2 * Present a block device as a raw image through FUSE
4 * Copyright (c) 2020 Max Reitz <mreitz@redhat.com>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; under version 2 or later of the License.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 #define FUSE_USE_VERSION 31
21 #include "qemu/osdep.h"
22 #include "block/aio.h"
23 #include "block/block.h"
24 #include "block/export.h"
25 #include "block/fuse.h"
26 #include "block/qapi.h"
27 #include "qapi/error.h"
28 #include "qapi/qapi-commands-block.h"
29 #include "sysemu/block-backend.h"
32 #include <fuse_lowlevel.h>
34 #if defined(CONFIG_FALLOCATE_ZERO_RANGE)
35 #include <linux/falloc.h>
42 /* Prevent overly long bounce buffer allocations */
43 #define FUSE_MAX_BOUNCE_BYTES (MIN(BDRV_REQUEST_MAX_BYTES, 64 * 1024 * 1024))
46 typedef struct FuseExport
{
49 struct fuse_session
*fuse_session
;
50 struct fuse_buf fuse_buf
;
51 bool mounted
, fd_handler_set_up
;
56 /* Whether allow_other was used as a mount option or not */
64 static GHashTable
*exports
;
65 static const struct fuse_lowlevel_ops fuse_ops
;
67 static void fuse_export_shutdown(BlockExport
*exp
);
68 static void fuse_export_delete(BlockExport
*exp
);
70 static void init_exports_table(void);
72 static int setup_fuse_export(FuseExport
*exp
, const char *mountpoint
,
73 bool allow_other
, Error
**errp
);
74 static void read_from_fuse_export(void *opaque
);
76 static bool is_regular_file(const char *path
, Error
**errp
);
79 static int fuse_export_create(BlockExport
*blk_exp
,
80 BlockExportOptions
*blk_exp_args
,
83 FuseExport
*exp
= container_of(blk_exp
, FuseExport
, common
);
84 BlockExportOptionsFuse
*args
= &blk_exp_args
->u
.fuse
;
87 assert(blk_exp_args
->type
== BLOCK_EXPORT_TYPE_FUSE
);
89 /* For growable exports, take the RESIZE permission */
91 uint64_t blk_perm
, blk_shared_perm
;
93 blk_get_perm(exp
->common
.blk
, &blk_perm
, &blk_shared_perm
);
95 ret
= blk_set_perm(exp
->common
.blk
, blk_perm
| BLK_PERM_RESIZE
,
96 blk_shared_perm
, errp
);
102 init_exports_table();
105 * It is important to do this check before calling is_regular_file() --
106 * that function will do a stat(), which we would have to handle if we
107 * already exported something on @mountpoint. But we cannot, because
108 * we are currently caught up here.
109 * (Note that ideally we would want to resolve relative paths here,
110 * but bdrv_make_absolute_filename() might do the wrong thing for
111 * paths that contain colons, and realpath() would resolve symlinks,
112 * which we do not want: The mount point is not going to be the
113 * symlink's destination, but the link itself.)
114 * So this will not catch all potential clashes, but hopefully at
115 * least the most common one of specifying exactly the same path
118 if (g_hash_table_contains(exports
, args
->mountpoint
)) {
119 error_setg(errp
, "There already is a FUSE export on '%s'",
125 if (!is_regular_file(args
->mountpoint
, errp
)) {
130 exp
->mountpoint
= g_strdup(args
->mountpoint
);
131 exp
->writable
= blk_exp_args
->writable
;
132 exp
->growable
= args
->growable
;
135 if (!args
->has_allow_other
) {
136 args
->allow_other
= FUSE_EXPORT_ALLOW_OTHER_AUTO
;
139 exp
->st_mode
= S_IFREG
| S_IRUSR
;
141 exp
->st_mode
|= S_IWUSR
;
143 exp
->st_uid
= getuid();
144 exp
->st_gid
= getgid();
146 if (args
->allow_other
== FUSE_EXPORT_ALLOW_OTHER_AUTO
) {
147 /* Ignore errors on our first attempt */
148 ret
= setup_fuse_export(exp
, args
->mountpoint
, true, NULL
);
149 exp
->allow_other
= ret
== 0;
151 ret
= setup_fuse_export(exp
, args
->mountpoint
, false, errp
);
154 exp
->allow_other
= args
->allow_other
== FUSE_EXPORT_ALLOW_OTHER_ON
;
155 ret
= setup_fuse_export(exp
, args
->mountpoint
, exp
->allow_other
, errp
);
164 fuse_export_delete(blk_exp
);
169 * Allocates the global @exports hash table.
171 static void init_exports_table(void)
177 exports
= g_hash_table_new_full(g_str_hash
, g_str_equal
, g_free
, NULL
);
181 * Create exp->fuse_session and mount it.
183 static int setup_fuse_export(FuseExport
*exp
, const char *mountpoint
,
184 bool allow_other
, Error
**errp
)
186 const char *fuse_argv
[4];
188 struct fuse_args fuse_args
;
192 * max_read needs to match what fuse_init() sets.
193 * max_write need not be supplied.
195 mount_opts
= g_strdup_printf("max_read=%zu,default_permissions%s",
196 FUSE_MAX_BOUNCE_BYTES
,
197 allow_other
? ",allow_other" : "");
199 fuse_argv
[0] = ""; /* Dummy program name */
201 fuse_argv
[2] = mount_opts
;
203 fuse_args
= (struct fuse_args
)FUSE_ARGS_INIT(3, (char **)fuse_argv
);
205 exp
->fuse_session
= fuse_session_new(&fuse_args
, &fuse_ops
,
206 sizeof(fuse_ops
), exp
);
208 if (!exp
->fuse_session
) {
209 error_setg(errp
, "Failed to set up FUSE session");
214 ret
= fuse_session_mount(exp
->fuse_session
, mountpoint
);
216 error_setg(errp
, "Failed to mount FUSE session to export");
222 g_hash_table_insert(exports
, g_strdup(mountpoint
), NULL
);
224 aio_set_fd_handler(exp
->common
.ctx
,
225 fuse_session_fd(exp
->fuse_session
), true,
226 read_from_fuse_export
, NULL
, NULL
, exp
);
227 exp
->fd_handler_set_up
= true;
232 fuse_export_shutdown(&exp
->common
);
237 * Callback to be invoked when the FUSE session FD can be read from.
238 * (This is basically the FUSE event loop.)
240 static void read_from_fuse_export(void *opaque
)
242 FuseExport
*exp
= opaque
;
245 blk_exp_ref(&exp
->common
);
248 ret
= fuse_session_receive_buf(exp
->fuse_session
, &exp
->fuse_buf
);
249 } while (ret
== -EINTR
);
254 fuse_session_process_buf(exp
->fuse_session
, &exp
->fuse_buf
);
257 blk_exp_unref(&exp
->common
);
260 static void fuse_export_shutdown(BlockExport
*blk_exp
)
262 FuseExport
*exp
= container_of(blk_exp
, FuseExport
, common
);
264 if (exp
->fuse_session
) {
265 fuse_session_exit(exp
->fuse_session
);
267 if (exp
->fd_handler_set_up
) {
268 aio_set_fd_handler(exp
->common
.ctx
,
269 fuse_session_fd(exp
->fuse_session
), true,
270 NULL
, NULL
, NULL
, NULL
);
271 exp
->fd_handler_set_up
= false;
275 if (exp
->mountpoint
) {
277 * Safe to drop now, because we will not handle any requests
278 * for this export anymore anyway.
280 g_hash_table_remove(exports
, exp
->mountpoint
);
284 static void fuse_export_delete(BlockExport
*blk_exp
)
286 FuseExport
*exp
= container_of(blk_exp
, FuseExport
, common
);
288 if (exp
->fuse_session
) {
290 fuse_session_unmount(exp
->fuse_session
);
293 fuse_session_destroy(exp
->fuse_session
);
296 free(exp
->fuse_buf
.mem
);
297 g_free(exp
->mountpoint
);
301 * Check whether @path points to a regular file. If not, put an
302 * appropriate message into *errp.
304 static bool is_regular_file(const char *path
, Error
**errp
)
309 ret
= stat(path
, &statbuf
);
311 error_setg_errno(errp
, errno
, "Failed to stat '%s'", path
);
315 if (!S_ISREG(statbuf
.st_mode
)) {
316 error_setg(errp
, "'%s' is not a regular file", path
);
324 * A chance to set change some parameters supplied to FUSE_INIT.
326 static void fuse_init(void *userdata
, struct fuse_conn_info
*conn
)
329 * MIN_NON_ZERO() would not be wrong here, but what we set here
330 * must equal what has been passed to fuse_session_new().
331 * Therefore, as long as max_read must be passed as a mount option
332 * (which libfuse claims will be changed at some point), we have
333 * to set max_read to a fixed value here.
335 conn
->max_read
= FUSE_MAX_BOUNCE_BYTES
;
337 conn
->max_write
= MIN_NON_ZERO(BDRV_REQUEST_MAX_BYTES
, conn
->max_write
);
341 * Let clients look up files. Always return ENOENT because we only
342 * care about the mountpoint itself.
344 static void fuse_lookup(fuse_req_t req
, fuse_ino_t parent
, const char *name
)
346 fuse_reply_err(req
, ENOENT
);
350 * Let clients get file attributes (i.e., stat() the file).
352 static void fuse_getattr(fuse_req_t req
, fuse_ino_t inode
,
353 struct fuse_file_info
*fi
)
356 int64_t length
, allocated_blocks
;
357 time_t now
= time(NULL
);
358 FuseExport
*exp
= fuse_req_userdata(req
);
360 length
= blk_getlength(exp
->common
.blk
);
362 fuse_reply_err(req
, -length
);
366 allocated_blocks
= bdrv_get_allocated_file_size(blk_bs(exp
->common
.blk
));
367 if (allocated_blocks
<= 0) {
368 allocated_blocks
= DIV_ROUND_UP(length
, 512);
370 allocated_blocks
= DIV_ROUND_UP(allocated_blocks
, 512);
373 statbuf
= (struct stat
) {
375 .st_mode
= exp
->st_mode
,
377 .st_uid
= exp
->st_uid
,
378 .st_gid
= exp
->st_gid
,
380 .st_blksize
= blk_bs(exp
->common
.blk
)->bl
.request_alignment
,
381 .st_blocks
= allocated_blocks
,
387 fuse_reply_attr(req
, &statbuf
, 1.);
390 static int fuse_do_truncate(const FuseExport
*exp
, int64_t size
,
391 bool req_zero_write
, PreallocMode prealloc
)
393 uint64_t blk_perm
, blk_shared_perm
;
394 BdrvRequestFlags truncate_flags
= 0;
397 if (req_zero_write
) {
398 truncate_flags
|= BDRV_REQ_ZERO_WRITE
;
401 /* Growable exports have a permanent RESIZE permission */
402 if (!exp
->growable
) {
403 blk_get_perm(exp
->common
.blk
, &blk_perm
, &blk_shared_perm
);
405 ret
= blk_set_perm(exp
->common
.blk
, blk_perm
| BLK_PERM_RESIZE
,
406 blk_shared_perm
, NULL
);
412 ret
= blk_truncate(exp
->common
.blk
, size
, true, prealloc
,
413 truncate_flags
, NULL
);
415 if (!exp
->growable
) {
416 /* Must succeed, because we are only giving up the RESIZE permission */
417 blk_set_perm(exp
->common
.blk
, blk_perm
, blk_shared_perm
, &error_abort
);
424 * Let clients set file attributes. Only resizing and changing
425 * permissions (st_mode, st_uid, st_gid) is allowed.
426 * Changing permissions is only allowed as far as it will actually
427 * permit access: Read-only exports cannot be given +w, and exports
428 * without allow_other cannot be given a different UID or GID, and
429 * they cannot be given non-owner access.
431 static void fuse_setattr(fuse_req_t req
, fuse_ino_t inode
, struct stat
*statbuf
,
432 int to_set
, struct fuse_file_info
*fi
)
434 FuseExport
*exp
= fuse_req_userdata(req
);
438 supported_attrs
= FUSE_SET_ATTR_SIZE
| FUSE_SET_ATTR_MODE
;
439 if (exp
->allow_other
) {
440 supported_attrs
|= FUSE_SET_ATTR_UID
| FUSE_SET_ATTR_GID
;
443 if (to_set
& ~supported_attrs
) {
444 fuse_reply_err(req
, ENOTSUP
);
448 /* Do some argument checks first before committing to anything */
449 if (to_set
& FUSE_SET_ATTR_MODE
) {
451 * Without allow_other, non-owners can never access the export, so do
452 * not allow setting permissions for them
454 if (!exp
->allow_other
&&
455 (statbuf
->st_mode
& (S_IRWXG
| S_IRWXO
)) != 0)
457 fuse_reply_err(req
, EPERM
);
461 /* +w for read-only exports makes no sense, disallow it */
462 if (!exp
->writable
&&
463 (statbuf
->st_mode
& (S_IWUSR
| S_IWGRP
| S_IWOTH
)) != 0)
465 fuse_reply_err(req
, EROFS
);
470 if (to_set
& FUSE_SET_ATTR_SIZE
) {
471 if (!exp
->writable
) {
472 fuse_reply_err(req
, EACCES
);
476 ret
= fuse_do_truncate(exp
, statbuf
->st_size
, true, PREALLOC_MODE_OFF
);
478 fuse_reply_err(req
, -ret
);
483 if (to_set
& FUSE_SET_ATTR_MODE
) {
484 /* Ignore FUSE-supplied file type, only change the mode */
485 exp
->st_mode
= (statbuf
->st_mode
& 07777) | S_IFREG
;
488 if (to_set
& FUSE_SET_ATTR_UID
) {
489 exp
->st_uid
= statbuf
->st_uid
;
492 if (to_set
& FUSE_SET_ATTR_GID
) {
493 exp
->st_gid
= statbuf
->st_gid
;
496 fuse_getattr(req
, inode
, fi
);
500 * Let clients open a file (i.e., the exported image).
502 static void fuse_open(fuse_req_t req
, fuse_ino_t inode
,
503 struct fuse_file_info
*fi
)
505 fuse_reply_open(req
, fi
);
509 * Handle client reads from the exported image.
511 static void fuse_read(fuse_req_t req
, fuse_ino_t inode
,
512 size_t size
, off_t offset
, struct fuse_file_info
*fi
)
514 FuseExport
*exp
= fuse_req_userdata(req
);
519 /* Limited by max_read, should not happen */
520 if (size
> FUSE_MAX_BOUNCE_BYTES
) {
521 fuse_reply_err(req
, EINVAL
);
526 * Clients will expect short reads at EOF, so we have to limit
527 * offset+size to the image length.
529 length
= blk_getlength(exp
->common
.blk
);
531 fuse_reply_err(req
, -length
);
535 if (offset
+ size
> length
) {
536 size
= length
- offset
;
539 buf
= qemu_try_blockalign(blk_bs(exp
->common
.blk
), size
);
541 fuse_reply_err(req
, ENOMEM
);
545 ret
= blk_pread(exp
->common
.blk
, offset
, buf
, size
);
547 fuse_reply_buf(req
, buf
, size
);
549 fuse_reply_err(req
, -ret
);
556 * Handle client writes to the exported image.
558 static void fuse_write(fuse_req_t req
, fuse_ino_t inode
, const char *buf
,
559 size_t size
, off_t offset
, struct fuse_file_info
*fi
)
561 FuseExport
*exp
= fuse_req_userdata(req
);
565 /* Limited by max_write, should not happen */
566 if (size
> BDRV_REQUEST_MAX_BYTES
) {
567 fuse_reply_err(req
, EINVAL
);
571 if (!exp
->writable
) {
572 fuse_reply_err(req
, EACCES
);
577 * Clients will expect short writes at EOF, so we have to limit
578 * offset+size to the image length.
580 length
= blk_getlength(exp
->common
.blk
);
582 fuse_reply_err(req
, -length
);
586 if (offset
+ size
> length
) {
588 ret
= fuse_do_truncate(exp
, offset
+ size
, true, PREALLOC_MODE_OFF
);
590 fuse_reply_err(req
, -ret
);
594 size
= length
- offset
;
598 ret
= blk_pwrite(exp
->common
.blk
, offset
, buf
, size
, 0);
600 fuse_reply_write(req
, size
);
602 fuse_reply_err(req
, -ret
);
607 * Let clients perform various fallocate() operations.
609 static void fuse_fallocate(fuse_req_t req
, fuse_ino_t inode
, int mode
,
610 off_t offset
, off_t length
,
611 struct fuse_file_info
*fi
)
613 FuseExport
*exp
= fuse_req_userdata(req
);
617 if (!exp
->writable
) {
618 fuse_reply_err(req
, EACCES
);
622 blk_len
= blk_getlength(exp
->common
.blk
);
624 fuse_reply_err(req
, -blk_len
);
628 if (mode
& FALLOC_FL_KEEP_SIZE
) {
629 length
= MIN(length
, blk_len
- offset
);
632 if (mode
& FALLOC_FL_PUNCH_HOLE
) {
633 if (!(mode
& FALLOC_FL_KEEP_SIZE
)) {
634 fuse_reply_err(req
, EINVAL
);
639 int size
= MIN(length
, BDRV_REQUEST_MAX_BYTES
);
641 ret
= blk_pdiscard(exp
->common
.blk
, offset
, size
);
644 } while (ret
== 0 && length
> 0);
646 #ifdef CONFIG_FALLOCATE_ZERO_RANGE
647 else if (mode
& FALLOC_FL_ZERO_RANGE
) {
648 if (!(mode
& FALLOC_FL_KEEP_SIZE
) && offset
+ length
> blk_len
) {
649 /* No need for zeroes, we are going to write them ourselves */
650 ret
= fuse_do_truncate(exp
, offset
+ length
, false,
653 fuse_reply_err(req
, -ret
);
659 int size
= MIN(length
, BDRV_REQUEST_MAX_BYTES
);
661 ret
= blk_pwrite_zeroes(exp
->common
.blk
,
665 } while (ret
== 0 && length
> 0);
667 #endif /* CONFIG_FALLOCATE_ZERO_RANGE */
669 /* We can only fallocate at the EOF with a truncate */
670 if (offset
< blk_len
) {
671 fuse_reply_err(req
, EOPNOTSUPP
);
675 if (offset
> blk_len
) {
676 /* No preallocation needed here */
677 ret
= fuse_do_truncate(exp
, offset
, true, PREALLOC_MODE_OFF
);
679 fuse_reply_err(req
, -ret
);
684 ret
= fuse_do_truncate(exp
, offset
+ length
, true,
685 PREALLOC_MODE_FALLOC
);
690 fuse_reply_err(req
, ret
< 0 ? -ret
: 0);
694 * Let clients fsync the exported image.
696 static void fuse_fsync(fuse_req_t req
, fuse_ino_t inode
, int datasync
,
697 struct fuse_file_info
*fi
)
699 FuseExport
*exp
= fuse_req_userdata(req
);
702 ret
= blk_flush(exp
->common
.blk
);
703 fuse_reply_err(req
, ret
< 0 ? -ret
: 0);
707 * Called before an FD to the exported image is closed. (libfuse
708 * notes this to be a way to return last-minute errors.)
710 static void fuse_flush(fuse_req_t req
, fuse_ino_t inode
,
711 struct fuse_file_info
*fi
)
713 fuse_fsync(req
, inode
, 1, fi
);
716 #ifdef CONFIG_FUSE_LSEEK
718 * Let clients inquire allocation status.
720 static void fuse_lseek(fuse_req_t req
, fuse_ino_t inode
, off_t offset
,
721 int whence
, struct fuse_file_info
*fi
)
723 FuseExport
*exp
= fuse_req_userdata(req
);
725 if (whence
!= SEEK_HOLE
&& whence
!= SEEK_DATA
) {
726 fuse_reply_err(req
, EINVAL
);
734 ret
= bdrv_block_status_above(blk_bs(exp
->common
.blk
), NULL
,
735 offset
, INT64_MAX
, &pnum
, NULL
, NULL
);
737 fuse_reply_err(req
, -ret
);
741 if (!pnum
&& (ret
& BDRV_BLOCK_EOF
)) {
745 * If blk_getlength() rounds (e.g. by sectors), then the
746 * export length will be rounded, too. However,
747 * bdrv_block_status_above() may return EOF at unaligned
748 * offsets. We must not let this become visible and thus
749 * always simulate a hole between @offset (the real EOF)
750 * and @blk_len (the client-visible EOF).
753 blk_len
= blk_getlength(exp
->common
.blk
);
755 fuse_reply_err(req
, -blk_len
);
759 if (offset
> blk_len
|| whence
== SEEK_DATA
) {
760 fuse_reply_err(req
, ENXIO
);
762 fuse_reply_lseek(req
, offset
);
767 if (ret
& BDRV_BLOCK_DATA
) {
768 if (whence
== SEEK_DATA
) {
769 fuse_reply_lseek(req
, offset
);
773 if (whence
== SEEK_HOLE
) {
774 fuse_reply_lseek(req
, offset
);
779 /* Safety check against infinite loops */
781 fuse_reply_err(req
, ENXIO
);
790 static const struct fuse_lowlevel_ops fuse_ops
= {
792 .lookup
= fuse_lookup
,
793 .getattr
= fuse_getattr
,
794 .setattr
= fuse_setattr
,
798 .fallocate
= fuse_fallocate
,
801 #ifdef CONFIG_FUSE_LSEEK
806 const BlockExportDriver blk_exp_fuse
= {
807 .type
= BLOCK_EXPORT_TYPE_FUSE
,
808 .instance_size
= sizeof(FuseExport
),
809 .create
= fuse_export_create
,
810 .delete = fuse_export_delete
,
811 .request_shutdown
= fuse_export_shutdown
,