From d12aa577156101a1c6a05765de751f0a54b58aa8 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sat, 29 Jul 2017 16:13:38 +0200 Subject: [PATCH] fusefronted_reverse: fix ino collision between .name and .diriv files A directory with a long name has two associated virtual files: the .name file and the .diriv files. These used to get the same inode number: $ ls -di1 * */* 33313535 gocryptfs.longname.2togDFouca9mrTwtfF1RNW5DZRAQY8alaR7wO_Xd5Zw 1000000000033313535 gocryptfs.longname.2togDFouca9mrTwtfF1RNW5DZRAQY8alaR7wO_Xd5Zw/gocryptfs.diriv 1000000000033313535 gocryptfs.longname.2togDFouca9mrTwtfF1RNW5DZRAQY8alaR7wO_Xd5Zw.name With this change we use another prefix (2 instead of 1) for .name files. $ ls -di1 * */* 33313535 gocryptfs.longname.2togDFouca9mrTwtfF1RNW5DZRAQY8alaR7wO_Xd5Zw 1000000000033313535 gocryptfs.longname.2togDFouca9mrTwtfF1RNW5DZRAQY8alaR7wO_Xd5Zw/gocryptfs.diriv 2000000000033313535 gocryptfs.longname.2togDFouca9mrTwtfF1RNW5DZRAQY8alaR7wO_Xd5Zw.name --- .../fusefrontend_reverse/reverse_longnames.go | 2 +- internal/fusefrontend_reverse/rfs.go | 4 +-- internal/fusefrontend_reverse/virtualfile.go | 32 +++++++++++++------ 3 files changed, 26 insertions(+), 12 deletions(-) diff --git a/internal/fusefrontend_reverse/reverse_longnames.go b/internal/fusefrontend_reverse/reverse_longnames.go index 7e26c90f..3b2ddea5 100644 --- a/internal/fusefrontend_reverse/reverse_longnames.go +++ b/internal/fusefrontend_reverse/reverse_longnames.go @@ -100,5 +100,5 @@ func (rfs *ReverseFS) newNameFile(relPath string) (nodefs.File, fuse.Status) { } content := []byte(rfs.nameTransform.EncryptName(pName, dirIV)) parentFile := filepath.Join(rfs.args.Cipherdir, pDir, pName) - return rfs.newVirtualFile(content, parentFile) + return rfs.newVirtualFile(content, parentFile, inoBaseNameFile) } diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go index 3c84e156..76b13618 100644 --- a/internal/fusefrontend_reverse/rfs.go +++ b/internal/fusefrontend_reverse/rfs.go @@ -162,9 +162,9 @@ func (rfs *ReverseFS) GetAttr(relPath string, context *fuse.Context) (*fuse.Attr return nil, fuse.ToStatus(err) } // Instead of risking an inode number collision, we return an error. - if st.Ino > virtualInoBase { + if st.Ino > inoBaseMin { tlog.Warn.Printf("GetAttr %q: backing file inode number %d crosses reserved space, max=%d. Returning EOVERFLOW.", - relPath, st.Ino, virtualInoBase) + relPath, st.Ino, inoBaseMin) return nil, fuse.ToStatus(syscall.EOVERFLOW) } var a fuse.Attr diff --git a/internal/fusefrontend_reverse/virtualfile.go b/internal/fusefrontend_reverse/virtualfile.go index 5d5d80d7..05b8349a 100644 --- a/internal/fusefrontend_reverse/virtualfile.go +++ b/internal/fusefrontend_reverse/virtualfile.go @@ -1,6 +1,7 @@ package fusefrontend_reverse import ( + "log" "syscall" "github.com/hanwen/go-fuse/fuse" @@ -14,12 +15,19 @@ const ( // virtualFileMode is the mode to use for virtual files (gocryptfs.diriv and // *.name). They are always readable, as stated in func Access virtualFileMode = syscall.S_IFREG | 0444 - // virtualInoBase is the start of the inode number range that is used - // for virtual files. + // inoBaseDirIV is the start of the inode number range that is used + // for virtual gocryptfs.diriv files. inoBaseNameFile is the thing for + // *.name files. // The value 10^19 is just below 2^60. A power of 10 has been chosen so the // "ls -li" output (which is base-10) is easy to read. - // 10^19 is the largest power of 10 that is smaller than UINT64_MAX/2. - virtualInoBase = uint64(1000000000000000000) + // 10^19 is the largest power of 10 that is smaller than + // INT64_MAX (=UINT64_MAX/2). This avoids signedness issues. + inoBaseDirIV = uint64(1000000000000000000) + inoBaseNameFile = uint64(2000000000000000000) + // inoBaseMin marks the start of the inode number space that is + // reserved for virtual files. It is the lowest of the inoBaseXXX values + // above. + inoBaseMin = inoBaseDirIV ) func (rfs *ReverseFS) newDirIVFile(cRelPath string) (nodefs.File, fuse.Status) { @@ -28,7 +36,7 @@ func (rfs *ReverseFS) newDirIVFile(cRelPath string) (nodefs.File, fuse.Status) { if err != nil { return nil, fuse.ToStatus(err) } - return rfs.newVirtualFile(pathiv.Derive(cDir, pathiv.PurposeDirIV), absDir) + return rfs.newVirtualFile(pathiv.Derive(cDir, pathiv.PurposeDirIV), absDir, inoBaseDirIV) } type virtualFile struct { @@ -38,17 +46,23 @@ type virtualFile struct { content []byte // absolute path to a parent file parentFile string + // inode number of a virtual file is inode of parent file plus inoBase + inoBase uint64 } // newVirtualFile creates a new in-memory file that does not have a representation // on disk. "content" is the file content. Timestamps and file owner are copied // from "parentFile" (absolute plaintext path). For a "gocryptfs.diriv" file, you // would use the parent directory as "parentFile". -func (rfs *ReverseFS) newVirtualFile(content []byte, parentFile string) (nodefs.File, fuse.Status) { +func (rfs *ReverseFS) newVirtualFile(content []byte, parentFile string, inoBase uint64) (nodefs.File, fuse.Status) { + if inoBase < inoBaseMin { + log.Panicf("BUG: virtual inode number base %d is below reserved space", inoBase) + } return &virtualFile{ File: nodefs.NewDefaultFile(), content: content, parentFile: parentFile, + inoBase: inoBase, }, fuse.OK } @@ -72,12 +86,12 @@ func (f *virtualFile) GetAttr(a *fuse.Attr) fuse.Status { tlog.Debug.Printf("GetAttr: Lstat %q: %v\n", f.parentFile, err) return fuse.ToStatus(err) } - if st.Ino > virtualInoBase { + if st.Ino > inoBaseMin { tlog.Warn.Printf("virtualFile.GetAttr: parent file inode number %d crosses reserved space, max=%d. Returning EOVERFLOW.", - st.Ino, virtualInoBase) + st.Ino, inoBaseMin) return fuse.ToStatus(syscall.EOVERFLOW) } - st.Ino = st.Ino + virtualInoBase + st.Ino = st.Ino + f.inoBase st.Size = int64(len(f.content)) st.Mode = virtualFileMode st.Nlink = 1