, int esc)
{
unsigned oldlen = *opts ? strlen(*opts) : 0;
char *d = realloc(*opts, oldlen + 1 + strlen(opt) * 2 + 1);
if (!d) {
return alloc_failed();
}
*opts = d;
if (oldlen) {
d += oldlen;
*d++ = ',';
}
for (; *opt; opt++) {
if (esc && (*opt == ',' || *opt == '\\')) {
*d++ = '\\';
}
*d++ = *opt;
}
*d = '\0';
return 0;
}
int fuse_opt_add_opt(char **opts, const char *opt)
{
return add_opt_common(opts, opt, 0);
}
int fuse_opt_add_opt_escaped(char **opts, const char *opt)
{
return add_opt_common(opts, opt, 1);
}
static int add_opt(struct fuse_opt_context *ctx, const char *opt)
{
return add_opt_common(&ctx->opts, opt, 1);
}
static int call_proc(struct fuse_opt_context *ctx, const char *arg, int key,
int iso)
{
if (key == FUSE_OPT_KEY_DISCARD) {
return 0;
}
if (key != FUSE_OPT_KEY_KEEP && ctx->proc) {
int res = ctx->proc(ctx->data, arg, key, &ctx->outargs);
if (res == -1 || !res) {
return res;
}
}
if (iso) {
return add_opt(ctx, arg);
} else {
return add_arg(ctx, arg);
}
}
static int match_template(const char *t, const char *arg, unsigned *sepp)
{
int arglen = strlen(arg);
const char *sep = strchr(t, '=');
sep = sep ? sep : strchr(t, ' ');
if (sep && (!sep[1] || sep[1] == '%')) {
int tlen = sep - t;
if (sep[0] == '=') {
tlen++;
}
if (arglen >= tlen && strncmp(arg, t, tlen) == 0) {
*sepp = sep - t;
return 1;
}
}
if (strcmp(t, arg) == 0) {
*sepp = 0;
return 1;
}
return 0;
}
static const struct fuse_opt *find_opt(const struct fuse_opt *opt,
const char *arg, unsigned *sepp)
{
for (; opt && opt->templ; opt++) {
if (match_template(opt->templ, arg, sepp)) {
return opt;
}
}
return NULL;
}
int fuse_opt_match(const struct fuse_opt *opts, const char *opt)
{
unsigned dummy;
return find_opt(opts, opt, &dummy) ? 1 : 0;
}
static int process_opt_param(void *var, const char *format, const char *param,
const char *arg)
{
assert(format[0] == '%');
if (format[1] == 's') {
char **s = var;
char *copy = strdup(param);
if (!copy) {
return alloc_failed();
}
free(*s);
*s = copy;
} else {
if (sscanf(param, format, var) != 1) {
fuse_log(FUSE_LOG_ERR, "fuse: invalid parameter in option `%s'\n",
arg);
return -1;
}
}
return 0;
}
static int process_opt(struct fuse_opt_context *ctx, const struct fuse_opt *opt,
unsigned sep, const char *arg, int iso)
{
if (opt->offset == -1U) {
if (call_proc(ctx, arg, opt->value, iso) == -1) {
return -1;
}
} else {
void *var = (char *)ctx->data + opt->offset;
if (sep && opt->templ[sep + 1]) {
const char *param = arg + sep;
if (opt->templ[sep] == '=') {
param++;
}
if (process_opt_param(var, opt->templ + sep + 1, param, arg) ==
-1) {
return -1;
}
} else {
*(int *)var = opt->value;
}
}
return 0;
}
static int process_opt_sep_arg(struct fuse_opt_context *ctx,
const struct fuse_opt *opt, unsigned sep,
const char *arg, int iso)
{
int res;
char *newarg;
char *param;
if (next_arg(ctx, arg) == -1) {
return -1;
}
param = ctx->argv[ctx->argctr];
newarg = g_try_malloc(sep + strlen(param) + 1);
if (!newarg) {
return alloc_failed();
}
memcpy(newarg, arg, sep);
strcpy(newarg + sep, param);
res = process_opt(ctx, opt, sep, newarg, iso);
g_free(newarg);
return res;
}
static int process_gopt(struct fuse_opt_context *ctx, const char *arg, int iso)
{
unsigned sep;
const struct fuse_opt *opt = find_opt(ctx->opt, arg, &sep);
if (opt) {
for (; opt; opt = find_opt(opt + 1, arg, &sep)) {
int res;
if (sep && opt->templ[sep] == ' ' && !arg[sep]) {
res = process_opt_sep_arg(ctx, opt, sep, arg, iso);
} else {
res = process_opt(ctx, opt, sep, arg, iso);
}
if (res == -1) {
return -1;
}
}
return 0;
} else {
return call_proc(ctx, arg, FUSE_OPT_KEY_OPT, iso);
}
}
static int process_real_option_group(struct fuse_opt_context *ctx, char *opts)
{
char *s = opts;
char *d = s;
int end = 0;
while (!end) {
if (*s == '\0') {
end = 1;
}
if (*s == ',' || end) {
int res;
*d = '\0';
res = process_gopt(ctx, opts, 1);
if (res == -1) {
return -1;
}
d = opts;
} else {
if (s[0] == '\\' && s[1] != '\0') {
s++;
if (s[0] >= '0' && s[0] <= '3' && s[1] >= '0' && s[1] <= '7' &&
s[2] >= '0' && s[2] <= '7') {
*d++ = (s[0] - '0') * 0100 + (s[1] - '0') * 0010 +
(s[2] - '0');
s += 2;
} else {
*d++ = *s;
}
} else {
*d++ = *s;
}
}
s++;
}
return 0;
}
static int process_option_group(struct fuse_opt_context *ctx, const char *opts)
{
int res;
char *copy = strdup(opts);
if (!copy) {
fuse_log(FUSE_LOG_ERR, "fuse: memory allocation failed\n");
return -1;
}
res = process_real_option_group(ctx, copy);
free(copy);
return res;
}
static int process_one(struct fuse_opt_context *ctx, const char *arg)
{
if (ctx->nonopt || arg[0] != '-') {
return call_proc(ctx, arg, FUSE_OPT_KEY_NONOPT, 0);
} else if (arg[1] == 'o') {
if (arg[2]) {
return process_option_group(ctx, arg + 2);
} else {
if (next_arg(ctx, arg) == -1) {
return -1;
}
return process_option_group(ctx, ctx->argv[ctx->argctr]);
}
} else if (arg[1] == '-' && !arg[2]) {
if (add_arg(ctx, arg) == -1) {
return -1;
}
ctx->nonopt = ctx->outargs.argc;
return 0;
} else {
return process_gopt(ctx, arg, 0);
}
}
static int opt_parse(struct fuse_opt_context *ctx)
{
if (ctx->argc) {
if (add_arg(ctx, ctx->argv[0]) == -1) {
return -1;
}
}
for (ctx->argctr = 1; ctx->argctr < ctx->argc; ctx->argctr++) {
if (process_one(ctx, ctx->argv[ctx->argctr]) == -1) {
return -1;
}
}
if (ctx->opts) {
if (fuse_opt_insert_arg(&ctx->outargs, 1, "-o") == -1 ||
fuse_opt_insert_arg(&ctx->outargs, 2, ctx->opts) == -1) {
return -1;
}
}
/* If option separator ("--") is the last argument, remove it */
if (ctx->nonopt && ctx->nonopt == ctx->outargs.argc &&
strcmp(ctx->outargs.argv[ctx->outargs.argc - 1], "--") == 0) {
free(ctx->outargs.argv[ctx->outargs.argc - 1]);
ctx->outargs.argv[--ctx->outargs.argc] = NULL;
}
return 0;
}
int fuse_opt_parse(struct fuse_args *args, void *data,
const struct fuse_opt opts[], fuse_opt_proc_t proc)
{
int res;
struct fuse_opt_context ctx = {
.data = data,
.opt = opts,
.proc = proc,
};
if (!args || !args->argv || !args->argc) {
return 0;
}
ctx.argc = args->argc;
ctx.argv = args->argv;
res = opt_parse(&ctx);
if (res != -1) {
struct fuse_args tmp = *args;
*args = ctx.outargs;
ctx.outargs = tmp;
}
free(ctx.opts);
fuse_opt_free_args(&ctx.outargs);
return res;
}

272
tools/virtiofsd/fuse_opt.h
View File

@ -1,272 +0,0 @@
/*
* FUSE: Filesystem in Userspace
* Copyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu>
*
* This program can be distributed under the terms of the GNU LGPLv2.
* See the file COPYING.LIB.
*/
#ifndef FUSE_OPT_H_
#define FUSE_OPT_H_
/** @file
*
* This file defines the option parsing interface of FUSE
*/
/**
* Option description
*
* This structure describes a single option, and action associated
* with it, in case it matches.
*
* More than one such match may occur, in which case the action for
* each match is executed.
*
* There are three possible actions in case of a match:
*
* i) An integer (int or unsigned) variable determined by 'offset' is
* set to 'value'
*
* ii) The processing function is called, with 'value' as the key
*
* iii) An integer (any) or string (char *) variable determined by
* 'offset' is set to the value of an option parameter
*
* 'offset' should normally be either set to
*
* - 'offsetof(struct foo, member)' actions i) and iii)
*
* - -1 action ii)
*
* The 'offsetof()' macro is defined in the <stddef.h> header.
*
* The template determines which options match, and also have an
* effect on the action. Normally the action is either i) or ii), but
* if a format is present in the template, then action iii) is
* performed.
*
* The types of templates are:
*
* 1) "-x", "-foo", "--foo", "--foo-bar", etc. These match only
* themselves. Invalid values are "--" and anything beginning
* with "-o"
*
* 2) "foo", "foo-bar", etc. These match "-ofoo", "-ofoo-bar" or
* the relevant option in a comma separated option list
*
* 3) "bar=", "--foo=", etc. These are variations of 1) and 2)
* which have a parameter
*
* 4) "bar=%s", "--foo=%lu", etc. Same matching as above but perform
* action iii).
*
* 5) "-x ", etc. Matches either "-xparam" or "-x param" as
* two separate arguments
*
* 6) "-x %s", etc. Combination of 4) and 5)
*
* If the format is "%s", memory is allocated for the string unlike with
* scanf(). The previous value (if non-NULL) stored at the this location is
* freed.
*/
struct fuse_opt {
/** Matching template and optional parameter formatting */
const char *templ;
/**
* Offset of variable within 'data' parameter of fuse_opt_parse()
* or -1
*/
unsigned long offset;
/**
* Value to set the variable to, or to be passed as 'key' to the
* processing function. Ignored if template has a format
*/
int value;
};
/**
* Key option. In case of a match, the processing function will be
* called with the specified key.
*/
#define FUSE_OPT_KEY(templ, key) \
{ \
templ, -1U, key \
}
/**
* Last option. An array of 'struct fuse_opt' must end with a NULL
* template value
*/
#define FUSE_OPT_END \
{ \
NULL, 0, 0 \
}
/**
* Argument list
*/
struct fuse_args {
/** Argument count */
int argc;
/** Argument vector. NULL terminated */
char **argv;
/** Is 'argv' allocated? */
int allocated;
};
/**
* Initializer for 'struct fuse_args'
*/
#define FUSE_ARGS_INIT(argc, argv) \
{ \
argc, argv, 0 \
}
/**
* Key value passed to the processing function if an option did not
* match any template
*/
#define FUSE_OPT_KEY_OPT -1
/**
* Key value passed to the processing function for all non-options
*
* Non-options are the arguments beginning with a character other than
* '-' or all arguments after the special '--' option
*/
#define FUSE_OPT_KEY_NONOPT -2
/**
* Special key value for options to keep
*
* Argument is not passed to processing function, but behave as if the
* processing function returned 1
*/
#define FUSE_OPT_KEY_KEEP -3
/**
* Special key value for options to discard
*
* Argument is not passed to processing function, but behave as if the
* processing function returned zero
*/
#define FUSE_OPT_KEY_DISCARD -4
/**
* Processing function
*
* This function is called if
* - option did not match any 'struct fuse_opt'
* - argument is a non-option
* - option did match and offset was set to -1
*
* The 'arg' parameter will always contain the whole argument or
* option including the parameter if exists. A two-argument option
* ("-x foo") is always converted to single argument option of the
* form "-xfoo" before this function is called.
*
* Options of the form '-ofoo' are passed to this function without the
* '-o' prefix.
*
* The return value of this function determines whether this argument
* is to be inserted into the output argument vector, or discarded.
*
* @param data is the user data passed to the fuse_opt_parse() function
* @param arg is the whole argument or option
* @param key determines why the processing function was called
* @param outargs the current output argument list
* @return -1 on error, 0 if arg is to be discarded, 1 if arg should be kept
*/
typedef int (*fuse_opt_proc_t)(void *data, const char *arg, int key,
struct fuse_args *outargs);
/**
* Option parsing function
*
* If 'args' was returned from a previous call to fuse_opt_parse() or
* it was constructed from
*
* A NULL 'args' is equivalent to an empty argument vector
*
* A NULL 'opts' is equivalent to an 'opts' array containing a single
* end marker
*
* A NULL 'proc' is equivalent to a processing function always
* returning '1'
*
* @param args is the input and output argument list
* @param data is the user data
* @param opts is the option description array
* @param proc is the processing function
* @return -1 on error, 0 on success
*/
int fuse_opt_parse(struct fuse_args *args, void *data,
const struct fuse_opt opts[], fuse_opt_proc_t proc);
/**
* Add an option to a comma separated option list
*
* @param opts is a pointer to an option list, may point to a NULL value
* @param opt is the option to add
* @return -1 on allocation error, 0 on success
*/
int fuse_opt_add_opt(char **opts, const char *opt);
/**
* Add an option, escaping commas, to a comma separated option list
*
* @param opts is a pointer to an option list, may point to a NULL value
* @param opt is the option to add
* @return -1 on allocation error, 0 on success
*/
int fuse_opt_add_opt_escaped(char **opts, const char *opt);
/**
* Add an argument to a NULL terminated argument vector
*
* @param args is the structure containing the current argument list
* @param arg is the new argument to add
* @return -1 on allocation error, 0 on success
*/
int fuse_opt_add_arg(struct fuse_args *args, const char *arg);
/**
* Add an argument at the specified position in a NULL terminated
* argument vector
*
* Adds the argument to the N-th position. This is useful for adding
* options at the beginning of the array which must not come after the
* special '--' option.
*
* @param args is the structure containing the current argument list
* @param pos is the position at which to add the argument
* @param arg is the new argument to add
* @return -1 on allocation error, 0 on success
*/
int fuse_opt_insert_arg(struct fuse_args *args, int pos, const char *arg);
/**
* Free the contents of argument list
*
* The structure itself is not freed
*
* @param args is the structure containing the argument list
*/
void fuse_opt_free_args(struct fuse_args *args);
/**
* Check if an option matches
*
* @param opts is the option description array
* @param opt is the option to match
* @return 1 if a match is found, 0 if not
*/
int fuse_opt_match(const struct fuse_opt opts[], const char *opt);
#endif /* FUSE_OPT_H_ */

93
tools/virtiofsd/fuse_signals.c
View File

@ -1,93 +0,0 @@
/*
* FUSE: Filesystem in Userspace
* Copyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu>
*
* Utility functions for setting signal handlers.
*
* This program can be distributed under the terms of the GNU LGPLv2.
* See the file COPYING.LIB
*/
#include "qemu/osdep.h"
#include "fuse_i.h"
#include "fuse_lowlevel.h"
static struct fuse_session *fuse_instance;
static void exit_handler(int sig)
{
if (fuse_instance) {
fuse_session_exit(fuse_instance);
if (sig <= 0) {
fuse_log(FUSE_LOG_ERR, "assertion error: signal value <= 0\n");
abort();
}
fuse_instance->error = sig;
}
}
static void do_nothing(int sig)
{
(void)sig;
}
static int set_one_signal_handler(int sig, void (*handler)(int), int remove)
{
struct sigaction sa;
struct sigaction old_sa;
memset(&sa, 0, sizeof(struct sigaction));
sa.sa_handler = remove ? SIG_DFL : handler;
sigemptyset(&(sa.sa_mask));
sa.sa_flags = 0;
if (sigaction(sig, NULL, &old_sa) == -1) {
fuse_log(FUSE_LOG_ERR, "fuse: cannot get old signal handler: %s\n",
strerror(errno));
return -1;
}
if (old_sa.sa_handler == (remove ? handler : SIG_DFL) &&
sigaction(sig, &sa, NULL) == -1) {
fuse_log(FUSE_LOG_ERR, "fuse: cannot set signal handler: %s\n",
strerror(errno));
return -1;
}
return 0;
}
int fuse_set_signal_handlers(struct fuse_session *se)
{
/*
* If we used SIG_IGN instead of the do_nothing function,
* then we would be unable to tell if we set SIG_IGN (and
* thus should reset to SIG_DFL in fuse_remove_signal_handlers)
* or if it was already set to SIG_IGN (and should be left
* untouched.
*/
if (set_one_signal_handler(SIGHUP, exit_handler, 0) == -1 ||
set_one_signal_handler(SIGINT, exit_handler, 0) == -1 ||
set_one_signal_handler(SIGTERM, exit_handler, 0) == -1 ||
set_one_signal_handler(SIGPIPE, do_nothing, 0) == -1) {
return -1;
}
fuse_instance = se;
return 0;
}
void fuse_remove_signal_handlers(struct fuse_session *se)
{
if (fuse_instance != se) {
fuse_log(FUSE_LOG_ERR,
"fuse: fuse_remove_signal_handlers: unknown session\n");
} else {
fuse_instance = NULL;
}
set_one_signal_handler(SIGHUP, exit_handler, 1);
set_one_signal_handler(SIGINT, exit_handler, 1);
set_one_signal_handler(SIGTERM, exit_handler, 1);
set_one_signal_handler(SIGPIPE, do_nothing, 1);
}

1081
tools/virtiofsd/fuse_virtio.c
View File

File diff suppressed because it is too large Load Diff

33
tools/virtiofsd/fuse_virtio.h
View File

@ -1,33 +0,0 @@
/*
* virtio-fs glue for FUSE
* Copyright (C) 2018 Red Hat, Inc. and/or its affiliates
*
* Authors:
* Dave Gilbert <dgilbert@redhat.com>
*
* Implements the glue between libfuse and libvhost-user
*
* This program can be distributed under the terms of the GNU LGPLv2.
* See the file COPYING.LIB
*/
#ifndef FUSE_VIRTIO_H
#define FUSE_VIRTIO_H
#include "fuse_i.h"
struct fuse_session;
int virtio_session_mount(struct fuse_session *se);
void virtio_session_close(struct fuse_session *se);
int virtio_loop(struct fuse_session *se);
int virtio_send_msg(struct fuse_session *se, struct fuse_chan *ch,
struct iovec *iov, int count);
int virtio_send_data_iov(struct fuse_session *se, struct fuse_chan *ch,
struct iovec *iov, int count,
struct fuse_bufvec *buf, size_t len);
#endif

409
tools/virtiofsd/helper.c
View File

@ -1,409 +0,0 @@
/*
* FUSE: Filesystem in Userspace
* Copyright (C) 2001-2007 Miklos Szeredi <miklos@szeredi.hu>
*
* Helper functions to create (simple) standalone programs. With the
* aid of these functions it should be possible to create full FUSE
* file system by implementing nothing but the request handlers.
* This program can be distributed under the terms of the GNU LGPLv2.
* See the file COPYING.LIB.
*/
#include "qemu/osdep.h"
#include "fuse_i.h"
#include "fuse_lowlevel.h"
#include "fuse_misc.h"
#include "fuse_opt.h"
#include <sys/param.h>
#include <sys/resource.h>
#define FUSE_HELPER_OPT(t, p) \
{ \
t, offsetof(struct fuse_cmdline_opts, p), 1 \
}
#define FUSE_HELPER_OPT_VALUE(t, p, v) \
{ \
t, offsetof(struct fuse_cmdline_opts, p), v \
}
static const struct fuse_opt fuse_helper_opts[] = {
FUSE_HELPER_OPT("-h", show_help),
FUSE_HELPER_OPT("--help", show_help),
FUSE_HELPER_OPT("-V", show_version),
FUSE_HELPER_OPT("--version", show_version),
FUSE_HELPER_OPT("--print-capabilities", print_capabilities),
FUSE_HELPER_OPT("-d", debug),
FUSE_HELPER_OPT("debug", debug),
FUSE_HELPER_OPT("-d", foreground),
FUSE_HELPER_OPT("debug", foreground),
FUSE_OPT_KEY("-d", FUSE_OPT_KEY_KEEP),
FUSE_OPT_KEY("debug", FUSE_OPT_KEY_KEEP),
FUSE_HELPER_OPT("-f", foreground),
FUSE_HELPER_OPT_VALUE("--daemonize", foreground, 0),
FUSE_HELPER_OPT("fsname=", nodefault_subtype),
FUSE_OPT_KEY("fsname=", FUSE_OPT_KEY_KEEP),
FUSE_HELPER_OPT("subtype=", nodefault_subtype),
FUSE_OPT_KEY("subtype=", FUSE_OPT_KEY_KEEP),
FUSE_HELPER_OPT("max_idle_threads=%u", max_idle_threads),
FUSE_HELPER_OPT("--rlimit-nofile=%lu", rlimit_nofile),
FUSE_HELPER_OPT("--syslog", syslog),
FUSE_HELPER_OPT_VALUE("log_level=debug", log_level, FUSE_LOG_DEBUG),
FUSE_HELPER_OPT_VALUE("log_level=info", log_level, FUSE_LOG_INFO),
FUSE_HELPER_OPT_VALUE("log_level=warn", log_level, FUSE_LOG_WARNING),
FUSE_HELPER_OPT_VALUE("log_level=err", log_level, FUSE_LOG_ERR),
FUSE_OPT_END
};
struct fuse_conn_info_opts {
int atomic_o_trunc;
int no_remote_posix_lock;
int no_remote_flock;
int splice_write;
int splice_move;
int splice_read;
int no_splice_write;
int no_splice_move;
int no_splice_read;
int auto_inval_data;
int no_auto_inval_data;
int no_readdirplus;
int no_readdirplus_auto;
int async_dio;
int no_async_dio;
int writeback_cache;
int no_writeback_cache;
int async_read;
int sync_read;
unsigned max_write;
unsigned max_readahead;
unsigned max_background;
unsigned congestion_threshold;
unsigned time_gran;
int set_max_write;
int set_max_readahead;
int set_max_background;
int set_congestion_threshold;
int set_time_gran;
};
#define CONN_OPTION(t, p, v) \
{ \
t, offsetof(struct fuse_conn_info_opts, p), v \
}
static const struct fuse_opt conn_info_opt_spec[] = {
CONN_OPTION("max_write=%u", max_write, 0),
CONN_OPTION("max_write=", set_max_write, 1),
CONN_OPTION("max_readahead=%u", max_readahead, 0),
CONN_OPTION("max_readahead=", set_max_readahead, 1),
CONN_OPTION("max_background=%u", max_background, 0),
CONN_OPTION("max_background=", set_max_background, 1),
CONN_OPTION("congestion_threshold=%u", congestion_threshold, 0),
CONN_OPTION("congestion_threshold=", set_congestion_threshold, 1),
CONN_OPTION("sync_read", sync_read, 1),
CONN_OPTION("async_read", async_read, 1),
CONN_OPTION("atomic_o_trunc", atomic_o_trunc, 1),
CONN_OPTION("no_remote_lock", no_remote_posix_lock, 1),
CONN_OPTION("no_remote_lock", no_remote_flock, 1),
CONN_OPTION("no_remote_flock", no_remote_flock, 1),
CONN_OPTION("no_remote_posix_lock", no_remote_posix_lock, 1),
CONN_OPTION("splice_write", splice_write, 1),
CONN_OPTION("no_splice_write", no_splice_write, 1),
CONN_OPTION("splice_move", splice_move, 1),
CONN_OPTION("no_splice_move", no_splice_move, 1),
CONN_OPTION("splice_read", splice_read, 1),
CONN_OPTION("no_splice_read", no_splice_read, 1),
CONN_OPTION("auto_inval_data", auto_inval_data, 1),
CONN_OPTION("no_auto_inval_data", no_auto_inval_data, 1),
CONN_OPTION("readdirplus=no", no_readdirplus, 1),
CONN_OPTION("readdirplus=yes", no_readdirplus, 0),
CONN_OPTION("readdirplus=yes", no_readdirplus_auto, 1),
CONN_OPTION("readdirplus=auto", no_readdirplus, 0),
CONN_OPTION("readdirplus=auto", no_readdirplus_auto, 0),
CONN_OPTION("async_dio", async_dio, 1),
CONN_OPTION("no_async_dio", no_async_dio, 1),
CONN_OPTION("writeback_cache", writeback_cache, 1),
CONN_OPTION("no_writeback_cache", no_writeback_cache, 1),
CONN_OPTION("time_gran=%u", time_gran, 0),
CONN_OPTION("time_gran=", set_time_gran, 1),
FUSE_OPT_END
};
void fuse_cmdline_help(void)
{
printf(" -h --help print help\n"
" -V --version print version\n"
" --print-capabilities print vhost-user.json\n"
" -d -o debug enable debug output (implies -f)\n"
" --syslog log to syslog (default stderr)\n"
" -f foreground operation\n"
" --daemonize run in background\n"
" -o cache=<mode> cache mode. could be one of \"auto, "
"always, none\"\n"
" default: auto\n"
" -o flock|no_flock enable/disable flock\n"
" default: no_flock\n"
" -o log_level=<level> log level, default to \"info\"\n"
" level could be one of \"debug, "
"info, warn, err\"\n"
" -o max_idle_threads the maximum number of idle worker "
"threads\n"
" allowed (default: 10)\n"
" -o posix_lock|no_posix_lock\n"
" enable/disable remote posix lock\n"
" default: no_posix_lock\n"
" -o readdirplus|no_readdirplus\n"
" enable/disable readirplus\n"
" default: readdirplus except with "
"cache=none\n"
" -o sandbox=namespace|chroot\n"
" sandboxing mode:\n"
" - namespace: mount, pid, and net\n"
" namespaces with pivot_root(2)\n"
" into shared directory\n"
" - chroot: chroot(2) into shared\n"
" directory (use in containers)\n"
" default: namespace\n"
" -o timeout=<number> I/O timeout (seconds)\n"
" default: depends on cache= option.\n"
" -o writeback|no_writeback enable/disable writeback cache\n"
" default: no_writeback\n"
" -o xattr|no_xattr enable/disable xattr\n"
" default: no_xattr\n"
" -o xattrmap=<mapping> Enable xattr mapping (enables xattr)\n"
" <mapping> is a string consists of a series of rules\n"
" e.g. -o xattrmap=:map::user.virtiofs.:\n"
" -o modcaps=CAPLIST Modify the list of capabilities\n"
" e.g. -o modcaps=+sys_admin:-chown\n"
" --rlimit-nofile=<num> set maximum number of file descriptors\n"
" (0 leaves rlimit unchanged)\n"
" default: min(1000000, fs.file-max - 16384)\n"
" if the current rlimit is lower\n"
" -o allow_direct_io|no_allow_direct_io\n"
" retain/discard O_DIRECT flags passed down\n"
" to virtiofsd from guest applications.\n"
" default: no_allow_direct_io\n"
" -o announce_submounts Announce sub-mount points to the guest\n"
" -o posix_acl/no_posix_acl Enable/Disable posix_acl. (default: disabled)\n"
" -o security_label/no_security_label Enable/Disable security label. (default: disabled)\n"
" -o killpriv_v2/no_killpriv_v2\n"
" Enable/Disable FUSE_HANDLE_KILLPRIV_V2.\n"
" (default: enabled as long as client supports it)\n"
);
}
static int fuse_helper_opt_proc(void *data, const char *arg, int key,
struct fuse_args *outargs)
{
(void)data;
(void)outargs;
switch (key) {
case FUSE_OPT_KEY_NONOPT:
fuse_log(FUSE_LOG_ERR, "fuse: invalid argument `%s'\n", arg);
return -1;
default:
/* Pass through unknown options */
return 1;
}
}
static unsigned long get_default_rlimit_nofile(void)
{
g_autofree gchar *file_max_str = NULL;
const rlim_t reserved_fds = 16384; /* leave at least this many fds free */
rlim_t max_fds = 1000000; /* our default RLIMIT_NOFILE target */
rlim_t file_max;
struct rlimit rlim;
/*
* Reduce max_fds below the system-wide maximum, if necessary. This
* ensures there are fds available for other processes so we don't
* cause resource exhaustion.
*/
if (!g_file_get_contents("/proc/sys/fs/file-max", &file_max_str,
NULL, NULL)) {
fuse_log(FUSE_LOG_ERR, "can't read /proc/sys/fs/file-max\n");
exit(1);
}
file_max = g_ascii_strtoull(file_max_str, NULL, 10);
if (file_max < 2 * reserved_fds) {
fuse_log(FUSE_LOG_ERR,
"The fs.file-max sysctl is too low (%lu) to allow a "
"reasonable number of open files.\n",
(unsigned long)file_max);
exit(1);
}
max_fds = MIN(file_max - reserved_fds, max_fds);
if (getrlimit(RLIMIT_NOFILE, &rlim) < 0) {
fuse_log(FUSE_LOG_ERR, "getrlimit(RLIMIT_NOFILE): %m\n");
exit(1);
}
if (rlim.rlim_cur >= max_fds) {
return 0; /* we have more fds available than required! */
}
return max_fds;
}
int fuse_parse_cmdline(struct fuse_args *args, struct fuse_cmdline_opts *opts)
{
memset(opts, 0, sizeof(struct fuse_cmdline_opts));
opts->max_idle_threads = 10;
opts->rlimit_nofile = get_default_rlimit_nofile();
opts->foreground = 1;
if (fuse_opt_parse(args, opts, fuse_helper_opts, fuse_helper_opt_proc) ==
-1) {
return -1;
}
return 0;
}
int fuse_daemonize(int foreground)
{
int ret = 0, rett;
if (!foreground) {
int nullfd;
int waiter[2];
char completed;
if (!g_unix_open_pipe(waiter, FD_CLOEXEC, NULL)) {
fuse_log(FUSE_LOG_ERR, "fuse_daemonize: pipe: %s\n",
strerror(errno));
return -1;
}
/*
* demonize current process by forking it and killing the
* parent. This makes current process as a child of 'init'.
*/
switch (fork()) {
case -1:
fuse_log(FUSE_LOG_ERR, "fuse_daemonize: fork: %s\n",
strerror(errno));
return -1;
case 0:
break;
default:
_exit(read(waiter[0], &completed,
sizeof(completed) != sizeof(completed)));
}
if (setsid() == -1) {
fuse_log(FUSE_LOG_ERR, "fuse_daemonize: setsid: %s\n",
strerror(errno));
return -1;
}
ret = chdir("/");
nullfd = open("/dev/null", O_RDWR, 0);
if (nullfd != -1) {
rett = dup2(nullfd, 0);
if (!ret) {
ret = rett;
}
rett = dup2(nullfd, 1);
if (!ret) {
ret = rett;
}
rett = dup2(nullfd, 2);
if (!ret) {
ret = rett;
}
if (nullfd > 2) {
close(nullfd);
}
}
/* Propagate completion of daemon initialization */
completed = 1;
rett = write(waiter[1], &completed, sizeof(completed));
if (!ret) {
ret = rett;
}
close(waiter[0]);
close(waiter[1]);
} else {
ret = chdir("/");
}
return ret;
}
void fuse_apply_conn_info_opts(struct fuse_conn_info_opts *opts,
struct fuse_conn_info *conn)
{
if (opts->set_max_write) {
conn->max_write = opts->max_write;
}
if (opts->set_max_background) {
conn->max_background = opts->max_background;
}
if (opts->set_congestion_threshold) {
conn->congestion_threshold = opts->congestion_threshold;
}
if (opts->set_time_gran) {
conn->time_gran = opts->time_gran;
}
if (opts->set_max_readahead) {
conn->max_readahead = opts->max_readahead;
}
#define LL_ENABLE(cond, cap) \
if (cond) \
conn->want |= (cap)
#define LL_DISABLE(cond, cap) \
if (cond) \
conn->want &= ~(cap)
LL_ENABLE(opts->splice_read, FUSE_CAP_SPLICE_READ);
LL_DISABLE(opts->no_splice_read, FUSE_CAP_SPLICE_READ);
LL_ENABLE(opts->splice_write, FUSE_CAP_SPLICE_WRITE);
LL_DISABLE(opts->no_splice_write, FUSE_CAP_SPLICE_WRITE);
LL_ENABLE(opts->splice_move, FUSE_CAP_SPLICE_MOVE);
LL_DISABLE(opts->no_splice_move, FUSE_CAP_SPLICE_MOVE);
LL_ENABLE(opts->auto_inval_data, FUSE_CAP_AUTO_INVAL_DATA);
LL_DISABLE(opts->no_auto_inval_data, FUSE_CAP_AUTO_INVAL_DATA);
LL_DISABLE(opts->no_readdirplus, FUSE_CAP_READDIRPLUS);
LL_DISABLE(opts->no_readdirplus_auto, FUSE_CAP_READDIRPLUS_AUTO);
LL_ENABLE(opts->async_dio, FUSE_CAP_ASYNC_DIO);
LL_DISABLE(opts->no_async_dio, FUSE_CAP_ASYNC_DIO);
LL_ENABLE(opts->writeback_cache, FUSE_CAP_WRITEBACK_CACHE);
LL_DISABLE(opts->no_writeback_cache, FUSE_CAP_WRITEBACK_CACHE);
LL_ENABLE(opts->async_read, FUSE_CAP_ASYNC_READ);
LL_DISABLE(opts->sync_read, FUSE_CAP_ASYNC_READ);
LL_DISABLE(opts->no_remote_posix_lock, FUSE_CAP_POSIX_LOCKS);
LL_DISABLE(opts->no_remote_flock, FUSE_CAP_FLOCK_LOCKS);
}
struct fuse_conn_info_opts *fuse_parse_conn_info_opts(struct fuse_args *args)
{
struct fuse_conn_info_opts *opts;
opts = calloc(1, sizeof(struct fuse_conn_info_opts));
if (opts == NULL) {
fuse_log(FUSE_LOG_ERR, "calloc failed\n");
return NULL;
}
if (fuse_opt_parse(args, opts, conn_info_opt_spec, NULL) == -1) {
free(opts);
return NULL;
}
return opts;
}

51
tools/virtiofsd/passthrough_helpers.h
View File

@ -1,51 +0,0 @@
/*
* FUSE: Filesystem in Userspace
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE
*/
/*
* Creates files on the underlying file system in response to a FUSE_MKNOD
* operation
*/
static int mknod_wrapper(int dirfd, const char *path, const char *link,
int mode, dev_t rdev)
{
int res;
if (S_ISREG(mode)) {
res = openat(dirfd, path, O_CREAT | O_EXCL | O_WRONLY, mode);
if (res >= 0) {
res = close(res);
}
} else if (S_ISDIR(mode)) {
res = mkdirat(dirfd, path, mode);
} else if (S_ISLNK(mode) && link != NULL) {
res = symlinkat(link, dirfd, path);
} else if (S_ISFIFO(mode)) {
res = mkfifoat(dirfd, path, mode);
} else {
res = mknodat(dirfd, path, mode, rdev);
}
return res;
}

4521
tools/virtiofsd/passthrough_ll.c
View File

File diff suppressed because it is too large Load Diff

182
tools/virtiofsd/passthrough_seccomp.c
View File

@ -1,182 +0,0 @@
/*
* Seccomp sandboxing for virtiofsd
*
* Copyright (C) 2019 Red Hat, Inc.
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#include "qemu/osdep.h"
#include "passthrough_seccomp.h"
#include "fuse_i.h"
#include "fuse_log.h"
#include <seccomp.h>
/* Bodge for libseccomp 2.4.2 which broke ppoll */
#if !defined(__SNR_ppoll) && defined(__SNR_brk)
#ifdef __NR_ppoll
#define __SNR_ppoll __NR_ppoll
#else
#define __SNR_ppoll __PNR_ppoll
#endif
#endif
static const int syscall_allowlist[] = {
/* TODO ireg sem*() syscalls */
SCMP_SYS(brk),
SCMP_SYS(capget), /* For CAP_FSETID */
SCMP_SYS(capset),
SCMP_SYS(clock_gettime),
SCMP_SYS(clone),
#ifdef __NR_clone3
SCMP_SYS(clone3),
#endif
SCMP_SYS(close),
SCMP_SYS(copy_file_range),
SCMP_SYS(dup),
SCMP_SYS(eventfd2),
SCMP_SYS(exit),
SCMP_SYS(exit_group),
SCMP_SYS(fallocate),
SCMP_SYS(fchdir),
SCMP_SYS(fchmod),
SCMP_SYS(fchmodat),
SCMP_SYS(fchownat),
SCMP_SYS(fcntl),
SCMP_SYS(fdatasync),
SCMP_SYS(fgetxattr),
SCMP_SYS(flistxattr),
SCMP_SYS(flock),
SCMP_SYS(fremovexattr),
SCMP_SYS(fsetxattr),
SCMP_SYS(fstat),
SCMP_SYS(fstatfs),
SCMP_SYS(fstatfs64),
SCMP_SYS(fsync),
SCMP_SYS(ftruncate),
SCMP_SYS(futex),
SCMP_SYS(getdents),
SCMP_SYS(getdents64),
SCMP_SYS(getegid),
SCMP_SYS(geteuid),
SCMP_SYS(getpid),
SCMP_SYS(gettid),
SCMP_SYS(gettimeofday),
SCMP_SYS(getxattr),
SCMP_SYS(linkat),
SCMP_SYS(listxattr),
SCMP_SYS(lseek),
SCMP_SYS(_llseek), /* For POWER */
SCMP_SYS(madvise),
SCMP_SYS(mkdirat),
SCMP_SYS(mknodat),
SCMP_SYS(mmap),
SCMP_SYS(mprotect),
SCMP_SYS(mremap),
SCMP_SYS(munmap),
SCMP_SYS(newfstatat),
SCMP_SYS(statx),
SCMP_SYS(open),
SCMP_SYS(openat),
SCMP_SYS(ppoll),
SCMP_SYS(prctl), /* TODO restrict to just PR_SET_NAME? */
SCMP_SYS(preadv),
SCMP_SYS(pread64),
SCMP_SYS(pwritev),
SCMP_SYS(pwrite64),
SCMP_SYS(read),
SCMP_SYS(readlinkat),
SCMP_SYS(recvmsg),
SCMP_SYS(renameat),
SCMP_SYS(renameat2),
SCMP_SYS(removexattr),
SCMP_SYS(restart_syscall),
#ifdef __NR_rseq
SCMP_SYS(rseq), /* required since glibc 2.35 */
#endif
SCMP_SYS(rt_sigaction),
SCMP_SYS(rt_sigprocmask),
SCMP_SYS(rt_sigreturn),
SCMP_SYS(sched_getattr),
SCMP_SYS(sched_setattr),
SCMP_SYS(sendmsg),
SCMP_SYS(setresgid),
SCMP_SYS(setresuid),
#ifdef __NR_setresgid32
SCMP_SYS(setresgid32),
#endif
#ifdef __NR_setresuid32
SCMP_SYS(setresuid32),
#endif
SCMP_SYS(set_robust_list),
SCMP_SYS(setxattr),
SCMP_SYS(sigreturn),
SCMP_SYS(symlinkat),
SCMP_SYS(syncfs),
SCMP_SYS(time), /* Rarely needed, except on static builds */
SCMP_SYS(tgkill),
SCMP_SYS(unlinkat),
SCMP_SYS(unshare),
SCMP_SYS(utimensat),
SCMP_SYS(write),
SCMP_SYS(writev),
SCMP_SYS(umask),
};
/* Syscalls used when --syslog is enabled */
static const int syscall_allowlist_syslog[] = {
SCMP_SYS(send),
SCMP_SYS(sendto),
};
static void add_allowlist(scmp_filter_ctx ctx, const int syscalls[], size_t len)
{
size_t i;
for (i = 0; i < len; i++) {
if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, syscalls[i], 0) != 0) {
fuse_log(FUSE_LOG_ERR, "seccomp_rule_add syscall %d failed\n",
syscalls[i]);
exit(1);
}
}
}
void setup_seccomp(bool enable_syslog)
{
scmp_filter_ctx ctx;
#ifdef SCMP_ACT_KILL_PROCESS
ctx = seccomp_init(SCMP_ACT_KILL_PROCESS);
/* Handle a newer libseccomp but an older kernel */
if (!ctx && errno == EOPNOTSUPP) {
ctx = seccomp_init(SCMP_ACT_TRAP);
}
#else
ctx = seccomp_init(SCMP_ACT_TRAP);
#endif
if (!ctx) {
fuse_log(FUSE_LOG_ERR, "seccomp_init() failed\n");
exit(1);
}
add_allowlist(ctx, syscall_allowlist, G_N_ELEMENTS(syscall_allowlist));
if (enable_syslog) {
add_allowlist(ctx, syscall_allowlist_syslog,
G_N_ELEMENTS(syscall_allowlist_syslog));
}
/* libvhost-user calls this for post-copy migration, we don't need it */
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOSYS),
SCMP_SYS(userfaultfd), 0) != 0) {
fuse_log(FUSE_LOG_ERR, "seccomp_rule_add userfaultfd failed\n");
exit(1);
}
if (seccomp_load(ctx) < 0) {
fuse_log(FUSE_LOG_ERR, "seccomp_load() failed\n");
exit(1);
}
seccomp_release(ctx);
}

14
tools/virtiofsd/passthrough_seccomp.h
View File

@ -1,14 +0,0 @@
/*
* Seccomp sandboxing for virtiofsd
*
* Copyright (C) 2019 Red Hat, Inc.
*
* SPDX-License-Identifier: GPL-2.0-or-later
*/
#ifndef VIRTIOFSD_PASSTHROUGH_SECCOMP_H
#define VIRTIOFSD_PASSTHROUGH_SECCOMP_H
void setup_seccomp(bool enable_syslog);
#endif /* VIRTIOFSD_PASSTHROUGH_SECCOMP_H */