1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2019 The FreeBSD Foundation 5 * 6 * This software was developed by BFF Storage Systems, LLC under sponsorship 7 * from the FreeBSD Foundation. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31 extern "C" { 32 #include <sys/param.h> 33 #include <sys/mman.h> 34 #include <sys/module.h> 35 #include <sys/sysctl.h> 36 #include <sys/wait.h> 37 38 #include <dirent.h> 39 #include <fcntl.h> 40 #include <grp.h> 41 #include <pwd.h> 42 #include <semaphore.h> 43 #include <unistd.h> 44 } 45 46 #include <gtest/gtest.h> 47 48 #include "mockfs.hh" 49 #include "utils.hh" 50 51 using namespace testing; 52 53 /* 54 * The default max_write is set to this formula in libfuse, though 55 * individual filesystems can lower it. The "- 4096" was added in 56 * commit 154ffe2, with the commit message "fix". 57 */ 58 const uint32_t libfuse_max_write = 32 * getpagesize() + 0x1000 - 4096; 59 60 /* 61 * Set the default max_write to a distinct value from MAXPHYS to catch bugs 62 * that confuse the two. 63 */ 64 const uint32_t default_max_write = MIN(libfuse_max_write, MAXPHYS / 2); 65 66 67 /* Check that fusefs(4) is accessible and the current user can mount(2) */ 68 void check_environment() 69 { 70 const char *devnode = "/dev/fuse"; 71 const char *usermount_node = "vfs.usermount"; 72 int usermount_val = 0; 73 size_t usermount_size = sizeof(usermount_val); 74 if (eaccess(devnode, R_OK | W_OK)) { 75 if (errno == ENOENT) { 76 GTEST_SKIP() << devnode << " does not exist"; 77 } else if (errno == EACCES) { 78 GTEST_SKIP() << devnode << 79 " is not accessible by the current user"; 80 } else { 81 GTEST_SKIP() << strerror(errno); 82 } 83 } 84 sysctlbyname(usermount_node, &usermount_val, &usermount_size, 85 NULL, 0); 86 if (geteuid() != 0 && !usermount_val) 87 GTEST_SKIP() << "current user is not allowed to mount"; 88 } 89 90 class FuseEnv: public Environment { 91 virtual void SetUp() { 92 } 93 }; 94 95 void FuseTest::SetUp() { 96 const char *maxbcachebuf_node = "vfs.maxbcachebuf"; 97 const char *maxphys_node = "kern.maxphys"; 98 int val = 0; 99 size_t size = sizeof(val); 100 101 /* 102 * XXX check_environment should be called from FuseEnv::SetUp, but 103 * can't due to https://github.com/google/googletest/issues/2189 104 */ 105 check_environment(); 106 if (IsSkipped()) 107 return; 108 109 ASSERT_EQ(0, sysctlbyname(maxbcachebuf_node, &val, &size, NULL, 0)) 110 << strerror(errno); 111 m_maxbcachebuf = val; 112 ASSERT_EQ(0, sysctlbyname(maxphys_node, &val, &size, NULL, 0)) 113 << strerror(errno); 114 m_maxphys = val; 115 116 try { 117 m_mock = new MockFS(m_maxreadahead, m_allow_other, 118 m_default_permissions, m_push_symlinks_in, m_ro, 119 m_pm, m_init_flags, m_kernel_minor_version, 120 m_maxwrite, m_async, m_noclusterr, m_time_gran, 121 m_nointr); 122 /* 123 * FUSE_ACCESS is called almost universally. Expecting it in 124 * each test case would be super-annoying. Instead, set a 125 * default expectation for FUSE_ACCESS and return ENOSYS. 126 * 127 * Individual test cases can override this expectation since 128 * googlemock evaluates expectations in LIFO order. 129 */ 130 EXPECT_CALL(*m_mock, process( 131 ResultOf([=](auto in) { 132 return (in.header.opcode == FUSE_ACCESS); 133 }, Eq(true)), 134 _) 135 ).Times(AnyNumber()) 136 .WillRepeatedly(Invoke(ReturnErrno(ENOSYS))); 137 /* 138 * FUSE_BMAP is called for most test cases that read data. Set 139 * a default expectation and return ENOSYS. 140 * 141 * Individual test cases can override this expectation since 142 * googlemock evaluates expectations in LIFO order. 143 */ 144 EXPECT_CALL(*m_mock, process( 145 ResultOf([=](auto in) { 146 return (in.header.opcode == FUSE_BMAP); 147 }, Eq(true)), 148 _) 149 ).Times(AnyNumber()) 150 .WillRepeatedly(Invoke(ReturnErrno(ENOSYS))); 151 } catch (std::system_error err) { 152 FAIL() << err.what(); 153 } 154 } 155 156 void 157 FuseTest::expect_access(uint64_t ino, mode_t access_mode, int error) 158 { 159 EXPECT_CALL(*m_mock, process( 160 ResultOf([=](auto in) { 161 return (in.header.opcode == FUSE_ACCESS && 162 in.header.nodeid == ino && 163 in.body.access.mask == access_mode); 164 }, Eq(true)), 165 _) 166 ).WillOnce(Invoke(ReturnErrno(error))); 167 } 168 169 void 170 FuseTest::expect_destroy(int error) 171 { 172 EXPECT_CALL(*m_mock, process( 173 ResultOf([=](auto in) { 174 return (in.header.opcode == FUSE_DESTROY); 175 }, Eq(true)), 176 _) 177 ).WillOnce(Invoke( ReturnImmediate([&](auto in, auto& out) { 178 m_mock->m_quit = true; 179 out.header.len = sizeof(out.header); 180 out.header.unique = in.header.unique; 181 out.header.error = -error; 182 }))); 183 } 184 185 void 186 FuseTest::expect_flush(uint64_t ino, int times, ProcessMockerT r) 187 { 188 EXPECT_CALL(*m_mock, process( 189 ResultOf([=](auto in) { 190 return (in.header.opcode == FUSE_FLUSH && 191 in.header.nodeid == ino); 192 }, Eq(true)), 193 _) 194 ).Times(times) 195 .WillRepeatedly(Invoke(r)); 196 } 197 198 void 199 FuseTest::expect_forget(uint64_t ino, uint64_t nlookup, sem_t *sem) 200 { 201 EXPECT_CALL(*m_mock, process( 202 ResultOf([=](auto in) { 203 return (in.header.opcode == FUSE_FORGET && 204 in.header.nodeid == ino && 205 in.body.forget.nlookup == nlookup); 206 }, Eq(true)), 207 _) 208 ).WillOnce(Invoke([=](auto in __unused, auto &out __unused) { 209 if (sem != NULL) 210 sem_post(sem); 211 /* FUSE_FORGET has no response! */ 212 })); 213 } 214 215 void FuseTest::expect_getattr(uint64_t ino, uint64_t size) 216 { 217 EXPECT_CALL(*m_mock, process( 218 ResultOf([=](auto in) { 219 return (in.header.opcode == FUSE_GETATTR && 220 in.header.nodeid == ino); 221 }, Eq(true)), 222 _) 223 ).WillOnce(Invoke(ReturnImmediate([=](auto i __unused, auto& out) { 224 SET_OUT_HEADER_LEN(out, attr); 225 out.body.attr.attr.ino = ino; // Must match nodeid 226 out.body.attr.attr.mode = S_IFREG | 0644; 227 out.body.attr.attr.size = size; 228 out.body.attr.attr_valid = UINT64_MAX; 229 }))); 230 } 231 232 void FuseTest::expect_lookup(const char *relpath, uint64_t ino, mode_t mode, 233 uint64_t size, int times, uint64_t attr_valid, uid_t uid, gid_t gid) 234 { 235 EXPECT_LOOKUP(FUSE_ROOT_ID, relpath) 236 .Times(times) 237 .WillRepeatedly(Invoke( 238 ReturnImmediate([=](auto in __unused, auto& out) { 239 SET_OUT_HEADER_LEN(out, entry); 240 out.body.entry.attr.mode = mode; 241 out.body.entry.nodeid = ino; 242 out.body.entry.attr.nlink = 1; 243 out.body.entry.attr_valid = attr_valid; 244 out.body.entry.attr.size = size; 245 out.body.entry.attr.uid = uid; 246 out.body.entry.attr.gid = gid; 247 }))); 248 } 249 250 void FuseTest::expect_lookup_7_8(const char *relpath, uint64_t ino, mode_t mode, 251 uint64_t size, int times, uint64_t attr_valid, uid_t uid, gid_t gid) 252 { 253 EXPECT_LOOKUP(FUSE_ROOT_ID, relpath) 254 .Times(times) 255 .WillRepeatedly(Invoke( 256 ReturnImmediate([=](auto in __unused, auto& out) { 257 SET_OUT_HEADER_LEN(out, entry_7_8); 258 out.body.entry.attr.mode = mode; 259 out.body.entry.nodeid = ino; 260 out.body.entry.attr.nlink = 1; 261 out.body.entry.attr_valid = attr_valid; 262 out.body.entry.attr.size = size; 263 out.body.entry.attr.uid = uid; 264 out.body.entry.attr.gid = gid; 265 }))); 266 } 267 268 void FuseTest::expect_open(uint64_t ino, uint32_t flags, int times) 269 { 270 EXPECT_CALL(*m_mock, process( 271 ResultOf([=](auto in) { 272 return (in.header.opcode == FUSE_OPEN && 273 in.header.nodeid == ino); 274 }, Eq(true)), 275 _) 276 ).Times(times) 277 .WillRepeatedly(Invoke( 278 ReturnImmediate([=](auto in __unused, auto& out) { 279 out.header.len = sizeof(out.header); 280 SET_OUT_HEADER_LEN(out, open); 281 out.body.open.fh = FH; 282 out.body.open.open_flags = flags; 283 }))); 284 } 285 286 void FuseTest::expect_opendir(uint64_t ino) 287 { 288 /* opendir(3) calls fstatfs */ 289 EXPECT_CALL(*m_mock, process( 290 ResultOf([](auto in) { 291 return (in.header.opcode == FUSE_STATFS); 292 }, Eq(true)), 293 _) 294 ).WillRepeatedly(Invoke( 295 ReturnImmediate([=](auto i __unused, auto& out) { 296 SET_OUT_HEADER_LEN(out, statfs); 297 }))); 298 299 EXPECT_CALL(*m_mock, process( 300 ResultOf([=](auto in) { 301 return (in.header.opcode == FUSE_OPENDIR && 302 in.header.nodeid == ino); 303 }, Eq(true)), 304 _) 305 ).WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto& out) { 306 out.header.len = sizeof(out.header); 307 SET_OUT_HEADER_LEN(out, open); 308 out.body.open.fh = FH; 309 }))); 310 } 311 312 void FuseTest::expect_read(uint64_t ino, uint64_t offset, uint64_t isize, 313 uint64_t osize, const void *contents, int flags) 314 { 315 EXPECT_CALL(*m_mock, process( 316 ResultOf([=](auto in) { 317 return (in.header.opcode == FUSE_READ && 318 in.header.nodeid == ino && 319 in.body.read.fh == FH && 320 in.body.read.offset == offset && 321 in.body.read.size == isize && 322 flags == -1 ? 323 (in.body.read.flags == O_RDONLY || 324 in.body.read.flags == O_RDWR) 325 : in.body.read.flags == (uint32_t)flags); 326 }, Eq(true)), 327 _) 328 ).WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto& out) { 329 out.header.len = sizeof(struct fuse_out_header) + osize; 330 memmove(out.body.bytes, contents, osize); 331 }))).RetiresOnSaturation(); 332 } 333 334 void FuseTest::expect_readdir(uint64_t ino, uint64_t off, 335 std::vector<struct dirent> &ents) 336 { 337 EXPECT_CALL(*m_mock, process( 338 ResultOf([=](auto in) { 339 return (in.header.opcode == FUSE_READDIR && 340 in.header.nodeid == ino && 341 in.body.readdir.fh == FH && 342 in.body.readdir.offset == off); 343 }, Eq(true)), 344 _) 345 ).WillRepeatedly(Invoke(ReturnImmediate([=](auto in, auto& out) { 346 struct fuse_dirent *fde = (struct fuse_dirent*)&(out.body); 347 int i = 0; 348 349 out.header.error = 0; 350 out.header.len = 0; 351 352 for (const auto& it: ents) { 353 size_t entlen, entsize; 354 355 fde->ino = it.d_fileno; 356 fde->off = it.d_off; 357 fde->type = it.d_type; 358 fde->namelen = it.d_namlen; 359 strncpy(fde->name, it.d_name, it.d_namlen); 360 entlen = FUSE_NAME_OFFSET + fde->namelen; 361 entsize = FUSE_DIRENT_SIZE(fde); 362 /* 363 * The FUSE protocol does not require zeroing out the 364 * unused portion of the name. But it's a good 365 * practice to prevent information disclosure to the 366 * FUSE client, even though the client is usually the 367 * kernel 368 */ 369 memset(fde->name + fde->namelen, 0, entsize - entlen); 370 if (out.header.len + entsize > in.body.read.size) { 371 printf("Overflow in readdir expectation: i=%d\n" 372 , i); 373 break; 374 } 375 out.header.len += entsize; 376 fde = (struct fuse_dirent*) 377 ((intmax_t*)fde + entsize / sizeof(intmax_t)); 378 i++; 379 } 380 out.header.len += sizeof(out.header); 381 }))); 382 383 } 384 void FuseTest::expect_release(uint64_t ino, uint64_t fh) 385 { 386 EXPECT_CALL(*m_mock, process( 387 ResultOf([=](auto in) { 388 return (in.header.opcode == FUSE_RELEASE && 389 in.header.nodeid == ino && 390 in.body.release.fh == fh); 391 }, Eq(true)), 392 _) 393 ).WillOnce(Invoke(ReturnErrno(0))); 394 } 395 396 void FuseTest::expect_releasedir(uint64_t ino, ProcessMockerT r) 397 { 398 EXPECT_CALL(*m_mock, process( 399 ResultOf([=](auto in) { 400 return (in.header.opcode == FUSE_RELEASEDIR && 401 in.header.nodeid == ino && 402 in.body.release.fh == FH); 403 }, Eq(true)), 404 _) 405 ).WillOnce(Invoke(r)); 406 } 407 408 void FuseTest::expect_unlink(uint64_t parent, const char *path, int error) 409 { 410 EXPECT_CALL(*m_mock, process( 411 ResultOf([=](auto in) { 412 return (in.header.opcode == FUSE_UNLINK && 413 0 == strcmp(path, in.body.unlink) && 414 in.header.nodeid == parent); 415 }, Eq(true)), 416 _) 417 ).WillOnce(Invoke(ReturnErrno(error))); 418 } 419 420 void FuseTest::expect_write(uint64_t ino, uint64_t offset, uint64_t isize, 421 uint64_t osize, uint32_t flags_set, uint32_t flags_unset, 422 const void *contents) 423 { 424 EXPECT_CALL(*m_mock, process( 425 ResultOf([=](auto in) { 426 const char *buf = (const char*)in.body.bytes + 427 sizeof(struct fuse_write_in); 428 bool pid_ok; 429 uint32_t wf = in.body.write.write_flags; 430 431 if (wf & FUSE_WRITE_CACHE) 432 pid_ok = true; 433 else 434 pid_ok = (pid_t)in.header.pid == getpid(); 435 436 return (in.header.opcode == FUSE_WRITE && 437 in.header.nodeid == ino && 438 in.body.write.fh == FH && 439 in.body.write.offset == offset && 440 in.body.write.size == isize && 441 pid_ok && 442 (wf & flags_set) == flags_set && 443 (wf & flags_unset) == 0 && 444 (in.body.write.flags == O_WRONLY || 445 in.body.write.flags == O_RDWR) && 446 0 == bcmp(buf, contents, isize)); 447 }, Eq(true)), 448 _) 449 ).WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto& out) { 450 SET_OUT_HEADER_LEN(out, write); 451 out.body.write.size = osize; 452 }))); 453 } 454 455 void FuseTest::expect_write_7_8(uint64_t ino, uint64_t offset, uint64_t isize, 456 uint64_t osize, const void *contents) 457 { 458 EXPECT_CALL(*m_mock, process( 459 ResultOf([=](auto in) { 460 const char *buf = (const char*)in.body.bytes + 461 FUSE_COMPAT_WRITE_IN_SIZE; 462 bool pid_ok = (pid_t)in.header.pid == getpid(); 463 return (in.header.opcode == FUSE_WRITE && 464 in.header.nodeid == ino && 465 in.body.write.fh == FH && 466 in.body.write.offset == offset && 467 in.body.write.size == isize && 468 pid_ok && 469 0 == bcmp(buf, contents, isize)); 470 }, Eq(true)), 471 _) 472 ).WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto& out) { 473 SET_OUT_HEADER_LEN(out, write); 474 out.body.write.size = osize; 475 }))); 476 } 477 478 void 479 get_unprivileged_id(uid_t *uid, gid_t *gid) 480 { 481 struct passwd *pw; 482 struct group *gr; 483 484 /* 485 * First try "tests", Kyua's default unprivileged user. XXX after 486 * GoogleTest gains a proper Kyua wrapper, get this with the Kyua API 487 */ 488 pw = getpwnam("tests"); 489 if (pw == NULL) { 490 /* Fall back to "nobody" */ 491 pw = getpwnam("nobody"); 492 } 493 if (pw == NULL) 494 GTEST_SKIP() << "Test requires an unprivileged user"; 495 /* Use group "nobody", which is Kyua's default unprivileged group */ 496 gr = getgrnam("nobody"); 497 if (gr == NULL) 498 GTEST_SKIP() << "Test requires an unprivileged group"; 499 *uid = pw->pw_uid; 500 *gid = gr->gr_gid; 501 } 502 503 void 504 FuseTest::fork(bool drop_privs, int *child_status, 505 std::function<void()> parent_func, 506 std::function<int()> child_func) 507 { 508 sem_t *sem; 509 int mprot = PROT_READ | PROT_WRITE; 510 int mflags = MAP_ANON | MAP_SHARED; 511 pid_t child; 512 uid_t uid; 513 gid_t gid; 514 515 if (drop_privs) { 516 get_unprivileged_id(&uid, &gid); 517 if (IsSkipped()) 518 return; 519 } 520 521 sem = (sem_t*)mmap(NULL, sizeof(*sem), mprot, mflags, -1, 0); 522 ASSERT_NE(MAP_FAILED, sem) << strerror(errno); 523 ASSERT_EQ(0, sem_init(sem, 1, 0)) << strerror(errno); 524 525 if ((child = ::fork()) == 0) { 526 /* In child */ 527 int err = 0; 528 529 if (sem_wait(sem)) { 530 perror("sem_wait"); 531 err = 1; 532 goto out; 533 } 534 535 if (drop_privs && 0 != setegid(gid)) { 536 perror("setegid"); 537 err = 1; 538 goto out; 539 } 540 if (drop_privs && 0 != setreuid(-1, uid)) { 541 perror("setreuid"); 542 err = 1; 543 goto out; 544 } 545 err = child_func(); 546 547 out: 548 sem_destroy(sem); 549 _exit(err); 550 } else if (child > 0) { 551 /* 552 * In parent. Cleanup must happen here, because it's still 553 * privileged. 554 */ 555 m_mock->m_child_pid = child; 556 ASSERT_NO_FATAL_FAILURE(parent_func()); 557 558 /* Signal the child process to go */ 559 ASSERT_EQ(0, sem_post(sem)) << strerror(errno); 560 561 ASSERT_LE(0, wait(child_status)) << strerror(errno); 562 } else { 563 FAIL() << strerror(errno); 564 } 565 munmap(sem, sizeof(*sem)); 566 return; 567 } 568 569 static void usage(char* progname) { 570 fprintf(stderr, "Usage: %s [-v]\n\t-v increase verbosity\n", progname); 571 exit(2); 572 } 573 574 int main(int argc, char **argv) { 575 int ch; 576 FuseEnv *fuse_env = new FuseEnv; 577 578 InitGoogleTest(&argc, argv); 579 AddGlobalTestEnvironment(fuse_env); 580 581 while ((ch = getopt(argc, argv, "v")) != -1) { 582 switch (ch) { 583 case 'v': 584 verbosity++; 585 break; 586 default: 587 usage(argv[0]); 588 break; 589 } 590 } 591 592 return (RUN_ALL_TESTS()); 593 } 594