2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2019 The FreeBSD Foundation
6 * This software was developed by BFF Storage Systems, LLC under sponsorship
7 * from the FreeBSD Foundation.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include <sys/param.h>
36 #include <sys/module.h>
37 #include <sys/sysctl.h>
44 #include <semaphore.h>
48 #include <gtest/gtest.h>
53 using namespace testing;
56 * The default max_write is set to this formula in libfuse, though
57 * individual filesystems can lower it. The "- 4096" was added in
58 * commit 154ffe2, with the commit message "fix".
60 const uint32_t libfuse_max_write = 32 * getpagesize() + 0x1000 - 4096;
62 /* Check that fusefs(4) is accessible and the current user can mount(2) */
63 void check_environment()
65 const char *devnode = "/dev/fuse";
66 const char *bsdextended_node = "security.mac.bsdextended.enabled";
67 int bsdextended_val = 0;
68 size_t bsdextended_size = sizeof(bsdextended_val);
69 int bsdextended_found;
70 const char *usermount_node = "vfs.usermount";
71 int usermount_val = 0;
72 size_t usermount_size = sizeof(usermount_val);
73 if (eaccess(devnode, R_OK | W_OK)) {
74 if (errno == ENOENT) {
75 GTEST_SKIP() << devnode << " does not exist";
76 } else if (errno == EACCES) {
77 GTEST_SKIP() << devnode <<
78 " is not accessible by the current user";
80 GTEST_SKIP() << strerror(errno);
83 // mac_bsdextended(4), when enabled, generates many more GETATTR
84 // operations. The fusefs tests' expectations don't account for those,
85 // and adding extra code to handle them obfuscates the real purpose of
86 // the tests. Better just to skip the fusefs tests if mac_bsdextended
88 bsdextended_found = sysctlbyname(bsdextended_node, &bsdextended_val,
89 &bsdextended_size, NULL, 0);
90 if (bsdextended_found == 0 && bsdextended_val != 0)
92 "The fusefs tests are incompatible with mac_bsdextended.";
93 ASSERT_EQ(sysctlbyname(usermount_node, &usermount_val, &usermount_size,
96 if (geteuid() != 0 && !usermount_val)
97 GTEST_SKIP() << "current user is not allowed to mount";
100 const char *cache_mode_to_s(enum cache_mode cm) {
105 return "Writethrough";
109 return "WritebackAsync";
115 bool is_unsafe_aio_enabled(void) {
116 const char *node = "vfs.aio.enable_unsafe";
118 size_t size = sizeof(val);
120 if (sysctlbyname(node, &val, &size, NULL, 0)) {
121 perror("sysctlbyname");
127 class FuseEnv: public Environment {
128 virtual void SetUp() {
132 void FuseTest::SetUp() {
133 const char *maxbcachebuf_node = "vfs.maxbcachebuf";
134 const char *maxphys_node = "kern.maxphys";
136 size_t size = sizeof(val);
139 * XXX check_environment should be called from FuseEnv::SetUp, but
140 * can't due to https://github.com/google/googletest/issues/2189
146 ASSERT_EQ(0, sysctlbyname(maxbcachebuf_node, &val, &size, NULL, 0))
148 m_maxbcachebuf = val;
149 ASSERT_EQ(0, sysctlbyname(maxphys_node, &val, &size, NULL, 0))
153 * Set the default max_write to a distinct value from MAXPHYS to catch
154 * bugs that confuse the two.
157 m_maxwrite = MIN(libfuse_max_write, (uint32_t)m_maxphys / 2);
160 m_mock = new MockFS(m_maxreadahead, m_allow_other,
161 m_default_permissions, m_push_symlinks_in, m_ro,
162 m_pm, m_init_flags, m_kernel_minor_version,
163 m_maxwrite, m_async, m_noclusterr, m_time_gran,
166 * FUSE_ACCESS is called almost universally. Expecting it in
167 * each test case would be super-annoying. Instead, set a
168 * default expectation for FUSE_ACCESS and return ENOSYS.
170 * Individual test cases can override this expectation since
171 * googlemock evaluates expectations in LIFO order.
173 EXPECT_CALL(*m_mock, process(
174 ResultOf([=](auto in) {
175 return (in.header.opcode == FUSE_ACCESS);
179 .WillRepeatedly(Invoke(ReturnErrno(ENOSYS)));
181 * FUSE_BMAP is called for most test cases that read data. Set
182 * a default expectation and return ENOSYS.
184 * Individual test cases can override this expectation since
185 * googlemock evaluates expectations in LIFO order.
187 EXPECT_CALL(*m_mock, process(
188 ResultOf([=](auto in) {
189 return (in.header.opcode == FUSE_BMAP);
193 .WillRepeatedly(Invoke(ReturnErrno(ENOSYS)));
194 } catch (std::system_error err) {
195 FAIL() << err.what();
200 FuseTest::expect_access(uint64_t ino, mode_t access_mode, int error)
202 EXPECT_CALL(*m_mock, process(
203 ResultOf([=](auto in) {
204 return (in.header.opcode == FUSE_ACCESS &&
205 in.header.nodeid == ino &&
206 in.body.access.mask == access_mode);
209 ).WillOnce(Invoke(ReturnErrno(error)));
213 FuseTest::expect_destroy(int error)
215 EXPECT_CALL(*m_mock, process(
216 ResultOf([=](auto in) {
217 return (in.header.opcode == FUSE_DESTROY);
220 ).WillOnce(Invoke( ReturnImmediate([&](auto in, auto& out) {
221 m_mock->m_quit = true;
222 out.header.len = sizeof(out.header);
223 out.header.unique = in.header.unique;
224 out.header.error = -error;
229 FuseTest::expect_flush(uint64_t ino, int times, ProcessMockerT r)
231 EXPECT_CALL(*m_mock, process(
232 ResultOf([=](auto in) {
233 return (in.header.opcode == FUSE_FLUSH &&
234 in.header.nodeid == ino);
238 .WillRepeatedly(Invoke(r));
242 FuseTest::expect_forget(uint64_t ino, uint64_t nlookup, sem_t *sem)
244 EXPECT_CALL(*m_mock, process(
245 ResultOf([=](auto in) {
246 return (in.header.opcode == FUSE_FORGET &&
247 in.header.nodeid == ino &&
248 in.body.forget.nlookup == nlookup);
251 ).WillOnce(Invoke([=](auto in __unused, auto &out __unused) {
254 /* FUSE_FORGET has no response! */
258 void FuseTest::expect_getattr(uint64_t ino, uint64_t size)
260 EXPECT_CALL(*m_mock, process(
261 ResultOf([=](auto in) {
262 return (in.header.opcode == FUSE_GETATTR &&
263 in.header.nodeid == ino);
266 ).WillOnce(Invoke(ReturnImmediate([=](auto i __unused, auto& out) {
267 SET_OUT_HEADER_LEN(out, attr);
268 out.body.attr.attr.ino = ino; // Must match nodeid
269 out.body.attr.attr.mode = S_IFREG | 0644;
270 out.body.attr.attr.size = size;
271 out.body.attr.attr_valid = UINT64_MAX;
275 void FuseTest::expect_getxattr(uint64_t ino, const char *attr, ProcessMockerT r)
277 EXPECT_CALL(*m_mock, process(
278 ResultOf([=](auto in) {
279 const char *a = (const char*)in.body.bytes +
280 sizeof(fuse_getxattr_in);
281 return (in.header.opcode == FUSE_GETXATTR &&
282 in.header.nodeid == ino &&
283 0 == strcmp(attr, a));
286 ).WillOnce(Invoke(r));
289 void FuseTest::expect_lookup(const char *relpath, uint64_t ino, mode_t mode,
290 uint64_t size, int times, uint64_t attr_valid, uid_t uid, gid_t gid)
292 EXPECT_LOOKUP(FUSE_ROOT_ID, relpath)
294 .WillRepeatedly(Invoke(
295 ReturnImmediate([=](auto in __unused, auto& out) {
296 SET_OUT_HEADER_LEN(out, entry);
297 out.body.entry.attr.mode = mode;
298 out.body.entry.nodeid = ino;
299 out.body.entry.attr.nlink = 1;
300 out.body.entry.attr_valid = attr_valid;
301 out.body.entry.attr.size = size;
302 out.body.entry.attr.uid = uid;
303 out.body.entry.attr.gid = gid;
307 void FuseTest::expect_lookup_7_8(const char *relpath, uint64_t ino, mode_t mode,
308 uint64_t size, int times, uint64_t attr_valid, uid_t uid, gid_t gid)
310 EXPECT_LOOKUP(FUSE_ROOT_ID, relpath)
312 .WillRepeatedly(Invoke(
313 ReturnImmediate([=](auto in __unused, auto& out) {
314 SET_OUT_HEADER_LEN(out, entry_7_8);
315 out.body.entry.attr.mode = mode;
316 out.body.entry.nodeid = ino;
317 out.body.entry.attr.nlink = 1;
318 out.body.entry.attr_valid = attr_valid;
319 out.body.entry.attr.size = size;
320 out.body.entry.attr.uid = uid;
321 out.body.entry.attr.gid = gid;
325 void FuseTest::expect_open(uint64_t ino, uint32_t flags, int times)
327 EXPECT_CALL(*m_mock, process(
328 ResultOf([=](auto in) {
329 return (in.header.opcode == FUSE_OPEN &&
330 in.header.nodeid == ino);
334 .WillRepeatedly(Invoke(
335 ReturnImmediate([=](auto in __unused, auto& out) {
336 out.header.len = sizeof(out.header);
337 SET_OUT_HEADER_LEN(out, open);
338 out.body.open.fh = FH;
339 out.body.open.open_flags = flags;
343 void FuseTest::expect_opendir(uint64_t ino)
345 /* opendir(3) calls fstatfs */
346 EXPECT_CALL(*m_mock, process(
347 ResultOf([](auto in) {
348 return (in.header.opcode == FUSE_STATFS);
351 ).WillRepeatedly(Invoke(
352 ReturnImmediate([=](auto i __unused, auto& out) {
353 SET_OUT_HEADER_LEN(out, statfs);
356 EXPECT_CALL(*m_mock, process(
357 ResultOf([=](auto in) {
358 return (in.header.opcode == FUSE_OPENDIR &&
359 in.header.nodeid == ino);
362 ).WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto& out) {
363 out.header.len = sizeof(out.header);
364 SET_OUT_HEADER_LEN(out, open);
365 out.body.open.fh = FH;
369 void FuseTest::expect_read(uint64_t ino, uint64_t offset, uint64_t isize,
370 uint64_t osize, const void *contents, int flags)
372 EXPECT_CALL(*m_mock, process(
373 ResultOf([=](auto in) {
374 return (in.header.opcode == FUSE_READ &&
375 in.header.nodeid == ino &&
376 in.body.read.fh == FH &&
377 in.body.read.offset == offset &&
378 in.body.read.size == isize &&
380 (in.body.read.flags == O_RDONLY ||
381 in.body.read.flags == O_RDWR)
382 : in.body.read.flags == (uint32_t)flags));
385 ).WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto& out) {
386 out.header.len = sizeof(struct fuse_out_header) + osize;
387 memmove(out.body.bytes, contents, osize);
388 }))).RetiresOnSaturation();
391 void FuseTest::expect_readdir(uint64_t ino, uint64_t off,
392 std::vector<struct dirent> &ents)
394 EXPECT_CALL(*m_mock, process(
395 ResultOf([=](auto in) {
396 return (in.header.opcode == FUSE_READDIR &&
397 in.header.nodeid == ino &&
398 in.body.readdir.fh == FH &&
399 in.body.readdir.offset == off);
402 ).WillRepeatedly(Invoke(ReturnImmediate([=](auto in, auto& out) {
403 struct fuse_dirent *fde = (struct fuse_dirent*)&(out.body);
406 out.header.error = 0;
409 for (const auto& it: ents) {
410 size_t entlen, entsize;
412 fde->ino = it.d_fileno;
414 fde->type = it.d_type;
415 fde->namelen = it.d_namlen;
416 strncpy(fde->name, it.d_name, it.d_namlen);
417 entlen = FUSE_NAME_OFFSET + fde->namelen;
418 entsize = FUSE_DIRENT_SIZE(fde);
420 * The FUSE protocol does not require zeroing out the
421 * unused portion of the name. But it's a good
422 * practice to prevent information disclosure to the
423 * FUSE client, even though the client is usually the
426 memset(fde->name + fde->namelen, 0, entsize - entlen);
427 if (out.header.len + entsize > in.body.read.size) {
428 printf("Overflow in readdir expectation: i=%d\n"
432 out.header.len += entsize;
433 fde = (struct fuse_dirent*)
434 ((intmax_t*)fde + entsize / sizeof(intmax_t));
437 out.header.len += sizeof(out.header);
441 void FuseTest::expect_release(uint64_t ino, uint64_t fh)
443 EXPECT_CALL(*m_mock, process(
444 ResultOf([=](auto in) {
445 return (in.header.opcode == FUSE_RELEASE &&
446 in.header.nodeid == ino &&
447 in.body.release.fh == fh);
450 ).WillOnce(Invoke(ReturnErrno(0)));
453 void FuseTest::expect_releasedir(uint64_t ino, ProcessMockerT r)
455 EXPECT_CALL(*m_mock, process(
456 ResultOf([=](auto in) {
457 return (in.header.opcode == FUSE_RELEASEDIR &&
458 in.header.nodeid == ino &&
459 in.body.release.fh == FH);
462 ).WillOnce(Invoke(r));
465 void FuseTest::expect_unlink(uint64_t parent, const char *path, int error)
467 EXPECT_CALL(*m_mock, process(
468 ResultOf([=](auto in) {
469 return (in.header.opcode == FUSE_UNLINK &&
470 0 == strcmp(path, in.body.unlink) &&
471 in.header.nodeid == parent);
474 ).WillOnce(Invoke(ReturnErrno(error)));
477 void FuseTest::expect_write(uint64_t ino, uint64_t offset, uint64_t isize,
478 uint64_t osize, uint32_t flags_set, uint32_t flags_unset,
479 const void *contents)
481 EXPECT_CALL(*m_mock, process(
482 ResultOf([=](auto in) {
483 const char *buf = (const char*)in.body.bytes +
484 sizeof(struct fuse_write_in);
486 uint32_t wf = in.body.write.write_flags;
488 if (wf & FUSE_WRITE_CACHE)
491 pid_ok = (pid_t)in.header.pid == getpid();
493 return (in.header.opcode == FUSE_WRITE &&
494 in.header.nodeid == ino &&
495 in.body.write.fh == FH &&
496 in.body.write.offset == offset &&
497 in.body.write.size == isize &&
499 (wf & flags_set) == flags_set &&
500 (wf & flags_unset) == 0 &&
501 (in.body.write.flags == O_WRONLY ||
502 in.body.write.flags == O_RDWR) &&
503 0 == bcmp(buf, contents, isize));
506 ).WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto& out) {
507 SET_OUT_HEADER_LEN(out, write);
508 out.body.write.size = osize;
512 void FuseTest::expect_write_7_8(uint64_t ino, uint64_t offset, uint64_t isize,
513 uint64_t osize, const void *contents)
515 EXPECT_CALL(*m_mock, process(
516 ResultOf([=](auto in) {
517 const char *buf = (const char*)in.body.bytes +
518 FUSE_COMPAT_WRITE_IN_SIZE;
519 bool pid_ok = (pid_t)in.header.pid == getpid();
520 return (in.header.opcode == FUSE_WRITE &&
521 in.header.nodeid == ino &&
522 in.body.write.fh == FH &&
523 in.body.write.offset == offset &&
524 in.body.write.size == isize &&
526 0 == bcmp(buf, contents, isize));
529 ).WillOnce(Invoke(ReturnImmediate([=](auto in __unused, auto& out) {
530 SET_OUT_HEADER_LEN(out, write);
531 out.body.write.size = osize;
536 get_unprivileged_id(uid_t *uid, gid_t *gid)
542 * First try "tests", Kyua's default unprivileged user. XXX after
543 * GoogleTest gains a proper Kyua wrapper, get this with the Kyua API
545 pw = getpwnam("tests");
547 /* Fall back to "nobody" */
548 pw = getpwnam("nobody");
551 GTEST_SKIP() << "Test requires an unprivileged user";
552 /* Use group "nobody", which is Kyua's default unprivileged group */
553 gr = getgrnam("nobody");
555 GTEST_SKIP() << "Test requires an unprivileged group";
561 FuseTest::fork(bool drop_privs, int *child_status,
562 std::function<void()> parent_func,
563 std::function<int()> child_func)
566 int mprot = PROT_READ | PROT_WRITE;
567 int mflags = MAP_ANON | MAP_SHARED;
573 get_unprivileged_id(&uid, &gid);
578 sem = (sem_t*)mmap(NULL, sizeof(*sem), mprot, mflags, -1, 0);
579 ASSERT_NE(MAP_FAILED, sem) << strerror(errno);
580 ASSERT_EQ(0, sem_init(sem, 1, 0)) << strerror(errno);
582 if ((child = ::fork()) == 0) {
592 if (drop_privs && 0 != setegid(gid)) {
597 if (drop_privs && 0 != setreuid(-1, uid)) {
607 } else if (child > 0) {
609 * In parent. Cleanup must happen here, because it's still
612 m_mock->m_child_pid = child;
613 ASSERT_NO_FATAL_FAILURE(parent_func());
615 /* Signal the child process to go */
616 ASSERT_EQ(0, sem_post(sem)) << strerror(errno);
618 ASSERT_LE(0, wait(child_status)) << strerror(errno);
620 FAIL() << strerror(errno);
622 munmap(sem, sizeof(*sem));
626 static void usage(char* progname) {
627 fprintf(stderr, "Usage: %s [-v]\n\t-v increase verbosity\n", progname);
631 int main(int argc, char **argv) {
633 FuseEnv *fuse_env = new FuseEnv;
635 InitGoogleTest(&argc, argv);
636 AddGlobalTestEnvironment(fuse_env);
638 while ((ch = getopt(argc, argv, "v")) != -1) {
649 return (RUN_ALL_TESTS());