-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FUSE BPF: A Stacked Filesystem Extension for FUSE #4949
Conversation
This allows using memory retrieved from dynptrs with helper functions that accept ARG_PTR_TO_MEM. For instance, results from bpf_dynptr_data can be passed along to bpf_strncmp. Signed-off-by: Daniel Rosenberg <drosen@google.com>
bpf_dynptr_slice(_rw) uses a user provided buffer if it can not provide a pointer to a block of contiguous memory. This buffer is unused in the case of local dynptrs, and may be unused in other cases as well. There is no need to require the buffer, as the kfunc can just return NULL if it was needed and not provided. This adds another kfunc annotation, __opt, which combines with __sz and __szk to allow the buffer associated with the size to be NULL. If the buffer is NULL, the verifier does not check that the buffer is of sufficient size. Signed-off-by: Daniel Rosenberg <drosen@google.com>
bpf_dynptr_slice(_rw) no longer requires a buffer for verification. If the buffer is needed, but not present, the function will return NULL. Signed-off-by: Daniel Rosenberg <drosen@google.com>
OverlayFS implements its own function to translate iocb flags into rw flags, so that they can be passed into another vfs call. With commit ce71bfe ("fs: align IOCB_* flags with RWF_* flags") Jens created a 1:1 matching between the iocb flags and rw flags, simplifying the conversion. Reduce the OverlayFS code by making the flag conversion function generic and reusable. Signed-off-by: Alessio Balsini <balsini@android.com>
Adds structures which will be used to inform fuse about what it is being stacked on top of. Once filters are in place, error_in will inform the post filter if the backing call returned an error. Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
These structures will be used to interact between the fuse bpf calls and normal userspace calls Signed-off-by: Daniel Rosenberg <drosen@google.com>
This moves some functions and structs around to make the following patch easier to read. Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
Fuse-bpf provides a short circuit path for Fuse implementations that act as a stacked filesystem. For cases that are directly unchanged, operations are passed directly to the backing filesystem. Small adjustments can be handled by bpf prefilters or postfilters, with the option to fall back to userspace as needed. Fuse implementations may supply backing node information, as well as bpf programs via an optional add on to the lookup structure. This has been split over the next set of patches for readability. Clusters of fuse ops have been split into their own patches, as well as the actual bpf calls and userspace calls for filters. Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com> Signed-off-by: Alessio Balsini <balsini@google.com>
This introduces an alternative method of responding to fuse requests. Lookups supplying a backing fd or bpf will need to call through the ioctl to ensure there can be no attempts to fool priveledged processes into inadvertantly performing other actions. Signed-off-by: Daniel Rosenberg <drosen@google.com>
In the future, we may choose to support these, but it poses some challenges. In order to create a disconnected dentry/inode, we'll need to encode the mountpoint and bpf into the file_handle, which means we'd need a stable representation of them. This also won't hold up to cases where the bpf is not stateless. One possibility is registering bpf programs and mounts in a specific order, so they can be assigned consistent ids we can use in the file_handle. We can defer to the lower filesystem for the lower inode's representation in the file_handle. Signed-off-by: Daniel Rosenberg <drosen@google.com>
This adds backing support for FUSE_ACCESS Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
This adds a backing implementation for mapping, but is not currently hooked into the infrastructure that will call the bpf programs. Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
This adds backing support for FUSE_LSEEK Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
This adds backing support for FUSE_FALLOCATE Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
This adds backing support for FUSE_OPEN, FUSE_OPENDIR, FUSE_CREATE, FUSE_RELEASE, and FUSE_RELEASEDIR Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
This adds backing support for FUSE_MKNOD, FUSE_MKDIR, FUSE_RMDIR, and FUSE_UNLINK Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
Adds backing support for FUSE_READ and FUSE_WRITE This includes adjustments from Amir Goldstein's patch to FUSE Passthrough Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
This adds backing support for FUSE_READDIR Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
This adds backing support for FUSE_FLUSH, FUSE_FSYNC, and FUSE_FSYNCDIR. Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
This adds backing support for FUSE_RENAME and FUSE_RENAME2 Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
This adds backing support for FUSE_GETATTR, FUSE_SETATTR, and FUSE_STATFS Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
This adds backing support for FUSE_COPY_FILE_RANGE Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com>
Fuse bpf goes a bit past the '64' limit here, although in reality, this limit seems to be more like 37. After 37, we start overrunning the safety checks while setting up the trampoline. This simply doubles some of these values. This will have the same issue, as we'll run out of space way before hitting the 128 limit, but for now that unblocks fuse-bpf. Signed-off-by: Daniel Rosenberg <drosen@google.com>
Upstream branch: 49859de |
Upstream branch: 49859de Pull request is NOT updated. Failed to apply https://patchwork.kernel.org/project/netdevbpf/list/?series=740746
conflict:
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=740746 expired. Closing PR. |
Pull request for series with
subject: FUSE BPF: A Stacked Filesystem Extension for FUSE
version: 3
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=740746